JavaScriptCore-1218.0.1.tar.gz

diff --git a/ChangeLog b/ChangeLog
deleted file mode 100644 (file)
index 799f50a..0000000
--- a/ChangeLog
+++ /dev/null
@@ -1,3565 +0,0 @@
-2013-07-18  Andreas Kling  <akling@apple.com>
-
-        CodeBlock DFG entry list isn't getting shrunk-to-fit after linking.
-        <http://webkit.org/b/118875>
-        <rdar://problem/14488577>
-
-        Reviewed by Geoffrey Garen.
-
-        Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites
-        so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first.
-
-        886 kB progression on <http://twitter.com/awesomekling>
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-
-2013-07-18  Andreas Kling  <akling@apple.com>
-
-        CodeBlock::m_argumentValueProfiles wastes a lot of memory.
-        <http://webkit.org/b/118852>
-        <rdar://problem/14481659>
-
-        Reviewed by Anders Carlsson.
-
-        Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding
-        for growth, since we won't be appending to it anyway.
-
-        921 KB progression on <http://twitter.com/awesomekling>
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::setNumParameters):
-
-2013-07-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove reference to JSValueStructSupport.h from JSExport.h
-        https://bugs.webkit.org/show_bug.cgi?id=118746
-
-        Reviewed by Filip Pizlo.
-
-        * API/JSExport.h: No such header exists, so it doesn't make sense to reference it.
-
-2013-07-17  Lucas Forschler  <lforschler@apple.com>
-
-        Rollout r152600
-
-2013-07-17  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152600
-
-    2013-07-12  Brent Fulgham  <bfulgham@apple.com>
-
-            [Windows] Build correction after r152573/r152577.
-            https://bugs.webkit.org/show_bug.cgi?id=118610
-
-            Reviewed by Oliver Hunt.
-
-            * jit/JITThunks.cpp:
-            (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second
-            argument of the make_pair to be a function pointer.
-
-2013-07-17  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152742
-
-    2013-07-16  Filip Pizlo  <fpizlo@apple.com>
-
-            MakeRope fixup shouldn't lead to an Identity without kids
-            https://bugs.webkit.org/show_bug.cgi?id=118745
-
-            Reviewed by Mark Hahnenberg.
-
-            Make the empty string pruning part of fixupMakeRope() stop if it's on the last child.
-
-            Make Node::convertToIdentity release-assert that it has exactly one kid.
-
-            * dfg/DFGFixupPhase.cpp:
-            (JSC::DFG::FixupPhase::fixupMakeRope):
-            * dfg/DFGNode.h:
-            (JSC::DFG::Node::convertToIdentity):
-
-2013-07-15  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152613
-
-    2013-07-13  Commit Queue  <commit-queue@webkit.org>
-
-            Unreviewed, rolling out r151978.
-            http://trac.webkit.org/changeset/151978
-            https://bugs.webkit.org/show_bug.cgi?id=118651
-
-            Caused regressions at least 3 websites (Requested by rniwa on
-            #webkit).
-
-            * runtime/JSCJSValue.h:
-            * runtime/JSString.h:
-
-2013-07-15  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152577
-
-    2013-07-11  Oliver Hunt  <oliver@apple.com>
-
-            Attempt to fix the windows build.
-
-            * jit/JITThunks.cpp:
-            (JSC::JITThunks::hostFunctionStub):
-            * jit/JITThunks.h:
-
-2013-07-15  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152573
-
-    2013-07-10  Oliver Hunt  <oliver@apple.com>
-
-            NativeExecutable cache needs to use both call and construct functions for key
-            https://bugs.webkit.org/show_bug.cgi?id=118545
-
-            Reviewed by Geoffrey Garen.
-
-            Make the native executable cache make use a key pair so we don't decide to
-            treat all subsequent functions as not being constructors.
-
-            * jit/JITThunks.cpp:
-            (JSC::JITThunks::hostFunctionStub):
-            * jit/JITThunks.h:
-            * runtime/JSBoundFunction.cpp:
-            (JSC::JSBoundFunction::create):
-            * runtime/JSCell.cpp:
-            (JSC::JSCell::getCallData):
-            (JSC::JSCell::getConstructData):
-
-2013-07-09  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152497
-
-    2013-07-09  Mark Lam  <mark.lam@apple.com>
-
-            Gardening to unbreak builds on the Windows bot.
-
-            Not reviewed.
-
-            * parser/ParserTokens.h:
-
-2013-07-09  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152494
-
-    2013-07-09  Mark Lam  <mark.lam@apple.com>
-
-            Fix 30% JSBench regression (caused by adding column numbers to stack traces).
-            https://bugs.webkit.org/show_bug.cgi?id=118481.
-
-            Reviewed by Mark Hahnenberg and Geoffrey Garen.
-
-            Previously, we already capture ExpressionRangeInfo that provides a divot for
-            each bytecode that can potentially throw an exception (and therefore generate
-            a stack trace). On first attempt to compute column numbers, we then do a walk
-            of the source string to record all line start positions in a table associated
-            with the SourceProvider. The column number can then be computed as
-                divot - lineStartFor(bytecodeOffset).
-
-            The computation of this lineStarts table is the source of the 30% JSBench
-            performance regression.
-
-            The new code now records lineStarts as the lexer and parser scans the source
-            code. These lineStarts are then used to compute the column number for the
-            given divot, and stored in the ExpressionRangeInfo. Similarly, we also capture
-            the line number at the divot point and store that in the ExpressionRangeInfo.
-            Hence, to look up line and column numbers, we now lookup the ExpressionRangeInfo
-            for the bytecodeOffset, and then compute the line and column from the values
-            stored in the expression info.
-
-            The strategy:
-            1. We want to minimize perturbations to the lexer and parser. Specifically,
-               the changes added should not change how it scans code, and generate bytecode.
-            2. We regard the divot as the source character position we are interested
-               in. As such, we'll capture line and lineStart (for column) at the point
-               when we capture the divot information. This ensures that the 3 values are
-               consistent.
-
-            How the change is done:
-            1. Change the lexer to track lineStarts.
-            2. Change the parser to capture line and lineStarts at the point of capturing
-               divots.
-            3. Change the parser and associated code to plumb these values all the way to
-               the point that the correspoinding ExpressionRangeInfo is emitted.
-            4. Propagate and record SourceCode firstLine and firstLineColumnOffset to the
-               the necessary places so that we can add them as needed when reifying
-               UnlinkedCodeBlocks into CodeBlocks.
-            5. Compress the line and column number values in the ExpressionRangeInfo. In
-               practice, we seldom have both large line and column numbers. Hence, we can
-               encode both in an uint32_t most of the time. For the times when we encounter
-               both large line and column numbers, we have a fallback to store the "fat"
-               position info.
-            6. Emit an ExpressionRangeInfo for UnaryOp nodes to get more line and column
-               number coverage.
-            7. Change the interpreter to use the new way of computing line and column.
-            8. Delete old line and column computation code that is now unused.
-
-            Misc details:
-            - the old lexer was tracking both a startOffset and charPosition where
-              charPosition equals startOffset - SourceCode.startOffset. We now use
-              startOffset exclusively throughout the system for consistency.
-              All offset values (including lineStart) are relative to the start of the
-              SourceProvider string. These values will only be converted to be relative
-              to the SourceCode.startOffset at the very last minute i.e. when the divot
-              is stored into the ExpressionRangeInfo.
-
-              This change to use the same offset system everywhere reduces confusion
-              from having to convert back and forth between the 2 systems. It also
-              enables a lot of assertions to be used.
-
-            - Also fixed some bugs in the choice of divot positions to use. For example,
-              both Eval and Function expressions previously used column numbers from
-              the start of the expression but used the line number at the end of the
-              expression. This is now fixed to use either the start or end positions
-              as appropriate, but not a mix of line and columns from both.
-
-            - Why use ints instead of unsigneds for offsets and lineStarts inside the
-              lexer and parser?
-              Some tests (e.g. fast/js/call-base-resolution.html and
-              fast/js/eval-cross-window.html) has shown that lineStart offsets can be
-              prior to the SourceCode.startOffset. Keeping the lexer offsets as ints
-              simplifies computations and makes it easier to maintain the assertions
-              that (startOffset >= lineStartOffset).
-
-              However, column and line numbers are always unsigned when we publish
-              them to the ExpressionRangeInfo. The ints are only used inside the
-              lexer and parser ... well, and bytecode generator.
-
-            - For all cases, lineStart is always captured where the divot is captured.
-              However, some sputnik conformance tests have shown that we cannot honor
-              line breaks for assignment statements like the following:
-
-                  eval("x\u000A*=\u000A-1;");
-
-              In this case, the lineStart is expected to be captured at the start of
-              the assignment expression instead of at the divot point in the middle.
-              The assignment expression is the only special case for this.
-
-            This patch has been tested against the full layout tests both with release
-            and debug builds with no regression.
-
-            * API/JSContextRef.cpp:
-            (JSContextCreateBacktrace):
-              - Updated to use the new StackFrame::computeLineAndColumn().
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::CodeBlock):
-              - Added m_firstLineColumnOffset initialization.
-              - Plumbed the firstLineColumnOffset into the SourceCode.
-              - Initialized column for op_debug using the new way.
-            (JSC::CodeBlock::lineNumberForBytecodeOffset):
-              - Changed to compute line number using the ExpressionRangeInfo.
-            (JSC::CodeBlock::columnNumberForBytecodeOffset): Added
-              - Changed to compute column number using the ExpressionRangeInfo.
-            (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-            * bytecode/CodeBlock.h:
-            (JSC::CodeBlock::firstLineColumnOffset):
-            (JSC::GlobalCodeBlock::GlobalCodeBlock):
-              - Plumbed firstLineColumnOffset through to the super class.
-            (JSC::ProgramCodeBlock::ProgramCodeBlock):
-              - Plumbed firstLineColumnOffset through to the super class.
-            (JSC::EvalCodeBlock::EvalCodeBlock):
-              - Plumbed firstLineColumnOffset through to the super class.
-                But for EvalCodeBlocks, the firstLineColumnOffset is always 1
-                because we're starting with a new source string with no start
-                offset.
-            (JSC::FunctionCodeBlock::FunctionCodeBlock):
-              - Plumbed firstLineColumnOffset through to the super class.
-
-            * bytecode/ExpressionRangeInfo.h:
-              - Added modes for encoding line and column into a single 30-bit
-                unsigned. The encoding is in 1 of 3 modes:
-                1. FatLineMode: 22-bit line, 8-bit column
-                2. FatColumnMode: 8-bit line, 22-bit column
-                3. FatLineAndColumnMode: 32-bit line, 32-bit column
-            (JSC::ExpressionRangeInfo::encodeFatLineMode): Added.
-              - Encodes line and column into the 30-bit position using FatLine mode.
-            (JSC::ExpressionRangeInfo::encodeFatColumnMode): Added.
-              - Encodes line and column into the 30-bit position using FatColumn mode.
-            (JSC::ExpressionRangeInfo::decodeFatLineMode): Added.
-              - Decodes the FatLine mode 30-bit position into line and column.
-            (JSC::ExpressionRangeInfo::decodeFatColumnMode): Added.
-              - Decodes the FatColumn mode 30-bit position into line and column.
-
-            * bytecode/UnlinkedCodeBlock.cpp:
-            (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
-              - Plumbed startColumn through.
-            (JSC::UnlinkedFunctionExecutable::link):
-              - Plumbed startColumn through.
-            (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
-              - Computes a line number using the new way.
-            (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
-              - Added decoding of line and column.
-              - Added handling of the case when we do not find a fitting expression
-                range info for a specified bytecodeOffset. This only happens if the
-                bytecodeOffset is below the first expression range info. In that
-                case, we'll use the first expression range info entry.
-            (JSC::UnlinkedCodeBlock::addExpressionInfo):
-              - Added encoding of line and column.
-
-            * bytecode/UnlinkedCodeBlock.h:
-              - Added m_expressionInfoFatPositions in RareData.
-            (JSC::UnlinkedFunctionExecutable::functionStartColumn):
-            (JSC::UnlinkedCodeBlock::shrinkToFit):
-              - Removed obsoleted m_lineInfo.
-            * bytecompiler/BytecodeGenerator.cpp:
-            (JSC::BytecodeGenerator::emitCall): Plumbed line and lineStart through.
-            (JSC::BytecodeGenerator::emitCallEval): Plumbed line and lineStart through.
-            (JSC::BytecodeGenerator::emitCallVarargs): Plumbed line and lineStart through.
-            (JSC::BytecodeGenerator::emitConstruct): Plumbed line and lineStart through.
-            (JSC::BytecodeGenerator::emitDebugHook): Plumbed lineStart through.
-            * bytecompiler/BytecodeGenerator.h:
-            (JSC::BytecodeGenerator::emitNode):
-            (JSC::BytecodeGenerator::emitNodeInConditionContext):
-              - Removed obsoleted m_lineInfo.
-            (JSC::BytecodeGenerator::emitExpressionInfo):
-              - Plumbed line and lineStart through.
-              - Compute the line and column to be added to the expression range info.
-            * bytecompiler/NodesCodegen.cpp:
-            (JSC::ThrowableExpressionData::emitThrowReferenceError):
-            (JSC::ResolveNode::emitBytecode):
-            (JSC::ArrayNode::toArgumentList):
-            (JSC::BracketAccessorNode::emitBytecode):
-            (JSC::DotAccessorNode::emitBytecode):
-            (JSC::NewExprNode::emitBytecode):
-            (JSC::EvalFunctionCallNode::emitBytecode):
-            (JSC::FunctionCallValueNode::emitBytecode):
-            (JSC::FunctionCallResolveNode::emitBytecode):
-            (JSC::FunctionCallBracketNode::emitBytecode):
-            (JSC::FunctionCallDotNode::emitBytecode):
-            (JSC::CallFunctionCallDotNode::emitBytecode):
-            (JSC::ApplyFunctionCallDotNode::emitBytecode):
-            (JSC::PostfixNode::emitResolve):
-            (JSC::PostfixNode::emitBracket):
-            (JSC::PostfixNode::emitDot):
-            (JSC::DeleteResolveNode::emitBytecode):
-            (JSC::DeleteBracketNode::emitBytecode):
-            (JSC::DeleteDotNode::emitBytecode):
-            (JSC::PrefixNode::emitResolve):
-            (JSC::PrefixNode::emitBracket):
-            (JSC::PrefixNode::emitDot):
-              - Plumbed line and lineStart through the above as needed.
-
-            (JSC::UnaryOpNode::emitBytecode):
-              - Added emission of an ExpressionRangeInfo for the UnaryOp node.
-
-            (JSC::BinaryOpNode::emitStrcat):
-            (JSC::ThrowableBinaryOpNode::emitBytecode):
-            (JSC::InstanceOfNode::emitBytecode):
-            (JSC::emitReadModifyAssignment):
-            (JSC::ReadModifyResolveNode::emitBytecode):
-            (JSC::AssignResolveNode::emitBytecode):
-            (JSC::AssignDotNode::emitBytecode):
-            (JSC::ReadModifyDotNode::emitBytecode):
-            (JSC::AssignBracketNode::emitBytecode):
-            (JSC::ReadModifyBracketNode::emitBytecode):
-              - Plumbed line and lineStart through the above as needed.
-
-            (JSC::ConstStatementNode::emitBytecode):
-            (JSC::EmptyStatementNode::emitBytecode):
-            (JSC::DebuggerStatementNode::emitBytecode):
-            (JSC::ExprStatementNode::emitBytecode):
-            (JSC::VarStatementNode::emitBytecode):
-            (JSC::IfElseNode::emitBytecode):
-            (JSC::DoWhileNode::emitBytecode):
-            (JSC::WhileNode::emitBytecode):
-            (JSC::ForNode::emitBytecode):
-            (JSC::ForInNode::emitBytecode):
-            (JSC::ContinueNode::emitBytecode):
-            (JSC::BreakNode::emitBytecode):
-            (JSC::ReturnNode::emitBytecode):
-            (JSC::WithNode::emitBytecode):
-            (JSC::SwitchNode::emitBytecode):
-            (JSC::LabelNode::emitBytecode):
-            (JSC::ThrowNode::emitBytecode):
-            (JSC::TryNode::emitBytecode):
-            (JSC::ProgramNode::emitBytecode):
-            (JSC::EvalNode::emitBytecode):
-            (JSC::FunctionBodyNode::emitBytecode):
-              - Plumbed line and lineStart through the above as needed.
-
-            * interpreter/Interpreter.cpp:
-            (JSC::appendSourceToError):
-              - Added line and column arguments for expressionRangeForBytecodeOffset().
-            (JSC::StackFrame::computeLineAndColumn):
-              - Replaces StackFrame::line() and StackFrame::column().
-            (JSC::StackFrame::expressionInfo):
-              - Added line and column arguments.
-            (JSC::StackFrame::toString):
-              - Changed to use the new StackFrame::computeLineAndColumn().
-            (JSC::Interpreter::getStackTrace):
-              - Added the needed firstLineColumnOffset arg for the StackFrame.
-
-            * interpreter/Interpreter.h:
-            * parser/ASTBuilder.h:
-            (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo):
-            (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo):
-            (JSC::ASTBuilder::createResolve):
-            (JSC::ASTBuilder::createBracketAccess):
-            (JSC::ASTBuilder::createDotAccess):
-            (JSC::ASTBuilder::createRegExp):
-            (JSC::ASTBuilder::createNewExpr):
-            (JSC::ASTBuilder::createAssignResolve):
-            (JSC::ASTBuilder::createFunctionExpr):
-            (JSC::ASTBuilder::createFunctionBody):
-            (JSC::ASTBuilder::createGetterOrSetterProperty):
-            (JSC::ASTBuilder::createFuncDeclStatement):
-            (JSC::ASTBuilder::createBlockStatement):
-            (JSC::ASTBuilder::createExprStatement):
-            (JSC::ASTBuilder::createIfStatement):
-            (JSC::ASTBuilder::createForLoop):
-            (JSC::ASTBuilder::createForInLoop):
-            (JSC::ASTBuilder::createVarStatement):
-            (JSC::ASTBuilder::createReturnStatement):
-            (JSC::ASTBuilder::createBreakStatement):
-            (JSC::ASTBuilder::createContinueStatement):
-            (JSC::ASTBuilder::createTryStatement):
-            (JSC::ASTBuilder::createSwitchStatement):
-            (JSC::ASTBuilder::createWhileStatement):
-            (JSC::ASTBuilder::createDoWhileStatement):
-            (JSC::ASTBuilder::createLabelStatement):
-            (JSC::ASTBuilder::createWithStatement):
-            (JSC::ASTBuilder::createThrowStatement):
-            (JSC::ASTBuilder::createDebugger):
-            (JSC::ASTBuilder::createConstStatement):
-            (JSC::ASTBuilder::appendBinaryExpressionInfo):
-            (JSC::ASTBuilder::appendUnaryToken):
-            (JSC::ASTBuilder::unaryTokenStackLastStart):
-            (JSC::ASTBuilder::unaryTokenStackLastLineStartPosition): Added.
-            (JSC::ASTBuilder::assignmentStackAppend):
-            (JSC::ASTBuilder::createAssignment):
-            (JSC::ASTBuilder::setExceptionLocation):
-            (JSC::ASTBuilder::makeDeleteNode):
-            (JSC::ASTBuilder::makeFunctionCallNode):
-            (JSC::ASTBuilder::makeBinaryNode):
-            (JSC::ASTBuilder::makeAssignNode):
-            (JSC::ASTBuilder::makePrefixNode):
-            (JSC::ASTBuilder::makePostfixNode):.
-              - Plumbed line, lineStart, and startColumn through the above as needed.
-
-            * parser/Lexer.cpp:
-            (JSC::::currentSourcePtr):
-            (JSC::::setCode):
-              - Added tracking for sourceoffset and lineStart.
-            (JSC::::internalShift):
-            (JSC::::parseIdentifier):
-              - Added tracking for lineStart.
-            (JSC::::parseIdentifierSlowCase):
-            (JSC::::parseString):
-              - Added tracking for lineStart.
-            (JSC::::parseStringSlowCase):
-            (JSC::::lex):
-              - Added tracking for sourceoffset.
-            (JSC::::sourceCode):
-            * parser/Lexer.h:
-            (JSC::Lexer::currentOffset):
-            (JSC::Lexer::currentLineStartOffset):
-            (JSC::Lexer::setOffset):
-              - Added tracking for lineStart.
-            (JSC::Lexer::offsetFromSourcePtr): Added. conversion function.
-            (JSC::Lexer::sourcePtrFromOffset): Added. conversion function.
-            (JSC::Lexer::setOffsetFromSourcePtr):
-            (JSC::::lexExpectIdentifier):
-              - Added tracking for sourceoffset and lineStart.
-
-            * parser/NodeConstructors.h:
-            (JSC::Node::Node):
-            (JSC::ResolveNode::ResolveNode):
-            (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
-            (JSC::FunctionCallValueNode::FunctionCallValueNode):
-            (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
-            (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
-            (JSC::FunctionCallDotNode::FunctionCallDotNode):
-            (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
-            (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
-            (JSC::PostfixNode::PostfixNode):
-            (JSC::DeleteResolveNode::DeleteResolveNode):
-            (JSC::DeleteBracketNode::DeleteBracketNode):
-            (JSC::DeleteDotNode::DeleteDotNode):
-            (JSC::PrefixNode::PrefixNode):
-            (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
-            (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
-            (JSC::AssignBracketNode::AssignBracketNode):
-            (JSC::AssignDotNode::AssignDotNode):
-            (JSC::ReadModifyDotNode::ReadModifyDotNode):
-            (JSC::AssignErrorNode::AssignErrorNode):
-            (JSC::WithNode::WithNode):
-            (JSC::ForInNode::ForInNode):
-              - Plumbed line and lineStart through the above as needed.
-            * parser/Nodes.cpp:
-            (JSC::StatementNode::setLoc): Plumbed lineStart.
-            (JSC::ScopeNode::ScopeNode): Plumbed lineStart.
-            (JSC::ProgramNode::ProgramNode): Plumbed startColumn.
-            (JSC::ProgramNode::create): Plumbed startColumn.
-            (JSC::EvalNode::create):
-            (JSC::FunctionBodyNode::FunctionBodyNode): Plumbed startColumn.
-            (JSC::FunctionBodyNode::create): Plumbed startColumn.
-            * parser/Nodes.h:
-            (JSC::Node::startOffset):
-            (JSC::Node::lineStartOffset): Added.
-            (JSC::StatementNode::firstLine):
-            (JSC::StatementNode::lastLine):
-            (JSC::ThrowableExpressionData::ThrowableExpressionData):
-            (JSC::ThrowableExpressionData::setExceptionSourceCode):
-            (JSC::ThrowableExpressionData::divotStartOffset):
-            (JSC::ThrowableExpressionData::divotEndOffset):
-            (JSC::ThrowableExpressionData::divotLine):
-            (JSC::ThrowableExpressionData::divotLineStart):
-            (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData):
-            (JSC::ThrowableSubExpressionData::setSubexpressionInfo):
-            (JSC::ThrowableSubExpressionData::subexpressionDivot):
-            (JSC::ThrowableSubExpressionData::subexpressionStartOffset):
-            (JSC::ThrowableSubExpressionData::subexpressionEndOffset):
-            (JSC::ThrowableSubExpressionData::subexpressionLine):
-            (JSC::ThrowableSubExpressionData::subexpressionLineStart):
-            (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
-            (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
-            (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot):
-            (JSC::ThrowablePrefixedSubExpressionData::subexpressionStartOffset):
-            (JSC::ThrowablePrefixedSubExpressionData::subexpressionEndOffset):
-            (JSC::ThrowablePrefixedSubExpressionData::subexpressionLine):
-            (JSC::ThrowablePrefixedSubExpressionData::subexpressionLineStart):
-            (JSC::ScopeNode::startStartOffset):
-            (JSC::ScopeNode::startLineStartOffset):
-            (JSC::ProgramNode::startColumn):
-            (JSC::EvalNode::startColumn):
-            (JSC::FunctionBodyNode::startColumn):
-              - Plumbed line and lineStart through the above as needed.
-            * parser/Parser.cpp:
-            (JSC::::Parser):
-            (JSC::::parseSourceElements):
-            (JSC::::parseVarDeclarationList):
-            (JSC::::parseConstDeclarationList):
-            (JSC::::parseForStatement):
-            (JSC::::parseBreakStatement):
-            (JSC::::parseContinueStatement):
-            (JSC::::parseReturnStatement):
-            (JSC::::parseThrowStatement):
-            (JSC::::parseWithStatement):
-              - Plumbed line and lineStart through the above as needed.
-            (JSC::::parseFunctionBody):
-              - Plumbed startColumn.
-            (JSC::::parseFunctionInfo):
-            (JSC::::parseFunctionDeclaration):
-            (JSC::LabelInfo::LabelInfo):
-            (JSC::::parseExpressionOrLabelStatement):
-            (JSC::::parseAssignmentExpression):
-            (JSC::::parseBinaryExpression):
-            (JSC::::parseProperty):
-            (JSC::::parseObjectLiteral):
-            (JSC::::parsePrimaryExpression):
-            (JSC::::parseMemberExpression):
-            (JSC::::parseUnaryExpression):
-              - Plumbed line, lineStart, startColumn through the above as needed.
-            * parser/Parser.h:
-            (JSC::Parser::next):
-            (JSC::Parser::nextExpectIdentifier):
-            (JSC::Parser::tokenStart):
-            (JSC::Parser::tokenColumn):
-            (JSC::Parser::tokenEnd):
-            (JSC::Parser::tokenLineStart):
-            (JSC::Parser::lastTokenLine):
-            (JSC::Parser::lastTokenLineStart):
-            (JSC::::parse):
-            * parser/ParserTokens.h:
-            (JSC::JSTokenLocation::JSTokenLocation):
-              - Plumbed lineStart.
-            (JSC::JSTokenLocation::lineStartPosition):
-            (JSC::JSTokenLocation::startPosition):
-            (JSC::JSTokenLocation::endPosition):
-            * parser/SourceCode.h:
-            (JSC::SourceCode::SourceCode):
-            (JSC::SourceCode::startColumn):
-            (JSC::makeSource):
-            (JSC::SourceCode::subExpression):
-            * parser/SourceProvider.cpp: delete old code.
-            * parser/SourceProvider.h: delete old code.
-            * parser/SourceProviderCacheItem.h:
-            (JSC::SourceProviderCacheItem::closeBraceToken):
-            (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
-              - Plumbed lineStart.
-            * parser/SyntaxChecker.h:
-            (JSC::SyntaxChecker::makeFunctionCallNode):
-            (JSC::SyntaxChecker::makeAssignNode):
-            (JSC::SyntaxChecker::makePrefixNode):
-            (JSC::SyntaxChecker::makePostfixNode):
-            (JSC::SyntaxChecker::makeDeleteNode):
-            (JSC::SyntaxChecker::createResolve):
-            (JSC::SyntaxChecker::createBracketAccess):
-            (JSC::SyntaxChecker::createDotAccess):
-            (JSC::SyntaxChecker::createRegExp):
-            (JSC::SyntaxChecker::createNewExpr):
-            (JSC::SyntaxChecker::createAssignResolve):
-            (JSC::SyntaxChecker::createFunctionExpr):
-            (JSC::SyntaxChecker::createFunctionBody):
-            (JSC::SyntaxChecker::createFuncDeclStatement):
-            (JSC::SyntaxChecker::createForInLoop):
-            (JSC::SyntaxChecker::createReturnStatement):
-            (JSC::SyntaxChecker::createBreakStatement):
-            (JSC::SyntaxChecker::createContinueStatement):
-            (JSC::SyntaxChecker::createWithStatement):
-            (JSC::SyntaxChecker::createLabelStatement):
-            (JSC::SyntaxChecker::createThrowStatement):
-            (JSC::SyntaxChecker::createGetterOrSetterProperty):
-            (JSC::SyntaxChecker::appendBinaryExpressionInfo):
-            (JSC::SyntaxChecker::operatorStackPop):
-              - Made SyntaxChecker prototype changes to match ASTBuilder due to new
-                args added for plumbing line, lineStart, and startColumn.
-            * runtime/CodeCache.cpp:
-            (JSC::CodeCache::generateBytecode):
-            (JSC::CodeCache::getCodeBlock):
-              - Plumbed startColumn.
-            * runtime/Executable.cpp:
-            (JSC::FunctionExecutable::FunctionExecutable):
-            (JSC::ProgramExecutable::compileInternal):
-            (JSC::FunctionExecutable::produceCodeBlockFor):
-            (JSC::FunctionExecutable::fromGlobalCode):
-              - Plumbed startColumn.
-            * runtime/Executable.h:
-            (JSC::ScriptExecutable::startColumn):
-            (JSC::ScriptExecutable::recordParse):
-            (JSC::FunctionExecutable::create):
-              - Plumbed startColumn.
-
-2013-07-08  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152052
-
-    2013-06-26  Anders Carlsson  <andersca@apple.com>
-
-            Add JSStringCreateWithCharactersNoCopy SPI
-            https://bugs.webkit.org/show_bug.cgi?id=118074
-            <rdar://problem/14279905>
-
-            Reviewed by Geoffrey Garen.
-
-            * API/JSStringRef.cpp:
-            (JSStringCreateWithCharactersNoCopy):
-            Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function.
-
-            * API/JSStringRefPrivate.h: Added.
-            Add a home for the JSStringCreateWithCharactersNoCopy function.
-
-            * API/OpaqueJSString.h:
-            (OpaqueJSString::OpaqueJSString):
-            Just call isolatedCopy on the passed in string.
-
-            * API/tests/testapi.c:
-            Add an API test for JSStringCreateWithCharactersNoCopy.
-
-            * JavaScriptCore.xcodeproj/project.pbxproj:
-            Add new files.
-
-2013-07-08  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152314
-
-    2013-07-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Replace RELEASE_ASSERT with ASSERT in CodeBlock:: bytecodeOffsetForCallAtIndex
-            https://bugs.webkit.org/show_bug.cgi?id=118316
-
-            Reviewed by Geoffrey Garen.
-
-            This is causing some crashiness in release builds. We should replace it with an ASSERT 
-            until we track down all the places that need fixing in bug 118315.
-
-            * bytecode/CodeBlock.h:
-            (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
-
-2013-07-01  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r152091
-
-    2013-06-27  Timothy Hatcher  <timothy@apple.com>
-
-            Notify the debugger about functions created from source code via new Function() or WebCore::JSLazyEventListener.
-
-            https://bugs.webkit.org/show_bug.cgi?id=118063
-
-            Reviewed by Geoffrey Garen.
-
-            * bytecode/UnlinkedCodeBlock.cpp:
-            (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Call Debugger::sourceParsed.
-
-2013-07-01  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r151978
-
-    2013-06-25  Ryosuke Niwa  <rniwa@webkit.org>
-
-            JSString should remember AtomicString
-            https://bugs.webkit.org/show_bug.cgi?id=117386
-
-            Reviewed by Geoffrey Garen.
-
-            Added JSValue::toAtomicString and JSString::atomicString. These two functions allow WebCore to update
-            JSString's m_value to set isAtomic flag and avoid the AtomicStringTable lookups in subsequent attempts
-            to obtain the AtomicString of the same value.
-
-            * runtime/JSCJSValue.h:
-            * runtime/JSString.h:
-            (JSC::JSString::atomicString):
-            (JSC::JSValue::toAtomicString):
-
-2013-06-25  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r151786
-
-    2013-06-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Improper deallocation of JSManagedValue causes crashes during autorelease pool draining
-            https://bugs.webkit.org/show_bug.cgi?id=117840
-
-            Reviewed by Geoffrey Garen.
-
-            Improperly managing a JSManagedValue can cause a crash when the JSC::Weak inside the 
-            JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained 
-            JSManagedValues cause memory leaks than take down the whole app. 
-
-            The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we 
-            can safely null it out. This will prevent ~Weak from crashing.
-
-            * API/JSManagedValue.mm:
-            (-[JSManagedValue JSC::JSC::]):
-            (JSManagedValueHandleOwner::finalize):
-            * API/tests/testapi.mm: Added a test that crashed prior to this fix due to a leaked 
-            managed reference. Also fixed a small style nit I noticed in another test.
-
-2013-06-25  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r151923
-
-    2013-06-24  Roger Fong  <roger_fong@apple.com>
-
-            Unreviewed. Makefile build fix for AppleWindows.
-
-            * JavaScriptCore.vcxproj/JavaScriptCore.make:
-
-2013-06-21  Lucas Forschler  <lforschler@apple.com>
-
-        Merge r151787
-
-    2013-06-20  Roger Fong  <roger_fong@apple.com>
-
-            Make Windows makefile copy build output to a different folder.
-            <rdar://problem/14219184>.
-
-            * JavaScriptCore.vcxproj/JavaScriptCore.make:
-
-2013-06-18  Roger Fong  <roger_fong@apple.com>
-
-        Disable some feature flags.
-        <rdar://problem/14171207>.
-
-        Rubberstamped by Jon Lee.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-06-18  Oliver Hunt  <oliver@apple.com>
-
-        Going to google.com/trends causes a crash
-        https://bugs.webkit.org/show_bug.cgi?id=117602
-
-        Reviewed by Geoffrey Garen.
-
-        When handling op_throw, etc we need to flush the variables and arguments
-        for the entire inline stack, not just the top frame.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::flushAllArgumentsAndCapturedVariablesInInlineStack):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2013-06-18  Roger Fong  <roger_fong@apple.com>
-
-        Replace tools32 folder with tools and update WebKit Windows solution accordingly.
-        <rdar://problem/14118143>.
-
-        Rubberstamped by Brent Fulgham.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
-        * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
-        * JavaScriptCore.vcxproj/jsc/jscDebug.props:
-        * JavaScriptCore.vcxproj/jsc/jscProduction.props:
-        * JavaScriptCore.vcxproj/jsc/jscRelease.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
-        * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
-        * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
-        * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
-        * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
-        * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:
-
-2013-06-17  Roger Fong  <roger_fong@apple.com>
-
-        Modify Windows makefiles to copy some bin output into Program Files.
-        https://bugs.webkit.org/show_bug.cgi?id=117714.
-        <rdar://problem/14179054>
-
-        Reviewed by Brent Fulgham.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.make:
-
-2013-06-14  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Function names on Object.prototype should be common identifiers
-        https://bugs.webkit.org/show_bug.cgi?id=117614
-
-        Reviewed by Darin Adler.
-
-        Patch written by Sam Weinig. Make Object's prototype function names common identififers since they're used frequently.
-
-        * runtime/CommonIdentifiers.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSObject.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::finishCreation):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::finishCreation):
-
-2013-06-13  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Remove LiteralIdentifierTable
-        https://bugs.webkit.org/show_bug.cgi?id=117613
-
-        Reviewed by Geoffrey Garen.
-
-        Removed LiteralIdentifierTable since it doesn't seem to have any perf. impact now.
-
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-
-2013-06-12  Conrad Shultz  <conrad_shultz@apple.com>
-
-        JSExport header documentation substitutes "semicolon" for "colon"
-        https://bugs.webkit.org/show_bug.cgi?id=117552
-
-        Reviewed by Mark Hahnenberg.
-
-        * API/JSExport.h:
-        Fix a couple typos.
-
-2013-06-10  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>
-
-        [JSC] Remove a vestige of wxWidgets support.
-        https://bugs.webkit.org/show_bug.cgi?id=117419
-
-        Reviewed by Benjamin Poulain.
-
-        * runtime/JSExportMacros.h: Remove a check for BUILDING_WX__ that
-        seems to have gone unnoticed when the wxWidgets port was removed.
-
-2013-06-06  Roger Fong  <roger_fong@apple.com>
-
-        Stop copying AAS binaries into build folder.
-        https://bugs.webkit.org/show_bug.cgi?id=117319.
-
-        Rubberstamped by Darin Adler.
-
-        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
-        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
-        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
-        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
-
-2013-06-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA shouldn't filter ArrayModes with ALL_NON_ARRAY_ARRAY_MODES if the speculated type is not SpecArray
-        https://bugs.webkit.org/show_bug.cgi?id=117279
-        <rdar://problem/14078025>        
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::filterArrayModesByType):
-
-2013-06-05  Michael Saboff  <msaboff@apple.com>
-
-        JSC: Crash beneath cti_op_div @ http://gmailblog.blogspot.com
-        https://bugs.webkit.org/show_bug.cgi?id=117280
-
-        Reviewed by Filip Pizlo.
-
-        Updated the merging of VariableAccessData nodes in ArgumentPosition lists
-        to find the unified VariableAccessData node that is the root of the
-        current node instead of using the current node directly when merging
-        attributes.
-        Added new dump code to dump the ArgumentPosition list.
-
-        * dfg/DFGArgumentPosition.h:
-        (JSC::DFG::rgumentPosition::mergeArgumentPredictionAwareness):
-        (JSC::DFG::ArgumentPosition::mergeArgumentUnboxingAwareness):
-        (JSC::DFG::ArgumentPosition::dump):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-
-2013-06-05  Bear Travis  <betravis@adobe.com>
-
-        [CSS Exclusions][CSS Shapes] Split CSS Exclusions & Shapes compile & runtime flags
-        https://bugs.webkit.org/show_bug.cgi?id=117172
-
-        Reviewed by Alexandru Chiculita.
-
-        Adding the CSS_SHAPES compile flag.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-06-05  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        JSC Assertion tests failures on MIPS.
-        https://bugs.webkit.org/show_bug.cgi?id=116552
-
-        Reviewed by Geoffrey Garen.
-
-        Fix condition handlig in branchAdd32 implemetations.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branchAdd32):
-
-2013-06-04  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Add floating point absolute function support in baseline JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=117147
-
-        Reviewed by Geoffrey Garen.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
-        (JSC::MacroAssemblerSH4::absDouble):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::dabs):
-        (JSC::SH4Assembler::printInstr):
-
-2013-06-04  Zan Dobersek  <zdobersek@igalia.com>
-
-        [JSC] Test262 15.5.4.9_3 test is failing
-        https://bugs.webkit.org/show_bug.cgi?id=116789
-
-        Reviewed by Geoffrey Garen.
-
-        Bring the String.prototype.localeCompare behavior in line wit ES5 15.9.4.9.
-        If method is not given enough arguments, the minimal amount of arguments must be assumed, with their value being undefined.
-        The first argument to localeCompare, in its string form, is used as the 'that' string that's used in the comparison.
-        Therefor, when calling str.localeCompare() or str.localeCompare(undefined), the first argument is `undefined` and the
-        string "undefined" is used as the string to which value of str is compared.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncLocaleCompare): Remove the early return in case of no given arguments to achieve the desired behavior.
-
-2013-06-03  Hojong Han  <hojong.han@samsung.com>
-
-        [EFL] Implement GCActivityCallback
-        https://bugs.webkit.org/show_bug.cgi?id=95923
-
-        Reviewed by Geoffrey Garen.
-
-        Implements the activity triggered garbage collector.
-        Additional GCs can be triggered by platfrom timer.
-        It has sort of compaction effect not to make JSC heap grow fast
-        so that memory usage becomes lower than usual.
-
-        * PlatformEfl.cmake: Added.
-        * heap/HeapTimer.cpp:
-        (JSC):
-        (JSC::HeapTimer::HeapTimer):
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::add):
-        (JSC::HeapTimer::stop):
-        (JSC::HeapTimer::timerEvent):
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * jsc.cpp:
-        (main):
-        * runtime/GCActivityCallback.cpp:
-        (JSC):
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::scheduleTimer):
-        (JSC::DefaultGCActivityCallback::cancelTimer):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        * runtime/GCActivityCallback.h:
-        (GCActivityCallback):
-        (JSC::GCActivityCallback::GCActivityCallback):
-        (DefaultGCActivityCallback):
-
-2013-06-03  Roger Fong  <roger_fong@apple.com>
-
-        Nuke VS2005 files from the tree.
-        <rdar://problem/14042021>.
-
-        Rubberstamped by Brent Fulgham.
-
-        * JavaScriptCore.vcproj: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore.resources: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePGOOptimize.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed.
-        * JavaScriptCore.vcproj/LLIntAssembly: Removed.
-        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Removed.
-        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Removed.
-        * JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets: Removed.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Removed.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleaseCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleasePGO.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc: Removed.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/jsc/jscPreLink.cmd: Removed.
-        * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi: Removed.
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiPreLink.cmd: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Removed.
-
-2013-05-31  Filip Pizlo  <fpizlo@apple.com>
-
-        Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor()
-        <rdar://problem/13989324>
-
-        Rubber stamped by Mark Hahnenberg.
-        
-        This has a bogus assertion that checks that the passed CodeOrigin doesn't have
-        an inline call frame. This was well intentioned in the sense that it is true
-        that inlined call frames wouldn't have an activation register. But that doesn't
-        mean that people won't ask. Removing the assertion fixes a debug-only crash and
-        has no impact on production code. This change adds a comment to that effect.
-
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::uncheckedActivationRegisterFor):
-
-2013-05-31  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Fix Overflow case of branchMul32 in baseline JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=117057
-
-        Reviewed by Oliver Hunt.
-
-        Current implementation of Overflow case in branchMul32 performs an
-        unsigned multiplication whereas a signed multiplication is expected.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchMul32):
-
-2013-05-31  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Fix floating point comparisons in baseline JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=117066.
-
-        Reviewed by Oliver Hunt.
-
-        Current implementation of branchDouble function in baseline JIT is wrong
-        for some conditions and overkill for others. For instance:
-        - With DoubleGreaterThanOrEqual condition, branch will be taken if either
-          operand is NaN with current implementation whereras it should not.
-        - With DoubleNotEqualOrUnordered condition, performed NaN checks are
-          useless (because comparison result is false if either operand is NaN).
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchDouble):
-
-2013-05-31  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Fix double floating point transfer in baseline JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=117054
-
-        Reviewed by Oliver Hunt.
-
-        In current implementation, dmovRegReg function transfers only one single
-        FPRegister as PR=1 and SZ=0 in floating point status/control register.
-        Double transfers must be performed with two fmov.s opcodes.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::moveDouble):
-        (JSC::MacroAssemblerSH4::addDouble): Handle (op2==dest) case properly.
-        (JSC::MacroAssemblerSH4::sqrtDouble):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::fmovsRegReg):
-
-2013-05-31  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Handle branchType properly in branchTruncateDoubleToInt32.
-        https://bugs.webkit.org/show_bug.cgi?id=117062
-
-        Reviewed by Oliver Hunt.
-
-        Current implementation of branchTruncateDoubleToInt32 is incorrect
-        when branchType == BranchIfTruncateSuccessful in sh4 baseline JIT.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
-
-2013-05-31  Brent Fulgham  <bfulgham@apple.com>
-
-        [Windows] Unreviewed build fix for VS2005 builders.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Add
-        missing export for WTF::SHA1::computeHexDigest
-
-2013-05-30  David Farler  <dfarler@apple.com>
-
-        Fix jscore-test when not using --sdk option with jsDriver.pl
-        https://bugs.webkit.org/show_bug.cgi?id=116339
-
-        Reviewed by Joe Pecoraro.
-
-        * tests/mozilla/jsDriver.pl:
-        (execute_tests):
-        With each test, the shell_command needs to be started from scratch.
-
-        This fix will clear the shell_command and start over as before with
-        the opt_arch option when not using --sdk with jsDriver.pl.
-
-2013-05-30  Roger Fong  <roger_fong@apple.com>
-
-        Get rid of JavaScript exports file on AppleWin port.
-        https://bugs.webkit.org/show_bug.cgi?id=117050.
-
-        Reviewed by Darin Adler.
-
-        Delete the JavaScriptCoreExportGenerator folder and remove dependencies.
-        Start linking in WTF.lib now that it's a shared library.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/make-export-file-generator: Removed.
-        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
-        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
-
-2013-05-22  David Farler  <dfarler@apple.com>
-
-        Add --sdk option to jsDriver.pl to run with iOS Simulator
-        https://bugs.webkit.org/show_bug.cgi?id=116339
-
-        Reviewed by David Kilzer.
-
-        * tests/mozilla/jsDriver.pl:
-        (execute_tests):
-        Prefix shell command with the path to the "sim" tool.
-        (parse_args):
-        Add -d / --sdk option.
-        (usage):
-        Help message for -d / --sdk option.
-
-2013-05-30  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Optimize NaN checks in LLINT for floating point comparisons.
-        https://bugs.webkit.org/show_bug.cgi?id=117049
-
-        Reviewed by Oliver Hunt.
-
-        Use the fcmp/eq opcode in sh4 LLINT to test if a double is NaN.
-        This is more efficient, doesn't require two tmp registers and requires
-        less code than current implementation (which converts double to float,
-        then checks 'E = Emax + 1' and 'f != 0').
-
-        * offlineasm/sh4.rb:
-
-2013-05-30  Oliver Hunt  <oliver@apple.com>
-
-        JSCallbackObject does not correctly initialise the PropertySlot for getOwnPropertyDescriptor
-        https://bugs.webkit.org/show_bug.cgi?id=117053
-
-        Reviewed by Mark Hahnenberg.
-
-        Set appropriate thisValue on the PropertySlot
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyDescriptor):
-        * API/tests/testapi.mm:
-
-2013-05-29  Jeffrey Pfau  <jpfau@apple.com>
-
-        [Mac] Enable cache partitioning and the public suffix list on 10.8
-        <rdar://problem/13679019>
-
-        Rubber-stamped by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-05-28  Brent Fulgham  <bfulgham@apple.com>
-
-        [Windows] Put correct byteCompile symbol in file. Previous version
-        had an extra 'i' appended to the end.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-05-28  Brent Fulgham  <bfulgham@apple.com>
-
-        [Windows] Unreviewed build fix.  Remove ?byteCompile symbol that
-        is no longer accessible during link.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-05-28  Gavin Barraclough  <barraclough@apple.com>
-
-        String(new Date(2010,10,1)) is wrong in KRAT, YAKT
-        https://bugs.webkit.org/show_bug.cgi?id=106750
-
-        Reviewed by Darin Adler.
-
-        * runtime/JSDateMath.cpp:
-        (JSC::msToGregorianDateTime):
-            - Additional review comment fix.
-
-2013-05-28  Brent Fulgham  <bfulgham@apple.com>
-
-        [Windows] Unreviewed build fix after r150833
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        A CR/LF combination was lost in the file, combining two symbols.
-
-2013-05-27  Gavin Barraclough  <barraclough@apple.com>
-
-        String(new Date(2010,10,1)) is wrong in KRAT, YAKT
-        https://bugs.webkit.org/show_bug.cgi?id=106750
-
-        Reviewed by Darin Adler.
-
-        First part of a fix, simplfy date handling code, instead of operating separately
-        on the UTC-standard and standard-DST offsets, just generate a combined UTC-local
-        offset (this is what we actually need, and what the OS gives us).
-
-        * runtime/JSDateMath.cpp:
-        (JSC::getLocalTimeOffset):
-            - removed getUTCOffset, converted getDSTOffset -> getLocalTimeOffset
-        (JSC::gregorianDateTimeToMS):
-        (JSC::msToGregorianDateTime):
-        (JSC::parseDateFromNullTerminatedCharacters):
-            - call getLocalTimeOffset instead of getUTCOffset/getDSTOffset
-        * runtime/VM.cpp:
-        (JSC::VM::resetDateCache):
-            - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
-        * runtime/VM.h:
-        (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
-        (JSC::LocalTimeOffsetCache::reset):
-        (LocalTimeOffsetCache):
-            - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
-
-2013-05-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        r150199 is very wrong
-        https://bugs.webkit.org/show_bug.cgi?id=116876
-
-        JSValue needs to protect its internal JSValueRef.
-
-        Reviewed by Darin Adler.
-
-        * API/JSValue.mm:
-        (-[JSValue initWithValue:inContext:]):
-        (-[JSValue dealloc]):
-        * API/tests/testapi.mm: Added a simple test to make sure that we protect the
-        underlying JavaScript value across garbage collections.
-
-2013-05-27  Patrick Gansterer  <paroga@webkit.org>
-
-        Use ICU_INCLUDE_DIRS in BlackBerry CMake files
-        https://bugs.webkit.org/show_bug.cgi?id=116210
-
-        Reviewed by Rob Buis.
-
-        Set and use the ICU_INCLUDE_DIRS variable to avoid
-        duplicated adding of the ICU include directory.
-
-        * PlatformBlackBerry.cmake:
-
-2013-05-27  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        MacroAssemblerARM should use xor to swap registers instead of move
-        https://bugs.webkit.org/show_bug.cgi?id=116306
-
-        Reviewed by Zoltan Herczeg.
-
-        Change register swapping to xor from move and this way we don't need
-        temporary register anymore.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::swap):
-
-2013-05-25  Filip Pizlo  <fpizlo@apple.com>
-
-        We broke (-2^31/-1)|0 in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=116767
-
-        Reviewed by Andreas Kling.
-        
-        The bug is that we were assuming that in the -2^31 case, we already had -2^31
-        in the result register. This was a wrong assumption.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
-
-2013-05-24  Filip Pizlo  <fpizlo@apple.com>
-
-        We broke !(0/0)
-        https://bugs.webkit.org/show_bug.cgi?id=116736
-
-        Reviewed by Gavin Barraclough.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createLogicalNot):
-        * runtime/JSCJSValueInlines.h:
-        (JSC::JSValue::pureToBoolean):
-
-2013-05-24  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Optimize LLINT generated code and fix few bugs in baseline JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=116716
-
-        Reviewed by Geoffrey Garen.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::mul32): Cosmetic changes.
-        (JSC::MacroAssemblerSH4::convertInt32ToDouble): Absolute address was not dereferenced.
-        (JSC::MacroAssemblerSH4::branch32): Absolute address was not dereferenced.
-        (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): Use all 32 bits of pointer for revertJump call.
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::revertJump): Use changePCrelativeAddress to patch the whole pointer.
-        (JSC::SH4Assembler::linkJump): Cosmetic change.
-        * offlineasm/sh4.rb: Optimize LLINT generated code.
-
-2013-05-23  Peter Wang  <peter.wang@torchmobile.com.cn>
-
-        CLoop llint backend should not use the d8 register as scratch register
-        https://bugs.webkit.org/show_bug.cgi?id=116019
-
-        Reviewed by Csaba Osztrogonác.
-
-        * offlineasm/cloop.rb:
-
-2013-05-22  Peter Wang  <peter.wang@torchmobile.com.cn>
-
-        Use uninitialized register in "JIT::emit_op_neq_null" and "emit_op_eq_null"
-        https://bugs.webkit.org/show_bug.cgi?id=116593
-
-        Reviewed by Filip Pizlo.
-
-        Generated instructions using uninitialized register. It's caused by a mistake of r126494.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-
-2013-05-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of CodeBlock.h
-
-        Rubber stampted by Mark Hahnenberg.
-
-        * bytecode/CodeBlock.h:
-
-2013-05-22  Julien Brianceau  <jbrianceau@nds.com>
-
-        [sh4] Remove MacroAssemblerSH4.cpp file.
-        https://bugs.webkit.org/show_bug.cgi?id=116596.
-
-        Reviewed by Geoffrey Garen.
-
-        Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp
-        to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done
-        for other architectures.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/MacroAssemblerSH4.cpp: Removed.
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::linkCall):
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::repatchCall):
-
-2013-05-21  Brent Fulgham  <bfulgham@apple.com>
-
-        [Windows] Unreviewed speculative fix for test-bots.
-
-        Add export declaration for WTFInvokeCrashHook to avoid runtime
-        load error on test bots.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-05-21  Mark Lam  <mark.lam@apple.com>
-
-        Added missing assert condition for PositiveOrZero in ARM branch32().
-        https://bugs.webkit.org/show_bug.cgi?id=116538.
-
-        Reviewed by Geoffrey Garen.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchAdd32):
-
-2013-05-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Disable SuperRegion
-        https://bugs.webkit.org/show_bug.cgi?id=116362
-
-        Rubber stamped by Geoff Garen.
-
-        * heap/Region.h:
-
-2013-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Make C API more robust against null contexts
-        https://bugs.webkit.org/show_bug.cgi?id=116462
-
-        Reviewed by Anders Carlsson.
-
-        Handle null contexts in a non-crashy way.  It's a bug to ever call the
-        API with a null context, and the absence of a context means we can't
-        produce a meaningful result, so we still assert in debug builds.
-
-        Now where possible we detect and early return, returning null for any
-        pointer type, NaN for doubles, and false for any boolean result.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        (JSReportExtraMemoryCost):
-        * API/JSContextRef.cpp:
-        (JSContextGetGlobalObject):
-        (JSContextGetGroup):
-        (JSContextGetGlobalContext):
-        (JSContextCreateBacktrace):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectMakeArray):
-        (JSObjectMakeDate):
-        (JSObjectMakeError):
-        (JSObjectMakeRegExp):
-        (JSObjectGetPrototype):
-        (JSObjectSetPrototype):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCopyPropertyNames):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeUndefined):
-        (JSValueMakeNull):
-        (JSValueMakeBoolean):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueMakeFromJSONString):
-        (JSValueCreateJSONString):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        * API/JSWeakObjectMapRefPrivate.cpp:
-
-2013-05-20  David Kilzer  <ddkilzer@apple.com>
-
-        Synchronize FeatureDefines.xcconfig
-
-        * Configurations/FeatureDefines.xcconfig: Remove
-        ENABLE_LINK_PRERENDER.  This was missed in r150356.
-
-2013-05-19  Anders Carlsson  <andersca@apple.com>
-
-        Remove link prerendering code
-        https://bugs.webkit.org/show_bug.cgi?id=116415
-
-        Reviewed by Darin Adler.
-
-        This code was only used by Chromium and is dead now.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-05-18  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME
-        https://bugs.webkit.org/show_bug.cgi?id=114554
-
-        Reviewed by Gyuyoung Kim.
-
-        Using variables as target names is very uncommon in CMake.
-        The usual way to specify the name of the resulting binary
-        is to set the OUTPUT_NAME target property.
-
-        * CMakeLists.txt:
-        * shell/CMakeLists.txt:
-
-2013-05-17  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Remove invalid include paths
-        https://bugs.webkit.org/show_bug.cgi?id=116213
-
-        Reviewed by Gyuyoung Kim.
-
-        Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe
-        to remove them from the list of include directories.
-
-        * PlatformEfl.cmake: Removed.
-        * PlatformGTK.cmake: Removed.
-
-2013-05-16  Patrick Gansterer  <paroga@webkit.org>
-
-        Consolidate lists in JavaScriptCore CMake files
-        https://bugs.webkit.org/show_bug.cgi?id=115992
-
-        Reviewed by Gyuyoung Kim.
-
-        Move common files into the CMakeLists.txt to avoid duplicating the list of files.
-        Also rebase the recently added GTK files to match the other CMake ports, since
-        the submitted patch was based on an older version of the source tree.
-
-        * CMakeLists.txt:
-        * PlatformEfl.cmake:
-        * PlatformGTK.cmake:
-        * shell/CMakeLists.txt:
-        * shell/PlatformEfl.cmake:
-        * shell/PlatformGTK.cmake:
-
-2013-05-16  Geoffrey Garen  <ggaren@apple.com>
-
-        JSValue shouldn't protect/unprotect its context
-        https://bugs.webkit.org/show_bug.cgi?id=116234
-
-        Reviewed by Mark Hahnenberg.
-
-        Our retain on _context is sufficient.
-
-        * API/JSValue.mm:
-        (-[JSValue initWithValue:inContext:]):
-        (-[JSValue dealloc]):
-
-2013-05-15  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Another Windows build fix attempt after r150160.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-05-15  Oliver Hunt  <oliver@apple.com>
-
-        RefCountedArray needs to use vector initialisers for its backing store
-        https://bugs.webkit.org/show_bug.cgi?id=116194
-
-        Reviewed by Gavin Barraclough.
-
-        Use an out of line function to clear the exception stack to avoid
-        needing to include otherwise unnecessary headers all over the place.
-
-        Everything else is just being updated to use that.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::clearSupplementaryExceptionInfo):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::throwException):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        * runtime/VM.cpp:
-        (JSC):
-        (JSC::VM::clearExceptionStack):
-        * runtime/VM.h:
-        (VM):
-        (JSC::VM::exceptionStack):
-
-2013-05-15  Commit Queue  <commit-queue@webkit.org>
-
-        Unreviewed, rolling out r150051.
-        http://trac.webkit.org/changeset/150051
-        https://bugs.webkit.org/show_bug.cgi?id=116186
-
-        Broke all JSC tests on Mac and the author is unresponsive
-        (Requested by rniwa on #webkit).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-05-15  Julien Brianceau  <jbrianceau@nds.com>
-
-        Remove savedTimeoutReg from JITStackFrame for sh4 base JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=116143
-
-        Reviewed by Geoffrey Garen.
-
-        Since r148119, timeoutCheckRegister is removed from baseline JIT.
-        So we don't need to save r8 register in JITStackFrame anymore for sh4.
-
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        (JITStackFrame):
-
-2013-05-15  Nico Weber  <thakis@chromium.org>
-
-        WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions.
-        https://bugs.webkit.org/show_bug.cgi?id=116157
-
-        Reviewed by Anders Carlsson.
-
-        Also remove a gcc3.2 workaround.
-
-        Merges parts of these two commits by the talented Nico Weber:
-        https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5
-        https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312
-
-        * os-win32/inttypes.h:
-
-2013-05-13  Alvaro Lopez Ortega  <alvaro@alobbs.com>
-
-        Nightly build's jsc doesn't work without DYLD_FRAMEWORK...
-        https://bugs.webkit.org/show_bug.cgi?id=79065
-
-        Reviewed by Darin Adler.
-
-        Fixes the build process so the depencencies of the jsc binary are
-        modified before its copied to its target directory. In this way
-        jsc should always use relative reference to the JavaScriptCore
-        libraries.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in
-        the "Copy Into Framework" target.
-
-2013-05-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
-        https://bugs.webkit.org/show_bug.cgi?id=116074
-
-        If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 
-        scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 
-        JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. 
-        If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 
-        is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.
-
-        Reviewed by Darin Adler.
-
-        * API/JSVirtualMachine.mm:
-        (scanExternalObjectGraph):
-
-2013-05-13  Benjamin Poulain  <benjamin@webkit.org>
-
-        Improve stringProtoFuncLastIndexOf for the prefix case
-        https://bugs.webkit.org/show_bug.cgi?id=115952
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncLastIndexOf):
-        Use the optimized string search when possible.
-
-        On Joseph Pecoraro's tests, this gives a ~30% speed improvement.
-
-2013-05-13  Zalan Bujtas  <zalan@apple.com>
-
-        WebProcess consuming very high CPU on linkedin.com
-        https://bugs.webkit.org/show_bug.cgi?id=115601
-
-        Reviewed by Andreas Kling.
-
-        Disable WEB_TIMING_MINIMAL.
-        Turn off window.performance and performance.now(). Some JS frameworks expect
-        additional Web Timing APIs, when performance.now() is available.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-05-12  Anders Carlsson  <andersca@apple.com>
-
-        Stop including UnusedParam.h
-        https://bugs.webkit.org/show_bug.cgi?id=116003
-
-        Reviewed by Sam Weinig.
-
-        UnusedParam.h is empty now so there's no need to include it anymore.
-
-        * API/APICast.h:
-        * API/tests/JSNode.c:
-        * API/tests/JSNodeList.c:
-        * API/tests/minidom.c:
-        * API/tests/testapi.c:
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        * bytecode/CodeBlock.cpp:
-        * heap/HandleStack.h:
-        * interpreter/JSStackInlines.h:
-        * jit/CompactJITCodeMap.h:
-        * jit/ExecutableAllocator.h:
-        * parser/SourceProvider.h:
-        * runtime/DatePrototype.cpp:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSSegmentedVariableObject.h:
-        * runtime/JSVariableObject.h:
-        * runtime/Options.cpp:
-        * runtime/PropertyOffset.h:
-
-2013-05-11  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Add a basic cmake build for WTF and JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=115967
-
-        Reviewed by Laszlo Gombos.
-
-        * PlatformGTK.cmake: Added.
-        * shell/PlatformGTK.cmake: Added.
-
-2013-05-10  Laszlo Gombos  <l.gombos@samsung.com>
-
-        Remove USE(OS_RANDOMNESS)
-        https://bugs.webkit.org/show_bug.cgi?id=108095
-
-        Reviewed by Darin Adler.
-
-        Remove the USE(OS_RANDOMNESS) guard as it is turned on for all
-        ports.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-
-2013-05-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
-        https://bugs.webkit.org/show_bug.cgi?id=115938
-
-        We're going to add some more types of check hoisting soon, so let's have the right name here.
-
-        Rubber stamped by Filip Pizlo.
-        
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
-        * dfg/DFGStructureCheckHoistingPhase.h: Removed.
-        * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp.
-        (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
-        (JSC::DFG::performTypeCheckHoisting):
-        * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h.
-
-2013-05-09  Christophe Dumez  <ch.dumez@sisa.samsung.com>
-
-        Unreviewed build fix after r149836.
-
-        It broke at least EFL and GTK builds. Move new static members initialization
-        outside the class. Those need to have a definition outside the class because
-        their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries).
-
-        * runtime/CodeCache.cpp:
-        (JSC):
-        * runtime/CodeCache.h:
-        (CodeCacheMap):
-
-2013-05-08  Oliver Hunt  <oliver@apple.com>
-
-        Code cache stores bogus var references for functions in eval code
-        https://bugs.webkit.org/show_bug.cgi?id=115747
-
-        Reviewed by Mark Hahnenberg.
-
-        Non-global eval now uses a per-CodeBlock cache, and only use it
-        when we're at the top of a function's scope.  This means that we
-        will no longer cache the parsing of a single string across
-        multiple functions, and we won't cache when we're nested inside
-        constructs like |with| and |catch| where previously we would, which
-        is good because caching in those cases is unsound.
-
-        * bytecode/EvalCodeCache.h:
-        (JSC):
-        (JSC::EvalCodeCache::getSlow):
-        (JSC::EvalCodeCache::get):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC::UnlinkedCodeBlock::codeCacheForEval):
-        (UnlinkedCodeBlock):
-        (RareData):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/Interpreter.cpp:
-        (JSC::eval):
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::CodeCache):
-        (JSC::CodeCache::generateBytecode):
-        (JSC):
-        (JSC::CodeCache::getCodeBlock):
-        * runtime/CodeCache.h:
-        (JSC::CodeCacheMap::CodeCacheMap):
-        (CodeCacheMap):
-        (JSC::CodeCacheMap::canPruneQuickly):
-        (JSC::CodeCacheMap::prune):
-        (JSC::CodeCache::create):
-        (CodeCache):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::EvalExecutable::compileInternal):
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::create):
-        (EvalExecutable):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::createEvalCodeBlock):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/VM.cpp:
-        (JSC::VM::VM):
-        * runtime/VM.h:
-        (VM):
-
-2013-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes
-        https://bugs.webkit.org/show_bug.cgi?id=115805
-
-        Reviewed by Geoffrey Garen.
-
-        It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's 
-        an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the 
-        code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray) 
-        instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray.
-
-        To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which 
-        should then use Array::PossiblyArray, then do the checks we were already doing.
-
-        * bytecode/ArrayProfile.h:
-        (JSC::hasSeenArray):
-        (JSC::hasSeenNonArray):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::fromObserved):
-
-2013-05-09  Joe Mason  <jmason@blackberry.com>
-
-        [BlackBerry] Set up logging buffer on start of jsc executable
-        https://bugs.webkit.org/show_bug.cgi?id=114688
-
-        Reviewed by Rob Buis.
-
-        Internal PR: 322715
-        Internally Reviewed By: Jeff Rogers
-
-        * jsc.cpp:
-        (main): call BB::Platform::setupApplicationLogging
-
-2013-05-08  Michael Saboff  <msaboff@apple.com>
-
-        JSC: There should be a disassembler for ARM Thumb 2
-        https://bugs.webkit.org/show_bug.cgi?id=115827
-
-        Reviewed by Filip Pizlo.
-
-        Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
-        and profiling code.  The opcode coverage is currently not complete.  It covers all
-        of the integer instructions JSC currently emits, but only a limited number of
-        floating point opcodes.  Currently that is just the 64 bit vmov and vmsr instructions.
-
-        The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
-        for each instruction group.  There is a public format method that does the bulk of
-        the disassembly work.  There are two broad sub-classes, ARMv7D16BitOpcode and
-        ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes.  There are sub-classes under
-        those two classes for individual and related groups of opcodes.  Instructions are
-        "dispatched" to the right subclass via two arrays of linked lists in the inner classes
-        OpcodeGroup.  There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
-        Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
-        that it matches a particular group.  OpcodeGroup uses a static method to reinterpret_cast
-        the Opcode object to the right base class for the instruction group for formatting.
-        The cast eliminates the need of allocating an object for each decoded instruction.
-        Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
-        the instruction is 16 or 32 bit.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * disassembler/ARMv7: Added.
-        * disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
-        (ARMv7Disassembler):
-        (OpcodeGroupInitializer):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::init):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
-        * disassembler/ARMv7/ARMv7DOpcode.h: Added.
-        (ARMv7Disassembler):
-        (ARMv7DOpcode):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
-        (ARMv7D16BitOpcode):
-        (OpcodeGroup):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
-        (ARMv7DOpcodeAddRegisterT2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
-        (ARMv7DOpcodeAddSPPlusImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
-        (ARMv7DOpcodeAddSubtract):
-        (ARMv7DOpcodeAddSubtractT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
-        (ARMv7DOpcodeAddSubtractImmediate3):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
-        (ARMv7DOpcodeAddSubtractImmediate8):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
-        (ARMv7DOpcodeBranchConditionalT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
-        (ARMv7DOpcodeBranchExchangeT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
-        (ARMv7DOpcodeBranchT2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
-        (ARMv7DOpcodeCompareImmediateT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
-        (ARMv7DOpcodeCompareRegisterT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
-        (ARMv7DOpcodeCompareRegisterT2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
-        (ARMv7DOpcodeDataProcessingRegisterT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
-        (ARMv7DOpcodeGeneratePCRelativeAddress):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
-        (ARMv7DOpcodeLoadFromLiteralPool):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
-        (ARMv7DOpcodeLoadStoreRegisterImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
-        (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
-        (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
-        (ARMv7DOpcodeLoadStoreRegisterOffsetT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
-        (ARMv7DOpcodeLoadStoreRegisterSPRelative):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
-        (ARMv7DOpcodeLogicalImmediateT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
-        (ARMv7DOpcodeMiscAddSubSP):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
-        (ARMv7DOpcodeMiscByteHalfwordOps):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
-        (ARMv7DOpcodeMiscBreakpointT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
-        (ARMv7DOpcodeMiscCompareAndBranch):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
-        (ARMv7DOpcodeMiscHint16):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
-        (ARMv7DOpcodeMiscIfThenT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
-        (ARMv7DOpcodeMiscPushPop):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
-        (ARMv7DOpcodeMoveImmediateT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
-        (ARMv7DOpcodeMoveRegisterT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
-        (ARMv7D32BitOpcode):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
-        (ARMv7DOpcodeBranchRelative):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
-        (ARMv7DOpcodeConditionalBranchT3):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
-        (ARMv7DOpcodeBranchOrBranchLink):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
-        (ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
-        (ARMv7DOpcodeDataProcessingModifiedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
-        (ARMv7DOpcodeDataProcessingShiftedReg):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
-        (ARMv7DOpcodeDataProcessingReg):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
-        (ARMv7DOpcodeDataProcessingRegShift):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
-        (ARMv7DOpcodeDataProcessingRegExtend):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
-        (ARMv7DOpcodeDataProcessingRegParallel):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
-        (ARMv7DOpcodeDataProcessingRegMisc):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
-        (ARMv7DOpcodeHint32):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
-        (ARMv7DOpcodeFPTransfer):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
-        (ARMv7DOpcodeDataLoad):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
-        (ARMv7DOpcodeLoadRegister):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
-        (ARMv7DOpcodeLoadSignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
-        (ARMv7DOpcodeLoadUnsignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
-        (ARMv7DOpcodeLongMultipleDivide):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
-        (ARMv7DOpcodeDataPushPopSingle):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
-        (ARMv7DOpcodeDataStoreSingle):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
-        (ARMv7DOpcodeStoreSingleImmediate12):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
-        (ARMv7DOpcodeStoreSingleImmediate8):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
-        (ARMv7DOpcodeStoreSingleRegister):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
-        (ARMv7DOpcodeUnmodifiedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
-        (ARMv7DOpcodeVMOVDoublePrecision):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
-        (ARMv7DOpcodeVMOVSinglePrecision):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
-        (ARMv7DOpcodeVMSR):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
-        * disassembler/ARMv7Disassembler.cpp: Added.
-        (JSC::tryToDisassemble):
-
-2013-05-07  Julien Brianceau  <jbrianceau@nds.com>
-
-        Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=115722
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::load8PostInc):
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::load16Unaligned):
-        (JSC::MacroAssemblerSH4::load16PostInc):
-        (JSC::MacroAssemblerSH4::storeDouble):
-        (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::movwMemRegIn):
-        (SH4Assembler):
-        (JSC::SH4Assembler::movbMemRegIn):
-        (JSC::SH4Assembler::printInstr):
-
-2013-05-07  Anders Carlsson  <andersca@apple.com>
-
-        Remove AlwaysInline.h from WTF
-        https://bugs.webkit.org/show_bug.cgi?id=115727
-
-        Reviewed by Brent Fulgham.
-
-        The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason
-        to keep AlwaysInline.h around anymore.
-
-        * jit/JSInterfaceJIT.h:
-        * parser/Lexer.h:
-        * runtime/JSCJSValue.h:
-        * runtime/SymbolTable.h:
-
-2013-05-07  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
-
-        HashTraits<RefPtr<P> >::PeekType should be raw pointer for better performance
-        https://bugs.webkit.org/show_bug.cgi?id=115646
-
-        Reviewed by Darin Adler.
-
-        * bytecompiler/StaticPropertyAnalyzer.h:
-        (JSC::StaticPropertyAnalyzer::putById):
-            Updated accordingly to new HashMap<.., RefPtr>::get() semantics.
-
-2013-05-06  Julien Brianceau  <jbrianceau@nds.com>
-
-        Misc bugfix and cleaning in sh4 base JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=115627
-
-        Reviewed by Oliver Hunt.
-
-        Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions.
-        Remove misplaced extuw() implementation from MacroAssemblerSH4.
-        Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate.
-        (JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate.
-        (JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register.
-        (JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case.
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::load16): Handle "base == r0" case.
-        (JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler.
-        (JSC::MacroAssemblerSH4::load16Signed): Cosmetic change.
-        (JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case.
-        (JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case.
-        (JSC::MacroAssemblerSH4::store32):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::movwRegMemr0):
-        (SH4Assembler):
-        (JSC::SH4Assembler::movbRegMemr0):
-        (JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change.
-        (JSC::SH4Assembler::maxJumpReplacementSize):
-        (JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode.
-        (JSC::SH4Assembler::printInstr):
-
-2013-05-06  Anders Carlsson  <andersca@apple.com>
-
-        Stop using WTF::deleteAllValues in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=115670
-
-        Reviewed by Oliver Hunt.
-
-        Change the Vectors used to Vectors of OwnPtrs instead.
-
-        * heap/DFGCodeBlocks.cpp:
-        (JSC::DFGCodeBlocks::~DFGCodeBlocks):
-        (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
-
-2013-05-06  Andras Becsi  <andras.becsi@digia.com>
-
-        Build with GCC 4.8 fails because of -Wmaybe-uninitialized
-        https://bugs.webkit.org/show_bug.cgi?id=115648
-
-        Reviewed by Michael Saboff.
-
-        Initialize values in Options::setOption since from
-        there we end up calling OptionRange::init with
-        uninitialized members.
-
-        * runtime/Options.cpp:
-
-2013-05-06  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        JSC ARM traditional failing on Octane NavierStokes test
-        https://bugs.webkit.org/show_bug.cgi?id=115626
-
-        Reviewed by Zoltan Herczeg.
-
-        Change the ARM traditional assembler to use double precision on value
-        conversions.
-
-        * assembler/ARMAssembler.h:
-
-2013-05-03  Michael Saboff  <msaboff@apple.com>
-
-        There should be a runtime option to constrain what functions get DFG compiled
-        https://bugs.webkit.org/show_bug.cgi?id=115576
-
-        Reviewed by Mark Hahnenberg.
-
-        Added OptionRange to Options to allow checking that something is within an option
-        or not.  The new OptionClass supports range strings in the form of [!]<low>[:<high>].
-        If only one value is given, then it will be used for both low and high.  A leading
-        '!' inverts the check.  If no range is given, then checking for a value within a range
-        will always return true.  Added the option "bytecodeRangeToDFGCompile" that takes an
-        OptionRange string to select the bytecode range of code blocks to DFG compile.
-
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile
-        range.
-        * runtime/Options.cpp:
-        (JSC::parse): Added overloaded parse() for OptionRange.
-        (JSC::OptionRange::init): Parse range string and then initialize the range.
-        (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within
-        the specified range.
-        (JSC::Options::dumpOption): Added code to dump OptionRange options.
-        * runtime/Options.h:
-        (OptionRange): New class.
-        (JSC::OptionRange::operator= ): This is really used as a default ctor for use within
-        the Option static array initialization.
-        (JSC::OptionRange::rangeString): This is used for debug.  It assumes that the char*
-        passed into OptionRange::init is valid when this function is called.
-
-2013-05-02  Oliver Hunt  <oliver@apple.com>
-
-        Fix potential bug in lookup logic
-        https://bugs.webkit.org/show_bug.cgi?id=115522
-
-        Reviewed by Mark Hahnenberg.
-
-        Though not a problem in practise, it is technically possible
-        to inject an un-proxied global object into the scope chain
-        via the C API.  This change makes sure that the scope walk
-        in BytecodeGenerator actually limits itself to scopes that
-        are statically bindable.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC):
-        (JSC::JSObject::isStaticScopeObject):
-
-2013-05-01  Roger Fong  <roger_fong@apple.com>
-
-        Set Path in makefile for AppleWin.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.make:
-
-2013-05-01  Benjamin Poulain  <benjamin@webkit.org>
-
-        Remove the remaining wscript
-        https://bugs.webkit.org/show_bug.cgi?id=115459
-
-        Reviewed by Andreas Kling.
-
-        * wscript: Removed.
-
-2013-04-30  Mark Lam  <mark.lam@apple.com>
-
-        JSContextGroupSetExecutionTimeLimit() should not pass a callback to the
-        VM watchdog if its client did not pass one in.
-        https://bugs.webkit.org/show_bug.cgi?id=115461.
-
-        Reviewed by Geoffrey Garen.
-
-        * API/JSContextRef.cpp:
-        (internalScriptTimeoutCallback):
-        (JSContextGroupSetExecutionTimeLimit):
-        * API/tests/testapi.c:
-        (main):
-        - Added test case when the time limit callback is 0.
-        - Also updated a check to verify that a TerminatedExecutionException is
-          thrown when the time out is cancelled.
-        - Also fixed some cosmetic typos.
-
-2013-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed op_ensure_property_exists
-        https://bugs.webkit.org/show_bug.cgi?id=115460
-
-        Reviewed by Mark Hahnenberg.
-
-        It was unused, and whatever it was once used for was not optimized.
-
-        * JavaScriptCore.order:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecode/Opcode.h:
-        (JSC::padOpcodeName):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        * llint/LLIntSlowPaths.h:
-        * llint/LowLevelInterpreter.asm:
-
-2013-04-30  Oliver Hunt  <oliver@apple.com>
-
-        JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
-        https://bugs.webkit.org/show_bug.cgi?id=115449
-
-        Reviewed by Geoffrey Garen.
-
-        Rename callframeishost to something that makes sense, and fix
-        getCallerInfo to correctly handle inline functions calling into
-        the VM.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::codeOriginForReturn):
-          Make this more robust in the face of incorrect stack walking
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallerFrame):
-          Everyone has to perform a codeblock() check before calling this
-          so we might as well just do it here.
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-
-2013-04-30  Julien Brianceau  <jbrianceau@nds.com>
-
-        Bug fixing in sh4 base JIT and LLINT.
-        https://bugs.webkit.org/show_bug.cgi?id=115420
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::lshift32):
-        (JSC::MacroAssemblerSH4::rshift32):
-        (JSC::MacroAssemblerSH4::branchMul32):
-        (JSC::MacroAssemblerSH4::urshift32):
-        (JSC::MacroAssemblerSH4::replaceWithJump):
-        (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::shldRegReg):
-        (JSC::SH4Assembler::shadRegReg):
-        (JSC::SH4Assembler::shalImm8r):
-        (SH4Assembler):
-        (JSC::SH4Assembler::sharImm8r):
-        (JSC::SH4Assembler::maxJumpReplacementSize):
-        (JSC::SH4Assembler::replaceWithJump):
-        * offlineasm/sh4.rb:
-
-2013-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Objective-C JavaScriptCore API should publicly support bridging to C
-        https://bugs.webkit.org/show_bug.cgi?id=115447
-
-        Reviewed by Mark Hahnenberg.
-
-        For consistency, I renamed
-
-            +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
-            +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
-            -[JSContext globalContext] => -[JSContext JSGlobalContextRef]
-
-        I searched svn to verify that these functions don't have clients yet,
-        so we won't break anything.
-
-        I also exported as public API
-
-            +[JSValue valueWithJSValueRef:]
-            +[JSContext contextWithJSGlobalContextRef:]
-
-        It's hard to integrate with the C API without these.
-
-2013-04-30  Commit Queue  <rniwa@webkit.org>
-
-        Unreviewed, rolling out r149349 and r149354.
-        http://trac.webkit.org/changeset/149349
-        http://trac.webkit.org/changeset/149354
-        https://bugs.webkit.org/show_bug.cgi?id=115444
-
-         The Thumb version of compileSoftModulo make invalid use of
-        registers (Requested by benjaminp on #webkit).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::isARMv7s):
-        (JSC):
-        * assembler/MacroAssemblerARMv7.cpp: Removed.
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-04-30  Zalan Bujtas  <zalan@apple.com>
-
-        Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/
-        https://bugs.webkit.org/show_bug.cgi?id=111244
-
-        Reviewed by David Kilzer.
-        
-        Enable performance.now() as a minimal subset of Web Timing API. 
-        It returns DOMHighResTimeStamp, a monotonically increasing value representing the 
-        number of milliseconds from the start of the navigation of the current document.
-        JS libraries use this API to check against the requestAnimationFrame() timestamp.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-04-30  Zoltan Arvai  <zarvai@inf.u-szeged.hu>
-
-        Unreviewed. Speculative build fix on Qt Arm and Mips after r149349.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-
-2013-04-29  Cosmin Truta  <ctruta@blackberry.com>
-
-        [ARM] Expand the use of integer division
-        https://bugs.webkit.org/show_bug.cgi?id=115138
-
-        Reviewed by Benjamin Poulain.
-
-        If availability of hardware integer division isn't known at compile
-        time, check the CPU flags and decide at runtime whether to fall back
-        to software. Currently, this OS-specific check is implemented on QNX.
-
-        Moreover, use operator % instead of fmod() in the calculation of the
-        software modulo. Even when it's software-emulated, operator % is faster
-        than fmod(): on ARM v7 QNX, without hardware division, we noticed
-        >3% speedup on SunSpider.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::sdiv): Did not compile conditionally.
-        (JSC::ARMv7Assembler::udiv): Ditto.
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::isARMv7s): Removed.
-        * assembler/MacroAssemblerARMv7.cpp: Added.
-        (JSC::isIntegerDivSupported): Added.
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added.
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case.
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationModOnInts): Added.
-        * dfg/DFGOperations.h:
-        (JSC::DFG::Z_DFGOperation_ZZ): Added.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen
-        from the common implementation; used operationModOnInts on ARM.
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7.
-        (JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM.
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM.
-
-2013-04-29  Benjamin Poulain  <benjamin@webkit.org>
-
-        Unify the data access of StringImpl members from JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=115320
-
-        Reviewed by Andreas Kling.
-
-        DFG accesses the member infos by directly calling the methods on StringImpl,
-        while the baseline JIT was using helper methods on ThunkHelpers.
-
-        Cut the middle man, and use StringImpl directly everywhere.
-
-        * jit/JITInlines.h:
-        (JSC::JIT::emitLoadCharacterString):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        * jit/JSInterfaceJIT.h:
-        * jit/ThunkGenerators.cpp:
-        (JSC::stringCharLoad):
-
-2013-04-29  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use push and pop for iOS math function thunks
-        https://bugs.webkit.org/show_bug.cgi?id=115215
-
-        Reviewed by Filip Pizlo.
-
-        The iOS ABI is a little different than regular ARM ABI regarding stack alignment.
-        The requirement is 4 bytes:
-        "The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned,
-         grows downward, and contains local variables and a function’s parameters."
-
-        Subsequently, we can just use push and pop to preserve the link register.
-
-        * jit/ThunkGenerators.cpp:
-
-2013-04-29  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows, WinCairo] Get rid of last few pthread include/link references.
-        https://bugs.webkit.org/show_bug.cgi?id=115375
-
-        Reviewed by Tim Horton.
-
-        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
-        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
-        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
-
-2013-04-29  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. AppleWin VS2010 build fix.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        ~BlockAllocator should ASSERT that it has no more Regions left
-        https://bugs.webkit.org/show_bug.cgi?id=115287
-
-        Reviewed by Andreas Kling.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::~BlockAllocator):
-        (JSC::BlockAllocator::allRegionSetsAreEmpty):
-        * heap/BlockAllocator.h:
-        (RegionSet):
-        (JSC::BlockAllocator::RegionSet::isEmpty):
-        (BlockAllocator):
-
-2013-04-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        IndexingTypes should use hex
-        https://bugs.webkit.org/show_bug.cgi?id=115286
-
-        Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate.
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/IndexingType.h:
-
-2013-04-29  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing headers files to compilation
-        and offlineasm/sh4.rb script.
-
-2013-04-28  Dean Jackson  <dino@apple.com>
-
-        [Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS)
-        https://bugs.webkit.org/show_bug.cgi?id=115310
-
-        Reviewed by Simon Fraser.
-
-        Remove ENABLE_HIGH_DPI_CANVAS_macosx.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-04-27  Darin Adler  <darin@apple.com>
-
-        Move from constructor and member function adoptCF/NS to free function adoptCF/NS.
-        https://bugs.webkit.org/show_bug.cgi?id=115307
-
-        Reviewed by Geoffrey Garen.
-
-        * heap/HeapTimer.cpp:
-        (JSC::HeapTimer::HeapTimer):
-        * runtime/VM.cpp:
-        (JSC::enableAssembler):
-        Use adoptCF free function.
-
-2013-04-27  Anders Carlsson  <andersca@apple.com>
-
-        Try to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-04-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Cleaned up pre/post inc/dec in bytecode
-        https://bugs.webkit.org/show_bug.cgi?id=115222
-
-        Reviewed by Filip Pizlo.
-
-        A few related changes here:
-
-        (*) Removed post_inc and post_dec. The two-result form was awkward to
-        reason about. Being explicit about the intermediate mov and to_number
-        reduces DFG overhead, removes some fragile ASSERTs from the DFG, and
-        fixes a const bug. Plus, we get to blow away 262 lines of code.
-
-        (*) Renamed pre_inc and pre_dec to inc and dec, since there's only one
-        version now.
-
-        (*) Renamed to_jsnumber to to_number, to match the ECMA name.
-
-        (*) Tightened up the codegen and runtime support for to_number.
-
-
-        * JavaScriptCore.order: Order!
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecode/Opcode.h:
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitInc):
-        (JSC::BytecodeGenerator::emitDec):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitToNumber):
-        (BytecodeGenerator): Removed post_inc and post_dec.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::emitPreIncOrDec): Updated for rename.
-
-        (JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed.
-        These are rare, and they boil away in the DFG.
-
-        (JSC::PostfixNode::emitResolve):
-        (JSC::PrefixNode::emitResolve): For const, use an explicit mov instead
-        of any special forms. This fixes a bug where we would do string
-        add/subtract instead of number.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_inc):
-        (JSC::JIT::emitSlow_op_inc):
-        (JSC::JIT::emit_op_dec):
-        (JSC::JIT::emitSlow_op_dec):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_inc):
-        (JSC::JIT::emitSlow_op_inc):
-        (JSC::JIT::emit_op_dec):
-        (JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_to_number):
-        (JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's
-        no such thing!
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions
-        about the lowest valued tag.
-
-        (JSC::JIT::emitSlow_op_to_number): Updated for renames.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LLIntSlowPaths.h:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * parser/NodeConstructors.h:
-        (JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames.
-
-        * runtime/Operations.cpp:
-        (JSC::jsIsObjectType): Removed a test for number cells. There's
-        no such thing!
-
-2013-04-27  Julien Brianceau  <jbrianceau@nds.com>
-
-        REGRESSION(r149114): cache flush for SH4 arch may flush an extra page.
-        https://bugs.webkit.org/show_bug.cgi?id=115305
-
-        Reviewed by Andreas Kling.
-
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::cacheFlush):
-
-2013-04-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Re-landing <http://trac.webkit.org/changeset/148999>
-
-            Filled out more cases of branch folding in bytecode when emitting
-            expressions into a branching context
-            https://bugs.webkit.org/show_bug.cgi?id=115057
-
-            Reviewed by Phil Pizlo.
-
-        We can't fold the number == 1 case to boolean because all non-zero numbers
-        down-cast to true, but only 1 is == to true.
-
-2013-04-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Correct indentation of SymbolTable.h
-        
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/SymbolTable.h:
-
-2013-04-26  Roger Fong  <roger_fong@apple.com>
-
-        Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders.
-        Make the DebugSuffix configuration use _debug dependencies.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.make:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
-        * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
-        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh:
-        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
-        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
-        * JavaScriptCore.vcxproj/build-generated-files.sh:
-        * JavaScriptCore.vcxproj/copy-files.cmd:
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
-        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
-        * JavaScriptCore.vcxproj/jsc/jscDebug.props:
-        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
-        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
-        * JavaScriptCore.vcxproj/jsc/jscProduction.props:
-        * JavaScriptCore.vcxproj/jsc/jscRelease.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
-        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
-        * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
-        * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
-        * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
-        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
-        * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
-        * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
-        * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:
-
-2013-04-26  Roger Fong  <roger_fong@apple.com>
-
-        Disable sub-pixel layout on mac.
-        https://bugs.webkit.org/show_bug.cgi?id=114999.
-
-        Reviewed by Simon Fraser.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Make stack tracing more robust
-        https://bugs.webkit.org/show_bug.cgi?id=115272
-
-        Reviewed by Geoffrey Garen.
-
-        CallFrame already handles stack walking confusion robustly,
-        so we should make sure that the actual walk handles that as well.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-
-2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        REGRESSION(r149165): It made many tests crash on 32 bit
-        https://bugs.webkit.org/show_bug.cgi?id=115227
-
-        Reviewed by Csaba Osztrogonác.
-
-        m_reservation is uninitialized when ENABLE(SUPER_REGION) is false.
-
-        * heap/SuperRegion.cpp:
-        (JSC::SuperRegion::~SuperRegion):
-
-2013-04-26  Julien Brianceau  <jbrianceau@nds.com>
-
-        Fix SH4 build broken since r149159.
-        https://bugs.webkit.org/show_bug.cgi?id=115229
-
-        Add BranchTruncateType enum in SH4 port and handle it in branchTruncateDoubleToInt32.
-
-        Reviewed by Allan Sandfeld Jensen.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
-
-2013-04-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        SuperRegion doesn't call deallocate() on its PageReservation
-        https://bugs.webkit.org/show_bug.cgi?id=115208
-
-        Reviewed by Geoffrey Garen.
-
-        It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual 
-        address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator 
-        also has this bug, but it doesn't matter much because there's only one instance of that class 
-        throughout the entire lifetime of the process, whereas each VM has its own SuperRegion. 
-
-        * heap/SuperRegion.cpp:
-        (JSC::SuperRegion::~SuperRegion):
-        * heap/SuperRegion.h:
-        (SuperRegion):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (FixedVMPoolExecutableAllocator):
-        (JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
-
-2013-04-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG doesn't support to_jsnumber
-        https://bugs.webkit.org/show_bug.cgi?id=115129
-
-        Reviewed by Geoffrey Garen.
-        
-        Based on Oliver's patch. Implements to_jsnumber as Identity(Number:@thingy), and then does
-        an optimization in Fixup to turn Identity(Number:) into Identity(Int32:) if the predictions
-        tell us to. Identity is later turned into Phantom.
-        
-        Also fixed BackPropMask, which appeared to have NodeDoesNotExit included in it. That's
-        wrong; NodeDoesNotExit is not a backward propagation property.
-        
-        Also fixed Identity to be marked as CanExit (i.e. not NodeDoesNotExit).
-        
-        This more than doubles the FPS on ammo.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::observeUseKindOnNode):
-        (JSC::DFG::FixupPhase::observeUseKindOnEdge):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2013-04-24  Oliver Hunt  <oliver@apple.com>
-
-        Add support for Math.imul
-        https://bugs.webkit.org/show_bug.cgi?id=115143
-
-        Reviewed by Filip Pizlo.
-
-        Add support for Math.imul, a thunk generator for Math.imul,
-        and an intrinsic.
-
-        Fairly self explanatory set of changes, DFG intrinsics simply
-        leverages the existing ValueToInt32 nodes.
-
-        * create_hash_table:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGBackwardsPropagationPhase.cpp:
-        (JSC::DFG::BackwardsPropagationPhase::propagate):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileArithIMul):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/ThunkGenerators.cpp:
-        (JSC::imulThunkGenerator):
-        (JSC):
-        * jit/ThunkGenerators.h:
-        (JSC):
-        * runtime/Intrinsic.h:
-        * runtime/MathObject.cpp:
-        (JSC):
-        (JSC::mathProtoFuncIMul):
-        * runtime/VM.cpp:
-        (JSC::thunkGeneratorForIntrinsic):
-
-2013-04-25  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, roll out http://trac.webkit.org/changeset/148999
-        It broke http://kripken.github.io/ammo.js/examples/new/ammo.html
-
-        * JavaScriptCore.order:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitNewArray):
-        (JSC::BytecodeGenerator::emitThrowReferenceError):
-        (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::shouldEmitProfileHooks):
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC):
-        (JSC::NullNode::emitBytecode):
-        (JSC::BooleanNode::emitBytecode):
-        (JSC::NumberNode::emitBytecode):
-        (JSC::StringNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createIfStatement):
-        (ASTBuilder):
-        * parser/NodeConstructors.h:
-        (JSC):
-        (JSC::NullNode::NullNode):
-        (JSC::BooleanNode::BooleanNode):
-        (JSC::NumberNode::NumberNode):
-        (JSC::StringNode::StringNode):
-        (JSC::IfNode::IfNode):
-        (JSC::IfElseNode::IfElseNode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::isPure):
-        (JSC::ExpressionNode::isSubtract):
-        (StatementNode):
-        (NullNode):
-        (JSC::NullNode::isNull):
-        (BooleanNode):
-        (JSC::BooleanNode::isPure):
-        (NumberNode):
-        (JSC::NumberNode::value):
-        (JSC::NumberNode::isPure):
-        (StringNode):
-        (JSC::StringNode::isPure):
-        (JSC::StringNode::isString):
-        (BinaryOpNode):
-        (IfNode):
-        (JSC):
-        (IfElseNode):
-        (ContinueNode):
-        (BreakNode):
-        * parser/Parser.cpp:
-        (JSC::::parseIfStatement):
-        * parser/ResultType.h:
-        (ResultType):
-        * runtime/JSCJSValueInlines.h:
-        (JSC::JSValue::pureToBoolean):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSCellInlines.h:
-        (JSC):
-
-2013-04-25  Filip Pizlo  <fpizlo@apple.com>
-
-        PreciseJumpTargets should treat loop_hint as a jump target
-        https://bugs.webkit.org/show_bug.cgi?id=115209
-
-        Reviewed by Mark Hahnenberg.
-        
-        I didn't add a test but I turned this into a release assertion. Running Octane is enough
-        to trigger it.
-
-        * bytecode/PreciseJumpTargets.cpp:
-        (JSC::computePreciseJumpTargets):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2013-04-25  Roman Zhuykov  <zhroma@ispras.ru>
-
-        Fix problems with processing negative zero on DFG.
-        https://bugs.webkit.org/show_bug.cgi?id=113862
-
-        Reviewed by Filip Pizlo.
-
-        Fix NodeNeedsNegZero flag propagation in BackwardPropagationPhase.
-        Function arithNodeFlags should not mask NodeNeedsNegZero flag for ArithNegate and DoubleAsInt32
-        nodes and this flag should be always used to decide where we need to generate nezative-zero checks.
-        Remove unnecessary negative-zero checks from integer ArithDiv on ARM.
-        Also remove such checks from integer ArithMod on ARM and X86, and make them always to
-        check not only "modulo_result == 0" but also "dividend < 0".
-        Generate faster code for case when ArithMod operation divisor is constant power of 2 on ARMv7
-        in the same way as on ARMv7s, and add negative-zero checks into this code when needed.
-        Change speculationCheck ExitKind from Overflow to NegativeZero where applicable.
- 
-        This shows 30% speedup of math-spectral-norm, and 5% speedup
-        on SunSpider overall on ARMv7 Linux.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
-        * dfg/DFGBackwardsPropagationPhase.cpp:
-        (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
-        (JSC::DFG::BackwardsPropagationPhase::isNotPosZero):
-        (JSC::DFG::BackwardsPropagationPhase::propagate):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::arithNodeFlags):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileArithNegate):
-
-2013-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Stack guards are too conservative
-        https://bugs.webkit.org/show_bug.cgi?id=115147
-
-        Reviewed by Mark Hahnenberg.
-
-        Increase stack guard to closer to old size.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::StackPolicy::StackPolicy):
-
-2013-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Stack guards are too conservative
-        https://bugs.webkit.org/show_bug.cgi?id=115147
-
-        Reviewed by Geoffrey Garen.
-
-        Reduce the limits and simplify the decision making.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::StackPolicy::StackPolicy):
-
-2013-04-25  Nick Diego Yamane  <nick.yamane@openbossa.org>
-
-        JSC: Fix interpreter misbehavior in builds with JIT disabled
-        https://bugs.webkit.org/show_bug.cgi?id=115190
-
-        Reviewed by Oliver Hunt.
-
-        Commit http://trac.webkit.org/changeset/147858 modified
-        some details on how JS stack traces are built. The method
-        "getLineNumberForCallFrame", renamed in that changeset to
-        "getBytecodeOffsetForCallFrame" is always returning `0' when
-        JIT is disabled
-
-        How to reproduce:
-         - Build webkit with JIT disabled
-         - Open MiniBrowser, for example, with http://google.com
-         - In a debug build, WebProcess will hit the following ASSERT:
-           Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279 ASSERT(low);
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getBytecodeOffsetForCallFrame):
-
-2013-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Make checkSyntax take a VM instead of an ExecState
-
-        RS=Tim
-
-        * jsc.cpp:
-        (runInteractive):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        * runtime/Completion.h:
-        (JSC):
-
-2013-04-25  Michael Saboff  <msaboff@apple.com>
-
-        32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean
-        https://bugs.webkit.org/show_bug.cgi?id=115188
-
-        Reviewed by Geoffrey Garen.
-
-        Changed the RegExpTest node to set the AbstractValue to boolean, since that
-        what it is.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-
-2013-04-25  Julien Brianceau  <jbrianceau@nds.com>
-
-        REGRESSION(r137994): Random crashes occur with SH4 JSC.
-        https://bugs.webkit.org/show_bug.cgi?id=115167.
-
-        Reviewed by Oliver Hunt.
-
-        Since r137994, uncommited pages could be inside the area of memory in
-        parameter of the cacheFlush function. That's why we have to flush each
-        page separately to avoid a fail of the whole flush, if an uncommited page
-        is in the area.
-
-        This patch is very similar to changeset 145194 made for ARMv7 architecture,
-        see https://bugs.webkit.org/show_bug.cgi?id=111441 for further information.
-
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::cacheFlush):
-
-2013-04-24  Mark Lam  <mark.lam@apple.com>
-
-        Add watchdog timer polling for the DFG.
-        https://bugs.webkit.org/show_bug.cgi?id=115134.
-
-        Reviewed by Geoffrey Garen.
-
-        The strategy is to add a speculation check to the DFG generated code to
-        test if the watchdog timer has fired or not. If the watchdog timer has
-        fired, the generated code will do an OSR exit to the baseline JIT, and
-        let it handle servicing the watchdog timer.
-
-        If the watchdog is not enabled, this speculation check will not be
-        emitted.
-
-        * API/tests/testapi.c:
-        (currentCPUTime_callAsFunction):
-        (extendTerminateCallback):
-        (main):
-        - removed try/catch statements so that we can test the watchdog on the DFG.
-        - added JS bindings to a native currentCPUTime() function so that the timeout
-          tests can be more accurate.
-        - also shortened the time values so that the tests can complete sooner.
-
-        * bytecode/ExitKind.h:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNodeType.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Watchdog.cpp:
-        (JSC::Watchdog::setTimeLimit):
-
-2013-04-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Special thunks for math functions should work on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=115144
-
-        Reviewed by Gavin Barraclough and Oliver Hunt.
-        
-        The only hard bit here was ensuring that we implemented the very special
-        "cheap C call" convention on ARMv7.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::isARMv7s):
-        (JSC):
-        (JSC::isX86):
-        * dfg/DFGCommon.h:
-        * jit/SpecializedThunkJIT.h:
-        (SpecializedThunkJIT):
-        (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
-        * jit/ThunkGenerators.cpp:
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-
-2013-04-24  Julien Brianceau  <jbrianceau@nds.com>
-
-        Misc bugfix and cleaning in sh4 base JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=115022.
-
-        Reviewed by Oliver Hunt.
-
-        Remove unused add32() and sub32() with scratchreg parameter to avoid
-        confusion as this function prototype means another behaviour.
-        Remove unused "void push(Address)" function which seems quite buggy.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::and32): Cosmetic change.
-        (JSC::MacroAssemblerSH4::lshift32): Cosmetic change.
-        (JSC::MacroAssemblerSH4::or32): Cosmetic change.
-        (JSC::MacroAssemblerSH4::xor32): Cosmetic change.
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::load32): Cosmetic change.
-        (JSC::MacroAssemblerSH4::load8Signed): Fix invalid offset upper limit
-        when using r0 register and cosmetic changes.
-        (JSC::MacroAssemblerSH4::load8): Reuse load8Signed to avoid duplication.
-        (JSC::MacroAssemblerSH4::load16): Fix invalid offset upper limit when
-        using r0 register, fix missing offset shift and cosmetic changes.
-        (JSC::MacroAssemblerSH4::store32): Cosmetic change.
-        (JSC::MacroAssemblerSH4::branchAdd32): Store result value before branch.
-
-2013-04-24  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Remove pthread from Visual Studio files in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=114864
-
-        Reviewed by Brent Fulgham.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
-        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
-        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
-        * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
-
-2013-04-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should keep the operand to create_this alive if it's emitting code for create_this
-        https://bugs.webkit.org/show_bug.cgi?id=115133
-
-        Reviewed by Mark Hahnenberg.
-        
-        The DFG must model bytecode liveness, or else OSR exit is going to have a really bad time.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2013-04-24  Roger Fong  <roger_fong@apple.com>
-
-        Have VS2010 WebKit solution look in WebKit_Libraries/lib32 for dependencies.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
-        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
-        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
-        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
-
-2013-04-24  Geoffrey Garen  <ggaren@apple.com>
-
-        32-bit build fix.
-
-        Unreviewed.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): Explicitly
-        truncate to 32-bit to avoid compiler warnings. It's safe to truncate
-        because the payload of a boolean is the low bits on both 64-bit and 32-bit.
-
-2013-04-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Filled out more cases of branch folding in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=115088
-
-        Reviewed by Oliver Hunt.
-
-        No change on the benchmarks we track, but a 3X speedup on a
-        microbenchmark that uses these techniques.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock): (!/=)= and (!/=)== can constant
-        fold all types, not just numbers, because true constants have no
-        side effects when type-converted at runtime.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateBoolean): Added support for fixing up
-        boolean uses, like we do for other types like number.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        (JSC::DFG::SpeculativeJIT::compileBooleanCompare): Peephole fuse
-        boolean compare and/or compare-branch, now that we have the types for
-        them.
-
-        * dfg/DFGSpeculativeJIT.h: Updated declarations.
-
-== Rolled over to ChangeLog-2013-04-24 ==

diff --git a/ChangeLog-2002-12-03 b/ChangeLog-2002-12-03
deleted file mode 100644 (file)
index bd63777..0000000
--- a/ChangeLog-2002-12-03
+++ /dev/null
@@ -1,2271 +0,0 @@
-2002-12-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by: Darin Adler
-
-       - fixed Deployment build.
-       
-        * kjs/dtoa.cpp: Work around warnings.
-
-2002-12-03  Maciej Stachowiak  <mjs@apple.com>
-
-       - fixed 3114790 - Gamespot reviews pages badly mis-rendering
-       because floating point numbers format wide
-
-       Reviewed by: David Hyatt
-       
-       * kjs/dtoa.cpp: Imported float <--> string conversion routines
-       from David M. Gay. I changed this to fix warnings and avoid
-       colliding with names of standard library functions.
-        * kjs/dtoa.h: Added a header I made up for dtoa.cpp
-        * kjs/ustring.cpp:
-        (UString::from): Use new double to string routine (kjs_strtod).
-        (UString::toDouble): Use new string to double routine (kjs_dtoa).
-        * JavaScriptCore.pbproj/project.pbxproj: Added new files
-
-2002-11-27  John Sullivan  <sullivan@apple.com>
-
-        * kjs/collector.cpp:
-       removed puts("COLLECT") leftover debugging spam that was
-       buggin' gramps
-
-=== Alexander-34 ===
-
-2002-11-26  Maciej Stachowiak  <mjs@apple.com>
-
-       Change ActivationImp to be allocated via the garbage collector
-       again instead of on the stack. This fixes the following four
-       regressions but sadly it causes a 6% performance hit. It's
-       probably possibly to reduce the hit a bit by being smarter about
-       inlining and the way the marking list variant is implemented, but
-       I'll look into that later.
-
-       - fixed 3111500 - REGRESSION: crash in "KJS::ScopeChain::mark()" on www.posci.com
-       - fixed 3111145 - REGRESSION: reproducible crash in KJS hashtable lookup at time.com
-       - fixed 3110897 - REGRESSION: javascript crasher on http://bmwgallery.tripod.com/
-       - fixed 3109987 - REGRESSION: Reproducible crash in KJS ObjectImp at live365.com
-       
-       Also:
-       
-       - improved DEBUG_COLLECTOR mode a bit by never giving memory back
-       to the system.
-       
-        * kjs/collector.cpp:
-        * kjs/context.h:
-        * kjs/function.cpp:
-        (ActivationImp::ActivationImp):
-        (ActivationImp::mark):
-        (ActivationImp::createArgumentsObject):
-        * kjs/function.h:
-        * kjs/internal.cpp:
-        (ContextImp::ContextImp):
-        (ContextImp::mark):
-        * kjs/list.cpp:
-        * kjs/list.h:
-        * kjs/value.cpp:
-        (Value::Value):
-
-2002-11-26  Darin Adler  <darin@apple.com>
-
-        * kjs/property_map.cpp:
-       (PropertyMap::save): Look at the attributes the same way in the single hash entry
-       case as in the actual hash table case. Change the rule for which attributes to save
-       to "attributes that don't have the ReadOnly, DontEnum, or Function bit set".
-        Also fix bug where saving an empty property map would leave the count set to the old value.
-
-2002-11-26  Richard Williamson   <rjw@apple.com>
-
-        Remove debugging code.  Could be cause of performance regresssion.
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate):
-
-        Restire attributes correctly.
-        * kjs/property_map.cpp:
-
-2002-11-25  Richard Williamson   <rjw@apple.com>
-
-        Use delete[] (not delete) operator to delete array.
-        
-        * kjs/property_map.cpp:
-
-2002-11-25  Richard Williamson   <rjw@apple.com>
-
-        Added debugging info.  Fixed property map save function.
-        
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate):
-        * kjs/property_map.cpp:
-
-2002-11-25  Richard Williamson   <rjw@apple.com>
-
-        Changes for back/forward.  Currently disabled.
-
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-
-2002-11-25  Darin Adler  <darin@apple.com>
-
-        * kjs/property_map.cpp: Rearrange code a little bit and tweak indentation.
-       This might provide a tiny speedup because we don't look at the single entry
-       any more in cases where the _table pointer is non-0.
-
-2002-11-24  Darin Adler  <darin@apple.com>
-
-       - changed ScopeChain to not ref each item in the chain, and use
-        marking instead; gains 1% on JavaScript iBench
-
-        * kjs/context.h: Return chain by reference.
-        * kjs/internal.cpp: (ContextImp::mark): Mark the scope chain.
-        * kjs/interpreter.cpp: (Context::scopeChain): Return chain by reference.
-        * kjs/interpreter.h: Make some Context methods inline.
-        * kjs/nodes.cpp:
-        (ThisNode::evaluate): Get at ContextImp directly.
-        (ResolveNode::evaluateReference): Ditto.
-        (VarDeclNode::evaluate): Ditto.
-        (VarDeclNode::processVarDecls): Ditto.
-        (FuncDeclNode::processFuncDecl): Pass ScopeChain directly to avoid copying.
-        (FuncExprNode::evaluate): Ditto.
-        * kjs/object.cpp: Make scope and setScope inline.
-        * kjs/object.h: Make scope return a chain by reference. Make scope and
-       setScope both be inline. Use a normal ScopeChain instead of NoRefScopeChain
-       since they are now one and the same.
-        * kjs/scope_chain.cpp: Remove all the code to ref and deref objects.
-       Merge NoRefScopeChain in with ScopeChain since they both work this way now.
-        * kjs/scope_chain.h: Remove NoRefScopeChain and simplify the ref counts.
-       Make more functions inline.
-
-2002-11-24  Maciej Stachowiak  <mjs@apple.com>
-
-       - fixed 3098356 - Hard hang on movie search at www.movietickets.com
-       
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): When doing a regexp replacement that
-       results in an empty match, always move on to the next character
-       after doing the replacement. The previous code would hit an
-       infinite loop if an initial empty match was replaced with the
-       empty string.
-
-2002-11-24  Maciej Stachowiak  <mjs@apple.com>
-
-       - fixed 3095446 - Crash on AppleScript page due to very long argument list
-       
-        * kjs/grammar.y: Don't try to construct the argument list in the
-       right order, since that blows out the parser stack.
-       * kjs/nodes.cpp:
-        (ArgumentsNode::ArgumentsNode): Instead reverse the argument list
-       here.
-        * kjs/nodes.h: Make ArgumentsNode a friend of ArgumentListNode.
-        * kjs/grammar.cpp: Updated from grammar.y.
-
-2002-11-23  Maciej Stachowiak  <mjs@apple.com>
-
-       - completed Darin's mostly-fix for 3037795 - Resource use
-       increases when accessing very high index value in array
-
-       The two missing pieces were handling sparse properties when
-       shrinking the array, and when sorting. Thse are now both taken
-       care of.
-       
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::put):
-        (ArrayInstanceImp::deleteProperty):
-        (ArrayInstanceImp::resizeStorage):
-        (ArrayInstanceImp::setLength):
-        (ArrayInstanceImp::sort):
-        (ArrayInstanceImp::pushUndefinedObjectsToEnd):
-        * kjs/identifier.h:
-        * kjs/object.h:
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-        * kjs/reference_list.cpp:
-        (ReferenceList::append):
-        (ReferenceList::length):
-        * kjs/reference_list.h:
-        * kjs/ustring.cpp:
-        (UString::toUInt32):
-        * kjs/ustring.h:
-
-2002-11-23  Maciej Stachowiak  <mjs@apple.com>
-
-       Numerous collector changes for a net gain of 3% on JS ibench:
-
-       - Replaced per-block bitmap with free list.
-       - Increased number of empty blocks kept around to 2.
-       - Doubled block size.
-       - When scanning heap in collector, skip scanning the rest of a
-       block as soon as we see as many live cells as the the number of
-       used cells it had originally.
-
-       Also the following collector changes unrelated to performance:
-
-       - Made constants `const int' instead of `static const int'.
-       - Miscellaneous code cleanup.
-               
-        * kjs/collector.cpp:
-
-       - Added debugging mode enabled by defining DEBUG_GC which asserts
-       when a destroyed ValueImp
-
-        * kjs/internal.cpp:
-        (ContextImp::mark):
-        * kjs/value.cpp:
-        (Value::Value):
-        * kjs/value.h:
-       * kjs/config.h:
-       
-2002-11-22  Darin Adler  <darin@apple.com>
-
-       - replaced List class with a vector rather than a linked list, changed it
-       to use a pool of instances instead of all the nodes allocated off of the
-       heap; gives 10% gain on iBench
-
-        * kjs/list.h: Complete rewrite.
-        * kjs/list.cpp: Ditto.
-
-        * kjs/array_object.cpp: (compareWithCompareFunctionForQSort): Go back to
-       doing a clear and two appends here. Fast with the new list implementation.
-
-        * kjs/collector.h: Remove _COLLECTOR hack and just make rootObjectClasses
-       return a const void *.
-        * kjs/collector.cpp: Remove _COLLECTOR hack, and various other minor tweaks.
-
-2002-11-22  Darin Adler  <darin@apple.com>
-
-       - prepare to reimplement KJS::List; move to its own file, add statistics
-
-        * kjs/function_object.cpp: (FunctionProtoFuncImp::call): Use new copyTail()
-       function rather than copy() and removeFirst().
-
-        * kjs/identifier.cpp: Add statistics, off by default.
-        * kjs/property_map.cpp: Add statistics, off by default.
-
-        * kjs/list.cpp: Added. Moved code here. To be rewritten.
-        * kjs/list.h: Added. Moved interface here. To be rewritten.
-
-        * kjs/types.cpp: Removed.
-        * kjs/types.h: Now just an empty header that includes other headers.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Add new files, rearrange.
-
-2002-11-22  Maciej Stachowiak  <mjs@apple.com>
-
-       - reduce cell size to 56 bytes from 64, now that nearly all
-       objects fit in that size. .5% speed gain and probably some
-       footprint gain.
-       
-        * kjs/collector.cpp: Change CELL_SIZE from 64 to 56.
-
-2002-11-22  Darin Adler  <darin@apple.com>
-
-       - change ScopeChain to be a singly linked list shares tails, gives 11% gain on iBench
-
-        * kjs/context.h:
-        (ContextImp::pushScope): Make inline, use push instead of prepend, and pass imp pointer.
-        (ContextImp::popScope): Make inline, use pop instead of removeFirst.
-        * kjs/function.cpp: (DeclaredFunctionImp::DeclaredFunctionImp): No need to copy.
-        * kjs/function_object.cpp: (FunctionObjectImp::construct): Use push instead of
-       prepend, and pass imp pointer.
-        * kjs/internal.cpp: (ContextImp::ContextImp): Use clear, push instead of prepend,
-       and pass imp pointers.
-        * kjs/nodes.cpp: (ResolveNode::evaluateReference): Use isEmpty, pop, and top instead
-       of ScopeChainIterator.
-        * kjs/object.h: Change _scope to be a NoRefScopeChain.
-        * kjs/object.cpp: No need to initialize _scope any more, since it's not a NoRefScopeChain.
-
-        * kjs/scope_chain.h: Rewrite, different implementation and interface.
-        * kjs/scope_chain.cpp: More of the same.
-
-2002-11-22  Maciej Stachowiak  <mjs@apple.com>
-
-       - a simple change for .4% gain on ibench - instead of unmarking
-       all objects at the start of collection, instead unmark as part of
-       the sweep phase
-       
-        * kjs/collector.cpp:
-        (Collector::collect): Remove separate unmarking pass and instead
-       unmark the objects that don't get collected during the sweep
-       phase.
-
-2002-11-21  Darin Adler  <darin@apple.com>
-
-       - stop garbage collecting the ActivationImp objects, gets 3% on iBench
-       - pave the way to separate the argument lists from scope chains
-
-        * kjs/context.h: Added. Moved ContextImp here so it can use things defined
-       in function.h
-
-        * kjs/scope_chain.h: Added. Starting as a copy of List, to be improved.
-        * kjs/scope_chain.cpp: Added. Starting as a copy of List, to be improved.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Rearranged things, added context.h.
-
-        * kjs/function.cpp:
-        (FunctionImp::call): Pass InterpreterImp, not ExecState, to ContextImp.
-        (DeclaredFunctionImp::DeclaredFunctionImp): List -> ScopeChain.
-        (ActivationImp::createArgumentsObject): ArgumentList -> List.
-        (GlobalFuncImp::call): Pass InterpreterImp, not an ExecState, to ContextImp.
-        * kjs/function.h: List -> ScopeChain.
-        * kjs/function_object.cpp: (FunctionObjectImp::construct): List -> ScopeChain.
-        * kjs/internal.cpp:
-        (ContextImp::ContextImp): Set the context in the interpreter.
-        (ContextImp::~ContextImp): Set the context in the interpreter to the caller.
-        (ContextImp::mark): Mark all the activation objects.
-        (InterpreterImp::InterpreterImp): Initialize context to 0.
-        (InterpreterImp::mark): Mark the top context.
-        (InterpreterImp::evaluate): Pass InterpreterImp to ContextImp.
-        * kjs/internal.h: Move ContextImp to its own header. Add setContext to InterpreterImp.
-        * kjs/interpreter.cpp: (Context::scopeChain): List -> ScopeChain.
-        * kjs/interpreter.h: List -> ScopeChain.
-        * kjs/nodes.cpp:
-        (ResolveNode::evaluateReference): List -> ScopeChain.
-        (FuncDeclNode::processFuncDecl): List -> ScopeChain.
-        (FuncExprNode::evaluate): List -> ScopeChain.
-        * kjs/object.cpp: List -> ScopeChain.
-        * kjs/object.h: List -> ScopeChain.
-
-        * kjs/types.h: Remove needsMarking features from List.
-        * kjs/types.cpp: Ditto.
-
-2002-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-       - reduced the size of PropertyMap by storing sizes and such in the
-       dynamically allocated part of the object to reduce the size of
-       ObjectImp - .5% speed improvement on JS iBench.
-       
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-
-2002-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        * Makefile.am: Pass symroots for this tree to pbxbuild.
-
-=== Alexander-33 ===
-
-2002-11-21  Darin Adler  <darin@apple.com>
-
-        * kjs/property_map.cpp: More assertions.
-
-2002-11-21  Darin Adler  <darin@apple.com>
-
-        * kjs/property_map.cpp: Turn that consistency check back off.
-
-2002-11-21  Darin Adler  <darin@apple.com>
-
-       - someone somewhere must be defining a macro named check, causing a compile failure in WebCore
-
-       Rename check() to checkConsistency().
-
-        * kjs/property_map.h: Rename.
-        * kjs/property_map.cpp: Yes, rename.
-
-2002-11-21  Darin Adler  <darin@apple.com>
-
-       - add self-check to property map in hopes of finding the cnet.com bug
-
-        * kjs/property_map.h: Add check() function.
-        * kjs/property_map.cpp: Add the checking, controlled by DO_CONSISTENCY_CHECK.
-
-        - fixed UChar interface so it's not so slow in debug builds
-
-        * kjs/ustring.h: Nothing in UChar needs to be private.
-
-        * kjs/function.cpp: (GlobalFuncImp::call):
-        * kjs/function_object.cpp: (FunctionObjectImp::construct):
-        * kjs/identifier.cpp:
-        * kjs/lexer.cpp: (Lexer::setCode), (Lexer::shift):
-        * kjs/lookup.cpp: (keysMatch):
-        * kjs/ustring.cpp: (UString::Rep::computeHash), (KJS::compare):
-       Use the "uc" field instead of the "unicode()" inline function.
-
-2002-11-21  Darin Adler  <darin@apple.com>
-
-       - fixed a null-dereference I ran into while trying to reproduce bug 3107351
-
-        * kjs/function.h: Change ActivationImp constructor to take context parameter.
-        * kjs/function.cpp: (ActivationImp::ActivationImp): Take context parameter,
-       not execution state parameter.
-
-        * kjs/internal.cpp: (ContextImp::ContextImp): Initialize activation object
-       from context, not execution state, because the new context is not yet in the
-       execution state.
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-       - added a feature for Richard to use in his back/forward cache
-
-        * kjs/object.h: Added save/restoreProperties.
-        * kjs/property_map.h: Here too.
-        * kjs/property_map.cpp: Here too.
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-       - created argument list objects only on demand for a 7.5% speedup
-
-        * kjs/function.h: Change ActivationImp around.
-        * kjs/function.cpp:
-        (FunctionImp::call): Pass a pointer to the arguments list to avoid ref/unref.
-        (FunctionImp::get): Get the function pointer from the context directly,
-       not the activation object.
-        (ArgumentsImp::ArgumentsImp): Add an overload that takes no arguments.
-        (ActivationImp::ActivationImp): Store a context pointer and an arguments object pointer.
-        (ActivationImp::get): Special case for arguments, create it and return it.
-        (ActivationImp::put): Special case for arguments, can't be set.
-        (ActivationImp::hasProperty): Special case for arguments, return true.
-        (ActivationImp::deleteProperty): Special case for arguments, refuse to delete.
-        (ActivationImp::mark): Mark the arguments object.
-        (ActivationImp::createArgumentsObject): Do the work of actually creating it.
-        (GlobalFuncImp::call): Use stack-based objects for the ContextImp and ExecState.
-
-        * kjs/internal.h: Keep function and arguments pointer in the context.
-        * kjs/internal.cpp:
-        (ContextImp::ContextImp): Don't pass in the func and args when making an ActivationImp.
-        (InterpreterImp::evaluate): Use stack-based objects here.
-
-        * kjs/types.h: Add ArgumentList as a synonym for List, soon to be separate.
-
-2002-11-20  Maciej Stachowiak  <mjs@apple.com>
-
-       Reduced the size of ValueImp by 8 bytes for a .5% speedup.
-       
-        * kjs/value.h: Removed destructed flag. Made refcount and flag 16
-       bits each.
-        * kjs/value.cpp:
-        (ValueImp::~ValueImp): Don't set destructed flag.
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-        * kjs/types.cpp: Keep ref count for the whole lists of nodes.
-       Doesn't speed things up much, less than 1%.
-
-2002-11-20  Maciej Stachowiak  <mjs@apple.com>
-
-        * kjs/collector.cpp:
-        (Collector::allocate): Clear the flags on newly allocated objects.
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-       - oops, checked in big regression instead of 5% speedup
-
-        * kjs/function.cpp: (ActivationImp::ActivationImp): Make a marking
-       list, not a refing list.
-
-       - a cut at the sparse array implementation
-
-        * kjs/array_instance.h: Keep storageLength separate from length.
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp): Start with storageLength == length.
-        (ArrayInstanceImp::get): Check against storage length.
-        (ArrayInstanceImp::put): Ditto.
-        (ArrayInstanceImp::hasProperty): Ditto.
-        (ArrayInstanceImp::deleteProperty): Ditto.
-        (ArrayInstanceImp::setLength): Only enlarge storage length up to a cutoff.
-        (ArrayInstanceImp::mark): Use storageLength.
-        (ArrayInstanceImp::pushUndefinedObjectsToEnd): Added FIXME.
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-       - decrease ref/deref -- 5% speedup in iBench
-
-        * JavaScriptCore.pbproj/project.pbxproj: Added array_instance.h
-        * kjs/array_instance.h: Added so it can be shared by function.h.
-
-        * kjs/array_object.cpp:
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        * kjs/bool_object.h:
-        * kjs/collector.cpp:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/error_object.cpp:
-        * kjs/function.cpp:
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/math_object.cpp:
-        * kjs/nodes.cpp:
-        * kjs/number_object.cpp:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        * kjs/property_map.cpp:
-        * kjs/reference.cpp:
-        * kjs/reference.h:
-        * kjs/regexp_object.cpp:
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-        * kjs/value.cpp:
-        * kjs/value.h:
-       Switched lots of interfaces so they don't require ref/deref.
-
-2002-11-20  Maciej Stachowiak  <mjs@apple.com>
-
-       Fixed the two most obvious problems with the new GC for another 6%
-       improvement.
-       
-        * kjs/collector.cpp:
-        (Collector::allocate): Don't bother doing the bit tests on a bitmap word if
-       all it's bits are on.
-        (Collector::collect): Track memoryFull boolean.
-        * kjs/collector.h: Inlined outOfMemory since it was showing up on profiles.
-
-2002-11-20  Maciej Stachowiak  <mjs@apple.com>
-
-       Rewrote garbage collector to make blocks of actual memory instead
-       of blocks of pointers. 7% improvement on JavaScript
-       iBench. There's still lots of room to tune the new GC, this is
-       just my first cut.
-       
-        * kjs/collector.cpp:
-        (Collector::allocate):
-        (Collector::collect):
-        (Collector::size):
-        (Collector::outOfMemory):
-        (Collector::finalCheck):
-        (Collector::numGCNotAllowedObjects):
-        (Collector::numReferencedObjects):
-        (Collector::liveObjectClasses):
-        * kjs/collector.h:
-        * kjs/function.cpp:
-        (ActivationImp::ActivationImp):
-        * kjs/function.h:
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-       - on the road to killing ActivationImp
-
-        * kjs/function.h: Add get/put to FunctionImp. Remove argumentsObject() from
-       ActivationImp. Add function() to ActivationImp.
-        * kjs/function.cpp:
-        (FunctionImp::FunctionImp): No arguments property.
-        (FunctionImp::call): No need to set up the arguments property.
-        (FunctionImp::parameterString): Remove ** strangeness.
-        (FunctionImp::processParameters): Ditto.
-        (FunctionImp::get): Added, handles arguments and length properties.
-        (FunctionImp::put): Ditto.
-        (FunctionImp::hasProperty): Ditto.
-        (FunctionImp::deleteProperty): Ditto.
-        (ActivationImp::ActivationImp): Store a function pointer so we can find it
-       in the context.
-
-        * kjs/function_object.cpp: (FunctionObjectImp::construct): No need to set up
-       arguments property.
-        * kjs/nodes.cpp: (FuncExprNode::evaluate): No need to set up length property.
-
-        * kjs/internal.h: Return ObjectImp * for activation object.
-
-        * kjs/interpreter.h: Remove stray declaration of ExecStateImp.
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-       - add a couple of list operations to avoid clearing lists so much during sorting; gives 1.5% iBench
-
-        * kjs/types.h: Added replaceFirst/replaceLast.
-        * kjs/types.cpp: (List::replaceFirst), (List::replaceLast): Added.
-
-        * kjs/array_object.cpp: (compareWithCompareFunctionForQSort): Use replaceFirst/replaceLast.
-
-        * kjs/property_map.cpp: Put in an ifdef so I can re-add/remove the single entry to see if
-       it has outlived its usefulness. (It hasn't yet.)
-
-2002-11-20  Darin Adler  <darin@apple.com>
-
-       - atomic identifiers; gives another 6.5% in the iBench suite
-
-        * kjs/identifier.h: Did the real thing.
-        * kjs/identifier.cpp: Ditto.
-
-        * kjs/property_map.h: _tableSizeHashMask -> _tableSizeMask
-        * kjs/property_map.cpp: The above, plus take advantage of comparing
-       by pointer instead of by comparing bytes.
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - a few more globals for often-used property names
-       - conversion to Identifier from UString must now be explicit
-
-        * kjs/error_object.cpp:
-        * kjs/function.cpp:
-        * kjs/function_object.cpp:
-        * kjs/identifier.cpp:
-        * kjs/identifier.h:
-        * kjs/lexer.cpp:
-        * kjs/nodes.cpp:
-        * kjs/number_object.cpp:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/string_object.cpp:
-        * kjs/testkjs.cpp:
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - another step towards atomic identifiers; storing hash in the string rep. gives about
-       a 1.5% speedup in the JavaScript iBench
-
-        * kjs/ustring.h: Add a hash field to UString::Rep.
-        * kjs/ustring.cpp:
-        (UString::Rep::create): Set hash to uninitialized value.
-        (UString::Rep::destroy): Do the deleting in her, and call Identifier if needed.
-        (UString::Rep::computeHash): Added.
-        (UString::append): Set hash to 0 when modifying the string in place.
-        (UString::operator=): Ditto.
-
-        * kjs/property_map.cpp: Use the hash from UString.
-
-        * kjs/identifier.h: Added aboutToDestroyUStringRep.
-        * kjs/identifier.cpp: (Identifier::aboutToDestroyUStringRep): Added.
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - next step towards atomic identifiers; Identifier is no longer derived from UString
-
-        * kjs/identifier.h: Remove base class and add _ustring member.
-        * kjs/identifier.cpp: Add null and an == that works with const char *.
-        * kjs/property_map.cpp: Get rep through _ustring.
-
-        * kjs/function.cpp: (FunctionImp::parameterString): Call ustring().
-        * kjs/function_object.cpp: (FunctionProtoFuncImp::call): Ditto.
-        * kjs/nodes.cpp:
-        (PropertyNode::evaluate): Ditto.
-        (VarDeclNode::evaluate): Ditto.
-        (ForInNode::execute): Ditto.
-        * kjs/nodes2string.cpp: (SourceStream::operator<<): Add overload for Identifier.
-        * kjs/reference.cpp: (Reference::getValue): Call ustring().
-        * kjs/regexp_object.cpp: (RegExpObjectImp::get): Call ustring().
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - fixed memory trasher
-
-        * kjs/ustring.cpp: (UString::from): Fix "end of buffer" computation.
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - a first step towards atomic identifiers in JavaScript
-
-       Most places that work with identifiers now use Identifier
-       instead of UString.
-
-        * kjs/identifier.cpp: Added.
-        * kjs/identifier.h: Added.
-        * JavaScriptCore.pbproj/project.pbxproj: Added files.
-
-        * kjs/array_object.cpp:
-        * kjs/array_object.h:
-        * kjs/completion.cpp:
-        * kjs/completion.h:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/function.cpp:
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        * kjs/grammar.cpp:
-        * kjs/grammar.cpp.h:
-        * kjs/grammar.h:
-        * kjs/grammar.y:
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/lexer.cpp:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        * kjs/math_object.h:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/number_object.cpp:
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-        * kjs/reference.cpp:
-        * kjs/reference.h:
-        * kjs/regexp_object.cpp:
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - fix hash function and key comparison for the other kind of hash table; yields 3%
-
-        * kjs/lookup.cpp:
-        (keysMatch): Added.
-        (Lookup::findEntry): Don't allocate and convert to ASCII just to search.
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - another hash table fix; yields a 2% improvement on iBench JavaScript
-
-        * kjs/property_map.cpp: A few more places where we use & instead of %.
-
-       - some List changes that don't affect speed yet
-
-        * kjs/types.cpp:
-        (List::prependList): Tighten up a tiny bit.
-        (List::copy): Use prependList.
-        * kjs/types.h: Remove appendList and globalClear.
-
-        * kjs/interpreter.cpp: (Interpreter::finalCheck): Remove List::globalClear().
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - fixed 3105026 -- REGRESSION: DHTML menus are broken all over the place
-
-        * kjs/types.cpp: (List::prepend): Fix backwards links in new node.
-
-2002-11-19  Darin Adler  <darin@apple.com>
-
-       - a fix that gives another 1.5% on the iBench JavaScript test
-
-        * kjs/ustring.cpp: (UString::from): Stop using sprintf to format integers.
-
-2002-11-18  Darin Adler  <darin@apple.com>
-
-       - reduced the creation of Value objects and hoisted the property map
-        into Object for another gain of about 6%
-
-        * JavaScriptCore.pbproj/project.pbxproj: Made property_map.h public.
-        * kjs/array_object.cpp:
-        (compareWithCompareFunctionForQSort): Don't wrap the ValueImp * in a Value
-       just to add it to a list.
-        (ArrayProtoFuncImp::call): Pass the globalObject directly so we don't have
-       to ref/deref.
-        * kjs/function.cpp:
-        (FunctionImp::call): Use a reference for the global object to avoid ref/deref.
-        (GlobalFuncImp::call): Ditto.
-        * kjs/internal.cpp:
-        (BooleanImp::toObject): Put the object directly into the list, don't create a Value.
-        (StringImp::toObject): Ditto.
-        (NumberImp::toObject): Ditto.
-        (InterpreterImp::evaluate): Use a reference for the global object.
-        * kjs/internal.h: Return a reference for the global object.
-        * kjs/interpreter.cpp: (Interpreter::globalObject): Ditto.
-        * kjs/interpreter.h: Ditto.
-        * kjs/object.cpp: Use _prop directly in the object, not a separate pointer.
-        * kjs/object.h: Ditto.
-        * kjs/types.cpp: Added List methods that work directly with ValueImp.
-        (List::append): Added a ValueImp version.
-        (List::prepend): Ditto.
-        (List::appendList): Work directly with the ValueImp's.
-        (List::prependList): Ditto.
-        (List::copy): Use appendList.
-        (List::empty): Use a shared global List.
-        * kjs/types.h: Update for above changes.
-
-2002-11-18  Darin Adler  <darin@apple.com>
-
-        * kjs/property_map.cpp: Oops, copyright goes to Apple, not me.
-        * kjs/property_map.h: Ditto.
-
-2002-11-18  Darin Adler  <darin@apple.com>
-
-       - property and string improvements giving a 7% or so improvement in JavaScript iBench
-
-        * kjs/property_map.h: Rewrite to use a hash table.
-        * kjs/property_map.cpp: Ditto.
-
-        * kjs/string_object.h:
-        * kjs/string_object.cpp:
-        (StringInstanceImp::StringInstanceImp): Construct a string with the right value
-       instead of putting the string in later.
-        (StringInstanceImp::get): Get the length from the string, not a separate property.
-        (StringInstanceImp::put): Ignore attempts to set length, since we don't put it in
-       the property map.
-        (StringInstanceImp::hasProperty): Return true for length.
-        (StringInstanceImp::deleteProperty): Return false for length.
-        (StringObjectImp::construct): Call new StringInstanceImp constructor. Don't try
-       to set a length property.
-
-        * kjs/ustring.h: Make the rep deref know how to deallocate the rep.
-        * kjs/ustring.cpp:
-        (UString::release): Move the real work to the rep's deref, since the hash table
-       now uses the rep directly.
-
-        * kjs/object.h: Remove unused field.
-
-2002-11-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Change List to completely avoid going through the GC
-       allocator. 3.6% performance improvement on JavaScript iBench.
-       
-        * kjs/internal.cpp:
-        (InterpreterImp::mark): Don't mark the empty list.
-
-       For all the methods below I basically lifted the ListImp version
-       up to the List method with minor tweaks.
-       
-        * kjs/types.cpp:
-        (ListIterator::ListIterator):
-        (List::List):
-        (List::operator=):
-        (List::~List):
-        (List::mark):
-        (List::append):
-        (List::prepend):
-        (List::appendList):
-        (List::prependList):
-        (List::removeFirst):
-        (List::removeLast):
-        (List::remove):
-        (List::clear):
-        (List::clearInternal):
-        (List::copy):
-        (List::begin):
-        (List::end):
-        (List::isEmpty):
-        (List::size):
-        (List::at):
-        (List::operator[]):
-        (List::empty):
-        (List::erase):
-        (List::refAll):
-        (List::derefAll):
-        (List::swap):
-        (List::globalClear):
-        * kjs/types.h:
-
-2002-11-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Fixed a horrible leak introduced with my last change that
-       somehow did not show up on my machine.
-
-        * kjs/types.cpp:
-        (List::List): Mark ListImp as GC allowed.
-
-2002-11-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Another step towards the List conversion: stop inheriting from Value.
-       
-        * kjs/types.cpp:
-        (ListIterator::ListIterator):
-        (List::List):
-        (List::operator=):
-        (List::~List):
-        (List::mark):
-        (List::append):
-        (List::prepend):
-        (List::appendList):
-        (List::prependList):
-        (List::removeFirst):
-        (List::removeLast):
-        (List::remove):
-        (List::clear):
-        (List::copy):
-        (List::begin):
-        (List::end):
-        (List::isEmpty):
-        (List::size):
-        (List::at):
-        (List::operator[]):
-        * kjs/types.h:
-
-2002-11-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Partway to removing Value from List. Created a marking List
-       variant, used it in place of ListImp.
-       
-        * kjs/internal.h: Removed List stuff.
-        * kjs/internal.cpp:
-        (InterpreterImp::mark): Call appropriate List method to do marking of
-       empty ListImp.
-        * kjs/object.h:
-        * kjs/object.cpp: Use marking List instead of ListImp *.
-        * kjs/types.h:
-        * kjs/types.cpp:
-        (List::List): New boolean needsMarking parameter. 
-        (List::operator=): Perform trickery related to needsMarking.
-        (List::~List): Likewise.
-        (List::mark): Mark the ListImp.
-        (List::markEmptyList):
-       (ListImp::*): Moved here fron internal.cpp, they will be
-       integrated into the relevant List methods soon.
-
-2002-11-18  Darin Adler  <darin@apple.com>
-
-       - another string constant discovered that can be optimized
-
-        * kjs/object.h: Add a property name constant for "__proto__".
-        * kjs/object.cpp: Define it.
-       (ObjectImp::get): Use it.
-       (ObjectImp::hasProperty): Use it.
-
-       - prepare to turn PropertyMap into a hash table
-
-        * kjs/object.cpp:
-       (ObjectImp::mark): Use the new PropertyMap::mark().
-       (ObjectImp::put): Use the new overload of PropertyMap::get().
-       (ObjectImp::deleteProperty): Use the new overload of PropertyMap::get().
-       (ObjectImp::propList): Use PropertyMap::addEnumerablesToReferenceList().
-
-        * kjs/property_map.h: Remove PropertyMapNode and make all node-related methods private.
-       Add mark(), a new overload of get() that returns attributes, a clear() that takes no attributes,
-       and addEnumerablesToReferenceList().
-        * kjs/property_map.cpp:
-       (PropertyMap::get): Added new overload.
-       (PropertyMap::clear): Added new overload.
-       (PropertyMap::mark): Added.
-       (PropertyMap::addEnumerablesToReferenceList): Added.
-
-        * kjs/ustring.h: Added a hash function.
-        * kjs/ustring.cpp: (KJS::hash): Added.
-
-2002-11-18  Darin Adler  <darin@apple.com>
-
-       - simplified the ExecState class, which was showing up in profiles
-        
-        Sped up JavaScript iBench by 6%.
-
-        * kjs/interpreter.h: Removed the level of indirection, and made it all inline.
-        * kjs/interpreter.cpp: Removed ExecState implementation from here altogether.
-
-       - fixed an oversight in my sort speedup
-
-        * kjs/array_object.h: Add pushUndefinedObjectsToEnd.
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::sort): Call pushUndefinedObjectsToEnd.
-        (ArrayInstanceImp::pushUndefinedObjectsToEnd): Added.
-       Pushes all undefined to the end of the array.
-
-2002-11-18  Darin Adler  <darin@apple.com>
-
-       - fix worst speed problems on the sort page of the iBench JavaScript test
-
-       Sped up JavaScript iBench by 70%, the sort page by 88%.
-
-        * kjs/array_object.h: Add array-specific sort functions.
-        * kjs/array_object.cpp:
-        (compareByStringForQSort): Added.
-        (ArrayInstanceImp::sort): Added.
-        (compareWithCompareFunctionForQSort): Added.
-        (ArrayProtoFuncImp::call): Use ArrayInstanceImp::sort if the object being
-       sorted is actually an array.
-
-        * kjs/object.h: Add argumentsPropertyName.
-        * kjs/object.cpp: Add argumentsPropertyName.
-        * kjs/function.cpp:
-        (FunctionImp::FunctionImp): Use argumentsPropertyName to avoid making a UString.
-        (FunctionImp::call): Ditto.
-        (ActivationImp::ActivationImp): Ditto.
-        * kjs/function_object.cpp: (FunctionObjectImp::construct): Ditto.
-
-        * kjs/ustring.h: Added compare function for -1/0/+1 comparison.
-        * kjs/ustring.cpp: (KJS::compare): Added.
-
-2002-11-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Change ArgumentListNode operations to be iterative instead of
-       recursive. This probably fixes 3095446 (Crash in
-       KJS::ArgumentListNode::ref()) but I can't reproduce it myself so
-       I'm not 100% sure. I think the original bug was a stack overflow
-       and this change would remove that possibility.
-       
-        * kjs/nodes.cpp:
-        (ArgumentListNode::ref): Make iterative.
-        (ArgumentListNode::deref): Make iterative.
-        (ArgumentListNode::evaluateList): Make iterative.
-
-=== Alexander-32 ===
-
-2002-11-14  Darin Adler  <darin@apple.com>
-
-       - fixed 3101243 -- excite passes date that can't be parsed, results in bogus date at top right corner
-
-        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Handle errors from strtol
-       by checking errno. Check the "string in a haystack" to be sure it's a multiple
-       of 3. Add case that allows year to be after time.
-
-2002-11-14  Darin Adler  <darin@apple.com>
-
-       - fixed 3101191 -- REGRESSION: Hang loading excite.com
-
-        * kjs/date_object.cpp:
-        (mktimeUsingCF): Pick an arbitrary cutoff of 3000, and return -1 if the
-       year passed in is that big so we don't infinite loop. Also validate the
-       rest of the date with CFGregorianDateIsValid. 
-        (DateProtoFuncImp::call): Handle a -1 result from mktime.
-        (DateObjectImp::construct): Check for NaN before calling mktime, and also
-       handle a -1 result from mktime.
-        (DateObjectFuncImp::call): Check for NaN before calling mktime, and also
-       handle a -1 result from mktime.
-
-2002-11-13  Darin Adler  <darin@apple.com>
-
-       - fixed 3099930 -- dates/times without time zones are parsed as UTC by kjs,
-       local time by other browsers
-
-        * kjs/date_object.cpp:
-        (DateProtoFuncImp::call): Handle the NaN case better, like Mozilla and OmniWeb.
-        (DateObjectFuncImp::call): Return NaN rather than Undefined() for bad dates.
-        (KJS::parseDate): Return NaN rather than Undefined() or 0 for bad dates.
-        (KJS::KRFCDate_parseDate): Return -1 rather than 0 for bad dates.
-       Assume local time if no time zone is passed. Don't return 1 if we parse 0.
-
-2002-11-13  Darin Adler  <darin@apple.com>
-
-        - fixed 3073230 -- JavaScript time calls do I/O by lstat()ing /etc/localtime
-
-        * kjs/date_object.cpp:
-        (formatDate): Added.
-        (formatTime): Added.
-        (formatLocaleDate): Added.
-        (formatLocaleTime): Added.
-        (DateProtoFuncImp::call): Changed to use the above functions instead of
-       using strftime.
-
-2002-11-08  Darin Adler  <darin@apple.com>
-
-        * kjs/date_object.cpp:
-        (ctimeUsingCF): Added.
-        (timeUsingCF): Added.
-
-2002-11-07  Darin Adler  <darin@apple.com>
-
-        * kjs/date_object.cpp: (mktimeUsingCF): Fix storage leak.
-
-2002-11-07  Maciej Stachowiak  <mjs@apple.com>
-
-       - partial fix to 3073230 - JavaScript time calls do I/O by
-       lastat()ing /etc/localtime
-       
-        * kjs/date_object.cpp:
-        (mktimeUsingCF): Implementation of mktime using CF.
-
-=== Alexander-31 ===
-
-2002-11-01  Darin Adler  <darin@apple.com>
-
-        * kjs/object.cpp: Make the same change Maciej just did, but to the
-       other constructor right next to the one he changed.
-
-2002-10-31  Maciej Stachowiak  <mjs@apple.com>
-
-       - fixed 3082660 - REGRESSION: one ListImp leaks opening/closing nearly empty web page
-       
-        * kjs/object.cpp: Set gc allowed on freshly created ListImp, since
-       there is no List wrapper for it.
-
-2002-10-31  Darin Adler  <darin@apple.com>
-
-        * kjs/grammar.y: Fix the APPLE_CHANGES thing here too.
-        * kjs/grammar.cpp: Regenerated this file.
-
-=== Alexander-30 ===
-
-2002-10-30  Darin Adler  <darin@apple.com>
-
-       - fixed 3073230 -- Alex is doing file I/O when executing JavaScript by asking for localtime
-
-       I fixed this by using Core Foundation time functions instead.
-
-        * kjs/date_object.cpp:
-        (tmUsingCF): Function that uses Core Foundation to get the time and then puts it into
-       a tm struct.
-        (gmtimeUsingCF): Function used instead of gmtime (used a macro to make the substitution).
-        (localtimeUsingCF): Function used instead of localtime (used a macro to make the substitution).
-
-2002-10-26  Darin Adler  <darin@apple.com>
-
-       - changed to use #if APPLE_CHANGES and #if !APPLE_CHANGES consistently
-
-       We no longer do #ifdef APPLE_CHANGES or #ifndef APPLE_CHANGES.
-
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/grammar.cpp:
-        * kjs/internal.cpp:
-        * kjs/ustring.h:
-
-2002-10-25  Darin Adler  <darin@apple.com>
-
-       - fixed 3038011 -- drop-down menu hierarchy broken at yahoo new acct page
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::call):
-       Fix bug calling concat on an empty array. The old code tried to
-       optimize in a way that would prevent appending any arrays until
-       at least one element was in the destination array. So if you were
-       concatenating a non-empty array into an empty array, you got an empty array.
-
-=== Alexander-29 ===
-
-=== Alexander-28 ===
-
-2002-10-10  Darin Adler  <darin@apple.com>
-
-       - fixed 3072643 -- infinite loop in JavaScript code at walgreens.com
-
-       The problem is that "xxx".indexOf("", 1) needs to return 1, but we
-       were returning 0.
-
-        * kjs/ustring.cpp:
-        (UString::find): Return pos, not 0, when the search string is empty.
-        (UString::rfind): Make sure that pos is not past the end of the string,
-       taking into account the search string; fixes a potential read off the end
-       of the buffer. Also return pos, not 0, when the search string is empty.
-
-=== Alexander-27 ===
-
-2002-10-07  Darin Adler  <darin@apple.com>
-
-       Fixed absurdly high memory usage when looking at pages that use a lot of JavaScript.
-
-        * kjs/collector.cpp:
-        (Collector::allocate): Implement a new policy of doing a garbage collect every 1000
-       allocations. The old policy was both complicated and misguided.
-        (Collector::collect): Zero out the "number of allocations since last collect".
-
-2002-10-06  Darin Adler  <darin@apple.com>
-
-       I noticed some broken lists at mapblast.com and tracked it down to this.
-
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::put): Don't truncate the list; only extend the length if
-       it's not already long enough.
-        (ArrayProtoFuncImp::call): Fix some ifdef'd code so it compiles if you turn
-       the ifdefs on.
-
-2002-10-04  Darin Adler  <darin@apple.com>
-
-        Fixed problems parsing numbers that are larger than a long with parseInt.
-
-        * kjs/config.h: Define HAVE_FUNC_STRTOLL.
-        * kjs/function.cpp: (GlobalFuncImp::call):
-       Change parseInt to use strtoll if available.
-
-=== Alexander-26 ===
-
-2002-09-27  Darin Adler  <darin@apple.com>
-
-       - fixed 3033969 -- repro crash (infinite recursion in JavaScript)
-       clicking on "screens" option at fsv.sf.net
-
-        * kjs/object.h: Change recursion limit to 100 levels rather than 1000.
-
-=== Alexander-25 ===
-
-2002-09-26  Darin Adler  <darin@apple.com>
-
-       Fix the infinity problem Dave worked around. We didn't have the
-       configuration flags set right to make infinity work. Setting those
-       properly made everything work without changes to min and max.
-
-        * kjs/config.h: Define HAVE_FUNC_ISINF, HAVE_STRING_H, and
-       also WORDS_BIGENDIAN (if on ppc).
-
-        * kjs/math_object.cpp: (MathFuncImp::call): Roll out min and max
-       changes from yesterday.
-
-2002-09-25  David Hyatt  <hyatt@apple.com>
-
-       Fix the impls of min/max to not use +inf/-inf when you have
-       arguments.  Technically there's still a bug here for the no
-       argument case, probably caused by a screwup when +inf/-inf are
-       converted to doubles.
-       
-        * kjs/math_object.cpp:
-        (MathFuncImp::call):
-
-2002-09-25  Darin Adler  <darin@apple.com>
-
-       - fixed 3057964 -- JS problem performing MD5 script embedded in yahoo login page
-
-        * kjs/simple_number.h: Fix incorrect check for sign bit that was munging numbers
-       in the range 0x10000000 to 0x1FFFFFFF.
-
-=== Alexander-24 ===
-
-=== Alexander-22 ===
-
-2002-09-05  Maciej Stachowiak  <mjs@apple.com>
-
-       First baby step towards moving List away from garbage collection.
-       
-        * kjs/types.h: Add needsMarking boolean and make List inherit from
-       Value privately instead of publicly.
-
-2002-08-30  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Allowed the new Project Builder to put in
-       encodings for each file.
-
-=== Alexander-21 ===
-
-=== Alexander-20 ===
-
-2002-08-20  Darin Adler  <darin@apple.com>
-
-       Three small changes to things that showed up in the sample.
-
-       5% speed increase on cvs-js-performance test.
-       
-        * kjs/simple_number.h: Check if double is an integer with d == (double)(int)d
-       instead of remainder(d, 1) == 0, saving a function call each time.
-
-        * kjs/ustring.cpp:
-        (UString::find): Compare the first character before calling memcmp for the rest.
-        (UString::rfind): Ditto.
-        (KJS::operator==): Don't do a strlen before starting to compare the characters.
-
-2002-08-20  Maciej Stachowiak  <mjs@apple.com>
-
-        * kjs/object.cpp: Don't reference other ValueImps in the
-       destructor, they may have already been destroyed, and will have
-       GC_ALLOWED set already in any case.
-
-2002-08-19  Maciej Stachowiak  <mjs@apple.com>
-
-       Fixed the bug that made sony.com menus come out wrong and made
-       aa.com crash (Radar 3027762).
-       
-       Mode most methods inline.
-       
-        * kjs/completion.cpp:
-        * kjs/completion.h:
-
-2002-08-19  Maciej Stachowiak  <mjs@apple.com>
-
-       Maintain stack of old "arguments" property values for functions
-       implicitly on the system stack instead of explicitly in the
-       FunctionImp. This eliminates only a trivial number of GC
-       allocations (less than 200) but eliminates one of the two cases
-       where a ListImp * is stored directly, paving the way to separate
-       List from Value.
-       
-        * kjs/function.h: Remove argStack, pushArgs and popArgs.
-        * kjs/function.cpp:
-        (FunctionImp::FunctionImp): Don't initalize argStack.
-        (FunctionImp::~FunctionImp): Remove comment about argStack.
-        (FunctionImp::mark): Don't mark the argStack.
-        (FunctionImp::call): Save old "arguments" property in a Value,
-       where it will be GC-protected, rather than keeping a list, and
-       restore the old value when done executing.
-
-2002-08-18  Darin Adler  <darin@apple.com>
-
-        * kjs/internal.cpp: (KJS::printInfo): Remove one more CompletionType
-       that Maciej missed.
-
-2002-08-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Remove stray references to CompletionType and CompletionImp.
-       
-        * kjs/completion.h:
-        * kjs/object.cpp:
-        * kjs/value.h:
-
-2002-08-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Separated Completion from Value and made it a pure stack
-       object. This removed another 160,000 of the remaining 580,000
-       garbage collected object allocations.
-
-       6% speed increase on cvs-js-performance test.
-       
-        * kjs/completion.cpp: Added. New implementation that doesn't
-       require a ValueImp *.
-        (Completion::Completion):
-        (Completion::complType):
-        (Completion::value):
-        (Completion::target):
-        (Completion::isValueCompletion):
-        * kjs/completion.h: Added.
-        * kjs/function.cpp:
-       (GlobalFuncImp::call): Removed some (apparently mistaken) uses of
-       Completion as a Value.
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/types.cpp: Removed Completion stuff.
-        * kjs/types.h: Removed Completion stuff.
-        * JavaScriptCore.pbproj/project.pbxproj: Added new header.
-
-2002-08-16  Darin Adler  <darin@apple.com>
-
-       Fix the Development build.
-
-        * kjs/object.cpp: Take out a use of ReferenceType.
-
-        * kjs/ustring.h: Added a bit more inlining.
-        * kjs/ustring.cpp: Moved the function out of here.
-
-2002-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-       Final step of the Reference change. Completely separate Reference
-       from Value, and eliminate ReferenceImp.
-
-       18% speedup on cvs-js-performance test.
-
-        * kjs/internal.cpp, kjs/internal.h: Remove ReferenceImp.
-        * kjs/nodes.cpp:
-        (Node::evaluateReference): Use Reference::makeValueReference(),
-       not ConstReference.
-        * kjs/reference.cpp:
-        (Reference::Reference): New implementation, handles both regular
-       and value references.
-        (Reference::makeValueReference): Incorporate functionality of ConstReference
-       into this class.
-        (Reference::getBase): New implementation (incorporates error vase
-       for value references).
-       (Reference::getPropertyName): New implementation (incorporates error case
-       for value references).
-        (Reference::putValue): New implementation (incorporates error case
-       for value references).
-        (Reference::deleteValue): New implementation (incorporates error case
-       for value references).
-        (Reference::getValue): New implementation (incorporates special case
-       for value references).
-        (Reference::isMutable): New implementation.
-       * kjs/reference.h: New implementation that merges ReferenceImp
-       into the stack object.
-        * kjs/value.h, kjs/value.cpp: Removed all reference-related method.
-
-2002-08-16  Darin Adler  <darin@apple.com>
-
-       - fixed 3026184 -- Hang going to http://aa.com/ while executing JavaScript
-
-        * kjs/simple_number.h: (SimpleNumber::value): Fixed conversion to a negative
-       number. The technique of using division was no good. Instead, or in the sign
-       bits as needed.
-
-2002-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-        * kjs/reference_list.h: Must include headers with "", not
-       <>. D'oh!
-
-2002-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Install reference.h and
-       reference_list.h so WebCore compiles (duh).
-
-2002-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/nodes.cpp:
-        (Node::evaluateReference):
-        * kjs/reference.cpp:
-        (Reference::Reference):
-        (Reference::makeValueReference):
-        (Reference::getBase):
-        (Reference::getPropertyName):
-        (Reference::getValue):
-        (Reference::putValue):
-        (Reference::deleteValue):
-        (Reference::isMutable):
-        * kjs/reference.h:
-        * kjs/reference_list.h:
-        * kjs/value.cpp:
-        (ValueImp::dispatchToUInt32):
-        * kjs/value.h:
-
-2002-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-       Next step: reimplement ReferenceList from scratch, and store it as
-       an actual Reference object, so ReferenceList no longer depends on
-       Reference being a Value or having a ReferenceImp. A resizing
-       vector might be even better the way this is used.
-
-       Also moved Reference to its own header and implementation file in
-       preparation for reimplementing it.
-       
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/nodes.cpp:
-        (ForInNode::execute):
-        * kjs/reference.cpp: Added.
-        (Reference::Reference):
-        (Reference::dynamicCast):
-        (ConstReference::ConstReference):
-        * kjs/reference.h: Added.
-        * kjs/reference_list.cpp: Added.
-        (ReferenceList::ReferenceList):
-        (ReferenceList::operator=):
-        (ReferenceList::swap):
-        (ReferenceList::append):
-        (ReferenceList::~ReferenceList):
-        (ReferenceList::begin):
-        (ReferenceList::end):
-        (ReferenceListIterator::ReferenceListIterator):
-        (ReferenceListIterator::operator!=):
-        (ReferenceListIterator::operator->):
-        (ReferenceListIterator::operator++):
-        * kjs/reference_list.h:
-        * kjs/types.cpp:
-        * kjs/types.h:
-
-2002-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-       Fix Development build - some NDEBUG code had to be changed for the
-       Value/Reference split.
-       
-        * kjs/internal.cpp:
-        (KJS::printInfo):
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate):
-
-2002-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-        * kjs/reference_list.h: Added file I forgot to check in last time.
-
-2002-08-15  Maciej Stachowiak  <mjs@apple.com>
-
-       Phase 1 of optimization to stop allocating references through the
-       collector. This step clearly splits evaluating to a reference and
-       evaluating to a value, and moves all of the reference-specific
-       operations from Value to Reference. A special ConstReference class
-       helps out for the one case where you need special reference
-       operations if the result is a reference, and not otherwise.
-
-       Also, Reference now inherits privately from Value, and there is a
-       new ReferenceList class that inherits privately from List, so the
-       uses of Reference and Value are now completely orthogonal. This
-       means that as the next step, their implementations can be
-       completely disentangled.
-       
-       This step has no actual performance impact.
-       
-        * kjs/collector.cpp:
-        (Collector::collect):
-        * kjs/nodes.cpp:
-        (Node::evaluateReference):
-        (ResolveNode::evaluate):
-        (ResolveNode::evaluateReference):
-        (ElementNode::evaluate):
-        (PropertyValueNode::evaluate):
-        (AccessorNode1::evaluate):
-        (AccessorNode1::evaluateReference):
-        (AccessorNode2::evaluate):
-        (AccessorNode2::evaluateReference):
-        (ArgumentListNode::evaluateList):
-        (NewExprNode::evaluate):
-        (FunctionCallNode::evaluate):
-        (PostfixNode::evaluate):
-        (DeleteNode::evaluate):
-        (VoidNode::evaluate):
-        (TypeOfNode::evaluate):
-        (PrefixNode::evaluate):
-        (UnaryPlusNode::evaluate):
-        (NegateNode::evaluate):
-        (BitwiseNotNode::evaluate):
-        (LogicalNotNode::evaluate):
-        (MultNode::evaluate):
-        (AddNode::evaluate):
-        (ShiftNode::evaluate):
-        (RelationalNode::evaluate):
-        (EqualNode::evaluate):
-        (BitOperNode::evaluate):
-        (BinaryLogicalNode::evaluate):
-        (ConditionalNode::evaluate):
-        (AssignNode::evaluate):
-        (CommaNode::evaluate):
-        (VarDeclNode::evaluate):
-        (ExprStatementNode::execute):
-        (IfNode::execute):
-        (DoWhileNode::execute):
-        (WhileNode::execute):
-        (ForNode::execute):
-        (ForInNode::execute):
-        (ReturnNode::execute):
-        (WithNode::execute):
-        (CaseClauseNode::evaluate):
-        (SwitchNode::execute):
-        (ThrowNode::execute):
-        * kjs/nodes.h:
-        * kjs/types.cpp:
-        (ConstReference::ConstReference):
-        * kjs/types.h:
-        * kjs/value.h:
-
-2002-08-15  Darin Adler  <darin@apple.com>
-
-       Tweaks and small bug fixes to Maciej's excellent new fixnum optimization.
-       Also updated or removed comments that call it "fixnum" instead of "simple number".
-
-        * kjs/simple_number.h: Change constant names so they don't SHOUT the way macro
-       names do. Added constants for shift, min, and max. Fixed off-by-1 error that
-       prevented us from using the extreme values on either end. Base the range of
-       numbers on a fixed 32 bits constant rather than the size of a long, because
-       code elsewhere depends on positive numbers fitting into both "unsigned" and
-       "UInt32" while assuming it doesn't need to check; we can easily change this
-       later. Used int types rather than long for essentially the same reason.
-       Fixed the value-extraction function so it will work for negative numbers even
-        if the shift is logical, not arithmetic, by using division instead.
-       Renamed functions to be quite terse since they are inside a class.
-
-        * kjs/value.h:
-        * kjs/value.cpp:
-        (ValueImp::dispatchToObject): Call NumberImp::toObject in a "non-virtual"
-       way rather than repeating the code here.
-        (ValueImp::dispatchToUInt32): Handle the negative number case correctly.
-        (ValueImp::dispatchGetBase): Call ValueImp::getBase in a "non-virtual"
-       way rather than repeating the code here.
-        (ValueImp::dispatchGetPropertyName): Call ValueImp::getPropertyName in a
-       "non-virtual" way rather than repeating the code here.
-        (ValueImp::dispatchPutValue): Call ValueImp::putValue in a "non-virtual"
-       way rather than repeating the code here.
-        (ValueImp::dispatchDeleteValue): Call ValueImp::deleteValue in a "non-virtual"
-       way rather than repeating the code here.
-        (Number::Number): Fixed a bug where the double-based constructor was casting
-       to long, so wouldn't do the "remainder" check.
-
-=== Alexander-19 ===
-
-=== Alexander-18 ===
-
-2002-08-15  Maciej Stachowiak  <mjs@apple.com>
-
-       Phase 2 of fixnum optimization. Store any integral number that
-       will fit in two bits less than a long inside the ValueImp *
-       itself, thus avoiding the need to deal with the garbage collector
-       at all for these types. Such numbers comprised .5 million of the
-       1.7 million ValueImps created during the cvs-js-performance test,
-       so traffic through the garbage collector should be
-
-       20% improvement on cvs-js-performance. This may also show up on
-       cvs-base, but I did not compare and I am too lazy to make clean in
-       WebCore yet again. 
-
-       This also significantly reduces memory footprint on
-       JavaScript-heavy pages. Size after going through
-       cvs-js-performance suite is now 22MB to 17.5MB.
-       
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/simple_number.h: Added. Some inline static methods for handling
-       simple numbers that are stored in the pointer.
-        * kjs/ustring.h:
-        * kjs/ustring.cpp:
-        (UString::from): Added new overload for long.
-        * kjs/value.cpp:
-        (ValueImp::marked): Add special case for simple numbers.
-        (ValueImp::setGcAllowed): Likewise.
-       (ValueImp::toInteger): Call dispatch version of
-       toUInt32(unsigned&), not the real method.
-        (ValueImp::toInt32): Likewise.
-        (ValueImp::toUInt32): Likewise.
-        (ValueImp::toUInt16): Likewise.
-        (ValueImp::dispatchType): Add special case for simple numbers.
-        (ValueImp::dispatchToPrimitive): Likewise.
-        (ValueImp::dispatchToBoolean): Likewise.
-        (ValueImp::dispatchToNumber): Likewise.
-        (ValueImp::dispatchToString): Likewise.
-        (ValueImp::dispatchToObject): Likewise.
-        (ValueImp::dispatchToUInt32): Likewise.
-        (ValueImp::dispatchGetBase): Likewise.
-        (ValueImp::dispatchGetPropertyName): Likewise.
-        (ValueImp::dispatchPutValue): Likewise.
-        (ValueImp::dispatchDeleteValue): Likewise.
-        (Number::Number): Create a simple number instead of a full-blown
-       ValueImp when possible.
-        (Number::value): Likewise.
-        * kjs/value.h:
-
-2002-08-15  Maciej Stachowiak  <mjs@apple.com>
-
-       Phase one of the "fixnum" optimization (storing small enough
-       integers in the pointer). This just paves the way for the change
-       by making all the virtual functions of ValueImp private and adding
-       non-virtual dispatchers which can call the virtual function or
-       handle fixnums specially.
-
-       Also, I marked every place that should need a special case with a
-       FIXNUM comment.
-       
-        * kjs/bool_object.cpp:
-        (BooleanObjectImp::construct): Call dispatch method not the real method.
-        * kjs/internal.h: Make toUInt32 private to make sure no one calls it directly
-       on a NumberImp*.
-        * kjs/nodes.cpp:
-        (ForInNode::execute): Call dispatch method not the real method.
-        * kjs/object.cpp:
-       (ObjectImp::propList): Call dispatch method not the real method.
-        * kjs/object.h:
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): Call dispatch method not the real method.
-        (StringObjectImp::construct): Call dispatch method not the real method.
-        * kjs/value.h:
-        * kjs/value.cpp:
-        (ValueImp::marked): Put a comment about required FIXNUM change.
-        (ValueImp::setGcAllowed): Likewise.
-        (ValueImp::dispatchType): Just call the virtual method for now.
-        (ValueImp::dispatchToPrimitive): Likewise.
-        (ValueImp::dispatchToBoolean): Likewise.
-        (ValueImp::dispatchToNumber): Likewise.
-        (ValueImp::dispatchToString): Likewise.
-        (ValueImp::dispatchToObject): Likewise.
-        (ValueImp::dispatchToUInt32): Likewise.
-        (ValueImp::dispatchGetBase): Likewise.
-        (ValueImp::dispatchGetPropertyName): Likewise.
-        (ValueImp::dispatchGetValue): Likewise.
-        (ValueImp::dispatchPutValue): Likewise.
-        (ValueImp::dispatchDeleteValue): Likewise.
-
-2002-08-14  Darin Adler  <darin@apple.com>
-
-       Another pass of tweaks, including one bug fix.
-
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp): Use malloc, not new.
-        (ArrayInstanceImp::get): Use a local variable so we don't rely on the optimizer
-       to avoid indexing twice.
-        (ArrayInstanceImp::hasProperty): Use a local variable, and also check against
-       UndefinedImp::staticUndefined rather than doing type() != UndefinedType.
-
-2002-08-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Simplified array handling by using NULL to represent empty cells
-       instead of the Undefined object, so we can use calloc, realloc and
-       memset instead of loops. Inspired by a suggestion of Darin's.
-
-       * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp):
-        (ArrayInstanceImp::~ArrayInstanceImp):
-        (ArrayInstanceImp::get):
-        (ArrayInstanceImp::hasProperty):
-        (ArrayInstanceImp::deleteProperty):
-        (ArrayInstanceImp::setLength):
-        (ArrayInstanceImp::mark):
-
-2002-08-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Fix major JavaScript memory leak. run-plt says cvs-base improved
-       by 2% and cvs-js-performance improved by 7%. However, this was
-       within the possible noise level in each case.
-        
-       The fix was to store ValueImp *'s in the array instead of Value
-       objects, since the Value wrapper will keep a ref and make the
-       object immortal.
-
-       * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp):
-        (ArrayInstanceImp::get):
-        (ArrayInstanceImp::put):
-        (ArrayInstanceImp::hasProperty):
-        (ArrayInstanceImp::deleteProperty):
-        (ArrayInstanceImp::setLength):
-        (ArrayInstanceImp::mark):
-        * kjs/array_object.h:
-
-2002-08-13  Maciej Stachowiak  <mjs@apple.com>
-
-       Add the ability to determine the classes of live JavaScript
-       objects, to help with leak fixing.
-
-        * kjs/collector.h, kjs/collector.cpp:
-        (Collector::liveObjectClasses):
-
-2002-08-13  Maciej Stachowiak  <mjs@apple.com>
-
-       Small speed improvement. 3% faster on cvs-js-performance, no
-       measurable change on cvs-static-urls.
-       
-        * kjs/collector.cpp:
-        (Collector::collect): Combine 3 loops over all objects into one,
-       to reduce flat time and improve locality of reference.
-
-2002-08-12  Darin Adler  <darin@apple.com>
-
-       Speed improvements. 19% faster on cvs-js-performance, 1% on cvs-static-urls.
-
-       Use global string objects for length and other common property names rather
-       than constantly making and destroying them. Use integer versions of get() and
-       other related calls rather than always making a string.
-
-       Also get rid of many unneeded constructors, destructors, copy constructors, and
-       assignment operators. And make some functions non-virtual.
-
-        * kjs/internal.h:
-        * kjs/internal.cpp:
-        (NumberImp::toUInt32): Implement.
-        (ReferenceImp::ReferenceImp): Special case for numeric property names.
-        (ReferenceImp::getPropertyName): Moved guts here from ValueImp. Handle numeric case.
-        (ReferenceImp::getValue): Moved guts here from ValueImp. Handle numeric case.
-        (ReferenceImp::putValue): Moved guts here from ValueImp. Handle numeric case.
-        (ReferenceImp::deleteValue): Added. Handle numeric case.
-
-        * kjs/array_object.h:
-        * kjs/array_object.cpp: All-new array implementation that stores the elements
-       in a C++ array rather than in a property map.
-        (ArrayInstanceImp::ArrayInstanceImp): Allocate the C++ array.
-        (ArrayInstanceImp::~ArrayInstanceImp): Delete the C++ array.
-        (ArrayInstanceImp::get): Implement both the old version and the new overload that
-       takes an unsigned index for speed.
-        (ArrayInstanceImp::put): Implement both the old version and the new overload that
-       takes an unsigned index for speed.
-        (ArrayInstanceImp::hasProperty): Implement both the old version and the new overload that
-       takes an unsigned index for speed.
-        (ArrayInstanceImp::deleteProperty): Implement both the old version and the new overload that
-       takes an unsigned index for speed.
-        (ArrayInstanceImp::setLength): Added. Used by the above to resize the array.
-        (ArrayInstanceImp::mark): Mark the elements of the array too.
-        (ArrayPrototypeImp::ArrayPrototypeImp): Pass the length to the array instance constructor.
-
-        * kjs/bool_object.cpp:
-        * kjs/date_object.cpp:
-        * kjs/error_object.cpp:
-        * kjs/function.cpp:
-        * kjs/function_object.cpp:
-        * kjs/math_object.cpp:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/number_object.cpp:
-        * kjs/object_object.cpp:
-        * kjs/regexp_object.cpp:
-        * kjs/string_object.cpp:
-
-        * kjs/nodes2string.cpp: (SourceStream::operator<<): Add a special case for char now that
-       you can't create a UString from a char implicitly.
-
-        * kjs/object.h:
-        * kjs/object.cpp:
-        (ObjectImp::get): Call through to the string version if the numeric version is not implemented.
-        (ObjectImp::put): Call through to the string version if the numeric version is not implemented.
-        (ObjectImp::hasProperty): Call through to the string version if the numeric version is not implemented.
-        (ObjectImp::deleteProperty): Call through to the string version if the numeric version is not implemented.
-
-        * kjs/types.h:
-        * kjs/types.cpp:
-        (Reference::Reference): Added constructors for the numeric property name case.
-
-        * kjs/ustring.h: Made the constructor that turns a character into a string be explicit so we
-       don't get numbers that turn themselves into strings.
-        * kjs/ustring.cpp:
-        (UString::UString): Detect the empty string case, and use a shared empty string.
-        (UString::find): Add an overload for single character finds.
-        (UString::rfind): Add an overload for single character finds.
-        (KJS::operator==): Fix bug where it would call strlen(0) if the first string was not null.
-       Also handle non-ASCII characters consistently with the rest of the code by casting to unsigned char
-       just in case.
-
-        * kjs/value.h: Make ValueImp and all subclasses non-copyable and non-assignable.
-        * kjs/value.cpp:
-        (ValueImp::toUInt32): New interface, mainly useful so we can detect array indices and not turn
-       them into strings and back.
-        (ValueImp::toInteger): Use the new toUInt32. Probably can use more improvement.
-        (ValueImp::toInt32): Use the new toUInt32. Probably can use more improvement.
-        (ValueImp::toUInt16): Use the new toUInt32. Probably can use more improvement.
-        (ValueImp::getBase): Remove handling of the Reference case. That's in ReferenceImp now.
-        (ValueImp::getPropertyName): Remove handling of the Reference case. That's in ReferenceImp now.
-        (ValueImp::getValue): Remove handling of the Reference case. That's in ReferenceImp now.
-        (ValueImp::putValue): Remove handling of the Reference case. That's in ReferenceImp now.
-        (ValueImp::deleteValue): Added. Used so we can do delete the same way we do put.
-
-=== Alexander-17 ===
-
-2002-08-09  Darin Adler  <darin@apple.com>
-
-       Some string speedups. Makes sony.com cached 11% faster on Development, but
-        the improvement for Deployment should be greater.
-
-        * kjs/ustring.h: Made it possible for UChar objects to be uninitialized, which
-       gives a speed boost. Inlined CString's +=, UString's destructor, +=, and +.
-        * kjs/ustring.cpp:
-        (UString::UString): Optimize const char * version, which showed up
-       heavily in performance analysis. Added new two-UString version, which
-       makes the + operator fast. 
-        (UString::ascii): Remove thread safety changes. Change static buffer to remember
-       its size, and to always be at least 4096 bytes long; that way we never have to
-       reallocate unless it's for a long string. Also make code to extract the characters
-       significantly faster by getting rid of two pointer dereferences per character.
-        (UString::is8Bit): Avoid one pointer dereference per character.
-        (UString::toDouble): Use ascii() instead of cstring() to avoid copying the string.
-
-        * kjs/collector.cpp: Remove unneeded APPLE_CHANGES.
-        * kjs/regexp.cpp: Remove ifdefs around some APPLE_CHANGES that we
-       want to keep, because they just fix warnings.
-        * kjs/value.h: Remove obsolete APPLE_CHANGES comment.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Project Builder decided
-       to move a line around in the file.
-
-2002-08-09  Maciej Stachowiak  <mjs@apple.com>
-
-       Fix my last change to actually call the versions of the lock functions
-       that are recursive and initialize as needed.
-       
-        * kjs/internal.cpp:
-        (InterpreterImp::InterpreterImp):
-        (InterpreterImp::clear):
-        (InterpreterImp::evaluate):
-
-2002-08-09  Maciej Stachowiak  <mjs@apple.com>
-
-        - fixed 2948835 - JavaScriptCore locking is too fine grained, makes it too slow
-
-       * kjs/collector.cpp:
-        (Collector::allocate):
-        (Collector::collect):
-        (Collector::finalCheck):
-        (Collector::numInterpreters):
-        (Collector::numGCNotAllowedObjects):
-        (Collector::numReferencedObjects):
-        * kjs/collector.h:
-        * kjs/internal.cpp:
-        (initializeInterpreterLock):
-        (lockInterpreter):
-        (unlockInterpreter):
-        (Parser::parse):
-        (InterpreterImp::InterpreterImp):
-        (InterpreterImp::clear):
-        (InterpreterImp::evaluate):
-        * kjs/value.cpp:
-        (ValueImp::ValueImp):
-        (ValueImp::setGcAllowed):
-
-=== milestone 0.5 ===
-
-=== Alexander-16 ===
-
-2002-08-05  Maciej Stachowiak  <mjs@apple.com>
-
-       - fixed 3007072 - need to be able to build fat
-       
-        * JavaScriptCore.pbproj/project.pbxproj: Fixed DeploymentFat build.
-
-=== Alexander-15 ===
-
-2002-07-25  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Add DeploymentFat build style.
-
-=== Alexander-14 ===
-
-2002-07-21  Darin Adler  <darin@apple.com>
-
-        * kjs/*: Roll KDE 3.0.2 changes in. Also switch to not using APPLE_CHANGES
-       for some of the changes that we definitely want to contribute upstream.
-
-2002-07-21  Maciej Stachowiak  <mjs@apple.com>
-
-        * Makefile.am: Remove products from symroots on `make clean'.
-
-=== Alexander-13 ===
-
-2002-07-13  Darin Adler  <darin@apple.com>
-
-        * Makefile.am: Don't use embed.am any more.
-        * JavaScriptCore.pbproj/project.pbxproj: Use embed-into-alex instead
-       of make embed.
-
-2002-07-12  Darin Adler  <darin@apple.com>
-
-        * kjs/ustring.h: Since <sys/types.h> includes ushort and uint now, had
-       to change the includes here to be compatible with that.
-
-2002-07-11  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: To make the build of
-       WebCore work without using -I to peek at JavaScriptCore sources,
-       made all the Public sources Private so they are all in one directory.
-       Also, made lookup.h be Private.
-
-=== Alexander-11 ===
-
-=== Alexander-10 ===
-
-2002-06-25  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Re-add -Wmissing-format-attribute.
-
-=== Alexander-9 ===
-
-2002-06-19  Kenneth Kocienda  <kocienda@apple.com>
-
-        I just played alchemical voodoo games with the linker to 
-        make all our frameworks and Alexander prebound.
-
-       * JavaScriptCore.pbproj/project.pbxproj
-
-2002-06-15  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Removed explicit PFE_FILE_C_DIALECTS now that
-       Project Builder handles this automatically. Removed explicit USE_GCC3 since that's implicit
-       now. Also, since this project is all C++, only use WARNING_CFLAGS with flags that are appropriate
-       for C++; don't bother breaking out C vs. C++.
-
-       * kjs/collector.cpp: Now that the system warning is fixed, use PTHREAD_MUTEX_INITIALIZER and
-       PTHREAD_COND_INITIALIZER.
-       * kjs/internal.cpp: Use PTHREAD_MUTEX_INITIALIZER.
-       * kjs/ustring.cpp: Use PTHREAD_ONCE_INIT.
-
-2002-06-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Made Development build mode mean what Unoptimized used to mean. Removed Unoptimized build mode. 
-        Added a Mixed build mode which does what Deployment used to. All this to fix:
-        
-        Radar 2955367 - Change default build style to "Unoptimized"
-        
-       * JavaScriptCore.pbproj/project.pbxproj:
-
-2002-06-12  Darin Adler  <darin@apple.com>
-
-       * kjs/nodes.cpp: (Node::finalCheck): A bit of APPLE_CHANGES so we
-       can compile with KJS_DEBUG_MEM defined if we want to.
-
-2002-06-10  Darin Adler  <darin@apple.com>
-
-       Merged in changes from KDE 3.0.1.
-
-       * kjs/collector.cpp:
-       * kjs/date_object.cpp:
-       * kjs/function.cpp:
-       * kjs/internal.cpp:
-       * kjs/lookup.h:
-       * kjs/object.cpp:
-       * kjs/operations.cpp:
-       * kjs/regexp.cpp:
-       * kjs/regexp_object.cpp:
-       * kjs/regexp_object.h:
-       * kjs/string_object.cpp:
-       * kjs/testkjs.cpp:
-       * kjs/ustring.cpp:
-       * kjs/value.cpp:
-       * kjs/value.h:
-       Do the merge, and add APPLE_CHANGES as needed to make things compile.
-
-       * kjs/date_object.lut.h: Re-generated.
-
-2002-06-07  Darin Adler  <darin@apple.com>
-
-       * Makefile.am: Use new shared "embed.am" file so we don't need four copies of
-       the embedding rules for WebFoundation, JavaScriptCore, WebCore, and WebKit.
-
-2002-06-07  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Don't use any warning flags for C that won't work
-       for C++, because PFE uses the C warning flags on a C++ compile.
-
-=== Alexander-8 ===
-
-2002-06-06  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Update warning flags for compatibility
-       with new C++.
-
-2002-06-05  Darin Adler  <darin@apple.com>
-
-       Fix problem seen as build failure on Jersey.
-
-       * Makefile.am: JavaScriptCore-stamp needs to be a dependency, not a
-       source file, because it doesn't have a corresponding object file.
-       Making it a dependency causes things to compile in the right order.
-
-2002-06-04  Darin Adler  <darin@apple.com>
-
-       Improve the speed of the JavaScript string append operation by growing
-       the capacity so we don't need to reallocate the string every time.
-
-       Also fix script execution so it doesn't use recursion to advance from
-       one statement to the next, using iteration instead.
-
-       * Makefile.am: Stop using BUILT_SOURCES to build JavaScriptCore-stamp,
-       because this causes the Project Builder project to build *before* the
-       subdir. Intead, use an all-am rule in a way more similar to all our
-       other directories.
-
-       * kjs/grammar.y: Link the SourceElementsNode in the opposite direction,
-       so we can walk the list and execute each element instead of using
-       recursion to reverse the list.
-       * kjs/grammar.cpp: Check in new generated file.
-
-       * kjs/nodes.cpp:
-       (SourceElementsNode::execute):
-       (SourceElementsNode::processFuncDecl):
-       (SourceElementsNode::processVarDecls):
-       Use loops instead of recursion.
-
-       * kjs/ustring.h: Don't initialize all UChar objects to 0. This was
-       wasting a *huge* amount of time.
-       * kjs/ustring.cpp:
-       (UString::Rep::create): Add a "capacity" along with the length.
-       (UString::append): Include 50% extra capacity when appending.
-       (UString::operator=): Reuse the buffer if possible rather than
-       always creating a new one.
-
-2002-06-02  Darin Adler  <darin@apple.com>
-
-       * COPYING.LIB: Fix line endings. It was using CRs.
-
-2002-05-31  Darin Adler  <darin@apple.com>
-
-       * Makefile.am:
-       * kjs/Makefile.am:
-       Slight improvements to rules that touch stamp files.
-
-2002-05-28  Maciej Stachowiak  <mjs@apple.com>
-
-       * THANKS: Demangled.
-
-=== Alexander-7 ===
-
-2002-05-24  Maciej Stachowiak  <mjs@apple.com>
-
-       Added license and acknowledgements.
-
-       * AUTHORS: Added.
-       * COPYING.LIB: Added.
-       * THANKS: Added.
-
-=== 0.3 ===
-
-=== Alexander-6 ===
-
-=== Alexander-5 ===
-
-=== Alexander-4 ===
-
-=== JavaScriptCore-5 ===
-
-2002-05-21  Maciej Stachowiak  <mjs@apple.com>
-
-       Reviewed by: Richard Williamson
-
-       Fixed Radar 2928775 - Sherlock crashes sitting in stocks channel
-
-       * kjs/internal.cpp:
-       (InterpreterImp::InterpreterImp): Set the interp pointer earlier,
-       in case garbage collection takes place while creating the global
-       values.
-
-2002-05-15  Darin Adler  <darin@apple.com>
-
-       Reviewed by: Maciej Stachowiak
-       
-       * Makefile.am:
-       Use all-am and clean-am instead of all and clean because it's better and
-       to make "make check" at the top level work right.
-
-2002-05-13  Darin Adler  <darin@apple.com>
-
-       Reviewed by: Maciej Stachowiak
-
-       * kjs/value.h: Fix comment typos.
-
-=== JavaScriptCore-4 ===
-
-2002-05-10  Maciej Stachowiak  <mjs@apple.com>
-
-       Reviewed by: Ken Kocienda and Darin Adler
-
-       Fixed the following bug:
-
-       Radar 2890573 - JavaScriptCore needs to be thread-safe
-
-       Actually this is only a weak form of thread-safety - you can safely
-       use different interpreters from different threads at the same
-       time. If you try to use a single interpreter object from multiple
-       threads, you need to provide your own locking.
-
-       * kjs/collector.h, kjs/collector.cpp:
-       (Collector::lock, Collector::unlock): Trivial implementation of a
-       recursive mutex.
-       (Collector::allocate): Lock around the body of this function.
-       (Collector::collect): Likewise.
-       (Collector::finalCheck): Likewise.
-       (Collector::numInterpreters): Likewise.
-       (Collector::numGCNotAllowedObjects): Likewise.
-       (Collector::numReferencedObjects): Likewise.
-       * kjs/internal.cpp:
-       (Parser::parse): use a mutex to lock around the whole parse, since
-       it uses a bunch of global state.
-       (InterpreterImp::InterpreterImp): Grab the Collector lock here,
-       both the mutually exclude calls to the body of this function, and
-       to protect the s_hook static member which the collector pokes at.
-       (InterpreterImp::clear): Likewise.
-       * kjs/ustring.cpp:
-       (statBufferKeyCleanup, statBufferKeyInit, UString::ascii): Convert
-       use of static variable
-       * kjs/value.cpp:
-       (ValueImp::ValueImp, ValueImp::mark, ValueImp::marked,
-       ValueImp::setGcAllowed): Grab the GC lock around any flag changes.
-
-=== Alexander-3 ===
-
-2002-05-08  Darin Adler  <darin@apple.com>
-
-       * kjs/collector.h:
-       * kjs/collector.cpp:
-       (Collector::numInterpreters):
-       (Collector::numGCNotAllowedObjects):
-       (Collector::numReferencedObjects):
-       Add three new functions so we can see a bit more about leaking JavaScriptCore.
-
-2002-05-06  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCorePrefix.h: Added.
-       * JavaScriptCore.pbproj/project.pbxproj: Use PFE precompiling.
-       Also switch from xNDEBUG to NDEBUG.
-
-=== Alexander 0.3c2 (v1) ===
-
-2002-04-18  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Oops. Take out -Wstrict-prototypes, put back
-       -Wmissing-prototypes.
-
-2002-04-18  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Take out -Wmissing-prototypes
-       because system headers are triggering it when we don't have
-       precompiled headers on.
-
-2002-04-18  Darin Adler  <darin@apple.com>
-
-       Reviewed by Maciej
-
-       * JavaScriptCore.pbproj/project.pbxproj: Turn on gcc3 and the same set of warnings
-       as in the rest of Labyrinth (see top level ChangeLog for details).
-
-2002-04-17  Maciej Stachowiak  <mjs@apple.com>
-
-       Reviewed by: Darin Adler  <darin@apple.com>
-
-       * kjs/testkjs.cpp: Don't include <iostream.h> to avoid gcc3
-       warning.
-
-2002-04-15  Darin Adler  <darin@apple.com>
-
-       Reviwed by: Maciej Stachowiak  <mjs@apple.com>
-
-       * kjs/internal.cpp:
-       * kjs/property_map.cpp:
-       * kjs/ustring.h:
-       Removed some unneeded <config.h> includes so we are more similar
-       to the real KDE sources.
-
-2002-04-15  Darin Adler  <darin@apple.com>
-
-       Reviwed by: Maciej Stachowiak  <mjs@apple.com>
-
-       Merged changes from KDE 3.0 final and did some build fixes.
-
-       * JavaScriptCore.pbproj/project.pbxproj: Added nodes2string.cpp.
-
-       * kjs/grammar.*: Regenerated.
-       * kjs/*.lut.h: Regenerated.
-
-2002-04-08  Darin Adler  <darin@apple.com>
-
-       Reviwed by: Maciej Stachowiak  <mjs@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Re-added -Wno-format-y2k.
-
-2002-04-04  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Add an Unoptimized build
-       style: exactly like Development except without the -O.
-
-2002-04-03  Darin Adler  <darin@apple.com>
-
-       * kjs/Makefile.am: Gratuitous cleanup.
-
-2002-04-02  Darin Adler  <darin@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Update flags as I did for
-       WebFoundation.
-
-2002-04-02  Maciej Stachowiak  <mjs@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Pass -Wno-format-y2k so
-       the project builds with gcc3.
-       
-       * kjs/nodes.cpp: Avoid including an obsolete header to avoid
-       warning with gcc3.
-
-2002-04-02  Darin Adler  <darin@apple.com>
-
-       * kjs/property_map.cpp: (PropertyMap::~PropertyMap): Deallocate the
-        map by calling clear so we don't leak the entire map.
-
-2002-04-02  Darin Adler  <darin@apple.com>
-
-       * kjs/internal.cpp: (InterpreterImp::globalClear): Add code to
-        deallocate and null out emptyList, because once the last interpreter
-        is destroyed there's nothing to keep it from being garbage collected.
-
-2002-04-01  Darin Adler  <darin@apple.com>
-
-        Got rid of KWQDef.h because it's dangerous to have two files with
-        the same name and different contents.
-
-       * JavaScriptCore.pbproj/project.pbxproj:
-       * kjs/KWQDef.h: Removed.
-       * kjs/ustring.h: Defines unsigned int types inline now.
-
-2002-03-30  Maciej Stachowiak  <mjs@apple.com>
-
-       Fixed Radar 2891272 (JavaScript crashes loading quicktime.com and
-       apple.com)
-
-       * kjs/object.cpp: (ObjectImp::~ObjectImp): Don't call setGCAlloc
-       on object internals pointed to, because they may have already been
-       collected by the time this object is collected, and in that case
-       we would corrupt the malloc arena.
-
-       * Makefile.am: Make the stamp file depend on all the sources and
-       headers so the framework gets rebuilt properly.
-
-       * JavaScriptCore.pbproj/project.pbxproj: Some random numbers moved
-       around. No idea what I really changed.
-
-2002-03-30  Darin Adler  <darin@apple.com>
-
-       * kjs/grammar.y: Took out Id tag so we won't constantly need to
-        update grammar.cpp.
-       * kjs/grammar.cpp: Regenerated without Id tag.
-
-       * .cvsignore: Ignore some additional autogenerated files.
-       * kjs/.cvsignore: Ignore some additional autogenerated files.
-
-2002-03-30  Maciej Stachowiak  <mjs@apple.com>
-
-       * JavaScriptCore.pbproj/project.pbxproj: Install some of the
-       headers.
-
-2002-03-30  Maciej Stachowiak  <mjs@apple.com>
-
-       Converted JavaScriptCore to build with Project Builder, in
-       preparation for B&I submission.
-
-       * English.lproj/InfoPlist.strings: Added.
-       * JavaScriptCore.pbproj/.cvsignore: Added.
-       * JavaScriptCore.pbproj/project.pbxproj: Added.
-       
-       * .cvsignore: Update the set of ignored things.
-
-       * Makefile.am: Hand off to PB for the main build, but still handle
-       the generated files and the test program.
-
-       * kjs/Makefile.am: Don't build anything except the generated
-       source files.
-
-       * kjs/KWQDef.h, kjs/config.h: Added minimal versions of these
-       files to get kjs to build.
-
-       Check in all the genrated files, since Project Builder isn't up to
-       the task of handling built sources:
-       
-       * kjs/array_object.lut.h: Added.
-       * kjs/date_object.lut.h: Added.
-       * kjs/grammar.cpp: Added.
-       * kjs/grammar.cpp.h: Added.
-       * kjs/grammar.h: Added.
-       * kjs/lexer.lut.h: Added.
-       * kjs/math_object.lut.h: Added.
-       * kjs/number_object.lut.h: Added.
-       * kjs/string_object.lut.h: Added.
-
-       * kjs/.cvsignore: Update set of ignored things.
-
-2002-03-28  Maciej Stachowiak  <mjs@apple.com>
-
-       * kjs/kjs-test.chk: Update output for new test results.
-
-2002-03-26  Maciej Stachowiak  <mjs@apple.com>
-
-       Set up kjs to build by itself into libJavaScriptCore.dylib.
-       
-       * .cvsignore: Added.
-       * Makefile.am: Added.
-       * dummy.cpp: Added.
-       * kjs/.cvsignore: Added.

diff --git a/ChangeLog-2003-10-25 b/ChangeLog-2003-10-25
deleted file mode 100644 (file)
index 7127d32..0000000
--- a/ChangeLog-2003-10-25
+++ /dev/null
@@ -1,1483 +0,0 @@
-=== Safari-111 ===
-
-2003-10-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Fix broken build.
-
-        * kjs/simple_number.h:
-
-2003-10-22  Maciej Stachowiak  <mjs@apple.com>
-
-       Merged 64-bit compilation fixes, and fixes for handling negative 0
-       from upstream kjs.
-       
-        * kjs/internal.cpp:
-        * kjs/simple_number.h:
-        (KJS::SimpleNumber): fixed constants; added negZero constant. 
-        (KJS::SimpleNumber::is): adjusted to use long and not int.
-        (KJS::SimpleNumber::value): ditto.
-       (KJS::SimpleNumber::fits): ditto; also don't allow -0 to fit, so
-       we don't lose the distinction between -0 and +0.
-        (KJS::SimpleNumber::make): adjusted to use long.
-
-2003-10-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed 3367015 -- interdependent variable declarations in for loop don't work (they go backwards)
-
-        * kjs/nodes.h: (KJS::ForNode::ForNode): Add a new overload of the constructor for when the
-        first parameter is a variable declaration list. Call reverseList as we do in other constructors
-        that take lists that are built backwards.
-        * kjs/nodes.cpp: (ForNode::reverseList): Added. New helper function.
-
-=== Safari-110 ===
-
-=== Safari-109 ===
-
-2003-10-06  Darin Adler  <darin@apple.com>
-
-        * kjs/create_hash_table: Remove stray semicolon.
-
-        * kjs/array_object.lut.h:
-        * kjs/date_object.lut.h:
-        * kjs/lexer.lut.h:
-        * kjs/math_object.lut.h:
-        * kjs/number_object.lut.h:
-        * kjs/string_object.lut.h:
-        Regenerated.
-
-=== Safari-108 ===
-
-2003-10-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed 3441656 -- constructor bad for objs created w/ function as prototype (www.moock.org/asdg/codedepot)
-
-        * kjs/nodes.cpp: (FuncDeclNode::processFuncDecl): Set up the constructor as
-        as specified in the JavaScript spec. We were already doing this right in the
-        other place we make functions.
-
-2003-09-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        Rolled in Harri Porten's change to accept non-breaking space in JavaScript.
-
-        * kjs/lexer.cpp: (Lexer::isWhiteSpace): Accept 00A0 as "whitespace".
-
-2003-09-25  Maciej Stachowiak  <mjs@apple.com>
-
-       Roll out build system change since it did not actually work. :-(
-       
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-
-2003-09-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Don't hack install name. Instead
-       of embedding into Safari, embed into WebKit as sub-umbrella.
-        * Makefile.am: Don't forget to rebuild if the user removes
-       JavaScript.framework from symroots manually.
-
-=== Safari-107 ===
-
-2003-09-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed 3421107 -- some dates that other browsers can parse can't be parsed by KJS's Date.parse()
-
-        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Added code to be more strict about month names,
-        to allow a time zone after date even if the date omits the time, and to understand AM and PM.
-
-2003-09-22  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Rename Mixed build style to OptimizedWithSymbols.
-
-2003-09-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        * kjs/config.h: Added HAVE_SYS_PARAM_H, since KJS does look for this header, and we do
-        indeed have it. Just something I noticed in passing while cleaning up configure.in.
-
-2003-09-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed 3419380 -- JavaScript Date.getTimezoneOffset is off by one hour (during daylight savings)
-
-        * kjs/date_object.cpp: (DateProtoFuncImp::call): The daylight savings correction
-        in here was incorrect. Perhaps I should have corrected it for the non-BSD case too,
-        but I'm not sure the issue is the same.
-
-2003-09-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/date_object.cpp: Removed our CF-based implementations of gmtime, localtime,
-        mktime, timegm, and time, since they no longer have the slow "hit the filesystem
-        every time" behavior.
-
-=== Safari-100 ===
-
-=== Safari-99 ===
-
-=== Safari-98 ===
-
-=== Safari-97 ===
-
-=== Safari-96 ===
-
-2003-08-27  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John
-
-       - fixed rdar://problem/3397316 - sherlock crash: KJS::Collector::allocate(unsigned long)
-       
-       * kjs/internal.cpp:
-        (InterpreterImp::InterpreterImp): Hold the lock a bit longer, so
-       the call to initGlobalObject is covered.
-
-=== Safari-95 ===
-
-2003-08-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - fixed 3098350 -- opt. params to date methods are ignored (can't set end date in Exchange/Outlook web cal.)
-
-        * kjs/date_object.cpp: (DateProtoFuncImp::call): Added code to handle the optional parameters.
-        Strangely, the table of functions already had the right number of parameters listed, but the
-        code to look at the parameter values was missing.
-
-=== Safari-94 ===
-
-2003-08-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed 3247528 -- encodeURI missing from JavaScriptCore (needed by Crystal Reports)
-        - fixed 3381297 -- escape method does not escape the null character
-        - fixed 3381299 -- escape method produces incorrect escape sequences ala WinIE, rather than correct ala Gecko
-        - fixed 3381303 -- unescape method treats escape sequences as Latin-1 ala WinIE rather than as UTF-8 ala Gecko
-        - fixed 3381304 -- unescape method garbles strings with bad escape sequences in them
-
-        * kjs/function.h: Added constants for decodeURI, decodeURIComponent, encodeURI, and
-        encodeURIComponent.
-        * kjs/function.cpp:
-        (encode): Added. New helper function for escape, encodeURI, and encodeURIComponent.
-        (decode): Added. New helper function for unescape, decodeURI, and decodeURIComponent.
-        (GlobalFuncImp::call): Added decodeURI, decodeURIComponent, encodeURI, and encodeURIComponent 
-        implementations. Changed escape and unescape to use new helper functions, which fixes
-        the four problems above.
-
-        * kjs/internal.cpp: (InterpreterImp::initGlobalObject): Add decodeURI, decodeURIComponent,
-        encodeURI, and encodeURIComponent to the global object.
-
-        * kjs/ustring.h: Added a length to the CString class so it can hold strings with null
-        characters in them, not just null-terminated strings. This allows a null character from
-        a UString to survive the process of UTF-16 to UTF-8 decoding. Added overloads to
-        UString::append, UString::UTF8String, UTF8SequenceLength, decodeUTF8Sequence,
-        convertUTF16OffsetsToUTF8Offsets, and convertUTF8OffsetsToUTF16Offsets.
-        
-        * kjs/ustring.cpp:
-        (CString::CString): Set up the length properly in all the constructors. Also add a new
-        constructor that takes a length.
-        (CString::append): Use and set the length properly.
-        (CString::operator=): Use and set the length properly.
-        (operator==): Use and the length and memcmp instead of strcmp.
-        (UString::append): Added new overloads for const char * and for a single string to make
-        it more efficient to build up a UString from pieces. The old way, a UString was created
-        and destroyed each time you appended.
-        (UTF8SequenceLength): New. Helper for decoding UTF-8.
-        (decodeUTF8Sequence): New. Helper for decoding UTF-8.
-        (UString::UTF8String): New. Decodes from UTF-16 to UTF-8. Same as the function that
-        was in regexp.cpp, except has proper handling for UTF-16 surrogates.
-        (compareStringOffsets): Moved from regexp.cpp.
-        (createSortedOffsetsArray): Moved from regexp.cpp.
-        (convertUTF16OffsetsToUTF8Offsets): New. Converts UTF-16 offsets to UTF-8 offsets, given
-        a UTF-8 string. Same as the function that was in regexp.cpp, except has proper handling
-        for UTF-16 surrogates.
-        (convertUTF8OffsetsToUTF16Offsets): New. Converts UTF-8 offsets to UTF-16 offsets, given
-        a UTF-8 string. Same as the function that was in regexp.cpp, except has proper handling
-        for UTF-16 surrogates.
-
-        - fixed 3381296 -- regular expression matches with UTF-16 surrogates will treat sequences as two characters
-
-        * kjs/regexp.cpp:
-        (RegExp::RegExp): Use the new UString::UTF8String function instead a function in this file.
-        (RegExp::match): Use the new convertUTF16OffsetsToUTF8Offsets (and the corresponding
-        reverse) instead of convertCharacterOffsetsToUTF8ByteOffsets in this file.
-
-=== Safari-93 ===
-
-2003-08-14  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by John. 
-
-        * JavaScriptCore.pbproj/project.pbxproj: deleted JavaScriptCore.order from the project.
-
-2003-08-14  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by John. 
-
-        * JavaScriptCore.order: Removed.  We now link to the order file at /AppleInternal/OrderFiles.
-        * JavaScriptCore.pbproj/project.pbxproj: change sectorder flag to point to /AppleInternal/OrderFiles/JavaScriptCore.order
-
-=== JavaScriptCore-92.1 ===
-
-2003-08-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - fixed 3365527 -- subscripting JavaScript strings does not work (leads to hang at www.newmagna.com.au)
-
-        The JavaScript specification says nothing about this, but other browsers seem to give
-        read-only access to the characters in a string as if the string was an array of characters.
-
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::get): Update to use a public toArrayIndex function instead of our own getArrayIndex
-        function, so we can share with string.
-        (ArrayInstanceImp::put): Ditto.
-        (ArrayInstanceImp::hasProperty): Ditto.
-        (ArrayInstanceImp::setLength): Ditto.
-
-        * kjs/ustring.h: Add toArrayIndex.
-        * kjs/ustring.cpp: (UString::toArrayIndex): Added. Implements the rule from array.
-        * kjs/identifier.h: Add a forwarding function so we can use toArrayIndex.
-
-        * kjs/string_object.cpp:
-        (StringInstanceImp::get): Return a single character string if the property name is an array index.
-        (StringInstanceImp::hasProperty): Return true for property names that are suitable array indices.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Let Xcode be Xcode.
-
-=== Safari-92 ===
-
-2003-08-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - fixed 3366975 - repro hang in KJS::Value::Value entering text at eil.com
-       
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): When doing a match against a regexp
-       with the global flag set, make sure to return null rather than an
-       empty array when there is no match. This is what other browsers do.
-
-2003-08-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        * kjs/list.cpp:
-       (List::copyTail): Test for loop termination with < instead of !=,
-       since i starts at 1 but size could be 0. Do the same for the other
-       loop for consistency's sake.
-       
-2003-08-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-       - fixed 3222621 - Cryptic "anonymous function hack" messages in console (10.2.4)
-       
-        * kjs/lexer.cpp:
-        (Lexer::lex): Remove useless debug spew.
-
-=== Safari-91 ===
-
-2003-07-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed problem where some JavaScriptCore symbols had no namespace or prefix
-
-        * kjs/grammar.y: Added a define for yylloc to make it use the kjs prefix.
-        This is the same thing done for the rest of the symbols automatically by yacc,
-        but for some reason it's not done for yyloc. Also make automatic() function static.
-        * kjs/grammar.cpp: Regenerated.
-        * kjs/lexer.cpp: Use kjsyylloc instead of yyloc.
-
-        * pcre/pcre.h: Add defines to prepend kjs prefixes for all the PCRE functions.
-
-2003-07-30  Darin Adler  <darin@apple.com>
-
-        * Makefile.am: Include the subdirectory with the PCRE code in it.
-
-2003-07-30  John Sullivan  <sullivan@apple.com>
-
-       - JavaScriptCore part of fix for 3284525 -- AutoFill fills in 
-       only e-mail address field of New Account form on Apple Store Japan
-
-        Reviewed by Darin
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-       Mark pcre.h as a Private header
-
-2003-07-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Richard.
-
-       - fixed 3240814 - LEAK: 120 byte leak in JavaScript parser in Sherlock Movies channel
-       
-        * kjs/internal.cpp:
-        (Parser::parse): ref() and deref() the program node, to make sure to clean up properly,
-       before deleting it.
-        (InterpreterImp::checkSyntax): Likewise.
-
-=== Safari-90 ===
-
-2003-07-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-       Remove -seg_addr_table_filename to fix build.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-2003-07-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-       - fixed 3330344 - Please change allowable client to "JavaScriptGlue" from "JSGlue"
-
-        * JavaScriptCore.pbproj/project.pbxproj: Changed allowable client
-       to "JavaScriptGlue"
-
-2003-07-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - do some improvements Maciej suggested while reviewing the array index change
-
-        * kjs/array_object.cpp:
-        (getArrayIndex): Return a flag to say whether the index was value separately, to avoid
-        in-band signalling.
-        (ArrayInstanceImp::get): Update for new getArrayIndex parameters.
-        (ArrayInstanceImp::put): Ditto.
-        (ArrayInstanceImp::hasProperty): Ditto.
-        (ArrayInstanceImp::setLength): Ditto.
-        
-        * kjs/ustring.cpp: (UString::toStrictUInt32): Check for overflow in a way that avoids doing
-        a divide every time through the loop. But note that it adds an extra branch to the loop.
-        I wonder which is worse.
-
-2003-07-12  Darin Adler  <darin@apple.com>
-
-        Fixed broken build.
-
-        * kjs/identifier.h: Add toULong back. It's still used in WebCore (and maybe in JavaScriptGlue,
-        for all I know).
-
-2003-07-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed 3272777 -- array object indices treated as integers by Safari, but as strings in other web browsers
-
-        JavaScriptCore did not implement the proper rule for what an array index is.
-
-        * kjs/array_object.cpp:
-        (getArrayIndex): Added. Implements the rule from the specification, which also provides a handy
-        "not an array index" value of 2^32-1.
-        (ArrayInstanceImp::get): Use getArrayIndex.
-        (ArrayInstanceImp::put): Ditto.
-        (ArrayInstanceImp::hasProperty): Ditto.
-        (ArrayInstanceImp::setLength): Ditto.
-
-        * kjs/identifier.h: Removed now-unused toULong, and added toStrictUInt32, in both cases forwarding
-        functions that forward to UString.
-
-        * kjs/ustring.h: Added toStringUInt32.
-        * kjs/ustring.cpp: (UString::toStrictUInt32): Added. Converts a string to a 32-bit unsigned integer,
-        and rejects any string that does not exactly match the way the integer would be formatted on output.
-        This is the rule documented in the ECMA language standard.
-
-=== Safari-89 ===
-
-2003-07-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - fixed 3302021 - v74 and v85 hang with http://e-www.motorola.com/
-
-       The crux of this was saving and restoring the prototype objects
-       for all the standard types when saving and restoring for the page
-       cache.
-       
-        * kjs/internal.cpp:
-        (InterpreterImp::saveBuiltins):
-        (InterpreterImp::restoreBuiltins):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (Interpreter::saveBuiltins):
-        (Interpreter::restoreBuiltins):
-        (SavedBuiltins::SavedBuiltins):
-        (SavedBuiltins::~SavedBuiltins):
-        * kjs/interpreter.h:
-        * kjs/property_map.cpp:
-
-2003-07-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-       - fixed 3295916 - b/c JavaScriptCore and WebCore are installing in wrong location, private headers are public
-
-        * WebCore.pbproj/project.pbxproj: Install in WebKit.framework/Versions/A/Frameworks.
-
-=== Safari-88 ===
-
-2003-07-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-       - fixed 3096961 - JavaScriptCore should link only to what it uses, shouldn't drag in Cocoa.framework
-
-        * JavaScriptCore.pbproj/project.pbxproj: Don't link Cocoa.framework;
-       just pull in CoreFoundation and CoreServices.
-        * kjs/date_object.cpp: Include CoreServices.h instead of Carbon.h
-       (the stuff we want is in CarbonCore).
-
-2003-06-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - improved the property map sorting technique so that the indices
-          are separate for each property map, and also preserve the ordering
-          when property maps are saved and restored
-
-        * kjs/property_map.cpp:
-        (PropertyMap::put): Don't bother setting the index for _singleEntry, since there's
-        no need to sort a single entry. Use the per-table lastIndexUsed instead of a global.
-        (PropertyMap::expand): Don't use the index (uninitialized now) out of a _singleEntry
-        when putting it in a newly-created map; just use 0. Compute a value for the new map's
-        lastIndexUsed as we walk through the elements we are adding to it (using the same old
-        indices from the old map).
-
-=== Safari-85.1 ===
-
-=== Safari-85 ===
-
-2003-06-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-       - fixed 3178438 -- return elements in order of addition in for..in loop (other browsers seem to)
-       - fixed 3292067 -- REGRESSION (64-65): albertsons.com "Shop A to Z" menus are not sorted alphabetically
-
-        * kjs/property_map.h: Add index field to hash table entry and index parameter to insert function.
-        * kjs/property_map.cpp:
-        (PropertyMap::put): Set an index for new map entries to an ever-increasing number based on a global.
-        (PropertyMap::insert): Take an index parameter.
-        (PropertyMap::expand): Preserve the indices as we rehash the table.
-        (comparePropertyMapEntryIndices): Added. Compares two property map entries by index.
-        (PropertyMap::addEnumerablesToReferenceList): Sort the proprty map entries by index before adding
-        them to the reference list.
-
-=== Safari-84 ===
-
-2003-06-10  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by john.
-
-        * JavaScriptCore.order: new order file for 1.0
-
-=== Safari-83 ===
-
-2003-06-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-       - fixed 3224031 -- can't search at rakuten.co.jp b/c of extra characters inserted by regexp replace (8-bit char)
-
-        Use PCRE UTF-8 regular expressions instead of just chopping off high bytes.
-
-        * kjs/regexp.h: Redo field names, remove some unused stuff.
-        * kjs/regexp.cpp:
-        (convertToUTF8): Added.
-        (compareStringOffsets): Added.
-        (createSortedOffsetsArray): Added.
-        (convertCharacterOffsetsToUTF8ByteOffsets): Added.
-        (convertUTF8ByteOffsetsToCharacterOffsets): Added.
-        (RegExp::RegExp): Set the PCRE_UTF8 flag, and convert the UString to UTF-8 instead of
-        using ascii() on it.
-        (RegExp::~RegExp): Remove unneeded if statement (pcre_free is 0-tolerant as free is).
-        (RegExp::match): Convert the UString to UTF-8 and convert the character offsets to and
-        from UTF-8 byte offsets. Also do fixes for the "no offset vector" case so we get the
-        correct position and matched string.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Add a PCRE header that was missing before.
-
-=== Safari-82 ===
-
-=== Safari-81 ===
-
-2003-05-21  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by john 
-       - fixed 3234553: Safari and its frameworks should link using order files
-
-        * JavaScriptCore.order: Added.
-        * JavaScriptCore.pbproj/project.pbxproj: set SECTORDER_FLAGS = -sectorder __TEXT __text JavaScriptCore.order
-
-=== Safari-80 ===
-
-2003-05-19  Maciej Stachowiak  <mjs@apple.com>
-
-       - fixed 3261096 - Make WebKit an umbrella framework
-       
-        * JavaScriptCore.pbproj/project.pbxproj: In a B&I build, compile as a
-       sub-umbrella of WebKit.
-
-2003-05-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-       - fixed 3254063 - REGRESSION: hang in KJS PropertyMap with many items in iDisk pictures folder
-
-        * kjs/property_map.cpp:
-       (PropertyMap::expand): Fixed to maintain key count properly - otherwise the hashtable
-       could get completely full, resulting in disaster.
-       (PropertyMap::checkConsistency): Fixed compilation. Fixed to know about deleted
-       sentinel. Fixed to search with double-hashing instead of linear probing.
-       
-=== Safari-79 ===
-
-2003-05-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Chris.
-
-       - fixed 3259673 - REGRESSION: marvel.com thinks I don't have the flash plugin any more
-
-        * kjs/nodes.cpp:
-        (ContinueNode::execute): Return a Continue completion, not a Break
-       completion, in the normal non-exception case.
-
-2003-05-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - fixed 3254484 - Add a way to print JavaScript exceptions to the console via the debug menu
-       - improved JavaScript error message format
-       
-        * kjs/error_object.cpp:
-        (ErrorProtoFuncImp::call): Include line number in toString output.
-        * kjs/internal.cpp:
-        (Parser::parse): Remove redundant fprintf.
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate): Log if the flag is on. Include filename in log output.
-        (Interpreter::shouldPrintExceptions): Check the global flag.
-        (Interpreter::setShouldPrintExceptions): Set the global flag.
-        * kjs/interpreter.h:
-        * kjs/nodes.cpp:
-        (Node::throwError): Add variants that include value and expression or label in format.
-        (NewExprNode::evaluate): Improve error message.
-        (FunctionCallNode::evaluate): Improve error message.
-        (RelationalNode::evaluate): Improve error message.
-        (ContinueNode::execute): Improve error message.
-        (BreakNode::execute): Improve error message.
-        (LabelNode::execute): Improve error message.
-        * kjs/nodes.h:
-
-=== Safari-78 ===
-
-2003-05-07  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by darin.
-       
-       - modify the Mixed build style to build optimized with symbols
-        
-       * JavaScriptCore.pbproj/project.pbxproj:  removed OPTIMIZATION_CFLAGS
-
-2003-05-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Don.
-
-       - fixed 3239961 - www.phiffer.com doesn't work; uses "var top; top = n;"
-       
-        * kjs/nodes.cpp:
-        (VarDeclNode::evaluate): Check if the property exists with
-       getDirect() instead of hasProperty().
-
-=== Safari-77 ===
-
-2003-04-29  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-       - fixed 2959353 -- eliminate globally initialized objects from JavaScriptCore
-
-        * JavaScriptCore.pbproj/project.pbxproj: Added fpconst.cpp.
-        * kjs/fpconst.cpp: Added. Defines KJS::NaN and KJS::Inf in a way that does not require a
-        framework init routine.
-
-        * kjs/identifier.h: Use a new KJS_IDENTIFIER_EACH_GLOBAL macro so we can do things to
-        the entire set of identifiers easily. Also added an init function that sets up these globals
-        in a way that does not require a framework init routine.
-        * kjs/identifier.cpp: (Identifier::init): Initialize the property ane globals in a way that
-        does not require a framework init routine.
-
-        * kjs/internal.cpp: (InterpreterImp::initGlobalObject): Call Identifier::init.
-        
-        * kjs/ustring.h: Remove UChar::null and UString::null, and add UString::null(). We can't have
-        a global object of a class that has a constructor if we want to avoid framework init routines,
-        and luckily very little code relies on these.
-        * kjs/ustring.cpp:
-        (UCharReference::ref): Use our own global specific to this function rather than returning
-        UChar::null when past the end of the string. This is dangerous because if the caller modifies
-        it, that affects what all subsequent callers will see.
-        (UString::Rep::create): Added assertions.
-        (UString::UString): Got rid of code here that used to set up UString::null.
-        (UString::null): Added. Returns a global null string, and can be used in some of the places
-        where we used to use the UString::null global.
-        (UString::operator[]): Fixed case where this used to return UChar::null to return '\0' instead.
-
-        * kjs/regexp.cpp: (RegExp::match): Change uses of UString::null to UString::null().
-
-2003-04-25  Darin Adler  <darin@apple.com>
-
-       - fixed 3241344 -- REGRESSION: top of page missing on wired.com and cnn.com
-
-        Caused by the ResolveNode speedup. Roll it out until I can figure out why.
-
-        * kjs/nodes.cpp: (ResolveNode::evaluate): Go back to using evaluateReference.
-
-2003-04-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - a couple improvements that give a 6.6% speedup on iBench JavaScript
-
-        * kjs/nodes.cpp: (ResolveNode::evaluate): Don't use evaluateReference.
-        
-        * kjs/object.cpp: (ObjectImp::get): Do the prototype work with the ValueImp, not a wrapper.
-        Contributes a tiny bit to the speedup, but cleaner anyway.
-        (ObjectImp::hasProperty): Same thing here.
-
-2003-04-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - move from linear probing to double hashing, gives an 0.7% speedup in iBench JavaScript
-
-        * kjs/property_map.h: Remove the hash function.
-        * kjs/property_map.cpp: Added statistics for rehashes and removes.
-        Moved from linear probing to double hashing, using the hash modulo
-        (table size minus one) plus one for the probing distance.
-
-        * kjs/ustring.h: Use unsigned instead of int for hash function result.
-
-=== Safari-75 ===
-
-2003-04-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-       Improved List pool for 3% speed improvement on cvs-js-ibench
-
-        * kjs/list.cpp: Replaced the roving cursor with a free list and
-       raised the high water mark to 384.
-
-2003-04-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Don.
-
-       - JavaScriptCore part of fix for 3158769 - JavaScript triggers not as async as they used to be
-
-       Added a way to get the current interpreter lock count, so Sherlock
-       can unlock the interpreter inside JS method implementations that
-       spend a long time waiting for I/O, allowing more efficient
-       multi-threaded operation.
-
-        * kjs/internal.cpp:
-        (lockInterpreter):
-        (unlockInterpreter):
-        (InterpreterImp::lock):
-        (InterpreterImp::lockCount):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (Interpreter::lockCount):
-        * kjs/interpreter.h:
-
-=== Safari-73 ===
-
-=== Safari-72 ===
-
-=== Safari-71 ===
-
-2003-03-31  Darin Adler  <darin@apple.com>
-
-        * English.lproj/InfoPlist.strings: Changed "1.0 Beta" to "1.0 Beta 2".
-        * JavaScriptCore.pbproj/project.pbxproj: Changed "1.0 Beta" to "1.0 Beta 2".
-
-=== Safari-69 ===
-
-2003-03-24  Trey Matteson  <trey@apple.com>
-
-       Pass -seg_addr_table_filename <FILENAME> to ld.  This makes our frameworks in
-       SYMROOT actually work for symbol resolution because they will have the correct
-       prebinding address.  It also fixes obscure B&I problems with prebinding
-       reported by Matt Reda.
-
-       Note the reason all this is tricky for our projects is that we have a different
-       install location for Jaguar and Panther.  The purpose of this arg is to declare
-       at link time our eventual location, which allows the prebinding address to be
-       found in /AppleInternal/Developer/seg_addr_table.  We use a funky back-tick
-       expression within OTHER_LDFLAGS to get a conditional value depending on the
-       build train we are in.
-
-       This can all go away once we only build on Panther and don't embed the
-       frameworks inside the Safari.app wrapper.
-
-       In addition I fixed the OTHER_LDFLAGS settings in our build styles to be
-       additive instead of overriding, so we have the args we used for B&I in force
-       when building outside of B&I.
-
-       Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-=== Safari-68 ===
-
-2003-03-16  Trey Matteson  <trey@apple.com>
-
-       3198135 - need to fix our projects so SYMROOT is not stripped
-
-       Tweaked stripping options:  B&I build does not COPY_PHASE_STRIP.
-       Deployment build still does.
-       We strip manually as part of the install that we do ourselves.
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-=== Safari-67 ===
-
-=== Safari-66 ===
-
-2003-03-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-       - fixed 3193099 -- date parsing can't handle the time zone format that date formatting produces
-
-        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Allow a "GMT" prefix before the time zone offset.
-
-=== Safari-65 ===
-
-2003-03-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - got rid of some framework initialization (working on bug 2959353)
-
-        * kjs/identifier.h: Turn Identifier:null into Identifier:null().
-        * kjs/identifier.cpp: Removed Identifier:null and added Identifier:null().
-
-        * kjs/internal.cpp: Made NaN_Bytes and Inf_Bytes const.
-
-        * kjs/completion.h: Use Identifier:null() instead of Identifier:null.
-        * kjs/function.h: Ditto.
-        * kjs/function_object.cpp: (FunctionObjectImp::construct): Ditto.
-        * kjs/nodes.cpp: (FuncExprNode::evaluate): Use Identifier:null() instead of Identifier:null.
-
-2003-03-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Trey.
-
-       - fixed 3158833 - ebay prefs page is so slow, it seems like a hang.
-
-       92% speed improvement on ebay prefs page.
-       1% speed improvement on js-ibench and js-performance plt suites.
-       
-       There were a couple of problems with the identifier hash table that
-       I fixed:
-       
-        * kjs/identifier.cpp:
-       (void Identifier::remove): Adjust the shrink threshold to avoid
-       constantly growing and shrinking.
-        * kjs/ustring.cpp:
-        (UString::Rep::computeHash): Use a better hash function that
-       avoids collisions for obvious data sets.
-
-=== Safari-64 ===
-
-=== Safari-63 ===
-
-2003-02-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - fixed 3156705 - REGRESSION: javascript menus improperly placed at umich.edu store
-
-        * kjs/nodes.cpp:
-        (StatListNode::execute): If the first statement's completion is
-       not normal, return immediately.
-
-2003-02-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed 3142355 -- nil-deref in CFTimeZoneCopyAbbreviation
-
-        The real problem wasn't with the current time zone, but with the UTC time zone.
-        The poor sod had a broken /usr/share/zoneinfo directory, with a 0-byte-long UTC file.
-
-        * kjs/date_object.cpp: (UTCTimeZone): Use CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0.0)
-        to get the universal time zone instead of getting it by name.
-
-=== Safari-62 ===
-
-2003-02-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Trey and Ken.
-
-        - fixed 3142355 -- nil-deref in CFTimeZoneCopyAbbreviation
-
-        Although I can't reproduce this bug, it seems that it's caused by CFTimeZoneCopyDefault returning NULL.
-        I'm almost certain that the UTC time zone will be created successfully in this case, so I'll just use that.
-
-        * kjs/date_object.cpp:
-        (UTCTimeZone): Added. Gets the UTC time zone (once in a global).
-        (CopyLocalTimeZone): Added. Gets the local time zone, but falls back to UTC.
-        (gmtimeUsingCF): Use UTCTimeZone.
-        (localtimeUsingCF): Use CopyLocalTimeZone.
-        (mktimeUsingCF): Use CopyLocalTimeZone.
-        (timegmUsingCF): Use UTCTimeZone.
-
-2003-02-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed 3145442 -- toString(16) is not working, causing non-ASCII characters in mac.com homepage to be munged
-
-        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Add handling for toString with a radix other than
-        10 passed as an argument.
-
-2003-02-11  Trey Matteson  <trey@apple.com>
-
-       Set -seg1addr in our build styles, but not for the B&I build.
-       This makes our SYMROOTS from B&I usable to determine symbols from crash
-       logs from the field.
-       Also nuked DeploymentFat build style.
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-2003-02-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Updated to build the framework
-       standalone instead of embedded when doing a B&I build for Panther.
-
-=== Safari-55 ===
-
-2003-01-29  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        * kjs/scope_chain.cpp: Rolled out the fix to bug 3137084.
-        It caused a massive storage leak, and probably didn't even fix the bug.
-
-2003-01-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-       - fixed 3157318 -- hang at time zone page after clicking on map at www.time.gov
-
-        * kjs/date_object.cpp: (KJS::KRFCDate_parseDate): Allow a comma after the day.
-        Given how this code is structured, it allows commas in unwanted contexts too, but
-        that's almost certainly harmless.
-
-2003-01-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed 3144918 -- Can't drill down multiple levels of categories when selling on ebay
-        if first item in list is chosen
-        
-        The bug was caused by having array values in the property map past the storageLength cutoff
-        in an array object; those values would not be seen when you do a get.
-
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::put): Implement a new rule for resizing the storage that is independent
-        of the length. The old rule would sometimes make the storage very big if you added two elements
-        in a row that both had large, but consecutive indexes. This eliminates any cases where we
-        make sparse entries in the property map below the sparse array cutoff.
-        (ArrayInstanceImp::resizeStorage): Don't ever make storage size bigger than the cutoff unless
-        the caller specifically requests it.
-        (ArrayInstanceImp::setLength): Change this so it only makes the storage smaller, never larger.
-        We will actually enlarge the storage when putting elements in.
-
-2003-01-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/Makefile.am: Add dependencies so the .lut.h files get rebuilt if the script changes.
-
-=== Safari-54 ===
-
-2003-01-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-       - fixed 3137084 -- Many non-reproducible crashers in ContextImp::mark / ScopeChain::mark
-
-        * kjs/scope_chain.cpp: (ScopeChain::push): Add assertion.
-        (ScopeChain::release): Fix while loop so that it decrements refCount of the first node in
-        the chain too.
-
-2003-01-21  Darin Adler  <darin@apple.com>
-
-        - correct our copyrights to 2003; copyright is based on year of publication, not year worked on
-
-2003-01-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - made minor tweaks to work better with Mozilla's JavaScript tests.
-
-        * kjs/testkjs.cpp:
-        (VersionFunctionImp::call): Implemented 
-        (main): Ignore files named -f (hack to match -f <filename syntax
-       that moz JavaScript tests expect). Also use return code 3 instead
-       of 1 for uncaught exception.
-
-2003-01-16  Darin Adler  <darin@apple.com>
-
-        * kjs/number_object.cpp: (NumberObjectImp::construct):
-       Fix build, remove stray space.
-
-2003-01-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-       - rolled in a change from the KJS folks
-
-        * kjs/number_object.h: Use ObjectImp *, not Object, for the proto.
-        * kjs/number_object.cpp:
-        (NumberInstanceImp::NumberInstanceImp): Use ObjectImp *, not Object, for the proto.
-        (NumberPrototypeImp::NumberPrototypeImp): Pass ObjectImp.
-        (NumberObjectImp::construct): Use ObjectImp.
-
-=== Safari-52 ===
-
-2003-01-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-       - rolled in a change from the KJS folks
-
-       Fixes a bug where the date functions would not accept non-strings.
-       And provides a bit of a speedup.
-
-        * kjs/date_object.h: Change parameter type for parseDate.
-        * kjs/date_object.cpp:
-        (DateObjectFuncImp::call): Always call toString, don't check the type.
-        (KJS::parseDate): Take a UString parameter, not a String parameter.
-
-2003-01-13  Darin Adler  <darin@apple.com>
-
-        * kjs/ustring.h: Fix spelling of occurrence.
-
-2003-01-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-       - turned more recursion into iteration, and fixed some backwards stuff
-
-        * kjs/grammar.y: Use the normal idiom for CaseClauses and FormalParameterList
-       rather than using append().
-        * kjs/grammar.cpp: Regenerated.
-
-        * kjs/nodes.h: Change ClauseListNode and ParameterNode to use the normal idiom,
-       and got rid of append methods. Also added friend declarations and calls to reverseList().
-        * kjs/nodes.cpp:
-        (StatListNode::ref): Iteration, not recursion.
-        (StatListNode::deref): Iteration, not recursion.
-        (StatListNode::execute): Iteration, not recursion.
-        (StatListNode::processVarDecls): Iteration, not recursion.
-        (CaseClauseNode::reverseList): Added.
-        (ClauseListNode::ref): Iteration, not recursion.
-        (ClauseListNode::deref): Iteration, not recursion.
-        (ClauseListNode::processVarDecls): Iteration, not recursion.
-        (CaseBlockNode::reverseLists): Added.
-        (ParameterNode::ref): Iteration, not recursion.
-        (ParameterNode::deref): Iteration, not recursion.
-        (FuncDeclNode::reverseParameterList): Added.
-        (FuncExprNode::reverseParameterList): Added.
-        (SourceElementsNode::ref): Iteration, not recursion.
-        (SourceElementsNode::deref): Iteration, not recursion.
-        (SourceElementsNode::execute): Use variable name of n to match other functions.
-        (SourceElementsNode::processFuncDecl): Ditto.
-        (SourceElementsNode::processVarDecls): Ditto.
-
-        * kjs/nodes2string.cpp:
-        (SourceStream::operator<<): Used a switch statement for a bit of added clarity.
-        (ElementNode::streamTo): Iteration, not recursion.
-        (PropertyValueNode::streamTo): Iteration, not recursion.
-        (ArgumentListNode::streamTo): Iteration, not recursion.
-        (StatListNode::streamTo): Iteration, not recursion, and fixed order.
-        (VarDeclListNode::streamTo): Iteration, not recursion.
-        (ClauseListNode::streamTo): Used for statement to match other functions.
-        (CaseBlockNode::streamTo): Used for statement to match other functions.
-        (ParameterNode::streamTo): Iteration, not recursion.
-        (SourceElementsNode::streamTo): Iteration, not recursion, and fixed order that has been
-       backwards since I changed how this works in nodes.cpp.
-
-2003-01-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-       - changes inspired by things I noticed reviewing diffs vs. KDE when preparing the tarball
-
-        * kjs/function.cpp: (GlobalFuncImp::call): Use strtol when strtoll is
-       not available. Do #ifndef NDEBUG, not #if !NDEBUG.
-        * kjs/function.h: Do #ifndef NDEBUG, not #if !NDEBUG.
-        * kjs/internal.cpp:
-        (InterpreterImp::initGlobalObject): Do #ifndef NDEBUG, not #if !NDEBUG.
-        (KJS::printInfo): Remove case for ListType and remove default case that just
-       ends up suppressing the "missing case" warning and does no good.
-        * kjs/interpreter.cpp: (Interpreter::evaluate): Do #ifndef NDEBUG, not #if !NDEBUG.
-        * kjs/nodes.cpp:
-        (Node::finalCheck): Fix accidentally-deleted code in an ifdef we never compile.
-        (FunctionCallNode::evaluate): Remove bogus XXX comment. Maciej put this comment in,
-        and together we determined it's not needed.
-        (TypeOfNode::evaluate): Ditto.
-        * kjs/object.cpp: Remove assert that refers to ListType.
-        * kjs/value.h: Remove ListType.
-
-2003-01-09  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Add the year 2003, remove CFBundleIconFile,
-       bump marketing version to 0.8.1 and version to 52u to keep up with the branch,
-       remove CFHumanReadableCopyright, remove NSPrincipalClass.
-
-        * English.lproj/InfoPlist.strings: Updated to match above changes.
-
-2003-01-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by no one cause I'm just changing copyright strings.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Added non-Apple copyrights to
-       copyright strings.
-        * English.lproj/InfoPlist.strings: Likewise.
-
-2003-01-05  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Fix "Apple Compupter" typo.
-       Remove unneeded CFBundleLongVersionString we don't use anywhere else.
-
-2003-01-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-       - fixed 3138213 -- browser hangs trying to open Apple travel site
-
-        * kjs/date_object.cpp: (timetUsingCF): Check for very-negative year numbers too.
-
-=== Alexander-48 ===
-
-=== Alexander-47 ===
-
-2002-12-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Don and Maciej.
-
-       - follow-on to my fix for 3134693 that fixes one more case of recursion and simplifies further
-
-        * kjs/grammar.y: Remove SourceElementNode and just use a StatementNode instead.
-       Reverse SourceElements rule so the recursive rule comes first as in the original
-       KJS code (avoids actual parser recursion).
-
-        * kjs/grammar.cpp: Regenerated.
-        * kjs/grammar.cpp.h: Regenerated.
-        * kjs/grammar.h: Regenerated.
-
-        * kjs/nodes.h: Make processFuncDecl a virtual function in StatementNode so that we can
-       use a StatementNode instead of a SourceElementNode. Add a call to reverseList in BlockNode
-       to correct the order of the linked list in SourceElementsNode, to replace the technique
-       where we reversed it in the parser. Remove SourceElementNode class, and make the element in
-       SourceElementsNode be a StatementNode instead.
-        * kjs/nodes.cpp: Remove SourceElementNode code.
-        (StatementNode::processFuncDecl): Added empty function.
-        (BlockNode::reverseList): Added. Used to make the SourceElements list ordered correctly.
-        * kjs/nodes2string.cpp: Remove SourceElementNode code.
-
-=== Alexander-46 ===
-
-2002-12-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Gramps and Ken.
-       Checked in by Ken.
-
-       - fixed 3134693 -- carsdirect.com crash on used car search, due to large JavaScript array
-
-       The parser was using recursion to handle many types of lists.
-       This meant that we crashed out of stack space when any of the lists were extra big.
-       I applied the same sort of fix we had already applied a while back for argument lists for
-       all the other types of lists, including the list of ElementNode that was the reason for
-       the crash reported here.
-
-        * kjs/grammar.y: Removed ElisionNode altogether and just use a count.
-       Use specific node types for PropertyNameAndValueList and PropertyName.
-
-        * kjs/grammar.cpp: Regenerated.
-        * kjs/grammar.cpp.h: Regenerated.
-        * kjs/grammar.h: Regenerated.
-
-        * kjs/nodes.h: Elide "ElisionNode", changing objects to keep elision counts instead.
-       Make the ObjectLiteralNode list field be PropertyValueNode, not just Node.
-       Make PropertyValueNode fields have specific types. Add new reverse list functions, calls
-       to those functions in the constructors, and friend declarations as needed so the class
-       that holds the head of a list can reverse the list during parsing.
-        * kjs/nodes.cpp:
-        (ElementNode::ref): Use iteration instead of recursion. Also elide "elision".
-        (ElementNode::deref): Ditto.
-        (ElementNode::evaluate): Use iteration instead of recursion, taking advantage of
-       the fact that the linked list is reversed. Also use the elision count rather than
-       an elision list.
-        (ArrayNode::reverseElementList): Reverse the list so we can iterate normally.
-        (ArrayNode::ref): Elide "elision".
-        (ArrayNode::deref): Ditto.
-        (ArrayNode::evaluate): Use elision count instead of elision list.
-        (ObjectLiteralNode::reverseList): Reverse the list so we can iterate normally.
-        (PropertyValueNode::ref): Use iteration instead of recursion.
-        (PropertyValueNode::deref): Use iteration instead of recursion.
-        (PropertyValueNode::evaluate): Use iteration instead of recursion, taking advantage
-       of the fact that the linked list is reversed.
-        (ArgumentListNode::ref): Change code to match the other similar cases we had to revise.
-        (ArgumentListNode::deref): Ditto.
-        (ArgumentListNode::evaluateList): Ditto.
-        (ArgumentsNode::reverseList): Ditto.
-        (VarDeclListNode::ref): Use iteration instead of recursion.
-        (VarDeclListNode::deref): Ditto.
-        (VarDeclListNode::evaluate): Use iteration instead of recursion, taking advantage
-       of the fact that the linked list is reversed.
-        (VarDeclListNode::processVarDecls): Ditto.
-        (VarStatementNode::reverseList): Reverse the list so we can iterate normally.
-        (FunctionBodyNode::FunctionBodyNode): Use BlockNode as the base class, removing
-       most of the FunctionBodyNode class.
-
-        * kjs/nodes2string.cpp:
-        (ElementNode::streamTo): Update for using a count for elision, and reverse linking.
-        (ArrayNode::streamTo): Update for using a count for elision.
-        (PropertyValueNode::streamTo): Update for reverse linking.
-        (ArgumentListNode::streamTo): Update for reverse linking. This has been wrong for
-       a while, since we added the reverse a long time ago.
-        (VarDeclListNode::streamTo): Update for reverse linking.
-        (ParameterNode::streamTo): Update for reverse linking.
-
-=== Alexander-45 ===
-
-2002-12-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Don and John.
-
-       - fixed 3134449 -- Date.UTC returns NaN (invalid date)
-
-       Did more testing of the date functions and made them behave like the other browsers.
-       There were three problems:
-
-            1) We did a validity check that other browsers don't do (hence the NaN).
-            2) We treated passed-in dates as local time even in Date.UTC (hence a wrong result
-               once I fixed the NaN).
-            3) The results of ToUTCString (and ToGMTString) weren't formatted quite the same
-              as other browsers.
-
-       Also found a couple of silly but unrelated coding mistakes.
-
-        * kjs/date_object.cpp:
-        (timetUsingCF): Added. Has the guts of mktimeUsingCF, but without the CFGregorianDateIsValid
-        check. Other browsers accept invalid dates. Also takes a time zone parameter.
-        (mktimeUsingCF): Calls timetUsingCF with the current time zone.
-        (timegmUsingCF): Calls timetUsingCF with the UTC time zone.
-        (formatDate): Remove the includeComma flag.
-        (formatDateUTCVariant): Added. For use instead of formatDate with the includeComma flag.
-       Puts the day before the month name.
-        (DateProtoFuncImp::call): Use the new formatDateUTCVariant for ToGMTString and ToUTCString.
-       Without this change the date didn't match other browsers.
-        (DateObjectImp::DateObjectImp): Use UTCPropertyName. Somehow I declared this and didn't use
-       it before.
-        (DateObjectImp::construct): Pass -1 for is_dst literally instead of using invalidDate.
-       Changing this to invalidDate was just a mistake (although no real difference in compiled
-       code since invalidDate is just -1).
-        (DateObjectFuncImp::call): Call timegm for the UTC case instead of mktime.
-
-=== Alexander-44 ===
-
-=== Alexander-43 ===
-
-2002-12-20  Trey Matteson  <trey@apple.com>
-
-       We now build with symbols the B&I.  Deployment builds are without symbols,
-       so it is easy to generate a non-huge app as a one-off.
-
-        Reviewed by Darin
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-=== Alexander-42 ===
-
-=== Alexander-41 ===
-
-=== Alexander-40 ===
-
-2002-12-18  Maciej Stachowiak  <mjs@apple.com>
-
-       Reviewed by John.
-
-       - fixed 3131171 - Change Alex versions to satisfy both marketing and B&I requirements
-       
-        * English.lproj/InfoPlist.strings:
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-2002-12-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Trey.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Removed signature.
-
-=== Alexander-39 ===
-
-=== Alexander-38 ===
-
-2002-12-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Don and Maciej.
-
-       - fixed 3129115 -- need Apple copyright added to open source documents
-
-       * tons of files: Added our copyright to files we modified, and updated all to standard format.
-
-       - other changes
-
-        * JavaScriptCore.pbproj/project.pbxproj: Set MACOSX_DEPLOYMENT_TARGET to 10.2.
-       Also removed completion.cpp.
-        * kjs/completion.cpp: Removed.
-        * kjs/completion.h: Made the Completion constructor inline.
-
-        * kjs/grammar.y: Removed an obsolete "pretend ifdef". No need to put these in APPLE_CHANGES now.
-
-=== Alexander-37 ===
-
-=== JavaScriptCore-37u2 ===
-
-2002-12-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Bump version to 37u2.
-
-2002-12-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Make dtoa.h visible as an SPI so I can
-       use it inside QString.
-
-2002-12-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-       - further corrections to number printing.
-
-        * kjs/ustring.cpp:
-        (UString::from): Make number printing match the ECMA standard
-       algorithm.
-
-2002-12-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dave.
-
-       - fix toString() conversion for numbers less than 1. Negative
-       exponents are still wrong though (things like 1E-34).
- 
-        * kjs/ustring.cpp:
-       (UString::from): Don't print empty string for numbers less than 1,
-       and remember to add extra 0s after the decimal for negative
-       decimal positions.
-       
-=== Alexander-37u1 ===
-
-=== Alexander-36 ===
-
-2002-12-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - fixed 3056449 - can't select state at tucows.com
-
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-       (ArrayInstanceImp::propList): Add numeric proprties that are in
-       special storage.
-        * kjs/array_object.h:
-        * kjs/object.h: Make propList a virtual method.
-
-2002-12-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Don.
-
-       - Add kjsprint global function in Development build for ease of debugging.
-       - Print uncaught JavaScript exceptions to the console in Development.
-       - Improve wording of exception error messages.
-       
-        * kjs/function.cpp:
-        (GlobalFuncImp::call):
-        * kjs/function.h:
-        * kjs/internal.cpp:
-        (InterpreterImp::initGlobalObject):
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate):
-        * kjs/nodes.cpp:
-        (NewExprNode::evaluate):
-        (FunctionCallNode::evaluate):
-        (RelationalNode::evaluate):
-
-2002-12-10  John Sullivan  <sullivan@apple.com>
-
-       Fixed more "Alexander"s that were lurking in places I forgot 
-       to look before.
-
-        Reviewed by Darin
-
-        * Makefile.am:
-       "rm -rf $(SYMROOTS)/Safari.app/Frameworks/JavaScriptCore.framework"
-
-2002-12-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Bump versions to 0.8 and 35u.
-       * English.lproj/InfoPlist.strings: In here too.
-
-2002-12-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-       - fixed 3059637 - all articles missing at excite.com sports page
-       - fixed 3065903 - most of content missing at excite.com news page
-
-       These bugs both came up because a JavaScript function has a var
-       declaration that collides with a function parameter name.
-       
-        * kjs/nodes.cpp:
-        (VarDeclNode::processVarDecls): Don't set the property to
-       undefined if a property with that name is already set on the
-       global object. Otherwise we may clobber function parameters with
-       undefined even before hitting a possible var initializer.
-
-2002-12-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by: Darin Adler
-
-       - made framework embedding work correctly with buildit
-
-        * JavaScriptCore.pbproj/project.pbxproj: Give framework a relative
-       install path, don't install it the normal way, and copy it
-       manually to /AppleInternal/Library/Frameworks if installing.
-
-=== Alexander-35 ===
-
-2002-12-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by: Richard Williamson
-
-       Added explicit lock/unlock methods so Sherlock can grab the
-       interpreter lock as needed.
-       
-       - partially addressed 3084320 - JavaScriptCore crash
-       
-        * kjs/internal.cpp:
-        (InterpreterImp::InterpreterImp):
-        (InterpreterImp::lock):
-        (InterpreterImp::unlock):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (Interpreter::lock):
-        (Interpreter::unlock):
-        * kjs/interpreter.h:
-
-2002-12-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by: Darin Adler
-
-       Set things up so JavaScriptCore builds in PCRE and uses it for
-       regular expressions. This fixes many form validation bugs:
-
-       - fixed 3103197 - javascript at fidelity.com rejects valid input
-       - fixed 2942552 - form validation at weather.com fails
-       - fixed 3079752 - js always reports textarea is empty
-       - fixed 3079719 - covad.com "check availalbility" fails
-       
-        * Makefile.am: Add pcre subdir.
-        * kjs/config.h: define HAVE_PCREPOSIX to true.
-       * kjs/regexp.h: Don't include pcreposix.h since nothing from there
-       is used.
-       * pcre/.cvsignore: Added.
-        * pcre/ChangeLog: Removed.
-        * pcre/INSTALL: Removed.
-        * pcre/Makefile.am: Added.
-        * pcre/Makefile.in: Removed.
-        * pcre/NEWS: Removed.
-        * pcre/NON-UNIX-USE: Removed.
-        * pcre/README: Removed.
-        * pcre/chartables.c: Added.
-        * pcre/config.guess: Removed.
-        * pcre/config.in: Removed.
-        * pcre/config.sub: Removed.
-        * pcre/configure: Removed.
-        * pcre/configure.in: Removed.
-        * pcre/dll.mk: Removed.
-        * pcre/doc/Tech.Notes: Removed.
-        * pcre/doc/pcre.3: Removed.
-        * pcre/doc/pcre.html: Removed.
-        * pcre/doc/pcre.txt: Removed.
-        * pcre/doc/pcregrep.1: Removed.
-        * pcre/doc/pcregrep.html: Removed.
-        * pcre/doc/pcregrep.txt: Removed.
-        * pcre/doc/pcreposix.3: Removed.
-        * pcre/doc/pcreposix.html: Removed.
-        * pcre/doc/pcreposix.txt: Removed.
-        * pcre/doc/pcretest.1: Removed.
-        * pcre/doc/pcretest.html: Removed.
-        * pcre/doc/pcretest.txt: Removed.
-        * pcre/doc/perltest.txt: Removed.
-        * pcre/install-sh: Removed.
-        * pcre/ltmain.sh: Removed.
-        * pcre/pcre-config.h: Added.
-        * pcre/pcre-config.in: Removed.
-        * pcre/internal.h: Include pcre-config.h instead of config.h
-        * pcre/pcre.c:
-        (ord2utf8): Fix warnings.
-        (pcre_compile): Fix warnings.
-        * pcre/pcre.def: Removed.
-        * pcre/pcre.h: Added.
-        * pcre/pcre.in: Removed.
-        * JavaScriptCore.pbproj/project.pbxproj: Added pcre files to build.
-        * JavaScriptCorePrefix.h: Guard c++ headers with #ifdef __cplusplus.
-
-2002-12-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by: Richard Williamson
-
-        * pcre/doc/*: Added.
-        * pcre/testdata/*: Added.
-
-2002-12-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by: Darin Adler
-
-       - imported PCRE 3.9 into the tree; this isn't actually compiled or
-       used yet.
-
-        * pcre/*: Added.
-
-== Rolled over to ChangeLog-2002-12-03 ==

diff --git a/ChangeLog-2007-10-14 b/ChangeLog-2007-10-14
deleted file mode 100644 (file)
index 693f966..0000000
--- a/ChangeLog-2007-10-14
+++ /dev/null
@@ -1,26221 +0,0 @@
-=== Start merge of feature-branch 2007-10-12 ===
-
-2007-10-11  Andrew Wellington  <proton@wiretapped.net>
-
-        Reviewed by Eric Seidel.
-        
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=15076
-        "deg2rad has multiple definitions"
-        
-        Define deg2rad, rad2deg, deg2grad, grad2deg, rad2grad, grad2rad
-        These are used through WebKit.
-        
-        Change based on original patch by Rob Buis.
-
-        * wtf/MathExtras.h:
-        (deg2rad):
-        (rad2deg):
-        (deg2grad):
-        (grad2deg):
-        (rad2grad):
-        (grad2rad):
-
-2007-10-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-        
-        - fix assertion failures on quit.
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): Dynamically alocate function-scope static
-        UStrings to avoid the static destructor getting called later.
-        * kjs/lookup.h: Dynamically alocate function-scope static
-        Identifiers to avoid the static destructor getting called later.
-
-2007-10-07  Ed Schouten  <ed@fxq.nl>
-
-        Reviewed and landed by Alexey Proskuryakov.
-
-        Add PLATFORM(FREEBSD), so we can fix the build on FreeBSD-like
-        systems by including <pthread_np.h>. Also fix some (disabled)
-        regcomp()/regexec() code; it seems some variable names have
-        changed.
-
-        * kjs/config.h:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        * wtf/Platform.h:
-
-2007-10-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=10370
-        RegExp fails to match non-ASCII characters against [\S\s]
-
-        Test: fast/js/regexp-negative-special-characters.html
-
-        * pcre/pcre_compile.c:
-        (compile_branch): Adjust opcode and bitmap as necessary to include (or exclude)
-        character codes >255. Fix suggested by Philip Hazel.
-
-        * pcre/pcre_exec.c:
-        (match): Merged fix for PCRE bug 580 (\S\S vs. \S{2}).
-
-        * tests/mozilla/expected.html: One test was fixed.
-        * pcre/MERGING: Added information about this fix.
-
-2007-10-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - skip extra hash lookup and avoid converting char* to UString for 19% speedup on CK JS array test 
-        http://bugs.webkit.org/show_bug.cgi?id=15350
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): Implement the two mentioned optimizations.
-
-2007-10-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-        
-        - Efficiently handle regexp property identifiers for 19% speedup on Celtic Kane regexp test
-        http://bugs.webkit.org/show_bug.cgi?id=15337
-
-        * kjs/CommonIdentifiers.h:
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFunc::callAsFunction):
-        (RegExpObjectImp::arrayOfMatches):
-        (RegExpObjectImp::construct):
-
-2007-10-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-        
-        - Cache global prorotypes more efficiently for 10% speedup on CK AJAX benchmark
-        http://bugs.webkit.org/show_bug.cgi?id=15335
-
-        * kjs/lookup.h:
-
-2007-10-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark.
-
-        Enable Experimental SVG features by default when building from Xcode
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2007-09-29  Rob Buis  <buis@kde.org>
-
-        Reviewed by Adam.
-
-        http://bugs.webkit.org/show_bug.cgi?id=13472
-        Misparsing date in javascript leads to year value of -1
-        http://bugs.webkit.org/show_bug.cgi?id=14176
-        Some date values not handled consistently with IE/Firefox
-
-        Allow an optional comma between month and year, and year and time.
-
-        * kjs/date_object.cpp:
-        (KJS::parseDate):
-
-2007-07-11  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Mark.
-
-        Forwardport the hash table fix from CodeGeneratorJS.pm to create_hash_table.
-        Reran run-jsc-tests, couldn't find any regressions. Suggested by Darin.
-
-        * kjs/create_hash_table:
-
-2007-06-25  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Maciej.
-        
-        Use intHash to hash floats and doubles too.
-
-        * ChangeLog:
-        * wtf/HashFunctions.h:
-        (WTF::FloatHash::hash):
-        (WTF::FloatHash::equal):
-        (WTF::):
-        * wtf/HashTraits.h:
-        (WTF::FloatHashTraits::emptyValue):
-        (WTF::FloatHashTraits::deletedValue):
-        (WTF::):
-
-=== End merge of feature-branch 2007-10-12 ===
-
-2007-10-11  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        Fix for <rdar://problem/5488678>.  Disable debugging symbols in production builds for 10.4
-        PowerPC to prevent a huge STABS section from being generated.
-
-        * Configurations/Base.xcconfig:
-
-2007-10-08  George Staikos  <staikos@kde.org>
-
-        Reviewed by Adam Roben.
-
-        Fix Qt build on Win32.
-
-        * kjs/testkjs.cpp:
-        (main):
-
-2007-10-10  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Lars.
-
-        Fix compilation using gcc 4.3. Header files have been reorganized and as a result some extra
-        includes are needed for INT_MAX, std::auto_ptr and the like.
-
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/lexer.cpp:
-        * kjs/scope_chain.cpp:
-        * kjs/ustring.cpp:
-        * wtf/Vector.h:
-
-2007-10-09  Lars Knoll  <lars@trolltech.com>
-
-        Reviewed by Simon.
-
-        fix the invokation of slots with return types. Add a JSLock around the conversion from QVariant to JSValue.
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::invokeMethod):
-        * bindings/qt/qt_runtime.cpp:
-        (KJS::Bindings::convertValueToQVariant):
-        (KJS::Bindings::convertQVariantToValue):
-
-2007-10-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added JSObject::removeDirect, to support the fix for 
-        <rdar://problem/5522487> REGRESSION: With JavaScript disabled, any 
-        page load causes a crash in PropertyMap::put
-
-        * kjs/object.cpp:
-        (KJS::JSObject::removeDirect):
-        * kjs/object.h:
-
-2007-10-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver.
-
-        Switch to default level of debugging symbols to resolve <rdar://problem/5488678>.
-        The "full" level appears to offer no observable benefits even though the documentation
-        suggests it be used for dead code stripping.  This should also decrease link times.
-
-        * Configurations/Base.xcconfig:
-
-2007-10-03  Lars Knoll  <lars@trolltech.com>
-
-        Reviewed by Rob.
-
-        Fix a stupid bug in Unicode::toUpper/toLower.
-        Fixes all three test failures in the JavaScriptCore test
-        suite.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-
-2007-10-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam.
-
-        - add support for GDI objects to OwnPtr; I plan to use this
-          to fix some GDI handle leaks
-
-        * kjs/grammar.y: Change parser to avoid macros that conflict
-        with macros defined in Windows system headers: THIS, DELETE,
-        VOID, IN, and CONST. This is needed because OwnPtr.h will now
-        include <windows.h>.
-        * kjs/keywords.table: Ditto.
-
-        * wtf/OwnPtr.h: For PLATFORM(WIN), add support so that OwnPtr can be
-        a GDI handle, and it will call DeleteObject. Also change to use the
-        RemovePointer technique used by RetainPtr, so you can say OwnPtr<HBITMAP>
-        rather than having to pass in the type pointed to by HBITMAP.
-
-        * wtf/OwnPtrWin.cpp: Added.
-        (WebCore::deleteOwnedPtr): Put this in a separate file so that we
-        don't have to include <windows.h> in OwnPtr.h.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added OwnPtrWin.cpp.
-
-2007-09-29  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Mark.
-
-        -Fix http://bugs.webkit.org/show_bug.cgi?id=13226.
-        Remove Bakefiles from svn.
-
-        * JavaScriptCoreSources.bkl: Removed.
-        * jscore.bkl: Removed.
-
-2007-09-27  Kevin Decker  <kdecker@apple.com>
-
-        Rubber stamped by John Sullivan.
-
-        <rdar://problem/5493093>
-        
-        * JavaScriptCore.order: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj: We're changing from using an order file built by
-         another team to using one we actually check into our project repository. Linker settings for
-         Symbol Ordering Flags have been updated accordingly.
-
-2007-09-26  Adam Roben  <aroben@apple.com>
-
-        Make testkjs delay-load WebKit.dll so WebKitInitializer can work its magic
-
-        Rubberstamped by Anders.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2007-09-25  Adam Roben  <aroben@apple.com>
-
-        Make testkjs delay-load its dependencies
-
-        This lets WebKitInitializer re-route the dependencies to be loaded out
-        of the Safari installation directory.
-
-        Rubberstamped by Sam.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2007-09-25  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by Adam.
-
-        - Fix http://bugs.webkit.org/show_bug.cgi?id=14885
-          LGPL'ed files contain incorrect FSF address
-
-        * COPYING.LIB:
-        * bindings/testbindings.cpp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/DateMath.cpp:
-        * kjs/PropertyNameArray.cpp:
-        * kjs/PropertyNameArray.h:
-        * kjs/config.h:
-
-2007-09-25  Sam Weinig  <sam@webkit.org>
-
-        Fix location for build products for Debug_Internal.
-
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2007-09-25  Adam Roben  <aroben@apple.com>
-
-        Make testkjs use WebKitInitializer
-
-        Reviewed by Sam.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WebKitInitializer and
-        make testkjs depend on it.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Link against
-        WebKitInitializer.lib.
-        * kjs/testkjs.cpp:
-        (main): Call initializeWebKit.
-
-2007-09-24  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        - Continued to update project files to not use Edit and Continue for Debug Information since it doesn't work and breaks some functionality.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2007-09-21  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        - Updated project files to not use Edit and Continue for Debug Information since it doesn't work and breaks some functionality.
-
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2007-09-20  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Rubber stamped by Adam.
-
-        Renamed files from *Gdk to *Gtk (see #14732) using the
-        work of Juan A. Suarez Romero as a base.
-
-        GDK -> GTK 
-
-        * JavaScriptCore.pri:
-        * kjs/testkjs.pro:
-        * pcre/dftables.pro:
-        * wtf/Platform.h: PLATFORM(GDK) to PLATFORM(GTK)
-
-2007-09-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Antti Koivisto.
-
-        http://bugs.webkit.org/show_bug.cgi?id=15250
-        <rdar://problem/5496942> REGRESSION: Reproducible crash in Safari when evaluating script in Drosera console (15250)
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction): Null-check thisObj before passing it to interpreterForGlobalObject.
-
-2007-09-19  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Rubber stamped by Adam.
-
-        Make the guard/#if use the same name (ENABLE_FTPDIR) as the #define. This follows
-        the ENABLE_ICONDATABASE example from a couple of lines above.
-
-        * wtf/Platform.h:
-
-2007-09-19  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej.
-
-        <rdar://problem/5487107> NULL dereference crash in FastMallocZone::enumerate when running leaks against Safari
-
-        Storing remote pointers to their local equivalents in mapped memory was leading to the local pointer being
-        interpreted as a remote pointer.  This caused a crash when using the result of mapping this invalid remote pointer.
-        The fix is to follow the pattern used elsewhere in FastMallocZone by always doing the mapping after reading and
-        never storing the mapped pointer.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::FastMallocZone::enumerate):
-
-2007-09-15  Darin Adler  <darin@apple.com>
-
-        - fix Mac build
-
-        * JavaScriptCore.exp: Export WTFLogVerbose.
-
-2007-09-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        - Copy JSRetainPtr to include folder.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-09-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix GDK build.
-
-        * wtf/MathExtras.h:
-        (wtf_random_init):
-
-2007-09-12  Geoff Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed <rdar://problem/5429064> 141885 Safari JavaScript: Math.random() slightly less randomly distributed than on Safari / Mac
-
-        Math.random was skewed slightly upward because it assumed that RAND_MAX was outside the range of
-        values that rand() might return. This problem was particularly pronounced on Windows because
-        the range of values returned by rand() on Windows is 2^16 smaller than the range of values
-        return by rand() on Mac.
-        
-        Fixed by accounting for RAND_MAX return values. Also, switched Windows over to rand_s, which has
-        a range that's equal to rand()'s range on Mac.
-        
-        * kjs/config.h:
-
-        * kjs/math_object.cpp:
-        (MathFuncImp::callAsFunction): Use the new new thing.
-
-        * wtf/MathExtras.h: Platform abstraction for random numbers, to cover over differences on Windows.
-        (wtf_random_init):
-        (wtf_random):
-
-2007-09-13  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Maciej.
-        
-        Small addition to previous path to cover
-        http://bugs.webkit.org/show_bug.cgi?id=11399
-        window.eval runs in the global scope of the calling window
-        
-        Switch variable scope as well.
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-
-2007-09-12  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Geoff, Maciej.
-        
-        Fix <rdar://problem/5445058>
-        REGRESSION: Unable to upload picture to eBay auction due to domain security check
-        
-        eBay uses window.eval() between windows. In Firefox window.eval() switches execution
-        and security context to the target window, something WebKit did not do. With WebKit
-        security tightening in r24781, this broke picture uploads.
-        
-        Fix by making WebKit switch context in window.eval().
-        
-        * kjs/Context.cpp:
-        (KJS::Context::Context):
-        (KJS::Context::~Context):
-        * kjs/context.h:
-        Save and restore interpreter context independently from calling context.
-        
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-        If eval is called for global object different than current one, switch execution context
-        to that object and push it to scope.
-
-2007-09-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        <rdar://problem/5478717> JSStringCreateWithCFString leaks when passed a zero length CFStringRef
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString): Special case the zero length string and remove the
-        UTF16 optimized path since it will always leak due to the fact that we won't be 
-        able to free the backing store that the CFStringRef provides.
-
-2007-09-10  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/5456224> CrashTracer: [USER] 2 crashes in Toast Titanium at com.apple.CoreServices.CarbonCore: CSMemDisposePtr + 37
-
-        Removed the implementation of these malloc zone functions. We do not have the ability to 
-        check if a pointer is valid or not, so we can't correctly implement them. The system free 
-        does not fail if you pass in a bad pointer.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::FastMallocZone::size):
-        (WTF::FastMallocZone::zoneMalloc):
-        (WTF::FastMallocZone::zoneCalloc):
-        (WTF::FastMallocZone::zoneFree):
-        (WTF::FastMallocZone::zoneRealloc):
-
-2007-09-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Steve Falkenburg.
-
-        - fix crash seen on Windows release builds
-
-        * wtf/FastMalloc.cpp: Change pthread_getspecific optimization to be done only
-        on the DARWIN platform. Also correct a couple reinterpret_cast that should be
-        static_cast instead.
-
-2007-09-06  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Maciej.
-
-        - Moved JSRetainPtr to the API.
-
-        * API/JSRetainPtr.h: Copied from kjs/JSRetainPtr.h.
-        (JSRetain):
-        (JSRelease):
-        (JSRetainPtr::JSRetainPtr):
-        (JSRetainPtr::~JSRetainPtr):
-        (JSRetainPtr::get):
-        (JSRetainPtr::releaseRef):
-        (JSRetainPtr::operator->):
-        (JSRetainPtr::operator!):
-        (JSRetainPtr::operator UnspecifiedBoolType):
-        (::operator):
-        (::adopt):
-        (::swap):
-        (swap):
-        (operator==):
-        (operator!=):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/JSRetainPtr.h: Removed.
-
-2007-09-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - Remove single-threaded optimization for FastMalloc. 
-        
-        It does not appear to help anywhere but Mac OS X on PPC, due to
-        pthread_getspecific being slow there. On Intel, removing the
-        optimization results in a ~1.5% PLT speedup, a ~1-5% JS iBench
-        speedup, and a ~1.5% HTML iBench speedup. On PPC this change is a
-        speedup on some benchmarks, a slight hit on others.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::registerThread):
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_ThreadCache::GetCache):
-        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        (WTF::do_malloc):
-        * wtf/FastMallocInternal.h: Removed.
-
-2007-09-05  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam, Sam, Darin.
-
-        - Created a JSRetainPtr specifically for JSStringRefs so they can be automatically refed and derefed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/JSRetainPtr.h: Copied from wtf/RetainPtr.h.
-        (KJS::JSRetain):
-        (KJS::JSRelease):
-        (KJS::):
-        (KJS::JSRetainPtr::JSRetainPtr):
-        (KJS::JSRetainPtr::~JSRetainPtr):
-        (KJS::JSRetainPtr::get):
-        (KJS::JSRetainPtr::releaseRef):
-        (KJS::JSRetainPtr::operator->):
-        (KJS::JSRetainPtr::operator UnspecifiedBoolType):
-        (KJS::::operator):
-        (KJS::::adopt):
-        (KJS::::swap):
-        (KJS::swap):
-        (KJS::operator==):
-        (KJS::operator!=):
-
-2007-09-05  Mark Rowe  <mrowe@apple.com>
-
-        Unreviewed Qt build fix.
-
-        * wtf/unicode/qt4/UnicodeQt4.h: Fix the constness of the src argument to toUpper to prevent build failures.
-
-2007-09-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Back out accidentally committed change.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::registerThread):
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocSetIsMultiThreaded):
-        (WTF::TCMalloc_ThreadCache::GetCache):
-        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        (WTF::do_malloc):
-        * wtf/FastMallocInternal.h: Added.
-
-2007-09-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - Added Vector::appendRange(), which appends to a vector based on a given start and end iterator
-        - Added keys() and values() functions to HashMap iterators, which give keys-only and values-only iterators
-        
-        Together, these allow easy copying of a set, or the keys or values of a map, into a Vector. Examples:
-        
-        HashMap<int, int> map;
-        HashSet<int> set;
-        Vector<int> vec;
-        // ...
-        vec.appendRange(set.begin(), set.end());
-        vec.appendRange(map.begin().keys(), map.end().keys());
-        vec.appendRange(map.begin().values(), map.end().values());
-
-        This also allows for a slightly nicer syntax when iterating a map. Instead of saying 
-        (*it)->first, you can say *it.values(). Similarly for keys. Example:
-        
-        HashMap<int, int>::const_iterator end = map.end();
-        for (HashMap<int, int>::const_iterator it = map.begin(); it != end; ++it)
-        printf(" [%d => %d]", *it.keys(), *it.values());
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/HashIterators.h: Added.
-        (WTF::):
-        (WTF::HashTableConstKeysIterator::HashTableConstKeysIterator):
-        (WTF::HashTableConstKeysIterator::get):
-        (WTF::HashTableConstKeysIterator::operator*):
-        (WTF::HashTableConstKeysIterator::operator->):
-        (WTF::HashTableConstKeysIterator::operator++):
-        (WTF::HashTableConstValuesIterator::HashTableConstValuesIterator):
-        (WTF::HashTableConstValuesIterator::get):
-        (WTF::HashTableConstValuesIterator::operator*):
-        (WTF::HashTableConstValuesIterator::operator->):
-        (WTF::HashTableConstValuesIterator::operator++):
-        (WTF::HashTableKeysIterator::HashTableKeysIterator):
-        (WTF::HashTableKeysIterator::get):
-        (WTF::HashTableKeysIterator::operator*):
-        (WTF::HashTableKeysIterator::operator->):
-        (WTF::HashTableKeysIterator::operator++):
-        (WTF::HashTableKeysIterator::operator HashTableConstKeysIterator<HashTableType, KeyType, MappedType>):
-        (WTF::HashTableValuesIterator::HashTableValuesIterator):
-        (WTF::HashTableValuesIterator::get):
-        (WTF::HashTableValuesIterator::operator*):
-        (WTF::HashTableValuesIterator::operator->):
-        (WTF::HashTableValuesIterator::operator++):
-        (WTF::HashTableValuesIterator::operator HashTableConstValuesIterator<HashTableType, KeyType, MappedType>):
-        (WTF::operator==):
-        (WTF::operator!=):
-        * wtf/HashTable.h:
-        * wtf/Vector.h:
-        (WTF::::appendRange):
-
-2007-09-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - Remove single-threaded optimization for FastMalloc. 
-        
-        It does not appear to help anywhere but Mac OS X on PPC, due to
-        pthread_getspecific being slow there. On Intel, removing the
-        optimization results in a 1% PLT speedup, a 2% JS iBench speedup,
-        and no measurable effect on HTML iBench (maybe a slight speedup).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::registerThread):
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_ThreadCache::GetCache):
-        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        (WTF::do_malloc):
-        * wtf/FastMallocInternal.h: Removed.
-
-2007-09-03  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        <rdar://problem/5452164> Production build with in symbols directory has no debug info
-
-        Enable debug symbol generation on all build configurations.  Production builds are stripped
-        of symbols by Xcode during deployment post-processing.
-
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-08-30  Riku Voipio  <riku.voipio@iki.fi>
-
-        Reviewed by Dave Kilzer.
-
-        Better ARM defines.
-
-        * kjs/ustring.h: Update comments to reflect the change and update test
-        to fit changes to Platform.h.
-        * wtf/Platform.h: Forced packing is only needed on oldabi ARM.
-        Set middle-endian floats only for little-endian oldabi ARM.
-        Set big-endian define for big-endian ARM.
-
-2007-08-29  Ryan Leavengood <leavengood@gmail.com>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=15043
-        - posix_memalign takes a void** as its first parameter. My port makes use of this function call.
-
-        * kjs/collector.cpp:
-        (KJS::allocateBlock):
-
-2007-08-26  Darin Adler  <darin@apple.com>
-
-        - quick follow on to that last check-in
-
-        * API/JSCallbackObject.cpp: (KJS::JSCallbackObject::JSCallbackObject):
-        Need to initialize m_class to 0.
-
-2007-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/4949002> JSGlobalContextCreate can cause crashes because it passes a NULL JSContextRef to the globalObjectClass's initialize callback
-
-        JSCallbackObject now tracks whether it was constructed with a null ExecState.  This will happen when the object is being used as the global object,
-        as the Interpreter needs to be created after the global object.  In this situation the initialization is deferred until after the Interpreter's
-        ExecState is available to be passed down to the initialize callbacks.
-
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::init): Track whether we successfully initialized.
-        (KJS::JSCallbackObject::initializeIfNeeded): Attempt to initialize with the new ExecState.
-        * API/JSCallbackObject.h:
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Initialize the JSCallbackObject with the Interpreter's ExecState.
-        * API/testapi.c:
-        (testInitializeOfGlobalObjectClassHasNonNullContext):
-        (main): Verify that the context passed to the initialize callback is non-null.
-
-2007-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/5438496> JSGlobalContextCreate crashes when passed a custom class
-
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Specify jsNull() as the prototype and let Interpreter's constructor fix it up to point at builtinObjectPrototype().
-        * API/testapi.c:
-        (main): Use an instance of a custom class as the global object to ensure the code path is exercised in the test.
-
-2007-08-26  Mike Hommey  <glandium@debian.org>
-
-        Reviewed by Mark Rowe and David Kilzer.
-
-        Fix build failure on arm.
-
-        * wtf/Platform.h: Also test if __arm__ is defined.
-
-2007-08-25  Peter Kasting <pkasting@google.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Part 3 of http://bugs.webkit.org/show_bug.cgi?id=14967
-        Bug 14967: Reduce wtf::Vector::operator[]() overloads
-
-        * wtf/Vector.h:
-        (WTF::Vector::operator[]): Only provide versions of operator[] that takes a size_t argument.
-
-2007-08-25  Peter Kasting <pkasting@google.com>
-
-        Reviewed by Sam Weinig.
-
-        Part 2 of http://bugs.webkit.org/show_bug.cgi?id=14967.
-        Eliminate all remaining implicit conversions of wtf::Vector<T> to T*.  Where code was
-        previously checking that the Vector's data pointer was non-NULL, check !Vector::isEmpty()
-        instead.
-
-        * wtf/Vector.h:
-        (WTF::Vector::data):
-
-2007-08-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff and Adam.
-
-        - Changing stack depth to 500 (from 100 on mac and win) to help out some apps specifically gmail.  <rdar://problem/3590522> JavaScript call stack limit of 99 is too small for some applications; needs to be closer to 500 (4045)
-
-        * kjs/object.cpp:
-
-2007-08-15  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Darin.
-        
-        http://bugs.webkit.org/show_bug.cgi?id=14967 part 1 - Eliminate most implicit
-        conversions of wtf::Vector<T> to T* by explicitly calling .data()
-
-        * API/JSCallbackConstructor.cpp:
-        (KJS::JSCallbackConstructor::construct):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::callAsFunction):
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::invokeMethod):
-        (KJS::Bindings::CInstance::invokeDefaultMethod):
-        * kjs/number_object.cpp:
-        (integer_part_noexp):
-        (char_sequence):
-        * kjs/ustring.cpp:
-        (KJS::UString::UTF8String):
-
-2007-08-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - fix <rdar://problem/5410570> Global initializer introduced by use of std::numeric_limits in r24919
-
-        * kjs/ustring.cpp:
-        (KJS::overflowIndicator): Turned into a function.
-        (KJS::maxUChars): Ditto.
-        (KJS::allocChars): Use the functions.
-        (KJS::reallocChars): Ditto.
-        (KJS::UString::expandedSize): Ditto.
-
-2007-08-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=14931
-          <rdar://problem/5403816> JavaScript regular expression non-participating capturing parentheses
-          fail in 3 different ways
-
-        Test: fast/js/regexp-non-capturing-groups.html
-
-        * kjs/string_object.cpp:
-        (KJS::replace): Add missing code to handle undefined backreferences; before we'd get the empty string
-        instead of a JavaScript "undefined" value.
-        (KJS::StringProtoFunc::callAsFunction): Implemented backreference support for split.
-        * pcre/pcre_exec.c: (match): Made backreferences to undefined groups match the empty string instead
-        of always failing. Only in JAVASCRIPT mode.
-
-        * tests/mozilla/expected.html: Add a new expected test success, since this fixed one test result.
-
-2007-08-10  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Adam.
-
-        <rdar://problem/5394449> Stop using some Carbon UI APIs for 64 bit
-
-        Disable the NPAPI for 64-bit on Mac OS X.
-
-        * Configurations/JavaScriptCore.xcconfig: Use the 64-bit export file.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Create a 64-bit export file
-        that filters out the NPN fnctions.
-        * bindings/NP_jsobject.cpp: #ifdef out this for 64-bit on Mac OS X
-        * bindings/NP_jsobject.h: Ditto.
-        * bindings/c/c_class.cpp: Ditto.
-        * bindings/c/c_class.h: Ditto.
-        * bindings/c/c_instance.cpp: Ditto.
-        * bindings/c/c_instance.h: Ditto.
-        * bindings/c/c_runtime.cpp: Ditto.
-        * bindings/c/c_runtime.h: Ditto.
-        * bindings/c/c_utility.cpp: Ditto.
-        * bindings/c/c_utility.h: Ditto.
-        * bindings/npapi.h: Ditto.
-        * bindings/npruntime.cpp: Ditto.
-        * bindings/npruntime.h: Ditto.
-        * bindings/npruntime_impl.h: Ditto.
-        * bindings/npruntime_priv.h: Ditto.
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-         don't creat an NPObject on Mac OS X in 64-bit.
-
-2007-08-09  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Antti.
-
-        <rdar://problem/5400709> Versioning in debug and release builds should include minor and tiny version before +
-
-        * Configurations/Version.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add a shell script phase to make to dependency between
-        Version.xcconfig and Info.plist explicit to Xcode.
-
-2007-08-08  George Staikos  <staikos@kde.org>
-
-        Make it compile with Qt again.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toUpper):
-
-2007-08-07  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver.
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=14897
-        Decompilation of double negation fails and produces invalid or incorrect code
-
-        Test: fast/js/function-decompilation-operators.html
-
-        * kjs/nodes2string.cpp:
-        (UnaryPlusNode::streamTo): Put space after unary operator.  Matches Firefox.
-        (NegateNode::streamTo): Diito.
-        (MultNode::streamTo): Put spaces around binary operator.  Matches Firefox.
-        (AddNode::streamTo): Ditto.
-
-2007-08-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fix <rdar://problem/5383104> REGRESSION: XHR.responseText is null instead of empty string
-          in http/tests/xmlhttprequest/zero-length-response.html
-
-        The new code to handle out of memory conditions was turning a "" into a null string.
-
-        * kjs/ustring.h: Removed UCharReference, which has long been obsolete and unused.
-        Removed copyForWriting, which was only used for the upper/lowercasing code and for
-        UCharReference.
-        * kjs/ustring.cpp:
-        (KJS::allocChars): Removed special case that made this fail (return 0) when passed 0.
-        Instead assert that we're not passed 0. Also added an overflow check for two reasons:
-        1) for sizes that aren't checked this prevents us from allocating a buffer that's too
-        small, and 2) for sizes where we overflowed in the expandedSize function and returned
-        overflowIndicator, it guarantees we fail.
-        (KJS::reallocChars): Ditto.
-        (KJS::UString::expandedSize): Return a large number, overflowIndicator, rather than 0
-        for cases where we overflow.
-        (KJS::UString::spliceSubstringsWithSeparators): Added a special case for empty string so
-        we don't call allocChars with a length of 0.
-        (KJS::UString::operator=): Added special characters for both 0 and empty string so we
-        match the behavior of the constructor. This avoids calling allocChars with a length of 0
-        and making a null string rather than an empty string in that case, and also matches the
-        pattern used in the rest of the functions.
-        (KJS::UString::operator[]): Made the return value const so code that tries to use the
-        operator to modify the string will fail.
-
-        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction): Rewrote uppercasing and
-        lowercasing functions so they don't need copyForWriting any more -- it wasn't really doing
-        any good for optimization purposes. Instead use a Vector and releaseBuffer.
-
-        * wtf/unicode/icu/UnicodeIcu.h: Eliminate one of the versions of toLower/toUpper -- we now
-        only need the version where both a source and destination buffer is passed in, not the one
-        that works in place.
-        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
-
-2007-08-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver.
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=14891
-        Decompilation of try block immediately following "else" fails
-
-        Test: fast/js/toString-try-else.html
-
-        * kjs/nodes2string.cpp:
-        (TryNode::streamTo): Add newline before "try".
-
-2007-08-07  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej.
-
-        <rdar://problem/5388774> REGRESSION: Hang occurs after clicking "Attach a file " link in a new .Mac message
-
-        Attempting to acquire the JSLock inside CollectorHeap::forceLock can lead to a deadlock if the thread currently
-        holding the lock is waiting on the thread that is forking.  It is not considered safe to use system frameworks
-        after a fork without first execing[*] so it is not particularly important to ensure that the collector and
-        fastMalloc allocators are unlocked in the child process.  If the child process wishes to use JavaScriptCore it
-        should exec after forking like it would to use any other system framework.
-        [*]: <http://lists.apple.com/archives/Cocoa-dev/2005/Jan/msg00676.html>
-
-        * kjs/CollectorHeapIntrospector.cpp: Remove forceLock and forceUnlock implementations.
-        * kjs/CollectorHeapIntrospector.h: Stub out forceLock and forceUnlock methods.
-        * wtf/FastMalloc.cpp: Ditto.
-
-2007-08-06  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Geoff.
-
-        * kjs/ustring.h: Added an assertion which would have helped us find the
-        previous bug more easily.
-
-2007-08-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - fix <rdar://problem/5387589> 9A514: Quartz Composer crash on launch in KJS::jsString
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript): Turn NULL for sourceURL into UString::null(), just as JSObjectMakeFunction already does.
-        (JSCheckScriptSyntax): Ditto.
-
-2007-08-06  Matt Lilek  <pewtermoose@gmail.com>
-
-        Not reviewed, build fix.
-
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFunc::callAsFunction):
-
-2007-08-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix <rdar://problem/5371862> crash in Dashcode due to Quartz Composer JavaScript garbage collector reentrancy
-
-        * API/JSBase.cpp: (JSGarbageCollect): Don't call collector() if isBusy() returns true.
-
-        * kjs/collector.h: Added isBusy(), removed the unused return value from collect()
-        * kjs/collector.cpp: Added an "operation in progress" flag to the allocator.
-        (KJS::Collector::allocate): Call abort() if an operation is already in progress. Set the new flag instead
-        of using the debug-only GCLock.
-        (KJS::Collector::collect): Ditto.
-        (KJS::Collector::isBusy): Added.
-
-2007-08-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin and Adam.
-        
-        <rdar://problem/5368990> REGRESSION: newsgator.com sign-on 6x slower than Safari 3 beta due to GC changes (14808)
-
-        * kjs/string_object.cpp:
-        (KJS::replace): if the string didn't change (very common in some cases) reuse the original string value.
-        (KJS::StringProtoFunc::callAsFunction): Pass in the StringImp* when replacing, not just the UString.
-        * kjs/string_object.h:
-        (KJS::StringInstance::internalValue): covariant override to return StringImp for convenience
-
-2007-08-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/5385145> r24843 introduces a crash on calling fork() (14878)
-        http://bugs.webkit.org/show_bug.cgi?id=14878
-
-        Provide no-op functions for all members of the malloc_zone_t and malloc_introspection_t structures that we
-        register to avoid crashes in system code that assumes they will be non-null.
-
-        * kjs/CollectorHeapIntrospector.cpp:
-        (KJS::CollectorHeapIntrospector::CollectorHeapIntrospector):
-        (KJS::CollectorHeapIntrospector::forceLock): Grab the lock.
-        (KJS::CollectorHeapIntrospector::forceUnlock): Release the lock.
-        * kjs/CollectorHeapIntrospector.h:
-        (KJS::CollectorHeapIntrospector::goodSize):
-        (KJS::CollectorHeapIntrospector::check):
-        (KJS::CollectorHeapIntrospector::print):
-        (KJS::CollectorHeapIntrospector::log):
-        (KJS::CollectorHeapIntrospector::statistics):
-        (KJS::CollectorHeapIntrospector::size):
-        (KJS::CollectorHeapIntrospector::zoneMalloc):
-        (KJS::CollectorHeapIntrospector::zoneCalloc):
-        (KJS::CollectorHeapIntrospector::zoneFree):
-        * wtf/FastMalloc.cpp:
-        (WTF::FastMallocZone::goodSize):
-        (WTF::FastMallocZone::check):
-        (WTF::FastMallocZone::print):
-        (WTF::FastMallocZone::log):
-        (WTF::FastMallocZone::forceLock): Grab the TCMalloc locks.
-        (WTF::FastMallocZone::forceUnlock): Release the TCMalloc locks.
-        (WTF::FastMallocZone::FastMallocZone):
-
-2007-08-04  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Anders.
-
-        * pcre/pcre_compile.c: Remove non-ASCII character from a comment.
-
-2007-08-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/4212199> 'leaks' reports false leaks in WebKit (because the WTF allocator uses mmap?)
-
-        Implement malloc zone introspection routines to allow leaks, heap, and friends to request information
-        about specific memory regions that were allocated by FastMalloc or the JavaScriptCore collector.
-
-        This requires tool-side support before the regions will be displayed.  The addition of that support is
-        tracked by <rdar://problems/5353057&5353060>.
-
-        * JavaScriptCore.exp: Export the two variables that are used by leaks to introspect the allocators.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp:
-        * kjs/CollectorHeapIntrospector.cpp: Added.
-        (KJS::):
-        (KJS::CollectorHeapIntrospector::init): 
-        (KJS::CollectorHeapIntrospector::CollectorHeapIntrospector): Create and register our zone with the system.
-        (KJS::CollectorHeapIntrospector::enumerate): Iterate over the CollectorBlocks that are in use and report them to the caller as being used.
-        * kjs/CollectorHeapIntrospector.h: Added.
-        (KJS::CollectorHeapIntrospector::size): Return zero to indicate the specified pointer does not belong to this zone.
-        * kjs/collector.cpp:
-        (KJS::Collector::registerThread): Register the CollectorHeapIntrospector with the system when the first thread is registered with the collector.
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::GetDescriptorEnsureSafe):
-        (WTF::TCMalloc_ThreadCache_FreeList::enumerateFreeObjects): Enumerate the objects on the free list.
-        (WTF::TCMalloc_ThreadCache::enumerateFreeObjects): Ditto.
-        (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Ditto.
-        (WTF::TCMalloc_ThreadCache::InitModule): Register the FastMallocZone with the system when initializing TCMalloc.
-        (WTF::FreeObjectFinder::FreeObjectFinder):
-        (WTF::FreeObjectFinder::visit): Add an object to the free list.
-        (WTF::FreeObjectFinder::isFreeObject):
-        (WTF::FreeObjectFinder::freeObjectCount):
-        (WTF::FreeObjectFinder::findFreeObjects): Find the free objects within a thread cache or free list.
-        (WTF::PageMapFreeObjectFinder::PageMapFreeObjectFinder): Find the free objects within a TC_PageMap.
-        (WTF::PageMapFreeObjectFinder::visit): Called once per allocated span.  Record whether the span or any subobjects are free.
-        (WTF::PageMapMemoryUsageRecorder::PageMapMemoryUsageRecorder):
-        (WTF::PageMapMemoryUsageRecorder::visit): Called once per allocated span.  Report the range of memory as being allocated, and the span or
-        its subobjects as being used if they do not appear on the free list.
-        (WTF::FastMallocZone::enumerate): Map the key remote TCMalloc data structures into our address space.  We then locate all free memory ranges
-        before reporting the other ranges as being in use.
-        (WTF::FastMallocZone::size): Determine whether the given pointer originates from within our allocation zone.  If so,
-        we return its allocation size.
-        (WTF::FastMallocZone::zoneMalloc):
-        (WTF::FastMallocZone::zoneCalloc):
-        (WTF::FastMallocZone::zoneFree):
-        (WTF::FastMallocZone::zoneRealloc):
-        (WTF::):
-        (WTF::FastMallocZone::FastMallocZone): Create and register our zone with the system.
-        (WTF::FastMallocZone::init):
-        * wtf/MallocZoneSupport.h: Added.
-        (WTF::RemoteMemoryReader::RemoteMemoryReader): A helper class to ease the process of mapping memory in a different process into
-        our local address space
-        (WTF::RemoteMemoryReader::operator()):
-        * wtf/TCPageMap.h:
-        (TCMalloc_PageMap2::visit): Walk over the heap and visit each allocated span.
-        (TCMalloc_PageMap3::visit): Ditto.
-
-2007-08-02  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::expandedSize):  Use std::numeric_limits<size_t>::max() rather than the non-portable SIZE_T_MAX.
-
-2007-08-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej.
-
-        <rdar://problem/5352887> "Out of memory" error during repeated JS string concatenation leaks hundreds of MBs of RAM
-
-        A call to fastRealloc was failing which lead to UString::expandCapacity leaking the buffer it was trying to reallocate.
-        It also resulted in the underlying UString::rep having both a null baseString and buf field, which meant that attempting
-        to access the contents of the string after the failed memory reallocation would crash.
-
-        A third issue is that expandedSize size was calculating the new length in a way that led to an integer overflow occurring.
-        Attempting to allocate a string more than 190,000,000 characters long would fail a the integer overflow would lead to a
-        memory allocation of around 3.6GB being attempted rather than the expected 390MB.  Sizes that would lead to an overflow
-        are now  returned as zero and callers are updated to treat this as though the memory allocation has failed.
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): Check whether the append failed and raise an "Out of memory" exception if it did.
-        * kjs/ustring.cpp:
-        (KJS::allocChars): Wrapper around fastMalloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
-        (KJS::reallocChars): Wrapper around fastRealloc that takes a length in characters.  It will return 0 when asked to allocate a zero-length buffer.
-        (KJS::UString::expandedSize): Split the size calculation in two and guard against overflow during each step.
-        (KJS::UString::expandCapacity): Don't leak r->buf if reallocation fails.  Instead free the memory and use the null representation.
-        (KJS::UString::expandPreCapacity): If fastMalloc fails then use the null representation rather than crashing in memcpy.
-        (KJS::UString::UString): If calls to expandCapacity, expandPreCapacity or fastMalloc fail then use the null representation rather than crashing in memcpy.
-        (KJS::UString::append): Ditto.
-        (KJS::UString::operator=): Ditto.
-        * kjs/ustring.h: Change return type of expandedSize from int to size_t.
-
-2007-08-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin McCullough.
-
-        - fix <rdar://problem/5375186> pointers to pieces of class definition passed to JSClassCreate should all be const
-
-        * API/JSObjectRef.h: Added const.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass): Added const.
-        (OpaqueJSClass::create): Added const.
-        * API/JSObjectRef.cpp:
-        (JSClassCreate): Added const.
-
-2007-08-01  Steve Falkenburg  <sfalken@apple.com>
-
-        Build mod: Fix sln to match configs in vcproj.
-        
-        Reviewed by Adam.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-
-2007-07-30  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars.
-
-        Removed the __BUILDING_QT ifdef in JSStringRef.h and changed UChar for the Qt build to use wchar_t on Windows.
-
-        * API/JSStringRef.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Always define JSChar to be unsigned short for the Qt builds, to ensure compatibility with UChar.
-
-        * API/JSStringRef.h:
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Fix compilation with Qt on Windows with MingW: Implemented currentThreadStackBase() for this platform.
-
-        * kjs/collector.cpp:
-        (KJS::currentThreadStackBase):
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Fix compilation with Qt on Windows with MingW: The MingW headers do not provide a prototype for a reentrant version of localtime. But since we don't use multiple threads for the Qt build we can use the plain localtime() function.
-
-        * kjs/DateMath.cpp:
-        (KJS::getDSTOffsetSimple):
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Use $(MOVE) instead of mv to eliminated the shell dependency and replaced the long shell line to call bison and modify the css grammar file with a few lines of portable perl code.
-
-        * JavaScriptCore.pri:
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Implemented currentTime() in the interpreter by using QDateTime, so that we don't need timeGetTime() on Windows and therefore also don't need to link against Winmm.dll.
-
-        * kjs/interpreter.cpp:
-        (KJS::getCurrentTime):
-        * kjs/testkjs.cpp:
-        (StopWatch::start):
-        (StopWatch::stop):
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Replace the use of snprintf with QByteArray to compile under msvc 2005 express.
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::stringValue):
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Don't use pthread.h unless thread support is enabled.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::registerAsMainThread):
-        (KJS::onMainThread):
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Removed TCSystemMalloc from the Qt build, it's not necessary it seems.
-
-        * JavaScriptCore.pri:
-
-2007-07-27  Simon Hausmann  <hausmann@kde.org>
-
-        Done with and reviewed by Lars and Zack.
-
-        Added os-win32 to the include search path for the Qt windows build in order to provide the fake stdint.h header file.
-
-        * JavaScriptCore.pri:
-
-2007-07-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-
-        - follow-up to previous change
-        
-        * kjs/ustring.cpp:
-        (KJS::UString::operator=): Make sure to reset the length when
-        replacing the buffer contents for a single-owned string.
-
-2007-07-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - JavaScriptCore part of fix for <rdar://problem/5300291> Optimize GC to reclaim big, temporary objects (like XMLHttpRequest.responseXML) quickly
-        
-        Also, as a side effect of optimizations included in this patch:
-        - 7% speedup on JavaScript iBench
-        - 4% speedup on "Celtic Kane" JS benchmark
-        
-        The basic idea is explained in a big comment in collector.cpp. When unusually 
-        large objecs are allocated, we push the next GC closer on the assumption that
-        most objects are short-lived.
-        
-        I also did the following two optimizations in the course of tuning
-        this not to be a performance regression:
-
-        1) Change UString::Rep to hold a self-pointer as the baseString in
-        the unshared case, instead of a null pointer; this removes a
-        number of null checks in hot code because many places already
-        wanted to use the rep itself or the baseString as appropriate.
-        
-        2) Avoid creating duplicate StringImpls when creating a
-        StringInstance (the object wrapper for a JS string) or calling
-        their methods. Since a temporary wrapper object is made every time
-        a string method is called, this resulted in two useless extra
-        StringImpls being allocated for no reason whenever a String method
-        was invoked on a string value. Now we bypass those.
-        
-        * kjs/collector.cpp:
-        (KJS::):
-        (KJS::Collector::recordExtraCost): Basics of the extra cost mechanism.
-        (KJS::Collector::allocate): ditto
-        (KJS::Collector::collect): ditto
-        * kjs/collector.h:
-        (KJS::Collector::reportExtraMemoryCost): ditto
-        * kjs/array_object.cpp:
-        (ArrayInstance::ArrayInstance): record extra cost
-        * kjs/internal.cpp:
-        (KJS::StringImp::toObject): don't create a whole new StringImpl just
-        to be the internal value of a StringInstance! StringImpls are immutable
-        so there's no point tot his.
-        * kjs/internal.h:
-        (KJS::StringImp::StringImp): report extra cost
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::StringInstance): new version that takes a StringImp
-        (KJS::StringProtoFunc::callAsFunction): don't create a whole new StringImpl
-        just to convert self to string! we already have one in the internal value
-        * kjs/string_object.h: report extra cost        
-        * kjs/ustring.cpp: All changes to handle baseString being self instead of null in the 
-        unshared case.
-        (KJS::):
-        (KJS::UString::Rep::create):
-        (KJS::UString::Rep::destroy):
-        (KJS::UString::usedCapacity):
-        (KJS::UString::usedPreCapacity):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::expandPreCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        (KJS::UString::copyForWriting):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::baseIsSelf): new method, now that baseString is
-        self instead of null in the unshared case we can't just null check.
-        (KJS::UString::Rep::data): adjusted as mentioned above
-        (KJS::UString::cost): new method to compute the cost for a UString, for
-        use by StringImpl.
-
-        * kjs/value.cpp:
-        (KJS::jsString): style fixups.
-        (KJS::jsOwnedString): new method, use this for strings allocated from UStrings
-        held by the parse tree. Tracking their cost as part of string cost is pointless,
-        because garbage collecting them will not actually free the relevant string buffer.
-        * kjs/value.h: prototyped jsOwnedString.
-        * kjs/nodes.cpp:
-        (StringNode::evaluate): use jsOwnedString as appropriate
-        (RegExpNode::evaluate): ditto
-        (PropertyNameNode::evaluate): ditto
-        (ForInNode::execute): ditto
-        
-        * JavaScriptCore.exp: Exported some new symbols.
-
-2007-07-23  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/5121461> REGRESSION: Unable to load JigZone puzzle
-        
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::createNative):
-        
-        Call RootObject::gcProtect on the global object, thereby putting it in the
-        "protect count" set which is used for checking if a native handle is valid.
-        
-2007-07-23  Darin Adler  <darin@apple.com>
-
-        * pcre/pcre_compile.c: Roll back a tiny accidental change in the unused !JAVASCRIPT
-        side of an #ifdef. This has no effect when using PCRE in JAVASCRIPT mode as we do,
-        but seems worth rolling back.
-
-2007-07-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix remaining problems with Window shadowing
-
-        * kjs/nodes.cpp:
-        (VarDeclNode::evaluate): Tweak the special case a little.
-
-2007-07-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix Window shadowing regressions caused by the previous commit.
-
-        * kjs/nodes.cpp:
-        (VarDeclNode::evaluate): Handle the case of global scope specially.
-
-2007-07-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        -fixed <rdar://problem/5353293> REGRESSION (r24287): 1% i-Bench JS slowdown from JavaScript compatibility fix (14719)
-        http://bugs.webkit.org/show_bug.cgi?id=14719
-        
-        My fix for this actually resulted in JS iBench being 1% faster than before the regression
-        and the Celtic Kane benchmark being 5% faster than before the regression.
-        
-        * kjs/nodes.cpp:
-        (VarDeclNode::handleSlowCase): factored out the slow code path to be out of line.
-        (VarDeclNode::evaluate): I did a couple of things:
-        (1) Don't check if the variable is already declared by looking for the property in
-        the variable object, that code path was dead code.
-        (2) Special-case the common case where the top of the scope and the variable object
-        are the same; in that case the variable must always be in the variable object.
-        (3) Don't return a jsString() of the variable name, nothing uses the return value
-        from this node types evaluate method.
-        * kjs/nodes.h:
-
-2007-07-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin Decker.
-
-        - fix <rdar://problem/5126394> REGRESSION: Crash after clicking back button in test application (13250)
-          http://bugs.webkit.org/show_bug.cgi?id=13250
-
-        * bindings/objc/objc_utility.mm: (KJS::Bindings::convertObjcValueToValue):
-        If the object returns 0 for _imp, convert that to "undefined", since callers
-        can't cope with a JSValue of 0.
-
-2007-07-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=10880 | <rdar://problem/5335694>
-        REGRESSION: JavaScript menu doesn't appear on pricepoint.com (14595)
-        
-        Though the ECMA spec says auto-semicolon insertion should not occur
-        without a newline or '}', Firefox treats do-while specially, and the
-        library used by pricepoint.com requires that special treatment.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/grammar.y:
-
-2007-07-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix <rdar://problem/5345440> PCRE computes wrong length for expressions with quantifiers
-          on named recursion or subexpressions
-
-        It's challenging to implement proper preflighting for compiling these advanced features.
-        But we don't want them in the JavaScript engine anyway.
-
-        Turned off the following features of PCRE (some of these are simply parsed and not implemented):
-
-            \C \E \G \L \N \P \Q \U \X \Z
-            \e \l \p \u \z
-            [::] [..] [==]
-            (?#) (?<=) (?<!) (?>)
-            (?C) (?P) (?R)
-            (?0) (and 1-9)
-            (?imsxUX)
-
-        Added the following:
-
-            \u \v
-
-        Because of \v, the js1_2/regexp/special_characters.js test now passes.
-
-        To be conservative, I left some features that JavaScript doesn't want, such as
-        \012 and \x{2013}, in place. We can revisit these later; they're not directly-enough
-        related to avoiding the incorrect preflighting.
-
-        I also didn't try to remove unused opcodes and remove code from the execution engine.
-        That could save code size and speed things up a bit, but it would require more changes.
-
-        * kjs/regexp.h:
-        * kjs/regexp.cpp: (KJS::RegExp::RegExp): Remove the sanitizePattern workaround for
-        lack of \u support, since the PCRE code now has \u support.
-
-        * pcre/pcre-config.h: Set JAVASCRIPT to 1.
-        * pcre/pcre_internal.h: Added ESC_v.
-
-        * pcre/pcre_compile.c: Added a different escape table for when JAVASCRIPT is set that
-        omits all the escapes we don't want interpreted and includes '\v'.
-        (check_escape): Put !JAVASCRIPT around the code for '\l', '\L', '\N', '\u', and '\U',
-        and added code to handle '\u2013' inside JAVASCRIPT.
-        (compile_branch): Put !JAVASCRIPT if around all the code implementing the features we
-        don't want.
-        (pcre_compile2): Ditto.
-
-        * tests/mozilla/expected.html: Updated since js1_2/regexp/special_characters.js now
-        passes.
-
-2007-07-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - fix <rdar://problem/5345432> PCRE computes length wrong for expressions such as "[**]"
-
-        Test: fast/js/regexp-charclass-crash.html
-
-        * pcre/pcre_compile.c: (pcre_compile2): Fix the preflight code that calls
-        check_posix_syntax to match the actual regular expression compilation code;
-        before it was missing the check of the first character.
-
-2007-07-19  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Mark.
-
-        Define __BUILDING_GDK when building for Gdk to fix building testkjs on OSX.
-
-        * JavaScriptCore.pri:
-
-2007-07-18  Simon Hausmann  <hausmann@kde.org>
-
-        * Fix the Qt build, call dftables from the right directory.
-
-        Reviewed by Adam Treat.
-
-        * pcre/pcre.pri:
-
-2007-07-18  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Zack.
-
-        Don't call gcc directly when building the dftables tool but use a separate .pro file for the Qt build.
-
-        * pcre/dftables.pro: Added.
-        * pcre/pcre.pri:
-
-2007-07-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin, Maciej, and Adam.
-
-        Fixes <http://bugs.webkit.org/show_bug.cgi?id=9697>,
-              the failure of ecma/GlobalObject/15.1.2.2-2.js,
-              the failure of ecma/LexicalConventions/7.7.3-1.js,
-              and most of the failures of tests in ecma/TypeConversion/9.3.1-3.js.
-
-        Bug 9697: parseInt results may be inaccurate for numbers greater than 2^53
-
-        This patch also fixes similar issues in the lexer and UString::toDouble().
-
-        * kjs/function.cpp:
-        (KJS::parseIntOverflow):
-        (KJS::parseInt):
-        * kjs/function.h:
-        * kjs/lexer.cpp:
-        (KJS::Lexer::lex):
-        * kjs/ustring.cpp:
-        (KJS::UString::toDouble):
-        * tests/mozilla/expected.html:
-
-2007-07-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver.
-
-        Turn off -Wshorten-64-to-32 warning for 64-bit builds.
-
-        * Configurations/Base.xcconfig:
-
-2007-07-14  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Initial check-in for <rdar://problem/3154486> - Supporting FTP directory listings in the browser
-
-        * wtf/Platform.h: Add ENABLE_FTPDIR feature to handle building on platforms that don't have the
-          proper network-layer support
-
-2007-07-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Fixes http://bugs.webkit.org/show_bug.cgi?id=13517,
-              http://bugs.webkit.org/show_bug.cgi?id=14237, and
-              the failure of test js1_5/Scope/regress-185485.js
-
-        Bug 13517: DOM Exception 8 in finance.aol.com sub-page
-        Bug 14237: Javascript "var" statement interprets initialization in the topmost function scope
-
-        * kjs/nodes.cpp:
-        (VarDeclNode::evaluate):
-        * tests/mozilla/expected.html:
-
-2007-07-12  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Mitz.
-
-        http://bugs.webkit.org/show_bug.cgi?id=14596
-        Fix JSC compilation with KJS_VERBOSE.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::passInParameters):
-
-2007-07-11  George Staikos  <staikos@kde.org>
-
-        Make it compile.
-
-        * ForwardingHeaders: Added.
-        * ForwardingHeaders/JavaScriptCore: Added.
-        * ForwardingHeaders/JavaScriptCore/APICast.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JSBase.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JSContextRef.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JSLock.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JSObjectRef.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JSStringRef.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JSStringRefCF.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JSValueRef.h: Added.
-        * ForwardingHeaders/JavaScriptCore/JavaScriptCore.h: Added.
-
-2007-07-11  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Darin.
-
-        As of http://bugs.webkit.org/show_bug.cgi?id=14527 move the
-        WebCore/ForwardingHeader/JavaScriptCore to JavaScriptCore
-
-        * ForwardingHeaders: Added.
-        * ForwardingHeaders/JavaScriptCore: Copied from WebCore/ForwardingHeaders/JavaScriptCore.
-
-2007-07-11  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Mark.
-
-        Forwardport the hash table fix from CodeGeneratorJS.pm to create_hash_table.
-        Reran run-jsc-tests, couldn't find any regressions. Suggested by Darin.
-
-        * kjs/create_hash_table:
-
-2007-07-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - JavaScriptCore part of fix for: <rdar://problem/5295734> Repro crash closing tab/window @ maps.google.com in WTF::HashSet<KJS::RuntimeObjectImp*, WTF::PtrHash<KJS::RuntimeObjectImp*>, WTF::HashTraits<KJS::RuntimeObjectImp*> >::add + 11
-        
-        * JavaScriptCore.exp: Added needed export.
-
-2007-07-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Antti.
-
-        - <rdar://problem/5311093> JavaScriptCore fails to build with strict-aliasing warnings
-        
-        * Configurations/Base.xcconfig: Re-enable -Wstrict-aliasing
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJNIEnv): Type-pun via a union instead of a pointer cast.
-        * wtf/HashMap.h:
-        (WTF::): Instead of doing type-punned assignments via pointer cast, do one of three things:
-        (1) assign directly w/o cast if storage type matches real type; (2) assign using cast
-        via union if type does not need reffing; (3) copy with memcpy and ref/deref manually if type
-        needs reffing. This is ok peref-wise because memcpy of a constant length gets optomized.
-        HashTraits are now expected to make ref()/deref() take the storage type, not the true type.
-        * wtf/HashSet.h:
-        (WTF::): Same basic idea.
-        * wtf/HashTable.h:
-        (WTF::): Added Assigner template for use by HashMap/HashSet. Change RefCounter to call ref()
-        and deref() via storage type, avoiding the need to
-        type-pun.
-        (WTF::RefCounter::ref): ditto
-        (WTF::RefCounter::deref): ditto
-        * wtf/HashTraits.h:
-        (WTF::): Change ref() and deref() for RefPtr HashTraits to take the storage type; cast
-        via union to pointer type.
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::init): Changed from constructor to init function so this can go in a union.
-        (WTF::): redefine pageheap macro in terms of getPageHeap().
-        (WTF::getPageHeap): new inline function, helper for pageheap macro. This hides the cast in a union.
-        (WTF::TCMalloc_ThreadCache::InitModule): Call init() instead of using placement new to initialize page
-        heap.
-        * wtf/TCPageMap.h:
-        (TCMalloc_PageMap1::init): Changed from constructor to init function.
-        (TCMalloc_PageMap2::init): ditto
-        (TCMalloc_PageMap3::init): ditto
-
-
-2007-07-06  George Staikos  <staikos@kde.org>
-
-        Reviewed by Maciej.
-
-        Switch USE(ICONDATABASE) to ENABLE(ICONDATABASE)
-
-        * wtf/Platform.h:
-
-2007-07-03  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin.
-
-        Eleventh round of fixes for implicit 64-32 bit conversion errors.
-        <rdar://problem/5292262>
-
-        - Fixes a real bug where where we were setting long long and unsigned long long
-          values to a long field.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-
-2007-07-03  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Brady Eidson.
-
-        Tenth round of fixes for implicit 64-32 bit conversion errors.
-        <rdar://problem/5292262>
-
-        - Add explicit casts.
-
-        * kjs/dtoa.cpp:
-        (Bigint::):
-
-2007-07-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Kevin McCullough.
-
-        Fourth round of fixes for implicit 64-32 bit conversion errors.
-        <rdar://problem/5292262>
-
-        Add custom piDouble and piFloat constants to use instead of M_PI.
-
-        * kjs/math_object.cpp:
-        (MathObjectImp::getValueProperty):
-        * wtf/MathExtras.h:
-        (wtf_atan2):
-
-2007-06-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin.
-
-        Second pass at fixing implicit 64-32 bit conversion errors.
-        <rdar://problem/5292262>
-
-        - Add a toFloat() method to JSValue for float conversion.
-
-        * JavaScriptCore.exp:
-        * kjs/value.cpp:
-        (KJS::JSValue::toFloat):
-        * kjs/value.h:
-
-2007-06-27  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        - <rdar://problem/5271937> REGRESSION: Apparent WebKit JavaScript memory smasher when submitting comment to iWeb site (crashes in kjs_pcre_compile2)
-        - Correctly evaluate the return value of _pcre_ucp_findchar.
-
-        * pcre/pcre_compile.c:
-        (compile_branch):
-        * pcre/pcre_exec.c:
-        (match):
-
-2007-06-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin.
-
-        First pass at fixing implicit 64-32 bit conversion errors.
-        <rdar://problem/5292262>
-
-        - Add 'f' suffix where necessary.
-
-        * kjs/testkjs.cpp:
-        (StopWatch::getElapsedMS):
-
-2007-06-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed <rdar://problem/5296627> JSGarbageCollect headerdoc suggests that 
-        using JavaScriptCore requires leaking memory
-
-        * API/JSBase.h: Changed documentation to explain that you can pass NULL
-        to JSGarbageCollect.
-
-2007-06-26  Adam Treat  <adam@staikos.net>
-
-        Reviewed by Adam Roben.
-
-        Make the SQLite icon database optional.
-
-        * wtf/Platform.h:
-
-2007-06-15  George Staikos  <staikos@kde.org>
-
-        More missing files for Qt.
-
-        * JavaScriptCore.pri:
-        * kjs/testkjs.pro:
-
-2007-06-15  George Staikos  <staikos@kde.org>
-
-        Another Qt build fix.
-
-        * JavaScriptCore.pri:
-        * kjs/testkjs.pro:
-
-2007-06-15  George Staikos  <staikos@kde.org>
-
-        Fixing Qt build.
-
-        * JavaScriptCore.pri:
-
-2007-06-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Mitz.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=14244
-        Bug 14244: Data corruption when using a replace() callback function with data containing "$"
-
-        * kjs/string_object.cpp:
-        (KJS::replace):  When 'replacement' is a function, do not replace $n placeholders in its return value.
-        This matches the behaviour described in ECMA 262 3rd Ed section 15.5.4.1, and as implemented in Firefox.
-
-2007-06-14  Anders Carlsson  <andersca@apple.com>
-
-        Fix Windows build.
-        
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::canPut):
-
-2007-06-14  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5103077> 
-        Crash at _NPN_ReleaseObject when quitting page at http://eshop.macsales.com/shop/ModBook
-        
-        <rdar://problem/5183692>
-        http://bugs.webkit.org/show_bug.cgi?id=13547
-        REGRESSION: Crash in _NPN_ReleaseObject when closing Safari on nba.com (13547)
-        
-        <rdar://problem/5261499>
-        CrashTracer: [USER] 75 crashes in Safari at com.apple.JavaScriptCore: KJS::Bindings::CInstance::~CInstance + 40
-        
-        Have the root object track all live instances of RuntimeObjectImp. When invalidating 
-        the root object, also invalidate all live runtime objects by zeroing out their instance ivar.
-        This prevents instances from outliving their plug-ins which lead to crashes.
-        
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant):
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::convertValueToJObject):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::callAsFunction):
-        * bindings/runtime_array.cpp:
-        (RuntimeArray::RuntimeArray):
-        * bindings/runtime_array.h:
-        (KJS::RuntimeArray::getConcreteArray):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::callAsFunction):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::~RuntimeObjectImp):
-        (RuntimeObjectImp::invalidate):
-        (RuntimeObjectImp::fallbackObjectGetter):
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::methodGetter):
-        (RuntimeObjectImp::getOwnPropertySlot):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::defaultValue):
-        (RuntimeObjectImp::implementsCall):
-        (RuntimeObjectImp::callAsFunction):
-        (RuntimeObjectImp::getPropertyNames):
-        (RuntimeObjectImp::throwInvalidAccessError):
-        * bindings/runtime_object.h:
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::RootObject::invalidate):
-        (KJS::Bindings::RootObject::addRuntimeObject):
-        (KJS::Bindings::RootObject::removeRuntimeObject):
-        * bindings/runtime_root.h:
-
-2007-06-14  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Mitz.
-
-        <rdar://problem/5244948>
-        Safari keeps on complaining about slow script playing NBC TV video (14133)
-
-        http://bugs.webkit.org/show_bug.cgi?id=14133
-        Runaway JavaScript timer fires when spinning around in Google Maps street view
-
-        Make sure to start and stop the timeout checker around calls to JS.
-        
-        * bindings/NP_jsobject.cpp:
-        (_NPN_InvokeDefault):
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::call):
-        (JavaJSObject::eval):
-
-2007-06-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=14132
-          array sort with > 10000 elements sets elements > 10000 undefined
-
-        Test: fast/js/sort-large-array.html
-
-        * kjs/array_instance.h: Replaced pushUndefinedObjectsToEnd with
-        compactForSorting, and removed ExecState parameters.
-
-        * kjs/array_object.cpp:
-        (ArrayInstance::sort): Changed to call compactForSorting.
-        (ArrayInstance::compactForSorting): Do the get and delete of the
-        properties directly on the property map instead of using public
-        calls from JSObject. The public calls would just read the undefined
-        values from the compacted sort results array!
-
-2007-06-13  George Staikos  <staikos@kde.org>
-
-        Reviewed by Lars.
-
-        Fix Mac OS X build after last checkin.
-
-        * wtf/FastMalloc.h:
-
-2007-06-14  Lars Knoll <lars@trolltech.com>
-
-        Reviewed by Maciej.
-
-        Disable FastMalloc for the Qt build and make sure we
-        don't reimplement the global new/delete operators
-        when using the system malloc.
-
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        * wtf/Platform.h:
-
-2007-06-13  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Make sure that bindings instances get correct root objects.
-        
-        * JavaScriptCore.exp:
-        * bindings/NP_jsobject.cpp:
-        (listFromVariantArgs):
-        (_NPN_InvokeDefault):
-        (_NPN_Invoke):
-        (_NPN_SetProperty):
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::invokeMethod):
-        (KJS::Bindings::CInstance::invokeDefaultMethod):
-        * bindings/c/c_runtime.cpp:
-        (KJS::Bindings::CField::valueFromInstance):
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertNPVariantToValue):
-        * bindings/c/c_utility.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-        (ObjcInstance::getValueOfUndefinedField):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcArray::valueAt):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.h:
-
-2007-06-13  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Lars.
-
-        * kjs/testkjs.pro: WebKitQt is now called QtWebKit.
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Another build fix.
-        
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::invokeMethod):
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Move the notion of field type to the JNI runtime since that's the only 
-        one that was actually using it.
-        
-        * bindings/c/c_runtime.h:
-        (KJS::Bindings::CField::CField):
-        * bindings/jni/jni_runtime.h:
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        * bindings/qt/qt_runtime.h:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Build fix.
-        
-        * bindings/qt/qt_class.cpp:
-        (KJS::Bindings::QtClass::methodsNamed):
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::invokeMethod):
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Oliver.
-        
-        Get rid of the MethodList class and use a good ol' Vector instead.
-
-        * bindings/c/c_class.cpp:
-        (KJS::Bindings::CClass::methodsNamed):
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::invokeMethod):
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::JavaClass):
-        (JavaClass::~JavaClass):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::callAsFunction):
-        * bindings/runtime.cpp:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::lengthGetter):
-        (RuntimeMethod::callAsFunction):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::getOwnPropertySlot):
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Make RuntimeMethod's method list a pointer so that the object size doesn't
-        grow beyond 32 bytes when we later will replace MethodList with a Vector.
-        
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::RuntimeMethod):
-        (RuntimeMethod::lengthGetter):
-        (RuntimeMethod::callAsFunction):
-        * bindings/runtime_method.h:
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Get rid of the Parameter class.
-        
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::signature):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaParameter::JavaParameter):
-        (KJS::Bindings::JavaParameter::~JavaParameter):
-        (KJS::Bindings::JavaParameter::type):
-        (KJS::Bindings::JavaMethod::parameterAt):
-        (KJS::Bindings::JavaMethod::numParameters):
-        * bindings/runtime.h:
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Build fix.
-        
-        * bindings/qt/qt_class.h:
-
-2007-06-12  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * bindings/objc/objc_runtime.h:
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Get rid of Constructor and its only subclass JavaConstructor.
-        
-        * bindings/c/c_class.h:
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::JavaClass):
-        (JavaClass::~JavaClass):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_runtime.cpp:
-        * bindings/jni/jni_runtime.h:
-        * bindings/objc/objc_class.h:
-        * bindings/runtime.h:
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Use RetainPtr throughout the bindings code.
-        
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::ObjcClass):
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        (KJS::Bindings::ObjcClass::fieldNamed):
-        * bindings/objc/objc_instance.h:
-        (KJS::Bindings::ObjcInstance::getObject):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::ObjcInstance):
-        (ObjcInstance::~ObjcInstance):
-        (ObjcInstance::implementsCall):
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-        (ObjcInstance::defaultValue):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcMethod::setJavaScriptName):
-        (KJS::Bindings::ObjcMethod::javaScriptName):
-        (KJS::Bindings::ObjcArray::getObjcArray):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::name):
-        (ObjcArray::ObjcArray):
-        (ObjcArray::setValueAt):
-        (ObjcArray::valueAt):
-        (ObjcArray::getLength):
-        * wtf/RetainPtr.h:
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Maciej.
-
-        Have JSCell inherit from Noncopyable.
-        
-        * bindings/objc/objc_runtime.h:
-        * bindings/runtime_object.h:
-        * kjs/value.h:
-
-2007-06-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin and Maciej.
-
-        More cleanup. Use our Noncopyable WTF class, add a root object member
-        to the Array class.
-        
-        * bindings/c/c_class.h:
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::JavaArray):
-        * bindings/jni/jni_runtime.h:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcArray::ObjcArray):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Array::Array):
-        (KJS::Bindings::Array::~Array):
-        * bindings/runtime.h:
-        * bindings/runtime_object.h:
-        * bindings/runtime_root.h:
-
-2007-06-08  Zack Rusin  <zrusin@trolltech.com>
-
-        Fix the Qt build
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::QtInstance):
-        * bindings/qt/qt_instance.h:
-
-2007-06-07  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Get rid of Instance::setRootObject and pass the root object to the instance constructor instead.
-        
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::CInstance):
-        * bindings/c/c_instance.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::convertJObjectToValue):
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::ObjcInstance):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::Instance):
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-
-2007-06-07  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam.
-
-        Don't use a JavaInstance to store the field when all we want to do is to keep the field
-        from being garbage collected. Instead, use a JObjectWrapper.
-        
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (JavaField::dispatchValueFromInstance):
-        (JavaField::dispatchSetValueToInstance):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaField::JavaField):
-        (KJS::Bindings::JavaField::operator=):
-
-2007-05-30  Alp Toker  <alp.toker@collabora.co.uk>
-
-        Reviewed by Brady.
-
-        Enable logging in the Gdk port.
-        http://bugs.webkit.org/show_bug.cgi?id=13936
-
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h: Add WTFLogVerbose which also logs
-        the file, line number and function.
-
-2007-05-30  Mark Rowe  <mrowe@apple.com>
-
-        Mac build fix.  Update #include.
-
-        * API/JSCallbackFunction.h:
-
-2007-05-30  Luciano Montanaro  <mikelima@cirulla.net>
-
-        Reviewed by Maciej.
-
-        - cross-port Harri Porten's commits 636099 and 636108 from KJS: 
-        "publish a class anyway public already" and "class is being used from
-        outside for quite some time" in preparation for further syncronizations
-
-        * kjs/context.h:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/function.h:
-        (KJS::):
-        (KJS::InternalFunctionImp::classInfo):
-        (KJS::InternalFunctionImp::functionName):
-        * kjs/function_object.h:
-        * kjs/internal.h:
-        * kjs/lookup.h:
-        (KJS::getStaticPropertySlot):
-        (KJS::getStaticFunctionSlot):
-        (KJS::getStaticValueSlot):
-        * kjs/object_object.h:
-
-2007-05-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Cleanup function and fix to match comparison API.
-
-        * kjs/string_object.cpp:
-        (KJS::substituteBackreferences):
-        (KJS::localeCompare):
-
-2007-05-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Slight clarification to an exception message.
-
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::put):
-
-2007-05-27  Holger Freyther  <zecke@selfish.org>
-
-        Reviewed by Mark Rowe.
-
-        * wtf/Platform.h: Move Gdk up to allow building WebKit/Gdk on Darwin
-
-2007-05-27  Darin Adler  <darin@apple.com>
-
-        - fix a couple ifdefs that said WIN instead of WIN_OS
-
-        * kjs/collector.cpp:
-        (KJS::allocateBlock): WIN -> WIN_OS
-        (KJS::freeBlock): Ditto.
-
-2007-05-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin.
-
-        Patch for http://bugs.webkit.org/show_bug.cgi?id=13854
-        Port of commit 667785 from kjs
-
-        - special case calling String.localeCompare() with no parameters to return 0.
-
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFunc::callAsFunction):
-
-2007-05-25  Kimmo Kinnunen  <kimmok@iki.fi>
-
-        Reviewed by Darin.
-
-        - Fix for http://bugs.webkit.org/show_bug.cgi?id=13456
-        REGRESSION: setTimeout "arguments" object gets shadowed by a local variable
-
-        - Add a explicit check for arguments. Previously check was done with getDirect,
-        but since the arguments is created on-demand in ActivationImp, it doesn't
-        show up in the test. 'arguments' should always be in the VarDeclNode's
-        evaluation scope.
-
-        * kjs/nodes.cpp:
-        (VarDeclNode::evaluate): Additional check if the var decl identifier is 'arguments'
-
-2007-05-25  George Staikos  <staikos@kde.org>
-
-        Reviewed by Maciej.
-
-        - Use COMPILER(GCC), not PLATFORM(GCC) - as Platform.h defines
-
-        * wtf/FastMalloc.h:
-
-2007-05-25  Kimmo Kinnunen  <kimmok@iki.fi>
-
-        Reviewed by Darin.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=13623 (Decompilation of function
-          doesn't compile with "++(x,y)")
-        - Create the error node based on the actual node, not the node inside
-          parenthesis
-        - Fix applies to postfix, prefix and typeof operators
-        - Produces run-time ReferenceError like other non-lvalue assignments etc.
-
-        * kjs/grammar.y: Create {Prefix,Postfix}ErrorNode based on the actual node,
-        not the based on the node returned by "nodeInsideAllParens()". Same for
-        TypeOfValueNode.
-
-2007-05-25  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Zack.
-
-        Fix crash in Qt JavaScript bindings when the arguments used on the Qt side are not
-        registered with QMetaType.
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::invokeMethod):
-        * bindings/qt/qt_runtime.cpp:
-
-2007-05-24  Luciano Montanaro  <mikelima@cirulla.net>
-
-        Reviewed by Darin
-
-        Patch for http://bugs.webkit.org/show_bug.cgi?id=13855
-        Port patch 666176 to JavaScriptCore
-
-        - Renamed JSValue::downcast() to JSValue::asCell() which makes the
-        function meaning cleaner. It's modeled after Harri Porten change in 
-        KDE trunk.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::protect):
-        (KJS::Collector::unprotect):
-        (KJS::Collector::collectOnMainThreadOnly):
-        * kjs/object.h:
-        (KJS::JSValue::isObject):
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFunc::callAsFunction):
-        * kjs/value.h:
-        (KJS::JSValue::asCell):
-        (KJS::JSValue::isNumber):
-        (KJS::JSValue::isString):
-        (KJS::JSValue::isObject):
-        (KJS::JSValue::getNumber):
-        (KJS::JSValue::getString):
-        (KJS::JSValue::getObject):
-        (KJS::JSValue::getUInt32):
-        (KJS::JSValue::mark):
-        (KJS::JSValue::marked):
-        (KJS::JSValue::type):
-        (KJS::JSValue::toPrimitive):
-        (KJS::JSValue::toBoolean):
-        (KJS::JSValue::toNumber):
-        (KJS::JSValue::toString):
-        (KJS::JSValue::toObject):
-
-2007-05-18  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Mark Rowe.
-
-        * kjs/testkjs.pro: Make the Gdk port link to icu
-
-2007-05-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adele Peterson.
-        
-        It helps if you swap the right variable.
-
-        * wtf/HashSet.h:
-        (WTF::::operator):
-
-2007-05-15  Lars Knoll <lars@trolltech.com>
-
-        Reviewed by Zack
-
-        Extend the QObject JavaScript bindings to work for slots with
-        arguments.
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::invokeMethod):
-
-2007-05-14  Kimmo Kinnunen  <kimmok@iki.fi>
-
-        Reviewed by Darin.
-
-        - Fixes http://bugs.webkit.org/show_bug.cgi?id=13622 (Decompiler
-          omits trailing comma in array literal)
-
-         * kjs/nodes2string.cpp:
-         (ArrayNode::streamTo): print extra ',' in case there was elision
-         commas (check opt member var) and array elements present
-         in the array expression
-
-2007-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Added HashMap::swap and HashSet::swap. WebCore now uses HashSet::swap.
-        I figured while I was in the neighborhood I might as well add HashMap::swap,
-        too.
-
-        * wtf/HashMap.h:
-        (WTF::::operator):
-        (WTF::::swap):
-        * wtf/HashSet.h:
-        (WTF::::operator):
-        (WTF::::swap):
-
-2007-05-11  Kimmo Kinnunen  <kimmok@iki.fi>
-
-        Reviewed by Darin.
-
-        - Fix for bug http://bugs.webkit.org/show_bug.cgi?id=13620
-          Bogus decompilation of "for (var j = 1 in [])"
-        - ForInNode toString()'ed to syntax error if there was var decl
-          and initializer
-        - ForNode toStringed()'ed lost 'var ' if it was present
-
-        * kjs/nodes2string.cpp:
-        (VarDeclListNode::streamTo): Print "var " here
-        (VarStatementNode::streamTo): Don't print "var " here
-        (ForNode::streamTo): Remove TODO comment, VarDeclListNode will
-        stream the "var "
-        (ForInNode::streamTo): ForIn initializer is printed by VarDeclNode
-
-2007-05-11  Kimmo Kinnunen  <kimmok@iki.fi>
-
-        Reviewed by Darin.
-
-        - Fixes http://bugs.webkit.org/show_bug.cgi?id=10878
-          (Incorrect decompilation for "4..x")
-        - Group numbers in dotted expressions in toString() output, so we
-          avoid the 4.x constructs  when the original input is 4..x.
-          4..x means the same as 4. .x or (4).x or Number(4).x
-
-        * kjs/nodes2string.cpp:
-        (KJS::SourceStream::):
-        Add boolean flag to indicate that if next item is a number, it should be grouped.
-        Add new formatting enum which turns on the boolean flag.
-        (KJS::SourceStream::SourceStream): Added. Initialize the flag.
-        (SourceStream::operator<<): Added. New overloaded operator with double value as parameter.
-        (NumberNode::streamTo): Use the double operator
-        (ArrayNode::streamTo):
-        (DotAccessorNode::streamTo):
-        (FunctionCallDotNode::streamTo):
-        (FunctionCallParenDotNode::streamTo):
-        (PostfixDotNode::streamTo):
-        (DeleteDotNode::streamTo):
-        (PrefixDotNode::streamTo):
-        (AssignDotNode::streamTo): Use the new formatting enum to turn on the grouping flag.
-
-2007-05-10  Lars Knoll <lars@trolltech.com>
-
-        Reviewed by Zack
-
-        Fix our last three test failures in the JavaScript
-        tests.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-
-2007-05-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed #includes of JSStringRefCF.h and use of CF datatypes. I think I 
-        misunderstood this issue before.
-
-        * API/JavaScriptCore.h: #include JSStringRefCF.h. Platforms that don't
-        want this behavior can just #include individual headers, instead of the
-        umbrella framework header. But we definitely want Mac OS X clients to
-        get the #include of JSStringRefCF.h "for free."
-        * API/minidom.c: Don't #include JSStringRefCF.h. (Don't need to #include
-        JavaScriptCore.h, either.)
-        * API/testapi.c: Don't #include JSStringRefCF.h. Do use CF datatypes
-        regardless of whether __APPLE__ is defined. Platforms that don't support
-        CF just shouldn't compile this file.
-        (main):
-
-2007-05-09  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by mjs.
-        
-        http://bugs.webkit.org/show_bug.cgi?id=6985
-        Cyclic __proto__ values cause WebKit to hang
-
-        * kjs/object.cpp:
-        (KJS::JSObject::put): do a cycle check before setting __proto__
-
-2007-05-08  Kimmo Kinnunen  <kimmok@iki.fi>
-
-        Reviewed by darin.  Landed by eseidel.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=10880 (Do..while loop gains 
-        a semicolon each time it is toStringed)
-        Grammar in Ecma-66262, 12.6: "do Statement while ( Expression );"
-        EmptyStatement was created after every do..while(expr) which
-        had semicolon at the end.
-
-        * kjs/grammar.y: Require semicolon at the end of do..while
-
-2007-05-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix -- this time for sure.
-        
-        APICast.h, being private, ends up in a different folder than JSValueRef.h,
-        so we can't include one from the other using "". Instead, just forward
-        declare the relevant data types.
-
-        * API/APICast.h:
-
-2007-05-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: export APICast.h for WebCore and WebKit.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-05-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=12821
-          <rdar://problem/5007921> Number.toExponential doesn't work for negative numbers
-
-        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
-        Added a call to fabs before calling log10.
-
-2007-05-03  Holger Freyther <freyther@kde.org>
-
-        Reviewed by Zack, landed by Simon.
-        This is bugzilla bug 13499.
-
-        * JavaScriptCore.pri: Place Qt into the qt-port scope
-        * bindings/testbindings.pro: Place Qt into the qt-port scope
-        * kjs/testkjs.pro: Place Qt into the qt-port scope
-        * pcre/pcre.pri: Place Qt into the qt-port scope
-
-2007-05-02  David Harrison  <harrison@apple.com>
-
-        Reviewed by Antti.
-
-        <rdar://problem/5174862> Crash resulting from DeprecatedString::insert()
-
-        Added insertion support for more than one value.
-        
-        * wtf/Vector.h:
-        (WTF::::insert):
-        Added support for inserting multiple values.
-        
-        (WTF::::prepend):
-        New. Insert at the start of vectors. Convenient for vectors used as strings.
-
-2007-05-01  Jungshik Shin  <jungshik.shin@gmail.com>
-
-        Reviewed by Alexey.
-
-        - get rid of non-ASCII lteral characters : suppress compiler warnings
-        http://bugs.webkit.org/show_bug.cgi?id=13551
-         
-        * kjs/testkjs.cpp:
-        * pcre/pcre_compile.c:
-
-2007-04-28  Jungshik Shin  <jungshik.shin@gmail.com>
-
-        Reviewed by Sam Weinig.
-
-        - Replace copyright sign in Latin-1 (0xA9) with '(C)'
-        http://bugs.webkit.org/show_bug.cgi?id=13531
-
-        * bindings/npruntime.h:
-    
-2007-04-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix <rdar://problem/5154144> Hamachi test fails: assertion failure in ListHashSet
-
-        Test: fast/forms/add-remove-form-elements-stress-test.html
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetNodeAllocator::ListHashSetNodeAllocator): Initialize
-        m_isDoneWithInitialFreeList to false.
-        (WTF::ListHashSetNodeAllocator::allocate): Added assertions based on a debug-only
-        m_isAllocated flag that make sure we don't allocate a block that's already allocated.
-        These assertions helped pinpoint the bug. Set m_isDoneWithInitialFreeList when we
-        allocate the last block of the initial free list. Once we're done with the initial
-        free list, turn off the rule that says that the next node in the pool after the last
-        node in the free list is also free. This rule works because any free nodes are added
-        to the head of the free list, so a node that hasn't been allocated even once is always
-        at the tail of the free list and all the nodes after it also haven't been allocated
-        even once. But it doesn't work any longer once the entire pool has been used at least
-        once, because there's nothing special about the last node on the free list any more.
-        (WTF::ListHashSetNodeAllocator::deallocate): Set the node's m_isAllocated to false.
-        (WTF::ListHashSetNodeAllocator::pastPool): Added. Used above.
-        (WTF::ListHashSetNodeAllocator::inPool): Changed to use the pastPool function.
-        (WTF::ListHashSetNode::ListHashSetNode): Initialize m_isAllocated to true.
-        (WTF::ListHashSetNode::operator new): Removed variable name for unused size
-        parameter.
-        (WTF::ListHashSetNode::destroy): Changed to call the destructor rather than
-        delete -- this gets rid of the need to define an operator delete.
-
-2007-04-27  Christopher Brichford  <chrisb@adobe.com>
-
-        Reviewed by Timothy Hatcher.
-
-        Fix for: Bug 13211: Move JavaScriptCore mac project files for apollo port
-        http://bugs.webkit.org/show_bug.cgi?id=13211
-
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore.Debug.xcconfig: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore.Release.xcconfig: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore.xcconfig: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore.xcodeproj/project.pbxproj: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig: Removed.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig: Removed.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig: Removed.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: Removed.
-
-2007-04-27  Holger Freyther <freyther@kde.org>
-
-        Reviewed by Maciej.
-
-        Remove unmaintained CMake build system.
-
-        * CMakeLists.txt: Removed.
-        * pcre/CMakeLists.txt: Removed.
-
-2007-04-27  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Improve dependencies in Xcode project
-        by marking dftables as a dependency of Generate Derived Sources rather than of
-        JavaScriptCore itself.
-
-2007-04-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix -- added #includes that we used to get implicitly through
-        JSStringRef.h.
-
-        * API/JSNode.c:
-        * API/JSNodeList.c:
-        * API/minidom.c:
-        * API/testapi.c:
-
-2007-04-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak, Adam Roben.
-        
-        Fixed 
-        <rdar://problem/4885130> Remove #include of JSStringRefCF.h from JSStringRef.h
-        <rdar://problem/4885123> JavaScriptCore is not cross-platform -- JSStringRef.h references CF datatypes
-
-        * API/JSStringRef.h: Removed #include -- no clients need it anymore.
-
-2007-04-25  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by Maciej.
-
-        Add assertions for debug builds.
-
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::lock): Assert the return value of pthread_mutex_lock() in debug builds.
-        (KJS::JSLock::unlock): Assert the return value of pthread_mutex_unlock() in debug builds.
-
-2007-04-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Anders.
-        
-        - fix build problems
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable warning that
-        gives often downright incorrect results based on guessing what will happen in 64-bit.
-
-2007-04-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - tweak the allocator for a small speedup -- Shark showed this was a win, but I can't
-          measure an improvement right now, but it's also clear these changes do no harm
-
-        * wtf/FastMalloc.cpp:
-        (WTF::LgFloor): Use ALWAYS_INLINE here; in testing I did a while back this was necessary
-        to get this single-instruction function to be inlined.
-        (WTF::SizeClass): Use ALWAYS_INLINE here too for the same reason. Also change the special
-        case for a size of 0 to work without a branch for a bit of extra speed.
-        (WTF::ByteSizeForClass): Use ALWAYS_INLINE here too for the same reason.
-
-2007-04-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - use custom calling convention for everything in nodes.cpp on intel gcc for 1.5% speed boost
-
-        Nearly all functions in nodes.cpp were marked up to use the
-        regparm(3) calling convention under GCC for x86, since this is
-        faster and they are all guaranteed to be called only internally to
-        kjs.
-        
-        The only exception is destructors, since delete doesn't know how to use a custom calling convention.
-        
-        * kjs/nodes.cpp:
-        (dotExprDoesNotAllowCallsString):
-        * kjs/nodes.h:
-        (KJS::Node::):
-        (KJS::StatementNode::):
-        (KJS::NullNode::):
-        (KJS::BooleanNode::):
-        (KJS::NumberNode::):
-        (KJS::StringNode::):
-        (KJS::RegExpNode::):
-        (KJS::ThisNode::):
-        (KJS::ResolveNode::):
-        (KJS::GroupNode::):
-        (KJS::ElementNode::):
-        (KJS::ArrayNode::):
-        (KJS::PropertyNameNode::):
-        (KJS::PropertyNode::):
-        (KJS::PropertyListNode::):
-        (KJS::ObjectLiteralNode::):
-        (KJS::BracketAccessorNode::):
-        (KJS::DotAccessorNode::):
-        (KJS::ArgumentListNode::):
-        (KJS::ArgumentsNode::):
-        (KJS::NewExprNode::):
-        (KJS::FunctionCallValueNode::):
-        (KJS::FunctionCallResolveNode::):
-        (KJS::FunctionCallBracketNode::):
-        (KJS::FunctionCallParenBracketNode::):
-        (KJS::FunctionCallDotNode::):
-        (KJS::FunctionCallParenDotNode::):
-        (KJS::PostfixResolveNode::):
-        (KJS::PostfixBracketNode::):
-        (KJS::PostfixDotNode::):
-        (KJS::PostfixErrorNode::):
-        (KJS::DeleteResolveNode::):
-        (KJS::DeleteBracketNode::):
-        (KJS::DeleteDotNode::):
-        (KJS::DeleteValueNode::):
-        (KJS::VoidNode::):
-        (KJS::TypeOfResolveNode::):
-        (KJS::TypeOfValueNode::):
-        (KJS::PrefixResolveNode::):
-        (KJS::PrefixBracketNode::):
-        (KJS::PrefixDotNode::):
-        (KJS::PrefixErrorNode::):
-        (KJS::UnaryPlusNode::):
-        (KJS::NegateNode::):
-        (KJS::BitwiseNotNode::):
-        (KJS::LogicalNotNode::):
-        (KJS::MultNode::):
-        (KJS::AddNode::):
-        (KJS::ShiftNode::):
-        (KJS::RelationalNode::):
-        (KJS::EqualNode::):
-        (KJS::BitOperNode::):
-        (KJS::BinaryLogicalNode::):
-        (KJS::ConditionalNode::):
-        (KJS::AssignResolveNode::):
-        (KJS::AssignBracketNode::):
-        (KJS::AssignDotNode::):
-        (KJS::AssignErrorNode::):
-        (KJS::CommaNode::):
-        (KJS::AssignExprNode::):
-        (KJS::VarDeclListNode::):
-        (KJS::VarStatementNode::):
-        (KJS::EmptyStatementNode::):
-        (KJS::ExprStatementNode::):
-        (KJS::IfNode::):
-        (KJS::DoWhileNode::):
-        (KJS::WhileNode::):
-        (KJS::ForNode::):
-        (KJS::ContinueNode::):
-        (KJS::BreakNode::):
-        (KJS::ReturnNode::):
-        (KJS::WithNode::):
-        (KJS::LabelNode::):
-        (KJS::ThrowNode::):
-        (KJS::TryNode::):
-        (KJS::ParameterNode::):
-        (KJS::Parameter::):
-        (KJS::FunctionBodyNode::):
-        (KJS::FuncExprNode::):
-        (KJS::FuncDeclNode::):
-        (KJS::SourceElementsNode::):
-        (KJS::CaseClauseNode::):
-        (KJS::ClauseListNode::):
-        (KJS::SwitchNode::):
-
-2007-04-24  Oliver Hunt  <oliver@apple.com>
-
-        GTK Build fix, ::findEntry->KJS::findEntry
-
-        * kjs/lookup.cpp:
-        (KJS::Lookup::findEntry):
-        (KJS::Lookup::find):
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - compile most of JavaScriptCore as one file for 4% JS iBench speed improvement 
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add AllInOneFile.cpp, and remove files it includes
-        from the build.
-        * kjs/AllInOneFile.cpp: Added.
-        * kjs/dtoa.cpp: Renamed CONST to CONST_ to avoid conflict.
-        (Bigint::):
-        (Bigint::nrv_alloc):
-        * kjs/lookup.cpp: Use "namspace KJS { ... }" instead of "using namespace KJS;" 
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Build fix, not reviewed.
-
-        * kjs/collector.h: Fix struct/class mismatch.
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - raise ALLOCATIONS_PER_COLLECTION to 4000, for 3.7% iBench speed improvement
-         
-        Now that the cell size is smaller and the block size is bigger, we can fit 4000 objects in
-        the two spare cells the collector is willing to keep around, so collect a bit less often.
-        
-        * kjs/collector.cpp:
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin and Geoff.
-        
-        - move mark and collectOnMainThreadOnly bits into separate bitmaps
-        
-        This saves 4 bytes per cell, allowing shrink of cell size to 32,
-        which leads to a .8% speed improvement on iBench.
-        
-        This is only feasible because of all the previous changes on the branch.
-
-        * kjs/collector.cpp:
-        (KJS::allocateBlock): Adjust for some renames of constants. 
-        (KJS::Collector::markStackObjectsConservatively): Now that cells are 32 bytes (64 
-        bytes on 64-bit) the cell alignment check can be made much more strict, and also
-        obsoletes the need for a % sizeof(CollectorCell) check. Also, we can mask off the low
-        bits of the pointer to have a potential block pointer to look for.
-        (KJS::Collector::collectOnMainThreadOnly): Use bitmap.
-        (KJS::Collector::markMainThreadOnlyObjects): Use bitmap.
-        (KJS::Collector::collect): When sweeping, use bitmaps directly to find mark bits.
-        * kjs/collector.h:
-        (KJS::): Move needed constants and type declarations here.
-        (KJS::CollectorBitmap::get): Bit twiddling to get a bitmap value.
-        (KJS::CollectorBitmap::set): Bit twiddling to set a bitmap bit to true.
-        (KJS::CollectorBitmap::clear): Bit twiddling to set a bitmap bit to false.
-        (KJS::CollectorBitmap::clearAll): Clear whole bitmap at one go.
-        (KJS::Collector::cellBlock): New operation, compute the block pointer for
-        a cell by masking off low bits.
-        (KJS::Collector::cellOffset): New operation, compute the cell offset for a
-        cell by masking off high bits and dividing (actually a shift).
-        (KJS::Collector::isCellMarked): Check mark bit in bitmap
-        (KJS::Collector::markCell): Set mark bit in bitmap.
-        * kjs/value.h:
-        (KJS::JSCell::JSCell): No more bits.
-        (KJS::JSCell::marked): Let collector handle it.
-        (KJS::JSCell::mark): Let collector handle it.
-
-2007-04-23  Anders Carlsson  <andersca@apple.com>
-
-        Build fix.
-        
-        * kjs/regexp_object.h:
-        RegExpObjectImpPrivate is a struct, not a class.
-        
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - shrink FunctionImp / DeclaredFunctionImp by 4 bytes, by moving parameter list to function body
-        
-        I reconciled this with a similar change in KDE kjs by Maks Orlovich <maksim@kde.org>.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::FunctionImp::passInParameters):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::getParameterName):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (FunctionProtoFunc::callAsFunction):
-        (FunctionObjectImp::construct):
-        * kjs/nodes.cpp:
-        (FunctionBodyNode::addParam):
-        (FunctionBodyNode::paramString):
-        (FuncDeclNode::addParams):
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::addParams):
-        (FuncExprNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::Parameter::Parameter):
-        (KJS::FunctionBodyNode::numParams):
-        (KJS::FunctionBodyNode::paramName):
-        (KJS::FunctionBodyNode::parameters):
-        (KJS::FuncExprNode::FuncExprNode):
-        (KJS::FuncDeclNode::FuncDeclNode):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable 64-bit warnings because
-        they handle size_t badly.
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
- 
-        Reviewed by Darin.
-
-        - shrink RegexpObjectImp by 4 bytes
-        
-        Somewhat inexplicably, this seems to be a .33% speedup on JS iBench.
-        
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpObjectImpPrivate::RegExpObjectImpPrivate):
-        (RegExpObjectImp::RegExpObjectImp):
-        (RegExpObjectImp::performMatch):
-        (RegExpObjectImp::arrayOfMatches):
-        (RegExpObjectImp::getBackref):
-        (RegExpObjectImp::getLastMatch):
-        (RegExpObjectImp::getLastParen):
-        (RegExpObjectImp::getLeftContext):
-        (RegExpObjectImp::getRightContext):
-        (RegExpObjectImp::getValueProperty):
-        (RegExpObjectImp::putValueProperty):
-        * kjs/regexp_object.h:
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - change to 1-bit bitfields instead of 8-bit, this turns out to lead to a .51% speedup on JS iBench
-        
-        The 1-bit bitfields are actually faster than just plain bools, at least on Intel (go figure).
-
-        * kjs/property_map.h:
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-       
-        - shrink ArrayInstance objects by 4 bytes
-        http://bugs.webkit.org/show_bug.cgi?id=13386
-        
-        I did this by storing the capacity before the beginning of the storage array. It turns out
-        it is rarely needed and is by definition 0 when the storage array is null.
- 
-        * kjs/array_instance.h:
-        (KJS::ArrayInstance::capacity): Get it from the secret stash
-        * kjs/array_object.cpp:
-        (allocateStorage): New function to encapsulate allocating the storage with extra space ahead
-        for the capacity.
-        (reallocateStorage): ditto for realloc
-        (ArrayInstance::ArrayInstance):
-        (ArrayInstance::~ArrayInstance):
-        (ArrayInstance::resizeStorage):
-
-2007-04-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix <rdar://problem/4840688> REGRESSION (r10588, r10621): JavaScript won't parse
-          modifications of non-references (breaks 300themovie.warnerbros.com, fedex.com)
-
-        Despite the ECMAScript specification's claim that you can treat these as syntax
-        errors, doing so creates some website incompatibilities. So this patch turns them back
-        into evaluation errors instead.
-
-        Test: fast/js/modify-non-references.html
-
-        * kjs/grammar.y: Change makeAssignNode, makePrefixNode, and makePostfixNode so that they
-        never fail to parse. Update rules that use them. Fix a little bit of indenting. Use
-        new PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.
-
-        * kjs/nodes.h: Added an overload of throwError that takes a char* argument.
-        Replaced setExceptionDetailsIfNeeded and debugExceptionIfNeeded with handleException,
-        which does both. Added PostfixErrorNode, PrefixErrorNode, and AssignErrorNode classes.
-
-        * kjs/nodes.cpp: Changed exception macros to use handleException; simpler and smaller
-        code size than the two functions that we used before.
-        (Node::throwError): Added the overload mentioned above.
-        (Node::handleException): Added. Contains the code from both setExceptionDetailsIfNeeded
-        and debugExceptionIfNeeded.
-        (PostfixErrorNode::evaluate): Added. Throws an exception.
-        (PrefixErrorNode::evaluate): Ditto.
-        (AssignErrorNode::evaluate): Ditto.
-        (ThrowNode::execute): Call handleException instead of debugExceptionIfNeeded; this
-        effectively adds a call to setExceptionDetailsIfNeeded, which may help with getting
-        the correct file and line number for these exceptions.
-
-        * kjs/nodes2string.cpp:
-        (PostfixErrorNode::streamTo): Added.
-        (PrefixErrorNode::streamTo): Added.
-        (AssignErrorNode::streamTo): Added.
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - fix test failures / crashes on PPC
-
-        * kjs/property_map.h: Make the bool fields explicitly 8-bit bitfields, since bool is a full
-        word there otherwise :-(
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - fix more test case failures
-
-        * bindings/runtime_array.cpp:
-        (RuntimeArray::RuntimeArray): inherit from JSObject instead of ArrayInstance; it turns
-        out that this class only needs the prototype and classInfo from ArrayInstance, not the
-        actual class itself, and it was too big otherwise.
-        (RuntimeArray::getOwnPropertySlot):
-        * bindings/runtime_array.h:
-
-2007-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - fix some test failures
-
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::RuntimeMethod): inherit from InternalFunctionImp instead of FunctionImpl,
-        otherwise this is too big
-        (RuntimeMethod::getOwnPropertySlot):
-        * bindings/runtime_method.h:
-
-2007-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - discard the arguments List for an ActivationImp when the corresponding Context is destroyed (1.7% speedup)
-        http://bugs.webkit.org/show_bug.cgi?id=13385
-
-        Based an idea by Christopher E. Hyde <C.Hyde@parableuk.force9.co.uk>. His patch to do 
-        this also had many other List changes and I found this much simpler subset of the changes
-        was actually a hair faster.
-        
-        This optimization is valid because the arguments list is only kept around to
-        lazily make the arguments object. If it's not made by the time the function
-        exits, it never will be, since any function that captures the continuation will
-        have its own local arguments variable in scope.
-        
-        Besides the 1.7% speed improvement, it shrinks List by 4 bytes
-        (which in turn shrinks ActivationImp by 4 bytes).
-        
-        * kjs/Context.cpp:
-        (KJS::Context::~Context): Clear the activation's arguments list.
-        * kjs/function.cpp:
-        (KJS::ActivationImp::ActivationImp): Adjusted for list changes.
-        (KJS::ActivationImp::mark): No need to mark, lists are always protected (this doesn't
-        cause a ref-cycle for reasons stated above).
-        (KJS::ActivationImp::createArgumentsObject): Clear arguments list.
-        * kjs/function.h:
-        * kjs/list.cpp:
-        (KJS::List::List): No more needsMarking boolean
-        (KJS::List::operator=): ditto
-        * kjs/list.h:
-        (KJS::List::List): ditto
-        (KJS::List::reset): ditto
-        (KJS::List::deref): ditto
-
-2007-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - shrink PropertyMap by 8 bytes and therefore shrink CELL_SIZE to 40 (for 32-bit; 
-        similar shrinkage for 64-bit)
-        http://bugs.webkit.org/show_bug.cgi?id=13384
-
-        Inspired by similar changes by Christopher E. Hyde <C.Hyde@parableuk.force9.co.uk>
-        done in the kjs-tweaks branch of KDE's kjs. However, this version is somewhat 
-        cleaner style-wise and avoids some of the negative speed impact (at least on gcc/x86) 
-        of his version.
-        
-        This is nearly a wash performance-wise, maybe a slight slowdown, but worth doing
-        to eventually reach cell size 32.
-        
-        * kjs/collector.cpp:
-        (KJS::):
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap):
-        (KJS::PropertyMap::clear):
-        (KJS::PropertyMap::get):
-        (KJS::PropertyMap::getLocation):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::insert):
-        (KJS::PropertyMap::expand):
-        (KJS::PropertyMap::rehash):
-        (KJS::PropertyMap::remove):
-        (KJS::PropertyMap::mark):
-        (KJS::PropertyMap::containsGettersOrSetters):
-        (KJS::PropertyMap::getEnumerablePropertyNames):
-        (KJS::PropertyMap::getSparseArrayPropertyNames):
-        (KJS::PropertyMap::save):
-        (KJS::PropertyMap::checkConsistency):
-        * kjs/property_map.h:
-        (KJS::PropertyMap::hasGetterSetterProperties):
-        (KJS::PropertyMap::setHasGetterSetterProperties):
-        (KJS::PropertyMap::):
-        (KJS::PropertyMap::PropertyMap):
-
-2007-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - change blocks to 64k in size, and use various platform-specific calls to allocate at 64k-aligned addresses
-        http://bugs.webkit.org/show_bug.cgi?id=13383
-        
-        * kjs/collector.cpp:
-        (KJS::allocateBlock): New function to allocate 64k of 64k-aligned memory
-        (KJS::freeBlock): Corresponding free
-        (KJS::Collector::allocate):
-        (KJS::Collector::collect):
-
-2007-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin and Geoff.
-        
-        - remove the concept of oversize objects, now that there aren't any (for now
-        only enforced with an assert).
-        http://bugs.webkit.org/show_bug.cgi?id=13382
-
-        This change is a .66% speedup on JS iBench for 32-bit platforms, probably much more
-        for 64-bit since it finally gives a reasonable cell size, but I did not test that.
-        
-        * kjs/collector.cpp:
-        (KJS::): Use different cell size for 32-bit and 64-bit, now that there is no
-        oversize allocation.
-        (KJS::Collector::allocate): Remove oversize allocator.
-        (KJS::Collector::markStackObjectsConservatively): Don't check oversize objects.
-        (KJS::Collector::markMainThreadOnlyObjects): Ditto.
-        (KJS::Collector::collect): Ditto.
-
-2007-04-21  Mitz Pettel  <mitz@webkit.org>
-
-        Reviewed by Adam.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=13428
-          REGRESSION (r20973-r20976): Failing ecma/Array/15.4.4.5-3.js
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=13429
-          REGRESSION (r20973-r20976): Crashing in fast/dom/plugin-attributes-enumeration.html
-
-        * kjs/array_object.cpp:
-        (ArrayInstance::sort): Free the old storage, not the new one.
-
-2007-04-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-
-        - fix build problem with last change - -O3 complains more about uninitialized variables
-        
-        * pcre/pcre_compile.c:
-        (compile_branch):
-        (pcre_compile2):
-
-2007-04-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - <rdar://problem/5149915> use mergesort when possible, since it leads to fewer compares (2% JS iBench speedup)
-
-        * kjs/array_object.cpp:
-        (ArrayInstance::sort): Use mergesort(3) on platforms that have it, since it tends
-        to do fewer compares than qsort; but avoid it very on large arrays since it uses extra
-        memory. Also added comments identifying possibly even better sorting algorithms
-        for sort by string value and sort by compare function.
-        * kjs/config.h:
-
-2007-04-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - bump optimization flags up to -O3 for 1% JS iBench speed improvement 
-
-        * Configurations/Base.xcconfig:
-
-2007-04-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej.
-
-        Fix bogus optimisation in the generic pthread code path.
-
-        * kjs/collector.cpp:
-        (KJS::currentThreadStackBase):
-
-2007-04-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Anders.
-
-        Improve FreeBSD compatibility, as suggested by Alexander Botero-Lowry.
-
-        * kjs/collector.cpp:
-        (KJS::currentThreadStackBase): FreeBSD requires that pthread_attr_t's are
-        initialized via pthread_attr_init before being used in any context.
-
-2007-04-19  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=13401
-        Bug 13401: Reproducible crash calling myArray.sort(compareFn) from within
-        a sort comparison function
-
-        * kjs/array_object.cpp:
-        (ArrayInstance::sort): Save/restore the static variables around calls to qsort
-        to ensure nested calls to ArrayInstance::sort behave correctly.
-
-2007-04-12  Deneb Meketa  <dmeketa@adobe.com>
-
-        Reviewed by Darin Adler.
-
-        http://bugs.webkit.org/show_bug.cgi?id=13029
-        rdar://problem/4994849
-        Bug 13029: Permit NPAPI plug-ins to see HTTP response headers.
-        This doesn't actually change JavaScriptCore, but that's where npapi.h is.
-
-        * bindings/npapi.h:
-        Add headers member to NPStream struct.  Also increase NP_VERSION_MINOR to 18.
-        Increasing to >= 17 allows plug-ins to safely detect whether to look for
-        NPStream::headers.  Increasing from 17 to 18 reflects presence of NPObject
-        enumeration, which was added in a prior patch, and which has been agreed to
-        constitute version 18 by the plugin-futures list.  Also add other missing
-        bits of npapi.h to catch up from 14 to 18.  This includes features that are
-        not implemented in WebKit, but those are safely stubbed.
-
-2007-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        Fixed last check-in to print in release builds, too.
-
-        * kjs/collector.cpp:
-        (KJS::getPlatformThreadRegisters):
-
-2007-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John Sullivan, Darin Adler.
-        
-        Fixed <rdar://problem/5121899> JavaScript garbage collection leads to 
-        later crash under Rosetta (should abort or leak instead?)
-        
-        Log an error message and crash if the kernel reports failure during GC.
-        We decided to do this instead of just leaking because we don't want people
-        to get the mistaken impression that running in Rosetta is a supported
-        configurtion.
-        
-        The CRASH macro will also hook into CrashReporter, which will tell us if 
-        many (any?) users run into this issue.
-
-        * kjs/collector.cpp:
-        (KJS::getPlatformThreadRegisters):
-
-2007-04-06  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by darin.
-
-        Coverity fix. Coverity says:
-        "Event var_deref_model: Variable "sourceRanges" tracked as NULL was passed to a
-        function that dereferences it"
-
-        * kjs/string_object.cpp:
-        (KJS::replace):
-
-2007-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber stamped by Adele Peterson.
-
-        * kjs/ExecState.h: Removed obsolete forward/friend declaration of 
-        RuntimeMethodImp.
-
-2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by darin.
-
-        Coverity fix. Coverity says:
-        "Event check_after_deref: Pointer "dateString" dereferenced before NULL check"
-
-        * kjs/date_object.cpp:
-        (KJS::parseDate):
-
-2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by darin.
-
-        Coverity fix. Coverity says:
-        "Event check_after_deref: Pointer "re" dereferenced before NULL check"
-
-        * pcre/pcre_study.c:
-        (pcre_study):
-
-2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by darin.
-
-        Coverity fixes. Coverity says:
-        "Event leaked_storage: Returned without freeing storage "buffer""
-        and:
-        "Event leaked_storage: Returned without freeing storage "script""
-
-        * kjs/testkjs.cpp:
-        (doIt):
-        (createStringWithContentsOfFile):
-
-2007-04-05  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by darin.
-
-        Coverity fix: in single-threaded case currentThreadIsMainThread is always true
-        so the code in if (!currentThreadIsMainThread) cannot possibly be reached
-        and Coverity complains about dead code.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-
-=== Safari-5522.6 ===
-
-2007-04-03  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam.
-
-        - Testing a post-commit hook.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2007-04-03  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam.
-
-        <rdar://problem/5107534>
-        http://bugs.webkit.org/show_bug.cgi?id=13265
-        REGRESSION: Crash in KJS::Bindings::convertValueToNPVariant
-        
-        * bindings/NP_jsobject.cpp:
-        (_NPN_InvokeDefault):
-        Return false if the object isn't a function. Set the return value to undefined by default
-        (to match Firefox).
-        
-2007-03-30  Anders Carlsson <andersca@apple.com>
-
-        Build fix.
-        
-        * bindings/NP_jsobject.cpp:
-        (_NPN_Enumerate):
-
-2007-03-30  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Implement _NPN_Enumerate support.
-        
-        * JavaScriptCore.exp:
-        * bindings/NP_jsobject.cpp:
-        (_NPN_Enumerate):
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::getPropertyNames):
-        * bindings/c/c_instance.h:
-        * bindings/npapi.h:
-        * bindings/npruntime.h:
-        * bindings/npruntime_impl.h:
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::getPropertyNames):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::getPropertyNames):
-        * bindings/runtime_object.h:
-        (KJS::RuntimeObjectImp::getInternalInstance):
-
-2007-03-28  Jeff Walden  <jwalden+code@mit.edu>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=12963
-        Fix some inconsistencies in the Mozilla JS Array extras implementations
-        with respect to the Mozilla implementation:
-
-          - holes in arrays should be skipped, not treated as undefined,
-            by all such methods
-          - an element with value undefined is not a hole
-          - Array.prototype.forEach should return undefined
-
-        * kjs/array_object.cpp:
-        (ArrayInstance::getOwnPropertySlot):
-        (ArrayProtoFunc::callAsFunction):
-
-2007-03-27  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_InvokeDefault):
-        Call JSObject:call for native JavaScript objects.
-
-2007-03-26  David Carson  <dacarson@gmail.com>
-
-        Reviewed by Darin, landed by Anders.
-
-        Fix for: REGRESSION (r19559): Java applet crash
-        http://bugs.webkit.org/show_bug.cgi?id=13142
-        <rdar://problem/5080340>
-
-        The previous fix http://bugs.webkit.org/show_bug.cgi?id=12636 
-        introduced new JNIType to enum in jni_utility.h This is a 
-        problem on the Mac as it seems that the JNIType enum is also
-        used in the JVM, it is used to specify the return type in
-        jni_objc.mm
-        Corrected the fix by moving type to the end, and changing
-        jni_objc.mm to convert the new type to an old compatible
-        type.
-
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_utility.h:
-
-2007-03-26  Christopher Brichford  <chrisb@adobe.com>
-
-        Reviewed/landed by Adam.
-
-        Bug 13198: Move build settings from project file to xcconfig file for apollo
-        port JSCore
-        http://bugs.webkit.org/show_bug.cgi?id=13198
-
-        - Moving build settings from xcode project file to xcconfig files.
-
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig:
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig:
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig:
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-03-26  Brady Eidson  <beidson@apple.com>
-
-        Rubberstamped by Anders and Maciej aand Geoff (oh my!)
-        
-        Since CFTypeRef is really void*, a RetainPtr couldn't be used. 
-        RefType was "void", which doesn't actually exist as a type.
-        Since RefType only existed for operator*(), and since that operator
-        doesn't make any sense for RetainPtr, I removed them!
-
-        * kjs/nodes.cpp: Touch this to force a rebuild and (hopefully) help the
-          compiler with dependencies
-        * wtf/RetainPtr.h: Nuke RefType and operator*()
-
-2007-03-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Touched a file to (hopefully) help the compiler with RetainPtr dependencies.
-
-        * kjs/nodes.cpp:
-        (Node::deref):
-
-2007-03-24  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Adam
-
-        Whoops, RetainPtr should be in the WTF namespace
-
-        * wtf/RetainPtr.h:
-
-2007-03-24  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Adam
-        
-        <rdar://problem/5086210> - Move RetainPtr to WTF
-
-        * wtf/RetainPtr.h: Added
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add it to the project file
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto
-
-
-2007-03-23  Christopher Brichford  <chrisb@adobe.com>
-
-        Reviewed/landed by Adam.
-
-        Bug 13175: Make apollo mac project files for JavaScriptCore actually
-        build something
-        http://bugs.webkit.org/show_bug.cgi?id=13175
-
-        - Changing apollo mac project files for JavaScriptCore such that they actually build
-        JavaScriptCore source code.
-
-        * JavaScriptCore.apolloproj/ForwardingSources/grammar.cpp: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig:
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-03-24  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Darin.
-
-        * Configurations/JavaScriptCore.xcconfig: Remove unnecessary INFOPLIST_PREPROCESS.
-
-2007-03-22  Christopher Brichford  <chrisb@adobe.com>
-
-        Reviewed/landed by Adam.
-
-        Bug 13164: Initial version of mac JavaScriptCore project files for
-        apollo port 
-        http://bugs.webkit.org/show_bug.cgi?id=13164
-
-        - Adding mac project files for apollo port of JavaScriptCore. Currently project
-        just builds dftables.
-
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Debug.xcconfig: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.Release.xcconfig: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcconfig: Added.
-        * JavaScriptCore.apolloproj/mac/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: Added.
-
-2007-03-21  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5076599> JavaScriptCore has a weak export (vtable for KJS::JSCell)
-
-        * JavaScriptCore.exp: Remove __ZTVN3KJS6JSCellE.
-
-2007-03-21  Adele Peterson  <adele@apple.com>
-
-        Reviewed by Geoff.
-
-        * API/JSStringRef.cpp: (JSStringIsEqual): Added JSLock.
-
-2007-03-21  Zack Rusin  <zrusin@trolltech.com>
-
-        Fix the compile when USE(MULTIPLE_THREADS) isn't
-        defined
-
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::currentThreadIsHoldingLock):
-
-2007-03-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff and Adam.
-        
-        - make USE(MULTIPLE_THREADS) support more portable
-        http://bugs.webkit.org/show_bug.cgi?id=13069
-        
-        - fixed a threadsafety bug discovered by testing this
-        
-        - enhanced threadsafety assertions in collector
-
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::~JSCallbackObject): This destructor can't
-        DropAllLocks around the finalize callback, because it gets called
-        from garbage collection and we can't let other threads collect!
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::currentThreadIsHoldingLock): Added new function
-        to allow stronger assertions than just that the lock is held
-        by some thread (you can now assert that the current thread is
-        holding it, given the new JSLock design).
-        * kjs/JSLock.h:
-        * kjs/collector.cpp: Refactored for portability plus added some
-        stronger assertions.
-        (KJS::Collector::allocate):
-        (KJS::currentThreadStackBase):
-        (KJS::Collector::registerAsMainThread):
-        (KJS::onMainThread):
-        (KJS::PlatformThread::PlatformThread):
-        (KJS::getCurrentPlatformThread):
-        (KJS::Collector::Thread::Thread):
-        (KJS::destroyRegisteredThread):
-        (KJS::Collector::registerThread):
-        (KJS::Collector::markCurrentThreadConservatively):
-        (KJS::suspendThread):
-        (KJS::resumeThread):
-        (KJS::getPlatformThreadRegisters):
-        (KJS::otherThreadStackPointer):
-        (KJS::otherThreadStackBase):
-        (KJS::Collector::markOtherThreadConservatively):
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::protect):
-        (KJS::Collector::unprotect):
-        (KJS::Collector::collectOnMainThreadOnly):
-        (KJS::Collector::markMainThreadOnlyObjects):
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocSetIsMultiThreaded):
-        * wtf/FastMallocInternal.h:
-        * wtf/Platform.h:
-
-2007-03-19  Darin Adler  <darin@apple.com>
-
-        * kjs/value.h: Roll ~JSValue change out. It was causing problems. I'll do it right later.
-
-2007-03-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John Sullivan.
-
-        Fixed <rdar://problem/5073380> REGRESSION: Crash occurs at WTF::fastFree() 
-        when reloading liveconnect page (applet)
-        
-        Best to use free when you use malloc, especially when malloc and delete
-        use completely different libraries.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::~JavaMethod):
-
-2007-03-19  Andrew Wellington  <proton@wiretapped.net>
-
-        Reviewed by Maciej.
-
-        Really set Xcode editor to use 4 space indentation (http://webkit.org/coding/coding-style.html)
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-03-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - Changed list size threshold to 5 based on testing.
-
-        I was testing the i-Bench JavaScript with the list statistics
-        dumping on, and discovered that there were many 5-element lists.
-        The fast case for lists was for 4 elements and fewer. By changing
-        the threshold to 5 elements we get a measurable speedup. I believe
-        this will help real web pages too, not just the benchmark.
-
-        * kjs/list.cpp: Change constant from 4 to 5.
-
-2007-03-19  Darin Adler  <darin@apple.com>
-
-        * kjs/value.h: Oops, fix build.
-
-2007-03-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - remove ~JSValue; tiny low-risk performance boost
-
-        * kjs/value.h: Remove unneeded empty virtual destructor from JSValue.
-        The only class derived from JSValue is JSCell and it already has a
-        virtual destructor. Declaring an empty constructor in JSValue had one
-        good effect: it marked the destructor private, making it a compile
-        time error to try to destroy a JSValue; but that's not a likely
-        mistake for someone to make. It had two bad effects: (1) it caused gcc,
-        at least, to generate code to fix up the virtual table pointer to
-        point to the JSValue version of the virtual table inside the destructor
-        of all classes derived from JSValue directly or indirectly; (2) it
-        caused JSValue to be a polymorphic class so required a virtual table for
-        it. It's cleaner to not have either of those.
-
-2007-03-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-        
-        - avoid static construction (and global variable access) in a smarter, more portable way,
-        to later enable MUTLI_THREAD mode to work on other platforms and compilers.
-        
-        * kjs/CommonIdentifiers.cpp: Added. New class to hold all the shared identifiers.
-        (KJS::CommonIdentifiers::CommonIdentifiers):
-        (KJS::CommonIdentifiers::shared):
-        * kjs/CommonIdentifiers.h: Added.
-
-        * kjs/ExecState.h:
-        (KJS::ExecState::propertyNames): Hand the CommonIdentifiers instance here for easy access.
-        (KJS::ExecState::ExecState):
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        * CMakeLists.txt:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * bindings/runtime_array.cpp:
-        (RuntimeArray::getOwnPropertySlot):
-        (RuntimeArray::put):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::getOwnPropertySlot):
-        * kjs/array_object.cpp:
-        (ArrayInstance::getOwnPropertySlot):
-        (ArrayInstance::put):
-        (ArrayInstance::deleteProperty):
-        (ArrayProtoFunc::ArrayProtoFunc):
-        (ArrayProtoFunc::callAsFunction):
-        (ArrayObjectImp::ArrayObjectImp):
-        * kjs/bool_object.cpp:
-        (BooleanPrototype::BooleanPrototype):
-        (BooleanProtoFunc::BooleanProtoFunc):
-        (BooleanProtoFunc::callAsFunction):
-        (BooleanObjectImp::BooleanObjectImp):
-        * kjs/completion.h:
-        (KJS::Completion::Completion):
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::DateProtoFunc):
-        (KJS::DateObjectImp::DateObjectImp):
-        (KJS::DateObjectFuncImp::DateObjectFuncImp):
-        * kjs/error_object.cpp:
-        (ErrorPrototype::ErrorPrototype):
-        (ErrorProtoFunc::ErrorProtoFunc):
-        (ErrorProtoFunc::callAsFunction):
-        (ErrorObjectImp::ErrorObjectImp):
-        (ErrorObjectImp::construct):
-        (NativeErrorPrototype::NativeErrorPrototype):
-        (NativeErrorImp::NativeErrorImp):
-        (NativeErrorImp::construct):
-        (NativeErrorImp::callAsFunction):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::getOwnPropertySlot):
-        (KJS::FunctionImp::put):
-        (KJS::FunctionImp::deleteProperty):
-        (KJS::FunctionImp::getParameterName):
-        (KJS::DeclaredFunctionImp::construct):
-        (KJS::IndexToNameMap::unMap):
-        (KJS::Arguments::Arguments):
-        (KJS::ActivationImp::getOwnPropertySlot):
-        (KJS::ActivationImp::deleteProperty):
-        (KJS::GlobalFuncImp::GlobalFuncImp):
-        * kjs/function_object.cpp:
-        (FunctionPrototype::FunctionPrototype):
-        (FunctionProtoFunc::FunctionProtoFunc):
-        (FunctionProtoFunc::callAsFunction):
-        (FunctionObjectImp::FunctionObjectImp):
-        (FunctionObjectImp::construct):
-        * kjs/grammar.y:
-        * kjs/identifier.cpp:
-        * kjs/identifier.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::init):
-        (KJS::Interpreter::initGlobalObject):
-        * kjs/interpreter.h:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        (MathFuncImp::MathFuncImp):
-        * kjs/nodes.cpp:
-        (ArrayNode::evaluate):
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::evaluate):
-        * kjs/number_object.cpp:
-        (NumberPrototype::NumberPrototype):
-        (NumberProtoFunc::NumberProtoFunc):
-        (NumberObjectImp::NumberObjectImp):
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-        (KJS::JSObject::defaultValue):
-        (KJS::JSObject::hasInstance):
-        * kjs/object.h:
-        (KJS::JSObject::getOwnPropertySlot):
-        * kjs/object_object.cpp:
-        (ObjectPrototype::ObjectPrototype):
-        (ObjectProtoFunc::ObjectProtoFunc):
-        (ObjectObjectImp::ObjectObjectImp):
-        * kjs/regexp_object.cpp:
-        (RegExpPrototype::RegExpPrototype):
-        (RegExpProtoFunc::RegExpProtoFunc):
-        (RegExpObjectImp::RegExpObjectImp):
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::getOwnPropertySlot):
-        (KJS::StringInstance::put):
-        (KJS::StringInstance::deleteProperty):
-        (KJS::StringPrototype::StringPrototype):
-        (KJS::StringProtoFunc::StringProtoFunc):
-        (KJS::StringProtoFunc::callAsFunction):
-        (KJS::StringObjectImp::StringObjectImp):
-        (KJS::StringObjectFuncImp::StringObjectFuncImp):
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::TestFunctionImp):
-
-2007-03-18  Andrew Wellington  <proton@wiretapped.net>
-
-        Reviewed by Mark Rowe
-        
-        Set Xcode editor to use 4 space indentation (http://webkit.org/coding/coding-style.html) 
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-03-19  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Brady.
-
-        Update references to bugzilla.opendarwin.org with bugs.webkit.org.
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        * kjs/grammar.y:
-        * kjs/keywords.table:
-        * kjs/lexer.cpp:
-        (KJS::Lexer::shift):
-
-2007-03-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Exposed some extra toUInt32 functionality, as part of the fix for
-        REGRESSION: Incomplete document.all implementation breaks abtelectronics.com 
-        (Style Change Through JavaScript Blanks Content)
-
-        * JavaScriptCore.exp:
-        * kjs/identifier.h:
-        (KJS::Identifier::toUInt32):
-
-2007-03-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed duplicate export name.
-        
-        * JavaScriptCore.exp:
-
-2007-03-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed <rdar://problem/5064964> Repro ASSERT failure in JS Bindings when 
-        closing window @ lowtrades.bptrade.com
-        
-        Unfortunately, the bindings depend on UString and Identifier as string 
-        representations. So, they need to acquire the JSLock when doing something
-        that will ref/deref their strings.
-
-        Layout tests, the original site, and Java, Flash, and Quicktime on the 
-        web work. No leaks reported. No automated test for this because testing 
-        the Java bindings, like math, is hard.
-        
-        * bindings/runtime.h: Made Noncopyable, just to be sure.
-        
-        * bindings/c/c_class.cpp: 
-        (KJS::Bindings::CClass::~CClass): Acquire the JSLock and explicitly clear the keys
-        in our hashtable, since they're UString::Reps, and ref/deref aren't thread-safe.
-        (KJS::Bindings::CClass::methodsNamed): Also acquire the JSLock when adding
-        keys to the table, since the table ref's them.
-        (KJS::Bindings::CClass::fieldNamed): ditto.
-
-        * bindings/c/c_utility.cpp: Removed dead function.
-        (KJS::Bindings::convertValueToNPVariant): Acquire the JSLock because doing
-        it recursively is pretty cheap, and it's just too confusing to tell whether
-        all our callers do it for us.
-        (KJS::Bindings::convertNPVariantToValue): ditto
-        * bindings/c/c_utility.h:
-
-        * bindings/jni/jni_class.cpp: Same deal as c_class.cpp.
-        (JavaClass::JavaClass):
-        (JavaClass::~JavaClass):
-
-        * bindings/jni/jni_instance.cpp: Same deal as c_utility.cpp.
-        (JavaInstance::stringValue):
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::convertValueToJObject):
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::~JavaMethod): Moved from header, for clarity.
-        (appendClassName): Made this static, so the set of callers is known, and
-        we can assert that we hold the JSLock. Also changed it to take a UString
-        reference, which makes the calling code simpler.
-        (JavaMethod::signature): Store the ASCII value we care about instead of
-        a UString, since UString is so much more hassle. Hold the JSLock while
-        building up the temporary UString.
-
-        * bindings/jni/jni_runtime.h: Nixed dead code in JavaMethod.
-        (KJS::Bindings::JavaString::JavaString): Hold a UString::Rep instead of
-        a UString, so we can acquire the JSLock and explicitly release it.
-        (KJS::Bindings::JavaString::_commonInit):
-        (KJS::Bindings::JavaString::~JavaString):
-        (KJS::Bindings::JavaString::UTF8String):
-        (KJS::Bindings::JavaString::uchars):
-        (KJS::Bindings::JavaString::length):
-        (KJS::Bindings::JavaString::ustring):
-
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertArrayInstanceToJavaArray): Made this static, so 
-        the set of callers is known, and we can assert that we hold the JSLock. 
-        (KJS::Bindings::convertValueToJValue): Acquire the JSLock because doing
-        it recursively is pretty cheap, and it's just too confusing to tell whether
-        all our callers do it for us.
-
-        * bindings/objc/objc_runtime.h: Nixed some dead code.
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertNSStringToString): Same drill as above.
-
-2007-03-18  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        http://bugs.webkit.org/show_bug.cgi?id=13105
-        REGRESSION: an exception raised when calculating base value of a dot expression is not returned
-
-        Test: fast/js/dot-node-base-exception.html
-
-        * kjs/nodes.cpp:
-        (FunctionCallDotNode::evaluate): Added the necessary KJS_CHECKEXCEPTIONVALUE.
-
-2007-03-18  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2007-03-17  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Made Version.xcconfig smarter when building for different configurations.
-        Now uses the 522+ OpenSource version for Debug and Release, while using the
-        full 522.4 version for Production builds. The system prefix is also computed
-        based on the current system, so 4522.4 on Tiger and 5522.4 on Leopard.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * Configurations/Version.xcconfig:
-
-2007-03-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed.
-        
-        - build fix
-
-        * wtf/TCSystemAlloc.cpp:
-
-2007-03-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff and Steve.
-        
-        - fix some portability issues with TCMalloc.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * kjs/config.h:
-        * wtf/FastMalloc.cpp:
-        (WTF::SizeClass):
-        (WTF::InitSizeClasses):
-        (WTF::TCMalloc_PageHeap::Split):
-        (WTF::TCMalloc_PageHeap::RegisterSizeClass):
-        (WTF::TCMalloc_Central_FreeList::length):
-        (WTF::TCMalloc_ThreadCache::InitTSD):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        * wtf/TCSpinLock.h:
-        * wtf/TCSystemAlloc.cpp:
-        (TryVirtualAlloc):
-        (TCMalloc_SystemAlloc):
-
-2007-03-15  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by John.
-
-        * Factored out most of our common build settings into .xcconfig files. Anything that was common in
-          each build configuration was factored out into the shared .xcconfig file.
-        * Adds a Version.xcconfig file to define the current framework version, to be used in other places.
-        * Use the new $(BUNDLE_VERSION) (defined in Version.xcconfig) in the preprocessed Info.plist.
-        * Use the versions defined in Version.xcconfig to set $(DYLIB_CURRENT_VERSION).
-
-        * Configurations/Base.xcconfig: Added.
-        * Configurations/DebugRelease.xcconfig: Added.
-        * Configurations/JavaScriptCore.xcconfig: Added.
-        * Configurations/Version.xcconfig: Added.
-        * Info.plist:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-03-16  Shrikant Gangoda  <shrikant.gangoda@celunite.com>
-
-        Gdk build fix.
-
-        * kjs/DateMath.cpp:  gettimeofday comes from <sys/time.h> on Linux.
-
-2007-03-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by .
-
-        - Fixed one more build breakage
-
-        * kjs/date_object.cpp:
-        (KJS::formatLocaleDate):
-
-2007-03-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by .
-
-        - Fixed a build breakage.
-
-        * kjs/DateMath.cpp:
-        * kjs/date_object.cpp:
-        (KJS::formatLocaleDate):
-        (KJS::DateObjectImp::construct):
-
-2007-03-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        - rdar://problem/5045720
-        - DST changes in US affect JavaScript date calculations (12975)
-        This fix was to ensure we properly test for the new changes to DST in the US.
-        Also this fixes when we apply DST, now we correctly map most past years to current
-        DST rules.  We still have a small issue with years before 1900 or after 2100.
-        rdar://problem/5055038
-
-        * kjs/DateMath.cpp: Fix DST to match spec better.
-        (KJS::getCurrentUTCTime):
-        (KJS::mimimumYearForDST):
-        (KJS::maximumYearForDST):
-        (KJS::equivalentYearForDST):
-        (KJS::getDSTOffset):
-        * kjs/DateMath.h: Consolodated common funtionality.
-        * kjs/date_object.cpp: Consolodated common functionality.
-        (KJS::formatLocaleDate):
-        (KJS::DateObjectImp::construct):
-        * tests/mozilla/ecma/jsref.js: Added functions for finding the correct days when DST starts and ends.
-        * tests/mozilla/ecma/shell.js: Added back in the old DST functions for ease of merging with mozilla if needed.
-        * tests/mozilla/ecma_2/jsref.js: Added functions for finding the correct days when DST starts and ends.
-        * tests/mozilla/ecma_3/Date/shell.js: Added functions for finding the correct days when DST starts and ends.
-        * tests/mozilla/expected.html: Updated to show all date tests passing.
-
-=== Safari-5522.4 ===
-
-2007-03-13  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by .
-
-        - Adding expected failures until the are truly fixed. 
-        - rdar://problem/5060302
-
-        * tests/mozilla/expected.html:
-
-2007-03-12  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by .
-
-        - Actually update tests for new DST rules.
-
-        * tests/mozilla/ecma/Date/15.9.3.1-1.js:
-        * tests/mozilla/ecma/Date/15.9.3.1-2.js:
-        * tests/mozilla/ecma/Date/15.9.3.1-3.js:
-        * tests/mozilla/ecma/Date/15.9.3.1-4.js:
-        * tests/mozilla/ecma/Date/15.9.3.1-5.js:
-        * tests/mozilla/ecma/Date/15.9.3.2-1.js:
-        * tests/mozilla/ecma/Date/15.9.3.2-2.js:
-        * tests/mozilla/ecma/Date/15.9.3.2-3.js:
-        * tests/mozilla/ecma/Date/15.9.3.2-4.js:
-        * tests/mozilla/ecma/Date/15.9.3.2-5.js:
-        * tests/mozilla/ecma/Date/15.9.3.8-1.js:
-        * tests/mozilla/ecma/Date/15.9.3.8-2.js:
-        * tests/mozilla/ecma/Date/15.9.3.8-3.js:
-        * tests/mozilla/ecma/Date/15.9.3.8-4.js:
-        * tests/mozilla/ecma/Date/15.9.3.8-5.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-1.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-10.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-11.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-12.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-13.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-2.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-3.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-4.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-5.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-6.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-7.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-8.js:
-        * tests/mozilla/ecma/Date/15.9.5.10-9.js:
-        * tests/mozilla/ecma/jsref.js:
-        * tests/mozilla/ecma_2/jsref.js:
-        * tests/mozilla/ecma_3/Date/shell.js:
-
-2007-03-12  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by .
-
-        - Update tests for new DST rules.
-
-        * tests/mozilla/ecma/shell.js:
-
-2007-03-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed <rdar://problem/4681051> Installer crashes in KJS::Collector::
-        markOtherThreadConservatively(KJS::Collector::Thread*) trying to install 
-        iLife 06 using Rosetta on an Intel Machine
-        
-        The problem was that our thread-specific data destructor would modify the
-        list of active JavaScript threads without holding the JSLock, corrupting
-        the list. Corruption was especially likely if one JavaScript thread exited 
-        while another was starting up.
-
-        * JavaScriptCore.exp:
-        * kjs/JSLock.cpp: Don't conflate locking the JSLock with registering a
-        thread, since the thread-specific data destructor needs to lock
-        without registering a thread. Instead, treat thread registration as a
-        part of the convenience of the JSLock object, and whittle down JSLock::lock()
-        to just the bits that actually do the locking.
-        (KJS::JSLock::lock):
-        (KJS::JSLock::registerThread):
-        * kjs/JSLock.h: Updated comments to mention the new behavior above, and
-        other recent changes.
-        (KJS::JSLock::JSLock):
-        * kjs/collector.cpp:
-        (KJS::destroyRegisteredThread): Lock here.
-        (KJS::Collector::registerThread): To match, assert that we're locked here.
-
-2007-03-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fixed <rdar://problem/4587763> PAC file: lock inversion between QT and 
-        JSCore causes a hang @ www.panoramas.dk
-        
-        With a PAC file, run-webkit-tests --threaded passes, the reported site
-        works, and all the Quicktime/JavaScript and Flash/JavaScript examples
-        I found through Google work, too.
-        
-        Any time JavaScript causes arbitrary non-JavaScript code to execute, it 
-        risks deadlock, because that code may block, trying to acquire a lock 
-        owned by a thread that is waiting to execute JavaScript. In this case,
-        the thread was a networking thread that was waiting to interpret a PAC file.
-        
-        Because non-JavaScript code may execute in response to, well, anything,
-        a perfect solution to this problem is impossible. I've implemented an
-        optimistic solution, instead: JavaScript will drop its lock whenever it
-        makes a direct call to non-JavaScript code through a bridging/plug-in API,
-        but will blissfully ignore the indirect ways it may cause non-JavaScript 
-        code to run (resizing a window, for example). 
-        
-        Unfortunately, this solution introduces significant locking overhead in 
-        the bridging APIs. I don't see a way around that.
-
-        This patch includes some distinct bug fixes I saw along the way:
-        
-        * bindings/objc/objc_instance.mm: Fixed a bug where a nested begin() call
-        would leak its autorelease pool, because it would NULL out _pool without
-        draining it.
-
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::methodGetter): Don't copy an Identifier to ASCII only
-        to turn around and make an Identifier from the ASCII. In an earlier 
-        version of this patch, the copy caused an assertion failure. Now it's 
-        just unnecessary work.
-        (RuntimeObjectImp::getOwnPropertySlot): ditto
-
-        * bindings/objc/objc_instance.h: Removed overrides of setVAlueOfField and
-        getValueOfField, because they did exactly what the base class versions did.
-        Removed overrides of Noncopyable declarations for the same reason.
-
-        * bindings/runtime.h: Inherit from Noncopyable instead of rolling our own.
-        * bindings/c/c_instance.h: ditto
-
-        And the actual patch:
-        
-        * API/JSCallbackConstructor.cpp: Drop all locks when calling out to C.
-        (KJS::JSCallbackConstructor::construct):
-        * API/JSCallbackFunction.cpp: ditto
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackObject.cpp: ditto
-        (KJS::JSCallbackObject::init):
-        (KJS::JSCallbackObject::~JSCallbackObject):
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::hasInstance):
-        (KJS::JSCallbackObject::callAsFunction):
-        (KJS::JSCallbackObject::getPropertyNames):
-        (KJS::JSCallbackObject::toNumber):
-        (KJS::JSCallbackObject::toString):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        
-        * bindings/c/c_instance.cpp: Drop all locks when calling out to C.
-        (KJS::Bindings::CInstance::invokeMethod):
-        (KJS::Bindings::CInstance::invokeDefaultMethod):
-        * bindings/c/c_runtime.cpp: Drop all locks when calling out to C.
-        (KJS::Bindings::CField::valueFromInstance):
-        (KJS::Bindings::CField::setValueToInstance):
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall): Drop all locks when calling out to Java.
-
-        * bindings/objc/objc_instance.mm: The changes here are to accomodate the
-        fact that C++ unwinding of DropAllLocks goes crazy when you put it inside
-        a @try block. I moved all JavaScript stuff outside of the @try blocks, and 
-        then prefixed the whole blocks with DropAllLocks objects. This required some
-        supporting changes in other functions, which now acquire the JSLock for
-        themselves, intead of relying on their callers to do so.
-        (ObjcInstance::end):
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-        (ObjcInstance::setValueOfUndefinedField):
-        (ObjcInstance::getValueOfUndefinedField):
-        * bindings/objc/objc_runtime.mm: Same as above, except I didn't want to
-        change throwError to acquire the JSLock for itself.
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        * bindings/objc/objc_utility.mm: Supporting changes mentioned above.
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-
-        * kjs/JSLock.cpp: 
-        (1) Fixed DropAllLocks to behave as advertised, and drop the JSLock only 
-        if the current thread actually acquired it in the first place. This is 
-        important because WebKit needs to ensure that the JSLock has been 
-        dropped before it makes a plug-in call, even though it doesn't know if 
-        the current thread actually acquired the JSLock. (We don't want WebKit
-        to accidentally drop a lock belonging to *another thread*.)
-        (2) Used the new per-thread code written for (1) to make recursive calls
-        to JSLock very cheap. JSLock now knows to call pthread_mutext_lock/ 
-        pthread_mutext_unlock only at nesting level 0.
-        (KJS::createDidLockJSMutex):
-        (KJS::JSLock::lock):
-        (KJS::JSLock::unlock):
-        (KJS::DropAllLocks::DropAllLocks):
-        (KJS::DropAllLocks::~DropAllLocks):
-        (KJS::JSLock::lockCount):
-        * kjs/JSLock.h: Don't duplicate Noncopyable.
-        (KJS::JSLock::~JSLock):
-
-        * wtf/Assertions.h: Blind attempt at helping the Windows build.
-
-2007-03-08  Darin Fisher  <darin@chromium.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=13018
-        Bug 13018: allow embedders to override the definition of CRASH.
-
-        * wtf/Assertions.h: make it possible to override CRASH.
-
-2007-03-07  Huan Ren  <huanr@chromium.org>
-
-        Reviewed by Maciej.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=12535
-        Bug 12535: Stack-optimizing compilers can trick GC into freeing in-use objects
-
-        * kjs/internal.cpp:
-        (KJS::StringImp::toObject): Copy val onto the stack so it is not subject to garbage collection.
-
-2007-03-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix for non-multiple-thread folks.
-        
-        Use a shared global in the non-multiple-thread case.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::isForbidden):
-        (WTF::fastMallocForbid):
-        (WTF::fastMallocAllow):
-
-2007-03-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed ASSERT failure I just introduced.
-        
-        Made the fastMalloc isForbidden flag per thread. (Oops!) We expect that
-        other threads will malloc while we're marking -- we just want to prevent
-        our own marking from malloc'ing.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::initializeIsForbiddenKey):
-        (WTF::isForbidden):
-        (WTF::fastMallocForbid):
-        (WTF::fastMallocAllow):
-        (WTF::fastMalloc):
-        (WTF::fastCalloc):
-        (WTF::fastFree):
-        (WTF::fastRealloc):
-        (WTF::do_malloc):
-
-2007-03-07  Shrikant Gangoda  <shrikant.gangoda@celunite.com>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=12997
-
-        Wrap pthread-specific assertion in #if USE(MULTIPLE_THREADS).
-
-        * kjs/collector.cpp:
-        (KJS::Collector::markMainThreadOnlyObjects):
-
-2007-03-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed <rdar://problem/4576242> | http://bugs.webkit.org/show_bug.cgi?id=12586
-        PAC file: malloc deadlock sometimes causes a hang @ www.apple.com/pro/profiles/ (12586)
-        
-        This is a modified version of r14752 on the branch.
-        
-        These changes just add debugging functionality. They ASSERT that we don't 
-        malloc during the mark phase of a garbage collection, which can cause a
-        deadlock.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocForbid):
-        (WTF::fastMallocAllow):
-        (WTF::fastMalloc):
-        (WTF::fastCalloc):
-        (WTF::fastFree):
-        (WTF::fastRealloc):
-        (WTF::do_malloc):
-        * wtf/FastMalloc.h:
-
-2007-03-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed all known crashers exposed by run-webkit-tests --threaded. This covers:
-
-        <rdar://problem/4565394> | http://bugs.webkit.org/show_bug.cgi?id=12585 
-            PAC file: after closing a window that contains macworld.com, new window 
-            crashes (KJS::PropertyMap::mark()) (12585)
-        <rdar://problem/4571215> | http://bugs.webkit.org/show_bug.cgi?id=9211
-            PAC file: Crash occurs when clicking on the navigation tabs at http://www.businessweek.com/ (9211)
-        <rdar://problem/4557926> 
-            PAC file: Crash occurs when attempting to view image in slideshow mode 
-            at http://d.smugmug.com/gallery/581716 ( KJS::IfNode::execute (KJS::
-            ExecState*) + 312) if you use a PAC file
-
-        (1) Added some missing JSLocks, along with related ASSERTs.
-        
-        (2) Fully implemented support for objects that can only be garbage collected
-        on the main thread. So far, only WebCore uses this. We can add it to API
-        later if we learn that it's needed. 
-        
-        The implementation uses a "main thread only" flag inside each object. When 
-        collecting on a secondary thread, the Collector does an extra pass through 
-        the heap to mark all flagged objects before sweeping. This solution makes
-        the common case -- flag lots of objects, but never collect on a secondary 
-        thread -- very fast, even though the uncommon case of garbage collecting
-        on a secondary thread isn't as fast as it could be. I left some notes 
-        about how to speed it up, if we ever care.
-        
-        For posterity, here are some things I learned about GC while investigating:
-        
-        * Each collect must either mark or delete every heap object. "Zombie" 
-        objects, which are neither marked nor deleted, raise these issues:
-
-            * On the next pass, the conservative marking algorithm might mark a 
-            zombie, causing it to mark freed objects.
-
-            * The client might try to use a zombie, which would seem live because 
-            its finalizer had not yet run.
-
-        * A collect on the main thread is free to delete any object. Presumably, 
-        objects allocated on secondary threads have thread-safe finalizers.
-
-        * A collect on a secondary thread must not delete thread-unsafe objects.
-
-        * The mark function must be thread-safe.
-        
-        Line by line comments:
-
-        * API/JSObjectRef.h: Added comment specifying that the finalize callback 
-        may run on any thread.
-
-        * JavaScriptCore.exp: Nothing to see here.
-
-        * bindings/npruntime.cpp:
-        (_NPN_GetStringIdentifier): Added JSLock.
-
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::~ObjcInstance): Use an autorelease pool. The other callers 
-        to CFRelease needed one, too, but they were dead code, so I removed them 
-        instead. (This fixes a leak seen while running run-webkit-tests --threaded,
-        although I don't think it's specifically a threading issue.) 
-        
-        * kjs/collector.cpp:
-        (KJS::Collector::collectOnMainThreadOnly): New function. Tells the collector
-        to collect a value only if it's collecting on the main thread.
-        (KJS::Collector::markMainThreadOnlyObjects): New function. Scans the heap
-        for "main thread only" objects and marks them.
-
-        * kjs/date_object.cpp: 
-        (KJS::DateObjectImp::DateObjectImp): To make the new ASSERTs happy, allocate 
-        our globals on the heap, avoiding a seemingly unsafe destructor call at 
-        program exit time.
-        * kjs/function_object.cpp:
-        (FunctionPrototype::FunctionPrototype): ditto
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::mark): Removed boolean parameter, which was an incomplete
-        and arguably hackish way to implement markMainThreadOnlyObjects() inside WebCore.
-        * kjs/interpreter.h:
-
-        * kjs/identifier.cpp:
-        (KJS::identifierTable): Added some ASSERTs to check for thread safety 
-        problems.
-
-        * kjs/list.cpp: Added some ASSERTs to check for thread safety problems.
-        (KJS::allocateListImp):
-        (KJS::List::release):
-        (KJS::List::append):
-        (KJS::List::empty): Make the new ASSERTs happy.
-
-        * kjs/object.h:
-        (KJS::JSObject::JSObject): "m_destructorIsThreadSafe" => "m_collectOnMainThreadOnly".
-        I removed the constructor parameter because m_collectOnMainThreadOnly,
-        like m_marked, is a Collector bit, so only the Collector should set or get it.
-
-        * kjs/object_object.cpp:
-        (ObjectPrototype::ObjectPrototype): Make the ASSERTs happy.
-        * kjs/regexp_object.cpp:
-        (RegExpPrototype::RegExpPrototype): ditto
-
-        * kjs/ustring.cpp: Added some ASSERTs to check for thread safety problems.
-        (KJS::UCharReference::ref): 
-        (KJS::UString::Rep::createCopying):
-        (KJS::UString::Rep::create):
-        (KJS::UString::Rep::destroy):
-        (KJS::UString::null): Make the new ASSERTs happy.
-        * kjs/ustring.h:
-        (KJS::UString::Rep::ref): Added some ASSERTs to check for thread safety problems.
-        (KJS::UString::Rep::deref):
-
-        * kjs/value.h:
-        (KJS::JSCell::JSCell):
-
-2007-03-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        2% speedup on super accurate JS iBench.
-
-        (KJS::Collector::collect): Removed anti-optimization to call
-        pthread_is_threaded_np() before calling pthread_main_np(). Almost all 
-        apps have more than one thread, so the extra call is actually worse.
-        Interestingly, even the single-threaded testkjs shows a speed gain
-        from removing the pthread_is_threaded_np() short-circuit. Not sure why.
-
-2007-03-04  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Nikolas Zimmermann.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=12950
-          Assertions.cpp should not #define macros that are already defined
-
-        * wtf/Assertions.cpp: Don't #define WINVER and _WIN32_WINNT if they
-        are already defined.
-
-2007-03-02  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Anders.
-        
-        Add unsigned int hash traits (matches existing unsigned long version)
-
-        * wtf/HashTraits.h:
-        (WTF::):
-
-2007-03-02  Adam Roben  <aroben@apple.com>
-
-        Reviewed by Kevin M.
-
-        Try to fix the Qt build.
-
-        * kjs/DateMath.cpp:
-        (KJS::msToGregorianDateTime): Removed unnecessary "struct" keyword.
-        * kjs/DateMath.h: Moved forward declarations to the top of the file
-        before they are used.
-        * kjs/date_object.cpp:
-        (KJS::formatLocaleDate): Changed to take a const GregorianDateTime&
-        since GregorianDateTime is Noncopyable.
-
-2007-03-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin McCullough.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=12867
-          REGRESSION: BenchJS test 7 (dates) is 220% slower than in Safari 2.0.4
-
-        * kjs/DateMath.h: Marked GregorianDateTime as noncopyable, since it has a non-trivial
-        destructor and not the correspoding copy constructor or assignment operator.
-        Changed the GregorianDateTime constructor to use member initialization syntax.
-        Fixed the destructor to use the array delete operator, since timeZone is an array.
-
-        * kjs/DateMath.cpp:
-        (KJS::daysInYear): Changed to call isLeapYear so the rule is not repeated twice.
-        (KJS::getUTCOffset): Added caching on PLATFORM(DARWIN), since we can rely on the
-        notify_check function and "com.apple.system.timezone" to let us know when the
-        offset has changed.
-
-2007-02-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Follow-up to fixing http://bugs.webkit.org/show_bug.cgi?id=12659 | <rdar://problem/4954306>
-        JS objects not collected after closing window @ ebay.com/maps.google.com
-        
-        Changed Interpreter cache of global constructors and prototypes from
-        ProtectedPtrs to bare, marked pointers. ProtectedPtrs are inefficient,
-        and they increase the risk of reference cycles. Also, Darin said something
-        about ProtectedPtrs giving him warts.
-        
-        Also changed data members to precise types from generic JSObject*'s.
-        
-        Layout tests and JS tests pass.
-
-        * kjs/SavedBuiltins.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::init):
-        (KJS::Interpreter::~Interpreter):
-        (KJS::Interpreter::initGlobalObject): Moved Identifier::init() call to
-        constructor, for clarity.
-        (KJS::Interpreter::mark):
-        * kjs/interpreter.h:
-
-2007-02-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=12659 | <rdar://problem/4954306>
-        JS objects not collected after closing window @ ebay.com/maps.google.com
-
-        Don't GC in the Interpreter destructor. For that to work, the Interpreter
-        would have to NULL out all of its ProtectedPtrs before calling collect(). But 
-        we've decided that we don't want things to work that way, anyway. We want the
-        client to be in charge of manual GC so that it can optimize cases when
-        it will be destroying many interpreters at once
-        (e.g., http://bugs.webkit.org/show_bug.cgi?id=12900).
-        
-        Also removed Interpreter::collect() because it was redundant with 
-        Collector::collect().
-
-        * JavaScriptCore.exp:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::~Interpreter):
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-
-2007-02-26  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Adam Roben.
-
-        Rename *_SUPPORT defines to ENABLE_*.
-
-        * jscore.bkl:
-
-2007-02-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Lars.
-        
-        - <rdar://problem/5021698> Disable experimental SVG features (12883)
-
-        * wtf/Platform.h: Add ENABLE() macro similar to HAVE() and USE(), to
-        allow nicer handling of optional WebKit features.
-
-2007-02-22  George Staikos  <staikos@kde.org>
-
-        Reviewed by Lars.
-
-        Add return values
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-
-2007-02-22  Oscar Cwajbaum  <public@oscarc.net>
-
-        Reviewed by Maciej.
-
-        Fix ARM-specific alignment problem in FastMalloc
-        http://bugs.webkit.org/show_bug.cgi?id=12841
-
-        * wtf/FastMalloc.cpp:
-        Modify how pageheap_memory is declared to ensure proper alignment
-        on architectures such as ARM
-
-2007-02-20  Zack Rusin  <zrusin@trolltech.com>
-
-        Reviewed by Lars
-
-        Make sure that non-void methods always return something.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::foldCase):
-
-2007-02-18  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Adam Roben.
-
-        Fix cases where MSVC-specific code was identified as Win32 platform
-        code. (as it should be compiled for e.g. wx port when using MSVC too)
-        
-        * wtf/Assertions.h: 
-        * wtf/MathExtras.h:
-        * wtf/StringExtras.h:
-        changed PLATFORM(WIN) sections to COMPILER(MSVC) as necessary
-
-2007-02-17  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Adam Roben.
-
-        Fix crashes on ARM due to different struct packing. Based on a patch
-        by Mike Emmel.
-        * kjs/ustring.cpp: compile-time assert to make sure sizeof(UChar) == 2
-        * kjs/ustring.h: pack UChar struct to ensure that sizeof(UChar) == 2
-        * wtf/Assertions.h: add COMPILE_ASSERT macro for compile-time assertions
-
-2007-02-16  George Staikos  <staikos@kde.org>
-
-        Reviewed by Maciej.
-
-        Fix uninitialized variable
-
-        * bindings/testbindings.cpp:
-        (myAllocate):
-
-2007-02-16  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Mitz.
-
-        http://bugs.webkit.org/show_bug.cgi?id=12788
-        REGRESSION: Going back one page in history has a noticeable delay
-        
-        Um...if all elements in two vectors are equal, then I guess we could say that
-        the two vectors are equal too.
-        
-        * wtf/Vector.h:
-        (WTF::):
-
-2007-02-14  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-
-        Add new canCompareWithMemcmp vector trait and use it to determine whether
-        operator== can use memcmp.
-        
-        * wtf/Vector.h:
-        (WTF::):
-        (WTF::VectorTypeOperations::compare):
-        (WTF::operator==):
-        * wtf/VectorTraits.h:
-        (WTF::):
-
-2007-02-13  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Darin
-        
-        Tweaked vector a bit
-
-        * wtf/Vector.h:
-        (WTF::operator==):
-
-2007-02-13  Matt Perry  <mpcomplete@chromium.org>
-
-        Reviewed by Darin.
-
-        - fix for http://bugs.webkit.org/show_bug.cgi?id=12750
-          Vector operator== was not defined correctly. It returned void,
-          did not accept const Vectors, and used an int instead of size_t. 
-
-        * wtf/Vector.h: fixed comparison operators
-        (WTF::operator==):
-        (WTF::operator!=):
-
-2007-02-10  David Carson  <dacarson@gmail.com>
-
-        Reviewed by Maciej.
-
-        - fix for http://bugs.webkit.org/show_bug.cgi?id=12636
-        Corrected the generation of method signatures when the parameter
-        is an Array. 
-        Added support for converting a Javascript array to a Java array.
-
-        * bindings/jni/jni_utility.h: added new type for array, array_type
-        * bindings/jni/jni_runtime.cpp: add support for new array type
-        (JavaField::valueFromInstance):
-        (JavaField::setValueToInstance):
-        (JavaMethod::JavaMethod):
-        (JavaMethod::signature):
-        * bindings/jni/jni_utility.cpp: add support for new array type
-        (KJS::Bindings::callJNIMethod):
-        (KJS::Bindings::callJNIStaticMethod):
-        (KJS::Bindings::callJNIMethodIDA):
-        (KJS::Bindings::JNITypeFromClassName):
-        (KJS::Bindings::signatureFromPrimitiveType):
-        (KJS::Bindings::JNITypeFromPrimitiveType):
-        (KJS::Bindings::getJNIField):
-        (KJS::Bindings::convertArrayInstanceToJavaArray): new method
-        converts the Javascript array to the requested Java array.
-        (KJS::Bindings::convertValueToJValue):
-
-2007-02-08  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/4930614>
-        Safari complains about "Slow Script" if GMail is left open and machine is busy
-        
-        <rdar://problem/4649516>
-        Turn off slow script dialog or crank up time that makes it come up
-        
-        <rdar://problem/4963589>
-        Slow script warning is displayed after closing of PROMPT or PRINT dialog
-        
-        Re-do the way script timeouts are handled. No longer use a unix timer that sends signals. Instead, add a 
-        tick count and increment it in loop bodies. If the tick count reaches a threshold, do a timeout check. If the total time executing
-        is higher than the timeout value, (possibly) interrupt the script. The timeout checker also adjusts the threshold dynamically
-        to prevent doing the timeout check too often.
-         
-        * JavaScriptCore.exp:
-        Remove pause and resume calls.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Add winmm.lib.
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::init):
-        (KJS::Interpreter::~Interpreter):
-        (KJS::Interpreter::startTimeoutCheck):
-        (KJS::Interpreter::stopTimeoutCheck):
-        (KJS::Interpreter::resetTimeoutCheck):
-        (KJS::getCurrentTime):
-        (KJS::Interpreter::checkTimeout):
-        * kjs/interpreter.h:
-        (KJS::Interpreter::timedOut):
-        * kjs/nodes.cpp:
-        (DoWhileNode::execute):
-        (WhileNode::execute):
-        (ForNode::execute):
-
-2007-02-07  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Reenable testkjs.
-
-2007-02-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - another build fix; this time for sure
-
-        * pcre/pcre_exec.c: (match):
-        The compiler caught an incorrect use of the othercase variable across
-        a call to RMATCH in character repeat processing. Local variables can
-        change in the crazy NO_RECURSE mode that we use, so we instead need
-        the value in othercase to be in one of the special stack frame variables.
-        Added a new stack frame variable for this purpose named repeat_othercase.
-        Also noted a similar error in the non-UTF-16 side of the #ifdef, but
-        didn't try to fix that one. Also removed a SUPPORT_UCP #ifdef from the
-        PCRE_UTF16 side; that code doesn't work without the Unicde properties
-        table, and we don't try to use it that way.
-
-2007-02-06  Steve Falkenburg  <sfalken@apple.com>
-
-        Disable testkjs in sln until we figure out mysterious compiler warning.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-
-2007-02-06  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix by ggaren
-
-        * pcre/pcre_exec.c:
-        (match):
-
-2007-02-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix <rdar://problem/4979089> PCRE should avoid setjmp/longjmp even when compiler
-          is not GCC
-
-        Added a new code path that's slower and way uglier but doesn't rely on GCC's
-        computed gotos.
-
-        * pcre/pcre_exec.c: Added a numeric parameter to the RMATCH function. It must be
-        different at every RMATCH call site. Changed the non-GCC NO_RECURSE version of
-        the macro to use a label incorporating the number. Changed the RRETURN macro to
-        use a goto instead of longjmp.
-        (match): Added a different number at each callsite, using a perl script for the
-        first-time task. Going forward it should be easy to maintain by hand. Added a
-        switch statement at the bottom of the function. We'll get compile time errors
-        if we have anything in the switch statement that's never used in an RMATCH,
-        but errors in the other direction are silent except at runtime.
-
-2007-02-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - fix <rdar://problem/4687840> 9A241: JavaScript RegExp 25-30x slower than on 10.4.7
-
-        I used Shark to figure out what to do. The test case is now 15% faster than with
-        stock Safari. Some other regular expression cases might still be a few % slower
-        than before, but the >10x slowdown is now completely gone.
-
-        1) Fix slowness caused by setjmp/longjmp by using computed goto instead.
-
-        Use GCC extensions - locally declared labels, labels as values, and computed goto -
-        instead of using setjmp/longjmp to implemement non-recursive version of the regular
-        expression system. We could probably make this even faster if we reduced the use
-        of malloc a bit too.
-
-        2) Fix slowness caused by allocating heapframe objects by allocating the first
-           16 of them from the stack.
-
-        3) Speed up use of malloc and free in PCRE by making it use fastMalloc and fastFree.
-
-        4) Speed up the test case by adding a special case to a UString function.
-
-        5) Made a small improvement to the innermost hottest loop of match by hoisting
-           the conversion from int to pcre_uchar out of the loop.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Compile FastMallocPCRE.cpp, and don't
-        compile pcre_globals.c.
-
-        * wtf/FastMallocPCRE.cpp: Added. A copy of pcre_globals.c that uses FastMalloc.h.
-        This is better than code that sets the PCRE allocation globals because by doing it
-        this way there's guaranteed to be no problem with order of initialization.
-
-        * kjs/ustring.cpp: (KJS::UString::spliceSubstringsWithSeparators): Add a fast
-        special case when this is called for only one subrange and no seaprators. This
-        was happening a lot in the test case and it seems quite reasonable to optimize this.
-
-        * pcre/pcre_exec.c: Create a copy of the RMATCH and RRETURN macros that use goto
-        instead of setjmp/longjmp. Change code that calls pcre_stack_malloc to first use
-        storage on the stack inside the match function.
-        (match): Move initialization of utf8 up a couple lines to avoid "possibly used
-        uninitialized" warning. Use a local variable so we compare with pcre_uchar instead
-        of with int inside the inner "find a character" loop.
-
-2007-02-03  George Staikos  <staikos@kde.org>
-
-        Reviewed by Alexey.
-
-        -1 is not a valid point.  We can't handle anything > 0xffff anyway.
-        Fixes crash on cases like eval("x");
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::category):
-
-2007-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - fix copying and assigning a ListHashSet
-
-        No test because the code path with bugs I am fixing is not used yet.
-
-        * wtf/ListHashSet.h: Tweaked ListHashSetNodeAllocator a little bit for clarity.
-        Changed m_allocator to be an OwnPtr instead of doing an explicit delete.
-        Fixed bug in copy constructor where we'd have an uninitialized m_allocator.
-        Fixed bug in assignment operator where it would swap only the hash table, and
-        not the head, tail, and allocator pointers.
-
-2007-02-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Use WTFLog instead of fprintf for logging KJS::Node leaks.
-
-        * kjs/nodes.cpp:
-        (NodeCounter::~NodeCounter): Changed count to unsigned, updated
-        to match style guidelines.
-
-2007-02-02  Maciej Stachowiak  <mjs@apple.com>
-
-        - not reviewed, build fix
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetNodeAllocator::ListHashSetNodeAllocator): ummm, use union correctly
-
-2007-02-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - use a custom allocator for ListHashSet, to fix ~1% perf regression using it for form control
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetNodeAllocator::ListHashSetNodeAllocator):
-        (WTF::ListHashSetNodeAllocator::allocate):
-        (WTF::ListHashSetNodeAllocator::deallocate):
-        (WTF::ListHashSetNode::operator new):
-        (WTF::ListHashSetNode::operator delete):
-        (WTF::ListHashSetNode::destroy):
-        (WTF::ListHashSetTranslator::translate):
-        (WTF::::ListHashSet):
-        (WTF::::~ListHashSet):
-        (WTF::::add):
-        (WTF::::unlinkAndDelete):
-        (WTF::::deleteAllNodes):
-
-2007-01-31  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam.
-        
-        - fix sporadic crash
-
-        * wtf/ListHashSet.h:
-        (WTF::::remove): remove before deleting
-
-2007-01-31  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark with help from Lars.
-        
-        - added new ListHashSet class, which combines a hashtable and a linked list to provide a set
-        that keeps elements in inserted order
-        
-        This is to assist in fixing the following:
-        <rdar://problem/4751164> REGRESSION: Safari places text on incorrect button when returning to a page via back [10541]
-        http://bugs.webkit.org/show_bug.cgi?id=10541
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/HashTable.h:
-        (WTF::HashTable::find):
-        (WTF::HashTable::contains):
-        (WTF::::find):
-        (WTF::::contains):
-        * wtf/ListHashSet.h: Added.
-        (WTF::ListHashSetNode::ListHashSetNode):
-        (WTF::ListHashSetNodeHashFunctions::hash):
-        (WTF::ListHashSetNodeHashFunctions::equal):
-        (WTF::ListHashSetIterator::ListHashSetIterator):
-        (WTF::ListHashSetIterator::get):
-        (WTF::ListHashSetIterator::operator*):
-        (WTF::ListHashSetIterator::operator->):
-        (WTF::ListHashSetIterator::operator++):
-        (WTF::ListHashSetIterator::operator--):
-        (WTF::ListHashSetIterator::operator==):
-        (WTF::ListHashSetIterator::operator!=):
-        (WTF::ListHashSetIterator::operator const_iterator):
-        (WTF::ListHashSetIterator::node):
-        (WTF::ListHashSetConstIterator::ListHashSetConstIterator):
-        (WTF::ListHashSetConstIterator::get):
-        (WTF::ListHashSetConstIterator::operator*):
-        (WTF::ListHashSetConstIterator::operator->):
-        (WTF::ListHashSetConstIterator::operator++):
-        (WTF::ListHashSetConstIterator::operator--):
-        (WTF::ListHashSetConstIterator::operator==):
-        (WTF::ListHashSetConstIterator::operator!=):
-        (WTF::ListHashSetConstIterator::node):
-        (WTF::ListHashSetTranslator::hash):
-        (WTF::ListHashSetTranslator::equal):
-        (WTF::ListHashSetTranslator::translate):
-        (WTF::::ListHashSet):
-        (WTF::::operator):
-        (WTF::::~ListHashSet):
-        (WTF::::size):
-        (WTF::::capacity):
-        (WTF::::isEmpty):
-        (WTF::::begin):
-        (WTF::::end):
-        (WTF::::find):
-        (WTF::::contains):
-        (WTF::::add):
-        (WTF::::remove):
-        (WTF::::clear):
-        (WTF::::unlinkAndDelete):
-        (WTF::::appendNode):
-        (WTF::::deleteAllNodes):
-        (WTF::::makeIterator):
-        (WTF::::makeConstIterator):
-        (WTF::deleteAllValues):
-
-2007-01-30  Darin Adler  <darin@apple.com>
-
-        * kjs/DateMath.cpp: Fix license header to reflect LGPL as the first license
-        mentioned. We still mention the option of using under MPL or GPL since some
-        of this code came from the Mozilla project with those license terms.
-
-2007-01-30  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Zack.
-
-        Turned JavaScriptCore from a separate library into an includable
-        project, to combine it all into libWebKitQt.
-
-        * JavaScriptCore.pri: Added.
-        * JavaScriptCore.pro: Removed.
-        * kjs/testkjs.pro:
-
-2007-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fixed <rdar://problem/4485644> REGRESSION: JavaScriptCore has init routines
-        
-        The TCMalloc module now initializes, if needed, inside GetCache() and 
-        fastMallocSetIsMultiThreaded(). We leverage the same synchronization 
-        technique used for enabling / disabling the single-threaded optimization 
-        to synchronize initialization of the library without requiring a lock 
-        for every malloc.
-        
-        1,251 runs of tcmalloc_unittest, 2 runs of a custom, massively multi-threaded 
-        tcmalloc_unittest, and my custom version of the PLT show no regressions.
-        Super-accurate JS iBench reports a .24% regression, which is right at the
-        limit of its error range, so I'm declaring victory.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocSetIsMultiThreaded): Initialize, if needed. (InitModule()
-        checks the "if needed" part.)
-        (WTF::TCMalloc_ThreadCache::GetCache): Restored original TCMalloc code
-        inside #ifdef, for posterity. Added new initialization logic.
-        (WTF::TCMalloc_ThreadCache::InitModule): Call InitTSD(), since we don't
-        have a static initializer to call it for us, now. This means that fastMalloc
-        is not usable as a general libc allocator, but it never was, and if it were
-        the general libc allocator, we wouldn't be here in the first place, so whatever.
-        (WTF::TCMalloc_ThreadCache::InitTSD): Don't try to take the pageheap_lock, 
-        since InitModule already has it.
-
-2007-01-29  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Geoff and Oliver.
-
-        - rdar://problem/4955561
-        - missusing JavaScript shouldn't crash webkit.  Now it doesn't, in this case.
-
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::callAsFunction):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::callAsFunction):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::callAsFunction):
-
-2007-01-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        First step in fixing <rdar://problem/4485644> REGRESSION: JavaScriptCore 
-        has init routines
-        
-        Don't rely on a static initializer to store the main thread's ID (which
-        we would use to detect allocations on secondary threads). Instead, require 
-        the caller to notify fastMalloc if it might allocate on a secondary thread.
-        
-        Also fixed what seemed like a race condition in do_malloc.
-        
-        tcmalloc_unittest and my custom versions of JS iBench and PLT show no
-        regressions.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocSetIsMultiThreaded): 
-        (1) Renamed from "fastMallocRegisterThread", which was a misleading name because 
-        not all threads need to register with fastMalloc -- only secondary threads 
-        need to, and only for the purpose of disabling its single-threaded optimization. 
-
-        (2) Use the pageheap_lock instead of a custom one, since we need to synchronize
-        with the read of isMultiThreaded inside CreateCacheIfNecessary. This is a new
-        requirement, now that we can't guarantee that the first call to CreateCacheIfNecessary
-        will occur on the main thread at init time, before any other threads have been created.
-
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        (WTF::do_malloc): Reverted WTF change only to call GetCache() if size <= kMaxSize.
-        The WTF code would read phinited without holding the pageheap_lock, which
-        seemed like a race condition. Regardless, calling GetCache reduces the number 
-        of code paths to module initialization, which will help in writing the 
-        final fix for this bug.
-
-2007-01-28  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=9815
-          JavaScript TypeError loading Dean Edwards' JS compressor/obfuscator
-
-        Creating a function using 'new Function()' was not setting its prototype with the
-        same flags as 'function() { }'.
-
-        Test: fast/js/function-prototype.html
-
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct): Change flags from DontEnum|DontDelete|ReadOnly to
-        Internal|DontDelete to match FuncDeclNode::processFuncDecl() and
-        FuncExprNode::evaluate() in kjs/nodes.cpp.
-
-2007-01-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Added some missing JSLocks, which might fix <rdar://problem/4889707>.
-
-        We need to lock whenever we might allocate memory because our FastMalloc
-        implementation requires clients to register their threads, which we do
-        through JSLock. 
-        
-        We also need to lock whenever modifying ref-counts because they're not 
-        thread-safe.
-
-        * API/JSObjectRef.cpp:
-        (JSClassCreate): Allocates memory
-        (JSClassRetain): Modifies a ref-count
-        (JSClassRelease): Modifies a ref-count
-        (JSPropertyNameArrayRetain): Modifies a ref-count
-        (JSPropertyNameArrayRelease): Modifies a ref-count
-        * API/JSStringRef.cpp:
-        (JSStringRetain): Modifies a ref-count
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor): Might allocate memory if an exception
-        is thrown.
-
-2007-01-27  Lars Knoll <lars@trolltech.com>
-
-        Fix the Qt build.
-
-        * bindings/qt/qt_instance.h:
-
-2007-01-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed <rdar://problem/4608404> WebScriptObject's _rootObject lack 
-        of ownership policy causes crashes (e.g., in Dashcode)
-        
-        The old model for RootObject ownership was either to (1) leak them or (2) assign
-        them to a single owner -- the WebCore::Frame -- which would destroy them 
-        when it believed that all of its plug-ins had unloaded.
-        
-        This model was broken because of (1) and also because plug-ins are not the only 
-        RootObject clients. All Bindings clients are RootObjects clients, including 
-        applications, which outlive any particular WebCore::Frame.
-        
-        The new model for RootObject ownership is to reference-count them, with a
-        throw-back to the old model: The WebCore::Frame tracks the RootObjects
-        it creates, and invalidates them when it believes that all of its plug-ins 
-        have unloaded.
-        
-        We maintain this throw-back to avoid plug-in leaks, particularly from Java.
-        Java is completely broken when it comes to releasing JavaScript objects. 
-        Comments in our code allege that Java does not always call finalize when 
-        collecting objects. Moreoever, my own testing reveals that, when Java does 
-        notify JavaScript of a finalize, the data it provides is totally bogus.
-        
-        This setup is far from ideal, but I don't think we can do better without
-        completely rewriting the bindings code, and possibly part of the Java
-        plug-in / VM.
-        
-        Layout tests pass. No additional leaks reported. WebCore/manual-tests/*liveconnect*
-        and a few LiveConnect demos on the web also run without a hitch.
-        
-        const RootObject* => RootObject*, since we need to ref/deref
-        
-        * bindings/NP_jsobject.cpp:
-        (jsDeallocate): deref our RootObjects. Also unprotect or JSObject, instead
-        of just relying on the RootObject to do it for us when it's invalidated.
-        (_isSafeScript): Check RootObject validity.
-        (_NPN_CreateScriptObject): ditto
-        (_NPN_Invoke): ditto
-        (_NPN_Evaluate): ditto
-        (_NPN_GetProperty): ditto
-        (_NPN_SetProperty): ditto
-        (_NPN_RemoveProperty): ditto
-        (_NPN_HasProperty): ditto
-        (_NPN_HasMethod): ditto
-        (_NPN_SetException): ditto
-
-        * bindings/runtime_root.cpp: 
-        Revived bit-rotted LIAR LIAR LIAR comment.
-        
-        LOOK: Added support for invalidating RootObjects without deleting them, 
-        which is the main goal of this patch. 
-
-        Moved protect counting into the RootObject class, to emphasize that 
-        the RootObject protects the JSObject, and unprotects it upon being invalidated.
-            addNativeReference => RootObject::gcProtect
-            removeNativeReference => RootObject::gcUnprotect
-            ProtectCountSet::contains => RootObject::gcIsProtected
-            
-        I know we'll all be sad to see the word "native" go.
-        
-        * bindings/runtime_root.h: Added ref-counting support to RootObject, with
-        all the standard accoutrements.
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant): If we can't find a valid RootObject,
-        return void instead of just leaking.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance): Don't take a RootObject in our constructor;
-        be like other Instances and require the caller to call setRootObject. This
-        reduces the number of ownership code paths.
-        (JavaInstance::invokeMethod): Check RootObject for validity.
-        * bindings/jni/jni_instance.h: Removed private no-arg constructor. Having
-        an arg constructor accomplishes the same thing.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::invoke): No need to call findProtectCountSet, because finalize()
-        checks for RootObject validity.
-        (JavaJSObject::JavaJSObject): check RootObject for validity
-        (JavaJSObject::call): ditto
-        (JavaJSObject::eval): ditto
-        (JavaJSObject::getMember): ditto
-        (JavaJSObject::setMember): ditto
-        (JavaJSObject::removeMember): ditto
-        (JavaJSObject::getSlot): ditto
-        (JavaJSObject::setSlot): ditto
-        (JavaJSObject::toString): ditto
-        (JavaJSObject::finalize): ditto
-        (JavaJSObject::createNative): No need to tell the RootObject to protect 
-        the global object, since the RootObject already owns the interpreter.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::JavaArray): Removed copy construcutor becaue it was unused.
-        Dead code is dangerous code.
-
-        * bindings/objc/objc_runtime.mm: Added WebUndefined protocol. Previous use
-        of WebScriptObject was bogus, because WebUndefined is not a subclass of
-        WebScriptObject.
-        (convertValueToObjcObject): If we can't find a valid RootObject,
-        return nil instead of just leaking.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue): If we can't find a valid RootObject,
-        return nil instead of just leaking.
-
-2007-01-27  Andrew Wellington  <proton@wiretapped.net>
-
-        Reviewed by Maciej.
-        
-        Fix for Repeated string concatenation results in OOM crash
-        http://bugs.webkit.org/show_bug.cgi?id=11131
-
-        * kjs/operations.cpp:
-        (KJS::add): Throw exception if string addition result is null
-        * kjs/ustring.cpp:
-        (KJS::UString::UString): Don't call memcpy when malloc failed
-
-2007-01-25  Jan Kraemer  <camel@gmx.de>
-
-        Reviewed by Maciej
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=12382
-
-        Fix crash on architectures with 32 bit ints and
-        64 bit longs (For example Linux on AMD64)
-
-        * kjs/dtoa.cpp: #define Long int as suggested in comment
-
-2007-01-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed up #include order for style. No review necessary.
-
-        * API/JSStringRef.cpp:
-
-2007-01-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Copy JSStringRefCF, in case anybody wants to use it. (I just added
-        it recently.)
-
-2007-01-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, trivial property change.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: remove svn:mime-type
-        property which made this binary.
-
-2007-01-25  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin.
-
-        * Info.plist: Update copyright string.
-
-2007-01-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Changed to /usr/sbin/sysctl
-        so we don't rely on people's paths.
-
-2007-01-23  Alice Liu  <alice.liu@apple.com>
-
-        release build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Copy APICasts.h
-
-2007-01-23  Geoffrey Garen  <ggaren@apple.com>
-
-        build fix
-
-        * API/JSStringRef.h:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-01-24  Mark Rowe  <mrowe@apple.com>
-
-        Build fix for DumpRenderTree.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Make JSStringRefCF.h public so it's copied into built framework.
-
-2007-01-23  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Copy APICasts.h
-
-2007-01-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed <rdar://problem/4885131> Move CFString function declarations from 
-        JSStringRef.h to JSStringRefCF.h
-        
-        Also removed remaining API FIXMEs and changed them into Radars.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass): Added Radar numbers for UTF8 conversion.
-
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Replaced FIXME for NULL JSContextRef with Radar number.
-
-        * API/JSObjectRef.h: Removed FIXME, which is unprofessional in a public header.
-
-        * API/JSStringRef.cpp: Moved CF related implementations to JSStringRefCF.cpp.
-        (JSStringCreateWithUTF8CString): Replaced FIXME with Radar number.
-        * API/JSStringRef.h: Moved CF related declarations to JSStringRefCF.h. Added
-        #include of JSStringRefCF.h as a stopgap until clients start #including
-        it as needed by themselves.
-
-        * API/JSStringRefCF.cpp: Added.
-        (JSStringCreateWithCFString):
-        (JSStringCopyCFString): Replaced JSChar cast with UniChar cast, which is 
-        more appropriate for a CF call.
-        * API/JSStringRefCF.h: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-01-18  Sanjay Madhav  <sanjay12@gmail.com>
-
-        Reviewed by Darin.
-
-        Add JavaScriptCore define to help with tracing of when objects are marked.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::mark):
-
-2007-01-18  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Zack.
-
-        * JavaScriptCore.pro: Remove generated files on make clean.
-        * pcre/pcre.pri:
-
-2007-01-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=12268
-        Give object prototypes their own names
-
-        * kjs/lookup.h: Append "Prototype" to ClassName in KJS_IMPLEMENT_PROTOTYPE.
-
-2007-01-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Added re-entrency checking to GC allocation and collection. It is an error
-        to allocate or collect from within a collection. We've had at least one 
-        case of each bug in the past.
-        
-        Added a comment to the API header, explaining that API clients must not
-        make this mistake, either.
-        
-        Layout tests and JS tests pass.
-
-        * API/JSObjectRef.h:
-        * kjs/collector.cpp:
-        (KJS::GCLock::GCLock):
-        (KJS::GCLock::~GCLock):
-        (KJS::Collector::allocate):
-        (KJS::Collector::collect):
-
-2007-01-14  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Mitz.
-
-        Minor fixes to JavaScript pretty-printing.
-
-        * JavaScriptCore.exp:
-        * kjs/Parser.cpp:
-        (KJS::Parser::prettyPrint): Return line number and error message if parsing fails.
-        * kjs/Parser.h:
-        * kjs/nodes2string.cpp:
-        (ElementNode::streamTo): Include comma delimiters in array literals.
-        (PropertyNameNode::streamTo): Quote property names in object literals to handle the case when the property name is not a valid identifier.
-        * kjs/testkjs.cpp:
-        (doIt): Print any errors encountered while pretty-printing.
-
-2007-01-12  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-
-        * wtf/HashTraits.h:
-        Add hash traits for unsigned long and unsigned long long.
-
-2007-01-12  Geoffrey Garen  <ggaren@apple.com>
-
-        RS by Brady Eidson.
-        
-        Rolling back in r18786 with leaks fixed, and these renames slightly reworked:
-
-        Because they can return 0:
-        rootObjectForImp => findRootObject (overloaded for JSObject* and Interpreter*)
-        rootObjectForInterpreter => findRootObject (ditto)
-        findReferenceSet => findProtectCountSet
-
-2007-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        RS by Brady Eidson.
-        
-        Rolling out r18786 because it caused leaks.
-
-2007-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Even more cleanup in preparation for fixing <rdar://problem/4608404> 
-        WebScriptObject's _executionContext lack of ownership policy causes 
-        crashes (e.g., in Dashcode)
-        
-        Layout tests pass.
-        
-        Renames:
-            ReferencesSet | ProtectCounts => ProtectCountSet (because it's a typename for a set of GC protect counts)
-            ReferencesByRootMap => RootObjectMap (because RootObjectToProtectCountSetMap would have been confusing)
-            pv => protectedValues
-            rootObjectForImp => getRootObject (overloaded for JSObject* and Interpreter*)
-            rootObjectForInterpreter => getRootObject (ditto)
-            findReferenceSet => getProtectCountSet
-            imp => jsObject
-        
-        (KJS::Bindings::getRootObjectMap): Changed to take advantage of built-in
-        facility for initializing static variables.
-
-        (KJS::Bindings::getProtectCountSet):
-        (KJS::Bindings::destroyProtectCountSet): Added. Helps encapsulate the fact
-        that getting a ProtectCountSet entails adding a RootObject to a hash table,
-        and destroying one entails the reverse.
-
-        (KJS::Bindings::getRootObject): Removed spurious NULL check.
-        
-        (KJS::Bindings::findReferenceSet): Renamed. Changed to use getRootObject()
-        instead of iterating on its own.
-
-        (KJS::Bindings::addNativeReference): Changed to use an early return instead
-        of indenting the whole function.
-        (KJS::Bindings::removeNativeReference): Ditto.
-
-2007-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Even more cleanup in preparation for fixing <rdar://problem/4608404> 
-        WebScriptObject's _executionContext lack of ownership policy causes 
-        crashes (e.g., in Dashcode)
-        
-        Layout tests pass.
-        
-        Renames:
-            findRootObjectForNativeHandleFunction => createRootObject
-            FindRootObjectForNativeHandleFunctionPtr => CreateRootObjectFunction
-            
-        Also removed unnecessary use of "Bindings::" prefix.
-
-        * JavaScriptCore.exp:
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::createNative):
-        (JavaJSObject::convertValueToJObject):
-        (JavaJSObject::convertJObjectToValue):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::RootObject::setCreateRootObject):
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::createRootObject):
-
-2007-01-11  George Staikos  <staikos@kde.org>
-
-        Reviewed by Maciej
-
-        Appears to be Mac specific right now.
-
-        * kjs/config.h:
-
-2007-01-10  Lars Knoll <lars@trolltech.com>
-
-        Reviewed by Zack
-
-        Use the new functionality in Qt 4.3, to make
-        the methods closer compliant with the Unicode
-        spec.
-
-        Keep the old code so that it still compiles against
-        Qt 4.2.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::isFormatChar):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isSeparatorSpace):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::isUpper):
-        (WTF::Unicode::digitValue):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::combiningClass):
-        (WTF::Unicode::decompositionType):
-        (WTF::Unicode::umemcasecmp):
-        (WTF::Unicode::direction):
-        (WTF::Unicode::category):
-
-2007-01-09  Darin Adler  <darin@apple.com>
-
-        - update 2007 Apple copyright for the new company name
-
-        * kjs/DateMath.cpp:
-
-2007-01-09  Darin Adler  <darin@apple.com>
-
-        - fix build
-
-        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction):
-        Actually compile it this time.
-
-2007-01-09  Darin Adler  <darin@apple.com>
-
-        - fix build
-
-        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction):
-        Change types.
-
-2007-01-09  Darin Adler  <darin@apple.com>
-
-        - fix build on platforms where Unicode::UChar is != uint16_t
-
-        * kjs/string_object.cpp: (KJS::StringProtoFunc::callAsFunction):
-        Change types.
-
-2007-01-09  Mitz Pettel  <mitz@webkit.org>
-
-        Reviewed by Darin.
-
-        - changes for http://bugs.webkit.org/show_bug.cgi?id=11078
-          Forms Don't Submit (ASP Pages)
-
-        * JavaScriptCore.exp:
-        * kjs/value.cpp:
-        (KJS::JSValue::toInt32): Folded toInt32Inline into this method, which was its
-        only caller.
-        (KJS::JSValue::toUInt32): Added a variant that reports if the conversion has
-        succeeded.
-        * kjs/value.h:
-
-2007-01-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=12174
-          improve Unicode use (less WTF::Unicode:: prefix, centralized character names)
-
-        * wtf/unicode/icu/UnicodeIcu.h: Change parameter and return types
-        to UChar32 and UChar. Removed unneeded type casts and added some
-        const to functions that lacked it. Removed WTF::Unicode::memcmp.
-        (WTF::Unicode::umemcasecmp): Renamed from strcasecmp since this
-        doesn't work on 0-terminated strings as the str functions do.
-        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
-
-        - got rid of namespace prefixes from most uses of WTF::Unicode
-
-        * kjs/function.cpp:
-        (KJS::isStrWhiteSpace):
-        (KJS::escapeStringForPrettyPrinting):
-        * kjs/lexer.cpp:
-        (KJS::Lexer::isWhiteSpace):
-        (KJS::Lexer::isIdentStart):
-        (KJS::Lexer::isIdentPart):
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFunc::callAsFunction):
-
-2007-01-07  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=11917
-          setlocale() can return null
-
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::callAsFunction): Removed dead code.
-
-2007-01-07  David Carson  <dacarson@gmail.com>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=12100
-          JNI bindings should be available to non-Mac platforms that have JNI
-
-        Change JNI so that it is not wrapped in the PLATFORM(MAC) ifdef, enabling
-        other platforms who have JNI to use it.
-
-        * bindings/jni/jni_instance.h:  
-          Removed unnecessary include of <CoreFoundation/CoreFoundation.h>
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::setJavaVM):
-        * bindings/jni/jni_utility.h:
-          Added new method for clients to set the JavaVM
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-          Changed code to utilize new #if HAVE(JNI)
-        * kjs/config.h:
-          Added new #define for JNI, ie HAVE_JNI
-
-2007-01-07  David Carson  <dacarson@gmail.com>
-
-        Reviewed by Darin.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=11431
-        ARM platform has some byte alignment issues
-
-        Fix for NaN being 4 bytes and it must start on a byte boundary
-        for ARM architectures.
-
-        * kjs/fpconst.cpp:
-        (KJS::):
-
-2007-01-04  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by Kevin McCullough.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=12070
-          REGRESSION: KJS::getUTCOffset() caches UTC offset but ignores time zone changes
-
-        * kjs/DateMath.cpp:
-        (KJS::getUTCOffset): Don't cache UTC offset.
-
-2007-01-02  Darin Adler  <darin@apple.com>
-
-        - minor tweak (hope this doesn't re-break Windows)
-
-        * pcre/pcre_compile.c: Removed use of const pcre_uchar const * -- Mitz probably
-        meant const pcre_uchar *const, but I think we can do without the explicit const here.
-
-        * pcre/pcre_internal.h: Re-enabled warning C4114.
-
-2007-01-02  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by NOBODY (Windows build fix).
-
-        The MSVC compiler requires variables to be declared at the top of the enclosing block in C source.
-
-        Disable this warning to prevent MSVC from complaining about the 'const pcre_uchar const *' type:
-        warning C4114: same type qualifier used more than once
-
-        * pcre/pcre_compile.c:
-        (pcre_compile2): Moved variable declarations to top of their respective enclosing blocks.
-        * pcre/pcre_internal.h: Added pragma to disable compiler warning.
-
-2007-01-01  Mitz Pettel  <mitz@webkit.org>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=11849
-          REGRESSION (r18182): Google Calendar is broken (a regular expression containing a null character is not parsed correctly)
-
-        Modified pcre_compile() (and the functions that it calls) to work with patterns
-        containing null characters.
-
-        Covered by JavaScriptCore tests ecma_3/RegExp/octal-002.js and ecma_3/RegExp/regress-85721.js
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Changed to not null-terminate the pattern string and instead
-        pass its length to pcre_compile.
-        * pcre/pcre.h:
-        * pcre/pcre_compile.c:
-        (check_escape):
-        (get_ucp):
-        (is_counted_repeat):
-        (check_posix_syntax):
-        (compile_branch):
-        (compile_regex):
-        (pcre_compile): Added a parameter specifying the length of the pattern, which
-        is no longer required to be null-terminated and may contain null characters. 
-        (pcre_compile2):
-        * pcre/pcre_internal.h:
-        * tests/mozilla/expected.html: Updated for the two tests that this patch
-        fixes. Also updated failing results for ecma_3/RegExp/regress-100199.js
-        which were not updated after bug 6257 was fixed.
-
-2007-01-01  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=12057
-          REGRESSION: JavaScript Date Is One Day In The Future in GMT time zone
-
-        Because Mac OS X returns geographically and historically accurate time zone information,
-        converting Jan 02, 1970 12:00:00 AM to local time then subtracting 24 hours did not work
-        in GMT (London - England) since it was in BST (+0100) all year in 1970[1].  Instead, the
-        UTC offset is calculated by converting Jan 01, 2000 12:00:00 AM to local time then
-        subtracting that from the same date in UTC.
-
-        [1] http://en.wikipedia.org/wiki/British_Summer_Time
-
-        * kjs/DateMath.cpp:
-        (KJS::getUTCOffset): Updated UTC offset calculation.
-        (KJS::getDSTOffset): Improved comment.
-
-2006-12-31  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by Geoff.
-
-        Update embedded pcre library from version 6.2 to 6.4.  Changes from pcre 6.2 to 6.3
-        did not include any files in JavaScriptCore/pcre.
-
-        All changes include renaming EXPORT to PCRE_EXPORT, renaming of ucp_findchar() to
-        _pcre_ucp_findchar(), or comment changes.  Additional changes noted below.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Updated source file list.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Renamed pcre_printint.c to pcre_printint.src
-        and changed it from a source file to a header file.
-        * JavaScriptCoreSources.bkl: Updated source file list.
-        * pcre/CMakeLists.txt: Updated source file list.
-        * pcre/pcre-config.h:
-        * pcre/pcre.h: Updated version.
-        * pcre/pcre.pri: Updated source file list.
-        * pcre/pcre_compile.c: Include pcre_printint.src #if DEBUG.
-        (pcre_compile2):
-        * pcre/pcre_config.c:
-        * pcre/pcre_exec.c:
-        (match):
-        * pcre/pcre_fullinfo.c:
-        * pcre/pcre_info.c:
-        * pcre/pcre_internal.h: Added header guard.  Removed export of _pcre_printint().
-        * pcre/pcre_ord2utf8.c:
-        * pcre/pcre_printint.c: Renamed to pcre_printint.src.
-        * pcre/pcre_printint.src: Added.  Renamed _pcre_printint() to pcre_printint().
-        * pcre/pcre_refcount.c:
-        * pcre/pcre_study.c:
-        * pcre/pcre_tables.c:
-        * pcre/pcre_try_flipped.c:
-        * pcre/pcre_ucp_findchar.c: Added contents of ucp_findchar.c.
-        * pcre/pcre_version.c:
-        * pcre/pcre_xclass.c:
-        (_pcre_xclass):
-        * pcre/ucp.h: Removed export of ucp_findchar().
-        * pcre/ucp_findchar.c: Removed.  Contents moved to pcre_ucp_findchar.c.
-
-2006-12-29  David Kilzer  <ddkilzer@webkit.org>
-
-        Reviewed by Geoff.
-
-        Update embedded pcre library from version 6.1 to 6.2.  From the pcre ChangeLog:
-
-        3. Added "b" to the 2nd argument of fopen() in dftables.c, for non-Unix-like
-           operating environments where this matters.
-
-        5. Named capturing subpatterns were not being correctly counted when a pattern
-           was compiled. This caused two problems: (a) If there were more than 100
-           such subpatterns, the calculation of the memory needed for the whole
-           compiled pattern went wrong, leading to an overflow error. (b) Numerical
-           back references of the form \12, where the number was greater than 9, were
-           not recognized as back references, even though there were sufficient
-           previous subpatterns.
-
-        * pcre/dftables.c: Item 3.
-        (main):
-        * pcre/pcre.h: Updated version.
-        * pcre/pcre_compile.c: Item 5.
-        (read_repeat_counts):
-        (pcre_compile2):
-
-2006-12-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Brian Dash... err... Mark Rowe.
-
-        More cleanup in preparation for fixing <rdar://problem/4608404> 
-        WebScriptObject's _executionContext lack of ownership policy causes 
-        crashes (e.g., in Dashcode)
-        
-        The key change here is to RootObject::RootObject().
-        
-        * JavaScriptCore.exp:
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant): Changed to use new constructor.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::createNative): Changed to use new constructor. Replaced
-        large 'if' followed by default condition with "if !" and explicit default
-        condition.
-
-        * bindings/objc/objc_runtime.mm:
-        (convertValueToObjcObject): Changed to use new constructor.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::RootObject::destroy): "removeAllNativeReferences" => "destroy"
-        because this function actually destroys the RootObject.
-
-        * bindings/runtime_root.h: Changed Interpreter* to RefPtr<Interpreter>
-        to prevent a RootObject from holding a stale Interperter*.
-        
-        (KJS::Bindings::RootObject::RootObject): Changed constructor to take an 
-        Interpreter*, since it's pointless to create a RootObject without one.
-        Removed setRootObjectImp() and rootObjectImp() because they were just
-        a confusing way of setting and getting the Interpreter's global object.
-
-        (KJS::Bindings::RootObject::nativeHandle): "_nativeHandle" => "m_nativeHandle"
-        (KJS::Bindings::RootObject::interpreter): "_interpreter" => "m_interpreter"
-
-2006-12-28  George Staikos  <staikos@kde.org>
-
-        Reviewed by Olliej.
-
-        * bindings/qt/qt_instance.cpp: build
-        (KJS::Bindings::QtInstance::QtInstance):
-
-2006-12-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        More cleanup. Layout tests pass.
-        
-        Use a helper function to initialize and access WebUndefined and WebScriptObject.
-
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (KJS::Bindings::webScriptObjectClass):
-        (KJS::Bindings::webUndefinedClass):
-        (convertValueToObjcObject):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-
-2006-12-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Brady Eidson.
-        
-        Some cleanup in preparation for fixing <rdar://problem/4608404> 
-        WebScriptObject's _executionContext lack of ownership policy causes 
-        crashes (e.g., in Dashcode)
-        
-        I'm just trying to make heads or tails of this baffling code.
-        
-        Renamed "root" | "execContext" | "executionContext" => "rootObject", because
-        that's the object's (admittedly vague) type name.
-        
-        * bindings/runtime.cpp: Removed createLanguageInstanceForValue
-        because I'll give you a dollar if you can explain to me what it actually did.
-        
-        * bindings/runtime_root.cpp: Put everything in the KJS::Bindings namespace,
-        removing the KJS::Bindings prefix from individual functions and datatypes.
-        This matches the header and eliminates a lot of syntax cruft.
-        
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant): Replaced use of createLanguageInstanceForValue
-        with call to _NPN_CreateScriptObject because that's what createLanguageInstanceForValue
-        actually did (but don't ask me for that dollar now; that's cheating.)
-
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue): Removed. Its only purpose was 
-        to call a single function for WebKit, which WebKit can do on its own.
-
-        * kjs/interpreter.h: Removed rtti() because it was unused, and this class
-        is scheduled for demolition anyway.
-        
-        * kjs/interpreter.cpp: Removed createLanguageInstanceForValue because it had
-        nothing to do with the Interpreter, and nothing makes Chuck Norris more mad
-        than a function whose sole purpose is to call another function of the same
-        name. (Really, I asked him.)
-
-2006-12-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Some cleanup in preparation for fixing <rdar://problem/4740328> Safari 
-        crash on quit in _NPN_ReleaseObject from KJS::Bindings::CInstance::~CInstance
-
-        * bindings/c/c_instance.cpp:
-        * bindings/c/c_instance.h: Removed unused copy constructor and assignment
-        operator. They made tracking data flow more difficult. Unused code is also 
-        dangerous because it can succumb to bit rot with the stealth of a Ninja.
-        
-        Replaced #include with forward declaration to reduce header dependency.
-        
-        * bindings/npruntime.cpp: Sorted #includes.
-        (_NPN_GetStringIdentifier): Replaced assert with ASSERT.
-        (_NPN_GetStringIdentifiers): ditto
-        (_NPN_ReleaseVariantValue): ditto
-        (_NPN_CreateObject): ditto
-        (_NPN_RetainObject): ditto
-        (_NPN_ReleaseObject): ditto
-        (_NPN_DeallocateObject): ditto
-
-2006-12-20  Anders Carlsson  <acarlsson@apple.com>
-
-        * kjs/string_object.cpp:
-        (localeCompare):
-        Another speculative Win32 fix.
-
-2006-12-20  Anders Carlsson  <acarlsson@apple.com>
-
-        * kjs/string_object.cpp:
-        (localeCompare):
-        Speculative Win32 fix.
-
-2006-12-20  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4235733>
-        <http://bugs.webkit.org/?show_bug.cgi?id=10193>
-        support String.localeCompare.
-        
-        Implement localeCompare.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/string_object.cpp:
-        (localeCompare):
-        (StringProtoFunc::callAsFunction):
-        * kjs/string_object.h:
-        (KJS::StringProtoFunc::):
-
-2006-12-20  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: use GCC 4.0 for all the other test targets
-
-2006-12-20  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/4871613> JavaScriptCore-421.31's dftables target needs to override default compiler and use gcc-4.0
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-12-20  Lars Knoll <lars@trolltech.com>
-
-        Reviewed by David Hyatt
-
-        Added support to bind QObject's to 
-        JavaScript.
-
-        * JavaScriptCore.pro:
-        * bindings/qt/qt_class.cpp: Added.
-        (KJS::Bindings::QtClass::QtClass):
-        (KJS::Bindings::QtClass::~QtClass):
-        (KJS::Bindings::QtClass::classForObject):
-        (KJS::Bindings::QtClass::name):
-        (KJS::Bindings::QtClass::methodsNamed):
-        (KJS::Bindings::QtClass::fieldNamed):
-        * bindings/qt/qt_class.h: Added.
-        (KJS::Bindings::QtClass::constructorAt):
-        (KJS::Bindings::QtClass::numConstructors):
-        * bindings/qt/qt_instance.cpp: Added.
-        (KJS::Bindings::QtInstance::QtInstance):
-        (KJS::Bindings::QtInstance::~QtInstance):
-        (KJS::Bindings::QtInstance::operator=):
-        (KJS::Bindings::QtInstance::getClass):
-        (KJS::Bindings::QtInstance::begin):
-        (KJS::Bindings::QtInstance::end):
-        (KJS::Bindings::QtInstance::implementsCall):
-        (KJS::Bindings::QtInstance::invokeMethod):
-        (KJS::Bindings::QtInstance::invokeDefaultMethod):
-        (KJS::Bindings::QtInstance::defaultValue):
-        (KJS::Bindings::QtInstance::stringValue):
-        (KJS::Bindings::QtInstance::numberValue):
-        (KJS::Bindings::QtInstance::booleanValue):
-        (KJS::Bindings::QtInstance::valueOf):
-        * bindings/qt/qt_instance.h: Added.
-        (KJS::Bindings::QtInstance::getObject):
-        * bindings/qt/qt_runtime.cpp: Added.
-        (KJS::Bindings::convertValueToQVariant):
-        (KJS::Bindings::convertQVariantToValue):
-        (KJS::Bindings::QtField::name):
-        (KJS::Bindings::QtField::valueFromInstance):
-        (KJS::Bindings::QtField::setValueToInstance):
-        * bindings/qt/qt_runtime.h: Added.
-        (KJS::Bindings::QtField::QtField):
-        (KJS::Bindings::QtField::type):
-        (KJS::Bindings::QtMethod::QtMethod):
-        (KJS::Bindings::QtMethod::name):
-        (KJS::Bindings::QtMethod::numParameters):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::):
-        * bindings/testbindings.pro: Added.
-        * bindings/testqtbindings.cpp: Added.
-        (MyObject::MyObject):
-        (MyObject::setTestString):
-        (MyObject::setTestInt):
-        (MyObject::testString):
-        (MyObject::testInt):
-        (MyObject::foo):
-        (Global::className):
-        (main):
-
-2006-12-19  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-
-        Add -p option to testkjs which pretty prints the files instead of executing them.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/Parser.cpp:
-        (KJS::Parser::prettyPrint):
-        * kjs/Parser.h:
-        * kjs/testkjs.cpp:
-        (doIt):
-
-2006-12-19  Brady Eidson  <beidson@apple.com>
-
-        Rubberstamped by Lou
-        
-        Removed unneccessary "else"
-
-        * wtf/Assertions.cpp:
-
-2006-12-19  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4891774> Local WebCore/WebBrowser builds fail in 9A328 due to warning about ObjC-2.0 language features
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-12-17  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Zack.
-
-        * kjs/testkjs.pro: Oops, make it also build on machines other than
-        mine :)
-
-2006-12-17  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Rob Buis.
-
-        * kjs/testkjs.pro: Added .pro file to build testkjs.
-
-2006-12-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Rob.
-
-        A deleted object was accessed to prepare RegExp construction error messages.
-
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::construct): Wrap the RegExp into an OwnPtr.
-
-2006-12-16  Mitz Pettel  <mitz@webkit.org>
-
-        Reviewed by Alexey.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=11814
-          REGRESSION(r18098): Find does not work with capital letters
-
-        Test: editing/execCommand/findString-3.html
-
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::foldCase): Changed to not return an error if the result fits
-        in the buffer without a null terminator.
-
-2006-12-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Anders.
-        
-        - added equality and inequality operations for HashMap and Vector, useful for comparing more complex types
-
-        * wtf/HashMap.h:
-        (WTF::operator==):
-        (WTF::operator!=):
-        * wtf/Vector.h:
-        (WTF::operator==):
-        (WTF::operator!=):
-
-2006-12-12  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff. Based on a patch by Maks Orlovich.
-
-        http://bugs.webkit.org/show_bug.cgi?id=6257
-        Throw errors on invalid expressions (KJS merge)
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        (KJS::RegExp::~RegExp):
-        (KJS::RegExp::match):
-        * kjs/regexp.h:
-        (KJS::RegExp::flags):
-        (KJS::RegExp::isValid):
-        (KJS::RegExp::errorMessage):
-        (KJS::RegExp::subPatterns):
-        Remember and report RegExp construction failures. Renamed data members not to start with underscores.
-
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::construct): Raise an exception if RegExp construction fails.
-        (RegExpObjectImp::callAsFunction): Removed an obsolete comment.
-
-        * tests/mozilla/ecma_3/RegExp/regress-119909.js: Reduced the number of nested parentheses to 
-        a value supported by PCRE.
-
-2006-12-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=9673
-        Add support for window.atob() and window.btoa()
-
-        * JavaScriptCore.exp: Export UString::is8Bit().
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added StringExtras.h as 
-        a private header.
-
-2006-12-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Brady.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Let Xcode update this
-        (I think Hyatt is using an old Xcode).
-
-2006-12-11  David Hyatt  <hyatt@apple.com>
-
-        Fix the failing layout test.  Just remove Unicode::isSpace and
-        revert StringImpl to do the same thing it was doing before.
-
-        Reviewed by darin
-
-        * wtf/unicode/icu/UnicodeIcu.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2006-12-09  George Staikos  <staikos@kde.org>
-
-        Reviewed by Zack.
-
-        Fix bison again on qmake build.
-
-        * JavaScriptCore.pro:
-
-2006-12-09  Lars Knoll <lars@trolltech.com>
-
-        Reviewed by Zack
-
-        Make it possible to build WebKit with qmake.
-
-        * JavaScriptCore.pro: Added.
-        * kjs/kjs.pro: Removed.
-        * pcre/pcre.pri: Added.
-
-2006-12-09  Zack Rusin  <zack@kde.org>
-
-        Fixing the compilation with platform kde after the icu changes.
-
-        * CMakeLists.txt:
-
-2006-12-09  Adam Roben  <aroben@apple.com>
-
-        Reviewed by Darin.
-
-        Some updates in reaction to r18098.
-
-        * wtf/unicode/icu/UnicodeIcu.h: Use !! to convert UBool to bool in all
-        cases.
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::isSpace):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::isUpper):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2006-12-09  George Staikos  <staikos@kde.org>
-
-        Patch by Lars Knoll, comment out ICU dependency on Qt platform (unused code).
-
-        Reviewed by Darin.
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16):
-
-2006-12-08  David Hyatt  <hyatt@apple.com>
-
-        Land the new ICU abstraction layer.  Patch by Lars.
-
-        Reviewed by me
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Platform.h:
-        * wtf/unicode/UnicodeCategory.h: Removed.
-        * wtf/unicode/UnicodeDecomposition.h: Removed.
-        * wtf/unicode/UnicodeDirection.h: Removed.
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::isSpace):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::category):
-        (WTF::Unicode::direction):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::isUpper):
-        (WTF::Unicode::digitValue):
-        (WTF::Unicode::combiningClass):
-        (WTF::Unicode::decompositionType):
-        (WTF::Unicode::strcasecmp):
-        (WTF::Unicode::memset):
-        * wtf/unicode/qt4/UnicodeQt4.cpp: Removed.
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::):
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::isUpper):
-        (WTF::Unicode::digitValue):
-        (WTF::Unicode::combiningClass):
-        (WTF::Unicode::decompositionType):
-        (WTF::Unicode::strcasecmp):
-        (WTF::Unicode::memset):
-        (WTF::Unicode::direction):
-        (WTF::Unicode::category):
-
-=== Safari-521.32 ===
-
-2006-12-08  Adam Roben  <aroben@apple.com>
-
-        Reviewed by Anders.
-
-        This is a mo' better fix for ensuring we don't use macro definitions
-        of min/max.
-
-        * kjs/config.h:
-        * wtf/Vector.h:
-
-2006-12-07  Kevin Fyure  <digdog@macports.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=11545
-        Disable the testcases do not follow the ECMA-262v3 specification.
-        
-        * tests/mozilla/expected.html: Update Results.
-        * tests/mozilla/js1_2/String/concat.js:
-        4 tests disabled. The result of concat Array object is not followinig
-        ECMA 15.5.4.6
-        * tests/mozilla/js1_2/function/Number.js:
-        1 test disabled. The result of Array object to Number object conversion 
-        is not following ECMA 9.3. And the test was duplicated in 
-        ecma/TypeConversion/9.3-1.js
-        * tests/mozilla/js1_2/function/String.js:
-        2 tests disabled. The result of Object/Array object to String object 
-        conversion is not following ECMA 15.5.1.1 and ECMA 9.8
-
-2006-11-30  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Oliver.
-        
-        Move WTF from JavaScriptCore project into a new WTF project.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTF.vcproj to sln
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Remove WTF source files
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Add dependency on WTF.lib
-
-2006-11-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Fixed up garbage collection at window close time.
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::~Interpreter): Garbage collect here, since
-        destroying the interpreter frees the global object and 
-        therefore creates a lot of garbage.
-
-2006-11-20  W. Andy Carrel  <wac@google.com>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=11501
-        REGRESSION: \u no longer escapes metacharacters in RegExps
-        http://bugs.webkit.org/show_bug.cgi?id=11502
-        Serializing RegExps doesn't preserve Unicode escapes
-
-        * kjs/lexer.cpp:
-        (Lexer::Lexer):
-        (Lexer::setCode):
-        (Lexer::shift):
-        (Lexer::scanRegExp):
-        Push \u parsing back down into the RegExp object rather than in the
-        parser. This backs out r17354 in favor of a new fix that better 
-        matches the behavior of other browsers.
-
-        * kjs/lexer.h:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        (KJS::sanitizePattern):
-        (KJS::isHexDigit):
-        (KJS::convertHex):
-        (KJS::convertUnicode):
-        * kjs/regexp.h:
-        Translate \u escaped unicode characters for the benefit of pcre.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::append):
-        Fix failure to increment length on the first UChar appended to a 
-        UString that was copy-on-write.
-
-        * tests/mozilla/ecma_2/RegExp/properties-001.js:
-        Adjust tests back to the uniform standards.
-
-2006-11-20  Samuel Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej.
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=11647
-        Fix Win32 build
-
-        * kjs/config.h: define NOMINMAX instead of min/max
-        as themselves.
-        * wtf/Vector.h: put back hack to ensure that min/max
-        are not defined as macros.
-
-2006-11-19  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Zack.
-
-        http://bugs.webkit.org/show_bug.cgi?id=11649
-        Fix CMake Qt-only build without KDE CMake files
-
-        * CMakeLists.txt:
-        * pcre/CMakeLists.txt:
-
-2006-11-17  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Adam.
-
-        Make sure that we always use std::min and std::max instead of macros.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * kjs/config.h:
-        * wtf/Vector.h:
-
-=== Safari-521.31 ===
-
-2006-11-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Added project-wide setting to disable Microsoft's made-up deprecation 
-        warnings related to std:: functions. (Doesn't have any affect yet,
-        since we currently disable all deprecation warnings.)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2006-11-12  Mark Rowe  <bdash@webkit.org>
-
-        Reviewed by Mitz.
-
-        Clean up of JavaScriptCore bakefiles.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-
-2006-11-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=11508
-        Undisable some warnings for JSImmediate.h
-
-        Fix suggested by Don Gibson.
-
-        * kjs/JSImmediate.h:
-        Re-enable all MSVC warnings, move the remaining runtime checks
-        to compile-time.
-
-2006-11-10  Zalan Bujtas  <zalan.bujtas@nokia.com>
-
-        Reviewed by Maciej.
-
-        Added s60/symbian platform defines.
-        http://bugs.webkit.org/show_bug.cgi?id=11540
-
-        * wtf/Platform.h:
-
-=== Safari-521.30 ===
-
-2006-11-08  Ada Chan  <adachan@apple.com>
-
-        Reviewed by darin.
-        
-        Added a method to delete all the keys in a HashMap.
-
-        * wtf/HashMap.h:
-        (WTF::deleteAllPairFirsts):
-        (WTF::deleteAllKeys):
-
-2006-11-07  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        Initialize cachedPrototype to 0.
-
-2006-11-06  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Maciej.
-
-        Remove warning about garbage after #else. #else clause applies for all
-        non-mac platforms, not only win.
-
-        * kjs/date_object.cpp:
-
-2006-11-06  Mark Rowe  <bdash@webkit.org>
-
-        Reviewed by the wonderful Mitz Pettel.
-
-        http://bugs.webkit.org/show_bug.cgi?id=11524
-        Bug 11524: REGRESSION(r9842): Array.prototype.join should use ToString operator rather than calling toString on each element
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): Use ToString operator on each element rather than calling their toString method.
-
-2006-11-03  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix build
-
-        * kjs/JSImmediate.h:
-
-2006-11-03  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=11504
-        Fix warnings on non 32 bit platforms
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::NanAsBits):
-        (KJS::JSImmediate::oneAsBits):
-        Rewrite in a way that moves runtime checks to compile-time.
-
-        (KJS::):
-        (KJS::JSImmediate::fromDouble):
-        (KJS::JSImmediate::toDouble):
-
-2006-11-02  George Staikos <staikos@kde.org>
-
-        Reviewed by Maciej.
-
-        * collector.cpp:
-        Remove a deprecated pthreads call.
-
-2006-11-02  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Maciej, landed by Anders.
-
-        * CMakeLists.txt:
-        Make KDE support optional.
-
-2006-11-01  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Brady.
-
-        - Fixes many JavaScriptCore tests in other timezones.  The root problem is that on mac localtime() returns historically accurate information for DST, but the JavaScript spec explicitly states to not take into account historical information but rather to interpolate from valid years.
-
-        * kjs/DateMath.cpp:
-        (KJS::equivalentYearForDST):
-        (KJS::getDSTOffsetSimple):
-        (KJS::getDSTOffset):
-
-2006-10-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=11477
-        REGRESSION: GMail crashes in KJS::FunctionImp::callerGetter
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::argumentsGetter): Removed unnecessary braces.
-        (KJS::FunctionImp::callerGetter): More logical NULL checking.
-
-2006-10-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Adding definition for PLATFORM(CI)
-
-        * wtf/Platform.h:
-
-2006-10-31  Vladimir Olexa  <vladimir.olexa@gmail.com>
-
-        Reviewed by Geoff.
-
-        http://bugs.webkit.org/show_bug.cgi?id=4166
-        Function object does not support caller property
-
-        Test: fast/js/caller-property.html
-
-        * kjs/function.cpp: 
-        (KJS::FunctionImp::callerGetter): added
-        (KJS::FunctionImp::getOwnPropertySlot): added if statement to handle callerGetter()
-        * kjs/function.h: added callerGetter() declaration
-        * kjs/identifier.h: added caller property macro
-        * tests/mozilla/expected.html: 
-
-2006-10-30  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Adam.
-
-        - Fix some timezone issues and JavaScriptCore date tests.  Addresses bugzilla 4930.
-
-        * kjs/DateMath.h:
-        (KJS::GregorianDateTime::GregorianDateTime): Here's the fix, to add parenthesis for order of precedence.
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::callAsFunction): 
-        (KJS::DateObjectImp::construct): memset not needed as GregorianDateTime initializes itself.
-
-2006-10-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        * kjs/SavedBuiltins.h: Added needed include.
-        * wtf/OwnPtr.h: (WTF::OwnPtr::set): Fixed mistake in assertion.
-
-2006-10-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - renamed PassRefPtr::release to releaseRef to make it clearer that
-          it's the counterpart of adoptRef, and to make it harder to confuse
-          it with the safer-to-use RefPtr::release
-
-        * kjs/identifier.cpp:
-        (KJS::CStringTranslator::translate):
-        (KJS::UCharBufferTranslator::translate):
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::create):
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::PassRefPtr):
-        (WTF::PassRefPtr::~PassRefPtr):
-        (WTF::PassRefPtr::get):
-        (WTF::PassRefPtr::releaseRef):
-        (WTF::PassRefPtr::operator->):
-        (WTF::PassRefPtr::operator=):
-        (WTF::adoptRef):
-        (WTF::static_pointer_cast):
-        (WTF::const_pointer_cast):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::RefPtr):
-        (WTF::RefPtr::operator=):
-
-2006-10-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Steve.
-
-        * kjs/grammar.y: Add definitions of YYMALLOC and YYFREE to fix
-        a warning some people see (not sure why others don't see it).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/grammarWrapper.cpp: Touch
-        this file to force it to re-build grammar.cpp.
-
-2006-10-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - made changes so the code compiles with the highest warning level
-          under MSVC (disabling some warnings, making some code fixes)
-
-        * API/JSCallbackConstructor.cpp:
-        (KJS::JSCallbackConstructor::construct):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::init):
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::callAsFunction):
-        * API/JSObjectRef.cpp:
-        (JSPropertyNameArrayGetNameAtIndex):
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithCharacters):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16):
-        (KJS::Bindings::coerceValueToNPVariantStringType):
-        (KJS::Bindings::convertValueToNPVariant):
-        * kjs/DateMath.h:
-        (KJS::GregorianDateTime::GregorianDateTime):
-        * kjs/ExecState.h:
-        (KJS::ExecState::hadException):
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::fromDouble):
-        (KJS::JSImmediate::toDouble):
-        (KJS::JSImmediate::NanAsBits):
-        (KJS::JSImmediate::oneAsBits):
-        * kjs/Parser.h:
-        * kjs/PropertyNameArray.h:
-        (KJS::PropertyNameArray::size):
-        * kjs/array_object.cpp:
-        (ArrayObjectImp::callAsFunction):
-        * kjs/bool_object.cpp:
-        (BooleanObjectImp::callAsFunction):
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::markCurrentThreadConservatively):
-        (KJS::Collector::collect):
-        * kjs/completion.h:
-        (KJS::Completion::isValueCompletion):
-        * kjs/date_object.cpp:
-        (KJS::findMonth):
-        * kjs/debugger.cpp:
-        (Debugger::sourceParsed):
-        (Debugger::sourceUnused):
-        (Debugger::exception):
-        (Debugger::atStatement):
-        (Debugger::callEvent):
-        (Debugger::returnEvent):
-        * kjs/dtoa.cpp:
-        * kjs/error_object.cpp:
-        (ErrorObjectImp::callAsFunction):
-        (NativeErrorImp::callAsFunction):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::processVarDecls):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function_object.cpp:
-        (FunctionPrototype::callAsFunction):
-        * kjs/grammar.y:
-        * kjs/identifier.cpp:
-        (KJS::CStringTranslator::translate):
-        (KJS::Identifier::add):
-        * kjs/internal.h:
-        * kjs/lexer.cpp:
-        (Lexer::lex):
-        (Lexer::isIdentStart):
-        (Lexer::isIdentPart):
-        (isDecimalDigit):
-        (Lexer::isHexDigit):
-        (Lexer::isOctalDigit):
-        (Lexer::matchPunctuator):
-        (Lexer::singleEscape):
-        (Lexer::convertOctal):
-        (Lexer::convertHex):
-        (Lexer::convertUnicode):
-        (Lexer::record8):
-        * kjs/lexer.h:
-        * kjs/math_object.cpp:
-        (MathFuncImp::callAsFunction):
-        * kjs/number_object.cpp:
-        (integer_part_noexp):
-        (intPow10):
-        (NumberProtoFunc::callAsFunction):
-        (NumberObjectImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::JSObject::deleteProperty):
-        (KJS::JSObject::callAsFunction):
-        (KJS::JSObject::toBoolean):
-        (KJS::JSObject::toObject):
-        * kjs/object.h:
-        (KJS::JSObject::getPropertySlot):
-        * kjs/property_map.cpp:
-        (KJS::isValid):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::insert):
-        (KJS::PropertyMap::containsGettersOrSetters):
-        * kjs/property_map.h:
-        (KJS::PropertyMap::hasGetterSetterProperties):
-        * kjs/property_slot.h:
-        * kjs/string_object.cpp:
-        (StringInstance::getPropertyNames):
-        (StringObjectImp::callAsFunction):
-        (StringObjectFuncImp::callAsFunction):
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::computeHash):
-        (KJS::UString::UString):
-        (KJS::UString::from):
-        (KJS::UString::append):
-        (KJS::UString::ascii):
-        (KJS::UString::operator=):
-        (KJS::UString::find):
-        (KJS::UString::rfind):
-        * kjs/ustring.h:
-        (KJS::UChar::high):
-        (KJS::UChar::low):
-        (KJS::UCharReference::low):
-        (KJS::UCharReference::high):
-        * kjs/value.cpp:
-        (KJS::JSValue::toUInt16):
-        * kjs/value.h:
-        * pcre/pcre_compile.c:
-        (get_othercase_range):
-        * pcre/pcre_exec.c:
-        (match):
-        * pcre/pcre_internal.h:
-        * wtf/HashFunctions.h:
-        (WTF::intHash):
-        (WTF::PtrHash::hash):
-        * wtf/MathExtras.h:
-        (isnan):
-        (lround):
-        (lroundf):
-        * wtf/StringExtras.h:
-        (strncasecmp):
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::isPrintableChar):
-
-2006-10-26  W. Andy Carrel  <wac@google.com>
-
-        Reviewed by Maciej.
-
-        - Fix http://bugs.webkit.org/show_bug.cgi?id=7445 /
-          <rdar://problem/4614195> (and 7253 / <rdar://4694011>) by changing
-          inline regexps so that they can have \u escaped Unicode sequences and
-          still work properly.
-
-        * kjs/lexer.cpp:
-        (Lexer::Lexer): 
-        (Lexer::setCode):
-        (Lexer::shift): Looking ahead one additional character for the benefit
-        of scanRegExp
-        (Lexer::scanRegExp): Change code to support unicode escapes in inline 
-        regexps.
-        * kjs/lexer.h: Extra lookahead added.
-
-=== Safari-521.29 ===
-
-2006-10-26  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Darin.
-
-        Fix build with older gcc 3.3.4.
-
-        * kjs/DateMath.cpp: Remove inline prefix.
-        (KJS::equivalentYearForDST):
-
-2006-10-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - fix iteration of properties of string objects (found because of a warning
-          emitted by the MSVC compiler)
-
-        * kjs/string_object.cpp: (StringInstance::getPropertyNames): Change code that
-        wants to format a number as a string to use UString::from. Before it was using
-        the UString constructor that makes a string from a character!
-
-        * kjs/ustring.h:
-        * kjs/ustring.cpp: Remove the dangerous and not all that helpful UString(char)
-        constructor.
-
-        * kjs/grammar.y: Change code to not depend on the UString(char) constructor.
-        This is potentially more efficient anyway because we could overload the + operator
-        some day to handle char* directly instead of creating a UString.
-
-        * kjs/nodes2string.cpp: (SourceStream::operator<<): Change code to not depend on
-        the UString(char) constructor.
-
-2006-10-25  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Steve (rubber stamp).
-
-        - Link against your local build of JavaScriptCore.lib first, this fixes some errors on release builds of testkjs.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2006-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Lou.
-        
-        Removed duplicate symbol declaration.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/grammar.y:
-
-2006-10-24  Steve Falkenburg  <sfalken@apple.com>
-
-        Build config change
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2006-10-24  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Brady.
-
-        - Fixes a date formatting issue on win.  Specifically strftime cannot handle some ranges of time so we shift time call strftime and then manipulate the returned string, if needed.
-
-        * kjs/date_object.cpp:
-        (KJS::):
-        (KJS::formatLocaleDate):
-        (KJS::DateProtoFunc::callAsFunction):
-
-2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by 
-
-       - Build fix
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/grammar.y:
-
-2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Maciej.
-
-        - Makes the toTM function an operator.  Was going to piggy back on a patch but the patch needs more work.
-
-        * kjs/DateMath.cpp:
-        (KJS::equivalentYearForDST):
-        * kjs/DateMath.h:
-        (KJS::GregorianDateTime::operator tm):
-        * kjs/date_object.cpp:
-        (KJS::formatTime):
-        (KJS::DateProtoFunc::callAsFunction):
-
-2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Maciej.
-
-       - Fixes two regressions on win.  Both are stack overflows. For one the number of recursions is capped at 100, and for the other, nested parenthesis pairs are not evaluated (since they would evaluate to whatever is in them anyway).
-
-        * kjs/grammar.y:
-        * kjs/object.cpp:
-
-2006-10-21  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam.
-        
-        Add minimal compatibility with MSVCRT leak checker
-
-        * wtf/FastMalloc.h:
-
-2006-10-23  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Geof.
-
-        - Sets the lowercase range correctly in the test and consolidates a variable to make the test more readable.
-
-       * tests/mozilla/ecma/String/15.5.4.11-2.js:
-
-2006-10-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=11377
-          swap(Vector, Vector) should be O(1) instead of O(n)
-
-        * wtf/Vector.h:
-        (WTF::VectorBuffer::swap): Added.
-        (WTF::Vector::swap): Added.
-        (WTF::swap): Added overload that takes two Vector objects.
-
-2006-10-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=11376
-          build scripts should invoke make with "-j" option for multiple processors
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Pass -j `sysctl -n hw.ncpu` to make.
-
-2006-10-19  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Geof.
-
-        Changed test to make us pass Georgian case changing for Unicode 4.0 and 5.0.  This incorporates changes from the 1.4 revision of the same mozilla test.
-        On Tiger we are still using Unicode 4.0 but on win and Leopard we are using Unicode 5.0, so this test currently allows for either answer.
-
-        * tests/mozilla/ecma/String/15.5.4.11-2.js:
-
-2006-10-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - remove vestiges of KXMLCore name (former name of WTF).
-
-        * wtf/Assertions.h:
-        * wtf/FastMalloc.h:
-        (operator new):
-        (operator delete):
-        (operator new[]):
-        (operator delete[]):
-        * wtf/FastMallocInternal.h:
-        * wtf/Forward.h:
-        * wtf/GetPtr.h:
-        * wtf/HashCountedSet.h:
-        * wtf/HashFunctions.h:
-        * wtf/HashMap.h:
-        * wtf/HashSet.h:
-        * wtf/HashTable.h:
-        * wtf/HashTraits.h:
-        * wtf/ListRefPtr.h:
-        * wtf/MathExtras.h:
-        * wtf/Noncopyable.h:
-        * wtf/OwnArrayPtr.h:
-        * wtf/OwnPtr.h:
-        * wtf/PassRefPtr.h:
-        * wtf/Platform.h:
-        * wtf/RefPtr.h:
-        * wtf/StringExtras.h:
-        (snprintf):
-        * wtf/UnusedParam.h:
-        * wtf/Vector.h:
-        * wtf/VectorTraits.h:
-
-2006-10-17  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Maciej.
-        
-        Adjust include paths
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2006-10-17  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Darin.
-
-        Fixed a date issue where the UTC offset was not set in win.
-
-        * kjs/DateMath.cpp:
-        (KJS::getDSTOffsetSimple):
-        (KJS::getDSTOffset):
-        (KJS::msToGregorianDateTime):
-        * kjs/DateMath.h:
-        (KJS::):
-        (KJS::GregorianDateTime::GregorianDateTime):
-
-2006-10-17  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Brady.
-
-        Fixes a JavaScriptCore math issue on win.
-
-        * kjs/math_object.cpp:
-        (MathFuncImp::callAsFunction):
-        * wtf/MathExtras.h:
-        (wtf_atan2):
-
-2006-10-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geof.
-
-        Removed unecessary global specifiers.
-
-        * kjs/math_object.cpp:
-        (MathFuncImp::callAsFunction):
-
-2006-10-16  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by John.
-
-        Fixes a compile order issue for testkjs on win.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2006-10-15  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Anders.
-
-        Remove junk (as gcc calls it) after #else clause.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::do_free):
-
-2006-10-14  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Maciej.
-
-        Define KXMLCORE_USE_CURL for platforms that wish to use CURL as
-        networking, and set it for GDK build
-
-        * wtf/Platform.h:
-
-2006-10-13  Brett Wilson  <brettw@google.com>
-
-        Reviewed by Kevin McCullough.
-
-        Fixes http://bugs.webkit.org/show_bug.cgi?id=11283
-        Fixes Qt/Linux and Windows build
-
-        * kjs/DateMath.cpp:
-        * kjs/DateMath.h:
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::callAsFunction):
-
-2006-10-13  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Adam, Geoff, Darin.
-
-       Fixed displaying the UTC offset and time zone string, as well as renamed the GregorianDateTime structure and clean up. 
-
-        * ChangeLog:
-        * kjs/DateMath.cpp:
-        (KJS::getUTCOffset):
-        (KJS::getDSTOffsetSimple):
-        (KJS::gregorianDateTimeToMS):
-        (KJS::msToGregorianDateTime):
-        * kjs/DateMath.h:
-        (KJS::GregorianDateTime::GregorianDateTime):
-        (KJS::GregorianDateTime::~GregorianDateTime):
-        (KJS::GregorianDateTime::toTM):
-        * kjs/date_object.cpp:
-        (KJS::gmtoffset):
-        (KJS::formatDate):
-        (KJS::formatDateUTCVariant):
-        (KJS::formatTime):
-        (KJS::fillStructuresUsingTimeArgs):
-        (KJS::fillStructuresUsingDateArgs):
-        (KJS::DateInstance::getTime):
-        (KJS::DateInstance::getUTCTime):
-        (KJS::DateProtoFunc::callAsFunction):
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectImp::callAsFunction):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        (KJS::parseDate):
-        * kjs/date_object.h:
-
-2006-10-13  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Adam.
-
-        Gets JavaScripCore tests running on windows.
-
-        * Scripts/run-javascriptcore-tests:
-        * Scripts/webkitdirs.pm:
-
-2006-10-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        Removed JSObjectMakeWithPrototype, clarified some comments. We really
-        don't want people to manage their own prototypes, so we don't want an
-        extra function in the API devoted to just that. People can still manage
-        their own prototypes if they really want by using JSObjectSetPrototype.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::createNoAutomaticPrototype):
-        (OpaqueJSClass::create):
-        * API/JSClassRef.h:
-        * API/JSObjectRef.cpp:
-        (JSClassCreate):
-        (JSObjectMake):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (main):
-        * JavaScriptCore.exp:
-
-2006-10-12  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Adam.
-
-        Build breakage fix
-
-        * kjs/DateMath.cpp:
-        (KJS::msToTM):
-        * kjs/date_object.cpp:
-        (KJS::gmtoffset):
-
-2006-10-11  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Geoff.
-
-        Added our own tm struct to have a consistent set of fields, which lets us display the DST offset and timezone strings correctly.  Also there is some code cleanup.
-
-        * kjs/DateMath.cpp:
-        (KJS::timeToMS):
-        (KJS::getUTCOffset):
-        (KJS::getDSTOffsetSimple):
-        (KJS::dateToMS):
-        (KJS::msToTM):
-        (KJS::tmToKJStm):
-        (KJS::KJStmToTm):
-        * kjs/DateMath.h:
-        * kjs/date_object.cpp: 
-        (KJS::gmtoffset): 
-        (KJS::formatTime): 
-        (KJS::DateProtoFunc::callAsFunction): 
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectImp::callAsFunction):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        (KJS::parseDate):
-        * kjs/date_object.h:
-
-2006-10-09  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Geoff.
-
-        Improve gdk build compiler flags (show warning, no rtti and exceptions).
-
-        * jscore.bkl:
-
-2006-10-06  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Brady.
-
-        DST and TimeZones were wrong in some cases, specifically on some of the dates where DST changes.
-
-        * kjs/DateMath.cpp:
-        (KJS::equivalentYearForDST):
-        (KJS::getUTCOffset):
-        (KJS::getDSTOffsetSimple):
-        (KJS::getDSTOffset):
-        (KJS::dateToMseconds):
-        (KJS::msToTM):
-        * kjs/DateMath.h:
-        * kjs/date_object.cpp:
-        (KJS::gmtoffset):
-
-2006-10-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin McCullough.
-
-        * wtf/Assertions.cpp: Fix build when _DEBUG is not defined.
-
-2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Adam.
-
-        - Removed an unnecessary assert that was stopping many pages.  tm_gmtoff was not set for UTC time in mozilla but is always set for us.
-
-        * kjs/DateMath.cpp:
-        (KJS::getUTCOffset):
-        (KJS::msToTM):
-        * kjs/date_object.cpp:
-        (KJS::gmtoffset):
-        (KJS::formatTime):
-
-2006-10-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by Darin and me, reviewed by Maciej.
-
-        Fixed <rdar://problem/4518397> REGRESSION(?): Oft-seen but unrepro crash 
-              in JavaScript garbage collection (KJS::Collector::collect())
-               <rdar://problem/4752492> Crash in KJS::collect
-              
-        The issue here was allocating one garbage-collected object in the midst 
-        of allocating a second garbage-collected object. In such a case, the
-        zeroIfFree word lies.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::collect):
-
-2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Adam.
-
-        - Layout test fix
-
-        * kjs/DateMath.cpp:
-        (KJS::dateToDayInYear): accept and correctly handle negative months
-
-2006-10-05  Kevin McCullough  <KMcCullough@apple.com>
-
-       build fix
-
-        * kjs/DateMath.cpp:
-        (KJS::dateToDayInYear):
-
-2006-10-05  Mark Rowe  <bdash@webkit.org>
-
-        Reviewed by maculloch.
-
-        Gdk build fix.
-
-        * JavaScriptCoreSources.bkl: Add DateMath.cpp to file list.
-
-2006-10-05  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by aroben
-
-        - build fix
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-10-04  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Mitz.
-
-        Fix Qt/Linux build by adding DateMath.cpp to compilation.
-
-        * CMakeLists.txt: Also replace tabs with spaces.
-
-2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by DethBakin.
-
-        - Apparently the build bot uses an older version of XCode which warns about conversions and the newest version does not.  I hope this fixes the build but I cann't be sure on my system.
-
-        * kjs/DateMath.cpp:
-        (KJS::msToYear):
-        (KJS::dayInYear):
-        (KJS::dateToDayInYear):
-
-2006-10-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam.
-
-        * wtf/Assertions.cpp: Changed assertion formatting to omit the "======"
-        lines so you can see more assertions in less space. Also improved format
-        of file/line information so it works with more development environments.
-
-2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Tim H.
-
-        - The build machine is more sensitive about automatic conversions.  These fixes exp
-licitly cast or change the input and return types of functions to avoid conversions.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/DateMath.cpp:
-        (KJS::):
-        (KJS::msToDays):
-        (KJS::msToYear):
-        (KJS::dayInYear):
-        (KJS::monthToDayInYear):
-        (KJS::dateToDayInYear):
-        (KJS::getDSTOffsetSimple):
-        (KJS::getDSTOffset):
-        (KJS::dateToMseconds):
-        (KJS::msToTM):
-
-2006-10-04  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by GGaren
-
-        - This is a big makeover for our Date implemenetation.  This solves many platform specific issues, specifically dates before 1970, and simplifies some ugly code.  The purpose of this was to get us to pass many of the JavaScriptCore tests on windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/DateMath.cpp: Added.
-        (KJS::):
-        (KJS::daysInYear):
-        (KJS::daysFrom1970ToYear):
-        (KJS::msFrom1970ToYear):
-        (KJS::msToDays):
-        (KJS::msToYear):
-        (KJS::isLeapYear):
-        (KJS::isInLeapYear):
-        (KJS::dayInYear):
-        (KJS::msToMilliseconds):
-        (KJS::msToWeekDay):
-        (KJS::msToSeconds):
-        (KJS::msToMinutes):
-        (KJS::msToHours):
-        (KJS::msToMonth):
-        (KJS::msToDayInMonth):
-        (KJS::monthToDayInYear):
-        (KJS::timeToMseconds):
-        (KJS::dateToDayInYear):
-        (KJS::equivalentYearForDST):
-        (KJS::getUTCOffset):
-        (KJS::getDSTOffsetSimple):
-        (KJS::getDSTOffset):
-        (KJS::localTimeToUTC):
-        (KJS::UTCToLocalTime):
-        (KJS::dateToMseconds):
-        (KJS::msToTM):
-        (KJS::isDST):
-        * kjs/DateMath.h: Added.
-        (KJS::):
-        * kjs/date_object.cpp:
-        (KJS::gmtoffset):
-        (KJS::formatTime):
-        (KJS::DateInstance::getTime):
-        (KJS::DateInstance::getUTCTime):
-        (KJS::DateProtoFunc::callAsFunction):
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        (KJS::parseDate):
-        * kjs/testkjs.cpp:
-        * os-win32/stdint.h:
-
-2006-10-02  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed/landed by Adam.
-
-        Build testkjs on Qt/Linux.
-
-        * CMakeLists.txt:
-
-2006-10-02  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by eseidel.  Landed by eseidel.
-
-        Fix win32 build, which has no inttypes.h
-
-        * wtf/Assertions.h:
-
-2006-10-02  Nikolas Zimmermann <zimmermann@kde.org>
-
-        Reviewed by eseidel & mjs.  Landed by eseidel.
-
-        Fix Qt/Linux build with older gcc 3.3.4.
-        http://bugs.webkit.org/show_bug.cgi?id=11116
- 
-        * kjs/lookup.h: Move cacheGlobalObject into KJS namespace.
-        (KJS::cacheGlobalObject): Also remove GCC_ROOT_NS_HACK.
-        * wtf/Assertions.h: Include inttypes.h for uintptr_t.
-
-2006-09-28  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Maciej.
-        
-        Use $(ConfigSuffix) set via vsprops files to add _debug
-        to end of debug filenames.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/debug.vsprops: Added.
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-        * JavaScriptCore.vcproj/release.vsprops: Added.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2006-09-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Alice.
-
-        - support for change that should fix <rdar://problem/4733044>
-          REGRESSION: XML iBench shows 10% perf. regression (copying
-          strings while decoding)
-
-        * wtf/Vector.h: Changed VectorBuffer so that the general case
-        contains an instance of the 0 case, since deriving from it
-        was violating the Liskov Substitution Principle.
-        (WTF::VectorBuffer::releaseBuffer): Added. Releases the buffer so it can
-        be adopted by another data structure that uses the FastMalloc.h allocator.
-        Returns 0 if the internal buffer was being used.
-        (WTF::Vector::releaseBuffer): Added. Releases the buffer as above or creates
-        a new one in the case where the internal buffer was being used.
-
-2006-09-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - change garbage collection to happen at increments proportional to number of live objects, not always
-        every 1000 allocations
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-
-2006-09-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mitz.
-
-        - fixed REGRESSION (r16606): javascriptCore Crash on website load
-        
-        Plus style fixes.
-        
-            - fixed some possible off-by-one bugs
-            - use indexing, not iterators, for Vectors
-            - store Vector by pointer instead of by value to avoid blowing out FunctionImp size
-        
-        * kjs/function.cpp:
-        (KJS::FunctionImp::addParameter):
-        (KJS::FunctionImp::parameterString):
-        (KJS::FunctionImp::processParameters):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::getParameterName):
-        * kjs/function.h:
-
-2006-09-27  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Maciej.
-        
-        More build tweaks
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/dstroot-to-sdk.cmd: Removed.
-
-2006-09-27  John Sullivan  <sullivan@apple.com>
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::getParameterName):
-        removed assertion that displeased gcc 4.0.1 (build 5420):
-        ASSERT(static_cast<size_t>(index) == index);
-
-2006-09-27  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by GGaren.
-
-        Cleanup of previous fix which was to address Radar: 4752492
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::addParameter):
-        (KJS::FunctionImp::parameterString):
-        (KJS::FunctionImp::processParameters):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::getParameterName):
-        * kjs/function.h:
-
-2006-09-27  Kevin McCullough  <KMcCullough@apple.com>
-
-        Reviewed by Adele.
-
-        Fixes a GC stack overflow crash.
-        The change is to move from a linked list implementation of Parameters to a Vector.
-        The problem with the linked list is that each one creates it's own stack frame when being destroyed and in extreme cases this caused the stack to overflow. 
-
-        * kjs/function.cpp:
-        (KJS::Parameter::Parameter):
-        (KJS::FunctionImp::addParameter):
-        (KJS::FunctionImp::parameterString):
-        (KJS::FunctionImp::processParameters):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::getParameterName):
-        * kjs/function.h:
-
-2006-09-27  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix last path fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2006-09-27  Steve Falkenburg  <sfalken@apple.com>
-
-        Set path before build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2006-09-27  Sean Gies  <seangies@apple.com>
-
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Debug config should link to debug runtime.
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj: Debug config should link to debug runtime.
-
-2006-09-27  Don Melton  <gramps@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Changed line ending from DOS to UNIX format so it doesn't die running
-        on my machine. ;)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-
-2006-09-23  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=10183
-        REGRESSION: obfuscated JS decoding breaks because of soft hyphen removal
-        (Fanfiction.net author pages not listing stories)
-
-        Rolled out the fix for bug 4139.
-
-        * kjs/lexer.cpp:
-        (Lexer::setCode):
-        (Lexer::shift):
-        * tests/mozilla/ecma/Array/15.4.5.1-1.js:
-        * tests/mozilla/expected.html:
-
-2006-09-22  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2006-09-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Alice.
-
-        * wtf/Vector.h: Add an append that takes a pointer and length.
-        Generalize the existing Vector append to work on vectors with
-        any value for inlineCapacity. Change the append algorithm so
-        it doesn't check capacity each time through the loop.
-
-2006-09-22  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix release build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2006-09-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Updated to include the right path.
-        * wtf/FastMalloc.h: #include Platform.h, since we use Platform macros.
-
-=== Safari-521.27 ===
-
-2006-09-20  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        * wtf/MathExtras.h:
-        Get rid of lrint.
-
-2006-09-20  Sean Gies  <seangies@apple.com>
-
-        Reviewed by Steve Falkenburg.
-
-        * wtf/Assertions.cpp: Debug messages should go into debugger console.
-
-2006-09-20  David Hyatt  <hyatt@apple.com>
-
-        Add an implementation of lrint for Win32.
-
-        Reviewed by anders
-
-        * wtf/MathExtras.h:
-        (lrint):
-
-2006-09-15  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Adam.
-
-        http://bugs.webkit.org/show_bug.cgi?id=10864
-        Bug 10864: Linux\GDK build fixes
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-
-2006-09-15  Adam Roben  <aroben@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-
-2006-09-15  Anders Carlsson  <acarlsson@apple.com>
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Fix the release build.
-
-2006-09-15  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Steve.
-
-        Add JavaScriptCore API to the build.
-        * API/JSBase.cpp:
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackObject.cpp:
-        * API/JSClassRef.cpp:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSStringRef.cpp:
-        * API/JSValueRef.cpp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * os-win32/stdbool.h: Added.
-
-2006-09-12  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Ada.
-        
-        Build tweaks (doing JavaScriptCore now since it doesn't have
-        dependencies).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-        * JavaScriptCore.vcproj/JavaScriptCore/dstroot-to-sdk.cmd: Added.
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2006-09-11  Brady Eidson  <beidson@apple.com>
-
-        Build fix - I think Tim's last checkin wasn't tested on Tiger, possibly.  I simply
-        commented out the undefined constants until he can have a chance to make the right call
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::objcValueTypeForType): Commented out undefined symbols
-
-2006-09-11  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Tim O. and Darin.
-
-        Add support for more method signatures affecting ObjC methods called from JavaScript:
-        - Added unsigned types and long long.
-        - Allow methods that use const, oneway, bycopy and byref type modifiers.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        * bindings/objc/objc_utility.h:
-        (KJS::Bindings::):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        (KJS::Bindings::objcValueTypeForType):
-
-2006-09-05  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Tim O.
-
-        <rdar://problem/4715840> SEL is not char*
-
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::methodsNamed): use sel_getName instead of a char* cast.
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::callAsFunction): ditto
-
-2006-09-03  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Tim H.
-
-        http://bugs.webkit.org/show_bug.cgi?id=10693
-        Convert JavaScript arrays to AppleScript lists
-
-        * JavaScriptCore.exp: Export ArrayInstance::info and ArrayInstance::getItem().
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstance::getItem): Added a method to access array items from C++.
-
-2006-09-02  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed by Tim H.
-
-        Bug 10454: Unix bakefile fixes
-        http://bugs.webkit.org/show_bug.cgi?id=10454
-
-        * JavaScriptCoreSources.bkl:
-
-2006-09-01  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by hyatt.  Landed by eseidel.
-
-        Fix build on Linux.
-
-        * pcre/CMakeLists.txt: Add wtf/ include.
-
-2006-09-01  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed and landed by ap.
-
-        Fix build on Linux (C89 without gcc extensions enabled).
-
-        * pcre/pcre_internal.h: Use C style comments.
-        * wtf/Assertions.h: Use C style comments.
-        * wtf/Platform.h: Use C style comments.
-
-2006-09-01  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-
-2006-08-31  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-        
-        Add new portability functions to MathExtras.h and add StringExtras.h which is for
-        string portability functions.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * bindings/c/c_instance.cpp:
-        * kjs/date_object.cpp:
-        * wtf/MathExtras.h:
-        (copysign):
-        (isfinite):
-        * wtf/StringExtras.h: Added.
-        (snprintf):
-        (strncasecmp):
-
-2006-08-31  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Tim H.
-        
-        Fix Windows build.
-        
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-        * pcre/pcre_internal.h:
-
-2006-08-31  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Geoff.
-
-        Band-aid fix for PCRE to compile for ppc64 and x86_64 now that
-        we use -Wshorten-64-to-32. Adds an INT_CAST macro that ASSERTs
-        the value <= INT_MAX.
-
-        I filed <rdar://problem/4712064> to track the need to verify
-        PCRE's 64-bit compliance.
-
-        * pcre/pcre_compile.c:
-        (complete_callout):
-        (compile_branch):
-        (compile_regex):
-        (pcre_compile2):
-        * pcre/pcre_exec.c:
-        (match):
-        (pcre_exec):
-        * pcre/pcre_get.c:
-        (pcre_get_substring_list):
-        * pcre/pcre_internal.h:
-        * pcre/pcre_tables.c:
-        * pcre/pcre_try_flipped.c:
-        (_pcre_try_flipped):
-
-2006-08-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        - add WTF::getPtr, a function template that makes it possible to write
-          generic code that gets a raw pointer out of any of our pointer types
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/GetPtr.h: Added.
-        * wtf/ListRefPtr.h: (WTF::getPtr): Added.
-        * wtf/OwnArrayPtr.h: (WTF::getPtr): Added.
-        * wtf/OwnPtr.h: (WTF::getPtr): Added.
-        * wtf/PassRefPtr.h: (WTF::getPtr): Added.
-        * wtf/RefPtr.h: (WTF::getPtr): Added.
-
-2006-08-29  waylonis  <waylonis@google.com>
-
-        Reviewed, tweaked by ggaren.
-
-        - Added storage and accessor functions for ExecState as a fix for
-          http://bugs.webkit.org/show_bug.cgi?id=10114
-        
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/ExecState.h:
-        * kjs/context.h:
-        (KJS::Context::setExecState):
-        (KJS::Context::execState):
-
-2006-08-30  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Tim H.
-
-        Commit KDE related tweaks, to be able to
-        differentiate between a Qt-only or a KDE build.
-
-        * CMakeLists.txt: Install wtf-unity library.
-        * wtf/Platform.h: Add define for the KDE platform.
-
-2006-08-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        * kjs/list.h: Use explicit in constructor (as appropriate).
-
-2006-08-24  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed, tweaked and landed by ap
-
-        http://bugs.webkit.org/show_bug.cgi?id=10467
-        WebKit should have Qt platform support (Part II)
-
-        * CMakeLists.txt: Adjust to Anders' build fixes.
-        * wtf/Platform.h: Fix define for the Qt platform (we don't use/need Cairo.)
-
-2006-08-23  David Hyatt  <hyatt@apple.com>
-
-        Fix Platform.h to include #defines for graphics features.
-
-        Reviewed by darin
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * wtf/Platform.h:
-
-2006-08-23  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-
-        Make the bindings compile without CoreFoundation.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * bindings/c/c_instance.cpp:
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16):
-        * bindings/npapi.h:
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-        (KJS::Bindings::Instance::createLanguageInstanceForValue):
-        * bindings/runtime_root.cpp:
-        * bindings/runtime_root.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::createLanguageInstanceForValue):
-        * kjs/interpreter.h:
-
-2006-08-22  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-
-        Move the npruntime code over to using HashMap and the runtime_root code over to using 
-        HashMap and HashCountedSet.
-        
-        * bindings/NP_jsobject.cpp:
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::identifierFromNPIdentifier):
-        * bindings/c/c_utility.h:
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::invoke):
-        * bindings/npruntime.cpp:
-        (getStringIdentifierMap):
-        (getIntIdentifierMap):
-        (_NPN_GetStringIdentifier):
-        (_NPN_GetIntIdentifier):
-        * bindings/runtime_root.cpp:
-        (getReferencesByRootMap):
-        (getReferencesSet):
-        (KJS::Bindings::findReferenceSet):
-        (KJS::Bindings::rootForImp):
-        (KJS::Bindings::rootForInterpreter):
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        (RootObject::removeAllNativeReferences):
-        * bindings/runtime_root.h:
-
-2006-08-22  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-        
-        Switch over the NPAPI and Java bindings to using HashMaps instead of dictionaries.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/c/c_class.cpp:
-        (KJS::Bindings::CClass::CClass):
-        (KJS::Bindings::CClass::~CClass):
-        (KJS::Bindings::CClass::classForIsA):
-        (KJS::Bindings::CClass::methodsNamed):
-        (KJS::Bindings::CClass::fieldNamed):
-        * bindings/c/c_class.h:
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::JavaClass):
-        (JavaClass::~JavaClass):
-        (JavaClass::methodsNamed):
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::deleteMethod):
-        (KJS::Bindings::deleteField):
-        (KJS::Bindings::):
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        (KJS::Bindings::ObjcClass::fieldNamed):
-        * bindings/runtime.cpp:
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::getOwnPropertySlot):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-
-2006-08-21  Vladimir Olexa  <vladimir.olexa@gmail.com>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=6252
-        JavaScript 1.6 Array.lastIndexOf
-
-        Test: fast/js/array-lastIndexOf.html
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): Added a LastIndexOf case.
-        * kjs/array_object.h:
-        (KJS::ArrayProtoFunc::): Added LastIndexOf to enum.
-        * tests/mozilla/expected.html: Two more tests now pass.
-
-2006-08-20  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Maciej. Landed by rwlbuis.
-
-        Fixes parts of: http://bugs.webkit.org/show_bug.cgi?id=10463
-        WebKit should have Qt platform support
-
-        Removing obsolete QConstString/QString constructors in kjs code.
-
-        * kjs/identifier.h:
-        * kjs/ustring.h:
-
-2006-08-17  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Maciej. Landed by rwlbuis.
-
-        Fixes: http://bugs.webkit.org/show_bug.cgi?id=10463
-        WTF Changes needed for Qt platform code.
-
-        * wtf/Platform.h:
-        * wtf/unicode/UnicodeDecomposition.h: Added.
-        (WTF::Unicode::):
-        * wtf/unicode/UnicodeDirection.h: Added.
-        (WTF::Unicode::):
-        * wtf/unicode/qt4/UnicodeQt4.cpp: Added.
-        (WTF::Unicode::direction):
-        (WTF::Unicode::category):
-        (WTF::Unicode::decomposition):
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isSpace):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::compare):
-
-2006-08-17  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Eric. Landed by rwlbuis.
-
-        Fixes: http://bugs.webkit.org/show_bug.cgi?id=10464
-        Offer a cmake build system for Qt platform.
-
-        * CMakeLists.txt: Added.
-        * pcre/CMakeLists.txt: Added.
-
-2006-08-17  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Maciej.
-
-        * bindings/npapi.h:
-        Fix ifdef.
-
-2006-08-15  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by mjs.
-        
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * wtf/Assertions.h:
-
-2006-08-15  Mark Rowe  <opendarwin.org@bdash.net.nz>
-
-        Reviewed by Tim H.
-
-        Build fix:  DWARF and -gfull are incompatible with symbol separation.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-08-15  Mark Rowe  <opendarwin.org@bdash.net.nz>
-
-        Reviewed by Tim H.
-
-        http://bugs.webkit.org/show_bug.cgi?id=10394
-        Bug 10394: WebKit Release and Production configurations should enable dead code stripping
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-08-15  Mark Rowe  <opendarwin.org@bdash.net.nz>
-
-        Reviewed by Tim H.
-
-        http://bugs.webkit.org/show_bug.cgi?id=10384
-        Bug 10384: Switch to DWARF for Release configuration
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-08-13  Maks Orlovich  <maksim@kde.org>
-
-        Reviewed (and tweaked a little) by Maciej.
-        
-        - shrank the size of JSObject by 8 bytes and made the corresponding reduction to the cell size, resulting
-        in a 1.2% speed improvement on JS iBench (and probably overall memory savings).
-
-        This was done by removing _scope and _internalValue data members
-        from JSObject and moving them only to the subclasses that actually
-        make use of them.
-        
-        * kjs/object.cpp: 
-        (KJS::JSObject::mark): No need to mark scope or internal value here.
-        * kjs/object.h:
-        (KJS::JSObject::JSObject): Don't initialize them.
-        * kjs/JSWrapperObject.cpp: Added. New base class for object types that
-        wrap primitive values (Number, String, Boolean, Date).
-        (KJS::JSWrapperObject::mark): 
-        * kjs/JSWrapperObject.h: Added.
-        (KJS::JSWrapperObject::JSWrapperObject):
-        (KJS::JSWrapperObject::internalValue):
-        (KJS::JSWrapperObject::setInternalValue):
-        * kjs/array_object.cpp:
-        (ArrayPrototype::ArrayPrototype): Don't set useless internal value.
-        * kjs/bool_object.cpp:
-        (BooleanInstance::BooleanInstance): Inherit from JSWrapperObject.
-        (BooleanProtoFunc::callAsFunction): Fixed to account for fact that not all
-        JSObjects have an internal value.
-        (BooleanObjectImp::construct): ditto.
-        * kjs/bool_object.h:
-        * kjs/collector.cpp: Lowered cell size to 48.
-        (KJS::Collector::allocate): meaningless whitespace change
-        * kjs/date_object.cpp:
-        (KJS::DateInstance::DateInstance): Inherit from JSWrapperObject.
-        (KJS::DateProtoFunc::callAsFunction): adjusted for move of internalValue
-        (KJS::DateObjectImp::construct): ditto
-        * kjs/date_object.h:
-        * kjs/error_object.cpp:
-        (ErrorPrototype::ErrorPrototype): don't set internal value
-        * kjs/function.cpp: move _scope and related handling here
-        (KJS::FunctionImp::mark): mark scope
-        * kjs/function.h:
-        (KJS::FunctionImp::scope): moved here from JSObject
-        (KJS::FunctionImp::setScope): ditto
-        * kjs/number_object.cpp:
-        (NumberInstance::NumberInstance): inherit from JSWrapperObject
-        (NumberProtoFunc::callAsFunction): adjusted
-        (NumberObjectImp::construct): adjusted
-        * kjs/number_object.h: shring RegExp-related objects a little
-        * kjs/regexp_object.cpp:
-        (RegExpPrototype::RegExpPrototype): Adjust for size tweaks
-        (RegExpObjectImp::RegExpObjectImp): ditto
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (StringInstance::StringInstance): inherit from JSWrapperObject
-        (StringProtoFunc::callAsFunction): adjusted
-        * kjs/string_object.h:
-        * JavaScriptCore.exp: Exported new methods as needed.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files to build.
-
-2006-08-04  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Geoff's rubber stamp
-
-        Fix a build break on Intel hardware causes by adapting stricter
-        compiler warnings (-Wshorten-64-to-32)
-
-        * API/testapi.c:
-        (assertEqualsAsNumber): manually cast some doubles to floats
-        (main): ditto
-
-2006-08-04  Sam Weinig  <sam.weinig@gmail.com>
-
-        Reviewed by Darin.
-
-        - patch for http://bugs.webkit.org/show_bug.cgi?id=10192
-          Make WebCore (and friends) compile with -Wshorten-64-to-32
-
-          * Adds -Wshorten-64-to-32 flag to Xcode project.
-          * Adds explicit casts where OK.
-
-        * API/JSNodeList.c:
-        (JSNodeList_item):
-        (JSNodeList_getProperty):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-08-04  Adam Roben  <aroben@apple.com>
-
-        Reviewed by Anders.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Convert
-        spaces to tabs
-
-2006-08-03  Sam Weinig  <sam.weinig@gmail.com>
-
-        Reviewed by Darin.
-
-        - patch for http://bugs.webkit.org/show_bug.cgi?id=10176
-          Make WebCore compile with -Wundef
-
-          * Adds -Wundef flag to Xcode project
-          * Converts #ifs to #ifdef and #ifndefs where needed.
-          * Added #define YYMAXDEPTH 10000 in kjs/grammar.y
-            to fix a warning from within Bison.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::getSlot):
-        (JavaJSObject::setSlot):
-        * bindings/npapi.h:
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        (KJS::Bindings::ObjcClass::fieldNamed):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcMethod::getMethodSignature):
-        (ObjcField::name):
-        (ObjcField::type):
-        * kjs/grammar.y:
-        * kjs/identifier.h:
-
-2006-08-03  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by John Sullivan.
-
-       * wtf/HashSet.h:
-        (WTF::::operator):
-        Return *this in operator=
-
-2006-08-03  Adam Roben  <aroben@apple.com>
-
-        Reviewed by Anders.
-
-        - Fixed Windows build
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * wtf/MathExtras.h: Implement inline versions of these functions
-        (nextafter):
-        (nextafterf):
-
-2006-08-02  Adam Roben  <aroben@apple.com>
-
-        Reviewed by Darin.
-
-        - Fixed build
-
-        * kjs/date_object.cpp:
-        (KJS::formatTime):
-
-2006-07-29  Darin Adler  <darin@apple.com>
-
-        - Removed tabs from these source files that still had them.
-          We don't use them; that way source files look fine in editors
-          that have tabs set to 8 spaces or to 4 spaces.
-        - Removed allow-tabs Subversion property from the files too.
-
-        * bindings/NP_jsobject.cpp:
-        * bindings/c/c_utility.cpp:
-        * bindings/jni/jni_runtime.cpp:
-        * bindings/jni/jni_utility.cpp:
-        * bindings/objc/objc_utility.mm:
-        * bindings/runtime.cpp:
-        * bindings/runtime_method.cpp:
-        * bindings/testbindings.cpp:
-        * bindings/testbindings.mm:
-        * kjs/date_object.cpp:
-        * kjs/function.cpp:
-        * kjs/list.cpp:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/string_object.cpp:
-        * kjs/ustring.cpp:
-
-2006-07-29  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/expected.html: Update test results now that regress-185165.js
-        is succeeding. I suspect Anders fix for bug 4620655 is the reason.
-
-2006-07-29  Sam Weinig  <sam.weinig@gmail.com>
-
-        Reviewed by Darin.
-
-        - patch for http://bugs.webkit.org/show_bug.cgi?id=10080
-          Adopt pedantic changes from the Unity project to improve 
-          cross-compiler compatibility
-
-          Changes include:
-          * Removing trailing semicolon from namespace braces.
-          * Removing trailing comma from last enum declaration.
-          * Updating to match style guidelines.
-          * Adding missing newline to the end of the file.
-          * Turning on gcc warning for missing newline at the end of a source file
-            (GCC_WARN_ABOUT_MISSING_NEWLINE in Xcode, -Wnewline in gcc).
-          * Alphabetical sorting of Xcode source list files. 
-          * Replace use of non-portable variable-size array with Vector.
-          * Use C-style comments instead of C++ comments in files that might
-            be included by either C or C++ files.
-
-        * API/JSCallbackConstructor.cpp:
-        (KJS::JSCallbackConstructor::construct):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::callAsFunction):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCorePrefix.h:
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::valueOf):
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaArray::JavaArray):
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni/jni_utility.h:
-        * bindings/objc/objc_instance.h:
-        * bindings/runtime_array.h:
-        * kjs/collector.h:
-        * kjs/config.h:
-        * kjs/ustring.cpp:
-        * wtf/Platform.h:
-
-2006-07-29  Mike Emmel  <mike.emmel@gmail.com>
-
-        Reviewed by Darin.
-
-        - fixes for Linux build
-
-        * JavaScriptCoreSources.bkl: Added new files to build, kjs/PropertyNameArray.cpp
-        and kjs/testkjs.cpp, and removed old files.
-
-2006-07-24  Dan Waylonis  <waylonis@google.com>
-
-        Reviewed and tweaked a bit by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=9902
-          jsNull and NSNull not properly converted between JS and ObjC
-
-        * bindings/objc/objc_utility.mm: (KJS::Bindings::convertObjcValueToValue):
-        Added case for converting NSNull to jsNull.
-
-2006-07-24  Rob Buis  <buis@kde.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=4258
-        Date().toString() only includes GMT offset, not timezone string
-
-        Use the info in tm_zone to append timezone abbreviation
-        to Date().toString().
-
-        * kjs/date_object.cpp:
-        (KJS::formatTime):
-
-2006-07-24  Rob Buis  <buis@kde.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=5257
-        setYear() does not match FireFox/IE behavior
-
-        Make sure the right values end up in tm_year.
-
-        * kjs/date_object.cpp:
-        (KJS::formatTime):
-
-2006-07-23  Mark Rowe  <opendarwin.org@bdash.net.nz>
-
-        Reviewed by Maciej.
-
-        Bug 9686: [Drosera] Need the ability to break into Drosera on Javascript exceptions
-        http://bugs.webkit.org/show_bug.cgi?id=9686
-
-        JavaScriptCore portion of the fix.
-
-        * JavaScriptCore.exp: Update symbol for change in argument type.
-        * kjs/debugger.cpp:
-        (Debugger::detach): Clear map of recent exceptions.
-        (Debugger::hasHandledException): Track the most recent exception
-        thrown by an interpreter.
-        (Debugger::exception): Change exception argument to a JSValue.
-        * kjs/debugger.h:
-        * kjs/nodes.cpp:
-        (Node::debugExceptionIfNeeded): Notify the debugger of an exception
-        if it hasn't seen it before.
-        (ThrowNode::execute): Notify the debugger that an exception is being thrown.
-        * kjs/nodes.h:
-
-    2006-07-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by Eric Albert, reviewed by Darin and me.
-        
-        - Fixed <rdar://problem/4645931> JavaScriptCore stack-scanning code 
-        crashes (Collector::markStackObjectsConservatively)
-        
-        * bindings/jni/jni_jsobject.cpp: On 64bit systems, jint is a long, not an
-        int.
-        (JavaJSObject::getSlot):
-        (JavaJSObject::setSlot):
-        * kjs/collector.cpp:
-        (KJS::Collector::markCurrentThreadConservatively): Use a pointer instead of
-        an int as 'dummy,' because on LP64 systems, an int is not pointer-aligned,
-        and we want to scan the stack for pointers.
-        * JavaScriptCore.xcodeproj/project.pbxproj: After a tense cease-fire, the 
-        XCode war has started up again!
-
-=== Safari-521.20 ===
-
-2006-07-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4507265> REGRESSION: overlays don't work on HousingMaps.com (Google Maps-based site)
-
-        - Added support for strings that masquerade as undefined. Currently used
-        by WebCore to implement undetectable style.filter.
-        
-        The name is a little long, but it's only used in one line of code, so I
-        thought clarity should win over brevity.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/object.h:
-        * kjs/string_object.h:
-        (KJS::StringInstanceThatMasqueradesAsUndefined::StringInstanceThatMasqueradesAsUndefined):
-        (KJS::StringInstanceThatMasqueradesAsUndefined::masqueradeAsUndefined):
-        (KJS::StringInstanceThatMasqueradesAsUndefined::toBoolean):
-
-=== Safari-521.19 ===
-
-2006-07-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix the build
-
-        * kjs/function.cpp:
-        (KJS::escapeStringForPrettyPrinting):
-
-2006-07-19  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4620655> REGRESSION(10.4.7-10.5): preview button for a blogger.com post doesn't work
-        
-        * kjs/nodes2string.cpp:
-        (StringNode::streamTo):
-        Return the escaped string.
-        
-        (RegExpNode::streamTo):
-        Use the correct syntax.
-        
-        * kjs/function.cpp:
-        (KJS::escapeStringForPrettyPrinting):
-        * kjs/function.h:
-        Add escape function which escapes a string for pretty-printing so it can be parsed again.
-        
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::isPrintableChar):
-        New function.
-
-2006-07-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adele Peterson.
-        
-        <rdar://problem/4589530> REGRESSION: null character in JS string causes parse error (works in Tiger and in other browsers)
-
-        * kjs/lexer.cpp:
-        (Lexer::shift):
-        (Lexer::lex):
-        (Lexer::record16):
-        (Lexer::scanRegExp):
-        * kjs/lexer.h:
-
-2006-07-18  Tim Omernick  <timo@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        Removed a misleading comment; we recently added support for the NPNVPluginElementNPObject
-        variable.
-
-        * bindings/npapi.h:
-
-=== Safari-521.18 ===
-
-2006-07-18  Timothy Hatcher  <timothy@apple.com>
-
-        Made the following headers public:
-
-        * JavaScriptCore.h
-        * JSBase.h
-        * JSContextRef.h
-        * JSObjectRef.h
-        * JSStringRef.h
-        * JSValueRef.h
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Added automatic prototype creation for classes.
-        
-        A class stores a weak reference to a prototype, which is cleared when
-        the prototype is garbage collected, to avoid a reference cycle.
-        
-        We now have an attributes field in JSClassDefinition, that currently is
-        used only to override automatic prototype creation when you want to manage your
-        own prototypes, but can be extended in the future for other nefarious purposes.
-        
-        Similarly, we have JSObjectMake and JSObjectMakeWithPrototype, the latter
-        allowing you to manage your own prototypes.
-        
-        JSObjectMakeConstructor is more interesting now, able to make a constructor
-        on your behalf if you just give it a class.
-        
-        - Removed bogus old code from minidom.js.
-        
-        - Tweaked the headerdocs.
-        
-        - Added more GC testing, which caught some leaks, and tested more funny 
-        edge cases in lookup, which caught a lookup bug. Removed some testing 
-        we used to do with MyObject because it was redundant with the new, cool 
-        stuff.
-        
-        While fixing the lookup bug I retracted this change:
-        
-            "If a static setProperty callback returns 'false', to indicate that the
-            property was not set, we no longer forward the set request up the class
-            chain, because that's almost certainly not what the programmer expected."
-
-        Returning false when setting a static property is a little silly, but you can see
-        it being useful when shadowing a base class's static properties, and, regardless
-        of usefullness, this is the defined behavior of the setProperty callback.
-        
-        - Plus a little ASCII art, for the kids.
-
-2006-07-17  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Maciej.
-
-        <rdar://problem/4634874> WebScriptObject and WebUndefined are no longer defined by WebKit
-
-        Moves WebScriptObject and WebUndefined up to WebCore.
-        This change does create an upwards-dependancy on WebScriptObject existing
-        in the loaded process, but this code path in JavaScriptCore does not get used
-        unless it is through WebKit/WebCore. Moving all of the binding code out of
-        JavaScriptCore might make sense in the future.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/objc/WebScriptObject.h: Replaced.
-        * bindings/objc/WebScriptObject.mm: Removed.
-        * bindings/objc/WebScriptObjectPrivate.h: Removed.
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::~ObjcInstance):
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (convertValueToObjcObject):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        (KJS::Bindings::createObjcInstanceForValue):
-
-2006-07-17  Darin Adler  <darin@apple.com>
-
-        * API/JSBase.h: Fix comment formatting where things used to be lined up but
-        are now ragged. Got rid of spaces that attempted to line things up.
-        * API/JSObjectRef.h: Ditto. Also add missing periods for a couple of comments.
-
-2006-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Removed the exception parameter from the initialize callback and, by extension,
-        JSObjectMake. We have never had a need for exceptions when iniitializing,
-        so the parameter seemed likely to "get in the way." 
-        
-        Also, an exception in JavaScript is thrown in response to input -- 
-        "invalid URL", "index not a number", etc., so it's the job of the 
-        constructor function, not the initialize method, to throw.
-        
-        If initialize *really* wants to throw, it can communicate the throw to
-        the constructor through the constructed object's private data (e.g., set
-        it to NULL, signaling to the consntructor that initialization failed.)
-        
-        - Added JSObjectMakeWithData, which enables a constructor to set private
-        data on an object *before* it has been initialized. That way, the initialize
-        methods can properly operate on the data. 
-
-        * API/JSNode.c: Moved ref into the initialize method, for better encapsulation,
-        now that it's possible.
-        * API/JSNodeList.c: ditto
-        * API/minidom.c:
-        (main): Do more aggressive garbage collection to test ref/deref and 
-        initialize/finalize.
-        * API/minidom.js: store childNodes in a temporary so it doesn't get re-created
-        like a thousand times. This makes debugging ref/deref easier
-
-2006-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Changed the initialize callback to run from least derived class (parent
-        class) to most derived class. This enables C++ style initialization,
-        and derived class overriding of member data.
-        
-        - Added excpetion propopgation to JSObjectMake, to support initialize
-        exceptions, and generally round out our policy of making function
-        signatures as long as possible.
-
-        * API/JSCallbackObject.h: Use ExecState instead of ContextRef, cuz we're
-        in C++ land now.
-
-2006-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Changed JSObjectMakeConstructor to JSObjectMakeConstructorWithCallback,
-        to match JSObjectMakeFunctionWithCallback.
-        
-        - Added prototype parameter, so the generated constructor
-        automatically works with hasInstance / instanceof
-        
-        - Moved hasInstance implementation from InternalFunctionImp to JSObject
-        so that subclasses can inherit it without inheriting function-related baggage.
-        More refactoring here would be good, but this seems like a good short-term
-        solution.
-
-        (KJS::JSCallbackFunction::implementsHasInstance): override and return false,
-        because callback functions aren't constructors.
-
-2006-07-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - add a JSContextRef parameter to all JSValueRef, JSObjectRef, and JSContextRef operations;
-        except JSObject{Get,Set}PrivateData which can be assumed to be simple pure accessors.
-        
-        Also renamed the parameter "context" to "ctx" because it makes the code read better with this pervasive
-        but usually uninteresting parameter.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        (JSGarbageCollect):
-        * API/JSBase.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::JSCallbackObject):
-        (KJS::JSCallbackObject::init):
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::toNumber):
-        (KJS::JSCallbackObject::toString):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        (JSGlobalContextRetain):
-        (JSGlobalContextRelease):
-        (JSContextGetGlobalObject):
-        * API/JSContextRef.h:
-        * API/JSNode.c:
-        (JSNodePrototype_appendChild):
-        (JSNodePrototype_removeChild):
-        (JSNodePrototype_replaceChild):
-        (JSNode_getNodeType):
-        (JSNode_getFirstChild):
-        (JSNode_prototype):
-        * API/JSNodeList.c:
-        (JSNodeListPrototype_item):
-        (JSNodeList_length):
-        (JSNodeList_getProperty):
-        (JSNodeList_prototype):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectGetPrototype):
-        (JSObjectSetPrototype):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        (JSObjectIsConstructor):
-        (JSObjectCallAsConstructor):
-        (JSObjectCopyPropertyNames):
-        * API/JSObjectRef.h:
-        * API/JSStringRef.cpp:
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeUndefined):
-        (JSValueMakeNull):
-        (JSValueMakeBoolean):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * API/JSValueRef.h:
-        * API/minidom.c:
-        (print):
-        * API/testapi.c:
-        (MyObject_getProperty):
-        (MyObject_deleteProperty):
-        (MyObject_callAsFunction):
-        (MyObject_callAsConstructor):
-        (MyObject_convertToType):
-        (print_callAsFunction):
-        (main):
-
-2006-07-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Approved by Maciej, RS by Beth.
-        
-        JSObjectMakeFunction -> JSObjectMakeFunctionWithCallback
-        JSObjectMakeFunctionWithBody -> JSObjectMakeFunction
-        
-        because the latter is more common, and more fundamental, than the former.
-
-        * API/APICast.h:
-        (toJS):
-        * API/JSBase.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::getPropertyNames):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClass::~OpaqueJSClass):
-        * API/JSClassRef.h:
-        * API/JSObjectRef.cpp:
-        (JSClassCreate):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeFunction):
-        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
-        (JSObjectCopyPropertyNames):
-        * API/JSObjectRef.h:
-        * API/minidom.c:
-        (main):
-        * API/testapi.c:
-        (main):
-        * ChangeLog:
-        * JavaScriptCore.exp:
-
-2006-07-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Laughed at by Beth.
-        
-        Replace __JS with OpaqueJS because the former, while used by CF, is
-        a prefix that's triply-reserved by the compiler. (_* is reserved in global 
-        names, _[A-Z] is reserved in all names, and __ is reserved in all names 
-        in C++.)
-        
-        Opaque is an alternative used by other Mac OS X framewokrs.
-
-        * API/APICast.h:
-        (toJS):
-        * API/JSBase.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::getPropertyNames):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClass::~OpaqueJSClass):
-        * API/JSClassRef.h:
-        * API/JSObjectRef.cpp:
-        (JSClassCreate):
-        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
-        (JSObjectCopyPropertyNames):
-
-2006-07-16  Darin Adler  <darin@apple.com>
-
-        - try to fix Windows build
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Added some recently added files, removed some recently removed.
-
-2006-07-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Change getProperty* to return undefined, rather than NULL, for missing
-        properties, since that's what the spec says. Also added exception out
-        parameters to the *Index functions, because they can call through to the
-        regular functions, which can throw for custom objects.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectGetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (main):
-
-2006-07-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Properly document and handle NULL callbacks for static properties. We
-        throw an exception in any case other than a ReadOnly property with a NULL
-        setProperty callback, because a NULL callback almost certainly indicates 
-        a programming error. Also throw an exception if hasProperty returns true
-        for a property that getProperty can't get.
-        
-        - If a static setProperty callback returns 'false', to indicate that the
-        property was not set, we no longer forward the set request up the class
-        chain, because that's almost certainly not what the programmer expected.
-
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        * API/JSObjectRef.h:
-        * API/minidom.js:
-        * API/testapi.c:
-        (MyObject_hasProperty):
-        * API/testapi.js:
-
-2006-07-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Added names to functions.
-        
-        - Removed GetPrivate/SetPrivate from callbackFunctions and callbackConstructors.
-        The private data idiom is that a JS object stores its native implementation
-        as private data. For functions and constructors, the native implementation is nothing
-        more than the callback they already store, so supporting private data, too,
-        confuses the idiom. If you *really* want, you can still create a custom 
-        function with private data.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::JSCallbackFunction):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        (JSObjectMakeFunctionWithBody):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        * API/JSObjectRef.h:
-        * API/minidom.c:
-        (main):
-        * API/testapi.c:
-        (main):
-
-2006-07-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - switch property lists to be vector+set of Identifiers instead of list of References
-        
-        This has the following benefits:
-        
-        - no duplicates in property lists
-        - simplifies API calls
-        - probably more efficient, since linked list is gone
-        - entirely removed Reference, ReferenceList and ProtectedReference types from the API
-
-        * kjs/PropertyNameArray.cpp: Added.
-        (KJS::PropertyNameArray::add): Check set, if not already there, add to
-        vector.
-        * kjs/PropertyNameArray.h: Added.
-        (KJS::PropertyNameArray::PropertyNameArray): Newly added type, combines
-        a set and a vector to make a unique but ordered list of identifiers.
-        (KJS::PropertyNameArray::begin): ditto
-        (KJS::PropertyNameArray::end): ditto
-        (KJS::PropertyNameArray::size): ditto
-        (KJS::PropertyNameArray::operator[]): ditto
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstance::getPropertyNames): renamed from getPropertyList, updated
-        for PropertyNameArray
-        (ArrayInstance::setLength): updated for PropertyNameArray
-        (ArrayInstance::pushUndefinedObjectsToEnd): ditto
-        * kjs/nodes.cpp:
-        (ForInNode::execute): updated for PropertyNameArray
-        * kjs/nodes.h:
-        * kjs/object.cpp:
-        (KJS::JSObject::getPropertyNames): renamed from getPropertyList, updated
-        for PropertyNameArray
-        * kjs/object.h:
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::getEnumerablePropertyNames): updated for PropertyNameArray
-        (KJS::PropertyMap::getSparseArrayPropertyNames): ditto
-        * kjs/property_map.h:
-        * kjs/protected_reference.h: Removed.
-        * kjs/reference.cpp: Removed.
-        * kjs/reference.h: Removed.
-        * kjs/reference_list.cpp: Removed.
-        * kjs/reference_list.h: Removed.
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::print): Use PropertyNamesArray instead of ReferenceList.
-        * kjs/string_object.cpp:
-        (StringInstance::getPropertyNames): Updated for new approach.
-        * kjs/string_object.h:
-        * kjs/ustring.h:
-        * API/APICast.h:
-        (toJS): Added overload for PropertyNameAccumulatorRef / PropertyNameArray*
-        (toRef): ditto
-        * API/JSBase.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::getPropertyNames): Fixed for new API.
-        * API/JSCallbackObject.h:
-        * API/JSObjectRef.cpp:
-        (__JSPropertyNameArray::__JSPropertyNameArray): Type used for a publicly vended
-        JSPropertyNameArrayRef.
-        (JSObjectCopyPropertyNames): New API call - renamed / refactored from 
-        JSObjectCreatePropertyList
-        (JSPropertyNameArrayRetain): new retain call for JSPropertyNameArray.
-        (JSPropertyNameArrayRelease): new release call for - " -.
-        (JSPropertyNameArrayGetCount): Instead of having to use a stateful enumerator you
-        can now get the count and items in any order.
-        (JSPropertyNameArrayGetNameAtIndex): See above.
-        (JSPropertyNameAccumulatorAddName): What you add properties to is now an opaque 
-        accumulator object.
-        * API/JSObjectRef.h: Prototyped new functions, removed old ones
-        * JavaScriptCore.exp: Updated exported symbols.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files, removed old.
-        * API/testapi.c:
-        (MyObject_getPropertyNames): Renamed / fixed callback to fit new paradigm.
-        (main): Updated for new API.
-
-2006-07-15  Darin Adler  <darin@apple.com>
-
-        - oops, missed a few more arrays that had to be const
-
-        * API/JSNode.c:
-        (JSNodePrototype_appendChild): Added const.
-        (JSNodePrototype_removeChild): Ditto.
-        (JSNodePrototype_replaceChild): Ditto.
-        (JSNode_construct): Ditto.
-        * API/JSNodeList.c:
-        (JSNodeListPrototype_item): Ditto.
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithBody): Ditto.
-        (JSObjectCallAsFunction): Ditto.
-        (JSObjectCallAsConstructor): Ditto.
-        * API/minidom.c:
-        (print): Ditto.
-        * API/testapi.c:
-        (MyObject_callAsFunction): Ditto.
-        (MyObject_callAsConstructor): Ditto.
-        (print_callAsFunction): Ditto.
-        (myConstructor_callAsConstructor): Ditto.
-
-2006-07-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * API/JSNode.h: Made an array parameter const.
-        * API/JSObjectRef.h: Made array parameters const. Fixed a comment.
-
-2006-07-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - JSObjectMakeFunctionWithBody includes a function name and named parameters now.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithBody):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (assertEqualsAsUTF8String): More informative failure reporting.
-        (main): Test more function cases.
-
-2006-07-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-
-        - Moved the arguments passed to JSClassCreate into a single structure,
-        called JSClassDefinition. This will enable easier structure 
-        migration/versioning in the future, if necessary.
-        
-        - Added support for class names.
-        
-        - kJSClassDefinitionNull replaces kJSObjectCallbacksNone.
-        
-        - JSClass is becoming a fairly complex struct, so I migrated all of its
-        implementation other than reference counting to the sruct.
-        
-        - Also moved JSClass* functions in the API to JSObjectRef.cpp, since they're
-        declared in JSObjectRef.h
-        
-        - Also added some more informative explanation to the class structure doc.
-        
-2006-07-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=8395
-          <rdar://problem/4613467>
-          REGRESSION: RegEx seems broken for hex escaped non breaking space
-
-        Test: fast/js/regexp-extended-characters-more.html
-
-        * pcre/pcre_exec.c:
-        (match): Got rid of utf16Length local variable to guarantee there's no
-        extra stack usage in recursive calls. Fixed two places in the PCRE_UTF16
-        code that were using the length variable, which is the UTF-8 length of
-        a character in the pattern, to move in the UTF-16 subject string. Instead
-        they hardcode lengths of 1 and 2 since the code already handles BMP
-        characters and surrogate pairs separately. Also fixed some DPRINTF so
-        I could compile with DEBUG on.
-        (pcre_exec): Changed a place that was checking for multibyte characters
-        in the subject string to use ISMIDCHAR. Instead it was using hardcoded
-        logic that was right for UTF-8 but wrong for UTF-16.
-
-        * pcre/pcre_compile.c: (pcre_compile2): Fixed a DPRINTF so I could compile
-        with DEBUG on.
-
-2006-07-14  Geoffrey Garen  <ggaren@apple.com>
-
-        RS by Maciej.
-        
-        Global replace in the API of argc/argv with argumentCount/arguments.
-
-2006-07-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Finalized exception handling in the API.
-        
-        setProperty can throw because it throws for built-in arrays. getProperty
-        and deleteProperty can throw because setProperty can throw and we want
-        to be consistent, and also because they seem like "actions." callAsFunction,
-        callAsConstructor, and hasInstance can throw, because they caan throw for
-        all built-ins.
-        
-        toBoolean can't throw because it's defined that way in the spec.
-        
-        - Documented that toBoolean and toObject can't be overridden by custom 
-        objects because they're defined that way in the spec.
-
-=== Safari-521.17 ===
-
-2006-07-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Implemented ref-counting of JSContexts by splitting into two datatypes:
-        JSGlobalContext, which you can create/retain/release, and JSContext, which
-        you can't.
-        
-        Internally, you retain a JSGlobalContext/ExecState by retaining its
-        interpreter, which, in the case of a global ExecState, owns it.
-        
-        - Also made ~Interpreter() protected to catch places where Interpreter
-        is manually deleted. (Can't make it private because some crazy fool
-        decided it would be a good idea to subclass Interpreter in other frameworks.
-        I pity da fool.)
-
-        * API/APICast.h: 
-        (toJS): Added cast for new JSGlobalContext
-        * API/JSStringRef.h: Changed vague "you must" language to more specific
-        (but, ultimately, equally vague) "behavior is undefined if you don't" 
-        language.
-        (KJS::Interpreter::Interpreter): Factored more common initialization into
-        init()
-        * kjs/interpreter.h:
-        (KJS::Interpreter::ref): new
-        (KJS::Interpreter::deref): new
-        (KJS::Interpreter::refCount): new
-        * kjs/testkjs.cpp: 
-        (doIt): Ref-count the interpreter.
-
-2006-07-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - removed bool return value from JSObjectSetProperty, since it is inefficient and
-        also doesn't work quite right
-        - added JSObjectGetPropertyAtIndex and JSObjectSetPropertyAtIndex
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetProperty): Removed return value and canPut stuff.
-        (JSObjectGetPropertyAtIndex): Added.
-        (JSObjectSetPropertyAtIndex): Added.
-        * API/JSObjectRef.h: Prototyped and documented new functions.
-
-2006-07-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth.
-        
-        Moved JSCheckScriptSyntax, JSEvaluateScript, and JSGarbageCollect into
-        JSBase.h/.cpp. They don't belong in the value-specific or context-specific 
-        files because they're not part of the value or context implementations.
-
-        * API/JSBase.h:
-        * API/JSContextRef.cpp:
-        (JSContextGetGlobalObject):
-        * API/JSContextRef.h:
-        * API/JSValueRef.cpp:
-        (JSValueUnprotect):
-        * API/JSValueRef.h:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-13  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Maciej.
-
-        Moved JavaScriptCore to be a public framework.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-13  Mark Rowe  <opendarwin.org@bdash.net.nz>
-
-        Reviewed by Geoffrey.
-
-        http://bugs.webkit.org/show_bug.cgi?id=9742
-        Bug 9742: REGRESSION: WebKit hangs when loading <http://www.vtbook.com>
-
-        * kjs/value.h:
-        (KJS::JSValue::getUInt32): Only types tagged as numeric can be converted to UInt32.
-
-2006-07-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Pleasing to Maciej.
-        
-        - Renamed JSEvaluate -> JSEvaluateScript, JSCheckSyntax -> JSCheckScriptSyntax
-        - Added exception out parameters to JSValueTo* and JSValueIsEqual because
-        they can throw
-        - Removed JSObjectGetDescription because it's useless and vague, and 
-        JSValueToString/JSValueIsObjectOfClass do a better job, anyway
-        - Clarified comments about "IsFunction/Constructor" to indicate that they
-        are true of all functions/constructors, not just those created by JSObjectMake*
-
-2006-07-12  Geoffrey Garen  <ggaren@apple.com>
-
-        RS by Beth.
-        
-        Finished previously approved JSInternalString -> JSString conversion 
-        by renaming the files.
-
-        * API/JSCallbackObject.cpp:
-        * API/JSInternalStringRef.cpp: Removed.
-        * API/JSInternalStringRef.h: Removed.
-        * API/JSStringRef.cpp: Added.
-        * API/JSStringRef.h: Added.
-        * API/JavaScriptCore.h:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Removed context and exception parameters from JSObjectGetPropertyEnumerator,
-        removing the spurious use of ExecState inside JavaScriptCore that made
-        us think this was necessary in the first place.
-
-        (StringInstance::getPropertyList): Use getString instead of toString because
-        we know we're dealing with a string -- we put it there in the first place.
-        While we're at it, store the string's size instead of retrieving it each time 
-        through the loop, to avoid the unnecessary killing of puppies.
-        * kjs/string_object.h:
-
-2006-07-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - add handling of hasInstance callback for API objects
-
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::implementsHasInstance): Check if callback is present.
-        (KJS::JSCallbackObject::hasInstance): Invoke appropriate callback.
-        * API/JSCallbackObject.h:
-        * API/JSClassRef.cpp:
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (MyObject_hasInstance): Test case; should match what construct would do.
-        * API/testapi.js:
-
-2006-07-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Implemented a vast number of renames and comment clarifications 
-        suggested during API review.
-        
-        JSInternalString -> JSString
-        JS*Make -> JSValueMake*, JSObjectMake*
-        JSTypeCode -> JSType
-        JSValueIsInstanceOf -> JSValueIsInstanceOfConstructor (reads strangely well in client code)
-        JSGC*Protect -> JSValue*Protect
-        JS*Callback -> JSObject*Callback
-        JSGetPropertyListCallback -> JSObjectAddPropertiesToListCallback
-        JSPropertyEnumeratorGetNext -> JSPropertyEnumeratorGetNextName
-        JSString* -> 
-            JSStringCreateWithUTF8CString, JSStringGetUTF8CString,
-            JSStringGetMaximumUTF8CStringSize JSStringIsEqualToUTF8CString, 
-            JSStringCreateWithCFString, JSStringCopyCFString, JSStringCreateWithCharacters.
-        
-        - Changed functions taking a JSValue out arg and returning a bool indicating
-        whether it was set to simply return a JSValue or NULL.
-        
-        - Removed JSStringGetCharacters because it's more documentation than code,
-        and it's just a glorified memcpy built on existing API functionality.
-        
-        - Moved standard library includes into the headers that actually require them.
-        
-        - Standardized use of the phrase "Create Rule."
-        
-        - Removed JSLock from make functions that don't allocate.
-        
-        - Added exception handling to JSValueToBoolean, since we now allow
-        callback objects to throw exceptions upon converting to boolean.
-        
-        - Renamed JSGCCollect to JSGarbageCollect.
-
-2006-07-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-        
-        - Changed public header includes to the <JavaScriptCore/ style.
-        - Changed instances of 'buffer' to 'string' since we decided on
-        JSInternalString instead of JSStringBuffer.
-
-        * API/JSContextRef.h:
-        * API/JSInternalStringRef.cpp:
-        (JSStringMake):
-        (JSInternalStringRetain):
-        (JSInternalStringRelease):
-        (JSValueCopyStringValue):
-        (JSInternalStringGetLength):
-        (JSInternalStringGetCharactersPtr):
-        (JSInternalStringGetCharacters):
-        (JSInternalStringGetMaxLengthUTF8):
-        (JSInternalStringGetCharactersUTF8):
-        (CFStringCreateWithJSInternalString):
-        * API/JSInternalStringRef.h:
-        * API/JSNode.c:
-        (JSNodePrototype_appendChild):
-        (JSNode_getNodeType):
-        * API/JSObjectRef.cpp:
-        (JSObjectCallAsConstructor):
-        * API/JSValueRef.h:
-        * API/JavaScriptCore.h:
-        * API/minidom.c:
-        (main):
-        (print):
-        * API/testapi.c:
-        (MyObject_getPropertyList):
-        (myConstructor_callAsConstructor):
-        (main): I noticed that we were prematurely releasing some string buffers,
-        so I moved their release calls to the end of main(). I got rid of 'Buf' in *Buf
-        (sometimes changing to 'IString', when necessary to differentiate a variable) 
-        to match the buffer->string change.
-
-=== Safari-521.16 ===
-
-2006-07-10  Darin Adler  <darin@apple.com>
-
-        * kjs/value.cpp: (KJS::JSValue::toInt32Inline): Added inline keyword one more place.
-        Just in case.
-
-2006-07-10  Darin Adler  <darin@apple.com>
-
-        - fix the release build
-
-        * kjs/value.h:
-        * kjs/value.cpp:
-        (KJS::JSValue::toInt32Inline): Move the code here to an inline.
-        (KJS::JSValue::toInt32): Call the inline from both overloaded toInt32 functions.
-
-2006-07-10  David Kilzer  <ddkilzer@kilzer.net>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=9179
-          Implement select.options.add() method
-
-        * JavaScriptCore.exp: Added overloaded KJS::JSValue::toInt32() method.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Altered attributes metadata for
-        kjs/value.h to make it available as a forwarded header.
-        * kjs/lookup.h:
-        (KJS::lookupPut): Extracted a lookupPut() method from the existing lookupPut() method.
-        The new method returns a boolean value if no entry is found in the lookup table.
-        * kjs/value.cpp:
-        (KJS::JSValue::toInt32): Overloaded toInt32() method with boolean "Ok" argument.
-        * kjs/value.h: Ditto.
-
-2006-07-10  Geoffrey Garen  <ggaren@apple.com>
-
-        No review necessary. Removed bogus file I accidentally checked in before.
-
-        * API/JSInternalSringRef.h: Removed.
-
-2006-07-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-        
-        Added exception out parameter to API object callbacks, removed semi-bogus
-        JSContext(.*)Exception functions.
-        
-        To make these calls syntactically simple, I added an exceptionSlot()
-        method to the ExecState class, which provides a JSValue** slot in which to 
-        store a JSValue* exception.
-
-        * API/APICast.h:
-        (toRef):
-        * API/JSCallbackConstructor.cpp:
-        (KJS::JSCallbackConstructor::construct):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::init):
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::callAsFunction):
-        (KJS::JSCallbackObject::getPropertyList):
-        (KJS::JSCallbackObject::toBoolean):
-        (KJS::JSCallbackObject::toNumber):
-        (KJS::JSCallbackObject::toString):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        * API/JSContextRef.cpp:
-        (JSCheckSyntax):
-        * API/JSContextRef.h:
-        * API/JSNode.c:
-        (JSNodePrototype_appendChild):
-        (JSNodePrototype_removeChild):
-        (JSNodePrototype_replaceChild):
-        (JSNode_getNodeType):
-        (JSNode_getChildNodes):
-        (JSNode_getFirstChild):
-        (JSNode_construct):
-        * API/JSNode.h:
-        * API/JSNodeList.c:
-        (JSNodeListPrototype_item):
-        (JSNodeList_length):
-        (JSNodeList_getProperty):
-        * API/JSObjectRef.h:
-        * API/minidom.c:
-        (print):
-        * API/testapi.c:
-        (MyObject_initialize):
-        (MyObject_hasProperty):
-        (MyObject_getProperty):
-        (MyObject_setProperty):
-        (MyObject_deleteProperty):
-        (MyObject_getPropertyList):
-        (MyObject_callAsFunction):
-        (MyObject_callAsConstructor):
-        (MyObject_convertToType):
-        (print_callAsFunction):
-        (myConstructor_callAsConstructor):
-        (main):
-        * JavaScriptCore.exp:
-        * kjs/ExecState.h:
-        (KJS::ExecState::exceptionHandle):
-
-2006-07-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        Improved type safety by implementing opaque JSValue/JSObject typing through 
-        abuse of 'const', not void*. Also fixed an alarming number of bugs
-        exposed by this new type safety.
-        
-        I made one design change in JavaScriptCore, which is that the JSObject
-        constructor should take a JSValue* as its prototype argument, not a JSObject*,
-        since we allow the prototype to be any JSValue*, including jsNull(), for
-        example.
-        
-        * API/APICast.h:
-        (toJS):
-        * API/JSBase.h:
-        * API/JSCallbackConstructor.cpp:
-        (KJS::JSCallbackConstructor::construct):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::JSCallbackObject):
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::callAsFunction):
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        * API/JSCallbackObject.h:
-        * API/JSContextRef.cpp:
-        (JSEvaluate):
-        * API/JSNode.c:
-        (JSNodePrototype_appendChild):
-        (JSNodePrototype_removeChild):
-        (JSNodePrototype_replaceChild):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSFunctionMakeWithBody):
-        (JSObjectGetProperty):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (main):
-        * ChangeLog:
-        * kjs/object.h:
-        (KJS::JSObject::JSObject):
-
-2006-07-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Approved by Maciej, Darin.
-        
-        Renamed JSStringBufferRef to JSInternalStringRef. "Internal string" means the 
-        JavaScript engine's internal string representation, which is the most 
-        low-level and efficient representation to use when interfacing with JavaScript.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * API/JSBase.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        * API/JSContextRef.cpp:
-        (JSEvaluate):
-        (JSCheckSyntax):
-        * API/JSContextRef.h:
-        * API/JSInternalStringRef.cpp: Added.
-        (JSStringMake):
-        (JSInternalStringCreate):
-        (JSInternalStringCreateUTF8):
-        (JSInternalStringRetain):
-        (JSInternalStringRelease):
-        (JSValueCopyStringValue):
-        (JSInternalStringGetLength):
-        (JSInternalStringGetCharactersPtr):
-        (JSInternalStringGetCharacters):
-        (JSInternalStringGetMaxLengthUTF8):
-        (JSInternalStringGetCharactersUTF8):
-        (JSInternalStringIsEqual):
-        (JSInternalStringIsEqualUTF8):
-        (JSInternalStringCreateCF):
-        (CFStringCreateWithJSInternalString):
-        * API/JSInternalStringRef.h: Added.
-        * API/JSNode.c:
-        (JSNodePrototype_appendChild):
-        (JSNode_getNodeType):
-        (JSNode_getChildNodes):
-        (JSNode_getFirstChild):
-        * API/JSNodeList.c:
-        (JSNodeList_length):
-        (JSNodeList_getProperty):
-        * API/JSObjectRef.cpp:
-        (JSFunctionMakeWithBody):
-        (JSObjectGetDescription):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectDeleteProperty):
-        (JSPropertyEnumeratorGetNext):
-        (JSPropertyListAdd):
-        * API/JSObjectRef.h:
-        * API/JSStringBufferRef.cpp: Removed.
-        * API/JSStringBufferRef.h: Removed.
-        * API/JSValueRef.h:
-        * API/JavaScriptCore.h:
-        * API/minidom.c:
-        (main):
-        (print):
-        * API/testapi.c:
-        (assertEqualsAsUTF8String):
-        (assertEqualsAsCharactersPtr):
-        (assertEqualsAsCharacters):
-        (MyObject_hasProperty):
-        (MyObject_getProperty):
-        (MyObject_setProperty):
-        (MyObject_deleteProperty):
-        (MyObject_getPropertyList):
-        (print_callAsFunction):
-        (myConstructor_callAsConstructor):
-        (main):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-08  Tim Omernick  <timo@apple.com>
-
-        Reviewed by Maciej.
-
-        Added an OpenGL drawing model to the Netscape Plug-in API.
-
-        * bindings/npapi.h:
-
-2006-07-08  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Maciej.
-
-        Moved KJS_GetCreatedJavaVMs to jni_utility.cpp.
-        Switched KJS_GetCreatedJavaVMs over to use dlopen and dlsym
-        now that NSAddImage, NSLookupSymbolInImage and NSAddressOfSymbol
-        are deprecated in Leopard.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::KJS_GetCreatedJavaVMs):
-        * bindings/softlinking.c: Removed.
-        * bindings/softlinking.h: Removed.
-
-2006-07-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Anders.
-        
-        - Make JSObjectGetProperty return a JSValue or NULL, like JSEvaluate does.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectGetProperty):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (main):
-
-2006-07-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Style change -- no review necessary.
-        
-        Use 0 instead of NULL in API .cpp files, to match our style guidelines.
-
-        * API/JSContextRef.cpp:
-        (JSEvaluate):
-        * API/JSObjectRef.cpp:
-        (JSFunctionMakeWithBody):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * API/JSValueRef.cpp:
-        (JSValueToObject):
-
-2006-07-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by TimO.
-
-        - Added ability to pass NULL for thisObject when calling JSObjectCallAsFunction,
-        to match JSEvaluate.
-        
-        * API/JSObjectRef.cpp:
-        (JSObjectCallAsFunction):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (main):
-
-=== Safari-521.15 ===
-
-2006-07-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Standardized which functions take a JSContext as an argument. The rule is:
-        if you might execute JavaScript, you take a JSContext, otherwise you don't.
-        
-        The FIXME in JSObjectRef.h requires refactoring some parts of Interpreter,
-        but not API changes, so I'm putting it off until later.
-
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::JSCallbackObject):
-        (KJS::JSCallbackObject::init):
-        * API/JSCallbackObject.h:
-        * API/JSContextRef.cpp:
-        (JSContextCreate):
-        * API/JSContextRef.h:
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSPropertyEnumeratorGetNext):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (MyObject_initialize):
-        (main):
-        * JavaScriptCore.exp:
-        * kjs/array_object.cpp:
-        (ArrayInstance::setLength):
-        (ArrayInstance::pushUndefinedObjectsToEnd):
-        * kjs/nodes.cpp:
-        (ForInNode::execute):
-        * kjs/reference.cpp:
-        (KJS::Reference::getPropertyName):
-        (KJS::Reference::getValue):
-        * kjs/reference.h:
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::print):
-
-2006-07-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        More API action.
-        
-        - Headerdoc finished
-
-        Semantic Changes:
-        - Added a JSContextRef argument to many functions, because you need a 
-        JSContextRef for doing virtually anything. I expect to add this argument
-        to even more functions in a future patch.
-        
-        - Removed the globalObjectPrototype argument to JSContextCreate because
-        you can't create an object until you have a context, so it's impossible
-        to pass a prototype object to JSContextCreate. That's OK because (1) there's
-        no reason to give the global object a prototype and (2) if you really want
-        to, you can just use a separate call to JSObjectSetPrototype.
-        
-        - Removed the JSClassRef argument to JSClassCreate because it was unnecessary,
-        and you need to be able to make the global object's class before you've
-        created a JSContext.
-        
-        - Added an optional exception parameter to JSFunctionMakeWithBody because anything
-        less would be uncivilized.
-        
-        - Made the return value parameter to JSObjectGetProperty optional to match
-        all other return value parameters in the API.
-        
-        - Made JSObjectSetPrivate/JSObjectGetPrivate work on JSCallbackFunctions
-        and JSCallbackConstructors. You could use an abstract base class or strategic
-        placement of m_privateData in the class structure to implement this, but 
-        the former seemed like overkill, and the latter seemed too dangerous.
-        
-        - Fixed a bug where JSPropertyEnumeratorGetNext would skip the first property.
-
-        Cosmetic Changes:
-        - Reversed the logic of the JSChar #ifdef to avoid confusing headerdoc
-        
-        - Removed function names from @function declarations because headeroc
-        can parse them automatically, and I wanted to rule out manual mismatch.
-
-        - Changed Error::create to take a const UString& instead of a UString*
-        because it was looking at me funny.
-        
-        - Renamed JSStringBufferCreateWithCFString to JSStringBufferCreateCF
-        because the latter is more concise and it matches JSStringBufferCreateUTF8.
-        
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::getPropertyList):
-        (KJS::JSCallbackObject::toBoolean):
-        (KJS::JSCallbackObject::toNumber):
-        (KJS::JSCallbackObject::toString):
-        * API/JSClassRef.cpp:
-        (JSClassCreate):
-        * API/JSContextRef.cpp:
-        (JSContextCreate):
-        (JSContextSetException):
-        * API/JSContextRef.h:
-        * API/JSNode.c:
-        (JSNodePrototype_class):
-        (JSNode_class):
-        * API/JSNodeList.c:
-        (JSNodeListPrototype_class):
-        (JSNodeList_class):
-        * API/JSObjectRef.cpp:
-        (JSObjectGetProperty):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        (JSPropertyEnumeratorGetNext):
-        * API/JSObjectRef.h:
-        * API/JSStringBufferRef.cpp:
-        (JSStringBufferCreateCF):
-        * API/JSStringBufferRef.h:
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOf):
-        * API/JSValueRef.h:
-        * API/minidom.c:
-        (main):
-        * API/minidom.js:
-        * API/testapi.c:
-        (MyObject_hasProperty):
-        (MyObject_setProperty):
-        (MyObject_deleteProperty):
-        (MyObject_getPropertyList):
-        (MyObject_convertToType):
-        (MyObject_class):
-        (main):
-        * JavaScriptCore.exp:
-
-2006-07-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John.
-        
-        - Fixed a few crashes resulting from NULL parameters to JSClassCreate.
-
-        * API/JSClassRef.cpp:
-        (JSClassCreate):
-        (JSClassRelease):
-        * API/testapi.c: Added test for NULL parameters.
-        (main):
-
-2006-07-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John, mocked by Darin.
-        
-        - Changed JSEvaluate to take a JSObjectRef instead of a JSValueRef as
-        "this," since "this" must be an object.
-
-        * API/JSContextRef.cpp:
-        (JSEvaluate):
-        * API/JSContextRef.h:
-
-2006-07-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John.
-        
-        - More headerdoc
-
-        * API/JSBase.h:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-05  Geoffrey Garen  <ggaren@apple.com>
-
-        RS by Beth.
-        
-        Renamed JSCharBufferRef, which was universally unpopular, to JSStringBufferRef,
-        which, hopefully, will be less unpopular.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * API/JSBase.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        * API/JSCharBufferRef.cpp: Removed.
-        * API/JSCharBufferRef.h: Removed.
-        * API/JSContextRef.cpp:
-        (JSEvaluate):
-        (JSCheckSyntax):
-        * API/JSContextRef.h:
-        * API/JSNode.c:
-        (JSNodePrototype_appendChild):
-        (JSNode_getNodeType):
-        (JSNode_getChildNodes):
-        (JSNode_getFirstChild):
-        * API/JSNodeList.c:
-        (JSNodeList_length):
-        (JSNodeList_getProperty):
-        * API/JSObjectRef.cpp:
-        (JSFunctionMakeWithBody):
-        (JSObjectGetDescription):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectDeleteProperty):
-        (JSPropertyEnumeratorGetNext):
-        (JSPropertyListAdd):
-        * API/JSObjectRef.h:
-        * API/JSStringBufferRef.cpp: Added.
-        (JSStringMake):
-        (JSStringBufferCreate):
-        (JSStringBufferCreateUTF8):
-        (JSStringBufferRetain):
-        (JSStringBufferRelease):
-        (JSValueCopyStringValue):
-        (JSStringBufferGetLength):
-        (JSStringBufferGetCharactersPtr):
-        (JSStringBufferGetCharacters):
-        (JSStringBufferGetMaxLengthUTF8):
-        (JSStringBufferGetCharactersUTF8):
-        (JSStringBufferIsEqual):
-        (JSStringBufferIsEqualUTF8):
-        (JSStringBufferCreateWithCFString):
-        (CFStringCreateWithJSStringBuffer):
-        * API/JSStringBufferRef.h: Added.
-        * API/JSValueRef.h:
-        * API/JavaScriptCore.h:
-        * API/minidom.c:
-        (main):
-        (print):
-        * API/testapi.c:
-        (assertEqualsAsUTF8String):
-        (assertEqualsAsCharactersPtr):
-        (assertEqualsAsCharacters):
-        (MyObject_hasProperty):
-        (MyObject_getProperty):
-        (MyObject_setProperty):
-        (MyObject_deleteProperty):
-        (MyObject_getPropertyList):
-        (print_callAsFunction):
-        (myConstructor_callAsConstructor):
-        (main):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-05  Geoffrey Garen  <ggaren@apple.com>
-
-        RS by Beth.
-        
-        Moved some code around for more logical file separation.
-
-        * API/JSBase.h:
-        * API/JSContextRef.h:
-        * API/JSObjectRef.cpp:
-        * API/JSValueRef.cpp:
-        (JSValueToObject):
-        * API/JSValueRef.h:
-
-2006-07-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        Implemented JSFunctionMakeWithBody, which parses a script as a function body
-        in the global scope, and returns the resulting anonymous function.
-        
-        I also removed private data from JSCallbackFunction. It never worked,
-        since JSCallbackFunction doesn't inherit from JSCallbackObject.
-
-        * API/JSCallbackConstructor.cpp: Removed.
-        * API/JSCallbackConstructor.h: Removed.
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::JSCallbackFunction):
-        (KJS::JSCallbackFunction::implementsConstruct):
-        (KJS::JSCallbackFunction::construct):
-        (KJS::JSCallbackFunction::implementsCall):
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.cpp:
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSFunctionMake):
-        (JSFunctionMakeWithCallbacks):
-        * API/JSObjectRef.h:
-        * API/JSValueRef.h:
-        * API/minidom.c:
-        (main):
-        * API/testapi.c:
-        (main):
-        * JavaScriptCore.exp: Programmatically added all symbols exported by
-        API object files, and sorted results
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-07-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-
-        - Return syntax error in JSCheckSyntax through a JSValueRef* exception
-        argument
-        
-        * API/JSBase.h:
-        * API/JSContextRef.cpp:
-        (JSCheckSyntax):
-        * API/testapi.c:
-        (main):
-        * JavaScriptCore.exp:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::checkSyntax):
-        * kjs/interpreter.h:
-
-2006-07-04  Darin Adler  <darin@apple.com>
-
-        - fixed build
-
-        * wtf/MathExtras.h: Oops. Added missing #endif.
-
-2006-07-04  Bjoern Graf  <bjoern.graf@gmail.com>
-
-        Reviewed by Maciej.
-        Tweaked a bit by Darin.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=9678
-          work around MSVCRT's fmod function returning NaN for fmod(x, infinity) instead of x
-
-        * wtf/MathExtras.h: Added include of <float.h>.
-        (isinf): Fix to return false for NAN.
-        (wtf_fmod): Added. An inline that works around the bug.
-
-        * kjs/nodes.cpp:
-        * kjs/number_object.cpp:
-        * kjs/operations.cpp:
-        * kjs/value.cpp:
-        Added includes of MathExtras.h to all files using fmod.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Let Xcode 2.3 have its way with
-        the project.
-
-2006-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-        
-        - Refined value conversions in the API:
-            - failed toNumber returns NaN
-            - failed toObject returns NULL
-            - failed toString returns empty string
-        
-        - Refined excpetion handling in the API:
-            - failed value conversions do not throw exceptions
-            - uncaught exceptions in JSEvaluate, JSObjectCallAsFunction, and 
-              JSObjectCallAsConstructor are returned through a JSValueRef* exception
-              argument
-            - removed JSContextHasException, because JSContextGetException does
-              the same job
-            
-        * API/JSBase.h:
-        * API/JSCharBufferRef.cpp:
-        (JSValueCopyStringValue):
-        * API/JSContextRef.cpp:
-        (JSEvaluate):
-        * API/JSContextRef.h:
-        * API/JSNodeList.c: Added test code demonstrating how you would use
-        toNumber, and why you probably don't need toUInt32, etc.
-        (JSNodeListPrototype_item):
-        (JSNodeList_getProperty):
-        * API/JSObjectRef.cpp:
-        (JSValueToObject):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * API/JSObjectRef.h:
-        * API/JSValueRef.cpp:
-        (JSValueToNumber):
-        * API/JSValueRef.h:
-        * API/minidom.c:
-        (main):
-        * API/testapi.c:
-        (main): Added tests for new rules, and call to JSGCProtect to fix Intel 
-        crash
-        * JavaScriptCore.exp:
-
-2006-07-03  Darin Adler  <darin@apple.com>
-
-        - Rolled out HashMap implementation of NPRuntime, at least temporarily.
-
-        Fixes hang in the bindings section of layout tests seen on the
-        buildbot.
-
-        This code was using HashMap<const char*, PrivateIdentifier*>.
-        But that hashes based on pointer identity, not string value.
-        The default hash for any pointer type is to hash based on the pointer.
-        And WTF doesn't currently have a string hash for char*.
-        We'll need to fix that before re-landing this patch.
-
-        (Formatting was also incorrect -- extra spaces in parentheses.)
-
-        * bindings/npruntime.cpp: Rolled out last change.
-
-2006-07-02  Justin Haygood  <jhaygood@spsu.edu>
-
-        Reviewed, tweaked, landed by ggaren.
-
-        - Port NPRuntime from CFDictionary to HashMap.
-
-        * bindings/npruntime.cpp:
-        (getStringIdentifierDictionary):
-        (getIntIdentifierDictionary):
-        (_NPN_GetStringIdentifier):
-        (_NPN_GetIntIdentifier):
-        * bindings/npruntime.h:
-
-2006-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adele.
-        
-        - Fixed <rdar://problem/4611197> REGRESSION: Liveconnect with Java test 
-        fails at http://www-sor.inria.fr/~dedieu/notes/liveconnect/simple_example.html
-
-        * JavaScriptCore.exp: Export symbols used by liveconnect
-
-2006-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Phase 2 in the JS API.
-        
-        - Added support for specifying static tables of values -- this should
-        obviate the need for using complicated callbacks for most lookups.
-        
-        -  API objects are now created with classes (JSClassRef) -- in order to support
-        static values, and in order to prevent API objects from storing their
-        data inline, and thus falling into the oversized (read: slow and prone to
-        giving Maciej the frowny face) heap.
-        
-        - Added two specialized JSObject subclasses -- JSCallbackFunction and JSCallbackConstructor -- 
-        to allow JSFunctionMake and JSConstructorMake to continue to work with
-        the new class model. Another solution to this problem would be to create
-        a custom class object for each function and constructor you make. This
-        solution is more code but also more efficient.
-        
-        - Substantially beefed up the minidom example to demonstrate and test a
-        lot of these techniques. Its output is still pretty haphazard, though.
-        
-        - Gave the <kjs/ preface to some includes -- I'm told this matters to
-        building on some versions of Linux.
-        
-        - Implemented JSValueIsInstanceOf and JSValueIsObjectOfClass
-        
-        - Removed GetDescription callback. Something in the class datastructure
-        should take care of this.
-
-        * API/JSBase.h:
-        * API/JSCallbackConstructor.cpp: Added.
-        (KJS::):
-        (KJS::JSCallbackConstructor::JSCallbackConstructor):
-        (KJS::JSCallbackConstructor::implementsConstruct):
-        (KJS::JSCallbackConstructor::construct):
-        (KJS::JSCallbackConstructor::setPrivate):
-        (KJS::JSCallbackConstructor::getPrivate):
-        * API/JSCallbackConstructor.h: Added.
-        (KJS::JSCallbackConstructor::classInfo):
-        * API/JSCallbackFunction.cpp: Added.
-        (KJS::):
-        (KJS::JSCallbackFunction::JSCallbackFunction):
-        (KJS::JSCallbackFunction::implementsCall):
-        (KJS::JSCallbackFunction::callAsFunction):
-        (KJS::JSCallbackFunction::setPrivate):
-        (KJS::JSCallbackFunction::getPrivate):
-        * API/JSCallbackFunction.h: Added.
-        (KJS::JSCallbackFunction::classInfo):
-        * API/JSCallbackObject.cpp:
-        (KJS::):
-        (KJS::JSCallbackObject::JSCallbackObject):
-        (KJS::JSCallbackObject::init):
-        (KJS::JSCallbackObject::~JSCallbackObject):
-        (KJS::JSCallbackObject::className):
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::implementsConstruct):
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::implementsCall):
-        (KJS::JSCallbackObject::callAsFunction):
-        (KJS::JSCallbackObject::getPropertyList):
-        (KJS::JSCallbackObject::toBoolean):
-        (KJS::JSCallbackObject::toNumber):
-        (KJS::JSCallbackObject::toString):
-        (KJS::JSCallbackObject::inherits):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        * API/JSCallbackObject.h:
-        * API/JSCharBufferRef.cpp:
-        * API/JSClassRef.cpp: Added.
-        (JSClassCreate):
-        (JSClassRetain):
-        (JSClassRelease):
-        * API/JSClassRef.h: Added.
-        (StaticValueEntry::StaticValueEntry):
-        (StaticFunctionEntry::StaticFunctionEntry):
-        (__JSClass::__JSClass):
-        * API/JSContextRef.cpp:
-        (JSContextCreate):
-        (JSEvaluate):
-        * API/JSContextRef.h:
-        * API/JSNode.c: Added.
-        (JSNodePrototype_appendChild):
-        (JSNodePrototype_removeChild):
-        (JSNodePrototype_replaceChild):
-        (JSNodePrototype_class):
-        (JSNode_getNodeType):
-        (JSNode_getChildNodes):
-        (JSNode_getFirstChild):
-        (JSNode_finalize):
-        (JSNode_class):
-        (JSNode_prototype):
-        (JSNode_new):
-        (JSNode_construct):
-        * API/JSNode.h: Added.
-        * API/JSNodeList.c: Added.
-        (JSNodeListPrototype_item):
-        (JSNodeListPrototype_class):
-        (JSNodeList_length):
-        (JSNodeList_getProperty):
-        (JSNodeList_finalize):
-        (JSNodeList_class):
-        (JSNodeList_prototype):
-        (JSNodeList_new):
-        * API/JSNodeList.h: Added.
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSFunctionMake):
-        (JSConstructorMake):
-        (__JSPropertyEnumerator::__JSPropertyEnumerator):
-        (JSObjectCreatePropertyEnumerator):
-        (JSPropertyEnumeratorGetNext):
-        (JSPropertyEnumeratorRetain):
-        (JSPropertyEnumeratorRelease):
-        * API/JSObjectRef.h:
-        (__JSObjectCallbacks::):
-        * API/JSValueRef.cpp:
-        (JSValueIsObjectOfClass):
-        (JSValueIsInstanceOf):
-        * API/JSValueRef.h:
-        * API/Node.c: Added.
-        (Node_new):
-        (Node_appendChild):
-        (Node_removeChild):
-        (Node_replaceChild):
-        (Node_ref):
-        (Node_deref):
-        * API/Node.h: Added.
-        * API/NodeList.c: Added.
-        (NodeList_new):
-        (NodeList_length):
-        (NodeList_item):
-        (NodeList_ref):
-        (NodeList_deref):
-        * API/NodeList.h: Added.
-        * API/minidom.c:
-        (main):
-        (print):
-        (createStringWithContentsOfFile):
-        * API/minidom.js:
-        * API/testapi.c:
-        (assertEqualsAsCharacters):
-        (MyObject_getProperty):
-        (MyObject_class):
-        (myConstructor_callAsConstructor):
-        (main):
-        * API/testapi.js:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-06-26  Kevin Ollivier  <kevino@theolliviers.com>
-        
-        Reviewed and tweaked by Darin.
-
-        - Compile fixes for wx port / gcc 4.0.2
-
-        * kjs/array_object.cpp:
-        Added missing headers. 
-
-        * kjs/ExecState.h:
-        gcc needs class prototypes before defining those classes as friend classes
-
-2006-06-30  Mike Emmel  <mike.emmel@gmail.com>
-
-        Reviewed by Darin.
-
-        Compilation fixes for Linux/Gdk.
-
-        * JavaScriptCore/kjs/interpreter.cpp: added include of signal.h
-        * JavaScriptCore/kjs/ExecState.h: added missing class declaration 
-        * JavaScriptCore/kjs/ExecState.cpp: case wrong on include of context.h 
-        * JavaScriptCore/JavaScriptCoreSources.bkl: added Context.cpp and ExecState.cpp
-
-=== Safari-521.14 ===
-
-2006-06-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - add headerdoc comments to some of the new JS API headers
-
-        * API/JSBase.h:
-        * API/JSValueRef.h:
-
-2006-06-28  Timothy Hatcher  <timothy@apple.com>
-
-        Prefer the Stabs debugging symbols format until DWARF bugs are fixed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-06-27  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Tim O.
-
-        <rdar://problem/4448350> Deprecated ObjC language API used in JavaScriptCore, WebCore, WebKit and WebBrowser
-
-        Switch to the new ObjC 2 API, ifdefed the old code around OBJC_API_VERSION so it still works on Tiger.
-        Removed the use of the old stringWithCString, switched to the new Tiger version that accepts an encoding.
-        Lots of code style cleanup.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::~ObjcClass):
-        (KJS::Bindings::_createClassesByIsAIfNecessary):
-        (KJS::Bindings::ObjcClass::classForIsA):
-        (KJS::Bindings::ObjcClass::name):
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        (KJS::Bindings::ObjcClass::fieldNamed):
-        (KJS::Bindings::ObjcClass::fallbackObject):
-        * bindings/objc/objc_header.h:
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::ObjcInstance):
-        (ObjcInstance::~ObjcInstance):
-        (ObjcInstance::operator=):
-        (ObjcInstance::begin):
-        (ObjcInstance::end):
-        (ObjcInstance::getClass):
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-        (ObjcInstance::setValueOfField):
-        (ObjcInstance::supportsSetValueOfUndefinedField):
-        (ObjcInstance::setValueOfUndefinedField):
-        (ObjcInstance::getValueOfField):
-        (ObjcInstance::getValueOfUndefinedField):
-        (ObjcInstance::defaultValue):
-        (ObjcInstance::stringValue):
-        (ObjcInstance::numberValue):
-        (ObjcInstance::booleanValue):
-        (ObjcInstance::valueOf):
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcMethod::ObjcMethod):
-        (ObjcMethod::name):
-        (ObjcMethod::getMethodSignature):
-        (ObjcMethod::setJavaScriptName):
-        (ObjcField::name):
-        (ObjcField::type):
-        (ObjcField::valueFromInstance):
-        (convertValueToObjcObject):
-        (ObjcField::setValueToInstance):
-        (ObjcArray::operator=):
-        (ObjcArray::setValueAt):
-        (ObjcArray::valueAt):
-        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-        (ObjcFallbackObjectImp::callAsFunction):
-        (ObjcFallbackObjectImp::defaultValue):
-
-2006-06-28  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-
-        http://bugs.webkit.org/show_bug.cgi?id=8636
-        REGRESSION: JavaScript access to Java applet causes hang (_webViewURL not implemented)
-
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        Just pass nil as the calling URL. This will cause the Java plugin to use the URL of the page
-        containing the applet (which is what we used to do).
-
-2006-06-27  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4406785> Add an export file to TOT JavaScriptCore like the Safari-2-0-branch
-
-        * JavaScriptCore.exp: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-06-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adele.
-        
-        - Added JSConstructorMake to match JSFunctionMake, along with test code.
-        
-        [ I checked in the ChangeLog before without the actual files. ]
-
-        * API/JSObjectRef.cpp:
-        (JSConstructorMake):
-        * API/JSObjectRef.h:
-        * API/testapi.c:
-        (myConstructor_callAsConstructor):
-        (main):
-        * API/testapi.js:
-        * ChangeLog:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Moved testapi.c to the testapi
-        target -- this was an oversight in my earlier check-in.
-
-2006-06-25  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        Bug 9574: Drosera should show inline scripts within the original HTML
-        http://bugs.webkit.org/show_bug.cgi?id=9574
-
-        Pass the starting line number and error message to the debugger.
-
-        * kjs/debugger.cpp:
-        (Debugger::sourceParsed):
-        * kjs/debugger.h:
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-
-2006-06-24  Alexey Proskuryakov  <ap@nypop.com>
-
-        Rubber-stamped by Eric.
-
-        Add a -h (do not follow symlinks) option to ln in derived sources build script (without it,
-        a symlink was created inside the source directory on second build).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-06-24  David Kilzer  <ddkilzer@kilzer.net>
-
-        Reviewed by Timothy.
-
-        * Info.plist: Fixed copyright to include 2003-2006.
-
-2006-06-24  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=9418
-        WebKit will not build when Space exists in path
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Enclose search paths in quotes; create symlinks to 
-        avoid passing paths with spaces to make.
-
-2006-06-23  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        Adding more operator[] overloads for long and short types.
-
-        * wtf/Vector.h:
-        (WTF::Vector::operator[]):
-
-=== JavaScriptCore-521.13 ===
-
-2006-06-22  Alexey Proskuryakov  <ap@nypop.com>
-
-        Build fix.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=9539
-        Another case error preventing build
-
-        * API/JSObjectRef.cpp: Changed "identifier.h" to "Identifier.h"
-        
-2006-06-22  David Kilzer  <ddkilzer@kilzer.net>
-
-        Build fix.
-
-        http://bugs.webkit.org/show_bug.cgi?id=9539
-        Another case error preventing build
-
-        * API/APICast.h: Changed "UString.h" to "ustring.h".
-
-2006-06-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed release build, fixed accidental infinite recursion due to
-        last minute global replace gone awry.
-        
-        * API/APICast.h:
-        (toRef):
-        * API/testapi.c:
-        (assertEqualsAsBoolean):
-        (assertEqualsAsNumber):
-        (assertEqualsAsUTF8String):
-        (assertEqualsAsCharactersPtr):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-06-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Anders.
-        
-        - First cut at C API to JavaScript. Includes a unit test, 'testapi.c', 
-        and the outline of a test app, 'minidom.c'.
-        
-        Includes one change to JSC internals: Rename propList to getPropertyList and have it
-        take its target property list by reference so that subclasses can
-        add properties to the list before calling through to their superclasses.
-        
-        Also, I just ran prepare-ChangeLog in about 10 seconds, and I would like
-        to give a shout-out to that.
-        
-        * API/APICast.h: Added.
-        (toJS):
-        (toRef):
-        * API/JSBase.h: Added.
-        * API/JSCallbackObject.cpp: Added.
-        (KJS::):
-        (KJS::JSCallbackObject::JSCallbackObject):
-        (KJS::JSCallbackObject::~JSCallbackObject):
-        (KJS::JSCallbackObject::className):
-        (KJS::JSCallbackObject::getOwnPropertySlot):
-        (KJS::JSCallbackObject::put):
-        (KJS::JSCallbackObject::deleteProperty):
-        (KJS::JSCallbackObject::implementsConstruct):
-        (KJS::JSCallbackObject::construct):
-        (KJS::JSCallbackObject::implementsCall):
-        (KJS::JSCallbackObject::callAsFunction):
-        (KJS::JSCallbackObject::getPropertyList):
-        (KJS::JSCallbackObject::toBoolean):
-        (KJS::JSCallbackObject::toNumber):
-        (KJS::JSCallbackObject::toString):
-        (KJS::JSCallbackObject::setPrivate):
-        (KJS::JSCallbackObject::getPrivate):
-        (KJS::JSCallbackObject::cachedValueGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        * API/JSCallbackObject.h: Added.
-        (KJS::JSCallbackObject::classInfo):
-        * API/JSCharBufferRef.cpp: Added.
-        (JSStringMake):
-        (JSCharBufferCreate):
-        (JSCharBufferCreateUTF8):
-        (JSCharBufferRetain):
-        (JSCharBufferRelease):
-        (JSValueCopyStringValue):
-        (JSCharBufferGetLength):
-        (JSCharBufferGetCharactersPtr):
-        (JSCharBufferGetCharacters):
-        (JSCharBufferGetMaxLengthUTF8):
-        (JSCharBufferGetCharactersUTF8):
-        (JSCharBufferIsEqual):
-        (JSCharBufferIsEqualUTF8):
-        (JSCharBufferCreateWithCFString):
-        (CFStringCreateWithJSCharBuffer):
-        * API/JSCharBufferRef.h: Added.
-        * API/JSContextRef.cpp: Added.
-        (JSContextCreate):
-        (JSContextDestroy):
-        (JSContextGetGlobalObject):
-        (JSEvaluate):
-        (JSCheckSyntax):
-        (JSContextHasException):
-        (JSContextGetException):
-        (JSContextClearException):
-        (JSContextSetException):
-        * API/JSContextRef.h: Added.
-        * API/JSObjectRef.cpp: Added.
-        (JSValueToObject):
-        (JSObjectMake):
-        (JSFunctionMake):
-        (JSObjectGetDescription):
-        (JSObjectGetPrototype):
-        (JSObjectSetPrototype):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectDeleteProperty):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        (JSObjectIsConstructor):
-        (JSObjectCallAsConstructor):
-        (__JSPropertyListEnumerator::__JSPropertyListEnumerator):
-        (JSObjectCreatePropertyEnumerator):
-        (JSPropertyEnumeratorGetNext):
-        (JSPropertyEnumeratorRetain):
-        (JSPropertyEnumeratorRelease):
-        (JSPropertyListAdd):
-        * API/JSObjectRef.h: Added.
-        * API/JSValueRef.cpp: Added.
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSUndefinedMake):
-        (JSNullMake):
-        (JSBooleanMake):
-        (JSNumberMake):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSGCProtect):
-        (JSGCUnprotect):
-        (JSGCCollect):
-        * API/JSValueRef.h: Added.
-        * API/JavaScriptCore.h: Added.
-        * API/minidom.c: Added.
-        (main):
-        * API/minidom.html: Added.
-        * API/minidom.js: Added.
-        * API/testapi.c: Added.
-        (assertEqualsAsBoolean):
-        (assertEqualsAsNumber):
-        (assertEqualsAsUTF8String):
-        (assertEqualsAsCharactersPtr):
-        (assertEqualsAsCharacters):
-        (MyObject_initialize):
-        (MyObject_copyDescription):
-        (MyObject_hasProperty):
-        (MyObject_getProperty):
-        (MyObject_setProperty):
-        (MyObject_deleteProperty):
-        (MyObject_getPropertyList):
-        (MyObject_callAsFunction):
-        (MyObject_callAsConstructor):
-        (MyObject_convertToType):
-        (MyObject_finalize):
-        (print_callAsFunction):
-        (main):
-        (createStringWithContentsOfFile):
-        * API/testapi.js: Added.
-        * ChangeLog:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/npruntime_impl.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstance::getPropertyList):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-        * kjs/nodes.cpp:
-        (ForInNode::execute):
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-        (KJS::JSObject::canPut):
-        (KJS::JSObject::deleteProperty):
-        (KJS::JSObject::propertyIsEnumerable):
-        (KJS::JSObject::getPropertyAttributes):
-        (KJS::JSObject::getPropertyList):
-        * kjs/object.h:
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::get):
-        * kjs/property_map.h:
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::print):
-        * kjs/string_object.cpp:
-        (StringInstance::getPropertyList):
-        * kjs/string_object.h:
-        * kjs/ustring.h:
-        (KJS::UString::Rep::ref):
-
-2006-06-20  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Geoff.
-
-        Make sure we clear the exception before returning so
-        that future calls will not fail because of an earlier
-        exception state. Assert on entry that the WebScriptObject
-        is working with an ExecState that dose not have an exception. 
-        Document that evaluateWebScript and callWebScriptMethod return
-        WebUndefined when an exception is thrown.
-
-        * bindings/objc/WebScriptObject.h:
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject removeWebScriptKey:]):
-        (-[WebScriptObject webScriptValueAtIndex:]):
-        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
-
-2006-06-19  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by John.
-
-        * kjs/interpreter.cpp:
-        (KJS::TimeoutChecker::pauseTimeoutCheck):
-        (KJS::TimeoutChecker::resumeTimeoutCheck):
-        Fix argument order in setitimer calls.
-
-2006-06-18  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-
-        * kjs/interpreter.cpp:
-        (KJS::TimeoutChecker::pauseTimeoutCheck):
-        Do nothing if the timeout check hasn't been started.
-        
-        (KJS::TimeoutChecker::resumeTimeoutCheck):
-        Do nothing if the timeout check hasn't been started.
-        Use the right signal handler when unblocking.
-        
-        (KJS::Interpreter::handleTimeout):
-        pause/resume the timeout check around the call to
-        shouldInterruptScript().
-        
-2006-06-16  Ben Goodger <beng@google.com>
-        
-        Reviewed by Maciej
-
-        http://bugs.webkit.org/show_bug.cgi?id=9491
-        Windows build breaks in interpreter.cpp 
-
-        * kjs/interpreter.cpp
-        (KJS::TimeoutChecker::pauseTimeoutCheck):
-        (KJS::TimeoutChecker::resumeTimeoutCheck):
-        Make sure to only assert equality with s_executingInterpreter when it 
-        is being used (i.e. when HAVE(SYS_TIME_H) == true)
-
-2006-06-17  David Kilzer  <ddkilzer@kilzer.net>
-
-        Reviewed by darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=9477
-        REGRESSION: fast/dom/replaceChild.html crashes on WebKit ToT in debug build
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction): Refetch the debugger after executing the function
-        in case the WebFrame it was running in has since been destroyed.
-
-2006-06-17  David Kilzer  <ddkilzer@kilzer.net>
-
-        Reviewed by ggaren.
-
-        http://bugs.webkit.org/show_bug.cgi?id=9476
-        REGRESSION: Reproducible crash after closing window after viewing
-        css2.1/t0803-c5501-imrgn-t-00-b-ag.html
-
-        * kjs/debugger.cpp:
-        (Debugger::detach): Call setDebugger(0) for all interpreters removed from
-        the 'attached to a debugger' list.
-
-2006-06-17  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Maciej and Geoff.
-
-        http://bugs.webkit.org/show_bug.cgi?id=7080
-        Provide some way to stop a JavaScript infinite loop
-        
-        * kjs/completion.h:
-        (KJS::):
-        Add Interrupted completion type.
-        
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::GlobalFuncImp::callAsFunction):
-        Only set the exception on the new ExecState if the current one has had one.
-        
-        * kjs/interpreter.cpp:
-        (KJS::TimeoutChecker::startTimeoutCheck):
-        (KJS::TimeoutChecker::stopTimeoutCheck):
-        (KJS::TimeoutChecker::alarmHandler):
-        (KJS::TimeoutChecker::pauseTimeoutCheck):
-        (KJS::TimeoutChecker::resumeTimeoutCheck):
-        New TimeoutChecker class which handles setting Interpreter::m_timedOut flag after a given
-        period of time. This currently only works on Unix platforms where setitimer and signals are used.
-        
-        (KJS::Interpreter::Interpreter):
-        Initialize new member variables.
-        
-        (KJS::Interpreter::~Interpreter):
-        Destroy the timeout checker.
-        
-        (KJS::Interpreter::startTimeoutCheck):
-        (KJS::Interpreter::stopTimeoutCheck):
-        (KJS::Interpreter::pauseTimeoutCheck):
-        (KJS::Interpreter::resumeTimeoutCheck):
-        Call the timeout checker.
-        
-        (KJS::Interpreter::handleTimeout):
-        Called on timeout. Resets the m_timedOut flag and calls shouldInterruptScript.
-        
-        * kjs/interpreter.h:
-        (KJS::Interpreter::setTimeoutTime):
-        New function for setting the timeout time.
-        
-        (KJS::Interpreter::shouldInterruptScript):
-        New function. The idea is that this should be overridden by subclasses in order to for example
-        pop up a dialog asking the user if the script should be interrupted.
-        
-        (KJS::Interpreter::checkTimeout):
-        New function which checks the m_timedOut flag and calls handleTimeout if it's set.
-        
-        * kjs/nodes.cpp:
-        (DoWhileNode::execute):
-        (WhileNode::execute):
-        (ForNode::execute):
-        Call Interpreter::checkTimeout after each iteration of the loop.
-
-2006-06-15  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Geoff and Darin.
-        
-        Prefer the DWARF debugging symbols format for use in Xcode 2.3.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-06-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth.
-        
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=9438
-        Someone broke ToT: cannot build
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/runtime_root.h: Changed "Interpreter.h" to "interpreter.h"
-
-2006-06-12  Geoffrey Garen  <ggaren@apple.com>
-
-        build fix
-        
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject throwException:]): Restore assignment I accidentally
-        deleted in previous commit
-
-2006-06-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by TimO, Maciej.
-        
-        - Merged InterpreterImp code into Interpreter, which implements
-        all interpreter functionality now. This is part of my continuing quest
-        to create an external notion of JS "execution context" that is unified and simple --
-        something to replace the mix of Context, ContextImp, ExecState, Interpreter,
-        InterpreterImp, and JSRun.
-        
-        All tests pass. Leaks test has not regressed from its baseline ~207 leaks
-        with ~3460 leaked nodes.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject throwException:]):
-        * bindings/runtime_root.cpp:
-        * bindings/runtime_root.h:
-        * kjs/Context.cpp:
-        (KJS::Context::Context):
-        * kjs/ExecState.cpp: Added.
-        (KJS::ExecState::lexicalInterpreter):
-        * kjs/ExecState.h: Added.
-        (KJS::ExecState::dynamicInterpreter):
-        * kjs/SavedBuiltins.h: Added.
-        * kjs/bool_object.cpp:
-        (BooleanPrototype::BooleanPrototype):
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        (KJS::Collector::numInterpreters):
-        * kjs/context.h:
-        * kjs/debugger.cpp:
-        (Debugger::attach):
-        (Debugger::detach):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (KJS::interpreterMap):
-        (KJS::Interpreter::Interpreter):
-        (KJS::Interpreter::init):
-        (KJS::Interpreter::~Interpreter):
-        (KJS::Interpreter::globalObject):
-        (KJS::Interpreter::initGlobalObject):
-        (KJS::Interpreter::globalExec):
-        (KJS::Interpreter::checkSyntax):
-        (KJS::Interpreter::evaluate):
-        (KJS::Interpreter::builtinObject):
-        (KJS::Interpreter::builtinFunction):
-        (KJS::Interpreter::builtinArray):
-        (KJS::Interpreter::builtinBoolean):
-        (KJS::Interpreter::builtinString):
-        (KJS::Interpreter::builtinNumber):
-        (KJS::Interpreter::builtinDate):
-        (KJS::Interpreter::builtinRegExp):
-        (KJS::Interpreter::builtinError):
-        (KJS::Interpreter::builtinObjectPrototype):
-        (KJS::Interpreter::builtinFunctionPrototype):
-        (KJS::Interpreter::builtinArrayPrototype):
-        (KJS::Interpreter::builtinBooleanPrototype):
-        (KJS::Interpreter::builtinStringPrototype):
-        (KJS::Interpreter::builtinNumberPrototype):
-        (KJS::Interpreter::builtinDatePrototype):
-        (KJS::Interpreter::builtinRegExpPrototype):
-        (KJS::Interpreter::builtinErrorPrototype):
-        (KJS::Interpreter::builtinEvalError):
-        (KJS::Interpreter::builtinRangeError):
-        (KJS::Interpreter::builtinReferenceError):
-        (KJS::Interpreter::builtinSyntaxError):
-        (KJS::Interpreter::builtinTypeError):
-        (KJS::Interpreter::builtinURIError):
-        (KJS::Interpreter::builtinEvalErrorPrototype):
-        (KJS::Interpreter::builtinRangeErrorPrototype):
-        (KJS::Interpreter::builtinReferenceErrorPrototype):
-        (KJS::Interpreter::builtinSyntaxErrorPrototype):
-        (KJS::Interpreter::builtinTypeErrorPrototype):
-        (KJS::Interpreter::builtinURIErrorPrototype):
-        (KJS::Interpreter::mark):
-        (KJS::Interpreter::interpreterWithGlobalObject):
-        (KJS::Interpreter::saveBuiltins):
-        (KJS::Interpreter::restoreBuiltins):
-        * kjs/interpreter.h:
-        (KJS::Interpreter::setCompatMode):
-        (KJS::Interpreter::compatMode):
-        (KJS::Interpreter::firstInterpreter):
-        (KJS::Interpreter::nextInterpreter):
-        (KJS::Interpreter::prevInterpreter):
-        (KJS::Interpreter::debugger):
-        (KJS::Interpreter::setDebugger):
-        (KJS::Interpreter::setContext):
-        (KJS::Interpreter::context):
-        * kjs/nodes.cpp:
-        (StatementNode::hitStatement):
-        (RegExpNode::evaluate):
-        * kjs/protect.h:
-
-2006-06-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - Have *.lut.h files #include lookup.h to eliminate surprising header
-        include order dependency.
-
-        * DerivedSources.make:
-        * kjs/array_object.cpp:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        (KJS::DateProtoFunc::):
-        * kjs/lexer.cpp:
-        * kjs/math_object.cpp:
-        * kjs/number_object.cpp:
-        * kjs/regexp_object.cpp:
-        * kjs/string_object.cpp:
-
-2006-06-10  Geoffrey Garen  <ggaren@apple.com>
-
-        - http://bugs.webkit.org/show_bug.cgi?id=8515
-        Linux porting compile bug
-        
-        Fix by Mike Emmel, Reviewed by Darin.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-        * wtf/Platform.h:
-
-2006-06-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix -- I think :).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/context.h:
-
-2006-06-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Eric (yay!).
-        
-        - Removed Context wrapper for ContextImp, renamed ContextImp to Context,
-        split Context into its own file -- Context.cpp -- renamed _var to m_var,
-        change ' *' to '* '.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/Context.cpp: Added.
-        (KJS::Context::Context):
-        (KJS::Context::~Context):
-        (KJS::Context::mark):
-        * kjs/context.h:
-        (KJS::Context::scopeChain):
-        (KJS::Context::variableObject):
-        (KJS::Context::setVariableObject):
-        (KJS::Context::thisValue):
-        (KJS::Context::callingContext):
-        (KJS::Context::activationObject):
-        (KJS::Context::currentBody):
-        (KJS::Context::function):
-        (KJS::Context::arguments):
-        (KJS::Context::pushScope):
-        (KJS::Context::seenLabels):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::FunctionImp::processParameters):
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::evaluate):
-        * kjs/internal.h:
-        (KJS::InterpreterImp::setContext):
-        (KJS::InterpreterImp::context):
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        (KJS::ExecState::context):
-        (KJS::ExecState::ExecState):
-        * kjs/nodes.cpp:
-        (currentSourceId):
-        (currentSourceURL):
-        (ThisNode::evaluate):
-        (ResolveNode::evaluate):
-        (FunctionCallResolveNode::evaluate):
-        (PostfixResolveNode::evaluate):
-        (DeleteResolveNode::evaluate):
-        (TypeOfResolveNode::evaluate):
-        (PrefixResolveNode::evaluate):
-        (AssignResolveNode::evaluate):
-        (VarDeclNode::evaluate):
-        (VarDeclNode::processVarDecls):
-        (DoWhileNode::execute):
-        (WhileNode::execute):
-        (ForNode::execute):
-        (ForInNode::execute):
-        (ContinueNode::execute):
-        (BreakNode::execute):
-        (ReturnNode::execute):
-        (WithNode::execute):
-        (SwitchNode::execute):
-        (LabelNode::execute):
-        (TryNode::execute):
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::evaluate):
-
-2006-06-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed API directory I prematurely/accidentally added.
-
-        * API: Removed.
-
-2006-06-05  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-
-        Reviewed and landed by Geoff.
-
-        - fix a regression in ecma_3/String/regress-104375.js
-
-        * kjs/string_object.cpp:
-        (substituteBackreferences): If a 2-digit back reference is out of range,
-        parse it as a 1-digit reference (followed by the other digit). This matches
-        Firefox's behavior.
-
-2006-06-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed By Maciej.
-        Darin already reviewed this change on the branch. See <rdar://problem/4317701>.
-        
-        - Fixed <rdar://problem/4291345> PCRE overflow in Safari JavaScriptCore
-
-        No test case because there's no behavior change.
-        
-        * pcre/pcre_compile.c:
-        (read_repeat_counts): Check for integer overflow / out of bounds
-
-2006-06-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by aliu.
-
-        - Changed CString length from int to size_t. We sould probably do this
-        for UString, too. (Darin, if you're reading this: Maciej said so.)
-        
-        * kjs/function.cpp:
-        (KJS::encode):
-        * kjs/ustring.cpp:
-        (KJS::CString::CString):
-        (KJS::operator==):
-        * kjs/ustring.h:
-        (KJS::CString::size):
-
-2006-06-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-        
-        - http://bugs.webkit.org/show_bug.cgi?id=9304
-        Minor cleanup in JavaScriptCore
-
-        * kjs/value.h: Removed redundant declarations
-
-2006-06-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - changed deleteAllValues so it can work on "const" collections
-          Deleting the values affects the values, not the pointers in the
-          collection, so it's legitimate to do it to a const collection,
-          and a case of that actually came up in the XPath code.
-
-        * wtf/HashMap.h:
-        (WTF::deleteAllPairSeconds): Use const iterators.
-        (WTF::deleteAllValues): Take const HashMap reference as a parameter.
-        * wtf/HashSet.h:
-        (WTF::deleteAllValues): Take const HashSet reference as a parameter,
-        and use const iterators.
-        * wtf/Vector.h:
-        (WTF::deleteAllValues): Take const Vector reference as a parameter.
-
-        - added more functions that are present in <math.h> on some platforms,
-          but not on others; moved here from various files in WebCore
-
-        * wtf/MathExtras.h:
-        (isinf): Added.
-        (isnan): Added.
-        (lround): Added.
-        (lroundf): Tweaked.
-        (round): Added.
-        (roundf): Tweaked.
-        (signbit): Added.
-
-2006-06-02  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-
-        Reviewed by ggaren.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=9234
-          Implement $&, $' and $` replacement codes in String.prototype.replace
-
-        Test: fast/js/string-replace-3.html
-
-        * kjs/string_object.cpp:
-        (substituteBackreferences): Added support for $& (matched substring),
-        $` (everything preceding matched substring), $' (everything following
-        matched substring) and 2-digit back references, and cleaned up a little.
-
-2006-06-02 Adele Peterson  <adele@apple.com>
-
-        Reviewed by Darin.
-
-        Set incremental linking to no. This seems to fix a build problem I was seeing
-        where dftables couldn't find a dll. 
-
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-
-2006-05-26  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fixes/tweaks
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-=== JavaScriptCore-521.11 ===
-
-2006-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by mjs.
-        
-        - JSC half of fix for <rdar://problem/4557926> TOT REGRESSSION: Crash
-        occurs when attempting to view image in slideshow mode at
-        http://d.smugmug.com/gallery/581716 ( KJS::IfNode::execute
-        (KJS::ExecState*) + 312)
-
-        On alternate threads, DOMObjects remain in the
-        ScriptInterpreter's cache because they're not collected. So, they
-        need an opportunity to mark their children.
-        
-        I'm not particularly happy with this solution because it fails to
-        resolve many outstanding issues with the DOM object cache. Since none
-        of those issues is a crasher or a serious compatibility concern,
-        and since the behavior of other browsers is not much to go on in this
-        case, I've filed <rdar://problem/4561439> about that, and I'm moving on 
-        with my life.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::mark):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::mark):
-        * kjs/interpreter.h:
-
-=== JavaScriptCore-521.10 ===
-
-2006-05-22  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Eric, Kevin and Geoff.
-
-        Merge open source build fixes. <rdar://problem/4555500>
-
-        * kjs/collector.cpp: look at the rsp register in x86_64 
-        (KJS::Collector::markOtherThreadConservatively):
-        * wtf/Platform.h: add x86_64 to the platform list
-
-2006-05-19  Anders Carlsson  <acarlsson@apple.com>
-
-        Reviewed by Geoff.
-
-        http://bugs.webkit.org/show_bug.cgi?id=8993
-        Support function declaration in case statements
-        
-        * kjs/grammar.y: Get rid of StatementList and use SourceElements instead.
-        
-        * kjs/nodes.cpp:
-        (CaseClauseNode::evalStatements):
-        (CaseClauseNode::processVarDecls):
-        (CaseClauseNode::processFuncDecl):
-        (ClauseListNode::processFuncDecl):
-        (CaseBlockNode::processFuncDecl):
-        (SwitchNode::processFuncDecl):
-        * kjs/nodes.h:
-        (KJS::CaseClauseNode::CaseClauseNode):
-        (KJS::ClauseListNode::ClauseListNode):
-        (KJS::ClauseListNode::getClause):
-        (KJS::ClauseListNode::getNext):
-        (KJS::ClauseListNode::releaseNext):
-        (KJS::SwitchNode::SwitchNode):
-        Add processFuncDecl for the relevant nodes.        
-
-        * kjs/nodes2string.cpp:
-        (CaseClauseNode::streamTo):
-        next got renamed to source.
-
-2006-05-17  George Staikos <staikos@kde.org>
-
-        Reviewed by Maciej, Alexey, and Eric.
-
-        * pcre/pcre_compile.c:
-        * pcre/pcre_get.c:
-        * pcre/pcre_exec.c:
-        * wtf/UnusedParam.h:
-        Use /**/ in .c files to compile with non-C99 and non-GCC compilers.
-
-        * kjs/testkjs.cpp:
-        Change include to <wtf/HashTraits.h> from "HashTraits.h" to avoid -I
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        Use correct parentheses and correct mask for utf-32 support.
-
-2006-05-17  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=8870
-        Crash typing in Yahoo auto-complete widget.
-
-        Test: fast/js/regexp-stack-overflow.html
-
-        * pcre/pcre-config.h: Define NO_RECURSE.
-
-2006-05-16  George Staikos <staikos@kde.org>
-
-        Reviewed by Maciej.
-
-        Fix some warnings and strict compilation errors.
-
-        * kjs/nodes.cpp: 
-        * kjs/value.cpp: 
-
-2006-05-15  Alexey Proskuryakov  <ap@nypop.com>
-
-        * make-generated-sources.sh: Changed to be executable and removed
-        text in the file generated by "svn diff".
-
-2006-05-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-
-        - Fixed <rdar://problem/4534904> please do not treat "debugger" as
-        a reserved word while parsing JavaScript (and other ECMA reserved
-        words) 
-
-        AKA 
-
-        http://bugs.webkit.org/show_bug.cgi?id=6179 
-        We treat "char" as a reserved word in JavaScript and firefox/IE do
-        not
-
-        (1) I unreserved most of the spec's "future reserved words" because 
-        they're not reserved in IE or FF. (Most, but not all, because IE
-        somewhat randomly *does* reserve a few of them.)
-        (2) I made 'debugger' a legitimate statement that acts like an empty
-        statement because FF and IE support it.
-        
-        * kjs/grammar.y:
-        * kjs/keywords.table:
-
-2006-05-15  Tim Omernick  <timo@apple.com>
-
-        Reviewed by John Sullivan.
-
-        Part of <rdar://problem/4466508> Add 64-bit support to the Netscape Plugin API
-
-        Added to the Netscape Plugin API the concept of "plugin drawing models".  The drawing model
-        determines the kind of graphics context created by the browser for the plugin, as well as 
-        the Mac types of various Netscape Plugin API data structures.
-
-        There is a drawing model to represent the old QuickDraw-based API.  It is used by default
-        if QuickDraw is available on the system, unless the plugin specifies another drawing model.
-
-        The big change is the addition of the CoreGraphics drawing model.  A plugin may request this
-        drawing model to obtain access to a CGContextRef for drawing, instead of a QuickDraw CGrafPtr.
-
-        * bindings/npapi.h:
-        Define NP_NO_QUICKDRAW when compiling 64-bit; there is no 64-bit QuickDraw.
-        Added NPNVpluginDrawingModel, NPNVsupportsQuickDrawBool, and NPNVsupportsCoreGraphicsBool
-        variables.
-        Added NPDrawingModel enumeration.  Currently the only drawing models are QuickDraw and
-        CoreGraphics.
-        NPRegion's type now depends on the drawing model specified by the plugin.
-        NP_Port is now only defined when QuickDraw is available.
-        Added NP_CGContext, which is the type of the NPWindow's "window" member in CoreGraphics mode.
-
-2006-05-13  Kevin M. Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Darin, landed by ap.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=8528
-          Bakefiles (and generated Makefiles) for wx and gdk ports
-
-        * make-generated-sources.sh: 
-        Added script to configure environment to run DerivedSources.make
-        
-        * JavaScriptCoreSources.bkl:
-        Added JavaScriptCore sources list for Bakefile.
-        
-        * jscore.bkl:
-        Bakefile used to generate JavaScriptCore project files 
-        (currently only used by wx and gdk ports)
-
-2006-05-09  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix Windows build.
-        Minor fixes to WTF headers.
-        
-        Reviewed by kevin.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Fix include dirs, paths to files. 
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Fix include dirs.
-        * wtf/Assertions.h: include Platform.h to get definition for COMPILER()
-        * wtf/Vector.h: include FastMalloc.h for definition of fastMalloc, fastFree
-
-2006-05-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Anders.
-        
-        - renamed kxmlcore to wtf
-        
-        kxmlcore --> wtf
-        KXMLCore --> WTF
-        KXC --> WTF
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/c/c_instance.cpp:
-        * bindings/objc/WebScriptObject.mm:
-        * kjs/JSImmediate.h:
-        * kjs/Parser.cpp:
-        * kjs/Parser.h:
-        * kjs/array_object.cpp:
-        * kjs/collector.cpp:
-        (KJS::Collector::registerThread):
-        * kjs/collector.h:
-        * kjs/config.h:
-        * kjs/function.cpp:
-        (KJS::isStrWhiteSpace):
-        * kjs/function.h:
-        * kjs/identifier.cpp:
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/lexer.cpp:
-        (Lexer::shift):
-        (Lexer::isWhiteSpace):
-        (Lexer::isIdentStart):
-        (Lexer::isIdentPart):
-        * kjs/lookup.cpp:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/number_object.cpp:
-        * kjs/object.h:
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-        * kjs/string_object.cpp:
-        (StringProtoFunc::callAsFunction):
-        * kjs/testkjs.cpp:
-        (testIsInteger):
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        * kxmlcore: Removed.
-        * kxmlcore/AlwaysInline.h: Removed.
-        * kxmlcore/Assertions.cpp: Removed.
-        * kxmlcore/Assertions.h: Removed.
-        * kxmlcore/FastMalloc.cpp: Removed.
-        * kxmlcore/FastMalloc.h: Removed.
-        * kxmlcore/FastMallocInternal.h: Removed.
-        * kxmlcore/Forward.h: Removed.
-        * kxmlcore/HashCountedSet.h: Removed.
-        * kxmlcore/HashFunctions.h: Removed.
-        * kxmlcore/HashMap.h: Removed.
-        * kxmlcore/HashSet.h: Removed.
-        * kxmlcore/HashTable.cpp: Removed.
-        * kxmlcore/HashTable.h: Removed.
-        * kxmlcore/HashTraits.h: Removed.
-        * kxmlcore/ListRefPtr.h: Removed.
-        * kxmlcore/Noncopyable.h: Removed.
-        * kxmlcore/OwnArrayPtr.h: Removed.
-        * kxmlcore/OwnPtr.h: Removed.
-        * kxmlcore/PassRefPtr.h: Removed.
-        * kxmlcore/Platform.h: Removed.
-        * kxmlcore/RefPtr.h: Removed.
-        * kxmlcore/TCPageMap.h: Removed.
-        * kxmlcore/TCSpinLock.h: Removed.
-        * kxmlcore/TCSystemAlloc.cpp: Removed.
-        * kxmlcore/TCSystemAlloc.h: Removed.
-        * kxmlcore/UnusedParam.h: Removed.
-        * kxmlcore/Vector.h: Removed.
-        * kxmlcore/VectorTraits.h: Removed.
-        * kxmlcore/unicode: Removed.
-        * kxmlcore/unicode/Unicode.h: Removed.
-        * kxmlcore/unicode/UnicodeCategory.h: Removed.
-        * kxmlcore/unicode/icu: Removed.
-        * kxmlcore/unicode/icu/UnicodeIcu.h: Removed.
-        * kxmlcore/unicode/posix: Removed.
-        * kxmlcore/unicode/qt3: Removed.
-        * kxmlcore/unicode/qt4: Removed.
-        * kxmlcore/unicode/qt4/UnicodeQt4.h: Removed.
-        * pcre/pcre_get.c:
-        * wtf: Added.
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_ThreadCache::Scavenge):
-        (WTF::do_malloc):
-        (WTF::do_free):
-        (WTF::TCMallocGuard::TCMallocGuard):
-        (WTF::malloc):
-        (WTF::free):
-        (WTF::calloc):
-        (WTF::cfree):
-        (WTF::realloc):
-        * wtf/FastMalloc.h:
-        * wtf/FastMallocInternal.h:
-        * wtf/Forward.h:
-        * wtf/HashCountedSet.h:
-        * wtf/HashFunctions.h:
-        * wtf/HashMap.h:
-        * wtf/HashSet.h:
-        * wtf/HashTable.cpp:
-        * wtf/HashTable.h:
-        * wtf/HashTraits.h:
-        * wtf/ListRefPtr.h:
-        * wtf/Noncopyable.h:
-        * wtf/OwnArrayPtr.h:
-        * wtf/OwnPtr.h:
-        * wtf/PassRefPtr.h:
-        * wtf/RefPtr.h:
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemAlloc):
-        * wtf/Vector.h:
-        * wtf/VectorTraits.h:
-        * wtf/unicode/UnicodeCategory.h:
-        * wtf/unicode/icu/UnicodeIcu.h:
-
-2006-05-08  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Tim O.
-
-        * bindings/npapi.h: do not define #pragma options align=mac68k if we are 64-bit
-
-2006-05-07  Darin Adler  <darin@apple.com>
-
-        Reviewed and landed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=8765
-        Random crashes on TOT since the form state change
-        
-        I haven't figured out how to construct a test for this, but this does seem to fix the
-        problem; Mitz mentioned that a double-destroy was occurring in these functions.
-        
-        * kxmlcore/HashMap.h: (KXMLCore::HashMap::remove): Use RefCounter::deref instead of calling
-        ~ValueType, because ~ValueType often results in a double-destroy, since the HashTable also
-        destroys the element based on the storage type. The RefCounter template correctly does work
-        only in cases where ValueType and ValueStorageType differ and this class is what's used
-        elsewhere for the same purpose; I somehow missed this case when optimizing HashMap.
-        * kxmlcore/HashSet.h: (KXMLCore::HashSet::remove): Ditto.
-        
-2006-05-05  Darin Adler  <darin@apple.com>
-
-        - http://bugs.webkit.org/show_bug.cgi?id=8722
-          IE compatibility fix in date parsing
-
-        * kjs/date_object.cpp: (KJS::parseDate): Merged change that George Staikos provided
-        from KDE 3.4.3 branch that allows day values of 0 and values that are > 1000.
-
-2006-05-04  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=8734
-        Would like a Vector::append that takes another Vector
-        
-        * kxmlcore/Vector.h:
-        (KXMLCore::::append):
-        New function that takes another array.
-
-2006-05-02  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by eric.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: set NDEBUG for release build
-        * kxmlcore/FastMalloc.cpp: Prevent USE_SYSTEM_MALLOC from being defined twice
-
-2006-05-02  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        * kxmlcore/HashMap.h:
-        (KXMLCore::::operator):
-        Return *this
-
-2006-05-01  Tim Omernick  <timo@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        <rdar://problem/4476875> Support printing for embedded Netscape plugins
-
-        * bindings/npapi.h:
-        Fixed struct alignment problem in our npapi.h.  Structs must be 68k-aligned on both pre-Mac OS X
-        and Mac OS X systems, as this is what plugins expect.
-
-2006-05-01  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Maciej.
-        
-        <rdar://problem/4308243> 8F36 Regression: crash in malloc_consolidate if you use a .PAC file
-
-        The original fix missed the oversized cell case. Added a test for "currentThreadIsMainThread || 
-        imp->m_destructorIsThreadSafe" where we collect oversized cells.
-
-        We don't have a way to test PAC files yet, so there's no test attached.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect): test the thread when we collect oversized cells
-
-2006-05-01  Tim Omernick  <timo@apple.com>
-
-        Reviewed by Adele.
-
-        <rdar://problem/4526114> REGRESSION (two days ago): LOG() just prints @ for NSObject substitutions
-
-        * kxmlcore/Assertions.cpp:
-        Changed sense of strstr("%@") check.  I already made the same fix to the WebBrowser assertions.
-
-2006-04-28  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by kdecker
-        
-        Actually apply the change that was reviewed insted of checking it in with an #if 0 (oops).
-
-        * kjs/testkjs.cpp:
-        (main): Suppress C runtime alerts
-
-2006-04-28  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by kdecker
-
-        Suppress error reporting dialog that blocks Javascript tests from completing.
-        
-        Real error is due to an overflow in the date/time handling functions that needs
-        to be addressed, but this will prevent the hang running the Javascript tests
-        on the build bot (along with the related changes).
-        
-        * kjs/testkjs.cpp:
-        (main): Suppress C runtime alerts
-
-2006-04-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej
-
-        - Minor fixups I discovered while working on the autogenerator.
-        
-        * kjs/lookup.cpp:
-        (findEntry): ASSERT that size is not 0, because otherwise we'll % by 0,
-        compute a garbage address, and possibly crash.
-        * kjs/lookup.h:
-        (cacheGlobalObject): Don't enumerate cached objects -- ideally, they
-        would be hidden entirely.
-
-2006-04-21  Kevin M. Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Darin.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=8507
-          Compilation fixes for building on gcc 4.0.2, and without precomp headers
-
-        * kjs/operations.h:
-        * kxmlcore/Assertions.cpp:
-        * kxmlcore/FastMalloc.cpp:
-        Added necessary headers to resolve compilation issues when not using
-        precompiled headers.
-        
-        * kjs/value.h: Declare the JSCell class before friend declaration  
-        to resolve compilation issues with gcc 4.0.2.
-        
-        * kxmlcore/Platform.h: Set Unicode support to use ICU on platforms
-        other than KDE (previously only defined for Win and Mac OS)
-                
-2006-04-18  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by ggaren.
-
-        Fix "new Function()" to correctly use lexical scoping.
-        Add ScopeChain::print() function for debugging.
-        <rdar://problem/4067864> REGRESSION (125-407): JavaScript failure on PeopleSoft REN Server
-
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::print):
-        * kjs/scope_chain.h:
-
-2006-04-14  James G. Speth  <speth@end.com>
-
-        Reviewed by Timothy.
-
-        Bug 8389: support for Cocoa bindings - binding an NSTreeController to the WebView's DOM
-        http://bugs.webkit.org/show_bug.cgi?id=8389
-
-        Adds a category to WebScriptObject with array accessors for KVC/KVO.
-
-        If super valueForKey: fails it will call valueForUndefinedKey:, which is
-        important because it causes the right behavior to happen with bindings using
-        the "Raises for Not Applicable Keys" flag and the "Not Applicable Placeholder"
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject count]):
-        (-[WebScriptObject objectAtIndex:]):
-        (-[WebUndefined description]): return "undefined"
-
-2006-04-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::initGlobalObject): Add the built-in object
-        prototype to the end of the global object's prototype chain instead of
-        just blowing away its existing prototype. We need to do this because
-        the window object has a meaningful prototype now.
-
-2006-04-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - fix testkjs to not show false-positive KJS::Node leaks in debug builds
-
-        * kjs/testkjs.cpp:
-        (doIt):
-        (kjsmain):
-
-2006-04-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-
-        Minor code cleanup -- passes all the JS tests.
-
-        * kjs/object_object.cpp:
-        (ObjectObjectImp::construct):
-        (ObjectObjectImp::callAsFunction):
-
-2006-04-11  Darin Adler  <darin@apple.com>
-
-        - another attempt to fix Windows build -- Vector in Forward.h was not working
-
-        * kxmlcore/Forward.h: Remove Vector.
-        * kxmlcore/Vector.h: Add back default arguments, remove include of
-        Forward.h.
-
-2006-04-11  Darin Adler  <darin@apple.com>
-
-        - try to fix Windows build -- HashForward.h was not working
-
-        * kxmlcore/HashForward.h: Removed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Remove HashForward.h.
-        * kjs/collector.h: Remove use of HashForward.h.
-        * kxmlcore/HashCountedSet.h: Remove include of HashForward.h, restore
-        default arguments.
-        * kxmlcore/HashMap.h: Ditto.
-        * kxmlcore/HashSet.h: Ditto.
-
-2006-04-11  David Harrison  <harrison@apple.com>
-
-        Reviewed by Darin.
-
-        - fixed clean build, broken by Darin's check-in
-
-        * kjs/date_object.cpp: Add needed include of lookup.h.
-        * kjs/regexp_object.cpp: Move include of .lut.h file below other includes.
-
-2006-04-10  Darin Adler  <darin@apple.com>
-
-        Rubber-stamped by John Sullivan.
-
-        - switched from a shell script to a makefile for generated files
-        - removed lots of unneeded includes
-        - added new Forward.h and HashForward.h headers that allow compiling with
-          fewer unneeded templates
-
-        * DerivedSources.make: Added.
-        * generate-derived-sources: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files, changed to use
-        DerivedSources.make.
-
-        * kxmlcore/Forward.h: Added.
-        * kxmlcore/HashForward.h: Added.
-
-        * kxmlcore/HashCountedSet.h: Include HashForward for default args.
-        * kxmlcore/HashMap.h: Ditto.
-        * kxmlcore/HashSet.h: Ditto.
-
-        * kjs/object.h:
-        * kjs/object.cpp:
-        Moved KJS_MAX_STACK into the .cpp file.
-
-        * bindings/NP_jsobject.cpp:
-        * bindings/c/c_instance.h:
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni/jni_utility.h:
-        * bindings/objc/WebScriptObject.mm:
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        * bindings/objc/objc_runtime.mm:
-        * bindings/objc/objc_utility.mm:
-        * bindings/runtime.h:
-        * bindings/runtime_array.cpp:
-        * bindings/runtime_array.h:
-        * bindings/runtime_method.cpp:
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        * bindings/runtime_root.h:
-        * kjs/JSImmediate.cpp:
-        * kjs/Parser.h:
-        * kjs/array_object.cpp:
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        * kjs/bool_object.h:
-        * kjs/collector.h:
-        * kjs/context.h:
-        * kjs/debugger.cpp:
-        * kjs/error_object.h:
-        * kjs/function_object.h:
-        * kjs/internal.h:
-        * kjs/lexer.cpp:
-        * kjs/math_object.cpp:
-        * kjs/math_object.h:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/number_object.cpp:
-        * kjs/number_object.h:
-        * kjs/object_object.cpp:
-        * kjs/operations.cpp:
-        * kjs/protected_reference.h:
-        * kjs/reference.h:
-        * kjs/reference_list.h:
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-        * kjs/testkjs.cpp:
-        * kjs/value.cpp:
-        * kjs/value.h:
-        * kxmlcore/HashTable.h:
-        * kxmlcore/ListRefPtr.h:
-        * kxmlcore/TCPageMap.h:
-        * kxmlcore/Vector.h:
-        Removed unneeded header includes.
-
-2006-04-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by eric.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=8284
-        prevent unnecessary entries in the "nodes with extra refs" hash table
-
-        This patch switches manually RefPtr exchange with use of
-        RefPtr::release to ensure that a node's ref count never tops 1
-        (in the normal case).
-
-        * kjs/nodes.cpp:
-        (BlockNode::BlockNode):
-        (CaseBlockNode::CaseBlockNode):
-        * kjs/nodes.h:
-        (KJS::ArrayNode::ArrayNode):
-        (KJS::ObjectLiteralNode::ObjectLiteralNode):
-        (KJS::ArgumentsNode::ArgumentsNode):
-        (KJS::VarStatementNode::VarStatementNode):
-        (KJS::ForNode::ForNode):
-        (KJS::CaseClauseNode::CaseClauseNode):
-        (KJS::FuncExprNode::FuncExprNode):
-        (KJS::FuncDeclNode::FuncDeclNode):
-
-2006-04-08  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        One more attempt - use reinterpret_cast, rather than static_cast.
-
-2006-04-08  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        An attempt to fix Win32 build - ICU uses wchar_t on Windows, so we need a type cast.
-
-        * kxmlcore/unicode/icu/UnicodeIcu.h:
-        (KXMLCore::Unicode::toLower):
-        (KXMLCore::Unicode::toUpper):
-
-2006-04-08  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=8264
-        toLowerCase and toUpperCase don't honor special mappings
-
-        Test: fast/js/string-capitalization.html
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added KXMLCore::Unicode headers to the project.
-        * icu/unicode/putil.h: Added (copied from WebCore).
-        * icu/unicode/uiter.h: Ditto.
-        * icu/unicode/ustring.h: Ditto.
-        * kjs/string_object.cpp:
-        (StringProtoFunc::callAsFunction): Use the new KXMLCore::Unicode::toUpper() and toLower().
-        * kjs/ustring.cpp: Removed unused (and evil) UChar::toLower() and toUpper().
-        * kjs/ustring.h: Ditto.
-
-        * kxmlcore/unicode/Unicode.h: Corrected capitalization of the word Unicode.
-        * kxmlcore/unicode/UnicodeCategory.h: Renamed include guard macro to match file name.
-
-        * kxmlcore/unicode/icu/UnicodeIcu.h:
-        (KXMLCore::Unicode::toLower): Work on strings, not individual characters. Use ICU root locale.
-        (KXMLCore::Unicode::toUpper): Ditto.
-        (KXMLCore::Unicode::isFormatChar): Use int32_t, which can hold a complete code point.
-        (KXMLCore::Unicode::isSeparatorSpace): Ditto.
-        (KXMLCore::Unicode::category): Ditto.
-        * kxmlcore/unicode/qt4/UnicodeQt4.h:
-        (KXMLCore::Unicode::toLower): Work on strings, not individual characters.
-        (KXMLCore::Unicode::toUpper): Ditto.
-        (KXMLCore::Unicode::isFormatChar): Use int32_t, which can hold a complete code point.
-        (KXMLCore::Unicode::isSeparatorSpace): Ditto.
-        (KXMLCore::Unicode::category): Ditto.
-
-        * tests/mozilla/ecma/String/15.5.4.12-1.js: Corrected expected results.
-        * tests/mozilla/ecma/String/15.5.4.12-5.js: Corrected expected results.
-
-2006-04-05  Darin Adler  <darin@apple.com>
-
-        - attempt to fix Windows build
-
-        * kxmlcore/HashMap.h: (KXMLCore::HashMap::remove): Use (*it). instead of it->.
-        * kxmlcore/HashSet.h: (KXMLCore::HashSet::remove): Ditto.
-
-2006-04-05  Darin Adler  <darin@apple.com>
-
-        - attempt to fix Windows build
-
-        * os-win32/stdint.h: Add int8_t, uint8_t, int64_t.
-
-2006-04-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix memory leak introduced by the previous change
-
-        * kxmlcore/HashTable.h: Specialize NeedsRef so that it correctly returns true when
-        the value in question is a pair where one of the pair needs a ref and the other
-        of the pair does not.
-
-2006-04-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - JavaScriptCore part of fix for http://bugs.webkit.org/show_bug.cgi?id=8049
-          StringImpl hash traits deleted value creates an init routine for WebCore
-          <rdar://problem/4442248> REGRESSION: WebCore has init routines (8049)
-
-        Change HashMap and HashSet implementation so they fold various types together.
-        This allows us to implement maps and sets that use RefPtr<WebCore::StringImpl>
-        and WebCore::String in terms of the underlying raw pointer type, and hence use
-        -1 for the deleted value.
-
-        * kxmlcore/HashTraits.h: Added a new type to HashTraits, StorageTraits, which is a
-        type to be used when storing a value that has the same layout as the type itself.
-        This is used only for non-key cases. In the case of keys, the hash function must also
-        be considered. Moved emptyValue out of GenericHashTraitsBase into GenericHashTraits.
-        Added a new bool to HashTraits, needsRef, which indicates whether the type needs
-        explicit reference counting. If the type itself has needsRef true, but the storage
-        type has needsRef false, then the HashSet or HashMap has to handle the reference
-        counting explicitly. Added hash trait specializations for all signed integer values
-        that give -1 as the deleted value. Gave all integers StorageTraits of the canonical
-        integer type of the same size so int and long will share code. Gave all pointers and
-        RefPtrs StorageTraits of the appropriately sized integer type. Removed redundant
-        TraitType and emptyValue definitions in the pointer specialization for HashTraits.
-        Added PairBaseHashTraits, which doesn't try to set up needsDestruction and deletedValue.
-        Useful for types where we don't want to force the existence of deletedValue, such as
-        the type of a pair in a HashMap which is not the actual storage type. Removed an
-        unneeded parameter from the DeletedValueAssigner template. Added HashKeyStorageTraits
-        template, which determines what type can be used to store a given hash key type with
-        a given hash function, and specialized it for pointers and RefPtr so that pointer
-        hash tables share an underlying HashTable that uses IntHash.
-
-        * kxmlcore/HashTable.h: Added HashTableConstIteratorAdapter, HashTableIteratorAdapter,
-        NeedsRef, RefCountManagerBase, RefCountManager, HashTableRefCountManagerBase, and
-        HashTableRefCountManager. All are used by both HashSet and HashMap to handle hash
-        tables where the type stored is not the same as the real value type.
-        
-        * kxmlcore/HashFunctions.h: Added a new struct named IntTypes that finds an
-        integer type given a sizeof value. Renamed pointerHash to intHash and made it
-        use overloading and take integer parameters. Added an IntHash struct which is
-        a hash function that works for integers. Changed PtrHash to call IntHash with
-        an appropriately sized integer. Made IntHash the default hash function for
-        many integer types. Made PtrHash the default hash function for RefPtr as well
-        as for raw pointers.
-
-        * kxmlcore/HashSet.h: Changed implementation to use a separate "storage type"
-        derived from the new traits. The HashTable will use the storage type and all
-        necessary translation and ref/deref is done at the HashSet level. Also reorganized
-        the file so that the HashSet is at the top and has no inline implementation inside
-        it so it's easy to read the interface to HashSet.
-
-        * kxmlcore/HashMap.h: Changed implementation to use a separate "storage type"
-        derived from the new traits. The HashTable will use the storage type and all
-        necessary translation and ref/deref is done at the HashMap level. Also reorganized
-        the file so that the HashMap is at the top and has no inline implementation inside
-        it so it's easy to read the interface to HashMap.
-
-        * kxmlcore/HashMapPtrSpec.h: Removed. Superceded by optimizations in HashMap itself.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Remove HashMapPtrSpec.h, resort files,
-        and also remove some unnecessary build settings from the aggregate target that
-        generates derived sources.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-
-2006-04-04  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        The Debug and Release frameworks are now built with install paths relative to the build products directory.
-        This removes the need for other projects to build with -framework WebCore and -framework JavaScriptCore. 
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-04-04  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by ggaren.
-
-        Fix win32 build.
-        Disable ASSERT redefinition warnings for now.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-        * kxmlcore/Assertions.h:
-
-2006-04-04  Bjrn Graf  <bjoern.graf@gmail.com>
-
-        Reviewed by ggaren & darin.  Landed by eseidel.
-
-        Integrate CURL version of gettimeofday
-        http://bugs.webkit.org/show_bug.cgi?id=7399
-        Disable crash report dialogs for testkjs.exe in Release mode
-        http://bugs.webkit.org/show_bug.cgi?id=8113
-
-        * kjs/testkjs.cpp:
-        (StopWatch::start):
-        (StopWatch::stop):
-        (StopWatch::getElapsedMS):
-        (main):
-        (kjsmain):
-
-2006-04-04  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        * kjs/number_object.cpp:
-        (NumberProtoFunc::callAsFunction): remove trunc() to fix win32.
-
-2006-03-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - fixed "toPrecision sometimes messes up the last digit on intel Macs"
-        http://bugs.webkit.org/show_bug.cgi?id=7748
-
-        * kjs/number_object.cpp:
-        (intPow10): Compute integer powers of 10 using exponentiation by squaring.
-        (NumberProtoFunc::callAsFunction): Use intPow10(n) in place of all pow(10.0, n),
-        plus a bit of refactoring.
-
-2006-04-03  Darin Adler  <darin@apple.com>
-
-        - tweak config.h and Platform.h to try to get buildbot working
-          (making some small changes at the same time)
-
-        * kjs/config.h: Removed now-unneeded HAVE_ICU.
-        * kxmlcore/Platform.h: Tweak how platform gets set up. Move all the
-        USE stuff to the end.
-
-2006-04-03  George Staikos   <staikos@opensource.apple.com>
-
-        Reviewed by Maciej.
-
-        Fix Win32 build breakage from previous commit, remove unused forward.
-
-2006-04-03  George Staikos   <staikos@opensource.apple.com>
-
-        Reviewed by Maciej.
-
-        Implement a unicode abstraction layer to make JavaScriptCore much more
-        easily ported to other platforms without having to take in libicu.  Also
-        makes the unicode related code easier to understand.
-
-2006-04-03  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Adele.
-
-        Fixes <rdar://problem/4498338> JavaScriptCore fails to compile for ppc64
-        Other 64 bit build fixes.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::markOtherThreadConservatively): test for __DARWIN_UNIX03 and use __r1
-        * kjs/dtoa.cpp:
-        (Bigint::): cast PRIVATE_mem to unsigned to prevent warning
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM): cast jniError to long to prevent format warning
-        (KJS::Bindings::getJNIEnv): cast jniError to long to prevent format warning
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::addNativeReference): cast CFDictionaryGetValue to unsigned long to prevent warning
-        (KJS::Bindings::removeNativeReference): cast CFDictionaryGetValue to unsigned long to prevent warning
-
-2006-03-31  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - <rdar://problem/4395622> API: WebScriptObject.h incorrectly reports that -isSelectorExcludedFromWebScript returns NO by default
-
-        * bindings/objc/WebScriptObject.h: Fixed comment.
-
-2006-03-31  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        A bit more code cleanup.
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant):
-        * bindings/objc/objc_runtime.mm:
-        (convertValueToObjcObject):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/interpreter.cpp:
-        (KJS::ExecState::lexicalInterpreter):
-        * kjs/interpreter.h:
-        * kjs/operations.cpp:
-        (KJS::equal):
-
-2006-03-30  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by anders.
-
-        Small code-style update.
-
-        * kjs/operations.cpp:
-        (KJS::isNaN):
-        (KJS::isInf):
-        (KJS::isPosInf):
-        (KJS::isNegInf):
-        (KJS::equal):
-        (KJS::strictEqual):
-        (KJS::relation):
-        (KJS::maxInt):
-        (KJS::minInt):
-        (KJS::add):
-        (KJS::mult):
-
-2006-03-31  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        Make sure the GetterSetterImp objects are marked as well.
-        
-        * kjs/internal.cpp:
-        (KJS::GetterSetterImp::mark):
-        Call JSCell::mark().
-
-2006-03-30  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by ggaren.
-
-        * kjs/nodes.h: Some various small style fixes.
-
-2006-03-30  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by ggaren.
-
-        Clean-up style issues in node.h, remove redundant initializations.
-
-        * kjs/nodes.h:
-        (KJS::StatementNode::evaluate):
-        (KJS::ArrayNode::ArrayNode):
-        (KJS::ObjectLiteralNode::ObjectLiteralNode):
-        (KJS::ArgumentsNode::ArgumentsNode):
-        (KJS::NewExprNode::NewExprNode):
-        (KJS::CaseClauseNode::CaseClauseNode):
-        (KJS::FuncDeclNode::FuncDeclNode):
-
-2006-03-30  Tim Omernick  <timo@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/4212626> REGRESSION: LIVECONNECT: JavaScript type for Java Strings is function,
-        not object
-
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::implementsCall):
-        New method.  Returns false by default.  Concrete subclasses can override this return true when
-        the bound object may be called as a function.
-        (KJS::Bindings::Instance::invokeDefaultMethod):
-        Since bound objects are no longer treated as functions by default, we can return jsUndefined()
-        here instead of in concrete subclasses that decide not to implement the default method
-        functionality.
-
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::implementsCall):
-        Don't assume that the bound object is a function; instead, let the object instance decide whether
-        it is callable.
-
-        * bindings/c/c_instance.h:
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::implementsCall):
-        The object is callable if its class has an invokeDefault function.
-
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::implementsCall):
-        The object is callable if the ObjC instance responds to -invokeDefaultMethodWithArguments:.
-
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_instance.cpp:
-        Moved bogus invokeDefaultMethod() to superclass.
-
-2006-03-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        - JavaScriptCore side of fix for <rdar://problem/4308243> 8F36 
-        Regression: crash in malloc_consolidate if you use a .PAC file
-
-        The crash was a result of threaded deallocation of thread-unsafe
-        objects. Pure JS objects are thread-safe because all JS execution
-        is synchronized through JSLock. However, JS objects that wrap WebCore 
-        objects are thread-unsafe because JS and WebCore execution are not 
-        synchronized.  That unsafety comes into play when the collector 
-        deallocates a JS object that wraps a WebCore object, thus causing the 
-        WebCore object to be deallocated.
-
-        The solution here is to have each JSCell know whether it is safe to
-        collect on a non-main thread, and to avoid collecting unsafe cells
-        when on a non-main thread.
-
-        We don't have a way to test PAC files yet, so there's no test
-        attached to this patch.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        (1) Added the test "currentThreadIsMainThread || 
-        imp->m_destructorIsThreadSafe". 
-
-        * kjs/protect.h:
-        (KJS::gcProtectNullTolerant):
-        (KJS::gcUnprotectNullTolerant):
-        * kjs/value.h:
-        (KJS::JSCell::JSCell): The bools here must be bitfields, otherwise
-        m_destructorIsThreadSafe becomes another whole word, ruining the
-        collector optimizations we've made based on the size of a JSObject.
-        * kxmlcore/FastMalloc.cpp:
-        (KXMLCore::currentThreadIsMainThread):
-        (KXMLCore::fastMallocRegisterThread):
-        * kxmlcore/FastMalloc.h:
-
-2006-03-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - change some code that resulted in init routines on Mac OS X -- if the framework has
-          init routines it will use memory and slow down applications that link with WebKit
-          even in cases where those applications don't use WebKit
-
-        * kjs/date_object.cpp: Changed constants that were derived by multiplying other constants
-        to use immediate numbers instead. Apparently, double constant expressions of the type we
-        had here are evaluated at load time.
-
-        * kjs/list.cpp: Can't use OwnArrayPtr in ListImp because of the global instances of
-        ListImp, so go back to using a plain old pointer.
-        (KJS::List::List): Set overflow to 0 when initializing ListImp.
-        (KJS::List::release): Replace a clear call with a delete and explicit set to 0.
-        (KJS::List::append): Use raw pointers, and do a delete [] instead of finessing it with
-        a swap of OwnArrayPtr.
-        (KJS::List::copyFrom): Remove now-unneeded get().
-        (KJS::List::copyTail): Ditto.
-
-        * kjs/ustring.cpp: Changed UString::Rep::empty initializer a bit so that it doesn't get
-        a static initializer routine. Had to get rid of one level of constant to get the compiler
-        to understand it could initialize without any code.
-
-        - added a build step that checks for init routines
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Deleted now-unused custom build rule that
-        was replaced by the generate-derived-sources script a while back. Added a custom build
-        phase that invokes the check-for-global-initializers script.
-
-2006-03-28  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Eric.
-
-        fixes <rdar://problem/4458539> Unable to include Security(public) and WebKit(private) headers
-
-        * bindings/npapi.h: added #defines after the #ifndefs
-
-2006-03-27  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Anders.
-        
-        - fixed <rdar://problem/4489745> REGRESSION: Safari crashes at to display http://www.lgphilips-lcd.com/
-
-        * kjs/nodes.cpp:
-        (Node::deref): take into account the case where the extra refcount table was never created
-
-2006-03-23  David Carson <dacarson@gmail.com>
-
-        Reviewed by Darin.
-        
-        - JSObject in LiveConnect not working.
-        http://bugs.webkit.org/show_bug.cgi?id=7917
-
-        * bindings/jni_jsobject.cpp:
-        (JavaJSObject::convertJObjectToValue): Was trying to retrieve the native pointer from the wrong base
-        class, and the GetFieldID was using the wrong signature.
-
-2006-03-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix buildbot
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Change target name to JavaScriptCore (it was "include"!?).
-        Also add -Y 3 option for linker.
-
-2006-03-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=7726
-          REGRESSION: orbitz calendar fails (JavaScript function serialization/parsing)
-
-        * kjs/object.h: Take function name, as well as source URL and line number, when
-        using the special overloaded construct for making functions.
-        * kjs/object.cpp: (KJS::JSObject::construct): Ditto.
-        * kjs/function_object.h: Ditto.
-        * kjs/function_object.cpp: (FunctionObjectImp::construct): Pass a name when
-        constructing the function rather than null. Use "anonymous" when making a
-        function using the default function constructor.
-
-        * kjs/nodes2string.cpp: (FuncDeclNode::streamTo): Put a line break just before
-        a function declaration.
-
-        - unrelated fix
-
-        * kxmlcore/HashMapPtrSpec.h: Add missing needed friend declaration.
-
-2006-03-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=7805
-          LEAK: method name leaks in KJS::Bindings::CInstance::invokeMethod
-
-        * bindings/c/c_utility.h: Remove NPN_UTF16FromString declaration (not implemented).
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant): Use DOUBLE_TO_NPVARIANT,
-        BOOLEAN_TO_NPVARIANT, VOID_TO_NPVARIANT, NULL_TO_NPVARIANT, and
-        OBJECT_TO_NPVARIANT. In the case of OBJECT, call _NPN_RetainObject in
-        one case and remove a _NPN_ReleaseObject in another because this
-        should return a retained value.
-        (KJS::Bindings::convertNPVariantToValue): Use NPVARIANT_TO_BOOLEAN,
-        NPVARIANT_TO_INT32, and NPVARIANT_TO_DOUBLE.
-
-        * bindings/c/c_runtime.h: Removed implementations of CMethod::name and
-        CField::name that called _NPN_UTF8FromIdentifier and hence leaked.
-        * bindings/c/c_runtime.cpp:
-        (KJS::Bindings::CMethod::name): Added. Returns the string from inside the
-        method object.
-        (KJS::Bindings::CField::name): Added. Returns the string from inside the
-        field object.
-        (KJS::Bindings::CField::valueFromInstance): Added call to _NPN_ReleaseVariantValue
-        on the result of getProperty after using it to fix a storage leak.
-        (KJS::Bindings::CField::setValueToInstance): Added call to _NPN_ReleaseVariantValue
-        after pasing a value to setProperty now that the conversion function does a retain.
-
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::invokeMethod): Changed to use Vector for a local
-        stack buffer. Removed special case for NPVARIANT_IS_VOID because the
-        convertNPVariantToValue function handles that properly.
-        (KJS::Bindings::CInstance::invokeDefaultMethod): Ditto.
-
-        * bindings/NP_jsobject.h: Formatting changes only.
-        * bindings/NP_jsobject.cpp:
-        (jsDeallocate): Changed parameter type so we don't need a function cast.
-        (_NPN_InvokeDefault): Use VOID_TO_NPVARIANT.
-        (_NPN_Invoke): Use NULL_TO_NPVARIANT and VOID_TO_NPVARIANT.
-        (_NPN_Evaluate): Use VOID_TO_NPVARIANT.
-        (_NPN_GetProperty): Use NULL_TO_NPVARIANT and VOID_TO_NPVARIANT.
-
-        * bindings/c/c_class.cpp: Formatting changes only.
-        * bindings/c/c_class.h: Formatting changes only.
-
-        * bindings/npruntime_priv.h: Removed obsolete and now-unused functions:
-        NPN_VariantIsVoid, NPN_VariantIsNull, NPN_VariantIsUndefined,
-        NPN_VariantIsBool, NPN_VariantIsInt32, NPN_VariantIsDouble,
-        NPN_VariantIsString, NPN_VariantIsObject, NPN_VariantToBool,
-        NPN_VariantToInt32, NPN_VariantToDouble, NPN_VariantToString,
-        NPN_VariantToStringCopy, NPN_VariantToObject, NPN_InitializeVariantAsVoid,
-        NPN_InitializeVariantAsNull, NPN_InitializeVariantAsUndefined,
-        NPN_InitializeVariantWithBool, NPN_InitializeVariantWithInt32,
-        NPN_InitializeVariantWithDouble, NPN_InitializeVariantWithString,
-        NPN_InitializeVariantWithObject, and NPN_InitializeVariantWithVariant.
-        * bindings/npruntime.cpp:
-        (getIntIdentifierDictionary): Don't bother creating custom callbacks for the
-        integer dictionary since the default behavior is fine for integers.
-
-2006-03-23  Mark Rowe  <opendarwin.org@bdash.net.nz>
-
-        Reviewed and landed by Maciej.
-
-        - WebKit no longer builds with bison 2.1
-        http://bugs.webkit.org/show_bug.cgi?id=7923
-
-        * generate-derived-sources:  Handle generated header named either grammar.cpp.h
-        or grammar.hpp.
-
-2006-03-22  Maciej Stachowiak  <mjs@apple.com>
-
-        - fix the build
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-03-21  Maciej Stachowiak  <mjs@apple.com>
-
-        * kjs/generate-derived-sources: Set executable property.
-
-2006-03-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        Ensure that generated source dependencies are handled properly, as follows:
-        
-        - Made an external script that generates the sources into a
-          DerivedSources dir in the build products directory.
-        - Added a new build target that builds all the generated sources
-          if needed. Sadly it has to be a target, not a phase for Xcode to notice changes.
-        - Added the DerivedSources dir in question to the include path.
-        - Added the new DerivedSources dir and its contents to the project as build-relative.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/generate-derived-sources: Added. Based on the windows version - maybe someday they
-        can share more.
-
-2006-03-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - fixed "charAt layout test fails on intel macs; some NaNs are printed as -NaN"
-        http://bugs.webkit.org/show_bug.cgi?id=7745
-
-        * kjs/ustring.cpp:
-        (KJS::UString::from): Use "NaN" for all NaN values, regardless of sign.
-
-2006-03-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - tweaks to my change to redo KJS::Node refcounting
-
-        * kjs/nodes.cpp:
-        (Node::ref):
-        (Node::deref):
-        (Node::refcount):
-        (Node::clearNewNodes):
-        * kjs/nodes.h:
-
-2006-03-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed Vector so that you can pass a reference to something in the vector
-          to the append or insert functions
-
-        * kxmlcore/Vector.h:
-        (KXMLCore::Vector::expandCapacity): Added new overloads that take a pointer to adjust
-        and return the adjusted value of the pointer.
-        (KXMLCore::Vector::append): Pass a pointer when expanding the vector, and use it when
-        adding the new element. Makes the case where the element moves when the vector
-        is expanded work.
-        (KXMLCore::Vector::insert): Ditto.
-
-2006-03-15  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by adele.
-
-        Build fix.
-
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::callAsFunction): use size() not "len()"
-
-2006-03-15  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        Fix CString copy constructor, fixes Date.parse("") on Win32.
-
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::callAsFunction):
-        * kjs/ustring.cpp:
-        (KJS::CString::CString):
-        (KJS::CString::operator=):
-
-2006-03-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Anders.
-        
-        - KJS::Node and KJS::StatementNode are bigger than they need to be
-        http://bugs.webkit.org/show_bug.cgi?id=7775
-
-        The memory usage of Node was reduced by 2 machine words per node:
-
-        - sourceURL was removed and only kept on FunctionBodyNode. The
-        source URL can only be distinct per function or top-level program node, 
-        and you always have one.
-        
-        - refcount was removed and kept in a separate hashtable when
-        greater than 1. newNodes set represents floating nodes with
-        refcount of 0. This helps because almost all nodes have a refcount of 1
-        for almost all of their lifetime.
-        
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::RuntimeMethod): Pass null body, added FIXME.
-        * kjs/Parser.cpp:
-        (KJS::clearNewNodes): New nodes are tracked in nodes.cpp now, but still clear
-        them at the appropriate time.
-        * kjs/context.h:
-        (KJS::ContextImp::currentBody): added; used to retrieve source URL and sid
-        for current code.
-        (KJS::ContextImp::pushIteration): moved here from LabelStack
-        (KJS::ContextImp::popIteration): ditto
-        (KJS::ContextImp::inIteration): ditto
-        (KJS::ContextImp::pushSwitch): ditto
-        (KJS::ContextImp::popSwitch): ditto
-        (KJS::ContextImp::inSwitch): ditto
-        * kjs/function.cpp:
-        (KJS::FunctionImp::FunctionImp): Add FunctionBodyNode* parameter.
-        (KJS::FunctionImp::callAsFunction): Pass body to ContextImp.
-        (KJS::FunctionImp::argumentsGetter): _context renamed to m_context.
-        (KJS::DeclaredFunctionImp::DeclaredFunctionImp): Pass body to superclass
-        constructor.
-        (KJS::GlobalFuncImp::callAsFunction): Pass progNode as body for ContextImp in
-        eval.
-        * kjs/function.h: Move body field from DeclaredFunctionImp to
-        FunctionImp.
-        * kjs/grammar.y: Change DBG; statements no longer have a sourceid.
-        * kjs/internal.cpp:
-        (KJS::ContextImp::ContextImp): Initialize new m_currentBody, m_iterationDepth
-        and m_switchDepth data members. New FunctionBodyNode* parameter - the
-        function body provides source URL and SourceId.
-        (KJS::InterpreterImp::mark): Use exception() function, not _exception directly.
-        (KJS::InterpreterImp::evaluate): Pass progNode to ContextImp constructor
-        to use as the body.
-        * kjs/internal.h:
-        (KJS::LabelStack::LabelStack): Remove iteration depth and switch depth;
-        statement label stacks don't need these and it bloats their size. Put them
-        in the ContextImp instead.
-        * kjs/interpreter.cpp:
-        (KJS::ExecState::lexicalInterpreter): Renamed _context to m_context.
-        * kjs/interpreter.h:
-        (KJS::ExecState::dynamicInterpreter): Renamed _context to m_context.
-        (KJS::ExecState::context): ditto
-        (KJS::ExecState::setException): Renamed _exception to m_exception
-        (KJS::ExecState::clearException): ditto
-        (KJS::ExecState::exception): ditto
-        (KJS::ExecState::hadException): ditto
-        (KJS::ExecState::ExecState): ditto both above renames
-        * kjs/nodes.cpp:
-        (Node::Node): Removed initialization of line, source URL and refcount. Add to
-        local newNodes set instead of involving parser.
-        (Node::ref): Instead of managing refcount directly, story refcount over 1 in a
-        HashCountedSet, and keep a separate HashSet of "floating" nodes with refcount
-        0.
-        (Node::deref): ditto
-        (Node::refcount): ditto
-        (Node::clearNewNodes): Destroy anything left in the new nodes set.
-        (currentSourceId): Inline helper to get sourceId from function body via context.
-        (currentSourceURL): ditto for sourceURL.
-        (Node::createErrorCompletion): use new helper
-        (Node::throwError): ditto
-        (Node::setExceptionDetailsIfNeeded): ditto
-        (StatementNode::StatementNode): remove initialization of l0 and sid, rename
-        l1 to m_lastLine.
-        (StatementNode::setLoc): Set own m_lastLine and Node's m_line.
-        (StatementNode::hitStatement): Get sid, first line, last line in the proper new ways.
-        (StatListNode::StatListNode): updated for setLoc changes
-        (BlockNode::BlockNode): ditto
-        (DoWhileNode::execute): excpect iteraton counts on ContextImp, not LabelStack
-        (WhileNode::execute): ditto
-        (ForNode::execute): ditto
-        (ForInNode::execute): ditto
-        (ContinueNode::execute): excpect inIteration on ContextImp, not LabelStack
-        (BreakNode::execute): excpect inIteration and inSwitch on ContextImp, not LabelStack
-        (SwitchNode::execute): expect switch counts on ContextImp, not LabelStack
-        (FunctionBodyNode::FunctionBodyNode): update for new setLoc
-        (FunctionBodyNode::processFuncDecl): reindent
-        (SourceElementsNode::SourceElementsNode): update for new setLoc
-        * kjs/nodes.h:
-        (KJS::Node::lineNo): Renamed _line to m_line
-        (KJS::StatementNode::firstLine): Use lineNo()
-        (KJS::StatementNode::lastLine): Renamed l1 to m_lastLine
-        (KJS::FunctionBodyNode::sourceId): added
-        (KJS::FunctionBodyNode::sourceURL): added
-        * kjs/testkjs.cpp:
-
-2006-03-14  Geoffrey Garen  <ggaren@apple.com>
-
-        - Fixed <rdar://problem/4478239> string sort puts "closed" before 
-        "close"
-
-        Reviewed by Eric.
-
-        * kjs/ustring.cpp:
-        (KJS::compare): Inverted a < in order to treat the longer string as > 
-        the shorter string.
-
-2006-03-12  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=7708
-        REGRESSION: Flash callback to JavaScript function not working.
-
-        Test: plugins/invoke.html
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16): Return a correct string length.
-
-2006-03-08  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by darin.
-
-        Partially fix JS on win32 by fixing hash table generation.
-
-        * kjs/create_hash_table: limit << results to 32 bits.
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-
-2006-03-07  Darin Adler  <darin@apple.com>
-
-        * kxmlcore/Vector.h: Quick fix to try to get Windows compiling again.
-
-2006-03-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=7655
-          unwanted output while running layout tests
-
-        * kjs/lexer.cpp: (Lexer::lex): Turn off the "yylex: ERROR" message.
-        * kjs/regexp.cpp: (KJS::RegExp::RegExp): Remove the code to log errors from PCRE
-        to standard output. I think we should arrange for the error text to be in JavaScript
-        exceptions instead at some point.
-        * kxmlcore/Vector.h: Add a check for overflow so that we'll abort if we pass a
-        too-large size rather than allocating a buffer smaller than requested.
-
-2006-03-06  David Carson <dacarson@gmail.com>
-
-        Reviewed by Darin, landed by ap.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=7582
-        c_utility.cpp contains CFString OS X platform-dependent code; should use ICU
-
-        Tested with test case from:
-        http://bugs.webkit.org/show_bug.cgi?id=5163
-
-        * bindings/c_utility.cpp
-        (convertUTF8ToUTF16): Changed to using Unicode converter from ICU, and manual Latin-1 conversion.
-        * icu/unicode/ucnv.h: Copied from WebCore.
-        * icu/unicode/ucnv_err.h: Ditto.
-        * icu/unicode/uenum.h: Ditto.
-
-2006-03-05  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Updated.
-
-2006-03-06  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-
-        Fix suggested by Alexey Proskuryakov <ap@nypop.com>, reviewed by Maciej and Hyatt.
-        
-        - fix http://bugs.webkit.org/show_bug.cgi?id=7601
-          REGRESSION (r13089): Reproducible crash dereferencing a deallocated element on google image search
-
-        * kxmlcore/Platform.h: Corrected the define to enable USE(MULTIPLE_THREADS) on Mac OS X.
-
-2006-03-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=7616
-          get all references to KJS::Node out of internal.h
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Updated for file changes.
-
-        * kjs/Parser.cpp: Added.
-        * kjs/Parser.h: Added.
-
-        * kjs/internal.cpp: Removed the Parser class.
-        * kjs/internal.h: Ditto. Also removed unnecessary declarations of classes
-        not used in this header.
-
-        * kjs/nodes.h: Added an include of "Parser.h".
-        * kjs/function.h: Added a declaration of FunctionBodyNode.
-
-2006-03-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej.
-
-        - JSC support for the fix for <rdar://problem/4467143> JavaScript 
-        enumeration of HTML element properties skips DOM node properties
-
-        * kjs/lookup.h: 
-        (1) Added the KJS_DEFINE_PROTOTYPE_WITH_PROTOTYPE macro. The 
-        class definiton macro needs to know about the prototype's prototype so 
-        that the class constructor properly sets it. 
-        (2) Removed the KJS_IMPLEMENT_PROTOTYPE_WITH_PARENT macro. The class
-        implementation macro does not need to know about the prototype's
-        prototype, since getOwnPropertySlot should only look in the current 
-        object's property map, and not its prototype's.
-
-2006-03-05  Andrew Wellington  <proton@wiretapped.net>
-
-        Reviewed by Eric, landed by ap.
-        
-        - Remove unused breakpoint bool from StatementNodes. No test provided as
-        there is no functionality change.
-
-        * kjs/nodes.cpp:
-        (StatementNode::StatementNode):
-        * kjs/nodes.h:
-
-2006-03-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        - Fixed <rdar://problem/4465598> REGRESSION (TOT): Crash occurs at 
-        http://maps.google.com/?output=html ( KJS::Identifier::add(KJS::UString::Rep*)
-
-        This regression was caused by my fix for 4448098. I failed to account for the
-        deleted entry sentinel in the mehtod that saves the contents of a property map to 
-        the back/forward cache.
-
-        Manual test in WebCore/manual-tests/property-map-save-crash.html
-
-        * kjs/property_map.cpp:
-        (KJS::deletedSentinel): Use 1 instead of -1 to facilitate an easy bit mask
-        (KJS::isValid): New function: checks if a key is null or the deleted sentinel
-        (KJS::PropertyMap::~PropertyMap): Fixed up the branch logic here for readability
-        and a slight performance win
-        (KJS::PropertyMap::clear):
-        (KJS::PropertyMap::rehash):
-        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList):
-        (KJS::PropertyMap::save): Check keys with isValid()
-
-2006-03-02  Maciej Stachowiak  <mjs@apple.com>
-
-        - now fix mac build again
-
-        * kjs/identifier.cpp:
-
-2006-03-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Anders and Eric.
-
-        - add fpconst.cpp to win32 build, it is now needed
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * kjs/fpconst.cpp:
-
-2006-03-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - fix windows build, broken by my last patch
-
-        * kjs/JSImmediate.cpp:
-        * kjs/identifier.cpp:
-        * kxmlcore/FastMalloc.cpp:
-        * kxmlcore/Platform.h:
-
-2006-03-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - Set up new prototype macros and avoid using #if without defined() in JSC
-        
-        Added new PLATFORM macros and related, to make sure #if's all check if relevant macros
-        are defined, and to separate core OS-level dependencies from operating environment
-        dependencies so you can, e.g., build KDE on Mac or Windows.
-
-        * kxmlcore/Platform.h: Added.
-
-        - deploy them everywhere in JavaScriptCore
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-        * bindings/objc/WebScriptObject.mm:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::end):
-        * bindings/softlinking.h:
-        * bindings/testbindings.mm:
-        (main):
-        * kjs/JSLock.cpp:
-        * kjs/collector.cpp:
-        (KJS::Collector::markCurrentThreadConservatively):
-        (KJS::Collector::markOtherThreadConservatively):
-        (KJS::Collector::markStackObjectsConservatively):
-        * kjs/config.h:
-        * kjs/date_object.cpp:
-        (gmtoffset):
-        (KJS::formatTime):
-        (KJS::DateProtoFunc::callAsFunction):
-        (KJS::DateObjectImp::construct):
-        (KJS::makeTime):
-        * kjs/dtoa.cpp:
-        * kjs/fpconst.cpp:
-        (KJS::sizeof):
-        (KJS::):
-        * kjs/grammar.y:
-        * kjs/identifier.cpp:
-        * kjs/internal.cpp:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-        (KJS::Interpreter::createLanguageInstanceForValue):
-        * kjs/interpreter.h:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/operations.cpp:
-        (KJS::isNaN):
-        (KJS::isInf):
-        (KJS::isPosInf):
-        (KJS::isNegInf):
-        * kjs/operations.h:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        (KJS::RegExp::~RegExp):
-        (KJS::RegExp::match):
-        * kjs/regexp.h:
-        * kjs/testkjs.cpp:
-        (StopWatch::start):
-        (StopWatch::stop):
-        (StopWatch::getElapsedMS):
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        * kxmlcore/AlwaysInline.h:
-        * kxmlcore/Assertions.cpp:
-        * kxmlcore/Assertions.h:
-        * kxmlcore/FastMalloc.cpp:
-        (KXMLCore::):
-        * kxmlcore/FastMalloc.h:
-        * kxmlcore/FastMallocInternal.h:
-        * kxmlcore/HashTable.h:
-        * kxmlcore/TCPageMap.h:
-        * kxmlcore/TCSpinLock.h:
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SlowLock):
-        * kxmlcore/TCSystemAlloc.cpp:
-        (TCMalloc_SystemAlloc):
-        * os-win32/stdint.h:
-
-2006-02-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        - Fixed <rdar://problem/4448098> Switch PropertyMap deleted entry 
-        placeholder to -1 from UString::Rep::null
-
-        This turned out to be only a small speedup (.12%). That's within the 
-        margin of error for super accurate JS iBench, but Shark confirms the 
-        same, so I think it's worth landing.
-
-        FYI, I also confirmed that the single entry optimization in 
-        PropertyMap is a 3.2% speedup.
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap):
-        (KJS::PropertyMap::clear):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::insert):
-        (KJS::PropertyMap::rehash):
-        (KJS::PropertyMap::remove):
-        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList):
-        (KJS::PropertyMap::checkConsistency):
-        * kjs/property_map.h:
-        (KJS::PropertyMap::deletedSentinel):
-
-2006-02-27  Eric Seidel  <eseidel@apple.com>
-
-        Rubber-stamped by darin.
-
-        Remove fpconst.cpp, unused on win32 and the cause of linker warnings.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2006-02-27  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        Fix Assertions.cpp to compile on win32.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * kxmlcore/Assertions.cpp:
-
-2006-02-27  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        Made Assertions.cpp platform independent.
-        Moved mac-specific logging logic up into WebCore.
-        http://bugs.webkit.org/show_bug.cgi?id=7503
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kxmlcore/Assertions.cpp: Added.
-        * kxmlcore/Assertions.h:
-        * kxmlcore/Assertions.mm: Removed.
-
-2006-02-27  Darin Adler  <darin@apple.com>
-
-        - fixed Mac Debug build, there was an unused parameter
-
-        * kxmlcore/FastMalloc.cpp: (KXMLCore::fastMallocRegisterThread):
-        Remove parameter name.
-
-        * kjs/debugger.h: Fixed comment.
-
-2006-02-27  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by darin.
-
-        * kxmlcore/Vector.h:
-        (KXMLCore::deleteAllValues): fix unused variable warning
-
-2006-02-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - Turn off -Wno-unused-param for JavaScriptCore and get rid of unused params
-        http://bugs.webkit.org/show_bug.cgi?id=7384
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (jsAllocate):
-        (_NPN_InvokeDefault):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        * bindings/c/c_class.h:
-        (KJS::Bindings::CClass::constructorAt):
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertNPVariantToValue):
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodsNamed):
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeDefaultMethod):
-        * bindings/jni/jni_jsobject.cpp:
-        * bindings/jni/jni_objc.mm:
-        (-[NSObject KJS::Bindings::]):
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebUndefined allocWithZone:]):
-        (-[WebUndefined initWithCoder:]):
-        (-[WebUndefined encodeWithCoder:]):
-        (-[WebUndefined copyWithZone:]):
-        * bindings/objc/objc_class.h:
-        (KJS::Bindings::ObjcClass::constructorAt):
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        (KJS::Bindings::ObjcClass::fallbackObject):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::getValueOfUndefinedField):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::getOwnPropertySlot):
-        (ObjcFallbackObjectImp::put):
-        (ObjcFallbackObjectImp::canPut):
-        (ObjcFallbackObjectImp::deleteProperty):
-        (ObjcFallbackObjectImp::toBoolean):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createLanguageInstanceForValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::setValueOfUndefinedField):
-        * bindings/runtime_array.cpp:
-        (RuntimeArray::lengthGetter):
-        (RuntimeArray::indexGetter):
-        (RuntimeArray::put):
-        (RuntimeArray::deleteProperty):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::lengthGetter):
-        (RuntimeMethod::execute):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::fallbackObjectGetter):
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::methodGetter):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::deleteProperty):
-        (RuntimeObjectImp::defaultValue):
-        (RuntimeObjectImp::callAsFunction):
-        * bindings/runtime_root.cpp:
-        (performJavaScriptAccess):
-        * kjs/array_object.cpp:
-        (ArrayInstance::lengthGetter):
-        (ArrayInstance::getOwnPropertySlot):
-        (ArrayPrototype::ArrayPrototype):
-        (ArrayPrototype::getOwnPropertySlot):
-        * kjs/bool_object.cpp:
-        (BooleanObjectImp::BooleanObjectImp):
-        * kjs/date_object.cpp:
-        (KJS::DateObjectFuncImp::DateObjectFuncImp):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        * kjs/error_object.cpp:
-        (ErrorObjectImp::ErrorObjectImp):
-        (NativeErrorPrototype::NativeErrorPrototype):
-        (NativeErrorImp::NativeErrorImp):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::Arguments::mappedIndexGetter):
-        (KJS::ActivationImp::argumentsGetter):
-        (KJS::ActivationImp::put):
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::FunctionObjectImp):
-        * kjs/internal.cpp:
-        (KJS::GetterSetterImp::toPrimitive):
-        (KJS::GetterSetterImp::toBoolean):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-        * kjs/interpreter.h:
-        (KJS::Interpreter::isGlobalObject):
-        (KJS::Interpreter::interpreterForGlobalObject):
-        (KJS::Interpreter::isSafeScript):
-        * kjs/lexer.cpp:
-        (Lexer::makeIdentifier):
-        (Lexer::makeUString):
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::staticValueGetter):
-        * kjs/nodes.cpp:
-        (StatementNode::processFuncDecl):
-        (PropertyNode::evaluate):
-        (PropertyNameNode::evaluate):
-        * kjs/number_object.cpp:
-        (NumberObjectImp::NumberObjectImp):
-        (NumberObjectImp::getOwnPropertySlot):
-        * kjs/object.cpp:
-        (KJS::JSObject::defineGetter):
-        (KJS::JSObject::defineSetter):
-        (KJS::JSObject::hasInstance):
-        (KJS::JSObject::propertyIsEnumerable):
-        * kjs/object_object.cpp:
-        (ObjectObjectImp::ObjectObjectImp):
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::undefinedGetter):
-        (KJS::PropertySlot::functionGetter):
-        * kjs/reference.cpp:
-        (KJS::Reference::getPropertyName):
-        * kjs/reference_list.cpp:
-        (ReferenceListIterator::operator++):
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::RegExpObjectImp):
-        (RegExpObjectImp::getValueProperty):
-        (RegExpObjectImp::putValueProperty):
-        * kjs/string_object.cpp:
-        (StringInstance::lengthGetter):
-        (StringInstance::indexGetter):
-        (StringPrototype::StringPrototype):
-        * kxmlcore/Assertions.mm:
-        * kxmlcore/FastMalloc.cpp:
-        (KXMLCore::TCMalloc_PageHeap::CheckList):
-        * kxmlcore/HashTable.h:
-        (KXMLCore::HashTableConstIterator::checkValidity):
-        (KXMLCore::IdentityHashTranslator::translate):
-        * pcre/pcre_get.c:
-        (pcre_get_stringnumber):
-
-2006-02-23  Darin Adler  <darin@apple.com>
-
-        - try to fix buildbot failure
-
-        * bindings/c/c_utility.cpp: Touch this file, which seems to not have been
-        recompiled after additional inlining was introduced (Xcode bug?).
-
-2006-02-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin, Maciej.
-
-        - Inline some functions suggested by Shark. 2.9% speedup on super
-        accurate JS iBench.
-
-        http://bugs.webkit.org/show_bug.cgi?id=7411
-        <rdar://problem/4448116>
-
-        * kjs/nodes.h:
-        (KJS::ArgumentsNode::evaluateList):
-        * kjs/object.cpp:
-        * kjs/object.h:
-        (KJS::ScopeChain::release):
-        (KJS::JSObject::toPrimitive):
-        * kjs/scope_chain.cpp:
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        (KJS::UString::toArrayIndex):
-        * kjs/value.cpp:
-        * kjs/value.h:
-        (KJS::JSValue::toObject):
-        * kxmlcore/FastMalloc.cpp:
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::Push):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::Pop):
-
-2006-02-21  Eric Seidel  <eseidel@apple.com>
-
-        Added *.user to ignore list.
-
-2006-02-21  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by ggaren.
-
-        Add grammarWrapper.cpp to work around visual studio bug plaguing buildbot.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/grammarWrapper.cpp: Added.
-
-2006-02-21  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by ggaren.
-
-        * kjs/testkjs.cpp: #if out timeval code on win32
-
-2006-02-21  Michael Emmel  <mike.emmel@gmail.com>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=7397
-          TCPageMap.h would not compile for me because string.h was missing
-
-        * kxmlcore/TCPageMap.h: Added <string.h> include.
-
-2006-02-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=7404
-          remove a bunch of extra implementsCall overrides
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Sorted files.
-
-        * kjs/internal.h: Made InternalFunctionImp::callAsFunction pure virtual so that
-        we'll get a compile error if some derived class neglects to implement it.
-
-        * kjs/function.cpp: (KJS::FunctionImp::FunctionImp): Remove unneeded initialization
-        of param, which is an OwnPtr so it gets initialized by default.
-
-        * bindings/runtime_method.cpp:
-        * bindings/runtime_method.h:
-        * kjs/array_object.cpp:
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        * kjs/bool_object.h:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/error_object.cpp:
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        * kjs/function_object.h:
-        * kjs/math_object.cpp:
-        * kjs/math_object.h:
-        * kjs/number_object.cpp:
-        * kjs/number_object.h:
-        * kjs/object_object.cpp:
-        * kjs/object_object.h:
-        * kjs/regexp_object.cpp:
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-        Removed many rendundant implementations of implementsCall from subclasses of
-        InternalFunctionImp.
-
-2006-02-21  Darin Adler  <darin@apple.com>
-
-        - fixed build
-
-        * kjs/internal.cpp: (KJS::InternalFunctionImp::implementsCall):
-        Oops, fixed name.
-
-2006-02-21  Darin Adler  <darin@apple.com>
-
-        Change suggested by Mitz.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=7402
-          REGRESSION: Methods do not execute
-
-        * kjs/internal.h: Add implementsHasCall to InternalFunctionImp.
-        * kjs/internal.cpp: (KJS::InternalFunctionImp::implementsHasCall):
-        Return true. All the classes derived from InternalFunctionImp need
-        to return true from this -- later we can remove all the extra
-        implementations too.
-
-2006-02-21  Maciej Stachowiak  <mjs@apple.com>
-
-        - fix build breakage caused by last-minute change to my patch
-
-        * kjs/lookup.h:
-
-2006-02-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff and Darin.
-        
-        Patch from Maks Orlovich, based on work by David Faure, hand-applied and 
-        significantly reworked by me.
-        
-        - Patch: give internal function names (KJS merge)
-        http://bugs.webkit.org/show_bug.cgi?id=6279
-
-        * tests/mozilla/expected.html: Updated for newly fixed test.
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::ArrayProtoFunc):
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        (BooleanPrototype::BooleanPrototype):
-        (BooleanProtoFunc::BooleanProtoFunc):
-        * kjs/bool_object.h:
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::DateProtoFunc):
-        (KJS::DateObjectImp::DateObjectImp):
-        (KJS::DateObjectFuncImp::DateObjectFuncImp):
-        * kjs/error_object.cpp:
-        (ErrorPrototype::ErrorPrototype):
-        (ErrorProtoFunc::ErrorProtoFunc):
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::FunctionImp):
-        (KJS::GlobalFuncImp::GlobalFuncImp):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (FunctionPrototype::FunctionPrototype):
-        (FunctionProtoFunc::FunctionProtoFunc):
-        (FunctionProtoFunc::callAsFunction):
-        * kjs/function_object.h:
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::initGlobalObject):
-        (KJS::InternalFunctionImp::InternalFunctionImp):
-        * kjs/internal.h:
-        (KJS::InternalFunctionImp::functionName):
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::HashEntryFunction::HashEntryFunction):
-        (KJS::HashEntryFunction::implementsCall):
-        (KJS::HashEntryFunction::toBoolean):
-        (KJS::HashEntryFunction::implementsHasInstance):
-        (KJS::HashEntryFunction::hasInstance):
-        * kjs/math_object.cpp:
-        (MathFuncImp::MathFuncImp):
-        * kjs/math_object.h:
-        * kjs/number_object.cpp:
-        (NumberPrototype::NumberPrototype):
-        (NumberProtoFunc::NumberProtoFunc):
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        (KJS::JSObject::putDirectFunction):
-        (KJS::Error::create):
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (ObjectPrototype::ObjectPrototype):
-        (ObjectProtoFunc::ObjectProtoFunc):
-        * kjs/object_object.h:
-        * kjs/regexp_object.cpp:
-        (RegExpPrototype::RegExpPrototype):
-        (RegExpProtoFunc::RegExpProtoFunc):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (StringProtoFunc::StringProtoFunc):
-        (StringObjectImp::StringObjectImp):
-        (StringObjectFuncImp::StringObjectFuncImp):
-        * kjs/string_object.h:
-        
-2006-02-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin, with help from Eric, Maciej.
-
-        - More changes to support super-accurate JS iBench. Doesn't work on 
-        Windows. (Doesn't break Windows, either.) I've filed 
-        [http://bugs.webkit.org/show_bug.cgi?id=7399] about that. 
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate): Print line numbers with exception output
-        * kjs/testkjs.cpp: Changed " *" to "* " because Eric says that's the 
-        way we roll with .cpp files.
-        (StopWatch::StopWatch): New class. Provides microsecond-accurate 
-        timings.
-        (StopWatch::~StopWatch):
-        (StopWatch::start):
-        (StopWatch::stop):
-        (StopWatch::getElapsedMS):
-        (TestFunctionImp::callAsFunction): Added missing return statement. 
-        Fixed up "run" to use refactored helper functions. Removed bogus 
-        return statement from "quit" case. Made "print" output to stdout 
-        instead of stderr because that makes more sense, and PERL handles 
-        stdout better.
-        (main): Factored out KXMLCore unit tests. Removed custom exception 
-        printing code because the interpreter prints exceptions for you. Added 
-        a "delete" call for the GlobalImp we allocate.
-        (testIsInteger): New function, result of refacotring.
-        (createStringWithContentsOfFile): New function, result of refactoring. 
-        Renamed "code" to "buffer" to match factored-out-ness.
-
-2006-02-20  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by hyatt.
-
-        Fix "Copy ICU DLLs..." phase.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-
-2006-02-19  Darin Adler  <darin@apple.com>
-
-        - renamed ERROR to LOG_ERROR to fix build
-          presumably Maciej had this change and forgot to land it
-
-        * kjs/collector.cpp: Removed now-unneeded #undef ERROR.
-        * kxmlcore/Assertions.h: Renamed ERROR to LOG_ERROR.
-        * kxmlcore/FastMalloc.cpp: Changed MESSAGE macro to use LOG_ERROR.
-
-2006-02-18  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-
-        Test: fast/js/toString-exception.html
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=7343
-          REGRESSION: fast/js/toString-overrides.html fails when run multiple times
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): Remove the object from the visited elements set before
-        returning an error.
-
-2006-02-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=7345
-          add insert and remove to KXMLCore::Vector
-
-        * kxmlcore/Vector.h: Added "moveOverlapping", which is used in both
-        insert and remove to slide elements within the vector. Also added
-        "insert" and "remove" functions.
-
-2006-02-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John.
-
-        - Fixed <rdar://problem/4448534> TOT REGRESSION: crash in KJS::
-        Bindings::Instance::deref when leaving page @ gigaom.com
-
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::~CInstance): Since we cache the class object
-        globally, we shouldn't delete it, so don't.
-
-2006-02-16  Timothy Hatcher  <timothy@apple.com>
-
-        Added -Wno-deprecated-declarations to all the ObjC binding files to prevent deprecation
-        warnings. Using <rdar://problem/4448350> to track this.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/objc/objc_jsobject.h: Removed empty file.
-        * bindings/objc/objc_jsobject.mm: Removed empty file.
-
-2006-02-16  Tim Omernick  <timo@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/4428609> Flash Player 8.0.22 can crash Safari (and WebKit apps) with
-        javascript disabled (7015)
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_CreateNoScriptObject):
-        Returns an NPObject which is not bound to a JavaScript object.  This kind of NPObject
-        can be given to a plugin as the "window script object" when JavaScript is disabled.
-        The object has a custom NPClass, NPNoScriptObjectClass, which has no defined methods.
-        Because of this, none of the NPN_* functions called by the plugin on this "no script
-        object" will cause entry into JavaScript code.
-        (_NPN_InvokeDefault):
-        Make sure the NPVariant is filled before returning from this function.  This never
-        mattered before because we never reached this case, having only created NPObjects of
-        the class NPScriptObjectClass.
-        (_NPN_Invoke):
-        ditto
-        (_NPN_Evaluate):
-        ditto
-        (_NPN_GetProperty):
-        ditto
-
-        * bindings/NP_jsobject.h:
-        Declared _NPN_CreateNoScriptObject().
-
-2006-02-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by me, change by Peter Kuemmel.
-
-        * kjs/operations.cpp: (KJS::isNegInf): Fix Windows code, which was
-        checking for positive infinity (rolling in fix from KDE side).
-
-2006-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej, Eric.
-
-        - JavaScriptCore half of fix for <rdar://problem/4176077> CrashTracer: 6569
-        crashes in DashboardClient at com.apple.JavaScriptCore:
-        KJS::Bindings::ObjcFallbackObjectImp::type()
-
-        WebCore and JavaScriptCore weren't sharing Instance objects very
-        nicely. I made them use RefPtrs, and sent them to bed without dessert.
-
-        * bindings/jni/jni_instance.cpp: Made _instance a RefPtr
-        (JavaInstance::~JavaInstance):
-        (JObjectWrapper::JObjectWrapper):
-        * bindings/jni/jni_instance.h:
-        (KJS::Bindings::JObjectWrapper::ref):
-        (KJS::Bindings::JObjectWrapper::deref):
-        * bindings/jni/jni_runtime.cpp: Made _array a RefPtr
-        (JavaArray::~JavaArray):
-        (JavaArray::JavaArray):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaArray::operator=):
-        * bindings/objc/objc_runtime.h:
-        - Prohibited copying because that would muss the ref count.
-        - Prohibited construction without instance because an instance wrapper
-        without an instance is almost certainly a bug.
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::Instance):
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-        (KJS::Bindings::Instance::createRuntimeObject):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::ref):
-        (KJS::Bindings::Instance::deref):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::fallbackObjectGetter):
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::methodGetter):
-        (RuntimeObjectImp::getOwnPropertySlot):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        * bindings/runtime_object.h: 
-        - Removed ownsInstance data member because RefPtr takes care of 
-        instance lifetime now. 
-        - Prohibited copying because that would muss the ref count.
-        - Prohibited construction without instance because an instance wrapper
-        without an instance is almost certainly a bug.
-        (KJS::RuntimeObjectImp::getInternalInstance):
-
-2006-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John.
-
-        - Applied the 4330457 change to CClass and ObjcClass as well.
-
-        Once plugins work in DumpRenderTree, running run-webkit-tests --leaks
-        will catch this. 
-
-        This change isn't as critical because CClass and ObjcClass objects get 
-        cached globally and never deleted, but it's good practice, in case we 
-        ever do decide to delete CClass and ObjcClass objects.
-
-        This change requires prohibiting copying, because we don't do any 
-        intelligent ref-counting -- when a Class is destroyed, it destroys its 
-        methods and fields unconditionally. (Java classes already prohibited
-        copying.)
-
-        * bindings/c/c_class.cpp:
-        - Merged _commonInit and _commonDelete into constructor and destructor.
-        (CClass::CClass):
-        (CClass::~CClass):
-        (CClass::methodsNamed): Added delete callbacks
-        (CClass::fieldNamed): Added delete callbacks
-        * bindings/c/c_class.h: Prohibited copying
-        * bindings/c/c_instance.cpp: 
-        (KJS::Bindings::CInstance::getClass): Changed to use the preferred 
-        class factory method, to take advantage of the global cache.
-
-        [ Repeated changes applied to CClass for ObjcClass: ]
-
-        * bindings/objc/objc_class.h: 
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::ObjcClass):
-        (KJS::Bindings::ObjcClass::~ObjcClass):
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        (KJS::Bindings::ObjcClass::fieldNamed):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcMethod::ObjcMethod): Initialized uninitialized
-        variable to prevent bad CFRelease.
-        (KJS::Bindings::ObjcMethod::~ObjcMethod): Removed erroneous ';' from
-        if statement to prevent bad CFRelease.
-        * bindings/objc/objc_runtime.cpp: Changed to use the preferred
-        ObjectStructPtr, for clarity.
-
-2006-02-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John.
-
-        - Fixed <rdar://problem/4330457> CrashTracer: [REGRESSION] 3763 crashes
-        in Safari at com.apple.JavaScriptCore: KJS::Bindings::JavaInstance::
-        getClass const + 56
-
-        Once plugins work in DumpRenderTree, running run-webkit-tests --leaks
-        will catch this. 
-
-        This was a memory leak in the bindings code. The leak was so extreme
-        that it would cause Safari or the JVM to abort from lack of memory.
-        Upon construction, Class objects create field and method objects, 
-        storing them in CFDictionaries. The bug was that upon destruction, the 
-        class objects released the dictionaries but didn't destroy the stored 
-        objects.
-
-        The fix is to supply CFDictionary callbacks for destroying the values
-        added to the dictionary. 
-        
-        * bindings/jni/jni_class.cpp: 
-        (JavaClass::JavaClass): Added delete callbacks
-        * bindings/runtime.cpp: Added definitions for delete callbacks
-        (KJS::Bindings::deleteMethodList):
-        (KJS::Bindings::deleteMethod):
-        (KJS::Bindings::deleteField):
-        * bindings/runtime.h: Added declarations for delete callbacks
-
-2006-02-14  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Justin.
-
-        Fixed <rdar://problem/4415050> STD: WebCore build steps use echo -n, which will change
-        behavior due to POSIX version of sh
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: removed the use of echo -n, replaced with printf ""
-
-2006-02-13   Dave Hyatt <hyatt@apple.com>
-
-        Fix Win32 bustage in JavaScriptCore.
-
-        Reviewed by darin
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Add JSImmediate to the Win32 project.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::fromDouble):
-        (KJS::JSImmediate::toDouble):
-        (KJS::JSImmediate::NanAsBits):
-        (KJS::JSImmediate::oneAsBits):
-        Win32 needs explicit returns after abort() for non-void functions.
-
-        * kjs/testkjs.cpp:
-        (run):
-        Win32 catches a bug in testkjs!  The "return 2" should actually
-        have been a return false.
-
-        * kjs/value.h:
-        The extern decls of NaN and Inf need to be const.
-
-=== JavaScriptCore-521.7 ===
-
-2006-02-13  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        Replaced the old NS_DURING exception blocking with @try/@catch.
-
-        * JavaScriptCorePrefix.h: undef try and catch to workaround a C++ conflict
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-        (ObjcInstance::setValueOfUndefinedField):
-        (ObjcInstance::getValueOfUndefinedField):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        (ObjcArray::setValueAt):
-        (ObjcArray::valueAt):
-
-2006-02-13  Darin Adler  <darin@apple.com>
-
-        - fix a couple problems building on Windows, based on requests
-          from Krzysztof Kowalczyk <kkowalczyk@gmail.com>
-
-        * kjs/JSImmediate.h: Change code using non-standard u_int32/64_t types
-        to the standard uint32/64_t. Also removed curious "isIEEE()" function
-        that checked the sizes of some types (and type sizes alone don't tell you if
-        the floating point conforms to the IEEE-standard). Added missing include
-        of <stdint.h>.
-
-        * kjs/property_slot.h: Added missing include of <assert.h>.
-
-2006-02-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by darin.
-
-        Cleaned up testkjs, added new "run" functionality to allow scripting 
-        tests from within JS. ("run" is a part of my new super-accurate
-        JS iBench.)
-
-        No regressions in run-javascriptcore-tests.
-
-        * kjs/testkjs.cpp:
-        (GlobalImp::className):
-        (TestFunctionImp::):
-        (TestFunctionImp::callAsFunction):
-        (main):
-        (run):
-
-2006-02-11  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        - improve fix for http://bugs.webkit.org/show_bug.cgi?id=5163
-        RealPlayer.GetTitle() Crashes Safari/Dashboard
-
-        * bindings/c/c_utility.cpp: (KJS::Bindings::convertUTF8ToUTF16):
-        Use kCFStringEncodingISOLatin1 rather than kCFStringEncodingWindowsLatin1, 
-        because the latter encoding has holes, and conversion can still fail.
-
-2006-02-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        - Inlined RefPtr assignment operators. .7% performance win on 
-        super-accurate JS iBench.
-
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::::operator):
-
-2006-02-10  Geoffrey Garen  <ggaren@apple.com>
-
-        No review needed, just a build fix. This time for sure.
-
-        * kjs/JSType.h:
-
-2006-02-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by eric.
-        
-        - Fixed build. As it goes without saying, I will not mention that I
-        blame Kevin.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::toObject):
-
-2006-02-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by mjs.
-
-        - Fixed <rdar://problem/4343730> Should switch ConstantValues (null, 
-        undefined, true, false) from JS objects to immediate values similar to
-        SimpleNumber
-
-        2.0% performance gain on my new super-accurate version of JS iBench.
-        (I promise to land a version of it soon.)
-
-        The gist of the change:
-        (1) The SimpleNumber class (simple_number.h) is now the JSImmediate
-        class (JSImmediate.h/.cpp), and it handles not only numbers but also 
-        null, undefined, true, and false. 
-        (2) JSImmediate provides convenience methods for the bit masking
-        necessary to encode and decode immediate values.
-        (3) ConstantValues, BooleanImp, NullImp, and UndefinedImp are gone.
-        (4) JSCell no longer implements functions like getBoolean, because
-        only a JSImmediate can be a boolean.
-        (5) JSImmediate no longer uses ALWAYS_INLINE because there's no need,
-        and ALWAYS_INLINE is a non-portable option of last resort.
-        (6) Type is now JSType, and it resides in its own file, JSType.h.
-        Since I was there, I did some header include sorting as part of this
-        change.
-
-        The rest pretty much explains itself.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed simple_number.h,
-        added JSImmediate.h/.cpp.
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::defaultValue):
-        * bindings/c/c_instance.h:
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::defaultValue):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::convertValueToJObject):
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
-        Standardized calls to use getXXX instead of hand-rolling JSValue 
-        functionality.
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::getValueOfUndefinedField):
-        (ObjcInstance::defaultValue):
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::type):
-        (ObjcFallbackObjectImp::defaultValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::defaultValue):
-        * bindings/runtime_object.h:
-        * kjs/JSImmediate.h: Added.
-        (KJS::JSImmediate::isImmediate):
-        (KJS::JSImmediate::isNumber):
-        (KJS::JSImmediate::isBoolean):
-        (KJS::JSImmediate::isUndefinedOrNull):
-        (KJS::JSImmediate::fromDouble):
-        (KJS::JSImmediate::toDouble):
-        (KJS::JSImmediate::toBoolean):
-        (KJS::JSImmediate::trueImmediate):
-        (KJS::JSImmediate::falseImmediate):
-        (KJS::JSImmediate::NaNImmediate):
-        (KJS::JSImmediate::undefinedImmediate):
-        (KJS::JSImmediate::nullImmediate):
-        (KJS::JSImmediate::tag):
-        (KJS::JSImmediate::unTag):
-        (KJS::JSImmediate::getTag):
-        (KJS::JSImmediate::):
-        (KJS::JSImmediate::isIEEE):
-        (KJS::JSImmediate::is32bit):
-        (KJS::JSImmediate::is64bit):
-        (KJS::JSImmediate::NanAsBits):
-        (KJS::JSImmediate::zeroAsBits):
-        (KJS::JSImmediate::oneAsBits):
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::lock): Removed hack-o-rama to initialize ConstantValues.
-        * kjs/JSType.h: Added.
-        * kjs/collector.cpp:
-        (KJS::Collector::protect):
-        (KJS::Collector::unprotect):
-        (KJS::Collector::collect):
-        * kjs/internal.cpp:
-        (KJS::StringImp::toPrimitive):
-        (KJS::NumberImp::toPrimitive):
-        (KJS::NumberImp::toBoolean):
-        (KJS::GetterSetterImp::toPrimitive):
-        * kjs/internal.h:
-        (KJS::StringImp::type):
-        (KJS::NumberImp::type):
-        * kjs/object.cpp:
-        (KJS::JSObject::type):
-        (KJS::tryGetAndCallProperty): Replaced "Are you one of the six things
-        I'm looking for?" test with "Are you not the one thing I'm not looking
-        for" test.
-        (KJS::JSObject::defaultValue):
-        (KJS::JSObject::toPrimitive):
-        * kjs/object.h:
-        (KJS::GetterSetterImp::type):
-        (KJS::JSValue::isObject):
-        * kjs/operations.cpp:
-        (KJS::equal):
-        (KJS::strictEqual):
-        (KJS::add):
-        * kjs/reference.cpp:
-        (KJS::Reference::deleteValue):
-        * kjs/simple_number.h: Removed.
-        * kjs/string_object.cpp:
-        (StringInstance::getOwnPropertySlot): fixed indentation
-        * kjs/value.cpp:
-        (KJS::JSValue::toObject):
-        (KJS::jsNumberCell): New function to quarantine a PIC branch -- allows
-        us to inline jsNumber without adding PIC branches to callers.
-        * kjs/value.h:
-        (KJS::jsUndefined):
-        (KJS::jsNull):
-        (KJS::jsNaN):
-        (KJS::jsBoolean):
-        (KJS::jsNumber):
-        (KJS::JSValue::downcast):
-        (KJS::JSValue::isUndefinedOrNull):
-        (KJS::JSValue::isBoolean):
-        (KJS::JSValue::isNumber):
-        (KJS::JSValue::isString):
-        (KJS::JSValue::isObject):
-        (KJS::JSValue::getBoolean):
-        (KJS::JSValue::getNumber):
-        (KJS::JSValue::getString):
-        (KJS::JSValue::getObject):
-        (KJS::JSValue::getUInt32):
-        (KJS::JSValue::mark): Replaced !JSImmediate::is() test with assertion,
-        resulting in a slight performance gain. Callers should always check
-        !marked() before calling mark(), so it's impossible to call mark on
-        a JSImmediate.
-        (KJS::JSValue::marked):
-        (KJS::JSValue::type):
-        (KJS::JSValue::toPrimitive):
-        (KJS::JSValue::toBoolean):
-        (KJS::JSValue::toNumber):
-        (KJS::JSValue::toString):
-
-2006-02-06  Eric Seidel  <eseidel@apple.com>
-
-        Add svn:ignore properties for visual studio internals.
-
-2006-02-06  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        - Refactor DateInstance to provide direct access to data. Several WIN32 modifications.
-        http://bugs.webkit.org/show_bug.cgi?id=7107
-
-        - No tests added - only changed functionality on WIN32, which should be covered by 
-        existing tests.
-
-        * kjs/date_object.cpp:
-        (gmtoffset): On WIN32, use the recommended global (_timezone rather than timezone).
-        Updated comments. 
-        (KJS::timeZoneOffset): Removed, was basically the same as the above.
-        (KJS::formatTime): Pass an UTC flag - UTC/local cannot be correctly selected on
-        Windows based on struct tm itself.
-        (KJS::DateInstance::getTime): Added.
-        (KJS::DateInstance::getUTCTime): Added.
-        (KJS::millisecondsToTM): Factored out from DateProtoFunc::callAsFunction().
-        (KJS::DateObjectImp::callAsFunction): Use the new parameter to formatTime().
-        (KJS::DateProtoFunc::callAsFunction): Updated for the other changes. The code for
-        GetTimezoneOffset was incorrect on WIN32 - _daylight global has nothing to do
-        with daylight savings time being in effect.
-
-        * kjs/date_object.h: Added prototypes for new functions.
-
-2006-02-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Anders.
-        
-        - fixed ~1100 KJS::Node leaked on layout tests
-        http://bugs.webkit.org/show_bug.cgi?id=7097
-
-        * kjs/internal.cpp:
-        (KJS::Parser::noteNodeCycle):
-        (KJS::Parser::removeNodeCycle):
-        (KJS::clearNewNodes):
-        * kjs/internal.h:
-        * kjs/nodes.cpp:
-        (ElementNode::breakCycle):
-        (PropertyListNode::breakCycle):
-        (ArgumentListNode::breakCycle):
-        (StatListNode::StatListNode):
-        (StatListNode::breakCycle):
-        (VarDeclListNode::breakCycle):
-        (BlockNode::BlockNode):
-        (ClauseListNode::breakCycle):
-        (CaseBlockNode::CaseBlockNode):
-        (ParameterNode::breakCycle):
-        (SourceElementsNode::SourceElementsNode):
-        (SourceElementsNode::breakCycle):
-        * kjs/nodes.h:
-        (KJS::Node::breakCycle):
-        (KJS::ElementNode::ElementNode):
-        (KJS::ArrayNode::ArrayNode):
-        (KJS::PropertyListNode::PropertyListNode):
-        (KJS::ObjectLiteralNode::ObjectLiteralNode):
-        (KJS::ArgumentListNode::ArgumentListNode):
-        (KJS::ArgumentsNode::ArgumentsNode):
-        (KJS::VarDeclListNode::VarDeclListNode):
-        (KJS::VarStatementNode::VarStatementNode):
-        (KJS::ForNode::ForNode):
-        (KJS::CaseClauseNode::CaseClauseNode):
-        (KJS::ClauseListNode::ClauseListNode):
-        (KJS::ParameterNode::ParameterNode):
-        (KJS::FuncExprNode::FuncExprNode):
-        (KJS::FuncDeclNode::FuncDeclNode):
-
-2006-02-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Hyatt.
-        
-        - fix default traits for classes to make sure default constructors get called
-
-        * kxmlcore/VectorTraits.h:
-        (KXMLCore::):
-
-2006-02-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5210
-          REGRESSION: for/in loop with var changes global variable instead of making local
-
-        Test: fast/js/for-in-var-scope.html
-
-        * kjs/nodes.cpp:
-        (valueForReadModifyAssignment): Use ALWAYS_INLINE macro.
-        (ForInNode::execute): Break out of the scope chain loop once we find and set the
-        loop variable. We don't want to set multiple loop variables.
-        (ForInNode::processVarDecls): Process the declaration of the loop variable.
-
-        - other cleanup
-
-        * kjs/object.cpp: (KJS::tryGetAndCallProperty): Use ALWAYS_INLINE macro.
-        * kxmlcore/FastMalloc.cpp: Change to use ALWAYS_INLINE macro from AlwaysInline.h
-        instead of defining it here a second time.
-
-2006-02-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Hyatt.
-        
-        - change JavaScript collector statistics calls to use HashCountedSet instead
-        of CFSet; other misc cleanup
-        http://bugs.webkit.org/show_bug.cgi?id=7072
-        
-        * kjs/collector.cpp:
-        (KJS::Collector::numProtectedObjects): renamed from numReferencedObjects
-        (KJS::typeName):
-        (KJS::Collector::rootObjectTypeCounts): renamed from rootObjectClasses,
-        use HashSet
-        * kjs/collector.h:
-        (KJS::Collector::isOutOfMemory): Renamed from outOfMemory.
-        * kjs/nodes.cpp:
-
-2006-02-03  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Justin.
-
-        Renamed configuration names to Debug, Release and Production.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-02-02  George Staikos <staikos@opensource.apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/lookup.h: Fix compile, merged from KDE.
-
-2006-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=7005
-          add Noncopyable, OwnPtr, OwnArrayPtr to KXMLCore
-
-        * kxmlcore/Noncopyable.h: Added.
-        * kxmlcore/OwnArrayPtr.h: Added.
-        * kxmlcore/OwnPtr.h: Added.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new files.
-
-        * kjs/function.h:
-        * kjs/function.cpp: Use OwnPtr for Parameter pointers.
-
-        * kjs/internal.h: Use Noncopyable for LabelStack.
-
-        * kjs/list.cpp: Use OwnArrayPtr for overflow.
-
-        * kjs/property_map.h:
-        * kjs/property_map.cpp: Use OwnArrayPtr for SavedProperties.
-        Use Vector for some stack buffers.
-
-        * kjs/regexp_object.h:
-        * kjs/regexp_object.cpp: Use OwnArrayPtr for lastOvector.
-
-2006-01-31  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - fixed leak of hundreds of thousands of JS parser nodes on the layout tests, and added an exit counter
-        that would catch them
-
-        * kjs/nodes.cpp:
-        (NodeCounter::~NodeCounter): Added debug-only node counter.
-        (Node::Node):
-        (Node::~Node):
-        * kxmlcore/VectorTraits.h: Simple classes like RefPtr do in fact need destruction.
-
-2006-01-31  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - added deleteAllValues for HashSet as well as HashMap
-        - fixed conversion from const_iterator to iterator, which I broke a while back
-
-        * kxmlcore/HashMap.h: Updated copyright date.
-        * kxmlcore/HashSet.h: (KXMLCore::deleteAllValues): Added.
-        * kxmlcore/HashTable.h: (KXMLCore::HashTableIterator::operator const_iterator): Added.
-
-2006-01-31  Tim Omernick  <timo@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16):
-        Fixed an invalid assertion that UTF8Chars is not NULL.  It is valid for it to be NULL as long as
-        UTF8Length is 0.
-        This fixes an assertion failure on TOT at <http://www.musicindiaonline.com/p/x/tJO0OOBME9.As1NMvHdW/>,
-        where JavaScript is getting a NULL string back from some call on the Real Player plugin.
-
-2006-01-30  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=6907
-        REGRESSION: United.com menus messed up due to document.all/MSIE sniff
-        
-        * kjs/nodes.cpp:
-        (typeStringForValue):
-        Return "undefined" if the given object should masquerade as undefined.
-        
-        * kjs/object.h:
-        (KJS::JSObject::masqueradeAsUndefined):
-        Rename from isEqualToNull.
-        
-        * kjs/operations.cpp:
-        (KJS::equal):
-        Update for name change.
-
-2006-01-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - properly define Vector assignment operator; the private version was accidentally left
-        in, and the template version is not enough to replace the default
-
-        * kxmlcore/Vector.h:
-        (KXMLCore::Vector::operator=):
-
-2006-01-29  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by darin.
-
-        Fix the build by applying a GCC-specific namespace hack.
-
-        * kjs/lookup.h:
-
-2006-01-29  Eric Seidel <eseidel@apple.com>
-
-        Reviewed by hyatt.
-
-        Fix build on Win32.
-
-        * kjs/lookup.h: fixed ::cacheGlobalObject
-        * kxmlcore/Vector.h:
-        (KXMLCore::Vector::operator[]): use unsigned long
-
-2006-01-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        * kxmlcore/Vector.h:
-        (KXMLCore::Vector::operator[]): Add unsigned overload
-
-2006-01-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=6895
-          include exception names in JavaScript form of DOM exception
-
-        * khtml/ecma/kjs_binding.cpp: (KJS::setDOMException): Include the name of the
-        exception in the error message.
-
-2006-01-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - miscellaneous Vector improvements
-
-        * kxmlcore/Vector.h:
-        (KXMLCore::Vector::at): Add range-checking asserts.
-        (KXMLCore::Vector::first): Added as a convenience.
-        (KXMLCore::Vector::last): Convenience for stack-style use.
-        (KXMLCore::Vector::removeLast): ditto
-
-2006-01-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6870
-          REGRESSION: JavaScript Date constructor won't accept another Date object
-
-        Test: fast/js/date-constructor.html
-
-        * kjs/date_object.cpp: (KJS::DateObjectImp::construct):
-        Added a special case for constructing one date from another (to avoid losing
-        milliseconds, which are not in the text form, to match Firefox), and changed
-        the base code to convert to primitive before checking for string to match
-        the standard. Also corrected a couple silly things in the "construct from
-        current time" code path (removed a floor that does no good, and changed
-        the constant used to convert microseconds to milliseconds to be a 1000
-        rather than "msPerSecond").
-
-2006-01-28  Darin Adler  <darin@apple.com>
-
-        * kjs/create_hash_table: Added missing license.
-
-2006-01-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dave Hyatt.
-        
-        - added a Vector class
-        http://bugs.webkit.org/show_bug.cgi?id=6894
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/internal.cpp:
-        (KJS::Parser::saveNewNode): Apply Vector.
-        (KJS::clearNewNodes): ditto
-        * kjs/number_object.cpp:
-        (integer_part_noexp): ditto
-        (char_sequence): ditto
-        * kjs/ustring.cpp:
-        (KJS::UString::UTF8String): ditto
-        * kxmlcore/HashMap.h:
-        (KXMLCore::deleteAllValues): Tweaked this to only apply to HashMap,
-        other versions are useful for other containers.
-        * kxmlcore/Vector.h: Added. Implemented a Vector class, which should
-        be usable for all Array/QVector style purposes, and also as a stack buffer
-        with oversize handling. Also some helper classes to make vector operations
-        as efficient as possible for POD types and for simple non-PODs like RefPtr.
-        (KXMLCore::):
-        (KXMLCore::VectorTypeOperations::destruct):
-        (KXMLCore::VectorTypeOperations::initialize):
-        (KXMLCore::VectorTypeOperations::move):
-        (KXMLCore::VectorTypeOperations::uninitializedCopy):
-        (KXMLCore::VectorTypeOperations::uninitializedFill):
-        (KXMLCore::VectorBuffer::VectorBuffer):
-        (KXMLCore::VectorBuffer::~VectorBuffer):
-        (KXMLCore::VectorBuffer::deallocateBuffer):
-        (KXMLCore::VectorBuffer::inlineBuffer):
-        (KXMLCore::Vector::Vector):
-        (KXMLCore::Vector::~Vector):
-        (KXMLCore::Vector::size):
-        (KXMLCore::Vector::capacity):
-        (KXMLCore::Vector::isEmpty):
-        (KXMLCore::Vector::at):
-        (KXMLCore::Vector::operator[]):
-        (KXMLCore::Vector::data):
-        (KXMLCore::Vector::operator T*):
-        (KXMLCore::Vector::operator const T*):
-        (KXMLCore::Vector::begin):
-        (KXMLCore::Vector::end):
-        (KXMLCore::Vector::clear):
-        (KXMLCore::Vector::fill):
-        (KXMLCore::Vector::operator=):
-        (KXMLCore::::Vector):
-        (KXMLCore::::operator):
-        (KXMLCore::::fill):
-        (KXMLCore::::expandCapacity):
-        (KXMLCore::::resize):
-        (KXMLCore::::reserveCapacity):
-        (KXMLCore::::append):
-        (KXMLCore::deleteAllValues):
-        * kxmlcore/VectorTraits.h: Added.
-        (KXMLCore::VectorTraits): Traits to enable making Vector efficient for
-        simple types.
-
-2006-01-28  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5163
-        RealPlayer.GetTitle() Crashes Safari/Dashboard
-
-        * bindings/c/c_utility.cpp: (KJS::Bindings::convertUTF8ToUTF16):
-        Fallback to kCFStringEncodingWindowsLatin1 if the passed buffer is not valid UTF-8, preventing crashes.
-
-2006-01-25  George Staikos <staikos@opensource.apple.com>
-
-        Reviewed by Darin.
-
-        * kxmlcore/HashFunctions.h: Merge build fix from KDE.
-
-2006-01-25  Darin Adler  <darin@apple.com>
-
-        - removed an unused source file
-
-        * kjs/pointer_hash.h: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed reference to pointer_hash.h.
-
-2006-01-23  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6737
-        KJS_DEFINE_PROTOTYPE should work outside of the KJS namespace
-        
-        * kjs/lookup.h:
-        Prefix all KJS types with KJS:: in KJS_DEFINE_PROTOTYPE.
-        
-        (cacheGlobalObject):
-        Move this out of the KJS namespace.
-
-2006-01-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - renamed PointerHash to PtrHash
-        - made PtrHash the default hash function for int and pointer types that aren't further specialized
-        - added an AtomicStringImpl class to make it easier and more typesafe to identity hash atomic strings
-        - did appropriate consequent cleanup (very few places now need to declare a hash function)
-        http://bugs.webkit.org/show_bug.cgi?id=6752
-        
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): no need to mention PointerHash
-        * kjs/collector.cpp: ditto
-        * kjs/identifier.cpp:
-        (KXMLCore::): declare DefaultHash the new way
-        * kjs/internal.cpp: no need to mention PointerHash
-        * kjs/ustring.h:
-        * kxmlcore/HashCountedSet.h: change how we get the default hash to make it
-        easier to specialize on PtrHash
-        * kxmlcore/HashFunctions.h:
-        (KXMLCore::): renamed PointerHash to PtrHash; changed DefaultHash so that it has
-        a Hash typedef rather than being a hash function class itself; declared DefaultHash
-        for int and partializy specialized for pointer types
-        * kxmlcore/HashMapPtrSpec.h:
-        (KXMLCore::PtrHashIteratorAdapter::PtrHashIteratorAdapter): Slight tweaks for new
-        way of handling pointer hash
-        (KXMLCore::PtrHashConstIteratorAdapter::PtrHashConstIteratorAdapter): ditto
-        (KXMLCore::): ditto
-        * kxmlcore/HashMap.h: ditto
-        * kxmlcore/HashSet.h: ditto
-
-2006-01-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Tim Omernick.
-        
-        - use classes instead of free functions for extractors, this better matches how other
-        things work and should avoid the need for hacky workarounds on other compilers
-        http://bugs.webkit.org/show_bug.cgi?id=6748
-
-        * kjs/array_object.cpp:
-        * kjs/identifier.cpp:
-        * kjs/internal.cpp:
-        * kxmlcore/HashMap.h:
-        (KXMLCore::PairFirstExtractor::extract):
-        * kxmlcore/HashMapPtrSpec.h:
-        (KXMLCore::):
-        * kxmlcore/HashSet.h:
-        (KXMLCore::IdentityExtractor::extract):
-        * kxmlcore/HashTable.h:
-        (KXMLCore::addIterator):
-        (KXMLCore::removeIterator):
-        (KXMLCore::HashTable::add):
-        (KXMLCore::HashTable::isEmptyBucket):
-        (KXMLCore::HashTable::isDeletedBucket):
-        (KXMLCore::HashTable::HashTable):
-        (KXMLCore::HashTable::lookup):
-        (KXMLCore::HashTable::add):
-        (KXMLCore::HashTable::reinsert):
-        (KXMLCore::HashTable::find):
-        (KXMLCore::HashTable::contains):
-        (KXMLCore::HashTable::remove):
-        (KXMLCore::HashTable::allocateTable):
-        (KXMLCore::HashTable::deallocateTable):
-        (KXMLCore::HashTable::expand):
-        (KXMLCore::HashTable::rehash):
-        (KXMLCore::HashTable::clear):
-        (KXMLCore::HashTable::swap):
-        (KXMLCore::HashTable::operator):
-        (KXMLCore::HashTable::checkTableConsistency):
-        (KXMLCore::HashTable::checkTableConsistencyExceptSize):
-        (KXMLCore::HashTable::invalidateIterators):
-
-2006-01-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Tim Hatcher.
-        
-        - renamed inert() operation on HashSet, HashCountedSet and HashTable to add()
-        for consistency with HashMap
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction):
-        * kjs/collector.cpp:
-        (KJS::Collector::protect):
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add):
-        * kxmlcore/HashCountedSet.h:
-        (KXMLCore::::add):
-        * kxmlcore/HashMap.h:
-        (KXMLCore::::inlineAdd):
-        * kxmlcore/HashSet.h:
-        (KXMLCore::::add):
-        * kxmlcore/HashTable.h:
-        (KXMLCore::HashTable::add):
-        (KXMLCore::::add):
-        (KXMLCore::::HashTable):
-
-2006-01-23  Justin Garcia  <justin.garcia@apple.com>
-
-        Reviewed by thatcher
-        
-        Turned on -O2 for B&I build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-01-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Tim Hatcher.
-        
-        - it's "Franklin Street", not "Franklin Steet"
-
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        * kjs/bool_object.h:
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/completion.h:
-        * kjs/context.h:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/debugger.cpp:
-        * kjs/debugger.h:
-        * kjs/dtoa.h:
-        * kjs/error_object.cpp:
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        * kjs/function_object.h:
-        * kjs/grammar.y:
-        * kjs/identifier.cpp:
-        * kjs/identifier.h:
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        * kjs/lexer.cpp:
-        * kjs/lexer.h:
-        * kjs/list.cpp:
-        * kjs/list.h:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        * kjs/math_object.h:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        * kjs/number_object.cpp:
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        * kjs/object_object.h:
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-        * kjs/property_slot.cpp:
-        * kjs/property_slot.h:
-        * kjs/reference.cpp:
-        * kjs/reference.h:
-        * kjs/reference_list.cpp:
-        * kjs/reference_list.h:
-        * kjs/regexp.cpp:
-        * kjs/regexp.h:
-        * kjs/regexp_object.cpp:
-        * kjs/regexp_object.h:
-        * kjs/scope_chain.cpp:
-        * kjs/scope_chain.h:
-        * kjs/simple_number.h:
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-        * kjs/testkjs.cpp:
-        * kjs/types.h:
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        * kjs/value.cpp:
-        * kjs/value.h:
-        * kxmlcore/AlwaysInline.h:
-        * kxmlcore/ListRefPtr.h:
-        * kxmlcore/PassRefPtr.h:
-        * kxmlcore/RefPtr.h:
-
-2006-01-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - change needed for fix to http://bugs.webkit.org/show_bug.cgi?id=6617
-          REGRESSION: Crash in cloneChildNodes when clicking element
-
-        * kxmlcore/PassRefPtr.h: Fix assignment operator from RefPtr of a different
-        type by calling get() instead of going directly at m_ptr.
-        * kxmlcore/RefPtr.h: Ditto.
-
-        - other changes
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Xcode decided to change this file.
-        It's just a resorted list of keys in a dictionary.
-
-        * kjs/fpconst.cpp: Wrap this file in #if __APPLE__ since the alternate version
-        in internal.cpp is in #if !__APPLE__. This file is to give us the "no init
-        routine" property we want to have on OS X.
-
-2006-01-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - Set up Page class and invert Frame / WebCoreFrameBridge ownership
-        http://bugs.webkit.org/show_bug.cgi?id=6577
-
-        * kjs/interpreter.h: make globalExec virtual so ScriptInterpreter can 
-        override it
-
-2006-01-23  George Staikos <staikos@opensource.apple.com>
-
-        Reviewed by Maciej and Darin.
-
-        * kxmlcore/Assertions.h: This file only works with __APPLE__ right now
-        * kjs/interpreter.cpp: ditto
-        * kjs/simple_number.h: Add assert.h and remove from config.h
-        * kjs/array_object.cpp: Use relative paths for kxmlcore includes
-        * kjs/testkjs.cpp: Use relative paths for kxmlcore includes
-
-2006-01-23  George Staikos <staikos@opensource.apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/config.h: unbreak preprocessor change
-
-2006-01-23  George Staikos <staikos@opensource.apple.com>
-
-        Approved by Maciej and Darin.
-
-        * kjs/:
-        * kxmlcore/:
-             Update FSF address in license to make merging easier
-
-2006-01-22  George Staikos <staikos@opensource.apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/collector.cpp: merge major speedup from KDE on Linux
-                             patch by Maks Orlovich, bug #6145
-                             Also unify cpu detection
-        * kjs/config.h: define simpler CPU macros
-
-2006-01-22  George Staikos <staikos@opensource.apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/collector.cpp: merge FreeBSD compile fix from KDE
-                             -> requires build magic for use
-
-2006-01-21  George Staikos <staikos@opensource.apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/nodes2string.cpp
-        * kjs/operations.h
-        * kjs/debugger.h
-          Fix pedantic compile with some gcc versions (Merge from KDE)
-
-        * kjs/create_hash_table:
-          Fix build with Perl 5.8.0 (Merge from KDE)
-
-2006-01-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Hyatt.
-
-        - hash table fixes needed for my WebCore changes
-
-        * kxmlcore/HashTable.h: (KXMLCore::HashTableConstIterator::operator=):
-        Added a missing return statement.
-
-        * kxmlcore/HashTraits.h: Fix traits so they work properly for classes where you
-        can't instantiate with a 0 by using traits rather than ? : to select the default
-        emtpy value of hash table keys.
-
-        - small cleanup of "runtime" code left over from recent JavaScript crash fix
-
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::RootObject): No explicit initialization of _imp needed
-        since it's now a ProtectedPtr.
-        (KJS::Bindings::RootObject::setRootObjectImp): Remove old code that relied on the
-        fact that _imp was 0 and replaced with use of ProtectedPtr.
-        (KJS::Bindings::RootObject::rootObjectImp): Updated since _imp is a ProtectedPtr.
-
-2006-01-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=6611
-          add assertions to check correct use of hash table iterators
-
-        * kxmlcore/HashTable.h:
-        (KXMLCore::addIterator): Added. Helper function that adds an iterator to the list
-        maintained by the specified hash table.
-        (KXMLCore::removeIterator): Added. Helper function that removes an iterator from
-        the list maintained by the hash table it's in.
-        (KXMLCore::HashTableConstIterator::HashTableConstIterator): Added a HashTable
-        parameter, ignored when not debugging. Call addIterator.
-        (KXMLCore::HashTableConstIterator::~HashTableConstIterator):
-        (KXMLCore::HashTableConstIterator::operator=): Call removeIterator.
-        (KXMLCore::HashTableConstIterator::operator*): Call checkValidity.
-        (KXMLCore::HashTableConstIterator::operator->): Ditto.
-        (KXMLCore::HashTableConstIterator::operator++): Ditto.
-        (KXMLCore::HashTableConstIterator::operator==): Ditto.
-        (KXMLCore::HashTableConstIterator::operator!=): Ditto.
-        (KXMLCore::HashTableConstIterator::checkValidity): Checks that the hash table
-        pointer is not 0 and if there are two iterators that both point at the same table.
-        (KXMLCore::HashTableIterator::HashTableIterator): Changed to use the const iterator
-        as an implementation detail, to avoid having two separate iterator implementations.
-        (KXMLCore::HashTableIterator::operator*): Ditto.
-        (KXMLCore::HashTableIterator::operator->): Ditto.
-        (KXMLCore::HashTableIterator::operator++): Ditto.
-        (KXMLCore::HashTableIterator::operator==): Ditto.
-        (KXMLCore::HashTableIterator::operator!=): Ditto.
-        (KXMLCore::HashTable::HashTable): Initialize pointer to head of iterators list.
-        (KXMLCore::HashTable::~HashTable): Added call to invalidateIterators.
-        (KXMLCore::HashTable::makeIterator): Pass this pointer.
-        (KXMLCore::HashTable::makeConstIterator): Ditto.
-        (KXMLCore::HashTable::insert): Call invalidateIterators, since this is a public
-        entry point that modifies the hash table.
-        (KXMLCore::HashTable::remove): Ditto.
-        (KXMLCore::HashTable::clear): Ditto.
-        (KXMLCore::HashTable::swap): Ditto.
-        (KXMLCore::HashTable::invalidateIterators): Added. Walks the iterators list and
-        clears out the table, next, and previous pointers in all of them, and then clears
-        the head so we have an empty list.
-        (KXMLCore::addIterator): Added. Adds the iterator the the linked list in the
-        passed-in table, and points the iterator at the table.
-        (KXMLCore::removeIterator): Added. Removes the iterator from the linked list in
-        the passed-in table.
-
-        * kxmlcore/HashTraits.h: A bit of tweaking and formatting.
-
-2006-01-17  Justin Garcia  <justin.garcia@apple.com>
-
-        Reviewed by eric
-        
-        Deployment builds now use -O2
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2006-01-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6610
-          change RefPtr so that it works when deref ends up deleting the RefPtr
-
-        * kxmlcore/PassRefPtr.h: Always set m_ptr before calling deref.
-        * kxmlcore/RefPtr.h: Ditto.
-
-2006-01-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by darin.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=6322
-        DateProtoFuncImp::callAsFunction can crash due to lack of type checking
-
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFunc::callAsFunction): Type check calls to all methods. 
-        This matches section 15.9.5 in the spec.
-
-2006-01-16  Tim Omernick  <timo@apple.com>
-
-        Reviewed by John Sullivan.
-
-        JavaScriptCore part of <rdar://problem/4211707> NPAPI ref count behavior differs with Mozilla
-
-        * bindings/npruntime.cpp:
-        (_NPN_ReleaseObject):
-        Refactored part of this function out into _NPN_DeallocateObject.
-        (_NPN_DeallocateObject):
-        Forcibly deallocates the passed object, even if its refcount is
-        greater than zero.
-        
-        * bindings/npruntime_impl.h:
-        Declared _NPN_DeallocateObject().
-
-2006-01-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix problem with ++, ==, and != on const iterators in
-          HashMaps that are using the pointer specialization
-
-        * kxmlcore/HashMapPtrSpec.h:
-        (KXMLCore::PointerHashConstIteratorAdapter::operator++): Change type to const_iterator.
-        (KXMLCore::PointerHashConstIteratorAdapter::operator==): Ditto.
-        (KXMLCore::PointerHashConstIteratorAdapter::operator!=): Ditto.
-
-2006-01-15  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Anders.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6561
-        run-javascriptcore-tests doesn't work
-
-        * JavaScriptCore/tests/mozilla/Getopt/Mixed.pm: 
-        Changed revision number to 1.8 (broken by svn migration).
-
-2006-01-14  David Kilzer  <ddkilzer@kilzer.net>
-
-        Reviewed and landed by Anders.
-
-        * kjs/create_hash_table: Fixed comment typo.
-
-2006-01-13  Maks Orlovich   <maksim@kde.org>
-
-        Mostly merging work by Peter Kelly. Reviewed by Maciej, landed by ap.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6261
-        Misc. array object fixes from KJS
-
-        * kjs/array_object.cpp: Don't treat 2^32-1 as a real array index property.
-        (ArrayInstance::getOwnPropertySlot): Ditto.
-        (ArrayInstance::deleteProperty): Ditto.
-        (ArrayInstance::put): Ditto.
-        (ArrayInstance::propList): Added a FIXME comment.
-        (ArrayInstance::put): Throw exception on trying to set invalid array length.
-        (ArrayProtoFunc::callAsFunction): Do not use a separator argument when doing toString/toLocalString.
-        * kjs/array_object.h: Added MAX_ARRAY_INDEX.
-
-2006-01-13  Darin Adler  <darin@apple.com>
-
-        - Replaced tabs with spaces in source files that had less than 10 lines with tabs.
-        - Set allow-tabs Subversion property in source files that have more than 10 lines with tabs.
-
-2006-01-13  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Eric.
-
-        * kjs/create_hash_table:
-        Use correct size variables.
-
-2006-01-13  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin.
-
-        * kjs/create_hash_table:
-        Don't create an empty entry array, instead add a entry with all fields
-        set to null and set the hash table size to 1.
-        
-        * kjs/lookup.cpp:
-        (findEntry):
-        Remove the hash table size check
-
-2006-01-12  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6494
-        Crash when assigning a new function to a DOMParser object
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Move lookup.cpp before lookup.h
-        
-        * kjs/lookup.cpp:
-        (findEntry):
-        If the hash table is empty, return 0 early.
-
-2006-01-12  George Staikos <staikos@kde.org>
-
-        Reviewed by Darin.
-
-        * kjs/interpreter.cpp:
-        * kjs/testkjs.cpp:
-        * kjs/interpreter.h:
-        Add helper to interpreter to call the collector in order to facilitate
-        visibility rules in KDE.
-
-2006-01-12  George Staikos <staikos@kde.org>
-
-        Reviewed by Maciej.
-
-        * kjs/kjs.pro: Updates to build the whole thing on Linux at least.
-
-        * kxmlcore/HashTable.h: Add missing assert.h
-
-2006-01-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6505
-          retire APPLE_CHANGES from JavaScriptCore
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed both
-        APPLE_CHANGES and HAVE_CONFIG_H from all targets.
-
-        * README: Removed. This had obsolete information in it
-        and it wasn't clear what to replace it with.
-
-        * kjs/collector.h: Removed an APPLE_CHANGES if around something
-        that's not really platform-specific (although it does use a
-        platform-specific API at the moment).
-        * kjs/collector.cpp: Removed a mistaken comment.
-
-        * kjs/grammar.y:
-        * kjs/internal.cpp:
-        * kjs/object.h:
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-        * kjs/ustring.h:
-        Use __APPLE__ instead of APPLE_CHANGES for code that should be
-        used only on Mac OS X.
-
-        * kjs/interpreter.cpp: Removed APPLE_CHANGES ifdef around the include
-        of the runtime.h header. Even though that header isn't needed at the
-        moment on platforms other than Mac OS X, the conditional stuff should
-        be in the header itself, not in this one client.
-
-        * kjs/math_object.cpp: (MathFuncImp::callAsFunction): Removed some
-        code inside APPLE_CHANGES. I'm pretty sure this code isn't needed on
-        any platform where pow is implemented corrrectly according to the IEEE
-        standard. If it is needed on some, we can add it back with an appropriate
-        #if for the platforms where it is needed.
-
-2006-01-12  Justin Haygood  <justin@xiondigital.net>
-
-        Reviewed, tweaked, and landed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6416
-          lexer.cpp, grammar.y protect include of config.h with "HAVE_CONFIG_H"
-
-        * kjs/dtoa.cpp: Removed HAVE_CONFIG_H, changed config.h to use
-        quotes instead of angle brackets. Moved dtoa.h include to the top.
-        Changed system header includes to use angle brackets instead of quotes.
-        * kjs/grammar.y: Removed HAVE_CONFIG_H, changed config.h to use
-        quotes instead of angle brackets.
-        * kjs/lexer.cpp: Removed HAVE_CONFIG_H, changed config.h to use
-        quotes instead of angle brackets. Moved lexer.h include to the top.
-        * kjs/ustring.cpp: Removed HAVE_CONFIG_H, changed config.h to use
-        quotes instead of angle brackets. Moved ustring.h include to the top.
-
-2006-01-12  George Staikos <staikos@kde.org>
-
-        Reviewed by Maciej
-
-        - Import initial QMake file.  Doesn't fully work yet.
-
-2006-01-11  Ricci Adams  <ricciadams@apple.com>
-
-        Reviewed by Maciej and Darin, landed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5939
-          final comma in javascript object prevents parsing
-
-        * kjs/grammar.y: Added rule to allow trailing comma in
-        object construction.
-
-2006-01-11  Ricci Adams  <ricciadams@apple.com>
-
-        Reviewed by Geoff, landed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5308
-          Number.toFixed doesn't include leading 0
-
-        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
-        Fixed a "<" that should have been a "<=".
-
-2006-01-11  Ricci Adams  <ricciadams@apple.com>
-
-        Reviewed by Geoff, landed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5307
-          Number.toFixed doesn't round 0.5 up
-
-        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction):
-        Fixed a ">" that should have been a ">=".
-
-2006-01-11  Justin Haygood  <justin@xiondigital.net>
-
-        Reviewed and landed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6486
-          JavaScriptCore should use system malloc on Windows
-
-        * kjs/config.h: Add USE_SYSTEM_MALLOC to the Win32 section.
-
-2006-01-10  Darin Adler  <darin@apple.com>
-
-        * Makefile: Took out unneeded "export" line.
-        * <many-files>: Changed a lot of flags (cleared bogus executable bits, set
-          MIME types, other small corrections).
-
-2006-01-09  Darin Adler  <darin@apple.com>
-
-        * Makefile.am: Removed.
-
-2006-01-07  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-        
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6373
-        REGRESSION: JavaScript hang when comparing large array to null
-        
-        * kjs/object.h:
-        (KJS::JSObject::isEqualToNull):
-        Add new function which returns true if an object should be treated as null when
-        doing comparisons.
-        
-        * kjs/operations.cpp:
-        (KJS::equal):
-        Use isEqualToNull.
-
-2006-01-07  Alexey Proskuryakov  <ap@nypop.com>
-
-        Reviewed by Maciej.
-
-        - Fix WebCore development build
-        http://bugs.webkit.org/show_bug.cgi?id=6408
-
-        * kxmlcore/Assertions.h: Use __VA_ARGS__ in variadic macros.
-
-2006-01-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - miscellaneous changes for 4% speedup on the JavaScript iBench
-        http://bugs.webkit.org/show_bug.cgi?id=6396
-        
-        Changes mostly thanks to Maks Orlovich, tweaked a little by me.
-
-        * kjs/create_hash_table: Use the same hash as the one used by Identifier.
-        * kjs/function.cpp:
-        (KJS::FunctionImp::processParameters): Use the new List::copyFrom
-        (KJS::ActivationImp::ActivationImp): track variable while iterating
-        * kjs/internal.cpp:
-        (KJS::StringImp::toObject): create StringInstance directly
-        * kjs/list.cpp:
-        (KJS::List::copy): implement in terms of copyFrom
-        (KJS::List::copyFrom): more efficient way to copy in another list
-        * kjs/list.h:
-        * kjs/lookup.cpp:
-        (keysMatch): updated to work with identifier hash
-        (findEntry): ditto
-        (Lookup::findEntry): ditto
-        (Lookup::find): ditto
-        * kjs/lookup.h:
-
-2006-01-06  Maciej Stachowiak  <mjs@apple.com>
-
-        - fix development build failure from the previous checkin
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::put): Use prototype() accessor in assert.
-
-2006-01-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - fix remaining performance regression from Getter/Setter change
-        http://bugs.webkit.org/show_bug.cgi?id=6249
-
-        - Activation objects should not have __proto__ property
-        http://bugs.webkit.org/show_bug.cgi?id=6395
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::getOwnPropertySlot): Implement directly, thus
-        skipping getter/setter handling and __proto__ handling, as well
-        as inlining needed superclass stuff.
-        (KJS::ActivationImp::put): Implement directly, skipping getter/setter,
-        __proto__, and do canPut directly in PropertyMap::put since there's no
-        static property table either.
-        * kjs/function.h:
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::put): Allow optionally inlining canPut check.
-        * kjs/property_map.h:
-
-2006-01-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by kimmo.t.kinnunen@nokia.com, reviewed by darin, tweaked by me.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=4921
-        \u escape sequences in JavaScript identifiers
-
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/lexer.cpp:
-        (Lexer::shift):
-        (Lexer::lex):
-        (Lexer::isWhiteSpace):
-        (Lexer::isLineTerminator):
-        (Lexer::isIdentStart):
-        (Lexer::isIdentPart):
-        (isDecimalDigit):
-        (Lexer::scanRegExp):
-        * kjs/lexer.h:
-        (KJS::Lexer::):
-
-        * tests/mozilla/expected.html: Updated test results.
-
-2005-12-30  Maciej Stachowiak  <mjs@apple.com>
-
-        No review, just test result update.
-
-        * tests/mozilla/expected.html: Updated for newly passing test from recent fixes.
-
-2005-12-30  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        - Fix http://bugs.webkit.org/show_bug.cgi?id=6298
-        Getter setter test is failing
-                
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-        Rework the getter setter part. We now walk the prototype chain, checking for
-        getter/setter properties and only take the slow path if any are found. 
-
-2005-12-30  Maks Orlovich <maksim@kde.org>
-
-        Reviewed and committed by Maciej.
-
-        - Handle negative, FP numbers with non-10 radix in toString
-        http://bugs.webkit.org/show_bug.cgi?id=6259
-
-        (Merged from KJS, original work by Harri Porten)
-        
-        * kjs/number_object.cpp:
-        (NumberProtoFunc::callAsFunction): rewrote Number.toString(radix) to work with  
-        negative numbers, floating point and very large numbers.
-
-2005-12-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by Maks Orlovich, reviewed and landed by me.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=6267
-        Fix Number.prototype.toFixed/toExponential(undefined)
-
-        * kjs/number_object.cpp:
-        (NumberProtoFunc::callAsFunction):
-
-2005-12-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by Maks Orlovich, Reviewed and landed by me.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=6266
-        Minor object naming updates (to match Mozilla, KJS)
-
-        * kjs/number_object.cpp:
-        * kjs/regexp_object.cpp:
-
-2005-12-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by Maks Orlovich, reviewed by mjs.
-
-        This has 2 very minor fixes, covered by KJS testsuite:    
-        1. Enumerates string indices in property list (with the same bug as array    
-           object has in corresponding code). This is a mozilla emulation thing. 
-        2. Permits properties with integer names in prototypes to be found    
-
-        * kjs/string_object.cpp:
-        (StringInstance::getOwnPropertySlot):
-        (StringInstanceImp::propList):
-        * kjs/string_object.h:
-
-2005-12-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by mjs.
-
-        - Fixed <rdar://problem/4364705> run-javascriptcore-tests crashes in 
-        KJS::BlockNode::deref 
-        AKA 
-        http://bugs.webkit.org/show_bug.cgi?id=6233
-        Reproducible stack-overflow crash in ~RefPtr<T> due to RefPtr<T> use in 
-        linked lists
-
-        This patch does four things: 
-        (1) Standardizes all our linked list nodes to use "next" as their next 
-        pointers. 
-        (2) Creates the ListRefPtr<T> class, a subclass of RefPtr<T> specialized
-        to iteratively deref "next" pointers.
-        (3) Standardizes our linked list nodes to use ListRefPtr<T> and 
-        implement the releaseNext() function used by ~ListRefPtr<T>().
-        (4) Adds to RefPtr<T> the release() method used by releaseNext().
-
-        - Modified existing mozilla test to ensure it would make deployment 
-        builds crash as well.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/nodes.cpp:
-        (ElementNode::evaluate):
-        (PropertyListNode::evaluate):
-        (ArgumentListNode::evaluateList):
-        (StatListNode::StatListNode):
-        (StatListNode::execute):
-        (StatListNode::processVarDecls):
-        (VarDeclListNode::evaluate):
-        (VarDeclListNode::processVarDecls):
-        (VarStatementNode::execute):
-        (VarStatementNode::processVarDecls):
-        (BlockNode::BlockNode):
-        (CaseClauseNode::evalStatements):
-        (CaseClauseNode::processVarDecls):
-        (ClauseListNode::processVarDecls):
-        (CaseBlockNode::CaseBlockNode):
-        (CaseBlockNode::evalBlock):
-        (SourceElementsNode::SourceElementsNode):
-        (SourceElementsNode::execute):
-        (SourceElementsNode::processFuncDecl):
-        (SourceElementsNode::processVarDecls):
-        * kjs/nodes.h:
-        (KJS::ElementNode::ElementNode):
-        (KJS::ElementNode::releaseNext):
-        (KJS::ArrayNode::ArrayNode):
-        (KJS::PropertyListNode::PropertyListNode):
-        (KJS::PropertyListNode::releaseNext):
-        (KJS::ObjectLiteralNode::ObjectLiteralNode):
-        (KJS::ArgumentListNode::ArgumentListNode):
-        (KJS::ArgumentListNode::releaseNext):
-        (KJS::ArgumentsNode::ArgumentsNode):
-        (KJS::StatListNode::releaseNext):
-        (KJS::VarDeclListNode::VarDeclListNode):
-        (KJS::VarDeclListNode::releaseNext):
-        (KJS::VarStatementNode::VarStatementNode):
-        (KJS::ForNode::ForNode):
-        (KJS::CaseClauseNode::CaseClauseNode):
-        (KJS::ClauseListNode::ClauseListNode):
-        (KJS::ClauseListNode::getClause):
-        (KJS::ClauseListNode::getNext):
-        (KJS::ClauseListNode::releaseNext):
-        (KJS::ParameterNode::ParameterNode):
-        (KJS::ParameterNode::releaseNext):
-        (KJS::SourceElementsNode::releaseNext):
-        * kjs/nodes2string.cpp:
-        (ElementNode::streamTo):
-        (PropertyListNode::streamTo):
-        (ArgumentListNode::streamTo):
-        (StatListNode::streamTo):
-        (VarDeclListNode::streamTo):
-        (VarStatementNode::streamTo):
-        (CaseClauseNode::streamTo):
-        (ClauseListNode::streamTo):
-        (CaseBlockNode::streamTo):
-        (SourceElementsNode::streamTo):
-        * kxmlcore/ListRefPtr.h: Added.
-        (KXMLCore::ListRefPtr::ListRefPtr):
-        (KXMLCore::ListRefPtr::~ListRefPtr):
-        (KXMLCore::ListRefPtr::operator=):
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::release):
-
-2005-12-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by mjs.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=4026
-        Math.random() not seeded.
-
-        Added call to sranddev() -- it executes the first time a process
-        calls Math.random().
-
-        * kjs/math_object.cpp:
-        (MathFuncImp::callAsFunction):
-
-2005-12-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by darin.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=6265
-        Name change regression: Java doesn't know what JavaJSObject is
-
-        Changed strings passed to Java back to original "JSObject".
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JavaJSObject::convertValueToJObject):
-        (JavaJSObject::convertJObjectToValue):
-
-2005-12-28  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        - The JSC part of http://bugs.webkit.org/show_bug.cgi?id=6268
-        Add undetectable document.all
-        
-        * kjs/operations.cpp:
-        (KJS::equal):
-        When comparing an object with null or undefined, call toPrimitive with 
-        NullType as the preferred type.
-
-2005-12-27  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin.
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction):
-        Implement filter and map. Also, make the existing
-        array iteration functions not invoke the callback for
-        non-existing properties, just as Mozilla does now.
-        
-        * kjs/array_object.h:
-        (KJS::ArrayProtoFunc::):
-        Add filter and map.
-        
-        * tests/mozilla/expected.html:
-        Update, two 1.6 tests now pass.
-
-2005-12-27  Maciej Stachowiak  <mjs@apple.com>
-
-        - updated test results for new JS 1.6 tests
-
-        * tests/mozilla/expected.html:
-
-2005-12-27  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        Add Mozilla JS 1.6 tests.
-        
-        * tests/mozilla/js1_6/Array/browser.js: Added.
-        * tests/mozilla/js1_6/Array/regress-290592.js: Added.
-        * tests/mozilla/js1_6/Array/regress-304828.js: Added.
-        * tests/mozilla/js1_6/Array/regress-305002.js: Added.
-        * tests/mozilla/js1_6/Array/regress-310425-01.js: Added.
-        * tests/mozilla/js1_6/Array/regress-310425-02.js: Added.
-        * tests/mozilla/js1_6/Array/regress-320887.js: Added.
-        * tests/mozilla/js1_6/Array/shell.js: Added.
-        * tests/mozilla/js1_6/README: Added.
-        * tests/mozilla/js1_6/Regress/browser.js: Added.
-        * tests/mozilla/js1_6/Regress/regress-301574.js: Added.
-        * tests/mozilla/js1_6/Regress/regress-309242.js: Added.
-        * tests/mozilla/js1_6/Regress/regress-311157-01.js: Added.
-        * tests/mozilla/js1_6/Regress/regress-311157-02.js: Added.
-        * tests/mozilla/js1_6/Regress/regress-314887.js: Added.
-        * tests/mozilla/js1_6/Regress/regress-320172.js: Added.
-        * tests/mozilla/js1_6/Regress/shell.js: Added.
-        * tests/mozilla/js1_6/String/browser.js: Added.
-        * tests/mozilla/js1_6/String/regress-306591.js: Added.
-        * tests/mozilla/js1_6/String/shell.js: Added.
-        * tests/mozilla/js1_6/browser.js: Added.
-        * tests/mozilla/js1_6/shell.js: Added.
-        * tests/mozilla/js1_6/template.js: Added.
-
-2005-12-27  Maks Orlovich <maksim@kde.org>
-
-        Reviewed and landed by Maciej.
-
-        - fixed 6234: Can delete array index property incorrectly.
-        http://bugs.webkit.org/show_bug.cgi?id=6234
-
-        * kjs/array_object.cpp:
-        (ArrayInstance::deleteProperty): use toArrayIndex instead of toUInt32 when
-        looking for array properties.
-
-2005-12-27  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Maciej.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::defineSetter):
-        Remove duplicate call to putDirect.
-
-2005-12-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin and Geoff.
-
-        Changes by me and Anders.
-
-        - mostly fixed REGRESSION: 5-10% performance regression on JS iBench from getter/setter change
-        http://bugs.webkit.org/show_bug.cgi?id=6083
-
-        - also fixed some warnings reported by -Winline
-        
-        * JavaScriptCorePrefix.h: Move new and delete definitions higher so there
-        aren't conflicts with use in standard C++ headers
-        * kjs/object.cpp:
-        (KJS::throwSetterError): Moved this piece of put into a seprate function
-        to avoid the PIC branch.
-        (KJS::JSObject::put): Use hasGetterSetterProperties to avoid expensive stuff
-        when not needed. Also use GetterSetter properties attribute.
-        (KJS::JSObject::deleteProperty): Recompute whether any properties are getter/setter
-        properties any more, if this one was one.
-        (KJS::JSObject::defineGetter): Let the PropertyMap know that it has getter/setter
-        properties now (and use the new attribute).
-        (KJS::JSObject::defineSetter): Ditto.
-        (KJS::JSObject::fillGetterPropertySlot): Out-of-line helper for getOwnPropertySlot,
-        to avoid global variable access in the hot code path.
-        * kjs/object.h:
-        (KJS::): Added GetterSetter attribute.
-        (KJS::JSCell::isObject): Moved lower to be after inline methods it uses.
-        (KJS::JSValue::isObject): ditto
-        (KJS::JSObject::getOwnPropertySlot): try to avoid impact of getters and setters
-        as much as possible in the case where they are not being used
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::containsGettersOrSetters): New method to help with this
-        * kjs/property_map.h:
-        (KJS::PropertyMap::hasGetterSetterProperties): Ditto
-        (KJS::PropertyMap::setHasGetterSetterProperties): Ditto
-        (KJS::PropertyMap::PropertyMap): Added a crazy hack to store the
-        global "has getter/setter properties" flag in the property map
-        single entry, to avoid making objects any bigger.
-        * kjs/value.h: Moved some things to object.h to make -Winline happier
-
-2005-12-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric and Dave Hyatt.
-
-        - make even const PassRefPtrs give transfer of ownership semantics
-        http://bugs.webkit.org/show_bug.cgi?id=6238
-        
-        This is a somewhat cheesy change. Having to use PassRefPtr_Ref creates ambiguities
-        in assignment and copy construction. And this makes life way easier and removes
-        the need for pass(). It is not really correct, but we pretty much never need a real
-        const PassRefPtr, and this takes care of things for PassRefPtr temporaries.
-        
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add): No more need for pass()
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList): No more need for pass()
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::create): Use adoptRef
-        (KJS::UString::UString): No more need for pass
-        (KJS::UString::append): No more need for pass
-        (KJS::UString::substr): No more need for pass
-        * kxmlcore/PassRefPtr.h: made m_ptr mutable (ugh)
-        (KXMLCore::PassRefPtr::PassRefPtr): Take a const PassRefPtr reference
-        (KXMLCore::PassRefPtr::release): Made this a const method (ugh)
-        (KXMLCore::PassRefPtr::operator=): clean up appropriately
-        (KXMLCore::adoptRef): Added this to use instead of PassRefPtr<T>::adopt, I think
-        it makes the behavior more clear and it is less verbose.
-        (KXMLCore::static_pointer_cast): use adoptRef
-        (KXMLCore::const_pointer_cast): use adoptRef
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::RefPtr): take const PassRefPtr&
-        (KXMLCore::PassRefPtr::operator=): take const PassRefPtr&
-
-2005-12-25  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        Unbreak HashTableConstIterator++ by returning const_iterator
-
-        * kxmlcore/HashTable.h:
-        (KXMLCore::HashTableConstIterator::operator++): use const_iterator
-
-2005-12-25  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        Un-break HashTable copy constructor.
-
-        * kxmlcore/HashTable.h:
-        (KXMLCore::::HashTable): use const_iterator instead
-
-2005-12-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - fixed "HashMap does not work with const pointer keys or values"
-        http://bugs.webkit.org/show_bug.cgi?id=6222
-        
-        * kxmlcore/HashMapPtrSpec.h:
-        (KXMLCore::HashMap): In all methods, explicitly cast all pointers
-        to void * before passing to internal implementation. Use C-style
-        casts instead of new-style casts, because the real solution would
-        require a combo of reinterpret_cast anc const_cast.
-
-
-2005-12-23  Maciej Stachowiak  <mjs@apple.com>
-
-        - this time for sure
-
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::::swap):
-
-2005-12-22  Maciej Stachowiak  <mjs@apple.com>
-
-        - fix build problem from last commit.
-
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::::swap):
-
-2005-12-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - Make HashMap/HashSet support non-POD types
-        http://bugs.webkit.org/show_bug.cgi?id=5332
-
-        The changes for support are relatively simple, but I also made extensive changes to
-        avoid copying, so that there isn't refcount thrash when you put RefPtrs into a HashMap.
-
-        * kxmlcore/HashTable.h:
-        (KXMLCore::swap): specialize swap for pairs, to swap elements individually,
-        so that excess copies can be avoided.
-        (KXMLCore::Mover::move): Template function to either copy or swap, used
-        when transferring elements from old table to new.
-        (KXMLCore::IdentityHashTranslator::hash): The old "converting lookup" templates
-        that took two or three function parameters now take a class parameter, this is
-        the class used to do a normal lookup.
-        (KXMLCore::IdentityHashTranslator::equal): Ditto.
-        (KXMLCore::IdentityHashTranslator::translate): Ditto. Translate now takes a reference
-        to write into instead of returning a value to avoid redundant copies.
-        (KXMLCore::HashTable::~HashTable): Use deallocateTable instead of freeing directly.
-        (KXMLCore::HashTable::insert): Based on HashTranslator now instead of separate
-        functions. Added a FIXME about a remaining rare excess copy.
-        (KXMLCore::HashTable::isEmptyBucket): Use KeyTraits directly instead of unwrapping
-        the key from Traits, to avoid creating and destroying pair, which copies.
-        (KXMLCore::HashTable::isDeletedBucket): ditto
-        (KXMLCore::HashTable::lookup): Use HashTranslator now instead of separate functions.
-        (KXMLCore::HashTable::initializeBucket): Renamed from emptyBucket. Use placement new to
-        work right for non-POD types.
-        (KXMLCore::HashTable::deleteBucket): Use assignDeleted to avoid excess copies.
-        (KXMLCore::HashTable::reinsert): use Mover template to copy or swap as appropriate
-        (KXMLCore::HashTable::allocateTable): Initialize every bucket if calloc won't do.
-        (KXMLCore::HashTable::deallocateTable): Destruct every bucket if needed.
-        (KXMLCore::HashTable::rehash): Avoid copy before reinserting, so that swap can do its magic.
-        (KXMLCore::HashTable::clear): use deallocateTable instead of freeing directly.
-        (KXMLCore::HashTable::HashTable): be more dumb when copying to ensure that non-POD types
-        work right
-        * kxmlcore/HashFunctions.h:
-        (KXMLCore::PointerHash): Specialize PointerHash for RefPtr
-        * kxmlcore/HashMap.h:
-        (KXMLCore::extractFirst): Return a reference not a full object to avoid
-        copies.
-        (KXMLCore::HashMapTranslator::hash): Use a special translator for insertion
-        to defer making the pair as long as possible, thus avoiding needless copies.
-        (KXMLCore::HashMapTranslator::equal): ditto
-        (KXMLCore::HashMapTranslator::translate): ditto
-        (KXMLCore::::inlineAdd): Shared by set and add to insert using HashMapTranslator
-        (KXMLCore::::set): Use inlineAdd
-        (KXMLCore::::add): Use inlineAdd
-        * kxmlcore/HashMapPtrSpec.h:
-        (KXMLCore::): Pass KeyTraits along
-        * kxmlcore/HashSet.h:
-        (KXMLCore::identityExtract): Return a reference not a full object to avoid copies.
-        (KXMLCore::HashSetTranslatorAdapter::hash): Redo adapter stuff to work with
-        the new HashTranslator approach.
-        (KXMLCore::HashSetTranslatorAdapter::equal): ditto
-        (KXMLCore::HashSetTranslatorAdapter::translate): ditto
-        (KXMLCore::::insert): ditto
-        * kxmlcore/HashTraits.h:
-        (KXMLCore::GenericHashTraits): This is intended be used as a base class for
-        customized traits: sensible defaults.
-        (KXMLCore::): Use it a bunch
-        (KXMLCore::assignDeleted): template function to allow pairs to be assigned the
-        deleted value w/o excess copies.
-        (KXMLCore::PairHashTraits::emptyValue): Updated
-        (KXMLCore::PairHashTraits::deletedValue): Updated
-        (KXMLCore::PairHashTraits::assignDeletedValue): part of assignDeleted hack
-        (KXMLCore::DeletedValueAssigner::assignDeletedValue): Use template magic
-        to either use use deletedValue or assignDeletedValue for the cases where we care.
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::swap): Added swap method.
-        (KXMLCore::swap): Added swap free function.
-        * kjs/identifier.cpp:
-        (KJS::CStringTranslator::hash): Use new HashTranslator class approach to
-        alternate type based insertion.
-        (KJS::CStringTranslator::equal): ditto
-        (KJS::CStringTranslator::translate): ditto
-        (KJS::Identifier::add): ditto
-        (KJS::UCharBufferTranslator::hash): ditto
-        (KJS::UCharBufferTranslator::equal): ditto
-        (KJS::UCharBufferTranslator::translate): ditto
-
-        - irrelevant change:
-        
-        * kjs/array_object.cpp:
-        (ArrayProtoFunc::callAsFunction): Removed a stray space.
-
-2005-12-22  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Eric and Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6196
-        Would like to be able to define prototypes in headers
-        
-        * kjs/lookup.h:
-        Move ClassName from KJS_DECLARE_PROTOTYPE to KJS_IMPLEMENT_PROTOTYPE.
-        Also, namespace all macros by prefixing them with KJS_. 
-
-2005-12-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=6191
-          RefPtr/PassRefPtr have a leak issue, operator== issues
-
-        * kxmlcore/PassRefPtr.h:
-        (KXMLCore::PassRefPtr::PassRefPtr): Remove non-template constructor that takes RefPtr
-        since the constructor template that takes RefPtr should be sufficient. Add a constructor
-        template that takes PassRefPtr&.
-        (KXMLCore::PassRefPtr::adopt): Use PassRefPtr_Ref to avoid setting pointer first to
-        0 and then to the pointer.
-        (KXMLCore::PassRefPtr::operator=): Added template versions that take PassRefPtr& and
-        RefPtr parameters.
-        (KXMLCore::PassRefPtr::operator PassRefPtr<U>): Changed to fix leak -- old version
-        would release and then ref.
-        (KXMLCore::operator==): Make templates have two parameters so you can mix types.
-        Also remove unneeded const in raw pointer versions.
-        (KXMLCore::operator!=): Ditto.
-
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::RefPtr): Add constructor template that takes PassRefPtr.
-        (KXMLCore::RefPtr::operator=): Add assignment operator templates that take
-        RefPtr and PassRefPtr.
-        (KXMLCore::operator==): Make templates have two parameters so you can mix types.
-        Also remove unneeded const in raw pointer versions.
-        (KXMLCore::operator!=): Ditto.
-
-2005-12-21  Timothy Hatcher  <timothy@apple.com>
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-          Set tab width to 8, indent width to 4 and uses tabs to false per file.
-
-2005-12-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        Removed evil hack for determining if a type is an integer, replaced
-        with template metaprogramming.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Set tab size to 2 for
-        testkjs.cpp
-        * kjs/testkjs.cpp:
-        (main): Inserted asserts to test IsInteger. FIXME: Move these to
-        KXMLCore unit tests directory when we create one.
-        * kxmlcore/HashTraits.h:
-        (KXMLCore::): Added IsInteger class for querying types.
-
-2005-12-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - made ALWAYS_INLINE declare things inline as well as __attribute__((always_inline))
-        http://bugs.webkit.org/show_bug.cgi?id=6159
-
-        * kxmlcore/AlwaysInline.h:
-
-2005-12-19  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - fixed a leak in the assignment operator from PassRefPtr to RefPtr
-        http://bugs.webkit.org/show_bug.cgi?id=6158
-
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::operator=):
-
-        - fix problem with PassRefPtr that darin spotted - it lacked a copy constructor
-        and therefore was using the default one, which can lead to excess derefs
-
-        I fixed this by adding a copy constructor from non-const
-        reference, and by adding a template pass() function that you have
-        to use when raw pointer or RefPtr are passed where PassRefPtr is
-        expected.
-
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add): Changed to have PassRefPtr return type and
-        pass() the results.
-        * kjs/identifier.h:
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList): Use pass()
-        where required.
-        * kjs/ustring.cpp:
-        (KJS::UString::UString): Use pass() as needed.
-        (KJS::UString::append): ditto
-        (KJS::UString::substr): ditto
-        * kjs/ustring.h:
-        (KJS::UString::UString): Use initializer instead of assignment
-        * kxmlcore/PassRefPtr.h:
-        (KXMLCore::PassRefPtr::PassRefPtr): Added copy constructor
-        (KXMLCore::pass): new template function to make it convenient to pass
-        a PassRefPtr
-
-2005-12-19  Geoffrey Garen  <ggaren@apple.com>
-  
-        Reviewed by Maciej.
-
-        Fixed <rdar://problem/4370397> Missing return statement in
-        JSMethodNameToObjcMethodName.
-
-        JSMethodNameToObjcMethodName had a check for a name being too long, but
-        the check was missing a return statement.
-
-        A lot of this code was confusing and some of it was wrong, so I fixed
-        it up, added some asserts to catch this type of bug in the future, 
-        changed some comments, and renamed some variables.
-
-        The two advantages of the new algorithm are (1) It makes writing past
-        the end of the buffer virtually impossible because the test on the main
-        loop is "while (not past end of buffer)" and (2) It's twice as fast
-        because it doesn't call strlen. (There's no need to call strlen when
-        we're walking the string ourselves.) 
-        
-        methodsNamed also supports arbitrary-length method names now. Just in 
-        case the AppKit folks start getting REALLY verbose...
-
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::methodsNamed):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::JSMethodNameToObjcMethodName):
-
-2005-12-19  Darin Adler  <darin@apple.com>
-
-        Originally done by both George Staikos and Alexey Proskuryakov.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5706
-          Sharedptr dependency can be removed
-
-        Our coding guidelines say "use 0 instead of NULL" and both RefPtr and
-        PassRefPtr were using NULL, which required including a header that
-        defines NULL.
-
-        * kxmlcore/PassRefPtr.h:
-        (KXMLCore::PassRefPtr::PassRefPtr): Use 0 instead of NULL.
-        (KXMLCore::PassRefPtr::operator!): Use ! instead of == NULL.
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::RefPtr): Use 0 instead of NULL.
-        (KXMLCore::RefPtr::operator!): Use ! instead of == NULL.
-        Also did some reformatting.
-
-2005-12-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen and Eric Seidel.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=4923
-          stop using <ostream> in WebCore, eliminating the <cmath> troubles it causes
-
-        * kjs/simple_number.h: Removed many unnecessary includes, including
-        the <cmath> one to work around GCC library header bugs. We may have to
-        add some includes elsewhere for platforms other than OS X, since our
-        prefix header takes care of some things.
-
-        * kxmlcore/AlwaysInline.h: Added. Now clients that don't include
-        simple_number.h can still get the ALWAYS_INLINE macro.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added AlwaysInline.h.
-
-        * bindings/NP_jsobject.h: Removed a lot of unnecessary includes
-        and removed C-specific stuff from this C++-only header.
-        * bindings/jni/jni_jsobject.h: Removed a lot of unnecessary includes
-        and did some reformatting.
-        * bindings/objc/objc_runtime.h:  Removed an unnecessary include.
-        * bindings/runtime.h: Removed some unneeded includes. Reformatted.
-        * bindings/runtime.cpp: Updated to compile with header changes,
-        including a lot of reformatting.
-        * bindings/runtime_object.h: Removed an unnecessary include.
-
-2005-12-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff and Adele
-
-        - replaced custom Identifier hashtable with HashSet
-
-        * kjs/identifier.cpp:
-        (KXMLCore::):
-        (KJS::identifierTable):
-        (KJS::Identifier::equal):
-        (KJS::hash):
-        (KJS::equal):
-        (KJS::convert):
-        (KJS::Identifier::add):
-        (KJS::Identifier::remove):
-        * kjs/identifier.h:
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::initGlobalObject):
-
-2005-12-18  Justin Haygood  <justin@xiondigital.net>
-
-        Reviewed, tweaked, and landed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5227
-          Array indexOf() extension for JavaScript 1.5 Core
-
-        * kjs/array_object.h:
-        * kjs/array_object.cpp: (ArrayProtoFunc::callAsFunction): Added implementation of indexOf.
-
-2005-12-18  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin and Geoffrey.
-
-        - fix for <http://bugs.webkit.org/show_bug.cgi?id=4000>
-        Object.prototype is missing isPrototypeOf
-        
-        * kjs/object_object.cpp:
-        (ObjectPrototype::ObjectPrototype):
-        Add isPrototypeOf to object prototype.
-        
-        (ObjectProtoFunc::callAsFunction):
-        Implement isPrototypeOf
-        
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFunc::):
-        Add id for isPrototypeOf.
-
-2005-12-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=6119
-        split() function ignores case insensitive modifier.
-
-        Glossary:
-        RegExpImp: The C++ object you get when JavaScript executes
-                   "new RegExp()".
-        RegExp:    A C++ wrapper object that performs regular expression
-                   matching on behalf of a RegExpImp.
-
-        Instead of unnecessarily constructing a RegExp which (wrongly) lacks
-        any modifiers, String.split() now uses the RegExp built in to the 
-        RegExpImp passed to it, which has the right modifiers already.
-
-        I also cleaned up other bits of the string code to standardized how
-        we handle RegExpImp arguments.
-
-        * ChangeLog:
-        * kjs/string_object.cpp:
-        (replace):
-        (StringProtoFunc::callAsFunction):
-
-2005-12-16  David Hyatt  <hyatt@apple.com>
-
-        Remove unused RefPtr constructors that can create an ambiguity in ustring on some platforms.
-        
-        Reviewed by mjs
-
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::RefPtr):
-
-2005-12-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=5688
-          speed up JavaScript parsing by not creating a UString just to parse
-
-        * kjs/internal.h:
-        * kjs/internal.cpp: (KJS::InterpreterImp::evaluate): Change to take a character pointer
-        and length rather than a UString.
-
-        * kjs/interpreter.h:
-        * kjs/interpreter.cpp: (Interpreter::evaluate): Ditto.
-
-        * kjs/protect.h: Remove uneeded "convert to bool" operator since we already have a
-        "convert to raw pointer" operator in this class.
-
-=== Safari-521~5 ===
-
-2005-12-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Updated test results to match Anders's last fix.
-
-        * tests/mozilla/expected.html:
-
-2005-12-13  Anders Carlsson  <andersca@mac.com>
-
-        * ChangeLog: Add titles for my bugzilla bugs.
-
-2005-12-13  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin.
-
-        - Fixes <http://bugs.webkit.org/show_bug.cgi?id=6041>
-        Support property getters and setters.
-        
-        * bindings/runtime_array.cpp:
-        (RuntimeArray::lengthGetter):
-        (RuntimeArray::indexGetter):
-        * bindings/runtime_array.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::lengthGetter):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::fallbackObjectGetter):
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::methodGetter):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstance::lengthGetter):
-        (getProperty):
-        Update for changes to PropertySlot::getValue and
-        PropertySlot::GetValueFunc.
-        
-        * kjs/collector.cpp:
-        (KJS::className):
-        Handle GetterSetterType.
-        
-        * kjs/function.cpp:
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::Arguments::mappedIndexGetter):
-        (KJS::ActivationImp::argumentsGetter):
-        * kjs/function.h:
-        Update for changes to PropertySlot::getValue and
-        PropertySlot::GetValueFunc.
-        
-        * kjs/grammar.y:
-        Rework grammar parts for get set declarations directly
-        in the object literal.
-        
-        * kjs/internal.cpp:
-        (KJS::GetterSetterImp::mark):
-        (KJS::GetterSetterImp::toPrimitive):
-        (KJS::GetterSetterImp::toBoolean):
-        (KJS::GetterSetterImp::toNumber):
-        (KJS::GetterSetterImp::toString):
-        (KJS::GetterSetterImp::toObject):
-        Add type conversion functions. These aren't meant to be called.
-        
-        (KJS::printInfo):
-        Handle GetterSetterType.
-        
-        * kjs/lookup.h:        
-        (KJS::staticFunctionGetter):
-        (KJS::staticValueGetter):
-        Update for changes to PropertySlot::GetValueFunc.
-        
-        * kjs/nodes.cpp:
-        Refactor they way properties nodes are implemented.
-        We now have a PropertyListNode which is a list of PropertyNodes.
-        Each PropertyNode has a name (which is a PropertyNameNode) and an associated
-        value node. PropertyNodes can be of different types. The Constant type is the
-        old constant declaration and the Getter and Setter types are for property getters
-        and setters.
-        (ResolveNode::evaluate):
-        Update for changes to PropertySlot::getValue.
-        
-        (PropertyListNode::evaluate):
-        Go through all property nodes and set them on the newly created object. If the
-        property nodes are of type Getter or Setter, define getters and setters. Otherwise,
-        just add the properties like before.
-        
-        (PropertyNode::evaluate):
-        This should never be called directly.
-        
-        (PropertyNameNode::evaluate):
-        Rename from PropertyNode::evaluate.
-        
-        (FunctionCallResolveNode::evaluate):
-        (FunctionCallBracketNode::evaluate):
-        (FunctionCallDotNode::evaluate):
-        (PostfixResolveNode::evaluate):
-        (PostfixBracketNode::evaluate):
-        (PostfixDotNode::evaluate):
-        (TypeOfResolveNode::evaluate):
-        (PrefixResolveNode::evaluate):
-        (PrefixBracketNode::evaluate):
-        (PrefixDotNode::evaluate):
-        (AssignResolveNode::evaluate):
-        (AssignDotNode::evaluate):
-        (AssignBracketNode::evaluate):
-        Update for changes to PropertySlot::getValue.
-        
-        * kjs/nodes.h:
-        (KJS::PropertyNameNode::PropertyNameNode):
-        Rename from PropertyNode.
-        
-        (KJS::PropertyNode::):
-        (KJS::PropertyNode::PropertyNode):
-        New class, representing a single property.
-        
-        (KJS::PropertyListNode::PropertyListNode):
-        Rename from PropertyValueNode.
-        
-        (KJS::FuncExprNode::FuncExprNode):
-        Put ParameterNode parameter last, and make it optional.
-        
-        (KJS::ObjectLiteralNode::ObjectLiteralNode):
-        Use a PropertyListNode here now.
-        
-        * kjs/nodes2string.cpp:
-        (PropertyListNode::streamTo):
-        Iterate through all property nodes.
-        
-        (PropertyNode::streamTo):
-        Print out the name and value. Doesn't handle getters and setters currently.
-        
-        (PropertyNameNode::streamTo):
-        Rename from PropertyNode::streamTo.
-        
-        * kjs/object.cpp:
-        (KJS::JSObject::get):
-        Update for changes to PropertySlot::getValue.
-        
-        (KJS::JSObject::put):
-        If the property already exists and has a Setter, invoke
-        the setter function instead of setting the property directly.
-        
-        (KJS::JSObject::defineGetter):
-        (KJS::JSObject::defineSetter):
-        New functions for defining property getters and setters on the object.
-        
-        * kjs/object.h:
-        (KJS::GetterSetterImp::type):
-        (KJS::GetterSetterImp::GetterSetterImp):
-        (KJS::GetterSetterImp::getGetter):
-        (KJS::GetterSetterImp::setGetter):
-        (KJS::GetterSetterImp::getSetter):
-        (KJS::GetterSetterImp::setSetter):
-        New class for properties which have getters and setters defined.
-        This class is only used internally and should never be seen from the outside.
-        
-        (KJS::JSObject::getOwnPropertySlot):
-         If the property is a getter, call setGetterSlot on the property slot.
-         
-        * kjs/object_object.cpp:
-        (ObjectPrototype::ObjectPrototype):
-        Add __defineGetter__, __defineSetter, __lookupGetter__, __lookupSetter__
-        to prototype.
-        
-        (ObjectProtoFunc::callAsFunction):
-        Implement handlers for new functions.
-        
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFunc::):
-        Add ids for new functions.
-        
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::undefinedGetter):
-        Update for changes to PropertySlot::GetValueFunc.
-        
-        (KJS::PropertySlot::functionGetter):
-        Call the function getter object and return its value.
-        
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::getValue):
-        Add a new argument which is the original object that
-        getPropertySlot was called on.
-        
-        (KJS::PropertySlot::setGetterSlot):
-        (KJS::PropertySlot::):
-        New function which sets a getter slot. When getValue is called on a 
-        getter slot, the getter function object is invoked.
-        
-        * kjs/string_object.cpp:
-        (StringInstance::lengthGetter):
-        (StringInstance::indexGetter):
-        * kjs/string_object.h:
-        Update for changes to PropertySlot::GetValueFunc.
-        
-        * kjs/value.h:
-        (KJS::):
-        Add GetterSetterType and make GetterSetterImp a friend class of JSCell.
-
-2005-12-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - added a new HashCountedSet class for the common pattern of mapping items to counts that can change
-        
-        * kxmlcore/HashCountedSet.h: Added.
-        (KXMLCore::HashCountedSet::*): Implemented, on top of HashMap.
-        * kxmlcore/HashMap.h:
-        (KXMLCore::HashMap::add): New method - does not replace existing value if key already present
-        but otherwise like set().
-        (KXMLCore::HashMap::set): Improved comments.
-        * kxmlcore/HashMapPtrSpec.h:
-        (KXMLCore::HashMap::add): Added to specializations too.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add new  file.
-        * kxmlcore/HashFunctions.h: Added include of stdint.h
-        
-        - replaced the custom hashtable for values protected from GC with HashCountedSet
-
-        * kjs/collector.cpp:
-        (KJS::Collector::protect): Moved code here from ProtectedValues::increaseProtectCount
-        since the code is so simple now.
-        (KJS::Collector::unprotect): Ditto for ProtectedValues::decreaseProtectCount.
-        (KJS::Collector::markProtectedObjects): Updated for new way of doing things, now
-        simpler and safer.
-        (KJS::Collector::numReferencedObjects): ditto
-        (KJS::Collector::rootObjectClasses): ditto
-        * kjs/collector.h: Added protect and unprotect static methods
-        * kjs/protect.h:
-        (KJS::gcProtect): Updated for removal of ProtectedValues class
-        (KJS::gcUnprotect): likewise
-        * kjs/protected_values.cpp: Removed.
-        * kjs/protected_values.h: Removed.
-
-2005-12-10  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Maciej.
-
-        - did long-promised KJS renaming:
-        
-            ValueImp -> JSValue
-            ObjectImp -> JSObject
-            AllocatedValueImp -> JSCell
-        
-        A renaming to get a class out of the way
-        
-            KJS::Bindings::JSObject -> JavaJSObject
- 
-        and some other "imp-reduction" renaming
-        
-            *InstanceImp -> *Instance
-            *ProtoFuncImp -> *ProtoFunc
-            *PrototypeImp -> *Prototype
-            ArgumentsImp -> Arguments
-            RuntimeArrayImp -> RuntimeArray
-            RuntimeMethodImp -> RuntimeMethod
-
-        * most files and functions
-
-2005-12-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - eliminated the old Undefined(), Null(), Boolean(), Number(), and String()
-
-        Code now uses jsUndefined(), jsNull(), jsBoolean(), jsNumber(), and jsString().
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_Evaluate):
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::invokeMethod):
-        (KJS::Bindings::CInstance::invokeDefaultMethod):
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertNPVariantToValue):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        (JavaInstance::invokeDefaultMethod):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::eval):
-        (JSObject::convertJObjectToValue):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::convertJObjectToArray):
-        (JavaField::valueFromInstance):
-        (JavaArray::valueAt):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject webScriptValueAtIndex:]):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-        (ObjcInstance::getValueOfUndefinedField):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcFallbackObjectImp::callAsFunction):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertNSStringToString):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Class::fallbackObject):
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::valueOf):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::lengthGetter):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::lengthGetter):
-        (RuntimeMethodImp::callAsFunction):
-        (RuntimeMethodImp::execute):
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::lengthGetter):
-        (CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
-        (ArrayPrototypeImp::ArrayPrototypeImp):
-        (ArrayProtoFuncImp::ArrayProtoFuncImp):
-        (ArrayProtoFuncImp::callAsFunction):
-        (ArrayObjectImp::ArrayObjectImp):
-        * kjs/bool_object.cpp:
-        (BooleanPrototypeImp::BooleanPrototypeImp):
-        (BooleanProtoFuncImp::callAsFunction):
-        (BooleanObjectImp::BooleanObjectImp):
-        (BooleanObjectImp::callAsFunction):
-        * kjs/error_object.cpp:
-        (ErrorPrototypeImp::ErrorPrototypeImp):
-        (ErrorProtoFuncImp::ErrorProtoFuncImp):
-        (ErrorProtoFuncImp::callAsFunction):
-        (ErrorObjectImp::ErrorObjectImp):
-        (NativeErrorImp::NativeErrorImp):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::FunctionImp::processParameters):
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::DeclaredFunctionImp::execute):
-        (KJS::encode):
-        (KJS::decode):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function_object.cpp:
-        (FunctionPrototypeImp::FunctionPrototypeImp):
-        (FunctionPrototypeImp::callAsFunction):
-        (FunctionProtoFuncImp::callAsFunction):
-        (FunctionObjectImp::FunctionObjectImp):
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::initGlobalObject):
-        * kjs/interpreter.h:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        (MathObjectImp::getValueProperty):
-        (MathFuncImp::callAsFunction):
-        * kjs/nodes.cpp:
-        (Node::setExceptionDetailsIfNeeded):
-        (NullNode::evaluate):
-        (PropertyNode::evaluate):
-        (FunctionCallBracketNode::evaluate):
-        (FunctionCallDotNode::evaluate):
-        (PostfixBracketNode::evaluate):
-        (PostfixDotNode::evaluate):
-        (VoidNode::evaluate):
-        (PrefixBracketNode::evaluate):
-        (PrefixDotNode::evaluate):
-        (ShiftNode::evaluate):
-        (valueForReadModifyAssignment):
-        (AssignDotNode::evaluate):
-        (AssignBracketNode::evaluate):
-        (VarDeclNode::evaluate):
-        (VarDeclNode::processVarDecls):
-        (VarDeclListNode::evaluate):
-        (ReturnNode::execute):
-        (CaseClauseNode::evalStatements):
-        (ParameterNode::evaluate):
-        (FuncDeclNode::processFuncDecl):
-        * kjs/nodes.h:
-        (KJS::StatementNode::evaluate):
-        * kjs/number_object.cpp:
-        (NumberPrototypeImp::NumberPrototypeImp):
-        (NumberProtoFuncImp::callAsFunction):
-        (NumberObjectImp::NumberObjectImp):
-        (NumberObjectImp::getValueProperty):
-        (NumberObjectImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::get):
-        (KJS::Error::create):
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::callAsFunction):
-        (ObjectObjectImp::ObjectObjectImp):
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::undefinedGetter):
-        * kjs/regexp_object.cpp:
-        (RegExpPrototypeImp::RegExpPrototypeImp):
-        (RegExpProtoFuncImp::callAsFunction):
-        (RegExpObjectImp::RegExpObjectImp):
-        (RegExpObjectImp::arrayOfMatches):
-        (RegExpObjectImp::getBackref):
-        (RegExpObjectImp::getLastMatch):
-        (RegExpObjectImp::getLastParen):
-        (RegExpObjectImp::getLeftContext):
-        (RegExpObjectImp::getRightContext):
-        (RegExpObjectImp::getValueProperty):
-        (RegExpObjectImp::construct):
-        * kjs/string_object.cpp:
-        (StringInstanceImp::StringInstanceImp):
-        (StringPrototypeImp::StringPrototypeImp):
-        (replace):
-        (StringProtoFuncImp::callAsFunction):
-        (StringObjectImp::StringObjectImp):
-        (StringObjectImp::callAsFunction):
-        (StringObjectFuncImp::StringObjectFuncImp):
-        (StringObjectFuncImp::callAsFunction):
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-        (VersionFunctionImp::callAsFunction):
-        * kjs/value.h:
-
-2005-12-10  Oliver Hunt  <ojh16@student.canterbury.ac.nz>
-
-        Reviewed by Maciej, landed by Darin.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=3539
-          Array join and toString methods do not support circular references
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::callAsFunction):
-        Added set of visited objects -- don't recurse if item is already in the set.
-
-2005-12-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fix major memory leak and resultant slowdown on JavaScript iBench from
-        my PassRefPtr changes
-        
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::create): I forgot to change one of the two overloads to create
-        with a refcount of 0 instead of 1 (the smart pointer then bumps it. But instead of
-        changing it, I changed both to start with a refcounter of 1 and use PassRefPtr::adopt
-        to adopt the initial refcount, this may be a hair more efficient.
-
-        - made the assignment operators for smart pointers inline because Shark said so
-        
-        * kxmlcore/PassRefPtr.h:
-        (KXMLCore::::operator=):
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::::operator=):
-
-2005-12-06  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin.
-
-        - fix build when using gcc 4
-                
-        * kjs/ustring.h:
-        Make Rep public.
-
-        * kxmlcore/PassRefPtr.h:
-        (KXMLCore::::operator):
-        Fix a typo.
-
-2005-12-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - add PassRefPtr, a smart pointer class that works in conjunction
-        with RefPtr but has transfer-of-ownership semantics
-        - apply RefPtr and PassRefPtr to UString
-        - cleaned up UString a little so that it doesn't need to have so many friend classes
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add):
-        * kjs/identifier.h:
-        (KJS::Identifier::Identifier):
-        (KJS::Identifier::equal):
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::get):
-        (KJS::PropertyMap::getLocation):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::remove):
-        * kjs/ustring.cpp:
-        (KJS::UCharReference::operator=):
-        (KJS::UCharReference::ref):
-        (KJS::UString::Rep::createCopying):
-        (KJS::UString::Rep::create):
-        (KJS::UString::usedCapacity):
-        (KJS::UString::usedPreCapacity):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::expandPreCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::spliceSubstringsWithSeparators):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        (KJS::UString::toStrictUInt32):
-        (KJS::UString::substr):
-        (KJS::UString::copyForWriting):
-        (KJS::operator==):
-        * kjs/ustring.h:
-        (KJS::UString::UString):
-        (KJS::UString::~UString):
-        (KJS::UString::data):
-        (KJS::UString::isNull):
-        (KJS::UString::isEmpty):
-        (KJS::UString::size):
-        (KJS::UString::rep):
-        * kxmlcore/RefPtr.h:
-        (KXMLCore::RefPtr::RefPtr):
-        (KXMLCore::RefPtr::operator*):
-        (KXMLCore::::operator):
-        (KXMLCore::operator==):
-        (KXMLCore::operator!=):
-        (KXMLCore::static_pointer_cast):
-        (KXMLCore::const_pointer_cast):
-
-2005-12-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Update test results to match Anders's last checkin.
-
-        * tests/mozilla/expected.html:
-
-2005-12-04  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Geoffrey.
-
-        - Fixes <http://bugs.webkit.org/show_bug.cgi?id=3999>
-        Object.prototype is missing propertyIsEnumerable
-        
-        * kjs/object.cpp:
-        (KJS::ObjectImp::canPut):
-        Refactor to use getPropertyAttributes.
-
-        (KJS::ObjectImp::propertyIsEnumerable):
-        New function which checks if a property is enumerable.
-
-        (KJS::ObjectImp::getPropertyAttributes):
-        * kjs/object.h:
-        Add getPropertyAttributes and propertyIsEnumerable.
-
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::callAsFunction):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-        Add propertyIsEnumerable to the Object prototype.
-
-2005-12-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        - removed deprecated reset, isNull and nonNull methods
-
-        * kxmlcore/RefPtr.h:
-
-2005-12-01  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin.
-
-        - Fixes <http://bugs.webkit.org/show_bug.cgi?id=3382>
-        nodes2strings.cpp fails to print left expression of ForInNode when 'var' is not used
-        
-        Patch by Mark Rowe.
-
-        * kjs/nodes2string.cpp:
-        (ForInNode::streamTo):
-        Add lexpr if there's no varDecl.
-
-2005-12-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Eric.
-
-        - renamed SharedPtr to RefPtr via script
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (KJS::Parser::parse):
-        (KJS::InterpreterImp::checkSyntax):
-        (KJS::InterpreterImp::evaluate):
-        * kjs/internal.h:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        (KJS::SourceStream::operator<<):
-        * kjs/protect.h:
-        * kxmlcore/RefPtr.h: Added.
-        (KXMLCore::RefPtr::RefPtr):
-        (KXMLCore::RefPtr::~RefPtr):
-        (KXMLCore::RefPtr::isNull):
-        (KXMLCore::RefPtr::notNull):
-        (KXMLCore::RefPtr::reset):
-        (KXMLCore::RefPtr::get):
-        (KXMLCore::RefPtr::operator*):
-        (KXMLCore::RefPtr::operator->):
-        (KXMLCore::RefPtr::operator!):
-        (KXMLCore::RefPtr::operator UnspecifiedBoolType):
-        (KXMLCore::::operator):
-        (KXMLCore::operator==):
-        (KXMLCore::operator!=):
-        (KXMLCore::static_pointer_cast):
-        (KXMLCore::const_pointer_cast):
-        * kxmlcore/SharedPtr.h: Removed.
-
-2005-11-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        - change idiom used for implicit bool conversion of smart pointers, because the old one gives weird error messages sometimes
-
-        * kjs/protect.h:
-        (KJS::ProtectedPtr::operator UnspecifiedBoolType):
-        * kxmlcore/SharedPtr.h:
-        (KXMLCore::SharedPtr::operator UnspecifiedBoolType):
-
-2005-11-29  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-
-        Reviewed by ggaren.  Committed by eseidel.
-
-        Date conversion to local time gets the DST flag wrong sometimes
-        http://bugs.webkit.org/show_bug.cgi?id=5514
-
-        * kjs/date_object.cpp:
-        (KJS::isTime_tSigned):
-        (KJS::DateProtoFuncImp::callAsFunction):
-
-2005-11-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Eric.
-
-        - renamed InterpreterLock to JSLock
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        (_NPN_SetException):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::call):
-        (JSObject::eval):
-        (JSObject::getMember):
-        (JSObject::setMember):
-        (JSObject::removeMember):
-        (JSObject::getSlot):
-        (JSObject::setSlot):
-        (JSObject::toString):
-        (JSObject::convertJObjectToValue):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject removeWebScriptKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        (-[WebScriptObject webScriptValueAtIndex:]):
-        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
-        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
-        * bindings/runtime.cpp:
-        (Instance::createRuntimeObject):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        (RootObject::removeAllNativeReferences):
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::~RootObject):
-        (KJS::Bindings::RootObject::setRootObjectImp):
-        * bindings/testbindings.cpp:
-        (main):
-        * bindings/testbindings.mm:
-        (main):
-        * kjs/JSLock.cpp:
-        (KJS::initializeJSLock):
-        (KJS::JSLock::lock):
-        (KJS::JSLock::unlock):
-        (KJS::JSLock::lockCount):
-        (KJS::JSLock::DropAllLocks::DropAllLocks):
-        (KJS::JSLock::DropAllLocks::~DropAllLocks):
-        * kjs/JSLock.h:
-        (KJS::JSLock::JSLock):
-        (KJS::JSLock::~JSLock):
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::collect):
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::InterpreterImp):
-        (KJS::InterpreterImp::clear):
-        (KJS::InterpreterImp::checkSyntax):
-        (KJS::InterpreterImp::evaluate):
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate):
-        * kjs/protect.h:
-        (KJS::::ProtectedPtr):
-        (KJS::::~ProtectedPtr):
-        (KJS::::operator):
-        * kjs/protected_reference.h:
-        (KJS::ProtectedReference::ProtectedReference):
-        (KJS::ProtectedReference::~ProtectedReference):
-        (KJS::ProtectedReference::operator=):
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::getProtectCount):
-        (KJS::ProtectedValues::increaseProtectCount):
-        (KJS::ProtectedValues::decreaseProtectCount):
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-        (main):
-
-2005-11-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by eseidel.  Committed by eseidel.
-
-        Inline ScopeChain functions for speed.
-        http://bugs.webkit.org/show_bug.cgi?id=5687
-
-        * kjs/object.h:
-        (KJS::ScopeChain::mark):
-        * kjs/scope_chain.cpp:
-        * kjs/scope_chain.h:
-        (KJS::ScopeChain::ref):
-        (KJS::ScopeChain::operator=):
-        (KJS::ScopeChain::bottom):
-        (KJS::ScopeChain::push):
-        (KJS::ScopeChain::pop):
-
-2005-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/4139620> Seed: WebKit: hang when sending XMLHttpRequest if automatic proxy config is used
-
-        Also factored locking code completely into a separate class, and
-        added a convenient packaged way to temporarily drop locks.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/JSLock.cpp: Added.
-        (KJS::initializeInterpreterLock):
-        (KJS::InterpreterLock::lock):
-        (KJS::InterpreterLock::unlock):
-        (KJS::InterpreterLock::lockCount):
-        (KJS::InterpreterLock::DropAllLocks::DropAllLocks):
-        (KJS::InterpreterLock::DropAllLocks::~DropAllLocks):
-        * kjs/JSLock.h: Added.
-        (KJS::InterpreterLock::InterpreterLock):
-        (KJS::InterpreterLock::~InterpreterLock):
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        * kjs/protect.h:
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-
-2005-11-21  Eric Seidel  <eseidel@apple.com>
-
-        Rubber-stamped by hyatt.
-        
-        Removed JavaScriptCore+SVG target.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2005-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by mjs.
-        
-        - Fixed <rdar://problem/4342216> Installer crash in 
-          KJS::ValueImp::marked() when garbage collector runs inside call to 
-          ConstantValues::init()
-          
-        I took responsibility for initializing and marking ConstantValues away 
-        from InterpreterImp, since it's possible to reference such a value 
-        before any interpreter has been created and after the last interpreter 
-        has been destroyed.
-
-        InterpreterImp::lock now initializes ConstantValues. It's a good
-        place for the initialization because you have to call it before
-        creating any objects. Since ::lock can be called more than once,
-        I added a check in ConstantValues::init to ensure that it executes 
-        only once.
-
-        Collector:collect is now responsible for marking ConstantValues.
-
-        We no longer clear the ConstantValues since we can't guarantee that no 
-        one has a reference to them.
-
-        FIXME: This is hackery. The long-term plan is to make ConstantValues
-        use immediate values that require no initialization.
-
-        * ChangeLog:
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::InterpreterImp):
-        (KJS::InterpreterImp::lock):
-        (KJS::InterpreterImp::clear):
-        (KJS::InterpreterImp::mark):
-        * kjs/internal.h:
-        * kjs/value.cpp:
-        (KJS::ConstantValues::initIfNeeded):
-        * kjs/value.h:
-
-2005-11-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        This patch fixes some naughty naughty code -- 5 crashes and 2 
-        may-go-haywire-in-the-futures.
-        
-        One such crash is <rdar://problem/4247330> 8C46 Crash with with 
-        incomplete parameter list to webScript object function.
-        
-        I replaced early returns from within NS_DURINGs with calls to
-        NS_VALUERETURN because the doc says, "You cannot use goto or 
-        return to exit an exception handling domain -- errors will result."
-        
-        I replaced hard-coded analyses of -[NSMethodSignature 
-        methodReturnType] with more abstracted alternatives, since
-        the documentation says "This encoding is implementation-specific, 
-        so applications should use it with caution," and then emits an
-        evil cackle.
-        
-        I removed the early return in the case where a JavaScript caller
-        supplies an insufficient number of arguments, because the right
-        thing to do in such a case is to use JavaScript's defined behavior
-        of supplying "undefined" for any missing arguments.
-        
-        I also changed ObjcInstance::invokeMethod so that it no longer
-        deletes the method passed to it. It doesn't create the method,
-        so it shouldn't delete it. A friend of mine named
-        KERNEL_PROTECTION_FAILURE agrees with me on this point.
-        
-        Finally, I changed an assert(true) to assert(false) because
-        all the other asserts were making fun of it.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-
-2005-11-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5571
-          REGRESSION (412.5-TOT): duplicated words/sentences at 
-          shakespeer.sourceforge.net
-
-        Our UTF16-modified PCRE didn't work with extended character classes
-        (classes involving characters > 255) because it used the GETCHARINC
-        macro to read through them. In UTF16 mode, GETCHARINC expects UTF16 
-        input, but PCRE encodes character classes in UTF8 regardless of the
-        input mode of the subject string.
-
-        The fix is to explicitly define GETUTF8CHARINC, and to use it,
-        rather than GETCHARINC, when reading extended character classes. 
-        
-        In UTF8 mode, we simply define GETCHARINC to be GETUTF8CHARINC.
-
-        * pcre/pcre_internal.h:
-        * pcre/pcre_xclass.c:
-        (_pcre_xclass):
-
-2005-11-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by Mitz Pettel, reviewed by Maciej.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5357
-          REGRESSION: Scriptable plugin hides properties of OBJECT element
-
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::fallbackObject):
-
-2005-11-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5409
-        slice() testcase doesn't pass
-
-        Modified String.slice to deal with funky values.
-        Updated test results. We now pass <js1_2/String/slice.js>.
-
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::callAsFunction):
-        * tests/mozilla/expected.html:
-
-2005-11-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        * kxmlcore/HashSet.h: Fixed case of "hashfunctions.h" -- needs to be "HashFunctions.h".
-
-2005-11-03  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin and Vicki.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-          Change to use $(SYSTEM_LIBRARY_DIR) consistently and place
-          $(NEXT_ROOT) in a few spots to make build-root work.
-
-2005-11-03  Geoffrey Garen  <ggaren@apple.com>
-
-        - Updated JavaScriptCore test results to reflect recent fixes.
-
-        * tests/mozilla/expected.html:
-
-2005-11-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by darin.
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5602
-          REGRESSION: RegExp("[^\\s$]+", "g") returns extra matches
-
-        We now update lastIndex relative to the start of the last match,
-        rather than the start of the last search. We used to assume that
-        the two were equal, but that is not the case when a pattern
-        matches at a character after the first in the string.
-
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFuncImp::callAsFunction):
-
-2005-10-24  John Sullivan  <sullivan@apple.com>
-
-        Reviewed by Darin Adler. Code changes by Alexey Proskuryakov.
-        
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4931
-        Unicode format characters (Cf) should be removed from JavaScript source
-
-        * kjs/lexer.cpp:
-        include <unicode/uchar.h>
-        (Lexer::Lexer):
-        use KJS::UChar instead of UChar to avoid ambiguity caused by new include
-        (Lexer::setCode):
-        ditto; also, use shift(4) to skip first 4 chars to take advantage of new
-        logic there.
-        (Lexer::shift):
-        skip chars of type U_FORMAT_CHAR
-        (Lexer::convertUnicode):
-        use KJS::UChar instead of UChar to avoid ambiguity caused by new include
-        (Lexer::record16):
-        ditto
-        (Lexer::makeIdentifier):
-        ditto
-        (Lexer::makeUString):
-        ditto
-        
-        * tests/mozilla/ecma/Array/15.4.5.1-1.js:
-        updated to skip soft hyphens
-
-2005-10-24  John Sullivan  <sullivan@apple.com>
-
-        Reviewed by Darin Adler. Code changes by George Staikos/Geoff Garen.
-        
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4142
-        Date object does not always adjust daylight savings correctly
-
-        * kjs/date_object.cpp:
-        (KJS::makeTime):
-        Fix the case where a time change crosses the daylight savings start/end dates.
-
-2005-10-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff. Code changes by Darin.
-
-        - some micro-optimizations to FastMalloc to reduce math and branches.
-
-        * kxmlcore/FastMalloc.cpp:
-        (KXMLCore::TCMalloc_Central_FreeList::Populate):
-        (KXMLCore::fastMallocRegisterThread):
-        (KXMLCore::TCMalloc_ThreadCache::GetCache):
-        (KXMLCore::TCMalloc_ThreadCache::GetCacheIfPresent):
-
-2005-10-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reverted fix for this bug, because it was part of a time range that caused a performance
-        regression:
-        
-        <rdar://problem/4260481> Remove Reference type from JavaScriptCore
-
-2005-10-15  Darin Adler  <darin@apple.com>
-
-        * kxmlcore/HashTable.cpp: Fixed build failure (said hashtable.h instead of HashTable.h).
-
-2005-10-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Style changes recommended by Darin.
-        
-        Changed to camelCase, changed ValueImp* to ValueImp *.
-
-        * kjs/simple_number.h:
-        (KJS::SimpleNumber::make):
-        (KJS::SimpleNumber::value):
-
-2005-10-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Added regexp_object.lut.h build phase from JavaScriptCore
-        to JavaScriptCore+SVG.
-
-        Reviewed by mitz.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2005-10-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed build bustage from last checkin (stray characters
-        in the project file).
-
-        Reviewed by mitz.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2005-10-11  Geoffrey Garen  <ggaren@apple.com>
-
-        New JavaScriptCore test results to reflect the last change.
-
-        * tests/mozilla/expected.html:
-
-2005-10-10  Geoffrey Garen  <ggaren@apple.com>
-
-        - Implemented caching of match state inside the global RegExp object
-          (lastParen, leftContext, rightContext, lastMatch, input).
-
-          exec(), test(), match(), search(), and replace() now dipatch regular
-          expression matching through the RegExp object's performMatch function, 
-          to facilitate caching. This replaces registerRegexp and 
-          setSubPatterns.
-        
-        - Implemented the special '$' aliases (e.g. RegExp.input aliases to 
-          RegExp.$_).
-
-        - Moved support for backreferences into the new static hash table
-          used for other special RegExp properties. Truncated backreferences
-          at $9 to match IE, FF, and the "What's New in Netscape 1.2?" doc.
-          (String.replace still supports double-digit backreferences.)
-
-        - Tweaked RegExp.prototype.exec to handle ginormous values in lastIndex.
-
-        Fixes 11 -- count em, 11 -- JavaScriptCore tests.
-
-        * fast/js/regexp-caching-expected.txt: Added.
-        * fast/js/regexp-caching.html: Added.
-
-        Reviewed by mjs.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added regexp_object.lut.h
-        * kjs/create_hash_table: Tweaked to allow for more exotic characters.
-                                 We now rely on the compiler to catch illegal
-                                 identifiers.
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFuncImp::callAsFunction):
-        (RegExpObjectImp::RegExpObjectImp):
-        (RegExpObjectImp::performMatch):
-        (RegExpObjectImp::arrayOfMatches):
-        (RegExpObjectImp::backrefGetter):
-        (RegExpObjectImp::getLastMatch):
-        (RegExpObjectImp::getLastParen):
-        (RegExpObjectImp::getLeftContext):
-        (RegExpObjectImp::getRightContext):
-        (RegExpObjectImp::getOwnPropertySlot):
-        (RegExpObjectImp::getValueProperty):
-        (RegExpObjectImp::put):
-        (RegExpObjectImp::putValueProperty):
-        * kjs/regexp_object.h:
-        (KJS::RegExpObjectImp::):
-        * kjs/string_object.cpp:
-        (substituteBackreferences):
-        (replace):
-        (StringProtoFuncImp::callAsFunction):
-
-2005-10-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej; some changes done after review.
-
-        - fixed <rdar://problem/4092064> hanging loading page; rte.ie (works in IE and Firefox)
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=5280
-          Date.setMonth fails with negative values
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=5154
-          JSC should switch to _r variants of unix time/date functions
-        - fixed a few possible overflow cases
-
-        Retested all tests to be sure nothing broke; added layout test for bug 5280.
-
-        * kjs/config.h: Removed TIME_WITH_SYS_TIME define. Also set HAVE_SYS_TIMEB_H
-        for the __APPLE__ case (the latter is accurate but irrelevant).
-
-        * kjs/date_object.h: Reformatted. Removed unnecessary include of "function_object.h".
-        Moved declarations of helper classes and functions into the cpp file.
-
-        * kjs/date_object.cpp: Removed code at top to define macros to use CoreFoundation instead of
-        POSIX date functions.
-        (KJS::styleFromArgString): Tweaked to return early instead of using a variable.
-        (KJS::formatLocaleDate): Tweaked to check for undefined rather than checking argument count.
-        (KJS::formatDate): Made parameter const.
-        (KJS::formatDateUTCVariant): Ditto.
-        (KJS::formatTime): Ditto.
-        (KJS::DateProtoFuncImp::callAsFunction): Use gmtime_r and localtime_r instead of gmtime and
-        localtime.
-        (KJS::DateObjectImp::callAsFunction): Use localtime_r instead of localtime.
-        (KJS::ymdhmsToSeconds): Renamed from ymdhms_to_seconds. Changed computation to avoid possible
-        overflow if year is an extremely large or small number.
-        (KJS::makeTime): Removed code to move large month numbers from tm_mon to tm_year; this was
-        to accomodate CFGregorianDate, which is no longer used (and didn't handle negative values).
-        (KJS::parseDate): Renamed from KRFCDate_parseDate; changed to return a value in milliseconds
-        rather than in seconds. Reformatted the code. Changed to use UTF8String() instead of ascii(),
-        since ascii() is not thread safe. Changed some variables back from int to long to avoid
-        trouble if the result of strtol does not fit in an int (64-bit issue only).
-
-2005-10-08  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-
-        Reviewed by Geoff.
-        Tweaked and landed by Darin.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=5266
-          Support parenthesized comments in Date.parse()
-
-        * kjs/date_object.cpp:
-        (KJS::skipSpacesAndComments): Take a pointer, and advance it past spaces,
-        and also past anything enclosed in parentheses.
-        (KJS::KRFCDate_parseDate): Use skipSpacesAndComments wherever we formerly had
-        code to skip spaces.
-
-2005-10-08  Justin Haygood  <justin@xiondigital.net>
-
-        Reviewed, tweaked, and landed by Darin.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=5189
-          pcre_exec.c fails to compile using MSVC
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=5190
-          KJS config.h adjustment for Win32
-        
-        * kjs/config.h: Make sure HAVE_MMAP and HAVE_SBRK are off for Win32.
-        Turn HAVE_ERRNO_H on for Mac OS X. Sort defines so they are easy to compare
-        with each other. Remove #undef of DEBUG_COLLECTOR.
-        * pcre/pcre_exec.c: (match): Work around strange MSVC complaint by splitting
-        the definition of a local variable into a separate declaration and
-        initialization.
-
-2005-10-05  Geoffrey Garen  <ggaren@apple.com>
- 
-        - Darin and I rewrote our implementation of the SimpleNumber class
-          to store number bit patterns in their floating point formats.
- 
-        My tweaks reviewed by Darin.
-        
-        ~1% speedup on JS iBench.
-        
-        * kjs/internal.h: removed obsolete jsNumber declarations.
-        * kjs/math_object.cpp:
-        (MathFuncImp::callAsFunction): changed KJS::isNaN to isNaN
-        * kjs/nodes.cpp:
-        (PostfixResolveNode::evaluate): removed obsolete knownToBeInteger
-        (PostfixBracketNode::evaluate): ditto
-        (PostfixDotNode::evaluate): ditto
-        (PrefixResolveNode::evaluate): ditto
-        (PrefixBracketNode::evaluate): ditto
-        (PrefixDotNode::evaluate): ditto
-        (NegateNode::evaluate): ditto
-        (valueForReadModifyAssignment): ditto
-        * kjs/number_object.cpp: removed obsolete comment
-        * kjs/operations.cpp:
-        (KJS::equal): removed unnecessary isNaN checks
-        (KJS::strictEqual): ditto
-        (KJS::add): removed obsolete knownToBeInteger
-        (KJS::mult): ditto
-        * kjs/operations.h: removed include of "value.h" to prevent circular reference
-        * kjs/simple_number.h: removed unnecessary #includes
-        (KJS::SimpleNumber::make): see above
-        (KJS::SimpleNumber::is): ditto
-        (KJS::SimpleNumber::value): ditto
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::callAsFunction): changed KJS::isNaN to isNaN
-        * kjs/ustring.cpp: removed unnecessary isNaN check
-        (KJS::UString::toUInt32): ditto
-        * kjs/value.cpp:
-        (KJS::jsNumber): removed obsolete jsNumber definitions
-        (KJS::ConstantValues::init): NaN is no longer a ConstantValue
-        (KJS::ConstantValues::clear): ditto
-        (KJS::ConstantValues::mark): ditto
-        * kjs/value.h: removed obsolete knownToBeInteger
-        (KJS::jsNaN): now returns a SimpleNumber
-        (KJS::ValueImp::getUInt32): changed to account for NaN being a SimpleNumber
-        (KJS::ValueImp::toBoolean): ditto
-        (KJS::ValueImp::toString): changed to account for +/- 0.0
-        (KJS::jsZero): changed to reflect that SimpleNumber::make takes a double
-        (KJS::jsOne): ditto
-        (KJS::jsTwo): ditto
-        (KJS::Number): removed obsolete non-double constructor declarations
-
-2005-10-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - fixed <rdar://problem/4260481> Remove Reference type from JavaScriptCore
-
-        Also fixed some bugs with for..in enumeration while I was at it. object
-        properties now come before prototype properties and duplicates
-        between object and prototype are listed only once.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/IdentifierSequencedSet.cpp: Added.
-        (KJS::IdentifierSequencedSet::IdentifierSequencedSet):
-        (KJS::IdentifierSequencedSet::deallocateVector):
-        (KJS::IdentifierSequencedSet::~IdentifierSequencedSet):
-        (KJS::IdentifierSequencedSet::insert):
-        * kjs/IdentifierSequencedSet.h: Added.
-        (KJS::IdentifierSequencedSetIterator::IdentifierSequencedSetIterator):
-        (KJS::IdentifierSequencedSetIterator::operator*):
-        (KJS::IdentifierSequencedSetIterator::operator->):
-        (KJS::IdentifierSequencedSetIterator::operator++):
-        (KJS::IdentifierSequencedSetIterator::operator==):
-        (KJS::IdentifierSequencedSetIterator::operator!=):
-        (KJS::IdentifierSequencedSet::begin):
-        (KJS::IdentifierSequencedSet::end):
-        (KJS::IdentifierSequencedSet::size):
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::getPropertyNames):
-        (ArrayInstanceImp::setLength):
-        (ArrayInstanceImp::pushUndefinedObjectsToEnd):
-        * kjs/nodes.cpp:
-        (ForInNode::execute):
-        * kjs/nodes.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::getPropertyNames):
-        * kjs/object.h:
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::getEnumerablePropertyNames):
-        (KJS::PropertyMap::getSparseArrayPropertyNames):
-        * kjs/property_map.h:
-        * kjs/protect.h:
-        * kjs/protected_reference.h: Removed.
-        * kjs/reference.cpp: Removed.
-        * kjs/reference.h: Removed.
-        * kjs/reference_list.cpp: Removed.
-        * kjs/reference_list.h: Removed.
-        * kjs/ustring.h:
-        (KJS::UString::impl):
-        * kxmlcore/HashSet.h:
-
-2005-10-04  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        Code cleanup, which resulted in a small win on iBench.
-
-        * kjs/object.cpp:
-        (KJS::tryGetAndCallProperty): new static inline
-        (KJS::ObjectImp::defaultValue): code cleanup
-
-2005-10-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from George Staikos <staikos@kde.org>, reviewed and tweaked a bit by me.
-
-        - more Linux build fixes
-        
-        * kjs/operations.cpp:
-        * kxmlcore/FastMalloc.h:
-        * kxmlcore/TCSystemAlloc.cpp:
-        (TCMalloc_SystemAlloc):
-
-2005-10-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from George Staikos <staikos@kde.org>, reviewed and tweaked a bit by me.
-
-        http://bugs.webkit.org/show_bug.cgi?id=5174
-        Add support for compiling on Linux (likely to help for other POSIX systems too)
-
-        * kjs/collector.cpp:
-        (KJS::Collector::markCurrentThreadConservatively):
-        (KJS::Collector::markOtherThreadConservatively):
-        * kjs/config.h:
-        * kjs/date_object.cpp:
-        (KJS::formatDate):
-        (KJS::formatDateUTCVariant):
-        (KJS::formatTime):
-        (KJS::timeZoneOffset):
-        (KJS::DateProtoFuncImp::callAsFunction):
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectImp::callAsFunction):
-        (KJS::makeTime):
-        * kjs/identifier.cpp:
-        * kjs/internal.cpp:
-        (KJS::initializeInterpreterLock):
-        (KJS::lockInterpreter):
-        (KJS::unlockInterpreter):
-        (KJS::UndefinedImp::toPrimitive):
-        (KJS::UndefinedImp::toBoolean):
-        (KJS::UndefinedImp::toNumber):
-        (KJS::UndefinedImp::toString):
-        (KJS::NullImp::toPrimitive):
-        (KJS::NullImp::toBoolean):
-        (KJS::NullImp::toNumber):
-        (KJS::NullImp::toString):
-        (KJS::BooleanImp::toPrimitive):
-        (KJS::BooleanImp::toBoolean):
-        (KJS::BooleanImp::toNumber):
-        (KJS::BooleanImp::toString):
-        (KJS::StringImp::toPrimitive):
-        (KJS::StringImp::toBoolean):
-        (KJS::StringImp::toNumber):
-        (KJS::StringImp::toString):
-        * kjs/internal.h:
-        * kjs/protected_values.cpp:
-
-2005-10-03  Maciej Stachowiak  <mjs@apple.com>
-
-        - fix Development build after last checkin
-
-        * kxmlcore/FastMalloc.cpp:
-        (KXMLCore::fastMallocRegisterThread):
-
-2005-10-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4283967> REGRESSION: 3% regression on PLT from new FastMalloc
-        http://bugs.webkit.org/show_bug.cgi?id=5243
-        
-        A number of optimizations to the new threadsafe malloc that make it actually as fast
-        as dlmalloc (I measured wrong before) and as memory-efficient as the system malloc.
-
-        - use fastMalloc for everything - it now gets applied to all new/delete allocations
-        via a private inline operator new that is now included into every file via config.h.
-
-        - tweaked some of the numeric parameters for size classes and amount of wasted memory
-        allowed per allocation - this saves on memory use and consequently improves speed.
-
-        - so long as the allocator is not being used on background threads, get the per-thread
-        cache from a global variable instead of from pthread_getspecific, since the latter is slow.
-
-        - inline more functions, and force the ones GCC refuses to inline with 
-        attribute(always_inline), nearly all of these have one call site so inlining them has 
-        to be a win.
-
-        - use some tricks to calculate allocation size more efficiently and fewer times for small
-        allocations, to avoid hitting the huge size table array.
-
-        - avoid hitting the per-thread cache on code paths that don't need it.
-
-        - implement inline assembly version of spinlock for PowerPC (was already done for x86)
-
-        * bindings/NP_jsobject.cpp:
-        * bindings/c/c_class.cpp:
-        * bindings/c/c_instance.cpp:
-        * bindings/c/c_runtime.cpp:
-        * bindings/c/c_utility.cpp:
-        * bindings/jni/jni_class.cpp:
-        * bindings/jni/jni_instance.cpp:
-        * bindings/jni/jni_jsobject.cpp:
-        * bindings/jni/jni_objc.mm:
-        * bindings/jni/jni_runtime.cpp:
-        * bindings/jni/jni_utility.cpp:
-        * bindings/npruntime.cpp:
-        * bindings/objc/WebScriptObject.mm:
-        * bindings/objc/objc_class.mm:
-        * bindings/objc/objc_instance.mm:
-        * bindings/objc/objc_runtime.mm:
-        * bindings/objc/objc_utility.mm:
-        * bindings/runtime.cpp:
-        * bindings/runtime_array.cpp:
-        * bindings/runtime_method.cpp:
-        * bindings/runtime_object.cpp:
-        * bindings/runtime_root.cpp:
-        * bindings/testbindings.cpp:
-        * bindings/testbindings.mm:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp):
-        (ArrayInstanceImp::~ArrayInstanceImp):
-        (ArrayInstanceImp::resizeStorage):
-        * kjs/bool_object.cpp:
-        * kjs/collector.cpp:
-        (KJS::Collector::registerThread):
-        * kjs/config.h:
-        * kjs/debugger.cpp:
-        * kjs/error_object.cpp:
-        * kjs/function.cpp:
-        * kjs/function_object.cpp:
-        * kjs/identifier.cpp:
-        (KJS::Identifier::rehash):
-        * kjs/internal.cpp:
-        (KJS::Parser::saveNewNode):
-        (KJS::clearNewNodes):
-        * kjs/interpreter.cpp:
-        * kjs/lexer.cpp:
-        (Lexer::doneParsing):
-        (Lexer::makeIdentifier):
-        (Lexer::makeUString):
-        * kjs/list.cpp:
-        * kjs/math_object.cpp:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        * kjs/number_object.cpp:
-        (integer_part_noexp):
-        (char_sequence):
-        * kjs/object.cpp:
-        * kjs/object_object.cpp:
-        * kjs/property_map.cpp:
-        * kjs/property_slot.cpp:
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::rehash):
-        * kjs/reference.cpp:
-        * kjs/reference_list.cpp:
-        * kjs/regexp.cpp:
-        * kjs/regexp_object.cpp:
-        * kjs/scope_chain.cpp:
-        * kjs/scope_chain.h:
-        * kjs/string_object.cpp:
-        * kjs/testkjs.cpp:
-        * kjs/ustring.h:
-        * kjs/value.cpp:
-        * kxmlcore/Assertions.mm:
-        * kxmlcore/FastMalloc.cpp:
-        (KXMLCore::InitSizeClasses):
-        (KXMLCore::DLL_IsEmpty):
-        (KXMLCore::DLL_Prepend):
-        (KXMLCore::TCMalloc_Central_FreeList::Insert):
-        (KXMLCore::TCMalloc_Central_FreeList::Remove):
-        (KXMLCore::TCMalloc_Central_FreeList::Populate):
-        (KXMLCore::TCMalloc_ThreadCache::Allocate):
-        (KXMLCore::TCMalloc_ThreadCache::FetchFromCentralCache):
-        (KXMLCore::fastMallocRegisterThread):
-        (KXMLCore::TCMalloc_ThreadCache::GetCache):
-        (KXMLCore::TCMalloc_ThreadCache::GetCacheIfPresent):
-        (KXMLCore::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        (KXMLCore::do_malloc):
-        (KXMLCore::do_free):
-        (KXMLCore::realloc):
-        * kxmlcore/FastMalloc.h:
-        (operator new):
-        (operator delete):
-        (operator new[]):
-        (operator delete[]):
-        * kxmlcore/HashTable.cpp:
-        * kxmlcore/TCSpinLock.h:
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SlowLock):
-        * kxmlcore/TCSystemAlloc.cpp:
-
-2005-09-30  Geoffrey Garen  <ggaren@apple.com>
-
-        - Second cut at fixing <rdar://problem/4275206> Denver Regression: Seed: 
-          Past Editions of Opinions display "NAN/Undefined" for www.washingtonpost.com
-                
-        Reviewed by john.
-
-        * kjs/date_object.cpp:
-        (KJS::KRFCDate_parseDate): Intead of creating a timezone when one isn't specified,
-        just rely on the fallback logic, which will do it for you. Also, return invalidDate
-        if the date includes trailing garbage. (Somewhat accidentally, the timezone logic
-        used to catch trailing garbage.)
-
-        Added test case to fast/js/date-parse-test.html.
-
-2005-09-29  Eric Seidel  <eseidel@apple.com>
-        Fix from Mitz Pettel <opendarwin.org@mitzpettel.com>
-
-        Reviewed by darin.
-
-        Fix JSC memory smasher in TOT.
-        http://bugs.webkit.org/show_bug.cgi?id=5176
-
-        * pcre/pcre_exec.c:
-        (match):
-
-2005-09-29  Eric Seidel  <eseidel@apple.com>
-        Fix from Mitz Pettel <opendarwin.org@mitzpettel.com>
-
-        Reviewed by mjs.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Build fix for JSC+SVG after 5161.
-        http://bugs.webkit.org/show_bug.cgi?id=5179
-
-2005-09-28  Geoffrey Garen  <ggaren@apple.com>
-
-        - Fixed <rdar://problem/4275206> Denver Regression: Seed: Past Editions of Opinions display 
-          "NAN/Undefined" for www.washingtonpost.com
-          
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (KJS::KRFCDate_parseDate): If the timezone isn't specified, rather than returning
-        invalidDate, substitute the local timezone. This matches the behavior of FF/IE.
-
-2005-09-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from George Staikos, reviewed by me.
-
-        - fixed some compile issues on Linux
-        
-        * kjs/property_slot.h:
-        * kjs/simple_number.h:
-
-2005-09-27  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - move HashMap/HashSet code down to JavaScriptCore
-        http://bugs.webkit.org/show_bug.cgi?id=5161
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/internal.cpp:
-        (KJS::interpreterMap): Function that fetches the interpreter map on demand. 
-        (KJS::InterpreterImp::InterpreterImp): Replace use of InterpreterMap
-        class with an appropriate HashMap.
-        (KJS::InterpreterImp::clear): ditto
-        (KJS::InterpreterImp::interpreterWithGlobalObject): ditto
-        * kjs/interpreter_map.cpp: Removed.
-        * kjs/interpreter_map.h: Removed.
-
-        The HashMap/HashSet code (copied and slightly tweaked from WebCore)
-        
-        * kxmlcore/HashFunctions.h: Added.
-        (KXMLCore::4):
-        (KXMLCore::8):
-        (KXMLCore::):
-        (KXMLCore::PointerHash::hash):
-        (KXMLCore::PointerHash::equal):
-        * kxmlcore/HashMap.h: Added.
-        (KXMLCore::extractFirst):
-        (KXMLCore::HashMap::HashMap):
-        (KXMLCore::::size):
-        (KXMLCore::::capacity):
-        (KXMLCore::::isEmpty):
-        (KXMLCore::::begin):
-        (KXMLCore::::end):
-        (KXMLCore::::find):
-        (KXMLCore::::contains):
-        (KXMLCore::::set):
-        (KXMLCore::::get):
-        (KXMLCore::::remove):
-        (KXMLCore::::clear):
-        (KXMLCore::deleteAllValues):
-        * kxmlcore/HashMapPtrSpec.h: Added.
-        (KXMLCore::PointerHashIteratorAdapter::PointerHashIteratorAdapter):
-        (KXMLCore::PointerHashIteratorAdapter::operator*):
-        (KXMLCore::PointerHashIteratorAdapter::operator->):
-        (KXMLCore::PointerHashIteratorAdapter::operator++):
-        (KXMLCore::PointerHashIteratorAdapter::operator==):
-        (KXMLCore::PointerHashIteratorAdapter::operator!=):
-        (KXMLCore::PointerHashConstIteratorAdapter::PointerHashConstIteratorAdapter):
-        (KXMLCore::PointerHashConstIteratorAdapter::operator*):
-        (KXMLCore::PointerHashConstIteratorAdapter::operator->):
-        (KXMLCore::PointerHashConstIteratorAdapter::operator++):
-        (KXMLCore::PointerHashConstIteratorAdapter::operator==):
-        (KXMLCore::PointerHashConstIteratorAdapter::operator!=):
-        (KXMLCore::):
-        * kxmlcore/HashSet.h: Added.
-        (KXMLCore::identityExtract):
-        (KXMLCore::convertAdapter):
-        (KXMLCore::HashSet::HashSet):
-        (KXMLCore::::size):
-        (KXMLCore::::capacity):
-        (KXMLCore::::isEmpty):
-        (KXMLCore::::begin):
-        (KXMLCore::::end):
-        (KXMLCore::::find):
-        (KXMLCore::::contains):
-        (KXMLCore::::insert):
-        (KXMLCore::::remove):
-        (KXMLCore::::clear):
-        * kxmlcore/HashTable.cpp: Added.
-        (KXMLCore::HashTableStats::~HashTableStats):
-        (KXMLCore::HashTableStats::recordCollisionAtCount):
-        * kxmlcore/HashTable.h: Added.
-        (KXMLCore::HashTableIterator::skipEmptyBuckets):
-        (KXMLCore::HashTableIterator::HashTableIterator):
-        (KXMLCore::HashTableIterator::operator*):
-        (KXMLCore::HashTableIterator::operator->):
-        (KXMLCore::HashTableIterator::operator++):
-        (KXMLCore::HashTableIterator::operator==):
-        (KXMLCore::HashTableIterator::operator!=):
-        (KXMLCore::HashTableConstIterator::HashTableConstIterator):
-        (KXMLCore::HashTableConstIterator::operator*):
-        (KXMLCore::HashTableConstIterator::operator->):
-        (KXMLCore::HashTableConstIterator::skipEmptyBuckets):
-        (KXMLCore::HashTableConstIterator::operator++):
-        (KXMLCore::HashTableConstIterator::operator==):
-        (KXMLCore::HashTableConstIterator::operator!=):
-        (KXMLCore::HashTable::HashTable):
-        (KXMLCore::HashTable::~HashTable):
-        (KXMLCore::HashTable::begin):
-        (KXMLCore::HashTable::end):
-        (KXMLCore::HashTable::size):
-        (KXMLCore::HashTable::capacity):
-        (KXMLCore::HashTable::insert):
-        (KXMLCore::HashTable::isEmptyBucket):
-        (KXMLCore::HashTable::isDeletedBucket):
-        (KXMLCore::HashTable::isEmptyOrDeletedBucket):
-        (KXMLCore::HashTable::hash):
-        (KXMLCore::HashTable::equal):
-        (KXMLCore::HashTable::identityConvert):
-        (KXMLCore::HashTable::extractKey):
-        (KXMLCore::HashTable::lookup):
-        (KXMLCore::HashTable::shouldExpand):
-        (KXMLCore::HashTable::mustRehashInPlace):
-        (KXMLCore::HashTable::shouldShrink):
-        (KXMLCore::HashTable::shrink):
-        (KXMLCore::HashTable::clearBucket):
-        (KXMLCore::HashTable::deleteBucket):
-        (KXMLCore::HashTable::makeLookupResult):
-        (KXMLCore::HashTable::makeIterator):
-        (KXMLCore::HashTable::makeConstIterator):
-        (KXMLCore::::lookup):
-        (KXMLCore::::insert):
-        (KXMLCore::::reinsert):
-        (KXMLCore::::find):
-        (KXMLCore::::contains):
-        (KXMLCore::::remove):
-        (KXMLCore::::allocateTable):
-        (KXMLCore::::expand):
-        (KXMLCore::::rehash):
-        (KXMLCore::::clear):
-        (KXMLCore::::HashTable):
-        (KXMLCore::::swap):
-        (KXMLCore::::operator):
-        (KXMLCore::::checkTableConsistency):
-        (KXMLCore::::checkTableConsistencyExceptSize):
-        * kxmlcore/HashTraits.h: Added.
-        (KXMLCore::HashTraits::emptyValue):
-        (KXMLCore::):
-        (KXMLCore::PairHashTraits::emptyValue):
-        (KXMLCore::PairHashTraits::deletedValue):
-
-2005-09-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - update grammar to fix conflicts; fixes one of our test cases
-          because it resolves the relationship between function expressions
-          and declarations in the way required by the ECMA specification
-
-        * kjs/grammar.y: Added lots of new grammar rules so we have no conflicts.
-        A new set of rules for "no bracket or function at start of expression" and
-        another set of rules for "no in anywhere in expression". Also simplified the
-        handling of try to use only a single node and used operator precedence to
-        get rid of the conflict in handling of if and else. Also used a macro to
-        streamline the handling of automatic semicolons and changed parenthesis
-        handling to use a virtual function.
-
-        * kjs/nodes.h: Added nodeInsideAllParens, removed unused abortStatement.
-        (KJS::TryNode::TryNode): Updated to hold catch and finally blocks directly instead
-        of using a special node for each.
-        * kjs/nodes.cpp:
-        (Node::createErrorCompletion): Added. Used instead of throwError when creating errors
-        that should not be in a completion rather than an ExecState.
-        (Node::throwUndefinedVariableError): Added. Sets source location unlike the call it
-        replaces.
-        (Node::nodeInsideAllParens): Added.
-        (GroupNode::nodeInsideAllParens): Added.
-        (StatListNode::execute): Removed code to move exceptions into completion objects;
-        that's now done solely by the KJS_CHECKEXCEPTION macro.
-        (TryNode::execute): Include execution of catch and finally here rather than using
-        separate nodes.
-        (FuncDeclNode::execute): Moved here, no longer inline.
-        * kjs/nodes2string.cpp:
-        (TryNode::streamTo): Updated for change.
-        (FuncDeclNode::streamTo): Ditto.
-        (FuncExprNode::streamTo): Ditto.
-
-        * kjs/kjs-test: Removed. Was part of "make check".
-        * kjs/kjs-test.chk: Ditto.
-        * kjs/test.js: Ditto.
-
-        * tests/mozilla/expected.html: Updated because one more test succeeds.
-
-2005-09-27  Adele Peterson  <adele@apple.com>
-
-        Reviewed by Maciej.
-
-        Changed ints to size_t where appropriate.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::collect):
-        (KJS::Collector::size):
-        (KJS::Collector::numInterpreters):
-        (KJS::Collector::numGCNotAllowedObjects):
-        (KJS::Collector::numReferencedObjects):
-        * kjs/collector.h:
-
-2005-09-27  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by kevin.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: fix after malloc changes.
-
-2005-09-27  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        * kjs/nodes.cpp:
-        (FuncExprNode::evaluate): Now sets .constructor properly.
-        Test cases added to WebCore/layout-tests.
-        http://bugs.webkit.org/show_bug.cgi?id=3537
-
-2005-09-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - replace dlmalloc with tcmalloc
-        http://bugs.webkit.org/show_bug.cgi?id=5145
-
-        I also moved SharedPtr and the assertion code from WebCore into a
-        new kxmlcore directory.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::collect):
-        * kjs/config.h:
-        * kjs/fast_malloc.cpp: Removed.
-        * kjs/fast_malloc.h: Removed.
-        * kjs/function.cpp:
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add):
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap):
-        (KJS::PropertyMap::rehash):
-        * kjs/scope_chain.h:
-        * kjs/shared_ptr.h: Removed.
-        * kjs/string_object.cpp:
-        (StringObjectFuncImp::callAsFunction):
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::createCopying):
-        (KJS::UString::Rep::destroy):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::expandPreCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::spliceSubstringsWithSeparators):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        (KJS::UString::detach):
-        * kjs/ustring.h:
-        * kxmlcore/Assertions.h: Added.
-        * kxmlcore/Assertions.mm: Added.
-        * kxmlcore/FastMalloc.cpp: Added.
-        (KXMLCore::LgFloor):
-        (KXMLCore::SizeClass):
-        (KXMLCore::ByteSizeForClass):
-        (KXMLCore::InitSizeClasses):
-        (KXMLCore::MetaDataAlloc):
-        (KXMLCore::PageHeapAllocator::Init):
-        (KXMLCore::PageHeapAllocator::New):
-        (KXMLCore::PageHeapAllocator::Delete):
-        (KXMLCore::PageHeapAllocator::inuse):
-        (KXMLCore::pages):
-        (KXMLCore::AllocationSize):
-        (KXMLCore::Event):
-        (KXMLCore::NewSpan):
-        (KXMLCore::DeleteSpan):
-        (KXMLCore::DLL_Init):
-        (KXMLCore::DLL_Remove):
-        (KXMLCore::DLL_IsEmpty):
-        (KXMLCore::DLL_Length):
-        (KXMLCore::DLL_Print):
-        (KXMLCore::DLL_Prepend):
-        (KXMLCore::DLL_InsertOrdered):
-        (KXMLCore::):
-        (KXMLCore::TCMalloc_PageHeap::GetDescriptor):
-        (KXMLCore::TCMalloc_PageHeap::SystemBytes):
-        (KXMLCore::TCMalloc_PageHeap::FreeBytes):
-        (KXMLCore::TCMalloc_PageHeap::RecordSpan):
-        (KXMLCore::TCMalloc_PageHeap::TCMalloc_PageHeap):
-        (KXMLCore::TCMalloc_PageHeap::New):
-        (KXMLCore::TCMalloc_PageHeap::Split):
-        (KXMLCore::TCMalloc_PageHeap::Carve):
-        (KXMLCore::TCMalloc_PageHeap::Delete):
-        (KXMLCore::TCMalloc_PageHeap::RegisterSizeClass):
-        (KXMLCore::TCMalloc_PageHeap::Dump):
-        (KXMLCore::TCMalloc_PageHeap::GrowHeap):
-        (KXMLCore::TCMalloc_PageHeap::Check):
-        (KXMLCore::TCMalloc_PageHeap::CheckList):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::Init):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::length):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::empty):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::lowwatermark):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::clear_lowwatermark):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::Push):
-        (KXMLCore::TCMalloc_ThreadCache_FreeList::Pop):
-        (KXMLCore::TCMalloc_ThreadCache::freelist_length):
-        (KXMLCore::TCMalloc_ThreadCache::Size):
-        (KXMLCore::TCMalloc_Central_FreeList::length):
-        (KXMLCore::TCMalloc_Central_FreeList::Init):
-        (KXMLCore::TCMalloc_Central_FreeList::Insert):
-        (KXMLCore::TCMalloc_Central_FreeList::Remove):
-        (KXMLCore::TCMalloc_Central_FreeList::Populate):
-        (KXMLCore::TCMalloc_ThreadCache::SampleAllocation):
-        (KXMLCore::TCMalloc_ThreadCache::Init):
-        (KXMLCore::TCMalloc_ThreadCache::Cleanup):
-        (KXMLCore::TCMalloc_ThreadCache::Allocate):
-        (KXMLCore::TCMalloc_ThreadCache::Deallocate):
-        (KXMLCore::TCMalloc_ThreadCache::FetchFromCentralCache):
-        (KXMLCore::TCMalloc_ThreadCache::ReleaseToCentralCache):
-        (KXMLCore::TCMalloc_ThreadCache::Scavenge):
-        (KXMLCore::TCMalloc_ThreadCache::GetCache):
-        (KXMLCore::TCMalloc_ThreadCache::GetCacheIfPresent):
-        (KXMLCore::TCMalloc_ThreadCache::PickNextSample):
-        (KXMLCore::TCMalloc_ThreadCache::InitModule):
-        (KXMLCore::TCMalloc_ThreadCache::InitTSD):
-        (KXMLCore::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        (KXMLCore::TCMalloc_ThreadCache::DeleteCache):
-        (KXMLCore::TCMalloc_ThreadCache::RecomputeThreadCacheSize):
-        (KXMLCore::TCMalloc_ThreadCache::Print):
-        (KXMLCore::ExtractStats):
-        (KXMLCore::DumpStats):
-        (KXMLCore::PrintStats):
-        (KXMLCore::DumpStackTraces):
-        (KXMLCore::TCMallocImplementation::GetStats):
-        (KXMLCore::TCMallocImplementation::ReadStackTraces):
-        (KXMLCore::TCMallocImplementation::GetNumericProperty):
-        (KXMLCore::TCMallocImplementation::SetNumericProperty):
-        (KXMLCore::DoSampledAllocation):
-        (KXMLCore::do_malloc):
-        (KXMLCore::do_free):
-        (KXMLCore::do_memalign):
-        (KXMLCore::TCMallocGuard::TCMallocGuard):
-        (KXMLCore::TCMallocGuard::~TCMallocGuard):
-        (KXMLCore::malloc):
-        (KXMLCore::free):
-        (KXMLCore::calloc):
-        (KXMLCore::cfree):
-        (KXMLCore::realloc):
-        (KXMLCore::memalign):
-        (KXMLCore::posix_memalign):
-        (KXMLCore::valloc):
-        (KXMLCore::pvalloc):
-        (KXMLCore::malloc_stats):
-        (KXMLCore::mallopt):
-        (KXMLCore::mallinfo):
-        * kxmlcore/FastMalloc.h: Added.
-        (KXMLCore::FastAllocated::operator new):
-        (KXMLCore::FastAllocated::operator delete):
-        (KXMLCore::FastAllocated::operator new[]):
-        (KXMLCore::FastAllocated::operator delete[]):
-        * kxmlcore/SharedPtr.h: Added.
-        (KXMLCore::SharedPtr::SharedPtr):
-        (KXMLCore::SharedPtr::~SharedPtr):
-        (KXMLCore::SharedPtr::isNull):
-        (KXMLCore::SharedPtr::notNull):
-        (KXMLCore::SharedPtr::reset):
-        (KXMLCore::SharedPtr::get):
-        (KXMLCore::SharedPtr::operator*):
-        (KXMLCore::SharedPtr::operator->):
-        (KXMLCore::SharedPtr::operator!):
-        (KXMLCore::SharedPtr::operator bool):
-        (KXMLCore::::operator):
-        (KXMLCore::operator==):
-        (KXMLCore::operator!=):
-        (KXMLCore::static_pointer_cast):
-        (KXMLCore::const_pointer_cast):
-        * kxmlcore/TCPageMap.h: Added.
-        (TCMalloc_PageMap1::TCMalloc_PageMap1):
-        (TCMalloc_PageMap1::Ensure):
-        (TCMalloc_PageMap1::get):
-        (TCMalloc_PageMap1::set):
-        (TCMalloc_PageMap2::TCMalloc_PageMap2):
-        (TCMalloc_PageMap2::get):
-        (TCMalloc_PageMap2::set):
-        (TCMalloc_PageMap2::Ensure):
-        (TCMalloc_PageMap3::NewNode):
-        (TCMalloc_PageMap3::TCMalloc_PageMap3):
-        (TCMalloc_PageMap3::get):
-        (TCMalloc_PageMap3::set):
-        (TCMalloc_PageMap3::Ensure):
-        * kxmlcore/TCSpinLock.h: Added.
-        (TCMalloc_SpinLock::Init):
-        (TCMalloc_SpinLock::Finalize):
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SlowLock):
-        (TCMalloc_SpinLockHolder::TCMalloc_SpinLockHolder):
-        (TCMalloc_SpinLockHolder::~TCMalloc_SpinLockHolder):
-        * kxmlcore/TCSystemAlloc.cpp: Added.
-        (TrySbrk):
-        (TryMmap):
-        (TryDevMem):
-        (TCMalloc_SystemAlloc):
-        * kxmlcore/TCSystemAlloc.h: Added.
-
-2005-09-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4260479> Finish deploying PropertySlot in the interpreter
-        http://bugs.webkit.org/show_bug.cgi?id=5112
-        
-        Convert postfix, prefix, delete, prefix, and for..in expressions to use
-        PropertySlot-based lookup instead of evaluateReference.
-
-        3% speedup on JS iBench.
-
-        Fixed two of the JS tests:
-        * tests/mozilla/expected.html:
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (PostfixResolveNode::evaluate):
-        (PostfixBracketNode::evaluate):
-        (PostfixDotNode::evaluate):
-        (DeleteResolveNode::evaluate):
-        (DeleteBracketNode::evaluate):
-        (DeleteDotNode::evaluate):
-        (DeleteValueNode::evaluate):
-        (typeStringForValue):
-        (TypeOfResolveNode::evaluate):
-        (TypeOfValueNode::evaluate):
-        (PrefixResolveNode::evaluate):
-        (PrefixBracketNode::evaluate):
-        (PrefixDotNode::evaluate):
-        (ForInNode::execute):
-        * kjs/nodes.h:
-        (KJS::PostfixResolveNode::PostfixResolveNode):
-        (KJS::PostfixBracketNode::PostfixBracketNode):
-        (KJS::PostfixDotNode::PostfixDotNode):
-        (KJS::DeleteResolveNode::DeleteResolveNode):
-        (KJS::DeleteBracketNode::DeleteBracketNode):
-        (KJS::DeleteDotNode::DeleteDotNode):
-        (KJS::DeleteValueNode::DeleteValueNode):
-        (KJS::TypeOfResolveNode::TypeOfResolveNode):
-        (KJS::TypeOfValueNode::TypeOfValueNode):
-        (KJS::PrefixResolveNode::PrefixResolveNode):
-        (KJS::PrefixBracketNode::PrefixBracketNode):
-        (KJS::PrefixDotNode::PrefixDotNode):
-        * kjs/nodes2string.cpp:
-        (PostfixResolveNode::streamTo):
-        (PostfixBracketNode::streamTo):
-        (PostfixDotNode::streamTo):
-        (DeleteResolveNode::streamTo):
-        (DeleteBracketNode::streamTo):
-        (DeleteDotNode::streamTo):
-        (DeleteValueNode::streamTo):
-        (TypeOfValueNode::streamTo):
-        (TypeOfResolveNode::streamTo):
-        (PrefixResolveNode::streamTo):
-        (PrefixBracketNode::streamTo):
-        (PrefixDotNode::streamTo):
-        * kjs/reference.cpp:
-        (KJS::Reference::Reference):
-        (KJS::Reference::getPropertyName):
-        (KJS::Reference::getValue):
-        (KJS::Reference::deleteValue):
-        * kjs/reference.h:
-
-2005-09-23  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed and landed by Darin.
-
-        - a Windows-specific file
-
-        * os-win32/stdint.h: Added. We plan to remove dependency on the <stdint.h> types,
-        and if we do so, we will remove this file.
-
-2005-09-22  Geoffrey Garen  <ggaren@apple.com>
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5053
-        Need to restore int/long changes to simple_number.h
-        
-        Reviewed by darin and mjs.
-
-        * kjs/simple_number.h: changed enums to indenpendent constants to clarify types
-        (KJS::isNegativeZero): changed to static function - no reason to export
-        (KJS::SimpleNumber::rightShiftSignExtended): new function for clarity
-        (KJS::SimpleNumber::make): specified cast as reinterpret_cast
-        (KJS::SimpleNumber::is): changed to use uintptr_t for portability
-        (KJS::SimpleNumber::value): changed to use uintptr_t and rightShiftSignExtended
-        (KJS::SimpleNumber::fits): inverted tests - probably only a performance win for double
-        (KJS::SimpleNumber::integerFits): ditto
-
-2005-09-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff and partly by Darin.
-
-        - fixed http://bugs.webkit.org/post_bug.cgi
-        (Reduce conflicts in JavaScriptCore grammar)
-
-        This change gets us down from over 200 shift/reduce and 45 reduce/reduce to
-        9 shift/reduce and 45 reduce/reduce.
-
-        * kjs/grammar.y:
-        * kjs/grammar_types.h: Removed.
-        * kjs/lexer.cpp:
-        * kjs/nodes.h:
-        (KJS::Node::isGroupNode):
-        (KJS::Node::isLocation):
-        (KJS::Node::isResolveNode):
-        (KJS::Node::isBracketAccessorNode):
-        (KJS::Node::isDotAccessorNode):
-        (KJS::ResolveNode::isLocation):
-        (KJS::ResolveNode::isResolveNode):
-        (KJS::ResolveNode::identifier):
-        (KJS::GroupNode::isGroupNode):
-        (KJS::GroupNode::leafNode):
-        (KJS::BracketAccessorNode::isLocation):
-        (KJS::BracketAccessorNode::isBracketAccessorNode):
-        (KJS::BracketAccessorNode::base):
-        (KJS::BracketAccessorNode::subscript):
-        (KJS::DotAccessorNode::isLocation):
-        (KJS::DotAccessorNode::isDotAccessorNode):
-        (KJS::DotAccessorNode::base):
-        (KJS::DotAccessorNode::identifier):
-        (KJS::FuncExprNode::FuncExprNode):
-        (KJS::FuncExprNode::identifier):
-        (KJS::FuncDeclNode::FuncDeclNode):
-        (KJS::FuncDeclNode::execute):
-
-2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-
-        - Oops. The 4263434 change was only appropriate on the branch. Rolling out.
-        
-        Reviewed by eric.
-        
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::mark):
-
-2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-
-        - More changes needed to fix <rdar://problem/4214783> 8F29 REGRESSION(Denver/Chardonnay):
-          kjs_fast_malloc crash due to lack of locking on multiple threads (seen selecting volumes in
-          the installer)
-          
-        Added InterpreterLocks in some places in the bindings we missed before.
-        
-        Reviewed by john.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        (RootObject::removeAllNativeReferences):
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::~RootObject):
-        (KJS::Bindings::RootObject::setRootObjectImp):
-
-2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-
-        - Fixed <rdar://problem/4263434> <rdar://problem/4263434> Denver 8F29 Regression:
-          KJS::InterpreterImp::mark() crash
-          
-        Fix by mjs, review by me.
-
-        * kjs/internal.cpp:
-        (KJS::InterpreterImp::mark): Added a null check on globExec in case a
-        garbage collection occurs inside InterpreterImp::globalInit (called
-        from InterpreterImp::InterpreterImp), at which point globExec has not yet been initialized.
-
-2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-
-        - Rolled in fix for http://bugs.webkit.org/show_bug.cgi?id=4892
-          Date constructor has problems with months larger than 11
-
-        Test cases added:
-
-        * layout-tests/fast/js/date-big-constructor-expected.txt: Added.
-        * layout-tests/fast/js/date-big-constructor.html: Added.
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (KJS::fillStructuresUsingDateArgs):
-        (KJS::makeTime):
-
-2005-09-19  Geoffrey Garen  <ggaren@apple.com>
-
-        - Fixed http://bugs.webkit.org/show_bug.cgi?id=5028
-          9 layout tests fail following the change from long to int
-          
-        - Rolled out changes to simple_number.h, and added fits(long long) 
-          and SimpleNumber::fits(unsigned long long) to the old system.
-        
-        Reviewed by mjs.
-
-        * kjs/simple_number.h:
-        (KJS::SimpleNumber::):
-        (KJS::SimpleNumber::value):
-        (KJS::SimpleNumber::fits):
-        (KJS::SimpleNumber::integerFits):
-        (KJS::SimpleNumber::make):
-
-2005-09-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-
-        - fixed <rdar://problem/4214783> REGRESSION: kjs_fast_malloc crash due to lack of locking on multiple threads (seen selecting volumes in the installer)
-
-        Make sure to lock using the InterpreterLock class in all places that need it
-        (including anything that uses the collector, the parser, the protect count hash table,
-        and anything that allocates via fast_malloc).
-
-        Also added assertions to ensure that the locking rules are followed for the relevant
-        resources.
-
-        * Makefile.am:
-        * bindings/NP_jsobject.cpp:
-        (identifierFromNPIdentifier):
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        (_NPN_SetException):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::call):
-        (JSObject::eval):
-        (JSObject::getMember):
-        (JSObject::setMember):
-        (JSObject::removeMember):
-        (JSObject::getSlot):
-        (JSObject::setSlot):
-        (JSObject::toString):
-        (JSObject::convertJObjectToValue):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject removeWebScriptKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        (-[WebScriptObject webScriptValueAtIndex:]):
-        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        * bindings/runtime.cpp:
-        (Instance::createRuntimeObject):
-        * bindings/runtime_root.h:
-        * bindings/testbindings.cpp:
-        (main):
-        * bindings/testbindings.mm:
-        (main):
-        * kjs/fast_malloc.cpp:
-        (KJS::kjs_fast_malloc):
-        (KJS::kjs_fast_calloc):
-        (KJS::kjs_fast_free):
-        (KJS::kjs_fast_realloc):
-        * kjs/fast_malloc.h:
-        * kjs/identifier.h:
-        * kjs/internal.cpp:
-        (InterpreterImp::InterpreterImp):
-        (InterpreterImp::clear):
-        (InterpreterImp::mark):
-        (InterpreterImp::checkSyntax):
-        (InterpreterImp::evaluate):
-        * kjs/internal.h:
-        (KJS::InterpreterImp::globalObject):
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate):
-        * kjs/interpreter.h:
-        (KJS::InterpreterLock::InterpreterLock):
-        (KJS::InterpreterLock::~InterpreterLock):
-        * kjs/nodes.h:
-        * kjs/protect.h:
-        (KJS::ProtectedValue::ProtectedValue):
-        (KJS::ProtectedValue::~ProtectedValue):
-        (KJS::ProtectedValue::operator=):
-        (KJS::ProtectedObject::ProtectedObject):
-        (KJS::ProtectedObject::~ProtectedObject):
-        (KJS::ProtectedObject::operator=):
-        (KJS::ProtectedReference::ProtectedReference):
-        (KJS::ProtectedReference::~ProtectedReference):
-        (KJS::ProtectedReference::operator=):
-        * kjs/protected_object.h:
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::getProtectCount):
-        (KJS::ProtectedValues::increaseProtectCount):
-        (KJS::ProtectedValues::decreaseProtectCount):
-        * kjs/string_object.cpp:
-        (StringObjectImp::StringObjectImp):
-        * kjs/testkjs.cpp:
-        (main):
-
-2005-09-16  Adele Peterson  <adele@apple.com>
-
-        Change by Darin, reviewed by me and Maciej.
-
-        Fixes http://bugs.webkit.org/show_bug.cgi?id=4547
-        use int instead of long for 32-bit (to prepare for LP64 compiling)
-
-        * bindings/c/c_class.h:
-        (KJS::Bindings::CClass::constructorAt):
-        (KJS::Bindings::CClass::numConstructors):
-        * bindings/c/c_runtime.h:
-        (KJS::Bindings::CMethod::numParameters):
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::JavaClass):
-        * bindings/jni/jni_class.h:
-        (KJS::Bindings::JavaClass::constructorAt):
-        (KJS::Bindings::JavaClass::numConstructors):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::convertJObjectToValue):
-        (JSObject::listFromJArray):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaConstructor::_commonCopy):
-        (KJS::Bindings::JavaConstructor::parameterAt):
-        (KJS::Bindings::JavaConstructor::numParameters):
-        (KJS::Bindings::JavaMethod::_commonCopy):
-        (KJS::Bindings::JavaMethod::parameterAt):
-        (KJS::Bindings::JavaMethod::numParameters):
-        * bindings/npapi.h:
-        * bindings/objc/WebScriptObject.mm:
-        (listFromNSArray):
-        * bindings/objc/objc_class.h:
-        (KJS::Bindings::ObjcClass::constructorAt):
-        (KJS::Bindings::ObjcClass::numConstructors):
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcMethod::numParameters):
-        * bindings/runtime.h:
-        * kjs/identifier.h:
-        * kjs/internal.h:
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::setCustomIndex):
-        (KJS::PropertySlot::index):
-        (KJS::PropertySlot::):
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::backrefGetter):
-        (RegExpObjectImp::getOwnPropertySlot):
-        * kjs/simple_number.h:
-        (KJS::SimpleNumber::):
-        (KJS::SimpleNumber::value):
-        (KJS::SimpleNumber::fits):
-        (KJS::SimpleNumber::integerFits):
-        (KJS::SimpleNumber::make):
-        * kjs/string_object.cpp:
-        (substituteBackreferences):
-        * kjs/ustring.cpp:
-        (KJS::UString::from):
-        (KJS::UString::toUInt32):
-        (KJS::UString::find):
-        (KJS::UString::rfind):
-        * kjs/ustring.h:
-        * kjs/value.cpp:
-        (KJS::jsNumber):
-        * kjs/value.h:
-
-2005-09-11  Eric Seidel  <eseidel@apple.com>
-
-        No review requested, build fix affects only SVG.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Fixed JSC+SVG
-        Fixed JavaScriptCore+SVG after PCRE 6.1 merger.
-        http://bugs.webkit.org/show_bug.cgi?id=4932
-
-2005-09-10  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed and landed by Darin.
-
-        * Makefile.vc: Added.
-        * README-Win32.txt: Added.
-
-2005-09-10  Darin Adler  <darin@apple.com>
-
-        - fixed compilation for WebCore (another try)
-
-        * kjs/simple_number.h: Added more "using" lines.
-
-2005-09-10  Darin Adler  <darin@apple.com>
-
-        - fixed compilation for WebCore
-
-        * kjs/simple_number.h: Have to include <cmath> here to work around a bug in the GCC
-        standard C++ library headers.
-
-2005-09-10  Darin Adler  <darin@apple.com>
-
-        Windows changes by Krzysztof Kowalczyk <kkowalczyk@gmail.com>.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4870
-          win portability: fix IS_NEGATIVE_ZERO macro in simple_number.h
-
-        * kjs/simple_number.h:
-        (KJS::isNegativeZero): Added. Inline function. Has a case for Windows that
-        uses _fpclass and a case for other platforms that uses signbit.
-        (KJS::SimpleNumber::fits): Use inline isNegativeZero instead of macro IS_NEGATIVE_ZERO.
-
-        * kjs/internal.cpp: Remove definition of now-unneeded negZero global.
-
-        * kjs/value.cpp: Touched the file because Xcode didn't know it needed to
-        recompile it.
-
-        - improved test engine
-
-        * tests/mozilla/jsDriver.pl: Sort tests in numeric order instead of using
-        a plain-ASCII sort; now test 33 will be after test 5 in any given set of
-        numbered tests.
-
-2005-09-08  Darin Adler  <darin@apple.com>
-
-        - fixed overloaded versions of throwError so that they substitute *all* 
-          expected parameters into the message string -- some versions used to
-          skip parameters, resulting in "%s" being printed in the error message.
-        
-        Reviewed by Geoff.
-
-        * kjs/nodes.h: Updated declarations to use "const &" and not to name parameters
-        * kjs/nodes.cpp: (Node::throwError): Updated to match above and add one missing
-        call to substitute.
-
-2005-09-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - updated to PCRE 6.1
-
-        The original PCRE 6.1 sources are checked into the tree with the tag
-        "pcre-6-1" for reference. What we're checking in right now is the original
-        plus our changes to make it support UTF-16 and at least one other tweak
-        (vertical tab considered whitespace). Our work to get our changes was
-        done on "pcre-6-1-branch", with an anchor at "pcre-6-1-anchor" so you can
-        see the evolution of the UTF-16 changes.
-        
-        Note also that there was one small change made here that's not on the branch
-        in pcre_compile.c.
-
-        * Info.plist: Updated the part of the copyright message that's about PCRE.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new PCRE source files,
-        removed obsolete ones.
-
-        * pcre/AUTHORS: Updated to PCRE 6.1. Includes credits for Apple's UTF-16
-        changes, but not the credits for Google's C++ wrapper, since we don't include that.
-        * pcre/COPYING: Updated to PCRE 6.1.
-        * pcre/LICENCE: Ditto.
-        * pcre/dftables.c: Ditto.
-        * pcre/pcre-config.h: Ditto.
-        * pcre/pcre.h: Ditto.
-
-        * pcre/pcre_compile.c: Added for PCRE 6.1.
-        * pcre/pcre_config.c: Ditto.
-        * pcre/pcre_exec.c: Ditto.
-        * pcre/pcre_fullinfo.c: Ditto.
-        * pcre/pcre_get.c: Ditto.
-        * pcre/pcre_globals.c: Ditto.
-        * pcre/pcre_info.c: Ditto.
-        * pcre/pcre_internal.h: Ditto.
-        * pcre/pcre_maketables.c: Ditto.
-        * pcre/pcre_ord2utf8.c: Ditto.
-        * pcre/pcre_printint.c: Ditto.
-        * pcre/pcre_refcount.c: Ditto.
-        * pcre/pcre_study.c: Ditto.
-        * pcre/pcre_tables.c: Ditto.
-        * pcre/pcre_try_flipped.c: Ditto.
-        * pcre/pcre_ucp_findchar.c: Ditto.
-        * pcre/pcre_version.c: Ditto.
-        * pcre/pcre_xclass.c: Ditto.
-        * pcre/ucp.h: Ditto.
-        * pcre/ucp_findchar.c: Ditto.
-        * pcre/ucpinternal.h: Ditto.
-        * pcre/ucptable.c: Ditto.
-
-        * pcre/get.c: Removed.
-        * pcre/internal.h: Removed.
-        * pcre/maketables.c: Removed.
-        * pcre/pcre.c: Removed.
-        * pcre/study.c: Removed.
-
-2005-09-07  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed http://bugs.webkit.org/show_bug.cgi?id=4781
-        Date.setMonth fails with big values due to overflow
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (timetUsingCF): for consistency, changed return statement to invalidDate instead of LONG_MAX
-        (KJS::fillStructuresUsingTimeArgs): modified for readability
-        (KJS::fillStructuresUsingDateArgs): new function analogous to fillStructuresUsingTimeArgs
-        (KJS::DateProtoFuncImp::callAsFunction): modified to use fillStructuresUsingDateArgs
-        (KJS::DateObjectImp::construct): moved variable declaration to proper scope
-        (KJS::DateObjectFuncImp::callAsFunction): moved variable declaration to proper scope
-
-2005-09-07  Geoffrey Garen  <ggaren@apple.com>
-        -updated expected test results to reflect fix for 
-        http://bugs.webkit.org/show_bug.cgi?id=4698
-        kjs does not allow named functions in function expressions
- 
-        * tests/mozilla/expected.html:
-
-2005-09-04  Darin Adler  <darin@apple.com>
-
-        * kjs/identifier.cpp: Fix comment, add missing include.
-        (Follow-on to changes from yesterday.)
-
-2005-09-03  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed, tweaked and landed by Darin.
-
-        - another try at some of the Windows compilation fixes
-          should fix these bugs: 4546, 4831, 4834, 4643, 4830, 4832, 4833, 4835
-
-        * kjs/collector.cpp: Add missing <setjmp.h> include.
-        * kjs/date_object.cpp: Fix broken copysign macro.
-        * kjs/dtoa.cpp: Move macro definitions down after all header includes.
-        * kjs/fast_malloc.cpp: Add missing <assert.h> and <stddef.h> includes.
-        * kjs/function.cpp: Remove broken isxdigit definition.
-        * kjs/grammar.y: Add a missing semicolon (and remove an excess one).
-        * kjs/identifier.cpp: Turn off AVOID_STATIC_CONSTRUCTORS because the placement new syntax
-        doesn't seem to work in Visual C++ (I'm surprised to hear that, by the way).
-        * kjs/value.h: Made ValueImp's destructor virtual because otherwise pointers to ValueImp
-        on the stack aren't right for garbage collection on Windows (don't think it works that
-        way with gcc's virtual table scheme, but it's a harmless change).
-
-2005-09-03  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-
-        Reviewed, tweaked and landed by Darin.
-
-        - some Windows compilation fixes, hoping to fix the problems reported in these bugs:
-          4627, 4629, 4630, 4631, 4632, 4633, 4634, 4635, 4636, 4637, 4639, 4640, 4641, 4644, 4645
-
-        * kjs/collector.cpp: Include <windows.h> on WIN32. Put thread-related code inside
-        KJS_MULTIPLE_THREADS #if directives.
-        (KJS::Collector::markCurrentThreadConservatively): Use NT_TIB to find the stack base on Win32.
-
-        * kjs/config.h: Define HAVE_SYS_TIMEB_H for Win32.
-
-        * kjs/date_object.cpp: Add include of <limits.h>. Add definitions of strncasecmp, isfinite, and
-        copysign for Win32.
-        (KJS::KRFCDate_parseDate): Move "errno = 0" line down closer to the first call to strol -- I believe
-        that on Win32 there's some other call before that setting errno.
-
-        * kjs/date_object.h: Remove unneeded include of <sys/time.h>.
-
-        * kjs/dtoa.cpp: Add an undef of strtod, needed on Win32.
-
-        * kjs/fast_malloc.cpp: Put #if !WIN32 around some customization that's not appropriate on Win32.
-        (KJS::region_list_append): Add a missing cast so this Win32-specific function compiles in C++.
-        (KJS::sbrk): Change parameter type to match the declaration.
-
-        * kjs/function.cpp: (isxdigit): Define a locale-independent isxdigit on Win32.
-
-        * kjs/function.h: Remove unneeded friend class Function for FunctionImp.
-
-        * kjs/identifier.cpp: Took out the APPLE_CHANGES from around the AVOID_STATIC_CONSTRUCTORS
-        define. We ultimately intend to phase out APPLE_CHANGES entirely. Also fix the
-        non-AVOID_STATIC_CONSTRUCTORS code path.
-
-        * kjs/internal.cpp: Remove uneeded include of <strings.h>, which was confused with <string.h>!
-        Add a Win32 implementation of copysign. Put the threads code inside KJS_MULTIPLE_THREADS.
-
-        * kjs/internal.h: Define a KJS_MULTIPLE_THREADS macro on non-Win32 only. Later we can make this
-        specific to Mac OS X if we like.
-
-        * kjs/interpreter_map.cpp: Add missing include of <stdlib.h>.
-
-        * kjs/list.cpp:
-        (KJS::ListImp::markValues): Use std::min instead of MIN.
-        (KJS::List::copy): Ditto.
-        (KJS::List::copyTail): Ditto.
-
-        * kjs/math_object.cpp: (signbit): Add a Win32 implementation of signbit.
-
-        * kjs/nodes.cpp: (Node::finalCheck): Use unsigned instead of uint.
-        Put the use of always_inline inside __GNUC__.
-
-        * kjs/number_object.cpp: (NumberProtoFuncImp::callAsFunction): Use "10.0" instead of "10"
-        inside all the calls to pow to avoid ambiguity caused by overloading of pow on Win32, seen
-        when passing an int rather than a double or float.
-
-        * kjs/operations.cpp:
-        (KJS::isInf): Add Win32 implementation.
-        (KJS::isPosInf): Add Win32 implementation.
-        (KJS::isNegInf): Add Win32 implementation.
-
-        * kjs/regexp.cpp: Use unsigned instead of uint.
-        * kjs/regexp.h: Ditto.
-        * kjs/regexp_object.cpp: Ditto.
-        * kjs/regexp_object.h: Ditto.
-
-2005-09-02  Beth Dakin  <bdakin@apple.com>
-
-        Fix for <rdar://problem/4235531> Denver Regression: Safari crash in KWQStringData::makeUnicode
-        The other half of the fix is in WebCore.
-
-        Fix written by Maciej and Darin.
-        Reviewed by me/Maciej
-
-        As Maciej said in Radar: These problems was caused by a conflict between some of our custom 
-        allocators, causing them to return null. Symptom is typically a null pointer dereference in 
-        a place where it might be expected an allocation has just occurred.
-
-        * kjs/fast_malloc.cpp: Added #define for MORECORE_CONTIGUOUS, MORECORE_CANNOT_TRIM, 
-                               and MALLOC_FAILURE_ACTION.
-
-2005-08-31  Geoffrey Garen  <ggaren@apple.com>
-
-        -rolled in fix for http://bugs.webkit.org/show_bug.cgi?id=4698
-        kjs does not allow named functions in function expressions
-        
-        Fix by Arthur Langereis.
-        
-        Reviewed by darin.
-        
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (FuncExprNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::FuncExprNode::FuncExprNode):
-
-        Test cases added:
-
-        * layout-tests/fast/js/named-function-expression-expected.txt: Added.
-        * layout-tests/fast/js/named-function-expression.html: Added.
-        
-2005-08-31  Justin Haygood  <justin@xiondigital.net>
-
-        Reviewed, tweaked, and landed by Darin.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4085
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4087
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4096
-          Some fixes for compiling on windows.
-
-        * kjs/config.h: Added a WIN32 case in here, with suitable defines.
-        (To be tweaked as necessary.)
-        * kjs/function.cpp: Took out APPLE_CHANGES around use of ICU.
-        * kjs/operations.cpp: Removed some bogus code that always set HAVE_FLOAT_H.
-
-2005-08-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4758
-          unify SharedPtr in WebCore and JavaScriptCore
-
-        * kjs/shared_ptr.h: Updated namespace to KXMLCore instead of kxhmlcore.
-        Made a few small improvements to use local variables a bit more and added
-        an "operator int" to reduce the chance that we'll convert a SharedPtr to
-        an int by accident. Also made the == operators normal functions rather than
-        friend functions, added a couple of comemnts.
-
-        * kjs/function.h: Updated for namespace change.
-        * kjs/function.cpp: Ditto.
-        * kjs/function_object.cpp: Ditto.
-        * kjs/internal.h: Ditto.
-        * kjs/internal.cpp: Ditto.
-        * kjs/nodes.h: Ditto.
-        * kjs/nodes2string.cpp: Ditto.
-
-2005-08-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        <rdar://problem/4224911> many many leaks in kjsyyparse with malformed Javascript        
-
-        Record all nodes that are created during parsing, and delete any
-        that are left floating with a refcount of 0.
-        
-        * kjs/internal.cpp:
-        (KJS::Parser::saveNewNode):
-        (KJS::clearNewNodes):
-        (KJS::Parser::parse):
-        * kjs/internal.h:
-        * kjs/nodes.cpp:
-        (Node::Node):
-        * kjs/nodes.h:
-        (KJS::Node::refcount):
-
-2005-08-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fixed <rdar://problem/4232452> many many leaks in kjsyyparse on some well-formed JavaScript (can repro on sony.com, webkit tests)
-        
-        Fixed by changing the refcounting scheme for nodes. Instead of each node implementing a custom ref and
-        deref for all its children (and being responsible for deleting them), nodes use a smart pointer to
-        hold their children, and smart pointers are used outside the node tree as well. This change mostly
-        removes code.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/function.cpp:
-        (KJS::DeclaredFunctionImp::DeclaredFunctionImp):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/grammar.y:
-        * kjs/internal.cpp:
-        (KJS::Parser::parse):
-        (KJS::Parser::accept):
-        (KJS::InterpreterImp::checkSyntax):
-        (KJS::InterpreterImp::evaluate):
-        * kjs/internal.h:
-        * kjs/nodes.cpp:
-        (Node::Node):
-        (Node::~Node):
-        (ElementNode::evaluate):
-        (PropertyValueNode::evaluate):
-        (ArgumentListNode::evaluateList):
-        (NewExprNode::evaluate):
-        (FunctionCallValueNode::evaluate):
-        (FunctionCallBracketNode::evaluate):
-        (FunctionCallDotNode::evaluate):
-        (RelationalNode::evaluate):
-        (StatListNode::execute):
-        (StatListNode::processVarDecls):
-        (VarDeclListNode::evaluate):
-        (VarDeclListNode::processVarDecls):
-        (ForInNode::ForInNode):
-        (ClauseListNode::processVarDecls):
-        (CaseBlockNode::evalBlock):
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::evaluate):
-        (SourceElementsNode::execute):
-        (SourceElementsNode::processFuncDecl):
-        (SourceElementsNode::processVarDecls):
-        * kjs/nodes.h:
-        (KJS::Node::ref):
-        (KJS::Node::deref):
-        (KJS::NumberNode::NumberNode):
-        (KJS::GroupNode::GroupNode):
-        (KJS::ElementNode::ElementNode):
-        (KJS::ArrayNode::ArrayNode):
-        (KJS::PropertyValueNode::PropertyValueNode):
-        (KJS::ObjectLiteralNode::ObjectLiteralNode):
-        (KJS::BracketAccessorNode::BracketAccessorNode):
-        (KJS::DotAccessorNode::DotAccessorNode):
-        (KJS::ArgumentListNode::ArgumentListNode):
-        (KJS::ArgumentsNode::ArgumentsNode):
-        (KJS::NewExprNode::NewExprNode):
-        (KJS::FunctionCallValueNode::FunctionCallValueNode):
-        (KJS::FunctionCallResolveNode::FunctionCallResolveNode):
-        (KJS::FunctionCallBracketNode::FunctionCallBracketNode):
-        (KJS::FunctionCallDotNode::FunctionCallDotNode):
-        (KJS::PostfixNode::PostfixNode):
-        (KJS::DeleteNode::DeleteNode):
-        (KJS::VoidNode::VoidNode):
-        (KJS::TypeOfNode::TypeOfNode):
-        (KJS::PrefixNode::PrefixNode):
-        (KJS::UnaryPlusNode::UnaryPlusNode):
-        (KJS::NegateNode::NegateNode):
-        (KJS::BitwiseNotNode::BitwiseNotNode):
-        (KJS::LogicalNotNode::LogicalNotNode):
-        (KJS::MultNode::MultNode):
-        (KJS::AddNode::AddNode):
-        (KJS::ShiftNode::ShiftNode):
-        (KJS::RelationalNode::RelationalNode):
-        (KJS::EqualNode::EqualNode):
-        (KJS::BitOperNode::BitOperNode):
-        (KJS::BinaryLogicalNode::BinaryLogicalNode):
-        (KJS::ConditionalNode::ConditionalNode):
-        (KJS::AssignResolveNode::AssignResolveNode):
-        (KJS::AssignBracketNode::AssignBracketNode):
-        (KJS::AssignDotNode::AssignDotNode):
-        (KJS::CommaNode::CommaNode):
-        (KJS::AssignExprNode::AssignExprNode):
-        (KJS::VarDeclListNode::VarDeclListNode):
-        (KJS::VarStatementNode::VarStatementNode):
-        (KJS::ExprStatementNode::ExprStatementNode):
-        (KJS::IfNode::IfNode):
-        (KJS::DoWhileNode::DoWhileNode):
-        (KJS::WhileNode::WhileNode):
-        (KJS::ForNode::ForNode):
-        (KJS::ReturnNode::ReturnNode):
-        (KJS::WithNode::WithNode):
-        (KJS::CaseClauseNode::CaseClauseNode):
-        (KJS::ClauseListNode::ClauseListNode):
-        (KJS::ClauseListNode::clause):
-        (KJS::ClauseListNode::next):
-        (KJS::SwitchNode::SwitchNode):
-        (KJS::LabelNode::LabelNode):
-        (KJS::ThrowNode::ThrowNode):
-        (KJS::CatchNode::CatchNode):
-        (KJS::FinallyNode::FinallyNode):
-        (KJS::TryNode::TryNode):
-        (KJS::ParameterNode::ParameterNode):
-        (KJS::ParameterNode::nextParam):
-        (KJS::FuncDeclNode::FuncDeclNode):
-        (KJS::FuncExprNode::FuncExprNode):
-        * kjs/nodes2string.cpp:
-        (KJS::SourceStream::operator<<):
-        (ElementNode::streamTo):
-        (PropertyValueNode::streamTo):
-        (ArgumentListNode::streamTo):
-        (StatListNode::streamTo):
-        (VarDeclListNode::streamTo):
-        (CaseBlockNode::streamTo):
-        (ParameterNode::streamTo):
-        (SourceElementsNode::streamTo):
-        * kjs/shared_ptr.h: Added.
-        (kxmlcore::SharedPtr::SharedPtr):
-        (kxmlcore::SharedPtr::~SharedPtr):
-        (kxmlcore::SharedPtr::isNull):
-        (kxmlcore::SharedPtr::notNull):
-        (kxmlcore::SharedPtr::reset):
-        (kxmlcore::SharedPtr::get):
-        (kxmlcore::SharedPtr::operator*):
-        (kxmlcore::SharedPtr::operator->):
-        (kxmlcore::SharedPtr::operator!):
-        (kxmlcore::SharedPtr::operator bool):
-        (kxmlcore::SharedPtr::operator==):
-        (kxmlcore::::operator):
-        (kxmlcore::operator!=):
-        (kxmlcore::static_pointer_cast):
-        (kxmlcore::const_pointer_cast):
-
-2005-08-26  Geoff Garen  <ggaren@apple.com>
-
-        Reviewed by John.
-        Landed by Darin.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4664
-          TOT Crash from backwards null check in WebScriptObject.mm
-
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
-        Remove bogus !.
-
-2005-08-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - rename KJS::UString::string() to KJS::UString::domString()
-        - rename KJS::Identifier::string() to KJS::Identifier::domString()
-
-        * kjs/identifier.h: Renamed.
-        * kjs/ustring.h: Ditto.
-
-2005-08-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4435
-          speed up JavaScript by tweaking the Identifier class
-
-        * kjs/identifier.h: Add a new global nullIdentifier and make Identifier::null a function
-        that returns it.
-        * kjs/identifier.cpp: (KJS::Identifier::init): Initialize a global for the null identifier
-        as well as all the other globals for special identifiers.
-
-        * kjs/ustring.h: (KJS::UString::UString): Make this empty constructor inline.
-        * kjs/ustring.cpp: Remove the old non-inline version.
-
-2005-08-19  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-
-        Reviewed by Maciej.
-        Revised and landed by Darin.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4474
-          REGRESSION: Crash when using in-place operator on uninitialized array element
-
-        * kjs/nodes.cpp:
-        (AssignResolveNode::evaluate): Remove unneeded "isSet" assertion.
-        (AssignBracketNode::evaluate): Replace code that tested "isSet" with code that
-        tests the return value of getPropertySlot.
-
-        * kjs/property_slot.h: Removed unneeded "isSet" function. Property slots are
-        either uninitialized or set. There's no "initialized and not set" state.
-
-2005-08-18  Adele Peterson  <adele@apple.com>
-
-        Checked "Inline Functions Hidden" box
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2005-08-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fixed crash in one of the JavaScript tests (introduced by my throwError change)
-
-        * kjs/nodes.cpp: (Node::setExceptionDetailsIfNeeded): Check if the exception is an
-        object before setting the file and line number properties on it. Something to think
-        about in the future -- do we really want to do this on any object that's thrown?
-        How about limiting it to error objects that were created by the JavaScript engine?
-
-        - changed kjs_fast_malloc so we don't have two conflicting versions of the same function
-
-        * kjs/fast_malloc.h: Took out all the ifdefs from this header.
-        * kjs/fast_malloc.cpp: Added non-NDEBUG versions of the functions that just call
-        the system malloc, and put the NDEBUG versions in an #else.
-
-2005-08-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - clean up exported symbols that are not in a "KJS" namespace
-
-        * bindings/NP_jsobject.cpp: (identiferFromNPIdentifier): Marked this function static
-        so it no longer has external linkage.
-        * bindings/c/c_utility.h: Put all this stuff inside the KJS namespace.
-        * bindings/c/c_utility.cpp: Also marked some globals static so they don't have external
-        linkage; not as important given the namespace.
-        * bindings/npruntime.cpp: Marked functions static so they no longer have internal linkage.
-        Also removed unused _NPN_SetExceptionWithUTF8 function (not in header, had C++ linkage!).
-
-        * bindings/jni/jni_utility.cpp: (KJS::Bindings::getJavaVM): Call KJS_GetCreatedJavaVMs
-        using the soft linking header, instead of calling the JNI call. This allows processes
-        to link both JavaScriptCore and JavaVM without a symbol conflict.
-        * bindings/softlinking.c:
-        (loadFramework): Marked this function static so it no longer has external linkage.
-        (getFunctionPointer): Ditto.
-        (KJS_GetCreatedJavaVMs): Renamed this so it has a KJS prefix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added softlinking.h.
-        * bindings/softlinking.h: Added.
-
-        * kjs/nodes2string.cpp: (streamAssignmentOperatorTo): Marked this function static so it
-        no longer has external linkage.
-
-2005-08-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4437
-          clean up error creation with new throwError function
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_SetException):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::dispatchValueFromInstance):
-        (JavaField::dispatchSetValueToInstance):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject _initializeWithObjectImp:originExecutionContext:executionContext:]):
-        (-[WebScriptObject _initWithObjectImp:originExecutionContext:executionContext:]):
-        (+[WebScriptObject throwException:]):
-        (-[WebScriptObject setException:]):
-        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
-        * bindings/objc/objc_class.h:
-        (KJS::Bindings::ObjcClass::~ObjcClass):
-        (KJS::Bindings::ObjcClass::ObjcClass):
-        (KJS::Bindings::ObjcClass::operator=):
-        (KJS::Bindings::ObjcClass::constructorAt):
-        (KJS::Bindings::ObjcClass::numConstructors):
-        * bindings/objc/objc_header.h:
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcField::~ObjcField):
-        (KJS::Bindings::ObjcField::ObjcField):
-        (KJS::Bindings::ObjcField::operator=):
-        (KJS::Bindings::ObjcMethod::ObjcMethod):
-        (KJS::Bindings::ObjcMethod::~ObjcMethod):
-        (KJS::Bindings::ObjcMethod::operator=):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        (ObjcArray::setValueAt):
-        (ObjcArray::valueAt):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::JSMethodNameToObjCMethodName):
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertNSStringToString):
-        (KJS::Bindings::convertObjcValueToValue):
-        (KJS::Bindings::objcValueTypeForType):
-        (KJS::Bindings::createObjcInstanceForValue):
-        (KJS::Bindings::throwError):
-        * bindings/runtime.h:
-        (KJS::Bindings::Parameter::~Parameter):
-        (KJS::Bindings::Method::~Method):
-        (KJS::Bindings::Instance::Instance):
-        (KJS::Bindings::Instance::begin):
-        (KJS::Bindings::Instance::end):
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
-        (KJS::Bindings::Instance::setValueOfUndefinedField):
-        (KJS::Bindings::Instance::valueOf):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::put):
-        * bindings/runtime_object.h:
-        (KJS::RuntimeObjectImp::setInternalInstance):
-        (KJS::RuntimeObjectImp::getInternalInstance):
-        * kjs/array_object.cpp:
-        (getProperty):
-        (ArrayProtoFuncImp::callAsFunction):
-        (ArrayObjectImp::construct):
-        * kjs/bool_object.cpp:
-        (BooleanProtoFuncImp::callAsFunction):
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFuncImp::callAsFunction):
-        * kjs/function.cpp:
-        (KJS::decode):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function_object.cpp:
-        (FunctionProtoFuncImp::callAsFunction):
-        (FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (KJS::UndefinedImp::toObject):
-        (KJS::NullImp::toObject):
-        (KJS::InterpreterImp::evaluate):
-        (KJS::InternalFunctionImp::hasInstance):
-        * kjs/nodes.cpp:
-        (Node::throwError):
-        (substitute):
-        (Node::setExceptionDetailsIfNeeded):
-        (undefinedVariableError):
-        (ProgramNode::ProgramNode):
-        * kjs/number_object.cpp:
-        (NumberProtoFuncImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::call):
-        (KJS::ObjectImp::defaultValue):
-        (KJS::Error::create):
-        (KJS::throwError):
-        * kjs/object.h:
-        (KJS::ObjectImp::clearProperties):
-        (KJS::ObjectImp::getPropertySlot):
-        (KJS::ObjectImp::getOwnPropertySlot):
-        * kjs/object_object.cpp:
-        (ObjectProtoFuncImp::callAsFunction):
-        * kjs/reference.cpp:
-        (KJS::Reference::getBase):
-        (KJS::Reference::getValue):
-        (KJS::Reference::putValue):
-        (KJS::Reference::deleteValue):
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFuncImp::callAsFunction):
-        (RegExpObjectImp::construct):
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::callAsFunction):
-
-2005-08-15  Anders Carlsson  <andersca@mac.com>
-
-        Reviewed by Darin.
-
-        * tests/mozilla/ecma_3/Date/15.9.5.5.js:
-        Remove the code which tests that Date.toLocaleString should be parsable
-        by Date.parse. That is not true according to the spec.
-
-2005-08-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        * kjs/collector.cpp: (KJS::Collector::allocate): Use a local instead of a global in one
-        more place; slight speedup.
-
-2005-08-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed crash observed on one of the Apple-only layout tests
-
-        * kjs/property_map.cpp: (KJS::PropertyMap::mark): Change code to understand that deleted
-        entries have a value of NULL, so the deleted sentinel count doesn't need to be included
-        in the count of things to mark since we're ignoring the keys.
-
-2005-08-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4421
-          speed up JavaScript by inlining some label stack functions
-
-        * kjs/internal.h: Removed the copy constructor and assignment operator for LabelStack.
-        They were unused, and the implementations had bugs; I removed them rather than fixing them.
-        Also removed the clear function, since that was only needed to help the assignment operator
-        share code with the destructor, and was not efficient enough for the destructor.
-        (KJS::LabelStack::~LabelStack): Made this inline. Also used an efficient implementation
-        that's nice and fast when the stack is empty, better than the old clear() function which
-        used to keep updating and refetching "tos" each time through the loop.
-        (KJS::LabelStack::pop): Made this inline.
-
-        * kjs/internal.cpp: Deleted the now-inline functions and the obsolete functions. Also
-        deleted a commented-out line of code.
-
-2005-08-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4419
-          speed up JavaScript by improving KJS::List
-
-        my measurements show an improvement of 1% on iBench JavaScript
-
-        * kjs/list.cpp: Rearrange list to make the values and free list share the same storage,
-        which saves 4 bytes per list. Also remove the pointers used only on the heap from the
-        lists that are in the pool, which saves 8 bytes per list. Moving the free list pointer
-        closer to the start of the list object also speeds up access to the free list. New
-        "HeapListImp" struct is used only for the lists on the heap.
-        (KJS::List::markProtectedLists): Shadowed global variable in local and updated for the
-        new terminology ("heap" instead of "outside pool").
-        (KJS::allocateListImp): Updated for new terminology.
-        (KJS::List::release): Moved the code from deallocateListImp in here -- it wasn't being
-        inlined and didn't need to be in a separate function.
-
-2005-08-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4417
-          speed up JavaScript with some small changes to the property map code
-
-        my measurements show an improvement of 2% on iBench JavaScript
-
-        * kjs/property_map.h: (KJS::PropertyMap::PropertyMap): Made the default constructor inline.
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap): Changed loop to exit early once we know we've processed
-        all the hash table entries, based on the count.
-        (KJS::PropertyMap::mark): Ditto.
-
-        * kjs/object.h: Made an arbitrary change here to force recompiling so we pick up changes to
-        property_map.h. Works around what seems to be an Xcode header dependency bug.
-
-2005-08-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4416
-          speed up JavaScript with some improvements to the garbage collector
-
-        my measurements show an improvement of 2% on iBench JavaScript
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Use local variables to shadow globals instead of repeatedly
-        going at global variables. Tighten up loop implementations to make the common case fast.
-        (KJS::Collector::markStackObjectsConservatively): Use local variables to shadow globals.
-        Used a goto to eliminate a boolean since it was showing up in the profile.
-        (KJS::Collector::markProtectedObjects): Iterate through the table using pointer rather
-        than an index since the profile showed that generating better code.
-        (KJS::Collector::collect): Added a special case for blocks where all cells are used,
-        Use local variables to shadow globals. Eliminated a boolean by computing it another
-        way (checking to see if the number of live objects changed). Also used local variables
-        to shadow fields in the current cell when sweeping.
-        (KJS::Collector::numReferencedObjects): Use AllocatedValueImp instead of ValueImp
-        in one place -- means we get faster versions of various functions that don't worry
-        about SimpleNumber.
-        (KJS::className): Ditto.
-        (KJS::Collector::rootObjectClasses): Ditto.
-
-2005-08-14  Darin Adler  <darin@apple.com>
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4344
-          REGRESSION: JavaScript crash when going back from viewing a thread (NULL protoype)
-
-        * kjs/error_object.cpp: (NativeErrorImp::NativeErrorImp): Set proto in a more
-        straightforward way. The old code set the proto to 0 and then to the correct value.
-        This showed up as a "false positive" when searching for places that set prototype
-        to NULL/0 so I fixed it.
-
-        * kjs/function_object.cpp: (FunctionPrototypeImp::FunctionPrototypeImp): Change to
-        not pass an explicit "0" to the base class (InternalFunctionImp) constructor.
-
-        * kjs/internal.h: Added a default constructor for InternalFunctionImp.
-        * kjs/internal.cpp: (KJS::InternalFunctionImp::InternalFunctionImp): Added the
-        default constructor (empty body, just calls base class's default constructor).
-
-        * kjs/object.h:
-        (KJS::ObjectImp::ObjectImp): Add an assertion to catch NULL prototypes earlier
-        in Development builds.
-        (KJS::ObjectImp::setPrototype): Ditto.
-
-2005-08-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - two simple speed improvements for a 3% speed gain
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj: turn on -fstrict-aliasing
-
-        * kjs/scope_chain.h:
-        (KJS::ScopeChainIterator::ScopeChainIterator): Add a scope chain iterator
-        so you can walk a scope chain without having to make a copy that you then mutate.
-        (KJS::ScopeChainIterator::operator*): standard iterator operation
-        (KJS::ScopeChainIterator::operator->): ditto
-        (KJS::ScopeChainIterator::operator++): ditto
-        (KJS::ScopeChainIterator::operator==): ditto
-        (KJS::ScopeChainIterator::operator!=): ditto
-        (KJS::ScopeChain::begin): Iterator for the top of the scope chain
-        (KJS::ScopeChain::end): Iterator for one past the bottom (i.e. null)
-        * kjs/nodes.cpp:
-        (ResolveNode::evaluate): Use scope chain iterator instead of copying
-        a scope chain and then modifying the copy
-        (ResolveNode::evaluateReference): ditto
-        (FunctionCallResolveNode::evaluate): ditto
-        (AssignResolveNode::evaluate): ditto
-
-2005-08-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Anders Carlsson, reviewed by me.
-
-        * kjs/nodes.h: Fix build breakage.
-
-2005-08-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by hyatt.
-
-        - refactor function calls, 3% speedup on JS iBench.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (Node::throwError): Added new useful variants.
-        (FunctionCallValueNode::evaluate): New node to handle calls on expressions
-        that are strictly values, not references.
-        (FunctionCallValueNode::ref):  ditto
-        (FunctionCallValueNode::deref): ditto
-        (FunctionCallResolveNode::evaluate): New node to handle calls on identifier
-        expressions, so that they are looked up in the scope chain.
-        (FunctionCallResolveNode::ref): ditto
-        (FunctionCallResolveNode::deref): ditto
-        (FunctionCallBracketNode::evaluate): New node to handle calls on bracket
-        dereferences, so that the expression before brackets is used as the this
-        object.
-        (FunctionCallBracketNode::ref): ditto
-        (FunctionCallBracketNode::deref): ditto
-        (FunctionCallDotNode::evaluate): New node to handle calls on dot
-        dereferences, so that the expression before the dot is used as the this
-        object.
-        (FunctionCallDotNode::ref): ditto
-        (FunctionCallDotNode::deref): ditto
-        (dotExprNotAnObjectString): helper function to avoid global variable access.
-        (dotExprDoesNotAllowCallsString): ditto
-        * kjs/nodes.h: Declared new classes.
-        * kjs/nodes2string.cpp:
-        (FunctionCallValueNode::streamTo): Added - serializes the appropriate function call
-        (FunctionCallResolveNode::streamTo): ditto
-        (FunctionCallBracketNode::streamTo): ditto
-        (FunctionCallParenBracketNode::streamTo): ditto
-        (FunctionCallDotNode::streamTo): ditto
-        (FunctionCallParenDotNode::streamTo): ditto
-        * kjs/object.h:
-        (KJS::ObjectImp::isActivation): Change how activation objects are
-        detected in the scope chain, a virtual function is cheaper than the
-        old inheritance test.
-        * kjs/function.h:
-        (KJS::ActivationImp::isActivation): Ditto.
-
-2005-08-11  Maciej Stachowiak  <mjs@apple.com>
-
-        - added missing file from earlier checkin
-
-        * kjs/grammar_types.h: Added.
-        (KJS::makeNodePair):
-        (KJS::makeNodeWithIdent):
-
-2005-08-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-
-        * kjs/date_object.cpp:
-        (timetUsingCF): Fix one of the date tests my making the CF version of mktime
-        have the same quirk about the DST field as the real mktime.
-        * tests/mozilla/expected.html: Updated for newly fixed test.
-
-2005-08-11  Maciej Stachowiak  <mjs@apple.com>
-
-        - updated for one of the tests that Darin incidentally fixed.
-
-        * tests/mozilla/expected.html:
-
-2005-08-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-
-        Refactor assignment grammar to avoid Reference type, and to later
-        be able to take advantage of writeable PropertySlots, when those
-        are added. I also fixed a minor bug, turning a function to a
-        string lost parentheses, I made sure they are printed at least
-        where semantically significant.
-        
-        Test cases: see WebCore
-        
-        * kjs/grammar.y: Change grammar so that assignment expressions are parsed
-        directly to nodes that know how to set the kind of location being assigned, instead
-        of having a generic assign node that counts on evaluateReference.
-        * kjs/lexer.cpp: Include grammar_types.h.
-        * kjs/nodes.cpp:
-        (BracketAccessorNode): Renamed from AccessorNode1 for clarity.
-        (DotAccessorNode): Renamed from AccessorNode2 for clarity.
-        (combineForAssignment): Inline function for doing the proper kind of
-        operation for various update assignments like += or *=.
-        (AssignResolveNode): Node that handles assignment to a bare identifier.
-        (AssignDotNode): Node that handles assignments of the form EXPR . IDENT = EXPR
-        (AssignBracketNode): EXPR [ IDENT ] = EXPR
-        * kjs/nodes.h: Updated for declarations/renames of new classes.
-        * kjs/nodes2string.cpp:
-        (GroupNode::streamTo): Fixed to print parens around the expression.
-        (BracketAccessorNode::streamTo): Renamed.
-        (DotAccessorNode::streamTo): Renamed.
-        (AssignResolveNode::streamTo): Added.
-        (AssignBracketNode::streamTo): Added.
-        (AssignDotNode::streamTo): Added.
-        (streamAssignmentOperatorTo): helper function for the above
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::isSet): Made this const.
-
-2005-08-10  Adele Peterson  <adele@apple.com>
-
-        Bumping version to 420+
-
-        * Info.plist:
-
-2005-08-10  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed <rdar://problem/4151132> REGRESSION: Some applet liveconnect calls 
-        throws privilege exception.
-        
-        Reviewed by richard and mjs.
-
-        -I removed the global static JavaClass cache, since it violated Java
-        security to cache classes between websites and applets.
-        
-        * bindings/jni/jni_class.cpp: 
-            -removed global static cache dictionary
-            -instance constructor and destructor now do the work that used to 
-            be done by static factory methods
-            -removed obsolete functions
-        (JavaClass::JavaClass):
-        (JavaClass::~JavaClass):
-        * bindings/jni/jni_class.h:
-            -removed obsolete function declarations
-            -made copying private since it's unused and it's also not clear
-            excatly how copying would work with Java security
-            -made default construction private since it's meaningless
-        * bindings/jni/jni_instance.cpp:
-            -removed obsolete functions
-        (JavaInstance::~JavaInstance):
-        (JavaInstance::getClass):
-        * bindings/jni/jni_instance.h:
-           -made copying private since it's unused and it's also not clear
-            excatly how copying would work with Java security
-            -made default construction private since it's meaningless
-
-2005-08-08  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed crash caused by fix for http://bugs.webkit.org/show_bug.cgi?id=4313
-        
-        - exceptionDescription now gets explicitly initialized to NULL in all
-        the places listed below -- our wrapper classes used to take care of this 
-        automagically
-        
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::dispatchValueFromInstance):
-        (JavaField::dispatchSetValueToInstance):
-
-2005-08-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4325
-          Mozilla Date tests have an unnecessary loop that runs 1970 times before each test
-
-        * tests/mozilla/ecma/shell.js: Added TIME_YEAR_0 constant.
-
-        * tests/mozilla/ecma/Date/15.9.5.10-1.js: Removed the loop and changed code to use the constant.
-        * tests/mozilla/ecma/Date/15.9.5.10-10.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-11.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-12.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-13.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-2.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-3.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-4.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-5.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-6.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-7.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-8.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.10-9.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.11-2.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-1.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-2.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-3.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-4.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-5.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-6.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-7.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.12-8.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.13-2.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.13-8.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.14.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.15.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.16.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.17.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.18.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.19.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.20.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-1.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-2.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-3.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-4.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-5.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-6.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-7.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.21-8.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-1.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-2.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-3.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-4.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-5.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-6.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-7.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.22-8.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.23-4.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.23-5.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.23-6.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.23-7.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.23-8.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.23-9.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.5.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.6.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.7.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.8.js: Ditto.
-        * tests/mozilla/ecma/Date/15.9.5.9.js: Ditto.
-
-2005-08-08  Darin Adler  <darin@apple.com>
-
-        - forgot to delete an obsolete file
-
-        * kjs/object_wrapper.h: Deleted.
-
-2005-08-07  Darin Adler  <darin@apple.com>
-
-        - fixed two problems compiling with gcc 4.0
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::callAsFunction): Initialized a
-        variable to quiet an erroneous warning.
-        * kjs/date_object.cpp: (KJS::makeTime): Removed extraneous KJS:: prefix.
-
-2005-08-07  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Maciej.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4313
-          eliminate KJS::Value and KJS::Object smart pointer wrappers (for simplicity and speed)
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed object_wrapper.h.
-
-        Global replaces and other wonderful stuff.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_HasMethod):
-        (_NPN_SetException):
-        * bindings/c/c_instance.cpp:
-        (KJS::Bindings::CInstance::CInstance):
-        (KJS::Bindings::CInstance::invokeMethod):
-        (KJS::Bindings::CInstance::invokeDefaultMethod):
-        (KJS::Bindings::CInstance::defaultValue):
-        (KJS::Bindings::CInstance::stringValue):
-        (KJS::Bindings::CInstance::numberValue):
-        (KJS::Bindings::CInstance::booleanValue):
-        (KJS::Bindings::CInstance::valueOf):
-        * bindings/c/c_instance.h:
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        * bindings/c/c_runtime.h:
-        * bindings/c/c_utility.cpp:
-        (convertNPStringToUTF16):
-        (convertUTF8ToUTF16):
-        (coerceValueToNPVariantStringType):
-        (convertValueToNPVariant):
-        (convertNPVariantToValue):
-        * bindings/c/c_utility.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::stringValue):
-        (JavaInstance::numberValue):
-        (JavaInstance::booleanValue):
-        (JavaInstance::invokeMethod):
-        (JavaInstance::invokeDefaultMethod):
-        (JavaInstance::defaultValue):
-        (JavaInstance::valueOf):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::invoke):
-        (JSObject::call):
-        (JSObject::eval):
-        (JSObject::getMember):
-        (JSObject::getSlot):
-        (JSObject::toString):
-        (JSObject::convertValueToJObject):
-        (JSObject::convertJObjectToValue):
-        (JSObject::listFromJArray):
-        * bindings/jni/jni_jsobject.h:
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::convertJObjectToArray):
-        (JavaField::dispatchValueFromInstance):
-        (JavaField::valueFromInstance):
-        (JavaField::dispatchSetValueToInstance):
-        (JavaField::setValueToInstance):
-        (JavaArray::setValueAt):
-        (JavaArray::valueAt):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaString::ustring):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM):
-        (KJS::Bindings::getJNIEnv):
-        (KJS::Bindings::getMethodID):
-        (KJS::Bindings::callJNIVoidMethod):
-        (KJS::Bindings::callJNIObjectMethod):
-        (KJS::Bindings::callJNIBooleanMethod):
-        (KJS::Bindings::callJNIStaticBooleanMethod):
-        (KJS::Bindings::callJNIByteMethod):
-        (KJS::Bindings::callJNICharMethod):
-        (KJS::Bindings::callJNIShortMethod):
-        (KJS::Bindings::callJNIIntMethod):
-        (KJS::Bindings::callJNILongMethod):
-        (KJS::Bindings::callJNIFloatMethod):
-        (KJS::Bindings::callJNIDoubleMethod):
-        (KJS::Bindings::callJNIVoidMethodA):
-        (KJS::Bindings::callJNIObjectMethodA):
-        (KJS::Bindings::callJNIByteMethodA):
-        (KJS::Bindings::callJNICharMethodA):
-        (KJS::Bindings::callJNIShortMethodA):
-        (KJS::Bindings::callJNIIntMethodA):
-        (KJS::Bindings::callJNILongMethodA):
-        (KJS::Bindings::callJNIFloatMethodA):
-        (KJS::Bindings::callJNIDoubleMethodA):
-        (KJS::Bindings::callJNIBooleanMethodA):
-        (KJS::Bindings::callJNIVoidMethodIDA):
-        (KJS::Bindings::callJNIObjectMethodIDA):
-        (KJS::Bindings::callJNIByteMethodIDA):
-        (KJS::Bindings::callJNICharMethodIDA):
-        (KJS::Bindings::callJNIShortMethodIDA):
-        (KJS::Bindings::callJNIIntMethodIDA):
-        (KJS::Bindings::callJNILongMethodIDA):
-        (KJS::Bindings::callJNIFloatMethodIDA):
-        (KJS::Bindings::callJNIDoubleMethodIDA):
-        (KJS::Bindings::callJNIBooleanMethodIDA):
-        (KJS::Bindings::getCharactersFromJString):
-        (KJS::Bindings::releaseCharactersForJString):
-        (KJS::Bindings::getCharactersFromJStringInEnv):
-        (KJS::Bindings::releaseCharactersForJStringInEnv):
-        (KJS::Bindings::getUCharactersFromJStringInEnv):
-        (KJS::Bindings::releaseUCharactersForJStringInEnv):
-        (KJS::Bindings::JNITypeFromClassName):
-        (KJS::Bindings::signatureFromPrimitiveType):
-        (KJS::Bindings::JNITypeFromPrimitiveType):
-        (KJS::Bindings::getJNIField):
-        (KJS::Bindings::convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/objc/WebScriptObject.mm:
-        (_didExecute):
-        (-[WebScriptObject _initializeWithObjectImp:originExecutionContext:Bindings::executionContext:Bindings::]):
-        (-[WebScriptObject _initWithObjectImp:originExecutionContext:Bindings::executionContext:Bindings::]):
-        (-[WebScriptObject _imp]):
-        (-[WebScriptObject _executionContext]):
-        (-[WebScriptObject _setExecutionContext:]):
-        (-[WebScriptObject _originExecutionContext]):
-        (-[WebScriptObject _setOriginExecutionContext:]):
-        (+[WebScriptObject throwException:]):
-        (listFromNSArray):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject removeWebScriptKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        (-[WebScriptObject webScriptValueAtIndex:]):
-        (-[WebScriptObject setException:]):
-        (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:Bindings::]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        (KJS::Bindings::ObjcClass::fallbackObject):
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::invokeDefaultMethod):
-        (ObjcInstance::setValueOfField):
-        (ObjcInstance::setValueOfUndefinedField):
-        (ObjcInstance::getValueOfField):
-        (ObjcInstance::getValueOfUndefinedField):
-        (ObjcInstance::defaultValue):
-        (ObjcInstance::stringValue):
-        (ObjcInstance::numberValue):
-        (ObjcInstance::booleanValue):
-        (ObjcInstance::valueOf):
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (convertValueToObjcObject):
-        (ObjcField::setValueToInstance):
-        (ObjcArray::setValueAt):
-        (ObjcArray::valueAt):
-        (ObjcFallbackObjectImp::put):
-        (ObjcFallbackObjectImp::callAsFunction):
-        (ObjcFallbackObjectImp::defaultValue):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (Bindings::JSMethodNameToObjCMethodName):
-        (Bindings::convertValueToObjcValue):
-        (Bindings::convertNSStringToString):
-        (Bindings::convertObjcValueToValue):
-        (Bindings::objcValueTypeForType):
-        (Bindings::createObjcInstanceForValue):
-        * bindings/runtime.cpp:
-        (Instance::getValueOfField):
-        (Instance::setValueOfField):
-        (Instance::createRuntimeObject):
-        (Instance::createLanguageInstanceForValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Constructor::~Constructor):
-        (KJS::Bindings::Field::~Field):
-        (KJS::Bindings::MethodList::MethodList):
-        (KJS::Bindings::Class::fallbackObject):
-        (KJS::Bindings::Class::~Class):
-        (KJS::Bindings::Instance::Instance):
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
-        (KJS::Bindings::Instance::setValueOfUndefinedField):
-        (KJS::Bindings::Instance::valueOf):
-        (KJS::Bindings::Instance::setExecutionContext):
-        (KJS::Bindings::Instance::~Instance):
-        (KJS::Bindings::Array::~Array):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::RuntimeArrayImp):
-        (RuntimeArrayImp::lengthGetter):
-        (RuntimeArrayImp::indexGetter):
-        (RuntimeArrayImp::put):
-        * bindings/runtime_array.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::lengthGetter):
-        (RuntimeMethodImp::callAsFunction):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::fallbackObjectGetter):
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::methodGetter):
-        (RuntimeObjectImp::getOwnPropertySlot):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::defaultValue):
-        (RuntimeObjectImp::callAsFunction):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp):
-        (ArrayInstanceImp::lengthGetter):
-        (ArrayInstanceImp::getOwnPropertySlot):
-        (ArrayInstanceImp::put):
-        (ArrayInstanceImp::propList):
-        (ArrayInstanceImp::setLength):
-        (compareByStringForQSort):
-        (compareWithCompareFunctionForQSort):
-        (ArrayInstanceImp::sort):
-        (ArrayInstanceImp::pushUndefinedObjectsToEnd):
-        (ArrayPrototypeImp::ArrayPrototypeImp):
-        (ArrayProtoFuncImp::ArrayProtoFuncImp):
-        (ArrayProtoFuncImp::callAsFunction):
-        (ArrayObjectImp::ArrayObjectImp):
-        (ArrayObjectImp::construct):
-        (ArrayObjectImp::callAsFunction):
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        (BooleanPrototypeImp::BooleanPrototypeImp):
-        (BooleanProtoFuncImp::BooleanProtoFuncImp):
-        (BooleanProtoFuncImp::callAsFunction):
-        (BooleanObjectImp::BooleanObjectImp):
-        (BooleanObjectImp::construct):
-        (BooleanObjectImp::callAsFunction):
-        * kjs/bool_object.h:
-        * kjs/collector.cpp:
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::collect):
-        (KJS::className):
-        * kjs/completion.h:
-        (KJS::Completion::Completion):
-        (KJS::Completion::value):
-        (KJS::Completion::isValueCompletion):
-        * kjs/context.h:
-        (KJS::ContextImp::variableObject):
-        (KJS::ContextImp::setVariableObject):
-        (KJS::ContextImp::thisValue):
-        (KJS::ContextImp::activationObject):
-        (KJS::ContextImp::pushScope):
-        * kjs/date_object.cpp:
-        (formatLocaleDate):
-        (KJS::timeFromArgs):
-        (KJS::DatePrototypeImp::DatePrototypeImp):
-        (KJS::DateProtoFuncImp::DateProtoFuncImp):
-        (KJS::DateProtoFuncImp::callAsFunction):
-        (KJS::DateObjectImp::DateObjectImp):
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectImp::callAsFunction):
-        (KJS::DateObjectFuncImp::DateObjectFuncImp):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        (KJS::parseDate):
-        (KJS::KRFCDate_parseDate):
-        (KJS::timeClip):
-        * kjs/date_object.h:
-        * kjs/debugger.cpp:
-        (Debugger::exception):
-        (Debugger::callEvent):
-        (Debugger::returnEvent):
-        * kjs/debugger.h:
-        * kjs/error_object.cpp:
-        (ErrorPrototypeImp::ErrorPrototypeImp):
-        (ErrorProtoFuncImp::ErrorProtoFuncImp):
-        (ErrorProtoFuncImp::callAsFunction):
-        (ErrorObjectImp::ErrorObjectImp):
-        (ErrorObjectImp::construct):
-        (ErrorObjectImp::callAsFunction):
-        (NativeErrorPrototypeImp::NativeErrorPrototypeImp):
-        (NativeErrorImp::NativeErrorImp):
-        (NativeErrorImp::construct):
-        (NativeErrorImp::callAsFunction):
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::FunctionImp):
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::FunctionImp::processParameters):
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::put):
-        (KJS::DeclaredFunctionImp::DeclaredFunctionImp):
-        (KJS::DeclaredFunctionImp::construct):
-        (KJS::ArgumentsImp::ArgumentsImp):
-        (KJS::ArgumentsImp::mappedIndexGetter):
-        (KJS::ArgumentsImp::put):
-        (KJS::ActivationImp::argumentsGetter):
-        (KJS::GlobalFuncImp::GlobalFuncImp):
-        (KJS::encode):
-        (KJS::decode):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (FunctionPrototypeImp::FunctionPrototypeImp):
-        (FunctionPrototypeImp::callAsFunction):
-        (FunctionProtoFuncImp::FunctionProtoFuncImp):
-        (FunctionProtoFuncImp::callAsFunction):
-        (FunctionObjectImp::FunctionObjectImp):
-        (FunctionObjectImp::construct):
-        (FunctionObjectImp::callAsFunction):
-        * kjs/function_object.h:
-        * kjs/internal.cpp:
-        (KJS::UndefinedImp::toPrimitive):
-        (KJS::UndefinedImp::toObject):
-        (KJS::NullImp::toPrimitive):
-        (KJS::NullImp::toObject):
-        (KJS::BooleanImp::toPrimitive):
-        (KJS::BooleanImp::toObject):
-        (KJS::StringImp::toPrimitive):
-        (KJS::StringImp::toObject):
-        (KJS::NumberImp::toPrimitive):
-        (KJS::NumberImp::toObject):
-        (KJS::NumberImp::getUInt32):
-        (KJS::LabelStack::push):
-        (KJS::ContextImp::ContextImp):
-        (KJS::InterpreterImp::globalInit):
-        (KJS::InterpreterImp::globalClear):
-        (KJS::InterpreterImp::InterpreterImp):
-        (KJS::InterpreterImp::initGlobalObject):
-        (KJS::InterpreterImp::clear):
-        (KJS::InterpreterImp::mark):
-        (KJS::InterpreterImp::evaluate):
-        (KJS::InternalFunctionImp::hasInstance):
-        (KJS::roundValue):
-        (KJS::printInfo):
-        * kjs/internal.h:
-        (KJS::InterpreterImp::builtinObject):
-        (KJS::InterpreterImp::builtinFunction):
-        (KJS::InterpreterImp::builtinArray):
-        (KJS::InterpreterImp::builtinBoolean):
-        (KJS::InterpreterImp::builtinString):
-        (KJS::InterpreterImp::builtinNumber):
-        (KJS::InterpreterImp::builtinDate):
-        (KJS::InterpreterImp::builtinRegExp):
-        (KJS::InterpreterImp::builtinError):
-        (KJS::InterpreterImp::builtinObjectPrototype):
-        (KJS::InterpreterImp::builtinFunctionPrototype):
-        (KJS::InterpreterImp::builtinArrayPrototype):
-        (KJS::InterpreterImp::builtinBooleanPrototype):
-        (KJS::InterpreterImp::builtinStringPrototype):
-        (KJS::InterpreterImp::builtinNumberPrototype):
-        (KJS::InterpreterImp::builtinDatePrototype):
-        (KJS::InterpreterImp::builtinRegExpPrototype):
-        (KJS::InterpreterImp::builtinErrorPrototype):
-        (KJS::InterpreterImp::builtinEvalError):
-        (KJS::InterpreterImp::builtinRangeError):
-        (KJS::InterpreterImp::builtinReferenceError):
-        (KJS::InterpreterImp::builtinSyntaxError):
-        (KJS::InterpreterImp::builtinTypeError):
-        (KJS::InterpreterImp::builtinURIError):
-        (KJS::InterpreterImp::builtinEvalErrorPrototype):
-        (KJS::InterpreterImp::builtinRangeErrorPrototype):
-        (KJS::InterpreterImp::builtinReferenceErrorPrototype):
-        (KJS::InterpreterImp::builtinSyntaxErrorPrototype):
-        (KJS::InterpreterImp::builtinTypeErrorPrototype):
-        (KJS::InterpreterImp::builtinURIErrorPrototype):
-        * kjs/interpreter.cpp:
-        (Context::variableObject):
-        (Context::thisValue):
-        (Interpreter::Interpreter):
-        (Interpreter::globalObject):
-        (Interpreter::evaluate):
-        (Interpreter::builtinObject):
-        (Interpreter::builtinFunction):
-        (Interpreter::builtinArray):
-        (Interpreter::builtinBoolean):
-        (Interpreter::builtinString):
-        (Interpreter::builtinNumber):
-        (Interpreter::builtinDate):
-        (Interpreter::builtinRegExp):
-        (Interpreter::builtinError):
-        (Interpreter::builtinObjectPrototype):
-        (Interpreter::builtinFunctionPrototype):
-        (Interpreter::builtinArrayPrototype):
-        (Interpreter::builtinBooleanPrototype):
-        (Interpreter::builtinStringPrototype):
-        (Interpreter::builtinNumberPrototype):
-        (Interpreter::builtinDatePrototype):
-        (Interpreter::builtinRegExpPrototype):
-        (Interpreter::builtinErrorPrototype):
-        (Interpreter::builtinEvalError):
-        (Interpreter::builtinRangeError):
-        (Interpreter::builtinReferenceError):
-        (Interpreter::builtinSyntaxError):
-        (Interpreter::builtinTypeError):
-        (Interpreter::builtinURIError):
-        (Interpreter::builtinEvalErrorPrototype):
-        (Interpreter::builtinRangeErrorPrototype):
-        (Interpreter::builtinReferenceErrorPrototype):
-        (Interpreter::builtinSyntaxErrorPrototype):
-        (Interpreter::builtinTypeErrorPrototype):
-        (Interpreter::builtinURIErrorPrototype):
-        (Interpreter::createLanguageInstanceForValue):
-        * kjs/interpreter.h:
-        (KJS::Interpreter::isGlobalObject):
-        (KJS::ExecState::setException):
-        (KJS::ExecState::clearException):
-        (KJS::ExecState::exception):
-        (KJS::ExecState::hadException):
-        (KJS::ExecState::ExecState):
-        * kjs/list.cpp:
-        (KJS::List::at):
-        * kjs/list.h:
-        (KJS::List::operator[]):
-        (KJS::ListIterator::operator->):
-        (KJS::ListIterator::operator*):
-        (KJS::ListIterator::operator++):
-        (KJS::ListIterator::operator--):
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::staticValueGetter):
-        (KJS::lookupPut):
-        (KJS::cacheGlobalObject):
-        * kjs/math_object.cpp:
-        (MathObjectImp::getValueProperty):
-        (MathFuncImp::MathFuncImp):
-        (MathFuncImp::callAsFunction):
-        * kjs/math_object.h:
-        * kjs/nodes.cpp:
-        (Node::evaluateReference):
-        (Node::throwError):
-        (Node::setExceptionDetailsIfNeeded):
-        (NullNode::evaluate):
-        (BooleanNode::evaluate):
-        (NumberNode::evaluate):
-        (StringNode::evaluate):
-        (RegExpNode::evaluate):
-        (ThisNode::evaluate):
-        (ResolveNode::evaluate):
-        (ResolveNode::evaluateReference):
-        (GroupNode::evaluate):
-        (ElementNode::evaluate):
-        (ArrayNode::evaluate):
-        (ObjectLiteralNode::evaluate):
-        (PropertyValueNode::evaluate):
-        (PropertyNode::evaluate):
-        (AccessorNode1::evaluate):
-        (AccessorNode1::evaluateReference):
-        (AccessorNode2::evaluate):
-        (AccessorNode2::evaluateReference):
-        (ArgumentListNode::evaluate):
-        (ArgumentListNode::evaluateList):
-        (ArgumentsNode::evaluate):
-        (NewExprNode::evaluate):
-        (FunctionCallNode::evaluate):
-        (PostfixNode::evaluate):
-        (DeleteNode::evaluate):
-        (VoidNode::evaluate):
-        (TypeOfNode::evaluate):
-        (PrefixNode::evaluate):
-        (UnaryPlusNode::evaluate):
-        (NegateNode::evaluate):
-        (BitwiseNotNode::evaluate):
-        (LogicalNotNode::evaluate):
-        (MultNode::evaluate):
-        (AddNode::evaluate):
-        (ShiftNode::evaluate):
-        (RelationalNode::evaluate):
-        (EqualNode::evaluate):
-        (BitOperNode::evaluate):
-        (BinaryLogicalNode::evaluate):
-        (ConditionalNode::evaluate):
-        (AssignNode::evaluate):
-        (CommaNode::evaluate):
-        (StatListNode::execute):
-        (AssignExprNode::evaluate):
-        (VarDeclNode::evaluate):
-        (VarDeclNode::processVarDecls):
-        (VarDeclListNode::evaluate):
-        (ExprStatementNode::execute):
-        (IfNode::execute):
-        (DoWhileNode::execute):
-        (WhileNode::execute):
-        (ForNode::execute):
-        (ForInNode::execute):
-        (ContinueNode::execute):
-        (BreakNode::execute):
-        (ReturnNode::execute):
-        (WithNode::execute):
-        (CaseClauseNode::evaluate):
-        (ClauseListNode::evaluate):
-        (CaseBlockNode::evaluate):
-        (CaseBlockNode::evalBlock):
-        (SwitchNode::execute):
-        (ThrowNode::execute):
-        (CatchNode::execute):
-        (TryNode::execute):
-        (ParameterNode::evaluate):
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::evaluate):
-        (SourceElementsNode::execute):
-        * kjs/nodes.h:
-        (KJS::StatementNode::evaluate):
-        * kjs/number_object.cpp:
-        (NumberPrototypeImp::NumberPrototypeImp):
-        (NumberProtoFuncImp::NumberProtoFuncImp):
-        (NumberProtoFuncImp::callAsFunction):
-        (NumberObjectImp::NumberObjectImp):
-        (NumberObjectImp::getValueProperty):
-        (NumberObjectImp::construct):
-        (NumberObjectImp::callAsFunction):
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::call):
-        (KJS::ObjectImp::mark):
-        (KJS::ObjectImp::classInfo):
-        (KJS::ObjectImp::get):
-        (KJS::ObjectImp::getProperty):
-        (KJS::ObjectImp::getPropertySlot):
-        (KJS::ObjectImp::put):
-        (KJS::ObjectImp::hasOwnProperty):
-        (KJS::ObjectImp::defaultValue):
-        (KJS::ObjectImp::findPropertyHashEntry):
-        (KJS::ObjectImp::construct):
-        (KJS::ObjectImp::callAsFunction):
-        (KJS::ObjectImp::hasInstance):
-        (KJS::ObjectImp::propList):
-        (KJS::ObjectImp::toPrimitive):
-        (KJS::ObjectImp::toNumber):
-        (KJS::ObjectImp::toString):
-        (KJS::ObjectImp::toObject):
-        (KJS::ObjectImp::putDirect):
-        (KJS::Error::create):
-        (KJS::error):
-        * kjs/object.h:
-        (KJS::):
-        (KJS::ObjectImp::getPropertySlot):
-        (KJS::AllocatedValueImp::isObject):
-        (KJS::ObjectImp::ObjectImp):
-        (KJS::ObjectImp::internalValue):
-        (KJS::ObjectImp::setInternalValue):
-        (KJS::ObjectImp::prototype):
-        (KJS::ObjectImp::setPrototype):
-        (KJS::ObjectImp::inherits):
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::ObjectProtoFuncImp):
-        (ObjectProtoFuncImp::callAsFunction):
-        (ObjectObjectImp::ObjectObjectImp):
-        (ObjectObjectImp::construct):
-        (ObjectObjectImp::callAsFunction):
-        * kjs/object_object.h:
-        * kjs/operations.cpp:
-        (KJS::equal):
-        (KJS::strictEqual):
-        (KJS::relation):
-        (KJS::add):
-        (KJS::mult):
-        * kjs/operations.h:
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::mark):
-        (KJS::PropertyMap::addEnumerablesToReferenceList):
-        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList):
-        (KJS::PropertyMap::save):
-        (KJS::PropertyMap::restore):
-        * kjs/property_map.h:
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::undefinedGetter):
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::getValue):
-        * kjs/protect.h:
-        (KJS::gcUnprotectNullTolerant):
-        (KJS::ProtectedValue::ProtectedValue):
-        (KJS::ProtectedValue::~ProtectedValue):
-        (KJS::ProtectedValue::operator=):
-        (KJS::ProtectedValue::operator ValueImp *):
-        (KJS::ProtectedValue::operator->):
-        * kjs/protected_object.h:
-        (KJS::ProtectedObject::ProtectedObject):
-        (KJS::ProtectedObject::operator=):
-        (KJS::ProtectedObject::operator ValueImp *):
-        (KJS::ProtectedObject::operator ObjectImp *):
-        (KJS::ProtectedObject::operator->):
-        (KJS::ProtectedReference::ProtectedReference):
-        (KJS::ProtectedReference::~ProtectedReference):
-        (KJS::ProtectedReference::operator=):
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::getProtectCount):
-        (KJS::ProtectedValues::increaseProtectCount):
-        (KJS::ProtectedValues::insert):
-        (KJS::ProtectedValues::decreaseProtectCount):
-        * kjs/protected_values.h:
-        * kjs/reference.cpp:
-        (KJS::Reference::Reference):
-        (KJS::Reference::makeValueReference):
-        (KJS::Reference::getBase):
-        (KJS::Reference::getValue):
-        (KJS::Reference::putValue):
-        (KJS::Reference::deleteValue):
-        * kjs/reference.h:
-        (KJS::Reference::baseIfMutable):
-        * kjs/regexp_object.cpp:
-        (RegExpPrototypeImp::RegExpPrototypeImp):
-        (RegExpProtoFuncImp::RegExpProtoFuncImp):
-        (RegExpProtoFuncImp::callAsFunction):
-        (RegExpObjectImp::RegExpObjectImp):
-        (RegExpObjectImp::arrayOfMatches):
-        (RegExpObjectImp::backrefGetter):
-        (RegExpObjectImp::construct):
-        (RegExpObjectImp::callAsFunction):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (StringInstanceImp::lengthGetter):
-        (StringInstanceImp::indexGetter):
-        (StringInstanceImp::getOwnPropertySlot):
-        (StringInstanceImp::put):
-        (StringPrototypeImp::StringPrototypeImp):
-        (StringProtoFuncImp::StringProtoFuncImp):
-        (regExpIsGlobal):
-        (replace):
-        (StringProtoFuncImp::callAsFunction):
-        (StringObjectImp::StringObjectImp):
-        (StringObjectImp::construct):
-        (StringObjectImp::callAsFunction):
-        (StringObjectFuncImp::StringObjectFuncImp):
-        (StringObjectFuncImp::callAsFunction):
-        * kjs/string_object.h:
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-        (VersionFunctionImp::callAsFunction):
-        (main):
-        * kjs/value.cpp:
-        (KJS::AllocatedValueImp::operator new):
-        (KJS::AllocatedValueImp::getUInt32):
-        (KJS::ValueImp::toInteger):
-        (KJS::ValueImp::toInt32):
-        (KJS::ValueImp::toUInt32):
-        (KJS::ValueImp::toUInt16):
-        (KJS::ValueImp::toObject):
-        (KJS::AllocatedValueImp::getBoolean):
-        (KJS::AllocatedValueImp::getNumber):
-        (KJS::AllocatedValueImp::getString):
-        (KJS::AllocatedValueImp::getObject):
-        (KJS::jsString):
-        (KJS::jsNumber):
-        (KJS::ConstantValues::init):
-        (KJS::ConstantValues::clear):
-        (KJS::ConstantValues::mark):
-        * kjs/value.h:
-        (KJS::):
-        (KJS::jsUndefined):
-        (KJS::jsNull):
-        (KJS::jsBoolean):
-        (KJS::jsNaN):
-        (KJS::ValueImp::ValueImp):
-        (KJS::ValueImp::~ValueImp):
-        (KJS::AllocatedValueImp::AllocatedValueImp):
-        (KJS::AllocatedValueImp::~AllocatedValueImp):
-        (KJS::AllocatedValueImp::isBoolean):
-        (KJS::AllocatedValueImp::isNumber):
-        (KJS::AllocatedValueImp::isString):
-        (KJS::AllocatedValueImp::isObject):
-        (KJS::AllocatedValueImp::marked):
-        (KJS::AllocatedValueImp::mark):
-        (KJS::ValueImp::downcast):
-        (KJS::ValueImp::isUndefined):
-        (KJS::ValueImp::isNull):
-        (KJS::ValueImp::isUndefinedOrNull):
-        (KJS::ValueImp::isBoolean):
-        (KJS::ValueImp::isNumber):
-        (KJS::ValueImp::isString):
-        (KJS::ValueImp::isObject):
-        (KJS::ValueImp::getBoolean):
-        (KJS::ValueImp::getNumber):
-        (KJS::ValueImp::getString):
-        (KJS::ValueImp::getObject):
-        (KJS::ValueImp::getUInt32):
-        (KJS::ValueImp::mark):
-        (KJS::ValueImp::marked):
-        (KJS::ValueImp::type):
-        (KJS::ValueImp::toPrimitive):
-        (KJS::ValueImp::toBoolean):
-        (KJS::ValueImp::toNumber):
-        (KJS::ValueImp::toString):
-        (KJS::jsZero):
-        (KJS::jsOne):
-        (KJS::jsTwo):
-        (KJS::Undefined):
-        (KJS::Null):
-        (KJS::Boolean):
-        (KJS::Number):
-        (KJS::String):
-
-2005-08-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        Change over to the new PropertySlot mechanism for property
-        lookup. This allows the elimination of hasOwnProperty
-        methods. Also did some of the performance tuning enabled by this
-        (but not yet all the possible improvements for function calls,
-        assignment, ++, and so forth). And also much code cleanup.
-
-        Net result is about a 2% speedup on the JS iBench.
-        
-        Also redid Geoff's fix for the chrashing applet by avoiding a NULL
-        prototype in the bindings code and using the default of Null()
-        instead.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-        (ObjcFallbackObjectImp::getOwnPropertySlot):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::lengthGetter):
-        (RuntimeArrayImp::indexGetter):
-        (RuntimeArrayImp::getOwnPropertySlot):
-        * bindings/runtime_array.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::lengthGetter):
-        (RuntimeMethodImp::getOwnPropertySlot):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::fallbackObjectGetter):
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::methodGetter):
-        (RuntimeObjectImp::getOwnPropertySlot):
-        * bindings/runtime_object.h:
-        * bindings/runtime_root.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::lengthGetter):
-        (ArrayInstanceImp::getOwnPropertySlot):
-        (ArrayPrototypeImp::getOwnPropertySlot):
-        * kjs/array_object.h:
-        * kjs/date_object.cpp:
-        (DatePrototypeImp::getOwnPropertySlot):
-        * kjs/date_object.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::getOwnPropertySlot):
-        (KJS::FunctionImp::put):
-        (KJS::FunctionImp::deleteProperty):
-        (KJS::ArgumentsImp::mappedIndexGetter):
-        (KJS::ArgumentsImp::getOwnPropertySlot):
-        (KJS::ActivationImp::argumentsGetter):
-        (KJS::ActivationImp::getArgumentsGetter):
-        (KJS::ActivationImp::getOwnPropertySlot):
-        (KJS::ActivationImp::deleteProperty):
-        * kjs/function.h:
-        * kjs/internal.cpp:
-        (InterpreterImp::InterpreterImp):
-        (InterpreterImp::initGlobalObject):
-        (InterpreterImp::~InterpreterImp):
-        (InterpreterImp::evaluate):
-        * kjs/internal.h:
-        (KJS::InterpreterImp::globalExec):
-        * kjs/interpreter.cpp:
-        (Interpreter::Interpreter):
-        (Interpreter::createLanguageInstanceForValue):
-        * kjs/interpreter.h:
-        (KJS::Interpreter::argumentsIdentifier):
-        (KJS::Interpreter::specialPrototypeIdentifier):
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::staticValueGetter):
-        (KJS::getStaticPropertySlot):
-        (KJS::getStaticFunctionSlot):
-        (KJS::getStaticValueSlot):
-        * kjs/math_object.cpp:
-        (MathObjectImp::getOwnPropertySlot):
-        * kjs/math_object.h:
-        * kjs/nodes.cpp:
-        (ResolveNode::evaluate):
-        (ResolveNode::evaluateReference):
-        (AccessorNode1::evaluate):
-        (AccessorNode2::evaluate):
-        * kjs/number_object.cpp:
-        (NumberObjectImp::getOwnPropertySlot):
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::get):
-        (KJS::ObjectImp::getProperty):
-        (KJS::ObjectImp::getPropertySlot):
-        (KJS::ObjectImp::getOwnPropertySlot):
-        (KJS::ObjectImp::put):
-        (KJS::ObjectImp::hasProperty):
-        (KJS::ObjectImp::hasOwnProperty):
-        * kjs/object.h:
-        (KJS::ObjectImp::getDirectLocation):
-        (KJS::ObjectImp::getPropertySlot):
-        (KJS::ObjectImp::getOwnPropertySlot):
-        * kjs/object_wrapper.h: Added.
-        (KJS::):
-        (KJS::Object::Object):
-        (KJS::Object::operator ObjectImp *):
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::getLocation):
-        * kjs/property_map.h:
-        * kjs/property_slot.cpp: Added.
-        (KJS::PropertySlot::undefinedGetter):
-        * kjs/property_slot.h: Added.
-        (KJS::PropertySlot::isSet):
-        (KJS::PropertySlot::getValue):
-        (KJS::PropertySlot::setValueSlot):
-        (KJS::PropertySlot::setStaticEntry):
-        (KJS::PropertySlot::setCustom):
-        (KJS::PropertySlot::setCustomIndex):
-        (KJS::PropertySlot::setUndefined):
-        (KJS::PropertySlot::slotBase):
-        (KJS::PropertySlot::staticEntry):
-        (KJS::PropertySlot::index):
-        (KJS::PropertySlot::):
-        * kjs/protect.h:
-        * kjs/protected_object.h: Added.
-        (KJS::ProtectedObject::ProtectedObject):
-        (KJS::ProtectedObject::~ProtectedObject):
-        (KJS::ProtectedObject::operator=):
-        (KJS::ProtectedReference::ProtectedReference):
-        (KJS::ProtectedReference::~ProtectedReference):
-        (KJS::ProtectedReference::operator=):
-        * kjs/reference.h:
-        * kjs/reference_list.cpp:
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::backrefGetter):
-        (RegExpObjectImp::getOwnPropertySlot):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (StringInstanceImp::lengthGetter):
-        (StringInstanceImp::indexGetter):
-        (StringInstanceImp::getOwnPropertySlot):
-        (StringPrototypeImp::getOwnPropertySlot):
-        * kjs/string_object.h:
-
-2005-08-05  Adele Peterson  <adele@apple.com>
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Unchecked 'statics are thread safe' option.
-
-2005-08-05  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed <rdar://problem/4207220> REGRESSION (DENVER): Crash occurs 
-        after clicking on Hangman applet
-
-        Reviewed by darin.
-
-        * kjs/object.cpp:
-        (KJS::ObjectImp::hasProperty): added check for null prototype.
-
-        FIXME: The long-term plan is to make runtime objects use JS Null()
-        instead of null pointers, which will allow us to eliminate null
-        checks, improving performance.
-
-2005-08-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Fix by darin, reviewed by me.
-        
-        - rolled in fix for: <rdar://problem/4161606> JavaScript regular 
-        expressions with certain ranges of Unicode characters cause a crash
-
-        Test cases added:
-
-        * layout-tests/fast/js/regexp-big-unicode-ranges-expected.txt: Added.
-        * layout-tests/fast/js/regexp-big-unicode-ranges.html: Added.
-
-        * pcre/pcre.c:
-        (compile_branch): added checks for characters > 255
-
-2005-08-04  Maciej Stachowiak  <mjs@apple.com>
-
-        - updated expected test results now that we no longer exlude the
-        date tests (apparently this was overlooked)
-
-        * tests/mozilla/expected.html:
-
-2005-07-31  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - remove uses of Mac-OS-X-specific MAX macro
-        - remove one of the many excess "APPLE_CHANGES" ifdefs
-
-        * kjs/collector.cpp: (KJS::Collector::allocate): Use std::max instead of MAX.
-        * kjs/property_map.cpp: (KJS::PropertyMap::rehash): Ditto.
-        * kjs/ustring.cpp:
-        (KJS::UChar::toLower): Take out non-ICU code path.
-        (KJS::UChar::toUpper): Ditto.
-        (KJS::UString::spliceSubstringsWithSeparators): Use std::max instead of MAX.
-
-2005-07-27  Geoffrey Garen  <ggaren@apple.com>
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4147
-        Array.toString() and toLocaleString() improvements from KDE KJS
-        (rolled in KDE changes)
-
-        Test cases added:
-
-        * layout-tests/fast/js/toString-overrides-expected.txt: Added.
-        * layout-tests/fast/js/toString-overrides.html: Added.
-        
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-
-2005-07-27  Maciej Stachowiak  <mjs@apple.com>
-
-        Changes by Michael Kahl, reviewed by me.
-
-        - fixed <rdar://problem/4194278> Need better debugging support in JavaScriptCore
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/debugger.cpp:
-        (KJS::AttachedInterpreter::AttachedInterpreter):
-        (KJS::AttachedInterpreter::~AttachedInterpreter):
-        (Debugger::~Debugger):
-        (Debugger::attach):
-        (Debugger::detach):
-        (Debugger::sourceParsed):
-        * kjs/debugger.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::call):
-        (KJS::GlobalFuncImp::call):
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/grammar.y:
-        * kjs/internal.cpp:
-        (Parser::parse):
-        (InterpreterImp::evaluate):
-        * kjs/internal.h:
-        (KJS::InterpreterImp::setDebugger):
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        (KJS::Interpreter::imp):
-        * kjs/nodes.cpp:
-
-2005-07-27  Geoffrey Garen  <ggaren@apple.com>
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3381
-        Date.prototype.setDate() incorrect for values >=128
-        
-        - Test cases added:
-
-        * layout-tests/fast/js/date-big-setdate-expected.txt: Added.
-        * layout-tests/fast/js/date-big-setdate.html: Added.
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (DateProtoFuncImp::call):
-
-2005-07-27  Geoffrey Garen  <ggaren@apple.com>
-
-        -rolled in patch by Carsten Guenther <cguenther@gmail.com>
-        for http://bugs.webkit.org/show_bug.cgi?id=3759
-        Date object enhancements
-        
-        Test cases added:
-
-        * layout-tests/fast/js/date-preserve-milliseconds-expected.txt: Added.
-        * layout-tests/fast/js/date-preserve-milliseconds.html: Added.
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (timeFromArgs):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        (DateObjectFuncImp::call):
-        (KJS::makeTime):
-        * kjs/date_object.h:
-        * tests/mozilla/expected.html:
-
-2005-07-26  Justin Garcia  <justin.garcia@apple.com>
-
-        Added a forward declaration to fix gcc4 build error
-
-        * kjs/function.h:
-
-2005-07-25  Geoffrey Garen  <ggaren@apple.com>
-        - fixed mistake in my last checkin -- the expected results included
-        results from a patch that hasn't landed yet.
-        
-        * tests/mozilla/expected.html:
-
-2005-07-25  Maciej Stachowiak  <mjs@apple.com>
-
-        - fix mistake in last change that leads to assertion failure in the Development build
-
-        * kjs/lookup.h:
-        (KJS::lookupGetOwnValue):
-
-2005-07-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=4124
-        (change JavaScript property access to avoid double lookup)
-
-        - 10% speedup on JavaScript iBench
-        - 5% speedup on 24fun BenchJS benchmark
-
-        Changed all get methods to getOwnProperty - they are no longer
-        responsible for prototype lookup, and determine if the property
-        was found as a side efect. 
-
-        get() is now a nonvirtual ObjectImp method which calls the virtual
-        getOwnProperty and walks the prototype chain. A few selected
-        methods were inlined.
-
-        Changed ResolveNode::evaluate plus some other places to use
-        getProperty which does get() and hasProperty() in one lookup.
-
-        Also miscellaneous code cleanup.
-        
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-        (ObjcFallbackObjectImp::getOwnProperty):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::RuntimeArrayImp):
-        (RuntimeArrayImp::getOwnProperty):
-        * bindings/runtime_array.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::getOwnProperty):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::getOwnProperty):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::getOwnProperty):
-        (ArrayPrototypeImp::getOwnProperty):
-        (ArrayProtoFuncImp::call):
-        * kjs/array_object.h:
-        * kjs/date_object.cpp:
-        (DatePrototypeImp::getOwnProperty):
-        * kjs/date_object.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::getOwnProperty):
-        (KJS::ArgumentsImp::getOwnProperty):
-        (KJS::ActivationImp::getOwnProperty):
-        * kjs/function.h:
-        * kjs/lookup.h:
-        (KJS::lookupGetOwnProperty):
-        (KJS::lookupGetOwnFunction):
-        (KJS::lookupGetOwnValue):
-        * kjs/math_object.cpp:
-        (MathObjectImp::getOwnProperty):
-        (MathObjectImp::getValueProperty):
-        * kjs/math_object.h:
-        * kjs/nodes.cpp:
-        (ResolveNode::evaluate):
-        * kjs/number_object.cpp:
-        (NumberObjectImp::getOwnProperty):
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::get):
-        (KJS::ObjectImp::getOwnProperty):
-        (KJS::ObjectImp::getProperty):
-        * kjs/object.h:
-        (KJS::ObjectImp::getProperty):
-        (KJS::ObjectImp::getOwnProperty):
-        * kjs/object_object.cpp:
-        (ObjectProtoFuncImp::call):
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::getOwnProperty):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (StringInstanceImp::getOwnProperty):
-        (StringPrototypeImp::getOwnProperty):
-        * kjs/string_object.h:
-
-2005-07-25  Geoffrey Garen  <ggaren@apple.com>
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3971
-        JS test suite depends on JS 1.2 behavior
-        
-        Reviewed by darin.
-
-        * tests/mozilla/js1_2/Array/tostring_1.js: now tests only for JS 1.5 behavior
-        * tests/mozilla/js1_2/Array/tostring_2.js: ditto
-        * tests/mozilla/expected.html:
-
-2005-07-24  Justin Garcia  <justin.garcia@apple.com>
-
-        Reviewed by kevin.
-
-        Fixes make clean problem introduced in xcode2.1 transition
-
-        * Makefile.am:
-
-2005-07-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp: DatePrototypeImp now identifies itself as a
-        child class of DateInstanceImp -- this enables calls to Date.ValueOf().
-        
-        fixes: ecma/Date/15.9.5.js (once we enable the date tests).
-
-2005-07-22  Geoffrey Garen  <ggaren@apple.com>
-
-        
-        Reviewed by darin.
-
-        * tests/mozilla/jsDriver.pl: now takes the path to testkjs as a command-line argument
-        * tests/mozilla/run-mozilla-tests: Removed.
-
-2005-07-21  Geoffrey Garen  <ggaren@apple.com>
-
-        * JavaScriptCore.xcodeproj/.cvsignore: Added.
-
-2005-07-21  Geoffrey Garen  <ggaren@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Removed.
-        * JavaScriptCore.xcodeproj/ggaren.pbxuser: Added.
-        * JavaScriptCore.xcodeproj/ggaren.perspective: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added.
-        * Makefile.am:
-
-2005-07-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Trey Matteson <trey@usa.net>, reviewed by me.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3956
-        some of WebKit builds with symbols, some doesn't
-        
-        * JavaScriptCore.pbproj/project.pbxproj: Generate symbols even for
-        Deployment.
-
-2005-07-19  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed http://bugs.webkit.org/show_bug.cgi?id=3991
-        JSC doesn't implement Array.prototype.toLocaleString()
-
-        -test failure: ecma_3/Array/15.4.4.3-1.js
-
-        Reviewed by mjs.
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call): now searches for toString and
-        toLocaleString overrides in the array's elements
-
-        * tests/mozilla/expected.html: failures are under 100! woohoo!
-
-2005-07-19  Darin Adler  <darin@apple.com>
-
-        - fixed the build
-
-        * kjs/lookup.h: (KJS::lookupPut): Remove bogus const; was preventing WebCore from
-        compiling (not sure why this didn't affect my other build machine).
-
-        - one other tiny tweak (so sue me)
-
-        * bindings/runtime_root.cpp: Remove unneeded declaration.
-
-2005-07-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - eliminated try wrappers for get/put/call since we don't use C++ exceptions any more
-
-        * kjs/lookup.h: Changed tryCall in IMPLEMENT_PROTOFUNC here to call. It doesn't make
-        sense for this macro to use the name tryCall anyway, since that's specific to how
-        WebCore used this, so this is good anyway. On the other hand, it might be a problem
-        for KDOM or KSVG, in which case we'll need another macro for them, since JavaScriptCore
-        should presumably not have the C++ exception support.
-
-2005-07-18  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed http://bugs.webkit.org/show_bug.cgi?id=4008
-        Error objects report incorrect length
-        
-        Reviewed by darin.
-
-        * kjs/error_object.cpp: Error objects now include a length property
-        (ErrorObjectImp::ErrorObjectImp):
-
-        * tests/mozilla/expected.html: updated expected results to reflect fix
-        * tests/mozilla/js1_5/Exceptions/regress-123002.js: test now expects 
-        ecma compliant results
-
-2005-07-15  Geoffrey Garen  <ggaren@apple.com>
-
-        -rolled in KDE fixes for http://bugs.webkit.org/show_bug.cgi?id=3601
-        Error instance type info
-        
-        Reviewed by mjs.
-
-        * kjs/error_object.cpp:
-        - Created ErrorInstanceImp class for Error() objects. 
-        - Changed parent object for Native Errors to "Function" (matches
-        ECMA spec).
-        (ErrorInstanceImp::ErrorInstanceImp):
-        (ErrorProtoFuncImp::call):
-        (ErrorObjectImp::construct):
-        (NativeErrorImp::construct):
-
-        * kjs/error_object.h:
-        (KJS::ErrorInstanceImp::classInfo):
-        * kjs/object.h: made comment more informative about ClassInfo
-
-        * tests/mozilla/expected.html:
-
-2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-
-        - fixed: JS test suite expects an out of memory error
-        that our memory efficiency avoids
-        
-        Reviewed by mjs.
-
-        * tests/mozilla/js1_5/Array/regress-157652.js:
-        test now expects normal execution
-        
-        * tests/mozilla/expected.html:
-
-2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=4006
-        testkjs doesn't implement gc()
-        
-        - test failure:
-        ecma_3/Function/regress-104584.js
-        
-        Reviewed by mjs.
-
-        * kjs/interpreter.cpp:
-        (Interpreter::finalCheck): removed misleading while && comment
-
-        * kjs/testkjs.cpp: added "gc" function to global object
-        (TestFunctionImp::):
-        (TestFunctionImp::call):
-        (main):
-
-        * tests/mozilla/expected.html:
-
-2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-
-        -rolled in patches for http://bugs.webkit.org/show_bug.cgi?id=3945
-        [PATCH] Safe merges of comments and other trivialities from KDE's kjs
-        
-        -patch by Martijn Klingens <klingens@kde.org>
-        
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        * kjs/bool_object.h:
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/completion.h:
-        * kjs/context.h:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/debugger.cpp:
-        * kjs/debugger.h:
-        * kjs/dtoa.h:
-        * kjs/error_object.cpp:
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        * kjs/function_object.h:
-        * kjs/grammar.y:
-        * kjs/identifier.cpp:
-        * kjs/identifier.h:
-        * kjs/internal.cpp:
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        * kjs/interpreter_map.cpp:
-        * kjs/interpreter_map.h:
-        * kjs/lexer.cpp:
-        * kjs/lexer.h:
-        * kjs/list.cpp:
-        * kjs/list.h:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        * kjs/math_object.h:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        * kjs/number_object.cpp:
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        * kjs/object_object.h:
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-        * kjs/reference.cpp:
-        * kjs/reference.h:
-        * kjs/reference_list.cpp:
-        * kjs/reference_list.h:
-        * kjs/regexp.cpp:
-        * kjs/regexp.h:
-        * kjs/regexp_object.cpp:
-        * kjs/regexp_object.h:
-        * kjs/scope_chain.cpp:
-        * kjs/scope_chain.h:
-        * kjs/simple_number.h:
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-        * kjs/testkjs.cpp:
-        * kjs/types.h:
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        * kjs/value.cpp:
-        * kjs/value.h:
-
-2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed http://bugs.webkit.org/show_bug.cgi?id=3970
-        throw statements fail inside eval statements
-        
-        Reviewed by mjs.
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call):
-        Big change since I fixed the tabbing. The important part is:
-        if (c.complType() == Throw)
-          exec->setException(c.value());
-
-        * kjs/nodes.cpp:
-        (ThrowNode::execute): removed duplicate KJS_CHECKEXCEPTION
-        (TryNode::execute): 
-        try now clears the exception state before the finally block executes,
-        and checks the state after the block executes, so that exceptions in
-        finally code get caught.
-
-        * tests/mozilla/expected.html:
-
-2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-        
-        -landed fix for http://bugs.webkit.org/show_bug.cgi?id=3412
-        Object.prototype is missing toLocaleString
-
-        - patch by Mark Rowe (bdash) <opendarwin.org@bdash.net.nz>
-        
-        -layout test info in webcore changelog
-
-        Reviewed by mjs.
-
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::call):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-
-2005-07-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by mjs.
-
-        * kjs/function.cpp:
-        (KJS::IndexToNameMap::operator[]): fixed infinite recursion
-        bug in last checkin
-
-2005-07-12  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed http://bugs.webkit.org/show_bug.cgi?id=3881
-        arguments object should share values with function parameters
-
-        Reviewed by mjs.
-
-        ArgumentsImp now uses a simple hash lookup to share values
-        with the activation object.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::getParameterName):
-        (KJS::IndexToNameMap::IndexToNameMap):
-        (KJS::IndexToNameMap::~IndexToNameMap):
-        (KJS::IndexToNameMap::isMapped):
-        (KJS::IndexToNameMap::unMap):
-        (KJS::IndexToNameMap::operator[]):
-        (KJS::ArgumentsImp::ArgumentsImp):
-        (KJS::ArgumentsImp::mark):
-        (KJS::ArgumentsImp::get):
-        (KJS::ArgumentsImp::put):
-        (KJS::ArgumentsImp::deleteProperty):
-        (KJS::ArgumentsImp::hasOwnProperty):
-        (KJS::ActivationImp::createArgumentsObject):
-        * kjs/function.h:
-        * tests/mozilla/expected.html: updated results
-
-2005-07-09  Maciej Stachowiak  <mjs@apple.com>
-
-        - backing out my earlier collector change, it causes a performance regression in TOT
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-
-2005-07-08  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs/hyatt (only in concept).
-
-        * JavaScriptCore.pbproj/project.pbxproj: Added JavaScriptCore+SVG
-        Turns on RTTI support for JavaScriptCore.framework when
-        building the JavaScriptCore+SVG target.  This is needed as
-        kdom (part of WebCore+SVG) requires RTTI for the time being.
-
-2005-07-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by hyatt.
-
-        - When there are many live objects, GC less often, to try to make
-        GC cost proportional to garbage, not proportional to total memory used.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-
-2005-07-08  Vicki Murley  <vicki@apple.com>
-
-        Fix from Carsten Guenther, reviewed by Maciej
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3644 (Error string representation)
-
-        Switch from "-" to ":" in error strings.
-
-        * kjs/error_object.cpp:
-        (ErrorProtoFuncImp::call):
-        * tests/mozilla/expected.html:
-
-2005-07-08  Geoffrey Garen  <ggaren@apple.com>
-
-        -rolled in patch for http://bugs.webkit.org/show_bug.cgi?id=3878
-        arguments object should be an object not an array
-
-        Reviewed by mjs.
-
-        * kjs/function.cpp:
-        (KJS::ArgumentsImp::ArgumentsImp): now manually handles initialization
-        we used to get for free by inheriting from ArrayInstanceImp
-        * kjs/function.h: ArgumentsImp now inherits from ObjectImp
-        * tests/mozilla/expected.html: updated expected test results
-
-2005-07-07  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by mjs.
-
-        * kjs/grammar.y: removed #define YYMAXDEPTH 0 for bison 2.0
-        http://bugs.webkit.org/show_bug.cgi?id=3882
-
-2005-07-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Original patch from Mark Rowe <opendarwin.org@bdash.net.nz>, reviewed by me.
-        Fixes to patch by me, reviewed by John Sullivan.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3293
-
-        Test cases added:
-        * tests/mozilla/expected.html: Two tests newly pass.
-
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::hasOwnProperty):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::hasOwnProperty):
-        * bindings/runtime_array.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::hasOwnProperty):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::hasOwnProperty):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::hasOwnProperty):
-        (KJS::ActivationImp::hasOwnProperty):
-        * kjs/function.h:
-        * kjs/lookup.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::hasProperty):
-        (KJS::ObjectImp::hasOwnProperty):
-        * kjs/object.h:
-        (KJS::Object::hasOwnProperty):
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::call):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-        * kjs/string_object.cpp:
-        (StringInstanceImp::hasOwnProperty):
-        * kjs/string_object.h:
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -landed patch by Eric Seidel <macdome@opendarwin.org>
-        
-        -for http://bugs.webkit.org/show_bug.cgi?id=3657
-        GroundWork:  Moving some functions from khtml->jsc following kjs TOT
-        
-        - no layout test necessary yet - only groundwork
-
-        Reviewed by darin.
-
-        * kjs/lookup.h:
-        (KJS::cacheGlobalObject):
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -landed patch by Carsten Guenther <cguenther@gmail.com>
-
-        -fixes http://bugs.webkit.org/show_bug.cgi?id=3477
-        some US-centric date formats not parsed by JavaScript (clock at news8austin.com)
-
-        -relevant tests:
-               mozilla/ecma_3/Date/15.9.5.5.js 
-               layout-tests/fast/js/date-parse-test.html
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate):
-        (day):
-        (dayFromYear):
-        (daysInYear):
-        (timeFromYear):
-        (yearFromTime):
-        (weekDay):
-        (timeZoneOffset):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        (KJS::parseDate):
-        (ymdhms_to_seconds):
-        (KJS::makeTime):
-        (findMonth):
-        (KJS::KRFCDate_parseDate):
-        * kjs/date_object.h:
-        * tests/mozilla/expected.html: updated expected results to reflect fix
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed <rdar://problem/4168186> JavaScript fails to throw exceptions 
-        for invalid return statements
-        
-        relevant tests:
-            ecma/Statements/12.9-1-n.js
-            ecma_2/Exceptions/lexical-052.js
-            ecma_2/Exceptions/statement-009.js
-
-        Reviewed by sullivan.
-
-        * kjs/nodes.cpp:
-        (ReturnNode::execute): now throws exception if return is not inside
-        a function.
-
-        * tests/mozilla/expected.html: updated to reflect fix
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by sullivan.
-
-        * tests/mozilla/expected.html: Updated test results for last fix.
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed <rdar://problem/4168161> JavaScript fails to throw an exception 
-        for invalid function calls
-        
-        Reviewed by sullivan.
-
-        Relevant mozilla test: ecma_3/Exceptions/regress-95101.js 
-
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate): evaluate now checks for an exception
-        after resolving a function name (in case the function is undefined)
-
-2005-07-01  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by darin.
-
-        * kjs/interpreter.h:
-        (KJS::Context::curStmtFirstLine): stub for compatibility with KDE
-        * kjs/value.h:
-        (KJS::Value::isValid): compatibility with KDE
-        http://bugs.webkit.org/show_bug.cgi?id=3687
-
-2005-07-01  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by darin.
-
-        * kjs/create_hash_table: rolled in changes from KDE, including
-        -n <namespace> support from KDOM and support for newer comments
-        http://bugs.webkit.org/show_bug.cgi?id=3771
-
-2005-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        -rolled in KDE fix to <rdar://problem/4167660> JavaScript fails to 
-        throw exceptions for invalid break/continue statements
-
-        No layout tests because it's already covered by the Mozilla suite
-
-        Reviewed by mjs.
-
-        * kjs/internal.h: LabelStack now tracks where you are relative to
-        switch and iteration (loop) statements
-        
-        (KJS::LabelStack::LabelStack):
-        (KJS::LabelStack::pushIteration):
-        (KJS::LabelStack::popIteration):
-        (KJS::LabelStack::inIteration):
-        (KJS::LabelStack::pushSwitch):
-        (KJS::LabelStack::popSwitch):
-        (KJS::LabelStack::inSwitch):
-
-        * kjs/nodes.cpp: 
-        These files were updated to use the new LabelStack:
-        (DoWhileNode::execute): 
-        (WhileNode::execute):
-        (ForNode::execute):
-        (ForInNode::execute):
-        (SwitchNode::execute):
-        
-        These files were updated to throw exceptions for invalid
-        break/continue statements:
-        (BreakNode::execute): 
-        (ContinueNode::execute):
-
-        * tests/mozilla/expected.html: Updated expected results to reflect fix
-
-2005-06-30  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by rjw.
-
-        fixed: <rdar://problem/4166838> failed assertion in`Interpreter::lockCount() > 0
-
-        no layout test added; this is in the bindings code.
-
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]): make sure to lock and unlock the interpreter around allocations. 
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch by Francisco Tolmasky <tolmasky@gmail.com>
-
-        - fixes http://bugs.webkit.org/show_bug.cgi?id=3667
-        Core JavaScript 1.5 Reference:Objects:Array:forEach
-
-        See WebCore Changelog for layout tests added.
-
-        Reviewed by darin.
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-        * kjs/array_object.h:
-        (KJS::ArrayProtoFuncImp::):
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch contributed by Oliver Hunt <ojh16@student.canterbury.ac.nz>
-
-        -fixed http://bugs.webkit.org/show_bug.cgi?id=3743
-        Incorrect error message given for certain calls
-
-        See WebCore Changelog for layout test added.
-
-        Reviewed by mjs.
-
-        * kjs/object.cpp:
-        (KJS::ObjectImp::defaultValue):
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolling out date patch from 6-28-05 because it breaks 
-        fast/js/date-parse-test
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        (KJS::parseDate):
-        (ymdhms_to_seconds):
-        (isSpaceOrTab):
-        (KJS::KRFCDate_parseDate):
-        * kjs/date_object.h:
-        * tests/mozilla/expected.html:
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-        -fixes http://bugs.webkit.org/show_bug.cgi?id=3750
-        build fails with KJS_VERBOSE set
-
-        * kjs/nodes.cpp: changed debug print statement to use UString
-        (VarDeclNode::evaluate):
-        * kjs/reference.cpp: ditto
-        (KJS::Reference::putValue):
-
-2005-06-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Patch contributed by Carsten Guenther <cguenther@gmail.com>.
-
-        -fixes http://bugs.webkit.org/show_bug.cgi?id=3477
-        some US-centric date formats not parsed by JavaScript (clock at news8austin.com)
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate):
-        (day):
-        (dayFromYear):
-        (daysInYear):
-        (timeFromYear):
-        (yearFromTime):
-        (weekDay):
-        (timeZoneOffset):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        (KJS::parseDate):
-        (ymdhms_to_seconds):
-        (KJS::makeTime):
-        (findMonth):
-        (KJS::KRFCDate_parseDate):
-        * kjs/date_object.h:
-        * tests/mozilla/expected.html: updated expected test results to reflect fix
-
-2005-06-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - replace hash functions  with better ones
-
-        * JavaScriptCore.pbproj/project.pbxproj: Add new file to build.
-        * kjs/interpreter_map.cpp:
-        (KJS::InterpreterMap::computeHash): Use shared pointer hash.
-        * kjs/pointer_hash.h: Added.
-        (KJS::pointerHash): Pointer hash based on 32-bit mix and 64-bit mix hashes.
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::computeHash): Use shared pointer hash.
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::computeHash): Use SuperFastHash algorithm.
-
-2005-06-22  Darin Adler  <darin@apple.com>
-
-        Change by Anders Carlsson.
-        Reviewed by me.
-
-        - fixed <http://bugs.webkit.org/show_bug.cgi?id=3294>
-          String.prototype.replace() fails with function as second param
-
-        * kjs/string_object.cpp: (replace): Added code to handle functions.
-
-        * tests/mozilla/expected.html: Updated since ecma_3/RegExp/regress-209067.js is fixed now.
-
-        * tests/mozilla/run-mozilla-tests: Fix a minor coding style issue that leads to a warning each
-        time we run the tests.
-
-2005-06-21  Adele Peterson  <adele@apple.com>
-
-        rolling out fix for http://bugs.webkit.org/show_bug.cgi?id=3293, since it caused layout test failures.
-        fast/forms/element-by-name
-        fast/loader/loadInProgress
-
-        * ChangeLog:
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::hasProperty):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::hasProperty):
-        * bindings/runtime_array.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::hasProperty):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::hasProperty):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::hasProperty):
-        (KJS::ActivationImp::hasProperty):
-        * kjs/function.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::hasProperty):
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::call):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-        * kjs/string_object.cpp:
-        (StringInstanceImp::hasProperty):
-        * kjs/string_object.h:
-        * tests/mozilla/expected.html:
-
-2005-06-21  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Switched to a build rule rather than a build phase for
-        .y files -- this gets rid of the problem where modifying the .y file would not cause sufficient
-        compilation.
-
-        * kjs/grammar_wrapper.cpp: Removed.
-
-2005-06-21  Adele Peterson  <adele@apple.com>
-
-        Patch from Anders Carlsson <andersca@mac.com>, reviewed by Darin.
-
-        Fixed: <http://bugs.webkit.org/show_bug.cgi?id=3450>
-        <rdar://problem/3881901> String.replace() method not working when regex pattern contains {n, m}
-
-        * pcre/pcre.c: (pcre_compile): Remember the last char length so it can be subtracted correctly if needed.
-
-2005-06-21  Geoffrey Garen  <ggaren@apple.com>
-
-        - fixed <rdar://problem/4155532> 'delete' succeeds on functions
-        - fixed <rdar://problem/4155049> javascript function named as "opener" doesn't get called because of window.opener property
-        
-        Reviewed by cblu.
-
-        * kjs/nodes.cpp:
-        (FuncDeclNode::processFuncDecl): Functions now have DontDelete and Internal attributes set when appropriate.
-
-        Test cases:
-        * tests/mozilla/expected.html: Updated for one new success.
-        - see also test case added in WebCore.
-
-2005-06-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin(first pass) and Hyatt.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3576
-        (roll in support for "const" keyword from KDE tree)
-        - make processVarDecls handle deletability of variables declared
-        in an eval block the same as evaluate would
-        - make eval() call processVarDecls - needed to match mozilla and
-        to make the second change testable
-
-        I started with the KDE implementation of const but I ended up changing it a bit
-        to avoid the use of a global variable. Now instead of the global variable it distinguishes
-        const and var at the grammar level so the appropriate node can know the right kind of
-        declaration.
-
-        Test cases:
-        * tests/mozilla/expected.html: Updated for one new test that is
-        failing - we used to bail on it entirely because it checks for
-        const support before starting.
-        - see also test cases added in WebCore
-
-        * kjs/grammar.y: Add rules for const declarations.
-        * kjs/keywords.table: Add const keyword.
-        * kjs/nodes.cpp:
-        (VarDeclNode::VarDeclNode): Add parameter.
-        (VarDeclNode::evaluate): Add const support.
-        (VarDeclNode::processVarDecls): Add const support.
-        (VarStatementNode::execute): Irrelevant change.
-        (ForInNode::ForInNode): Tell our variable node that it's a variable.
-        * kjs/nodes.h:
-        (KJS::VarDeclNode::): Add declaration of type enum, extra constructor parameter.
-        (KJS::VarStatementNode::VarStatementNode): Irrelevant change.
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call): Process var decls before evaluating.
-
-2005-06-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Mark Rowe <opendarwin.org@bdash.net.nz>, reviewed by me.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3293
-        
-        Test cases added: 
-        * tests/mozilla/expected.html: Updated for two fixed tests.
-        - also added a layout test
-
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::hasOwnProperty):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::hasOwnProperty):
-        * bindings/runtime_array.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::hasOwnProperty):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::hasOwnProperty):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::hasOwnProperty):
-        (KJS::ActivationImp::hasOwnProperty):
-        * kjs/function.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::hasProperty):
-        (KJS::ObjectImp::hasOwnProperty):
-        * kjs/object.h:
-        (KJS::Object::hasOwnProperty):
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::call):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-        * kjs/string_object.cpp:
-        (StringInstanceImp::hasOwnProperty):
-        * kjs/string_object.h:
-
-2005-06-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        * pcre/get.c: (pcre_get_substring): Fix some computations so this works for UTF-16.
-        This is unused in the current JavaScriptCore, but still good to fix.
-
-2005-06-18  Darin Adler  <darin@apple.com>
-
-        Change by Finlay Dobbie.
-        Reviewed by me.
-
-        - fixed <http://bugs.webkit.org/show_bug.cgi?id=3331>
-          10.3.9 Build Failure: NSString may not respond to `+stringWithCString:encoding:'
-
-        * bindings/objc/WebScriptObject.mm: (-[WebScriptObject stringRepresentation]):
-        Undo change we did a while back to work around the gcc 3.3 compiler error.
-        It no longer seems to happen, and the workaround code was 10.4-specific.
-
-2005-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed: <rdar://problem/4151759> 'delete' fails on variables declared inside 'eval' statements.
-
-        Reviewed by cblu.
-
-        * kjs/context.h:
-        (KJS::ContextImp::codeType): Added code type accessor for execution context objects.
-        * kjs/internal.cpp:
-        (ContextImp::ContextImp): Reflects change to ContextImp::codeType.
-        * kjs/nodes.cpp:
-        (VarDeclNode::evaluate): Added separate code path for variable declarations inside 'eval' statements.
-        * tests/mozilla/expected.html: Updated expected test results to reflect fix.
-
-2005-06-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Updated expected.html to reflect fix to <rdar://problem/4147745>.
-
-        Reviewed by cblu.
-
-        * tests/mozilla/expected.html:
-
-2005-06-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed: <rdar://problem/4147745> JavaScript discards locally defined "arguments" property
-
-        No layout tests added because this change fixes existing tests:
-        ecma/ExecutionContexts/10.1.6.js
-        ecma_3/Function/regress-94506.js
-        js1_4/Functions/function-001.js
-
-        Reviewed by cblu.
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::get): get now checks for an "arguments" property defined in the local variable object
-        before trying to return the built-in arguments array.
-        
-        * kjs/function.h: ActivationImp::put no longer overrides ObjectImp::put
-
-2005-06-10  Darin Adler  <darin@apple.com>
-
-        Change by Mark Rowe <opendarwin.org@bdash.net.nz>.
-        Reviewed by me.
-
-        - further improvements to exception file/line number fix
-
-        * kjs/nodes.h: Added setExceptionDetailsIfNeeded function.
-        * kjs/nodes.cpp: Updated macros to call the new setExceptionDetailsIfNeeded function.
-        (Node::setExceptionDetailsIfNeeded): Added.
-
-2005-06-09  Darin Adler  <darin@apple.com>
-
-        Change by Mark Rowe <opendarwin.org@bdash.net.nz>
-        Reviewed by me.
-
-        * kjs/nodes.cpp: Get rid of unneeded this->.
-
-2005-06-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Change by Mark Rowe <opendarwin.org@bdash.net.nz>
-        Reviewed by me.
-
-        - fixed http://bugs.webkit.org/show_bug.cgi?id=3327
-        (Exception When Setting Style to Invalid Value Lacks Line/File Information)
-
-        * kjs/nodes.cpp: Include source file and line number when making exception in
-        KJS_CHECKEXCEPTIONVALUE.
-
-2005-06-07  Darin Adler  <darin@apple.com>
-
-        Change by Toby Peterson <toby@opendarwin.org>.
-        Reviewed by me.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Allow bison 2.0, which generates the file
-        with a different name.
-
-2005-06-07  Darin Adler  <darin@apple.com>
-
-        Change by Toby Peterson <toby@opendarwin.org>.
-        Reviewed by me.
-
-        * kjs/grammar.y: Remove bogus extra line from grammar.y. Toby got this change from KDE KJS.
-
-2005-06-06  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/run-mozilla-tests: Wrote a perl version of this so we don't require
-        the "jst" tool to run the tests.
-
-2005-06-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - add libicu headers
-
-        * JavaScriptCore.pbproj/project.pbxproj: Added icu directory to header search path.
-
-        * icu/README: Added.
-        * icu/unicode/platform.h: Added.
-        * icu/unicode/uchar.h: Added.
-        * icu/unicode/uconfig.h: Added.
-        * icu/unicode/umachine.h: Added.
-        * icu/unicode/urename.h: Added.
-        * icu/unicode/utf.h: Added.
-        * icu/unicode/utf16.h: Added.
-        * icu/unicode/utf8.h: Added.
-        * icu/unicode/utf_old.h: Added.
-        * icu/unicode/utypes.h: Added.
-        * icu/unicode/uversion.h: Added.
-
-2005-05-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-        
-        - turned off exceptions and RTTI; seems to cut JavaScriptCore code size by about 22%
-
-        * JavaScriptCore.pbproj/project.pbxproj: Turn off exceptions and RTTI for both
-        the framework and testkjs tool.
-
-2005-05-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - got rid of code that depended on RTTI
-
-        * kjs/collector.cpp:
-        (KJS::className): Added. Gets class name in a KJS way, rather than a C++ RTTI way.
-        (KJS::Collector::rootObjectClasses): Use className instead of typeid names.
-
-2005-05-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix a failure seen in the Mozilla JavaScript tests where a live object was garbage-collected
-          when the only reference to it was in an argList on the stack
-
-        * kjs/list.h: Moved the operator= function into the .cpp file since it's too big to be
-        a good choice to inline.
-        * kjs/list.cpp: (KJS::List::operator=): Moved this formerly-inline function into a separate
-        file and added missing code to update valueRefCount. It's the latter that fixes the bug.
-
-2005-05-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fixed issues preventing us from compiling with newer versions of gcc 4.0
-
-        * kjs/ustring.cpp:
-        (KJS::operator==): Remove redundant and illegal KJS:: prefix on this function's definition.
-        (KJS::operator<): Ditto.
-        (KJS::compare): Ditto.
-
-2005-05-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - turn on conservative GC unconditionally and start on SPI changes to
-          eliminate the now-unneeded smart pointers since we don't ref count any more
-
-        * kjs/value.h: Removed macros to turn conservative GC on and off.
-        Removed ref and deref functions.
-        (KJS::ValueImp::ValueImp): Removed non-conservative-GC code path.
-        (KJS::ValueImp::isUndefined): Added. New SPI to make it easier to deal with ValueImp directly.
-        (KJS::ValueImp::isNull): Ditto.
-        (KJS::ValueImp::isBoolean): Ditto.
-        (KJS::ValueImp::isNumber): Ditto.
-        (KJS::ValueImp::isString): Ditto.
-        (KJS::ValueImp::isObject): Ditto.
-        (KJS::Value::Value): Removed non-conservative-GC code path and made constructor no
-        longer explicit so we can quietly create Value wrappers from ValueImp *; inexpensive with
-        conservative GC and eases the transition.
-        (KJS::Value::operator ValueImp *): Added. Quietly creates ValueImp * from Value.
-        (KJS::ValueImp::marked): Removed non-conservative-GC code path.
-
-        * kjs/value.cpp:
-        (KJS::ValueImp::mark): Removed non-conservative-GC code path.
-        (KJS::ValueImp::isUndefinedOrNull): Added. New SPI to make it easier to deal with ValueImp directly.
-        (KJS::ValueImp::isBoolean): Ditto.
-        (KJS::ValueImp::isNumber): Ditto.
-        (KJS::ValueImp::isString): Ditto.
-        (KJS::ValueImp::asString): Ditto.
-        (KJS::ValueImp::isObject): Ditto.
-        (KJS::undefined): Ditto.
-        (KJS::null): Ditto.
-        (KJS::boolean): Ditto.
-        (KJS::string): Ditto.
-        (KJS::zero): Ditto.
-        (KJS::one): Ditto.
-        (KJS::two): Ditto.
-        (KJS::number): Ditto.
-
-        * kjs/object.h: Made constructor no longer explicit so we can quietly create Object
-        wrappers from ObjectImp *; inexpensive with conservative GC and eases the transition.
-        (KJS::Object::operator ObjectImp *): Added. Quietly creates ObjectImp * from Object.
-        (KJS::ValueImp::isObject): Added. Implementation of new object-related ValueImp function.
-        (KJS::ValueImp::asObject): Ditto.
-
-        * kjs/object.cpp:
-        (KJS::ObjectImp::setInternalValue): Remove non-conservative-GC code path.
-        (KJS::ObjectImp::putDirect): Ditto.
-        (KJS::error): Added. Function in the new SPI style to create an error object.
-
-        * kjs/internal.h: Added the new number-constructing functions as friends of NumberImp.
-        There may be a more elegant way to do this later; what's important now is the new SPI.
-
-        * kjs/collector.h:  Remove non-conservative-GC code path and also take out some
-        unneeded APPLE_CHANGES.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::addNativeReference): Remove non-conservative-GC code path.
-        (KJS::Bindings::removeNativeReference): Ditto.
-        (RootObject::removeAllNativeReferences): Ditto.
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::~RootObject): Ditto.
-        (KJS::Bindings::RootObject::setRootObjectImp): Ditto.
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Ditto.
-        (KJS::Collector::collect): Ditto.
-        (KJS::Collector::numGCNotAllowedObjects): Ditto.
-        (KJS::Collector::numReferencedObjects): Ditto.
-        (KJS::Collector::rootObjectClasses): Ditto.
-        * kjs/internal.cpp:
-        (NumberImp::create): Ditto.
-        (InterpreterImp::globalInit): Ditto.
-        (InterpreterImp::globalClear): Ditto.
-        * kjs/list.cpp:
-        (KJS::List::markProtectedLists): Ditto.
-        (KJS::List::clear): Ditto.
-        (KJS::List::append): Ditto.
-        * kjs/list.h:
-        (KJS::List::List): Ditto.
-        (KJS::List::deref): Ditto.
-        (KJS::List::operator=): Ditto.
-        * kjs/protect.h:
-        (KJS::gcProtect): Ditto.
-        (KJS::gcUnprotect): Ditto.
-
-2005-05-09  Chris Blumenberg  <cblu@apple.com>
-
-        Workaround gcc 3.3 internal compiler errors.
-
-        Reviewed by darin.
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject stringRepresentation]): call [NSString stringWithCString:encoding] rather than using @""
-
-2005-05-09  Darin Adler  <darin@apple.com>
-
-        * Makefile.am: Don't set up PBXIntermediatesDirectory explicitly;
-        Not needed to make builds work, spews undesirable error messages too.
-
-2005-05-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - make building multiple trees with make work better
-
-        * Makefile.am: Set up Xcode build directory before invoking xcodebuild.
-
-2005-05-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/4086570> Crash in JavaScriptCore with RSS Visualizer
-        
-        * kjs/internal.cpp:
-        (InterpreterImp::mark): mark staticNaN, it is usually protected by the Number
-        prototype but there is a small window where it can get collected.
-
-2005-05-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        - another gcc-4.0-related fix
-
-        * bindings/runtime_root.h: Take off extra namespace prefixes that apparently cause problems
-        compiling with gcc 4.0, although I have not observed the problems.
-
-2005-05-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        - fixed build rules to match other projects
-
-        * JavaScriptCore.pbproj/project.pbxproj: Set deployment target to 10.3 in the build styles.
-        When built without a build style (by Apple B&I) we want to get the target from the
-        environment. But when built with a build style (by Safari engineers and others), we want
-        to use 10.3.
-
-        * Makefile.am: Took out extra parameters that make command-line building different from
-        Xcode building. Now that this is fixed, you should not get a full rebuild if you switch
-        from command line to Xcode or back.
-
-2005-05-04  Maciej Stachowiak  <mjs@apple.com>
-
-        - revert presumably accidental change to mozilla JS test expected results, this
-        was making the tests fail.
-
-        * tests/mozilla/expected.html:
-
-2005-05-03  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/4102644> Crash in LiveConnect below KJS::Bindings::JavaInstance::stringValue() const
-
-        Correctly handle accessing nil objects from a Java object array.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::valueAt):
-
-2005-05-01  Darin Adler  <darin@apple.com>
-
-        - move to Xcode native targets and stop checking in generated files
-
-        * JavaScriptCore.pbproj/project.pbxproj: Updated to use native targets and generate all the generated
-        files, so we don't have to check them in any more.
-        * Info.plist: Added. Native targets use a separate file for this.
-
-        * Makefile.am: Removed pcre and kjs SUBDIRS. Also removed code that deleted the embedded copy of this
-        framework, since we haven't been embedding it for some time.
-
-        * kjs/grammar_wrapper.cpp: Added. Shell used to compile grammar.cpp since we can't add a generated file
-        easily to the list of files to be compiled.
-
-        * kjs/.cvsignore: Removed.
-        * kjs/Makefile.am: Removed.
-        * kjs/array_object.lut.h: Removed.
-        * kjs/date_object.lut.h: Removed.
-        * kjs/grammar.cpp: Removed.
-        * kjs/grammar.cpp.h: Removed.
-        * kjs/grammar.h: Removed.
-        * kjs/lexer.lut.h: Removed.
-        * kjs/math_object.lut.h: Removed.
-        * kjs/number_object.lut.h: Removed.
-        * kjs/string_object.lut.h: Removed.
-        * pcre/.cvsignore: Removed.
-        * pcre/Makefile.am: Removed.
-        * pcre/chartables.c: Removed.
-
-2005-04-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Harrison.
-
-        - fixed problems preventing us from compiling with gcc 4.0
-
-        * JavaScriptCore.pbproj/project.pbxproj: Removed -Wmissing-prototypes from
-        WARNING_CPLUSPLUSFLAGS since it's now a C-only warning.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::getSlot): Changed some %d to %ld where the parameters where long ints.
-        (JSObject::setSlot): Ditto.
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM): Ditto.
-        (KJS::Bindings::getJNIEnv): Ditto.
-        * bindings/objc/objc_utility.mm: Fixed include of <JavascriptCore/internal.h> that needed the
-        letter "S" capitalized.
-        * kjs/bool_object.cpp: (BooleanProtoFuncImp::call): Rearranged how this function returns to
-        avoid incorrect gcc 4.0 warning.
-        * kjs/collector.cpp: (KJS::Collector::markStackObjectsConservatively): Changed code to check
-        the alignment of the passed-in pointers to only require pointer-level alignment, not 8-byte alignment.
-        Prevents a crash on garbage collect when compiled with gcc 4.0.
-        * kjs/nodes.cpp:
-        (WhileNode::execute): Added a redundant return after an infinite loop to work around incorrect gcc 4.0 warning.
-        (ForNode::execute): Ditto.
-        (SwitchNode::execute):Rearranged how this function returns to avoid incorrect gcc 4.0 warning.
-        (LabelNode::execute): Ditto.
-        * kjs/string_object.cpp: (replace): Ditto.
-
-2005-04-26  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/4098713> Scripting API is incompatible with Mozilla
-        
-        We were incompatible with Mozilla's implementation of the scripting APIs in
-        two ways:
-
-        Their NPN_SetException has the following signature:
-
-            void NPN_SetException(NPObject *npobj, const NPUTF8 *message);
-
-        ours has:
-
-            void NPN_SetException (NPObject * npobj, const NPString *message);
-
-        Also, they expect the string returned from NPN_UTF8FromIdentifier() to be freed by caller.
-        We do not.
-
-        I changed both behaviors to match Mozilla.
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_SetException):
-        * bindings/npruntime.cpp:
-        (_NPN_UTF8FromIdentifier):
-        (_NPN_IntFromIdentifier):
-        (_NPN_SetExceptionWithUTF8):
-        * bindings/npruntime.h:
-        * bindings/npruntime_impl.h:
-
-2005-04-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Chris.
-
-        <rdar://problem/4092136> reproducible crash in KJS::kjs_fast_realloc loading maps.google.com
-        
-        * kjs/string_object.cpp:
-        (StringObjectFuncImp::call): Allocate adopted ustring buffer properly.
-
-2005-04-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/ustring.cpp: (KJS::UString::UTF8String): Fix off-by-one error in surrogate pair logic.
-
-2005-04-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - fixed <rdar://problem/4090046> JavaScript throw statement causes parse error when no semicolon is present
-
-        * kjs/grammar.y: Added an additional rule for throw like the ones we have for all the other semicolon rules.
-        Not sure why we missed this one earlier.
-
-        * kjs/grammar.cpp: Regenerated.
-
-=== JavaScriptCore-412.1 ===
-
-2005-04-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - speedups, total 12% on JavaScript iBench
-
-        I ran the benchmark under Shark and followed its advice a lot, mainly.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Take out special case for 0; costing speed but unexercised.
-        Use numLiveObjectsAtLastCollect instead of numAllocationsSinceLastCollect so we don't
-        have to bump it each time we call allocate. Put numLiveObjects into a local variable to
-        cut down on global variable accesses. Make "next" cell pointer be a byte offset rather
-        than a pointer so we don't need a special case for NULL. Allow freeList to point to some
-        bogus item when the entire block is full rather than going out of our way to make it
-        point to NULL.
-        (KJS::Collector::markProtectedObjects): Get table size and pointer into locals outside
-        the loop to avoid re-loading them over and over again.
-        (KJS::Collector::collect): Put numLiveObjects into a local variable to cut down on global
-        variable accesses. Make "next" cell pointer be a byte offset as above. Put numLiveObjects
-        into a local variable to cut down on global variable accesses. Set numLiveObjectsAtLastCollect
-        rather than numAllocationsSinceLastCollect.
-        (KJS::Collector::numReferencedObjects): Get table size and pointer into locals outside
-        the loop to avoid re-loading them over and over again.
-        (KJS::Collector::rootObjectClasses): Ditto.
-
-        * kjs/internal.h: Make Value be a friend of NumberImp so it can construct number objects
-        directly, avoiding the conversion from Number to Value.
-
-        * kjs/internal.cpp: (StringImp::toObject): Don't use Object::dynamicCast, because we know
-        the thing is an object and we don't want to do all the extra work; just cast directly.
-
-        * kjs/list.cpp: (KJS::List::List): Construct valueRefCount in a way that avoids the need for
-        a branch -- in the hot case this just meant avoiding checking a variable we just set to false.
-
-        * kjs/lookup.cpp: (keysMatch): Marked this inline.
-
-        * kjs/nodes.cpp: Disabled KJS_BREAKPOINT, to avoid calling hitStatement all the time.
-        (BooleanNode::evaluate): Make a Value directly, rather than making a Boolean which is converted
-        into a Value.
-        (NumberNode::evaluate): Ditto.
-        (StringNode::evaluate): Ditto.
-        (ArrayNode::evaluate): Ditto.
-        (FunctionCallNode::evaluate): Use new inline baseIfMutable to avoid unnecessary getBase function.
-        Also just use a pointer for func, rather than an Object.
-        (PostfixNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
-        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
-        integer and back.
-        (DeleteNode::evaluate): Make a Value directly.
-        (TypeOfNode::evaluate): Use new inline baseIfMutable and make Value directly.
-        (PrefixNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
-        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
-        integer and back.
-        (UnaryPlusNode::evaluate): Make a Value directly.
-        (NegateNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
-        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
-        integer and back.
-        (BitwiseNotNode::evaluate): Make a Value directly.
-        (LogicalNotNode::evaluate): Ditto.
-        (ShiftNode::evaluate): Don't convert to a double before making a Value.
-        (RelationalNode::evaluate): Make a Value directly.
-        (EqualNode::evaluate): Ditto.
-        (BitOperNode::evaluate): Ditto.
-        (AssignNode::evaluate): Make a Value directly. Change code so that it passes a "known to be integer"
-        boolean in, often avoiding a conversion from floating point to integer and back.
-        (VarDeclNode::evaluate): Make a Value directly.
-        (ForNode::execute): Remove unused local variable.
-
-        * kjs/operations.h:
-        (KJS::isNaN): Inlined.
-        (KJS::isInf): Ditto.
-        (KJS::isPosInf): Ditto.
-        (KJS::isNegInf): Ditto.
-
-        * kjs/operations.cpp: Change isNaN, isInf, isPosInf, and isNegInf to be inlines.
-        (KJS::equal): Rewrite to avoid creating values and recursing back into the function.
-        (KJS::relation): Rearranged code so that we don't need explicit isNaN checks.
-        (KJS::add): Changed code to make Value directly, and so that it passes a "known to be integer"
-        boolean in, often avoiding a conversion from floating point to integer and back.
-        (KJS::mult): Ditto.
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap): Get size and entries pointer outside loop to avoid
-        re-getting them inside the loop.
-        (KJS::PropertyMap::clear): Ditto. Clear value pointer in addition to key, so we can just
-        look at the value pointer in the mark function.
-        (KJS::PropertyMap::get): Get sizeMask and entries pointer outside loop to avoid
-        re-getting them inside the loop.
-        (KJS::PropertyMap::put): Ditto.
-        (KJS::PropertyMap::insert): Ditto.
-        (KJS::PropertyMap::remove): Ditto.
-        (KJS::PropertyMap::mark): Get size and entries pointer outside loop to avoid
-        re-getting them inside the loop. Don't bother checking key for 0, since we already have
-        to check value for 0. (Also had to change clear() to set value to 0.)
-        (KJS::PropertyMap::addEnumerablesToReferenceList): Get size and entries pointer outside
-        loop to avoid re-getting them inside the loop.
-        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList): Ditto.
-        (KJS::PropertyMap::save): Ditto.
-
-        - other changes
-
-        * kjs/protected_values.h: Remove unneeded class name qualifiers.
-
-        * kjs/reference.h:
-        (KJS::Reference::baseIfMutable): New inline function: replaces isMutable().
-        (KJS::Reference::Reference): Inlined.
-        * kjs/reference.cpp:
-        (KJS::Reference::getValue): Rewrite to not use getBase.
-        (KJS::Reference::putValue): Ditto.
-        (KJS::Reference::deleteValue): Dittol
-
-        * kjs/simple_number.h:
-        (KJS::SimpleNumber::integerFits): Added. For use when the parameter is known to be integral.
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Create the number without first converting
-        to double in various cases that involve integers.
-
-        * kjs/ustring.h:
-        (KJS::UString::attach): Inlined.
-        (KJS::UString::release): Inlined.
-        * kjs/ustring.cpp:
-        (KJS::UString::find): Get first character outside the loop instead of re-fetching it each time.
-
-        * kjs/value.cpp:
-        (Value::Value): Added overloads for all the various specific types of values, so you don't have
-        to convert from, say, Number to Value, just to create one.
-        (Number::Number): Added an overload that takes a boolean to indicate the number is already
-        known to be an integer.
-
-        * kjs/value.h: Added more Value constructors, added a version of toNumber that returns
-        a boolean to indicate if the number is known to be an integer (because it was a "simple number").
-        (KJS::ValueImp::marked): Inlined.
-        (KJS::ValueImp::dispatchType): Inlined.
-        (KJS::ValueImp::dispatchToPrimitive): Inlined.
-        (KJS::ValueImp::dispatchToBoolean): Inlined.
-        (KJS::ValueImp::dispatchToNumber): Inlined.
-        (KJS::ValueImp::dispatchToString): Inlined.
-        (KJS::ValueImp::dispatchToUInt32): Inlined.
-
-2005-04-14  Maciej Stachowiak  <mjs@apple.com>
-
-        - make fast_malloc.h a private header, not project
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-2005-04-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Richard.
-
-        <rdar://problem/4089734> JavaScript iBench can be sped up ~10% with custom allocator
-
-        - use custom single-threaded malloc for all non-GC JavaScriptCore
-        allocations, for a 9.1% speedup on JavaScript iBench
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Use dlmalloc to allocate the collector blocks.
-        (KJS::Collector::collect): And dlfree to free it.
-        * kjs/fast_malloc.cpp: Added, just the standard dlmalloc here.
-        * kjs/fast_malloc.h: Added. Declarations for the functions. Also added a handy
-        macro to give a class custom operator new/delete
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add): Use dlmalloc/dlfree.
-        * kjs/nodes.h: make nodes KJS_FAST_ALLOCATED.
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap): Use dlmalloc/dlfree.
-        (KJS::PropertyMap::rehash): ditto
-        * kjs/scope_chain.h:
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::createCopying): New named constructor that copies a passed-in
-        buffer, to hide allocation details from webcore.
-        (KJS::UString::UString): use createCopying when appropriate.
-        (KJS::UString::Rep::destroy): Use dlmalloc/dlfree.
-        (KJS::UString::expandedSize): likewise
-        (KJS::UString::expandCapacity): likewise
-        (KJS::UString::expandPreCapacity): likewise
-        (KJS::UString::spliceSubstringsWithSeparators): likewise
-        (KJS::UString::append): likewise
-        (KJS::UString::operator=): likewise
-        (KJS::UString::detach): likewise
-        * kjs/ustring.h: make UString and UString::Rep KJS_FAST_ALLOCATED.
-
-2005-04-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        <rdar://problem/4086819> Avoid using protect count hash table so much for 5.6% JS iBench speedup
-
-        - Avoid using protected values hash for the two most common cases
-        - Bump up ListImp high water mark, new testing shows 508 ListImps are
-        created during JS iBench.
-
-        Net result is a 5.6% speedup on JavaScript iBench
-        
-        * kjs/collector.cpp:
-        (KJS::Collector::collect): mark protected lists as appropriate.
-        * kjs/context.h:
-        * kjs/list.cpp:
-        (KJS::ListImp::markValues): Moved implementation from List::markValues
-        (KJS::List::markProtectedLists): Implemented - scan pool and overflow
-        list.
-        (KJS::allocateListImp): link lists outside the pool into a separate
-        doubly linked list to be able to mark protected lists
-        (KJS::deallocateListImp): do the corresponding delinking
-        (KJS::List::derefValues): do nothing in conservative GC mode
-        (KJS::List::refValues): do nothing in conservative GC mode
-        (KJS::List::markValues): call ListImp version
-        (KJS::List::append):
-        * kjs/list.h:
-
-=== Safari-412 ===
-
-=== Safari-411 ===
-
-=== Safari-410 ===
-
-=== Safari-409 ===
-
-=== Safari-408 ===
-
-=== Safari-407 ===
-
-2005-03-16  Jens Alfke  <jens@apple.com>
-
-        Reviewed by Kevin.
-
-        Fix for <rdar://problem/4025212> "REGRESSION (163-164): search not performed correctly; united.com"
-        JavaScript unescape("") was returning a messed-up String object that appeared identical to an empty string, but would in some cases act as 'null' when passed to native functions, in this case the Option() constructor.
-        In the implementation of unescape, the UString holding the result was not initialized to "", so it started out as a null string. If nothing was appended to it, it remained null, resulting in a JavaScript String object with some bad behaviors (namely, converting it to a DOMStringImpl results in a NULL pointer.)
-        Darin says this regression occurred when we replaced our own implementation of unescape() with code from KJS.
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call):
-
-2005-03-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/4053276> WebScripting protocol in WebKit cannot convert Boolean in Javascript to BOOL in Objective-C
-
-        Added JavaScript boolean to type that can be converted to
-        ObjC scalar parameters.
-
-        Reviewed by Ken Kocienda.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-
-=== Safari-406 ===
-
-=== Safari-405 ===
-
-=== Safari-403 ===
-
-=== Safari-402 ===
-
-=== Safari-401 ===
-
-=== Safari-400 ===
-
-=== Safari-188 ===
-
-2005-02-21  Darin Adler  <darin@apple.com>
-
-        * kjs/date_object.cpp: (timetUsingCF): Fixed indenting.
-
-2005-02-17  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/4003251> Safari crashed at www.icelandair.com in LiveConnect code converting a Java object to a string
-
-        Added nil check.
-
-        Reviewed by John Sullivan.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-
-=== Safari-187 ===
-
-2005-02-11  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3985118> DOM objects not being marshaled on JS->native calls
-
-        Re-factored how 'native' wrappers for JS objects are created.  The interpreter now
-        creates these wrappers.  The WebCore subclass of the interpreter now overrides
-        createLanguageInstanceForValue() and creates a DOM ObjC wrapper for DOM objects.
-
-        Reviewed by Ken.
-
-        * bindings/c/c_utility.cpp:
-        (convertValueToNPVariant):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        (JavaArray::valueAt):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject _setExecutionContext:KJS::Bindings::]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-        (KJS::Bindings::createObjcInstanceForValue):
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        (Instance::createRuntimeObject):
-        (Instance::createLanguageInstanceForValue):
-        * bindings/runtime.h:
-        * kjs/interpreter.cpp:
-        (Interpreter::createLanguageInstanceForValue):
-        * kjs/interpreter.h:
-
-=== Safari-186 ===
-
-2005-02-10  Darin Adler  <darin@apple.com>
-
-        "Reviewed" by Richard (he told me the file was obsolete).
-
-        - got rid of an obsolete file
-
-        * bindings/npsap.h: Removed.
-
-=== Safari-185 ===
-
-=== Safari-183 ===
-
-2005-02-03  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3972905> CrashTracer: ...36 crashes at com.apple.WebCore: khtml::CSSStyleSelector::applyDeclarations + 120
-
-        Revert to old (and correct) behavior of returning runtime object
-        when passed as a parameter, rather than it's corresponding DOM
-        object.
-
-        Reviewed by Chris.
-
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-
-=== Safari-182 ===
-
-2005-01-28  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3980389> JavaScript bindings access incorrect runtime object
-
-        Only use special 'back door' property to get the runtime object if thisObj isn't
-        already a runtime object.
-
-        <gratuitous> Cleaned up a couple of strcmp on ClassInfo name.  Used == on
-        ClassInfo pointer instead.
-
-        Reviewed by Chris.
-
-        * bindings/c/c_utility.cpp:
-        (convertValueToNPVariant):
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-
-=== Safari-181 ===
-
-2005-01-26  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3972522> (179-180) 40% slowdown on iBench JavaScript test
-
-        I added a member variable to ObjectImp.  This changed it's size and consequently
-        hampered the optimizations built into the garbage collector.  Objects no longer
-        fit within the allocators cell size, and thus allocation fell back to a slower
-        allocator.
-
-        As a result of this fix I also dramatically cleaned up how runtime objects are
-        accessed.  The path mostly *removes* code.
-        
-        Reviewed by Chris.
-
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::defaultValue):
-        * bindings/runtime_object.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::ObjectImp):
-        * kjs/object.h:
-
-2005-01-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by me, changes by Han Ming Ong.
-
-        - <rdar://problem/3964302> SWB: A few files need to be updated to be compilable under GCC 4.0
-
-        * bindings/objc/WebScriptObjectPrivate.h: Make members public.
-        * kjs/lookup.h: Change "value.h" to "object.h" because we need KJS::Object to compile a template.
-
-2005-01-20  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3964634> undefined property value from binding seems to evaluate to true in an if statement
-
-        The comprehensive fix for this problem requires new API, as described in 3965326.  However,
-        given that we can't add new API at this point, the 'ObjcFallbackObjectImp' will behave
-        like and Undefined object if  invokeUndefinedMethodFromWebScript:withArguments: isn't
-        implemented on the bound object.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::type):
-        (ObjcFallbackObjectImp::implementsCall):
-        (ObjcFallbackObjectImp::toBoolean):
-        * bindings/testbindings.mm:
-        (+[MyFirstInterface isSelectorExcludedFromWebScript:]):
-        (+[MyFirstInterface isKeyExcludedFromWebScript:]):
-
-=== Safari-180 ===
-
-2005-01-19  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3853676> Browser Crash when accessing CCWeb Progress Page - KJS::Bindings::convertValueToJValue
-
-        Fixed the following problems with LiveConnect that are demonstrated by the application
-        described in 3853676.
-
-        1.  If a nil object is passed in an array from Java to JavaScript we will crash.
-        2.  We sometimes will incorrectly attempt to access a generic JavaScript as a Java runtime object wrapper.
-        3.  We will sometimes fail to find the correct static method ID.
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::convertJObjectToValue):
-        (JSObject::listFromJArray):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        (JavaField::setValueToInstance):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getMethodID):
-        (KJS::Bindings::convertValueToJValue):
-        * bindings/runtime_array.h:
-
-2005-01-18  Richard Williamson   <rjw@apple.com>
-
-        Fixed several issues all arising from analysis of plugin detection code at ifilm.com:
-
-        Fixed <rdar://problem/3958592> can't script plug-ins if plug-in is invoked with <object> element instead of <embed>
-        Fixed <rdar://problem/3958597> <object> elements with IDs do not show up as named properties of the document
-        Fixed <rdar://problem/3960973> DOM objects for plugin elements are not accessible
-        Fixed <rdar://problem/3958601> need an additional class ID in WebCore for the Real plug-in
-
-        We now support accessing scriptable plugin objects that are specified with <applet>, <embed>, or <object>
-        tags.  Also, if any of these elements are named they can be accessed from the document or window objects.
-        Finally, DOM methods are properties will be forwarded appropriately for the plugin's root scriptable object.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::supportsSetValueOfUndefinedField):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::defaultValue):
-        * bindings/runtime_object.h:
-        (KJS::RuntimeObjectImp::fallbackObject):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::ObjectImp):
-        * kjs/object.h:
-        (KJS::ObjectImp::forwardingScriptMessage):
-        (KJS::ObjectImp::setForwardingScriptMessage):
-
-2005-01-18  Richard Williamson   <rjw@apple.com>
-
-        Back out a change that was incorrectly committed yesterday.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-
-2005-01-17  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3753030> Need to ensure same origin for plugin binding invocations (origin security rules)
-
-        Keep track of originating execution context and target execution
-        context for native JS object wrappers, and perform appropriate
-        security checks.
-
-        Reviewed by David Harrison.
-
-        * bindings/NP_jsobject.cpp:
-        (_isSafeScript):
-        (_NPN_CreateScriptObject):
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        (_NPN_SetException):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::stringValue):
-        * bindings/c/c_instance.h:
-        * bindings/c/c_utility.cpp:
-        (convertValueToNPVariant):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::valueOf):
-        * bindings/jni/jni_instance.h:
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject _initializeWithObjectImp:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        (-[WebScriptObject _initWithObjectImp:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        (-[WebScriptObject KJS::Bindings::]):
-        (-[WebScriptObject _setOriginExecutionContext:KJS::Bindings::]):
-        (-[WebScriptObject _isSafeScript]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject removeWebScriptKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        (-[WebScriptObject webScriptValueAtIndex:]):
-        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_runtime.mm:
-        (convertValueToObjcObject):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        * bindings/runtime.cpp:
-        (Instance::Instance):
-        (Instance::operator=):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::Instance):
-        (KJS::Bindings::Instance::setExecutionContext):
-        (KJS::Bindings::Instance::executionContext):
-        * bindings/runtime_root.cpp:
-        (RootObject::setInterpreter):
-        * bindings/runtime_root.h:
-        * kjs/interpreter.h:
-        (KJS::Interpreter::isGlobalObject):
-        (KJS::Interpreter::interpreterForGlobalObject):
-        (KJS::Interpreter::isSafeScript):
-
-=== Safari-179 ===
-
-2005-01-13  Vicki Murley <vicki@apple.com>
-
-        Reviewed by Adele.
-
-        - fix <rdar://problem/3946836> Safari about box lists 2004 instead of 2005
- 
-        * JavaScriptCore.pbproj/project.pbxproj: bump "2004" to "2005"
-
-2005-01-12  Richard Williamson   <rjw@apple.com>
-
-        Avoid additional work on dealloc by adding early out to
-        removeNativeReference().  (This will save time on dealloc
-        for all ObjC DOM objects.)
-
-        Reviewed by Darin.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::removeNativeReference):
-
-2005-01-12  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3923356> REGRESSION: Java/JavaScript security checks working incorrectly
-
-        We were always returning the first "root" object for all runtime
-        objects.  Changed 0 in loop to i, the index.
-
-        Reviewed by David Harrison.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::rootForImp):
-
-2005-01-11  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3887930> Must use new Java plug-in API to get/set fields so exception handling works (fixes many LiveConnect crashes)
-
-        Use the new dispatching API to invoke JNI, rather than calling JNI
-        directly.
-
-        Reviewed by David Harrison.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::dispatchValueFromInstance):
-        (JavaField::valueFromInstance):
-        (JavaField::dispatchSetValueToInstance):
-        (JavaField::setValueToInstance):
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-
-=== Safari-178 ===
-
-=== Safari-177 ===
-
-=== Safari-176 ===
-
-2004-12-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Kevin.
-
-        <rdar://problem/3926869> Opening caches window after running PLT causes crash
-        
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::getProtectCount): Don't include simple numbers in
-        the protected value table.
-        (KJS::ProtectedValues::increaseProtectCount): Ditto.
-        (KJS::ProtectedValues::decreaseProtectCount): Ditto.
-
-2004-12-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3920764> Unimplemented String methods toLocaleLowerCase and toLocaleUpperCase
-
-        * kjs/string_object.h: Added toLocaleLowerCase and toLocaleUpperCase.
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Made locale versions be synonmyms for the
-        non-locale-specific versions.
-        * kjs/string_object.lut.h: Regenerated.
-
-2004-12-14  Richard Williamson   <rjw@apple.com>
-
-        Pass URL of plugin view when call into JNI.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-
-2004-12-13  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3827799> repro. crash with IBM Rational ClearCase Web under Safari (Java/LiveConnect-related)
-
-        Add support for calling static Java methods from JavaScript.
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaMethod::isStatic):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIStaticMethod):
-        (KJS::Bindings::callJNIBooleanMethod):
-        (KJS::Bindings::callJNIStaticBooleanMethod):
-        * bindings/jni/jni_utility.h:
-
-2004-12-13  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3887767> LiveConnect doesn't propagate Java exceptions back to JavaScript (prevents security suite from running)
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni/jni_utility.h:
-
-=== Safari-175 ===
-
-2004-12-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/3908017> REGRESSION (172-173): assertion in ObjectImp::construct trying to create JS error (24hourfitness.com)
-
-        The fix was to implement copy constructor and assignment operator,
-        the ones that worked on the base class did not replace the
-        defaults apparently!
-        
-        * kjs/protect.h:
-        (KJS::ProtectedValue::ProtectedValue):
-        (KJS::ProtectedValue::operator=):
-        (KJS::ProtectedObject::ProtectedObject):
-        (KJS::ProtectedObject::operator=):
-        
-        Also fixed a bug in the GC test mode that compares the results of
-        the old collector and the new collector.
-
-        * kjs/value.cpp:
-        (ValueImp::mark):
-
-=== Safari-173 ===
-
-2004-11-23  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3890385> field and method cache incorrectly capped (c bindings)
-
-        Reviewed by Ken.
-
-        * bindings/c/c_class.cpp:
-        (CClass::_commonInit):
-
-2004-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-        <rdar://problem/3889696> Enable conservative garbage collection for JavaScript
-        
-        * kjs/collector.cpp:
-        (KJS::Collector::Thread::Thread):
-        (KJS::destroyRegisteredThread):
-        (KJS::initializeRegisteredThreadKey):
-        (KJS::Collector::registerThread):
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::markCurrentThreadConservatively):
-        (KJS::Collector::markOtherThreadConservatively):
-        * kjs/collector.h:
-        * kjs/internal.cpp:
-        (lockInterpreter):
-        * kjs/value.h:
-
-=== Safari-172 ===
-
-2004-11-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3880561> Default string value of ObjC object in JS should be [obj description].
-
-        Reviewed by Hyatt.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::stringValue):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertNSStringToString):
-        (KJS::Bindings::convertObjcValueToValue):
-
-=== Safari-171 ===
-
-2004-11-09  Chris Blumenberg  <cblu@apple.com>
-
-        Fixed: <rdar://problem/3872724> soft link against JavaVM to save ~2MB RSHRD
-
-        Reviewed by rjw.
-
-        * ChangeLog:
-        * JavaScriptCore.pbproj/project.pbxproj: don't link against JavaVM
-        * bindings/softlinking.c: Added.
-        (loadFramework): new
-        (getFunctionPointer): new
-        (JNI_GetCreatedJavaVMs): load JavaVM if not already loaded, get _JNI_GetCreatedJavaVMs symbol if we don't already have it, call JNI_GetCreatedJavaVMs
-
-=== Safari-170 ===
-
-2004-11-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed <rdar://problem/3865365> since -[WebScriptObject dealloc] does not call [super dealloc], the build will fail due to a warning
-        - fixed behavior so that [[WebScriptObject alloc] initWithCoder:] doesn't leak WebUndefined instances
-          and incidentally so that [[WebScriptObject alloc] init] returns the single shared instance rather
-          than allocating a new one
-
-        * bindings/objc/WebScriptObject.mm: Removed some stray semicolons.
-        (+[WebUndefined allocWithZone:]): Made this the common bottleneck that returns the single instance
-        of WebUndefined, since it's the single method that normally allocates new instances. Calls super to
-        actually allocate only the very first time it's called.
-        (-[WebUndefined initWithCoder:]): Simplified to just return self (no reason to re-lookup the single
-        shared instance since there can be only one).
-        (-[WebUndefined copyWithZone:]): Ditto.
-        (-[WebUndefined retain]): Ditto.
-        (-[WebUndefined retainCount]): Use UINT_MAX constant here (matches usage in NSObject.m for retain count
-        of class).
-        (-[WebUndefined autorelease]): Simplified to just return self (see above).
-        (-[WebUndefined copy]): No need to override this since it just turns around and calls copyWithZone:.
-        (-[WebUndefined dealloc]): Added an assertion since this method should never be called. Also added
-        a call to [super dealloc] after return; to make the new -Wdealloc-check compiler happy (fixing the
-        bug mentioned above).
-        (+[WebUndefined undefined]): Reimplemented; calls allocWithZone:NULL to get to the shared instance.
-        No need to call init, since that's a no-op for this class.
-
-2004-11-03  David Harrison  <harrison@apple.com>
-
-        Reviewed by Darin.
-        
-        Eliminate the use of a marker file to determine how to build.
-
-        * .cvsignore:
-        * Makefile.am:
-
-2004-11-01  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3861469> Latest Real player crashes Safari on some sites.
-
-        Reviewed by Ken.
-
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        (CInstance::invokeDefaultMethod):
-        Initialize out parameters to void type.
-
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        Initialize out parameters to void type.
-        Also added additional checks to protect against classes that 
-        don't implement all functions.
-
-2004-11-01  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3861257> WebUndefined should be returned for undefined values
-
-        Reviewed by John.
-
-        * ChangeLog:
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        Added additional conversion Undefined -> WebUndefined.
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-        Added additional conversion WebUndefined -> Undefined.
-
-2004-11-01  Darin Adler  <darin@apple.com>
-
-        - fixed <rdar://problem/3855573> Remove reference to "WebScriptMethods" from WebScriptObject.h comments
-
-        * bindings/objc/WebScriptObject.h: Removed unneeded #ifdef protection for multiple includes (since
-        this is an Objective-C header and we use #import for those). Fixed comments as requested in the bug
-        report to match the contents of the file.
-
-=== Safari-169 ===
-
-=== Safari-168 ===
-
-2004-10-22  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        * JavaScriptCore.pbproj/project.pbxproj:  
-        Add GCC_ENABLE_OBJC_GC and GCC_FAST_OBJC_DISPATCH flags.
-
-=== Safari-167 ===
-
-2004-10-13  Richard Williamson   <rjw@apple.com>
-
-        Moved boolean checks prior to NSNumber checks.  booleans are
-        NSNumbers.
-
-        Follow on to <rdar://problem/3821515> binding layer needs to convert NSNumber-bools to js type boolean not number.
-
-        Reviewed by John.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-
-2004-10-12  Richard Williamson   <rjw@apple.com>
-
-        Fixed access to DOM object via WebScriptObject API.
-        The execution context for DOM objects wasn't being found.
-        <rdar://problem/3831372> The valueForKey method for @"offsetLeft" on a paragraph element causes a crash.
-
-        Reviewed by Chris.
-
-        * bindings/objc/WebScriptObject.mm:
-        (_didExecute):
-        (-[WebScriptObject KJS::Bindings::]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-
-2004-10-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fixed <rdar://problem/3804661> REGRESSION: JavaScriptCore framework now has two init routines
-
-        * bindings/NP_jsobject.cpp: Fixed unnecessarily-complex globals set up that was
-        creating an init routine.
-
-        * kjs/ustring.cpp: Changed around the UString::Rep::empty construction to not
-        require a global constructor that creates an init routine.
-
-2004-10-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fixed <rdar://problem/3822618> REGRESSION (164-165): expedia.com's popup help doesn't work
-
-        * kjs/reference.cpp: (Reference::putValue): Change so that references not found in any object
-        work with the window object of the page the function is in, not the page of the caller. This
-        is what all other browsers do. This code was hidden before by the "everything is defined on
-        window object" hack in WebCore.
-
-2004-10-07  Richard Williamson   <rjw@apple.com>
-
-        Added simple JavaScript call tracing.  Very useful for
-        debugging complex pages.
-
-        Tracing is only available in development builds and is
-        enabled by:
-
-        (gdb) set traceJavaScript = 1
-
-        or programatically
-
-        setTraceJavaScript(true)
-
-        Function, args, and return values are printed to console.  Very
-        verbose.
-
-        Reviewed by Ken.
-
-        * kjs/function_object.cpp:
-        (FunctionProtoFuncImp::call):
-        * kjs/object.cpp:
-        (KJS::Object::call):
-
-=== Safari-166 ===
-
-2004-10-05  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3819234> NPN_SetException (and throwException:) isn't implemented
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_SetException):
-        * bindings/npruntime.cpp:
-        (_NPN_SetExceptionWithUTF8):
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject throwException:]):
-        * kjs/internal.h:
-        (KJS::InterpreterImp::context):
-
-2004-10-05  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3821515> binding layer needs to convert NSNumber-bools to js type boolean not number
-
-        Reviewed by Ken.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-
-2004-10-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - rolled in a fix the KDE folks did for the operations that generate HTML fragments
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Added quote marks to generated HTML.
-
-        - rolled out an old workaround we don't need any more
-
-        * JavaScriptCore.pbproj/project.pbxproj: Remove -Wno-long-double because the <math.h> issue that
-        required it is no longer there.
-
-2004-09-30  Richard Williamson  <rjw@apple.com>
-
-        Fixed <rdar://problem/3821215> NPN hasMethod and hasProperty functions should take NPObjects, not NPClass
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_GetProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodsNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/npruntime.h:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::hasProperty):
-
-2004-09-29  Chris Blumenberg  <cblu@apple.com>
-
-        Prepended underscores to NPN methods so that when the QT plug-in loads these symbols, it uses the non-underscore versions in WebKit. Without this, the QT plug-in was failing to load when launching Safari from the command-line.
-
-        Reviewed by rjw.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (_NPN_CreateScriptObject):
-        (_NPN_InvokeDefault):
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::~CInstance):
-        (CInstance::operator=):
-        (CInstance::invokeMethod):
-        (CInstance::invokeDefaultMethod):
-        * bindings/c/c_runtime.cpp:
-        * bindings/c/c_runtime.h:
-        (KJS::Bindings::CField::name):
-        (KJS::Bindings::CMethod::name):
-        * bindings/npruntime.cpp:
-        (_NPN_GetStringIdentifier):
-        (_NPN_GetStringIdentifiers):
-        (_NPN_GetIntIdentifier):
-        (_NPN_IdentifierIsString):
-        (_NPN_UTF8FromIdentifier):
-        (_NPN_IntFromIdentifier):
-        (NPN_InitializeVariantWithObject):
-        (_NPN_ReleaseVariantValue):
-        (_NPN_CreateObject):
-        (_NPN_RetainObject):
-        (_NPN_ReleaseObject):
-        (_NPN_SetExceptionWithUTF8):
-        (_NPN_SetException):
-
-2004-09-26  Darin Adler  <darin@apple.com>
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Remove strange use of high() and
-        low() to get Unicode value of character, and just use unicode().
-
-2004-09-26  Darin Adler  <darin@apple.com>
-
-        - refine charAt/charCodeAt fix slightly
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Treat undefined the same was as an
-        omitted parameter, as we do everywhere else, and as other browsers do here.
-
-2004-09-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fixed <rdar://problem/3816097> REGRESSION: mailblocks, and presumably many other pages, failing because variable not found
-
-        * kjs/internal.cpp: (InterpreterImp::evaluate): Process variable declarations before executing
-        the program. We were doing this properly for functions, but not entire programs.
-
-        - fixed <rdar://problem/3814706> REGRESSION: text fields in mailblocks wizards do not accept keystrokes due to use of charCodeAt()
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Changed the implementation of charAt
-        and charCodeAt to treat a missing parameter as an index of 0, rather than an invalid index.
-
-        * tests/mozilla/expected.html: Update for two tests that now pass with these changes.
-
-=== Safari-165 ===
-
-=== Safari-164 ===
-
-2004-09-14  Richard Williamson   <rjw@apple.com>
-
-        1.  Add class parameter to object allocation function.  This is somewhat redundant, given that
-        the allocation function is in the class function vector, but people wanted to use the same
-        allocation function for different classes.
-        
-        2.  Renamed NPN_Class to NPN_Invoke to match the name in the function vector.
-        
-        3.  Add support for a default function on an object.  This is a feature that ActiveX supports,
-        and will allow JavaScript code to be written that will look exactly the same for both ActiveX
-        plugins and Netscape or WebKit plugins.  There are implementations included for the 'C' and
-        'Objective-C' bindings.
-        
-        There bugs are covered by
-        
-        <rdar://problem/3776343> Support for default functions in the JavaScript bindings
-        <rdar://problem/3779186> NPN_Call needs to be renamed to NPN_Invoke
-        <rdar://problem/3674754> Need to implement latest npruntime.h
-
-        Reviewed by John.
-
-        * bindings/NP_jsobject.cpp:
-        (jsAllocate):
-        (NPN_InvokeDefault):
-        (NPN_Invoke):
-        * bindings/c/c_class.cpp:
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::operator=):
-        (CInstance::invokeMethod):
-        (CInstance::invokeDefaultMethod):
-        * bindings/c/c_instance.h:
-        * bindings/c/c_runtime.cpp:
-        * bindings/c/c_runtime.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeDefaultMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/npruntime.cpp:
-        (NPN_CreateObject):
-        * bindings/npruntime.h:
-        * bindings/objc/WebScriptObject.h:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::fallbackObject):
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeDefaultMethod):
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-        (ObjcFallbackObjectImp::get):
-        (ObjcFallbackObjectImp::put):
-        (ObjcFallbackObjectImp::canPut):
-        (ObjcFallbackObjectImp::implementsCall):
-        (ObjcFallbackObjectImp::call):
-        (ObjcFallbackObjectImp::hasProperty):
-        (ObjcFallbackObjectImp::deleteProperty):
-        (ObjcFallbackObjectImp::defaultValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Class::fallbackObject):
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::setValueOfUndefinedField):
-        (KJS::Bindings::Instance::valueOf):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::implementsCall):
-        (RuntimeObjectImp::call):
-        * bindings/runtime_object.h:
-
-2004-09-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/3794735> Gmail- sending a very long message with Safari is so slow it seems like a hang
-        
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): Replaced implementation of replace()
-        method with function below...
-        (replace): In order to avoid excessive allocation and copying,
-        figure out the ranges of the original string and replacement
-        strings to be assembled, instead of constantly creating new
-        strings at each substitution. The old behavior is basically O(N^2)
-        for a global replace on a pattern that matches many places in the
-        string.
-        (regExpIsGlobal): Helper function for the above.
-        (expandSourceRanges): ditto
-        (pushSourceRange): ditto
-        (expandReplacements): ditto
-        (pushReplacement): ditto
-        * kjs/ustring.cpp:
-        (KJS::UString::spliceSubstringsWithSeparators): New method that
-        pieces together substring ranges of this string together with
-        specified separators, all at one go.
-        * kjs/ustring.h:
-        (KJS::UString::Range::Range): Added new helper class to represent
-        substring choices.
-
-2004-09-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - fixed <rdar://problem/3800315> encode-URI-test layout test is failing
-        
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call): Make sure to escape null
-        characters. This is a bug in the new code that made part of the
-        test fail.
-
-2004-09-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin and Maciej.
-
-        - new function to support fix for DIG bug in WebCore
-
-        * kjs/scope_chain.h: Added new push function that pushes another entire scope chain.
-        * kjs/scope_chain.cpp: (KJS::ScopeChain::push): Ditto.
-
-2004-09-12  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/expected.html: Updated test results for 3 more tests that pass with the new version
-        of escape and unescape.
-
-2004-09-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3798209> any non-ASCII characters are garbled in the result of toLocaleString
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate): Replaced two old functions that used LongDateTime with this one new function that
-        uses CFDateFormatter.
-        (DateProtoFuncImp::call): Call the new formatLocaleDate instead of both formatLocaleDate and formatLocaleTime.
-
-2004-09-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Richard.
-
-        <rdar://problem/3493140> REGRESSION (85-100): cedille displays %-escaped in JavaScript message at hotmail.com
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call): Replace our escape() and unescape() implementations with
-        ones from KDE KJS, which have the proper latin-1 behavior to match Win IE.
-        * kjs/lexer.cpp:
-        (Lexer::isHexDigit): Made static and non-const.
-        * kjs/lexer.h:
-
-=== Safari-163 ===
-
-2004-09-06  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Bump MACOSX_DEPLOYMENT_TARGET to 10.3.
-
-=== Safari-162 ===
-
-2004-09-01  Richard Williamson   <rjw@apple.com>
-
-        Add pid to exception messages (to help debug dashboard clients).
-
-        Reviewed by Chris.
-
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate):
-
-=== Safari-161 ===
-
-2004-08-20  Richard Williamson   <rjw@apple.com>
-
-        Implemented new JNI abstraction.  We no longer invoke Java methods
-        directly with JNI, rather we call into the plugin.  This allows the
-        plugin to dispatch the call to the appropriate VM thread.  This
-        change should (will?) fix a whole class of threading related problems with
-        the Java VM.
-
-        Reviewed by Hyatt.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/c/c_instance.h:
-        (KJS::Bindings::CInstance::setExecutionContext):
-        (KJS::Bindings::CInstance::executionContext):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::invokeMethod):
-        (JavaInstance::setExecutionContext):
-        (JavaInstance::executionContext):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::convertJObjectToValue):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (JavaArray::convertJObjectToArray):
-        (JavaField::valueFromInstance):
-        (JavaArray::JavaArray):
-        (JavaArray::valueAt):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaArray::operator=):
-        (KJS::Bindings::JavaArray::executionContext):
-        * bindings/jni/jni_utility.h:
-        * bindings/objc/objc_instance.h:
-        (KJS::Bindings::ObjcInstance::setExecutionContext):
-        (KJS::Bindings::ObjcInstance::executionContext):
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::nativeHandle):
-
-=== Safari-158 ===
-
-2004-08-19  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by John.
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::put): initialize deletedElementIndex to zero, to make the compiler happy
-
-2004-08-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fixed <rdar://problem/3746676> SAP WebDynpro app hangs inside JavaScript property map hash table code (deleted sentinel problem)
-
-        * kjs/property_map.h: Added some private functions.
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::clear): Set sentinelCount to 0.
-        (KJS::PropertyMap::put): Complete search for the element before choosing to use the deleted-element sentinel.
-        Also keep sentinel count up to date when we destroy a sentinel by overwriting with a new added element.
-        (KJS::PropertyMap::expand): Added. Calls rehash with a size 2x the old size, or 16.
-        (KJS::PropertyMap::rehash): Added. Refactored the rehash code into a separate function.
-        (KJS::PropertyMap::remove): Add one to sentinelCount, and rehash if 1/4 or more of the elements are
-        deleted-element sentinels.
-        (KJS::PropertyMap::checkConsistency): Check the sentinelCount.
-
-2004-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Code change by Eric Albert, reviewd by me.
-
-        <rdar://problem/3571960> washingtonpost.com claims I don't have cookies enabled and won't let me read articles
-
-        * kjs/date_object.cpp:
-        (timetUsingCF): Clamp time to LONG_MAX (getting rid of time_t
-        entirely would be even better, but is not required to fix this bug.
-
-=== Safari-157 ===
-
-2004-08-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3581092> cash in KJS::Bindings::JSObject::eval at tcvetantcvetkov.com
-
-        Adds bullet proofing to protect against evaluation of bogus JS in all the flavors of bindings (Java, C, and ObjC).
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (NPN_Evaluate):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::eval):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject evaluateWebScript:]):
-
-2004-08-15  Richard Williamson   <rjw@apple.com>
-
-        More updates to np headers.  Implemented new NPN functions.
-
-        Reviewed by Darin.
-
-        * bindings/NP_jsobject.cpp:
-        (NPN_HasProperty):
-        (NPN_HasMethod):
-        * bindings/npapi.h:
-        * bindings/npruntime.h:
-
-2004-08-13  Darin Adler  <darin@apple.com>
-
-        - fix build so we can compile again
-
-        * bindings/npapi.h: Added. Richard forgot to check this in. The one I'm checking in here
-        is good enough so that we can compile, but it's only a stopgap measure, because I think
-        Richard has a newer one he wants to check in.
-
-2004-08-12  Richard Williamson   <rjw@apple.com>
-
-        Bring npruntime.h and friends closer to compliance with
-        latest spec.
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (jsAllocate):
-        (_NPN_CreateScriptObject):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_RemoveProperty):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/c/c_utility.cpp:
-        (convertNPVariantToValue):
-        * bindings/npruntime.cpp:
-        (NPN_IdentifierIsString):
-        (NPN_VariantIsVoid):
-        (NPN_VariantIsNull):
-        (NPN_VariantIsUndefined):
-        (NPN_VariantIsBool):
-        (NPN_VariantIsInt32):
-        (NPN_VariantIsDouble):
-        (NPN_VariantIsString):
-        (NPN_VariantIsObject):
-        (NPN_VariantToBool):
-        (NPN_VariantToString):
-        (NPN_VariantToInt32):
-        (NPN_VariantToDouble):
-        (NPN_VariantToObject):
-        (NPN_InitializeVariantAsVoid):
-        (NPN_InitializeVariantAsNull):
-        (NPN_InitializeVariantAsUndefined):
-        (NPN_InitializeVariantWithBool):
-        (NPN_InitializeVariantWithInt32):
-        (NPN_InitializeVariantWithDouble):
-        (NPN_InitializeVariantWithString):
-        (NPN_InitializeVariantWithStringCopy):
-        (NPN_InitializeVariantWithObject):
-        (NPN_InitializeVariantWithVariant):
-        (NPN_ReleaseVariantValue):
-        (NPN_CreateObject):
-        * bindings/npruntime.h:
-        (_NPString::):
-        (_NPString::_NPVariant::):
-        * bindings/npruntime_priv.h: Added.
-
-2004-08-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fixed 3 problems with parse functions that I just wrote, fixing 3 more Mozilla JavaScript tests
-
-        * kjs/function.cpp:
-        (KJS::parseDigit): Fix typo, 'Z' instead of 'z', that prevented lowercase hex digits from working.
-        (KJS::parseInt): Add octal support. Specification says it's optional, but I guess not.
-        (KJS::parseFloat): Fix check for "0x" in parseFloat to return 0 rather than NaN. Also add code
-        to skip leading "+" or "-".
-
-=== Safari-156 ===
-
-2004-08-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed 43 Mozilla JavaScript tests
-
-        * kjs/date_object.h: Change parseDate and timeClip to take and return doubles.
-        * kjs/date_object.cpp:
-        (DateObjectImp::construct): Change to use a timeClip function that takes and returns a double rather
-        than constructing a number object to pass to it.
-        (DateObjectFuncImp::call): Change to use a parseDate function that returns a double.
-        (KJS::parseDate): Change to return a double instead of creating the Number object here.
-        (KJS::timeClip): Implement this as specified in the language standard.
-
-        * kjs/error_object.cpp: (NativeErrorImp::NativeErrorImp): Set the DontDelete, ReadOnly, and DontEnum
-        flags on the prototype property.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::get): Return null rather than undefined for arguments when the function is not
-        currently in scope.
-        (KJS::isStrWhiteSpace): Added. Matches specification for StrWhiteSpace. Could move it to some utility
-        file later.
-        (KJS::parseDigit): Added. Helper function for parseInt.
-        (KJS::parseInt): Added. Integer parser that puts result in a double so we're not limited to what
-        strtoll can handle. Also matches standard more closely.
-        (KJS::parseFloat): Added. Handles "0x" properly and passes flag to make empty string turn into NaN
-        instead of 0.
-        (KJS::GlobalFuncImp::call): Use the new parseInt and parseFloat.
-
-        * kjs/function_object.cpp: (FunctionPrototypeImp::FunctionPrototypeImp): Add a length property.
-
-        * kjs/lexer.h: Added error flag and sawError() function for detecting errors.
-        * kjs/lexer.cpp:
-        (Lexer::setCode): Clear error state.
-        (Lexer::lex): Set error state if the lexer encounters an error
-
-        * kjs/internal.cpp:
-        (NumberImp::toString): Roll in change from KDE version to special case 0 so we handle -0 correctly.
-        (Parser::parse): Use new lexer error method so those errors are treated like parser errors.
-
-        * kjs/math_object.cpp: (MathFuncImp::call): Change min and max to treat -0 as less than +0.
-        Change round to round values between -0.5 and -0 to -0 instead of +0.
-
-        * kjs/nodes.h: Add evaluateReference function to GroupNode.
-        * kjs/nodes.cpp: (GroupNode::evaluateReference): Pass references through groups (parenthesized
-        expressions) properly so that expressions like "delete (x.y)" work. Before, the parentheses
-        would change x.y into a value that can't be deleted as a side effect.
-
-        * kjs/string_object.cpp: Change parameter count for indexOf and lastIndexOf from 2 to 1 to match
-        the specification.
-
-        * kjs/testkjs.cpp: Rolled in changes from KDE to add a "quit" function to the test tool and
-        get rid of the fixed size limit for code.
-
-        * kjs/ustring.cpp: (KJS::UString::substr): Added optimized case for substr(0, length) so it just
-        returns the string without creating a new Rep, since I'm using substr in a place where it will
-        often be passed a 0.
-
-        * tests/mozilla/ecma/String/15.5.4.11-1.js: Fixed one wrong entry in the Unicode table I added to
-        the other day that was making a couple tests fail.
-        * tests/mozilla/ecma/String/15.5.4.12-1.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-2.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-3.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-4.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-5.js: Ditto.
-
-        * kjs/string_object.lut.h: Regenerated.
-
-2004-08-11  Darin Adler  <darin@apple.com>
-
-        - fixed a tiny problem with the UTF-16 PCRE check-in
-
-        * pcre/maketables.c: (pcre_maketables): Fix mistake in table-generating code that sometimes caused
-        the ctype_meta flag to get set in items that should not have it.
-
-        * pcre/chartables.c: Regenerated.
-
-2004-08-10  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3674747> Need to implement invokeUndefinedMethodFromWebScript:withArguments:
-
-        The following WebScripting methods are now supported on bound
-        objects:
-
-        - (id)invokeUndefinedMethodFromWebScript:(NSString *)name withArguments:(NSArray *)args;
-        - (void)setValue:(id)value forUndefinedKey:(NSString *)key
-        - (id)valueForUndefinedKey:(NSString *)key
-
-        Reviewed by Chris.
-
-        * bindings/c/c_class.cpp:
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h:
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/objc/objc_class.h:
-        (KJS::Bindings::ObjcClass::isa):
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        (ObjcClass::fallbackObject):
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::setValueOfField):
-        (ObjcInstance::setValueOfUndefinedField):
-        (ObjcInstance::getValueOfField):
-        (ObjcInstance::getValueOfUndefinedField):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcField::~ObjcField):
-        (KJS::Bindings::ObjcField::ObjcField):
-        (KJS::Bindings::ObjcField::operator=):
-        (KJS::Bindings::FallbackObjectImp::classInfo):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::ObjcField):
-        (ObjcField::name):
-        (ObjcField::type):
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        (FallbackObjectImp::FallbackObjectImp):
-        (FallbackObjectImp::get):
-        (FallbackObjectImp::put):
-        (FallbackObjectImp::canPut):
-        (FallbackObjectImp::implementsCall):
-        (FallbackObjectImp::call):
-        (FallbackObjectImp::hasProperty):
-        (FallbackObjectImp::deleteProperty):
-        (FallbackObjectImp::defaultValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Class::fallbackObject):
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::setValueOfUndefinedField):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface valueForUndefinedKey:]):
-        (-[MyFirstInterface setValue:forUndefinedKey:]):
-
-2004-08-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - switch PCRE to do UTF-16 directly instead of converting to/from UTF-8 for speed
-
-        * pcre/pcre.h: Added PCRE_UTF16 switch, set to 1. Added pcre_char typedef, which is char
-        or uint16_t depending on the mode, and used appropriate in the 7 public functions
-        that need to use it.
-        * pcre/pcre.c: Add UTF-16 support to all functions.
-        * pcre/study.c: Ditto.
-
-        * pcre/internal.h: Added ichar typedef, which is unsigned char or uint16_t depending on
-        the mode. Changed declarations to use symbolic constants and typedefs so we size
-        things to ichar when needed.
-
-        * pcre/maketables.c: (pcre_maketables): Change code to make tables that are
-        sized to 16-bit characters instead of 8-bit.
-
-        * pcre/get.c:
-        (pcre_copy_substring): Use pcre_char instead of char.
-        (pcre_get_substring_list): Ditto.
-        (pcre_free_substring_list): Ditto.
-        (pcre_get_substring): Ditto.
-        (pcre_free_substring): Ditto.
-
-        * pcre/dftables.c: (main): Used a bit more const, and use ICHAR sizes instead
-        of hard-coding 8-bit table sizes.
-
-        * pcre/chartables.c: Regenerated.
-
-        * kjs/ustring.h: Remove functions that convert UTF-16 to/from UTF-8 offsets.
-        * kjs/ustring.cpp: Change the shared empty string to have a unicode pointer that
-        is not null. The null string still has a null pointer. This prevents us from
-        passing a null through to the regular expression engine (which results in a null
-        error even when the string length is 0).
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Null-terminate the pattern and pass it.
-        (KJS::RegExp::match): Use the 16-bit string directly, no need to convert to UTF-8.
-
-2004-08-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed 28 Mozilla JavaScript tests
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Check for undefined rather than
-        checking the number of arguments for the join method.
-
-        * kjs/lexer.cpp: (Lexer::lex): Parse hexadecimal and octal constants in doubles rather
-        than integers, so we aren't limited to 32 bits.
-
-        * kjs/math_object.cpp: (MathFuncImp::call): Get rid of many unneeded special cases in
-        the implementation of the pow operation. Also simplied a case that was handling positive
-        and negative infinity separately.
-
-        * kjs/nodes.cpp: (ShiftNode::evaluate): Keep the result of shifts in a double instead of
-        putting them in a long, so that unsigned shift will work properly.
-
-        * kjs/number_object.cpp: Add the DontDelete and ReadOnly flags to the numeric constants.
-
-        * kjs/operations.cpp:
-        (KJS::isPosInf): Added an implementation inside APPLE_CHANGES that does not depend on the
-        sign of isinf; our isinf function returns +1 even for negative infinity.
-        (KJS::isNegInf): And again.
-        (KJS::relation): Put in a nice simple implementation of comparison inside APPLE_CHANGES.
-        Our floating point already handles the various infinity cases correctly.
-
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFuncImp::call): Add missing return before Null() in Exec method.
-        (RegExpObjectImp::arrayOfMatches): Put undefined rather than an empty string into the
-        array in cases where we did not match.
-        (RegExpObjectImp::construct): Set the DontDelete, ReadOnly, and DontEnum flags for
-        "global", "ignoreCase", "multiline", and "source".
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): For the match method, turn a null
-        string into undefined rather than an empty string. For the slice method, handle an
-        undefined parameter for the limit properly as decribed in the specification, and add
-        the limit to one case that didn't have the limit at all. For the methods that generate
-        HTML strings, use lowercase tags instead of uppercase.
-
-        * kjs/ustring.cpp:
-        (KJS::UChar::toLower): Use u_tolower from the ICU library.
-        (KJS::UChar::toUpper): Use u_toupper from the ICU library.
-        (KJS::UString::append): Fix some math that caused a buffer overflow.
-        (KJS::convertUTF16OffsetsToUTF8Offsets): Ignore negative numbers (-1 is used as a special
-        flag) rather than converting them all to 0.
-        (KJS::convertUTF8OffsetsToUTF16Offsets): Ditto.
-
-        * tests/mozilla/jsDriver.pl: Fixed the relative links to point to our actual test files.
-
-        * tests/mozilla/ecma/String/15.5.4.11-1.js: Fixed the Unicode table in this test to match
-        the Unicode specification in a few cases where it was wrong before.
-        * tests/mozilla/ecma/String/15.5.4.11-2.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.11-3.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.11-5.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.11-6.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-1.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-2.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-3.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-4.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-5.js: Ditto.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Link to libicu.
-
-        * kjs/number_object.lut.h: Regenerated.
-
-2004-08-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3753467> REGRESSION (137-138): reproducible buffer overrun in UString manipulation code
-
-        * kjs/ustring.cpp: (KJS::UString::append): Fix incorrect size computation. Without it
-        we get a buffer overflow.
-
-=== Safari-155 ===
-
-2004-08-05  Richard Williamson   <rjw@apple.com>
-
-        Fixed part of 3674747.  The QT guys need this for feature freeze.
-
-        This patch implements support for the
-
-        - (id)invokeUndefinedMethodFromWebScript:(NSString *)name withArguments:(NSArray *)args
-
-        method of objects bound to JavaScript.
-
-        Reviewed by John.
-
-        * ChangeLog:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcMethod::~ObjcMethod):
-        (KJS::Bindings::ObjcMethod::isFallbackMethod):
-        (KJS::Bindings::ObjcMethod::javaScriptName):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcMethod::ObjcMethod):
-        (ObjcMethod::getMethodSignature):
-        (ObjcMethod::setJavaScriptName):
-        * bindings/testbindings.mm:
-
-2004-08-04  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by mjs.
- 
-        - fix <rdar://problem/3649789> SAP WebGUI has problems loading first page because of parse error        
-
-        * kjs/lexer.cpp:
-        (Lexer::lex): if the current character is a '\' and the next character is a line terminator,
-        go to the next line and continue parsing the string (instead of failing).  This matches 
-        behavior in Mac IE and Mozilla.
-
-2004-08-03  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Darin.
-
-        Rolled in changes from the latest KJS sources that support additional 
-        Number.prototype functions. 
-
-        Specifically this patch covers the follow parts of the ECMA 3 spec:
-        15.7.4.5, 15.7.4.6, and 15.7.4.7 
-        
-        Fixes:
-        <rdar://problem/3663716> missing Number.toFixed (and toPrecision, toExponential)
-        <rdar://problem/3749492> missing Number.toPrecision prototype implementation
-        <rdar://problem/3749591> missing Number.toExponential prototype implementation
-
-        * kjs/identifier.h: Added toFixed, toPrecision, and toExponential to the
-        list of supported identifiers (a macro).
-        * kjs/number_object.cpp: Implemented support for toFixed(), toPrecision(),
-        and toExponential(). 
-        (NumberPrototypeImp::NumberPrototypeImp):
-        (NumberProtoFuncImp::call):
-        * kjs/number_object.h: Added property names for toFixed, toPrecision,
-        and toExponential. 
-        (KJS::NumberProtoFuncImp::):
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - added support for copying RegExp objects so 7 more Mozilla regexp tests pass
-
-        * kjs/regexp_object.cpp: (RegExpObjectImp::construct): Check for case where
-        we are supposed to just copy the regular expression object, and do so.
-        Also tighten up arguments check to handle case where an actual "undefined"
-        is passed rather than just omitting an argument.
-
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/.cvsignore: Added.
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed RegExp.toString so 3 more Mozilla regexp tests pass
-
-        * kjs/regexp_object.cpp: (RegExpProtoFuncImp::call):
-        Append the flags here so more tests paseed.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed a couple things making 5 Mozilla regexp tests pass
-
-        * kjs/regexp_object.cpp: (RegExpProtoFuncImp::call): Implement toString
-        for the prototype.
-        (RegExpObjectImp::construct): Fix bug where the string "undefined" would
-        be used as the flags string when no parameter was passed.
-
-        * kjs/regexp_object.h: (KJS::RegExpPrototypeImp::classInfo):
-        Added a class info object for RegExp prototype so it can return
-        a string instead of raising an exception when converting to a string.
-
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fix crashes in mozilla tests due to mishandling NaN
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Rerranged range checks after
-        calls to toInteger so that NaN will get turned into something that fits in an integer.
-        These were the ones John already fixed, but his fix used isnan and the new fix is
-        more efficient.
-
-        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Rearranged radix range checks
-        after a call to toInteger to handle NaN properly. Also removed separate check
-        for undefined that's not needed.
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): More of the same kinds of changes
-        as in the above two files, but for a lot more functions. Also changed one place with
-        an explicit check for undefined to instead just check isNaN.
-
-        * tests/mozilla/run-mozilla-tests: Changed to invoke jst using $SYMROOTS for people
-        like me who don't keep $SYMROOTS in their $PATH.
-
-=== Safari-154 ===
-
-=== Safari-153 ===
-
-2004-07-26  Kevin Decker  <kdecker@apple.com>
-
-        Changes done by Darin, reviewed by Kevin.
-
-        - changed testkjs to build in Xcode rather than from Makefile
-
-        * .cvsignore: Removed obsolete files from this list.
-        * Makefile.am: Removed code to build testkjs; we do this in Xcode now.
-        Changed to build target "All" rather than default target. This makes us
-        build the testkjs test tool.
-        * dummy.cpp: Removed.
-        * kjs/.cvsignore: Removed obsolete files from this list, including
-        the testkjs tool, which is now built in the symroots directory.
-        * kjs/testkjs.cpp: Added copyright notice that was missing, since we have
-        changed this file. Also this has the nice side effect of causing the tool
-        to be rebuilt in the new location even if there are no other changes in
-        your tree when you check this out.
-        * tests/mozilla/run-mozilla-tests: Invoke perl explicitly so this works
-        without setting the execute bit on jsDriver.pl.
-
-2004-07-22  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Darin
-        
-        Fixed <rdar://problem/3682340> (error console does not include source urls or line numbers of event exceptions). 
-
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/function_object.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::construct):
-        * kjs/object.h:
-        (KJS::Object::construct):
-
-2004-07-21  Darin Adler  <darin@apple.com>
-
-        * bindings/npruntime.h: Fixed typo.
-
-2004-07-19  John Sullivan  <sullivan@apple.com>
-
-        Reviewed by Maciej.
-        
-        - bulletproofed array.slice() against NAN arguments. Harri noticed this
-        vulnerability in my patch for 3714644
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-        handle NAN parameters passed to slice() by clamping to 0 and length.
-
-2004-07-19  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3733349.  Prevent Java applet callbacks into JavaScript after applet
-        has been destroyed.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::invoke):
-        (JSObject::JSObject):
-
-2004-07-16  John Sullivan  <sullivan@apple.com>
-
-        Reviewed by Maciej.
-        
-        - fixed <rdar://problem/3714644> REGRESSION (125.8-146): bugzilla submit link 
-        hangs browser with javascript
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-        Check for undefined type for args[0] the same way we were already checking
-        for args[1]. In this case, args was zero-length, but we were treating
-        args[0] like an integer anyway. Resulted in some code looping from a NAN
-        value to 4, taking approximately forever.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        version wars
-        
-=== Safari-152 ===
-
-2004-07-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        <rdar://problem/3711474>: (REGRESSION (125-146): JavaScript 'toString(16)' is broken)
-        <rdar://problem/3644873>: (REGRESSION (125-140u): secondary list doesn't fill in at Southwest.com)
-
-        * kjs/number_object.cpp:
-        (NumberProtoFuncImp::call): Initialize radix from dradix, not from itself!
-
-2004-07-13  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by kocienda.
-
-        - made testkjs and JavaScriptCore a subtarget of 'All'
-        - testkjs now builds in $SYMROOTS
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-=== Safari-151 ===
-
-2004-06-24  Chris Blumenberg  <cblu@apple.com>
-
-        Ignore .mode1 files in JavaScriptCore.pbproj
-
-        Reviewed by kocienda.
-
-        * JavaScriptCore.pbproj/.cvsignore:
-
-2004-06-23  Richard Williamson   <rjw@apple.com>
-
-        Implemented changes for latest npruntime.h.
-        
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (listFromVariantArgs):
-        (identiferFromNPIdentifier):
-        (_NPN_CreateScriptObject):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_RemoveProperty):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/c/c_utility.cpp:
-        (convertNPVariantToValue):
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-        (stringIdentifierEqual):
-        (stringIdentifierHash):
-        (getStringIdentifierDictionary):
-        (intIdentifierEqual):
-        (intIdentifierHash):
-        (getIntIdentifierDictionary):
-        (NPN_GetStringIdentifier):
-        (NPN_GetStringIdentifiers):
-        (NPN_GetIntIdentifier):
-        (NPN_IdentifierIsString):
-        (NPN_UTF8FromIdentifier):
-        (NPN_VariantToInt32):
-        (NPN_VariantToDouble):
-        (NPN_SetException):
-        * bindings/npruntime.h:
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::~RuntimeObjectImp):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::rootForInterpreter):
-        * bindings/testbindings.cpp:
-        (initializeIdentifiers):
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setBooleanValue):
-
-=== JavaScriptCore-146.1 ===
-
-2004-06-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3702287> Crash returning nil from bound ObjC
-
-        This turned out to be a show stopper for Dashboard.  Accessing a nil
-        ObjC property from JS caused a crash.  Similar to the problem
-        3696112 fixed below.
-        
-        Reviewed by Trey.
-
-        * bindings/objc/objc_runtime.mm:
-        (KJS::Bindings::ObjcField::valueFromInstance):
-
-=== Safari-146 ===
-
-2004-06-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3696112>: nil from an Objective-C class seems to get wrapped as a JavaScript proxy that will not print.
-
-        This turned out to be a show stopper for Dashboard.  We now
-        return Undefined() when nil is returned from a ObjC method
-        that returns an object type.
-        
-        Reviewed by Maciej.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-
-=== Safari-145 ===
-
-2004-06-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3695875>: Objective-C instances that are exported to JavaScript are too promiscuous
-
-        No longer need to check respondsToSelector: for
-        isSelectorExcludedFromWebScript: and isKeyExcludedFromWebScript:
-        because these now have a default implementation on NSObject.
-
-        Reviewed by Trey.
-
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-
-2004-06-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed some things for GC that Patrick missed, or that happened after the branch
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject dealloc]): Moved removeNativeReference call here from private object.
-        (-[WebScriptObject finalize]): Added.
-
-        - added some missing nil checks
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::ObjcInstance): Check for nil.
-        (ObjcInstance::~ObjcInstance): Check for nil.
-        (ObjcInstance::operator=): Check for nil.
-
-2004-06-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by me, code changes by Patrick Beard.
-
-        - fixed <rdar://problem/3671507>: (WebKit should adopt GC changes and compile with GC enabled)
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::ObjcInstance): Use CFRetain instead of retain.
-        (ObjcInstance::~ObjcInstance): Use CFRelease instead of release.
-        (ObjcInstance::operator=): More of the same.
-        (ObjcInstance::end): Use [pool drain] if compiling on Tiger.
-
-        * bindings/objc/objc_runtime.mm:
-        (ObjcArray::ObjcArray): Use CFRetain instead of retain.
-        (ObjcArray::~ObjcArray): Use CFRelease instead of release.
-        (ObjcArray::operator=): More of the same.
-
-        * bindings/testbindings.mm: Fixed incorrect license.
-        (main): Use [pool drain] if compiling on Tiger.
-
-=== Safari-144 ===
-
-2004-06-10  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by John.
-
-        * kjs/lexer.cpp: 
-        (Lexer::setCode):
-            - fixed <rdar://problem/3682398>: (error console line numbers are offset by 1)
-        * kjs/lexer.h:
-        (KJS::Lexer::lineNo):
-            - fixed <rdar://problem/3682398>: (error console line numbers are offset by 1)
-
-=== JavaScriptCore-143.2 ===
-
-2004-06-07  Darin Adler  <darin@apple.com>
-
-        - fixed <rdar://problem/3682489>: (JavaScriptGlue no longer compiles because Interpreter::evaluate parameters changed)
-
-        * kjs/interpreter.h: Added an overload to make JavaScriptGlue compile.
-        * kjs/interpreter.cpp: (KJS::Interpreter::evaluate): Implemented the overload.
-
-=== JavaScriptCore-143.1 ===
-
-2004-06-04  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Darin
-        
-        - fixed <rdar://problem/3680594>
-
-        * kjs/object.cpp:
-        (KJS::Error::create):
-
-=== Safari-143 ===
-
-2004-06-04  Darin Adler  <darin@apple.com>
-
-        * kjs/testkjs.cpp: (main): Fix build breakage by adding URL and line number parameters.
-
-2004-06-04  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Dave.
-
-        - ObjC bindings do not (yet) pass along sourceurl or line numbers
-        - we don't have a way as of yet to accomidate line numbers and urls for dynamic javascript
-        - changed the wording of an error message
-        - the lexer, parser, and interpreter have been made "sourceURL aware"
-        - stored the url into Error
-         
-        * bindings/NP_jsobject.cpp:
-        (NPN_Evaluate):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::eval):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject evaluateWebScript:]):
-        * kjs/function.cpp:
-        (GlobalFuncImp::call):
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (Parser::parse):
-        (InterpreterImp::checkSyntax):
-        (InterpreterImp::evaluate):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate):
-        * kjs/interpreter.h:
-        * kjs/lexer.cpp:
-        (Lexer::setCode):
-        * kjs/lexer.h:
-        (KJS::Lexer::sourceURL):
-        * kjs/nodes.cpp:
-        (Node::Node):
-        (Node::throwError):
-        (FunctionCallNode::evaluate):
-        * kjs/nodes.h:
-        * kjs/object.cpp:
-        (KJS::Error::create):
-        * kjs/object.h:
-
-2004-06-04  Richard Williamson   <rjw@apple.com>
-
-        Fixed crash when attempting to access properties on nil
-        object.
-        
-        Reviewed by John.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::getClass):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        * bindings/testM.js:
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface getString]):
-
-2004-05-27  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Ken.
-
-        -revised generated error message content
-        
-        * kjs/error_object.cpp:
-        (ErrorProtoFuncImp::call):
-        * kjs/internal.cpp:
-        (Parser::parse):
-        * kjs/object.cpp:
-        (KJS::Error::create):
-
-=== Safari-142 ===
-
-2004-05-27  Richard Williamson   <rjw@apple.com>
-
-        Renamed WebScriptMethods to WebScripting based on feedback from Nancy.
-
-        Reviewed by Chris.
-
-        * bindings/objc/WebScriptObject.h:
-
-2004-05-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - moved to new symlink technique for embedding frameworks
-
-        * JavaScriptCore.pbproj/project.pbxproj: Get rid of embed-frameworks build step
-        because we don't need it any more.
-
-2004-05-24  Richard Williamson   <rjw@apple.com>
-
-        Changed RuntimeArrayImp to inherit from ArrayInstanceImp and
-        fixed ClassInfo to correctly reflect inheritance.  This is required
-        because of the runtime checks in JSC for arrays, i.e. in
-        the Function objects apply method.
-
-        Reviewed by Ken.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::convertJObjectToArray):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::RuntimeArrayImp):
-        * bindings/runtime_array.h:
-        * bindings/testM.js: Added.
-        * bindings/testbindings.mm:
-        (+[MyFirstInterface webScriptNameForSelector:]):
-        (-[MyFirstInterface logMessages:]):
-        (-[MyFirstInterface logMessage:prefix:]):
-        (-[MyFirstInterface callJSObject::]):
-
-2004-05-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3664260>: (JS needs to listen to timezone change notifications)
-
-        * kjs/date_object.cpp: (CopyLocalTimeZone): As per Chris Kane and Jordan Hubbard, use <notify.h>
-        with a hardcoded string of "com.apple.system.timezone", and do CFTimeZoneResetSystem since
-        CoreFoundation doesn't do this itself. Turns out this affects the default time zone as long as
-        it hasn't been set explicitly.
-
-=== Safari-141 ===
-
-2004-05-20  Richard Williamson   <rjw@apple.com>
-
-        Implemented WebScriptObject/DOM wrapper voodoo.  DOM wrappers
-        can now be referenced like any other WebScriptObject, meaning
-        you can do JS operations on them.
-
-        All added implementation of finalizeForWebScript.
-
-        Reviewed by Ken.
-
-        * bindings/objc/WebScriptObject.h:
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject _initializeWithObjectImp:KJS::root:Bindings::]):
-        (-[WebScriptObject _initWithObjectImp:KJS::root:Bindings::]):
-        (-[WebScriptObject KJS::]):
-        (-[WebScriptObject dealloc]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::~ObjcInstance):
-
-2004-05-19  Richard Williamson   <rjw@apple.com>
-
-        Removed extraneous tabs that were added (by XCode?).
-
-        * bindings/objc/WebScriptObject.h:
-
-2004-05-19  Darin Adler  <darin@apple.com>
-
-        - fixed headers with licenses mangled by Xcode auto-indenting
-
-        * bindings/jni/jni_jsobject.cpp:
-        * bindings/jni/jni_jsobject.h:
-        * bindings/runtime_array.h:
-        * bindings/runtime_root.cpp:
-        * bindings/runtime_root.h:
-
-2004-05-18  Richard Williamson   <rjw@apple.com>
-
-        Added exception logging.  Also check for exception and
-        set results as appropriate.
-
-        Reviewed by Maciej (partially reviewed).
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-
-2004-05-18  Richard Williamson   <rjw@apple.com>
-
-        Finsished implementing support for windowScriptObject.
-        Had to make WebScriptObjectPrivate.h accessible from
-        WebCore.
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/objc/WebScriptObjectPrivate.h:
-
-2004-05-18  Richard Williamson   <rjw@apple.com>
-
-        Use KVC to set/get values instead of directly accessing
-        ivars.
-
-        Reviewed by Maciej.
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (convertValueToObjcObject):
-        (ObjcField::setValueToInstance):
-
-2004-05-17  Richard Williamson   <rjw@apple.com>
-
-        Implemented new API for WebScriptObject.
-
-        Fixed <rdar://problem/3657145>: (objc to javascript method calls do not cause updates.)
-        Fixed <rdar://problem/3654887>: (Update to JSC to refer to new JSObject LiveConnect object)  (w/ help from Vicki)
-
-        Reviewed by Hyatt.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::convertValueToJObject):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJNIField):
-        * bindings/objc/WebScriptObject.mm:
-        (_didExecute):
-        (-[WebScriptObject _initWithObjectImp:KJS::root:Bindings::]):
-        (-[WebScriptObject KJS::]):
-        (-[WebScriptObject dealloc]):
-        (+[WebScriptObject throwException:]):
-        (listFromNSArray):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        (+[WebUndefined undefined]):
-        (-[WebUndefined initWithCoder:]):
-        (-[WebUndefined encodeWithCoder:]):
-        (-[WebUndefined copyWithZone:]):
-        (-[WebUndefined retain]):
-        (-[WebUndefined release]):
-        (-[WebUndefined retainCount]):
-        (-[WebUndefined autorelease]):
-        (-[WebUndefined dealloc]):
-        (-[WebUndefined copy]):
-        (-[WebUndefined replacementObjectForPortCoder:]):
-        * bindings/objc/WebScriptObjectPrivate.h: Added.
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        * bindings/objc/objc_jsobject.h:
-        * bindings/objc/objc_jsobject.mm:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::JSMethodNameToObjCMethodName):
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.cpp:
-        (Instance::setDidExecuteFunction):
-        (Instance::didExecuteFunction):
-        (Instance::setValueOfField):
-        * bindings/runtime.h:
-        * bindings/testbindings.mm:
-        (+[MyFirstInterface webScriptNameForSelector:]):
-        (-[MyFirstInterface callJSObject::]):
-
-2004-05-14  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by mjs.
- 
-        <rdar://problem/3642427>: framework marketing number should be 2.0 for DoubleBarrel release
-
-        * JavaScriptCore.pbproj/project.pbxproj: change CFBundleShortVersionString to 2.0
-
-=== Safari-140 ===
-
-2004-05-13  Richard Williamson   <rjw@apple.com>
-
-        Fixed indentation.
-
-        Reviewed by Chris.
-
-        * ChangeLog:
-        * bindings/objc/WebScriptObject.h:
-
-2004-05-13  Richard Williamson   <rjw@apple.com>
-
-        Approved API changes.  Currently unimplemented.
-
-        Reviewed by Chris.
-
-        * ChangeLog:
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/objc/WebScriptObject.h: Added.
-        * bindings/objc/WebScriptObject.mm: Added.
-        (+[WebScriptObject throwException:]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject stringRepresentation]):
-        (+[WebUndefined undefined]):
-        (-[WebUndefined initWithCoder:]):
-        (-[WebUndefined encodeWithCoder:]):
-        (-[WebUndefined copyWithZone:]):
-
-2004-05-07  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by darin.
-
-        Turn off GC since it uses ppc only instructions (which breaks 
-        the B&I build).   
-    
-        * kjs/value.h: set USE_CONSERVATIVE_GC to 0
-
-=== Safari-139 ===
-
-2004-05-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - add -funroll-loops=16 compiler option for approx .5% speedup on
-        HTML iBench and .5-1% speedup on JS iBench.
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-2004-04-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        Enable full conservative GC mode in addition to test mode. When
-        conservative GC is enabled, we now get an 11% speed improvement on
-        the iBench. Also fix some spots I missed before.
-
-        Specific noteworth changes:
-        
-        * kjs/collector.cpp:
-        (KJS::Collector::markStackObjectsConservatively): Check possible
-        cell pointers for 8-byte aligment and verify they are not 0.
-
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::increaseProtectCount): Move null-tolerance from here...
-        (KJS::ProtectedValues::decreaseProtectCount): ...and here...
-        * kjs/protect.h:
-        (KJS::gcProtectNullTolerant): ...to here...
-        (KJS::gcUnprotectNullTolerant): ...and here, because not all callers need the null
-        tolerance, and doing the check is expensive.
-
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::computeHash): Replace hash function with a much faster one
-        that is still very good.
-
-        * kjs/protect.h:
-        (KJS::gcProtect):
-        (KJS::gcUnprotect):
-        (KJS::ProtectedValue::ProtectedValue):
-        (KJS::ProtectedValue::~ProtectedValue):
-        (KJS::ProtectedValue::operator=):
-        (KJS::ProtectedObject::ProtectedObject):
-        (KJS::ProtectedObject::~ProtectedObject):
-        (KJS::ProtectedObject::operator=):
-        (KJS::ProtectedReference::ProtectedReference):
-        (KJS::ProtectedReference::~ProtectedReference):
-        (KJS::ProtectedReference::operator=):
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::getProtectCount):
-        (KJS::ProtectedValues::increaseProtectCount):
-        (KJS::ProtectedValues::decreaseProtectCount):
-        (KJS::ProtectedValues::computeHash):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        (RootObject::removeAllNativeReferences):
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::~RootObject):
-        (KJS::Bindings::RootObject::setRootObjectImp):
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        * kjs/internal.cpp:
-        (NumberImp::create):
-        (InterpreterImp::globalInit):
-        (InterpreterImp::globalClear):
-        (InterpreterImp::mark):
-        * kjs/list.cpp:
-        (KJS::List::derefValues):
-        (KJS::List::refValues):
-        (KJS::List::append):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::setInternalValue):
-        (KJS::ObjectImp::putDirect):
-        * kjs/value.cpp:
-        (ValueImp::mark):
-        (ValueImp::marked):
-        * kjs/value.h:
-        (KJS::ValueImp::ValueImp):
-        (KJS::ValueImp::~ValueImp):
-        (KJS::ValueImp::):
-        (KJS::Value::Value):
-        (KJS::Value::~Value):
-        (KJS::Value::operator=):
-
-2004-04-30  Richard Williamson   <rjw@apple.com>
-
-        Asking an NSInvocation for it's return value when return type
-        is void throws an exception.  Added check for void return types
-        to avoid this exception.
-
-        Reviewed by Ken.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-
-2004-04-29  Richard Williamson   <rjw@apple.com>
-
-        Fixed several bad problems with the ObjC bindings.  In particular, conversion
-        to/from JavaScriptObject (soon to be WebScriptObject) was completely broken.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_jsobject.h:
-        * bindings/objc/objc_jsobject.mm:
-        (-[JavaScriptObject initWithObjectImp:KJS::root:Bindings::]):
-        (-[JavaScriptObject KJS::]):
-        (+[JavaScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        (-[JavaScriptObject call:arguments:]):
-        (-[JavaScriptObject evaluate:]):
-        (-[JavaScriptObject getMember:]):
-        (-[JavaScriptObject getSlot:]):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.h:
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::rootForInterpreter):
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        * bindings/runtime_root.h:
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface logMessage:]):
-        (-[MyFirstInterface setJSObject:]):
-        (-[MyFirstInterface callJSObject::]):
-
-2004-04-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        * kjs/ustring.cpp: (KJS::UString::append): Fix one case that was allocating a buffer
-        that is 2x too big.
-
-2004-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        Implementation of conservative GC, based partly on code from
-        Darin. It's turned off for now, so it shouldn't have any effect on
-        the normal build.
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::markProtectedObjects):
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        * kjs/protect.h:
-        (KJS::gcProtect):
-        (KJS::gcUnprotect):
-        * kjs/protected_values.cpp: Added.
-        (KJS::ProtectedValues::getProtectCount):
-        (KJS::ProtectedValues::increaseProtectCount):
-        (KJS::ProtectedValues::insert):
-        (KJS::ProtectedValues::decreaseProtectCount):
-        (KJS::ProtectedValues::expand):
-        (KJS::ProtectedValues::shrink):
-        (KJS::ProtectedValues::rehash):
-        (KJS::ProtectedValues::computeHash):
-        * kjs/protected_values.h: Added.
-        * kjs/value.cpp:
-        (ValueImp::useConservativeMark):
-        (ValueImp::mark):
-        (ValueImp::marked):
-        * kjs/value.h:
-        (KJS::ValueImp::):
-
-=== Safari-138 ===
-
-2004-04-22  Richard Williamson   <rjw@apple.com>
-
-        Fixed build snafu (re-declaration of NPBool in npruntime.h and
-        npapi.h).
-
-        * bindings/npruntime.h:
-
-2004-04-22  Richard Williamson   <rjw@apple.com>
-
-        Updated plugin binding API to reflect latest revision from
-        working group.
-        
-        Biggest change is the introduction of NPVariant used to represent
-        value types.  NPVariant replaces the use of NPObject for the
-        exchange of values between scripting environment and native code.
-
-        Reviewed by John.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (identiferFromNPIdentifier):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_ToString):
-        (NPN_GetPropertyAtIndex):
-        (NPN_SetPropertyAtIndex):
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        (CInstance::defaultValue):
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        * bindings/c/c_utility.cpp:
-        (convertNPStringToUTF16):
-        (convertUTF8ToUTF16):
-        (coerceValueToNPVariantStringType):
-        (convertValueToNPVariant):
-        (convertNPVariantToValue):
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-        (NPN_GetIdentifier):
-        (NPN_GetIdentifiers):
-        (NPN_UTF8FromIdentifier):
-        (NPN_VariantIsVoid):
-        (NPN_VariantIsNull):
-        (NPN_VariantIsUndefined):
-        (NPN_VariantIsBool):
-        (NPN_VariantIsInt32):
-        (NPN_VariantIsDouble):
-        (NPN_VariantIsString):
-        (NPN_VariantIsObject):
-        (NPN_VariantToBool):
-        (NPN_VariantToString):
-        (NPN_VariantToInt32):
-        (NPN_VariantToDouble):
-        (NPN_VariantToObject):
-        (NPN_InitializeVariantAsVoid):
-        (NPN_InitializeVariantAsNull):
-        (NPN_InitializeVariantAsUndefined):
-        (NPN_InitializeVariantWithBool):
-        (NPN_InitializeVariantWithInt32):
-        (NPN_InitializeVariantWithDouble):
-        (NPN_InitializeVariantWithString):
-        (NPN_InitializeVariantWithStringCopy):
-        (NPN_InitializeVariantWithObject):
-        (NPN_InitializeVariantWithVariant):
-        (NPN_ReleaseVariantValue):
-        (NPN_CreateObject):
-        (NPN_RetainObject):
-        (NPN_ReleaseObject):
-        (NPN_IsKindOfClass):
-        (NPN_SetExceptionWithUTF8):
-        (NPN_SetException):
-        * bindings/npruntime.h:
-        (_NPString::):
-        (_NPString::_NPVariant::):
-        * bindings/testbindings.cpp:
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setStringValue):
-        (setBooleanValue):
-        (getDoubleValue):
-        (getIntValue):
-        (getStringValue):
-        (getBooleanValue):
-        (myGetProperty):
-        (mySetProperty):
-        (myInvoke):
-        (myAllocate):
-
-2004-04-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3627473>: "REGRESSION (125-137): memory trasher in UString::append, causing many different crashes"
-
-        * kjs/ustring.cpp:
-        (KJS::UString::expandCapacity): Fix sizeof(UChar *) that should be sizeof(UChar).
-        Was resulting in a buffer 2x the needed size.
-        (KJS::UString::expandPreCapacity): Ditto.
-        (KJS::UString::append): Fix malloc that is missing a sizeof(UChar).
-
-2004-04-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        Preliminary change for conservative GC. Create "protected"
-        subclasses to GC-protect objects when on heap, since we will soon
-        remove the built-in refcounting of the normal wrapper classes. Use
-        them where needed.
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/context.h:
-        * kjs/internal.h:
-        (KJS::InterpreterImp::globalObject):
-        * kjs/interpreter.h:
-        * kjs/property_map.cpp:
-        * kjs/reference.h:
-        * kjs/reference_list.cpp:
-
-2004-04-19  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dave.
-
-        Optimize prepend using the shared substring optimization. Also,
-        limit the applicability of shared append and shared prepend. If
-        you overdo it, it does more harm than good, because you create a
-        bunch of strings that are disqualified from future shared
-        append/prepend, for not much immediate savings in allocate/copy
-        expense.
-        
-        * kjs/ustring.cpp:
-        (KJS::):
-        (KJS::UString::Rep::create):
-        (KJS::UString::expandedSize):
-        (KJS::UString::usedPreCapacity):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::expandPreCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::data):
-
-2004-04-16  Maciej Stachowiak  <mjs@apple.com>
-        Reviewed by Richard.
-
-        No more need for Completion or Reference to privately inherit from
-        Value, none of the superclass functionality is used.
-
-        * kjs/completion.h:
-        * kjs/reference.h:
-
-=== Safari-137 ===
-
-2004-04-16  Richard Williamson   <rjw@apple.com>
-
-        Added interpreter lock protection around object creation.
-
-        Reviewed by Chris.
-
-        * bindings/runtime.cpp:
-        (Instance::createRuntimeObject):
-
-2004-04-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-        Another JavaScript speed improvement: use the mechanism from
-        string append optimization to make taking a substring fast, again
-        sharing the buffer.
-
-        A further 22% improvement on the 24fun string speed test.
-        
-        * kjs/ustring.cpp:
-        (KJS::):
-        (KJS::UString::Rep::create):
-        (KJS::UString::UString):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        (KJS::UString::substr):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::data):
-
-2004-04-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - fixed <rdar://problem/3600695>: String manipulation in JavaScript 24fun test is very slow (slow)
-        - fixed <rdar://problem/3600691>: Table generation test is really slow
-        - fixed <rdar://problem/3600661>: 24fun date test is really slow
-
-        80% speedup on the string test, lesser speedups on the other two.
-        
-        Two different optimizations here:
-
-        1) Avoid large overhead of scanning strings to see if they are all
-        ASCII before numeric conversion.
-        
-        * kjs/nodes.cpp:
-        (AssignNode::evaluate): Don't convert to integer until we know for
-        sure the operation will need it. Attempting to convert strings to
-        numbers is a waste when they are being appended with +=.
-
-        2) Avoid huge cost of appending strings.
-
-        This is done by allowing multiple strings to share a buffer but
-        actually use different ranges of it. The first time a string is
-        appended to, we start leaving at least 10% extra space in the
-        buffer, so doing N appends to the same string takes O(log N)
-        mallocs instead of O(N).
-        
-        * kjs/identifier.cpp:
-        (KJS::Identifier::equal):
-        (KJS::Identifier::add):
-        * kjs/ustring.cpp:
-        (KJS::):
-        (KJS::UCharReference::operator=):
-        (KJS::UCharReference::ref):
-        (KJS::UString::Rep::create):
-        (KJS::UString::Rep::destroy):
-        (KJS::UString::expandedSize):
-        (KJS::UString::usedCapacity):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::null):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        (KJS::UString::toStrictUInt32):
-        (KJS::UString::detach):
-        (KJS::KJS::operator==):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::data):
-        (KJS::UString::Rep::hash):
-
-2004-04-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fix deployment build by avoiding deployment-only warning.
-
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::bottom):
-
-2004-04-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        Changed things so that newly created objects get a prototype based
-        on the scope chain of the current function, rather than the
-        interpreter that started execution. This fixes the following bugs:
-        
-        <rdar://problem/3368523>: ARCH: wrong prototype used to create new objects (hang on lookup.atomica.com)
-        <rdar://problem/3559173>: ARCH: Cannot scan using a HP Jetdirect product (JS object prototypes bind incorrectly)
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/array_object.cpp:
-        (CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
-        (ArrayProtoFuncImp::ArrayProtoFuncImp):
-        (ArrayProtoFuncImp::call):
-        (ArrayObjectImp::construct):
-        * kjs/bool_object.cpp:
-        (BooleanObjectImp::construct):
-        * kjs/date_object.cpp:
-        (DateProtoFuncImp::DateProtoFuncImp):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        * kjs/error_object.cpp:
-        (ErrorObjectImp::construct):
-        * kjs/function.cpp:
-        (FunctionImp::FunctionImp):
-        (FunctionImp::call):
-        (DeclaredFunctionImp::construct):
-        (ArgumentsImp::ArgumentsImp):
-        (GlobalFuncImp::call):
-        * kjs/function_object.cpp:
-        (FunctionProtoFuncImp::call):
-        (FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (BooleanImp::toObject):
-        (StringImp::toObject):
-        (NumberImp::toObject):
-        (InterpreterImp::InterpreterImp):
-        (InterpreterImp::clear):
-        (InterpreterImp::interpreterWithGlobalObject):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (ExecState::lexicalInterpreter):
-        * kjs/interpreter.h:
-        (KJS::ExecState::dynamicInterpreter):
-        (KJS::ExecState::interpreter):
-        * kjs/math_object.cpp:
-        (MathFuncImp::MathFuncImp):
-        * kjs/nodes.cpp:
-        (StatementNode::hitStatement):
-        (StatementNode::abortStatement):
-        (RegExpNode::evaluate):
-        (ElementNode::evaluate):
-        (ArrayNode::evaluate):
-        (ObjectLiteralNode::evaluate):
-        (PropertyValueNode::evaluate):
-        (FunctionCallNode::evaluate):
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::evaluate):
-        * kjs/number_object.cpp:
-        (NumberObjectImp::construct):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::defaultValue):
-        (KJS::Error::create):
-        * kjs/object_object.cpp:
-        (ObjectObjectImp::construct):
-        * kjs/reference.cpp:
-        (Reference::putValue):
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFuncImp::call):
-        (RegExpObjectImp::arrayOfMatches):
-        (RegExpObjectImp::construct):
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::bottom):
-        * kjs/scope_chain.h:
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::StringProtoFuncImp):
-        (StringProtoFuncImp::call):
-        (StringObjectImp::construct):
-
-=== Safari-136 ===
-
-=== Safari-135 ===
-
-2004-03-31  Richard Williamson   <rjw@apple.com>
-
-        Tedious renames based on feedback from plugin-futures list.
-        NP_ functions are renamed with NPN_ prefix.
-        Types prefix renamed from NP_ to NP.
-        NPN_CreateStringWithUTF8 and NPN_SetExceptionWithUTF8 now take a length, optionally -1 if string is null terminated. 
-        
-        No review because this was just a renaming patch.
-
-        * bindings/NP_jsobject.cpp:
-        (listFromNPArray):
-        (jsAllocate):
-        (identiferFromNPIdentifier):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_RemoveProperty):
-        (NPN_ToString):
-        (NPN_GetPropertyAtIndex):
-        (NPN_SetPropertyAtIndex):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.cpp:
-        (CClass::_commonInit):
-        (CClass::classForIsA):
-        (CClass::CClass):
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::~CInstance):
-        (CInstance::operator=):
-        (CInstance::invokeMethod):
-        (CInstance::defaultValue):
-        * bindings/c/c_instance.h:
-        (KJS::Bindings::CInstance::getObject):
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        * bindings/c/c_runtime.h:
-        (KJS::Bindings::CField::CField):
-        (KJS::Bindings::CField::name):
-        (KJS::Bindings::CMethod::CMethod):
-        (KJS::Bindings::CMethod::name):
-        * bindings/c/c_utility.cpp:
-        (coerceValueToNPString):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-        (NPN_IdentifierFromUTF8):
-        (NPN_IsValidIdentifier):
-        (NPN_GetIdentifiers):
-        (NPN_UTF8FromIdentifier):
-        (NPN_CreateObject):
-        (NPN_RetainObject):
-        (NPN_ReleaseObject):
-        (NPN_IsKindOfClass):
-        (NPN_SetExceptionWithUTF8):
-        (NPN_SetException):
-        (numberAllocate):
-        (NPN_CreateNumberWithInt):
-        (NPN_CreateNumberWithFloat):
-        (NPN_CreateNumberWithDouble):
-        (NPN_IntFromNumber):
-        (NPN_FloatFromNumber):
-        (NPN_DoubleFromNumber):
-        (stringAllocate):
-        (NPN_CreateStringWithUTF8):
-        (NPN_CreateStringWithUTF16):
-        (NPN_DeallocateUTF8):
-        (NPN_UTF8FromString):
-        (NPN_UTF16FromString):
-        (NPN_StringLength):
-        (booleanAllocate):
-        (NPN_CreateBoolean):
-        (NPN_BoolFromBoolean):
-        (nullAllocate):
-        (NPN_GetNull):
-        (undefinedAllocate):
-        (NPN_GetUndefined):
-        (arrayAllocate):
-        (arrayDeallocate):
-        (NPN_CreateArray):
-        (NPN_CreateArrayV):
-        (NPN_ObjectAtIndex):
-        * bindings/npruntime.h:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/testbindings.cpp:
-        (initializeIdentifiers):
-        (myHasProperty):
-        (myHasMethod):
-        (myGetProperty):
-        (mySetProperty):
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setStringValue):
-        (setBooleanValue):
-        (getDoubleValue):
-        (getIntValue):
-        (getStringValue):
-        (getBooleanValue):
-        (myInvoke):
-        (myAllocate):
-        (myInvalidate):
-        (myDeallocate):
-        (main):
-
-2004-03-31  Richard Williamson   <rjw@apple.com>
-
-        Changed references to NP_runtime.h to npruntime.h
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.h:
-        * bindings/c/c_runtime.h:
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-
-2004-03-31  Richard Williamson   <rjw@apple.com>
-
-        Renamed NP_runtime.h to npruntime.h to match Netscape SDK.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.h:
-        * bindings/npruntime.cpp:
-
-=== Safari-134 ===
-
-2004-03-23  Richard Williamson   <rjw@apple.com>
-
-        Added implementation of KJS::Value <-> NP_Object conversion functions.
-        Augmented test program for 'C' bindings.
-        Added asserts and parameter checking to all public API.        
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (NP_ToString):
-        * bindings/NP_jsobject.h: Added.
-        * bindings/NP_runtime.cpp:
-        (NP_IdentifierFromUTF8):
-        (NP_IsValidIdentifier):
-        (NP_GetIdentifiers):
-        (NP_CreateObject):
-        (NP_RetainObject):
-        (NP_ReleaseObject):
-        (NP_IsKindOfClass):
-        (NP_SetExceptionWithUTF8):
-        (NP_SetException):
-        (NP_IntFromNumber):
-        (NP_FloatFromNumber):
-        (NP_DoubleFromNumber):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_DeallocateUTF8):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        (NP_StringLength):
-        (NP_BoolFromBoolean):
-        * bindings/NP_runtime.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/c/c_utility.cpp:
-        (coerceValueToNPString):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        * bindings/c/c_utility.h:
-        * bindings/test.js:
-        * bindings/testC.js: Added.
-        * bindings/testbindings.cpp:
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setStringValue):
-        (setBooleanValue):
-        (getDoubleValue):
-        (getIntValue):
-        (getStringValue):
-        (getBooleanValue):
-        (myInterfaceInvoke):
-        (myInterfaceAllocate):
-
-=== Safari-133 ===
-
-2004-03-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed problem with methods like setUTCHour
-
-        * kjs/date_object.cpp: (DateProtoFuncImp::call): Fix conversion back to time_t to use the appropriate
-        GMT vs. local time function based on the utc flag.
-
-2004-03-17  Richard Williamson   <rjw@apple.com>
-
-        Added a context parameter to result callbacks use by JavaScriptObject functions.  This was a change requested by Eric Carlson on the QT plugin team.
-
-        Reviewed by Ken.
-
-        * bindings/NP_jsobject.cpp:
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        * bindings/NP_runtime.h:
-
-2004-03-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3590169.  Regression (crash) caused by the switch to MethodLists.  Crash when attempting to invoke a method from JavaScript to Java that is not implemented.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodsNamed):
-
-2004-03-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3570854.  Don't attempt to convert Null to strings.  We
-        were incorrectly converting to "Null".
-
-        Actually fixed by Scott Kovatch.
-
-        Reviewed by Richard.
-
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-
-=== Safari-132 ===
-
-2004-03-11  Richard Williamson   <rjw@apple.com>
-
-        Stitched together the NP stuff to our language independent
-        JavaScript binding stuff.  Very close to being done.
-        
-        Added program to test C bindings (and NP stuff).  Just tests
-        properties.  Will add methods and JavaScript access, etc.
-
-        Updated Makefile.am to account for new bindings/c directory.
-
-        Change NP_UTF8 from "const char *" to "char" to allow for
-        declarations like "const NP_UTF8 *" and "NP_UTF8 *".  Ditto
-        for NP_UTF16.
-
-        Added NP_IsValidIdentifier().
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/NP_jsobject.cpp:
-        (identiferFromNPIdentifier):
-        (NP_Evaluate):
-        * bindings/NP_runtime.cpp:
-        (NP_IdentifierFromUTF8):
-        (NP_IsValidIdentifier):
-        (NP_GetIdentifiers):
-        (NP_UTF8FromIdentifier):
-        (NP_SetExceptionWithUTF8):
-        (NP_SetException):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        * bindings/NP_runtime.h:
-        * bindings/c/c_class.cpp: Added.
-        (CClass::_commonDelete):
-        (CClass::_commonCopy):
-        (CClass::_commonInit):
-        (_createClassesByIsAIfNecessary):
-        (CClass::classForIsA):
-        (CClass::CClass):
-        (CClass::name):
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h: Added.
-        (KJS::Bindings::CClass::~CClass):
-        (KJS::Bindings::CClass::CClass):
-        (KJS::Bindings::CClass::operator=):
-        (KJS::Bindings::CClass::constructorAt):
-        (KJS::Bindings::CClass::numConstructors):
-        * bindings/c/c_instance.cpp: Added.
-        (CInstance::CInstance):
-        (CInstance::~CInstance):
-        (CInstance::operator=):
-        (CInstance::getClass):
-        (CInstance::begin):
-        (CInstance::end):
-        (CInstance::invokeMethod):
-        (CInstance::defaultValue):
-        (CInstance::stringValue):
-        (CInstance::numberValue):
-        (CInstance::booleanValue):
-        (CInstance::valueOf):
-        * bindings/c/c_instance.h: Added.
-        (KJS::Bindings::CInstance::getObject):
-        * bindings/c/c_runtime.cpp: Added.
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        * bindings/c/c_runtime.h: Added.
-        (KJS::Bindings::CField::CField):
-        (KJS::Bindings::CField::name):
-        (KJS::Bindings::CField::type):
-        (KJS::Bindings::CMethod::CMethod):
-        (KJS::Bindings::CMethod::name):
-        (KJS::Bindings::CMethod::numParameters):
-        * bindings/c/c_utility.cpp: Added.
-        (coerceValueToNPValueType):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        * bindings/c/c_utility.h: Added.
-        * bindings/make_testbindings:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::):
-        * bindings/testbindings.cpp: Added.
-        (initializeIdentifiers):
-        (myInterfaceHasProperty):
-        (myInterfaceHasMethod):
-        (myInterfaceGetProperty):
-        (myInterfaceSetProperty):
-        (myInterfaceInvoke):
-        (myInterfaceAllocate):
-        (myInterfaceInvalidate):
-        (myInterfaceDeallocate):
-        (GlobalImp::className):
-        (readJavaScriptFromFile):
-        (main):
-
-2004-03-10  Richard Williamson   <rjw@apple.com>
-
-        Made changes to support new asychronous approach to calls from
-        plugin to JavaScript
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        * bindings/NP_runtime.h:
-        * bindings/make_testbindings:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-
-2004-03-10  Richard Williamson   <rjw@apple.com>
-
-        Updated header to include proposed changes from
-        plugin-futures list.  Calls from plugin to JavaScript
-        are now asynchronous.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.h:
-
-=== Safari-131 ===
-
-2004-03-04  Richard Williamson   <rjw@apple.com>
-
-        Implementation of NP_JavaScriptObject.  This is the 'C' class
-        that wraps a JavaScript object.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp: Added.
-        (coerceValueToNPValueType):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        (listFromNPArray):
-        (jsAllocate):
-        (jsDeallocate):
-        (identiferFromNPIdentifier):
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_SetProperty):
-        (NP_RemoveProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        (NP_SetPropertyAtIndex):
-        * bindings/NP_runtime.cpp:
-        (NP_ObjectAtIndex):
-        * bindings/NP_runtime.h:
-        * bindings/runtime_object.h:
-
-2004-03-04  Richard Williamson   <rjw@apple.com>
-
-        Added NP_Array implementation.  
-
-        Changed NP_Boolean to just depend on two static instances, no
-        space is required for values.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (NP_CreateBoolean):
-        (NP_BoolFromBoolean):
-        (arrayAllocate):
-        (arrayDeallocate):
-        (NP_CreateArray):
-        (NP_CreateArrayV):
-        (NP_ObjectAtIndex):
-        * bindings/NP_runtime.h:
-
-2004-03-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Vicki.
-
-        * English.lproj/InfoPlist.strings: Removed. No need to localize the version and
-        copyright string, and that's all that was in here.
-        * JavaScriptCore.pbproj/project.pbxproj: Removed InfoPlist.strings from build.
-
-2004-03-03  Richard Williamson   <rjw@apple.com>
-
-        More 'C' binding implementation.  Fleshed out all the
-        'primitive' data types.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (NP_ReleaseObject):
-        (numberAllocate):
-        (stringAllocate):
-        (stringDeallocate):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        (NP_StringLength):
-        (booleanAllocate):
-        (booleanDeallocate):
-        (NP_CreateBoolean):
-        (NP_BoolFromBoolean):
-        (nullAllocate):
-        (nullDeallocate):
-        (NP_GetNull):
-        (undefinedAllocate):
-        (undefinedDeallocate):
-        (NP_GetUndefined):
-        * bindings/NP_runtime.h:
-
-2004-03-03  Richard Williamson   <rjw@apple.com>
-
-        More 'C' binding implementation.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (identifierEqual):
-        (identifierHash):
-        (getIdentifierDictionary):
-        (NP_IdentifierFromUTF8):
-        (NP_UTF8FromIdentifier):
-        (NP_CreateObject):
-        (NP_ReleaseObject):
-        (NP_IsKindOfClass):
-        (numberCreate):
-        (NP_CreateNumberWithInt):
-        (NP_CreateNumberWithFloat):
-        (NP_CreateNumberWithDouble):
-        (NP_IntFromNumber):
-        (NP_FloatFromNumber):
-        (NP_DoubleFromNumber):
-        * bindings/NP_runtime.h:
-
-2004-03-02  Richard Williamson   <rjw@apple.com>
-
-        Removed retain/release from NP_Class.  Classes will not be allowed to implement their
-        own customer retain/release scheme.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (NP_RetainObject):
-        (NP_ReleaseObject):
-        * bindings/NP_runtime.h:
-
-2004-03-02  Richard Williamson   <rjw@apple.com>
-
-        C binding API.  Partial implementation.
-
-        Completed ObjectiveC bindings (not based on the C API).  These will re-implemented over the C binding API, but I wanted to get this code in the tree.
-
-        Factored root object reference counting scheme.  It is now useful independent
-        of LiveConnect.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_runtime.cpp: Added.
-        (NP_IdentifierFromUTF8):
-        (NP_GetIdentifiers):
-        (NP_UTF8FromIdentifier):
-        (NP_CreateObject):
-        (NP_RetainObject):
-        (NP_ReleaseObject):
-        (NP_IsKindOfClass):
-        (NP_SetException):
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_SetProperty):
-        (NP_RemoveProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        (NP_SetPropertyAtIndex):
-        (NP_CreateNumberWithInt):
-        (NP_CreateNumberWithFloat):
-        (NP_CreateNumberWithDouble):
-        (NP_IntFromNumber):
-        (NP_FloatFromNumber):
-        (NP_DoubleFromNumber):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        (NP_CreateBoolean):
-        (NP_BoolFromBoolean):
-        (NP_GetNull):
-        (NP_GetUndefined):
-        (NP_CreateArray):
-        (NP_CreateArrayV):
-        (NP_ObjectAtIndex):
-        * bindings/NP_runtime.h: Added.
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::invoke):
-        (JSObject::finalize):
-        (JSObject::createNative):
-        (JSObject::convertValueToJObject):
-        * bindings/jni/jni_jsobject.h:
-        * bindings/objc/objc_jsobject.h:
-        * bindings/objc/objc_jsobject.mm:
-        (rootForView):
-        (windowJavaScriptObject):
-        (-[JavaScriptObject initWithObjectImp:KJS::root:Bindings::]):
-        (-[JavaScriptObject dealloc]):
-        (-[JavaScriptObject _convertValueToObjcValue:KJS::]):
-        (-[JavaScriptObject call:arguments:]):
-        (-[JavaScriptObject evaluate:]):
-        (-[JavaScriptObject getMember:]):
-        (-[JavaScriptObject setMember:value:]):
-        (-[JavaScriptObject removeMember:]):
-        (-[JavaScriptObject toString]):
-        (-[JavaScriptObject getSlot:]):
-        (-[JavaScriptObject setSlot:value:]):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        * bindings/runtime_root.cpp: Added.
-        (getReferencesByRootDictionary):
-        (getReferencesDictionary):
-        (KJS::Bindings::findReferenceDictionary):
-        (KJS::Bindings::rootForImp):
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        (completedJavaScriptAccess):
-        (initializeJavaScriptAccessLock):
-        (lockJavaScriptAccess):
-        (unlockJavaScriptAccess):
-        (RootObject::dispatchToJavaScriptThread):
-        (performJavaScriptAccess):
-        (RootObject::setFindRootObjectForNativeHandleFunction):
-        (RootObject::removeAllNativeReferences):
-        * bindings/runtime_root.h: Added.
-        (KJS::Bindings::RootObject::RootObject):
-        (KJS::Bindings::RootObject::~RootObject):
-        (KJS::Bindings::RootObject::setRootObjectImp):
-        (KJS::Bindings::RootObject::rootObjectImp):
-        (KJS::Bindings::RootObject::setInterpreter):
-        (KJS::Bindings::RootObject::interpreter):
-        (KJS::Bindings::RootObject::findRootObjectForNativeHandleFunction):
-        (KJS::Bindings::RootObject::runLoop):
-        (KJS::Bindings::RootObject::performJavaScriptSource):
-
-=== Safari-130 ===
-
-=== Safari-129 ===
-
-2004-02-18  Richard Williamson   <rjw@apple.com>
-
-        Added NSNumber/Number conversion.
-
-        Removed some unnecessary KJS:: namespace specifiers.
-
-        Reviewed by Ken.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime_array.h:
-
-2004-02-18  Richard Williamson   <rjw@apple.com>
-
-        Added support for export NSArrays.
-
-        Updated valueAt() to take an ExecState so we can throw
-        JS exceptions.
-
-        Implemented excludeSelectorFromJavaScript: in ObjcClass.  This allows
-        ObjectiveC classes to control the visibility of their methods in 
-        JavaScript.
-
-        Reviewed by Ken.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        (JavaArray::valueAt):
-        * bindings/jni/jni_runtime.h:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcArray::getObjcArray):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        (ObjcArray::ObjcArray):
-        (ObjcArray::~ObjcArray):
-        (ObjcArray::operator=):
-        (ObjcArray::setValueAt):
-        (ObjcArray::valueAt):
-        (ObjcArray::getLength):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.cpp:
-        (Instance::getValueOfField):
-        * bindings/runtime.h:
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::get):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-
-2004-02-17  Richard Williamson   <rjw@apple.com>
-
-        Added String <-> NSString conversion.
-        Added tests of String <-> NSString conversion to test program.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/test.js:
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface getString]):
-
-2004-02-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Tweak build styles a bit, fixing OptimizedWithSymbols,
-        and removing redundant settings of things that match defaults in other build styles.
-
-2004-02-13  Richard Williamson   <rjw@apple.com>
-
-        Work towards the JavaScript ObjC bindings.  The bindings now work for 
-        simple scalar types.  testbindings.mm is an illustration of how the 
-        bindings work.
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodsNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaMethod::returnType):
-        * bindings/make_testbindings: Added.
-        * bindings/objc/objc_class.h: Added.
-        (KJS::Bindings::ObjcClass::~ObjcClass):
-        (KJS::Bindings::ObjcClass::ObjcClass):
-        (KJS::Bindings::ObjcClass::operator=):
-        (KJS::Bindings::ObjcClass::constructorAt):
-        (KJS::Bindings::ObjcClass::numConstructors):
-        * bindings/objc/objc_class.mm: Added.
-        (ObjcClass::_commonDelete):
-        (ObjcClass::_commonCopy):
-        (ObjcClass::_commonInit):
-        (_createClassesByIsAIfNecessary):
-        (ObjcClass::classForIsA):
-        (ObjcClass::ObjcClass):
-        (ObjcClass::name):
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        * bindings/objc/objc_header.h: Added.
-        * bindings/objc/objc_instance.h: Added.
-        (KJS::Bindings::ObjcInstance::getObject):
-        * bindings/objc/objc_instance.mm: Added.
-        (ObjcInstance::ObjcInstance):
-        (ObjcInstance::~ObjcInstance):
-        (ObjcInstance::operator=):
-        (ObjcInstance::begin):
-        (ObjcInstance::end):
-        (ObjcInstance::getClass):
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::defaultValue):
-        (ObjcInstance::stringValue):
-        (ObjcInstance::numberValue):
-        (ObjcInstance::booleanValue):
-        (ObjcInstance::valueOf):
-        * bindings/objc/objc_jsobject.h: Added.
-        * bindings/objc/objc_jsobject.mm: Added.
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcField::~ObjcField):
-        (KJS::Bindings::ObjcField::ObjcField):
-        (KJS::Bindings::ObjcField::operator=):
-        (KJS::Bindings::ObjcMethod::ObjcMethod):
-        (KJS::Bindings::ObjcMethod::~ObjcMethod):
-        (KJS::Bindings::ObjcMethod::operator=):
-        * bindings/objc/objc_runtime.mm: Added.
-        (ObjcMethod::ObjcMethod):
-        (ObjcMethod::name):
-        (ObjcMethod::numParameters):
-        (ObjcMethod::getMethodSignature):
-        (ObjcField::ObjcField):
-        (ObjcField::name):
-        (ObjcField::type):
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        * bindings/objc/objc_utility.h: Added.
-        (KJS::Bindings::):
-        * bindings/objc/objc_utility.mm: Added.
-        (KJS::Bindings::JSMethodNameToObjCMethodName):
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        (KJS::Bindings::objcValueTypeForType):
-        * bindings/runtime.cpp:
-        (MethodList::MethodList):
-        (MethodList::operator=):
-        (Instance::setValueOfField):
-        (Instance::createBindingForLanguageInstance):
-        (Instance::createRuntimeObject):
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::RuntimeMethodImp):
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::call):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::hasProperty):
-        * bindings/test.js: Added.
-        * bindings/testbindings.mm: Added.
-        (-[MySecondInterface init]):
-        (-[MyFirstInterface init]):
-        (-[MyFirstInterface dealloc]):
-        (+[MyFirstInterface JavaScriptNameForSelector:]):
-        (-[MyFirstInterface getInt]):
-        (-[MyFirstInterface setInt:]):
-        (-[MyFirstInterface getMySecondInterface]):
-        (-[MyFirstInterface logMessage:]):
-        (GlobalImp::className):
-        (readJavaScriptFromFile):
-        (main):
-
-=== Safari-128 ===
-
-2004-02-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed things seen in the profile, for a total speedup of 4% on cvs-base (including changes across all projects)
-
-        * JavaScriptCorePrefix.h: Add a workaround for a bug in our system headers that prevents the <ctype.h>
-        macros from working right in C++ code that uses the <cctype> header.
-
-        * kjs/ustring.cpp:
-        (KJS::inlineUTF8SequenceLengthNonASCII): Added.
-        (KJS::UTF8SequenceLengthNonASCII): Added.
-        (KJS::inlineUTF8SequenceLength): Added.
-        (KJS::UTF8SequenceLength): Calls inlineUTF8SequenceLengthNonASCII now.
-        (KJS::decodeUTF8Sequence): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
-        (KJS::createSortedOffsetsArray): Add special case for 1, 2, and 3 offsets, so we don't do qsort for those.
-        (KJS::convertUTF16OffsetsToUTF8Offsets): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
-        (KJS::convertUTF8OffsetsToUTF16Offsets): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
-
-        - fixed the test program so it won't hit the interpreter lock assertion
-
-        * kjs/testkjs.cpp: (main): Just lock around the whole thing, since the test is singly threaded.
-
-=== Safari-127 ===
-
-2004-02-06  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3550242 and 3546977.  The first diff prevents an assert from firing.  The second diff prevents a JavaScript exception, caused be an invalid conversion, which has a downstream consequence of preventing a valid conversion.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::toString):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-
-2004-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3546613>: array of negative size leads to crash (test page at oscar.the-rileys.net)
-
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp): If the length is greater than 10,000, don't allocate an array until
-        we start putting values in. This prevents new Array(2147483647) from causing trouble.
-        (ArrayObjectImp::construct): Check number as described in specification, and raise a range error if the
-        number is out of range. This prevents new Array(-1) from causing trouble.
-
-        - fixed <rdar://problem/3545756>: Math.round screws up on numbers bigger than 2^31 (incorrect results on HP-35 calculator page)
-
-        * kjs/math_object.cpp: (MathFuncImp::call): Change implementation to be much simpler and not involve
-        casting to int. Results now match those in other browsers.
-
-2004-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3519285>: integer operations on large negative numbers yield bad results (discovered with "HTMLCrypt")
-        - fixed other related overflow issues
-
-        * kjs/value.h: Changed return types of toInteger, toInt32, toUInt32, and toUInt16.
-        * kjs/value.cpp:
-        (ValueImp::toInteger): Change to return a double, since this operation, from the ECMA specification,
-        must not restrict values to the range of a particular integer type.
-        (ValueImp::toInt32): Used a sized integer type for the result of this function, and also added
-        proper handling for negative results from fmod.
-        (ValueImp::toUInt32): Ditto.
-        (ValueImp::toUInt16): Ditto.
-        (ValueImp::dispatchToUInt32): Changed result type from unsigned to uint32_t.
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Use a double instead of an int to handle
-        out-of-integer-range values better in the slice function.
-        * kjs/internal.cpp: (KJS::roundValue): Streamline the function, handling NAN and infinity properly.
-        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Use a double instead of an int to handle
-        out-of-integer-range values better in the toString function.
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Use a double instead of an int to handle
-        out-of-integer-range values better in the charAt, charCodeAt, indexOf, lastIndexOf, slice,
-        and substr functions.
-
-=== Safari-126 ===
-
-2004-01-30  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3542044.  Create KJS::String using UString constructor instead of passing UTF8 string to char* constructor.
-
-        Reviewed by Darin.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::stringValue):
-
-2004-01-26  Darin Adler  <darin@apple.com>
-
-        * Makefile.am: Switch from pbxbuild to xcodebuild.
-
-2004-01-22  Richard Williamson   <rjw@apple.com>
-
-        Added stubs for ObjC language binding to JavaScript.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_runtime.h:
-        * bindings/objc/objc_runtime.h: Added.
-        (KJS::Bindings::ObjcParameter::ObjcParameter):
-        (KJS::Bindings::ObjcParameter::~ObjcParameter):
-        (KJS::Bindings::ObjcParameter::operator=):
-        (KJS::Bindings::ObjcParameter::type):
-        (KJS::Bindings::ObjcConstructor::ObjcConstructor):
-        (KJS::Bindings::ObjcConstructor::~ObjcConstructor):
-        (KJS::Bindings::ObjcConstructor::_commonCopy):
-        (KJS::Bindings::ObjcConstructor::operator=):
-        (KJS::Bindings::ObjcConstructor::value):
-        (KJS::Bindings::ObjcConstructor::parameterAt):
-        (KJS::Bindings::ObjcConstructor::numParameters):
-        (KJS::Bindings::ObjcField::ObjcField):
-        (KJS::Bindings::ObjcField::~ObjcField):
-        * bindings/runtime.h:
-
-2004-01-22  Richard Williamson   <rjw@apple.com>
-
-        Simplified JavaString by using UString as backing store.  This
-        revealed a bug in CString's assignment operator which I fixed.
-
-        Removed some dead code.
- 
-        Reviewed by John.
-
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaString::JavaString):
-        (KJS::Bindings::JavaString::_commonInit):
-        (KJS::Bindings::JavaString::UTF8String):
-        (KJS::Bindings::JavaString::uchars):
-        (KJS::Bindings::JavaString::length):
-        (KJS::Bindings::JavaString::ustring):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        * bindings/runtime_object.h:
-        * kjs/ustring.cpp:
-        (KJS::CString::CString):
-        (KJS::CString::operator=):
-
-=== Safari-125 ===
-
-=== Safari-124 ===
-
-2004-01-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3525853.  We weren't handling mapping to overloaded Java
-        methods very well.  Even though this is undefined the other
-        browsers support it.  Also fixed a bug with returning arrays
-        from Java functions.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::_commonInit):
-        (JavaClass::methodsNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::convertJObjectToArray):
-        (JavaField::valueFromInstance):
-        (JavaMethod::signature):
-        (JavaArray::valueAt):
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni_jsobject.cpp:
-        (JSObject::call):
-        (JSObject::convertJObjectToValue):
-        * bindings/runtime.cpp:
-        (MethodList::addMethod):
-        (MethodList::length):
-        (MethodList::methodAt):
-        (MethodList::~MethodList):
-        * bindings/runtime.h:
-        (KJS::Bindings::MethodList::MethodList):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::RuntimeMethodImp):
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::call):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::hasProperty):
-
-2004-01-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3531229.  Another place that needs the  Push/PopLocalFrame
-        protection implemented for 3530401.
-
-        Reviewed by John.
-
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-
-2004-01-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3530401.  JNI doesn't cleanup local refs created on the
-        main thread.   IMO this is a bad bug in our JMI implementation.
-
-        To work-around the problem I explicitly delete all local refs.
-        Further, I've added Push/PopLocalFrame calls to catch any refs
-        that I may have missed.  This will guarantee that we don't leak
-        any Java references.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::_commonInit):
-        (JavaClass::JavaClass):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::begin):
-        (JavaInstance::end):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaConstructor::JavaConstructor):
-        (JavaMethod::JavaMethod):
-        * bindings/jni_jsobject.cpp:
-        (JSObject::listFromJArray):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::begin):
-        (KJS::Bindings::Instance::end):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::defaultValue):
-
-2004-01-15  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Update copyright date to 2004.
-
-2004-01-14  Richard Williamson   <rjw@apple.com>
-        
-        Fixed 3529466.  With recent changes to Java plugin we must no
-        longer call DeleteLocalRef().  Not a problem, it was an optimization anyway.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.cpp:
-        (JObjectWrapper::JObjectWrapper):
-
-=== Safari-122 ===
-
-2004-01-14  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3529010.
-
-        Finalize may be called on an JSObject after we've already remove all our references.  The assert in this case is firing because we've received a finalize call from Java for an instance that we no longer know about.  The fix is to check in finalize that we're getting a call on an instance that we still care about.
-
-        Reviewed by John.
-
-        * bindings/jni_jsobject.cpp:
-        (addJavaReference):
-        (removeJavaReference):
-        (RootObject::removeAllJavaReferencesForRoot):
-        (JSObject::invoke):
-
-2004-01-13  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3528324. 
-
-        The run loop that is used to execute JavaScript (in practice, always the main run loop) is held in a class variable.  It is set and retained once and should not be released.  Unfortunately is it being released when the 'root' object on a LiveConnect applet is released.  This has the symptom of eventually causing an deallocation of the main run loop!  Usually after about 5 instantiations/destructions of a LiveConnect applet.  The CFRelease of the run loop was removed.
-
-        Reviewed by Hyatt.
-
-        * bindings/jni_jsobject.h:
-        (KJS::Bindings::RootObject::~RootObject):
-
-=== Safari-121 ===
-
-=== Safari-120 ===
-
-2004-01-06  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3521814.  Finalize messages weren't being dispatched!
-
-        Reviewed by John.
-
-        * bindings/jni_jsobject.cpp:
-        (JSObject::invoke):
-
-2004-01-05  Richard Williamson   <rjw@apple.com>
-
-        Added cache of JNI method IDs to minimize allocations.  This mitigates the problem
-        described by 3515579.
-
-        Also cleanup up logging of Java exceptions.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::classForInstance):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::getClass):
-        (JavaInstance::invokeMethod):
-        (JObjectWrapper::JObjectWrapper):
-        (JObjectWrapper::~JObjectWrapper):
-        * bindings/jni/jni_instance.h:
-        (KJS::Bindings::JavaInstance::operator=):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        (JavaMethod::methodID):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaMethod::JavaMethod):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIMethod):
-        (callJNIMethodIDA):
-        (callJNIMethodA):
-        (KJS::Bindings::getMethodID):
-        (KJS::Bindings::callJNIVoidMethodIDA):
-        (KJS::Bindings::callJNIObjectMethodIDA):
-        (KJS::Bindings::callJNIByteMethodIDA):
-        (KJS::Bindings::callJNICharMethodIDA):
-        (KJS::Bindings::callJNIShortMethodIDA):
-        (KJS::Bindings::callJNIIntMethodIDA):
-        (KJS::Bindings::callJNILongMethodIDA):
-        (KJS::Bindings::callJNIFloatMethodIDA):
-        (KJS::Bindings::callJNIDoubleMethodIDA):
-        (KJS::Bindings::callJNIBooleanMethodIDA):
-        (KJS::Bindings::getCharactersFromJStringInEnv):
-        (KJS::Bindings::getUCharactersFromJStringInEnv):
-        (KJS::Bindings::getJNIField):
-        * bindings/jni/jni_utility.h:
-
-l2003-12-23  John Sullivan  <sullivan@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        Xcode version wars, harmless
-
-2003-12-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by John (concept, not code, which is just the old code coming back).
-
-        - fixed 3518092: REGRESSION (100-119): getting NaN instead of HH:MM times
-
-        * kjs/date_object.cpp: Added back our CF-based implementations of gmtime, localtime,
-        mktime, timegm, and time, because mktime, at least, won't handle a year of 0.
-
-2003-12-19  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3515597.  When an error occurs we need
-        to make sure result values are zeroed.
-
-        Cleaned up logs by adding a newline.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM):
-        (KJS::Bindings::getJNIEnv):
-        (callJNIMethod):
-        (callJNIMethodA):
-        (KJS::Bindings::getJNIField):
-        * bindings/jni_jsobject.cpp:
-        (JSObject::convertValueToJObject):
-
-=== Safari-119 ===
-
-2003-12-17  Richard Williamson   <rjw@apple.com>
-
-        Ensure that all the symbols we export are in the KJS
-        namespace (3512245).
-
-        Also renamed JavaString.characters() to JavaString.UTF8String()
-        for enhanced clarity.
-
-        Added some sanity checking to constructor of JObjectWrapper.
-
-        Reviewed by Dave.
-
-        * ChangeLog:
-        * bindings/jni/jni_class.cpp:
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        (JObjectWrapper::JObjectWrapper):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaField::JavaField):
-        (JavaMethod::JavaMethod):
-        (JavaMethod::signature):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaString::ascii):
-        (KJS::Bindings::JavaString::UTF8String):
-        (KJS::Bindings::JavaString::JavaString):
-        (KJS::Bindings::JavaString::_commonInit):
-        (KJS::Bindings::JavaString::uchars):
-        (KJS::Bindings::JavaString::length):
-        (KJS::Bindings::JavaString::ustring):
-        (KJS::Bindings::JavaParameter::type):
-        (KJS::Bindings::JavaField::name):
-        (KJS::Bindings::JavaField::type):
-        (KJS::Bindings::JavaMethod::name):
-        (KJS::Bindings::JavaMethod::returnType):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM):
-        (KJS::Bindings::getJNIEnv):
-        (KJS::Bindings::callJNIVoidMethod):
-        (KJS::Bindings::callJNIObjectMethod):
-        (KJS::Bindings::callJNIBooleanMethod):
-        (KJS::Bindings::callJNIByteMethod):
-        (KJS::Bindings::callJNICharMethod):
-        (KJS::Bindings::callJNIShortMethod):
-        (KJS::Bindings::callJNIIntMethod):
-        (KJS::Bindings::callJNILongMethod):
-        (KJS::Bindings::callJNIFloatMethod):
-        (KJS::Bindings::callJNIDoubleMethod):
-        (KJS::Bindings::callJNIVoidMethodA):
-        (KJS::Bindings::callJNIObjectMethodA):
-        (KJS::Bindings::callJNIByteMethodA):
-        (KJS::Bindings::callJNICharMethodA):
-        (KJS::Bindings::callJNIShortMethodA):
-        (KJS::Bindings::callJNIIntMethodA):
-        (KJS::Bindings::callJNILongMethodA):
-        (KJS::Bindings::callJNIFloatMethodA):
-        (KJS::Bindings::callJNIDoubleMethodA):
-        (KJS::Bindings::callJNIBooleanMethodA):
-        (KJS::Bindings::getCharactersFromJString):
-        (KJS::Bindings::releaseCharactersForJString):
-        (KJS::Bindings::getCharactersFromJStringInEnv):
-        (KJS::Bindings::releaseCharactersForJStringInEnv):
-        (KJS::Bindings::getUCharactersFromJStringInEnv):
-        (KJS::Bindings::releaseUCharactersForJStringInEnv):
-        (KJS::Bindings::JNITypeFromClassName):
-        (KJS::Bindings::signatureFromPrimitiveType):
-        (KJS::Bindings::JNITypeFromPrimitiveType):
-        (KJS::Bindings::getJNIField):
-        (KJS::Bindings::convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (KJS::Bindings::JSObject::invoke):
-        (KJS::Bindings::JSObject::JSObject):
-        (KJS::Bindings::JSObject::call):
-        (KJS::Bindings::JSObject::eval):
-        (KJS::Bindings::JSObject::getMember):
-        (KJS::Bindings::JSObject::setMember):
-        (KJS::Bindings::JSObject::removeMember):
-        (KJS::Bindings::JSObject::getSlot):
-        (KJS::Bindings::JSObject::setSlot):
-        (KJS::Bindings::JSObject::toString):
-        (KJS::Bindings::JSObject::finalize):
-        (KJS::Bindings::JSObject::createNative):
-        (KJS::Bindings::JSObject::convertValueToJObject):
-        (KJS::Bindings::JSObject::convertJObjectToValue):
-        (KJS::Bindings::JSObject::listFromJArray):
-        * bindings/jni_jsobject.h:
-        * bindings/runtime.cpp:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-        * bindings/runtime_method.h:
-
-=== Safari-118 ===
-
-2003-12-16  Richard Williamson   <rjw@apple.com>
-
-        Ack!  More assertions.  Lock ALL entry points into the interpreter!
-        (3511733).
-
-        Reviewed by Ken.
-
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::removeMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        (Bindings::JSObject::convertJObjectToValue):
-
-2003-12-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed a couple of snafus and removed some logging.
-
-        Reviewed by Maciej.
-
-        * bindings/jni_jsobject.cpp:
-        (Bindings::performJavaScriptAccess):
-        (Bindings::completedJavaScriptAccess):
-        (Bindings::dispatchToJavaScriptThread):
-        Removed some annoying JS_LOG clutter.
-
-        (Bindings::RootObject::removeAllJavaReferencesForRoot):
-        Fixed allocation of key buffer that was called after it was needed.
-
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::JSObject):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::getSlot):
-        Added additional interpreter locks around getMember and getSlot. 
-        These functions may cause allocation of JS impls.  
-
-2003-12-15  Richard Williamson   <rjw@apple.com>
-
-        args weren't passed to 'call' invocation.  d'oh.
-        lock interpreter when we create instances of JS impls.        
-
-        Reviewed by Maciej.
-
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::convertValueToJObject):
-        (Bindings::JSObject::convertJObjectToValue):
-        (Bindings::JSObject::listFromJArray):
-        * bindings/jni_jsobject.h:
-
-2003-12-15  Richard Williamson   <rjw@apple.com>
-
-        Last piece of LiveConnect!  This checkin adds implementation
-        of the Java to JavaScript object conversion functions.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_utility.cpp:
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        (Bindings::JSObject::createNative):
-        (Bindings::JSObject::convertValueToJObject):
-        (Bindings::JSObject::convertJObjectToValue):
-        (Bindings::JSObject::listFromJArray):
-        * bindings/jni_jsobject.h:
-        (Bindings::):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::codeType):
-        (RuntimeMethodImp::execute):
-
-2003-12-12  Richard Williamson   <rjw@apple.com>
-
-        Added implementation of stubs in JSObject.  All that
-        remains is a couple of simple conversion functions stubs and
-        we're done with LiveConnect.  Also, changed string passing to
-        JS to use uchars instead of chars.  
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::_commonInit):
-        (Bindings::JavaString::_commonCopy):
-        (Bindings::JavaString::_commonDelete):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        (Bindings::JavaString::uchars):
-        (Bindings::JavaString::length):
-        (Bindings::JavaString::ustring):
-        * bindings/jni/jni_utility.cpp:
-        (getUCharactersFromJStringInEnv):
-        (releaseUCharactersForJStringInEnv):
-        (convertValueToJObject):
-        (convertJObjectToValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::removeMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        * bindings/jni_jsobject.h:
-
-2003-12-12  Richard Williamson   <rjw@apple.com>
-
-        Ensure that all calls from Java into JavaScript are
-        performed on a designated thread (the main thread).
-
-        Reviewed by Ken.
-
-        * bindings/jni_jsobject.cpp:
-        (isJavaScriptThread):
-        (rootForImp):
-        (Bindings::performJavaScriptAccess):
-        (Bindings::completedJavaScriptAccess):
-        (Bindings::initializeJavaScriptAccessLock):
-        (Bindings::lockJavaScriptAccess):
-        (Bindings::unlockJavaScriptAccess):
-        (Bindings::dispatchToJavaScriptThread):
-        (Bindings::RootObject::setFindRootObjectForNativeHandleFunction):
-        (Bindings::RootObject::removeAllJavaReferencesForRoot):
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::JSObject):
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::removeMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        (Bindings::JSObject::toString):
-        (Bindings::JSObject::finalize):
-        (Bindings::JSObject::getWindow):
-        * bindings/jni_jsobject.h:
-        (Bindings::RootObject::~RootObject):
-        (Bindings::RootObject::findRootObjectForNativeHandleFunction):
-        (Bindings::RootObject::runLoop):
-        (Bindings::RootObject::performJavaScriptSource):
-        (Bindings::):
-
-2003-12-11  Richard Williamson   <rjw@apple.com>
-
-        Added support for calling a JavaScript function from
-        Java.  Right now this only works for void func(void)
-        functions, but the conversion of args and return values
-        will come shortly.
-
-        Cleaned up and verified reference counting scheme, and
-        dereferencing of vended JavaScript objects when applet is
-        destroyed (actually when part is destroyed).
-        
-        Removed link hack for testkjs now that the Java folks think
-        they have a solution for the 1.4.2 JavaVM link problem.  Although
-        Greg B. thinks his solution may cause problems for the 1.3.1
-        version of the VM!?!
-
-        Reviewed by Ken.
-
-        * Makefile.am:
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        * bindings/jni/jni_utility.cpp:
-        (convertValueToJValue):
-        (convertValueToJObject):
-        (listFromJArray):
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (KJS_setFindRootObjectForNativeHandleFunction):
-        (KJS_findRootObjectForNativeHandleFunction):
-        (getReferencesByRootDictionary):
-        (getReferencesDictionary):
-        (findReferenceDictionary):
-        (rootForImp):
-        (addJavaReference):
-        (removeJavaReference):
-        * bindings/jni_jsobject.h:
-        (Bindings::RootObject::RootObject):
-        (Bindings::RootObject::~RootObject):
-        (Bindings::RootObject::setRootObjectImp):
-        (Bindings::RootObject::rootObjectImp):
-        (Bindings::RootObject::setInterpreter):
-        (Bindings::RootObject::interpreter):
-
-=== Safari-117 ===
-
-2003-12-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed regression in JavaScript tests reported by the KDE guys
-        - fixed 3506345: REGRESSION (115-116): VIP: chordfind.com no longer displays chords
-
-        * kjs/ustring.h: Add tolerateEmptyString parameter to toDouble and toULong.
-        * kjs/ustring.cpp:
-        (KJS::UString::toDouble): Separate the "tolerant" parameter into two separate ones:
-        tolerateTrailingJunk and tolerateEmptyString. Add new overloads; better for code size
-        and binary compatibility than default parameter values.
-        (KJS::UString::toULong): Pass tolerateEmptyString down to toDouble. Add new overload.
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Pass false for the new
-        "tolerate empty string" parameter.
-
-2003-12-10  Richard Williamson   <rjw@apple.com>
-
-        Added code to manage reference counting of JavaScript
-        objects passed to Java.   Also added implementation of
-        KJS_JSCreateNativeJSObject.  This is the function that
-        provides the root object to Java (KJS::Window).
-
-        Reviewed by Hyatt.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni_jsobject.cpp:
-        (KJS_setFindObjectForNativeHandleFunction):
-        (KJS_findObjectForNativeHandleFunction):
-        (getReferencesByOwnerDictionary):
-        (getReferencesDictionary):
-        (findReferenceDictionary):
-        (addJavaReference):
-        (removeJavaReference):
-        (removeAllJavaReferencesForOwner):
-        * bindings/jni_jsobject.h:
-
-2003-12-09  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect stubs that correspond to the native methods
-        on JSObject.  These will be called from the new Java plugin
-        when an instance of JSObject is instantiated and messaged.
-        When these are implemented the Java will be able to originate
-        calls into JavaScript.
-
-        Also a temporary work-around added to Makefile.am to solve
-        a link problem.  The 1.4.2 JavaVM accidentally links against
-        libobjc.  This call a failure linking testkjs.  Mike Hay is
-        working with someone to fix the problem (3505587).
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/jni_jsobject.cpp: Added.
-        (KJS_JSCreateNativeJSObject):
-        (KJS_JSObject_JSFinalize):
-        (KJS_JSObject_JSObjectCall):
-        (KJS_JSObject_JSObjectEval):
-        (KJS_JSObject_JSObjectGetMember):
-        (KJS_JSObject_JSObjectSetMember):
-        (KJS_JSObject_JSObjectRemoveMember):
-        (KJS_JSObject_JSObjectGetSlot):
-        (KJS_JSObject_JSObjectSetSlot):
-        (KJS_JSObject_JSObjectToString):
-        * bindings/jni_jsobject.h: Added.
-
-2003-12-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        <rdar://problem/3505183>: JavaScriptCore should assert that interpreter is locked in collector
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Assert that interpreter lock count is not 0.
-        (KJS::Collector::collect): likewise
-
-2003-12-08  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  The last piece of the JavaScript side of the
-        LiveConnect implementation.  This change adds support for
-        setting/getting values from Java arrays in JavaScript.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (convertJObjectToArray):
-        (JavaArray::JavaArray):
-        (JavaArray::~JavaArray):
-        (JavaArray::setValueAt):
-        (JavaArray::valueAt):
-        (JavaArray::getLength):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaArray::operator=):
-        (Bindings::JavaArray::javaArray):
-        * bindings/jni/jni_utility.cpp:
-        (JNITypeFromPrimitiveType):
-        (convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::RuntimeArrayImp):
-        (RuntimeArrayImp::~RuntimeArrayImp):
-        (RuntimeArrayImp::get):
-        (RuntimeArrayImp::put):
-        (RuntimeArrayImp::hasProperty):
-        * bindings/runtime_array.h:
-        (KJS::RuntimeArrayImp::getLength):
-        (KJS::RuntimeArrayImp::getConcreteArray):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-
-2003-12-05  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Part 1 of supporting JS bindings to
-        native language arrays.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (convertJObjectToArray):
-        (JavaField::valueFromInstance):
-        (JavaField::setValueToInstance):
-        * bindings/jni/jni_runtime.h:
-        * bindings/runtime.cpp:
-        (Instance::setValueOfField):
-        * bindings/runtime.h:
-        (Bindings::Array::~Array):
-
-2003-12-04  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Moved defaultValue into concrete implementation because
-        more intelligent conversion can be perform with knowledge
-        of the class of the original instance.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::isNumberClass):
-        (JavaClass::isBooleanClass):
-        (JavaClass::isStringClass):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::defaultValue):
-        (JavaInstance::valueOf):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JavaInstance::javaInstance):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::defaultValue):
-
-2003-12-04  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Added support for setting the value of Java
-        fields.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaField::JavaField):
-        (JavaField::valueFromInstance):
-        (JavaField::setValueToInstance):
-        (JavaMethod::JavaMethod):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaField::getJNIType):
-        * bindings/jni/jni_utility.cpp:
-        (JNITypeFromClassName):
-        (convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.cpp:
-        (Instance::setValueOfField):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::defaultValue):
-
-2003-12-04  Richard Williamson   <rjw@apple.com>
-
-        Added support for string conversions.
-        Changed various JavaString member variables to be inline.
-        Implemented defaultValue for context relevant type coercion.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::JavaClass):
-        (JavaClass::setClassName):
-        (JavaClass::classForInstance):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::stringValue):
-        (JavaInstance::numberValue):
-        (JavaInstance::booleanValue):
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaField::JavaField):
-        (JavaMethod::JavaMethod):
-        (appendClassName):
-        (JavaMethod::signature):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        (Bindings::JavaString::characters):
-        (Bindings::JavaParameter::JavaParameter):
-        (Bindings::JavaParameter::~JavaParameter):
-        (Bindings::JavaParameter::operator=):
-        (Bindings::JavaParameter::type):
-        (Bindings::JavaField::JavaField):
-        (Bindings::JavaField::~JavaField):
-        (Bindings::JavaField::operator=):
-        (Bindings::JavaField::name):
-        (Bindings::JavaField::type):
-        (Bindings::JavaMethod::JavaMethod):
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::name):
-        (Bindings::JavaMethod::returnType):
-        * bindings/jni/jni_utility.cpp:
-        (convertValueToJValue):
-        * bindings/runtime.h:
-        (Bindings::Instance::valueOf):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::defaultValue):
-        * bindings/runtime_object.h:
-        (KJS::RuntimeObjectImp::classInfo):
-
-=== Safari-116 ===
-
-2003-12-03  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Added support for parameter passing to Java and conversion
-        of return values.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaMethod::JavaMethod):
-        (JavaMethod::signature):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaParameter::JavaParameter):
-        (Bindings::JavaParameter::operator=):
-        (Bindings::JavaParameter::getJNIType):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIBooleanMethodA):
-        (convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-
-2003-12-02  Richard Williamson   <rjw@apple.com>
-
-        Added support for calling simple methods in Java from JavaScript.
-        (void return and no parameters).  Yay, LiveConnect lives.
-
-        Still need write argument and return value conversion code.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::getClass):
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        (JavaMethod::signature):
-        (JavaMethod::JNIReturnType):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::_commonCopy):
-        (Bindings::JavaMethod::name):
-        * bindings/jni/jni_utility.cpp:
-        (signatureFromPrimitiveType):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp: Added.
-        (RuntimeMethodImp::RuntimeMethodImp):
-        (RuntimeMethodImp::~RuntimeMethodImp):
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::implementsCall):
-        (RuntimeMethodImp::call):
-        (RuntimeMethodImp::codeType):
-        (RuntimeMethodImp::execute):
-        * bindings/runtime_method.h: Added.
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        * bindings/runtime_object.h:
-        * kjs/function.cpp:
-        (FunctionImp::FunctionImp):
-        * kjs/interpreter.h:
-
-2003-12-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed 3493799: JavaScript string.replace expands $ if it's the last character in replacement string
-
-        * kjs/ustring.cpp: (KJS::UString::toDouble): Fix backwards handling of the "tolerant" boolean.
-        This indirectly caused the string.replace bug.
-
-2003-12-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Merged patches from Harri Porten and David Faure to fix:
-
-        <rdar://problem/3497643>: reproducible crash printing self-referential array
-        
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call): Break out of the loop if an exception was thrown.
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate): Move function call depth check from here...
-        * kjs/object.cpp:
-        (KJS::Object::call): ...to here.
-        * kjs/object.h: Un-inline Object::call now that it does more.
-
-2003-12-01  Richard Williamson   <rjw@apple.com>
-
-        Fixed mistake in method signatures used to get boolean and integer fields.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-
-2003-12-01  Richard Williamson   <rjw@apple.com>
-
-Fixed parameter passing to applet.  Child elements are NOT valid in setStyle().  So we now create the widget before needed with createWidgetIfNecessary.  This either happens when doing the first layout, or when JavaScript first references the applet element.
-
-Fixed early delete of the the main applet instance.  When the JS collector cleaned up the last JS object referring to the applet instance we were deleting the java instance.  This caused the applet instance cached on the applet element to be invalid.  The applet instance is the only Java object not to be cleaned up by the JS collector.
-
-Added support for getting at Java object fields.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/jni/jni_instance.cpp:
-        (JObjectWrapper::JObjectWrapper):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JObjectWrapper::~JObjectWrapper):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::~RuntimeObjectImp):
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::deleteProperty):
-        * bindings/runtime_object.h:
-
-=== Safari-115 ===
-
-2003-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri Porten, reviewed by me.
-
-        - fixed 3491712 - String slice with negative arguments does not offset from end of string
-        
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): Handle negative arguments as offsets from end by
-        adding length and clamping to [0,length-1].
-
-2003-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri Porten, reviewed by me.
-
-        - fixed 3491709 - using Function.apply with a primitive type as the arg list causes crash
-        
-        * kjs/function_object.cpp:
-        (FunctionProtoFuncImp::call): Nest parentheses properly.
-
-2003-11-20  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.  Primitive Java fields are now
-        accessible from JavaScript!  Yay!
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodNamed):
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h:
-        (Bindings::JavaClass::_commonDelete):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::~JavaInstance):
-        (JavaInstance::getClass):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JavaInstance::javaInstance):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (JavaField::valueFromInstance):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaField::JavaField):
-        (Bindings::JavaField::~JavaField):
-        (Bindings::JavaField::operator=):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIMethod):
-        (callJNIMethodA):
-        (callJNIVoidMethod):
-        (callJNIObjectMethod):
-        (callJNIBooleanMethod):
-        (callJNIByteMethod):
-        (callJNICharMethod):
-        (callJNIShortMethod):
-        (callJNIIntMethod):
-        (callJNILongMethod):
-        (callJNIFloatMethod):
-        (callJNIDoubleMethod):
-        (callJNIVoidMethodA):
-        (callJNIObjectMethodA):
-        (callJNIByteMethodA):
-        (callJNICharMethodA):
-        (callJNIShortMethodA):
-        (callJNIIntMethodA):
-        (callJNILongMethodA):
-        (callJNIFloatMethodA):
-        (callJNIDoubleMethodA):
-        (releaseCharactersForJStringInEnv):
-        (primitiveTypeFromClassName):
-        (getJNIField):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        (Instance::getValueOfField):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-
-2003-11-20  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::classForName):
-        (JavaClass::classForInstance):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::getValueOfField):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JObjectWrapper::JObjectWrapper):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaConstructor::~JavaConstructor):
-        (Bindings::JavaConstructor::operator=):
-        (Bindings::JavaMethod::JavaMethod):
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::signature):
-        * bindings/jni/jni_utility.cpp:
-        (getJNIEnv):
-        (attachToJavaVM):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::~RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        * bindings/runtime_object.h:
-
-2003-11-19  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_class.cpp: Added.
-        (JavaClass::_commonInit):
-        (JavaClass::JavaClass):
-        (_createClassesByNameIfNecessary):
-        (JavaClass::classForName):
-        (JavaClass::classForInstance):
-        (JavaClass::methodNamed):
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h: Added.
-        (Bindings::JavaClass::_commonDelete):
-        (Bindings::JavaClass::~JavaClass):
-        (Bindings::JavaClass::_commonCopy):
-        (Bindings::JavaClass::JavaClass):
-        (Bindings::JavaClass::operator=):
-        (Bindings::JavaClass::name):
-        (Bindings::JavaClass::constructorAt):
-        (Bindings::JavaClass::numConstructors):
-        * bindings/jni/jni_instance.cpp: Added.
-        (JavaInstance::JavaInstance):
-        (JavaInstance::~JavaInstance):
-        * bindings/jni/jni_instance.h: Added.
-        (Bindings::JObjectWrapper::JObjectWrapper):
-        (Bindings::JObjectWrapper::~JObjectWrapper):
-        (Bindings::JObjectWrapper::ref):
-        (Bindings::JObjectWrapper::deref):
-        (Bindings::JavaInstance::getClass):
-        (Bindings::JavaInstance::operator=):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        * bindings/jni/jni_utility.cpp:
-        (getJavaVM):
-        (getJNIEnv):
-        (getCharactersFromJString):
-        (releaseCharactersForJString):
-        (getCharactersFromJStringInEnv):
-        (releaseCharactersForJStringInEnv):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-        (Bindings::Instance::):
-
-2003-11-18  Richard Williamson   <rjw@apple.com>
-
-        More live connect stubs.  We're getting close.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaClass::JavaClass):
-        (JavaInstance::JavaInstance):
-        (JavaInstance::~JavaInstance):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaConstructor::value):
-        (Bindings::JavaField::value):
-        (Bindings::JavaMethod::value):
-        (Bindings::JavaClass::_commonDelete):
-        (Bindings::JavaClass::_commonCopy):
-        (Bindings::JavaClass::methodNamed):
-        (Bindings::JavaClass::fieldNamed):
-        (Bindings::JavaInstance::getClass):
-        * bindings/runtime.cpp: Added.
-        * bindings/runtime.h:
-        (Bindings::Instance::~Instance):
-        * bindings/runtime_object.cpp: Added.
-        (RuntimeObjectImp::classInfo):
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::deleteProperty):
-        (RuntimeObjectImp::defaultValue):
-        (RuntimeObjectImp::_initializeClassInfoFromInstance):
-        * bindings/runtime_object.h: Added.
-        (KJS::RuntimeObjectImp::setInternalInstance):
-        (KJS::RuntimeObjectImp::getInternalInstance):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::get):
-        (KJS::ObjectImp::hasProperty):
-        * kjs/value.h:
-        (KJS::):
-
-2003-11-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri, reviewed by me.
-
-        - fixed 3487375 - backwards array slice causes infinite loop
-        
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-
-2003-11-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri Porten reviewed by me.
-
-        - fixed 3487371 - operator precedence for bitwise or, xor and and is wrong
-
-        * kjs/grammar.y: Correct the precedence.
-
-2003-11-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fixed 3483829 - JavaScriptCore needs workaround to compile on Merlot
-        
-        * JavaScriptCore.pbproj/project.pbxproj: Add -Wno-long-double to
-        warning flags.
-
-=== Safari-114 ===
-
-2003-11-13  Richard Williamson   <rjw@apple.com>
-
-        Factored common code between copy constructor and assignment operator.
-
-        Reviewed by Chris.
-
-        * ChangeLog:
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaConstructor::_commonCopy):
-        (Bindings::JavaConstructor::JavaConstructor):
-        (Bindings::JavaConstructor::operator=):
-        (Bindings::JavaField::type):
-        * bindings/runtime.h:
-
-2003-11-13  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.  This checkin adds abstract classes to model
-        language runtimes and a JNI based set of concrete implementations for
-        Java.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/Makefile.am: Removed.
-        * bindings/jni/Makefile.am: Removed.
-        * bindings/jni/jni_runtime.cpp: Added.
-        (JavaField::JavaField):
-        (JavaConstructor::JavaConstructor):
-        (JavaMethod::JavaMethod):
-        (JavaClass::JavaClass):
-        * bindings/jni/jni_runtime.h: Added.
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        (Bindings::JavaString::characters):
-        (Bindings::JavaParameter::JavaParameter):
-        (Bindings::JavaParameter::~JavaParameter):
-        (Bindings::JavaParameter::operator=):
-        (Bindings::JavaParameter::type):
-        (Bindings::JavaConstructor::JavaConstructor):
-        (Bindings::JavaConstructor::~JavaConstructor):
-        (Bindings::JavaConstructor::operator=):
-        (Bindings::JavaConstructor::parameterAt):
-        (Bindings::JavaConstructor::numParameters):
-        (Bindings::JavaField::JavaField):
-        (Bindings::JavaField::~JavaField):
-        (Bindings::JavaField::operator=):
-        (Bindings::JavaField::name):
-        (Bindings::JavaField::type):
-        (Bindings::JavaMethod::JavaMethod):
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::~JavaMethod):
-        (Bindings::JavaMethod::_commonCopy):
-        (Bindings::JavaMethod::operator=):
-        (Bindings::JavaMethod::name):
-        (Bindings::JavaMethod::returnType):
-        (Bindings::JavaMethod::parameterAt):
-        (Bindings::JavaMethod::numParameters):
-        (Bindings::JavaClass::_commonDelete):
-        (Bindings::JavaClass::~JavaClass):
-        (Bindings::JavaClass::_commonCopy):
-        (Bindings::JavaClass::JavaClass):
-        (Bindings::JavaClass::operator=):
-        (Bindings::JavaClass::name):
-        (Bindings::JavaClass::methodAt):
-        (Bindings::JavaClass::numMethods):
-        (Bindings::JavaClass::constructorAt):
-        (Bindings::JavaClass::numConstructors):
-        (Bindings::JavaClass::fieldAt):
-        (Bindings::JavaClass::numFields):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIMethod):
-        (callJNIMethodA):
-        (callJNIObjectMethod):
-        (callJNIByteMethod):
-        (callJNICharMethod):
-        (callJNIShortMethod):
-        (callJNIIntMethod):
-        (callJNILongMethod):
-        (callJNIFloatMethod):
-        (callJNIDoubleMethod):
-        (callJNIVoidMethodA):
-        (callJNIObjectMethodA):
-        (callJNIByteMethodA):
-        (callJNICharMethodA):
-        (callJNIShortMethodA):
-        (callJNIIntMethodA):
-        (callJNILongMethodA):
-        (callJNIFloatMethodA):
-        (callJNIDoubleMethodA):
-        (getCharactersFromJString):
-        (releaseCharactersForJString):
-        * bindings/jni/jni_utility.h:
-        * bindings/objc/Makefile.am: Removed.
-        * bindings/runtime.h: Added.
-        (Bindings::Parameter::~Parameter):
-        (Bindings::Constructor::~Constructor):
-        (Bindings::Field::~Field):
-        (Bindings::Method::~Method):
-        (Bindings::Class::~Class):
-
-2003-11-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fixed 3472562 - Null or Undefined variables passed to IN operator cause javascript exceptions
-        
-        * kjs/nodes.cpp:
-        (ForInNode::execute): If the in value is null or undefined, bail
-        out early, since attempting to iterate its properties will throw
-        an exception.
-
-2003-11-12  Darin Adler  <darin@apple.com>
-
-        - fixed the build
-
-        * Makefile.am: Fix the build by removing the bindings directory from SUBDIRS.
-        Later, we can either add this back and add the Makefile.am files to the top
-        level configure.in or leave it out and remove the Makefile.am files.
-
-2003-11-12  Richard Williamson   <rjw@apple.com>
-
-        Added utility functions for calling JNI methods.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/Makefile.am: Added.
-        * bindings/jni/Makefile.am: Added.
-        * bindings/jni/jni_utility.cpp: Added.
-        (attachToJavaVM):
-        (callJNIMethod):
-        (callJNIVoidMethod):
-        (callJNIObjectMethod):
-        (callJNIByteMethod):
-        (callJNICharMethod):
-        (callJNIShortMethod):
-        (callJNIIntMethod):
-        (callJNILongMethod):
-        (callJNIFloatMethod):
-        (callJNIDoubleMethod):
-        * bindings/jni/jni_utility.h: Added.
-        * bindings/objc/Makefile.am: Added.
-
-2003-11-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - fixed 3477528 -- array.sort(function) fails if the function returns a non-zero value that rounds to zero
-
-        * kjs/array_object.cpp:
-        (compareByStringForQSort): Added checks for undefined values to match what the specification calls for.
-        (compareWithCompareFunctionForQSort): Added checks for undefined values as above, and also changed the
-        code that looks at the compare function result to look at the number returned without rounding to an integer.
-        (ArrayProtoFuncImp::call): Changed the code that looks at the compare function result to look at the number
-        returned without rounding to an integer.
-
-=== Safari-113 ===
-
-2003-11-03  Vicki Murley <vicki@apple.com>
-
-        Reviewed by kocienda.
-
-        - fixed <rdar://problem/3471096>: non-B&I builds should not use order files, because they cause false "regressions" in perf.
-
-        * JavaScriptCore.pbproj/project.pbxproj: added empty SECTORDER_FLAGS variables to the Development and Deployment build styles
-
-2003-11-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - changed list manipulation to use Harri Porten's idea of a circular
-          linked list that is built from head to tail rather than building the
-          list backwards and reversing the list when done
-
-        * kjs/grammar.y: Handle CatchNode and FinallyNode in a type-safe way.
-        Change many places that passed 0L to pass nothing at all, or to pass 0.
-
-        * kjs/nodes.h:
-        (KJS::ElementNode::ElementNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::ArrayNode::ArrayNode): Break the circular list instead of reversing the list.
-        (KJS::PropertyValueNode::PropertyValueNode): Moved before ObjectLiteralNode so the
-        inline code in ObjectLiteralNode works. Build a circular list instead of a 0-terminated
-        backwards list. Made the case for the first node separate so we don't need a nil check.
-        (KJS::ObjectLiteralNode::ObjectLiteralNode): Break the circular list instead of
-        reversing the list.
-        (KJS::ArgumentListNode::ArgumentListNode): Build a circular list instead of a 0-terminated
-        backwards list. Also, made the constructors inline (moved here from .cpp file).
-        (KJS::ArgumentsNode::ArgumentsNode): Break the circular list instead of
-        reversing the list.
-        (KJS::NewExprNode::NewExprNode): Changed a 0L to 0.
-        (KJS::StatListNode::StatListNode): Make this constructor no longer inline (moved into
-        .cpp file). The one in the .cpp file builds a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::VarDeclListNode::VarDeclListNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::VarStatementNode::VarStatementNode): Break the circular list instead of reversing
-        the list.
-        (KJS::BlockNode::BlockNode): Make this constructor no longer inline (moved into .cpp file).
-        The one in the .cpp file breaks the list instead of reversing it.
-        (KJS::ForNode::ForNode): Break the circular list instead of reversing the list.
-        (KJS::CaseClauseNode::CaseClauseNode): Break the circular list instead of reversing the
-        list.
-        (KJS::ClauseListNode::ClauseListNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::CaseBlockNode::CaseBlockNode): Make this constructor no longer inline (moved into
-        .cpp file). The one in the .cpp file breaks the list instead of reversing it.
-        (KJS::TryNode::TryNode): Changed constructor to take typed parameters for the catch and
-        finally nodes rather than just Node.
-        (KJS::ParameterNode::ParameterNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::FuncDeclNode::FuncDeclNode): Break the circular list instead of reversing the
-        list.
-        (KJS::FuncExprNode::FuncExprNode): Break the circular list instead of reversing the
-        list.
-
-        * kjs/nodes.cpp:
-        (StatListNode::StatListNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        Added setLoc calls to match KJS in the KDE tree; since we don't currently
-        use the JavaScript debugging support, it's unclear whether there's any benefit, but
-        later we might be using it and it's good to be as close as possible.
-        (BlockNode::BlockNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        Added setLoc calls.
-        (CaseBlockNode::CaseBlockNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        (SourceElementsNode::SourceElementsNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        Added setLoc calls.
-
-        * kjs/grammar.cpp: Regenerated.
-        * kjs/grammar.cpp.h: Regenerated.
-        * kjs/grammar.h: Regenerated.
-
-=== Safari-112 ===
-
-2003-10-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed 3427069 - browsing mp3.com causes leaks (KJS)
-        
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): Don't do an early return, since that
-        could leak a temporary regexp.
-
-2003-10-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - fixed 3426076 - Leak of JS lexer data visiting http://www.ebay.com
-        
-        * kjs/grammar.cpp:
-        (yyerror): Updated the commented code.
-        * kjs/grammar.y: Don't delete string and identifier tokens when done
-        with them any more, they'll get cleaned up by the lexer now.
-        * kjs/internal.cpp:
-        (Parser::parse): Tell lexer when done parsing.
-        * kjs/lexer.cpp:
-        (Lexer::Lexer): Initialize new data members.
-        (Lexer::lex): Use new methods to make strings and identifiers, and
-        save them.
-        (Lexer::makeIdentifier): Make a new Identifier and save it in an
-        auto-growing array.
-        (Lexer::makeUString): Likewise for UStrings.
-        (Lexer::doneParsing): Clean up arrays of Ifentifiers and UStrings.
-        * kjs/lexer.h:
-
-2003-10-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed 3413962 -  malicious web pages can kill all future JavaScript execution by breaking recursion limit check
-        
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate): If we're going to return early due
-        to breaking the recursion limit, make sure to lower it again, or
-        it will creep up by one each time it's exceeded.
-
-2003-10-26  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCorePrefix.h: Added a C case to the NULL definition since we use C as well
-        as C++ in this project.
-
-2003-10-26  Darin Adler  <darin@apple.com>
-
-        - rolled in some CString changes Harri Porten did on the KDE side
-
-        * kjs/ustring.cpp:
-        (KJS::CString::CString): Use memcpy instead of strcpy for speed. Fix an off by one error
-        in the copy constructor.
-        (KJS::CString::operator=): Use memcpy instead of strcpy for speed.
-
-        * JavaScriptCorePrefix.h: Add a definition of NULL here that takes advantage of the GNU
-        __null feature even if the system C library doesn't.
-
-== Rolled over to ChangeLog-2003-10-25 ==

diff --git a/ChangeLog-2008-08-10 b/ChangeLog-2008-08-10
deleted file mode 100644 (file)
index 0912aec..0000000
--- a/ChangeLog-2008-08-10
+++ /dev/null
@@ -1,31482 +0,0 @@
-2008-08-10  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed (and updated) by Alp Toker.
-
-        https://bugs.webkit.org/show_bug.cgi?id=16620
-        [GTK] Autotools make dist and make check support
-
-        Get make dist working.
-
-        Note that not all possible configurations have been tested yet.
-
-        * GNUmakefile.am:
-
-2008-08-09  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        Added same heap debug checks to more code paths.
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::put):
-        (KJS::JSActivation::putWithAttributes):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::putWithAttributes):
-        * kjs/JSObject.h:
-        (KJS::JSObject::putDirect):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTablePut):
-        (KJS::JSVariableObject::symbolTablePutWithAttributes):
-
-2008-08-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Fix some style issues in the sampling tool.
-
-        * VM/SamplingTool.cpp:
-        (KJS::sleepForMicroseconds):
-        (KJS::SamplingTool::dump):
-
-2008-08-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Revision 35651, despite being a rather trivial change, introduced a
-        large regression on the regexp-dna SunSpider test. This regression
-        stemmed from an increase in the size of CodeBlock::dump(). There is
-        no reason for this method (and several related methods) to be compiled
-        in non-debug builds with the sampling tool disabled. This patch
-        conditionally compiles them, reversing the regression on SunSpider.
-
-        * JavaScriptCore.exp:
-        * VM/CodeBlock.cpp:
-        * VM/CodeBlock.h:
-        * VM/Machine.cpp:
-
-2008-08-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 20330: JSCore crash loading any filehurricane media page
-        <https://bugs.webkit.org/show_bug.cgi?id=20330>
-
-        Fix a typo in the constant loading patch. Also, add a case for
-        op_unexpected_load to CodeBlock::dump().
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addUnexpectedConstant):
-
-2008-08-08  Matt Lilek  <webkit@mattlilek.com>
-
-        Not reviewed, build fix.
-
-        * JavaScriptCore.exp:
-
-2008-08-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Improve performance of arithmetic operators
-
-        Added a fast (non-virtual) mechanism to determine if a non-immediate JSValue*
-        is a JSNumberCell.  We then use this to allow improved specialisation in many
-        arithmetic operators.  SunSpider reports a 2.5% progression overall, with greater
-        than 10% progressions on a number of arithmetic heavy tests.
-
-        * VM/Machine.cpp:
-        (KJS::fastIsNumber):
-        (KJS::fastToInt32):
-        (KJS::fastToUInt32):
-        (KJS::jsLess):
-        (KJS::jsLessEq):
-        (KJS::jsAdd):
-        (KJS::Machine::privateExecute):
-        * kjs/JSNumberCell.h:
-        (KJS::JSNumberCell::fastToInt32):
-        (KJS::JSNumberCell::fastToUInt32):
-        * kjs/collector.cpp:
-        (KJS::allocateBlock):
-        (KJS::Heap::heapAllocate):
-        * kjs/collector.h:
-        (KJS::Heap::fastIsNumber):
-
-2008-08-06  Adam Roben  <aroben@apple.com>
-
-        Try to fix the Windows build bots
-
-        * API/JSBase.cpp: Touch this to force JSC to rebuild and re-copy the
-        WTF headers.
-
-2008-08-06  Tor Arne Vestbø  <tavestbo@trolltech.com>
-
-        Revert change 35595.
-
-        * wtf/RetainPtr.h:
-
-2008-08-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Fix non-Mac build.
-
-        * wtf/RetainPtr.h: CoreFoundation only for PLATFORM(MAC)
-
-2008-08-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Fix non-Mac build.
-
-        * wtf/RetainPtr.h: CoreFoundation only for PLATFORM(MAC)
-
-2008-08-06  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Darin. Landed by Cameron.
-
-        Bug 20272: typo in JavaScriptCore
-        <https://bugs.webkit.org/show_bug.cgi?id=20272>
-
-        Correct the documentation for op_not. (typo)
-        Fix #undef. (typo)
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-08-06  Cameron Zwarich  <cwzwarich@webkit.org>
-
-        Reviewed by Maciej.
-
-        Bug 20286: Load constants all at once instead of using op_load
-        <https://bugs.webkit.org/show_bug.cgi?id=20286>
-
-        Load constants all at once into temporary registers instead of using
-        individual instances of op_load.
-
-        This is a 2.6% speedup on SunSpider.
-
-        * JavaScriptCore.exp:
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        (KJS::CodeBlock::mark):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::newTemporary):
-        (KJS::CodeGenerator::addConstant):
-        (KJS::CodeGenerator::addUnexpectedConstant):
-        (KJS::CodeGenerator::emitLoad):
-        (KJS::CodeGenerator::emitUnexpectedLoad):
-        (KJS::CodeGenerator::emitNewError):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::throwException):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * VM/RegisterID.h:
-        (KJS::RegisterID::RegisterID):
-        (KJS::RegisterID::makeConstant):
-        (KJS::RegisterID::isTemporary):
-        * kjs/NodeInfo.h:
-        * kjs/Parser.cpp:
-        (KJS::Parser::didFinishParsing):
-        * kjs/Parser.h:
-        (KJS::Parser::parse):
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::NullNode::emitCode):
-        (KJS::BooleanNode::emitCode):
-        (KJS::NumberNode::emitCode):
-        (KJS::StringNode::emitCode):
-        (KJS::ArrayNode::emitCode):
-        (KJS::DeleteResolveNode::emitCode):
-        (KJS::DeleteValueNode::emitCode):
-        (KJS::VoidNode::emitCode):
-        (KJS::ConstDeclNode::emitCodeSingle):
-        (KJS::ReturnNode::emitCode):
-        (KJS::ScopeNode::ScopeNode):
-        (KJS::ProgramNode::ProgramNode):
-        (KJS::ProgramNode::create):
-        (KJS::EvalNode::EvalNode):
-        (KJS::EvalNode::create):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        (KJS::FunctionBodyNode::create):
-        (KJS::FunctionBodyNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::ScopeNode::neededConstants):
-
-2008-08-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron.
-
-        - add fast path for immediates to % operator, as we have for many other math ops
-        
-        This fixes handling for a 0 divisor relative to the last patch. Only an 0.2% speedup on SunSpider but
-        still a 1.4x win on Oliver's prime test.
-        
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-08-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Bug 20293: Crash in JavaScript codegen for eval("const a;")
-        <https://bugs.webkit.org/show_bug.cgi?id=20293>
-
-        Correctly handle constant declarations in eval code with no initializer.
-
-        * kjs/nodes.cpp:
-        (KJS::ConstDeclNode::emitCodeSingle):
-
-2008-08-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Roll out r35555 because of correctness issues.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-08-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - add fast path for immediates to % operator, as we have for many other math ops
-        
-        0.6% speedup on SunSpider. 1.4x speedup on a prime testing torture test that Oliver whipped up.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-07-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 19359: JavaScriptCore behaves differently from FF2/3 and IE when handling context in catch statement
-        <https://bugs.webkit.org/show_bug.cgi?id=19359>
-
-        Make our catch behave like Firefox and IE, we do this by using a StaticScopeObject
-        instead of a generic JSObject for the scope node.  We still don't make use of the
-        fact that we have a static scope inside the catch block, so the internal performance
-        of the catch block is not improved, even though technically it would be possible to
-        do so.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitPushNewScope):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::createExceptionScope):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * kjs/JSStaticScopeObject.cpp:
-        (KJS::JSStaticScopeObject::toThisObject):
-        (KJS::JSStaticScopeObject::put):
-        * kjs/JSStaticScopeObject.h:
-        * kjs/nodes.cpp:
-        (KJS::TryNode::emitCode):
-
-2008-08-02  Rob Gowin  <robg@gowin.net>
-
-        Reviewed by Eric Seidel.
-
-        Added JavaScriptCore/API/WebKitAvailability to list of files in
-        javascriptcore_h_api.
-
-        * GNUmakefile.am:
-
-2008-08-01  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Maciej.
-
-        Remove JSGlobalData::DataInstance. It was only needed when we had per-thread JSGlobalData
-        instances.
-
-        * kjs/JSGlobalData.h:
-
-2008-07-31  Kevin Ollivier <kevino@theolliviers.com>
-
-        Second attempt at Windows/wx build fix. Instead of avoiding inclusion of windows.h,
-        use defines, etc. to avoid conflicts in each affected file. Also, change PLATFORM(WIN)
-        to PLATFORM(WIN_OS) so that other ports using Windows headers get the right impls.
-
-        * VM/SamplingTool.cpp:
-        * wtf/Threading.h:
-
-2008-07-31  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam.
-
-        Fix Windows build.
-        
-        * kjs/collector.h:
-        * wtf/FastMalloc.cpp:
-
-2008-07-31  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Simon.
-
-        Bug 20170: [Qt] missing namespace defines in JavaScriptCore.pro
-        <https://bugs.webkit.org/show_bug.cgi?id=20170>
-
-        * JavaScriptCore.pro: Added missing define.
-
-2008-07-31  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Maciej.
-
-        Eliminate JSLock (it was already disabled, removing the stub implementaion and all
-        call sites now).
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        (JSGarbageCollect):
-        * API/JSCallbackConstructor.cpp:
-        (KJS::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::init):
-        (KJS::::getOwnPropertySlot):
-        (KJS::::put):
-        (KJS::::deleteProperty):
-        (KJS::::construct):
-        (KJS::::hasInstance):
-        (KJS::::call):
-        (KJS::::getPropertyNames):
-        (KJS::::toNumber):
-        (KJS::::toString):
-        (KJS::::staticValueGetter):
-        (KJS::::callbackGetter):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRetain):
-        (JSGlobalContextRelease):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        (JSObjectCopyPropertyNames):
-        (JSPropertyNameArrayRelease):
-        (JSPropertyNameAccumulatorAddName):
-        * API/JSStringRef.cpp:
-        (JSStringRelease):
-        * API/JSValueRef.cpp:
-        (JSValueIsEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * ForwardingHeaders/JavaScriptCore/JSLock.h: Removed.
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.order:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject):
-        (KJS::JSGlobalObject::init):
-        * kjs/JSLock.cpp: Removed.
-        * kjs/JSLock.h: Removed.
-        * kjs/Shell.cpp:
-        (functionGC):
-        (jscmain):
-        * kjs/collector.cpp:
-        (KJS::Heap::~Heap):
-        (KJS::Heap::heapAllocate):
-        (KJS::Heap::setGCProtectNeedsLocking):
-        (KJS::Heap::protect):
-        (KJS::Heap::unprotect):
-        (KJS::Heap::collect):
-        * kjs/identifier.cpp:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::checkSyntax):
-        (KJS::Interpreter::evaluate):
-
-2008-07-31  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Fix the Mac project to not display "test/" as part of file name for tests.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-07-31  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-        
-        Rename USE(MULTIPLE_THREADS) to ENABLE(JSC_MULTIPLE_THREADS)
-        to better match the use/enable pattern (and better describe
-        the usage of the feature in question.)
-        
-        I also fixed a couple other ENABLE_ macros to be pre-processor
-        definition override-able to match the rest of the ENABLE_ macros
-        since it seems to be our convention that build systems can set
-        ENABLE_ macros in Makefiles.
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreadingOnce):
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        (KJS::JSGlobalData::~JSGlobalData):
-        * kjs/MathObject.cpp:
-        * kjs/collector.cpp:
-        (KJS::Heap::Heap):
-        (KJS::Heap::~Heap):
-        (KJS::allocateBlock):
-        (KJS::Heap::markStackObjectsConservatively):
-        * kjs/collector.h:
-        * kjs/dtoa.cpp:
-        (KJS::pow5mult):
-        (KJS::rv_alloc):
-        (KJS::freedtoa):
-        (KJS::dtoa):
-        * wtf/FastMalloc.cpp:
-        * wtf/Platform.h:
-        * wtf/RefCountedLeakCounter.cpp:
-
-2008-07-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Mark Rowe.
-        
-        Try to clean up our usage of USE(MULTIPLE_THREADS) vs. USE(PTHREADS) a little.
-        It looks like JSC assumes that if MULTIPLE_THREADS is defined, then pthreads will always be available
-        I'm not sure that's always the case for gtk, certainly not for Windows.  We should eventually go back
-        and fix wtf/Threading.h to cover all these cases some day.
-
-        * kjs/JSLock.cpp:
-        * kjs/collector.h:
-        * wtf/Platform.h:
-
-2008-07-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-        
-        MSVC warns when structs are called classes or vice versa.
-        Make all the source refer to JSGlobalData as a class.
-
-        * kjs/CommonIdentifiers.h:
-        * kjs/JSGlobalData.h:
-        * kjs/Parser.h:
-        * kjs/lexer.h:
-
-2008-07-30  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Add consistency checks to UString to document and enforce its design.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::create):
-        (KJS::UString::Rep::destroy):
-        (KJS::UString::Rep::checkConsistency):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::expandPreCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::spliceSubstringsWithSeparators):
-        (KJS::UString::append):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::checkConsistency):
-
-2008-07-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fixes for Windows and non-AllInOne file build with SamplingTool, plus review fixes.
-
-        * GNUmakefile.am:              Adding SamplingTool.cpp to build.
-        * JavaScriptCore.exp:          Export hooks to init & control SamplingTool.
-        * JavaScriptCore.pri:          Adding SamplingTool.cpp to build.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Adding SamplingTool.cpp to build.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Adding SamplingTool.cpp to build.
-        * JavaScriptCoreSources.bkl:   Adding SamplingTool.cpp to build.
-        * VM/Machine.cpp:              MACHINE_SAMPLING_callingNativeFunction renamed MACHINE_SAMPLING_callingHostFunction
-        * VM/Machine.h:
-        * VM/Opcode.cpp:               SamplingTool moved to SamplingTool.cpp/.h, opcodeNames generated from FOR_EACH_OPCODE_ID.
-        * VM/Opcode.h:
-        * VM/SamplingTool.cpp:         Added .cpp/.h for SamplingTool.
-        * VM/SamplingTool.h:
-        * kjs/Shell.cpp:               Switched SAMPLING_TOOL_ENABLED to ENABLE_SAMPLING_TOOL.
-        * wtf/Platform.h:              Added ENABLE_SAMPLING_TOOL config option.
-        * kjs/nodes.cpp:               Header include to fix non-AllInOne builds.
-
-2008-07-30  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fix compilation without multi-threading support.
-
-        * kjs/collector.cpp:
-        (KJS::Heap::Heap):
-
-2008-07-30  Anders Carlsson  <andersca@apple.com>
-        
-        Add WebKitAvailability.h forwarding header.
-        
-        * ForwardingHeaders/JavaScriptCore/WebKitAvailability.h: Added.
-
-2008-07-30  Anders Carlsson  <andersca@apple.com>
-
-        Fix the else.
-        
-        * API/WebKitAvailability.h:
-
-2008-07-30  Anders Carlsson  <andersca@apple.com>
-
-        * API/WebKitAvailability.h:
-        Fix Windows (and other non-Mac builds).
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Add WebKitAvailability.h to the project.
-
-2008-07-30  Anders Carlsson  <andersca@apple.com>
-
-        One step closer towards fixing the Windows build.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        Make sure to copy WebKitAvailability.h
-
-2008-07-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 20209: Atomize constant strings
-        <https://bugs.webkit.org/show_bug.cgi?id=20209>
-
-        Prevents significant performance degradation seen when a script contains multiple
-        identical strings that are used as keys to identify properties on objects.
-
-        No performance change on SunSpider.
-
-        * kjs/nodes.cpp: Atomize constant strings.
-
-2008-07-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        <rdar://problem/6111648> JavaScript exceptions fail if the scope chain includes the global object
-
-        In an attempt to remove the branch I just added to KJS::depth I
-        used the existence of a Variable Object at a point in the scope
-        chain as an indicator of function or global scope activation.
-        However this assumption results in incorrect behaviour if the
-        global object is injected into the scope chain with 'with'.
-
-        * VM/Machine.cpp:
-        (KJS::depth):
-
-2008-07-30  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Don't call JSGarbageCollect() on a released context.
-
-        * API/testapi.c: (main):
-
-2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Implement JSContextGroup APIs to make concurrent execution possible for
-        JavaScriptCore clients.
-
-        This changes the behavior of JSGlobalContextCreate(), so that it now uses a private context
-        group for each context, making JSlock implicit locking unnecessary.
-
-        * API/JSContextRef.h:
-        * API/JSContextRef.cpp:
-        (JSContextGroupCreate):
-        (JSContextGroupRetain):
-        (JSContextGroupRelease):
-        (JSGlobalContextCreate):
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRelease):
-        (JSContextGetGroup):
-        Added new methods. JSGlobalContextCreate() calls JSGlobalContextCreateInGroup() now.
-
-        * API/APICast.h: (toJS): (toRef): Added converters for JSContextGroupRef.
-        * API/JSBase.cpp: (JSGarbageCollect): JSGarbageCollect(0) is now a no-op, and the passed in
-        context is actually used.
-
-        * API/JSBase.h: Aded a typedef for JSContextGroupRef. Updated documentation for
-        JSGarbageCollect().
-
-        * JavaScriptCore.exp: Removed JSGlobalData::sharedInstance().
-
-        * kjs/JSGlobalData.cpp:
-        * kjs/JSGlobalData.h:
-        Removed support for JSGlobalData shared instance. JSGlobalData::isSharedInstance member
-        variable still remains, to be deleted in a followup patch.
-
-        * kjs/JSLock.cpp: (KJS::JSLock::JSLock): Disabled JSLock, to be deleted in a follow-up patch.
-        
-        * kjs/collector.cpp:
-        (KJS::Heap::markOtherThreadConservatively): Removed an assertion that referenced
-        JSGlobalData::sharedInstance.
-
-        * kjs/collector.h: Made Heap destructor public, so that JSContextRelease can use it.
-
-2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Fix a leak of ThreadRegistrar objects.
-
-        As the heap is usually deleted when registered threads still exist, ThreadSpecific doesn't
-        have a chance to clean up per-thread object. Switched to native pthread calls, storing a
-        plain pointer that doesn't require cleanup.
-
-        * kjs/collector.cpp:
-        (KJS::PlatformThread::PlatformThread):
-        (KJS::Heap::Thread::Thread):
-        (KJS::Heap::Heap):
-        (KJS::Heap::~Heap):
-        (KJS::Heap::registerThread):
-        (KJS::Heap::unregisterThread):
-        * kjs/collector.h:
-
-2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20169
-        Memory allocated with fastMalloc is freed with delete
-
-        * VM/JSPropertyNameIterator.cpp:
-        (KJS::JSPropertyNameIterator::invalidate): Free the array properly.
-        (KJS::JSPropertyNameIterator::~JSPropertyNameIterator): Delete the array by calling
-        invalidate().
-
-2008-07-29  Mark Rowe  <mrowe@apple.com>
-
-        Attempt to fix the Qt build.
-
-        * wtf/ThreadingQt.cpp: Add the extra argument to createThread.
-
-2008-07-29  Adam Roben  <aroben@apple.com>
-
-        Change Vector::find to return an index instead of an iterator
-
-        Indices are more natural than iterators when working with Vector.
-
-        Reviewed by John Sullivan.
-
-        * wtf/Vector.h:
-        (WTF::Vector::find): Changed to iterate the Vector manually and return
-        the index of the found item, rather than an iterator. When the item
-        could not be found, we return WTF::notFound.
-
-2008-07-29  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::setThreadName): Move a misplaced assertion to here...
-        (WTF::createThread): ...from here.
-
-2008-07-29  Adam Roben  <aroben@apple.com>
-
-        Add support for setting thread names on Windows
-
-        These thread names make it much easier to identify particular threads
-        in Visual Studio's Threads panel.
-
-        WTF::createThread now takes a const char* representing the thread's
-        name. On Windows, we throw a special exception to set this string as
-        the thread's name. Other platforms do nothing with this name for now.
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.exp: Export the new version of createThread that
-        takes 3 arguments (the old one continues to be exported for backward
-        compatibility).
-        * wtf/Threading.h: Add a threadName argument to createThread.
-
-        * wtf/ThreadingGtk.cpp:
-        (WTF::createThread):
-        * wtf/ThreadingNone.cpp:
-        (WTF::createThread):
-        Updated for function signature change.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::createThread): Updated for function signature change. We keep
-        around the old 2-argument version of createThread for backward
-        compatibility.
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::setThreadName): Added. This function's implementation came from
-        MSDN.
-        (WTF::initializeThreading): Set the name of the main thread.
-        (WTF::createThread): Call setThreadName. We keep around the old
-        2-argument version of createThread for backward compatibility.
-
-2008-07-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Store UString::Rep::isStatic bit in identifierTable pointer instead of reportedCost for
-        slightly nicer code and a 0.5% SunSpider improvement.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        * API/JSStringRef.cpp:
-        (JSStringRelease):
-        * kjs/PropertyNameArray.cpp:
-        (KJS::PropertyNameArray::add):
-        * kjs/identifier.cpp:
-        (KJS::IdentifierTable::~IdentifierTable):
-        (KJS::IdentifierTable::add):
-        (KJS::Identifier::addSlowCase):
-        (KJS::Identifier::remove):
-        * kjs/identifier.h:
-        (KJS::Identifier::add):
-        * kjs/ustring.cpp:
-        (KJS::):
-        (KJS::UString::Rep::create):
-        (KJS::UString::Rep::destroy):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::identifierTable):
-        (KJS::UString::Rep::setIdentifierTable):
-        (KJS::UString::Rep::isStatic):
-        (KJS::UString::Rep::setStatic):
-        (KJS::UString::cost):
-
-2008-07-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Renamed "ConstructTypeNative" => "ConstructTypeHost".
-        
-2008-07-26  Mark Rowe  <mrowe@apple.com>
-
-        Speculative fix for the wx build.
-
-        * JavaScriptCoreSources.bkl:  Add JSStaticScopeObject.cpp to the list of source files.
-
-2008-07-25  Oliver Hunt  <oliver@apple.com>
-
-        RS=Cameron Zwarich.
-
-        Whoops, forgot to save style correction.
-
-        * kjs/JSStaticScopeObject.h:
-
-2008-07-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 19718: Named anonymous functions are slow accessing global variables
-        <https://bugs.webkit.org/show_bug.cgi?id=19718>
-
-        To fix this we switch over to an activation-like scope object for
-        on which we attach the function name property, and add logic to 
-        prevent cross scope assignment to read only properties.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::findScopedProperty):
-        (KJS::CodeGenerator::emitResolve):
-        * VM/CodeGenerator.h:
-        * kjs/AllInOneFile.cpp:
-        * kjs/JSStaticScopeObject.cpp: Added.
-        (KJS::JSStaticScopeObject::putWithAttributes):
-        (KJS::JSStaticScopeObject::isDynamicScope):
-        (KJS::JSStaticScopeObject::~JSStaticScopeObject):
-        (KJS::JSStaticScopeObject::getOwnPropertySlot):
-        * kjs/JSStaticScopeObject.h: Added.
-        (KJS::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
-        (KJS::JSStaticScopeObject::JSStaticScopeObject):
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallResolveNode::emitCode):
-        (KJS::PostfixResolveNode::emitCode):
-        (KJS::PrefixResolveNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::AssignResolveNode::emitCode):
-        (KJS::FuncExprNode::makeFunction):
-
-2008-07-25  kevino  <kevino@theolliviers.com>
-
-        wx build fix for Win.
-        
-        On wx/Win, including windows.h in Threading.h causes multiply-defined symbol errors
-        for libjpeg and wx, and also wx needs to include windows.h itself first for wx
-        includes to work right. So until we can find a better solution to this problem,
-        on wx, we work around the need to include windows.h here.
-
-        * wtf/Threading.h:
-
-2008-07-25  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Add API/ to the
-        include path.
-
-2008-07-25  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the build of jsc on Qt/Windows, make sure os-win32 is in the
-        include search path (added by WebKit.pri).
-
-        * kjs/jsc.pro:
-
-2008-07-25  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Simon Hausmann.
-
-        Move JavaScriptCore API tests into a subdirectory of their own to avoid header name
-        conflicts and developer confusion.
-
-        * API/JSNode.c: Removed.
-        * API/JSNode.h: Removed.
-        * API/JSNodeList.c: Removed.
-        * API/JSNodeList.h: Removed.
-        * API/Node.c: Removed.
-        * API/Node.h: Removed.
-        * API/NodeList.c: Removed.
-        * API/NodeList.h: Removed.
-        * API/minidom.c: Removed.
-        * API/minidom.html: Removed.
-        * API/minidom.js: Removed.
-        * API/testapi.c: Removed.
-        * API/testapi.js: Removed.
-        * API/tests: Added.
-        * API/tests/JSNode.c: Copied from JavaScriptCore/API/JSNode.c.
-        * API/tests/JSNode.h: Copied from JavaScriptCore/API/JSNode.h.
-        * API/tests/JSNodeList.c: Copied from JavaScriptCore/API/JSNodeList.c.
-        * API/tests/JSNodeList.h: Copied from JavaScriptCore/API/JSNodeList.h.
-        * API/tests/Node.c: Copied from JavaScriptCore/API/Node.c.
-        * API/tests/Node.h: Copied from JavaScriptCore/API/Node.h.
-        * API/tests/NodeList.c: Copied from JavaScriptCore/API/NodeList.c.
-        * API/tests/NodeList.h: Copied from JavaScriptCore/API/NodeList.h.
-        * API/tests/minidom.c: Copied from JavaScriptCore/API/minidom.c.
-        * API/tests/minidom.html: Copied from JavaScriptCore/API/minidom.html.
-        * API/tests/minidom.js: Copied from JavaScriptCore/API/minidom.js.
-        * API/tests/testapi.c: Copied from JavaScriptCore/API/testapi.c.
-        * API/tests/testapi.js: Copied from JavaScriptCore/API/testapi.js.
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-07-25  Simon Hausmann  <hausmann@webkit.org>
-
-        Prospective WX build fix, add JavaScriptCore/API to the include search
-        path.
-
-        * jscore.bkl:
-
-2008-07-25  Simon Hausmann  <hausmann@webkit.org>
-
-        Rubber-stamped by Lars.
-
-        Fix the build on Windows. operator new for ArgList is implemented using fastMalloc()
-        but operator delete was not implemented. Unfortunately MSVC decides to call/reference
-        the function, so a simple implementation using fastFree() fixes the build.
-
-        * kjs/ArgList.h:
-        (KJS::ArgList::operator delete):
-
-2008-07-25  Simon Hausmann  <hausmann@webkit.org>
-
-        Discussed with and rubber-stamped by Lars.
-
-        Fix the build system for the Qt port.
-
-        Recent JavaScriptCore changes require the addition of JavaScriptCore/API to the
-        include search path. With a build process that combines JavaScriptCore and
-        WebCore in one build process/Makefile the existance of
-        JavaScriptCore/API/Node.h and WebCore/dom/Node.h causes include conflicts.
-
-        This commit solves this by introducing a separate build of JavaScriptCore into
-        a static library.
-
-        As a result of the split-up a race-condition due to broken dependencies of
-        regular source files to header files of generated sources showed up very
-        frequently when doing parallel builds (which the buildbot does). This commit at
-        the same time tries to address the dependency problem by making the
-        addExtraCompiler() function also generate a pseudo extra compiler that
-        represents the header file output, so that qmake is aware of the creation of
-        the header file for dependency calculation.
-
-        At the same time I removed a lot of cruft from the pro files to ease maintenance.
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro: Added.
-        * kjs/jsc.pro:
-
-2008-07-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed a strict aliasing violation, which caused hash tables with floating
-        point keys not to find items that were indeed in the tables
-        (intermittently, and only in release builds, of course).
-        
-        SunSpider reports no change.
-        
-        This bug doesn't seem to affect any existing code, but it causes obvious
-        crashes in some new code I'm working on.
-
-        * wtf/HashFunctions.h:
-        (WTF::FloatHash::hash): Use a union when punning between a float / double
-        and an unsigned (bucket of bits). With strict aliasing enabled, unions
-        are the only safe way to do this kind of type punning.
-
-        * wtf/HashTable.h: When rehashing, ASSERT that the item we just added to
-        the table is indeed in the table. In the buggy case described above, this
-        ASSERT fires.
-
-2008-07-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Bug 20142: REGRESSION(r35245): /=/ weirdness
-        <https://bugs.webkit.org/show_bug.cgi?id=20142>
-
-        When adding all the meta data needed for exception error messages
-        I accidentally clobbered the handling of regex beginning with /=.
-
-        * kjs/grammar.y:
-
-2008-07-23  Alp Toker  <alp@nuanti.com>
-
-        Build fix after r35293: Add API/ to the include path.
-
-        * GNUmakefile.am:
-
-2008-07-23  Adam Roben  <aroben@apple.com>
-
-        Windows build fixes
-
-        Build fix after r35293:
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add API/
-        to the include path.
-
-        Build fix after r35305:
-
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * VM/Opcode.cpp:
-        * VM/Opcode.h:
-        Completely compile out all sampler-related code when
-        SAMPLING_TOOL_ENABLED is 0. The sampler code can't be compiled 1) on
-        non-AllInOne configurations due to circular header dependencies, and
-        2) on platforms that don't have a usleep() function, such as Windows.
-
-2008-07-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen and Sam Weinig.
-
-        Improve switch performance.
-
-        Improve switch performance by converting to a hashmap based jump
-        table to avoid the sequence of dispatches that would otherwise be
-        needed.  This results in a 9-19x performance win for string switches
-        based on ad hoc testing, and a 6x improvement for integer switch
-        statements.  SunSpider reports a 1.2% progression.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        (KJS::SimpleJumpTable::offsetForValue):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::beginSwitch):
-        (KJS::prepareJumpTableForImmediateSwitch):
-        (KJS::prepareJumpTableForCharacterSwitch):
-        (KJS::prepareJumpTableForStringSwitch):
-        (KJS::CodeGenerator::endSwitch):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::offsetForStringSwitch):
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.cpp:
-        (KJS::):
-        * VM/Opcode.h:
-        * kjs/JSImmediate.h:
-        * kjs/nodes.cpp:
-        (KJS::):
-        (KJS::processClauseList):
-        (KJS::CaseBlockNode::tryOptimisedSwitch):
-        (KJS::CaseBlockNode::emitCodeForBlock):
-        * kjs/nodes.h:
-        (KJS::SwitchInfo::):
-
-2008-07-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Sampling tool to analyze cost of instruction execution and identify hot regions of JS code.
-        Enable Switches by setting SAMPLING_TOOL_ENABLED in Opcode.h.
-
-        * JavaScriptCore.exp: Export symbols for Shell.cpp.
-        * VM/Machine.cpp:     Added sampling hooks.
-        * VM/Machine.h:       Machine contains a pointer to a sampler, when sampling.
-        * VM/Opcode.cpp:      Tool implementation.
-        * VM/Opcode.h:        Tool declaration.
-        * kjs/Shell.cpp:      Initialize the sampler, if enabled.
-        * kjs/nodes.cpp:      Added sampling hooks.
-
-2008-07-23  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Bug 20097: [Qt] 20% Sunspider slow-down
-
-        <https://bugs.webkit.org/show_bug.cgi?id=20097>
-
-        Reviewed by Simon Hausmann.
-
-        * kjs/jsc.pro: Added missing NDEBUG define for release builds.
-
-2008-07-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        JSClassRef is created context-free, but gets infatuated with the first context it sees.
-
-        The implicit API contract is that JSClassRef can be used with any context on any thread.
-        This no longer worked, because UStrings in the class were turned into per-context
-        identifiers, and the cached JSObject prototype was tied to JSGlobalData, too.
-
-        * API/JSClassRef.h: Made a separate struct for context-dependent parts of OpaqueJSClass.
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass): Updated for renames and changed member variable order.
-        (OpaqueJSClass::~OpaqueJSClass): Assert that string members are not identifiers.
-        (clearReferenceToPrototype): Update for the new reference location.
-        (OpaqueJSClassContextData::OpaqueJSClassContextData): Make a deep copy of all strings.
-        (OpaqueJSClass::contextData): Added a function that finds the per-context part of
-        OpaqueJSClass in JSGlobalData, or creates it if not found.
-        (OpaqueJSClass::className): Always make a deep copy. Callers of this function do not have
-        a way to access JSGlobalData, so a per-context copy could not be made.
-        (OpaqueJSClass::staticValues): Updated for new data location.
-        (OpaqueJSClass::staticFunctions): Ditto.
-        (OpaqueJSClass::prototype): Changed to take an internal type for consistency.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        (KJS::JSGlobalData::~JSGlobalData):
-        * kjs/JSGlobalData.h:
-        Keep a HashMap to access per-context JSClass data given a pointr to the shared part.
-
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::className):
-        (KJS::::getOwnPropertySlot):
-        (KJS::::put):
-        (KJS::::deleteProperty):
-        (KJS::::getPropertyNames):
-        (KJS::::staticValueGetter):
-        (KJS::::staticFunctionGetter):j
-        Use function accessors instead of accessing OpaqueJSClass members directly.
-
-        * API/JSContextRef.cpp: (JSGlobalContextCreate): Updated for the change in
-        OpaqueJSClass::prototype() argument type.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMake): Updated for the change in OpaqueJSClass::prototype() argument type.
-        (JSObjectMakeConstructor): Ditto.
-
-2008-07-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        Build fix.
-
-        * kjs/ArgList.h: (KJS::ArgList::operator new): removed an extraneous "ArgList::" inside the
-        class definition.
-
-2008-07-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt and Sam Weinig.
-
-        Next step toward putting doubles in registers: Prepare the Register class
-        and its clients for registers that don't contain JSValue*s.
-        
-        This means a few things:
-        
-        1. Register::jsValue() clients, including ArgList clients, must now supply
-        an ExecState* when accessing an entry in an ArgList, in case the entry
-        will need to create a JSValue* on the fly.
-        
-        2. Register clients that definitely don't want to create a JSValue* on
-        the fly now use different APIs: getJSValue() for clients that know
-        the register contains a JSValue*, and v() for clients who just want a
-        void*.
-        
-        3. I had to change some headers around in order to resolve dependency
-        problems created by using a Register in the ArgList header.
-        
-        SunSpider reports no change.
-        
-2008-07-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Prevent integer overflow when reallocating storage vector for arrays.
-
-        Sunspider reports 1.005x as fast (no change expected).
-
-        * kjs/JSArray.cpp:
-
-2008-07-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/6091287> Revamp the handling of CFBundleShortVersionString to be fixed at the major component of the version number.
-
-        * Configurations/Version.xcconfig:
-        * Info.plist:
-
-2008-07-21  Adam Roben  <aroben@apple.com>
-
-        Add Vector::find
-
-        This is a convenience wrapper around std::find.
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/Vector.h:
-
-2008-07-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 20104: Exception in tables/mozilla_expected_failures/bugs/bug92868_1.html includes the equals operator in the quoted expression
-        <https://bugs.webkit.org/show_bug.cgi?id=20104>
-
-        To make this correct we make the dot and bracket assign nodes emit the information to indicate
-        the failure range is the dot/bracket accessor.
-
-        * kjs/grammar.y:
-
-2008-07-18  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (KJS::isStrWhiteSpace):
-
-2008-07-18  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * kjs/nodes.h:
-        (KJS::ThrowableExpressionData::ThrowableExpressionData):
-
-2008-07-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 18774: SQUIRRELFISH: print meaningful error messages <https://bugs.webkit.org/show_bug.cgi?id=18774>
-        <rdar://problem/5769353> SQUIRRELFISH: JavaScript error messages are missing informative text
-
-        Add support for decent error messages in JavaScript.  This patch achieves this by providing
-        ensuring the common errors and exceptions have messages that provide the text of expression
-        that trigger the exception.  In addition it attaches a number of properties to the exception
-        object detailing where in the source the expression came from.
-
-        * JavaScriptCore.exp:
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::lineNumberForVPC):
-        (KJS::CodeBlock::expressionRangeForVPC): 
-            Function to recover the expression range for an instruction
-            that triggered an exception.
-        * VM/CodeBlock.h:
-        (KJS::ExpressionRangeInfo::):
-        (KJS::CodeBlock::CodeBlock):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCall):
-        (KJS::CodeGenerator::emitCallEval):
-            Emit call needed to be modified so to place the expression range info internally,
-            as the CodeGenerator emits the arguments nodes itself, rather than the various call
-            nodes.
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::emitExpressionInfo):
-            Record the expression range info.
-        * VM/ExceptionHelpers.cpp:
-        (KJS::createErrorMessage):
-        (KJS::createInvalidParamError):
-        (KJS::createUndefinedVariableError):
-        (KJS::createNotAConstructorError):
-        (KJS::createNotAFunctionError):
-        (KJS::createNotAnObjectErrorStub):
-        (KJS::createNotAnObjectError):
-            Rewrite all the code for the error messages so that they make use of the newly available
-            information.
-        * VM/ExceptionHelpers.h:
-        * VM/Machine.cpp:
-        (KJS::isNotObject):  Now needs vPC and codeBlock
-        (KJS::Machine::throwException):
-            New logic to handle the NotAnObjectErrorStub and to handle the absurd "no default value" edge case
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * kjs/DebuggerCallFrame.cpp:
-        (KJS::DebuggerCallFrame::evaluate):
-        * kjs/Error.cpp:
-        (KJS::Error::create):
-        * kjs/Error.h:
-        * kjs/JSGlobalObjectFunctions.cpp:
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::toObject):
-        (KJS::JSImmediate::prototype):
-            My changes to the JSNotAnObject constructor needed to be handled here.
-        * kjs/JSNotAnObject.h:
-        (KJS::JSNotAnObjectErrorStub::JSNotAnObjectErrorStub):
-        (KJS::JSNotAnObjectErrorStub::isNull):
-        (KJS::JSNotAnObjectErrorStub::isNotAnObjectErrorStub):
-            Added a JSNotAnObjectErrorStub class to ease the handling of toObject failure exceptions,
-            and potentially allow even more detailed error messages in future.
-        * kjs/JSObject.h:
-        * kjs/Parser.h:
-        (KJS::Parser::parse):
-        * kjs/SourceRange.h:
-        * kjs/grammar.y:
-            Large amounts of position propagation.
-        * kjs/lexer.cpp:
-        (KJS::Lexer::Lexer):
-        (KJS::Lexer::shift):
-        (KJS::Lexer::lex):
-            The lexer needed a few changes to be able to correctly track token character positions.
-        * kjs/lexer.h:
-        * kjs/nodes.cpp:
-        (KJS::ThrowableExpressionData::emitThrowError):
-        (KJS::StatementNode::StatementNode):
-        (KJS::ResolveNode::emitCode):
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::DotAccessorNode::emitCode):
-        (KJS::NewExprNode::emitCode):
-        (KJS::EvalFunctionCallNode::emitCode):
-        (KJS::FunctionCallValueNode::emitCode):
-        (KJS::FunctionCallResolveNode::emitCode):
-        (KJS::FunctionCallBracketNode::emitCode):
-        (KJS::FunctionCallDotNode::emitCode):
-        (KJS::PostfixResolveNode::emitCode):
-        (KJS::PostfixBracketNode::emitCode):
-        (KJS::PostfixDotNode::emitCode):
-        (KJS::DeleteResolveNode::emitCode):
-        (KJS::DeleteBracketNode::emitCode):
-        (KJS::DeleteDotNode::emitCode):
-        (KJS::PrefixResolveNode::emitCode):
-        (KJS::PrefixBracketNode::emitCode):
-        (KJS::PrefixDotNode::emitCode):
-        (KJS::ThrowableBinaryOpNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::AssignResolveNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-        (KJS::ForInNode::ForInNode):
-        (KJS::ForInNode::emitCode):
-        (KJS::WithNode::emitCode):
-        (KJS::LabelNode::emitCode):
-        (KJS::ThrowNode::emitCode):
-        (KJS::ProgramNode::ProgramNode):
-        (KJS::ProgramNode::create):
-        (KJS::EvalNode::generateCode):
-        (KJS::FunctionBodyNode::create):
-        (KJS::FunctionBodyNode::generateCode):
-        (KJS::ProgramNode::generateCode):
-            All of these methods were handling the position information.  
-            Constructors and create methods were modified to store the information.
-            All the emitCall implementations listed needed to be updated to actually
-            record the position information we have so carefully collected.
-        * kjs/nodes.h:
-        (KJS::ThrowableExpressionData::ThrowableExpressionData):
-        (KJS::ThrowableExpressionData::setExceptionSourceRange):
-        (KJS::ThrowableExpressionData::divot):
-        (KJS::ThrowableExpressionData::startOffset):
-        (KJS::ThrowableExpressionData::endOffset):
-        (KJS::ThrowableSubExpressionData::ThrowableSubExpressionData):
-        (KJS::ThrowableSubExpressionData::setSubexpressionInfo):
-        (KJS::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
-        (KJS::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
-            ThrowableExpressionData is just a uniform mechanism for storing the position
-            information.
-        (KJS::ResolveNode::):
-        (KJS::PrePostResolveNode::):
-        (KJS::ThrowableBinaryOpNode::):
-        (KJS::WithNode::):
-
-2008-07-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Three renames:
-        
-        "CallTypeNative" => "CallTypeHost"
-        "code" => "byteCode"
-        "generatedCode" => "generatedByteCode"
-
-2008-07-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Optimized <= for immediate number cases.
-        
-        SunSpider reports no overall change, but a 10% speedup on access-nsieve.
-
-2008-07-18  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Fix some casts added in a previous build fix to match the style used
-        throughout WebKit.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::initializeCallFrame):
-        * VM/Register.h:
-        (KJS::Register::Register):
-
-2008-07-18  Landry Breuil  <landry@openbsd.org>
-
-        Bug 19975: [OpenBSD] Patches to enable build of WebKit
-
-        <https://bugs.webkit.org/show_bug.cgi?id=19975>
-
-        Reviewed by David Kilzer.
-
-        Support for OpenBSD, mostly threading and libm tweaks.
-
-        * kjs/collector.cpp: #include <pthread.h>
-        (KJS::currentThreadStackBase): use pthread_stackseg_np() to get stack base
-        * kjs/config.h: OpenBSD also provides <pthread_np.h>
-        * wtf/MathExtras.h: #include <sys/types.h> and <machine/ieee.h>
-        (isfinite), (signbit): as long as we don't have those functions provide fallback implementations
-        * wtf/Platform.h: Add support for PLATFORM(OPENBSD) and PLATFORM(SPARC64) macro
-
-2008-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Next step toward putting doubles in registers: Store constant pool
-        entries as registers, not JSValue*s.
-        
-        SunSpider reports no change.
-
-2008-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John Sullivan and Oliver Hunt.
-        
-        A tiny bit of tidying in function call register allocation.
-        
-        This patch saves one register when invoking a function expression and/or
-        a new expression that is stored in a temporary.
-        
-        Since it's just one register, I can't make a testcase for it.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCall): No need to ref the function we're calling
-        or its base. We'd like the call frame to overlap with them, if possible.
-        op_call will read the function and its base before writing the call frame,
-        so this is safe.
-
-        * kjs/nodes.cpp:
-        (KJS::NewExprNode::emitCode): No need to ref the function we're new-ing,
-        for the same reasons stated above.
-        
-        (KJS::FunctionCallValueNode::emitCode): ditto
-
-2008-07-17  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-        
-        * kjs/InternalFunction.cpp:
-
-2008-07-17  Sam Weinig  <sam@webkit.org>
-
-        Roll out r35199 as it is causing failures on the PPC build.
-
-2008-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by David Kilzer.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=20067
-        Support function.name (Firefox extension)
-        
-        Pretty straight-forward.
-
-2008-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed <rdar://problem/6081636> Functions calls use more temporary
-        registers than necessary
-        
-        Holding a reference to the last statement result register caused each
-        successive statement to output its result to an even higher register.
-        
-        Happily, statements don't actually need to return a result register
-        at all. I hope to make this clearer in a future cleanup patch,
-        but this change will fix the major bug for now.
-
-        * kjs/nodes.cpp:
-        (KJS::statementListEmitCode):
-
-2008-07-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Merge pre&post dot nodes to simplify the parse tree.
-        Sunspider results show 0.6% progression (no performance change expected).
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-
-2008-07-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Merge pre&post resolve nodes to simplify the parse tree.
-        Sunspider results show no performance change.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-
-2008-07-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Merge logical nodes to simplify the parse tree.
-        Sunspider results show 0.6% progression (no performance change expected).
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-
-2008-07-17  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix MinGW build (broken in r35198) and simplify getLocalTime().
-
-        * kjs/DateMath.cpp:
-        (KJS::getLocalTime):
-
-2008-07-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Merge pre&post bracket nodes to simplify the parse tree.
-        Sunspider results show no performance change.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-
-2008-07-17  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix the 32-bit gcc builds, conversion from "long int" to Register is
-        ambiguous. Explicitly choose the intptr_t constructor.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::initializeCallFrame):
-        * VM/Register.h:
-        (KJS::Register::Register):
-
-2008-07-16  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Geoff Garen.
-
-        Fix JavaScript in 64-bit by using a pointer-sized integer
-        type in the Register union.  Also includes a rename of
-        the intType constant to IntType.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::initializeCallFrame):
-        * VM/Register.h:
-        (KJS::Register::):
-        (KJS::Register::Register):
-
-2008-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        First step toward putting doubles in registers: Turned Register into a
-        proper abstraction layer. It is no longer possible to cast a Register
-        to a JSValue*, or a Register& to a JSValue*&, or to access the union
-        inside a Register directly.
-        
-        SunSpider reports no change.
-        
-        In support of this change, I had to make the following mechanical changes
-        in a lot of places:
-        
-        1. Clients now use explicit accessors to read data out of Registers, and
-        implicit copy constructors to write data into registers.
-        
-        So, assignment that used to look like
-        
-            x.u.jsValue = y;
-        
-        now looks like
-        
-            x = y;
-            
-        And access that used to look like
-        
-            x = y.u.jsValue;
-        
-        now looks like
-        
-            x = y.jsValue();
-
-        2. I made generic flow control specific in opcodes that made their flow
-        control generic by treating a Register& as a JSValue*&. This had the
-        added benefit of removing some exception checking branches from immediate
-        number code.
-
-        3. I beefed up PropertySlot to support storing a Register* in a property
-        slot. For now, only JSVariableObject's symbolTableGet and symbolTablePut
-        use this functionality, but I expect more clients to use it in the future.
-        
-        4. I changed ArgList to be a buffer of Registers, not JSValue*'s, and I
-        changed ArgList iterator clients to iterate Registers, not JSValue*'s.
-
-2008-07-16  Ada Chan  <adachan@apple.com>
-
-        Fixed build.
-
-        * kjs/JSGlobalObject.cpp:
-
-2008-07-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam and Geoff.
-
-        <rdar://problem/5958840> Navigating to another page while profiler is
-        attached results in slow JavaScript for all time.
-
-        - The UNLIKELY keeps this from being a sunspider performance regression.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject): Stop the profiler associated
-        with this exec state.
-
-2008-07-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Steve Falkenburg.
-
-        Replace adopting UString constructor in favor of explicit
-        static adopt method.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-        * kjs/StringConstructor.cpp:
-        (KJS::stringFromCharCode):
-        * kjs/StringPrototype.cpp:
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        * kjs/ustring.cpp:
-        (KJS::UString::adopt):
-        * kjs/ustring.h:
-        (KJS::UString::UString):
-        (KJS::UString::~UString):
-
-2008-07-16  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        http://trolltech.com/developer/task-tracker/index_html?method=entry&id=216179
-        Fix potential crash (on Qt for Windows port) when performing JavaScript date
-        conversion.
-
-        * kjs/DateMath.cpp:
-        (KJS::getLocalTime): For the Qt port, prefer to use Windows code, i.e.
-        localtime_s() instead of localtime() since the latter might crash (on Windows)
-        given a non-sensible, e.g. NaN, argument.
-
-2008-07-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Anders and Geoff.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20023
-        Failed assertion in PropertyNameArray.cpp
-
-        This is already tested by testapi.
-
-        * API/JSObjectRef.cpp: (JSPropertyNameAccumulatorAddName): Add the string to identifier
-        table to appease PropertyNameArray.
-
-2008-07-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        Dereference identifiers when deleting a hash table (fixes leaks with private JSGlobalData
-        objects).
-
-        * kjs/JSGlobalData.cpp: (KJS::JSGlobalData::~JSGlobalData):
-        * kjs/lookup.cpp: (KJS::HashTable::deleteTable):
-        * kjs/lookup.h:
-        * kjs/lexer.cpp: (KJS::Lexer::~Lexer)
-        HashTable cannot have a destructor, because check-for-global-initializers complains about
-        having a global constructor then.
-
-2008-07-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        Check pthread_key_create return value.
-
-        This check was helpful when debugging a crash in run-webkit-tests --threaded that happened
-        because JSGlobalData objects were not deleted, and we were running out of pthread keys soon.
-        It also looks useful for production builds.
-
-        * wtf/ThreadSpecific.h: (WTF::::ThreadSpecific):
-
-2008-07-15  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        Rename pageGroupIdentifier to profileGroup to keep mention of a
-        pageGroup out of JavaScriptCore.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::init):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::setProfileGroup):
-        (KJS::JSGlobalObject::profileGroup):
-        * profiler/ProfileGenerator.cpp:
-        (KJS::ProfileGenerator::create):
-        (KJS::ProfileGenerator::ProfileGenerator):
-        * profiler/ProfileGenerator.h:
-        (KJS::ProfileGenerator::profileGroup):
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::startProfiling):
-        (KJS::dispatchFunctionToProfiles):
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-
-2008-07-14  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix https://bugs.webkit.org/show_bug.cgi?id=20037
-        Bug 20037: GCC 4.2 build broken due to strict aliasing violation.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::computeHash): Add a version of computeHash that takes a char* and explicit length.
-        * kjs/ustring.h:
-        * profiler/CallIdentifier.h:
-        (WTF::): Use new version of computeHash that takes a char* and explicit length to avoid unsafe aliasing.
-
-2008-07-14  David Hyatt  <hyatt@apple.com>
-
-        Fix a crashing bug in ListHashSet's -- operator.  Make sure that end() can be -- by special-casing the null
-        position.
-
-        Reviewed by Maciej
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetConstIterator::operator--):
-
-2008-07-14  David Hyatt  <hyatt@apple.com>
-
-        Buidl fix.  Make sure the second insertBefore method returns a value.
-
-        * wtf/ListHashSet.h:
-        (WTF::::insertBefore):
-
-2008-07-14  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Added include/pthreads to the
-        include path.
-
-2008-07-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Kevin McCullough.
-
-        Make JSGlobalData refcounted in preparation to adding a way to create contexts that share
-        global data.
-
-        * JavaScriptCore.exp:
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::create):
-        * kjs/JSGlobalData.h:
-        Made contructor private, and added a static create() method. Made the class inherit from
-        RefCounted.
-
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::globalData):
-        JSGlobalData is now owned by JSGlobalObject (except for the shared one, and the common
-        WebCore one, which are never deleted).
-
-        * kjs/Shell.cpp: (main): Create JSGlobalData with create() method.
-
-2008-07-14  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the single-threaded build.
-
-        * kjs/JSLock.cpp: Removed undeclared registerThread() function.
-        * kjs/collector.cpp:
-        (KJS::Heap::registerThread): Added dummy implementation.
-
-2008-07-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Eliminate per-thread JavaScript global data instance support and make arbitrary
-        global data/global object combinations possible.
-
-        * kjs/collector.cpp:
-        (KJS::Heap::Heap): Store a JSGlobalData pointer instead of multiple pointers to its members.
-        This allows for going from any JS object to its associated global data, currently used in
-        JSGlobalObject constructor to initialize its JSGlobalData pointer.
-        (KJS::Heap::registerThread): Changed thread registration data to be per-heap. Previously,
-        only the shared heap could be used from multiple threads, so it was the only one that needed
-        thread registration, but now this can happen to any heap.
-        (KJS::Heap::unregisterThread): Ditto.
-        (KJS::Heap::markStackObjectsConservatively): Adapt for the above changes.
-        (KJS::Heap::setGCProtectNeedsLocking): Ditto.
-        (KJS::Heap::protect): Ditto.
-        (KJS::Heap::unprotect): Ditto.
-        (KJS::Heap::collect): Ditto.
-        (KJS::Heap::globalObjectCount): Use global object list associated with the current heap,
-        not the late per-thread one.
-        (KJS::Heap::protectedGlobalObjectCount): Ditto.
-
-        * kjs/collector.h:
-        (KJS::Heap::ThreadRegistrar): Added a helper object that unregisters a thread when it is
-        destroyed.
-
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::JSLock):
-        * kjs/JSLock.h:
-        (KJS::JSLock::JSLock):
-        Don't use JSLock to implicitly register threads. I've added registerThread() calls to most
-        places that use JSLock - we cannot guarantee absolute safety unless we always mark all
-        threads in the process, but these implicit registration calls should cover reasonable usage
-        scenarios, I hope.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript): Explicitly register the current thread.
-        (JSCheckScriptSyntax): Explicitly register the current thread.
-        (JSGarbageCollect): Changed to use the passed in context. Unfortunately, this creates a race
-        condition for clients that pass an already released context to JSGarbageCollect - but it is
-        unlikely to create real life problems.
-        To maintain compatibility, the shared heap is collected if NULL is passed.
-
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Use a new syntax for JSGlobalObject allocation.
-        (JSGlobalContextRetain): Register the thread.
-        (JSContextGetGlobalObject): Register the thread.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        (JSObjectCopyPropertyNames):
-        (JSPropertyNameAccumulatorAddName):
-        * API/JSValueRef.cpp:
-        (JSValueIsEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        Register the thread.
-
-        * API/JSStringRef.cpp: (JSStringRelease): Changed a comment to not mention per-thread contexts.
-
-        * API/JSStringRefCF.cpp: Removed an unnecessary include of JSLock.h.
-
-        * JavaScriptCore.exp: Export JSGlobalData constructor/destructor, now that anyone can have
-        their own instances. Adapt to other changes, too.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Made ThreadSpecific.h private, as it is now
-        included by collector.h and is thus needed in other projects.
-
-        * kjs/InitializeThreading.cpp: (KJS::initializeThreadingOnce): Don't initialize per-thread
-        global data, as it no longer exists.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        (KJS::JSGlobalData::~JSGlobalData):
-        * kjs/JSGlobalData.h:
-        Removed support for per-thread instance. Made constructor and destructor public.
-
-        * kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::init): Get to now arbitrary  JSGlobalData
-        via the heap.
-        (KJS::JSGlobalObject::operator new): Changed ot take JSGlobalDatra pointer.
-        * kjs/JSGlobalObject.h:
-
-        * kjs/Shell.cpp:
-        (main):
-        (jscmain):
-        Changed to maintain a custom JSGlobalData pointer instead of a per-thread one.
-
-2008-07-13  Ada Chan  <adachan@apple.com>
-
-        Windows build fix: Add wtf/RefCountedLeakCounter to the project.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2008-07-12  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk, Qt and Wx build fix: Add wtf/RefCountedLeakCounter in the
-        build scripts
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCoreSources.bkl:
-
-2008-07-11  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Darin Adler and Oliver Hunt.
-
-        Refactor RefCounting Leak counting code into a common class.
-
-        In order to export the symbols I needed to put the debug defines inside the function names
-        
-        Before we had a separate channel for each Logging each Leak type.  Since the leak channels were only used in one location, and only at quit for simplicity I combined them all into one leak channel.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj: add new class
-        * kjs/nodes.cpp: remove old leak counting code
-        * wtf/RefCountedLeakCounter.cpp: Added. create a common leak counting class
-        * wtf/RefCountedLeakCounter.h: Added.
-
-2008-07-11  David Hyatt  <hyatt@apple.com>
-
-        Add an insertBefore method to ListHashSet to allow for insertions in the middle of the list (rather than just
-        at the end).
-
-        Reviewed by Anders
-
-        * wtf/ListHashSet.h:
-        (WTF::::insertBefore):
-        (WTF::::insertNodeBefore):
-
-2008-07-11  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Move call function to CallData.cpp and construct to ConstructData.cpp.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/CallData.cpp: Copied from kjs/JSValue.cpp.
-        * kjs/ConstructData.cpp: Copied from kjs/JSValue.cpp.
-        * kjs/JSValue.cpp:
-
-2008-07-10  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Define WEBKIT_VERSION_MIN_REQUIRED=WEBKIT_VERSION_LATEST when building WebKit to ensure that no symbols end up with the weak_import attribute.
-
-        * Configurations/Base.xcconfig:
-
-2008-07-10  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix the Tiger build by omitting annotations from methods declared in categories when using old versions of GCC.
-
-        * API/WebKitAvailability.h:
-
-2008-07-10  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        -Minor cleanup. Renamed callTree() to head() and no longer use m_head
-        directly but instead keep it private and access via a method().
-
-        * profiler/HeavyProfile.cpp:
-        (KJS::HeavyProfile::HeavyProfile):
-        (KJS::HeavyProfile::generateHeavyStructure):
-        (KJS::HeavyProfile::addNode):
-        * profiler/Profile.h:
-        (KJS::Profile::head):
-        * profiler/ProfileGenerator.cpp:
-        (KJS::ProfileGenerator::ProfileGenerator):
-
-2008-07-10  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Eliminate CollectorHeapIntrospector.
-
-        CollectorHeapIntrospector was added primarily in the hopes to improve leaks tool output,
-        a result that it didn't deliver. Also, it helped by labeling JSC heap regions as reported by
-        vmmap tool, but at the same time, it made them mislabeled as malloc'd ones - the correct
-        way to label mapped regions is to use a VM tag.
-
-        So, it makes more sense to remove it completely than to make it work with multiple heaps.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp:
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreading):
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/CollectorHeapIntrospector.cpp: Removed.
-        * kjs/CollectorHeapIntrospector.h: Removed.
-
-2008-07-09  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5951532> JSProfiler: Implement heavy (or bottom-up)
-        view (19228)
-        - Implemented the time and call count portionof heavy.  Now all that we
-        need is some UI.
-
-        * profiler/CallIdentifier.h: Removed an unused constructor.
-        * profiler/HeavyProfile.cpp: 
-        (KJS::HeavyProfile::HeavyProfile): Set the initial time of the head
-        node so that percentages work correctly.
-        (KJS::HeavyProfile::mergeProfiles): Sum the times and call count of
-        nodes being merged.
-        * profiler/ProfileNode.cpp: Set the intital values of time and call
-        count when copying ProfileNodes.
-        (KJS::ProfileNode::ProfileNode):
-
-2008-07-10  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk build fix.
-
-        * GNUmakefile.am: Add HeavyProfile.cpp
-
-2008-07-09  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Don't warn about deprecated functions in production builds.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-
-2008-07-09  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pri: Fix Qt build by adding HeavyProfile.cpp.
-
-2008-07-09  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx biuld fix. Add HeavyProfile.cpp to build files.
-
-        * JavaScriptCoreSources.bkl:
-
-2008-07-09  Kevin McCullough  <kmccullough@apple.com>
-
-        - Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-07-09  Kevin McCullough  <kmccullough@apple.com>
-
-        - Build fix.
-
-        * profiler/HeavyProfile.cpp:
-        (KJS::HeavyProfile::mergeProfiles):
-
-2008-07-09  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff and Adam.
-
-        <rdar://problem/5951532> JSProfiler: Implement Bottom-Up view (19228)
-        - This is the plumbing for bottom-up, but does not include calculating
-        time, mostly because I'm still undclear about what the end result should
-        look like.
-        - This, obviously, does not include the UI to expose this in the
-        inspector yet.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * profiler/CallIdentifier.h:
-        (KJS::CallIdentifier::CallIdentifier):
-        (WTF::): Added HashTraits for CallIdentifiers to be used by a HashMap.
-        * profiler/HeavyProfile.cpp: Added.
-        (KJS::HeavyProfile::HeavyProfile):
-        (KJS::HeavyProfile::generateHeavyStructure):
-        (KJS::HeavyProfile::addNode):
-        (KJS::HeavyProfile::mergeProfiles):
-        (KJS::HeavyProfile::addAncestorsAsChildren):
-        * profiler/HeavyProfile.h: Added.
-        (KJS::HeavyProfile::create):
-        (KJS::HeavyProfile::heavyProfile):
-        (KJS::HeavyProfile::treeProfile):
-        * profiler/Profile.cpp: Removed old commented out includes.
-        * profiler/Profile.h: The m_head is needed by the HeavyProfile so it
-        is now protected as opposed to private.
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::ProfileNode): Created a constructor to copy
-        ProfileNodes.
-        (KJS::ProfileNode::findChild): Added a null check to make HeavyProfile
-        children finding easier and avoid a potential crasher.
-        * profiler/ProfileNode.h: Mostly moved things around but also added some
-        functionality needed by HeavyProfile.
-        (KJS::ProfileNode::create):
-        (KJS::ProfileNode::functionName):
-        (KJS::ProfileNode::url):
-        (KJS::ProfileNode::lineNumber):
-        (KJS::ProfileNode::head):
-        (KJS::ProfileNode::setHead):
-        (KJS::ProfileNode::setNextSibling):
-        (KJS::ProfileNode::actualTotalTime):
-        (KJS::ProfileNode::actualSelfTime):
-        * profiler/TreeProfile.cpp: Implemented the ability to get a
-        HeavyProfile.
-        (KJS::TreeProfile::heavyProfile):
-        * profiler/TreeProfile.h:
-
-2008-07-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Added support for checking if an object has custom properties in its
-        property map. WebCore uses this to optimize marking DOM wrappers.
-
-2008-07-08  Simon Hausmann  <hausmann@webkit.org>
-
-        Prospective Gtk/Wx build fixes, add ProfileGenerator.cpp to the build.
-
-        * GNUmakefile.am:
-        * JavaScriptCoreSources.bkl:
-
-2008-07-08  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the Qt build, add ProfileGenerator.cpp to the build.
-
-        * JavaScriptCore.pri:
-
-2008-07-07  David Kilzer  <ddkilzer@apple.com>
-
-        releaseFastMallocFreeMemory() should always be defined
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.exp: Changed to export C++ binding for
-        WTF::releaseFastMallocFreeMemory() instead of C binding for
-        releaseFastMallocFreeMemory().
-        * wtf/FastMalloc.cpp: Moved definitions of
-        releaseFastMallocFreeMemory() to be in the WTF namespace
-        regardless whether FORCE_SYSTEM_MALLOC is defined.
-        * wtf/FastMalloc.h: Moved releaseFastMallocFreeMemory() from
-        extern "C" binding to WTF::releaseFastMallocFreeMemory().
-
-2008-07-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoff.
-
-        Bug 19926: URL causes crash within a minute
-        <https://bugs.webkit.org/show_bug.cgi?id=19926>
-
-        Add a check that lastGlobalObject is non-null in Machine::execute()
-        before copying its globals to the current register file.
-
-        In theory, it is possible to make a test case for this, but it will
-        take a while to get it right.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-
-2008-07-07  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Adele.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Fix a typo in a comment.
-
-2008-07-07  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fixes.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-2008-07-07  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        When the profiler is running it gathers information and creates a
-        Profile.  After it finishes the Profile can be sorted and have other
-        data refinements run over it.  Both of these were done in the same class
-        before.  Now I split the gathering operations into a new class called
-        ProfileGenerator.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * profiler/Profile.cpp: Removed code related to the gather stage of a
-        Profile's creation.  
-        (KJS::Profile::create):
-        (KJS::Profile::Profile):
-        * profiler/Profile.h: Ditto.
-        (KJS::Profile::title):
-        (KJS::Profile::callTree):
-        (KJS::Profile::setHead):
-        * profiler/ProfileGenerator.cpp: Added. This is the class that will
-        handle the stage of creating a Profile.  Once the Profile is finished
-        being created, this class goes away.
-        (KJS::ProfileGenerator::create):
-        (KJS::ProfileGenerator::ProfileGenerator):
-        (KJS::ProfileGenerator::title):
-        (KJS::ProfileGenerator::willExecute):
-        (KJS::ProfileGenerator::didExecute):
-        (KJS::ProfileGenerator::stopProfiling):
-        (KJS::ProfileGenerator::didFinishAllExecution):
-        (KJS::ProfileGenerator::removeProfileStart):
-        (KJS::ProfileGenerator::removeProfileEnd):
-        * profiler/ProfileGenerator.h: Added.
-        (KJS::ProfileGenerator::profile):
-        (KJS::ProfileGenerator::originatingGlobalExec):
-        (KJS::ProfileGenerator::pageGroupIdentifier):
-        (KJS::ProfileGenerator::client):
-        (KJS::ProfileGenerator::stoppedProfiling):
-        * profiler/Profiler.cpp: Now operates with the ProfileGenerator instead
-        of the Profile.
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::stopProfiling):
-        (KJS::Profiler::didFinishAllExecution): It is here that the Profile is
-        handed off to its client and the Profile Generator is no longer needed.
-        (KJS::dispatchFunctionToProfiles):
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-        * profiler/Profiler.h: Cleaned up the includes and subsequently the
-        forward declarations.  Also use the new ProfileGenerator.
-        (KJS::ProfilerClient::~ProfilerClient):
-        (KJS::Profiler::currentProfiles):
-        * profiler/TreeProfile.cpp: Use Profile's new interface.
-        (KJS::TreeProfile::create):
-        (KJS::TreeProfile::TreeProfile):
-        * profiler/TreeProfile.h:
-
-2008-07-07  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Third step in broad cleanup effort.
-
-        [ File list elided ]
-
-2008-07-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Second step in broad cleanup effort.
-
-        [ File list elided ]
-
-2008-07-05  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        First step in broad cleanup effort.
-
-        [ File list elided ]
-
-2008-07-05  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Cameron Zwarich.
-
-        Rename list.h/cpp to ArgList.h/cpp.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Machine.h:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ArgList.cpp: Copied from JavaScriptCore/kjs/list.cpp.
-        * kjs/ArgList.h: Copied from JavaScriptCore/kjs/list.h.
-        * kjs/IndexToNameMap.cpp:
-        * kjs/JSGlobalData.cpp:
-        * kjs/JSGlobalData.h:
-        * kjs/JSObject.h:
-        * kjs/collector.cpp:
-        * kjs/list.cpp: Removed.
-        * kjs/list.h: Removed.
-
-2008-07-05  Sam Weinig  <sam@webkit.org>
-
-        Fix non-AllInOne builds again.
-
-        * kjs/BooleanPrototype.cpp:
-        * kjs/ErrorPrototype.cpp:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/NumberPrototype.cpp:
-        * kjs/ObjectPrototype.cpp:
-
-2008-07-05  Sam Weinig  <sam@webkit.org>
-
-        Fix build on case-sensitive build systems.
-
-        * kjs/IndexToNameMap.cpp:
-
-2008-07-05  Sam Weinig  <sam@webkit.org>
-
-        Fix build.
-
-        * kjs/Arguments.cpp:
-        * kjs/BooleanPrototype.cpp:
-        * kjs/DateConstructor.cpp:
-        * kjs/ErrorPrototype.cpp:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/NumberPrototype.cpp:
-        * kjs/ObjectPrototype.cpp:
-        * kjs/RegExpPrototype.cpp:
-        * kjs/StringConstructor.cpp:
-        * kjs/lookup.cpp:
-
-2008-07-05  Sam Weinig  <sam@webkit.org>
-
-        Fix non-AllInOne build.
-
-        * kjs/JSGlobalObject.cpp:
-
-2008-07-05  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Cameron Zwarich.
-
-        Split Arguments, IndexToNameMap, PrototypeFunction, GlobalEvalFunction and 
-        the functions on the global object out of JSFunction.h/cpp.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Machine.cpp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/Arguments.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
-        * kjs/Arguments.h: Copied from JavaScriptCore/kjs/JSFunction.h.
-        * kjs/GlobalEvalFunction.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
-        * kjs/GlobalEvalFunction.h: Copied from JavaScriptCore/kjs/JSFunction.h.
-        * kjs/IndexToNameMap.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
-        * kjs/IndexToNameMap.h: Copied from JavaScriptCore/kjs/JSFunction.h.
-        * kjs/JSActivation.cpp:
-        * kjs/JSFunction.cpp:
-        * kjs/JSFunction.h:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObjectFunctions.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
-        * kjs/JSGlobalObjectFunctions.h: Copied from JavaScriptCore/kjs/JSFunction.h.
-        The functions on the global object should be in JSGlobalObject.cpp, but putting them there
-        was a 0.5% regression.
-
-        * kjs/PrototypeFunction.cpp: Copied from JavaScriptCore/kjs/JSFunction.cpp.
-        * kjs/PrototypeFunction.h: Copied from JavaScriptCore/kjs/JSFunction.h.
-        * kjs/Shell.cpp:
-        * kjs/lexer.cpp:
-        * kjs/ustring.cpp:
-
-2008-07-04  Sam Weinig  <sam@webkit.org>
-
-        Really fix the mac build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-07-04  Sam Weinig  <sam@webkit.org>
-
-        Fix mac build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-07-04  Sam Weinig  <sam@webkit.org>
-
-        Fix non-AllInOne builds.
-
-        * kjs/Error.cpp:
-        * kjs/GetterSetter.cpp:
-        * kjs/JSImmediate.cpp:
-        * kjs/operations.cpp:
-
-2008-07-04  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Dan Bernstein.
-
-        Split Error and GetterSetter out of JSObject.h.
-
-        * API/JSCallbackObjectFunctions.h:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ClassInfo.h: Copied from JavaScriptCore/kjs/JSObject.h.
-        * kjs/Error.cpp: Copied from JavaScriptCore/kjs/JSObject.cpp.
-        * kjs/Error.h: Copied from JavaScriptCore/kjs/JSObject.h.
-        * kjs/GetterSetter.cpp:
-        * kjs/GetterSetter.h: Copied from JavaScriptCore/kjs/JSObject.h.
-        * kjs/JSObject.cpp:
-        * kjs/JSObject.h:
-        * kjs/nodes.h:
-
-2008-07-04  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the Wx build, added TreeProfile.cpp to the build.
-
-        * JavaScriptCoreSources.bkl:
-
-2008-07-03  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix output path of recently-added script phase to reference the correct file.
-        This prevents Xcode from running the script phase unnecessarily, which caused
-        the generated header to be recreated and lead to AllInOneFile.cpp rebuilding.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-07-03  Mark Rowe  <mrowe@apple.com>
-
-        Follow-up to the 64-bit build fix.  Use intptr_t rather than ssize_t as
-        the latter is non-standard and does not exist on Windows.
-
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::lockCount):
-        (KJS::JSLock::lock):
-        (KJS::JSLock::unlock):
-        (KJS::JSLock::DropAllLocks::DropAllLocks):
-        * kjs/JSLock.h:
-
-2008-07-02  Mark Rowe  <mrowe@apple.com>
-
-        Fix the 64-bit build.  pthread_getspecific works with pointer-sized values,
-        so use ssize_t rather than int to track the lock count to avoid warnings about
-        truncating the result of pthread_getspecific.
-
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::lockCount):
-        (KJS::JSLock::lock):
-        (KJS::JSLock::unlock):
-        (KJS::JSLock::DropAllLocks::DropAllLocks):
-        * kjs/JSLock.h:
-
-2008-07-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Removed checking for the array get/put fast case from the array code.
-        Callers who want the fast case should call getIndex and/or setIndex
-        instead. (get_by_val and put_by_val already do this.)
-        
-        SunSpider reports no change overall, but a 1.4% speedup on fannkuch and
-        a 3.6% speedup on nsieve.
-
-2008-07-03  Dan Bernstein  <mitz@apple.com>
-
-        - Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added TreeProfile.{h,cpp}.
-
-2008-07-03  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        - Windows build fix
-
-        * VM/Machine.cpp:
-        (KJS::Machine::Machine):
-
-2008-07-03  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fix the non-threaded build.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::threadInstanceInternal):
-
-2008-07-03  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the Qt build, added TreeProfile to the build.
-
-        * JavaScriptCore.pri:
-
-2008-07-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        Don't create unnecessary JSGlobalData instances.
-
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::threadInstanceExists):
-        (KJS::JSGlobalData::sharedInstanceExists):
-        (KJS::JSGlobalData::threadInstance):
-        (KJS::JSGlobalData::sharedInstance):
-        (KJS::JSGlobalData::threadInstanceInternal):
-        (KJS::JSGlobalData::sharedInstanceInternal):
-        Added methods to query instance existence.
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreadingOnce):
-        Initialize thread instance static in a new way.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * kjs/collector.cpp:
-        (KJS::Heap::collect):
-        Check for instance existence before accessing it.
-
-2008-07-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=19862
-        REGRESSION (r34907): Gmail crashes in JavaScriptCore code while editing drafts
-        
-        I was never able to reproduce this issue, but Cameron could, and he says
-        that this patch fixes it.
-        
-        The crash seems tied to a timer or event handler callback. In such a case,
-        the sole reference to the global object may be in the current call frame,
-        so we can't depend on the global object to mark the call frame area in
-        the register file.
-        
-        The new GC marking rule is: the global object is not responsible for
-        marking the whole register file -- it's just responsible for the globals
-        section it's tied to. The heap is responsible for marking the call frame area.
-
-2008-07-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add the ability to trace JavaScriptCore garabge collections using dtrace.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Generate the dtrace probe header
-        file when building on a new enough version of Mac OS X.
-        * JavaScriptCorePrefix.h: Add our standard Mac OS X version detection macros.
-        * kjs/Tracing.d: Declare three dtrace probes.
-        * kjs/Tracing.h: Include the generated dtrace macros if dtrace is available,
-        otherwise provide versions that do nothing.
-        * kjs/collector.cpp:
-        (KJS::Heap::collect): Fire dtrace probes when starting a collection, after the
-        mark phase has completed, and when the collection is complete.
-        * wtf/Platform.h: Define HAVE_DTRACE when building on a new enough version of Mac OS X.
-
-2008-07-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-        
-        Reduced the max register file size from 8MB to 2MB.
-
-        We still allow about 20,000 levels of recursion.
-
-2008-07-02  Alp Toker  <alp@nuanti.com>
-
-        Build fix for r34960. Add TreeProfile.cpp to build.
-
-        * GNUmakefile.am:
-
-2008-07-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Optimized a[n] get for cases when a is an array or a string. When a is
-        an array, we optimize both get and put. When a is a string, we only
-        optimize get, since you can't put to a string.
-        
-        SunSpider says 3.4% faster.
-
-2008-07-02  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        -Small cleanup in preparation for implementing Bottom-up.
-
-        * profiler/CallIdentifier.h: Rename debug function to make it clear of
-        its output and intention to be debug only.
-        (KJS::CallIdentifier::operator const char* ): Implement in terms of
-        c_str.
-        (KJS::CallIdentifier::c_str):
-        * profiler/ProfileNode.cpp: Impelment findChild() which will be needed
-        by the bottom-up implementation.
-        (KJS::ProfileNode::findChild):
-        * profiler/ProfileNode.h: Added comments to make the collections of
-        functions more clear.
-        (KJS::ProfileNode::operator==):
-        (KJS::ProfileNode::c_str):
-
-2008-07-02  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Bug 19776: Number.toExponential() is incorrect for numbers between 0.1 and 1
-        <https://bugs.webkit.org/show_bug.cgi?id=19776>
-
-        Perform the sign check for the exponent on the actual exponent value,
-        which is 1 less than the value of decimalPoint, instead of on the value
-        of decimalPoint itself.
-
-        * kjs/NumberPrototype.cpp:
-        (KJS::exponentialPartToString):
-
-2008-07-02  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5951532> JSProfiler: Implement Bottom-Up view (19228)
-        - Subclass TreeProfile as I prepare for a HeavyProfile to be comming
-        later.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * profiler/Profile.cpp: By default we create a TreeProfile.
-        (KJS::Profile::create):
-        * profiler/Profile.h: Changes to the Profile class to make it amenable
-        to be inherited from.
-        (KJS::Profile::~Profile):
-        * profiler/TreeProfile.cpp: Added.
-        (KJS::TreeProfile::create):
-        (KJS::TreeProfile::TreeProfile):
-        (KJS::TreeProfile::heavyProfile):
-        * profiler/TreeProfile.h: Added.
-        (KJS::TreeProfile::treeProfile):
-
-2008-07-02  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Dan.
-
-        Broke CallIdentifier out into its own file. I did this because it's
-        going to grow a lot soon and I wanted this to be a separate patch.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * profiler/CallIdentifier.h: Added.
-        (KJS::CallIdentifier::CallIdentifier):
-        (KJS::CallIdentifier::operator==):
-        (KJS::CallIdentifier::operator!=):
-        (KJS::CallIdentifier::operator const char* ):
-        (KJS::CallIdentifier::toString):
-        * profiler/ProfileNode.h:
-
-2008-07-02  Simon Hausmann  <hausmann@webkit.org>
-
-        Build fix. Implemented missing functions for single-threaded build.
-
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::JSLock):
-        (KJS::JSLock::lock):
-        (KJS::JSLock::unlock):
-        (KJS::JSLock::DropAllLocks::DropAllLocks):
-
-2008-07-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Another non-AllInOne build fix.
-
-        * kjs/JSGlobalObject.cpp: Include JSLock.h here, too.
-
-2008-07-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Non-AllInOne build fix.
-
-        * kjs/interpreter.cpp: Include JSLock.h.
-
-2008-06-30  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Disable JSLock for per-thread contexts.
-
-        No change on SunSpider.
-
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        (KJS::JSGlobalData::sharedInstance):
-        Added isSharedInstance as a better way to tell whether the instance is shared (legacy).
-
-        * kjs/JSLock.cpp:
-        (KJS::createJSLockCount):
-        (KJS::JSLock::lockCount):
-        (KJS::setLockCount):
-        (KJS::JSLock::JSLock):
-        (KJS::JSLock::lock):
-        (KJS::JSLock::unlock):
-        (KJS::JSLock::currentThreadIsHoldingLock):
-        (KJS::JSLock::DropAllLocks::DropAllLocks):
-        (KJS::JSLock::DropAllLocks::~DropAllLocks):
-        * kjs/JSLock.h:
-        (KJS::JSLock::JSLock):
-        (KJS::JSLock::~JSLock):
-        Made JSLock and JSLock::DropAllLocks constructors take a parameter to decide whether to
-        actually lock a mutex, or only to increment recursion count. We cannot turn it into no-op
-        if we want to keep existing assertions working.
-        Made recursion count per-thread, now that locks may not lock.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript): Take JSLock after casting JSContextRef to ExecState* (which doesn't need
-        locking in any case), so that a decision whether to actually lock can be made.
-        (JSCheckScriptSyntax): Ditto.
-        (JSGarbageCollect): Only lock while collecting the shared heap, not the per-thread one.
-
-        * API/JSObjectRef.cpp:
-        (JSClassCreate): Don't lock, as there is no reason to.
-        (JSClassRetain): Ditto.
-        (JSClassRelease): Ditto.
-        (JSPropertyNameArrayRetain): Ditto.
-        (JSPropertyNameArrayRelease): Only lock while deleting the array, as that may touch
-        identifier table.
-        (JSPropertyNameAccumulatorAddName): Adding a string also involves an identifier table
-        lookup, and possibly modification.
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithCharacters):
-        (JSStringCreateWithUTF8CString):
-        (JSStringRetain):
-        (JSStringRelease):
-        (JSStringGetUTF8CString):
-        (JSStringIsEqual):
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-        JSStringRef operations other than releasing do not need locking.
-
-        * VM/Machine.cpp: Don't include unused JSLock.h.
-
-        * kjs/CollectorHeapIntrospector.cpp: (KJS::CollectorHeapIntrospector::statistics):
-        Don't take the lock for real, as heap introspection pauses the process anyway. It seems that
-        the existing code could cause deadlocks.
-
-        * kjs/Shell.cpp:
-        (functionGC):
-        (main):
-        (jscmain):
-        The test tool uses a per-thread context, so no real locking is required.
-
-        * kjs/collector.h:
-        (KJS::Heap::setGCProtectNeedsLocking): Optionally protect m_protectedValues access with a
-        per-heap mutex. This is only needed for WebCore Database code, which violates the "no data
-        migration between threads" by using ProtectedPtr on a background thread.
-        (KJS::Heap::isShared): Keep a shared flag here, as well.
-
-        * kjs/protect.h:
-        (KJS::::ProtectedPtr):
-        (KJS::::~ProtectedPtr):
-        (KJS::::operator):
-        (KJS::operator==):
-        (KJS::operator!=):
-        ProtectedPtr is ony used from WebCore, so it doesn't need to take JSLock. An assertion in
-        Heap::protect/unprotect guards agains possible future unlocked uses of ProtectedPtr in JSC.
-
-        * kjs/collector.cpp:
-        (KJS::Heap::Heap): Initialize m_isShared.
-        (KJS::Heap::~Heap): No need to lock for real during destruction, but must keep assertions
-        in sweep() working.
-        (KJS::destroyRegisteredThread): Registered thread list is only accessed for shared heap,
-        so locking is always needed here.
-        (KJS::Heap::registerThread): Ditto.
-        (KJS::Heap::markStackObjectsConservatively): Use m_isShared instead of comparing to a shared
-        instance for a small speedup.
-        (KJS::Heap::setGCProtectNeedsLocking): Create m_protectedValuesMutex. There is currently no
-        way to undo this - and ideally, Database code will be fixed to lo longer require this quirk.
-        (KJS::Heap::protect): Take m_protectedValuesMutex (if it exists) while accessing
-        m_protectedValues.
-        (KJS::Heap::unprotect): Ditto.
-        (KJS::Heap::markProtectedObjects): Ditto.
-        (KJS::Heap::protectedGlobalObjectCount): Ditto.
-        (KJS::Heap::protectedObjectCount): Ditto.
-        (KJS::Heap::protectedObjectTypeCounts): Ditto.
-
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        Don't include JSLock.h, which is no longer used here. As a result, an explicit include had
-        to be added to many files in JavaScriptGlue, WebCore and WebKit.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::init):
-        * API/JSCallbackConstructor.cpp:
-        (KJS::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::init):
-        (KJS::::getOwnPropertySlot):
-        (KJS::::put):
-        (KJS::::deleteProperty):
-        (KJS::::construct):
-        (KJS::::hasInstance):
-        (KJS::::call):
-        (KJS::::getPropertyNames):
-        (KJS::::toNumber):
-        (KJS::::toString):
-        (KJS::::staticValueGetter):
-        (KJS::::callbackGetter):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        (JSGlobalContextRetain):
-        (JSGlobalContextRelease):
-        * API/JSValueRef.cpp:
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * JavaScriptCore.exp:
-        * kjs/PropertyNameArray.h:
-        (KJS::PropertyNameArray::globalData):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::checkSyntax):
-        (KJS::Interpreter::evaluate):
-        Pass a parameter to JSLock/JSLock::DropAllLocks to decide whether the lock needs to be taken.
-
-2008-07-01  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19834
-        Failed assertion in JavaScriptCore/VM/SegmentedVector.h:82
-
-        Creating a global object with a custom prototype resets it twice (wasteful!).
-        So, addStaticGlobals() was called twice, but JSGlobalObject::reset() didn't reset
-        the register array.        
-
-        * kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::reset): Call setRegisterArray(0, 0).
-
-        * kjs/JSVariableObject.h: Changed registerArray to OwnArrayPtr. Also, added private copy
-        constructor and operator= to ensure that no one attempts to copy this object (for whatever
-        reason, I couldn't make Noncopyable work).
-
-        * kjs/JSGlobalObject.h: (KJS::JSGlobalObject::addStaticGlobals): Allocate registerArray
-        with new[].
-
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::copyRegisterArray): Allocate registerArray with new[].
-        (KJS::JSVariableObject::setRegisterArray): Avoid hitting an assertion in OwnArrayPtr when
-        "changing" the value from 0 to 0.
-
-2008-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Removed and/or reordered exception checks in array-style a[n] access.
-        
-        SunSpider says 1.4% faster.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): No need to check for exceptions before
-        calling toString, toNumber and/or get. If the call ends up being observable
-        through toString, valueOf, or a getter, we short-circuit it there, instead.
-        In the op_del_by_val case, I removed the incorrect comment without actually
-        removing the code, since I didn't want to tempt the GCC fates!
-
-        * kjs/JSObject.cpp:
-        (KJS::callDefaultValueFunction): Added exception check to prevent
-        toString and valueOf functions from observing execution after an exception
-        has been thrown. This removes some of the burden of exception checking
-        from the machine.
-
-        (KJS::JSObject::defaultValue): Removed redundant exception check here.
-
-        * kjs/PropertySlot.cpp:
-        (KJS::PropertySlot::functionGetter): Added exception check to prevent
-        getter functions from observing execution after an exception has been
-        thrown. This removes some of the burden of exception checking from the
-        machine.
-
-2008-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Optimized a[n] get and put for cases where n is an immediate unsigned
-        value.
-        
-        SunSpider says 3.5% faster.
-
-2008-07-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Bug 19844: JavaScript Switch statement modifies "this"
-        <https://bugs.webkit.org/show_bug.cgi?id=19844>
-
-        Use a temporary when generating code for switch clauses to avoid
-        overwriting 'this' or a local variable.
-
-        * kjs/nodes.cpp:
-        (KJS::CaseBlockNode::emitCodeForBlock):
-
-2008-07-01  Christian Dywan  <christian@twotoasts.de>
-
-        Gtk+ build fix.
-
-        * kjs/list.cpp: Include "JSCell.h"
-
-2008-07-01  Kevin McCullough  <kmccullough@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-07-01  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        - Mac release build fix
-
-        * JavaScriptCore.exp:
-
-2008-07-01  Sam Weinig  <sam@webkit.org>
-
-        Try and fix mac builds.
-
-        * JavaScriptCore.exp:
-
-2008-07-01  Sam Weinig  <sam@webkit.org>
-
-        Fix non-AllInOne builds.
-
-        * kjs/DateMath.cpp:
-
-2008-07-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Split JSCell and JSNumberCell class declarations out of JSValue.h
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/JSPropertyNameIterator.h:
-        * kjs/AllInOneFile.cpp:
-        * kjs/JSCell.cpp: Copied from JavaScriptCore/kjs/JSValue.cpp.
-        * kjs/JSCell.h: Copied from JavaScriptCore/kjs/JSValue.h.
-        (KJS::JSValue::getJSNumber):
-        * kjs/JSNumberCell.cpp:
-        * kjs/JSNumberCell.h: Copied from JavaScriptCore/kjs/JSValue.h.
-        * kjs/JSObject.h:
-        * kjs/JSString.cpp:
-        (KJS::jsString):
-        (KJS::jsOwnedString):
-        * kjs/JSString.h:
-        (KJS::JSValue::toThisJSString):
-        * kjs/JSValue.cpp:
-        * kjs/JSValue.h:
-
-2008-07-01  Anders Carlsson  <andersca@apple.com>
-
-        Build fixes.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::addStaticGlobals):
-
-2008-07-01  Simon Hausmann  <hausmann@webkit.org>
-
-        Build fix, include OwnPtr.h.
-
-        * kjs/RegExpConstructor.h:
-
-2008-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed a global object leak caused by the switch to one register file.
-        
-        Don't unconditionally mark the register file, since that logically
-        makes all global variables GC roots, even when their global object is
-        no longer reachable.
-        
-        Instead, make the global object associated with the register file
-        responsible for marking the register file.
-
-2008-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Removed the "registerBase" abstraction. Since the register file never
-        reallocates, we can keep direct pointers into it, instead of
-        <registerBase, offset> tuples.
-        
-        SunSpider says 0.8% faster.
-        
-2008-06-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Fix build by adding all (hopefully) the missing includes.
-
-        * kjs/BooleanPrototype.cpp:
-        * kjs/DateConstructor.cpp:
-        * kjs/ErrorPrototype.cpp:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/NativeErrorConstructor.cpp:
-        * kjs/NumberPrototype.cpp:
-        * kjs/ObjectPrototype.cpp:
-        * kjs/RegExpConstructor.cpp:
-        * kjs/StringConstructor.cpp:
-        * kjs/StringPrototype.cpp:
-
-2008-06-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 19830: REGRESSION (r34883): Google Reader doesn't show up feed list on sidebar
-        <https://bugs.webkit.org/show_bug.cgi?id=19830>
-
-        Ensure that we do not eliminate a write to a local register when doing
-        peephole optimizations.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJumpIfTrue):
-        (KJS::CodeGenerator::emitJumpIfFalse):
-
-2008-06-30  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Alder.
-
-        Split InternalFunction into its own header file.
-
-        * API/JSCallbackFunction.h:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/ArrayConstructor.h:
-        * kjs/BooleanConstructor.h:
-        * kjs/DateConstructor.h:
-        * kjs/ErrorConstructor.h:
-        * kjs/FunctionConstructor.h:
-        * kjs/FunctionPrototype.h:
-        * kjs/InternalFunction.h: Copied from kjs/JSFunction.h.
-        * kjs/JSFunction.h:
-        * kjs/NativeErrorConstructor.h:
-        * kjs/NumberConstructor.h:
-        * kjs/ObjectConstructor.h:
-        * kjs/RegExpConstructor.h:
-        * kjs/StringConstructor.h:
-        * profiler/Profiler.cpp:
-
-2008-06-30  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Kevin McCullough.
-
-        Remove empty files Instruction.cpp, LabelID.cpp, Register.cpp and RegisterID.cpp.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Instruction.cpp: Removed.
-        * VM/LabelID.cpp: Removed.
-        * VM/Register.cpp: Removed.
-        * VM/RegisterID.cpp: Removed.
-
-2008-06-30  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped (reluctantly) by Kevin McCullough.
-
-        Rename date_object.h/cpp to DateInstance.h/cpp
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/DateConstructor.cpp:
-        * kjs/DateInstance.cpp: Copied from kjs/date_object.cpp.
-        * kjs/DateInstance.h: Copied from kjs/date_object.h.
-        * kjs/DatePrototype.cpp:
-        * kjs/DatePrototype.h:
-        * kjs/date_object.cpp: Removed.
-        * kjs/date_object.h: Removed.
-
-2008-06-30  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Remove internal.cpp and move its contents to there own .cpp files.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/GetterSetter.cpp: Copied from kjs/internal.cpp.
-        * kjs/InternalFunction.cpp: Copied from kjs/internal.cpp.
-        * kjs/JSNumberCell.cpp: Copied from kjs/internal.cpp.
-        * kjs/JSString.cpp: Copied from kjs/internal.cpp.
-        * kjs/JSString.h:
-        * kjs/LabelStack.cpp: Copied from kjs/internal.cpp.
-        * kjs/NumberConstructor.cpp:
-        * kjs/NumberObject.cpp:
-        (KJS::constructNumber):
-        (KJS::constructNumberFromImmediateNumber):
-        * kjs/internal.cpp: Removed.
-
-2008-06-30  Adam Roben  <aroben@apple.com>
-
-        Fix <rdar://5954749> Assertion failure due to HashTable's use of
-        operator&
-
-        HashTable was passing &value to constructDeletedValue, which in
-        classes like WebCore::COMPtr would cause an assertion. We now pass
-        value by reference instead of by address so that the HashTraits
-        implementations have more flexibility in constructing the deleted
-        value.
-
-        Reviewed by Ada Chan.
-
-        * VM/CodeGenerator.h: Updated for changes to HashTraits.
-        * wtf/HashTable.h:
-        (WTF::::deleteBucket): Changed to pass bucket by reference instead of
-        by address.
-        (WTF::::checkKey): Ditto.
-        * wtf/HashTraits.h:
-        (WTF::): Updated HashTraits for HashTable change.
-
-2008-07-01  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Make RegisterFile really unmap memory on destruction.
-
-        This fixes run-webkit-tests --threaded, which ran out of address space in a few seconds.
-
-        * VM/RegisterFile.cpp: (KJS::RegisterFile::~RegisterFile): Unmap all the memory, not just
-        1/4 of it.
-
-        * kjs/JSGlobalObject.h: Don't include RegisterFile.h, so that changes to it don't make
-        half of WebCore rebuild.
-
-        * VM/Machine.h: Don't forward declare RegisterFile, as RegisterFile.h is included already.
-
-        * VM/RegisterFile.h: (KJS::RegisterFile::RegisterFile): Assert that the allocation succeeded.
-
-2008-06-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Oliver.
-
-        Correct the documentation for op_put_by_index.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-06-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 19821: Merge the instruction pair (less, jfalse)
-        <https://bugs.webkit.org/show_bug.cgi?id=19821>
-        
-        This is a 2.4% win on SunSpider. I needed to add an ALWAYS_INLINE
-        intrinisc to CodeGenerator::rewindBinaryOp() to avoid a massive
-        regression in regexp-dna.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::rewindBinaryOp):
-        (KJS::CodeGenerator::emitJumpIfFalse):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.cpp:
-        (KJS::):
-        * VM/Opcode.h:
-
-2008-06-29  Sam Weinig  <sam@webkit.org>
-
-        Fix non-AllInOne builds.
-
-        * kjs/JSObject.cpp:
-        * kjs/JSValue.cpp:
-
-2008-06-29  Sam Weinig  <sam@webkit.org>
-
-        Build fix for Qt.
-
-        * kjs/DateMath.cpp:
-        * kjs/DatePrototype.cpp:
-
-2008-06-29  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Cameron Zwarich.
-
-        Splits ErrorConstructor, ErrorPrototype,  NativeErrorConstructor and
-        NativeErrorPrototype out of error_object.h/cpp and renames it ErrorInstance.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ArrayConstructor.cpp:
-        * kjs/ArrayPrototype.cpp:
-        * kjs/BooleanPrototype.cpp:
-        * kjs/DatePrototype.cpp:
-        * kjs/ErrorConstructor.cpp: Copied from kjs/error_object.cpp.
-        * kjs/ErrorConstructor.h: Copied from kjs/error_object.h.
-        * kjs/ErrorInstance.cpp: Copied from kjs/error_object.cpp.
-        * kjs/ErrorInstance.h: Copied from kjs/error_object.h.
-        * kjs/ErrorPrototype.cpp: Copied from kjs/error_object.cpp.
-        * kjs/ErrorPrototype.h: Copied from kjs/error_object.h.
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSObject.cpp:
-        * kjs/JSValue.cpp:
-        * kjs/NativeErrorConstructor.cpp: Copied from kjs/error_object.cpp.
-        * kjs/NativeErrorConstructor.h: Copied from kjs/error_object.h.
-        * kjs/NativeErrorPrototype.cpp: Copied from kjs/error_object.cpp.
-        * kjs/NativeErrorPrototype.h: Copied from kjs/error_object.h.
-        * kjs/NumberPrototype.cpp:
-        * kjs/RegExpConstructor.cpp:
-        * kjs/RegExpObject.cpp:
-        * kjs/RegExpPrototype.cpp:
-        * kjs/StringPrototype.cpp:
-        * kjs/error_object.cpp: Removed.
-        * kjs/error_object.h: Removed.
-        * kjs/internal.cpp:
-
-2008-06-29  Sam Weinig  <sam@webkit.org>
-
-        Fix non-AllInOne build.
-
-        * kjs/DateConstructor.cpp:
-        * kjs/DateMath.cpp:
-        * kjs/JSObject.cpp:
-
-2008-06-29  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Splits DateConstructor and DatePrototype out of date_object.h/cpp
-        Moves shared Date code into DateMath.
-
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/DateConstructor.cpp: Copied from kjs/date_object.cpp.
-        * kjs/DateConstructor.h: Copied from kjs/date_object.h.
-        * kjs/DateMath.cpp:
-        (KJS::ymdhmsToSeconds):
-        (KJS::):
-        (KJS::skipSpacesAndComments):
-        (KJS::findMonth):
-        (KJS::parseDate):
-        (KJS::timeClip):
-        (KJS::formatDate):
-        (KJS::formatDateUTCVariant):
-        (KJS::formatTime):
-        * kjs/DateMath.h:
-        (KJS::gmtoffset):
-        * kjs/DatePrototype.cpp: Copied from kjs/date_object.cpp.
-        * kjs/DatePrototype.h: Copied from kjs/date_object.h.
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSObject.cpp:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/internal.cpp:
-
-2008-06-29  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Rubber-stamped by Cameron Zwarich
-
-        Fix Gtk non-AllInOne build
-
-        * GNUmakefile.am: include JSVariableObject.cpp
-        * kjs/RegExpConstructor.cpp: include RegExpObject.h
-        * kjs/RegExpObject.h: forward declare RegExpPrototype
-
-2008-06-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam and Cameron.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=19805
-          Array.concat turns missing array elements into "undefined"
-
-        Test: fast/js/array-holes.html
-
-        * JavaScriptCore.exp: No longer export JSArray::getItem.
-
-        * kjs/ArrayPrototype.cpp:
-        (KJS::arrayProtoFuncConcat): Changed to use getProperty instead of
-        JSArray::getItem -- need to handle properties from the prototype chain
-        instead of ignoring them.
-
-        * kjs/JSArray.cpp: Removed getItem.
-        * kjs/JSArray.h: Ditto.
-
-2008-06-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19804
-          optimize access to arrays without "holes"
-
-        SunSpider says 1.8% faster.
-
-        * kjs/JSArray.cpp:
-        (KJS::JSArray::JSArray): Initialize m_fastAccessCutoff when creating
-        arrays. Also updated for new location of m_vectorLength.
-        (KJS::JSArray::getItem): Updated for new location of m_vectorLength.
-        (KJS::JSArray::getSlowCase): Added. Broke out the non-hot parts of
-        getOwnPropertySlot to make the hot part faster.
-        (KJS::JSArray::getOwnPropertySlot): Added a new faster case for
-        indices lower than m_fastAccessCutoff. We can do theese with no
-        additional checks or branches.
-        (KJS::JSArray::put): Added a new faster case for indices lower than
-        m_fastAccessCutoff. We can do theese with no additional checks or
-        branches. Moved the maxArrayIndex handling out of this function.
-        Added code to set m_fastAccessCutoff when the very last hole in
-        an array is filled; this is how the cutoff gets set for most arrays.
-        (KJS::JSArray::putSlowCase): Moved the rest of the put function logic
-        in here, to make the hot part of the put function faster.
-        (KJS::JSArray::deleteProperty): Added code to lower m_fastAccessCutoff
-        when a delete makes a new hole in the array.
-        (KJS::JSArray::getPropertyNames): Updated for new location of
-        m_vectorLength.
-        (KJS::JSArray::increaseVectorLength): Ditto.
-        (KJS::JSArray::setLength): Added code to lower m_fastAccessCutoff
-        when setLength makes the array smaller.
-        (KJS::JSArray::mark): Updated for new location of m_vectorLength.
-        (KJS::JSArray::sort): Ditto. Set m_fastAccessCutoff after moving
-        all the holes to the end of the array.
-        (KJS::JSArray::compactForSorting): Ditto.
-        (KJS::JSArray::checkConsistency): Added consistency checks fro
-        m_fastAccessCutoff and updated for the new location of m_vectorLength.
-
-        * kjs/JSArray.h: Added declarations for slow case functions.
-        Replaced m_vectorLength with m_fastAccessCutoff.
-
-2008-06-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Sam.
-
-        When executing a native call, check for an exception before writing the
-        return value.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-06-28  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.  Flag headers as private or public as is appropriate.
-        These settings were accidentally removed during some project file cleanup.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-06-28  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Splits RegExpConstructor and RegExpPrototype out of RegExpObject.h/cpp
-
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Machine.cpp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/RegExpConstructor.cpp: Copied from kjs/RegExpObject.cpp.
-        * kjs/RegExpConstructor.h: Copied from kjs/RegExpObject.h.
-        * kjs/RegExpObject.cpp:
-        * kjs/RegExpObject.h:
-        * kjs/RegExpPrototype.cpp: Copied from kjs/RegExpObject.cpp.
-        * kjs/RegExpPrototype.h: Copied from kjs/RegExpObject.h.
-        * kjs/StringPrototype.cpp:
-        * kjs/internal.cpp:
-
-2008-06-28  Sam Weinig  <sam@webkit.org>
-
-        Fix non-AllInOne builds.
-
-        * kjs/StringConstructor.cpp:
-
-2008-06-28  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Rename string_object.h/cpp to StringObject.h/cpp and split out StringObjectThatMasqueradesAsUndefined,
-        StringConstructor and StringPrototype.
-
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/StringConstructor.cpp: Copied from JavaScriptCore/kjs/string_object.cpp.
-        * kjs/StringConstructor.h: Copied from JavaScriptCore/kjs/string_object.h.
-        * kjs/StringObject.cpp: Copied from JavaScriptCore/kjs/string_object.cpp.
-        * kjs/StringObject.h: Copied from JavaScriptCore/kjs/string_object.h.
-        * kjs/StringObjectThatMasqueradesAsUndefined.h: Copied from JavaScriptCore/kjs/string_object.h.
-        * kjs/StringPrototype.cpp: Copied from JavaScriptCore/kjs/string_object.cpp.
-        * kjs/StringPrototype.h: Copied from JavaScriptCore/kjs/string_object.h.
-        * kjs/internal.cpp:
-        * kjs/string_object.cpp: Removed.
-        * kjs/string_object.h: Removed.
-
-2008-06-28  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk build fix: JSVariableObject is now part of AllInOne
-
-        * GNUmakefile.am:
-
-2008-06-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19801
-          add a feature so we can tell what regular expressions are taking time
-
-        * pcre/pcre_compile.cpp:
-        (jsRegExpCompile): Compile in the string if REGEXP_HISTOGRAM is on.
-
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute): Add hook to time execution.
-        (Histogram::~Histogram): Print a sorted list of what took time.
-        (Histogram::add): Accumulate records of what took time.
-        (HistogramTimeLogger::~HistogramTimeLogger): Hook that calls
-        Histogram::add at the right moment and creates the global histogram
-        object.
-
-        * pcre/pcre_internal.h: Define REGEXP_HISTOGRAM.
-
-        * pcre/pcre_tables.cpp: Added missing include of "config.h". Not needed
-        any more, but an omissions an earlier version of this patch detected.
-        * pcre/pcre_ucp_searchfuncs.cpp: Ditto.
-        * pcre/pcre_xclass.cpp: Ditto.
-
-2008-06-28  Sam Weinig  <sam@webkit.org>
-
-        Try and fix the Windows build again.
-
-        * kjs/RegExpObject.cpp:
-        * kjs/date_object.cpp:
-        * kjs/error_object.cpp:
-
-2008-06-28  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Remove unused StringConstructorFunction class.
-
-        * kjs/string_object.h:
-
-2008-06-28  Sam Weinig  <sam@webkit.org>
-
-        Fix windows build.
-
-        * kjs/ArrayPrototype.cpp:
-        * kjs/BooleanPrototype.cpp:
-        * kjs/BooleanPrototype.h:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/JSImmediate.cpp:
-        * kjs/JSObject.cpp:
-        * kjs/MathObject.cpp:
-        * kjs/NumberPrototype.cpp:
-        * kjs/NumberPrototype.h:
-        * kjs/ObjectConstructor.cpp:
-        * kjs/RegExpObject.h:
-        * kjs/error_object.h:
-        * kjs/string_object.cpp:
-
-2008-06-28  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Splits FunctionConstructor out of FunctionPrototype.h/cpp
-        Splits NumberConstructor and NumberPrototype out of NumberObject.h/cpp
-        Rename object_object.h/cpp to ObjectPrototype.h/cpp and split out ObjectConstructor.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSClassRef.cpp:
-        * API/JSObjectRef.cpp:
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Machine.cpp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ArrayConstructor.cpp:
-        * kjs/ArrayConstructor.h:
-        * kjs/FunctionConstructor.cpp: Copied from JavaScriptCore/kjs/FunctionPrototype.cpp.
-        * kjs/FunctionConstructor.h: Copied from JavaScriptCore/kjs/FunctionPrototype.h.
-        * kjs/FunctionPrototype.cpp:
-        * kjs/FunctionPrototype.h:
-        * kjs/JSFunction.cpp:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSImmediate.cpp:
-        * kjs/MathObject.h:
-        * kjs/NumberConstructor.cpp: Copied from JavaScriptCore/kjs/NumberObject.cpp.
-        * kjs/NumberConstructor.h: Copied from JavaScriptCore/kjs/NumberObject.h.
-        * kjs/NumberObject.cpp:
-        * kjs/NumberObject.h:
-        * kjs/NumberPrototype.cpp: Copied from JavaScriptCore/kjs/NumberObject.cpp.
-        * kjs/NumberPrototype.h: Copied from JavaScriptCore/kjs/NumberObject.h.
-        * kjs/ObjectConstructor.cpp: Copied from JavaScriptCore/kjs/object_object.cpp.
-        * kjs/ObjectConstructor.h: Copied from JavaScriptCore/kjs/object_object.h.
-        * kjs/ObjectPrototype.cpp: Copied from JavaScriptCore/kjs/object_object.cpp.
-        * kjs/ObjectPrototype.h: Copied from JavaScriptCore/kjs/object_object.h.
-        * kjs/RegExpObject.h:
-        * kjs/Shell.cpp:
-        * kjs/error_object.h:
-        * kjs/internal.cpp:
-        * kjs/nodes.cpp:
-        * kjs/object_object.cpp: Removed.
-        * kjs/object_object.h: Removed.
-        * kjs/string_object.h:
-
-2008-06-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=19796
-          optimize expressions with ignored results (especially post-increment)
-
-        SunSpider says 0.9% faster.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::tempDestination): Create a new temporary for
-        ignoredResult() too, just as we would for 0.
-        (KJS::CodeGenerator::finalDestination): Use the temporary if the
-        register passed in is ignoredResult() too, just as we would for 0.
-        (KJS::CodeGenerator::destinationForAssignResult): Return 0 if the
-        passed in register is ignoredResult(), just as we would for 0.
-        (KJS::CodeGenerator::moveToDestinationIfNeeded): Return 0 if the
-        register passed in is ignoredResult(). What matters is that we
-        don't want to emit a move. The return value won't be looked at.
-        (KJS::CodeGenerator::emitNode): Allow ignoredResult() and pass it
-        through to the node's emitCode function.
-
-        * VM/RegisterID.h:
-        (KJS::ignoredResult): Added. Special value to indicate the result of
-        a node will be ignored and need not be put in any register.
-
-        * kjs/nodes.cpp:
-        (KJS::NullNode::emitCode): Do nothing if dst == ignoredResult().
-        (KJS::BooleanNode::emitCode): Ditto.
-        (KJS::NumberNode::emitCode): Ditto.
-        (KJS::StringNode::emitCode): Ditto.
-        (KJS::RegExpNode::emitCode): Ditto.
-        (KJS::ThisNode::emitCode): Ditto.
-        (KJS::ResolveNode::emitCode): Do nothing if dst == ignoredResult() and
-        the identifier resolves to a local variable.
-        (KJS::ObjectLiteralNode::emitCode): Do nothing if dst == ignoredResult()
-        and the object is empty.
-        (KJS::PostIncResolveNode::emitCode): If dst == ignoredResult(), then do
-        nothing for the local constant case, and do a pre-increment in all the
-        other cases.
-        (KJS::PostDecResolveNode::emitCode): Ditto.
-        (KJS::PostIncBracketNode::emitCode): Ditto.
-        (KJS::PostDecBracketNode::emitCode): Ditto.
-        (KJS::PostIncDotNode::emitCode): Ditto.
-        (KJS::PostDecDotNode::emitCode): Ditto.
-        (KJS::DeleteValueNode::emitCode): Pass ignoredResult() when evaluating
-        the expression.
-        (KJS::VoidNode::emitCode): Ditto.
-        (KJS::TypeOfResolveNode::emitCode): If dst == ignoredResult(), do nothing
-        if the identifier resolves to a local variable, and don't bother generating
-        a typeof opcode in the other case.
-        (KJS::TypeOfValueNode::emitCode): Ditto.
-        (KJS::PreIncResolveNode::emitCode): Do nothing if dst == ignoredResult() and
-        the identifier resolves to a local constant.
-        (KJS::PreDecResolveNode::emitCode): Ditto.
-        (KJS::AssignResolveNode::emitCode): Turn ignoredResult() into 0 in a couple
-        places, because we need to put the result into a register so we can assign
-        it. At other sites this is taken care of by functions like finalDestination.
-        (KJS::CommaNode::emitCode): Pass ignoredResult() when evaluating the first
-        expression.
-        (KJS::ForNode::emitCode): Pass ignoredResult() when evaluating the first and
-        third expressions.
-        (KJS::ForInNode::emitCode): Pass ignoredResult() when evaluating the first
-        expression.
-
-2008-06-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19787
-          create most arrays from values in registers rather than with multiple put operations
-
-        SunSpider says 0.8% faster.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump): Added argv and argc parameters to new_array.
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Ditto.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitNewArray): Added.
-        * VM/CodeGenerator.h: Added ElementNode* argument to emitNewArray.
-
-        * kjs/nodes.cpp:
-        (KJS::ArrayNode::emitCode): Pass the ElementNode to emitNewArray so it can be
-        initialized with as many elements as possible. If the array doesn't have any
-        holes in it, that's all that's needed. If there are holes, then emit some separate
-        put operations for the other values in the array and for the length as needed.
-
-        * kjs/nodes.h: Added some accessors to ElementNode so the code generator can
-        iterate through elements and generate code to evaluate them. Now ArrayNode does
-        not need to be a friend. Also took out some unused PlacementNewAdoptType
-        constructors.
-
-2008-06-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        * kjs/nodes.h: Remove obsolete PlacementNewAdopt constructors.
-        We no longer mutate the AST in place.
-
-2008-06-28  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Build fix
-
-        * VM/Machine.cpp: include stdio.h for printf
-
-2008-06-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix platforms that don't use AllInOne.cpp
-
-        * kjs/BooleanConstructor.h:
-        * kjs/BooleanPrototype.h:
-        * kjs/FunctionPrototype.cpp:
-
-2008-06-27  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Splits ArrayConstructor out of ArrayPrototype.h/cpp
-        Splits BooleanConstructor and BooleanPrototype out of BooleanObject.h/cpp
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Machine.cpp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ArrayConstructor.cpp: Copied from kjs/ArrayPrototype.cpp.
-        * kjs/ArrayConstructor.h: Copied from kjs/ArrayPrototype.h.
-        * kjs/ArrayPrototype.cpp:
-        * kjs/ArrayPrototype.h:
-        * kjs/BooleanConstructor.cpp: Copied from kjs/BooleanObject.cpp.
-        * kjs/BooleanConstructor.h: Copied from kjs/BooleanObject.h.
-        * kjs/BooleanObject.cpp:
-        * kjs/BooleanObject.h:
-        * kjs/BooleanPrototype.cpp: Copied from kjs/BooleanObject.cpp.
-        * kjs/BooleanPrototype.h: Copied from kjs/BooleanObject.h.
-        * kjs/CommonIdentifiers.h:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/JSArray.cpp:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSImmediate.cpp:
-        * kjs/Shell.cpp:
-        * kjs/internal.cpp:
-        * kjs/nodes.cpp:
-        * kjs/string_object.cpp:
-
-2008-06-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam.
-
-        Bug 18626: SQUIRRELFISH: support the "slow script" dialog <https://bugs.webkit.org/show_bug.cgi?id=18626>
-        <rdar://problem/5973931> Slow script dialog needs to be reimplemented for squirrelfish
-
-        Adds support for the slow script dialog in squirrelfish.  This requires the addition
-        of three new op codes, op_loop, op_loop_if_true, and op_loop_if_less which have the
-        same behaviour as their simple jump equivalents but have an additional time out check.
-
-        Additional assertions were added to other jump instructions to prevent accidentally
-        creating loops with jump types that do not support time out checks.
-
-        Sunspider does not report a regression, however this appears very sensitive to code
-        layout and hardware, so i would expect up to a 1% regression on other systems.
-
-        Part of this required moving the old timeout logic from JSGlobalObject and into Machine
-        which is the cause of a number of the larger diff blocks.
-
-        * JavaScriptCore.exp:
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJumpIfTrue):
-        (KJS::CodeGenerator::emitJumpScopes):
-        * VM/ExceptionHelpers.cpp:
-        (KJS::InterruptedExecutionError::isWatchdogException):
-        (KJS::createInterruptedExecutionException):
-        * VM/ExceptionHelpers.h:
-        * VM/LabelID.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::Machine):
-        (KJS::Machine::throwException):
-        (KJS::Machine::resetTimeoutCheck):
-        (KJS::getCurrentTime):
-        (KJS::Machine::checkTimeout):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        (KJS::Machine::setTimeoutTime):
-        (KJS::Machine::startTimeoutCheck):
-        (KJS::Machine::stopTimeoutCheck):
-        (KJS::Machine::initTimeout):
-        * VM/Opcode.cpp:
-        (KJS::):
-        * VM/Opcode.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::init):
-        (KJS::JSGlobalObject::setTimeoutTime):
-        (KJS::JSGlobalObject::startTimeoutCheck):
-        * kjs/JSGlobalObject.h:
-        * kjs/JSObject.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-
-2008-06-27  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk and Qt build fix: Remove RegisterFileStack from the build
-        scripts.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-
-2008-06-27  Adele Peterson  <adele@apple.com>
-
-        Reviewed by Geoff.
-
-        Build fixes. 
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::RegisterFile):
-        * kjs/JSGlobalObject.cpp:
-        * kjs/collector.cpp:
-
-2008-06-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        One RegisterFile to rule them all!
-        
-        SunSpider reports a 0.2% speedup.
-
-        This patch removes the RegisterFileStack abstraction and replaces it with
-        a single register file that
-        
-        (a) allocates a fixed storage area, including a fixed area for global
-        vars, so that no operation may cause the register file to reallocate
-        
-        and
-
-        (b) swaps between global storage areas when executing code in different 
-        global objects.
-        
-        This patch also changes the layout of the register file so that all call
-        frames, including call frames for global code, get a header. This is
-        required to support re-entrant global code. It also just makes things simpler.
-        
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addGlobalVar): New function. Differs from addVar in
-        that
-        
-        (a) global vars don't contribute to a CodeBlock's numLocals count, since
-        global storage is fixed and allocated at startup
-        
-        and
-        
-        (b) references to global vars get shifted to elide intermediate stack
-        between "r" and the global storage area.
-        
-        * VM/Machine.cpp:
-        (KJS::Machine::dumpRegisters): Updated this function to match the new
-        register file layout, and added the ability to dump exact identifiers
-        for the different parts of a call frame.
-        
-        (KJS::Machine::unwindCallFrame): Updated this function to match the new
-        register file layout.
-         
-        (KJS::Machine::execute): Updated this function to initialize a call frame
-        header for global code, and to swap global storage areas when switching
-        to execution in a new global object.
-        
-        (KJS::Machine::privateExecute): Got rid of "safeForReentry" and re-reading
-        of registerBase because the register file is always safe for reentry now,
-        and registerBase never changes.
-        
-        * VM/Machine.h: Moved the call frame header enum from Machine to RegisterFile,
-        to resolve a header dependency problem (a good sign that the enum belonged
-        in RegisterFile all along!)
-
-        * VM/RegisterFile.cpp:
-        * VM/RegisterFile.h: Changed RegisterFile to mmap a fixed size register
-        area. This allows us to avoid re-allocting the register file later on.
-        Instead, we rely on the OS to allocate physical pages to the register
-        file as necessary.
-
-        * VM/RegisterFileStack.cpp: Removed. Tada!
-        * VM/RegisterFileStack.h: Removed. Tada!
-
-        * kjs/DebuggerCallFrame.cpp: Updated this class to match the new
-        register file layout, greatly simplifying it in the process.
-
-        * kjs/JSActivation.h:
-        * kjs/JSActivation.cpp: Moved some of this logic up to JSVariableObject,
-        since the global object now needs to be able to tear off its registers
-        just like the activation object.
-
-        * kjs/JSFunction.cpp: No need to fiddle with the register file anymore.
-
-        * kjs/JSGlobalObject.h:
-        * kjs/JSGlobalObject.cpp: Updated JSGlobalObject to support moving its
-        global storage area into and out of the register file.
-
-        * kjs/PropertySlot.cpp: No need to fiddle with the register file anymore.
-
-        * kjs/collector.cpp: Renamed markStackObjectConservatively to
-        markConservatively, since we don't just mark stack objects this way.
-        
-        Also, added code to mark the machine's register file.
-
-        * kjs/config.h: Moved some platforms #defines from here...
-        * wtf/Platform.h: ...to here, to support mmap/VirtualAlloc detection
-        in RegisterFile.h.
-
-2008-06-26  Mark Rowe  <mrowe@apple.com>
-
-        Speculative fix for the Windows build.
-
-        * kjs/JSImmediate.cpp:
-
-2008-06-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler and Geoff Garen.
-
-        Fix the malloc zone introspection functions so that malloc_zone_statistics does not give
-        bogus output in an application that uses JavaScriptCore.
-
-        * kjs/CollectorHeapIntrospector.cpp:
-        (KJS::CollectorHeapIntrospector::statistics): Return statistics about memory allocated by the collector.
-        * kjs/CollectorHeapIntrospector.h:
-        * wtf/FastMalloc.cpp: Zero out the statistics.  FastMalloc doesn't track this information at present.
-        Returning zero for all values is preferable to returning bogus data.
-
-2008-06-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19721
-          speed up JavaScriptCore by not wrapping strings in objects just
-          to call functions on them
-
-        - optimize UString append and the replace function a bit
-
-        SunSpider says 1.8% faster.
-
-        * JavaScriptCore.exp: Updated.
-
-        * VM/JSPropertyNameIterator.cpp: Added include of JSString.h, now needed
-        because jsString returns a JSString*.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Removed the toObject call from native
-        function calls. Also removed code to put the this value into a register.
-
-        * kjs/BooleanObject.cpp:
-        (KJS::booleanProtoFuncToString): Rewrite to handle false and true
-        separately.
-
-        * kjs/FunctionPrototype.cpp:
-        (KJS::constructFunction): Use single-character append rather than building
-        a string for each character.
-        * kjs/JSFunction.cpp:
-        (KJS::globalFuncUnescape): Ditto.
-
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::prototype): Added. Gets the appropriate prototype for
-        use with an immediate value. To be used instead of toObject when doing a
-        get on an immediate value.
-        * kjs/JSImmediate.h: Added prototype.
-
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::toString): Tweaked formatting.
-
-        * kjs/JSObject.h:
-        (KJS::JSValue::get): Use prototype instead of toObject to avoid creating
-        an object wrapper just to search for properties. This also saves an
-        unnecessary hash table lookup since the object wrappers themselves don't
-        have any properties.
-
-        * kjs/JSString.h: Added toThisString and toThisJSString.
-
-        * kjs/JSValue.cpp:
-        (KJS::JSCell::toThisString): Added.
-        (KJS::JSCell::toThisJSString): Added.
-        (KJS::JSCell::getJSNumber): Added.
-        (KJS::jsString): Changed return type to JSString*.
-        (KJS::jsOwnedString): Ditto.
-
-        * kjs/JSValue.h:
-        (KJS::JSValue::toThisString): Added.
-        (KJS::JSValue::toThisJSString): Added.
-        (KJS::JSValue::getJSNumber): Added.
-
-        * kjs/NumberObject.cpp:
-        (KJS::NumberObject::getJSNumber): Added.
-        (KJS::integer_part_noexp): Append C string directly rather than first
-        turning it into a UString.
-        (KJS::numberProtoFuncToString): Use getJSNumber to check if the value
-        is a number rather than isObject(&NumberObject::info). This works for
-        immediate numbers, number cells, and NumberObject instances.
-        (KJS::numberProtoFuncToLocaleString): Ditto.
-        (KJS::numberProtoFuncValueOf): Ditto.
-        (KJS::numberProtoFuncToFixed): Ditto.
-        (KJS::numberProtoFuncToExponential): Ditto.
-        (KJS::numberProtoFuncToPrecision): Ditto.
-        * kjs/NumberObject.h: Added getJSNumber.
-
-        * kjs/PropertySlot.cpp: Tweaked comment.
-
-        * kjs/internal.cpp:
-        (KJS::JSString::toThisString): Added.
-        (KJS::JSString::toThisJSString): Added.
-        (KJS::JSString::getOwnPropertySlot): Changed code that searches the
-        prototype chain to start with the string prototype and not create a
-        string object.
-        (KJS::JSNumberCell::toThisString): Added.
-        (KJS::JSNumberCell::getJSNumber): Added.
-
-        * kjs/lookup.cpp:
-        (KJS::staticFunctionGetter): Moved here, because there's no point in
-        having a function that's only used for a function pointer be inline.
-        (KJS::setUpStaticFunctionSlot): New function for getStaticFunctionSlot.
-
-        * kjs/lookup.h:
-        (KJS::staticValueGetter): Don't mark this inline. It doesn't make sense
-        to have a function that's only used for a function pointer be inline.
-        (KJS::getStaticFunctionSlot): Changed to get properties from the parent
-        first before doing any handling of functions. This is the fastest way
-        to return the function once the initial setup is done.
-
-        * kjs/string_object.cpp:
-        (KJS::StringObject::getPropertyNames): Call value() instead of getString(),
-        avoiding an unnecessary virtual function call (the call to the type()
-        function in the implementation of the isString() function).
-        (KJS::StringObject::toString): Added.
-        (KJS::StringObject::toThisString): Added.
-        (KJS::StringObject::toThisJSString): Added.
-        (KJS::substituteBackreferences): Rewrote to use a appending algorithm
-        instead of a the old one that tried to replace in place.
-        (KJS::stringProtoFuncReplace): Merged this function and the replace function.
-        Replaced the hand-rolled dynamic arrays for source ranges and replacements
-        with Vector.
-        (KJS::stringProtoFuncToString): Handle JSString as well as StringObject.
-        Removed the separate valueOf implementation, since it can just share this.
-        (KJS::stringProtoFuncCharAt): Use toThisString, which handles JSString as
-        well as StringObject, and is slightly more efficient than the old code too.
-        (KJS::stringProtoFuncCharCodeAt): Ditto.
-        (KJS::stringProtoFuncConcat): Ditto.
-        (KJS::stringProtoFuncIndexOf): Ditto.
-        (KJS::stringProtoFuncLastIndexOf): Ditto.
-        (KJS::stringProtoFuncMatch): Ditto.
-        (KJS::stringProtoFuncSearch): Ditto.
-        (KJS::stringProtoFuncSlice): Ditto.
-        (KJS::stringProtoFuncSplit): Ditto.
-        (KJS::stringProtoFuncSubstr): Ditto.
-        (KJS::stringProtoFuncSubstring): Ditto.
-        (KJS::stringProtoFuncToLowerCase): Use toThisJSString.
-        (KJS::stringProtoFuncToUpperCase): Ditto.
-        (KJS::stringProtoFuncToLocaleLowerCase): Ditto.
-        (KJS::stringProtoFuncToLocaleUpperCase): Ditto.
-        (KJS::stringProtoFuncLocaleCompare): Ditto.
-        (KJS::stringProtoFuncBig): Use toThisString.
-        (KJS::stringProtoFuncSmall): Ditto.
-        (KJS::stringProtoFuncBlink): Ditto.
-        (KJS::stringProtoFuncBold): Ditto.
-        (KJS::stringProtoFuncFixed): Ditto.
-        (KJS::stringProtoFuncItalics): Ditto.
-        (KJS::stringProtoFuncStrike): Ditto.
-        (KJS::stringProtoFuncSub): Ditto.
-        (KJS::stringProtoFuncSup): Ditto.
-        (KJS::stringProtoFuncFontcolor): Ditto.
-        (KJS::stringProtoFuncFontsize): Ditto.
-        (KJS::stringProtoFuncAnchor): Ditto.
-        (KJS::stringProtoFuncLink): Ditto.
-
-        * kjs/string_object.h: Added toString, toThisString, and toThisJSString.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::append): Added a version that takes a character pointer and
-        size, so we don't have to create a UString just to append to another UString.
-        * kjs/ustring.h:
-
-2008-06-26  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        Make JSGlobalData per-thread.
-
-        No change on SunSpider total.
-
-        * wtf/ThreadSpecific.h: Re-enabled the actual implementation.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject): Re-added a JSLock-related assertion. We'll probably
-        want to preserve these somehow to keep legacy behavior in working condition.
-        (KJS::JSGlobalObject::init): Initialize globalData pointer earlier, so that it is ready
-        when updating JSGlobalObject linked list.
-
-        * kjs/JSGlobalObject.h: (KJS::JSGlobalObject::head): Changed head() to be non-static, and
-        to use JSGlobalData associated with the current object.
-
-        * kjs/InitializeThreading.cpp: (KJS::initializeThreadingOnce): Removed a no longer needed
-        Heap::registerAsMainThread() call.
-
-        * kjs/JSGlobalData.h: Removed a lying lie comment - parserObjectExtraRefCounts is not
-        transient, and while newParserObjects may conceptually be such, there is still some node
-        manipulation going on outside Parser::parse which touches it.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::~JSGlobalData): Delete recently added members.
-        (KJS::JSGlobalData::sharedInstance): Actually use a separate instance.
-
-        * kjs/collector.cpp:
-        (KJS::Heap::Heap):
-        (KJS::Heap::~Heap): Added a destructor, which unconditionally deletes everything.
-        (KJS::Heap::sweep): Removed code related to "collect on main thread only" logic.
-        (KJS::Heap::collect): Ditto.
-        (KJS::Heap::globalObjectCount): Explicitly use per-thread instance of JSGlobalObject linked
-        list now that JSGlobalObject::head() is not static. Curently, WebCoreStatistics methods only
-        work with the main thread currently anyway.
-        (KJS::Heap::protectedGlobalObjectCount): Ditto.
-
-        * kjs/collector.h: Removed code related to "collect on main thread only" logic.
-
-        * JavaScriptCore.exp: Removed Heap::collectOnMainThreadOnly.
-
-2008-06-26  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19767
-        REGRESSION: Crash in sort() when visiting http://www.onnyturf.com/subway/
-
-        * kjs/JSArray.cpp: (KJS::AVLTreeAbstractorForArrayCompare::set_balance_factor):
-        Made changing balance factor from -1 to +1 work correctly.
-
-        * wtf/AVLTree.h: (KJS::AVLTreeDefaultBSet::operator[]): Added an assertion that catches
-        this slightly earlier.
-
-2008-06-25  Timothy Hatcher  <timothy@apple.com>
-
-        Fixes an ASSERT in the profiler when starting multiple profiles
-        with the same name inside the same function/program.
-
-        Reviewed by Kevin McCullough.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::Profile): Initialize m_stoppedCallDepth to zero.
-        (KJS::Profile::stopProfiling): Set the current node to the parent,
-        because we are in a call that will not get a didExecute call.
-        (KJS::Profile::removeProfile): Increment m_stoppedCallDepth to
-        account for didExecute not being called for profile.
-        (KJS::Profile::willExecute): Increment m_stoppedCallDepth if stopped.
-        (KJS::Profile::didExecute): Decrement m_stoppedCallDepth if stopped and
-        greater than zero, and return early.
-        * profiler/Profile.h: Added stoppedProfiling().
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::findProfile): Removed.
-        (KJS::Profiler::startProfiling): Don't return early for stopped profiles.
-        (KJS::Profiler::stopProfiling): Skipp stopped profiles.
-        (KJS::Profiler::didFinishAllExecution): Code clean-up.
-        * profiler/Profiler.h: Removed findProfile.
-
-2008-06-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Attempt to fix Windows debug build. The compiler gives a warning when
-        Structured Exception Handling and destructors are used in the same
-        function. Using manual locking and unlocking instead of constructors
-        and destructors should fix the warning.
-
-        * kjs/Shell.cpp:
-        (main):
-
-2008-06-25  Alexey Proskuryakov  <ap@webkit.org>
-
-        Forgot to address a review comment about better names for tracked objects, doing it now.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/nodes.cpp:
-        (KJS::ParserRefCounted::ParserRefCounted):
-        (KJS::ParserRefCounted::ref):
-        (KJS::ParserRefCounted::deref):
-        (KJS::ParserRefCounted::hasOneRef):
-        (KJS::ParserRefCounted::deleteNewObjects):
-
-2008-06-25  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        Remove more threadInstance() calls.
-
-        * kjs/JSFunction.cpp:
-        (KJS::JSFunction::getParameterName):
-        (KJS::IndexToNameMap::unMap):
-        (KJS::Arguments::deleteProperty):
-        * kjs/JSFunction.h:
-        Access nullIdentifier without going to thread specific storage.
-
-        * JavaScriptCore.exp:
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse):
-        * kjs/Parser.h:
-        (KJS::ParserRefCountedData::ParserRefCountedData):
-        (KJS::Parser::parse):
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::ParserRefCounted::ParserRefCounted):
-        (KJS::ParserRefCounted::ref):
-        (KJS::ParserRefCounted::deref):
-        (KJS::ParserRefCounted::hasOneRef):
-        (KJS::ParserRefCounted::deleteNewObjects):
-        (KJS::Node::Node):
-        (KJS::StatementNode::StatementNode):
-        (KJS::BreakpointCheckStatement::BreakpointCheckStatement):
-        (KJS::ConstDeclNode::ConstDeclNode):
-        (KJS::BlockNode::BlockNode):
-        (KJS::ForInNode::ForInNode):
-        (KJS::ScopeNode::ScopeNode):
-        (KJS::ProgramNode::ProgramNode):
-        (KJS::ProgramNode::create):
-        (KJS::EvalNode::EvalNode):
-        (KJS::EvalNode::create):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        (KJS::FunctionBodyNode::create):
-        * kjs/nodes.h:
-        (KJS::ExpressionNode::):
-        (KJS::NullNode::):
-        (KJS::BooleanNode::):
-        (KJS::NumberNode::):
-        (KJS::ImmediateNumberNode::):
-        (KJS::StringNode::):
-        (KJS::RegExpNode::):
-        (KJS::ThisNode::):
-        (KJS::ResolveNode::):
-        (KJS::ElementNode::):
-        (KJS::ArrayNode::):
-        (KJS::PropertyNode::):
-        (KJS::PropertyListNode::):
-        (KJS::ObjectLiteralNode::):
-        (KJS::BracketAccessorNode::):
-        (KJS::DotAccessorNode::):
-        (KJS::ArgumentListNode::):
-        (KJS::ArgumentsNode::):
-        (KJS::NewExprNode::):
-        (KJS::EvalFunctionCallNode::):
-        (KJS::FunctionCallValueNode::):
-        (KJS::FunctionCallResolveNode::):
-        (KJS::FunctionCallBracketNode::):
-        (KJS::FunctionCallDotNode::):
-        (KJS::PrePostResolveNode::):
-        (KJS::PostIncResolveNode::):
-        (KJS::PostDecResolveNode::):
-        (KJS::PostfixBracketNode::):
-        (KJS::PostIncBracketNode::):
-        (KJS::PostDecBracketNode::):
-        (KJS::PostfixDotNode::):
-        (KJS::PostIncDotNode::):
-        (KJS::PostDecDotNode::):
-        (KJS::PostfixErrorNode::):
-        (KJS::DeleteResolveNode::):
-        (KJS::DeleteBracketNode::):
-        (KJS::DeleteDotNode::):
-        (KJS::DeleteValueNode::):
-        (KJS::VoidNode::):
-        (KJS::TypeOfResolveNode::):
-        (KJS::TypeOfValueNode::):
-        (KJS::PreIncResolveNode::):
-        (KJS::PreDecResolveNode::):
-        (KJS::PrefixBracketNode::):
-        (KJS::PreIncBracketNode::):
-        (KJS::PreDecBracketNode::):
-        (KJS::PrefixDotNode::):
-        (KJS::PreIncDotNode::):
-        (KJS::PreDecDotNode::):
-        (KJS::PrefixErrorNode::):
-        (KJS::UnaryOpNode::UnaryOpNode):
-        (KJS::UnaryPlusNode::):
-        (KJS::NegateNode::):
-        (KJS::BitwiseNotNode::):
-        (KJS::LogicalNotNode::):
-        (KJS::BinaryOpNode::BinaryOpNode):
-        (KJS::ReverseBinaryOpNode::ReverseBinaryOpNode):
-        (KJS::MultNode::):
-        (KJS::DivNode::):
-        (KJS::ModNode::):
-        (KJS::AddNode::):
-        (KJS::SubNode::):
-        (KJS::LeftShiftNode::):
-        (KJS::RightShiftNode::):
-        (KJS::UnsignedRightShiftNode::):
-        (KJS::LessNode::):
-        (KJS::GreaterNode::):
-        (KJS::LessEqNode::):
-        (KJS::GreaterEqNode::):
-        (KJS::InstanceOfNode::):
-        (KJS::InNode::):
-        (KJS::EqualNode::):
-        (KJS::NotEqualNode::):
-        (KJS::StrictEqualNode::):
-        (KJS::NotStrictEqualNode::):
-        (KJS::BitAndNode::):
-        (KJS::BitOrNode::):
-        (KJS::BitXOrNode::):
-        (KJS::LogicalAndNode::):
-        (KJS::LogicalOrNode::):
-        (KJS::ConditionalNode::):
-        (KJS::ReadModifyResolveNode::):
-        (KJS::AssignResolveNode::):
-        (KJS::ReadModifyBracketNode::):
-        (KJS::AssignBracketNode::):
-        (KJS::AssignDotNode::):
-        (KJS::ReadModifyDotNode::):
-        (KJS::AssignErrorNode::):
-        (KJS::CommaNode::):
-        (KJS::VarDeclCommaNode::):
-        (KJS::ConstStatementNode::):
-        (KJS::SourceElements::SourceElements):
-        (KJS::EmptyStatementNode::):
-        (KJS::DebuggerStatementNode::):
-        (KJS::ExprStatementNode::):
-        (KJS::VarStatementNode::):
-        (KJS::IfNode::):
-        (KJS::IfElseNode::):
-        (KJS::DoWhileNode::):
-        (KJS::WhileNode::):
-        (KJS::ForNode::):
-        (KJS::ContinueNode::):
-        (KJS::BreakNode::):
-        (KJS::ReturnNode::):
-        (KJS::WithNode::):
-        (KJS::LabelNode::):
-        (KJS::ThrowNode::):
-        (KJS::TryNode::):
-        (KJS::ParameterNode::):
-        (KJS::FuncExprNode::):
-        (KJS::FuncDeclNode::):
-        (KJS::CaseClauseNode::):
-        (KJS::ClauseListNode::):
-        (KJS::CaseBlockNode::):
-        (KJS::SwitchNode::):
-        Changed ParserRefCounted to hold a JSGlobalData pointer, and used it to replace
-        threadInstance calls.
-
-2008-06-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Make the JavaScript shell collect the heap from main() instead of
-        jscmain() to suppress leak messages in debug builds.
-
-        * kjs/Shell.cpp:
-        (main):
-        (jscmain):
-
-2008-06-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Make the conversion of the pair (less, jtrue) to jless use register
-        reference counting information for safety instead of requiring callers
-        to decide whether it is safe.
-
-        No changes on SunSpider codegen.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJumpIfTrue):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::DoWhileNode::emitCode):
-        (KJS::WhileNode::emitCode):
-        (KJS::ForNode::emitCode):
-        (KJS::CaseBlockNode::emitCodeForBlock):
-
-2008-06-24  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/6031594> JSProfiler: Profiler goes into an infinite
-        loop sometimes.
-        <rdar://problem/6031603> JSProfiler: Profiler asserts in debug and
-        give the wrong times in release
-
-        Fixed two issues found by Tim in the same test.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::removeProfileStart): No longer take profile's time from
-        all ancestors, but instead attribute it to its parent.  Also add an
-        Assert to ensure we only delete the child we mean to.
-        (KJS::Profile::removeProfileEnd): Ditto for profileEnd.
-        (KJS::Profile::didExecute): Cleaned up the execution order and correctly
-        attribute all of the parent's time to the new node.
-        * profiler/ProfileNode.cpp: If this node does not have a startTime it
-        should not get a giant total time, but instead be 0.
-        (KJS::ProfileNode::endAndRecordCall):
-        * profiler/ProfileNode.h:
-        (KJS::ProfileNode::removeChild): Should reset the sibling pointers since
-        one of them has been removed.
-
-2008-06-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=19739
-          REGRESSION: fast/js/property-getters-and-setters.html fails
-
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::put): Remove an untested optimization I checked in by accident.
-        The two loops up the prototype chain both need to start from this; instead the
-        second loop was starting where the first loop left off.
-
-2008-06-24  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * kjs/nodes.cpp:
-
-2008-06-24  Joerg Bornemann  <joerg.bornemann@trolltech.com>
-
-        Reviewed by Simon.
-
-        For the Qt build on Windows don't depend on the presence of GNU CPP
-        but use MSVC's preprocessor instead.
-        dftables accepts a --preprocessor option which is set in pcre.pri for MSVC platforms.
-
-        * pcre/dftables: Added support for specifying the preprocessor command
-        to use via --preprocessor, similar to
-        WebCore/bindings/scripts/generate-bindings.pl.
-        * pcre/pcre.pri: Pass --preprocessor='cl /e' to dftables, or more
-        generally speaking QMAKE_CC /E for the win32-msvc buildspecs.
-
-2008-06-24  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the Qt build, added missing include.
-
-        * kjs/PropertySlot.cpp:
-
-2008-06-24  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Make ParserRefCountedCounter actually perform a leak check.
-
-        * kjs/nodes.cpp:
-        (KJS::ParserRefCountedCounter::~ParserRefCountedCounter): Check for leaks in destructor,
-        not in constructor.
-        (KJS::ParserRefCountedCounter::increment):
-        (KJS::ParserRefCountedCounter::decrement):
-        (KJS::ParserRefCounted::ParserRefCounted):
-        (KJS::ParserRefCounted::~ParserRefCounted):
-        While at it, also made counting thread-safe.
-
-2008-06-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 19730: REGRESSION (r34497): Text in alerts in "Leisure suit Larry" is not wrapped
-        <https://bugs.webkit.org/show_bug.cgi?id=19730>
-
-        Do not convert the pair (less, jtrue) to jless when jtrue is a jump
-        target. An example of this is when the condition of a while loop is a
-        LogicalOrNode.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitLabel):
-
-2008-06-20  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Adam Roben.
-
-        Fix compile with MinGW.
-
-        * kjs/Shell.cpp:
-        * wtf/Threading.h:
-        (WTF::atomicIncrement):
-        (WTF::atomicDecrement):
-
-2008-06-23  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Prepration for returning memory to the OS on Windows.  Track whether a portion of a span of memory was returned to the OS.
-        If it was, ask that it be recommitted before returning it to the application as an allocated region.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::New):  If the span was decommitted, ask that it be recommitted before returning it.
-        (WTF::TCMalloc_PageHeap::AllocLarge):  Ditto.
-        (WTF::TCMalloc_PageHeap::Carve):  When splitting a span, ensure that the decommitted state propogates to the two new spans.
-        (WTF::TCMalloc_PageHeap::Delete):  When merging a span, ensure that the resulting span is marked as decommitted if any of the
-        spans being merged were marked as decommitted.
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):  Mark as decommitted after releasing the span.
-        (WTF::TCMalloc_Central_FreeList::FetchFromSpans): Add an assertion to catch a decommitted span being returned to the application
-        without first being recommitted.
-        (WTF::TCMalloc_Central_FreeList::Populate): Ditto.
-        * wtf/TCSystemAlloc.cpp: Stub out TCMalloc_SystemCommit.
-        * wtf/TCSystemAlloc.h:
-
-2008-06-23  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove the sample member of Span when NO_TCMALLOC_SAMPLES is defined.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::Delete): Only update Span::sample if NO_TCMALLOC_SAMPLES is not defined.
-        (WTF::TCMallocStats::do_free):  Ditto.
-
-2008-06-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - work toward https://bugs.webkit.org/show_bug.cgi?id=19721
-
-        More preparation toward making functions work on primitive types without
-        creating wrapper objects. No speedup this time, but prepares for a future
-        speedup without slowing things down.
-
-        SunSpider reports no change.
-
-        - Eliminated the implementsCall, callAsFunction and construct virtual
-          functions from JSObject. Instead, the CallData and ConstructData for
-          a native function includes a function pointer that the caller can use
-          directly. Changed all call sites to use CallData and ConstructData.
-
-        - Changed the "this" argument to native functions to be a JSValue rather
-          than a JSObject. This prepares us for passing primitives into these
-          functions. The conversion to an object now must be done inside the
-          function. Critically, if it's a function that can be called on a DOM
-          window object, then we have to be sure to call toThisObject on the
-          argument before we use it for anything even if it's already an object.
-
-        - Eliminated the practice of using constructor objects in the global
-          object to make objects of the various basic types. Since these
-          constructors can't be replaced by script, there's no reason to involve
-          a constructor object at all. Added functions to do the construction
-          directly.
-
-        - Made some more class members private and protected, including virtual
-          function overrides. This can catch code using unnecessarily slow virtual
-          function code paths when the type of an object is known statically. If we
-          later find a new reason use the members outside the class it's easy to
-          make them public again.
-
-        - Moved the declarations of the native implementations for functions out
-          of header files. These can have internal linkage and be declared inside
-          the source file.
-
-        - Changed PrototypeFunction to take function pointers with the right
-          arguments to be put directly into CallData. This eliminates the
-          need to have a separate PrototypeReflexiveFunction, and reveals that the
-          real purpose of that class included something else specific to eval --
-          storage of a cached global object. So renamed PrototypeReflexiveFunction
-          to GlobalEvalFunction.
-
-        * API/JSCallbackConstructor.cpp:
-        (KJS::constructJSCallback):
-        (KJS::JSCallbackConstructor::getConstructData):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::implementsHasInstance):
-        (KJS::JSCallbackFunction::call):
-        (KJS::JSCallbackFunction::getCallData):
-        * API/JSCallbackFunction.h:
-        (KJS::JSCallbackFunction::classInfo):
-        * API/JSCallbackObject.h:
-        (KJS::JSCallbackObject::classRef):
-        (KJS::JSCallbackObject::classInfo):
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::getConstructData):
-        (KJS::::construct):
-        (KJS::::getCallData):
-        (KJS::::call):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp:
-        (KJS::jsTypeStringForValue):
-        (KJS::Machine::privateExecute):
-        * kjs/ArrayPrototype.cpp:
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncJoin):
-        (KJS::arrayProtoFuncConcat):
-        (KJS::arrayProtoFuncPop):
-        (KJS::arrayProtoFuncPush):
-        (KJS::arrayProtoFuncReverse):
-        (KJS::arrayProtoFuncShift):
-        (KJS::arrayProtoFuncSlice):
-        (KJS::arrayProtoFuncSort):
-        (KJS::arrayProtoFuncSplice):
-        (KJS::arrayProtoFuncUnShift):
-        (KJS::arrayProtoFuncFilter):
-        (KJS::arrayProtoFuncMap):
-        (KJS::arrayProtoFuncEvery):
-        (KJS::arrayProtoFuncForEach):
-        (KJS::arrayProtoFuncSome):
-        (KJS::arrayProtoFuncIndexOf):
-        (KJS::arrayProtoFuncLastIndexOf):
-        (KJS::ArrayConstructor::ArrayConstructor):
-        (KJS::constructArrayWithSizeQuirk):
-        (KJS::constructWithArrayConstructor):
-        (KJS::ArrayConstructor::getConstructData):
-        (KJS::callArrayConstructor):
-        (KJS::ArrayConstructor::getCallData):
-        * kjs/ArrayPrototype.h:
-        * kjs/BooleanObject.cpp:
-        (KJS::booleanProtoFuncToString):
-        (KJS::booleanProtoFuncValueOf):
-        (KJS::constructBoolean):
-        (KJS::constructWithBooleanConstructor):
-        (KJS::BooleanConstructor::getConstructData):
-        (KJS::callBooleanConstructor):
-        (KJS::BooleanConstructor::getCallData):
-        (KJS::constructBooleanFromImmediateBoolean):
-        * kjs/BooleanObject.h:
-        * kjs/CallData.h:
-        (KJS::):
-        * kjs/ConstructData.h:
-        (KJS::):
-        * kjs/FunctionPrototype.cpp:
-        (KJS::callFunctionPrototype):
-        (KJS::FunctionPrototype::getCallData):
-        (KJS::functionProtoFuncToString):
-        (KJS::functionProtoFuncApply):
-        (KJS::functionProtoFuncCall):
-        (KJS::constructWithFunctionConstructor):
-        (KJS::FunctionConstructor::getConstructData):
-        (KJS::callFunctionConstructor):
-        (KJS::FunctionConstructor::getCallData):
-        (KJS::constructFunction):
-        * kjs/FunctionPrototype.h:
-        * kjs/JSArray.cpp:
-        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        (KJS::JSArray::sort):
-        (KJS::constructEmptyArray):
-        (KJS::constructArray):
-        * kjs/JSArray.h:
-        (KJS::JSArray::classInfo):
-        * kjs/JSFunction.cpp:
-        (KJS::JSFunction::call):
-        (KJS::globalFuncEval):
-        (KJS::globalFuncParseInt):
-        (KJS::globalFuncParseFloat):
-        (KJS::globalFuncIsNaN):
-        (KJS::globalFuncIsFinite):
-        (KJS::globalFuncDecodeURI):
-        (KJS::globalFuncDecodeURIComponent):
-        (KJS::globalFuncEncodeURI):
-        (KJS::globalFuncEncodeURIComponent):
-        (KJS::globalFuncEscape):
-        (KJS::globalFuncUnescape):
-        (KJS::globalFuncKJSPrint):
-        (KJS::PrototypeFunction::PrototypeFunction):
-        (KJS::PrototypeFunction::getCallData):
-        (KJS::GlobalEvalFunction::GlobalEvalFunction):
-        (KJS::GlobalEvalFunction::mark):
-        * kjs/JSFunction.h:
-        (KJS::InternalFunction::classInfo):
-        (KJS::InternalFunction::functionName):
-        (KJS::JSFunction::classInfo):
-        (KJS::GlobalEvalFunction::cachedGlobalObject):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        (KJS::JSGlobalObject::mark):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObject):
-        (KJS::JSGlobalObject::evalFunction):
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::toObject):
-        * kjs/JSNotAnObject.cpp:
-        * kjs/JSNotAnObject.h:
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::put):
-        (KJS::callDefaultValueFunction):
-        (KJS::JSObject::defaultValue):
-        (KJS::JSObject::lookupGetter):
-        (KJS::JSObject::lookupSetter):
-        (KJS::JSObject::hasInstance):
-        (KJS::JSObject::fillGetterPropertySlot):
-        (KJS::Error::create):
-        (KJS::constructEmptyObject):
-        * kjs/JSObject.h:
-        (KJS::GetterSetter::GetterSetter):
-        (KJS::GetterSetter::getter):
-        (KJS::GetterSetter::setGetter):
-        (KJS::GetterSetter::setter):
-        (KJS::GetterSetter::setSetter):
-        * kjs/JSValue.cpp:
-        (KJS::JSCell::deleteProperty):
-        (KJS::call):
-        (KJS::construct):
-        * kjs/JSValue.h:
-        * kjs/MathObject.cpp:
-        (KJS::mathProtoFuncAbs):
-        (KJS::mathProtoFuncACos):
-        (KJS::mathProtoFuncASin):
-        (KJS::mathProtoFuncATan):
-        (KJS::mathProtoFuncATan2):
-        (KJS::mathProtoFuncCeil):
-        (KJS::mathProtoFuncCos):
-        (KJS::mathProtoFuncExp):
-        (KJS::mathProtoFuncFloor):
-        (KJS::mathProtoFuncLog):
-        (KJS::mathProtoFuncMax):
-        (KJS::mathProtoFuncMin):
-        (KJS::mathProtoFuncPow):
-        (KJS::mathProtoFuncRandom):
-        (KJS::mathProtoFuncRound):
-        (KJS::mathProtoFuncSin):
-        (KJS::mathProtoFuncSqrt):
-        (KJS::mathProtoFuncTan):
-        * kjs/MathObject.h:
-        * kjs/NumberObject.cpp:
-        (KJS::numberProtoFuncToString):
-        (KJS::numberProtoFuncToLocaleString):
-        (KJS::numberProtoFuncValueOf):
-        (KJS::numberProtoFuncToFixed):
-        (KJS::numberProtoFuncToExponential):
-        (KJS::numberProtoFuncToPrecision):
-        (KJS::NumberConstructor::NumberConstructor):
-        (KJS::constructWithNumberConstructor):
-        (KJS::NumberConstructor::getConstructData):
-        (KJS::callNumberConstructor):
-        (KJS::NumberConstructor::getCallData):
-        (KJS::constructNumber):
-        (KJS::constructNumberFromImmediateNumber):
-        * kjs/NumberObject.h:
-        (KJS::NumberObject::classInfo):
-        (KJS::NumberConstructor::classInfo):
-        * kjs/PropertySlot.cpp:
-        (KJS::PropertySlot::functionGetter):
-        * kjs/RegExpObject.cpp:
-        (KJS::regExpProtoFuncTest):
-        (KJS::regExpProtoFuncExec):
-        (KJS::regExpProtoFuncCompile):
-        (KJS::regExpProtoFuncToString):
-        (KJS::callRegExpObject):
-        (KJS::RegExpObject::getCallData):
-        (KJS::constructRegExp):
-        (KJS::constructWithRegExpConstructor):
-        (KJS::RegExpConstructor::getConstructData):
-        (KJS::callRegExpConstructor):
-        (KJS::RegExpConstructor::getCallData):
-        * kjs/RegExpObject.h:
-        (KJS::RegExpConstructor::classInfo):
-        * kjs/Shell.cpp:
-        (GlobalObject::GlobalObject):
-        (functionPrint):
-        (functionDebug):
-        (functionGC):
-        (functionVersion):
-        (functionRun):
-        (functionLoad):
-        (functionReadline):
-        (functionQuit):
-        * kjs/date_object.cpp:
-        (KJS::gmtoffset):
-        (KJS::formatLocaleDate):
-        (KJS::fillStructuresUsingDateArgs):
-        (KJS::DateInstance::getTime):
-        (KJS::DateInstance::getUTCTime):
-        (KJS::DateConstructor::DateConstructor):
-        (KJS::constructDate):
-        (KJS::DateConstructor::getConstructData):
-        (KJS::callDate):
-        (KJS::DateConstructor::getCallData):
-        (KJS::dateParse):
-        (KJS::dateNow):
-        (KJS::dateUTC):
-        (KJS::dateProtoFuncToString):
-        (KJS::dateProtoFuncToUTCString):
-        (KJS::dateProtoFuncToDateString):
-        (KJS::dateProtoFuncToTimeString):
-        (KJS::dateProtoFuncToLocaleString):
-        (KJS::dateProtoFuncToLocaleDateString):
-        (KJS::dateProtoFuncToLocaleTimeString):
-        (KJS::dateProtoFuncValueOf):
-        (KJS::dateProtoFuncGetTime):
-        (KJS::dateProtoFuncGetFullYear):
-        (KJS::dateProtoFuncGetUTCFullYear):
-        (KJS::dateProtoFuncToGMTString):
-        (KJS::dateProtoFuncGetMonth):
-        (KJS::dateProtoFuncGetUTCMonth):
-        (KJS::dateProtoFuncGetDate):
-        (KJS::dateProtoFuncGetUTCDate):
-        (KJS::dateProtoFuncGetDay):
-        (KJS::dateProtoFuncGetUTCDay):
-        (KJS::dateProtoFuncGetHours):
-        (KJS::dateProtoFuncGetUTCHours):
-        (KJS::dateProtoFuncGetMinutes):
-        (KJS::dateProtoFuncGetUTCMinutes):
-        (KJS::dateProtoFuncGetSeconds):
-        (KJS::dateProtoFuncGetUTCSeconds):
-        (KJS::dateProtoFuncGetMilliSeconds):
-        (KJS::dateProtoFuncGetUTCMilliseconds):
-        (KJS::dateProtoFuncGetTimezoneOffset):
-        (KJS::dateProtoFuncSetTime):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::dateProtoFuncSetMilliSeconds):
-        (KJS::dateProtoFuncSetUTCMilliseconds):
-        (KJS::dateProtoFuncSetSeconds):
-        (KJS::dateProtoFuncSetUTCSeconds):
-        (KJS::dateProtoFuncSetMinutes):
-        (KJS::dateProtoFuncSetUTCMinutes):
-        (KJS::dateProtoFuncSetHours):
-        (KJS::dateProtoFuncSetUTCHours):
-        (KJS::dateProtoFuncSetDate):
-        (KJS::dateProtoFuncSetUTCDate):
-        (KJS::dateProtoFuncSetMonth):
-        (KJS::dateProtoFuncSetUTCMonth):
-        (KJS::dateProtoFuncSetFullYear):
-        (KJS::dateProtoFuncSetUTCFullYear):
-        (KJS::dateProtoFuncSetYear):
-        (KJS::dateProtoFuncGetYear):
-        * kjs/date_object.h:
-        (KJS::DateInstance::internalNumber):
-        (KJS::DateInstance::classInfo):
-        * kjs/error_object.cpp:
-        (KJS::errorProtoFuncToString):
-        (KJS::constructError):
-        (KJS::constructWithErrorConstructor):
-        (KJS::ErrorConstructor::getConstructData):
-        (KJS::callErrorConstructor):
-        (KJS::ErrorConstructor::getCallData):
-        (KJS::NativeErrorConstructor::construct):
-        (KJS::constructWithNativeErrorConstructor):
-        (KJS::NativeErrorConstructor::getConstructData):
-        (KJS::callNativeErrorConstructor):
-        (KJS::NativeErrorConstructor::getCallData):
-        * kjs/error_object.h:
-        (KJS::NativeErrorConstructor::classInfo):
-        * kjs/internal.cpp:
-        (KJS::JSNumberCell::toObject):
-        (KJS::JSNumberCell::toThisObject):
-        (KJS::GetterSetter::mark):
-        (KJS::GetterSetter::toPrimitive):
-        (KJS::GetterSetter::toBoolean):
-        (KJS::GetterSetter::toNumber):
-        (KJS::GetterSetter::toString):
-        (KJS::GetterSetter::toObject):
-        (KJS::InternalFunction::InternalFunction):
-        (KJS::InternalFunction::implementsHasInstance):
-        * kjs/lookup.h:
-        (KJS::HashEntry::):
-        * kjs/nodes.cpp:
-        (KJS::FuncDeclNode::makeFunction):
-        (KJS::FuncExprNode::makeFunction):
-        * kjs/object_object.cpp:
-        (KJS::objectProtoFuncValueOf):
-        (KJS::objectProtoFuncHasOwnProperty):
-        (KJS::objectProtoFuncIsPrototypeOf):
-        (KJS::objectProtoFuncDefineGetter):
-        (KJS::objectProtoFuncDefineSetter):
-        (KJS::objectProtoFuncLookupGetter):
-        (KJS::objectProtoFuncLookupSetter):
-        (KJS::objectProtoFuncPropertyIsEnumerable):
-        (KJS::objectProtoFuncToLocaleString):
-        (KJS::objectProtoFuncToString):
-        (KJS::ObjectConstructor::ObjectConstructor):
-        (KJS::constructObject):
-        (KJS::constructWithObjectConstructor):
-        (KJS::ObjectConstructor::getConstructData):
-        (KJS::callObjectConstructor):
-        (KJS::ObjectConstructor::getCallData):
-        * kjs/object_object.h:
-        * kjs/string_object.cpp:
-        (KJS::replace):
-        (KJS::stringProtoFuncToString):
-        (KJS::stringProtoFuncValueOf):
-        (KJS::stringProtoFuncCharAt):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncConcat):
-        (KJS::stringProtoFuncIndexOf):
-        (KJS::stringProtoFuncLastIndexOf):
-        (KJS::stringProtoFuncMatch):
-        (KJS::stringProtoFuncSearch):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncSlice):
-        (KJS::stringProtoFuncSplit):
-        (KJS::stringProtoFuncSubstr):
-        (KJS::stringProtoFuncSubstring):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        (KJS::stringProtoFuncLocaleCompare):
-        (KJS::stringProtoFuncBig):
-        (KJS::stringProtoFuncSmall):
-        (KJS::stringProtoFuncBlink):
-        (KJS::stringProtoFuncBold):
-        (KJS::stringProtoFuncFixed):
-        (KJS::stringProtoFuncItalics):
-        (KJS::stringProtoFuncStrike):
-        (KJS::stringProtoFuncSub):
-        (KJS::stringProtoFuncSup):
-        (KJS::stringProtoFuncFontcolor):
-        (KJS::stringProtoFuncFontsize):
-        (KJS::stringProtoFuncAnchor):
-        (KJS::stringProtoFuncLink):
-        (KJS::stringFromCharCode):
-        (KJS::StringConstructor::StringConstructor):
-        (KJS::constructWithStringConstructor):
-        (KJS::StringConstructor::getConstructData):
-        (KJS::callStringConstructor):
-        (KJS::StringConstructor::getCallData):
-        * kjs/string_object.h:
-
-2008-06-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 19716: REGRESSION (SquirrelFish): Reproducible crash after entering a username at mint.com
-        <https://bugs.webkit.org/show_bug.cgi?id=19716>
-
-        When unwinding callframes for exceptions, check whether the callframe
-        was created by a reentrant native call to JavaScript after tearing off
-        the local variables instead of before.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::unwindCallFrame):
-
-2008-06-23  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Get testapi passing again in a debug build.
-
-        * API/testapi.c:
-        (main): Update the expected output of calling JSValueMakeString on a function object.
-
-2008-06-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Print a blank line when exiting the jsc interactive mode to ensure that the shell
-        prompt will start on a new line.
-
-        * kjs/Shell.cpp:
-        (runInteractive):
-
-2008-06-21  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Tweak the paths of the items in the "tests" group to clean things up a little.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-06-21  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Fix jsc to link against libedit.dylib rather than libedit.2.dylib.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-06-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Copy the JavaScriptCore shell (jsc) into JavaScriptCore.framework so that it will
-        be included in nightly builds.
-        https://bugs.webkit.org/show_bug.cgi?id=19691
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-06-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Mark Rowe.
-
-        Fix the build for non-Mac Darwin platforms by disabling their support
-        for readline in the JavaScript shell.
-
-        * kjs/config.h:
-
-2008-06-20  Timothy Hatcher  <timothy@apple.com>
-
-        Use member function pointers for the Profile::forEach function.
-        Eliminating a few static functions and simplified things a little.
-
-        Reviewed by Alexey Proskuryakov.
-
-        * JavaScriptCore.exp: Change the symbol for forEach.
-        * profiler/Profile.cpp:
-        (KJS::Profile::forEach): Use a member function pointer.
-        * profiler/Profile.h:
-        (KJS::Profile::sortTotalTimeDescending): Pass a function pointer.
-        (KJS::Profile::sortTotalTimeAscending): Ditto.
-        (KJS::Profile::sortSelfTimeDescending): Ditto.
-        (KJS::Profile::sortSelfTimeAscending): Ditto.
-        (KJS::Profile::sortCallsDescending): Ditto.
-        * profiler/ProfileNode.h:
-        (KJS::ProfileNode::sortTotalTimeDescending): No longer static.
-        (KJS::ProfileNode::sortTotalTimeAscending): Ditto.
-        (KJS::ProfileNode::sortSelfTimeDescending): Ditto.
-        (KJS::ProfileNode::sortSelfTimeAscending): Ditto.
-        (KJS::ProfileNode::sortCallsDescending): Ditto.
-
-2008-06-20  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Remove unused destructors.
-
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-
-2008-06-20  Timothy Hatcher  <timothy@apple.com>
-
-        Fixed an ASSERT(m_actualSelfTime <= m_actualTotalTime) when starting
-        and stopping a profile from the Develop menu. Also prevents
-        inserting an incorrect parent node as the new head after profiling
-        is stopped from the Develop menu.
-
-        Reviewed by Dan Bernstein.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::stopProfiling): If the current node is already the head
-        then there is no more need to record future nodes in didExecute.
-        (KJS::Profile::didExecute): Move the code of setupCurrentNodeAsStopped
-        into here since this was the only caller. When setting the total time
-        keep any current total time while adding the self time of the head.
-        (KJS::Profile::setupCurrentNodeAsStopped): Removed.
-        * profiler/Profile.h: Removed setupCurrentNodeAsStopped.
-
-2008-06-20  Kevin Ollivier  <kevino@theolliviers.com>
-
-        !USE(MULTIPLE_THREADS) on Darwin build fix
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreading):
-        * kjs/collector.h:
-
-2008-06-20  Kevin McCullough  <kmccullough@apple.com>
-
-        -Leopard Build Fix.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::removeProfileStart):
-        (KJS::Profile::removeProfileEnd):
-
-2008-06-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Just giving credit.
-
-        * ChangeLog:
-
-2008-06-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim and Dan.
-
-        <rdar://problem/6024846> JSProfiler: ASSERT hit in Profiler.
-        - Because InspectorController can call startProfiling() and
-        stopProfiling() we cannot assert that console.profile() and
-        console.profileEnd() will be in the profile tree.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::removeProfileStart):
-        (KJS::Profile::removeProfileEnd):
-
-2008-06-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5958770> JSProfiler: Time incorrectly given to (idle)
-        if profiling is started and finished within the same function. (19230)
-        - Now we profile one more stack frame up from the last frame to allocate
-        the time spent in it, if it exists.
-
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp: We need to let the profiler know when the JS program 
-        has finished since that is what will actually stop the profiler instead
-        of just calling stopProfiling().
-        (KJS::Machine::execute):
-        * profiler/Profile.cpp:
-        (KJS::Profile::create): Moved from Profile.h since it was getting pretty
-        long.
-        (KJS::Profile::Profile): We now have a client, which is a listener who
-        we will return this profile to, once it has actually finished.
-        (KJS::Profile::stopProfiling): Instead of fully stopping the profiler
-        here, we set the flag and keep it profiling in the background.
-        (KJS::Profile::didFinishAllExecution): This is where the profiler
-        actually finishes and creates the (idle) node if one should be made.
-        (KJS::Profile::removeProfileStart): Don't use m_currentNode since it is
-        needed by the profiler as it runs silently in the background.
-        (KJS::Profile::removeProfileEnd): Ditto.
-        (KJS::Profile::willExecute): Don't profile new functions if we have
-        stopped profiling.
-        (KJS::Profile::didExecute): Only record one more return as all the
-        remaining time will be attributed to that function.
-        (KJS::Profile::setupCurrentNodeAsStopped): Sets the current node's time.
-        * profiler/Profile.h: Added functions and variables for the above
-        changes.
-        (KJS::Profile::client):
-        * profiler/ProfileNode.h:
-        (KJS::CallIdentifier::toString): Debug method.
-        * profiler/Profiler.cpp: Added support for the ProfilerClient.
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::stopProfiling): No longer return sthe profile.
-        (KJS::Profiler::didFinishAllExecution): Now returns the profile to the
-        client instead of stopProfiling.
-        * profiler/Profiler.h:
-        (KJS::ProfilerClient::~ProfilerClient): Clients will implement this
-        interface.
-
-2008-06-19  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        Surpress compiler warning (int vs unsigned comparison).
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-
-2008-06-19  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Timothy Hatcher.
-
-        Introduce compiler define for MinGW, to have COMPILER(MINGW).
-
-        * wtf/Platform.h:
-
-2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        Make Machine per-JSGlobalData.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitOpcode):
-        * VM/Machine.cpp:
-        (KJS::callEval):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::throwException):
-        (KJS::Machine::execute):
-        (KJS::Machine::debug):
-        * VM/Machine.h:
-        * kjs/DebuggerCallFrame.cpp:
-        (KJS::DebuggerCallFrame::evaluate):
-        * kjs/DebuggerCallFrame.h:
-        (KJS::DebuggerCallFrame::DebuggerCallFrame):
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/ExecState.h:
-        (KJS::ExecState::machine):
-        * kjs/JSFunction.cpp:
-        (KJS::JSFunction::callAsFunction):
-        (KJS::JSFunction::argumentsGetter):
-        (KJS::JSFunction::callerGetter):
-        (KJS::JSFunction::construct):
-        (KJS::globalFuncEval):
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-
-2008-06-19  Alp Toker  <alp@nuanti.com>
-
-        GTK+/autotools build fix. JSGlobalObject.cpp in now in
-        AllInOneFile.cpp and shouldn't be built separately.
-
-        * GNUmakefile.am:
-
-2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Get rid of some threadInstance calls.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::init):
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse):
-        * kjs/Shell.cpp:
-        (jscmain):
-
-2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Sam.
-
-        Fix an assertion failure at startup.
-
-        * kjs/JSObject.h: (KJS::JSObject::JSObject): Allow jsNull prototype in an assertion (I had
-        it fixed in a wrong copy of the file, so I wasn't getting the failure).
-
-2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
-
-        Build fix.
-
-        * kjs/collector.cpp:
-        (KJS::Heap::Heap):
-        (KJS::allocateBlock):
-        * kjs/collector.h:
-        No, #if PLATFORM(UNIX) was not right. I've just moved the unsafe initialization back for now,
-        as the platforms that use that code path do not use multiple threads yet.
-
-2008-06-19  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows and Qt build fixes.
-
-        * kjs/collector.h: 
-        * kjs/collector.cpp:
-        (KJS::Heap::Heap):
-        Wrapped m_pagesize in #if PLATFORM(UNIX), which should better match the sequence of #elifs
-        in allocateBlock(). Changed MIN_ARRAY_SIZE to be explicitly size_t, as this type is different
-        on different platforms.
-
-2008-06-17  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Prepare JavaScript heap for being per-thread.
-
-        * kjs/ExecState.h: Shuffle includes, making it possible to include ExecState.h in JSValue.h.
-        (KJS::ExecState::heap): Added an accessor.
-
-        * API/JSBase.cpp: (JSGarbageCollect): Collect both shared and per-thread heaps.
-
-        * API/JSContextRef.cpp: (JSGlobalContextCreate): When allocating JSGlobalObject, indicate
-        that it belongs to a shared heap.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp:
-        Moved JSGlobalObject.cpp to AllInOneFile, as a build fix for inlineAllocate magic.
-
-        * VM/CodeGenerator.h: (KJS::CodeGenerator::globalExec): Added an accessor (working via
-        m_scopeChain).
-
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::mark):
-        * VM/RegisterFileStack.h:
-        (KJS::RegisterFileStack::mark):
-        Made these pseudo-mark functions take Heap*.
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreading): Initialize heap introspector.
-
-        * kjs/JSGlobalData.h: Added Heap to the structure.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData): Initialize Heap.
-        (KJS::JSGlobalData::sharedInstance): Added a method to access shared global data instance
-        for legacy clients.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject): Changed to work with per-thread head; fixed list
-        maintenance logic.
-        (KJS::JSGlobalObject::init): Changed to work with per-thread head.
-        (KJS::JSGlobalObject::put): Assert that a cross-heap operation is not being attempted.
-        (KJS::JSGlobalObject::reset): Pass ExecState* where now required.
-        (KJS::JSGlobalObject::mark): Pass the current heap to RegisterFileStack::mark.
-        (KJS::JSGlobalObject::operator new): Overload operator new to use per-thread or shared heap.
-        * kjs/JSGlobalObject.h: Removed static s_head member.
-
-        * kjs/PropertyMap.h: (KJS::PropertyMap::PropertyMap): Removed unused SavedProperty.
-
-        * kjs/collector.h: Turned Collector into an actual object with its own data, renamed to Heap.
-        (KJS::Heap::initializeHeapIntrospector): Added.
-        (KJS::Heap::heap): Added a method to determine which heap a JSValue is in, if any.
-        (KJS::Heap::allocate): Made non-static.
-        (KJS::Heap::inlineAllocateNumber): Ditto.
-        (KJS::Heap::markListSet): Ditto.
-        (KJS::Heap::cellBlock): Ditto.
-        (KJS::Heap::cellOffset): Ditto.
-        (KJS::Heap::isCellMarked): Ditto.
-        (KJS::Heap::markCell): Ditto.
-        (KJS::Heap::reportExtraMemoryCost): Ditto.
-        (KJS::CollectorBlock): Added a back-reference to Heap for Heap::heap() method.
-        (KJS::SmallCellCollectorBlock): Ditto.
-
-        * kjs/collector.cpp: Changed MIN_ARRAY_SIZE to a #define to avoid a PIC branch. Removed
-        main thread related machinery.
-        (KJS::Heap::Heap): Initialize the newly added data members.
-        (KJS::allocateBlock): Marked NEVER_INLINE, as this is a rare case that uses a PIC branch.
-        Moved static pagesize to the class to make it safely initialized.
-        (KJS::Heap::heapAllocate): Initialize heap back reference after a new block is allocated.
-        (KJS::Heap::registerThread): Removed introspector initialization, as it is now performed
-        in InitializeThreading.cpp.
-        (KJS::Heap::markOtherThreadConservatively): Assert that the "other thread" case only occurs
-        for legacy clients using a shared heap.
-        (KJS::Heap::markStackObjectsConservatively): Moved fastMallocForbid/Allow down here, since
-        it doesn't need to be forbidden during other GC phases.
-
-        * kjs/JSImmediate.h:
-        (KJS::jsUndefined):
-        (KJS::jsNull):
-        (KJS::jsBoolean):
-        Moved from JSvalue.h, to make these usable in files that cannot include JSValue.h (such
-        as list.h).
-
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        * JavaScriptCore.exp:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitLoad):
-        * VM/JSPropertyNameIterator.cpp:
-        (KJS::JSPropertyNameIterator::create):
-        (KJS::JSPropertyNameIterator::next):
-        * VM/Machine.cpp:
-        (KJS::jsAddSlowCase):
-        (KJS::jsAdd):
-        (KJS::jsTypeStringForValue):
-        (KJS::scopeChainForCall):
-        (KJS::Machine::throwException):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        (KJS::Machine::retrieveArguments):
-        * kjs/ArrayPrototype.cpp:
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncJoin):
-        (KJS::arrayProtoFuncConcat):
-        (KJS::arrayProtoFuncPop):
-        (KJS::arrayProtoFuncPush):
-        (KJS::arrayProtoFuncShift):
-        (KJS::arrayProtoFuncSlice):
-        (KJS::arrayProtoFuncSplice):
-        (KJS::arrayProtoFuncUnShift):
-        (KJS::arrayProtoFuncFilter):
-        (KJS::arrayProtoFuncMap):
-        (KJS::arrayProtoFuncEvery):
-        (KJS::arrayProtoFuncForEach):
-        (KJS::arrayProtoFuncSome):
-        (KJS::arrayProtoFuncIndexOf):
-        (KJS::arrayProtoFuncLastIndexOf):
-        (KJS::ArrayConstructor::ArrayConstructor):
-        (KJS::ArrayConstructor::construct):
-        (KJS::ArrayConstructor::callAsFunction):
-        * kjs/BooleanObject.cpp:
-        (KJS::BooleanPrototype::BooleanPrototype):
-        (KJS::booleanProtoFuncToString):
-        (KJS::BooleanConstructor::BooleanConstructor):
-        (KJS::BooleanConstructor::construct):
-        * kjs/FunctionPrototype.cpp:
-        (KJS::FunctionPrototype::FunctionPrototype):
-        (KJS::functionProtoFuncToString):
-        (KJS::FunctionConstructor::FunctionConstructor):
-        (KJS::FunctionConstructor::construct):
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::createArgumentsObject):
-        * kjs/JSArray.cpp:
-        (KJS::JSArray::JSArray):
-        (KJS::JSArray::lengthGetter):
-        * kjs/JSFunction.cpp:
-        (KJS::JSFunction::lengthGetter):
-        (KJS::JSFunction::construct):
-        (KJS::Arguments::Arguments):
-        (KJS::encode):
-        (KJS::decode):
-        (KJS::globalFuncParseInt):
-        (KJS::globalFuncParseFloat):
-        (KJS::globalFuncEscape):
-        (KJS::globalFuncUnescape):
-        (KJS::PrototypeFunction::PrototypeFunction):
-        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::toObject):
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::registerThread):
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::put):
-        (KJS::JSObject::defineGetter):
-        (KJS::JSObject::defineSetter):
-        (KJS::Error::create):
-        * kjs/JSObject.h:
-        (KJS::JSObject::putDirect):
-        * kjs/JSString.h:
-        (KJS::JSString::JSString):
-        * kjs/JSValue.cpp:
-        (KJS::JSCell::operator new):
-        (KJS::jsString):
-        (KJS::jsOwnedString):
-        * kjs/JSValue.h:
-        (KJS::JSNumberCell::operator new):
-        (KJS::jsNumberCell):
-        (KJS::jsNaN):
-        (KJS::jsNumber):
-        (KJS::JSCell::marked):
-        (KJS::JSCell::mark):
-        (KJS::JSValue::toJSNumber):
-        * kjs/MathObject.cpp:
-        (KJS::MathObject::getValueProperty):
-        (KJS::mathProtoFuncAbs):
-        (KJS::mathProtoFuncACos):
-        (KJS::mathProtoFuncASin):
-        (KJS::mathProtoFuncATan):
-        (KJS::mathProtoFuncATan2):
-        (KJS::mathProtoFuncCeil):
-        (KJS::mathProtoFuncCos):
-        (KJS::mathProtoFuncExp):
-        (KJS::mathProtoFuncFloor):
-        (KJS::mathProtoFuncLog):
-        (KJS::mathProtoFuncMax):
-        (KJS::mathProtoFuncMin):
-        (KJS::mathProtoFuncPow):
-        (KJS::mathProtoFuncRandom):
-        (KJS::mathProtoFuncRound):
-        (KJS::mathProtoFuncSin):
-        (KJS::mathProtoFuncSqrt):
-        (KJS::mathProtoFuncTan):
-        * kjs/NumberObject.cpp:
-        (KJS::NumberPrototype::NumberPrototype):
-        (KJS::numberProtoFuncToString):
-        (KJS::numberProtoFuncToLocaleString):
-        (KJS::numberProtoFuncToFixed):
-        (KJS::numberProtoFuncToExponential):
-        (KJS::numberProtoFuncToPrecision):
-        (KJS::NumberConstructor::NumberConstructor):
-        (KJS::NumberConstructor::getValueProperty):
-        (KJS::NumberConstructor::construct):
-        (KJS::NumberConstructor::callAsFunction):
-        * kjs/RegExpObject.cpp:
-        (KJS::RegExpPrototype::RegExpPrototype):
-        (KJS::regExpProtoFuncToString):
-        (KJS::RegExpObject::getValueProperty):
-        (KJS::RegExpConstructor::RegExpConstructor):
-        (KJS::RegExpMatchesArray::fillArrayInstance):
-        (KJS::RegExpConstructor::arrayOfMatches):
-        (KJS::RegExpConstructor::getBackref):
-        (KJS::RegExpConstructor::getLastParen):
-        (KJS::RegExpConstructor::getLeftContext):
-        (KJS::RegExpConstructor::getRightContext):
-        (KJS::RegExpConstructor::getValueProperty):
-        (KJS::RegExpConstructor::construct):
-        * kjs/RegExpObject.h:
-        * kjs/Shell.cpp:
-        (GlobalObject::GlobalObject):
-        (functionGC):
-        (functionRun):
-        (functionReadline):
-        (jscmain):
-        * kjs/date_object.cpp:
-        (KJS::formatLocaleDate):
-        (KJS::DatePrototype::DatePrototype):
-        (KJS::DateConstructor::DateConstructor):
-        (KJS::DateConstructor::construct):
-        (KJS::DateConstructor::callAsFunction):
-        (KJS::DateFunction::DateFunction):
-        (KJS::DateFunction::callAsFunction):
-        (KJS::dateProtoFuncToString):
-        (KJS::dateProtoFuncToUTCString):
-        (KJS::dateProtoFuncToDateString):
-        (KJS::dateProtoFuncToTimeString):
-        (KJS::dateProtoFuncToLocaleString):
-        (KJS::dateProtoFuncToLocaleDateString):
-        (KJS::dateProtoFuncToLocaleTimeString):
-        (KJS::dateProtoFuncValueOf):
-        (KJS::dateProtoFuncGetTime):
-        (KJS::dateProtoFuncGetFullYear):
-        (KJS::dateProtoFuncGetUTCFullYear):
-        (KJS::dateProtoFuncToGMTString):
-        (KJS::dateProtoFuncGetMonth):
-        (KJS::dateProtoFuncGetUTCMonth):
-        (KJS::dateProtoFuncGetDate):
-        (KJS::dateProtoFuncGetUTCDate):
-        (KJS::dateProtoFuncGetDay):
-        (KJS::dateProtoFuncGetUTCDay):
-        (KJS::dateProtoFuncGetHours):
-        (KJS::dateProtoFuncGetUTCHours):
-        (KJS::dateProtoFuncGetMinutes):
-        (KJS::dateProtoFuncGetUTCMinutes):
-        (KJS::dateProtoFuncGetSeconds):
-        (KJS::dateProtoFuncGetUTCSeconds):
-        (KJS::dateProtoFuncGetMilliSeconds):
-        (KJS::dateProtoFuncGetUTCMilliseconds):
-        (KJS::dateProtoFuncGetTimezoneOffset):
-        (KJS::dateProtoFuncSetTime):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::dateProtoFuncSetYear):
-        (KJS::dateProtoFuncGetYear):
-        * kjs/error_object.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype):
-        (KJS::errorProtoFuncToString):
-        (KJS::ErrorConstructor::ErrorConstructor):
-        (KJS::ErrorConstructor::construct):
-        (KJS::NativeErrorPrototype::NativeErrorPrototype):
-        (KJS::NativeErrorConstructor::NativeErrorConstructor):
-        (KJS::NativeErrorConstructor::construct):
-        * kjs/identifier.h:
-        * kjs/internal.cpp:
-        (KJS::StringObject::create):
-        (KJS::JSString::lengthGetter):
-        (KJS::JSString::indexGetter):
-        (KJS::JSString::indexNumericPropertyGetter):
-        * kjs/interpreter.cpp:
-        * kjs/list.cpp:
-        (KJS::ArgList::slowAppend):
-        * kjs/list.h:
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::cacheGlobalObject):
-        * kjs/nodes.cpp:
-        (KJS::Node::emitThrowError):
-        (KJS::StringNode::emitCode):
-        (KJS::ArrayNode::emitCode):
-        (KJS::FuncDeclNode::makeFunction):
-        (KJS::FuncExprNode::makeFunction):
-        * kjs/nodes.h:
-        * kjs/object_object.cpp:
-        (KJS::ObjectPrototype::ObjectPrototype):
-        (KJS::objectProtoFuncToLocaleString):
-        (KJS::objectProtoFuncToString):
-        (KJS::ObjectConstructor::ObjectConstructor):
-        (KJS::ObjectConstructor::construct):
-        * kjs/protect.h:
-        (KJS::gcProtect):
-        (KJS::gcUnprotect):
-        * kjs/string_object.cpp:
-        (KJS::StringObject::StringObject):
-        (KJS::StringPrototype::StringPrototype):
-        (KJS::replace):
-        (KJS::stringProtoFuncCharAt):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncConcat):
-        (KJS::stringProtoFuncIndexOf):
-        (KJS::stringProtoFuncLastIndexOf):
-        (KJS::stringProtoFuncMatch):
-        (KJS::stringProtoFuncSearch):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncSlice):
-        (KJS::stringProtoFuncSplit):
-        (KJS::stringProtoFuncSubstr):
-        (KJS::stringProtoFuncSubstring):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        (KJS::stringProtoFuncLocaleCompare):
-        (KJS::stringProtoFuncBig):
-        (KJS::stringProtoFuncSmall):
-        (KJS::stringProtoFuncBlink):
-        (KJS::stringProtoFuncBold):
-        (KJS::stringProtoFuncFixed):
-        (KJS::stringProtoFuncItalics):
-        (KJS::stringProtoFuncStrike):
-        (KJS::stringProtoFuncSub):
-        (KJS::stringProtoFuncSup):
-        (KJS::stringProtoFuncFontcolor):
-        (KJS::stringProtoFuncFontsize):
-        (KJS::stringProtoFuncAnchor):
-        (KJS::stringProtoFuncLink):
-        (KJS::StringConstructor::StringConstructor):
-        (KJS::StringConstructor::construct):
-        (KJS::StringConstructor::callAsFunction):
-        (KJS::StringConstructorFunction::StringConstructorFunction):
-        (KJS::StringConstructorFunction::callAsFunction):
-        * kjs/string_object.h:
-        (KJS::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * kjs/ustring.h:
-        Updated for the above changes.
-
-2008-06-17  Timothy Hatcher  <timothy@apple.com>
-
-        Added a type to DebuggerCallFrame so the under interface can
-        distinguish anonymous functions and program call frames.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19585
-
-        Reviewed by Geoff Garen.
-
-        * JavaScriptCore.exp: Export the DebuggerCallFrame::type symbol.
-        * kjs/DebuggerCallFrame.cpp:
-        (KJS::DebuggerCallFrame::type): Added.
-        * kjs/DebuggerCallFrame.h:
-
-2008-06-17  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Tim H.
-        
-        Remove bogus ASSERT which tripped every time for those who use PAC files.
-
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse):
-
-2008-06-17  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/5951534> JSProfiler: Don't profile console.profile()
-        or console.profileEnd()
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::stopProfiling): Moved the creation of the (idle) node to
-        the Profile (not ProfileNode).  This makes sense since the Profile
-        should be the one to modify the profile tree.  Also each stopProfiling()
-        does not need to check if it's the head node anymore.  Also fixed an
-        oddity where I was using willExecute to create the node.
-        (KJS::Profile::removeProfileStart): Removes the call to console.profile
-        that started this profile.
-        (KJS::Profile::removeProfileEnd): Removes the call to console.profileEnd
-        that ended this profile.
-        * profiler/Profile.h:
-        * profiler/ProfileNode.cpp: Moved the creation of the (idle) node to
-        the Profile object.
-        (KJS::ProfileNode::stopProfiling):
-        * profiler/ProfileNode.h: Added some helper functions and whitespace to
-        facilitate readability and the removal of profile() and profileEnd()
-        from the Profile tree.
-        (KJS::CallIdentifier::operator const char* ):
-        (KJS::ProfileNode::firstChild):
-        (KJS::ProfileNode::lastChild):
-        (KJS::ProfileNode::removeChild):
-        (KJS::ProfileNode::toString):
-
-2008-06-17  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Rubber stamped by Adam Roben.
-
-        Include JSGlobalObject.h to fix the build.
-
-        * kjs/ScopeChain.cpp:
-
-2008-06-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Reduce code duplication in emitReadModifyAssignment().
-
-        * kjs/nodes.cpp:
-        (KJS::emitReadModifyAssignment):
-
-2008-06-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Sort includes alphabetically.
-
-        * kjs/nodes.cpp:
-
-2008-06-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 19596: LEAK: Gmail leaks SegmentedVector<RegisterID>
-        <https://bugs.webkit.org/show_bug.cgi?id=19596>
-
-        When growing SegmentedVector, we start adding segments at the position
-        of the last segment, overwriting it. The destructor frees allocated
-        segments starting at the segment of index 1, because the segment of
-        index 0 is assumed to be the initial inline segment. This causes a leak
-        of the segment that is referenced by index 0. Modifying grow() so that
-        it starts adding segments at the position after the last segment fixes
-        the leak.
-
-        Since the initial segment is a special case in the lookup code, this
-        bug never manifested itself via incorrect results.
-
-        * VM/SegmentedVector.h:
-        (KJS::SegmentedVector::grow):
-
-2008-06-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Alexey.
-        
-        - removed nearly unused types.h and LocalStorageEntry.h headers
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/ExecState.h:
-        * kjs/LocalStorageEntry.h: Removed.
-        * kjs/RegExpObject.cpp:
-        * kjs/error_object.cpp:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        * kjs/types.h: Removed.
-
-2008-06-16  Alp Toker  <alp@nuanti.com>
-
-        Rubber-stamped by Geoff.
-
-        Change c++ to c in minidom and testapi emacs mode line comments.
-
-        * API/Node.h:
-        * API/NodeList.c:
-        * API/NodeList.h:
-        * API/testapi.c:
-
-2008-06-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Trying to fix Windows build.
-
-        * kjs/PropertyNameArray.h:
-        * kjs/identifier.cpp:
-        Include ExecState.h
-
-2008-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Slight cleanup to the SymbolTableEntry class.
-        
-        Renamed isEmpty to isNull, since we usually use "empty" to mean "holds
-        the valid, empty value", and "null" to mean "holds no value".
-        
-        Changed an "== 0" to a "!", to match our style guidelines.
-        
-        Added some ASSERTs to verify the (possibly questionable) assumption that
-        all register indexes will have their high two bits set. Also clarified a
-        comment to make that assumption clear.
-
-2008-06-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Initialize functionQueueMutex in a safe manner.
-
-        * wtf/MainThread.cpp:
-        (WTF::functionQueueMutex): Made it an AtomicallyInitializedStatic.
-
-        (WTF::dispatchFunctionsFromMainThread):
-        (WTF::setMainThreadCallbacksPaused):
-        Assert that the current thread is main, meaning that the callbacksPaused static can be
-        accessed.
-
-2008-06-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Make Identifier construction use an explicitly passed IdentifierTable.
-
-        No change on SunSpider total.
-
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::getOwnPropertySlot):
-        (KJS::::put):
-        (KJS::::deleteProperty):
-        (KJS::::getPropertyNames):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeFunction):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectDeleteProperty):
-        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
-        (JSObjectCopyPropertyNames):
-        * JavaScriptCore.exp:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::registerForLocal):
-        (KJS::CodeGenerator::isLocal):
-        (KJS::CodeGenerator::addConstant):
-        (KJS::CodeGenerator::findScopedProperty):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::globalData):
-        (KJS::CodeGenerator::propertyNames):
-        * VM/JSPropertyNameIterator.cpp:
-        (KJS::JSPropertyNameIterator::create):
-        * VM/Machine.cpp:
-        (KJS::Machine::throwException):
-        (KJS::Machine::privateExecute):
-        * kjs/ArrayPrototype.cpp:
-        (KJS::ArrayConstructor::ArrayConstructor):
-        * kjs/BooleanObject.cpp:
-        (KJS::BooleanConstructor::BooleanConstructor):
-        * kjs/FunctionPrototype.cpp:
-        (KJS::FunctionConstructor::FunctionConstructor):
-        (KJS::FunctionConstructor::construct):
-        * kjs/JSArray.cpp:
-        (KJS::JSArray::inlineGetOwnPropertySlot):
-        (KJS::JSArray::put):
-        (KJS::JSArray::deleteProperty):
-        (KJS::JSArray::getPropertyNames):
-        * kjs/JSFunction.cpp:
-        (KJS::Arguments::Arguments):
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::getOwnPropertySlot):
-        (KJS::JSObject::put):
-        (KJS::JSObject::putWithAttributes):
-        (KJS::JSObject::deleteProperty):
-        (KJS::JSObject::findPropertyHashEntry):
-        (KJS::JSObject::getPropertyNames):
-        (KJS::Error::create):
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::getPropertyNames):
-        * kjs/NumberObject.cpp:
-        (KJS::NumberConstructor::NumberConstructor):
-        * kjs/PropertyNameArray.cpp:
-        (KJS::PropertyNameArray::add):
-        * kjs/PropertyNameArray.h:
-        (KJS::PropertyNameArray::PropertyNameArray):
-        (KJS::PropertyNameArray::addKnownUnique):
-        * kjs/PropertySlot.h:
-        (KJS::PropertySlot::getValue):
-        * kjs/RegExpObject.cpp:
-        (KJS::RegExpConstructor::RegExpConstructor):
-        * kjs/ScopeChain.cpp:
-        (KJS::ScopeChainNode::print):
-        * kjs/Shell.cpp:
-        (GlobalObject::GlobalObject):
-        * kjs/date_object.cpp:
-        (KJS::DateConstructor::DateConstructor):
-        * kjs/error_object.cpp:
-        (KJS::ErrorConstructor::ErrorConstructor):
-        (KJS::NativeErrorConstructor::NativeErrorConstructor):
-        * kjs/grammar.y:
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add):
-        (KJS::Identifier::addSlowCase):
-        * kjs/identifier.h:
-        (KJS::Identifier::Identifier):
-        (KJS::Identifier::from):
-        (KJS::Identifier::equal):
-        (KJS::Identifier::add):
-        (KJS::operator==):
-        (KJS::operator!=):
-        * kjs/internal.cpp:
-        (KJS::JSString::getOwnPropertySlot):
-        * kjs/lexer.cpp:
-        (KJS::Lexer::Lexer):
-        (KJS::Lexer::lex):
-        (KJS::Lexer::makeIdentifier):
-        * kjs/lexer.h:
-        * kjs/lookup.cpp:
-        (KJS::HashTable::createTable):
-        * kjs/lookup.h:
-        (KJS::HashTable::initializeIfNeeded):
-        (KJS::HashTable::entry):
-        (KJS::getStaticPropertySlot):
-        (KJS::getStaticFunctionSlot):
-        (KJS::getStaticValueSlot):
-        (KJS::lookupPut):
-        * kjs/object_object.cpp:
-        (KJS::objectProtoFuncHasOwnProperty):
-        (KJS::objectProtoFuncDefineGetter):
-        (KJS::objectProtoFuncDefineSetter):
-        (KJS::objectProtoFuncLookupGetter):
-        (KJS::objectProtoFuncLookupSetter):
-        (KJS::objectProtoFuncPropertyIsEnumerable):
-        (KJS::ObjectConstructor::ObjectConstructor):
-        * kjs/string_object.cpp:
-        (KJS::StringObject::getOwnPropertySlot):
-        (KJS::StringObject::getPropertyNames):
-        (KJS::StringConstructor::StringConstructor):
-        Just pass ExecState or JSGlobalData everywhere. Identifier construction is now always
-        explicit.
-
-        * kjs/nodes.cpp: (KJS::RegExpNode::emitCode): Here, Identifier was created from a non-literal
-        char*, which was incorrect, as that uses the pointer value as a key.
-
-2008-06-16  Thiago Macieira  <tjmaciei@trolltech.com>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19577
-
-        Fix compilation in C++ environments where C99 headers are not present
-
-        The stdbool.h header is a C99 feature, defining the "_Bool" type as well as the
-        "true" and "false" constants. But it's completely unnecessary in C++ as the
-        language already defines the "bool" type and its two values.
-
-        * API/JSBase.h:
-        * API/JSContextRef.h:
-        * API/JSObjectRef.h:
-        * API/JSStringRef.h:
-        * API/JSValueRef.h:
-
-2008-06-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by John.
-
-        <rdar://problem/6012509> JSProfiler: %s are incorrect if you exclude a
-        top level node like (idle)
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::focus):
-        (KJS::Profile::exclude): Subtract the selfTime from the totalTime of the
-        head since its self time will only be non-zero when one of its children
-        were excluded. Since the head's totalTime is used to calculate %s when
-        its totalTime is the same as the sum of all its visible childrens' times
-        their %s will sum to 100%.
-
-2008-06-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the profiler.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::willExecute):
-
-2008-06-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
-        profiler.
-        - Remove the last of the uses of recursion in the profiler.
-
-        * JavaScriptCore.exp: Export the new function's signature.
-        * profiler/Profile.cpp: 
-        (KJS::calculateVisibleTotalTime): Added a new static method for
-        recalculating the visibleTotalTime of methods after focus has changed
-        which are visible.
-        (KJS::stopProfiling): 
-        (KJS::Profile::focus): Implemented focus without recursion.
-        * profiler/Profile.h: Moved implementation into the definition file.
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::traverseNextNodePreOrder): Added an argument for
-        whether or not to process the children nodes, this allows focus to skip
-        sub trees which have been set as not visible.
-        (KJS::ProfileNode::calculateVisibleTotalTime): This function set's a
-        node's total visible time to the sum of its self time and its children's
-        total times.
-        (KJS::ProfileNode::focus): Implemented focus without recursion.
-        * profiler/ProfileNode.h:
-        (KJS::CallIdentifier::operator!= ):
-        (KJS::ProfileNode::setActualTotalTime): Expanded setting the total time
-        so that focus could modify only the visible total time.
-        (KJS::ProfileNode::setVisibleTotalTime):
-
-2008-06-16  Christian Dywan  <christian@twotoasts.de>
-
-        Reviewed by Sam.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19552
-        JavaScriptCore headers use C++ style comments
-
-        Replace all C++ style comments with C style multiline
-        comments and remove all "mode" lines.
-
-        * API/JSBase.h:
-        * API/JSClassRef.h:
-        * API/JSContextRef.h:
-        * API/JSObjectRef.h:
-        * API/JSStringRef.h:
-        * API/JSStringRefBSTR.h:
-        * API/JSStringRefCF.h:
-        * API/JSValueRef.h:
-        * API/JavaScript.h:
-        * API/JavaScriptCore.h:
-
-2008-06-16  Christian Dywan  <christian@twotoasts.de>
-
-        Reviewed by Sam.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19557
-        (JavaScriptCore) minidom uses C++ style comments
-
-        Use only C style comments in minidom sources
-
-        * API/JSNode.c:
-        (JSNode_appendChild):
-        (JSNode_removeChild):
-        * API/JSNode.h:
-        * API/JSNodeList.c:
-        (JSNodeList_getProperty):
-        * API/JSNodeList.h:
-        * API/Node.c:
-        * API/Node.h:
-        * API/NodeList.c:
-        (NodeList_new):
-        (NodeList_item):
-        * API/NodeList.h:
-        * API/minidom.c:
-        (createStringWithContentsOfFile):
-        * wtf/Assertions.h:
-        * wtf/UnusedParam.h:
-
-2008-06-16  Adriaan de Groot  <groot@kde.org>
-
-        Reviewed by Simon.
-
-        Fix compilation on Solaris
-
-        On some systems, munmap takes a char* instead of a void* (contrary to POSIX and
-        Single Unix Specification). Since you can always convert from char* to void*
-        but not vice-versa, do the casting to char*.
-
-        * kjs/collector.cpp:
-        (KJS::allocateBlock):
-        (KJS::freeBlock):
-
-2008-06-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Make a UnaryOpNode class to reduce boilerplate code for UnaryPlusNode,
-        NegateNode, BitwiseNotNode, and LogicalNotNode.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::emitToJSNumber):
-        * kjs/nodes.cpp:
-        (KJS::UnaryOpNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::UnaryOpNode::UnaryOpNode):
-        (KJS::UnaryPlusNode::):
-        (KJS::NegateNode::):
-        (KJS::NegateNode::precedence):
-        (KJS::BitwiseNotNode::):
-        (KJS::BitwiseNotNode::precedence):
-        (KJS::LogicalNotNode::):
-        (KJS::LogicalNotNode::precedence):
-
-2008-06-16  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk build fix
-
-        * GNUmakefile.am:
-
-2008-06-15  Darin Adler  <darin@apple.com>
-
-        - rename KJS::List to KJS::ArgList
-
-        * API/JSCallbackConstructor.cpp:
-        (KJS::JSCallbackConstructor::construct):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::callAsFunction):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::construct):
-        (KJS::::callAsFunction):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * kjs/ArrayPrototype.cpp:
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncJoin):
-        (KJS::arrayProtoFuncConcat):
-        (KJS::arrayProtoFuncPop):
-        (KJS::arrayProtoFuncPush):
-        (KJS::arrayProtoFuncReverse):
-        (KJS::arrayProtoFuncShift):
-        (KJS::arrayProtoFuncSlice):
-        (KJS::arrayProtoFuncSort):
-        (KJS::arrayProtoFuncSplice):
-        (KJS::arrayProtoFuncUnShift):
-        (KJS::arrayProtoFuncFilter):
-        (KJS::arrayProtoFuncMap):
-        (KJS::arrayProtoFuncEvery):
-        (KJS::arrayProtoFuncForEach):
-        (KJS::arrayProtoFuncSome):
-        (KJS::arrayProtoFuncIndexOf):
-        (KJS::arrayProtoFuncLastIndexOf):
-        (KJS::ArrayConstructor::construct):
-        (KJS::ArrayConstructor::callAsFunction):
-        * kjs/ArrayPrototype.h:
-        * kjs/BooleanObject.cpp:
-        (KJS::booleanProtoFuncToString):
-        (KJS::booleanProtoFuncValueOf):
-        (KJS::BooleanConstructor::construct):
-        (KJS::BooleanConstructor::callAsFunction):
-        * kjs/BooleanObject.h:
-        * kjs/CommonIdentifiers.h:
-        * kjs/ExecState.h:
-        (KJS::ExecState::emptyList):
-        * kjs/FunctionPrototype.cpp:
-        (KJS::FunctionPrototype::callAsFunction):
-        (KJS::functionProtoFuncToString):
-        (KJS::functionProtoFuncApply):
-        (KJS::functionProtoFuncCall):
-        (KJS::FunctionConstructor::construct):
-        (KJS::FunctionConstructor::callAsFunction):
-        * kjs/FunctionPrototype.h:
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::createArgumentsObject):
-        * kjs/JSArray.cpp:
-        (KJS::JSArray::JSArray):
-        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        * kjs/JSArray.h:
-        * kjs/JSFunction.cpp:
-        (KJS::JSFunction::callAsFunction):
-        (KJS::JSFunction::construct):
-        (KJS::IndexToNameMap::IndexToNameMap):
-        (KJS::Arguments::Arguments):
-        (KJS::encode):
-        (KJS::decode):
-        (KJS::globalFuncEval):
-        (KJS::globalFuncParseInt):
-        (KJS::globalFuncParseFloat):
-        (KJS::globalFuncIsNaN):
-        (KJS::globalFuncIsFinite):
-        (KJS::globalFuncDecodeURI):
-        (KJS::globalFuncDecodeURIComponent):
-        (KJS::globalFuncEncodeURI):
-        (KJS::globalFuncEncodeURIComponent):
-        (KJS::globalFuncEscape):
-        (KJS::globalFuncUnescape):
-        (KJS::globalFuncKJSPrint):
-        (KJS::PrototypeFunction::callAsFunction):
-        (KJS::PrototypeReflexiveFunction::callAsFunction):
-        * kjs/JSFunction.h:
-        * kjs/JSGlobalData.h:
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::toObject):
-        * kjs/JSNotAnObject.cpp:
-        (KJS::JSNotAnObject::construct):
-        (KJS::JSNotAnObject::callAsFunction):
-        * kjs/JSNotAnObject.h:
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::put):
-        (KJS::JSObject::construct):
-        (KJS::JSObject::callAsFunction):
-        (KJS::Error::create):
-        * kjs/JSObject.h:
-        * kjs/MathObject.cpp:
-        (KJS::mathProtoFuncAbs):
-        (KJS::mathProtoFuncACos):
-        (KJS::mathProtoFuncASin):
-        (KJS::mathProtoFuncATan):
-        (KJS::mathProtoFuncATan2):
-        (KJS::mathProtoFuncCeil):
-        (KJS::mathProtoFuncCos):
-        (KJS::mathProtoFuncExp):
-        (KJS::mathProtoFuncFloor):
-        (KJS::mathProtoFuncLog):
-        (KJS::mathProtoFuncMax):
-        (KJS::mathProtoFuncMin):
-        (KJS::mathProtoFuncPow):
-        (KJS::mathProtoFuncRandom):
-        (KJS::mathProtoFuncRound):
-        (KJS::mathProtoFuncSin):
-        (KJS::mathProtoFuncSqrt):
-        (KJS::mathProtoFuncTan):
-        * kjs/MathObject.h:
-        * kjs/NumberObject.cpp:
-        (KJS::numberProtoFuncToString):
-        (KJS::numberProtoFuncToLocaleString):
-        (KJS::numberProtoFuncValueOf):
-        (KJS::numberProtoFuncToFixed):
-        (KJS::numberProtoFuncToExponential):
-        (KJS::numberProtoFuncToPrecision):
-        (KJS::NumberConstructor::construct):
-        (KJS::NumberConstructor::callAsFunction):
-        * kjs/NumberObject.h:
-        * kjs/RegExpObject.cpp:
-        (KJS::regExpProtoFuncTest):
-        (KJS::regExpProtoFuncExec):
-        (KJS::regExpProtoFuncCompile):
-        (KJS::regExpProtoFuncToString):
-        (KJS::RegExpObject::match):
-        (KJS::RegExpObject::test):
-        (KJS::RegExpObject::exec):
-        (KJS::RegExpObject::callAsFunction):
-        (KJS::RegExpConstructor::construct):
-        (KJS::RegExpConstructor::callAsFunction):
-        * kjs/RegExpObject.h:
-        * kjs/Shell.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionGC):
-        (functionVersion):
-        (functionRun):
-        (functionLoad):
-        (functionReadline):
-        (functionQuit):
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        (KJS::Collector::markListSet):
-        * kjs/date_object.cpp:
-        (KJS::formatLocaleDate):
-        (KJS::fillStructuresUsingTimeArgs):
-        (KJS::fillStructuresUsingDateArgs):
-        (KJS::DateConstructor::construct):
-        (KJS::DateConstructor::callAsFunction):
-        (KJS::DateFunction::callAsFunction):
-        (KJS::dateProtoFuncToString):
-        (KJS::dateProtoFuncToUTCString):
-        (KJS::dateProtoFuncToDateString):
-        (KJS::dateProtoFuncToTimeString):
-        (KJS::dateProtoFuncToLocaleString):
-        (KJS::dateProtoFuncToLocaleDateString):
-        (KJS::dateProtoFuncToLocaleTimeString):
-        (KJS::dateProtoFuncValueOf):
-        (KJS::dateProtoFuncGetTime):
-        (KJS::dateProtoFuncGetFullYear):
-        (KJS::dateProtoFuncGetUTCFullYear):
-        (KJS::dateProtoFuncToGMTString):
-        (KJS::dateProtoFuncGetMonth):
-        (KJS::dateProtoFuncGetUTCMonth):
-        (KJS::dateProtoFuncGetDate):
-        (KJS::dateProtoFuncGetUTCDate):
-        (KJS::dateProtoFuncGetDay):
-        (KJS::dateProtoFuncGetUTCDay):
-        (KJS::dateProtoFuncGetHours):
-        (KJS::dateProtoFuncGetUTCHours):
-        (KJS::dateProtoFuncGetMinutes):
-        (KJS::dateProtoFuncGetUTCMinutes):
-        (KJS::dateProtoFuncGetSeconds):
-        (KJS::dateProtoFuncGetUTCSeconds):
-        (KJS::dateProtoFuncGetMilliSeconds):
-        (KJS::dateProtoFuncGetUTCMilliseconds):
-        (KJS::dateProtoFuncGetTimezoneOffset):
-        (KJS::dateProtoFuncSetTime):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::dateProtoFuncSetMilliSeconds):
-        (KJS::dateProtoFuncSetUTCMilliseconds):
-        (KJS::dateProtoFuncSetSeconds):
-        (KJS::dateProtoFuncSetUTCSeconds):
-        (KJS::dateProtoFuncSetMinutes):
-        (KJS::dateProtoFuncSetUTCMinutes):
-        (KJS::dateProtoFuncSetHours):
-        (KJS::dateProtoFuncSetUTCHours):
-        (KJS::dateProtoFuncSetDate):
-        (KJS::dateProtoFuncSetUTCDate):
-        (KJS::dateProtoFuncSetMonth):
-        (KJS::dateProtoFuncSetUTCMonth):
-        (KJS::dateProtoFuncSetFullYear):
-        (KJS::dateProtoFuncSetUTCFullYear):
-        (KJS::dateProtoFuncSetYear):
-        (KJS::dateProtoFuncGetYear):
-        * kjs/date_object.h:
-        * kjs/debugger.h:
-        * kjs/error_object.cpp:
-        (KJS::errorProtoFuncToString):
-        (KJS::ErrorConstructor::construct):
-        (KJS::ErrorConstructor::callAsFunction):
-        (KJS::NativeErrorConstructor::construct):
-        (KJS::NativeErrorConstructor::callAsFunction):
-        * kjs/error_object.h:
-        * kjs/internal.cpp:
-        (KJS::JSNumberCell::toObject):
-        (KJS::JSNumberCell::toThisObject):
-        * kjs/list.cpp:
-        (KJS::ArgList::getSlice):
-        (KJS::ArgList::markLists):
-        (KJS::ArgList::slowAppend):
-        * kjs/list.h:
-        (KJS::ArgList::ArgList):
-        (KJS::ArgList::~ArgList):
-        * kjs/object_object.cpp:
-        (KJS::objectProtoFuncValueOf):
-        (KJS::objectProtoFuncHasOwnProperty):
-        (KJS::objectProtoFuncIsPrototypeOf):
-        (KJS::objectProtoFuncDefineGetter):
-        (KJS::objectProtoFuncDefineSetter):
-        (KJS::objectProtoFuncLookupGetter):
-        (KJS::objectProtoFuncLookupSetter):
-        (KJS::objectProtoFuncPropertyIsEnumerable):
-        (KJS::objectProtoFuncToLocaleString):
-        (KJS::objectProtoFuncToString):
-        (KJS::ObjectConstructor::construct):
-        (KJS::ObjectConstructor::callAsFunction):
-        * kjs/object_object.h:
-        * kjs/string_object.cpp:
-        (KJS::replace):
-        (KJS::stringProtoFuncToString):
-        (KJS::stringProtoFuncValueOf):
-        (KJS::stringProtoFuncCharAt):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncConcat):
-        (KJS::stringProtoFuncIndexOf):
-        (KJS::stringProtoFuncLastIndexOf):
-        (KJS::stringProtoFuncMatch):
-        (KJS::stringProtoFuncSearch):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncSlice):
-        (KJS::stringProtoFuncSplit):
-        (KJS::stringProtoFuncSubstr):
-        (KJS::stringProtoFuncSubstring):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        (KJS::stringProtoFuncLocaleCompare):
-        (KJS::stringProtoFuncBig):
-        (KJS::stringProtoFuncSmall):
-        (KJS::stringProtoFuncBlink):
-        (KJS::stringProtoFuncBold):
-        (KJS::stringProtoFuncFixed):
-        (KJS::stringProtoFuncItalics):
-        (KJS::stringProtoFuncStrike):
-        (KJS::stringProtoFuncSub):
-        (KJS::stringProtoFuncSup):
-        (KJS::stringProtoFuncFontcolor):
-        (KJS::stringProtoFuncFontsize):
-        (KJS::stringProtoFuncAnchor):
-        (KJS::stringProtoFuncLink):
-        (KJS::StringConstructor::construct):
-        (KJS::StringConstructor::callAsFunction):
-        (KJS::StringConstructorFunction::callAsFunction):
-        * kjs/string_object.h:
-
-2008-06-15  Darin Adler  <darin@apple.com>
-
-        - new names for more JavaScriptCore files
-
-        * API/JSCallbackFunction.cpp:
-        * API/JSObjectRef.cpp:
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Machine.cpp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ArrayPrototype.cpp: Copied from JavaScriptCore/kjs/array_object.cpp.
-        * kjs/ArrayPrototype.h: Copied from JavaScriptCore/kjs/array_object.h.
-        * kjs/BooleanObject.cpp: Copied from JavaScriptCore/kjs/bool_object.cpp.
-        * kjs/BooleanObject.h: Copied from JavaScriptCore/kjs/bool_object.h.
-        * kjs/ExecState.cpp:
-        * kjs/ExecState.h:
-        * kjs/FunctionPrototype.cpp: Copied from JavaScriptCore/kjs/function_object.cpp.
-        * kjs/FunctionPrototype.h: Copied from JavaScriptCore/kjs/function_object.h.
-        * kjs/JSArray.cpp: Copied from JavaScriptCore/kjs/array_instance.cpp.
-        * kjs/JSArray.h: Copied from JavaScriptCore/kjs/array_instance.h.
-        * kjs/JSFunction.cpp:
-        * kjs/JSFunction.h:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSImmediate.cpp:
-        * kjs/JSObject.h:
-        * kjs/JSString.h:
-        * kjs/JSValue.h:
-        * kjs/JSVariableObject.cpp:
-        * kjs/MathObject.cpp: Copied from JavaScriptCore/kjs/math_object.cpp.
-        * kjs/MathObject.h: Copied from JavaScriptCore/kjs/math_object.h.
-        * kjs/NumberObject.cpp: Copied from JavaScriptCore/kjs/number_object.cpp.
-        * kjs/NumberObject.h: Copied from JavaScriptCore/kjs/number_object.h.
-        * kjs/PropertyMap.cpp: Copied from JavaScriptCore/kjs/property_map.cpp.
-        * kjs/PropertyMap.h: Copied from JavaScriptCore/kjs/property_map.h.
-        * kjs/PropertySlot.cpp: Copied from JavaScriptCore/kjs/property_slot.cpp.
-        * kjs/PropertySlot.h: Copied from JavaScriptCore/kjs/property_slot.h.
-        * kjs/RegExpObject.cpp: Copied from JavaScriptCore/kjs/regexp_object.cpp.
-        * kjs/RegExpObject.h: Copied from JavaScriptCore/kjs/regexp_object.h.
-        * kjs/ScopeChain.cpp: Copied from JavaScriptCore/kjs/scope_chain.cpp.
-        * kjs/ScopeChain.h: Copied from JavaScriptCore/kjs/scope_chain.h.
-        * kjs/ScopeChainMark.h: Copied from JavaScriptCore/kjs/scope_chain_mark.h.
-        * kjs/Shell.cpp:
-        * kjs/array_instance.cpp: Removed.
-        * kjs/array_instance.h: Removed.
-        * kjs/array_object.cpp: Removed.
-        * kjs/array_object.h: Removed.
-        * kjs/bool_object.cpp: Removed.
-        * kjs/bool_object.h: Removed.
-        * kjs/error_object.h:
-        * kjs/function_object.cpp: Removed.
-        * kjs/function_object.h: Removed.
-        * kjs/internal.cpp:
-        * kjs/math_object.cpp: Removed.
-        * kjs/math_object.h: Removed.
-        * kjs/nodes.cpp:
-        * kjs/number_object.cpp: Removed.
-        * kjs/number_object.h: Removed.
-        * kjs/object_object.cpp:
-        * kjs/property_map.cpp: Removed.
-        * kjs/property_map.h: Removed.
-        * kjs/property_slot.cpp: Removed.
-        * kjs/property_slot.h: Removed.
-        * kjs/regexp_object.cpp: Removed.
-        * kjs/regexp_object.h: Removed.
-        * kjs/scope_chain.cpp: Removed.
-        * kjs/scope_chain.h: Removed.
-        * kjs/scope_chain_mark.h: Removed.
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-
-2008-06-15  Darin Adler  <darin@apple.com>
-
-        - new names for a few key JavaScriptCore files
-
-        * API/JSBase.cpp:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSClassRef.h:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSStringRef.cpp:
-        * API/JSStringRefCF.cpp:
-        * API/JSValueRef.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/CodeBlock.cpp:
-        * VM/CodeGenerator.cpp:
-        * VM/ExceptionHelpers.cpp:
-        * VM/ExceptionHelpers.h:
-        * VM/JSPropertyNameIterator.cpp:
-        * VM/JSPropertyNameIterator.h:
-        * VM/Machine.cpp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/DateMath.cpp:
-        * kjs/DebuggerCallFrame.cpp:
-        * kjs/ExecState.cpp:
-        * kjs/JSActivation.cpp:
-        * kjs/JSFunction.cpp: Copied from JavaScriptCore/kjs/function.cpp.
-        * kjs/JSFunction.h: Copied from JavaScriptCore/kjs/function.h.
-        * kjs/JSImmediate.cpp:
-        * kjs/JSNotAnObject.h:
-        * kjs/JSObject.cpp: Copied from JavaScriptCore/kjs/object.cpp.
-        * kjs/JSObject.h: Copied from JavaScriptCore/kjs/object.h.
-        * kjs/JSString.h: Copied from JavaScriptCore/kjs/internal.h.
-        * kjs/JSValue.cpp: Copied from JavaScriptCore/kjs/value.cpp.
-        * kjs/JSValue.h: Copied from JavaScriptCore/kjs/value.h.
-        * kjs/JSVariableObject.h:
-        * kjs/JSWrapperObject.h:
-        * kjs/Shell.cpp:
-        * kjs/SymbolTable.h:
-        * kjs/array_instance.h:
-        * kjs/collector.cpp:
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        * kjs/error_object.cpp:
-        * kjs/function.cpp: Removed.
-        * kjs/function.h: Removed.
-        * kjs/function_object.cpp:
-        * kjs/function_object.h:
-        * kjs/grammar.y:
-        * kjs/internal.cpp:
-        * kjs/internal.h: Removed.
-        * kjs/lexer.cpp:
-        * kjs/list.h:
-        * kjs/lookup.h:
-        * kjs/nodes.h:
-        * kjs/object.cpp: Removed.
-        * kjs/object.h: Removed.
-        * kjs/object_object.h:
-        * kjs/operations.cpp:
-        * kjs/property_map.cpp:
-        * kjs/property_slot.cpp:
-        * kjs/property_slot.h:
-        * kjs/protect.h:
-        * kjs/regexp_object.cpp:
-        * kjs/scope_chain.cpp:
-        * kjs/string_object.h:
-        * kjs/ustring.cpp:
-        * kjs/value.cpp: Removed.
-        * kjs/value.h: Removed.
-        * profiler/Profile.cpp:
-        * profiler/Profiler.cpp:
-
-2008-06-15  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Sam.
-
-        - cut down on confusing uses of "Object" and "Imp" in
-          JavaScriptCore class names
-
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::JSCallbackFunction):
-        * API/JSCallbackFunction.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/ExecState.h:
-        (KJS::ExecState::regExpTable):
-        (KJS::ExecState::regExpConstructorTable):
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::JSGlobalData):
-        (KJS::JSGlobalData::~JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::objectConstructor):
-        (KJS::JSGlobalObject::functionConstructor):
-        (KJS::JSGlobalObject::arrayConstructor):
-        (KJS::JSGlobalObject::booleanConstructor):
-        (KJS::JSGlobalObject::stringConstructor):
-        (KJS::JSGlobalObject::numberConstructor):
-        (KJS::JSGlobalObject::dateConstructor):
-        (KJS::JSGlobalObject::regExpConstructor):
-        (KJS::JSGlobalObject::errorConstructor):
-        (KJS::JSGlobalObject::evalErrorConstructor):
-        (KJS::JSGlobalObject::rangeErrorConstructor):
-        (KJS::JSGlobalObject::referenceErrorConstructor):
-        (KJS::JSGlobalObject::syntaxErrorConstructor):
-        (KJS::JSGlobalObject::typeErrorConstructor):
-        (KJS::JSGlobalObject::URIErrorConstructor):
-        * kjs/array_object.cpp:
-        (KJS::ArrayConstructor::ArrayConstructor):
-        (KJS::ArrayConstructor::getConstructData):
-        (KJS::ArrayConstructor::construct):
-        (KJS::ArrayConstructor::callAsFunction):
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        (KJS::BooleanObject::BooleanObject):
-        (KJS::BooleanPrototype::BooleanPrototype):
-        (KJS::booleanProtoFuncToString):
-        (KJS::booleanProtoFuncValueOf):
-        (KJS::BooleanConstructor::BooleanConstructor):
-        (KJS::BooleanConstructor::getConstructData):
-        (KJS::BooleanConstructor::construct):
-        (KJS::BooleanConstructor::callAsFunction):
-        * kjs/bool_object.h:
-        * kjs/date_object.cpp:
-        (KJS::DatePrototype::DatePrototype):
-        (KJS::DateConstructor::DateConstructor):
-        (KJS::DateConstructor::getConstructData):
-        (KJS::DateConstructor::construct):
-        (KJS::DateConstructor::callAsFunction):
-        (KJS::DateFunction::DateFunction):
-        (KJS::DateFunction::callAsFunction):
-        * kjs/date_object.h:
-        * kjs/error_object.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype):
-        (KJS::ErrorConstructor::ErrorConstructor):
-        (KJS::ErrorConstructor::getConstructData):
-        (KJS::ErrorConstructor::construct):
-        (KJS::ErrorConstructor::callAsFunction):
-        (KJS::NativeErrorConstructor::NativeErrorConstructor):
-        (KJS::NativeErrorConstructor::getConstructData):
-        (KJS::NativeErrorConstructor::construct):
-        (KJS::NativeErrorConstructor::callAsFunction):
-        (KJS::NativeErrorConstructor::mark):
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        (KJS::JSFunction::JSFunction):
-        (KJS::JSFunction::mark):
-        (KJS::JSFunction::getOwnPropertySlot):
-        (KJS::JSFunction::put):
-        (KJS::JSFunction::deleteProperty):
-        (KJS::PrototypeFunction::PrototypeFunction):
-        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
-        (KJS::PrototypeReflexiveFunction::mark):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (KJS::functionProtoFuncToString):
-        (KJS::FunctionConstructor::FunctionConstructor):
-        (KJS::FunctionConstructor::getConstructData):
-        (KJS::FunctionConstructor::construct):
-        (KJS::FunctionConstructor::callAsFunction):
-        * kjs/function_object.h:
-        * kjs/internal.cpp:
-        (KJS::StringObject::create):
-        (KJS::JSString::toObject):
-        (KJS::JSString::toThisObject):
-        (KJS::JSString::getOwnPropertySlot):
-        (KJS::InternalFunction::InternalFunction):
-        (KJS::InternalFunction::getCallData):
-        (KJS::InternalFunction::implementsHasInstance):
-        * kjs/math_object.cpp:
-        (KJS::MathObject::MathObject):
-        (KJS::MathObject::getOwnPropertySlot):
-        (KJS::MathObject::getValueProperty):
-        * kjs/math_object.h:
-        * kjs/number_object.cpp:
-        (KJS::NumberObject::NumberObject):
-        (KJS::NumberPrototype::NumberPrototype):
-        (KJS::numberProtoFuncToString):
-        (KJS::numberProtoFuncToLocaleString):
-        (KJS::numberProtoFuncValueOf):
-        (KJS::numberProtoFuncToFixed):
-        (KJS::numberProtoFuncToExponential):
-        (KJS::numberProtoFuncToPrecision):
-        (KJS::NumberConstructor::NumberConstructor):
-        (KJS::NumberConstructor::getOwnPropertySlot):
-        (KJS::NumberConstructor::getValueProperty):
-        (KJS::NumberConstructor::getConstructData):
-        (KJS::NumberConstructor::construct):
-        (KJS::NumberConstructor::callAsFunction):
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        (KJS::JSObject::putDirectFunction):
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (KJS::ObjectConstructor::ObjectConstructor):
-        (KJS::ObjectConstructor::getConstructData):
-        (KJS::ObjectConstructor::construct):
-        (KJS::ObjectConstructor::callAsFunction):
-        * kjs/object_object.h:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        * kjs/regexp_object.cpp:
-        (KJS::regExpProtoFuncTest):
-        (KJS::regExpProtoFuncExec):
-        (KJS::regExpProtoFuncCompile):
-        (KJS::regExpProtoFuncToString):
-        (KJS::RegExpObject::RegExpObject):
-        (KJS::RegExpObject::~RegExpObject):
-        (KJS::RegExpObject::getOwnPropertySlot):
-        (KJS::RegExpObject::getValueProperty):
-        (KJS::RegExpObject::put):
-        (KJS::RegExpObject::putValueProperty):
-        (KJS::RegExpObject::match):
-        (KJS::RegExpObject::test):
-        (KJS::RegExpObject::exec):
-        (KJS::RegExpObject::getCallData):
-        (KJS::RegExpObject::callAsFunction):
-        (KJS::RegExpConstructorPrivate::RegExpConstructorPrivate):
-        (KJS::RegExpConstructor::RegExpConstructor):
-        (KJS::RegExpConstructor::performMatch):
-        (KJS::RegExpMatchesArray::RegExpMatchesArray):
-        (KJS::RegExpMatchesArray::~RegExpMatchesArray):
-        (KJS::RegExpMatchesArray::fillArrayInstance):
-        (KJS::RegExpConstructor::arrayOfMatches):
-        (KJS::RegExpConstructor::getBackref):
-        (KJS::RegExpConstructor::getLastParen):
-        (KJS::RegExpConstructor::getLeftContext):
-        (KJS::RegExpConstructor::getRightContext):
-        (KJS::RegExpConstructor::getOwnPropertySlot):
-        (KJS::RegExpConstructor::getValueProperty):
-        (KJS::RegExpConstructor::put):
-        (KJS::RegExpConstructor::putValueProperty):
-        (KJS::RegExpConstructor::getConstructData):
-        (KJS::RegExpConstructor::construct):
-        (KJS::RegExpConstructor::callAsFunction):
-        (KJS::RegExpConstructor::input):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (KJS::StringObject::StringObject):
-        (KJS::StringObject::getOwnPropertySlot):
-        (KJS::StringObject::put):
-        (KJS::StringObject::deleteProperty):
-        (KJS::StringObject::getPropertyNames):
-        (KJS::StringPrototype::StringPrototype):
-        (KJS::StringPrototype::getOwnPropertySlot):
-        (KJS::replace):
-        (KJS::stringProtoFuncToString):
-        (KJS::stringProtoFuncValueOf):
-        (KJS::stringProtoFuncCharAt):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncConcat):
-        (KJS::stringProtoFuncIndexOf):
-        (KJS::stringProtoFuncLastIndexOf):
-        (KJS::stringProtoFuncMatch):
-        (KJS::stringProtoFuncSearch):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncSlice):
-        (KJS::stringProtoFuncSplit):
-        (KJS::stringProtoFuncSubstr):
-        (KJS::stringProtoFuncSubstring):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        (KJS::stringProtoFuncLocaleCompare):
-        (KJS::stringProtoFuncBig):
-        (KJS::stringProtoFuncSmall):
-        (KJS::stringProtoFuncBlink):
-        (KJS::stringProtoFuncBold):
-        (KJS::stringProtoFuncFixed):
-        (KJS::stringProtoFuncItalics):
-        (KJS::stringProtoFuncStrike):
-        (KJS::stringProtoFuncSub):
-        (KJS::stringProtoFuncSup):
-        (KJS::stringProtoFuncFontcolor):
-        (KJS::stringProtoFuncFontsize):
-        (KJS::stringProtoFuncAnchor):
-        (KJS::stringProtoFuncLink):
-        (KJS::StringConstructor::StringConstructor):
-        (KJS::StringConstructor::getConstructData):
-        (KJS::StringConstructor::construct):
-        (KJS::StringConstructor::callAsFunction):
-        (KJS::StringConstructorFunction::StringConstructorFunction):
-        (KJS::StringConstructorFunction::callAsFunction):
-        * kjs/string_object.h:
-        (KJS::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * profiler/Profiler.cpp:
-        (KJS::createCallIdentifier):
-
-2008-06-15  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Sam.
-
-        - use JS prefix and simpler names for basic JavaScriptCore types,
-          to complement JSValue and JSObject
-
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp:
-        (KJS::jsLess):
-        (KJS::jsLessEq):
-        (KJS::jsAdd):
-        (KJS::callEval):
-        (KJS::Machine::execute):
-        (KJS::Machine::retrieveArguments):
-        (KJS::Machine::retrieveCaller):
-        (KJS::Machine::getCallFrame):
-        (KJS::Machine::getFunctionAndArguments):
-        * VM/Machine.h:
-        * VM/Register.h:
-        * kjs/DebuggerCallFrame.cpp:
-        (KJS::DebuggerCallFrame::functionName):
-        * kjs/ExecState.h:
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::createArgumentsObject):
-        * kjs/array_instance.cpp:
-        (KJS::JSArray::checkConsistency):
-        (KJS::JSArray::JSArray):
-        (KJS::JSArray::~JSArray):
-        (KJS::JSArray::getItem):
-        (KJS::JSArray::lengthGetter):
-        (KJS::JSArray::inlineGetOwnPropertySlot):
-        (KJS::JSArray::getOwnPropertySlot):
-        (KJS::JSArray::put):
-        (KJS::JSArray::deleteProperty):
-        (KJS::JSArray::getPropertyNames):
-        (KJS::JSArray::increaseVectorLength):
-        (KJS::JSArray::setLength):
-        (KJS::JSArray::mark):
-        (KJS::JSArray::sort):
-        (KJS::JSArray::compactForSorting):
-        (KJS::JSArray::lazyCreationData):
-        (KJS::JSArray::setLazyCreationData):
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (KJS::ArrayPrototype::ArrayPrototype):
-        (KJS::ArrayPrototype::getOwnPropertySlot):
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncConcat):
-        (KJS::arrayProtoFuncSort):
-        (KJS::ArrayObjectImp::construct):
-        * kjs/array_object.h:
-        * kjs/completion.h:
-        * kjs/function.cpp:
-        (KJS::JSFunction::JSFunction):
-        (KJS::JSFunction::mark):
-        (KJS::JSFunction::getCallData):
-        (KJS::JSFunction::callAsFunction):
-        (KJS::JSFunction::argumentsGetter):
-        (KJS::JSFunction::callerGetter):
-        (KJS::JSFunction::lengthGetter):
-        (KJS::JSFunction::getOwnPropertySlot):
-        (KJS::JSFunction::put):
-        (KJS::JSFunction::deleteProperty):
-        (KJS::JSFunction::getParameterName):
-        (KJS::JSFunction::getConstructData):
-        (KJS::JSFunction::construct):
-        (KJS::IndexToNameMap::IndexToNameMap):
-        (KJS::Arguments::Arguments):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (KJS::functionProtoFuncToString):
-        (KJS::functionProtoFuncApply):
-        (KJS::FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (KJS::JSString::toPrimitive):
-        (KJS::JSString::getPrimitiveNumber):
-        (KJS::JSString::toBoolean):
-        (KJS::JSString::toNumber):
-        (KJS::JSString::toString):
-        (KJS::StringInstance::create):
-        (KJS::JSString::toObject):
-        (KJS::JSString::toThisObject):
-        (KJS::JSString::lengthGetter):
-        (KJS::JSString::indexGetter):
-        (KJS::JSString::indexNumericPropertyGetter):
-        (KJS::JSString::getOwnPropertySlot):
-        (KJS::JSNumberCell::type):
-        (KJS::JSNumberCell::toPrimitive):
-        (KJS::JSNumberCell::getPrimitiveNumber):
-        (KJS::JSNumberCell::toBoolean):
-        (KJS::JSNumberCell::toNumber):
-        (KJS::JSNumberCell::toString):
-        (KJS::JSNumberCell::toObject):
-        (KJS::JSNumberCell::toThisObject):
-        (KJS::JSNumberCell::getUInt32):
-        (KJS::JSNumberCell::getTruncatedInt32):
-        (KJS::JSNumberCell::getTruncatedUInt32):
-        (KJS::GetterSetter::mark):
-        (KJS::GetterSetter::toPrimitive):
-        (KJS::GetterSetter::getPrimitiveNumber):
-        (KJS::GetterSetter::toBoolean):
-        (KJS::GetterSetter::toNumber):
-        (KJS::GetterSetter::toString):
-        (KJS::GetterSetter::toObject):
-        (KJS::GetterSetter::getOwnPropertySlot):
-        (KJS::GetterSetter::put):
-        (KJS::GetterSetter::toThisObject):
-        * kjs/internal.h:
-        (KJS::JSString::JSString):
-        (KJS::JSString::getStringPropertySlot):
-        * kjs/nodes.cpp:
-        (KJS::FuncDeclNode::makeFunction):
-        (KJS::FuncExprNode::makeFunction):
-        * kjs/nodes.h:
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-        (KJS::JSObject::deleteProperty):
-        (KJS::JSObject::defineGetter):
-        (KJS::JSObject::defineSetter):
-        (KJS::JSObject::lookupGetter):
-        (KJS::JSObject::lookupSetter):
-        (KJS::JSObject::fillGetterPropertySlot):
-        * kjs/object.h:
-        (KJS::GetterSetter::GetterSetter):
-        * kjs/operations.cpp:
-        (KJS::equal):
-        (KJS::strictEqual):
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::containsGettersOrSetters):
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpMatchesArray::getOwnPropertySlot):
-        (KJS::RegExpMatchesArray::put):
-        (KJS::RegExpMatchesArray::deleteProperty):
-        (KJS::RegExpMatchesArray::getPropertyNames):
-        (KJS::RegExpMatchesArray::RegExpMatchesArray):
-        (KJS::RegExpMatchesArray::fillArrayInstance):
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::StringInstance):
-        (KJS::replace):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        * kjs/string_object.h:
-        (KJS::StringInstance::internalValue):
-        * kjs/value.cpp:
-        (KJS::JSCell::getNumber):
-        (KJS::JSCell::getString):
-        (KJS::JSCell::getObject):
-        (KJS::jsString):
-        (KJS::jsOwnedString):
-        * kjs/value.h:
-        (KJS::JSNumberCell::JSNumberCell):
-        (KJS::jsNumberCell):
-        (KJS::JSValue::uncheckedGetNumber):
-        * profiler/Profiler.cpp:
-        (KJS::createCallIdentifier):
-        (KJS::createCallIdentifierFromFunctionImp):
-
-2008-06-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Alexey.
-        
-        - add emitUnaryOp, emitNullaryOp and emitUnaryOpNoDst; use them
-        
-        This removes some boilerplate code and also reduces the number of
-        places that will need to be changed to do on-demand emit of
-        loads (and thus support k operands).
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitUnaryOp):
-        (KJS::CodeGenerator::emitNullaryOp):
-        (KJS::CodeGenerator::emitUnaryOpNoDst):
-        (KJS::CodeGenerator::emitPushScope):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::emitNewObject):
-        (KJS::CodeGenerator::emitNewArray):
-        (KJS::CodeGenerator::emitNot):
-        (KJS::CodeGenerator::emitBitNot):
-        (KJS::CodeGenerator::emitToJSNumber):
-        (KJS::CodeGenerator::emitNegate):
-        (KJS::CodeGenerator::emitInstanceOf):
-        (KJS::CodeGenerator::emitTypeOf):
-        (KJS::CodeGenerator::emitIn):
-        (KJS::CodeGenerator::emitReturn):
-        (KJS::CodeGenerator::emitEnd):
-        (KJS::CodeGenerator::emitGetPropertyNames):
-
-2008-06-15  Alp Toker  <alp@nuanti.com>
-
-        Rubber-stamped by Maciej.
-
-        Install 'jsc' application by default.
-
-        * GNUmakefile.am:
-
-2008-06-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - rename testkjs to jsc
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/jsc: Added.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Copied from JavaScriptCore.vcproj/testkjs/testkjs.vcproj.
-        * JavaScriptCore.vcproj/testkjs: Removed.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jscore.bkl:
-        * kjs/Shell.cpp: Copied from kjs/testkjs.cpp.
-        (main):
-        (printUsageStatement):
-        (jscmain):
-        * kjs/jsc.pro: Copied from kjs/testkjs.pro.
-        * kjs/testkjs.cpp: Removed.
-        * kjs/testkjs.pro: Removed.
-        * tests/mozilla/expected.html:
-        * tests/mozilla/js1_2/Array/tostring_1.js:
-        * tests/mozilla/js1_2/Array/tostring_2.js:
-        * tests/mozilla/jsDriver.pl:
-
-2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Mac build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/nodes.h:
-
-2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Change the spelling of PrecMultiplicitave to PrecMultiplicative.
-
-        * kjs/nodes.h:
-        (KJS::MultNode::precedence):
-        (KJS::DivNode::precedence):
-        (KJS::ModNode::precedence):
-
-2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Remove unused preprocessor macros related to exceptions in the old
-        interpreter.
-
-        * kjs/nodes.cpp:
-
-2008-06-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 19484: More instructions needs to use temporary registers
-        <https://bugs.webkit.org/show_bug.cgi?id=19484>
-
-        Fix codegen for all binary operations so that temporaries are used if
-        necessary. This was done by making BinaryOpNode and ReverseBinaryOpNode
-        subclasses of ExpressionNode, and eliminating the custom emitCode()
-        methods for the individual node classes.
-
-        This only adds 3 new instructions to SunSpider code, and there is no
-        difference in SunSpider execution time.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitBitNot):
-        (KJS::CodeGenerator::emitBinaryOp):
-        * VM/CodeGenerator.h:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::BinaryOpNode::emitCode):
-        (KJS::ReverseBinaryOpNode::emitCode):
-        (KJS::emitReadModifyAssignment):
-        (KJS::CaseBlockNode::emitCodeForBlock):
-        * kjs/nodes.h:
-        (KJS::BinaryOpNode::BinaryOpNode):
-        (KJS::ReverseBinaryOpNode::ReverseBinaryOpNode):
-        (KJS::MultNode::):
-        (KJS::DivNode::):
-        (KJS::DivNode::precedence):
-        (KJS::ModNode::):
-        (KJS::ModNode::precedence):
-        (KJS::AddNode::):
-        (KJS::AddNode::precedence):
-        (KJS::SubNode::):
-        (KJS::SubNode::precedence):
-        (KJS::LeftShiftNode::):
-        (KJS::LeftShiftNode::precedence):
-        (KJS::RightShiftNode::):
-        (KJS::RightShiftNode::precedence):
-        (KJS::UnsignedRightShiftNode::):
-        (KJS::UnsignedRightShiftNode::precedence):
-        (KJS::LessNode::):
-        (KJS::LessNode::precedence):
-        (KJS::GreaterNode::):
-        (KJS::GreaterNode::precedence):
-        (KJS::LessEqNode::):
-        (KJS::LessEqNode::precedence):
-        (KJS::GreaterEqNode::):
-        (KJS::GreaterEqNode::precedence):
-        (KJS::InstanceOfNode::):
-        (KJS::InstanceOfNode::precedence):
-        (KJS::InNode::):
-        (KJS::InNode::precedence):
-        (KJS::EqualNode::):
-        (KJS::EqualNode::precedence):
-        (KJS::NotEqualNode::):
-        (KJS::NotEqualNode::precedence):
-        (KJS::StrictEqualNode::):
-        (KJS::StrictEqualNode::precedence):
-        (KJS::NotStrictEqualNode::):
-        (KJS::NotStrictEqualNode::precedence):
-        (KJS::BitAndNode::):
-        (KJS::BitAndNode::precedence):
-        (KJS::BitOrNode::):
-        (KJS::BitOrNode::precedence):
-        (KJS::BitXOrNode::):
-        (KJS::BitXOrNode::precedence):
-        * kjs/nodes2string.cpp:
-        (KJS::LessNode::streamTo):
-        (KJS::GreaterNode::streamTo):
-        (KJS::LessEqNode::streamTo):
-        (KJS::GreaterEqNode::streamTo):
-        (KJS::InstanceOfNode::streamTo):
-        (KJS::InNode::streamTo):
-        (KJS::EqualNode::streamTo):
-        (KJS::NotEqualNode::streamTo):
-        (KJS::StrictEqualNode::streamTo):
-        (KJS::NotStrictEqualNode::streamTo):
-        (KJS::BitAndNode::streamTo):
-        (KJS::BitXOrNode::streamTo):
-        (KJS::BitOrNode::streamTo):
-
-2008-06-14  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Sam.
-
-        - rename a bunch of local symbols within the regular expression code to
-          follow our usual coding style, and do a few other name tweaks
-
-        * pcre/pcre_compile.cpp:
-        (CompileData::CompileData):
-        (checkEscape):
-        (readRepeatCounts):
-        (compileBranch):
-        (compileBracket):
-        (calculateCompiledPatternLength):
-        (returnError):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (MatchStack::MatchStack):
-        (MatchStack::canUseStackBufferForNextFrame):
-        (MatchStack::popCurrentFrame):
-        (match):
-        (tryFirstByteOptimization):
-        (tryRequiredByteOptimization):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Remove redundant uses of get().
-
-        * kjs/nodes.cpp:
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::AddNode::emitCode):
-        (KJS::SubNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-
-2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Make code generation not use a temporary for the left-hand side of an
-        expression if the right-hand side is a local variable.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::isLocal):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::leftHandSideNeedsCopy):
-        (KJS::CodeGenerator::emitNodeForLeftHandSide):
-        * kjs/nodes.cpp:
-        (KJS::ResolveNode::isPure):
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::AddNode::emitCode):
-        (KJS::SubNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::ExpressionNode::):
-        (KJS::BooleanNode::):
-        (KJS::NumberNode::):
-        (KJS::StringNode::):
-
-2008-06-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - more of https://bugs.webkit.org/show_bug.cgi?id=17257
-          start ref counts at 1 instead of 0 for speed
-
-        * kjs/nodes.cpp:
-        (KJS::ParserRefCounted::hasOneRef): Added. Replaces refcount.
-        * kjs/nodes.h: Replaced refcount with hasOneRef.
-
-        * wtf/ListRefPtr.h:
-        (WTF::ListRefPtr::~ListRefPtr): Changed to use hasOneRef instead of
-        refcount, so this class can be used with the RefCounted template.
-
-        * wtf/RefCounted.h:
-        (WTF::RefCounted::hasOneRef): Made const, since there's no reason for
-        it to be non-const.
-
-2008-06-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - initialize local vars as side effect of call instead of in bytecode
-        1.004x speedup on SunSpider.
-
-        This removes just the dispatch overhead for these loads - in the
-        future, dead store elimination might be able to eliminate them
-        entirely.
-        
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator): For function blocks, don't
-        emit loads of undefined for var initialization.
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall): Instead, initialize locals
-        as part of the call.
-
-2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Remove helper functions in the parser that are no longer needed.
-
-        * kjs/grammar.y:
-
-2008-06-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 19484: More instructions needs to use temporary registers
-        <https://bugs.webkit.org/show_bug.cgi?id=19484>
-
-        Make code generation for AddNode and SubNode use temporaries when
-        necessary.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::AddNode::emitCode):
-        (KJS::SubNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::AddNode::):
-        (KJS::SubNode::):
-
-2008-06-13  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Combine TrueNode and FalseNode to make BooleanNode, and remove the
-        unused class PlaceholderTrueNode.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::BooleanNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::BooleanNode::):
-        (KJS::BooleanNode::precedence):
-        * kjs/nodes2string.cpp:
-        (KJS::BooleanNode::streamTo):
-
-2008-06-13  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Eliminate the use of temporaries to store the left hand side of an
-        expression when the right hand side is a constant. This slightly
-        improves the generated bytecode for a few SunSpider tests, but it is
-        mostly in preparation for fixing
-
-        Bug 19484: More instructions needs to use temporary registers
-        <https://bugs.webkit.org/show_bug.cgi?id=19484>
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::leftHandSideNeedsCopy):
-        (KJS::CodeGenerator::emitNodeForLeftHandSide):
-        * kjs/nodes.cpp:
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::ExpressionNode::):
-        (KJS::FalseNode::):
-        (KJS::TrueNode::):
-        (KJS::NumberNode::):
-        (KJS::StringNode::):
-
-2008-06-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - prettify opcode stats output
-        
-        I changed things to be a bit more aligned, also there is a new
-        section listing most common opcodes and most common sequences that
-        include them.
-
-        * VM/Opcode.cpp:
-        (KJS::OpcodeStats::~OpcodeStats):
-        * VM/Opcode.h:
-
-2008-06-13  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
-        profiler.
-        - Remove recursion from exclude().  This leaves only focus() to fix.
-
-        * JavaScriptCore.exp: Change the signatures of the exported functions.
-        * profiler/Profile.cpp:
-        (KJS::Profile::forEach): I added a traverseNextNodePreOrder() function
-        and so needed to distinguish the other function by labeling it
-        traverseNextNodePostOrder().
-        (KJS::Profile::exclude): All new exclude that iteratively walks the tree
-        * profiler/Profile.h:
-        (KJS::Profile::focus): Add a null check for m_head.
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::traverseNextNodePostOrder): Renamed
-        (KJS::ProfileNode::traverseNextNodePreOrder): Walks the tree in pre-
-        order, where the parent is processed before the children.
-        (KJS::ProfileNode::setTreeVisible): Iterate over the sub-tree and set
-        all of the nodes visible value.  This changes another function that used
-        recursion.
-        (KJS::ProfileNode::exclude): Remove recursion from this function.
-        Because we now check for m_visible and we are walking the tree in pre-
-        order we do not need to check if an excluded node is in an excluded
-        sub-tree.
-        * profiler/ProfileNode.h: Added specific selfTime functions to
-        facilitate exclude().
-        (KJS::ProfileNode::setSelfTime):
-        (KJS::ProfileNode::setActualSelfTime):
-        (KJS::ProfileNode::setVisibleSelfTime):
-
-2008-06-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19434
-          speed up SunSpider by avoiding some string boxing
-
-        Speeds up SunSpider by 1.1%.
-
-        Optimized code path for getting built-in properties from strings -- avoid
-        boxing with a string object in that case. We can make further changes to avoid
-        even more boxing, but this change alone is a win.
-
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::JSCallbackObject::staticValueGetter): Use isObject instead of inherits
-        in asssert, since the type of slotBase() is now JSValue, not JSObject.
-        (KJS::JSCallbackObject::staticFunctionGetter): Ditto.
-        (KJS::JSCallbackObject::callbackGetter): Ditto.
-
-        * kjs/internal.cpp:
-        (KJS::StringImp::getPrimitiveNumber): Updated for change of data member name.
-        (KJS::StringImp::toBoolean): Ditto.
-        (KJS::StringImp::toNumber): Ditto.
-        (KJS::StringImp::toString): Ditto.
-        (KJS::StringInstance::create): Added; avoids a bit of cut and paste code.
-        (KJS::StringImp::toObject): Use StringInstance::create.
-        (KJS::StringImp::toThisObject): Ditto.
-        (KJS::StringImp::lengthGetter): Added. Replaces the getter that used to live in
-        the StringInstance class.
-        (KJS::StringImp::indexGetter): Ditto.
-        (KJS::StringImp::indexNumericPropertyGetter): Ditto.
-        (KJS::StringImp::getOwnPropertySlot): Added. Deals with built in properties of
-        the string class without creating a StringInstance.
-
-        * kjs/internal.h:
-        (KJS::StringImp::getStringPropertySlot): Added. To be used by both the string
-        and string object getOwnPropertySlot function.
-
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter): Updated since slotBase() is now a JSValue rather
-        than a JSObject.
-
-        * kjs/object.h: Removed PropertySlot::slotBase() function, which can now move
-        back into property_slot.h where it belongs since it doesn't have to cast to
-        JSObject*.
-
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::functionGetter): Updated since slot.slotBase() is now a JSValue*
-        instead of JSObject*. setGetterSlot still guarantees the base is a JSObject*.
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::PropertySlot): Changed base to JSValue* intead of JSCell*.
-        (KJS::PropertySlot::setStaticEntry): Ditto.
-        (KJS::PropertySlot::setCustom): Ditto.
-        (KJS::PropertySlot::setCustomIndex): Ditto.
-        (KJS::PropertySlot::setCustomNumeric): Ditto.
-        (KJS::PropertySlot::slotBase): Moved inline here since it no longer involves a
-        downcast to JSObject*.
-        (KJS::PropertySlot::setBase): Changed to JSValue*.
-
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::getOwnPropertySlot): Changed to use getStringPropertySlot
-        instead of coding the properties here. This allows sharing the code with StringImp.
-
-        * kjs/string_object.h: Removed inlineGetOwnPropertySlot, lengthGetter, and indexGetter.
-        Made one of the constructors protected.
-
-        * kjs/value.h: Made getOwnPropertySlot private in the JSCell class -- this is better
-        since it's not the real JSObject getOwnPropertySlot semantic and most callers shouldn't
-        use it.
-
-2008-06-12  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        Preparation to making JavaScript heap per-thread.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        (KJS::Collector::markListSet):
-        The collector now holds the list of protected lists itself, to be made per-instance.
-
-        * kjs/list.h: Changed to hold a pointer to a mark set this list is in, if any.
-        (KJS::List::List): Explicitly initialize m_size with zero, as m_vector.size() is
-        guaranteed to be such anyway.
-        (KJS::List::append): Changed the fast case to only be executed as long as inline buffer
-        is used, because otherwise, we now do more expensive checks.
-
-        * kjs/list.cpp:
-        (KJS::List::markLists): Renamed from markProtectedListsSlowCase, made it take the list set
-        as a parameter.
-        (KJS::List::slowAppend): If a non-immediate value is appended, the list needs to be added
-        to an appropriate Heap's protected list. For now, a static Collector::markListSet() is
-        used, but the code is layed out in preparation to making the switch to multiple heaps.
-
-        * JavaScriptCore.exp: Updated export list.
-
-2008-06-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 19510: CodeBlock::needsFullScopeChain not always set for global code
-        <https://bugs.webkit.org/show_bug.cgi?id=19510>
-
-        This fixes the symptoms by using CodeGenerator::m_codeType to determine
-        when to use temporaries instead of CodeBlock::needsFullScopeChain, but
-        it does not fix the problem itself.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::leftHandSideNeedsCopy):
-
-2008-06-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 19498: REGRESSION (r34497): crash while loading GMail
-        <https://bugs.webkit.org/show_bug.cgi?id=19498>
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJumpIfTrueMayCombine):
-        (KJS::CodeGenerator::emitJumpIfTrue):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::DoWhileNode::emitCode):
-        (KJS::WhileNode::emitCode):
-        (KJS::ForNode::emitCode):
-        (KJS::CaseBlockNode::emitCodeForBlock):
-
-2008-06-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - a little bit of cleanup and prep for some upcoming optimizations
-
-        * JavaScriptCore.exp: Re-sorted this file (with sort command line tool).
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump): Fixed printf to avoid warnings -- to use %lu we
-        need to make sure the type is unsigned long.
-        * kjs/object.cpp:
-        (KJS::Error::create): Eliminated unused error names array, and also put
-        the strings into the code since there was already a switch statment.
-        This also avoids having to contemplate a hypothetical access past the
-        end of the array.
-        * kjs/object.h: Got rid of errorNames.
-        * kjs/property_slot.cpp: Deleted unused ungettableGetter.
-        * kjs/property_slot.h: Ditto.
-        * wtf/AlwaysInline.h: Added LIKELY alongside UNLIKELY.
-
-2008-06-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Bug 19457: Create fused opcodes for tests and conditional jumps
-        <https://bugs.webkit.org/show_bug.cgi?id=19457>
-
-        Add a new jless instruction, and modify the code generator to emit it
-        instead of the pair (less, jtrue).
-
-        Gives a 3.6% improvement on SunSpider.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::emitOpcode):
-        (KJS::CodeGenerator::retrieveLastBinaryOp):
-        (KJS::CodeGenerator::rewindBinaryOp):
-        (KJS::CodeGenerator::emitJump):
-        (KJS::CodeGenerator::emitJumpIfTrue):
-        (KJS::CodeGenerator::emitJumpIfFalse):
-        (KJS::CodeGenerator::emitMove):
-        (KJS::CodeGenerator::emitNot):
-        (KJS::CodeGenerator::emitEqual):
-        (KJS::CodeGenerator::emitNotEqual):
-        (KJS::CodeGenerator::emitStrictEqual):
-        (KJS::CodeGenerator::emitNotStrictEqual):
-        (KJS::CodeGenerator::emitLess):
-        (KJS::CodeGenerator::emitLessEq):
-        (KJS::CodeGenerator::emitPreInc):
-        (KJS::CodeGenerator::emitPreDec):
-        (KJS::CodeGenerator::emitPostInc):
-        (KJS::CodeGenerator::emitPostDec):
-        (KJS::CodeGenerator::emitToJSNumber):
-        (KJS::CodeGenerator::emitNegate):
-        (KJS::CodeGenerator::emitAdd):
-        (KJS::CodeGenerator::emitMul):
-        (KJS::CodeGenerator::emitDiv):
-        (KJS::CodeGenerator::emitMod):
-        (KJS::CodeGenerator::emitSub):
-        (KJS::CodeGenerator::emitLeftShift):
-        (KJS::CodeGenerator::emitRightShift):
-        (KJS::CodeGenerator::emitUnsignedRightShift):
-        (KJS::CodeGenerator::emitBitAnd):
-        (KJS::CodeGenerator::emitBitXOr):
-        (KJS::CodeGenerator::emitBitOr):
-        (KJS::CodeGenerator::emitBitNot):
-        (KJS::CodeGenerator::emitInstanceOf):
-        (KJS::CodeGenerator::emitTypeOf):
-        (KJS::CodeGenerator::emitIn):
-        (KJS::CodeGenerator::emitLoad):
-        (KJS::CodeGenerator::emitNewObject):
-        (KJS::CodeGenerator::emitNewArray):
-        (KJS::CodeGenerator::emitResolve):
-        (KJS::CodeGenerator::emitGetScopedVar):
-        (KJS::CodeGenerator::emitPutScopedVar):
-        (KJS::CodeGenerator::emitResolveBase):
-        (KJS::CodeGenerator::emitResolveWithBase):
-        (KJS::CodeGenerator::emitResolveFunction):
-        (KJS::CodeGenerator::emitGetById):
-        (KJS::CodeGenerator::emitPutById):
-        (KJS::CodeGenerator::emitPutGetter):
-        (KJS::CodeGenerator::emitPutSetter):
-        (KJS::CodeGenerator::emitDeleteById):
-        (KJS::CodeGenerator::emitGetByVal):
-        (KJS::CodeGenerator::emitPutByVal):
-        (KJS::CodeGenerator::emitDeleteByVal):
-        (KJS::CodeGenerator::emitPutByIndex):
-        (KJS::CodeGenerator::emitNewFunction):
-        (KJS::CodeGenerator::emitNewRegExp):
-        (KJS::CodeGenerator::emitNewFunctionExpression):
-        (KJS::CodeGenerator::emitCall):
-        (KJS::CodeGenerator::emitReturn):
-        (KJS::CodeGenerator::emitEnd):
-        (KJS::CodeGenerator::emitConstruct):
-        (KJS::CodeGenerator::emitPushScope):
-        (KJS::CodeGenerator::emitPopScope):
-        (KJS::CodeGenerator::emitDebugHook):
-        (KJS::CodeGenerator::emitComplexJumpScopes):
-        (KJS::CodeGenerator::emitJumpScopes):
-        (KJS::CodeGenerator::emitNextPropertyName):
-        (KJS::CodeGenerator::emitGetPropertyNames):
-        (KJS::CodeGenerator::emitCatch):
-        (KJS::CodeGenerator::emitThrow):
-        (KJS::CodeGenerator::emitNewError):
-        (KJS::CodeGenerator::emitJumpSubroutine):
-        (KJS::CodeGenerator::emitSubroutineReturn):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.cpp:
-        * VM/Opcode.h:
-
-2008-06-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Alexey.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=19442
-          JavaScript array implementation doesn't maintain m_numValuesInVector when sorting
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::checkConsistency): Added. Empty inline version for when
-        consistency checks are turned off.
-        (KJS::ArrayInstance::ArrayInstance): Check consistency after construction.
-        (KJS::ArrayInstance::~ArrayInstance): Check consistency before destruction.
-        (KJS::ArrayInstance::put): Check consistency before and after.
-        (KJS::ArrayInstance::deleteProperty): Ditto.
-        (KJS::ArrayInstance::setLength): Ditto.
-        (KJS::compareByStringPairForQSort): Use typedef for clarity.
-        (KJS::ArrayInstance::sort): Check consistency before and after. Also broke the loop
-        to set up sorting into two separate passes. Added FIXMEs about various exception
-        safety issues. Added code to set m_numValuesInVector after sorting.
-        (KJS::ArrayInstance::compactForSorting): Ditto.
-
-        * kjs/array_instance.h: Added a definition of an enum for the types of consistency
-        check and a declaration of the consistency checking function.
-
-2008-06-10  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Link against libedit on Mac since HAVE(READLINE) is defined there.
-
-        * jscore.bkl:
-
-2008-06-10  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=16503
-        match limit takes at least 13% of the time on the SunSpider regexp-dna test
-
-        Make the limit test slightly more efficient. It is not clear how much of a win it is,
-        as the improvement on regexp-dna varies from 2.3% to 0.6% depending on what revision I
-        apply the patch to. Today, the win on regexp-dna was minimal, but the total win was whopping
-        0.5%, due to random code generation changes.
-
-        * pcre/pcre_exec.cpp: (match): Avoid loading a constant on each iteration.
-
-2008-06-09  Alp Toker  <alp@nuanti.com>
-
-        gcc3/autotools build fix. Add explicit -O2 -fno-strict-aliasing to
-        each of the tools since these are no longer set globally.
-
-        * GNUmakefile.am:
-
-2008-06-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Sam.
-
-        Add an include for readline/history.h to fix the build for Darwin users
-        with the GNU readline library installed. Also, clean up the style of
-        the HAVE(READLINE) check.
-
-        * kjs/testkjs.cpp:
-        (runInteractive):
-
-2008-06-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Bug 17531: Add interactive mode to testkjs
-        <https://bugs.webkit.org/show_bug.cgi?id=17531>
-
-        This is a cleaned up version of Sam's earlier patch to add an
-        interactive mode to testkjs.
-
-        Readline support is only enabled on Darwin platforms for now, but
-        other ports can enable it by defining HAVE_READLINE in kjs/config.h.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/config.h:
-        * kjs/testkjs.cpp:
-        (Options::Options):
-        (runWithScripts):
-        (runInteractive):
-        (printUsageStatement):
-        (parseArguments):
-        (kjsmain):
-
-2008-06-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Bug 19346: REGRESSION: Mootools 1.2 Class inheritance broken in post-SquirrelFish merge
-        <https://bugs.webkit.org/show_bug.cgi?id=19346>
-
-        A check for whether a function's caller is eval code accidentally included
-        the case where the caller's caller is native code. Add a CodeType field to
-        CodeBlock and use this for the eval caller test instead.
-
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::CodeBlock):
-        (KJS::ProgramCodeBlock::ProgramCodeBlock):
-        (KJS::EvalCodeBlock::EvalCodeBlock):
-        * VM/Machine.cpp:
-        (KJS::getCallerFunctionOffset):
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::generateCode):
-        (KJS::ProgramNode::generateCode):
-
-2008-06-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Dan Bernstein.
-
-        Bug 17928: testkjs shouldn't require "-f"
-        <https://bugs.webkit.org/show_bug.cgi?id=17928>
-
-        * kjs/testkjs.cpp:
-        (printUsageStatement):
-        (parseArguments):
-
-2008-06-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Eric.
-
-        Bug 17548: JavaScriptCore print(a, b) differs from Spidermonkey Behavior
-        <https://bugs.webkit.org/show_bug.cgi?id=17548>
-
-        * kjs/testkjs.cpp:
-        (functionPrint):
-
-2008-06-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Sam.
-
-        Bug 17547: JavaScriptCore print() differs from Spidermonkey Behavior
-        <https://bugs.webkit.org/show_bug.cgi?id=17547>
-
-        * kjs/testkjs.cpp:
-        (functionPrint):
-
-2008-06-07  Alexey Proskuryakov  <ap@webkit.org>
-
-        More build fixes.
-
-        * kjs/JSGlobalData.cpp: Fixed an included file name for case-sensitive file systems, fixed
-        JSGlobalData::threadInstance() for non-multithreaded builds.
-
-2008-06-07  Alexey Proskuryakov  <ap@webkit.org>
-
-        Build fix - actually adding JSGlobalData.cpp to non-Mac builds!
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCoreSources.bkl:
-
-2008-06-07  Alexey Proskuryakov  <ap@webkit.org>
-
-        Try to fix Gtk/gcc 4.3 build.
-
-        * kjs/JSGlobalData.h: Include ustring.h instead of forward-declaring UString::Rep.
-
-2008-06-06  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Combine per-thread objects into one, to make it easier to support legacy clients (for
-        which they shouldn't be really per-thread).
-
-        No change on SunSpider total.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added JSGlobalData.{h,cpp}
-
-        * kjs/JSGlobalData.cpp: Added.
-        (KJS::JSGlobalData::JSGlobalData):
-        (KJS::JSGlobalData::~JSGlobalData):
-        (KJS::JSGlobalData::threadInstance):
-        * kjs/JSGlobalData.h: Added.
-        This class encapsulates all data that should be per-thread (or shared between legacy clients).
-        It will also keep a Heap pointer, but right now, Heap (Collector) methods are all static.
-
-        * kjs/identifier.h:
-        (KJS::Identifier::Identifier):
-        Added a constructor explicitly taking JSGlobalData to access IdentifierTable. Actually,
-        all of them should, but this will be a separate patch.
-
-        * kjs/identifier.cpp:
-        (KJS::IdentifierTable::literalTable):
-        (KJS::createIdentifierTable):
-        (KJS::deleteIdentifierTable):
-        (KJS::Identifier::add):
-        (KJS::Identifier::addSlowCase):
-        Combined IdentifierTable and LiteralIdentifierTable into a single class for simplicity.
-
-        * kjs/grammar.y: kjsyyparse now takes JSGlobalData, not just a Lexer.
-
-        * kjs/nodes.cpp:
-        (KJS::Node::Node):
-        (KJS::EvalFunctionCallNode::emitCode):
-        (KJS::ScopeNode::ScopeNode):
-        Changed to access Lexer and Parser via JSGlobalData::threadInstance(). This is also a
-        temporary measure, they will need to use JSGlobalData explicitly.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::callEval):
-        * kjs/CommonIdentifiers.cpp:
-        (KJS::CommonIdentifiers::CommonIdentifiers):
-        * kjs/CommonIdentifiers.h:
-        * kjs/DebuggerCallFrame.cpp:
-        (KJS::DebuggerCallFrame::evaluate):
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/ExecState.h:
-        (KJS::ExecState::globalData):
-        (KJS::ExecState::identifierTable):
-        (KJS::ExecState::propertyNames):
-        (KJS::ExecState::emptyList):
-        (KJS::ExecState::lexer):
-        (KJS::ExecState::parser):
-        (KJS::ExecState::arrayTable):
-        (KJS::ExecState::dateTable):
-        (KJS::ExecState::mathTable):
-        (KJS::ExecState::numberTable):
-        (KJS::ExecState::RegExpImpTable):
-        (KJS::ExecState::RegExpObjectImpTable):
-        (KJS::ExecState::stringTable):
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreadingOnce):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::init):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (KJS::JSGlobalObject::head):
-        (KJS::JSGlobalObject::globalData):
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse):
-        * kjs/Parser.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::getParameterName):
-        (KJS::IndexToNameMap::unMap):
-        (KJS::globalFuncEval):
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::checkSyntax):
-        (KJS::Interpreter::evaluate):
-        * kjs/lexer.cpp:
-        (kjsyylex):
-        * kjs/lexer.h:
-        * kjs/testkjs.cpp:
-        (prettyPrintScript):
-        Updated for the above changes. Most of threadInstance uses here will need to be replaced with
-        explicitly passed pointers to support legacy JSC clients.
-
-        * JavaScriptCore.exp: Removed KJS::parser().
-
-2008-06-06  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 19424: Add support for logging opcode pair counts
-        <https://bugs.webkit.org/show_bug.cgi?id=19424>
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.cpp:
-        (KJS::OpcodeStats::OpcodeStats):
-        (KJS::compareOpcodeIndices):
-        (KJS::compareOpcodePairIndices):
-        (KJS::OpcodeStats::~OpcodeStats):
-        (KJS::OpcodeStats::recordInstruction):
-        (KJS::OpcodeStats::resetLastInstruction):
-        * VM/Opcode.h:
-
-2008-06-06  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam.
-
-        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
-        profiler.
-        - Change the remaining functions that do not take arguments, from using
-        recursion to using iteration.
-
-        * JavaScriptCore.exp:
-        * profiler/Profile.cpp:
-        (KJS::stopProfiling):
-        (KJS::restoreAll):
-        (KJS::Profile::stopProfiling): Use foreach instead of recursion.
-        (KJS::Profile::restoreAll): Ditto.
-        * profiler/Profile.h:
-        * profiler/ProfileNode.cpp: Remove recursion.
-        (KJS::ProfileNode::stopProfiling):
-        (KJS::ProfileNode::restore):
-        * profiler/ProfileNode.h:
-
-2008-06-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey.
-
-        Fix Greater and GreaterEq nodes to emit code for the left
-        and right sub-expressions in the correct order.
-
-        * kjs/nodes.cpp:
-        (KJS::GreaterNode::emitCode):
-        (KJS::GreaterEqNode::emitCode):
-
-2008-06-05  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Alp Toker.
-        
-        Fix whitespaces.
-
-        * kjs/collector.cpp:
-        (KJS::getPlatformThreadRegisters):
-
-2008-06-05  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Darin.
-        
-        Support compiling JavaScriptCore for ARM.
-
-        * kjs/collector.cpp:
-        (KJS::getPlatformThreadRegisters):
-        (KJS::otherThreadStackPointer):
-
-2008-06-05  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Jon.
-
-        - Name changes.
-
-        * JavaScriptCore.exp:
-        * profiler/Profile.cpp:
-        (KJS::Profile::Profile):
-        (KJS::Profile::stopProfiling):
-        (KJS::Profile::didExecute):
-        (KJS::Profile::forEach):
-        (KJS::Profile::debugPrintData):
-        (KJS::Profile::debugPrintDataSampleStyle):
-        * profiler/Profile.h:
-        (KJS::Profile::callTree):
-        (KJS::Profile::totalTime):
-        (KJS::Profile::sortTotalTimeDescending):
-        (KJS::Profile::sortTotalTimeAscending):
-        (KJS::Profile::sortSelfTimeDescending):
-        (KJS::Profile::sortSelfTimeAscending):
-        (KJS::Profile::sortCallsDescending):
-        (KJS::Profile::sortCallsAscending):
-        (KJS::Profile::sortFunctionNameDescending):
-        (KJS::Profile::sortFunctionNameAscending):
-        (KJS::Profile::focus):
-        (KJS::Profile::exclude):
-        (KJS::Profile::restoreAll):
-
-2008-06-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Stephanie Lewis.
-
-        Added the -fno-move-loop-invariants flag to the pcre_exec.cpp build, to
-        tell GCC not to perform loop invariant motion, since GCC's loop
-        invariant motion doesn't do very well with computed goto code.
-        
-        SunSpider reports no change.
-
-2008-06-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Stephanie Lewis.
-        
-        Added the -fno-tree-pre flag to the Machine.cpp build, to tell GCC not
-        to perform Partial Redundancy Elimination (PRE) on trees in Machine.cpp,
-        since GCC's PRE doesn't do very well with computed goto code.
-        
-        SunSpider reports a .7% speedup.
-        
-2008-06-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Stephanie Lewis (or maybe the other way around).
-        
-        Minor change to PCRE to help out certain compilers.
-        
-        SunSpider reports no change, maybe a small speedup.
-
-        * pcre/pcre_exec.cpp:
-        (match): Use instructionPtr++ a little less, to avoid confusing the
-        optimizer.
-
-2008-06-05  Alexey Proskuryakov  <ap@webkit.org>
-
-        Re-landing an independent part of a previously rolled out threading patch.
-
-        * wtf/ThreadSpecific.h: Make sure to initialize POD thread-specific varaibles, too
-        (replaced "new T" with "new T()").
-
-2008-06-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Hyatt.
-        
-        - force inlining of a template function that only has one call site per specialization
-        1.3% speedup on SunSpider
-
-        * kjs/collector.cpp:
-        (KJS::Collector::heapAllocate): This template function is only
-        called from allocate() and allocateNumber() (once per
-        specialization) and the extra call overhead for GC allocation
-        shows up, so force inlining.
-
-2008-06-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Alexey and Oliver.
-        
-        - remove profiler fetch hack
-        I measure an 0.5% progression from this, others show a wash. It seems not needed any more.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-06-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 19400: subscript operator does not protect base when necessary
-        <https://bugs.webkit.org/show_bug.cgi?id=19400>
-
-        Use a temporary for the base in BracketAccessorNode if the subscript
-        might possibly modify it.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::BracketAccessorNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::BracketAccessorNode::):
-
-2008-06-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Big cleanup of formatting and whitespace.
-
-2008-06-04  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Add an option to dump statistics on executed instructions.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.cpp:
-        (KJS::OpcodeStats::~OpcodeStats):
-        (KJS::OpcodeStats::recordInstruction):
-        * VM/Opcode.h:
-
-2008-06-04  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
-        profiler.
-        - This patch removes the use of recursion for the sort functions.
-
-        * JavaScriptCore.exp: Change the signatures of the functions being
-        exported.
-        * profiler/Profile.cpp:
-        (KJS::Profile::sort): This generic function will accept any of the
-        static sort functions and apply them to the whole tree.
-        * profiler/Profile.h: All of the sorting functions now call the new
-        sort() function.
-        (KJS::Profile::sortTotalTimeDescending):
-        (KJS::Profile::sortTotalTimeAscending):
-        (KJS::Profile::sortSelfTimeDescending):
-        (KJS::Profile::sortSelfTimeAscending):
-        (KJS::Profile::sortCallsDescending):
-        (KJS::Profile::sortCallsAscending):
-        (KJS::Profile::sortFunctionNameDescending):
-        (KJS::Profile::sortFunctionNameAscending):
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::ProfileNode): m_head used to point to the head node
-        if this was the head node.  It now points to null to make iteration easy
-        (KJS::ProfileNode::willExecute): Now must check if m_head is null, this
-        check used to happend in the constructor.
-        (KJS::ProfileNode::stopProfiling): Again the check is slightly different
-        to determine if this is the head.
-        (KJS::ProfileNode::traverseNextNode): This function returns the next
-        node in post order.
-        (KJS::ProfileNode::sort): This generic function will sort according to
-        the comparator passed in, then reset the children pointers to macth the
-        new order.
-        * profiler/ProfileNode.h: The sorting function were removed from the
-        definition file and instead use the new generic sort() function
-        (KJS::ProfileNode::totalPercent): because the head can now be empty we
-        need to check here too for the head node.
-        (KJS::ProfileNode::selfPercent): Ditto
-        (KJS::ProfileNode::firstChild): This function is necessary for the 
-        iterative algorithm in Profile.cpp.
-        (KJS::ProfileNode::sortTotalTimeDescending):
-        (KJS::ProfileNode::sortTotalTimeAscending):
-        (KJS::ProfileNode::sortSelfTimeDescending):
-        (KJS::ProfileNode::sortSelfTimeAscending):
-        (KJS::ProfileNode::sortCallsDescending):
-        (KJS::ProfileNode::sortCallsAscending):
-        (KJS::ProfileNode::sortFunctionNameDescending):
-        (KJS::ProfileNode::sortFunctionNameAscending):
-        (KJS::ProfileNode::childrenBegin):
-        (KJS::ProfileNode::childrenEnd):
-        (KJS::ProfileNode::totalTimeDescendingComparator):
-        (KJS::ProfileNode::totalTimeAscendingComparator):
-        (KJS::ProfileNode::selfTimeDescendingComparator):
-        (KJS::ProfileNode::selfTimeAscendingComparator):
-        (KJS::ProfileNode::callsDescendingComparator):
-        (KJS::ProfileNode::callsAscendingComparator):
-        (KJS::ProfileNode::functionNameDescendingComparator):
-        (KJS::ProfileNode::functionNameAscendingComparator):
-
-2008-06-04  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Fix JSClassCreate to work with old JSCore API threading model.
-
-        No change on SunSpider.
-
-        * API/JSClassRef.cpp: (OpaqueJSClass::OpaqueJSClass): Since JSClass is constructed without
-        a context, there is no way for it to create Identifiers.
-        Also, added initializeThreading(), just for good measure.
-
-        * API/JSCallbackObjectFunctions.h: (KJS::::getPropertyNames): Make an Identifier out of the
-        string here, because propertyNames.add() needs that.
-
-        * kjs/identifier.cpp:
-        * kjs/identifier.h:
-        (KJS::Identifier::equal):
-        * kjs/ustring.cpp:
-        (KJS::equal):
-        Moved equal() from identifier.h to ustring.h, because it's not really about Identifiers,
-        and to make it possible to use it from StrHash.
-        Include StrHash.h from ustring.h to avoid having the behavior depend on headers that happen
-        to be included.
-
-        * wtf/StrHash.h: Removed.
-        * kjs/ustring.h: Made RefPtr<UString::Rep> use the same default hash as UString::Rep* (it
-        used to default to pointer equality). Moved the whole StrHash header into ustring.h.
-
-        * JavaScriptCore.exp: Export equal() for WebCore use (this StrHash is used in c_class.cpp,
-        jni_class.cpp, and npruntime.cpp).
-
-2008-06-04  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Darin.
-
-        Fix spacing in collector.{h,cpp}.
-
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-
-2008-06-03  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Build fix. The cleanup in r34355 missed a method.
-
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-
-2008-06-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19269
-          speed up SunSpider by eliminating the toObject call for most get/put/delete
-
-        Makes standalone SunSpider 1.025x as fast as before.
-
-        The getOwnPropertySlot virtual function now takes care of the toObject call
-        for get. Similarly, the put function (and later deleteProperty) does the
-        same for those operations. To do this, the virtual functions were moved from
-        the JSObject class to the JSCell class. Also, since the caller no longer knows
-        the identity of the "original object", which is used by JavaScript-function
-        based getters, changed the PropertySlot class so the original object is
-        already stored in the slot when getOwnPropertySlot is called, if the caller
-        intends to call getValue.
-
-        This affected the old interpreter code enough that the easiest thing for me
-        was to just delete it. While I am not certain the mysterious slowdown is not
-        still occurring, the net change is definitely a significant speedup.
-
-        * JavaScriptCore.exp: Updated.
-
-        * VM/Machine.cpp: Moved the UNLIKELY macro into AlwaysInline.h.
-        (KJS::resolve): Set up the originalObject in the PropertySlot before
-        calling getPropertySlot. Also removed the originalObject argument from
-        getValue.
-        (KJS::resolve_skip): Ditto.
-        (KJS::resolveBaseAndProperty): Ditto.
-        (KJS::resolveBaseAndFunc): Ditto.
-        (KJS::Machine::privateExecute): Removed the toObject calls from the get and
-        put functions where possible, instead calling directly with JSValue and letting
-        the JSValue and JSCell calls handle toObject. Same for toThisObject.
-
-        * kjs/ExecState.h: Removed OldInterpreterExecState.
-
-        * API/JSBase.cpp: Updated includes.
-
-        * kjs/LocalStorageEntry.h: Removed contents. Later we can remove the file too.
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::lengthGetter): Removed originalObject argumet.
-        (KJS::ArrayInstance::inlineGetOwnPropertySlot): Don't pass a base value to
-        setValueSlot. Also use UNLIKELY around the "getting elements past the end of
-        the array" code path; less common than successfully getting an element.
-
-        * kjs/array_object.cpp:
-        (KJS::getProperty): Initialize the PropertySlot with the original object.
-        Don't pass the original object to the get function.
-        (KJS::arrayProtoFuncFilter): Ditto.
-        (KJS::arrayProtoFuncMap): Ditto.
-        (KJS::arrayProtoFuncEvery): Ditto.
-        (KJS::arrayProtoFuncForEach): Ditto.
-        (KJS::arrayProtoFuncSome): Ditto.
-
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct): Removed an obsolete comment.
-
-        * kjs/grammar.y: Eliminated support for some of the node types that were
-        used to optimize executing from the syntax tree.
-
-        * kjs/internal.cpp:
-        (KJS::StringImp::toThisObject): Added. Same as toObject.
-        (KJS::NumberImp::toThisObject): Ditto.
-        (KJS::GetterSetterImp::getOwnPropertySlot): Added. Not reached.
-        (KJS::GetterSetterImp::put): Ditto.
-        (KJS::GetterSetterImp::toThisObject): Ditto.
-
-        * kjs/internal.h: Added toThisObject to NumberImp for speed.
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::shift): Changed shift to just do a single character, to unroll
-        the loop and especially to make the one character case faster.
-        (KJS::Lexer::setCode): Call shift multiple times instead of passing a number.
-        (KJS::Lexer::lex): Ditto.
-        (KJS::Lexer::matchPunctuator): Ditto. Also removed unneeded elses after returns.
-        (KJS::Lexer::scanRegExp): Ditto.
-        * kjs/lexer.h: Removed the count argument from shift.
-
-        * kjs/math_object.cpp:
-        (KJS::mathProtoFuncPow): Call jsNaN instead of jsNumber(NaN).
-
-        * kjs/nodes.cpp: Removed some of the things needed only for the pre-SquirrelFish
-        execution model.
-        (KJS::ForNode::emitCode): Handle cases where some expressions are missing by
-        not emitting any code at all. The old way was to emit code for "true", but
-        this is an unnecessary remnant of the old way of doing things.
-
-        * kjs/nodes.h: Removed some of the things needed only for the pre-SquirrelFish
-        execution model.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::fillGetterPropertySlot): Changed to only pass in the getter
-        function. The old code passed in a base, but it was never used when
-        actually getting the property; the toThisObject call was pointless. Also
-        changed to not pass a base for setUndefined.
-
-        * kjs/object.h: Added the new JSCell operations to GetterSetterImp.
-        Never called.
-        (KJS::JSObject::get): Initialize the object in the PropertySlot and don't
-        pass it in getValue.
-        (KJS::JSObject::getOwnPropertySlotForWrite): Removed the base argument
-        in calls to setValueSlot.
-        (KJS::JSObject::getOwnPropertySlot): Ditto.
-        (KJS::JSValue::get): Added. Here because it calls through to JSObject.
-        A version of JSObject::get that also handles the other types of JSValue
-        by creating the appropriate wrapper. Saves the virtual call to toObject.
-        (KJS::JSValue::put): Ditto.
-        (KJS::JSValue::deleteProperty): Ditto.
-
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::undefinedGetter): Removed the originalObject argument.
-        (KJS::PropertySlot::ungettableGetter): Ditto.
-        (KJS::PropertySlot::functionGetter): Ditto. Use the value in the base
-        as the "this" object, which will be set to the original object by the new
-        PropertySlot initialization code. Also call toThisObject. The old code did
-        not do this, but needed to so we can properly handle the activation object
-        like the other similar code paths.
-
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::PropertySlot): Added a constructor that takes a base
-        object. In debug builds, set the base to 0 if you don't pass one.
-        (KJS::PropertySlot::getValue): Don't take or pass the originalObject.
-        (KJS::PropertySlot::setValueSlot): Don't take a base object, and clear the
-        base object in debug builds.
-        (KJS::PropertySlot::setGetterSlot): Ditto.
-        (KJS::PropertySlot::setUndefined): Ditto.
-        (KJS::PropertySlot::setUngettable): Ditto.
-        (KJS::PropertySlot::slotBase): Assert that a base object is present.
-        This will fire if someone actually calls the get function without having
-        passed in a base object and the getter needs it.
-        (KJS::PropertySlot::setBase): Added. Used by the code that implements
-        toObject so it can supply the original object after the fact.
-        (KJS::PropertySlot::clearBase): Added. Clears the base, but is debug-only
-        code because it's an error to fetch the base if you don't have a guarantee
-        it was set.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::JSCallbackObject::cachedValueGetter):
-        (KJS::JSCallbackObject::staticValueGetter):
-        (KJS::JSCallbackObject::staticFunctionGetter):
-        (KJS::JSCallbackObject::callbackGetter):
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::getOwnPropertySlot):
-        (KJS::JSActivation::argumentsGetter):
-        * kjs/JSActivation.h:
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableGet):
-        * kjs/array_instance.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::FunctionImp::callerGetter):
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::Arguments::mappedIndexGetter):
-        * kjs/function.h:
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::staticValueGetter):
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::lengthGetter):
-        (KJS::StringInstance::indexGetter):
-        (KJS::stringInstanceNumericPropertyGetter):
-        * kjs/string_object.h:
-        Removed originalObject arguments from getters. Don't pass base values to
-        the various PropertySlot functions that no longer take them.
-
-        * kjs/value.cpp:
-        (KJS::JSCell::getOwnPropertySlot): Added. Calls toObject and then sets the slot.
-        This function has to always return true, because the caller can't walk the prototype
-        chain. Because of that, we do a getPropertySlot, not getOwnPropertySlot, which works
-        for the caller. This is private, only called by getOwnPropertySlotInternal.
-        (KJS::JSCell::put): Added. Calls toObject and then put.
-        (KJS::JSCell::toThisObject): Added. Calls toObject.
-
-        * kjs/value.h: Added get, put, and toThisObject to both JSValue
-        and JSCell. These take care of the toObject operation without an additional virtual
-        function call, and so make the common "already an object" case faster.
-
-        * wtf/AlwaysInline.h: Moved the UNLIKELY macro here for now. Maybe we can find a
-        better place later, or rename this header.
-
-2008-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Tim.
-
-        Bug 12983: Web Inspector break on the debugger keyword
-        <https://bugs.webkit.org/show_bug.cgi?id=12983>
-
-        Added a DebuggerStatementNode to handle codegen, and added a new
-        DidReachBreakPoint debug event (which will hopefully be useful
-        if we ever move breakpoint management into JSC proper).  Also
-        added didReachBreakpoint to Debugger to allow us to actually respond
-        to this event.
-
-        * VM/CodeBlock.cpp:
-        (KJS::debugHookName):
-        * VM/Machine.cpp:
-        (KJS::Machine::debug):
-        * VM/Machine.h:
-        * kjs/debugger.h:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::DebuggerStatementNode::emitCode):
-        (KJS::DebuggerStatementNode::execute):
-        * kjs/nodes.h:
-        (KJS::DebuggerStatementNode::):
-        * kjs/nodes2string.cpp:
-        (KJS::DebuggerStatementNode::streamTo):
-
-2008-06-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - document remaining opcodes.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Document call, call_eval,
-        construct, ret and end opcodes.
-
-2008-06-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Document throw and catch opcodes.
-
-2008-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Removed JSObject::call, since it just called JSObject::callAsFunction.
-
-        SunSpider reports no change.
-
-2008-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        A little cleanup in the CodeGenerator.
-
-        * VM/CodeGenerator.cpp: A few changes here.
-
-        (1) Removed remaining cases of the old hack of putting "this" into the
-        symbol table; replaced with explicit tracking of m_thisRegister.
-
-        (2) Made m_thisRegister behave the same for function, eval, and program
-        code, removing the static programCodeThis() function.
-
-        (3) Added a feature to nix a ScopeNode's declaration stacks when done
-        compiling, to save memory.
-
-        (4) Removed code that copied eval declarations into special vectors: we
-        just use the originals in the ScopeNode now.
-        
-        * VM/CodeGenerator.h: Removed unneded parameters from the CodeGenerator
-        constructor: we just use get that data from the ScopeNode now.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute): When executing an eval node, don't iterate a
-        special copy of its declarations; iterate the originals, instead.
-
-        * kjs/nodes.cpp: Moved responsibility for knowing what AST data to throw
-        away into the CodeGenerator. Nodes no longer call shrinkCapacity on
-        their data directly.
-        
-        * kjs/nodes.h: Changed FunctionStack to ref its contents, so declaration
-        data stays around even after we've thrown away the AST, unless we explicitly
-        throw away the declaration data, too. This is useful for eval code, which
-        needs to reference its declaration data at execution time. (Soon, it will
-        be useful for program code, too, since program code should do the same.)
-
-2008-06-02  Adam Roben  <aroben@apple.com>
-
-        Build fix for non-AllInOne builds
-
-        * kjs/array_object.cpp: Added a missing #include.
-
-2008-06-02  Kevin McCullough  <kmccullough@apple.com>
-
-        Took out accidental confilct lines I checked in.
-
-        * ChangeLog:
-
-2008-06-02  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5969992> JSProfiler: Remove the recursion limit in the
-        profiler
-        Implement Next Sibling pointers as groundwork for removing the recursion
-        limit in the profiler.
-
-        * profiler/ProfileNode.cpp: Also I renamed parentNode and headNode since
-        'node' is redundant.
-        (KJS::ProfileNode::ProfileNode): Initialize the nextSibling.
-        (KJS::ProfileNode::willExecute): If there are already children then the
-        new child needs to be the nextSibling of the last child.
-        (KJS::ProfileNode::didExecute):
-        (KJS::ProfileNode::addChild): Ditto.
-        (KJS::ProfileNode::stopProfiling):
-        (KJS::ProfileNode::sortTotalTimeDescending): For all of the sorting
-        algorithms once the children are sorted their nextSibling pointers need
-        to be reset to reflect the new order.
-        (KJS::ProfileNode::sortTotalTimeAscending):
-        (KJS::ProfileNode::sortSelfTimeDescending):
-        (KJS::ProfileNode::sortSelfTimeAscending):
-        (KJS::ProfileNode::sortCallsDescending):
-        (KJS::ProfileNode::sortCallsAscending):
-        (KJS::ProfileNode::sortFunctionNameDescending):
-        (KJS::ProfileNode::sortFunctionNameAscending):
-        (KJS::ProfileNode::resetChildrensSiblings): This new function simply
-        loops over all of the children and sets their nextSibling pointers to
-        the next child in the Vector
-        (KJS::ProfileNode::debugPrintData):
-        * profiler/ProfileNode.h:
-        (KJS::ProfileNode::parent):
-        (KJS::ProfileNode::setParent):
-        (KJS::ProfileNode::nextSibling):
-        (KJS::ProfileNode::setNextSibling):
-        (KJS::ProfileNode::totalPercent):
-        (KJS::ProfileNode::selfPercent):
-
-2008-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Removed the recursion limit from JSObject::call, since the VM does
-        recursion checking now.
-
-        This should allow us to remove JSObject::call entirely, netting a small
-        speedup.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::call):
-
-2008-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adele Peterson.
-
-        Added a specific affordance for avoiding stack overflow when converting
-        recursive arrays to string, in preparation for removing generic stack
-        overflow checking from JSObject::call.
-        
-        Tested by fast/js/toString-stack-overflow.html.
-
-2008-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Alice Liu.
-        
-        Refactored some hand-rolled code to call ScopeChain::globalObject instead.
-
-2008-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed ASSERT due to execution continuing after an exception is thrown
-        during array sort.
-
-        * kjs/array_instance.cpp:
-        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key): Don't call the
-        custom comparator function if an exception has been thrown. Just return
-        1 for everything, so the sort completes quickly. (The result will be
-        thrown away.)
-
-2008-05-30  Timothy Hatcher  <timothy@apple.com>
-
-        Made the starting line number of scripts be 1-based throughout the engine.
-        This cleans up script line numbers so they are all consistent now and fixes
-        some cases where script execution was shown as off by one line in the debugger.
-
-        No change in SunSpider.
-
-        Reviewed by Oliver Hunt.
-
-        * API/minidom.c:
-        (main): Pass a line number of 1 instead of 0 to parser().parse().
-        * API/testapi.c:
-        (main): Ditto. And removes a FIXME and changed an assertEqualsAsNumber
-        to use 1 instead of 2 for the line number.
-        * VM/Machine.cpp:
-        (KJS::callEval): Pass a line number of 1 instead of 0.
-        (KJS::Machine::debug): Use firstLine for WillExecuteProgram instead of
-        lastLine. Use lastLine for DidExecuteProgram instead of firstLine.
-        * kjs/DebuggerCallFrame.cpp:
-        (KJS::DebuggerCallFrame::evaluate): Pass a line number of 1 instead of
-        0 to parser().parse().
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse): ASSERT startingLineNumber is greatter than 0. Change
-        the startingLineNumber to be 1 if it was less than or equal to 0. This is needed
-        for release builds to maintain compatibility with the JavaScriptCore API.
-        * kjs/function.cpp:
-        (KJS::globalFuncEval): Pass a line number of 1 instead of 0 to parser().parse().
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct): Pass a line number of 1 instead of 0 to construct().
-        * kjs/lexer.cpp:
-        (Lexer::setCode): Made yylineno = startingLineNumber instead of adding 1.
-        * kjs/testkjs.cpp:
-        (functionRun): Pass a line number of 1 instead of 0 to Interpreter::evaluate().
-        (functionLoad): Ditto.
-        (prettyPrintScript): Ditto.
-        (runWithScripts): Ditto.
-        * profiler/Profiler.cpp:
-        (WebCore::createCallIdentifier): Removed a plus 1 of startingLineNumber.
-
-2008-05-30  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19180
-        speed up SunSpider by optimizing immediate number cases
-
-        Also fixed a JavaScriptCore regression seen on PowerPC - we didn't clip left shift
-        parameter to 0...31.
-
-        0.5% improvement on SunSpider overall, although a 8.5 regression on bitops-3bit-bits-in-byte.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::toTruncatedUInt32): Added. Same as getTruncatedInt32, but casts the result
-        to unsigned.
-
-2008-05-30  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19180
-        speed up SunSpider by optimizing immediate number cases
-
-        Also fixed two JavaScriptCore regressions seen on PowerPC - we didn't clip right shift
-        parameter to 0...31.
-
-        1.6% improvement on SunSpider, without significant regressions on any tests.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        Added fast paths for >>, ==, ===, !=, !==. Changed order of memory accesses in many
-        cases, making them less dependent on gcc's ability to properly assign registers. With this,
-        I could move exception checks back into slow code paths, and saw less randomness in general.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::rightShiftImmediateNumbers):
-        Added.
-
-2008-05-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-
-        - fixed <rdar://problem/5972943> REGRESSION(r33979): Flash clips do not play on cnn.com
-        
-        Finally blocks could clobber registers that had to remain live
-        until they returned. This patch takes a conservative approach and
-        makes sure that finally blocks do not reuse any registers that
-        were previously allocated for the function. In the future this
-        could probably be tightened up to be less profligate with the
-        register allocation.
-        
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::highestUsedRegister):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::TryNode::emitCode):
-
-2008-05-29  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * kjs/array_instance.cpp:
-
-2008-05-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19294
-        <rdar://problem/5969062> A crash when iterating over a sparse array backwards.
-
-        * kjs/array_instance.cpp: Turned sparseArrayCutoff into a macro, so that using max() on it
-        doesn't cause a PIC branch.
-        (KJS::ArrayInstance::increaseVectorLength): Added a comment about this function not
-        preserving class invariants.
-        (KJS::ArrayInstance::put): Update m_storage after reallocation. Move values that fit to
-        the vector from the map in all code paths.
-
-2008-05-29  Thiago Macieira  <tjmaciei@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix compilation in Solaris with Sun CC
-
-        Lots of WebKit code uses C99 functions that, strict as it
-        is, the Solaris system doesn't provide in C++. So we must define them
-        for both GCC and the Sun CC.
-
-        * wtf/MathExtras.h:
-
-2008-05-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Anders.
-
-        Fix codegen for assignment being used as a function.
-
-        FunctionCallValueNode::emitCode failed to account for the
-        potential of the function expression to allocate arbitrary
-        registers.
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallValueNode::emitCode):
-
-2008-05-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=19183
-        REGRESSION (r33979): Crash in DebuggerCallFrame::functionName when
-        clicking button in returnEvent-crash.html
-
-        Added two new debugger hooks, willExecuteProgram and didExecuteProgram,
-        along with code to generate them, code to invoke them when unwinding
-        due to an exception, and code to dump them.
-        
-        SunSpider reports no change.
-
-        * VM/CodeBlock.cpp:
-        (KJS::debugHookName): I had to mark this function NEVER_INLINE to avoid
-        a .4% performance regression. The mind boggles.
-
-2008-05-28  Adam Roben  <aroben@apple.com>
-
-        Fix JavaScriptCore tests on OS X
-
-        We were quoting the path to testkjs too late, after it had already
-        been combined with spaces and other options.
-
-        * tests/mozilla/jsDriver.pl:
-        (top level): Move path quoting from here...
-        (sub get_kjs_engine_command): ...to here.
-
-2008-05-28  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Oliver.
-
-        <rdar://problem/5968071> "const f" crashes in JavaScriptCore
-        
-        Make sure to null check the initializer.
-        
-        * kjs/nodes.cpp:
-        (KJS::ConstDeclNode::emitCodeSingle):
-
-2008-05-28  Adam Roben  <aroben@apple.com>
-
-        Make run-javascriptcore-tests work with a space in the path to testkjs
-
-        Reviewed by Alexey Proskuryakov.
-
-        * tests/mozilla/jsDriver.pl: Quote the path to the engine so that
-        spaces will be interpreted correctly.
-
-2008-05-28  Alexey Proskuryakov  <ap@webkit.org>
-
-        Fixed a misguiding comment - my measurement for negative numbers only included cases
-        where both operands were negative, which is not very interesting.
-
-        * VM/Machine.cpp:
-
-2008-05-28  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        Based on a patch by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19180
-        speed up SunSpider by optimizing immediate number cases
-
-        1.4% speedup on SunSpider.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::incImmediateNumber):
-        (KJS::JSImmediate::decImmediateNumber):
-        Added fast paths for ++ and --.
-
-        (KJS::JSImmediate::canDoFastAdditiveOperations): Corrected a comment.
-
-2008-05-28  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19180
-        speed up SunSpider by optimizing immediate number cases
-
-        2% speedup overall, maximum 10% on controlflow-recursive and bitops-3bit-bits-in-byte,
-        but a 4% regression on bitops-bits-in-byte and bitops-bitwise-and.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::canDoFastAdditiveOperations):
-        (KJS::JSImmediate::addImmediateNumbers):
-        (KJS::JSImmediate::subImmediateNumbers):
-        Added fast cases that work with positive values less than 2^30.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Use the above operations. Also updated SunSpider frequencies
-        with my results (looks like tag values have changed, not sure what caused the minor variation
-        in actual frequencies).
-
-2008-05-27  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        Remove code that appended Cygwin's /bin directory to PATH.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        Prepend Cygwin's /bin directory to PATH. We prepend instead of append
-        so that Cygwin's utilities will win out over Win32 versions of the
-        same utilities (particularly perl). We do the prepend here instead of
-        in the Makefile because nmake doesn't seem to like prepending to PATH
-        inside the Makefile. This also matches the way WebCoreGenerated works.
-
-2008-05-27  Adam Roben  <aroben@apple.com>
-
-        Roll out r34163
-
-        A better fix is on the way.
-
-        * DerivedSources.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-
-2008-05-27  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * DerivedSources.make: Don't generate the bytecode docs if
-        OMIT_BYTECODE_DOCS is set to 1.
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Set
-        OMIT_BYTECODE_DOCS for production builds.
-
-2008-05-27  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff and Maciej.
-
-        <rdar://problem/5806428> 
-        https://bugs.webkit.org/show_bug.cgi?id=17925
-        Crash in KJS::JSObject::put after setting this.__proto__
-
-        Set slotIsWriteable to false for __proto__, we want setting __proto__ to go through JSObject::put instead.
-        
-        * kjs/object.h:
-        (KJS::JSObject::getOwnPropertySlotForWrite):
-
-2008-05-27  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fixes to catch up with SquirrelFish, etc.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-        * wtf/Platform.h:
-
-2008-05-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19180
-          speed up SunSpider by optimizing immediate number cases
-
-        Add immediate number cases for the &, |, and ^ operators.
-        Makes standalone SunSpider 1.010x faster.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Add areBothImmediateNumbers special cases
-        for the &, |, and ^ operators.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::xorImmediateNumbers): Added.
-        (KJS::JSImmediate::orImmediateNumbers): Added.
-
-2008-05-26  Stephanie Lewis  <slewis@apple.com>
-
-        Windows build fix. 
-
-        * kjs/testkjs.cpp:
-
-2008-05-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Anders.
-        
-        - make addStaticGlobals protected instead of private so subclasses can use it
-
-        * JavaScriptCore.exp:
-        * kjs/JSGlobalObject.h:
-
-2008-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed <rdar://problem/5960859> After an eval of a non-string or a syntax
-        error, all profile stack frames are incorrect
-        
-        SunSpider reports a .3% speedup, possibly because eval of a string is a
-        little more efficient now.
-
-        * VM/Machine.cpp:
-        (KJS::callEval): Make sure to call didExecute when returning early. I
-        simplified this function to remove one early return, making the job
-        of adding special code to early returns easier.
-
-        (KJS::Machine::execute): Use the new function ExecState when notifying
-        the profiler. (This doesn't change behavior now, but it might prevent
-        subtle errors in the future.)
-
-2008-05-23  Tor Arne Vestbø  <tavestbo@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fixed toLower and toUpper implementations to allow being called
-        with a null result pointer and resultLength, to determine the
-        number of characters needed for the case conversion.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-
-2008-05-25  Alexey Proskuryakov  <ap@webkit.org>
-
-        Fixing a typo in the previous commit made as a last minute change.
-
-        * kjs/regexp_object.cpp:
-
-2008-05-24  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Changed regular expression matching result array to be lazily filled, because many callers
-        only care about it being non-null.
-
-        2% improvement on Acid3 test 26.
-
-        * kjs/array_instance.cpp: Added a void* member to ArrayStorage for ArrayInstance subclasses
-        to use.
-        * kjs/array_instance.h:
-        (KJS::ArrayInstance::lazyCreationData):
-        (KJS::ArrayInstance::setLazyCreationData):
-        Added methods to access it from subclasses.
-
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpMatchesArray::RegExpMatchesArray):
-        (KJS::RegExpMatchesArray::getOwnPropertySlot):
-        (KJS::RegExpMatchesArray::put):
-        (KJS::RegExpMatchesArray::deleteProperty):
-        (KJS::RegExpMatchesArray::getPropertyNames):
-        (KJS::RegExpMatchesArray::fillArrayInstanceIfNeeded):
-        (KJS::RegExpMatchesArray::~RegExpMatchesArray):
-        (KJS::RegExpObjectImp::arrayOfMatches):
-        RegExpMatchesArray is a subclass of ArrayInstance that isn't filled until
-        accessed for the first time.
-
-2008-05-24  Alp Toker  <alp@nuanti.com>
-
-        Win32/gcc build fix. Remove MSVC assumption.
-
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SlowLock):
-
-2008-05-24  Oleg Finkelshteyn <olegfink@gmail.com>
-
-        Rubber-stamped, tweaked and landed by Alexey.
-
-        Build fix for gcc 4.3.
-
-        * JavaScriptCore/kjs/testkjs.cpp:
-        * JavaScriptCore/VM/CodeBlock.cpp:
-        Add missing standard includes.
-
-2008-05-23  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        <rdar://problem/5959886> REGRESSION: Assertion failure in JSImmediate::toString when loading GMail (19217)
-        
-        Change List to store a JSValue*** pointer + an offset instead of a JSValue** pointer to protect against the case where 
-        a register file changes while a list object points to its buffer.
-        
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::createArgumentsObject):
-        * kjs/list.cpp:
-        (KJS::List::getSlice):
-        * kjs/list.h:
-        (KJS::List::List):
-        (KJS::List::at):
-        (KJS::List::append):
-        (KJS::List::begin):
-        (KJS::List::end):
-        (KJS::List::buffer):
-
-2008-05-23  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        <rdar://problem/5960012> JSProfiler: Stack overflow if recursion is
-        too deep.
-        -Use a simple depth limit to restrict too deep of recursion.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::willExecute):
-        (KJS::Profile::didExecute):
-        * profiler/Profile.h:
-
-2008-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolling back in r34085, with performance resolved.
-        
-        Apparently, passing the eval function to callEval gave GCC a hernia.
-
-        Reviewed by Darin Adler, Kevin McCullough, and Oliver Hunt.
-        
-        Fixed <rdar://problem/5959447> Crashes and incorrect reporting in the
-        JavaScript profiler
-
-        * VM/Machine.cpp:
-        (KJS::Machine::unwindCallFrame): Fixed incorrect reporting / a crash
-        when unwinding from inside eval and/or program code: detect the
-        difference, and do the right thing. Also, be sure to notify the profiler
-        *before* deref'ing the scope chain, since the profiler uses the scope chain.
-
-        (KJS::Machine::execute): Fixed incorrect reporting / crash when calling
-        a JS function re-entrently: Machine::execute(FunctionBodyNode*...)
-        should not invoke the didExecute hook, because op_ret already does that.
-        Also, use the new function's ExecState when calling out to the profiler.
-        (Not important now, but could have become a subtle bug later.)
-
-        (KJS::Machine::privateExecute): Fixed a hard to reproduce crash when
-        profiling JS functions: notify the profiler *before* deref'ing the scope
-        chain, since the profiler uses the scope chain.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::call): Removed these hooks, because they are now unnecessary.
-
-        * profiler/Profile.cpp: Added a comment to explain a subtlety that only
-        Kevin and I understood previously. (Now, the whole world can understand!)
-
-        * profiler/Profiler.cpp:
-        (KJS::shouldExcludeFunction): Don't exclude .call and .apply. That was
-        a hack to fix bugs that no longer exist.
-
-        Finally, sped things up a little bit by changing the "Is the profiler
-        running?" check into an ASSERT, since we only call into the profiler
-        when it's running:
-
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-
-2008-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - fixed <rdar://problem/5957662> REGRESSION(r33943-r33980): Can't send email , attach file or save as draft from hotmail.com
-        
-        SunSpider reports no change.
-        
-        This is a reworking of r34073, which I rolled out because it caused
-        lots of crashes.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator): Use removeDirect to nix old
-        properties whose names collide with new functions. (Don't use putWithAttributes
-        because that tries to write to the register file, which hasn't grown to
-        fit this program yet.)
-
-2008-05-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        As allocateNumber is used via jsNumberCell outside of JavaScriptCore,
-        we need to provide a non-inlined version of it to avoid creating a
-        weak external symbol.
-
-        * JavaScriptCore.exp:
-        * kjs/AllInOneFile.cpp:
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::allocateNumber):
-        * kjs/collector.h:
-        (KJS::Collector::allocate):
-        (KJS::Collector::inlineAllocateNumber):
-        * kjs/value.h:
-        (KJS::NumberImp::operator new):
-
-2008-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out r34073 because it caused lots of layout test crashes.
-
-2008-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out r34085 because it measured as a 7.6% performance regression.
-
-2008-05-23  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add the
-        profiler directory to the include path.
-
-2008-05-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Anders.
-
-        SQUIRRELFISH: JavaScript error messages are missing informative text
-
-        Partial fix.
-        Tidy up error messages, makes a couple of them provide slightly more info.
-        Inexplicably leads to a 1% SunSpider Progression.
-
-        * VM/ExceptionHelpers.cpp:
-        (KJS::createError):
-        (KJS::createInvalidParamError):
-        (KJS::createNotAConstructorError):
-        (KJS::createNotAFunctionError):
-        * VM/ExceptionHelpers.h:
-        * VM/Machine.cpp:
-        (KJS::isNotObject):
-
-2008-05-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Tim H.
-
-        Fix call stack reported by profiler when entering event handlers.
-
-        JSObject::call was arbitrarily notifying the profiler when it was
-        called, even if it was JS code, which notifies the profile on entry
-        in any case.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::call):
-
-2008-05-16  Alp Toker  <alp@nuanti.com>
-
-        Build fix for gcc 3. Default constructor required in ExecState,
-        used by OldInterpreterExecState.
-
-        * kjs/ExecState.h:
-        (KJS::ExecState::ExecState):
-
-2008-05-23  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix <rdar://problem/5954997> global-recursion-on-full-stack.html crashes under guardmalloc.
-
-        Growing the register file with uncheckedGrow from within Machine::execute is not safe as the
-        register file may be too close to its maximum size to grow successfully.  By using grow,
-        checking the result and throwing a stack overflow error we can avoid crashing.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/RegisterFile.h: Remove the now-unused uncheckedGrow.
-
-2008-05-23  Oliver Hunt  <oliver@apple.com>
-
-        RS=Kevin McCullough
-
-        Remove JAVASCRIPT_PROFILER define
-
-        * VM/Machine.cpp:
-        (KJS::callEval):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * kjs/config.h:
-        * kjs/object.cpp:
-        (KJS::JSObject::call):
-
-2008-05-23  Oliver Hunt  <oliver@apple.com>
-
-       <rdar://problem/5951561> Turn on JavaScript Profiler
-
-        Reviewed by Kevin McCullough.
-
-        Flipped the switch on the profiler, rearranged how we
-        signal the the profiler is active so that calls aren't
-        needed in the general case.
-        
-        Also fixed the entry point for Machine::execute(FunctionBodyNode..)
-        to correctly indicate function exit.
-
-        Results in a 0.7-1.0% regression in SunSpider :-(
-
-        * VM/Machine.cpp:
-        (KJS::callEval):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * kjs/config.h:
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::profiler):
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::stopProfiling):
-        * profiler/Profiler.h:
-        (KJS::Profiler::enabledProfilerReference):
-
-2008-05-23  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the Qt build by adding profiler/ to the include search path.
-
-        * JavaScriptCore.pri:
-
-2008-05-22  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam.
-
-        Fix a bug in the profiler where time in the current function is given to
-        (idle).
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::didExecute): Set the start time and then call didExecute
-        to calculate the time spent in this function.
-        * profiler/ProfileNode.cpp: Remove confusing calculations that are no
-        longer necessary.
-        (KJS::ProfileNode::insertNode):
-        * profiler/ProfileNode.h: Expose access to the start time to allow the
-        simpler time calculations above.
-        (KJS::ProfileNode::startTime):
-        (KJS::ProfileNode::setStartTime):
-
-2008-05-22  Adam Roben  <aroben@apple.com>
-
-        Show "(Function object)" instead of "(JSInpectorCallbackWrapper
-        object)" in profiles
-
-        Reviewed by Kevin McCullough.
-
-        * profiler/Profiler.cpp:
-        (KJS::createCallIdentifier): Use JSObject::className instead of
-        getting the class name from the ClassInfo directly. JSObject
-        subclasses can override className to provide a custom class name, and
-        it seems like we should honor that.
-
-2008-05-22  Timothy Hatcher  <timothy@apple.com>
-
-        Added Profile::restoreAll and added ProfileNode::restoreAll
-        to the export file.
-
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.exp:
-        * profiler/Profile.h:
-
-2008-05-22  Alp Toker  <alp@nuanti.com>
-
-        GTK+ build fix. Add JavaScriptCore/profiler to include path.
-
-        * GNUmakefile.am:
-
-2008-05-22  Adam Roben  <aroben@apple.com>
-
-        Implement sub-millisecond profiling on Windows
-
-        Reviewed by Kevin McCullough.
-
-        * profiler/ProfileNode.cpp:
-        (KJS::getCount): Added. On Windows, we use QueryPerformanceCounter. On
-        other platforms, we use getCurrentUTCTimeWithMicroseconds.
-        (KJS::ProfileNode::endAndRecordCall): Use getCount instead of
-        getCurrentUTCTimeWithMicroseconds.
-        (KJS::ProfileNode::startTimer): Ditto.
-
-2008-05-22  Adam Roben  <aroben@apple.com>
-
-        Fix a profiler assertion when calling a NodeList as a function
-
-        Reviewed by Kevin McCullough.
-
-        * profiler/Profiler.cpp:
-        (KJS::createCallIdentifier): Don't assert when a non-function object
-        is called as a function. Instead, build up a CallIdentifier using the
-        object's class name.
-
-2008-05-22  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5951529> JSProfiler: Allow the profiler to "Exclude" a
-        profile node.
-        -Implement 'exclude'; where the excluded node attributes its time to its
-        parent's self time.
-
-        * JavaScriptCore.exp: Export the exclude function.
-        * profiler/Profile.h: 
-        (KJS::Profile::exclude):
-        * profiler/ProfileNode.cpp: 
-        (KJS::ProfileNode::setTreeVisible): New function that allows a change in
-        visiblitiy to be propogated to all the children of a node.
-        (KJS::ProfileNode::exclude): If the node matches the callIdentifier then
-        set the visiblity of this node and all of its children to false and
-        attribute it's total time to it's caller's self time.
-        * profiler/ProfileNode.h:
-
-2008-05-22  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix access to static global variables in Windows release builds.
-
-        * kjs/JSGlobalObject.h: Don't store a reference to an Identifier
-        in GlobalPropertyInfo as the Identifier is likely to be a temporary
-        and therefore may be destroyed before the GlobalPropertyInfo.
-
-2008-05-22  Kevin McCullough  <kmccullough@apple.com>
-
-        Build fix.
-
-        * VM/Machine.cpp:
-        (KJS::callEval):
-
-2008-05-22  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        <rdar://problem/5951561> Turn on JavaScript Profiler
-        Get basic JS profiling working.
-        Even with this patch the profiler will not be compiled in because we do
-        not know the extend, if any, of the performance regression it would cause
-        when it is not in use. However with these changes, if the profiler were
-        on, it would not crash and show good profiling data.
-
-        * VM/Machine.cpp: Instrument the calls sites that are needed for profiling.
-        (KJS::callEval):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * kjs/function.cpp: Ditto.
-        (KJS::globalFuncEval):
-        * kjs/interpreter.cpp: Ditto.
-        (KJS::Interpreter::evaluate):
-        * profiler/Profile.cpp: 
-        (KJS::Profile::willExecute):
-        (KJS::Profile::didExecute): Because we do not get a good context when
-        startProfiling is called it is possible that m_currentNode will be at the
-        top of the known stack when a didExecute() is called.  What we then do is
-        create a new node that represents the function being exited and insert
-        it between the head and the currently known children, since they should
-        be children of this new node.
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::ProfileNode):
-        (KJS::ProfileNode::willExecute): Rename the add function for consistency.
-        (KJS::ProfileNode::addChild): Appends the child to this node but also
-        sets the parent pointer of the children to this node.
-        (KJS::ProfileNode::insertNode): Insert a node between this node and its
-        children.  Also set the time for the new node since it is now exiting
-        and we don't really know when it started.
-        (KJS::ProfileNode::stopProfiling):
-        (KJS::ProfileNode::startTimer):
-        * profiler/ProfileNode.h:
-        (KJS::CallIdentifier::toString): Added for debugging.
-        (KJS::ProfileNode::setParent):
-        (KJS::ProfileNode::setSelfTime): Fixed an old bug where we set the
-        visibleTotalTime not the visibleSelfTime.
-        (KJS::ProfileNode::children):
-        (KJS::ProfileNode::toString): Added for debugging.
-        * profiler/Profiler.cpp: remove unecessary calls.
-        (KJS::Profiler::startProfiling):
-
-2008-05-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Rename register arguments for op_call, op_call_eval, op_end, and op_construct 
-        to document what they are for.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCall):
-        (KJS::CodeGenerator::emitCallEval):
-        (KJS::CodeGenerator::emitEnd):
-        (KJS::CodeGenerator::emitConstruct):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-05-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Bug 19116: SquirrelFish shouldn't regress on variable lookups
-        <https://bugs.webkit.org/show_bug.cgi?id=19116>
-
-        Last of the multiscope look up optimisations.  This is a wash overall on SunSpider
-        but is a factor of 5-10 improvement in multiscope read/write/modify (eg. ++, --, +=,
-        ... applied to any non-local var).
-
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::emitCode):
-        (KJS::PostDecResolveNode::emitCode):
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-
-2008-05-22  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5954233> Add method to release free memory from FastMalloc
-
-        Patch suggested by Mark Rowe.  Rubber-stamped by Maciej.
-
-        * JavaScriptCore.exp: Export _releaseFastMallocFreeMemory.
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::): Added releaseFastMallocFreeMemory() for both
-        system malloc and FastMalloc code paths.
-        * wtf/FastMalloc.h: Define releaseFastMallocFreeMemory().
-
-2008-05-22  Oliver Hunt  <oliver@apple.com>
-
-        RS=Maciej.
-
-        Roll out r34020 as it causes recursion tests to fail.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::call):
-
-2008-05-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark.
-
-        Don't leak the SymbolTable when compiling eval code.
-
-        * kjs/nodes.cpp:
-        (KJS::EvalNode::generateCode):
-
-2008-05-22  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Oliver.
-
-        Qt build fix.
-
-        * JavaScriptCore.pri: Added DebuggerCallFrame to the build.
-        * VM/LabelID.h: Include limits.h for UINT_MAX.
-        * wtf/VectorTraits.h: Include memory for std::auto_ptr.
-
-2008-05-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adam Roben.
-        
-        Removed the old recursion guard mechanism, since squirrelfish has its
-        own mechanism. Also removed some old JS call tracing code, since we
-        have other ways to do that, too.
-        
-        SunSpider reports no change.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::call):
-
-2008-05-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fixed <rdar://problem/5954979> crash on celtic kane JS benchmark
-
-        * kjs/nodes.cpp:
-        (KJS::WithNode::emitCode):
-        (KJS::TryNode::emitCode):
-
-2008-05-21  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Maciej and Geoff.
-
-        <rdar://problem/5951561> Turn on JavaScript Profiler
-        -As part of the effort to turn on the profiler it would be helpful if it
-        did not need ExecStates to represent the stack location of the currently
-        executing statement.
-        -We now create each node as necessary with a reference to the current
-        node and each node knows its parent so that the tree can be made without
-        the entire stack.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::Profile): The current node starts at the head.
-        (KJS::Profile::stopProfiling): The current node is cleared when profiling
-        stops.
-        (KJS::Profile::willExecute): The current node either adds a new child or
-        starts and returns a reference to an already existing child if the call
-        ID that is requested already exists.
-        (KJS::Profile::didExecute): The current node finishes and returns its
-        parent.
-        * profiler/Profile.h: Use a single callIdentifier instead of a vector
-        since we no longer use the whole stack.
-        * profiler/ProfileNode.cpp: Now profile nodes keep a reference to their
-        parent.
-        (KJS::ProfileNode::ProfileNode): Initialize the parent.
-        (KJS::ProfileNode::didExecute): Record the time and return the parent.
-        (KJS::ProfileNode::addOrStartChild): If the given callIdentifier is
-        already a child, start it and return it, otherwise create a new one and
-        return that.
-        (KJS::ProfileNode::stopProfiling): Same logic, just use the new function.
-        * profiler/ProfileNode.h: Utilize the parent.
-        (KJS::ProfileNode::create):
-        (KJS::ProfileNode::parent):
-        * profiler/Profiler.cpp: 
-        (KJS::Profiler::startProfiling): Here is the only place where the
-        ExecState is used to figure out where in the stack the profiler is
-        currently profiling.
-        (KJS::dispatchFunctionToProfiles): Only send one CallIdentifier instead
-        of a vector of them.
-        (KJS::Profiler::willExecute): Ditto.
-        (KJS::Profiler::didExecute): Ditto.
-        (KJS::createCallIdentifier): Create only one CallIdentifier.
-        (KJS::createCallIdentifierFromFunctionImp): Ditto.
-        * profiler/Profiler.h:
-
-2008-05-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19180
-          speed up the < operator for the case when both values are integers
-
-        Makes standalone SunSpider 1.022x faster.
-
-        * VM/Machine.cpp:
-        (KJS::jsLess): Add a special case for when both are numbers that fit in a JSImmediate.
-
-2008-05-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver and Sam.
-        
-        - fixed <rdar://problem/5815631> REGRESSION (r31239): Multiscope optimisation of function calls results in incorrect this value (breaks tvtv.de)
-        
-        Track global this value in the scope chain so we can retrieve it
-        efficiently but it follows lexical scope properly.
-
-        * kjs/ExecState.h:
-        (KJS::ExecState::globalThisValue):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct):
-        * kjs/scope_chain.h:
-        (KJS::ScopeChainNode::ScopeChainNode):
-        (KJS::ScopeChainNode::globalThisObject):
-        (KJS::ScopeChainNode::push):
-        (KJS::ScopeChain::ScopeChain):
-
-2008-05-21  Kevin McCullough  <kmccullough@apple.com>
-
-        Sadness :(
-
-        * kjs/config.h:
-
-2008-05-21  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Maciej.
-
-        <rdar://problem/5950867> JSProfiler: Allow the profiler to "Focus" a
-        profile node.
-        - This patch updatest the times of the visible nodes correctly, but to do
-        so, some of the design of the ProfileNode changed.
-
-        * JavaScriptCore.exp: export focus' symbol.
-        * profiler/Profile.cpp: ProfileNodes now take a reference to the head of
-        the profile tree to get up-to-date accurate total profile time.
-        (KJS::Profile::Profile): Pass 0 for the head node.
-        (KJS::Profile::stopProfiling): stopProfiling no longer needs the time
-        passed into it, since it can get it from the head and it does not need to
-        be told it is the head because it can figure it out on it's own.
-        (KJS::Profile::willExecute): Set the head node for each created node.
-        * profiler/Profile.h:
-        (KJS::Profile::focus): Instead of taking a CallIdentifier that the caller
-        would have to create, now focus() takes a ProfileNode that they should
-        already have a reference to and focus() can extract the CallIdentifier
-        from it.
-        * profiler/ProfileNode.cpp: Create actual and visible versions fo the
-        total and self times for focus and exclude.  Also add a head node
-        reference so that nodes can get information from their head.
-        (KJS::ProfileNode::ProfileNode):
-        (KJS::ProfileNode::stopProfiling): Rename the total and self time
-        variables and set the visual ones to the actual ones, so that without any
-        changes to the visual versions of these variables, their times will match
-        the actual times.
-        (KJS::ProfileNode::focus): Now focus() has a bool to force it's children
-        to be visible if this node is visible.  If this node does not match the
-        CallIdentifier being focused then the visibleTotalTime is only updated if
-        one or more of it's children is the CallIdentifier being focused. 
-        (KJS::ProfileNode::restoreAll): Restores all variables with respect to
-        the visible data in the ProfileNode.
-        (KJS::ProfileNode::endAndRecordCall): Name change.
-        (KJS::ProfileNode::debugPrintData): Dump the new variables.
-        (KJS::ProfileNode::debugPrintDataSampleStyle): Name change.
-        * profiler/ProfileNode.h: Use the new variables and reference to the head
-        node.
-        (KJS::ProfileNode::create):
-        (KJS::ProfileNode::totalTime):
-        (KJS::ProfileNode::setTotalTime):
-        (KJS::ProfileNode::selfTime):
-        (KJS::ProfileNode::setSelfTime):
-        (KJS::ProfileNode::totalPercent):
-        (KJS::ProfileNode::selfPercent):
-        (KJS::ProfileNode::setVisible):
-
-2008-05-21  Alp Toker  <alp@nuanti.com>
-
-        GTK+/UNIX testkjs build fix. Include signal.h.
-
-        * kjs/testkjs.cpp:
-
-2008-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Yet more windows build fixes
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Yet more windows build fixes
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-05-21  Alp Toker  <alp@nuanti.com>
-
-        GTK+ build fix. Add DebuggerCallFrame.cpp and take AllInOneFile.cpp
-        changes into account.
-
-        * GNUmakefile.am:
-
-2008-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Add DebuggerCallFrame.{h,cpp} to the project file
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-05-21  Alp Toker  <alp@nuanti.com>
-
-        GTK+ port build fixes following squirrelfish merge r33979.
-
-        * GNUmakefile.am:
-
-2008-05-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - save a hash lookup wne writing to global properties
-        0.3% speedup on SunSpider, 7% on bitops-bitwise-and
-
-        * VM/Machine.cpp:
-        (KJS::resolveBase): Check for being a the end of the scope chain
-        before hash lookup.
-
-2008-05-21  Alp Toker  <alp@nuanti.com>
-
-        Rubber-stamped by Maciej.
-
-        Replace non-standard #pragma marks with comments to avoid compiler
-        warnings.
-
-        * profiler/ProfileNode.cpp:
-
-2008-05-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Fix layout test failure in fast/dom/getter-on-window-object2 introduced in r33961.
-
-        * JavaScriptCore.exp:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::defineGetter):
-        (KJS::JSGlobalObject::defineSetter):
-        * kjs/JSGlobalObject.h:
-
-=== End merge of squirrelfish ===
-
-2008-05-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Tim Hatcher.
-        
-        Merged with trunk WebCore's new debugger.
-
-        * kjs/DebuggerCallFrame.cpp:
-        (KJS::DebuggerCallFrame::evaluate): Changed this function to separate
-        the exception value from the return value. The WebKit debugger treats
-        them as one, but the WebCore debugger doesn't.
-
-        * kjs/DebuggerCallFrame.h:
-        (KJS::DebuggerCallFrame::dynamicGlobalObject): Added a new accessor for
-        the dynamic global object, since the debugger doesn't want the lexical
-        global object.
-
-2008-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 19116: SquirrelFish shouldn't regress on variable lookups
-        <https://bugs.webkit.org/show_bug.cgi?id=19116>
-
-        Optimise cross scope assignment, 0.4% progression in sunspider.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitPutScopedVar):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::AssignResolveNode::emitCode):
-
-2008-05-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - check property map before symbol table in JSGlobalObject::getOwnPropertySlot
-        0.5% speedup on SunSpider
-
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::getOwnPropertySlot): Check property map before symbol table
-        because symbol table access is likely to have been optimized.
-
-2008-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 19116: SquirrelFish shouldn't regress on variable lookups
-        <https://bugs.webkit.org/show_bug.cgi?id=19116>
-
-        Optimise multiscope lookup of statically resolvable function calls.
-        SunSpider reports a 1.5% improvement, including 37% on 
-        controlflow-recursive for some reason :D
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitResolve):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallResolveNode::emitCode):
-
-2008-05-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - give JSGlobalObject a special version of getOwnPropertySlot that tells you if the slot is directly writable
-        (WebCore change using this is a 2.6% speedup on in-browser SunSpider).
-
-        * JavaScriptCore.exp:
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::getOwnPropertySlot):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableGet):
-        * kjs/object.h:
-        (KJS::JSObject::getDirectLocation):
-        (KJS::JSObject::getOwnPropertySlotForWrite):
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::getLocation):
-        * kjs/property_map.h:
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::putValue):
-
-2008-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 19116: SquirrelFish shouldn't regress on variable lookups
-        <https://bugs.webkit.org/show_bug.cgi?id=19116>
-
-        This restores multiscope optimisation to simple resolve, producing
-        a 2.6% progression in SunSpider.  Have verified that none of the
-        sites broken by the multiscope optimisation in trunk were effected
-        by this change.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::CodeBlock):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::findScopedProperty):
-        (KJS::CodeGenerator::emitResolve):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::resolve_n):
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/JSVariableObject.h:
-
-2008-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Fixerate the windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * VM/CodeGenerator.cpp:
-        * VM/RegisterFile.h:
-        * kjs/JSGlobalObject.h:
-        * kjs/Parser.cpp:
-        * kjs/interpreter.h:
-
-2008-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 19110: SquirrelFish: Google Maps - no maps
-        <https://bugs.webkit.org/show_bug.cgi?id=19110>
-
-        Correct a comedy of errors present in my original patch to "fix"
-        exceptions occurring midway through pre and post increment. This
-        solution is cleaner than the original, doesn't need the additional
-        opcodes, and as an added benefit does not break Google Maps.
-
-        Sunspider reports a 0.4% progression.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::PreIncBracketNode::emitCode):
-        (KJS::PreDecBracketNode::emitCode):
-        (KJS::PreIncDotNode::emitCode):
-        (KJS::PreDecDotNode::emitCode):
-
-2008-05-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - inline JSGlobalObject::getOwnPropertySlot
-        1% improvement on in-browser SunSpider (a wash command-line)
-
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::getOwnPropertySlot):
-
-2008-05-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
-        <https://bugs.webkit.org/show_bug.cgi?id=18752>
-
-        Handle exceptions thrown by toString conversion in subscript operators,
-        this should basically complete exception handling in SquirrelFish.
-
-        Sunspider reports no regression.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-05-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        [Reapplying patch with previously missing files from r33553 -- Oliver]
-
-        Behold: debugging.
-        
-        SunSpider reports no change.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added DebuggerCallFrame.h/.cpp,
-        and created a debugger folder.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::generate): If the debugger is attached, always
-        generate full scope chains for its sake.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::unwindCallFrame): Notify the debugger when unwinding
-        due to an exception, so it doesn't keep stale call frames around.
-
-        (KJS::Machine::execute): Set Callee to 0 in eval frames, so the
-        debugger can distinguish them from function call frames.
-
-        (KJS::Machine::debug): Simplified this function, since the debugger
-        doesn't actually need all the information we used to provide.
-
-        (KJS::Machine::privateExecute): Treat debugging hooks like other function
-        calls, so the code we hook into (the debugger UI) can be optimized.
-
-        * kjs/debugger.cpp: Nixed these default callback implementations and
-        made the callbacks pure virtual instead, so the compiler could tell me
-        if I made a mistake in one of the subclasses.
-
-        * kjs/debugger.h: Removed a bunch of irrelevent data from the debugger
-        callbacks. Changed from passing an ExecState* to passing a
-        DebuggerCallFrame*, since an ExecState* doesn't contain sufficient
-        information anymore.
-
-        * kjs/function.cpp:
-        (KJS::globalFuncEval): Easiest bug fix evar!
-
-        [Previously missing files from r33553]
-        * kjs/DebuggerCallFrame.cpp: Copied from JavaScriptCore/profiler/FunctionCallProfile.h.
-        (KJS::DebuggerCallFrame::functionName):
-        (KJS::DebuggerCallFrame::thisObject):
-        (KJS::DebuggerCallFrame::evaluateScript):
-        * kjs/DebuggerCallFrame.h: Copied from JavaScriptCore/VM/Register.h.
-        (KJS::DebuggerCallFrame::DebuggerCallFrame):
-        (KJS::DebuggerCallFrame::scopeChain):
-        (KJS::DebuggerCallFrame::exception):
-
-2008-05-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
-        <https://bugs.webkit.org/show_bug.cgi?id=18991>
-
-        Fix the last remaining blocking cases of this bug.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::ReadModifyResolveNode::emitCode):
-
-2008-05-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Partial fix for:
-
-        Bug 18991: SquirrelFish: Major codegen issue in a.b=expr, a[b]=expr
-        <https://bugs.webkit.org/show_bug.cgi?id=18991>
-
-        Ensure that the code generated for assignments uses temporaries whenever
-        necessary. This patch covers the vast majority of situations, but there
-        are still a few left.
-
-        This patch also adds some missing cases to CodeBlock::dump().
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::destinationForAssignResult):
-        (KJS::CodeGenerator::leftHandSideNeedsCopy):
-        (KJS::CodeGenerator::emitNodeForLeftHandSide):
-        * kjs/NodeInfo.h:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::AssignDotNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-        (KJS::ForInNode::ForInNode):
-        * kjs/nodes.h:
-        (KJS::ReadModifyResolveNode::):
-        (KJS::AssignResolveNode::):
-        (KJS::ReadModifyBracketNode::):
-        (KJS::AssignBracketNode::):
-        (KJS::AssignDotNode::):
-        (KJS::ReadModifyDotNode::):
-
-2008-05-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 19106: SquirrelFish: Activation is not marked correctly
-        <https://bugs.webkit.org/show_bug.cgi?id=19106>
-
-        We can't rely on the symbol table for a count of the number of globals
-        we need to mark as that misses duplicate parameters and 'this'.  Now we
-        use the actual local register count from the codeBlock.
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::mark):
-
-2008-05-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 19076: SquirrelFish: RegisterFile can be corrupted if implictly reenter global scope with no declared vars
-        <https://bugs.webkit.org/show_bug.cgi?id=19076>
-
-        Don't delay allocation of initial global RegisterFile, as we can't guarantee we will be able
-        to allocate the global 'this' register safely at any point after initialisation of the Global
-        Object.
-
-        Unfortunately this initial allocation caused a regression of 0.2-0.3%, however this patch adds
-        support for the static slot optimisation for the global Math object which brings it to a 0.3%
-        progression.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::programCodeThis):
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::addParameter):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * kjs/ExecState.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
-        (KJS::JSGlobalObject::addStaticGlobals):
-        * kjs/nodes.cpp:
-
-2008-05-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 19098: SquirrelFish: Ref'd temporaries can be clobbered
-        <https://bugs.webkit.org/show_bug.cgi?id=19098>
-
-        When doing code generation for a statement list, increase the reference
-        count on a register that might eventually be returned, so that it doesn't
-        get clobbered by a request for a new temporary.
-
-        * kjs/nodes.cpp:
-        (KJS::statementListEmitCode):
-
-2008-05-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fixed Bug 19044: SquirrelFish: Bogus values enter evaluation when closing over scope with parameter and var with same name
-        https://bugs.webkit.org/show_bug.cgi?id=19044
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::copyRegisters): Use numLocals from the code
-        block rather than the size of the symbol table for the number of
-        registers to copy, to account for duplicate parameters and vars
-        with the same name as parameters (we still have potentially
-        suboptimal codegen in that we allocate a local register for the
-        var in the latter case but it is never used).
-        
-2008-05-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        We regret to inform you that your program is crashing because you were
-        stupid.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Math is hard.
-
-2008-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A little more debugger action: filled in op_debug. All debugger control
-        flow works now, but variable inspection and backtraces still don't.
-        
-        SunSpider reports no change.
-
-        * VM/CodeGenerator.cpp: Changed op_debug to accept line number parameters.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::getFunctionAndArguments): Moved op_debug into a
-        NEVER_INLINE function to avoid a stunning 10% performance regression.
-        Also factored out a common function for retrieving the function and 
-        arguments from a  call frame. 
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::createArgumentsObject): Use the new factored out
-        function mentioned above.
-
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse): Increment m_sourceId before assigning it, so the
-        sourceId we send to the debugger matches the sourceId recorded in the
-        node.
-
-        * kjs/nodes.cpp: Emit debugging hooks.
-
-2008-05-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 19024: SQUIRRELFISH: ASSERTION FAILED: activation->isActivationObject() in Machine::unwindCallFrame
-        <https://bugs.webkit.org/show_bug.cgi?id=19024>
-
-        This fixes a number of issues.  The most important is that we now check every register
-        file for tainting rather than just looking for function register files as that was
-        insufficient. Additionally guarded against implicit re-entry into Eval code.
-
-        Also added a few additional assertions to reduce the amout of time between something
-        going wrong and us seeing the error.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/RegisterFile.cpp:
-        (KJS::RegisterFile::growBuffer):
-        (KJS::RegisterFile::addGlobalSlots):
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::pushGlobalRegisterFile):
-        (KJS::RegisterFileStack::pushFunctionRegisterFile):
-        * VM/RegisterFileStack.h:
-        (KJS::RegisterFileStack::inImplicitCall):
-
-2008-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A little more debugger action: emit opcodes for debugger hooks. Right
-        now, the opcode implementation is just a stub.
-        
-        SunSpider reports no change.
-        
-        Some example codegen for "function f() { 1; }":
-
-            [   0] dbg         DidEnterCallFrame
-            [   2] dbg         WillExecuteStatement
-            [   4] load        tr0, 1(@k0)
-            [   7] load        tr0, undefined(@k1)
-            [  10] dbg         WillLeaveCallFrame
-            [  12] ret         tr0
-
-2008-05-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 19025: SQUIRRELFISH: malformed syntax in onload handler causes crash
-        <https://bugs.webkit.org/show_bug.cgi?id=19025>
-
-        Simple fix -- move the use of functionBodyNode to after the null check.
-
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct):
-
-2008-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed a codegen crash with run-time parse errors.
-        
-        SunSpider reports no change.
-        
-        emitThrowError needs to return the temporary holding the error, not dst,
-        since dst may be NULL. In fact, emitThrowError shouldn't take a dst
-        parameter at all, since exceptions should not modify the destination
-        register.
-
-2008-05-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 19027: SquirrelFish: Incorrect codegen for pre-increment
-        <https://bugs.webkit.org/show_bug.cgi?id=19027>
-
-        This fixes the codegen issues for the pre-inc/decrement operators
-        to prevent incorrectly clobbering the destination in the event of
-        an exception.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitPreInc):
-        (KJS::CodeGenerator::emitPreDec):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::PreIncBracketNode::emitCode):
-        (KJS::PreDecBracketNode::emitCode):
-        (KJS::PreIncDotNode::emitCode):
-        (KJS::PreDecDotNode::emitCode):
-
-2008-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A little more debugger action: supply a real line number, sourceId,
-        and sourceURL in op_new_error.
-        
-        SunSpider reports a .2% speedup. Not sure what that's about.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Use the new good stuff in op_new_error.
-
-        * kjs/nodes.cpp:
-        (KJS::RegExpNode::emitCode): Use the shared emitThrowError instead of
-        rolling our own.
-
-2008-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A little more debugger action: implemented the exception callback.
-        
-        SunSpider reports a .2% speedup. Not sure what that's about.
-
-        * VM/CodeBlock.h: A little refactoring here. Store a pointer to our
-        owner ScopeNode so we can retrieve data from it. This allows us to
-        stop storing copies of the data ourselves. Also, store a "this" register
-        instead of a code type, since we were only using the code type to
-        calculate the "this" register.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::generate): Calculate the "this" register mentioned
-        above. Also, take care of removing "this" from the symbol table after
-        codegen is done, since relying on the timing of a destructor for correct
-        behavior is not so good.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::throwException): Invoke the debugger's exception callback.
-        (KJS::Machine::privateExecute): Use the "this" register mentioned above.
-
-2008-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Removed some unused exception machinery.
-        
-        SunSpider reports a .3% speedup.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/internal.cpp:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/value.h:
-
-2008-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A little more debugger action.
-
-        * kjs/debugger.cpp:
-        * kjs/debugger.h: Removed debuggersPresent because it was unused.
-        Replaced AttachedGlobalObject linked list with a HashSet because HashSet
-        is faster and simpler. Changed all functions to return void instead of
-        bool, because no clients ever return false, and we don't want to support
-        it.
-
-        * kjs/nodes.cpp: Did some up-keep to avoid build bustage.
-        (KJS::Node::handleException):
-        (KJS::BreakpointCheckStatement::execute):
-        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
-
-2008-05-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
-        <https://bugs.webkit.org/show_bug.cgi?id=18752>
-
-        Replace old attempt at "branchless" exceptions as the extra information
-        being passed made gcc an unhappy compiler, replacing these custom toNumber
-        calls with ordinary toNumber logic (by relying on toNumber now preventing
-        side effects after an exception has been thrown) provided sufficient leeway
-        to add the additional checks for the remaining unchecked cases.
-
-        This leaves only toString conversions in certain contexts as possibly
-        misbehaving.
-
-        * VM/Machine.cpp:
-        (KJS::jsAdd):
-        (KJS::resolve):
-        (KJS::resolveBaseAndProperty):
-        (KJS::resolveBaseAndFunc):
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/value.h:
-        (KJS::JSValue::safeGetNumber):
-
-2008-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        First steps toward supporting the debugger API: support the sourceParsed
-        callback; plus some minor fixups.
-
-        SunSpider reports no regression.
-
-        * VM/CodeGenerator.h: Removed a misleading comment.
-
-        * kjs/Parser.h: Changed the parser to take an ExecState*, so it can
-        implement the sourceParsed callback -- that way, we only have to
-        implement the callback in one place.
-
-        * kjs/debugger.cpp: Nixed DebuggerImp, because its sole purpose in life
-        was to demonstrate the misapplication of design patterns.
-
-        * kjs/debugger.h: Changed sourceParsed to take a SourceProvider, to
-        reduce copying, and not to return a value, because pausing execution
-        after parsing is complicated, and no clients needed that ability, anyway.
-
-        * kjs/grammar.y: Make sure never to pass a NULL SourceElements* to
-        didFinishParsing -- that simplifies some code down the road.
-        
-        * kjs/nodes.cpp: Don't generate special AST nodes just because the
-        debugger is attached -- that's a relic of the old AST execution model,
-        and those nodes haven't been maintained.
-
-2008-05-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18752: SQUIRRELFISH: exceptions are not always handled by the vm
-        <https://bugs.webkit.org/show_bug.cgi?id=18752>
-
-        First step: prevent incorrect evaluation of valueOf/toString conversion
-        in right hand side of expression after earlier conversion throws.
-
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::toNumber):
-        * kjs/object.cpp:
-        (KJS::JSObject::defaultValue):
-
-2008-05-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18934: SQUIRRELFISH: ASSERT @ nytimes.com due to RegisterFile being clobbered
-        <https://bugs.webkit.org/show_bug.cgi?id=18934>
-
-        Unfortunately we cannot create new statically optimised globals if there are any
-        tainted RegisterFiles on the RegisterFileStack.  To handle this we re-introduce
-        (in a slightly cleaner form) the inImplicitCall concept to the RegisterFileStack.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::pushFunctionRegisterFile):
-        * VM/RegisterFileStack.h:
-
-2008-05-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Introduced support for function.caller.
-        
-        Improved support for walking interesting scopes for function introspection.
-        
-        This fixes all remaining layout tests not blocked by rebasing to trunk.
-        
-        SunSpider reports no change.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::dumpRegisters): Fixed a spacing issue.
-
-2008-05-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 18961: SQUIRRELFISH: Gmail doesn't load
-        <https://bugs.webkit.org/show_bug.cgi?id=18961>
-
-        Fix codegen for logical nodes so that they don't use their destination
-        as a temporary.
-
-        * kjs/nodes.cpp:
-        (KJS::LogicalAndNode::emitCode):
-        (KJS::LogicalOrNode::emitCode):
-
-2008-05-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-
-        - JavaScriptCore part of fix for: "SQUIRRELFISH: function toString broken after calling"
-        https://bugs.webkit.org/show_bug.cgi?id=18869
-       
-        Three layout tests are fixed:
-          fast/js/toString-elision-trailing-comma.html
-          fast/js/toString-prefix-postfix-preserve-parens.html
-          fast/js/kde/lval-exceptions.html
-        
-        Functions now save a shared subrange of the original source used
-        to make them (so in the common case this adds no storage above the
-        memory cache).
-        
-        * kjs/SourceProvider.h: Added.
-        (KJS::SourceProvider): New abstract base class for classes that provide on-demand access
-        to the source for a JavaScript program. This allows function objects to have access to their
-        original source without copying.
-        (KJS::UStringSourceProvider): SourceProvider subclass backed by a KJS::UString.
-        (KJS::UStringSourceProvider::create):
-        (KJS::UStringSourceProvider::getRange):
-        (KJS::UStringSourceProvider::data):
-        (KJS::UStringSourceProvider::length):
-        (KJS::UStringSourceProvider::UStringSourceProvider):
-        * kjs/SourceRange.h: Added.
-        (KJS::SourceRange::SourceRange): Class that holds a SourceProvider and a character range into
-        the source, to encapsulate on-demand access to the source of a function.
-        (KJS::SourceRange::toString):
-        * VM/Machine.cpp:
-        (KJS::eval): Pass a UStringSourceProvider to the parser.
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse): Take a SourceProvider and pass it on to the lexer.
-        * kjs/Parser.h:
-        (KJS::Parser::parse): Take a SourceProvider.
-        * kjs/lexer.cpp:
-        (KJS::Lexer::setCode): Take a SourceProvider; keep it around, and
-        use it to get the raw buffer and length.
-        * kjs/lexer.h:
-        (KJS::Lexer::sourceRange): Convenience function to get a source
-        range based on the lexer's source provieder, and char offsets
-        right before and after the desired range.
-        * kjs/function.cpp:
-        (KJS::globalFuncEval): Pass a UStringSourceProvider to the parser.
-        * kjs/function_object.cpp:
-        (KJS::functionProtoFuncToString): Use toSourceString to get the source.
-        (KJS::FunctionObjectImp::construct): Give the parser a UStringSourceProvider.
-        * kjs/grammar.y: When parsing a function declaration, function
-        expression, or getter or setter, tell the function body about its
-        SourceRange.
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::checkSyntax): Pass a SourceProvider to the parser.
-        (KJS::Interpreter::evaluate): Pass a SourceProvider to the parser.
-        * kjs/interpreter.h:
-        * kjs/nodes.h:
-        (KJS::FunctionBodyNode::setSource): Establish a SourceRange for this function.
-        (KJS::FunctionBodyNode::toSourceString): Get the source string out
-        of the SourceRange.
-        (KJS::FuncExprNode::): Take a SourceRange and set it on the body.
-        (KJS::FuncDeclNode::): ditto
-        * kjs/testkjs.cpp:
-        (prettyPrintScript): Use a SourceProvider appropriately.
-        * JavaScriptCore.exp: Export new symbols.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add new files.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add new files.
-
-2008-05-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bring back RegisterFile tainting in order to correctly handle
-        natively implemented getters and setters that re-enter JavaScript
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/RegisterFile.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-        (KJS::tryGetAndCallProperty):
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::functionGetter):
-
-2008-05-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - track character offsets of open and close braces, in preparation for saving function source
-        
-        I verified that there is no performance regression from this change.
-
-        * kjs/grammar.y:
-        * kjs/lexer.cpp:
-        (KJS::Lexer::lex):
-        (KJS::Lexer::matchPunctuator):
-        * kjs/lexer.h:
-
-2008-05-09  Oliver Hunt  <oliver@apple.com>
-
-        Debug build fix
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::restoreLocalStorage):
-
-2008-05-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Build fixes for SquirrelFish on windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-        * VM/Register.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::restoreLocalStorage):
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::allocateNumber):
-        * kjs/collector.h:
-        (KJS::Collector::allocate):
-        (KJS::Collector::allocateNumber):
-        * kjs/property_slot.cpp:
-
-2008-05-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - fix activation tearoff in the case where functions are called with too many arguments
-        
-        Fixes:
-        fast/canvas/patternfill-repeat.html
-        fast/dom/SelectorAPI/bug-17313.html
-
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall):
-        (KJS::scopeChainForCall):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-
-2008-05-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed failure in fast/canvas/canvas-pattern-behaviour.html.
-        
-        SunSpider reports a small speedup. Not sure what that's about.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump): Fixed op_call_eval to dump as "op_call_eval".
-        This helped me while debugging.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::unwindCallFrame): When looking for an activation to tear
-        off, don't use the scope chain. Inside eval, the scope chain doesn't
-        belong to us; it belongs to our calling function.
-        
-        Also, don't use the needsFullScopeChain flag to decide whether to tear
-        off the activation. "function.arguments" can create an activation
-        for a function whose needsFullScopeChain flag is set to false.
-
-2008-05-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix function.call for calls of more than 8 arguments
-        
-        Fixes svg/carto.net/button.svg
-
-        * kjs/list.cpp:
-        (KJS::List::getSlice): properly set up the m_buffer of the target list.
-
-2008-05-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - don't return a null RegisterID from RegExpNode in the exception case, since the caller may need a real register
-
-        Fixes:
-        - fast/regex/early-acid3-86.html
-        - http/tests/misc/acid3.html
-        
-        * kjs/nodes.cpp:
-        (KJS::RegExpNode::emitCode):
-
-2008-05-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Fix a performance regression caused by the introduction of property
-        attributes to SymbolTable in r32859 by encoding the attributes and the
-        register index into a single field of SymbolTableEntry.
-
-        This leaves Node::optimizeVariableAccess() definitely broken, although
-        it was probably not entirely correct in SquirrelFish before this change.
-
-        * VM/CodeBlock.h:
-        (KJS::missingThisObjectMarker):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addVar):
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::registerForLocal):
-        (KJS::CodeGenerator::registerForLocalConstInit):
-        (KJS::CodeGenerator::isLocalConstant):
-        (KJS::CodeGenerator::addConstant):
-        (KJS::CodeGenerator::emitCall):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::IdentifierMapIndexHashTraits::emptyValue):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::saveLocalStorage):
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::getPropertyNames):
-        (KJS::JSVariableObject::getPropertyAttributes):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableGet):
-        (KJS::JSVariableObject::symbolTablePut):
-        (KJS::JSVariableObject::symbolTablePutWithAttributes):
-        * kjs/SymbolTable.h:
-        (KJS::SymbolTableEntry::SymbolTableEntry):
-        (KJS::SymbolTableEntry::isEmpty):
-        (KJS::SymbolTableEntry::getIndex):
-        (KJS::SymbolTableEntry::getAttributes):
-        (KJS::SymbolTableEntry::setAttributes):
-        (KJS::SymbolTableEntry::isReadOnly):
-        * kjs/nodes.cpp:
-        (KJS::getSymbolTableEntry):
-        (KJS::PostIncResolveNode::optimizeVariableAccess):
-        (KJS::PostDecResolveNode::optimizeVariableAccess):
-        (KJS::DeleteResolveNode::optimizeVariableAccess):
-        (KJS::TypeOfResolveNode::optimizeVariableAccess):
-        (KJS::PreIncResolveNode::optimizeVariableAccess):
-        (KJS::PreDecResolveNode::optimizeVariableAccess):
-        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
-        (KJS::AssignResolveNode::optimizeVariableAccess):
-        (KJS::ProgramNode::initializeSymbolTable):
-
-2008-05-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Oliver.
-        
-        - add missing ! in an assert that I failed to reverse
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-
-2008-05-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fixed "SQUIRRELFISH: window.this shows up as a property, but it shouldn't"
-        https://bugs.webkit.org/show_bug.cgi?id=18868
-        
-        The basic approach is to have "this" only be present in the symbol
-        table at compile time, not runtime.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::~CodeGenerator): Remove "this" from symbol table.
-        (KJS::CodeGenerator::CodeGenerator): Add "this" back when re-using
-        a symbol table.
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute): Don't assert that "this" is in the symbol table.
-
-2008-05-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Trivial support for function.arguments: Currently, we only support
-        function.arguments from within the scope of function.
-        
-        This fixes the remaining Mozilla JS test failures.
-        
-        SunSpider reports no change.
-
-        * JavaScriptCore.exp:
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Separated scope chain deref from
-        activation register copying: since it is now possible for client code
-        to create an activation on behalf of a function that otherwise wouldn't
-        need one, having an activation no longer necessarily means that you need
-        to deref the scope chain.
-        
-        (KJS::Machine::getCallFrame): For now, this function only examines the
-        current scope. Walking parent scopes requires some refactoring in the
-        way we track execution stacks.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState): We use a negative call frame offset to
-        indicate that a given scope is not a function call scope.
-        
-2008-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Fix call frame set up for native -> JS function calls.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-
-2008-05-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed ecma_3/Object/8.6.2.6-001.js, and similar bugs.
-        
-        SunSpider reports a .4% speedup. Not sure what that's about.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Check for exception return from equal,
-        since toPrimitive can throw.
-
-        * kjs/operations.cpp:
-        (KJS::strictEqual): In response to an error I made in an earlier version
-        of this patch, I changed strictEqual to make clear the fact that it
-        performs no conversions and can't throw, making it slightly more efficient
-        in the process.
-
-2008-05-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix some dumb mistakes in my last patch
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitPushScope):
-        (KJS::CodeGenerator::emitGetPropertyNames):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-05-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - document opcodes relating to jumps, scopes, and property name iteration
-        
-        Documented jmp, jtrue, false, push_scope, pop_scope, get_pnames,
-        next_pname and jmp_scopes.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJump):
-        (KJS::CodeGenerator::emitJumpIfTrue):
-        (KJS::CodeGenerator::emitJumpIfFalse):
-        (KJS::CodeGenerator::emitPushScope):
-        (KJS::CodeGenerator::emitNextPropertyName):
-        (KJS::CodeGenerator::emitGetPropertyNames):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/nodes.cpp:
-        (KJS::LogicalAndNode::emitCode):
-        (KJS::LogicalOrNode::emitCode):
-        (KJS::ConditionalNode::emitCode):
-        (KJS::IfNode::emitCode):
-        (KJS::IfElseNode::emitCode):
-        (KJS::DoWhileNode::emitCode):
-        (KJS::WhileNode::emitCode):
-        (KJS::ForNode::emitCode):
-        (KJS::ForInNode::emitCode):
-        (KJS::WithNode::emitCode):
-
-2008-05-05  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 18749: SQUIRRELFISH: const support is broken
-        <https://bugs.webkit.org/show_bug.cgi?id=18749>
-
-        Adds support for const during code generation.
-
-        Fixes 2 layout tests.
-
-        * ChangeLog:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addVar):
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::isLocalConstant):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::addVar):
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::emitCode):
-        (KJS::PostDecResolveNode::emitCode):
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::AssignResolveNode::emitCode):
-
-2008-05-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - document some more opcodes (and fix argument names)
-        
-        Added docs for eq, neq, stricteq, nstriceq, less and lesseq.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitEqual):
-        (KJS::CodeGenerator::emitNotEqual):
-        (KJS::CodeGenerator::emitStrictEqual):
-        (KJS::CodeGenerator::emitNotStrictEqual):
-        (KJS::CodeGenerator::emitLess):
-        (KJS::CodeGenerator::emitLessEq):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/nodes.cpp:
-        (KJS::LessNode::emitCode):
-        (KJS::GreaterNode::emitCode):
-        (KJS::LessEqNode::emitCode):
-        (KJS::GreaterEqNode::emitCode):
-        (KJS::EqualNode::emitCode):
-        (KJS::NotEqualNode::emitCode):
-        (KJS::StrictEqualNode::emitCode):
-        (KJS::NotStrictEqualNode::emitCode):
-        (KJS::CaseBlockNode::emitCodeForBlock):
-
-2008-05-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        More scaffolding for f.arguments.
-        
-        Track the offset of the last call frame in the ExecState, so we can
-        produce a backtrace at any time.
-        
-        Also, record numLocals, the sum of numVars + numParameters, in each code
-        block, to make updates to the ExecState a little cheaper than they
-        would be otherwise.
-        
-        We now use numLocals in a bunch of places where we used to calculate
-        numVars + numParameters or -numVars - numParameters.
-        
-        Reports are mixed, but all in all, this seems to be a wash on SunSpider.
-
-2008-05-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Whoops, correctly handle properties that don't exist in the 
-        symbol table.
-
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTablePutWithAttributes):
-
-2008-05-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Add attribute information to SymbolTable as ground work for
-        various DontEnum and ReadOnly issues.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addVar):
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::registerForLocal):
-        (KJS::CodeGenerator::registerForLocalConstInit):
-        (KJS::CodeGenerator::addConstant):
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::saveLocalStorage):
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::getPropertyNames):
-        (KJS::JSVariableObject::getPropertyAttributes):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTablePut):
-        (KJS::JSVariableObject::symbolTablePutWithAttributes):
-        * kjs/SymbolTable.h:
-        (KJS::SymbolTableEntry::SymbolTableEntry):
-        (KJS::SymbolTableIndexHashTraits::emptyValue):
-        * kjs/nodes.cpp:
-        (KJS::getSymbolTableEntry):
-        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
-        (KJS::AssignResolveNode::optimizeVariableAccess):
-        (KJS::ProgramNode::initializeSymbolTable):
-
-2008-05-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        More scaffolding for f.arguments.
-        
-        Store the register file associated with an ExecState in the ExecState.
-        
-        SunSpider reports no change.
-
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Moved
-        registerFileStack above globalExec, so it gets initialized first.
-        Removed remnants of old activation scheme.
-
-2008-05-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Oliver.
-        
-        - renamed a few opcodes and fixed assembly formatting to accomodate the longest opcode
-        
-        equal --> eq
-        nequal --> neq
-        resolve_base_and_property --> resolve_with_base
-        resolve_base_and_func --> resolve_func
-        get_prop_id --> get_by_id
-        put_prop_id --> put_by_id
-        delete_prop_id --> del_by_id
-        get_prop_val --> get_by_val
-        put_prop_val --> put_by_val
-        delete_prop_val --> del_by_val
-        put_prop_index --> put_by_index
-        
-        * VM/CodeBlock.cpp:
-        (KJS::printUnaryOp):
-        (KJS::printBinaryOp):
-        (KJS::printConditionalJump):
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitEqual):
-        (KJS::CodeGenerator::emitNotEqual):
-        (KJS::CodeGenerator::emitResolveWithBase):
-        (KJS::CodeGenerator::emitResolveFunction):
-        (KJS::CodeGenerator::emitGetById):
-        (KJS::CodeGenerator::emitPutById):
-        (KJS::CodeGenerator::emitDeleteById):
-        (KJS::CodeGenerator::emitGetByVal):
-        (KJS::CodeGenerator::emitPutByVal):
-        (KJS::CodeGenerator::emitDeleteByVal):
-        (KJS::CodeGenerator::emitPutByIndex):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::ArrayNode::emitCode):
-        (KJS::PropertyListNode::emitCode):
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::DotAccessorNode::emitCode):
-        (KJS::EvalFunctionCallNode::emitCode):
-        (KJS::FunctionCallResolveNode::emitCode):
-        (KJS::FunctionCallBracketNode::emitCode):
-        (KJS::FunctionCallDotNode::emitCode):
-        (KJS::PostIncResolveNode::emitCode):
-        (KJS::PostDecResolveNode::emitCode):
-        (KJS::PostIncBracketNode::emitCode):
-        (KJS::PostDecBracketNode::emitCode):
-        (KJS::PostIncDotNode::emitCode):
-        (KJS::PostDecDotNode::emitCode):
-        (KJS::DeleteResolveNode::emitCode):
-        (KJS::DeleteBracketNode::emitCode):
-        (KJS::DeleteDotNode::emitCode):
-        (KJS::TypeOfResolveNode::emitCode):
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::PreIncBracketNode::emitCode):
-        (KJS::PreDecBracketNode::emitCode):
-        (KJS::PreIncDotNode::emitCode):
-        (KJS::PreDecDotNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::AssignResolveNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-        (KJS::ConstDeclNode::emitCodeSingle):
-        (KJS::ForInNode::emitCode):
-        (KJS::TryNode::emitCode):
-
-2008-05-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Fix assertion when accessing arguments object with too many arguments provided
-
-        The arguments constructor was assuming that the register offset given for argv
-        was an absolute offset into the registerfile, rather than the offset from the
-        frame.  This patches corrects that issue.
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::createArgumentsObject):
-
-2008-05-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber stamped by Sam Weinig.
-        
-        Cleaned up Machine.cpp according to our style guidelines: moved static
-        data to the top of the file; moved stand-alone functions below that;
-        moved the Machine constructor above other Machine member functions.
-
-2008-05-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-        
-        - fix accidental breakage from last patch
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-05-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - a bunch more opcode documentation and corresponding parameter name fixes
-
-        I renamed a few opcodes:
-        
-        type_of --> typeof (that's what the JS operator is named)
-        instance_of --> instanceof (ditto)
-        create_error --> new_error (for consistency with other new_* opcodes)
-        
-        I documented the following opcodes:
-        
-        - load
-        - new_object
-        - new_array
-        - new_regexp
-        - mov
-        - pre_inc
-        - pre_dec
-        - post_inc
-        - post_dec
-        - to_jsnumber
-        - negate
-        - bitnot
-        - not
-        - instanceof
-        - typeof
-        - in
-        - new_func
-        - new_funcexp
-        - new_error
-
-        I also fixed formatting on some existing opcode docs.
-        
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitMove):
-        (KJS::CodeGenerator::emitNot):
-        (KJS::CodeGenerator::emitPreInc):
-        (KJS::CodeGenerator::emitPreDec):
-        (KJS::CodeGenerator::emitPostInc):
-        (KJS::CodeGenerator::emitPostDec):
-        (KJS::CodeGenerator::emitToJSNumber):
-        (KJS::CodeGenerator::emitNegate):
-        (KJS::CodeGenerator::emitBitNot):
-        (KJS::CodeGenerator::emitInstanceOf):
-        (KJS::CodeGenerator::emitTypeOf):
-        (KJS::CodeGenerator::emitIn):
-        (KJS::CodeGenerator::emitLoad):
-        (KJS::CodeGenerator::emitNewObject):
-        (KJS::CodeGenerator::emitNewArray):
-        (KJS::CodeGenerator::emitNewRegExp):
-        (KJS::CodeGenerator::emitNewError):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::scopeDepth):
-        (KJS::CodeGenerator::addVar):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::Node::emitThrowError):
-        (KJS::RegExpNode::emitCode):
-        (KJS::TypeOfValueNode::emitCode):
-        (KJS::UnaryPlusNode::emitCode):
-        (KJS::NegateNode::emitCode):
-        (KJS::BitwiseNotNode::emitCode):
-        (KJS::LogicalNotNode::emitCode):
-        (KJS::InstanceOfNode::emitCode):
-        (KJS::InNode::emitCode):
-
-2008-05-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff and Sam.
-        
-        - generate HTML bytecode docs at build time
-
-        * DerivedSources.make:
-        * docs: Added.
-        * docs/make-bytecode-docs.pl: Added.
-
-2008-05-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Update ExecState::m_scopeChain when switching scope chains inside the
-        machine.
-        
-        This fixes uses of lexicalGlobalObject, such as, in a subframe
-
-            alert(top.makeArray() instanceof Array ? "FAIL" : "PASS");
-        
-        and a bunch of the security failures listed in
-        https://bugs.webkit.org/show_bug.cgi?id=18870. (Those tests still fail,
-        seemingly because of regressions in exception messages).
-        
-        SunSpider reports no change.
-
-        * VM/Machine.cpp: Factored out scope chain updating into a common
-        function that takes care to update ExecState::m_scopeChain, too.
-
-        * kjs/ExecState.h: I made Machine a friend of ExecState so that Machine
-        could update ExecState::m_scopeChain, even though that value is
-        read-only for everyone else.
-
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Changed
-        this client to be a little friendlier to ExecState's internal
-        storage type for scope chain data.
-
-2008-05-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=18876
-        Squirrelfish: ScopeChainNode leak in op_jmp_scopes.
-        
-        SunSpider reports no change.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Don't construct a ScopeChain object,
-        since the direct threaded interpreter will goto across its destructor.
-
-2008-05-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A bit more efficient fix than r32832: Don't copy globals into function
-        register files; instead, have the RegisterFileStack track only the base
-        of the last *global* register file, so the global object's register
-        references stay good.
-        
-        SunSpider reports a .3% speedup. Not sure what that's about.
-
-2008-05-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18864: SquirrelFish: Support getter and setter definition in object literals
-        <https://bugs.webkit.org/show_bug.cgi?id=18864>
-
-        Add new opcodes to allow us to add getters and setters to an object.  These are
-        only used by the codegen for object literals.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitPutGetter):
-        (KJS::CodeGenerator::emitPutSetter):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::PropertyListNode::emitCode):
-
-2008-05-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - properly copy globals into and out of implicit call register
-        files, otherwise they will fail at global lookup
-
-        Fixes fast/js/array-tostring-and-join.html layout test.
-        
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::pushGlobalRegisterFile):
-        (KJS::RegisterFileStack::popGlobalRegisterFile):
-        (KJS::RegisterFileStack::pushFunctionRegisterFile):
-        (KJS::RegisterFileStack::popFunctionRegisterFile):
-
-2008-05-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=18822
-        SQUIRRELFISH: incorrect eval used in some cases
-        
-        Changed all code inside the machine to fetch the lexical global object
-        directly from the scope chain, instead of from the ExecState.
-        
-        Clients who fetch the lexical global object through the ExecState
-        still don't work.
-        
-        SunSpider reports no change.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Fetch the lexical global object from
-        the scope chain.
-        
-        * kjs/ExecState.h:
-        (KJS::ExecState::ExecState::lexicalGlobalObject): Moved the logic for
-        this function into ScopeChainNode, but kept this function around to
-        support existing clients.
-
-2008-05-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-        
-        Removed ExecState.cpp from AllInOneFile.cpp, for a .2% speedup.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp:
-
-2008-05-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff and Maciej.
-
-        Bug 18827: SquirrelFish: Prevent getters and setters from destroying the current RegisterFile
-        <https://bugs.webkit.org/show_bug.cgi?id=18827>
-
-        Remove safe/unsafe RegisterFile concept, and instead just add additional
-        logic to ensure we always push/pop RegisterFiles when executing getters
-        and setters, similar to the logic for valueOf and toString.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/RegisterFile.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::functionGetter):
-
-2008-05-01  Oliver Hunt  <oliver@apple.com>
-
-        RS=Geoff
-
-        Rename unsafeForReentry to safeForReentry to avoid double negatives.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/RegisterFile.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-
-2008-05-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18827: SquirrelFish: Prevent getters and setters from destroying the current RegisterFile
-        <https://bugs.webkit.org/show_bug.cgi?id=18827>
-        
-        This patch makes getters and setters work.  It does this by
-        tracking whether the RegisterFile is "safe", that is whether
-        the interpreter is in a state that in which it can handle
-        the RegisterFile being reallocated.
-
-        * VM/Machine.cpp:
-        (KJS::resolve):
-        (KJS::Machine::privateExecute):
-        * VM/RegisterFile.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-
-2008-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Release build fix: Always compile in "isGlobalObject", since it's
-        listed in our .exp file.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::isGlobalObject):
-        * kjs/ExecState.h:
-
-2008-04-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Minor code restructuring to prepare for getters and setters, 
-        also helps exception semantics a bit.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed tyop.
-
-        * kjs/ExecState.h:
-
-2008-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Debug build fix: export a missing symbol.
-
-        * JavaScriptCore.exp:
-
-2008-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A little more ExecState refactoring: Now, only the global object creates
-        an ExecState.
-        
-        Also inlined ExecState::lexicalGlobalObject().
-        
-        SunSpider reports no change.
-
-2008-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        WebCore build fix: forward-declare ScopeChain.
-
-        * kjs/interpreter.h:
-
-2008-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix for JavaScriptGlue: export a missing symbol.
-
-        * JavaScriptCore.exp:
-
-2008-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Removed a lot of unused bits from ExecState, moving them into
-        OldInterpreterExecState, the fake scaffolding class.
-        
-        The clutter was making it hard to see the forest from the trees.
-        
-        .4% SunSpider speedup, probably because ExecState::lexicalGlobalObject()
-        is faster now.
-
-2008-04-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18643: SQUIRRELFISH: need to support implicit function calls (valueOf, toString, getters/setters)
-        <https://bugs.webkit.org/show_bug.cgi?id=18643>
-
-        Prevent static slot optimisation for new variables and functions in
-        globally re-entrant code called from an an implicit function call.
-
-        This is necessary to prevent us from needing to resize the global
-        slot portion of the root RegisterFile during an implicit (and hence
-        unguarded) function call.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/RegisterFile.h:
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::pushGlobalRegisterFile):
-        (KJS::RegisterFileStack::popGlobalRegisterFile):
-        (KJS::RegisterFileStack::pushFunctionRegisterFile):
-        (KJS::RegisterFileStack::popFunctionRegisterFile):
-        * VM/RegisterFileStack.h:
-        (KJS::RegisterFileStack::inImplicitFunctionCall):
-        (KJS::RegisterFileStack::lastGlobal):
-        * kjs/nodes.cpp:
-        (KJS::ProgramNode::generateCode):
-        * kjs/nodes.h:
-        (KJS::ProgramNode::):
-
-2008-04-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        In nested program code, don't propogate "this" back to the parent
-        register file. ("this" should remain constant in the parent register
-        file, regardless of the scripts it invokes.)
-
-        * VM/RegisterFile.cpp:
-        (KJS::RegisterFile::copyGlobals):
-
-2008-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Restore base pointer when popping a global RegisterFile
-
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::popGlobalRegisterFile):
-
-2008-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18643: SQUIRRELFISH: need to support implicit function calls (valueOf, toString, getters/setters)
-        <https://bugs.webkit.org/show_bug.cgi?id=18643>
-
-        Partial fix.  This results in all implicit calls to toString or valueOf
-        executing in a separate RegisterFile, so ensuring that the the pointers
-        in the triggering interpreter don't get trashed.  This still leaves the
-        task of preventing new global re-entry from toString and valueOf from
-        clobbering the RegisterFile.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::pushFunctionRegisterFile):
-        (KJS::RegisterFileStack::popFunctionRegisterFile):
-        * VM/RegisterFileStack.h:
-        * kjs/object.cpp:
-        (KJS::tryGetAndCallProperty):
-
-2008-04-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Simplified activation object a bit: No need to store the callee
-        in the activation object -- we can pull it out of the call frame
-        when needed, instead.
-        
-        SunSpider reports no change.
-
-2008-04-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        RS by Oliver Hunt on moving JSArguments.cpp out of AllInOneFile.cpp.
-
-        Substantially more handling of "arguments": "arguments" works fully
-        now, but "f.arguments" still doesn't work.
-
-        Fixes 10 regression tests.
-        
-        SunSpider reports no regression.
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::createArgumentsObject): Reconstruct an arguments
-        List to pass to the arguments object constructor.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp: Removed JSActivation.cpp from AllInOneFile.cpp
-        because that seems to make GCC happy. (Previously, I had added
-        JSActivation.cpp to AllInOneFile.cpp because *that* seemed to make GCC
-        happy. So it goes.)
-
-2008-04-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Groundwork for more handling of "arguments". I'm not checking in the
-        actual handling of "arguments" yet, because it still needs a little
-        fiddling to avoid a performance regression.
-        
-        SunSpider reports no change.
-
-        * VM/Machine.cpp:
-        (KJS::initializeCallFrame): Put argc in the register file, so the
-        arguments object can find it later, to determine arguments.length.
-
-        * kjs/nodes.h:
-        (KJS::FunctionBodyNode::): Added a special code accessor for when you
-        know the code has already been generated, and you don't have a scopeChain
-        to supply for potential code generation. (This is the case when the
-        activation object creates the arguments object.)
-
-2008-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Replace unsafe use of auto_ptr in Vector with manual memory
-        management.
-
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::~RegisterFileStack):
-        (KJS::RegisterFileStack::popRegisterFile):
-        * VM/RegisterFileStack.h:
-
-2008-04-27  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 18746: SQUIRRELFISH: indirect eval used when direct eval should be used
-        <https://bugs.webkit.org/show_bug.cgi?id=18746>
-
-        Change the base to the correct value of the 'this' object after the direct
-        eval test instead of before.
-
-        Fixes 5 layout tests.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/nodes.cpp:
-        (KJS::EvalFunctionCallNode::emitCode):
-
-2008-04-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - document all property getting, setting and deleting opcodes
-        
-        (And fix function parameter names to match corresponding opcode parameter names.)
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitResolve):
-        (KJS::CodeGenerator::emitResolveBase):
-        (KJS::CodeGenerator::emitResolveBaseAndProperty):
-        (KJS::CodeGenerator::emitResolveBaseAndFunc):
-        (KJS::CodeGenerator::emitGetPropId):
-        (KJS::CodeGenerator::emitPutPropId):
-        (KJS::CodeGenerator::emitDeletePropId):
-        (KJS::CodeGenerator::emitPutPropVal):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::resolve):
-        (KJS::resolveBase):
-        (KJS::resolveBaseAndProperty):
-        (KJS::resolveBaseAndFunc):
-        (KJS::Machine::privateExecute):
-        * kjs/nodes.cpp:
-        (KJS::ResolveNode::emitCode):
-        (KJS::ArrayNode::emitCode):
-        (KJS::PropertyListNode::emitCode):
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::EvalFunctionCallNode::emitCode):
-        (KJS::FunctionCallResolveNode::emitCode):
-        (KJS::FunctionCallBracketNode::emitCode):
-        (KJS::PostIncResolveNode::emitCode):
-        (KJS::PostDecResolveNode::emitCode):
-        (KJS::PostIncBracketNode::emitCode):
-        (KJS::PostDecBracketNode::emitCode):
-        (KJS::PostIncDotNode::emitCode):
-        (KJS::PostDecDotNode::emitCode):
-        (KJS::DeleteResolveNode::emitCode):
-        (KJS::TypeOfResolveNode::emitCode):
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::PreIncBracketNode::emitCode):
-        (KJS::PreDecBracketNode::emitCode):
-        (KJS::AssignResolveNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-        (KJS::ConstDeclNode::emitCodeSingle):
-
-2008-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18628: SQUIRRELFISH: need to support recursion limit
-        <https://bugs.webkit.org/show_bug.cgi?id=18628>
-
-        Basically completes recursion limiting.  There is still some
-        tuning we may want to do to make things better in the face of
-        very bad code, but certainly nothing worse than anything already
-        possible in trunk.
-
-        Also fixes a WebKit test by fixing the exception text :D
-
-        * JavaScriptCore.exp:
-        * VM/ExceptionHelpers.cpp:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/RegisterFile.cpp:
-        (KJS::RegisterFile::growBuffer):
-        (KJS::RegisterFile::addGlobalSlots):
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::grow):
-        (KJS::RegisterFile::uncheckedGrow):
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::pushRegisterFile):
-        * VM/RegisterFileStack.h:
-
-2008-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18628: SQUIRRELFISH: need to support recursion limit
-        <https://bugs.webkit.org/show_bug.cgi?id=18628>
-
-        Put a limit on the level of reentry recursion.  128 levels of re-entrant recursion
-        seems reasonable as it is greater than the old eval limit, and a long way short of
-        the reentry depth needed to overflow the stack.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/Machine.h:
-
-2008-04-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        A tiny bit of cleanup to the regexp code.
-        
-        Removed some static_cast.
-        
-        Removed createRegExpImp because it's no longer used.
-
-2008-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18736: SQUIRRELFISH: switch statements with no default have incorrect codegen
-        <https://bugs.webkit.org/show_bug.cgi?id=18736>
-
-        Ensure the "default" target is correct in the absence of an explicit default handler.
-
-        * kjs/nodes.cpp:
-        (KJS::CaseBlockNode::emitCodeForBlock):
-
-2008-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18628: SQUIRRELFISH: need to support recursion limit
-        <https://bugs.webkit.org/show_bug.cgi?id=18628>
-
-        More bounds checking.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/RegisterFile.cpp:
-        (KJS::RegisterFile::growBuffer):
-        * VM/RegisterFile.h:
-
-2008-04-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix signal catching magic
-        
-        The signal handlers are restored to _exit but are only set when
-        running under run-javascriptcore-tests. fprintf from a signal
-        handler is not safe.
-
-        * kjs/testkjs.cpp:
-        (main):
-        (parseArguments):
-        * tests/mozilla/jsDriver.pl:
-
-2008-04-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 18732: SQUIRRELFISH: exceptions thrown by native constructors are ignored
-        <https://bugs.webkit.org/show_bug.cgi?id=18732>
-
-        Fixes another regression test.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 18728: SQUIRRELFISH: invalid regular expression constants should throw exceptions
-        <https://bugs.webkit.org/show_bug.cgi?id=18728>
-
-        Fixes another regression test.
-
-        * kjs/nodes.cpp:
-        (KJS::RegExpNode::emitCode):
-
-2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoffrey Garen.
-
-        Bug 18735: SQUIRRELFISH: closures are sometimes given an incorrect 'this' value when called
-        <https://bugs.webkit.org/show_bug.cgi?id=18735>
-
-        The overloaded toThisObject method was not copied over to JSActivation.
-
-        Fixes two regression tests.
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::toThisObject):
-        * kjs/JSActivation.h:
-
-2008-04-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Added support for arguments.callee.
-
-2008-04-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18628: SQUIRRELFISH: need to support recursion limit
-        <https://bugs.webkit.org/show_bug.cgi?id=18628>
-
-        Partial fix -- this gets us some of the required bounds checking, but not
-        complete coverage.  But it does manage to do them without regressing :D
-
-        * VM/ExceptionHelpers.cpp:
-        (KJS::createError):
-        (KJS::createStackOverflowError):
-        * VM/ExceptionHelpers.h:
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/RegisterFile.cpp:
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::):
-        (KJS::RegisterFile::RegisterFile):
-        (KJS::RegisterFile::grow):
-
-2008-04-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A tiny bit more handling of "arguments": create a real, but mostly
-        hollow, arguments object.
-        
-        Fixes 2 regression tests.
-
-2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 18717: SQUIRRELFISH: eval returns the wrong value for a variable declaration statement
-        <https://bugs.webkit.org/show_bug.cgi?id=18717>
-
-        Fixes a regression test, but exposes the failure of another due to the
-        lack of getters and setters.
-
-        * kjs/nodes.cpp:
-        (KJS::ConstDeclNode::emitCodeSingle):
-        (KJS::ConstDeclNode::emitCode):
-        (KJS::ConstStatementNode::emitCode):
-        (KJS::VarStatementNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Print a CRASH statement when crashing, so test failures are not a
-        mystery.
-
-        * kjs/testkjs.cpp:
-        (handleCrash):
-        (main):
-
-2008-04-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoffrey Garen.
-
-        Bug 18716: SQUIRRELFISH: typeof should return undefined for an undefined variable reference
-        <https://bugs.webkit.org/show_bug.cgi?id=18716>
-
-        This fixes 2 more regression tests.
-
-        * kjs/nodes.cpp:
-        (KJS::TypeOfResolveNode::emitCode):
-
-2008-04-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Put the callee in the call frame.
-        
-        Necessary in order to support "arguments" and "arguments.callee".
-
-        Also fixes a latent GC bug, where an executing function could be
-        subject to GC if the register holding it were overwritten. Here's
-        an example that would have caused problems:
-        
-        function f()
-        {
-            // Flood the machine stack to eliminate any old pointers to f.
-            g.call({});
-            
-            // Overwrite f in the register file.
-            f = 1;
-
-            // Force a GC.
-            for (var i = 0; i < 5000; ++i) {
-                ({});
-            }
-            
-            // Welcome to crash-ville.
-        }
-
-        function g()
-        {
-        }
-
-        f();
-
-        * VM/Machine.h: Changed the order of arguments to
-        execute(FunctionBodyNode*...) to match the other execute functions.
-        * kjs/function.cpp: Updated to match new argument requirements from
-        execute(FunctionBodyNode*...). Renamed newObj to thisObj to match the
-        rest of JavaScriptCore.
-
-        SunSpider reports no change.
-
-2008-04-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 18707: SQUIRRELFISH: eval always performs toString() on its argument
-        <https://bugs.webkit.org/show_bug.cgi?id=18707>
-
-        This fixes 4 more regression tests.
-
-        * VM/Machine.cpp:
-        (KJS::eval):
-
-2008-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix logic bug in SegmentedVector::grow which would sometimes fail to resize a segment when needed
-        
-        Fixes 3 JSC tests.
-
-        * VM/SegmentedVector.h:
-        (KJS::SegmentedVector::grow):
-
-2008-04-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Degenerate handling of "arguments" as a property of the activation
-        object. Currently, we just return a vanilla object.
-        
-        SunSpider reports no change.
-
-        Fixes:
-
-        ecma_3/Function/regress-94506.js.
-        
-        Reveals to have been secretly broken:
-
-        ecma_3/Function/15.3.4.3-1.js
-        ecma_3/Function/15.3.4.4-1.js
-        
-        These tests were passing incorrectly. testkjs creates a global array
-        named "arguments" to hold command-line arguments. That array was
-        tricking these tests into thinking that an arguments object with length
-        0 had been created. Since our new vanilla object shadows the global
-        property named arguments, that object no longer fools these tests into
-        passing.
-        
-        Net change: +1 failing test.
-
-        * kjs/AllInOneFile.cpp: Had to put JSActivation.cpp into AllInOneFile.cpp
-        to solve a surprising 8.6% regression in bitops-3bit-bits-in-byte.
-
-2008-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - save and restore callFrame
-
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * kjs/testkjs.cpp:
-        (main):
-
-2008-04-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed scopes for named function expressions.
-        
-        Fixes one regression test.
-        
-        Two changes here:
-        
-        (1) The function's name is supposed to have attributes DontDelete,
-        ReadOnly, regardless of the type of code executing.
-        
-        (2) Push the name object on the function's scope chain, rather than
-        the ExecState's scope chain because, well, that's where it belongs.
-
-2008-04-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Inlined JSObject::putDirect, for a .4% SunSpider speedup.
-        
-        I did this as a first step toward removing nodes.cpp from
-        AllInOneFile.cpp, but I'm putting that larger project aside for now.
-
-2008-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Geoff.
-        
-        - add OldInterpreterExecState class and use it in dead code
-        
-        This will allow removing things from the real ExecState class
-        without having to figure out how to remove all this code without
-        getting a perf regression.
-
-        * kjs/nodes.cpp:
-        (KJS::ExpressionNode::evaluateToNumber):
-        (KJS::ExpressionNode::evaluateToBoolean):
-        (KJS::ExpressionNode::evaluateToInt32):
-        (KJS::ExpressionNode::evaluateToUInt32):
-        (KJS::Node::setErrorCompletion):
-        (KJS::Node::throwError):
-        (KJS::Node::throwUndefinedVariableError):
-        (KJS::Node::handleException):
-        (KJS::Node::rethrowException):
-        (KJS::BreakpointCheckStatement::execute):
-        (KJS::BreakpointCheckStatement::optimizeVariableAccess):
-        (KJS::NullNode::evaluate):
-        (KJS::FalseNode::evaluate):
-        (KJS::TrueNode::evaluate):
-        (KJS::NumberNode::evaluate):
-        (KJS::NumberNode::evaluateToNumber):
-        (KJS::NumberNode::evaluateToBoolean):
-        (KJS::NumberNode::evaluateToInt32):
-        (KJS::NumberNode::evaluateToUInt32):
-        (KJS::ImmediateNumberNode::evaluate):
-        (KJS::ImmediateNumberNode::evaluateToInt32):
-        (KJS::ImmediateNumberNode::evaluateToUInt32):
-        (KJS::StringNode::evaluate):
-        (KJS::StringNode::evaluateToNumber):
-        (KJS::StringNode::evaluateToBoolean):
-        (KJS::RegExpNode::evaluate):
-        (KJS::ThisNode::evaluate):
-        (KJS::ResolveNode::inlineEvaluate):
-        (KJS::ResolveNode::evaluate):
-        (KJS::ResolveNode::evaluateToNumber):
-        (KJS::ResolveNode::evaluateToBoolean):
-        (KJS::ResolveNode::evaluateToInt32):
-        (KJS::ResolveNode::evaluateToUInt32):
-        (KJS::getSymbolTableEntry):
-        (KJS::ResolveNode::optimizeVariableAccess):
-        (KJS::LocalVarAccessNode::inlineEvaluate):
-        (KJS::LocalVarAccessNode::evaluate):
-        (KJS::LocalVarAccessNode::evaluateToNumber):
-        (KJS::LocalVarAccessNode::evaluateToBoolean):
-        (KJS::LocalVarAccessNode::evaluateToInt32):
-        (KJS::LocalVarAccessNode::evaluateToUInt32):
-        (KJS::getNonLocalSymbol):
-        (KJS::ScopedVarAccessNode::inlineEvaluate):
-        (KJS::ScopedVarAccessNode::evaluate):
-        (KJS::ScopedVarAccessNode::evaluateToNumber):
-        (KJS::ScopedVarAccessNode::evaluateToBoolean):
-        (KJS::ScopedVarAccessNode::evaluateToInt32):
-        (KJS::ScopedVarAccessNode::evaluateToUInt32):
-        (KJS::NonLocalVarAccessNode::inlineEvaluate):
-        (KJS::NonLocalVarAccessNode::evaluate):
-        (KJS::NonLocalVarAccessNode::evaluateToNumber):
-        (KJS::NonLocalVarAccessNode::evaluateToBoolean):
-        (KJS::NonLocalVarAccessNode::evaluateToInt32):
-        (KJS::NonLocalVarAccessNode::evaluateToUInt32):
-        (KJS::ElementNode::optimizeVariableAccess):
-        (KJS::ElementNode::evaluate):
-        (KJS::ArrayNode::optimizeVariableAccess):
-        (KJS::ArrayNode::evaluate):
-        (KJS::ObjectLiteralNode::optimizeVariableAccess):
-        (KJS::ObjectLiteralNode::evaluate):
-        (KJS::PropertyListNode::optimizeVariableAccess):
-        (KJS::PropertyListNode::evaluate):
-        (KJS::PropertyNode::optimizeVariableAccess):
-        (KJS::PropertyNode::evaluate):
-        (KJS::BracketAccessorNode::optimizeVariableAccess):
-        (KJS::BracketAccessorNode::inlineEvaluate):
-        (KJS::BracketAccessorNode::evaluate):
-        (KJS::BracketAccessorNode::evaluateToNumber):
-        (KJS::BracketAccessorNode::evaluateToBoolean):
-        (KJS::BracketAccessorNode::evaluateToInt32):
-        (KJS::BracketAccessorNode::evaluateToUInt32):
-        (KJS::DotAccessorNode::optimizeVariableAccess):
-        (KJS::DotAccessorNode::inlineEvaluate):
-        (KJS::DotAccessorNode::evaluate):
-        (KJS::DotAccessorNode::evaluateToNumber):
-        (KJS::DotAccessorNode::evaluateToBoolean):
-        (KJS::DotAccessorNode::evaluateToInt32):
-        (KJS::DotAccessorNode::evaluateToUInt32):
-        (KJS::ArgumentListNode::optimizeVariableAccess):
-        (KJS::ArgumentListNode::evaluateList):
-        (KJS::ArgumentsNode::optimizeVariableAccess):
-        (KJS::NewExprNode::optimizeVariableAccess):
-        (KJS::NewExprNode::inlineEvaluate):
-        (KJS::NewExprNode::evaluate):
-        (KJS::NewExprNode::evaluateToNumber):
-        (KJS::NewExprNode::evaluateToBoolean):
-        (KJS::NewExprNode::evaluateToInt32):
-        (KJS::NewExprNode::evaluateToUInt32):
-        (KJS::ExpressionNode::resolveAndCall):
-        (KJS::EvalFunctionCallNode::optimizeVariableAccess):
-        (KJS::EvalFunctionCallNode::evaluate):
-        (KJS::FunctionCallValueNode::optimizeVariableAccess):
-        (KJS::FunctionCallValueNode::evaluate):
-        (KJS::FunctionCallResolveNode::optimizeVariableAccess):
-        (KJS::FunctionCallResolveNode::inlineEvaluate):
-        (KJS::FunctionCallResolveNode::evaluate):
-        (KJS::FunctionCallResolveNode::evaluateToNumber):
-        (KJS::FunctionCallResolveNode::evaluateToBoolean):
-        (KJS::FunctionCallResolveNode::evaluateToInt32):
-        (KJS::FunctionCallResolveNode::evaluateToUInt32):
-        (KJS::LocalVarFunctionCallNode::inlineEvaluate):
-        (KJS::LocalVarFunctionCallNode::evaluate):
-        (KJS::LocalVarFunctionCallNode::evaluateToNumber):
-        (KJS::LocalVarFunctionCallNode::evaluateToBoolean):
-        (KJS::LocalVarFunctionCallNode::evaluateToInt32):
-        (KJS::LocalVarFunctionCallNode::evaluateToUInt32):
-        (KJS::ScopedVarFunctionCallNode::inlineEvaluate):
-        (KJS::ScopedVarFunctionCallNode::evaluate):
-        (KJS::ScopedVarFunctionCallNode::evaluateToNumber):
-        (KJS::ScopedVarFunctionCallNode::evaluateToBoolean):
-        (KJS::ScopedVarFunctionCallNode::evaluateToInt32):
-        (KJS::ScopedVarFunctionCallNode::evaluateToUInt32):
-        (KJS::NonLocalVarFunctionCallNode::inlineEvaluate):
-        (KJS::NonLocalVarFunctionCallNode::evaluate):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToNumber):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToBoolean):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToInt32):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToUInt32):
-        (KJS::FunctionCallBracketNode::optimizeVariableAccess):
-        (KJS::FunctionCallBracketNode::evaluate):
-        (KJS::FunctionCallDotNode::optimizeVariableAccess):
-        (KJS::FunctionCallDotNode::inlineEvaluate):
-        (KJS::FunctionCallDotNode::evaluate):
-        (KJS::FunctionCallDotNode::evaluateToNumber):
-        (KJS::FunctionCallDotNode::evaluateToBoolean):
-        (KJS::FunctionCallDotNode::evaluateToInt32):
-        (KJS::FunctionCallDotNode::evaluateToUInt32):
-        (KJS::PostIncResolveNode::optimizeVariableAccess):
-        (KJS::PostIncResolveNode::evaluate):
-        (KJS::PostIncLocalVarNode::evaluate):
-        (KJS::PostDecResolveNode::optimizeVariableAccess):
-        (KJS::PostDecResolveNode::evaluate):
-        (KJS::PostDecLocalVarNode::evaluate):
-        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
-        (KJS::PostDecLocalVarNode::evaluateToNumber):
-        (KJS::PostDecLocalVarNode::evaluateToBoolean):
-        (KJS::PostDecLocalVarNode::evaluateToInt32):
-        (KJS::PostDecLocalVarNode::evaluateToUInt32):
-        (KJS::PostfixBracketNode::optimizeVariableAccess):
-        (KJS::PostIncBracketNode::evaluate):
-        (KJS::PostDecBracketNode::evaluate):
-        (KJS::PostfixDotNode::optimizeVariableAccess):
-        (KJS::PostIncDotNode::evaluate):
-        (KJS::PostDecDotNode::evaluate):
-        (KJS::PostfixErrorNode::evaluate):
-        (KJS::DeleteResolveNode::optimizeVariableAccess):
-        (KJS::DeleteResolveNode::evaluate):
-        (KJS::LocalVarDeleteNode::evaluate):
-        (KJS::DeleteBracketNode::optimizeVariableAccess):
-        (KJS::DeleteBracketNode::evaluate):
-        (KJS::DeleteDotNode::optimizeVariableAccess):
-        (KJS::DeleteDotNode::evaluate):
-        (KJS::DeleteValueNode::optimizeVariableAccess):
-        (KJS::DeleteValueNode::evaluate):
-        (KJS::VoidNode::optimizeVariableAccess):
-        (KJS::VoidNode::evaluate):
-        (KJS::TypeOfValueNode::optimizeVariableAccess):
-        (KJS::TypeOfResolveNode::optimizeVariableAccess):
-        (KJS::LocalVarTypeOfNode::evaluate):
-        (KJS::TypeOfResolveNode::evaluate):
-        (KJS::TypeOfValueNode::evaluate):
-        (KJS::PreIncResolveNode::optimizeVariableAccess):
-        (KJS::PreIncLocalVarNode::evaluate):
-        (KJS::PreIncResolveNode::evaluate):
-        (KJS::PreDecResolveNode::optimizeVariableAccess):
-        (KJS::PreDecLocalVarNode::evaluate):
-        (KJS::PreDecResolveNode::evaluate):
-        (KJS::PreIncConstNode::evaluate):
-        (KJS::PreDecConstNode::evaluate):
-        (KJS::PostIncConstNode::evaluate):
-        (KJS::PostDecConstNode::evaluate):
-        (KJS::PrefixBracketNode::optimizeVariableAccess):
-        (KJS::PreIncBracketNode::evaluate):
-        (KJS::PreDecBracketNode::evaluate):
-        (KJS::PrefixDotNode::optimizeVariableAccess):
-        (KJS::PreIncDotNode::evaluate):
-        (KJS::PreDecDotNode::evaluate):
-        (KJS::PrefixErrorNode::evaluate):
-        (KJS::UnaryPlusNode::optimizeVariableAccess):
-        (KJS::UnaryPlusNode::evaluate):
-        (KJS::UnaryPlusNode::evaluateToBoolean):
-        (KJS::UnaryPlusNode::evaluateToNumber):
-        (KJS::UnaryPlusNode::evaluateToInt32):
-        (KJS::UnaryPlusNode::evaluateToUInt32):
-        (KJS::NegateNode::optimizeVariableAccess):
-        (KJS::NegateNode::evaluate):
-        (KJS::NegateNode::evaluateToNumber):
-        (KJS::BitwiseNotNode::optimizeVariableAccess):
-        (KJS::BitwiseNotNode::inlineEvaluateToInt32):
-        (KJS::BitwiseNotNode::evaluate):
-        (KJS::BitwiseNotNode::evaluateToNumber):
-        (KJS::BitwiseNotNode::evaluateToBoolean):
-        (KJS::BitwiseNotNode::evaluateToInt32):
-        (KJS::BitwiseNotNode::evaluateToUInt32):
-        (KJS::LogicalNotNode::optimizeVariableAccess):
-        (KJS::LogicalNotNode::evaluate):
-        (KJS::LogicalNotNode::evaluateToBoolean):
-        (KJS::MultNode::optimizeVariableAccess):
-        (KJS::MultNode::inlineEvaluateToNumber):
-        (KJS::MultNode::evaluate):
-        (KJS::MultNode::evaluateToNumber):
-        (KJS::MultNode::evaluateToBoolean):
-        (KJS::MultNode::evaluateToInt32):
-        (KJS::MultNode::evaluateToUInt32):
-        (KJS::DivNode::optimizeVariableAccess):
-        (KJS::DivNode::inlineEvaluateToNumber):
-        (KJS::DivNode::evaluate):
-        (KJS::DivNode::evaluateToNumber):
-        (KJS::DivNode::evaluateToInt32):
-        (KJS::DivNode::evaluateToUInt32):
-        (KJS::ModNode::optimizeVariableAccess):
-        (KJS::ModNode::inlineEvaluateToNumber):
-        (KJS::ModNode::evaluate):
-        (KJS::ModNode::evaluateToNumber):
-        (KJS::ModNode::evaluateToBoolean):
-        (KJS::ModNode::evaluateToInt32):
-        (KJS::ModNode::evaluateToUInt32):
-        (KJS::throwOutOfMemoryErrorToNumber):
-        (KJS::addSlowCase):
-        (KJS::addSlowCaseToNumber):
-        (KJS::add):
-        (KJS::addToNumber):
-        (KJS::AddNode::optimizeVariableAccess):
-        (KJS::AddNode::evaluate):
-        (KJS::AddNode::inlineEvaluateToNumber):
-        (KJS::AddNode::evaluateToNumber):
-        (KJS::AddNode::evaluateToInt32):
-        (KJS::AddNode::evaluateToUInt32):
-        (KJS::AddNumbersNode::inlineEvaluateToNumber):
-        (KJS::AddNumbersNode::evaluate):
-        (KJS::AddNumbersNode::evaluateToNumber):
-        (KJS::AddNumbersNode::evaluateToInt32):
-        (KJS::AddNumbersNode::evaluateToUInt32):
-        (KJS::AddStringsNode::evaluate):
-        (KJS::AddStringLeftNode::evaluate):
-        (KJS::AddStringRightNode::evaluate):
-        (KJS::SubNode::optimizeVariableAccess):
-        (KJS::SubNode::inlineEvaluateToNumber):
-        (KJS::SubNode::evaluate):
-        (KJS::SubNode::evaluateToNumber):
-        (KJS::SubNode::evaluateToInt32):
-        (KJS::SubNode::evaluateToUInt32):
-        (KJS::LeftShiftNode::optimizeVariableAccess):
-        (KJS::LeftShiftNode::inlineEvaluateToInt32):
-        (KJS::LeftShiftNode::evaluate):
-        (KJS::LeftShiftNode::evaluateToNumber):
-        (KJS::LeftShiftNode::evaluateToInt32):
-        (KJS::LeftShiftNode::evaluateToUInt32):
-        (KJS::RightShiftNode::optimizeVariableAccess):
-        (KJS::RightShiftNode::inlineEvaluateToInt32):
-        (KJS::RightShiftNode::evaluate):
-        (KJS::RightShiftNode::evaluateToNumber):
-        (KJS::RightShiftNode::evaluateToInt32):
-        (KJS::RightShiftNode::evaluateToUInt32):
-        (KJS::UnsignedRightShiftNode::optimizeVariableAccess):
-        (KJS::UnsignedRightShiftNode::inlineEvaluateToUInt32):
-        (KJS::UnsignedRightShiftNode::evaluate):
-        (KJS::UnsignedRightShiftNode::evaluateToNumber):
-        (KJS::UnsignedRightShiftNode::evaluateToInt32):
-        (KJS::UnsignedRightShiftNode::evaluateToUInt32):
-        (KJS::lessThan):
-        (KJS::lessThanEq):
-        (KJS::LessNode::optimizeVariableAccess):
-        (KJS::LessNode::inlineEvaluateToBoolean):
-        (KJS::LessNode::evaluate):
-        (KJS::LessNode::evaluateToBoolean):
-        (KJS::LessNumbersNode::inlineEvaluateToBoolean):
-        (KJS::LessNumbersNode::evaluate):
-        (KJS::LessNumbersNode::evaluateToBoolean):
-        (KJS::LessStringsNode::inlineEvaluateToBoolean):
-        (KJS::LessStringsNode::evaluate):
-        (KJS::LessStringsNode::evaluateToBoolean):
-        (KJS::GreaterNode::optimizeVariableAccess):
-        (KJS::GreaterNode::inlineEvaluateToBoolean):
-        (KJS::GreaterNode::evaluate):
-        (KJS::GreaterNode::evaluateToBoolean):
-        (KJS::LessEqNode::optimizeVariableAccess):
-        (KJS::LessEqNode::inlineEvaluateToBoolean):
-        (KJS::LessEqNode::evaluate):
-        (KJS::LessEqNode::evaluateToBoolean):
-        (KJS::GreaterEqNode::optimizeVariableAccess):
-        (KJS::GreaterEqNode::inlineEvaluateToBoolean):
-        (KJS::GreaterEqNode::evaluate):
-        (KJS::GreaterEqNode::evaluateToBoolean):
-        (KJS::InstanceOfNode::optimizeVariableAccess):
-        (KJS::InstanceOfNode::evaluate):
-        (KJS::InstanceOfNode::evaluateToBoolean):
-        (KJS::InNode::optimizeVariableAccess):
-        (KJS::InNode::evaluate):
-        (KJS::InNode::evaluateToBoolean):
-        (KJS::EqualNode::optimizeVariableAccess):
-        (KJS::EqualNode::inlineEvaluateToBoolean):
-        (KJS::EqualNode::evaluate):
-        (KJS::EqualNode::evaluateToBoolean):
-        (KJS::NotEqualNode::optimizeVariableAccess):
-        (KJS::NotEqualNode::inlineEvaluateToBoolean):
-        (KJS::NotEqualNode::evaluate):
-        (KJS::NotEqualNode::evaluateToBoolean):
-        (KJS::StrictEqualNode::optimizeVariableAccess):
-        (KJS::StrictEqualNode::inlineEvaluateToBoolean):
-        (KJS::StrictEqualNode::evaluate):
-        (KJS::StrictEqualNode::evaluateToBoolean):
-        (KJS::NotStrictEqualNode::optimizeVariableAccess):
-        (KJS::NotStrictEqualNode::inlineEvaluateToBoolean):
-        (KJS::NotStrictEqualNode::evaluate):
-        (KJS::NotStrictEqualNode::evaluateToBoolean):
-        (KJS::BitAndNode::optimizeVariableAccess):
-        (KJS::BitAndNode::evaluate):
-        (KJS::BitAndNode::inlineEvaluateToInt32):
-        (KJS::BitAndNode::evaluateToNumber):
-        (KJS::BitAndNode::evaluateToBoolean):
-        (KJS::BitAndNode::evaluateToInt32):
-        (KJS::BitAndNode::evaluateToUInt32):
-        (KJS::BitXOrNode::optimizeVariableAccess):
-        (KJS::BitXOrNode::inlineEvaluateToInt32):
-        (KJS::BitXOrNode::evaluate):
-        (KJS::BitXOrNode::evaluateToNumber):
-        (KJS::BitXOrNode::evaluateToBoolean):
-        (KJS::BitXOrNode::evaluateToInt32):
-        (KJS::BitXOrNode::evaluateToUInt32):
-        (KJS::BitOrNode::optimizeVariableAccess):
-        (KJS::BitOrNode::inlineEvaluateToInt32):
-        (KJS::BitOrNode::evaluate):
-        (KJS::BitOrNode::evaluateToNumber):
-        (KJS::BitOrNode::evaluateToBoolean):
-        (KJS::BitOrNode::evaluateToInt32):
-        (KJS::BitOrNode::evaluateToUInt32):
-        (KJS::LogicalAndNode::optimizeVariableAccess):
-        (KJS::LogicalAndNode::evaluate):
-        (KJS::LogicalAndNode::evaluateToBoolean):
-        (KJS::LogicalOrNode::optimizeVariableAccess):
-        (KJS::LogicalOrNode::evaluate):
-        (KJS::LogicalOrNode::evaluateToBoolean):
-        (KJS::ConditionalNode::optimizeVariableAccess):
-        (KJS::ConditionalNode::evaluate):
-        (KJS::ConditionalNode::evaluateToBoolean):
-        (KJS::ConditionalNode::evaluateToNumber):
-        (KJS::ConditionalNode::evaluateToInt32):
-        (KJS::ConditionalNode::evaluateToUInt32):
-        (KJS::valueForReadModifyAssignment):
-        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
-        (KJS::AssignResolveNode::optimizeVariableAccess):
-        (KJS::ReadModifyLocalVarNode::evaluate):
-        (KJS::AssignLocalVarNode::evaluate):
-        (KJS::ReadModifyConstNode::evaluate):
-        (KJS::AssignConstNode::evaluate):
-        (KJS::ReadModifyResolveNode::evaluate):
-        (KJS::AssignResolveNode::evaluate):
-        (KJS::AssignDotNode::optimizeVariableAccess):
-        (KJS::AssignDotNode::evaluate):
-        (KJS::ReadModifyDotNode::optimizeVariableAccess):
-        (KJS::ReadModifyDotNode::evaluate):
-        (KJS::AssignErrorNode::evaluate):
-        (KJS::AssignBracketNode::optimizeVariableAccess):
-        (KJS::AssignBracketNode::evaluate):
-        (KJS::ReadModifyBracketNode::optimizeVariableAccess):
-        (KJS::ReadModifyBracketNode::evaluate):
-        (KJS::CommaNode::optimizeVariableAccess):
-        (KJS::CommaNode::evaluate):
-        (KJS::ConstDeclNode::optimizeVariableAccess):
-        (KJS::ConstDeclNode::handleSlowCase):
-        (KJS::ConstDeclNode::evaluateSingle):
-        (KJS::ConstDeclNode::evaluate):
-        (KJS::ConstStatementNode::optimizeVariableAccess):
-        (KJS::ConstStatementNode::execute):
-        (KJS::statementListExecute):
-        (KJS::BlockNode::optimizeVariableAccess):
-        (KJS::BlockNode::execute):
-        (KJS::EmptyStatementNode::execute):
-        (KJS::ExprStatementNode::optimizeVariableAccess):
-        (KJS::ExprStatementNode::execute):
-        (KJS::VarStatementNode::optimizeVariableAccess):
-        (KJS::VarStatementNode::execute):
-        (KJS::IfNode::optimizeVariableAccess):
-        (KJS::IfNode::execute):
-        (KJS::IfElseNode::optimizeVariableAccess):
-        (KJS::IfElseNode::execute):
-        (KJS::DoWhileNode::optimizeVariableAccess):
-        (KJS::DoWhileNode::execute):
-        (KJS::WhileNode::optimizeVariableAccess):
-        (KJS::WhileNode::execute):
-        (KJS::ForNode::optimizeVariableAccess):
-        (KJS::ForNode::execute):
-        (KJS::ForInNode::optimizeVariableAccess):
-        (KJS::ForInNode::execute):
-        (KJS::ContinueNode::execute):
-        (KJS::BreakNode::execute):
-        (KJS::ReturnNode::optimizeVariableAccess):
-        (KJS::ReturnNode::execute):
-        (KJS::WithNode::optimizeVariableAccess):
-        (KJS::WithNode::execute):
-        (KJS::CaseClauseNode::optimizeVariableAccess):
-        (KJS::CaseClauseNode::evaluate):
-        (KJS::CaseClauseNode::executeStatements):
-        (KJS::ClauseListNode::optimizeVariableAccess):
-        (KJS::CaseBlockNode::optimizeVariableAccess):
-        (KJS::CaseBlockNode::executeBlock):
-        (KJS::SwitchNode::optimizeVariableAccess):
-        (KJS::SwitchNode::execute):
-        (KJS::LabelNode::optimizeVariableAccess):
-        (KJS::LabelNode::execute):
-        (KJS::ThrowNode::optimizeVariableAccess):
-        (KJS::ThrowNode::execute):
-        (KJS::TryNode::optimizeVariableAccess):
-        (KJS::TryNode::execute):
-        (KJS::ProgramNode::initializeSymbolTable):
-        (KJS::ScopeNode::optimizeVariableAccess):
-        (KJS::ProgramNode::processDeclarations):
-        (KJS::EvalNode::processDeclarations):
-        (KJS::ProgramNode::execute):
-        (KJS::EvalNode::execute):
-        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
-        (KJS::FuncDeclNode::execute):
-        (KJS::FuncExprNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::Node::):
-        (KJS::FalseNode::):
-        (KJS::TrueNode::):
-        (KJS::ArgumentsNode::):
-
-2008-04-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18672: SQUIRRELFISH: codegen fails with a large number of temporaries
-        <https://bugs.webkit.org/show_bug.cgi?id=18672>
-
-        Add a SegmentedVector type, which provides a Vector<T> which maintains
-        existing memory locations during resize.  This allows dynamically sizing
-        local, temporary and label "vectors" in CodeGenerator.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addVar):
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::newTemporary):
-        (KJS::CodeGenerator::newLabel):
-        * VM/CodeGenerator.h:
-        * VM/SegmentedVector.h: Added.
-        (KJS::SegmentedVector::SegmentedVector):
-        (KJS::SegmentedVector::~SegmentedVector):
-        (KJS::SegmentedVector::last):
-        (KJS::SegmentedVector::append):
-        (KJS::SegmentedVector::removeLast):
-        (KJS::SegmentedVector::size):
-        (KJS::SegmentedVector::operator[]):
-        (KJS::SegmentedVector::resize):
-        (KJS::SegmentedVector::shrink):
-        (KJS::SegmentedVector::grow):
-
-2008-04-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        A little refactoring in preparation for supporting 'arguments'.
-        
-        Fixes 2 regression tests.
-
-        SunSpider reports no change.        
-
-        We now check the activation register, instead of the codeBlock, to
-        determine whether we need to tear off the activation. This is to support
-        "f.arguments", which will create an activation/arguments pair for f,
-        even though the needsFullScopeChain flag is false for f's codeBlock.
-        
-        The test fixes resulted from calling initializeCallFrame for re-entrant
-        function code, instead of initializing (not enough) parts of the call
-        frame by hand.
-
-2008-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-        
-        - propagate the "this" value properly to local eval
-        
-        (fixes a measly one regression test)
-
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::CodeBlock):
-        (KJS::ProgramCodeBlock::ProgramCodeBlock):
-        (KJS::EvalCodeBlock::EvalCodeBlock):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Add support for function declarations in eval code.
-
-        (this fixes 12 more regression tests)
-        
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * kjs/nodes.cpp:
-        (KJS::EvalNode::generateCode):
-
-2008-04-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Implement LabelNode.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::pushJumpContext):
-        (KJS::CodeGenerator::jumpContextForContinue):
-        (KJS::CodeGenerator::jumpContextForBreak):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::DoWhileNode::emitCode):
-        (KJS::WhileNode::emitCode):
-        (KJS::ForNode::emitCode):
-        (KJS::ForInNode::emitCode):
-        (KJS::ContinueNode::emitCode):
-        (KJS::BreakNode::emitCode):
-        (KJS::SwitchNode::emitCode):
-        (KJS::LabelNode::emitCode):
-
-2008-04-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed crash when unwinding from exceptions inside eval.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::unwindCallFrame): Don't assume that the top of the
-        current call frame's scope chain is an activation: it can be the global
-        object, instead.
-
-2008-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-
-        * kjs/testkjs.cpp:
-        (main): Convert signals to exit codes, so that crashing tests are
-        detected as regression test failures.
-
-2008-04-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt and Maciej Stachowiak.
-        
-        Renamed "needsActivation" to "needsFullScopeChain" because lying will
-        make hair grow on the backs of your hands.
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed ScopeChainNode lifetime problems:
-        
-        (1) In "with" and "catch" scopes, we would construct a ScopeChain
-        object and then jump across its destructor, leaking the ScopeChainNode
-        we had pushed.
-
-        (2) In global and eval scopes, we would fail to initially ref
-        "scopeChain", causing us to overrelease it later. Now that we ref
-        "scopeChain" properly, we also need to deref it when the script
-        terminates.
-
-        SunSpider reports a .2% regression, but an earlier round of ScopeChain
-        refactoring was a .4% speedup, so there.
-
-2008-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Alexey.
-        
-        - use global object instead of null for "this" on unqualified calls
-        
-        This fixes 10 more JSC test regressions.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - throw proper exceptions for objects that don't implement call or construct
-        
-        This fixes 21 more JSC test regressions. It is also seemingly an
-        0.5% progression.
-
-        * VM/ExceptionHelpers.cpp:
-        (KJS::createNotAnObjectError):
-        (KJS::createNotAConstructorError):
-        (KJS::createNotAFunctionError):
-        * VM/ExceptionHelpers.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Implement emitCode for ConstDeclNode.
-
-        This fixes the crash (assertion) in js1_5/Scope/scope-001.js
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::registerForLocalConstInit):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::AssignResolveNode::emitCode):
-        (KJS::ConstDeclNode::emitCodeSingle):
-        (KJS::ConstDeclNode::emitCode):
-        (KJS::ConstStatementNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-        
-        - add some support for the split window object
-
-        This fixes many layout tests.
-        
-        * VM/Machine.cpp:
-        (KJS::resolveBaseAndFunc): Use toThisObject() to ensure we get the
-        wrapper global, if one exists, as the "this" object.
-        * kjs/function.cpp:
-        (KJS::globalFuncEval): Use toGlobalObject() to handle the wrapper
-        case properly.
-
-2008-04-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - restore ScopeChain::operator= to avoid crash on many layout tests
-        
-        Otherwise, FunctionImp::setScope would cause a reference
-        underflow. I implemented using the copy construct and swap idiom.
-
-        * kjs/scope_chain.h:
-        (KJS::ScopeChain::swap):
-        (KJS::ScopeChain::operator=):
-
-2008-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18649: SQUIRRELFISH: correctly handle exceptions in eval code
-        <https://bugs.webkit.org/show_bug.cgi?id=18649>
-
-        Allocate a callframe for eval() and initialise with a null codeBlock to
-        indicate native code.  This prevents the unwinder from clobbering the
-        register stack.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Removed ScopeChain::push(ScopeChain&) because it was unused. Moved
-        ScopeChain::print to ScopeChainNode.
-        
-        ScopeChain is now nothing more than a resource-handling wrapper around
-        ScopeChainNode.
-
-2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 18671: SquirrelFish: continue inside switch fails
-        <https://bugs.webkit.org/show_bug.cgi?id=18671>
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::jumpContextForLabel):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::ContinueNode::emitCode):
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved push(JSObject*) and pop() from ScopeChain to ScopeChainNode,
-        rearranging scope_chain.h a bit.
-
-        SunSpider reports no change.
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved bottom() from ScopeChain to ScopeChainNode, simplifying it based
-        on the knowledge that the ScopeChain is never empty.
-
-        SunSpider reports no change.
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Moved begin() and end() from ScopeChain to ScopeChainNode. 
-        
-        Also marked a few methods "const".
-
-        SunSpider reports no change.
-        
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Turned ScopeChain::depth into a stand-alone function, and simplified it
-        a bit. 
-        
-        I also moved ScopeChain::depth to Machine.cpp because it doesn't report
-        the true depth of the ScopeChain -- just the Machine's perspective of
-        its depth within a given call frame.
-
-        SunSpider reports no change.
-        
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Removed indirection in ScopeChain::ref / ScopeChain::deref.
-        
-        SunSpider reports no change.
-        
-        * kjs/scope_chain.h:
-        (KJS::ScopeChain::ScopeChain):
-        (KJS::ScopeChain::~ScopeChain):
-        (KJS::ScopeChain::clear):
-
-2008-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Fix debug build
-
-        * kjs/nodes.cpp:
-        (KJS::ConstDeclNode::evaluateSingle):
-
-2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 18664: SQUIRRELFISH: correctly throw a SyntaxError when parsing of eval code fails
-        <https://bugs.webkit.org/show_bug.cgi?id=18664>
-
-        Correctly throw a SyntaxError when parsing of eval code fails.
-
-        * VM/Machine.cpp:
-        (KJS::eval):
-
-2008-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Partial fix for Bug 18649: SQUIRRELFISH: correctly handle exceptions in eval code
-
-        Make sure we correct the register state before jumping to vm_throw.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Simplified ScopeChain ref/deref.
-        
-        SunSpider reports a .4% speedup.
-        
-        * kjs/scope_chain.h:
-        (KJS::ScopeChainNode::ref): Removed this function because it was nonsense.
-        ScopeChainNodes are initialized with a refCount of 1, so the loop was
-        guaranteed to iterate exactly once.
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Removed support for empty ScopeChains.
-
-        SunSpider reports no change.
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Removed some completely unused ScopeChain member functions.
-
-        SunSpider reports no change.
-
-2008-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Avoid creating unnecessary ScopeChain objects, to reduce refcount churn.
-
-        SunSpider reports no change.
-
-2008-04-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Alexey.
-        
-        Add some braces.x
-
-        * kjs/testkjs.cpp:
-        (runWithScripts):
-
-2008-04-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - only print "End:" output when -d flag is passed.
-        
-        This fixes half of our failing JSC regression tests.
-
-        * kjs/testkjs.cpp:
-        (runWithScripts):
-
-2008-04-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Add support for variable declarations in eval code.
-
-        * VM/CodeBlock.h:
-        (KJS::EvalCodeBlock::EvalCodeBlock):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/Machine.h:
-        * kjs/function.cpp:
-        (KJS::globalFuncEval):
-        * kjs/nodes.cpp:
-        (KJS::EvalNode::generateCode):
-        * kjs/nodes.h:
-        (KJS::EvalNode::):
-
-2008-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Throw exceptions for invalid continue, break, and return statements.
-
-        Simple refactoring and extension of Cameron's AssignErrorNode, etc patch
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::pushJumpContext):
-        (KJS::CodeGenerator::popJumpContext):
-        (KJS::CodeGenerator::jumpContextForLabel):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::Node::emitThrowError):
-        (KJS::ContinueNode::emitCode):
-        (KJS::BreakNode::emitCode):
-        (KJS::ReturnNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Removed Machine.cpp from AllInOneFile.cpp, and manually inlined a few
-        things that used to be inlined automatically.
-        
-        1.9% speedup on SunSpider.
-        
-        My hope is that we'll face fewer surprises in Machine.cpp codegen, now
-        that GCC is making fewer decisions. The speedup seems to confirm that.
-
-2008-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18642: Iterator context may get placed into the return register, leading to much badness
-        <https://bugs.webkit.org/show_bug.cgi?id=18642>
-
-        To prevent incorrectly reusing what will become the result register for
-        eval and global code execution, we need to request and ref the destination
-        in advance of codegen.  Unfortunately this may lead to unnecessary copying,
-        although in future we can probably limit this.  Curiously SunSpider shows
-        a progression in a number of tests, although it comes out as a wash overall.
-
-        * kjs/nodes.cpp:
-        (KJS::EvalNode::emitCode):
-        (KJS::ProgramNode::emitCode):
-
-2008-04-20  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Add support for AssignErrorNode, PrefixErrorNode, and PostfixErrorNode.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCreateError):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::PostfixErrorNode::emitCode):
-        (KJS::PrefixErrorNode::emitCode):
-        (KJS::AssignErrorNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff and Mark.
-
-        Provide line number information in exceptions
-
-        Simple patch, adds line number information metadata to CodeBlock
-        and a simple method to get the line number responsible for a given
-        Instruction*.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::lineNumberForVPC):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::emitNode):
-        * VM/Machine.cpp:
-        (KJS::Machine::throwException):
-
-2008-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Provide "sourceURL" in exceptions
-
-        * VM/CodeBlock.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::throwException):
-        * kjs/nodes.cpp:
-        (KJS::EvalNode::generateCode):
-        (KJS::ProgramNode::generateCode):
-
-2008-04-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Don't call emitCode directly on subnodes, instead use CodeGenerator::emitNode
-
-        This patch just a preparation for tracking line numbers.
-
-        * kjs/nodes.cpp:
-        (KJS::ObjectLiteralNode::emitCode):
-        (KJS::PropertyListNode::emitCode):
-        (KJS::ArgumentListNode::emitCode):
-        (KJS::TryNode::emitCode):
-
-2008-04-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18619: Support continue, break, and return in try .. finally blocks
-        <https://bugs.webkit.org/show_bug.cgi?id=18619>
-
-        This patch replaces the current partial finally support (which uses code
-        duplication to achieve what it does) with a subroutine based approach.
-        This has a number of advantages over code duplication:
-          * Reduced code size
-          * Simplified exception handling as the finaliser code only exists in 
-            one place, so no "magic" is needed to get the correct handler for a 
-            finaliser.
-          * When we support instruction to line number mapping we won't need to
-            worry about the dramatic code movement caused by duplication
-
-        On the downside it is necessary to add two new opcodes, op_jsr and op_sret
-        to enter and exit the finaliser subroutines, happily SunSpider reports
-        a performance progression (gcc amazes me) and ubench reports a wash.
-
-        While jsr and sret provide a mechanism that allows us to enter and exit
-        any arbitrary finaliser we need to, it was still necessary to increase
-        the amount of information tracked when entering and exiting both finaliser
-        scopes and dynamic scopes ("with").  This means "scopeDepth" is now
-        the combination of "finaliserDepth" and "dynamicScopeDepth".  We also
-        now use a scopeContextStack to ensure that we pop scopes and execute
-        finalisers in the correct order.  This increases the cost of "with" nodes
-        during codegen, but it should not be significant enough to effect real
-        world performance and greatly simplifies codegen for return, break and
-        continue when interacting with finalisers.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-          Pretty printing of jsr/sret opcodes
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::emitPushScope):
-        (KJS::CodeGenerator::emitPopScope):
-          Dynamic scopes need to be tracked on the scopeContextStack now
-
-        (KJS::CodeGenerator::pushFinallyContext):
-        (KJS::CodeGenerator::popFinallyContext):
-          Handle entry and exit from code regions with finalisers.  This is
-          needed solely to support return, continue and break inside finaliser
-          regions.
-
-        (KJS::CodeGenerator::emitComplexJumpScopes):
-          Helper function for emitJumpScopes to handle the complex codegen
-          needed to handle return, continue and break inside a finaliser region
-
-        (KJS::CodeGenerator::emitJumpScopes):
-          Updated to be aware of finalisers, if a cross-scope jump occurs inside
-          a finaliser we hand off codegen to emitComplexJumpScopes, otherwise
-          we can handle the normal (trivial) case with a single instruction.
-
-        (KJS::CodeGenerator::emitJumpSubroutine):
-        (KJS::CodeGenerator::emitSubroutineReturn):
-          Trivial opcode emitter functions.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::scopeDepth):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-          Implement op_jsr and op_sret.
-
-        * VM/Opcode.h:
-          Ad op_jsr and op_sret
-
-        * kjs/nodes.cpp:
-        (KJS::TryNode::emitCode):
-          Fix codegen for new finaliser model.
-
-2008-04-17  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Remove unnecessary files from testkjs, testapi and minidom targets.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-04-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed ASSERT seen during run-sunspider of a debug build.
-
-        * VM/CodeGenerator.h: Made the default codegen buffers bigger. SunSpider
-        runs all tests in one global environment, so you end up with more than
-        128 locals. This is just a stop-gap until we code up a real
-        solution to arbitrary symbol and label limits.
-
-2008-04-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed a bug in exception unwinding, where we wouldn't deref the scope
-        chain in global scope, so we would leak ScopeChainNodes when exceptions
-        were thrown inside "with" and "catch" scopes.
-        
-        Also did some cleanup of the unwinding code along the way.
-        
-        Scope chain reference counting is still wrong in a few ways. I thought
-        I would fix this portion of it first.
-        
-        run-sunspider shows no change.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::throwException):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-
-2008-04-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Add more exception checking to toNumber conversions
-
-        This corrects op_pre_dec, op_negate, op_mod and op_sub.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-17  Geoffrey Garen  <ggaren@apple.com> and Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-        
-        Behold: eval.
-        
-        Introduced a new opcode: op_call_eval. In the normal case, it performs
-        an eval. In the case where eval has been overridden in some way, it
-        performs a function call.
-
-        * VM/CodeGenerator.h: Added a feature so the code generator knows not
-        to optimized locals in eval code.
-        
-2008-04-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added some ASSERTs to document codegen failures in
-        run-javascriptcore-tests.
-        
-        For all tests, program-level codegen now either succeeds, or fails with
-        an ASSERT.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addVar):
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::newTemporary):
-        (KJS::CodeGenerator::newLabel):
-
-2008-04-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed another case of a dst register being an unreferenced temporary
-        (caused an ASSERT when running the full sunspider suite).
-
-        * kjs/nodes.cpp:
-        (KJS::CaseBlockNode::emitCodeForBlock):
-
-2008-04-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - add documentation (and meaningful parameter names) for arithmetic and bitwise binary ops
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitMul):
-        (KJS::CodeGenerator::emitDiv):
-        (KJS::CodeGenerator::emitMod):
-        (KJS::CodeGenerator::emitSub):
-        (KJS::CodeGenerator::emitLeftShift):
-        (KJS::CodeGenerator::emitRightShift):
-        (KJS::CodeGenerator::emitUnsignedRightShift):
-        (KJS::CodeGenerator::emitBitAnd):
-        (KJS::CodeGenerator::emitBitXOr):
-        (KJS::CodeGenerator::emitBitOr):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::MultNode::emitCode):
-        (KJS::DivNode::emitCode):
-        (KJS::ModNode::emitCode):
-        (KJS::SubNode::emitCode):
-        (KJS::LeftShiftNode::emitCode):
-        (KJS::RightShiftNode::emitCode):
-        (KJS::UnsignedRightShiftNode::emitCode):
-        (KJS::BitAndNode::emitCode):
-        (KJS::BitXOrNode::emitCode):
-        (KJS::BitOrNode::emitCode):
-        (KJS::emitReadModifyAssignment):
-        (KJS::ReadModifyResolveNode::emitCode):
-
-2008-04-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Exception checks for toNumber in op_pre_inc
-
-        This is somewhat more convoluted than the simple hadException checks
-        we currently use.  Instead we use special toNumber conversions that
-        select between the exception and ordinary vPC.  This allows us to 
-        remove any branches in the common case (incrementing a number).
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::toNumber):
-        * ChangeLog:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/JSPropertyNameIterator.cpp:
-        (KJS::JSPropertyNameIterator::toNumber):
-        * VM/JSPropertyNameIterator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/ExecState.h:
-        * kjs/JSNotAnObject.cpp:
-        (KJS::JSNotAnObject::toNumber):
-        * kjs/JSNotAnObject.h:
-        * kjs/internal.cpp:
-        (KJS::StringImp::toNumber):
-        (KJS::NumberImp::toNumber):
-        (KJS::GetterSetterImp::toNumber):
-        * kjs/internal.h:
-        * kjs/object.cpp:
-        (KJS::JSObject::toNumber):
-        * kjs/object.h:
-        * kjs/value.h:
-        (KJS::JSValue::toNumber):
-
-2008-04-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - ensure that activations are kept in a register to protect them from GC
-        
-        Also renamed OptionalCalleeScopeChain constant to OptionalCalleeActivation, since
-        that is what is now kept there, and there is no more need to keep the scope chain in
-        the register file.
-
-        * VM/Machine.cpp:
-        (KJS::initializeCallFrame):
-        (KJS::scopeChainForCall):
-        * VM/Machine.h:
-        (KJS::Machine::):
-
-2008-04-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Made "this" work in program code / global scope.
-        
-        The machine can initialize "this" prior to execution because it knows
-        that, for program code, "this" is always stored in lr1. 
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        * VM/Machine.h:
-        (KJS::Machine::):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-
-2008-04-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed a codegen bug when returning from inside a dynamic scope (a with
-        or catch block): we need to pop any dynamic scope(s) that have been
-        added so op_ret can find the activation object at the top of the scope
-        chain.
-
-        * kjs/nodes.cpp:
-        (KJS::ReturnNode::emitCode): If we're returning from inside a dynamic
-        scope, emit a jmp_scopes to take care of popping any dynamic scope(s)
-        and then branching to the return instruction.
-
-2008-04-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - document the add and get_prop_id opcodes
-        
-        In addition to adding documentation in comments, I changed
-        references to register IDs or indices relating to these opcodes to
-        have meaningful names instead of r0 r1 r2.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitAdd):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/nodes.cpp:
-        (KJS::DotAccessorNode::emitCode):
-        (KJS::FunctionCallDotNode::emitCode):
-        (KJS::PostIncDotNode::emitCode):
-        (KJS::PostDecDotNode::emitCode):
-        (KJS::PreIncDotNode::emitCode):
-        (KJS::PreDecDotNode::emitCode):
-        (KJS::AddNode::emitCode):
-        (KJS::ReadModifyDotNode::emitCode):
-
-2008-04-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt and Maciej Stachowiak.
-        
-        Fixed a codegen bug in with and switch, and added an ASSERT to
-        make sure it doesn't happen again.
-        
-        emitCode() assumes that dst, if non-zero, is either referenced or
-        non-temporary (i.e., it assumes that newTemporary() will return a
-        register not equal to dst). Certain callers to emitCode() weren't
-        guaranteeing that to be so, so temporary register values were being
-        overwritten.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::emitNode): ASSERT that dst is referenced or non-temporary.
-
-        * kjs/nodes.cpp:
-        (KJS::CommaNode::emitCode): Reference the dst we pass.
-
-        (KJS::WithNode::emitCode): No need to pass an explicit dst register.
-        
-        (KJS::CaseBlockNode::emitCodeForBlock): No need to pass an explicit dst register.
-        (KJS::SwitchNode::emitCode): No need to pass an explicit dst register.
-
-        * kjs/nodes.h: Made dst the last parameter to emitCodeForBlock, to match
-        emitCode.
-
-2008-04-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18526: Throw exceptions when resolve fails for op_resolve_base_and_func.
-        <https://bugs.webkit.org/show_bug.cgi?id=18526>
-
-        Very simple fix, sunspider shows a 0.7% progression, ubench shows a 0.4% regression.
-
-        * VM/Machine.cpp:
-        (KJS::resolveBaseAndFunc):
-        (KJS::Machine::privateExecute):
-
-2008-04-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix incorrect result on 3d-raytrace test
-        
-        Oliver found and tracked down this bug, I just typed in the fix.
-
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall): When setting omitted parameters to undefined,
-        account for the space for local variables.
-
-2008-04-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix codegen handling of dst registers
-        
-        1.006x speedup (not sure why).
-        
-        Most emitCode functions take an optional "dst" parameter that says
-        where the output of the instruction should be written. I made some
-        functions for convenient handling of the dst register:
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::tempDestination): Takes the dst register. Returns it if
-        it is not null and is a temporary, otherwise allocates a new temporary. This is
-        intended for cases where an intermediate value might be written into the dst
-
-        (KJS::CodeGenerator::finalDestination): Takes the dst register and an optional
-        register that was used as a temp destination. Picks the right thing for the final
-        output. Intended to be used as the output register for the instruction that generates
-        the final value of a particular node.
-        
-        (KJS::CodeGenerator::moveToDestinationIfNeeded): Takes dst and a
-        RegisterID; moves from the register to dst if dst is defined and
-        different from the register. This is intended for cases where the
-        result of a node is already in a specific register (likely a
-        local), and so no code needs to be generated unless a specific
-        destination has been requested, in which case a move is needed.
-        
-        I also applied these methods throughout emitCode functions. In
-        some cases this was just cleanup, in other cases I fixed actual
-        codegen bugs. Below I have given specific comments for the cases
-        where I believe I fixed a codegen bug, or improved quality of codegen.
-        
-        * kjs/nodes.cpp:
-        (KJS::NullNode::emitCode):
-        (KJS::FalseNode::emitCode):
-        (KJS::TrueNode::emitCode):
-        (KJS::NumberNode::emitCode):
-        (KJS::StringNode::emitCode):
-        (KJS::RegExpNode::emitCode):
-        (KJS::ThisNode::emitCode): Now avoids emitting a mov when dst is
-        the same as the this register (the unlikely case of "this = this");
-        (KJS::ResolveNode::emitCode): Now avoids emitting a mov when dst
-        is the same as the local regiester, in the local var case (the
-        unlikely case of "x = x");
-        (KJS::ArrayNode::emitCode): Fixed a codegen bug where array
-        literal element expressions may have observed an intermediate
-        value of constructing the array.
-        (KJS::ObjectLiteralNode::emitCode): 
-        (KJS::PropertyListNode::emitCode): Fixed a codegen bug where object literal
-        property definition expressions may have obesrved an intermediate value of
-        constructing the object.
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::DotAccessorNode::emitCode):
-        (KJS::NewExprNode::emitCode):
-        (KJS::FunctionCallValueNode::emitCode):
-        (KJS::FunctionCallBracketNode::emitCode):
-        (KJS::FunctionCallDotNode::emitCode):
-        (KJS::PostIncResolveNode::emitCode):
-        (KJS::PostDecResolveNode::emitCode):
-        (KJS::PostIncBracketNode::emitCode):
-        (KJS::PostDecBracketNode::emitCode):
-        (KJS::PostIncDotNode::emitCode):
-        (KJS::PostDecDotNode::emitCode):
-        (KJS::DeleteResolveNode::emitCode):
-        (KJS::DeleteBracketNode::emitCode):
-        (KJS::DeleteDotNode::emitCode):
-        (KJS::DeleteValueNode::emitCode):
-        (KJS::VoidNode::emitCode):
-        (KJS::TypeOfResolveNode::emitCode):
-        (KJS::TypeOfValueNode::emitCode):
-        (KJS::PreIncResolveNode::emitCode): Fixed a codegen bug where the final
-        value would not be output to the dst register in the local var case.
-        (KJS::PreDecResolveNode::emitCode): Fixed a codegen bug where the final
-        value would not be output to the dst register in the local var case.
-        (KJS::PreIncBracketNode::emitCode):
-        (KJS::PreDecBracketNode::emitCode):
-        (KJS::PreIncDotNode::emitCode):
-        (KJS::PreDecDotNode::emitCode):
-        (KJS::UnaryPlusNode::emitCode):
-        (KJS::NegateNode::emitCode):
-        (KJS::BitwiseNotNode::emitCode):
-        (KJS::LogicalNotNode::emitCode):
-        (KJS::MultNode::emitCode):
-        (KJS::DivNode::emitCode):
-        (KJS::ModNode::emitCode):
-        (KJS::AddNode::emitCode):
-        (KJS::SubNode::emitCode):
-        (KJS::LeftShiftNode::emitCode):
-        (KJS::RightShiftNode::emitCode):
-        (KJS::UnsignedRightShiftNode::emitCode):
-        (KJS::LessNode::emitCode):
-        (KJS::GreaterNode::emitCode):
-        (KJS::LessEqNode::emitCode):
-        (KJS::GreaterEqNode::emitCode):
-        (KJS::InstanceOfNode::emitCode):
-        (KJS::InNode::emitCode):
-        (KJS::EqualNode::emitCode):
-        (KJS::NotEqualNode::emitCode):
-        (KJS::StrictEqualNode::emitCode):
-        (KJS::NotStrictEqualNode::emitCode):
-        (KJS::BitAndNode::emitCode):
-        (KJS::BitXOrNode::emitCode):
-        (KJS::BitOrNode::emitCode):
-        (KJS::LogicalAndNode::emitCode):
-        (KJS::LogicalOrNode::emitCode):
-        (KJS::ConditionalNode::emitCode):
-        (KJS::emitReadModifyAssignment): Allow an out argument separate from the operands,
-        needed for fixes below.
-        (KJS::ReadModifyResolveNode::emitCode): Fixed a codegen bug where the right side of
-        the expression may observe an intermediate value.
-        (KJS::AssignResolveNode::emitCode): Fixed a codegen bug where the right side of the
-        expression may observe an intermediate value.
-        (KJS::ReadModifyDotNode::emitCode): Fixed a codegen bug where the right side of the
-        expression may observe an intermediate value.
-        (KJS::ReadModifyBracketNode::emitCode): Fixed a codegen bug where the right side of the
-        expression may observe an intermediate value.
-        (KJS::CommaNode::emitCode): Avoid writing temporary value to dst register.
-        (KJS::ReturnNode::emitCode): Void return should return undefined, not null.
-        (KJS::FuncExprNode::emitCode):
-
-2008-04-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix huge performance regression (from trunk) in string-unpack-code
-        
-        This restores string-unpack-code performance to parity with
-        trunk (2.27x speedup relative to previous SquirrelFish)
-        
-        * VM/Machine.cpp:
-        (KJS::Machine::execute): Shrink register file after call to avoid
-        growing repeatedly.
-
-2008-04-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed dumpCallFrame to match our new convention of passing around a
-        ScopeChainNode* instead of a ScopeChain*.
-
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp:
-        (KJS::Machine::dumpCallFrame):
-        * VM/Machine.h:
-
-2008-04-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18436: Need to throw exception on read/modify/write or similar resolve for nonexistent property
-        <https://bugs.webkit.org/show_bug.cgi?id=18436>
-
-        Add op_resolve_base_and_property for read/modify/write operations,
-        this adds a "superinstruction" to resolve the base and value of a
-        property simultaneously.  Just using resolveBase and resolve results 
-        in an 5% regression in ubench, 30% in loop-empty-resolve (which is 
-        expected).  1.3% progression in sunspider, 2.1% in ubench, with a 
-        21% gain in loop-empty-resolve.  The only outlier is function-missing-args
-        which gets a 3% regression that I could never resolve.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitResolveBaseAndProperty):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::resolveBaseAndProperty):
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::emitCode):
-        (KJS::PostDecResolveNode::emitCode):
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::ReadModifyResolveNode::emitCode):
-
-2008-04-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fixed "SquirrelFish crashes due to bad scope chain on some SunSpider tests"
-        https://bugs.webkit.org/show_bug.cgi?id=18508
-
-        3d-raytrace and string-unpack-code now run.
-        
-        The basic approach is to pass around ScopeChainNode* instead of
-        ScopeChain*, which in addition to not becoming suddenly an invalid
-        pointer also saves an indirection.
-        
-        This is an 0.4% speedup on SunSpider --squirrelfish (1.8% on --ubench)
-        
-        * VM/Machine.cpp:
-        (KJS::resolve):
-        (KJS::resolveBase):
-        (KJS::resolveBaseAndFunc):
-        (KJS::initializeCallFrame):
-        (KJS::scopeChainForCall):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::throwException):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * VM/Register.h:
-        (KJS::Register::):
-        * kjs/nodes.cpp:
-        (KJS::EvalNode::generateCode):
-        (KJS::FunctionBodyNode::generateCode):
-        (KJS::ProgramNode::generateCode):
-        (KJS::ProgramNode::processDeclarations):
-        (KJS::EvalNode::processDeclarations):
-        (KJS::FuncDeclNode::makeFunction):
-        (KJS::FuncExprNode::makeFunction):
-        * kjs/nodes.h:
-        (KJS::ProgramNode::):
-        (KJS::EvalNode::):
-        (KJS::FunctionBodyNode::):
-        * kjs/object.h:
-        * kjs/scope_chain.h:
-        (KJS::ScopeChainNode::ScopeChainNode):
-        (KJS::ScopeChainNode::deref):
-        (KJS::ScopeChainIterator::ScopeChainIterator):
-        (KJS::ScopeChainIterator::operator*):
-        (KJS::ScopeChainIterator::operator->):
-        (KJS::ScopeChain::ScopeChain):
-        (KJS::ScopeChain::node):
-        (KJS::ScopeChain::deref):
-        (KJS::ScopeChain::ref):
-        (KJS::ScopeChainNode::ref):
-        (KJS::ScopeChainNode::release):
-        (KJS::ScopeChainNode::begin):
-        (KJS::ScopeChainNode::end):
-
-2008-04-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed crash when accessing registers in a torn-off activation object.
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::copyRegisters): Update our registerOffset after
-        copying our registers, since our offset should now be relative to
-        our private register array, not the shared register file.
-
-2008-04-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix a codegen flaw that makes some tests run way too fast or way too slow
-        
-        The basic problem was that FunctionCallResolveNode results in
-        codegen which can incorrectly write an intermediate value into the
-        dst register even when that is a local. I added convenience
-        functions to CodeGenerator for getting this right, but for now I
-        only fixed FunctionCallResolve.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::tempDestination):
-        (KJS::CodeGenerator::):
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallResolveNode::emitCode):
-
-2008-04-14  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed and slightly tweaked by Geoffrey Garen.
-
-        Bug 18489: Squirrelfish doesn't build on linux
-        <https://bugs.webkit.org/show_bug.cgi?id=18489>
-
-        * JavaScriptCore.pri: Add VM into include path and its files into
-        source set
-        * VM/JSPropertyNameIterator.cpp: Fix include name
-        * VM/Machine.cpp: Add UNLIKELY macro for GCC
-        * VM/Machine.h: Add missing includes
-        * VM/RegisterFile.cpp: Add missing include
-        * kjs/testkjs.pro: Add VM into include path
-
-2008-04-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Restored OwnPtr in some places where I had removed it previously. We
-        can have an OwnPtr to an undefined class in a header as long as the
-        class's destructor isn't in the header.
-        
-2008-04-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed access to "this" inside dynamic scopes.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::registerForLocal): Always return a register for
-        "this", even if we're not optimizing access to other locals. Because
-        "this" is a keyword, it's always in a register and always accessible.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::shouldOptimizeLocals): Factored out a function
-        for determining whether we should optimize access to locals, since
-        eval will need to make this test a little more complicated.
-
-2008-04-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam.
-        
-        - fix crash when running SunSpider full harness
-        
-        When growing the register file's buffer to make space for new globals,
-        make sure to copy accounting for the fact that the new space is logically
-        at the beginning of the buffer in this case, instead of at the end as when
-        growing for a new call frame.
-
-        * VM/RegisterFile.cpp:
-        (KJS::RegisterFile::newBuffer):
-        (KJS::RegisterFile::growBuffer):
-        (KJS::RegisterFile::addGlobalSlots):
-        * VM/RegisterFile.h:
-
-2008-04-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Mark constant pools for global and eval code (collectively known as
-        "program code"). (Constant pools for function code are already marked by
-        their functions.)
-        
-        The global object is responsible for marking program code constant
-        pools. Code blocks add themselves to the mark set at creation time, and
-        remove themselves from the mark set at destruction time.
-        
-        sunspider --squirrelfish reports a 1% speedup, perhaps because
-        generateCode() is now non-virtual.
-
-        * kjs/nodes.cpp: I had to use manual init and delete in this file
-        because putting an OwnPtr into the header would have created a circular
-        header dependency.
-
-2008-04-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 18231: Improve support for function call nodes in SquirrelFish
-        <https://bugs.webkit.org/show_bug.cgi?id=18231>
-
-        Use correct value of 'this' for function calls.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitResolveBaseAndFunc):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::resolveBaseAndFunc):
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallResolveNode::emitCode):
-
-2008-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        This time for sure.
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-
-2008-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed Interpreter::execute to honor the new model for returning non-NULL
-        values when an exception is thrown.
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-
-2008-04-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Fix SquirrelFish interpreter to pass internal exceptions back to 
-        native code correctly.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-10  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Replace the use of getCallData in op_construct with the new
-        getConstructData function that replaces implementsConstruct.
-
-        * API/JSCallbackConstructor.cpp:
-        (KJS::JSCallbackConstructor::getConstructData):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::getConstructData):
-        (KJS::::construct):
-        * API/JSObjectRef.cpp:
-        (JSObjectIsConstructor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/CallData.h:
-        * kjs/ConstructData.h: Copied from JavaScriptCore/kjs/CallData.h.
-        * kjs/array_object.cpp:
-        (KJS::ArrayObjectImp::getConstructData):
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        (KJS::BooleanObjectImp::getConstructData):
-        * kjs/bool_object.h:
-        * kjs/date_object.cpp:
-        (KJS::DateObjectImp::getConstructData):
-        * kjs/date_object.h:
-        * kjs/error_object.cpp:
-        (KJS::ErrorObjectImp::getConstructData):
-        (KJS::NativeErrorImp::getConstructData):
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::getCallData):
-        (KJS::FunctionImp::getConstructData):
-        (KJS::FunctionImp::construct):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::getConstructData):
-        * kjs/function_object.h:
-        * kjs/nodes.cpp:
-        (KJS::NewExprNode::inlineEvaluate):
-        * kjs/number_object.cpp:
-        (KJS::NumberObjectImp::getConstructData):
-        * kjs/number_object.h:
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (KJS::ObjectObjectImp::getConstructData):
-        * kjs/object_object.h:
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpObjectImp::getConstructData):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (KJS::StringObjectImp::getConstructData):
-        * kjs/string_object.h:
-        * kjs/value.cpp:
-        (KJS::JSCell::getConstructData):
-        * kjs/value.h:
-        (KJS::JSValue::getConstructData):
-
-2008-04-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18420: SquirrelFish: need to throw Reference and Type errors 
-        when attempting invalid operations on JSValues
-
-        Add validation and exception checks to SquirrelFish so that the
-        correct exceptions are thrown for undefined variables, type errors
-        and toObject failure.  Also handle exceptions thrown by native
-        function calls.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/ExceptionHelpers.cpp: Added.
-        (KJS::substitute):
-        (KJS::createError):
-        (KJS::createUndefinedVariableError):
-        * VM/ExceptionHelpers.h: Added.
-          Helper functions
-        * VM/Machine.cpp:
-        (KJS::resolve):
-           Modified to signal failure
-        (KJS::isNotObject):
-           Wrapper for JSValue::isObject and exception creation (these need
-           to be merged, lest GCC go off the deep end)
-        (KJS::Machine::privateExecute):
-           Adding the many exception and validity checks.
-
-        * kjs/JSNotAnObject.cpp: Added.
-          Stub object used to reduce the need for multiple exception checks
-          when toObject fails.
-        (KJS::JSNotAnObject::toPrimitive):
-        (KJS::JSNotAnObject::getPrimitiveNumber):
-        (KJS::JSNotAnObject::toBoolean):
-        (KJS::JSNotAnObject::toNumber):
-        (KJS::JSNotAnObject::toString):
-        (KJS::JSNotAnObject::toObject):
-        (KJS::JSNotAnObject::mark):
-        (KJS::JSNotAnObject::getOwnPropertySlot):
-        (KJS::JSNotAnObject::put):
-        (KJS::JSNotAnObject::deleteProperty):
-        (KJS::JSNotAnObject::defaultValue):
-        (KJS::JSNotAnObject::construct):
-        (KJS::JSNotAnObject::callAsFunction):
-        (KJS::JSNotAnObject::getPropertyNames):
-        * kjs/JSNotAnObject.h: Added.
-        (KJS::JSNotAnObject::JSNotAnObject):
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::toObject):
-          modified to create an JSNotAnObject rather than throwing an exception
-          directly.
-
-2008-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Pass a function body node its function's scope chain, rather than the
-        current execution context's scope chain, when compiling it.
-        
-        This doesn't matter yet, but it will once we start using the scope
-        chain during compilation.
-
-        sunspider --squirrelfish notes a tiny speedup.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fix two bugs when throwing exceptions from re-entrant JS calls:
-        
-        (1) Don't shrink the register file to 0, since our caller may still
-        be using it.
-        
-        (2) In case of exception, return jsNull() instead of 0 because,
-        surprisingly, some JavaScriptCore clients rely on a function's return
-        value being safe to operate on even if the function threw an exception.
-        
-        Also:
-        
-        - Changed FunctionImp::callAsFunction to honor the new semantics of
-        exceptions not returning 0.
-        
-        - Renamed "handlerPC" to "handlerVPC" to match other uses of "VPC".
-        
-        - Renamed "exceptionData" to "exceptionValue", because "data" seemed to
-        imply something more than just a JSValue.
-        
-        - Merged prepareException into throwException, since throwException was
-        its only caller, and it seemed weird that throwException didn't take
-        an exception as an argument.
-
-        sunspider --squirrelfish does not seem to complain on my machine, but it
-        complains a little (.6%) on Oliver's.
-
-2008-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed op_construct for CallTypeNative to reacquire "r" before setting
-        its return value, since registerBase can theoretically change during the
-        execution of arbitrary code. (Not sure if any native constructors
-        actually make this possible.)
-
-        sunspider --squirrelfish does not seem to complain.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt and Sam Weinig.
-        
-        Re-entrant execution of function code (global code -> built-in function
-        -> JS function):
-        
-        Miraculously, sunspider --squirrelfish does not seem to complain.
-
-        A re-entrant function call is the same as a normal function call with
-        one exception: the re-entrant call leaves everything except for
-        CallerCodeBlock in the call frame header uninitialized, since the call
-        doesn't need to return to JS code. (It sets CallerCodeBlock to 0, to
-        indicate that the call shouldn't return to JS code.)
-        
-        Also fixed a few issues along the way:
-        
-        - Fixed two bugs in the read-write List implementation that caused
-        m_size and m_buffer to go stale.
-        
-        - Changed native call code to update "r" *before* setting the return
-        value, since the call may in turn call JS code, which changes the value
-        of "r".
-        
-        - Migrated initialization of "r" outside of Machine::privateExecute,
-        because global code and function code initialize "r" differently.
-        
-        - Migrated a codegen warning from Machine::privateExecute to the wiki.
-        
-        - Removed unnecessary "r" parameter from slideRegisterWindowForCall
-
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall):
-        (KJS::scopeChainForCall):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        * kjs/list.cpp:
-        (KJS::List::getSlice):
-        * kjs/list.h:
-        (KJS::List::clear):
-
-2008-04-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix problem with code generation for return with no argument
-        
-        3d-cube now runs
-
-        * kjs/nodes.cpp:
-        (KJS::ReturnNode::emitCode):
-
-2008-04-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - Implement support for JS constructors
-        
-        access-binary-trees and access-nbody now run.
-        
-        Inexplicably a 1% speedup.
-
-        * VM/Machine.cpp:
-        (KJS::initializeCallFrame):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        (KJS::Machine::):
-
-2008-04-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-
-        - More code cleanup in preparation for JS constructors
-
-        Factor the remaining interesting parts of JS function calls into
-        slideRegisterWindowForCall and scopeChainForCall.
-        
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall):
-        (KJS::scopeChainForCall):
-        (KJS::Machine::privateExecute):
-
-2008-04-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - Code cleanup in preparation for JS constructors
-
-        - Renamed returnInfo to callFrame. 
-        - Made an enum which defines what goes where in the call frame.
-        - Factored out initializeCallFrame function from op_call
-        
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCall):
-        (KJS::CodeGenerator::emitConstruct):
-        * VM/Machine.cpp:
-        (KJS::Machine::dumpRegisters):
-        (KJS::initializeCallFrame):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        (KJS::Machine::):
-
-2008-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed two bugs in register allocation for function calls:
-        
-        (1) op_call used to allocate codeBlock->numVars too many registers for
-        each call frame, due to duplicated math. Fixing this revealed...
-        
-        (2) By unconditionally calling resize(), op_call used to truncate the
-        register file when calling a function whose registers fit wholly within
-        the register file already allocated by its caller.
-        
-        sunspider --squirrelfish reports no regression.
-        
-        I also threw in a little extra formatting to dumpCallFrame, because it
-        helped me debug these issues.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::dumpRegisters):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::shrink):
-        (KJS::RegisterFile::grow):
-        * VM/RegisterFileStack.cpp:
-        (KJS::RegisterFileStack::popRegisterFile):
-
-2008-04-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Next step toward re-entrant execution of function code (global code ->
-        built-in function -> JS function):
-        
-        Made op_ret return from Machine::privateExecute if its calling codeBlock
-        is NULL.
-        
-        I'm checking this in by itself to demonstrate that a more clever
-        mechanism is not necessary for performance.
-        
-        sunspider --squirrelfish reports no regression.
-
-        * ChangeLog:
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-
-2008-04-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Next step toward re-entrant execution of function code (global code ->
-        built-in function -> JS function):
-        
-        Made Machine::execute return a value.
-        
-        Sketched out some code for Machine::execute for functions -- still
-        doesn't work yet, though.
-
-        sunspider --squirrelfish reports no regression.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-        * kjs/testkjs.cpp:
-        (runWithScripts):
-
-2008-04-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        First step toward re-entrant execution of function code (global code ->
-        built-in function -> JS function):
-        
-        Tiny bit of refactoring in the Machine class.
-
-        sunspider --squirrelfish reports no regression.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::dumpRegisters):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        (KJS::Machine::isGlobalCallFrame):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-
-2008-04-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Support for re-entrant execution of global code (global code -> built-in
-        function -> global code).
-        
-        Keep a stack of register files instead of just one. Globals propogate
-        between register files as the register files enter and exit the stack.
-        
-        An activation still uses its own register file's base as its
-        registerBase, but the global object uses the register file *stack*'s
-        registerBase, which updates dynamically to match the register file at
-        the top of the stack.
-        
-        sunspider --squirrelfish reports no regression.
-
-2008-04-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - initial preparatory work for JS constructors
-        
-        1) Allocate registers for the returnInfo block and "this" value when generating code for
-        op_construct. These are not used yet, but the JS branch of op_construct will use them.
-        
-        2) Adjust argc and argv appropriately for native constructor calls.
-        
-        3) Assign return value in a more straightforward way in op_ret since this is actually
-        a bit faster (and makes up for the allocation of extra registers above).
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitConstruct):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed crashing SunSpider tests.
-        
-        Let's just pretend this never happened, bokay?
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator):
-        * VM/CodeGenerator.h:
-        * VM/RegisterFile.cpp:
-        (KJS::RegisterFile::addGlobals):
-
-2008-04-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Restored dumping of generated code as a command-line switch:
-        run-testkjs -d will do it.
-
-2008-04-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Next step toward supporting re-entrant evaluation: Moved register file
-        maintenance code into a proper "RegisterFile" class.
-        
-        There's a subtle change to the register file's internal layout: for
-        global code / the global object, registerOffset is always 0 now. In
-        other words, all register counting starts at 0, not 0 + (number of
-        global variables). The helps simplify accounting when the number of
-        global variables changes.
-
-2008-04-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18338: Support exceptions in SquirrelFish <http://bugs.webkit.org/show_bug.cgi?id=18338>
-        
-        Initial support for exceptions in SquirrelFish, only supports finalisers in the
-        simple cases (eg. exceptions and non-goto/return across finaliser boundaries).
-        This doesn't add the required exception checks to existing code, it merely adds
-        support for throw, catch, and the required stack unwinding.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        (KJS::CodeBlock::getHandlerForVPC):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCatch):
-        (KJS::CodeGenerator::emitThrow):
-        * VM/CodeGenerator.h:
-        * VM/JSPropertyNameIterator.cpp:
-        (KJS::JSPropertyNameIterator::create):
-        * VM/Machine.cpp:
-        (KJS::prepareException):
-        (KJS::Machine::unwindCallFrame):
-        (KJS::Machine::throwException):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::ThrowNode::emitCode):
-        (KJS::TryNode::emitCode):
-        * kjs/nodes.h:
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::depth):
-        * kjs/scope_chain.h:
-
-2008-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        First step toward supporting re-entrant evaluation: Switch register
-        clients from using "registers", a pointer to a register vector, to
-        "registerBase", an indirect pointer to the logical first entry in the
-        register file. (The logical first entry is the first entry that is not
-        a global variable).
-        
-        With a vector, offsets into the register file remain good when the
-        underlying buffer reallocates, but they go bad when the logical
-        first entry moves. (The logical first entry moves when new global
-        variables get added to the beginning of the register file.) With an
-        indirect pointer to the logical first entry, offsets will remain good
-        regardless.
-
-        1.4% speedup on sunspider --squirrelfish. I suspect this is due to
-        reduced allocation when creating closures, and reduced indirection
-        through the register vector.
-
-        * wtf/Vector.h: Added an accessor for an indirect pointer to the vector's
-        buffer, which we currently use (incorrectly) for registerBase. This is
-        temporary scaffolding to allow us to change client code without
-        changing behavior.
-
-2008-04-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Implement codegen for ReadModifyDotNode.
-
-        * kjs/nodes.cpp:
-        (KJS::ReadModifyDotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix codegen for PostIncDotNode and implement codegen for PostIncBracketNode,
-        PostDecBracketNode and PostDecDotNode.
-
-        * kjs/nodes.cpp:
-        (KJS::PostIncBracketNode::emitCode):
-        (KJS::PostDecBracketNode::emitCode):
-        (KJS::PostIncDotNode::emitCode):
-        (KJS::PostDecDotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement codegen for PreDecResolveNode, PreIncBracketNode, PreDecBracketNode,
-        PreIncDotNode and PreDecDotNode.  This required adding one new op code, op_pre_dec.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitPreDec):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::PreDecResolveNode::emitCode):
-        (KJS::PreIncBracketNode::emitCode):
-        (KJS::PreDecBracketNode::emitCode):
-        (KJS::PreIncDotNode::emitCode):
-        (KJS::PreDecDotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Improved register dumping, plus a liberal smattering of "const". Here's
-        what the new format looks like:
-
-        (gdb) call (void)dumpCallFrame(codeBlock, scopeChain, registers->begin(), r)
-        4 instructions; 48 bytes at 0x509210; 3 locals (2 parameters); 1 temporaries
-
-        [   0] load             lr1, undefined(@k0)
-        [   3] load             lr1, 2(@k1)
-        [   6] add              tr0, lr2, lr1
-        [  10] ret              tr0
-
-        Constants:
-          k0 = undefined
-          k1 = 2
-
-        Register frame: 
-
-        ----------------------------------------
-             use      |   address  |    value   
-        ----------------------------------------
-        [return info] |   0x80ac08 |   0x5081c0 
-        [return info] |   0x80ac0c |   0x508e90 
-        [return info] |   0x80ac10 |   0x504acc 
-        [return info] |   0x80ac14 |        0x2 
-        [return info] |   0x80ac18 |        0x0 
-        [return info] |   0x80ac1c |        0x7 
-        [return info] |   0x80ac20 |        0x0 
-        ----------------------------------------
-        [param]       |   0x80ac24 |        0x1 
-        [param]       |   0x80ac28 |        0x7 
-        [var]         |   0x80ac2c |        0xb 
-        [temp]        |   0x80ac30 |        0xf 
-
-2008-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Support for evaluating multiple scripts in the same global environment.
-        (Still don't support re-entrant evaluation yet.)
-
-        The main changes here are:
-
-        (1) Obey the ECMA 10.1.3 rules regarding how to resolve collisions when
-        a given symbol is declared more than once. (This patch fixes the same
-        issue for function code, too.)
-        
-        (2) In the case of var and/or function collisions, reuse the existing
-        storage slot. For global code, this is required for previously
-        generated instructions to continue to work. For function code, it's
-        more of a "nice to have": it makes register layout in the case of
-        collisions easier to understand, and has the added benefit of saving
-        memory.
-        
-        (3) Allocate slots in the CodeGenerator's m_locals vector in parallel
-        to register indexes in the symbol table. This ensures that, given an
-        index in the symbol table, we can find the corresponding RegisterID
-        without hashing, which speeds up codegen. 
-        
-        I moved responsibility for emitting var and function initialization
-        instructions into the CodeGenerator, because bookkeeping in cases where
-        var, function, and/or parameter names collide requires a lot of
-        internal knowledge about the CodeGenerator.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addVar): Removed responsibility for checking whether
-        a var declaration overwrites "arguments", because the check is
-        inappropriate for global code, which may not have a pre-existing
-        "arguments" symbol in scope. Also changed this function to return a
-        boolean indicating whether addVar actually created a new RegisterID,
-        or just reused an old one.
-        
-        (KJS::CodeGenerator::CodeGenerator): Split out the constructors for
-        function code and global code, since they're quite different now.
-        
-        (KJS::CodeGenerator::registerForLocal): This function does its job
-        without any hashing now.
-        
-        * VM/Machine.cpp: Move old globals and update "r" before executing a
-        new script. That way, old globals stay at a constant offset from "r",
-        and previously optimized code still works.
-        
-        * VM/RegisterID.h: Added the ability to allocate a RegisterID before
-        initializing its index field. We use this for parameters now.
-
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableGet): Changed the ungettable getter
-        ASSERT to account for the fact that symbol indexes are all negative.
-
-2008-04-05  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement codegen for InNode.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitIn):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::InNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-05  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        - Implement codegen for DeleteResolveNode, DeleteBracketNode, DeleteDotNode and DeleteValueNode.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitGetPropId):
-        (KJS::CodeGenerator::emitPutPropId):
-        (KJS::CodeGenerator::emitDeletePropId):
-        (KJS::CodeGenerator::emitDeletePropVal):
-        (KJS::CodeGenerator::emitPutPropIndex):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::DeleteResolveNode::emitCode):
-        (KJS::DeleteBracketNode::emitCode):
-        (KJS::DeleteDotNode::emitCode):
-        (KJS::DeleteValueNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        - Implement codegen for Switch statements.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::pushJumpContext):
-        (KJS::CodeGenerator::popJumpContext):
-        (KJS::CodeGenerator::jumpContextForLabel):
-        * VM/CodeGenerator.h:
-        Rename LoopContext to JumpContext now that it used of Switch statements in addition
-        to loops.
-
-        * kjs/nodes.cpp:
-        (KJS::DoWhileNode::emitCode):
-        (KJS::WhileNode::emitCode):
-        (KJS::ForNode::emitCode):
-        (KJS::ForInNode::emitCode):
-        (KJS::ContinueNode::emitCode):
-        (KJS::BreakNode::emitCode):
-        (KJS::CaseBlockNode::emitCodeForBlock):
-        (KJS::SwitchNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::CaseClauseNode::expr):
-        (KJS::CaseClauseNode::children):
-        (KJS::CaseBlockNode::):
-
-2008-04-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-        
-        - fix crash in codegen from new nodes
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitConstruct):
-        * kjs/nodes.h:
-
-2008-04-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-
-        * kjs/nodes.cpp:
-        (KJS::ReadModifyResolveNode::emitCode):
-        (KJS::ReadModifyBracketNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - take a shot at marking constant pools for global and eval code
-        
-        Geoff says this won't really work in all cases but is an ok stopgap.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::mark):
-
-2008-04-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - fix 2x perf regression in 3d-morph
-        
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): If we subbed in null for the global object,
-        don't toObject it, since that will throw an exception (very slowly).
-
-2008-04-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Geoff
-        
-        - fix Release build
-
-        * kjs/nodes.cpp:
-        (KJS::getNonLocalSymbol):
-
-2008-04-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Removed the last vestiges of LocalStorage from JSVariableObject and
-        JSGlobalObject.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::saveLocalStorage): Save and restore from/to
-        registers. Use stub isReadOnly and isDontEnum methods for now, until
-        we really implement attributes in the symbol table.
-        (KJS::JSGlobalObject::restoreLocalStorage):
-        (KJS::JSGlobalObject::reset):
-
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::getPropertyNames): Use stub isDontEnum method
-        for now, as above.
-        (KJS::JSVariableObject::getPropertyAttributes): ditto
-
-        * kjs/JSVariableObject.h: Removed LocalStorage from JSVariableObjectData.
-        Removed mark method, because subclasses implement different strategies for
-        marking registers.
-        (KJS::JSVariableObject::isReadOnly): Stub method
-        (KJS::JSVariableObject::isDontEnum): ditto
-
-        Changed the code below to ASSERT_NOT_REACHED() and return 0, since it
-        can no longer retrieve LocalStorage from the ExecState. (Eventually,
-        we'll just remove this code and all its friends, but that's a task for
-        later.)
-        
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/function.cpp:
-        (KJS::ActivationImp::markChildren):
-        * kjs/function.h:
-        * kjs/nodes.cpp:
-        (KJS::getNonLocalSymbol):
-        (KJS::ScopeNode::optimizeVariableAccess):
-        (KJS::ProgramNode::processDeclarations):
-
-2008-04-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Got globals?
-        
-        To get things working, I had to roll out
-        http://trac.webkit.org/projects/webkit/changeset/31226 for the time
-        being.
-
-        * VM/CodeBlock.h: Removed obsolete function.
-        
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): For the sake of re-entrancy, we track
-        and restore the global object's old rOffset value. (No way to test this
-        yet, but I think it will work.)
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - mark the constant pool (at least for function code blocks)
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::mark):
-        * VM/CodeBlock.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::mark):
-        * kjs/nodes.cpp:
-        (KJS::ScopeNode::mark):
-        * kjs/nodes.h:
-        (KJS::FuncExprNode::body):
-        (KJS::FuncDeclNode::body):
-
-2008-04-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Cleaned up a few loose ends.
-
-        * JavaScriptCore.exp: Export dumpRegisters, so it's visible to gdb even
-        if we don't explicitly call it in the source text.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): No need to call dumpRegisters anymore,
-        since that was just a hack for gdb's sake.
-
-        * kjs/JSActivation.h: Removed obsolete comment.
-
-        * VM/CodeGenerator.cpp: Added ASSERTs to verify that the localCount
-        we're given matches the number of locals actually allocated.
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::CodeGenerator): Changed "localCount" to include
-        the parameter count, since we're using the word "local" to mean
-        parameter, var, function, or "this". Renamed "m_nextLocal" to
-        "m_nextVar", since "m_nextLocal" doesn't contrast well with
-        "m_nextParameter".
-        
-        Also moved tracking of implicit "this" parameter from here...
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::generateCode): ... to here
-        (KJS::ProgramNode::generateCode): ... and here
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump): Added missing "\n".
-
-2008-04-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Bug 18274: ResolveNode::emitCode() doesn't make a new temporary when dst
-                   is 0, leading to incorrect codegen
-        <http://bugs.webkit.org/show_bug.cgi?id=18274>
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallBracketNode::emitCode):
-        (KJS::FunctionCallDotNode::emitCode):
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - fix bug in for..in codegen (gotta use ident, not m_ident)
-
-        * kjs/nodes.cpp:
-        (KJS::ForInNode::emitCode):
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - Add suport for regexp literals
-
-        * VM/CodeBlock.cpp:
-        (KJS::regexpToSourceString):
-        (KJS::regexpName):
-        (KJS::CodeBlock::dump):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addRegExp):
-        (KJS::CodeGenerator::emitNewRegExp):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::RegExpNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff
-
-        Add support for for..in nodes
-        
-        Added two new opcodes to get_pnames and next_pname to handle iterating
-        over the set of properties on an object.  This iterator is explicitly
-        invalidated and the property name array is released on standard exit
-        from the loop, otherwise we rely on GC to do the clean up for us.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitNextPropertyName):
-        (KJS::CodeGenerator::emitGetPropertyNames):
-        * VM/CodeGenerator.h:
-        * VM/JSPropertyNameIterator.cpp: Added.
-        (KJS::JSPropertyNameIterator::JSPropertyNameIterator):
-        (KJS::JSPropertyNameIterator::type):
-        (KJS::JSPropertyNameIterator::toPrimitive):
-        (KJS::JSPropertyNameIterator::getPrimitiveNumber):
-        (KJS::JSPropertyNameIterator::toBoolean):
-        (KJS::JSPropertyNameIterator::toNumber):
-        (KJS::JSPropertyNameIterator::toString):
-        (KJS::JSPropertyNameIterator::toObject):
-        (KJS::JSPropertyNameIterator::mark):
-        (KJS::JSPropertyNameIterator::next):
-        (KJS::JSPropertyNameIterator::invalidate):
-        (KJS::JSPropertyNameIterator::~JSPropertyNameIterator):
-        (KJS::JSPropertyNameIterator::create):
-        * VM/JSPropertyNameIterator.h: Added.
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * VM/Register.h:
-        (KJS::Register::):
-        * kjs/PropertyNameArray.h:
-        * kjs/nodes.cpp:
-        (KJS::ForInNode::emitCode):
-        * kjs/nodes.h:
-        * kjs/value.h:
-
-2008-04-01  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Change CodeGenerator::emitCall() so it increments the reference count of
-        registers passed to it, and change its callers so they don't needlessly
-        increment the reference count of the registers they are passing.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCall):
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallResolveNode::emitCode):
-        (KJS::FunctionCallDotNode::emitCode):
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - generate call for PostIncDotNode
-
-        * kjs/nodes.cpp:
-        (KJS::PostIncDotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Build fix.
-        
-        - fix build (not sure how this ever worked?)
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallBracketNode::emitCode):
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - generate code for FunctionCallBracketNode
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallBracketNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff.
-        
-        - Fix two crashing SunSpider tests
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): set up 'this' properly for native calls.
-        * kjs/list.h:
-        (KJS::List::List): Fix intialization of buffer and size from
-        vector, the initialization order was wrong.
-
-2008-04-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: marked ASSERT-only variables as UNUSED_PARAMs.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableInitializeVariable):
-
-2008-04-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Next step toward global code: Moved get, put, and initializeVariable
-        functionality up into JSVariableObject, and changed JSActivation to
-        rely on it. 
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::JSActivation):
-        (KJS::JSActivation::getOwnPropertySlot):
-        (KJS::JSActivation::put):
-        (KJS::JSActivation::initializeVariable):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::valueAt):
-        (KJS::JSVariableObject::isReadOnly):
-        (KJS::JSVariableObject::symbolTableGet):
-        (KJS::JSVariableObject::symbolTablePut):
-        (KJS::JSVariableObject::symbolTableInitializeVariable):
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-        
-        - fix HashTable assertion on some SunSpider tests
-        
-        Don't use -1 as the deleted value for JSValue*-keyed hashtables,
-        since it is a valid value (it's the immediate for -1).
-
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::JSValueHashTraits::emptyValue):
-        (KJS::CodeGenerator::JSValueHashTraits::deletedValue):
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::impossibleValue):
-
-2008-04-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add support for calling Native constructors like new Array(). 
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitConstruct):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::NewExprNode::emitCode):
-        * kjs/nodes.h:
-
-2008-04-01  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-        
-        - add some missing toOpbject calls to avoid crashing when calling methods on primitives
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-04-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Changed Machine::dumpRegisters to take a pointer instead of a reference,
-        so gdb understands how to call it.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::dumpRegisters):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-
-2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Fix CodeGenerator::addConstant() so it uses the functionExpressions
-        counter for function expressions, not the functions counter.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addConstant):
-
-2008-03-31  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add emitCode support for TypeOfResolveNode and TypeOfValueNode.
-        Added new opcode op_type_of to handle them.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitNot):
-        (KJS::CodeGenerator::emitInstanceOf):
-        (KJS::CodeGenerator::emitTypeOf):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::jsTypeStringForValue):
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::TypeOfResolveNode::emitCode):
-        (KJS::TypeOfValueNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-31  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix non-computed goto version of isOpcode. op_end is a valid opcode.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::isOpcode):
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Added op_post_dec.
-
-2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoffrey Garen.
-
-        Add support for FunctionCallDotNode.
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallDotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Next step toward global code: Removed more obsolete API, moved
-        saveLocalStorage and restoreLocalStorage to JSGlobalObject subclass,
-        since it's only intended for use there.
-        
-        * ChangeLog:
-        * JavaScriptCore.exp:
-        * kjs/Activation.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::saveLocalStorage):
-        (KJS::JSGlobalObject::restoreLocalStorage):
-        * kjs/JSGlobalObject.h:
-        * kjs/JSVariableObject.cpp:
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
-        * kjs/function.cpp:
-        (KJS::ActivationImp::ActivationImp):
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Next step toward global code: subclass JSActivation + JSActivationData
-        from JSVariableObject + JSVariableObjectData.
-        
-        JSActivation now relies on JSVariableObject for access to registers and
-        symbol table, and for some delete functionality, but not for anything
-        else yet.
-
-        (KJS::JSActivation::mark): Cleaned up the style here a little bit.
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Next step toward global code: store "rOffset" in JSVariableObjectData.
-
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Next steps toward global code:
-        
-        * Moved access to the register file into JSVariableObject.
-        
-        * Added more ASSERTs to indicate obsolete APIs there are just hanging
-        around to stave off build failures.
-
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::registers):
-        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
-        (KJS::JSVariableObject::JSVariableObject):
-
-2008-03-31  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver. Tweaked somewhat by Maciej.
-        
-        - implement codegen for ReadModifyResolveNode
-
-        * kjs/nodes.cpp:
-        (KJS::emitReadModifyAssignment):
-        (KJS::ReadModifyResolveNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoff.
-
-        Fix the build -- r31492 removed activation tear-off, but r31493 used it.
-
-        * kjs/nodes.cpp:
-        (KJS::FuncExprNode::makeFunction):
-
-2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Add support for FuncExprNode to SquirrelFish.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::addConstant):
-        (KJS::CodeGenerator::emitNewFunctionExpression):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::FuncExprNode::emitCode):
-        (KJS::FuncExprNode::makeFunction):
-        * kjs/nodes.h:
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        First step toward global code: removed some obsolete JSGlobalObject
-        APIs, changing clients to ASSERT_NOT_REACHED.
-        
-        Activation tear-off and scope chain pushing is obsolete because we
-        statically detect whether an activation + scope node is required.
-        
-        The variableObject() and activationObject() accessors are obsolete
-        because they haven't been maintained, and they're mostly used by
-        node evaluation code, anyway.
-        
-        The localStorage() accessor is obsolete because everything is in
-        registers now, and it's mostly used by node evaluation code, anyway.
-
-2008-03-31  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - implement codegen for bracket accessor and bracket assign
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitGetPropVal):
-        (KJS::CodeGenerator::emitPutPropVal):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::BracketAccessorNode::emitCode):
-        (KJS::AssignBracketNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Removed FIXME that I just fixed.
-        
-        Added ASSERT to cover an error previously only covered by a FIXME.
-
-        * kjs/JSActivation.cpp:
-        (KJS::JSActivation::getOwnPropertySlot):
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Fixed indentation inside op_call. (I had left this code badly indented
-        to make the behavior-changing diff clearer.)
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed up logging of jump instructions to follow the following style:
-        
-        jump    offset(->absoluteTarget)
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-
-2008-03-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Changed the SymbolTable API to use int instead of size_t. It has been
-        using int internally for a while now (since squirrelfish symbols can
-        have negative indices).
-
-2008-03-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Add support for FunctionCallValueNode.
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallValueNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-31  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        1) Implemented array literals
-        
-        2) Renamed op_object_get and op_object_put to op_get_prop_id and
-        op_put_prop_id in preparation for new variants.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitNewArray):
-        (KJS::CodeGenerator::emitGetPropId):
-        (KJS::CodeGenerator::emitPutPropId):
-        (KJS::CodeGenerator::emitPutPropIndex):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::CodeGenerator):
-        (KJS::CodeGenerator::propertyNames):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::ArrayNode::emitCode):
-        (KJS::PropertyListNode::emitCode):
-        (KJS::DotAccessorNode::emitCode):
-        (KJS::PostIncResolveNode::emitCode):
-        (KJS::PreIncResolveNode::emitCode):
-        (KJS::AssignResolveNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Implemented native function calls. (Re-entering from native code back
-        to JS doesn't work yet, though.)
-
-        0.2% speedup overall, due to some inlining tweaks. 3.6% regression on
-        function-empty.js, since we're making a new virtual call and taking a
-        new branch inside every op_call.
-        
-        I adjusted the JavaScriptCore calling convention to minimize overhead,
-        like so:
-        
-        The machine calls a single virtual function, "getCallData", to get all
-        the data it needs for a function call. Native code still uses the old
-        "isObject()" check followed by an "implementsCall()" check, which
-        aliases to "getCallData". (We can optimize native code to use getCallData
-        at our leisure.)
-        
-        To supply a list of arguments, the machine calls a new List constructor
-        that just takes a pointer and a length, without copying. Native code
-        still appends to the list one argument at a time. (We can optimize
-        native code to use the new List constructor at our leisure.)
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Changed resize() call to grow() call,
-        to encourage the compiler to inline the Vector code.
-
-        * kjs/CallData.h: Added.
-        (KJS::): CallData is a union because eventually native calls will stuff
-        a function pointer into it, to eliminate the callAsFunction virtual call.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction): Changed this to an ASSERT since
-        it's not implemented yet.
-        
-        * kjs/list.h: Made the List class two-faced, to support the old way and
-        the new way during this transition phase: lists can be made read-only
-        with just a pointer and a legnth, or you can append to them one item
-        at a time.
-
-        * kjs/value.h:
-        (KJS::jsUndefined): Marked this function ALWAYS_INLINE for the benefit
-        of a certain compiler that doesn't know what's best for it.
-
-2008-03-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-
-        Dump code that codegen can't handle yet, so it's easier to prioritize missing nodes.
-        
-        * kjs/nodes.h:
-        (KJS::Node::emitCode):
-
-2008-03-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-
-        Improve dumping of bytecode and fix coding style accordingly.
-        
-        Registers are printed as lr1 for locals, tr1 for temp registers. Identifiers print as
-        foobar(@id0) and constants print as "foo"(@k1) or 312.4(@k2) or the like. Constant and
-        identifier tables are dumped for reference.
-        
-        * VM/CodeBlock.cpp:
-        (KJS::escapeQuotes):
-        (KJS::valueToSourceString):
-        (KJS::registerName):
-        (KJS::constantName):
-        (KJS::idName):
-        (KJS::printUnaryOp):
-        (KJS::printBinaryOp):
-        (KJS::CodeBlock::dump):
-        * VM/Machine.cpp:
-        (KJS::resolve):
-        (KJS::resolveBase):
-        (KJS::Machine::privateExecute):
-
-2008-03-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        Implement StringNode and VoidNode (both pretty trivial).
-
-        * kjs/nodes.cpp:
-        (KJS::StringNode::emitCode):
-        (KJS::VoidNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-
-        Implement CommaNode.
-        
-        * kjs/nodes.cpp:
-        (KJS::CommaNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Adds support for dot notation and object literals.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitNewObject):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::ObjectLiteralNode::emitCode):
-        (KJS::PropertyListNode::emitCode):
-        (KJS::DotAccessorNode::emitCode):
-        (KJS::AssignDotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Mark the register file. 
-        
-        It's a conservative mark for now, but once registers are typed, we can
-        do an exact mark.
-        
-        1.4% regression regardless of whether we actually do the marking.
-        GCC is is worth every penny.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Most of the changes here are just for
-        the fact that "registers" is a pointer now.
-
-        * kjs/JSGlobalObject.cpp: The global object owns the register file now.
-
-2008-03-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18204: SquirrelFish: continue/break do not correctly handle scope popping
-        <http://bugs.webkit.org/show_bug.cgi?id=18204>
-
-        We now track the scope depth as part of a loop context, and add an
-        extra instruction op_jump_scopes that is used to perform a jump across
-        dynamic scope boundaries.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJumpScopes):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::ContinueNode::emitCode):
-        (KJS::BreakNode::emitCode):
-
-2008-03-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add emitCode support for ConditionalNode.
-
-        * kjs/nodes.cpp:
-        (KJS::ConditionalNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Responding to feedback, added some comments, fixed up a few names, and
-        clarified that "locals" always means all local variables, functions,
-        and parameters.
-
-2008-03-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Added support for "this".
-        
-        Supply an implicit "this" value as the first argument to every function.
-        Alias the "this" keyword to that argument.
-        
-        1% regression overall, 2.5% regression on empty function calls. Seems
-        like a reasonable cost for now, since we're doing more work.
-        (Eventually, we might decide to create a version of op_call specialized
-        for a known null "this" value.)
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCall):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::CodeGenerator):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/CommonIdentifiers.cpp:
-        (KJS::CommonIdentifiers::CommonIdentifiers):
-        * kjs/CommonIdentifiers.h:
-        * kjs/nodes.cpp:
-        (KJS::ThisNode::emitCode):
-        (KJS::FunctionCallResolveNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 18192: Squirrelfish needs support for break and continue
-        <http://bugs.webkit.org/show_bug.cgi?id=18192>
-
-        Added a loop context stack to the code generator to provide the
-        correct jump labels for continue and goto.  Added logic to the
-        currently implemented loop constructs to manage entry and exit
-        from the loop contexts.  Finally, implemented codegen for break
-        and continue (and a pass through for LabelNode)
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::pushLoopContext):
-        (KJS::CodeGenerator::popLoopContext):
-        (KJS::CodeGenerator::loopContextForIdentifier):
-        (KJS::CodeGenerator::labelForContinue):
-        (KJS::CodeGenerator::labelForBreak):
-        * VM/CodeGenerator.h:
-        * kjs/nodes.cpp:
-        (KJS::DoWhileNode::emitCode):
-        (KJS::WhileNode::emitCode):
-        (KJS::ForNode::emitCode):
-        (KJS::ContinueNode::emitCode):
-        (KJS::BreakNode::emitCode):
-        (KJS::LabelNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add emitCode support for UnaryPlusNode, NegateNode, BitwiseNotNode and LogicalNotNode.
-
-        * VM/CodeBlock.cpp:
-        (KJS::printUnaryOp):
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitToJSNumber):
-        (KJS::CodeGenerator::emitNegate):
-        (KJS::CodeGenerator::emitBitNot):
-        (KJS::CodeGenerator::emitNot):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::UnaryPlusNode::emitCode):
-        (KJS::NegateNode::emitCode):
-        (KJS::BitwiseNotNode::emitCode):
-        (KJS::LogicalNotNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-27  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add support for LogicalAndNode and LogicalOrNode.
-
-        * kjs/nodes.cpp:
-        (KJS::LogicalAndNode::emitCode):
-        (KJS::LogicalOrNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-27  Sam Weinig  <sam@webkit.org>
-
-        Clean up code and debug output.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-03-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Moved an ASSERT to a more logical place.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-03-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Add emitCode support for InstanceOfNode.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitInstanceOf):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::InstanceOfNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Bug 18142: squirrelfish needs to support dynamic scoping/with
-        <http://bugs.webkit.org/show_bug.cgi?id=18142>
-
-        Add support for dynamic scoping and add code to handle 'with'
-        statements.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::CodeBlock):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::getRegister):
-        (KJS::CodeGenerator::emitPushScope):
-        (KJS::CodeGenerator::emitPopScope):
-        * VM/CodeGenerator.h:
-        (KJS::CodeGenerator::CodeGenerator):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::WithNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add emitCode support for NullNode, FalseNode, TrueNode, IfNode, IfElseNode, DoWhileNode and WhileNode
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump): Dump op_jfalse opcode.
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJumpIfFalse): Identical to emitJumpIfTrue except it emits the op_jfalse opcode.
-        (KJS::CodeGenerator::emitLoad): Add and emitLoad override for booleans.
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute): Adds execution of op_jfalse. It is identical to op_jtrue, except the
-        the condition is reversed.
-        * VM/Opcode.h: Add op_jfalse.
-        * kjs/nodes.cpp:
-        (KJS::NullNode::emitCode): Added.
-        (KJS::FalseNode::emitCode): Added.
-        (KJS::TrueNode::emitCode): Added.
-        (KJS::IfNode::emitCode): Added.
-        (KJS::IfElseNode::emitCode): Added.
-        (KJS::DoWhileNode::emitCode): Added.
-        (KJS::WhileNode::emitCode): Added.
-        * kjs/nodes.h:
-
-2008-03-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Nixed an unused List.
-        
-        The calm before my stormy war against the List class.
-
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct):
-
-2008-03-26  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoffrey Garen.
-
-        Adds support for EqualNode, NotEqualNode, StrictEqualNode, NotStrictEqualNode,
-        LessEqNode, GreaterNode, GreaterEqNode, MultNode, DivNode, ModNode, SubNode,
-        LeftShiftNode, RightShiftNode, UnsignedRightShiftNode, BitAndNode, BitXOrNode,
-        and BitOrNode.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitEqual):
-        (KJS::CodeGenerator::emitNotEqual):
-        (KJS::CodeGenerator::emitStrictEqual):
-        (KJS::CodeGenerator::emitNotStrictEqual):
-        (KJS::CodeGenerator::emitLessEq):
-        (KJS::CodeGenerator::emitMult):
-        (KJS::CodeGenerator::emitDiv):
-        (KJS::CodeGenerator::emitMod):
-        (KJS::CodeGenerator::emitSub):
-        (KJS::CodeGenerator::emitLeftShift):
-        (KJS::CodeGenerator::emitRightShift):
-        (KJS::CodeGenerator::emitUnsignedRightShift):
-        (KJS::CodeGenerator::emitBitAnd):
-        (KJS::CodeGenerator::emitBitXOr):
-        (KJS::CodeGenerator::emitBitOr):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::jsLessEq):
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (KJS::MultNode::emitCode):
-        (KJS::DivNode::emitCode):
-        (KJS::ModNode::emitCode):
-        (KJS::SubNode::emitCode):
-        (KJS::LeftShiftNode::emitCode):
-        (KJS::RightShiftNode::emitCode):
-        (KJS::UnsignedRightShiftNode::emitCode):
-        (KJS::GreaterNode::emitCode):
-        (KJS::LessEqNode::emitCode):
-        (KJS::GreaterEqNode::emitCode):
-        (KJS::EqualNode::emitCode):
-        (KJS::NotEqualNode::emitCode):
-        (KJS::StrictEqualNode::emitCode):
-        (KJS::NotStrictEqualNode::emitCode):
-        (KJS::BitAndNode::emitCode):
-        (KJS::BitXOrNode::emitCode):
-        (KJS::BitOrNode::emitCode):
-        * kjs/nodes.h:
-
-2008-03-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Only print debug dumps in debug builds.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::generate):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-03-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Moved a few files around in the XCode project.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-03-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Made closures work.
-        
-        An activation object aliases to the register file until its associated
-        function returns, at which point it copies the registers for locals and
-        parameters into an independent storage buffer.
-
-2008-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed recent 25% regression on simple for loop test. GCC seems to be
-        very finicky about the code that gets inlined into
-        Machine::privateExecute.
-
-        Everything in this patch is simply the result of experiment.
-        
-        The resolve and resolve_base opcodes do not seem to have gotten slower
-        from this change.
-
-        * VM/Machine.cpp:
-        (KJS::resolve):
-        (KJS::resolveBase):
-        (KJS::Machine::privateExecute):
-        * kjs/nodes.h:
-
-2008-03-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 18059: squirrelfish needs to compile on platforms without computed goto
-        <http://bugs.webkit.org/show_bug.cgi?id=18059>
-
-        "Standard" macro style support for conditionalising the use of computed goto.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/Machine.cpp:
-        (KJS::Machine::isOpcode):
-        (KJS::Machine::privateExecute):
-        * VM/Machine.h:
-        (KJS::Machine::getOpcode):
-        (KJS::Machine::getOpcodeID):
-        * VM/Opcode.h:
-        * wtf/Platform.h:
-
-2008-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Moved my notes from nodes.h to the wiki.
-
-        * kjs/nodes.h:
-
-2008-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        SquirrelFish lives.
-        
-        Initial check-in of the code I've been carrying around. Lots of stuff
-        doesn't work. Plus a bunch of empty files.
-
-=== Start merge of squirrelfish ===
-
-2008-05-21  Darin Adler  <darin@apple.com>
-
-        - try to fix the Windows build
-
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::stopProfiling): Use ptrdiff_t instead of the less-common but incredibly
-        similar ssize_t type.
-        * wtf/AVLTree.h:
-        (KJS::AVLTree::search): Added a typename for a dependent name that's a type.
-
-2008-05-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - fix <rdar://problem/5952721> bug in JavaScript arguments object property lookup
-
-        Test: fast/js/arguments-bad-index.html
-
-        * kjs/function.cpp:
-        (KJS::IndexToNameMap::IndexToNameMap): Use unsigned instead of int.
-        (KJS::IndexToNameMap::isMapped): Use unsigned instead of int, and also use the
-        strict version of the numeric conversion function, since we don't want to allow
-        trailing junk.
-        (KJS::IndexToNameMap::unMap): Ditto.
-        (KJS::IndexToNameMap::operator[]): Ditto.
-        * kjs/function.h: Changed IndexToNameMap::size type from int to unsigned.
-
-2008-05-21  Timothy Hatcher  <timothy@apple.com>
-
-        Change the Profiler to allow multiple profiles to be running at
-        the same time. This can happen when you have nested console.profile()
-        calls. This required two changes. First, the Profiler needed to keep a
-        Vector of current profiles, instead of one. Second, a Profile needs
-        to keep track of the global ExecState it started in and the page group
-        identifier it is tracking.
-
-        The stopProfiling call now takes the same arguments as startProfiling.
-        This makes sure the correct profile is stopped. Passing a null UString
-        as the title will stop the last profile for the matching ExecState.
-
-        <rdar://problem/5951559> Multiple pages profiling can interfere with each other
-
-        Reviewed by Kevin McCullough.
-
-        * JavaScriptCore.exp: Added new exports. Removed old symbols.
-        * profiler/Profile.cpp:
-        (KJS::Profile::Profile): New constructor arguments for the
-        originatingGlobalExec and pageGroupIdentifier.
-        (KJS::Profile::stopProfiling): Set the m_originatingGlobalExec to null.
-        * profiler/Profile.h:
-        (KJS::Profile::create): Additional arguments.
-        (KJS::Profile::originatingGlobalExec): Return m_originatingGlobalExec.
-        (KJS::Profile::pageGroupIdentifier): Return m_pageGroupIdentifier.
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::findProfile): Added. Finds a Profile that matches
-        the ExecState and title.
-        (KJS::Profiler::startProfiling): Return early if there is already
-        a Profile with the ExecState and title. If not, create a new profile
-        and append it to m_currentProfiles.
-        (KJS::Profiler::stopProfiling): Loops through m_currentProfiles
-        and find the one matching the ExecState and title. If one is found
-        call stopProfiling and return the Profile after removing it
-        from m_currentProfiles.
-        (KJS::dispatchFunctionToProfiles): Helper inline function to loop through
-        m_currentProfiles and call a Profile function.
-        (KJS::Profiler::willExecute): Call dispatchFunctionToProfiles.
-        (KJS::Profiler::didExecute): Ditto.
-        * profiler/Profiler.h:
-
-2008-05-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5908520> REGRESSION (3.1.1-r33033): Crash in WebKit when opening or
-        refreshing page on people.com
-
-        The problem was that STL algorithms do not work with non-conformant comparators, and the
-        site used sort(function() { return 0.5 - Math.random(); } to randomly shuffle an array.
-
-        https://bugs.webkit.org/show_bug.cgi?id=18687
-        REGRESSION(r32220): ecma/Array/15.4.4.5-3.js test now fails in GMT(BST)
-
-        Besides relying on sort stability, this test was just broken, and kept failing with the
-        new stable sort.
-
-        Tests: fast/js/sort-randomly.html
-               fast/js/sort-stability.html
-               fast/js/comparefn-sort-stability.html
-
-        * kjs/avl_tree.h: Added an AVL tree implementation.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/AVLTree.h: Added.
-        Added an AVL tree implementation.
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::increaseVectorLength):
-        (KJS::ArrayInstance::sort):
-        (KJS::AVLTreeAbstractorForArrayCompare::get_less):
-        (KJS::AVLTreeAbstractorForArrayCompare::set_less):
-        (KJS::AVLTreeAbstractorForArrayCompare::get_greater):
-        (KJS::AVLTreeAbstractorForArrayCompare::set_greater):
-        (KJS::AVLTreeAbstractorForArrayCompare::get_balance_factor):
-        (KJS::AVLTreeAbstractorForArrayCompare::set_balance_factor):
-        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        (KJS::AVLTreeAbstractorForArrayCompare::compare_key_node):
-        (KJS::AVLTreeAbstractorForArrayCompare::compare_node_node):
-        (KJS::AVLTreeAbstractorForArrayCompare::null):
-        (KJS::ArrayInstance::compactForSorting):
-        
-        * kjs/array_instance.h: increaseVectorLength() now returns a bool to indicate whether it was
-        successful.
-
-        * wtf/Vector.h:
-        (WTF::Vector::Vector):
-        (WTF::::operator=):
-        (WTF::::fill):
-        Make these methods fail instead of crash when allocation fails, matching resize() and
-        reserveCapacity(), which already had this behavior. Callers need to check for null buffer
-        after making any Vector call that can try to allocate.
-
-        * tests/mozilla/ecma/Array/15.4.4.5-3.js: Fixed the test to use a consistent sort function,
-        as suggested in comments to a Mozilla bug filed about it (I'll keep tracking the bug to see
-        what the final resolution is).
-
-2008-05-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5950867> JSProfiler: Allow the profiler to "Focus" a
-        profile node.
-        - Implements focus by adding the idea of a profileNode being visible and
-        adding the ability to reset all of the visible flags.
-
-        * profiler/Profile.h: 
-        (KJS::Profile::focus):
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::ProfileNode): Initialize the visible flag.
-        (KJS::ProfileNode::setTreeVisible): Set the visibility of this node and
-        all of its descendents.
-        (KJS::ProfileNode::focus): Determine if this node should be visible when
-        focusing, if the functionName matches this node's function name or if any
-        of this node's children are visible.
-        (KJS::ProfileNode::restoreAll): Restore all nodes' visible flag.
-        (KJS::ProfileNode::debugPrintData):
-        * profiler/ProfileNode.h:
-        (KJS::ProfileNode::visible):
-        (KJS::ProfileNode::setVisible):
-
-2008-05-20  Timothy Hatcher  <timothy@apple.com>
-
-        Fixes a couple performance issues with the profiler. Also fixes
-        a regression where some nodes wouldn't be added to the tree.
-
-        Reviewed by Kevin McCullough.
-
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::addChild): Compare callIdentifier instead
-        of functionName.
-        * profiler/ProfileNode.h: 
-        (CallIdentifier.operator==): Compare the CallIdentifiers in
-        an order that fails sooner for non-matches.
-        (CallIdentifier.callIdentifier): Return the CallIdentifier by
-        reference to prevent making a new copy each time.
-
-2008-05-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5950796> JSProfiler: dump functions are in the code
-        Removed dump and logging functions from the Release version of the code
-        and renamed them to be obviously for debugging only.
-
-        * JavaScriptCore.exp:
-        * profiler/Profile.cpp:
-        (KJS::Profile::debugPrintData):
-        (KJS::Profile::debugPrintDataSampleStyle):
-        * profiler/Profile.h:
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::debugPrintData):
-        (KJS::ProfileNode::debugPrintDataSampleStyle):
-        * profiler/ProfileNode.h:
-        * profiler/Profiler.cpp:
-        * profiler/Profiler.h:
-
-2008-05-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam.
-
-        <rdar://problem/5950538> JSProfiler: Keep track of non-JS execution time
-        We now have an extra node that represents the excess non-JS time.
-        - Also changed "SCRIPT" and "anonymous function" to be more consistent
-        with the debugger.
-
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::stopProfiling): If this ProfileNode is the head node
-        create a new child that has the excess execution time.
-        (KJS::ProfileNode::calculatePercentages): Moved calculation of the
-        percentages into a function since it's called from multiple places.
-        * profiler/ProfileNode.h: Add the newly needed functions used above.
-        (KJS::ProfileNode::setTotalTime):
-        (KJS::ProfileNode::setSelfTime):
-        (KJS::ProfileNode::setNumberOfCalls):
-        * profiler/Profiler.cpp: renamed "SCRIPT" and "anonymous function" to be
-        consistent with the debugger and use constants that can be localized
-        more easily.
-        (KJS::getCallIdentifiers):
-        (KJS::getCallIdentifierFromFunctionImp):
-
-2008-05-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        Removed only profiler-internal use of currentProfile since that concept
-        is changing.
-
-        * profiler/Profile.h: Now stopProfiling takes a time and bool as
-        arguments.  The time is used to calculate %s from and the bool tells
-        if this node is the head node and should be the one calculating the time.
-        (KJS::Profile::stopProfiling):
-        * profiler/ProfileNode.cpp: Ditto.
-        (KJS::ProfileNode::stopProfiling):
-        * profiler/ProfileNode.h: Ditto.
-
-2008-05-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Accidentally turned on the profiler.
-
-        * kjs/config.h:
-
-
-2008-05-20  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        Split function name into 3 parts so that the Web Inspector can link it to
-        the resource location from whence it came.
-
-        * kjs/ustring.cpp: Implemented operator> for UStrings
-        (KJS::operator>):
-        * kjs/ustring.h:
-        * profiler/Profile.cpp:
-        (KJS::Profile::Profile): Initialize all 3 values.
-        (KJS::Profile::willExecute): Use CallIdentifier struct.
-        (KJS::Profile::didExecute): Ditto.
-        * profiler/Profile.h: Ditto and remove unused function.
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::ProfileNode): Use CallIdentifier struct.
-        (KJS::ProfileNode::willExecute): Ditto and fix an issue where we
-        restarted the m_startTime even though it was already started.
-        (KJS::ProfileNode::didExecute): Ditto.
-        (KJS::ProfileNode::findChild): Ditto.
-        (KJS::functionNameDescendingComparator): Ditto and use new comparator.
-        (KJS::functionNameAscendingComparator): Ditto.
-        (KJS::ProfileNode::printDataInspectorStyle): Use CallIdentifier struct.
-        (KJS::ProfileNode::printDataSampleStyle): Ditto.
-        * profiler/ProfileNode.h:
-        (KJS::CallIdentifier::CallIdentifier): Describe the CallIdentifier struct
-        (KJS::CallIdentifier::operator== ):
-        (KJS::ProfileNode::create): Use the CallIdentifier struct.
-        (KJS::ProfileNode::callIdentifier):
-        (KJS::ProfileNode::functionName): Now only return the function name, not
-        the url and line number too.
-        (KJS::ProfileNode::url):
-        (KJS::ProfileNode::lineNumber):
-        * profiler/Profiler.cpp: Use the CallIdentifier struct. 
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-        (KJS::getCallIdentifiers):
-        (KJS::getCallIdentifierFromFunctionImp):
-
-2008-05-20  Timothy Hatcher  <timothy@apple.com>
-
-        Rename sortFileName{Ascending,Descending} to
-        sortFunctionName{Ascending,Descending}.
-
-        Reviewed by Kevin McCullough.
-
-        * JavaScriptCore.exp:
-        * kjs/config.h:
-        * profiler/Profile.h:
-        * profiler/ProfileNode.cpp:
-        (KJS::functionNameDescendingComparator):
-        (KJS::ProfileNode::sortFunctionNameDescending):
-        (KJS::functionNameAscendingComparator):
-        (KJS::ProfileNode::sortFunctionNameAscending):
-        * profiler/ProfileNode.h:
-
-2008-05-19  Timothy Hatcher  <timothy@apple.com>
-
-        Make the profiler use higher than millisecond resolution time-stamps.
-
-        Reviewed by Kevin McCullough.
-
-        * kjs/DateMath.cpp:
-        (KJS::getCurrentUTCTime): Call getCurrentUTCTimeWithMicroseconds and
-        floor the result.
-        (KJS::getCurrentUTCTimeWithMicroseconds): Copied from the previous
-        implementation of getCurrentUTCTime without the floor call.
-        * kjs/DateMath.h: Addded getCurrentUTCTimeWithMicroseconds.
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::ProfileNode): Use getCurrentUTCTimeWithMicroseconds.
-
-2008-05-19  Timothy Hatcher  <timothy@apple.com>
-
-        Fixes a bug in the profiler where call and apply would show up
-        and double the time spent in a function. We don't want to show call
-        and apply at all in the profiles. This change excludes them.
-
-        Reviewed by Kevin McCullough.
-
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::stopProfiling): Remove a second for loop and
-        calculate self time in the existing loop.
-        * profiler/Profiler.cpp:
-        (KJS::shouldExcludeFunction): Helper inline function that returns
-        true in the current function in an InternalFunctionImp and it is 
-        has the functionName call or apply.
-        (KJS::Profiler::willExecute): Call shouldExcludeFunction and return
-        early if if returns true.
-        (KJS::Profiler::didExecute): Ditto.
-
-2008-05-19  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Implement sorting by function name.
-
-        * JavaScriptCore.exp:
-        * profiler/Profile.h:
-        (KJS::Profile::sortFileNameDescending):
-        (KJS::Profile::sortFileNameAscending):
-        * profiler/ProfileNode.cpp:
-        (KJS::fileNameDescendingComparator):
-        (KJS::ProfileNode::sortFileNameDescending):
-        (KJS::fileNameAscendingComparator):
-        (KJS::ProfileNode::sortFileNameAscending):
-        * profiler/ProfileNode.h:
-
-2008-05-19  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Pass the exec state to profiler when calling startProfiling so that if
-        profiling is started within an execution context that location is
-        recorded correctly.
-
-        * JavaScriptCore.exp:
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::printDataInspectorStyle): Dump more info for debugging
-        purposes.
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::startProfiling):
-        * profiler/Profiler.h:
-
-2008-05-19  Kevin McCullough  <kmccullough@apple.com>
-
-        Rubberstamped by Geoff.
-
-        Turn off the profiler because it is a performance regression.
-
-        * kjs/config.h:
-
-2008-05-19  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Anders and Beth.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16495
-        [GTK] Accessibility support with ATK/AT-SPI
-
-        Initial ATK/AT-SPI accessibility support for the GTK+ port.
-
-        * wtf/Platform.h:
-
-2008-05-19  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        -In an effort to make the profiler as efficient as possible instead of
-        prepending to a vector we keep the vector in reverse order and operate
-        over it backwards.
-
-        * profiler/Profile.cpp:
-        (KJS::Profile::willExecute):
-        (KJS::Profile::didExecute):
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::didExecute):
-        (KJS::ProfileNode::endAndRecordCall):
-        * profiler/ProfileNode.h:
-        * profiler/Profiler.cpp:
-        (KJS::getStackNames):
-
-2008-05-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        Implement sorting for the profiler.
-        I chose to sort the profileNodes in place since there is no reason they
-        need to retain their original order.
-
-        * JavaScriptCore.exp: Export the symbols.
-        * profiler/Profile.h: Add the different ways a profile can be sorted.
-        (KJS::Profile::sortTotalTimeDescending):
-        (KJS::Profile::sortTotalTimeAscending):
-        (KJS::Profile::sortSelfTimeDescending):
-        (KJS::Profile::sortSelfTimeAscending):
-        (KJS::Profile::sortCallsDescending):
-        (KJS::Profile::sortCallsAscending):
-        * profiler/ProfileNode.cpp: Implement those ways.
-        (KJS::totalTimeDescendingComparator):
-        (KJS::ProfileNode::sortTotalTimeDescending):
-        (KJS::totalTimeAscendingComparator):
-        (KJS::ProfileNode::sortTotalTimeAscending):
-        (KJS::selfTimeDescendingComparator):
-        (KJS::ProfileNode::sortSelfTimeDescending):
-        (KJS::selfTimeAscendingComparator):
-        (KJS::ProfileNode::sortSelfTimeAscending):
-        (KJS::callsDescendingComparator):
-        (KJS::ProfileNode::sortCallsDescending):
-        (KJS::callsAscendingComparator):
-        (KJS::ProfileNode::sortCallsAscending):
-        * profiler/ProfileNode.h: No longer use a Deque since it cannot be
-        sorted by std::sort and there was no reason not to use a Vector.  I
-        previously had though I would do prepending but am not.
-        (KJS::ProfileNode::selfTime):
-        (KJS::ProfileNode::totalPercent):
-        (KJS::ProfileNode::selfPercent):
-        (KJS::ProfileNode::children):
-        * profiler/Profiler.cpp: Removed these functions as they can be called
-        directoy on the Profile object after getting the Vector of them.
-        (KJS::getStackNames):
-        * profiler/Profiler.h:
-
-2008-05-15  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        Since WebKitGtk is fully using autotools now, clean-up the .pro/.pri files
-        from gtk-port.
-
-        * JavaScriptCore.pro:
-        * kjs/testkjs.pro:
-
-2008-05-15  Kevin McCullough  <kmccullough@apple.com>
-
-        - Build fix.
-
-        * JavaScriptCore.exp:
-
-2008-05-15  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Cache some values to save on computing them repetitively. This will be
-        a big savings when we sort since we won't have to walk the tree for
-        every comparison!
-        - We cache these values when we end profiling because otherwise we won't
-        know which profile to get the totalTime for the whole profile from without
-        retaining a reference to the head profile or looking up the profile from
-        the list of all profiles.
-        - Also it's safe to assume we won't be asked for these values while we
-        are still profiling since the WebInspector only get's profileNodes from
-        profiles that are in the allProfiles() list and a profile is only added
-        to that list after it has finished and these values will no longer
-        change.
-
-        * JavaScriptCore.exp:
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::ProfileNode):
-        (KJS::ProfileNode::stopProfiling):
-        (KJS::ProfileNode::printDataInspectorStyle):
-        (KJS::ProfileNode::printDataSampleStyle):
-        (KJS::ProfileNode::endAndRecordCall):
-        * profiler/ProfileNode.h:
-        (KJS::ProfileNode::totalTime):
-        (KJS::ProfileNode::selfTime):
-        (KJS::ProfileNode::totalPercent):
-        (KJS::ProfileNode::selfPercent):
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::stopProfiling):
-
-2008-05-15  Simon Hausmann  <shausman@trolltech.com>
-
-        Reviewed by Holger.
-
-        Fix compilation when compiling with MSVC and wchar_t support.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::umemcasecmp):
-
-2008-05-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Turn on the profiler.
-
-        * kjs/config.h:
-
-2008-05-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Expose the new profiler functions to the WebInspector.
-
-        * JavaScriptCore.exp:
-
-2008-05-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Giving credit where credit is due.
-
-        * ChangeLog:
-
-2008-05-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff and Sam.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        Add the ability to get percentages of total and self time for displaying
-        in the WebInspector.
-
-        * profiler/Profile.h:
-        (KJS::Profile::totalProfileTime):
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::totalPercent):
-        (KJS::ProfileNode::selfPercent):
-        * profiler/ProfileNode.h:
-        * profiler/Profiler.h:
-        (KJS::Profiler::currentProfile):
-
-2008-05-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Rename FunctionCallProfile to ProfileNode.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * profiler/FunctionCallProfile.cpp: Removed.
-        * profiler/FunctionCallProfile.h: Removed.
-        * profiler/Profile.cpp:
-        (KJS::Profile::Profile):
-        (KJS::Profile::willExecute):
-        * profiler/Profile.h:
-        (KJS::Profile::callTree):
-        * profiler/ProfileNode.cpp: Copied from profiler/FunctionCallProfile.cpp.
-        (KJS::ProfileNode::ProfileNode):
-        (KJS::ProfileNode::willExecute):
-        (KJS::ProfileNode::didExecute):
-        (KJS::ProfileNode::addChild):
-        (KJS::ProfileNode::findChild):
-        (KJS::ProfileNode::stopProfiling):
-        (KJS::ProfileNode::selfTime):
-        (KJS::ProfileNode::printDataInspectorStyle):
-        (KJS::ProfileNode::printDataSampleStyle):
-        (KJS::ProfileNode::endAndRecordCall):
-        * profiler/ProfileNode.h: Copied from profiler/FunctionCallProfile.h.
-        (KJS::ProfileNode::create):
-        (KJS::ProfileNode::children):
-        * profiler/Profiler.cpp:
-
-2008-05-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by John.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Have each FunctionCallProfile be able to return it's total and self time.
-
-        * JavaScriptCore.exp:
-        * profiler/FunctionCallProfile.cpp:
-        (KJS::FunctionCallProfile::selfTime):
-        * profiler/FunctionCallProfile.h:
-        (KJS::FunctionCallProfile::totalTime):
-
-2008-05-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5934376> REGRESSION: A script fails because of a straw BOM character in it.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=4931>
-        Unicode format characters (Cf) should be removed from JavaScript source
-
-        Of all Cf characters, we are only removing BOM, because this is what Firefox trunk has
-        settled upon, after extensive discussion and investigation.
-
-        Based on Darin's work on this bug.
-
-        Test: fast/js/removing-Cf-characters.html
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::setCode): Tweak formatting. Use a call to shift(4) to read in the
-        first characters, instead of having special case code here.
-        (KJS::Lexer::shift): Add a loop when reading a character to skip BOM characters.
-
-2008-05-13  Matt Lilek  <webkit@mattlilek.com>
-
-        Not reviewed, build fix.
-
-        * kjs/date_object.cpp:
-        (KJS::DateObjectFuncImp::callAsFunction):
-
-2008-05-13  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam.
-
-        <rdar://problem/5933644> Implement Date.now
-        
-        Implement Date.now which returns the number of milliseconds since the epoch.
-        
-        * kjs/CommonIdentifiers.h:
-        * kjs/date_object.cpp:
-        (KJS::DateObjectFuncImp::):
-        (KJS::DateObjectImp::DateObjectImp):
-        (KJS::DateObjectFuncImp::callAsFunction):
-
-2008-05-13  Kevin McCullough  <kmccullough@apple.com>
-
-        Giving credit where credit is due.
-
-        * ChangeLog:
-
-2008-05-13  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam and Geoff.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        Use PassRefPtrs instead of RefPtrs when appropriate.
-
-        * profiler/FunctionCallProfile.cpp:
-        (KJS::FunctionCallProfile::addChild):
-        * profiler/FunctionCallProfile.h:
-        * profiler/Profile.h:
-        (KJS::Profile::callTree):
-
-2008-05-13  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Made some functions static (as per Adam) and changed from using raw
-        pointers to RefPtr for making these JavaScript Objects.
-
-        * profiler/FunctionCallProfile.cpp:
-        (KJS::FunctionCallProfile::addChild):
-        (KJS::FunctionCallProfile::findChild):
-        * profiler/FunctionCallProfile.h:
-        (KJS::FunctionCallProfile::create):
-        * profiler/Profile.cpp:
-        (KJS::Profile::Profile):
-        (KJS::Profile::willExecute):
-        (KJS::Profile::didExecute):
-        (KJS::functionNameCountPairComparator):
-        * profiler/Profile.h:
-        (KJS::Profile::create):
-        (KJS::Profile::title):
-        (KJS::Profile::callTree):
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::startProfiling):
-        * profiler/Profiler.h:
-        (KJS::Profiler::allProfiles):
-        (KJS::Profiler::clearProfiles):
-
-2008-05-13  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        <rdar://problem/4949018> JavaScriptCore API claims to work with UTF8 strings, but only works
-        with ASCII strings
-        
-        * kjs/ustring.h:
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::createFromUTF8):
-        Added. Implementation adapted from JSStringCreateWithUTF8CString().
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithUTF8CString):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        Use UString::Rep::createFromUTF8().
-
-2008-05-12  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        <rdar://problem/4859666> WebKit needs availability macros in order to deprecate APIs
-
-        Create WebKit availability macros that key off the Mac OS X version being targeted to
-        determine the WebKit version being targeted.  Applications can define
-        WEBKIT_VERSION_MIN_REQUIRED before including WebKit headers in order to target a specific
-        version of WebKit.
-
-        The availability header is being added to JavaScriptCore rather than WebKit as JavaScriptCore
-        is the lowest-level portion of the public WebKit API.
-
-        * API/WebKitAvailability.h: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-05-12  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        https://bugs.webkit.org/show_bug.cgi?id=18828
-        Reproducible crash with PAC file
-
-        Naively moving JavaScriptCore into thread-specific data was inappropriate in the face of
-        exiting JavaScriptCore API clients, which expect a different therading model. Temporarily
-        disabling ThreadSpecific implementation until this can be sorted out.
-
-        * wtf/ThreadSpecific.h:
-        (WTF::::ThreadSpecific):
-        (WTF::::~ThreadSpecific):
-        (WTF::::get):
-        (WTF::::set):
-
-2008-05-12  Alexey Proskuryakov  <ap@webkit.org>
-
-        Roll out recent  threading changes (r32807, r32810, r32819, r32822) to simplify
-        SquirrelFish merging.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        * JavaScriptCore.exp:
-        * kjs/ExecState.h:
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreadingOnce):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject):
-        (KJS::JSGlobalObject::init):
-        (KJS::JSGlobalObject::put):
-        (KJS::JSGlobalObject::reset):
-        (KJS::JSGlobalObject::tearOffActivation):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::head):
-        (KJS::JSGlobalObject::perThreadData):
-        * kjs/JSLock.cpp:
-        (KJS::JSLock::registerThread):
-        * kjs/JSLock.h:
-        (KJS::JSLock::JSLock):
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::ArrayInstance):
-        (KJS::ArrayInstance::lengthGetter):
-        * kjs/array_object.cpp:
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncJoin):
-        (KJS::arrayProtoFuncConcat):
-        (KJS::arrayProtoFuncPop):
-        (KJS::arrayProtoFuncPush):
-        (KJS::arrayProtoFuncShift):
-        (KJS::arrayProtoFuncSlice):
-        (KJS::arrayProtoFuncSplice):
-        (KJS::arrayProtoFuncUnShift):
-        (KJS::arrayProtoFuncFilter):
-        (KJS::arrayProtoFuncMap):
-        (KJS::arrayProtoFuncEvery):
-        (KJS::arrayProtoFuncForEach):
-        (KJS::arrayProtoFuncSome):
-        (KJS::arrayProtoFuncIndexOf):
-        (KJS::arrayProtoFuncLastIndexOf):
-        (KJS::ArrayObjectImp::ArrayObjectImp):
-        (KJS::ArrayObjectImp::construct):
-        * kjs/bool_object.cpp:
-        (KJS::BooleanPrototype::BooleanPrototype):
-        (KJS::booleanProtoFuncToString):
-        (KJS::BooleanObjectImp::BooleanObjectImp):
-        (KJS::BooleanObjectImp::construct):
-        * kjs/collector.cpp:
-        (KJS::allocateBlock):
-        (KJS::Collector::recordExtraCost):
-        (KJS::Collector::heapAllocate):
-        (KJS::Collector::allocate):
-        (KJS::Collector::allocateNumber):
-        (KJS::Collector::registerAsMainThread):
-        (KJS::onMainThread):
-        (KJS::PlatformThread::PlatformThread):
-        (KJS::getCurrentPlatformThread):
-        (KJS::Collector::Thread::Thread):
-        (KJS::destroyRegisteredThread):
-        (KJS::initializeRegisteredThreadKey):
-        (KJS::Collector::registerThread):
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::markCurrentThreadConservativelyInternal):
-        (KJS::Collector::markCurrentThreadConservatively):
-        (KJS::suspendThread):
-        (KJS::resumeThread):
-        (KJS::getPlatformThreadRegisters):
-        (KJS::otherThreadStackPointer):
-        (KJS::Collector::markOtherThreadConservatively):
-        (KJS::protectedValues):
-        (KJS::Collector::protect):
-        (KJS::Collector::unprotect):
-        (KJS::Collector::collectOnMainThreadOnly):
-        (KJS::Collector::markProtectedObjects):
-        (KJS::Collector::markMainThreadOnlyObjects):
-        (KJS::Collector::sweep):
-        (KJS::Collector::collect):
-        (KJS::Collector::size):
-        (KJS::Collector::globalObjectCount):
-        (KJS::Collector::protectedGlobalObjectCount):
-        (KJS::Collector::protectedObjectCount):
-        (KJS::Collector::protectedObjectTypeCounts):
-        (KJS::Collector::isBusy):
-        (KJS::Collector::reportOutOfMemoryToAllExecStates):
-        * kjs/collector.h:
-        (KJS::Collector::cellBlock):
-        (KJS::Collector::cellOffset):
-        (KJS::Collector::isCellMarked):
-        (KJS::Collector::markCell):
-        (KJS::Collector::reportExtraMemoryCost):
-        * kjs/date_object.cpp:
-        (KJS::formatLocaleDate):
-        (KJS::DatePrototype::DatePrototype):
-        (KJS::DateObjectImp::DateObjectImp):
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectImp::callAsFunction):
-        (KJS::DateObjectFuncImp::DateObjectFuncImp):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        (KJS::dateProtoFuncToString):
-        (KJS::dateProtoFuncToUTCString):
-        (KJS::dateProtoFuncToDateString):
-        (KJS::dateProtoFuncToTimeString):
-        (KJS::dateProtoFuncToLocaleString):
-        (KJS::dateProtoFuncToLocaleDateString):
-        (KJS::dateProtoFuncToLocaleTimeString):
-        (KJS::dateProtoFuncValueOf):
-        (KJS::dateProtoFuncGetTime):
-        (KJS::dateProtoFuncGetFullYear):
-        (KJS::dateProtoFuncGetUTCFullYear):
-        (KJS::dateProtoFuncToGMTString):
-        (KJS::dateProtoFuncGetMonth):
-        (KJS::dateProtoFuncGetUTCMonth):
-        (KJS::dateProtoFuncGetDate):
-        (KJS::dateProtoFuncGetUTCDate):
-        (KJS::dateProtoFuncGetDay):
-        (KJS::dateProtoFuncGetUTCDay):
-        (KJS::dateProtoFuncGetHours):
-        (KJS::dateProtoFuncGetUTCHours):
-        (KJS::dateProtoFuncGetMinutes):
-        (KJS::dateProtoFuncGetUTCMinutes):
-        (KJS::dateProtoFuncGetSeconds):
-        (KJS::dateProtoFuncGetUTCSeconds):
-        (KJS::dateProtoFuncGetMilliSeconds):
-        (KJS::dateProtoFuncGetUTCMilliseconds):
-        (KJS::dateProtoFuncGetTimezoneOffset):
-        (KJS::dateProtoFuncSetTime):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::dateProtoFuncSetYear):
-        (KJS::dateProtoFuncGetYear):
-        * kjs/error_object.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype):
-        (KJS::errorProtoFuncToString):
-        (KJS::ErrorObjectImp::ErrorObjectImp):
-        (KJS::ErrorObjectImp::construct):
-        (KJS::NativeErrorPrototype::NativeErrorPrototype):
-        (KJS::NativeErrorImp::NativeErrorImp):
-        (KJS::NativeErrorImp::construct):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::construct):
-        (KJS::Arguments::Arguments):
-        (KJS::ActivationImp::createArgumentsObject):
-        (KJS::encode):
-        (KJS::decode):
-        (KJS::globalFuncParseInt):
-        (KJS::globalFuncParseFloat):
-        (KJS::globalFuncEscape):
-        (KJS::globalFuncUnescape):
-        (KJS::PrototypeFunction::PrototypeFunction):
-        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
-        * kjs/function_object.cpp:
-        (KJS::FunctionPrototype::FunctionPrototype):
-        (KJS::functionProtoFuncToString):
-        (KJS::FunctionObjectImp::FunctionObjectImp):
-        (KJS::FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (KJS::StringImp::toObject):
-        * kjs/internal.h:
-        (KJS::StringImp::StringImp):
-        (KJS::NumberImp::operator new):
-        * kjs/list.cpp:
-        (KJS::List::markSet):
-        (KJS::List::markProtectedListsSlowCase):
-        (KJS::List::expandAndAppend):
-        * kjs/list.h:
-        (KJS::List::List):
-        (KJS::List::~List):
-        (KJS::List::markProtectedLists):
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::cacheGlobalObject):
-        * kjs/math_object.cpp:
-        (KJS::MathObjectImp::getValueProperty):
-        (KJS::mathProtoFuncAbs):
-        (KJS::mathProtoFuncACos):
-        (KJS::mathProtoFuncASin):
-        (KJS::mathProtoFuncATan):
-        (KJS::mathProtoFuncATan2):
-        (KJS::mathProtoFuncCeil):
-        (KJS::mathProtoFuncCos):
-        (KJS::mathProtoFuncExp):
-        (KJS::mathProtoFuncFloor):
-        (KJS::mathProtoFuncLog):
-        (KJS::mathProtoFuncMax):
-        (KJS::mathProtoFuncMin):
-        (KJS::mathProtoFuncPow):
-        (KJS::mathProtoFuncRandom):
-        (KJS::mathProtoFuncRound):
-        (KJS::mathProtoFuncSin):
-        (KJS::mathProtoFuncSqrt):
-        (KJS::mathProtoFuncTan):
-        * kjs/nodes.cpp:
-        (KJS::ParserRefCounted::ParserRefCounted):
-        (KJS::ParserRefCounted::ref):
-        (KJS::ParserRefCounted::deref):
-        (KJS::ParserRefCounted::refcount):
-        (KJS::ParserRefCounted::deleteNewObjects):
-        (KJS::Node::handleException):
-        (KJS::NumberNode::evaluate):
-        (KJS::StringNode::evaluate):
-        (KJS::ArrayNode::evaluate):
-        (KJS::PostIncResolveNode::evaluate):
-        (KJS::PostIncLocalVarNode::evaluate):
-        (KJS::PostDecResolveNode::evaluate):
-        (KJS::PostDecLocalVarNode::evaluate):
-        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
-        (KJS::PostIncBracketNode::evaluate):
-        (KJS::PostDecBracketNode::evaluate):
-        (KJS::PostIncDotNode::evaluate):
-        (KJS::PostDecDotNode::evaluate):
-        (KJS::typeStringForValue):
-        (KJS::LocalVarTypeOfNode::evaluate):
-        (KJS::TypeOfResolveNode::evaluate):
-        (KJS::TypeOfValueNode::evaluate):
-        (KJS::PreIncLocalVarNode::evaluate):
-        (KJS::PreIncResolveNode::evaluate):
-        (KJS::PreDecLocalVarNode::evaluate):
-        (KJS::PreDecResolveNode::evaluate):
-        (KJS::PreIncConstNode::evaluate):
-        (KJS::PreDecConstNode::evaluate):
-        (KJS::PostIncConstNode::evaluate):
-        (KJS::PostDecConstNode::evaluate):
-        (KJS::PreIncBracketNode::evaluate):
-        (KJS::PreDecBracketNode::evaluate):
-        (KJS::PreIncDotNode::evaluate):
-        (KJS::PreDecDotNode::evaluate):
-        (KJS::NegateNode::evaluate):
-        (KJS::BitwiseNotNode::evaluate):
-        (KJS::MultNode::evaluate):
-        (KJS::DivNode::evaluate):
-        (KJS::ModNode::evaluate):
-        (KJS::addSlowCase):
-        (KJS::add):
-        (KJS::AddNumbersNode::evaluate):
-        (KJS::AddStringsNode::evaluate):
-        (KJS::AddStringLeftNode::evaluate):
-        (KJS::AddStringRightNode::evaluate):
-        (KJS::SubNode::evaluate):
-        (KJS::LeftShiftNode::evaluate):
-        (KJS::RightShiftNode::evaluate):
-        (KJS::UnsignedRightShiftNode::evaluate):
-        (KJS::BitXOrNode::evaluate):
-        (KJS::BitOrNode::evaluate):
-        (KJS::valueForReadModifyAssignment):
-        (KJS::ForInNode::execute):
-        (KJS::TryNode::execute):
-        (KJS::FuncDeclNode::makeFunction):
-        (KJS::FuncExprNode::evaluate):
-        * kjs/nodes.h:
-        * kjs/number_object.cpp:
-        (KJS::NumberPrototype::NumberPrototype):
-        (KJS::numberProtoFuncToString):
-        (KJS::numberProtoFuncToLocaleString):
-        (KJS::numberProtoFuncToFixed):
-        (KJS::numberProtoFuncToExponential):
-        (KJS::numberProtoFuncToPrecision):
-        (KJS::NumberObjectImp::NumberObjectImp):
-        (KJS::NumberObjectImp::getValueProperty):
-        (KJS::NumberObjectImp::construct):
-        (KJS::NumberObjectImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::JSObject::call):
-        (KJS::JSObject::get):
-        (KJS::JSObject::put):
-        (KJS::JSObject::defineGetter):
-        (KJS::JSObject::defineSetter):
-        (KJS::JSObject::putDirect):
-        (KJS::Error::create):
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (KJS::ObjectPrototype::ObjectPrototype):
-        (KJS::objectProtoFuncToLocaleString):
-        (KJS::objectProtoFuncToString):
-        (KJS::ObjectObjectImp::ObjectObjectImp):
-        (KJS::ObjectObjectImp::construct):
-        * kjs/property_map.h:
-        (KJS::SavedProperty::SavedProperty):
-        (KJS::SavedProperty::init):
-        (KJS::SavedProperty::~SavedProperty):
-        (KJS::SavedProperty::name):
-        (KJS::SavedProperty::value):
-        (KJS::SavedProperty::attributes):
-        * kjs/protect.h:
-        (KJS::gcProtect):
-        (KJS::gcUnprotect):
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpPrototype::RegExpPrototype):
-        (KJS::regExpProtoFuncToString):
-        (KJS::RegExpImp::getValueProperty):
-        (KJS::RegExpObjectImp::RegExpObjectImp):
-        (KJS::RegExpObjectImp::arrayOfMatches):
-        (KJS::RegExpObjectImp::getBackref):
-        (KJS::RegExpObjectImp::getLastParen):
-        (KJS::RegExpObjectImp::getLeftContext):
-        (KJS::RegExpObjectImp::getRightContext):
-        (KJS::RegExpObjectImp::getValueProperty):
-        (KJS::RegExpObjectImp::createRegExpImp):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::StringInstance):
-        (KJS::StringInstance::lengthGetter):
-        (KJS::StringInstance::indexGetter):
-        (KJS::stringInstanceNumericPropertyGetter):
-        (KJS::StringPrototype::StringPrototype):
-        (KJS::replace):
-        (KJS::stringProtoFuncCharAt):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncConcat):
-        (KJS::stringProtoFuncIndexOf):
-        (KJS::stringProtoFuncLastIndexOf):
-        (KJS::stringProtoFuncMatch):
-        (KJS::stringProtoFuncSearch):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncSlice):
-        (KJS::stringProtoFuncSplit):
-        (KJS::stringProtoFuncSubstr):
-        (KJS::stringProtoFuncSubstring):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        (KJS::stringProtoFuncLocaleCompare):
-        (KJS::stringProtoFuncBig):
-        (KJS::stringProtoFuncSmall):
-        (KJS::stringProtoFuncBlink):
-        (KJS::stringProtoFuncBold):
-        (KJS::stringProtoFuncFixed):
-        (KJS::stringProtoFuncItalics):
-        (KJS::stringProtoFuncStrike):
-        (KJS::stringProtoFuncSub):
-        (KJS::stringProtoFuncSup):
-        (KJS::stringProtoFuncFontcolor):
-        (KJS::stringProtoFuncFontsize):
-        (KJS::stringProtoFuncAnchor):
-        (KJS::stringProtoFuncLink):
-        (KJS::StringObjectImp::StringObjectImp):
-        (KJS::StringObjectImp::construct):
-        (KJS::StringObjectImp::callAsFunction):
-        (KJS::StringObjectFuncImp::StringObjectFuncImp):
-        (KJS::StringObjectFuncImp::callAsFunction):
-        * kjs/string_object.h:
-        (KJS::StringInstanceThatMasqueradesAsUndefined::StringInstanceThatMasqueradesAsUndefined):
-        * kjs/testkjs.cpp:
-        (GlobalObject::GlobalObject):
-        (functionGC):
-        (functionRun):
-        (functionReadline):
-        (kjsmain):
-        * kjs/ustring.h:
-        * kjs/value.cpp:
-        (KJS::JSCell::operator new):
-        (KJS::jsString):
-        (KJS::jsOwnedString):
-        (KJS::jsNumberCell):
-        * kjs/value.h:
-        (KJS::jsNaN):
-        (KJS::jsNumber):
-        (KJS::jsNumberFromAnd):
-        (KJS::JSCell::marked):
-        (KJS::JSCell::mark):
-        (KJS::JSValue::toJSNumber):
-        * wtf/ThreadSpecific.h:
-        (WTF::T):
-
-2008-05-10  Julien Chaffraix  <jchaffraix@webkit.org>
-
-        Qt & wx build fix.
-
-        * JavaScriptCore.pri: Add profiler/Profile.cpp.
-        * JavaScriptCoreSources.bkl: Ditto.
-
-2008-05-10  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
-
-        Reviewed by Maciej.
-
-        Gtk+ build fix
-
-        * GNUmakefile.am: Add Profile.cpp in _sources
-
-2008-05-09  Brady Eidson  <beidson@apple.com>
-
-        Build Fix.  Kevin is an idiot.  
-        ("My name is Kevin McCullough and I approve this message.")
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-05-09  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        -<rdar://problem/5770054> JavaScript profiler (10928)
-        -Add Profile class so that all profiles can be stored and retrieved by
-        the WebInspector when that time comes.
-
-        * JavaScriptCore.exp: Export the new function signatures.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add the new files to the
-        project
-        * profiler/Profile.cpp: Added. This class represents a single run of the
-        profiler.
-        (KJS::Profile::Profile):
-        (KJS::Profile::willExecute):
-        (KJS::Profile::didExecute):
-        (KJS::Profile::printDataInspectorStyle):
-        (KJS::functionNameCountPairComparator):
-        (KJS::Profile::printDataSampleStyle):
-        * profiler/Profile.h: Added. Ditto
-        (KJS::Profile::stopProfiling):
-        * profiler/Profiler.cpp: Now the profiler keeps track of many profiles
-        but only runs one at a time.
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::stopProfiling):
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-        (KJS::Profiler::printDataInspectorStyle):
-        (KJS::Profiler::printDataSampleStyle):
-        * profiler/Profiler.h: Ditto.
-        (KJS::Profiler::~Profiler):
-        (KJS::Profiler::allProfiles):
-        (KJS::Profiler::clearProfiles):
-
-2008-05-08  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Mark.
-
-        Enable NPAPI plug-ins on 64-bit.
-        
-        * wtf/Platform.h:
-
-2008-05-07  Julien Chaffraix  <jchaffraix@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        wx & Gtk build fix.
-
-        Add SIZE_MAX definition for the wx port.
-
-        * os-win32/stdint.h:
-
-2008-05-07  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        Support for isMainThread in the Qt port.
-
-        * wtf/ThreadingQt.cpp:
-        (WTF::initializeThreading): Adjusted.
-        (WTF::isMainThread): Added.
-
-2008-05-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - fix debug-only leak seen on buildbot
-
-        * wtf/HashTable.h:
-        (WTF::HashTable::checkKey): After writing an empty value in, but before constructing a
-        deleted value on top of it, call the destructor so the empty value doesn't leak.
-
-2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Get rid of static data in nodes.cpp (well, at least of non-debug one).
-
-        No measurable change on SunSpider.
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreadingOnce):
-        * kjs/nodes.cpp:
-        (KJS::newTrackedObjects):
-        (KJS::trackedObjectExtraRefCounts):
-        (KJS::initializeNodesThreading):
-        (KJS::ParserRefCounted::ParserRefCounted):
-        (KJS::ParserRefCounted::ref):
-        (KJS::ParserRefCounted::deref):
-        (KJS::ParserRefCounted::refcount):
-        (KJS::ParserRefCounted::deleteNewObjects):
-        * kjs/nodes.h:
-        Made newTrackedObjects and trackedObjectExtraRefCounts per-thread.
-
-2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Move call stack depth counter to global object.
-
-        * kjs/ExecState.h: (KJS::ExecState::functionCallDepth): Added a recursion depth counter to
-        per-thread data.
-        * kjs/JSGlobalObject.cpp: (KJS::JSGlobalObject::init): Initialize PerThreadData.functionCallDepth.
-        * kjs/JSGlobalObject.h: (KJS::JSGlobalObject::perThreadData): Made the result non-const.
-
-        * kjs/object.cpp:
-        (KJS::throwStackSizeExceededError): Moved throwError to a separate function, since it is now
-        the only thing in JSObject::call that needs a PIC branch.
-        (KJS::JSObject::call): Use a per-thread variable instead of local static for recursion depth
-        tracking.
-
-2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Make JavaScriptGlue and JavaScriptCore API functions implicitly call initializeThreading
-        for the sake of non-WebKit clients.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        These are the JavaScriptCore API bottlenecks. There are a few other JSStringRef
-        and JSClassRef functions that can be called earlier, but they do not do anything that
-        requires initializeThreading.
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::doInitializeThreading):
-        (KJS::initializeThreading):
-        On Darwin, make the initialization happen under pthread_once, since there is no guarantee
-        that non-WebKit clients won't try to call this function re-entrantly.
-
-        * kjs/InitializeThreading.h:
-        * wtf/Threading.h:
-        Spell out initializeThreading contract.
-
-        * wtf/ThreadingPthreads.cpp: (WTF::isMainThread): Make sure that results are correct on
-        Darwin, even if threading was initialized from a secondary thread.
-
-2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=18826
-        Make JavaScript heap per-thread
-
-        * wtf/ThreadSpecific.h: Make sure to initialize POD thread-specific varaibles, too
-        (replaced "new T" with "new T()").
-
-        * kjs/collector.h: Renamed Collector to Heap, made the heap per-thread. Removed support for
-        multithreaded access to a heap.
-        (KJS::CollectorBlock): Removed collectOnMainThreadOnly bitmap, added a reference to owner heap.
-        (KJS::SmallCellCollectorBlock): Ditto.
-        (KJS::Heap::markListSet): Moved from a static variable in List.cpp to a per-thread one here.
-        (KJS::Heap::heap): Added a method to find which heap a JSValue is allocated in.
-
-        * kjs/collector.cpp: Changed "const size_t" constants to #defines, to avoid a PIC branch
-        (gcc was using one to access a constant used in std::max(), because it takes a reference,
-        even though std::max() itself was inlined).
-        (KJS::Heap::threadHeap): JS heap is now per-thread.
-        (KJS::Heap::Heap): Zero-initialize the heap.
-        (KJS::allocateBlock): Added NEVER_INLINE, because this function uses a PIC branch, so
-        inlining it in Heap::heapAllocate() is bad for performance, now that the latter doesn't
-        use any global data.
-        (KJS::Heap::heapAllocate): Initialize Block::heap.
-        (KJS::Heap::markCurrentThreadConservatively): Moved into markStackObjectsConservatively(),
-        as GC only works with a current thread's heap now.
-        (KJS::Heap::sweep): Removed collectOnMainThreadOnly checks.
-        (KJS::Heap::collect): Ditto.
-
-        * kjs/JSLock.cpp:
-        * kjs/JSLock.h:
-        (KJS::JSLock::JSLock):
-        Removed registerThread(), as the heap no longer cares.
-
-        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): Initialize new per-thread
-        variables in Heap and JSGlobalObject.
-
-        * kjs/ExecState.h: (KJS::ExecState::heap): Added a heap pointer for faster access to
-        per-thread heap, and an accessor for it.
-
-        * kjs/JSGlobalObject.h: Made JSGlobalObject linked list per-thread.
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject): Fixed a bug in linked list handling. It only worked
-        right if the removed object was the head one!
-        (KJS::JSGlobalObject::head): Return a per-thread list head.
-        (KJS::JSGlobalObject::init): Store a reference to per-thread heap.
-        (KJS::JSGlobalObject::reset): Pass ExecState to functions that need it.
-        (KJS::JSGlobalObject::tearOffActivation): Ditto.
-        (KJS::JSGlobalObject::operator new): JSGlobalObject allocation cannot use an ExecState,
-        so it needs a custom operator new that directly accesses per-thread heap.
-
-        * kjs/list.h:
-        (KJS::List::List): Replaced m_isInMarkSet boolean with an actual pointer to the set, since it
-        is no longer a single static object.
-        (KJS::List::~List): Ditto.
-        * kjs/list.cpp:
-        (KJS::List::markSet): Removed, this is now stored in Heap.
-        (KJS::List::markProtectedLists): Take a reference to the list.
-        (KJS::List::expandAndAppend): Ask the current thread heap for a mark set reference.
-
-        * kjs/protect.h:
-        (KJS::gcProtect):
-        (KJS::gcUnprotect):
-        Use the newly added Heap::heap() method to find out which heap the value to be (un)protected
-        belongs to.
-
-        * kjs/property_map.h: Removed unused SavedProperty class.
-
-        * JavaScriptCore.exp:
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::ArrayInstance):
-        (KJS::ArrayInstance::lengthGetter):
-        * kjs/array_object.cpp:
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncJoin):
-        (KJS::arrayProtoFuncConcat):
-        (KJS::arrayProtoFuncPop):
-        (KJS::arrayProtoFuncPush):
-        (KJS::arrayProtoFuncShift):
-        (KJS::arrayProtoFuncSlice):
-        (KJS::arrayProtoFuncSplice):
-        (KJS::arrayProtoFuncUnShift):
-        (KJS::arrayProtoFuncFilter):
-        (KJS::arrayProtoFuncMap):
-        (KJS::arrayProtoFuncEvery):
-        (KJS::arrayProtoFuncForEach):
-        (KJS::arrayProtoFuncSome):
-        (KJS::arrayProtoFuncIndexOf):
-        (KJS::arrayProtoFuncLastIndexOf):
-        (KJS::ArrayObjectImp::ArrayObjectImp):
-        (KJS::ArrayObjectImp::construct):
-        * kjs/bool_object.cpp:
-        (KJS::BooleanPrototype::BooleanPrototype):
-        (KJS::booleanProtoFuncToString):
-        (KJS::BooleanObjectImp::BooleanObjectImp):
-        (KJS::BooleanObjectImp::construct):
-        * kjs/date_object.cpp:
-        (KJS::formatLocaleDate):
-        (KJS::DatePrototype::DatePrototype):
-        (KJS::DateObjectImp::DateObjectImp):
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectImp::callAsFunction):
-        (KJS::DateObjectFuncImp::DateObjectFuncImp):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        (KJS::dateProtoFuncToString):
-        (KJS::dateProtoFuncToUTCString):
-        (KJS::dateProtoFuncToDateString):
-        (KJS::dateProtoFuncToTimeString):
-        (KJS::dateProtoFuncToLocaleString):
-        (KJS::dateProtoFuncToLocaleDateString):
-        (KJS::dateProtoFuncToLocaleTimeString):
-        (KJS::dateProtoFuncValueOf):
-        (KJS::dateProtoFuncGetTime):
-        (KJS::dateProtoFuncGetFullYear):
-        (KJS::dateProtoFuncGetUTCFullYear):
-        (KJS::dateProtoFuncToGMTString):
-        (KJS::dateProtoFuncGetMonth):
-        (KJS::dateProtoFuncGetUTCMonth):
-        (KJS::dateProtoFuncGetDate):
-        (KJS::dateProtoFuncGetUTCDate):
-        (KJS::dateProtoFuncGetDay):
-        (KJS::dateProtoFuncGetUTCDay):
-        (KJS::dateProtoFuncGetHours):
-        (KJS::dateProtoFuncGetUTCHours):
-        (KJS::dateProtoFuncGetMinutes):
-        (KJS::dateProtoFuncGetUTCMinutes):
-        (KJS::dateProtoFuncGetSeconds):
-        (KJS::dateProtoFuncGetUTCSeconds):
-        (KJS::dateProtoFuncGetMilliSeconds):
-        (KJS::dateProtoFuncGetUTCMilliseconds):
-        (KJS::dateProtoFuncGetTimezoneOffset):
-        (KJS::dateProtoFuncSetTime):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::dateProtoFuncSetYear):
-        (KJS::dateProtoFuncGetYear):
-        * kjs/error_object.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype):
-        (KJS::errorProtoFuncToString):
-        (KJS::ErrorObjectImp::ErrorObjectImp):
-        (KJS::ErrorObjectImp::construct):
-        (KJS::NativeErrorPrototype::NativeErrorPrototype):
-        (KJS::NativeErrorImp::NativeErrorImp):
-        (KJS::NativeErrorImp::construct):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::lengthGetter):
-        (KJS::FunctionImp::construct):
-        (KJS::Arguments::Arguments):
-        (KJS::ActivationImp::createArgumentsObject):
-        (KJS::encode):
-        (KJS::decode):
-        (KJS::globalFuncParseInt):
-        (KJS::globalFuncParseFloat):
-        (KJS::globalFuncEscape):
-        (KJS::globalFuncUnescape):
-        (KJS::PrototypeFunction::PrototypeFunction):
-        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
-        * kjs/function_object.cpp:
-        (KJS::FunctionPrototype::FunctionPrototype):
-        (KJS::functionProtoFuncToString):
-        (KJS::FunctionObjectImp::FunctionObjectImp):
-        (KJS::FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (KJS::StringImp::toObject):
-        * kjs/internal.h:
-        (KJS::StringImp::StringImp):
-        (KJS::NumberImp::operator new):
-        * kjs/lookup.h:
-        (KJS::staticFunctionGetter):
-        (KJS::cacheGlobalObject):
-        * kjs/math_object.cpp:
-        (KJS::MathObjectImp::getValueProperty):
-        (KJS::mathProtoFuncAbs):
-        (KJS::mathProtoFuncACos):
-        (KJS::mathProtoFuncASin):
-        (KJS::mathProtoFuncATan):
-        (KJS::mathProtoFuncATan2):
-        (KJS::mathProtoFuncCeil):
-        (KJS::mathProtoFuncCos):
-        (KJS::mathProtoFuncExp):
-        (KJS::mathProtoFuncFloor):
-        (KJS::mathProtoFuncLog):
-        (KJS::mathProtoFuncMax):
-        (KJS::mathProtoFuncMin):
-        (KJS::mathProtoFuncPow):
-        (KJS::mathProtoFuncRandom):
-        (KJS::mathProtoFuncRound):
-        (KJS::mathProtoFuncSin):
-        (KJS::mathProtoFuncSqrt):
-        (KJS::mathProtoFuncTan):
-        * kjs/nodes.cpp:
-        (KJS::Node::handleException):
-        (KJS::NumberNode::evaluate):
-        (KJS::StringNode::evaluate):
-        (KJS::ArrayNode::evaluate):
-        (KJS::PostIncResolveNode::evaluate):
-        (KJS::PostIncLocalVarNode::evaluate):
-        (KJS::PostDecResolveNode::evaluate):
-        (KJS::PostDecLocalVarNode::evaluate):
-        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
-        (KJS::PostIncBracketNode::evaluate):
-        (KJS::PostDecBracketNode::evaluate):
-        (KJS::PostIncDotNode::evaluate):
-        (KJS::PostDecDotNode::evaluate):
-        (KJS::typeStringForValue):
-        (KJS::LocalVarTypeOfNode::evaluate):
-        (KJS::TypeOfResolveNode::evaluate):
-        (KJS::TypeOfValueNode::evaluate):
-        (KJS::PreIncLocalVarNode::evaluate):
-        (KJS::PreIncResolveNode::evaluate):
-        (KJS::PreDecLocalVarNode::evaluate):
-        (KJS::PreDecResolveNode::evaluate):
-        (KJS::PreIncConstNode::evaluate):
-        (KJS::PreDecConstNode::evaluate):
-        (KJS::PostIncConstNode::evaluate):
-        (KJS::PostDecConstNode::evaluate):
-        (KJS::PreIncBracketNode::evaluate):
-        (KJS::PreDecBracketNode::evaluate):
-        (KJS::PreIncDotNode::evaluate):
-        (KJS::PreDecDotNode::evaluate):
-        (KJS::NegateNode::evaluate):
-        (KJS::BitwiseNotNode::evaluate):
-        (KJS::MultNode::evaluate):
-        (KJS::DivNode::evaluate):
-        (KJS::ModNode::evaluate):
-        (KJS::addSlowCase):
-        (KJS::add):
-        (KJS::AddNumbersNode::evaluate):
-        (KJS::AddStringsNode::evaluate):
-        (KJS::AddStringLeftNode::evaluate):
-        (KJS::AddStringRightNode::evaluate):
-        (KJS::SubNode::evaluate):
-        (KJS::LeftShiftNode::evaluate):
-        (KJS::RightShiftNode::evaluate):
-        (KJS::UnsignedRightShiftNode::evaluate):
-        (KJS::BitXOrNode::evaluate):
-        (KJS::BitOrNode::evaluate):
-        (KJS::valueForReadModifyAssignment):
-        (KJS::ForInNode::execute):
-        (KJS::TryNode::execute):
-        (KJS::FuncDeclNode::makeFunction):
-        (KJS::FuncExprNode::evaluate):
-        * kjs/number_object.cpp:
-        (KJS::NumberPrototype::NumberPrototype):
-        (KJS::numberProtoFuncToString):
-        (KJS::numberProtoFuncToLocaleString):
-        (KJS::numberProtoFuncToFixed):
-        (KJS::numberProtoFuncToExponential):
-        (KJS::numberProtoFuncToPrecision):
-        (KJS::NumberObjectImp::NumberObjectImp):
-        (KJS::NumberObjectImp::getValueProperty):
-        (KJS::NumberObjectImp::construct):
-        (KJS::NumberObjectImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::JSObject::defineGetter):
-        (KJS::JSObject::defineSetter):
-        (KJS::JSObject::putDirect):
-        (KJS::Error::create):
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (KJS::ObjectPrototype::ObjectPrototype):
-        (KJS::objectProtoFuncToLocaleString):
-        (KJS::objectProtoFuncToString):
-        (KJS::ObjectObjectImp::ObjectObjectImp):
-        (KJS::ObjectObjectImp::construct):
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpPrototype::RegExpPrototype):
-        (KJS::regExpProtoFuncToString):
-        (KJS::RegExpImp::getValueProperty):
-        (KJS::RegExpObjectImp::RegExpObjectImp):
-        (KJS::RegExpObjectImp::arrayOfMatches):
-        (KJS::RegExpObjectImp::getBackref):
-        (KJS::RegExpObjectImp::getLastParen):
-        (KJS::RegExpObjectImp::getLeftContext):
-        (KJS::RegExpObjectImp::getRightContext):
-        (KJS::RegExpObjectImp::getValueProperty):
-        (KJS::RegExpObjectImp::createRegExpImp):
-        * kjs/regexp_object.h:
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::StringInstance):
-        (KJS::StringInstance::lengthGetter):
-        (KJS::StringInstance::indexGetter):
-        (KJS::stringInstanceNumericPropertyGetter):
-        (KJS::StringPrototype::StringPrototype):
-        (KJS::replace):
-        (KJS::stringProtoFuncCharAt):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncConcat):
-        (KJS::stringProtoFuncIndexOf):
-        (KJS::stringProtoFuncLastIndexOf):
-        (KJS::stringProtoFuncMatch):
-        (KJS::stringProtoFuncSearch):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncSlice):
-        (KJS::stringProtoFuncSplit):
-        (KJS::stringProtoFuncSubstr):
-        (KJS::stringProtoFuncSubstring):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        (KJS::stringProtoFuncLocaleCompare):
-        (KJS::stringProtoFuncBig):
-        (KJS::stringProtoFuncSmall):
-        (KJS::stringProtoFuncBlink):
-        (KJS::stringProtoFuncBold):
-        (KJS::stringProtoFuncFixed):
-        (KJS::stringProtoFuncItalics):
-        (KJS::stringProtoFuncStrike):
-        (KJS::stringProtoFuncSub):
-        (KJS::stringProtoFuncSup):
-        (KJS::stringProtoFuncFontcolor):
-        (KJS::stringProtoFuncFontsize):
-        (KJS::stringProtoFuncAnchor):
-        (KJS::stringProtoFuncLink):
-        (KJS::StringObjectImp::StringObjectImp):
-        (KJS::StringObjectImp::construct):
-        (KJS::StringObjectImp::callAsFunction):
-        (KJS::StringObjectFuncImp::StringObjectFuncImp):
-        (KJS::StringObjectFuncImp::callAsFunction):
-        * kjs/string_object.h:
-        (KJS::StringInstanceThatMasqueradesAsUndefined::StringInstanceThatMasqueradesAsUndefined):
-        * kjs/testkjs.cpp:
-        (GlobalObject::GlobalObject):
-        (functionGC):
-        (functionRun):
-        (functionReadline):
-        (kjsmain):
-        * kjs/ustring.h:
-        * kjs/value.cpp:
-        (KJS::JSCell::operator new):
-        (KJS::jsString):
-        (KJS::jsOwnedString):
-        (KJS::jsNumberCell):
-        * kjs/value.h:
-        (KJS::jsNaN):
-        (KJS::jsNumber):
-        (KJS::jsNumberFromAnd):
-        (KJS::JSCell::marked):
-        (KJS::JSCell::mark):
-        (KJS::JSValue::toJSNumber):
-        Removed collectOnMainThreadOnly, as this is the only way to collect now. Replaced calls to
-        static Collector methods with calls to per-thread Heap ones.
-
-2008-05-02  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        - Mac build fix
-
-        * wtf/StrHash.h: Added header guards and removed #include "config.h".
-
-2008-05-01  Ada Chan  <adachan@apple.com>
-
-        #include <wtf/StrHash.h> in identifier.cpp.
-
-        Reviewed by Maciej.
-
-        * kjs/identifier.cpp:
-
-2008-05-01  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-05-01  Sam Weinig  <sam@webkit.org>
-
-        Fix build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-05-01  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - Fix "sample" output so that it can be imported into Instruments
-        - Also keep track of number of times a function is profiled.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add StrHash.h which needed
-        to be pulled out of identifier.cpp so that it could be used by the
-        profiler and identifiers.
-        * kjs/identifier.cpp: Ditto.
-        * profiler/FunctionCallProfile.cpp:
-        (KJS::FunctionCallProfile::printDataInspectorStyle): Inspector style
-        printing should show microseconds.
-        (KJS::FunctionCallProfile::printDataSampleStyle): Sample style printing
-        now counts the number of times a function is in the stack tree and does
-        not print microseconds since that does not make sense for a sampler.
-        * profiler/FunctionCallProfile.h: Keep track of number of times a
-        function is profiled.
-        (KJS::FunctionCallProfile::numberOfCalls):
-        * profiler/Profiler.cpp:
-        (KJS::functionNameCountPairComparator): Comparator for sort function in
-        printDataSampleStyle.
-        (KJS::Profiler::printDataSampleStyle): Print the number of times that a
-        function is listed in the stack tree in order of most times listed.
-        * wtf/HashCountedSet.h: Added copyToVector since it didn't exist and is
-        a more standard way to copy a HashSet to a Vector. I added on variant
-        that takes a pair as the Vector's type and so the HashCountedSet simply
-        fills in that pair with its internal pair, and another variant that
-        takes a Vector of the type of the HashCountedSet and only fills in the
-        Vector with the first element of the pair.
-        (WTF::copyToVector):
-        * wtf/StrHash.h: Added.
-        (WTF::):
-
-2008-04-29  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX for ENABLE(DASHBOARD_SUPPORT)
-
-        * wtf/Platform.h: Defined ENABLE(DASHBOARD_SUPPORT) to 1 only for
-        PLATFORM(MAC) and PLATFORM(WIN).  Changed default to 0 for other
-        ports.
-
-2008-04-29  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Darin.
-
-        Wrapped Dashboard code with ENABLE(DASHBOARD_SUPPORT)
-
-        * wtf/Platform.h:
-
-2008-04-29  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        -<rdar://problem/5770054> JavaScript profiler (10928)
-        -Keep call count.
-
-        * profiler/FunctionCallProfile.cpp:
-        (KJS::FunctionCallProfile::FunctionCallProfile):
-        (KJS::FunctionCallProfile::didExecute): Implements call count and fixed a bug where a stackIndex
-        of 0 was causing the assert to be hit.
-        (KJS::FunctionCallProfile::stopProfiling):
-        (KJS::FunctionCallProfile::endAndRecordCall):
-        * profiler/FunctionCallProfile.h:
-
-2008-04-29  Simon Hausmann  <hausmann@webkit.org>
-
-        Qt/Windows build fix. The externally declared hash tables are actually
-        declared const and the const is mangled in the symbol name, so when
-        importing they also need to be marked const.
-
-        When compiling without MULTIPLE_THREADS use a const HashTable&
-        instead of a HashTable& in ThreadClassInfoHashTables to avoid
-        initializing the latter with a const reference.
-
-        * kjs/JSGlobalObject.cpp:
-
-2008-04-28  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows build fix.
-
-        * kjs/ExecState.h: For whatever reason, MSVC couldn't generate a default constructor for
-        a struct that had a "const List" member. Removing the const qulifier makes the problem go away.
-
-2008-04-28  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Fix run-webkit-tests --threading
-        and provisionally fix <https://bugs.webkit.org/show_bug.cgi?id=18661>
-        Proxy server issue in Sunday's Nightly
-
-        Changed ClassInfo objects for built-in objects to hold a getter function returning
-        a per-thread instance. This makes it safe to share these ClassInfo objects between threads -
-        and these are the only ones that need to be shared.
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::Lexer):
-        (KJS::Lexer::~Lexer):
-        * kjs/lexer.h:
-        Made mainTable a member of Lexer, so that it no longer needs to be shared between threads.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::deleteProperty):
-        (KJS::JSObject::findPropertyHashEntry):
-        (KJS::JSObject::propertyIsEnumerable):
-        (KJS::JSObject::getPropertyAttributes):
-        (KJS::JSObject::getPropertyNames):
-        * kjs/object.h:
-        (KJS::ClassInfo::propHashTable):
-        Added a new classPropHashTableGetterFunction field to ClassInfo. If it is non-zero, the
-        static table is not used.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::ThreadClassInfoHashTables::ThreadClassInfoHashTables): This new class holds per-thread
-        HashTables for built-in classes. The old static structs are copied to create per-thread
-        instances.
-        (KJS::JSGlobalObject::threadClassInfoHashTables): An accessor/initializer for the above.
-        (KJS::JSGlobalObject::init): Copy per-thread data into a single structure for faster access.
-        Also, construct globalExec.
-        (KJS::JSGlobalObject::reset): Adapted for globalExec now being an OwnPtr.
-        (KJS::JSGlobalObject::mark): Ditto.
-        (KJS::JSGlobalObject::globalExec): Ditto.
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Made JSGlobalObject::JSGlobalObjectData::globalExec an OwnPtr, so that it can
-        be initialized from JSGlobalObject::init() after them. Otherwise, ExecState constructor was
-        trying to access half-initialized JSGlobalObject to make its own copy of these table
-        references, and failed.
-        (KJS::JSGlobalObject::JSGlobalObject): Pass "this" value to init() to create globalExec.
-        (KJS::JSGlobalObject::perThreadData): An accessor for per-thread data.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/ExecState.h:
-        (KJS::ExecState::propertyNames):
-        (KJS::ExecState::emptyList):
-        (KJS::ExecState::arrayTable):
-        (KJS::ExecState::dateTable):
-        (KJS::ExecState::mathTable):
-        (KJS::ExecState::numberTable):
-        (KJS::ExecState::RegExpImpTable):
-        (KJS::ExecState::RegExpObjectImpTable):
-        (KJS::ExecState::stringTable):
-        * kjs/ExecStateInlines.h:
-        (KJS::ExecState::ExecState):
-        Each ExecState holds its own reference to per-thread data, for even faster access. Moved
-        m_emptyList and m_propertyNames to the same structure, making ExecState faster to construct
-        and take less space on the stack.
-
-        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): Initialize thread-static data
-        added to JSGlobalObject.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackObject.cpp:
-        * JavaScriptCore.exp:
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::getPropertyAttributes):
-        * kjs/JSVariableObject.h:
-        * kjs/array_instance.cpp:
-        * kjs/array_object.cpp:
-        (KJS::ArrayPrototype::getOwnPropertySlot):
-        * kjs/bool_object.cpp:
-        * kjs/create_hash_table:
-        * kjs/date_object.cpp:
-        (KJS::DatePrototype::getOwnPropertySlot):
-        (KJS::DateObjectImp::DateObjectImp):
-        * kjs/error_object.cpp:
-        * kjs/function.cpp:
-        * kjs/function_object.cpp:
-        (KJS::FunctionPrototype::FunctionPrototype):
-        * kjs/internal.cpp:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        (KJS::MathObjectImp::getOwnPropertySlot):
-        * kjs/number_object.cpp:
-        (KJS::NumberObjectImp::getOwnPropertySlot):
-        * kjs/object_object.cpp:
-        (KJS::ObjectPrototype::ObjectPrototype):
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpPrototype::RegExpPrototype):
-        (KJS::RegExpImp::getOwnPropertySlot):
-        (KJS::RegExpImp::put):
-        (KJS::RegExpObjectImp::getOwnPropertySlot):
-        (KJS::RegExpObjectImp::put):
-        * kjs/string_object.cpp:
-        (KJS::StringPrototype::getOwnPropertySlot):
-        Adjust for the above changes.
-
-2008-04-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam.
-
-        - make sure RefPtr's default hash doesn't ref/deref when computing the hash
-        - remove remnants of the hash table storage type optimization
-
-        * wtf/HashFunctions.h: Used "using" to get the hash and equal functions
-        from PtrHash<P*> into PtrHash<RefPtr<P>>.
-
-        * wtf/HashMap.h: Replaced uses of PairBaseHashTraits with PairHashTraits.
-        Eliminated storage-related typedefs. Removed constructor, destructor,
-        copy constructor, and destructor since the compiler-generated ones are
-        fine. Removed refAll and derefAll. Took out unnnecessary typecasts.
-        Removed use of RefCounter.
-
-        * wtf/HashSet.h: Eliminated storage-related typedefs. Removed constructor,
-        destructor, copy constructor, and destructor since the compiler-generated
-        ones are fine. Removed refAll and derefAll. Removed unneeded template
-        arguents from HashSetTranslatorAdapter. Eliminated unneeded HashSetTranslator
-        template.
-
-        * wtf/HashTable.h: Tweaked formatting. Removed NeedsRef, RefCounterBase,
-        RefCounter, HashTableRefCounterBase, HashTableRefCounter, and Assigner
-        class templates.
-
-        * wtf/HashTraits.h: Removed StorageTraits, needsRef, PairBaseHashTraits,
-        and HashKeyStorageTraits.
-
-        * wtf/RefPtrHashMap.h: Made all the same fixes as in HashMap. Also made
-        the corresponding changes to RefPtrHashMapRawKeyTranslator.
-
-2008-04-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mitz.
-
-        - fix assertion hit every time you view www.apple.com
-
-        * kjs/PropertyNameArray.cpp:
-        (KJS::PropertyNameArray::add): Changed assertion to allow null and empty strings.
-        Now to find out why we have a property named "" and if that's a bug!
-
-2008-04-27  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix crash inside PtrHash::hash when loading a page.
-
-        * wtf/HashFunctions.h: Explicitly use the superclass implementation of hash to avoid infinite recursion.
-
-2008-04-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix <rdar://problem/5657459> REGRESSION: JavaScriptCore no longer builds with
-          GCC 4.2 due to pointer aliasing warnings
-
-        Fix this by removing the HashTable optimizations that allowed us to share a back end
-        implementation between hash tables with integers, pointers, RefPtr, and String objects
-        as keys. The way it worked was incompatible with strict aliasing.
-
-        This increases code size. On Mac OS X we'll have to regenerate .order files to avoid
-        slowing down Safari startup times.
-
-        This creates a slight slowdown in SunSpider, mitigated by the following four speedups:
-
-        - speed up array put slightly by moving a branch (was already done for get)
-
-        - speed up symbol table access by adding a function named inlineGet to HashMap
-          and using that in symbolTableGet/Put
-
-        - speed up PropertyNameArray creation by reducing the amount of reference count
-          churn and uniqueness checking when adding names and not doing any allocation at
-          all when building small arrays
-
-        - speed up conversion of strings to floating point numbers by eliminating the
-          malloc/free of the buffer for the ASCII copy of the string; a way to make
-          things even faster would be to change strtod to take a UTF-16 string
-
-        Note that there is considerable unused complexity now in HashSet/Map/Table to support
-        "storage types", which is no longer used. Will do in a separate patch.
-
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::JSCallbackObject<Base>::getPropertyNames): Removed explicit cast to Identifier to
-        take advantage of the new PropertyNameArray::add overload and avoid reference count churn.
-        * API/JSObjectRef.cpp:
-        (JSPropertyNameAccumulatorAddName): Ditto.
-        * JavaScriptCore.exp: Updated PropertyNameArray::add entry point name.
-
-        * kjs/JSVariableObject.cpp: Removed now-unneeded IdentifierRepHashTraits::nullRepPtr
-        definition (see below).
-        (KJS::JSVariableObject::getPropertyNames): Removed explicit cast to Identifier.
-
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableGet): Use inlineGet for speed. Also changed to do
-        early exit instead of nesting the body inside an if.
-        (KJS::JSVariableObject::symbolTablePut): Ditto.
-
-        * kjs/PropertyNameArray.cpp:
-        (KJS::PropertyNameArray::add): Changed implementation to take a raw pointer instead of
-        a reference to an identifier. Do uniqueness checking by searching the vector when the
-        vector is short, only building the set once the vector is large enough.
-
-        * kjs/PropertyNameArray.h: Added an overload of add for a raw pointer, and made the old
-        add function call that one. Added an addKnownUnique function for use when the new
-        name is known to be different from any other in the array. Changed the vector to have
-        an inline capacity of 20.
-
-        * kjs/SymbolTable.h: Changed IdentifierRepHash to inherit from the default hash for
-        a RefPtr so we don't have to define so much. Added an overload of the hash function for
-        a raw pointer as required by the new RefPtrHashMap. Got rid of the now-unneeded
-        IdentifierRepHashTraits -- the default traits now work fine. Added a definition of
-        empthValueIsZero to SymbolTableIndexHashTraits; not having it was incorrect, but harmless.
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::put): Move the maxArrayIndex check inside the branch that checks
-        the index against the length, as done in the get function.
-
-        * kjs/function.cpp:
-        (KJS::globalFuncKJSPrint): Changed to use the new getCString instead of cstring.
-
-        * kjs/internal.cpp: Removed printInfo debugging function, a client of cstring.
-        If we need a debugging function we can easily make a better one and we haven't
-        used this one in a long time.
-        * kjs/internal.h: Ditto.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::getPropertyNames): Removed explicit cast to Identifier.
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::getEnumerablePropertyNames): Ditto. Also added a special case for
-        the case where the propertyNames array is empty -- in that case we know we're adding
-        a set of names that are non-overlapping so we can use addKnownUnique.
-        * kjs/ustring.cpp:
-        (KJS::UString::getCString): Replaces cstring. Puts the C string into a CStringBuffer,
-        which is a char Vector with an inline capacity. Also returns a boolean to indicate if
-        the converion was lossy, which eliminates the need for a separate is8Bit call.
-        (KJS::UString::toDouble): Changed to call getCString instead of cstring.
-        * kjs/ustring.h: Ditto.
-
-        * wtf/HashFunctions.h: Overload the hash and equal functions for RefPtr's default
-        hash to take raw pointers. This works with the changes to RefPtrHashMap to avoid
-        introducing refcount churn.
-
-        * wtf/HashMap.h: Removed special code to convert the deleted value to the empty value
-        when writing a new value into the map. This is now handled elsewhere.
-        (WTF::HashMap::get): Removed code that checks for an empty hash table before calling
-        HashTable::lookup; it's slightly more efficient to do this check inside lookup.
-
-        * wtf/HashTable.h:
-        (WTF::HashTable::isDeletedBucket): Changed to use isDeletedValue instead of using
-        deletedValue and the equality operator.
-        (WTF::HashTable::deleteBucket): Changed to use constructDeletedValue instead of
-        using deletedValue and the assignment operator.
-        (WTF::HashTable::checkKey): Added. Factors out the check for values that are empty
-        or deleted keys that's used in various functions below.
-        (WTF::HashTable::lookup): Changed to use checkKey, check for a 0 table, and also
-        made public for use by RefPtrHashMap.
-        (WTF::HashTable::lookupForWriting): Changed to use checkKey.
-        (WTF::HashTable::fullLookupForWriting): Changed to use checkKey.
-        (WTF::HashTable::add): Changed to use checkKey, and call initializeBucket on a
-        deleted bucket before putting a new entry into it.
-        (WTF::HashTable::addPassingHashCode): Ditto.
-        (WTF::HashTable::deallocateTable): Check isDeletedBucket before calling ~ValueType.
-
-        * wtf/HashTraits.h: Got ridd of all the HashTraits specialization for the integer
-        types, since GeneicHashTraitsBase already deals with integers separately. Put the
-        deleted value support into GenericHashTraitsBase. Changed FloatHashTraits to
-        inherit from GenericHashTraits, and define construct/isDeletedValue rather than
-        deletedValue. Removed the ref and deref functions from RefPtr's HashTraits, and
-        defined construct/isDeletedValue. Eliminated DeletedValueAssigner. Changed
-        PairHashTraits to define construct/isDeletedValue, and also merged
-        PairBaseHashTraits in with PairHashTraits. Got rid of all specialization of
-        HashKeyStorageTraits. We'll remove that, and the needsRef data member, later.
-
-        * wtf/RefPtr.h: Added HashTableDeletedValueType, an enum type with a single value,
-        HashTableDeletedValue. Used that type to make a new constructor to construct
-        deleted values and also added an isHashTableDeletedValue function.
-
-        * wtf/RefPtrHashMap.h: Added RefPtrHashMapRawKeyTranslator and used it to implement
-        the raw pointer functions. This is a way to continue to avoid refcount thrash. We
-        can't use the old way because it depended on the underlying map using a non-RefPtr
-        type.
-        (WTF::HashMap::find): Use find with RefPtrHashMapRawKeyTranslator.
-        (WTF::HashMap::contains): Use contains with RefPtrHashMapRawKeyTranslator.
-        (WTF::HashMap::inlineAdd): Use add with RefPtrHashMapRawKeyTranslator.
-        (WTF::HashMap::get): Removed code that checks for an empty hash table before calling
-        HashTable::lookup; it's slightly more efficient to do this check inside lookup.
-        (WTF::HashMap::inlineGet): Added. Just like get, but marked inline for use in the
-        symbol table code.
-
-2008-04-25  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Mark Rowe.
-
-        Remove SavedBuiltins and SavedProperties classes and the methods used to
-        save data to them.  The CachedPage now stores a the JSGlobalObject in full.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h:
-        * kjs/JSVariableObject.cpp:
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::localStorage):
-        * kjs/SavedBuiltins.h: Removed.
-        * kjs/object.h:
-        * kjs/property_map.cpp:
-        * kjs/property_map.h:
-
-2008-04-25  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Add some content to an empty ICU header file to prevent verification errors.
-
-        * icu/unicode/utf_old.h:
-
-2008-04-25  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5819422> REGRESSION: Wrong line number passed to -willLeaveCallFrame
-
-        Patch by George Dicker and Michael Kahl.  Reviewed by Darin.
-
-        When -[NSObject(WebScriptDebugDelegate) webView:willLeaveCallFrame:sourceId:line:forWebFrame:]
-        is invoked, the first line number of the function is returned instead of the last
-        line number.  This regressed in r28458.
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNodeWithDebuggerHooks::execute): Pass lastLine() instead of lineNo()
-        when calling Debugger::returnEvent().
-
-2008-04-25  Darin Adler  <darin@apple.com>
-
-        Done with Stephanie Lewis.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Prepare for compilation with gcc 4.2 by
-        adding -fno-strict-aliasing to CollatorICU.cpp.
-
-2008-04-24  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add a #define to easily enable collecting on every allocation to aid
-        debugging GC bugs.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::heapAllocate):
-
-2008-04-24  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam and Sam.
-
-        -<rdar://problem/5770054> JavaScript profiler (10928)
-        -Only profile the page group that starts profiling to avoid profiling
-        tools that shouldn't be profiled unless explicitly requested to.
-
-        * JavaScriptCore.exp: Export new signature.
-        * kjs/JSGlobalObject.cpp: Add unique identifiers to the JSGlobalObject.
-        (KJS::JSGlobalObject::init):
-        * kjs/JSGlobalObject.h: Ditto.
-        (KJS::JSGlobalObject::setPageGroupIdentifier):
-        (KJS::JSGlobalObject::pageGroupIdentifier):
-        * profiler/Profiler.cpp: Check the identifier of the page group of the
-        lexical global exec state and only profile if it matches the given page
-        group identifier.
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-        * profiler/Profiler.h: Ditto.
-        (KJS::Profiler::Profiler):
-
-2008-04-24  Julien Chaffraix  <jchaffraix@webkit.org>
-
-        Reviewed by Simon.
-
-        Bug 15940: Implement threading API for Qt
-        https://bugs.webkit.org/show_bug.cgi?id=15940
-
-        Original patch by Justin Haygood, tweaked by me.
-
-        * JavaScriptCore.pri:
-        * wtf/ThreadingQt.cpp: Added.
-        (WTF::threadMapMutex):
-        (WTF::threadMap):
-        (WTF::establishIdentifierForThread):
-        (WTF::clearThreadForIdentifier):
-        (WTF::threadForIdentifier):
-        (WTF::initializeThreading):
-        (WTF::ThreadPrivate::getReturnValue):
-        (WTF::ThreadPrivate::ThreadPrivate):
-        (WTF::ThreadPrivate::run):
-        (WTF::createThread):
-        (WTF::waitForThreadCompletion): return !res to return
-        0 on success (to match the pthreads implementation).
-        (WTF::detachThread):
-        (WTF::identifierByQthreadHandle):
-        (WTF::currentThread):
-        (WTF::Mutex::Mutex):
-        (WTF::Mutex::~Mutex):
-        (WTF::Mutex::lock):
-        (WTF::Mutex::tryLock):
-        (WTF::Mutex::unlock):
-        (WTF::ThreadCondition::ThreadCondition):
-        (WTF::ThreadCondition::~ThreadCondition):
-        (WTF::ThreadCondition::wait):
-        (WTF::ThreadCondition::timedWait):
-        (WTF::ThreadCondition::signal):
-
-2008-04-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - simplify use of HashTraits to prepare for some upcoming hash table changes
-
-        * kjs/SymbolTable.h: Made SymbolTableIndexHashTraits derive from HashTraits<size_t>
-        and specialize only the empty value.
-
-2008-04-23  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Simon.
-
-        Removed the #define for USE_SYSTEM_MALLOC that we set in WebKit.pri
-        already.
-
-        * wtf/Platform.h:
-
-2008-04-21  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam.
-
-        <rdar://problem/5770054> JavaScript profiler (10928)
-        - When stop profiling is called we need to stop the timers on all the
-        functions that are still running.
-
-        * profiler/FunctionCallProfile.cpp:
-        (KJS::FunctionCallProfile::didExecute):
-        (KJS::FunctionCallProfile::stopProfiling):
-        * profiler/FunctionCallProfile.h:
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::stopProfiling):
-
-2008-04-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Move collector main thread initialization from WebKit/win to KJS::initializeThreading.
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreading):
-
-2008-04-21  Adam Roben  <aroben@apple.com>
-
-        MSVC build fix
-
-        Reviewed by Alexey Proskuryakov.
-
-        * kjs/ustring.h:
-        (KJS::UString::cost): Disable a warning about assigning a 32-bit
-        size_t into a 31-bit size_t.
-
-2008-04-21  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Lars.
-
-        Made convertValueToQVariant accessible from within WebKit/qt/Api
-
-        * bindings/qt/qt_runtime.h:
-
-2008-04-21  Holger Hans Peter Freyther  <holger.freyther@trolltech.com>
-
-        Reviewed by Simon.
-
-        Build fix for Qt 4.3
-
-        * When building WebCore/internal make sure the QT_[BEGIN,END]_NAMESPACE is
-        always defined. Do this by adding defines to the compiler line
-        * For users of our API this is not feasible. Every public header file should
-        include qwebkitglobal.h. Define the QT_BEGIN_NAMESPACE and QT_END_NAMESPACE
-        when we are building everything < 4.4.0 and don't have them defined.
-
-        * kjs/testkjs.pro:
-
-2008-04-19  Matt Lilek  <webkit@mattlilek.com>
-
-        Not reviewed, Windows build fix - copy the profiler headers in all
-        configurations, not just Debug_Internal.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-04-19  Mike Hommey  <glandium@debian.org>
-
-        Reviewed by Alp Toker.
-
-        Don't build testkjs with rpath.
-
-        * GNUmakefile.am:
-
-2008-04-18  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fixes. Rename LocalStorage.h to LocalStorageEntry.h
-        to avoid header detection issues between WebCore/storage/LocalStorage.h 
-        and it, and add $(PROFILER_SOURCES) to the wx JSCore build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jscore.bkl:
-        * kjs/ExecState.h:
-        * kjs/JSVariableObject.h:
-        * kjs/LocalStorage.h: Removed.
-        * kjs/LocalStorageEntry.h: Copied from JavaScriptCore/kjs/LocalStorage.h.
-        * kjs/function.h:
-
-2008-04-18 Jan  Michael Alonzo  <jmalonzo@unpluggable.com>
-
-        Reviewed by Alp Toker.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16620
-        [GTK] Autotools make dist and make check support
-
-        Cleanups.
-
-        * GNUmakefile.am:
-
-2008-04-18  Jon Honeycutt  <jhoneycutt@apple.com>
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Windows
-        build fix.
-
-2008-04-11  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Antti Koivisto.
-
-        Silence GCC 4.3 warnings by removing extraneous consts.
-
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-
-2008-04-18  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        -<rdar://problem/5770054> JavaScript profiler (10928)
-        - Use Deque instead of Vector since the profiler uses prepend a lot
-        and deque is faster at that.
-
-        * profiler/FunctionCallProfile.h:
-        (KJS::FunctionCallProfile::milliSecs): Corrected the name to match
-        its output.
-        * wtf/Deque.h:
-        (WTF::deleteAllValues):
-
-2008-04-18  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam and Adam.
-
-        -<rdar://problem/5770054> JavaScript profiler (10928)
-        - Cleaned up the header file and made some functions static, added
-        a new, sane, printing function, and fixed a few minor bugs.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * profiler/FunctionCallProfile.cpp:
-        (KJS::FunctionCallProfile::didExecute): Removed assertion that time is
-        > 0 because at ms resolution that may not be true and only cross-
-        platform way to get time differences is in ms.
-        (KJS::FunctionCallProfile::printDataInspectorStyle): Added a new
-        printing function for dumping data in a sane style.
-        (KJS::FunctionCallProfile::printDataSampleStyle): Fixed a bug where we
-        displayed too much precision when printing our floats. Also added logic
-        to make sure we don't display 0 because that doesn't make sense for a
-        sampling profile.
-        * profiler/FunctionCallProfile.h:
-        * profiler/Profiler.cpp: Moved functions that could be static into the
-        implementation, and chaned the ASSERTs to early returns.  I did this
-        because console.profile() is a JS function and so was being profiled
-        but asserting because the profiler had not been started! In the future
-        I would like to put the ASSERTs back and not profile the calls to
-        console.profile() and console.profileEnd().
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-        (KJS::getStackNames): Fixed a bug where the wrong ExecState was being
-        used.
-        (KJS::getFunctionName):
-        (KJS::Profiler::printDataInspectorStyle):
-        * profiler/Profiler.h:
-
-2008-04-18  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Fix leaks during plugin tests (which actually excercise background JS), and potential
-        PAC brokenness that was not reported, but very likely.
-
-        The leaks shadowed a bigger problem with Identifier destruction. Identifier::remove involves
-        an IdentifierTable lookup, which is now a per-thread instance. Since garbage collection can
-        currently happen on a different thread than allocation, a wrong table was used.
-
-        No measurable change on SunSpider total, ~1% variation on individual tests.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::create):
-        (KJS::UString::Rep::destroy):
-        * kjs/ustring.h:
-        Replaced isIdentifier with a pointer to IdentifierTable, so that destruction can be done
-        correctly. Took one bit from reportedCost, to avoid making UString::Rep larger (performance
-        effect was measurable on SunSpider).
-
-        * kjs/identifier.cpp:
-        (KJS::IdentifierTable::IdentifierTable):
-        (KJS::IdentifierTable::~IdentifierTable):
-        (KJS::IdentifierTable::add):
-        (KJS::IdentifierTable::remove):
-        Make IdentifierTable a real class. Its destructor needs to zero out outstanding references,
-        because some identifiers may briefly outlive it during thread destruction, and we don't want
-        them to use their stale pointers.
-
-        (KJS::LiteralIdentifierTable):
-        (KJS::Identifier::add):
-        Now that LiteralIdentifierTable is per-thread and can be destroyed not just during application
-        shutdown, it is not appropriate to simply bump refcount for strings that get there; changed
-        the table to hold RefPtrs.
-
-        (KJS::CStringTranslator::translate):
-        (KJS::UCharBufferTranslator::translate):
-        (KJS::Identifier::addSlowCase):
-        (KJS::Identifier::remove):
-        * kjs/identifier.h:
-        (KJS::Identifier::add):
-        Use and update UString::Rep::identifierTable as appropriate. Updating it is now done in
-        IdentifierTable::add, not in translators.
-
-2008-04-18  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Get rid of static compareWithCompareFunctionArguments in array_instance.cpp.
-
-        No change on SunSpider, CelticKane or iBench JavaScript. It is probable that in some cases,
-        merge sort is still faster, but more investigation is needed to determine a new cutoff.
-        Or possibly, it would be better to do what FIXME says (change to tree sort).
-
-        Also, made arguments a local variable - not sure why it was a member of
-        CompareWithCompareFunctionArguments.
-
-        * kjs/array_instance.cpp:
-        (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
-        (KJS::CompareWithCompareFunctionArguments::operator()):
-        (KJS::ArrayInstance::sort):
-
-2008-04-18  Simon Hausmann  <hausmann@webkit.org>
-
-        Build fix for gcc 4.3. Include stdio.h for printf.
-
-        * profiler/FunctionCallProfile.cpp:
-        * profiler/Profiler.cpp:
-
-2008-04-17  Jon Honeycutt  <jhoneycutt@apple.com>
-
-        Reviewed by mrowe.
-
-        * wtf/Platform.h: Add HAVE_ACCESSIBILITY to Platform.h.
-
-2008-04-17  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        Thread static data destructors are not guaranteed to be called in any particular order;
-        turn ThreadSpecific into a phoenix-style singleton to avoid accessing freed memory when
-        deleted objects are interdependent (e.g. CommonIdentifiers and internal identifier tables).
-
-        No change on SunSpider.
-
-        * wtf/ThreadSpecific.h:
-        (WTF::ThreadSpecific::Data::Data):
-        (WTF::::get):
-        (WTF::::set):
-        (WTF::::destroy):
-
-2008-04-15  Srinivas Rao. M Hamse  <msrinirao@gmail.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        - gcc 3.x build fix
-
-        * kjs/nodes.h: CallerType definition made public for gcc 3.x compilation
-
-2008-04-16  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Change ThreadSafeShared to act like RefCounted by starting out with a single ref by default
-
-        * wtf/Threading.h:
-        (WTF::ThreadSafeShared::ThreadSafeShared):
-
-2008-04-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        - To keep the behavior of the WebKit and JavaScriptCore API's the same,
-          we need to hide the fact that the global object and the window object
-          are no longer the same thing, and the the global object now changes on
-          navigations.  To do this, only the wrapper should ever be exposed.  This
-          fixes the two remaining spots where the internal global object is exposed,
-          the windowScriptObject returned from [WebFrame windowObject] and the object
-          return by calling JSContextGetGlobalObject on [WebFrame globalContext].
-
-        * API/JSContextRef.cpp:
-        (JSContextGetGlobalObject):
-        This is a bit of a hack, this returns the "this" representation of the globalObject
-        which will be the WrapperWindow for WebCore and the globalObject for non-WebCore.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetProperty):
-        Call the new putWithAttributes method instead of relying on lower-level calls.
-        This is needed so that the window wrapper can forward the calls.
-
-        * JavaScriptCore.exp:
-        * kjs/Activation.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::putWithAttributes):
-        * kjs/JSGlobalObject.h:
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTablePutWithAttributes):
-        * kjs/function.cpp:
-        (KJS::ActivationImp::putWithAttributes):
-        * kjs/nodes.cpp:
-        (KJS::ConstDeclNode::handleSlowCase):
-        (KJS::ConstDeclNode::evaluateSingle):
-        (KJS::EvalNode::processDeclarations):
-        * kjs/object.cpp:
-        (KJS::JSObject::putWithAttributes):
-        * kjs/object.h:
-        Rename initializeVariable to putWithAttributes and move it down to JSObject so it
-        can be used for JSObjectSetProperty.
-
-2008-04-16  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam and Geoff.
-
-        -<rdar://problem/5770054> JavaScript profiler (10928)
-        Inital profiler prototype
-
-        * GNUmakefile.am: Added new files to project
-        * JavaScriptCore.pri: Ditto
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto
-        * JavaScriptCoreSources.bkl: Ditto
-        * kjs/config.h: Put compiling flag in here.
-        * kjs/function.cpp: Instrument calling the function eval().
-        (KJS::eval):
-        * kjs/interpreter.cpp: Instrument evaluating global scopes.
-        (KJS::Interpreter::evaluate):
-        * kjs/object.cpp: Instrument JS function calls.
-        (KJS::JSObject::call):
-        * profiler: Added.
-        * profiler/FunctionCallProfile.cpp: Added.
-        (KJS::FunctionCallProfile::FunctionCallProfile):
-        (KJS::FunctionCallProfile::~FunctionCallProfile):
-        (KJS::FunctionCallProfile::willExecute): Call right before the JS function or executing context is executed to start the profiler's timer.
-        (KJS::FunctionCallProfile::didExecute): Call right after the JS function or executing context is executed to stop the profiler's timer.
-        (KJS::FunctionCallProfile::addChild): Add a child to the current FunctionCallProfile if it isn't already a child of the current FunctionalCallProfile.
-        (KJS::FunctionCallProfile::findChild): Return the child that matches the given name if there is one.
-        (KJS::FunctionCallProfile::printDataSampleStyle): Print the current profiled information in a format that matches sample's output.
-        * profiler/FunctionCallProfile.h: Added.
-        (KJS::FunctionCallProfile::FunctionCallProfile):
-        (KJS::FunctionCallProfile::~FunctionCallProfile):
-        (KJS::FunctionCallProfile::functionName):
-        (KJS::FunctionCallProfile::microSecs):
-        * profiler/Profiler.cpp: Added.
-        (KJS::Profiler::profiler):
-        (KJS::Profiler::sharedProfiler): Return global singleton (may change due to multi-threading concerns)
-        (KJS::Profiler::startProfiling): Don't start collecting profiling information until the user starts the profiler. Also don't clear old prfiled data until the profiler is restarted.
-        (KJS::Profiler::stopProfiling): Stop collecting profile information.
-        (KJS::Profiler::willExecute): Same as above. 
-        (KJS::Profiler::didExecute): Same as above.
-        (KJS::Profiler::insertStackNamesInTree): Follow the stack of the given names and if a sub-stack is not in the current tree, add it.
-        (KJS::Profiler::getStackNames): Get the names from the different passed in parameters and order them as a stack.
-        (KJS::Profiler::getFunctionName): Get the function name from the given parameter.
-        (KJS::Profiler::printDataSampleStyle): Print the current profiled information in a format that matches sample's output.
-        (KJS::Profiler::debugLog):
-        * profiler/Profiler.h: Added.
-        (KJS::Profiler::Profiler):
-
-2008-04-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        - Remove kjs_ prefix from strtod, dtoa, and freedtoa and put it
-          in the KJS namespace.
-        - Make strtod, dtoa, and freedtoa c++ functions instead of extern "C".
-        - Remove mode switching from dtoa.  ~2% improvement on test 26. 
-        - Removes all unnecessary #defines from dtoa code.
-
-        * JavaScriptCore.exp:
-        * kjs/dtoa.cpp:
-        (KJS::ulp):
-        (KJS::b2d):
-        (KJS::d2b):
-        (KJS::ratio):
-        (KJS::strtod):
-        (KJS::freedtoa):
-        (KJS::dtoa):
-        * kjs/dtoa.h:
-        * kjs/function.cpp:
-        (KJS::parseInt):
-        * kjs/lexer.cpp:
-        (KJS::Lexer::lex):
-        * kjs/number_object.cpp:
-        (KJS::integer_part_noexp):
-        (KJS::numberProtoFuncToExponential):
-        * kjs/ustring.cpp:
-        (KJS::UString::from):
-        (KJS::UString::toDouble):
-
-2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Get rid of static execForCompareByStringForQSort in array_instance.cpp.
-
-        No change on SunSpider, CelticKane or iBench JavaScript.
-
-        * kjs/array_instance.cpp:
-        (KJS::ArraySortComparator::ArraySortComparator):
-        (KJS::ArraySortComparator::operator()):
-        (KJS::ArrayInstance::sort):
-        Switch slow case to std::sort, so that ExecState can be passed in a comparator.
-
-2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        MSVC build fix.
-
-        * kjs/CommonIdentifiers.cpp:
-        * kjs/CommonIdentifiers.h:
-        * kjs/Parser.cpp:
-        * kjs/Parser.h:
-        * kjs/identifier.cpp:
-        * kjs/lexer.h:
-        * wtf/ThreadSpecific.h:
-
-2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Build fix.
-
-        * kjs/date_object.cpp:
-        * kjs/date_object.h:
-        Don't include DateMath.h from date_object.h, as the latter is used from WebCore, while
-        where the former is not available.
-
-2008-04-16  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Unreviewed build fix for MSVC. It does not want to have
-        WTF in the KJS namespace.
-
-        * kjs/CommonIdentifiers.h:
-
-2008-04-16  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Unreviewed build fix for gcc.
-
-        ::msToGregorianDateTime  is not known to it.
-
-        * kjs/date_object.cpp:
-        (KJS::DateInstance::msToGregorianDateTime):
-
-2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Initialize threadMapMutex safely (as already done in ThreadingWin).
-
-        * wtf/ThreadingGtk.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-
-2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Cache Gregorian date/time structure on DateInstance objects for 1.027x SunSpider speedup
-        (1.65x on date-format-xparb, 1.13x on date-format-tofte).
-
-        * kjs/DateMath.h:
-        (KJS::GregorianDateTime::copyFrom): Added. It presumably makes sense to keep GregorianDateTime
-        Noncopyable, so it's not just operator=.
-
-        * kjs/date_object.h: Added a per-object cache.
-
-        * kjs/date_object.cpp:
-        (KJS::DateInstance::DateInstance):
-        (KJS::DateInstance::msToGregorianDateTime):
-        (KJS::dateProtoFuncToString):
-        (KJS::dateProtoFuncToUTCString):
-        (KJS::dateProtoFuncToDateString):
-        (KJS::dateProtoFuncToTimeString):
-        (KJS::dateProtoFuncToLocaleString):
-        (KJS::dateProtoFuncToLocaleDateString):
-        (KJS::dateProtoFuncToLocaleTimeString):
-        (KJS::dateProtoFuncGetFullYear):
-        (KJS::dateProtoFuncGetUTCFullYear):
-        (KJS::dateProtoFuncToGMTString):
-        (KJS::dateProtoFuncGetMonth):
-        (KJS::dateProtoFuncGetUTCMonth):
-        (KJS::dateProtoFuncGetDate):
-        (KJS::dateProtoFuncGetUTCDate):
-        (KJS::dateProtoFuncGetDay):
-        (KJS::dateProtoFuncGetUTCDay):
-        (KJS::dateProtoFuncGetHours):
-        (KJS::dateProtoFuncGetUTCHours):
-        (KJS::dateProtoFuncGetMinutes):
-        (KJS::dateProtoFuncGetUTCMinutes):
-        (KJS::dateProtoFuncGetSeconds):
-        (KJS::dateProtoFuncGetUTCSeconds):
-        (KJS::dateProtoFuncGetTimezoneOffset):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::dateProtoFuncSetYear):
-        (KJS::dateProtoFuncGetYear):
-        Use the cache when converting.
-
-2008-04-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Implement an abstraction for thread-specific storage, use it to get rid of some static objects.
-
-        SunSpider results were not conclusive, possibly up to 0.2% slowdown.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        Added ThreadSpecific.h
-
-        * wtf/ThreadSpecific.h: Added.
-        (WTF::::ThreadSpecific):
-        (WTF::::~ThreadSpecific):
-        (WTF::::get):
-        (WTF::::set):
-        (WTF::::destroy):
-        (WTF::T):
-        (WTF::::operator):
-        Only implemented for platforms that use pthreads.
-
-        * kjs/CommonIdentifiers.cpp:
-        (KJS::CommonIdentifiers::shared):
-        * kjs/CommonIdentifiers.h:
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreading):
-        * kjs/Parser.cpp:
-        (KJS::parser):
-        * kjs/Parser.h:
-        * kjs/identifier.cpp:
-        (KJS::identifierTable):
-        (KJS::literalIdentifierTable):
-        (KJS::Identifier::initializeIdentifierThreading):
-        * kjs/identifier.h:
-        * kjs/lexer.cpp:
-        (KJS::lexer):
-        * kjs/lexer.h:
-        Make static instances per-thread.
-
-2008-04-15  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam.
-
-        Add ENABLE_OFFLINE_WEB_APPLICATIONS to FEATURE_DEFINES.
-        
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-04-15  Andre Poenitz  <andre.poenitz@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix compilation with Qt namespaces
-
-        Qt can be configured to have all of its classes inside a specified namespaces.
-        This is for example used in plugin/component environments like Eclipse.
-
-        This change makes it possible to let the Qt port compile against a namespaced
-        Qt by the use of macros Qt provides to properly forward declare Qt classes in
-        the namespace.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2008-04-14  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam.
-
-        Don't leak the prototype class.
-        
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::create):
-
-2008-04-14  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix build.
-
-        * wtf/ThreadingWin.cpp:
-
-2008-04-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        https://bugs.webkit.org/show_bug.cgi?id=18488
-        FastMalloc doesn't release thread-specific data on Windows
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::threadMapMutex): (WTF::initializeThreading): Call threadMapMutex once to initialize the static safely.
-        (WTF::ThreadFunctionInvocation::ThreadFunctionInvocation): Added a structure to wrap thread entry point and arguments.
-        (WTF::wtfThreadEntryPoint): Make sure to end all WTF threads with pthread_exit(), to give pthreads-win32 a chance to call
-        destructors of thread-specific data.
-        (WTF::createThread): Use _beginthreadex instead of CreateThread, because MSDN says so. Also removed a call to CreateEvent,
-        for which I could see no reason at all.
-
-2008-04-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Touched a file to make JavaScriptCore.vcproj rebuild.
-
-        * wtf/MathExtras.h:
-
-2008-04-14  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        Rubberstamped by Alexey Proskuryakov.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable
-        the "potentially uninitialized variable" warning for grammar.cpp, as
-        it seems to be incorrect. yylval gets initialized by the lexer, but
-        MSVC doesn't seem to understand this.
-
-2008-04-11  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Maciej.
-        
-        Add default hash for pairs of hashable types.
-
-        * wtf/HashFunctions.h:
-        (WTF::PairHash::hash):
-        (WTF::PairHash::equal):
-        (WTF::):
-
-2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        Make DateMath.cpp thread safe.
-
-        No measurable change on SunSpider (should be a very small speedup).
-
-        * kjs/DateMath.cpp:
-        (KJS::mimimumYearForDST): (KJS::equivalentYearForDST): Got rid of double caching of the
-        same precomputed value.
-        (KJS::calculateUTCOffset): (KJS::getUTCOffset): Factored actual UTC offset calculation code
-        out of getUTCOffset(), and notification setup into initDateMath().
-
-        (KJS::initDateMath): Added.
-
-        * kjs/DateMath.h:
-        * kjs/InitializeThreading.cpp:
-        (KJS::initializeThreading):
-        Added initDateMath().
-
-2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows build fix.
-
-        * kjs/grammar.y:
-
-2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Tiger build fix. Forward declaring a union didn't work for whatever reason, make the
-        parameters void*.
-
-        * kjs/grammar.y:
-        * kjs/lexer.cpp:
-        (kjsyylex):
-        (KJS::Lexer::lex):
-        * kjs/lexer.h:
-
-2008-04-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        Generate a pure (re-entrant) parser with Bison.
-
-        No change on SunSpider.
-
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse):
-        * kjs/grammar.y:
-        * kjs/lexer.cpp:
-        (kjsyylex):
-        (KJS::Lexer::lex):
-        * kjs/lexer.h:
-        Pass state as function arguments, instead of global data. Don't call lexer() as often as
-        before, as this function is about to become slower due to thread-specific storage.
-
-        * kjs/function.cpp:
-        (KJS::isStrWhiteSpace): Don't call isSeparatorSpace() for 8-bit characters, as these are
-        already taken care of. This is a small speedup, compensating for a small slowdown caused
-        by switching Bison mode.
-
-2008-04-10  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff.
-
-        https://bugs.webkit.org/show_bug.cgi?id=18402
-        REGRESSION: visited element handling is incorrect in nested join/toString calls
-
-        No change on SunSpider total, possibly a tiny improvement (about 0.1%).
-
-        Test: fast/js/array-tostring-and-join.html
-
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::visitedElements): Store visited elements HashSet here, making it
-        common to toString/toLocalizedString/join again.
-
-        * kjs/array_object.cpp:
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncJoin):
-        Got rid of static variables. Replaced UString with Vector to avoid O(n^2) behavior and
-        regain performance.
-
-        * wtf/Vector.h:
-        (WTF::::resize):
-        (WTF::::grow):
-        (WTF::::reserveCapacity):
-        (WTF::::append):
-        (WTF::::insert):
-        Added null checks, so that Vector methods don't crash when out of memory. The caller should
-        check that data pointer is not null before proceeding.
-
-2008-04-10  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix https://bugs.webkit.org/show_bug.cgi?id=18367 and the many dupes.
-        Bug 18367: Crash during celtic kane js speed 2007 test
-
-        GCC 4.2 on x86_64 Linux decided to reorder the local variables in markCurrentThreadConservatively's
-        stack frame.  This lead to the range of addresses the collector treated as stack to exclude the
-        contents of volatile registers that markCurrentThreadConservatively forces onto the stack.  This was
-        leading to objects being prematurely collected if the only reference to them was via a register at
-        the time a collection occurred.
-
-        The fix for this is to move the calculation of the top of the stack into a NEVER_INLINE function
-        that is called from markCurrentThreadConservatively.  This forces the dummy variable we use for
-        determining the top of stack to be in a different stack frame which prevents the compiler from
-        reordering it relative to the registers that markCurrentThreadConservatively forces onto the stack.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::markCurrentThreadConservativelyInternal):
-        (KJS::Collector::markCurrentThreadConservatively):
-        * kjs/collector.h:
-
-2008-04-10  Adam Roben  <aroben@apple.com>
-
-        VC++ Express build fix
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Link against user32.lib so
-        that anyone who links against WTF.lib will get user32.lib
-        automatically.
-
-2008-04-09  Adam Roben  <aroben@apple.com>
-
-        VC++ Express build fix
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Link against
-        user32.lib.
-
-2008-04-09  Adam Roben  <aroben@apple.com>
-
-        Build fix
-
-        * JavaScriptCore.exp: Export isMainThread.
-
-2008-04-09  Adam Roben  <aroben@apple.com>
-
-        Build fix
-
-        * wtf/AlwaysInline.h: Make sure to #include Platform.h before using
-        the macros it defines.
-
-2008-04-08  Mark Rowe  <mrowe@apple.com>
-
-        Export WTF::initializeThreading() from JavaScriptCore.
-
-        * JavaScriptCore.exp:
-
-2008-04-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        First step in implementing the "split window"
-
-        - Add a GlobalThisValue to ExecState which should be used 
-          in places that used to implement the "use the global object
-          as this if null" rule.
-        - Factor out lookupGetter/lookupSetter into virtual methods 
-          on JSObject so that they can be forwarded.
-        - Make defineGetter/defineSetter virtual methods for the same
-          reason.
-        - Have PrototypeReflexiveFunction store the globalObject used
-          to create it so that it can be used to get the correct thisObject
-          for eval.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectCallAsFunction):
-        * JavaScriptCore.exp:
-        * kjs/Activation.h:
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        (KJS::GlobalExecState::GlobalExecState):
-        * kjs/ExecState.h:
-        (KJS::ExecState::globalThisValue):
-        * kjs/ExecStateInlines.h:
-        (KJS::ExecState::ExecState):
-        (KJS::FunctionExecState::FunctionExecState):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        (KJS::JSGlobalObject::toGlobalObject):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (KJS::JSGlobalObject::JSGlobalObject):
-        * kjs/array_instance.cpp:
-        (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
-        (KJS::compareWithCompareFunctionForQSort):
-        * kjs/array_object.cpp:
-        (KJS::arrayProtoFuncSort):
-        (KJS::arrayProtoFuncFilter):
-        (KJS::arrayProtoFuncMap):
-        (KJS::arrayProtoFuncEvery):
-        (KJS::arrayProtoFuncForEach):
-        (KJS::arrayProtoFuncSome):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::ActivationImp::toThisObject):
-        (KJS::globalFuncEval):
-        (KJS::PrototypeReflexiveFunction::PrototypeReflexiveFunction):
-        (KJS::PrototypeReflexiveFunction::mark):
-        * kjs/function.h:
-        (KJS::PrototypeReflexiveFunction::cachedGlobalObject):
-        * kjs/function_object.cpp:
-        (KJS::functionProtoFuncApply):
-        (KJS::functionProtoFuncCall):
-        * kjs/nodes.cpp:
-        (KJS::ExpressionNode::resolveAndCall):
-        (KJS::FunctionCallValueNode::evaluate):
-        (KJS::LocalVarFunctionCallNode::inlineEvaluate):
-        (KJS::ScopedVarFunctionCallNode::inlineEvaluate):
-        (KJS::FunctionCallBracketNode::evaluate):
-        (KJS::FunctionCallDotNode::inlineEvaluate):
-        * kjs/object.cpp:
-        (KJS::JSObject::call):
-        (KJS::JSObject::put):
-        (KJS::tryGetAndCallProperty):
-        (KJS::JSObject::lookupGetter):
-        (KJS::JSObject::lookupSetter):
-        (KJS::JSObject::toThisObject):
-        (KJS::JSObject::toGlobalObject):
-        (KJS::JSObject::fillGetterPropertySlot):
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (KJS::objectProtoFuncLookupGetter):
-        (KJS::objectProtoFuncLookupSetter):
-        * kjs/string_object.cpp:
-        (KJS::replace):
-
-2008-04-08  Brady Eidson  <beidson@apple.com>
-
-        Encourage Windows to rebuild - AGAIN...
-
-        * kjs/DateMath.cpp:
-
-2008-04-08  Adam Roben  <aroben@apple.com>
-
-        Mac build fix
-
-        * JavaScriptCore.exp: Add callOnMainThread, and sorted the list.
-
-2008-04-08  Brady Eidson  <beidson@apple.com>
-
-        Rubberstamped by Adam Roben
-        
-        Touch some files to *strongly* encourage Windows to rebuilt with DOM_STORAGE enabled
-
-        * kjs/DateMath.cpp:
-
-2008-04-08  Adam Roben  <aroben@apple.com>
-
-        Move callOnMainThread to WTF
-
-        Reviewed by Alexey Proskuryakov.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        Added new files.
-
-        * wtf/MainThread.cpp:
-        * wtf/MainThread.h:
-        * wtf/gtk/MainThreadGtk.cpp:
-        * wtf/mac/MainThreadMac.mm:
-        * wtf/qt/MainThreadQt.cpp:
-        * wtf/win/MainThreadWin.cpp:
-        * wtf/wx/MainThreadWx.cpp:
-        Moved here from WebCore/platform. Replaced all instances of "WebCore"
-        with "WTF".
-
-        * kjs/bool_object.cpp: Touched to force JavaScriptCore.vcproj to
-        build.
-        to the WTF namespace.
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeThreading): Call initializeMainThread.
-
-2008-04-07  Brady Eidson  <beidson@apple.com>
-
-        Add "ENABLE_DOM_STORAGE" to keep in sync with the rest of the project
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-04-07  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * wtf/ThreadingWin.cpp: Back out some changes I didn't mean to land.
-
-2008-04-07  Adam Roben  <aroben@apple.com>
-
-        Add WTF::isMainThread
-
-        Reviewed by Alexey Proskuryakov.
-
-        * wtf/Threading.h: Declare the new function.
-        * wtf/ThreadingGtk.cpp:
-        (WTF::initializeThreading): Initialize the main thread identifier.
-        (WTF::isMainThread): Added.
-        * wtf/ThreadingNone.cpp: Ditto ThreadingGtk.cpp.
-        (WTF::initializeThreading):
-        (WTF::isMainThread):
-        * wtf/ThreadingPthreads.cpp: Ditto.
-        (WTF::initializeThreading):
-        (WTF::isMainThread):
-        * wtf/ThreadingWin.cpp: Ditto.
-        (WTF::initializeThreading):
-        (WTF::isMainThread):
-
-2008-04-06  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Make UString thread-safe.
-
-        No change on SunSpider total, although individual tests have changed a lot, up to 3%.
-
-        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): Call UString::null() to initialize
-        a static.
-        
-        * kjs/identifier.cpp:
-        (KJS::CStringTranslator::translate):
-        (KJS::UCharBufferTranslator::translate):
-        Use "true" for a boolean value instead of 1, because it's C++.
-
-        * kjs/ustring.h:
-        (KJS::CString::adopt): Added a method to create from a char* buffer without copying.
-        (KJS::UString::Rep::ref): Removed an assertion for JSLock::lockCount, as it's no longer
-        necessary to hold JSLock when working with strings.
-        (KJS::UString::Rep::deref): Ditto.
-        (KJS::UString::Rep::isStatic): Added a field to quickly determine that this is an empty
-        or null static string.
-
-        * kjs/ustring.cpp:
-        (KJS::): Removed normalStatBufferSize and statBufferSize, as there is no reason to have such
-        an advanced implementation of a debug-only ascii() method. Removed a long-obsolete comment
-        about UChar.
-        (KJS::UString::Rep::createCopying): Removed an assertion for JSLock::lockCount.
-        (KJS::UString::Rep::create): Ditto.
-        (KJS::UString::Rep::destroy): Ditto. Do not do anything for static null and empty strings,
-        as refcounting is not reliable for those. Reordered branches for a noticeable speed gain -
-        apparently this functiton is hot enough for SunSpider to see an effect from this!
-        (KJS::UString::null): Moved a star, added a comment.
-        (KJS::UString::cstring): Reimplemented to not call ascii(), which is not thread-safe.
-        (KJS::UString::ascii): Simplified statBuffer handling logic.
-        (KJS::UString::toDouble): Use cstring() instead of ascii().
-
-2008-04-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Ensure that debug symbols are generated for x86_64 and ppc64 builds.
-
-        * Configurations/Base.xcconfig:
-
-2008-04-01  Christian Dywan  <christian@imendio.com>
-
-        Build fix for GCC 4.3.
-
-        * wtf/unicode/icu/CollatorICU.cpp: include string.h
-
-2008-04-01  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Darin.
-
-        Turn off using 64-bit arithmetic on 32-bit hardware, as dtoa own code is faster than
-        compiler-provided emulation.
-
-        1% speedup on Acid3 test 26.
-
-        * kjs/dtoa.cpp:
-
-2008-04-01  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Make MathExtras.h thread safe.
-
-        * kjs/math_object.cpp:
-        (KJS::mathProtoFuncRandom): If threading is enabled, rely on initializeThreading to call
-        wtf_random_init().
-
-        * wtf/Threading.h:
-        * wtf/ThreadingGtk.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingNone.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeThreading):
-        Call wtf_random_init(); made the function non-inline to avoid having to include too many
-        headers in Threading.h.
-
-2008-03-31  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-
-        Make matching of regexps using ^ much faster
-        http://bugs.webkit.org/show_bug.cgi?id=18086
-
-        * pcre/pcre_compile.cpp:
-        (compileBranch):
-        (branchNeedsLineStart):
-        * pcre/pcre_exec.cpp:
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2008-03-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/5829556> REGRESSION: Leak in KJS::initializeThreading()
-
-        * kjs/InitializeThreading.cpp: (KJS::initializeThreading): There is no guarantee that
-        initializeThreading() is called only once; check that the mutex hasn't been already allocated.
-
-2008-03-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 17924: Crash in KJS::ConstDeclNode::evaluate with |with| and |const|
-        <http://bugs.webkit.org/show_bug.cgi?id=17924>
-        <rdar://problem/5806933>
-
-        It turns out this is trivially avoidable if we just match firefox's
-        semantics and ensure that an assignment in a const declaration always
-        writes to the variable object.
-
-        * kjs/nodes.cpp:
-        (KJS::ConstDeclNode::handleSlowCase):
-
-2008-03-28  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        Fix a dtoa thread safety issue.
-
-        WebCore can call kjs_strtod without holding JS lock, but we didn't have thread safety
-        compiled in for dtoa.
-
-        This is a 0.5% regression on SunSpider, which Sam Weinig has volunteered to cover with
-        his recent improvement.
-
-        * kjs/dtoa.cpp:
-        (Bigint::Balloc):
-        (Bigint::Bfree):
-        Changed to use fastMalloc/fastDelete - they are much faster than the dtoa custom version was
-        in the presence of locking (but somewhat slower in single-threaded case).
-        (Bigint::pow5mult): Got rid of the dreaded double-checked locking anti-pattern (had to
-        restructure the code to avoid significant performance implications).
-        (Bigint::lshift): Rewrote to avoid an allocation, if possible.
-
-        (Bigint::rv_alloc):
-        (Bigint::kjs_freedtoa):
-        (Bigint::kjs_dtoa):
-        Check for USE(MULTIPLE_THREADS), not dtoa legacy MULTIPLE_THREADS.
-
-        * kjs/InitializeThreading.cpp: Added.
-        (KJS::initializeThreading):
-        * kjs/InitializeThreading.h: Added.
-        Initialize threading at KJS level, if enabled.
-
-        * kjs/dtoa.h: Expose dtoa mutex for KJS::initializeThreading.
-
-        * kjs/testkjs.cpp: (kjsmain): Call initializeThreading.
-
-        * JavaScriptCore.exp: Export KJS::initializeThreading.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCoreSources.bkl:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Added InitializeThreading.{h,cpp}.
-
-        * wtf/Threading.h: Removed a using directive for WTF::initializeThreading - it is only
-        to be called from KJS::initializeThreading, and having it in the global namespace is useless.
-
-2008-03-28  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Darin
-
-        Export Unicode/UTF8.h and convertUTF16ToUTF8() for more flexible conversion in WebCore
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-03-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/5826236> Regular expressions with large nested repetition counts can have their
-        compiled length calculated incorrectly.
-
-        * pcre/pcre_compile.cpp:
-        (multiplyWithOverflowCheck):
-        (calculateCompiledPatternLength): Check for overflow when dealing with nested repetition counts
-        and bail with an error rather than returning incorrect results.
-
-2008-03-26  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Brady Eidson.
-
-        Update FEATURE_DEFINES to be consistent with the other locations in which it is defined.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-03-26  Adam Roben  <aroben@apple.com>
-
-        Fix Bug 18060: Assertion failure (JSLock not held) beneath
-        JSCallbackObject<Base>::toString
-
-        <http://bugs.webkit.org/show_bug.cgi?id=18060>
-
-        Reviewed by Geoff Garen.
-
-        Bug fix:
-
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::JSCallbackObject<Base>::toString): Make the DropAllLocks
-        instance only be in scope while calling convertToType.
-
-        Test:
-
-        * API/testapi.c:
-        (MyObject_convertToType): Implement type conversion to string.
-        * API/testapi.js: Add a test for type conversion to string.
-
-2008-03-26  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * kjs/array_instance.cpp: Touched this.
-        * wtf/HashFunctions.h:
-        (WTF::intHash): Added 8- and 16-bit versions of intHash.
-
-2008-03-26  Adam Roben  <aroben@apple.com>
-
-        Force JSC headers to be copied by touching a file
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::getPropertyNames):
-
-2008-03-26  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r31324
-
-        Written with Darin.
-
-        Added HashTable plumbing to support using wchar_t as a key type.
-
-        * wtf/HashFunctions.h:
-        * wtf/HashTraits.h:
-        (WTF::):
-
-2008-03-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - JSC part of fix for "SVG multichar glyph matching matches longest instead of first (affects Acid3 test 79)"
-        http://bugs.webkit.org/show_bug.cgi?id=18118
-
-        * wtf/HashFunctions.h:
-        (WTF::):
-        * wtf/HashTraits.h:
-        (WTF::):
-
-2008-03-26  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Cache C string identifiers by address, not value, assuming that C strings can only
-        be literals.
-
-        1% speedup on Acid3 test 26.
-
-        * kjs/identifier.cpp:
-        (KJS::literalIdentifierTable):
-        (KJS::Identifier::add):
-        Added a new table to cache UString::Reps created from C strings by address. Elements are
-        never removed from this cache, as only predefined identifiers can get there.
-
-        * kjs/identifier.h:
-        (KJS::Identifier::Identifier): Added a warning.
-
-2008-03-26  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Maciej.
-
-        An assertion was failing in function-toString-object-literals.html when parsing 1e-500.
-        The condition existed before, and got uncovered by turning compiled-out dtoa checks into
-        ASSERTs.
-
-        The assertion was verifying that the caller wasn't constructing a Bigint from 0.
-        This might have had some reason behind it originally, but I couldn't find any,
-        and this doesn't look like a reasonable requirement.
-
-        * kjs/dtoa.cpp: (d2b): Removed the assertion (two copies in different code paths).
-
-2008-03-25  Adam Roben  <aroben@apple.com>
-
-        Fix Bug 18077: Integrate testapi.c into the Windows build
-
-        <http://bugs.webkit.org/show_bug.cgi?id=18077>
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Added.
-
-2008-03-25  Adam Roben  <aroben@apple.com>
-
-        Make testapi.c compile under MSVC
-
-        Currently you must compile testapi.c as C++ code since MSVC does not
-        support many C features that GCC does.
-
-        Reviewed by Steve Falkenburg.
-
-        * API/testapi.c:
-        (nan): Added an implementation of this for MSVC.
-        (assertEqualsAsUTF8String): Use malloc instead of dynamically-sized
-        stack arrays.
-        (assertEqualsAsCharactersPtr): Ditto.
-        (print_callAsFunction): Ditto.
-        (main): Ditto, and explicitly cast from UniChar* to JSChar*.
-
-2008-03-25  Adam Roben  <aroben@apple.com>
-
-        Stop using JavaScriptCore's custom stdbool.h and stdint.h on Windows
-
-        We can't remove the os-win32 directory yet because other ports (at
-        least wx) are still relying on it.
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-          - Made all the include paths match the one for the Debug
-            configuration (these got out of sync in r30797)
-          - Removed os-win32 from the include path
-          - Removed os-win32 from the directories we copy to $WebKitOutputDir.
-          - Removed stdint.h from the project
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        Delete the files that we may have previously copied from the os-win32
-        directory.
-
-2008-03-25  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows build fix.
-
-        * kjs/dtoa.cpp: Include stdint.h.
-
-2008-03-25  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Darin.
-
-        Cleanup dtoa.cpp style.
-
-        * kjs/dtoa.cpp:
-        (Bigint::Balloc):
-        (Bigint::Bfree):
-        (Bigint::multadd):
-        (Bigint::s2b):
-        (Bigint::hi0bits):
-        (Bigint::lo0bits):
-        (Bigint::i2b):
-        (Bigint::mult):
-        (Bigint::pow5mult):
-        (Bigint::lshift):
-        (Bigint::cmp):
-        (Bigint::diff):
-        (Bigint::ulp):
-        (Bigint::b2d):
-        (Bigint::d2b):
-        (Bigint::ratio):
-        (Bigint::):
-        (Bigint::match):
-        (Bigint::hexnan):
-        (Bigint::kjs_strtod):
-        (Bigint::quorem):
-        (Bigint::rv_alloc):
-        (Bigint::nrv_alloc):
-        (Bigint::kjs_freedtoa):
-        (Bigint::kjs_dtoa):
-        * kjs/dtoa.h:
-
-2008-03-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - convert a JavaScript immediate number to a string more efficiently
-
-        2% speedup of Acid3 test 26
-
-        * kjs/JSImmediate.cpp:
-        (KJS::JSImmediate::toString): Take advantage of the fact that all immediate
-        numbers are integers, and use the faster UString function for formatting integers
-        instead of the slower one that works for floating point. I think this is a leftover
-        from when immediate numbers were floating point.
-
-2008-03-23  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=18048
-        The "thisObject" parameter to JSEvaluateScript is not used properly
-
-        Making passing a thisObject to JSEvaluateScript actually set the thisObject of the created
-        ExecState.
-
-        * API/testapi.c:
-        (main): Add tests for setting the thisObject when calling JSEvaluateScript.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState): Assign the thisObject to m_thisValue and remove the comment. 
-
-2008-03-22  Jesse Ruderman  <jruderman@gmail.com>
-
-        Reviewed by Sam Weinig.  Landed by eseidel.
-        
-        Make testkjs flush stdout after printing.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/testkjs.cpp:
-        (functionPrint):
-
-2008-03-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Optimise lookup of Math, undefined, NaN and Infinity
-
-        Added a method to JSVariableObject to allow us to inject DontDelete properties
-        into the symbol table and localStorage.  This results in a 0.4% progression in
-        SunSpider, with a 8% gain in math-partial-sums.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableInsert):
-
-2008-03-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Global properties that use LocalStorage are not correctly listed as enumerable.
-
-        The problem was caused by JSObject::getPropertyAttributes not being aware
-        of the JSVariableObject SymbolTable.  The fix is to make getPropertyAttributes
-        virtual and override in JSVariableObject.  This does not produce any performance
-        regression.
-
-        * JavaScriptCore.exp:
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::getPropertyNames):
-        (KJS::JSVariableObject::getPropertyAttributes):
-        * kjs/JSVariableObject.h:
-        * kjs/object.h:
-
-2008-03-21  Arkadiusz Miskiewicz  <arekm@maven.pl>
-
-        Webkit does not build on linux powerpc
-
-        <http://bugs.webkit.org/show_bug.cgi?id=17019>
-
-        Reviewed by David Kilzer.
-
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Unlock):
-
-2008-03-21  Rodney Dawes  <dobey@wayofthemonkey.com>
-
-        Reviewed by Holger.
-
-        http://bugs.webkit.org/show_bug.cgi?id=17981
-
-        Add javascriptcore_cppflags to Programs_minidom_CPPFLAGS.
-
-        * GNUmakefile.am:
-
-2008-03-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Consolidate static identifier initializers within CommonIdentifiers.
-
-        No reliably measurable change on SunSpider; maybe a tiny improvement (within 0.2%).
-
-        * kjs/CommonIdentifiers.h: Added static identifiers that were lazily initialized
-        throughout the code.
-
-        * kjs/date_object.cpp:
-        (KJS::DateObjectImp::DateObjectImp):
-        * kjs/function_object.cpp:
-        (KJS::FunctionPrototype::FunctionPrototype):
-        * kjs/object_object.cpp:
-        (KJS::ObjectPrototype::ObjectPrototype):
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpPrototype::RegExpPrototype):
-        Use the values from CommonIdentifiers. 
-
-        * kjs/lookup.h: Caching the identifier in a static wasn't a win on SunSpider, removed it.
-
-        * kjs/value.h:
-        (KJS::jsNaN): We already have a shared NaN value, no need for a duplicate here.
-
-        * wtf/MathExtras.h:
-        (wtf_atan2): Having local variables for numeric_limits constants is good for readability,
-        but there is no reason to keep them static.
-
-        * JavaScriptCore.exp: Don't needlessly export JSGlobalObject::s_head.
-
-2008-03-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Fix for leak introduced by inline ScopeChainNode use
-
-        To avoid any extra branches when managing an inline ScopeChainNode
-        in the ScopeChain the inline node gets inserted with a refcount of
-        2.  This meant than when the ScopeChain was destroyed the ScopeChainNodes
-        above the inline node would be leaked.
-
-        We resolve this by manually popping the inline node in the
-        FunctionExecState destructor.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/ExecStateInlines.h:
-        (KJS::FunctionExecState::~FunctionExecState):
-        * kjs/scope_chain.h:
-        (KJS::ScopeChain::popInlineScopeNode):
-
-2008-03-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Ensure that the defines in FEATURE_DEFINES are sorted so that they will match the default settings of build-webkit.
-        This will prevent the world from being rebuilt if you happen to switch between building in Xcode and with build-webkit on the
-        command-line.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-03-20  David Krause  <david.krause@gmail.com>
-
-        Reviewed by David Kilzer.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=17923
-        Bug 17923: ARM platform endian defines inaccurate
-
-        * wtf/Platform.h: 
-        Replaced !defined(__ARMEL__) check with !defined(__VFP_FP__)
-        for PLATFORM(MIDDLE_ENDIAN)
-
-2008-03-20  Maciej Stachowiak  <mjs@apple.com>
-
-        - fix build
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: install Activation.h as private
-
-2008-03-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - reduce function call overhead for 1.014x speedup on SunSpider
-
-        I moved some functions from ExecState.cpp to ExecStateInline.h and
-        from JSGlobalObject.cpp to JSGlobalObject.h, and declared them
-        inline; machine function call overhead for these was hurting JS
-        funcion call overhead.
-        
-        * kjs/ExecState.cpp:
-        * kjs/ExecStateInlines.h: Added.
-        (KJS::ExecState::ExecState):
-        (KJS::ExecState::~ExecState):
-        (KJS::FunctionExecState::FunctionExecState):
-        (KJS::FunctionExecState::~FunctionExecState):
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::pushActivation):
-        (KJS::JSGlobalObject::checkActivationCount):
-        (KJS::JSGlobalObject::popActivation):
-        * kjs/function.cpp:
-
-2008-03-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Avoid heap allocating the root scope chain node for eval and closure free functions
-
-        Maciej suggested using an inline ScopeChainNode for functions that don't use eval
-        or closures as they are unable to ever capture the scope chain.  This gives us a 2.4%
-        win in sunspider, a 15% win in controlflow-recursive, and big (>5%) wins in a number 
-        of other tests.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/ExecState.h:
-        * kjs/scope_chain.h:
-        (KJS::ScopeChain::push):
-
-2008-03-19  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix release build.
-
-        * kjs/JSGlobalObject.cpp:  Add missing #include.
-
-2008-03-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Fix for <rdar://problem/5785694>
-        Crash occurs at KJS::Collector::collect() when loading web clip widgets with a PAC file
-
-        Make the activeExecStates stack per JSGlobalObject instead of static to ensure
-        thread safety.
-
-        * JavaScriptCore.exp:
-        * kjs/ExecState.cpp:
-        (KJS::InterpreterExecState::InterpreterExecState):
-        (KJS::InterpreterExecState::~InterpreterExecState):
-        (KJS::EvalExecState::EvalExecState):
-        (KJS::EvalExecState::~EvalExecState):
-        (KJS::FunctionExecState::FunctionExecState):
-        (KJS::FunctionExecState::~FunctionExecState):
-        * kjs/ExecState.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::mark):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::activeExecStates):
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        (KJS::Collector::reportOutOfMemoryToAllExecStates): Iterate all JSGlobalObjects and report
-        the OutOfMemory condition to all the ExecStates in each.
-
-2008-03-19  Jasper Bryant-Greene  <jasper@unix.geek.nz>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=17941
-        Bug 17941: C++-style comments in JavaScriptCore API
-
-        * API/JSBase.h:
-        Remove C++-style comments from public JavaScriptCore API, replacing
-        with standard C90 block comments.
-
-2008-03-19  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=17939
-        Bug 17939: Crash decompiling "const a = 1, b;"
-
-        * kjs/nodes2string.cpp:
-        (KJS::ConstDeclNode::streamTo): Null-check the correct variable.
-
-2008-03-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Bug 17929: Incorrect decompilation with |const|, comma
-        http://bugs.webkit.org/show_bug.cgi?id=17929
-
-        There were actually two bugs here. First we weren't correctly handling const
-        nodes with multiple declarations. The second issue was caused by us not 
-        giving the correct precedence to the initialisers.
-
-        * kjs/nodes2string.cpp:
-        (KJS::ConstDeclNode::streamTo):
-
-2008-03-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - Speed up JavaScript built-in properties by changing the
-          hash table to take advantage of the identifier objects
-
-        5% speedup for Acid3 test 26
-
-        * JavaScriptCore.exp: Updated.
-        * kjs/create_hash_table: Compute size of hash table large enough so that there
-        are no collisions, but don't generate the hash table.
-        * kjs/identifier.h: Made the add function that returns a PassRefPtr public.
-        * kjs/lexer.cpp:
-        (KJS::Lexer::lex): Updated for change to HashTable interface.
-        * kjs/lookup.cpp:
-        (KJS::HashTable::changeKeysToIdentifiers): Added. Finds the identifier for
-        each property so the equality comparision can be done with pointer comparision.
-        * kjs/lookup.h: Made the key be a union of char* with UString::Rep* so it can
-        hold identifiers. Added a keysAreIdentifiers flag to the HashTable. Changed
-        the Lookup functions to be member functions of HashTable instead.
-        * kjs/object.cpp:
-        (KJS::JSObject::deleteProperty): Update for change to HashTable.
-        (KJS::JSObject::findPropertyHashEntry): Ditto.
-        (KJS::JSObject::getPropertyAttributes): Ditto.
-        (KJS::JSObject::getPropertyNames): Ditto.
-
-2008-03-18  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=17925 and http://bugs.webkit.org/show_bug.cgi?id=17927.
-        - Bug 17925: Crash in KJS::JSObject::put after setting this.__proto__
-        - Bug 17927: Hang after attempting to create circular __proto__
-
-        * kjs/object.cpp:
-        (KJS::JSObject::put): Silently ignore attempts to set __proto__ to a non-object, non-null value.
-        Return after setting the exception when an attempt to set a cyclic __proto__ is detected so that
-        the cyclic value is not set.
-
-2008-03-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - inline ActivationImp::init for 0.8% SunSpider speedup
-
-        * kjs/Activation.h:
-        (KJS::ActivationImp::init): Moved here from function.cpp
-        * kjs/function.cpp:
-
-2008-03-18  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the Qt build.
-
-        Including config.h like in the other .cpp files gets the #ifdeffery
-        correct for rand_s.
-
-        * kjs/JSWrapperObject.cpp:
-
-2008-03-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        JavaScriptCore changes to support a WebCore speedup.
-
-        * JavaScriptCore.exp: Export the UString::Rep::computeHash function.
-        * wtf/HashSet.h: Added a find and contains function that take a translator,
-        like the add function.
-
-2008-03-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - a few micro-optimizations for 1.2% SunSpider speedup
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction): check for Return completion before Throw,
-        it is more likely.
-        * kjs/object.cpp:
-        (KJS::JSObject::put): When walking prototype chain, instead of
-        checking isObject (a virtual call), compare to jsNull (compare to
-        a constant) since null is the only non-object that can be in a
-        prototype chain.
-
-2008-03-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Optimise multi-scope function call resolution
-
-        Refactor multiscope variable resolution and use to add
-        optimised FunctionCallResolveNode subclasses.  
-
-        2.6% gain in sunspider performance, *25%* gain in controlflow-recursive
-
-        * kjs/nodes.cpp:
-        (KJS::getSymbolTableEntry):
-        (KJS::ResolveNode::optimizeVariableAccess):
-        (KJS::getNonLocalSymbol):
-        (KJS::ExpressionNode::resolveAndCall):
-        (KJS::FunctionCallResolveNode::optimizeVariableAccess):
-        (KJS::FunctionCallResolveNode::inlineEvaluate):
-        (KJS::ScopedVarFunctionCallNode::inlineEvaluate):
-        (KJS::ScopedVarFunctionCallNode::evaluate):
-        (KJS::ScopedVarFunctionCallNode::evaluateToNumber):
-        (KJS::ScopedVarFunctionCallNode::evaluateToBoolean):
-        (KJS::ScopedVarFunctionCallNode::evaluateToInt32):
-        (KJS::ScopedVarFunctionCallNode::evaluateToUInt32):
-        (KJS::NonLocalVarFunctionCallNode::inlineEvaluate):
-        (KJS::NonLocalVarFunctionCallNode::evaluate):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToNumber):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToBoolean):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToInt32):
-        (KJS::NonLocalVarFunctionCallNode::evaluateToUInt32):
-        * kjs/nodes.h:
-        (KJS::ScopedVarFunctionCallNode::):
-        (KJS::NonLocalVarFunctionCallNode::):
-
-2008-03-17  David Kilzer  <ddkilzer@apple.com>
-
-        Don't define PLATFORM(MIDDLE_ENDIAN) on little endian ARM.
-
-        Reviewed by Darin.
-
-        See <http://bugs.webkit.org/show_bug.cgi?id=15416#c13>.
-
-        * wtf/Platform.h: Added check for !defined(__ARMEL__) when defining
-        PLATFORM(MIDDLE_ENDIAN).
-
-2008-03-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff, Darin and Weinig.
-
-        Add fast multi-level scope lookup
-        
-        Add logic and AST nodes to provide rapid variable resolution across
-        static scope boundaries.  This also adds logic that allows us to skip
-        any static scopes that do not contain the variable to be resolved.
-        
-        This results in a ~2.5% speedup in SunSpider, and gives a 25-30% speedup
-        in some simple and ad hoc closure and global variable access tests.
-
-        * JavaScriptCore.exp:
-        * kjs/Activation.h:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h:
-        * kjs/JSVariableObject.cpp:
-        * kjs/JSVariableObject.h:
-        * kjs/function.cpp:
-        (KJS::ActivationImp::isDynamicScope):
-        * kjs/nodes.cpp:
-        (KJS::ResolveNode::optimizeVariableAccess):
-        (KJS::ScopedVarAccessNode::inlineEvaluate):
-        (KJS::ScopedVarAccessNode::evaluate):
-        (KJS::ScopedVarAccessNode::evaluateToNumber):
-        (KJS::ScopedVarAccessNode::evaluateToBoolean):
-        (KJS::ScopedVarAccessNode::evaluateToInt32):
-        (KJS::ScopedVarAccessNode::evaluateToUInt32):
-        (KJS::NonLocalVarAccessNode::inlineEvaluate):
-        (KJS::NonLocalVarAccessNode::evaluate):
-        (KJS::NonLocalVarAccessNode::evaluateToNumber):
-        (KJS::NonLocalVarAccessNode::evaluateToBoolean):
-        (KJS::NonLocalVarAccessNode::evaluateToInt32):
-        (KJS::NonLocalVarAccessNode::evaluateToUInt32):
-        (KJS::IfElseNode::optimizeVariableAccess):
-        (KJS::ScopeNode::optimizeVariableAccess):
-        * kjs/nodes.h:
-        (KJS::ScopedVarAccessNode::):
-        (KJS::NonLocalVarAccessNode::):
-        * kjs/object.h:
-
- 2008-03-16  weihongzeng  <weihong.zeng@hotmail.com>
- 
-         Reviewed by Darin Adler.
- 
-         http://bugs.webkit.org/show_bug.cgi?id=15416
-         Add support for mixed-endian processors
- 
-         * kjs/dtoa.cpp: Add IEEE_ARM, triggered by PLATFORM(MIDDLE_ENDIAN).
- 
-2008-03-16  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Rubber stamped by Darin.
-
-        Add set-webkit-configuration support for wx port, and centralize
-        build dir location setting.
-
-        http://bugs.webkit.org/show_bug.cgi?id=17790
-
-        * jscore.bkl:
-
-2008-03-14  Steve Falkenburg  <sfalken@apple.com>
-
-        PGO build fixes.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-03-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Add logic to track whether a function uses a locally scoped eval or requires a closure
-        
-        Now that we limit eval we can track those uses of eval that operate
-        in the local scope and functions that require a closure.  We track
-        this information during initial parsing to avoid yet another tree
-        walk.
-
-        * JavaScriptCore.exp:
-        * kjs/NodeInfo.h:
-        * kjs/Parser.cpp:
-        (KJS::Parser::didFinishParsing):
-        * kjs/Parser.h:
-        (KJS::Parser::parse):
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::ScopeNode::ScopeNode):
-        (KJS::ProgramNode::ProgramNode):
-        (KJS::ProgramNode::create):
-        (KJS::EvalNode::EvalNode):
-        (KJS::EvalNode::create):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        (KJS::FunctionBodyNode::create):
-        * kjs/nodes.h:
-        (KJS::ScopeNode::):
-        (KJS::ScopeNode::usesEval):
-        (KJS::ScopeNode::needsClosure):
-
-2008-03-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Fixed another problem with Vector::shrinkCapacity.
-        
-        moveOverlapping isn't good enough for the case where the buffer hasn't
-        changed, because it still destroys the contents of the buffer.
-
-        * wtf/Vector.h:
-        (WTF::::shrinkCapacity): Changed to explicitly check whether the call
-        to allocateBuffer produced a new buffer. If it didn't, there's no need
-        to move.
-
-2008-03-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Fixed a few problems with Vector::shrinkCapacity that I noticed in testing.
-
-        * wtf/Vector.h:
-        (WTF::VectorBufferBase::deallocateBuffer): Clear our m_buffer pointer
-        when we deallocate m_buffer, in case we're not asked to reallocate a new
-        buffer. (Otherwise, we would use a stale m_buffer if we were asked to
-        perform any operations after shrinkCapacity was called.)
-        
-        (WTF::VectorBuffer::allocateBuffer): Made VectorBuffer with inline
-        capacity aware that calls to allocateBuffer might be shrinks, rather
-        than grows, so we shouldn't allocate a new buffer on the heap unless
-        our inline buffer is too small.
-        
-        (WTF::::shrinkCapacity): Call resize() instead of just setting m_size,
-        so destructors run. Call resize before reallocating the buffer to make
-        sure that we still have access to the objects we need to destroy. Call
-        moveOverlapping instead of move, since a call to allocateBuffer on an
-        inline buffer may produce identical storage.
-
-2008-03-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Get rid of a localime() call on platforms that have better alternatives.
-
-        * kjs/DateMath.h: Added getLocalTime();
-
-        * kjs/DateMath.cpp:
-        (KJS::getLocalTime):
-        (KJS::getDSTOffsetSimple):
-        Implementation moved from getDSTOffsetSimple().
-
-        * kjs/date_object.cpp:
-        (KJS::DateObjectImp::callAsFunction): Switched to getLocalTime().
-
-2008-03-14  David D. Kilzer  <ddkilzer@apple.com>
-
-        Unify concept of enabling the Mac Java bridge.
-
-        Reviewed by Darin and Anders.
-
-        * wtf/Platform.h: Define ENABLE_MAC_JAVA_BRIDGE here.
-
-2008-03-13  Mark Mentovai  <mark@moxienet.com>
-
-        Reviewed by eseidel.  Landed by eseidel.
-
-        * wtf/FastMalloc.cpp: #include <wtf/HashSet.h> outside of any
-        namespaces.
-
-2008-03-13  Mark Mentovai  <mark@moxienet.com>
-
-        Reviewed by eseidel.  Landed by eseidel.
-
-        * pcre/pcre_exec.cpp: Fix misnamed variable, allowing -DDEBUG build
-        to succeed.
-        * wtf/ThreadingPthreads.cpp: #include <sys/time.h> for gettimeofday
-        in non-pch build.
-
-2008-03-13  Steve Falkenburg  <sfalken@apple.com>
-
-        PGO build fixes.
-        
-        Disable PGO for normal release builds.
-        Added work-in-progress Release_PGOInstrument/Release_PGOOptimize targets.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-03-13  Beth Dakin  <bdakin@apple.com>
-
-        Reviewed by Geoff.
-
-        Adding new functionality to Vector. Currently all of the shrink and 
-        resize functions on Vector only shrink the size of the Vector, not 
-        the capacity. For the Vector to take up as little memory as 
-        possible, though, it is necessary to be able to shrink the capacity 
-        as well. So this patch adds that functionality. 
-
-        I need this for a speed up I am working on, and Geoff wants to use 
-        it in a speed up he is working on also, so he asked me to commit it 
-        now. 
-
-        * wtf/Vector.h:
-        (WTF::VectorBufferBase::allocateBuffer):
-        (WTF::::shrinkCapacity):
-
-2008-03-13  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Attempt at fixing the Qt/Windows build bot. Quote using double-quotes
-        instead of single quotes.
-
-        * pcre/dftables:
-
-2008-03-12  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2008-03-12  Alp Toker  <alp@atoker.com>
-
-        Another autotools testkjs build fix attempt.
-
-        * GNUmakefile.am:
-
-2008-03-12  Alp Toker  <alp@atoker.com>
-
-        Attempt to fix the autotools testkjs build on systems with
-        non-standard include paths.
-
-        * GNUmakefile.am:
-
-2008-03-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5787743> REGRESSION: Crash at WTF::Collator::CreateCollator() running fast/js/kde/StringObject.html on Windows
-
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::Collator::createCollator): Check for null (== user default) m_locale before calling strcmp.
-
-2008-03-11  Steve Falkenburg  <sfalken@apple.com>
-
-        Disable LTCG/PGO for grammar.cpp and nodes.cpp.
-        PGO on these files causes us to hang.
-        
-        Copy newer vsprops files from relative WebKitLibraries path to environment variable based path.
-        
-        Reviewed by Oliver.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2008-03-10  Darin Adler  <darin@apple.com>
-
-        - Windows build fix
-
-        * kjs/function.cpp: (KJS::decode): Initialize variable.
-
-2008-03-10  Brent Fulgham  <bfulgham@gmail.com>
-
-        Windows build fix
-
-        Reviewed by Adam.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        Set the PATH to include Cygwin before running touch.
-
-2008-03-10  Eric Seidel  <eric@webkit.org>
-
-        Build fix for JSC on windows.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-        * kjs/function.cpp:
-        (KJS::decode):
-        * kjs/nodes2string.cpp:
-        (KJS::escapeStringForPrettyPrinting):
-
-2008-03-10  Eric Seidel  <eric@webkit.org>
-        
-        No review, build fix only.
-        
-        Attempt to fix the windows build?
-
-        * kjs/ustring.h: change unsigned short to UChar
-
-2008-03-10  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Darin.
-
-        Remove KJS::UChar, use ::UChar instead
-        http://bugs.webkit.org/show_bug.cgi?id=17017
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithCharacters):
-        (JSStringCreateWithUTF8CString):
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-        * JavaScriptCore.exp:
-        * kjs/Parser.h:
-        * kjs/function.cpp:
-        (KJS::decode):
-        (KJS::parseInt):
-        (KJS::parseFloat):
-        (KJS::globalFuncEscape):
-        (KJS::globalFuncUnescape):
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct):
-        * kjs/identifier.cpp:
-        (KJS::Identifier::equal):
-        (KJS::CStringTranslator::translate):
-        * kjs/interpreter.h:
-        * kjs/lexer.cpp:
-        (KJS::Lexer::setCode):
-        (KJS::Lexer::shift):
-        (KJS::Lexer::lex):
-        (KJS::Lexer::convertUnicode):
-        (KJS::Lexer::makeIdentifier):
-        * kjs/lookup.cpp:
-        (KJS::keysMatch):
-        * kjs/nodes2string.cpp:
-        (KJS::escapeStringForPrettyPrinting):
-        (KJS::SourceStream::operator<<):
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        (KJS::RegExp::match):
-        * kjs/string_object.cpp:
-        (KJS::substituteBackreferences):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::computeHash):
-        (KJS::UString::UString):
-        (KJS::UString::append):
-        (KJS::UString::ascii):
-        (KJS::UString::operator=):
-        (KJS::UString::is8Bit):
-        (KJS::UString::toStrictUInt32):
-        (KJS::UString::find):
-        (KJS::operator==):
-        (KJS::operator<):
-        (KJS::compare):
-        (KJS::UString::UTF8String):
-        * kjs/ustring.h:
-        * pcre/pcre.h:
-
-2008-03-09  Steve Falkenburg  <sfalken@apple.com>
-
-        Stop Windows build if an error occurs in a prior project.
-
-        Rubber stamped by Darin.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2008-03-09  J¸rg Billeter  <j@bitron.ch>
-
-        Reviewed by Alp Toker.
-
-        Conditionalise ICU for Unicode in the GTK+ port.
-
-        * wtf/Platform.h:
-
-2008-03-07  David D. Kilzer  <ddkilzer@apple.com>
-
-        Unify concept of enabling Netscape Plug-in API (NPAPI).
-
-        Reviewed by Darin.
-
-        * wtf/Platform.h: Define ENABLE_NETSCAPE_PLUGIN_API here.
-
-2008-03-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed <rdar://problem/5689093> Stricter (ES4) eval semantics
-        
-        The basic rule is:
-        
-        - "eval(s)" is treated as an operator that gives the ES3 eval behavior.
-            ... but only if there is no overriding declaration of "eval" in scope.
-        - All other invocations treat eval as a function that evaluates a
-        script in the context of its "this" object.
-            ... but if its "this" object is not the global object it was
-            originally associated with, eval throws an exception.
-        
-        Because only expressions of the form "eval(s)" have access to local
-        scope, the compiler can now statically determine whether a function
-        needs local scope to be dynamic.
-
-        * kjs/nodes.h: Added FunctionCallEvalNode. It works just like
-        FuncationCallResolveNode, except it statically indicates that the node
-        may execute eval in the ES3 way.
-        * kjs/nodes.cpp:
-        * kjs/nodes2string.cpp:
-
-        * tests/mozilla/expected.html: This patch happens to fix a Mozilla JS
-        test, but it's a bit of a pyrrhic victory. The test intends to test
-        Mozilla's generic API for calling eval on any object, but, in reality,
-        we only support calling eval on the global object.
-
-2008-03-06  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2008-03-06  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2008-03-06  Alp Toker  <alp@atoker.com>
-
-        Fix the build fix in r30845 to support out-of-tree builds.
-
-        * GNUmakefile.am:
-
-2008-03-06  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-2008-03-06  Darin Adler  <darin@apple.com>
-
-        - another small step towards fixing the Qt build
-
-        * JavaScriptCore.pri: Remove more references to the now-obsolete bindings directory.
-
-2008-03-06  Darin Adler  <darin@apple.com>
-
-        - a small step towards fixing the Qt build
-
-        * JavaScriptCore.pri: Remove references to files no longer present in JavaScriptCore/bindings.
-
-2008-03-06  Brady Eidson  <beidson@apple.com>
-
-        Gtk Build fix
-
-        * wtf/ThreadingGtk.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-2008-03-06  Alexey Proskuryakov  <ap@webkit.org>
-
-        Wx build fix.
-
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::Collator::userDefault): Put ICU workaround under both PLATFORM(DARWIN) and
-        PLATFORM(CF) checks, so that each port can decide if it wants to use CF on Mac for it.
-
-2008-03-06  Brady Eidson <beidson@apple.com>
-
-        Reviewed by Darin
-
-        Add a timedWait() method to ThreadCondition
-
-        * JavaScriptCore.exp:
-
-        * wtf/Threading.h:
-
-        * wtf/ThreadingGtk.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-        * wtf/ThreadingNone.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadCondition::timedWait): Needs implementation
-
-2008-03-06  Alexey Proskuryakov  <ap@webkit.org>
-
-        More build fixes.
-
-        * jscore.bkl: Add the wtf/unicode directory.
-        * wtf/unicode/CollatorDefault.cpp:
-        (WTF::Collator::userDefault): Use a constructor that does exist.
-        * wtf/unicode/icu/CollatorICU.cpp: Mac build fix for case-sensitive file systems.
-
-2008-03-06  Darin Adler  <darin@apple.com>
-
-        - try to fix the Qt build
-
-        * JavaScriptCore.pri: Add the wtf/unicode directory.
-
-2008-03-06  Darin Adler  <darin@apple.com>
-
-        - try to fix the GTK build
-
-        * GNUmakefile.am: Add a -I for the wtf/unicode directory.
-
-2008-03-06  Darin Adler  <darin@apple.com>
-
-        - try to fix the Mac build
-
-        * icu/unicode/parseerr.h: Copied from ../WebCore/icu/unicode/parseerr.h.
-        * icu/unicode/ucol.h: Copied from ../WebCore/icu/unicode/ucol.h.
-        * icu/unicode/uloc.h: Copied from ../WebCore/icu/unicode/uloc.h.
-        * icu/unicode/unorm.h: Copied from ../WebCore/icu/unicode/unorm.h.
-        * icu/unicode/uset.h: Copied from ../WebCore/icu/unicode/uset.h.
-
-2008-03-06  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5687269> Need to create a Collator abstraction for WebCore and JavaScriptCore
-
-        * wtf/Threading.h:
-        (WTF::initializeThreading):
-        * wtf/ThreadingGtk.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingNone.cpp:
-        * wtf/ThreadingPthreads.cpp:
-        * wtf/ThreadingWin.cpp:
-        Added AtomicallyInitializedStatic.
-
-        * kjs/string_object.cpp: (KJS::localeCompare): Changed to use Collator.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        Added new fiiles to projects.
-
-        * wtf/unicode/Collator.h: Added.
-        (WTF::Collator::):
-        * wtf/unicode/CollatorDefault.cpp: Added.
-        (WTF::Collator::Collator):
-        (WTF::Collator::~Collator):
-        (WTF::Collator::setOrderLowerFirst):
-        (WTF::Collator::collate):
-        * wtf/unicode/icu/CollatorICU.cpp: Added.
-        (WTF::cachedCollatorMutex):
-        (WTF::Collator::Collator):
-        (WTF::Collator::~Collator):
-        (WTF::Collator::setOrderLowerFirst):
-        (WTF::Collator::collate):
-        (WTF::Collator::createCollator):
-        (WTF::Collator::releaseCollator):
-
-2008-03-05  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Fix the wx build after the bindings move.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-
-2008-03-05  Alp Toker  <alp@atoker.com>
-
-        GTK+ build fix for breakage introduced in r30800.
-
-        Track moved bridge sources from JavaScriptCore to WebCore.
-
-        * GNUmakefile.am:
-
-2008-03-05  Brent Fulgham  <bfulgham@gmail.com>
-
-        Reviewed by Adam Roben.
-
-        Remove definition of WTF_USE_SAFARI_THEME from wtf/Platform.h
-        because the PLATFORM(CG) flag is not set until config.h has
-        already included this file.
-
-        * wtf/Platform.h:  Remove useless definition of WTF_USE_SAFARI_THEME
-
-2008-03-05  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Alexey and Mark Rowe
-
-        Fix for <rdar://problem/5778247> - Reproducible crash on storage/execute-sql-args.html
-
-        DatabaseThread::unscheduleDatabaseTasks() manually filters through a MessageQueue,
-        removing particular items for Databases that were shutting down.
-
-        This filtering operation is not atomic, and therefore causes a race condition with the
-        MessageQueue waking up and reading from the message queue.  
-
-        The end result was an attempt to dereference a null DatabaseTask.  Timing-wise, this never
-        seemed to happen in a debug build, otherwise an assertion would've caught it.  Replacing that
-        assertion with a crash in a release build is what revealed this bug.
-
-        * wtf/MessageQueue.h:
-        (WTF::::waitForMessage): Tweak the waiting logic to check the queue's empty state then go back
-          to sleep if the queue was empty - checking m_killed each time it wakes up.
-
-2008-03-05  David D. Kilzer  <ddkilzer@apple.com>
-
-        Remove unused header includes from interpreter.cpp.
-
-        Reviewed by Darin.
-
-        * kjs/interpreter.cpp: Remove unused header includes.
-
-2008-03-05  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam.
-        
-        Remove bindings/.
-
-        * bindings: Removed.
-
-2008-03-05  Anders Carlsson  <andersca@apple.com>
-
-        Don't build bindings/ anymore.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-03-05  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoff.
-
-        Don't build JavaScriptCore/bindings.
-        
-        * JavaScriptCore.exp:
-        Export a couple of new functions. 
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Remove bindings/
-        
-        * kjs/config.h:
-        No need to define HAVE_JNI anymore.
-        
-        * kjs/interpreter.cpp:
-        Remove unnecessary include.
-
-2008-03-05  David D. Kilzer  <ddkilzer@apple.com>
-
-        Allow override of default script file name using command-line argument.
-
-        Reviewed by Adele.
-
-        * API/minidom.c:
-        (main): Allow first command-line argument to override the default script
-        file name of "minidom.js".
-        * API/testapi.c:
-        (main): Allow first command-line argument to override the default script
-        file name of "testapi.js".
-
-2008-03-04  Mark Rowe  <mrowe@apple.com>
-
-        Mac build fix.
-
-        * JavaScriptCore.exp:  Add new symbol to exports file.
-
-2008-03-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Anders.
-
-        Make ForInNode check for the timeout interrupt
-
-        * kjs/nodes.cpp:
-        (KJS::ForInNode::execute):
-
-2008-03-02  Brent Fulgham  <bfulgham@gmail.com>
-
-        Reviewed by Alp Toker.
-
-        http://bugs.webkit.org/show_bug.cgi?id=17415
-        GTK Build (using autotools) on Mac OS (DarwinPorts) Fails
-
-        Add -lstdc++ to link flags for minidom program.  This corrects
-        a build error for the GTK+ on Mac OS.
-
-        * GNUmakefile.am:
-
-2008-03-01  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        Update Xcode configuration to support building debug and release from the mysterious future.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-
-2008-02-29  Brent Fulgham  <bfulgham@gmail.com>
-
-        http://bugs.webkit.org/show_bug.cgi?id=17483
-        Implement scrollbars on Windows (Cairo)
-
-        Reviewed by Adam Roben.
-
-        * wtf/Platform.h:
-
-2008-02-29  Adam Roben  <aroben@apple.com>
-
-        Remove unused DebuggerImp::abort and DebuggerImp::aborted
-
-        Reviewed by Tim and Sam.
-
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct):
-        * kjs/internal.h:
-        (KJS::DebuggerImp::DebuggerImp):
-        * kjs/nodes.cpp:
-        (KJS::Node::handleException):
-        (KJS::FunctionBodyNodeWithDebuggerHooks::execute):
-
-2008-02-28  Eric Christopher  <echristo@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        ** TOTAL **:          1.005x as fast    2867.6ms +/- 0.4%  2853.2ms +/- 0.3%    significant
-
-        * kjs/nodes.cpp: Tell the compiler that exceptions are unexpected (for
-        the sake of branch prediction and code organization).
-
-2008-02-27  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        http://bugs.webkit.org/show_bug.cgi?id=17030
-        Small buffer overflow within initialization
-
-        * kjs/date_object.cpp:
-        (KJS::DateObjectFuncImp::callAsFunction):
-        (KJS::parseDate):
-        Remove unnecessary and incorrect memset() calls - GregorianDateTime can initialize itself.
-
-2008-02-25  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Dan Bernstein.
-
-        - Add a variant of remove that takes a position and a length.
-
-        * wtf/Vector.h:
-        (WTF::Vector::remove):
-
-2008-02-25  Mark Mentovai  <mark@moxienet.com>
-
-        Reviewed by Mark Rowe.
-
-        Enable CollectorHeapIntrospector to build by itself, as well as in an AllInOneFile build.
-        http://bugs.webkit.org/show_bug.cgi?id=17538
-
-        * kjs/CollectorHeapIntrospector.cpp: Provide "using" declaration for
-          WTF::RemoteMemoryReader.
-        * kjs/collector.h: Move CollectorHeap declaration here...
-        * kjs/collector.cpp: ... from here.
-
-2008-02-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam.
-
-        * JavaScriptCore.exp: Sort the contents of this file.
-
-2008-02-25  Adam Roben  <aroben@apple.com>
-
-        MSVC build fix
-
-        * kjs/testkjs.cpp:
-        (functionQuit): Don't add a return statement after exit(0) for MSVC.
-
-2008-02-24  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        http://bugs.webkit.org/show_bug.cgi?id=17529
-        Add support for reading from stdin from testkjs
-
-        * kjs/testkjs.cpp:
-        (GlobalObject::GlobalObject): Add readline function to global object.
-        (functionReadline): Added. Reads characters from stdin until a '\n' or
-        EOF is encountered. The input is returned as a String to the caller.
-
-2008-02-24  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        http://bugs.webkit.org/show_bug.cgi?id=17528
-        Give testkjs a bath
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Make the testkjs.cpp use 4 space indentation.
-        * kjs/testkjs.cpp:
-        (StopWatch::getElapsedMS):
-        (GlobalObject::className):
-        (GlobalObject::GlobalObject):
-        Rename GlobalImp to GlobalObject and setup the global functions
-        in the GlobalObject's constructor. Also, use static functions for
-        the implementation so we can use the standard PrototypeFunction
-        class and remove TestFunctionImp.
-        (functionPrint): Move print() functionality here.
-        (functionDebug): Move debug() functionality here.
-        (functionGC): Move gc() functionality here.
-        (functionVersion): Move version() functionality here.
-        (functionRun): Move run() functionality here.
-        (functionLoad): Move load() functionality here.
-        (functionQuit): Move quit() functionality here.
-        (prettyPrintScript): Fix indentation.
-        (runWithScripts): Since all the functionality of createGlobalObject is
-        now in the GlobalObject constructor, just call new here.
-        (parseArguments): Fix indentation.
-        (kjsmain): Ditto
-        (fillBufferWithContentsOfFile): Ditto.
-
-2008-02-24  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt and Mark Rowe.
-
-        http://bugs.webkit.org/show_bug.cgi?id=17505
-        Add support for getting command line arguments in testkjs
-
-        - This slightly changes the behavior of parsing arguments by requiring
-          a '-f' before all files. 
-
-        * kjs/testkjs.cpp:
-        (createGlobalObject): Add a global property called 'arguments' which
-        contains an array with the parsed arguments as strings.
-        (runWithScripts): Pass in the arguments vector so that it can be passed
-        to the global object.
-        (parseArguments): Change parsing rules to require a '-f' before any script
-        file. After all '-f' and '-p' arguments have been parsed, the remaining
-        are added to the arguments vector and exposed to the script. If there is a
-        chance of ambiguity (the user wants to pass the string '-f' to the script),
-        the string '--' can be used separate the options from the pass through 
-        arguments.
-        (kjsmain):
-
-2008-02-24  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Darin Adler.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=17511
-          REGRESSION: Reproducible crash in SegmentedSubstring::SegmentedSubstring(SegmentedSubstring const&)
-
-        * wtf/Deque.h:
-        (WTF::::expandCapacityIfNeeded): Fixed the case where m_start and m_end
-        are both zero but the buffer capacity is non-zero.
-        (WTF::::prepend): Added validity checks.
-
-2008-02-23  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
-
-        Rubber stamped by Darin.
-
-        Add separator '\' after libJavaScriptCore_la_LIBADD and cleanup
-        whitespaces introduced in the previous commit.
-
-        * GNUmakefile.am: 
-
-2008-02-23  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
-
-        * GNUmakefile.am: Add GLOBALDEPS for testkjs and minidom.
-
-2008-02-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=17496
-          make Deque use a circular array; add iterators
-
-        * wtf/Deque.h: Wrote an all-new version of this class that uses a circular
-        buffer. Growth policy is identical to vector. Added iterators.
-
-        * wtf/Vector.h: Made two small refinements while using this to implement
-        Deque: Made VectorBufferBase derive from Noncopyable, which would have
-        saved me some debugging time if it had been there. Renamed Impl and
-        m_impl to Buffer and m_buffer.
-
-2008-02-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=17067
-          eliminate attributes parameter from JSObject::put for speed/clarity
-
-        * API/JSCallbackObject.h: Removed attribute arguments.
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::JSCallbackObject<Base>::put): Ditto.
-        * API/JSObjectRef.cpp:
-        (JSObjectSetProperty): Use initializeVariable or putDirect when necessary
-        to set attribute values.
-        * JavaScriptCore.exp: Updated.
-        * bindings/objc/objc_runtime.h: Removed attribute arguments.
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::put): Ditto.
-        * bindings/runtime_array.cpp:
-        (RuntimeArray::put): Ditto.
-        * bindings/runtime_array.h: Ditto.
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::put): Ditto.
-        * bindings/runtime_object.h: Ditto. Also removed canPut which was only
-        called from one place in WebCore that can use hasProperty instead.
-
-        * kjs/Activation.h: Removed attribute argument from put and added the new
-        initializeVariable function that's used to put variables in variable objects.
-        Also made isActivationObject a const member.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::put): Removed attribute argument.
-        (KJS::JSGlobalObject::initializeVariable): Added. Used to give variables
-        their initial values, which can include the read-only property.
-        (KJS::JSGlobalObject::reset): Removed obsolete comments about flags.
-        Removed Internal flag, which is no longer needed.
-        * kjs/JSGlobalObject.h: More of the same.
-
-        * kjs/JSVariableObject.h: Added pure virtual initializeVariable function.
-        (KJS::JSVariableObject::symbolTablePut): Removed checkReadOnly flag; we always
-        check read-only.
-        (KJS::JSVariableObject::symbolTableInitializeVariable): Added.
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::put): Removed attribute argument.
-        * kjs/array_instance.h: Ditto.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::put): Ditto.
-        (KJS::Arguments::put): Ditto.
-        (KJS::ActivationImp::put): Ditto.
-        (KJS::ActivationImp::initializeVariable): Added.
-        * kjs/function.h: Removed attribute arguments.
-
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct): Removed Internal flag.
-
-        * kjs/lookup.h:
-        (KJS::lookupPut): Removed attributes argument. Also changed to use putDirect
-        instead of calling JSObject::put.
-        (KJS::cacheGlobalObject): Ditto.
-
-        * kjs/nodes.cpp:
-        (KJS::ConstDeclNode::handleSlowCase): Call initializeVariable to initialize
-        the constant.
-        (KJS::ConstDeclNode::evaluateSingle): Ditto.
-        (KJS::TryNode::execute): Use putDirect to set up the new object.
-        (KJS::FunctionBodyNode::processDeclarations): Removed Internal.
-        (KJS::ProgramNode::processDeclarations): Ditto.
-        (KJS::EvalNode::processDeclarations): Call initializeVariable to initialize
-        the variables and functions.
-        (KJS::FuncDeclNode::makeFunction): Removed Internal.
-        (KJS::FuncExprNode::evaluate): Ditto.
-
-        * kjs/object.cpp: Removed canPut, which was only being used in one code path,
-        not the normal high speed one.
-        (KJS::JSObject::put): Removed attribute argument. Moved the logic from
-        canPut here, in the one code ath that was still using it.
-        * kjs/object.h: Removed Internal attribute, ad canPut function. Removed the
-        attributes argument to the put function. Made isActivationObject const.
-
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpImp::put): Removed attributes argument.
-        (KJS::RegExpImp::putValueProperty): Ditto.
-        (KJS::RegExpObjectImp::put): Ditto.
-        (KJS::RegExpObjectImp::putValueProperty): Ditto.
-        * kjs/regexp_object.h: Ditto.
-
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::put): Removed attributes argument.
-        * kjs/string_object.h: Ditto.
-
-2008-02-23  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
-
-        Not reviewed, Gtk build fix.
-
-        * kjs/testkjs.pro:
-
-2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows build fix - move ThreadCondition implementation from WebCore to WTF.
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadCondition::ThreadCondition):
-        (WTF::ThreadCondition::~ThreadCondition):
-        (WTF::ThreadCondition::wait):
-        (WTF::ThreadCondition::signal):
-        (WTF::ThreadCondition::broadcast):
-
-2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        Touch some files, hoping that Windows build bot will create JSC headers.
-
-        * kjs/AllInOneFile.cpp:
-        * kjs/array_instance.cpp:
-        * wtf/HashTable.cpp:
-
-2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        Qt/Wx build fix - this file was still in a wrong namespace, too.
-
-        * wtf/ThreadingNone.cpp:
-
-2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        More build fixing - fix mismatched braces.
-
-        * JavaScriptCore.pri:
-
-2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        Wx and Gtk build fixes.
-
-        * JavaScriptCore.pri: Don't try to compile ThreadingPthreads.
-        * wtf/ThreadingGtk.cpp: Use a correct namespace.
-
-2008-02-23  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Move basic threading support from WebCore to WTF.
-
-        Added mutex protection to MessageQueue::killed() for paranoia sake.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * wtf/Locker.h: Copied from WebCore/platform/Locker.h.
-        * wtf/MessageQueue.h: Copied from WebCore/platform/MessageQueue.h.
-        (WTF::::killed):
-        * wtf/Threading.h: Copied from WebCore/platform/Threading.h.
-        * wtf/ThreadingGtk.cpp: Copied from WebCore/platform/gtk/ThreadingGtk.cpp.
-        (WebCore::createThread):
-        * wtf/ThreadingNone.cpp: Copied from WebCore/platform/ThreadingNone.cpp.
-        * wtf/ThreadingPthreads.cpp: Copied from WebCore/platform/pthreads/ThreadingPthreads.cpp.
-        (WTF::createThread):
-        * wtf/ThreadingWin.cpp: Copied from WebCore/platform/win/ThreadingWin.cpp.
-        (WTF::createThread):
-        (WTF::Mutex::Mutex):
-        (WTF::Mutex::~Mutex):
-        (WTF::Mutex::lock):
-        (WTF::Mutex::tryLock):
-        (WTF::Mutex::unlock):
-
-2008-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Partial fix for <rdar://problem/5744037> Gmail out of memory (17455)
-        
-        I'm removing KJS_MEM_LIMIT for the following reasons:
-        
-        - We have a few reports of KJS_MEM_LIMIT breaking important web
-        applications, like GMail and Google Reader. (For example, if you
-        simply open 12 GMail tabs, tab #12 will hit the limit.)
-
-        - Firefox has no discernable JS object count limit, so any limit, even
-        a large one, is a potential compatibility problem.
-        
-        - KJS_MEM_LIMIT does not protect against malicious memory allocation,
-        since there are many ways to maliciously allocate memory without
-        increasing the JS object count.
-        
-        - KJS_MEM_LIMIT is already mostly broken, since it only aborts the
-        script that breaches the limit, not any subsequent scripts.
-        
-        - We've never gotten bug reports about websites that would have
-        benefited from an unbroken KJS_MEM_LIMIT. The initial check-in of
-        KJS_MEM_LIMIT (KJS revision 80061) doesn't mention a website that
-        needed it.
-        
-        - Any website that brings you anywhere close to crashing due to the
-        number of live JS objects will almost certainly put up the "slow
-        script" dialog at least 20 times beforehand.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        * kjs/nodes.cpp:
-        (KJS::TryNode::execute):
-
-2008-02-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey P.
-
-        <rdar://problem/5759327> REGRESSION: while(NaN) acts like while(true)
-
-        Fix yet another case where we incorrectly relied on implicit double
-        to bool coercion.
-
-        * kjs/nodes.cpp:
-        (KJS::PostDecLocalVarNode::evaluateToBoolean):
-
-2008-02-20  Michael Knaup  <michael.knaup@mac.com>
-
-        Reviewed by Darin.
-
-        Fix for Bug 16753: date set methods with no args should result in NaN (Acid3 bug)
-        The set values result in NaN now when called with no args, NaN or +/- inf values.
-        The setYear, setFullYear and setUTCFullYear methods used on NaN dates work as 
-        descripted in the standard.
-
-        * kjs/date_object.cpp:
-        (KJS::fillStructuresUsingTimeArgs):
-        (KJS::fillStructuresUsingDateArgs):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::dateProtoFuncSetYear):
-
-2008-02-19  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin.
-
-        Change OpaqueJSClass and RootObject to start with a ref count of 1.
-        
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClass::createNoAutomaticPrototype):
-        (OpaqueJSClass::create):
-        * API/JSClassRef.h:
-        * API/JSObjectRef.cpp:
-        (JSClassCreate):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::RootObject::create):
-        (KJS::Bindings::RootObject::RootObject):
-
-2008-02-19  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Anders.
-
-        - removed explicit initialization to 1 for RefCounted; that's now the default
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Removed RefCounted initializer.
-
-2008-02-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - next step for http://bugs.webkit.org/show_bug.cgi?id=17257
-          start ref counts at 1 instead of 0 for speed
-
-        * wtf/RefCounted.h:
-        (WTF::RefCounted::RefCounted): Have refcounts default to 1. This allows us to start
-        removing the explicit initialization of RefCounted from classes and eventually we
-        can remove the ability to have the initial count of 0 entirely.
-
-2008-02-18  Samuel Weinig  <sam@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=17419
-        Remove CompatMode from JavaScriptCore as it is never set to anything other than NativeMode
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::init):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::setDebugger):
-        * kjs/date_object.cpp:
-        (KJS::dateProtoFuncGetYear):
-
-2008-02-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        * wtf/ASCIICType.h:
-        (WTF::toASCIIHexValue): Added.
-
-2008-02-17  Darin Adler  <darin@apple.com>
-
-        * wtf/ListHashSet.h: (WTF::swap): Removed stray return statement.
-
-2008-02-15  Adam Roben  <aroben@apple.com>
-
-        Make JavaScriptCore's FEATURE_DEFINES match WebCore's
-
-        Reviewed by Mark.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-02-14  Stephanie Lewis <slewis@apple.com>
-
-        Reviewed by Geoff.
-
-        Update order files.
-
-        * JavaScriptCore.order:
-
-2008-02-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed <rdar://problem/5737835> nee http://bugs.webkit.org/show_bug.cgi?id=17329
-        Crash in JSGlobalObject::popActivation when inserting hyperlink in Wordpress (17329)
-        
-        Don't reset the "activations" stack in JSGlobalObject::reset, since we
-        might be executing a script during the call to reset, and the script
-        needs to safely run to completion.
-        
-        Instead, initialize the "activations" stack when the global object is
-        created, and subsequently rely on pushing and popping during normal
-        execution to maintain the stack's state.
-        
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::init):
-        (KJS::JSGlobalObject::reset):
-
-2008-02-13  Bernhard Rosenkraenzer  <bero@arklinux.org>
-
-        Reviewed by Darin.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=17339
-          JavaScriptCore does not build with gcc 4.3
-
-        * kjs/interpreter.cpp: Add include of <unistd.h>, since that's where
-        getpid() comes from.
-
-2008-02-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey P.
-
-        <rdar://problem/5737003> REGRESSION (r27747): can't browse pictures on fastcupid.com
-
-        When converting numeric values to booleans we need to account for NaN
-
-        * kjs/nodes.cpp:
-        (KJS::MultNode::evaluateToBoolean):
-        (KJS::ModNode::evaluateToBoolean):
-
-2008-02-08  Samuel Weinig  <sam@webkit.org>
-
-        Reviewed by Brady Eidson.
-
-        <rdar://problem/5659216> REGRESSION: PLT 0.3% slower due to r28868 (caching ClassNodeList and NamedNodeList)
-
-        - Tweak the statements in isASCIISpace to account for the statistical distribution of
-          usage in the PLT.
-
-        .4% speedup on my machine.  Stephanie's machine shows this as .3% speedup.
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCIISpace): 
-
-2008-02-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Fixes for:
-        <rdar://problem/5735497> Match Firefox's cross-domain model more accurately by return the built-in version of functions even if they have been overridden
-        <rdar://problem/5735443> Crash when setting the Window objects prototype to a custom Object and then calling a method on it
-
-        - Expose the native Object.prototype.toString implementation so that it can be used for cross-domain
-          toString calling.
-
-        * JavaScriptCore.exp:
-        * kjs/object_object.cpp:
-        * kjs/object_object.h:
-
-2008-02-10  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Eric.
-
-        * kjs/ExecState.h:
-        (KJS::ExecState::takeException): Added.
-
-2008-02-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=17256
-          eliminate default ref. count of 0 in RefCounted class
-
-        * wtf/RefCounted.h:
-        (WTF::RefCounted::RefCounted): Remove default of 0.
-
-2008-02-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=17256
-          Make clients of RefCounted explicitly set the count to 0.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::RootObject::RootObject):
-
-2008-02-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mitz.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=17256
-          Change RegExp to start its ref count at 1, not 0
-
-        We'll want to do this to every RefCounted class, one at a time.
-
-        * kjs/nodes.h:
-        (KJS::RegExpNode::RegExpNode): Use RegExp::create instead of new RegExp.
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Marked inline, set initial ref count to 1.
-        (KJS::RegExp::create): Added. Calls new RegExp then adopts the initial ref.
-        * kjs/regexp.h: Reformatted. Made the constructors private. Added static
-        create functions that return objects already wrapped in PassRefPtr.
-        * kjs/regexp_object.cpp:
-        (KJS::regExpProtoFuncCompile): Use RegExp::create instead of new RegExp.
-        (KJS::RegExpObjectImp::construct): Ditto.
-        * kjs/string_object.cpp:
-        (KJS::stringProtoFuncMatch): Ditto.
-        (KJS::stringProtoFuncSearch): Ditto.
-
-2008-02-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        <rdar://problem/5731773> REGRESSION (r28973): Extraneous parentheses in function.toString()
-        https://bugs.webkit.org/show_bug.cgi?id=17214
-
-        Make a subclass of CommaNode to provide the correct precedence for each expression in
-        a variable declaration list.
-
-        * kjs/grammar.y:
-        * kjs/nodes.h:
-        (KJS::VarDeclCommaNode::):
-
-2008-02-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=17247
-          Labelled continue/break can fail in some cases
-
-        Test: fast/js/continue-break-multiple-labels.html
-
-        * kjs/nodes.h:
-        (KJS::StatementNode::pushLabel): Made this virtual.
-        (KJS::LabelNode::pushLabel): Forward pushLabel calls to the statement inside.
-
-2008-02-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15003
-          Function.prototype.constructor should not be DontDelete/ReadOnly (Acid3 bug)
-
-        Test: fast/js/constructor-attributes.html
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset): Remove unwanted attributes from "constructor".
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct): Ditto.
-        * kjs/nodes.cpp:
-        (KJS::FuncDeclNode::makeFunction): Ditto.
-        (KJS::FuncExprNode::evaluate): Ditto.
-
-2008-02-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Added an ASSERT to catch refCount underflow, since it caused a leak in
-        my last check-in.
-
-        * wtf/RefCounted.h:
-        (WTF::RefCounted::deref):
-
-2008-02-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        PLT speedup related to <rdar://problem/5659272> REGRESSION: PLT .4%
-        slower due to r28884 (global variable symbol table optimization)
-        
-        Tweaked RefCounted::deref() to be a little more efficient.
-
-        1% - 1.5% speedup on my machine. .7% speedup on Stephanie's machine.
-        
-        * wtf/RefCounted.h:
-        (WTF::RefCounted::deref): Don't modify m_refCount if we're just going
-        to delete the object anyway. Also, use a simple == test, which might be
-        faster than <= on some hardware.
-
-2008-02-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=17094
-          Array.prototype functions create length properties with DontEnum/DontDelete
-
-        Test results match Gecko with very few obscure exceptions that seem to be
-        bugs in Gecko.
-
-        Test: fast/js/array-functions-non-arrays.html
-
-        * kjs/array_object.cpp:
-        (KJS::arrayProtoFuncConcat):  Removed DontEnum and DontDelete from the call
-        to set length.
-        (KJS::arrayProtoFuncPop): Ditto. Also added missing call to deleteProperty,
-        which is not needed for real arrays, but is needed for non-arrays.
-        (KJS::arrayProtoFuncPush): Ditto.
-        (KJS::arrayProtoFuncShift): Ditto.
-        (KJS::arrayProtoFuncSlice): Ditto.
-        (KJS::arrayProtoFuncSort): Removed incorrect call to set length when
-        the array has no elements.
-        (KJS::arrayProtoFuncSplice): Removed DontEnum and DontDelete from the call
-        to set length.
-        (KJS::arrayProtoFuncUnShift): Ditto. Also added a check for 0 arguments to
-        make behavior match the specification in that case.
-        * kjs/nodes.cpp:
-        (KJS::ArrayNode::evaluate): Removed DontEnum and DontDelete from the call
-        to set length.
-
-2008-02-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - replace calls to put to set up properties with calls to putDirect, to
-          prepare for a future change where put won't take attributes any more,
-          and for a slight performance boost
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor): Use putDirect instead of put.
-        * kjs/CommonIdentifiers.h: Removed lastIndex.
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset): Use putDirect instead of put.
-        * kjs/array_object.cpp:
-        (KJS::arrayProtoFuncConcat): Took out extra call to get length (unused).
-        (KJS::ArrayObjectImp::ArrayObjectImp): Use putDirect instead of put.
-        * kjs/error_object.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype): Use putDirect instead of put.
-        * kjs/function.cpp:
-        (KJS::Arguments::Arguments): Use putDirect instead of put.
-        (KJS::PrototypeFunction::PrototypeFunction): Use putDirect instead of put.
-        * kjs/function_object.cpp:
-        (KJS::FunctionObjectImp::construct): Use putDirect instead of put.
-        * kjs/nodes.cpp:
-        (KJS::FuncDeclNode::makeFunction): Use putDirect instead of put.
-        (KJS::FuncExprNode::evaluate): Use putDirect instead of put.
-        * kjs/regexp_object.cpp:
-        (KJS::regExpProtoFuncCompile): Use setLastIndex instead of put(lastIndex).
-        (KJS::RegExpImp::match): Get and set lastIndex by using m_lastIndex instead of
-        calling get and put.
-        * kjs/regexp_object.h:
-        (KJS::RegExpImp::setLastIndex): Added.
-        * kjs/string_object.cpp:
-        (KJS::stringProtoFuncMatch): Use setLastIndex instead of put(lastIndex).
-
-2008-02-05  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=8080
-        NodeList (and other DOM lists) items are not enumeratable using for..in
-
-        * JavaScriptCore.exp:
-
-2008-02-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Update versioning to support the mysterious future.
-
-        * Configurations/Version.xcconfig: Add SYSTEM_VERSION_PREFIX_1060.
-
-2008-02-04  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Fixes Bug 16889: REGRESSION (r29425): Canvas-based graphing calculator fails to run
-              Bug 17015: REGRESSION (r29414-29428): www.fox.com "shows" menu fails to render
-              Bug 17164: REGRESSION: JavaScript pop-up menu appears at wrong location when hovering image at http://news.chinatimes.com/
-
-        <http://bugs.webkit.org/show_bug.cgi?id=16889>
-        <rdar://problem/5696255>
-
-        <http://bugs.webkit.org/show_bug.cgi?id=17015>
-
-        <http://bugs.webkit.org/show_bug.cgi?id=17164>
-        <rdar://problem/5720947>
-
-        The ActivationImp tear-off (r29425) introduced a problem with ReadModify
-        nodes that first resolve a slot, call valueForReadModifyNode(), and then
-        store a value in the previously resolved slot. Since valueForReadModifyNode()
-        may cause a tear-off, the slot needs to be resolved again, but this was
-        not happening with the existing code.
-
-        * kjs/nodes.cpp:
-        (KJS::ReadModifyLocalVarNode::evaluate):
-        (KJS::ReadModifyResolveNode::evaluate):
-
-2008-02-04  Cameron McCormack <cam@mcc.id.au>
-
-        Reviewed by Geoff Garen.
-
-        Remove some unneccesary UNUSED_PARAMs.  Clarify ownership rule of return value of JSObjectCopyPropertyNames.
-
-        * API/JSNode.c:
-        (JSNode_appendChild):
-        (JSNode_removeChild):
-        (JSNode_replaceChild):
-        (JSNode_getNodeType):
-        (JSNode_getFirstChild):
-        * API/JSNodeList.c:
-        (JSNodeList_length):
-        * API/JSObjectRef.h:
-
-2008-02-04  Rodney Dawes  <dobey@wayofthemonkey.com>
-
-        Reviewed by Alp Toker and Mark Rowe.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=17175.
-        Bug 17175: Use of C++ compiler flags in CFLAGS
-
-        * GNUmakefile.am: Use global_cxxflags as well as global_cflags in CXXFLAGS.
-
-2008-02-04  Alp Toker  <alp@atoker.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Remove all trailing whitespace in the GTK+ port and related
-        components.
-
-        * GNUmakefile.am:
-
-2008-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        PLT speedup related to <rdar://problem/5659272> REGRESSION: PLT .4%
-        slower due to r28884 (global variable symbol table optimization)
-
-        Geoff's theory is that the slowdown was due to copying hash tables when
-        putting things into the back/forward cache. If that's true, then this
-        should fix the problem.
-
-        (According to Geoff's measurements, in a PLT that exaggerates the
-        importance of symbol table saving during cached page creation, this
-        patch is a ~3X speedup in cached page creation, and a 9% speedup overall.)
-
-        * JavaScriptCore.exp: Updated.
-
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::saveLocalStorage): Updated for changes to SavedProperty,
-        which has been revised to avoid initializing each SavedProperty twice when building
-        the array. Store the property names too, so we don't have to store the symbol table
-        separately. Do this by iterating the symbol table instead of the local storage vector.
-        (KJS::JSVariableObject::restoreLocalStorage): Ditto. Restore the symbol table as
-        well as the local storage vector.
-
-        * kjs/JSVariableObject.h: Removed save/restoreSymbolTable and do that work inside
-        save/restoreLocalStorage instead. Made restoreLocalStorage a non-const member function
-        that takes a const reference to a SavedProperties object.
-
-        * kjs/LocalStorage.h: Changed attributes to be unsigned instead of int to match
-        other declarations of attributes elsewhere.
-
-        * kjs/property_map.cpp:
-        (KJS::SavedProperties::SavedProperties): Updated for data member name change.
-        (KJS::PropertyMap::save): Updated for data member name change and to use the new
-        inline init function instead of setting the fields directly. This allows us to
-        skip initializing the SavedProperty objects when first allocating the array, and
-        just do it when we're actually setting up the individual elements.
-        (KJS::PropertyMap::restore): Updated for SavedProperty changes.
-
-        * kjs/property_map.h: Changed SavedProperty from a struct to a class. Set it up so
-        it does not get initialized at construction time to avoid initializing twice when
-        creating an array of SavedProperty. Removed the m_ prefixes from the members of
-        the SavedProperties struct. Generally we use m_ for class members and not struct.
-
-2008-02-02  Tony Chang  <idealisms@gmail.com>
-
-        Reviewed by darin.  Landed by eseidel.
-
-        Add #define guards for WIN32_LEAN_AND_MEAN and _CRT_RAND_S.
-
-        * kjs/config.h:
-        * wtf/FastMalloc.cpp:
-        * wtf/TCSpinLock.h:
-
-2008-01-28  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Adler.
-
-        - Fix whitespace in nodes.h/cpp and nodes2string.cpp.
-
-        (NOTE: Specific changed functions elided for space and clarity)
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-
-2008-01-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Patch for http://bugs.webkit.org/show_bug.cgi?id=17025
-        nodes.h/cpp has been rolling around in the mud - lets hose it down
-
-        - Rename member variables to use the m_ prefix.
-
-        (NOTE: Specific changed functions elided for space and clarity)
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-
-2008-01-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - fix <rdar://problem/5657450> REGRESSION: const is broken
-
-        Test: fast/js/const.html
-
-        SunSpider said this was 0.3% slower. And I saw some Shark samples in
-        JSGlobalObject::put -- not a lot but a few. We may be able to regain the
-        speed, but for now we will take that small hit for correctness sake.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::put): Pass the checkReadOnly flag in to symbolTablePut
-        instead of passing attributes.
-
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTablePut): Removed the code to set attributes
-        here, since we only set attributes when creating a property. Added the code
-        to check read-only here, since we need that to implement const!
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::put): Pass the checkReadOnly flag in to symbolTablePut
-        instead of passing attributes.
-
-        * kjs/nodes.cpp:
-        (KJS::isConstant): Added.
-        (KJS::PostIncResolveNode::optimizeVariableAccess): Create a PostIncConstNode
-        if optimizing for a local variable and the variable is constant.
-        (KJS::PostDecResolveNode::optimizeVariableAccess): Ditto. But PostDecConstNode.
-        (KJS::PreIncResolveNode::optimizeVariableAccess): Ditto. But PreIncConstNode.
-        (KJS::PreDecResolveNode::optimizeVariableAccess): Ditto. But PreDecConstNode.
-        (KJS::PreIncConstNode::evaluate): Return the value + 1.
-        (KJS::PreDecConstNode::evaluate): Return the value - 1.
-        (KJS::PostIncConstNode::evaluate): Return the value converted to a number.
-        (KJS::PostDecConstNode::evaluate): Ditto.
-        (KJS::ReadModifyResolveNode::optimizeVariableAccess): Create a ReadModifyConstNode
-        if optimizing for a local variable and the variable is constant.
-        (KJS::AssignResolveNode::optimizeVariableAccess): Ditto. But AssignConstNode.
-        (KJS::ScopeNode::optimizeVariableAccess): Pass the local storage to the
-        node optimizeVariableAccess functions, since that's where we need to look to
-        figure out if a variable is constant.
-        (KJS::FunctionBodyNode::processDeclarations): Moved the call to
-        optimizeVariableAccess until after localStorage is set up.
-        (KJS::ProgramNode::processDeclarations): Ditto.
-
-        * kjs/nodes.h: Fixed the IsConstant and HasInitializer values. They are used
-        as flag masks, so a value of 0 will not work for IsConstant. Changed the
-        first parameter to optimizeVariableAccess to be a const reference to a symbol
-        table and added a const reference to local storage. Added classes for const
-        versions of local variable access: PostIncConstNode, PostDecConstNode,
-        PreIncConstNode, PreDecConstNode, ReadModifyConstNode, and AssignConstNode.
-
-        * kjs/object.cpp:
-        (KJS::JSObject::put): Tweaked comments a bit, and changed the checkReadOnly
-        expression to match the form used at the two other call sites.
-
-2008-01-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16498
-          ''.constructor.toString() gives [function]
-
-        Test: fast/js/function-names.html
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayObjectImp::ArrayObjectImp): Use the class name as the constructor's function name.
-        * kjs/bool_object.cpp:
-        (KJS::BooleanObjectImp::BooleanObjectImp): Ditto.
-        * kjs/date_object.cpp:
-        (KJS::DateObjectImp::DateObjectImp): Ditto.
-        * kjs/error_object.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype): Make the error object be an Error.
-        (KJS::ErrorObjectImp::ErrorObjectImp): Use the class name as the constructor's function name.
-        (KJS::NativeErrorPrototype::NativeErrorPrototype): Take const UString&.
-        (KJS::NativeErrorImp::NativeErrorImp): Use the prototype's name as the constructor's function
-        name.
-        * kjs/error_object.h: Change ErrorPrototype to inherit from ErrorInstance. Change the
-        NativeErrorImp constructor to take a NativeErrorPrototype pointer for its prototype.
-        * kjs/function.h: Removed unneeded constructor for internal functions without names.
-        We want to avoid those!
-        * kjs/function_object.cpp:
-        (KJS::functionProtoFuncToString): Removed code that writes out just [function] for functions
-        that have no names. There's no reason to do that.
-        (KJS::FunctionObjectImp::FunctionObjectImp): Use the class name as the constructor's
-        function name.
-        * kjs/internal.cpp: Removed the unused constructor.
-        * kjs/number_object.cpp:
-        (KJS::fractionalPartToString): Marked static for internal linkage.
-        (KJS::exponentialPartToString): Ditto.
-        (KJS::numberProtoFuncToPrecision): Removed an unneeded else.
-        (KJS::NumberObjectImp::NumberObjectImp): Use the class name as the constructor's
-        function name.
-        (KJS::NumberObjectImp::getValueProperty): Tweaked formatting.
-        * kjs/object_object.cpp:
-        (KJS::ObjectObjectImp::ObjectObjectImp): Use "Object" for the function name.
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpObjectImp::RegExpObjectImp): Use "RegExp" for the function name.
-        * kjs/string_object.cpp:
-        (KJS::StringObjectImp::StringObjectImp): Use the class name as the constructor's
-        function name.
-
-2008-01-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=17027
-          Incorrect Function.toString behaviour with read/modify/write operators performed on negative numbers
-
-        Test: fast/js/function-toString-parentheses.html
-
-        The problem here was that a NumberNode with a negative number in it had the wrong
-        precedence. It's not a primary expression, it's a unary operator with a primary
-        expression after it.
-
-        Once the precedence of NumberNode was fixed, the cases from bug 17020 were also
-        fixed without trying to treat bracket nodes like dot nodes. That wasn't needed.
-        The reason we handle numbers before dot nodes specially is that the dot is a
-        legal character in a number. The same is not true of a bracket. Eventually we
-        could get smarter, and only add the parentheses when there is actual ambiguity.
-        There is none if the string form of the number already has a dot in it, or if
-        it's a number with a alphabetic name like infinity or NAN.
-
-        * kjs/nodes.h: Renamed back from ObjectAccess to DotExpr.
-        (KJS::NumberNode::precedence): Return PrecUnary for negative numbers, since
-        they serialize as a unary operator, not a primary expression.
-        * kjs/nodes2string.cpp:
-        (KJS::SourceStream::operator<<): Clear m_numberNeedsParens if this adds
-        parens; one set is enough.
-        (KJS::bracketNodeStreamTo): Remove unneeded special flag here. Normal
-        operator precedence suffices.
-        (KJS::NewExprNode::streamTo): Ditto.
-
-2008-01-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej and Darin.
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=17020
-        Function.toString does not parenthesise numbers for the bracket accessor
-
-        It turns out that logic was there for all of the dot accessor nodes to make numbers be
-        parenthesised properly, so it was a trivial extension to extend that to the bracket nodes.
-        I renamed the enum type to reflect the fact that it is now used for both dot and bracket
-        accessors.
-
-        * kjs/nodes2string.cpp:
-        (KJS::bracketNodeStreamTo):
-        (KJS::BracketAccessorNode::streamTo):
-
-2008-01-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Fix Bug 17018: Incorrect code generated from Function.toString for get/setters in object literals
-
-        Don't quote getter and setter names during output, as that is simply wrong.
-
-        * kjs/nodes2string.cpp:
-        (KJS::PropertyNode::streamTo):
-
-2008-01-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16860
-          a bit of cleanup after the Activation optimization
-
-        * JavaScriptCore.exp: Export the GlobalExecState constructor instead of
-        the global flavor of the ExecState constructor. It'd probably be cleaner
-        to not export either one, but JSGlobalObject inlines the code that
-        constructs the ExecState. If we changed that, we could remove this export.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Re-sorted a few things and
-        put the new source files into the kjs group rather than at the top level.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState): Marked inline and updated for data member
-        name changes. This is now only for use for the derived classes. Also removed
-        code that sets the unused m_savedExec data member for the global case. That
-        data member is only used for the other two types.
-        (KJS::ExecState::~ExecState): Marked inline and removed all the code.
-        The derived class destructors now inclde the appropriate code.
-        (KJS::ExecState::lexicalGlobalObject): Removed unneeded special case for
-        an empty scope chain. The bottom function already returns 0 for that case,
-        so the general case code handles it fine. Also changed to use data members
-        directly rather than calling functions.
-        (KJS::GlobalExecState::GlobalExecState): Added. Calls through to the base
-        class constructor.
-        (KJS::GlobalExecState::~GlobalExecState): Added.
-        (KJS::InterpreterExecState::InterpreterExecState): Added. Moved code to
-        manipulate activeExecStates here since we don't want to have to check for the
-        special case of globalExec.
-        (KJS::InterpreterExecState::~InterpreterExecState): Added.
-        (KJS::EvalExecState::EvalExecState): Added.
-        (KJS::EvalExecState::~EvalExecState): Added.
-        (KJS::FunctionExecState::FunctionExecState): Added.
-        (KJS::FunctionExecState::~FunctionExecState): Added.
-
-        * kjs/ExecState.h: Tweaked the header, includes, and declarations a bit.
-        Made ExecState inherit from Noncopyable. Reformatted some comments and
-        made them a bit more brief. Rearranged declarations a little bit and removed
-        unused savedExec function. Changed seenLabels function to return a reference
-        rather than a pointer. Made constructors and destructor protected, and also
-        did the same with all data members. Renamed m_thisVal to m_thisValue and
-        ls to m_labelStack. Added three new derived classes for each of the
-        types of ExecState. The primary goal here was to remove a branch from the
-        code in the destructor, but it's also clearer than overloading the arguments
-        to the ExecState constructor.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::getCurrentTime): Fixed formatting.
-        (KJS::JSGlobalObject::pushActivation): Removed parentheses that don't make
-        the expression clearer -- other similar sites didn't have these parentheses,
-        even the one a couple lines earlier that sets stackEntry.
-        (KJS::JSGlobalObject::tearOffActivation): Got rid of unneeded static_cast
-        (I think I mentioned this during patch review) and used an early exit so that
-        the entire contents of the function aren't nested inside an if statement.
-        Also removed the check of codeType, instead checking Activation for 0.
-        For now, I kept the codeType check, but inside an assertion.
-
-        * kjs/JSGlobalObject.h: Changed type of globalExec to GlobalExecState.
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction): Changed type to FunctionExecState.
-        (KJS::GlobalFuncImp::callAsFunction): Changed type to EvalExecState.
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate): Changed type to GlobalExecState.
-
-        * kjs/nodes.cpp:
-        (KJS::ContinueNode::execute): Changed code since seenLabels() returns a
-        reference now instead of a pointer.
-        (KJS::BreakNode::execute): Ditto.
-        (KJS::LabelNode::execute): Ditto.
-
-2008-01-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Cleanup node2string a little.
-        - Remove some unnecessary branching.
-        - Factor out bracket and dot streaming into static inline functions.
-
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        (KJS::bracketNodeStreamTo):
-        (KJS::dotNodeStreamTo):
-        (KJS::FunctionCallBracketNode::streamTo):
-        (KJS::FunctionCallDotNode::streamTo):
-        (KJS::PostIncBracketNode::streamTo):
-        (KJS::PostDecBracketNode::streamTo):
-        (KJS::PostIncDotNode::streamTo):
-        (KJS::PostDecDotNode::streamTo):
-        (KJS::DeleteBracketNode::streamTo):
-        (KJS::DeleteDotNode::streamTo):
-        (KJS::PreIncBracketNode::streamTo):
-        (KJS::PreDecBracketNode::streamTo):
-        (KJS::PreIncDotNode::streamTo):
-        (KJS::PreDecDotNode::streamTo):
-        (KJS::ReadModifyBracketNode::streamTo):
-        (KJS::AssignBracketNode::streamTo):
-        (KJS::ReadModifyDotNode::streamTo):
-        (KJS::AssignDotNode::streamTo):
-        (KJS::WhileNode::streamTo):
-
-2008-01-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=17001
-        Bug 17001: Build error with Gtk port on Mac OS X
-
-        If both XP_MACOSX and XP_UNIX are defined then X11.h and Carbon.h will both be included.
-        These provide conflicting definitions for a type named 'Cursor'.  As XP_UNIX is set by
-        the build system when targeting X11, it doesn't make sense for XP_MACOSX to also be set
-        in this instance.
-
-        * bindings/npapi.h: Don't define XP_MACOSX if XP_UNIX is defined.
-
-2008-01-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=17013
-          JSC can't round trip certain for-loops
-
-        Test: fast/js/toString-for-var-decl.html
-
-        * kjs/nodes.h: Added PlaceholderTrueNode so we can put nodes into
-        for loops without injecting the word "true" into them (nice, but not
-        the bug fix). Fixed ForNode constructor so expr1WasVarDecl is set
-        only when there is an expression, since it's common for the actual
-        variable declaration to be moved by the parser.
-
-        * kjs/nodes2string.cpp:
-        (KJS::PlaceholderTrueNode::streamTo): Added. Empty.
-
-2008-01-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Fix for bug 17012: REGRESSION: JSC can't round trip an object literal
-
-        Add logic to ensure that object literals and function expressions get
-        parentheses when necessary.
-
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        (KJS::SourceStream::operator<<):
-
-2008-01-24  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-
-2008-01-24  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-
-2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix QDateTime to JS Date conversion.
-        Several conversion errors (some UTC related, some month
-        offset related) and the conversion distance for Date
-        to DateTime conversion weights were fixed (it should never
-        be better to convert a JS Number into a Date rather than
-        an int).
-        
-        * bindings/qt/qt_runtime.cpp:
-        (KJS::Bindings::convertValueToQVariant):
-        (KJS::Bindings::convertQVariantToValue):
-
-2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
-
-        Reviewed by Simon.
-
-        Add support for calling QObjects.
-        Add support for invokeDefaultMethod (via a call to
-        a specific slot), and also allow using it as a
-        constructor, like QtScript.
-        
-
-        * bindings/qt/qt_class.cpp:
-        (KJS::Bindings::QtClass::fallbackObject):
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtRuntimeObjectImp::construct):
-        (KJS::Bindings::QtInstance::QtInstance):
-        (KJS::Bindings::QtInstance::~QtInstance):
-        (KJS::Bindings::QtInstance::implementsCall):
-        (KJS::Bindings::QtInstance::invokeDefaultMethod):
-        * bindings/qt/qt_instance.h:
-        * bindings/qt/qt_runtime.cpp:
-        (KJS::Bindings::findMethodIndex):
-        (KJS::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
-        (KJS::Bindings::QtRuntimeMetaMethod::callAsFunction):
-        * bindings/qt/qt_runtime.h:
-
-2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
-
-        Reviewed by Simon.
-
-        Code style cleanups.
-        Add spaces before/after braces in inline function.
-
-        * bindings/qt/qt_instance.h:
-
-2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
-
-        Reviewed by Simon.
-
-        Code style cleanups.
-        Remove spaces and unneeded declared parameter names.
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtRuntimeObjectImp::removeFromCache):
-
-2008-01-24  Michael Goddard  <michael.goddard@trolltech.com>
-
-        Reviewed by Simon.
-
-        Clear stale RuntimeObjectImps.
-        Since other objects can have refs to the QtInstance,
-        we can't rely on the QtInstance being deleted when the
-        RuntimeObjectImp is invalidate or deleted.  This
-        could result in a stale JSObject being returned for
-        a valid Instance.
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtRuntimeObjectImp::QtRuntimeObjectImp):
-        (KJS::Bindings::QtRuntimeObjectImp::~QtRuntimeObjectImp):
-        (KJS::Bindings::QtRuntimeObjectImp::invalidate):
-        (KJS::Bindings::QtRuntimeObjectImp::removeFromCache):
-        (KJS::Bindings::QtInstance::getRuntimeObject):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createRuntimeObject):
-        * bindings/runtime.h:
-
-2008-01-23  Alp Toker  <alp@atoker.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Remove whitespace after -I in automake include lists.
-
-        * GNUmakefile.am:
-
-2008-01-23  Michael Goddard <michael.goddard@trolltech.com>
-
-        Reviewed by Lars Knoll <lars@trolltech.com>.
-
-        Reworked the JavaScriptCore Qt bindings:
-        
-        * Add initial support for string and variant arrays, as well
-        as sub QObjects in the JS bindings.
-        
-        * Don't expose fields marked as not scriptable by moc.
-        
-        * Add support for dynamic properties and accessing named
-        QObject children of an object (like QtScript and older
-        IE DOM style JS).
-        * Add support for custom toString methods.
-        
-        * Fine tune some bindings to be closer to QtScript.
-        Make void functions return undefined, and empty/
-        null QStrings return a zero length string.
-        
-        * Create framework for allowing more direct method calls.
-        Since RuntimeMethod doesn't allow us to add additional
-        methods/properties to a function, add these classes.
-        Start prototyping object.signal.connect(...).
-        
-        * Add signal support to the Qt bindings.
-        Allow connecting to signals (object.signal.connect(slot)),
-        disconnecting, and emitting signals.  Currently chooses
-        the first signal that matches the name, so this will need
-        improvement.
-        
-        * Add property names, and resolve signals closer to use.
-        Enumerating properties now returns some of the Qt properties
-        and signals.  Slots and methods aren't quite present.  Also,
-        resolve signal connections etc. closer to the time of use, so
-        we can do more dynamic resolution based on argument type etc.
-        Still picks the first one with the same name, at the moment.
-        
-        * Make signature comparison code consistent.
-        Use the same code for checking meta signatures in
-        the method and fallback getters, and avoid a
-        QByteArray construction when we can.
-        
-        * Fix minor memory leak, and handle pointers better.
-        Delete the private object in the dtors, and use RefPtrs
-        for holding Instances etc.
-        
-        * Handle method lookup better.
-        Allow invocation time method lookup based on the arguments,
-        which is closer to QtScript behaviour.  Also, cache the
-        method lists and delete them in the QtClass dtor (stops
-        a memory leak).
-        
-        * Improve JS to Qt data type conversions.
-        Add some support for Date & RegExp JS objects,
-        and provide some metrics on the quality of the
-        conversion.
-        
-        * A couple of fixes for autotest failures.
-        Better support for converting lists, read/write only
-        QMetaProperty support, modified slot search order...)
-
-        * bindings/qt/qt_class.cpp:
-        (KJS::Bindings::QtClass::QtClass):
-        (KJS::Bindings::QtClass::~QtClass):
-        (KJS::Bindings::QtClass::name):
-        (KJS::Bindings::QtClass::fallbackObject):
-        (KJS::Bindings::QtClass::methodsNamed):
-        (KJS::Bindings::QtClass::fieldNamed):
-        * bindings/qt/qt_class.h:
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::QtInstance):
-        (KJS::Bindings::QtInstance::~QtInstance):
-        (KJS::Bindings::QtInstance::getRuntimeObject):
-        (KJS::Bindings::QtInstance::getClass):
-        (KJS::Bindings::QtInstance::implementsCall):
-        (KJS::Bindings::QtInstance::getPropertyNames):
-        (KJS::Bindings::QtInstance::invokeMethod):
-        (KJS::Bindings::QtInstance::invokeDefaultMethod):
-        (KJS::Bindings::QtInstance::stringValue):
-        (KJS::Bindings::QtInstance::booleanValue):
-        (KJS::Bindings::QtInstance::valueOf):
-        (KJS::Bindings::QtField::name):
-        (KJS::Bindings::QtField::valueFromInstance):
-        (KJS::Bindings::QtField::setValueToInstance):
-        * bindings/qt/qt_instance.h:
-        (KJS::Bindings::QtInstance::getBindingLanguage):
-        (KJS::Bindings::QtInstance::getObject):
-        * bindings/qt/qt_runtime.cpp:
-        (KJS::Bindings::QWKNoDebug::QWKNoDebug):
-        (KJS::Bindings::QWKNoDebug::~QWKNoDebug):
-        (KJS::Bindings::QWKNoDebug::operator<<):
-        (KJS::Bindings::):
-        (KJS::Bindings::valueRealType):
-        (KJS::Bindings::convertValueToQVariant):
-        (KJS::Bindings::convertQVariantToValue):
-        (KJS::Bindings::QtRuntimeMethod::QtRuntimeMethod):
-        (KJS::Bindings::QtRuntimeMethod::~QtRuntimeMethod):
-        (KJS::Bindings::QtRuntimeMethod::codeType):
-        (KJS::Bindings::QtRuntimeMethod::execute):
-        (KJS::Bindings::QtRuntimeMethodData::~QtRuntimeMethodData):
-        (KJS::Bindings::QtRuntimeMetaMethodData::~QtRuntimeMetaMethodData):
-        (KJS::Bindings::QtRuntimeConnectionMethodData::~QtRuntimeConnectionMethodData):
-        (KJS::Bindings::QtMethodMatchType::):
-        (KJS::Bindings::QtMethodMatchType::QtMethodMatchType):
-        (KJS::Bindings::QtMethodMatchType::kind):
-        (KJS::Bindings::QtMethodMatchType::isValid):
-        (KJS::Bindings::QtMethodMatchType::isVariant):
-        (KJS::Bindings::QtMethodMatchType::isMetaType):
-        (KJS::Bindings::QtMethodMatchType::isUnresolved):
-        (KJS::Bindings::QtMethodMatchType::isMetaEnum):
-        (KJS::Bindings::QtMethodMatchType::enumeratorIndex):
-        (KJS::Bindings::QtMethodMatchType::variant):
-        (KJS::Bindings::QtMethodMatchType::metaType):
-        (KJS::Bindings::QtMethodMatchType::metaEnum):
-        (KJS::Bindings::QtMethodMatchType::unresolved):
-        (KJS::Bindings::QtMethodMatchType::typeId):
-        (KJS::Bindings::QtMethodMatchType::name):
-        (KJS::Bindings::QtMethodMatchData::QtMethodMatchData):
-        (KJS::Bindings::QtMethodMatchData::isValid):
-        (KJS::Bindings::QtMethodMatchData::firstUnresolvedIndex):
-        (KJS::Bindings::indexOfMetaEnum):
-        (KJS::Bindings::findMethodIndex):
-        (KJS::Bindings::findSignalIndex):
-        (KJS::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
-        (KJS::Bindings::QtRuntimeMetaMethod::mark):
-        (KJS::Bindings::QtRuntimeMetaMethod::callAsFunction):
-        (KJS::Bindings::QtRuntimeMetaMethod::getOwnPropertySlot):
-        (KJS::Bindings::QtRuntimeMetaMethod::lengthGetter):
-        (KJS::Bindings::QtRuntimeMetaMethod::connectGetter):
-        (KJS::Bindings::QtRuntimeMetaMethod::disconnectGetter):
-        (KJS::Bindings::QtRuntimeConnectionMethod::QtRuntimeConnectionMethod):
-        (KJS::Bindings::QtRuntimeConnectionMethod::callAsFunction):
-        (KJS::Bindings::QtRuntimeConnectionMethod::getOwnPropertySlot):
-        (KJS::Bindings::QtRuntimeConnectionMethod::lengthGetter):
-        (KJS::Bindings::QtConnectionObject::QtConnectionObject):
-        (KJS::Bindings::QtConnectionObject::~QtConnectionObject):
-        (KJS::Bindings::QtConnectionObject::metaObject):
-        (KJS::Bindings::QtConnectionObject::qt_metacast):
-        (KJS::Bindings::QtConnectionObject::qt_metacall):
-        (KJS::Bindings::QtConnectionObject::execute):
-        (KJS::Bindings::QtConnectionObject::match):
-        (KJS::Bindings::::QtArray):
-        (KJS::Bindings::::~QtArray):
-        (KJS::Bindings::::rootObject):
-        (KJS::Bindings::::setValueAt):
-        (KJS::Bindings::::valueAt):
-        * bindings/qt/qt_runtime.h:
-        (KJS::Bindings::QtField::):
-        (KJS::Bindings::QtField::QtField):
-        (KJS::Bindings::QtField::fieldType):
-        (KJS::Bindings::QtMethod::QtMethod):
-        (KJS::Bindings::QtMethod::name):
-        (KJS::Bindings::QtMethod::numParameters):
-        (KJS::Bindings::QtArray::getLength):
-        (KJS::Bindings::QtRuntimeMethod::d_func):
-        (KJS::Bindings::QtRuntimeMetaMethod::d_func):
-        (KJS::Bindings::QtRuntimeConnectionMethod::d_func):
-        (KJS::Bindings::):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-        (KJS::Bindings::Instance::createRuntimeObject):
-        (KJS::Bindings::Instance::reallyCreateRuntimeObject):
-        * bindings/runtime.h:
-
-2008-01-22  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin and Adam.
-
-        <rdar://problem/5688975>
-        div element on microsoft site has wrong left offset.
-        
-        Return true even if NPN_GetProperty returns null or undefined. This matches Firefox 
-        (and is what the Silverlight plug-in expects).
-        
-        * bindings/NP_jsobject.cpp:
-        (_NPN_GetProperty):
-
-2008-01-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=16909
-        REGRESSION: Amazon.com crash (ActivationImp)
-        
-        (and a bunch of other crashes)
-        
-        Plus, a .7% SunSpider speedup to boot.
-        
-        Replaced the buggy currentExec and savedExec mechanisms with an
-        explicit ExecState stack.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect): Explicitly mark the ExecState stack.
-
-        (KJS::Collector::reportOutOfMemoryToAllExecStates): Slight change in
-        behavior: We no longer throw an exception in any global ExecStates,
-        since global ExecStates are more like pseudo-ExecStates, and aren't
-        used for script execution. (It's unclear what would happen if you left
-        an exception waiting around in a global ExecState, but it probably
-        wouldn't be good.)
-
-2008-01-21  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
-
-        Reviewed by Alp Toker.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16955
-        Get errors when cross-compile webkit-gtk
-
-        * GNUmakefile.am: removed ICU_CFLAGS
-
-2008-01-18  Kevin McCullough  <kmccullough@apple.com>
-
-        - Build fix.
-
-        * kjs/ustring.h:
-
-2008-01-18  Kevin McCullough  <kmccullough@apple.com>
-
-        - Build fix.
-
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        (KJS::UString::cost):
-
-2008-01-18  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        - Correctly report cost of appended strings to trigger GC.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::create):
-        (KJS::UString::UString): Don't create unnecssary objects.
-        (KJS::UString::cost): Report cost if necessary but also keep track of 
-        reported cost.
-        * kjs/ustring.h:
-
-2008-01-18  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Holger.
-
-        Fix return type conversions from Qt slots to JS values.
-        
-        This also fixes fast/dom/open-and-close-by-DOM.html, which called
-        layoutTestController.windowCount().
-        
-        When constructing the QVariant that holds the return type we cannot
-        use the QVarian(Type) constuctor as that will create a null variant.
-        We have to use the QVariant(Type, void *) constructor instead, just
-        like in QMetaObject::read() for example.
-        
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::getRuntimeObject):
-
-2008-01-18  Prasanth Ullattil  <prasanth.ullattil@trolltech.com>
-
-        Reviewed by Simon Hausmann <hausmann@webkit.org>.
-
-        Fix compilation on Win64(2): Implemented currentThreadStackBase on X86-64 on Windows
-        
-
-        * kjs/collector.cpp:
-        (KJS::Collector::heapAllocate):
-
-2008-01-18  Prasanth Ullattil  <prasanth.ullattil@trolltech.com>
-
-        Reviewed by Simon Hausmann <hausmann@webkit.org>.
-
-        Fix compilation on Win64(1): Define WTF_PLATFORM_X86_64 correctly on Win64.
-        
-
-        * wtf/Platform.h:
-
-2008-01-17  Antti Koivisto  <antti@apple.com>
-
-        Fix Windows build.
-
-        * kjs/regexp_object.cpp:
-        (KJS::regExpProtoFuncToString):
-
-2008-01-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin.
-
-        Fix for http://bugs.webkit.org/show_bug.cgi?id=16901
-        Convert remaining JS function objects to use the new PrototypeFunction class
-
-        - Moves Boolean, Function, RegExp, Number, Object and Global functions to their
-          own static function implementations so that they can be used with the
-          PrototypeFunction class.  SunSpider says this is 1.003x as fast.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        * kjs/array_object.h:
-        * kjs/bool_object.cpp:
-        (KJS::BooleanInstance::BooleanInstance):
-        (KJS::BooleanPrototype::BooleanPrototype):
-        (KJS::booleanProtoFuncToString):
-        (KJS::booleanProtoFuncValueOf):
-        (KJS::BooleanObjectImp::BooleanObjectImp):
-        (KJS::BooleanObjectImp::implementsConstruct):
-        (KJS::BooleanObjectImp::construct):
-        (KJS::BooleanObjectImp::callAsFunction):
-        * kjs/bool_object.h:
-        (KJS::BooleanInstance::classInfo):
-        * kjs/error_object.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype):
-        (KJS::errorProtoFuncToString):
-        * kjs/error_object.h:
-        * kjs/function.cpp:
-        (KJS::globalFuncEval):
-        (KJS::globalFuncParseInt):
-        (KJS::globalFuncParseFloat):
-        (KJS::globalFuncIsNaN):
-        (KJS::globalFuncIsFinite):
-        (KJS::globalFuncDecodeURI):
-        (KJS::globalFuncDecodeURIComponent):
-        (KJS::globalFuncEncodeURI):
-        (KJS::globalFuncEncodeURIComponent):
-        (KJS::globalFuncEscape):
-        (KJS::globalFuncUnEscape):
-        (KJS::globalFuncKJSPrint):
-        (KJS::PrototypeFunction::PrototypeFunction):
-        * kjs/function.h:
-        * kjs/function_object.cpp:
-        (KJS::FunctionPrototype::FunctionPrototype):
-        (KJS::functionProtoFuncToString):
-        (KJS::functionProtoFuncApply):
-        (KJS::functionProtoFuncCall):
-        * kjs/function_object.h:
-        * kjs/number_object.cpp:
-        (KJS::NumberPrototype::NumberPrototype):
-        (KJS::numberProtoFuncToString):
-        (KJS::numberProtoFuncToLocaleString):
-        (KJS::numberProtoFuncValueOf):
-        (KJS::numberProtoFuncToFixed):
-        (KJS::numberProtoFuncToExponential):
-        (KJS::numberProtoFuncToPrecision):
-        * kjs/number_object.h:
-        (KJS::NumberInstance::classInfo):
-        (KJS::NumberObjectImp::classInfo):
-        (KJS::NumberObjectImp::):
-        * kjs/object_object.cpp:
-        (KJS::ObjectPrototype::ObjectPrototype):
-        (KJS::objectProtoFuncValueOf):
-        (KJS::objectProtoFuncHasOwnProperty):
-        (KJS::objectProtoFuncIsPrototypeOf):
-        (KJS::objectProtoFuncDefineGetter):
-        (KJS::objectProtoFuncDefineSetter):
-        (KJS::objectProtoFuncLookupGetter):
-        (KJS::objectProtoFuncLookupSetter):
-        (KJS::objectProtoFuncPropertyIsEnumerable):
-        (KJS::objectProtoFuncToLocaleString):
-        (KJS::objectProtoFuncToString):
-        * kjs/object_object.h:
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpPrototype::RegExpPrototype):
-        (KJS::regExpProtoFuncTest):
-        (KJS::regExpProtoFuncExec):
-        (KJS::regExpProtoFuncCompile):
-        (KJS::regExpProtoFuncToString):
-        * kjs/regexp_object.h:
-
-2008-01-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej & Darin.
-
-        Fixes Bug 16868: Gmail crash
-          and Bug 16871: Crash when loading apple.com/startpage
-
-        <http://bugs.webkit.org/show_bug.cgi?id=16868>
-        <rdar://problem/5686108>
-
-        <http://bugs.webkit.org/show_bug.cgi?id=16871>
-        <rdar://problem/5686670>
-
-        Adds ActivationImp tear-off for cross-window eval() and fixes an
-        existing garbage collection issue exposed by the ActivationImp tear-off
-        patch (r29425) that can occur when an ExecState's m_callingExec is
-        different than its m_savedExec.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::mark):
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-
-2008-01-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver.
-
-        Clean up MathObjectImp, it needed a little scrubbing.
-
-        * kjs/math_object.cpp:
-        (KJS::MathObjectImp::MathObjectImp):
-        (KJS::MathObjectImp::getOwnPropertySlot):
-        (KJS::MathObjectImp::getValueProperty):
-        (KJS::mathProtoFuncACos):
-        (KJS::mathProtoFuncASin):
-        (KJS::mathProtoFuncATan):
-        (KJS::mathProtoFuncATan2):
-        (KJS::mathProtoFuncCos):
-        (KJS::mathProtoFuncExp):
-        (KJS::mathProtoFuncLog):
-        (KJS::mathProtoFuncSin):
-        (KJS::mathProtoFuncSqrt):
-        (KJS::mathProtoFuncTan):
-        * kjs/math_object.h:
-        (KJS::MathObjectImp::classInfo):
-        (KJS::MathObjectImp::):
-
-2008-01-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Rename Lexer variable bol to atLineStart.
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::Lexer):
-        (KJS::Lexer::setCode):
-        (KJS::Lexer::nextLine):
-        (KJS::Lexer::lex):
-        * kjs/lexer.h:
-
-2008-01-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen and Anders Carlsson.
-
-        Remove uses of KJS_PURE_ECMA as we don't ever build with it defined,
-        and we have many features that are not included in the ECMA spec.
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::Lexer):
-        (KJS::Lexer::setCode):
-        (KJS::Lexer::nextLine):
-        (KJS::Lexer::lex):
-        * kjs/lexer.h:
-        * kjs/string_object.cpp:
-        * kjs/string_object.h:
-
-2008-01-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix <rdar://problem/5595552> r27608 introduced a 20% increase in JS binary size, 4% increase in WebCore binary size
-
-        - This changes the way JS functions that use Lookup tables are handled.  Instead of using
-          one class per function, which allowed specialization of the virtual callAsFunction
-          method, we now use one class, PrototypeFunction, which takes a pointer to a static
-          function to use as the implementation.  This significantly decreases the binary size
-          of JavaScriptCore (about 145k on an Intel only build) while still keeping some of the
-          speedup r27608 garnered (SunSpider says this is 1.005x as slow, which should leave some
-          wiggle room from the original 1% speedup) and keeps the functions implementations in separate
-          functions to help with optimizations.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/array_object.cpp:
-        (KJS::arrayProtoFuncToString):
-        (KJS::arrayProtoFuncToLocaleString):
-        (KJS::arrayProtoFuncJoin):
-        (KJS::arrayProtoFuncConcat):
-        (KJS::arrayProtoFuncPop):
-        (KJS::arrayProtoFuncPush):
-        (KJS::arrayProtoFuncReverse):
-        (KJS::arrayProtoFuncShift):
-        (KJS::arrayProtoFuncSlice):
-        (KJS::arrayProtoFuncSort):
-        (KJS::arrayProtoFuncSplice):
-        (KJS::arrayProtoFuncUnShift):
-        (KJS::arrayProtoFuncFilter):
-        (KJS::arrayProtoFuncMap):
-        (KJS::arrayProtoFuncEvery):
-        (KJS::arrayProtoFuncForEach):
-        (KJS::arrayProtoFuncSome):
-        (KJS::arrayProtoFuncIndexOf):
-        (KJS::arrayProtoFuncLastIndexOf):
-        * kjs/array_object.h:
-        * kjs/date_object.cpp:
-        (KJS::DatePrototype::getOwnPropertySlot):
-        (KJS::dateProtoFuncToString):
-        (KJS::dateProtoFuncToUTCString):
-        (KJS::dateProtoFuncToDateString):
-        (KJS::dateProtoFuncToTimeString):
-        (KJS::dateProtoFuncToLocaleString):
-        (KJS::dateProtoFuncToLocaleDateString):
-        (KJS::dateProtoFuncToLocaleTimeString):
-        (KJS::dateProtoFuncValueOf):
-        (KJS::dateProtoFuncGetTime):
-        (KJS::dateProtoFuncGetFullYear):
-        (KJS::dateProtoFuncGetUTCFullYear):
-        (KJS::dateProtoFuncToGMTString):
-        (KJS::dateProtoFuncGetMonth):
-        (KJS::dateProtoFuncGetUTCMonth):
-        (KJS::dateProtoFuncGetDate):
-        (KJS::dateProtoFuncGetUTCDate):
-        (KJS::dateProtoFuncGetDay):
-        (KJS::dateProtoFuncGetUTCDay):
-        (KJS::dateProtoFuncGetHours):
-        (KJS::dateProtoFuncGetUTCHours):
-        (KJS::dateProtoFuncGetMinutes):
-        (KJS::dateProtoFuncGetUTCMinutes):
-        (KJS::dateProtoFuncGetSeconds):
-        (KJS::dateProtoFuncGetUTCSeconds):
-        (KJS::dateProtoFuncGetMilliSeconds):
-        (KJS::dateProtoFuncGetUTCMilliseconds):
-        (KJS::dateProtoFuncGetTimezoneOffset):
-        (KJS::dateProtoFuncSetTime):
-        (KJS::dateProtoFuncSetMilliSeconds):
-        (KJS::dateProtoFuncSetUTCMilliseconds):
-        (KJS::dateProtoFuncSetSeconds):
-        (KJS::dateProtoFuncSetUTCSeconds):
-        (KJS::dateProtoFuncSetMinutes):
-        (KJS::dateProtoFuncSetUTCMinutes):
-        (KJS::dateProtoFuncSetHours):
-        (KJS::dateProtoFuncSetUTCHours):
-        (KJS::dateProtoFuncSetDate):
-        (KJS::dateProtoFuncSetUTCDate):
-        (KJS::dateProtoFuncSetMonth):
-        (KJS::dateProtoFuncSetUTCMonth):
-        (KJS::dateProtoFuncSetFullYear):
-        (KJS::dateProtoFuncSetUTCFullYear):
-        (KJS::dateProtoFuncSetYear):
-        (KJS::dateProtoFuncGetYear):
-        * kjs/date_object.h:
-        * kjs/function.cpp:
-        (KJS::PrototypeFunction::PrototypeFunction):
-        (KJS::PrototypeFunction::callAsFunction):
-        * kjs/function.h:
-        * kjs/lookup.h:
-        (KJS::HashEntry::):
-        (KJS::staticFunctionGetter):
-        * kjs/math_object.cpp:
-        (KJS::mathProtoFuncAbs):
-        (KJS::mathProtoFuncACos):
-        (KJS::mathProtoFuncASin):
-        (KJS::mathProtoFuncATan):
-        (KJS::mathProtoFuncATan2):
-        (KJS::mathProtoFuncCeil):
-        (KJS::mathProtoFuncCos):
-        (KJS::mathProtoFuncExp):
-        (KJS::mathProtoFuncFloor):
-        (KJS::mathProtoFuncLog):
-        (KJS::mathProtoFuncMax):
-        (KJS::mathProtoFuncMin):
-        (KJS::mathProtoFuncPow):
-        (KJS::mathProtoFuncRandom):
-        (KJS::mathProtoFuncRound):
-        (KJS::mathProtoFuncSin):
-        (KJS::mathProtoFuncSqrt):
-        (KJS::mathProtoFuncTan):
-        * kjs/math_object.h:
-        * kjs/string_object.cpp:
-        (KJS::stringProtoFuncToString):
-        (KJS::stringProtoFuncValueOf):
-        (KJS::stringProtoFuncCharAt):
-        (KJS::stringProtoFuncCharCodeAt):
-        (KJS::stringProtoFuncConcat):
-        (KJS::stringProtoFuncIndexOf):
-        (KJS::stringProtoFuncLastIndexOf):
-        (KJS::stringProtoFuncMatch):
-        (KJS::stringProtoFuncSearch):
-        (KJS::stringProtoFuncReplace):
-        (KJS::stringProtoFuncSlice):
-        (KJS::stringProtoFuncSplit):
-        (KJS::stringProtoFuncSubstr):
-        (KJS::stringProtoFuncSubstring):
-        (KJS::stringProtoFuncToLowerCase):
-        (KJS::stringProtoFuncToUpperCase):
-        (KJS::stringProtoFuncToLocaleLowerCase):
-        (KJS::stringProtoFuncToLocaleUpperCase):
-        (KJS::stringProtoFuncLocaleCompare):
-        (KJS::stringProtoFuncBig):
-        (KJS::stringProtoFuncSmall):
-        (KJS::stringProtoFuncBlink):
-        (KJS::stringProtoFuncBold):
-        (KJS::stringProtoFuncFixed):
-        (KJS::stringProtoFuncItalics):
-        (KJS::stringProtoFuncStrike):
-        (KJS::stringProtoFuncSub):
-        (KJS::stringProtoFuncSup):
-        (KJS::stringProtoFuncFontcolor):
-        (KJS::stringProtoFuncFontsize):
-        (KJS::stringProtoFuncAnchor):
-        (KJS::stringProtoFuncLink):
-        * kjs/string_object.h:
-
-2008-01-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adam Roben.
-        
-        Some tweaks to our headerdoc, suggested by David Gatwood on the docs
-        team.
-
-        * API/JSBase.h:
-        * API/JSObjectRef.h:
-        * API/JSStringRef.h:
-        * API/JSValueRef.h:
-
-2008-01-15  Alp Toker  <alp@atoker.com>
-
-        Rubber-stamped by Anders.
-
-        Make the HTTP backend configurable in the GTK+ port. curl is currently
-        the only option.
-
-        * wtf/Platform.h: Don't hard-code WTF_USE_CURL for GTK
-
-2008-01-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Beth Dakin.
-
-        Remove unneeded variable.
-
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFuncSubstr::callAsFunction):
-
-2008-01-14  Steve Falkenburg  <sfalken@apple.com>
-
-        Use shared vsprops for most vcproj properties.
-        
-        Reviewed by Darin.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add missing Debug_Internal config.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add missing Debug_Internal config.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2008-01-14  Adam Roben  <aroben@apple.com>
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
-        some headers that were missing from the vcproj so their contents will
-        be included in Find in Files.
-
-2008-01-14  Adam Roben  <aroben@apple.com>
-
-        Fix Bug 16871: Crash when loading apple.com/startpage
-
-        <http://bugs.webkit.org/show_bug.cgi?id=16871>
-        <rdar://problem/5686670>
-
-        Patch written by Darin, reviewed by me.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::mark): Call ActivationImp::markChildren if our
-        m_activation is on the stack. This is what ScopeChain::mark also does,
-        but apparently in some cases it's possible for an ExecState's
-        ActivationImp to not be in any ScopeChain.
-
-2008-01-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Oliver.
-
-        -<rdar://problem/5622667> REGRESSION (Leopard-ToT): Endless loading loop
-        trying to view techreport.com comments
-        - We need to set values in the map, because if they are already in the
-        map they will not be reset when we use add().
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::put):
-
-2008-01-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam.
-
-        - re-speed-up the page load test (my StringImpl change slowed it down)
-
-        * wtf/RefCounted.h:
-        (WTF::RefCounted::RefCounted): Allow derived classes to start with a reference
-        count other than 0. Eventually everyone will want to start with a 1. This is a
-        staged change. For now, there's a default of 0, and you can specify 1. Later,
-        there will be no default and everyone will have to specify. And then later, there
-        will be a default of 1. Eventually, we can take away even the option of starting
-        with 0!
-
-        * wtf/Vector.h:
-        (WTF::Vector::Vector): Sped up creation of non-empty vectors by removing the
-        overhead of first constructing something empty and then calling resize.
-        (WTF::Vector::clear): Sped up the common case of calling clear on an empty
-        vector by adding a check for that case.
-        (WTF::Vector::releaseBuffer): Marked this function inline and removed a branch
-        in the case of vectors with no inline capacity (normal vectors) by leaving out
-        the code to copy the inline buffer in that case.
-
-2008-01-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16787
-        array.splice() with 1 element not working
-
-        Test: fast/js/array-splice.html
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayProtoFuncSplice::callAsFunction): Implement this Mozilla extension, and fix
-        some other edge cases.
-
-2008-01-13  Steve Falkenburg  <sfalken@apple.com>
-
-        Share common files across projects.
-        
-        Unify vsprops files
-        Debug:          common.vsprops, debug.vsprops
-        Debug_Internal: common.vsprops, debug.vsprops, debug_internal.vsprops
-        Release:        common.vsprops, release.vsprops
-        
-        Shared properties can go into common.vsprops, shared debug settings can go into debug.vsprops.
-        debug_internal.vsprops will be mostly empty except for file path prefix modifiers.
-
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/debug.vsprops: Removed.
-        * JavaScriptCore.vcproj/debug_internal.vsprops: Removed.
-        * JavaScriptCore.vcproj/release.vsprops: Removed.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2008-01-13  Marius Bugge Monsen  <mbm@trolltech.com>
-
-        Contributions and review by Adriaan de Groot,
-        Simon Hausmann, Eric Seidel, and Darin Adler.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16590
-          Compilation fixes for Solaris.
-
-        * kjs/DateMath.h:
-        (KJS::GregorianDateTime::GregorianDateTime): Use the WIN_OS code path
-        for SOLARIS too, presumably because Solaris also lacks the tm_gtoff and tm_zone
-        fields.
-        (KJS::GregorianDateTime::operator tm): Ditto.
-
-        * kjs/collector.cpp:
-        (KJS::currentThreadStackBase): Use thr_stksegment on Solaris.
-
-        * wtf/MathExtras.h:
-        (isfinite): Implement for Solaris.
-        (isinf): Ditto.
-        (signbit): Ditto. But this one is wrong, so I added a FIXME.
-
-        * wtf/Platform.h: Define PLATFORM(SOLARIS) when "sun" or "__sun" is defined.
-
-2008-01-13  Michael Goddard  <michael.goddard@trolltech.com>
-
-        Reviewed by Anders Carlsson.
-
-        Add binding language type to Instance.
-        Allows runtime determination of the type of an
-        Instance, to allow safe casting.  Doesn't actually
-        add any safe casting yet, though.
-
-        Add a helper function to get an Instance from a JSObject*.
-        Given an object and the expected binding language, see if
-        the JSObject actually wraps an Instance of the given type
-        and return it.  Otherwise return 0.
-
-        Move RuntimeObjectImp creations into Instance.
-        Make the ctor protected, and Instance a friend class, so
-        that all creation of RuntimeObjectImps goes through
-        one place.
-
-        Remove copy ctor/assignment operator for QtInstance.
-        Instance itself is Noncopyable, so QtInstance doesn't
-        need to have these.
-
-        Add caching for QtInstance and associated RuntimeObjectImps.
-        Push any dealings with QtLanguage bindings into QtInstance,
-        and cache them there, rather than in the Instance layer.  Add
-        a QtRuntimeObjectImp to help with caching.
-
-        * JavaScriptCore.exp:
-        * bindings/c/c_instance.h:
-        * bindings/jni/jni_instance.h:
-        * bindings/objc/objc_instance.h:
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtRuntimeObjectImp::QtRuntimeObjectImp):
-        (KJS::Bindings::QtRuntimeObjectImp::~QtRuntimeObjectImp):
-        (KJS::Bindings::QtRuntimeObjectImp::invalidate):
-        (KJS::Bindings::QtRuntimeObjectImp::removeFromCache):
-        (KJS::Bindings::QtInstance::QtInstance):
-        (KJS::Bindings::QtInstance::~QtInstance):
-        (KJS::Bindings::QtInstance::getQtInstance):
-        (KJS::Bindings::QtInstance::getRuntimeObject):
-        * bindings/qt/qt_instance.h:
-        (KJS::Bindings::QtInstance::getBindingLanguage):
-        * bindings/runtime.cpp:
-        (KJS::Bindings::Instance::createBindingForLanguageInstance):
-        (KJS::Bindings::Instance::createRuntimeObject):
-        (KJS::Bindings::Instance::getInstance):
-        * bindings/runtime.h:
-        * bindings/runtime_object.h:
-        (KJS::RuntimeObjectImp::getInternalInstance):
-
-2008-01-12  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Mark Rowe.
-
-        Hide non-public symbols in GTK+/autotools release builds.
-
-        * GNUmakefile.am:
-
-2008-01-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Mark Rowe.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=16852
-        Fixes leaking of ActivationStackNode objects.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::deleteActivationStack):
-        (KJS::JSGlobalObject::~JSGlobalObject):
-        (KJS::JSGlobalObject::init):
-        (KJS::JSGlobalObject::reset):
-        * kjs/JSGlobalObject.h:
-
-2008-01-12  Darin Adler  <darin@apple.com>
-
-        - try to fix Qt Windows build
-
-        * pcre/dftables: Remove reliance on the list form of Perl pipes.
-
-2008-01-12  Darin Adler  <darin@apple.com>
-
-        - try to fix Qt build
-
-        * kjs/function.cpp: Added include of scope_chain_mark.h.
-        * kjs/scope_chain_mark.h: Added multiple-include guards.
-
-2008-01-12  Mark Rowe  <mrowe@apple.com>
-
-        Another Windows build fix.
-
-        * kjs/Activation.h:
-
-2008-01-12  Mark Rowe  <mrowe@apple.com>
-
-        Attempted Windows build fix.  Use struct consistently when forward-declaring
-        ActivationStackNode and StackActivation.
-
-        * kjs/Activation.h:
-        * kjs/JSGlobalObject.h:
-
-2008-01-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Fixes a problem with the ActivationImp tear-off patch (r29425) where
-        some of the calls to JSGlobalObject::tearOffActivation() were using
-        the wrong test to determine whether it should leave a relic behind.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::ActivationImp::getOwnPropertySlot):
-
-2008-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
-        variable access (16644)
-        
-        This bug was caused by var declarations shadowing built-in properties of
-        the global object.
-        
-        To match Firefox, we've decided that var declarations will never shadow
-        built-in properties of the global object or its prototypes. We used to
-        behave more like IE, which allows shadowing, but walking that line got
-        us into trouble with websites that sent us down the Firefox codepath.
-
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableGet): New code to support calling
-        hasProperty before the variable object is fully initialized (so you
-        can call it during initialization).
-
-        * kjs/nodes.cpp:.
-        (KJS::ProgramNode::initializeSymbolTable): Always do a full hasProperty
-        check when looking for duplicates, not getDirect, since it only checks
-        the property map, and not hasOwnProperty, since it doesn't check
-        prototypes.
-        (KJS::EvalNode::processDeclarations): ditto
-
-        * kjs/property_slot.h:
-        (KJS::PropertySlot::ungettableGetter): Best function name evar.
-
-2008-01-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Optimized ActivationImp allocation, so that activation records are now
-        first allocated on an explicitly managed stack and only heap allocated
-        when necessary. Roughly a 5% improvement on SunSpider, and a larger
-        improvement on benchmarks that use more function calls.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/Activation.h: Added.
-        (KJS::ActivationImp::ActivationData::ActivationData):
-        (KJS::ActivationImp::ActivationImp):
-        (KJS::ActivationImp::classInfo):
-        (KJS::ActivationImp::isActivationObject):
-        (KJS::ActivationImp::isOnStack):
-        (KJS::ActivationImp::d):
-        (KJS::StackActivation::StackActivation):
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        (KJS::ExecState::~ExecState):
-        * kjs/ExecState.h:
-        (KJS::ExecState::replaceScopeChainTop):
-        (KJS::ExecState::setActivationObject):
-        (KJS::ExecState::setLocalStorage):
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        (KJS::JSGlobalObject::pushActivation):
-        (KJS::JSGlobalObject::checkActivationCount):
-        (KJS::JSGlobalObject::popActivationHelper):
-        (KJS::JSGlobalObject::popActivation):
-        (KJS::JSGlobalObject::tearOffActivation):
-        * kjs/JSGlobalObject.h:
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
-        (KJS::JSVariableObject::JSVariableObject):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::ActivationImp::ActivationImp):
-        (KJS::ActivationImp::~ActivationImp):
-        (KJS::ActivationImp::init):
-        (KJS::ActivationImp::getOwnPropertySlot):
-        (KJS::ActivationImp::markHelper):
-        (KJS::ActivationImp::mark):
-        (KJS::ActivationImp::ActivationData::ActivationData):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function.h:
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::evaluate):
-        (KJS::PostDecResolveNode::evaluate):
-        (KJS::PreIncResolveNode::evaluate):
-        (KJS::PreDecResolveNode::evaluate):
-        (KJS::ReadModifyResolveNode::evaluate):
-        (KJS::AssignResolveNode::evaluate):
-        (KJS::WithNode::execute):
-        (KJS::TryNode::execute):
-        (KJS::FunctionBodyNode::processDeclarations):
-        (KJS::FuncExprNode::evaluate):
-        * kjs/object.h:
-        * kjs/scope_chain.h:
-        (KJS::ScopeChain::replace):
-        * kjs/scope_chain_mark.h: Added.
-        (KJS::ScopeChain::mark):
-
-2008-01-11  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix the (clean) qmake build. For generating chartables.c we don't
-        depend on a separate input source file anymore, the dftables perl
-        script is enough. So use that instead as value for the .input
-        variable, to ensure that qmake also generates a rule to call dftables.
-
-        * pcre/pcre.pri:
-
-2008-01-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by John Sullivan.
-
-        Fixed some world leak reports:
-        * <rdar://problem/5669436> PLT complains about world leak of 1 JavaScript
-        Interpreter after running cvs-base suite
-
-        * <rdar://problem/5669423> PLT complains about world leak if browser
-        window is open when PLT starts
-        
-        * kjs/collector.h: Added the ability to distinguish between global
-        objects and GC-protected global objects, since we only consider the
-        latter to be world leaks.
-        * kjs/collector.cpp:
-
-2008-01-11  Mark Rowe  <mrowe@apple.com>
-
-        Silence qmake warning about ctgen lacking input.
-
-        Rubber-stamped by Alp Toker.
-
-        * pcre/pcre.pri:
-
-2008-01-10  David Kilzer  <ddkilzer@apple.com>
-
-        dftables should be rewritten as a script
-
-        <http://bugs.webkit.org/show_bug.cgi?id=16818>
-        <rdar://problem/5681463>
-
-        Reviewed by Darin.
-
-        Rewrote the dftables utility in Perl.  Attempted to switch all
-        build systems to call the script directly instead of building
-        a binary first.  Only the Xcode build was able to be tested.
-
-        * DerivedSources.make: Added pcre directory to VPATH and changed
-        to invoke dftables directly.
-        * GNUmakefile.am: Removed build information and changed to invoke
-        dftables directly.
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed reference to
-        dftables project.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Ditto.
-        * JavaScriptCore.vcproj/dftables: Removed.
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed dftables target.
-        * jscore.bkl: Removed dftables executable definition.
-        * pcre/dftables: Copied from JavaScriptCore/pcre/dftables.cpp.
-        * pcre/dftables.cpp: Removed.
-        * pcre/dftables.pro: Removed.
-        * pcre/pcre.pri: Removed references to dftables.cpp and changed to
-        invoke dftables directly.
-
-2008-01-10  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Darin Adler.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16782
-          <rdar://problem/5675331> REGRESSION(r29266): Reproducible crash in fast/replaced/image-map.html
-
-        The crash resulted from a native object (DumpRenderTree's
-        EventSender) causing its wrapper to be invalidated (by clicking a
-        link that replaced the document in the window) and consequently
-        deallocated. The fix is to use RefPtrs to protect the native object
-        from deletion by self-invalidation.
-
-        * bindings/runtime_method.cpp:
-        (RuntimeMethod::callAsFunction):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::fallbackObjectGetter):
-        (RuntimeObjectImp::fieldGetter):
-        (RuntimeObjectImp::methodGetter):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::defaultValue):
-        (RuntimeObjectImp::callAsFunction):
-
-2008-01-07  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Turn testIsInteger assertions into compile-time asserts and move them into HashTraits.h
-        where possible.
-
-        * kjs/testkjs.cpp:
-        * wtf/HashTraits.h:
-
-2008-01-07  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Mark.
-
-        Enable SVG_FONTS by default.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-01-07  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by David Kilzer.
-
-        - get rid of empty fpconst.cpp
-
-        * GNUmakefile.am: Remove fpconst.cpp.
-        * JavaScriptCore.pri: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * JavaScriptCoreSources.bkl: Ditto.
-
-        * kjs/fpconst.cpp: Removed.
-
-2008-01-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by David Kilzer.
-
-        - fix alignment problem with NaN and Inf globals
-
-        * kjs/fpconst.cpp: Move the contents of this file from here back to
-        value.cpp. The reason this was in a separate file is that the DARWIN
-        version of this used a declaration of the globals with a different
-        type to avoid creating "init routines". That's no longer necessary for
-        DARWIN and was never necessary for the non-DARWIN code path.
-        To make this patch easy to merge, I didn't actually delete this file
-        yet. We'll do that in a separate changeset.
-
-        * kjs/value.cpp: If C99's NAN and INFINITY are present, then use them,
-        othrewise use the union trick from fpconst.cpp. I think it would be
-        better to eliminate KJS::NaN and KJS::Inf and just use NAN and INFINITY
-        directly or std::numeric_limits<double>::quiet_nan() and
-        std::numeric_limits<double>::infinity(). But when I tried that, it
-        slowed down SunSpider. Someone else could do that cleanup if they
-        could do it without slowing down the engine.
-
-2008-01-07  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
-        JavaScript.h to the project.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        Copy JavaScript.h to WEBKITOUTPUTDIR.
-
-2008-01-07  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Darin.
-
-        Fix Mac build.
-
-        * API/JSNode.c:
-        * API/JSNode.h:
-        * API/JSNodeList.c:
-        * API/JSNodeList.h:
-        * API/JavaScript.h:
-        * API/JavaScriptCore.h:
-        * API/minidom.c:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-01-07  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16029
-        JavaScriptCore.h is not suitable for platforms other than Mac OS X
-
-        Introduce a new JavaScriptCore/JavaScript.h public API header. This
-        should be used by all new portable code using the JavaScriptCore API.
-
-        JavaScriptCore/JavaScriptCore.h will remain for compatibility with
-        existing applications that depend on it including JSStringRefCF.h
-        which isn't portable.
-
-        Also add minidom to the GTK+/autotools build since we can now support
-        it on all platforms.
-
-        * API/JSNode.h:
-        * API/JSNodeList.h:
-        * API/JavaScript.h: Added.
-        * API/JavaScriptCore.h:
-        * ForwardingHeaders/JavaScriptCore/JavaScript.h: Added.
-        * GNUmakefile.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-01-06  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Abstract all DateObject.set* functions in preparation for fixing:
-        http://bugs.webkit.org/show_bug.cgi?id=16753
-        
-        SunSpider had random changes here and there but was overall a wash.
-
-        * kjs/date_object.cpp:
-        (KJS::fillStructuresUsingTimeArgs):
-        (KJS::setNewValueFromTimeArgs):
-        (KJS::setNewValueFromDateArgs):
-        (KJS::DateProtoFuncSetMilliSeconds::callAsFunction):
-        (KJS::DateProtoFuncSetUTCMilliseconds::callAsFunction):
-        (KJS::DateProtoFuncSetSeconds::callAsFunction):
-        (KJS::DateProtoFuncSetUTCSeconds::callAsFunction):
-        (KJS::DateProtoFuncSetMinutes::callAsFunction):
-        (KJS::DateProtoFuncSetUTCMinutes::callAsFunction):
-        (KJS::DateProtoFuncSetHours::callAsFunction):
-        (KJS::DateProtoFuncSetUTCHours::callAsFunction):
-        (KJS::DateProtoFuncSetDate::callAsFunction):
-        (KJS::DateProtoFuncSetUTCDate::callAsFunction):
-        (KJS::DateProtoFuncSetMonth::callAsFunction):
-        (KJS::DateProtoFuncSetUTCMonth::callAsFunction):
-        (KJS::DateProtoFuncSetFullYear::callAsFunction):
-        (KJS::DateProtoFuncSetUTCFullYear::callAsFunction):
-
-2008-01-06  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Dan.
-
-        Add new helper function isArabicChar - SVG Fonts support needs it.
-
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::isArabicChar):
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::isArabicChar):
-
-2008-01-06  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Mark Rowe.
-
-        Use $(EXEEXT) to account for the .exe extension in the GTK+ Windows
-        build. (This is already done correctly in DerivedSources.make.) Issue
-        noticed by Mikkel when building in Cygwin.
-
-        Add a missing slash. This was a hack from the qmake build system that
-        isn't necessary with autotools.
-
-        * GNUmakefile.am:
-
-2008-01-05  Darin Adler  <darin@apple.com>
-
-        * API/JSRetainPtr.h: One more file that needed the change below.
-
-2008-01-05  Darin Adler  <darin@apple.com>
-
-        * wtf/OwnPtr.h: OwnPtr needs the same fix as RefPtr below.
-
-2008-01-05  Adam Roben  <aroben@apple.com>
-
-        Build fix.
-
-        Reviewed by Maciej.
-
-        * wtf/RetainPtr.h: Use PtrType instead of T* because of the
-        RemovePointer magic.
-
-2008-01-05  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Maciej Stachowiak.
-
-        - cut down own PIC branches by using a pointer-to-member-data instead of a
-          pointer-to-member-function in WTF smart pointers
-
-        * wtf/OwnArrayPtr.h:
-        * wtf/OwnPtr.h:
-        * wtf/PassRefPtr.h:
-        * wtf/RefPtr.h:
-        * wtf/RetainPtr.h:
-        Use a pointer to the m_ptr member instead of the get member.
-        The GCC compiler generates better code for this idiom.
-
-2008-01-05  Henry Mason  <hmason@mac.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16738
-        Bug 16738: Collector block offset could be stored as an cell offset instead of a byte offset
-
-        Gives a 0.4% SunSpider boost and prettier code.
-
-        * kjs/collector.cpp: Switched to cell offsets from byte offsets
-        (KJS::Collector::heapAllocate):
-        (KJS::Collector::sweep):
-
-2008-01-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Have the two malloc zones print useful diagnostics if their free method are unexpectedly invoked.
-        Due to <rdar://problem/5671357> this can happen if an application attempts to free a pointer that
-        was not allocated by any registered malloc zone on the system.
-
-        * kjs/CollectorHeapIntrospector.h:
-        * wtf/FastMalloc.cpp:
-
-2008-01-04  Alp Toker  <alp@atoker.com>
-
-        GTK+ autotools build fix. Terminate empty rules.
-
-        * GNUmakefile.am:
-
-2008-01-03  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix compilation with gcc 4.3: limits.h is needed for INT_MAX.
-
-        * pcre/pcre_exec.cpp:
-
-2008-01-03  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/expected.html: The fix for bug 16696 also fixed a test
-        case, ecma_3/RegExp/perlstress-002.js, so updated results to expect
-        that test to succeed.
-
-2008-01-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16696
-          JSCRE fails fails to match Acid3 regexp
-
-        Test: fast/regex/early-acid3-86.html
-
-        The problem was with the cutoff point between backreferences and octal
-        escape sequences. We need to determine the cutoff point by counting the
-        total number of capturing brackets, which requires an extra pass through
-        the expression when compiling it.
-
-        * pcre/pcre_compile.cpp:
-        (CompileData::CompileData): Added numCapturingBrackets. Removed some
-        unused fields.
-        (compileBranch): Use numCapturingBrackets when calling checkEscape.
-        (calculateCompiledPatternLength): Use numCapturingBrackets when calling
-        checkEscape, and also store the bracket count at the end of the compile.
-        (jsRegExpCompile): Call calculateCompiledPatternLength twice -- once to
-        count the number of brackets and then a second time to calculate the length.
-
-2008-01-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16696
-          JSCRE fails fails to match Acid3 regexp
-
-        Test: fast/regex/early-acid3-86.html
-
-        The problem was with the cutoff point between backreferences and octal
-        escape sequences. We need to determine the cutoff point by counting the
-        total number of capturing brackets, which requires an extra pass through
-        the expression when compiling it.
-
-        * pcre/pcre_compile.cpp:
-        (CompileData::CompileData): Added numCapturingBrackets. Removed some
-        unused fields.
-        (compileBranch): Use numCapturingBrackets when calling checkEscape.
-        (calculateCompiledPatternLength): Use numCapturingBrackets when calling
-        checkEscape, and also store the bracket count at the end of the compile.
-        (jsRegExpCompile): Call calculateCompiledPatternLength twice -- once to
-        count the number of brackets and then a second time to calculate the length.
-
-2008-01-02  David Kilzer <ddkilzer@webkit.org>
-
-        Reviewed and landed by Darin.
-
-        * kjs/nodes.cpp:
-        (KJS::DoWhileNode::execute): Added a missing return.
-
-2008-01-02  Darin Adler  <darin@apple.com>
-
-        - try to fix Qt build
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::foldCase): Add some missing const.
-
-2008-01-02  Alice Liu  <alice.liu@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        need to export ASCIICType.h for use in DRT
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIUpper):
-
-2008-01-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Beth Dakin.
-
-        Cleanup error_object.h/cpp.
-
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::reset):
-        * kjs/error_object.cpp:
-        (KJS::ErrorInstance::ErrorInstance):
-        (KJS::ErrorPrototype::ErrorPrototype):
-        (KJS::ErrorProtoFuncToString::ErrorProtoFuncToString):
-        (KJS::ErrorProtoFuncToString::callAsFunction):
-        (KJS::ErrorObjectImp::ErrorObjectImp):
-        (KJS::ErrorObjectImp::implementsConstruct):
-        (KJS::ErrorObjectImp::construct):
-        (KJS::ErrorObjectImp::callAsFunction):
-        (KJS::NativeErrorPrototype::NativeErrorPrototype):
-        (KJS::NativeErrorImp::NativeErrorImp):
-        (KJS::NativeErrorImp::implementsConstruct):
-        (KJS::NativeErrorImp::construct):
-        (KJS::NativeErrorImp::callAsFunction):
-        (KJS::NativeErrorImp::mark):
-        * kjs/error_object.h:
-        (KJS::ErrorInstance::classInfo):
-        (KJS::NativeErrorImp::classInfo):
-
-2008-01-02  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Alp Toker.
-
-        * GNUmakefile.am: Add missing dependency on grammar.y.
-
-2008-01-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - fix for http://bugs.webkit.org/show_bug.cgi?id=16695
-          JSC allows non-identifier codepoints in identifiers (affects Acid3)
-
-        Test: fast/js/kde/parse.html
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::lex): Added additional states to distinguish Unicode escapes at the
-        start of identifiers from ones inside identifiers. Rejected characters that don't pass
-        the isIdentStart and isIdentPart tests.
-        (KJS::Lexer::convertUnicode): Removed incorrect FIXME comment.
-
-        * kjs/lexer.h: Added new states to distinguish \u escapes at the start of identifiers
-        from \u escapes inside identifiers.
-
-2008-01-01  Darin Adler  <darin@apple.com>
-
-        - rolled scope chain optimization out; it was breaking the world
-
-2008-01-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16685
-          eliminate List::empty() to cut down on PIC branches
-
-        Also included one other speed-up -- remove the call to reserveCapacity from
-        FunctionBodyNode::processDeclarations in all but the most unusual cases.
-
-        Together these make SunSpider 1.016x as fast.
-
-        * JavaScriptCore.exp: Updated.
-        * kjs/ExecState.cpp:
-        (KJS::globalEmptyList): Added. Called only when creating global ExecState
-        instances.
-        (KJS::ExecState::ExecState): Broke constructor up into three separate functions,
-        for the three separate node types. Also went through each of the three and
-        streamlined as much as possible, removing dead code. This prevents us from having
-        to access the global in the function body version of the constructor.
-
-        * kjs/ExecState.h: Added emptyList(). Replaced the constructor with a set of
-        three that are specific to the different node types that can create new execution
-        state objects.
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayProtoFuncToLocaleString::callAsFunction): Use exec->emptyList() instead
-        of List::empty().
-        (KJS::ArrayProtoFuncConcat::callAsFunction): Ditto.
-        (KJS::ArrayProtoFuncSlice::callAsFunction): Ditto.
-        (KJS::ArrayProtoFuncSplice::callAsFunction): Ditto.
-        (KJS::ArrayProtoFuncFilter::callAsFunction): Ditto.
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction): Updated to call new ExecState constructor.
-        (KJS::GlobalFuncImp::callAsFunction): Ditto (for eval).
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct): Use exec->emptyList() instead of List::empty().
-
-        * kjs/list.cpp: Removed List::empty.
-        * kjs/list.h: Ditto.
-
-        * kjs/nodes.cpp:
-        (KJS::ElementNode::evaluate): Use exec->emptyList() instead of List::empty().
-        (KJS::ArrayNode::evaluate): Ditto.
-        (KJS::ObjectLiteralNode::evaluate): Ditto.
-        (KJS::PropertyListNode::evaluate): Ditto.
-        (KJS::FunctionBodyNode::processDeclarations): Another speed-up. Check the capacity
-        before calling reserveCapacity, because it doesn't get inlined the local storage
-        vector is almost always big enough -- saving the function call overhead is a big
-        deal.
-        (KJS::FuncDeclNode::makeFunction): Use exec->emptyList() instead of List::empty().
-        (KJS::FuncExprNode::evaluate): Ditto.
-        * kjs/object.cpp:
-        (KJS::tryGetAndCallProperty): Ditto.
-        * kjs/property_slot.cpp:
-        (KJS::PropertySlot::functionGetter): Ditto.
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFuncSplit::callAsFunction): Ditto.
-
-2008-01-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16648
-          REGRESSION (r28165): Yuku.com navigation prints "jsRegExpExecute failed with result -2"
-          <rdar://problem/5646486> REGRESSION (r28165): Layout test fast/regex/test1 fails intermittently
-
-        Fixes 34 failing test cases in the fast/regex/test1.html test.
-
-        Restored the stack which prevents infinite loops for brackets that match the empty
-        string; it had been removed as an optimization.
-
-        Unfortunately, restoring this stack causes the regular expression test in SunSpider
-        to be 1.095x as slow and the overall test to be 1.004x as slow. Maybe we can find
-        a correct optimization to restore the speed!
-
-        It's possible the original change was on the right track but just off by one.
-
-        * pcre/pcre_exec.cpp: Add back eptrblock, but name it BracketChainNode.
-        (MatchStack::pushNewFrame): Add back the logic needed here.
-        (startNewGroup): Ditto.
-        (match): Ditto.
-
-2008-01-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16683
-          speed up function calls by making ScopeChain::push cheaper
-
-        This gives a 1.019x speedup on SunSpider.
-
-        After doing this, I realized this probably will be obsolete when the optimization
-        to avoid creating an activation object is done. When we do that one we should check
-        if rolling this out will speed things up, since this does add overhead at the time
-        you copy the scope chain.
-
-        * kjs/object.h: Removed the ScopeChain::release function. It was
-        marked inline, and called in exactly one place, so moved it there.
-        No idea why it was in this header file!
-
-        * kjs/scope_chain.cpp: Removed the overload of the ScopeChain::push
-        function that takes another ScopeChain. It was unused. I think we used
-        it over in WebCore at one point, but not any more.
-
-        * kjs/scope_chain.h: Changed ScopeChainNode into a struct rather than
-        a class, got rid of its constructor so we can have one that's uninitialized,
-        and moved the refCount into a derived struct, ScopeChainHeapNode. Made _node
-        mutable so it can be changed in the moveToHeap function. Changed the copy
-        constructor and assignment operator to call moveToHeap, since the top node
-        can't be shared when it's embedded in another ScopeChain object. Updated
-        functions as needed to handle the case where the first object isn't on the
-        heap or to add casts for cases where it's guaranteed to be. Changed the push
-        function to always put the new node into the ScopeChain object; it will get
-        put onto the heap when needed later.
-
-2008-01-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed slight logic error in reserveCapacity, where we would reallocate
-        the storage buffer unnecessarily.
-
-        * wtf/Vector.h:
-        (WTF::::reserveCapacity): No need to grow the buffer if newCapacity is
-        equal to capacity().
-
-2008-01-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16684
-          eliminate debugger overhead from function body execution
-
-        Speeds SunSpider up 1.003x. That's a small amount, but measurable.
-
-        * JavaScriptCore.exp: Updated.
-        * kjs/Parser.h:
-        (KJS::Parser::parse): Create the node with a static member function named create() instead
-        of using new explicitly.
-
-        * kjs/grammar.y: Changed calls to new FunctionBodyNode to use FunctionBodyNode::create().
-
-        * kjs/nodes.cpp:
-        (KJS::ProgramNode::create): Added. Calls new.
-        (KJS::EvalNode::create): Ditto.
-        (KJS::FunctionBodyNode::create): Ditto, but creates FunctionBodyNodeWithDebuggerHooks
-        when a debugger is present.
-        (KJS::FunctionBodyNode::execute): Removed debugger hooks.
-        (KJS::FunctionBodyNodeWithDebuggerHooks::FunctionBodyNodeWithDebuggerHooks): Added.
-        (KJS::FunctionBodyNodeWithDebuggerHooks::execute): Calls the debugger, then the code,
-        then the debugger again.
-
-        * kjs/nodes.h: Added create functions, made the constructors private and protected.
-
-2007-12-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        More small cleanup to array_object.cpp
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayProtoFuncToString::callAsFunction):
-        (KJS::ArrayProtoFuncToLocaleString::callAsFunction):
-        (KJS::ArrayProtoFuncJoin::callAsFunction):
-        (KJS::ArrayProtoFuncConcat::callAsFunction):
-        (KJS::ArrayProtoFuncReverse::callAsFunction):
-        (KJS::ArrayProtoFuncShift::callAsFunction):
-        (KJS::ArrayProtoFuncSlice::callAsFunction):
-        (KJS::ArrayProtoFuncSort::callAsFunction):
-        (KJS::ArrayProtoFuncSplice::callAsFunction):
-        (KJS::ArrayProtoFuncUnShift::callAsFunction):
-        (KJS::ArrayProtoFuncFilter::callAsFunction):
-        (KJS::ArrayProtoFuncMap::callAsFunction):
-        (KJS::ArrayProtoFuncEvery::callAsFunction):
-
-2007-12-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Apply wkstyle to array_object.cpp
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayPrototype::ArrayPrototype):
-        (KJS::ArrayPrototype::getOwnPropertySlot):
-        (KJS::ArrayProtoFuncConcat::callAsFunction):
-        (KJS::ArrayProtoFuncPop::callAsFunction):
-        (KJS::ArrayProtoFuncReverse::callAsFunction):
-        (KJS::ArrayProtoFuncShift::callAsFunction):
-        (KJS::ArrayProtoFuncSlice::callAsFunction):
-        (KJS::ArrayProtoFuncSort::callAsFunction):
-        (KJS::ArrayProtoFuncSplice::callAsFunction):
-        (KJS::ArrayProtoFuncUnShift::callAsFunction):
-        (KJS::ArrayProtoFuncFilter::callAsFunction):
-        (KJS::ArrayProtoFuncMap::callAsFunction):
-        (KJS::ArrayProtoFuncEvery::callAsFunction):
-        (KJS::ArrayProtoFuncLastIndexOf::callAsFunction):
-        (KJS::ArrayObjectImp::ArrayObjectImp):
-        (KJS::ArrayObjectImp::implementsConstruct):
-        (KJS::ArrayObjectImp::construct):
-        (KJS::ArrayObjectImp::callAsFunction):
-
-2007-12-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Remove maxInt/minInt, replacing with std:max/min<int>()
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayProtoFuncSplice::callAsFunction):
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-
-2007-12-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-        
-        Update Number.toString to properly throw exceptions.
-        Cleanup code in Number.toString implementation.
-
-        * kjs/number_object.cpp:
-        (KJS::numberToString):
-        * kjs/object.cpp:
-        (KJS::Error::create): Remove bogus debug lines.
-
-2007-12-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-
-        ASSERT when debugging via Drosera due to missed var lookup optimization.
-        http://bugs.webkit.org/show_bug.cgi?id=16634
-        
-        No test case possible.
-
-        * kjs/nodes.cpp:
-        (KJS::BreakpointCheckStatement::optimizeVariableAccess):
-        * kjs/nodes.h:
-
-2007-12-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-
-        Fix (-0).toFixed() and re-factor a little
-        Fix (-0).toExponential() and printing of trailing 0s in toExponential
-        Fix toPrecision(nan) handling
-        http://bugs.webkit.org/show_bug.cgi?id=16640
-
-        * kjs/number_object.cpp:
-        (KJS::numberToFixed):
-        (KJS::fractionalPartToString):
-        (KJS::numberToExponential):
-        (KJS::numberToPrecision):
-
-2007-12-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        More changes to make number code readable
-
-        * kjs/number_object.cpp:
-        (KJS::integer_part_noexp):
-        (KJS::numberToFixed):
-        (KJS::numberToExponential):
-
-2007-12-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        More small cleanups to toPrecision
-
-        * kjs/number_object.cpp:
-        (KJS::numberToPrecision):
-
-2007-12-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        More small attempts to make number code readable
-
-        * kjs/number_object.cpp:
-        (KJS::exponentialPartToString):
-        (KJS::numberToExponential):
-        (KJS::numberToPrecision):
-
-2007-12-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Break out callAsFunction implementations into static functions
-
-        * kjs/number_object.cpp:
-        (KJS::numberToString):
-        (KJS::numberToFixed):
-        (KJS::numberToExponential):
-        (KJS::numberToPrecision):
-        (KJS::NumberProtoFunc::callAsFunction):
-
-2007-12-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Apply wkstyle/astyle and fix placement of *
-
-        * kjs/number_object.cpp:
-        (KJS::NumberInstance::NumberInstance):
-        (KJS::NumberPrototype::NumberPrototype):
-        (KJS::NumberProtoFunc::NumberProtoFunc):
-        (KJS::integer_part_noexp):
-        (KJS::intPow10):
-        (KJS::NumberProtoFunc::callAsFunction):
-        (KJS::NumberObjectImp::NumberObjectImp):
-        (KJS::NumberObjectImp::getOwnPropertySlot):
-        (KJS::NumberObjectImp::getValueProperty):
-        (KJS::NumberObjectImp::implementsConstruct):
-        (KJS::NumberObjectImp::construct):
-        (KJS::NumberObjectImp::callAsFunction):
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-
-2007-12-27  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        ASSERT in JavaScriptCore while viewing WICD test case
-        http://bugs.webkit.org/show_bug.cgi?id=16626
-        
-        * kjs/nodes.cpp:
-        (KJS::ForInNode::execute): move KJS_CHECK_EXCEPTION to proper place
-
-2007-12-26  Jan Michael Alonzo  <jmalonzo@unpluggable.com>
-
-        Reviewed by Alp Toker.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16390
-        Use autotools or GNU make as the build system for the GTK port
-
-        * GNUmakefile.am: Added.
-
-2007-12-25  Maciej Stachowiak  <mjs@apple.com>
-        
-        Reviewed by Oliver.
-                
-        - Remove unnecessary redundant check from property setting
-        http://bugs.webkit.org/show_bug.cgi?id=16602
-                
-        1.3% speedup on SunSpider.
-        
-        * kjs/object.cpp:
-        (KJS::JSObject::put): Don't do canPut check when not needed; let
-        the PropertyMap handle it.        
-        (KJS::JSObject::canPut): Don't check the static property
-        table. lookupPut does that already.
-        
-2007-12-24  Alp Toker  <alp@atoker.com>
-
-        Fix builds that don't use AllInOneFile.cpp following breakage
-        introduced in r28973.
-
-        * kjs/grammar.y:
-
-2007-12-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-
-        - Optimize variable declarations
-        http://bugs.webkit.org/show_bug.cgi?id=16585
-        
-        3.5% speedup on SunSpider.
-
-        var statements now result in either assignments or empty statements.
-        
-        This allows a couple of optimization opportunities:
-        - No need to branch at runtime to check if there is an initializer
-        - EmptyStatementNodes can be removed entirely (also done in this patch)
-        - Assignment expressions get properly optimized for local variables
-        
-        This patch also includes some code cleanup:
-        - Most of the old VarStatement/VarDecl logic is now only used for const declarations, 
-          thus it is renamed appropriately
-        - AssignExprNode is gone
-        
-        * JavaScriptCore.exp:
-        * kjs/NodeInfo.h:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::SourceElements::append):
-        (KJS::ConstDeclNode::ConstDeclNode):
-        (KJS::ConstDeclNode::optimizeVariableAccess):
-        (KJS::ConstDeclNode::handleSlowCase):
-        (KJS::ConstDeclNode::evaluateSingle):
-        (KJS::ConstDeclNode::evaluate):
-        (KJS::ConstStatementNode::optimizeVariableAccess):
-        (KJS::ConstStatementNode::execute):
-        (KJS::VarStatementNode::optimizeVariableAccess):
-        (KJS::VarStatementNode::execute):
-        (KJS::ForInNode::ForInNode):
-        (KJS::ForInNode::optimizeVariableAccess):
-        (KJS::ForInNode::execute):
-        (KJS::FunctionBodyNode::initializeSymbolTable):
-        (KJS::ProgramNode::initializeSymbolTable):
-        (KJS::FunctionBodyNode::processDeclarations):
-        (KJS::ProgramNode::processDeclarations):
-        (KJS::EvalNode::processDeclarations):
-        * kjs/nodes.h:
-        (KJS::DeclarationStacks::):
-        (KJS::StatementNode::):
-        (KJS::ConstDeclNode::):
-        (KJS::ConstStatementNode::):
-        (KJS::EmptyStatementNode::):
-        (KJS::VarStatementNode::):
-        (KJS::ForNode::):
-        * kjs/nodes2string.cpp:
-        (KJS::ConstDeclNode::streamTo):
-        (KJS::ConstStatementNode::streamTo):
-        (KJS::ScopeNode::streamTo):
-        (KJS::VarStatementNode::streamTo):
-        (KJS::ForNode::streamTo):
-        (KJS::ForInNode::streamTo):
-
-2007-12-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        * JavaScriptCore.exp: Remove unused symbol to prevent a weak external symbol
-        being generated in JavaScriptCore.framework.
-
-2007-12-21  Darin Adler  <darin@apple.com>
-
-        Requested by Maciej.
-
-        * kjs/nodes.h: Use the new NEVER_INLINE here and eliminate the old
-        KJS_NO_INLINE. We don't want to have two, and we figured it was better
-        to keep the one that's in WTF.
-
-2007-12-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16561
-          remove debugger overhead from non-debugged JavaScript execution
-
-        1.022x as fast on SunSpider.
-
-        * JavaScriptCore.exp: Updated.
-
-        * kjs/NodeInfo.h: Renamed SourceElementsStub to SourceElements,
-        since that more accurately describes the role of this object, which
-        is a reference-counted wrapper for a Vector.
-
-        * kjs/Parser.cpp:
-        (KJS::Parser::didFinishParsing): Changed parameter type to SourceElements,
-        and use plain assignment instead of set.
-        * kjs/Parser.h: Changed parameter type of didFinishParsing to a
-        SourceElements. Also changed m_sourceElements; we now use a RefPtr instead
-        of an OwnPtr as well.
-
-        * kjs/grammar.y: Got rid of all the calls to release() on SourceElements.
-        That's now handed inside the constructors for various node types, since we now
-        use vector swapping instead.
-
-        * kjs/nodes.cpp:
-        (KJS::Node::rethrowException): Added NEVER_INLINE, because this was getting inlined
-        and we want exception handling out of the normal code flow.
-        (KJS::SourceElements::append): Moved here from the header. This now handles
-        creating a BreakpointCheckStatement for each statement in the debugger case.
-        That way we can get breakpoint handling without having it in every execute function.
-        (KJS::BreakpointCheckStatement::BreakpointCheckStatement): Added.
-        (KJS::BreakpointCheckStatement::execute): Added. Contains the code that was formerly
-        in the StatementNode::hitStatement function and the KJS_BREAKPOINT macro.
-        (KJS::BreakpointCheckStatement::streamTo): Added.
-        (KJS::ArgumentListNode::evaluateList): Use KJS_CHECKEXCEPTIONVOID since the return
-        type is void.
-        (KJS::VarStatementNode::execute): Removed KJS_BREAKPOINT.
-        (KJS::BlockNode::BlockNode): Changed parameter type to SourceElements.
-        Changed code to use release since the class now contains a vector rather than
-        a vector point.
-        (KJS::BlockNode::optimizeVariableAccess): Updated since member is now a vector
-        rather than a vector pointer.
-        (KJS::BlockNode::execute): Ditto.
-        (KJS::ExprStatementNode::execute): Removed KJS_BREAKPOINT.
-        (KJS::IfNode::execute): Ditto.
-        (KJS::IfElseNode::execute): Ditto.
-        (KJS::DoWhileNode::execute): Ditto.
-        (KJS::WhileNode::execute): Ditto.
-        (KJS::ContinueNode::execute): Ditto.
-        (KJS::BreakNode::execute): Ditto.
-        (KJS::ReturnNode::execute): Ditto.
-        (KJS::WithNode::execute): Ditto.
-        (KJS::CaseClauseNode::optimizeVariableAccess): Updated since member is now a vector
-        rather than a vector pointer.
-        (KJS::CaseClauseNode::executeStatements): Ditto.
-        (KJS::SwitchNode::execute): Removed KJS_BREAKPOINT.
-        (KJS::ThrowNode::execute): Ditto.
-        (KJS::TryNode::execute): Ditto.
-        (KJS::ScopeNode::ScopeNode): Changed parameter type to SourceElements.
-        (KJS::ProgramNode::ProgramNode): Ditto.
-        (KJS::EvalNode::EvalNode): Ditto.
-        (KJS::FunctionBodyNode::FunctionBodyNode): Ditto.
-        (KJS::ScopeNode::optimizeVariableAccess): Updated since member is now a vector
-        rather than a vector pointer.
-
-        * kjs/nodes.h: Removed hitStatement. Renamed SourceElements to StatementVector.
-        Renamed SourceElementsStub to SourceElements and made it derive from
-        ParserRefCounted rather than from Node, hold a vector rather than a pointer to
-        a vector, and changed the release function to swap with another vector rather
-        than the pointer idiom. Updated BlockNode and CaseClauseNode to hold actual
-        vectors instead of pointers to vectors. Added BreakpointCheckStatement.
-
-        * kjs/nodes2string.cpp:
-        (KJS::statementListStreamTo): Changed to work on a vector instead of a pointer
-        to a vector.
-        (KJS::BlockNode::streamTo): Ditto.
-        (KJS::CaseClauseNode::streamTo):  Ditto.
-
-        * wtf/AlwaysInline.h: Added NEVER_INLINE.
-        * wtf/PassRefPtr.h: Tweaked formatting. Added clear() function that matches the
-        ones in OwnPtr and auto_ptr.
-        * wtf/RefPtr.h: Ditto.
-
-2007-12-21  Darin Adler  <darin@apple.com>
-
-        - fix broken regression tests
-
-        The broken tests were fast/js/do-while-expression-value.html and
-        fast/js/while-expression-value.html.
-
-        * kjs/nodes.cpp: Check in the correct version of this file. I had accidentally landed
-        an old version of my patch for bug 16471.
-        (KJS::statementListExecute): The logic here was backwards. Have to set the value
-        even for non-normal execution results.
-
-2007-12-20  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Copy npruntime_internal.h
-        to WebKitBuild.
-
-2007-12-20  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by mjs.
-        
-        Split IfNode into IfNode and IfElseNode for speedup.
-        http://bugs.webkit.org/show_bug.cgi?id=16470
-        
-        SunSpider claims this is 1.003x as fast as before.
-        (This required running with --runs 15 to get consistent enough results to tell!)
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::IfNode::optimizeVariableAccess):
-        (KJS::IfNode::execute):
-        (KJS::IfNode::getDeclarations):
-        (KJS::IfElseNode::optimizeVariableAccess):
-        (KJS::IfElseNode::execute):
-        (KJS::IfElseNode::getDeclarations):
-        * kjs/nodes.h:
-        (KJS::IfNode::):
-        (KJS::IfElseNode::):
-        * kjs/nodes2string.cpp:
-        (KJS::IfNode::streamTo):
-        (KJS::IfElseNode::streamTo):
-
-2007-12-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        * wtf/OwnPtr.h:
-        (WTF::operator==): Added.
-        (WTF::operator!=): Added.
-
-2007-12-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        AST optimization: Avoid NULL-checking ForNode's child nodes.
-        
-        0.6% speedup on SunSpider.
-        
-        This is a proof of concept patch that demonstrates how to optimize
-        grammar productions with optional components, like
-        
-            for (optional; optional; optional) {
-                ...
-            }
-            
-        The parser emits NULL for an optional component that is not present.
-
-        Instead of checking for a NULL child at execution time, a node that
-        expects an optional component to be present more often than not checks
-        for a NULL child at construction time, and substitutes a viable
-        alternative node in its place.
-
-        (We'd like the parser to start emitting NULL a lot more once we teach
-        it to emit NULL for certain no-op productions like EmptyStatement and
-        VariableStatement, so, as a foundation, it's important for nodes with
-        NULL optional components to be fast.)
-
-        * kjs/Parser.cpp:
-        (KJS::Parser::didFinishParsing): Check for NULL SourceElements. Also,
-        moved didFinishParsing into the .cpp file because adding a branch while
-        it was in the header file caused a substantial and inexplicable
-        performance regression. (Did I mention that GCC is crazy?)
-
-        * kjs/grammar.y:
-
-        * kjs/nodes.cpp:
-        (KJS::BlockNode::BlockNode): Check for NULL SourceElements.
-        (KJS::ForNode::optimizeVariableAccess): No need to check for NULL here.
-        (KJS::ForNode::execute): No need to check for NULL here.
-        * kjs/nodes.h:
-        (KJS::ForNode::): Check for NULL SourceElements. Substitute a TrueNode
-        because it's semantically harmless, and it evaluates to boolean in an
-        efficient manner.
-
-2007-12-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Slight logic reordering in JSImmediate::from(double)
-
-        This gives a 0.6% improvement in SunSpider.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::from):
-
-2007-12-20  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by mjs.
-
-        Fix major Array regression introduced by 28899.
-
-        SunSpider claims this is at least 1.37x as fast as pre-regression. :)
-
-        * kjs/array_instance.cpp: make Arrays fast again!
-
-2007-12-20  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Geoff, then re-rubber-stamped by Geoff after final search/replace and testing.
-
-        Small reworking of Date code for 4% speedup on Date tests (0.2% overall)
-        http://bugs.webkit.org/show_bug.cgi?id=16537
-
-        Make msToYear human-readable
-        Make msToDayInMonth slightly more readable and avoid recalculating msToYear
-        Remove use of isInLeapYear to avoid calling msToYear
-        Remove dayInYear call by changing msToDayInMonth to dayInMonthFromDayInYear
-        Remove more duplicate calls to dayInYear and getUTCOffset for further speedup
-
-        * kjs/DateMath.cpp:
-        (KJS::daysFrom1970ToYear):
-        (KJS::msToYear):
-        (KJS::monthFromDayInYear):
-        (KJS::checkMonth):
-        (KJS::dayInMonthFromDayInYear):
-        (KJS::dateToDayInYear):
-        (KJS::getDSTOffsetSimple):
-        (KJS::getDSTOffset):
-        (KJS::gregorianDateTimeToMS):
-        (KJS::msToGregorianDateTime):
-
-2007-12-20  Rodney Dawes  <dobey@wayofthemonkey.com>
-
-        Reviewed by Darin Adler.
-
-        Proxy includes of npruntime.h or npapi.h through npruntime_internal.h
-        Include stdio.h in npapi.h for the use of FILE with XP_UNIX defined
-        This is for building with X11, as some type and enum names conflict
-        with #define names in X11 headers.
-        http://bugs.webkit.org/show_bug.cgi?id=15669
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/NP_jsobject.h:
-        * bindings/npapi.h:
-        * bindings/npruntime.cpp:
-        * bindings/npruntime_impl.h:
-        * bindings/npruntime_priv.h:
-        * bindings/npruntime_internal.h:
-        * bindings/testbindings.cpp:
-        * bindings/c/c_class.h:
-        * bindings/c/c_runtime.h:
-        * bindings/c/c_utility.h:
-
-2007-12-20  Darin Adler  <darin@apple.com>
-
-        - re-fix http://bugs.webkit.org/show_bug.cgi?id=16471
-          Completions need to be smaller (or not exist at all)
-
-        Same patch as last time with the test failures problem fixed.
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction): Make sure to check the completion
-        type from newExec to see if the execute raised an exception.
-
-2007-12-20  Darin Adler  <darin@apple.com>
-
-        - roll out that last change -- it was causing test failures;
-          I'll check it back in after fixing them
-
-2007-12-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16471
-          Completions need to be smaller (or not exist at all)
-
-        SuSpider shows 2.4% speedup.
-
-        Stop using completions in the execution engine.
-        Instead, the completion type and label target are both
-        stored in the ExecState.
-
-        * API/JSContextRef.cpp: Removed unneeded include of "completion.h".
-        * bindings/runtime_method.cpp: Removed unused execute function.
-        * bindings/runtime_method.h: Ditto.
-
-        * kjs/ExecState.h: Added completionType, breakOrContinueTarget,
-        setCompletionType, setNormalCompletion, setBreakCompletion,
-        setContinueCompletion, setReturnValueCompletion, setThrowCompletion,
-        setInterruptedCompletion, m_completionType, and m_breakOrContinueTarget.
-
-        * kjs/completion.h: Removed constructor and getter for target
-        for break and continue from Completion. This class is now only
-        used for the public API to Interpreter and such.
-
-        * kjs/date_object.h: Removed unused execute function.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction): Removed some unneeded
-        exception processing. Updated to call the new execute function
-        and to get the completion type from the ExecState. Merged in
-        the execute function, which repeated some of the same logic and
-        was called only from here.
-        (KJS::GlobalFuncImp::callAsFunction): More of the same for eval.
-        * kjs/function.h: Removed execute.
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate): Added code to convert the result of
-        execut into a Completion.
-
-        * kjs/nodes.cpp:
-        (KJS::Node::setErrorCompletion): Renamed from createErrorCompletion.
-        Now sets the completion type in the ExecState.
-        (KJS::Node::rethrowException): Now sets the completion type in the
-        ExecState.
-        (KJS::StatementNode::hitStatement): Now sets the completion type in
-        the ExecState.
-        (KJS::VarStatementNode::execute): Updated to put completion type in
-        the ExecState instead of a Completion object.
-        (KJS::statementListExecute): Ditto. Also changed the for loop to use
-        indices instead of iterators.
-        (KJS::BlockNode::execute): Updated return type.
-        (KJS::EmptyStatementNode::execute): Updated to put completion type in
-        the ExecState instead of a Completion object.
-        (KJS::ExprStatementNode::execute): Ditto.
-        (KJS::IfNode::execute): Ditto.
-        (KJS::DoWhileNode::execute): Ditto. Also streamlined the logic a little
-        to make the normal case a little faster and moved the end outside the
-        loop so that "break" can do a break.
-        (KJS::WhileNode::execute): Ditto.
-        (KJS::ForNode::execute): Ditto.
-        (KJS::ForInNode::execute): Ditto.
-        (KJS::ContinueNode::execute): Updated to put completion type in
-        the ExecState instead of a Completion object.
-        (KJS::BreakNode::execute): Ditto.
-        (KJS::ReturnNode::execute): Ditto.
-        (KJS::WithNode::execute): Ditto.
-        (KJS::CaseClauseNode::executeStatements): Ditto. Also renamed to have
-        execute in its name to reflect the fact that it's a member of the same
-        family of functions.
-        (KJS::CaseBlockNode::executeBlock): Ditto.
-        (KJS::SwitchNode::execute): Ditto.
-        (KJS::LabelNode::execute): Ditto.
-        (KJS::ThrowNode::execute): Ditto.
-        (KJS::TryNode::execute): Ditto.
-        (KJS::ProgramNode::execute): Ditto.
-        (KJS::EvalNode::execute): Ditto.
-        (KJS::FunctionBodyNode::execute): Ditto.
-        (KJS::FuncDeclNode::execute): Ditto.
-
-        * kjs/nodes.h: Renamed setErrorCompletion to createErrorCompletion, made
-        hitStatement protected, changed return value of execute to a JSValue,
-        renamed evalStatements to executeStatements, and evalBlock to executeBlock.
-
-        * kjs/number_object.h: Removed unused execute function.
-
-2007-12-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Added Radar number.
-
-        * kjs/nodes.cpp:
-        (KJS::ProgramNode::processDeclarations):
-
-2007-12-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Linux build fix: config.h has to come first.
-
-        * kjs/error_object.cpp:
-
-2007-12-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Optimized global access to global variables, using a symbol table.
-        
-        SunSpider reports a 1.5% overall speedup, a 6.2% speedup on 3d-morph,
-        and a whopping 33.1% speedup on bitops-bitwise-and.
-
-        * API/JSCallbackObjectFunctions.h: Replaced calls to JSObject:: with
-        calls to Base::, since JSObject is not always our base class. This
-        was always a bug, but the bug is even more apparent after some of my
-        changes.
-
-        (KJS::::staticFunctionGetter): Replaced use of getDirect with call to
-        getOwnPropertySlot. Global declarations are no longer stored in the
-        property map, so a call to getDirect is insufficient for finding
-        override properties.
-
-        * API/testapi.c: 
-        * API/testapi.js: Added test for the getDirect change mentioned above.
-
-        * kjs/ExecState.cpp: 
-        * kjs/ExecState.h: Dialed back the optimization to store a direct
-        pointer to the localStorage buffer. One ExecState can grow the global
-        object's localStorage without another ExecState's knowledge, so
-        ExecState can't store a direct pointer to the localStorage buffer
-        unless/until we invent a way to update all the relevant ExecStates.
-
-        * kjs/JSGlobalObject.cpp: Inserted the symbol table into get and put
-        operations.
-        (KJS::JSGlobalObject::reset): Reset the symbol table and local storage,
-        too. Also, clear the property map here, removing the need for a
-        separate call.
-
-        * kjs/JSVariableObject.cpp:
-        * kjs/JSVariableObject.h: Added support for saving localStorage and the
-        symbol table to the back/forward cache, and restoring them.
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction): Renamed progNode to evalNode
-        because it's an EvalNode, not a ProgramNode.
-
-        * kjs/lookup.h:
-        (KJS::cacheGlobalObject): Replaced put with faster putDirect, since
-        that's how the rest of lookup.h works. putDirect is safe here because
-        cacheGlobalObject is only used for objects whose names are not valid
-        identifiers.
-
-        * kjs/nodes.cpp: The good stuff!
-
-        (KJS::EvalNode::processDeclarations): Replaced hasProperty with
-        the new hasOwnProperty, which is slightly faster.
-
-        * kjs/object.h: Nixed clearProperties because clear() does this job now.
-
-        * kjs/property_map.cpp:
-        * kjs/property_map.h: More back/forward cache support.
-        
-        * wtf/Vector.h:
-        (WTF::::grow): Added fast non-branching grow function. I used it in
-        an earlier version of this patch, even though it's not used anymore.
-
-2007-12-09  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Build fix for non-Mac platforms.  Move NodeInfo into its own header so that the YYTYPE
-        declaration in grammar.h is able to declare members of that type.
-
-        * kjs/NodeInfo.h: Added.
-        (KJS::createNodeInfo):
-        (KJS::mergeDeclarationLists):
-        (KJS::appendToVarDeclarationList):
-        * kjs/grammar.y:
-        * kjs/lexer.cpp:
-
-2007-12-19  Oliver Hunt  <oliver@apple.com>
-
-        Make appendToVarDeclarationList static
-
-        RS=Weinig.
-
-        * kjs/grammar.y:
-
-2007-12-18  Oliver Hunt  <oliver@apple.com>
-
-        Remove dead code due to removal of post-parse declaration discovery.
-
-        RS=Geoff.
-
-        Due to the removal of the declaration discovery pass after parsing we
-        no longer need any of the logic used for that discovery.
-
-        * kjs/nodes.cpp:
-        (KJS::Node::Node):
-        (KJS::VarDeclNode::VarDeclNode):
-        (KJS::BlockNode::BlockNode):
-        (KJS::ForInNode::ForInNode):
-        (KJS::CaseBlockNode::CaseBlockNode):
-        * kjs/nodes.h:
-        (KJS::VarStatementNode::):
-        (KJS::IfNode::):
-        (KJS::DoWhileNode::):
-        (KJS::WhileNode::):
-        (KJS::WithNode::):
-        (KJS::LabelNode::):
-        (KJS::TryNode::):
-        (KJS::FuncDeclNode::):
-        (KJS::CaseClauseNode::):
-        (KJS::ClauseListNode::):
-        (KJS::SwitchNode::):
-
-2007-12-18  Oliver Hunt  <oliver@apple.com>
-
-        Replace post-parse pass to find declarations with logic in the parser itself
-
-        Reviewed by Geoff.
-
-        Instead of finding declarations in a pass following the initial parsing of
-        a program, we incorporate the logic directly into the parser.  This lays
-        the groundwork for further optimisations (such as improving performance in
-        declaration expressions -- var x = y; -- to match that of standard assignment)
-        in addition to providing a 0.4% performance improvement in SunSpider.
-
-        * JavaScriptCore.exp:
-        * kjs/Parser.cpp:
-        (KJS::Parser::parse):
-        * kjs/Parser.h:
-        (KJS::Parser::didFinishParsing):
-        (KJS::Parser::parse):
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::ParserTracked::ParserTracked):
-        (KJS::ParserTracked::~ParserTracked):
-        (KJS::ParserTracked::ref):
-        (KJS::ParserTracked::deref):
-        (KJS::ParserTracked::refcount):
-        (KJS::ParserTracked::clearNewTrackedObjects):
-        (KJS::Node::Node):
-        (KJS::ScopeNode::ScopeNode):
-        (KJS::ProgramNode::ProgramNode):
-        (KJS::EvalNode::EvalNode):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        (KJS::FunctionBodyNode::initializeSymbolTable):
-        (KJS::FunctionBodyNode::processDeclarations):
-        * kjs/nodes.h:
-        (KJS::ParserTracked::):
-        (KJS::Node::):
-        (KJS::ScopeNode::):
-
-2007-12-18  Xan Lopez  <xan@gnome.org>
-
-        Reviewed by Geoff.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=14521
-        Bug 14521: JavaScriptCore fails to build on Linux/PPC gcc 4.1.2
-        
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Unlock):
-
-        Use less strict memory operand constraint on inline asm generation.
-        PLATFORM(DARWIN) left unpatched due to Apple's GCC bug.
-
-        Patch by David Kilzer <ddkilzer@webkit.org>
-
-2007-12-18  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        Remove outdated and non-functioning project files for the Apollo port.
-
-        * JavaScriptCore.apolloproj: Removed.
-
-2007-12-18  Darin Adler  <darin@apple.com>
-
-        - fix Windows build
-
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute): Change back from false/true to 0/1 -- I probably should not have
-        deleted MATCH_MATCH and MATCH_NOMATCH, but I'm going to leave them out.
-
-2007-12-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16458
-          REGRESSION (r28164): regular expressions can now hang due to lack of a match limit
-          <rdar://problem/5636067>
-
-        Test: fast/regex/slow.html
-
-        Slows down SunSpider a bit (about 1.01x); filed a bug to follow up on that:
-        http://bugs.webkit.org/show_bug.cgi?id=16503
-
-        * pcre/pcre.h: Changed name of error code to not specifically mention "recursion".
-        * pcre/pcre_exec.cpp:
-        (match): Replaced the depth limit, MATCH_RECURSION_LIMIT, with a total match looping
-        limit, matchLimit. Also eliminated the constants for MATCH_MATCH and MATCH_NOMATCH,
-        since they are just true and false (1 and 0).
-        (jsRegExpExecute): More of the MATCH_MATCH change.
-
-2007-12-17  Darin Adler  <darin@apple.com>
-
-        - speculative build fix for non-gcc platforms
-
-        * pcre/pcre_exec.cpp: (match): Remove unused cases from return switch.
-
-2007-12-16  Mark Rowe  <mrowe@apple.com>
-
-        Speculative build fix for non-Mac platforms.
-
-        * pcre/pcre_compile.cpp: Include string.h for memset, memmove, etc.
-
-2007-12-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=16438
-        - removed some more unused code
-        - changed quite a few more names to WebKit-style
-        - moved more things out of pcre_internal.h
-        - changed some indentation to WebKit-style
-        - improved design of the functions for reading and writing
-          2-byte values from the opcode stream (in pcre_internal.h)
-
-        * pcre/dftables.cpp:
-        (main): Added the kjs prefix a normal way in lieu of using macros.
-
-        * pcre/pcre_compile.cpp: Moved some definitions here from pcre_internal.h.
-        (errorText): Name changes, fewer typedefs.
-        (checkEscape): Ditto. Changed uppercase conversion to use toASCIIUpper.
-        (isCountedRepeat): Name change.
-        (readRepeatCounts): Name change.
-        (firstSignificantOpcode): Got rid of the use of OP_lengths, which is
-        very lightly used here. Hard-coded the length of OP_BRANUMBER.
-        (firstSignificantOpcodeSkippingAssertions): Ditto. Also changed to
-        use the advanceToEndOfBracket function.
-        (getOthercaseRange): Name changes.
-        (encodeUTF8): Ditto.
-        (compileBranch): Name changes. Removed unused after_manual_callout and
-        the code to handle it. Removed code to handle OP_ONCE since we never
-        emit this opcode. Changed to use advanceToEndOfBracket in more places.
-        (compileBracket): Name changes.
-        (branchIsAnchored): Removed code to handle OP_ONCE since we never emit
-        this opcode.
-        (bracketIsAnchored): Name changes.
-        (branchNeedsLineStart): More fo the same.
-        (bracketNeedsLineStart): Ditto.
-        (branchFindFirstAssertedCharacter): Removed OP_ONCE code.
-        (bracketFindFirstAssertedCharacter): More of the same.
-        (calculateCompiledPatternLengthAndFlags): Ditto.
-        (returnError): Name changes.
-        (jsRegExpCompile): Ditto.
-
-        * pcre/pcre_exec.cpp: Moved some definitions here from pcre_internal.h.
-        (matchRef): Updated names.
-        Improved macros to use the do { } while(0) idiom so they expand to single
-        statements rather than to blocks or multiple statements. And refeactored
-        the recursive match macros.
-        (MatchStack::pushNewFrame): Name changes.
-        (getUTF8CharAndIncrementLength): Name changes.
-        (match): Name changes. Removed the ONCE opcode.
-        (jsRegExpExecute): Name changes.
-
-        * pcre/pcre_internal.h: Removed quite a few unneeded includes. Rewrote
-        quite a few comments. Removed the macros that add kjs prefixes to the
-        functions with external linkage; instead renamed the functions. Removed
-        the unneeded typedefs pcre_uint16, pcre_uint32, and uschar. Removed the
-        dead and not-all-working code for LINK_SIZE values other than 2, although
-        we aim to keep the abstraction working. Removed the OP_LENGTHS macro.
-        (put2ByteValue): Replaces put2ByteOpcodeValueAtOffset.
-        (get2ByteValue): Replaces get2ByteOpcodeValueAtOffset.
-        (put2ByteValueAndAdvance): Replaces put2ByteOpcodeValueAtOffsetAndAdvance.
-        (putLinkValueAllowZero): Replaces putOpcodeValueAtOffset; doesn't do the
-        addition, since a comma is really no better than a plus sign. Added an
-        assertion to catch out of range values and changed the parameter type to
-        int rather than unsigned.
-        (getLinkValueAllowZero): Replaces getOpcodeValueAtOffset.
-        (putLinkValue): New function that most former callers of the
-        putOpcodeValueAtOffset function can use; asserts the value that is
-        being stored is non-zero and then calls putLinkValueAllowZero.
-        (getLinkValue): Ditto.
-        (putLinkValueAndAdvance): Replaces putOpcodeValueAtOffsetAndAdvance. No
-        caller was using an offset, which makes sense given the advancing behavior.
-        (putLinkValueAllowZeroAndAdvance): Ditto.
-        (isBracketOpcode): Added. For use in an assertion.
-        (advanceToEndOfBracket): Renamed from moveOpcodePtrPastAnyAlternateBranches,
-        and removed comments about how it's not well designed. This function takes
-        a pointer to the beginning of a bracket and advances to the end of the
-        bracket.
-
-        * pcre/pcre_tables.cpp: Updated names.
-        * pcre/pcre_ucp_searchfuncs.cpp:
-        (kjs_pcre_ucp_othercase): Ditto.
-        * pcre/pcre_xclass.cpp:
-        (getUTF8CharAndAdvancePointer): Ditto.
-        (kjs_pcre_xclass): Ditto.
-        * pcre/ucpinternal.h: Ditto.
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIAlpha): Added an int overload, like the one we already have for
-        isASCIIDigit.
-        (WTF::isASCIIAlphanumeric): Ditto.
-        (WTF::isASCIIHexDigit): Ditto.
-        (WTF::isASCIILower): Ditto.
-        (WTF::isASCIISpace): Ditto.
-        (WTF::toASCIILower): Ditto.
-        (WTF::toASCIIUpper): Ditto.
-
-2007-12-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16459
-          REGRESSION: assertion failure with regexp with \B in a case-ignoring character range
-          <rdar://problem/5646361>
-
-        The problem was that \B was not handled properly in character classes.
-
-        Test: fast/js/regexp-overflow.html
-
-        * pcre/pcre_compile.cpp:
-        (check_escape): Added handling of ESC_b and ESC_B in character classes here.
-        Allows us to get rid of the handling of \b in character classes from all the
-        call sites that handle it separately and to handle \B properly as well.
-        (compileBranch): Remove the ESC_b handling, since it's not needed any more.
-        (calculateCompiledPatternLengthAndFlags): Ditto.
-
-2007-12-16  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=16448
-        Bug 16448: [GTK] Celtic Kane JavaScript performance on Array test is slow relative to Mac
-
-        * kjs/array_instance.cpp:
-        (KJS::compareByStringPairForQSort):
-        (KJS::ArrayInstance::sort): Convert JSValue's to strings once up front and then sort the
-        results.  This avoids calling toString twice per comparison, but requires a temporary buffer
-        so we only use this approach in cases where the array being sorted is not too large.
-
-2007-12-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler and Maciej Stachowiak.
-        
-        More refactoring to support global variable optimization.
-        
-        Changed SymbolTable to use RefPtr<UString::Rep> as its key instead of
-        UString::Rep*. With globals, the symbol table can outlast the
-        declaration node for any given symbol, so the symbol table needs to ref
-        its symbol names.
-        
-        In support, specialized HashMaps with RefPtr keys to allow lookup
-        via raw pointer, avoiding refcount churn.
-        
-        SunSpider reports a .6% speedup (prolly just noise).
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added new file: wtf/RefPtrHashMap.h
-        * JavaScriptCore.xcodeproj/project.pbxproj: ditto
-
-        * kjs/JSVariableObject.cpp:
-        (KJS::JSVariableObject::getPropertyNames): Symbol table keys are RefPtrs now.
-
-        * kjs/SymbolTable.h: Modified key traits to match RefPtr. Added a
-        static Rep* for null, which helps compute the deletedValue() trait.
-
-        * wtf/HashMap.h: #include the RefPtr specialization so everyone can use it.
-
-        * wtf/RefPtrHashMap.h: Copied from wtf/HashMap.h. Added overloaded versions
-        of find(), contains(), get(), set(), add(), remove(), and take() that take
-        raw pointers as keys.
-
-2007-12-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16162
-        Problems with float parsing on Linux (locale-dependent parsing was used).
-
-        * kjs/dtoa.cpp: Removed USE_LOCALE to reduce future confusion.
-        * kjs/lexer.cpp: (KJS::Lexer::lex): Parse with kjs_strtod, not the system one.
-
-2007-12-14  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Mark Rowe.
-
-        Enable the AllInOneFile.cpp optimization for the GTK+ port.
-
-        * JavaScriptCore.pri:
-
-2007-12-14  Mark Rowe  <mrowe@apple.com>
-
-        Unreviewed.  Remove commented out fprintf's that were for debugging purposes only.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
-
-2007-12-14  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Don't use the MADV_DONTNEED code path for now as it has no effect on Mac OS X and is
-        currently untested on other platforms.
-
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease): Return after releasing memory rather than potentially falling
-        through into another mechanism if multiple are supported.
-
-2007-12-14  Alp Toker  <alp@atoker.com>
-
-        Build fix for GTK+/Qt and ports that don't use AllInOneFile.cpp.
-
-        Include UnusedParam.h.
-
-        * wtf/TCSystemAlloc.cpp:
-
-2007-12-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Stephanie.
-
-        Fix build on windows
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
-
-2007-12-14  Dan Bernstein  <mitz@apple.com>
-
-        - try again to fix the Windows build
-
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease):
-
-2007-12-14  Dan Bernstein  <mitz@apple.com>
-
-        - try to fix the Windows build
-
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease):
-
-2007-12-14  Mark Rowe <mrowe@apple.com>
-
-        Reviewed by Maciej and Oliver.
-
-        Add final changes to make TCMalloc release memory to the system.
-        This results in a 0.4% regression against ToT, but this is offset
-        against the gains made by the original TCMalloc r38 merge - in fact
-        we retain around 0.3-0.4% progression overall.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::InitSizeClasses):
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease):
-
-2007-12-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - removed unnecessary includes of "Vector.h"
-
-        * wtf/HashMap.h:
-        (WTF::copyKeysToVector): Make the type of the vector be a template parameter.
-        This allows copying keys into a vector of a base class or one with an inline capacity.
-        (WTF::copyValuesToVector): Ditto.
-        * wtf/HashSet.h:
-        (WTF::copyToVector): Ditto.
-
-2007-12-14  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin and Geoff.
-
-        <rdar://problem/5619295> 
-        REGRESSION: 303-304: Embedded YouTube video fails to render- JS errors (16150) (Flash 9)
-        
-        Get rid of unnecessary and incorrect security checks for plug-ins accessing JavaScript objects. 
-        
-        The way this used to work was that each NPObject that wrapped a JSObject would have a root object
-        corresponding to the frame object (used for managing the lifecycle) and an origin root object (used for
-        doing security checks). 
-        
-        This would prevent a plug-in from accessing a frame's window object if it's security origin was different
-        (some parts of the window, such as the location object, can be accessed from frames with different security 
-        origins, and those checks are being done in WebCore).
-        
-        Also, if a plug-in were to access a window object of a frame that later went away, it could lead to that
-        Window JSObject being garbage collected and the NPObject pointing to freed memory.
-        
-        How this works now is that there is no origin root object anymore, and all NPObject wrappers that are created
-        for a plug-in will have the root object of the containing frame of that plug-in.
-        
-        * bindings/NP_jsobject.cpp:
-        (jsDeallocate):
-        Don't free the origin root object.
-        
-        (_NPN_CreateScriptObject):
-        Remove the origin root object parameter.
-        
-        (_NPN_InvokeDefault):
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        (_NPN_Enumerate):
-        Get rid of all security checks.
-        
-        * bindings/NP_jsobject.h:
-        Remove originRootObject from the JavaScriptObject struct.
-        
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant):
-        Always use the root object from the ExecState.
-        
-2007-12-13  Steve Falkenburg  <sfalken@apple.com>
-
-        Move source file generation into its own vcproj to fix build dependencies.
-
-        Reviewed by Adam.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-
-2007-12-13  Alp Toker  <alp@atoker.com>
-
-        http://bugs.webkit.org/show_bug.cgi?id=16406
-        [Gtk] JavaScriptCore needs -lpthread
-
-        Build fix for Debian and any other platforms that don't implicitly
-        link to pthread.
-
-        Link to pthread on non-Windows platforms until this dependency is
-        removed from JSC.
-
-2007-12-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Build fix: Note some variables that are used only for ASSERTs.
-
-        * API/testapi.c:
-        (Base_finalize):
-        (globalObject_initialize):
-        (testInitializeFinalize):
-
-2007-12-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed: All JS tests crash on Windows.
-
-        NDEBUG wasn't defined when compiling testkjs in release builds, so the
-        HashTable definition in HashTable.h included an extra data member.
-
-        The solution was to add NDEBUG to the release testkjs configuration on
-        Windows and Mac.
-        
-        For giggles, I also added other missing #defines to testkjs on Windows.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/testkjs.cpp:
-        (main):
-
-2007-12-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Removed bogus ASSERT.
-        
-        ASSERT should only be used when we know that a code path will not be
-        taken. This code path is taken often during the jsFunFuzz test.
-
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute):
-
-2007-12-11  Darin Adler  <darin@apple.com>
-
-        * wtf/unicode/qt4/UnicodeQt4.h: Try to fix Qt build by adding U16_IS_SINGLE.
-
-2007-12-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16379
-          REGRESSION(r28525): Failures in http/tests/xmlhttprequest/response-encoding.html and
-          fast/dom/xmlhttprequest-html-response-encoding.html
-          and <rdar://problem/5640230> REGRESSION (306A4-ToT): Access violation in PCRE function
-          find_firstassertedchar
-
-        Test: fast/js/regexp-find-first-asserted.html
-
-        * pcre/pcre_compile.cpp:
-        (compileBracket): Take out unnecessary initialization of out parameters.
-        (branchFindFirstAssertedCharacter): Added. Broke out the half of the function that handles
-        a branch.
-        (bracketFindFirstAssertedCharacter): Renamed from find_firstassertedchar. Also removed the
-        options parameter -- the caller can handle the options.
-        (jsRegExpCompile): Changed call site to call the appropriate bracket or branch version of
-        the find_firstassertedchar function. Also put the REQ_IGNORE_CASE code here instead of
-        passing in the options.
-
-2007-12-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Split this:
-        
-                            FunctionBodyNode
-                                    ^
-                                    |
-                                ProgramNode
-            
-        into this:
-            
-                                ScopeNode
-                ^                   ^                   ^
-                |                   |                   |
-        FunctionBodyNode        ProgramNode         EvalNode
-
-        in preparation for specializing each class more while optimizing global
-        variable access.
-        
-        Also removed some cruft from the FunctionBodyNode interface to simplify
-        things.
-        
-        SunSpider says this patch is a .8% speedup, which seems reasonable,
-        since it eliminates a few branches and adds KJS_FAST_CALL in a few
-        places.
-        
-        Layout tests and JS tests pass. Also, this baby builds on Windows! (Qt
-        mileage may vary...)
-
-2007-12-10  Geoffrey Garen  <ggaren@apple.com>
-
-        RS by Mark Rowe.
-        
-        Mac build fix: added some exported symbols, now that Parser::parse is
-        defined in the header.
-
-        * JavaScriptCore.exp:
-
-2007-12-10  Sam Weinig  <sam@webkit.org>
-
-        Build fix.
-
-        Template methods need to be in the header.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * kjs/Parser.cpp:
-        * kjs/Parser.h:
-        (KJS::Parser::parse):
-
-2007-12-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Merged different implementations of Parser::parse into a single,
-        templatized implementation, in preparation for adding yet another
-        implementation for "eval" code.
-        
-        JS and layout tests pass.
-
-2007-12-10  Timothy Hatcher  <timothy@apple.com>
-
-        Reviewed by Mark Rowe
-
-        <rdar://problem/5639463> Bundle versions on Tiger should be 4523.x not 523.x
-
-        * Configurations/Version.xcconfig: Some Tiger versions of Xcode don't set MAC_OS_X_VERSION_MAJOR,
-          so assume Tiger and use a 4 for the SYSTEM_VERSION_PREFIX.
-
-2007-12-10  Mark Rowe  <mrowe@apple.com>
-
-        Tiger build fix.
-
-        * kjs/grammar.y: Use @1 and @0 in place of @$ where Tiger's bison chokes.
-
-2007-12-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16375
-          REGRESSION: Safari crashes on quit
-
-        Probably a debug-only issue.
-
-        * kjs/Parser.cpp:
-        (KJS::parser): Create the parser and never destroy it by using a pointer instead
-        of a global object.
-
-2007-12-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16369
-          REGRESSION (r28525): regular expression tests failing due to bad firstByte optimization
-
-        * pcre/pcre_compile.cpp: Changed some names to use interCaps intead of under_scores.
-        (branchIsAnchored): Broke is_anchored into two separate functions; this one works on a
-        branch and the other on an anchor. The old function would only work on a bracket.
-        Also removed unneeded parameters; the anchored check does not require the bracket
-        map or the options any more because we have a reduced set of features.
-        (bracketIsAnchored): Ditto.
-        (branchNeedsLineStart): Broke canApplyFirstCharOptimization into two functions and gave
-        both a better name. This is the function that was returning the wrong value. The failure
-        was beacuse the old function would only work on a bracket.
-        (bracketNeedsLineStart): Ditto.
-        (jsRegExpCompile): Changed to call the appropriate branch or bracket flavor of the
-        functions based on whether we compiled an outer bracket. Also removed inaccurate comments
-        and unneeded parameters.
-
-        - other small changes
-
-        * pcre/pcre.h: Renumbered error codes, in a logical order. First, normal failure, then
-        the recursion limit, then running out of memory, and finally an unexpected internal error.
-
-        * pcre/pcre_exec.cpp: Fixed indentation.
-        (jsRegExpExecute): Corrected an inaccurate comment.
-
-2007-12-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16370
-          REGRESSION (r28540): source URL and line number no longer set for outer function/programs
-
-        Test: fast/js/exception-linenums-in-html-1.html
-        Test: fast/js/exception-linenums-in-html-2.html
-        Test: fast/js/exception-linenums.html
-
-        By the time the ProgramNode was constructed, the source URL was empty.
-
-        * kjs/Parser.cpp:
-        (KJS::Parser::parseProgram): Added code to set and clear m_sourceURL, which is now
-        handled here instead of in the lexer; it needs to still be set when we create the
-        program node. Call setLoc to set the first and last line number.
-        (KJS::Parser::parseFunctionBody): Ditto, but for the body.
-        (KJS::Parser::parse): Removed the sourceURL argument.
-
-        * kjs/Parser.h: Added sourceURL(), m_sourceURL, and m_lastLine. Added a lastLine
-        parameter to didFinishParsing, since the bison grammar knows the last line number
-        and we otherwise do not know it. Removed the sourceURL parameter from parse, since
-        that's now handled at a higher level.
-
-        * kjs/grammar.y: Pass the last line number to didFinishParsing.
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::setCode): Removed the sourceURL argument and the code to set m_sourceURL.
-        (KJS::Lexer::clear): Ditto.
-        * kjs/lexer.h: More of the same.
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::FunctionBodyNode): Get the source URL from the parser rather
-        than from the lexer. Removed unneeded call to setLoc, since the line numbers already
-        both default to -1.
-
-2007-12-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam W.
-
-        Split the ENABLE_SVG_EXPERIMENTAL_FEATURES flag into separate flags.
-        
-        Fixes <rdar://problem/5620249> Must disable SVG animation
-        <rdar://problem/5612772> Disable SVG filters on Mac to match Windows behavior
-        
-        Minor config changes.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-12-07  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin.
-
-        - Rename isSafeScript to allowsAccessFrom.
-
-        * bindings/NP_jsobject.cpp:
-        (_isSafeScript):
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::allowsAccessFrom): Reverse caller/argument of allowsAccessFrom to match
-        the new call.
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Refactored variable access optimization: Removed the assumption that
-        the FunctionBodyNode holds the symbol table.
-        
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added #include.
-
-        * kjs/nodes.cpp:
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added #include.
-
-        * kjs/interpreter.cpp:
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added #include.
-
-        * kjs/grammar.y:
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added #include.
-
-        * kjs/function_object.cpp:
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed crash seen running layout tests.
-        
-        Reverted a change I made earlier today. Added a comment to try to
-        discourage myself from making this mistake a third time.
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::mark):
-        * kjs/function.h:
-        (KJS::ActivationImp::ActivationImpData::ActivationImpData):
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Refactored parsing of global code: Removed the assumption that 
-        ProgramNode inherits from FunctionBodyNode from the parser.
-
-        * kjs/Parser.cpp:
-        (KJS::Parser::parseProgram):
-        (KJS::Parser::parseFunctionBody):
-        (KJS::Parser::parse):
-        * kjs/Parser.h:
-        (KJS::Parser::didFinishParsing):
-        * kjs/function.cpp:
-        * kjs/grammar.y:
-        * kjs/nodes.h:
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added JSVariableObject.cpp to the .pri file.
-
-        * JavaScriptCore.pri:
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added #include.
-
-        * kjs/function.cpp:
-
-2007-12-07  Steve Falkenburg  <sfalken@apple.com>
-
-        Re-named our B&I flag from BUILDBOT to PRODUCTION.
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj:
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: removed stray name qualification.
-
-        * kjs/function.h:
-        (KJS::ActivationImp::ActivationImp):
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: moved functions with qualified names outside of class
-        declaration.
-
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::symbolTableGet):
-        (KJS::JSVariableObject::symbolTablePut):
-
-2007-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Next step in refactoring JSGlobalObject: Added JSVariableObject class,
-        and factored symbol-table-related code into it. (JSGlobalObject doesn't
-        use the symbol table code yet, though.)
-        
-        Layout and JS tests, and testapi, pass. SunSpider reports no regression.
-
-2007-12-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16185
-          jsRegExpCompile should not add implicit non-capturing bracket
-
-        While this does not make SunSpider faster, it will make many regular
-        expressions a bit faster.
-
-        * pcre/pcre_compile.cpp: Moved CompileData struct in here from the
-        header since it's private to this file.
-        (compile_branch): Updated for function name change.
-        (compile_bracket): Renamed from compile_regex, since, for one thing,
-        this does not compile an entire regular expression.
-        (calculateCompiledPatternLengthAndFlags): Removed unused item_count
-        local variable. Renamed CompileData to cd instead of compile_block
-        to be consistent with other functions. Added code to set the
-        needOuterBracket flag if there's at least one "|" at the outer level.
-        (jsRegExpCompile): Renamed CompileData to cd instead of compile_block
-        to be consistent with other functions. Removed unneeded "size" field
-        from the compiled regular expression. If no outer bracket is needed,
-        then use compile_branch to compile the regular expression.
-
-        * pcre/pcre_internal.h: Removed the CompileData struct, which is now
-        private to pcre_compile.cpp. Removed the size member from JSRegExp.
-
-2007-12-06  Kevin Ollivier  <kevino@theolliviers.com>
-
-        MSVC7 build fix due to a compiler bug with placement new and/or
-        templates and casting.
-
-        Reviewed by Darin Adler.
-
-        * wtf/Vector.h:
-        (WTF::::append):
-
-2007-12-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16321
-          new RegExp("[\u0097]{4,6}", "gmy") crashes in DEBUG builds
-          <rdar://problem/5632992>
-
-        Test: fast/js/regexp-oveflow.html
-
-        * pcre/pcre_compile.cpp:
-        (calculateCompiledPatternLengthAndFlags): In the case where a single character
-        character class is optimized to not use a character class at all, the preflight
-        code was not setting the lastitemlength variable.
-
-2007-12-05  Mark Rowe  <mrowe@apple.com>
-
-        Qt Windows build fix.  Include the time-related headers in the correct place.
-
-        * kjs/JSGlobalObject.cpp:
-        * kjs/interpreter.cpp:
-
-2007-12-05  Darin Adler  <darin@apple.com>
-
-        Not reviewed; just undoing a previous commit.
-
-        - remove earlier incorrect fix for http://bugs.webkit.org/show_bug.cgi?id=16220
-          <rdar://problem/5625221> Crash opening www.news.com (CNet)
-
-        The real bug was the backwards ?: in the compile function, which Geoff just
-        fixed. Rolling out the incorrect earlier fix.
-
-        * pcre/pcre_compile.cpp: (calculateCompiledPatternLengthAndFlags): Take out
-        the unneeded preflight change. The regression test proves this is still working
-        fine, so the bug remains fixed.
-
-2007-12-01  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.  Include headers before trying to use the things that they declare.
-
-        * kjs/JSImmediate.cpp:
-        * kjs/nodes.cpp:
-        * kjs/object.cpp:
-        * kjs/object_object.cpp:
-        * kjs/regexp_object.cpp:
-        * kjs/string_object.cpp:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added some #includes.
-
-        * kjs/JSImmediate.cpp:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added some #includes.
-
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSImmediate.cpp:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Fixed #include spelling.
-
-        * kjs/debugger.cpp:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added #include.
-
-        * kjs/debugger.cpp:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added a forward declaration.
-
-        * kjs/debugger.h:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added an #include.
-
-        * kjs/error_object.cpp:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added an #include.
-
-        * kjs/bool_object.cpp:
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Third step in refactoring JSGlobalObject: Moved data members and 
-        functions accessing data members from Interpreter to JSGlobalObject.
-        Changed Interpreter member functions to static functions.
-        
-        This resolves a bug in global object bootstrapping, where the global
-        ExecState could be used when uninitialized.
-        
-        This is a big change, but it's mostly code motion and renaming.
-        
-        Layout and JS tests, and testjsglue and testapi, pass. SunSpider reports
-        a .7% regression, but Shark sees no difference related to this patch,
-        and SunSpider reported a .7% speedup from an earlier step in this 
-        refactoring, so I think it's fair to call that a wash.
-
-2007-12-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler. (Or vice versa.)
-        
-        Fixed ASSERT during run-javascriptcore-tests. (Darin just added the
-        ASSERT, but the bug wasn't new.)
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch): The ?: operator here was backwards, causing us to
-        execute the loop too many times, adding stray KET opcodes to the
-        compiled regular expression.
-
-2007-12-05  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        - Wait until local variable data is fully constructed before notifying the debugger of entering
-        or leaving a call frame.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::execute):
-
-2007-12-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver.
-
-        Build fix for GCC 4.2. Cast via a union to avoid strict-aliasing issues.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::):
-        (WTF::getPageHeap):
-
-2007-12-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin.
-
-        Fix testkjs in 64-bit.
-
-        When built for 64-bit the TCMalloc spin lock uses pthread mutexes rather than a custom spin lock
-        implemented in assembly.  If we fail to initialize the pthread mutex, attempts to lock or unlock
-        it will fail and trigger a call to abort.
-
-        * wtf/FastMalloc.cpp: Initialize the spin lock so that we can later lock and unlock it.
-        * wtf/TCSpinLock.h: Add an Init method to the optimised spin lock.
-
-2007-12-04  Oliver Hunt  <oliver@apple.com>
-
-        Fix gtk build.
-
-        * wtf/TCSystemAlloc.cpp:
-
-2007-12-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe and Geoff Garen.
-
-        Merge TCMalloc r38
-
-        It also result in a performance progression between 0.5% and 
-        0.9% depending on the test, however most if not all of this 
-        gain will be consumed by the overhead involved in the later
-        change to release memory to the system.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/FastMalloc.cpp:
-        (WTF::KernelSupportsTLS):
-        (WTF::CheckIfKernelSupportsTLS):
-        (WTF::):
-        (WTF::ClassIndex):
-        (WTF::SLL_Next):
-        (WTF::SLL_SetNext):
-        (WTF::SLL_Push):
-        (WTF::SLL_Pop):
-        (WTF::SLL_PopRange):
-        (WTF::SLL_PushRange):
-        (WTF::SLL_Size):
-        (WTF::SizeClass):
-        (WTF::ByteSizeForClass):
-        (WTF::NumMoveSize):
-        (WTF::InitSizeClasses):
-        (WTF::AllocationSize):
-        (WTF::TCMalloc_PageHeap::GetSizeClassIfCached):
-        (WTF::TCMalloc_PageHeap::CacheSizeClass):
-        (WTF::TCMalloc_PageHeap::init):
-        (WTF::TCMalloc_PageHeap::New):
-        (WTF::TCMalloc_PageHeap::AllocLarge):
-        (WTF::TCMalloc_PageHeap::Carve):
-        (WTF::TCMalloc_PageHeap::Delete):
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
-        (WTF::PagesToMB):
-        (WTF::TCMalloc_PageHeap::Dump):
-        (WTF::TCMalloc_PageHeap::GrowHeap):
-        (WTF::TCMalloc_PageHeap::Check):
-        (WTF::ReleaseFreeList):
-        (WTF::TCMalloc_PageHeap::ReleaseFreePages):
-        (WTF::TCMalloc_ThreadCache_FreeList::Push):
-        (WTF::TCMalloc_ThreadCache_FreeList::PushRange):
-        (WTF::TCMalloc_ThreadCache_FreeList::PopRange):
-        (WTF::TCMalloc_ThreadCache_FreeList::Pop):
-        (WTF::TCMalloc_Central_FreeList::length):
-        (WTF::TCMalloc_Central_FreeList::tc_length):
-        (WTF::TCMalloc_Central_FreeList::Init):
-        (WTF::TCMalloc_Central_FreeList::ReleaseListToSpans):
-        (WTF::TCMalloc_Central_FreeList::EvictRandomSizeClass):
-        (WTF::TCMalloc_Central_FreeList::MakeCacheSpace):
-        (WTF::TCMalloc_Central_FreeList::ShrinkCache):
-        (WTF::TCMalloc_Central_FreeList::InsertRange):
-        (WTF::TCMalloc_Central_FreeList::RemoveRange):
-        (WTF::TCMalloc_Central_FreeList::FetchFromSpansSafe):
-        (WTF::TCMalloc_Central_FreeList::Populate):
-        (WTF::TCMalloc_ThreadCache::Init):
-        (WTF::TCMalloc_ThreadCache::Cleanup):
-        (WTF::TCMalloc_ThreadCache::Allocate):
-        (WTF::TCMalloc_ThreadCache::Deallocate):
-        (WTF::TCMalloc_ThreadCache::FetchFromCentralCache):
-        (WTF::TCMalloc_ThreadCache::ReleaseToCentralCache):
-        (WTF::TCMalloc_ThreadCache::Scavenge):
-        (WTF::TCMalloc_ThreadCache::PickNextSample):
-        (WTF::TCMalloc_ThreadCache::NewHeap):
-        (WTF::TCMalloc_ThreadCache::GetThreadHeap):
-        (WTF::TCMalloc_ThreadCache::GetCache):
-        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
-        (WTF::TCMalloc_ThreadCache::InitTSD):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-        (WTF::TCMallocStats::ExtractStats):
-        (WTF::TCMallocStats::DumpStats):
-        (WTF::TCMallocStats::DumpStackTraces):
-        (WTF::TCMallocStats::TCMallocImplementation::MarkThreadIdle):
-        (WTF::TCMallocStats::TCMallocImplementation::ReleaseFreeMemory):
-        (WTF::TCMallocStats::TCMallocGuard::TCMallocGuard):
-        (WTF::TCMallocStats::TCMallocGuard::~TCMallocGuard):
-        (WTF::TCMallocStats::DoSampledAllocation):
-        (WTF::TCMallocStats::CheckCachedSizeClass):
-        (WTF::TCMallocStats::CheckedMallocResult):
-        (WTF::TCMallocStats::SpanToMallocResult):
-        (WTF::TCMallocStats::do_malloc):
-        (WTF::TCMallocStats::do_free):
-        (WTF::TCMallocStats::do_memalign):
-        (WTF::TCMallocStats::do_malloc_stats):
-        (WTF::TCMallocStats::do_mallopt):
-        (WTF::TCMallocStats::do_mallinfo):
-        (WTF::TCMallocStats::realloc):
-        (WTF::TCMallocStats::cpp_alloc):
-        (WTF::TCMallocStats::operator new):
-        (WTF::TCMallocStats::):
-        (WTF::TCMallocStats::operator new[]):
-        (WTF::TCMallocStats::malloc_stats):
-        (WTF::TCMallocStats::mallopt):
-        (WTF::TCMallocStats::mallinfo):
-        * wtf/TCPackedCache.h: Added.
-        (PackedCache::PackedCache):
-        (PackedCache::Put):
-        (PackedCache::Has):
-        (PackedCache::GetOrDefault):
-        (PackedCache::Clear):
-        (PackedCache::EntryToValue):
-        (PackedCache::EntryToUpper):
-        (PackedCache::KeyToUpper):
-        (PackedCache::UpperToPartialKey):
-        (PackedCache::Hash):
-        (PackedCache::KeyMatch):
-        * wtf/TCPageMap.h:
-        (TCMalloc_PageMap2::PreallocateMoreMemory):
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease):
-        * wtf/TCSystemAlloc.h:
-
-2007-12-04  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam.
-
-        Make isSafeScript const.
-        
-        * kjs/JSGlobalObject.h:
-        (KJS::JSGlobalObject::isSafeScript):
-
-2007-12-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix first part of http://bugs.webkit.org/show_bug.cgi?id=16220
-          <rdar://problem/5625221> Crash opening www.news.com (CNet)
-
-        Test: fast/js/regexp-overflow.html
-
-        * pcre/pcre_compile.cpp:
-        (calculateCompiledPatternLengthAndFlags): Add room for the additional BRA/KET that
-        was generated in the compile code but not taken into account here.
-
-2007-12-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15618
-          <rdar://problem/5619353> REGRESSION: Stack overflow/crash in KJS::equal (15618)
-
-        Test: fast/js/recursion-limit-equal.html
-
-        * kjs/operations.cpp: (KJS::equal): Check the exception from toPrimitive.
-
-2007-12-03  Dan Bernstein  <mitz@apple.com>
-
-        - fix a copy-and-paste-o
-
-        * bindings/npruntime.cpp:
-        (_NPN_GetIntIdentifier):
-
-2007-12-03  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Darin Adler.
-
-        - fix an ASSERT when getIntIdentifier is called with 0 or -1
-
-        * bindings/npruntime.cpp:
-        (_NPN_GetIntIdentifier): We cannot use the hashmap for 0 and -1 since
-        they are the empty value and the deleted value. Instead, keep the
-        identifiers for those two integers in a static array.
-
-2007-12-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mitz.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15848
-          <rdar://problem/5619330> REGRESSION: Assertion failure viewing comments page on digg.com
-
-        Test: fast/js/sparse-array.html
-
-        * kjs/array_instance.cpp:
-        (KJS::ArrayInstance::inlineGetOwnPropertySlot): Check sparse array cutoff before looking
-        in hash map. Can't avoid the branch because we can't look for 0 in the hash.
-        (KJS::ArrayInstance::deleteProperty): Ditto.
-
-2007-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added an #include.
-
-        * kjs/collector.cpp:
-
-2007-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Second step in refactoring JSGlobalObject: moved virtual functions from
-        Interpreter to JSGlobalObject.
-        
-        Layout and JS tests pass. SunSpider reports a .7% speedup -- don't 
-        believe his lies.
-
-2007-12-01  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Adam Roben.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16228
-        kJSClassDefinitionEmpty is not exported with JS_EXPORT
-
-        Add JS_EXPORT to kJSClassDefinitionEmpty.
-
-        Make the gcc compiler check take precedence over the WIN32||_WIN32
-        check to ensure that symbols are exported on Windows when using gcc.
-
-        Add a TODO referencing the bug about JS_EXPORT in the Win build
-        (http://bugs.webkit.org/show_bug.cgi?id=16227)
-
-        Don't define JS_EXPORT as 'extern' when the compiler is unknown since
-        it would result in the incorrect expansion:
-
-          extern extern const JSClassDefinition kJSClassDefinitionEmpty;
-
-        (This was something we inherited from CFBase.h that doesn't make sense
-        for JSBase.h)
-
-        * API/JSBase.h:
-        * API/JSObjectRef.h:
-
-2007-11-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Reversed the ownership relationship between Interpreter and JSGlobalObject.
-        Now, the JSGlobalObject owns the Interpreter, and top-level objects
-        that need the two to persist just protect the JSGlobalObject from GC.
-        
-        Global object bootstrapping looks a little odd right now, but it will
-        make much more sense soon, after further rounds of refactoring.
-
-        * bindings/runtime_root.h: Made this class inherit from RefCounted,
-        to avoid code duplication.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect): No need to give special GC treatment to 
-        Interpreters, since we mark their global objects, which mark them.
-
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::mark): No need to mark our global object, since it
-        marks us.
-        * kjs/interpreter.h: Don't inherit from RefCounted -- JSGlobalObject 
-        owns us directly.
-
-        * kjs/testkjs.cpp: Modified to follow the new rules.
-        (createGlobalObject):
-        (runWithScripts):
-
-2007-11-30  Brent Fulgham  <bfulgham@gmail.com>
-
-        Reviewed by Eric.
-
-        * ChangeLog:
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-
-2007-11-30  Eric Seidel  <eric@webkit.org>
-
-        No review, build fix only.
-        
-        Fix uninitialized var warnings in release build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * pcre/pcre_compile.cpp:
-        (compile_regex):
-
-2007-11-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Roben.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16207
-          JavaScript regular expressions should match UTF-16 code units rather than characters
-
-        SunSpider says this is 5.5% faster on the regexp test, 0.4% faste overall.
-
-        Test: fast/js/regexp-non-bmp.html
-
-        Renamed ANY_CHAR to NOT_NEWLINE to more-accurately reflect its meaning.
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch): Removed calls to the UTF-16 character accessor functions, replacing
-        them with simple pointer dereferences in some cases, and no code at all in others.
-        (calculateCompiledPatternLengthAndFlags): Ditto.
-
-        * pcre/pcre_exec.cpp:
-        (match): Fixed indentation of some case labels (including all the BEGIN_OPCODE).
-        Removed calls to the UTF-16 character accessor functions, replacing them with simple
-        pointer dereferences in some cases, and no code at all in others. Also removed some
-        explicit UTF-16 support code in a few cases. Removed the unneeded "UTF-8" code path
-        in the ANY_CHAR repeat code, and in another case, eliminated the code to check against
-        end_subject in because it is already done outside the loop.
-        (jsRegExpExecute):
-
-        * pcre/pcre_internal.h: Removed all the UTF-16 helper functions.
-
-2007-11-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-        
-        PCRE crashes under GuardMalloc
-        http://bugs.webkit.org/show_bug.cgi?id=16127
-        check against patternEnd to make sure we don't walk off the end of the string
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (calculateCompiledPatternLengthAndFlags):
-
-2007-11-30  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-        
-        Fix layout test regressions caused by r28186
-        http://bugs.webkit.org/show_bug.cgi?id=16195
-        change first_byte and req_byte back to shorts instead of chars
-        (I think PCRE stuffs information in the high bits) 
-
-        * pcre/pcre_internal.h:
-
-2007-11-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej and Darin.
-
-        Make the JS collector work with multiple threads 
-
-        Under heavy contention it was possible the GC to suspend other
-        threads inside the pthread spinlock, which could lead to the GC
-        thread blocking on the pthread spinlock itself.
-
-        We now determine and store each thread's stack base when it is
-        registered, thus removing the need for any calls to pthread_get_stackaddr_np
-        that needed the pthread spinlock.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::Thread::Thread):
-        (KJS::Collector::registerThread):
-        (KJS::Collector::markOtherThreadConservatively):
-
-2007-11-29  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        Removed some unreachable code (ironically, the code was some
-        ASSERT_NOT_REACHED()s).
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        * pcre/pcre_exec.cpp:
-        (match):
-
-2007-11-29  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Mark Rowe.
-        
-        Fix for --guard crash of fast/js/regexp-charclass-crash introduced by r28151.
-
-        * pcre/pcre_compile.cpp:
-        (is_anchored):
-
-2007-11-28  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.  Rubber-stamped by Eric.
-
-        * pcre/pcre_exec.cpp:
-        (match): Add braces around the body of the case statement to prevent
-        wanings about jumps across the initialization of a variable.
-
-2007-11-29  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Mark Rowe.
-        
-        Attempt to fix non-mac builds after PCRE cleanup.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCoreSources.bkl:
-        * pcre/pcre.pri:
-
-2007-11-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Centralize code for subjectPtr adjustments using inlines, only ever check for a single
-        trailing surrogate (as UTF16 only allows one), possibly fix PCRE bugs involving char
-        classes and garbled UTF16 strings.
-
-        * pcre/pcre_exec.cpp:
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-        (getPreviousChar):
-        (movePtrToPreviousChar):
-        (movePtrToNextChar):
-        (movePtrToStartOfCurrentChar):
-
-2007-11-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        change getChar* functions to return result and push 'c' into local scopes for clarity
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (calculateCompiledPatternLengthAndFlags):
-        * pcre/pcre_exec.cpp:
-        (match):
-        * pcre/pcre_internal.h:
-        (getChar):
-        (getCharAndAdvance):
-        (getCharAndLength):
-        (getCharAndAdvanceIfSurrogate):
-
-2007-11-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Comment cleanup
-
-        * pcre/pcre_exec.cpp:
-        (match):
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Further cleanups to calculateCompiledPatternLengthAndFlags
-
-        * pcre/pcre_compile.cpp:
-        (calculateCompiledPatternLengthAndFlags):
-        * pcre/pcre_internal.h:
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Give consistent naming to the RegExp options/compile flags
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (is_anchored):
-        (find_firstassertedchar):
-        (printCompiledRegExp):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Pull first_byte and req_byte optimizations out into separate static funtions, SunSpider reported this as a win.
-
-        * pcre/pcre_exec.cpp:
-        (tryFirstByteOptimization):
-        (tryRequiredByteOptimization):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        give PCRE_MULTILINE a better name: OptionMatchAcrossMultipleLines
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (is_anchored):
-        (printCompiledRegExp):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-
-        Deprecate jsRegExpExecute's offset-vector fallback code
-
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute):
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Make cur_is_word and prev_is_word locals, and change OP_ANY to OP_ANY_CHAR for clarity
-
-        * pcre/pcre_compile.cpp:
-        (find_fixedlength):
-        (compile_branch):
-        (canApplyFirstCharOptimization):
-        * pcre/pcre_exec.cpp:
-        (match):
-        * pcre/pcre_internal.h:
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Mitz & Maciej.
-
-        Change _NC operators to use _IGNORING_CASE for clarity
-
-        * pcre/pcre_compile.cpp:
-        (find_fixedlength):
-        (compile_branch):
-        (find_firstassertedchar):
-        * pcre/pcre_exec.cpp:
-        (match):
-        * pcre/pcre_internal.h:
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Mitz.
-
-        Remove branch from return
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        * pcre/pcre_exec.cpp:
-        (match):
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Add repeatInformationFromInstructionOffset inline
-
-        * pcre/pcre_exec.cpp:
-        (repeatInformationFromInstructionOffset):
-        (match):
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Remove no longer used error code JSRegExpErrorMatchLimit
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::match):
-        * pcre/pcre.h:
-        * pcre/pcre_internal.h:
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Make i locally scoped for better code clarity
-
-        * pcre/pcre_exec.cpp:
-        (match):
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Give subjectPtr and instructionPtr sane names, reduce size of MatchFrame for a 0.2% speedup.
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (calculateCompiledPatternLengthAndFlags):
-        * pcre/pcre_exec.cpp:
-        (match_ref):
-        (MatchStack::pushNewFrame):
-        (getUTF8CharAndIncrementLength):
-        (match):
-        * pcre/pcre_internal.h:
-        (getChar):
-        (getCharAndAdvance):
-        (getCharAndLength):
-        (getCharAndAdvanceIfSurrogate):
-        * pcre/pcre_xclass.cpp:
-        (getUTF8CharAndAdvancePointer):
-
-2007-11-26  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Small speedup (0.7%) by simplifying canUseStackBufferForNextFrame() check
-
-        * pcre/pcre_exec.cpp:
-        (MatchStack::MatchStack):
-        (MatchStack::popCurrentFrame):
-
-2007-11-25  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Lower MATCH_LIMIT_RECURSION to more sane levels to prevent hangs on run-javascriptcore-tests
-
-        * pcre/pcre_internal.h:
-
-2007-11-25  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Remove match_is_group variable for another 5% speedup
-
-        * pcre/pcre_compile.cpp:
-        * pcre/pcre_exec.cpp:
-        (startNewGroup):
-        (match):
-
-2007-11-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Abstract frame variables into locals and args
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        * pcre/pcre_exec.cpp:
-        (match):
-        * pcre/pcre_internal.h:
-
-2007-11-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Section off MatchData arguments into args struct
-
-        * pcre/pcre_exec.cpp:
-        (MatchStack::pushNewFrame):
-        (match):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Remove redundant eptrblock struct
-
-        * pcre/pcre_exec.cpp:
-        (MatchStack::pushNewFrame):
-        (match):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Remove redundant match_call_count and move recursion check out of super-hot code path
-        SunSpider says this is at least an 8% speedup for regexp.
-
-        * pcre/pcre_exec.cpp:
-        (MatchStack::MatchStack):
-        (MatchStack::pushNewFrame):
-        (MatchStack::popCurrentFrame):
-        (MatchStack::popAllFrames):
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Get rid of GETCHAR* macros, replacing them with better named inlines
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (calculateCompiledPatternLengthAndFlags):
-        * pcre/pcre_exec.cpp:
-        (match):
-        * pcre/pcre_internal.h:
-        (getCharAndAdvance):
-        (getCharAndLength):
-        (getCharAndAdvanceIfSurrogate):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Further cleanup GET/PUT inlines
-
-        * pcre/pcre_internal.h:
-        (putOpcodeValueAtOffset):
-        (getOpcodeValueAtOffset):
-        (putOpcodeValueAtOffsetAndAdvance):
-        (put2ByteOpcodeValueAtOffset):
-        (get2ByteOpcodeValueAtOffset):
-        (put2ByteOpcodeValueAtOffsetAndAdvance):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Give GET, PUT better names, and add (poor) moveOpcodePtrPastAnyAlternateBranches
-
-        * pcre/pcre_compile.cpp:
-        (firstSignificantOpCodeSkippingAssertions):
-        (find_fixedlength):
-        (complete_callout):
-        (compile_branch):
-        (compile_regex):
-        (is_anchored):
-        (canApplyFirstCharOptimization):
-        (find_firstassertedchar):
-        * pcre/pcre_exec.cpp:
-        (match):
-        * pcre/pcre_internal.h:
-        (putOpcodeValueAtOffset):
-        (getOpcodeValueAtOffset):
-        (putOpcodeValueAtOffsetAndAdvance):
-        (put2ByteOpcodeValueAtOffset):
-        (get2ByteOpcodeValueAtOffset):
-        (moveOpcodePtrPastAnyAlternateBranches):
-        * pcre/pcre_ucp_searchfuncs.cpp:
-        (_pcre_ucp_othercase):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Add inlines for toLowerCase, isWordChar, isSpaceChar for further regexp speedup
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-        (toLowerCase):
-        (flipCase):
-        (classBitmapForChar):
-        (charTypeForChar):
-        (isWordChar):
-        (isSpaceChar):
-        (CompileData::CompileData):
-        * pcre/pcre_xclass.cpp:
-        (_pcre_xclass):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        cleanup _pcre_ucp_othercase
-
-        * pcre/pcre_ucp_searchfuncs.cpp:
-        (_pcre_ucp_othercase):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Use better variable names for case ignoring options
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (find_firstassertedchar):
-        (printCompiledRegExp):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (match_ref):
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        split first_significant_code into two simpler functions
-
-        * pcre/pcre_compile.cpp:
-        (firstSignificantOpCode):
-        (firstSignificantOpCodeSkippingAssertions):
-        (is_anchored):
-        (canApplyFirstCharOptimization):
-        (find_firstassertedchar):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        clean up is_counted_repeat
-
-        * pcre/pcre_compile.cpp:
-        (is_counted_repeat):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        clean up check_escape
-
-        * pcre/pcre_compile.cpp:
-        (check_escape):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Reformat find_fixedlength
-
-        * pcre/pcre_compile.cpp:
-        (find_fixedlength):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        reformat is_anchored
-
-        * pcre/pcre_compile.cpp:
-        (is_anchored):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Remove unused function could_be_empty_branch
-
-        * pcre/pcre_compile.cpp:
-        (first_significant_code):
-        (find_fixedlength):
-        (compile_branch):
-        (canApplyFirstCharOptimization):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Pass around MatchData objects by reference
-
-        * pcre/pcre_exec.cpp:
-        (pchars):
-        (match_ref):
-        (match):
-        (jsRegExpExecute):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        give PCRE_STARTLINE a better name and rename match_data to MatchData
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (canApplyFirstCharOptimization):
-        (find_firstassertedchar):
-        (printCompiledRegExp):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (pchars):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Clean up find_firstassertedchar
-
-        * pcre/pcre_compile.cpp:
-        (get_othercase_range):
-        (find_firstassertedchar):
-        (calculateCompiledPatternLengthAndFlags):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Tim Hatcher.
-
-        Pass around CompileData& instead of CompileData*
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-        (jsRegExpCompile):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Clean up compile_branch, move _pcre_ord2utf8, and rename CompileData
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * pcre/pcre_compile.cpp:
-        (_pcre_ord2utf8):
-        (calculateCompiledPatternLengthAndFlags):
-        (jsRegExpCompile):
-        * pcre/pcre_internal.h:
-        * pcre/pcre_ord2utf8.cpp: Removed.
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        removing more macros
-
-        * pcre/pcre_compile.cpp:
-        (could_be_empty_branch):
-        (compile_branch):
-        (calculateCompiledPatternLengthAndFlags):
-        * pcre/pcre_exec.cpp:
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-        * pcre/pcre_xclass.cpp:
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        clean up formating in compile_branch
-
-        * pcre/pcre_compile.cpp:
-        (compile_branch):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Fix spacing for read_repeat_counts
-
-        * pcre/pcre_compile.cpp:
-        (read_repeat_counts):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Get rid of PCRE custom char types
-
-        * pcre/pcre_compile.cpp:
-        (check_escape):
-        (complete_callout):
-        (compile_branch):
-        (compile_regex):
-        (calculateCompiledPatternLengthAndFlags):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (match_ref):
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        reformat get_othercase_range
-
-        * pcre/pcre_compile.cpp:
-        (get_othercase_range):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Remove register keyword and more cleanup
-
-        * pcre/pcre_compile.cpp:
-        (find_fixedlength):
-        (compile_branch):
-        (is_anchored):
-        (is_startline):
-        (find_firstassertedchar):
-        (calculateCompiledPatternLengthAndFlags):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (MatchStack::canUseStackBufferForNextFrame):
-        (MatchStack::allocateNextFrame):
-        (MatchStack::pushNewFrame):
-        (MatchStack::frameIsStackAllocated):
-        (MatchStack::popCurrentFrame):
-        (MatchStack::unrollAnyHeapAllocatedFrames):
-        (getUTF8CharAndIncrementLength):
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-        (PUT2INC):
-        (isLeadingSurrogate):
-        (isTrailingSurrogate):
-        (decodeSurrogatePair):
-        (getChar):
-        * pcre/pcre_ord2utf8.cpp:
-        (_pcre_ord2utf8):
-        * pcre/pcre_xclass.cpp:
-        (getUTF8CharAndAdvancePointer):
-        (_pcre_xclass):
-
-2007-11-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Clean up jsRegExpExecute
-
-        * pcre/pcre_compile.cpp:
-        (returnError):
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-
-2007-11-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff.
-
-        Merging updated system alloc and spinlock code from r38 of TCMalloc.
-
-        This is needed as a precursor to the merge of TCMalloc proper.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::GrowHeap):
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::TCMalloc_SpinLock):
-        (TCMalloc_SpinLock::):
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SpinLock::IsHeld):
-        * wtf/TCSystemAlloc.cpp:
-        (TrySbrk):
-        (TryMmap):
-        (TryVirtualAlloc):
-        (TryDevMem):
-        (TCMalloc_SystemAlloc):
-        * wtf/TCSystemAlloc.h:
-
-2007-11-28  Brady Eidson <beidson@apple.com>
-
-        Reviewed by Geoff
-
-        Add copyKeysToVector utility, mirroring copyValuesToVector
-        Also change the copyValuesToVector implementation to be a little more attractive
-
-        * wtf/HashMap.h:
-        (WTF::copyKeysToVector):
-        (WTF::copyValuesToVector):
-
-2007-11-27  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Mark Rowe.
-
-        Add a list of public JavaScriptCore headers for installation.
-
-        This follows the convention used for the Qt and GTK+ header lists.
-
-        * headers.pri: Added.
-
-2007-11-27  Alp Toker  <alp@atoker.com>
-
-        Prospective MSVC build fix.
-
-        Roll back dllexport/dllimport support for now.
-
-        * API/JSBase.h:
-
-2007-11-27  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Maciej.
-
-        http://bugs.webkit.org/show_bug.cgi?id=15569
-        [gtk] GTK JavaScriptCore needs to export symbols for JSC API and WTF
-
-        Introduce JS_EXPORT to mark symbols to be exported as public API.
-
-        Export all public symbols in the JavaScriptCore C API.
-
-        This matches conventions for exporting symbols set by the CF and CG
-        frameworks.
-
-        * API/JSBase.h:
-        * API/JSContextRef.h:
-        * API/JSObjectRef.h:
-        * API/JSStringRef.h:
-        * API/JSStringRefBSTR.h:
-        * API/JSStringRefCF.h:
-        * API/JSValueRef.h:
-
-2007-11-27  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam.
-
-        Make PropertyNameArray and ScopeChain COMEnumVariant friendly.
-        
-        * kjs/PropertyNameArray.cpp:
-        (KJS::PropertyNameArray::swap):
-        Implement PropertyNameArray::swap.
-        
-        * kjs/PropertyNameArray.h:
-        Add ValueType typedef. Replace PropertyNameArrayIterator with 
-        PropertyNameArray::const_iterator.
-        
-        * kjs/nodes.cpp:
-        (KJS::ForInNode::execute):
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::print):
-        Update for changes to PropertyNameArray.
-        
-        * kjs/scope_chain.h:
-        Add const_iterator and ValueType typedef.
-        
-2007-11-27  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin.
-
-        Add a ValueType typedef.
-        
-        * wtf/Vector.h:
-
-2007-11-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mitz.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=16096
-          REGRESSION (r26653-r26699): Plaxo.com addressbook does not load in webkit nightlies
-
-        Test: fast/js/regexp-overflow.html
-
-        * pcre/pcre_compile.cpp: (calculateCompiledPatternLengthAndFlags):
-        Removed a stray "ptr++" that I added by accident when merging the
-        changes between PCRE 6.4 and 6.5. 
-
-2007-11-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Kevin McCullough.
-        
-        Fixed <rdar://problem/5597937> REGRESSION (r27126): Drosera does not 
-        show variables (can't enumerate ActivationImp properties)
-        
-        Implemented a custom ActivationImp::getPropertyNames, since 
-        ActivationImp now uses a custom property storage mechanism for local
-        variables.
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::getPropertyNames):
-        * kjs/function.h:
-
-2007-11-26  Alp Toker  <alp@atoker.com>
-
-        GTK+/Qt/Wx build fix for breakage introduced in r28039.
-
-        * ForwardingHeaders/JavaScriptCore/JSRetainPtr.h: Added.
-
-2007-11-24  Laszlo Gombos  <laszlo.gombos@gmail.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix minor compiler warning (GCC 4.1.3)
-
-        * pcre/pcre_internal.h:
-        * pcre/pcre_ucp_searchfuncs.cpp:
-        (_pcre_ucp_othercase):
-
-2007-11-25  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=16129
-        Bug 16129: REGRESSION (r27761-r27811): malloc error while visiting http://mysit.es (crashes release build)
-
-        * pcre/pcre_compile.cpp: Change errorcode to be passed by reference so that any error code is propagated
-        to our caller like they expect.
-
-2007-11-23  Kevin Ollivier  <kevino@theolliviers.com>
-
-        MSVC7 build fix. (rand_s doesn't exist there)
-
-        Reviewed by Adam Roben.
-
-        * kjs/config.h:
-        * wtf/MathExtras.h:
-
-2007-11-23  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Move WX_PYTHON logic into project build settings,
-        add WebKitLibraries dirs on Win, and explicitly include JSCore 
-        headers in testkjs rather than getting them from a template.
-        (Include dir order of JSCore/WTF and ICU headers is important due  
-        to wtf/unicode/utf8.h.)
-
-        * jscore.bkl:
-
-2007-11-23  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by George Staikos <staikos@kde.org>.
-
-        Fix make (dist)clean on Windows.
-        
-        OBJECTS_DIR_WTR does not exist anymore, use GENERATED_SOURCES_DIR.
-        
-
-        * JavaScriptCore.pri:
-        * pcre/pcre.pri:
-
-2007-11-22  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by George.
-
-        Make the directory of where to put the generated sources configurable through the GENERATED_SOURCE_DIR variable
-
-        * JavaScriptCore.pri:
-        * pcre/pcre.pri:
-
-2007-11-22  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by George.
-
-        Centralize the setup for all the extra compilers in a addExtraCompiler function.
-        
-        This allows adding a "generated_files" target that builds all generated files using "make generated_files".
-        For the build inside Qt we do not generate actual rules for the extra compilers but instead
-        do the variable substitution of compiler.output manually and add the generated sources to SOURCES.
-
-        * JavaScriptCore.pri:
-        * pcre/pcre.pri:
-
-2007-11-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        <rdar://problem/5602936> Need to resolve new GCC 4.2 warnings
-
-        Fix all warnings emitted by GCC 4.2 when building JavaScriptCore.  This allows builds with
-        -Werror to succeed.  At present they will crash when executed due to code that is not safe
-        under strict aliasing (<rdar://problem/5536806>).
-
-        * Configurations/Base.xcconfig: Remove the -Wno-long-double flag.
-        * kjs/date_object.cpp:
-        (KJS::formatTime): Test whether the stack-allocated string is empty rather than at a non-null address.
-        * kjs/dtoa.cpp:
-        (Bigint::): Tweak formatting to silence warnings.
-        * pcre/pcre_exec.cpp:
-        (match): Tweak formatting to silence warnings
-        * wtf/Assertions.cpp: Add printf format attribute to functions that warrant it.
-        * wtf/Assertions.h: Ditto.
-
-2007-11-19  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx port build fix (wx headers include ctype functions).
-
-        * kjs/config.h:
-
-2007-11-19  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Remove outdated and unused Windows port files.
-
-        Reviewed by Adam Roben.
-
-        * Makefile.vc: Removed.
-        * README-Win32.txt: Removed.
-
-2007-11-18  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-
-        * tests/mozilla/jsDriver.pl: exit non-0 when user aborts test run
-
-2007-11-17  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fix: <rdar://problem/5607032> REGRESSION: testapi exits with assertion failure in debug build
-             <rdar://problem/5440659> JSGlobalContextCreate throws away globalObjectClass's prototype
-             http://bugs.webkit.org/show_bug.cgi?id=16033
-
-        Split Interpreter's initialization into two distinct steps:  the creation of the global prototypes
-        and constructors, and storing them on the global object.  This allows JSClassRef's passed to
-        JSGlobalContextCreate to be instantiated with the correct prototype.
-
-        * API/JSCallbackObject.cpp: Assert at compile-time that the custom global object will fit in a collector cell.
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::JSCallbackObject):
-        (KJS::::init):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Construct and set the interpreter's global object separately.  When globalObjectClass
-        is passed we need to set the interpreter's global object before doing the JSCallbackObject's initialization to
-        prevent any JSObjectInitializeCallback's being invoked before a global object is set.
-        * API/testapi.c:
-        (globalObject_initialize): Test the object passed in is correct and that it has the expected global properties.
-        (globalObject_get):
-        (globalObject_set):
-        (main):
-        * API/testapi.js: Test that any static properties exposed by the global object's custom class are found.
-        * JavaScriptCore.exp:
-        * bindings/testbindings.cpp:
-        (main): Update for changes in Interpreter method signatures.
-        * bindings/testbindings.mm:
-        (main): Ditto.
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        (KJS::ExecState::mark):
-        (KJS::ExecState::setGlobalObject):
-        * kjs/ExecState.h: Rename scope to m_scopeChain.
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::Interpreter):
-        (KJS::Interpreter::init):
-        (KJS::Interpreter::globalObject):
-        (KJS::Interpreter::setGlobalObject):
-        (KJS::Interpreter::resetGlobalObjectProperties):
-        (KJS::Interpreter::createObjectsForGlobalObjectProperties):
-        (KJS::Interpreter::setGlobalObjectProperties): Switch to using putDirect to ensure that the global object's put method
-        cannot interfere with setting of the global properties.  This prevents a user-written JSClassRef from attempting to
-        call back into JavaScript from the initialization of the global object's members.
-        * kjs/interpreter.h:
-        * kjs/testkjs.cpp:
-        (setupInterpreter): Update for changes in Interpreter method signatures.
-
-2007-11-17  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Prevent testapi from reporting false leaks.  Clear out local variables pointing at
-        JSObjectRefs to allow their values to be collected.
-
-        * API/testapi.c:
-        (main):
-
-2007-11-17  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Prevent testapi from crashing if testapi.js can not be found by nil-checking the result of createStringWithContentsOfFile.
-
-        * API/testapi.c:
-        (main):
-
-2007-11-17  Alp Toker  <alp@atoker.com>
-
-        Reviewed by Eric.
-
-        http://bugs.webkit.org/show_bug.cgi?id=16032
-        JS minidom is not portable
-
-        Use a plain UTF-8 string instead of a CFString.
-
-        Print to stdout, not stderr like CFShow() would have done, since that
-        behaviour seems unintentional.
-
-        * API/minidom.c:
-        (main):
-
-2007-11-17  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-11-16  Mark Rowe  <mrowe@apple.com>
-
-        Windows build fix.
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::record8):
-
-2007-11-16  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Eric.
-
-        Replace strings, identifier, buffer8 and buffer16 members of Lexer with vectors.
-        SunSpider claims this is a 0.7% speedup.
-
-        * kjs/lexer.cpp:
-        (KJS::Lexer::Lexer):
-        (KJS::Lexer::lex):
-        (KJS::Lexer::record8):
-        (KJS::Lexer::record16):
-        (KJS::Lexer::scanRegExp):
-        (KJS::Lexer::clear):
-        (KJS::Lexer::makeIdentifier):
-        (KJS::Lexer::makeUString):
-        * kjs/lexer.h:
-        * kjs/ustring.cpp:
-        (KJS::UString::UString): Add a convenience constructor that takes a const Vector<UChar>&.
-        * kjs/ustring.h:
-
-2007-11-16  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Add a new include path
-        and ignore the int -> bool conversion warning.
-
-2007-11-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Fix Windows debug build.
-        Rubber-stamped by Eric
-
-        * pcre/pcre_exec.cpp: (match): Removed ASSERT_NOT_REACHED assertions that were making MSVC
-        complain about unreachable code.
-
-2007-11-15  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/Parser.cpp:
-
-2007-11-15  Mark Rowe  <mrowe@apple.com>
-
-        Mac build and header search path sanity fix.
-
-        Reviewed by Sam Weinig and Tim Hatcher.
-
-        Move base setting for HEADER_SEARCH_PATHS into Base.xcconfig, and extend
-        it in JavaScriptCore.xcconfig.  This removes the need to override it on a
-        per-target basis inside the .xcodeproj file.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-11-15  Mark Rowe  <mrowe@apple.com>
-
-        Qt build fix.
-
-        * kjs/Parser.h:
-
-2007-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Another round of grammar / parsing cleanup.
-        
-        1. Created distinct parser calls for parsing function bodies vs
-        programs. This will help later with optimizing global variable access.
-        
-        2. Turned Parser into a singleton. Cleaned up Lexer's singleton 
-        interface.
-        
-        3. Modified Lexer to free a little more memory when done lexing. (Added
-        FIXMEs for similar issues that I didn't fix.)
-        
-        4. Changed Lexer::makeIdentifier and Lexer::makeUString to start 
-        respecting the arguments passed to them. (No behavior change, but this
-        problem could have caused serious problems for an unsuspecting user of
-        these functions.)
-        
-        5. Removed KJS_DEBUG_MEM because it was bit-rotted.
-        
-        6. Removed Parser::prettyPrint because the same work was simpler to do
-        at the call site.
-        
-        7. Some renames:
-        
-            "Parser::accept" => "Parser::didFinishParsing"
-            "Parser::sid" => "Parser::m_sourceID"
-            "Lexer::doneParsing" => "Lexer::clear"
-            "sid" => "sourceId"
-            "lineno" => "lineNo"
-        
-        * JavaScriptCore.exp:
-        * kjs/Parser.cpp:
-        (KJS::Parser::Parser):
-        (KJS::Parser::parseProgram):
-        (KJS::Parser::parseFunctionBody):
-        (KJS::Parser::parse):
-        (KJS::Parser::didFinishParsing):
-        (KJS::parser):
-        * kjs/Parser.h:
-        (KJS::Parser::sourceId):
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/grammar.y:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::checkSyntax):
-        (KJS::Interpreter::evaluate):
-        * kjs/interpreter.h:
-        * kjs/lexer.cpp:
-        (kjsyylex):
-        (KJS::lexer):
-        (KJS::Lexer::Lexer):
-        (KJS::Lexer::~Lexer):
-        (KJS::Lexer::scanRegExp):
-        (KJS::Lexer::doneParsing):
-        (KJS::Lexer::makeIdentifier):
-        (KJS::Lexer::makeUString):
-        * kjs/lexer.h:
-        (KJS::Lexer::pattern):
-        (KJS::Lexer::flags):
-        (KJS::Lexer::sawError):
-        * kjs/nodes.cpp:
-        (KJS::Node::Node):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        * kjs/nodes.h:
-        * kjs/testkjs.cpp:
-        (prettyPrintScript):
-        (kjsmain):
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-
-2007-11-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        <rdar://problem/5601548> REGRESSION: All SourceElements and their children leak after a syntax error
-        
-        Add a stub node to maintain the Vector of SourceElements until assignment.
-
-        * kjs/grammar.y:
-        * kjs/nodes.h:
-        (KJS::SourceElementsStub::SourceElementsStub):
-        (KJS::SourceElementsStub::append):
-        (KJS::SourceElementsStub::release):
-        (KJS::SourceElementsStub::):
-        (KJS::SourceElementsStub::precedence):
-
-2007-11-15  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Abstract most of RMATCH into MatchStack functions.
-        
-        SunSpider claims this, combined with the last 2 patches was a 1% speedup, 10% for dna-regexp.
-
-        * pcre/pcre_exec.cpp:
-        (MatchStack::canUseStackBufferForNextFrame):
-        (MatchStack::allocateNextFrame):
-        (MatchStack::pushNewFrame):
-        (MatchStack::frameIsStackAllocated):
-        (MatchStack::popCurrentFrame):
-        (MatchStack::unrollAnyHeapAllocatedFrames):
-        (match):
-
-2007-11-15  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Remove RETURN_ERROR, add MatchStack
-        
-        * pcre/pcre_exec.cpp:
-        (MatchStack::MatchStack):
-        (MatchStack::unrollAnyHeapAllocatedFrames):
-        (matchError):
-        (match):
-        
-2007-11-15  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Clean up match function to match WebKit style
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * pcre/pcre_exec.cpp:
-        (match):
-
-2007-11-15  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-
-2007-11-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=15982
-        Improve JSString UTF-8 decoding
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithUTF8CString): Use strict decoding, return 0 on error.
-
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::convertUTF16ToUTF8):
-        (WTF::Unicode::convertUTF8ToUTF16):
-        * wtf/unicode/UTF8.h:
-        Made these function names start with a lower case letter.
-
-        * kjs/ustring.cpp: (KJS::UString::UTF8String): Updated for the above renaming.
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16WithLatin1Fallback): Renamed to highlight the difference
-        from convertUTF8ToUTF16 in wtf/unicode.
-        (KJS::Bindings::convertNPStringToUTF16): Updated for the above renaming.
-        (KJS::Bindings::identifierFromNPIdentifier): Ditto.
-        * bindings/c/c_utility.h: Made convertUTF8ToUTF16WithLatin1Fallback() a file static.
-
-2007-11-14  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Anders.
-
-        Fix the Xcode project file after it was messed up in r27402.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-11-14  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-        
-        More PCRE style cleanup.
-
-        * pcre/pcre_compile.cpp:
-        (compile_regex):
-
-2007-11-14  Adam Roben  <aroben@apple.com>
-
-        Clean up the bison conflict checking script
-
-        Reviewed by Geoff.
-
-        * DerivedSources.make:
-
-2007-11-14  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Geoff.
-
-        Another round of PCRE cleanups: inlines
-        
-        SunSpider claims that this, combined with my previous PCRE cleanup were a 0.7% speedup, go figure.
-
-        * pcre/pcre_compile.cpp:
-        (jsRegExpCompile):
-        * pcre/pcre_exec.cpp:
-        (match):
-        (jsRegExpExecute):
-        * pcre/pcre_internal.h:
-        (PUT):
-        (GET):
-        (PUT2):
-        (GET2):
-        (isNewline):
-
-2007-11-14  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-        
-        Give PCRE a (small) bath.
-        Fix some formating and break things off into separate functions
-        http://bugs.webkit.org/show_bug.cgi?id=15993
-
-        * pcre/pcre_compile.cpp:
-        (calculateCompiledPatternLengthAndFlags):
-        (printCompiledRegExp):
-        (returnError):
-        (jsRegExpCompile):
-        * pcre/pcre_internal.h:
-        (compile_data::compile_data):
-
-2007-11-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Eric Seidel.
-        
-        Cleaned up the JavaScript grammar a bit.
-        
-        1. Changed BlockNode to always hold a child vector (which may be empty),
-        eliminating a few NULL-check branches in the common execution case.
-        
-        2. Changed the Block production to correctly report its starting and 
-        ending line numbers to the debugger. (It used to report its ending line
-        as its starting line.) Also, removed duplicate line-reporting code
-        inside the BlockNode constructor.
-        
-        3. Moved curly braces up from FunctionBody production into parent
-        productions. (I had to move the line number reporting code, too, since
-        it depends on the location of the curly braces.) This matches the ECMA
-        spec more closely, and makes some future changes I plan easier.
-        
-        4. Fixed statementList* convenience functions to deal appropriately with
-        empty Vectors.
-
-        SunSpider reports a small and statistically insignificant speedup.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::statementListPushFIFO):
-        (KJS::statementListGetDeclarations):
-        (KJS::statementListInitializeDeclarationStack):
-        (KJS::statementListInitializeVariableAccessStack):
-        (KJS::BlockNode::BlockNode):
-        (KJS::BlockNode::optimizeVariableAccess):
-        (KJS::BlockNode::getDeclarations):
-        (KJS::BlockNode::execute):
-        (KJS::FunctionBodyNode::initializeDeclarationStacks):
-        (KJS::FunctionBodyNode::optimizeVariableAccess):
-
-2007-11-13  Anders Carlsson  <andersca@apple.com>
-
-        Add RefCounted.h (And remove Shared.h)
-        
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2007-11-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * kjs/regexp.h:
-
-2007-11-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Renamed Shared to RefCounted.
-
-        * API/JSClassRef.h:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/interpreter.h:
-        * kjs/regexp.h:
-        * wtf/RefCounted.h: Copied from JavaScriptCore/wtf/Shared.h.
-        (WTF::RefCounted::RefCounted):
-        * wtf/Shared.h: Removed.
-
-2007-11-13  Adam Roben  <aroben@apple.com>
-
-        Build fix
-
-        Reviewed by Geoff.
-
-        * kjs/regexp.h: Added a missing #include.
-
-2007-11-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Moved Shared.h into wtf so it could be used in more places. Deployed
-        Shared in places where JSCore previously had hand-rolled ref-counting
-        classes.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        * API/JSClassRef.h:
-        * API/JSObjectRef.cpp:
-        (JSClassRetain):
-        (JSClassRelease):
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::init):
-        * kjs/interpreter.h:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        * kjs/regexp.h:
-        * wtf/Shared.h: Copied from WebCore/platform/Shared.h.
-
-2007-11-13  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Add an ASSERT to getTruncatedInt32 to enforce proper usage.
-        Best part about this patch?  It doesn't break the web!
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::getTruncatedInt32):
-        (KJS::JSImmediate::toDouble):
-        (KJS::JSImmediate::getUInt32):
-
-2007-11-13  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows build fix.
-
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertUTF8ToUTF16):
-        * kjs/ustring.cpp:
-        (KJS::UString::UTF8String):
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::ConvertUTF8ToUTF16):
-
-2007-11-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=11231
-          RegExp bug when handling newline characters
-          and a number of other differences between PCRE behvior
-          and JavaScript regular expressions:
-
-          + single-digit sequences like \4 should be treated as octal
-            character constants, unless there is a sufficient number
-            of brackets for them to be treated as backreferences
-
-          + \8 turns into the character "8", not a binary zero character
-            followed by "8" (same for 9)
-
-          + only the first 3 digits should be considered part of an
-            octal character constant (the old behavior was to decode
-            an arbitrarily long sequence and then mask with 0xFF)
-
-          + if \x is followed by anything other than two valid hex digits,
-            then it should simply be treated a the letter "x"; that includes
-            not supporting the \x{41} syntax
-
-          + if \u is followed by anything less than four valid hex digits,
-            then it should simply be treated a the letter "u"
-
-          + an extra "+" should be a syntax error, rather than being treated
-            as the "possessive quantifier"
-
-          + if a "]" character appears immediately after a "[" character that
-            starts a character class, then that's an empty character class,
-            rather than being the start of a character class that includes a
-            "]" character
-
-          + a "$" should not match a terminating newline; we could have gotten
-            PCRE to handle this the way we wanted by passing an appropriate option
-
-        Test: fast/js/regexp-no-extensions.html
-
-        * pcre/pcre_compile.cpp:
-        (check_escape): Check backreferences against bracount to catch both
-        overflows and things that should be treated as octal. Rewrite octal
-        loop to not go on indefinitely. Rewrite both hex loops to match and
-        remove \x{} support.
-        (compile_branch): Restructure loops so that we don't special-case a "]"
-        at the beginning of a character class. Remove code that treated "+" as
-        the possessive quantifier.
-        (jsRegExpCompile): Change the "]" handling here too.
-
-        * pcre/pcre_exec.cpp: (match): Changed CIRC to match the DOLL implementation.
-        Changed DOLL to remove handling of "terminating newline", a Perl concept
-        which we don't need.
-
-        * tests/mozilla/expected.html: Two tests are fixed now:
-        ecma_3/RegExp/regress-100199.js and ecma_3/RegExp/regress-188206.js.
-        One test fails now: ecma_3/RegExp/perlstress-002.js -- our success before
-        was due to a bug (we treated all 1-character numeric escapes as backreferences).
-        The date tests also now both expect success -- whatever was making them fail
-        before was probably due to the time being close to a DST shift; maybe we need
-        to get rid of those tests.
-
-2007-11-13  Darin Adler  <darin@apple.com>
-
-        * kjs/JSImmediate.h: (KJS::JSImmediate::getTruncatedInt32):
-        Remove too-strong assert that was firing constantly and preventing even basic
-        web browsing from working in a debug build. This function is used in many
-        cases where the immediate value is not a number; the assertion could perhaps
-        be added back later with a bit of reorganization.
-
-2007-11-13  Alp Toker  <alp@atoker.com>
-
-        Build fix for breakage to non-Mac builds introduced in r27746.
-
-        * kjs/ustring.cpp:
-
-2007-11-13  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-
-        Clean up evaluateToBoolean functions to use inlines instead of copy/paste code
-
-        * kjs/JSImmediate.h:
-        * kjs/nodes.cpp:
-        (KJS::GreaterNode::inlineEvaluateToBoolean):
-        (KJS::GreaterNode::evaluate):
-        (KJS::LessEqNode::inlineEvaluateToBoolean):
-        (KJS::LessEqNode::evaluate):
-        (KJS::GreaterEqNode::inlineEvaluateToBoolean):
-        (KJS::GreaterEqNode::evaluate):
-        (KJS::InNode::evaluateToBoolean):
-        (KJS::EqualNode::inlineEvaluateToBoolean):
-        (KJS::EqualNode::evaluate):
-        (KJS::NotEqualNode::inlineEvaluateToBoolean):
-        (KJS::NotEqualNode::evaluate):
-        (KJS::StrictEqualNode::inlineEvaluateToBoolean):
-        (KJS::StrictEqualNode::evaluate):
-        (KJS::NotStrictEqualNode::inlineEvaluateToBoolean):
-        (KJS::NotStrictEqualNode::evaluate):
-        * kjs/nodes.h:
-
-2007-11-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15958
-        base64 spends 1.1% of total time checking for special Infinity case
-        
-        Use a fast character test instead of calling strncmp.
-        
-        1.1% speedup on string-base64. SunSpider reports a .4% speedup overall;
-        Sharks reports only .1%. Who are you going to believe? Huh?
-
-        * kjs/ustring.cpp:
-        (KJS::UString::toDouble):
-
-2007-11-12  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-
-        Add evaluateToInt32 and evaluateUInt32 methods and deploy them.
-        Fix a few missing evaluateToBoolean methods
-        Deploy all evaluateTo* functions to more nodes to avoid slowdowns
-        http://bugs.webkit.org/show_bug.cgi?id=15950
-        
-        SunSpider claims this is at least a 1.4% speedup.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::getTruncatedInt32):
-        (KJS::JSImmediate::toDouble):
-        (KJS::JSImmediate::getUInt32):
-        * kjs/nodes.cpp:
-        (KJS::ExpressionNode::evaluateToNumber):
-        (KJS::ExpressionNode::evaluateToInt32):
-        (KJS::ExpressionNode::evaluateToUInt32):
-        (KJS::NumberNode::evaluateToInt32):
-        (KJS::NumberNode::evaluateToUInt32):
-        (KJS::ImmediateNumberNode::evaluateToInt32):
-        (KJS::ImmediateNumberNode::evaluateToUInt32):
-        (KJS::ResolveNode::evaluate):
-        (KJS::ResolveNode::evaluateToNumber):
-        (KJS::ResolveNode::evaluateToBoolean):
-        (KJS::ResolveNode::evaluateToInt32):
-        (KJS::ResolveNode::evaluateToUInt32):
-        (KJS::LocalVarAccessNode::evaluateToInt32):
-        (KJS::LocalVarAccessNode::evaluateToUInt32):
-        (KJS::BracketAccessorNode::evaluateToNumber):
-        (KJS::BracketAccessorNode::evaluateToBoolean):
-        (KJS::BracketAccessorNode::evaluateToInt32):
-        (KJS::BracketAccessorNode::evaluateToUInt32):
-        (KJS::DotAccessorNode::inlineEvaluate):
-        (KJS::DotAccessorNode::evaluate):
-        (KJS::DotAccessorNode::evaluateToNumber):
-        (KJS::DotAccessorNode::evaluateToBoolean):
-        (KJS::DotAccessorNode::evaluateToInt32):
-        (KJS::DotAccessorNode::evaluateToUInt32):
-        (KJS::NewExprNode::inlineEvaluate):
-        (KJS::NewExprNode::evaluate):
-        (KJS::NewExprNode::evaluateToNumber):
-        (KJS::NewExprNode::evaluateToBoolean):
-        (KJS::NewExprNode::evaluateToInt32):
-        (KJS::NewExprNode::evaluateToUInt32):
-        (KJS::FunctionCallResolveNode::inlineEvaluate):
-        (KJS::FunctionCallResolveNode::evaluate):
-        (KJS::FunctionCallResolveNode::evaluateToNumber):
-        (KJS::FunctionCallResolveNode::evaluateToBoolean):
-        (KJS::FunctionCallResolveNode::evaluateToInt32):
-        (KJS::FunctionCallResolveNode::evaluateToUInt32):
-        (KJS::LocalVarFunctionCallNode::evaluate):
-        (KJS::LocalVarFunctionCallNode::evaluateToNumber):
-        (KJS::LocalVarFunctionCallNode::evaluateToBoolean):
-        (KJS::LocalVarFunctionCallNode::evaluateToInt32):
-        (KJS::LocalVarFunctionCallNode::evaluateToUInt32):
-        (KJS::FunctionCallDotNode::evaluate):
-        (KJS::FunctionCallDotNode::evaluateToNumber):
-        (KJS::FunctionCallDotNode::evaluateToBoolean):
-        (KJS::FunctionCallDotNode::evaluateToInt32):
-        (KJS::FunctionCallDotNode::evaluateToUInt32):
-        (KJS::PostDecLocalVarNode::inlineEvaluateToNumber):
-        (KJS::PostDecLocalVarNode::evaluateToNumber):
-        (KJS::PostDecLocalVarNode::evaluateToBoolean):
-        (KJS::PostDecLocalVarNode::evaluateToInt32):
-        (KJS::PostDecLocalVarNode::evaluateToUInt32):
-        (KJS::typeStringForValue):
-        (KJS::UnaryPlusNode::evaluate):
-        (KJS::UnaryPlusNode::evaluateToBoolean):
-        (KJS::UnaryPlusNode::evaluateToNumber):
-        (KJS::UnaryPlusNode::evaluateToInt32):
-        (KJS::BitwiseNotNode::inlineEvaluateToInt32):
-        (KJS::BitwiseNotNode::evaluate):
-        (KJS::BitwiseNotNode::evaluateToNumber):
-        (KJS::BitwiseNotNode::evaluateToBoolean):
-        (KJS::BitwiseNotNode::evaluateToInt32):
-        (KJS::MultNode::evaluateToBoolean):
-        (KJS::MultNode::evaluateToInt32):
-        (KJS::MultNode::evaluateToUInt32):
-        (KJS::DivNode::evaluateToInt32):
-        (KJS::DivNode::evaluateToUInt32):
-        (KJS::ModNode::evaluateToBoolean):
-        (KJS::ModNode::evaluateToInt32):
-        (KJS::ModNode::evaluateToUInt32):
-        (KJS::AddNode::evaluateToNumber):
-        (KJS::AddNode::evaluateToInt32):
-        (KJS::AddNode::evaluateToUInt32):
-        (KJS::AddNumbersNode::evaluateToInt32):
-        (KJS::AddNumbersNode::evaluateToUInt32):
-        (KJS::SubNode::evaluateToInt32):
-        (KJS::SubNode::evaluateToUInt32):
-        (KJS::LeftShiftNode::inlineEvaluateToInt32):
-        (KJS::LeftShiftNode::evaluate):
-        (KJS::LeftShiftNode::evaluateToNumber):
-        (KJS::LeftShiftNode::evaluateToInt32):
-        (KJS::RightShiftNode::inlineEvaluateToInt32):
-        (KJS::RightShiftNode::evaluate):
-        (KJS::RightShiftNode::evaluateToNumber):
-        (KJS::RightShiftNode::evaluateToInt32):
-        (KJS::UnsignedRightShiftNode::inlineEvaluateToUInt32):
-        (KJS::UnsignedRightShiftNode::evaluate):
-        (KJS::UnsignedRightShiftNode::evaluateToNumber):
-        (KJS::UnsignedRightShiftNode::evaluateToInt32):
-        (KJS::LessNode::inlineEvaluateToBoolean):
-        (KJS::LessNode::evaluate):
-        (KJS::LessNode::evaluateToBoolean):
-        (KJS::LessNumbersNode::inlineEvaluateToBoolean):
-        (KJS::LessNumbersNode::evaluate):
-        (KJS::LessNumbersNode::evaluateToBoolean):
-        (KJS::LessStringsNode::inlineEvaluateToBoolean):
-        (KJS::LessStringsNode::evaluate):
-        (KJS::BitAndNode::evaluate):
-        (KJS::BitAndNode::inlineEvaluateToInt32):
-        (KJS::BitAndNode::evaluateToNumber):
-        (KJS::BitAndNode::evaluateToBoolean):
-        (KJS::BitAndNode::evaluateToInt32):
-        (KJS::BitXOrNode::inlineEvaluateToInt32):
-        (KJS::BitXOrNode::evaluate):
-        (KJS::BitXOrNode::evaluateToNumber):
-        (KJS::BitXOrNode::evaluateToBoolean):
-        (KJS::BitXOrNode::evaluateToInt32):
-        (KJS::BitOrNode::inlineEvaluateToInt32):
-        (KJS::BitOrNode::evaluate):
-        (KJS::BitOrNode::evaluateToNumber):
-        (KJS::BitOrNode::evaluateToBoolean):
-        (KJS::BitOrNode::evaluateToInt32):
-        (KJS::ConditionalNode::evaluateToNumber):
-        (KJS::ConditionalNode::evaluateToInt32):
-        (KJS::ConditionalNode::evaluateToUInt32):
-        (KJS::valueForReadModifyAssignment):
-        (KJS::AssignExprNode::evaluate):
-        (KJS::AssignExprNode::evaluateToBoolean):
-        (KJS::AssignExprNode::evaluateToNumber):
-        (KJS::AssignExprNode::evaluateToInt32):
-        (KJS::VarDeclNode::handleSlowCase):
-        * kjs/nodes.h:
-        (KJS::FunctionCallResolveNode::precedence):
-        (KJS::AddNode::precedence):
-        (KJS::AddNode::):
-        (KJS::LessNumbersNode::):
-        (KJS::LessStringsNode::):
-        * kjs/value.cpp:
-        (KJS::JSValue::toInt32SlowCase):
-        (KJS::JSValue::toUInt32SlowCase):
-        * kjs/value.h:
-        (KJS::JSValue::asCell):
-        (KJS::JSValue::toInt32):
-        (KJS::JSValue::toUInt32):
-
-2007-11-12  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=15953
-        Add UTF-8 encoding/decoding to WTF
-
-        * kjs/ustring.h: Moved UTF8SequenceLength() and decodeUTF8Sequence() to wtf/unicode.
-        * kjs/ustring.cpp: (KJS::UString::UTF8String): Changed this function to take a strict/lenient
-        parameter. Callers are not interested in getting decoding results in strict mode, so 
-        this allows for bailing out as soon as an error is seen.
-
-        * kjs/function.cpp:
-        (KJS::encode): Updated for new UString::UTF8String() signature.
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithCharacters): Disambiguate UChar.
-        (JSStringCreateWithUTF8CString): Actually use UTF-8 when creating the string!
-        * bindings/c/c_utility.cpp: (KJS::Bindings::convertUTF8ToUTF16): Use ConvertUTF8ToUTF16().
-
-        * wtf/unicode/UTF8.cpp: Added.
-        (WTF::Unicode::inlineUTF8SequenceLengthNonASCII):
-        (WTF::Unicode::inlineUTF8SequenceLength):
-        (WTF::Unicode::UTF8SequenceLength):
-        (WTF::Unicode::decodeUTF8Sequence):
-        (WTF::Unicode::):
-        (WTF::Unicode::ConvertUTF16ToUTF8):
-        (WTF::Unicode::isLegalUTF8):
-        (WTF::Unicode::ConvertUTF8ToUTF16):
-        * wtf/unicode/UTF8.h: Added.
-        (WTF::Unicode::):
-        Some code moved from ustring.h, some adapted from unicode.org sources.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        Added UTF8.{h,cpp}
-
-2007-11-12  Josh Aas  <joshmoz@gmail.com>
-
-        Reviewed by Darin.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15946
-          add NPPValue NPPVpluginDrawingModel (Mozilla bug 403418 compat)
-
-        * bindings/npapi.h:
-
-2007-11-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15951
-          REGRESSION: assertion failure in regexp match() when running JS tests
-
-        Test: fast/js/regexp-many-brackets.html
-
-        * pcre/pcre_exec.cpp: (match): Added back accidentally-removed case for
-        the BRANUMBER opcode.
-
-2007-11-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix use of prefix and config.h, got rid of a few unneeded things in
-          the PCRE code; no behavior changes
-
-        * API/JSBase.cpp: Added include of config.h.
-        * API/JSCallbackConstructor.cpp: Ditto.
-        * API/JSCallbackFunction.cpp: Ditto.
-        * API/JSCallbackObject.cpp: Ditto.
-        * API/JSClassRef.cpp: Ditto.
-        * API/JSContextRef.cpp: Ditto.
-        * API/JSObjectRef.cpp: Ditto.
-        * API/JSStringRef.cpp: Ditto.
-        * API/JSValueRef.cpp: Ditto.
-
-        * JavaScriptCorePrefix.h: Removed obsolete <ctype.h> workaround.
-        Moved new/delete macros after includes, as they are in WebCore's prefix.
-        Removed "config.h".
-
-        * pcre/dftables.cpp: (main): Changed back to not use a separate maketables
-        function. This is needed for PCRE, but not helpful for our use. Also changed
-        the tables to all be 128 entries long instead of 256, since only the first
-        128 are ever used.
-
-        * pcre/pcre_compile.cpp: Added include of config.h. Eliminated digitab,
-        which was only being used to check hex digits. Changed all uses of TRUE and
-        FALSE to use the C++ true and false instead.
-        (check_escape): Just the TRUE/FALSE thing.
-        (is_counted_repeat): Ditto.
-        (could_be_empty_branch): Ditto.
-        (get_othercase_range): Ditto.
-        (compile_branch): Ditto.
-        (compile_regex): Ditto.
-        (is_anchored): Ditto.
-        (is_startline): Ditto.
-        (find_firstassertedchar): Ditto.
-        (jsRegExpCompile): Ditto.
-
-        * pcre/pcre_exec.cpp: Added include of config.h. Changed all uses of TRUE and
-        FALSE to use the C++ true and false instead.
-        (match_ref): Just the TRUE/FALSE thing.
-        (match): Ditto. Removed some unneeded braces.
-        (jsRegExpExecute): Just the TRUE/FALSE thing.
-
-        * pcre/pcre_internal.h: Moved the constants needed by dftables.cpp to the top
-        of the file instead of the bottom, so they can be used. Also changed the table
-        sizes to 128 instead of 256. Removed macro definitions of FALSE and TRUE.
-        Set array sizes for all the const arrays. Changed _pcre_utf8_table1_size to
-        be a macro instead of a extern int.
-
-        * pcre/pcre_maketables.cpp: Removed. It's all in dftables.cpp now.
-
-        * pcre/pcre_tables.cpp: Made table sizes explicit.
-
-        * pcre/pcre_xclass.cpp: Just the TRUE/FALSE thing.
-
-2007-11-12  Adam Roben  <aroben@apple.com>
-
-        Build fix
-
-        * wtf/FastMalloc.h: Add missing using statement.
-
-2007-11-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Add special fastZeroedMalloc function to replace a 
-        number of fastCalloc calls where one argument was 1.
-        
-        This results in a 0.4% progression in SunSpider, more
-        than making up for the earlier regression caused by 
-        additional overflow checks.
-
-        * JavaScriptCore.exp:
-        * kjs/array_instance.cpp:
-        * kjs/property_map.cpp:
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        * wtf/HashTable.h:
-
-2007-11-11  Adam Roben  <aroben@apple.com>
-
-        Fix <rdar://5578982> ASSERT in HashTable::checkTableConsistencyExceptSize beneath WebNotificationCenter
-
-        The bug was due to a mismatch between HashMap::remove and
-        HashTable::checkTableConsistency. HashMap::remove can delete the value
-        stored in the HashTable (by derefing it), which is not normally
-        allowed by HashTable. It's OK in this case because the value is about
-        to be removed from the table, but HashTable wasn't aware of this.
-
-        HashMap::remove now performs the consistency check itself before
-        derefing the value.
-
-        Darin noticed that the same bug would occur in HashSet, so I've fixed
-        it there as well.
-
-        Reviewed by Darin.
-
-        * wtf/HashMap.h:
-        (WTF::HashMap::remove): Perform the HashTable consistency check
-        manually before calling deref.
-        * wtf/HashSet.h:
-        (WTF::HashSet::remove): Ditto.
-        * wtf/HashTable.h: Made checkTableConsistency public so that HashMap
-        and HashSet can call it.
-        (WTF::HashTable::removeAndInvalidateWithoutEntryConsistencyCheck):
-        Added.
-        (WTF::HashTable::removeAndInvalidate): Added.
-        (WTF::HashTable::remove):
-        (WTF::HashTable::removeWithoutEntryConsistencyCheck): Added.
-
-2007-11-11  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.  Use the correct filename case.
-
-        * kjs/nodes.h:
-
-2007-11-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15902
-        15% of string-validate-input.js is spent compiling the same regular expression
-        
-        Store a compiled representation of the regular expression in the AST.
-        
-        Only a .2% SunSpider speedup overall, but a 10.6% speedup on 
-        string-validate-input.js.
-
-        * kjs/nodes.cpp:
-        (KJS::RegExpNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::RegExpNode::):
-        * kjs/nodes2string.cpp:
-        (KJS::RegExpNode::streamTo):
-        * kjs/regexp.cpp:
-        (KJS::RegExp::flags):
-        * kjs/regexp.h:
-        (KJS::RegExp::pattern):
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpObjectImp::construct):
-        (KJS::RegExpObjectImp::createRegExpImp):
-        * kjs/regexp_object.h:
-
-2007-11-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Eric.
-
-        Partial fix for <rdar://problem/5585334> numfuzz: integer overflows opening malformed SVG file in WebCore::ImageBuffer::create
-
-        Unfortunately this is a very slight regression, but is unavoidable.
-
-        * wtf/FastMalloc.cpp:
-
-2007-11-10  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-        
-        Add simple type inferencing to the parser, and create custom
-        AddNode and LessNode subclasses based on inferred types.
-        http://bugs.webkit.org/show_bug.cgi?id=15884
-        
-        SunSpider claims this is at least a 0.5% speedup.
-
-        * JavaScriptCore.exp:
-        * kjs/grammar.y:
-        * kjs/internal.cpp:
-        (KJS::NumberImp::getPrimitiveNumber):
-        (KJS::GetterSetterImp::getPrimitiveNumber):
-        * kjs/internal.h:
-        * kjs/lexer.cpp:
-        (KJS::Lexer::lex):
-        * kjs/nodes.cpp:
-        (KJS::Node::Node):
-        (KJS::StringNode::evaluate):
-        (KJS::StringNode::evaluateToNumber):
-        (KJS::StringNode::evaluateToBoolean):
-        (KJS::RegExpNode::evaluate):
-        (KJS::UnaryPlusNode::optimizeVariableAccess):
-        (KJS::AddNode::evaluate):
-        (KJS::AddNode::evaluateToNumber):
-        (KJS::AddNumbersNode::inlineEvaluateToNumber):
-        (KJS::AddNumbersNode::evaluate):
-        (KJS::AddNumbersNode::evaluateToNumber):
-        (KJS::AddStringsNode::evaluate):
-        (KJS::AddStringLeftNode::evaluate):
-        (KJS::AddStringRightNode::evaluate):
-        (KJS::lessThan):
-        (KJS::lessThanEq):
-        (KJS::LessNumbersNode::evaluate):
-        (KJS::LessStringsNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::ExpressionNode::):
-        (KJS::RegExpNode::):
-        (KJS::RegExpNode::precedence):
-        (KJS::TypeOfResolveNode::):
-        (KJS::LocalVarTypeOfNode::):
-        (KJS::UnaryPlusNode::):
-        (KJS::UnaryPlusNode::precedence):
-        (KJS::AddNode::):
-        (KJS::AddNode::precedence):
-        (KJS::AddNumbersNode::):
-        (KJS::AddStringLeftNode::):
-        (KJS::AddStringRightNode::):
-        (KJS::AddStringsNode::):
-        (KJS::LessNode::):
-        (KJS::LessNode::precedence):
-        (KJS::LessNumbersNode::):
-        (KJS::LessStringsNode::):
-        * kjs/nodes2string.cpp:
-        (KJS::StringNode::streamTo):
-        * kjs/object.cpp:
-        * kjs/object.h:
-        * kjs/value.h:
-        (KJS::JSValue::getPrimitiveNumber):
-
-2007-11-11  Darin Adler  <darin@apple.com>
-
-        - try another way of fixing dftables builds -- refactor pcre_internal.h a bit
-
-        * pcre/pcre_internal.h: Make most of this header do nothing when DFTABLES is set.
-        Later we can break it into two files.
-
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj: Take out now-unneeded include paths.
-        * pcre/dftables.cpp: Set DFTABLES. Use delete instead of free.
-        * pcre/dftables.pro: Take out now-unneeded include paths.
-        * pcre/pcre_maketables.cpp: Use new instead of malloc.
-
-2007-11-11  Darin Adler  <darin@apple.com>
-
-        * pcre/dftables.pro: Try fixing Qt builds (I looked at qt-win) by adding
-        another include path.
-
-2007-11-11  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Try fixing Mac Tiger builds
-        by adding another include path.
-
-2007-11-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15924
-          next round of changes to JSRegExp (formerly PCRE)
-
-        This is a combination of converting to C++, tweaking the API, and adding
-        some additional optimizations.
-
-        Future steps will involve getting rid of the use of UTF-8 completely
-        (we'll use UTF-16 exclusively instead), eliminating more source files,
-        and some more speed-ups.
-
-        SunSpider says the current round is an 0.9% speed-up overall, and a
-        5.3% speed-up for regexp.
-
-        * JavaScriptCore.exp: Updated for new entry points.
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-        Updated for new source file names and ForwardingHeaders.
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Changed to use the error message without calling
-        strdup on it and to pass the new types and options.
-        (KJS::RegExp::~RegExp): Removed the now-unneeded free of the error message.
-        (KJS::RegExp::match): Pass the new types and options.
-        * kjs/regexp.h: Update type of m_constructionError.
-
-        * pcre/AUTHORS: Update to reflect the status of the project -- we don't include
-        the Google parts, and this isn't the PCRE library, per se.
-        * pcre/COPYING: Ditto.
-
-        * pcre/dftables.cpp: Copied from JavaScriptCore/pcre/dftables.c.
-        (main): Removed unneeded ctype_digit.
-
-        * pcre/pcre.h: Convert to C++, tweak API a bit. Use UChar instead of JSRegExpChar.
-
-        * pcre/pcre_compile.cpp: Copied from JavaScriptCore/pcre/pcre_compile.c.
-        Moved a lot of private stuff used only within this file here from pcre_internal.h.
-        Renumbered the error codes.
-        (error_text): Use a single string with embedded nulls for the error text (I got
-        this idea from newer versions of PCRE).
-        (check_escape): Changed return type to be enum instead of int. Replaced ctype_digit
-        uses with isASCIIDigit.
-        (is_counted_repeat): Ditto.
-        (read_repeat_counts): Ditto.
-        (first_significant_code): Ditto.
-        (find_fixedlength): Ditto.
-        (could_be_empty_branch): Ditto.
-        (compile_branch): Ditto. Also removed some code that handles changing options.
-        JavaScript doesn't have any of the features that allow options to change.
-        (compile_regex): Updated for change to options parameter.
-        (is_anchored): Ditto.
-        (find_firstassertedchar): Ditto.
-        (jsRegExpCompile): Changed to take separate flags instead of an options int.
-        Also changed to call new/delete instead of pcre_malloc/free.
-        (jsRegExpFree): Ditto.
-
-        * pcre/pcre_exec.cpp: Copied from JavaScriptCore/pcre/pcre_exec.c.
-        Added a case that uses computed goto for the opcode loop, but did not turn it on.
-        Changed the RMATCH macro to handle returns more efficiently by putting the where
-        pointer in the new frame instead of the old one, allowing us to branch to the
-        return with a single statement. Switched to new/delete from pcre_malloc/free.
-        Changed many RRETURN callers to not set the return value since it's already
-        set correctly. Replaced the rrc variable with an is_match variable. Values other
-        than "match" and "no match" are now handled differently. This allows us to remove
-        the code to check for those cases in various rules.
-        (match): All the case statements use a macro BEGIN_OPCODE instead. And all the
-        continue statements, or break statements that break out of the outer case use
-        a macro NEXT_OPCODE instead. Replaced a few if statements with assertions.
-        (jsRegExpExecute): Use new/delete instead of pcre_malloc/free. Removed unused
-        start_match field from the match block.
-
-        * pcre/pcre_internal.h: Moved the last few configuration macros from pcre-config.h
-        in here. Removed various unused types. Converted from JSRegExpChar to UChar.
-        Eliminated pcre_malloc/free. Replaced the opcode enum with a macro that can be
-        used in multiple places. Unfortunately we lose the comments for each opcode; we
-        should find a place to put those back. Removed ctype_digit.
-
-        * pcre/pcre_maketables.cpp: Copied from JavaScriptCore/pcre/pcre_maketables.c.
-        (pcre_maketables): Got rid of the conditional code that allows this to be compiled
-        in -- it's only used for dftables now (and soon may be obsolete entirely).
-        Changed code for cbit_digit to not use isdigit, and took the "_" case out of the
-        loop. Removed ctype_digit.
-
-        * pcre/pcre_ord2utf8.cpp: Copied from JavaScriptCore/pcre/pcre_ord2utf8.c.
-
-        * pcre/pcre_tables.cpp: Copied from JavaScriptCore/pcre/pcre_tables.c.
-        Moved _pcre_OP_lengths out of here into pcre_exec.cpp.
-
-        * pcre/pcre_ucp_searchfuncs.cpp: Copied from JavaScriptCore/pcre/pcre_ucp_searchfuncs.c.
-        Updated for other file name changes.
-
-        * pcre/pcre_xclass.cpp: Copied from JavaScriptCore/pcre/pcre_xclass.c.
-
-        * pcre/ucpinternal.h: Updated header.
-
-        * pcre/ucptable.cpp: Copied from JavaScriptCore/pcre/ucptable.c.
-
-        * wtf/ASCIICType.h: (WTF::isASCIIDigit): Removed a branch by changing from && to
-        & for this operation. Also added an overload that takes an int because that's
-        useful for PCRE. Later we could optimize for int and overload other functions in
-        this file; stuck to this simple one for now.
-
-        * wtf/unicode/icu/UnicodeIcu.h: Removed unused isUpper.
-        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
-
-        * pcre/LICENCE: Removed.
-        * pcre/pcre-config.h: Removed.
-        * wtf/FastMallocPCRE.cpp: Removed.
-
-        * pcre/dftables.c: Renamed to cpp.
-        * pcre/pcre_compile.c: Ditto.
-        * pcre/pcre_exec.c: Ditto.
-        * pcre/pcre_maketables.c: Ditto.
-        * pcre/pcre_ord2utf8.c: Ditto.
-        * pcre/pcre_tables.c: Ditto.
-        * pcre/pcre_ucp_searchfuncs.c: Ditto.
-        * pcre/pcre_xclass.c: Ditto.
-        * pcre/ucptable.c: Ditto.
-
-2007-11-11  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Oliver.
-
-        Add KJS_CHECKEXCEPTIONBOOLEAN to match rest of nodes.cpp
-
-        * kjs/nodes.cpp:
-        (KJS::ExpressionNode::evaluateToBoolean):
-        (KJS::LessNode::evaluateToBoolean):
-        (KJS::GreaterNode::evaluateToBoolean):
-        (KJS::LessEqNode::evaluateToBoolean):
-        (KJS::GreaterEqNode::evaluateToBoolean):
-        (KJS::InstanceOfNode::evaluateToBoolean):
-        (KJS::InNode::evaluateToBoolean):
-        (KJS::EqualNode::evaluateToBoolean):
-        (KJS::NotEqualNode::evaluateToBoolean):
-        (KJS::StrictEqualNode::evaluateToBoolean):
-        (KJS::NotStrictEqualNode::evaluateToBoolean):
-        (KJS::LogicalAndNode::evaluateToBoolean):
-        (KJS::LogicalOrNode::evaluateToBoolean):
-        (KJS::ConditionalNode::evaluateToBoolean):
-
-2007-11-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15927
-          REGRESSION(r27487): delete a.c followed by __defineGetter__("c", ...) incorrectly deletes another property
-          and <rdar://problem/5586384> REGRESSION (r27487): Can't switch out of Edit HTML Source mode on Leopard Wiki
-
-        Test: fast/js/delete-then-put.html
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::put): Added a missing "- 1"; code to find an empty slot was not working.
-        (KJS::PropertyMap::checkConsistency): Added a missing range check that would have caught this
-        problem before.
-
-        - roll out a last-minute change to my evaluateToBoolean patch that was incorrect.
-
-        * kjs/nodes.h: (KJS::ExprStatementNode::ExprStatementNode): Take out call to
-        optimizeForUnnecessaryResult, since the result is used in some cases.
-
-2007-11-10  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        Roll out some changes that were (seemingly accidentally) checked in
-        with r27664.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-11-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15915
-          add an evaluation path for booleans like the one we have for numbers
-
-        Gives 1.1% on SunSpider.
-
-        * kjs/grammar.y: Create TrueNode and FalseNode instead of BooleanNode.
-
-        * kjs/nodes.h: Changed to use Noncopyable. Moved optimizeForUnnecessaryResult
-        down from Node to ExpressionNode. Changed some classes to not inherit from
-        ExpressionNode where not necessary, and removed unnneeded evaluate functions
-        as well as evaluate functions that need not be virtual. Call the
-        optimizeForUnnecessaryResult function on the start of a for loop too.
-        * kjs/nodes.cpp:
-        (KJS::ExpressionNode::evaluateToBoolean): Added.
-        (KJS::FalseNode::evaluate): Added.
-        (KJS::TrueNode::evaluate): Added.
-        (KJS::NumberNode::evaluateToBoolean): Added.
-        (KJS::StringNode::evaluateToBoolean): Added.
-        (KJS::LocalVarAccessNode::evaluateToBoolean): Added.
-        (KJS::BracketAccessorNode::evaluateToBoolean): Added.
-        (KJS::LogicalNotNode::evaluate): Changed to call evaluateToBoolean.
-        (KJS::LogicalNotNode::evaluateToBoolean): Added.
-        (KJS::lessThan): Changed to return bool.
-        (KJS::lessThanEq): Ditto.
-        (KJS::LessNode::evaluate): Changed since lessThan returns bool.
-        (KJS::LessNode::evaluateToBoolean): Added.
-        (KJS::GreaterNode::evaluate): Changed since lessThanEq returns bool.
-        (KJS::GreaterNode::evaluateToBoolean): Added.
-        (KJS::LessEqNode::evaluate): Changed since lessThanEq returns bool.
-        (KJS::LessEqNode::evaluateToBoolean): Added.
-        (KJS::GreaterEqNode::evaluate): Changed since lessThan returns bool.
-        (KJS::GreaterEqNode::evaluateToBoolean): Added.
-        (KJS::InstanceOfNode::evaluateToBoolean): Added.
-        (KJS::InNode::evaluateToBoolean): Added.
-        (KJS::EqualNode::evaluateToBoolean): Added.
-        (KJS::NotEqualNode::evaluateToBoolean): Added.
-        (KJS::StrictEqualNode::evaluateToBoolean): Added.
-        (KJS::NotStrictEqualNode::evaluateToBoolean): Added.
-        (KJS::ConditionalNode::evaluate): Changed to call evaluateToBoolean.
-        (KJS::IfNode::execute): Ditto.
-        (KJS::DoWhileNode::execute): Ditto.
-        (KJS::WhileNode::execute): Ditto.
-        (KJS::ForNode::execute): Ditto.
-
-        * kjs/nodes2string.cpp:
-        (KJS::FalseNode::streamTo): Added.
-        (KJS::TrueNode::streamTo): Added.
-
-2007-11-09  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        Reviewed by Darin.
-
-        * kjs/value.h:
-        (KJS::jsNumber): Add some explicit casts.
-
-2007-11-08  Darin Adler  <darin@apple.com>
-
-        - fix build
-
-        * kjs/grammar.y:
-        * kjs/nodes.h:
-        * kjs/property_map.cpp:
-
-2007-11-08  Darin Adler  <darin@apple.com>
-
-        - roll out accidentally-checked in changes
-
-        * kjs/nodes.cpp: Back to previous version.
-        * kjs/nodes.h: Ditto.
-        * kjs/grammar.y: Ditto.
-
-2007-11-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15912
-          fasta spends a lot of time in qsort
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::getEnumerablePropertyNames):
-        Use insertion sort instead of qsort for small sets of property names.
-        We can probably do some even-better speedups of for/in, but this nets
-        0.6% overall and 6.7% on fasta.
-
-2007-11-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15906
-          getting characters by indexing into a string is very slow
-
-        This fixes one source of the slowness -- the conversion to an unused
-        Identifier as we call the get function from the slot -- but doesn't
-        fix others, such as the fact that we have to allocate a new UString::Rep
-        for every single character.
-
-        Speeds up string-base64 30%, and at least 0.5% overall.
-        But does slow down access-fannkuch quite a bit. Might be worth
-        revisiting in the future to see what we can do about that (although
-        I did look at a profile for a while).
-
-        * kjs/property_slot.h: Add a new marker for "numeric" property slots;
-        slots where we don't need to pass the identifier to the get function.
-        (KJS::PropertySlot::getValue): Added code to call the numeric get function.
-        (KJS::PropertySlot::setCustomNumeric): Added.
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::indexGetter): Changed to use substr() instead
-        of constructing a wholly new UString each time.
-        (KJS::stringInstanceNumericPropertyGetter): Added. Like indexGetter, but
-        takes advantage of setCustomNumeric to avoid creating an Identifier.
-        (KJS::StringInstance::getOwnPropertySlot): Changed to use setCustomNumeric.
-
-2007-11-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15904
-          more speed-ups possible by tightening up int version of JSImmediate
-
-        1% improvement of SunSpider
-
-        * kjs/JSImmediate.h: Eliminate the now-unneeded FPBitValues struct template.
-        (KJS::JSImmediate::from): Overload for most numeric types; many types can
-        do fewer branches and checks.
-        (KJS::JSImmediate::getUInt32): Removed unneeded check for undefined.
-        (KJS::JSImmediate::getTruncatedInt32): Ditto.
-        (KJS::JSImmediate::getTruncatedUInt32): Ditto. There's no difference any more
-        between getUInt32 and getTruncatedUInt32, so that's worth a rename and merge later.
-
-        * kjs/grammar.y: Update since fromDouble is now just from.
-        * kjs/nodes.h: Ditto.
-
-        * kjs/value.h: (KJS::jsNumber): Overload for most numeric types.
-
-2007-11-08  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Bakefiles for building JavaScriptCore, needed by wx port.
-
-        Reviewed by Mark Rowe.
-
-        * JavaScriptCoreSources.bkl: Added.
-        * jscore.bkl: Added.
-
-2007-11-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Fix regression caused by earlier bitwise and optimisation.  1 & undefined != 1.
-
-        The implementation of JSImmediate::areBothImmediateNumbers relies on 
-        (JSImmediate::getTag(immediate1) & JSImmediate::getTag(immediate2)) having 
-        a unique result when both immediate values are numbers.
-
-        The regression was due to UndefinedType & NumberType returning NumberType (3 & 1).
-        By swapping the value of NumberType and UndefinedType this ceases to be a problem.
-
-        * kjs/JSType.h:
-
-2007-11-08  Darin Adler  <darin@apple.com>
-
-        - fix build
-
-        * kjs/nodes.h: Add missing parameter name.
-
-2007-11-08  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-
-        Add ExpressionNode subclass of Node, use it.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::ForInNode::ForInNode):
-        * kjs/nodes.h:
-        (KJS::ExpressionNode::):
-        (KJS::NullNode::):
-        (KJS::NullNode::precedence):
-        (KJS::BooleanNode::):
-        (KJS::BooleanNode::precedence):
-        (KJS::RegExpNode::):
-        (KJS::RegExpNode::precedence):
-        (KJS::ThisNode::):
-        (KJS::ThisNode::precedence):
-        (KJS::ResolveNode::):
-        (KJS::ElementNode::):
-        (KJS::ArrayNode::):
-        (KJS::PropertyNode::):
-        (KJS::PropertyNode::precedence):
-        (KJS::PropertyNode::name):
-        (KJS::PropertyListNode::):
-        (KJS::ObjectLiteralNode::):
-        (KJS::ObjectLiteralNode::precedence):
-        (KJS::BracketAccessorNode::):
-        (KJS::DotAccessorNode::):
-        (KJS::DotAccessorNode::precedence):
-        (KJS::ArgumentListNode::):
-        (KJS::ArgumentsNode::):
-        (KJS::NewExprNode::):
-        (KJS::NewExprNode::precedence):
-        (KJS::FunctionCallValueNode::):
-        (KJS::FunctionCallValueNode::precedence):
-        (KJS::FunctionCallResolveNode::):
-        (KJS::FunctionCallBracketNode::):
-        (KJS::FunctionCallBracketNode::precedence):
-        (KJS::FunctionCallDotNode::):
-        (KJS::FunctionCallDotNode::precedence):
-        (KJS::PrePostResolveNode::):
-        (KJS::PostfixBracketNode::):
-        (KJS::PostfixBracketNode::precedence):
-        (KJS::PostIncBracketNode::):
-        (KJS::PostIncBracketNode::isIncrement):
-        (KJS::PostDecBracketNode::):
-        (KJS::PostDecBracketNode::isIncrement):
-        (KJS::PostfixDotNode::):
-        (KJS::PostfixDotNode::precedence):
-        (KJS::PostIncDotNode::):
-        (KJS::PostIncDotNode::isIncrement):
-        (KJS::PostDecDotNode::):
-        (KJS::PostDecDotNode::isIncrement):
-        (KJS::PostfixErrorNode::):
-        (KJS::PostfixErrorNode::precedence):
-        (KJS::DeleteResolveNode::):
-        (KJS::DeleteBracketNode::):
-        (KJS::DeleteBracketNode::precedence):
-        (KJS::DeleteDotNode::):
-        (KJS::DeleteDotNode::precedence):
-        (KJS::DeleteValueNode::):
-        (KJS::DeleteValueNode::precedence):
-        (KJS::VoidNode::):
-        (KJS::VoidNode::precedence):
-        (KJS::TypeOfResolveNode::):
-        (KJS::TypeOfValueNode::):
-        (KJS::PrefixBracketNode::):
-        (KJS::PrefixBracketNode::precedence):
-        (KJS::PreIncBracketNode::):
-        (KJS::PreIncBracketNode::isIncrement):
-        (KJS::PreDecBracketNode::):
-        (KJS::PreDecBracketNode::isIncrement):
-        (KJS::PrefixDotNode::):
-        (KJS::PrefixDotNode::precedence):
-        (KJS::PreIncDotNode::):
-        (KJS::PreIncDotNode::isIncrement):
-        (KJS::PreDecDotNode::):
-        (KJS::PreDecDotNode::isIncrement):
-        (KJS::PrefixErrorNode::):
-        (KJS::PrefixErrorNode::precedence):
-        (KJS::UnaryPlusNode::):
-        (KJS::UnaryPlusNode::precedence):
-        (KJS::NegateNode::):
-        (KJS::NegateNode::precedence):
-        (KJS::BitwiseNotNode::):
-        (KJS::BitwiseNotNode::precedence):
-        (KJS::LogicalNotNode::):
-        (KJS::LogicalNotNode::precedence):
-        (KJS::AddNode::):
-        (KJS::AddNode::precedence):
-        (KJS::LeftShiftNode::):
-        (KJS::LeftShiftNode::precedence):
-        (KJS::RightShiftNode::):
-        (KJS::RightShiftNode::precedence):
-        (KJS::UnsignedRightShiftNode::):
-        (KJS::UnsignedRightShiftNode::precedence):
-        (KJS::LessNode::):
-        (KJS::LessNode::precedence):
-        (KJS::GreaterNode::):
-        (KJS::GreaterNode::precedence):
-        (KJS::LessEqNode::):
-        (KJS::LessEqNode::precedence):
-        (KJS::GreaterEqNode::):
-        (KJS::GreaterEqNode::precedence):
-        (KJS::InstanceOfNode::):
-        (KJS::InstanceOfNode::precedence):
-        (KJS::InNode::):
-        (KJS::InNode::precedence):
-        (KJS::EqualNode::):
-        (KJS::EqualNode::precedence):
-        (KJS::NotEqualNode::):
-        (KJS::NotEqualNode::precedence):
-        (KJS::StrictEqualNode::):
-        (KJS::StrictEqualNode::precedence):
-        (KJS::NotStrictEqualNode::):
-        (KJS::NotStrictEqualNode::precedence):
-        (KJS::BitAndNode::):
-        (KJS::BitAndNode::precedence):
-        (KJS::BitOrNode::):
-        (KJS::BitOrNode::precedence):
-        (KJS::BitXOrNode::):
-        (KJS::BitXOrNode::precedence):
-        (KJS::LogicalAndNode::):
-        (KJS::LogicalAndNode::precedence):
-        (KJS::LogicalOrNode::):
-        (KJS::LogicalOrNode::precedence):
-        (KJS::ConditionalNode::):
-        (KJS::ConditionalNode::precedence):
-        (KJS::ReadModifyResolveNode::):
-        (KJS::ReadModifyResolveNode::precedence):
-        (KJS::AssignResolveNode::):
-        (KJS::AssignResolveNode::precedence):
-        (KJS::ReadModifyBracketNode::):
-        (KJS::ReadModifyBracketNode::precedence):
-        (KJS::AssignBracketNode::):
-        (KJS::AssignBracketNode::precedence):
-        (KJS::AssignDotNode::):
-        (KJS::AssignDotNode::precedence):
-        (KJS::ReadModifyDotNode::):
-        (KJS::ReadModifyDotNode::precedence):
-        (KJS::AssignErrorNode::):
-        (KJS::AssignErrorNode::precedence):
-        (KJS::CommaNode::):
-        (KJS::CommaNode::precedence):
-        (KJS::AssignExprNode::):
-        (KJS::AssignExprNode::precedence):
-        (KJS::ExprStatementNode::):
-        (KJS::IfNode::):
-        (KJS::DoWhileNode::):
-        (KJS::WhileNode::):
-        (KJS::ReturnNode::):
-        (KJS::WithNode::):
-        (KJS::ThrowNode::):
-        (KJS::ParameterNode::):
-        (KJS::CaseClauseNode::):
-        (KJS::CaseClauseNode::precedence):
-        (KJS::ClauseListNode::):
-        (KJS::SwitchNode::):
-
-2007-11-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam.
-
-        Add a fast path for bitwise-and of two immediate numbers for a 0.7% improvement in SunSpider (4% bitop improvement).
-
-        This only improves bitwise-and performance, as the additional logic required 
-        for similar code paths on or, xor, and shifting requires additional operations
-        and branches that negate (and in certain cases, regress) any advantage we might
-        otherwise receive.
-
-        This improves performance on all bitop tests, the cryptography tests, as well as 
-        the string-base64 and string-unpack-code tests.  No significant degradation on 
-        any other tests.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::areBothImmediateNumbers):
-        (KJS::JSImmediate::andImmediateNumbers):
-        * kjs/nodes.cpp:
-        (KJS::BitAndNode::evaluate):
-        * kjs/value.h:
-        (KJS::jsNumberFromAnd):
-
-2007-11-08  Adam Roben  <aroben@apple.com>
-
-        Stop using KJS inside of MathExtras.h
-
-        Reviewed by Darin.
-
-        * wtf/MathExtras.h: Removed an unused header, and a now-unused
-        forward-declaration.
-        (wtf_atan2): Use std::numeric_limits intead of KJS.
-
-2007-11-08  Sam Weinig  <sam@webkit.org>
-
-        Windows build fix.
-
-        * kjs/date_object.cpp:
-        (KJS::DateProtoFuncToLocaleString::callAsFunction): Fix unused arg warning.
-        (KJS::DateProtoFuncToLocaleDateString::callAsFunction): ditto
-        (KJS::DateProtoFuncToLocaleTimeString::callAsFunction): ditto
-
-2007-11-08  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/lookup.h: Add missing include.
-
-2007-11-08  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin.
-
-        Convert JavaScript internal function objects to use one class per
-        function.  This avoids a switch statement inside what used to be
-        the shared function classes and will allow Shark to better analyze
-        the code.
-
-        To make this switch, the value property of the HashEntry was changed
-        to a union of an intptr_t (which is used to continue handle valueGetters)
-        and function pointer which points to a static constructor for the
-        individual new function objects.
-
-        SunSpider claims this is a 1.0% speedup.
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayPrototype::getOwnPropertySlot):
-        (KJS::getProperty):
-        (KJS::ArrayProtoFuncToString::callAsFunction):
-        (KJS::ArrayProtoFuncToLocaleString::callAsFunction):
-        (KJS::ArrayProtoFuncJoin::callAsFunction):
-        (KJS::ArrayProtoFuncConcat::callAsFunction):
-        (KJS::ArrayProtoFuncPop::callAsFunction):
-        (KJS::ArrayProtoFuncPush::callAsFunction):
-        (KJS::ArrayProtoFuncReverse::callAsFunction):
-        (KJS::ArrayProtoFuncShift::callAsFunction):
-        (KJS::ArrayProtoFuncSlice::callAsFunction):
-        (KJS::ArrayProtoFuncSort::callAsFunction):
-        (KJS::ArrayProtoFuncSplice::callAsFunction):
-        (KJS::ArrayProtoFuncUnShift::callAsFunction):
-        (KJS::ArrayProtoFuncFilter::callAsFunction):
-        (KJS::ArrayProtoFuncMap::callAsFunction):
-        (KJS::ArrayProtoFuncEvery::callAsFunction):
-        (KJS::ArrayProtoFuncForEach::callAsFunction):
-        (KJS::ArrayProtoFuncSome::callAsFunction):
-        (KJS::ArrayProtoFuncIndexOf::callAsFunction):
-        (KJS::ArrayProtoFuncLastIndexOf::callAsFunction):
-        * kjs/array_object.h:
-        (KJS::ArrayPrototype::classInfo):
-        * kjs/create_hash_table:
-        * kjs/date_object.cpp:
-        (KJS::DatePrototype::getOwnPropertySlot):
-        (KJS::DateProtoFuncToString::callAsFunction):
-        (KJS::DateProtoFuncToUTCString::callAsFunction):
-        (KJS::DateProtoFuncToDateString::callAsFunction):
-        (KJS::DateProtoFuncToTimeString::callAsFunction):
-        (KJS::DateProtoFuncToLocaleString::callAsFunction):
-        (KJS::DateProtoFuncToLocaleDateString::callAsFunction):
-        (KJS::DateProtoFuncToLocaleTimeString::callAsFunction):
-        (KJS::DateProtoFuncValueOf::callAsFunction):
-        (KJS::DateProtoFuncGetTime::callAsFunction):
-        (KJS::DateProtoFuncGetFullYear::callAsFunction):
-        (KJS::DateProtoFuncGetUTCFullYear::callAsFunction):
-        (KJS::DateProtoFuncToGMTString::callAsFunction):
-        (KJS::DateProtoFuncGetMonth::callAsFunction):
-        (KJS::DateProtoFuncGetUTCMonth::callAsFunction):
-        (KJS::DateProtoFuncGetDate::callAsFunction):
-        (KJS::DateProtoFuncGetUTCDate::callAsFunction):
-        (KJS::DateProtoFuncGetDay::callAsFunction):
-        (KJS::DateProtoFuncGetUTCDay::callAsFunction):
-        (KJS::DateProtoFuncGetHours::callAsFunction):
-        (KJS::DateProtoFuncGetUTCHours::callAsFunction):
-        (KJS::DateProtoFuncGetMinutes::callAsFunction):
-        (KJS::DateProtoFuncGetUTCMinutes::callAsFunction):
-        (KJS::DateProtoFuncGetSeconds::callAsFunction):
-        (KJS::DateProtoFuncGetUTCSeconds::callAsFunction):
-        (KJS::DateProtoFuncGetMilliSeconds::callAsFunction):
-        (KJS::DateProtoFuncGetUTCMilliseconds::callAsFunction):
-        (KJS::DateProtoFuncGetTimezoneOffset::callAsFunction):
-        (KJS::DateProtoFuncSetTime::callAsFunction):
-        (KJS::DateProtoFuncSetMilliSeconds::callAsFunction):
-        (KJS::DateProtoFuncSetUTCMilliseconds::callAsFunction):
-        (KJS::DateProtoFuncSetSeconds::callAsFunction):
-        (KJS::DateProtoFuncSetUTCSeconds::callAsFunction):
-        (KJS::DateProtoFuncSetMinutes::callAsFunction):
-        (KJS::DateProtoFuncSetUTCMinutes::callAsFunction):
-        (KJS::DateProtoFuncSetHours::callAsFunction):
-        (KJS::DateProtoFuncSetUTCHours::callAsFunction):
-        (KJS::DateProtoFuncSetDate::callAsFunction):
-        (KJS::DateProtoFuncSetUTCDate::callAsFunction):
-        (KJS::DateProtoFuncSetMonth::callAsFunction):
-        (KJS::DateProtoFuncSetUTCMonth::callAsFunction):
-        (KJS::DateProtoFuncSetFullYear::callAsFunction):
-        (KJS::DateProtoFuncSetUTCFullYear::callAsFunction):
-        (KJS::DateProtoFuncSetYear::callAsFunction):
-        (KJS::DateProtoFuncGetYear::callAsFunction):
-        * kjs/date_object.h:
-        * kjs/lookup.cpp:
-        (KJS::Lookup::find):
-        * kjs/lookup.h:
-        (KJS::HashEntry::):
-        (KJS::staticFunctionGetter):
-        (KJS::staticValueGetter):
-        (KJS::getStaticPropertySlot):
-        (KJS::getStaticFunctionSlot):
-        (KJS::lookupPut):
-        * kjs/math_object.cpp:
-        (KJS::MathObjectImp::getOwnPropertySlot):
-        (KJS::MathProtoFuncAbs::callAsFunction):
-        (KJS::MathProtoFuncACos::callAsFunction):
-        (KJS::MathProtoFuncASin::callAsFunction):
-        (KJS::MathProtoFuncATan::callAsFunction):
-        (KJS::MathProtoFuncATan2::callAsFunction):
-        (KJS::MathProtoFuncCeil::callAsFunction):
-        (KJS::MathProtoFuncCos::callAsFunction):
-        (KJS::MathProtoFuncExp::callAsFunction):
-        (KJS::MathProtoFuncFloor::callAsFunction):
-        (KJS::MathProtoFuncLog::callAsFunction):
-        (KJS::MathProtoFuncMax::callAsFunction):
-        (KJS::MathProtoFuncMin::callAsFunction):
-        (KJS::MathProtoFuncPow::callAsFunction):
-        (KJS::MathProtoFuncRandom::callAsFunction):
-        (KJS::MathProtoFuncRound::callAsFunction):
-        (KJS::MathProtoFuncSin::callAsFunction):
-        (KJS::MathProtoFuncSqrt::callAsFunction):
-        (KJS::MathProtoFuncTan::callAsFunction):
-        * kjs/math_object.h:
-        (KJS::MathObjectImp::classInfo):
-        (KJS::MathObjectImp::):
-        * kjs/string_object.cpp:
-        (KJS::StringPrototype::getOwnPropertySlot):
-        (KJS::StringProtoFuncToString::callAsFunction):
-        (KJS::StringProtoFuncValueOf::callAsFunction):
-        (KJS::StringProtoFuncCharAt::callAsFunction):
-        (KJS::StringProtoFuncCharCodeAt::callAsFunction):
-        (KJS::StringProtoFuncConcat::callAsFunction):
-        (KJS::StringProtoFuncIndexOf::callAsFunction):
-        (KJS::StringProtoFuncLastIndexOf::callAsFunction):
-        (KJS::StringProtoFuncMatch::callAsFunction):
-        (KJS::StringProtoFuncSearch::callAsFunction):
-        (KJS::StringProtoFuncReplace::callAsFunction):
-        (KJS::StringProtoFuncSlice::callAsFunction):
-        (KJS::StringProtoFuncSplit::callAsFunction):
-        (KJS::StringProtoFuncSubstr::callAsFunction):
-        (KJS::StringProtoFuncSubstring::callAsFunction):
-        (KJS::StringProtoFuncToLowerCase::callAsFunction):
-        (KJS::StringProtoFuncToUpperCase::callAsFunction):
-        (KJS::StringProtoFuncToLocaleLowerCase::callAsFunction):
-        (KJS::StringProtoFuncToLocaleUpperCase::callAsFunction):
-        (KJS::StringProtoFuncLocaleCompare::callAsFunction):
-        (KJS::StringProtoFuncBig::callAsFunction):
-        (KJS::StringProtoFuncSmall::callAsFunction):
-        (KJS::StringProtoFuncBlink::callAsFunction):
-        (KJS::StringProtoFuncBold::callAsFunction):
-        (KJS::StringProtoFuncFixed::callAsFunction):
-        (KJS::StringProtoFuncItalics::callAsFunction):
-        (KJS::StringProtoFuncStrike::callAsFunction):
-        (KJS::StringProtoFuncSub::callAsFunction):
-        (KJS::StringProtoFuncSup::callAsFunction):
-        (KJS::StringProtoFuncFontcolor::callAsFunction):
-        (KJS::StringProtoFuncFontsize::callAsFunction):
-        (KJS::StringProtoFuncAnchor::callAsFunction):
-        (KJS::StringProtoFuncLink::callAsFunction):
-        * kjs/string_object.h:
-
-2007-11-08  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        Reviewed by Sam and Ada.
-
-        * wtf/MathExtras.h: Get rid of a circular #include dependency to fix
-        the build.
-
-2007-11-08  Adam Roben  <aroben@apple.com>
-
-        Fix a precedence warning on Windows
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::toBoolean):
-
-2007-11-08  Mark Rowe  <mrowe@apple.com>
-
-        Build fix for JavaScriptGlue.
-
-        * wtf/MathExtras.h: Include stdlib.h for srand and RAND_MAX.
-
-2007-11-08  Darin Adler  <darin@apple.com>
-
-        - Windows build fix
-
-        * kjs/JSImmediate.h: Include MathExtras.h rather than math.h since this file uses "signbit".
-
-2007-11-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Replace the use of floats for immediate values with the use of integers for a 4.5% improvement in SunSpider.
-
-        Unfortunately this change results in NaN, +Inf, -Inf, and -0 being heap allocated now, but
-        we should now have faster array access, faster immediate to double conversion, and the 
-        potential to further improve bitwise operators in future.
-
-        This also removes the need for unions to avoid strict aliasing problems when extracting 
-        a value from immediates.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::trueImmediate):
-        (KJS::JSImmediate::falseImmediate):
-        (KJS::JSImmediate::undefinedImmediate):
-        (KJS::JSImmediate::nullImmediate):
-        (KJS::JSImmediate::toBoolean):
-        * kjs/value.h:
-        (KJS::jsNaN):
-
-2007-11-07  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Darin and Oliver.
-        
-        Add evaluateToNumber parallel evaluation tree to speed up number operations.
-        Make ImmediateNumberNode a subclass of NumberNode.
-        Share evaluate logic between evaluate and evaluateToNumber using inline functions
-        There is still a lot of improvement to be made here.
-        
-        SunSpider claims this is a 1.0% speedup overall (nbody 7.9%), base64 slowing 2.0%
-        Given the huge win that this prepares us for with simple type inferencing I see the small
-        regression in base64 being worth the substantial overall improvement.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::Node::evaluateToNumber):
-        (KJS::NumberNode::evaluate):
-        (KJS::NumberNode::evaluateToNumber):
-        (KJS::StringNode::evaluateToNumber):
-        (KJS::LocalVarAccessNode::inlineEvaluate):
-        (KJS::LocalVarAccessNode::evaluate):
-        (KJS::LocalVarAccessNode::evaluateToNumber):
-        (KJS::BracketAccessorNode::inlineEvaluate):
-        (KJS::BracketAccessorNode::evaluate):
-        (KJS::BracketAccessorNode::evaluateToNumber):
-        (KJS::NegateNode::evaluate):
-        (KJS::NegateNode::evaluateToNumber):
-        (KJS::MultNode::inlineEvaluateToNumber):
-        (KJS::MultNode::evaluate):
-        (KJS::MultNode::evaluateToNumber):
-        (KJS::DivNode::inlineEvaluateToNumber):
-        (KJS::DivNode::evaluate):
-        (KJS::DivNode::evaluateToNumber):
-        (KJS::ModNode::inlineEvaluateToNumber):
-        (KJS::ModNode::evaluate):
-        (KJS::ModNode::evaluateToNumber):
-        (KJS::throwOutOfMemoryErrorToNumber):
-        (KJS::addSlowCaseToNumber):
-        (KJS::add):
-        (KJS::addToNumber):
-        (KJS::AddNode::evaluateToNumber):
-        (KJS::SubNode::inlineEvaluateToNumber):
-        (KJS::SubNode::evaluate):
-        (KJS::SubNode::evaluateToNumber):
-        (KJS::valueForReadModifyAssignment):
-        (KJS::ReadModifyLocalVarNode::evaluate):
-        (KJS::ReadModifyResolveNode::evaluate):
-        (KJS::ReadModifyDotNode::evaluate):
-        (KJS::ReadModifyBracketNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::Node::):
-        (KJS::NumberNode::):
-        (KJS::ImmediateNumberNode::):
-        (KJS::AddNode::precedence):
-        * kjs/nodes2string.cpp:
-        (KJS::NumberNode::streamTo):
-
-2007-11-07  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Eric.
-
-        Fix up initialization after being mangled in r27572, and remove the
-        ternary expression as extraCost will always be zero for the numeric
-        heap.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::heapAllocate):
-
-2007-11-07  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/regexp_object.cpp:
-
-2007-11-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-        
-        Eliminated a bogus (though compiled-out) branch in the collector.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::heapAllocate):
-
-2007-11-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed part of http://bugs.webkit.org/show_bug.cgi?id=15861 
-        5.8% of string-validate-input.js is spent creating RegExpImps
-
-        Put RegExpImp properties into a static hashtable to avoid a slew of
-        PropertyMap churn when creating a RegExpImp.
-        
-        Factored important bits of regular expression implementation out of
-        RegExpImp (the JS object) and into RegExp (the PCRE wrapper class), 
-        making RegExp a ref-counted class. (This will help later.)
-
-        Removed PCRE_POSIX support because I didn't quite know how to test it 
-        and keep it working with these changes.
-        
-        1.1% SunSpider speedup. 5.8% speedup on string-validate-input.js.
-
-        * kjs/regexp.h: A few interface changes:
-        1. Renamed "subpatterns()" => "numSubpatterns()"
-        2. Made flag enumeration private and replaced it with public getters for
-        specific flags.
-        3. Made RegExp ref-counted so RegExps can be shared by RegExpImps.
-        4. Made RegExp take a string of flags instead of an int, eliminating 
-        duplicated flag parsing code elsewhere.
-
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpProtoFunc::callAsFunction): For RegExp.compile: 
-        - Fixed a bug where compile(undefined) would throw an exception. 
-        - Removed some now-redundant code.
-        - Used RegExp sharing to eliminate an allocation and a bunch of 
-        PropertyMap thrash. (Not a big win since compile is a deprecated 
-        function. I mainly did this to test the plubming.)
-
-2007-11-07  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by nobody, Qt/Windows build fix.
-
-        JavaScriptCore.pri expects OBJECTS_DIR to be set, so set it in
-        testkjs.pro, too, where it's included from.
-
-        * kjs/testkjs.pro:
-
-2007-11-07  Simon Hausmann  <shausman@trolltech.com>
-
-        Reviewed by Lars.
-
-        Fix "nmake clean" for the Qt/Windows build by replacing tmp/ with a variable that ends with the correct type of slash/backslash depending on the choice of compiler/make tool.
-
-        * JavaScriptCore.pri:
-        * pcre/pcre.pri:
-
-2007-11-07  Lars Knoll  <lars@trolltech.com>
-
-        Reviewed by Simon.
-
-        fix umemcasecmp
-        
-        Pretty embarrassing bug. Has the potential to fix quite a few test failures.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::umemcasecmp):
-
-2007-11-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.        
-        
-        - only collect when the heap is full, unless we have lots of extra cost garbage
-        
-        1.1% SunSpider speedup.
-        
-        This shouldn't hit memory use much since the extra space in those
-        blocks hangs around either way.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::heapAllocate):
-        (KJS::Collector::collect): Fix logic error that reversed the sense of collect's 
-        return value.
-
-2007-11-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Avoid unnecessarily boxing the result from post inc/decrement for 0.3% gain in sunspider
-        
-        We now convert the common 'for (...; ...; <var>++) ...' to the semantically identical
-        'for (...; ...; ++<var>) ...'.
-
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::optimizeForUnnecessaryResult):
-        (KJS::PostIncLocalVarNode::evaluate):
-        (KJS::PostIncLocalVarNode::optimizeForUnnecessaryResult):
-        (KJS::PostDecResolveNode::optimizeForUnnecessaryResult):
-        (KJS::PostDecLocalVarNode::evaluate):
-        (KJS::PostDecLocalVarNode::optimizeForUnnecessaryResult):
-        * kjs/nodes.h:
-        (KJS::PrePostResolveNode::):
-        (KJS::PostIncResolveNode::):
-        (KJS::PostIncLocalVarNode::):
-        (KJS::PostDecResolveNode::):
-        (KJS::PostDecLocalVarNode::):
-        (KJS::PreIncResolveNode::):
-        (KJS::PreDecResolveNode::):
-        (KJS::ForNode::ForNode):
-
-2007-11-06  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-
-        This fixes a regressed layout test for string + object
-        
-        SunSpider claims this was an overall 0.3% speedup, although some individual tests were slower.
-
-        * kjs/nodes.cpp:
-        (KJS::add): remove erroneous "fast path" for string + *
-
-2007-11-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Eric Seidel.
-        
-        Added toJSNumber, a fast path for converting a JSValue to a JS number,
-        and deployed it in postfix expressions. In the fast case this 
-        eliminates a call to jsNumber.
-        
-        0.4% speedup on SunSpider.
-
-        * ChangeLog:
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::evaluate):
-        (KJS::PostIncLocalVarNode::evaluate):
-        (KJS::PostDecResolveNode::evaluate):
-        (KJS::PostDecLocalVarNode::evaluate):
-        (KJS::PostIncBracketNode::evaluate):
-        (KJS::PostDecBracketNode::evaluate):
-        (KJS::PostIncDotNode::evaluate):
-        (KJS::PostDecDotNode::evaluate):
-        (KJS::UnaryPlusNode::evaluate):
-        * kjs/value.h:
-        (KJS::JSValue::toJSNumber):
-
-2007-11-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15846
-          REGRESSION (r27387): Memory corruption when running fast/js/kde/delete.html
-
-        There was a mistake in the algorithm used to find an empty slot in the property
-        map entries vector; when we were putting in a new property value and not overwriting
-        an existing deleted sentinel, we would enlarge the entries vector, but would not
-        overwrite the stale data that's in the new part. It was easy to pin this down by
-        turning on property map consistency checks -- I never would have landed with this
-        bug if I had run the regression tests once with consistency checks on!
-
-        * kjs/property_map.cpp: (KJS::PropertyMap::put): Changed logic for the case where
-        foundDeletedElement is false to always use the item at the end of the entries vector.
-        Also allowed me to merge with the logic for the "no deleted sentinels at all" case.
-
-2007-11-06  Oliver Hunt  <oliver@apple.com>
-
-        RS=Darin.
-
-        Fix previous patch to use a 3 bit shift, a 16 bit shift causes a regression in sunspider.
-
-        * kjs/nodes.cpp:
-        (KJS::add):
-
-2007-11-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Replace boolean comparisons in AddNode with mask
-        comparisons for a 0.2% improvement in sunspider.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/nodes.cpp:
-        (KJS::add):
-
-2007-11-06  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-        
-        SunSpider claims this is a 1.1% speedup.
-
-        * kjs/nodes.cpp:
-        (KJS::throwOutOfMemoryError): Added, non inline.
-        (KJS::addSlowCase): renamed from add(), non inline.
-        (KJS::add): add fast path for String + String, Number + Number and String + *
-
-2007-11-06  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by mjs.
-        
-        Avoid more UString creation.
-        
-        SunSpider claims this is a 0.4% speedup.
-
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpObjectImp::construct): use UString::find(UChar)
-
-2007-11-05  Mark Rowe  <mrowe@apple.com>
-
-        Mac build fix.
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayProtoFunc::callAsFunction):
-
-2007-11-05  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * kjs/list.h:
-
-2007-11-05  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.  Add missing #include.
-
-        * kjs/operations.cpp:
-
-2007-11-05  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by mjs.
-        
-        Remove another call to toString(exec)
-        
-        SunSpider claims this is a 0.5% speedup.
-
-        * kjs/operations.cpp:
-        (KJS::equal): remove another toString
-
-2007-11-05  Eric Seidel  <eric@webkit.org>
-
-        * kjs/operations.cpp:
-        (KJS::equal): correct broken change.
-
-2007-11-05  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by mjs.
-
-        Remove one more call to toString(exec).
-        
-        SunSpider claims this is a 0.7% speedup.
-
-        * kjs/operations.cpp:
-        (KJS::equal): remove a call to toString()
-
-2007-11-05  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * pcre/pcre.pri:
-
-2007-11-05  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/list.cpp:
-
-2007-11-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Touched a file to test my new HTTP access.
-
-        * kjs/scope_chain.cpp:
-
-2007-11-05  Alp Toker  <alp@atoker.com>
-
-        Unreviewed build fix for qmake-based ports.
-
-        Someone with a better understanding of qmake still needs to sort out
-        the INCLUDEPATH/DEPENDPATH mess.
-
-        * JavaScriptCore.pri:
-
-2007-11-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        http://bugs.webkit.org/show_bug.cgi?id=15835
-
-        Switched List implementation from a custom heap allocator to an inline
-        Vector, for a disappointing .5% SunSpider speedup.
-        
-        Also renamed List::slice to List::getSlice because "get" is the 
-        conventional prefix for functions returning a value through an out 
-        parameter.
-
-        * kjs/array_object.cpp:
-        (KJS::ArrayProtoFunc::callAsFunction): Removed some redundant function
-        calls and memory accesses.
-
-        * kjs/bool_object.cpp:
-        (BooleanObjectImp::construct): Removed questionable use of iterator.
-
-        * kjs/list.cpp:
-        * kjs/list.h: New List class, implemented in terms of Vector. Two 
-        interesting differences:
-            1. The inline capacity is 8, not 5. Many of the Lists constructed 
-            during a SunSpider run are larger than 5; almost none are larger
-            than 8.
-
-            2. The growth factor is 4, not 2. Since we can guarantee that Lists
-            aren't long-lived, we can grow them more aggressively, to avoid
-            excessive copying.
-
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::construct): Removed redundant function calls.
-
-        * kjs/string_object.cpp:
-        (KJS::StringObjectImp::construct): Removed questionable use of iterator.
-
-        * wtf/Vector.h:
-        (WTF::::uncheckedAppend): Added a fast, unchecked version of append.
-
-2007-11-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Alp Toker.
-
-        Add DEPENDPATH to JavaScriptCore and pcre to help qmake with dependencies.
-
-        * JavaScriptCore.pri:
-        * pcre/pcre.pri:
-
-2007-11-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15826
-          optimize opcode loop and case insensitive ASCII compares for a 30% speedup
-
-        SunSpider says it's 2.6% faster overall, 32.5% in the regular expression tests.
-
-        * pcre/pcre_internal.h: Added OP_ASCII_CHAR and OP_ASCII_LETTER_NC.
-
-        * pcre/pcre_compile.c:
-        (find_fixedlength): Added cases for OP_ASCII_CHAR and OP_ASCII_LETTER_NC. Also
-        added OP_NOT since there was no reason it should not be in here.
-        (could_be_empty_branch): Ditto.
-        (compile_branch): Streamlined all the single-character cases; there was a bit of
-        duplicate code. Added cases for OP_ASCII_CHAR and OP_ASCII_LETTER_NC as needed.
-        But in particular, compile to those opcodes when the single character match is
-        ASCII.
-        (find_firstassertedchar): Added cases for OP_ASCII_CHAR and OP_ASCII_LETTER_NC.
-
-        * pcre/pcre_exec.c: (match): Removed the "min", "minimize", and "op" fields from
-        the matchframe, after I discovered that none of them needed to be saved and restored
-        across recursive match calls. Also eliminated the ignored result field from the
-        matchframe, since I discovered that rrc ("recursive result code") was already the
-        exact same thing. Moved the handling of opcodes higher than OP_BRA into the default
-        statement of the switch instead of doing them before the switch. This removes a
-        branch from each iteration of the opcode interpreter, just as removal of "op"
-        removed at least one store from each iteration. Last, but not least, add the
-        OP_ASCII_CHAR and OP_ASCII_LETTER_NC functions. Neither can ever match a
-        surrogate pair and the letter case can be handled efficiently.
-
-2007-11-04  Darin Adler  <darin@apple.com>
-
-        * pcre/pcre_exec.c: (match): Try to fix the Windows build by removing unreachable code.
-
-2007-11-03  Darin Adler  <darin@apple.com>
-
-        - fix non-Mac builds; remove some more unused PCRE stuff
-
-        * pcre/pcre_compile.c:
-        (compile_branch): Removed branch chain and some unused ESC values.
-        (compile_regex): Ditto.
-        (jsRegExpCompile): Ditto.
-        * pcre/pcre_exec.c:
-        (match): Removed unused branch targets. Don't use macros any more.
-        (jsRegExpExecute): More of the same.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Update for removed files.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * pcre/pcre.pri: Ditto.
-
-        * pcre/MERGING: Removed.
-        * pcre/pcre_fullinfo.c: Removed.
-        * pcre/pcre_get.c: Removed.
-        * pcre/pcre_internal.h:
-        * pcre/ucp.h: Removed.
-
-2007-11-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15821
-          remove unused PCRE features for speed
-
-        A first step toward removing the PCRE features we don't use.
-        This gives a 0.8% speedup on SunSpider, and a 6.5% speedup on
-        the SunSpider regular expression test.
-
-        Replaced the public interface with one that doesn't use the
-        name PCRE. Removed code we don't need for JavaScript and various
-        configurations we don't use. This is in preparation for still
-        more changes in the future. We'll probably switch to C++ and
-        make some even more significant changes to the regexp engine
-        to get some additional speed.
-
-        There's probably additional unused stuff that I haven't
-        deleted yet.
-
-        This does mean that our PCRE is now a fork, but I think that's
-        not really a big deal.
-
-        * JavaScriptCore.exp: Remove the 5 old entry points and add
-        the 3 new entry points for WebCore's direct use of the regular
-        expression engine.
-
-        * kjs/config.h: Remove the USE(PCRE16) define. I decided to flip
-        its sense and now there's a USE(POSIX_REGEX) instead, which should
-        probably not be set by anyone. Maybe later we'll just get rid of it
-        altogether.
-
-        * kjs/regexp.h:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Switch to new jsRegExp function names and
-        defines. Cut down on the number of functions used.
-        (KJS::RegExp::~RegExp): Ditto.
-        (KJS::RegExp::match): Ditto.
-
-        * pcre/dftables.c: (main): Get rid of ctype_letter and ctype_meta,
-        which are unused.
-
-        * pcre/pcre-config.h: Get rid of EBCIDIC, PCRE_DATA_SCOPE, const,
-        size_t, HAVE_STRERROR, HAVE_MEMMOVE, HAVE_BCOPY, NEWLINE,
-        POSIX_MALLOC_THRESHOLD, NO_RECURSE, SUPPORT_UCP, SUPPORT_UTF8,
-        and JAVASCRIPT. These are all no longer configurable in our copy
-        of the library.
-
-        * pcre/pcre.h: Remove the macro-based kjs prefix hack, the PCRE
-        version macros, PCRE_UTF16, the code to set up PCRE_DATA_SCOPE,
-        the include of <stdlib.h>, and most of the constants and
-        functions defined in this header. Changed the naming scheme to
-        use a JSRegExp prefix rather than a pcre prefix. In the future,
-        we'll probably change this to be a C++ header.
-
-        * pcre/pcre_compile.c: Removed all unused code branches,
-        including many whole functions and various byte codes.
-        Kept changes outside of removal to a minimum.
-        (check_escape):
-        (first_significant_code):
-        (find_fixedlength):
-        (find_recurse):
-        (could_be_empty_branch):
-        (compile_branch):
-        (compile_regex):
-        (is_anchored):
-        (is_startline):
-        (find_firstassertedchar):
-        (jsRegExpCompile): Renamed from pcre_compile2 and changed the
-        parameters around a bit.
-        (jsRegExpFree): Added.
-
-        * pcre/pcre_exec.c: Removed many unused opcodes and variables.
-        Also started tearing down the NO_RECURSE mechanism since it's
-        now the default. In some cases there were things in the explicit
-        frame that could be turned into plain old local variables and
-        other small like optimizations.
-        (pchars):
-        (match_ref):
-        (match): Changed parameters quite a bit since it's now not used
-        recursively.
-        (jsRegExpExecute): Renamed from pcre_exec.
-
-        * pcre/pcre_internal.h: Get rid of PCRE_DEFINITION, PCRE_SPTR,
-        PCRE_IMS, PCRE_ICHANGED, PCRE_NOPARTIAL, PCRE_STUDY_MAPPED,
-        PUBLIC_OPTIONS, PUBLIC_EXEC_OPTIONS, PUBLIC_DFA_EXEC_OPTIONS,
-        PUBLIC_STUDY_OPTIONS, MAGIC_NUMBER, 16 of the opcodes,
-        _pcre_utt, _pcre_utt_size, _pcre_try_flipped, _pcre_ucp_findprop,
-        and _pcre_valid_utf8. Also moved pcre_malloc and pcre_free here.
-
-        * pcre/pcre_maketables.c: Changed to only compile in dftables.
-        Also got rid of many of the tables that we don't use.
-
-        * pcre/pcre_tables.c: Removed the unused Unicode property tables.
-
-        * pcre/pcre_ucp_searchfuncs.c: Removed everything except for
-        _pcre_ucp_othercase.
-
-        * pcre/pcre_xclass.c: (_pcre_xclass): Removed uneeded support
-        for classes based on Unicode properties.
-
-        * wtf/FastMallocPCRE.cpp: Removed unused bits. It would be good
-        to eliminate this completely, but we need the regular expression
-        code to be C++ first.
-
-        * pcre/pcre_fullinfo.c:
-        * pcre/pcre_get.c:
-        * pcre/ucp.h:
-        Files that are no longer needed. I didn't remove them with this
-        check-in, because I didn't want to modify all the project files.
-
-2007-11-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam.
-        
-        - remove NaN check from JSImmediate::fromDouble for 0.5% SunSpider speedup
-
-        It turns out that doing this check costs more than it saves.
-        
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::fromDouble):
-
-2007-11-03  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver.
-
-        Remove dummy variable from ClassInfo reducing the size of the struct by 1 word.
-        The variable had been kept around for binary compatibility, but since nothing
-        else is there is no point in continuing to keep it around.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackObject.cpp:
-        * bindings/objc/objc_runtime.mm:
-        * bindings/runtime_array.cpp:
-        * bindings/runtime_object.cpp:
-        * kjs/array_instance.cpp:
-        * kjs/array_object.cpp:
-        * kjs/bool_object.cpp:
-        * kjs/date_object.cpp:
-        * kjs/error_object.cpp:
-        * kjs/function.cpp:
-        * kjs/internal.cpp:
-        * kjs/lookup.h:
-        * kjs/math_object.cpp:
-        * kjs/number_object.cpp:
-        * kjs/object.h:
-        * kjs/regexp_object.cpp:
-        * kjs/string_object.cpp:
-
-2007-11-03  Kevin McCullough  <kmccullough@apple.com>
-
-        - Updated testkjs results to make the build bots green until we
-        can fix the tests that are failing.  The new failures are in DST.
-
-        * tests/mozilla/expected.html:
-
-2007-11-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam.
-        
-        - don't print the var twice for ForInNodes with a var declaration
-
-        * kjs/nodes2string.cpp:
-        (KJS::ForInNode::streamTo):
-
-2007-11-03  Darin Adler  <darin@apple.com>
-
-        * pcre/pcre_compile.c: (check_escape): Windows build fix. Get rid of
-        C-incompatible declaration.
-
-2007-11-03  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/nodes.cpp:  Add missing include.
-
-2007-11-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15814
-          <rdar://problem/5536644> fast/js/kde/encode_decode_uri.html fails
-
-        These changes cause us to match the JavaScript specification and pass the
-        fast/js/kde/encode_decode_uri.html test.
-
-        * kjs/function.cpp: (KJS::encode): Call the UTF-8 string conversion in its
-        new strict mode, throwing an exception if there are malformed UTF-16 surrogate
-        pairs in the text.
-
-        * kjs/ustring.h: Added a strict version of the UTF-8 string conversion.
-        * kjs/ustring.cpp:
-        (KJS::decodeUTF8Sequence): Removed code to disallow U+FFFE and U+FFFF; while
-        those might be illegal in some sense, they aren't supposed to get any special
-        handling in the place where this function is currently used.
-        (KJS::UString::UTF8String): Added the strictness.
-
-2007-11-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15812
-          some JavaScript tests (from the Mozilla test suite) are failing
-
-        Two or three fixes get 7 more of the Mozilla tests passing.
-        This gets us down from 61 failing tests to 54.
-
-        * kjs/interpreter.h: (KJS::Interpreter::builtinRegExp):
-        Made this inline and gave it a more specific type. Some day we should
-        probably do that for all of these -- might even get a bit of a speed
-        boost from it.
-        * kjs/interpreter.cpp: Removed Interpreter::builtinRegExp now that it's
-        inline in the header.
-
-        * kjs/regexp_object.h:
-        * kjs/regexp_object.cpp:
-        (KJS::RegExpProtoFunc::callAsFunction): Moved test and exec out of the
-        switch statement into the RegExpImp object, so they can be shared with
-        RegExpImp::callAsFunction.
-        (KJS::RegExpImp::match): Added. Common code used by both test and exec.
-        (KJS::RegExpImp::test): Added.
-        (KJS::RegExpImp::exec): Added.
-        (KJS::RegExpImp::implementsCall): Added.
-        (KJS::RegExpImp::callAsFunction): Added.
-        (KJS::RegExpObjectImpPrivate::RegExpObjectImpPrivate): Initialize
-        lastInput to null rather than empty string -- we take advantage of the
-        difference in RegExpImp::match.
-        (KJS::RegExpObjectImp::input): Added. No reason to go through hash tables
-        just to get at a field like this.
-
-        * pcre/pcre_compile.c: (check_escape): Changed the \u handling to match
-        the JavaScript specification. If there are not 4 hex digits after the \u,
-        then it's processed as if it wasn't an escape sequence at all.
-
-        * pcre/pcre_internal.h: Added IS_NEWLINE, with the appropriate definition
-        for JavaScript (4 specific Unicode values).
-        * pcre/pcre_exec.c:
-        (match): Changed all call sites to use IS_NEWLINE.
-        (pcre_exec): Ditto.
-
-        * tests/mozilla/expected.html: Updated to expect 7 more successful tests.
-
-2007-11-03  David D. Kilzer  <ddkilzer@webkit.org>
-
-        Sort files(...); sections of Xcode project files.
-
-        Rubber-stamped by Darin.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-11-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - remove VarDeclListNode and simplify VarDeclNode evaluation for 0.4% SunSpider speedup
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::VarDeclNode::optimizeVariableAccess):
-        (KJS::VarDeclNode::getDeclarations):
-        (KJS::VarDeclNode::handleSlowCase):
-        (KJS::VarDeclNode::evaluateSingle):
-        (KJS::VarDeclNode::evaluate):
-        (KJS::VarStatementNode::execute):
-        * kjs/nodes.h:
-        (KJS::VarDeclNode::):
-        (KJS::VarStatementNode::):
-        * kjs/nodes2string.cpp:
-        (KJS::VarDeclNode::streamTo):
-
-2007-11-03  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=15800
-        REGRESSION (r27303): RegExp leaks
-
-        * kjs/regexp_object.h:
-        (KJS::RegExpImp::setRegExp):
-        (KJS::RegExpImp::regExp):
-        (KJS::RegExpImp::classInfo):
-        * kjs/regexp_object.cpp:
-        (RegExpImp::RegExpImp):
-        (RegExpImp::~RegExpImp):
-        Renamed reg member variable to m_regExp, changed it to use OwnPtr.
-
-2007-11-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - add SourceElements as a typedef for Vector<RefPtr<StatementNode> >.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::statementListPushFIFO):
-        (KJS::statementListGetDeclarations):
-        (KJS::statementListInitializeDeclarationStacks):
-        (KJS::statementListInitializeVariableAccessStack):
-        (KJS::statementListExecute):
-        (KJS::BlockNode::BlockNode):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        (KJS::ProgramNode::ProgramNode):
-        * kjs/nodes.h:
-        (KJS::CaseClauseNode::):
-
-2007-11-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15791
-          change property map data structure for less memory use, better speed
-
-        The property map now has an array of indices and a separate array of
-        property map entries. This slightly slows down lookup because of a second
-        memory acess, but makes property maps smaller and faster to iterate in
-        functions like mark().
-
-        SunSpider says this is 1.2% faster, although it makes the bitwise-end test
-        more than 10% slower. To fix that we'll need to optimize global variable lookup.
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMapEntry::PropertyMapEntry):
-        (KJS::PropertyMapHashTable::entries):
-        (KJS::PropertyMapHashTable::allocationSize):
-        (KJS::SavedProperties::SavedProperties):
-        (KJS::SavedProperties::~SavedProperties):
-        (KJS::PropertyMap::checkConsistency):
-        (KJS::PropertyMap::~PropertyMap):
-        (KJS::PropertyMap::clear):
-        (KJS::PropertyMap::get):
-        (KJS::PropertyMap::getLocation):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::insert):
-        (KJS::PropertyMap::createTable):
-        (KJS::PropertyMap::rehash):
-        (KJS::PropertyMap::remove):
-        (KJS::PropertyMap::mark):
-        (KJS::comparePropertyMapEntryIndices):
-        (KJS::PropertyMap::containsGettersOrSetters):
-        (KJS::PropertyMap::getEnumerablePropertyNames):
-        (KJS::PropertyMap::save):
-        (KJS::PropertyMap::restore):
-        * kjs/property_map.h:
-
-2007-11-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15807
-          HashMap needs a take() function that combines get and remove
-
-        * wtf/HashMap.h: Added take function. Simplistic implementation for now,
-        but still does only one hash table lookup.
-
-        * kjs/array_instance.cpp: (KJS::ArrayInstance::put): Use take rather than
-        a find followed by a remove.
-
-2007-11-02  David Carson  <dacarson@gmail.com>
-
-        Reviewed by Darin.
-
-        Fix compiler warning "warning: suggest parentheses around && within ||"
-        http://bugs.webkit.org/show_bug.cgi?id=15764
-
-        * kjs/value.h: (KJS::JSValue::isNumber): Add parentheses.
-
-2007-11-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        In preparation for making List a simple stack-allocated Vector:
-
-        Removed all instances of List copying and/or assignment, and made List 
-        inherit from Noncopyable.
-        
-        Functions that used to return a List by copy now take List& out 
-        parameters.
-        
-        Layout tests and JS tests pass.
-
-        * kjs/list.cpp:
-        (KJS::List::slice): Replaced copyTail with a more generic slice 
-        alternative. (JavaScriptCore only calls slice(1), but WebCore calls 
-        slice(2)).
-
-2007-11-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15785
-        REGRESSION(r27344): Crash on load at finance.yahoo.com
-        
-        Reverted a small portion of my last check-in. (The speedup and the List 
-        removal are still there, though.)
-        
-        ActivationImp needs to hold a pointer to its function, and mark that 
-        pointer (rather than accessing its function through its ExecState, and 
-        counting on the active scope to mark its function) because a closure 
-        can cause an ActivationImp to outlive its ExecState along with any 
-        active scope.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::~FunctionImp):
-        (KJS::ActivationImp::ActivationImp):
-        * kjs/function.h:
-        (KJS::ActivationImp::ActivationImpPrivate::ActivationImpPrivate):
-
-        Also made HashTable a little more crash-happy in debug builds, so 
-        problems like this will show up earlier:
-        
-        * wtf/HashTable.h:
-        (WTF::HashTable::~HashTable):
-
-2007-11-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adam Roben.
-        
-        Addressed some of Darin's review comments.
-        
-        Used perl -p, which is the shorthand while(<>) {}.
-        
-        Made sure not to suppress bison's output.
-        
-        Added line to removed bison_out.txt, since this script removes other 
-        intermediate files, too.
-
-        * DerivedSources.make:
-
-2007-11-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Removed List from ActivationImp, in preparation for making all lists
-        stack-allocated.
-        
-        Tests pass.
-        
-        1.0% speedup on SunSpider, presumably due to reduced List refcount thrash.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        (KJS::ExecState::~ExecState):
-        * kjs/function.cpp:
-        (KJS::ActivationImp::ActivationImp):
-        (KJS::ActivationImp::createArgumentsObject):
-        * kjs/function.h:
-        (KJS::ActivationImp::ActivationImpPrivate::ActivationImpPrivate):
-
-2007-11-01  Adam Roben  <aroben@apple.com>
-
-        Use jsNumberCell instead of jsNumber when converting double constants to JSValues
-
-        This fixes fast/js/math.html, ecma/Date/15.9.5.10-1.js, and
-        ecma/Date/15.9.5.12-1.js, which were suffering from a bug in MSVC.
-
-        It also gets rid of an MSVC warning that we previously had to silence.
-
-        Reviewed by Geoff.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Turn
-        back on the "overflow in constant arithmetic" warning.
-        * kjs/number_object.cpp:
-        (NumberObjectImp::getValueProperty): Use jsNumberCell instead of
-        jsNumber.
-
-2007-10-31  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * kjs/ExecState.h:
-
-2007-10-31  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - shave some cycles off of local storage access for a 1% SunSpider speedup
-        
-        Keep the LocalStorage pointer in the ExecState, instead of getting
-        it from the ActivationImp all the time.
-
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::updateLocalStorage):
-        * kjs/ExecState.h:
-        (KJS::ExecState::localStorage):
-        * kjs/nodes.cpp:
-        (KJS::LocalVarAccessNode::evaluate):
-        (KJS::LocalVarFunctionCallNode::evaluate):
-        (KJS::PostIncLocalVarNode::evaluate):
-        (KJS::PostDecLocalVarNode::evaluate):
-        (KJS::LocalVarTypeOfNode::evaluate):
-        (KJS::PreIncLocalVarNode::evaluate):
-        (KJS::PreDecLocalVarNode::evaluate):
-        (KJS::ReadModifyLocalVarNode::evaluate):
-        (KJS::AssignLocalVarNode::evaluate):
-        (KJS::FunctionBodyNode::processDeclarationsForFunctionCode):
-
-2007-10-31  Adam Roben  <aroben@apple.com>
-
-        Fix a crash on launch due to a static initializer race
-
-        We now use fast inline assembler spinlocks which can be statically
-        initialized at compile time.
-
-        As a side benefit, this speeds up SunSpider by 0.4%.
-
-        Reviewed by Oliver.
-
-        * wtf/FastMalloc.cpp:
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SlowLock):
-        * wtf/TCSystemAlloc.cpp:
-
-2007-10-31  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam.
-
-        - Corrected spelling.
-
-        * wtf/HashTraits.h:
-
-2007-10-31  Mark Rowe  <mrowe@apple.com>
-
-        Further Gtk build fixage.
-
-        * kjs/regexp_object.cpp:
-
-2007-10-31  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/regexp.h:
-
-2007-10-31  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15749
-          RegExp/RegExpObjectImp cause needless UString creation
-
-        Speeds things up 0.4% according to SunSpider.
-
-        * kjs/config.h: Define USE(PCRE16) instead of HAVE(PCREPOSIX),
-        because this library doesn't use the real PCRE -- it uses its
-        own PCRE that works on UTF-16.
-
-        * kjs/regexp.h: Removed a few unused functions. Changed the ifdef.
-        Use Noncopyable. Change the return value of match.
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Call pcre_compile2, for a slight speed boost.
-        (KJS::RegExp::~RegExp): PCRE16 rather than PCREPOSIX.
-        (KJS::RegExp::match): Change to return the position as an int and the
-        ovector as a OwnArrayPtr<int> for efficiency and clearer storage management.
-
-        * kjs/regexp_object.h: Change performMatch and arrayOfMatches to no longer
-        require a result string.
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFunc::callAsFunction): Update for new signature of performMatch.
-        (RegExpObjectImp::performMatch): Change so it doesn't return a string.
-        (RegExpObjectImp::arrayOfMatches): Simplify by unifying the handling of
-        the main result with the backreferences; now it doesn't need to take
-        a result parameter.
-        (RegExpObjectImp::getBackref): Minor tweaks.
-        (RegExpObjectImp::getLastParen): Ditto.
-        (RegExpObjectImp::getLeftContext): Ditto.
-        (RegExpObjectImp::getRightContext): Ditto.
-        (RegExpObjectImp::getValueProperty): Change LastMatch case to call
-        getBackref(0) so we don't need a separate getLastMatch function.
-
-        * kjs/string_object.cpp:
-        (KJS::replace): Update to use new performMatch, including merging the
-        matched string section with the other substrings.
-        (KJS::StringProtoFunc::callAsFunction): Update functions to use the
-        new performMatch and match. Also change to use OwnArrayPtr.
-
-2007-10-31  Oliver Hunt  <oliver@apple.com>
-
-        * kjs/nodes.h: include OwnPtr.h
-
-2007-10-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Remove SourceCodeElement class and replaced with a Vector for a 0.8% gain on sunspider
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::statementListPushFIFO):
-        (KJS::statementListGetDeclarations):
-        (KJS::statementListInitializeDeclarationStacks):
-        (KJS::statementListInitializeVariableAccessStack):
-        (KJS::statementListExecute):
-        (KJS::BlockNode::optimizeVariableAccess):
-        (KJS::BlockNode::BlockNode):
-        (KJS::BlockNode::getDeclarations):
-        (KJS::BlockNode::execute):
-        (KJS::CaseClauseNode::optimizeVariableAccess):
-        (KJS::CaseClauseNode::getDeclarations):
-        (KJS::CaseClauseNode::evalStatements):
-        (KJS::FunctionBodyNode::initializeDeclarationStacks):
-        (KJS::FunctionBodyNode::optimizeVariableAccess):
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        (KJS::statementListStreamTo):
-        (KJS::BlockNode::streamTo):
-        (KJS::CaseClauseNode::streamTo):
-
-2007-10-30  Mark Rowe  <mrowe@apple.com>
-
-        * kjs/property_map.cpp: Added a missing using directive to fix the build
-        for non-Mac ports. Mac worked only because it does the AllInOneFile compile.
-
-2007-10-31  Maciej Stachowiak  <mjs@apple.com>
-
-        * kjs/property_map.cpp: Include HashTable.h the right way to fix the build
-        for non-Mac ports.
-
-2007-10-31  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        http://bugs.webkit.org/show_bug.cgi?id=11001
-        WebKit doesn't support RegExp.compile method
-
-        Test: fast/js/regexp-compile.html
-
-        * kjs/regexp_object.cpp:
-        (RegExpPrototype::RegExpPrototype):
-        (RegExpProtoFunc::callAsFunction):
-        * kjs/regexp_object.h:
-        (KJS::RegExpProtoFunc::):
-        Added RegExp.compile.
-
-        * tests/mozilla/expected.html: js1_2/regexp/compile.js now passes.
-
-2007-10-31  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - get rid of integer divide in PropertyMap and HashTable for 1% SunSpider speedup
-        
-        Integer divide sucks. Fortunately, a bunch of shifts and XORs
-        biased towards the high bits is sufficient to provide a good
-        double hash. Besides the SunSpider win, I used the dump statistics
-        mode for both to verify that collisions did not increase and that
-        the longest collision chain is not any longer.
-
-        * kjs/property_map.cpp:
-        (KJS::doubleHash):
-        (KJS::PropertyMap::get):
-        (KJS::PropertyMap::getLocation):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::insert):
-        (KJS::PropertyMap::remove):
-        (KJS::PropertyMap::checkConsistency):
-        * wtf/HashTable.h:
-        (WTF::doubleHash):
-        (WTF::::lookup):
-        (WTF::::lookupForWriting):
-        (WTF::::fullLookupForWriting):
-        (WTF::::add):
-
-2007-10-30  Adam Roben  <aroben@apple.com>
-
-        * kjs/collector.h: Make HeapType public so it can be used for non-member
-        things like the HeapConstants struct template. Fixes the build on Windows.
-
-2007-10-30  Adam Roben  <aroben@apple.com>
-
-        Change ALWAYS_INLINE and WTF_PRIVATE_INLINE to use __forceinline on Windows
-
-        Speeds up SunSpider by 0.4%.
-
-        Reviewed by Steve and Maciej.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable
-        a warning during LTCG in release builds about double -> float
-        conversion.
-        * wtf/AlwaysInline.h:
-        * wtf/FastMalloc.h:
-
-2007-10-30  Adam Roben  <aroben@apple.com>
-
-        Use GetCurrentThreadId instead of pthread_self in FastMalloc
-
-        Speeds up SunSpider by 0.3%.
-
-        Reviewed by Steve.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_ThreadCache::InitTSD):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-
-2007-10-30  Adam Roben  <aroben@apple.com>
-
-        Switch to a Win32 critical section implementation of spinlocks
-        
-        Speeds up SunSpider by 0.4%.
-        
-        Reviewed by Steve.
-        
-        * wtf/FastMalloc.cpp:
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::TCMalloc_SpinLock):
-        (TCMalloc_SpinLock::Init):
-        (TCMalloc_SpinLock::Finalize):
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        * wtf/TCSystemAlloc.cpp:
-
-2007-10-30  Adam Roben  <aroben@apple.com>
-
-        Fix Bug 15586: REGRESSION (r26759-r26785): Windows nightly builds crash with Safari 3 Public Beta
-
-        http://bugs.webkit.org/show_bug.cgi?id=15586
-
-        Also fixes: <rdar://5565303> Cannot use regsvr32.exe to register WebKit.dll
-
-        Use Win32 TLS functions instead of __declspec(thread), which breaks
-        delay-loading.
-
-        Reviewed by Steve.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::getThreadHeap):
-        (WTF::TCMalloc_ThreadCache::InitModule):
-
-2007-10-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - allocate numbers in half-size cells, for an 0.5% SunSpider speedup
-        http://bugs.webkit.org/show_bug.cgi?id=15772
-        
-        We do this by using a single mark bit per two number cells, and
-        tweaking marking.
-        
-        Besides being an 0.5% win overall, this is a 7.1% win on morph.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::heapAllocate):
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::sweep):
-        * kjs/collector.h:
-        (KJS::SmallCollectorCell::):
-
-2007-10-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adam Roben, Sam Weinig.
-        
-        Made conflicts in grammar.y a persistent build failure.
-
-        * DerivedSources.make:
-
-2007-10-30  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam and Geoff.
-
-        - Added a new cast so all the casts are in the same place.
-
-        * API/APICast.h:
-        (toGlobalRef):
-
-2007-10-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fixed <rdar://problem/5567504> shift/reduce conflict introduced in r24457
-        
-        JS tests, including 
-
-            ecma_2/Statements/dowhile-001.js
-            ecma_2/Statements/dowhile-002.js
-            ecma_2/Statements/dowhile-003.js
-            ecma_2/Statements/dowhile-004.js
-            ecma_2/Statements/dowhile-005.js
-            ecma_2/Statements/dowhile-006.js
-            ecma_2/Statements/dowhile-007.js
-            js1_2/statements/do_while.js
-
-        and layout tests, including
-
-            do-while-expression-value.html
-            do-while-semicolon.html
-            do-while-without-semicolon.html
-        
-        pass.
-        
-        * kjs/grammar.y: Use the explicit "error" production, as we do with other
-        automatic semicolon insertions, to disambiguate "do { } while();" from
-        "do { } while()" followed by ";" (the empty statement).
-
-2007-10-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Debranching remaining assignment nodes, and miscellaneous cleanup
-        
-        Split read-modify code paths out of AssignBracketNode and AssignDotNode
-        Removed now unnecessary check for write-only assignment in ReadModifyLocalVarNode 
-        and ReadModifyResolveNode evaluate methods
-
-        Leads to a 1% gain in SunSpider.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::ReadModifyLocalVarNode::evaluate):
-        (KJS::ReadModifyResolveNode::evaluate):
-        (KJS::AssignDotNode::evaluate):
-        (KJS::ReadModifyDotNode::optimizeVariableAccess):
-        (KJS::ReadModifyDotNode::evaluate):
-        (KJS::AssignBracketNode::evaluate):
-        (KJS::ReadModifyBracketNode::optimizeVariableAccess):
-        (KJS::ReadModifyBracketNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::AssignBracketNode::):
-        (KJS::AssignBracketNode::precedence):
-        (KJS::AssignDotNode::):
-        (KJS::AssignDotNode::precedence):
-        * kjs/nodes2string.cpp:
-        (KJS::ReadModifyBracketNode::streamTo):
-        (KJS::AssignBracketNode::streamTo):
-        (KJS::ReadModifyDotNode::streamTo):
-        (KJS::AssignDotNode::streamTo):
-
-2007-10-29  Oliver Hunt  <oliver@apple.com>
-
-        Debranching various Node::evaluate implementations
-        
-        Reviewed by Maciej.
-        
-        Split the read-modify-write assignment cases out of AssignResolveNode and into ReadModifyResolveNode
-        Split the increment and decrement cases for Prefix- and Postfix- ResolveNode, BracketNode, and DotNode
-        
-        Gains 1.6% on SunSpider
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::optimizeVariableAccess):
-        (KJS::PostIncResolveNode::evaluate):
-        (KJS::PostIncLocalVarNode::evaluate):
-        (KJS::PostDecResolveNode::optimizeVariableAccess):
-        (KJS::PostDecResolveNode::evaluate):
-        (KJS::PostDecLocalVarNode::evaluate):
-        (KJS::PostIncBracketNode::evaluate):
-        (KJS::PostDecBracketNode::evaluate):
-        (KJS::PostIncDotNode::evaluate):
-        (KJS::PostDecDotNode::evaluate):
-        (KJS::PreIncResolveNode::optimizeVariableAccess):
-        (KJS::PreIncLocalVarNode::evaluate):
-        (KJS::PreIncResolveNode::evaluate):
-        (KJS::PreDecResolveNode::optimizeVariableAccess):
-        (KJS::PreDecLocalVarNode::evaluate):
-        (KJS::PreDecResolveNode::evaluate):
-        (KJS::PreIncBracketNode::evaluate):
-        (KJS::PreDecBracketNode::evaluate):
-        (KJS::PreIncDotNode::evaluate):
-        (KJS::PreDecDotNode::evaluate):
-        (KJS::ReadModifyResolveNode::optimizeVariableAccess):
-        (KJS::AssignResolveNode::optimizeVariableAccess):
-        (KJS::AssignLocalVarNode::evaluate):
-        (KJS::AssignResolveNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::PostDecResolveNode::):
-        (KJS::PostDecResolveNode::precedence):
-        (KJS::PostDecLocalVarNode::):
-        (KJS::PostfixBracketNode::):
-        (KJS::PostfixBracketNode::precedence):
-        (KJS::PostIncBracketNode::):
-        (KJS::PostIncBracketNode::isIncrement):
-        (KJS::PostDecBracketNode::):
-        (KJS::PostDecBracketNode::isIncrement):
-        (KJS::PostfixDotNode::):
-        (KJS::PostfixDotNode::precedence):
-        (KJS::PostIncDotNode::):
-        (KJS::PostIncDotNode::isIncrement):
-        (KJS::PostDecDotNode::):
-        (KJS::PreIncResolveNode::):
-        (KJS::PreDecResolveNode::):
-        (KJS::PreDecResolveNode::precedence):
-        (KJS::PreDecLocalVarNode::):
-        (KJS::PrefixBracketNode::):
-        (KJS::PrefixBracketNode::precedence):
-        (KJS::PreIncBracketNode::):
-        (KJS::PreIncBracketNode::isIncrement):
-        (KJS::PreDecBracketNode::):
-        (KJS::PreDecBracketNode::isIncrement):
-        (KJS::PrefixDotNode::):
-        (KJS::PrefixDotNode::precedence):
-        (KJS::PreIncDotNode::):
-        (KJS::PreIncDotNode::isIncrement):
-        (KJS::PreDecDotNode::):
-        (KJS::ReadModifyResolveNode::):
-        (KJS::ReadModifyLocalVarNode::):
-        (KJS::AssignResolveNode::):
-        (KJS::AssignResolveNode::precedence):
-        * kjs/nodes2string.cpp:
-        (KJS::PostIncResolveNode::streamTo):
-        (KJS::PostDecResolveNode::streamTo):
-        (KJS::PostfixBracketNode::streamTo):
-        (KJS::PostfixDotNode::streamTo):
-        (KJS::PreIncResolveNode::streamTo):
-        (KJS::PreDecResolveNode::streamTo):
-        (KJS::ReadModifyResolveNode::streamTo):
-        (KJS::AssignResolveNode::streamTo):
-
-2007-10-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-        
-        - Include Vector.h in a way that actually works.
-
-        * kjs/LocalStorage.h:
-
-2007-10-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-        
-        - Install LocalStorage.h as a private header.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-10-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - Define good VectorTraits for LocalStorage entry for 0.5% speed improvement on SunSpider.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/LocalStorage.h: Added.
-        (KJS::LocalStorageEntry::LocalStorageEntry):
-        (WTF::):
-        * kjs/function.h:
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::processDeclarationsForFunctionCode):
-
-2007-10-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Some small tweaks that I notice while reviewing Oliver's last patch.
-        
-        Includes removal of an unnecessary KJS_CHECKEXCEPTIONVALUE.
-        
-        No change in SunSpider because SunSpider doesn't take the code path that
-        would execute the unnecessary KJS_CHECKEXCEPTIONVALUE much.
-
-        * kjs/nodes.cpp:
-        (KJS::LocalVarPostfixNode::evaluate):
-        (KJS::TypeOfResolveNode::optimizeVariableAccess):
-        (KJS::LocalVarTypeOfNode::evaluate):
-        (KJS::PrefixResolveNode::optimizeVariableAccess):
-        (KJS::LocalVarPrefixNode::evaluate):
-        (KJS::AssignResolveNode::optimizeVariableAccess):
-        (KJS::LocalVarAssignNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::LocalVarTypeOfNode::):
-        (KJS::PrefixResolveNode::):
-        (KJS::LocalVarPrefixNode::):
-        (KJS::AssignResolveNode::):
-        (KJS::LocalVarAssignNode::):
-
-2007-10-29  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-        
-        SunSpider claims this was a 0.7% speedup.
-
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFunc::callAsFunction): avoid mallocing a jsString in the common case
-
-2007-10-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-        
-        - re-enable asserts for access to empty or deleted keys
-
-        * wtf/HashTable.h:
-        (WTF::::lookup):
-        (WTF::::lookupForWriting):
-        (WTF::::fullLookupForWriting):
-        (WTF::::add):
-
-2007-10-29  Eric Seidel  <eric@webkit.org>
-
-        Build fix only, no review.
-
-        * JavaScriptCore.exp: Export symbol for new StringInstance::getOwnPropertySlot
-
-2007-10-29  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.  Move struct declarations into nodes.h.
-
-        * kjs/grammar.y:
-        * kjs/nodes.h:
-
-2007-10-29  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-        
-        Give StringInstance a getOwnPropertySlot(ExecState, unsigned, PropertySlot) fastpath, just like Arrays.
-        Make it a compile time error to use toString(ExecState) on a StringInstance
-        
-        SunSpider claims this was a 6.6% speedup overall (22% on string-base64)
-
-        * kjs/internal.h:
-        (KJS::StringImp::getLength):
-        * kjs/string_object.cpp:
-        (KJS::StringInstance::lengthGetter):
-        (KJS::StringInstance::inlineGetOwnPropertySlot):
-        (KJS::StringInstance::getOwnPropertySlot):
-        * kjs/string_object.h:
-
-2007-10-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Add nodes to allow Assignment, TypeOf, and prefix operators to 
-        make use of the new optimised local variable look up.
-
-        5% gain on sunspider
-
-        * kjs/nodes.cpp:
-        (KJS::TypeOfResolveNode::optimizeVariableAccess):
-        (KJS::LocalTypeOfAccessNode::evaluate):
-        (KJS::PrefixResolveNode::optimizeVariableAccess):
-        (KJS::PrefixLocalAccessNode::evaluate):
-        (KJS::AssignResolveNode::optimizeVariableAccess):
-        (KJS::AssignLocalAccessNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::TypeOfResolveNode::):
-        (KJS::TypeOfResolveNode::precedence):
-        (KJS::LocalTypeOfAccessNode::):
-        (KJS::PrefixResolveNode::):
-        (KJS::PrefixResolveNode::precedence):
-        (KJS::PrefixLocalAccessNode::):
-        (KJS::AssignResolveNode::):
-        (KJS::AssignLocalAccessNode::):
-
-2007-10-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - avoid creating and then breaking circular lists in the parser, instead track head and tail pointers at parse time
-        http://bugs.webkit.org/show_bug.cgi?id=15748
-        
-        Not a significant speedup or slowdown on SunSpider.
-
-        * kjs/Parser.cpp:
-        (KJS::clearNewNodes):
-        * kjs/Parser.h:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::BlockNode::BlockNode):
-        (KJS::CaseBlockNode::CaseBlockNode):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        (KJS::SourceElementsNode::SourceElementsNode):
-        (KJS::ProgramNode::ProgramNode):
-        * kjs/nodes.h:
-        (KJS::ElementNode::):
-        (KJS::ArrayNode::):
-        (KJS::PropertyListNode::):
-        (KJS::ObjectLiteralNode::):
-        (KJS::ArgumentListNode::):
-        (KJS::ArgumentsNode::):
-        (KJS::VarDeclListNode::):
-        (KJS::VarStatementNode::):
-        (KJS::ForNode::):
-        (KJS::ParameterNode::):
-        (KJS::FuncExprNode::):
-        (KJS::FuncDeclNode::):
-        (KJS::SourceElementsNode::):
-        (KJS::CaseClauseNode::):
-        (KJS::ClauseListNode::):
-
-2007-10-28  Mark Rowe  <mrowe@apple.com>
-
-        Disable assertions in a manner that doesn't break the Qt Windows build.
-
-        * wtf/HashTable.h:
-        (WTF::::lookup):
-        (WTF::::lookupForWriting):
-        (WTF::::fullLookupForWriting):
-
-2007-10-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Temporarily disabling some ASSERTs I introduced in my last check-in 
-        because of http://bugs.webkit.org/show_bug.cgi?id=15747
-        Lots of layout tests fail the !HashTranslator::equal(KeyTraits::emptyValue() ASSERT
-
-        * wtf/HashTable.h:
-        (WTF::::lookup):
-        (WTF::::lookupForWriting):
-        (WTF::::fullLookupForWriting):
-        (WTF::::add):
-
-2007-10-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15746
-        #ifndef ASSERT_DISABLED is no good!
-        
-        Replaced with #if !ASSERT_DISABLED.
-
-        * wtf/HashTable.h:
-        (WTF::::lookup):
-        (WTF::::lookupForWriting):
-        (WTF::::fullLookupForWriting):
-        (WTF::::add):
-
-2007-10-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Added FunctionCallResolveNode, PostfixResolveNode, and DeleteResolveNode
-        to the AST transfom that replaces slow resolve nodes with fast local 
-        variable alternatives.
-        
-        2.5% speedup on SunSpider.
-        
-        Also added some missing copyright notices.
-        
-        * kjs/nodes.cpp:
-        (KJS::FunctionCallResolveNode::optimizeVariableAccess):
-        (KJS::FunctionCallResolveNode::evaluate):
-        (KJS::LocalVarFunctionCallNode::evaluate):
-        (KJS::PostfixResolveNode::optimizeVariableAccess):
-        (KJS::PostfixResolveNode::evaluate):
-        (KJS::LocalVarPostfixNode::evaluate):
-        (KJS::DeleteResolveNode::optimizeVariableAccess):
-        (KJS::DeleteResolveNode::evaluate):
-        (KJS::LocalVarDeleteNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::FunctionCallResolveNode::):
-        (KJS::LocalVarFunctionCallNode::LocalVarFunctionCallNode):
-        (KJS::PostfixResolveNode::):
-        (KJS::LocalVarPostfixNode::LocalVarPostfixNode):
-        (KJS::DeleteResolveNode::):
-        (KJS::LocalVarDeleteNode::LocalVarDeleteNode):
-
-2007-10-28  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-        
-        Inline UString::Rep::deref() for a 0.8% improvement in SunSpider
-        Add virtual keyword to a few virtual functions previously unmarked.
-
-        * kjs/internal.h:
-        (KJS::StringImp::type):
-        (KJS::NumberImp::type):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::deref):
-
-2007-10-28  Darin Adler  <darin@apple.com>
-
-        - fix "broken everything" from the storage leak fix
-
-        * wtf/RefPtr.h: (WTF::RefPtr::RefPtr): Added a PlacementNewAdopt constructor.
-        * kjs/ustring.h: (KJS::UString::UString): Pass PlacementNewAdopt along to RefPtr.
-
-2007-10-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam.
-
-        - turn on unused parameter waring on Mac OS X because it's already on elsewhere
-
-        * Configurations/Base.xcconfig: Took out -wno-unused-parameter.
-
-        * API/JSNode.c:
-        * API/JSNodeList.c:
-        * API/minidom.c:
-        * API/testapi.c:
-        Fixed unused variables by using them or marked them with UNUSED_PARAM.
-
-        * kjs/CollectorHeapIntrospector.h: (KJS::CollectorHeapIntrospector::zoneCalloc):
-        Removed parameter names to indicate they are unused.
-
-2007-10-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix a storage leak where we ref the UString every time we replace
-          a ResolveNode with a LocalVarAccessNode
-
-        * kjs/identifier.h: (KJS::Identifier::Identifier): Added a constructor
-        that takes PlacementNewAdopt.
-
-        * kjs/nodes.h: (KJS::ResolveNode::ResolveNode): Initialize the ident
-        with PlacementNewAdopt instead of the old value of ident.
-
-        * kjs/ustring.h: (KJS::UString::UString): Added a constructor that
-        takes PlacementNewAdopt.
-
-2007-10-28  Darin Adler  <darin@apple.com>
-
-        - Windows build fix; get rid of unused parameter
-
-        * kjs/nodes.cpp: (KJS::ResolveNode::optimizeVariableAccess): Don't pass it.
-        * kjs/nodes.h: (KJS::LocalVarAccessNode::LocalVarAccessNode): Remove it.
-        The assertions weren't all that helpful.
-
-2007-10-28  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.  Add include of MathExtras.h.
-
-        * kjs/string_object.cpp:
-
-2007-10-28  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej and Tim.
-
-        Replace uses of isNaN and isInf with isnan and isinf, and
-        remove isNaN and isInf.
-
-        * kjs/config.h: Remove unused HAVE_'s.
-        * kjs/date_object.cpp:
-        (KJS::DateInstance::getTime):
-        (KJS::DateInstance::getUTCTime):
-        (KJS::DateProtoFunc::callAsFunction):
-        (KJS::DateObjectImp::construct):
-        (KJS::DateObjectFuncImp::callAsFunction):
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/math_object.cpp:
-        (MathFuncImp::callAsFunction):
-        * kjs/nodes2string.cpp:
-        (KJS::isParserRoundTripNumber):
-        * kjs/number_object.cpp:
-        (NumberProtoFunc::callAsFunction):
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFunc::callAsFunction):
-        * kjs/ustring.cpp:
-        (KJS::UString::from):
-        * kjs/value.cpp:
-        (KJS::JSValue::toInteger):
-        (KJS::JSValue::toInt32SlowCase):
-        (KJS::JSValue::toUInt32SlowCase):
-
-2007-10-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: use the new-fangled missingSymbolMarker().
-
-        * kjs/nodes.cpp:
-        (KJS::ResolveNode::optimizeVariableAccess):
-        * kjs/nodes.h:
-        (KJS::LocalVarAccessNode::LocalVarAccessNode):
-
-2007-10-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak, Darin Adler.
-        
-        Much supporting work done by Maciej Stachowiak, Maks Orlovich, and 
-        Cameron Zwarich.
-        
-        AST transfom to replace slow resolve nodes with fast local variable
-        alternatives that do direct memory access. Currently, only ResolveNode
-        provides a fast local variable alternative. 6 others are soon to come.
-        
-        16.7% speedup on SunSpider.
-        
-        Most of this patch is just scaffolding to support iterating all the 
-        resolve nodes in the AST through optimizeResolveNodes(). In 
-        optimizeResolveNodes(), most classes just push their child nodes onto 
-        the processing stack, while ResolveNodes actually replace themselves in 
-        the tree with more optimized alternatives, if possible.
-
-        Here are the interesting bits:
-
-        * kjs/nodes.h: Added PlacementNewAdoptTag, along with implementations 
-        in Node and ResolveNode. This tag allows you to use placement new to 
-        swap out a base class Node in favor of a subclass copy that holds the
-        same data. (Without this tag, default initialization would NULL out
-        RefPtrs, change line numbers, etc.)
-
-        * kjs/nodes.cpp:
-        (KJS::ResolveNode::evaluate): Since we're taking the slow path, ASSERT
-        that the fast path is impossible, to make sure we didn't leave anything
-        on the table.
-
-        (KJS::FunctionBodyNode::optimizeResolveNodes): Here's where the AST 
-        transformation happens.
-        
-        (KJS::ResolveNode::optimizeResolveNodes): Here's where the ResolveNode
-        optimization happens.
-
-        * kjs/function.h: Added symbolTable() accessor for, for the sake of 
-        an ASSERT.
-
-2007-10-28  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej.
-
-        Fix "AllInOneFile.o has a global initializer in it".
-
-        Some versions of gcc generate a global initializer for std::numeric_limits<size_t>::max().
-        We can avoid this by moving it inside an inline function.
-
-        * kjs/SymbolTable.h:
-        (KJS::missingSymbolMarker):
-        * kjs/function.cpp:
-        (KJS::ActivationImp::getOwnPropertySlot):
-        (KJS::ActivationImp::put):
-
-2007-10-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-        
-        - Added assertions to protect against adding empty or deleted keys to a HashTable
-
-        * wtf/HashTable.h:
-        (WTF::HashTable::lookup):
-        (WTF::HashTable::lookupForWriting):
-        (WTF::HashTable::fullLookupForWriting):
-        (WTF::HashTable::add):
-
-2007-10-28  Darin Adler  <darin@apple.com>
-
-        - fix GTK build
-
-        * kjs/nodes2string.cpp: (KJS::isParserRoundTripNumber):
-        Use isNaN and isInf instead of isnan and isinf.
-
-2007-10-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15735
-          remove GroupNode to simplify AST and possibly get a modest speedup
-
-        This patch removes 4 node types: GroupNode, PropertyNameNode,
-        FunctionCallParenBracketNode, and FunctionCallParenDotNode.
-
-        To remove GroupNode, we add knowledge of precedence to the tree nodes,
-        and use that when serializing to determine where parentheses are needed.
-        This means we no longer have to represent parentheses in the tree.
-
-        The precedence values are named after productions in the grammar from the
-        JavaScript standard.
-
-        SunSpider says this is an 0.4% speedup.
-
-        * kjs/function.h:
-        * kjs/function.cpp: Removed escapeStringForPrettyPrinting -- it's part of
-        serialization, so I moved it to the file that takes care of that.
-
-        * kjs/grammar.y: Changed makeGetterOrSetterPropertyNode to use 0 to
-        indicate failure instead of a separate boolean. Got rid of PropertyNameNode
-        by merging the PropertyName rule into the Property rule (which was easier
-        than figuring out how to pass the Identifier from one node to another).
-        Got rid of GroupNode, nodeInsideAllParens(), FunctionCallParenBracketNode,
-        and FunctionCallParenDotNode.
-
-        * kjs/nodes.h: Removed unused forward declarations and Operator values.
-        Added Precedence enum, and precedence function to all nodes. Removed
-        nodeInsideAllParens. Added streamBinaryOperator function for serialization.
-        Removed GroupNode and PropertyNameNode. Made PropertyNode store an Identifier.
-        Removed FunctionCallParenBracketNode and FunctionCallParenDotNode.
-
-        * kjs/nodes.cpp: Removed Node::nodinsideAllParens, GroupNode, and PropertyNameNode.
-        (KJS::PropertyListNode::evaluate): Changed code to get name directly instead
-        of converting it from an Identifier to a jsString then back to a UString
-        then into an Identifier again!
-
-        * kjs/nodes2string.cpp: Changed special-token implementation to use a separate
-        function for each of Endl, Indent, Unindent, and DotExpr instead of using a
-        single function with a switch. Added a precedence that you can stream in, to
-        cause the next node serialized to add parentheses based on that precedence value.
-        (KJS::operatorString): Moved to the top of the file.
-        (KJS::escapeStringForPrettyPrinting): Moved here from function.cpp. Removed old
-        workaround for snprintf, since StringExtras.h takes care of that.
-        (KJS::operator<<): Made the char and char* versions faster by using UString's
-        character append functions instead of constructing a UString. Added the logic
-        to the Node* version to add parentheses if needed.
-        (KJS::Node::streamLeftAssociativeBinaryOperator): Added helper function.
-        (KJS::ElementNode::streamTo): Use PrecAssignment for the elements.
-        (KJS::BracketAccessorNode::streamTo): Use PrecCall for the expression before
-        the bracket.
-        (KJS::DotAccessorNode::streamTo): Use PrecCall for the expression before the dot.
-        (KJS::ArgumentListNode::streamTo): Use PrecAssignment for the arguments.
-        (KJS::NewExprNode::streamTo): Use PrecMember for the expression.
-        (KJS::FunctionCallValueNode::streamTo): Use PrecCall.
-        (KJS::FunctionCallBracketNode::streamTo): Ditto.
-        (KJS::FunctionCallDotNode::streamTo): Ditto.
-        (KJS::PostfixBracketNode::streamTo): Ditto.
-        (KJS::PostfixDotNode::streamTo): Ditto.
-        (KJS::PostfixErrorNode::streamTo): Use PrecLeftHandSide.
-        (KJS::DeleteBracketNode::streamTo): Use PrecCall.
-        (KJS::DeleteDotNode::streamTo): Ditto.
-        (KJS::DeleteValueNode::streamTo): Use PrecUnary.
-        (KJS::VoidNode::streamTo): Ditto.
-        (KJS::TypeOfValueNode::streamTo): Ditto.
-        (KJS::PrefixBracketNode::streamTo): Use PrecCall.
-        (KJS::PrefixDotNode::streamTo): Ditto.
-        (KJS::PrefixErrorNode::streamTo): Use PrecUnary.
-        (KJS::UnaryPlusNode::streamTo): Ditto.
-        (KJS::NegateNode::streamTo): Ditto.
-        (KJS::BitwiseNotNode::streamTo): Ditto.
-        (KJS::LogicalNotNode::streamTo): Ditto.
-        (KJS::MultNode::streamTo): Use streamLeftAssociativeBinaryOperator.
-        (KJS::DivNode::streamTo): Ditto.
-        (KJS::ModNode::streamTo): Ditto.
-        (KJS::AddNode::streamTo): Ditto.
-        (KJS::SubNode::streamTo): Ditto.
-        (KJS::LeftShiftNode::streamTo): Ditto.
-        (KJS::RightShiftNode::streamTo): Ditto.
-        (KJS::UnsignedRightShiftNode::streamTo): Ditto.
-        (KJS::LessNode::streamTo): Ditto.
-        (KJS::GreaterNode::streamTo): Ditto.
-        (KJS::LessEqNode::streamTo): Ditto.
-        (KJS::GreaterEqNode::streamTo): Ditto.
-        (KJS::InstanceOfNode::streamTo): Ditto.
-        (KJS::InNode::streamTo): Ditto.
-        (KJS::EqualNode::streamTo): Ditto.
-        (KJS::NotEqualNode::streamTo): Ditto.
-        (KJS::StrictEqualNode::streamTo): Ditto.
-        (KJS::NotStrictEqualNode::streamTo): Ditto.
-        (KJS::BitAndNode::streamTo): Ditto.
-        (KJS::BitXOrNode::streamTo): Ditto.
-        (KJS::BitOrNode::streamTo): Ditto.
-        (KJS::LogicalAndNode::streamTo): Ditto.
-        (KJS::LogicalOrNode::streamTo): Ditto.
-        (KJS::ConditionalNode::streamTo): Ditto.
-        (KJS::AssignResolveNode::streamTo): Use PrecAssignment for the right side.
-        (KJS::AssignBracketNode::streamTo): Use PrecCall for the expression before
-        the bracket and PrecAssignment for the right side.
-        (KJS::AssignDotNode::streamTo): Ditto.
-        (KJS::AssignErrorNode::streamTo): Use PrecLeftHandSide for the left side
-        and PrecAssignment for the right side.
-        (KJS::CommaNode::streamTo): Use PrecAssignment for both expressions.
-        (KJS::AssignExprNode::streamTo): Use PrecAssignment.
-
-2007-10-28  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Define wx port and set wx port USE options.
-
-        Reviewed by Adam Roben.
-
-        * wtf/Platform.h:
-
-2007-10-28  Mark Rowe  <mrowe@apple.com>
-
-        We don't include "config.h" in headers.
-
-        * bindings/jni/jni_instance.h:
-        * kjs/regexp.h:
-        * wtf/TCPageMap.h:
-        * wtf/TCSpinLock.h:
-
-2007-10-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Mark.
-        
-        - avoid using non-portable SIZE_T_MAX in favor of std::numeric_limits
-
-        * kjs/SymbolTable.h:
-        (KJS::SymbolTableIndexHashTraits::emptyValue):
-        * kjs/function.cpp:
-        (KJS::ActivationImp::getOwnPropertySlot):
-        (KJS::ActivationImp::put):
-
-2007-10-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric.
-        
-        - switch SymbolTable to be a HashMap instead of a PropertyMap for 3% SunSpider speedup
-
-        * kjs/SymbolTable.h:
-        (KJS::IdentifierRepHash::hash): Special hash function for identifier reps.
-        (KJS::IdentifierRepHash::equal): ditto
-        (KJS::SymbolTableIndexHashTraits::emptyValue): Special HashTraits for the index value.
-        (KJS::SymbolTable): change to a typedef for a HashMap.
-        * kjs/function.cpp:
-        (KJS::ActivationImp::getOwnPropertySlot): Adjusted for new SymbolTable API.
-        (KJS::ActivationImp::deleteProperty): ditto
-        (KJS::ActivationImp::put): ditto
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::initializesymbolTable): Adjusted, since
-        you now have to store a UString::rep, not an identifier.
-
-2007-10-27  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - numerous HashTable performance improvements
-        
-        This does not quite add up to a measurable win on SunSpider, but it allows a
-        follow-on > 3% improvement and probably helps WebCore too.
-        
-        I made the following improvements, among others:
-        
-        - Made HashFunctions note whether it is ok to compare a real value with the equal() function
-        to the empty or deleted value, and used this to optimize the comparisons done in hash lookup.
-        
-        - Specialized lookup so it doesn't have to do so many extra branches and build so many extra
-        std::pairs for cases that don't need them. There are now four versions, one for read-only access,
-        two for writing, and one folded directly into add() (these all were improvments).
-        
-        - Made HashMap::get() use lookup() directly instead of find() to avoid having to build iterators.
-        
-        - Made a special constructor for iterators that knows it points to
-        a valid filled cell and so skips updating itself.
-
-        - Reordered memory accesses in the various lookup functions for better code generation
-        
-        - Made simple translators avoid passing a hash code around
-        
-        - Other minor tweaks
-        
-        * wtf/HashTable.h:
-        (WTF::):
-        (WTF::HashTableConstIterator::HashTableConstIterator):
-        (WTF::HashTableIterator::HashTableIterator):
-        (WTF::IdentityHashTranslator::translate):
-        (WTF::HashTable::end):
-        (WTF::HashTable::lookup):
-        (WTF::HashTable::lookupForWriting):
-        (WTF::HashTable::makeKnownGoodIterator):
-        (WTF::HashTable::makeKnownGoodConstIterator):
-        (WTF::::lookup):
-        (WTF::::lookupForWriting):
-        (WTF::::fullLookupForWriting):
-        (WTF::::add):
-        (WTF::::addPassingHashCode):
-        (WTF::::reinsert):
-        (WTF::::find):
-        (WTF::::contains):
-        * kjs/identifier.cpp:
-        (WTF::):
-        * wtf/HashFunctions.h:
-        (WTF::):
-        * wtf/HashMap.h:
-        (WTF::):
-        (WTF::::get):
-        * wtf/HashSet.h:
-        (WTF::):
-        (WTF::::add):
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetTranslator::translate):
-
-2007-10-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - fix ASCIICType.h for some Windows compiles
-
-        * wtf/ASCIICType.h: Check the compiler, not the OS, since it's the
-        compiler/library that has the wchar_t that is just a typedef.
-
-2007-10-27  Kevin McCullough  <kmccullough@apple.com>
-
-        - BuildFix
-        - Forgot to change the build step when I changed the filename.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-10-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed the rest of "ASSERTION FAILED: _hash in KJS::UString::Rep::
-        computedHash()"
-        http://bugs.webkit.org/show_bug.cgi?id=15718
-
-        * kjs/identifier.cpp: Fixed more cases where an Identifier didn't get a 
-        hash value. Also changed O(n) strlen to O(1) check for empty string.
-        (KJS::Identifier::add):
-
-        * kjs/ustring.cpp: Changed O(n) strlens to O(1) checks for empty string.
-        (KJS::UString::UString):
-        (KJS::UString::operator=):
-
-2007-10-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - fix pow on Windows
-
-        * wtf/MathExtras.h: (wtf_pow): Add a special case for MSVC, which has
-        a "pow" function that does not properly handle the case where arg1 is
-        NaN and arg2 is 0.
-
-        * kjs/math_object.cpp: (MathFuncImp::callAsFunction): Don't explicity
-        specify "::pow" -- just "pow" is fine.
-
-2007-10-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15711
-          force JSImmediate to be inlined for roughly 1.2% SunSpider speedup
-
-        * kjs/JSImmediate.h: Put ALWAYS_INLINE on everything.
-
-        * kjs/object.h: Removed redundant includes.
-        * kjs/value.h: Ditto.
-
-2007-10-27  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-        
-        - fixed "ASSERTION FAILED: _hash in KJS::UString::Rep::computedHash()"
-        http://bugs.webkit.org/show_bug.cgi?id=15718
-
-        * kjs/identifier.cpp:
-        (KJS::Identifier::addSlowCase): Ensure that empty Identifiers have a hash computed,
-        now that we count on all Identifiers already having one.
-
-2007-10-27  Mark Rowe  <mrowe@apple.com>
-
-        Silence a warning.
-
-        * kjs/SymbolTable.h:
-
-2007-10-27  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/function.h:
-
-2007-10-26  Kevin McCullough  <kmccullough@apple.com>
-
-       Rubber stamp by Adam. 
-
-        - Renamed JSStringRefCOM to JSStringRefBSTR since it he only thing the
-        files contain are functions that operate on BSTRs.
-
-        * API/JSStringRefBSTR.cpp: Copied from API/JSStringRefCOM.cpp.
-        * API/JSStringRefBSTR.h: Copied from API/JSStringRefCOM.h.
-        * API/JSStringRefCOM.cpp: Removed.
-        * API/JSStringRefCOM.h: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-10-26  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Adam.
-
-        - Made JSStringCreateWithBSTR capable of handling null BSTRs.
-
-        * API/JSStringRefCOM.cpp:
-        (JSStringCreateWithBSTR):
-
-2007-10-26  Sam Weinig  <sam@webkit.org>
-
-        Windows build fix.
-
-        * kjs/SymbolTable.h: Add header gaurd.
-        * kjs/nodes.h: #include "SymbolTable.h"
-
-2007-10-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Suggested by Anders Carlsson.
-        
-        Fixed tyop.
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::getOwnPropertySlot):
-
-2007-10-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Suggested by Darin Adler.
-        
-        Use computedHash(), which is safer than just directly accessing _hash.
-
-        * kjs/lookup.cpp:
-        (KJS::Lookup::findEntry):
-        (KJS::Lookup::find):
-
-2007-10-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: svn add SymbolTable.h
-
-        * kjs/SymbolTable.h: Added.
-        (KJS::SymbolTable::set):
-        (KJS::SymbolTable::get):
-
-2007-10-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: export SymbolTable.h to WebCore.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-10-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Comment tweak suggested by Maciej.
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::getOwnPropertySlot):
-
-2007-10-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Tweaked property maps to remove 2 branches. 2.5% speedup on SunSpider.
-
-        * kjs/property_map.cpp: Use a special no branch accessor to the UString's
-        hash value. Also, return immediately instead of branching to the end
-        of the loop if the value is not found.
-        (KJS::PropertyMap::get):
-        (KJS::PropertyMap::getLocation):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::insert):
-        (KJS::PropertyMap::remove):
-        (KJS::PropertyMap::checkConsistency):
-
-        * kjs/ustring.h:
-        (KJS::UString::Rep::computedHash): Special no branch accessor to the
-        UString's hash value. Used when the caller knows that the hash value
-        has already been computed. (For example, if the caller got the UString
-        from an Identifier.)
-
-2007-10-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Switched ActivationImp to using a symbol table. For now, though, all
-        clients take the slow path.
-        
-        Net .6% speedup on SunSpider.
-        
-        Slowdowns:
-            - ActivationImp now mallocs in its constructor
-            - Local variable hits use an extra level of indirection to retrieve 
-            data
-            - Local variable misses do two lookups
-
-        Speedups:
-            - Fast initialization of local variables upon function entry
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added SymbolTable.h
-        
-        * kjs/function.cpp:
-        (KJS::ActivationImp::ActivationImp): Malloc a private structure to hold
-        data that won't fit in a JSCell.
-        (KJS::ActivationImp::argumentsGetter): Use slow symbol table path for 
-        lookup.
-        (KJS::ActivationImp::getOwnPropertySlot): ditto
-        (KJS::ActivationImp::deleteProperty): ditto
-        (KJS::ActivationImp::put): ditto
-        (KJS::ActivationImp::createArgumentsObject): ditto
-
-        (KJS::ActivationImp::mark): Call JSObject::mark first so that one of
-        our properties doesn't try to recursively mark us. (This caused a crash
-        in earlier testing. Not sure why we haven't run into it before.)
-
-        * kjs/nodes.cpp: Functions now build a symbol table the first time 
-        they're called.
-        (KJS::VarDeclNode::evaluate):
-        (KJS::FunctionBodyNode::FunctionBodyNode):
-        (KJS::FunctionBodyNode::initializeSymbolTable):
-        (KJS::FunctionBodyNode::processDeclarations):
-        (KJS::FunctionBodyNode::processDeclarationsForFunctionCode):
-        (KJS::FunctionBodyNode::processDeclarationsForProgramCode):
-
-        * kjs/nodes.h:
-        (KJS::FunctionBodyNode::symbolTable):
-
-        * wtf/Forward.h: Added Vector.
-
-2007-10-26  Kevin McCullough  <kmccullough@apple.com>
-
-        - Corrected function name mistake in this changelog.
-
-2007-10-26  Kevin McCullough  <kmccullough@apple.com>
-        Reviewed by Sam and Steve.
-
-        - Added convenience methods for converting between BSTR and JSStringRefs
-
-        * API/JSStringRefCOM.cpp: Added.
-        (JSStringCreateWithBSTR):
-        (JSStringCopyBSTR):
-        * API/JSStringRefCOM.h: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-10-26  Mark Rowe  <mrowe@apple.com>
-
-        Windows build fix.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-
-2007-10-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Make the JSC GC use a separate heap for JSNumbers to get a 0.7-1.4% progression in SunSpider.
-
-        * kjs/CollectorHeapIntrospector.cpp:
-        (KJS::CollectorHeapIntrospector::init):
-        (KJS::CollectorHeapIntrospector::enumerate):
-        * kjs/CollectorHeapIntrospector.h:
-        * kjs/collector.cpp:
-        (KJS::Collector::recordExtraCost):
-        (KJS::Collector::heapAllocate):
-        (KJS::Collector::allocate):
-        (KJS::Collector::allocateNumber):
-        (KJS::Collector::registerThread):
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::markMainThreadOnlyObjects):
-        (KJS::Collector::sweep):
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        * kjs/internal.h:
-        (KJS::NumberImp::operator new):
-          Force numbers to be allocated in the secondary heap.
-
-2007-10-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - encourage GCC a little harder to inline a few hot functions for 1.5% improvement on SunSpider.
-
-        * kjs/value.h:
-        (KJS::JSValue::getUInt32):
-        (KJS::JSValue::getTruncatedInt32):
-        (KJS::JSValue::toNumber):
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::~PassRefPtr):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::operator->):
-
-2007-10-26  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/ExecState.h:
-
-2007-10-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark.
-
-        - Merge Context class fully into ExecState, since they are always created and used together.
-
-        No measurable performance impact but this is a useful cleanup.
-
-        * JavaScriptCore.pri:
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::ExecState):
-        (KJS::ExecState::~ExecState):
-        (KJS::ExecState::mark):
-        (KJS::ExecState::lexicalInterpreter):
-        * kjs/ExecState.h:
-        (KJS::ExecState::dynamicInterpreter):
-        (KJS::ExecState::setException):
-        (KJS::ExecState::clearException):
-        (KJS::ExecState::exception):
-        (KJS::ExecState::exceptionSlot):
-        (KJS::ExecState::hadException):
-        (KJS::ExecState::scopeChain):
-        (KJS::ExecState::callingExecState):
-        (KJS::ExecState::propertyNames):
-        * kjs/collector.cpp:
-        (KJS::Collector::reportOutOfMemoryToAllInterpreters):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::FunctionImp::argumentsGetter):
-        (KJS::FunctionImp::callerGetter):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::Interpreter):
-        (KJS::Interpreter::init):
-        (KJS::Interpreter::evaluate):
-        (KJS::Interpreter::mark):
-        * kjs/interpreter.h:
-        (KJS::Interpreter::setCurrentExec):
-        (KJS::Interpreter::currentExec):
-        * kjs/nodes.cpp:
-        (KJS::currentSourceId):
-        (KJS::currentSourceURL):
-        (KJS::ThisNode::evaluate):
-        (KJS::ResolveNode::evaluate):
-        (KJS::FunctionCallResolveNode::evaluate):
-        (KJS::PostfixResolveNode::evaluate):
-        (KJS::DeleteResolveNode::evaluate):
-        (KJS::TypeOfResolveNode::evaluate):
-        (KJS::PrefixResolveNode::evaluate):
-        (KJS::AssignResolveNode::evaluate):
-        (KJS::VarDeclNode::evaluate):
-        (KJS::DoWhileNode::execute):
-        (KJS::WhileNode::execute):
-        (KJS::ForNode::execute):
-        (KJS::ForInNode::execute):
-        (KJS::ContinueNode::execute):
-        (KJS::BreakNode::execute):
-        (KJS::ReturnNode::execute):
-        (KJS::WithNode::execute):
-        (KJS::SwitchNode::execute):
-        (KJS::LabelNode::execute):
-        (KJS::TryNode::execute):
-        (KJS::FunctionBodyNode::processDeclarationsFunctionCode):
-        (KJS::FunctionBodyNode::processDeclarationsProgramCode):
-        (KJS::FunctionBodyNode::processDeclarations):
-        (KJS::FuncDeclNode::makeFunction):
-        (KJS::FuncExprNode::evaluate):
-
-2007-10-26  Mark Rowe  <mrowe@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-10-26  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * JavaScriptCore.pri:
-        * kjs/ExecState.cpp:
-
-2007-10-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - moved Context class into ExecState.{h,cpp} in preparation for merging 
-        ExecState and Context classes.
-
-        * kjs/ExecState.h: Moved CodeType enum and Context class here in
-        preparation for merging ExecState and Context.
-        * kjs/ExecState.cpp: Moved Context class here from Context.cpp.
-        (KJS::Context::Context):
-        (KJS::Context::~Context):
-        (KJS::Context::mark):
-        * kjs/context.h: Removed.
-        * kjs/Context.cpp: Removed.
-        * kjs/function.h: Removed CodeType enum.
-        * kjs/LabelStack.h: Added. Pulled LabelStack class out of internal.h.
-        * kjs/internal.h: Removed LabelStack.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new file, removed ones that are gone.
-        * kjs/collector.cpp: Fixed includes.
-        * kjs/function.cpp: ditto
-        * kjs/internal.cpp: ditto
-        * kjs/interpreter.cpp: ditto
-        * kjs/lookup.h: ditto
-        * kjs/nodes.cpp: ditto
-
-2007-10-26  Mark Rowe  <mrowe@apple.com>
-
-        Windows build fix.
-
-        * kjs/string_object.cpp:
-        (KJS::StringObjectFuncImp::callAsFunction):
-
-2007-10-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15703
-          fix numeric functions -- improve correctness and speed
-
-        Gives about 1% gain on SunSpider.
-
-        * kjs/value.h: Added toIntegerPreserveNan, removed toUInt16.
-        (KJS::JSValue::toInt32): Changed to call getTruncatedInt32 in a way that works
-        with both immediate and number values.
-        (KJS::JSValue::toUInt32): Ditto.
-        * kjs/value.cpp:
-        (KJS::JSValue::toInteger): Moved the logic from roundValue here, with a couple
-        differences. One is that it now correctly returns 0 for NaN, and another is that
-        there's no special case for 0 or infinity, since the general case already handles
-        those correctly.
-        (KJS::JSValue::toIntegerPreserveNaN): Added. Like toInteger, but without the
-        check for NaN.
-        (KJS::JSValue::toInt32SlowCase): Call toNumber instead of roundValue. The
-        truncation done by the typecast already does the necessary truncation that
-        roundValue was doing.
-        (KJS::JSValue::toUInt32SlowCase): Ditto.
-        (KJS::JSValue::toUInt16): Removed.
-
-        * kjs/internal.h: Removed roundValue.
-        * kjs/internal.cpp: Ditto.
-
-        * kjs/array_object.cpp: (KJS::ArrayProtoFunc::callAsFunction): Remove unneeded
-        code to handle NaN in Array.slice; toInteger now never returns NaN as specified.
-
-        * kjs/date_object.cpp:
-        (KJS::fillStructuresUsingTimeArgs): Replaced call to roundValue with a call to
-        toNumber as specified.
-        (KJS::DateProtoFunc::callAsFunction): In SetTime case, replaced call to roundValue
-        with a call to toNumber and timeClip as specified.
-        (KJS::DateObjectImp::construct): Removed unnecessary checks of numArgs in cases
-        where the default behavior of toInt32 (returning 0) was already correct. Replaced
-        call to roundValue with a call to toNumber as specified.
-        (KJS::DateObjectFuncImp::callAsFunction): Ditto.
-
-        * kjs/math_object.cpp: (MathFuncImp::callAsFunction): Removed unnecessary special
-        cases for the pow function that the library already handles correctly.
-
-        * kjs/number_object.cpp: (NumberProtoFunc::callAsFunction): Changed ToString to
-        call toIntegerPreserveNaN, so we can continue to handle the NaN case differently.
-        The real toInteger now returns 0 for NaN. Took out unneeded special case in
-        ToFixed for undefined; was only needed because our toInteger was wrong. Same
-        thing in ToExponential. Changed ToPrecision to call toIntegerPreserveNaN.
-
-        * kjs/string_object.cpp:
-        (KJS::StringProtoFunc::callAsFunction): Took out CharAt and CharCodeAt special
-        cases for undefined that were only needed because toInteger was wrong. Same in
-        IndexOf, and was able to remove some special cases. In LastIndexOf, used
-        toIntegerPreserveNaN, but was able to remove some special cases there too.
-        Changed Substr implementation to preserve correct behavior with the change
-        to toInteger and match the specification. Also made sure we weren't converting
-        an out of range double to an int.
-        (KJS::StringObjectFuncImp::callAsFunction): Changed constructor to just use
-        toUInt32, because truncating toUInt32 to 16 bits is the same thing and there's
-        no reason to have toUInt16 as a second, less-optimized function that's only
-        called at this one call site.
-
-        * wtf/MathExtras.h: Added trunc function for Windows.
-
-2007-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Tweaked the inner hashtable lookup loop to remove a branch in the "not 
-        found" case. .5% speedup on SunSpider.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/HashTable.h:
-        (WTF::::lookup):
-
-2007-10-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-
-        - fold together toPrimitive() and toNumber() conversions for 0.5% gain on SunSpider
-
-        * kjs/nodes.cpp:
-        (KJS::SubNode::evaluate): Subtract directly, since toPrimitive() is not
-        adding any value over toNumber() here.
-        (KJS::valueForReadModifyAssignment): Ditto.
-        (KJS::lessThan): Use new getPrimitiveNumber() method to avoid some virtual calls
-        and branches.
-        (KJS::lessThanEq): Ditto.
-        * JavaScriptCore.exp: Export new functions as needed.
-        * kjs/value.h:
-        (KJS::JSValue::toPrimitive): Fixed formatting.
-        (KJS::JSValue::getPrimitiveNumber): New method - this simultaneously converts
-        to number and tells you whether a toPrimitive() conversion with a Number hint
-        would have given a string.
-        * kjs/internal.cpp:
-        (KJS::StringImp::getPrimitiveNumber): Implemented. 
-        (KJS::NumberImp::getPrimitiveNumber): ditto
-        (KJS::GetterSetterImp::getPrimitiveNumber): ditto
-        (KJS::StringImp::toPrimitive): Fixed formatting.
-        (KJS::NumberImp::toPrimitive): ditto
-        (KJS::GetterSetterImp::toPrimitive): ditto
-        * kjs/internal.h:
-        * kjs/object.cpp:
-        (KJS::JSObject::getPrimitiveNumber): Implemented.
-        * kjs/object.h:
-
-2007-10-25  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Remove JSStringRefCFHack from windows as it is no longer needed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2007-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Rolled out my last patch. It turns out that I needed 2 words, not 1,
-        so it didn't help.
-
-2007-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15694
-        Shrink the size of an activation object by 1 word
-        
-        This is in preparation for adding a symbol table to the activation 
-        object.
-        
-        The basic strategy here is to rely on the mutual exclusion between
-        the arguments object pointer and the function pointer (you only need
-        the latter in order to create the former), and store them in the same 
-        place. The LazyArgumentsObject class encapsulates this strategy.
-        
-        Also inlined the ArgumentsImp constructor, for good measure.
-        
-        SunSpider reports no regression. Regression tests pass.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/Context.cpp:
-        (KJS::Context::~Context):
-        * kjs/function.cpp:
-        (KJS::ActivationImp::LazyArgumentsObject::createArgumentsObject):
-        (KJS::ActivationImp::LazyArgumentsObject::mark):
-        (KJS::ActivationImp::argumentsGetter):
-        (KJS::ActivationImp::mark):
-        * kjs/function.h:
-        (KJS::ActivationImp::LazyArgumentsObject::LazyArgumentsObject):
-        (KJS::ActivationImp::LazyArgumentsObject::getOrCreate):
-        (KJS::ActivationImp::LazyArgumentsObject::resetArguments):
-        (KJS::ActivationImp::LazyArgumentsObject::setArgumentsObject):
-        (KJS::ActivationImp::LazyArgumentsObject::argumentsObject):
-        (KJS::ActivationImp::LazyArgumentsObject::setFunction):
-        (KJS::ActivationImp::LazyArgumentsObject::function):
-        (KJS::ActivationImp::LazyArgumentsObject::createdArgumentsObject):
-        (KJS::ActivationImp::LazyArgumentsObject::):
-        (KJS::ActivationImp::ActivationImp::ActivationImp):
-        (KJS::ActivationImp::resetArguments):
-
-2007-10-25  Adam Roben  <aroben@apple.com>
-
-        Change JavaScriptCore.vcproj to use DerivedSources.make
-
-        We were trying to emulate the logic of make in
-        build-generated-files.sh, but we got it wrong. We now use a
-        build-generated-files very much like the one that WebCore uses to
-        invoke make.
-
-        We also now only have a Debug configuration of dftables which we build
-        even when doing a Release build of JavaScriptCore. dftables also no
-        longer has the "_debug" name suffix.
-
-        Changes mostly made by Darin, reviewed by me.
-
-        * DerivedSources.make: Add a variable to set the extension used for
-        the dftables executable.
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Updated to use Debug
-        dftables in Release configurations.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-           - Updated include path to point to the new location of the derived
-             sources.
-           - Modified pre-build event to pass the right arguments to
-             build-generated-files.sh and not call dftables directly.
-           - Added the derived source files to the project.
-           - Removed grammarWrapper.cpp, which isn't needed now that we're
-             compiling grammar.cpp directly.
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-        Slightly modified from the WebCore version.
-        * JavaScriptCore.vcproj/JavaScriptCore/grammarWrapper.cpp: Removed.
-        * JavaScriptCore.vcproj/dftables/dftables.vcproj:
-            - Changed the output location to match Mac.
-            - Removed the Release configuration.
-            - Removed the _debug suffix.
-
-2007-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Eric Seidel.
-        
-        Slightly elaborated the differences between declaration procesing in 
-        Function Code and Program Code.
-        
-        .3% speedup on SunSpider.
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::processDeclarationsFunctionCode): 
-        (KJS::FunctionBodyNode::processDeclarationsProgramCode): Store a 
-        minimum set of attributes instead of recomputing all the time. Also,
-        ignore m_parameters, since programs don't have arguments.
-
-2007-10-25  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-        
-        More preparation work before adding long-running mode to testkjs.
-
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-        (prettyPrintScript):
-        (runWithScripts):
-        (parseArguments):
-        (kjsmain):
-        (fillBufferWithContentsOfFile):
-
-2007-10-25  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-        
-        Bring testkjs code out of the dark ages in preparation for more
-        radical improvements (like long-running testing support!)
-
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction):
-        (setupInterpreter):
-        (doIt):
-        (fillBufferWithContentsOfFile):
-
-2007-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Make a fast path for declaration processing inside Function Code.
-        
-        Lifted declaration processing code up from individual declaration nodes
-        and into processDeclarations.
-        
-        Broke out processDeclarations into two cases, depending on the type of 
-        code. This eliminates 2 branches, and facilitates more radical 
-        divergeance in the future.
-        
-        2.5% SunSpider speedup.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNode::initializeDeclarationStacks):
-        (KJS::FunctionBodyNode::processDeclarationsFunctionCode):
-        (KJS::FunctionBodyNode::processDeclarationsProgramCode):
-        (KJS::FunctionBodyNode::execute):
-        (KJS::FuncDeclNode::makeFunction):
-        * kjs/nodes.h:
-
-2007-10-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam.
-        
-        - add header includes needed on platforms that don't use AllInOneFile.cpp
-
-        * API/JSCallbackObject.cpp:
-        * kjs/Context.cpp:
-        * kjs/ExecState.cpp:
-        * kjs/array_instance.cpp:
-        * kjs/function_object.cpp:
-        * kjs/interpreter.cpp:
-        * kjs/nodes.cpp:
-
-2007-10-25  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Geoff.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: re-mark JSGlobalObject.h as private
-
-2007-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15683
-        Re-order declaration initialization to avoid calling hasProperty inside
-        VarDeclNode::processDeclaration
-        
-        .7% speedup on SunSpider.
-
-        * kjs/function.h:
-        * kjs/function.cpp: Merged parameter processing into FunctionBodyNode's
-        other processing of declared symbols, so the order of execution could 
-        change.
-
-        * kjs/nodes.cpp:
-        (KJS::VarDeclNode::getDeclarations): Added special case for the 
-        "arguments" property name, explained in the comment.
-
-        (KJS::VarDeclNode::processDeclaration): Removed call to hasProperty
-        in the case of function code, since we know the declared symbol
-        management will resolve conflicts between symbols. Yay!
-
-        (KJS::VarDeclListNode::getDeclarations): Now that VarDeclNode's 
-        implementation of getDeclarations is non-trivial, we can't take a 
-        short-cut here any longer -- we need to put the VarDecl node on the 
-        stack so it gets processed normally.
-
-        (KJS::FunctionBodyNode::processDeclarations): Changed the order of 
-        processing to enforce mutual exclusion rules.
-
-        * kjs/nodes.h:
-        (KJS::DeclarationStacks::DeclarationStacks): Structure includes an 
-        ExecState now, for fast access to the "arguments" property name.
-
-2007-10-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-        
-        Add a JSGlobalObject class and remove the InterpreterMap
-        http://bugs.webkit.org/show_bug.cgi?id=15681
-        
-        This required making JSCallbackObject a template class to allow for
-        JSGlobalObjects with JSCallbackObject functionality.
-        
-        SunSpider claims this was a 0.5% speedup.
-
-        * API/JSCallbackObject.cpp:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h: Copied from API/JSCallbackObject.cpp.
-        (KJS::::JSCallbackObject):
-        (KJS::::init):
-        (KJS::::~JSCallbackObject):
-        (KJS::::initializeIfNeeded):
-        (KJS::::className):
-        (KJS::::getOwnPropertySlot):
-        (KJS::::put):
-        (KJS::::deleteProperty):
-        (KJS::::implementsConstruct):
-        (KJS::::construct):
-        (KJS::::implementsHasInstance):
-        (KJS::::hasInstance):
-        (KJS::::implementsCall):
-        (KJS::::callAsFunction):
-        (KJS::::getPropertyNames):
-        (KJS::::toNumber):
-        (KJS::::toString):
-        (KJS::::setPrivate):
-        (KJS::::getPrivate):
-        (KJS::::inherits):
-        (KJS::::cachedValueGetter):
-        (KJS::::staticValueGetter):
-        (KJS::::staticFunctionGetter):
-        (KJS::::callbackGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        * API/JSValueRef.cpp:
-        (JSValueIsObjectOfClass):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bindings/c/c_utility.cpp:
-        (KJS::Bindings::convertValueToNPVariant):
-        * bindings/jni/jni_jsobject.cpp:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        * kjs/Context.cpp:
-        (KJS::Context::Context):
-        * kjs/ExecState.cpp:
-        (KJS::ExecState::lexicalInterpreter):
-        * kjs/JSGlobalObject.h: Added.
-        (KJS::JSGlobalObject::JSGlobalObject):
-        (KJS::JSGlobalObject::isGlobalObject):
-        (KJS::JSGlobalObject::interpreter):
-        (KJS::JSGlobalObject::setInterpreter):
-        * kjs/array_instance.cpp:
-        * kjs/context.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::Interpreter):
-        (KJS::Interpreter::init):
-        (KJS::Interpreter::~Interpreter):
-        (KJS::Interpreter::globalObject):
-        (KJS::Interpreter::initGlobalObject):
-        (KJS::Interpreter::evaluate):
-        * kjs/interpreter.h:
-        * kjs/lookup.h:
-        (KJS::cacheGlobalObject):
-        * kjs/object.h:
-        (KJS::JSObject::isGlobalObject):
-        * kjs/testkjs.cpp:
-
-2007-10-24  Eric Seidel  <eric@webkit.org>
-
-        Build fix for Gtk, no review.
-
-        * kjs/collector.cpp: #include "context.h"
-
-2007-10-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Maciej.
-        
-        Stop checking isOutOfMemory after every allocation, instead let the collector
-        notify all ExecStates if we ever hit this rare condition.
-        
-        SunSpider claims this was a 2.2% speedup.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-        (KJS::Collector::reportOutOfMemoryToAllInterpreters):
-        * kjs/collector.h:
-        * kjs/nodes.cpp:
-        (KJS::TryNode::execute):
-
-2007-10-24  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/identifier.h:  Remove extra qualification.
-
-2007-10-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Disable ALWAYS_INLINE in debug builds, since it drives the debugger
-        crazy.
-
-        * wtf/AlwaysInline.h:
-
-2007-10-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Inlined the fast path for creating an Identifier from an Identifier. 
-        
-        This is a .4% speedup on SunSpider overall, but as big as a 2.5% 
-        speedup on certain individual tests. 65% of the Identifiers creating 
-        by SunSpider are already Identifiers.
-        
-        (The main reason I'm making this change is that it resolves a large
-        regression in a patch I haven't checked in yet.)
-
-        * JavaScriptCore.exp:
-        * kjs/identifier.cpp:
-        (KJS::Identifier::addSlowCase):
-        * kjs/identifier.h:
-        (KJS::Identifier::Identifier::add):
-
-2007-10-24  Lars Knoll  <lars@trolltech.com>
-
-        Reviewed by Simon.
-
-        some changes to the way JS values are converted to Qt values in the script bindings. Added support for converting JS arrays into QStringList's.
-
-        * bindings/qt/qt_instance.cpp:
-        (KJS::Bindings::QtInstance::invokeMethod):
-        * bindings/qt/qt_runtime.cpp:
-        (KJS::Bindings::convertValueToQVariant):
-        (KJS::Bindings::QtField::setValueToInstance):
-
-2007-10-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin.
-
-        Remove old relation method, replace with specialised LessThan and lessThenEq functions for a 0.5-0.6% improvement in SunSpider
-
-        * kjs/nodes.cpp:
-        (KJS::lessThan):
-        (KJS::lessThanEq):
-        (KJS::LessNode::evaluate):
-        (KJS::GreaterNode::evaluate):
-        (KJS::LessEqNode::evaluate):
-        (KJS::GreaterEqNode::evaluate):
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-
-2007-10-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-
-        * kjs/nodes.h:
-        (KJS::ImmediateNumberNode::): Fix ASSERT correctness (and debug build!)
-
-2007-10-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        * kjs/object.cpp: (KJS::JSObject::defaultValue): Get rid of a little
-        Identifier ref/deref for what SunSpider claims is a 0.4% speedup.
-
-2007-10-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - separate out the code to create a hash table the first time from the code
-          to rehash
-
-        SunSpider claims this was a 0.7% speedup.
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::expand): Changed to call either createTable or rehash.
-        (KJS::PropertyMap::createTable): Added. For the case where we had no table.
-        (KJS::PropertyMap::rehash): Removed code needed only in the case where we
-        had no table.
-        * kjs/property_map.h: Added createTable.
-
-2007-10-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by darin.
-        
-        Add ImmediateNumberNode to hold a JSValue* instead of a double for numbers
-        which can be represented by JSImmediate.
-        
-        SunSpider claims this was a 0.6% speedup.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::NumberNode::evaluate):
-        (KJS::ImmediateNumberNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::Node::):
-        (KJS::ImmediateNumberNode::):
-        * kjs/nodes2string.cpp:
-        (ImmediateNumberNode::streamTo):
-
-2007-10-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15657
-          change static hash tables to use powers of two for speed
-
-        Seems to give 0.7% SunSpider speedup.
-
-        * kjs/create_hash_table: Updated to generate new format.
-        * kjs/lookup.cpp:
-        (KJS::keysMatch): Took out unneeded typecast.
-        (KJS::findEntry): Updated to expect table type 3 -- changed the printf to a plain old assert.
-        Replaced the modulus with a bit mask.
-        (KJS::Lookup::findEntry): Get the hash directly, since we know identifiers already have computed
-        their hash -- saves a branch.
-        (KJS::Lookup::find): Ditto.
-        * kjs/lookup.h: Changed attr from 2-byte value to one-byte value. Replaced hashSize with hashSizeMask.
-
-2007-10-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-        
-        - remove KJS_CHECKEXCEPTIONs in places where exceptions can't happen for 0.6% SunSpider speedup
-
-        * kjs/nodes.cpp:
-        (KJS::DoWhileNode::execute):
-        (KJS::WhileNode::execute):
-        (KJS::ForNode::execute):
-        (KJS::ForInNode::execute):
-        (KJS::SourceElementsNode::execute):
-
-2007-10-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/JSImmediate.h: (KJS::JSImmediate::getUInt32):
-        Changed an && to an & for a 1% gain in SunSpider.
-
-2007-10-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Reduce branching in implementations of some operator implementations, yielding 1.3% boost to SunSpider.
-
-        * kjs/nodes.cpp:
-        (KJS::MultNode::evaluate):
-        (KJS::DivNode::evaluate):
-        (KJS::ModNode::evaluate):
-        (KJS::add):
-        (KJS::sub):
-        (KJS::AddNode::evaluate):
-        (KJS::SubNode::evaluate):
-        (KJS::valueForReadModifyAssignment):
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-
-2007-10-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej.
-
-        Separating all of the simple (eg. non-read-modify-write) binary operators
-        into separate classes in preparation for further JS optimisations.
-        
-        Happily this produces a 0.8% to 1.0% performance increase in SunSpider with
-        no further work.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::MultNode::evaluate):
-        (KJS::DivNode::evaluate):
-        (KJS::ModNode::evaluate):
-        (KJS::AddNode::evaluate):
-        (KJS::SubNode::evaluate):
-        (KJS::LeftShiftNode::evaluate):
-        (KJS::RightShiftNode::evaluate):
-        (KJS::UnsignedRightShiftNode::evaluate):
-        (KJS::LessNode::evaluate):
-        (KJS::GreaterNode::evaluate):
-        (KJS::LessEqNode::evaluate):
-        (KJS::GreaterEqNode::evaluate):
-        (KJS::InstanceOfNode::evaluate):
-        (KJS::InNode::evaluate):
-        (KJS::EqualNode::evaluate):
-        (KJS::NotEqualNode::evaluate):
-        (KJS::StrictEqualNode::evaluate):
-        (KJS::NotStrictEqualNode::evaluate):
-        (KJS::BitAndNode::evaluate):
-        (KJS::BitXOrNode::evaluate):
-        (KJS::BitOrNode::evaluate):
-        (KJS::LogicalAndNode::evaluate):
-        (KJS::LogicalOrNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::MultNode::):
-        (KJS::DivNode::):
-        (KJS::ModNode::):
-        (KJS::AddNode::):
-        (KJS::SubNode::):
-        (KJS::LeftShiftNode::):
-        (KJS::RightShiftNode::):
-        (KJS::UnsignedRightShiftNode::):
-        (KJS::LessNode::):
-        (KJS::GreaterNode::):
-        (KJS::LessEqNode::):
-        (KJS::GreaterEqNode::):
-        (KJS::InstanceOfNode::):
-        (KJS::InNode::):
-        (KJS::EqualNode::):
-        (KJS::NotEqualNode::):
-        (KJS::StrictEqualNode::):
-        (KJS::NotStrictEqualNode::):
-        (KJS::BitAndNode::):
-        (KJS::BitOrNode::):
-        (KJS::BitXOrNode::):
-        (KJS::LogicalAndNode::):
-        (KJS::LogicalOrNode::):
-        * kjs/nodes2string.cpp:
-        (MultNode::streamTo):
-        (DivNode::streamTo):
-        (ModNode::streamTo):
-        (AddNode::streamTo):
-        (SubNode::streamTo):
-        (LeftShiftNode::streamTo):
-        (RightShiftNode::streamTo):
-        (UnsignedRightShiftNode::streamTo):
-        (LessNode::streamTo):
-        (GreaterNode::streamTo):
-        (LessEqNode::streamTo):
-        (GreaterEqNode::streamTo):
-        (InstanceOfNode::streamTo):
-        (InNode::streamTo):
-        (EqualNode::streamTo):
-        (NotEqualNode::streamTo):
-        (StrictEqualNode::streamTo):
-        (NotStrictEqualNode::streamTo):
-        (BitAndNode::streamTo):
-        (BitXOrNode::streamTo):
-        (BitOrNode::streamTo):
-        (LogicalAndNode::streamTo):
-
-2007-10-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15639
-          fix Math.abs(0), Math.ceil(-0), and Math.floor(-0)
-
-        Test: fast/js/math.html
-
-        * kjs/math_object.cpp: (MathFuncImp::callAsFunction):
-        Fix abs to look at the sign bit. Add a special case for values in the range
-        between -0 and -1 and a special case for ceil and for -0 for floor.
-
-2007-10-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric.
-
-        - streamline exception handling code for a >1% speed-up of SunSpider
-
-        * kjs/nodes.cpp: Changed macros to use functions for everything that's not
-        part of normal execution. We'll take function call overhead when propagating
-        an exception or out of memory.
-        (KJS::createOutOfMemoryCompletion): Added.
-        (KJS::substitute): Use append instead of the relatively inefficient + operator.
-        (KJS::Node::rethrowException): Added.
-        * kjs/nodes.h: Added rethrowException.
-
-2007-10-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15636
-          some JavaScriptCore regression tests are failing due to numeric conversion
-
-        This should restore correctness and make speed better too, restoring some
-        of the optimization we lost in my last check-in.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::getTruncatedInt32): Added. Uses the range checking idiom
-        I used in my patch yesterday.
-        (KJS::JSImmediate::getTruncatedUInt32): Ditto.
-
-        * kjs/internal.h: Removed getInt32 and added getTruncatedInt/UInt32.
-        * kjs/internal.cpp:
-        (KJS::NumberImp::getUInt32): Changed to always use double, since I can't find
-        a way to write this more efficiently for float.
-        (KJS::NumberImp::getTruncatedInt32): Added.
-        (KJS::NumberImp::getTruncatedUInt32): Added.
-
-        * kjs/value.h: Removed getInt32 and added getTruncatedInt/UInt32.
-        (KJS::JSValue::getUInt32):
-        (KJS::JSValue::getTruncatedInt32): Added.
-        (KJS::JSValue::getTruncatedUInt32): Added.
-        (KJS::JSValue::toInt32): Changed getInt32 call to getTruncatedInt32.
-        (KJS::JSValue::toUInt32): Changed getUInt32 call to getTruncatedUInt32.
-        * kjs/value.cpp:
-        (KJS::JSCell::getTruncatedInt32): Added.
-        (KJS::JSCell::getTruncatedUInt32): Added.
-        (KJS::JSValue::toInteger): Changed getUInt32 call to getTruncatedInt32.
-        (KJS::JSValue::toInt32SlowCase): Removed extra getInt32 call I accidentally
-        had left in here.
-        (KJS::JSValue::toUInt32SlowCase): Ditto.
-        (KJS::JSValue::toUInt16): Changed getUInt32 call to getTruncatedUInt32.
-
-        * JavaScriptCore.exp: Updated.
-
-2007-10-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15632
-          js1_5/Array/array-001.js test failing
-
-        One of the JavaScriptCore tests was failing; it failed because of
-        my change to NumberImp::getUInt32. The incorrect code I copied was
-        from JSImmediate::getUInt32, and was a pre-existing bug.
-
-        This patch fixes correctness, but will surely slow down SunSpider.
-        We may be able to code this tighter and get the speed back.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::getInt32): Renamed from toInt32 to more accurately
-        reflect the fact that this function only returns true if the value is
-        accurate (no fractional part, etc.). Changed code so that it returns
-        false when the value has a fraction.
-        (KJS::JSImmediate::getUInt32): Ditto.
-
-        * kjs/internal.cpp:
-        (KJS::NumberImp::getInt32): Changed code so that it returns false when
-        the value has a fraction. Restores the old behavior.
-        (KJS::NumberImp::getUInt32): Ditto.
-
-        * kjs/value.h:
-        (KJS::JSValue::getInt32): Updated for name change.
-        (KJS::JSValue::getUInt32): Ditto.
-        (KJS::JSValue::toInt32): Ditto.
-        (KJS::JSValue::toUInt32): Ditto.
-
-2007-10-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Brady.
-
-        - fix crash seen when running JavaScriptCore tests
-
-        * kjs/array_instance.cpp: (KJS::ArrayInstance::mark):
-        Copy and paste error: I accidentally had code here that was
-        making a copy of the HashMap -- that's illegal inside a mark
-        function and was unnecessary. The other callsite was modifying
-        the map as it iterated it, but this function is not.
-
-2007-10-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - Avoid moving floats into integer registers in jsNumber() for 3% speedup on SunSpider
-        http://bugs.webkit.org/show_bug.cgi?id=15627
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::fromDouble): Avoid moving floats to integer
-        registers since this is very slow.
-
-2007-10-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15617
-          improve speed of integer conversions
-
-        Makes SunSpider 6% faster.
-
-        * kjs/JSImmediate.h: Added toInt32 and toUInt32, with separate versions for
-        32-bit and 64-bit.
-        * kjs/value.h:
-        (KJS::JSValue::getUInt32): Call JSImmediate::toUInt32.
-
-        * kjs/internal.h: Added getInt32.
-        * kjs/internal.cpp:
-        (KJS::NumberImp::getInt32): Added.
-        (KJS::NumberImp::getUInt32): Replaced with more-optimal implementation
-        stolen from JSValue.
-
-        * kjs/value.h:
-        (KJS::jsNumber): Marked ALWAYS_INLINE, because this wasn't getting
-        inlined.
-        (KJS::JSValue::getInt32): Added.
-        (KJS::JSValue::getUInt32): Changed to call the new JSImmediate::toUInt32
-        to avoid converting from float to double.
-        (KJS::JSValue::toInt32): Made inline, separated out the slow case.
-        (KJS::JSValue::toUInt32): Ditto.
-        * kjs/value.cpp:
-        (KJS::JSCell::getInt32): Added.
-        (KJS::JSValue::toInt32SlowCase): Renamed from toInt32. Changed to use the
-        new getInt32. Added a faster case for in-range numbers.
-        (KJS::JSValue::toUInt32SlowCase): Ditto.
-        (KJS::JSValue::toUInt16): Added a faster case for in-range numbers.
-
-        * JavaScriptCore.exp: Updated for changes.
-
-2007-10-22  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Turn off
-        warning about implicit conversion to bool.
-
-2007-10-22  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * kjs/array_instance.cpp:
-
-2007-10-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15606
-          make cut-off for sparse vs. dense arrays smarter for speed with large arrays
-
-        Makes the morph test in SunSpider 26% faster, and the overall
-        benchmark 3% faster.
-
-        This also fixes some small problems we had with the distinction
-        between nonexistent and undefined values in arrays.
-
-        * kjs/array_instance.h: Tweaked formatting and naming.
-        * kjs/array_instance.cpp: Copied from kjs/array_object.cpp.
-        (KJS::storageSize): Added. Computes the size of the storage given a vector length.
-        (KJS::increasedVectorLength): Added. Implements the rule for resizing the vector.
-        (KJS::isDenseEnoughForVector): Added.
-        (KJS::ArrayInstance::ArrayInstance): Initialize the new fields.
-        (KJS::ArrayInstance::~ArrayInstance): Since m_storage is now never 0, delete it.
-        (KJS::ArrayInstance::getItem): Updated for name changes.
-        (KJS::ArrayInstance::lengthGetter): Ditto.
-        (KJS::ArrayInstance::inlineGetOwnPropertySlot): Added. Allows both versions of
-        getOwnPropertySlot to share more code.
-        (KJS::ArrayInstance::getOwnPropertySlot): Just refactored, no code change.
-        (KJS::ArrayInstance::put): Added logic for extending the vector as long as the
-        array is dense enough. Also keep m_numValuesInVector up to date.
-        (KJS::ArrayInstance::deleteProperty): Added code to keep m_numValuesInVector
-        up to date.
-        (KJS::ArrayInstance::getPropertyNames): Fixed bug where this would omit names
-        for array indices with undefined values.
-        (KJS::ArrayInstance::increaseVectorLength): Renamed from resizeStorage. Also
-        simplified to only handle getting larger.
-        (KJS::ArrayInstance::setLength): Added code to update m_numValuesInVector, to
-        zero out the unused part of the vector and to delete the map if it's no longer
-        needed.
-        (KJS::ArrayInstance::mark): Tweaked formatting.
-        (KJS::compareByStringForQSort): Ditto.
-        (KJS::ArrayInstance::sort): Ditto.
-        (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
-        Ditto.
-        (KJS::compareWithCompareFunctionForQSort): Ditto.
-        (KJS::ArrayInstance::compactForSorting): Fixed bug where this would turn
-        undefined values into nonexistent values in some cases.
-
-        * kjs/array_object.h: Removed MAX_ARRAY_INDEX.
-        * kjs/array_object.cpp: Removed ArrayInstance. Moved to a separate file.
-
-        * JavaScriptCore.pri: Added array_instance.cpp.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * kjs/AllInOneFile.cpp: Ditto.
-
-2007-10-22  Andrew Wellington  <proton@wiretapped.net>
-
-        Reviewed by Mark Rowe.
-        
-        Fix for local database support after r26879
-        Ensure that ENABLE_DATABASE and ENABLE_ICONDATABASE are correctly set
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2007-10-22  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Alp.
-
-        Build fix for the non-qmake builds.
-
-        * wtf/Platform.h: Default to enabling the database features unless
-        otherwise specified. (similar to ENABLE_ICONDATABASE)
-
-2007-10-22  Holger Freyther  <zecke@selfish.org>
-
-        Reviewed by Simon Hausmann <hausmann@kde.org>.
-
-        * Do not build testkjs as an application bundle. This is
-        needed for run-javascriptcore-tests on OSX.
-        * Also, based on r26633, allow to test the WebKit/Qt port on OSX.
-        * Set DYLD_LIBRARY_PATH if it was set in the environment. It must be set
-        as we do not have -rpath on OSX.
-
-        * kjs/testkjs.pro:
-
-2007-10-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Alp.
-
-        http://bugs.webkit.org/show_bug.cgi?id=15575
-        Bug 15575: [GTK] Implement threading using GThread
-
-        * wtf/Platform.h: Do not enable pthreads for Gtk.
-
-2007-10-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Mitz.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=15603
-        Bug 15603: Regression(r26847): Crash when sorting an empty array from JavaScript
-
-        * kjs/array_object.cpp:
-        (KJS::freeStorage): Reinstate null-check that was removed in r26847.
-
-2007-10-21  Darin Adler  <darin@apple.com>
-
-        - fix Windows build
-
-        * kjs/array_instance.h: Removed unused ExecState parameter.
-        * kjs/array_object.cpp:
-        (KJS::ArrayInstance::put): Ditto.
-        (KJS::ArrayInstance::setLength): Ditto.
-
-2007-10-21  Darin Adler  <darin@apple.com>
-
-        * kjs/array_object.cpp: (KJS::ArrayInstance::put):
-        Add missing assignment that was causing regression test crash.
-
-2007-10-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15585
-          speed up sparse arrays by using a custom map
-    
-        Speeds up SunSpider by 10%.
-
-        * kjs/array_object.cpp:
-        (allocateStorage): Leave room for an additional pointer.
-        (reallocateStorage): Ditto.
-        (freeStorage): Ditto.
-        (ArrayInstance::~ArrayInstance): Delete the overflow map if present.
-        (ArrayInstance::getItem): Read values from the overflow map if present.
-        Removed the check of length, since it slows down the common case.
-        (ArrayInstance::getOwnPropertySlot): Ditto. Also removed the fallback
-        to the property map.
-        (ArrayInstance::put): Write values into the overflow map as needed.
-        Also create overflow map when needed.
-        (ArrayInstance::deleteProperty): Remove values from the overflow map
-        as appropriate.
-        (ArrayInstance::getPropertyNames): Add a name for each identifier in
-        the property map. This is extremely inefficient.
-        (ArrayInstance::setLength): Remove any values in the overflow map
-        that are past the new length, as we formerly did with the property map.
-        (ArrayInstance::mark): Mark any values in the overflow map.
-        (compareByStringForQSort): Removed unneeded undefined case, since
-        compactForSorting guarantees we will have no undefined values.
-        (compareWithCompareFunctionForQSort): Ditto.
-        (ArrayInstance::compactForSorting): Copy all the values out of the
-        overflow map and destroy it.
-
-        * kjs/property_map.h: Removed now-unused getSparseArrayPropertyNames.
-        * kjs/property_map.cpp: Ditto.
-
-2007-10-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15579
-          stop churning identifier reference counts copying Completion objects
-
-        * kjs/completion.h: Replace the Identifier with an Identifier*.
-        * kjs/nodes.cpp:
-        (ForInNode::execute): Update for change to Completion constructor.
-        (ContinueNode::execute): Ditto.
-        (BreakNode::execute): Ditto.
-
-2007-10-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Alp.
-
-        Gtk changes needed to enable HTML 5 client-side database storage.
-
-        * wtf/Platform.h: Have Gtk use pthreads for now.
-
-2007-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15570
-        Store gathered declaration nodes in the function body node.
-        
-        This means that you only have to gather the declaration nodes the first 
-        time the function executes. Performance gain of 2.10% on SunSpider, 
-        0.90% on command-line JS iBench.
-
-        * kjs/nodes.cpp: Split declaration stack initialization code off into 
-        initializeDeclarationStacks().
-        (FunctionBodyNode::FunctionBodyNode):
-        (FunctionBodyNode::initializeDeclarationStacks):
-        (FunctionBodyNode::processDeclarations):
-
-        * kjs/nodes.h: Changed DeclarationStacks structure to hold references, 
-        since the actual Vectors are now stored either on the stack or in the 
-        function body node.
-
-2007-10-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        http://bugs.webkit.org/show_bug.cgi?id=15559
-        Moved processDeclarations call into FunctionBodyNode::execute
-
-        To improve encapsulation, moved processDeclarations call into
-        FunctionBodyNode::execute. Also marked processDeclarations 
-        ALWAYS_INLINE, since it has only 1 caller now. This is a .71% speedup 
-        on command-line JS iBench.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::GlobalFuncImp::callAsFunction):
-        * kjs/function.h:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::evaluate):
-        * kjs/nodes.cpp:
-        (FunctionBodyNode::execute):
-        * kjs/nodes.h:
-
-2007-10-19  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Sam
-
-        Queue -> Deque! and small style tweaks
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
-        * wtf/Deque.h: Added.
-        (WTF::DequeNode::DequeNode):
-        (WTF::Deque::Deque):
-        (WTF::Deque::~Deque):
-        (WTF::Deque::size):
-        (WTF::Deque::isEmpty):
-        (WTF::Deque::append):
-        (WTF::Deque::prepend):
-        (WTF::Deque::first):
-        (WTF::Deque::last):
-        (WTF::Deque::removeFirst):
-        (WTF::Deque::clear):
-        * wtf/Queue.h: Removed.
-
-
-2007-10-19  Brady Eidson <beidson@apple.com>
-
-        Reviewed by Oliver
-
-        Added a simple LinkedList based Queue to wtf
-        We can make a better, more sophisticated an efficient one later, but have
-        needed one for some time, now!
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Queue.h: Added.
-        (WTF::QueueNode::QueueNode):
-        (WTF::Queue::Queue):
-        (WTF::Queue::~Queue):
-        (WTF::Queue::size):
-        (WTF::Queue::isEmpty):
-        (WTF::Queue::append):
-        (WTF::Queue::prepend):
-        (WTF::Queue::first):
-        (WTF::Queue::last):
-        (WTF::Queue::removeFirst):
-        (WTF::Queue::clear):
-
-2007-10-19  Nikolas Zimmermann  <zimmermann@kde.org>
-
-        Reviewed by Anders.
-
-        Try to fix Qt/Win build slave, by including windows.h also on Qt/Win.
-
-        * kjs/testkjs.cpp: Change PLATFORM(WIN) to PLATFORM(WIN_OS)
-
-2007-10-19  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Lars.
-
-        Fix compilation on Windows when wchar_t is a typedef instead of a native type (triggered by -Zc:wchar_t-).
-        Don't provide the wchar_t overloads then as they conflict with the unsigned short ones.
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIAlpha):
-        (WTF::isASCIIAlphanumeric):
-        (WTF::isASCIIDigit):
-        (WTF::isASCIIHexDigit):
-        (WTF::isASCIILower):
-        (WTF::isASCIISpace):
-        (WTF::toASCIILower):
-        (WTF::toASCIIUpper):
-
-2007-10-19  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Lars.
-
-        Another build fix for the windows/qt build: Apply the same fix as in revision 26686 also to kjs/config.h to disable the disallowctype feature.
-
-        * kjs/config.h:
-
-2007-10-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam.
-        
-        - use __declspec(thread) for fast thread-local storage on Windows
-        
-        - 2.2% speedup on sunspider (on Windows)
-        - 7% speedup on the string section
-        - 6% speedup on JS iBench
-        
-        - fixed <rdar://problem/5473084> PLT on Windows got 2.5% slower between r25406 and r25422
-        - fixed at least some of <rdar://5527965? i-Bench JS was 14% slower in 310A11 than 310A10
-        
-        
-        * wtf/FastMalloc.cpp:
-        (WTF::getThreadHeap):
-        (WTF::setThreadHeap):
-        (WTF::TCMalloc_ThreadCache::GetCache):
-        (WTF::TCMalloc_ThreadCache::GetCacheIfPresent):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-
-2007-10-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=15543
-          <rdar://problem/5545639> REGRESSION (r26697):
-          GoogleDocs: Can't create new documents or open existing ones
-
-        Test: fast/js/regexp-non-character.html
-
-        * pcre/pcre_compile.c: (check_escape): Take out the checks for valid characters
-        in the \u sequences -- not needed and actively harmful.
-
-2007-10-17  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Oliver.
-
-        * wtf/Platform.h:
-        #define USE_PTHREADS on Mac.
-
-2007-10-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Merged DeclaredFunctionImp into FunctionImp (the base class) because 
-        the distinction between the two was unused.
-        
-        Removed codeType() from FunctionImp because FunctionImp and its 
-        subclasses all returned FunctionCode, so it was unused, practically 
-        speaking.
-        
-        Removed a different codeType() from GlobalFuncImp because it was unused.
-        (Perhaps it was vestigial from a time when GlobalFuncImp used to 
-        inherit from FunctionImp.)
-
-        * bindings/runtime_method.cpp:
-        * bindings/runtime_method.h:
-        * kjs/function.cpp:
-        (KJS::FunctionImp::FunctionImp):
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::FunctionImp::construct):
-        (KJS::FunctionImp::execute):
-        (KJS::FunctionImp::processVarDecls):
-        * kjs/function.h:
-        (KJS::FunctionImp::implementsConstruct):
-        (KJS::FunctionImp::scope):
-        * kjs/function_object.cpp:
-        (FunctionProtoFunc::callAsFunction):
-        (FunctionObjectImp::construct):
-        * kjs/nodes.cpp:
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::evaluate):
-
-2007-10-17  Adam Roben  <aroben@apple.com>
-
-        Windows build fix part 2.
-
-        Fix was by Darin, reviewed by Anders and Adam.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add
-        FastMallocPCRE.cpp to the project, and let Visual Studio have its way
-        with the post-build step.
-        * pcre/pcre.h: Don't DLL export the entry points just because this
-        is Win32 -- this is an internal copy of PCRE and should be private.
-        * pcre/pcre_compile.c: Fix an uninitialized variable warning --
-        there's no real problem but it's better to quiet the compiler by
-        tweaking the code slightly than turn off the warning entirely.
-
-2007-10-17  Adam Roben  <aroben@apple.com>
-
-        Windows build fix.
-
-        Reviewed by Anders.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Disable
-        some mismatched signed/unsigned comparison warnings.
-        * pcre/pcre_exec.c:
-        (match): #if-out some labels that don't seem to exist.
-
-2007-10-17  Mark Rowe  <mrowe@apple.com>
-
-        Gtk build fix.
-
-        * JavaScriptCore.pri: Add FastMallocPCRE.cpp.
-        * pcre/pcre_get. #if out two functions that depend on pcre_get_stringnumber, which
-        is currently unavailable for UTF-16.
-
-2007-10-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - merged PCRE changes between 6.4 and 6.5
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Removed pcre_config.c, pcre_globals.c, pcre_info.c, pcre_maketables.c,
-        pcre_printint.src, pcre_refcount.c, pcre_study.c, pcre_try_flipped.c,
-        pcre_ucp_findchar.c, pcre_version.c, and ucptable.c. Added pcre_ucp_searchfuncs.c.
-
-        * pcre/AUTHORS:
-        * pcre/LICENCE:
-        * pcre/MERGING:
-        * pcre/dftables.c:
-        * pcre/pcre-config.h:
-        * pcre/pcre.h:
-        * pcre/pcre.pri:
-        * pcre/pcre_compile.c:
-        * pcre/pcre_exec.c:
-        * pcre/pcre_fullinfo.c:
-        * pcre/pcre_get.c:
-        * pcre/pcre_internal.h:
-        * pcre/pcre_maketables.c:
-        * pcre/pcre_ord2utf8.c:
-        * pcre/pcre_tables.c:
-        * pcre/pcre_ucp_searchfuncs.c: Copied from pcre/pcre_ucp_findchar.c.
-        * pcre/pcre_xclass.c:
-        * pcre/ucp.h:
-        * pcre/ucpinternal.h:
-        * pcre/ucptable.c:
-        Updated with new versions from the PCRE 6.5 release, merged with changes.
-
-        * pcre/pcre_config.c: Removed.
-        * pcre/pcre_globals.c: Removed.
-        * pcre/pcre_info.c: Removed.
-        * pcre/pcre_printint.src: Removed.
-        * pcre/pcre_refcount.c: Removed.
-        * pcre/pcre_study.c: Removed.
-        * pcre/pcre_try_flipped.c: Removed.
-        * pcre/pcre_ucp_findchar.c: Removed.
-        * pcre/pcre_version.c: Removed.
-
-2007-10-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Removed KJS_VERBOSE because it was getting in the way of readability, 
-        and the messages didn't seem very helpful.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::callAsFunction):
-        (KJS::FunctionImp::passInParameters):
-        * kjs/lookup.h:
-        (KJS::lookupPut):
-        * kjs/object.cpp:
-        (KJS::JSObject::put):
-        * kjs/value.h:
-
-2007-10-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Removed the Parameter class because it was a redundant wrapper around 
-        Identifier.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::passInParameters):
-        (KJS::FunctionImp::getParameterName):
-        * kjs/nodes.cpp:
-        (FunctionBodyNode::addParam):
-        * kjs/nodes.h:
-        (KJS::FunctionBodyNode::):
-
-2007-10-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Global replace of assert with ASSERT.
-
-2007-10-16  Adam Roben  <aroben@apple.com>
-
-        Make testkjs not delay-load WebKit
-
-        Soon, delay-loading WebKit will be impossible (because we will be
-        using __declspec(thread) for thread-local storage). This change
-        prepares testkjs for the future.
-
-        Reviewed by Sam.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed WebKitInitializer,
-        added FindSafari.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Don't link against
-        WebKitInitializer, don't delay-load WebKit.
-        * kjs/testkjs.cpp: Don't use WebKitInitializer.
-
-2007-10-16  Adam Roben  <aroben@apple.com>
-
-        Updated testkjs for the rename of WebKit_debug.dll to WebKit.dll for the Debug configuration
-
-        Reviewed by Kevin McCullough.
-
-        * JavaScriptCore.vcproj/debug.vsprops: Added WebKitDLLConfigSuffix.
-        * JavaScriptCore.vcproj/debug_internal.vsprops: Ditto.
-        * JavaScriptCore.vcproj/release.vsprops: Ditto.
-        * JavaScriptCore.vcproj/testkjs/testkjs.vcproj: Use
-        WebKitDLLConfigSuffix when referring to WebKit.dll, and fixed a typo
-        in the name of icuuc36[_debug].dll.
-
-2007-10-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Re-structured variable and function declaration code.
-        
-        Command-line JS iBench shows no regression.
-        
-        Here are the changes:
-
-        1. Function declarations are now processed at the same time as var 
-        declarations -- namely, immediately upon entry to an execution context. 
-        This does not match Firefox, which waits to process a function
-        declaration until the declaration's containing block executes, but it 
-        does match IE and the ECMA spec. (10.1.3 states that var and function 
-        declarations should be processed at the same time -- namely, "On 
-        entering an execution context." 12.2 states that "A Block does not 
-        define a new execution scope.")
-
-        2. Declaration processing proceeds iteratively now, rather than 
-        recursively, storing the nodes is finds in stacks. This will later 
-        facilitate an optimization to hold on to the gathered declaration nodes, 
-        rather than re-fetching them in every function call. 
-        [ http://bugs.webkit.org/show_bug.cgi?id=14868 ]
-
-        Modified these tests because they expected the incorrect Mozilla 
-        behavior described above:
-
-        * tests/mozilla/ecma_3/Function/scope-001.js:
-        * tests/mozilla/js1_5/Scope/regress-184107.js:
-
-2007-10-16  Darin Adler  <darin@apple.com>
-
-        - try to fix the GTK build
-
-        * kjs/ustring.cpp: Include ASCIICType.h, not ASCIICtype.h.
-
-2007-10-16  Darin Adler  <darin@apple.com>
-
-        - try to fix the Windows build
-
-        * kjs/date_object.cpp: (KJS::parseDate): A couple instances of isspace were
-        in here. Not sure why it wasn't failing elsewhere. Changed to isASCIISpace.
-
-2007-10-16  Darin Adler  <darin@apple.com>
-
-        - try to fix the GTK build
-
-        * kjs/ustring.cpp: Include ASCIICType.h.
-
-2007-10-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej and Geoff (and looked over by Eric).
-
-        - http://bugs.webkit.org/show_bug.cgi?id=15519
-          eliminate use of <ctype.h> for processing ASCII
-
-        * wtf/ASCIICType.h: Added.
-        * wtf/DisallowCType.h: Added.
-
-        * kjs/config.h: Include DisallowCType.h.
-
-        * kjs/date_object.cpp:
-        (KJS::skipSpacesAndComments):
-        (KJS::findMonth):
-        (KJS::parseDate):
-        * kjs/function.cpp:
-        (KJS::decode):
-        * kjs/ustring.cpp:
-        (KJS::UString::toDouble):
-        Use ASCIICType.h functions instead of ctype.h ones.
-
-2007-10-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - fixes for "New JavaScript benchmark"
-        http://bugs.webkit.org/show_bug.cgi?id=15515
-        
-        * kjs/testkjs.cpp:
-        (TestFunctionImp::callAsFunction): Implement "load" for compatibility
-        with SpiderMonkey.
-        (TestFunctionImp::): ditto
-        (doIt): ditto
-        (kjsmain): Drop useless --> from output.
-
-2007-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed unnecessary #include.
-
-        * API/JSObjectRef.cpp:
-
-2007-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Double-reverse build fix. My tree was out of date.
-
-        * kjs/nodes.cpp:
-        (NumberNode::evaluate):
-
-2007-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * kjs/nodes.cpp:
-        (NumberNode::evaluate):
-
-2007-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Removed surprising self-named "hack" that made nested functions 
-        available as named properties of their containing functions, and placed
-        containing function objects in the scope chains of nested functions.
-        
-        There were a few reasons to remove this "hack:"
-
-        1. It contradicted FF, IE, and the ECMA spec.
-
-        2. It incurred a performance penalty, since merely parsing a function 
-        required parsing its body for nested functions (and so on).
-
-        3. SVN history contains no explanation for why it was added. It was just
-        legacy code in a large merge a long, long time ago.
-
-        [ Patch broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
-
-        * kjs/nodes.cpp:
-        (FuncDeclNode::processFuncDecl):
-
-2007-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Removed the concept of AnonymousCode. It was unused, and it doesn't
-        exist in the ECMA spec.
-        
-        [ Patch broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
-
-        * kjs/Context.cpp:
-        (KJS::Context::Context):
-        * kjs/function.h:
-        * kjs/nodes.cpp:
-        (ReturnNode::execute):
-
-2007-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Made function parameters DontDelete. This matches FF and the vague
-        description in ECMA 10.1.3. It's also required in order to make
-        symbol table based lookup of function parameters valid. (If the 
-        parameters aren't DontDelete, you can't guarantee that you'll find
-        them later in the symbol table.)
-
-        [ Patch broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::passInParameters):
-
-2007-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Some Vector optimizations. These are especially important when using
-        Vector as a stack for implementing recursive algorithms iteratively.
-        
-        [ Broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
-
-        1. Added shrink(), which is a version of resize() that you can call
-        to save a branch / improve code generation and inlining when you know 
-        that the vector is not getting bigger.
-        
-        2. Changed subclassing relationship in VectorBuffer to remove a call to
-        fastFree() in the destructor for the inlineCapacity != 0 template
-        specialization. This brings inline Vectors one step closer to true
-        stack-allocated arrays.
-        
-        Also changed abort() to CRASH(), since the latter works better.
-
-        * wtf/Vector.h:
-        (WTF::VectorBufferBase::allocateBuffer):
-        (WTF::VectorBufferBase::deallocateBuffer):
-        (WTF::VectorBufferBase::VectorBufferBase):
-        (WTF::VectorBufferBase::~VectorBufferBase):
-        (WTF::):
-        (WTF::VectorBuffer::VectorBuffer):
-        (WTF::VectorBuffer::~VectorBuffer):
-        (WTF::VectorBuffer::deallocateBuffer):
-        (WTF::VectorBuffer::releaseBuffer):
-        (WTF::Vector::clear):
-        (WTF::Vector::removeLast):
-        (WTF::::operator):
-        (WTF::::fill):
-        (WTF::::shrink):
-
-2007-10-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed http://bugs.webkit.org/show_bug.cgi?id=15490
-        Iteration statements sometimes incorrectly evaluate to the empty value 
-        (KDE r670547). 
-        
-        [ Broken off from http://bugs.webkit.org/show_bug.cgi?id=14868 ]
-        
-        This patch is a merge of KDE r670547, with substantial modification 
-        for performance.
-        
-        It fixes do-while statements to evaluate to a value. (They used
-        to evaluate to the empty value in all cases.) 
-
-        It also fixes SourceElementsNode to maintain the value of abnormal 
-        completions like "break" and "continue."
-        
-        It also re-works the main execution loop in SourceElementsNode so that
-        it (1) makes a little more sense and (2) avoids unnecessary work. This 
-        is a .28% speedup on command-line JS iBench.
-
-        * kjs/nodes.cpp:
-        (DoWhileNode::execute):
-        (SourceElementsNode::execute):
-
-2007-10-15  Simon Hausmann  <hausmann@kde.org>
-
-        Reviewed by Lars.
-
-        Fix compilation with gcc 4.3 by including 'limits' due to the use of std::numeric_limits.
-
-        * wtf/HashTraits.h:
-
-2007-10-5  Kevin Ollivier  <kevino@theolliviers.com>
- 
-        Reviewed by Adam.
-        
-        Add support for MSVC7, and fix cases where PLATFORM(WIN) should
-        be PLATFORM(WIN_OS) for other ports building on Windows.
- 
-        * kjs/DateMath.cpp:
-        (KJS::getDSTOffsetSimple):
-        * kjs/JSImmediate.h:
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-        * wtf/Platform.h:
-        * wtf/StringExtras.h:
-        (snprintf):
-        (vsnprintf):
-
-2007-10-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Darin.
-
-        Adds NegateNode optimization from KJS. The relevant revision in KDE
-        is 666736.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (NumberNode::evaluate):
-        * kjs/nodes.h:
-        (KJS::Node::):
-        (KJS::NumberNode::):
-        * kjs/nodes2string.cpp:
-        (NumberNode::streamTo):
-
-2007-10-14  Jason Foreman  <jason@threeve.org>
-
-        Reviewed by Maciej.
-
-        Fix http://bugs.webkit.org/show_bug.cgi?id=15145
-        
-        Ensure that if adjusting n to minimize the difference of n*intPow10(e-p+1) to x,
-        that the property n < intPow10(p) is maintained.
-
-        * kjs/number_object.cpp:
-        (NumberProtoFunc::callAsFunction):
-
-== Rolled over to ChangeLog-2007-10-14 ==

diff --git a/ChangeLog-2009-06-16 b/ChangeLog-2009-06-16
deleted file mode 100644 (file)
index 52d3c36..0000000
--- a/ChangeLog-2009-06-16
+++ /dev/null
@@ -1,39978 +0,0 @@
-2009-06-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Sam Weinig.
-
-        Rename PatchBuffer to LinkBuffer.  Previously our terminology has been a little
-        mixed up, but we have decided to fix on refering to the process that takes place
-        at the end of code generation as 'linking', and on any modifications that take
-        place later (and once the code has potentially already been executed) as 'patching'.
-
-        However, the term 'PatchBuffer' is already in use, and needs to be repurposed.
-
-        To try to minimize confusion, we're going to switch the terminology over in stages,
-        so for now we'll refer to later modifications as 'repatching'.  This means that the
-        new 'PatchBuffer' has been introduced with the name 'RepatchBuffer' instead.
-
-        This patch renames the old 'PatchBuffer' to 'LinkBuffer'.  We'll leave ToT in this
-        state for a week or so to try to avoid to much overlap of the meaning of the term
-        'PatchBuffer', then will come back and rename 'RepatchBuffer'.
-
-        * assembler/ARMv7Assembler.h:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::LinkBuffer::LinkBuffer):
-        (JSC::AbstractMacroAssembler::LinkBuffer::~LinkBuffer):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::compile):
-
-2009-06-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Having moved most of their functionality into the RepatchBuffer class,
-        we can simplify the CodeLocation* classes.
-
-        The CodeLocation* classes are currently a tangle of templatey and friendly
-        badness, burried in the middle of AbstractMacroAssembler.  Having moved
-        the ability to repatch out into RepatchBufer they are now do-nothing wrappers
-        on CodePtr (MacroAssemblerCodePtr), that only exist to provide type-safety.
-
-        Simplify the code, and move them off into their own header.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
-        * assembler/CodeLocation.h: Copied from assembler/AbstractMacroAssembler.h.
-        (JSC::CodeLocationCommon::CodeLocationCommon):
-        (JSC::CodeLocationInstruction::CodeLocationInstruction):
-        (JSC::CodeLocationLabel::CodeLocationLabel):
-        (JSC::CodeLocationJump::CodeLocationJump):
-        (JSC::CodeLocationCall::CodeLocationCall):
-        (JSC::CodeLocationNearCall::CodeLocationNearCall):
-        (JSC::CodeLocationDataLabel32::CodeLocationDataLabel32):
-        (JSC::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
-        (JSC::CodeLocationCommon::instructionAtOffset):
-        (JSC::CodeLocationCommon::labelAtOffset):
-        (JSC::CodeLocationCommon::jumpAtOffset):
-        (JSC::CodeLocationCommon::callAtOffset):
-        (JSC::CodeLocationCommon::nearCallAtOffset):
-        (JSC::CodeLocationCommon::dataLabelPtrAtOffset):
-        (JSC::CodeLocationCommon::dataLabel32AtOffset):
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodePtr::operator!):
-        * bytecode/CodeBlock.h:
-        (JSC::getStructureStubInfoReturnLocation):
-        (JSC::getCallLinkInfoReturnLocation):
-        (JSC::getMethodCallLinkInfoReturnLocation):
-        * bytecode/Instruction.h:
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::ctiForValue):
-        (JSC::SimpleJumpTable::ctiForValue):
-        * bytecode/StructureStubInfo.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCatch):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        (JSC::JITStubs::getPolymorphicAccessStructureListSlot):
-
-2009-06-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Having introduced the RepatchBuffer, ProcessorReturnAddress is now a do-nothing
-        wrapper around ReturnAddressPtr.  Remove it.  In tugging on this piece of string
-        it made sense to roll out the use of ReturnAddressPtr a little further into
-        JITStubs (which had always been the intention).
-
-        No performance impact.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToFunction):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkNearCallerToTrampoline):
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::ReturnAddressPtr::ReturnAddressPtr):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getStubInfo):
-        (JSC::CodeBlock::getCallLinkInfo):
-        (JSC::CodeBlock::getMethodCallLinkInfo):
-        (JSC::CodeBlock::getBytecodeIndex):
-        * interpreter/Interpreter.cpp:
-        (JSC::bytecodeOffsetForPC):
-        * jit/JIT.cpp:
-        (JSC::ctiPatchNearCallByReturnAddress):
-        (JSC::ctiPatchCallByReturnAddress):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compilePatchGetArrayLength):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::StackHack::StackHack):
-        (JSC::returnToThrowTrampoline):
-        (JSC::throwStackOverflowError):
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-        (JSC::JITStackFrame::returnAddressSlot):
-        * runtime/JSGlobalData.h:
-
-2009-06-15  Simon Fraser  <simon.fraser@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/6974857>
-
-        Define ENABLE_3D_RENDERING when building on 10.6, and move ENABLE_3D_RENDERING
-        switch from config.h to wtf/Platform.h.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-06-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Move repatching methods into a set of methods on a class.  This will allow us to
-        coallesce memory reprotection calls.  Really, we want this class to be called
-        PatchBuffer, we want the class PatchBuffer to be called LinkBuffer, we want both
-        to be memblers of MacroAssembler rather then AbstractMacroAssembler, we don't
-        want the CodeLocationFoo types anymore (they are now only really there to provide
-        type safety, and that is completely undermined by the way we use offsets).  Then
-        the link & patch buffers should delegate the actual patching calls to the
-        architecture-specific layer of the MacroAssembler.  Landing all these changes as a
-        sequence of patches.
-
-        No performance impact.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
-        (JSC::AbstractMacroAssembler::CodeLocationNearCall::CodeLocationNearCall):
-        (JSC::AbstractMacroAssembler::CodeLocationNearCall::calleeReturnAddressValue):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::RepatchBuffer):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::relink):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::repatch):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkCallerToFunction):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::relinkNearCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::RepatchBuffer::repatchLoadPtrToLEA):
-        * jit/JIT.cpp:
-        (JSC::ctiPatchNearCallByReturnAddress):
-        (JSC::ctiPatchCallByReturnAddress):
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::linkCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchMethodCallProto):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2009-06-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Hunt & Oliver Garen.
-
-        We are currently generating two copies of the slow path for op_call for no reason.  Stop that.
-
-        Originally op_call used two slow paths since the first set up the pointer to the CallLinkInfo
-        for use when linking.  However this is now looked up using the return address (as we do for
-        property accesses) so the two paths are now identical.
-
-        No performance impact, reduces memory footprint.
-
-        * bytecode/CodeBlock.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkCall):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-
-2009-06-12  Dave Hyatt  <hyatt@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26373
-
-        Add a new class to Threading in wtf called ReadWriteLock that handles single writer/multiple reader locking.
-        Provide a pthreads-only implementation of the lock for now, as this class is only going to be used
-        on Snow Leopard at first.
-
-        * wtf/Threading.h:
-        (WTF::ReadWriteLock::impl):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::ReadWriteLock::ReadWriteLock):
-        (WTF::ReadWriteLock::~ReadWriteLock):
-        (WTF::ReadWriteLock::readLock):
-        (WTF::ReadWriteLock::tryReadLock):
-        (WTF::ReadWriteLock::writeLock):
-        (WTF::ReadWriteLock::tryWriteLock):
-        (WTF::ReadWriteLock::unlock):
-
-2009-06-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Make LiteralParser non-recursive
-
-        Convert LiteralParser from using a simple recursive descent parser
-        to a hand rolled PDA.  Relatively simple conversion, but required
-        modifications to MarkedArgumentBuffer to make it more suitable as
-        a generic marked vector.   I'll refactor and rename MarkedArgumentBuffer
-        in future as there are many other cases where it will be useful to
-        have such a class.
-
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
-        (JSC::MarkedArgumentBuffer::append):
-        (JSC::MarkedArgumentBuffer::removeLast):
-        (JSC::MarkedArgumentBuffer::last):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::tryLiteralParse):
-        (JSC::LiteralParser::):
-
-2009-06-12  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (build fix for windows).
-
-        Adjust the exports for JSC on Windows like what was done for OSX in
-        the previous commit.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-06-12  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        UString shouldn't create sharedBuffer for SmallStrings.
-        https://bugs.webkit.org/show_bug.cgi?id=26360
-
-        The methods changed are not used by JSC, so there is no JS perf impact.  However,
-        there is a potential DOM perf impact, so I re-ran several of the tests that
-        I ran previously and ensured that the perf stay the same which caused me to
-        adjust the minLengthToShare.
-
-        * JavaScriptCore.exp:
-        * runtime/UString.cpp:
-        (JSC::UString::Rep::sharedBuffer):
-            Determines if the buffer being shared is big enough before doing so.
-            Previously, BaseString::sharedBuffer was called but it would only know
-            the length of the base string (BaseString::len) which may not be the same
-            as the string being shared (Rep::len).
-        (JSC::UString::BaseString::sharedBuffer):
-            This is now only be used by Rep::sharedBuffer. which does the length check.
-        * runtime/UString.h:
-
-2009-06-12  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26191
-        Remove xmath include in MathExtras.h, because it is not needed and also
-        breaks VS2008 builds with TR1 turned on.
-
-        * wtf/MathExtras.h: Removed xmath include.
-
-2009-06-12  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Eric Seidel.
-
-        * ChangeLog-2007-10-14: Change pseudonym "Don Gibson" to me (was used while Google Chrome was not public); update my email address.
-
-2009-06-12  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Adding JSONObject.cpp to the build.
-
-        * JavaScriptCoreSources.bkl:
-
-2009-06-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Jan Michael Alonzo.
-
-        [Qt] Fix build break
-        https://bugs.webkit.org/show_bug.cgi?id=26340
-
-        * JavaScriptCore.pri: Add JSONObject.cpp to LUT files.
-
-2009-06-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Lower stringify recursion limit to deal with small windows stack.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::):
-
-2009-06-11  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Holger Freyther.
-
-        Fix compilation warnings
-        <https://bugs.webkit.org/show_bug.cgi?id=26015>
-
-        * wtf/ThreadingNone.cpp:
-        (WTF::ThreadCondition::wait): Fix compilation warning.
-        (WTF::ThreadCondition::timedWait): Ditto.
-
-2009-06-10  Brent Fulgham  <bfulgham@webkit.org>
-
-        Build fix for Windows target.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-          Correct missing </File> tag after @r44550 that prevents the
-          project from being loaded in the Visual Studio IDE.
-
-2009-06-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Mark Rowe.
-
-        Tidy up a couple of comments.
-
-        * assembler/ARMv7Assembler.h:
-            Fix date in copyright, neaten up a couple of comments.
-        * assembler/MacroAssemblerARMv7.h:
-            Fix date in copyright.
-
-2009-06-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 26249: Support JSON.stringify
-        <https://bugs.webkit.org/show_bug.cgi?id=26249>
-        
-        Implement JSON.stringify.  This patch handles all the semantics of the ES5
-        JSON.stringify function, including replacer functions and arrays and both
-        string and numeric gap arguments.
-        
-        Currently uses a clamped recursive algorithm basically identical to the spec
-        description but with a few minor tweaks for performance and corrected semantics
-        discussed in the es-discuss mailing list.
-
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::jsonTable):
-        * runtime/CommonIdentifiers.h:
-           add toJSON to the list of common identifiers
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-            Add support for the JSON object lookup table
-
-        * runtime/JSONObject.cpp: Added.
-        (JSC::):
-        (JSC::JSONObject::getOwnPropertySlot):
-        (JSC::Stringifier::):
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::appendString):
-
-        (JSC::Stringifier::StringKeyGenerator::StringKeyGenerator):
-        (JSC::Stringifier::StringKeyGenerator::getKey):
-        (JSC::Stringifier::IntKeyGenerator::IntKeyGenerator):
-        (JSC::Stringifier::IntKeyGenerator::getKey):
-            These KeyGenerator classes are used to abstract away the lazy evaluation of keys for
-            toJSON and replacer functions.
-
-        (JSC::Stringifier::toJSONValue):
-        (JSC::Stringifier::stringifyArray):
-        (JSC::Stringifier::stringifyObject):
-        (JSC::JSONProtoFuncStringify):
-        * runtime/JSONObject.h: Added.
-        (JSC::JSONObject:::JSObject):
-        (JSC::JSONObject::classInfo):
-        (JSC::JSONObject::createStructure):
-
-2009-06-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Enable JIT_OPTIMIZE_CALL & JIT_OPTIMIZE_METHOD_CALLS on ARMv7 platforms.
-
-        These optimizations function correctly with no further changes.
-
-        * wtf/Platform.h:
-            Change to enable JIT_OPTIMIZE_CALL & JIT_OPTIMIZE_METHOD_CALLS.
-
-2009-06-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Not Reviewed, build fix.
-
-        * assembler/MacroAssemblerARMv7.h:
-
-2009-06-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Enable JIT_OPTIMIZE_ARITHMETIC on ARMv7 platforms.
-
-        Temporarily split support for 'branchTruncateDoubleToInt32' onto its own switch
-        ('supportsFloatingPointTruncate').  See comment in MacroAssemblerARMv7, we need
-        to work out wherther we are going to be able to support the current interface on
-        all platforms, or whether this should be refactored.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
-            Add implementation of supportsFloatingPointTruncate (returns true).
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
-            Add implementation of supportsFloatingPointTruncate (returns false).
-        (JSC::MacroAssemblerARMv7::loadDouble):
-        (JSC::MacroAssemblerARMv7::storeDouble):
-        (JSC::MacroAssemblerARMv7::addDouble):
-        (JSC::MacroAssemblerARMv7::subDouble):
-        (JSC::MacroAssemblerARMv7::mulDouble):
-        (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
-        (JSC::MacroAssemblerARMv7::branchDouble):
-            Implement FP code genertion operations.
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
-            Add implementation of supportsFloatingPointTruncate (returns true).
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
-            Add implementation of supportsFloatingPointTruncate (returns true).
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_rshift):
-            Changed to call supportsFloatingPointTruncate().
-        (JSC::JIT::emitSlow_op_rshift):
-            Changed to call supportsFloatingPointTruncate().
-        * wtf/Platform.h:
-            Change to enable JIT_OPTIMIZE_ARITHMETIC.
-
-2009-06-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe & Geoff Garen.
-
-        Enable JIT_OPTIMIZE_PROPERTY_ACCESS on ARMv7 platforms.
-
-        Firm up interface for planting load intructions that will be repatched by
-        repatchLoadPtrToLEA().  This method should now no longer be applied to just
-        any loadPtr instruction.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::loadPtrWithPatchToLEA):
-            Implement loadPtrWithPatchToLEA interface (plants a load with a fixed width address).
-        (JSC::MacroAssemblerARMv7::move):
-        (JSC::MacroAssemblerARMv7::nearCall):
-        (JSC::MacroAssemblerARMv7::call):
-        (JSC::MacroAssemblerARMv7::moveWithPatch):
-        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
-            Switch to use common method 'moveFixedWidthEncoding()' to perform fixed width (often patchable) loads.
-        (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
-            Move an immediate to a register, always plants movT3/movt instruction pair.
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::loadPtrWithPatchToLEA):
-            Implement loadPtrWithPatchToLEA interface (just a regular 32-bit load on x86).
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::loadPtrWithPatchToLEA):
-            Implement loadPtrWithPatchToLEA interface (just a regular 64-bit load on x86_64).
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        * wtf/Platform.h:
-            Change to enable JIT_OPTIMIZE_PROPERTY_ACCESS.
-
-2009-06-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Enable JS language JIT for ARM thumb2 platforms.  Add ARMv7 specific
-        asm & constants, add appropriate configuration switches to Platform.h.
-
-        Landing this disabled until jump linking is completed (see YARR jit patch).
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load32):
-            Fix: should load pointer with ImmPtr not Imm32.
-        (JSC::MacroAssemblerARMv7::store32):
-            Fix: should load pointer with ImmPtr not Imm32.
-        (JSC::MacroAssemblerARMv7::move):
-            Fix: When moving an Imm32 that is actually a pointer, should call movT3()
-            not mov(), to ensure code generation is repeatable (for exception handling).
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-            Disable JIT_OPTIMIZE_NATIVE_CALL specific code generation if the optimization is not enabled.
-        * jit/JIT.h:
-            Add ARMv7 specific values of constants & register names.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::preverveReturnAddressAfterCall):
-        (JSC::JIT::restoreReturnAddressBeforeReturn):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-            Implement for ARMv7 (move value to/from lr).
-        * jit/JITStubs.cpp:
-            Add JIT entry/thow trampolines, add macro to add thunk wrapper around stub routines.
-        * jit/JITStubs.h:
-        (JSC::JITStackFrame::returnAddressSlot):
-            Add ARMv7 stack frame object.
-        * wtf/Platform.h:
-            Add changes necessary to allow JIT to build on this platform, disabled.
-
-2009-06-08  Mark Rowe  <mrowe@apple.com>
-
-        Speculative GTK build fix.
-
-        * wtf/DateMath.cpp:
-
-2009-06-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Previous patch caused a regression.
-
-        Restructure so no new (empty, inline) function calls are added on x86.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::makeWritable):
-        (JSC::ExecutableAllocator::makeExecutable):
-        (JSC::ExecutableAllocator::reprotectRegion):
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Unreviewed, GTK build fix (thanks, bdash).
-
-        * GNUmakefile.am: Moved DateMath with all other wtf kin.
-
-2009-06-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Add (incomplete) support to YARR for running with the jit enabled
-        on Arm thumb2 platforms.  Adds new Assembler/MacroAssembler classes,
-        along with cache flushing support, tweaks to MacroAssemblerCodePtr
-        to support decorated thumb code pointers, and new enter/exit code
-        to YARR jit for the platform.
-
-        Support for this platform is still under development - the assembler
-        currrently only supports planting and linking jumps with a 16Mb range.
-        As such, initially commiting in a disabled state.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            Add new assembler files.
-        * assembler/ARMv7Assembler.h: Added.
-            Add new Assembler.
-        * assembler/AbstractMacroAssembler.h:
-            Tweaks to ensure sizes of pointer values planted in JIT code do not change.
-        * assembler/MacroAssembler.h:
-            On ARMv7 platforms use MacroAssemblerARMv7.
-        * assembler/MacroAssemblerARMv7.h: Added.
-            Add new MacroAssembler.
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr):
-            Add better ASSERT.
-        (JSC::ReturnAddressPtr::ReturnAddressPtr):
-            Add better ASSERT.
-        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
-            On ARMv7, MacroAssemblerCodePtr's mush be 'decorated' with a low bit set,
-            to indicate to the processor that the code is thumb code, not traditional
-            32-bit ARM.
-        (JSC::MacroAssemblerCodePtr::dataLocation):
-            On ARMv7, decoration must be removed.
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::makeWritable):
-            Reformatted, no change.
-        (JSC::ExecutableAllocator::makeExecutable):
-            When marking code executable also cache flush it, where necessary.
-        (JSC::ExecutableAllocator::MakeWritable::MakeWritable):
-            Only use the null implementation of this class if both !ASSEMBLER_WX_EXCLUSIVE
-            and running on x86(_64) - on other platforms we may also need ensure that
-            makeExecutable is called at the end to flush caches.
-        (JSC::ExecutableAllocator::reprotectRegion):
-            Reformatted, no change.
-        (JSC::ExecutableAllocator::cacheFlush):
-            Cache flush a region of memory, or platforms where this is necessary.
-        * wtf/Platform.h:
-            Add changes necessary to allow YARR jit to build on this platform, disabled.
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter):
-        (JSC::Yarr::RegexGenerator::generateReturn):
-            Add support to these methods for ARMv7.
-
-2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Unreviewed, fix my previous fix.
-
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::msToGregorianDateTime): Use WTF namespace qualifier to
-            disambiguate func signatures.
-
-2009-06-08  Mark Rowe  <mrowe@apple.com>
-
-        Attempt to fix the Tiger build.
-
-        * wtf/Platform.h: Only test the value of the macro once we know it is defined.
-
-2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Unreviewed, another Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Unreviewed, projectile-fixing Windows build.
-
-        * runtime/DateConversion.cpp: Added StringExtras include.
-        * wtf/DateMath.cpp: Replaced math with algorithm include (looking for std::min def for Windows).
-
-2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Unreviewed, Windows build fix.
-
-        * runtime/DateConstructor.cpp: Changed to use WTF namespace.
-        * runtime/DateConversion.cpp: Added UString include.
-        * runtime/DateInstance.cpp: Changed to use WTF namespace.
-        * wtf/DateMath.cpp: Added math include.
-
-2009-06-08  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26238
-        Move most of runtime/DateMath functions to wtf/DateMath, and split off conversion-related
-        helpers to DateConversion.
-
-        * AllInOneFile.cpp: Changed DateMath->DateConversion.
-        * GNUmakefile.am: Ditto and added DateMath.
-        * JavaScriptCore.exp: Ditto.
-        * JavaScriptCore.pri: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added DateMath.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * JavaScriptCoreSources.bkl: Ditto.
-        * pcre/pcre_exec.cpp: Changed to use DateMath.
-        * profiler/ProfileNode.cpp:
-        (JSC::getCount): Changed to use DateConversion.
-        * runtime/DateConstructor.cpp: Ditto.
-        * runtime/DateConversion.cpp: Copied from JavaScriptCore/runtime/DateMath.cpp.
-        (JSC::parseDate): Refactored to use null-terminated characters as input.
-        * runtime/DateConversion.h: Copied from JavaScriptCore/runtime/DateMath.h.
-        * runtime/DateInstance.cpp: Changed to use wtf/DateMath.
-        * runtime/DateInstance.h: Ditto.
-        * runtime/DateMath.cpp: Removed.
-        * runtime/DateMath.h: Removed.
-        * runtime/DatePrototype.cpp: Ditto.
-        * runtime/InitializeThreading.cpp: Ditto.
-        * wtf/DateMath.cpp: Copied from JavaScriptCore/runtime/DateMath.cpp.
-        * wtf/DateMath.h: Copied from JavaScriptCore/runtime/DateMath.h.
-
-2009-06-08  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-
-2009-06-07  David Kilzer  <ddkilzer@apple.com>
-
-        Make JavaScriptCore compile for iPhone and iPhone Simulator
-
-        Reviewed by Gavin Barraclough.
-
-        * Configurations/Base.xcconfig: Split GCC_ENABLE_OBJC_GC on
-        $(REAL_PLATFORM_NAME).  Added $(ARCHS_UNIVERSAL_IPHONE_OS) to
-        VALID_ARCHS.  Added REAL_PLATFORM_NAME_iphoneos,
-        REAL_PLATFORM_NAME_iphonesimulator, HAVE_DTRACE_iphoneos and
-        HAVE_DTRACE_iphonesimulator variables.
-        * Configurations/DebugRelase.xcconfig: Split ARCHS definition on
-        $(REAL_PLATFORM_NAME).
-        * Configurations/JavaScriptCore.xcconfig: Added
-        EXPORTED_SYMBOLS_FILE_armv6 and EXPORTED_SYMBOLS_FILE_armv7
-        variables.  Split OTHER_LDFLAGS into OTHER_LDFLAGS_BASE and
-        OTHER_LDFLAGS_$(REAL_PLATFORM_NAME) since CoreServices.framework
-        is only linked to on Mac OS X.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed references
-        to CoreServices.framework since it's linked using OTHER_LDFLAGS
-        in JavaScriptCore.xcconfig.
-        * profiler/ProfilerServer.mm: Added #import for iPhone
-        Simulator.
-        (-[ProfilerServer init]): Conditionalize use of
-        NSDistributedNotificationCenter to non-iPhone or iPhone
-        Simulator.
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::): Build fix for iPhone and iPhone
-        Simulator.
-        * wtf/Platform.h: Defined PLATFORM(IPHONE) and
-        PLATFORM(IPHONE_SIMULATOR).
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::setThreadNameInternal): Build fix for iPhone and iPhone
-        Simulator.
-
-2009-06-08  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Use $QMAKE_PATH_SEP instead of hardcoded / to fix Windows build
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-        * jsc.pro:
-
-2009-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-        RS by Sam Weinig.
-
-        Remove bonus bogus \n from last commit.
-
-        * jit/JITStubs.cpp:
-        (JSC::):
-
-2009-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Change the implementation of op_throw so the stub function always modifies its
-        return address - if it doesn't find a 'catch' it will switch to a trampoline
-        to force a return from JIT execution.  This saves memory, by avoiding the need
-        for a unique return for every op_throw.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_throw):
-            JITStubs::cti_op_throw now always changes its return address,
-            remove return code generated after the stub call (this is now
-            handled by ctiOpThrowNotCaught).
-        * jit/JITStubs.cpp:
-        (JSC::):
-            Add ctiOpThrowNotCaught definitions.
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-            Change cti_op_throw to always change its return address.
-        * jit/JITStubs.h:
-            Add ctiOpThrowNotCaught declaration.
-
-2009-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Rudder stamped by Sam Weinig.
-
-        Add missing ASSERT.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::getRelocatedAddress):
-
-2009-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Switch storePtrWithPatch to take the initial immediate value as an argument.
-
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::storePtrWithPatch):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jsr):
-
-2009-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove patchLength..tByIdExternalLoadPrefix magic numbers from JIT.h.
-
-        These aren't really suitable values to be tracking within common code
-        of the JIT, since they are not (and realistically cannot) be checked
-        by ASSERTs, as the other repatch offsets are.  Move this functionality
-        (skipping the REX prefix when patching load instructions to LEAs on
-        x86-64) into the X86Assembler.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::CodeLocationInstruction::repatchLoadPtrToLEA):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::repatchLoadPtrToLEA):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-
-2009-06-05  Shinichiro Hamaji  <hamaji@chromium.org>
-
-        Bug 26160: Compile fails in MacOSX when GNU fileutils are installed
-
-        <https://bugs.webkit.org/show_bug.cgi?id=26160>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Use /bin/ln instead of ln for cases where this command is used with -h option.
-        As this option is not supported by GNU fileutils, this change helps users 
-        who have GNU fileutils in their PATH.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Remove DoubleNotEqual floating point comparison condition for now -
-        it is not used, and it is unclear the semantics are correct (I think
-        this comparison would actually give you not-equal-or-unordered, which
-        might be what is wanted... we can revisit this interface & get it
-        right when required).
-
-        Also, fix asserts in branchArith32 ops.  All adds & subs can check
-        for Signed, multiply only sets OF so can only check for overflow.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::):
-        (JSC::MacroAssemblerX86Common::branchAdd32):
-        (JSC::MacroAssemblerX86Common::branchMul32):
-        (JSC::MacroAssemblerX86Common::branchSub32):
-
-2009-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Minor tidy up in JITStubs.
-
-        * jit/JITStubs.cpp:
-        (JSC::StackHack::StackHack):
-        * jit/JITStubs.h:
-
-2009-06-05  Koen Kooi <koen@dominion.thruhere.net>
-
-        Reviewed by Xan Lopez.
-
-        Build fix for glib unicode backend.
-
-        * wtf/unicode/glib/UnicodeMacrosFromICU.h:
-
-2009-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        3 tiny cleanups:
-
-        * assembler/MacroAssemblerX86.h:
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
-            store*() methods should take an ImplicitAddress, rather than an Address.
-        * assembler/X86Assembler.h:
-            Make patchPointer private.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_ret):
-            Remove empty line at end of function.
-
-2009-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Encapsulate many uses of void* in the assembler & jit with types that provide
-        more semantic information.  The new types are:
-        
-            * MacroAssemblerCodePtr - this wraps a pointer into JIT generated code.
-            * FunctionPtr - this wraps a pointer to a C/C++ function in JSC.
-            * ReturnAddressPtr - this wraps a return address resulting from a 'call' instruction.
-
-        Wrapping these types allows for stronger type-checking than is possible with everything
-        represented a void*.  For example, it is now enforced by the type system that near
-        calls can only be linked to JIT code and not to C functions in JSC (this was previously
-        required, but could not be enforced on the interface).
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::CodeLocationCommon):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::dataLocation):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::executableAddress):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::reset):
-        (JSC::AbstractMacroAssembler::CodeLocationInstruction::repatchLoadToLEA):
-        (JSC::AbstractMacroAssembler::CodeLocationInstruction::CodeLocationInstruction):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForSwitch):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForExceptionHandler):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForJSR):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::operator!):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::reset):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::CodeLocationLabel):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::getJumpDestination):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::CodeLocationJump):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::calleeReturnAddressValue):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
-        (JSC::AbstractMacroAssembler::CodeLocationNearCall::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationNearCall::calleeReturnAddressValue):
-        (JSC::AbstractMacroAssembler::CodeLocationNearCall::CodeLocationNearCall):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::CodeLocationDataLabel32):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkNearCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::addressForLookup):
-        (JSC::AbstractMacroAssembler::trampolineAt):
-        (JSC::AbstractMacroAssembler::PatchBuffer::link):
-        (JSC::AbstractMacroAssembler::PatchBuffer::performFinalization):
-        (JSC::::CodeLocationCommon::instructionAtOffset):
-        (JSC::::CodeLocationCommon::labelAtOffset):
-        (JSC::::CodeLocationCommon::jumpAtOffset):
-        (JSC::::CodeLocationCommon::callAtOffset):
-        (JSC::::CodeLocationCommon::nearCallAtOffset):
-        (JSC::::CodeLocationCommon::dataLabelPtrAtOffset):
-        (JSC::::CodeLocationCommon::dataLabel32AtOffset):
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr):
-        (JSC::FunctionPtr::value):
-        (JSC::FunctionPtr::executableAddress):
-        (JSC::ReturnAddressPtr::ReturnAddressPtr):
-        (JSC::ReturnAddressPtr::value):
-        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
-        (JSC::MacroAssemblerCodePtr::executableAddress):
-        (JSC::MacroAssemblerCodePtr::dataLocation):
-        (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::patchPointerForCall):
-        * jit/JIT.cpp:
-        (JSC::ctiPatchNearCallByReturnAddress):
-        (JSC::ctiPatchCallByReturnAddress):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCode.h:
-        (JSC::JITCode::operator !):
-        (JSC::JITCode::addressForCall):
-        (JSC::JITCode::offsetOf):
-        (JSC::JITCode::execute):
-        (JSC::JITCode::size):
-        (JSC::JITCode::HostFunction):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitNakedCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiArrayLengthTrampoline):
-        (JSC::JITThunks::ctiStringLengthTrampoline):
-        (JSC::JITThunks::ctiVirtualCallPreLink):
-        (JSC::JITThunks::ctiVirtualCallLink):
-        (JSC::JITThunks::ctiVirtualCall):
-        (JSC::JITThunks::ctiNativeCallThunk):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::operator!):
-        (JSC::Yarr::RegexCodeBlock::execute):
-
-2009-06-05  Antti Koivisto  <antti@apple.com>
-
-        Try to unbreak Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-06-03  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Dave Kilzer.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=13128
-        Safari not obeying cache header
-        
-        Export JSC::parseDate()
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-06-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug in property caching of getters and setters.
-
-        Make sure that the transition logic accounts for getters and setters.
-        If we don't we end up screwing up the transition tables so that some
-        transitions will start incorrectly believing that they need to check
-        for getters and setters. 
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        * runtime/JSObject.h:
-        (JSC::):
-        * runtime/Structure.h:
-
-2009-06-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Minor tweak to PatchBuffer, change it so it no longer holds a CodeRef, and instead
-        holds a separate code pointer and executable pool.  Since it now always holds its
-        own copy of the code size, and to simplify the construction sequence, it's neater
-        this way.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::PatchBuffer::PatchBuffer):
-        (JSC::AbstractMacroAssembler::PatchBuffer::finalizeCode):
-        (JSC::AbstractMacroAssembler::PatchBuffer::code):
-        (JSC::AbstractMacroAssembler::PatchBuffer::performFinalization):
-
-2009-06-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Remove 'JIT_STUB_ARGUMENT_STACK' this is unused and untested.
-
-        This just leaves JIT_STUB_ARGUMENT_REGISTER and JIT_STUB_ARGUMENT_VA_LIST.
-        Since JIT_STUB_ARGUMENT_REGISTER is the sensible configuration on most platforms,
-        remove this define and make this the default behaviour.
-        Platforms must now define JIT_STUB_ARGUMENT_VA_LIST to get crazy va_list voodoo,
-        if they so desire.
-
-        (Refactoring of #ifdefs only, no functional change, no performance impact.)
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        * jit/JITStubs.cpp:
-        (JSC::):
-        * jit/JITStubs.h:
-        * wtf/Platform.h:
-
-2009-06-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        * jit/JITArithmetic.cpp:
-            Remove some redundant typedefs, unused since arithmetic was added to the MacroAssembler interface.
-
-2009-06-04  Brent Fulgham  <bfulgham@webkit.org>
-
-        Build fix due to header include problem.
-
-        * interpreter/Interpreter.h: Remove wtf from includes so that
-          compile can find the headers in expected places.
-
-2009-06-04  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        HashTable class (JavaScriptCore/wtf/HashTable.h) doesn't instantiated by 'new', so 
-        inheritance was removed. HashTable struct has been instantiated by operator new in
-        JSGlobalData.cpp:106.
-        HashTable couldn't inherited from FastAllocBase since struct with inheritance is 
-        no longer POD, so HashTable struct has been instantiated by fastNew, destroyed by
-        fastDelete.
-
-        * interpreter/Interpreter.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * wtf/HashTable.h:
-
-2009-06-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Wrap the code that plants pushes/pops planted by JIT in explanatorily named
-        methods; move property storage reallocation into a standard stub function.
-
-        ~No performance impact (possible <1% progression on x86-64, likely just noise).
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-            Wrap calls to push/pop.
-        * jit/JIT.h:
-            Declare the new wrapper methods.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::preverveReturnAddressAfterCall):
-        (JSC::JIT::restoreReturnAddressBeforeReturn):
-            Define the new wrapper methods.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_ret):
-            Wrap calls to push/pop.
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-            Move property storage reallocation into a standard stub function.
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::JITStubs::):
-
-2009-06-04  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Ariya Hidayat.
-
-        [Qt] Single-threaded QtWebKit configuration
-        <https://bugs.webkit.org/show_bug.cgi?id=26015>
-
-        * JavaScriptCore.pri: Use ThreadingNone.cpp instead of
-        ThreadingQt.cpp and make sure ENABLE_JSC_MULTIPLE_THREADS is turned off
-        when ENABLE_SINGLE_THREADED is tuned on
-        * wtf/ThreadingNone.cpp:
-        (WTF::ThreadCondition::wait): Fix compilation warning.
-        (WTF::ThreadCondition::timedWait): Ditto.
-
-2009-06-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Remove workaround that was added to address <rdar://problem/5488678> as it no longer affects our Tiger builds.
-
-        * Configurations/Base.xcconfig:
-
-2009-06-02  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Sam Weinig.
-
-        Use C-style comments in Platform.h so it can be included from C
-        files.
-
-        * wtf/Platform.h:
-
-2009-06-02  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Rubber-stamped by Simon Hausmann.
-
-        Use File::Spec->tmpdir instead of hardcoded paths for tempfile() dir
-        
-        This fixes the Windows-build if the user does not have a /tmp directory.
-
-        * pcre/dftables:
-
-2009-06-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver ">>" Hunt.
-
-        emitSlow_op_rshift is linking the wrong number of slow cases, if !supportsFloatingPoint().
-        Fixerate, and refactor/comment the code a little to make it clearer what is going on.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-
-2009-06-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY - speculative windows build fix (errm, for the other patch!).
-
-        * jit/JITStubs.cpp:
-        (JSC::):
-
-2009-06-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY - speculative windows build fix.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::::CodeLocationCall::CodeLocationCall):
-        (JSC::::CodeLocationNearCall::CodeLocationNearCall):
-
-2009-06-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Olliej Hunt.
-
-        Change JITStub functions from being static members on the JITStub class to be
-        global extern "C" functions, and switch their the function signature declaration
-        in the definition of the functions to be C-macro generated.  This makes it easier
-        to work with the stub functions from assembler code (since the names no longer
-        require mangling), and by delaring the functions with a macro we can look at
-        also auto-generating asm thunks to wrap the JITStub functions to perform the
-        work currently in 'restoreArgumentReference' (as a memory saving).
-
-        Making this change also forces us to be a bit more realistic about what is private
-        on the Register and CallFrame objects.  Presently most everything on these classes
-        is private, and the classes have plenty of friends.  We could befriend all the
-        global functions to perpetuate the delusion of encapsulation, but using friends is
-        a bit of a sledgehammer solution here - since friends can poke around with all of
-        the class's privates, and since all the major classes taht operate on Regsiters are
-        currently friends, right there is currently in practice very little protection at
-        all.  Better to start removing friend delclarations, and exposing just the parts
-        that need to be exposed.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::returnPC):
-        (JSC::ExecState::setCallerFrame):
-        (JSC::ExecState::returnValueRegister):
-        (JSC::ExecState::setArgumentCount):
-        (JSC::ExecState::setCallee):
-        (JSC::ExecState::setCodeBlock):
-        * interpreter/Interpreter.h:
-        * interpreter/Register.h:
-        (JSC::Register::Register):
-        (JSC::Register::i):
-        * jit/JITStubs.cpp:
-        (JSC::):
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::JITStubs::):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::nativeFunction):
-        (JSC::JSFunction::classInfo):
-        * runtime/JSGlobalData.h:
-
-2009-06-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Tidy up the literal parser.
-
-        Make the number lexing in the LiteralParser exactly match the JSON spec, which
-        makes us cover more cases, but also more strict.  Also made string lexing only
-        allow double-quoted strings.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-
-2009-06-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam "WX" Weinig.
-
-        Allow the JIT to operate without relying on use of RWX memory, on platforms where this is supported.
-
-        This patch adds a switch to Platform.h (ENABLE_ASSEMBLER_WX_EXCLUSIVE) which enables this mode of operation.
-        When this flag is set, all executable memory will be allocated RX, and switched to RW only whilst being
-        modified.  Upon completion of code generation the protection is switched back to RX to allow execution.
-
-        Further optimization will be required before it is desirable to enable this mode of operation by default;
-        enabling this presently incurs a 5%-10% regression.
-
-        (Submitting disabled - no performance impact).
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::CodeLocationInstruction::repatchLoadToLEA):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::fromFunctionPointer):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationNearCall::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkNearCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkNearCallerToFunction):
-        (JSC::AbstractMacroAssembler::PatchBuffer::PatchBuffer):
-        (JSC::AbstractMacroAssembler::PatchBuffer::~PatchBuffer):
-        (JSC::AbstractMacroAssembler::PatchBuffer::link):
-        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
-        (JSC::AbstractMacroAssembler::PatchBuffer::performFinalization):
-        (JSC::::CodeLocationCommon::nearCallAtOffset):
-        (JSC::::CodeLocationCall::CodeLocationCall):
-        (JSC::::CodeLocationNearCall::CodeLocationNearCall):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        * assembler/X86Assembler.h:
-        (JSC::CAN_SIGN_EXTEND_U32_64):
-        (JSC::X86Assembler::linkJump):
-        (JSC::X86Assembler::linkCall):
-        (JSC::X86Assembler::patchPointer):
-        (JSC::X86Assembler::relinkJump):
-        (JSC::X86Assembler::relinkCall):
-        (JSC::X86Assembler::repatchInt32):
-        (JSC::X86Assembler::repatchPointer):
-        (JSC::X86Assembler::repatchLoadToLEA):
-        (JSC::X86Assembler::patchInt32):
-        (JSC::X86Assembler::patchRel32):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::):
-        (JSC::ExecutableAllocator::makeWritable):
-        (JSC::ExecutableAllocator::makeExecutable):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        (JSC::ExecutableAllocator::reprotectRegion):
-        * jit/ExecutableAllocatorWin.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        * wtf/Platform.h:
-
-2009-05-29 Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Inherits Interpreter class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/JSGlobalData.cpp. 
-
-        * interpreter/Interpreter.h:
-
-2009-06-01  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (windows build fix).
-
-        Add exports for windows (corresponding to the JavaScriptCore.exp modification
-        in the previous change).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-06-01  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Alder and Maciej Stachowiak.
-
-        Bug 26057: StringImpl should share buffers with UString.
-        https://bugs.webkit.org/show_bug.cgi?id=26057
-
-        * JavaScriptCore.exp:
-        * runtime/UString.cpp:
-        (JSC::UString::Rep::create):
-        (JSC::UString::BaseString::sharedBuffer): Only do the sharing when
-        the buffer exceeds a certain size.  The size was tuned by running
-        various dom benchmarks with numbers ranging from 20 to 800 and finding
-        a place that seemed to do the best overall.
-        * runtime/UString.h:
-
-2009-05-31  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Olliej "you just need to change NativeFunctionWrapper.h" Hunt.
-
-        Add ENABLE_JIT_OPTIMIZE_NATIVE_CALL switch to allow JIT to operate without native call optimizations.
-
-        * runtime/NativeFunctionWrapper.h:
-        * wtf/Platform.h:
-
-2009-05-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/6935193> REGRESSION (r42734): Celtic Kane JavaScript benchmark does not run:
-        "Maximum call stack size exceeded"
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString): Use the same recursion limit as the other recursion checks.
-        We need a limit of at least 100 to run the benchmark above.
-        (JSC::arrayProtoFuncToLocaleString): Ditto.
-        (JSC::arrayProtoFuncJoin): Ditto.
-
-2009-05-28  Dirk Schulze  <krit@webkit.org>
-
-        Reviewed by Nikolas Zimmermann.
-
-        Added new build flag --filters for Mac. More details in WebCore/ChangeLog.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-05-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/6928025> Stack overflow in JSC::stringProtoFuncReplace() running jsFunFuzz
-
-        We should always check for exceptions after creating a CachedCall, this wasn't being done in
-        the string replace logic.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2009-05-27  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Unreviewed (make distcheck) build fix; adding missing headers.
-
-        * GNUmakefile.am:
-
-2009-05-27  Jessie Berlin  <jberlin@apple.com>
-
-        Reviewed by Adam Roben
-        
-        Fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-27  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Gustavo Noronha.
-
-        When building on Windows, consider Windows specific files.
-
-        * GNUmakefile.am:
-
-2009-05-27  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Maciej Stachowiak.
-
-        When building with MinGW, don't use the __declspec(dl{import,export})
-        decorations and rely on the linker to use its nifty auto-import feature.
-        It is extremely hard to get the decorations right with MinGW in general
-        and impossible in WebKit, where the resulting shared library is linking
-        together some static libraries.
-
-        * config.h:
-
-2009-05-26  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Xan Lopez.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25613
-
-        Be able to use GOwnPtr for GHashTable as well. The assumption
-        is that the hash table has been created with g_hash_table_new_full
-        and has proper destruction functions.
-
-        * wtf/GOwnPtr.cpp:
-        (WTF::GHashTable):
-        * wtf/GOwnPtr.h:
-
-2009-05-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/6924033> REGRESSION: Assertion failure due to forward references
-
-        Add a pattern type for forward references to ensure that we don't confuse the
-        quantifier alternatives assertion.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::PatternTerm::):
-        (JSC::Yarr::PatternTerm::PatternTerm):
-        (JSC::Yarr::PatternTerm::ForwardReference):
-
-2009-05-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix for: <rdar://problem/6918095> REGRESSION: jQuery load() issue (25981),
-        and also an ASSERT failure on http://ihasahotdog.com/.
-
-        When overwriting a property on a dictionary with a cached specific value,
-        clear the cache if new value being written is different.
-
-        * JavaScriptCore.exp:
-            Export the new symbols.
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_get_by_id_method_check_second):
-            Close dictionary prototypes upon caching a method access, as would happen when caching
-            a regular get_by_id.
-        * runtime/JSObject.h:
-        (JSC::JSObject::propertyStorage):
-        (JSC::JSObject::locationForOffset):
-            Make these methods private.
-        (JSC::JSObject::putDirectInternal):
-            When overwriting a property on a dictionary with a cached specific value,
-            clear the cache if new value being written is different.
-        * runtime/Structure.cpp:
-        (JSC::Structure::despecifyDictionaryFunction):
-            Reset the specific value field for a given property in a dictionary.
-        (JSC::Structure::despecifyFunctionTransition):
-            Rename of 'changeFunctionTransition' (this was already internally refered to as a despecification).
-        * runtime/Structure.h:
-            Declare new method.
-
-2009-05-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver "pieces of eight" Hunt.
-
-        When reseting RegexPattern class, should fully reset the class, not just bits of it.
-        In particular, we delete the cached character classes (for wordchars, etc), but do
-        not reset the set of pointers to the cached classes.  In the case of a repeated parse
-        due to an illegal back-reference we will continue to use the deleted character class.
-
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::RegexPattern::reset):
-
-2009-05-26  Brent Fulgham  <bfulgham@webkit.org>
-
-        Build fix to correct r44161.
-
-        * wtf/FastAllocBase.h:
-
-2009-05-26  Zoltan Horvath  <horvath.zoltan.6@stud.u-szeged.hu>
-
-        Reviewed by Maciej Stachowiak.
-
-        Inherite HashTable from FastAllocBase, because it has been instantiated by
-        'new' in JavaScriptCore/runtime/JSGlobalData.cpp.
-
-        * wtf/HashTable.h:
-        * wtf/FastAllocBase.h: Remove 'wtf' path from TypeTraits.h to allow use outside of wtf.
-
-2009-05-25  David Levin  <levin@chromium.org>
-
-        Reviewed by Maciej Stachowiak and Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25126
-        Allow the buffer underlying UString to be shared.
-
-        In order to not grow the underlying size of any structure,
-        there is a union in the Rep string which holds
-         + m_sharedBuffer -- a pointer to the shared ref counted buffer
-           if the class is BaseString and the buffer is being shared OR
-         + m_baseString -- the BaseString if the class is only UString::Rep
-           but not a UString::BaseString
-
-        Ideally, m_sharedBuffer would be a RefPtr, but it cannot be because
-        it is in a union.
-
-        No change in sunspider perf.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/UString.cpp:
-        (JSC::UString::Rep::share):
-        (JSC::UString::Rep::destroy):
-        (JSC::UString::BaseString::sharedBuffer):
-        (JSC::UString::BaseString::setSharedBuffer):
-        (JSC::UString::BaseString::slowIsBufferReadOnly):
-        (JSC::expandCapacity):
-        (JSC::UString::Rep::reserveCapacity):
-        (JSC::UString::expandPreCapacity):
-        (JSC::concatenate):
-        (JSC::UString::append):
-        * runtime/UString.h:
-        (JSC::UString::Rep::Rep):
-        (JSC::UString::Rep::):
-        (JSC::UString::BaseString::isShared):
-        (JSC::UString::BaseString::isBufferReadOnly):
-        (JSC::UString::Rep::baseString):
-        * wtf/CrossThreadRefCounted.h:
-        (WTF::CrossThreadRefCounted::isShared):
-        * wtf/OwnFastMallocPtr.h: Added.
-        (WTF::OwnFastMallocPtr::OwnFastMallocPtr):
-        (WTF::OwnFastMallocPtr::~OwnFastMallocPtr):
-        (WTF::OwnFastMallocPtr::get):
-        (WTF::OwnFastMallocPtr::release):
-
-2009-05-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Re-add interpreter logic to jit-enabled builds as GCC mysteriously regresses without it
-
-        * wtf/Platform.h:
-
-2009-05-25  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Maciej Stachowiak.
-
-        The functions written in assembly need to have a leading
-        underscore on Windows too.
-
-        * jit/JITStubs.cpp:
-
-2009-05-24  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix for experimental PGO Windows target.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2009-05-23  David Kilzer  <ddkilzer@apple.com>
-
-        Part 1 of 2: Bug 25495: Implement PassOwnPtr and replace uses of std::auto_ptr
-
-        <https://bugs.webkit.org/show_bug.cgi?id=25495>
-
-        Reviewed by Oliver Hunt.
-
-        * GNUmakefile.am: Added OwnPtrCommon.h and PassOwnPtr.h.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-
-        * wtf/OwnPtr.h:
-        (WTF::OwnPtr::OwnPtr): Added constructors that take a
-        PassOwnPtr.  Also added a copy constructor declaration that's
-        required when assigning a PassOwnPtr to a stack-based OwnPtr.
-        (WTF::operator=): Added assignment operator methods that take a
-        PassOwnPtr.
-        (WTF::swap): Reformatted.
-        (WTF::operator==): Whitespace changes.
-        (WTF::operator!=): Ditto.
-
-        * wtf/OwnPtrCommon.h: Added.
-        (WTF::deleteOwnedPtr):
-
-        * wtf/PassOwnPtr.h: Added.
-        (WTF::PassOwnPtr::PassOwnPtr):
-        (WTF::PassOwnPtr::~PassOwnPtr):
-        (WTF::PassOwnPtr::get):
-        (WTF::PassOwnPtr::clear):
-        (WTF::PassOwnPtr::release):
-        (WTF::PassOwnPtr::operator*):
-        (WTF::PassOwnPtr::operator->):
-        (WTF::PassOwnPtr::operator!):
-        (WTF::PassOwnPtr::operator UnspecifiedBoolType):
-        (WTF::::operator):
-        (WTF::operator==):
-        (WTF::operator!=):
-        (WTF::static_pointer_cast):
-        (WTF::const_pointer_cast):
-        (WTF::getPtr):
-
-2009-05-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Remove interpreter specific logic from the JIT builds.
-
-        This saves ~100k in JSC release builds.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * wtf/Platform.h:
-
-2009-05-22  Mark Rowe  <mrowe@apple.com>
-
-        Part two of an attempted Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-22  Mark Rowe  <mrowe@apple.com>
-
-        Part one of an attempted Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        op_method_check
-
-        Optimize method calls, by caching specific function values within the Structure.
-        The new opcode is used almost like an x86 opcode prefix byte to optimize op_get_by_id,
-        where the property access is being used to read a function to be passed to op-call (i.e.
-        'foo.bar();').  This patch modifies the Structure class such that when a property is
-        put to an object for the first time we will check if the value is a function.  If it is,
-        we will cache the function value on the Structure.  A Structure in such a state guarantees
-        that not only does a property with the given identifier exist on the object, but also that
-        its value is unchanged.  Upon any further attempt to put a property with the same identifier
-        (but a different value) to the object, it will transition back to a normal Structure (where
-        it will guarantee the presence but not the value of the property).
-
-        op_method_check makes use of the new information made available by the Structure, by
-        augmenting the functionality of op_get_by_id.  Upon generating a FunctionCallDotNode a
-        check will be emitted prior to the property access reading the function value, and the JIT
-        will generate an extra (initially unlinked but patchable) set of checks prior to the regular
-        JIT code for get_by_id.  The new code will do inline structure and prototype structure check
-        (unlike a regular get_by_id, which can only handle 'self' accesses inline), and then performs
-        an immediate load of the function value, rather than using memory accesses to load the value
-        from the obejct's property storage array.  If the method check fails it will revert, or if
-        the access is polymorphic, the op_get_by_id will continue to operate - and optimize itself -
-        just as any other regular op_get_by_id would.
-
-        ~2.5% on v8-tests, due to a ~9% progression on richards.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::put):
-        (JSC::::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        * JavaScriptCore.exp:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::differenceBetween):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::moveWithPatch):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::getMethodCallLinkInfoReturnLocation):
-        (JSC::CodeBlock::getMethodCallLinkInfo):
-        (JSC::CodeBlock::addMethodCallLinkInfos):
-        (JSC::CodeBlock::methodCallLinkInfo):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitMethodCheck):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
-        * jit/JITOpcodes.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emitSlow_op_method_check):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::patchMethodCallProto):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_get_by_id_method_check):
-        (JSC::JITStubs::cti_op_get_by_id_method_check_second):
-        * jit/JITStubs.h:
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * parser/Nodes.cpp:
-        (JSC::FunctionCallDotNode::emitBytecode):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::put):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        (JSC::constructError):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::put):
-        (JSC::JSActivation::putWithAttributes):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::putWithAttributes):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::mark):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::methodCallDummy):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::putWithAttributes):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::getPropertyAttributes):
-        (JSC::JSObject::getPropertySpecificFunction):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        * runtime/JSObject.h:
-        (JSC::getJSFunction):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parseObject):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        (JSC::NativeErrorConstructor::construct):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::):
-        (JSC::PutPropertySlot::PutPropertySlot):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::setDespecifyFunctionProperty):
-        (JSC::PutPropertySlot::isCacheable):
-        (JSC::PutPropertySlot::cachedOffset):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changeFunctionTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-        (JSC::Structure::specificFunction):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTableHashTraits::emptyValue):
-        * wtf/Platform.h:
-
-2009-05-22  Brent Fulgham <bfulgham@webkit.org>
-
-        Reviewed by Steve Falkenburg.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25950
-        JavaScriptCore Fails to build on Windows (Cairo) due to CoreFoundation
-        link requirement.
-
-        Modify project to add new Debug_CFLite and Release_CFLite targets.  These
-        use the new JavaScriptCoreCFLite.vsprops to link against CFLite.dll.
-        Existing projects are changed to use the new JavaScriptCoreCF.vsprops
-        to link against CoreFoundation.dll.
-
-        The JavaScriptCoreCommon.vsprops is modified to remove the link
-        against CoreFoundation.dll.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-
-2009-05-22  Dominik Röttsches  <dominik.roettsches@access-company.com>
-
-        Reviewed by Gustavo Noronha.
-
-        https://bugs.webkit.org/show_bug.cgi?id=15914
-        [GTK] Implement Unicode functionality using GLib
-
-        Original patch by Jürg Billeter and Naiem Shaik.
-        Implementing WTF Unicode functionality based on GLib.
-
-        * GNUmakefile.am:
-        * wtf/unicode/Unicode.h:
-        * wtf/unicode/glib: Added.
-        * wtf/unicode/glib/UnicodeGLib.cpp: Added.
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::direction):
-        (WTF::Unicode::umemcasecmp):
-        * wtf/unicode/glib/UnicodeGLib.h: Added.
-        (WTF::Unicode::):
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::isArabicChar):
-        (WTF::Unicode::isFormatChar):
-        (WTF::Unicode::isSeparatorSpace):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::category):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::digitValue):
-        (WTF::Unicode::combiningClass):
-        (WTF::Unicode::decompositionType):
-        * wtf/unicode/glib/UnicodeMacrosFromICU.h: Added.
-
-2009-05-21  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed build fix.
-
-        Add MacroAssemblerCodeRef.h to file list.
-
-        * GNUmakefile.am:
-
-2009-05-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-        Addition of MacroAssemblerCodeRef.h rubber stamped by Geoff Garen.
-
-        Refactor JIT code-handle objects.  The representation of generated code is currently
-        a bit of a mess.  We have a class JITCode which wraps the pointer to a block of
-        generated code, but this object does not reference the executable pool meaning that
-        external events (the pool being derefed) could make the pointer become invalid.
-        To overcome this both the JIT and Yarr implement further (and similar) objects to
-        wrap the code pointer with a RefPtr to the pool.  To add to the mire, as well as the
-        CodeBlock containing a handle onto the code the FunctionBodyNode also contains a
-        copy of the code pointer which is used almost (but not entirely) uniquely to access
-        the JIT code for a function.
-
-        Rationalization of all this:
-
-            * Add a new type 'MacroAssembler::CodeRef' as a handle for a block of JIT generated code.
-            * Change the JIT & Yarr to internally handle code using CodeRefs.
-            * Move the CodeRef (formerly anow defunct JITCodeRef) from CodeBlock to its owner node.
-            * Remove the (now) redundant code pointer from FunctionBodyNode.
-
-        While tidying this up I've made the PatchBuffer return code in new allocations using a CodeRef,
-        and have enforced an interface that the PatchBuffer will always be used, and 'finalizeCode()' or
-        'finalizeCodeAddendum()' will always be called exactly once on the PatchBuffer to complete code generation.
-
-        This gives us a potentially useful hook ('PatchBuffer::performFinalization()') at the end of generation,
-        which may have a number of uses.  It may be helpful should we wish to switch our generation
-        model to allow RW/RX exclusive memory, and it may be useful on non-cache-coherent platforms to
-        give us an oportunity to cache flush as necessary.
-
-        No performance impact.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToTrampoline):
-        (JSC::AbstractMacroAssembler::CodeRef::CodeRef):
-        (JSC::AbstractMacroAssembler::CodeRef::trampolineAt):
-        (JSC::AbstractMacroAssembler::PatchBuffer::PatchBuffer):
-        (JSC::AbstractMacroAssembler::PatchBuffer::~PatchBuffer):
-        (JSC::AbstractMacroAssembler::PatchBuffer::link):
-        (JSC::AbstractMacroAssembler::PatchBuffer::linkTailRecursive):
-        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
-        (JSC::AbstractMacroAssembler::PatchBuffer::complete):
-        (JSC::AbstractMacroAssembler::PatchBuffer::finalize):
-        (JSC::AbstractMacroAssembler::PatchBuffer::entry):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::setJITCode):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getBytecodeIndex):
-        (JSC::CodeBlock::executablePool):
-        * interpreter/CallFrameClosure.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::linkCall):
-        * jit/JIT.h:
-        * jit/JITCode.h:
-        (JSC::JITCode::JITCode):
-        (JSC::JITCode::operator bool):
-        (JSC::JITCode::addressForCall):
-        (JSC::JITCode::offsetOf):
-        (JSC::JITCode::execute):
-        (JSC::JITCode::size):
-        (JSC::JITCode::executablePool):
-        (JSC::JITCode::HostFunction):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
-        (JSC::JITStubs::cti_vm_lazyLinkCall):
-        * parser/Nodes.cpp:
-        (JSC::ProgramNode::generateJITCode):
-        (JSC::EvalNode::generateJITCode):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::createNativeThunk):
-        (JSC::FunctionBodyNode::generateJITCode):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::generatedJITCode):
-        (JSC::ScopeNode::getExecutablePool):
-        (JSC::ScopeNode::setJITCode):
-        (JSC::ProgramNode::jitCode):
-        (JSC::EvalNode::jitCode):
-        (JSC::FunctionBodyNode::jitCode):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::compile):
-        (JSC::Yarr::jitCompileRegex):
-        (JSC::Yarr::executeRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::pcreFallback):
-        (JSC::Yarr::RegexCodeBlock::setFallback):
-        (JSC::Yarr::RegexCodeBlock::operator bool):
-        (JSC::Yarr::RegexCodeBlock::set):
-        (JSC::Yarr::RegexCodeBlock::execute):
-
-2009-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        <rdar://problem/6910264> REGRESSION: Cached DOM global object property access fails in browser (25921)
-        <https://bugs.webkit.org/show_bug.cgi?id=25921>
-
-        When caching properties on the global object we need to ensure that we're
-        not attempting to cache through a shell object.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_resolve_global):
-
-2009-05-21  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-
-2009-05-21  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Bug 25945: Add support for MADV_FREE to TCMalloc
-        <https://bugs.webkit.org/show_bug.cgi?id=25945>
-        <rdar://problem/6910754>
-
-        Add support for MADV_FREE to TCMalloc_SystemRelease for platforms that
-        don't also support MADV_FREE_REUSE. The code is identical to the MADV_DONTNEED
-        case except for the advice passed to madvise(), so combining the two cases
-        makes the most sense.
-
-        * wtf/Platform.h: Only define HAVE_MADV_FREE when not building on Tiger or
-        Leopard, because while it is defined on these platforms it actually does
-        nothing.
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease): use MADV_FREE if it is available; otherwise use
-        MADV_DONTNEED.
-
-2009-05-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix <https://bugs.webkit.org/show_bug.cgi?id=25917> / <rdar://problem/6910066>.
-        Bug 25917: REGRESSION (r43559?): Javascript debugger crashes when pausing page
-
-        The debugger currently retrieves the arguments object from an activation rather than pulling
-        it from a call frame.  This is unreliable to due to the recent optimization to lazily create
-        the arguments object.  In the long-term it should stop doing that (<rdar://problem/6911886>),
-        but for now we force eager creation of the arguments object when debugging.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-
-2009-05-21  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 25912: Harden NumberPrototype.cpp by removing use of strcpy()
-        <https://bugs.webkit.org/show_bug.cgi?id=25912>
-
-        This causes no change on SunSpider.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::integerPartNoExp): replace strcpy() with memcpy(), ASSERT that the
-        temporary buffer has sufficient space to store the result, and move the
-        explicit null-termination closer to the memcpy() for easier visual inspection
-        of the code.
-        (JSC::fractionalPartToString): replace strcpy() with memcpy(), and ASSERT
-        that the temporary buffer has sufficient space to store the result. There
-        is no explicit null-termination because this is done by the caller. The
-        same is already true for exponentialPartToString().
-        (JSC::numberProtoFuncToExponential): replace strcpy() with memcpy(), explicitly
-        null-terminate the result, and ASSERT that the temporary buffer has sufficient
-        space to store the result.
-
-2009-05-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Cleanup the JSGlobalData when exiting early with the usage statement in jsc.
-
-        * jsc.cpp:
-        (printUsageStatement):
-        (parseArguments):
-        (jscmain):
-
-2009-05-20  Stephanie Lewis  <slewis@apple.com>
-
-        Update the order files.  <rdar://problem/6881750> Generate new order files.
-
-        * JavaScriptCore.order:
-
-2009-05-19  Kenneth Rohde Christiansen  <kenneth.christiansen@openbossa.org>
-
-        Reviewed by Simon Hausmann.
-
-        Replace WREC with YARR + YARR_JIT for the Qt port. This is only
-        used when compiled with JIT support for now, so it is a drop-in
-        replacement for the WREC usage. Still including the wrec headers
-        as they are being referred from RegExp.h, though the contents of
-        that header it protected by "#if ENABLE(WREC)".
-
-        * JavaScriptCore.pri:
-
-2009-05-20  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Eric Seidel.
-
-        Fix GTK debug build.
-
-        The function dumpDisjunction, compiled with debug enabled, uses
-        printf, which needs stdio.h to be included.
-
-        * yarr/RegexInterpreter.cpp:
-
-2009-05-20  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by George Staikos.
-
-        BUG 25843: [Qt] Remove qt-port build flag
-        <https://bugs.webkit.org/show_bug.cgi?id=25843>
-
-        * JavaScriptCore.pro:
-
-
-2009-05-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::releaseExcessCapacity): Copy-paste typo.
-
-2009-05-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed <rdar://problem/6885680> CrashTracer: [USER] 1 crash in Install
-        Mac OS X at <unknown binary> • 0x9274241c
-        
-        (Original patch by Joe Sokol and Ronnie Misra.)
-        
-        SunSpider says 1.004x faster.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::releaseExcessCapacity): Instead of doing complicated
-        math that sometimes used to overflow, just release the full range of the
-        register file.
-
-        * interpreter/RegisterFile.h:
-        (JSC::isPageAligned):
-        (JSC::RegisterFile::RegisterFile): Added ASSERTs to verify that it's
-        safe to release the full range of the register file.
-
-        (JSC::RegisterFile::shrink): No need to releaseExcessCapacity() if the
-        new end is not smaller than the old end. (Also, doing so used to cause
-        numeric overflow, unmapping basically the whole process from memory.)
-
-2009-05-19  Oliver Hunt  <oliver@apple.com>
-
-        RS=Mark Rowe.
-
-        <rdar://problem/6888393> REGRESSION: Start Debugging JavaScript crashes browser (nightly builds only?)
-        <https://bugs.webkit.org/show_bug.cgi?id=25717>
-
-        Remove JSC_FAST_CALL as it wasn't gaining us anything, and was
-        resulting in weird bugs in the nightly builds.
-
-        * parser/Nodes.cpp:
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::isNumber):
-        (JSC::ExpressionNode::isString):
-        (JSC::ExpressionNode::isNull):
-        (JSC::ExpressionNode::isPure):
-        (JSC::ExpressionNode::isLocation):
-        (JSC::ExpressionNode::isResolveNode):
-        (JSC::ExpressionNode::isBracketAccessorNode):
-        (JSC::ExpressionNode::isDotAccessorNode):
-        (JSC::ExpressionNode::isFuncExprNode):
-        (JSC::ExpressionNode::isSimpleArray):
-        (JSC::ExpressionNode::isAdd):
-        (JSC::ExpressionNode::resultDescriptor):
-        (JSC::StatementNode::firstLine):
-        (JSC::StatementNode::lastLine):
-        (JSC::StatementNode::isEmptyStatement):
-        (JSC::StatementNode::isReturnNode):
-        (JSC::StatementNode::isExprStatement):
-        (JSC::StatementNode::isBlock):
-        (JSC::NullNode::isNull):
-        (JSC::BooleanNode::isPure):
-        (JSC::NumberNode::value):
-        (JSC::NumberNode::setValue):
-        (JSC::NumberNode::isNumber):
-        (JSC::NumberNode::isPure):
-        (JSC::StringNode::isPure):
-        (JSC::StringNode::isString):
-        (JSC::ResolveNode::identifier):
-        (JSC::ResolveNode::isLocation):
-        (JSC::ResolveNode::isResolveNode):
-        (JSC::BracketAccessorNode::isLocation):
-        (JSC::BracketAccessorNode::isBracketAccessorNode):
-        (JSC::DotAccessorNode::base):
-        (JSC::DotAccessorNode::identifier):
-        (JSC::DotAccessorNode::isLocation):
-        (JSC::DotAccessorNode::isDotAccessorNode):
-        (JSC::TypeOfResolveNode::identifier):
-        (JSC::AddNode::isAdd):
-        (JSC::BlockNode::isBlock):
-        (JSC::EmptyStatementNode::isEmptyStatement):
-        (JSC::ExprStatementNode::isExprStatement):
-        (JSC::ReturnNode::isReturnNode):
-        (JSC::ScopeNode::sourceURL):
-        (JSC::ProgramNode::bytecode):
-        (JSC::EvalNode::bytecode):
-        (JSC::FunctionBodyNode::parameters):
-        (JSC::FunctionBodyNode::toSourceString):
-        (JSC::FunctionBodyNode::bytecode):
-        (JSC::FuncExprNode::isFuncExprNode):
-
-2009-05-19  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        - speed up string comparison, especially for short strings
-        
-        ~1% on SunSpider
-
-        * JavaScriptCore.exp:
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-        (JSC::operator==): Inline UString's operator==, since it is called from
-        hot places in the runtime. Also, specialize 2-char strings in a similar way to
-        1-char, since we're taking the hit of a switch anyway.
-
-2009-05-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        - for polymorphic prototype lookups, increase the number of slots from 4 to 8
-        
-        ~4% faster on v8 raytrace benchmark
-
-        * bytecode/Instruction.h:
-
-2009-05-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        - tighten up the code for the load_varargs stub
-        
-        ~1-2% on v8-raytrace
-        
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_load_varargs): Hoist some loop invariants that
-        the compiler didn't feel like hoisting for us. Remove unneeded exception check.
-
-2009-05-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - Improve code generation for access to prototype properties
-        
-        ~0.4% speedup on SunSpider.
-        
-        Based on a suggestion from Geoff Garen.
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2009-05-18  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Reviewed by Gavin Barraclough.
-
-        Enable YARR, and disable WREC for GTK+.
-
-        * GNUmakefile.am:
-        * yarr/RegexParser.h:
-
-2009-05-18  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-         Reviewed by Xan Lopez.
-
-         [Gtk] Various autotools build refactoring and fixes
-         https://bugs.webkit.org/show_bug.cgi?id=25286
-
-         Add -no-install and -no-fast-install to programs and tests that we
-         don't install. Also remove -O2 since this is already handled at
-         configure time.
-
-         * GNUmakefile.am:
-
-2009-05-17  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed by Xan Lopez.
-
-        [Gtk] Various autotools build refactoring and fixes
-        https://bugs.webkit.org/show_bug.cgi?id=25286
-
-        Add JavaScriptCore/ to JSC include path only since it's not
-        required when building WebCore.
-
-        * GNUmakefile.am:
-
-2009-05-17  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2009-05-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Looking like MSVC doesn't like static variables in inline methods?
-        Make the state of the SSE2 check a static variable on the class
-        MacroAssemblerX86Common as a speculative build fix for Windows.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::convertInt32ToDouble):
-        (JSC::MacroAssemblerX86Common::branchDouble):
-        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerX86Common::isSSE2Present):
-        (JSC::MacroAssemblerX86Common::):
-        * jit/JIT.cpp:
-
-2009-05-15  Adam Roben  <aroben@apple.com>
-
-        Add some assembler headers to JavaScriptCore.vcproj
-
-        This is just a convenience for Windows developers.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2009-05-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add FP support to the MacroAssembler, port JITArithmetic over to make use of this. Also add
-        API to determine whether FP support is available 'MacroAssembler::supportsFloatingPoint()',
-        FP is presently only supported on SSE2 platforms, not x87.  On platforms where a suitable
-        hardware FPU is not available 'supportsFloatingPoint()' may simply return false, and all
-        other methods ASSERT_NOT_REACHED().
-
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::branch32):
-        (JSC::MacroAssemblerX86::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86::supportsFloatingPoint):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::):
-        (JSC::MacroAssemblerX86Common::loadDouble):
-        (JSC::MacroAssemblerX86Common::storeDouble):
-        (JSC::MacroAssemblerX86Common::addDouble):
-        (JSC::MacroAssemblerX86Common::subDouble):
-        (JSC::MacroAssemblerX86Common::mulDouble):
-        (JSC::MacroAssemblerX86Common::convertInt32ToDouble):
-        (JSC::MacroAssemblerX86Common::branchDouble):
-        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerX86Common::branch32):
-        (JSC::MacroAssemblerX86Common::branch16):
-        (JSC::MacroAssemblerX86Common::branchTest32):
-        (JSC::MacroAssemblerX86Common::branchAdd32):
-        (JSC::MacroAssemblerX86Common::branchMul32):
-        (JSC::MacroAssemblerX86Common::branchSub32):
-        (JSC::MacroAssemblerX86Common::set32):
-        (JSC::MacroAssemblerX86Common::setTest32):
-        (JSC::MacroAssemblerX86Common::x86Condition):
-        (JSC::MacroAssemblerX86Common::isSSE2Present):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::movePtrToDouble):
-        (JSC::MacroAssemblerX86_64::moveDoubleToPtr):
-        (JSC::MacroAssemblerX86_64::setPtr):
-        (JSC::MacroAssemblerX86_64::branchPtr):
-        (JSC::MacroAssemblerX86_64::branchTestPtr):
-        (JSC::MacroAssemblerX86_64::branchAddPtr):
-        (JSC::MacroAssemblerX86_64::branchSubPtr):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
-        * assembler/X86Assembler.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2009-05-15  Francisco Tolmasky  <francisco@280north.com>
-
-        BUG 25467: JavaScript debugger should use function.displayName as the function's name in the call stack
-        <https://bugs.webkit.org/show_bug.cgi?id=25467>
-        
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.exp: Added calculatedFunctionName
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Added calculatedFunctionName
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added calculatedFunctionName
-        * debugger/DebuggerCallFrame.cpp: Added calculatedFunctionName to match existing one in ProfileNode.
-        (JSC::DebuggerCallFrame::calculatedFunctionName):
-        * debugger/DebuggerCallFrame.h: Added calculatedFunctionName to match existing one in ProfileNode.
-
-2009-05-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix, not reviewed.
-
-        Quick fixes for JIT builds with OPTIMIZE flags disabled.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compilePutByIdHotPath):
-
-2009-05-14  Steve Falkenburg  <sfalken@apple.com>
-
-        Back out incorrect Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2009-05-14  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2009-05-14  Adam Roben  <aroben@apple.com>
-
-        Windows jsc build fix
-
-        r43648 modified jsc.vcproj's post-build event not to try to copy files
-        that aren't present. Then r43661 mistakenly un-did that modification.
-        This patch restores the modification from r43648, but puts the code in
-        jscCommon.vsprops (where it should have been added in r43648).
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Restored empty
-        VCPostBuildEventTool tags.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Modified the post-build
-        event command line to match the one in jsc.vcproj from r43648.
-
-2009-05-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25325
-
-        Make sure pthread_self() is declared before it gets called in Collector.cpp
-
-        * runtime/Collector.cpp: Include pthread.h in most Unix-like platforms
-        (not just for OPENBSD)
-
-2009-05-14  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix <https://bugs.webkit.org/show_bug.cgi?id=25785>.
-        Bug 25785: Segfault in mark when using JSObjectMakeConstructor
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor): OpaqueJSClass::prototype can return 0.  We need to use the default object prototype when it does.
-        * API/tests/testapi.c:
-        (main): Add a test case.
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirect): Add a clearer assertion for a null value.  The assertion on the next line does catch this,
-        but the cause of the failure is not clear from the assertion itself.
-
-2009-05-14  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Darin Adler.
-
-        <rdar://problem/6681868> When building with Xcode 3.1.3 should be using gcc 4.2
-
-        The meaning of XCODE_VERSION_ACTUAL is more sensible in newer versions of Xcode.
-        Update our logic to select the compiler version to use the more appropriate XCODE_VERSION_MINOR
-        if the version of Xcode supports it, and fall back to XCODE_VERSION_ACTUAL if not.
-
-        * Configurations/Base.xcconfig:
-
-2009-05-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Checking register file bounds should be a ptr comparison (m_end is a Register*).
-        Also, the compare should be unsigned, pointers don'ts go negative.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2009-05-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix <rdar://problem/6882919> REGRESSION: page at Metroauto site crashes in cti_op_loop_if_less (25730)
-
-        op_loop_if_less (imm < op) was loading op into regT1, but in the slow path spills regT0.
-        This leads to bad happen.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emitSlow_op_loop_if_less):
-
-2009-05-13  Dmitry Titov  <dimich@chromium.org>
-
-        Rubber-stamped by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25746
-        Revert http://trac.webkit.org/changeset/43507 which caused crash in PPC nightlies with Safari 4.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingThread::start):
-        (JSC::SamplingThread::stop):
-        * bytecode/SamplingTool.h:
-        * wtf/CrossThreadRefCounted.h:
-        (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
-        (WTF::::ref):
-        (WTF::::deref):
-        * wtf/Threading.h:
-        * wtf/ThreadingNone.cpp:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-        (WTF::threadMap):
-        (WTF::identifierByPthreadHandle):
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::pthreadHandleForIdentifier):
-        (WTF::clearPthreadHandleForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-        (WTF::currentThread):
-        * wtf/ThreadingWin.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-        (WTF::threadMap):
-        (WTF::storeThreadHandleByIdentifier):
-        (WTF::threadHandleForIdentifier):
-        (WTF::clearThreadHandleForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-        (WTF::currentThread):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-        (WTF::threadMap):
-        (WTF::identifierByGthreadHandle):
-        (WTF::establishIdentifierForThread):
-        (WTF::threadForIdentifier):
-        (WTF::clearThreadForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::threadMapMutex):
-        (WTF::threadMap):
-        (WTF::identifierByQthreadHandle):
-        (WTF::establishIdentifierForThread):
-        (WTF::clearThreadForIdentifier):
-        (WTF::threadForIdentifier):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-
-2009-05-13  Darin Adler  <darin@apple.com>
-
-        Revert the parser arena change. It was a slowdown, not a speedup.
-        Better luck next time (I'll break it up into pieces).
-
-2009-05-13  Darin Adler  <darin@apple.com>
-
-        Tiger build fix.
-
-        * parser/Grammar.y: Add back empty code blocks, needed by older
-        versions of bison on certain rules.
-
-2009-05-13  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2009-05-13  Adam Roben  <aroben@apple.com>
-
-        Windows build fixes after r43642
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        Updated.
-
-        * debugger/Debugger.cpp:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/JSArray.cpp:
-        * runtime/RegExp.cpp:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/StringPrototype.cpp:
-        Added missing #includes.
-
-2009-05-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 25674: syntax tree nodes should use arena allocation
-        https://bugs.webkit.org/show_bug.cgi?id=25674
-
-        Step 3: Add some actual arena allocation. About 1% SunSpider speedup.
-
-        * JavaScriptCore.exp: Updated.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Updated since VarStack
-        contains const Identifier* now.
-        (JSC::BytecodeGenerator::emitPushNewScope): Updated to take a const
-        Identifier&.
-        * bytecompiler/BytecodeGenerator.h: Ditto
-
-        * bytecompiler/SegmentedVector.h: Added isEmpty.
-
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions): Moved this function here from
-        WebCore so WebCore doesn't need the details of FunctionBodyNode.
-        * debugger/Debugger.h: Ditto.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute): Updated since VarStack contains const
-        Identifier* now.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_vm_lazyLinkCall): Call isHostFunction on the body
-        rather than on the function object, since we can't easily have inlined
-        access to the FunctionBodyNode in JSFunction.h since WebCore needs
-        access to that header.
-        (JSC::JITStubs::cti_op_construct_JSConstruct): Ditto.
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier): Ditto.
-
-        * parser/Grammar.y: Use JSGlobalData* to pass the global data pointer
-        around whenever possible instead of using void*. Changed
-        SET_EXCEPTION_LOCATION from a macro to an inline function. Marked
-        the structure-creating functions inline. Changed the VarStack to use
-        identifier pointers instead of actual identifiers. This takes
-        advantage of the fact that all identifier pointers come from the
-        arena and avoids reference count churn. Changed Identifier* to
-        const Identifier* to make sure we don't modify any by accident.
-        Used identifiers for regular expression strings too, using the new
-        scanRegExp that has out parameters instead of the old one that relied
-        on side effects in the Lexer. Move the creation of numeric identifiers
-        out of this file and into the PropertyNode constructor.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode): Pass in ParserArena, used for identifiers.
-        (JSC::Lexer::makeIdentifier): Changed return type to const Identifier*
-        and changed to call ParserArena.
-        (JSC::Lexer::scanRegExp): Added out arguments that are const Identifier*
-        as well as a prefix character argument so we can handle the /= case
-        without a string append.
-        (JSC::Lexer::skipRegExp): Added. Skips a regular expression without
-        allocating Identifier objects.
-        (JSC::Lexer::clear): Removed the code to manage m_identifiers, m_pattern,
-        and m_flags, and added code to set m_arena to 0.
-        * parser/Lexer.h: Updated for changes above.
-
-        * parser/NodeConstructors.h:
-        (JSC::ParserArenaFreeable::operator new): Added. Calls allocateFreeable
-        on the arena.
-        (JSC::ParserArenaDeletable::operator new): Changed to call the
-        allocateDeletable function on the arena instead of deleteWithArena.
-        (JSC::RegExpNode::RegExpNode): Changed arguments to Identifier instead
-        of UString since these come from the parser which makes identifiers.
-        (JSC::PropertyNode::PropertyNode): Added new constructor that makes
-        numeric identifiers. Some day we might want to optimize this for
-        integers so it doesn't create a string for each one.
-        (JSC::ContinueNode::ContinueNode): Initialize m_ident to nullIdentifier
-        since it's now a const Identifier& so it can't be left uninitialized.
-        (JSC::BreakNode::BreakNode): Ditto.
-        (JSC::CaseClauseNode::CaseClauseNode): Updated to use SourceElements*
-        to keep track of the statements rather than a separate statement vector.
-        (JSC::BlockNode::BlockNode): Ditto.
-        (JSC::ForInNode::ForInNode): Initialize m_ident to nullIdentifier.
-
-        * parser/Nodes.cpp: Moved the comment explaining emitBytecode in here.
-        It seemed strangely out of place in the header.
-        (JSC::ThrowableExpressionData::emitThrowError): Added an overload for
-        UString as well as Identifier.
-        (JSC::SourceElements::singleStatement): Added.
-        (JSC::SourceElements::lastStatement): Added.
-        (JSC::RegExpNode::emitBytecode): Updated since the pattern and flags
-        are now Identifier instead of UString. Also changed the throwError code
-        to use the substitution mechanism instead of doing a string append.
-        (JSC::SourceElements::emitBytecode): Added. Replaces the old
-        statementListEmitCode function, since we now keep the SourceElements
-        objects around.
-        (JSC::BlockNode::lastStatement): Added.
-        (JSC::BlockNode::emitBytecode): Changed to use emitBytecode instead of
-        statementListEmitCode.
-        (JSC::CaseClauseNode::emitBytecode): Added.
-        (JSC::CaseBlockNode::emitBytecodeForBlock): Changed to use emitBytecode
-        instead of statementListEmitCode.
-        (JSC::ScopeNodeData::ScopeNodeData): Changed to store the
-        SourceElements* instead of using releaseContentsIntoVector.
-        (JSC::ScopeNode::emitStatementsBytecode): Added.
-        (JSC::ScopeNode::singleStatement): Added.
-        (JSC::ProgramNode::emitBytecode): Call emitStatementsBytecode instead
-        of statementListEmitCode.
-        (JSC::EvalNode::emitBytecode): Ditto.
-        (JSC::EvalNode::generateBytecode): Removed code to clear the children
-        vector. This optimization is no longer possible since everything is in
-        a single arena.
-        (JSC::FunctionBodyNode::emitBytecode): Call emitStatementsBytecode
-        insetad of statementListEmitCode and check for the return node using
-        the new functions.
-
-        * parser/Nodes.h: Changed VarStack to store const Identifier* instead
-        of Identifier and rely on the arena to control lifetime. Added a new
-        ParserArenaFreeable class. Made ParserArenaDeletable inherit from
-        FastAllocBase instead of having its own operator new. Base the Node
-        class on ParserArenaFreeable. Changed the various Node classes
-        to use const Identifier& instead of Identifier to avoid the need to
-        call their destructors and allow them to function as "freeable" in the
-        arena. Removed extraneous JSC_FAST_CALL on definitions of inline functions.
-        Changed ElementNode, PropertyNode, ArgumentsNode, ParameterNode,
-        CaseClauseNode, ClauseListNode, and CaseBlockNode to use ParserArenaFreeable
-        as a base class since they do not descend from Node. Eliminated the
-        StatementVector type and instead have various classes use SourceElements*
-        instead of StatementVector. This prevents those classes from having th
-        use ParserArenaDeletable to make sure the vector destructor is called.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::parse): Pass the arena to the lexer.
-
-        * parser/Parser.h: Added an include of ParserArena.h, which is no longer
-        included by Nodes.h.
-
-        * parser/ParserArena.cpp:
-        (JSC::ParserArena::ParserArena): Added. Initializes the new members,
-        m_freeableMemory, m_freeablePoolEnd, and m_identifiers.
-        (JSC::ParserArena::freeablePool): Added. Computes the pool pointer,
-        since we store only the current pointer and the end of pool pointer.
-        (JSC::ParserArena::deallocateObjects): Added. Contains the common
-        memory-deallocation logic used by both the destructor and the
-        reset function.
-        (JSC::ParserArena::~ParserArena): Changed to call deallocateObjects.
-        (JSC::ParserArena::reset): Ditto. Also added code to zero out the
-        new structures, and switched to use clear() instead of shrink(0) since
-        we don't really reuse arenas.
-        (JSC::ParserArena::makeNumericIdentifier): Added.
-        (JSC::ParserArena::allocateFreeablePool): Added. Used when the pool
-        is empty.
-        (JSC::ParserArena::isEmpty): Added. No longer inline, which is fine
-        since this is used only for assertions at the moment.
-
-        * parser/ParserArena.h: Added an actual arena of "freeable" objects,
-        ones that don't need destructors to be called. Also added the segmented
-        vector of identifiers that used to be in the Lexer.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::extractFunctionBody): Use singleStatement function rather than
-        getting at a StatementVector.
-
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString): Call isHostFunction on the body
-        rather than the function object.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction): Moved the structure version of this in
-        here from the header. It's not hot enough that it needs to be inlined.
-        (JSC::JSFunction::isHostFunction): Moved this in here from the header.
-        It's now a helper to be used only within the class.
-        (JSC::JSFunction::setBody): Moved this in here. It's not hot enough that
-        it needs to be inlined, and we want to be able to compile the header
-        without the definition of FunctionBodyNode.
-
-        * runtime/JSFunction.h: Eliminated the include of "Nodes.h". This was
-        exposing too much JavaScriptCore dependency to WebCore. Because of this
-        change and some changes made to WebCore, we could now export a lot fewer
-        headers from JavaScriptCore, but I have not done that yet in this check-in.
-        Made a couple functions non-inline. Removes some isHostFunction() assertions.
-        
-        * wtf/FastAllocBase.h: Added the conventional using statements we use in
-        WTF so we can use identifiers from the WTF namespace without explicit
-        namespace qualification or namespace directive. This is the usual WTF style,
-        although it's unconventional in the C++ world. We use the namespace primarily
-        for link-time disambiguation, not compile-time.
-
-        * wtf/FastMalloc.cpp: Fixed an incorrect comment.
-
-2009-05-13  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed build fix: add JITStubCall.h to files list.
-
-        * GNUmakefile.am:
-
-2009-05-13  Ariya Hidayat  <ariya.hidayat@nokia.com>
-
-        Unreviewed build fix, as suggested by Yael Aharon <yael.aharon@nokia.com>.
-
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::waitForThreadCompletion): renamed IsValid to isValid.
-
-2009-05-13  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Revert r43562 - [Gtk] WTF_USE_JSC is already defined in
-        WebCore/config.h.
-
-        * wtf/Platform.h:
-
-2009-05-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add SamplingCounter tool to provide a simple mechanism for counting events in JSC
-        (enabled using ENABLE(SAMPLING_COUNTERS)).  To count events within a single function
-        use the class 'SamplingCounter', where the counter may be incremented from multiple
-        functions 'GlobalSamplingCounter' may be convenient; all other counters (stack or
-        heap allocated, rather than statically declared) should use the DeletableSamplingCounter.
-        Further description of these classes is provided alongside their definition in 
-        SamplingTool.h.
-
-        Counters may be incremented from c++ by calling the 'count()' method on the counter,
-        or may be incremented by JIT code by using the 'emitCount()' method within the JIT.
-
-        This patch also fixes CODEBLOCK_SAMPLING, which was missing a null pointer check.
-
-        * JavaScriptCore.exp:
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::addWithCarry32):
-        (JSC::MacroAssemblerX86::and32):
-        (JSC::MacroAssemblerX86::or32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::and32):
-        (JSC::MacroAssemblerX86Common::or32):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::and32):
-        (JSC::MacroAssemblerX86_64::or32):
-        (JSC::MacroAssemblerX86_64::addPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::adcl_im):
-        (JSC::X86Assembler::addq_im):
-        (JSC::X86Assembler::andl_im):
-        (JSC::X86Assembler::orl_im):
-        * bytecode/SamplingTool.cpp:
-        (JSC::AbstractSamplingCounter::dump):
-        * bytecode/SamplingTool.h:
-        (JSC::AbstractSamplingCounter::count):
-        (JSC::GlobalSamplingCounter::name):
-        (JSC::SamplingCounter::SamplingCounter):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::setSamplingFlag):
-        (JSC::JIT::clearSamplingFlag):
-        (JSC::JIT::emitCount):
-        * jsc.cpp:
-        (runWithScripts):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        * wtf/Platform.h:
-
-2009-05-13  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-
-2009-05-12  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-
-2009-05-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/6881457> Crash occurs at JSC::Interpreter::execute() when loading http://www.sears.com
-
-        We created the arguments objects before an op_push_scope but not
-        before op_push_new_scope, this meant a null arguments object could
-        be resolved inside catch blocks.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitPushNewScope):
-
-2009-05-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/6879881> Crash occurs at JSC::JSActivation::mark() when loading http://www.monster.com; http://www.cnet.com
-        <https://bugs.webkit.org/show_bug.cgi?id=25736> Crash loading www.google.dk/ig (and other igoogle's as well)
-
-        Following on from the lazy arguments creation patch, it's now
-        possible for an activation to to have a null register in the callframe
-        so we can't just blindly mark the local registers in an activation,
-        and must null check first instead.
-
-        * API/tests/testapi.c:
-        (functionGC):
-        * API/tests/testapi.js:
-        (bludgeonArguments.return.g):
-        (bludgeonArguments):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::mark):
-
-2009-05-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoff Garen.
-
-        WTF_USE_CTI_REPATCH_PIC is no longer used, remove.
-
-        * jit/JIT.h:
-        * jit/JITStubCall.h:
-
-2009-05-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        We've run into some problems where changing the size of the class JIT leads to
-        performance fluctuations.  Try forcing alignment in an attempt to stabalize this.
-
-        * jit/JIT.h:
-
-2009-05-12  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Add ParserArena.cpp to the build.
-
-        * JavaScriptCoreSources.bkl:
-
-2009-05-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Unsigned underflow on 64bit cannot be treated as a negative number
-
-        This code included some placeswhere we deliberately create negative offsets
-        from unsigned values, on 32bit this is "safe", but in 64bit builds much
-        badness occurs. Solution is to use signed types as nature intended.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_load_varargs):
-
-2009-05-12  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed by Holger Freyther.
-
-        [Gtk] Various autotools build refactoring and fixes
-        https://bugs.webkit.org/show_bug.cgi?id=25286
-
-        Define WTF_USE_JSC for the Gtk port.
-
-        * wtf/Platform.h:
-
-2009-05-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        - allow all of strictEqual to be inlined into cti_op_stricteq once again
-        
-        We had this optimization once but accidentally lost it at some point.
-
-        * runtime/Operations.h:
-        (JSC::JSValue::strictEqualSlowCaseInline):
-        (JSC::JSValue::strictEqual):
-
-2009-05-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        instanceof should throw if the constructor being tested does not implement
-        'HasInstance" (i.e. is a function).  Instead we were returning false.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::isInvalidParamForIn):
-        (JSC::isInvalidParamForInstanceOf):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_instanceof):
-        * tests/mozilla/ecma_2/instanceof/instanceof-003.js:
-            Fix broken test case.
-        * tests/mozilla/ecma_2/instanceof/regress-7635.js:
-            Remove broken test case (was an exact duplicate of a test in instanceof-003.js).
-
-2009-05-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improve function call forwarding performance
-
-        Make creation of the Arguments object occur lazily, so it
-        is not necessarily created for every function that references
-        it.  Then add logic to Function.apply to allow it to avoid
-        allocating the Arguments object at all.  Helps a lot with
-        the function forwarding/binding logic in jQuery, Prototype,
-        and numerous other JS libraries.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::registerFor):
-        (JSC::BytecodeGenerator::willResolveToArguments):
-        (JSC::BytecodeGenerator::uncheckedRegisterForArguments):
-        (JSC::BytecodeGenerator::createArgumentsIfNecessary):
-        (JSC::BytecodeGenerator::emitCallEval):
-        (JSC::BytecodeGenerator::emitPushScope):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_init_arguments):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_tear_off_arguments):
-        (JSC::JITStubs::cti_op_load_varargs):
-        * parser/Nodes.cpp:
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-
-2009-05-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Enable use of SamplingFlags directly from JIT code.
-
-        * bytecode/SamplingTool.h:
-        * jit/JIT.h:
-        (JSC::JIT::sampleCodeBlock):
-        (JSC::JIT::sampleInstruction):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::setSamplingFlag):
-        (JSC::JIT::clearSamplingFlag):
-
-2009-05-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Implement JIT generation for instanceof for non-objects (always returns false).
-        Also fixes the sequencing of the prototype and value isObject checks, to no match the spec.
-
-        0.5% progression on v8 tests overall, due to 3.5% on early-boyer.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::hasInstance):
-        * runtime/TypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-
-2009-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        A little more JIT refactoring.
-        
-        Rearranged code to more clearly indicate what's conditionally compiled
-        and why. Now, all shared code is at the top of our JIT files, and all
-        #if'd code is at the bottom. #if'd code is delineated by large comments.
-        
-        Moved functions that relate to the JIT but don't explicitly do codegen
-        into JIT.cpp. Refactored SSE2 check to store its result as a data member
-        in the JIT.
-
-        * jit/JIT.cpp:
-        (JSC::isSSE2Present):
-        (JSC::JIT::JIT):
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::linkCall):
-        * jit/JIT.h:
-        (JSC::JIT::isSSE2Present):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-
-2009-05-11  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Build fix.
-
-        * JavaScriptCore.pri: Build the new JITOpcodes.cpp
-
-2009-05-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        More re-factoring of JIT code generation.  Use a macro to
-        forward the main switch-statement cases to the helper functions.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-
-2009-05-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        More re-factoring of JIT code generation to move opcode generation
-        to helper functions outside the main switch-statement and gave those
-        helper functions standardized names. This patch covers the remaining
-        slow cases.
-
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-
-2009-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * GNUmakefile.am: Added JITOpcodes.cpp and JITStubCall.h to the project.
-
-2009-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
-        JITOpcodes.cpp and JITStubCall.h to the project.
-
-2009-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Some JIT refactoring.
-        
-        Moved JITStubCall* into its own header.
-        
-        Modified JITStubCall to ASSERT that its return value is handled correctly.
-        Also, replaced function template with explicit instantiations to resolve
-        some confusion.
-        
-        Replaced all uses of emit{Get,Put}CTIArgument with explicit peeks, pokes,
-        and calls to killLastResultRegister().
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        * jit/JITCall.cpp:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITStubCall.h: Copied from jit/JIT.h.
-        (JSC::JITStubCall::JITStubCall):
-        (JSC::JITStubCall::addArgument):
-        (JSC::JITStubCall::call):
-        (JSC::JITStubCall::):
-
-2009-05-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Start re-factoring JIT code generation to move opcode generation
-        to helper functions outside the main switch-statement and gave those
-        helper functions standardized names.  This patch only covers the main
-        pass and all the arithmetic opcodes in the slow path.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        * jit/JITOpcodes.cpp: Copied from jit/JIT.cpp.
-        * jit/JITPropertyAccess.cpp:
-
-2009-05-11  Steve Falkenburg  <sfalken@apple.com>
-
-        Re-add experimental PGO configs.
-        
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2009-05-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey "1" Garen.
-
-        Rip out the !USE(CTI_REPATCH_PIC) code.  It was untested and unused.
-
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compileCTIMachineTrampolines):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::tryCachePutByID):
-        (JSC::JITStubs::tryCacheGetByID):
-
-2009-05-11  Dmitry Titov  <dimich@chromium.org>
-
-        GTK build fix - the deprecated waitForThreadCompletion is not needed on GTK.
-
-        * wtf/ThreadingPthreads.cpp: used #ifdef PLATFORM(DARWIN) around waitForThreadCompletion().
-
-2009-05-11  Adam Roben  <aroben@apple.com>
-
-        Build fix for newer versions of GCC
-
-        * wtf/ThreadingPthreads.cpp: Added a declaration of
-        waitForThreadCompletion before its definition to silence a warning.
-
-2009-05-11  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Alexey Proskuryakov and Adam Roben.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25348
-        Change WTF::ThreadIdentifier to be an actual (but wrapped) thread id, remove ThreadMap.
-
-        * wtf/Threading.h:
-        (WTF::ThreadIdentifier::ThreadIdentifier):
-        (WTF::ThreadIdentifier::isValid):
-        (WTF::ThreadIdentifier::invalidate):
-        (WTF::ThreadIdentifier::platformId):
-        ThreadIdentifier is now a class, containing a PlatformThreadIdentifier and
-        methods that are used across the code on thread ids: construction, comparisons,
-        check for 'valid' state etc. '0' is used as invalid id, which happens to just work
-        with all platform-specific thread id implementations.
-
-        All the following files repeatedly reflect the new ThreadIdentifier for each platform.
-        We remove ThreadMap and threadMapMutex from all of them, remove the functions that
-        populated/searched/cleared the map and add platform-specific comparison operators
-        for ThreadIdentifier.
-
-        There are specific temporary workarounds for Safari 4 beta on OSX and Win32 since the
-        public build uses WTF threading functions with old type of ThreadingIdentifier.
-        The next time Safari 4 is rebuilt, it will 'automatically' pick up the new type and new
-        functions so the deprecated ones can be removed.
-
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-
-        * wtf/ThreadingNone.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-        (WTF::currentThread):
-        (WTF::waitForThreadCompletion): This is a workaround for Safari 4 beta on Mac.
-        Safari 4 is linked against old definition of ThreadIdentifier so it treats it as uint32_t.
-        This 'old' variant of waitForThreadCompletion takes uint32_t and has the old decorated name, so Safari can
-        load it from JavaScriptCore library. The other functions (CurrentThread() etc) happen to match their previous
-        decorated names and, while they return pthread_t now, it is a pointer which round-trips through a uint32_t.
-        This function will be removed as soon as Safari 4 will release next public build.
-
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal): All the platforms (except Windows) used a sequential
-        counter as a thread ID and mapped it into platform ID. Windows was using native thread
-        id and mapped it into thread handle. Since we can always obtain a thread handle
-        by thread id, createThread now closes the handle.
-        (WTF::waitForThreadCompletion): obtains another one using OpenThread(id) API. If can not obtain a handle,
-        it means the thread already exited.
-        (WTF::detachThread):
-        (WTF::currentThread):
-        (WTF::detachThreadDeprecated): old function, renamed (for Win Safari 4 beta which uses it for now).
-        (WTF::waitForThreadCompletionDeprecated): same.
-        (WTF::currentThreadDeprecated): same.
-        (WTF::createThreadDeprecated): same.
-
-        * bytecode/SamplingTool.h:
-        * bytecode/SamplingTool.cpp: Use DEFINE_STATIC_LOCAL for a static ThreadIdentifier variable, to avoid static constructor.
-
-        * JavaScriptCore.exp: export lists - updated decorated names of the WTF threading functions
-        since they now take a different type as a parameter.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: ditto for Windows, plus added "deprecated" functions
-        that take old parameter type - turns out public beta of Safari 4 uses those, so they need to be kept along for a while.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: ditto.
-
-2009-05-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 25560: REGRESSION (r34821): "string value".__proto__ gets the wrong object.
-        https://bugs.webkit.org/show_bug.cgi?id=25560
-        rdar://problem/6861069
-
-        I missed this case back a year ago when I sped up handling
-        of JavaScript wrappers. Easy to fix.
-
-        * runtime/JSObject.h:
-        (JSC::JSValue::get): Return the prototype itself if the property name
-        is __proto__.
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot): Ditto.
-
-2009-05-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Rename emitGetFromCallFrameHeader to emitGetFromCallFrameHeaderPtr
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetFromCallFrameHeaderPtr):
-        (JSC::JIT::emitGetFromCallFrameHeader32):
-
-2009-05-11  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Unreviewed build fix. Build ParserAreana.cpp for Qt
-
-        * JavaScriptCore.pri:
-
-2009-05-11  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24536
-
-        Symbian compilers cannot resolve WTF::PassRefPtr<JSC::Profile>
-        unless Profile.h is included.
-
-        * profiler/ProfileGenerator.h:
-
-2009-05-11  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Holger Freyther.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24284
-
-        * JavaScriptCore.pri: coding style modified
-        * jsc.pro: duplicated values removed from INCLUDEPATH, DEFINES
-
-2009-05-11  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Reviewed by NOBODY (build fix).
-
-        Also add ParserArena, in addition to AllInOne, for release builds,
-        since adding it to AllInOne breaks Mac.
-
-        * GNUmakefile.am:
-
-2009-05-11  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Unreviewed build fix. Adding ParserArena to the autotools build.
-
-        * GNUmakefile.am:
-
-2009-05-11  Adam Roben  <aroben@apple.com>
-
-        More Windows build fixes after r43479
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        Export ParserArena::reset.
-
-2009-05-11  Adam Roben  <aroben@apple.com>
-
-        Windows build fixes after r43479
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added
-        ParserArena to the project.
-
-        * parser/NodeConstructors.h: Added a missing include.
-        (JSC::ParserArenaDeletable::operator new): Marked these as inline.
-
-2009-05-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff Garen.
-        
-        - fixed REGRESSION(r43432): Many JavaScriptCore tests crash in 64-bit
-        https://bugs.webkit.org/show_bug.cgi?id=25680
-
-        Accound for the 64-bit instruction prefix when rewriting mov to lea on 64-bit.
-        
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-
-2009-05-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 25674: syntax tree nodes should use arena allocation
-        https://bugs.webkit.org/show_bug.cgi?id=25674
-
-        Part two: Remove reference counting from most nodes.
-
-        * JavaScriptCore.exp: Updated.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added ParserArena.h and .cpp.
-
-        * parser/Grammar.y: Replaced uses of ParserRefCountedData with uses of
-        ParserArenaData. Took out now-nonfunctional code that tries to manually
-        release declaration list. Changed the new calls that create FuncDeclNode
-        and FuncExprNode so that they use the proper version of operator new for
-        the reference-counted idiom, not the deletion idiom.
-
-        * parser/NodeConstructors.h:
-        (JSC::ParserArenaDeletable::operator new): Added.
-        (JSC::ParserArenaRefCounted::ParserArenaRefCounted): Added.
-        (JSC::Node::Node): Removed ParserRefCounted initializer.
-        (JSC::ElementNode::ElementNode): Ditto.
-        (JSC::PropertyNode::PropertyNode): Ditto.
-        (JSC::ArgumentsNode::ArgumentsNode): Ditto.
-        (JSC::SourceElements::SourceElements): Ditto.
-        (JSC::ParameterNode::ParameterNode): Ditto.
-        (JSC::FuncExprNode::FuncExprNode): Added ParserArenaRefCounted initializer.
-        (JSC::FuncDeclNode::FuncDeclNode): Ditto.
-        (JSC::CaseClauseNode::CaseClauseNode): Removed ParserRefCounted initializer.
-        (JSC::ClauseListNode::ClauseListNode): Ditto.
-        (JSC::CaseBlockNode::CaseBlockNode): Ditto.
-
-        * parser/NodeInfo.h: Replaced uses of ParserRefCountedData with uses of
-        ParserArenaData.
-
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode): Added ParserArenaRefCounted initializer.
-        (JSC::ProgramNode::create): Use the proper version of operator new for
-        the reference-counted idiom, not the deletion idiom. Use the arena
-        contains function instead of the vecctor find function.
-        (JSC::EvalNode::create): Use the proper version of operator new for
-        the reference-counted idiom, not the deletion idiom. Use the arena
-        reset function instead of the vector shrink function.
-        (JSC::FunctionBodyNode::createNativeThunk): Use the proper version
-        of operator new for the reference-counted idiom, not the deletion idiom.
-        (JSC::FunctionBodyNode::create): More of the same.
-
-        * parser/Nodes.h: Added ParserArenaDeletable and ParserArenaRefCounted
-        to replace ParserRefCounted. Fixed inheritance so only the classes that
-        need reference counting inherit from ParserArenaRefCounted.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::parse): Set m_sourceElements to 0 since it now starts
-        uninitialized. Just set it to 0 again in the failure case, since it's
-        now just a raw pointer, not an owning one.
-        (JSC::Parser::reparseInPlace): Removed now-unneeded get() function.
-        (JSC::Parser::didFinishParsing): Replaced uses of ParserRefCountedData
-        with uses of ParserArenaData.
-
-        * parser/Parser.h: Less RefPtr, more arena.
-
-        * parser/ParserArena.cpp: Added.
-        * parser/ParserArena.h: Added.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData): Removed arena-related code, since it's
-        now in the Parser.
-        (JSC::JSGlobalData::createLeaked): Removed unneeded #ifndef.
-        (JSC::JSGlobalData::createNativeThunk): Tweaked #if a bit.
-
-        * runtime/JSGlobalData.h: Removed parserArena, which is now in Parser.
-
-        * wtf/RefCounted.h: Added deletionHasBegun function, for use in
-        assertions to catch deletion not done by the deref function.
-
-2009-05-10  David Kilzer  <ddkilzer@apple.com>
-
-        Part 2: Try to fix the Windows build by adding a symbol which is really just a re-mangling of a changed method signature
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-10  David Kilzer  <ddkilzer@apple.com>
-
-        Try to fix the Windows build by removing an unknown symbol
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-10  David Kilzer  <ddkilzer@apple.com>
-
-        Touch Nodes.cpp to try to fix Windows build
-
-        * parser/Nodes.cpp: Removed whitespace.
-
-2009-05-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Quick fix for failures seen on buildbot. Maciej plans a better fix later.
-
-        * wtf/dtoa.cpp: Change the hardcoded number of 32-bit words in a BigInt
-        from 32 to 64. Parsing "1e500", for example, requires more than 32 words.
-
-2009-05-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 25674: syntax tree nodes should use arena allocation
-        Part one: Change lifetimes so we won't have to use reference
-        counting so much, but don't eliminate the reference counts
-        entirely yet.
-
-        * JavaScriptCore.exp: Updated.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Update for use of raw pointers
-        instead of RefPtr.
-        (JSC::BytecodeGenerator::emitCall): Ditto.
-        (JSC::BytecodeGenerator::emitConstruct): Ditto.
-
-        * parser/Grammar.y: Update node creating code to use new (JSGlobalData*)
-        instead of the plain new. At the moment this is just a hook for future
-        arena allocation; it's inline and JSGlobalData* is not used.
-
-        * parser/NodeConstructors.h: Updated for name change of parserObjects to
-        parserArena. Also added explicit initialization for raw pointers that used
-        to be RefPtr. Also removed some uses of get() that aren't needed now that
-        the pointers are raw pointers. Also eliminated m_parameter from FuncExprNode
-        and FuncDeclNode. Also changed node-creating code to use new (JSGlobalData*)
-        as above.
-
-        * parser/Nodes.cpp: Eliminated NodeReleaser and all use of it.
-        (JSC::ParserRefCounted::ParserRefCounted): Updated for name change of
-        parserObjects to parserArena.
-        (JSC::SourceElements::append): Use raw pointers.
-        (JSC::ArrayNode::emitBytecode): Ditto.
-        (JSC::ArrayNode::isSimpleArray): Ditto.
-        (JSC::ArrayNode::toArgumentList): Ditto.
-        (JSC::ObjectLiteralNode::emitBytecode): Ditto.
-        (JSC::PropertyListNode::emitBytecode): Ditto.
-        (JSC::BracketAccessorNode::emitBytecode): Ditto.
-        (JSC::DotAccessorNode::emitBytecode): Ditto.
-        (JSC::ArgumentListNode::emitBytecode): Ditto.
-        (JSC::NewExprNode::emitBytecode): Ditto.
-        (JSC::EvalFunctionCallNode::emitBytecode): Ditto.
-        (JSC::FunctionCallValueNode::emitBytecode): Ditto.
-        (JSC::FunctionCallResolveNode::emitBytecode): Ditto.
-        (JSC::FunctionCallBracketNode::emitBytecode): Ditto.
-        (JSC::FunctionCallDotNode::emitBytecode): Ditto.
-        (JSC::CallFunctionCallDotNode::emitBytecode): Ditto.
-        (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto.
-        (JSC::PostfixBracketNode::emitBytecode): Ditto.
-        (JSC::PostfixDotNode::emitBytecode): Ditto.
-        (JSC::DeleteBracketNode::emitBytecode): Ditto.
-        (JSC::DeleteDotNode::emitBytecode): Ditto.
-        (JSC::DeleteValueNode::emitBytecode): Ditto.
-        (JSC::VoidNode::emitBytecode): Ditto.
-        (JSC::TypeOfValueNode::emitBytecode): Ditto.
-        (JSC::PrefixBracketNode::emitBytecode): Ditto.
-        (JSC::PrefixDotNode::emitBytecode): Ditto.
-        (JSC::UnaryOpNode::emitBytecode): Ditto.
-        (JSC::BinaryOpNode::emitStrcat): Ditto.
-        (JSC::BinaryOpNode::emitBytecode): Ditto.
-        (JSC::EqualNode::emitBytecode): Ditto.
-        (JSC::StrictEqualNode::emitBytecode): Ditto.
-        (JSC::ReverseBinaryOpNode::emitBytecode): Ditto.
-        (JSC::ThrowableBinaryOpNode::emitBytecode): Ditto.
-        (JSC::InstanceOfNode::emitBytecode): Ditto.
-        (JSC::LogicalOpNode::emitBytecode): Ditto.
-        (JSC::ConditionalNode::emitBytecode): Ditto.
-        (JSC::ReadModifyResolveNode::emitBytecode): Ditto.
-        (JSC::AssignResolveNode::emitBytecode): Ditto.
-        (JSC::AssignDotNode::emitBytecode): Ditto.
-        (JSC::ReadModifyDotNode::emitBytecode): Ditto.
-        (JSC::AssignBracketNode::emitBytecode): Ditto.
-        (JSC::ReadModifyBracketNode::emitBytecode): Ditto.
-        (JSC::CommaNode::emitBytecode): Ditto.
-        (JSC::ConstDeclNode::emitCodeSingle): Ditto.
-        (JSC::ConstDeclNode::emitBytecode): Ditto.
-        (JSC::ConstStatementNode::emitBytecode): Ditto.
-        (JSC::statementListEmitCode): Ditto.
-        (JSC::BlockNode::emitBytecode): Ditto.
-        (JSC::ExprStatementNode::emitBytecode): Ditto.
-        (JSC::VarStatementNode::emitBytecode): Ditto.
-        (JSC::IfNode::emitBytecode): Ditto.
-        (JSC::IfElseNode::emitBytecode): Ditto.
-        (JSC::DoWhileNode::emitBytecode): Ditto.
-        (JSC::WhileNode::emitBytecode): Ditto.
-        (JSC::ForNode::emitBytecode): Ditto.
-        (JSC::ForInNode::emitBytecode): Ditto.
-        (JSC::ReturnNode::emitBytecode): Ditto.
-        (JSC::WithNode::emitBytecode): Ditto.
-        (JSC::CaseBlockNode::tryOptimizedSwitch): Ditto.
-        (JSC::CaseBlockNode::emitBytecodeForBlock): Ditto.
-        (JSC::SwitchNode::emitBytecode): Ditto.
-        (JSC::LabelNode::emitBytecode): Ditto.
-        (JSC::ThrowNode::emitBytecode): Ditto.
-        (JSC::TryNode::emitBytecode): Ditto.
-        (JSC::ScopeNodeData::ScopeNodeData): Use swap to transfer ownership
-        of the arena, varStack and functionStack.
-        (JSC::ScopeNode::ScopeNode): Pass in the arena when creating the
-        ScopeNodeData.
-        (JSC::ProgramNode::ProgramNode): Made this inline since it's used
-        in only one place.
-        (JSC::ProgramNode::create): Changed this to return a PassRefPtr since
-        we plan to have the scope nodes be outside the arena, so they will need
-        some kind of ownership transfer (maybe auto_ptr instead of PassRefPtr
-        in the future, though). Remove the node from the newly-created arena to
-        avoid a circular reference. Later we'll keep the node out of the arena
-        by using a different operator new, but for now it's the ParserRefCounted
-        constructor that puts the node into the arena, and there's no way to
-        bypass that.
-        (JSC::EvalNode::EvalNode): Ditto.
-        (JSC::EvalNode::create): Ditto.
-        (JSC::FunctionBodyNode::FunctionBodyNode): Ditto.
-        (JSC::FunctionBodyNode::createNativeThunk): Moved the code that
-        reseets the arena here instead of the caller.
-        (JSC::FunctionBodyNode::create): Same change as the other create
-        functions above.
-        (JSC::FunctionBodyNode::emitBytecode): Use raw pointers.
-
-        * parser/Nodes.h: Removed NodeReleaser. Changed FunctionStack to
-        use raw pointers. Removed the releaseNodes function. Added an override
-        of operator new that takes a JSGlobalData* to prepare for future arena use.
-        Use raw pointers instead of RefPtr everywhere possible.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::reparseInPlace): Pass the arena in.
-
-        * parser/Parser.h:
-        (JSC::Parser::parse): Updated for name change of parserObjects to parserArena.
-        (JSC::Parser::reparse): Ditto.
-        * runtime/FunctionConstructor.cpp:
-        (JSC::extractFunctionBody): Ditto.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData): Ditto.
-        (JSC::JSGlobalData::createNativeThunk): Moved arena manipulation into the
-        FunctionBodyNode::createNativeThunk function.
-
-        * runtime/JSGlobalData.h: Tweaked formatting and renamed parserObjects to
-        parserArena.
-
-        * wtf/NotFound.h: Added the usual "using WTF" to this header to match the
-        rest of WTF.
-
-2009-05-10  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25670
-        Remove no longer valid chunk of code from dtoa.
-
-        * wtf/dtoa.cpp:
-        (WTF::dtoa): Removed invalid code.
-
-2009-05-10  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        "Class const *" is the same as "const Class*", use the latter syntax consistently.
-
-        See <http://www.parashift.com/c++-faq-lite/const-correctness.html#faq-18.9>.
-
-        * pcre/pcre_compile.cpp:
-        (calculateCompiledPatternLength):
-        * runtime/JSObject.h:
-        (JSC::JSObject::offsetForLocation):
-        (JSC::JSObject::locationForOffset):
-
-2009-05-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-        
-        - speedup dtoa/strtod
-        
-        Added a bunch of inlining, and replaced malloc with stack allocation.
-        
-        0.5% SunSpider speedup (7% on string-tagcloud).
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::integerPartNoExp):
-        (JSC::numberProtoFuncToExponential):
-        * runtime/UString.cpp:
-        (JSC::concatenate):
-        (JSC::UString::from):
-        * wtf/dtoa.cpp:
-        (WTF::BigInt::BigInt):
-        (WTF::BigInt::operator=):
-        (WTF::Balloc):
-        (WTF::Bfree):
-        (WTF::multadd):
-        (WTF::s2b):
-        (WTF::i2b):
-        (WTF::mult):
-        (WTF::pow5mult):
-        (WTF::lshift):
-        (WTF::cmp):
-        (WTF::diff):
-        (WTF::b2d):
-        (WTF::d2b):
-        (WTF::ratio):
-        (WTF::strtod):
-        (WTF::quorem):
-        (WTF::freedtoa):
-        (WTF::dtoa):
-        * wtf/dtoa.h:
-
-2009-05-09  Mike Hommey  <glandium@debian.org>
-
-        Reviewed by Geoffrey Garen. Landed by Jan Alonzo.
-
-        Enable JIT on x86-64 gtk+
-        https://bugs.webkit.org/show_bug.cgi?id=24724
-
-        * GNUmakefile.am:
-
-2009-05-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Removed the last non-call-related manually managed JIT stub call.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArithSlow_op_rshift): Fully use the JITStubCall
-        abstraction, instead of emitPutJITStubArg.
-
-2009-05-09  Sebastian Andrzej Siewior  <sebastian@breakpoint.cc>
-
-        Reviewed by Gustavo Noronha.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25653
-        PLATFORM(X86_64) inherits ia64
-
-        __ia64__ is defined by gcc in an IA64 arch and has completely
-        nothing in common with X86-64 exept both are from Intel and have
-        an 64bit address space. That's it. Since code seems to expect x86
-        here, ia64 has to go.
-
-        * wtf/Platform.h:
-
-2009-05-09  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Suggested by Geoffrey Garen.
-
-        Assume SSE2 is present on X86-64 and on MAC X86-32. This fixes a
-        build breakage on non-Mac X86-64 when JIT is enabled.
-
-        * jit/JITArithmetic.cpp:
-
-2009-05-09  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Build fix, adding missing files to make dist.
-
-        * GNUmakefile.am:
-
-2009-05-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::patchLoadToLEA):
-
-2009-05-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::patchLoadToLEA):
-
-2009-05-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        Original patch by John McCall. Updated by Cameron Zwarich. Further refined by me.
-        
-        - Assorted speedups to property access
-        
-        ~.3%-1% speedup on SunSpider
-        
-        1) When we know from the structure ID that an object is using inline storage, plant direct
-        loads and stores against it; no need to indirect through storage pointer.
-        
-        2) Also because of the above, union the property storage pointer with the first inline property
-        slot and add an extra inline property slot.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::CodeLocationInstruction::CodeLocationInstruction):
-        (JSC::AbstractMacroAssembler::CodeLocationInstruction::patchLoadToLEA):
-        (JSC::::CodeLocationCommon::instructionAtOffset):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::storePtr):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::store32):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::storePtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movq_EAXm):
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::patchLoadToLEA):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::mark):
-        (JSC::JSObject::removeDirect):
-        * runtime/JSObject.h:
-        (JSC::JSObject::propertyStorage):
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getOffset):
-        (JSC::JSObject::offsetForLocation):
-        (JSC::JSObject::locationForOffset):
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::isUsingInlineStorage):
-        (JSC::JSObject::):
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::~JSObject):
-        (JSC::Structure::isUsingInlineStorage):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        * runtime/Structure.h:
-
-2009-05-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Changed all our JIT stubs so that they return a maximum of 1 JS value or
-        two non-JS pointers, and do all other value returning through out
-        parameters, in preparation for 64bit JS values on a 32bit system.
-
-        Stubs that used to return two JSValues now return one JSValue and take
-        and out parameter specifying where in the register array the second
-        value should go.
-        
-        SunSpider reports no change.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArithSlow_op_post_inc):
-        (JSC::JIT::compileFastArithSlow_op_post_dec):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_call_arityCheck):
-        (JSC::JITStubs::cti_op_resolve_func):
-        (JSC::JITStubs::cti_op_post_inc):
-        (JSC::JITStubs::cti_op_resolve_with_base):
-        (JSC::JITStubs::cti_op_post_dec):
-        * jit/JITStubs.h:
-        (JSC::):
-
-2009-05-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed <rdar://problem/6634956> CrashTracer: [REGRESSION] >400 crashes
-        in Safari at com.apple.JavaScriptCore • JSC::BytecodeGenerator::emitComplexJumpScopes + 468
-        https://bugs.webkit.org/show_bug.cgi?id=25658
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitComplexJumpScopes): Guard the whole loop
-        with a bounds check. The old loop logic would decrement and read topScope
-        without a bounds check, which could cause crashes on page boundaries.
-
-2009-05-08  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed by NOBODY (BuildFix).
-
-        Gtk fix: add LiteralParser to the build script per r43424.
-
-        Add LiteralParser to the Qt and Wx build scripts too.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCoreSources.bkl:
-
-2009-05-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough and Darin Adler.
-
-        Add a limited literal parser for eval to handle object and array literals fired at eval
-
-        This is a simplified parser and lexer that we can throw at strings passed to eval
-        in case a site is using eval to parse JSON (eg. json2.js).  The lexer is intentionally
-        limited (in effect it's whitelisting a limited "common" subset of the JSON grammar)
-        as this decreases the likelihood of us wating time attempting to parse any significant
-        amount of non-JSON content.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/LiteralParser.cpp: Added.
-        (JSC::isStringCharacter):
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parseStatement):
-        (JSC::LiteralParser::parseExpression):
-        (JSC::LiteralParser::parseArray):
-        (JSC::LiteralParser::parseObject):
-        (JSC::LiteralParser::StackGuard::StackGuard):
-        (JSC::LiteralParser::StackGuard::~StackGuard):
-        (JSC::LiteralParser::StackGuard::isSafe):
-        * runtime/LiteralParser.h: Added.
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::attemptJSONParse):
-        (JSC::LiteralParser::):
-        (JSC::LiteralParser::Lexer::Lexer):
-        (JSC::LiteralParser::Lexer::next):
-        (JSC::LiteralParser::Lexer::currentToken):
-        (JSC::LiteralParser::abortParse):
-
-2009-05-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Restored a Mozilla JS test I accidentally gutted.
-
-        * tests/mozilla/ecma/Array/15.4.4.2.js:
-        (getTestCases):
-        (test):
-
-2009-05-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        More abstraction for JITStub calls from JITed code.
-        
-        Added a JITStubCall class that automatically handles things like assigning
-        arguments to different stack slots and storing return values. Deployed
-        the class in about a billion places. A bunch more places remain to be
-        fixed up, but this is a good stopping point for now.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::emitTimeoutCheck):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::JSRInfo::JSRInfo):
-        (JSC::JITStubCall::JITStubCall):
-        (JSC::JITStubCall::addArgument):
-        (JSC::JITStubCall::call):
-        (JSC::JITStubCall::):
-        (JSC::CallEvalJITStub::CallEvalJITStub):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArithSlow_op_lshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_jnless):
-        (JSC::JIT::compileFastArithSlow_op_bitand):
-        (JSC::JIT::compileFastArithSlow_op_mod):
-        (JSC::JIT::compileFastArith_op_mod):
-        (JSC::JIT::compileFastArithSlow_op_post_inc):
-        (JSC::JIT::compileFastArithSlow_op_post_dec):
-        (JSC::JIT::compileFastArithSlow_op_pre_inc):
-        (JSC::JIT::compileFastArithSlow_op_pre_dec):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArith_op_sub):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::compileFastArithSlow_op_add):
-        (JSC::JIT::compileFastArithSlow_op_mul):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_resolve_func):
-        (JSC::JITStubs::cti_op_resolve_with_base):
-
-2009-05-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add a new opcode jnlesseq, and optimize its compilation in the JIT using
-        techniques similar to what were used to optimize jnless in r43363.
-
-        This gives a 0.7% speedup on SunSpider, particularly on the tests 3d-cube,
-        control-flow-recursive, date-format-xparb, and string-base64.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Add support for dumping op_jnlesseq.
-        * bytecode/Opcode.h: Add op_jnlesseq to the list of opcodes.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfFalse): Add a peephole optimization
-        for op_jnlesseq when emitting lesseq followed by a jump.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Add case for op_jnlesseq.
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass): Add case for op_jnlesseq.
-        (JSC::JIT::privateCompileSlowCases): Add case for op_jnlesseq.
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_jnlesseq): Added.
-        (JSC::JIT::compileFastArithSlow_op_jnlesseq): Added.
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_jlesseq): Added.
-        * jit/JITStubs.h:
-
-2009-05-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - fix test failures on 64-bit
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArithSlow_op_jnless): Avoid accidentaly treating an
-        immediate int as an immediate float in the 64-bit value representation.
-
-2009-05-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        Removing an empty constructor and an uncalled, empty function seems to be a
-        pretty solid 1% regeression on my machine, so I'm going to put them back.
-        Um.  Yeah, this this pretty pointles and makes no sense at all.  I officially
-        lose the will to live in 3... 2...
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::notifyOfScope):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingTool::~SamplingTool):
-
-2009-05-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver "I see lots of ifdefs" Hunt.
-
-        Fix (kinda) for sampling tool breakage.  The codeblock sampling tool has become
-        b0rked due to recent changes in native function calling.  The initialization of
-        a ScopeNode appears to now occur before the sampling tool (or possibly the
-        interpreter has been brought into existence, wihich leads to crashyness).
-
-        This patch doesn't fix the problem.  The crash occurs when tracking a Scope, but
-        we shouldn't need to track scopes when we're just sampling opcodes, not
-        codeblocks.  Not retaining Scopes when just opcode sampling will reduce sampling
-        overhead reducing any instrumentation skew, which is a good thing.  As a side
-        benefit this patch also gets the opcode sampling going again, albeit in a bit of
-        a lame way.  Will come back later with a proper fix from codeblock sampling. 
-
-        * JavaScriptCore.exp:
-        * bytecode/SamplingTool.cpp:
-        (JSC::compareLineCountInfoSampling):
-        (JSC::SamplingTool::dump):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingTool::SamplingTool):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-
-2009-05-07  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Fix <https://bugs.webkit.org/show_bug.cgi?id=25640>.
-        Bug 25640: Crash on quit in r43384 nightly build on Leopard w/ Safari 4 beta installed
-        
-        Roll out r43366 as it removed symbols that Safari 4 Beta uses.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingThread::start):
-        (JSC::SamplingThread::stop):
-        * bytecode/SamplingTool.h:
-        * wtf/CrossThreadRefCounted.h:
-        (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
-        (WTF::::ref):
-        (WTF::::deref):
-        * wtf/Threading.h:
-        * wtf/ThreadingNone.cpp:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-        (WTF::threadMap):
-        (WTF::identifierByPthreadHandle):
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::pthreadHandleForIdentifier):
-        (WTF::clearPthreadHandleForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-        (WTF::currentThread):
-        * wtf/ThreadingWin.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-        (WTF::threadMap):
-        (WTF::storeThreadHandleByIdentifier):
-        (WTF::threadHandleForIdentifier):
-        (WTF::clearThreadHandleForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-        (WTF::currentThread):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::threadMapMutex):
-        (WTF::initializeThreading):
-        (WTF::threadMap):
-        (WTF::identifierByGthreadHandle):
-        (WTF::establishIdentifierForThread):
-        (WTF::threadForIdentifier):
-        (WTF::clearThreadForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::threadMapMutex):
-        (WTF::threadMap):
-        (WTF::identifierByQthreadHandle):
-        (WTF::establishIdentifierForThread):
-        (WTF::clearThreadForIdentifier):
-        (WTF::threadForIdentifier):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-
-2009-05-07  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Suggested by Oliver Hunt.
-
-        Also check for Linux for the special-cased calling convention.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * wtf/Platform.h:
-
-2009-05-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Previously, when appending to an existing string and growing the underlying buffer,
-        we would actually allocate 110% of the required size in order to give us some space
-        to expand into.  Now we treat strings differently based on their size:
-
-        Small Strings (up to 4 pages):
-        Expand the allocation size to 112.5% of the amount requested.  This is largely sicking
-        to our previous policy, however 112.5% is cheaper to calculate.
-
-        Medium Strings (up to 128 pages):
-        For pages covering multiple pages over-allocation is less of a concern - any unused
-        space will not be paged in if it is not used, so this is purely a VM overhead.  For
-        these strings allocate 2x the requested size.
-
-        Large Strings (to infinity and beyond!):
-        Revert to our 112.5% policy - probably best to limit the amount of unused VM we allow
-        any individual string be responsible for.
-
-        Additionally, round small allocations up to a multiple of 16 bytes, and medium and
-        large allocations up to a multiple of page size.
-
-        ~1.5% progression on Sunspider, due to 5% improvement on tagcloud & 15% on validate.
-
-        * runtime/UString.cpp:
-        (JSC::expandedSize):
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed a minor sequencing error introduced by recent Parser speedups.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::createNativeThunk): Missed a spot in my last patch.
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        * wtf/Platform.h: Reverted an accidental (and performance-catastrophic)
-        change.
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed a minor sequencing error introduced by recent Parser speedups.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::reparseInPlace): Missed a spot in my last patch.
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed a minor sequencing error introduced by recent Parser speedups.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        (JSC::Parser::reparse): Shrink the parsedObjects vector after allocating
-        the root node, to avoid leaving a stray node in the vector, since that's
-        a slight memory leak, and it causes problems during JSGlobalData teardown.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData): ASSERT that we're not being torn
-        down while we think we're still parsing, since that would cause lots of
-        bad memory references during our destruction.
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Replaced two more macros with references to the JITStackFrame structure.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        * jit/JITStubs.cpp:
-        (JSC::):
-        * jit/JITStubs.h:
-
-2009-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improve native call performance
-
-        Fix the windows build by adding calling convention declarations everywhere,
-        chose fastcall as that seemed most sensible given we were having to declare
-        the convention explicitly.  In addition switched to fastcall on mac in the
-        deluded belief that documented fastcall behavior on windows would match 
-        actual its actual behavior.
-
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::argumentCount):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionGC):
-        (functionVersion):
-        (functionRun):
-        (functionLoad):
-        (functionSetSamplingFlags):
-        (functionClearSamplingFlags):
-        (functionReadline):
-        (functionQuit):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::callArrayConstructor):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::callBooleanConstructor):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/CallData.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        (JSC::dateParse):
-        (JSC::dateNow):
-        (JSC::dateUTC):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::dateProtoFuncSetMilliSeconds):
-        (JSC::dateProtoFuncSetUTCMilliseconds):
-        (JSC::dateProtoFuncSetSeconds):
-        (JSC::dateProtoFuncSetUTCSeconds):
-        (JSC::dateProtoFuncSetMinutes):
-        (JSC::dateProtoFuncSetUTCMinutes):
-        (JSC::dateProtoFuncSetHours):
-        (JSC::dateProtoFuncSetUTCHours):
-        (JSC::dateProtoFuncSetDate):
-        (JSC::dateProtoFuncSetUTCDate):
-        (JSC::dateProtoFuncSetMonth):
-        (JSC::dateProtoFuncSetUTCMonth):
-        (JSC::dateProtoFuncSetFullYear):
-        (JSC::dateProtoFuncSetUTCFullYear):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::callErrorConstructor):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::callFunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::callFunctionPrototype):
-        (JSC::functionProtoFuncToString):
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::nativeFunction):
-        (JSC::JSFunction::setScopeChain):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncIsNaN):
-        (JSC::globalFuncIsFinite):
-        (JSC::globalFuncDecodeURI):
-        (JSC::globalFuncDecodeURIComponent):
-        (JSC::globalFuncEncodeURI):
-        (JSC::globalFuncEncodeURIComponent):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRandom):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::callNativeErrorConstructor):
-        * runtime/NativeFunctionWrapper.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::callNumberConstructor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::callObjectConstructor):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncValueOf):
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        (JSC::objectProtoFuncToLocaleString):
-        (JSC::objectProtoFuncToString):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::callRegExpConstructor):
-        * runtime/RegExpObject.cpp:
-        (JSC::callRegExpObject):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCode):
-        (JSC::callStringConstructor):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToString):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        * wtf/Platform.h:
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Rolled out a portion of r43352 because it broke 64bit.
-
-        * jit/JITStubs.h:
-
-2009-05-07  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Build fix for functions reaturning ThreadIdentifier.
-
-        * wtf/ThreadingNone.cpp:
-        (WTF::createThreadInternal):
-        (WTF::currentThread):
-
-2009-05-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John Honeycutt.
-        
-        - enable optimization case im the last patch that I accidentally had disabled.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArithSlow_op_jnless):
-
-2009-05-07  Dmitry Titov  <dimich@chromium.org>
-
-        Attempt to fix Win build.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArithSlow_op_jnless):
-
-2009-05-07  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Alexey Proskuryakov and Adam Roben.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25348
-        Change WTF::ThreadIdentifier to be an actual (but wrapped) thread id, remove ThreadMap.
-
-        * wtf/Threading.h:
-        (WTF::ThreadIdentifier::ThreadIdentifier):
-        (WTF::ThreadIdentifier::isValid):
-        (WTF::ThreadIdentifier::invalidate):
-        (WTF::ThreadIdentifier::platformId):
-        ThreadIdentifier is now a class, containing a PlatformThreadIdentifier and
-        methods that are used across the code on thread ids: construction, comparisons,
-        check for 'valid' state etc. '0' is used as invalid id, which happens to just work
-        with all platform-specific thread id implementations.
-
-        All the following files repeatedly reflect the new ThreadIdentifier for each platform.
-        We remove ThreadMap and threadMapMutex from all of them, remove the functions that
-        populated/searched/cleared the map and add platform-specific comparison operators
-        for ThreadIdentifier.
-
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-
-        * wtf/ThreadingNone.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-        (WTF::currentThread):
-
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        (WTF::currentThread):
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadIdentifier::operator==):
-        (WTF::ThreadIdentifier::operator!=):
-        (WTF::initializeThreading):
-        (WTF::createThreadInternal): All the platforms (except Windows) used a sequential
-        counter as a thread ID and mapped it into platform ID. Windows was using native thread
-        id and mapped it into thread handle. Since we can always obtain a thread handle
-        by thread id, createThread now closes the handle.
-        (WTF::waitForThreadCompletion): obtains another one using OpenThread(id) API. If can not obtain a handle,
-        it means the thread already exited.
-        (WTF::detachThread):
-        (WTF::currentThread):
-        (WTF::detachThreadDeprecated): old function, renamed (for Win Safari 4 beta which uses it for now).
-        (WTF::waitForThreadCompletionDeprecated): same.
-        (WTF::currentThreadDeprecated): same.
-        (WTF::createThreadDeprecated): same.
-
-        * bytecode/SamplingTool.h:
-        * bytecode/SamplingTool.cpp: Use DEFINE_STATIC_LOCAL for a static ThreadIdentifier variable, to avoid static constructor.
-
-        * JavaScriptCore.exp: export lists - updated the WTF threading functions decorated names
-        since they now take a different type as a parameter.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: ditto for Windows, plus added "deprecated" functions
-        that take old parameter type - turns out public beta of Safari 4 uses those, so they need to be kept along for a while.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: ditto.
-
-2009-05-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        - optimize various cases of branch-fused less
-        
-        1% speedup on SunSpider overall
-        13% speedup on math-cordic
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        op_loop_if_less: Optimize case of constant as first operand, just as case of constant as
-        second operand.
-        op_jnless: Factored out into compileFastArith_op_jnless.
-        (JSC::JIT::privateCompileSlowCases):
-        op_jnless: Factored out into compileFastArithSlow_op_jnless.
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_jnless): Factored out from main compile loop.
-        - Generate inline code for comparison of constant immediate int as first operand to another
-        immediate int, as for loop_if_less
-
-        (JSC::JIT::compileFastArithSlow_op_jnless):
-        - Generate inline code for comparing two floating point numbers.
-        - Generate code for both cases of comparing a floating point number to a constant immediate 
-        int.
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Fix dumping of op_jnless (tangentially related bugfix).
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added the return address of a stub function to the JITStackFrame abstraction.
-
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITStubs.cpp:
-        (JSC::):
-        (JSC::StackHack::StackHack):
-        (JSC::StackHack::~StackHack):
-        (JSC::returnToThrowTrampoline):
-        (JSC::JITStubs::cti_op_convert_this):
-        (JSC::JITStubs::cti_op_end):
-        (JSC::JITStubs::cti_op_add):
-        (JSC::JITStubs::cti_op_pre_inc):
-        (JSC::JITStubs::cti_timeout_check):
-        (JSC::JITStubs::cti_register_file_check):
-        (JSC::JITStubs::cti_op_loop_if_less):
-        (JSC::JITStubs::cti_op_loop_if_lesseq):
-        (JSC::JITStubs::cti_op_new_object):
-        (JSC::JITStubs::cti_op_put_by_id_generic):
-        (JSC::JITStubs::cti_op_get_by_id_generic):
-        (JSC::JITStubs::cti_op_put_by_id):
-        (JSC::JITStubs::cti_op_put_by_id_second):
-        (JSC::JITStubs::cti_op_put_by_id_fail):
-        (JSC::JITStubs::cti_op_get_by_id):
-        (JSC::JITStubs::cti_op_get_by_id_second):
-        (JSC::JITStubs::cti_op_get_by_id_self_fail):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
-        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
-        (JSC::JITStubs::cti_op_get_by_id_array_fail):
-        (JSC::JITStubs::cti_op_get_by_id_string_fail):
-        (JSC::JITStubs::cti_op_instanceof):
-        (JSC::JITStubs::cti_op_del_by_id):
-        (JSC::JITStubs::cti_op_mul):
-        (JSC::JITStubs::cti_op_new_func):
-        (JSC::JITStubs::cti_op_call_JSFunction):
-        (JSC::JITStubs::cti_op_call_arityCheck):
-        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
-        (JSC::JITStubs::cti_vm_lazyLinkCall):
-        (JSC::JITStubs::cti_op_push_activation):
-        (JSC::JITStubs::cti_op_call_NotJSFunction):
-        (JSC::JITStubs::cti_op_create_arguments):
-        (JSC::JITStubs::cti_op_create_arguments_no_params):
-        (JSC::JITStubs::cti_op_tear_off_activation):
-        (JSC::JITStubs::cti_op_tear_off_arguments):
-        (JSC::JITStubs::cti_op_profile_will_call):
-        (JSC::JITStubs::cti_op_profile_did_call):
-        (JSC::JITStubs::cti_op_ret_scopeChain):
-        (JSC::JITStubs::cti_op_new_array):
-        (JSC::JITStubs::cti_op_resolve):
-        (JSC::JITStubs::cti_op_construct_JSConstruct):
-        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_string):
-        (JSC::JITStubs::cti_op_get_by_val_byte_array):
-        (JSC::JITStubs::cti_op_resolve_func):
-        (JSC::JITStubs::cti_op_sub):
-        (JSC::JITStubs::cti_op_put_by_val):
-        (JSC::JITStubs::cti_op_put_by_val_array):
-        (JSC::JITStubs::cti_op_put_by_val_byte_array):
-        (JSC::JITStubs::cti_op_lesseq):
-        (JSC::JITStubs::cti_op_loop_if_true):
-        (JSC::JITStubs::cti_op_load_varargs):
-        (JSC::JITStubs::cti_op_negate):
-        (JSC::JITStubs::cti_op_resolve_base):
-        (JSC::JITStubs::cti_op_resolve_skip):
-        (JSC::JITStubs::cti_op_resolve_global):
-        (JSC::JITStubs::cti_op_div):
-        (JSC::JITStubs::cti_op_pre_dec):
-        (JSC::JITStubs::cti_op_jless):
-        (JSC::JITStubs::cti_op_not):
-        (JSC::JITStubs::cti_op_jtrue):
-        (JSC::JITStubs::cti_op_post_inc):
-        (JSC::JITStubs::cti_op_eq):
-        (JSC::JITStubs::cti_op_lshift):
-        (JSC::JITStubs::cti_op_bitand):
-        (JSC::JITStubs::cti_op_rshift):
-        (JSC::JITStubs::cti_op_bitnot):
-        (JSC::JITStubs::cti_op_resolve_with_base):
-        (JSC::JITStubs::cti_op_new_func_exp):
-        (JSC::JITStubs::cti_op_mod):
-        (JSC::JITStubs::cti_op_less):
-        (JSC::JITStubs::cti_op_neq):
-        (JSC::JITStubs::cti_op_post_dec):
-        (JSC::JITStubs::cti_op_urshift):
-        (JSC::JITStubs::cti_op_bitxor):
-        (JSC::JITStubs::cti_op_new_regexp):
-        (JSC::JITStubs::cti_op_bitor):
-        (JSC::JITStubs::cti_op_call_eval):
-        (JSC::JITStubs::cti_op_throw):
-        (JSC::JITStubs::cti_op_get_pnames):
-        (JSC::JITStubs::cti_op_next_pname):
-        (JSC::JITStubs::cti_op_push_scope):
-        (JSC::JITStubs::cti_op_pop_scope):
-        (JSC::JITStubs::cti_op_typeof):
-        (JSC::JITStubs::cti_op_is_undefined):
-        (JSC::JITStubs::cti_op_is_boolean):
-        (JSC::JITStubs::cti_op_is_number):
-        (JSC::JITStubs::cti_op_is_string):
-        (JSC::JITStubs::cti_op_is_object):
-        (JSC::JITStubs::cti_op_is_function):
-        (JSC::JITStubs::cti_op_stricteq):
-        (JSC::JITStubs::cti_op_to_primitive):
-        (JSC::JITStubs::cti_op_strcat):
-        (JSC::JITStubs::cti_op_nstricteq):
-        (JSC::JITStubs::cti_op_to_jsnumber):
-        (JSC::JITStubs::cti_op_in):
-        (JSC::JITStubs::cti_op_push_new_scope):
-        (JSC::JITStubs::cti_op_jmp_scopes):
-        (JSC::JITStubs::cti_op_put_by_index):
-        (JSC::JITStubs::cti_op_switch_imm):
-        (JSC::JITStubs::cti_op_switch_char):
-        (JSC::JITStubs::cti_op_switch_string):
-        (JSC::JITStubs::cti_op_del_by_val):
-        (JSC::JITStubs::cti_op_put_getter):
-        (JSC::JITStubs::cti_op_put_setter):
-        (JSC::JITStubs::cti_op_new_error):
-        (JSC::JITStubs::cti_op_debug):
-        (JSC::JITStubs::cti_vm_throw):
-        * jit/JITStubs.h:
-        (JSC::JITStackFrame::returnAddressSlot):
-
-2009-05-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex): Fix missing braces. This would make us always
-        take the slower case for string parsing and Visual Studio correctly
-        noticed unreachable code.
-
-2009-05-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 25589: goto instead of state machine in lexer
-        https://bugs.webkit.org/show_bug.cgi?id=25589
-
-        SunSpider is 0.8% faster.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::currentCharacter): Added.
-        (JSC::Lexer::currentOffset): Changed to call currentCharacter for clarity.
-        (JSC::Lexer::setCode): Removed code to set now-obsolete m_skipLineEnd.
-        (JSC::Lexer::shiftLineTerminator): Added. Handles line numbers and the
-        two-character line terminators.
-        (JSC::Lexer::makeIdentifier): Changed to take characters and length rather
-        than a vector, since we now make these directly out of the source buffer
-        when possible.
-        (JSC::Lexer::lastTokenWasRestrKeyword): Added.
-        (JSC::isNonASCIIIdentStart): Broke out the non-inline part.
-        (JSC::isIdentStart): Moved here.
-        (JSC::isNonASCIIIdentPart): Broke out the non-inline part.
-        (JSC::isIdentPart): Moved here.
-        (JSC::singleEscape): Moved here, and removed some unneeded cases.
-        (JSC::Lexer::record8): Moved here.
-        (JSC::Lexer::record16): Moved here.
-        (JSC::Lexer::lex): Rewrote this whole function to use goto and not use
-        a state machine. Got rid of most of the local variables. Also rolled the
-        matchPunctuator function in here.
-        (JSC::Lexer::scanRegExp): Changed to use the new version of isLineTerminator.
-        Clear m_buffer16 after using it instead of before.
-
-        * parser/Lexer.h: Removed State enum, setDone function, nextLine function,
-        lookupKeywordFunction, one of the isLineTerminator functions, m_done data member,
-        m_skipLineEnd data member, and m_state data member. Added shiftLineTerminator
-        function, currentCharacter function, and changed the arguments to the makeIdentifier
-        function. Removed one branch from the isLineTerminator function.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace): Streamlined the case where we don't replace anything.
-
-2009-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Removed a few more special constants, and replaced them with uses of
-        the JITStackFrame struct.
-
-        Removed one of the two possible definitions of VoidPtrPair. The Mac
-        definition was more elegant, but SunSpider doesn't think it's any
-        faster, and it's net less elegant to have two ways of doing things.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.h:
-        (JSC::):
-
-2009-05-07  Darin Adler  <darin@apple.com>
-
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::~ScopeChainNode): Tweak formatting.
-
-2009-05-07  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Fix the build thread stack base determination build on Symbian,
-        by moving the code block before PLATFORM(UNIX), which is also
-        enabled on Symbian builds.
-
-        * runtime/Collector.cpp:
-        (JSC::currentThreadStackBase):
-
-2009-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix crash due to incorrectly using an invalid scopechain 
-
-        stringProtoFuncReplace was checking for an exception on a CachedCall
-        by asking for the cached callframes exception.  Unfortunately this
-        could crash in certain circumstances as CachedCall does not guarantee
-        a valid callframe following a call.  Even more unfortunately the check
-        was entirely unnecessary as there is only a single exception slot per
-        global data, so it was already checked via the initial exec->hadException()
-        check.
-
-        To make bugs like this more obvious, i've added a debug only destructor
-        to ScopeChainNode that 0's all of its fields.  This exposed a crash in
-        the standard javascriptcore tests.
-
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        (JSC::ScopeChain::~ScopeChain):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2009-05-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Enable op_strcat across += assignments.  This patch allows the lhs of a read/modify node
-        to be included within the concatenation operation, and also modifies the implementation
-        of the concatenation to attempt to reuse and cat onto the leftmost string, rather than
-        always allocating a new empty output string to copy into (as was previously the behaviour).
-
-        ~0.5% progression, due to a 3%-3.5% progression on the string tests (particularly validate).
-
-        * parser/Nodes.cpp:
-        (JSC::BinaryOpNode::emitStrcat):
-        (JSC::emitReadModifyAssignment):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::ReadModifyDotNode::emitBytecode):
-        (JSC::ReadModifyBracketNode::emitBytecode):
-        * parser/Nodes.h:
-        * runtime/Operations.h:
-        (JSC::concatenateStrings):
-        * runtime/UString.cpp:
-        (JSC::UString::reserveCapacity):
-        * runtime/UString.h:
-
-2009-05-07  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix the build on Windows without JIT: interpreter/RegisterFile.h needs
-        roundUpAllocationSize, which is protected by #if ENABLED(ASSEMBLER).
-        Moved the #ifdef down and always offer the function.
-
-        * jit/ExecutableAllocator.h:
-
-2009-05-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin "++" Barraclough.
-        
-        Added some abstraction around the JIT stub calling convention by creating
-        a struct to represent the persistent stack frame JIT code shares with
-        JIT stubs.
-        
-        SunSpider reports no change.
-
-        * jit/JIT.h:
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_convert_this):
-        (JSC::JITStubs::cti_op_end):
-        (JSC::JITStubs::cti_op_add):
-        (JSC::JITStubs::cti_op_pre_inc):
-        (JSC::JITStubs::cti_timeout_check):
-        (JSC::JITStubs::cti_register_file_check):
-        (JSC::JITStubs::cti_op_loop_if_less):
-        (JSC::JITStubs::cti_op_loop_if_lesseq):
-        (JSC::JITStubs::cti_op_new_object):
-        (JSC::JITStubs::cti_op_put_by_id_generic):
-        (JSC::JITStubs::cti_op_get_by_id_generic):
-        (JSC::JITStubs::cti_op_put_by_id):
-        (JSC::JITStubs::cti_op_put_by_id_second):
-        (JSC::JITStubs::cti_op_put_by_id_fail):
-        (JSC::JITStubs::cti_op_get_by_id):
-        (JSC::JITStubs::cti_op_get_by_id_second):
-        (JSC::JITStubs::cti_op_get_by_id_self_fail):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
-        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
-        (JSC::JITStubs::cti_op_get_by_id_array_fail):
-        (JSC::JITStubs::cti_op_get_by_id_string_fail):
-        (JSC::JITStubs::cti_op_instanceof):
-        (JSC::JITStubs::cti_op_del_by_id):
-        (JSC::JITStubs::cti_op_mul):
-        (JSC::JITStubs::cti_op_new_func):
-        (JSC::JITStubs::cti_op_call_JSFunction):
-        (JSC::JITStubs::cti_op_call_arityCheck):
-        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
-        (JSC::JITStubs::cti_vm_lazyLinkCall):
-        (JSC::JITStubs::cti_op_push_activation):
-        (JSC::JITStubs::cti_op_call_NotJSFunction):
-        (JSC::JITStubs::cti_op_create_arguments):
-        (JSC::JITStubs::cti_op_create_arguments_no_params):
-        (JSC::JITStubs::cti_op_tear_off_activation):
-        (JSC::JITStubs::cti_op_tear_off_arguments):
-        (JSC::JITStubs::cti_op_profile_will_call):
-        (JSC::JITStubs::cti_op_profile_did_call):
-        (JSC::JITStubs::cti_op_ret_scopeChain):
-        (JSC::JITStubs::cti_op_new_array):
-        (JSC::JITStubs::cti_op_resolve):
-        (JSC::JITStubs::cti_op_construct_JSConstruct):
-        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_string):
-        (JSC::JITStubs::cti_op_get_by_val_byte_array):
-        (JSC::JITStubs::cti_op_resolve_func):
-        (JSC::JITStubs::cti_op_sub):
-        (JSC::JITStubs::cti_op_put_by_val):
-        (JSC::JITStubs::cti_op_put_by_val_array):
-        (JSC::JITStubs::cti_op_put_by_val_byte_array):
-        (JSC::JITStubs::cti_op_lesseq):
-        (JSC::JITStubs::cti_op_loop_if_true):
-        (JSC::JITStubs::cti_op_load_varargs):
-        (JSC::JITStubs::cti_op_negate):
-        (JSC::JITStubs::cti_op_resolve_base):
-        (JSC::JITStubs::cti_op_resolve_skip):
-        (JSC::JITStubs::cti_op_resolve_global):
-        (JSC::JITStubs::cti_op_div):
-        (JSC::JITStubs::cti_op_pre_dec):
-        (JSC::JITStubs::cti_op_jless):
-        (JSC::JITStubs::cti_op_not):
-        (JSC::JITStubs::cti_op_jtrue):
-        (JSC::JITStubs::cti_op_post_inc):
-        (JSC::JITStubs::cti_op_eq):
-        (JSC::JITStubs::cti_op_lshift):
-        (JSC::JITStubs::cti_op_bitand):
-        (JSC::JITStubs::cti_op_rshift):
-        (JSC::JITStubs::cti_op_bitnot):
-        (JSC::JITStubs::cti_op_resolve_with_base):
-        (JSC::JITStubs::cti_op_new_func_exp):
-        (JSC::JITStubs::cti_op_mod):
-        (JSC::JITStubs::cti_op_less):
-        (JSC::JITStubs::cti_op_neq):
-        (JSC::JITStubs::cti_op_post_dec):
-        (JSC::JITStubs::cti_op_urshift):
-        (JSC::JITStubs::cti_op_bitxor):
-        (JSC::JITStubs::cti_op_new_regexp):
-        (JSC::JITStubs::cti_op_bitor):
-        (JSC::JITStubs::cti_op_call_eval):
-        (JSC::JITStubs::cti_op_throw):
-        (JSC::JITStubs::cti_op_get_pnames):
-        (JSC::JITStubs::cti_op_next_pname):
-        (JSC::JITStubs::cti_op_push_scope):
-        (JSC::JITStubs::cti_op_pop_scope):
-        (JSC::JITStubs::cti_op_typeof):
-        (JSC::JITStubs::cti_op_is_undefined):
-        (JSC::JITStubs::cti_op_is_boolean):
-        (JSC::JITStubs::cti_op_is_number):
-        (JSC::JITStubs::cti_op_is_string):
-        (JSC::JITStubs::cti_op_is_object):
-        (JSC::JITStubs::cti_op_is_function):
-        (JSC::JITStubs::cti_op_stricteq):
-        (JSC::JITStubs::cti_op_to_primitive):
-        (JSC::JITStubs::cti_op_strcat):
-        (JSC::JITStubs::cti_op_nstricteq):
-        (JSC::JITStubs::cti_op_to_jsnumber):
-        (JSC::JITStubs::cti_op_in):
-        (JSC::JITStubs::cti_op_push_new_scope):
-        (JSC::JITStubs::cti_op_jmp_scopes):
-        (JSC::JITStubs::cti_op_put_by_index):
-        (JSC::JITStubs::cti_op_switch_imm):
-        (JSC::JITStubs::cti_op_switch_char):
-        (JSC::JITStubs::cti_op_switch_string):
-        (JSC::JITStubs::cti_op_del_by_val):
-        (JSC::JITStubs::cti_op_put_getter):
-        (JSC::JITStubs::cti_op_put_setter):
-        (JSC::JITStubs::cti_op_new_error):
-        (JSC::JITStubs::cti_op_debug):
-        (JSC::JITStubs::cti_vm_throw):
-        * jit/JITStubs.h:
-        (JSC::):
-
-2009-05-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak & Darin Adler.
-
-        Improve string concatenation (as coded in JS as a sequence of adds).
-
-        Detect patterns corresponding to string concatenation, and change the bytecode
-        generation to emit a new op_strcat instruction.  By handling the full set of
-        additions within a single function we do not need allocate JSString wrappers
-        for intermediate results, and we can calculate the size of the output string
-        prior to allocating storage, in order to prevent reallocation of the buffer.
-
-        1.5%-2% progression on Sunspider, largely due to a 30% progression on date-format-xparb.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-            Add new opcodes.
-        * bytecode/Opcode.h:
-            Add new opcodes.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitStrcat):
-        (JSC::BytecodeGenerator::emitToPrimitive):
-            Add generation of new opcodes.
-        * bytecompiler/BytecodeGenerator.h:
-            Add generation of new opcodes.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-            Add implmentation of new opcodes.
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-            Add implmentation of new opcodes.
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_to_primitive):
-        (JSC::JITStubs::cti_op_strcat):
-            Add implmentation of new opcodes.
-        * jit/JITStubs.h:
-            Add implmentation of new opcodes.
-        * parser/Nodes.cpp:
-        (JSC::BinaryOpNode::emitStrcat):
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-            Add generation of new opcodes.
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::):
-        (JSC::AddNode::):
-            Add methods to allow identification of add nodes.
-        * parser/ResultType.h:
-        (JSC::ResultType::definitelyIsString):
-        (JSC::ResultType::forAdd):
-            Fix error in detection of adds that will produce string results.
-        * runtime/Operations.h:
-        (JSC::concatenateStrings):
-            Add implmentation of new opcodes.
-        * runtime/UString.cpp:
-        (JSC::UString::appendNumeric):
-            Add methods to append numbers to an existing string.
-        * runtime/UString.h:
-        (JSC::UString::Rep::createEmptyBuffer):
-        (JSC::UString::BaseString::BaseString):
-            Add support for creating an empty string with a non-zero capacity available in the BaseString.
-
-2009-05-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Made RefCounted::m_refCount private.
-
-        * runtime/Structure.h: Removed addressOfCount.
-        * wtf/RefCounted.h: Made m_refCount private.
-        Added addressOfCount.
-
-2009-05-06  Darin Adler  <darin@apple.com>
-
-        Fixed assertion seen a lot!
-
-        * parser/Nodes.cpp:
-        (JSC::FunctionBodyNode::~FunctionBodyNode): Removed now-bogus assertion.
-
-2009-05-06  Darin Adler  <darin@apple.com>
-
-        Working with Sam Weinig.
-
-        Redo parse tree constructor optimization without breaking the Windows
-        build the way I did yesterday. The previous try broke the build by adding
-        an include of Lexer.h and all its dependencies that had to work outside
-        the JavaScriptCore project.
-
-        * GNUmakefile.am: Added NodeConstructors.h.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        Removed byteocde directory -- we no longer are trying to include Lexer.h
-        outside JavaScriptCore.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Change SegmentedVector.h
-        and Lexer.h back to internal files. Added NodeConstructors.h.
-
-        * parser/Grammar.y: Added include of NodeConstructors.h.
-        Changed use of ConstDeclNode to use public functions.
-
-        * parser/NodeConstructors.h: Copied from parser/Nodes.h.
-        Just contains the inlined constructors now.
-
-        * parser/Nodes.cpp: Added include of NodeConstructors.h.
-        Moved node constructors into the header.
-        (JSC::FunctionBodyNode::FunctionBodyNode): Removed m_refCount
-        initialization.
-
-        * parser/Nodes.h: Removed all the constructor definitions, and also
-        removed the JSC_FAST_CALL from them since these are all inlined, so the
-        calling convention is irrelevant. Made more things private. Used a data
-        member for operator opcodes instead of a virtual function. Removed the
-        special FunctionBodyNode::ref/deref functions since the default functions
-        are now just as fast.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::extractFunctionBody): Fixed types here so we don't typecast until
-        after we do type checking.
-
-2009-05-06  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Ariya Hidayat.
-
-        Fix the Qt build on Windows.
-
-        * JavaScriptCore.pri: Define BUILDING_JavaScriptCore/WTF to get the meaning
-        of the JS_EXPORTDATA macros correct
-
-2009-05-06  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Ariya Hidayat.
-
-        Enable the JIT for the Qt build on Windows.
-
-        * JavaScriptCore.pri:
-
-2009-05-06  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Tweak JavaScriptCore.pri for being able to override the generated sources dir for the
-        generated_files target.
-
-        * JavaScriptCore.pri:
-
-2009-05-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Build QtWebKit as a framework on Mac
-
-        This implies both debug and release build by default, unless
-        one of the --debug or --release config options are passed to
-        the build-webkit script.
-
-        Frameworks can be disabled by passing CONFIG+=webkit_no_framework
-        to the build-webkit script.
-
-        To be able to build both debug and release targets in parallel
-        we have to use separate output directories for the generated
-        sources, which is not optimal, but required to avoid race conditions.
-
-        An optimization would be to only require this spit-up on Mac.
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-        * jsc.pro:
-
-2009-05-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Use $$GENERATED_SOURCES_DIR as output when running bison
-
-        A couple of the generators left the bison output file in the source
-        tree, and then moved it into $$GENERATED_SOURCES_DIR, which did not
-        work well when building release and debug configurations in parallel.
-
-        * JavaScriptCore.pri:
-
-2009-05-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Simplified a bit of codegen.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2009-05-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Moved all the JIT stub related code into one place.
-
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITCode.h:
-        * jit/JITStubs.cpp:
-        (JSC::):
-        * jit/JITStubs.h:
-
-2009-05-05  Sam Weinig  <sam@webkit.org>
-
-        Try to fix Windows build.
-
-        Move Node constructor to the .cpp file.
-
-        * parser/Nodes.cpp: 
-        * parser/Nodes.h:
-
-2009-05-05  Darin Adler  <darin@apple.com>
-
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-        Try to fix Mac build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Made SegmentedVector.h private.
-
-2009-05-05  Darin Adler  <darin@apple.com>
-
-        Try to fix Mac build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Made Lexer.h private.
-
-2009-05-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 25569: make ParserRefCounted use conventional reference counting
-        https://bugs.webkit.org/show_bug.cgi?id=25569
-
-        SunSpider speedup of about 1.6%.
-
-        * JavaScriptCore.exp: Updated.
-
-        * parser/Nodes.cpp:
-        (JSC::NodeReleaser::releaseAllNodes): ALWAYS_INLINE.
-        (JSC::NodeReleaser::adopt): Ditto.
-        (JSC::ParserRefCounted::ParserRefCounted): Removed most of the code.
-        Add the object to a Vector<RefPtr> that gets cleared after parsing.
-        (JSC::ParserRefCounted::~ParserRefCounted): Removed most of the code.
-
-        * parser/Nodes.h: Made ParserRefCounted inherit from RefCounted and
-        made inline versions of the constructor and destructor. Made the
-        Node constructor inline.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::parse): Call globalData->parserObjects.shrink(0) after
-        parsing, where it used to call ParserRefCounted::deleteNewObjects.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Eliminated code to manage the
-        newParserObjects and parserObjectExtraRefCounts.
-        (JSC::JSGlobalData::~JSGlobalData): Ditto.
-
-        * runtime/JSGlobalData.h: Replaced the HashSet and HashCountedSet
-        with a Vector.
-
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::~PassRefPtr): The most common thing to do with a
-        PassRefPtr in hot code is to pass it and then destroy it once it's
-        set to zero. Help the optimizer by telling it that's true.
-
-2009-05-05  Xan Lopez  <xlopez@igalia.com> and Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Reviewed by Oliver Hunt.
-
-        Disable the NativeFunctionWrapper for all non-Mac ports for now,
-        as it is also crashing on Linux/x86.
-
-        * runtime/NativeFunctionWrapper.h:
-
-2009-05-05  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Expose toThisObject for the DOM Window
-
-        * JavaScriptCore.exp:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Make windows go again until i work out the
-        accursed calling convention).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * jit/JIT.cpp:
-        * runtime/NativeFunctionWrapper.h:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Fix windows debug builds).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Hopefully the last fix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Fix the build fix caused by a different build fix).
-
-        * parser/Nodes.cpp:
-        * parser/Nodes.h:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (No idea how my changes could have broken these).
-
-        * runtime/DatePrototype.cpp:
-        * runtime/RegExpObject.cpp:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Why should i expect msvc to list all the errors in a file?).
-
-        * parser/Nodes.cpp:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Fix warning, and another missing include).
-
-        * jit/JIT.cpp:
-        * parser/Nodes.h:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (More build fixes).
-
-        * runtime/ErrorPrototype.cpp:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/NumberPrototype.cpp:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/StringConstructor.cpp:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Will the fixes never end?).
-
-        * runtime/FunctionPrototype.h:
-        * runtime/Lookup.cpp:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (More build fixes).
-
-        * jit/JIT.cpp:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (More build fixing).
-
-        * runtime/CallData.h:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        * runtime/ArrayConstructor.cpp:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/DateConstructor.cpp:
-        * runtime/Error.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/RegExpPrototype.cpp:
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Buildfix).
-
-        Add missing file
-
-        * runtime/NativeFunctionWrapper.h: Copied from JavaScriptCore/jit/ExecutableAllocator.cpp.
-
-2009-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug 25559: Improve native function call performance
-        <https://bugs.webkit.org/show_bug.cgi?id=25559>
-
-        In order to cache calls to native functions we now make the standard
-        prototype functions use a small assembly thunk that converts the JS
-        calling convention into the native calling convention.  As this is
-        only beneficial in the JIT we use the NativeFunctionWrapper typedef
-        to alternate between PrototypeFunction and JSFunction to keep the
-        code sane.  This change from PrototypeFunction to NativeFunctionWrapper
-        is the bulk of this patch.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::call):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::addPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::leaq_mr):
-        (JSC::X86Assembler::call_m):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        * jit/JITCall.cpp:
-        (JSC::JIT::linkCall):
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCode.h:
-        (JSC::JITCode::operator bool):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetFromCallFrameHeader):
-        (JSC::JIT::emitGetFromCallFrameHeader32):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::JITStubs):
-        (JSC::JITStubs::cti_op_call_JSFunction):
-        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
-        (JSC::JITStubs::cti_vm_lazyLinkCall):
-        (JSC::JITStubs::cti_op_construct_JSConstruct):
-        * jit/JITStubs.h:
-        (JSC::JITStubs::ctiNativeCallThunk):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * parser/Nodes.cpp:
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::createNativeThunk):
-        (JSC::FunctionBodyNode::generateJITCode):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::):
-        (JSC::FunctionBodyNode::generatedJITCode):
-        (JSC::FunctionBodyNode::jitCode):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/ArgList.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-        (JSC::functionProtoFuncToString):
-        * runtime/FunctionPrototype.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::~JSFunction):
-        (JSC::JSFunction::mark):
-        (JSC::JSFunction::getCallData):
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::deleteProperty):
-        (JSC::JSFunction::getConstructData):
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::setScope):
-        (JSC::JSFunction::scope):
-        (JSC::JSFunction::isHostFunction):
-        (JSC::JSFunction::scopeChain):
-        (JSC::JSFunction::clearScopeChain):
-        (JSC::JSFunction::setScopeChain):
-        (JSC::JSFunction::nativeFunction):
-        (JSC::JSFunction::setNativeFunction):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData):
-        (JSC::JSGlobalData::createNativeThunk):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::nativeFunctionThunk):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-
-2009-05-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        For convenience, let the sampling flags tool clear multiple flags at once.
-
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionSetSamplingFlags):
-        (functionClearSamplingFlags):
-
-2009-05-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Gavin.
-
-        - inline Vector::resize for a ~1.5% speedup on string-tagcloud
-
-        * wtf/Vector.h:
-        (WTF::Vector::resize): Inline
-
-2009-05-03  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-
-2009-05-03  Mark Rowe  <mrowe@apple.com>
-
-        Fix the 64-bit build.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * runtime/JSNumberCell.cpp:
-        (JSC::jsAPIMangledNumber):
-        * runtime/JSNumberCell.h:
-
-2009-05-02  Sam Weinig  <sam@webkit.org>
-
-        Roll JSC API number marshaling back in one last time (I hope).
-
-2009-05-03  Sam Weinig  <sam@webkit.org>
-
-        Roll JSC API number marshaling back out. It still breaks windows.
-
-2009-05-03  Sam Weinig  <sam@webkit.org>
-
-        Roll JSC API number marshaling back in.
-
-2009-05-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 25519: streamline lexer by handling BOMs differently
-        https://bugs.webkit.org/show_bug.cgi?id=25519
-
-        Roughly 1% faster SunSpider.
-
-        * parser/Grammar.y: Tweak formatting a bit.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::Lexer): Remove unnnecessary initialization of data members
-        that are set up by setCode.
-        (JSC::Lexer::currentOffset): Added. Used where the old code would look at
-        m_currentOffset.
-        (JSC::Lexer::shift1): Replaces the old shift function. No longer does anything
-        to handle BOM characters.
-        (JSC::Lexer::shift2): Ditto.
-        (JSC::Lexer::shift3): Ditto.
-        (JSC::Lexer::shift4): Ditto.
-        (JSC::Lexer::setCode): Updated for name change from yylineno to m_line.
-        Removed now-unused m_eatNextIdentifier, m_stackToken, and m_restrKeyword.
-        Replaced m_skipLF and m_skipCR with m_skipLineEnd. Replaced the old
-        m_length with m_codeEnd and m_currentOffset with m_codeStart. Added code
-        to scan for a BOM character and call copyCodeWithoutBOMs() if we find any.
-        (JSC::Lexer::copyCodeWithoutBOMs): Added.
-        (JSC::Lexer::nextLine): Updated for name change from yylineno to m_line.
-        (JSC::Lexer::makeIdentifier): Moved up higher in the file.
-        (JSC::Lexer::matchPunctuator): Moved up higher in the file and changed to
-        use a switch statement instead of just if statements.
-        (JSC::Lexer::isLineTerminator): Moved up higher in the file and changed to
-        have fewer branches.
-        (JSC::Lexer::lastTokenWasRestrKeyword): Added. This replaces the old
-        m_restrKeyword boolean.
-        (JSC::Lexer::isIdentStart): Moved up higher in the file. Changed to use
-        fewer branches in the ASCII but not identifier case.
-        (JSC::Lexer::isIdentPart): Ditto.
-        (JSC::Lexer::singleEscape): Moved up higher in the file.
-        (JSC::Lexer::convertOctal): Moved up higher in the file.
-        (JSC::Lexer::convertHex): Moved up higher in the file. Changed to use
-        toASCIIHexValue instead of rolling our own here.
-        (JSC::Lexer::convertUnicode): Ditto.
-        (JSC::Lexer::record8): Moved up higher in the file.
-        (JSC::Lexer::record16): Moved up higher in the file.
-        (JSC::Lexer::lex): Changed type of stringType to int. Replaced m_skipLF
-        and m_skipCR with m_skipLineEnd, which requires fewer branches in the
-        main lexer loop. Use currentOffset instead of m_currentOffset. Removed
-        unneeded m_stackToken. Use isASCIIDigit instead of isDecimalDigit.
-        Split out the two cases for InIdentifierOrKeyword and InIdentifier.
-        Added special case tight loops for identifiers and other simple states.
-        Removed a branch from the code that sets m_atLineStart to false using goto.
-        Streamlined the number-handling code so we don't check for the same types
-        twice for non-numeric cases and don't add a null to m_buffer8 when it's
-        not being used. Removed m_eatNextIdentifier, which wasn't working anyway,
-        and m_restrKeyword, which is redundant with m_lastToken. Set the
-        m_delimited flag without using a branch.
-        (JSC::Lexer::scanRegExp): Tweaked style a bit.
-        (JSC::Lexer::clear): Clear m_codeWithoutBOMs so we don't use memory after
-        parsing. Clear out UString objects in the more conventional way.
-        (JSC::Lexer::sourceCode): Made this no-longer inline since it has more
-        work to do in the case where we stripped BOMs.
-
-        * parser/Lexer.h: Renamed yylineno to m_lineNumber. Removed convertHex
-        function, which is the same as toASCIIHexValue. Removed isHexDigit
-        function, which is the same as isASCIIHedDigit. Replaced shift with four
-        separate shift functions. Removed isWhiteSpace function that passes
-        m_current, instead just passing m_current explicitly. Removed isOctalDigit,
-        which is the same as isASCIIOctalDigit. Eliminated unused arguments from
-        matchPunctuator. Added copyCoodeWithoutBOMs and currentOffset. Moved the
-        makeIdentifier function out of the header. Added lastTokenWasRestrKeyword
-        function. Added new constants for m_skipLineEnd. Removed unused yycolumn,
-        m_restrKeyword, m_skipLF, m_skipCR, m_eatNextIdentifier, m_stackToken,
-        m_position, m_length, m_currentOffset, m_nextOffset1, m_nextOffset2,
-        m_nextOffset3. Added m_skipLineEnd, m_codeStart, m_codeEnd, and
-        m_codeWithoutBOMs.
-
-        * parser/SourceProvider.h: Added hasBOMs function. In the future this can
-        be used to tell the lexer about strings known not to have BOMs.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncUnescape): Changed to use isASCIIHexDigit.
-
-        * wtf/ASCIICType.h: Added using statements to match the design of the
-        other WTF headers.
-
-2009-05-02  Ada Chan  <adachan@apple.com>
-
-        Fix windows build (when doing a clean build)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Simplified null-ish JSValues.
-        
-        Replaced calls to noValue() with calls to JSValue() (which is what
-        noValue() returned). Removed noValue().
-        
-        Replaced almost all uses of jsImpossibleValue() with uses of JSValue().
-        Its one remaining use is for construction of hash table deleted values.
-        For that specific task, I made a new, private constructor with a special
-        tag. Removed jsImpossibleValue().
-        
-        Removed "JSValue()" initialiazers, since default construction happens...
-        by default.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::call):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-        * bytecompiler/BytecodeGenerator.h:
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * debugger/DebuggerCallFrame.h:
-        (JSC::DebuggerCallFrame::DebuggerCallFrame):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::clearException):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Register.h:
-        (JSC::Register::Register):
-        * jit/JITCall.cpp:
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_call_eval):
-        (JSC::JITStubs::cti_vm_throw):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::willExecute):
-        (JSC::Profiler::didExecute):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::getProperty):
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/Completion.h:
-        (JSC::Completion::Completion):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::getPrimitiveNumber):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getJSNumber):
-        * runtime/JSCell.h:
-        (JSC::JSValue::getJSNumber):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSImmediate.h:
-        (JSC::JSImmediate::fromNumberOutsideIntegerRange):
-        (JSC::JSImmediate::from):
-        * runtime/JSNumberCell.cpp:
-        (JSC::jsNumberCell):
-        * runtime/JSObject.cpp:
-        (JSC::callDefaultValueFunction):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::toPrimitive):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::next):
-        * runtime/JSValue.h:
-        (JSC::JSValue::):
-        (JSC::JSValueHashTraits::constructDeletedValue):
-        (JSC::JSValueHashTraits::isDeletedValue):
-        (JSC::JSValue::JSValue):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/Operations.h:
-        (JSC::resolveBase):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::clearBase):
-        (JSC::PropertySlot::clearValue):
-
-2009-05-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - speed up the lexer in various ways
-
-        ~2% command-line SunSpider speedup
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode): Moved below shift() so it can inline.
-        (JSC::Lexer::scanRegExp):  Use resize(0) instead of clear() on Vectors, since the intent
-        here is not to free the underlying buffer.
-        (JSC::Lexer::lex): ditto; also, change the loop logic a bit for the main lexing loop
-        to avoid branching on !m_done twice per iteration. Now we only check it once.
-        (JSC::Lexer::shift): Make this ALWAYS_INLINE and tag an unusual branch as UNLIKELY
-        * parser/Lexer.h:
-        (JSC::Lexer::makeIdentifier): force to be ALWAYS_INLINE
-        * wtf/Vector.h:
-        (WTF::::append): force to be ALWAYS_INLINE (may have helped in ways other than parsing but it wasn't
-        getting inlined in a hot code path in the lexer)
-
-2009-05-01  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-
-2009-05-01  Sam Weinig  <sam@webkit.org>
-
-        Fix 64bit build.
-
-        * runtime/JSNumberCell.h:
-        (JSC::JSValue::JSValue):
-        * runtime/JSValue.h:
-        (JSC::jsNumber):
-
-2009-05-01  Sam Weinig  <sam@webkit.org>
-
-        Roll out JavaScriptCore API number marshaling.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::construct):
-        (JSC::::hasInstance):
-        (JSC::::call):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        (JSC::::staticValueGetter):
-        (JSC::::callbackGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        (JSObjectMakeArray):
-        (JSObjectMakeDate):
-        (JSObjectMakeError):
-        (JSObjectMakeRegExp):
-        (JSObjectGetPrototype):
-        (JSObjectSetPrototype):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeUndefined):
-        (JSValueMakeNull):
-        (JSValueMakeBoolean):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * runtime/JSNumberCell.cpp:
-        * runtime/JSNumberCell.h:
-        * runtime/JSValue.h:
-
-2009-05-01  Sam Weinig  <sam@webkit.org>
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-01  Sam Weinig  <sam@webkit.org>
-
-        Fix the build.
-
-        * JavaScriptCore.exp:
-
-2009-05-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey "Too Far!" Garen.
-
-        Move JS number construction into JSValue.
-
-        * runtime/JSImmediate.h:
-        * runtime/JSNumberCell.h:
-        (JSC::JSValue::JSValue):
-        * runtime/JSValue.h:
-        (JSC::jsNumber):
-
-2009-05-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoff "The Minneapolis" Garen.
-
-        Add mechanism to vend heap allocated JS numbers to JavaScriptCore API clients with a
-        representation that is independent of the number representation in the VM.
-        - Numbers leaving the interpreter are converted to a tagged JSNumberCell.
-        - The numbers coming into the interpreter (asserted to be the tagged JSNumberCell) are
-          converted back to the VM's internal number representation.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::construct):
-        (JSC::::hasInstance):
-        (JSC::::call):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        (JSC::::staticValueGetter):
-        (JSC::::callbackGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        (JSObjectMakeArray):
-        (JSObjectMakeDate):
-        (JSObjectMakeError):
-        (JSObjectMakeRegExp):
-        (JSObjectGetPrototype):
-        (JSObjectSetPrototype):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeUndefined):
-        (JSValueMakeNull):
-        (JSValueMakeBoolean):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * runtime/JSNumberCell.cpp:
-        (JSC::jsAPIMangledNumber):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::isAPIMangledNumber):
-        (JSC::JSNumberCell::):
-        (JSC::JSNumberCell::JSNumberCell):
-        (JSC::JSValue::isAPIMangledNumber):
-        * runtime/JSValue.h:
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 6.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 5.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 4.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 3.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 2.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber Stamped by Sam Weinig.
-        
-        Renamed JSValuePtr => JSValue.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::asCallbackObject):
-        (JSC::::put):
-        (JSC::::hasInstance):
-        (JSC::::call):
-        (JSC::::staticValueGetter):
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        (JSObjectSetPrototype):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        (JSC::constantName):
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getConstant):
-        (JSC::CodeBlock::addUnexpectedConstant):
-        (JSC::CodeBlock::unexpectedConstant):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addUnexpectedConstant):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::emitGetScopedVar):
-        (JSC::BytecodeGenerator::emitPutScopedVar):
-        (JSC::BytecodeGenerator::emitNewError):
-        (JSC::keyForImmediateSwitch):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
-        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/Debugger.h:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::put):
-        (JSC::DebuggerActivation::putWithAttributes):
-        (JSC::DebuggerActivation::lookupGetter):
-        (JSC::DebuggerActivation::lookupSetter):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * debugger/DebuggerCallFrame.h:
-        (JSC::DebuggerCallFrame::DebuggerCallFrame):
-        (JSC::DebuggerCallFrame::exception):
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        (JSC::CachedCall::call):
-        (JSC::CachedCall::setThis):
-        (JSC::CachedCall::setArgument):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::thisValue):
-        (JSC::CallFrame::dumpCaller):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::setException):
-        (JSC::ExecState::exception):
-        (JSC::ExecState::exceptionSlot):
-        * interpreter/CallFrameClosure.h:
-        (JSC::CallFrameClosure::setArgument):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::resolveBaseAndFunc):
-        (JSC::isNotObject):
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        (JSC::Interpreter::retrieveCaller):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        * interpreter/Register.h:
-        (JSC::Register::):
-        (JSC::Register::Register):
-        (JSC::Register::jsValue):
-        * jit/JIT.cpp:
-        (JSC::):
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_mod):
-        * jit/JITCall.cpp:
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCode.h:
-        (JSC::):
-        (JSC::JITCode::execute):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::getConstantOperand):
-        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
-        (JSC::JIT::emitInitRegister):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::tryCachePutByID):
-        (JSC::JITStubs::tryCacheGetByID):
-        (JSC::JITStubs::cti_op_convert_this):
-        (JSC::JITStubs::cti_op_add):
-        (JSC::JITStubs::cti_op_pre_inc):
-        (JSC::JITStubs::cti_op_loop_if_less):
-        (JSC::JITStubs::cti_op_loop_if_lesseq):
-        (JSC::JITStubs::cti_op_get_by_id_generic):
-        (JSC::JITStubs::cti_op_get_by_id):
-        (JSC::JITStubs::cti_op_get_by_id_second):
-        (JSC::JITStubs::cti_op_get_by_id_self_fail):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
-        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
-        (JSC::JITStubs::cti_op_get_by_id_array_fail):
-        (JSC::JITStubs::cti_op_get_by_id_string_fail):
-        (JSC::JITStubs::cti_op_instanceof):
-        (JSC::JITStubs::cti_op_del_by_id):
-        (JSC::JITStubs::cti_op_mul):
-        (JSC::JITStubs::cti_op_call_NotJSFunction):
-        (JSC::JITStubs::cti_op_resolve):
-        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_string):
-        (JSC::JITStubs::cti_op_get_by_val_byte_array):
-        (JSC::JITStubs::cti_op_resolve_func):
-        (JSC::JITStubs::cti_op_sub):
-        (JSC::JITStubs::cti_op_put_by_val):
-        (JSC::JITStubs::cti_op_put_by_val_array):
-        (JSC::JITStubs::cti_op_put_by_val_byte_array):
-        (JSC::JITStubs::cti_op_lesseq):
-        (JSC::JITStubs::cti_op_loop_if_true):
-        (JSC::JITStubs::cti_op_load_varargs):
-        (JSC::JITStubs::cti_op_negate):
-        (JSC::JITStubs::cti_op_resolve_base):
-        (JSC::JITStubs::cti_op_resolve_skip):
-        (JSC::JITStubs::cti_op_resolve_global):
-        (JSC::JITStubs::cti_op_div):
-        (JSC::JITStubs::cti_op_pre_dec):
-        (JSC::JITStubs::cti_op_jless):
-        (JSC::JITStubs::cti_op_not):
-        (JSC::JITStubs::cti_op_jtrue):
-        (JSC::JITStubs::cti_op_post_inc):
-        (JSC::JITStubs::cti_op_eq):
-        (JSC::JITStubs::cti_op_lshift):
-        (JSC::JITStubs::cti_op_bitand):
-        (JSC::JITStubs::cti_op_rshift):
-        (JSC::JITStubs::cti_op_bitnot):
-        (JSC::JITStubs::cti_op_resolve_with_base):
-        (JSC::JITStubs::cti_op_mod):
-        (JSC::JITStubs::cti_op_less):
-        (JSC::JITStubs::cti_op_neq):
-        (JSC::JITStubs::cti_op_post_dec):
-        (JSC::JITStubs::cti_op_urshift):
-        (JSC::JITStubs::cti_op_bitxor):
-        (JSC::JITStubs::cti_op_bitor):
-        (JSC::JITStubs::cti_op_call_eval):
-        (JSC::JITStubs::cti_op_throw):
-        (JSC::JITStubs::cti_op_next_pname):
-        (JSC::JITStubs::cti_op_typeof):
-        (JSC::JITStubs::cti_op_is_undefined):
-        (JSC::JITStubs::cti_op_is_boolean):
-        (JSC::JITStubs::cti_op_is_number):
-        (JSC::JITStubs::cti_op_is_string):
-        (JSC::JITStubs::cti_op_is_object):
-        (JSC::JITStubs::cti_op_is_function):
-        (JSC::JITStubs::cti_op_stricteq):
-        (JSC::JITStubs::cti_op_nstricteq):
-        (JSC::JITStubs::cti_op_to_jsnumber):
-        (JSC::JITStubs::cti_op_in):
-        (JSC::JITStubs::cti_op_switch_imm):
-        (JSC::JITStubs::cti_op_switch_char):
-        (JSC::JITStubs::cti_op_switch_string):
-        (JSC::JITStubs::cti_op_del_by_val):
-        (JSC::JITStubs::cti_op_new_error):
-        (JSC::JITStubs::cti_vm_throw):
-        * jit/JITStubs.h:
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionGC):
-        (functionVersion):
-        (functionRun):
-        (functionLoad):
-        (functionSetSamplingFlag):
-        (functionClearSamplingFlag):
-        (functionReadline):
-        (functionQuit):
-        * parser/Nodes.cpp:
-        (JSC::processClauseList):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::willExecute):
-        (JSC::Profiler::didExecute):
-        (JSC::Profiler::createCallIdentifier):
-        * profiler/Profiler.h:
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::slowAppend):
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::at):
-        (JSC::MarkedArgumentBuffer::append):
-        (JSC::ArgList::ArgList):
-        (JSC::ArgList::at):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        (JSC::asArguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::callArrayConstructor):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::getProperty):
-        (JSC::putProperty):
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::callBooleanConstructor):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.h:
-        (JSC::asBooleanObject):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/CallData.cpp:
-        (JSC::call):
-        * runtime/CallData.h:
-        * runtime/Collector.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::heap):
-        * runtime/Collector.h:
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/Completion.h:
-        (JSC::Completion::Completion):
-        (JSC::Completion::value):
-        (JSC::Completion::setValue):
-        * runtime/ConstructData.cpp:
-        (JSC::construct):
-        * runtime/ConstructData.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::callDate):
-        (JSC::dateParse):
-        (JSC::dateNow):
-        (JSC::dateUTC):
-        * runtime/DateInstance.h:
-        (JSC::asDateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetMilliSeconds):
-        (JSC::dateProtoFuncSetUTCMilliseconds):
-        (JSC::dateProtoFuncSetSeconds):
-        (JSC::dateProtoFuncSetUTCSeconds):
-        (JSC::dateProtoFuncSetMinutes):
-        (JSC::dateProtoFuncSetUTCMinutes):
-        (JSC::dateProtoFuncSetHours):
-        (JSC::dateProtoFuncSetUTCHours):
-        (JSC::dateProtoFuncSetDate):
-        (JSC::dateProtoFuncSetUTCDate):
-        (JSC::dateProtoFuncSetMonth):
-        (JSC::dateProtoFuncSetUTCMonth):
-        (JSC::dateProtoFuncSetFullYear):
-        (JSC::dateProtoFuncSetUTCFullYear):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::callErrorConstructor):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createInterruptedExecutionException):
-        (JSC::createError):
-        (JSC::createStackOverflowError):
-        (JSC::createUndefinedVariableError):
-        (JSC::createErrorMessage):
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAFunctionError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::callFunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::callFunctionPrototype):
-        (JSC::functionProtoFuncToString):
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::toPrimitive):
-        (JSC::GetterSetter::getPrimitiveNumber):
-        * runtime/GetterSetter.h:
-        (JSC::asGetterSetter):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::displayName):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        (JSC::asInternalFunction):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot):
-        (JSC::JSActivation::put):
-        (JSC::JSActivation::putWithAttributes):
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        (JSC::asActivation):
-        * runtime/JSArray.cpp:
-        (JSC::storageSize):
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::mark):
-        (JSC::compareNumbersForQSort):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::checkConsistency):
-        (JSC::constructArray):
-        * runtime/JSArray.h:
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::createStructure):
-        (JSC::asArray):
-        (JSC::isJSArray):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        (JSC::JSByteArray::put):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::getIndex):
-        (JSC::JSByteArray::setIndex):
-        (JSC::asByteArray):
-        (JSC::isJSByteArray):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::put):
-        (JSC::JSCell::getJSNumber):
-        * runtime/JSCell.h:
-        (JSC::asCell):
-        (JSC::JSValue::asCell):
-        (JSC::JSValue::isString):
-        (JSC::JSValue::isGetterSetter):
-        (JSC::JSValue::isObject):
-        (JSC::JSValue::getString):
-        (JSC::JSValue::getObject):
-        (JSC::JSValue::getCallData):
-        (JSC::JSValue::getConstructData):
-        (JSC::JSValue::getUInt32):
-        (JSC::JSValue::getTruncatedInt32):
-        (JSC::JSValue::getTruncatedUInt32):
-        (JSC::JSValue::mark):
-        (JSC::JSValue::marked):
-        (JSC::JSValue::toPrimitive):
-        (JSC::JSValue::getPrimitiveNumber):
-        (JSC::JSValue::toBoolean):
-        (JSC::JSValue::toNumber):
-        (JSC::JSValue::toString):
-        (JSC::JSValue::toObject):
-        (JSC::JSValue::toThisObject):
-        (JSC::JSValue::needsThisConversion):
-        (JSC::JSValue::toThisString):
-        (JSC::JSValue::getJSNumber):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        (JSC::asFunction):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::put):
-        (JSC::JSGlobalObject::putWithAttributes):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructure):
-        (JSC::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
-        (JSC::asGlobalObject):
-        (JSC::Structure::prototypeForLookup):
-        (JSC::Structure::prototypeChain):
-        (JSC::Structure::isValid):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncIsNaN):
-        (JSC::globalFuncIsFinite):
-        (JSC::globalFuncDecodeURI):
-        (JSC::globalFuncDecodeURIComponent):
-        (JSC::globalFuncEncodeURI):
-        (JSC::globalFuncEncodeURIComponent):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/JSImmediate.cpp:
-        (JSC::JSImmediate::toThisObject):
-        (JSC::JSImmediate::toObject):
-        (JSC::JSImmediate::prototype):
-        (JSC::JSImmediate::toString):
-        * runtime/JSImmediate.h:
-        (JSC::JSImmediate::isImmediate):
-        (JSC::JSImmediate::isNumber):
-        (JSC::JSImmediate::isIntegerNumber):
-        (JSC::JSImmediate::isDoubleNumber):
-        (JSC::JSImmediate::isPositiveIntegerNumber):
-        (JSC::JSImmediate::isBoolean):
-        (JSC::JSImmediate::isUndefinedOrNull):
-        (JSC::JSImmediate::isEitherImmediate):
-        (JSC::JSImmediate::areBothImmediate):
-        (JSC::JSImmediate::areBothImmediateIntegerNumbers):
-        (JSC::JSImmediate::makeValue):
-        (JSC::JSImmediate::makeInt):
-        (JSC::JSImmediate::makeDouble):
-        (JSC::JSImmediate::makeBool):
-        (JSC::JSImmediate::makeUndefined):
-        (JSC::JSImmediate::makeNull):
-        (JSC::JSImmediate::doubleValue):
-        (JSC::JSImmediate::intValue):
-        (JSC::JSImmediate::uintValue):
-        (JSC::JSImmediate::boolValue):
-        (JSC::JSImmediate::rawValue):
-        (JSC::JSImmediate::trueImmediate):
-        (JSC::JSImmediate::falseImmediate):
-        (JSC::JSImmediate::undefinedImmediate):
-        (JSC::JSImmediate::nullImmediate):
-        (JSC::JSImmediate::zeroImmediate):
-        (JSC::JSImmediate::oneImmediate):
-        (JSC::JSImmediate::impossibleValue):
-        (JSC::JSImmediate::toBoolean):
-        (JSC::JSImmediate::getTruncatedUInt32):
-        (JSC::JSImmediate::fromNumberOutsideIntegerRange):
-        (JSC::JSImmediate::from):
-        (JSC::JSImmediate::getTruncatedInt32):
-        (JSC::JSImmediate::toDouble):
-        (JSC::JSImmediate::getUInt32):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::isUndefinedOrNull):
-        (JSC::JSValue::isBoolean):
-        (JSC::JSValue::getBoolean):
-        (JSC::JSValue::toInt32):
-        (JSC::JSValue::toUInt32):
-        (JSC::JSValue::isCell):
-        (JSC::JSValue::isInt32Fast):
-        (JSC::JSValue::getInt32Fast):
-        (JSC::JSValue::isUInt32Fast):
-        (JSC::JSValue::getUInt32Fast):
-        (JSC::JSValue::makeInt32Fast):
-        (JSC::JSValue::areBothInt32Fast):
-        (JSC::JSFastMath::canDoFastBitwiseOperations):
-        (JSC::JSFastMath::equal):
-        (JSC::JSFastMath::notEqual):
-        (JSC::JSFastMath::andImmediateNumbers):
-        (JSC::JSFastMath::xorImmediateNumbers):
-        (JSC::JSFastMath::orImmediateNumbers):
-        (JSC::JSFastMath::canDoFastRshift):
-        (JSC::JSFastMath::canDoFastUrshift):
-        (JSC::JSFastMath::rightShiftImmediateNumbers):
-        (JSC::JSFastMath::canDoFastAdditiveOperations):
-        (JSC::JSFastMath::addImmediateNumbers):
-        (JSC::JSFastMath::subImmediateNumbers):
-        (JSC::JSFastMath::incImmediateNumber):
-        (JSC::JSFastMath::decImmediateNumber):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toPrimitive):
-        (JSC::JSNotAnObject::getPrimitiveNumber):
-        (JSC::JSNotAnObject::put):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSNumberCell.cpp:
-        (JSC::JSNumberCell::toPrimitive):
-        (JSC::JSNumberCell::getPrimitiveNumber):
-        (JSC::JSNumberCell::getJSNumber):
-        (JSC::jsNumberCell):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructure):
-        (JSC::isNumberCell):
-        (JSC::asNumberCell):
-        (JSC::jsNumber):
-        (JSC::JSValue::isDoubleNumber):
-        (JSC::JSValue::getDoubleNumber):
-        (JSC::JSValue::isNumber):
-        (JSC::JSValue::uncheckedGetNumber):
-        (JSC::jsNaN):
-        (JSC::JSValue::toJSNumber):
-        (JSC::JSValue::getNumber):
-        (JSC::JSValue::numberToInt32):
-        (JSC::JSValue::numberToUInt32):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::mark):
-        (JSC::JSObject::put):
-        (JSC::JSObject::putWithAttributes):
-        (JSC::callDefaultValueFunction):
-        (JSC::JSObject::getPrimitiveNumber):
-        (JSC::JSObject::defaultValue):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::lookupGetter):
-        (JSC::JSObject::lookupSetter):
-        (JSC::JSObject::hasInstance):
-        (JSC::JSObject::toNumber):
-        (JSC::JSObject::toString):
-        (JSC::JSObject::fillGetterPropertySlot):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::offsetForLocation):
-        (JSC::JSObject::locationForOffset):
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::createStructure):
-        (JSC::asObject):
-        (JSC::JSObject::prototype):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSValue::isObject):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::getOwnPropertySlotForWrite):
-        (JSC::JSObject::getPropertySlot):
-        (JSC::JSObject::get):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::toPrimitive):
-        (JSC::JSValue::get):
-        (JSC::JSValue::put):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::toPrimitive):
-        (JSC::JSPropertyNameIterator::getPrimitiveNumber):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::create):
-        (JSC::JSPropertyNameIterator::next):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-        (JSC::JSStaticScopeObject::putWithAttributes):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.cpp:
-        (JSC::JSString::toPrimitive):
-        (JSC::JSString::getPrimitiveNumber):
-        (JSC::JSString::getOwnPropertySlot):
-        * runtime/JSString.h:
-        (JSC::JSString::createStructure):
-        (JSC::asString):
-        (JSC::isJSString):
-        (JSC::JSValue::toThisJSString):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toInteger):
-        (JSC::JSValue::toIntegerPreserveNaN):
-        * runtime/JSValue.h:
-        (JSC::JSValue::makeImmediate):
-        (JSC::JSValue::asValue):
-        (JSC::noValue):
-        (JSC::jsImpossibleValue):
-        (JSC::jsNull):
-        (JSC::jsUndefined):
-        (JSC::jsBoolean):
-        (JSC::operator==):
-        (JSC::operator!=):
-        (JSC::JSValue::encode):
-        (JSC::JSValue::decode):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::operator bool):
-        (JSC::JSValue::operator==):
-        (JSC::JSValue::operator!=):
-        (JSC::JSValue::isUndefined):
-        (JSC::JSValue::isNull):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::symbolTablePut):
-        (JSC::JSVariableObject::symbolTablePutWithAttributes):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRandom):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::callNativeErrorConstructor):
-        * runtime/NumberConstructor.cpp:
-        (JSC::numberConstructorNaNValue):
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-        (JSC::callNumberConstructor):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::getJSNumber):
-        (JSC::constructNumber):
-        * runtime/NumberObject.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructObject):
-        (JSC::callObjectConstructor):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncValueOf):
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        (JSC::objectProtoFuncToLocaleString):
-        (JSC::objectProtoFuncToString):
-        * runtime/ObjectPrototype.h:
-        * runtime/Operations.cpp:
-        (JSC::JSValue::equalSlowCase):
-        (JSC::JSValue::strictEqualSlowCase):
-        (JSC::throwOutOfMemoryError):
-        (JSC::jsAddSlowCase):
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        * runtime/Operations.h:
-        (JSC::JSValue::equal):
-        (JSC::JSValue::equalSlowCaseInline):
-        (JSC::JSValue::strictEqual):
-        (JSC::JSValue::strictEqualSlowCaseInline):
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAdd):
-        (JSC::countPrototypeChainEntriesAndCheckForProxies):
-        (JSC::resolveBase):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::PropertySlot):
-        (JSC::PropertySlot::getValue):
-        (JSC::PropertySlot::putValue):
-        (JSC::PropertySlot::setValueSlot):
-        (JSC::PropertySlot::setValue):
-        (JSC::PropertySlot::setCustom):
-        (JSC::PropertySlot::setCustomIndex):
-        (JSC::PropertySlot::slotBase):
-        (JSC::PropertySlot::setBase):
-        (JSC::PropertySlot::):
-        * runtime/Protect.h:
-        (JSC::gcProtect):
-        (JSC::gcUnprotect):
-        (JSC::ProtectedPtr::operator JSValue):
-        (JSC::ProtectedJSValue::ProtectedJSValue):
-        (JSC::ProtectedJSValue::get):
-        (JSC::ProtectedJSValue::operator JSValue):
-        (JSC::ProtectedJSValue::operator->):
-        (JSC::ProtectedJSValue::~ProtectedJSValue):
-        (JSC::ProtectedJSValue::operator=):
-        (JSC::operator==):
-        (JSC::operator!=):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getBackref):
-        (JSC::RegExpConstructor::getLastParen):
-        (JSC::RegExpConstructor::getLeftContext):
-        (JSC::RegExpConstructor::getRightContext):
-        (JSC::regExpConstructorDollar1):
-        (JSC::regExpConstructorDollar2):
-        (JSC::regExpConstructorDollar3):
-        (JSC::regExpConstructorDollar4):
-        (JSC::regExpConstructorDollar5):
-        (JSC::regExpConstructorDollar6):
-        (JSC::regExpConstructorDollar7):
-        (JSC::regExpConstructorDollar8):
-        (JSC::regExpConstructorDollar9):
-        (JSC::regExpConstructorInput):
-        (JSC::regExpConstructorMultiline):
-        (JSC::regExpConstructorLastMatch):
-        (JSC::regExpConstructorLastParen):
-        (JSC::regExpConstructorLeftContext):
-        (JSC::regExpConstructorRightContext):
-        (JSC::RegExpConstructor::put):
-        (JSC::setRegExpConstructorInput):
-        (JSC::setRegExpConstructorMultiline):
-        (JSC::constructRegExp):
-        (JSC::callRegExpConstructor):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        (JSC::asRegExpConstructor):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::put):
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectGlobal):
-        (JSC::regExpObjectIgnoreCase):
-        (JSC::regExpObjectMultiline):
-        (JSC::regExpObjectSource):
-        (JSC::regExpObjectLastIndex):
-        (JSC::RegExpObject::put):
-        (JSC::setRegExpObjectLastIndex):
-        (JSC::RegExpObject::test):
-        (JSC::RegExpObject::exec):
-        (JSC::callRegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        (JSC::asRegExpObject):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        (JSC::stringFromCharCode):
-        (JSC::callStringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::put):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        (JSC::asStringObject):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToString):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::changePrototypeTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::setPrototypeWithoutTransition):
-        (JSC::Structure::storedPrototype):
-
-2009-05-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam "That doesn't look like what I thought it looks like" Weinig.
-        
-        Beefed up the JSValuePtr class and removed some non-JSValuePtr dependencies
-        on JSImmediate, in prepapration for making JSImmediate an implementation
-        detail of JSValuePtr.
-        
-        SunSpider reports no change.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_mod):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt): Updated for interface changes.
-
-        * runtime/JSImmediate.h:
-        (JSC::JSValuePtr::JSValuePtr):
-        * runtime/JSValue.h:
-        (JSC::JSValuePtr::):
-        (JSC::jsImpossibleValue):
-        (JSC::jsNull):
-        (JSC::jsUndefined):
-        (JSC::jsBoolean):
-        (JSC::JSValuePtr::encode):
-        (JSC::JSValuePtr::decode):
-        (JSC::JSValuePtr::JSValuePtr):
-        (JSC::JSValuePtr::operator bool):
-        (JSC::JSValuePtr::operator==):
-        (JSC::JSValuePtr::operator!=):
-        (JSC::JSValuePtr::isUndefined):
-        (JSC::JSValuePtr::isNull): Changed jsImpossibleValue(), jsNull(),
-        jsUndefined(), and jsBoolean() to operate in terms of JSValuePtr instead
-        of JSImmediate.
-
-        * wtf/StdLibExtras.h:
-        (WTF::bitwise_cast): Fixed up for clarity.
-
-2009-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug fix for rdar:/6845379.  If a case-insensitive regex contains
-        a character class containing a range with an upper bound of \uFFFF
-        the parser will infinite-loop whist adding other-case characters
-        for characters in the range that do have another case.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::CharacterClassConstructor::putRange):
-
-2009-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        OPCODE_SAMPLING without CODEBLOCK_SAMPLING is currently broken,
-        since SamplingTool::Sample::isNull() checks the m_codeBlock
-        member (which is always null without CODEBLOCK_SAMPLING).
-
-        Restructure the checks so make this work again.
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::doRun):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingTool::Sample::isNull):
-
-2009-04-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        - Concatenate final three strings in simple replace case at one go
-
-        ~0.2% SunSpider speedup
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace): Use new replaceRange helper instead of
-        taking substrings and concatenating three strings.
-        * runtime/UString.cpp:
-        (JSC::UString::replaceRange): New helper function.
-        * runtime/UString.h:
-
-2009-04-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber Stamped by Gavin Barraclough.
-        
-        Changed JSValueEncodedAsPtr* => EncodedJSValuePtr to support a non-pointer
-        encoding for JSValuePtrs.
-
-        * API/APICast.h:
-        (toJS):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
-        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
-        * interpreter/Register.h:
-        (JSC::Register::):
-        * jit/JIT.cpp:
-        (JSC::):
-        * jit/JIT.h:
-        * jit/JITCode.h:
-        (JSC::):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_add):
-        (JSC::JITStubs::cti_op_pre_inc):
-        (JSC::JITStubs::cti_op_get_by_id_generic):
-        (JSC::JITStubs::cti_op_get_by_id):
-        (JSC::JITStubs::cti_op_get_by_id_second):
-        (JSC::JITStubs::cti_op_get_by_id_self_fail):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
-        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
-        (JSC::JITStubs::cti_op_get_by_id_array_fail):
-        (JSC::JITStubs::cti_op_get_by_id_string_fail):
-        (JSC::JITStubs::cti_op_instanceof):
-        (JSC::JITStubs::cti_op_del_by_id):
-        (JSC::JITStubs::cti_op_mul):
-        (JSC::JITStubs::cti_op_call_NotJSFunction):
-        (JSC::JITStubs::cti_op_resolve):
-        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_string):
-        (JSC::JITStubs::cti_op_get_by_val_byte_array):
-        (JSC::JITStubs::cti_op_sub):
-        (JSC::JITStubs::cti_op_lesseq):
-        (JSC::JITStubs::cti_op_negate):
-        (JSC::JITStubs::cti_op_resolve_base):
-        (JSC::JITStubs::cti_op_resolve_skip):
-        (JSC::JITStubs::cti_op_resolve_global):
-        (JSC::JITStubs::cti_op_div):
-        (JSC::JITStubs::cti_op_pre_dec):
-        (JSC::JITStubs::cti_op_not):
-        (JSC::JITStubs::cti_op_eq):
-        (JSC::JITStubs::cti_op_lshift):
-        (JSC::JITStubs::cti_op_bitand):
-        (JSC::JITStubs::cti_op_rshift):
-        (JSC::JITStubs::cti_op_bitnot):
-        (JSC::JITStubs::cti_op_mod):
-        (JSC::JITStubs::cti_op_less):
-        (JSC::JITStubs::cti_op_neq):
-        (JSC::JITStubs::cti_op_urshift):
-        (JSC::JITStubs::cti_op_bitxor):
-        (JSC::JITStubs::cti_op_bitor):
-        (JSC::JITStubs::cti_op_call_eval):
-        (JSC::JITStubs::cti_op_throw):
-        (JSC::JITStubs::cti_op_next_pname):
-        (JSC::JITStubs::cti_op_typeof):
-        (JSC::JITStubs::cti_op_is_undefined):
-        (JSC::JITStubs::cti_op_is_boolean):
-        (JSC::JITStubs::cti_op_is_number):
-        (JSC::JITStubs::cti_op_is_string):
-        (JSC::JITStubs::cti_op_is_object):
-        (JSC::JITStubs::cti_op_is_function):
-        (JSC::JITStubs::cti_op_stricteq):
-        (JSC::JITStubs::cti_op_nstricteq):
-        (JSC::JITStubs::cti_op_to_jsnumber):
-        (JSC::JITStubs::cti_op_in):
-        (JSC::JITStubs::cti_op_del_by_val):
-        (JSC::JITStubs::cti_vm_throw):
-        * jit/JITStubs.h:
-        * runtime/JSValue.h:
-        (JSC::JSValuePtr::encode):
-        (JSC::JSValuePtr::decode):
-
-2009-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver "Abandon Ship!" Hunt.
-
-        Fix a leak in Yarr.
-
-        All Disjunctions should be recorded in RegexPattern::m_disjunctions,
-        so that they can be freed at the end of compilation - copyDisjunction
-        is failing to do so.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::copyDisjunction):
-
-2009-04-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add function to CallFrame for dumping the current JS caller
-
-        Added debug only method CallFrame::dumpCaller() that provide the call location
-        of the deepest currently executing JS function.
-
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::dumpCaller):
-        * interpreter/CallFrame.h:
-
-2009-04-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - make BaseStrings have themselves as a base, instead of nothing, to remove common branches
-
-        ~0.7% SunSpider speedup
-
-        * runtime/UString.h:
-        (JSC::UString::Rep::Rep): For the constructor without a base, set self as base instead of null.
-        (JSC::UString::Rep::baseString): Just read m_baseString - no more branching.
-
-2009-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Two quick improvements to SamplingFlags mechanism.
-
-        SamplingFlags::ScopedFlag class to provide support for automagically
-        clearing a flag as it goes out of scope, and add a little more detail
-        to the output generated by the tool.
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingFlags::stop):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingFlags::ScopedFlag::ScopedFlag):
-        (JSC::SamplingFlags::ScopedFlag::~ScopedFlag):
-
-2009-04-30  Adam Roben  <aroben@apple.com>
-
-        Restore build event steps that were truncated in r43082
-
-        Rubber-stamped by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-        Re-copied the command lines for the build events from the pre-r43082
-        .vcproj files.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed an unnecessary
-        attribute.
-
-2009-04-30  Adam Roben  <aroben@apple.com>
-
-        Move settings from .vcproj files to .vsprops files within the
-        JavaScriptCore directory
-
-        Moving the settings to a .vsprops file means that we will only have to
-        change a single setting to affect all configurations, instead of one
-        setting per configuration.
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        Moved settings from these files to the new .vsprops files. Note that
-        testapi.vcproj had a lot of overrides of default settings that were
-        the same as the defaults, which I've removed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added.
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Added.
-
-2009-04-30  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Timothy Hatcher.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25470
-        Extend the cover of ENABLE_JAVASCRIPT_DEBUGGER to profiler.
-
-        * Configurations/FeatureDefines.xcconfig: Added ENABLE_JAVASCRIPT_DEBUGGER define.
-
-2009-04-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        - speed up string concatenation by reorganizing some simple cases
-
-        0.7% SunSpider speedup
-
-        * runtime/UString.cpp:
-        (JSC::concatenate): Put fast case for appending a single character
-        before the empty string special cases; streamline code a bit to
-        delay computing values that are not needed in the fast path.
-
-2009-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add SamplingFlags mechanism.
-
-        This mechanism allows fine-grained JSC and JavaScript program aware
-        performance measurement.  The mechanism provides a set of 32 flags,
-        numbered #1..#32.  Flag #16 is initially set, and all other flags
-        are cleared.  Flags may be set and cleared from within
-
-        Enable by setting ENABLE_SAMPLING_FLAGS to 1 in wtf/Platform.h.
-        Disabled by default, no performance impact.  Flags may be modified
-        by calling SamplingFlags::setFlag() and SamplingFlags::clearFlag()
-        from within JSC implementation, or by calling setSamplingFlag() and
-        clearSamplingFlag() from JavaScript.
-
-        The flags are sampled with a frequency of 10000Hz, and the highest
-        set flag in recorded, allowing multiple events to be measured (with
-        the highest flag number representing the highest priority).
-
-        Disabled by default; no performance impact.
-
-        * JavaScriptCore.exp:
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingFlags::sample):
-        (JSC::SamplingFlags::start):
-        (JSC::SamplingFlags::stop):
-        (JSC::SamplingThread::threadStartFunc):
-        (JSC::SamplingThread::start):
-        (JSC::SamplingThread::stop):
-        (JSC::ScopeSampleRecord::sample):
-        (JSC::SamplingTool::doRun):
-        (JSC::SamplingTool::sample):
-        (JSC::SamplingTool::start):
-        (JSC::SamplingTool::stop):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingFlags::setFlag):
-        (JSC::SamplingFlags::clearFlag):
-        (JSC::SamplingTool::SamplingTool):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionSetSamplingFlag):
-        (functionClearSamplingFlag):
-        (runWithScripts):
-        * wtf/Platform.h:
-
-2009-04-29  Sam Weinig  <sam@webkit.org>
-
-        Another attempt to fix the windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-04-29  Sam Weinig  <sam@webkit.org>
-
-        Try and fix the windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-04-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver "Peg-Leg" Hunt.
-
-        Coallesce input checking and reduce futzing with the index position
-        between alternatives and iterations of the main loop of a regex,
-        when run in YARR.
-
-        Consider the following regex:  /foo|bar/
-        
-        Prior to this patch, this will be implemented something like this pseudo-code description:
-        
-        loop:
-            check_for_available_input(3) // this increments the index by 3, for the first alterantive.
-                if (available) { test "foo" }
-            decrement_index(3)
-            check_for_available_input(3) // this increments the index by 3, for the second alterantive.
-                if (available) { test "bar" }
-            decrement_index(3)
-            check_for_available_input(1) // can we loop again?
-                if (available) { goto loop }
-
-        With these changes it will look more like this:
-
-            check_for_available_input(3) // this increments the index by 3, for the first alterantive.
-            if (!available) { goto fail }
-        loop:
-            test "foo"
-            test "bar"
-            check_for_available_input(1) // can we loop again?
-                if (available) { goto loop }
-        fail:
-
-
-        This gives about a 5% gain on v8-regex, no change on Sunspider.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::TermGenerationState::linkAlternativeBacktracksTo):
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-
-2009-04-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Clean up ArgList to be a trivial type
-
-        Separate out old ArgList logic to handle buffering and marking arguments
-        into a distinct MarkedArgumentBuffer type.  ArgList becomes a trivial
-        struct of a pointer and length.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        (JSObjectMakeArray):
-        (JSObjectMakeDate):
-        (JSObjectMakeError):
-        (JSObjectMakeRegExp):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        * JavaScriptCore.exp:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::emptyList):
-        * runtime/ArgList.cpp:
-        (JSC::ArgList::getSlice):
-        (JSC::MarkedArgumentBuffer::markLists):
-        (JSC::MarkedArgumentBuffer::slowAppend):
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
-        (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
-        (JSC::ArgList::ArgList):
-        (JSC::ArgList::at):
-        (JSC::ArgList::isEmpty):
-        (JSC::ArgList::size):
-        (JSC::ArgList::begin):
-        (JSC::ArgList::end):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::fillArgList):
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        * runtime/Collector.cpp:
-        (JSC::Heap::collect):
-        * runtime/Collector.h:
-        (JSC::Heap::markListSet):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::Error::create):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        (JSC::JSArray::fillArgList):
-        (JSC::constructArray):
-        * runtime/JSArray.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncMatch):
-
-2009-04-29  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25334
-
-        Fix Qt build when ENABLE_JIT is explicitly set to 1
-        to overrule defaults.
-
-        * JavaScriptCore.pri:
-
-2009-04-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Steve Falkenburg.
-
-        Crash in profiler due to incorrect assuming displayName would be a string.
-
-        Fixed by adding a type guard.
-
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::displayName):
-
-2009-04-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber stamped by Beth Dakin.
-        
-        Removed scaffolding supporting dynamically converting between 32bit and
-        64bit value representations. 
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::construct):
-        (JSC::::call):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getConstant):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitEqualityOp):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::thisValue):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * interpreter/Register.h:
-        (JSC::Register::):
-        (JSC::Register::Register):
-        (JSC::Register::jsValue):
-        (JSC::Register::marked):
-        (JSC::Register::mark):
-        (JSC::Register::i):
-        (JSC::Register::activation):
-        (JSC::Register::arguments):
-        (JSC::Register::callFrame):
-        (JSC::Register::codeBlock):
-        (JSC::Register::function):
-        (JSC::Register::propertyNameIterator):
-        (JSC::Register::scopeChain):
-        (JSC::Register::vPC):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_call_NotJSFunction):
-        (JSC::JITStubs::cti_op_load_varargs):
-        (JSC::JITStubs::cti_op_call_eval):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionRun):
-        (functionLoad):
-        * runtime/ArgList.h:
-        (JSC::ArgList::at):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::copyToRegisters):
-        (JSC::Arguments::fillArgList):
-        (JSC::Arguments::getOwnPropertySlot):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::dateParse):
-        (JSC::dateUTC):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::fillStructuresUsingTimeArgs):
-        (JSC::fillStructuresUsingDateArgs):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::constructError):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::constructArray):
-        * runtime/JSArray.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncIsNaN):
-        (JSC::globalFuncIsFinite):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        (JSC::globalFuncJSCPrint):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::construct):
-        * runtime/NumberConstructor.cpp:
-        (JSC::constructWithNumberConstructor):
-        (JSC::callNumberConstructor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructObject):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::getValue):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        (JSC::stringFromCharCode):
-        (JSC::constructWithStringConstructor):
-        (JSC::callStringConstructor):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-
-2009-04-28  David Kilzer  <ddkilzer@apple.com>
-
-        A little more hardening for UString
-
-        Reviewed by Maciej Stachowiak.
-
-        Revised fix for <rdar://problem/5861045> in r42644.
-
-        * runtime/UString.cpp:
-        (JSC::newCapacityWithOverflowCheck): Added.
-        (JSC::concatenate): Used newCapacityWithOverflowCheck().
-        (JSC::UString::append): Ditto.
-
-2009-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Bring back r42969, this time with correct codegen
-
-        Add logic to the codegen for right shift to avoid jumping to a helper function
-        when shifting a small floating point value.
-
-        * jit/JITArithmetic.cpp:
-        (isSSE2Present):
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-
-2009-04-28  Kevin Ollivier <kevino@theolliviers.com>
-
-        wxMSW build fix. Switch JSCore build back to static. 
-
-        * API/JSBase.h:
-        * config.h:
-        * jscore.bkl:
-
-2009-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Roll out r42969, due to hangs in build bot.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-        (JSC::isSSE2Present):
-
-2009-04-28  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed: fix distcheck build, add (even more) missing files to list.
-
-        * GNUmakefile.am:
-
-2009-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Improve performance of string indexing
-
-        Add a cti_get_by_val_string function to specialise indexing into a string object.
-        This gives us a slight performance win on a number of string tests.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_string):
-        * jit/JITStubs.h:
-
-2009-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Improve performance of right shifts of large or otherwise floating point values.
-
-        Add logic to the codegen for right shift to avoid jumping to a helper function
-        when shifting a small floating point value.
-
-        * jit/JITArithmetic.cpp:
-        (isSSE2Present): Moved to the head of file.
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-
-2009-04-28  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed: fix distcheck build, add (more) missing files to list.
-
-        * GNUmakefile.am:
-
-2009-04-28  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed: fix distcheck build, add missing header to file list.
-
-        * GNUmakefile.am:
-
-2009-04-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Maciej "Henry Morgan" Stachowiak.
-
-        Enable YARR.
-        (Again.)
-
-        * wtf/Platform.h:
-
-2009-04-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Tweak a loop condition to keep GCC happy,
-        some GCCs seem to be having issues with this. :-/
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::breakTarget):
-        * wtf/Platform.h:
-
-2009-04-27  Adam Roben  <aroben@apple.com>
-
-        Windows Debug build fix
-
-        Not sure why the buildbots weren't affected by this problem.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Let VS
-        re-order the file list, and added JavaScriptCore[_debug].def to the
-        project. This was not necessary for the fix, but made making the fix
-        easier.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        Removed a function that no longer exists.
-
-2009-04-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Weinig Sam.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=25416
-        "Cached prototype accesses unsafely hoist property storage load above structure checks."
-        
-        Do not hoist the load of the pointer to the property storage array.
-
-        No performance impact.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-
-2009-04-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey "Gaffe or energy?" Garen.
-
-        Randomize address requested by ExecutableAllocatorFixedVMPool.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-
-2009-04-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Remove scons-based build system.
-
-        * JavaScriptCore.scons: Removed.
-
-2009-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Buildfix).
-
-        Make HAVE_MADV_FREE darwin only for now
-
-        * wtf/Platform.h:
-
-2009-04-25  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Gtk build fix - check if we have MADV_FREE before using it.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::releaseExcessCapacity):
-        * wtf/Platform.h:
-
-2009-04-24  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Switching JSCore from a static lib to a dynamic lib
-        to match the Apple build and fix symbol exports.
-
-        * jscore.bkl:
-
-2009-04-24  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25337
-        Move ThreadingQt.cpp under the qt directory.
-
-        * JavaScriptCore.pri:
-        * wtf/ThreadingQt.cpp: Removed.
-        * wtf/qt/ThreadingQt.cpp: Copied from JavaScriptCore/wtf/ThreadingQt.cpp.
-
-2009-04-24  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25338
-        Move ThreadingGtk.cpp under the gtk directory.
-
-        * GNUmakefile.am:
-        * wtf/ThreadingGtk.cpp: Removed.
-        * wtf/gtk/ThreadingGtk.cpp: Copied from JavaScriptCore/wtf/ThreadingGtk.cpp.
-
-2009-04-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam "Wesley" Weinig.
-
-        Improve performance to YARR interpreter.
-        (From about 3x slower than PCRE on regex-dna to about 30% slower).
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::checkCharacter):
-        (JSC::Yarr::Interpreter::checkCasedCharacter):
-        (JSC::Yarr::Interpreter::backtrackPatternCharacter):
-        (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
-        (JSC::Yarr::Interpreter::matchParentheticalAssertionBegin):
-        (JSC::Yarr::Interpreter::matchParentheticalAssertionEnd):
-        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionBegin):
-        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionEnd):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
-        (JSC::Yarr::ByteCompiler::closeAlternative):
-        (JSC::Yarr::ByteCompiler::closeBodyAlternative):
-        (JSC::Yarr::ByteCompiler::atomParenthesesEnd):
-        (JSC::Yarr::ByteCompiler::regexBegin):
-        (JSC::Yarr::ByteCompiler::regexEnd):
-        (JSC::Yarr::ByteCompiler::alterantiveBodyDisjunction):
-        (JSC::Yarr::ByteCompiler::alterantiveDisjunction):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/RegexInterpreter.h:
-        (JSC::Yarr::ByteTerm::):
-        (JSC::Yarr::ByteTerm::ByteTerm):
-        (JSC::Yarr::ByteTerm::BodyAlternativeBegin):
-        (JSC::Yarr::ByteTerm::BodyAlternativeDisjunction):
-        (JSC::Yarr::ByteTerm::BodyAlternativeEnd):
-        (JSC::Yarr::ByteTerm::AlternativeBegin):
-        (JSC::Yarr::ByteTerm::AlternativeDisjunction):
-        (JSC::Yarr::ByteTerm::AlternativeEnd):
-        (JSC::Yarr::ByteTerm::SubpatternBegin):
-        (JSC::Yarr::ByteTerm::SubpatternEnd):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateParentheticalAssertion):
-        * yarr/RegexPattern.h:
-
-2009-04-24  Rob Raguet-Schofield  <ragfield@gmail.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        * wtf/CurrentTime.h: Fix a typo in a comment.
-
-2009-04-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Add reinterpret_cast
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::releaseExcessCapacity):
-
-2009-04-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/6050421> JavaScript register file should remap to release physical pages accumulated during deep recursion
-
-        We now track the maximum extent of the RegisterFile, and when we reach the final
-        return from JS (so the stack portion of the registerfile becomes empty) we see
-        if that extent is greater than maxExcessCapacity.  If it is we use madvise or
-        VirtualFree to release the physical pages that were backing the excess.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::releaseExcessCapacity):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::shrink):
-        (JSC::RegisterFile::grow):
-
-2009-04-23  Mark Rowe  <mrowe@apple.com>
-
-        With great sadness and a heavy heart I switch us back from YARR to WREC in
-        order to restore greenness to the world once more.
-
-        * wtf/Platform.h:
-
-2009-04-23  Mark Rowe  <mrowe@apple.com>
-
-        More Windows build fixage.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-04-23  Mark Rowe  <mrowe@apple.com>
-
-        Attempt to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:  Remove a symbol that no longer exists.
-
-2009-04-23  Francisco Tolmasky  <francisco@280north.com>
-
-        BUG 24604: WebKit profiler reports incorrect total times
-        <https://bugs.webkit.org/show_bug.cgi?id=24604>
-
-        Reviewed by Timothy Hatcher and Kevin McCullough.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::Hash::hash):
-        (JSC::CallIdentifier::Hash::equal):
-        (JSC::CallIdentifier::hash):
-        (WTF::):
-        * profiler/HeavyProfile.cpp: Removed.
-        * profiler/HeavyProfile.h: Removed.
-        * profiler/Profile.cpp: No more need for TreeProfile/HeavyProfile
-        (JSC::Profile::create):
-        * profiler/Profile.h:
-        * profiler/ProfileNode.cpp:
-        * profiler/ProfileNode.h:
-        * profiler/TreeProfile.cpp: Removed.
-        * profiler/TreeProfile.h: Removed.
-
-2009-04-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Not Reviewed.
-
-        Speculative Windows build fix II.
-
-        * yarr/RegexInterpreter.cpp:
-
-2009-04-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Not Reviewed.
-
-        Speculative Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * runtime/RegExp.cpp:
-
-2009-04-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by salty sea dogs Sam & Geoff.
-
-        Enable YARR_JIT by default (where supported), replacing WREC.
-
-        * wtf/Platform.h:
-
-2009-04-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff "Dread Pirate Roberts" Garen.
-
-        Various small fixes to YARR JIT, in preparation for enabling it by default.
-
-        * Correctly index into the callframe when storing restart addresses for
-          nested alternatives.
-        * Allow backtracking back into matched alternatives of parentheses.
-        * Fix callframe offset calculation for parenthetical assertions.
-        * When a set of parenthese are quantified with a fixed and variable portion,
-          and the variable portion is quantified once, this should not reset the
-          pattern match on failure to match (the last match from the firxed portion
-          should be preserved).
-        * Up the pattern size limit to match PCRE's new limit.
-        * Unlclosed parentheses should be reported with the message "missing )".
-
-        * wtf/Platform.h:
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchParentheses):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::loadFromFrameAndJump):
-        (JSC::Yarr::RegexGenerator::generateParenthesesDisjunction):
-        (JSC::Yarr::RegexGenerator::generateParentheticalAssertion):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::executeRegex):
-        * yarr/RegexParser.h:
-        (JSC::Yarr::Parser::):
-        (JSC::Yarr::Parser::parseTokens):
-        (JSC::Yarr::Parser::parse):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::PatternTerm::):
-        (JSC::Yarr::PatternTerm::PatternTerm):
-
-2009-04-22  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Gavin Barraclough.
-
-        Add the m_ prefix on FixedVMPoolAllocator's member variables, and fix typos in a few comments.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::addToFreeList):
-        (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isWithinVMPool):
-
-2009-04-22  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Gavin Barraclough.
-
-        Add some assertions to FixedVMPoolAllocator to guard against cases where we
-        attempt to free memory that didn't originate from the pool, or we attempt to
-        hand out a bogus address from alloc.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isWithinVMPool):
-
-2009-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam "Blackbeard" Weinig.
-
-        Although pirates do spell the word 'generate' as 'genertate',
-        webkit developers do not.  Fixertate.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateAssertionBOL):
-        (JSC::Yarr::RegexGenerator::generateAssertionEOL):
-        (JSC::Yarr::RegexGenerator::generateAssertionWordBoundary):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterSingle):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterPair):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassSingle):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassFixed):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassGreedy):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-
-2009-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam "Blackbeard" Weinig.
-
-        Improvements to YARR JIT.  This patch expands support in three key areas:
-            * Add (temporary) support for falling back to PCRE for expressions not supported.
-            * Add support for x86_64 and Windows.
-            * Add support for singly quantified parentheses (? and ??), alternatives within
-              parentheses, and parenthetical assertions.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::storeToFrame):
-        (JSC::Yarr::RegexGenerator::storeToFrameWithPatch):
-        (JSC::Yarr::RegexGenerator::loadFromFrameAndJump):
-        (JSC::Yarr::RegexGenerator::AlternativeBacktrackRecord::AlternativeBacktrackRecord):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::resetAlternative):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::resetTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::jumpToBacktrack):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::plantJumpToBacktrackIfExists):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::addBacktrackJump):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::linkAlternativeBacktracks):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::propagateBacktrackingFrom):
-        (JSC::Yarr::RegexGenerator::genertateAssertionBOL):
-        (JSC::Yarr::RegexGenerator::genertateAssertionEOL):
-        (JSC::Yarr::RegexGenerator::matchAssertionWordchar):
-        (JSC::Yarr::RegexGenerator::genertateAssertionWordBoundary):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterSingle):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterPair):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterFixed):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterGreedy):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterNonGreedy):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassSingle):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassFixed):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassGreedy):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateParenthesesDisjunction):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-        (JSC::Yarr::RegexGenerator::generateParentheticalAssertion):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-        (JSC::Yarr::RegexGenerator::generateEnter):
-        (JSC::Yarr::RegexGenerator::generateReturn):
-        (JSC::Yarr::RegexGenerator::RegexGenerator):
-        (JSC::Yarr::RegexGenerator::generate):
-        (JSC::Yarr::RegexGenerator::compile):
-        (JSC::Yarr::RegexGenerator::generationFailed):
-        (JSC::Yarr::jitCompileRegex):
-        (JSC::Yarr::executeRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::~RegexCodeBlock):
-
-2009-04-22  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Fix for <rdar://problem/6816957>
-        Turn off Geolocation by default
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-04-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Buildfix).
-
-        * interpreter/CachedCall.h:
-
-2009-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        * runtime/StringPrototype.cpp:
-
-2009-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Improve String.replace performance slightly
-
-        Apply our vm reentry caching logic to String.replace with global
-        regexes.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2009-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich and Oliver Hunt.
-        
-        Re-Fixed <rdar://problem/6406045> REGRESSION: Stack overflow on PowerPC on
-        fast/workers/use-machine-stack.html (22531)
-        
-        SunSpider reports no change.
-        
-        Use a larger recursion limit on the main thread (because we can, and
-        there's some evidence that it may improve compatibility), and a smaller
-        recursion limit on secondary threads (because they tend to have smaller
-        stacks).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        * interpreter/Interpreter.h:
-        (JSC::): Ditto. I wrote the recursion test slightly funny, so that the
-        common case remains a simple compare to constant.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin): Conservatively, set the array recursion limits
-        to the lower, secondary thread limit. We can do something fancier if
-        compatibility moves us, but this seems sufficient for now.
-
-2009-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by Adam Roben.
-        
-        Disabled one more Mozilla JS test because it fails intermittently on Windows.
-        (See https://bugs.webkit.org/show_bug.cgi?id=25160.)
-
-        * tests/mozilla/expected.html:
-
-2009-04-21  Adam Roben  <aroben@apple.com>
-
-        Rename JavaScriptCore_debug.dll to JavaScriptCore.dll in the Debug
-        configuration
-
-        This matches the naming scheme for WebKit.dll, and will be necessary
-        once Safari links against JavaScriptCore.dll. This change also causes
-        run-safari not to fail (because the launcher printed by FindSafari was
-        always looking for JavaScriptCore.dll, never
-        JavaScriptCore_debug.dll).
-
-        Part of Bug 25305: can't run safari or drt on windows
-        <https://bugs.webkit.org/show_bug.cgi?id=25305>
-
-        Reviewed by Steve Falkenburg and Sam Weinig.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        Use $(WebKitDLLConfigSuffix) for naming JavaScriptCore.{dll,lib}.
-
-2009-04-21  Adam Roben  <aroben@apple.com>
-
-        Fix JavaScriptCore build on VC++ Express
-
-        Reviewed by Steve Falkenburg and Sam Weinig.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Link
-        explicitly against gdi32.lib and oleaut32.lib.
-
-2009-04-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        Tiger crash fix: Put VM tags in their own header file, and fixed up the
-        #ifdefs so they're not used on Tiger.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        * runtime/Collector.cpp:
-        (JSC::allocateBlock):
-        * wtf/VMTags.h: Added.
-
-2009-04-20  Steve Falkenburg  <sfalken@apple.com>
-
-        More Windows build fixes.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Copy DLLs, PDBs.
-        * JavaScriptCore.vcproj/JavaScriptCore.resources: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add version stamping, resource copying.
-
-2009-04-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Separate JavaScriptCore.dll from WebKit.dll.
-        Slight performance improvement or no change on benchmarks.
-        
-        Allows us to break a circular dependency between CFNetwork and WebKit on Windows,
-        and simplifies standalone JavaScriptCore builds.
-
-        Reviewed by Oliver Hunt.
-
-        * API/JSBase.h: Export symbols with JS_EXPORT when using MSVC.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Build JavaScriptCore as a DLL instead of a static library.
-        * config.h: Specify __declspec(dllexport/dllimport) appropriately when exporting data.
-        * runtime/InternalFunction.h: Specify JS_EXPORTDATA on exported data.
-        * runtime/JSArray.h: Specify JS_EXPORTDATA on exported data.
-        * runtime/JSFunction.h: Specify JS_EXPORTDATA on exported data.
-        * runtime/StringObject.h: Specify JS_EXPORTDATA on exported data.
-        * runtime/UString.h: Specify JS_EXPORTDATA on exported data.
-
-2009-04-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Kevin McCullough.
-
-        Always tag mmaped memory on darwin and clean up #defines
-        now that they are a little bigger.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        * runtime/Collector.cpp:
-        (JSC::allocateBlock):
-
-2009-04-20  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Tim Hatcher.
-
-        Add licenses for xcconfig files.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-        * Configurations/FeatureDefines.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-        * Configurations/Version.xcconfig:
-
-2009-04-20  Ariya Hidayat  <ariya.hidayat@nokia.com>
-
-        Build fix for Qt port (after r42646). Not reviewed.
-
-        * wtf/unicode/qt4/UnicodeQt4.h: Added U16_PREV.
-
-2009-04-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Better fix for JSStringCreateWithCFString hardening.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-
-2009-04-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Dan Bernstein.
-
-        Fix for <rdar://problem/5860954>
-        Harden JSStringCreateWithCFString against malformed CFStringRefs.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-
-2009-04-19  David Kilzer  <ddkilzer@apple.com>
-
-        Make FEATURE_DEFINES completely dynamic
-
-        Reviewed by Darin Adler.
-
-        Make FEATURE_DEFINES depend on individual ENABLE_FEATURE_NAME
-        variables for each feature, making it possible to remove all
-        knowledge of FEATURE_DEFINES from build-webkit.
-
-        * Configurations/FeatureDefines.xcconfig: Extract a variable
-        from FEATURE_DEFINES for each feature setting.
-
-2009-04-18  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Dan Bernstein.
-
-        Fix typo.  s/VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE/VM_MEMORY_JAVASCRIPT_CORE/
-
-        * runtime/Collector.cpp:
-        (JSC::allocateBlock): Fix bozo typo.
-
-2009-04-18  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Fix for <rdar://problem/6801555> Tag JavaScript memory on SnowLeopard
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        * runtime/Collector.cpp:
-        (JSC::allocateBlock):
-
-2009-04-18  Drew Wilson  <amw@apple.com>
-
-        <rdar://problem/6781407> VisiblePosition.characterAfter should return UChar32
-
-        Reviewed by Dan Bernstein.
-
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::hasLineBreakingPropertyComplexContextOrIdeographic): Added.
-
-2009-04-18  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix for <rdar://problem/5861045>
-        A little bit of hardening for UString.
-
-        * runtime/UString.cpp:
-        (JSC::concatenate):
-        (JSC::UString::append):
-
-2009-04-18  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe and Dan Bernstein.
-
-        Fix for <rdar://problem/5861188>
-        A little bit of hardening for Vector.
-
-        * wtf/Vector.h:
-        (WTF::Vector<T, inlineCapacity>::append):
-        (WTF::Vector<T, inlineCapacity>::insert):
-
-2009-04-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        On x86_64, make all JIT-code allocations from a new heap, managed
-        by FixedVMPoolAllocator.  This class allocates a single large (2Gb)
-        pool of virtual memory from which all further allocations take place.
-        Since all JIT code is allocated from this pool, we can continue to
-        safely assume (as is already asserted) that it will always be possible
-        to link any JIT-code to JIT-code jumps and calls.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            Add new file.
-        * jit/ExecutableAllocatorFixedVMPool.cpp: Added.
-        (JSC::FreeListEntry::FreeListEntry):
-        (JSC::AVLTreeAbstractorForFreeList::get_less):
-        (JSC::AVLTreeAbstractorForFreeList::set_less):
-        (JSC::AVLTreeAbstractorForFreeList::get_greater):
-        (JSC::AVLTreeAbstractorForFreeList::set_greater):
-        (JSC::AVLTreeAbstractorForFreeList::get_balance_factor):
-        (JSC::AVLTreeAbstractorForFreeList::set_balance_factor):
-        (JSC::AVLTreeAbstractorForFreeList::null):
-        (JSC::AVLTreeAbstractorForFreeList::compare_key_key):
-        (JSC::AVLTreeAbstractorForFreeList::compare_key_node):
-        (JSC::AVLTreeAbstractorForFreeList::compare_node_node):
-        (JSC::sortFreeListEntriesByPointer):
-        (JSC::sortCommonSizedAllocations):
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::addToFreeList):
-        (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-            The new 2Gb heap class!
-        * jit/ExecutableAllocatorPosix.cpp:
-            Disable use of this implementation on x86_64.
-        * wtf/AVLTree.h:
-            Add missing variable initialization.
-        (WTF::::remove):
-
-2009-04-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fix bug where the VM reentry cache would not correctly unroll the cached callframe
-
-        Fix a check that was intended to mark a cached call as invalid when the callframe could
-        not be constructed.  Instead it was just checking that there was a place to put the
-        exception.  This eventually results in a non-recoverable RegisterFile starvation.
-
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        (JSC::CachedCall::call): add assertion to ensure we don't use a bad callframe
-
-2009-04-17  David Kilzer  <ddkilzer@apple.com>
-
-        Simplify FEATURE_DEFINES definition
-
-        Reviewed by Darin Adler.
-
-        This moves FEATURE_DEFINES and its related ENABLE_FEATURE_NAME
-        variables to their own FeatureDefines.xcconfig file.  It also
-        extracts a new ENABLE_GEOLOCATION variable so that
-        FEATURE_DEFINES only needs to be defined once.
-
-        * Configurations/FeatureDefines.xcconfig: Added.
-        * Configurations/JavaScriptCore.xcconfig: Removed definition of
-        ENABLE_SVG_DOM_OBJC_BINDINGS and FEATURE_DEFINES.  Added include
-        of FeatureDefines.xcconfig.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added
-        FeatureDefines.xcconfig file.
-
-2009-04-08  Mihnea Ovidenie  <mihnea@adobe.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 25027: JavaScript parseInt wrong on negative numbers
-        <https://bugs.webkit.org/show_bug.cgi?id=25027>
-
-        When dealing with negative numbers, parseInt should use ceil instead of floor.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-
-2009-04-16  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6744652> 32-bit to 64-bit: Javascript hash tables double in size
-
-        Remove perfect hash optimization which removes 1 MB of overhead on 32-bit and almost 2 MB on 64-bit.  Removing the optimization was not a regression on SunSpider and the acid 3 test still passes.
-
-        * create_hash_table:
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable):
-        (JSC::HashTable::deleteTable):
-        * runtime/Lookup.h:
-        (JSC::HashEntry::initialize):
-        (JSC::HashEntry::next):
-        (JSC::HashTable::entry):
-        * runtime/Structure.cpp:
-        (JSC::Structure::getEnumerableNamesFromClassInfoTable):
-
-2009-04-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix subtle error in optimised VM reentry in Array.sort
-
-        Basically to ensure we don't accidentally invalidate the cached callframe
-        we should be using the cached callframe rather than our own exec state.
-        While the old behaviour was wrong i have been unable to actually create a
-        test case where anything actually ends up going wrong.
-
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::newCallFrame):
-        * runtime/JSArray.cpp:
-        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
-
-2009-04-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Optimise op_resolve_base
-
-        If we can statically find a property we are trying to resolve
-        the base of, the base is guaranteed to be the global object.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolveBase):
-
-2009-04-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improve performance of read-write-modify operators
-
-        Implement cross scope optimisation for read-write-modify
-        operators, to avoid unnecessary calls to property resolve
-        helper functions.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitLoadGlobalObject):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        * bytecompiler/BytecodeGenerator.h:
-
-2009-04-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improve performance of remaining array enumeration functions
-
-        Make use of function entry cache for remaining Array enumeration functions.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-
-2009-04-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improve performance of Array.sort
-
-        Cache the VM entry for Array.sort when using a JS comparison function.
-
-        * runtime/JSArray.cpp:
-        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        (JSC::JSArray::sort):
-
-2009-04-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug 25229: Need support for Array.prototype.reduceRight
-        <https://bugs.webkit.org/show_bug.cgi?id=25229>
-
-        Implement Array.reduceRight
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncReduceRight):
-
-2009-04-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug 25227: Array.filter triggers an assertion when the target array shrinks while being filtered
-        <https://bugs.webkit.org/show_bug.cgi?id=25227>
-
-        We correct this simply by making the fast array path fall back on the slow path if
-        we ever discover the fast access is unsafe.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-
-2009-04-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug 25159: Support Array.prototype.reduce
-        <https://bugs.webkit.org/show_bug.cgi?id=25159>
-
-        Implement Array.prototype.reduce
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncReduce):
-
-2009-04-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Move CallFrameClosure from inside the Interpreter class to its own file.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/CachedCall.h:
-        * interpreter/CallFrameClosure.h: Copied from JavaScriptCore/yarr/RegexJIT.h.
-        (JSC::CallFrameClosure::setArgument):
-        (JSC::CallFrameClosure::resetCallFrame):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::prepareForRepeatCall):
-        * interpreter/Interpreter.h:
-
-2009-04-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 25202: Improve performance of repeated callbacks into the VM
-
-        Add the concept of a CachedCall to native code for use in Array
-        prototype and similar functions where a single callback function
-        is called repeatedly with the same number of arguments.
-
-        Used Array.prototype.filter as the test function and got a 50% win
-        over a naive non-caching specialised version.  This makes the native
-        implementation of Array.prototype.filter faster than the JS one once
-        more.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/CachedCall.h: Added.
-        (JSC::CachedCall::CachedCall):
-        (JSC::CachedCall::call):
-        (JSC::CachedCall::setThis):
-        (JSC::CachedCall::setArgument):
-        (JSC::CachedCall::~CachedCall):
-           CachedCall is a wrapper that automates the calling and teardown
-           for a CallFrameClosure
-        * interpreter/CallFrame.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::prepareForRepeatCall):
-           Create the basic entry closure for a function
-        (JSC::Interpreter::execute):
-           A new ::execute method to enter the interpreter from a closure
-        (JSC::Interpreter::endRepeatCall):
-           Clear the entry closure
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::CallFrameClosure::setArgument):
-        (JSC::Interpreter::CallFrameClosure::resetCallFrame):
-           Helper functions to simplify setting up the closure's callframe
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-
-2009-04-14  Xan Lopez  <xlopez@igalia.com>
-
-        Fix the build.
-
-        Add the yarr headers (and only the headers) to the build, so that
-        RegExp.cpp can compile. The headers are ifdefed out with yarr
-        disabled, so we don't need anything else for now.
-
-        * GNUmakefile.am:
-
-2009-04-14  Adam Roben  <aroben@apple.com>
-
-        Remove support for profile-guided optimization on Windows
-
-        Rubber-stamped by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed
-        the Release_PGO configuration. Also let VS re-order the source files
-        list.
-
-2009-04-14  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed build fix.
-
-        * GNUmakefile.am:
-
-2009-04-14  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk build fix when building minidom. Not reviewed.
-
-        Use C-style comment instead of C++ style since autotools builds
-        minidom using gcc and not g++.
-
-        * wtf/Platform.h:
-
-2009-04-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY - speculative build fix.
-
-        * runtime/RegExp.h:
-
-2009-04-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cap'n Geoff Garen.
-
-        Yarr!
-        (Yet another regex runtime).
-
-        Currently disabled by default since the interpreter, whilst awesomely
-        functional, has not been optimized and is likely slower than PCRE, and
-        the JIT, whilst faster than WREC, is presently incomplete and does not
-        fallback to using an interpreter for the cases it cannot handle.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::move):
-        (JSC::MacroAssemblerX86Common::swap):
-        (JSC::MacroAssemblerX86Common::signExtend32ToPtr):
-        (JSC::MacroAssemblerX86Common::zeroExtend32ToPtr):
-        (JSC::MacroAssemblerX86Common::branch32):
-        (JSC::MacroAssemblerX86Common::branch16):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::cmpw_im):
-        (JSC::X86Assembler::testw_rr):
-        (JSC::X86Assembler::X86InstructionFormatter::immediate16):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::~RegExp):
-        (JSC::RegExp::create):
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * wtf/Platform.h:
-        * yarr: Added.
-        * yarr/RegexCompiler.cpp: Added.
-        (JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
-        (JSC::Yarr::CharacterClassConstructor::reset):
-        (JSC::Yarr::CharacterClassConstructor::append):
-        (JSC::Yarr::CharacterClassConstructor::putChar):
-        (JSC::Yarr::CharacterClassConstructor::isUnicodeUpper):
-        (JSC::Yarr::CharacterClassConstructor::isUnicodeLower):
-        (JSC::Yarr::CharacterClassConstructor::putRange):
-        (JSC::Yarr::CharacterClassConstructor::charClass):
-        (JSC::Yarr::CharacterClassConstructor::addSorted):
-        (JSC::Yarr::CharacterClassConstructor::addSortedRange):
-        (JSC::Yarr::newlineCreate):
-        (JSC::Yarr::digitsCreate):
-        (JSC::Yarr::spacesCreate):
-        (JSC::Yarr::wordcharCreate):
-        (JSC::Yarr::nondigitsCreate):
-        (JSC::Yarr::nonspacesCreate):
-        (JSC::Yarr::nonwordcharCreate):
-        (JSC::Yarr::RegexPatternConstructor::RegexPatternConstructor):
-        (JSC::Yarr::RegexPatternConstructor::~RegexPatternConstructor):
-        (JSC::Yarr::RegexPatternConstructor::reset):
-        (JSC::Yarr::RegexPatternConstructor::assertionBOL):
-        (JSC::Yarr::RegexPatternConstructor::assertionEOL):
-        (JSC::Yarr::RegexPatternConstructor::assertionWordBoundary):
-        (JSC::Yarr::RegexPatternConstructor::atomPatternCharacter):
-        (JSC::Yarr::RegexPatternConstructor::atomBuiltInCharacterClass):
-        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassBegin):
-        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassAtom):
-        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassRange):
-        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassBuiltIn):
-        (JSC::Yarr::RegexPatternConstructor::atomCharacterClassEnd):
-        (JSC::Yarr::RegexPatternConstructor::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::RegexPatternConstructor::atomParentheticalAssertionBegin):
-        (JSC::Yarr::RegexPatternConstructor::atomParenthesesEnd):
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::copyDisjunction):
-        (JSC::Yarr::RegexPatternConstructor::copyTerm):
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        (JSC::Yarr::RegexPatternConstructor::disjunction):
-        (JSC::Yarr::RegexPatternConstructor::regexBegin):
-        (JSC::Yarr::RegexPatternConstructor::regexEnd):
-        (JSC::Yarr::RegexPatternConstructor::regexError):
-        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
-        (JSC::Yarr::RegexPatternConstructor::setupDisjunctionOffsets):
-        (JSC::Yarr::RegexPatternConstructor::setupOffsets):
-        (JSC::Yarr::compileRegex):
-        * yarr/RegexCompiler.h: Added.
-        * yarr/RegexInterpreter.cpp: Added.
-        (JSC::Yarr::Interpreter::appendParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::popParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::DisjunctionContext::DisjunctionContext):
-        (JSC::Yarr::Interpreter::DisjunctionContext::operator new):
-        (JSC::Yarr::Interpreter::allocDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeDisjunctionContext):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::operator new):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::restoreOutput):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::getDisjunctionContext):
-        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::InputStream::InputStream):
-        (JSC::Yarr::Interpreter::InputStream::next):
-        (JSC::Yarr::Interpreter::InputStream::rewind):
-        (JSC::Yarr::Interpreter::InputStream::read):
-        (JSC::Yarr::Interpreter::InputStream::readChecked):
-        (JSC::Yarr::Interpreter::InputStream::reread):
-        (JSC::Yarr::Interpreter::InputStream::prev):
-        (JSC::Yarr::Interpreter::InputStream::getPos):
-        (JSC::Yarr::Interpreter::InputStream::setPos):
-        (JSC::Yarr::Interpreter::InputStream::atStart):
-        (JSC::Yarr::Interpreter::InputStream::atEnd):
-        (JSC::Yarr::Interpreter::InputStream::checkInput):
-        (JSC::Yarr::Interpreter::InputStream::uncheckInput):
-        (JSC::Yarr::Interpreter::testCharacterClass):
-        (JSC::Yarr::Interpreter::tryConsumeCharacter):
-        (JSC::Yarr::Interpreter::checkCharacter):
-        (JSC::Yarr::Interpreter::tryConsumeCharacterClass):
-        (JSC::Yarr::Interpreter::checkCharacterClass):
-        (JSC::Yarr::Interpreter::tryConsumeBackReference):
-        (JSC::Yarr::Interpreter::matchAssertionBOL):
-        (JSC::Yarr::Interpreter::matchAssertionEOL):
-        (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
-        (JSC::Yarr::Interpreter::matchPatternCharacter):
-        (JSC::Yarr::Interpreter::backtrackPatternCharacter):
-        (JSC::Yarr::Interpreter::matchCharacterClass):
-        (JSC::Yarr::Interpreter::backtrackCharacterClass):
-        (JSC::Yarr::Interpreter::matchBackReference):
-        (JSC::Yarr::Interpreter::backtrackBackReference):
-        (JSC::Yarr::Interpreter::recordParenthesesMatch):
-        (JSC::Yarr::Interpreter::resetMatches):
-        (JSC::Yarr::Interpreter::resetAssertionMatches):
-        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
-        (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
-        (JSC::Yarr::Interpreter::matchParenthesesOnceEnd):
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
-        (JSC::Yarr::Interpreter::matchParentheticalAssertionOnceBegin):
-        (JSC::Yarr::Interpreter::matchParentheticalAssertionOnceEnd):
-        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionOnceBegin):
-        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionOnceEnd):
-        (JSC::Yarr::Interpreter::matchParentheses):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-        (JSC::Yarr::Interpreter::matchTerm):
-        (JSC::Yarr::Interpreter::backtrackTerm):
-        (JSC::Yarr::Interpreter::matchAlternative):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::matchNonZeroDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        (JSC::Yarr::Interpreter::Interpreter):
-        (JSC::Yarr::ByteCompiler::ParenthesesStackEntry::ParenthesesStackEntry):
-        (JSC::Yarr::ByteCompiler::ByteCompiler):
-        (JSC::Yarr::ByteCompiler::compile):
-        (JSC::Yarr::ByteCompiler::checkInput):
-        (JSC::Yarr::ByteCompiler::assertionBOL):
-        (JSC::Yarr::ByteCompiler::assertionEOL):
-        (JSC::Yarr::ByteCompiler::assertionWordBoundary):
-        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
-        (JSC::Yarr::ByteCompiler::atomCharacterClass):
-        (JSC::Yarr::ByteCompiler::atomBackReference):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
-        (JSC::Yarr::ByteCompiler::popParenthesesStack):
-        (JSC::Yarr::ByteCompiler::dumpDisjunction):
-        (JSC::Yarr::ByteCompiler::closeAlternative):
-        (JSC::Yarr::ByteCompiler::atomParenthesesEnd):
-        (JSC::Yarr::ByteCompiler::regexBegin):
-        (JSC::Yarr::ByteCompiler::regexEnd):
-        (JSC::Yarr::ByteCompiler::alterantiveDisjunction):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        (JSC::Yarr::byteCompileRegex):
-        (JSC::Yarr::interpretRegex):
-        * yarr/RegexInterpreter.h: Added.
-        (JSC::Yarr::ByteTerm::):
-        (JSC::Yarr::ByteTerm::ByteTerm):
-        (JSC::Yarr::ByteTerm::BOL):
-        (JSC::Yarr::ByteTerm::CheckInput):
-        (JSC::Yarr::ByteTerm::EOL):
-        (JSC::Yarr::ByteTerm::WordBoundary):
-        (JSC::Yarr::ByteTerm::BackReference):
-        (JSC::Yarr::ByteTerm::AlternativeBegin):
-        (JSC::Yarr::ByteTerm::AlternativeDisjunction):
-        (JSC::Yarr::ByteTerm::AlternativeEnd):
-        (JSC::Yarr::ByteTerm::PatternEnd):
-        (JSC::Yarr::ByteTerm::invert):
-        (JSC::Yarr::ByteTerm::capture):
-        (JSC::Yarr::ByteDisjunction::ByteDisjunction):
-        (JSC::Yarr::BytecodePattern::BytecodePattern):
-        (JSC::Yarr::BytecodePattern::~BytecodePattern):
-        * yarr/RegexJIT.cpp: Added.
-        (JSC::Yarr::RegexGenerator::optimizeAlternative):
-        (JSC::Yarr::RegexGenerator::matchCharacterClassRange):
-        (JSC::Yarr::RegexGenerator::matchCharacterClass):
-        (JSC::Yarr::RegexGenerator::jumpIfNoAvailableInput):
-        (JSC::Yarr::RegexGenerator::jumpIfAvailableInput):
-        (JSC::Yarr::RegexGenerator::checkInput):
-        (JSC::Yarr::RegexGenerator::atEndOfInput):
-        (JSC::Yarr::RegexGenerator::notAtEndOfInput):
-        (JSC::Yarr::RegexGenerator::jumpIfCharEquals):
-        (JSC::Yarr::RegexGenerator::jumpIfCharNotEquals):
-        (JSC::Yarr::RegexGenerator::readCharacter):
-        (JSC::Yarr::RegexGenerator::storeToFrame):
-        (JSC::Yarr::RegexGenerator::loadFromFrame):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::TermGenerationState):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::resetAlternative):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::alternativeValid):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::nextAlternative):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::alternative):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::resetTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::termValid):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::nextTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::term):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::lookaheadTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isSinglePatternCharacterLookaheadTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::inputOffset):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::jumpToBacktrack):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::setBacktrackGenerated):
-        (JSC::Yarr::RegexGenerator::jumpToBacktrackCheckEmitPending):
-        (JSC::Yarr::RegexGenerator::genertateAssertionBOL):
-        (JSC::Yarr::RegexGenerator::genertateAssertionEOL):
-        (JSC::Yarr::RegexGenerator::matchAssertionWordchar):
-        (JSC::Yarr::RegexGenerator::genertateAssertionWordBoundary):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterSingle):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterPair):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterFixed):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterGreedy):
-        (JSC::Yarr::RegexGenerator::genertatePatternCharacterNonGreedy):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassSingle):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassFixed):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassGreedy):
-        (JSC::Yarr::RegexGenerator::genertateCharacterClassNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingleDisjunctionOneAlternative):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-        (JSC::Yarr::RegexGenerator::RegexGenerator):
-        (JSC::Yarr::RegexGenerator::generate):
-        (JSC::Yarr::jitCompileRegex):
-        (JSC::Yarr::executeRegex):
-        * yarr/RegexJIT.h: Added.
-        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
-        * yarr/RegexParser.h: Added.
-        (JSC::Yarr::):
-        (JSC::Yarr::Parser::):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::begin):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacterUnescaped):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::end):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::flush):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::):
-        (JSC::Yarr::Parser::Parser):
-        (JSC::Yarr::Parser::parseEscape):
-        (JSC::Yarr::Parser::parseAtomEscape):
-        (JSC::Yarr::Parser::parseCharacterClassEscape):
-        (JSC::Yarr::Parser::parseCharacterClass):
-        (JSC::Yarr::Parser::parseParenthesesBegin):
-        (JSC::Yarr::Parser::parseParenthesesEnd):
-        (JSC::Yarr::Parser::parseQuantifier):
-        (JSC::Yarr::Parser::parseTokens):
-        (JSC::Yarr::Parser::parse):
-        (JSC::Yarr::Parser::saveState):
-        (JSC::Yarr::Parser::restoreState):
-        (JSC::Yarr::Parser::atEndOfPattern):
-        (JSC::Yarr::Parser::peek):
-        (JSC::Yarr::Parser::peekIsDigit):
-        (JSC::Yarr::Parser::peekDigit):
-        (JSC::Yarr::Parser::consume):
-        (JSC::Yarr::Parser::consumeDigit):
-        (JSC::Yarr::Parser::consumeNumber):
-        (JSC::Yarr::Parser::consumeOctal):
-        (JSC::Yarr::Parser::tryConsume):
-        (JSC::Yarr::Parser::tryConsumeHex):
-        (JSC::Yarr::parse):
-        * yarr/RegexPattern.h: Added.
-        (JSC::Yarr::CharacterRange::CharacterRange):
-        (JSC::Yarr::):
-        (JSC::Yarr::PatternTerm::):
-        (JSC::Yarr::PatternTerm::PatternTerm):
-        (JSC::Yarr::PatternTerm::BOL):
-        (JSC::Yarr::PatternTerm::EOL):
-        (JSC::Yarr::PatternTerm::WordBoundary):
-        (JSC::Yarr::PatternTerm::invert):
-        (JSC::Yarr::PatternTerm::capture):
-        (JSC::Yarr::PatternTerm::quantify):
-        (JSC::Yarr::PatternAlternative::PatternAlternative):
-        (JSC::Yarr::PatternAlternative::lastTerm):
-        (JSC::Yarr::PatternAlternative::removeLastTerm):
-        (JSC::Yarr::PatternDisjunction::PatternDisjunction):
-        (JSC::Yarr::PatternDisjunction::~PatternDisjunction):
-        (JSC::Yarr::PatternDisjunction::addNewAlternative):
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::~RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-        (JSC::Yarr::RegexPattern::containsIllegalBackReference):
-        (JSC::Yarr::RegexPattern::newlineCharacterClass):
-        (JSC::Yarr::RegexPattern::digitsCharacterClass):
-        (JSC::Yarr::RegexPattern::spacesCharacterClass):
-        (JSC::Yarr::RegexPattern::wordcharCharacterClass):
-        (JSC::Yarr::RegexPattern::nondigitsCharacterClass):
-        (JSC::Yarr::RegexPattern::nonspacesCharacterClass):
-        (JSC::Yarr::RegexPattern::nonwordcharCharacterClass):
-
-2009-04-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Missed code from last patch).
-
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::displayName):
-        (JSC::InternalFunction::calculatedDisplayName):
-        * runtime/InternalFunction.h:
-
-2009-04-13  Francisco Tolmasky  <francisco@280north.com>
-
-        Reviewed by Oliver Hunt.
-        
-        BUG 25171: It should be possible to manually set the name of an anonymous function
-        <https://bugs.webkit.org/show_bug.cgi?id=25171>
-
-        This change adds the displayName property to functions, which when set overrides the 
-        normal name when appearing in the console.
-
-        * profiler/Profiler.cpp:
-        (JSC::createCallIdentifierFromFunctionImp): Changed call to InternalFunction::name to InternalFunction::calculatedDisplayName
-        * runtime/CommonIdentifiers.h: Added displayName common identifier.
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::displayName): Access to user settable displayName property
-        (JSC::InternalFunction::calculatedDisplayName): Returns displayName if it exists, if not then the natural name
-
-2009-04-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Disabled another JavaScriptCore test because it fails on Windows but
-        not Mac, so it makes the bots red.
-
-        * tests/mozilla/expected.html:
-
-2009-04-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Disabled two JavaScriptCore tests because they fail on Window or Mac but
-        not both, so they make the bots red.
-
-        * tests/mozilla/expected.html: Updated expected results.
-
-2009-04-09  Ben Murdoch  <benm@google.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25091
-        The Android platform requires threads to be registered with the VM.
-        This patch implements this behaviour inside ThreadingPthreads.cpp.
-
-        * wtf/ThreadingPthreads.cpp: Add a level above threadEntryPoint that takes care of (un)registering threads with the VM.
-        (WTF::runThreadWithRegistration): register the thread and run entryPoint. Unregister the thread afterwards.
-        (WTF::createThreadInternal): call runThreadWithRegistration instead of entryPoint directly.
-
-2009-04-09  David Kilzer  <ddkilzer@apple.com>
-
-        Reinstating <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings
-
-        Rolled r42345 back in.  The build failure was caused by an
-        internal script which had not been updated the same way that
-        build-webkit was updated.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2009-04-09  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reverting <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings.
-        It broke Mac build, and I don't know how to fix it.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2009-04-09  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed build fix.
-
-        Checking for __GLIBCXX__ being bigger than some date is not enough
-        to get std::tr1, C++0x has to be in use too. Add another check for
-        __GXX_EXPERIMENTAL_CXX0X__.
-
-        * wtf/TypeTraits.h:
-
-2009-04-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Fix assertion failure in function.apply
-
-        The result of excess arguments to function.apply is irrelevant
-        so we don't need to provide a result register.  We were providing
-        temporary result register but not ref'ing it resulting in an
-        assertion failure.
-
-        * parser/Nodes.cpp:
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-
-2009-04-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings
-
-        Reviewed by Darin Adler and Maciej Stachowiak.
-
-        Introduce the ENABLE_SVG_DOM_OBJC_BINDINGS feature define so
-        that SVG DOM Objective-C bindings may be optionally disabled.
-
-        * Configurations/JavaScriptCore.xcconfig: Added
-        ENABLE_SVG_DOM_OBJC_BINDINGS variable and use it in
-        FEATURE_DEFINES.
-
-2009-04-08  Paul Pedriana <ppedriana@ea.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20422
-        Allow custom memory allocation control.
-        
-        * wtf/FastAllocBase.h:
-        New added file. Implements allocation base class.
-        * wtf/TypeTraits.h:
-        Augments existing type traits support as needed by FastAllocBase.
-        * wtf/FastMalloc.h:
-        Changed to support FastMalloc match validation.
-        * wtf/FastMalloc.cpp:
-        Changed to support FastMalloc match validation.
-        * wtf/Platform.h:
-        Added ENABLE_FAST_MALLOC_MATCH_VALIDATION; defaults to 0.
-        * GNUmakefile.am:
-        Updated to include added FastAllocBase.h.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Updated to include added FastAllocBase.h.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        Updated to include added FastAllocBase.h.
-
-2009-04-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Improve function.apply performance
-
-        Jump through a few hoops to improve performance of function.apply in the general case.
-
-        In the case of zero or one arguments, or if there are only two arguments and the
-        second is an array literal we treat function.apply as function.call.
-
-        Otherwise we use the new opcodes op_load_varargs and op_call_varargs to do the .apply call
-        without re-entering the virtual machine.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        (JSC::BytecodeGenerator::emitLoadVarargs):
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_load_varargs):
-        * jit/JITStubs.h:
-        * parser/Grammar.y:
-        * parser/Nodes.cpp:
-        (JSC::ArrayNode::isSimpleArray):
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::CallFunctionCallDotNode::emitBytecode):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::):
-        (JSC::ApplyFunctionCallDotNode::):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::copyToRegisters):
-        (JSC::Arguments::fillArgList):
-        * runtime/Arguments.h:
-        (JSC::Arguments::numProvidedArguments):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * runtime/FunctionPrototype.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::copyToRegisters):
-        * runtime/JSArray.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::mark):
-        * runtime/JSGlobalObject.h:
-
-2009-04-08  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25073
-        JavaScriptCore tests don't run if time zone is not PST
-
-        * API/tests/testapi.c:
-        (timeZoneIsPST): Added a function that checks whether the time zone is PST, using the same
-        method as functions in DateMath.cpp do for formatting the result.
-        (main): Skip date string format test if the time zone is not PST.
-
-2009-04-07  David Levin  <levin@chromium.org>
-
-        Reviewed by Sam Weinig and Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25039
-        UString refactoring to support UChar* sharing.
-
-        No change in sunspider perf.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::SmallStringsStorage):
-        * runtime/UString.cpp:
-        (JSC::initializeStaticBaseString):
-        (JSC::initializeUString):
-        (JSC::UString::BaseString::isShared):
-        Encapsulate the meaning behind the refcount == 1 checks because
-        this needs to do slightly more when sharing is added.
-        (JSC::concatenate):
-        (JSC::UString::append):
-        (JSC::UString::operator=):
-        * runtime/UString.h:
-        Make m_baseString part of a union to get rid of casts, but make it protected because
-        it is tricky to use it correctly since it is only valid when the Rep is not a BaseString.
-        The void* will be filled in when sharing is added.
-
-        Add constructors due to the making members protected and it make ensuring proper
-        initialization work better (like in SmallStringsStorage).
-        (JSC::UString::Rep::create):
-        (JSC::UString::Rep::Rep):
-        (JSC::UString::Rep::):
-        (JSC::UString::BaseString::BaseString):
-        (JSC::UString::Rep::setBaseString):
-        (JSC::UString::Rep::baseString):
-
-2009-04-04  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=25033
-        dtoa.cpp segfaults with g++ 4.4.0
-
-        g++ 4.4.0 seems to be more strict about aliasing rules, so it
-        produces incorrect code if dtoa.cpp is compiled with
-        -fstrict-aliasing (it also emits a ton of warnings, so fair enough
-        I guess). The problem was that we were only casting variables to
-        union types in order to do type punning, but GCC and the C
-        standard require that we actually use a union to store the value.
-
-        This patch does just that, the code is mostly copied from the dtoa
-        version in GCC:
-        http://gcc.gnu.org/viewcvs/trunk/libjava/classpath/native/fdlibm/dtoa.c?view=markup.
-
-        * wtf/dtoa.cpp:
-        (WTF::ulp):
-        (WTF::b2d):
-        (WTF::ratio):
-        (WTF::hexnan):
-        (WTF::strtod):
-        (WTF::dtoa):
-
-2009-04-04  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix for Win port. Build the assembler sources to get missing functions.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-        * wtf/Platform.h:
-
-2009-04-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin Decker.
-
-        <rdar://problem/6744471> crash in GC due to uninitialized callFunction pointer
-
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Initialize
-        callFunction as we do the other data members that are used in the mark function.
-
-2009-04-02  Yael Aharon  <yael.aharon@nokia.com>
-
-        Reviewed by Simon Hausmann
-
-        https://bugs.webkit.org/show_bug.cgi?id=24490
-
-        Implement WTF::ThreadSpecific in the Qt build using
-        QThreadStorage.
-
-        * wtf/ThreadSpecific.h:
-
-2009-04-01  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24990
-        Put SECTORDER_FLAGS into xcconfig files.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-03-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Fix non-AllInOneFile builds.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-
-2009-03-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improve performance of Function.prototype.call
-        <https://bugs.webkit.org/show_bug.cgi?id=24907>
-
-        Optimistically assume that expression.call(..) is going to be a call to
-        Function.prototype.call, and handle it specially to attempt to reduce the
-        degree of VM reentrancy.
-
-        When everything goes right this removes the vm reentry improving .call()
-        by around a factor of 10.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * parser/Grammar.y:
-        * parser/Nodes.cpp:
-        (JSC::CallFunctionCallDotNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::CallFunctionCallDotNode::):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * runtime/FunctionPrototype.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::mark):
-        * runtime/JSGlobalObject.h:
-
-2009-03-27  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 24884: Include strings.h for strcasecmp()
-        https://bugs.webkit.org/show_bug.cgi?id=24884
-
-        * runtime/DateMath.cpp: Reversed previous change including strings.h
-        * wtf/StringExtras.h: Include strings.h here is available
-
-2009-03-26  Adam Roben  <aroben@apple.com>
-
-        Copy testapi.js to $WebKitOutputDir on Windows
-
-        Part of Bug 24856: run-javascriptcore-tests should run testapi on
-        Windows
-        <https://bugs.webkit.org/show_bug.cgi?id=24856>
-
-        This matches what Mac does, which will help once we enable running
-        testapi from run-javascriptcore-tests on Windows.
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Copy testapi.js next
-        to testapi.exe.
-
-2009-03-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fix exception handling for instanceof in the interpreter.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-03-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed <rdar://problem/6724011> Write to freed memory in JSC::Label::deref
-        when reloading http://helpme.att.net/speedtest/
-
-        * bytecompiler/BytecodeGenerator.h: Reversed the declaration order for
-        m_labelScopes and m_labels to reverse their destruction order.
-        m_labelScopes has references to memory within m_labels, so its destructor
-        needs to run first.
-
-2009-03-24  Eli Fidler  <eli.fidler@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        Correct warnings which in some environments are treated as errors.
-
-        * wtf/dtoa.cpp:
-        (WTF::b2d):
-        (WTF::d2b):
-        (WTF::strtod):
-        (WTF::dtoa):
-
-2009-03-24  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Darin Adler.
-        
-        Explicitly define HAVE_LANGINFO_H on Darwin. Fixes the wx build bot jscore 
-        test failure. 
-        
-        https://bugs.webkit.org/show_bug.cgi?id=24780
-
-        * wtf/Platform.h:
-
-2009-03-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix className() for API defined class
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::className):
-        * API/tests/testapi.c:
-        (EmptyObject_class):
-        (main):
-        * API/tests/testapi.js:
-
-2009-03-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Make testapi assertions run in release builds, so that testapi actually
-        works in a release build.
-
-        Many of the testapi assertions have side effects that are necessary, and
-        given testapi is a testing program, perf impact of an assertion is not
-        important, so it makes sense to apply the assertions in release builds
-        anyway.
-
-        * API/tests/testapi.c:
-        (EvilExceptionObject_hasInstance):
-
-2009-03-23  David Kilzer  <ddkilzer@apple.com>
-
-        Provide JavaScript exception information after slow script timeout
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/Completion.cpp:
-        (JSC::evaluate): Set the exception object as the Completion
-        object's value for slow script timeouts.  This is used in
-        WebCore when reporting the exception.
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::toString): Added.  Provides a
-        description message for the exception when it is reported.
-
-2009-03-23  Gustavo Noronha Silva  <gns@gnome.org> and Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com>
-
-        Reviewed by Adam Roben.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24674
-        Crashes in !PLATFORM(MAC)'s formatLocaleDate, in very specific situations
-
-        Make sure strftime never returns 2-digits years to avoid ambiguity
-        and a crash. We wrap this new code option in HAVE_LANGINFO_H,
-        since it is apparently not available in all platforms.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        * wtf/Platform.h:
-
-2009-03-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix exception handling in API
-
-        We can't just use the ExecState exception slot for returning exceptions
-        from class introspection functions provided through the API as many JSC
-        functions will explicitly clear the ExecState exception when returning.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::JSCallbackObject<Base>::getOwnPropertySlot):
-        (JSC::JSCallbackObject<Base>::put):
-        (JSC::JSCallbackObject<Base>::deleteProperty):
-        (JSC::JSCallbackObject<Base>::construct):
-        (JSC::JSCallbackObject<Base>::hasInstance):
-        (JSC::JSCallbackObject<Base>::call):
-        (JSC::JSCallbackObject<Base>::toNumber):
-        (JSC::JSCallbackObject<Base>::toString):
-        (JSC::JSCallbackObject<Base>::staticValueGetter):
-        (JSC::JSCallbackObject<Base>::callbackGetter):
-        * API/tests/testapi.c:
-        (MyObject_hasProperty):
-        (MyObject_getProperty):
-        (MyObject_setProperty):
-        (MyObject_deleteProperty):
-        (MyObject_callAsFunction):
-        (MyObject_callAsConstructor):
-        (MyObject_hasInstance):
-        (EvilExceptionObject_hasInstance):
-        (EvilExceptionObject_convertToType):
-        (EvilExceptionObject_class):
-        (main):
-        * API/tests/testapi.js:
-        (EvilExceptionObject.hasInstance):
-        (EvilExceptionObject.toNumber):
-        (EvilExceptionObject.toStringExplicit):
-
-2009-03-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 20049: testapi failure: MyObject - 0 should be NaN but instead is 1.
-        <https://bugs.webkit.org/show_bug.cgi?id=20049>
-        <rdar://problem/6079127>
-
-        In this case, the test is wrong. According to the ECMA spec, subtraction
-        uses ToNumber, not ToPrimitive. Change the test to match the spec.
-
-        * API/tests/testapi.js:
-
-2009-03-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Ensure that JSObjectMakeFunction doesn't produce incorrect line numbers.
-
-        Also make test api correctly propagate failures.
-
-        * API/tests/testapi.c:
-        (main):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-
-2009-03-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Improve testapi by making it report failures in a way we can pick up
-        from our test scripts.
-
-        * API/tests/testapi.c:
-        (assertEqualsAsBoolean):
-        (assertEqualsAsNumber):
-        (assertEqualsAsUTF8String):
-        (assertEqualsAsCharactersPtr):
-        (main):
-        * API/tests/testapi.js:
-        (pass):
-        (fail):
-        (shouldBe):
-        (shouldThrow):
-
-2009-03-20  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24535
-
-        Fixes missing line terminator character (;) after macro call.
-        It is common practice to add the trailing ";" where macros are substituted
-        and not where they are defined with #define.
-        This change is consistent with other macro declarations across webkit,
-        and it also solves compilation failure with symbian compilers. 
- 
-        * runtime/UString.cpp:
-        * wtf/Assertions.h:
-
-2009-03-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed a JavaScriptCore crash on the Windows buildbot.
-
-        * bytecompiler/BytecodeGenerator.h: Reduced the AST recursion limit.
-        Apparently, Windows has small stacks.
-
-2009-03-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        A little cleanup in the RegisterFile code.
-        
-        Moved large inline functions out of the class declaration, to make it
-        more readable.
-        
-        Switched over to using the roundUpAllocationSize function to avoid
-        duplicate code and subtle bugs.
-        
-        Renamed m_maxCommitted to m_commitEnd, to match m_end.
-        
-        Renamed allocationSize to commitSize because it's the chunk size for
-        committing memory, not allocating memory.
-        
-        SunSpider reports no change.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::shrink):
-        (JSC::RegisterFile::grow):
-        * jit/ExecutableAllocator.h:
-        (JSC::roundUpAllocationSize):
-
-2009-03-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed <rdar://problem/6033712> -- a little bit of hardening in the Collector.
-        
-        SunSpider reports no change. I also verified in the disassembly that
-        we end up with a single compare to constant.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::heapAllocate):
-
-2009-03-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich and Oliver Hunt.
-
-        Fixed <rdar://problem/6406045> REGRESSION: Stack overflow on PowerPC on
-        fast/workers/use-machine-stack.html (22531)
-
-        Dialed down the re-entry allowance to 64 (from 128).
-        
-        On a 512K stack, this leaves about 64K for other code on the stack while
-        JavaScript is running. Not perfect, but it solves our crash on PPC.
-
-        Different platforms may want to dial this down even more.
-
-        Also, substantially shrunk BytecodeGenerator. Since we allocate one on
-        the stack in order to throw a stack overflow exception -- well, let's
-        just say the old code had an appreciation for irony.
-
-        SunSpider reports no change.
-
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.h:
-        (JSC::):
-
-2009-03-19  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 24350: REGRESSION: Safari 4 breaks SPAW wysiwyg editor multiple instances
-        <https://bugs.webkit.org/show_bug.cgi?id=24350>
-        <rdar://problem/6674182>
-
-        The SPAW editor's JavaScript assumes that toString() on a function
-        constructed with the Function constructor produces a function with
-        a newline after the opening brace.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction): Add a newline after the opening brace of the
-        function's source code.
-
-2009-03-19  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoff Garen.
-
-        Bug 23771: REGRESSION (r36016): JSObjectHasProperty freezes on global class without kJSClassAttributeNoAutomaticPrototype
-        <https://bugs.webkit.org/show_bug.cgi?id=23771>
-        <rdar://problem/6561016>
-
-        * API/tests/testapi.c:
-        (main): Add a test for this bug.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::resetPrototype): Don't set the prototype of the
-        last object in the prototype chain to the object prototype when the
-        object prototype is already the last object in the prototype chain.
-
-2009-03-19  Timothy Hatcher  <timothy@apple.com>
-
-        <rdar://problem/6687342> -[WebView scheduleInRunLoop:forMode:] has no affect on timers
-
-        Reviewed by Darin Adler.
-
-        * wtf/Platform.h: Added HAVE_RUNLOOP_TIMER for PLATFORM(MAC).
-
-2009-03-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed <rdar://problem/6279213> Regular expression run-time complexity
-        limit too low for long inputs (21485)
-        
-        I raised PCRE's "matchLimit" (limit on backtracking) by an order of
-        magnitude. This fixes all the reported examples of timing out on legitimate
-        regular expression matches.
-        
-        In my testing on a Core Duo MacBook Pro, the longest you can get stuck
-        trying to match a string is still under 1s, so this seems like a safe change.
-        
-        I can think of a number of better solutions that are more complicated,
-        but this is a good improvement for now.
-
-        * pcre/pcre_exec.cpp:
-
-2009-03-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed <rdar://problem/6603562> REGRESSION (Safari 4): regular expression
-        pattern size limit lower than Safari 3.2, other browsers, breaks SAP (14873)
-        
-        Bumped the pattern size limit to 1MB, and standardized it between PCRE
-        and WREC. (Empirical testing says that we can easily compile a 1MB regular
-        expression without risking a hang. Other browsers support bigger regular
-        expressions, but also hang.)
-        
-        SunSpider reports no change.
-        
-        I started with a patch posted to Bugzilla by Erik Corry (erikcorry@google.com).
-        
-        * pcre/pcre_internal.h:
-        (put3ByteValue):
-        (get3ByteValue):
-        (put3ByteValueAndAdvance):
-        (putLinkValueAllowZero):
-        (getLinkValueAllowZero): Made PCRE's "LINK_SIZE" (the number of bytes
-        used to record jumps between bytecodes) 3, to accomodate larger potential
-        jumps. Bumped PCRE's "MAX_PATTERN_SIZE" to 1MB. (Technically, at this
-        LINK_SIZE, we can support even larger patterns, but we risk a hang during
-        compilation, and it's not clear that such large patterns are important
-        on the web.)
-
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp): Match PCRE's maximum pattern size,
-        to avoid quirks between platforms.
-
-2009-03-18  Ada Chan  <adachan@apple.com>
-
-        Rolling out r41818 since it broke the windows build.
-        Error: ..\..\runtime\DatePrototype.cpp(30) : fatal error C1083: Cannot open include file: 'langinfo.h': No such file or directory
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-
-2009-03-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        <rdar://problem/6692138> REGRESSION (Safari 4): Incorrect function return value when using IE "try ... finally" memory leak work-around (24654)
-        <https://bugs.webkit.org/show_bug.cgi?id=24654>
-
-        If the return value for a function is in a local register we need
-        to copy it before executing any finalisers, otherwise it is possible
-        for the finaliser to clobber the result.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::hasFinaliser):
-        * parser/Nodes.cpp:
-        (JSC::ReturnNode::emitBytecode):
-
-2009-03-17  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Mark Rowe.
-        
-        Move BUILDING_ON_* defines into Platform.h to make them available to other ports.
-        Also tweak the defines so that they work with the default values set by 
-        AvailabilityMacros.h.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24630
-
-        * JavaScriptCorePrefix.h:
-        * wtf/Platform.h:
-
-2009-03-15  Simon Fraser  <simon.fraser@apple.com>
-
-        Revert r41718 because it broke DumpRenderTree on Tiger.
-
-        * JavaScriptCorePrefix.h:
-        * wtf/Platform.h:
-
-2009-03-15  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Non-Apple Mac ports build fix. Move defines for the BUILDING_ON_ macros into
-        Platform.h so that they're defined for all ports building on Mac, and tweak
-        the definitions of those macros based on Mark Rowe's suggestions to accomodate
-        cases where the values may not be <= to the .0 release for that version.
-
-        * JavaScriptCorePrefix.h:
-        * wtf/Platform.h:
-
-2009-03-13  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Dan Bernstein.
-
-        Take advantage of the ability of recent versions of Xcode to easily switch the active
-        architecture.
-
-        * Configurations/DebugRelease.xcconfig:
-
-2009-03-13  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Prevent AllInOneFile.cpp and ProfileGenerator.cpp from rebuilding unnecessarily when
-        switching between building in Xcode and via build-webkit.
-
-        build-webkit passes FEATURE_DEFINES to xcodebuild, resulting in it being present in the
-        Derived Sources build settings.  When building in Xcode, this setting isn't present so
-        Xcode reruns the script build phases.  This results in a new version of TracingDtrace.h
-        being generated, and the files that include it being rebuilt.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:  Don't regenerate TracingDtrace.h if it is
-        already newer than the input file.
-
-2009-03-13  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Resolved name conflict with globally defined tzname in Symbian.
-        Replaced with different name instead of using namespace qualifier
-        (appeared to be less clumsy).
-
-        * runtime/DateMath.cpp:
-
-2009-03-12  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/6548446> TCMalloc_SystemRelease should use madvise rather than re-mmaping span of pages
-
-        * wtf/FastMalloc.cpp:
-        (WTF::mergeDecommittedStates): If either of the spans has been released to the system, release the other
-        span as well so that the flag in the merged span is accurate.
-        * wtf/Platform.h:
-        * wtf/TCSystemAlloc.cpp: Track decommitted spans when using MADV_FREE_REUSABLE / MADV_FREE_REUSE.
-        (TCMalloc_SystemRelease): Use madvise with MADV_FREE_REUSABLE when it is available.
-        (TCMalloc_SystemCommit): Use madvise with MADV_FREE_REUSE when it is available.
-        * wtf/TCSystemAlloc.h:
-
-2009-03-12  Adam Treat  <adam.treat@torchmobile.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Include string.h for strlen usage.
-
-        * wtf/Threading.cpp:
-
-2009-03-12  David Kilzer  <ddkilzer@apple.com>
-
-        Add NO_RETURN attribute to runInteractive() when not using readline
-
-        Reviewed by Darin Adler.
-
-        * jsc.cpp:
-        (runInteractive): If the readline library is not used, this method
-        will never return, thus the NO_RETURN attribute is needed to prevent
-        a gcc warning.
-
-2009-03-12  Adam Roben  <aroben@apple.com>
-
-        Adopt setThreadNameInternal on Windows
-
-        Also changed a Windows-only assertion about thread name length to an
-        all-platform log message.
-
-        Reviewed by Adam Treat.
-
-        * wtf/Threading.cpp:
-        (WTF::createThread): Warn if the thread name is longer than 31
-        characters, as Visual Studio will truncate names longer than that
-        length.
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::setThreadNameInternal): Renamed from setThreadName and changed
-        to always operate on the current thread.
-        (WTF::initializeThreading): Changed to use setThreadNameInternal.
-        (WTF::createThreadInternal): Removed call to setThreadName. This is
-        now handled by threadEntryPoint and setThreadNameInternal.
-
-2009-03-11  David Kilzer  <ddkilzer@apple.com>
-
-        Clarify comments regarding order of FEATURE_DEFINES
-
-        Rubber-stamped by Mark Rowe.
-
-        * Configurations/JavaScriptCore.xcconfig: Added warning about
-        the consequences when FEATURE_DEFINES are not kept in sync.
-
-2009-03-11  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Darin Adler.
-
-        - WTF support for fixing <rdar://problem/3919124> Thai text selection
-          in Safari is incorrect
-
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added. Returns
-        whether the character has Unicode line breaking property value SA
-        ("Complex Context").
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added an
-        implementation that always returns false.
-
-2009-03-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Give threads names on platforms with pthread_setname_np.
-
-        * wtf/Threading.cpp:
-        (WTF::NewThreadContext::NewThreadContext): Initialize thread name.
-        (WTF::threadEntryPoint): Call setThreadNameInternal.
-        (WTF::createThread): Pass thread name.
-
-        * wtf/Threading.h: Added new comments, setThreadNameInternal.
-
-        * wtf/ThreadingGtk.cpp:
-        (WTF::setThreadNameInternal): Added. Empty.
-        * wtf/ThreadingNone.cpp:
-        (WTF::setThreadNameInternal): Added. Empty.
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::setThreadNameInternal): Call pthread_setname_np when available.
-        * wtf/ThreadingQt.cpp:
-        (WTF::setThreadNameInternal): Added. Empty.
-        * wtf/ThreadingWin.cpp:
-        (WTF::setThreadNameInternal): Added. Empty.
-
-2009-03-11  Adam Roben  <aroben@apple.com>
-
-        Change the Windows implementation of ThreadSpecific to use functions
-        instead of extern globals
-
-        This will make it easier to export ThreadSpecific from WebKit.
-
-        Reviewed by John Sullivan.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript): 
-        Touched this file to force ThreadSpecific.h to be copied into
-        $WebKitOutputDir.
-
-        * wtf/ThreadSpecific.h: Replaced g_tls_key_count with tlsKeyCount()
-        and g_tls_keys with tlsKeys().
-
-        (WTF::::ThreadSpecific):
-        (WTF::::~ThreadSpecific):
-        (WTF::::get):
-        (WTF::::set):
-        (WTF::::destroy):
-        Updated to use the new functions.
-
-        * wtf/ThreadSpecificWin.cpp:
-        (WTF::tlsKeyCount):
-        (WTF::tlsKeys):
-        Added.
-
-        (WTF::ThreadSpecificThreadExit): Changed to use the new functions.
-
-2009-03-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoff Garen.
-
-        Bug 24291: REGRESSION (r38635): Single line JavaScript comment prevents HTML button click handler execution
-        <https://bugs.webkit.org/show_bug.cgi?id=24291>
-        <rdar://problem/6663472>
-
-        Add an extra newline to the end of the body of the program text constructed
-        by the Function constructor for parsing. This allows single line comments to
-        be handled correctly by the parser.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-
-2009-03-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug 24447: REGRESSION (r41508): Google Maps does not complete initialization
-        <rdar://problem/6657774>
-
-        r41508 actually exposed a pre-existing bug where we were not invalidating the result
-        register cache at jump targets.  This causes problems when condition loads occur in an
-        expression -- namely through the ?: and || operators.  This patch corrects these issues
-        by marking the target of all forward jumps as being a jump target, and then clears the
-        result register cache when ever it starts generating code for a targeted instruction.
-
-        I do not believe it is possible to cause this class of failure outside of a single
-        expression, and expressions only provide forward branches, so this should resolve this
-        entire class of bug.  That said i've included a test case that gets as close as possible
-        to hitting this bug with a back branch, to hopefully prevent anyone from introducing the
-        problem in future.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Label::isUsed):
-        (JSC::AbstractMacroAssembler::Label::used):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::JmpDst::JmpDst):
-        (JSC::X86Assembler::JmpDst::isUsed):
-        (JSC::X86Assembler::JmpDst::used):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2009-03-09  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Bug 23175: String and UString should be able to share a UChar* buffer.
-        <https://bugs.webkit.org/show_bug.cgi?id=23175>
-
-        Add CrossThreadRefCounted.
-
-        * wtf/CrossThreadRefCounted.h: Added.
-        (WTF::CrossThreadRefCounted::create):
-        (WTF::CrossThreadRefCounted::isShared):
-        (WTF::CrossThreadRefCounted::dataAccessMustBeThreadSafe):
-        (WTF::CrossThreadRefCounted::mayBePassedToAnotherThread):
-        (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
-        (WTF::CrossThreadRefCounted::~CrossThreadRefCounted):
-        (WTF::CrossThreadRefCounted::ref):
-        (WTF::CrossThreadRefCounted::deref):
-        (WTF::CrossThreadRefCounted::release):
-        (WTF::CrossThreadRefCounted::copy):
-        (WTF::CrossThreadRefCounted::threadSafeDeref):
-        * wtf/RefCounted.h:
-        * wtf/Threading.h:
-        (WTF::ThreadSafeSharedBase::ThreadSafeSharedBase):
-        (WTF::ThreadSafeSharedBase::derefBase):
-        (WTF::ThreadSafeShared::ThreadSafeShared):
-        (WTF::ThreadSafeShared::deref):
-
-2009-03-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by George Staikos.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24353
-        Allow to overrule default build options for Qt build.
-
-        * JavaScriptCore.pri: Allow to overrule ENABLE_JIT
-
-2009-03-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Build fix.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-
-2009-03-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 24268: RuntimeArray is not a fully implemented JSArray
-        <https://bugs.webkit.org/show_bug.cgi?id=24268>
-
-        Don't cast a type to JSArray, just because it reportsArray as a supertype
-        in the JS type system.  Doesn't appear feasible to create a testcase
-        unfortunately as setting up the failure conditions requires internal access 
-        to JSC not present in DRT.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-
-2009-03-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        When preforming an op_mov, preserve any existing register mapping.
-
-        ~0.5% progression on v8 tests x86-64.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2009-03-05  Simone Fiorentino  <simone.fiorentino@consulenti.fastweb.it>
-
-        Bug 24382: request to add SH4 platform
-
-        <https://bugs.webkit.org/show_bug.cgi?id=24382>
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h: Added support for SH4 platform.
-
-2009-03-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Writes of constant values to SF registers should be made with direct memory
-        writes where possible, rather than moving the value via a hardware register.
-
-        ~3% win on SunSpider tests on x86, ~1.5% win on v8 tests on x86-64.
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::storePtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movq_i32m):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2009-03-05  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build.
-
-        Sprinkle "static" around NumberConstructor.cpp in order to please the compiler.
-
-        * runtime/NumberConstructor.cpp:
-        (JSC::numberConstructorNaNValue):
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-
-2009-03-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6354858> FastMallocZone's enumeration code reports fragmented administration space
-
-        The handling of MALLOC_ADMIN_REGION_RANGE_TYPE in FastMalloc's zone was incorrect.  It was attempting
-        to record the memory containing and individual span as an administrative region, when all memory
-        allocated via MetaDataAlloc should in fact be recorded.  This was causing memory regions allocated
-        via MetaDataAlloc to appear as "VM_ALLOCATE ?" in vmmap output.  They are now correctly reported as
-        "MALLOC_OTHER" regions associated with the JavaScriptCore FastMalloc zone.
-
-        Memory is allocated via MetaDataAlloc from two locations: PageHeapAllocator, and TCMalloc_PageMap{2,3}.
-        These two cases are handled differently.
-
-        PageHeapAllocator is extended to keep a linked list of memory regions that it has allocated.  The
-        first object in an allocated region contains the link to the previously allocated region. To record
-        the administrative regions of a PageHeapAllocator we can simply walk the linked list and record
-        each allocated region we encounter.
-
-        TCMalloc_PageMaps allocate memory via MetaDataAlloc to store each level of the radix tree.  To record
-        the administrative regions of a TCMalloc_PageMap we walk the tree and record the storage used for nodes
-        at each position rather than the nodes themselves.
-
-        A small performance improvement is achieved by coalescing adjacent memory regions inside the PageMapMemoryUsageRecorder
-        so that fewer calls in to the range recorder are necessary.  We further reduce the number of calls to the
-        range recorder by aggregating the in-use ranges of a given memory region into a local buffer before recording
-        them with a single call.  A similar approach is also used by AdminRegionRecorder.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::PageHeapAllocator::Init):
-        (WTF::PageHeapAllocator::New):
-        (WTF::PageHeapAllocator::recordAdministrativeRegions):
-        (WTF::TCMallocStats::FreeObjectFinder::isFreeObject):
-        (WTF::TCMallocStats::PageMapMemoryUsageRecorder::~PageMapMemoryUsageRecorder):
-        (WTF::TCMallocStats::PageMapMemoryUsageRecorder::recordPendingRegions):
-        (WTF::TCMallocStats::PageMapMemoryUsageRecorder::visit):
-        (WTF::TCMallocStats::AdminRegionRecorder::AdminRegionRecorder):
-        (WTF::TCMallocStats::AdminRegionRecorder::recordRegion):
-        (WTF::TCMallocStats::AdminRegionRecorder::visit):
-        (WTF::TCMallocStats::AdminRegionRecorder::recordPendingRegions):
-        (WTF::TCMallocStats::AdminRegionRecorder::~AdminRegionRecorder):
-        (WTF::TCMallocStats::FastMallocZone::enumerate):
-        (WTF::TCMallocStats::FastMallocZone::FastMallocZone):
-        (WTF::TCMallocStats::FastMallocZone::init):
-        * wtf/TCPageMap.h:
-        (TCMalloc_PageMap2::visitValues):
-        (TCMalloc_PageMap2::visitAllocations):
-        (TCMalloc_PageMap3::visitValues):
-        (TCMalloc_PageMap3::visitAllocations):
-
-2009-03-04  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24359
-        Repaint throttling mechanism
-        
-        Set ENABLE_REPAINT_THROTTLING to 0 by default.
-
-        * wtf/Platform.h:
-
-2009-03-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6581203> WebCore and WebKit should install the same set of headers during installhdrs phase as build phase
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Defined REAL_PLATFORM_NAME based
-        on PLATFORM_NAME to work around the missing definition on Tiger.
-        Updated HAVE_DTRACE to use REAL_PLATFORM_NAME.
-
-2009-03-03  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6639110> console.profile() doesn't work without a title
-
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::startProfiling): assert if there is not title to ensure
-        we don't start profiling without one.
-
-2009-03-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Enable Geolocation (except on Tiger and Leopard).
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2009-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6635688> Move HAVE_DTRACE check to Base.xcconfig
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Set HAVE_DTRACE Xcode variable
-        based on PLATFORM_NAME and MAC_OS_X_VERSION_MAJOR.  Also define
-        it as a preprocessor macro by modifying
-        GCC_PREPROCESSOR_DEFINITIONS.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Changed "Generate
-        DTrace header" script phase to check for HAVE_DTRACE instead of
-        MACOSX_DEPLOYMENT_TARGET.
-        * wtf/Platform.h: Removed definition of HAVE_DTRACE macro since
-        it's defined in Base.xcconfig now.
-
-2009-03-01  Horia Olaru  <olaru@adobe.com>
-
-        By looking in grammar.y there are only a few types of statement nodes
-        on which the debugger should stop. 
-
-        Removed isBlock and isLoop virtual calls. No need to emit debug hooks in
-        the "statementListEmitCode" method as long as the necessary hooks can be
-        added in each "emitCode".
-
-        https://bugs.webkit.org/show_bug.cgi?id=21073
-
-        Reviewed by Kevin McCullough.
-
-        * parser/Nodes.cpp:
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::statementListEmitCode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        * parser/Nodes.h:
-
-2009-02-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fix bug #23614.  Switches on double precision values were incorrectly
-        truncating the scrutinee value.  E.g.:
-
-            switch (1.1) { case 1: print("FAIL"); }
-
-        Was resulting in FAIL.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_switch_imm):
-
-2009-02-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Integer Immediate representation need not be canonical in x86 JIT code.
-        On x86-64 we already have loosened the requirement that the int immediate
-        representation in canonical, we should bring x86 into line.
-
-        This patch is a minor (~0.5%) improvement on sunspider & v8-tests, and
-        should reduce memory footoprint (reduces JIT code size).
-
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JSC::JIT::emitJumpIfImmediateNumber):
-        (JSC::JIT::emitJumpIfNotImmediateNumber):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::JIT::compileBinaryArithOp):
-
-2009-02-26  Carol Szabo  <carol.szabo@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24099
-        ARM Compiler Warnings in pcre_exec.cpp
-
-        * pcre/pcre_exec.cpp:
-        (match):
-
-2009-02-25  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug 24086: Regression (r40993): WebKit crashes after logging in to lists.zenbe
-        <https://bugs.webkit.org/show_bug.cgi?id=24086>
-        <rdar://problem/6625111>
-
-        The numeric sort optimization in r40993 generated bytecode for a function
-        without generating JIT code. This breaks an assumption in some parts of
-        the JIT's function calling logic that the presence of a CodeBlock implies
-        the existence of JIT code.
-
-        In order to fix this, we simply generate JIT code whenever we check whether
-        a function is a numeric sort function. This only incurs an additional cost
-        in the case when the function is a numeric sort function, in which case it
-        is not expensive to generate JIT code for it.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-
-2009-02-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed <rdar://problem/6611174> REGRESSION (r36701): Unable to select
-        messages on hotmail (24052)
-        
-        The bug was that for-in enumeration used a cached prototype chain without
-        validating that it was up-to-date.
-        
-        This led me to refactor prototype chain caching so it was easier to work
-        with and harder to get wrong.
-        
-        After a bit of inlining, this patch is performance-neutral on SunSpider
-        and the v8 benchmarks.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::tryCachePutByID):
-        (JSC::JITStubs::tryCacheGetByID):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list): Use the new refactored goodness. See
-        lines beginning with "-" and smile.
-
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeForLookup): A shout out to const.
-
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::next): We can use a pointer comparison to
-        see if our cached structure chain is equal to the object's structure chain,
-        since in the case of a cache hit, we share references to the same structure
-        chain.
-
-        * runtime/Operations.h:
-        (JSC::countPrototypeChainEntriesAndCheckForProxies): Use the new refactored
-        goodness.
-
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::setShouldCache):
-        (JSC::PropertyNameArray::shouldCache): Renamed "cacheable" to "shouldCache"
-        to communicate that the client is specifying a recommendation, not a
-        capability.
-        
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure): No need to initialize a RefPtr.
-        (JSC::Structure::getEnumerablePropertyNames): Moved some code into helper
-        functions.
-
-        (JSC::Structure::prototypeChain): New centralized accessor for a prototype
-        chain. Revalidates on every access, since the objects in the prototype
-        chain may have mutated.
-
-        (JSC::Structure::isValid): Helper function for revalidating a cached
-        prototype chain.
-
-        (JSC::Structure::getEnumerableNamesFromPropertyTable):
-        (JSC::Structure::getEnumerableNamesFromClassInfoTable): Factored out of
-        getEnumerablePropertyNames.
-
-        * runtime/Structure.h:
-
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create): No need for structureChainsAreEqual, since
-        we use pointer equality now. Refactored StructureChain to make a little
-        more sense and eliminate special cases for null prototypes.
-
-2009-02-25  Steve Falkenburg  <sfalken@apple.com>
-
-        Use timeBeginPeriod to enable timing resolution greater than 16ms in command line jsc for Windows.
-        Allows more accurate reporting of benchmark times via command line jsc.exe. Doesn't affect WebKit's use of JavaScriptCore.
-        
-        Reviewed by Adam Roben.
-
-        * jsc.cpp:
-        (main):
-
-2009-02-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix?
-
-        * GNUmakefile.am:
-
-2009-02-24  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6259220> Rename AVAILABLE_AFTER_WEBKIT_VERSION_3_1 (etc.) to match the other macros
-
-        * API/JSBasePrivate.h:
-        * API/JSContextRef.h:
-        * API/JSObjectRef.h:
-        * API/WebKitAvailability.h:
-
-2009-02-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Next step in splitting JIT functionality out of the Interpreter class:
-        Moved vptr storage from Interpreter to JSGlobalData, so it could be shared
-        between Interpreter and JITStubs, and moved the *Trampoline JIT stubs
-        into the JITStubs class. Also added a VPtrSet class to encapsulate vptr
-        hacks during JSGlobalData initialization.
-        
-        SunSpider says 0.4% faster. Meh.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::JITStubs):
-        (JSC::JITStubs::tryCacheGetByID):
-        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_byte_array):
-        (JSC::JITStubs::cti_op_put_by_val):
-        (JSC::JITStubs::cti_op_put_by_val_array):
-        (JSC::JITStubs::cti_op_put_by_val_byte_array):
-        (JSC::JITStubs::cti_op_is_string):
-        * jit/JITStubs.h:
-        (JSC::JITStubs::ctiArrayLengthTrampoline):
-        (JSC::JITStubs::ctiStringLengthTrampoline):
-        (JSC::JITStubs::ctiVirtualCallPreLink):
-        (JSC::JITStubs::ctiVirtualCallLink):
-        (JSC::JITStubs::ctiVirtualCall):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply):
-        * runtime/JSArray.h:
-        (JSC::isJSArray):
-        * runtime/JSByteArray.h:
-        (JSC::asByteArray):
-        (JSC::isJSByteArray):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::VPtrSet::VPtrSet):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::sharedInstance):
-        * runtime/JSGlobalData.h:
-        * runtime/JSString.h:
-        (JSC::isJSString):
-        * runtime/Operations.h:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp):
-
-2009-02-23  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 23787: Allow JIT to generate SSE2 code if using GCC
-        <https://bugs.webkit.org/show_bug.cgi?id=23787>
-
-        GCC version of the cpuid check.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::isSSE2Present): previous assembly code fixed.
-
-2009-02-23  David Levin  <levin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Bug 24047: Need to simplify nested if's in WorkerRunLoop::runInMode
-        <https://bugs.webkit.org/show_bug.cgi?id=24047>
-
-        * wtf/MessageQueue.h:
-        (WTF::MessageQueue::infiniteTime):
-        Allows for one to call waitForMessageFilteredWithTimeout and wait forever.
-
-        (WTF::MessageQueue::alwaysTruePredicate):
-        (WTF::MessageQueue::waitForMessage):
-        Made waitForMessage call waitForMessageFilteredWithTimeout, so that there is less
-        duplicate code.
-
-        (WTF::MessageQueue::waitForMessageFilteredWithTimeout):
-
-        * wtf/ThreadingQt.cpp:
-        (WTF::ThreadCondition::timedWait):
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadCondition::timedWait):
-        Made these two implementations consistent with the pthread and gtk implementations.
-        Currently, the time calculations would overflow when passed large values.
-
-2009-02-23  Jeremy Moskovich  <jeremy@chromium.org>
-
-        Reviewed by Adam Roben.
-
-        https://bugs.webkit.org/show_bug.cgi?id=24096
-        PLATFORM(MAC)->PLATFORM(CF) since we want to use the CF functions in Chrome on OS X.
-
-        * wtf/CurrentTime.cpp:
-
-2009-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix?
-
-        * GNUmakefile.am:
-
-2009-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * GNUmakefile.am:
-
-2009-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Next step in splitting JIT functionality out of the Interpreter class:
-        Created a JITStubs class and renamed Interpreter::cti_* to JITStubs::cti_*.
-        
-        Also, moved timeout checking into its own class, located in JSGlobalData,
-        so both the Interpreter and the JIT could have access to it.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * interpreter/CallFrame.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * interpreter/Register.h:
-        * jit/JIT.cpp:
-        (JSC::):
-        (JSC::JIT::emitTimeoutCheck):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArithSlow_op_lshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_bitand):
-        (JSC::JIT::compileFastArithSlow_op_mod):
-        (JSC::JIT::compileFastArith_op_mod):
-        (JSC::JIT::compileFastArithSlow_op_post_inc):
-        (JSC::JIT::compileFastArithSlow_op_post_dec):
-        (JSC::JIT::compileFastArithSlow_op_pre_inc):
-        (JSC::JIT::compileFastArithSlow_op_pre_dec):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArith_op_sub):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::compileFastArithSlow_op_add):
-        (JSC::JIT::compileFastArithSlow_op_mul):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::tryCachePutByID):
-        (JSC::JITStubs::tryCacheGetByID):
-        (JSC::JITStubs::cti_op_convert_this):
-        (JSC::JITStubs::cti_op_end):
-        (JSC::JITStubs::cti_op_add):
-        (JSC::JITStubs::cti_op_pre_inc):
-        (JSC::JITStubs::cti_timeout_check):
-        (JSC::JITStubs::cti_register_file_check):
-        (JSC::JITStubs::cti_op_loop_if_less):
-        (JSC::JITStubs::cti_op_loop_if_lesseq):
-        (JSC::JITStubs::cti_op_new_object):
-        (JSC::JITStubs::cti_op_put_by_id_generic):
-        (JSC::JITStubs::cti_op_get_by_id_generic):
-        (JSC::JITStubs::cti_op_put_by_id):
-        (JSC::JITStubs::cti_op_put_by_id_second):
-        (JSC::JITStubs::cti_op_put_by_id_fail):
-        (JSC::JITStubs::cti_op_get_by_id):
-        (JSC::JITStubs::cti_op_get_by_id_second):
-        (JSC::JITStubs::cti_op_get_by_id_self_fail):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list):
-        (JSC::JITStubs::cti_op_get_by_id_proto_list_full):
-        (JSC::JITStubs::cti_op_get_by_id_proto_fail):
-        (JSC::JITStubs::cti_op_get_by_id_array_fail):
-        (JSC::JITStubs::cti_op_get_by_id_string_fail):
-        (JSC::JITStubs::cti_op_instanceof):
-        (JSC::JITStubs::cti_op_del_by_id):
-        (JSC::JITStubs::cti_op_mul):
-        (JSC::JITStubs::cti_op_new_func):
-        (JSC::JITStubs::cti_op_call_JSFunction):
-        (JSC::JITStubs::cti_op_call_arityCheck):
-        (JSC::JITStubs::cti_vm_dontLazyLinkCall):
-        (JSC::JITStubs::cti_vm_lazyLinkCall):
-        (JSC::JITStubs::cti_op_push_activation):
-        (JSC::JITStubs::cti_op_call_NotJSFunction):
-        (JSC::JITStubs::cti_op_create_arguments):
-        (JSC::JITStubs::cti_op_create_arguments_no_params):
-        (JSC::JITStubs::cti_op_tear_off_activation):
-        (JSC::JITStubs::cti_op_tear_off_arguments):
-        (JSC::JITStubs::cti_op_profile_will_call):
-        (JSC::JITStubs::cti_op_profile_did_call):
-        (JSC::JITStubs::cti_op_ret_scopeChain):
-        (JSC::JITStubs::cti_op_new_array):
-        (JSC::JITStubs::cti_op_resolve):
-        (JSC::JITStubs::cti_op_construct_JSConstruct):
-        (JSC::JITStubs::cti_op_construct_NotJSConstruct):
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_byte_array):
-        (JSC::JITStubs::cti_op_resolve_func):
-        (JSC::JITStubs::cti_op_sub):
-        (JSC::JITStubs::cti_op_put_by_val):
-        (JSC::JITStubs::cti_op_put_by_val_array):
-        (JSC::JITStubs::cti_op_put_by_val_byte_array):
-        (JSC::JITStubs::cti_op_lesseq):
-        (JSC::JITStubs::cti_op_loop_if_true):
-        (JSC::JITStubs::cti_op_negate):
-        (JSC::JITStubs::cti_op_resolve_base):
-        (JSC::JITStubs::cti_op_resolve_skip):
-        (JSC::JITStubs::cti_op_resolve_global):
-        (JSC::JITStubs::cti_op_div):
-        (JSC::JITStubs::cti_op_pre_dec):
-        (JSC::JITStubs::cti_op_jless):
-        (JSC::JITStubs::cti_op_not):
-        (JSC::JITStubs::cti_op_jtrue):
-        (JSC::JITStubs::cti_op_post_inc):
-        (JSC::JITStubs::cti_op_eq):
-        (JSC::JITStubs::cti_op_lshift):
-        (JSC::JITStubs::cti_op_bitand):
-        (JSC::JITStubs::cti_op_rshift):
-        (JSC::JITStubs::cti_op_bitnot):
-        (JSC::JITStubs::cti_op_resolve_with_base):
-        (JSC::JITStubs::cti_op_new_func_exp):
-        (JSC::JITStubs::cti_op_mod):
-        (JSC::JITStubs::cti_op_less):
-        (JSC::JITStubs::cti_op_neq):
-        (JSC::JITStubs::cti_op_post_dec):
-        (JSC::JITStubs::cti_op_urshift):
-        (JSC::JITStubs::cti_op_bitxor):
-        (JSC::JITStubs::cti_op_new_regexp):
-        (JSC::JITStubs::cti_op_bitor):
-        (JSC::JITStubs::cti_op_call_eval):
-        (JSC::JITStubs::cti_op_throw):
-        (JSC::JITStubs::cti_op_get_pnames):
-        (JSC::JITStubs::cti_op_next_pname):
-        (JSC::JITStubs::cti_op_push_scope):
-        (JSC::JITStubs::cti_op_pop_scope):
-        (JSC::JITStubs::cti_op_typeof):
-        (JSC::JITStubs::cti_op_is_undefined):
-        (JSC::JITStubs::cti_op_is_boolean):
-        (JSC::JITStubs::cti_op_is_number):
-        (JSC::JITStubs::cti_op_is_string):
-        (JSC::JITStubs::cti_op_is_object):
-        (JSC::JITStubs::cti_op_is_function):
-        (JSC::JITStubs::cti_op_stricteq):
-        (JSC::JITStubs::cti_op_nstricteq):
-        (JSC::JITStubs::cti_op_to_jsnumber):
-        (JSC::JITStubs::cti_op_in):
-        (JSC::JITStubs::cti_op_push_new_scope):
-        (JSC::JITStubs::cti_op_jmp_scopes):
-        (JSC::JITStubs::cti_op_put_by_index):
-        (JSC::JITStubs::cti_op_switch_imm):
-        (JSC::JITStubs::cti_op_switch_char):
-        (JSC::JITStubs::cti_op_switch_string):
-        (JSC::JITStubs::cti_op_del_by_val):
-        (JSC::JITStubs::cti_op_put_getter):
-        (JSC::JITStubs::cti_op_put_setter):
-        (JSC::JITStubs::cti_op_new_error):
-        (JSC::JITStubs::cti_op_debug):
-        (JSC::JITStubs::cti_vm_throw):
-        * jit/JITStubs.h:
-        (JSC::):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/TimeoutChecker.cpp: Copied from interpreter/Interpreter.cpp.
-        (JSC::TimeoutChecker::TimeoutChecker):
-        (JSC::TimeoutChecker::reset):
-        (JSC::TimeoutChecker::didTimeOut):
-        * runtime/TimeoutChecker.h: Copied from interpreter/Interpreter.h.
-        (JSC::TimeoutChecker::setTimeoutInterval):
-        (JSC::TimeoutChecker::ticksUntilNextCheck):
-        (JSC::TimeoutChecker::start):
-        (JSC::TimeoutChecker::stop):
-
-2009-02-20  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Unreviewed build fix after r41100.
-
-        * GNUmakefile.am:
-
-2009-02-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/6606660> 2==null returns true in 64bit jit
-
-        Code for op_eq_null and op_neq_null was incorrectly performing
-        a 32bit compare, which truncated the type tag from an integer
-        immediate, leading to incorrect behaviour.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::setPtr):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::setPtr):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2009-02-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        First step in splitting JIT functionality out of the Interpreter class:
-        Created JITStubs.h/.cpp, and moved Interpreter::cti_* into JITStubs.cpp.
-        
-        Functions that the Interpreter and JITStubs share moved to Operations.h/.cpp.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::checkTimeout):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * jit/JITStubs.cpp: Copied from interpreter/Interpreter.cpp.
-        (JSC::Interpreter::cti_op_resolve_base):
-        * jit/JITStubs.h: Copied from interpreter/Interpreter.h.
-        * runtime/Operations.cpp:
-        (JSC::jsAddSlowCase):
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        * runtime/Operations.h:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAdd):
-        (JSC::cachePrototypeChain):
-        (JSC::countPrototypeChainEntriesAndCheckForProxies):
-        (JSC::resolveBase):
-
-2009-02-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix for x86-64. Where the JavaScriptCore text segment lies outside
-        a 2gb range of the heap containing JIT generated code, callbacks
-        from JIT code to the stub functions in Interpreter will be incorrectly
-        linked.
-
-        No performance impact on Sunspider, 1% regression on v8-tests,
-        due to a 3% regression on richards.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Call::Call):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
-        (JSC::AbstractMacroAssembler::PatchBuffer::link):
-        (JSC::AbstractMacroAssembler::PatchBuffer::linkTailRecursive):
-        (JSC::AbstractMacroAssembler::differenceBetween):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::tailRecursiveCall):
-        (JSC::MacroAssembler::makeTailRecursiveCall):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::call):
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::call):
-        (JSC::MacroAssemblerX86_64::moveWithPatch):
-        (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::jmp_r):
-        (JSC::X86Assembler::linkJump):
-        (JSC::X86Assembler::patchJump):
-        (JSC::X86Assembler::patchCall):
-        (JSC::X86Assembler::linkCall):
-        (JSC::X86Assembler::patchAddress):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCTICachePutByID):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompilePutByIdReplace):
-
-2009-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Simplified .call and .apply in preparation for optimizing them. Also,
-        a little cleanup.
-
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall): No need to do any specific conversion on
-        'this' -- op_convert_this will do it if necessary.
-
-        * runtime/JSImmediate.cpp:
-        (JSC::JSImmediate::toThisObject): Slightly relaxed the rules on
-        toThisObject to allow for 'undefined', which can be passed through
-        .call and .apply.
-
-2009-02-19  David Levin  <levin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Bug 23976: MessageQueue needs a way to wait for a message that satisfies an arbitrary criteria.
-        <https://bugs.webkit.org/show_bug.cgi?id=23976>
-
-        * wtf/Deque.h:
-        (WTF::Deque<T>::findIf):
-        * wtf/MessageQueue.h:
-        (WTF::MessageQueue<T>::waitForMessageFiltered):
-
-2009-02-18  David Levin  <levin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Bug 23974: Deque::Remove would be a useful method.
-        <https://bugs.webkit.org/show_bug.cgi?id=23974>
-
-        Add Deque::remove and DequeIteratorBase<T>::operator=.
-
-        Why was operator= added? Every concrete iterator (DequeIterator..DequeConstReverseIterator)
-        was calling DequeIteratorBase::assign(), which called Base::operator=(). Base::operator=()
-        was not implemented. This went unnoticed because the iterator copy code has been unused.
-
-        * wtf/Deque.h:
-        (WTF::Deque<T>::remove):
-        (WTF::DequeIteratorBase<T>::removeFromIteratorsList):
-        (WTF::DequeIteratorBase<T>::operator=):
-        (WTF::DequeIteratorBase<T>::~DequeIteratorBase):
-
-2009-02-18  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Reviewed by Holger Freyther.
-
-        Fix symbols.filter location, and add other missing files to the
-        autotools build, so that make dist works.
-
-        * GNUmakefile.am:
-
-2009-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed failure in js1_5/Regress/regress-168347.js, as seen on the Oliver
-        bot.
-        
-        Technically, both behaviors are OK, but we might as well keep this test
-        passing.
-
-        * runtime/FunctionPrototype.cpp:
-        (JSC::insertSemicolonIfNeeded): No need to add a trailing semicolon
-        after a trailing '}', since '}' ends a block, indicating the end of a
-        statement.
-
-2009-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * runtime/FunctionPrototype.cpp:
-
-2009-02-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Add assertion to guard against oversized pc relative calls.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::link):
-
-2009-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed <rdar://problem/6595040> REGRESSION: http://www.amnestyusa.org/
-        fails to load.
-        
-        amnestyusa.org uses the Optimist JavaScript library, which adds event
-        listeners by concatenating string-ified functions. This is only sure to
-        be syntactically valid if the string-ified functions end in semicolons.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::isWhiteSpace):
-        * parser/Lexer.h:
-        (JSC::Lexer::isWhiteSpace):
-        (JSC::Lexer::isLineTerminator): Added some helper functions for examining
-        whitespace.
-
-        * runtime/FunctionPrototype.cpp:
-        (JSC::appendSemicolonIfNeeded):
-        (JSC::functionProtoFuncToString): When string-ifying a function, insert
-        a semicolon in the last non-whitespace position, if one doesn't already exist.
-
-2009-02-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Roll out r41022 as it breaks qt and gtk builds
-
-        * jit/JITArithmetic.cpp:
-        (JSC::isSSE2Present):
-
-2009-02-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix for <rdar://problem/6468156>
-        REGRESSION (r36779): Adding link, images, flash in TinyMCE blocks entire page (21382)
-
-        No performance regression.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::fillArgList): Add codepath for when the "length" property has been
-        overridden.
-
-2009-02-16  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::):
-        (WTF::TCMallocStats::FastMallocZone::FastMallocZone):
-
-2009-02-16  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 23787: Allow JIT to generate SSE2 code if using GCC
-        <https://bugs.webkit.org/show_bug.cgi?id=23787>
-
-        GCC version of the cpuid check.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::isSSE2Present): GCC assembly code added.
-        6.6% progression on x86 Linux with JIT and WREC on SunSpider if using SSE2 capable machine.
-
-2009-02-13  Adam Treat  <adam.treat@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23960
-        Crash Fix.
-
-        Don't depend on 'initializeThreading()' to come before a call to 'isMainThread()'
-        as QtWebKit only calls 'initializeThreading()' during QWebPage construction.
-
-        A client app may well make a call to QWebSettings::iconForUrl() for instance
-        before creating a QWebPage and that call to QWebSettings triggers an
-        ASSERT(isMainThread()) deep within WebCore.
-
-        * wtf/ThreadingQt.cpp:
-        (WTF::isMainThread):
-
-2009-02-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Some data in the instruction stream is potentially uninitialized - fix this.
-
-        Change the OperandTypes constructor so that uninitialized memory in the int
-        is zeroed, and modify the Instruction constructor taking an Opcode so that
-        if !HAVE(COMPUTED_GOTO) (i.e. when Opcode is an enum, and is potentially only
-        a byte) it zeros the Instruction first before writing the opcode.
-
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        * parser/ResultType.h:
-        (JSC::OperandTypes::OperandTypes):
-
-2009-02-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix for non_JIT platforms.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setIsNumericCompareFunction):
-        (JSC::CodeBlock::isNumericCompareFunction):
-
-2009-02-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed <rdar://problem/6584057> Optimize sort by JS numeric comparison
-        function not to run the comparison function
-        
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setIsNumericCompareFunction):
-        (JSC::CodeBlock::isNumericCompareFunction): Added the ability to track
-        whether a CodeBlock performs a sort-like numeric comparison.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate): Set the isNumericCompareFunction bit
-        after compiling.
-
-        * parser/Nodes.cpp:
-        (JSC::FunctionBodyNode::emitBytecode): Fixed a bug that caused us to
-        codegen an extra return at the end of all functions (eek!), since this
-        made it harder / weirder to detect the numeric comparison pattern in
-        bytecode.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort): Use the isNumericCompareFunction bit to do
-        a faster sort if we can.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::extractFunctionBody):
-        (JSC::constructFunction):
-        * runtime/FunctionConstructor.h: Renamed and exported extractFunctionBody for
-        use in initializing lazyNumericCompareFunction.
-
-        * runtime/JSArray.cpp:
-        (JSC::compareNumbersForQSort):
-        (JSC::compareByStringPairForQSort):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        * runtime/JSArray.h: Added a fast numeric sort. Renamed ArrayQSortPair
-        to be more specific since we do different kinds of qsort now.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::numericCompareFunction):
-        (JSC::JSGlobalData::ClientData::~ClientData):
-        * runtime/JSGlobalData.h: Added helper data for computing the
-        isNumericCompareFunction bit.
-
-2009-02-13  Darin Adler  <darin@apple.com>
-
-        * Configurations/JavaScriptCore.xcconfig: Undo accidental commit of this file.
-
-2009-02-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt and Alexey Proskuryakov.
-
-        Speed up a couple string functions.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncIndexOf): Added a fast path for cases where the second
-        argument is either missing or an integer.
-        (JSC::stringProtoFuncBig): Use jsNontrivialString since the string is guaranteed
-        to be 2 or more characters long.
-        (JSC::stringProtoFuncSmall): Ditto.
-        (JSC::stringProtoFuncBlink): Ditto.
-        (JSC::stringProtoFuncBold): Ditto.
-        (JSC::stringProtoFuncItalics): Ditto.
-        (JSC::stringProtoFuncStrike): Ditto.
-        (JSC::stringProtoFuncSub): Ditto.
-        (JSC::stringProtoFuncSup): Ditto.
-        (JSC::stringProtoFuncFontcolor): Ditto.
-        (JSC::stringProtoFuncFontsize): Make the fast path Sam recently added even faster
-        by avoiding all but the minimum memory allocation.
-        (JSC::stringProtoFuncAnchor): Use jsNontrivialString.
-        (JSC::stringProtoFuncLink): Added a fast path.
-
-        * runtime/UString.cpp:
-        (JSC::UString::find): Added a fast path for single-character search strings.
-
-2009-02-13  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Bug 23926: Race condition in callOnMainThreadAndWait
-        <https://bugs.webkit.org/show_bug.cgi?id=23926>
-
-        * wtf/MainThread.cpp:
-        Removed callOnMainThreadAndWait since it isn't used.
-
-2009-02-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Jon Honeycutt.
-
-        Math.random is really slow on windows.
-
-        Math.random calls WTF::randomNumber which is implemented as
-        the secure rand_s on windows.  Unfortunately rand_s is an order
-        of magnitude slower than arc4random.  For this reason I've
-        added "weakRandomNumber" for use by JavaScript's Math Object.
-        In the long term we should look at using our own secure PRNG
-        in place of the system, but this will do for now.
-
-        30% win on SunSpider on Windows, resolving most of the remaining
-        disparity vs. Mac.
-
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        (JSC::mathProtoFuncRandom):
-        * wtf/RandomNumber.cpp:
-        (WTF::weakRandomNumber):
-        (WTF::randomNumber):
-        * wtf/RandomNumber.h:
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeWeakRandomNumberGenerator):
-
-2009-02-12  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build for other platforms.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-
-2009-02-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove (/reduce) use of hard-wired register names from the JIT.
-        Currently there is no abstraction of registers used in the JIT,
-        which has a number of negative consequences.  Hard-wiring x86
-        register names makes the JIT less portable to other platforms,
-        and prevents us from performing dynamic register allocation to
-        attempt to maintain more temporary values in machine registers.
-        (The latter will be more important on x86-64, where we have more
-        registers to make use of).
-
-        Also, remove MacroAssembler::mod32.  This was not providing a
-        useful abstraction, and was not in keeping with the rest of the
-        MacroAssembler interface, in having specific register requirements.
-
-        * assembler/MacroAssemblerX86Common.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlowScriptCheck):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_lshift):
-        (JSC::JIT::compileFastArithSlow_op_lshift):
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-        (JSC::JIT::compileFastArith_op_bitand):
-        (JSC::JIT::compileFastArithSlow_op_bitand):
-        (JSC::JIT::compileFastArith_op_mod):
-        (JSC::JIT::compileFastArithSlow_op_mod):
-        (JSC::JIT::compileFastArith_op_post_inc):
-        (JSC::JIT::compileFastArithSlow_op_post_inc):
-        (JSC::JIT::compileFastArith_op_post_dec):
-        (JSC::JIT::compileFastArithSlow_op_post_dec):
-        (JSC::JIT::compileFastArith_op_pre_inc):
-        (JSC::JIT::compileFastArithSlow_op_pre_inc):
-        (JSC::JIT::compileFastArith_op_pre_dec):
-        (JSC::JIT::compileFastArithSlow_op_pre_dec):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArith_op_sub):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCallEvalSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::emitPutVirtualRegister):
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-
-2009-02-12  Horia Olaru  <olaru@adobe.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23400
-
-        When throwing an exception within an eval argument string, the dst parameter was
-        modified in the functions below and the return value for eval was altered. Changed
-        the emitNode call in JSC::ThrowNode::emitBytecode to use a temporary register
-        to store its results instead of dst. The JSC::FunctionCallResolveNode::emitBytecode
-        would load the function within the dst registry, also altering the result returned
-        by eval. Replaced it with another temporary.
-
-        * parser/Nodes.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-
-2009-02-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Speed up String.prototype.fontsize.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncFontsize): Specialize for defined/commonly used values.
-
-2009-02-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Correctness fix.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber): Divide by the maximum representable value, which
-        is different on each platform now, to get values between 0 and 1.
-
-2009-02-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-
-2009-02-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed <rdar://problem/6582048>.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber): Make only one call to the random number generator
-        on platforms where the generator is cryptographically secure. The value
-        of randomness over and above cryptographically secure randomness is not
-        clear, and it caused some performance problems.
-
-2009-02-12  Adam Roben  <aroben@apple.com>
-
-        Fix lots of Perl warnings when building JavaScriptCoreGenerated on
-        Windows
-
-        Reviewed by John Sullivan.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-        Create the docs/ directory so that we can write bytecode.html into it.
-        This matches what JavaScriptCore.xcodeproj does.
-
-2009-02-12  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Rubber-stamped by Lars.
-
-        Re-enable the JIT in the Qt build with -fno-stack-protector on Linux.
-
-        * JavaScriptCore.pri:
-
-2009-02-11  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23705
-        Fix the UI freeze caused by Worker generating a flood of messages.
-        Measure time we spend in executing posted work items. If too much time is spent
-        without returning to the run loop, exit and reschedule.
-
-        * wtf/MainThread.h:
-        Added initializeMainThreadPlatform() to initialize low-level mechanism for posting
-        work items from thread to thread. This removes #ifdefs for WIN and CHROMIUM from platform-independent code.
-
-        * wtf/MainThread.cpp:
-        (WTF::initializeMainThread):
-        (WTF::dispatchFunctionsFromMainThread):
-        Instead of dispatching all work items in the queue, dispatch them one by one
-        and measure elapsed time. After a threshold, reschedule and quit.
-
-        (WTF::callOnMainThread):
-        (WTF::callOnMainThreadAndWait):
-        Only schedule dispatch if the queue was empty - to avoid many posted messages in the run loop queue.
-
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-        Use static instance of the mainThreadCaller instead of allocating and releasing it each time.
-        (WTF::initializeMainThreadPlatform):
-        * wtf/gtk/MainThreadChromium.cpp:
-        (WTF::initializeMainThreadPlatform):
-        * wtf/gtk/MainThreadGtk.cpp:
-        (WTF::initializeMainThreadPlatform):
-        * wtf/qt/MainThreadQt.cpp:
-        (WTF::initializeMainThreadPlatform):
-        * wtf/win/MainThreadWin.cpp:
-        (WTF::initializeMainThreadPlatform):
-        * wtf/wx/MainThreadWx.cpp:
-        (WTF::initializeMainThreadPlatform):
-
-2009-02-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Style cleanup.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::CodeLocationCommon):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::operator bool):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::reset):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForSwitch):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForExceptionHandler):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForJSR):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::getJumpDestination):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::CodeLocationJump):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::calleeReturnAddressValue):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::CodeLocationDataLabel32):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::ProcessorReturnAddress):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::operator void*):
-        (JSC::AbstractMacroAssembler::PatchBuffer::link):
-        (JSC::::CodeLocationCommon::labelAtOffset):
-        (JSC::::CodeLocationCommon::jumpAtOffset):
-        (JSC::::CodeLocationCommon::callAtOffset):
-        (JSC::::CodeLocationCommon::dataLabelPtrAtOffset):
-        (JSC::::CodeLocationCommon::dataLabel32AtOffset):
-
-2009-02-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/AbstractMacroAssembler.h: Fix comments.
-
-2009-02-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Trying to fix wx build.
-
-        * bytecode/JumpTable.h: Include "MacroAssembler.h", not <MacroAssembler.h>.
-        * jscore.bkl: Added assembler directory to search paths.
-
-2009-02-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Build
-        fix.
-        (Narrow
-        changelog
-        for
-        dhyatt).
-
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-
-2009-02-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Reduce use of void* / reinterpret_cast in JIT repatching code,
-        add strong types for Calls and for the various types of pointers
-        we retain into the JIT generated instruction stream.
-
-        No performance impact.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
-        (JSC::AbstractMacroAssembler::ImmPtr::asIntptr):
-        (JSC::AbstractMacroAssembler::Imm32::Imm32):
-        (JSC::AbstractMacroAssembler::Label::Label):
-        (JSC::AbstractMacroAssembler::DataLabelPtr::DataLabelPtr):
-        (JSC::AbstractMacroAssembler::Call::Call):
-        (JSC::AbstractMacroAssembler::Call::link):
-        (JSC::AbstractMacroAssembler::Call::linkTo):
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::CodeLocationCommon):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::operator bool):
-        (JSC::AbstractMacroAssembler::CodeLocationCommon::reset):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::CodeLocationLabel):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForSwitch):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForExceptionHandler):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::addressForJSR):
-        (JSC::AbstractMacroAssembler::CodeLocationLabel::getJumpDestination):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::CodeLocationJump):
-        (JSC::AbstractMacroAssembler::CodeLocationJump::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::CodeLocationCall):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::relink):
-        (JSC::AbstractMacroAssembler::CodeLocationCall::calleeReturnAddressValue):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::CodeLocationDataLabel32):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabel32::repatch):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::CodeLocationDataLabelPtr):
-        (JSC::AbstractMacroAssembler::CodeLocationDataLabelPtr::repatch):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::ProcessorReturnAddress):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::relinkCallerToFunction):
-        (JSC::AbstractMacroAssembler::ProcessorReturnAddress::operator void*):
-        (JSC::AbstractMacroAssembler::PatchBuffer::entry):
-        (JSC::AbstractMacroAssembler::PatchBuffer::trampolineAt):
-        (JSC::AbstractMacroAssembler::PatchBuffer::link):
-        (JSC::AbstractMacroAssembler::PatchBuffer::linkTailRecursive):
-        (JSC::AbstractMacroAssembler::PatchBuffer::patch):
-        (JSC::AbstractMacroAssembler::PatchBuffer::locationOf):
-        (JSC::AbstractMacroAssembler::PatchBuffer::returnAddressOffset):
-        (JSC::AbstractMacroAssembler::differenceBetween):
-        (JSC::::CodeLocationCommon::labelAtOffset):
-        (JSC::::CodeLocationCommon::jumpAtOffset):
-        (JSC::::CodeLocationCommon::callAtOffset):
-        (JSC::::CodeLocationCommon::dataLabelPtrAtOffset):
-        (JSC::::CodeLocationCommon::dataLabel32AtOffset):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::call):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::getCallReturnOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (JSC::getStructureStubInfoReturnLocation):
-        (JSC::getCallLinkInfoReturnLocation):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::ctiForValue):
-        (JSC::SimpleJumpTable::ctiForValue):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCatch):
-        (JSC::prepareJumpTableForStringSwitch):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::Interpreter::cti_op_throw):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_op_switch_char):
-        (JSC::Interpreter::cti_op_switch_string):
-        (JSC::Interpreter::cti_vm_throw):
-        * jit/JIT.cpp:
-        (JSC::ctiSetReturnAddress):
-        (JSC::ctiPatchCallByReturnAddress):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::JIT::compileGetByIdSelf):
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdReplace):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compilePatchGetArrayLength):
-        (JSC::JIT::emitCTICall):
-        * jit/JITCall.cpp:
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::linkCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::emitCTICall_internal):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-
-2009-02-10  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r40813
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Added profiler/ to the include
-        path so that Profiler.h can be found.
-
-2009-02-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Provide a class type for a generated block of JIT code.
-        Also changes the return address -> bytecode index map to
-        track the return addess as an unsigned offset into the code
-        instead of a ptrdiff_t in terms of void**s - the latter is
-        equal to the actual offset / sizeof(void*), making it a
-        potentially lossy representation.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::PatchBuffer::returnAddressOffset):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::getCallReturnOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::CallReturnOffsetToBytecodeIndex::CallReturnOffsetToBytecodeIndex):
-        (JSC::getCallReturnOffset):
-        (JSC::CodeBlock::getBytecodeIndex):
-        (JSC::CodeBlock::jitCode):
-        (JSC::CodeBlock::callReturnIndexVector):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
-        (JSC::Interpreter::cti_vm_lazyLinkCall):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::):
-        * jit/JITCall.cpp:
-        (JSC::JIT::linkCall):
-        * jit/JITCode.h: Added.
-        (JSC::):
-        (JSC::JITCode::JITCode):
-        (JSC::JITCode::operator bool):
-        (JSC::JITCode::addressForCall):
-        (JSC::JITCode::offsetOf):
-        (JSC::JITCode::execute):
-
-2009-02-09  John Grabowski  <jrg@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23856
-        Change the definition of "main thread" for Chromium on OSX.
-        It does not match the DARWIN definition.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        (WTF::isMainThread):
-
-2009-02-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Minor bugfix, incorrect check meant that subtraction causing integer overflow
-        would be missed on x86-64 JIT.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOp):
-
-2009-02-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A more sensible register allocation for x86-64.
-
-        When WREC was ported to x86-64 it stuck with the same register allocation as x86.
-        This requires registers to be reordered on entry into WREC generated code, since
-        argument passing is different on x86-64 and x86 (regparm(3)).  This patch switches
-        x86-64 to use a native register allocation, that does not require argument registers
-        to be reordered.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateReturnSuccess):
-        (JSC::WREC::Generator::generateReturnFailure):
-        * wrec/WRECGenerator.h:
-
-2009-02-05  Adam Roben  <aroben@apple.com>
-
-        Build fix
-
-        Rubberstamped by Sam Weinig.
-
-        * wtf/TypeTraits.h: Include Platform.h, since this header uses macros
-        defined there.
-
-2009-02-05  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23747
-        Add Chromium threading-related files.
-
-        * wtf/MainThread.cpp: Added platform guard to initializeMainThread.
-        * wtf/chromium/ChromiumThreading.h: Added.
-        * wtf/chromium/MainThreadChromium.cpp: Added.
-        (WTF::initializeMainThread):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2009-02-05  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Bug 23713: COMPILE_ASSERTS should be moved out of TypeTraits.h and into .cpp file
-        <https://bugs.webkit.org/show_bug.cgi?id=23713>
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-
-        * wtf/HashTraits.h:
-        Remove unnecessary header file that I missed when moving out the type traits form this file.
-
-        * wtf/TypeTraits.cpp: Added.
-        (WTF::):
-        * wtf/TypeTraits.h:
-        Moved the compile asserts into TypeTraits.cpp file.
-
-2009-02-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver 'the nun' Hunt.
-
-        Add -e switch to jsc to enable evaluation of scripts passed on the command line.
-
-        * jsc.cpp:
-        (Script::Script):
-        (runWithScripts):
-        (printUsageStatement):
-        (parseArguments):
-        (jscmain):
-
-2009-02-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam 'Big Mac' Weinig.
-
-        * assembler/AbstractMacroAssembler.h: Copied from assembler/MacroAssembler.h.
-        * assembler/MacroAssemblerX86.h: Copied from assembler/MacroAssembler.h.
-        * assembler/MacroAssemblerX86Common.h: Copied from assembler/MacroAssembler.h.
-        * assembler/MacroAssemblerX86_64.h: Copied from assembler/MacroAssembler.h.
-
-2009-02-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        This patch tidies up the MacroAssembler, cleaning up the code and refactoring out the
-        platform-specific parts.  The MacroAssembler gets split up like a beef burger, with the
-        platform-agnostic data types being the lower bun (in the form of the class AbstractMacroAssembler),
-        the plaform-specific code generation forming a big meaty patty of methods like 'add32',
-        'branch32', etc (MacroAssemblerX86), and finally topped off with the bun-lid of the
-        MacroAssembler class itself, providing covenience methods such as the stack peek & poke,
-        and backwards branch methods, all of which can be described in a platform independent
-        way using methods from the base class.  The AbstractMacroAssembler is templated on the
-        type of the assembler class that will be used for code generation, and the three layers
-        are held together with the cocktail stick of inheritance.
-
-        The above description is a slight simplification since the MacroAssemblerX86 is actually
-        formed from two layers (in effect giving us a kind on bacon double cheeseburger) - with the
-        bulk of methods that are common between x86 & x86-64 implemented in MacroAssemblerX86Common,
-        which forms a base class for MacroAssemblerX86 and MacroAssemblerX86_64 (which add the methods
-        specific to the given platform).
-
-        I'm landing these changes first without splitting the classes across multiple files,
-        I will follow up with a second patch to split up the file MacroAssembler.h.
-
-        * assembler/MacroAssembler.h:
-        (JSC::AbstractMacroAssembler::):
-        (JSC::AbstractMacroAssembler::DataLabelPtr::DataLabelPtr):
-        (JSC::AbstractMacroAssembler::DataLabelPtr::patch):
-        (JSC::AbstractMacroAssembler::DataLabel32::DataLabel32):
-        (JSC::AbstractMacroAssembler::DataLabel32::patch):
-        (JSC::AbstractMacroAssembler::Label::Label):
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-        (JSC::AbstractMacroAssembler::Jump::patch):
-        (JSC::AbstractMacroAssembler::JumpList::link):
-        (JSC::AbstractMacroAssembler::JumpList::linkTo):
-        (JSC::AbstractMacroAssembler::PatchBuffer::link):
-        (JSC::AbstractMacroAssembler::PatchBuffer::addressOf):
-        (JSC::AbstractMacroAssembler::PatchBuffer::setPtr):
-        (JSC::AbstractMacroAssembler::size):
-        (JSC::AbstractMacroAssembler::copyCode):
-        (JSC::AbstractMacroAssembler::label):
-        (JSC::AbstractMacroAssembler::align):
-        (JSC::AbstractMacroAssembler::differenceBetween):
-        (JSC::MacroAssemblerX86Common::xor32):
-        (JSC::MacroAssemblerX86Common::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86Common::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86Common::move):
-        (JSC::MacroAssemblerX86Common::swap):
-        (JSC::MacroAssemblerX86Common::signExtend32ToPtr):
-        (JSC::MacroAssemblerX86Common::zeroExtend32ToPtr):
-        (JSC::MacroAssemblerX86Common::branch32):
-        (JSC::MacroAssemblerX86Common::jump):
-        (JSC::MacroAssemblerX86_64::add32):
-        (JSC::MacroAssemblerX86_64::sub32):
-        (JSC::MacroAssemblerX86_64::load32):
-        (JSC::MacroAssemblerX86_64::store32):
-        (JSC::MacroAssemblerX86_64::addPtr):
-        (JSC::MacroAssemblerX86_64::andPtr):
-        (JSC::MacroAssemblerX86_64::orPtr):
-        (JSC::MacroAssemblerX86_64::rshiftPtr):
-        (JSC::MacroAssemblerX86_64::subPtr):
-        (JSC::MacroAssemblerX86_64::xorPtr):
-        (JSC::MacroAssemblerX86_64::loadPtr):
-        (JSC::MacroAssemblerX86_64::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::storePtr):
-        (JSC::MacroAssemblerX86_64::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::branchPtr):
-        (JSC::MacroAssemblerX86_64::branchTestPtr):
-        (JSC::MacroAssemblerX86_64::branchAddPtr):
-        (JSC::MacroAssemblerX86_64::branchSubPtr):
-        (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
-        (JSC::MacroAssemblerX86::add32):
-        (JSC::MacroAssemblerX86::sub32):
-        (JSC::MacroAssemblerX86::load32):
-        (JSC::MacroAssemblerX86::store32):
-        (JSC::MacroAssemblerX86::branch32):
-        (JSC::MacroAssemblerX86::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86::storePtrWithPatch):
-        (JSC::MacroAssembler::pop):
-        (JSC::MacroAssembler::peek):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::branchPtr):
-        (JSC::MacroAssembler::branch32):
-        (JSC::MacroAssembler::branch16):
-        (JSC::MacroAssembler::branchTestPtr):
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::andPtr):
-        (JSC::MacroAssembler::orPtr):
-        (JSC::MacroAssembler::rshiftPtr):
-        (JSC::MacroAssembler::subPtr):
-        (JSC::MacroAssembler::xorPtr):
-        (JSC::MacroAssembler::loadPtr):
-        (JSC::MacroAssembler::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssembler::branchAddPtr):
-        (JSC::MacroAssembler::branchSubPtr):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOp):
-
-2009-02-04  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23681
-        Worker tests crash in debug builds if run --singly
-
-        The crash happened because worker threads continued running while debug-only static objects
-        were already being destroyed on main thread.
-
-        * runtime/Structure.cpp: Create static debug-only sets in heap, so that they don't get
-        destroyed.
-
-        * wtf/ThreadingPthreads.cpp: Changed assertions to conventional form.
-
-2009-02-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23715
-
-        Simplify MacroAssembler interface, by combining comparison methods.
-        Seprate operations are combined as follows:
-            jz32/jnz32/jzPtr/jnzPtr -> branchTest32/branchTestPtr,
-            j*(Add|Mul|Sub)32/j*(Add|Mul|Sub)Ptr -> branch(Add|Mul|Sub)32/branch(Add|Mul|Sub)Ptr
-            j*32/j*Ptr (all other two op combparisons) -> branch32/brnachPtr
-            set*32 -> set32
-
-        Also, represent the Scale of BaseIndex addresses as a plain enum (0,1,2,3),
-        instead of as multiplicands (1,2,4,8).
-
-        This patch singificantly reduces replication of code, and increases functionality supported
-        by the MacroAssembler.  No performance impact.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::):
-        (JSC::MacroAssembler::branchPtr):
-        (JSC::MacroAssembler::branchPtrWithPatch):
-        (JSC::MacroAssembler::branch32):
-        (JSC::MacroAssembler::branch16):
-        (JSC::MacroAssembler::branchTestPtr):
-        (JSC::MacroAssembler::branchTest32):
-        (JSC::MacroAssembler::branchAddPtr):
-        (JSC::MacroAssembler::branchAdd32):
-        (JSC::MacroAssembler::branchMul32):
-        (JSC::MacroAssembler::branchSubPtr):
-        (JSC::MacroAssembler::branchSub32):
-        (JSC::MacroAssembler::set32):
-        (JSC::MacroAssembler::setTest32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::jccRel32):
-        (JSC::X86Assembler::setccOpcode):
-        (JSC::X86Assembler::cmpq_mr):
-        (JSC::X86Assembler::setcc_r):
-        (JSC::X86Assembler::sete_r):
-        (JSC::X86Assembler::setne_r):
-        (JSC::X86Assembler::jne):
-        (JSC::X86Assembler::je):
-        (JSC::X86Assembler::jl):
-        (JSC::X86Assembler::jb):
-        (JSC::X86Assembler::jle):
-        (JSC::X86Assembler::jbe):
-        (JSC::X86Assembler::jge):
-        (JSC::X86Assembler::jg):
-        (JSC::X86Assembler::ja):
-        (JSC::X86Assembler::jae):
-        (JSC::X86Assembler::jo):
-        (JSC::X86Assembler::jp):
-        (JSC::X86Assembler::js):
-        (JSC::X86Assembler::jcc):
-        (JSC::X86Assembler::X86InstructionFormatter::putModRmSib):
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlowScriptCheck):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_lshift):
-        (JSC::JIT::compileFastArith_op_mod):
-        (JSC::JIT::compileFastArith_op_post_inc):
-        (JSC::JIT::compileFastArith_op_post_dec):
-        (JSC::JIT::compileFastArith_op_pre_inc):
-        (JSC::JIT::compileFastArith_op_pre_dec):
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::checkStructure):
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitJumpIfImmediateNumber):
-        (JSC::JIT::emitJumpIfNotImmediateNumber):
-        (JSC::JIT::emitJumpIfImmediateInteger):
-        (JSC::JIT::emitJumpIfNotImmediateInteger):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateIncrementIndex):
-        (JSC::WREC::Generator::generateLoadCharacter):
-        (JSC::WREC::Generator::generateJumpIfNotEndOfInput):
-        (JSC::WREC::Generator::generateBackreferenceQuantifier):
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-        (JSC::WREC::Generator::generatePatternCharacterPair):
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        (JSC::WREC::Generator::generateBackreference):
-
-2009-02-03  David Hyatt  <hyatt@apple.com>
-
-        Fix a bug in Vector's shrinkCapacity method.  It did not properly copy elements into the inline buffer
-        when shrinking down from a size that was greater than the inline capacity.
-
-        Reviewed by Maciej
-
-        * wtf/Vector.h:
-        (WTF::VectorBuffer::VectorBuffer):
-        (WTF::VectorBuffer::allocateBuffer):
-
-2009-02-03  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Added accessor for JSByteArray storage.
-
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::storage):
-
-2009-02-03  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23560
-        Implement SharedTimer on WorkerRunLoop
-
-        * JavaScriptCore.exp:
-        Forgot to expose ThreadCondition::timedWait() in one of previous patches.
-
-2009-02-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=21414> REGRESSION: Regular Expressions and character classes, shorthands and ranges
-        <rdar://problem/6543487>
-
-        In certain circumstances when WREC::Generator::generateCharacterClassInvertedRange invokes
-        itself recursively, it will incorrectly emit (and thus consume) the next single character
-        match in the current character class.  As WREC uses a binary search this out of sequence
-        codegen could result in a character match being missed and so cause the regex to produce
-        incorrect results.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-
-2009-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        Bug 23676: Speed up uses of reserveCapacity on new vectors by adding a new reserveInitialCapacity
-        https://bugs.webkit.org/show_bug.cgi?id=23676
-
-        * API/JSObjectRef.cpp:
-        (JSObjectCopyPropertyNames): Use reserveInitialCapacity.
-        * parser/Lexer.cpp:
-        (JSC::Lexer::Lexer): Ditto.
-        (JSC::Lexer::clear): Ditto.
-
-        * wtf/Vector.h: Added reserveInitialCapacity, a more efficient version of
-        reserveCapacity for use when the vector is brand new (still size 0 with no
-        capacity other than the inline capacity).
-
-2009-01-30  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        <rdar://problem/6391501> Enable the JIT on Mac OS X x86_64 as it passes all tests.
-
-        * wtf/Platform.h:
-
-2009-01-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe and Sam Weinig.
-
-        Finally fix load() to propagate exceptions correctly.
-
-        * jsc.cpp:
-        (functionLoad):
-
-2009-01-30  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23618
-        Templated worker tasks should be more error proof to use.
-        Fix Chromium build.
-
-        * wtf/TypeTraits.h:
-        (WTF::IsConvertibleToInteger::IsConvertibleToDouble):
-        Avoid "possible loss of data" warning when using Microsoft's C++ compiler
-        by avoiding an implicit conversion of int types to doubles.
-
-2009-01-30  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Bug 23580: GNU mode RVCT compilation support
-        <https://bugs.webkit.org/show_bug.cgi?id=23580>
-
-        * pcre/pcre_exec.cpp: Use COMPILER(GCC) instead of __GNUC__.
-        * wtf/FastMalloc.cpp: Ditto.
-        (WTF::TCMallocStats::):
-        * wtf/Platform.h: Don't define COMPILER(GCC) with RVCT --gnu.
-
-2009-01-30  David Levin  <levin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Bug 23618: Templated worker tasks should be more error proof to use
-        <https://bugs.webkit.org/show_bug.cgi?id=23618>
-
-        Add the type traits needed for the generic worker tasks
-        and compile asserts for them.
-
-        Add a summary header to the TypeTraits.h file to explain what is in there.
-
-        Add a note to explain IsPod's deficiencies.
-
-        * wtf/TypeTraits.h:
-
-2009-01-30  David Levin  <levin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Bug 23616: Various "template helpers" should be consolidated from isolated files in JavaScriptCore.
-        <https://bugs.webkit.org/show_bug.cgi?id=23616>
-
-        * wtf/TypeTraits.h: Moved RemovePointer, IsPod, IsInteger to this file.
-
-        * wtf/OwnPtr.h: Use RemovePointer from TypeTraits.h.
-        * wtf/RetainPtr.h:  Ditto.
-
-        * wtf/HashTraits.h: Use IsInteger from TypeTraits.h.
-
-        * wtf/VectorTraits.h: Use IsPod from TypeTraits.h.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Added TypeTraits.h.
-
-2009-01-29  Stephanie Lewis <slewis@apple.com>
-
-        RS by Oliver Hunt.
-
-        Update the order files.
-
-        * JavaScriptCore.order:
-
-2009-01-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 23551: Crash on page load with profiler enabled and running
-        <https://bugs.webkit.org/show_bug.cgi?id=23551>
-        <rdar://problem/6529521>
-
-        Interpreter::execute(FunctionBodyNode*, ...) calls Profiler::didExecute()
-        with a stale CallFrame. If some part of the scope chain has already been
-        freed, Profiler::didExecute() will crash when attempting to get the lexical
-        global object. The fix is to make the didExecute() call use the caller's
-        CallFrame, not the one made for the function call. In this case, the
-        willExecute() call should also be changed to match.
-
-        Since this occurs in the actual inspector JS, it is difficult to reduce.
-        I couldn't make a layout test.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2009-01-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix for <rdar://problem/6525537>
-        Hang occurs when closing Installer window (iTunes, Aperture)
-
-        * JavaScriptCore.exp: Export JSGlobalData::sharedInstance.
-
-2009-01-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Initial patch by Mark Rowe.
-
-        <rdar://problem/6519356>
-        REGRESSION (r36006): "out of memory" alert running dromaeo on Windows
-
-        Report the cost of the ArrayStorage vector more accurately/often.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray): Report the extra cost even for a filled array
-        because JSString using the single character optimization and immediates
-        wont increase the cost themselves. 
-        (JSC::JSArray::putSlowCase): Update the cost when increasing the size of
-        the array.
-        (JSC::JSArray::increaseVectorLength): Ditto.
-
-2009-01-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Fix for <rdar://problem/6129678>
-        REGRESSION (Safari 3-4): Local variable not accessible from Dashcode console or variables view
-
-        Iterating the properties of activation objects accessed through the WebKit debugging
-        APIs was broken by forced conversion of JSActivation to the global object. To fix this,
-        we use a proxy activation object that acts more like a normal JSObject.
-
-        * debugger/DebuggerActivation.cpp: Added.
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::mark):
-        (JSC::DebuggerActivation::className):
-        (JSC::DebuggerActivation::getOwnPropertySlot):
-        (JSC::DebuggerActivation::put):
-        (JSC::DebuggerActivation::putWithAttributes):
-        (JSC::DebuggerActivation::deleteProperty):
-        (JSC::DebuggerActivation::getPropertyNames):
-        (JSC::DebuggerActivation::getPropertyAttributes):
-        (JSC::DebuggerActivation::defineGetter):
-        (JSC::DebuggerActivation::defineSetter):
-        (JSC::DebuggerActivation::lookupGetter):
-        (JSC::DebuggerActivation::lookupSetter):
-        * debugger/DebuggerActivation.h: Added.
-        Proxy JSActivation object for Debugging.
-
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::isActivationObject): Added.
-        * runtime/JSObject.h:
-        (JSC::JSObject::isActivationObject): Added.
-
-2009-01-28  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 23490: Remove initialRefCount argument from RefCounted class
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23490>
-
-        Reviewed by Darin Adler.
-
-        RefCountedBase now always starts with a ref count of 1, so there
-        is no need to pass the initialRefCount into the class anymore.
-
-        * wtf/ByteArray.h:
-        (WTF::ByteArray::ByteArray): Removed call to RefCounted(1).
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::RefCountedBase): Changed to start with a
-        ref count of 1.
-        (WTF::RefCounted::RefCounted): Removed initialRefCount argument
-        and removed call to RefCounted(1).
-
-2009-01-26  Adele Peterson  <adele@apple.com>
-
-        Build fix.  
-
-        * debugger/Debugger.cpp:
-
-2009-01-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fixes for eq null & neq null, on 64-bit JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=23559
-
-        This patch degrades 64-bit JIT performance on some benchmarks,
-        due to the whole not-being-incorrect thing.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2009-01-26  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Gavin Barraclough.
-
-        Bug 23552: Dashcode evaluator no longer works after making ExecStates actual call frames
-        <https://bugs.webkit.org/show_bug.cgi?id=23552>
-        <rdar://problem/6398839>
-
-        * JavaScriptCore.exp:
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame): Added so that WebScriptCallFrame can
-        evaluate JS starting from a global call frame.
-        * debugger/Debugger.h:
-
-2009-01-25  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Dan Bernstein.
-
-        Improve the consistency of settings in our .xcconfig files.
-
-        * Configurations/Base.xcconfig: Enable GCC_OBJC_CALL_CXX_CDTORS to match other projects.
-
-2009-01-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Bug 23352: Turn on more compiler warnings in the Mac build
-        https://bugs.webkit.org/show_bug.cgi?id=23352
-
-        Turn on the following warnings:
-
-            -Wcast-qual
-            -Wextra-tokens
-            -Wformat=2
-            -Winit-self
-            -Wmissing-noreturn
-            -Wpacked
-            -Wrendundant-decls
-
-        * Configurations/Base.xcconfig: Added the new warnings. Switched to -Wextra instead of
-        -W for clarity since we don't have to support the older versions of gcc that require the
-        old -W syntax. Since we now use -Wformat=2, removed -Wformat-security. Also removed
-        -Wno-format-y2k since we can have that one on now.
-
-2009-01-25  Judit Jasz  <jasy@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-        
-        Compilation problem fixing 
-        http://bugs.webkit.org/show_bug.cgi?id=23497
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall): Use JSValuePtr::encode.
-
-2009-01-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 23352: Turn on more compiler warnings in the Mac build
-        https://bugs.webkit.org/show_bug.cgi?id=23352
-
-        Fourth patch: Deal with the last few stray warnings.
-
-        * parser/Parser.cpp: Only declare jscyyparse if it's not already declared.
-        This makes both separate compilation and all-in-one compilation work with the
-        -Wredundant-decls warning.
-
-2009-01-25  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 23352: Turn on more compiler warnings in the Mac build
-        https://bugs.webkit.org/show_bug.cgi?id=23352
-
-        Third patch: Use the noreturn attribute on functions that don't
-        return to prepare for the use of the -Wmissing-noreturn warning.
-
-        * jit/JITCall.cpp:
-        (JSC::unreachable): Added NO_RETURN.
-        * jsc.cpp:
-        (functionQuit): Ditto.
-        (printUsageStatement): Ditto.
-        * wtf/AlwaysInline.h: Added definition of NO_RETURN.
-
-2009-01-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Force inlining of Lexer::matchPunctuator
-
-        2.2% win when parsing jQuery, Mootools, Prototype, etc
-
-        * parser/Lexer.h:
-
-2009-01-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fix for <rdar://problem/6126212>
-        Ensure that callbacks out from the JSC interface are only allowed
-        to return in reverse-chronological order to that in which they were
-        made.  If we allow earlier callbacks to return first, then this may
-        result in setions of the RegisterFile in use by another thread
-        being trampled.
-
-        See uber-comment in JSLock.h for details.
-
-        * runtime/JSLock.cpp:
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-
-2009-01-23  Darin Adler  <darin@apple.com>
-
-        Try to fix WX build.
-
-        * runtime/JSGlobalObjectFunctions.h: Include <wtf/unicode/Unicode.h>
-        for the definition of UChar.
-
-2009-01-23  Anders Carlsson  <andersca@apple.com>
-
-        * Configurations/Base.xcconfig:
-        GCC 4.0 build fix.
-        
-        * runtime/JSNumberCell.h:
-        64-bit build fix.
-
-2009-01-23  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Turn on -Wmissing-prototypes and fix the warnings.
-        
-        * API/JSClassRef.cpp:
-        (clearReferenceToPrototype):
-        * Configurations/Base.xcconfig:
-        * runtime/Collector.cpp:
-        (JSC::getPlatformThreadRegisters):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createError):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/JSNumberCell.h:
-        * runtime/UString.cpp:
-        (JSC::initializeStaticBaseString):
-        (JSC::createRep):
-        * wtf/FastMalloc.cpp:
-        * wtf/Threading.cpp:
-
-2009-01-22  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Anders Carlsson.
-
-        Disable GCC_WARN_ABOUT_MISSING_PROTOTYPES temporarily.
-
-        Current versions of Xcode only respect it for C and Objective-C files,
-        and our code doesn't currently compile if it is applied to C++ and
-        Objective-C++ files.
-
-        * Configurations/Base.xcconfig:
-
-2009-01-22  Steve Falkenburg  <sfalken@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=23489
-        
-        Return currentTime() in correct units for the two early return cases.
-
-        Reviewed by Mark Rowe.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::currentTime):
-
-2009-01-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix for <rdar://problem/6439247>
-        FastMalloc allocating an extra 4MB of meta-data on 64-bit
-
-        Rely on the fact that on all known x86-64 platforms only use 48 bits of
-        address space to shrink the initial size of the PageMap from ~4MB to 120K.
-        For 64-bit we still use a 3-level radix tree, but now each level is only 12
-        bits wide.
-
-        No performance change.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::MapSelector): Add specialization for 64 bit that takes into account the
-        16 bits of unused address space on x86-64.
-
-2009-01-22  Beth Dakin  <bdakin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=23461 LayoutTests/
-        fast/js/numeric-conversion.html is broken, and corresponding 
-        <rdar://problem/6514842>
-
-        The basic problem here is that parseInt(Infinity) should be NaN, 
-        but we were returning 0. NaN matches Safari 3.2.1 and Firefox.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-
-2009-01-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/6516853> (r39682-r39736) JSFunFuzz: crash on "(function(){({ x2: x }), })()"
-        <https://bugs.webkit.org/show_bug.cgi?id=23479>
-
-        Automatic semicolon insertion was resulting in this being accepted in the initial
-        nodeless parsing, but subsequent reparsing for code generation would fail, leading
-        to a crash.  The solution is to ensure that reparsing a function performs parsing
-        in the same state as the initial parse.  We do this by modifying the saved source
-        ranges to include rather than exclude the opening and closing braces.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): add an assertion for successful recompile
-        * parser/Lexer.h:
-        (JSC::Lexer::sourceCode): include rather than exclude braces.
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::toSourceString):  No need to append braces anymore.
-
-2009-01-22  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23373
-
-        Implement ThreadCondition::timedWait().
-        Since we borrow the code for condition variables from other sources,
-        I did the same for timedWait(). See comments in ThreadingWin.cpp for
-        rationale and more info.
-
-        * wtf/CONTRIBUTORS.pthreads-win32: 
-        Added. A list of Pthreads-win32 contributors mentioned in their license. The license itself
-        is included into wtf/ThreadingWin32.cpp.
-
-        * wtf/Threading.h:
-        * wtf/ThreadingWin.cpp:
-        Additional info and Pthreads-win32 license at the beginning.
-        (WTF::PlatformCondition::timedWait): new method, derived from Pthreads-win32.
-        (WTF::PlatformCondition::signal): same
-        (WTF::ThreadCondition::ThreadCondition):
-        (WTF::ThreadCondition::~ThreadCondition):
-        (WTF::ThreadCondition::wait): this now calls PlatformCondition::timedWait.
-        (WTF::ThreadCondition::timedWait): same
-        (WTF::ThreadCondition::signal): this now calls PlatformCondition::signal.
-        (WTF::ThreadCondition::broadcast): same
-
-2009-01-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=23469.
-
-        We need to check all numbers in integer switches, not just those
-        represented as integer JSImmediates.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::cti_op_switch_imm):
-
-2009-01-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=23468.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-01-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Suggested by Oliver Hunt. Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23456
-        Function argument names leak
-
-        * parser/Nodes.cpp: (JSC::FunctionBodyNode::~FunctionBodyNode): Destruct parameter names.
-
-2009-01-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2009-01-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Structure property table deleted offset maps are being leaked.
-        Probably shouldn't be doing that.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23442
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-
-2009-01-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Attempt to fix gtk build
-
-        * GNUmakefile.am:
-
-2009-01-20  Darin Adler  <darin@apple.com>
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferences): Add back the initialization to fix the build.
-
-2009-01-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Bug 23352: Turn on more compiler warnings in the Mac build
-        https://bugs.webkit.org/show_bug.cgi?id=23352
-
-        First patch: Fix some simple cases of various warnings.
-
-        * pcre/pcre_compile.cpp:
-        (jsRegExpCompile): Use const_cast to change const-ness.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferences): Remove unneeded initialization and
-        use UChar instead of unsigned short for UTF-16 values.
-
-        * wtf/dtoa.cpp:
-        (WTF::strtod): Use const_cast to change const-ness.
-
-2009-01-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Whoops, remove runtime/ByteArray references from .pri and .scons builds, update .bkl
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCoreSources.bkl:
-
-2009-01-20  Oliver Hunt  <oliver@apple.com>
-
-        RS=Dan Bernstein.
-
-        Move runtime/ByteArray to wtf/ByteArray
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSByteArray.cpp:
-        * runtime/JSByteArray.h:
-        * wtf/ByteArray.cpp: Renamed from JavaScriptCore/runtime/ByteArray.cpp.
-        (WTF::ByteArray::create):
-        * wtf/ByteArray.h: Renamed from JavaScriptCore/runtime/ByteArray.h.
-        (WTF::ByteArray::length):
-        (WTF::ByteArray::set):
-        (WTF::ByteArray::get):
-        (WTF::ByteArray::data):
-        (WTF::ByteArray::deref):
-        (WTF::ByteArray::ByteArray):
-
-2009-01-19  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Gavin Barraclough.
-
-        Remove temporary operator-> from JSValuePtr.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::call):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        * API/JSObjectRef.cpp:
-        (JSObjectSetPrototype):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        (JSC::CodeBlock::mark):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isKnownNotImmediate):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitEqualityOp):
-        (JSC::keyForImmediateSwitch):
-        * interpreter/Interpreter.cpp:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAddSlowCase):
-        (JSC::jsAdd):
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        (JSC::isNotObject):
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::throwException):
-        (JSC::cachePrototypeChain):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::countPrototypeChainEntriesAndCheckForProxies):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_convert_this):
-        (JSC::Interpreter::cti_op_add):
-        (JSC::Interpreter::cti_op_pre_inc):
-        (JSC::Interpreter::cti_op_put_by_id_generic):
-        (JSC::Interpreter::cti_op_get_by_id_generic):
-        (JSC::Interpreter::cti_op_put_by_id):
-        (JSC::Interpreter::cti_op_put_by_id_second):
-        (JSC::Interpreter::cti_op_put_by_id_fail):
-        (JSC::Interpreter::cti_op_get_by_id):
-        (JSC::Interpreter::cti_op_get_by_id_second):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
-        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
-        (JSC::Interpreter::cti_op_get_by_id_array_fail):
-        (JSC::Interpreter::cti_op_get_by_id_string_fail):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_del_by_id):
-        (JSC::Interpreter::cti_op_mul):
-        (JSC::Interpreter::cti_op_call_JSFunction):
-        (JSC::Interpreter::cti_op_call_NotJSFunction):
-        (JSC::Interpreter::cti_op_construct_JSConstruct):
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_get_by_val_byte_array):
-        (JSC::Interpreter::cti_op_sub):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_array):
-        (JSC::Interpreter::cti_op_put_by_val_byte_array):
-        (JSC::Interpreter::cti_op_loop_if_true):
-        (JSC::Interpreter::cti_op_negate):
-        (JSC::Interpreter::cti_op_div):
-        (JSC::Interpreter::cti_op_pre_dec):
-        (JSC::Interpreter::cti_op_not):
-        (JSC::Interpreter::cti_op_jtrue):
-        (JSC::Interpreter::cti_op_post_inc):
-        (JSC::Interpreter::cti_op_lshift):
-        (JSC::Interpreter::cti_op_bitand):
-        (JSC::Interpreter::cti_op_rshift):
-        (JSC::Interpreter::cti_op_bitnot):
-        (JSC::Interpreter::cti_op_mod):
-        (JSC::Interpreter::cti_op_post_dec):
-        (JSC::Interpreter::cti_op_urshift):
-        (JSC::Interpreter::cti_op_bitxor):
-        (JSC::Interpreter::cti_op_bitor):
-        (JSC::Interpreter::cti_op_push_scope):
-        (JSC::Interpreter::cti_op_is_undefined):
-        (JSC::Interpreter::cti_op_is_boolean):
-        (JSC::Interpreter::cti_op_is_number):
-        (JSC::Interpreter::cti_op_to_jsnumber):
-        (JSC::Interpreter::cti_op_in):
-        (JSC::Interpreter::cti_op_put_by_index):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_op_switch_char):
-        (JSC::Interpreter::cti_op_switch_string):
-        (JSC::Interpreter::cti_op_del_by_val):
-        (JSC::Interpreter::cti_op_put_getter):
-        (JSC::Interpreter::cti_op_put_setter):
-        (JSC::Interpreter::cti_op_new_error):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::isJSArray):
-        (JSC::Interpreter::isJSString):
-        (JSC::Interpreter::isJSByteArray):
-        * interpreter/Register.h:
-        (JSC::Register::marked):
-        (JSC::Register::mark):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::getConstantOperandImmediateInt):
-        (JSC::JIT::isOperandConstantImmediateInt):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionRun):
-        (functionLoad):
-        (runWithScripts):
-        (runInteractive):
-        * parser/Nodes.cpp:
-        (JSC::processClauseList):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/Collector.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::heap):
-        (JSC::Heap::collect):
-        (JSC::typeName):
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::dateParse):
-        (JSC::dateUTC):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::internalNumber):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::fillStructuresUsingTimeArgs):
-        (JSC::fillStructuresUsingDateArgs):
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::constructError):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createError):
-        (JSC::createErrorMessage):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::toObject):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::put):
-        (JSC::JSArray::mark):
-        (JSC::JSArray::sort):
-        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::setIndex):
-        * runtime/JSCell.h:
-        (JSC::asCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::construct):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::lastInPrototypeChain):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncIsNaN):
-        (JSC::globalFuncIsFinite):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSImmediate.cpp:
-        (JSC::JSImmediate::toThisObject):
-        (JSC::JSImmediate::toObject):
-        (JSC::JSImmediate::prototype):
-        (JSC::JSImmediate::toString):
-        * runtime/JSImmediate.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::mark):
-        (JSC::JSObject::put):
-        (JSC::callDefaultValueFunction):
-        (JSC::JSObject::getPrimitiveNumber):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::lookupGetter):
-        (JSC::JSObject::lookupSetter):
-        (JSC::JSObject::hasInstance):
-        (JSC::JSObject::toNumber):
-        (JSC::JSObject::toString):
-        * runtime/JSObject.h:
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::getOwnPropertySlotForWrite):
-        (JSC::JSObject::getPropertySlot):
-        (JSC::JSValuePtr::get):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot):
-        * runtime/JSValue.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::mark):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        (JSC::NativeErrorConstructor::construct):
-        * runtime/NumberConstructor.cpp:
-        (JSC::constructWithNumberConstructor):
-        (JSC::callNumberConstructor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructObject):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncValueOf):
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        (JSC::objectProtoFuncToLocaleString):
-        (JSC::objectProtoFuncToString):
-        * runtime/Operations.h:
-        (JSC::JSValuePtr::equalSlowCaseInline):
-        (JSC::JSValuePtr::strictEqual):
-        (JSC::JSValuePtr::strictEqualSlowCaseInline):
-        * runtime/Protect.h:
-        (JSC::gcProtect):
-        (JSC::gcUnprotect):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorInput):
-        (JSC::setRegExpConstructorMultiline):
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp:
-        (JSC::setRegExpObjectLastIndex):
-        (JSC::RegExpObject::match):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        (JSC::stringFromCharCode):
-        (JSC::constructWithStringConstructor):
-        (JSC::callStringConstructor):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToString):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::getEnumerablePropertyNames):
-        (JSC::Structure::createCachedPrototypeChain):
-        * runtime/Structure.h:
-        (JSC::Structure::mark):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-
-2009-01-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 23409: REGRESSION: RegExp 'replace()' function improperly processes '$$'
-        <https://bugs.webkit.org/show_bug.cgi?id=23409>
-        <rdar://problem/6505723>
-
-        Test: fast/js/string-replace-3.html
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferences): Remove code that adds an extra $ -- not sure
-        how this ever worked.
-
-2009-01-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        On x86-64 jit, cache JSImmedate::TagMask & JSImmedate::TagTypeNumber in
-        registers, save reloading them every time they're used.
-
-        Draws x86-64 jit performance close to that of i386 jit.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::subPtr):
-        (JSC::MacroAssembler::jnzPtr):
-        (JSC::MacroAssembler::jzPtr):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitJumpIfImmediateNumber):
-        (JSC::JIT::emitJumpIfNotImmediateNumber):
-        (JSC::JIT::emitJumpIfImmediateInteger):
-        (JSC::JIT::emitJumpIfNotImmediateInteger):
-        (JSC::JIT::emitFastArithIntToImmNoCheck):
-
-2009-01-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add support to x86-64 JIT for inline double precision arithmetic ops.
-        +5/6% on x86-64, JIT enabled, sunspider.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movq_rr):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_pre_inc):
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArithSlow_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArithSlow_op_mul):
-        (JSC::JIT::compileFastArith_op_sub):
-        (JSC::JIT::compileFastArithSlow_op_sub):
-        * parser/ResultType.h:
-        (JSC::ResultType::isReusable):
-        (JSC::ResultType::isInt32):
-        (JSC::ResultType::definitelyIsNumber):
-        (JSC::ResultType::mightBeNumber):
-        (JSC::ResultType::isNotNumber):
-        (JSC::ResultType::unknownType):
-
-2009-01-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fixes for SamplingTool.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23390
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::storePtr):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::run):
-        (JSC::SamplingTool::dump):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingTool::encodeSample):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::samplingToolTrackCodeBlock):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitCTICall_internal):
-
-2009-01-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed <rdar://problem/6452301> REGRESSION: Latest WebKit nightlies
-        turn "c" into "" when stripping \\c_ character
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::consumeEscape): Mimic a Firefox quirk when parsing
-        control escapes inside character classes.
-
-2009-01-16  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::parseParentheses): Removed unreachable code.
-
-2009-01-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed <rdar://problem/6471394> REGRESSION (r39164): Discarding quantifier
-        on assertion gives incorrect result (23075)
-        
-        https://bugs.webkit.org/show_bug.cgi?id=23075
-
-        * pcre/pcre_compile.cpp:
-        (compileBranch): Throw away an assertion if it's followed by a quantifier
-        with a 0 minimum, to match SpiderMonkey, v8, and the ECMA spec.
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::parseParentheses): Fall back on PCRE for the rare
-        case of an assertion with a quantifier with a 0 minimum, since we
-        don't handle quantified subexpressions yet, and in this special case,
-        we can't just throw away the quantifier.
-
-2009-01-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add support in ResultType to track that the results of bitops
-        are always of type int32_t.
-
-        * parser/Nodes.cpp:
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::ReadModifyDotNode::emitBytecode):
-        (JSC::ReadModifyBracketNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::):
-        (JSC::BooleanNode::):
-        (JSC::NumberNode::):
-        (JSC::StringNode::):
-        (JSC::PrePostResolveNode::):
-        (JSC::TypeOfResolveNode::):
-        (JSC::TypeOfValueNode::):
-        (JSC::UnaryPlusNode::):
-        (JSC::NegateNode::):
-        (JSC::BitwiseNotNode::):
-        (JSC::LogicalNotNode::):
-        (JSC::MultNode::):
-        (JSC::DivNode::):
-        (JSC::ModNode::):
-        (JSC::SubNode::):
-        (JSC::LeftShiftNode::):
-        (JSC::RightShiftNode::):
-        (JSC::UnsignedRightShiftNode::):
-        (JSC::LessNode::):
-        (JSC::GreaterNode::):
-        (JSC::LessEqNode::):
-        (JSC::GreaterEqNode::):
-        (JSC::InstanceOfNode::):
-        (JSC::EqualNode::):
-        (JSC::NotEqualNode::):
-        (JSC::StrictEqualNode::):
-        (JSC::NotStrictEqualNode::):
-        (JSC::BitAndNode::):
-        (JSC::BitOrNode::):
-        (JSC::BitXOrNode::):
-        (JSC::LogicalOpNode::):
-        * parser/ResultType.h:
-        (JSC::ResultType::isInt32):
-        (JSC::ResultType::isNotNumber):
-        (JSC::ResultType::booleanType):
-        (JSC::ResultType::numberType):
-        (JSC::ResultType::numberTypeCanReuse):
-        (JSC::ResultType::numberTypeCanReuseIsInt32):
-        (JSC::ResultType::stringOrNumberTypeCanReuse):
-        (JSC::ResultType::stringType):
-        (JSC::ResultType::unknownType):
-        (JSC::ResultType::forAdd):
-        (JSC::ResultType::forBitOp):
-        (JSC::OperandTypes::OperandTypes):
-
-2009-01-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add support for integer addition, subtraction and multiplication
-        in JIT code on x86-64.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::mul32):
-        (JSC::MacroAssembler::sub32):
-        (JSC::MacroAssembler::joMul32):
-        (JSC::MacroAssembler::joSub32):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArithSlow_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArithSlow_op_mul):
-        (JSC::JIT::compileFastArith_op_sub):
-        (JSC::JIT::compileFastArithSlow_op_sub):
-
-2009-01-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        On x86-64 allow JSImmediate to encode 64-bit double precision values.
-        This patch only affects builds that set USE(ALTERNATE_JSIMMEDIATE).
-        Updates the implementation of JSValuePtr:: and JSImmediate:: methods
-        that operate on neumeric values to be be aware of the new representation.
-        When this representation is in use, the class JSNumberCell is redundant
-        and is compiled out.
-
-        The format of the new immediate representation is documented in JSImmediate.h.
-
-        * JavaScriptCore.exp:
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::subPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::subq_rr):
-        (JSC::X86Assembler::movq_rr):
-        (JSC::X86Assembler::ucomisd_rr):
-        (JSC::X86Assembler::X86InstructionFormatter::twoByteOp64):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_stricteq):
-        (JSC::Interpreter::cti_op_nstricteq):
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_lshift):
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArith_op_bitand):
-        (JSC::JIT::compileFastArith_op_mod):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArith_op_post_inc):
-        (JSC::JIT::compileFastArith_op_post_dec):
-        (JSC::JIT::compileFastArith_op_pre_inc):
-        (JSC::JIT::compileFastArith_op_pre_dec):
-        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfBothJSCells):
-        (JSC::JIT::emitJumpIfEitherNumber):
-        (JSC::JIT::emitJumpIfNotEitherNumber):
-        (JSC::JIT::emitJumpIfImmediateIntegerNumber):
-        (JSC::JIT::emitJumpIfNotImmediateIntegerNumber):
-        (JSC::JIT::emitJumpIfNotImmediateIntegerNumbers):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmediateIntegerNumber):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmediateIntegerNumbers):
-        (JSC::JIT::emitFastArithDeTagImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitFastArithIntToImmNoCheck):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSImmediate.cpp:
-        (JSC::JSImmediate::toThisObject):
-        (JSC::JSImmediate::toObject):
-        (JSC::JSImmediate::toString):
-        * runtime/JSImmediate.h:
-        (JSC::wtf_reinterpret_cast):
-        (JSC::JSImmediate::isNumber):
-        (JSC::JSImmediate::isIntegerNumber):
-        (JSC::JSImmediate::isDoubleNumber):
-        (JSC::JSImmediate::isPositiveIntegerNumber):
-        (JSC::JSImmediate::areBothImmediateIntegerNumbers):
-        (JSC::JSImmediate::makeInt):
-        (JSC::JSImmediate::makeDouble):
-        (JSC::JSImmediate::doubleValue):
-        (JSC::doubleToBoolean):
-        (JSC::JSImmediate::toBoolean):
-        (JSC::JSImmediate::getTruncatedUInt32):
-        (JSC::JSImmediate::makeOutOfIntegerRange):
-        (JSC::JSImmediate::from):
-        (JSC::JSImmediate::getTruncatedInt32):
-        (JSC::JSImmediate::toDouble):
-        (JSC::JSImmediate::getUInt32):
-        (JSC::JSValuePtr::isInt32Fast):
-        (JSC::JSValuePtr::isUInt32Fast):
-        (JSC::JSValuePtr::areBothInt32Fast):
-        (JSC::JSFastMath::canDoFastBitwiseOperations):
-        (JSC::JSFastMath::xorImmediateNumbers):
-        (JSC::JSFastMath::canDoFastRshift):
-        (JSC::JSFastMath::canDoFastUrshift):
-        (JSC::JSFastMath::rightShiftImmediateNumbers):
-        (JSC::JSFastMath::canDoFastAdditiveOperations):
-        (JSC::JSFastMath::addImmediateNumbers):
-        (JSC::JSFastMath::subImmediateNumbers):
-        * runtime/JSNumberCell.cpp:
-        (JSC::jsNumberCell):
-        * runtime/JSNumberCell.h:
-        (JSC::createNumberStructure):
-        (JSC::isNumberCell):
-        (JSC::asNumberCell):
-        (JSC::jsNumber):
-        (JSC::JSValuePtr::isDoubleNumber):
-        (JSC::JSValuePtr::getDoubleNumber):
-        (JSC::JSValuePtr::isNumber):
-        (JSC::JSValuePtr::uncheckedGetNumber):
-        (JSC::jsNaN):
-        (JSC::JSValuePtr::getNumber):
-        (JSC::JSValuePtr::numberToInt32):
-        (JSC::JSValuePtr::numberToUInt32):
-        * runtime/JSValue.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberObject.h:
-        * runtime/Operations.h:
-        (JSC::JSValuePtr::equal):
-        (JSC::JSValuePtr::equalSlowCaseInline):
-        (JSC::JSValuePtr::strictEqual):
-        (JSC::JSValuePtr::strictEqualSlowCaseInline):
-        * wtf/Platform.h:
-
-2009-01-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        <rdar://problem/6045018>
-        REGRESSION (r34838): JavaScript objects appear to be leaked after loading google.com
-
-        Subtract the number of JSStrings cached in SmallStrings when calculating the
-        number of live JSObjects.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::objectCount):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::count):
-        * runtime/SmallStrings.h:
-
-2009-01-15  Sam Weinig  <sam@webkit.org>
-
-        Fix Qt build.
-
-        * runtime/Collector.cpp:
-
-2009-01-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix crash seen running fast/canvas.
-
-        Make sure to mark the ScopeNode and CodeBlock being created
-        in the re-parse for exception information.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::mark):
-        * runtime/Collector.cpp:
-        (JSC::Heap::collect):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-
-2009-01-15  Craig Schlenter  <craig.schlenter@gmail.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23347
-        Compilation of JavaScriptCore/wtf/ThreadingPthreads.cpp fails on Linux
-
-        * wtf/ThreadingPthreads.cpp: included limits.h as INT_MAX is defined there.
-
-2009-01-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 23225: REGRESSION: Assertion failure in reparseInPlace() (m_sourceElements) at sfgate.com
-        <https://bugs.webkit.org/show_bug.cgi?id=23225> <rdar://problem/6487432>
-
-        Character position for open and closing brace was incorrectly referencing m_position to
-        record their position in a source document, however this is unsafe as BOMs may lead to
-        m_position being an arbitrary position from the real position of the current character.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::matchPunctuator):
-
-2009-01-14  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 23153: JSC build always touches JavaScriptCore/docs/bytecode.html
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23153>
-
-        Reviewed by Darin Adler.
-
-        Instead of building bytecode.html into ${SRCROOT}/docs/bytecode.html, build it
-        into ${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore/docs/bytecode.html.
-
-        Also fixes make-bytecode-docs.pl to actually generate documentation.
-
-        * DerivedSources.make: Changed bytecode.html to be built into local docs
-        directory in ${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added "/docs" to the end of the
-        "mkdir -p" command so that the docs subdirectory is automatically created.
-        * docs/make-bytecode-docs.pl: Changed BEGIN_OPCODE to DEFINE_OPCODE so that
-        documentation is actually generated.
-
-2009-01-14  Adam Treat  <adam.treat@torchmobile.com>
-
-        Build fix for Qt from Dmitry Titov.
-
-        * wtf/ThreadingQt.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-2009-01-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 22903: REGRESSION (r36267): visiting this site reliably crashes WebKit nightly
-
-        EvalCodeBlock's do not reference the functions that are declared inside the eval
-        code, this means that simply marking the EvalCodeBlock through the global object
-        is insufficient to mark the declared functions.  This patch corrects this by
-        explicitly marking the CodeBlocks of all the functions declared in the cached
-        EvalNode.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::mark):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::hasFunctions):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::mark):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNodeData::mark):
-        (JSC::EvalNode::mark):
-        * parser/Nodes.h:
-
-2009-01-14  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23312
-        Implement MessageQueue::waitForMessageTimed()
-        Also fixed ThreadCondition::timedWait() to take absolute time, as discussed on webkit-dev.
-        Win32 version of timedWait still has to be implemented.
-
-        * wtf/MessageQueue.h:
-        (WTF::MessageQueueWaitResult: new enum for the result of MessageQueue::waitForMessageTimed.
-        (WTF::MessageQueue::waitForMessage):
-        (WTF::MessageQueue::waitForMessageTimed): New method.
-        * wtf/Threading.h:
-        * wtf/ThreadingGtk.cpp:
-        (WTF::ThreadCondition::timedWait): changed to use absolute time instead of interval.
-        * wtf/ThreadingNone.cpp:
-        (WTF::ThreadCondition::timedWait): ditto.
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::ThreadCondition::timedWait): ditto.
-        * wtf/ThreadingQt.cpp:
-        (WTF::ThreadCondition::timedWait): ditto.
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadCondition::timedWait): ditto. The actual Win32 code is still to be implemented.
-
-2009-01-14  Dean McNamee  <deanm@chromium.org>
-
-        Reviewed by Darin Adler and Oliver hunt.
-
-        Correctly match allocation functions by implementing a custom deref().
-
-        https://bugs.webkit.org/show_bug.cgi?id=23315
-
-        * runtime/ByteArray.h:
-        (JSC::ByteArray::deref):
-        (JSC::ByteArray::ByteArray):
-
-2009-01-14  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by John Sullivan.
-
-        - update copyright
-
-        * Info.plist:
-
-2009-01-13  Beth Dakin  <bdakin@apple.com>
-
-        Reviewed by Darin Adler and Oliver Hunt.
-
-        <rdar://problem/6489314> REGRESSION: Business widget's front side 
-        fails to render correctly when flipping widget
-
-        The problem here is that parseInt was parsing NaN as 0. This patch 
-        corrects that by parsing NaN as NaN. This matches our old behavior 
-        and Firefox. 
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-
-2009-01-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix for: https://bugs.webkit.org/show_bug.cgi?id=23292
-
-        Implementation of two argument canDoFastAdditiveOperations does not correlate well with reality.
-
-        * runtime/JSImmediate.h:
-        (JSC::JSFastMath::canDoFastAdditiveOperations):
-
-2009-01-13  Zalan Bujtas  <zbujtas@gmail.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23290
-        Fix JSImmediate::isImmediate(src) to !src->isCell()
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-01-13  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23281
-        Fix the Chromium Win build.
-        Need to use PLATFORM(WIN_OS) instead of PLATFORM(WIN).
-        Moved GTK and WX up in #if sequence because they could come with WIN_OS too,
-        while they have their own implementation even on Windows.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::currentTime):
-
-2009-01-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Make the JSImmediate interface private.
-
-        All manipulation of JS values should be through the JSValuePtr class, not by using JSImmediate
-        directly.  The key missing methods on JSValuePtr are:
-
-            * isCell() - check for values that are JSCell*s, and as such where asCell() may be used.
-            * isInt32Fast() getInt32Fast() - fast check/access for integer immediates.
-            * isUInt32Fast() getUInt32Fast() - ditto for unsigned integer immediates.
-
-        The JIT is allowed full access to JSImmediate, since it needs to be able to directly
-        manipulate JSValuePtrs.  The Interpreter is provided access to perform operations directly
-        on JSValuePtrs through the new JSFastMath interface.
-
-        No performance impact.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::toNumber):
-        * API/JSValueRef.cpp:
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isKnownNotImmediate):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::keyForImmediateSwitch):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
-        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
-        * interpreter/Interpreter.cpp:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAdd):
-        (JSC::jsIsObjectType):
-        (JSC::cachePrototypeChain):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_add):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_mul):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_get_by_val_byte_array):
-        (JSC::Interpreter::cti_op_sub):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_array):
-        (JSC::Interpreter::cti_op_put_by_val_byte_array):
-        (JSC::Interpreter::cti_op_negate):
-        (JSC::Interpreter::cti_op_div):
-        (JSC::Interpreter::cti_op_eq):
-        (JSC::Interpreter::cti_op_lshift):
-        (JSC::Interpreter::cti_op_bitand):
-        (JSC::Interpreter::cti_op_rshift):
-        (JSC::Interpreter::cti_op_bitnot):
-        (JSC::Interpreter::cti_op_neq):
-        (JSC::Interpreter::cti_op_urshift):
-        (JSC::Interpreter::cti_op_call_eval):
-        (JSC::Interpreter::cti_op_throw):
-        (JSC::Interpreter::cti_op_is_undefined):
-        (JSC::Interpreter::cti_op_stricteq):
-        (JSC::Interpreter::cti_op_nstricteq):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_vm_throw):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::isJSArray):
-        (JSC::Interpreter::isJSString):
-        (JSC::Interpreter::isJSByteArray):
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JSC::JIT::isStrictEqCaseHandledInJITCode):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArith_op_bitand):
-        (JSC::JIT::compileFastArith_op_mod):
-        * jit/JITCall.cpp:
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::getConstantOperandImmediateInt):
-        (JSC::JIT::isOperandConstantImmediateInt):
-        * parser/Nodes.cpp:
-        (JSC::processClauseList):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/Collector.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::heap):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertySlot):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::getIndex):
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        (JSC::JSValuePtr::isNumberCell):
-        (JSC::JSValuePtr::asCell):
-        (JSC::JSValuePtr::isNumber):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-        * runtime/JSImmediate.h:
-        (JSC::js0):
-        (JSC::jsImpossibleValue):
-        (JSC::JSValuePtr::toInt32):
-        (JSC::JSValuePtr::toUInt32):
-        (JSC::JSValuePtr::isCell):
-        (JSC::JSValuePtr::isInt32Fast):
-        (JSC::JSValuePtr::getInt32Fast):
-        (JSC::JSValuePtr::isUInt32Fast):
-        (JSC::JSValuePtr::getUInt32Fast):
-        (JSC::JSValuePtr::makeInt32Fast):
-        (JSC::JSValuePtr::areBothInt32Fast):
-        (JSC::JSFastMath::canDoFastBitwiseOperations):
-        (JSC::JSFastMath::equal):
-        (JSC::JSFastMath::notEqual):
-        (JSC::JSFastMath::andImmediateNumbers):
-        (JSC::JSFastMath::xorImmediateNumbers):
-        (JSC::JSFastMath::orImmediateNumbers):
-        (JSC::JSFastMath::canDoFastRshift):
-        (JSC::JSFastMath::canDoFastUrshift):
-        (JSC::JSFastMath::rightShiftImmediateNumbers):
-        (JSC::JSFastMath::canDoFastAdditiveOperations):
-        (JSC::JSFastMath::addImmediateNumbers):
-        (JSC::JSFastMath::subImmediateNumbers):
-        (JSC::JSFastMath::incImmediateNumber):
-        (JSC::JSFastMath::decImmediateNumber):
-        * runtime/JSNumberCell.h:
-        (JSC::JSValuePtr::asNumberCell):
-        (JSC::jsNumber):
-        (JSC::JSValuePtr::uncheckedGetNumber):
-        (JSC::JSNumberCell::toInt32):
-        (JSC::JSNumberCell::toUInt32):
-        (JSC::JSValuePtr::toJSNumber):
-        (JSC::JSValuePtr::getNumber):
-        (JSC::JSValuePtr::numberToInt32):
-        (JSC::JSValuePtr::numberToUInt32):
-        * runtime/JSObject.h:
-        (JSC::JSValuePtr::isObject):
-        (JSC::JSValuePtr::get):
-        (JSC::JSValuePtr::put):
-        * runtime/JSValue.cpp:
-        (JSC::JSValuePtr::toInteger):
-        (JSC::JSValuePtr::toIntegerPreserveNaN):
-        * runtime/JSValue.h:
-        * runtime/Operations.cpp:
-        (JSC::JSValuePtr::equalSlowCase):
-        (JSC::JSValuePtr::strictEqualSlowCase):
-        * runtime/Operations.h:
-        (JSC::JSValuePtr::equal):
-        (JSC::JSValuePtr::equalSlowCaseInline):
-        (JSC::JSValuePtr::strictEqual):
-        (JSC::JSValuePtr::strictEqualSlowCaseInline):
-        * runtime/Protect.h:
-        (JSC::gcProtect):
-        (JSC::gcUnprotect):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        * runtime/Structure.cpp:
-        (JSC::Structure::createCachedPrototypeChain):
-
-2009-01-12  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Since date time functions have moved here, now the wx port JSC
-        needs to depend on wx.
-
-        * jscore.bkl:
-
-2009-01-11  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23245
-
-        Add initializeThreading to key places in JS API to ensure that
-        UString is properly initialized.
-
-        * API/JSContextRef.cpp:
-        (JSContextGroupCreate):
-        (JSGlobalContextCreate):
-        * API/JSObjectRef.cpp:
-        (JSClassCreate):
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithCharacters):
-        (JSStringCreateWithUTF8CString):
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-
-2009-01-11  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23175
-
-        Separate out BaseString information from UString::Rep and make all baseString access go through
-        a member function, so that it may be used for something else (in the future) in the BaseString
-        case.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::rep):
-        (JSC::SmallStringsStorage::SmallStringsStorage):
-        (JSC::SmallStrings::SmallStrings):
-        (JSC::SmallStrings::mark):
-        Adjust to account for the changes in UString and put the UString in place in
-        SmallStringsStorage to aid in locality of reference among the UChar[] and UString::Rep's.
-
-        * runtime/SmallStrings.h:
-        * runtime/UString.cpp:
-        (JSC::initializeStaticBaseString):
-        (JSC::initializeUString):
-        (JSC::UString::Rep::create):
-        (JSC::UString::Rep::destroy):
-        (JSC::UString::Rep::checkConsistency):
-        (JSC::expandCapacity):
-        (JSC::UString::expandPreCapacity):
-        (JSC::concatenate):
-        (JSC::UString::append):
-        (JSC::UString::operator=):
-        * runtime/UString.h:
-        (JSC::UString::Rep::baseIsSelf):
-        (JSC::UString::Rep::setBaseString):
-        (JSC::UString::Rep::baseString):
-        (JSC::UString::Rep::):
-        (JSC::UString::Rep::null):
-        (JSC::UString::Rep::empty):
-        (JSC::UString::Rep::data):
-        (JSC::UString::cost):
-        Separate out the items out used by base strings from those used in Rep's that only
-        point to base strings.  (This potentially saves 24 bytes per Rep.)
-
-2009-01-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Bug 23239: improve handling of unused arguments in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=23239
-
-        * runtime/DatePrototype.cpp: Moved LocaleDateTimeFormat enum outside #if
-        so we can use this on all platforms. Changed valueOf to share the same
-        function with getTime, since the contents of the two are identical. Removed
-        a FIXME since the idea isn't really specific enough or helpful enough to
-        need to sit here in the source code.
-        (JSC::formatLocaleDate): Changed the Mac version of this function to take
-        the same arguments as the non-Mac version so the caller doesn't have to
-        special-case the two platforms. Also made the formatString array be const;
-        before the characters were, but the array was a modifiable global variable.
-        (JSC::dateProtoFuncToLocaleString): Changed to call the new unified
-        version of formatLocaleDate and remove the ifdef.
-        (JSC::dateProtoFuncToLocaleDateString): Ditto.
-        (JSC::dateProtoFuncToLocaleTimeString): Ditto.
-
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toObject): Use the new ASSERT_UNUSED instead of the
-        old UNUSED_PARAM.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp): Changed to only use UNUSED_PARAM when the parameter
-        is actually unused.
-
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease): Changed to only use UNUSED_PARAM when the parameter
-        is actually unused.
-        (TCMalloc_SystemCommit): Changed to omit the argument names instead of using
-        UNUSED_PARAM.
-
-2009-01-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Fix the build (whoops)
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_get_by_val):
-
-2009-01-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler and Anders Carlsson
-
-        Bug 23128: get/put_by_val need to respecialise in the face of ByteArray
-
-        Restructure the code slightly, and add comments per Darin's suggestions
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_get_by_val_byte_array):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_byte_array):
-
-2009-01-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Whoops, I accidentally removed an exception check from fast the
-        fast path for string indexing when i originally landed the
-        byte array logic.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_get_by_val):
-
-2009-01-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Bug 23128: get/put_by_val need to respecialise in the face of ByteArray
-        <https://bugs.webkit.org/show_bug.cgi?id=23128>
-
-        Fairly simple patch, add specialised versions of cti_op_get/put_by_val
-        that assume ByteArray, thus avoiding a few branches in the case of bytearray
-        manipulation.
-
-        No effect on SunSpider.  15% win on the original testcase.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_get_by_val_byte_array):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_byte_array):
-        * interpreter/Interpreter.h:
-
-2009-01-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Try to fix Windows build.
-
-        * wtf/CurrentTime.cpp: Added a definition of msPerSecond (previously, this code was in
-        DateMath.cpp, with constant definition in DateTime.h)
-
-2009-01-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Try to fix Windows build.
-
-        * wtf/CurrentTime.cpp: Include <sys/types.h> and <sys/timeb.h>, as MSDN says to.
-
-2009-01-11  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23207
-        Moved currentTime() to from WebCore to WTF.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp: added export for WTF::currentTime()
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * runtime/DateMath.cpp:
-        (JSC::getCurrentUTCTimeWithMicroseconds): This function had another implementation of currentTime(), essentially. Now uses WTF version.
-        * wtf/CurrentTime.cpp: Added.
-        (WTF::currentTime):
-        (WTF::highResUpTime):
-        (WTF::lowResUTCTime):
-        (WTF::qpcAvailable):
-        * wtf/CurrentTime.h: Added.
-
-2009-01-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Stage two of converting JSValue from a pointer to a class type.
-        Remove the class JSValue.  The functionallity has been transitioned
-        into the wrapper class type JSValuePtr.
-
-        The last stage will be to rename JSValuePtr to JSValue, remove the
-        overloaded -> operator, and switch operations on JSValuePtrs from
-        using '->' to use '.' instead.
-
-        * API/APICast.h:
-        * JavaScriptCore.exp:
-        * runtime/JSCell.h:
-        (JSC::asCell):
-        (JSC::JSValuePtr::asCell):
-        (JSC::JSValuePtr::isNumber):
-        (JSC::JSValuePtr::isString):
-        (JSC::JSValuePtr::isGetterSetter):
-        (JSC::JSValuePtr::isObject):
-        (JSC::JSValuePtr::getNumber):
-        (JSC::JSValuePtr::getString):
-        (JSC::JSValuePtr::getObject):
-        (JSC::JSValuePtr::getCallData):
-        (JSC::JSValuePtr::getConstructData):
-        (JSC::JSValuePtr::getUInt32):
-        (JSC::JSValuePtr::getTruncatedInt32):
-        (JSC::JSValuePtr::getTruncatedUInt32):
-        (JSC::JSValuePtr::mark):
-        (JSC::JSValuePtr::marked):
-        (JSC::JSValuePtr::toPrimitive):
-        (JSC::JSValuePtr::getPrimitiveNumber):
-        (JSC::JSValuePtr::toBoolean):
-        (JSC::JSValuePtr::toNumber):
-        (JSC::JSValuePtr::toString):
-        (JSC::JSValuePtr::toObject):
-        (JSC::JSValuePtr::toThisObject):
-        (JSC::JSValuePtr::needsThisConversion):
-        (JSC::JSValuePtr::toThisString):
-        (JSC::JSValuePtr::getJSNumber):
-        * runtime/JSImmediate.h:
-        (JSC::JSValuePtr::isUndefined):
-        (JSC::JSValuePtr::isNull):
-        (JSC::JSValuePtr::isUndefinedOrNull):
-        (JSC::JSValuePtr::isBoolean):
-        (JSC::JSValuePtr::getBoolean):
-        (JSC::JSValuePtr::toInt32):
-        (JSC::JSValuePtr::toUInt32):
-        * runtime/JSNumberCell.h:
-        (JSC::JSValuePtr::uncheckedGetNumber):
-        (JSC::JSValuePtr::toJSNumber):
-        * runtime/JSObject.h:
-        (JSC::JSValuePtr::isObject):
-        (JSC::JSValuePtr::get):
-        (JSC::JSValuePtr::put):
-        * runtime/JSString.h:
-        (JSC::JSValuePtr::toThisJSString):
-        * runtime/JSValue.cpp:
-        (JSC::JSValuePtr::toInteger):
-        (JSC::JSValuePtr::toIntegerPreserveNaN):
-        (JSC::JSValuePtr::toInt32SlowCase):
-        (JSC::JSValuePtr::toUInt32SlowCase):
-        * runtime/JSValue.h:
-        (JSC::JSValuePtr::makeImmediate):
-        (JSC::JSValuePtr::immediateValue):
-        (JSC::JSValuePtr::JSValuePtr):
-        (JSC::JSValuePtr::operator->):
-        (JSC::JSValuePtr::operator bool):
-        (JSC::JSValuePtr::operator==):
-        (JSC::JSValuePtr::operator!=):
-        (JSC::JSValuePtr::encode):
-        (JSC::JSValuePtr::decode):
-        (JSC::JSValuePtr::toFloat):
-        (JSC::JSValuePtr::asValue):
-        (JSC::operator==):
-        (JSC::operator!=):
-
-2009-01-09  David Levin  <levin@chromium.org>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23175
-
-        Adjustment to previous patch.  Remove call to initilizeThreading from JSGlobalCreate
-        and fix jsc.cpp instead.
-
-        * jsc.cpp:
-        (main):
-        (jscmain):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::create):
-
-2009-01-09  Sam Weinig  <sam@webkit.org>
-
-        Roll r39720 back in with a working interpreted mode.
-
-2009-01-09  David Levin  <levin@chromium.org>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23175
-
-        Added a template to make the pointer and flags combination
-        in UString more readable and less error prone.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Added PtrAndFlags.h (and sorted the xcode project file).
-
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        (JSC::Identifier::addSlowCase):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        Made the init threading initialize the UString globals.  Before
-        these were initilized using {} but that became harder due to the
-        addition of this tempalte class.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::create):
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * runtime/UString.cpp:
-        (JSC::initializeStaticBaseString):
-        (JSC::initializeUString):
-        (JSC::UString::Rep::create):
-        (JSC::UString::Rep::createFromUTF8):
-        (JSC::createRep):
-        (JSC::UString::UString):
-        (JSC::concatenate):
-        (JSC::UString::operator=):
-        (JSC::UString::makeNull):
-        (JSC::UString::nullRep):
-        * runtime/UString.h:
-        (JSC::UString::Rep::identifierTable):
-        (JSC::UString::Rep::setIdentifierTable):
-        (JSC::UString::Rep::isStatic):
-        (JSC::UString::Rep::setStatic):
-        (JSC::UString::Rep::):
-        (JSC::UString::Rep::null):
-        (JSC::UString::Rep::empty):
-        (JSC::UString::isNull):
-        (JSC::UString::null):
-        (JSC::UString::UString):
-
-        * wtf/PtrAndFlags.h: Added.
-        (WTF::PtrAndFlags::PtrAndFlags):
-        (WTF::PtrAndFlags::isFlagSet):
-        (WTF::PtrAndFlags::setFlag):
-        (WTF::PtrAndFlags::clearFlag):
-        (WTF::PtrAndFlags::get):
-        (WTF::PtrAndFlags::set):
-        A simple way to layer together a pointer and 2 flags.  It relies on the pointer being 4 byte aligned,
-        which should happen for all allocators (due to aligning pointers, int's, etc. on 4 byte boundaries).
-
-2009-01-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by -O-l-i-v-e-r- -H-u-n-t- Sam Weinig (sorry, Sam!).
-
-        Encode immediates in the low word of JSValuePtrs, on x86-64.
-
-        On 32-bit platforms a JSValuePtr may represent a 31-bit signed integer.
-        On 64-bit platforms, if USE(ALTERNATE_JSIMMEDIATE) is defined, a full
-        32-bit integer may be stored in an immediate.
-        
-        Presently USE(ALTERNATE_JSIMMEDIATE) uses the same encoding as the default
-        immediate format - the value is left shifted by one, so a one bit tag can
-        be added to indicate the value is an immediate.  However this means that
-        values must be commonly be detagged (by right shifting by one) before
-        arithmetic operations can be performed on immediates.  This patch modifies
-        the formattting so the the high bits of the immediate mark values as being
-        integer.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::not32):
-        (JSC::MacroAssembler::orPtr):
-        (JSC::MacroAssembler::zeroExtend32ToPtr):
-        (JSC::MacroAssembler::jaePtr):
-        (JSC::MacroAssembler::jbPtr):
-        (JSC::MacroAssembler::jnzPtr):
-        (JSC::MacroAssembler::jzPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::notl_r):
-        (JSC::X86Assembler::testq_i32r):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_lshift):
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArith_op_bitand):
-        (JSC::JIT::compileFastArithSlow_op_bitand):
-        (JSC::JIT::compileFastArith_op_mod):
-        (JSC::JIT::compileFastArithSlow_op_mod):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArith_op_post_inc):
-        (JSC::JIT::compileFastArith_op_post_dec):
-        (JSC::JIT::compileFastArith_op_pre_inc):
-        (JSC::JIT::compileFastArith_op_pre_dec):
-        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitJumpIfImmNum):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
-        (JSC::JIT::emitFastArithDeTagImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitFastArithImmToInt):
-        (JSC::JIT::emitFastArithIntToImmNoCheck):
-        (JSC::JIT::emitTagAsBoolImmediate):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::resizePropertyStorage):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        * runtime/JSImmediate.h:
-        (JSC::JSImmediate::isNumber):
-        (JSC::JSImmediate::isPositiveNumber):
-        (JSC::JSImmediate::areBothImmediateNumbers):
-        (JSC::JSImmediate::xorImmediateNumbers):
-        (JSC::JSImmediate::rightShiftImmediateNumbers):
-        (JSC::JSImmediate::canDoFastAdditiveOperations):
-        (JSC::JSImmediate::addImmediateNumbers):
-        (JSC::JSImmediate::subImmediateNumbers):
-        (JSC::JSImmediate::makeInt):
-        (JSC::JSImmediate::toBoolean):
-        * wtf/Platform.h:
-
-2009-01-08  Sam Weinig  <sam@webkit.org>
-
-        Revert r39720. It broke Interpreted mode.
-
-2009-01-08  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=23197
-        Delay creating the PCVector until an exception is thrown
-        Part of <rdar://problem/6469060>
-        Don't store exception information for a CodeBlock until first exception is thrown
-
-        - Change the process for re-parsing/re-generating bytecode for exception information
-          to use data from the original CodeBlock (offsets of GlobalResolve instructions) to
-          aid in creating an identical instruction stream on re-parse, instead of padding
-          interchangeable opcodes, which would result in different JITed code.
-        - Fix bug where the wrong ScopeChainNode was used when re-parsing/regenerating from
-          within some odd modified scope chains.
-        - Lazily create the pcVector by re-JITing the regenerated CodeBlock and stealing the
-          the pcVector from it.
-
-        Saves ~2MB on Membuster head.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
-        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::JITCodeRef::JITCodeRef):
-        (JSC::GlobalResolveInfo::GlobalResolveInfo):
-        (JSC::CodeBlock::getBytecodeIndex):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::addGlobalResolveInfo):
-        (JSC::CodeBlock::addFunctionRegisterInfo):
-        (JSC::CodeBlock::hasExceptionInfo):
-        (JSC::CodeBlock::pcVector):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-        (JSC::EvalCodeBlock::baseScopeDepth):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitGetScopedVar):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::setRegeneratingForExceptionInfo):
-        * interpreter/Interpreter.cpp:
-        (JSC::bytecodeOffsetForPC):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_call_NotJSFunction):
-        (JSC::Interpreter::cti_op_resolve):
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
-        (JSC::Interpreter::cti_op_resolve_func):
-        (JSC::Interpreter::cti_op_resolve_skip):
-        (JSC::Interpreter::cti_op_resolve_global):
-        (JSC::Interpreter::cti_op_resolve_with_base):
-        (JSC::Interpreter::cti_op_throw):
-        (JSC::Interpreter::cti_op_in):
-        (JSC::Interpreter::cti_vm_throw):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * parser/Nodes.cpp:
-        (JSC::EvalNode::generateBytecode):
-        (JSC::EvalNode::bytecodeForExceptionInfoReparse):
-        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse):
-        * parser/Nodes.h:
-
-2009-01-08  Jian Li  <jianli@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Add Win32 implementation of ThreadSpecific.
-        https://bugs.webkit.org/show_bug.cgi?id=22614
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * wtf/ThreadSpecific.h:
-        (WTF::ThreadSpecific::ThreadSpecific):
-        (WTF::ThreadSpecific::~ThreadSpecific):
-        (WTF::ThreadSpecific::get):
-        (WTF::ThreadSpecific::set):
-        (WTF::ThreadSpecific::destroy):
-        * wtf/ThreadSpecificWin.cpp: Added.
-        (WTF::ThreadSpecificThreadExit):
-        * wtf/ThreadingWin.cpp:
-        (WTF::wtfThreadEntryPoint):
-
-2009-01-08  Justin McPherson <justin.mcpherson@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix compilation with Qt on NetBSD.
-
-        * runtime/Collector.cpp:
-        (JSC::currentThreadStackBase): Use PLATFORM(NETBSD) to enter the
-        code path to retrieve the stack base using pthread_attr_get_np.
-        The PTHREAD_NP_H define is not used because the header file does
-        not exist on NetBSD, but the function is declared nevertheless.
-        * wtf/Platform.h: Introduce WTF_PLATFORM_NETBSD.
-
-2009-01-07  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        <rdar://problem/6469060> Don't store exception information for a CodeBlock until first exception is thrown
-
-        Don't initially store exception information (lineNumber/expressionRange/getByIdExcecptionInfo)
-        in CodeBlocks blocks.  Instead, re-parse for the data on demand and cache it then.
-
-        One important change that was needed to make this work was to pad op_get_global_var with nops to
-        be the same length as op_resolve_global, since one could be replaced for the other on re-parsing,
-        and we want to keep the offsets bytecode offsets the same.
-
-        1.3MB improvement on Membuster head.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Update op_get_global_var to account for the padding.
-        (JSC::CodeBlock::dumpStatistics): Add more statistic dumping.
-        (JSC::CodeBlock::CodeBlock): Initialize m_exceptionInfo.
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): Re-parses the CodeBlocks
-        associated SourceCode and steals the ExceptionInfo from it.
-        (JSC::CodeBlock::lineNumberForBytecodeOffset): Creates the exception info on demand.
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset): Ditto.
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset): Ditto.
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::numberOfExceptionHandlers): Updated to account for m_exceptionInfo indirection.
-        (JSC::CodeBlock::addExceptionHandler): Ditto.
-        (JSC::CodeBlock::exceptionHandler): Ditto.
-        (JSC::CodeBlock::clearExceptionInfo): Ditto.
-        (JSC::CodeBlock::addExpressionInfo): Ditto.
-        (JSC::CodeBlock::addGetByIdExceptionInfo): Ditto.
-        (JSC::CodeBlock::numberOfLineInfos): Ditto.
-        (JSC::CodeBlock::addLineInfo): Ditto.
-        (JSC::CodeBlock::lastLineInfo): Ditto.
-
-        * bytecode/Opcode.h: Change length of op_get_global_var to match op_resolve_global.
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump): Add comment indicating why it is okay not to pass a CallFrame.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate): Clear the exception info after generation for Function and Eval
-        Code when not in regenerate for exception info mode.
-        (JSC::BytecodeGenerator::BytecodeGenerator): Initialize m_regeneratingForExceptionInfo to false.
-        (JSC::BytecodeGenerator::emitGetScopedVar): Pad op_get_global_var with 2 nops.
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::setRegeneratingForExcpeptionInfo): Added.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException): Pass the CallFrame to exception info accessors.
-        (JSC::Interpreter::privateExecute): Ditto.
-        (JSC::Interpreter::retrieveLastCaller): Ditto.
-        (JSC::Interpreter::cti_op_new_error): Ditto.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass): Pass the current bytecode offset instead of hard coding the
-        line number, the stub will do the accessing if it gets called.
-
-        * parser/Nodes.cpp:
-        (JSC::ProgramNode::emitBytecode): Moved.
-        (JSC::ProgramNode::generateBytecode): Moved.
-        (JSC::EvalNode::create): Moved.
-        (JSC::EvalNode::bytecodeForExceptionInfoReparse): Added.
-        (JSC::FunctionBodyNode::generateBytecode): Rename reparse to reparseInPlace.
-        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse): Addded.
-
-        * parser/Nodes.h:
-        (JSC::ScopeNode::features): Added getter.
-        * parser/Parser.cpp:
-        (JSC::Parser::reparseInPlace): Renamed from reparse.
-        * parser/Parser.h:
-        (JSC::Parser::reparse): Added. Re-parses the passed in Node into
-        a new Node.
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createUndefinedVariableError): Pass along CallFrame.
-        (JSC::createInvalidParamError): Ditto.
-        (JSC::createNotAConstructorError): Ditto.
-        (JSC::createNotAFunctionError): Ditto.
-        (JSC::createNotAnObjectError): Ditto.
-
-2009-01-06  Gavin Barraclough  <baraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Replace accidentally removed references in BytecodeGenerator, deleting these
-        will be hindering the sharing of constant numbers and strings.
-
-        The code to add a new constant (either number or string) to their respective
-        map works by attempting to add a null entry, then checking the result of the
-        add for null.  The first time, this should return the null (or noValue).
-        The code checks for null (to see if this is the initial add), and then allocates
-        a new number / string object.  This code relies on the result returned from
-        the add to the map being stored as a reference, such that the allocated object
-        will be stored in the map, and will be resused if the same constant is encountered
-        again.  By failing to use a reference we will be leaking GC object for each
-        additional entry added to the map.  As GC objects they should be clollected,
-        be we should no be allocatin them in the first place.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23158
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-
-2009-01-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/6040850> JavaScript register file should use VirtualAlloc on Windows
-
-        Fairly simple, just reserve 4Mb of address space for the
-        register file, and then commit one section at a time.  We
-        don't release committed memory as we drop back, but then
-        mac doesn't either so this probably not too much of a 
-        problem.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::~RegisterFile):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::grow):
-
-2009-01-06  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23142
-        ThreadGlobalData leaks seen on buildbot
-
-        * wtf/ThreadSpecific.h: (WTF::ThreadSpecific::destroy): Temporarily reset the thread
-        specific value to make getter work on Mac OS X.
-
-        * wtf/Platform.h: Touch this file again to make sure all Windows builds use the most recent
-        version of ThreadSpecific.h.
-
-2009-01-05  Gavin Barraclough  <baraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Replace all uses of JSValue* with a new smart pointer type, JSValuePtr.
-        
-        A JavaScript value may be a heap object or boxed primitive, represented by a
-        pointer, or may be an unboxed immediate value, such as an integer.  Since a
-        value may dynamically need to contain either a pointer value or an immediate,
-        we encode immediates as pointer values (since all valid JSCell pointers are
-        allocated at alligned addesses, unaligned addresses are available to encode
-        immediates).  As such all JavaScript values are represented using a JSValue*.
-
-        This implementation is encumbered by a number of constraints.  It ties the
-        JSValue representation to the size of pointer on the platform, which, for
-        example, means that we currently can represent different ranges of integers
-        as immediates on x86 and x86-64.  It also prevents us from overloading the
-        to-boolean conversion used to test for noValue() - effectively forcing us
-        to represent noValue() as 0.  This would potentially be problematic were we
-        to wish to encode integer values differently (e.g. were we to use the v8
-        encoding, where pointers are tagged with 1 and integers with 0, then the
-        immediate integer 0 would conflict with noValue()).
-
-        This patch replaces all usage of JSValue* with a new class, JSValuePtr,
-        which encapsulates the pointer.  JSValuePtr maintains the same interface as
-        JSValue*, overloading operator-> and operator bool such that previous
-        operations in the code on variables of type JSValue* are still supported.
-
-        In order to provide a ProtectPtr<> type with support for the new value
-        representation (without using the internal JSValue type directly), a new
-        ProtectJSValuePtr type has been added, equivalent to the previous type
-        ProtectPtr<JSValue>.
-
-        This patch is likely the first in a sequence of three changes.  With the
-        value now encapsulated it will likely make sense to migrate the functionality
-        from JSValue into JSValuePtr, such that the internal pointer representation
-        need not be exposed.  Through migrating the functionality to the wrapper
-        class the existing JSValue should be rendered redundant, and the class is
-        likely to be removed (the JSValuePtr now wrapping a pointer to a JSCell).
-        At this stage it will likely make sense to rename JSValuePtr to JSValue.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23114
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::asCallbackObject):
-        (JSC::::put):
-        (JSC::::hasInstance):
-        (JSC::::call):
-        (JSC::::staticValueGetter):
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        (JSObjectSetPrototype):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        (JSC::constantName):
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getConstant):
-        (JSC::CodeBlock::addUnexpectedConstant):
-        (JSC::CodeBlock::unexpectedConstant):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addUnexpectedConstant):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::emitLoadJSV):
-        (JSC::BytecodeGenerator::emitGetScopedVar):
-        (JSC::BytecodeGenerator::emitPutScopedVar):
-        (JSC::BytecodeGenerator::emitNewError):
-        (JSC::keyForImmediateSwitch):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::JSValueHashTraits::constructDeletedValue):
-        (JSC::BytecodeGenerator::JSValueHashTraits::isDeletedValue):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * debugger/DebuggerCallFrame.h:
-        (JSC::DebuggerCallFrame::DebuggerCallFrame):
-        (JSC::DebuggerCallFrame::exception):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::thisValue):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::setException):
-        (JSC::ExecState::exception):
-        (JSC::ExecState::exceptionSlot):
-        (JSC::ExecState::hadException):
-        * interpreter/Interpreter.cpp:
-        (JSC::fastIsNumber):
-        (JSC::fastToInt32):
-        (JSC::fastToUInt32):
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAddSlowCase):
-        (JSC::jsAdd):
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::inlineResolveBase):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::resolveBaseAndFunc):
-        (JSC::isNotObject):
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::checkTimeout):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::cachePrototypeChain):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::countPrototypeChainEntriesAndCheckForProxies):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        (JSC::Interpreter::retrieveCaller):
-        (JSC::Interpreter::retrieveLastCaller):
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::returnToThrowTrampoline):
-        (JSC::Interpreter::cti_op_convert_this):
-        (JSC::Interpreter::cti_op_add):
-        (JSC::Interpreter::cti_op_pre_inc):
-        (JSC::Interpreter::cti_op_loop_if_less):
-        (JSC::Interpreter::cti_op_loop_if_lesseq):
-        (JSC::Interpreter::cti_op_get_by_id_generic):
-        (JSC::Interpreter::cti_op_get_by_id):
-        (JSC::Interpreter::cti_op_get_by_id_second):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
-        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
-        (JSC::Interpreter::cti_op_get_by_id_array_fail):
-        (JSC::Interpreter::cti_op_get_by_id_string_fail):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_del_by_id):
-        (JSC::Interpreter::cti_op_mul):
-        (JSC::Interpreter::cti_op_call_NotJSFunction):
-        (JSC::Interpreter::cti_op_resolve):
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_resolve_func):
-        (JSC::Interpreter::cti_op_sub):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_array):
-        (JSC::Interpreter::cti_op_lesseq):
-        (JSC::Interpreter::cti_op_loop_if_true):
-        (JSC::Interpreter::cti_op_negate):
-        (JSC::Interpreter::cti_op_resolve_base):
-        (JSC::Interpreter::cti_op_resolve_skip):
-        (JSC::Interpreter::cti_op_resolve_global):
-        (JSC::Interpreter::cti_op_div):
-        (JSC::Interpreter::cti_op_pre_dec):
-        (JSC::Interpreter::cti_op_jless):
-        (JSC::Interpreter::cti_op_not):
-        (JSC::Interpreter::cti_op_jtrue):
-        (JSC::Interpreter::cti_op_post_inc):
-        (JSC::Interpreter::cti_op_eq):
-        (JSC::Interpreter::cti_op_lshift):
-        (JSC::Interpreter::cti_op_bitand):
-        (JSC::Interpreter::cti_op_rshift):
-        (JSC::Interpreter::cti_op_bitnot):
-        (JSC::Interpreter::cti_op_resolve_with_base):
-        (JSC::Interpreter::cti_op_mod):
-        (JSC::Interpreter::cti_op_less):
-        (JSC::Interpreter::cti_op_neq):
-        (JSC::Interpreter::cti_op_post_dec):
-        (JSC::Interpreter::cti_op_urshift):
-        (JSC::Interpreter::cti_op_bitxor):
-        (JSC::Interpreter::cti_op_bitor):
-        (JSC::Interpreter::cti_op_call_eval):
-        (JSC::Interpreter::cti_op_throw):
-        (JSC::Interpreter::cti_op_next_pname):
-        (JSC::Interpreter::cti_op_typeof):
-        (JSC::Interpreter::cti_op_is_undefined):
-        (JSC::Interpreter::cti_op_is_boolean):
-        (JSC::Interpreter::cti_op_is_number):
-        (JSC::Interpreter::cti_op_is_string):
-        (JSC::Interpreter::cti_op_is_object):
-        (JSC::Interpreter::cti_op_is_function):
-        (JSC::Interpreter::cti_op_stricteq):
-        (JSC::Interpreter::cti_op_nstricteq):
-        (JSC::Interpreter::cti_op_to_jsnumber):
-        (JSC::Interpreter::cti_op_in):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_op_switch_char):
-        (JSC::Interpreter::cti_op_switch_string):
-        (JSC::Interpreter::cti_op_del_by_val):
-        (JSC::Interpreter::cti_op_new_error):
-        (JSC::Interpreter::cti_vm_throw):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::isJSArray):
-        (JSC::Interpreter::isJSString):
-        * interpreter/Register.h:
-        (JSC::Register::):
-        (JSC::Register::Register):
-        (JSC::Register::jsValue):
-        (JSC::Register::getJSValue):
-        * jit/JIT.cpp:
-        (JSC::):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JSC::):
-        (JSC::JIT::execute):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-        * jit/JITCall.cpp:
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::getConstantOperand):
-        (JSC::JIT::isOperandConstant31BitImmediateInt):
-        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
-        (JSC::JIT::emitInitRegister):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::resizePropertyStorage):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionGC):
-        (functionVersion):
-        (functionRun):
-        (functionLoad):
-        (functionReadline):
-        (functionQuit):
-        * parser/Nodes.cpp:
-        (JSC::NullNode::emitBytecode):
-        (JSC::ArrayNode::emitBytecode):
-        (JSC::FunctionCallValueNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::VoidNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::processClauseList):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::willExecute):
-        (JSC::Profiler::didExecute):
-        (JSC::Profiler::createCallIdentifier):
-        * profiler/Profiler.h:
-        * runtime/ArgList.cpp:
-        (JSC::ArgList::slowAppend):
-        * runtime/ArgList.h:
-        (JSC::ArgList::at):
-        (JSC::ArgList::append):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        (JSC::asArguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::callArrayConstructor):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::getProperty):
-        (JSC::putProperty):
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::callBooleanConstructor):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.h:
-        (JSC::asBooleanObject):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/CallData.cpp:
-        (JSC::call):
-        * runtime/CallData.h:
-        * runtime/Collector.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::heap):
-        (JSC::Heap::collect):
-        * runtime/Collector.h:
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/Completion.h:
-        (JSC::Completion::Completion):
-        (JSC::Completion::value):
-        (JSC::Completion::setValue):
-        (JSC::Completion::isValueCompletion):
-        * runtime/ConstructData.cpp:
-        (JSC::construct):
-        * runtime/ConstructData.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::callDate):
-        (JSC::dateParse):
-        (JSC::dateNow):
-        (JSC::dateUTC):
-        * runtime/DateInstance.h:
-        (JSC::asDateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncValueOf):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetMilliSeconds):
-        (JSC::dateProtoFuncSetUTCMilliseconds):
-        (JSC::dateProtoFuncSetSeconds):
-        (JSC::dateProtoFuncSetUTCSeconds):
-        (JSC::dateProtoFuncSetMinutes):
-        (JSC::dateProtoFuncSetUTCMinutes):
-        (JSC::dateProtoFuncSetHours):
-        (JSC::dateProtoFuncSetUTCHours):
-        (JSC::dateProtoFuncSetDate):
-        (JSC::dateProtoFuncSetUTCDate):
-        (JSC::dateProtoFuncSetMonth):
-        (JSC::dateProtoFuncSetUTCMonth):
-        (JSC::dateProtoFuncSetFullYear):
-        (JSC::dateProtoFuncSetUTCFullYear):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::callErrorConstructor):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createInterruptedExecutionException):
-        (JSC::createError):
-        (JSC::createStackOverflowError):
-        (JSC::createUndefinedVariableError):
-        (JSC::createErrorMessage):
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAFunctionError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::callFunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::callFunctionPrototype):
-        (JSC::functionProtoFuncToString):
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::toPrimitive):
-        (JSC::GetterSetter::getPrimitiveNumber):
-        * runtime/GetterSetter.h:
-        (JSC::asGetterSetter):
-        * runtime/InitializeThreading.cpp:
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        (JSC::asInternalFunction):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot):
-        (JSC::JSActivation::put):
-        (JSC::JSActivation::putWithAttributes):
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        (JSC::asActivation):
-        * runtime/JSArray.cpp:
-        (JSC::storageSize):
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::getPropertyNames):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::mark):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::checkConsistency):
-        (JSC::constructArray):
-        * runtime/JSArray.h:
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::createStructure):
-        (JSC::asArray):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::put):
-        (JSC::JSCell::getJSNumber):
-        * runtime/JSCell.h:
-        (JSC::asCell):
-        (JSC::JSValue::asCell):
-        (JSC::JSValue::toPrimitive):
-        (JSC::JSValue::getPrimitiveNumber):
-        (JSC::JSValue::getJSNumber):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        (JSC::asFunction):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::put):
-        (JSC::JSGlobalObject::putWithAttributes):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructure):
-        (JSC::JSGlobalObject::GlobalPropertyInfo::GlobalPropertyInfo):
-        (JSC::asGlobalObject):
-        (JSC::Structure::prototypeForLookup):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncIsNaN):
-        (JSC::globalFuncIsFinite):
-        (JSC::globalFuncDecodeURI):
-        (JSC::globalFuncDecodeURIComponent):
-        (JSC::globalFuncEncodeURI):
-        (JSC::globalFuncEncodeURIComponent):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/JSImmediate.cpp:
-        (JSC::JSImmediate::toThisObject):
-        (JSC::JSImmediate::toObject):
-        (JSC::JSImmediate::prototype):
-        (JSC::JSImmediate::toString):
-        * runtime/JSImmediate.h:
-        (JSC::JSImmediate::isImmediate):
-        (JSC::JSImmediate::isNumber):
-        (JSC::JSImmediate::isPositiveNumber):
-        (JSC::JSImmediate::isBoolean):
-        (JSC::JSImmediate::isUndefinedOrNull):
-        (JSC::JSImmediate::isNegative):
-        (JSC::JSImmediate::isEitherImmediate):
-        (JSC::JSImmediate::isAnyImmediate):
-        (JSC::JSImmediate::areBothImmediate):
-        (JSC::JSImmediate::areBothImmediateNumbers):
-        (JSC::JSImmediate::andImmediateNumbers):
-        (JSC::JSImmediate::xorImmediateNumbers):
-        (JSC::JSImmediate::orImmediateNumbers):
-        (JSC::JSImmediate::rightShiftImmediateNumbers):
-        (JSC::JSImmediate::canDoFastAdditiveOperations):
-        (JSC::JSImmediate::addImmediateNumbers):
-        (JSC::JSImmediate::subImmediateNumbers):
-        (JSC::JSImmediate::incImmediateNumber):
-        (JSC::JSImmediate::decImmediateNumber):
-        (JSC::JSImmediate::makeValue):
-        (JSC::JSImmediate::makeInt):
-        (JSC::JSImmediate::makeBool):
-        (JSC::JSImmediate::makeUndefined):
-        (JSC::JSImmediate::makeNull):
-        (JSC::JSImmediate::intValue):
-        (JSC::JSImmediate::uintValue):
-        (JSC::JSImmediate::boolValue):
-        (JSC::JSImmediate::rawValue):
-        (JSC::JSImmediate::trueImmediate):
-        (JSC::JSImmediate::falseImmediate):
-        (JSC::JSImmediate::undefinedImmediate):
-        (JSC::JSImmediate::nullImmediate):
-        (JSC::JSImmediate::zeroImmediate):
-        (JSC::JSImmediate::oneImmediate):
-        (JSC::JSImmediate::impossibleValue):
-        (JSC::JSImmediate::toBoolean):
-        (JSC::JSImmediate::getTruncatedUInt32):
-        (JSC::JSImmediate::from):
-        (JSC::JSImmediate::getTruncatedInt32):
-        (JSC::JSImmediate::toDouble):
-        (JSC::JSImmediate::getUInt32):
-        (JSC::jsNull):
-        (JSC::jsBoolean):
-        (JSC::jsUndefined):
-        (JSC::JSValue::isUndefined):
-        (JSC::JSValue::isNull):
-        (JSC::JSValue::isUndefinedOrNull):
-        (JSC::JSValue::isBoolean):
-        (JSC::JSValue::getBoolean):
-        (JSC::JSValue::toInt32):
-        (JSC::JSValue::toUInt32):
-        (JSC::toInt32):
-        (JSC::toUInt32):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toPrimitive):
-        (JSC::JSNotAnObject::getPrimitiveNumber):
-        (JSC::JSNotAnObject::put):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSNumberCell.cpp:
-        (JSC::JSNumberCell::toPrimitive):
-        (JSC::JSNumberCell::getPrimitiveNumber):
-        (JSC::JSNumberCell::getJSNumber):
-        (JSC::jsNumberCell):
-        (JSC::jsNaN):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructure):
-        (JSC::asNumberCell):
-        (JSC::jsNumber):
-        (JSC::JSValue::toJSNumber):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::mark):
-        (JSC::JSObject::put):
-        (JSC::JSObject::putWithAttributes):
-        (JSC::callDefaultValueFunction):
-        (JSC::JSObject::getPrimitiveNumber):
-        (JSC::JSObject::defaultValue):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::lookupGetter):
-        (JSC::JSObject::lookupSetter):
-        (JSC::JSObject::hasInstance):
-        (JSC::JSObject::toNumber):
-        (JSC::JSObject::toString):
-        (JSC::JSObject::fillGetterPropertySlot):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::offsetForLocation):
-        (JSC::JSObject::locationForOffset):
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::createStructure):
-        (JSC::asObject):
-        (JSC::JSObject::prototype):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::getOwnPropertySlotForWrite):
-        (JSC::JSObject::getPropertySlot):
-        (JSC::JSObject::get):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::toPrimitive):
-        (JSC::JSValue::get):
-        (JSC::JSValue::put):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::toPrimitive):
-        (JSC::JSPropertyNameIterator::getPrimitiveNumber):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::create):
-        (JSC::JSPropertyNameIterator::next):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-        (JSC::JSStaticScopeObject::putWithAttributes):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.cpp:
-        (JSC::JSString::toPrimitive):
-        (JSC::JSString::getPrimitiveNumber):
-        (JSC::JSString::getOwnPropertySlot):
-        * runtime/JSString.h:
-        (JSC::JSString::createStructure):
-        (JSC::asString):
-        * runtime/JSValue.h:
-        (JSC::JSValuePtr::makeImmediate):
-        (JSC::JSValuePtr::immediateValue):
-        (JSC::JSValuePtr::JSValuePtr):
-        (JSC::JSValuePtr::operator->):
-        (JSC::JSValuePtr::hasValue):
-        (JSC::JSValuePtr::operator==):
-        (JSC::JSValuePtr::operator!=):
-        (JSC::JSValuePtr::encode):
-        (JSC::JSValuePtr::decode):
-        (JSC::JSValue::asValue):
-        (JSC::noValue):
-        (JSC::operator==):
-        (JSC::operator!=):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::symbolTablePut):
-        (JSC::JSVariableObject::symbolTablePutWithAttributes):
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::mark):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRandom):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::callNativeErrorConstructor):
-        * runtime/NumberConstructor.cpp:
-        (JSC::numberConstructorNaNValue):
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-        (JSC::callNumberConstructor):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::getJSNumber):
-        (JSC::constructNumberFromImmediateNumber):
-        * runtime/NumberObject.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructObject):
-        (JSC::callObjectConstructor):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncValueOf):
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        (JSC::objectProtoFuncToLocaleString):
-        (JSC::objectProtoFuncToString):
-        * runtime/ObjectPrototype.h:
-        * runtime/Operations.cpp:
-        (JSC::equal):
-        (JSC::equalSlowCase):
-        (JSC::strictEqual):
-        (JSC::strictEqualSlowCase):
-        (JSC::throwOutOfMemoryError):
-        * runtime/Operations.h:
-        (JSC::equalSlowCaseInline):
-        (JSC::strictEqualSlowCaseInline):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::PropertySlot):
-        (JSC::PropertySlot::getValue):
-        (JSC::PropertySlot::putValue):
-        (JSC::PropertySlot::setValueSlot):
-        (JSC::PropertySlot::setValue):
-        (JSC::PropertySlot::setCustom):
-        (JSC::PropertySlot::setCustomIndex):
-        (JSC::PropertySlot::slotBase):
-        (JSC::PropertySlot::setBase):
-        (JSC::PropertySlot::):
-        * runtime/Protect.h:
-        (JSC::gcProtect):
-        (JSC::gcUnprotect):
-        (JSC::ProtectedPtr::ProtectedPtr):
-        (JSC::ProtectedPtr::operator JSValuePtr):
-        (JSC::ProtectedJSValuePtr::ProtectedJSValuePtr):
-        (JSC::ProtectedJSValuePtr::get):
-        (JSC::ProtectedJSValuePtr::operator JSValuePtr):
-        (JSC::ProtectedJSValuePtr::operator->):
-        (JSC::::ProtectedPtr):
-        (JSC::::~ProtectedPtr):
-        (JSC::::operator):
-        (JSC::ProtectedJSValuePtr::~ProtectedJSValuePtr):
-        (JSC::ProtectedJSValuePtr::operator=):
-        (JSC::operator==):
-        (JSC::operator!=):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getBackref):
-        (JSC::RegExpConstructor::getLastParen):
-        (JSC::RegExpConstructor::getLeftContext):
-        (JSC::RegExpConstructor::getRightContext):
-        (JSC::regExpConstructorDollar1):
-        (JSC::regExpConstructorDollar2):
-        (JSC::regExpConstructorDollar3):
-        (JSC::regExpConstructorDollar4):
-        (JSC::regExpConstructorDollar5):
-        (JSC::regExpConstructorDollar6):
-        (JSC::regExpConstructorDollar7):
-        (JSC::regExpConstructorDollar8):
-        (JSC::regExpConstructorDollar9):
-        (JSC::regExpConstructorInput):
-        (JSC::regExpConstructorMultiline):
-        (JSC::regExpConstructorLastMatch):
-        (JSC::regExpConstructorLastParen):
-        (JSC::regExpConstructorLeftContext):
-        (JSC::regExpConstructorRightContext):
-        (JSC::RegExpConstructor::put):
-        (JSC::setRegExpConstructorInput):
-        (JSC::setRegExpConstructorMultiline):
-        (JSC::constructRegExp):
-        (JSC::callRegExpConstructor):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        (JSC::asRegExpConstructor):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::put):
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectGlobal):
-        (JSC::regExpObjectIgnoreCase):
-        (JSC::regExpObjectMultiline):
-        (JSC::regExpObjectSource):
-        (JSC::regExpObjectLastIndex):
-        (JSC::RegExpObject::put):
-        (JSC::setRegExpObjectLastIndex):
-        (JSC::RegExpObject::test):
-        (JSC::RegExpObject::exec):
-        (JSC::callRegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        (JSC::asRegExpObject):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        (JSC::stringFromCharCode):
-        (JSC::callStringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::put):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        (JSC::asStringObject):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToString):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::createCachedPrototypeChain):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::setPrototypeWithoutTransition):
-        (JSC::Structure::storedPrototype):
-
-2009-01-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23085> [jsfunfuzz] Over released ScopeChainNode
-        <rdar://problem/6474110>
-
-        So this delightful bug was caused by our unwind code using a ScopeChain to perform
-        the unwind.  The ScopeChain would ref the initial top of the scope chain, then deref
-        the resultant top of scope chain, which is incorrect.
-
-        This patch removes the dependency on ScopeChain for the unwind, and i've filed
-        <https://bugs.webkit.org/show_bug.cgi?id=23144> to look into the unintuitive
-        ScopeChain behaviour.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-
-2009-01-06  Adam Roben  <aroben@apple.com>
-
-        Hopeful Windows crash-on-launch fix
-
-        * wtf/Platform.h: Force a world rebuild by touching this file.
-
-2009-01-06  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by NOBODY (Build fix).
-
-        * GNUmakefile.am:Add ByteArray.cpp too
-
-2009-01-06  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by NOBODY (Speculative build fix).
-
-        AllInOneFile.cpp does not include the JSByteArray.cpp include it...
-
-        * GNUmakefile.am:
-
-2009-01-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Fix Wx build
-
-        * JavaScriptCoreSources.bkl:
-
-2009-01-05  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fixes
-
-        Rubber-stamped by Alice Liu.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        * runtime/ByteArray.cpp:
-        (JSC::ByteArray::create):
-        * runtime/ByteArray.h:
-
-2009-01-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        CanvasPixelArray performance is too slow 
-        <https://bugs.webkit.org/show_bug.cgi?id=23123>
-
-        The fix to this is to devirtualise get and put in a manner similar to
-        JSString and JSArray.  To do this I've added a ByteArray implementation
-        and JSByteArray wrapper to JSC.  We can then do vptr comparisons to
-        devirtualise the calls.
-
-        This devirtualisation improves performance by 1.5-2x in my somewhat ad
-        hoc tests.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_put_by_val):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::isJSByteArray):
-        * runtime/ByteArray.cpp: Added.
-        (JSC::ByteArray::create):
-        * runtime/ByteArray.h: Added.
-        (JSC::ByteArray::length):
-        (JSC::ByteArray::set):
-        (JSC::ByteArray::get):
-        (JSC::ByteArray::data):
-        (JSC::ByteArray::ByteArray):
-        * runtime/JSByteArray.cpp: Added.
-        (JSC::):
-        (JSC::JSByteArray::JSByteArray):
-        (JSC::JSByteArray::createStructure):
-        (JSC::JSByteArray::getOwnPropertySlot):
-        (JSC::JSByteArray::put):
-        (JSC::JSByteArray::getPropertyNames):
-        * runtime/JSByteArray.h: Added.
-        (JSC::JSByteArray::canAccessIndex):
-        (JSC::JSByteArray::getIndex):
-        (JSC::JSByteArray::setIndex):
-        (JSC::JSByteArray::classInfo):
-        (JSC::JSByteArray::length):
-        (JSC::JSByteArray::):
-        (JSC::JSByteArray::JSByteArray):
-        (JSC::asByteArray):
-
-2009-01-05  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23073
-        <rdar://problem/6471129> Workers crash on Windows Release builds
-
-        * wtf/ThreadSpecific.h:
-        (WTF::ThreadSpecific::destroy): Changed to clear the pointer only after data object
-        destruction is finished - otherwise, WebCore::ThreadGlobalData destructor was re-creating
-        the object in order to access atomic string table.
-        (WTF::ThreadSpecific::operator T*): Symmetrically, set up the per-thread pointer before
-        data constructor is called.
-
-        * wtf/ThreadingWin.cpp: (WTF::wtfThreadEntryPoint): Remove a Windows-only hack to finalize
-        a thread - pthreadVC2 is a DLL, so it gets thread detached messages, and cleans up thread
-        specific data automatically. Besides, this code wasn't even compiled in for some time now.
-
-2009-01-05  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23115
-        Create a version of ASSERT for use with otherwise unused variables
-
-        * wtf/Assertions.h: Added ASSERT_UNUSED.
-
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::systemRelease):
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::heapAllocate):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toPrimitive):
-        (JSC::JSNotAnObject::getPrimitiveNumber):
-        (JSC::JSNotAnObject::toBoolean):
-        (JSC::JSNotAnObject::toNumber):
-        (JSC::JSNotAnObject::toString):
-        (JSC::JSNotAnObject::getOwnPropertySlot):
-        (JSC::JSNotAnObject::put):
-        (JSC::JSNotAnObject::deleteProperty):
-        (JSC::JSNotAnObject::getPropertyNames):
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease):
-        Use it in some places that used other idioms for this purpose.
-
-2009-01-04  Alice Liu  <alice.liu@apple.com>
-
-        <rdar://problem/6341776> Merge m_transitionCount and m_offset in Structure.
-
-        Reviewed by Darin Adler.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure): Remove m_transitionCount
-        (JSC::Structure::addPropertyTransitionToExistingStructure): No need to wait until after the assignment to offset to assert if it's notFound; move it up.
-        (JSC::Structure::addPropertyTransition): Use method for transitionCount instead of m_transitionCount. Remove line that maintains the m_transitionCount.
-        (JSC::Structure::changePrototypeTransition): Remove line that maintains the m_transitionCount.
-        (JSC::Structure::getterSetterTransition): Remove line that maintains the m_transitionCount.
-        * runtime/Structure.h:
-        Changed s_maxTransitionLength and m_offset from size_t to signed char.  m_offset will never become greater than 64 
-        because the structure transitions to a dictionary at that time.
-        (JSC::Structure::transitionCount): method to replace the data member
-
-2009-01-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Bug 15114: Provide compile-time assertions for sizeof(UChar), sizeof(DeprecatedChar), etc.
-        https://bugs.webkit.org/show_bug.cgi?id=15114
-
-        * wtf/unicode/Unicode.h: Assert size of UChar. There is no DeprecatedChar any more.
-
-2009-01-03  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Change the pcVector from storing native code pointers to storing offsets
-        from the base pointer. This will allow us to generate the pcVector on demand
-        for exceptions.
-
-        * bytecode/CodeBlock.h:
-        (JSC::PC::PC):
-        (JSC::getNativePCOffset):
-        (JSC::CodeBlock::getBytecodeIndex):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2009-01-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-        
-        * runtime/ScopeChain.cpp:
-
-2009-01-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [jsfunfuzz] unwind logic for exceptions in eval fails to account for dynamic scope external to the eval
-        https://bugs.webkit.org/show_bug.cgi?id=23078
-
-        This bug was caused by eval codeblocks being generated without accounting
-        for the depth of the scope chain they inherited.  This meant that exception
-        handlers would understate their expected scope chain depth, which in turn
-        led to incorrectly removing nodes from the scope chain.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitCatch):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::depth):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChain::localDepth):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::deref):
-        (JSC::ScopeChainNode::ref):
-
-2009-01-02  David Smith  <catfish.man@gmail.com>
-
-        Reviewed by Darin Adler.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=22699
-        Enable NodeList caching for getElementsByTagName
-
-        * wtf/HashFunctions.h: Moved the definition of PHI here and renamed to stringHashingStartValue
-
-2009-01-02  David Kilzer  <ddkilzer@apple.com>
-
-        Attempt to fix Qt Linux build after r39553
-
-        * wtf/RandomNumberSeed.h: Include <sys/time.h> for gettimeofday().
-        Include <sys/types.h> and <unistd.h> for getpid().
-
-2009-01-02  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 23081: These files are no longer part of the KDE libraries
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23081>
-
-        Reviewed by Darin Adler.
-
-        Removed "This file is part of the KDE libraries" comment from
-        source files.  Added or updated Apple copyrights as well.
-
-        * parser/Lexer.h:
-        * wtf/HashCountedSet.h:
-        * wtf/RetainPtr.h:
-        * wtf/VectorTraits.h:
-
-2009-01-02  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 23080: Remove last vestiges of KJS references
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23080>
-
-        Reviewed by Darin Adler.
-
-        Also updated Apple copyright statements.
-
-        * DerivedSources.make: Changed bison "kjsyy" prefix to "jscyy".
-        * GNUmakefile.am: Ditto.
-        * JavaScriptCore.pri: Ditto.  Also changed KJSBISON to JSCBISON
-        and kjsbison to jscbison.
-
-        * JavaScriptCoreSources.bkl: Changed JSCORE_KJS_SOURCES to
-        JSCORE_JSC_SOURCES.
-        * jscore.bkl: Ditto.
-
-        * create_hash_table: Updated copyright and removed old comment.
-
-        * parser/Grammar.y: Changed "kjsyy" prefix to "jscyy" prefix.
-        * parser/Lexer.cpp: Ditto.  Also changed KJS_DEBUG_LEX to
-        JSC_DEBUG_LEX.
-        (jscyylex):
-        (JSC::Lexer::lex):
-        * parser/Parser.cpp: Ditto.
-        (JSC::Parser::parse):
-
-        * pcre/dftables: Changed "kjs_pcre_" prefix to "jsc_pcre_".
-        * pcre/pcre_compile.cpp: Ditto.
-        (getOthercaseRange):
-        (encodeUTF8):
-        (compileBranch):
-        (calculateCompiledPatternLength):
-        * pcre/pcre_exec.cpp: Ditto.
-        (matchRef):
-        (getUTF8CharAndIncrementLength):
-        (match):
-        * pcre/pcre_internal.h: Ditto.
-        (toLowerCase):
-        (flipCase):
-        (classBitmapForChar):
-        (charTypeForChar):
-        * pcre/pcre_tables.cpp: Ditto.
-        * pcre/pcre_ucp_searchfuncs.cpp: Ditto.
-        (jsc_pcre_ucp_othercase):
-        * pcre/pcre_xclass.cpp: Ditto.
-        (getUTF8CharAndAdvancePointer):
-        (jsc_pcre_xclass):
-
-        * runtime/Collector.h: Updated header guards using the
-        clean-header-guards script.
-        * runtime/CollectorHeapIterator.h: Added missing header guard.
-        * runtime/Identifier.h: Updated header guards.
-        * runtime/JSFunction.h: Fixed end-of-namespace comment.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset): Renamed "kjsprint" debug function
-        to "jscprint".  Changed implementation method from
-        globalFuncKJSPrint() to globalFuncJSCPrint().
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncJSCPrint): Renamed from globalFuncKJSPrint().
-        * runtime/JSGlobalObjectFunctions.h: Ditto.
-
-        * runtime/JSImmediate.h: Updated header guards.
-        * runtime/JSLock.h: Ditto.
-        * runtime/JSType.h: Ditto.
-        * runtime/JSWrapperObject.h: Ditto.
-        * runtime/Lookup.h: Ditto.
-        * runtime/Operations.h: Ditto.
-        * runtime/Protect.h: Ditto.
-        * runtime/RegExp.h: Ditto.
-        * runtime/UString.h: Ditto.
-
-        * tests/mozilla/js1_5/Array/regress-157652.js: Changed "KJS"
-        reference in comment to "JSC".
-
-        * wrec/CharacterClassConstructor.cpp: Change "kjs_pcre_" function
-        prefixes to "jsc_pcre_".
-        (JSC::WREC::CharacterClassConstructor::put):
-        (JSC::WREC::CharacterClassConstructor::flush):
-
-        * wtf/unicode/Unicode.h: Change "KJS_" header guard to "WTF_".
-        * wtf/unicode/icu/UnicodeIcu.h: Ditto.
-        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
-
-2009-01-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Make randomNumber generate 2^53 values instead of 2^32 (or 2^31 for rand() platforms)
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-
-2009-01-02  David Kilzer  <ddkilzer@apple.com>
-
-        Remove declaration for JSC::Identifier::initializeIdentifierThreading()
-
-        Reviewed by Alexey Proskuryakov.
-
-        * runtime/Identifier.h:
-        (JSC::Identifier::initializeIdentifierThreading): Removed
-        declaration since the implementation was removed in r34412.
-
-2009-01-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        String.replace does not support $& replacement metacharacter when search term is not a RegExp
-        <https://bugs.webkit.org/show_bug.cgi?id=21431>
-        <rdar://problem/6274993>
-
-        Test: fast/js/string-replace-3.html
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferences): Added a null check here so we won't try to handle $$-$9
-        backreferences when the search term is a string, not a RegExp. Added a check for 0 so we
-        won't try to handle $0 or $00 as a backreference.
-        (JSC::stringProtoFuncReplace): Added a call to substituteBackreferences.
-
-2009-01-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Allow 32-bit integers to be stored in JSImmediates, on x64-bit.
-        Presently the top 32-bits of a 64-bit JSImmediate serve as a sign extension of a 31-bit
-        int stored in the low word (shifted left by one, to make room for a tag).  In the new
-        format, the top 31-bits serve as a sign extension of a 32-bit int, still shifted left by
-        one.
-
-        The new behavior is enabled using a flag in Platform.h, 'WTF_USE_ALTERNATE_JSIMMEDIATE'.
-        When this is set the constants defining the range of ints allowed to be stored as
-        JSImmediate values is extended.  The code in JSImmediate.h can safely operate on either
-        format.  This patch updates the JIT so that it can also operate with the new format.
-
-        ~2% progression on x86-64, with & without the JIT, on sunspider & v8 tests.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::orPtr):
-        (JSC::MacroAssembler::or32):
-        (JSC::MacroAssembler::rshiftPtr):
-        (JSC::MacroAssembler::rshift32):
-        (JSC::MacroAssembler::subPtr):
-        (JSC::MacroAssembler::xorPtr):
-        (JSC::MacroAssembler::xor32):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::compareImm64ForBranch):
-        (JSC::MacroAssembler::compareImm64ForBranchEquality):
-        (JSC::MacroAssembler::jePtr):
-        (JSC::MacroAssembler::jgePtr):
-        (JSC::MacroAssembler::jlPtr):
-        (JSC::MacroAssembler::jlePtr):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jnzSubPtr):
-        (JSC::MacroAssembler::joAddPtr):
-        (JSC::MacroAssembler::jzSubPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::addq_rr):
-        (JSC::X86Assembler::orq_ir):
-        (JSC::X86Assembler::subq_ir):
-        (JSC::X86Assembler::xorq_rr):
-        (JSC::X86Assembler::sarq_CLr):
-        (JSC::X86Assembler::sarq_i8r):
-        (JSC::X86Assembler::cmpq_ir):
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileFastArith_op_lshift):
-        (JSC::JIT::compileFastArithSlow_op_lshift):
-        (JSC::JIT::compileFastArith_op_rshift):
-        (JSC::JIT::compileFastArithSlow_op_rshift):
-        (JSC::JIT::compileFastArith_op_bitand):
-        (JSC::JIT::compileFastArithSlow_op_bitand):
-        (JSC::JIT::compileFastArith_op_mod):
-        (JSC::JIT::compileFastArithSlow_op_mod):
-        (JSC::JIT::compileFastArith_op_add):
-        (JSC::JIT::compileFastArithSlow_op_add):
-        (JSC::JIT::compileFastArith_op_mul):
-        (JSC::JIT::compileFastArithSlow_op_mul):
-        (JSC::JIT::compileFastArith_op_post_inc):
-        (JSC::JIT::compileFastArithSlow_op_post_inc):
-        (JSC::JIT::compileFastArith_op_post_dec):
-        (JSC::JIT::compileFastArithSlow_op_post_dec):
-        (JSC::JIT::compileFastArith_op_pre_inc):
-        (JSC::JIT::compileFastArithSlow_op_pre_inc):
-        (JSC::JIT::compileFastArith_op_pre_dec):
-        (JSC::JIT::compileFastArithSlow_op_pre_dec):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::getConstantOperand):
-        (JSC::JIT::getConstantOperandImmediateInt):
-        (JSC::JIT::isOperandConstantImmediateInt):
-        (JSC::JIT::isOperandConstant31BitImmediateInt):
-        (JSC::JIT::emitFastArithDeTagImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitFastArithImmToInt):
-        (JSC::JIT::emitFastArithIntToImmNoCheck):
-        * runtime/JSImmediate.h:
-        (JSC::JSImmediate::isPositiveNumber):
-        (JSC::JSImmediate::isNegative):
-        (JSC::JSImmediate::rightShiftImmediateNumbers):
-        (JSC::JSImmediate::canDoFastAdditiveOperations):
-        (JSC::JSImmediate::makeValue):
-        (JSC::JSImmediate::makeInt):
-        (JSC::JSImmediate::makeBool):
-        (JSC::JSImmediate::intValue):
-        (JSC::JSImmediate::rawValue):
-        (JSC::JSImmediate::toBoolean):
-        (JSC::JSImmediate::from):
-        * wtf/Platform.h:
-
-2008-12-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        [jsfunfuzz] Assertion + incorrect behaviour with dynamically created local variable in a catch block
-        <https://bugs.webkit.org/show_bug.cgi?id=23063>
-
-        Eval inside a catch block attempts to use the catch block's static scope in
-        an unsafe way by attempting to add new properties to the scope.  This patch
-        fixes this issue simply by preventing the catch block from using a static
-        scope if it contains an eval.
-
-        * parser/Grammar.y:
-        * parser/Nodes.cpp:
-        (JSC::TryNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::TryNode::):
-
-2008-12-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [jsfunfuzz] Computed exception offset wrong when first instruction is attempt to resolve deleted eval
-        <https://bugs.webkit.org/show_bug.cgi?id=23062>
-
-        This was caused by the expression information for the initial resolve of
-        eval not being emitted.  If this resolve was the first instruction that
-        could throw an exception the information search would fail leading to an
-        assertion failure.  If it was not the first throwable opcode the wrong
-        expression information would used.
-
-        Fix is simply to emit the expression info.
-
-        * parser/Nodes.cpp:
-        (JSC::EvalFunctionCallNode::emitBytecode):
-
-2008-12-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 23054: Caching of global lookups occurs even when the global object has become a dictionary
-        <https://bugs.webkit.org/show_bug.cgi?id=23054>
-        <rdar://problem/6469905>
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal): Do not cache lookup if the global
-        object has transitioned to a dictionary.
-        (JSC::Interpreter::cti_op_resolve_global): Do not cache lookup if the
-        global object has transitioned to a dictionary.
-
-2008-12-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23049> [jsfunfuzz] With blocks do not correctly protect their scope object
-        <rdar://problem/6469742> Crash in JSC::TypeInfo::hasStandardGetOwnPropertySlot() running jsfunfuzz
-
-        The problem that caused this was that with nodes were not correctly protecting
-        the final object that was placed in the scope chain.  We correct this by forcing
-        the use of a temporary register (which stops us relying on a local register
-        protecting the scope) and changing the behaviour of op_push_scope so that it
-        will store the final scope object.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitPushScope):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::cti_op_push_scope):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * parser/Nodes.cpp:
-        (JSC::WithNode::emitBytecode):
-
-2008-12-30  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Sam Weinig.
-
-        Bug 23037: Parsing and reparsing disagree on automatic semicolon insertion
-        <https://bugs.webkit.org/show_bug.cgi?id=23037>
-        <rdar://problem/6467124>
-
-        Parsing and reparsing disagree about automatic semicolon insertion, so that a
-        function like
-
-        function() { a = 1, }
-
-        is parsed as being syntactically valid but gets a syntax error upon reparsing.
-        This leads to an assertion failure in Parser::reparse(). It is not that big of
-        an issue in practice, because in a Release build such a function will return
-        'undefined' when called.
-
-        In this case, we are not following the spec and it should be a syntax error.
-        However, unless there is a newline separating the ',' and the '}', WebKit would
-        not treat it as a syntax error in the past either. It would be a bit of work to
-        make the automatic semicolon insertion match the spec exactly, so this patch
-        changes it to match our past behaviour.
-
-        The problem is that even during reparsing, the Lexer adds a semicolon at the
-        end of the input, which confuses allowAutomaticSemicolon(), because it is
-        expecting either a '}', the end of input, or a terminator like a newline.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::Lexer): Initialize m_isReparsing to false.
-        (JSC::Lexer::lex): Do not perform automatic semicolon insertion in the Lexer if
-        we are in the middle of reparsing.
-        (JSC::Lexer::clear): Set m_isReparsing to false.
-        * parser/Lexer.h:
-        (JSC::Lexer::setIsReparsing): Added.
-        * parser/Parser.cpp:
-        (JSC::Parser::reparse): Call Lexer::setIsReparsing() to notify the Lexer of
-        reparsing.
-
-2008-12-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Yet another attempt to fix Tiger.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-
-2008-12-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Tiger build fix (correct this time)
-
-        * wtf/RandomNumber.cpp:
-
-2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Alexey Proskuryakov.
-
-        Revert r39509, because kjsyydebug is used in the generated code if YYDEBUG is 1.
-
-        * parser/Grammar.y:
-
-2008-12-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Tiger build fix.
-
-        * wtf/RandomNumber.cpp:
-
-2008-12-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/6358108> Insecure randomness in Math.random() leads to user tracking
-
-        Switch to arc4random on PLATFORM(DARWIN), this is ~1.5x slower than random(), but the
-        it is still so fast that there is no fathomable way it could be a bottleneck for anything.
-
-        randomNumber is called in two places
-          * During form submission where it is called once per form
-          * Math.random in JSC.  For this difference to show up you have to be looping on
-            a cached local copy of random, for a large (>10000) calls.
-
-        No change in SunSpider.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-
-2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Sam Weinig.
-
-        Remove unused kjsyydebug #define.
-
-        * parser/Grammar.y:
-
-2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt and Sam Weinig.
-
-        Bug 23029: REGRESSION (r39337): jsfunfuzz generates identical test files
-        <https://bugs.webkit.org/show_bug.cgi?id=23029>
-        <rdar://problem/6469185>
-
-        The unification of random number generation in r39337 resulted in random()
-        being initialized on Darwin, but rand() actually being used. Fix this by
-        making randomNumber() use random() instead of rand() on Darwin.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-
-2008-12-29  Sam Weinig  <sam@webkit.org>
-
-        Fix buildbots.
-
-        * runtime/Structure.cpp:
-
-2008-12-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=23026
-        Move the deleted offsets vector into the PropertyMap
-
-        Saves 3 words per Structure.
-
-        * runtime/PropertyMapHashTable.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::fromDictionaryTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::rehashPropertyMapHashTable):
-        * runtime/Structure.h:
-        (JSC::Structure::propertyStorageSize):
-
-2008-12-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Change code using m_body.get() as a boolean to take advantage of the 
-        implicit conversion of RefPtr to boolean.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-
-2008-12-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 22840: REGRESSION (r38349): Gmail doesn't load with profiling enabled
-        <https://bugs.webkit.org/show_bug.cgi?id=22840>
-        <rdar://problem/6468077>
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitNewArray): Add an assertion that the range
-        of registers passed to op_new_array is sequential.
-        (JSC::BytecodeGenerator::emitCall): Correct the relocation of registers
-        when emitting profiler hooks so that registers aren't leaked. Also, add
-        an assertion that the 'this' register is always ref'd (because it is),
-        remove the needless protection of the 'this' register when relocating,
-        and add an assertion that the range of registers passed to op_call for
-        function call arguments is sequential.
-        (JSC::BytecodeGenerator::emitConstruct): Correct the relocation of
-        registers when emitting profiler hooks so that registers aren't leaked.
-        Also, add an assertion that the range of registers passed to op_construct
-        for function call arguments is sequential.
-
-2008-12-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        <rdar://problem/6467376> Race condition in WTF::currentThread can lead to a thread using two different identifiers during its lifetime
-
-        If a newly-created thread calls WTF::currentThread() before WTF::createThread calls establishIdentifierForPthreadHandle
-        then more than one identifier will be used for the same thread.  We can avoid this by adding some extra synchronization
-        during thread creation that delays the execution of the thread function until the thread identifier has been set up, and
-        an assertion to catch this problem should it reappear in the future.
-
-        * wtf/Threading.cpp: Added.
-        (WTF::NewThreadContext::NewThreadContext):
-        (WTF::threadEntryPoint):
-        (WTF::createThread): Add cross-platform createThread function that delays the execution of the thread function until
-        after the thread identifier has been set up.
-        * wtf/Threading.h:
-        * wtf/ThreadingGtk.cpp:
-        (WTF::establishIdentifierForThread):
-        (WTF::createThreadInternal):
-        * wtf/ThreadingNone.cpp:
-        (WTF::createThreadInternal):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::createThreadInternal):
-        * wtf/ThreadingQt.cpp:
-        (WTF::identifierByQthreadHandle):
-        (WTF::establishIdentifierForThread):
-        (WTF::createThreadInternal):
-        * wtf/ThreadingWin.cpp:
-        (WTF::storeThreadHandleByIdentifier):
-        (WTF::createThreadInternal):
-
-        Add Threading.cpp to the build.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-
-2008-12-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Remove unused method.
-
-        * runtime/Structure.h: Remove mutableTypeInfo.
-
-2008-12-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix rounding / bounds / signed comparison bug in ExecutableAllocator.
-
-        ExecutableAllocator::alloc assumed that m_freePtr would be aligned.  This was
-        not always true, since the first allocation from an additional pool would not
-        be rounded up.  Subsequent allocations would be unaligned, and too much memory
-        could be erroneously allocated from the pool, when the size requested was
-        available, but the size rounded up to word granularity was not available in the
-        pool.  This may result in the value of m_freePtr being greater than m_end.
-
-        Under these circumstances, the unsigned check for space will always pass,
-        resulting in pointers to memory outside of the arena being returned, and
-        ultimately segfaulty goodness when attempting to memcpy the hot freshly jitted
-        code from the AssemblerBuffer.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22974
-        ... and probably many, many more.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::alloc):
-        (JSC::ExecutablePool::roundUpAllocationSize):
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-
-2008-12-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Rename all uses of the term "repatch" to "patch".
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::DataLabelPtr::patch):
-        (JSC::MacroAssembler::DataLabel32::patch):
-        (JSC::MacroAssembler::Jump::patch):
-        (JSC::MacroAssembler::PatchBuffer::PatchBuffer):
-        (JSC::MacroAssembler::PatchBuffer::setPtr):
-        (JSC::MacroAssembler::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssembler::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssembler::storePtrWithPatch):
-        (JSC::MacroAssembler::jnePtrWithPatch):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::patchAddress):
-        (JSC::X86Assembler::patchImmediate):
-        (JSC::X86Assembler::patchPointer):
-        (JSC::X86Assembler::patchBranchOffset):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_put_by_id):
-        (JSC::Interpreter::cti_op_get_by_id):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
-        * jit/JIT.cpp:
-        (JSC::ctiPatchCallByReturnAddress):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::compileOpCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-
-2008-12-22  Adam Roben  <aroben@apple.com>
-
-        Build fix after r39428
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSlowCase): Added a missing MacroAssembler::
-
-2008-12-22  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
-
-        Rubber-stamped by George Staikos.
-
-        Unify all TorchMobile copyright lines. Consolidate in a single line, as requested by Mark Rowe, some time ago.
-
-        * wtf/RandomNumber.cpp:
-        * wtf/RandomNumber.h:
-        * wtf/RandomNumberSeed.h:
-
-2008-12-21  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
-
-        Rubber-stamped by George Staikos.
-
-        Fix copyright of the new RandomNumber* files.
-
-        * wtf/RandomNumber.cpp:
-        * wtf/RandomNumber.h:
-        * wtf/RandomNumberSeed.h:
-
-2008-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt & Cameron Zwarich.
-
-        Add support for call and property access repatching on x86-64.
-
-        No change in performance on current configurations (2x impovement on v8-tests with JIT enabled on x86-64).
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::DataLabelPtr::repatch):
-        (JSC::MacroAssembler::DataLabelPtr::operator X86Assembler::JmpDst):
-        (JSC::MacroAssembler::DataLabel32::repatch):
-        (JSC::MacroAssembler::RepatchBuffer::addressOf):
-        (JSC::MacroAssembler::add32):
-        (JSC::MacroAssembler::sub32):
-        (JSC::MacroAssembler::loadPtrWithAddressOffsetRepatch):
-        (JSC::MacroAssembler::storePtrWithAddressOffsetRepatch):
-        (JSC::MacroAssembler::jePtr):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jnePtrWithRepatch):
-        (JSC::MacroAssembler::differenceBetween):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::addl_im):
-        (JSC::X86Assembler::subl_im):
-        (JSC::X86Assembler::cmpl_rm):
-        (JSC::X86Assembler::movq_rm_disp32):
-        (JSC::X86Assembler::movq_mr_disp32):
-        (JSC::X86Assembler::repatchPointer):
-        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp32):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::resizePropertyStorage):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * wtf/Platform.h:
-
-2008-12-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Port optimized property access generation to the MacroAssembler.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::AbsoluteAddress::AbsoluteAddress):
-        (JSC::MacroAssembler::DataLabelPtr::repatch):
-        (JSC::MacroAssembler::DataLabel32::DataLabel32):
-        (JSC::MacroAssembler::DataLabel32::repatch):
-        (JSC::MacroAssembler::Label::operator X86Assembler::JmpDst):
-        (JSC::MacroAssembler::Jump::repatch):
-        (JSC::MacroAssembler::JumpList::empty):
-        (JSC::MacroAssembler::RepatchBuffer::link):
-        (JSC::MacroAssembler::add32):
-        (JSC::MacroAssembler::and32):
-        (JSC::MacroAssembler::sub32):
-        (JSC::MacroAssembler::loadPtrWithAddressRepatch):
-        (JSC::MacroAssembler::storePtrWithAddressRepatch):
-        (JSC::MacroAssembler::push):
-        (JSC::MacroAssembler::ja32):
-        (JSC::MacroAssembler::jePtr):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jnePtrWithRepatch):
-        (JSC::MacroAssembler::align):
-        (JSC::MacroAssembler::differenceBetween):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movl_rm_disp32):
-        (JSC::X86Assembler::movl_mr_disp32):
-        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp32):
-        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
-        * jit/JIT.cpp:
-        (JSC::ctiRepatchCallByReturnAddress):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::resizePropertyStorage):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::addressOfCount):
-
-2008-12-19  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Reviewed by Holger Freyther.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22686
-
-        Added file which was missing to the javascriptcore_sources
-        variable, so that it shows up in the tarball created by `make
-        dist'.
-
-        * GNUmakefile.am:
-
-2008-12-19  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Antti Koivisto.
-
-        Build fix when building JS API tests with a c89 c compiler
-
-        Do not use C++ style comments and convert them to C comments.
-
-        * wtf/Platform.h:
-
-2008-12-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Same as last revision, adding cases for pre & post inc & dec.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22928
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2008-12-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fixes for the JIT's handling of JSImmediate values on x86-64.
-        On 64-bit systems, the code in JSImmediate.h relies on the upper
-        bits of a JSImmediate being a sign extension of the low 32-bits.
-        This was not being enforced by the JIT, since a number of inline
-        operations were being performed on 32-bit values in registers, and
-        when a 32-bit result is written to a register on x86-64 the value
-        is zero-extended to 64-bits.
-        
-        This fix honors previous behavoir.  A better fix in the long run
-        (when the JIT is enabled by default) may be to change JSImmediate.h
-        so it no longer relies on the upper bits of the pointer,... though
-        if we're going to change JSImmediate.h for 64-bit, we probably may
-        as well change the format so that the full range of 32-bit ints can
-        be stored, rather than just 31-bits.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22925
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::andPtr):
-        (JSC::MacroAssembler::orPtr):
-        (JSC::MacroAssembler::or32):
-        (JSC::MacroAssembler::xor32):
-        (JSC::MacroAssembler::xorPtr):
-        (JSC::MacroAssembler::signExtend32ToPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::andq_rr):
-        (JSC::X86Assembler::andq_ir):
-        (JSC::X86Assembler::orq_rr):
-        (JSC::X86Assembler::xorq_ir):
-        (JSC::X86Assembler::movsxd_rr):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
-        (JSC::JIT::emitFastArithImmToInt):
-
-2008-12-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Just a tidy up - rename & refactor some the #defines configuring the JIT.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_convert_this):
-        (JSC::Interpreter::cti_op_end):
-        (JSC::Interpreter::cti_op_add):
-        (JSC::Interpreter::cti_op_pre_inc):
-        (JSC::Interpreter::cti_timeout_check):
-        (JSC::Interpreter::cti_register_file_check):
-        (JSC::Interpreter::cti_op_loop_if_less):
-        (JSC::Interpreter::cti_op_loop_if_lesseq):
-        (JSC::Interpreter::cti_op_new_object):
-        (JSC::Interpreter::cti_op_put_by_id_generic):
-        (JSC::Interpreter::cti_op_get_by_id_generic):
-        (JSC::Interpreter::cti_op_put_by_id):
-        (JSC::Interpreter::cti_op_put_by_id_second):
-        (JSC::Interpreter::cti_op_put_by_id_fail):
-        (JSC::Interpreter::cti_op_get_by_id):
-        (JSC::Interpreter::cti_op_get_by_id_second):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
-        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
-        (JSC::Interpreter::cti_op_get_by_id_array_fail):
-        (JSC::Interpreter::cti_op_get_by_id_string_fail):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_del_by_id):
-        (JSC::Interpreter::cti_op_mul):
-        (JSC::Interpreter::cti_op_new_func):
-        (JSC::Interpreter::cti_op_call_JSFunction):
-        (JSC::Interpreter::cti_op_call_arityCheck):
-        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
-        (JSC::Interpreter::cti_vm_lazyLinkCall):
-        (JSC::Interpreter::cti_op_push_activation):
-        (JSC::Interpreter::cti_op_call_NotJSFunction):
-        (JSC::Interpreter::cti_op_create_arguments):
-        (JSC::Interpreter::cti_op_create_arguments_no_params):
-        (JSC::Interpreter::cti_op_tear_off_activation):
-        (JSC::Interpreter::cti_op_tear_off_arguments):
-        (JSC::Interpreter::cti_op_profile_will_call):
-        (JSC::Interpreter::cti_op_profile_did_call):
-        (JSC::Interpreter::cti_op_ret_scopeChain):
-        (JSC::Interpreter::cti_op_new_array):
-        (JSC::Interpreter::cti_op_resolve):
-        (JSC::Interpreter::cti_op_construct_JSConstruct):
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_resolve_func):
-        (JSC::Interpreter::cti_op_sub):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_array):
-        (JSC::Interpreter::cti_op_lesseq):
-        (JSC::Interpreter::cti_op_loop_if_true):
-        (JSC::Interpreter::cti_op_negate):
-        (JSC::Interpreter::cti_op_resolve_base):
-        (JSC::Interpreter::cti_op_resolve_skip):
-        (JSC::Interpreter::cti_op_resolve_global):
-        (JSC::Interpreter::cti_op_div):
-        (JSC::Interpreter::cti_op_pre_dec):
-        (JSC::Interpreter::cti_op_jless):
-        (JSC::Interpreter::cti_op_not):
-        (JSC::Interpreter::cti_op_jtrue):
-        (JSC::Interpreter::cti_op_post_inc):
-        (JSC::Interpreter::cti_op_eq):
-        (JSC::Interpreter::cti_op_lshift):
-        (JSC::Interpreter::cti_op_bitand):
-        (JSC::Interpreter::cti_op_rshift):
-        (JSC::Interpreter::cti_op_bitnot):
-        (JSC::Interpreter::cti_op_resolve_with_base):
-        (JSC::Interpreter::cti_op_new_func_exp):
-        (JSC::Interpreter::cti_op_mod):
-        (JSC::Interpreter::cti_op_less):
-        (JSC::Interpreter::cti_op_neq):
-        (JSC::Interpreter::cti_op_post_dec):
-        (JSC::Interpreter::cti_op_urshift):
-        (JSC::Interpreter::cti_op_bitxor):
-        (JSC::Interpreter::cti_op_new_regexp):
-        (JSC::Interpreter::cti_op_bitor):
-        (JSC::Interpreter::cti_op_call_eval):
-        (JSC::Interpreter::cti_op_throw):
-        (JSC::Interpreter::cti_op_get_pnames):
-        (JSC::Interpreter::cti_op_next_pname):
-        (JSC::Interpreter::cti_op_push_scope):
-        (JSC::Interpreter::cti_op_pop_scope):
-        (JSC::Interpreter::cti_op_typeof):
-        (JSC::Interpreter::cti_op_is_undefined):
-        (JSC::Interpreter::cti_op_is_boolean):
-        (JSC::Interpreter::cti_op_is_number):
-        (JSC::Interpreter::cti_op_is_string):
-        (JSC::Interpreter::cti_op_is_object):
-        (JSC::Interpreter::cti_op_is_function):
-        (JSC::Interpreter::cti_op_stricteq):
-        (JSC::Interpreter::cti_op_nstricteq):
-        (JSC::Interpreter::cti_op_to_jsnumber):
-        (JSC::Interpreter::cti_op_in):
-        (JSC::Interpreter::cti_op_push_new_scope):
-        (JSC::Interpreter::cti_op_jmp_scopes):
-        (JSC::Interpreter::cti_op_put_by_index):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_op_switch_char):
-        (JSC::Interpreter::cti_op_switch_string):
-        (JSC::Interpreter::cti_op_del_by_val):
-        (JSC::Interpreter::cti_op_put_getter):
-        (JSC::Interpreter::cti_op_put_setter):
-        (JSC::Interpreter::cti_op_new_error):
-        (JSC::Interpreter::cti_op_debug):
-        (JSC::Interpreter::cti_vm_throw):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        * wtf/Platform.h:
-
-2008-12-18  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 21855: REGRESSION (r37323): Gmail complains about popup blocking when opening a link
-        <https://bugs.webkit.org/show_bug.cgi?id=21855>
-        <rdar://problem/6278244>
-
-        Move DynamicGlobalObjectScope to JSGlobalObject.h so that it can be used
-        from WebCore.
-
-        * interpreter/Interpreter.cpp:
-        * runtime/JSGlobalObject.h:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
-
-2008-12-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=22393
-        Segfault when caching property accesses to primitive cells.
-        
-        Changed some asObject casts to asCell casts in cases where a primitive
-        value may be a cell and not an object.
-        
-        Re-enabled property caching for primitives in cases where it had been
-        disabled because of this bug.
-        
-        Updated a comment to better explain something Darin thought needed
-        explaining in an old patch review.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::countPrototypeChainEntriesAndCheckForProxies):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-
-2008-12-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fixes for Sunspider failures with the JIT enabled on x86-64.
-
-        * assembler/MacroAssembler.h:
-            Switch the order of the RegisterID & Address form of je32, to keep it consistent with jne32.
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-            Port the m_ctiVirtualCall tramopline generation to use the MacroAssembler interface.
-        * jit/JITCall.cpp:
-            Fix bug in the non-optimizing code path, vptr check should have been to the memory address pointer
-            to by the register, not to the register itself.
-        * wrec/WRECGenerator.cpp:
-            See assembler/MacroAssembler.h, above.
-
-2008-12-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        print("Hello, 64-bit jitted world!");
-        Get hello-world working through the JIT, on x86-64.
-
-        * assembler/X86Assembler.h:
-            Fix encoding of opcode + RegisterID format instructions for 64-bit.
-        * interpreter/Interpreter.cpp:
-        * interpreter/Interpreter.h:
-            Make VoidPtrPair actually be a pair of void*s.
-            (Possibly should make this change for 32-bit Mac platforms, too - but won't change 32-bit behaviour in this patch).
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-            Provide names for the timeoutCheckRegister & callFrameRegister on x86-64,
-            force x86-64 ctiTrampoline arguments onto the stack,
-            implement the asm trampolines for x86-64,
-            implement the restoreArgumentReference methods for x86-64 calling conventions.
-        * jit/JITCall.cpp:
-        * jit/JITInlineMethods.h:
-        * wtf/Platform.h:
-            Add switch settings to ENABLE(JIT), on PLATFORM(X86_64) (currently still disabled).
-
-2008-12-17  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Add more CodeBlock statistics.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpStatistics):
-
-2008-12-17  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22897
-        <rdar://problem/6428342>
-        Look into feasibility of discarding bytecode after native codegen
-
-        Clear the bytecode Instruction vector at the end JIT generation.
-
-        Saves 4.8 MB on Membuster head.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Add logging for the case that someone tries
-        to dump the instructions of a CodeBlock that has had its bytecode
-        vector cleared.
-        (JSC::CodeBlock::CodeBlock): Initialize the instructionCount
-        (JSC::CodeBlock::handlerForBytecodeOffset): Use instructionCount instead
-        of the size of the instruction vector in the assertion.
-        (JSC::CodeBlock::lineNumberForBytecodeOffset): Ditto.
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset): Ditto.
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset): Ditto.
-        (JSC::CodeBlock::functionRegisterForBytecodeOffset): Ditto.
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setInstructionCount): Store the instruction vector size
-        in debug builds for assertions.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile): Clear the bytecode vector unless we
-        have compiled with Opcode sampling where we will continue to require it
-
-2008-12-17  Cary Clark  <caryclark@google.com>
-
-        Reviewed by Darin Adler.
-        Landed by Adam Barth.
-
-        Add ENABLE_TEXT_CARET to permit the ANDROID platform
-        to invalidate and draw the caret in a separate thread.
-
-        * wtf/Platform.h:
-        Default ENABLE_TEXT_CARET to 1.
-
-2008-12-17  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Don't use unique context group in JSGlobalContextCreate() on Tiger or Leopard, take two.
-
-        * API/JSContextRef.cpp: The previous patch that claimed to do this was making Tiger and
-        Leopard always use unique context group instead.
-
-2008-12-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22838
-        Remove dependency on the bytecode Instruction buffer in Interpreter::throwException
-        Part of <rdar://problem/6428342>
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::functionRegisterForBytecodeOffset): Added. Function to get
-        a function Register index in a callFrame for a bytecode offset.
-        (JSC::CodeBlock::shrinkToFit): Shrink m_getByIdExceptionInfo and m_functionRegisterInfos.
-        * bytecode/CodeBlock.h:
-        (JSC::FunctionRegisterInfo::FunctionRegisterInfo): Added.
-        (JSC::CodeBlock::addFunctionRegisterInfo):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException): Use functionRegisterForBytecodeOffset in JIT
-        mode.
-
-2008-12-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22837
-        Remove dependency on the bytecode Instruction buffer in Interpreter::cti_op_call_NotJSFunction
-        Part of <rdar://problem/6428342>
-
-        * interpreter/CallFrame.h: Added comment regarding returnPC storing a void*.
-        * interpreter/Interpreter.cpp:
-        (JSC::bytecodeOffsetForPC): We no longer have any cases of the PC
-        being in the instruction stream for JIT, so we can remove the check.
-        (JSC::Interpreter::cti_op_call_NotJSFunction): Use the CTI_RETURN_ADDRESS
-        as the call frame returnPC as it is only necessary for looking up when
-        throwing an exception.
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::): Added comment regarding returnPC storing a void*.
-        * jit/JIT.h: Remove ARG_instr4.
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSetupArgs): Don't pass the instruction pointer.
-
-2008-12-16  Darin Adler  <darin@apple.com>
-
-        Reviewed and landed by Cameron Zwarich.
-
-        Preparatory work for fixing
-
-        Bug 22887: Make UString::Rep use RefCounted rather than implementing its own ref counting
-        <https://bugs.webkit.org/show_bug.cgi?id=22887>
-
-        Change the various string translators used by Identifier:add() so that
-        they never zero the ref count of a newly created UString::Rep.
-
-        * runtime/Identifier.cpp:
-        (JSC::CStringTranslator::translate):
-        (JSC::Identifier::add):
-        (JSC::UCharBufferTranslator::translate):
-
-2008-12-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix for 'doze.
-
-        * assembler/AssemblerBuffer.h:
-
-2008-12-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Make the JIT compile on x86-64.
-        This largely involves populting the missing calls in MacroAssembler.h.
-        In addition some reinterpret_casts need removing from the JIT, and the
-        repatching property access code will need to be fully compiled out for
-        now.  The changes in interpret.cpp are to reorder the functions so that
-        the _generic forms come before all other property access methods, and
-        then to place all property access methods other than the generic forms
-        under control of the ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS macro.
-
-        No performance impact.
-
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::putInt64Unchecked):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::loadPtr):
-        (JSC::MacroAssembler::load32):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::storePtrWithRepatch):
-        (JSC::MacroAssembler::store32):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::testImm64):
-        (JSC::MacroAssembler::jePtr):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jnzPtr):
-        (JSC::MacroAssembler::jzPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::cmpq_rr):
-        (JSC::X86Assembler::cmpq_rm):
-        (JSC::X86Assembler::cmpq_im):
-        (JSC::X86Assembler::testq_i32m):
-        (JSC::X86Assembler::movl_mEAX):
-        (JSC::X86Assembler::movl_i32r):
-        (JSC::X86Assembler::movl_EAXm):
-        (JSC::X86Assembler::movq_rm):
-        (JSC::X86Assembler::movq_mEAX):
-        (JSC::X86Assembler::movq_mr):
-        (JSC::X86Assembler::movq_i64r):
-        (JSC::X86Assembler::movl_mr):
-        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64):
-        (JSC::X86Assembler::X86InstructionFormatter::immediate64):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_put_by_id_generic):
-        (JSC::Interpreter::cti_op_get_by_id_generic):
-        (JSC::Interpreter::cti_op_put_by_id):
-        (JSC::Interpreter::cti_op_put_by_id_second):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        * runtime/JSImmediate.h:
-        (JSC::JSImmediate::makeInt):
-
-2008-12-16  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22869: REGRESSION (r38407): http://news.cnet.com/8301-13579_3-9953533-37.html crashes
-        <https://bugs.webkit.org/show_bug.cgi?id=22869>
-        <rdar://problem/6402499>
-
-        Before r38407, Structure::m_nameInPrevious was ref'd due to it being
-        stored in a PropertyMap. However, PropertyMaps are created lazily after
-        r38407, so Structure::m_nameInPrevious is not necessarily ref'd while
-        it is being used. Making it a RefPtr instead of a raw pointer fixes
-        the problem.
-
-        Unfortunately, the crash in the bug is rather intermittent, and it is
-        impossible to add an assertion in UString::Ref::ref() to catch this bug
-        because some users of UString::Rep deliberately zero out the reference
-        count. Therefore, there is no layout test accompanying this bug fix.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure): Use get().
-        (JSC::Structure::materializePropertyMap): Use get().
-        (JSC::Structure::addPropertyTransitionToExistingStructure): Use get().
-        (JSC::Structure::addPropertyTransition): Use get().
-        * runtime/Structure.h: Make Structure::m_nameInPrevious a RefPtr instead
-        of a raw pointer.
-
-2008-12-16  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
-
-        Not reviewed. Attempt to fix win build. No 'using namespace WTF' in this file, needs manual WTF:: prefix.
-        Not sure why the build works as is here.
-
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncRandom):
-
-2008-12-16  Nikolas Zimmermann  <nikolas.zimmermann@torchmobile.com>
-
-        Reviewed by Darin Adler.
-
-        Fixes: https://bugs.webkit.org/show_bug.cgi?id=22876
-
-        Unify random number generation in JavaScriptCore & WebCore, by introducing
-        wtf/RandomNumber.h and moving wtf_random/wtf_random_init out of MathExtras.h.
-
-        wtf_random_init() has been renamed to initializeRandomNumberGenerator() and
-        lives in it's own private header: wtf/RandomNumberSeed.h, only intended to
-        be used from within JavaScriptCore.
-
-        wtf_random() has been renamed to randomNumber() and lives in a public header
-        wtf/RandomNumber.h, usable from within JavaScriptCore & WebCore. It encapsulates
-        the code taking care of initializing the random number generator (only when
-        building without ENABLE(JSC_MULTIPLE_THREADS), otherwhise initializeThreading()
-        already took care of that).
-
-        Functional change on darwin: Use random() instead of rand(), as it got a larger
-        period (more randomness). HTMLFormElement already contains this implementation
-        and I just moved it in randomNumber(), as  special case for PLATFORM(DARWIN).
-
-        * GNUmakefile.am: Add RandomNumber.(cpp/h) / RandomNumberSeed.h.
-        * JavaScriptCore.exp: Ditto.
-        * JavaScriptCore.pri: Ditto.
-        * JavaScriptCore.scons: Ditto.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * JavaScriptCoreSources.bkl: Ditto.
-        * runtime/MathObject.cpp: Use new WTF::randomNumber() functionality.
-        (JSC::mathProtoFuncRandom):
-        * wtf/MathExtras.h: Move wtf_random / wtf_random_init to new files.
-        * wtf/RandomNumber.cpp: Added.
-        (WTF::randomNumber):
-        * wtf/RandomNumber.h: Added.
-        * wtf/RandomNumberSeed.h: Added. Internal usage within JSC only.
-        (WTF::initializeRandomNumberGenerator):
-        * wtf/ThreadingGtk.cpp: Rename wtf_random_init() to initializeRandomNumberGenerator().
-        (WTF::initializeThreading):
-        * wtf/ThreadingPthreads.cpp: Ditto.
-        (WTF::initializeThreading):
-        * wtf/ThreadingQt.cpp: Ditto.
-        (WTF::initializeThreading):
-        * wtf/ThreadingWin.cpp: Ditto.
-        (WTF::initializeThreading):
-
-2008-12-16 Yael Aharon <yael.aharon@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Qt/Win build fix
-
-        * JavaScriptCore.pri:
-
-2008-12-15  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix the build with GCC 4.0.
-
-        * Configurations/JavaScriptCore.xcconfig:  GCC 4.0 appears to have a bug when compiling with -funwind-tables on,
-        so don't use it with that compiler version.
-
-2008-12-15  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Cameron Zwarich.
-
-        <rdar://problem/6289933> Change WebKit-related projects to build with GCC 4.2 on Leopard.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-
-2008-12-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Don't use unique context group in JSGlobalContextCreate() on Tiger or Leopard.
-
-        * API/JSContextRef.cpp: (JSGlobalContextCreate):
-
-2008-12-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/6445089> Mach ports leak from worker threads
-
-        * interpreter/Interpreter.cpp: (JSC::getCPUTime):
-        Deallocate the thread self port.
-
-2008-12-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Construct stack frames in JIT code, so that backtracing can still work.
-        <rdar://problem/6447870> JIT should play nice with attempts to take stack traces
-
-        * jit/JIT.cpp:
-        (JSC::):
-        (JSC::JIT::privateCompileMainPass):
-
-2008-12-15  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/6402262> JavaScriptCore needs exception handling tables in order to get stack traces without frame pointers
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-12-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Mark Rowe.
-
-        Revert r39226 / Bug 22818: Unify JIT callback argument access OS X / Windows
-        This causes Acid3 failures – reverting for now & will revisit later.
-        https://bugs.webkit.org/show_bug.cgi?id=22873
-
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        (JSC::JIT::emitCTICall_internal):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * wtf/Platform.h:
-
-2008-12-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - fix <rdar://problem/6427048> crash due to infinite recursion after setting window.__proto__ = window
-
-        Replaced toGlobalObject with the more generally useful unwrappedObject and used it to
-        fix the cycle detection code in put(__proto__).
-
-        * JavaScriptCore.exp: Updated.
-
-        * runtime/JSGlobalObject.cpp: Removed toGlobalObject. We now use unwrappedObject instead.
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::isGlobalObject): Ditto.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval): Use unwrappedObject and isGlobalObject here rather than toGlobalObject.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put): Rewrote prototype cycle checking loop. Use unwrappedObject in the loop now.
-        (JSC::JSObject::unwrappedObject): Replaced toGlobalObject with this new function.
-        * runtime/JSObject.h: More of the same.
-
-2008-12-15  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-        
-        Visual Studio requires visibility of forward declarations to match class declaration.
-
-        * assembler/X86Assembler.h:
-
-2008-12-15  Gustavo Noronha Silva  <kov@kov.eti.br>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22686
-
-        GTK+ build fix.
-
-        * GNUmakefile.am:
-
-2008-12-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Add support to X86Assembler emitting instructions that access all 16 registers on x86-64.
-        Add a new formating class, that is reponsible for both emitting the opcode bytes and the
-        ModRm  bytes of an instruction in a single call; this can insert the REX byte as necessary
-        before the opcode, but has access to the register numbers to build the REX.
-
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::isAligned):
-        (JSC::AssemblerBuffer::data):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::add32):
-        (JSC::MacroAssembler::and32):
-        (JSC::MacroAssembler::or32):
-        (JSC::MacroAssembler::sub32):
-        (JSC::MacroAssembler::xor32):
-        (JSC::MacroAssembler::loadPtr):
-        (JSC::MacroAssembler::load32):
-        (JSC::MacroAssembler::load16):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::storePtrWithRepatch):
-        (JSC::MacroAssembler::store32):
-        (JSC::MacroAssembler::pop):
-        (JSC::MacroAssembler::push):
-        (JSC::MacroAssembler::compareImm32ForBranch):
-        (JSC::MacroAssembler::compareImm32ForBranchEquality):
-        (JSC::MacroAssembler::testImm32):
-        (JSC::MacroAssembler::jae32):
-        (JSC::MacroAssembler::jb32):
-        (JSC::MacroAssembler::je16):
-        (JSC::MacroAssembler::jg32):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jne32):
-        (JSC::MacroAssembler::jump):
-        * assembler/X86Assembler.h:
-        (JSC::X86::):
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::size):
-        (JSC::X86Assembler::push_r):
-        (JSC::X86Assembler::pop_r):
-        (JSC::X86Assembler::push_i32):
-        (JSC::X86Assembler::push_m):
-        (JSC::X86Assembler::pop_m):
-        (JSC::X86Assembler::addl_rr):
-        (JSC::X86Assembler::addl_mr):
-        (JSC::X86Assembler::addl_ir):
-        (JSC::X86Assembler::addq_ir):
-        (JSC::X86Assembler::addl_im):
-        (JSC::X86Assembler::andl_rr):
-        (JSC::X86Assembler::andl_ir):
-        (JSC::X86Assembler::orl_rr):
-        (JSC::X86Assembler::orl_mr):
-        (JSC::X86Assembler::orl_ir):
-        (JSC::X86Assembler::subl_rr):
-        (JSC::X86Assembler::subl_mr):
-        (JSC::X86Assembler::subl_ir):
-        (JSC::X86Assembler::subl_im):
-        (JSC::X86Assembler::xorl_rr):
-        (JSC::X86Assembler::xorl_ir):
-        (JSC::X86Assembler::sarl_i8r):
-        (JSC::X86Assembler::sarl_CLr):
-        (JSC::X86Assembler::shll_i8r):
-        (JSC::X86Assembler::shll_CLr):
-        (JSC::X86Assembler::imull_rr):
-        (JSC::X86Assembler::imull_i32r):
-        (JSC::X86Assembler::idivl_r):
-        (JSC::X86Assembler::cmpl_rr):
-        (JSC::X86Assembler::cmpl_rm):
-        (JSC::X86Assembler::cmpl_mr):
-        (JSC::X86Assembler::cmpl_ir):
-        (JSC::X86Assembler::cmpl_ir_force32):
-        (JSC::X86Assembler::cmpl_im):
-        (JSC::X86Assembler::cmpl_im_force32):
-        (JSC::X86Assembler::cmpw_rm):
-        (JSC::X86Assembler::testl_rr):
-        (JSC::X86Assembler::testl_i32r):
-        (JSC::X86Assembler::testl_i32m):
-        (JSC::X86Assembler::testq_rr):
-        (JSC::X86Assembler::testq_i32r):
-        (JSC::X86Assembler::testb_i8r):
-        (JSC::X86Assembler::sete_r):
-        (JSC::X86Assembler::setz_r):
-        (JSC::X86Assembler::setne_r):
-        (JSC::X86Assembler::setnz_r):
-        (JSC::X86Assembler::cdq):
-        (JSC::X86Assembler::xchgl_rr):
-        (JSC::X86Assembler::movl_rr):
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::movl_mr):
-        (JSC::X86Assembler::movl_i32r):
-        (JSC::X86Assembler::movl_i32m):
-        (JSC::X86Assembler::movq_rr):
-        (JSC::X86Assembler::movq_rm):
-        (JSC::X86Assembler::movq_mr):
-        (JSC::X86Assembler::movzwl_mr):
-        (JSC::X86Assembler::movzbl_rr):
-        (JSC::X86Assembler::leal_mr):
-        (JSC::X86Assembler::call):
-        (JSC::X86Assembler::jmp):
-        (JSC::X86Assembler::jmp_r):
-        (JSC::X86Assembler::jmp_m):
-        (JSC::X86Assembler::jne):
-        (JSC::X86Assembler::jnz):
-        (JSC::X86Assembler::je):
-        (JSC::X86Assembler::jl):
-        (JSC::X86Assembler::jb):
-        (JSC::X86Assembler::jle):
-        (JSC::X86Assembler::jbe):
-        (JSC::X86Assembler::jge):
-        (JSC::X86Assembler::jg):
-        (JSC::X86Assembler::ja):
-        (JSC::X86Assembler::jae):
-        (JSC::X86Assembler::jo):
-        (JSC::X86Assembler::jp):
-        (JSC::X86Assembler::js):
-        (JSC::X86Assembler::addsd_rr):
-        (JSC::X86Assembler::addsd_mr):
-        (JSC::X86Assembler::cvtsi2sd_rr):
-        (JSC::X86Assembler::cvttsd2si_rr):
-        (JSC::X86Assembler::movd_rr):
-        (JSC::X86Assembler::movsd_rm):
-        (JSC::X86Assembler::movsd_mr):
-        (JSC::X86Assembler::mulsd_rr):
-        (JSC::X86Assembler::mulsd_mr):
-        (JSC::X86Assembler::pextrw_irr):
-        (JSC::X86Assembler::subsd_rr):
-        (JSC::X86Assembler::subsd_mr):
-        (JSC::X86Assembler::ucomis_rr):
-        (JSC::X86Assembler::int3):
-        (JSC::X86Assembler::ret):
-        (JSC::X86Assembler::predictNotTaken):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::align):
-        (JSC::X86Assembler::link):
-        (JSC::X86Assembler::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormater::prefix):
-        (JSC::X86Assembler::X86InstructionFormater::oneByteOp):
-        (JSC::X86Assembler::X86InstructionFormater::twoByteOp):
-        (JSC::X86Assembler::X86InstructionFormater::oneByteOp64):
-        (JSC::X86Assembler::X86InstructionFormater::oneByteOp8):
-        (JSC::X86Assembler::X86InstructionFormater::twoByteOp8):
-        (JSC::X86Assembler::X86InstructionFormater::instructionImmediate8):
-        (JSC::X86Assembler::X86InstructionFormater::instructionImmediate32):
-        (JSC::X86Assembler::X86InstructionFormater::instructionRel32):
-        (JSC::X86Assembler::X86InstructionFormater::size):
-        (JSC::X86Assembler::X86InstructionFormater::isAligned):
-        (JSC::X86Assembler::X86InstructionFormater::data):
-        (JSC::X86Assembler::X86InstructionFormater::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormater::registerModRM):
-        (JSC::X86Assembler::X86InstructionFormater::memoryModRM):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2008-12-15  Darin Adler  <darin@apple.com>
-
-        * interpreter/RegisterFile.h: Tweak include formatting.
-
-2008-12-15  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Build fix for Gtk+.
-
-        * interpreter/RegisterFile.h: Include stdio.h for fprintf
-
-2008-12-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6444455> Worker Thread crash running multiple workers for a moderate amount of time
-
-        * interpreter/RegisterFile.h: (JSC::RegisterFile::RegisterFile):
-        Improve error handling: if mmap fails, crash immediately, and print out the reason.
-
-2008-12-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Re-enable WREC on 64-bit.
-        Implements one of the MacroAssembler::jnzPtr methods, previously only implemented for 32-bit x86.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22849
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::testImm64):
-        (JSC::MacroAssembler::jnzPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::testq_i32r):
-        (JSC::X86Assembler::testq_rr):
-        * wtf/Platform.h:
-
-2008-12-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix PPC builds.
-
-        * assembler/MacroAssembler.h:
-
-2008-12-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix only, no review.
-
-        * bytecode/CodeBlock.h:
-
-2008-12-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Port the remainder of the JIT, bar calling convention related code, and code
-        implementing optimizations which can be disabled, to use the MacroAssembler.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::DataLabelPtr::DataLabelPtr):
-        (JSC::MacroAssembler::RepatchBuffer::RepatchBuffer):
-        (JSC::MacroAssembler::RepatchBuffer::link):
-        (JSC::MacroAssembler::RepatchBuffer::addressOf):
-        (JSC::MacroAssembler::RepatchBuffer::setPtr):
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::lshift32):
-        (JSC::MacroAssembler::mod32):
-        (JSC::MacroAssembler::rshift32):
-        (JSC::MacroAssembler::storePtrWithRepatch):
-        (JSC::MacroAssembler::jnzPtr):
-        (JSC::MacroAssembler::jzPtr):
-        (JSC::MacroAssembler::jump):
-        (JSC::MacroAssembler::label):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::xchgl_rr):
-        (JSC::X86Assembler::jmp_m):
-        (JSC::X86Assembler::repatchAddress):
-        (JSC::X86Assembler::getRelocatedAddress):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::JITCodeRef::JITCodeRef):
-        (JSC::CodeBlock::setJITCode):
-        (JSC::CodeBlock::jitCode):
-        (JSC::CodeBlock::executablePool):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileLinkPass):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::JumpTable::JumpTable):
-        (JSC::JIT::emitCTICall):
-        (JSC::JIT::JSRInfo::JSRInfo):
-        * jit/JITArithmetic.cpp:
-        * jit/JITCall.cpp:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::emitCTICall_internal):
-        (JSC::JIT::checkStructure):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::addSlowCase):
-        (JSC::JIT::addJump):
-        (JSC::JIT::emitJumpSlowToHot):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2008-12-12  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix the failures of the following layout tests, which regressed in
-        r39255:
-
-        fast/dom/StyleSheet/ownerNode-lifetime-2.html
-        fast/xsl/transform-xhr-doc.xhtml
-
-        The binary search in CodeBlock::getByIdExceptionInfoForBytecodeOffset()
-        doesn't guarantee that it actually finds a match, so add an explicit check
-        for this.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
-
-2008-12-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Replace emitPutCallArg methods with emitPutJITStubArg methods.  Primarily to make the argument numbering
-        more sensible (1-based incrementing by 1, rather than 0-based incrementing by 4).  The CTI name also seems
-        to be being deprecated from the code generally.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCallEvalSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutJITStubArg):
-        (JSC::JIT::emitPutJITStubArgConstant):
-        (JSC::JIT::emitGetJITStubArg):
-        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-
-2008-12-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix windows builds.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-
-2008-12-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Remove loop counter 'i' from the JIT generation passes, replace with a member m_bytecodeIndex.
-
-        No impact on performance.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlowScriptCheck):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::JmpTable::JmpTable):
-        (JSC::JIT::emitCTICall):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::emitGetVirtualRegisters):
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::emitCTICall_internal):
-        (JSC::JIT::emitJumpSlowCaseIfJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
-        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
-        (JSC::JIT::addSlowCase):
-        (JSC::JIT::addJump):
-        (JSC::JIT::emitJumpSlowToHot):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compilePutByIdSlowCase):
-
-2008-12-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        <rdar://problem/6428342> Look into feasibility of discarding bytecode after native codegen
-
-        Move more JIT functionality to using offsets into the Instruction buffer
-        instead of raw pointers. Two to go!
-
-        * interpreter/Interpreter.cpp:
-        (JSC::bytecodeOffsetForPC): Rename from vPCForPC.
-        (JSC::Interpreter::resolve): Pass offset to exception helper.
-        (JSC::Interpreter::resolveSkip): Ditto.
-        (JSC::Interpreter::resolveGlobal): Ditto.
-        (JSC::Interpreter::resolveBaseAndProperty): Ditto.
-        (JSC::Interpreter::resolveBaseAndFunc): Ditto.
-        (JSC::isNotObject): Ditto.
-        (JSC::Interpreter::unwindCallFrame): Call bytecodeOffsetForPC.
-        (JSC::Interpreter::throwException): Use offsets instead of vPCs.
-        (JSC::Interpreter::privateExecute): Pass offset to exception helper.
-        (JSC::Interpreter::retrieveLastCaller): Ditto.
-        (JSC::Interpreter::cti_op_instanceof): Ditto.
-        (JSC::Interpreter::cti_op_call_NotJSFunction): Ditto.
-        (JSC::Interpreter::cti_op_resolve): Pass offset to exception helper.
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct): Ditto.
-        (JSC::Interpreter::cti_op_resolve_func): Ditto.
-        (JSC::Interpreter::cti_op_resolve_skip): Ditto.
-        (JSC::Interpreter::cti_op_resolve_global): Ditto.
-        (JSC::Interpreter::cti_op_resolve_with_base): Ditto.
-        (JSC::Interpreter::cti_op_throw): Ditto.
-        (JSC::Interpreter::cti_op_in): Ditto.
-        (JSC::Interpreter::cti_vm_throw): Ditto.
-        * interpreter/Interpreter.h:
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass): Don't pass unnecessary vPC to stub.
-        * jit/JIT.h: Remove ARG_instr1 - ARG_instr3 and ARG_instr5 - ARG_instr6.
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallEvalSetupArgs): Don't pass unnecessary vPC to stub..
-        (JSC::JIT::compileOpConstructSetupArgs): Ditto.
-
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createUndefinedVariableError): Take an offset instead of vPC.
-        (JSC::createInvalidParamError): Ditto.
-        (JSC::createNotAConstructorError): Ditto.
-        (JSC::createNotAFunctionError): Ditto.
-        (JSC::createNotAnObjectError): Ditto.
-        * runtime/ExceptionHelpers.h:
-
-2008-12-12  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 22835: Crash during bytecode generation when comparing to null
-        <https://bugs.webkit.org/show_bug.cgi?id=22835>
-        <rdar://problem/6286749>
-
-        Change the special cases in bytecode generation for comparison to null
-        to use tempDestination().
-
-        * parser/Nodes.cpp:
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::EqualNode::emitBytecode):
-
-2008-12-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Move slow-cases of JIT code generation over to the MacroAssembler interface.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::Label::Label):
-        (JSC::MacroAssembler::jae32):
-        (JSC::MacroAssembler::jg32):
-        (JSC::MacroAssembler::jzPtr):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::emitGetVariableObjectRegister):
-        (JSC::JIT::emitPutVariableObjectRegister):
-        * jit/JIT.h:
-        (JSC::SlowCaseEntry::SlowCaseEntry):
-        (JSC::JIT::getSlowCase):
-        (JSC::JIT::linkSlowCase):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        (JSC::JIT::linkSlowCaseIfNotJSCell):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-
-2008-12-12  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 22828: Do not inspect bytecode instruction stream for op_get_by_id exception information
-        <https://bugs.webkit.org/show_bug.cgi?id=22828>
-
-        In order to remove the bytecode instruction stream after generating
-        native code, all inspection of bytecode instructions at runtime must
-        be removed. One particular instance of this is the special handling of
-        exceptions thrown by the op_get_by_id emitted directly before an
-        op_construct or an op_instanceof. This patch moves that information to
-        an auxiliary data structure in CodeBlock.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addGetByIdExceptionInfo):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitGetByIdExceptionInfo):
-        * parser/Nodes.cpp:
-        (JSC::InstanceOfNode::emitBytecode):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createNotAnObjectError):
-
-2008-12-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Change exception information accessors to take offsets into the bytecode
-        instruction buffer instead of pointers so that they can work even even
-        if the bytecode buffer is purged.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::instructionOffsetForNth):
-        (JSC::CodeBlock::handlerForBytecodeOffset):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createUndefinedVariableError):
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAFunctionError):
-        (JSC::createNotAnObjectError):
-
-2008-12-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Tiny bit of refactoring in quantifier generation.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-
-2008-12-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove dependancy on having the Instruction buffer in order to
-        deref Structures used for property access and global resolves.
-        Instead, we put references to the necessary Structures in auxiliary
-        data structures on the CodeBlock. This is not an ideal solution,
-        as we still pay for having the Structures in two places and we
-        would like to eventually just hold on to offsets into the machine
-        code buffer.
-
-        - Also removes CodeBlock bloat in non-JIT by #ifdefing the JIT
-          only data structures.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * bytecode/CodeBlock.cpp:
-        (JSC::isGlobalResolve):
-        (JSC::isPropertyAccess):
-        (JSC::instructionOffsetForNth):
-        (JSC::printGlobalResolveInfo):
-        (JSC::printStructureStubInfo):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::GlobalResolveInfo::GlobalResolveInfo):
-        (JSC::getNativePC):
-        (JSC::CodeBlock::instructions):
-        (JSC::CodeBlock::getStubInfo):
-        (JSC::CodeBlock::getBytecodeIndex):
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::numberOfStructureStubInfos):
-        (JSC::CodeBlock::addStructureStubInfo):
-        (JSC::CodeBlock::structureStubInfo):
-        (JSC::CodeBlock::addGlobalResolveInfo):
-        (JSC::CodeBlock::globalResolveInfo):
-        (JSC::CodeBlock::numberOfCallLinkInfos):
-        (JSC::CodeBlock::addCallLinkInfo):
-        (JSC::CodeBlock::callLinkInfo):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        * bytecode/Opcode.h:
-        (JSC::):
-        * bytecode/StructureStubInfo.cpp: Copied from bytecode/CodeBlock.cpp.
-        (JSC::StructureStubInfo::deref):
-        * bytecode/StructureStubInfo.h: Copied from bytecode/CodeBlock.h.
-        (JSC::StructureStubInfo::StructureStubInfo):
-        (JSC::StructureStubInfo::initGetByIdSelf):
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initGetByIdSelfList):
-        (JSC::StructureStubInfo::initGetByIdProtoList):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        (JSC::StructureStubInfo::initPutByIdReplace):
-        (JSC::StructureStubInfo::):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::emitCatch):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        (JSC::Interpreter::cti_op_resolve_global):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-
-2008-12-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Remove CTI_ARGUMENTS mode, use va_start implementation on Windows,
-        unifying JIT callback (cti_*) argument access on OS X & Windows
-
-        No performance impact.
-
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitCTICall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * wtf/Platform.h:
-
-2008-12-11  Holger Freyther  <zecke@selfish.org>
-
-        Reviewed by Simon Hausmann.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20953
-
-        For Qt it is not pratical to have a FontCache and GlyphPageTreeNode
-        implementation. This is one of the reasons why the Qt port is currently not
-        using WebCore/platform/graphics/Font.cpp. By allowing to not use
-        the simple/fast-path the Qt port will be able to use it.
-
-        Introduce USE(FONT_FAST_PATH) and define it for every port but the
-        Qt one.
-
-        * wtf/Platform.h: Enable USE(FONT_FAST_PATH)
-
-2008-12-11  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler and landed by Holger Freyther.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=22648>
-        Fix threading on Qt-port and Gtk-port for Sampling tool.
-
-        * wtf/ThreadingGtk.cpp:
-        (WTF::waitForThreadCompletion):
-        * wtf/ThreadingQt.cpp:
-        (WTF::waitForThreadCompletion):
-
-2008-12-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 22734: Debugger crashes when stepping into a function call in a return statement
-        <https://bugs.webkit.org/show_bug.cgi?id=22734>
-        <rdar://problem/6426796>
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): The DebuggerCallFrame uses
-        the 'this' value stored in a callFrame, so op_convert_this should be
-        emitted at the beginning of a function body when generating bytecode
-        with debug hooks.
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::thisObject): The assertion inherent in the call
-        to asObject() here is valid, because any 'this' value should have been
-        converted to a JSObject*.
-
-2008-12-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Port more of the JIT to use the MacroAssembler interface.
-        
-        Everything in the main pass, bar a few corner cases (operations with required
-        registers, or calling convention code).  Slightly refactors array creation,
-        moving the offset calculation into the callFrame into C code (reducing code
-        planted).
-
-        Overall this appears to be a 1% win on v8-tests, due to the smaller immediates
-        being planted (in jfalse in particular).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_new_array):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-
-2008-12-10  Sam Weinig  <sam@webkit.org>
-
-        Fix non-JIT builds.
-
-        * bytecode/CodeBlock.h:
-
-2008-12-10  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        <rdar://problem/6428332> Remove the CTI return address table from CodeBlock
-
-        Step 2:
-
-        Convert the return address table from a HashMap to a sorted Vector.  This
-        reduces the size of the data structure by ~4.5MB on Membuster head.
-
-        SunSpider reports a 0.5% progression.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::sizeInBytes): Generic method to get the cost of a Vector.
-        (JSC::CodeBlock::dumpStatistics): Add dumping of member sizes.
-        * bytecode/CodeBlock.h:
-        (JSC::PC::PC): Struct representing NativePC -> VirtualPC mappings.
-        (JSC::getNativePC): Helper for binary chop.
-        (JSC::CodeBlock::getBytecodeIndex): Used to get the VirtualPC from a
-        NativePC using a binary chop of the pcVector.
-        (JSC::CodeBlock::pcVector): Accessor.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::vPCForPC): Use getBytecodeIndex instead of jitReturnAddressVPCMap().get().
-        (JSC::Interpreter::cti_op_instanceof): Ditto.
-        (JSC::Interpreter::cti_op_resolve): Ditto.
-        (JSC::Interpreter::cti_op_resolve_func): Ditto.
-        (JSC::Interpreter::cti_op_resolve_skip): Ditto.
-        (JSC::Interpreter::cti_op_resolve_with_base): Ditto.
-        (JSC::Interpreter::cti_op_throw): Ditto.
-        (JSC::Interpreter::cti_op_in): Ditto.
-        (JSC::Interpreter::cti_vm_throw): Ditto.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile): Reserve exact capacity and fill the pcVector.
-
-2008-12-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Added WREC support for an assertion followed by a quantifier. Fixed
-        PCRE to match.
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::parseParentheses): Throw away the quantifier, since
-        it's meaningless. (Firefox does the same.)
-
-        * pcre/pcre_compile.cpp:
-        (compileBranch): ditto.
-
-2008-12-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        In preparation for compiling WREC without PCRE:
-        
-        Further relaxed WREC's parsing to be more web-compatible. Fixed PCRE to
-        match in cases where it didn't already.
-        
-        Changed JavaScriptCore to report syntax errors detected by WREC, rather
-        than falling back on PCRE any time WREC sees an error.
-        
-        * pcre/pcre_compile.cpp:
-        (checkEscape): Relaxed parsing of \c and \N escapes to be more
-        web-compatible.
-        
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp): Only fall back on PCRE if WREC has not reported
-        a syntax error.
-
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp): Fixed some error reporting to
-        match PCRE.
-
-        * wrec/WRECParser.cpp: Added error messages that match PCRE.
-
-        (JSC::WREC::Parser::consumeGreedyQuantifier):
-        (JSC::WREC::Parser::parseParentheses):
-        (JSC::WREC::Parser::parseCharacterClass):
-        (JSC::WREC::Parser::parseNonCharacterEscape): Updated the above functions to
-        use the new setError API.
-
-        (JSC::WREC::Parser::consumeEscape): Relaxed parsing of \c \N \u \x \B
-        to be more web-compatible.
-
-        (JSC::WREC::Parser::parseAlternative): Distinguish between a malformed
-        quantifier and a quantifier with no prefix, like PCRE does.
-
-        (JSC::WREC::Parser::consumeParenthesesType): Updated to use the new setError API.
-
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::error):
-        (JSC::WREC::Parser::syntaxError):
-        (JSC::WREC::Parser::parsePattern):
-        (JSC::WREC::Parser::reset):
-        (JSC::WREC::Parser::setError): Store error messages instead of error codes,
-        to provide for exception messages. Use a setter for reporting errors, so
-        errors detected early are not overwritten by errors detected later.
-
-2008-12-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Use va_args to access cti function arguments.
-        https://bugs.webkit.org/show_bug.cgi?id=22774
-
-        This may be a minor regression, but we'll take the hit if so to reduce fragility.
-
-        * interpreter/Interpreter.cpp:
-        * interpreter/Interpreter.h:
-
-2008-12-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed twice by Cameron Zwarich.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22752
-        Clear SymbolTable after codegen for Function codeblocks that
-        don't require an activation
-
-        This is a ~1.5MB improvement on Membuster-head.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpStatistics): Add logging of non-empty symbol tables
-        and total size used by symbol tables.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate): Clear the symbol table here.
-
-2008-12-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove unnecessary extra lookup when throwing an exception.
-        We used to first lookup the target offset using getHandlerForVPC
-        and then we would lookup the native code stub using 
-        nativeExceptionCodeForHandlerVPC.  Instead, we can just pass around
-        the HandlerInfo.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::handlerForVPC): Return the HandlerInfo.
-        * bytecode/CodeBlock.h: Remove nativeExceptionCodeForHandlerVPC.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException): Return a HandlerInfo instead of
-        and Instruction offset.
-        (JSC::Interpreter::privateExecute): Get the offset from HandlerInfo.
-        (JSC::Interpreter::cti_op_throw): Get the native code from the HandleInfo.
-        (JSC::Interpreter::cti_vm_throw): Ditto.
-        * interpreter/Interpreter.h:
-
-2008-12-09  Eric Seidel  <eric@webkit.org>
-
-        Build fix only, no review.
-
-        Speculative fix for the Chromium-Windows bot.
-        Add JavaScriptCore/os-win32 to the include path (for stdint.h)
-        Strangely it builds fine on my local windows box (or at least doesn't hit this error)
-
-        * JavaScriptCore.scons:
-
-2008-12-09  Eric Seidel  <eric@webkit.org>
-
-        No review, build fix only.
-        
-        Add ExecutableAllocator files missing from Scons build.
-
-        * JavaScriptCore.scons:
-
-2008-12-09  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Timothy Hatcher.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22631
-        Allow ScriptCallFrame query names of functions in the call stack.
-
-        * JavaScriptCore.exp: added InternalFunction::name and
-        UString operator==() as exported symbol
-
-2008-12-08  Judit Jasz  <jasy@inf.u-szeged.hu>
-
-        Reviewed and tweaked by Cameron Zwarich.
-
-        Bug 22352: Annotate opcodes with their length
-        <https://bugs.webkit.org/show_bug.cgi?id=22352>
-
-        * bytecode/Opcode.cpp:
-        * bytecode/Opcode.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-
-2008-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Implemented more of the relaxed and somewhat weird rules for deciding
-        how to interpret a non-pattern-character.
-        
-        * wrec/Escapes.h:
-        (JSC::WREC::Escape::):
-        (JSC::WREC::Escape::Escape): Eliminated Escape::None because it was
-        unused. If you see an '\\', it's either a valid escape or an error.
-
-        * wrec/Quantifier.h:
-        (JSC::WREC::Quantifier::Quantifier):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier): Renamed "noMaxSpecified"
-        to "Infinity", since that's what it means.
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::consumeGreedyQuantifier): Re-wrote {n,m} parsing rules
-        because they were too strict before. Added support for backtracking
-        in the case where the {n,m} fails to parse as a quantifier, and yet is
-        not a syntax error.
-
-        (JSC::WREC::Parser::parseCharacterClass):
-        (JSC::WREC::Parser::parseNonCharacterEscape): Eliminated Escape::None,
-        as above.
-
-        (JSC::WREC::Parser::consumeEscape): Don't treat ASCII and _ escapes
-        as syntax errors. See fast/regex/non-pattern-characters.html.
-        
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::SavedState::SavedState):
-        (JSC::WREC::Parser::SavedState::restore): Added a state backtracker,
-        since parsing {n,m} forms requires backtracking if the form turns out
-        not to be a quantifier.
-
-2008-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Refactored WREC parsing so that only one piece of code needs to know
-        the relaxed and somewhat weird rules for deciding how to interpret a
-        non-pattern-character, in preparation for implementing those rules.
-        
-        Also, implemented the relaxed and somewhat weird rules for '}' and ']'.
-
-        * wrec/WREC.cpp: Reduced the regular expression size limit. Now that
-        WREC handles ']' properly, it compiles fast/js/regexp-charclass-crash.html,
-        which makes it hang at the old limit. (The old limit was based on the
-        misimpression that the same value in PCRE limited the regular expression
-        pattern size; in reality, it limited the expected compiled regular
-        expression size. WREC doesn't have a way to calculate an expected
-        compiled regular expression size, but this should be good enough.)
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::parsePatternCharacterSequence): Nixed this function because
-        it contained a second copy of the logic for handling non-pattern-characters,
-        which is about to get a lot more complicated.
-
-        (JSC::WREC::PatternCharacterSequence::PatternCharacterSequence): 
-        (JSC::WREC::PatternCharacterSequence::size):
-        (JSC::WREC::PatternCharacterSequence::append):
-        (JSC::WREC::PatternCharacterSequence::flush): Helper object for generating
-        an optimized sequence of pattern characters.
-
-        (JSC::WREC::Parser::parseNonCharacterEscape): Renamed to reflect the fact
-        that the main parseAlternative loop handles character escapes.
-
-        (JSC::WREC::Parser::parseAlternative): Moved pattern character sequence
-        logic from parsePatternCharacterSequence to here, using
-        PatternCharacterSequence to help with the details.
-
-        * wrec/WRECParser.h: Updated for renames.
-
-2008-12-08  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/6166088> Give JSGlobalContextCreate a behavior that is concurrency aware,
-        and un-deprecate it
-
-        * API/JSContextRef.cpp: (JSGlobalContextCreate):
-        * API/JSContextRef.h:
-        Use a unique context group for the context, unless the application was linked against old
-        JavaScriptCore.
-
-2008-12-08  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for <rdar://problem/6428332> Remove the CTI return address table from CodeBlock
-
-        Step 1:
-
-        Remove use of jitReturnAddressVPCMap when looking for vPC to store Structures
-        in for cached lookup.  Instead, use the offset in the StructureStubInfo that is
-        already required.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpStatistics): Fix extraneous semicolon.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdSelf):
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdReplace):
-        (JSC::JIT::compilePutByIdTransition):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength): Remove extra call to getStubInfo.
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-
-2008-12-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Port the op_j?n?eq_null JIT code generation to use the MacroAssembler,
-        and clean up slightly at the same time.  The 'j' forms currently compare,
-        then set a register, then compare again, then branch.  Branch directly on
-        the result of the first compare.
-
-        Around a 1% progression on deltablue, crypto & early boyer, for about 1/2%
-        overall on v8-tests.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdSlowCase):
-
-2008-12-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Expand MacroAssembler to support more operations, required by the JIT.
-
-        Generally adds more operations and permutations of operands to the existing
-        interface.  Rename 'jset' to 'jnz' and 'jnset' to 'jz', which seem clearer,
-        and require that immediate pointer operands (though not pointer addresses to
-        load and store instructions) are wrapped in a ImmPtr() type, akin to Imm32().
-
-        No performance impact.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::):
-        (JSC::MacroAssembler::ImmPtr::ImmPtr):
-        (JSC::MacroAssembler::add32):
-        (JSC::MacroAssembler::and32):
-        (JSC::MacroAssembler::or32):
-        (JSC::MacroAssembler::sub32):
-        (JSC::MacroAssembler::xor32):
-        (JSC::MacroAssembler::loadPtr):
-        (JSC::MacroAssembler::load32):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::store32):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::testImm32):
-        (JSC::MacroAssembler::jae32):
-        (JSC::MacroAssembler::jb32):
-        (JSC::MacroAssembler::jePtr):
-        (JSC::MacroAssembler::je32):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jne32):
-        (JSC::MacroAssembler::jnzPtr):
-        (JSC::MacroAssembler::jnz32):
-        (JSC::MacroAssembler::jzPtr):
-        (JSC::MacroAssembler::jz32):
-        (JSC::MacroAssembler::joSub32):
-        (JSC::MacroAssembler::jump):
-        (JSC::MacroAssembler::sete32):
-        (JSC::MacroAssembler::setne32):
-        (JSC::MacroAssembler::setnz32):
-        (JSC::MacroAssembler::setz32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::addl_mr):
-        (JSC::X86Assembler::andl_i8r):
-        (JSC::X86Assembler::cmpl_rm):
-        (JSC::X86Assembler::cmpl_mr):
-        (JSC::X86Assembler::cmpl_i8m):
-        (JSC::X86Assembler::subl_mr):
-        (JSC::X86Assembler::testl_i32m):
-        (JSC::X86Assembler::xorl_i32r):
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::modRm_opmsib):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::emitPutCTIArgConstant):
-        (JSC::JIT::emitPutCTIParam):
-        (JSC::JIT::emitPutImmediateToCallFrameHeader):
-        (JSC::JIT::emitInitRegister):
-        (JSC::JIT::checkStructure):
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
-
-2008-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed a bug where WREC would allow a quantifier whose minimum was
-        greater than its maximum.
-        
-        * wrec/Quantifier.h:
-        (JSC::WREC::Quantifier::Quantifier): ASSERT that the quantifier is not
-        backwards.
-        
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::consumeGreedyQuantifier): Verify that the minimum
-        is not greater than the maximum.
-
-2008-12-08  Eric Seidel  <eric@webkit.org>
-        
-        Build fix only, no review.
-
-        * JavaScriptCore.scons: add bytecode/JumpTable.cpp
-
-2008-12-08  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=22716
-        <rdar://problem/6428315>
-        Add RareData structure to CodeBlock for infrequently used auxiliary data
-        members.
-
-        Reduces memory on Membuster-head by ~.5MB 
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::dumpStatistics):
-        (JSC::CodeBlock::mark):
-        (JSC::CodeBlock::getHandlerForVPC):
-        (JSC::CodeBlock::nativeExceptionCodeForHandlerVPC):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::numberOfExceptionHandlers):
-        (JSC::CodeBlock::addExceptionHandler):
-        (JSC::CodeBlock::exceptionHandler):
-        (JSC::CodeBlock::addFunction):
-        (JSC::CodeBlock::function):
-        (JSC::CodeBlock::addUnexpectedConstant):
-        (JSC::CodeBlock::unexpectedConstant):
-        (JSC::CodeBlock::addRegExp):
-        (JSC::CodeBlock::regexp):
-        (JSC::CodeBlock::numberOfImmediateSwitchJumpTables):
-        (JSC::CodeBlock::addImmediateSwitchJumpTable):
-        (JSC::CodeBlock::immediateSwitchJumpTable):
-        (JSC::CodeBlock::numberOfCharacterSwitchJumpTables):
-        (JSC::CodeBlock::addCharacterSwitchJumpTable):
-        (JSC::CodeBlock::characterSwitchJumpTable):
-        (JSC::CodeBlock::numberOfStringSwitchJumpTables):
-        (JSC::CodeBlock::addStringSwitchJumpTable):
-        (JSC::CodeBlock::stringSwitchJumpTable):
-        (JSC::CodeBlock::evalCodeCache):
-        (JSC::CodeBlock::createRareDataIfNecessary):
-
-2008-11-26  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Anders Carlsson.
-
-        https://bugs.webkit.org/show_bug.cgi?id=16814
-        Allow ports to disable ActiveX->NPAPI conversion for Media Player.
-        Improve handling of miscellaneous ActiveX objects.
-
-        * wtf/Platform.h: Add another ENABLE(...).
-
-2008-12-08  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Add dumping of CodeBlock member structure usage.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpStatistics):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::isEmpty):
-
-2008-12-08  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 22555: Sort "children" sections in Xcode project files
-
-        <https://bugs.webkit.org/show_bug.cgi?id=22555>
-
-        Reviewed by Eric Seidel.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Sorted.
-
-2008-12-08  Tony Chang  <tony@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Enable Pan scrolling only when building on PLATFORM(WIN_OS)
-        Previously platforms like Apple Windows WebKit, Cairo Windows WebKit,
-        Wx and Chromium were enabling it explicitly, now we just turn it on
-        for all WIN_OS, later platforms can turn it off as needed on Windows
-        (or turn it on under Linux, etc.)
-        https://bugs.webkit.org/show_bug.cgi?id=22698
-
-        * wtf/Platform.h:
-
-2008-12-08  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Add basic memory statistics dumping for CodeBlock.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpStatistics):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::~CodeBlock):
-        * bytecode/CodeBlock.h:
-
-2008-12-08  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Fix the Linux build with newer gcc/glibc.
-
-        * jit/ExecutableAllocatorPosix.cpp: Include unistd.h for
-        getpagesize(), according to
-        http://opengroup.org/onlinepubs/007908775/xsh/getpagesize.html
-
-2008-12-08  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Fix the build with Qt on Windows.
-
-        * JavaScriptCore.pri: Compile ExecutableAllocatorWin.cpp on Windows.
-
-2008-12-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Buildfix).
-
-        Fix non-WREC builds
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-
-2008-12-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Put ENABLE(ASSEMBLER) guards around use of ExecutableAllocator in global data
-
-        Correct Qt and Gtk project files
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * runtime/JSGlobalData.h:
-
-2008-12-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Add new files to other projects.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-
-2008-12-07  Oliver Hunt  <oliver@apple.com>
-
-        Rubber stamped by Mark Rowe.
-
-        Rename ExecutableAllocatorMMAP to the more sensible ExecutableAllocatorPosix
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorPosix.cpp: Renamed from JavaScriptCore/jit/ExecutableAllocatorMMAP.cpp.
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-
-2008-12-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich and Sam Weinig
-
-        <rdar://problem/6309878> Need more granular control over allocation of executable memory (21783)
-        <https://bugs.webkit.org/show_bug.cgi?id=21783>
-
-        Add a new allocator for use by the JIT that provides executable pages, so
-        we can get rid of the current hack that makes the entire heap executable.
-
-        1-2% progression on SunSpider-v8, 1% on SunSpider.  Reduces memory usage as well!
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::size):
-        (JSC::AssemblerBuffer::executableCopy):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::size):
-        (JSC::MacroAssembler::copyCode):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::size):
-        (JSC::X86Assembler::executableCopy):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::executablePool):
-        (JSC::CodeBlock::setExecutablePool):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::derefStructures):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::~Interpreter):
-        * interpreter/Interpreter.h:
-        * jit/ExecutableAllocator.cpp: Added.
-        * jit/ExecutableAllocator.h: Added.
-        (JSC::ExecutablePool::create):
-        (JSC::ExecutablePool::alloc):
-        (JSC::ExecutablePool::~ExecutablePool):
-        (JSC::ExecutablePool::available):
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::poolForSize):
-        (JSC::ExecutablePool::sizeForAllocation):
-        * jit/ExecutableAllocatorMMAP.cpp: Added.
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * jit/ExecutableAllocatorWin.cpp: Added.
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        * parser/Nodes.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::poolForSize):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        (JSC::RegExp::~RegExp):
-        * runtime/RegExp.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp):
-        * wrec/WRECGenerator.h:
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        * wtf/TCSystemAlloc.cpp:
-        (TryMmap):
-        (TryVirtualAlloc):
-        (TryDevMem):
-        (TCMalloc_SystemRelease):
-
-2008-12-06  Sam Weinig  <sam@webkit.org>
-
-        Fix the Gtk build.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-
-2008-12-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich,
-
-        Move CodeBlock constructor into the .cpp file.
-
-        Sunspider reports a .7% progression, but I can only assume this
-        is noise.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-
-2008-12-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Split JumpTable code into its own file.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * bytecode/CodeBlock.cpp:
-        * bytecode/CodeBlock.h:
-        * bytecode/JumpTable.cpp: Copied from bytecode/CodeBlock.cpp.
-        * bytecode/JumpTable.h: Copied from bytecode/CodeBlock.h.
-
-2008-12-05  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22715
-        Encapsulate more CodeBlock members in preparation
-        of moving some of them to a rare data structure.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::locationForOffset):
-        (JSC::printConditionalJump):
-        (JSC::printGetByIdOp):
-        (JSC::printPutByIdOp):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::unlinkCallers):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        (JSC::CodeBlock::mark):
-        (JSC::CodeBlock::getHandlerForVPC):
-        (JSC::CodeBlock::nativeExceptionCodeForHandlerVPC):
-        (JSC::CodeBlock::lineNumberForVPC):
-        (JSC::CodeBlock::expressionRangeForVPC):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::addCaller):
-        (JSC::CodeBlock::removeCaller):
-        (JSC::CodeBlock::isKnownNotImmediate):
-        (JSC::CodeBlock::isConstantRegisterIndex):
-        (JSC::CodeBlock::getConstant):
-        (JSC::CodeBlock::isTemporaryRegisterIndex):
-        (JSC::CodeBlock::getStubInfo):
-        (JSC::CodeBlock::getCallLinkInfo):
-        (JSC::CodeBlock::instructions):
-        (JSC::CodeBlock::setJITCode):
-        (JSC::CodeBlock::jitCode):
-        (JSC::CodeBlock::ownerNode):
-        (JSC::CodeBlock::setGlobalData):
-        (JSC::CodeBlock::setThisRegister):
-        (JSC::CodeBlock::thisRegister):
-        (JSC::CodeBlock::setNeedsFullScopeChain):
-        (JSC::CodeBlock::needsFullScopeChain):
-        (JSC::CodeBlock::setUsesEval):
-        (JSC::CodeBlock::usesEval):
-        (JSC::CodeBlock::setUsesArguments):
-        (JSC::CodeBlock::usesArguments):
-        (JSC::CodeBlock::codeType):
-        (JSC::CodeBlock::source):
-        (JSC::CodeBlock::sourceOffset):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::numberOfPropertyAccessInstructions):
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::propertyAccessInstruction):
-        (JSC::CodeBlock::numberOfCallLinkInfos):
-        (JSC::CodeBlock::addCallLinkInfo):
-        (JSC::CodeBlock::callLinkInfo):
-        (JSC::CodeBlock::numberOfJumpTargets):
-        (JSC::CodeBlock::addJumpTarget):
-        (JSC::CodeBlock::jumpTarget):
-        (JSC::CodeBlock::lastJumpTarget):
-        (JSC::CodeBlock::numberOfExceptionHandlers):
-        (JSC::CodeBlock::addExceptionHandler):
-        (JSC::CodeBlock::exceptionHandler):
-        (JSC::CodeBlock::addExpressionInfo):
-        (JSC::CodeBlock::numberOfLineInfos):
-        (JSC::CodeBlock::addLineInfo):
-        (JSC::CodeBlock::lastLineInfo):
-        (JSC::CodeBlock::jitReturnAddressVPCMap):
-        (JSC::CodeBlock::numberOfIdentifiers):
-        (JSC::CodeBlock::addIdentifier):
-        (JSC::CodeBlock::identifier):
-        (JSC::CodeBlock::numberOfConstantRegisters):
-        (JSC::CodeBlock::addConstantRegister):
-        (JSC::CodeBlock::constantRegister):
-        (JSC::CodeBlock::addFunction):
-        (JSC::CodeBlock::function):
-        (JSC::CodeBlock::addFunctionExpression):
-        (JSC::CodeBlock::functionExpression):
-        (JSC::CodeBlock::addUnexpectedConstant):
-        (JSC::CodeBlock::unexpectedConstant):
-        (JSC::CodeBlock::addRegExp):
-        (JSC::CodeBlock::regexp):
-        (JSC::CodeBlock::symbolTable):
-        (JSC::CodeBlock::evalCodeCache):
-        New inline setters/getters.
-
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::ProgramCodeBlock::~ProgramCodeBlock):
-        (JSC::ProgramCodeBlock::clearGlobalObject):
-        * bytecode/SamplingTool.cpp:
-        (JSC::ScopeSampleRecord::sample):
-        (JSC::SamplingTool::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/Label.h:
-        * interpreter/CallFrame.cpp:
-        * interpreter/Interpreter.cpp:
-        * jit/JIT.cpp:
-        * jit/JITCall.cpp:
-        * jit/JITInlineMethods.h:
-        * jit/JITPropertyAccess.cpp:
-        * parser/Nodes.cpp:
-        * runtime/Arguments.h:
-        * runtime/ExceptionHelpers.cpp:
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSGlobalObject.cpp:
-        Change direct access to use new getter/setters.
-
-2008-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Prevent GCC4.2 from hanging when trying to compile Interpreter.cpp.
-        Added "-fno-var-tracking" compiler flag.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22704
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Ordering of branch operands in MacroAssembler in unnecessarily  inconsistent.
-
-        je, jg etc take an immediate operand as the second argument, but for the
-        equality branches (je, jne) the immediate operand was the first argument.  This
-        was unnecessarily inconsistent.  Change je, jne methods to take the immediate
-        as the second argument.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22703
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::je32):
-        (JSC::MacroAssembler::jne32):
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-        (JSC::WREC::Generator::generatePatternCharacterPair):
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-
-2008-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Second tranche of porting JIT.cpp to MacroAssembler interface.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::mul32):
-        (JSC::MacroAssembler::jl32):
-        (JSC::MacroAssembler::jnzSub32):
-        (JSC::MacroAssembler::joAdd32):
-        (JSC::MacroAssembler::joMul32):
-        (JSC::MacroAssembler::jzSub32):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitSlowScriptCheck):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-
-2008-12-05  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 22609: Provide a build-time choice when generating hash tables for properties of built-in DOM objects
-
-        <https://bugs.webkit.org/show_bug.cgi?id=22609>
-        <rdar://problem/6331749>
-
-        Reviewed by Darin Adler.
-
-        Initial patch by Yosen Lin.  Adapted for ToT WebKit by David Kilzer.
-
-        Added back the code that generates a "compact" hash (instead of a
-        perfect hash) as a build-time option using the
-        ENABLE(PERFECT_HASH_SIZE) macro as defined in Lookup.h.
-
-        * create_hash_table: Rename variables to differentiate perfect hash
-        values from compact hash values.  Added back code to compute compact
-        hash tables.  Generate both hash table sizes and emit
-        conditionalized code based on ENABLE(PERFECT_HASH_SIZE).
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable): Added version of createTable() for
-        use with compact hash tables.
-        (JSC::HashTable::deleteTable): Updated to work with compact hash
-        tables.
-        * runtime/Lookup.h: Defined ENABLE(PERFECT_HASH_SIZE) macro here.
-        (JSC::HashEntry::initialize): Set m_next to zero when using compact
-        hash tables.
-        (JSC::HashEntry::setNext): Added for compact hash tables.
-        (JSC::HashEntry::next): Added for compact hash tables.
-        (JSC::HashTable::entry): Added version of entry() for use with
-        compact hash tables.
-        * runtime/Structure.cpp:
-        (JSC::Structure::getEnumerablePropertyNames): Updated to work with
-        compact hash tables.
-
-2008-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Remove redundant calls to JIT::emitSlowScriptCheck.
-        This is checked in the hot path, so is not needed on the slow path - and the code
-        was being planted before the start of the slow case, so was completely unreachable!
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-
-2008-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Move JIT::compileOpStrictEq to MacroAssembler interface.
-
-        The rewrite also looks like a small (<1%) performance progression.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22697
-
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfJSCell):
-
-2008-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Remove m_assembler from MacroAssembler::Jump.
-        Keeping a pointer allowed for some syntactic sugar - "link()" looks nicer
-        than "link(this)".  But maintaining this doubles the size of Jump, which
-        is even more unfortunate for the JIT, since there are many large structures
-        holding JmpSrcs.  Probably best to remove it.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22693
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::Jump::Jump):
-        (JSC::MacroAssembler::Jump::link):
-        (JSC::MacroAssembler::Jump::linkTo):
-        (JSC::MacroAssembler::JumpList::link):
-        (JSC::MacroAssembler::JumpList::linkTo):
-        (JSC::MacroAssembler::jae32):
-        (JSC::MacroAssembler::je32):
-        (JSC::MacroAssembler::je16):
-        (JSC::MacroAssembler::jg32):
-        (JSC::MacroAssembler::jge32):
-        (JSC::MacroAssembler::jl32):
-        (JSC::MacroAssembler::jle32):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jne32):
-        (JSC::MacroAssembler::jnset32):
-        (JSC::MacroAssembler::jset32):
-        (JSC::MacroAssembler::jump):
-        (JSC::MacroAssembler::jzSub32):
-        (JSC::MacroAssembler::joAdd32):
-        (JSC::MacroAssembler::call):
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateBackreferenceQuantifier):
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateCharacterClass):
-        (JSC::WREC::Generator::generateParenthesesAssertion):
-        (JSC::WREC::Generator::generateParenthesesInvertedAssertion):
-        (JSC::WREC::Generator::generateParenthesesNonGreedy):
-        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        (JSC::WREC::Generator::generateBackreference):
-        (JSC::WREC::Generator::terminateAlternative):
-        (JSC::WREC::Generator::terminateDisjunction):
-        * wrec/WRECParser.h:
-
-2008-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Simplify JIT generated checks for timeout code, by moving more work into the C function.
-        https://bugs.webkit.org/show_bug.cgi?id=22688
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_timeout_check):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::emitSlowScriptCheck):
-
-2008-12-05  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Encapsulate access to jump tables in the CodeBlock in preparation
-        of moving them to a rare data structure.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::numberOfImmediateSwitchJumpTables):
-        (JSC::CodeBlock::addImmediateSwitchJumpTable):
-        (JSC::CodeBlock::immediateSwitchJumpTable):
-        (JSC::CodeBlock::numberOfCharacterSwitchJumpTables):
-        (JSC::CodeBlock::addCharacterSwitchJumpTable):
-        (JSC::CodeBlock::characterSwitchJumpTable):
-        (JSC::CodeBlock::numberOfStringSwitchJumpTables):
-        (JSC::CodeBlock::addStringSwitchJumpTable):
-        (JSC::CodeBlock::stringSwitchJumpTable):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::endSwitch):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_op_switch_char):
-        (JSC::Interpreter::cti_op_switch_string):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2008-12-05  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r39020
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        Add some apparently-missing __.
-
-2008-12-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=22673
-        
-        Added support for the assertion (?=) and inverted assertion (?!) atoms
-        in WREC.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateParenthesesAssertion):
-        (JSC::WREC::Generator::generateParenthesesInvertedAssertion): Split the
-        old (unused) generateParentheses into these two functions, with more
-        limited capabilities.
-        
-        * wrec/WRECGenerator.h:
-        (JSC::WREC::Generator::): Moved an enum to the top of the class definition,
-        to match the WebKit style, and removed a defunct comment.
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::parseParentheses):
-        (JSC::WREC::Parser::consumeParenthesesType):
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::): Added support for parsing (?=) and (?!).
-
-2008-12-05  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Rubber-stamped by Tor Arne Vestbø.
-
-        Disable the JIT for the Qt build alltogether again, after observing
-        more miscompilations in a wider range of newer gcc versions.
-
-        * JavaScriptCore.pri:
-
-2008-12-05  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Disable the JIT for the Qt build on Linux unless gcc is >= 4.2,
-        due to miscompilations.
-
-        * JavaScriptCore.pri:
-
-2008-12-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Start porting the JIT to use the MacroAssembler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22671
-        No change in performance.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::Jump::operator X86Assembler::JmpSrc):
-        (JSC::MacroAssembler::add32):
-        (JSC::MacroAssembler::and32):
-        (JSC::MacroAssembler::lshift32):
-        (JSC::MacroAssembler::rshift32):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::store32):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::compareImm32ForBranchEquality):
-        (JSC::MacroAssembler::jnePtr):
-        (JSC::MacroAssembler::jnset32):
-        (JSC::MacroAssembler::jset32):
-        (JSC::MacroAssembler::jzeroSub32):
-        (JSC::MacroAssembler::joverAdd32):
-        (JSC::MacroAssembler::call):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::shll_i8r):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::emitPutCTIArg):
-        (JSC::JIT::emitPutCTIArgConstant):
-        (JSC::JIT::emitGetCTIArg):
-        (JSC::JIT::emitPutCTIArgFromVirtualRegister):
-        (JSC::JIT::emitPutCTIParam):
-        (JSC::JIT::emitGetCTIParam):
-        (JSC::JIT::emitPutToCallFrameHeader):
-        (JSC::JIT::emitPutImmediateToCallFrameHeader):
-        (JSC::JIT::emitGetFromCallFrameHeader):
-        (JSC::JIT::emitPutVirtualRegister):
-        (JSC::JIT::emitInitRegister):
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        (JSC::JIT::emitCTICall):
-        (JSC::JIT::checkStructure):
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
-        (JSC::JIT::emitFastArithDeTagImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
-        (JSC::JIT::emitFastArithImmToInt):
-        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
-        (JSC::JIT::emitFastArithIntToImmNoCheck):
-        (JSC::JIT::emitTagAsBoolImmediate):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2008-12-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Some refactoring for generateGreedyQuantifier.
-        
-        SunSpider reports no change (possibly a 0.3% speedup).
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateGreedyQuantifier): Clarified label
-        meanings and unified some logic to simplify things.
-
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::parseAlternative): Added a version of parseAlternative
-        that can jump to a Label, instead of a JumpList, upon failure. (Eventually,
-        when we have a true Label class, this will be redundant.) This makes
-        things easier for generateGreedyQuantifier, because it can avoid
-        explicitly linking things.
-
-2008-12-04  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Holger Freyther.
-
-        Fix crashes in the Qt build on Linux/i386 with non-executable memory
-        by enabling TCSystemAlloc and the PROT_EXEC flag for mmap.
-
-        * JavaScriptCore.pri: Enable the use of TCSystemAlloc if the JIT is
-        enabled.
-        * wtf/TCSystemAlloc.cpp: Extend the PROT_EXEC permissions to
-        PLATFORM(QT).
-
-2008-12-04  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Enable ENABLE_JIT_OPTIMIZE_CALL, ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
-        and ENABLE_JIT_OPTIMIZE_ARITHMETIC, as suggested by Niko.
-
-        * JavaScriptCore.pri: 
-
-2008-12-04  Kent Hansen  <khansen@trolltech.com>
-
-        Reviewed by Simon Hausmann.
-
-        Enable the JSC jit for the Qt build by default for release builds on
-        linux-g++ and win32-msvc.
-
-        * JavaScriptCore.pri:
-
-2008-12-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Allow JIT to function without property access repatching and arithmetic optimizations.
-        Controlled by ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS and ENABLE_JIT_OPTIMIZE_ARITHMETIC switches.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22643
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp: Copied from jit/JIT.cpp.
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        * jit/JITPropertyAccess.cpp: Copied from jit/JIT.cpp.
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutByIdHotPath):
-        (JSC::JIT::compilePutByIdSlowCase):
-        (JSC::resizePropertyStorage):
-        (JSC::transitionWillNeedStorageRealloc):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * wtf/Platform.h:
-
-2008-12-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Optimized sequences of characters in regular expressions by comparing
-        two characters at a time.
-        
-        1-2% speedup on SunSpider, 19-25% speedup on regexp-dna.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::load32):
-        (JSC::MacroAssembler::jge32): Filled out a few more macro methods.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movl_mr): Added a verion of movl_mr that operates
-        without an offset, to allow the macro assembler to optmize for that case.
-        
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp): Test the saved value of index
-        instead of the index register when checking for "end of input." The
-        index register doesn't increment by 1 in an orderly fashion, so testing
-        it for == "end of input" is not valid.
-        
-        Also, jump all the way to "return failure" upon reaching "end of input,"
-        instead of executing the next alternative. This is more logical, and
-        it's a slight optimization in the case of an expression with many alternatives.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateIncrementIndex): Added support for
-        jumping to a failure label in the case where the index has reached "end
-        of input."
-
-        (JSC::WREC::Generator::generatePatternCharacterSequence):
-        (JSC::WREC::Generator::generatePatternCharacterPair): This is the
-        optmization. It's basically like generatePatternCharacter, but it runs two
-        characters at a time.
-        
-        (JSC::WREC::Generator::generatePatternCharacter): Changed to use isASCII,
-        since it's clearer than comparing to a magic hex value.
-        
-        * wrec/WRECGenerator.h:
-
-2008-12-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Allow JIT to operate without the call-repatching optimization.
-        Controlled by ENABLE(JIT_OPTIMIZE_CALL), defaults on, disabling
-        this leads to significant performance regression.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22639
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITCall.cpp: Copied from jit/JIT.cpp.
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCallEvalSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        (JSC::unreachable):
-        * jit/JITInlineMethods.h: Copied from jit/JIT.cpp.
-        (JSC::JIT::checkStructure):
-        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
-        (JSC::JIT::emitTagAsBoolImmediate):
-        * wtf/Platform.h:
-
-2008-12-03  Eric Seidel  <eric@webkit.org>
-
-        Rubber-stamped by David Hyatt.
-
-        Make HAVE_ACCESSIBILITY only define if !defined
-
-        * wtf/Platform.h:
-
-2008-12-03  Sam Weinig  <sam@webkit.org>
-
-        Fix build.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::orl_i32r):
-
-2008-12-03  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove shared AssemblerBuffer 1MB buffer and instead give AssemblerBuffer
-        an 256 byte inline capacity.
-
-        1% progression on Sunspider.
-
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::AssemblerBuffer):
-        (JSC::AssemblerBuffer::~AssemblerBuffer):
-        (JSC::AssemblerBuffer::grow):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::MacroAssembler):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::X86Assembler):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        * parser/Nodes.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        * runtime/RegExp.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp):
-        * wrec/WRECGenerator.h:
-        (JSC::WREC::Generator::Generator):
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::Parser):
-
-2008-12-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt, with help from Gavin Barraclough.
-        
-        orl_i32r was actually coded as an 8bit OR. So, I renamed orl_i32r to
-        orl_i8r, changed all orl_i32r clients to use orl_i8r, and then added
-        a new orl_i32r that actually does a 32bit OR.
-        
-        (32bit OR is currently unused, but a patch I'm working on uses it.)
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::or32): Updated to choose between 8bit and 32bit OR.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::orl_i8r): The old orl_i32r.
-        (JSC::X86Assembler::orl_i32r): The new orl_i32r.
-        
-        * jit/JIT.cpp:
-        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
-        (JSC::JIT::emitTagAsBoolImmediate): Use orl_i8r, since we're ORing 8bit
-        values.
-
-2008-12-03  Dean Jackson  <dino@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Helper functions for turn -> degrees.
-        https://bugs.webkit.org/show_bug.cgi?id=22497
-
-        * wtf/MathExtras.h:
-        (turn2deg):
-        (deg2turn):
-
-2008-12-02  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 22504: Crashes during code generation occur due to refing of ignoredResult()
-        <https://bugs.webkit.org/show_bug.cgi?id=22504>
-
-        Since ignoredResult() was implemented by casting 1 to a RegisterID*, any
-        attempt to ref ignoredResult() results in a crash. This will occur in
-        code generation of a function body where a node emits another node with
-        the dst that was passed to it, and then refs the returned RegisterID*.
-
-        To fix this problem, make ignoredResult() a member function of
-        BytecodeGenerator that simply returns a pointe to a fixed RegisterID
-        member of BytecodeGenerator.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::ignoredResult):
-        * bytecompiler/RegisterID.h:
-        * parser/Nodes.cpp:
-        (JSC::NullNode::emitBytecode):
-        (JSC::BooleanNode::emitBytecode):
-        (JSC::NumberNode::emitBytecode):
-        (JSC::StringNode::emitBytecode):
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::ThisNode::emitBytecode):
-        (JSC::ResolveNode::emitBytecode):
-        (JSC::ObjectLiteralNode::emitBytecode):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PostfixBracketNode::emitBytecode):
-        (JSC::PostfixDotNode::emitBytecode):
-        (JSC::DeleteValueNode::emitBytecode):
-        (JSC::VoidNode::emitBytecode):
-        (JSC::TypeOfResolveNode::emitBytecode):
-        (JSC::TypeOfValueNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::CommaNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        (JSC::FuncDeclNode::emitBytecode):
-
-2008-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=22537
-        REGRESSION (r38745): Assertion failure in jsSubstring() at ge.com
-
-        The bug was that index would become greater than length, so our
-        "end of input" checks, which all check "index == length", would fail.
-        
-        The solution is to check for end of input before incrementing index,
-        to ensure that index is always <= length.
-        
-        As a side benefit, generateJumpIfEndOfInput can now use je instead of
-        jg, which should be slightly faster.
-
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateJumpIfEndOfInput):
-
-2008-12-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Plant shift right immediate instructions, which are awesome.
-        https://bugs.webkit.org/show_bug.cgi?id=22610
-        ~5% on the v8-crypto test.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-
-2008-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Cleaned up SegmentedVector by abstracting segment access into helper
-        functions.
-        
-        SunSpider reports no change.
-
-        * bytecompiler/SegmentedVector.h:
-        (JSC::SegmentedVector::SegmentedVector):
-        (JSC::SegmentedVector::~SegmentedVector):
-        (JSC::SegmentedVector::size):
-        (JSC::SegmentedVector::at):
-        (JSC::SegmentedVector::operator[]):
-        (JSC::SegmentedVector::last):
-        (JSC::SegmentedVector::append):
-        (JSC::SegmentedVector::removeLast):
-        (JSC::SegmentedVector::grow):
-        (JSC::SegmentedVector::clear):
-        (JSC::SegmentedVector::deleteAllSegments):
-        (JSC::SegmentedVector::segmentFor):
-        (JSC::SegmentedVector::subscriptFor):
-        (JSC::SegmentedVector::ensureSegmentsFor):
-        (JSC::SegmentedVector::ensureSegment):
-
-2008-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Geoffrey Garen. (Patch by Cameron Zwarich <zwarich@apple.com>.)
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=22482
-        REGRESSION (r37991): Occasionally see "Scene rendered incorrectly"
-        message when running the V8 Raytrace benchmark
-        
-        Rolled out r37991. It didn't properly save xmm0, which is caller-save,
-        before calling helper functions.
-        
-        SunSpider and v8 benchmarks show little change -- possibly a .2%
-        SunSpider regression, possibly a .2% v8 benchmark speedup.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Instruction.h:
-        (JSC::Instruction::):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitUnaryOp):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitToJSNumber):
-        (JSC::BytecodeGenerator::emitTypeOf):
-        (JSC::BytecodeGenerator::emitGetPropertyNames):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * parser/Nodes.cpp:
-        (JSC::UnaryOpNode::emitBytecode):
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::EqualNode::emitBytecode):
-        * parser/ResultType.h:
-        (JSC::ResultType::isReusable):
-        (JSC::ResultType::mightBeNumber):
-        * runtime/JSNumberCell.h:
-
-2008-12-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove unused (sampling only, and derivable) argument to JIT::emitCTICall.
-        https://bugs.webkit.org/show_bug.cgi?id=22587
-
-        * jit/JIT.cpp:
-        (JSC::JIT::emitCTICall):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::emitSlowScriptCheck):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-
-2008-12-02  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Eric Seidel.
-        
-        Fix the inheritance chain for JSFunction.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::info): Add InternalFunction::info as parent class
-
-2008-12-02  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Fix ability to include JavaScriptCore.pri from other .pro files.
-
-        * JavaScriptCore.pri: Moved -O3 setting into the .pro files.
-        * JavaScriptCore.pro:
-        * jsc.pro:
-
-2008-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich, with help from Gavin Barraclough.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=22583.
-
-        Refactored regular expression parsing to parse sequences of characters
-        as a single unit, in preparation for optimizing sequences of characters.
-        
-        SunSpider reports no change.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wrec/Escapes.h: Added. Set of classes for representing an escaped
-        token in a pattern.
-
-        * wrec/Quantifier.h:
-        (JSC::WREC::Quantifier::Quantifier): Simplified this constructor slightly,
-        to match the new Escape constructor.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generatePatternCharacterSequence):
-        * wrec/WRECGenerator.h: Added an interface for generating a sequence
-        of pattern characters at a time. It doesn't do anything special yet.
-
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::consumeGreedyQuantifier):
-        (JSC::WREC::Parser::consumeQuantifier): Renamed "parse" to "consume" in
-        these functions, to match "consumeEscape."
-
-        (JSC::WREC::Parser::parsePatternCharacterSequence): New function for
-        iteratively aggregating a sequence of characters in a pattern.
-
-        (JSC::WREC::Parser::parseCharacterClassQuantifier):
-        (JSC::WREC::Parser::parseBackreferenceQuantifier): Renamed "parse" to
-        "consume" in these functions, to match "consumeEscape."
-
-        (JSC::WREC::Parser::parseCharacterClass): Refactored to use the common
-        escape processing code in consumeEscape.
-
-        (JSC::WREC::Parser::parseEscape): Refactored to use the common
-        escape processing code in consumeEscape.
-
-        (JSC::WREC::Parser::consumeEscape): Factored escaped token processing
-        into a common function, since we were doing this in a few places.
-
-        (JSC::WREC::Parser::parseTerm): Refactored to use the common
-        escape processing code in consumeEscape.
-
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::consumeOctal): Refactored to use a helper function
-        for reading a digit.
-
-2008-12-01  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 20340: SegmentedVector segment allocations can lead to unsafe use of temporary registers
-        <https://bugs.webkit.org/show_bug.cgi?id=20340>
-
-        SegmentedVector currently frees segments and reallocates them when used
-        as a stack. This can lead to unsafe use of pointers into freed segments.
-
-        In order to fix this problem, SegmentedVector will be changed to only
-        grow and never shrink. Also, rename the reserveCapacity() member
-        function to grow() to match the actual usage in BytecodeGenerator, where
-        this function is used to allocate a group of registers at once, rather
-        than merely saving space for them.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Use grow() instead of 
-        reserveCapacity().
-        * bytecompiler/SegmentedVector.h:
-        (JSC::SegmentedVector::SegmentedVector):
-        (JSC::SegmentedVector::last):
-        (JSC::SegmentedVector::append):
-        (JSC::SegmentedVector::removeLast):
-        (JSC::SegmentedVector::grow): Renamed from reserveCapacity().
-        (JSC::SegmentedVector::clear):
-
-2008-12-01  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Anders Carlsson.
-
-        Disable WREC for x86_64 since memory allocated by the system allocator is not marked executable,
-        which causes 64-bit debug builds to crash.  Once we have a dedicated allocator for executable
-        memory we can turn this back on.
-
-        * wtf/Platform.h:
-
-2008-12-01  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Restore inline buffer after vector is shrunk back below its inline capacity.
-
-        * wtf/Vector.h:
-        (WTF::):
-        (WTF::VectorBuffer::restoreInlineBufferIfNeeded):
-        (WTF::::shrinkCapacity):
-
-2008-11-30  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        Try to return free pages in the current thread cache too.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::releaseFastMallocFreeMemory):
-
-2008-12-01  David Levin  <levin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22567
-        Make HashTable work as expected with respect to threads. Specifically, it has class-level
-        thread safety and constant methods work on constant objects without synchronization.
-        
-        No observable change in behavior, so no test. This only affects debug builds.
-
-        * wtf/HashTable.cpp:
-        (WTF::hashTableStatsMutex):
-        (WTF::HashTableStats::~HashTableStats):
-        (WTF::HashTableStats::recordCollisionAtCount):
-        Guarded variable access with a mutex.
-
-        * wtf/HashTable.h:
-        (WTF::::lookup):
-        (WTF::::lookupForWriting):
-        (WTF::::fullLookupForWriting):
-        (WTF::::add):
-        (WTF::::reinsert):
-        (WTF::::remove):
-        (WTF::::rehash):
-        Changed increments of static variables to use atomicIncrement.
-
-        (WTF::::invalidateIterators):
-        (WTF::addIterator):
-        (WTF::removeIterator):
-        Guarded mutable access with a mutex.
-
-2008-11-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Enable WREC on PLATFORM(X86_64).  This change predominantly requires changes to the
-        WREC::Generator::generateEnter method to support the x86-64 ABI, and addition of
-        support for a limited number of quadword operations in the X86Assembler.
-
-        This patch will cause the JS heap to be allocated with RWX permissions on 64-bit Mac
-        platforms.  This is a regression with respect to previous 64-bit behaviour, but is no
-        more permissive than on 32-bit builds.  This issue should be addressed at some point.
-        (This is tracked by bug #21783.)
-
-        https://bugs.webkit.org/show_bug.cgi?id=22554
-        Greater than 4x speedup on regexp-dna, on x86-64.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::loadPtr):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::pop):
-        (JSC::MacroAssembler::push):
-        (JSC::MacroAssembler::move):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::movq_rr):
-        (JSC::X86Assembler::addl_i8m):
-        (JSC::X86Assembler::addl_i32r):
-        (JSC::X86Assembler::addq_i8r):
-        (JSC::X86Assembler::addq_i32r):
-        (JSC::X86Assembler::movq_mr):
-        (JSC::X86Assembler::movq_rm):
-        * wrec/WREC.h:
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateReturnSuccess):
-        (JSC::WREC::Generator::generateReturnFailure):
-        * wtf/Platform.h:
-        * wtf/TCSystemAlloc.cpp:
-
-2008-12-01  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Preliminary work for bug 20340: SegmentedVector segment allocations can lead to unsafe use of temporary registers
-        <https://bugs.webkit.org/show_bug.cgi?id=20340>
-
-        SegmentedVector currently frees segments and reallocates them when used
-        as a stack. This can lead to unsafe use of pointers into freed segments.
-
-        In order to fix this problem, SegmentedVector will be changed to only
-        grow and never shrink, with the sole exception of clearing all of its
-        data, a capability that is required by Lexer. This patch changes the
-        public interface to only allow for these capabilities.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Use reserveCapacity()
-        instead of resize() for m_globals and m_parameters.
-        * bytecompiler/SegmentedVector.h:
-        (JSC::SegmentedVector::resize): Removed.
-        (JSC::SegmentedVector::reserveCapacity): Added.
-        (JSC::SegmentedVector::clear): Added.
-        (JSC::SegmentedVector::shrink): Removed.
-        (JSC::SegmentedVector::grow): Removed.
-        * parser/Lexer.cpp:
-        (JSC::Lexer::clear): Use clear() instead of resize(0).
-
-2008-11-30  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Renames jumps to m_jumps in JumpList.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::JumpList::link):
-        (JSC::MacroAssembler::JumpList::linkTo):
-        (JSC::MacroAssembler::JumpList::append):
-
-2008-11-30  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=22557
-        
-        Report free size in central and thread caches too.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::fastMallocStatistics):
-        * wtf/FastMalloc.h:
-
-2008-11-29  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Dan Bernstein.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=22557
-        Add statistics for JavaScript GC heap.
-
-        * JavaScriptCore.exp:
-        * runtime/Collector.cpp:
-        (JSC::Heap::objectCount):
-        (JSC::addToStatistics):
-        (JSC::Heap::statistics):
-        * runtime/Collector.h:
-
-2008-11-29  Antti Koivisto  <antti@apple.com>
-
-        Fix debug build by adding a stub method.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocStatistics):
-
-2008-11-29  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=22557
-        
-        Add function for getting basic statistics from FastMalloc.
-
-        * JavaScriptCore.exp:
-        * wtf/FastMalloc.cpp:
-        (WTF::DLL_Length):
-        (WTF::TCMalloc_PageHeap::ReturnedBytes):
-        (WTF::TCMallocStats::fastMallocStatistics):
-        * wtf/FastMalloc.h:
-
-2008-11-29  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        The C++ standard does not automatically grant the friendships of an
-        enclosing class to its nested subclasses, so we should do so explicitly.
-        This fixes the GCC 4.0 build, although both GCC 4.2 and Visual C++ 2005
-        accept the incorrect code as it is.
-
-        * assembler/MacroAssembler.h:
-
-2008-11-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Add the class MacroAssembler to provide some abstraction of code generation,
-        and change WREC to make use of this class, rather than directly accessing
-        the X86Assembler.
-
-        This patch also allows WREC to be compiled without the rest of the JIT enabled.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssembler.h: Added.
-        (JSC::MacroAssembler::):
-        (JSC::MacroAssembler::MacroAssembler):
-        (JSC::MacroAssembler::copyCode):
-        (JSC::MacroAssembler::Address::Address):
-        (JSC::MacroAssembler::ImplicitAddress::ImplicitAddress):
-        (JSC::MacroAssembler::BaseIndex::BaseIndex):
-        (JSC::MacroAssembler::Label::Label):
-        (JSC::MacroAssembler::Jump::Jump):
-        (JSC::MacroAssembler::Jump::link):
-        (JSC::MacroAssembler::Jump::linkTo):
-        (JSC::MacroAssembler::JumpList::link):
-        (JSC::MacroAssembler::JumpList::linkTo):
-        (JSC::MacroAssembler::JumpList::append):
-        (JSC::MacroAssembler::Imm32::Imm32):
-        (JSC::MacroAssembler::add32):
-        (JSC::MacroAssembler::or32):
-        (JSC::MacroAssembler::sub32):
-        (JSC::MacroAssembler::loadPtr):
-        (JSC::MacroAssembler::load32):
-        (JSC::MacroAssembler::load16):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::store32):
-        (JSC::MacroAssembler::pop):
-        (JSC::MacroAssembler::push):
-        (JSC::MacroAssembler::peek):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::compareImm32ForBranch):
-        (JSC::MacroAssembler::compareImm32ForBranchEquality):
-        (JSC::MacroAssembler::jae32):
-        (JSC::MacroAssembler::je32):
-        (JSC::MacroAssembler::je16):
-        (JSC::MacroAssembler::jg32):
-        (JSC::MacroAssembler::jge32):
-        (JSC::MacroAssembler::jl32):
-        (JSC::MacroAssembler::jle32):
-        (JSC::MacroAssembler::jne32):
-        (JSC::MacroAssembler::jump):
-        (JSC::MacroAssembler::breakpoint):
-        (JSC::MacroAssembler::ret):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::cmpw_rm):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::assemblerBuffer):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp):
-        * wrec/WREC.h:
-        * wrec/WRECFunctors.cpp:
-        (JSC::WREC::GeneratePatternCharacterFunctor::generateAtom):
-        (JSC::WREC::GenerateCharacterClassFunctor::generateAtom):
-        (JSC::WREC::GenerateBackreferenceFunctor::generateAtom):
-        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::generateAtom):
-        * wrec/WRECFunctors.h:
-        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateReturnSuccess):
-        (JSC::WREC::Generator::generateSaveIndex):
-        (JSC::WREC::Generator::generateIncrementIndex):
-        (JSC::WREC::Generator::generateLoadCharacter):
-        (JSC::WREC::Generator::generateJumpIfEndOfInput):
-        (JSC::WREC::Generator::generateJumpIfNotEndOfInput):
-        (JSC::WREC::Generator::generateReturnFailure):
-        (JSC::WREC::Generator::generateBacktrack1):
-        (JSC::WREC::Generator::generateBacktrackBackreference):
-        (JSC::WREC::Generator::generateBackreferenceQuantifier):
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateCharacterClass):
-        (JSC::WREC::Generator::generateParentheses):
-        (JSC::WREC::Generator::generateParenthesesNonGreedy):
-        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        (JSC::WREC::Generator::generateBackreference):
-        (JSC::WREC::Generator::terminateAlternative):
-        (JSC::WREC::Generator::terminateDisjunction):
-        * wrec/WRECGenerator.h:
-        (JSC::WREC::Generator::Generator):
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::parsePatternCharacterQualifier):
-        (JSC::WREC::Parser::parseCharacterClassQuantifier):
-        (JSC::WREC::Parser::parseBackreferenceQuantifier):
-        (JSC::WREC::Parser::parseParentheses):
-        (JSC::WREC::Parser::parseCharacterClass):
-        (JSC::WREC::Parser::parseOctalEscape):
-        (JSC::WREC::Parser::parseEscape):
-        (JSC::WREC::Parser::parseTerm):
-        (JSC::WREC::Parser::parseDisjunction):
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::Parser):
-        (JSC::WREC::Parser::parsePattern):
-        (JSC::WREC::Parser::parseAlternative):
-        * wtf/Platform.h:
-
-2008-11-28  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Fix compilation on Windows CE
-
-        Port away from the use of errno after calling strtol(), instead
-        detect conversion errors by checking the result and the stop
-        position.
-
-        * runtime/DateMath.cpp:
-        (JSC::parseLong):
-        (JSC::parseDate):
-
-2008-11-28  Joerg Bornemann  <joerg.bornemann@trolltech.com>
-
-        Reviewed by Simon Hausmann.
-
-        Implement lowResUTCTime() on Windows CE using GetSystemTime as _ftime() is not available.
-
-        * runtime/DateMath.cpp:
-        (JSC::lowResUTCTime):
-
-2008-11-28  Simon Hausmann  <hausmann@webkit.org>
-
-        Rubber-stamped by Tor Arne Vestbø.
-
-        Removed unnecessary inclusion of errno.h, which also fixes compilation on Windows CE.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-
-2008-11-27  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        r38825 made JSFunction::m_body private, but some inspector code in
-        WebCore sets the field. Add setters for it.
-
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::setBody):
-
-2008-11-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix FIXME by adding accessor for JSFunction's m_body property.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::cti_op_call_JSFunction):
-        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
-        (JSC::Interpreter::cti_vm_lazyLinkCall):
-        * profiler/Profiler.cpp:
-        (JSC::createCallIdentifierFromFunctionImp):
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-        (JSC::Arguments::Arguments):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::body):
-
-2008-11-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Remove unused member variables from ProgramNode.
-
-        * parser/Nodes.h:
-
-2008-11-27  Brent Fulgham  <bfulgham@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Enable mouse panning feaure on Windows Cairo build.
-        See http://bugs.webkit.org/show_bug.cgi?id=22525
-
-        * wtf/Platform.h: Enable mouse panning feaure on Windows Cairo build.
-
-2008-11-27  Alp Toker  <alp@nuanti.com>
-
-        Change recently introduced C++ comments in Platform.h to C comments to
-        fix the minidom build with traditional C.
-
-        Build GtkLauncher and minidom with the '-ansi' compiler flag to detect
-        API header breakage at build time.
-
-        * GNUmakefile.am:
-        * wtf/Platform.h:
-
-2008-11-27  Alp Toker  <alp@nuanti.com>
-
-        Remove C++ comment from JavaScriptCore API headers (introduced r35449).
-        Fixes build for ANSI C applications using the public API.
-
-        * API/WebKitAvailability.h:
-
-2008-11-26  Eric Seidel  <eric@webkit.org>
-
-        No review, build fix only.
-
-        Fix the JSC Chromium Mac build by adding JavaScriptCore/icu into the include path
-
-        * JavaScriptCore.scons:
-
-2008-11-25  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Remove the unused member function JSFunction::getParameterName().
-
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-
-2008-11-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Polymorpic caching for get by id chain.  Similar to the polymorphic caching already implemented
-        for self and proto accesses (implemented by allowing multiple trampolines to be JIT genertaed,
-        and linked together) - the get by id chain caching is implemented as a genericization of the
-        proto list caching, allowing cached access lists to contain a mix of proto and proto chain
-        accesses (since in JS style inheritance hierarchies you may commonly see a mix of properties
-        being overridden on the direct prototype, or higher up its prototype chain).
-
-        In order to allow this patch to compile there is a fix to appease gcc 4.2 compiler issues
-        (removing the jumps between fall-through cases in privateExecute).
-        
-        This patch also removes redundant immediate checking from the reptach code, and fixes a related
-        memory leak (failure to deallocate trampolines). 
-
-        ~2% progression on v8 tests (bulk on the win on deltablue)
-
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::):
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        (JSC::PolymorphicAccessStructureList::derefStructures):
-        * interpreter/Interpreter.cpp:
-        (JSC::countPrototypeChainEntriesAndCheckForProxies):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdChainList):
-
-2008-11-25  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Move the collect() call in Heap::heapAllocate() that is conditionally
-        compiled under COLLECT_ON_EVERY_ALLOCATION so that it is before we get
-        information about the heap. This was causing assertion failures for me
-        while I was reducing a bug.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::heapAllocate):
-
-2008-11-24  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 13790: Function declarations are not treated as statements (used to affect starcraft2.com)
-        <https://bugs.webkit.org/show_bug.cgi?id=13790>
-
-        Modify the parser to treat function declarations as statements,
-        simplifying the grammar in the process. Technically, according to the
-        grammar in the ECMA spec, function declarations are not statements and
-        can not be used everywhere that statements can, but it is not worth the
-        possibility compatibility issues just to stick to the spec in this case.
-
-        * parser/Grammar.y:
-        * parser/Nodes.cpp:
-        (JSC::FuncDeclNode::emitBytecode): Avoid returning ignoredResult()
-        as a result, because it causes a crash in DoWhileNode::emitBytecode().
-
-2008-11-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Unroll the regexp matching loop by 1. 10% speedup on simple matching
-        stress test. No change on SunSpider.
-        
-        (I decided not to unroll to arbitrary levels because the returns diminsh
-        quickly.)
-
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateJumpIfEndOfInput):
-        (JSC::WREC::Generator::generateJumpIfNotEndOfInput):
-        * wrec/WRECGenerator.h:
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::error):
-        (JSC::WREC::Parser::parsePattern):
-
-2008-11-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Removed some unnecessary "Generator::" prefixes.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateReturnSuccess):
-        (JSC::WREC::Generator::generateSaveIndex):
-        (JSC::WREC::Generator::generateIncrementIndex):
-        (JSC::WREC::Generator::generateLoopIfNotEndOfInput):
-        (JSC::WREC::Generator::generateReturnFailure):
-
-2008-11-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Made a bunch of WREC::Parser functions private, and added an explicit
-        "reset()" function, so a parser can be reused.
-
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::Parser):
-        (JSC::WREC::Parser::generator):
-        (JSC::WREC::Parser::ignoreCase):
-        (JSC::WREC::Parser::multiline):
-        (JSC::WREC::Parser::recordSubpattern):
-        (JSC::WREC::Parser::numSubpatterns):
-        (JSC::WREC::Parser::parsePattern):
-        (JSC::WREC::Parser::parseAlternative):
-        (JSC::WREC::Parser::reset):
-
-2008-11-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Implement repatching for get by id chain.
-        Previously the access is performed in a function stub, in the repatch form
-        the trampoline is not called to; instead the hot path is relinked to jump
-        directly to the trampoline, if it fails it will jump to the slow case.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22449
-        3% progression on deltablue.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2008-11-24  Joerg Bornemann  <joerg.bornemann@trolltech.com>
-
-        Reviewed by Simon Hausmann.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20746
-
-        Various small compilation fixes to make the Qt port of WebKit
-        compile on Windows CE.
-
-        * config.h: Don't set _CRT_RAND_S for CE, it's not available.
-        * jsc.cpp: Disabled use of debugger includes for CE. It
-          does not have the debugging functions.
-        * runtime/DateMath.cpp: Use localtime() on Windows CE.
-        * wtf/Assertions.cpp: Compile on Windows CE without debugger.
-        * wtf/Assertions.h: Include windows.h before defining ASSERT.
-        * wtf/MathExtras.h: Include stdlib.h instead of xmath.h.
-        * wtf/Platform.h: Disable ERRNO_H and detect endianess based
-          on the Qt endianess. On Qt for Windows CE the endianess is
-          defined by the vendor specific build spec.
-        * wtf/Threading.h: Use the volatile-less atomic functions.
-        * wtf/dtoa.cpp: Compile without errno.
-        * wtf/win/MainThreadWin.cpp: Don't include windows.h on CE after
-        Assertions.h due to the redefinition of ASSERT.
-
-2008-11-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Replace accidentally deleted immediate check from get by id chain trampoline.
-        https://bugs.webkit.org/show_bug.cgi?id=22413
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2008-11-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add (really) polymorphic caching for get by id self.
-        Very similar to caching of prototype accesses, described below.
-
-        Oh, also, probably shouldn't have been leaking those structure list objects.
-        
-        4% preogression on deltablue.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::PrototypeStructureList::derefStructures):
-        * bytecode/Instruction.h:
-        * bytecode/Opcode.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::patchGetByIdSelf):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdSelfList):
-
-2008-11-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed many crashes seen 'round the world (but only in release builds).
-        
-        Update outputParameter offset to reflect slight re-ordering of push
-        instructions in r38669.
-
-        * wrec/WRECGenerator.cpp:
-
-2008-11-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        A little more RegExp refactoring.
-        
-        Deployed a helper function for reading the next character. Used the "link
-        vector of jumps" helper in a place I missed before.
-
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateLoadCharacter):
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClass):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        * wrec/WRECGenerator.h:
-
-2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Dan Bernstein.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22402
-        Replace abort() with CRASH()
-
-        * wtf/Assertions.h: Added a different method to crash, which should work even is 0xbbadbeef
-        is a valid memory address.
-
-        * runtime/Collector.cpp:
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        * wtf/TCSpinLock.h:
-        Replace abort() with CRASH().
-
-2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reverted fix for bug 22042 (Replace abort() with CRASH()), because it was breaking
-        FOR_EACH_OPCODE_ID macro somehow, making Safari crash.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::heapAllocate):
-        (JSC::Heap::collect):
-        * wtf/Assertions.h:
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMalloc):
-        (WTF::fastCalloc):
-        (WTF::fastRealloc):
-        (WTF::InitSizeClasses):
-        (WTF::PageHeapAllocator::New):
-        (WTF::TCMallocStats::do_malloc):
-        * wtf/FastMalloc.h:
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Init):
-        (TCMalloc_SpinLock::Finalize):
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-
-2008-11-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        A little more RegExp refactoring.
-        
-        Moved all assembly from WREC.cpp into WRECGenerator helper functions.
-        This should help with portability and readability.
-        
-        Removed ASSERTs after calls to executableCopy(), and changed
-        executableCopy() to ASSERT instead.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateReturnSuccess):
-        (JSC::WREC::Generator::generateSaveIndex):
-        (JSC::WREC::Generator::generateIncrementIndex):
-        (JSC::WREC::Generator::generateLoopIfNotEndOfInput):
-        (JSC::WREC::Generator::generateReturnFailure):
-        * wrec/WRECGenerator.h:
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::ignoreCase):
-        (JSC::WREC::Parser::generator):
-
-2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Build fix.
-
-        * wtf/Assertions.h: Use ::abort for C++ code.
-
-2008-11-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22402
-        Replace abort() with CRASH()
-
-        * wtf/Assertions.h: Added abort() after an attempt to crash for extra safety.
-
-        * runtime/Collector.cpp:
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        * wtf/TCSpinLock.h:
-        Replace abort() with CRASH().
-
-2008-11-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed wrec => generator.
-
-        * wrec/WRECFunctors.cpp:
-        (JSC::WREC::GeneratePatternCharacterFunctor::generateAtom):
-        (JSC::WREC::GeneratePatternCharacterFunctor::backtrack):
-        (JSC::WREC::GenerateCharacterClassFunctor::generateAtom):
-        (JSC::WREC::GenerateCharacterClassFunctor::backtrack):
-        (JSC::WREC::GenerateBackreferenceFunctor::generateAtom):
-        (JSC::WREC::GenerateBackreferenceFunctor::backtrack):
-        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::generateAtom):
-
-2008-11-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Add support for (really) polymorphic caching of prototype accesses.
-        
-        If a cached prototype access misses, cti_op_get_by_id_proto_list is called.
-        When this occurs the Structure pointers from the instruction stream are copied
-        off into a new ProtoStubInfo object.  A second prototype access trampoline is
-        generated, and chained onto the first.  Subsequent missed call to
-        cti_op_get_by_id_proto_list_append, which append futher new trampolines, up to
-        PROTOTYPE_LIST_CACHE_SIZE (currently 4).  If any of the misses result in an
-        access other than to a direct prototype property, list formation is halted (or
-        for the initial miss, does not take place at all).
-
-        Separate fail case functions are provided for each access since this contributes
-        to the performance progression (enables better processor branch prediction).
-
-        Overall this is a near 5% progression on v8, with around 10% wins on richards
-        and deltablue.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        * bytecode/Instruction.h:
-        (JSC::ProtoStructureList::ProtoStubInfo::set):
-        (JSC::ProtoStructureList::ProtoStructureList):
-        (JSC::Instruction::Instruction):
-        (JSC::Instruction::):
-        * bytecode/Opcode.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_put_by_id_fail):
-        (JSC::Interpreter::cti_op_get_by_id_self_fail):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list_append):
-        (JSC::Interpreter::cti_op_get_by_id_proto_list_full):
-        (JSC::Interpreter::cti_op_get_by_id_proto_fail):
-        (JSC::Interpreter::cti_op_get_by_id_chain_fail):
-        (JSC::Interpreter::cti_op_get_by_id_array_fail):
-        (JSC::Interpreter::cti_op_get_by_id_string_fail):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProtoList):
-
-2008-11-20  Sam Weinig  <sam@webkit.org>
-
-        Try and fix the tiger build.
-
-        * parser/Grammar.y:
-
-2008-11-20  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Make JavaScriptCore Chromium build under Windows (cmd only, cygwin almost works)
-        https://bugs.webkit.org/show_bug.cgi?id=22347
-
-        * JavaScriptCore.scons:
-        * parser/Parser.cpp: Add using std::auto_ptr since we use auto_ptr
-
-2008-11-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix build.
-        
-        Reviewed by Sam Weinig.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::reparse):
-
-2008-11-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A little more RegExp refactoring.
-        
-        Created a helper function in the assembler for linking a vector of
-        JmpSrc to a location, and deployed it in a bunch of places.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::link):
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateParentheses):
-        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        (JSC::WREC::Generator::terminateAlternative):
-        (JSC::WREC::Generator::terminateDisjunction):
-        * wrec/WRECParser.cpp:
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::consumeHex):
-
-2008-11-20  Sam Weinig  <sam@webkit.org>
-
-        Fix non-mac builds.
-
-        * parser/Lexer.cpp:
-        * parser/Parser.cpp:
-
-2008-11-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=22385
-        <rdar://problem/6390179>
-        Lazily reparse FunctionBodyNodes on first execution.
-
-        - Saves 57MB on Membuster head.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate): Remove vector shrinking since this is now
-        handled by destroying the ScopeNodeData after generation.
-
-        * parser/Grammar.y: Add alternate NoNode version of the grammar
-        that does not create nodes.  This is used to lazily create FunctionBodyNodes
-        on first execution.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode): Fix bug where on reparse, the Lexer was confused about
-        what position and length meant. Position is the current position in the original
-        data buffer (important for getting correct line/column information) and length
-        the end offset in the original buffer.
-        * parser/Lexer.h:
-        (JSC::Lexer::sourceCode): Positions are relative to the beginning of the buffer.
-
-        * parser/Nodes.cpp:
-        (JSC::ScopeNodeData::ScopeNodeData): Move initialization of ScopeNode data here.
-        (JSC::ScopeNode::ScopeNode): Add constructor that only sets the JSGlobalData
-        for FunctionBodyNode stubs.
-        (JSC::ScopeNode::~ScopeNode): Release m_children now that we don't inherit from
-        BlockNode.
-        (JSC::ScopeNode::releaseNodes): Ditto.
-        (JSC::EvalNode::generateBytecode): Only shrink m_children, as we need to keep around
-        the rest of the data.
-        (JSC::FunctionBodyNode::FunctionBodyNode): Add constructor that only sets the
-        JSGlobalData. 
-        (JSC::FunctionBodyNode::create): Ditto.
-        (JSC::FunctionBodyNode::generateBytecode): If we don't have the data, do a reparse
-        to construct it. Then after generation, destroy the data.
-        (JSC::ProgramNode::generateBytecode): After generation, destroy the AST data.
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::): Add isFuncExprNode for FunctionConstructor.
-        (JSC::StatementNode::): Add isExprStatementNode for FunctionConstructor.
-        (JSC::ExprStatementNode::): Ditto.
-        (JSC::ExprStatementNode::expr): Add accessor for FunctionConstructor.
-        (JSC::FuncExprNode::): Add isFuncExprNode for FunctionConstructor
-
-        (JSC::ScopeNode::adoptData): Adopts a ScopeNodeData.
-        (JSC::ScopeNode::data): Accessor for ScopeNodeData.
-        (JSC::ScopeNode::destroyData): Deletes the ScopeNodeData.
-        (JSC::ScopeNode::setFeatures): Added.
-        (JSC::ScopeNode::varStack): Added assert.
-        (JSC::ScopeNode::functionStack): Ditto.
-        (JSC::ScopeNode::children): Ditto.
-        (JSC::ScopeNode::neededConstants): Ditto.
-        Factor m_varStack, m_functionStack, m_children and m_numConstants into ScopeNodeData.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::reparse): Reparse the SourceCode in the FunctionBodyNode and set
-        set up the ScopeNodeData for it. 
-        * parser/Parser.h:
-
-        * parser/SourceCode.h:
-        (JSC::SourceCode::endOffset): Added for use in the lexer.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::getFunctionBody): Assuming a ProgramNode with one FunctionExpression in it,
-        get the FunctionBodyNode.  Any issues signifies a parse failure in constructFunction. 
-        (JSC::constructFunction): Make parsing functions in the form new Function(""), easier
-        by concatenating the strings together (with some glue) and parsing the function expression
-        as a ProgramNode from which we can receive the FunctionBodyNode. This has the added benefit
-        of not having special parsing code for the arguments and lazily constructing the 
-        FunctionBodyNode's AST on first execution.
-
-        * runtime/Identifier.h:
-        (JSC::operator!=): Added.
-
-2008-11-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Speedup the lexer to offset coming re-parsing patch.
-
-        - .6% progression on Sunspider.
-
-        * bytecompiler/SegmentedVector.h:
-        (JSC::SegmentedVector::shrink): Fixed bug where m_size would not be
-        set when shrinking to 0.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::Lexer):
-        (JSC::Lexer::isIdentStart): Use isASCIIAlpha and isASCII to avoid going into ICU in the common cases.
-        (JSC::Lexer::isIdentPart): Use isASCIIAlphanumeric and isASCII to avoid going into ICU in the common cases
-        (JSC::isDecimalDigit): Use version in ASCIICType.h. Inlining it was a regression.
-        (JSC::Lexer::isHexDigit): Ditto.
-        (JSC::Lexer::isOctalDigit): Ditto.
-        (JSC::Lexer::clear): Resize the m_identifiers SegmentedVector to initial
-        capacity
-        * parser/Lexer.h: Remove unused m_strings vector. Make m_identifiers
-        a SegmentedVector<Identifier> to avoid allocating a new Identifier* for
-        each identifier found.  The SegmentedVector is need so we can passes 
-        references to the Identifier to the parser, which remain valid even when
-        the vector is resized.
-        (JSC::Lexer::makeIdentifier): Inline and return a reference to the added
-        Identifier.
-
-2008-11-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add isASCII to ASCIICType.  Use coming soon!
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCII):
-
-2008-11-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add OwnPtr constructor and OwnPtr::adopt that take an auto_ptr.
-
-        * wtf/OwnPtr.h:
-        (WTF::OwnPtr::OwnPtr):
-        (WTF::OwnPtr::adopt):
-
-2008-11-20  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22364
-        Crashes seen on Tiger buildbots due to worker threads exhausting pthread keys
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::makeUsableFromMultipleThreads):
-        (JSC::Heap::registerThread):
-        * runtime/Collector.h:
-        Pthread key for tracking threads is only created on request now, because this is a limited
-        resource, and thread tracking is not needed for worker heaps, or for WebCore heap.
-
-        * API/JSContextRef.cpp: (JSGlobalContextCreateInGroup): Call makeUsableFromMultipleThreads().
-
-        * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::sharedInstance): Ditto.
-
-        * runtime/JSGlobalData.h: (JSC::JSGlobalData::makeUsableFromMultipleThreads): Just forward
-        the call to Heap, which clients need not know about, ideally.
-
-2008-11-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        A little more WREC refactoring.
-        
-        Removed the "Register" suffix from register names in WREC, and renamed:
-            currentPosition => index
-            currentValue => character
-            quantifierCount => repeatCount
-            
-        Added a top-level parsePattern function to the WREC parser, which
-        allowed me to remove the error() and atEndOfPattern() accessors.
-        
-        Factored out an MSVC customization into a constant.
-        
-        Renamed nextLabel => beginPattern.
-
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateBacktrack1):
-        (JSC::WREC::Generator::generateBacktrackBackreference):
-        (JSC::WREC::Generator::generateBackreferenceQuantifier):
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateCharacterClass):
-        (JSC::WREC::Generator::generateParentheses):
-        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        (JSC::WREC::Generator::generateBackreference):
-        (JSC::WREC::Generator::generateDisjunction):
-        (JSC::WREC::Generator::terminateDisjunction):
-        * wrec/WRECGenerator.h:
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::parsePattern):
-
-2008-11-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=22361
-        A little more RegExp refactoring.
-        
-        Consistently named variables holding the starting position at which
-        regexp matching should begin to "startOffset".
-        
-        A few more "regExpObject" => "regExpConstructor" changes.
-        
-        Refactored RegExpObject::match for clarity, and replaced a slow "get"
-        of the "global" property with a fast access to the global bit.
-        
-        Made the error message you see when RegExpObject::match has no input a
-        little more informative, as in Firefox.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-
-2008-11-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        A little more refactoring.
-        
-        Removed the "emit" and "emitUnlinked" prefixes from the assembler.
-        
-        Moved the JmpSrc and JmpDst class definitions to the top of the X86
-        assembler class, in accordance with WebKit style guidelines.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::JmpSrc::JmpSrc):
-        (JSC::X86Assembler::JmpDst::JmpDst):
-        (JSC::X86Assembler::int3):
-        (JSC::X86Assembler::pushl_m):
-        (JSC::X86Assembler::popl_m):
-        (JSC::X86Assembler::movl_rr):
-        (JSC::X86Assembler::addl_rr):
-        (JSC::X86Assembler::addl_i8r):
-        (JSC::X86Assembler::addl_i8m):
-        (JSC::X86Assembler::addl_i32r):
-        (JSC::X86Assembler::addl_mr):
-        (JSC::X86Assembler::andl_rr):
-        (JSC::X86Assembler::andl_i32r):
-        (JSC::X86Assembler::cmpl_i8r):
-        (JSC::X86Assembler::cmpl_rr):
-        (JSC::X86Assembler::cmpl_rm):
-        (JSC::X86Assembler::cmpl_mr):
-        (JSC::X86Assembler::cmpl_i32r):
-        (JSC::X86Assembler::cmpl_i32m):
-        (JSC::X86Assembler::cmpl_i8m):
-        (JSC::X86Assembler::cmpw_rm):
-        (JSC::X86Assembler::orl_rr):
-        (JSC::X86Assembler::orl_mr):
-        (JSC::X86Assembler::orl_i32r):
-        (JSC::X86Assembler::subl_rr):
-        (JSC::X86Assembler::subl_i8r):
-        (JSC::X86Assembler::subl_i8m):
-        (JSC::X86Assembler::subl_i32r):
-        (JSC::X86Assembler::subl_mr):
-        (JSC::X86Assembler::testl_i32r):
-        (JSC::X86Assembler::testl_i32m):
-        (JSC::X86Assembler::testl_rr):
-        (JSC::X86Assembler::xorl_i8r):
-        (JSC::X86Assembler::xorl_rr):
-        (JSC::X86Assembler::sarl_i8r):
-        (JSC::X86Assembler::sarl_CLr):
-        (JSC::X86Assembler::shl_i8r):
-        (JSC::X86Assembler::shll_CLr):
-        (JSC::X86Assembler::imull_rr):
-        (JSC::X86Assembler::imull_i32r):
-        (JSC::X86Assembler::idivl_r):
-        (JSC::X86Assembler::negl_r):
-        (JSC::X86Assembler::movl_mr):
-        (JSC::X86Assembler::movzbl_rr):
-        (JSC::X86Assembler::movzwl_mr):
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::movl_i32r):
-        (JSC::X86Assembler::movl_i32m):
-        (JSC::X86Assembler::leal_mr):
-        (JSC::X86Assembler::jmp_r):
-        (JSC::X86Assembler::jmp_m):
-        (JSC::X86Assembler::movsd_mr):
-        (JSC::X86Assembler::xorpd_mr):
-        (JSC::X86Assembler::movsd_rm):
-        (JSC::X86Assembler::movd_rr):
-        (JSC::X86Assembler::cvtsi2sd_rr):
-        (JSC::X86Assembler::cvttsd2si_rr):
-        (JSC::X86Assembler::addsd_mr):
-        (JSC::X86Assembler::subsd_mr):
-        (JSC::X86Assembler::mulsd_mr):
-        (JSC::X86Assembler::addsd_rr):
-        (JSC::X86Assembler::subsd_rr):
-        (JSC::X86Assembler::mulsd_rr):
-        (JSC::X86Assembler::ucomis_rr):
-        (JSC::X86Assembler::pextrw_irr):
-        (JSC::X86Assembler::call):
-        (JSC::X86Assembler::jmp):
-        (JSC::X86Assembler::jne):
-        (JSC::X86Assembler::jnz):
-        (JSC::X86Assembler::je):
-        (JSC::X86Assembler::jl):
-        (JSC::X86Assembler::jb):
-        (JSC::X86Assembler::jle):
-        (JSC::X86Assembler::jbe):
-        (JSC::X86Assembler::jge):
-        (JSC::X86Assembler::jg):
-        (JSC::X86Assembler::ja):
-        (JSC::X86Assembler::jae):
-        (JSC::X86Assembler::jo):
-        (JSC::X86Assembler::jp):
-        (JSC::X86Assembler::js):
-        (JSC::X86Assembler::predictNotTaken):
-        (JSC::X86Assembler::convertToFastCall):
-        (JSC::X86Assembler::restoreArgumentReference):
-        (JSC::X86Assembler::restoreArgumentReferenceForTrampoline):
-        (JSC::X86Assembler::modRm_rr):
-        (JSC::X86Assembler::modRm_rr_Unchecked):
-        (JSC::X86Assembler::modRm_rm):
-        (JSC::X86Assembler::modRm_rm_Unchecked):
-        (JSC::X86Assembler::modRm_rmsib):
-        (JSC::X86Assembler::modRm_opr):
-        (JSC::X86Assembler::modRm_opr_Unchecked):
-        (JSC::X86Assembler::modRm_opm):
-        (JSC::X86Assembler::modRm_opm_Unchecked):
-        (JSC::X86Assembler::modRm_opmsib):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::emitNakedFastCall):
-        (JSC::JIT::emitCTICall):
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
-        (JSC::JIT::emitArithIntToImmWithJump):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlowScriptCheck):
-        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateBackreferenceQuantifier):
-        (JSC::WREC::Generator::generateNonGreedyQuantifier):
-        (JSC::WREC::Generator::generateGreedyQuantifier):
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateCharacterClass):
-        (JSC::WREC::Generator::generateParentheses):
-        (JSC::WREC::Generator::generateParenthesesNonGreedy):
-        (JSC::WREC::Generator::generateParenthesesResetTrampoline):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        (JSC::WREC::Generator::generateBackreference):
-        (JSC::WREC::Generator::generateDisjunction):
-
-2008-11-19  Simon Hausmann  <hausmann@webkit.org>
-
-        Sun CC build fix, removed trailing comman for last enum value.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::):
-
-2008-11-19  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Expand the workaround for Apple GCC compiler bug <rdar://problem/6354696> to all versions of GCC 4.0.1.
-        It has been observed with builds 5465 (Xcode 3.0) and 5484 (Xcode 3.1), and there is no evidence
-        that it has been fixed in newer builds of GCC 4.0.1.
-
-        This addresses <https://bugs.webkit.org/show_bug.cgi?id=22351> (WebKit nightly crashes on launch on 10.4.11).
-
-        * wtf/StdLibExtras.h:
-
-2008-11-18  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak and Geoff Garen.
-
-        Bug 22287: ASSERTION FAILED: Not enough jumps linked in slow case codegen in CTI::privateCompileSlowCases())
-        <https://bugs.webkit.org/show_bug.cgi?id=22287>
-
-        Fix a typo in the number cell reuse code where the first and second
-        operands are sometimes confused.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-
-2008-11-18  Dan Bernstein  <mitz@apple.com>
-
-        - try to fix the Windows build
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2008-11-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Minor RegExp cleanup.
-        
-        SunSpider says no change.
-
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match): Renamed "regExpObj" to "regExpConstructor".
-
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp): Instead of checking for a NULL output vector,
-        ASSERT that the output vector is not NULL. (The rest of WREC is not
-        safe to use with a NULL output vector, and we probably don't want to
-        spend the time and/or performance to make it safe.)
-
-2008-11-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        A little more renaming and refactoring.
-        
-        VM_CHECK_EXCEPTION() => CHECK_FOR_EXCEPTION().
-        NEXT_INSTRUCTION => NEXT_INSTRUCTION().
-
-        Removed the "Error_" and "TempError_" prefixes from WREC error types.
-
-        Refactored the WREC parser so it doesn't need a "setError" function,
-        and changed "isEndOfPattern" and its use -- they read kind of backwards
-        before.
-        
-        Changed our "TODO:" error messages at least to say something, since you
-        can't say "TODO:" in shipping software.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::cti_op_convert_this):
-        (JSC::Interpreter::cti_op_add):
-        (JSC::Interpreter::cti_op_pre_inc):
-        (JSC::Interpreter::cti_op_loop_if_less):
-        (JSC::Interpreter::cti_op_loop_if_lesseq):
-        (JSC::Interpreter::cti_op_put_by_id):
-        (JSC::Interpreter::cti_op_put_by_id_second):
-        (JSC::Interpreter::cti_op_put_by_id_generic):
-        (JSC::Interpreter::cti_op_put_by_id_fail):
-        (JSC::Interpreter::cti_op_get_by_id):
-        (JSC::Interpreter::cti_op_get_by_id_second):
-        (JSC::Interpreter::cti_op_get_by_id_generic):
-        (JSC::Interpreter::cti_op_get_by_id_fail):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_del_by_id):
-        (JSC::Interpreter::cti_op_mul):
-        (JSC::Interpreter::cti_op_call_NotJSFunction):
-        (JSC::Interpreter::cti_op_resolve):
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_resolve_func):
-        (JSC::Interpreter::cti_op_sub):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_array):
-        (JSC::Interpreter::cti_op_lesseq):
-        (JSC::Interpreter::cti_op_loop_if_true):
-        (JSC::Interpreter::cti_op_negate):
-        (JSC::Interpreter::cti_op_resolve_skip):
-        (JSC::Interpreter::cti_op_resolve_global):
-        (JSC::Interpreter::cti_op_div):
-        (JSC::Interpreter::cti_op_pre_dec):
-        (JSC::Interpreter::cti_op_jless):
-        (JSC::Interpreter::cti_op_not):
-        (JSC::Interpreter::cti_op_jtrue):
-        (JSC::Interpreter::cti_op_post_inc):
-        (JSC::Interpreter::cti_op_eq):
-        (JSC::Interpreter::cti_op_lshift):
-        (JSC::Interpreter::cti_op_bitand):
-        (JSC::Interpreter::cti_op_rshift):
-        (JSC::Interpreter::cti_op_bitnot):
-        (JSC::Interpreter::cti_op_resolve_with_base):
-        (JSC::Interpreter::cti_op_mod):
-        (JSC::Interpreter::cti_op_less):
-        (JSC::Interpreter::cti_op_neq):
-        (JSC::Interpreter::cti_op_post_dec):
-        (JSC::Interpreter::cti_op_urshift):
-        (JSC::Interpreter::cti_op_bitxor):
-        (JSC::Interpreter::cti_op_bitor):
-        (JSC::Interpreter::cti_op_push_scope):
-        (JSC::Interpreter::cti_op_to_jsnumber):
-        (JSC::Interpreter::cti_op_in):
-        (JSC::Interpreter::cti_op_del_by_val):
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WRECParser.cpp:
-        (JSC::WREC::Parser::parseGreedyQuantifier):
-        (JSC::WREC::Parser::parseParentheses):
-        (JSC::WREC::Parser::parseCharacterClass):
-        (JSC::WREC::Parser::parseEscape):
-        * wrec/WRECParser.h:
-        (JSC::WREC::Parser::):
-        (JSC::WREC::Parser::atEndOfPattern):
-
-2008-11-18  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22337
-        Enable workers by default
-
-        * Configurations/JavaScriptCore.xcconfig: Define ENABLE_WORKERS.
-
-2008-11-18  Alexey Proskuryakov  <ap@webkit.org>
-
-        - Windows build fix
-
-        * wrec/WRECFunctors.h:
-        * wrec/WRECGenerator.h:
-        * wrec/WRECParser.h:
-        CharacterClass is a struct, not a class, fix forward declarations.
-
-2008-11-18  Dan Bernstein  <mitz@apple.com>
-
-        - Windows build fix
-
-        * assembler/X86Assembler.h:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix gtk build.
-
-        * wrec/Quantifier.h:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix gtk build.
-
-        * assembler/AssemblerBuffer.h:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Split WREC classes out into individual files, with a few modifications
-        to more closely match the WebKit coding style.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/X86Assembler.h:
-        * runtime/RegExp.cpp:
-        * wrec/CharacterClass.cpp: Copied from wrec/CharacterClassConstructor.cpp.
-        (JSC::WREC::CharacterClass::newline):
-        (JSC::WREC::CharacterClass::digits):
-        (JSC::WREC::CharacterClass::spaces):
-        (JSC::WREC::CharacterClass::wordchar):
-        (JSC::WREC::CharacterClass::nondigits):
-        (JSC::WREC::CharacterClass::nonspaces):
-        (JSC::WREC::CharacterClass::nonwordchar):
-        * wrec/CharacterClass.h: Copied from wrec/CharacterClassConstructor.h.
-        * wrec/CharacterClassConstructor.cpp:
-        (JSC::WREC::CharacterClassConstructor::addSortedRange):
-        (JSC::WREC::CharacterClassConstructor::append):
-        * wrec/CharacterClassConstructor.h:
-        * wrec/Quantifier.h: Copied from wrec/WREC.h.
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WREC.h:
-        * wrec/WRECFunctors.cpp: Copied from wrec/WREC.cpp.
-        * wrec/WRECFunctors.h: Copied from wrec/WREC.cpp.
-        (JSC::WREC::GenerateAtomFunctor::~GenerateAtomFunctor):
-        (JSC::WREC::GeneratePatternCharacterFunctor::GeneratePatternCharacterFunctor):
-        (JSC::WREC::GenerateCharacterClassFunctor::GenerateCharacterClassFunctor):
-        (JSC::WREC::GenerateBackreferenceFunctor::GenerateBackreferenceFunctor):
-        (JSC::WREC::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
-        * wrec/WRECGenerator.cpp: Copied from wrec/WREC.cpp.
-        (JSC::WREC::Generator::generatePatternCharacter):
-        (JSC::WREC::Generator::generateCharacterClassInvertedRange):
-        (JSC::WREC::Generator::generateCharacterClassInverted):
-        (JSC::WREC::Generator::generateCharacterClass):
-        (JSC::WREC::Generator::generateParentheses):
-        (JSC::WREC::Generator::generateAssertionBOL):
-        (JSC::WREC::Generator::generateAssertionEOL):
-        (JSC::WREC::Generator::generateAssertionWordBoundary):
-        * wrec/WRECGenerator.h: Copied from wrec/WREC.h.
-        * wrec/WRECParser.cpp: Copied from wrec/WREC.cpp.
-        (JSC::WREC::Parser::parseGreedyQuantifier):
-        (JSC::WREC::Parser::parseCharacterClassQuantifier):
-        (JSC::WREC::Parser::parseParentheses):
-        (JSC::WREC::Parser::parseCharacterClass):
-        (JSC::WREC::Parser::parseEscape):
-        (JSC::WREC::Parser::parseTerm):
-        * wrec/WRECParser.h: Copied from wrec/WREC.h.
-        (JSC::WREC::Parser::):
-        (JSC::WREC::Parser::Parser):
-        (JSC::WREC::Parser::setError):
-        (JSC::WREC::Parser::error):
-        (JSC::WREC::Parser::recordSubpattern):
-        (JSC::WREC::Parser::numSubpatterns):
-        (JSC::WREC::Parser::ignoreCase):
-        (JSC::WREC::Parser::multiline):
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix a few builds.
-
-        * JavaScriptCoreSources.bkl:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix a few builds.
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved VM/CTI.* => jit/JIT.*.
-        
-        Removed VM.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp: Removed.
-        * VM/CTI.h: Removed.
-        * bytecode/CodeBlock.cpp:
-        * interpreter/Interpreter.cpp:
-        * jit: Added.
-        * jit/JIT.cpp: Copied from VM/CTI.cpp.
-        * jit/JIT.h: Copied from VM/CTI.h.
-        * runtime/RegExp.cpp:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved runtime/ExecState.* => interpreter/CallFrame.*.
-
-        * API/JSBase.cpp:
-        * API/OpaqueJSString.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/DebuggerCallFrame.h:
-        * interpreter/CallFrame.cpp: Copied from runtime/ExecState.cpp.
-        * interpreter/CallFrame.h: Copied from runtime/ExecState.h.
-        * interpreter/Interpreter.cpp:
-        * parser/Nodes.cpp:
-        * profiler/ProfileGenerator.cpp:
-        * profiler/Profiler.cpp:
-        * runtime/ClassInfo.h:
-        * runtime/Collector.cpp:
-        * runtime/Completion.cpp:
-        * runtime/ExceptionHelpers.cpp:
-        * runtime/ExecState.cpp: Removed.
-        * runtime/ExecState.h: Removed.
-        * runtime/Identifier.cpp:
-        * runtime/JSFunction.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSLock.cpp:
-        * runtime/JSNumberCell.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        * runtime/Lookup.h:
-        * runtime/PropertyNameArray.h:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * API/APICast.h:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * API/APICast.h:
-        * runtime/ExecState.h:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved VM/SamplingTool.* => bytecode/SamplingTool.*.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/SamplingTool.cpp: Removed.
-        * VM/SamplingTool.h: Removed.
-        * bytecode/SamplingTool.cpp: Copied from VM/SamplingTool.cpp.
-        * bytecode/SamplingTool.h: Copied from VM/SamplingTool.h.
-        * jsc.cpp:
-        (runWithScripts):
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * runtime/ExecState.h:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved VM/ExceptionHelpers.cpp => runtime/ExceptionHelpers.cpp.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/ExceptionHelpers.cpp: Removed.
-        * runtime/ExceptionHelpers.cpp: Copied from VM/ExceptionHelpers.cpp.
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved VM/RegisterFile.cpp => interpreter/RegisterFile.cpp.
-
-        * AllInOneFile.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/RegisterFile.cpp: Removed.
-        * interpreter/RegisterFile.cpp: Copied from VM/RegisterFile.cpp.
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved:
-            VM/ExceptionHelpers.h => runtime/ExceptionHelpers.h
-            VM/Register.h => interpreter/Register.h
-            VM/RegisterFile.h => interpreter/RegisterFile.h
-        
-        
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/ExceptionHelpers.h: Removed.
-        * VM/Register.h: Removed.
-        * VM/RegisterFile.h: Removed.
-        * interpreter/Register.h: Copied from VM/Register.h.
-        * interpreter/RegisterFile.h: Copied from VM/RegisterFile.h.
-        * runtime/ExceptionHelpers.h: Copied from VM/ExceptionHelpers.h.
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Qt build.
-
-        * JavaScriptCore.pri:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved VM/Machine.cpp => interpreter/Interpreter.cpp.
-
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/Machine.cpp: Removed.
-        * interpreter/Interpreter.cpp: Copied from VM/Machine.cpp.
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved VM/Machine.h => interpreter/Interpreter.h
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/ExceptionHelpers.cpp:
-        * VM/Machine.cpp:
-        * VM/Machine.h: Removed.
-        * VM/SamplingTool.cpp:
-        * bytecode/CodeBlock.cpp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        * bytecompiler/BytecodeGenerator.h:
-        * debugger/DebuggerCallFrame.cpp:
-        * interpreter: Added.
-        * interpreter/Interpreter.h: Copied from VM/Machine.h.
-        * profiler/ProfileGenerator.cpp:
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/Collector.cpp:
-        * runtime/Completion.cpp:
-        * runtime/ExecState.h:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/JSActivation.cpp:
-        * runtime/JSFunction.cpp:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * wrec/WREC.cpp:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved runtime/Interpreter.cpp => runtime/Completion.cpp.
-
-        Moved functions from Interpreter.h to Completion.h, and removed
-        Interpreter.h from the project.
-
-        * API/JSBase.cpp:
-        * AllInOneFile.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * jsc.cpp:
-        * runtime/Completion.cpp: Copied from runtime/Interpreter.cpp.
-        * runtime/Completion.h:
-        * runtime/Interpreter.cpp: Removed.
-        * runtime/Interpreter.h: Removed.
-
-2008-11-17  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=22312>
-        Fix PCRE include path problem on Qt-port
-
-        * JavaScriptCore.pri:
-        * pcre/pcre.pri:
-
-2008-11-17  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=22313>
-        Add missing CTI source to the build system on Qt-port
-
-        * JavaScriptCore.pri:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix JSGlue build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Qt build.
-
-        * jsc.pro:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Qt build.
-
-        * JavaScriptCore.pri:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Qt build.
-
-        * JavaScriptCore.pri:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        More file moves:
-        
-        VM/CodeBlock.* => bytecode/CodeBlock.*
-        VM/EvalCodeCache.h => bytecode/EvalCodeCache.h
-        VM/Instruction.h => bytecode/Instruction.h
-        VM/Opcode.* => bytecode/Opcode.*
-
-        * GNUmakefile.am:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/CodeBlock.cpp: Removed.
-        * VM/CodeBlock.h: Removed.
-        * VM/EvalCodeCache.h: Removed.
-        * VM/Instruction.h: Removed.
-        * VM/Opcode.cpp: Removed.
-        * VM/Opcode.h: Removed.
-        * bytecode: Added.
-        * bytecode/CodeBlock.cpp: Copied from VM/CodeBlock.cpp.
-        * bytecode/CodeBlock.h: Copied from VM/CodeBlock.h.
-        * bytecode/EvalCodeCache.h: Copied from VM/EvalCodeCache.h.
-        * bytecode/Instruction.h: Copied from VM/Instruction.h.
-        * bytecode/Opcode.cpp: Copied from VM/Opcode.cpp.
-        * bytecode/Opcode.h: Copied from VM/Opcode.h.
-        * jsc.pro:
-        * jscore.bkl:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix a few more builds.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCoreSources.bkl:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix gtk build.
-
-        * GNUmakefile.am:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Some file moves:
-        
-        VM/LabelID.h => bytecompiler/Label.h
-        VM/RegisterID.h => bytecompiler/RegisterID.h
-        VM/SegmentedVector.h => bytecompiler/SegmentedVector.h
-        bytecompiler/CodeGenerator.* => bytecompiler/BytecodeGenerator.*
-
-        * AllInOneFile.cpp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/LabelID.h: Removed.
-        * VM/RegisterID.h: Removed.
-        * VM/SegmentedVector.h: Removed.
-        * bytecompiler/BytecodeGenerator.cpp: Copied from bytecompiler/CodeGenerator.cpp.
-        * bytecompiler/BytecodeGenerator.h: Copied from bytecompiler/CodeGenerator.h.
-        * bytecompiler/CodeGenerator.cpp: Removed.
-        * bytecompiler/CodeGenerator.h: Removed.
-        * bytecompiler/Label.h: Copied from VM/LabelID.h.
-        * bytecompiler/LabelScope.h:
-        * bytecompiler/RegisterID.h: Copied from VM/RegisterID.h.
-        * bytecompiler/SegmentedVector.h: Copied from VM/SegmentedVector.h.
-        * jsc.cpp:
-        * parser/Nodes.cpp:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved masm => assembler and split "AssemblerBuffer.h" out of "X86Assembler.h".
-        
-        Also renamed ENABLE_MASM to ENABLE_ASSEMBLER.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler: Added.
-        * assembler/AssemblerBuffer.h: Copied from masm/X86Assembler.h.
-        (JSC::AssemblerBuffer::AssemblerBuffer):
-        (JSC::AssemblerBuffer::~AssemblerBuffer):
-        (JSC::AssemblerBuffer::ensureSpace):
-        (JSC::AssemblerBuffer::isAligned):
-        (JSC::AssemblerBuffer::putByteUnchecked):
-        (JSC::AssemblerBuffer::putByte):
-        (JSC::AssemblerBuffer::putShortUnchecked):
-        (JSC::AssemblerBuffer::putShort):
-        (JSC::AssemblerBuffer::putIntUnchecked):
-        (JSC::AssemblerBuffer::putInt):
-        (JSC::AssemblerBuffer::data):
-        (JSC::AssemblerBuffer::size):
-        (JSC::AssemblerBuffer::reset):
-        (JSC::AssemblerBuffer::executableCopy):
-        (JSC::AssemblerBuffer::grow):
-        * assembler/X86Assembler.h: Copied from masm/X86Assembler.h.
-        * masm: Removed.
-        * masm/X86Assembler.h: Removed.
-        * wtf/Platform.h:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix gtk build.
-
-        * GNUmakefile.am:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Fixed tyop.
-
-        * VM/CTI.cpp:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix windows build.
-
-        * VM/CTI.cpp:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix gtk build.
-
-        * GNUmakefile.am:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Renamed ENABLE_CTI and ENABLE(CTI) to ENABLE_JIT and ENABLE(JIT).
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::CodeBlock):
-        * VM/Machine.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::~Interpreter):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * VM/Machine.h:
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::prepareJumpTableForStringSwitch):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-        * runtime/JSGlobalData.h:
-        * wrec/WREC.h:
-        * wtf/Platform.h:
-        * wtf/TCSystemAlloc.cpp:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix gtk build.
-
-        * VM/CTI.cpp:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by a few people on squirrelfish-dev.
-        
-        Renamed CTI => JIT.
-
-        * VM/CTI.cpp:
-        (JSC::JIT::killLastResultRegister):
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::emitGetVirtualRegisters):
-        (JSC::JIT::emitPutCTIArgFromVirtualRegister):
-        (JSC::JIT::emitPutCTIArg):
-        (JSC::JIT::emitGetCTIArg):
-        (JSC::JIT::emitPutCTIArgConstant):
-        (JSC::JIT::getConstantImmediateNumericArg):
-        (JSC::JIT::emitPutCTIParam):
-        (JSC::JIT::emitGetCTIParam):
-        (JSC::JIT::emitPutToCallFrameHeader):
-        (JSC::JIT::emitGetFromCallFrameHeader):
-        (JSC::JIT::emitPutVirtualRegister):
-        (JSC::JIT::emitInitRegister):
-        (JSC::JIT::printBytecodeOperandTypes):
-        (JSC::JIT::emitAllocateNumber):
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::emitNakedFastCall):
-        (JSC::JIT::emitCTICall):
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        (JSC::JIT::linkSlowCaseIfNotJSCell):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNum):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmNums):
-        (JSC::JIT::getDeTaggedConstantImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitFastArithPotentiallyReTagImmediate):
-        (JSC::JIT::emitFastArithImmToInt):
-        (JSC::JIT::emitFastArithIntToImmOrSlowCase):
-        (JSC::JIT::emitFastArithIntToImmNoCheck):
-        (JSC::JIT::emitArithIntToImmWithJump):
-        (JSC::JIT::emitTagAsBoolImmediate):
-        (JSC::JIT::JIT):
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCallEvalSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlowScriptCheck):
-        (JSC::JIT::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileLinkPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileGetByIdSelf):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompilePutByIdReplace):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::freeCTIMachineTrampolines):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::emitGetVariableObjectRegister):
-        (JSC::JIT::emitPutVariableObjectRegister):
-        * VM/CTI.h:
-        (JSC::JIT::compile):
-        (JSC::JIT::compileGetByIdSelf):
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdReplace):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compileCTIMachineTrampolines):
-        (JSC::JIT::compilePatchGetArrayLength):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::unlinkCallers):
-        * VM/Machine.cpp:
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::~Interpreter):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_call_JSFunction):
-        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
-        (JSC::Interpreter::cti_vm_lazyLinkCall):
-        * VM/Machine.h:
-        * VM/RegisterFile.h:
-        * parser/Nodes.h:
-        * runtime/JSArray.h:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        * runtime/JSImmediate.h:
-        * runtime/JSNumberCell.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        * runtime/JSVariableObject.h:
-        * runtime/ScopeChain.h:
-        * runtime/Structure.h:
-        * runtime/TypeInfo.h:
-        * runtime/UString.h:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix wx build.
-
-        * jscore.bkl:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Nixed X86:: and X86Assembler:: prefixes in a lot of places using typedefs.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetVirtualRegister):
-        (JSC::CTI::emitGetVirtualRegisters):
-        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
-        (JSC::CTI::emitPutCTIArg):
-        (JSC::CTI::emitGetCTIArg):
-        (JSC::CTI::emitPutCTIParam):
-        (JSC::CTI::emitGetCTIParam):
-        (JSC::CTI::emitPutToCallFrameHeader):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::emitPutVirtualRegister):
-        (JSC::CTI::emitNakedCall):
-        (JSC::CTI::emitNakedFastCall):
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
-        (JSC::CTI::emitFastArithDeTagImmediate):
-        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::CTI::emitFastArithReTagImmediate):
-        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
-        (JSC::CTI::emitFastArithImmToInt):
-        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
-        (JSC::CTI::emitFastArithIntToImmNoCheck):
-        (JSC::CTI::emitArithIntToImmWithJump):
-        (JSC::CTI::emitTagAsBoolImmediate):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileOpStrictEq):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        (JSC::CTI::emitGetVariableObjectRegister):
-        (JSC::CTI::emitPutVariableObjectRegister):
-        * VM/CTI.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::JmpTable::JmpTable):
-        (JSC::SlowCaseEntry::SlowCaseEntry):
-        (JSC::CTI::JSRInfo::JSRInfo):
-        * wrec/WREC.h:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Qt build.
-
-        * JavaScriptCore.pri:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed OBJECT_OFFSET => FIELD_OFFSET
-
-        Nixed use of OBJECT_OFFSET outside of CTI.cpp by making CTI a friend in
-        more places.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCallInitializeCallFrame):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        (JSC::CTI::emitGetVariableObjectRegister):
-        (JSC::CTI::emitPutVariableObjectRegister):
-        * runtime/JSValue.h:
-        * runtime/JSVariableObject.h:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renames:
-        
-        X86Assembler::copy => X86Assembler::executableCopy
-        AssemblerBuffer::copy => AssemblerBuffer::executableCopy
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        * masm/X86Assembler.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        (JSC::X86Assembler::executableCopy):
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed WREC => JSC::WREC, removing JSC:: prefix in a lot of places.
-        Renamed WRECFunction => WREC::CompiledRegExp, and deployed this type
-        name in place of a few casts.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::~RegExp):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * wrec/CharacterClassConstructor.cpp:
-        * wrec/CharacterClassConstructor.h:
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WREC.h:
-        (JSC::WREC::Generator::Generator):
-        (JSC::WREC::Parser::Parser):
-        (JSC::WREC::Parser::parseAlternative):
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed BytecodeInterpreter => Interpreter.
-
-        * JavaScriptCore.exp:
-        * VM/CTI.cpp:
-        (JSC::):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::freeCTIMachineTrampolines):
-        (JSC::CTI::patchGetByIdSelf):
-        (JSC::CTI::patchPutByIdReplace):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        * VM/Machine.cpp:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::resolveBaseAndFunc):
-        (JSC::Interpreter::slideRegisterWindowForCall):
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::~Interpreter):
-        (JSC::Interpreter::dumpCallFrame):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::debug):
-        (JSC::Interpreter::resetTimeoutCheck):
-        (JSC::Interpreter::checkTimeout):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::uncachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::uncacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        (JSC::Interpreter::retrieveCaller):
-        (JSC::Interpreter::retrieveLastCaller):
-        (JSC::Interpreter::findFunctionCallFrame):
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::Interpreter::cti_op_convert_this):
-        (JSC::Interpreter::cti_op_end):
-        (JSC::Interpreter::cti_op_add):
-        (JSC::Interpreter::cti_op_pre_inc):
-        (JSC::Interpreter::cti_timeout_check):
-        (JSC::Interpreter::cti_register_file_check):
-        (JSC::Interpreter::cti_op_loop_if_less):
-        (JSC::Interpreter::cti_op_loop_if_lesseq):
-        (JSC::Interpreter::cti_op_new_object):
-        (JSC::Interpreter::cti_op_put_by_id):
-        (JSC::Interpreter::cti_op_put_by_id_second):
-        (JSC::Interpreter::cti_op_put_by_id_generic):
-        (JSC::Interpreter::cti_op_put_by_id_fail):
-        (JSC::Interpreter::cti_op_get_by_id):
-        (JSC::Interpreter::cti_op_get_by_id_second):
-        (JSC::Interpreter::cti_op_get_by_id_generic):
-        (JSC::Interpreter::cti_op_get_by_id_fail):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_del_by_id):
-        (JSC::Interpreter::cti_op_mul):
-        (JSC::Interpreter::cti_op_new_func):
-        (JSC::Interpreter::cti_op_call_JSFunction):
-        (JSC::Interpreter::cti_op_call_arityCheck):
-        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
-        (JSC::Interpreter::cti_vm_lazyLinkCall):
-        (JSC::Interpreter::cti_op_push_activation):
-        (JSC::Interpreter::cti_op_call_NotJSFunction):
-        (JSC::Interpreter::cti_op_create_arguments):
-        (JSC::Interpreter::cti_op_create_arguments_no_params):
-        (JSC::Interpreter::cti_op_tear_off_activation):
-        (JSC::Interpreter::cti_op_tear_off_arguments):
-        (JSC::Interpreter::cti_op_profile_will_call):
-        (JSC::Interpreter::cti_op_profile_did_call):
-        (JSC::Interpreter::cti_op_ret_scopeChain):
-        (JSC::Interpreter::cti_op_new_array):
-        (JSC::Interpreter::cti_op_resolve):
-        (JSC::Interpreter::cti_op_construct_JSConstruct):
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_resolve_func):
-        (JSC::Interpreter::cti_op_sub):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_array):
-        (JSC::Interpreter::cti_op_lesseq):
-        (JSC::Interpreter::cti_op_loop_if_true):
-        (JSC::Interpreter::cti_op_negate):
-        (JSC::Interpreter::cti_op_resolve_base):
-        (JSC::Interpreter::cti_op_resolve_skip):
-        (JSC::Interpreter::cti_op_resolve_global):
-        (JSC::Interpreter::cti_op_div):
-        (JSC::Interpreter::cti_op_pre_dec):
-        (JSC::Interpreter::cti_op_jless):
-        (JSC::Interpreter::cti_op_not):
-        (JSC::Interpreter::cti_op_jtrue):
-        (JSC::Interpreter::cti_op_post_inc):
-        (JSC::Interpreter::cti_op_eq):
-        (JSC::Interpreter::cti_op_lshift):
-        (JSC::Interpreter::cti_op_bitand):
-        (JSC::Interpreter::cti_op_rshift):
-        (JSC::Interpreter::cti_op_bitnot):
-        (JSC::Interpreter::cti_op_resolve_with_base):
-        (JSC::Interpreter::cti_op_new_func_exp):
-        (JSC::Interpreter::cti_op_mod):
-        (JSC::Interpreter::cti_op_less):
-        (JSC::Interpreter::cti_op_neq):
-        (JSC::Interpreter::cti_op_post_dec):
-        (JSC::Interpreter::cti_op_urshift):
-        (JSC::Interpreter::cti_op_bitxor):
-        (JSC::Interpreter::cti_op_new_regexp):
-        (JSC::Interpreter::cti_op_bitor):
-        (JSC::Interpreter::cti_op_call_eval):
-        (JSC::Interpreter::cti_op_throw):
-        (JSC::Interpreter::cti_op_get_pnames):
-        (JSC::Interpreter::cti_op_next_pname):
-        (JSC::Interpreter::cti_op_push_scope):
-        (JSC::Interpreter::cti_op_pop_scope):
-        (JSC::Interpreter::cti_op_typeof):
-        (JSC::Interpreter::cti_op_is_undefined):
-        (JSC::Interpreter::cti_op_is_boolean):
-        (JSC::Interpreter::cti_op_is_number):
-        (JSC::Interpreter::cti_op_is_string):
-        (JSC::Interpreter::cti_op_is_object):
-        (JSC::Interpreter::cti_op_is_function):
-        (JSC::Interpreter::cti_op_stricteq):
-        (JSC::Interpreter::cti_op_nstricteq):
-        (JSC::Interpreter::cti_op_to_jsnumber):
-        (JSC::Interpreter::cti_op_in):
-        (JSC::Interpreter::cti_op_push_new_scope):
-        (JSC::Interpreter::cti_op_jmp_scopes):
-        (JSC::Interpreter::cti_op_put_by_index):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_op_switch_char):
-        (JSC::Interpreter::cti_op_switch_string):
-        (JSC::Interpreter::cti_op_del_by_val):
-        (JSC::Interpreter::cti_op_put_getter):
-        (JSC::Interpreter::cti_op_put_setter):
-        (JSC::Interpreter::cti_op_new_error):
-        (JSC::Interpreter::cti_op_debug):
-        (JSC::Interpreter::cti_vm_throw):
-        * VM/Machine.h:
-        * VM/Register.h:
-        * VM/SamplingTool.h:
-        (JSC::SamplingTool::SamplingTool):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * jsc.cpp:
-        (runWithScripts):
-        * runtime/ExecState.h:
-        (JSC::ExecState::interpreter):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSString.h:
-        * wrec/WREC.cpp:
-        (WREC::compileRegExp):
-        * wrec/WREC.h:
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Roll out r38461 (my last patch) because it broke the world.
-
-2008-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A few more renames:
-
-        BytecodeInterpreter => Interpreter
-        WREC => JSC::WREC, removing JSC:: prefix in a lot of places
-        X86Assembler::copy => X86Assembler::executableCopy
-        AssemblerBuffer::copy => AssemblerBuffer::executableCopy
-        WRECFunction => WREC::RegExpFunction
-        OBJECT_OFFSET => FIELD_OFFSET
-        
-        Also:
-
-        Nixed use of OBJECT_OFFSET outside of CTI.cpp by making CTI a friend in more places.
-        Nixed X86:: and X86Assembler:: prefixes in a lot of places using typedefs
-
-        * JavaScriptCore.exp:
-        * VM/CTI.cpp:
-        (JSC::):
-        (JSC::CTI::emitGetVirtualRegister):
-        (JSC::CTI::emitGetVirtualRegisters):
-        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
-        (JSC::CTI::emitPutCTIArg):
-        (JSC::CTI::emitGetCTIArg):
-        (JSC::CTI::emitPutCTIParam):
-        (JSC::CTI::emitGetCTIParam):
-        (JSC::CTI::emitPutToCallFrameHeader):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::emitPutVirtualRegister):
-        (JSC::CTI::emitNakedCall):
-        (JSC::CTI::emitNakedFastCall):
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
-        (JSC::CTI::emitFastArithDeTagImmediate):
-        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::CTI::emitFastArithReTagImmediate):
-        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
-        (JSC::CTI::emitFastArithImmToInt):
-        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
-        (JSC::CTI::emitFastArithIntToImmNoCheck):
-        (JSC::CTI::emitArithIntToImmWithJump):
-        (JSC::CTI::emitTagAsBoolImmediate):
-        (JSC::CTI::compileOpCallInitializeCallFrame):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileOpStrictEq):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::freeCTIMachineTrampolines):
-        (JSC::CTI::patchGetByIdSelf):
-        (JSC::CTI::patchPutByIdReplace):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        (JSC::CTI::emitGetVariableObjectRegister):
-        (JSC::CTI::emitPutVariableObjectRegister):
-        * VM/CTI.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::JmpTable::JmpTable):
-        (JSC::SlowCaseEntry::SlowCaseEntry):
-        (JSC::CTI::JSRInfo::JSRInfo):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        * VM/Machine.cpp:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::resolveBaseAndFunc):
-        (JSC::Interpreter::slideRegisterWindowForCall):
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::~Interpreter):
-        (JSC::Interpreter::dumpCallFrame):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::debug):
-        (JSC::Interpreter::resetTimeoutCheck):
-        (JSC::Interpreter::checkTimeout):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::uncachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::uncacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        (JSC::Interpreter::retrieveCaller):
-        (JSC::Interpreter::retrieveLastCaller):
-        (JSC::Interpreter::findFunctionCallFrame):
-        (JSC::Interpreter::tryCTICachePutByID):
-        (JSC::Interpreter::tryCTICacheGetByID):
-        (JSC::):
-        (JSC::Interpreter::cti_op_convert_this):
-        (JSC::Interpreter::cti_op_end):
-        (JSC::Interpreter::cti_op_add):
-        (JSC::Interpreter::cti_op_pre_inc):
-        (JSC::Interpreter::cti_timeout_check):
-        (JSC::Interpreter::cti_register_file_check):
-        (JSC::Interpreter::cti_op_loop_if_less):
-        (JSC::Interpreter::cti_op_loop_if_lesseq):
-        (JSC::Interpreter::cti_op_new_object):
-        (JSC::Interpreter::cti_op_put_by_id):
-        (JSC::Interpreter::cti_op_put_by_id_second):
-        (JSC::Interpreter::cti_op_put_by_id_generic):
-        (JSC::Interpreter::cti_op_put_by_id_fail):
-        (JSC::Interpreter::cti_op_get_by_id):
-        (JSC::Interpreter::cti_op_get_by_id_second):
-        (JSC::Interpreter::cti_op_get_by_id_generic):
-        (JSC::Interpreter::cti_op_get_by_id_fail):
-        (JSC::Interpreter::cti_op_instanceof):
-        (JSC::Interpreter::cti_op_del_by_id):
-        (JSC::Interpreter::cti_op_mul):
-        (JSC::Interpreter::cti_op_new_func):
-        (JSC::Interpreter::cti_op_call_JSFunction):
-        (JSC::Interpreter::cti_op_call_arityCheck):
-        (JSC::Interpreter::cti_vm_dontLazyLinkCall):
-        (JSC::Interpreter::cti_vm_lazyLinkCall):
-        (JSC::Interpreter::cti_op_push_activation):
-        (JSC::Interpreter::cti_op_call_NotJSFunction):
-        (JSC::Interpreter::cti_op_create_arguments):
-        (JSC::Interpreter::cti_op_create_arguments_no_params):
-        (JSC::Interpreter::cti_op_tear_off_activation):
-        (JSC::Interpreter::cti_op_tear_off_arguments):
-        (JSC::Interpreter::cti_op_profile_will_call):
-        (JSC::Interpreter::cti_op_profile_did_call):
-        (JSC::Interpreter::cti_op_ret_scopeChain):
-        (JSC::Interpreter::cti_op_new_array):
-        (JSC::Interpreter::cti_op_resolve):
-        (JSC::Interpreter::cti_op_construct_JSConstruct):
-        (JSC::Interpreter::cti_op_construct_NotJSConstruct):
-        (JSC::Interpreter::cti_op_get_by_val):
-        (JSC::Interpreter::cti_op_resolve_func):
-        (JSC::Interpreter::cti_op_sub):
-        (JSC::Interpreter::cti_op_put_by_val):
-        (JSC::Interpreter::cti_op_put_by_val_array):
-        (JSC::Interpreter::cti_op_lesseq):
-        (JSC::Interpreter::cti_op_loop_if_true):
-        (JSC::Interpreter::cti_op_negate):
-        (JSC::Interpreter::cti_op_resolve_base):
-        (JSC::Interpreter::cti_op_resolve_skip):
-        (JSC::Interpreter::cti_op_resolve_global):
-        (JSC::Interpreter::cti_op_div):
-        (JSC::Interpreter::cti_op_pre_dec):
-        (JSC::Interpreter::cti_op_jless):
-        (JSC::Interpreter::cti_op_not):
-        (JSC::Interpreter::cti_op_jtrue):
-        (JSC::Interpreter::cti_op_post_inc):
-        (JSC::Interpreter::cti_op_eq):
-        (JSC::Interpreter::cti_op_lshift):
-        (JSC::Interpreter::cti_op_bitand):
-        (JSC::Interpreter::cti_op_rshift):
-        (JSC::Interpreter::cti_op_bitnot):
-        (JSC::Interpreter::cti_op_resolve_with_base):
-        (JSC::Interpreter::cti_op_new_func_exp):
-        (JSC::Interpreter::cti_op_mod):
-        (JSC::Interpreter::cti_op_less):
-        (JSC::Interpreter::cti_op_neq):
-        (JSC::Interpreter::cti_op_post_dec):
-        (JSC::Interpreter::cti_op_urshift):
-        (JSC::Interpreter::cti_op_bitxor):
-        (JSC::Interpreter::cti_op_new_regexp):
-        (JSC::Interpreter::cti_op_bitor):
-        (JSC::Interpreter::cti_op_call_eval):
-        (JSC::Interpreter::cti_op_throw):
-        (JSC::Interpreter::cti_op_get_pnames):
-        (JSC::Interpreter::cti_op_next_pname):
-        (JSC::Interpreter::cti_op_push_scope):
-        (JSC::Interpreter::cti_op_pop_scope):
-        (JSC::Interpreter::cti_op_typeof):
-        (JSC::Interpreter::cti_op_is_undefined):
-        (JSC::Interpreter::cti_op_is_boolean):
-        (JSC::Interpreter::cti_op_is_number):
-        (JSC::Interpreter::cti_op_is_string):
-        (JSC::Interpreter::cti_op_is_object):
-        (JSC::Interpreter::cti_op_is_function):
-        (JSC::Interpreter::cti_op_stricteq):
-        (JSC::Interpreter::cti_op_nstricteq):
-        (JSC::Interpreter::cti_op_to_jsnumber):
-        (JSC::Interpreter::cti_op_in):
-        (JSC::Interpreter::cti_op_push_new_scope):
-        (JSC::Interpreter::cti_op_jmp_scopes):
-        (JSC::Interpreter::cti_op_put_by_index):
-        (JSC::Interpreter::cti_op_switch_imm):
-        (JSC::Interpreter::cti_op_switch_char):
-        (JSC::Interpreter::cti_op_switch_string):
-        (JSC::Interpreter::cti_op_del_by_val):
-        (JSC::Interpreter::cti_op_put_getter):
-        (JSC::Interpreter::cti_op_put_setter):
-        (JSC::Interpreter::cti_op_new_error):
-        (JSC::Interpreter::cti_op_debug):
-        (JSC::Interpreter::cti_vm_throw):
-        * VM/Machine.h:
-        * VM/Register.h:
-        * VM/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * VM/SamplingTool.h:
-        (JSC::SamplingTool::SamplingTool):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * jsc.cpp:
-        (runWithScripts):
-        * masm/X86Assembler.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        (JSC::X86Assembler::executableCopy):
-        * runtime/ExecState.h:
-        (JSC::ExecState::interpreter):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSImmediate.h:
-        * runtime/JSString.h:
-        * runtime/JSValue.h:
-        * runtime/JSVariableObject.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::~RegExp):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * wrec/CharacterClassConstructor.cpp:
-        * wrec/CharacterClassConstructor.h:
-        * wrec/WREC.cpp:
-        (JSC::WREC::compileRegExp):
-        * wrec/WREC.h:
-        (JSC::WREC::Generator::Generator):
-        (JSC::WREC::Parser::):
-        (JSC::WREC::Parser::Parser):
-        (JSC::WREC::Parser::parseAlternative):
-
-2008-11-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21810
-        Remove use of static C++ objects that are destroyed at exit time (destructors)
-
-        Conditionally have the DEFINE_STATIC_LOCAL workaround <rdar://problem/6354696> 
-        (Codegen issue with C++ static reference in gcc build 5465) based upon the compiler 
-        build versions. It will use the:
-        static T& = *new T;
-        style for all other compilers.
-
-        * wtf/StdLibExtras.h:
-
-2008-11-16  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Dan Bernstein.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22290
-        Remove cross-heap GC and MessagePort multi-threading support
-
-        It is broken (and may not be implementable at all), and no longer needed, as we
-        don't use MessagePorts for communication with workers any more.
-
-        * JavaScriptCore.exp:
-        * runtime/Collector.cpp:
-        (JSC::Heap::collect):
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        Remove hooks for cross-heap GC.
-
-2008-11-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Cleanup jsc command line code a little.
-
-        * jsc.cpp:
-        (functionQuit):
-        (main): Use standard exit status macros
-        (cleanupGlobalData): Factor out cleanup code into this function.
-        (printUsageStatement): Use standard exit status macros.
-
-2008-11-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Cleanup BytecodeGenerator constructors.
-
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/CodeGenerator.h:
-        * parser/Nodes.cpp:
-        (JSC::ProgramNode::generateBytecode):
-
-2008-11-15  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Geoff Garen.
-
-        - do the long-planned StructureID -> Structure rename
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor):
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.scons:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/CTI.cpp:
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::transitionWillNeedStorageRealloc):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::patchGetByIdSelf):
-        (JSC::CTI::patchPutByIdReplace):
-        * VM/CTI.h:
-        (JSC::CTI::compileGetByIdSelf):
-        (JSC::CTI::compileGetByIdProto):
-        (JSC::CTI::compileGetByIdChain):
-        (JSC::CTI::compilePutByIdReplace):
-        (JSC::CTI::compilePutByIdTransition):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        * VM/CodeBlock.h:
-        * VM/Instruction.h:
-        (JSC::Instruction::Instruction):
-        (JSC::Instruction::):
-        * VM/Machine.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::BytecodeInterpreter::resolveGlobal):
-        (JSC::BytecodeInterpreter::BytecodeInterpreter):
-        (JSC::cachePrototypeChain):
-        (JSC::BytecodeInterpreter::tryCachePutByID):
-        (JSC::BytecodeInterpreter::uncachePutByID):
-        (JSC::BytecodeInterpreter::tryCacheGetByID):
-        (JSC::BytecodeInterpreter::uncacheGetByID):
-        (JSC::BytecodeInterpreter::privateExecute):
-        (JSC::BytecodeInterpreter::tryCTICachePutByID):
-        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
-        (JSC::BytecodeInterpreter::cti_op_instanceof):
-        (JSC::BytecodeInterpreter::cti_op_construct_JSConstruct):
-        (JSC::BytecodeInterpreter::cti_op_resolve_global):
-        (JSC::BytecodeInterpreter::cti_op_is_undefined):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/ArrayPrototype.h:
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/BooleanObject.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateConstructor.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorInstance.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        * runtime/GlobalEvalFunction.h:
-        * runtime/Identifier.h:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell):
-        (JSC::JSCell::isObject):
-        (JSC::JSCell::isString):
-        (JSC::JSCell::structure):
-        (JSC::JSValue::needsThisConversion):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::createLeaked):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::argumentsStructure):
-        (JSC::JSGlobalObject::arrayStructure):
-        (JSC::JSGlobalObject::booleanObjectStructure):
-        (JSC::JSGlobalObject::callbackConstructorStructure):
-        (JSC::JSGlobalObject::callbackFunctionStructure):
-        (JSC::JSGlobalObject::callbackObjectStructure):
-        (JSC::JSGlobalObject::dateStructure):
-        (JSC::JSGlobalObject::emptyObjectStructure):
-        (JSC::JSGlobalObject::errorStructure):
-        (JSC::JSGlobalObject::functionStructure):
-        (JSC::JSGlobalObject::numberObjectStructure):
-        (JSC::JSGlobalObject::prototypeFunctionStructure):
-        (JSC::JSGlobalObject::regExpMatchesArrayStructure):
-        (JSC::JSGlobalObject::regExpStructure):
-        (JSC::JSGlobalObject::stringObjectStructure):
-        (JSC::JSGlobalObject::createStructure):
-        (JSC::Structure::prototypeForLookup):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructure):
-        (JSC::JSNumberCell::JSNumberCell):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::mark):
-        (JSC::JSObject::put):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::getPropertyAttributes):
-        (JSC::JSObject::getPropertyNames):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::createInheritorID):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::hasCustomProperties):
-        (JSC::JSObject::hasGetterSetterProperties):
-        (JSC::JSObject::createStructure):
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::~JSObject):
-        (JSC::JSObject::prototype):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::setStructure):
-        (JSC::JSObject::inheritorID):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::getOwnPropertySlotForWrite):
-        (JSC::JSCell::fastGetOwnPropertySlot):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::transitionTo):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::next):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::JSString::JSString):
-        (JSC::JSString::createStructure):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        * runtime/NumberObject.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        * runtime/Operations.h:
-        (JSC::equalSlowCaseInline):
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArrayData::setCachedStructure):
-        (JSC::PropertyNameArrayData::cachedStructure):
-        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
-        (JSC::PropertyNameArrayData::cachedPrototypeChain):
-        (JSC::PropertyNameArrayData::PropertyNameArrayData):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PrototypeFunction.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::create):
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-        * runtime/Structure.cpp: Copied from JavaScriptCore/runtime/StructureID.cpp.
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::Structure):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::startIgnoringLeaks):
-        (JSC::Structure::stopIgnoringLeaks):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::getEnumerablePropertyNames):
-        (JSC::Structure::clearEnumerationCache):
-        (JSC::Structure::growPropertyStorageCapacity):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::fromDictionaryTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::createCachedPrototypeChain):
-        (JSC::Structure::checkConsistency):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::get):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::insertIntoPropertyMapHashTable):
-        (JSC::Structure::createPropertyMapHashTable):
-        (JSC::Structure::expandPropertyMapHashTable):
-        (JSC::Structure::rehashPropertyMapHashTable):
-        (JSC::Structure::getEnumerablePropertyNamesInternal):
-        * runtime/Structure.h: Copied from JavaScriptCore/runtime/StructureID.h.
-        (JSC::Structure::create):
-        (JSC::Structure::previousID):
-        (JSC::Structure::setCachedPrototypeChain):
-        (JSC::Structure::cachedPrototypeChain):
-        (JSC::Structure::):
-        (JSC::Structure::get):
-        * runtime/StructureChain.cpp: Copied from JavaScriptCore/runtime/StructureIDChain.cpp.
-        (JSC::StructureChain::StructureChain):
-        (JSC::structureChainsAreEqual):
-        * runtime/StructureChain.h: Copied from JavaScriptCore/runtime/StructureIDChain.h.
-        (JSC::StructureChain::create):
-        (JSC::StructureChain::head):
-        * runtime/StructureID.cpp: Removed.
-        * runtime/StructureID.h: Removed.
-        * runtime/StructureIDChain.cpp: Removed.
-        * runtime/StructureIDChain.h: Removed.
-        * runtime/StructureIDTransitionTable.h: Removed.
-        * runtime/StructureTransitionTable.h: Copied from JavaScriptCore/runtime/StructureIDTransitionTable.h.
-
-2008-11-15  Darin Adler  <darin@apple.com>
-
-        - fix non-WREC build
-
-        * runtime/RegExp.cpp: Put "using namespace WREC" inside #if ENABLE(WREC).
-
-2008-11-15  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Timothy Hatcher.
-        
-        As ThreadingNone doesn't implement threads, isMainThread should return true,
-        not false.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=22285
-
-        * wtf/ThreadingNone.cpp:
-        (WTF::isMainThread):
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Moved all WREC-related code into WREC.cpp and put it in a WREC namespace.
-        Removed the WREC prefix from class names.
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/Machine.h:
-        (JSC::BytecodeInterpreter::assemblerBuffer):
-        * masm/X86Assembler.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * wrec/CharacterClassConstructor.cpp:
-        * wrec/CharacterClassConstructor.h:
-        * wrec/WREC.cpp:
-        (WREC::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
-        (WREC::GeneratePatternCharacterFunctor::generateAtom):
-        (WREC::GeneratePatternCharacterFunctor::backtrack):
-        (WREC::GenerateCharacterClassFunctor::generateAtom):
-        (WREC::GenerateCharacterClassFunctor::backtrack):
-        (WREC::GenerateBackreferenceFunctor::generateAtom):
-        (WREC::GenerateBackreferenceFunctor::backtrack):
-        (WREC::GenerateParenthesesNonGreedyFunctor::generateAtom):
-        (WREC::GenerateParenthesesNonGreedyFunctor::backtrack):
-        (WREC::Generator::generateBacktrack1):
-        (WREC::Generator::generateBacktrackBackreference):
-        (WREC::Generator::generateBackreferenceQuantifier):
-        (WREC::Generator::generateNonGreedyQuantifier):
-        (WREC::Generator::generateGreedyQuantifier):
-        (WREC::Generator::generatePatternCharacter):
-        (WREC::Generator::generateCharacterClassInvertedRange):
-        (WREC::Generator::generateCharacterClassInverted):
-        (WREC::Generator::generateCharacterClass):
-        (WREC::Generator::generateParentheses):
-        (WREC::Generator::generateParenthesesNonGreedy):
-        (WREC::Generator::generateParenthesesResetTrampoline):
-        (WREC::Generator::generateAssertionBOL):
-        (WREC::Generator::generateAssertionEOL):
-        (WREC::Generator::generateAssertionWordBoundary):
-        (WREC::Generator::generateBackreference):
-        (WREC::Generator::generateDisjunction):
-        (WREC::Generator::terminateDisjunction):
-        (WREC::Parser::parseGreedyQuantifier):
-        (WREC::Parser::parseQuantifier):
-        (WREC::Parser::parsePatternCharacterQualifier):
-        (WREC::Parser::parseCharacterClassQuantifier):
-        (WREC::Parser::parseBackreferenceQuantifier):
-        (WREC::Parser::parseParentheses):
-        (WREC::Parser::parseCharacterClass):
-        (WREC::Parser::parseOctalEscape):
-        (WREC::Parser::parseEscape):
-        (WREC::Parser::parseTerm):
-        (WREC::Parser::parseDisjunction):
-        (WREC::compileRegExp):
-        * wrec/WREC.h:
-        (WREC::Generator::Generator):
-        (WREC::Parser::Parser):
-        (WREC::Parser::parseAlternative):
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Changed another case of "m_jit" to "m_assembler".
-
-        * VM/CTI.cpp:
-        * wrec/WREC.cpp:
-        * wrec/WREC.h:
-        (JSC::WRECGenerator::WRECGenerator):
-        (JSC::WRECParser::WRECParser):
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed "jit" to "assembler" and, for brevity, replaced *jit.* with __
-        using a macro.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetVirtualRegister):
-        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
-        (JSC::CTI::emitPutCTIArg):
-        (JSC::CTI::emitGetCTIArg):
-        (JSC::CTI::emitPutCTIArgConstant):
-        (JSC::CTI::emitPutCTIParam):
-        (JSC::CTI::emitGetCTIParam):
-        (JSC::CTI::emitPutToCallFrameHeader):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::emitPutVirtualRegister):
-        (JSC::CTI::emitInitRegister):
-        (JSC::CTI::emitAllocateNumber):
-        (JSC::CTI::emitNakedCall):
-        (JSC::CTI::emitNakedFastCall):
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
-        (JSC::CTI::linkSlowCaseIfNotJSCell):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
-        (JSC::CTI::emitFastArithDeTagImmediate):
-        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::CTI::emitFastArithReTagImmediate):
-        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
-        (JSC::CTI::emitFastArithImmToInt):
-        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
-        (JSC::CTI::emitFastArithIntToImmNoCheck):
-        (JSC::CTI::emitArithIntToImmWithJump):
-        (JSC::CTI::emitTagAsBoolImmediate):
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileOpCallInitializeCallFrame):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileOpStrictEq):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileLinkPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        (JSC::CTI::emitGetVariableObjectRegister):
-        (JSC::CTI::emitPutVariableObjectRegister):
-        (JSC::CTI::compileRegExp):
-        * VM/CTI.h:
-        * wrec/WREC.cpp:
-        (JSC::WRECGenerator::generateBacktrack1):
-        (JSC::WRECGenerator::generateBacktrackBackreference):
-        (JSC::WRECGenerator::generateBackreferenceQuantifier):
-        (JSC::WRECGenerator::generateNonGreedyQuantifier):
-        (JSC::WRECGenerator::generateGreedyQuantifier):
-        (JSC::WRECGenerator::generatePatternCharacter):
-        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
-        (JSC::WRECGenerator::generateCharacterClassInverted):
-        (JSC::WRECGenerator::generateCharacterClass):
-        (JSC::WRECGenerator::generateParentheses):
-        (JSC::WRECGenerator::generateParenthesesNonGreedy):
-        (JSC::WRECGenerator::generateParenthesesResetTrampoline):
-        (JSC::WRECGenerator::generateAssertionBOL):
-        (JSC::WRECGenerator::generateAssertionEOL):
-        (JSC::WRECGenerator::generateAssertionWordBoundary):
-        (JSC::WRECGenerator::generateBackreference):
-        (JSC::WRECGenerator::generateDisjunction):
-        (JSC::WRECGenerator::terminateDisjunction):
-
-2008-11-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove dead method declaration.
-
-        * bytecompiler/CodeGenerator.h:
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed LabelID to Label, Label::isForwardLabel to Label::isForward.
-
-        * VM/LabelID.h:
-        (JSC::Label::Label):
-        (JSC::Label::isForward):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::BytecodeGenerator::newLabel):
-        (JSC::BytecodeGenerator::emitLabel):
-        (JSC::BytecodeGenerator::emitJump):
-        (JSC::BytecodeGenerator::emitJumpIfTrue):
-        (JSC::BytecodeGenerator::emitJumpIfFalse):
-        (JSC::BytecodeGenerator::pushFinallyContext):
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-        (JSC::BytecodeGenerator::emitJumpScopes):
-        (JSC::BytecodeGenerator::emitNextPropertyName):
-        (JSC::BytecodeGenerator::emitCatch):
-        (JSC::BytecodeGenerator::emitJumpSubroutine):
-        (JSC::prepareJumpTableForImmediateSwitch):
-        (JSC::prepareJumpTableForCharacterSwitch):
-        (JSC::prepareJumpTableForStringSwitch):
-        (JSC::BytecodeGenerator::endSwitch):
-        * bytecompiler/CodeGenerator.h:
-        * bytecompiler/LabelScope.h:
-        (JSC::LabelScope::LabelScope):
-        (JSC::LabelScope::breakTarget):
-        (JSC::LabelScope::continueTarget):
-        * parser/Nodes.cpp:
-        (JSC::LogicalOpNode::emitBytecode):
-        (JSC::ConditionalNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::CaseBlockNode::emitBytecodeForBlock):
-        (JSC::TryNode::emitBytecode):
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed JITCodeBuffer to AssemblerBuffer and renamed its data members
-        to be more like the rest of our buffer classes, with a size and a
-        capacity.
-        
-        Added an assert in the unchecked put case to match the test in the checked
-        put case.
-        
-        Changed a C-style cast to a C++-style cast.
-        
-        Renamed MAX_INSTRUCTION_SIZE to maxInstructionSize.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileRegExp):
-        * VM/Machine.cpp:
-        (JSC::BytecodeInterpreter::BytecodeInterpreter):
-        * VM/Machine.h:
-        (JSC::BytecodeInterpreter::assemblerBuffer):
-        * masm/X86Assembler.h:
-        (JSC::AssemblerBuffer::AssemblerBuffer):
-        (JSC::AssemblerBuffer::~AssemblerBuffer):
-        (JSC::AssemblerBuffer::ensureSpace):
-        (JSC::AssemblerBuffer::isAligned):
-        (JSC::AssemblerBuffer::putByteUnchecked):
-        (JSC::AssemblerBuffer::putByte):
-        (JSC::AssemblerBuffer::putShortUnchecked):
-        (JSC::AssemblerBuffer::putShort):
-        (JSC::AssemblerBuffer::putIntUnchecked):
-        (JSC::AssemblerBuffer::putInt):
-        (JSC::AssemblerBuffer::data):
-        (JSC::AssemblerBuffer::size):
-        (JSC::AssemblerBuffer::reset):
-        (JSC::AssemblerBuffer::copy):
-        (JSC::AssemblerBuffer::grow):
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::X86Assembler):
-        (JSC::X86Assembler::testl_i32r):
-        (JSC::X86Assembler::movl_mr):
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::movl_i32m):
-        (JSC::X86Assembler::emitCall):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::emitUnlinkedJmp):
-        (JSC::X86Assembler::emitUnlinkedJne):
-        (JSC::X86Assembler::emitUnlinkedJe):
-        (JSC::X86Assembler::emitUnlinkedJl):
-        (JSC::X86Assembler::emitUnlinkedJb):
-        (JSC::X86Assembler::emitUnlinkedJle):
-        (JSC::X86Assembler::emitUnlinkedJbe):
-        (JSC::X86Assembler::emitUnlinkedJge):
-        (JSC::X86Assembler::emitUnlinkedJg):
-        (JSC::X86Assembler::emitUnlinkedJa):
-        (JSC::X86Assembler::emitUnlinkedJae):
-        (JSC::X86Assembler::emitUnlinkedJo):
-        (JSC::X86Assembler::emitUnlinkedJp):
-        (JSC::X86Assembler::emitUnlinkedJs):
-        (JSC::X86Assembler::link):
-        (JSC::X86Assembler::emitModRm_rr):
-        (JSC::X86Assembler::emitModRm_rm):
-        (JSC::X86Assembler::emitModRm_opr):
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Suggested by Maciej Stachowiak.
-        
-        Reverted most "opcode" => "bytecode" renames. We use "bytecode" as a
-        mass noun to refer to a stream of instructions. Each instruction may be
-        an opcode or an operand.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructureIDs):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructureIDs):
-        (JSC::CodeBlock::refStructureIDs):
-        * VM/CodeBlock.h:
-        * VM/ExceptionHelpers.cpp:
-        (JSC::createNotAnObjectError):
-        * VM/Instruction.h:
-        (JSC::Instruction::Instruction):
-        (JSC::Instruction::):
-        * VM/Machine.cpp:
-        (JSC::BytecodeInterpreter::isOpcode):
-        (JSC::BytecodeInterpreter::throwException):
-        (JSC::BytecodeInterpreter::tryCachePutByID):
-        (JSC::BytecodeInterpreter::uncachePutByID):
-        (JSC::BytecodeInterpreter::tryCacheGetByID):
-        (JSC::BytecodeInterpreter::uncacheGetByID):
-        (JSC::BytecodeInterpreter::privateExecute):
-        (JSC::BytecodeInterpreter::tryCTICachePutByID):
-        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
-        * VM/Machine.h:
-        (JSC::BytecodeInterpreter::getOpcode):
-        (JSC::BytecodeInterpreter::getOpcodeID):
-        (JSC::BytecodeInterpreter::isCallBytecode):
-        * VM/Opcode.cpp:
-        (JSC::):
-        (JSC::OpcodeStats::OpcodeStats):
-        (JSC::compareOpcodeIndices):
-        (JSC::compareOpcodePairIndices):
-        (JSC::OpcodeStats::~OpcodeStats):
-        (JSC::OpcodeStats::recordInstruction):
-        (JSC::OpcodeStats::resetLastInstruction):
-        * VM/Opcode.h:
-        (JSC::):
-        (JSC::padOpcodeName):
-        * VM/SamplingTool.cpp:
-        (JSC::ScopeSampleRecord::sample):
-        (JSC::SamplingTool::run):
-        (JSC::compareOpcodeIndicesSampling):
-        (JSC::SamplingTool::dump):
-        * VM/SamplingTool.h:
-        (JSC::ScopeSampleRecord::ScopeSampleRecord):
-        (JSC::SamplingTool::SamplingTool):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitLabel):
-        (JSC::BytecodeGenerator::emitOpcode):
-        (JSC::BytecodeGenerator::emitJump):
-        (JSC::BytecodeGenerator::emitJumpIfTrue):
-        (JSC::BytecodeGenerator::emitJumpIfFalse):
-        (JSC::BytecodeGenerator::emitMove):
-        (JSC::BytecodeGenerator::emitUnaryOp):
-        (JSC::BytecodeGenerator::emitPreInc):
-        (JSC::BytecodeGenerator::emitPreDec):
-        (JSC::BytecodeGenerator::emitPostInc):
-        (JSC::BytecodeGenerator::emitPostDec):
-        (JSC::BytecodeGenerator::emitBinaryOp):
-        (JSC::BytecodeGenerator::emitEqualityOp):
-        (JSC::BytecodeGenerator::emitUnexpectedLoad):
-        (JSC::BytecodeGenerator::emitInstanceOf):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitGetScopedVar):
-        (JSC::BytecodeGenerator::emitPutScopedVar):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveFunction):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitPutGetter):
-        (JSC::BytecodeGenerator::emitPutSetter):
-        (JSC::BytecodeGenerator::emitDeleteById):
-        (JSC::BytecodeGenerator::emitGetByVal):
-        (JSC::BytecodeGenerator::emitPutByVal):
-        (JSC::BytecodeGenerator::emitDeleteByVal):
-        (JSC::BytecodeGenerator::emitPutByIndex):
-        (JSC::BytecodeGenerator::emitNewObject):
-        (JSC::BytecodeGenerator::emitNewArray):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitNewRegExp):
-        (JSC::BytecodeGenerator::emitNewFunctionExpression):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitReturn):
-        (JSC::BytecodeGenerator::emitUnaryNoDstOp):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::emitPopScope):
-        (JSC::BytecodeGenerator::emitDebugHook):
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-        (JSC::BytecodeGenerator::emitJumpScopes):
-        (JSC::BytecodeGenerator::emitNextPropertyName):
-        (JSC::BytecodeGenerator::emitCatch):
-        (JSC::BytecodeGenerator::emitNewError):
-        (JSC::BytecodeGenerator::emitJumpSubroutine):
-        (JSC::BytecodeGenerator::emitSubroutineReturn):
-        (JSC::BytecodeGenerator::emitPushNewScope):
-        (JSC::BytecodeGenerator::beginSwitch):
-        * bytecompiler/CodeGenerator.h:
-        * jsc.cpp:
-        (runWithScripts):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::emitModRm_opr):
-        (JSC::X86Assembler::emitModRm_opr_Unchecked):
-        (JSC::X86Assembler::emitModRm_opm):
-        (JSC::X86Assembler::emitModRm_opm_Unchecked):
-        (JSC::X86Assembler::emitModRm_opmsib):
-        * parser/Nodes.cpp:
-        (JSC::UnaryOpNode::emitBytecode):
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::ReverseBinaryOpNode::emitBytecode):
-        (JSC::ThrowableBinaryOpNode::emitBytecode):
-        (JSC::emitReadModifyAssignment):
-        (JSC::ScopeNode::ScopeNode):
-        * parser/Nodes.h:
-        (JSC::UnaryPlusNode::):
-        (JSC::NegateNode::):
-        (JSC::BitwiseNotNode::):
-        (JSC::LogicalNotNode::):
-        (JSC::MultNode::):
-        (JSC::DivNode::):
-        (JSC::ModNode::):
-        (JSC::AddNode::):
-        (JSC::SubNode::):
-        (JSC::LeftShiftNode::):
-        (JSC::RightShiftNode::):
-        (JSC::UnsignedRightShiftNode::):
-        (JSC::LessNode::):
-        (JSC::GreaterNode::):
-        (JSC::LessEqNode::):
-        (JSC::GreaterEqNode::):
-        (JSC::InstanceOfNode::):
-        (JSC::InNode::):
-        (JSC::EqualNode::):
-        (JSC::NotEqualNode::):
-        (JSC::StrictEqualNode::):
-        (JSC::NotStrictEqualNode::):
-        (JSC::BitAndNode::):
-        (JSC::BitOrNode::):
-        (JSC::BitXOrNode::):
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::fromDictionaryTransition):
-        * wtf/Platform.h:
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renames:
-        
-        CodeGenerator => BytecodeGenerator
-        emitCodeForBlock => emitBytecodeForBlock
-        generatedByteCode => generatedBytecode
-        generateCode => generateBytecode
-
-        * JavaScriptCore.exp:
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::BytecodeGenerator::setDumpsGeneratedCode):
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::allocateConstants):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addParameter):
-        (JSC::BytecodeGenerator::registerFor):
-        (JSC::BytecodeGenerator::constRegisterFor):
-        (JSC::BytecodeGenerator::isLocal):
-        (JSC::BytecodeGenerator::isLocalConstant):
-        (JSC::BytecodeGenerator::newRegister):
-        (JSC::BytecodeGenerator::newTemporary):
-        (JSC::BytecodeGenerator::highestUsedRegister):
-        (JSC::BytecodeGenerator::newLabelScope):
-        (JSC::BytecodeGenerator::newLabel):
-        (JSC::BytecodeGenerator::emitLabel):
-        (JSC::BytecodeGenerator::emitBytecode):
-        (JSC::BytecodeGenerator::retrieveLastBinaryOp):
-        (JSC::BytecodeGenerator::retrieveLastUnaryOp):
-        (JSC::BytecodeGenerator::rewindBinaryOp):
-        (JSC::BytecodeGenerator::rewindUnaryOp):
-        (JSC::BytecodeGenerator::emitJump):
-        (JSC::BytecodeGenerator::emitJumpIfTrue):
-        (JSC::BytecodeGenerator::emitJumpIfFalse):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addUnexpectedConstant):
-        (JSC::BytecodeGenerator::addRegExp):
-        (JSC::BytecodeGenerator::emitMove):
-        (JSC::BytecodeGenerator::emitUnaryOp):
-        (JSC::BytecodeGenerator::emitPreInc):
-        (JSC::BytecodeGenerator::emitPreDec):
-        (JSC::BytecodeGenerator::emitPostInc):
-        (JSC::BytecodeGenerator::emitPostDec):
-        (JSC::BytecodeGenerator::emitBinaryOp):
-        (JSC::BytecodeGenerator::emitEqualityOp):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::emitUnexpectedLoad):
-        (JSC::BytecodeGenerator::findScopedProperty):
-        (JSC::BytecodeGenerator::emitInstanceOf):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitGetScopedVar):
-        (JSC::BytecodeGenerator::emitPutScopedVar):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveFunction):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitPutGetter):
-        (JSC::BytecodeGenerator::emitPutSetter):
-        (JSC::BytecodeGenerator::emitDeleteById):
-        (JSC::BytecodeGenerator::emitGetByVal):
-        (JSC::BytecodeGenerator::emitPutByVal):
-        (JSC::BytecodeGenerator::emitDeleteByVal):
-        (JSC::BytecodeGenerator::emitPutByIndex):
-        (JSC::BytecodeGenerator::emitNewObject):
-        (JSC::BytecodeGenerator::emitNewArray):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitNewRegExp):
-        (JSC::BytecodeGenerator::emitNewFunctionExpression):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallEval):
-        (JSC::BytecodeGenerator::emitReturn):
-        (JSC::BytecodeGenerator::emitUnaryNoDstOp):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::emitPushScope):
-        (JSC::BytecodeGenerator::emitPopScope):
-        (JSC::BytecodeGenerator::emitDebugHook):
-        (JSC::BytecodeGenerator::pushFinallyContext):
-        (JSC::BytecodeGenerator::popFinallyContext):
-        (JSC::BytecodeGenerator::breakTarget):
-        (JSC::BytecodeGenerator::continueTarget):
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-        (JSC::BytecodeGenerator::emitJumpScopes):
-        (JSC::BytecodeGenerator::emitNextPropertyName):
-        (JSC::BytecodeGenerator::emitCatch):
-        (JSC::BytecodeGenerator::emitNewError):
-        (JSC::BytecodeGenerator::emitJumpSubroutine):
-        (JSC::BytecodeGenerator::emitSubroutineReturn):
-        (JSC::BytecodeGenerator::emitPushNewScope):
-        (JSC::BytecodeGenerator::beginSwitch):
-        (JSC::BytecodeGenerator::endSwitch):
-        (JSC::BytecodeGenerator::emitThrowExpressionTooDeepException):
-        * bytecompiler/CodeGenerator.h:
-        * jsc.cpp:
-        (runWithScripts):
-        * parser/Nodes.cpp:
-        (JSC::ThrowableExpressionData::emitThrowError):
-        (JSC::NullNode::emitBytecode):
-        (JSC::BooleanNode::emitBytecode):
-        (JSC::NumberNode::emitBytecode):
-        (JSC::StringNode::emitBytecode):
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::ThisNode::emitBytecode):
-        (JSC::ResolveNode::isPure):
-        (JSC::ResolveNode::emitBytecode):
-        (JSC::ArrayNode::emitBytecode):
-        (JSC::ObjectLiteralNode::emitBytecode):
-        (JSC::PropertyListNode::emitBytecode):
-        (JSC::BracketAccessorNode::emitBytecode):
-        (JSC::DotAccessorNode::emitBytecode):
-        (JSC::ArgumentListNode::emitBytecode):
-        (JSC::NewExprNode::emitBytecode):
-        (JSC::EvalFunctionCallNode::emitBytecode):
-        (JSC::FunctionCallValueNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::FunctionCallBracketNode::emitBytecode):
-        (JSC::FunctionCallDotNode::emitBytecode):
-        (JSC::emitPreIncOrDec):
-        (JSC::emitPostIncOrDec):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PostfixBracketNode::emitBytecode):
-        (JSC::PostfixDotNode::emitBytecode):
-        (JSC::PostfixErrorNode::emitBytecode):
-        (JSC::DeleteResolveNode::emitBytecode):
-        (JSC::DeleteBracketNode::emitBytecode):
-        (JSC::DeleteDotNode::emitBytecode):
-        (JSC::DeleteValueNode::emitBytecode):
-        (JSC::VoidNode::emitBytecode):
-        (JSC::TypeOfResolveNode::emitBytecode):
-        (JSC::TypeOfValueNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::PrefixBracketNode::emitBytecode):
-        (JSC::PrefixDotNode::emitBytecode):
-        (JSC::PrefixErrorNode::emitBytecode):
-        (JSC::UnaryOpNode::emitBytecode):
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::EqualNode::emitBytecode):
-        (JSC::StrictEqualNode::emitBytecode):
-        (JSC::ReverseBinaryOpNode::emitBytecode):
-        (JSC::ThrowableBinaryOpNode::emitBytecode):
-        (JSC::InstanceOfNode::emitBytecode):
-        (JSC::LogicalOpNode::emitBytecode):
-        (JSC::ConditionalNode::emitBytecode):
-        (JSC::emitReadModifyAssignment):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::AssignDotNode::emitBytecode):
-        (JSC::ReadModifyDotNode::emitBytecode):
-        (JSC::AssignErrorNode::emitBytecode):
-        (JSC::AssignBracketNode::emitBytecode):
-        (JSC::ReadModifyBracketNode::emitBytecode):
-        (JSC::CommaNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ConstDeclNode::emitBytecode):
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::statementListEmitCode):
-        (JSC::BlockNode::emitBytecode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::DebuggerStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::CaseBlockNode::emitBytecodeForBlock):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::EvalNode::generateBytecode):
-        (JSC::FunctionBodyNode::generateBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        (JSC::ProgramNode::generateBytecode):
-        (JSC::FuncDeclNode::emitBytecode):
-        (JSC::FuncExprNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::):
-        (JSC::BooleanNode::):
-        (JSC::NumberNode::):
-        (JSC::StringNode::):
-        (JSC::ProgramNode::):
-        (JSC::EvalNode::):
-        (JSC::FunctionBodyNode::):
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-        (JSC::JSActivation::copyRegisters):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::mark):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed all forms of "byte code" "opcode" "op code" "code" "bitcode"
-        etc. to "bytecode".
-
-        * VM/CTI.cpp:
-        (JSC::CTI::printBytecodeOperandTypes):
-        (JSC::CTI::emitAllocateNumber):
-        (JSC::CTI::emitNakedCall):
-        (JSC::CTI::emitNakedFastCall):
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNum):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmNums):
-        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        * VM/CTI.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::SwitchRecord::SwitchRecord):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructureIDs):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::derefStructureIDs):
-        (JSC::CodeBlock::refStructureIDs):
-        * VM/CodeBlock.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        * VM/ExceptionHelpers.cpp:
-        (JSC::createNotAnObjectError):
-        * VM/Instruction.h:
-        (JSC::Instruction::Instruction):
-        (JSC::Instruction::):
-        * VM/Machine.cpp:
-        (JSC::BytecodeInterpreter::isBytecode):
-        (JSC::BytecodeInterpreter::throwException):
-        (JSC::BytecodeInterpreter::execute):
-        (JSC::BytecodeInterpreter::tryCachePutByID):
-        (JSC::BytecodeInterpreter::uncachePutByID):
-        (JSC::BytecodeInterpreter::tryCacheGetByID):
-        (JSC::BytecodeInterpreter::uncacheGetByID):
-        (JSC::BytecodeInterpreter::privateExecute):
-        (JSC::BytecodeInterpreter::tryCTICachePutByID):
-        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
-        (JSC::BytecodeInterpreter::cti_op_call_JSFunction):
-        (JSC::BytecodeInterpreter::cti_vm_dontLazyLinkCall):
-        (JSC::BytecodeInterpreter::cti_vm_lazyLinkCall):
-        * VM/Machine.h:
-        (JSC::BytecodeInterpreter::getBytecode):
-        (JSC::BytecodeInterpreter::getBytecodeID):
-        (JSC::BytecodeInterpreter::isCallBytecode):
-        * VM/Opcode.cpp:
-        (JSC::):
-        (JSC::BytecodeStats::BytecodeStats):
-        (JSC::compareBytecodeIndices):
-        (JSC::compareBytecodePairIndices):
-        (JSC::BytecodeStats::~BytecodeStats):
-        (JSC::BytecodeStats::recordInstruction):
-        (JSC::BytecodeStats::resetLastInstruction):
-        * VM/Opcode.h:
-        (JSC::):
-        (JSC::padBytecodeName):
-        * VM/SamplingTool.cpp:
-        (JSC::ScopeSampleRecord::sample):
-        (JSC::SamplingTool::run):
-        (JSC::compareBytecodeIndicesSampling):
-        (JSC::SamplingTool::dump):
-        * VM/SamplingTool.h:
-        (JSC::ScopeSampleRecord::ScopeSampleRecord):
-        (JSC::SamplingTool::SamplingTool):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::generate):
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::emitLabel):
-        (JSC::CodeGenerator::emitBytecode):
-        (JSC::CodeGenerator::emitJump):
-        (JSC::CodeGenerator::emitJumpIfTrue):
-        (JSC::CodeGenerator::emitJumpIfFalse):
-        (JSC::CodeGenerator::emitMove):
-        (JSC::CodeGenerator::emitUnaryOp):
-        (JSC::CodeGenerator::emitPreInc):
-        (JSC::CodeGenerator::emitPreDec):
-        (JSC::CodeGenerator::emitPostInc):
-        (JSC::CodeGenerator::emitPostDec):
-        (JSC::CodeGenerator::emitBinaryOp):
-        (JSC::CodeGenerator::emitEqualityOp):
-        (JSC::CodeGenerator::emitUnexpectedLoad):
-        (JSC::CodeGenerator::emitInstanceOf):
-        (JSC::CodeGenerator::emitResolve):
-        (JSC::CodeGenerator::emitGetScopedVar):
-        (JSC::CodeGenerator::emitPutScopedVar):
-        (JSC::CodeGenerator::emitResolveBase):
-        (JSC::CodeGenerator::emitResolveWithBase):
-        (JSC::CodeGenerator::emitResolveFunction):
-        (JSC::CodeGenerator::emitGetById):
-        (JSC::CodeGenerator::emitPutById):
-        (JSC::CodeGenerator::emitPutGetter):
-        (JSC::CodeGenerator::emitPutSetter):
-        (JSC::CodeGenerator::emitDeleteById):
-        (JSC::CodeGenerator::emitGetByVal):
-        (JSC::CodeGenerator::emitPutByVal):
-        (JSC::CodeGenerator::emitDeleteByVal):
-        (JSC::CodeGenerator::emitPutByIndex):
-        (JSC::CodeGenerator::emitNewObject):
-        (JSC::CodeGenerator::emitNewArray):
-        (JSC::CodeGenerator::emitNewFunction):
-        (JSC::CodeGenerator::emitNewRegExp):
-        (JSC::CodeGenerator::emitNewFunctionExpression):
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitReturn):
-        (JSC::CodeGenerator::emitUnaryNoDstOp):
-        (JSC::CodeGenerator::emitConstruct):
-        (JSC::CodeGenerator::emitPopScope):
-        (JSC::CodeGenerator::emitDebugHook):
-        (JSC::CodeGenerator::emitComplexJumpScopes):
-        (JSC::CodeGenerator::emitJumpScopes):
-        (JSC::CodeGenerator::emitNextPropertyName):
-        (JSC::CodeGenerator::emitCatch):
-        (JSC::CodeGenerator::emitNewError):
-        (JSC::CodeGenerator::emitJumpSubroutine):
-        (JSC::CodeGenerator::emitSubroutineReturn):
-        (JSC::CodeGenerator::emitPushNewScope):
-        (JSC::CodeGenerator::beginSwitch):
-        (JSC::CodeGenerator::endSwitch):
-        * bytecompiler/CodeGenerator.h:
-        (JSC::CodeGenerator::emitNode):
-        * jsc.cpp:
-        (runWithScripts):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::emitModRm_opr):
-        (JSC::X86Assembler::emitModRm_opr_Unchecked):
-        (JSC::X86Assembler::emitModRm_opm):
-        (JSC::X86Assembler::emitModRm_opm_Unchecked):
-        (JSC::X86Assembler::emitModRm_opmsib):
-        * parser/Nodes.cpp:
-        (JSC::NullNode::emitBytecode):
-        (JSC::BooleanNode::emitBytecode):
-        (JSC::NumberNode::emitBytecode):
-        (JSC::StringNode::emitBytecode):
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::ThisNode::emitBytecode):
-        (JSC::ResolveNode::emitBytecode):
-        (JSC::ArrayNode::emitBytecode):
-        (JSC::ObjectLiteralNode::emitBytecode):
-        (JSC::PropertyListNode::emitBytecode):
-        (JSC::BracketAccessorNode::emitBytecode):
-        (JSC::DotAccessorNode::emitBytecode):
-        (JSC::ArgumentListNode::emitBytecode):
-        (JSC::NewExprNode::emitBytecode):
-        (JSC::EvalFunctionCallNode::emitBytecode):
-        (JSC::FunctionCallValueNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::FunctionCallBracketNode::emitBytecode):
-        (JSC::FunctionCallDotNode::emitBytecode):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PostfixBracketNode::emitBytecode):
-        (JSC::PostfixDotNode::emitBytecode):
-        (JSC::PostfixErrorNode::emitBytecode):
-        (JSC::DeleteResolveNode::emitBytecode):
-        (JSC::DeleteBracketNode::emitBytecode):
-        (JSC::DeleteDotNode::emitBytecode):
-        (JSC::DeleteValueNode::emitBytecode):
-        (JSC::VoidNode::emitBytecode):
-        (JSC::TypeOfResolveNode::emitBytecode):
-        (JSC::TypeOfValueNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::PrefixBracketNode::emitBytecode):
-        (JSC::PrefixDotNode::emitBytecode):
-        (JSC::PrefixErrorNode::emitBytecode):
-        (JSC::UnaryOpNode::emitBytecode):
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::EqualNode::emitBytecode):
-        (JSC::StrictEqualNode::emitBytecode):
-        (JSC::ReverseBinaryOpNode::emitBytecode):
-        (JSC::ThrowableBinaryOpNode::emitBytecode):
-        (JSC::InstanceOfNode::emitBytecode):
-        (JSC::LogicalOpNode::emitBytecode):
-        (JSC::ConditionalNode::emitBytecode):
-        (JSC::emitReadModifyAssignment):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::AssignDotNode::emitBytecode):
-        (JSC::ReadModifyDotNode::emitBytecode):
-        (JSC::AssignErrorNode::emitBytecode):
-        (JSC::AssignBracketNode::emitBytecode):
-        (JSC::ReadModifyBracketNode::emitBytecode):
-        (JSC::CommaNode::emitBytecode):
-        (JSC::ConstDeclNode::emitBytecode):
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::BlockNode::emitBytecode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::DebuggerStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        (JSC::FuncDeclNode::emitBytecode):
-        (JSC::FuncExprNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::UnaryPlusNode::):
-        (JSC::NegateNode::):
-        (JSC::BitwiseNotNode::):
-        (JSC::LogicalNotNode::):
-        (JSC::MultNode::):
-        (JSC::DivNode::):
-        (JSC::ModNode::):
-        (JSC::AddNode::):
-        (JSC::SubNode::):
-        (JSC::LeftShiftNode::):
-        (JSC::RightShiftNode::):
-        (JSC::UnsignedRightShiftNode::):
-        (JSC::LessNode::):
-        (JSC::GreaterNode::):
-        (JSC::LessEqNode::):
-        (JSC::GreaterEqNode::):
-        (JSC::InstanceOfNode::):
-        (JSC::InNode::):
-        (JSC::EqualNode::):
-        (JSC::NotEqualNode::):
-        (JSC::StrictEqualNode::):
-        (JSC::NotStrictEqualNode::):
-        (JSC::BitAndNode::):
-        (JSC::BitOrNode::):
-        (JSC::BitXOrNode::):
-        (JSC::ProgramNode::):
-        (JSC::EvalNode::):
-        (JSC::FunctionBodyNode::):
-        * runtime/JSNotAnObject.h:
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::fromDictionaryTransition):
-        * wtf/Platform.h:
-
-2008-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Renamed Machine to BytecodeInterpreter.
-        
-        Nixed the Interpreter class, and changed its two functions to stand-alone
-        functions.
-
-        * JavaScriptCore.exp:
-        * VM/CTI.cpp:
-        (JSC::):
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::freeCTIMachineTrampolines):
-        (JSC::CTI::patchGetByIdSelf):
-        (JSC::CTI::patchPutByIdReplace):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        (JSC::CTI::compileRegExp):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructureIDs):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructureIDs):
-        (JSC::CodeBlock::refStructureIDs):
-        * VM/ExceptionHelpers.cpp:
-        (JSC::createNotAnObjectError):
-        * VM/Machine.cpp:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::BytecodeInterpreter::resolve):
-        (JSC::BytecodeInterpreter::resolveSkip):
-        (JSC::BytecodeInterpreter::resolveGlobal):
-        (JSC::BytecodeInterpreter::resolveBase):
-        (JSC::BytecodeInterpreter::resolveBaseAndProperty):
-        (JSC::BytecodeInterpreter::resolveBaseAndFunc):
-        (JSC::BytecodeInterpreter::slideRegisterWindowForCall):
-        (JSC::BytecodeInterpreter::callEval):
-        (JSC::BytecodeInterpreter::BytecodeInterpreter):
-        (JSC::BytecodeInterpreter::initialize):
-        (JSC::BytecodeInterpreter::~BytecodeInterpreter):
-        (JSC::BytecodeInterpreter::dumpCallFrame):
-        (JSC::BytecodeInterpreter::dumpRegisters):
-        (JSC::BytecodeInterpreter::isOpcode):
-        (JSC::BytecodeInterpreter::unwindCallFrame):
-        (JSC::BytecodeInterpreter::throwException):
-        (JSC::BytecodeInterpreter::execute):
-        (JSC::BytecodeInterpreter::debug):
-        (JSC::BytecodeInterpreter::resetTimeoutCheck):
-        (JSC::BytecodeInterpreter::checkTimeout):
-        (JSC::BytecodeInterpreter::createExceptionScope):
-        (JSC::BytecodeInterpreter::tryCachePutByID):
-        (JSC::BytecodeInterpreter::uncachePutByID):
-        (JSC::BytecodeInterpreter::tryCacheGetByID):
-        (JSC::BytecodeInterpreter::uncacheGetByID):
-        (JSC::BytecodeInterpreter::privateExecute):
-        (JSC::BytecodeInterpreter::retrieveArguments):
-        (JSC::BytecodeInterpreter::retrieveCaller):
-        (JSC::BytecodeInterpreter::retrieveLastCaller):
-        (JSC::BytecodeInterpreter::findFunctionCallFrame):
-        (JSC::BytecodeInterpreter::tryCTICachePutByID):
-        (JSC::BytecodeInterpreter::tryCTICacheGetByID):
-        (JSC::BytecodeInterpreter::cti_op_convert_this):
-        (JSC::BytecodeInterpreter::cti_op_end):
-        (JSC::BytecodeInterpreter::cti_op_add):
-        (JSC::BytecodeInterpreter::cti_op_pre_inc):
-        (JSC::BytecodeInterpreter::cti_timeout_check):
-        (JSC::BytecodeInterpreter::cti_register_file_check):
-        (JSC::BytecodeInterpreter::cti_op_loop_if_less):
-        (JSC::BytecodeInterpreter::cti_op_loop_if_lesseq):
-        (JSC::BytecodeInterpreter::cti_op_new_object):
-        (JSC::BytecodeInterpreter::cti_op_put_by_id):
-        (JSC::BytecodeInterpreter::cti_op_put_by_id_second):
-        (JSC::BytecodeInterpreter::cti_op_put_by_id_generic):
-        (JSC::BytecodeInterpreter::cti_op_put_by_id_fail):
-        (JSC::BytecodeInterpreter::cti_op_get_by_id):
-        (JSC::BytecodeInterpreter::cti_op_get_by_id_second):
-        (JSC::BytecodeInterpreter::cti_op_get_by_id_generic):
-        (JSC::BytecodeInterpreter::cti_op_get_by_id_fail):
-        (JSC::BytecodeInterpreter::cti_op_instanceof):
-        (JSC::BytecodeInterpreter::cti_op_del_by_id):
-        (JSC::BytecodeInterpreter::cti_op_mul):
-        (JSC::BytecodeInterpreter::cti_op_new_func):
-        (JSC::BytecodeInterpreter::cti_op_call_JSFunction):
-        (JSC::BytecodeInterpreter::cti_op_call_arityCheck):
-        (JSC::BytecodeInterpreter::cti_vm_dontLazyLinkCall):
-        (JSC::BytecodeInterpreter::cti_vm_lazyLinkCall):
-        (JSC::BytecodeInterpreter::cti_op_push_activation):
-        (JSC::BytecodeInterpreter::cti_op_call_NotJSFunction):
-        (JSC::BytecodeInterpreter::cti_op_create_arguments):
-        (JSC::BytecodeInterpreter::cti_op_create_arguments_no_params):
-        (JSC::BytecodeInterpreter::cti_op_tear_off_activation):
-        (JSC::BytecodeInterpreter::cti_op_tear_off_arguments):
-        (JSC::BytecodeInterpreter::cti_op_profile_will_call):
-        (JSC::BytecodeInterpreter::cti_op_profile_did_call):
-        (JSC::BytecodeInterpreter::cti_op_ret_scopeChain):
-        (JSC::BytecodeInterpreter::cti_op_new_array):
-        (JSC::BytecodeInterpreter::cti_op_resolve):
-        (JSC::BytecodeInterpreter::cti_op_construct_JSConstruct):
-        (JSC::BytecodeInterpreter::cti_op_construct_NotJSConstruct):
-        (JSC::BytecodeInterpreter::cti_op_get_by_val):
-        (JSC::BytecodeInterpreter::cti_op_resolve_func):
-        (JSC::BytecodeInterpreter::cti_op_sub):
-        (JSC::BytecodeInterpreter::cti_op_put_by_val):
-        (JSC::BytecodeInterpreter::cti_op_put_by_val_array):
-        (JSC::BytecodeInterpreter::cti_op_lesseq):
-        (JSC::BytecodeInterpreter::cti_op_loop_if_true):
-        (JSC::BytecodeInterpreter::cti_op_negate):
-        (JSC::BytecodeInterpreter::cti_op_resolve_base):
-        (JSC::BytecodeInterpreter::cti_op_resolve_skip):
-        (JSC::BytecodeInterpreter::cti_op_resolve_global):
-        (JSC::BytecodeInterpreter::cti_op_div):
-        (JSC::BytecodeInterpreter::cti_op_pre_dec):
-        (JSC::BytecodeInterpreter::cti_op_jless):
-        (JSC::BytecodeInterpreter::cti_op_not):
-        (JSC::BytecodeInterpreter::cti_op_jtrue):
-        (JSC::BytecodeInterpreter::cti_op_post_inc):
-        (JSC::BytecodeInterpreter::cti_op_eq):
-        (JSC::BytecodeInterpreter::cti_op_lshift):
-        (JSC::BytecodeInterpreter::cti_op_bitand):
-        (JSC::BytecodeInterpreter::cti_op_rshift):
-        (JSC::BytecodeInterpreter::cti_op_bitnot):
-        (JSC::BytecodeInterpreter::cti_op_resolve_with_base):
-        (JSC::BytecodeInterpreter::cti_op_new_func_exp):
-        (JSC::BytecodeInterpreter::cti_op_mod):
-        (JSC::BytecodeInterpreter::cti_op_less):
-        (JSC::BytecodeInterpreter::cti_op_neq):
-        (JSC::BytecodeInterpreter::cti_op_post_dec):
-        (JSC::BytecodeInterpreter::cti_op_urshift):
-        (JSC::BytecodeInterpreter::cti_op_bitxor):
-        (JSC::BytecodeInterpreter::cti_op_new_regexp):
-        (JSC::BytecodeInterpreter::cti_op_bitor):
-        (JSC::BytecodeInterpreter::cti_op_call_eval):
-        (JSC::BytecodeInterpreter::cti_op_throw):
-        (JSC::BytecodeInterpreter::cti_op_get_pnames):
-        (JSC::BytecodeInterpreter::cti_op_next_pname):
-        (JSC::BytecodeInterpreter::cti_op_push_scope):
-        (JSC::BytecodeInterpreter::cti_op_pop_scope):
-        (JSC::BytecodeInterpreter::cti_op_typeof):
-        (JSC::BytecodeInterpreter::cti_op_is_undefined):
-        (JSC::BytecodeInterpreter::cti_op_is_boolean):
-        (JSC::BytecodeInterpreter::cti_op_is_number):
-        (JSC::BytecodeInterpreter::cti_op_is_string):
-        (JSC::BytecodeInterpreter::cti_op_is_object):
-        (JSC::BytecodeInterpreter::cti_op_is_function):
-        (JSC::BytecodeInterpreter::cti_op_stricteq):
-        (JSC::BytecodeInterpreter::cti_op_nstricteq):
-        (JSC::BytecodeInterpreter::cti_op_to_jsnumber):
-        (JSC::BytecodeInterpreter::cti_op_in):
-        (JSC::BytecodeInterpreter::cti_op_push_new_scope):
-        (JSC::BytecodeInterpreter::cti_op_jmp_scopes):
-        (JSC::BytecodeInterpreter::cti_op_put_by_index):
-        (JSC::BytecodeInterpreter::cti_op_switch_imm):
-        (JSC::BytecodeInterpreter::cti_op_switch_char):
-        (JSC::BytecodeInterpreter::cti_op_switch_string):
-        (JSC::BytecodeInterpreter::cti_op_del_by_val):
-        (JSC::BytecodeInterpreter::cti_op_put_getter):
-        (JSC::BytecodeInterpreter::cti_op_put_setter):
-        (JSC::BytecodeInterpreter::cti_op_new_error):
-        (JSC::BytecodeInterpreter::cti_op_debug):
-        (JSC::BytecodeInterpreter::cti_vm_throw):
-        * VM/Machine.h:
-        * VM/Register.h:
-        * VM/SamplingTool.cpp:
-        (JSC::SamplingTool::run):
-        * VM/SamplingTool.h:
-        (JSC::SamplingTool::SamplingTool):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::generate):
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::emitOpcode):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * jsc.cpp:
-        (runWithScripts):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        * runtime/Collector.cpp:
-        (JSC::Heap::collect):
-        * runtime/ExecState.h:
-        (JSC::ExecState::interpreter):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply):
-        * runtime/Interpreter.cpp:
-        (JSC::Interpreter::evaluate):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::setTimeoutTime):
-        (JSC::JSGlobalObject::startTimeoutCheck):
-        (JSC::JSGlobalObject::stopTimeoutCheck):
-        (JSC::JSGlobalObject::mark):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSString.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-
-2008-11-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        - Remove SymbolTable from FunctionBodyNode and move it to CodeBlock
-        
-        It's not needed for functions that have never been executed, so no
-        need to waste the memory. Saves ~4M on membuster after 30 pages.
-
-        * VM/CodeBlock.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::retrieveArguments):
-        * parser/Nodes.cpp:
-        (JSC::EvalNode::generateCode):
-        (JSC::FunctionBodyNode::generateCode):
-        * parser/Nodes.h:
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-
-2008-11-14  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22259: Make all opcodes use eax as their final result register
-        <https://bugs.webkit.org/show_bug.cgi?id=22259>
-
-        Change one case of op_add (and the corresponding slow case) to use eax
-        rather than edx. Also, change the order in which the two results of
-        resolve_func and resolve_base are emitted so that the retrieved value is
-        put last into eax.
-
-        This gives no performance change on SunSpider or the V8 benchmark suite
-        when run in either harness.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-
-2008-11-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Geoff has this wacky notion that emitGetArg and emitPutArg should be related to
-        doing the same thing.  Crazy.
-        
-        Rename the methods for accessing virtual registers to say 'VirtualRegister' in the
-        name, and those for setting up the arguments for CTI methods to contain 'CTIArg'.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetVirtualRegister):
-        (JSC::CTI::emitGetVirtualRegisters):
-        (JSC::CTI::emitPutCTIArgFromVirtualRegister):
-        (JSC::CTI::emitPutCTIArg):
-        (JSC::CTI::emitGetCTIArg):
-        (JSC::CTI::emitPutCTIArgConstant):
-        (JSC::CTI::emitPutVirtualRegister):
-        (JSC::CTI::compileOpCallSetupArgs):
-        (JSC::CTI::compileOpCallEvalSetupArgs):
-        (JSC::CTI::compileOpConstructSetupArgs):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileOpStrictEq):
-        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        * VM/CTI.h:
-
-2008-11-14  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Antti Koivisto
-
-        Fix potential build break by adding StdLibExtras.h
-        
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2008-11-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Generate less code for the slow cases of op_call and op_construct.
-        https://bugs.webkit.org/show_bug.cgi?id=22272
-
-        1% progression on v8 tests.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitRetrieveArg):
-        (JSC::CTI::emitNakedCall):
-        (JSC::CTI::compileOpCallInitializeCallFrame):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        (JSC::getCallLinkInfoReturnLocation):
-        (JSC::CodeBlock::getCallLinkInfo):
-        * VM/Machine.cpp:
-        (JSC::Machine::Machine):
-        (JSC::Machine::cti_vm_dontLazyLinkCall):
-        (JSC::Machine::cti_vm_lazyLinkCall):
-        * VM/Machine.h:
-
-2008-11-14  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Darin Alder.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21810
-        Remove use of static C++ objects that are destroyed at exit time (destructors)
-
-        Create DEFINE_STATIC_LOCAL macro. Change static local objects to leak to avoid 
-        exit-time destructor. Update code that was changed to fix this issue that ran 
-        into a gcc bug (<rdar://problem/6354696> Codegen issue with C++ static reference 
-        in gcc build 5465). Also typdefs for template types needed to be added in some 
-        cases so the type could make it through the macro successfully.
-
-        Basically code of the form:
-        static T m;
-        becomes:
-        DEFINE_STATIC_LOCAL(T, m, ());
-
-        Also any code of the form:
-        static T& m = *new T;
-        also becomes:
-        DEFINE_STATIC_LOCAL(T, m, ());
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/MainThread.cpp:
-        (WTF::mainThreadFunctionQueueMutex):
-        (WTF::functionQueue):
-        * wtf/StdLibExtras.h: Added. Add DEFINE_STATIC_LOCAL macro
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::threadMapMutex):
-        (WTF::threadMap):
-        (WTF::identifierByPthreadHandle):
-
-2008-11-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22269
-        Reduce PropertyMap usage
-
-        From observation of StructureID statistics, it became clear that many
-        StructureID's were not being used as StructureIDs themselves, but rather
-        only being necessary as links in the transition chain.  Acknowledging this
-        and that PropertyMaps stored in StructureIDs can be treated as caches, that
-        is that they can be reconstructed on demand, it became clear that we could
-        reduce the memory consumption of StructureIDs by only keeping PropertyMaps
-        for the StructureIDs that need them the most.
-
-        The specific strategy used to reduce the number of StructureIDs with
-        PropertyMaps is to take the previous StructureIDs PropertyMap when initially
-        transitioning (addPropertyTransition) from it and clearing out the pointer 
-        in the process.  The next time we need to do the same transition, for instance
-        repeated calls to the same constructor, we use the new addPropertyTransitionToExistingStructure
-        first, which allows us not to need the PropertyMap to determine if the property
-        exists already, since a transition to that property would require it not already
-        be present in the StructureID.  Should there be no transition, the PropertyMap
-        can be constructed on demand (via materializePropertyMap) to determine if the put is a 
-        replace or a transition to a new StructureID.
-
-        Reduces memory use on Membuster head test (30 pages open) by ~15MB.
-
-        * JavaScriptCore.exp:
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirect): First use addPropertyTransitionToExistingStructure
-        so that we can avoid building the PropertyMap on subsequent similar object
-        creations.
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry): Add version of constructor which takes
-        all values to be used when lazily building the PropertyMap. 
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::dumpStatistics): Add statistics on the number of StructureIDs
-        with PropertyMaps.
-        (JSC::StructureID::StructureID): Rename m_cachedTransistionOffset to m_offset
-        (JSC::isPowerOf2):
-        (JSC::nextPowerOf2):
-        (JSC::sizeForKeyCount): Returns the expected size of a PropertyMap for a key count.
-        (JSC::StructureID::materializePropertyMap): Builds the PropertyMap out of its previous pointer chain.
-        (JSC::StructureID::addPropertyTransitionToExistingStructure): Only transitions if there is a
-        an existing transition.
-        (JSC::StructureID::addPropertyTransition): Instead of always copying the ProperyMap, try and take
-        it from it previous pointer.
-        (JSC::StructureID::removePropertyTransition): Simplify by calling toDictionaryTransition() to do
-        transition work.
-        (JSC::StructureID::changePrototypeTransition): Build the PropertyMap if necessary before transitioning
-        because once you have transitioned, you will not be able to reconstruct it afterwards as there is no
-        previous pointer, pinning the ProperyMap as well.
-        (JSC::StructureID::getterSetterTransition): Ditto.
-        (JSC::StructureID::toDictionaryTransition): Pin the PropertyMap so that it is not destroyed on further transitions.
-        (JSC::StructureID::fromDictionaryTransition): We can only transition back from a dictionary transition if there
-        are no deleted offsets.
-        (JSC::StructureID::addPropertyWithoutTransition): Build PropertyMap on demands and pin.
-        (JSC::StructureID::removePropertyWithoutTransition): Ditto.
-        (JSC::StructureID::get): Build on demand.
-        (JSC::StructureID::createPropertyMapHashTable): Add version of create that takes a size
-        for on demand building.
-        (JSC::StructureID::expandPropertyMapHashTable):
-        (JSC::StructureID::rehashPropertyMapHashTable):
-        (JSC::StructureID::getEnumerablePropertyNamesInternal): Build PropertyMap on demand.
-        * runtime/StructureID.h:
-        (JSC::StructureID::propertyStorageSize): Account for StructureIDs without PropertyMaps.
-        (JSC::StructureID::isEmpty): Ditto.
-        (JSC::StructureID::materializePropertyMapIfNecessary):
-        (JSC::StructureID::get): Build PropertyMap on demand
-
-2008-11-14  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=21500>
-
-        JavaScriptCore build with -O3 flag instead of -O2 (gcc).
-        2.02% speedup on SunSpider (Qt-port on Linux)
-        1.10% speedup on V8 (Qt-port on Linux)
-        3.45% speedup on WindScorpion (Qt-port on Linux)
-
-        * JavaScriptCore.pri:
-
-2008-11-14  Kristian Amlie  <kristian.amlie@trolltech.com>
-
-        Reviewed by Darin Adler.
-
-        Compile fix for RVCT.
-
-        In reality, it is two fixes:
-
-        1. Remove typename. I believe typename can only be used when the named
-        type depends on the template parameters, which it doesn't in this
-        case, so I think this is more correct.
-        2. Replace ::iterator scope with specialized typedef. This is to work
-        around a bug in RVCT.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22260
-
-        * wtf/ListHashSet.h:
-        (WTF::::find):
-
-2008-11-14  Kristian Amlie  <kristian.amlie@trolltech.com>
-
-        Reviewed by Darin Adler.
-
-        Compile fix for WINSCW.
-
-        This fix doesn't protect against implicit conversions from bool to
-        integers, but most likely that will be caught on another platform.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22260
-
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::operator bool):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::operator bool):
-
-2008-11-14  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22245: Move wtf/dtoa.h into the WTF namespace
-        <https://bugs.webkit.org/show_bug.cgi?id=22245>
-
-        Move wtf/dtoa.h into the WTF namespace from the JSC namespace. This
-        introduces some ambiguities in name lookups, so I changed all uses of
-        the functions in wtf/dtoa.h to explicitly state the namespace.
-
-        * JavaScriptCore.exp:
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-        * runtime/InitializeThreading.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt):
-        * runtime/NumberPrototype.cpp:
-        (JSC::integerPartNoExp):
-        (JSC::numberProtoFuncToExponential):
-        * runtime/UString.cpp:
-        (JSC::concatenate):
-        (JSC::UString::from):
-        (JSC::UString::toDouble):
-        * wtf/dtoa.cpp:
-        * wtf/dtoa.h:
-
-2008-11-14  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 22257: Enable redundant read optimizations for results generated by compileBinaryArithOp()
-        <https://bugs.webkit.org/show_bug.cgi?id=22257>
-
-        This shows no change in performance on either SunSpider or the V8
-        benchmark suite, but it removes an ugly special case and allows for
-        future optimizations to be implemented in a cleaner fashion.
-
-        This patch was essentially given to me by Gavin Barraclough upon my
-        request, but I did regression and performance testing so that he could
-        work on something else.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate): Move the final
-        result to eax if it is not already there.
-        (JSC::CTI::compileBinaryArithOp): Remove the killing of the final result
-        register that disables the optimization.
-
-2008-11-13  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Add a Scons-based build system for building
-        the Chromium-Mac build of JavaScriptCore.
-        https://bugs.webkit.org/show_bug.cgi?id=21991
-
-        * JavaScriptCore.scons: Added.
-        * SConstruct: Added.
-
-2008-11-13  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Roben.
-        
-        Add PLATFORM(CHROMIUM) to the "we don't use cairo" blacklist
-        until https://bugs.webkit.org/show_bug.cgi?id=22250 is fixed.
-
-        * wtf/Platform.h:
-
-2008-11-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        In r38375 the 'jsc' shell was changed to improve teardown on quit. The
-        main() function in jsc.cpp uses Structured Exception Handling, so Visual
-        C++ emits a warning when destructors are used.
-        
-        In order to speculatively fix the Windows build, this patch changes that
-        code to use explicit pointer manipulation and locking rather than smart
-        pointers and RAII.
-
-        * jsc.cpp:
-        (main):
-
-2008-11-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22246: Get arguments for opcodes together to eliminate more redundant memory reads
-        <https://bugs.webkit.org/show_bug.cgi?id=22246>
-
-        It is common for opcodes to read their first operand into eax and their
-        second operand into edx. If the value intended for the second operand is
-        in eax, we should first move eax to the register for the second operand
-        and then read the first operand into eax.
-
-        This is a 0.5% speedup on SunSpider and a 2.0% speedup on the V8
-        benchmark suite when measured using the V8 harness.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArgs):
-        (JSC::CTI::compileOpStrictEq):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-
-2008-11-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22238: Avoid unnecessary reads of temporaries when the target machine register is not eax
-        <https://bugs.webkit.org/show_bug.cgi?id=22238>
-
-        Enable the optimization of not reading a value back from memory that we
-        just wrote when the target machine register is not eax. In order to do
-        this, the code generation for op_put_global_var must be changed to
-        read its argument into a register before overwriting eax.
-
-        This is a 0.5% speedup on SunSpider and shows no change on the V8
-        benchmark suite when run in either harness.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::privateCompileMainPass):
-
-2008-11-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Perform teardown in the 'jsc' shell in order to suppress annoying and
-        misleading leak messages. There is still a lone JSC::Node leaking when
-        quit() is called, but hopefully that can be fixed as well.
-
-        * jsc.cpp:
-        (functionQuit):
-        (main):
-
-2008-11-13  Mike Pinkerton  <pinkerton@chromium.org>
-
-        Reviewed by Sam Weinig.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22087
-        Need correct platform defines for Mac Chromium
-
-        Set the appropriate platform defines for Mac Chromium, which is
-        similar to PLATFORM(MAC), but isn't.
-
-        * wtf/Platform.h:
-
-2008-11-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - remove immediate checks from native codegen for known non-immediate cases like "this"
-        
-        ~.5% speedup on v8 benchmarks
-        
-        In the future we can extend this model to remove all sorts of
-        typechecks based on local type info or type inference.
-        
-        I also added an assertion to verify that all slow cases linked as
-        many slow case jumps as the corresponding fast case generated, and
-        fixed the pre-existing cases where this was not true.
-        
-        * VM/CTI.cpp:
-        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
-        (JSC::CTI::linkSlowCaseIfNotJSCell):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::isKnownNotImmediate):
-
-2008-11-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21943: Avoid needless reads of temporary values in CTI code
-        <https://bugs.webkit.org/show_bug.cgi?id=21943>
-
-        If an opcode needs to load a virtual register and a previous opcode left
-        the contents of that virtual register in a machine register, use the
-        value in the machine register rather than getting it from memory.
-
-        In order to perform this optimization, it is necessary to know the
-        jump tagets in the CodeBlock. For temporaries, the only problematic
-        jump targets are binary logical operators and the ternary conditional
-        operator. However, if this optimization were to be extended to local 
-        variable registers as well, other jump targets would need to be
-        included, like switch statement cases and the beginnings of catch
-        blocks.
-
-        This optimization also requires that the fast case and the slow case
-        of an opcode use emitPutResult() on the same register, which was chosen
-        to be eax, as that is the register into which we read the first operand
-        of opcodes. In order to make this the case, we needed to add some mov
-        instructions to the slow cases of some instructions.
-
-        This optimizaton is not applied whenever compileBinaryArithOp() is used
-        to compile an opcode, because different machine registers may be used to
-        store the final result. It seems possible to rewrite the code generation
-        in compileBinaryArithOp() to allow for this optimization.
-
-        This optimization is also not applied when generating slow cases,
-        because some fast cases overwrite the value of eax before jumping to the
-        slow case. In the future, it may be possible to apply this optimization
-        to slow cases as well, but it did not seem to be a speedup when testing
-        an early version of this patch.
-
-        This is a 1.0% speedup on SunSpider and a 6.3% speedup on the V8
-        benchmark suite.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::killLastResultRegister):
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::emitGetCTIParam):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::emitPutResult):
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileOpStrictEq):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::isTemporaryRegisterIndex):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitLabel):
-
-2008-11-12  Alp Toker  <alp@nuanti.com>
-
-        autotools build system fix-up only. Add FloatQuad.h to the source
-        lists and sort them.
-
-        * GNUmakefile.am:
-
-2008-11-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=22192
-        +37 failures in fast/profiler
-        
-        along with Darin's review comments in
-        https://bugs.webkit.org/show_bug.cgi?id=22174
-        Simplified op_call by nixing its responsibility for moving the value of
-        "this" into the first argument slot
-
-        * VM/Machine.cpp:
-        (JSC::returnToThrowTrampoline):
-        (JSC::throwStackOverflowError):
-        (JSC::Machine::cti_register_file_check):
-        (JSC::Machine::cti_op_call_arityCheck):
-        (JSC::Machine::cti_vm_throw): Moved the throw logic into a function, since
-        functions are better than macros.
-
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitConstruct): Ensure that the function register
-        is preserved if profiling is enabled, since the profiler uses that
-        register.
-
-        * runtime/JSGlobalData.h: Renamed throwReturnAddress to exceptionLocation,
-        because I had a hard time understanding what "throwReturnAddress" meant.
-
-2008-11-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Roll in r38322, now that test failures have been fixed.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCallSetupArgs):
-        (JSC::CTI::compileOpCallEvalSetupArgs):
-        (JSC::CTI::compileOpConstructSetupArgs):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/Machine.cpp:
-        (JSC::Machine::callEval):
-        (JSC::Machine::dumpCallFrame):
-        (JSC::Machine::dumpRegisters):
-        (JSC::Machine::execute):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_register_file_check):
-        (JSC::Machine::cti_op_call_arityCheck):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitCallEval):
-        (JSC::CodeGenerator::emitConstruct):
-        * bytecompiler/CodeGenerator.h:
-        * parser/Nodes.cpp:
-        (JSC::EvalFunctionCallNode::emitCode):
-        (JSC::FunctionCallValueNode::emitCode):
-        (JSC::FunctionCallResolveNode::emitCode):
-        (JSC::FunctionCallBracketNode::emitCode):
-        (JSC::FunctionCallDotNode::emitCode):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::neededConstants):
-
-2008-11-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=22201
-        Integer conversion in array.length was safe signed values,
-        but the length is unsigned.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-
-2008-11-12  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Roll out r38322 due to test failures on the bots.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCallSetupArgs):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/Machine.cpp:
-        (JSC::Machine::callEval):
-        (JSC::Machine::dumpCallFrame):
-        (JSC::Machine::dumpRegisters):
-        (JSC::Machine::execute):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::throwStackOverflowPreviousFrame):
-        (JSC::Machine::cti_register_file_check):
-        (JSC::Machine::cti_op_call_arityCheck):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitCallEval):
-        (JSC::CodeGenerator::emitConstruct):
-        * bytecompiler/CodeGenerator.h:
-        * parser/Nodes.cpp:
-        (JSC::EvalFunctionCallNode::emitCode):
-        (JSC::FunctionCallValueNode::emitCode):
-        (JSC::FunctionCallResolveNode::emitCode):
-        (JSC::FunctionCallBracketNode::emitCode):
-        (JSC::FunctionCallDotNode::emitCode):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::neededConstants):
-
-2008-11-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=22174
-        Simplified op_call by nixing its responsibility for moving the value of
-        "this" into the first argument slot.
-
-        Instead, the caller emits an explicit load or mov instruction, or relies
-        on implicit knowledge that "this" is already in the first argument slot.
-        As a result, two operands to op_call are gone: firstArg and thisVal.
-        
-        SunSpider and v8 tests show no change in bytecode or CTI.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCallSetupArgs):
-        (JSC::CTI::compileOpCallEvalSetupArgs):
-        (JSC::CTI::compileOpConstructSetupArgs): Split apart these three versions
-        of setting up arguments to op_call, because they're more different than
-        they are the same -- even more so with this patch.
-
-        (JSC::CTI::compileOpCall): Updated for the fact that op_construct doesn't
-        match op_call anymore.
-
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases): Merged a few call cases. Updated
-        for changes mentioned above.
-
-        * VM/CTI.h:
-
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Updated for new bytecode format of call / construct.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::callEval): Updated for new bytecode format of call / construct.
-
-        (JSC::Machine::dumpCallFrame):
-        (JSC::Machine::dumpRegisters): Simplified these debugging functions, 
-        taking advantage of the new call frame layout.
-
-        (JSC::Machine::execute): Fixed up the eval version of execute to be
-        friendlier to calls in the new format.
-
-        (JSC::Machine::privateExecute): Implemented the new call format in
-        bytecode.
-
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_call_eval): Updated CTI helpers to match the new
-        call format.
-        
-        Fixed a latent bug in stack overflow checking that is now hit because
-        the register layout has changed a bit -- namely: when throwing a stack
-        overflow exception inside an op_call helper, we need to account for the
-        fact that the current call frame is only half-constructed, and use the
-        parent call frame instead.
-
-        * VM/Machine.h:
-
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitCallEval):
-        (JSC::CodeGenerator::emitConstruct):
-        * bytecompiler/CodeGenerator.h: Updated codegen to match the new call
-        format.
-
-        * parser/Nodes.cpp:
-        (JSC::EvalFunctionCallNode::emitCode):
-        (JSC::FunctionCallValueNode::emitCode):
-        (JSC::FunctionCallResolveNode::emitCode):
-        (JSC::FunctionCallBracketNode::emitCode):
-        (JSC::FunctionCallDotNode::emitCode):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::neededConstants): ditto
-
-2008-11-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Remove an unused forwarding header for a file that no longer exists.
-
-        * ForwardingHeaders/JavaScriptCore/JSLock.h: Removed.
-
-2008-11-11  Mark Rowe  <mrowe@apple.com>
-
-        Fix broken dependencies building JavaScriptCore on a freezing cold cat, caused
-        by failure to update all instances of "kjs" to their new locations.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-11-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Rubber-stamped by Adam Roben.
-
-        * wtf/AVLTree.h: (WTF::AVLTree::Iterator::start_iter):
-        Fix indentation a little more.
-
-2008-11-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Clean up EvalCodeCache to match our coding style a bit more.
-
-        * VM/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-
-2008-11-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Bug 22179: Move EvalCodeCache from CodeBlock.h into its own file
-        <https://bugs.webkit.org/show_bug.cgi?id=22179>
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CodeBlock.h:
-        * VM/EvalCodeCache.h: Copied from VM/CodeBlock.h.
-        * VM/Machine.cpp:
-
-2008-11-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove the 'm_' prefix from the fields of the SwitchRecord struct.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompile):
-        * VM/CTI.h:
-        (JSC::SwitchRecord):
-        (JSC::SwitchRecord::SwitchRecord):
-
-2008-11-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Make asInteger() a static function so that it has internal linkage.
-
-        * VM/CTI.cpp:
-        (JSC::asInteger):
-
-2008-11-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        - shrink CodeBlock and AST related Vectors to exact fit (5-10M savings on membuster test)
-        
-        No perf regression combined with the last patch (each seems like a small regression individually)
-
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::generate):
-        * parser/Nodes.h:
-        (JSC::SourceElements::releaseContentsIntoVector):
-        * wtf/Vector.h:
-        (WTF::Vector::shrinkToFit):
-
-2008-11-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        - remove inline capacity from declaration stacks (15M savings on membuster test)
-
-        No perf regression on SunSpider or V8 test combined with other upcoming memory improvement patch.
-        
-        * JavaScriptCore.exp:
-        * parser/Nodes.h:
-
-2008-11-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        While r38286 removed the need for the m_callFrame member variable of
-        CTI, it should be also be removed.
-
-        * VM/CTI.h:
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Make CTI::asInteger() a non-member function, since it needs no access to
-        any of CTI's member variables.
-
-        * VM/CTI.cpp:
-        (JSC::asInteger):
-        * VM/CTI.h:
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Use 'value' instead of 'js' in CTI as a name for JSValue* to match our
-        usual convention elsewhere.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-        (JSC::CTI::printOpcodeOperandTypes):
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Make CTI::getConstant() a member function of CodeBlock instead.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-        (JSC::CTI::printOpcodeOperandTypes):
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::getConstant):
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Rename CodeBlock::isConstant() to isConstantRegisterIndex().
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-        (JSC::CTI::printOpcodeOperandTypes):
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::isConstantRegisterIndex):
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitEqualityOp):
-
-2008-11-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix for non-CTI builds.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::initialize):
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove the unused labels member variable of CodeBlock.
-
-        * VM/CodeBlock.h:
-        * VM/LabelID.h:
-        (JSC::LabelID::setLocation):
-
-2008-11-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Batch compile the set of static trampolines at the point Machine is constructed, using a single allocation.
-        Refactor out m_callFrame from CTI, since this is only needed to access the global data (instead store a
-        pointer to the global data directly, since this is available at the point the Machine is constructed).
-        Add a method to align the code buffer, to allow JIT generation for multiple trampolines in one block.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::getConstant):
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-        (JSC::CTI::printOpcodeOperandTypes):
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompileCTIMachineTrampolines):
-        (JSC::CTI::freeCTIMachineTrampolines):
-        * VM/CTI.h:
-        (JSC::CTI::compile):
-        (JSC::CTI::compileGetByIdSelf):
-        (JSC::CTI::compileGetByIdProto):
-        (JSC::CTI::compileGetByIdChain):
-        (JSC::CTI::compilePutByIdReplace):
-        (JSC::CTI::compilePutByIdTransition):
-        (JSC::CTI::compileCTIMachineTrampolines):
-        (JSC::CTI::compilePatchGetArrayLength):
-        * VM/Machine.cpp:
-        (JSC::Machine::initialize):
-        (JSC::Machine::~Machine):
-        (JSC::Machine::execute):
-        (JSC::Machine::tryCTICachePutByID):
-        (JSC::Machine::tryCTICacheGetByID):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_lazyLinkCall):
-        * VM/Machine.h:
-        * masm/X86Assembler.h:
-        (JSC::JITCodeBuffer::isAligned):
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::align):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2008-11-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Antti Koivisto.
-        
-        - Make Vector::clear() release the Vector's memory (1MB savings on membuster)
-        https://bugs.webkit.org/show_bug.cgi?id=22170
-
-        * wtf/Vector.h:
-        (WTF::VectorBufferBase::deallocateBuffer): Set capacity to 0 as
-        well as size, otherwise shrinking capacity to 0 can fail to reset
-        the capacity and thus cause a future crash.
-        (WTF::Vector::~Vector): Shrink size not capacity; we only need
-        to call destructors, the buffer will be freed anyway.
-        (WTF::Vector::clear): Change this to shrinkCapacity(0), not just shrink(0).
-        (WTF::::shrinkCapacity): Use shrink() instead of resize() for case where
-        the size is greater than the new capacity, to work with types that have no
-        default constructor.
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Split multiple definitions into separate lines.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileBinaryArithOp):
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 22162: Remove cachedValueGetter from the JavaScriptCore API implementation
-        <https://bugs.webkit.org/show_bug.cgi?id=22162>
-
-        There is no more need for the cachedValueGetter hack now that we have
-        PropertySlot::setValue(), so we should remove it.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-
-2008-11-10  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22152: Remove asObject() call from JSCallbackObject::getOwnPropertySlot()
-        <https://bugs.webkit.org/show_bug.cgi?id=22152>
-
-        With the recent change to adopt asType() style cast functions with
-        assertions instead of static_casts in many places, the assertion for
-        the asObject() call in JSCallbackObject::getOwnPropertySlot() has been
-        failing when using any nontrivial client of the JavaScriptCore API.
-        The cast isn't even necessary to call slot.setCustom(), so it should
-        be removed.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::JSCallbackObject::getOwnPropertySlot):
-
-2008-11-10  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        A few coding style fixes for AVLTree.
-
-        * wtf/AVLTree.h: Moved to WTF namespace, Removed "KJS_" from include guards.
-        (WTF::AVLTree::Iterator::start_iter): Fixed indentation
-
-        * runtime/JSArray.cpp: Added "using namepace WTF".
-
-2008-11-09  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Speculatively fix the non-AllInOne build.
-
-        * runtime/NativeErrorConstructor.cpp:
-
-2008-11-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=22149
-          remove unused code from the parser
-
-        * AllInOneFile.cpp: Removed nodes2string.cpp.
-        * GNUmakefile.am: Ditto.
-        * JavaScriptCore.exp: Ditto.
-        * JavaScriptCore.pri: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * JavaScriptCoreSources.bkl: Ditto.
-
-        * VM/CodeBlock.h: Added include.
-
-        * VM/Machine.cpp: (JSC::Machine::execute): Use the types from
-        DeclarationStacks as DeclarationStacks:: rather than Node:: since
-        "Node" really has little to do with it.
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator): Ditto.
-
-        * jsc.cpp:
-        (Options::Options): Removed prettyPrint option.
-        (runWithScripts): Ditto.
-        (printUsageStatement): Ditto.
-        (parseArguments): Ditto.
-        (jscmain): Ditto.
-
-        * parser/Grammar.y: Removed use of obsolete ImmediateNumberNode.
-
-        * parser/Nodes.cpp:
-        (JSC::ThrowableExpressionData::emitThrowError): Use inline functions
-        instead of direct member access for ThrowableExpressionData values.
-        (JSC::BracketAccessorNode::emitCode): Ditto.
-        (JSC::DotAccessorNode::emitCode): Ditto.
-        (JSC::NewExprNode::emitCode): Ditto.
-        (JSC::EvalFunctionCallNode::emitCode): Ditto.
-        (JSC::FunctionCallValueNode::emitCode): Ditto.
-        (JSC::FunctionCallResolveNode::emitCode): Ditto.
-        (JSC::FunctionCallBracketNode::emitCode): Ditto.
-        (JSC::FunctionCallDotNode::emitCode): Ditto.
-        (JSC::PostfixResolveNode::emitCode): Ditto.
-        (JSC::PostfixBracketNode::emitCode): Ditto.
-        (JSC::PostfixDotNode::emitCode): Ditto.
-        (JSC::DeleteResolveNode::emitCode): Ditto.
-        (JSC::DeleteBracketNode::emitCode): Ditto.
-        (JSC::DeleteDotNode::emitCode): Ditto.
-        (JSC::PrefixResolveNode::emitCode): Ditto.
-        (JSC::PrefixBracketNode::emitCode): Ditto.
-        (JSC::PrefixDotNode::emitCode): Ditto.
-        (JSC::ThrowableBinaryOpNode::emitCode): Ditto.
-        (JSC::InstanceOfNode::emitCode): Ditto.
-        (JSC::ReadModifyResolveNode::emitCode): Ditto.
-        (JSC::AssignResolveNode::emitCode): Ditto.
-        (JSC::AssignDotNode::emitCode): Ditto.
-        (JSC::ReadModifyDotNode::emitCode): Ditto.
-        (JSC::AssignBracketNode::emitCode): Ditto.
-        (JSC::ReadModifyBracketNode::emitCode): Ditto.
-        (JSC::statementListEmitCode): Take a const StatementVector instead
-        of a non-const one. Also removed unused statementListPushFIFO.
-        (JSC::ForInNode::emitCode): Inline functions instead of member access.
-        (JSC::ThrowNode::emitCode): Ditto.
-        (JSC::EvalNode::emitCode): Ditto.
-        (JSC::FunctionBodyNode::emitCode): Ditto.
-        (JSC::ProgramNode::emitCode): Ditto.
-
-        * parser/Nodes.h: Removed unused includes and forward declarations.
-        Removed Precedence enum. Made many more members private instead of
-        protected or public. Removed unused NodeStack typedef. Moved the
-        VarStack and FunctionStack typedefs from Node to ScopeNode. Made
-        Node::emitCode pure virtual and changed classes that don't emit
-        any code to inherit from ParserRefCounted rather than Node.
-        Moved isReturnNode from Node to StatementNode. Removed the
-        streamTo, precedence, and needsParensIfLeftmost functions from
-        all classes. Removed the ImmediateNumberNode class and make
-        NumberNode::setValue nonvirtual.
-
-        * parser/nodes2string.cpp: Removed.
-
-2008-11-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig and Maciej Stachowiak.
-        Includes some work done by Chris Brichford.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=14886
-          Stack overflow due to deeply nested parse tree doing repeated string concatentation
-
-        Test: fast/js/large-expressions.html
-
-        1) Code generation is recursive, so takes stack proportional to the complexity
-           of the source code expression. Fixed by setting an arbitrary recursion limit
-           of 10,000 nodes.
-
-        2) Destruction of the syntax tree was recursive. Fixed by introducing a
-           non-recursive mechanism for destroying the tree.
-
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator): Initialize depth to 0.
-        (JSC::CodeGenerator::emitThrowExpressionTooDeepException): Added. Emits the code
-        to throw a "too deep" exception.
-        * bytecompiler/CodeGenerator.h:
-        (JSC::CodeGenerator::emitNode): Check depth and emit an exception if we exceed
-        the maximum depth.
-
-        * parser/Nodes.cpp:
-        (JSC::NodeReleaser::releaseAllNodes): Added. To be called inside node destructors
-        to avoid recursive calls to destructors for nodes inside this one.
-        (JSC::NodeReleaser::release): Added. To be called inside releaseNodes functions.
-        Also added releaseNodes functions and calls to releaseAllNodes inside destructors
-        for each class derived from Node that has RefPtr to other nodes.
-        (JSC::NodeReleaser::adopt): Added. Used by the release function.
-        (JSC::NodeReleaser::adoptFunctionBodyNode): Added.
-
-        * parser/Nodes.h: Added declarations of releaseNodes and destructors in all classes
-        that needed it. Eliminated use of ListRefPtr and releaseNext, which are the two parts
-        of an older solution to the non-recursive destruction problem that works only for
-        lists, whereas the new solution works for other graphs. Changed ReverseBinaryOpNode
-        to use BinaryOpNode as a base class to avoid some duplicated code.
-
-2008-11-08  Kevin Ollivier  <kevino@theolliviers.com>
-        
-        wx build fixes after addition of JSCore parser and bycompiler dirs. Also cleanup
-        the JSCore Bakefile's group names to be consistent.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-
-2008-11-07  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 21801: REGRESSION (r37821): YUI date formatting JavaScript puts the letter 'd' in place of the day
-        <https://bugs.webkit.org/show_bug.cgi?id=21801>
-
-        Fix the constant register check in the 'typeof' optimization in
-        CodeGenerator, which was completely broken after r37821.
-
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitEqualityOp):
-
-2008-11-07  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 22129: Move CTI::isConstant() to CodeBlock
-        <https://bugs.webkit.org/show_bug.cgi?id=22129>
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-        (JSC::CTI::printOpcodeOperandTypes):
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::isConstant):
-
-2008-11-07  Alp Toker  <alp@nuanti.com>
-
-        autotools fix. Always use the configured perl binary (which may be
-        different to the one in $PATH) when generating sources.
-
-        * GNUmakefile.am:
-
-2008-11-07  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Change grammar.cpp to Grammar.cpp and grammar.h to Grammar.h in several
-        build scripts.
-
-        * DerivedSources.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCoreSources.bkl:
-
-2008-11-07  Alp Toker  <alp@nuanti.com>
-
-        More grammar.cpp -> Grammar.cpp build fixes.
-
-        * AllInOneFile.cpp:
-        * GNUmakefile.am:
-
-2008-11-07  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the build on case-sensitive file systems. grammar.y was renamed to
-        Grammar.y but Lexer.cpp includes grammar.h. The build bots didn't
-        notice this change because of stale files.
-
-        * parser/Lexer.cpp:
-
-2008-11-07  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Rename the m_nextGlobal, m_nextParameter, and m_nextConstant member
-        variables of CodeGenerator to m_nextGlobalIndex, m_nextParameterIndex,
-        and m_nextConstantIndex respectively. This is to distinguish these from
-        member variables like m_lastConstant, which are actually RefPtrs to
-        Registers.
-
-        * bytecompiler/CodeGenerator.cpp:
-        (JSC::CodeGenerator::addGlobalVar):
-        (JSC::CodeGenerator::allocateConstants):
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::addParameter):
-        (JSC::CodeGenerator::addConstant):
-        * bytecompiler/CodeGenerator.h:
-
-2008-11-06  Gavin Barraclough  barraclough@apple.com
-
-        Reviewed by Oliver Hunt.
-
-        Do not make a cti_* call to perform an op_call unless either:
-        (1) The codeblock for the function body has not been generated.
-        (2) The number of arguments passed does not match the callee arity.
-
-        ~1% progression on sunspider --v8
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCallInitializeCallFrame):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_call_arityCheck):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        * VM/Machine.h:
-        * kjs/nodes.h:
-
-2008-11-06  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Move the remaining files in the kjs subdirectory of JavaScriptCore to
-        a new parser subdirectory, and remove the kjs subdirectory entirely.
-
-        * AllInOneFile.cpp:
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/CodeBlock.h:
-        * VM/ExceptionHelpers.cpp:
-        * VM/SamplingTool.h:
-        * bytecompiler/CodeGenerator.h:
-        * jsc.pro:
-        * jscore.bkl:
-        * kjs: Removed.
-        * kjs/NodeInfo.h: Removed.
-        * kjs/Parser.cpp: Removed.
-        * kjs/Parser.h: Removed.
-        * kjs/ResultType.h: Removed.
-        * kjs/SourceCode.h: Removed.
-        * kjs/SourceProvider.h: Removed.
-        * kjs/grammar.y: Removed.
-        * kjs/keywords.table: Removed.
-        * kjs/lexer.cpp: Removed.
-        * kjs/lexer.h: Removed.
-        * kjs/nodes.cpp: Removed.
-        * kjs/nodes.h: Removed.
-        * kjs/nodes2string.cpp: Removed.
-        * parser: Added.
-        * parser/Grammar.y: Copied from kjs/grammar.y.
-        * parser/Keywords.table: Copied from kjs/keywords.table.
-        * parser/Lexer.cpp: Copied from kjs/lexer.cpp.
-        * parser/Lexer.h: Copied from kjs/lexer.h.
-        * parser/NodeInfo.h: Copied from kjs/NodeInfo.h.
-        * parser/Nodes.cpp: Copied from kjs/nodes.cpp.
-        * parser/Nodes.h: Copied from kjs/nodes.h.
-        * parser/Parser.cpp: Copied from kjs/Parser.cpp.
-        * parser/Parser.h: Copied from kjs/Parser.h.
-        * parser/ResultType.h: Copied from kjs/ResultType.h.
-        * parser/SourceCode.h: Copied from kjs/SourceCode.h.
-        * parser/SourceProvider.h: Copied from kjs/SourceProvider.h.
-        * parser/nodes2string.cpp: Copied from kjs/nodes2string.cpp.
-        * pcre/pcre.pri:
-        * pcre/pcre_exec.cpp:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::toNumber):
-        * runtime/RegExp.cpp:
-
-2008-11-06  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r38196
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Added bytecompiler/ to the
-        include path.
-
-2008-11-06  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Create a new bytecompiler subdirectory of JavaScriptCore and move some
-        relevant files to it.
-
-        * AllInOneFile.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/CodeGenerator.cpp: Removed.
-        * VM/CodeGenerator.h: Removed.
-        * bytecompiler: Added.
-        * bytecompiler/CodeGenerator.cpp: Copied from VM/CodeGenerator.cpp.
-        * bytecompiler/CodeGenerator.h: Copied from VM/CodeGenerator.h.
-        * bytecompiler/LabelScope.h: Copied from kjs/LabelScope.h.
-        * jscore.bkl:
-        * kjs/LabelScope.h: Removed.
-
-2008-11-06  Adam Roben  <aroben@apple.com>
-
-        Windows clean build fix after r38155
-
-        Rubberstamped by Cameron Zwarich.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Update
-        the post-build event for the move of create_hash_table out of kjs/.
-
-2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22107
-
-        Bug uncovered during RVCT port in functions not used. get_lt() and
-        get_gt() takes only one argument - remove second argument where
-        applicable.
-
-        * wtf/AVLTree.h:
-        (JSC::AVLTree::remove): Remove second argument of get_lt/get_gt().
-        (JSC::AVLTree::subst): Ditto.
-
-2008-11-06  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Cameron Zwarich.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22033
-        [GTK] CTI/Linux r38064 crashes; JIT requires executable memory
-
-        Mark pages allocated by the FastMalloc mmap code path executable with
-        PROT_EXEC. This fixes crashes seen on CPUs and kernels that enforce
-        non-executable memory (like ExecShield on Fedora Linux) when the JIT
-        is enabled.
-
-        This patch does not resolve the issue on debug builds so affected
-        developers may still need to pass --disable-jit to configure.
-
-        * wtf/TCSystemAlloc.cpp:
-        (TryMmap):
-        (TryDevMem):
-        (TCMalloc_SystemRelease):
-
-2008-11-06  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 22099: Make the Qt port build the JSC shell in the correct place
-        <https://bugs.webkit.org/show_bug.cgi?id=22099>
-
-        Adjust include paths and build destination dir for the 'jsc' executable
-        in the Qt build.
-
-        * jsc.pro:
-
-2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Implemented the block allocation on Symbian through heap allocation.
-
-        Unfortunately there is no way to allocate virtual memory. The Posix
-        layer provides mmap() but no anonymous mapping. So this is a very slow
-        solution but it should work as a start.
-
-        * runtime/Collector.cpp:
-        (JSC::allocateBlock):
-        (JSC::freeBlock):
-
-2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Borrow some math functions from the MSVC port to the build with the
-        RVCT compiler.
-
-        * wtf/MathExtras.h:
-        (isinf):
-        (isnan):
-        (signbit):
-
-2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Include strings.h for strncasecmp().
-        This is needed for compilation inside Symbian and it is also
-        confirmed by the man-page on Linux.
-
-        * runtime/DateMath.cpp:
-
-2008-11-06  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Implemented currentThreadStackBase for Symbian.
-
-        * runtime/Collector.cpp:
-        (JSC::currentThreadStackBase):
-
-2008-11-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        RVCT does not support tm_gmtoff field, so disable that code just like
-        for MSVC.
-
-        * runtime/DateMath.h:
-        (JSC::GregorianDateTime::GregorianDateTime):
-        (JSC::GregorianDateTime::operator tm):
-
-2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Define PLATFORM(UNIX) for S60. Effectively WebKit on S60 is compiled
-        on top of the Posix layer.
-
-        * wtf/Platform.h:
-
-2008-11-06  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Added __SYMBIAN32__ condition for defining PLATFORM(SYMBIAN).
-
-        * wtf/Platform.h:
-
-2008-11-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon Hausmann.
-
-        Added WINSCW compiler define for Symbian S60.
-
-        * wtf/Platform.h:
-
-2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Use the GCC defines of the WTF_ALIGN* macros for the RVCT and the
-        MINSCW compiler.
-
-        * wtf/Vector.h:
-
-2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Define capabilities of the SYMBIAN platform. Some of the system
-        headers are actually dependent on RVCT.
-
-        * wtf/Platform.h:
-
-2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Add missing stddef.h header needed for compilation in Symbian.
-
-        * runtime/Collector.h:
-
-2008-11-06  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Added COMPILER(RVCT) to detect the ARM RVCT compiler used in the Symbian environment.
-
-        * wtf/Platform.h:
-
-2008-11-06  Simon Hausmann  <hausmann@webkit.org>
-
-        Fix the Qt build, adjust include paths after move of jsc.pro.
-
-        * jsc.pro:
-
-2008-11-06  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Move kjs/Shell.cpp to the top level of the JavaScriptCore directory and
-        rename it to jsc.cpp to reflect the name of the binary compiled from it.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jsc.cpp: Copied from kjs/Shell.cpp.
-        * jsc.pro:
-        * jscore.bkl:
-        * kjs/Shell.cpp: Removed.
-
-2008-11-06  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Move create_hash_table and jsc.pro out of the kjs directory and into the
-        root directory of JavaScriptCore.
-
-        * DerivedSources.make:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * create_hash_table: Copied from kjs/create_hash_table.
-        * jsc.pro: Copied from kjs/jsc.pro.
-        * kjs/create_hash_table: Removed.
-        * kjs/jsc.pro: Removed.
-        * make-generated-sources.sh:
-
-2008-11-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22094
-
-        Fix for bug where the callee incorrectly recieves the caller's lexical
-        global object as this, rather than its own.  Implementation closely
-        follows the spec, passing jsNull, checking in the callee and replacing
-        with the global object where necessary.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_call_eval):
-        * runtime/JSCell.h:
-        (JSC::JSValue::toThisObject):
-        * runtime/JSImmediate.cpp:
-        (JSC::JSImmediate::toThisObject):
-        * runtime/JSImmediate.h:
-
-2008-11-05  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix after Operations.cpp move.
-
-        * JavaScriptCoreSources.bkl:
-
-2008-11-05  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Fix the build for case-sensitive build systems and wxWindows.
-
-        * JavaScriptCoreSources.bkl:
-        * kjs/create_hash_table:
-
-2008-11-05  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Fix the build for case-sensitive build systems.
-
-        * JavaScriptCoreSources.bkl:
-        * kjs/Shell.cpp:
-        * runtime/Interpreter.cpp:
-        * runtime/JSArray.cpp:
-
-2008-11-05  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Fix the build for case-sensitive build systems.
-
-        * API/JSBase.cpp:
-        * API/JSObjectRef.cpp:
-        * runtime/CommonIdentifiers.h:
-        * runtime/Identifier.cpp:
-        * runtime/InitializeThreading.cpp:
-        * runtime/InternalFunction.h:
-        * runtime/JSString.h:
-        * runtime/Lookup.h:
-        * runtime/PropertyNameArray.h:
-        * runtime/PropertySlot.h:
-        * runtime/StructureID.cpp:
-        * runtime/StructureID.h:
-        * runtime/UString.cpp:
-
-2008-11-05  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Move more files to the runtime subdirectory of JavaScriptCore.
-
-        * API/APICast.h:
-        * API/JSBase.cpp:
-        * API/JSCallbackObject.cpp:
-        * API/JSClassRef.cpp:
-        * API/JSClassRef.h:
-        * API/JSStringRefCF.cpp:
-        * API/JSValueRef.cpp:
-        * API/OpaqueJSString.cpp:
-        * API/OpaqueJSString.h:
-        * AllInOneFile.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        * VM/Machine.cpp:
-        * VM/RegisterFile.h:
-        * debugger/Debugger.h:
-        * kjs/SourceProvider.h:
-        * kjs/TypeInfo.h: Removed.
-        * kjs/collector.cpp: Removed.
-        * kjs/collector.h: Removed.
-        * kjs/completion.h: Removed.
-        * kjs/create_hash_table:
-        * kjs/identifier.cpp: Removed.
-        * kjs/identifier.h: Removed.
-        * kjs/interpreter.cpp: Removed.
-        * kjs/interpreter.h: Removed.
-        * kjs/lexer.cpp:
-        * kjs/lexer.h:
-        * kjs/lookup.cpp: Removed.
-        * kjs/lookup.h: Removed.
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/operations.cpp: Removed.
-        * kjs/operations.h: Removed.
-        * kjs/protect.h: Removed.
-        * kjs/regexp.cpp: Removed.
-        * kjs/regexp.h: Removed.
-        * kjs/ustring.cpp: Removed.
-        * kjs/ustring.h: Removed.
-        * pcre/pcre_exec.cpp:
-        * profiler/CallIdentifier.h:
-        * profiler/Profile.h:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/ArrayPrototype.h:
-        * runtime/Collector.cpp: Copied from kjs/collector.cpp.
-        * runtime/Collector.h: Copied from kjs/collector.h.
-        * runtime/CollectorHeapIterator.h:
-        * runtime/Completion.h: Copied from kjs/completion.h.
-        * runtime/ErrorPrototype.cpp:
-        * runtime/Identifier.cpp: Copied from kjs/identifier.cpp.
-        * runtime/Identifier.h: Copied from kjs/identifier.h.
-        * runtime/InitializeThreading.cpp:
-        * runtime/Interpreter.cpp: Copied from kjs/interpreter.cpp.
-        * runtime/Interpreter.h: Copied from kjs/interpreter.h.
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalData.h:
-        * runtime/JSLock.cpp:
-        * runtime/JSNumberCell.cpp:
-        * runtime/JSNumberCell.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSValue.h:
-        * runtime/Lookup.cpp: Copied from kjs/lookup.cpp.
-        * runtime/Lookup.h: Copied from kjs/lookup.h.
-        * runtime/MathObject.cpp:
-        * runtime/NativeErrorPrototype.cpp:
-        * runtime/NumberPrototype.cpp:
-        * runtime/Operations.cpp: Copied from kjs/operations.cpp.
-        * runtime/Operations.h: Copied from kjs/operations.h.
-        * runtime/PropertyMapHashTable.h:
-        * runtime/Protect.h: Copied from kjs/protect.h.
-        * runtime/RegExp.cpp: Copied from kjs/regexp.cpp.
-        * runtime/RegExp.h: Copied from kjs/regexp.h.
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/SmallStrings.h:
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        * runtime/StructureID.cpp:
-        * runtime/StructureID.h:
-        * runtime/StructureIDTransitionTable.h:
-        * runtime/SymbolTable.h:
-        * runtime/TypeInfo.h: Copied from kjs/TypeInfo.h.
-        * runtime/UString.cpp: Copied from kjs/ustring.cpp.
-        * runtime/UString.h: Copied from kjs/ustring.h.
-        * wrec/CharacterClassConstructor.h:
-        * wrec/WREC.h:
-
-2008-11-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Suggested by Darin Adler.
-        
-        Removed two copy constructors that the compiler can generate for us
-        automatically.
-
-        * VM/LabelID.h:
-        (JSC::LabelID::setLocation):
-        (JSC::LabelID::offsetFrom):
-        (JSC::LabelID::ref):
-        (JSC::LabelID::refCount):
-        * kjs/LabelScope.h:
-
-2008-11-05  Anders Carlsson  <andersca@apple.com>
-
-        Fix Snow Leopard build.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-11-04  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Steve Falkenburg.
-
-        Move dtoa.cpp and dtoa.h to the WTF Visual Studio project to reflect
-        their movement in the filesystem.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2008-11-04  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Move kjs/dtoa.h to the wtf subdirectory of JavaScriptCore.
-
-        * AllInOneFile.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/dtoa.cpp: Removed.
-        * kjs/dtoa.h: Removed.
-        * wtf/dtoa.cpp: Copied from kjs/dtoa.cpp.
-        * wtf/dtoa.h: Copied from kjs/dtoa.h.
-
-2008-11-04  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Move kjs/config.h to the top level of JavaScriptCore.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * config.h: Copied from kjs/config.h.
-        * kjs/config.h: Removed.
-
-2008-11-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        * wtf/ThreadingNone.cpp: Tweak formatting.
-
-2008-11-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=22061
-          create script to check for exit-time destructors
-
-        * JavaScriptCore.exp: Changed to export functions rather than
-        a global for the atomically initialized static mutex.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added a script
-        phase that runs the check-for-exit-time-destructors script.
-
-        * wtf/MainThread.cpp:
-        (WTF::mainThreadFunctionQueueMutex): Changed to leak an object
-        rather than using an exit time destructor.
-        (WTF::functionQueue): Ditto.
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::cachedCollatorMutex): Ditto.
-
-        * wtf/Threading.h: Changed other platforms to share the Windows
-        approach where the mutex is internal and the functions are exported.
-        * wtf/ThreadingGtk.cpp:
-        (WTF::lockAtomicallyInitializedStaticMutex): Ditto.
-        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
-        * wtf/ThreadingNone.cpp:
-        (WTF::lockAtomicallyInitializedStaticMutex): Ditto.
-        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::threadMapMutex): Changed to leak an object rather than using
-        an exit time destructor.
-        (WTF::lockAtomicallyInitializedStaticMutex): Mutex change.
-        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
-        (WTF::threadMap): Changed to leak an object rather than using
-        an exit time destructor.
-        * wtf/ThreadingQt.cpp:
-        (WTF::lockAtomicallyInitializedStaticMutex): Mutex change.
-        (WTF::unlockAtomicallyInitializedStaticMutex): Ditto.
-        * wtf/ThreadingWin.cpp:
-        (WTF::lockAtomicallyInitializedStaticMutex): Added an assertion.
-
-2008-11-04  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Update
-        the location of JSStaticScopeObject.{cpp,h}.
-
-2008-11-04  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Move AllInOneFile.cpp to the top level of JavaScriptCore.
-
-        * AllInOneFile.cpp: Copied from kjs/AllInOneFile.cpp.
-        * GNUmakefile.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp: Removed.
-
-2008-11-04  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Alexey Proskuryakov.
-
-        Add NodeInfo.h to the JavaScriptCore Xcode project.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-11-03  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        Move more files into the runtime subdirectory of JavaScriptCore.
-
-        * API/JSBase.cpp:
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackFunction.cpp:
-        * API/JSClassRef.cpp:
-        * API/OpaqueJSString.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ArgList.cpp: Removed.
-        * kjs/ArgList.h: Removed.
-        * kjs/Arguments.cpp: Removed.
-        * kjs/Arguments.h: Removed.
-        * kjs/BatchedTransitionOptimizer.h: Removed.
-        * kjs/CollectorHeapIterator.h: Removed.
-        * kjs/CommonIdentifiers.cpp: Removed.
-        * kjs/CommonIdentifiers.h: Removed.
-        * kjs/ExecState.cpp: Removed.
-        * kjs/ExecState.h: Removed.
-        * kjs/GetterSetter.cpp: Removed.
-        * kjs/GetterSetter.h: Removed.
-        * kjs/InitializeThreading.cpp: Removed.
-        * kjs/InitializeThreading.h: Removed.
-        * kjs/JSActivation.cpp: Removed.
-        * kjs/JSActivation.h: Removed.
-        * kjs/JSGlobalData.cpp: Removed.
-        * kjs/JSGlobalData.h: Removed.
-        * kjs/JSLock.cpp: Removed.
-        * kjs/JSLock.h: Removed.
-        * kjs/JSStaticScopeObject.cpp: Removed.
-        * kjs/JSStaticScopeObject.h: Removed.
-        * kjs/JSType.h: Removed.
-        * kjs/PropertyNameArray.cpp: Removed.
-        * kjs/PropertyNameArray.h: Removed.
-        * kjs/ScopeChain.cpp: Removed.
-        * kjs/ScopeChain.h: Removed.
-        * kjs/ScopeChainMark.h: Removed.
-        * kjs/SymbolTable.h: Removed.
-        * kjs/Tracing.d: Removed.
-        * kjs/Tracing.h: Removed.
-        * runtime/ArgList.cpp: Copied from kjs/ArgList.cpp.
-        * runtime/ArgList.h: Copied from kjs/ArgList.h.
-        * runtime/Arguments.cpp: Copied from kjs/Arguments.cpp.
-        * runtime/Arguments.h: Copied from kjs/Arguments.h.
-        * runtime/BatchedTransitionOptimizer.h: Copied from kjs/BatchedTransitionOptimizer.h.
-        * runtime/CollectorHeapIterator.h: Copied from kjs/CollectorHeapIterator.h.
-        * runtime/CommonIdentifiers.cpp: Copied from kjs/CommonIdentifiers.cpp.
-        * runtime/CommonIdentifiers.h: Copied from kjs/CommonIdentifiers.h.
-        * runtime/ExecState.cpp: Copied from kjs/ExecState.cpp.
-        * runtime/ExecState.h: Copied from kjs/ExecState.h.
-        * runtime/GetterSetter.cpp: Copied from kjs/GetterSetter.cpp.
-        * runtime/GetterSetter.h: Copied from kjs/GetterSetter.h.
-        * runtime/InitializeThreading.cpp: Copied from kjs/InitializeThreading.cpp.
-        * runtime/InitializeThreading.h: Copied from kjs/InitializeThreading.h.
-        * runtime/JSActivation.cpp: Copied from kjs/JSActivation.cpp.
-        * runtime/JSActivation.h: Copied from kjs/JSActivation.h.
-        * runtime/JSGlobalData.cpp: Copied from kjs/JSGlobalData.cpp.
-        * runtime/JSGlobalData.h: Copied from kjs/JSGlobalData.h.
-        * runtime/JSLock.cpp: Copied from kjs/JSLock.cpp.
-        * runtime/JSLock.h: Copied from kjs/JSLock.h.
-        * runtime/JSStaticScopeObject.cpp: Copied from kjs/JSStaticScopeObject.cpp.
-        * runtime/JSStaticScopeObject.h: Copied from kjs/JSStaticScopeObject.h.
-        * runtime/JSType.h: Copied from kjs/JSType.h.
-        * runtime/PropertyNameArray.cpp: Copied from kjs/PropertyNameArray.cpp.
-        * runtime/PropertyNameArray.h: Copied from kjs/PropertyNameArray.h.
-        * runtime/ScopeChain.cpp: Copied from kjs/ScopeChain.cpp.
-        * runtime/ScopeChain.h: Copied from kjs/ScopeChain.h.
-        * runtime/ScopeChainMark.h: Copied from kjs/ScopeChainMark.h.
-        * runtime/SymbolTable.h: Copied from kjs/SymbolTable.h.
-        * runtime/Tracing.d: Copied from kjs/Tracing.d.
-        * runtime/Tracing.h: Copied from kjs/Tracing.h.
-
-2008-11-03  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Move #define to turn on dumping StructureID statistics to StructureID.cpp so that
-        turning it on does not require a full rebuild. 
-
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::dumpStatistics):
-        * runtime/StructureID.h:
-
-2008-11-03  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix warning when building on Darwin without JSC_MULTIPLE_THREADS
-        enabled.
-
-        * kjs/InitializeThreading.cpp:
-
-2008-11-02  Matt Lilek  <webkit@mattlilek.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 22042: REGRESSION(r38066): ASSERTION FAILED: source in CodeBlock
-        <https://bugs.webkit.org/show_bug.cgi?id=22042>
-
-        Rename parameter name to avoid ASSERT.
-
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-
-2008-11-02  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 22035: Remove the '_' suffix on constructor parameter names for structs
-        <https://bugs.webkit.org/show_bug.cgi?id=22035>
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::JSCallbackObjectData::JSCallbackObjectData):
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-        * wrec/WREC.h:
-        (JSC::Quantifier::Quantifier):
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Geoff Garen.
-
-        Rename SourceRange.h to SourceCode.h.
-
-        * API/JSBase.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CodeBlock.h:
-        * kjs/SourceCode.h: Copied from kjs/SourceRange.h.
-        * kjs/SourceRange.h: Removed.
-        * kjs/grammar.y:
-        * kjs/lexer.h:
-        * kjs/nodes.cpp:
-        (JSC::ForInNode::ForInNode):
-        * kjs/nodes.h:
-        (JSC::ThrowableExpressionData::setExceptionSourceCode):
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22019: Move JSC::Interpreter::shouldPrintExceptions() to WebCore::Console
-        <https://bugs.webkit.org/show_bug.cgi?id=22019>
-
-        The JSC::Interpreter::shouldPrintExceptions() function is not used at
-        all in JavaScriptCore, so it should be moved to WebCore::Console, its
-        only user.
-
-        * JavaScriptCore.exp:
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Remove the call to Interpreter::setShouldPrintExceptions() from the
-        GlobalObject constructor in the shell. The shouldPrintExceptions()
-        information is not used anywhere in JavaScriptCore, only in WebCore.
-
-        * kjs/Shell.cpp:
-        (GlobalObject::GlobalObject):
-
-2008-10-31  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wxMSW build fix.
-
-        * wtf/Threading.h:
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Move more files from the kjs subdirectory of JavaScriptCore to the
-        runtime subdirectory.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/RegExpConstructor.cpp: Removed.
-        * kjs/RegExpConstructor.h: Removed.
-        * kjs/RegExpMatchesArray.h: Removed.
-        * kjs/RegExpObject.cpp: Removed.
-        * kjs/RegExpObject.h: Removed.
-        * kjs/RegExpPrototype.cpp: Removed.
-        * kjs/RegExpPrototype.h: Removed.
-        * runtime/RegExpConstructor.cpp: Copied from kjs/RegExpConstructor.cpp.
-        * runtime/RegExpConstructor.h: Copied from kjs/RegExpConstructor.h.
-        * runtime/RegExpMatchesArray.h: Copied from kjs/RegExpMatchesArray.h.
-        * runtime/RegExpObject.cpp: Copied from kjs/RegExpObject.cpp.
-        * runtime/RegExpObject.h: Copied from kjs/RegExpObject.h.
-        * runtime/RegExpPrototype.cpp: Copied from kjs/RegExpPrototype.cpp.
-        * runtime/RegExpPrototype.h: Copied from kjs/RegExpPrototype.h.
-
-2008-10-31  Mark Rowe  <mrowe@apple.com>
-
-        Revert an incorrect portion of r38034.
-
-        * profiler/ProfilerServer.mm:
-
-2008-10-31  Mark Rowe  <mrowe@apple.com>
-
-        Fix the 64-bit build.
-
-        Disable strict aliasing in ProfilerServer.mm as it leads to the compiler being unhappy
-        with the common Obj-C idiom self = [super init];
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Change a header guard to match our coding style.
-
-        * kjs/InitializeThreading.h:
-
-2008-10-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed a small bit of https://bugs.webkit.org/show_bug.cgi?id=21962
-        AST uses way too much memory
-        
-        Removed a word from StatementNode by nixing LabelStack and turning it
-        into a compile-time data structure managed by CodeGenerator.
-        
-        v8 tests and SunSpider, run by Gavin, report no change.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.order:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp:
-        * JavaScriptCoreSources.bkl: I sure hope this builds!
-        
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::newLabelScope):
-        (JSC::CodeGenerator::breakTarget):
-        (JSC::CodeGenerator::continueTarget):
-        * VM/CodeGenerator.h: Nixed the JumpContext system because it depended
-        on a LabelStack in the AST, and it was a little cumbersome on the client
-        side. Replaced with LabelScope, which tracks all break / continue
-        information in the CodeGenerator, just like we track LabelIDs and other
-        stacks of compile-time data.
-
-        * kjs/LabelScope.h: Added.
-        (JSC::LabelScope::):
-        (JSC::LabelScope::LabelScope):
-        (JSC::LabelScope::ref):
-        (JSC::LabelScope::deref):
-        (JSC::LabelScope::refCount):
-        (JSC::LabelScope::breakTarget):
-        (JSC::LabelScope::continueTarget):
-        (JSC::LabelScope::type):
-        (JSC::LabelScope::name):
-        (JSC::LabelScope::scopeDepth): Simple abstraction for holding everything
-        you might want to know about a break-able / continue-able scope.
-
-        * kjs/LabelStack.cpp: Removed.
-        * kjs/LabelStack.h: Removed.
-
-        * kjs/grammar.y: No need to push labels at parse time -- we don't store
-        LabelStacks in the AST anymore.
-
-        * kjs/nodes.cpp:
-        (JSC::DoWhileNode::emitCode):
-        (JSC::WhileNode::emitCode):
-        (JSC::ForNode::emitCode):
-        (JSC::ForInNode::emitCode):
-        (JSC::ContinueNode::emitCode):
-        (JSC::BreakNode::emitCode):
-        (JSC::SwitchNode::emitCode):
-        (JSC::LabelNode::emitCode):
-        * kjs/nodes.h:
-        (JSC::StatementNode::):
-        (JSC::LabelNode::): Use LabelScope where we used to use JumpContext.
-        Simplified a bunch of code. Touched up label-related error messages a
-        bit.
-
-        * kjs/nodes2string.cpp:
-        (JSC::LabelNode::streamTo): Updated for rename.
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 22005: Move StructureIDChain into its own file
-        <https://bugs.webkit.org/show_bug.cgi?id=22005>
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * runtime/StructureID.cpp:
-        * runtime/StructureID.h:
-        * runtime/StructureIDChain.cpp: Copied from runtime/StructureID.cpp.
-        * runtime/StructureIDChain.h: Copied from runtime/StructureID.h.
-
-2008-10-31  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2008-10-31  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-10-31  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        - fix storage leak seen on buildbot
-
-        Some other cleanup too. The storage leak was caused by the fact
-        that HashTraits<CallIdentifier>::needsDestruction was false, so
-        the call identifier objects didn't get deleted.
-
-        * profiler/CallIdentifier.h:
-        
-        Added a default constructor to create empty call identifiers.
-
-        Changed the normal constructor to use const UString&
-        to avoid extra copying and reference count thrash.
-        
-        Removed the explicit copy constructor definition, since it's what
-        the compiler will automatically generate. (Rule of thumb: Either
-        you need both a custom copy constructor and a custom assignment
-        operator, or neither.)
-
-        Moved the CallIdentifier hash function out of the WTF namespace;
-        there's no reason to put it there.
-
-        Changed the CallIdentifier hash function to be a struct rather than
-        a specialization of the IntHash struct template. Having it be
-        a specialization made no sense, since CallIdentifier is not an integer,
-        and did no good.
-
-        Removed explicit definition of emptyValueIsZero in the hash traits,
-        since inheriting from GenericHashTraits already makes that false.
-
-        Removed explicit definition of emptyValue, instead relying on the
-        default constructor and GenericHashTraits.
-
-        Removed explicit definition of needsDestruction, because we want it
-        to have its default value: true, not false. This fixes the leak!
-
-        Changed constructDeletedValue and isDeletedValue to use a line number
-        of numeric_limits<unsigned>::max() to indicate a value is deleted.
-        Previously this used empty strings for the empty value and null strings
-        for the deleted value, but it's more efficient to use null for both.
-
-2008-10-31  Timothy Hatcher  <timothy@apple.com>
-
-        Emit the WillExecuteStatement debugger hook before the for loop body
-        when the statement node for the body isn't a block. This allows
-        breakpoints on those statements in the Web Inspector.
-
-        https://bugs.webkit.org/show_bug.cgi?id=22004
-
-        Reviewed by Darin Adler.
-
-        * kjs/nodes.cpp:
-        (JSC::ForNode::emitCode): Emit the WillExecuteStatement
-        debugger hook before the statement node if isn't a block.
-        Also emit the WillExecuteStatement debugger hook for the
-        loop as the first op-code.
-        (JSC::ForInNode::emitCode): Ditto.
-
-2008-10-31  Timothy Hatcher  <timothy@apple.com>
-
-        Fixes console warnings about not having an autorelease pool.
-        Also fixes the build for Snow Leopard, by including individual
-        Foundation headers instead of Foundation.h.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21995
-
-        Reviewed by Oliver Hunt.
-
-        * profiler/ProfilerServer.mm:
-        (-[ProfilerServer init]): Create a NSAutoreleasePool and drain it.
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Speculative wxWindows build fix.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        Move VM/JSPropertyNameIterator.cpp and VM/JSPropertyNameIterator.h to
-        the runtime directory.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * VM/JSPropertyNameIterator.cpp: Removed.
-        * VM/JSPropertyNameIterator.h: Removed.
-        * runtime/JSPropertyNameIterator.cpp: Copied from VM/JSPropertyNameIterator.cpp.
-        * runtime/JSPropertyNameIterator.h: Copied from VM/JSPropertyNameIterator.h.
-
-2008-10-31  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Speculative wxWindows build fix.
-
-        * jscore.bkl:
-
-2008-10-30  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Jon Homeycutt.
-
-        Explicitly default to building for only the native architecture in debug and release builds.
-
-        * Configurations/DebugRelease.xcconfig:
-
-2008-10-30  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Create a debugger directory in JavaScriptCore and move the relevant
-        files to it.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CodeBlock.cpp:
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        * debugger: Added.
-        * debugger/Debugger.cpp: Copied from kjs/debugger.cpp.
-        * debugger/Debugger.h: Copied from kjs/debugger.h.
-        * debugger/DebuggerCallFrame.cpp: Copied from kjs/DebuggerCallFrame.cpp.
-        * debugger/DebuggerCallFrame.h: Copied from kjs/DebuggerCallFrame.h.
-        * kjs/AllInOneFile.cpp:
-        * kjs/DebuggerCallFrame.cpp: Removed.
-        * kjs/DebuggerCallFrame.h: Removed.
-        * kjs/Parser.cpp:
-        * kjs/Parser.h:
-        * kjs/debugger.cpp: Removed.
-        * kjs/debugger.h: Removed.
-        * kjs/interpreter.cpp:
-        * kjs/nodes.cpp:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/JSGlobalObject.cpp:
-
-2008-10-30  Benjamin K. Stuhl  <bks24@cornell.edu>
-
-        gcc 4.3.3/linux-x86 generates "suggest parentheses around && within ||"
-        warnings; add some parentheses to disambiguate things. No functional
-        changes, so no tests.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21973
-        Add parentheses to clean up some gcc warnings
-
-        Reviewed by Dan Bernstein.
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIAlphanumeric):
-        (WTF::isASCIIHexDigit):
-
-2008-10-30  Kevin Lindeman  <klindeman@apple.com>
-
-        Adds ProfilerServer, which is a distributed notification listener
-        that allows starting and stopping the profiler remotely for use
-        in conjunction with the profiler's DTace probes.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21719
-
-        Reviewed by Timothy Hatcher.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Calls startProfilerServerIfNeeded.
-        * profiler/ProfilerServer.h: Added.
-        * profiler/ProfilerServer.mm: Added.
-        (+[ProfilerServer sharedProfileServer]):
-        (-[ProfilerServer init]):
-        (-[ProfilerServer startProfiling]):
-        (-[ProfilerServer stopProfiling]):
-        (JSC::startProfilerServerIfNeeded):
-
-2008-10-30  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix after PropertyMap and StructureID merge.
-
-        * JavaScriptCoreSources.bkl:
-
-2008-10-30  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Change the JavaScriptCore Xcode project to use relative paths for the
-        PCRE source files.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-10-30  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich and Geoffrey Garen.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21989
-        Merge PropertyMap and StructureID
-
-        - Move PropertyMap code into StructureID in preparation for lazily
-          creating the map on gets.
-        - Make remove with transition explicit by adding removePropertyTransition.
-        - Make the put/remove without transition explicit.
-        - Make cache invalidation part of put/remove without transition.
-
-        1% speedup on SunSpider; 0.5% speedup on v8 suite.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/identifier.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::removeDirect):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirect):
-        * runtime/PropertyMap.cpp: Removed.
-        * runtime/PropertyMap.h: Removed.
-        * runtime/PropertyMapHashTable.h: Copied from runtime/PropertyMap.h.
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::dumpStatistics):
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::~StructureID):
-        (JSC::StructureID::getEnumerablePropertyNames):
-        (JSC::StructureID::addPropertyTransition):
-        (JSC::StructureID::removePropertyTransition):
-        (JSC::StructureID::toDictionaryTransition):
-        (JSC::StructureID::changePrototypeTransition):
-        (JSC::StructureID::getterSetterTransition):
-        (JSC::StructureID::addPropertyWithoutTransition):
-        (JSC::StructureID::removePropertyWithoutTransition):
-        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
-        (JSC::StructureID::checkConsistency):
-        (JSC::StructureID::copyPropertyTable):
-        (JSC::StructureID::get):
-        (JSC::StructureID::put):
-        (JSC::StructureID::remove):
-        (JSC::StructureID::insertIntoPropertyMapHashTable):
-        (JSC::StructureID::expandPropertyMapHashTable):
-        (JSC::StructureID::createPropertyMapHashTable):
-        (JSC::StructureID::rehashPropertyMapHashTable):
-        (JSC::comparePropertyMapEntryIndices):
-        (JSC::StructureID::getEnumerablePropertyNamesInternal):
-        * runtime/StructureID.h:
-        (JSC::StructureID::propertyStorageSize):
-        (JSC::StructureID::isEmpty):
-        (JSC::StructureID::get):
-
-2008-10-30  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 21987: CTI::putDoubleResultToJSNumberCellOrJSImmediate() hardcodes its result register
-        <https://bugs.webkit.org/show_bug.cgi?id=21987>
-
-        CTI::putDoubleResultToJSNumberCellOrJSImmediate() hardcodes its result
-        register as ecx, but it should be tempReg1, which is ecx at all of its
-        callsites.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::putDoubleResultToJSNumberCellOrJSImmediate):
-
-2008-10-30  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 21985: Opcodes should use eax as their destination register whenever possible
-        <https://bugs.webkit.org/show_bug.cgi?id=21985>
-
-        Change more opcodes to use eax as the register for their final result,
-        and change calls to emitPutResult() that pass eax to rely on the default
-        value of eax.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-
-2008-10-30  Alp Toker  <alp@nuanti.com>
-
-        Build fix attempt for older gcc on the trunk-mac-intel build bot
-        (error: initializer for scalar variable requires one element).
-
-        Modify the initializer syntax slightly with an additional comma.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_post_dec):
-
-2008-10-30  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21571
-        VoidPtrPair breaks CTI on Linux
-
-        The VoidPtrPair return change made in r37457 does not work on Linux
-        since POD structs aren't passed in registers.
-
-        This patch uses a union to vectorize VoidPtrPair to a uint64_t and
-        matches Darwin/MSVC fixing CTI/WREC on Linux.
-
-        Alexey reports no measurable change in Mac performance with this fix.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_post_dec):
-        * VM/Machine.h:
-        (JSC::):
-
-2008-10-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Initial work to reduce cost of JSNumberCell allocation
-
-        This does the initial work needed to bring more of number
-        allocation into CTI code directly, rather than just falling
-        back onto the slow paths if we can't guarantee that a number
-        cell can be reused.
-
-        Initial implementation only used by op_negate to make sure
-        it all works.  In a negate heavy (though not dominated) test
-        it results in a 10% win in the non-reusable cell case.
-
-        * VM/CTI.cpp:
-        (JSC::):
-        (JSC::CTI::emitAllocateNumber):
-        (JSC::CTI::emitNakedFastCall):
-        (JSC::CTI::emitArithIntToImmWithJump):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitUnaryOp):
-        * VM/CodeGenerator.h:
-        (JSC::CodeGenerator::emitToJSNumber):
-        (JSC::CodeGenerator::emitTypeOf):
-        (JSC::CodeGenerator::emitGetPropertyNames):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        * VM/Machine.h:
-        * kjs/ResultType.h:
-        (JSC::ResultType::isReusableNumber):
-        (JSC::ResultType::toInt):
-        * kjs/nodes.cpp:
-        (JSC::UnaryOpNode::emitCode):
-        (JSC::BinaryOpNode::emitCode):
-        (JSC::EqualNode::emitCode):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::negl_r):
-        (JSC::X86Assembler::xorpd_mr):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::JSNumberCell):
-
-2008-10-29  Steve Falkenburg  <sfalken@apple.com>
-
-        <rdar://problem/6326563> Crash on launch
-
-        For Windows, export explicit functions rather than exporting data for atomicallyInitializedStaticMutex.
-        
-        Exporting data from a DLL on Windows requires specifying __declspec(dllimport) in the header used by
-        callers, but __declspec(dllexport) when defined in the DLL implementation. By instead exporting
-        the explicit lock/unlock functions, we can avoid this.
-        
-        Fixes a crash on launch, since we were previously erroneously exporting atomicallyInitializedStaticMutex as a function.
-        
-        Reviewed by Darin Adler.
-
-        * wtf/Threading.h:
-        (WTF::lockAtomicallyInitializedStaticMutex):
-        (WTF::unlockAtomicallyInitializedStaticMutex):
-        * wtf/ThreadingWin.cpp:
-        (WTF::lockAtomicallyInitializedStaticMutex):
-        (WTF::unlockAtomicallyInitializedStaticMutex):
-
-2008-10-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Remove direct use of PropertyMap.
-
-        * JavaScriptCore.exp:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::mark):
-        (JSC::JSObject::put):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::getPropertyAttributes):
-        (JSC::JSObject::removeDirect):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::hasCustomProperties):
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::putDirect):
-        * runtime/PropertyMap.cpp:
-        (JSC::PropertyMap::get):
-        * runtime/PropertyMap.h:
-        (JSC::PropertyMap::isEmpty):
-        (JSC::PropertyMap::get):
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::dumpStatistics):
-        * runtime/StructureID.h:
-        (JSC::StructureID::propertyStorageSize):
-        (JSC::StructureID::get):
-        (JSC::StructureID::put):
-        (JSC::StructureID::remove):
-        (JSC::StructureID::isEmpty):
-
-2008-10-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Rename and move the StructureID transition table to its own file.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::addPropertyTransition):
-        * runtime/StructureID.h:
-        (JSC::StructureID::):
-        * runtime/StructureIDTransitionTable.h: Copied from runtime/StructureID.h.
-        (JSC::StructureIDTransitionTableHash::hash):
-        (JSC::StructureIDTransitionTableHash::equal):
-
-2008-10-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21958
-        Pack bits in StructureID to reduce the size of each StructureID by 2 words.
-
-        * runtime/PropertyMap.h:
-        (JSC::PropertyMap::propertyMapSize):
-        * runtime/StructureID.cpp:
-        (JSC::StructureID::dumpStatistics): Add additional size statistics when dumping.
-        (JSC::StructureID::StructureID):
-        * runtime/StructureID.h:
-
-2008-10-29  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fixes after addition of runtime and ImageBuffer changes.
-
-        * JavaScriptCoreSources.bkl:
-        * jscore.bkl:
-
-2008-10-29  Timothy Hatcher  <timothy@apple.com>
-
-        Emit the WillExecuteStatement debugger hook before the "else" body
-        when there is no block for the "else" body. This allows breakpoints
-        on those statements in the Web Inspector.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21944
-
-        Reviewed by Maciej Stachowiak.
-
-        * kjs/nodes.cpp:
-        (JSC::IfElseNode::emitCode): Emit the WillExecuteStatement
-        debugger hook before the else node if isn't a block.
-
-2008-10-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Build fix.
-
-        * JavaScriptCore.exp: Export HashTable::deleteTable().
-
-2008-10-28  Alp Toker  <alp@nuanti.com>
-
-        Fix builddir != srcdir builds after kjs -> runtime breakage. Sources
-        may now be generated in both kjs/ and runtime/.
-
-        Also sort the sources list for readability.
-
-        * GNUmakefile.am:
-
-2008-10-28  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Build fix attempt after kjs -> runtime rename.
-
-        * GNUmakefile.am:
-
-2008-10-28  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Remove a duplicate includes directory.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-10-28  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Attempt to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2008-10-28  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        - export WTF::atomicallyInitializedStaticMutex
-
-        * JavaScriptCore.exp:
-
-2008-10-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed CodeBlock dumping to accurately report constant register indices.
-
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-
-2008-10-28  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        More Qt build fixes.
-
-        * JavaScriptCore.pri:
-
-2008-10-28  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Fix the Qt build, hopefully for real this time.
-
-        * JavaScriptCore.pri:
-
-2008-10-28  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Fix the Qt build.
-
-        * JavaScriptCore.pri:
-
-2008-10-28  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-10-28  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Create a runtime directory in JavaScriptCore and begin moving files to
-        it. This is the first step towards removing the kjs directory and
-        placing files in more meaningful subdirectories of JavaScriptCore.
-
-        * API/JSBase.cpp:
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSClassRef.cpp:
-        * API/JSClassRef.h:
-        * API/JSStringRefCF.cpp:
-        * API/JSValueRef.cpp:
-        * API/OpaqueJSString.cpp:
-        * DerivedSources.make:
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/AllInOneFile.cpp:
-        * kjs/ArrayConstructor.cpp: Removed.
-        * kjs/ArrayConstructor.h: Removed.
-        * kjs/ArrayPrototype.cpp: Removed.
-        * kjs/ArrayPrototype.h: Removed.
-        * kjs/BooleanConstructor.cpp: Removed.
-        * kjs/BooleanConstructor.h: Removed.
-        * kjs/BooleanObject.cpp: Removed.
-        * kjs/BooleanObject.h: Removed.
-        * kjs/BooleanPrototype.cpp: Removed.
-        * kjs/BooleanPrototype.h: Removed.
-        * kjs/CallData.cpp: Removed.
-        * kjs/CallData.h: Removed.
-        * kjs/ClassInfo.h: Removed.
-        * kjs/ConstructData.cpp: Removed.
-        * kjs/ConstructData.h: Removed.
-        * kjs/DateConstructor.cpp: Removed.
-        * kjs/DateConstructor.h: Removed.
-        * kjs/DateInstance.cpp: Removed.
-        * kjs/DateInstance.h: Removed.
-        * kjs/DateMath.cpp: Removed.
-        * kjs/DateMath.h: Removed.
-        * kjs/DatePrototype.cpp: Removed.
-        * kjs/DatePrototype.h: Removed.
-        * kjs/Error.cpp: Removed.
-        * kjs/Error.h: Removed.
-        * kjs/ErrorConstructor.cpp: Removed.
-        * kjs/ErrorConstructor.h: Removed.
-        * kjs/ErrorInstance.cpp: Removed.
-        * kjs/ErrorInstance.h: Removed.
-        * kjs/ErrorPrototype.cpp: Removed.
-        * kjs/ErrorPrototype.h: Removed.
-        * kjs/FunctionConstructor.cpp: Removed.
-        * kjs/FunctionConstructor.h: Removed.
-        * kjs/FunctionPrototype.cpp: Removed.
-        * kjs/FunctionPrototype.h: Removed.
-        * kjs/GlobalEvalFunction.cpp: Removed.
-        * kjs/GlobalEvalFunction.h: Removed.
-        * kjs/InternalFunction.cpp: Removed.
-        * kjs/InternalFunction.h: Removed.
-        * kjs/JSArray.cpp: Removed.
-        * kjs/JSArray.h: Removed.
-        * kjs/JSCell.cpp: Removed.
-        * kjs/JSCell.h: Removed.
-        * kjs/JSFunction.cpp: Removed.
-        * kjs/JSFunction.h: Removed.
-        * kjs/JSGlobalObject.cpp: Removed.
-        * kjs/JSGlobalObject.h: Removed.
-        * kjs/JSGlobalObjectFunctions.cpp: Removed.
-        * kjs/JSGlobalObjectFunctions.h: Removed.
-        * kjs/JSImmediate.cpp: Removed.
-        * kjs/JSImmediate.h: Removed.
-        * kjs/JSNotAnObject.cpp: Removed.
-        * kjs/JSNotAnObject.h: Removed.
-        * kjs/JSNumberCell.cpp: Removed.
-        * kjs/JSNumberCell.h: Removed.
-        * kjs/JSObject.cpp: Removed.
-        * kjs/JSObject.h: Removed.
-        * kjs/JSString.cpp: Removed.
-        * kjs/JSString.h: Removed.
-        * kjs/JSValue.cpp: Removed.
-        * kjs/JSValue.h: Removed.
-        * kjs/JSVariableObject.cpp: Removed.
-        * kjs/JSVariableObject.h: Removed.
-        * kjs/JSWrapperObject.cpp: Removed.
-        * kjs/JSWrapperObject.h: Removed.
-        * kjs/MathObject.cpp: Removed.
-        * kjs/MathObject.h: Removed.
-        * kjs/NativeErrorConstructor.cpp: Removed.
-        * kjs/NativeErrorConstructor.h: Removed.
-        * kjs/NativeErrorPrototype.cpp: Removed.
-        * kjs/NativeErrorPrototype.h: Removed.
-        * kjs/NumberConstructor.cpp: Removed.
-        * kjs/NumberConstructor.h: Removed.
-        * kjs/NumberObject.cpp: Removed.
-        * kjs/NumberObject.h: Removed.
-        * kjs/NumberPrototype.cpp: Removed.
-        * kjs/NumberPrototype.h: Removed.
-        * kjs/ObjectConstructor.cpp: Removed.
-        * kjs/ObjectConstructor.h: Removed.
-        * kjs/ObjectPrototype.cpp: Removed.
-        * kjs/ObjectPrototype.h: Removed.
-        * kjs/PropertyMap.cpp: Removed.
-        * kjs/PropertyMap.h: Removed.
-        * kjs/PropertySlot.cpp: Removed.
-        * kjs/PropertySlot.h: Removed.
-        * kjs/PrototypeFunction.cpp: Removed.
-        * kjs/PrototypeFunction.h: Removed.
-        * kjs/PutPropertySlot.h: Removed.
-        * kjs/SmallStrings.cpp: Removed.
-        * kjs/SmallStrings.h: Removed.
-        * kjs/StringConstructor.cpp: Removed.
-        * kjs/StringConstructor.h: Removed.
-        * kjs/StringObject.cpp: Removed.
-        * kjs/StringObject.h: Removed.
-        * kjs/StringObjectThatMasqueradesAsUndefined.h: Removed.
-        * kjs/StringPrototype.cpp: Removed.
-        * kjs/StringPrototype.h: Removed.
-        * kjs/StructureID.cpp: Removed.
-        * kjs/StructureID.h: Removed.
-        * kjs/completion.h:
-        * kjs/interpreter.h:
-        * runtime: Added.
-        * runtime/ArrayConstructor.cpp: Copied from kjs/ArrayConstructor.cpp.
-        * runtime/ArrayConstructor.h: Copied from kjs/ArrayConstructor.h.
-        * runtime/ArrayPrototype.cpp: Copied from kjs/ArrayPrototype.cpp.
-        * runtime/ArrayPrototype.h: Copied from kjs/ArrayPrototype.h.
-        * runtime/BooleanConstructor.cpp: Copied from kjs/BooleanConstructor.cpp.
-        * runtime/BooleanConstructor.h: Copied from kjs/BooleanConstructor.h.
-        * runtime/BooleanObject.cpp: Copied from kjs/BooleanObject.cpp.
-        * runtime/BooleanObject.h: Copied from kjs/BooleanObject.h.
-        * runtime/BooleanPrototype.cpp: Copied from kjs/BooleanPrototype.cpp.
-        * runtime/BooleanPrototype.h: Copied from kjs/BooleanPrototype.h.
-        * runtime/CallData.cpp: Copied from kjs/CallData.cpp.
-        * runtime/CallData.h: Copied from kjs/CallData.h.
-        * runtime/ClassInfo.h: Copied from kjs/ClassInfo.h.
-        * runtime/ConstructData.cpp: Copied from kjs/ConstructData.cpp.
-        * runtime/ConstructData.h: Copied from kjs/ConstructData.h.
-        * runtime/DateConstructor.cpp: Copied from kjs/DateConstructor.cpp.
-        * runtime/DateConstructor.h: Copied from kjs/DateConstructor.h.
-        * runtime/DateInstance.cpp: Copied from kjs/DateInstance.cpp.
-        * runtime/DateInstance.h: Copied from kjs/DateInstance.h.
-        * runtime/DateMath.cpp: Copied from kjs/DateMath.cpp.
-        * runtime/DateMath.h: Copied from kjs/DateMath.h.
-        * runtime/DatePrototype.cpp: Copied from kjs/DatePrototype.cpp.
-        * runtime/DatePrototype.h: Copied from kjs/DatePrototype.h.
-        * runtime/Error.cpp: Copied from kjs/Error.cpp.
-        * runtime/Error.h: Copied from kjs/Error.h.
-        * runtime/ErrorConstructor.cpp: Copied from kjs/ErrorConstructor.cpp.
-        * runtime/ErrorConstructor.h: Copied from kjs/ErrorConstructor.h.
-        * runtime/ErrorInstance.cpp: Copied from kjs/ErrorInstance.cpp.
-        * runtime/ErrorInstance.h: Copied from kjs/ErrorInstance.h.
-        * runtime/ErrorPrototype.cpp: Copied from kjs/ErrorPrototype.cpp.
-        * runtime/ErrorPrototype.h: Copied from kjs/ErrorPrototype.h.
-        * runtime/FunctionConstructor.cpp: Copied from kjs/FunctionConstructor.cpp.
-        * runtime/FunctionConstructor.h: Copied from kjs/FunctionConstructor.h.
-        * runtime/FunctionPrototype.cpp: Copied from kjs/FunctionPrototype.cpp.
-        * runtime/FunctionPrototype.h: Copied from kjs/FunctionPrototype.h.
-        * runtime/GlobalEvalFunction.cpp: Copied from kjs/GlobalEvalFunction.cpp.
-        * runtime/GlobalEvalFunction.h: Copied from kjs/GlobalEvalFunction.h.
-        * runtime/InternalFunction.cpp: Copied from kjs/InternalFunction.cpp.
-        * runtime/InternalFunction.h: Copied from kjs/InternalFunction.h.
-        * runtime/JSArray.cpp: Copied from kjs/JSArray.cpp.
-        * runtime/JSArray.h: Copied from kjs/JSArray.h.
-        * runtime/JSCell.cpp: Copied from kjs/JSCell.cpp.
-        * runtime/JSCell.h: Copied from kjs/JSCell.h.
-        * runtime/JSFunction.cpp: Copied from kjs/JSFunction.cpp.
-        * runtime/JSFunction.h: Copied from kjs/JSFunction.h.
-        * runtime/JSGlobalObject.cpp: Copied from kjs/JSGlobalObject.cpp.
-        * runtime/JSGlobalObject.h: Copied from kjs/JSGlobalObject.h.
-        * runtime/JSGlobalObjectFunctions.cpp: Copied from kjs/JSGlobalObjectFunctions.cpp.
-        * runtime/JSGlobalObjectFunctions.h: Copied from kjs/JSGlobalObjectFunctions.h.
-        * runtime/JSImmediate.cpp: Copied from kjs/JSImmediate.cpp.
-        * runtime/JSImmediate.h: Copied from kjs/JSImmediate.h.
-        * runtime/JSNotAnObject.cpp: Copied from kjs/JSNotAnObject.cpp.
-        * runtime/JSNotAnObject.h: Copied from kjs/JSNotAnObject.h.
-        * runtime/JSNumberCell.cpp: Copied from kjs/JSNumberCell.cpp.
-        * runtime/JSNumberCell.h: Copied from kjs/JSNumberCell.h.
-        * runtime/JSObject.cpp: Copied from kjs/JSObject.cpp.
-        * runtime/JSObject.h: Copied from kjs/JSObject.h.
-        * runtime/JSString.cpp: Copied from kjs/JSString.cpp.
-        * runtime/JSString.h: Copied from kjs/JSString.h.
-        * runtime/JSValue.cpp: Copied from kjs/JSValue.cpp.
-        * runtime/JSValue.h: Copied from kjs/JSValue.h.
-        * runtime/JSVariableObject.cpp: Copied from kjs/JSVariableObject.cpp.
-        * runtime/JSVariableObject.h: Copied from kjs/JSVariableObject.h.
-        * runtime/JSWrapperObject.cpp: Copied from kjs/JSWrapperObject.cpp.
-        * runtime/JSWrapperObject.h: Copied from kjs/JSWrapperObject.h.
-        * runtime/MathObject.cpp: Copied from kjs/MathObject.cpp.
-        * runtime/MathObject.h: Copied from kjs/MathObject.h.
-        * runtime/NativeErrorConstructor.cpp: Copied from kjs/NativeErrorConstructor.cpp.
-        * runtime/NativeErrorConstructor.h: Copied from kjs/NativeErrorConstructor.h.
-        * runtime/NativeErrorPrototype.cpp: Copied from kjs/NativeErrorPrototype.cpp.
-        * runtime/NativeErrorPrototype.h: Copied from kjs/NativeErrorPrototype.h.
-        * runtime/NumberConstructor.cpp: Copied from kjs/NumberConstructor.cpp.
-        * runtime/NumberConstructor.h: Copied from kjs/NumberConstructor.h.
-        * runtime/NumberObject.cpp: Copied from kjs/NumberObject.cpp.
-        * runtime/NumberObject.h: Copied from kjs/NumberObject.h.
-        * runtime/NumberPrototype.cpp: Copied from kjs/NumberPrototype.cpp.
-        * runtime/NumberPrototype.h: Copied from kjs/NumberPrototype.h.
-        * runtime/ObjectConstructor.cpp: Copied from kjs/ObjectConstructor.cpp.
-        * runtime/ObjectConstructor.h: Copied from kjs/ObjectConstructor.h.
-        * runtime/ObjectPrototype.cpp: Copied from kjs/ObjectPrototype.cpp.
-        * runtime/ObjectPrototype.h: Copied from kjs/ObjectPrototype.h.
-        * runtime/PropertyMap.cpp: Copied from kjs/PropertyMap.cpp.
-        * runtime/PropertyMap.h: Copied from kjs/PropertyMap.h.
-        * runtime/PropertySlot.cpp: Copied from kjs/PropertySlot.cpp.
-        * runtime/PropertySlot.h: Copied from kjs/PropertySlot.h.
-        * runtime/PrototypeFunction.cpp: Copied from kjs/PrototypeFunction.cpp.
-        * runtime/PrototypeFunction.h: Copied from kjs/PrototypeFunction.h.
-        * runtime/PutPropertySlot.h: Copied from kjs/PutPropertySlot.h.
-        * runtime/SmallStrings.cpp: Copied from kjs/SmallStrings.cpp.
-        * runtime/SmallStrings.h: Copied from kjs/SmallStrings.h.
-        * runtime/StringConstructor.cpp: Copied from kjs/StringConstructor.cpp.
-        * runtime/StringConstructor.h: Copied from kjs/StringConstructor.h.
-        * runtime/StringObject.cpp: Copied from kjs/StringObject.cpp.
-        * runtime/StringObject.h: Copied from kjs/StringObject.h.
-        * runtime/StringObjectThatMasqueradesAsUndefined.h: Copied from kjs/StringObjectThatMasqueradesAsUndefined.h.
-        * runtime/StringPrototype.cpp: Copied from kjs/StringPrototype.cpp.
-        * runtime/StringPrototype.h: Copied from kjs/StringPrototype.h.
-        * runtime/StructureID.cpp: Copied from kjs/StructureID.cpp.
-        * runtime/StructureID.h: Copied from kjs/StructureID.h.
-
-2008-10-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=21919
-        Sampler reports bogus time in op_enter during 3d-raytrace.js
-        
-        Fixed a bug where we would pass the incorrect Instruction* during some
-        parts of CTI codegen.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/SamplingTool.cpp:
-        (JSC::SamplingTool::run):
-        * wtf/Platform.h:
-
-2008-10-28  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        -Removed unused includes.
-        Apparent .4% speedup in Sunspider
-
-        * kjs/JSObject.cpp:
-        * kjs/interpreter.cpp:
-
-2008-10-28  Alp Toker  <alp@nuanti.com>
-
-        Include copyright license files in the autotools dist target.
-
-        Change suggested by Mike Hommey.
-
-        * GNUmakefile.am:
-
-2008-10-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Stop discarding CodeBlock samples that can't be charged to a specific
-        opcode. Instead, charge the relevant CodeBlock, and provide a footnote
-        explaining the situation.
-        
-        This will help us tell which CodeBlocks are hot, even if we can't
-        identify specific lines of code within the CodeBlocks.
-
-        * VM/SamplingTool.cpp:
-        (JSC::ScopeSampleRecord::sample):
-        (JSC::compareScopeSampleRecords):
-        (JSC::SamplingTool::dump):
-
-        * VM/SamplingTool.h:
-        (JSC::ScopeSampleRecord::ScopeSampleRecord):
-        (JSC::ScopeSampleRecord::~ScopeSampleRecord):
-
-2008-10-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added a mutex around the SamplingTool's ScopeNode* map, to solve a crash
-        when sampling the v8 tests.
-
-        * VM/SamplingTool.cpp:
-        (JSC::SamplingTool::run):
-        (JSC::SamplingTool::notifyOfScope):
-        * VM/SamplingTool.h: Since new ScopeNodes can be created after
-        the SamplingTools has begun sampling, reads and writes to / from the
-        map need to be synchronized. Shark says this doesn't measurably increase
-        sampling overhead.
-
-2008-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute): Provide a dummy value to the
-        HostCallRecord in CTI non-sampling builds, to silence compiler warning.
-
-2008-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Windows build.
-
-        * VM/SamplingTool.h:
-        (JSC::SamplingTool::encodeSample): Explicitly cast bool to int, to
-        silence compiler warning.
-
-2008-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig, with Gavin Barraclough's help.
-        
-        Fixed Sampling Tool:
-            - Made CodeBlock sampling work with CTI
-            - Improved accuracy by unifying most sampling data into a single
-              32bit word, which can be written / read atomically.
-            - Split out three different #ifdefs for modularity: OPCODE_SAMPLING;
-              CODEBLOCK_SAMPLING; OPCODE_STATS.
-            - Improved reporting clarity
-            - Refactored for code clarity
-
-        * JavaScriptCore.exp: Exported another symbol.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        * VM/CTI.h: Updated CTI codegen to use the unified SamplingTool interface
-        for encoding samples. (This required passing the current vPC to a lot
-        more functions, since the unified interface samples the current vPC.)
-        Added hooks for writing the current CodeBlock* on function entry and
-        after a function call, for the sake of the CodeBlock sampler. Removed
-        obsolete hook for clearing the current sample inside op_end. Also removed
-        the custom enum used to differentiate flavors of op_call, since the
-        OpcodeID enum works just as well. (This was important in an earlier
-        version of the patch, but now it's just cleanup.)
-
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::lineNumberForVPC):
-        * VM/CodeBlock.h: Upated for refactored #ifdefs. Changed lineNumberForVPC
-        to be robust against vPCs not recorded for exception handling, since
-        the Sampler may ask for an arbitrary vPC.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::execute):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        * VM/Machine.h:
-        (JSC::Machine::setSampler):
-        (JSC::Machine::sampler):
-        (JSC::Machine::jitCodeBuffer): Upated for refactored #ifdefs. Changed
-        Machine to use SamplingTool helper objects to record movement in and
-        out of host code. This makes samples a bit more precise.
-        
-        * VM/Opcode.cpp:
-        (JSC::OpcodeStats::~OpcodeStats):
-        * VM/Opcode.h: Upated for refactored #ifdefs. Added a little more padding,
-        to accomodate our more verbose opcode names.
-
-        * VM/SamplingTool.cpp:
-        (JSC::ScopeSampleRecord::sample): Only count a sample toward our total
-        if we actually record it. This solves cases where a CodeBlock will
-        claim to have been sampled many times, with reported samples that don't
-        match.
-
-        (JSC::SamplingTool::run): Read the current sample into a Sample helper
-        object, to ensure that the data doesn't change while we're analyzing it,
-        and to help decode the data. Only access the CodeBlock sampling hash
-        table if CodeBlock sampling has been enabled, so non-CodeBlock sampling
-        runs can operate with even less overhead.
-
-        (JSC::SamplingTool::dump): I reorganized this code a lot to print the
-        most important info at the top, print as a table, annotate and document
-        the stuff I didn't understand when I started, etc.
-
-        * VM/SamplingTool.h: New helper classes, described above.
-
-        * kjs/Parser.h:
-        * kjs/Shell.cpp:
-        (runWithScripts):
-        * kjs/nodes.cpp:
-        (JSC::ScopeNode::ScopeNode): Updated for new sampling APIs.
-
-        * wtf/Platform.h: Moved sampling #defines here, since our custom is to
-        put ENABLE #defines into Platform.h. Made explicit the fact that
-        CODEBLOCK_SAMPLING depends on OPCODE_SAMPLING.
-
-2008-10-25  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        JSC Build fix, not reviewed.
-
-        * VM/CTI.cpp: add missing include stdio.h for debug builds
-
-2008-10-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Darin Adler.
-        
-        Get rid of a bonus ASSERT when using a null string as a regexp.
-        Specifically calling: RegularExpression::match() with String::empty()
-        will hit this ASSERT.
-        Chromium hits this, but I don't know of any way to make a layout test.
-
-        * pcre/pcre_exec.cpp:
-        (jsRegExpExecute):
-
-2008-10-24  Alexey Proskuryakov  <ap@webkit.org>
-
-        Suggested and rubber-stamped by Geoff Garen.
-
-        Fix a crash when opening Font Picker.
-
-        The change also hopefully fixes this bug, which I could never reproduce:
-        https://bugs.webkit.org/show_bug.cgi?id=20241
-        <rdar://problem/6290576> Safari crashes at JSValueUnprotect() when fontpicker view close
-
-        * API/JSContextRef.cpp: (JSContextGetGlobalObject): Use lexical global object instead of
-        dynamic one.
-
-2008-10-24  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Remove ScopeChainNode::bottom() and inline it into its only caller,
-        ScopeChainnode::globalObject().
-
-        * kjs/JSGlobalObject.h:
-        (JSC::ScopeChainNode::globalObject):
-        * kjs/ScopeChain.h:
-        (JSC::ScopeChain::bottom):
-
-2008-10-24  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21862: Create JSFunction prototype property lazily
-        <https://bugs.webkit.org/show_bug.cgi?id=21862>
-
-        This is a 1.5% speedup on SunSpider and a 1.4% speedup on the V8
-        benchmark suite, including a 3.8% speedup on Earley-Boyer.
-
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        * kjs/nodes.cpp:
-        (JSC::FuncDeclNode::makeFunction):
-        (JSC::FuncExprNode::makeFunction):
-
-2008-10-24  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21475
-        
-        Provide support for the Geolocation API
-        
-        http://dev.w3.org/geo/api/spec-source.html
-
-        * wtf/Platform.h: ENABLE_GEOLOCATION defaults to 0
-
-2008-10-24  Darin Adler  <darin@apple.com>
-
-        - finish rolling out https://bugs.webkit.org/show_bug.cgi?id=21732
-
-        * API/APICast.h:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSValueRef.cpp:
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        * VM/CodeGenerator.h:
-        * VM/ExceptionHelpers.cpp:
-        * VM/ExceptionHelpers.h:
-        * VM/JSPropertyNameIterator.cpp:
-        * VM/JSPropertyNameIterator.h:
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * VM/Register.h:
-        * kjs/ArgList.cpp:
-        * kjs/ArgList.h:
-        * kjs/Arguments.cpp:
-        * kjs/Arguments.h:
-        * kjs/ArrayConstructor.cpp:
-        * kjs/ArrayPrototype.cpp:
-        * kjs/BooleanConstructor.cpp:
-        * kjs/BooleanConstructor.h:
-        * kjs/BooleanObject.h:
-        * kjs/BooleanPrototype.cpp:
-        * kjs/CallData.cpp:
-        * kjs/CallData.h:
-        * kjs/ConstructData.cpp:
-        * kjs/ConstructData.h:
-        * kjs/DateConstructor.cpp:
-        * kjs/DateInstance.h:
-        * kjs/DatePrototype.cpp:
-        * kjs/DatePrototype.h:
-        * kjs/DebuggerCallFrame.cpp:
-        * kjs/DebuggerCallFrame.h:
-        * kjs/ErrorConstructor.cpp:
-        * kjs/ErrorPrototype.cpp:
-        * kjs/ExecState.cpp:
-        * kjs/ExecState.h:
-        * kjs/FunctionConstructor.cpp:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/FunctionPrototype.h:
-        * kjs/GetterSetter.cpp:
-        * kjs/GetterSetter.h:
-        * kjs/InternalFunction.h:
-        * kjs/JSActivation.cpp:
-        * kjs/JSActivation.h:
-        * kjs/JSArray.cpp:
-        * kjs/JSArray.h:
-        * kjs/JSCell.cpp:
-        * kjs/JSCell.h:
-        * kjs/JSFunction.cpp:
-        * kjs/JSFunction.h:
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h:
-        * kjs/JSGlobalObjectFunctions.cpp:
-        * kjs/JSGlobalObjectFunctions.h:
-        * kjs/JSImmediate.cpp:
-        * kjs/JSImmediate.h:
-        * kjs/JSNotAnObject.cpp:
-        * kjs/JSNotAnObject.h:
-        * kjs/JSNumberCell.cpp:
-        * kjs/JSNumberCell.h:
-        * kjs/JSObject.cpp:
-        * kjs/JSObject.h:
-        * kjs/JSStaticScopeObject.cpp:
-        * kjs/JSStaticScopeObject.h:
-        * kjs/JSString.cpp:
-        * kjs/JSString.h:
-        * kjs/JSValue.h:
-        * kjs/JSVariableObject.h:
-        * kjs/JSWrapperObject.h:
-        * kjs/MathObject.cpp:
-        * kjs/MathObject.h:
-        * kjs/NativeErrorConstructor.cpp:
-        * kjs/NumberConstructor.cpp:
-        * kjs/NumberConstructor.h:
-        * kjs/NumberObject.cpp:
-        * kjs/NumberObject.h:
-        * kjs/NumberPrototype.cpp:
-        * kjs/ObjectConstructor.cpp:
-        * kjs/ObjectPrototype.cpp:
-        * kjs/ObjectPrototype.h:
-        * kjs/PropertyMap.h:
-        * kjs/PropertySlot.cpp:
-        * kjs/PropertySlot.h:
-        * kjs/RegExpConstructor.cpp:
-        * kjs/RegExpConstructor.h:
-        * kjs/RegExpMatchesArray.h:
-        * kjs/RegExpObject.cpp:
-        * kjs/RegExpObject.h:
-        * kjs/RegExpPrototype.cpp:
-        * kjs/Shell.cpp:
-        * kjs/StringConstructor.cpp:
-        * kjs/StringObject.cpp:
-        * kjs/StringObject.h:
-        * kjs/StringObjectThatMasqueradesAsUndefined.h:
-        * kjs/StringPrototype.cpp:
-        * kjs/StructureID.cpp:
-        * kjs/StructureID.h:
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/completion.h:
-        * kjs/grammar.y:
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-        * kjs/nodes.h:
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-        * kjs/protect.h:
-        * profiler/ProfileGenerator.cpp:
-        * profiler/Profiler.cpp:
-        * profiler/Profiler.h:
-        Use JSValue* instead of JSValuePtr.
-
-2008-10-24  David Kilzer  <ddkilzer@apple.com>
-
-        Rolled out r37840.
-
-        * wtf/Platform.h:
-
-2008-10-23  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21475
-        
-        Provide support for the Geolocation API
-        
-        http://dev.w3.org/geo/api/spec-source.html
-
-        * wtf/Platform.h: ENABLE_GEOLOCATION defaults to 0
-
-2008-10-23  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 21832: Fix scripts using 'new File::Temp' for Perl 5.10
-
-        <https://bugs.webkit.org/show_bug.cgi?id=21832>
-
-        Reviewed by Sam Weinig.
-
-        * pcre/dftables: Use imported tempfile() from File::Temp instead of
-        'new File::Temp' to make the script work with Perl 5.10.
-
-2008-10-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix hideous pathological case performance when looking up repatch info, bug #21727.
-
-        When repatching JIT code to optimize we look up records providing information about
-        the generated code (also used to track recsources used in linking to be later released). 
-        The lookup was being performed using a linear scan of all such records.
-
-        (1) Split up the different types of reptach information.  This means we can search them
-            separately, and in some cases should reduce their size.
-        (2) In the case of property accesses, search with a binary chop over the data.
-        (3) In the case of calls, pass a pointer to the repatch info into the relink function.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::unlinkCall):
-        (JSC::CTI::linkCall):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::unlinkCallers):
-        (JSC::CodeBlock::derefStructureIDs):
-        * VM/CodeBlock.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (JSC::CallLinkInfo::setUnlinked):
-        (JSC::CallLinkInfo::isLinked):
-        (JSC::getStructureStubInfoReturnLocation):
-        (JSC::binaryChop):
-        (JSC::CodeBlock::addCaller):
-        (JSC::CodeBlock::getStubInfo):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitResolve):
-        (JSC::CodeGenerator::emitGetById):
-        (JSC::CodeGenerator::emitPutById):
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitConstruct):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_vm_lazyLinkCall):
-
-2008-10-23  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Adam Roben.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21833
-        Place JavaScript Debugger hooks under #if ENABLE(JAVASCRIPT_DEBUGGER).
-
-        * wtf/Platform.h:
-
-2008-10-23  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 21831: Fix create_hash_table for Perl 5.10
-
-        <https://bugs.webkit.org/show_bug.cgi?id=21831>
-
-        Reviewed by Sam Weinig.
-
-        * kjs/create_hash_table: Escaped square brackets so that Perl 5.10
-        doesn't try to use @nameEntries.
-
-2008-10-23  Darin Adler  <darin@apple.com>
-
-        - roll out https://bugs.webkit.org/show_bug.cgi?id=21732
-          to remove the JSValuePtr class, to fix two problems
-
-            1) slowness under MSVC, since it doesn't handle a
-               class with a single pointer in it as efficiently
-               as a pointer
-
-            2) uninitialized pointers in Vector
-
-        * JavaScriptCore.exp: Updated.
-
-        * API/APICast.h:
-        (toRef):
-        * VM/CTI.cpp:
-        (JSC::CTI::asInteger):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::addConstant):
-        * VM/CodeGenerator.h:
-        (JSC::CodeGenerator::JSValueHashTraits::constructDeletedValue):
-        (JSC::CodeGenerator::JSValueHashTraits::isDeletedValue):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_add):
-        (JSC::Machine::cti_op_pre_inc):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_second):
-        (JSC::Machine::cti_op_get_by_id_generic):
-        (JSC::Machine::cti_op_get_by_id_fail):
-        (JSC::Machine::cti_op_instanceof):
-        (JSC::Machine::cti_op_del_by_id):
-        (JSC::Machine::cti_op_mul):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_resolve):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_get_by_val):
-        (JSC::Machine::cti_op_sub):
-        (JSC::Machine::cti_op_lesseq):
-        (JSC::Machine::cti_op_negate):
-        (JSC::Machine::cti_op_resolve_base):
-        (JSC::Machine::cti_op_resolve_skip):
-        (JSC::Machine::cti_op_resolve_global):
-        (JSC::Machine::cti_op_div):
-        (JSC::Machine::cti_op_pre_dec):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_lshift):
-        (JSC::Machine::cti_op_bitand):
-        (JSC::Machine::cti_op_rshift):
-        (JSC::Machine::cti_op_bitnot):
-        (JSC::Machine::cti_op_mod):
-        (JSC::Machine::cti_op_less):
-        (JSC::Machine::cti_op_neq):
-        (JSC::Machine::cti_op_urshift):
-        (JSC::Machine::cti_op_bitxor):
-        (JSC::Machine::cti_op_bitor):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_op_throw):
-        (JSC::Machine::cti_op_next_pname):
-        (JSC::Machine::cti_op_typeof):
-        (JSC::Machine::cti_op_is_undefined):
-        (JSC::Machine::cti_op_is_boolean):
-        (JSC::Machine::cti_op_is_number):
-        (JSC::Machine::cti_op_is_string):
-        (JSC::Machine::cti_op_is_object):
-        (JSC::Machine::cti_op_is_function):
-        (JSC::Machine::cti_op_stricteq):
-        (JSC::Machine::cti_op_nstricteq):
-        (JSC::Machine::cti_op_to_jsnumber):
-        (JSC::Machine::cti_op_in):
-        (JSC::Machine::cti_op_del_by_val):
-        (JSC::Machine::cti_vm_throw):
-        Removed calls to payload functions.
-
-        * VM/Register.h:
-        (JSC::Register::Register): Removed overload for JSCell and call
-        to payload function.
-
-        * kjs/JSCell.h: Changed JSCell to derive from JSValue again.
-        Removed JSValuePtr constructor.
-        (JSC::asCell): Changed cast from reinterpret_cast to static_cast.
-
-        * kjs/JSImmediate.h: Removed JSValuePtr class. Added typedef back.
-
-        * kjs/JSValue.h:
-        (JSC::JSValue::JSValue): Added empty protected inline constructor back.
-        (JSC::JSValue::~JSValue): Same for destructor.
-        Removed == and != operator for JSValuePtr.
-
-        * kjs/PropertySlot.h:
-        (JSC::PropertySlot::PropertySlot): Chnaged argument to const JSValue*
-        and added a const_cast.
-
-        * kjs/protect.h: Removed overloads and specialization for JSValuePtr.
-
-2008-10-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Really "fix" CTI mode on windows 2k3.
-
-        This adds new methods fastMallocExecutable and fastFreeExecutable
-        to wrap allocation for cti code.  This still just makes fastMalloc
-        return executable memory all the time, which will be fixed in a
-        later patch.
-
-        However in windows debug builds all executable allocations will be
-        allocated on separate executable pages, which should resolve any
-        remaining 2k3 issues.  Conveniently the 2k3 bot will now also fail
-        if there are any fastFree vs. fastFreeExecutable errors.
-
-        * ChangeLog:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * kjs/regexp.cpp:
-        (JSC::RegExp::~RegExp):
-        * masm/X86Assembler.h:
-        (JSC::JITCodeBuffer::copy):
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocExecutable):
-        (WTF::fastFreeExecutable):
-        (WTF::TCMallocStats::fastMallocExecutable):
-        (WTF::TCMallocStats::fastFreeExecutable):
-        * wtf/FastMalloc.h:
-
-2008-10-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=21294
-          Bug 21294: Devirtualize getOwnPropertySlot()
-
-        A bit over 3% faster on V8 tests.
-
-        * JavascriptCore.exp: Export leak-related functions..
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructureID): Set HasStandardGetOwnPropertySlot
-        since this class doesn't override getPropertySlot.
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructureID): Ditto.
-
-        * VM/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError): Use a structure
-        that's created just for this class instead of trying to share a single "null
-        prototype" structure.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_create_arguments_no_params): Rename
-        Arguments::ArgumentsNoParameters to Arguments::NoParameters.
-        
-        * kjs/Arguments.h: Rename the enum from Arguments::ArgumentsParameters to
-        Arguments::NoParametersType and the value from Arguments::ArgumentsNoParameters
-        to Arguments::NoParameters.
-        (JSC::Arguments::createStructureID): Added. Returns a structure without
-        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
-        (JSC::Arguments::Arguments): Added an assertion that there are no parameters.
-
-        * kjs/DatePrototype.h:
-        (JSC::DatePrototype::createStructureID): Added. Returns a structure without
-        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
-
-        * kjs/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructureID): Set HasStandardGetOwnPropertySlot
-        since this class doesn't override getPropertySlot.
-        * kjs/InternalFunction.h:
-        (JSC::InternalFunction::createStructureID): Ditto.
-
-        * kjs/JSArray.h:
-        (JSC::JSArray::createStructureID): Added. Returns a structure without
-        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
-
-        * kjs/JSCell.h: Added declaration of fastGetOwnPropertySlot; a non-virtual
-        version that uses the structure bit to decide whether to call the virtual
-        version.
-
-        * kjs/JSFunction.h:
-        (JSC::JSFunction::createStructureID): Added. Returns a structure without
-        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
-
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Initialize new structures; removed
-        nullProtoStructureID.
-        * kjs/JSGlobalData.h: Added new structures. Removed nullProtoStructureID.
-
-        * kjs/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructureID): Added. Returns a structure without
-        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
-
-        * kjs/JSNotAnObject.h:
-        (JSC::JSNotAnObjectErrorStub::JSNotAnObjectErrorStub): Use a structure
-        that's created just for this class instead of trying to share a single "null
-        prototype" structure.
-        (JSC::JSNotAnObjectErrorStub::isNotAnObjectErrorStub): Marked this function
-        virtual for clarity and made it private since no one should call it if they
-        already have a pointer to this specific type.
-        (JSC::JSNotAnObject::JSNotAnObject): Use a structure that's created just
-        for this class instead of trying to share a single "null prototype" structure.
-        (JSC::JSNotAnObject::createStructureID): Added. Returns a structure without
-        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
-
-        * kjs/JSObject.h:
-        (JSC::JSObject::createStructureID): Added HasStandardGetOwnPropertySlot.
-        (JSC::JSObject::inlineGetOwnPropertySlot): Added. Used so we can share code
-        between getOwnPropertySlot and fastGetOwnPropertySlot.
-        (JSC::JSObject::getOwnPropertySlot): Moved so that functions are above the
-        functions that call them. Moved the guts of this function into
-        inlineGetOwnPropertySlot.
-        (JSC::JSCell::fastGetOwnPropertySlot): Added. Checks the
-        HasStandardGetOwnPropertySlot bit and if it's set, calls
-        inlineGetOwnPropertySlot, otherwise calls getOwnPropertySlot.
-        (JSC::JSObject::getPropertySlot): Changed to call fastGetOwnPropertySlot.
-        (JSC::JSValue::get): Changed to call fastGetOwnPropertySlot.
-
-        * kjs/JSWrapperObject.h: Made constructor protected to emphasize that
-        this class is only a base class and never instantiated.
-
-        * kjs/MathObject.h:
-        (JSC::MathObject::createStructureID): Added. Returns a structure without
-        HasStandardGetOwnPropertySlot since this class overrides getOwnPropertySlot.
-        * kjs/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructureID): Ditto.
-        * kjs/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructureID): Ditto.
-        * kjs/RegExpObject.h:
-        (JSC::RegExpObject::createStructureID): Ditto.
-        * kjs/StringObject.h:
-        (JSC::StringObject::createStructureID): Ditto.
-
-        * kjs/TypeInfo.h: Added HasStandardGetOwnPropertySlot flag and
-        hasStandardGetOwnPropertySlot accessor function.
-
-2008-10-22  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 21803: Fuse op_jfalse with op_eq_null and op_neq_null
-        <https://bugs.webkit.org/show_bug.cgi?id=21803>
-
-        Fuse op_jfalse with op_eq_null and op_neq_null to make the new opcodes
-        op_jeq_null and op_jneq_null.
-
-        This is a 2.6% speedup on the V8 Raytrace benchmark, and strangely also
-        a 4.7% speedup on the V8 Arguments benchmark, even though it uses
-        neither of the two new opcodes.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitJumpIfTrue):
-        (JSC::CodeGenerator::emitJumpIfFalse):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        * VM/Opcode.h:
-
-2008-10-22  Darin Fisher  <darin@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Should not define PLATFORM(WIN,MAC,GTK) when PLATFORM(CHROMIUM) is defined
-        https://bugs.webkit.org/show_bug.cgi?id=21757
-
-        PLATFORM(CHROMIUM) implies HAVE_ACCESSIBILITY
-
-        * wtf/Platform.h:
-
-2008-10-22  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Correct opcode names in documentation.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-
-2008-10-21  Oliver Hunt <oliver@apple.com>
-
-        RS=Maciej Stachowiak.
-
-        Force FastMalloc to make all allocated pages executable in
-        a vague hope this will allow the Win2k3 bot to be able to
-        run tests.
-
-        Filed Bug 21783: Need more granular control over allocation of executable memory
-        to cover a more granular version of this patch.
-
-        * wtf/TCSystemAlloc.cpp:
-        (TryVirtualAlloc):
-
-2008-10-21  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21769
-        MessagePort should be GC protected if there are messages to be delivered
-
-        * wtf/MessageQueue.h:
-        (WTF::::isEmpty): Added. Also added a warning for methods that return a snapshot of queue
-        state, thus likely to cause race conditions.
-
-2008-10-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        - convert post-increment to pre-increment in a couple more places for speed
-
-        Speeds up V8 benchmarks a little on most computers. (But, strangely, slows
-        them down a little on my computer.)
-
-        * kjs/nodes.cpp:
-        (JSC::statementListEmitCode): Removed default argument, since we always want
-        to specify this explicitly.
-        (JSC::ForNode::emitCode): Tolerate ignoredResult() as the dst -- means the
-        same thing as 0.
-        (JSC::ReturnNode::emitCode): Ditto.
-        (JSC::ThrowNode::emitCode): Ditto.
-        (JSC::FunctionBodyNode::emitCode): Pass ignoredResult() so that we know we
-        don't have to compute the result of function statements.
-
-2008-10-21  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix an include of a non-public header to use "" instead of <>.
-
-        * API/JSProfilerPrivate.cpp:
-
-2008-10-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21766
-        REGRESSION: 12 JSC tests fail
-
-        The JSGlobalObject was mutating the shared nullProtoStructureID when
-        used in jsc.  Instead of using nullProtoStructureID, use a new StructureID.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreateInGroup):
-        * kjs/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * kjs/Shell.cpp:
-        (GlobalObject::GlobalObject):
-        (jscmain):
-
-2008-10-20  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Remove an untaken branch in CodeGenerator::emitJumpIfFalse(). This
-        function is never called with a backwards target LabelID, and there is
-        even an assertion to this effect at the top of the function body.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitJumpIfFalse):
-
-2008-10-20  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Add opcode documentation for undocumented opcodes.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-
-2008-10-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21683
-        Don't create intermediate StructureIDs for builtin objects
-
-        Second stage in reduce number of StructureIDs created when initializing the
-        JSGlobalObject.
-
-        - Use putDirectWithoutTransition for the remaining singleton objects to reduce
-          the number of StructureIDs create for about:blank from 132 to 73.
-
-        * kjs/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * kjs/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * kjs/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * kjs/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * kjs/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * kjs/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * kjs/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * kjs/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * kjs/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructureID):
-        * kjs/InternalFunction.cpp:
-        * kjs/InternalFunction.h:
-        (JSC::InternalFunction::InternalFunction):
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * kjs/JSObject.h:
-        * kjs/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * kjs/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * kjs/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * kjs/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * kjs/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * kjs/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * kjs/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * kjs/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::dumpStatistics):
-        * kjs/StructureID.h:
-        (JSC::StructureID::setPrototypeWithoutTransition):
-
-2008-10-20  Alp Toker  <alp@nuanti.com>
-
-        Fix autotools dist build target by listing recently added header
-        files only. Not reviewed.
-
-        * GNUmakefile.am:
-
-2008-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::tryCacheGetByID): Removed a redundant and sometimes
-        incorrect cast, which started ASSERTing after Darin's last checkin.
-
-2008-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Re-enable CTI, which I accidentally disabled while checking in fixes
-        to bytecode.
-
-        * wtf/Platform.h:
-
-2008-10-20  Alp Toker  <alp@nuanti.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Typo fix in function name: mimimum -> minimum.
-
-        * kjs/DateMath.cpp:
-        (JSC::minimumYearForDST):
-        (JSC::equivalentYearForDST):
-
-2008-10-20  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Mark Rowe.
-
-        Use pthread instead of GThread where possible in the GTK+ port. This
-        fixes issues with global initialisation, particularly on GTK+/Win32
-        where a late g_thread_init() will cause hangs.
-
-        * GNUmakefile.am:
-        * wtf/Platform.h:
-        * wtf/Threading.h:
-        * wtf/ThreadingGtk.cpp:
-        * wtf/ThreadingPthreads.cpp:
-
-2008-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=21735
-        Emit profiling instrumentation only if the Web Inspector's profiling
-        feature is enabled
-
-        22.2% speedup on empty function call benchmark.
-        2.9% speedup on v8 benchmark.
-        0.7% speedup on SunSpider.
-        
-        Lesser but similar speedups in bytecode.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases): Nixed JITed profiler hooks. Profiler
-        hooks now have their own opcodes. Added support for compiling profiler
-        hook opcodes.
-        
-        (JSC::CodeBlock::dump): Dump support for the new profiling opcodes.
-
-        * VM/CodeGenerator.h:
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitConstruct): Conditionally emit profiling hooks
-        around call and construct, at the call site. (It's easier to get things
-        right this way, if you have profiled code calling non-profiled code.
-        Also, you get a slightly more accurate profile, since you charge the full
-        cost of the call / construct operation to the callee.)
-        
-        Also, fixed a bug where construct would fetch the ".prototype" property
-        from the constructor before evaluating the arguments to the constructor,
-        incorrectly allowing an "invalid constructor" exception to short-circuit
-        argument evaluation. I encountered this bug when trying to make
-        constructor exceptions work with profiling.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::callEval): Removed obsolete profiler hooks.
-
-        (JSC::Machine::throwException): Added a check for an exception thrown
-        within a call instruction. We didn't need this before because the call
-        instruction would check for a valid call before involing the profiler.
-        (JSC::Machine::execute): Added a didExecute hook at the end of top-level
-        function invocation, since op_ret no longer does this for us.
-
-        (JSC::Machine::privateExecute): Removed obsolete profiler hooks. Added
-        profiler opcodes. Changed some ++vPC to vPC[x] notation, since the
-        latter is better for performance, and it makes reasoning about the
-        current opcode in exception handling much simpler.
-
-        (JSC::Machine::cti_op_call_NotJSFunction): Removed obsolete profiler
-        hooks.
-
-        (JSC::Machine::cti_op_create_arguments_no_params): Added missing
-        CTI_STACK_HACK that I noticed when adding CTI_STACK_HACK to the new
-        profiler opcode functions.
-
-        (JSC::Machine::cti_op_profile_will_call):
-        (JSC::Machine::cti_op_profile_did_call): The new profiler opcode
-        functions.
-
-        (JSC::Machine::cti_op_construct_NotJSConstruct): Removed obsolete profiler
-        hooks.
-
-        * VM/Machine.h:
-        (JSC::Machine::isCallOpcode): Helper for exception handling.
-
-        * VM/Opcode.h: Declare new opcodes.
-
-        * kjs/JSGlobalObject.h:
-        (JSC::JSGlobalObject::supportsProfiling): Added virtual interface that
-        allows WebCore to specify whether the target global object has the Web
-        Inspector's profiling feature enabled.
-
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::willExecute):
-        (JSC::Profiler::didExecute):
-        (JSC::Profiler::createCallIdentifier):
-        * profiler/Profiler.h: Added support for invoking the profiler with
-        an arbitrary JSValue*, and not a known object. We didn't need this
-        before because the call instruction would check for a valid call before
-        involing the profiler.
-
-2008-10-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - get CTI working on Windows again
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitCTICall): Add an overload for functions that
-        return JSObject*.
-        * VM/CTI.h: Use JSValue* and JSObject* as return types for
-        cti_op functions. Apparently, MSVC doesn't handle returning
-        the JSValuePtr struct in a register. We'll have to look into
-        this more.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_convert_this):
-        (JSC::Machine::cti_op_add):
-        (JSC::Machine::cti_op_pre_inc):
-        (JSC::Machine::cti_op_new_object):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_second):
-        (JSC::Machine::cti_op_get_by_id_generic):
-        (JSC::Machine::cti_op_get_by_id_fail):
-        (JSC::Machine::cti_op_instanceof):
-        (JSC::Machine::cti_op_del_by_id):
-        (JSC::Machine::cti_op_mul):
-        (JSC::Machine::cti_op_new_func):
-        (JSC::Machine::cti_op_push_activation):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_new_array):
-        (JSC::Machine::cti_op_resolve):
-        (JSC::Machine::cti_op_construct_JSConstructFast):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_get_by_val):
-        (JSC::Machine::cti_op_sub):
-        (JSC::Machine::cti_op_lesseq):
-        (JSC::Machine::cti_op_negate):
-        (JSC::Machine::cti_op_resolve_base):
-        (JSC::Machine::cti_op_resolve_skip):
-        (JSC::Machine::cti_op_resolve_global):
-        (JSC::Machine::cti_op_div):
-        (JSC::Machine::cti_op_pre_dec):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_lshift):
-        (JSC::Machine::cti_op_bitand):
-        (JSC::Machine::cti_op_rshift):
-        (JSC::Machine::cti_op_bitnot):
-        (JSC::Machine::cti_op_new_func_exp):
-        (JSC::Machine::cti_op_mod):
-        (JSC::Machine::cti_op_less):
-        (JSC::Machine::cti_op_neq):
-        (JSC::Machine::cti_op_urshift):
-        (JSC::Machine::cti_op_bitxor):
-        (JSC::Machine::cti_op_new_regexp):
-        (JSC::Machine::cti_op_bitor):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_op_throw):
-        (JSC::Machine::cti_op_next_pname):
-        (JSC::Machine::cti_op_typeof):
-        (JSC::Machine::cti_op_is_undefined):
-        (JSC::Machine::cti_op_is_boolean):
-        (JSC::Machine::cti_op_is_number):
-        (JSC::Machine::cti_op_is_string):
-        (JSC::Machine::cti_op_is_object):
-        (JSC::Machine::cti_op_is_function):
-        (JSC::Machine::cti_op_stricteq):
-        (JSC::Machine::cti_op_nstricteq):
-        (JSC::Machine::cti_op_to_jsnumber):
-        (JSC::Machine::cti_op_in):
-        (JSC::Machine::cti_op_push_new_scope):
-        (JSC::Machine::cti_op_del_by_val):
-        (JSC::Machine::cti_op_new_error):
-        (JSC::Machine::cti_vm_throw):
-        Change these functions to return pointer types, and never
-        JSValuePtr.
-        * VM/Machine.h: Ditto.
-
-2008-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed some recent break-age in bytecode mode.
-
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructureIDs): Fixed up an ASSERT caused by
-        Gavin's last checkin. This is a temporary fix so I can keep on moving.
-        I'll send email about what I think is an underlying problem soon.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute): Removed a redundant and sometimes
-        incorrect cast, which started ASSERTing after Darin's last checkin.
-
-2008-10-20  Darin Adler  <darin@apple.com>
-
-        - another similar Windows build fix
-
-        * VM/CTI.cpp: Changed return type to JSObject* instead of JSValuePtr.
-
-2008-10-20  Darin Adler  <darin@apple.com>
-
-        - try to fix Windows build
-
-        * VM/CTI.cpp: Use JSValue* instead of JSValuePtr for ctiTrampoline.
-        * VM/CTI.h: Ditto.
-
-2008-10-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - finish https://bugs.webkit.org/show_bug.cgi?id=21732
-          improve performance by eliminating JSValue as a base class for JSCell
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_profiler): Use asFunction.
-        (JSC::Machine::cti_vm_lazyLinkCall): Ditto.
-        (JSC::Machine::cti_op_construct_JSConstructFast): Use asObject.
-
-        * kjs/JSCell.h: Re-sort friend classes. Eliminate inheritance from
-        JSValue. Changed cast in asCell from static_cast to reinterpret_cast.
-        Removed JSValue::getNumber(double&) and one of JSValue::getObject
-        overloads.
-
-        * kjs/JSValue.h: Made the private constructor and destructor both
-        non-virtual and also remove the definitions. This class can never
-        be instantiated or derived.
-
-2008-10-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
-          improve performance by eliminating JSValue as a base class for JSCell
-
-        Change JSValuePtr from a typedef into a class. This allows us to support
-        conversion from JSCell* to JSValuePtr even if JSCell isn't derived from
-        JSValue.
-
-        * JavaScriptCore.exp: Updated symbols that involve JSValuePtr, since
-        it's now a distinct type.
-
-        * API/APICast.h:
-        (toRef): Extract the JSValuePtr payload explicitly since we can't just
-        cast any more.
-        * VM/CTI.cpp:
-        (JSC::CTI::asInteger): Ditto.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::addConstant): Get at the payload directly.
-        (JSC::CodeGenerator::emitLoad): Added an overload of JSCell* because
-        otherwise classes derived from JSValue end up calling the bool
-        overload instead of JSValuePtr.
-        * VM/CodeGenerator.h: Ditto. Also update traits to use JSValue*
-        and the payload functions.
-
-        * VM/Register.h: Added a JSCell* overload and use of payload functions.
-
-        * kjs/JSCell.h:
-        (JSC::asCell): Use payload function.
-        (JSC::JSValue::asCell): Use JSValue* instead of JSValuePtr.
-        (JSC::JSValuePtr::JSValuePtr): Added. Constructor that takes JSCell*
-        and creates a JSValuePtr.
-
-        * kjs/JSImmediate.h: Added JSValuePtr class. Also updated makeValue
-        and makeInt to work with JSValue* and the payload function.
-
-        * kjs/JSValue.h: Added == and != operators for JSValuePtr. Put them
-        here because eventually all the JSValue functions should go here
-        except what's needed by JSImmediate. Also fix asValue to use
-        JSValue* instead of JSValuePtr.
-
-        * kjs/PropertySlot.h: Change constructor to take JSValuePtr.
-
-        * kjs/protect.h: Update gcProtect functions to work with JSCell*
-        as well as JSValuePtr. Also updated the ProtectedPtr<JSValuePtr>
-        specialization to work more directly. Also changed all the call
-        sites to use gcProtectNullTolerant.
-
-2008-10-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
-          improve performance by eliminating JSValue as a base class for JSCell
-
-        Remove most uses of JSValue, which will be removed in a future patch.
-
-        * VM/Machine.cpp:
-        (JSC::fastToUInt32): Call toUInt32SlowCase function; no longer a member
-        of JSValue.
-        * kjs/JSNumberCell.h:
-        (JSC::JSNumberCell::toInt32): Ditto.
-        (JSC::JSNumberCell::toUInt32): Ditto.
-
-        * kjs/JSValue.cpp:
-        (JSC::toInt32SlowCase): Made a non-member function.
-        (JSC::JSValue::toInt32SlowCase): Changed to call non-member function.
-        (JSC::toUInt32SlowCase): More of the same.
-        (JSC::JSValue::toUInt32SlowCase): Ditto.
-
-        * kjs/JSValue.h: Moved static member function so they are no longer
-        member functions at all.
-
-        * VM/CTI.h: Removed forward declaration of JSValue.
-        * VM/ExceptionHelpers.h: Ditto.
-        * kjs/CallData.h: Ditto.
-        * kjs/ConstructData.h: Ditto.
-        * kjs/JSGlobalObjectFunctions.h: Ditto.
-        * kjs/PropertyMap.h: Ditto.
-        * kjs/StructureID.h: Ditto.
-        * kjs/collector.h: Ditto.
-        * kjs/completion.h: Ditto.
-
-        * kjs/grammar.y:
-        (JSC::makeBitwiseNotNode): Call new non-member toInt32 function.
-        (JSC::makeLeftShiftNode): More of the same.
-        (JSC::makeRightShiftNode): Ditto.
-
-        * kjs/protect.h: Added a specialization for ProtectedPtr<JSValuePtr>
-        so this can be used with JSValuePtr.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - next step of https://bugs.webkit.org/show_bug.cgi?id=21732
-          improve performance by eliminating JSValue as a base class for JSCell
-
-        Tweak a little more to get closer to where we can make JSValuePtr a class.
-
-        * API/APICast.h:
-        (toJS): Change back to JSValue* here, since we're converting the
-        pointer type.
-        * VM/CTI.cpp:
-        (JSC::CTI::unlinkCall): Call asPointer.
-        * VM/CTI.h: Cast to JSValue* here, since it's a pointer cast.
-        * kjs/DebuggerCallFrame.h:
-        (JSC::DebuggerCallFrame::DebuggerCallFrame): Call noValue.
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Call noValue.
-        * kjs/JSImmediate.cpp:
-        (JSC::JSImmediate::toObject): Remove unneeded const_cast.
-        * kjs/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject): Call noValue.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        - fix non-all-in-one build
-
-        * kjs/completion.h:
-        (JSC::Completion::Completion): Add include of JSValue.h.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - fix assertions I introduced with my casting changes
-
-        These were showing up as failures in the JavaScriptCore tests.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_instanceof): Remove the bogus asCell casting that
-        was at the top of the function, and instead cast at the point of use.
-        (JSC::Machine::cti_op_construct_NotJSConstruct): Moved the cast to
-        object after checking the construct type.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        - fix non-all-in-one build
-
-        * kjs/JSGlobalObjectFunctions.h: Add include of JSImmedate.h (for now).
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        - fix build
-
-        * kjs/interpreter.h: Include JSValue.h instead of JSImmediate.h.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        * kjs/interpreter.h: Fix include of JSImmediate.h.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        - fix non-all-in-one build
-
-        * kjs/interpreter.h: Add include of JSImmediate.h.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        - fix non-all-in-one build
-
-        * kjs/ConstructData.h: Add include of JSImmedate.h (for now).
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        - try to fix Windows build
-
-        * VM/Machine.cpp:
-        (JSC::Machine::Machine): Use JSCell* type since MSVC seems to only allow
-        calling ~JSCell directly if it's a JSCell*.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - next step on https://bugs.webkit.org/show_bug.cgi?id=21732
-          improve performance by eliminating JSValue as a base class for JSCell
-
-        Use JSValuePtr everywhere instead of JSValue*. In the future, we'll be
-        changing JSValuePtr to be a class, and then eventually renaming it
-        to JSValue once that's done.
-
-        * JavaScriptCore.exp: Update entry points, since some now take JSValue*
-        instead of const JSValue*.
-
-        * API/APICast.h:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSValueRef.cpp:
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        * VM/CodeGenerator.h:
-        * VM/ExceptionHelpers.cpp:
-        * VM/ExceptionHelpers.h:
-        * VM/JSPropertyNameIterator.cpp:
-        * VM/JSPropertyNameIterator.h:
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * VM/Register.h:
-        * kjs/ArgList.cpp:
-        * kjs/ArgList.h:
-        * kjs/Arguments.cpp:
-        * kjs/Arguments.h:
-        * kjs/ArrayConstructor.cpp:
-        * kjs/ArrayPrototype.cpp:
-        * kjs/BooleanConstructor.cpp:
-        * kjs/BooleanConstructor.h:
-        * kjs/BooleanObject.h:
-        * kjs/BooleanPrototype.cpp:
-        * kjs/CallData.cpp:
-        * kjs/CallData.h:
-        * kjs/ConstructData.cpp:
-        * kjs/ConstructData.h:
-        * kjs/DateConstructor.cpp:
-        * kjs/DateInstance.h:
-        * kjs/DatePrototype.cpp:
-        * kjs/DebuggerCallFrame.cpp:
-        * kjs/DebuggerCallFrame.h:
-        * kjs/ErrorConstructor.cpp:
-        * kjs/ErrorPrototype.cpp:
-        * kjs/ExecState.cpp:
-        * kjs/ExecState.h:
-        * kjs/FunctionConstructor.cpp:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/GetterSetter.cpp:
-        * kjs/GetterSetter.h:
-        * kjs/InternalFunction.h:
-        * kjs/JSActivation.cpp:
-        * kjs/JSActivation.h:
-        * kjs/JSArray.cpp:
-        * kjs/JSArray.h:
-        * kjs/JSCell.cpp:
-        * kjs/JSCell.h:
-        * kjs/JSFunction.cpp:
-        * kjs/JSFunction.h:
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h:
-        * kjs/JSGlobalObjectFunctions.cpp:
-        * kjs/JSGlobalObjectFunctions.h:
-        * kjs/JSImmediate.cpp:
-        * kjs/JSImmediate.h:
-        * kjs/JSNotAnObject.cpp:
-        * kjs/JSNotAnObject.h:
-        * kjs/JSNumberCell.cpp:
-        * kjs/JSNumberCell.h:
-        * kjs/JSObject.cpp:
-        * kjs/JSObject.h:
-        * kjs/JSStaticScopeObject.cpp:
-        * kjs/JSStaticScopeObject.h:
-        * kjs/JSString.cpp:
-        * kjs/JSString.h:
-        * kjs/JSValue.h:
-        * kjs/JSVariableObject.h:
-        * kjs/JSWrapperObject.h:
-        * kjs/MathObject.cpp:
-        * kjs/NativeErrorConstructor.cpp:
-        * kjs/NumberConstructor.cpp:
-        * kjs/NumberConstructor.h:
-        * kjs/NumberObject.cpp:
-        * kjs/NumberObject.h:
-        * kjs/NumberPrototype.cpp:
-        * kjs/ObjectConstructor.cpp:
-        * kjs/ObjectPrototype.cpp:
-        * kjs/ObjectPrototype.h:
-        * kjs/PropertyMap.h:
-        * kjs/PropertySlot.cpp:
-        * kjs/PropertySlot.h:
-        * kjs/RegExpConstructor.cpp:
-        * kjs/RegExpConstructor.h:
-        * kjs/RegExpMatchesArray.h:
-        * kjs/RegExpObject.cpp:
-        * kjs/RegExpObject.h:
-        * kjs/RegExpPrototype.cpp:
-        * kjs/Shell.cpp:
-        * kjs/StringConstructor.cpp:
-        * kjs/StringObject.cpp:
-        * kjs/StringObject.h:
-        * kjs/StringObjectThatMasqueradesAsUndefined.h:
-        * kjs/StringPrototype.cpp:
-        * kjs/StructureID.cpp:
-        * kjs/StructureID.h:
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/completion.h:
-        * kjs/grammar.y:
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-        * kjs/nodes.h:
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-        * kjs/protect.h:
-        * profiler/ProfileGenerator.cpp:
-        Replace JSValue* with JSValuePtr.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_eval): Removed stray parentheses from my
-        last check-in.
-
-2008-10-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - first step of https://bugs.webkit.org/show_bug.cgi?id=21732
-          improve performance by eliminating JSValue as a base class for JSCell
-
-        Remove casts from JSValue* to derived classes, replacing them with
-        calls to inline casting functions. These functions are also a bit
-        better than aidrect cast because they also do a runtime assertion.
-
-        Removed use of 0 as for JSValue*, changing call sites to use a
-        noValue() function instead.
-
-        Move things needed by classes derived from JSValue out of the class,
-        since the classes won't be deriving from JSValue any more soon.
-
-        I did most of these changes by changing JSValue to not be JSValue* any
-        more, then fixing a lot of the compilation problems, then rolling out
-        the JSValue change.
-
-        1.011x as fast on SunSpider (presumably due to some of the Machine.cpp changes)
-
-        * API/APICast.h: Removed unneeded forward declarations.
-
-        * API/JSCallbackObject.h: Added an asCallbackObject function for casting.
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::JSCallbackObject::asCallbackObject): Added.
-        (JSC::JSCallbackObject::getOwnPropertySlot): Use asObject.
-        (JSC::JSCallbackObject::call): Use noValue.
-        (JSC::JSCallbackObject::staticValueGetter): Use asCallbackObject.
-        (JSC::JSCallbackObject::staticFunctionGetter): Ditto.
-        (JSC::JSCallbackObject::callbackGetter): Ditto.
-
-        * JavaScriptCore.exp: Updated.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added RegExpMatchesArray.h.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::asInteger): Added. For use casting a JSValue to an integer.
-        (JSC::CTI::emitGetArg): Use asInteger.
-        (JSC::CTI::emitGetPutArg): Ditto.
-        (JSC::CTI::getConstantImmediateNumericArg): Ditto. Also use noValue.
-        (JSC::CTI::emitInitRegister): Use asInteger.
-        (JSC::CTI::getDeTaggedConstantImmediate): Ditto.
-        (JSC::CTI::compileOpCallInitializeCallFrame): Ditto.
-        (JSC::CTI::compileOpCall): Ditto.
-        (JSC::CTI::compileOpStrictEq): Ditto.
-        (JSC::CTI::privateCompileMainPass): Ditto.
-        (JSC::CTI::privateCompileGetByIdProto): Ditto.
-        (JSC::CTI::privateCompileGetByIdChain): Ditto.
-        (JSC::CTI::privateCompilePutByIdTransition): Ditto.
-        * VM/CTI.h: Rewrite the ARG-related macros to use C++ casts instead of
-        C casts and get rid of some extra parentheses. Addd declaration of
-        asInteger.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitEqualityOp): Use asString.
-        (JSC::CodeGenerator::emitLoad): Use noValue.
-        (JSC::CodeGenerator::findScopedProperty): Change globalObject argument
-        to JSObject* instead of JSValue*.
-        (JSC::CodeGenerator::emitResolve): Remove unneeded cast.
-        (JSC::CodeGenerator::emitGetScopedVar): Use asCell.
-        (JSC::CodeGenerator::emitPutScopedVar): Ditto.
-        * VM/CodeGenerator.h: Changed out argument of findScopedProperty.
-        Also change the JSValueMap to use PtrHash explicitly instead of
-        getting it from DefaultHash.
-
-        * VM/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::toPrimitive): Use noValue.
-        * VM/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::next): Ditto.
-
-        * VM/Machine.cpp:
-        (JSC::fastIsNumber): Moved isImmediate check here instead of
-        checking for 0 inside Heap::isNumber. Use asCell and asNumberCell.
-        (JSC::fastToInt32): Ditto.
-        (JSC::fastToUInt32): Ditto.
-        (JSC::jsLess): Use asString.
-        (JSC::jsLessEq): Ditto.
-        (JSC::jsAdd): Ditto.
-        (JSC::jsTypeStringForValue): Use asObject.
-        (JSC::jsIsObjectType): Ditto.
-        (JSC::jsIsFunctionType): Ditto.
-        (JSC::inlineResolveBase): Use noValue.
-        (JSC::Machine::callEval): Use asString. Initialize result to
-        undefined, not 0.
-        (JSC::Machine::Machine): Remove unneeded casts to JSCell*.
-        (JSC::Machine::throwException): Use asObject.
-        (JSC::Machine::debug): Remove explicit calls to the DebuggerCallFrame
-        constructor.
-        (JSC::Machine::checkTimeout): Use noValue.
-        (JSC::cachePrototypeChain): Use asObject.
-        (JSC::Machine::tryCachePutByID): Use asCell.
-        (JSC::Machine::tryCacheGetByID): Use aCell and asObject.
-        (JSC::Machine::privateExecute): Use noValue, asCell, asObject, asString,
-        asArray, asActivation, asFunction. Changed code that creates call frames
-        for host functions to pass 0 for the function pointer -- the call frame
-        needs a JSFunction* and a host function object is not one. This was
-        caught by the assertions in the casting functions. Also remove some
-        unneeded casts in cases where two values are compared.
-        (JSC::Machine::retrieveLastCaller): Use noValue.
-        (JSC::Machine::tryCTICachePutByID): Use asCell.
-        (JSC::Machine::tryCTICacheGetByID): Use aCell and asObject.
-        (JSC::setUpThrowTrampolineReturnAddress): Added this function to restore
-        the PIC-branch-avoidance that was recently lost.
-        (JSC::Machine::cti_op_add): Use asString.
-        (JSC::Machine::cti_op_instanceof): Use asCell and asObject.
-        (JSC::Machine::cti_op_call_JSFunction): Use asFunction.
-        (JSC::Machine::cti_op_call_NotJSFunction): Changed code to pass 0 for
-        the function pointer, since we don't have a JSFunction. Use asObject.
-        (JSC::Machine::cti_op_tear_off_activation): Use asActivation.
-        (JSC::Machine::cti_op_construct_JSConstruct): Use asFunction and asObject.
-        (JSC::Machine::cti_op_construct_NotJSConstruct): use asObject.
-        (JSC::Machine::cti_op_get_by_val): Use asArray and asString.
-        (JSC::Machine::cti_op_resolve_func): Use asPointer; this helps prepare
-        us for a situation where JSValue is not a pointer.
-        (JSC::Machine::cti_op_put_by_val): Use asArray.
-        (JSC::Machine::cti_op_put_by_val_array): Ditto.
-        (JSC::Machine::cti_op_resolve_global): Use asGlobalObject.
-        (JSC::Machine::cti_op_post_inc): Change VM_CHECK_EXCEPTION_2 to
-        VM_CHECK_EXCEPTION_AT_END, since there's no observable work done after
-        that point. Also use asPointer.
-        (JSC::Machine::cti_op_resolve_with_base): Use asPointer.
-        (JSC::Machine::cti_op_post_dec): Change VM_CHECK_EXCEPTION_2 to
-        VM_CHECK_EXCEPTION_AT_END, since there's no observable work done after
-        that point. Also use asPointer.
-        (JSC::Machine::cti_op_call_eval): Use asObject, noValue, and change
-        VM_CHECK_EXCEPTION_ARG to VM_THROW_EXCEPTION_AT_END.
-        (JSC::Machine::cti_op_throw): Change return value to a JSValue*.
-        (JSC::Machine::cti_op_in): Use asObject.
-        (JSC::Machine::cti_op_switch_char): Use asString.
-        (JSC::Machine::cti_op_switch_string): Ditto.
-        (JSC::Machine::cti_op_put_getter): Use asObject.
-        (JSC::Machine::cti_op_put_setter): Ditto.
-        (JSC::Machine::cti_vm_throw): Change return value to a JSValue*.
-        Use noValue.
-        * VM/Machine.h: Change return values of both cti_op_throw and
-        cti_vm_throw to JSValue*.
-
-        * VM/Register.h: Remove nullJSValue, which is the same thing
-        as noValue(). Also removed unneeded definition of JSValue.
-
-        * kjs/ArgList.h: Removed unneeded definition of JSValue.
-
-        * kjs/Arguments.h:
-        (JSC::asArguments): Added.
-
-        * kjs/ArrayPrototype.cpp:
-        (JSC::getProperty): Use noValue.
-        (JSC::arrayProtoFuncToString): Use asArray.
-        (JSC::arrayProtoFuncToLocaleString): Ditto.
-        (JSC::arrayProtoFuncConcat): Ditto.
-        (JSC::arrayProtoFuncPop): Ditto. Also removed unneeded initialization
-        of the result, which is set in both sides of the branch.
-        (JSC::arrayProtoFuncPush): Ditto.
-        (JSC::arrayProtoFuncShift): Removed unneeded initialization
-        of the result, which is set in both sides of the branch.
-        (JSC::arrayProtoFuncSort): Use asArray.
-
-        * kjs/BooleanObject.h:
-        (JSC::asBooleanObject): Added.
-
-        * kjs/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString): Use asBooleanObject.
-        (JSC::booleanProtoFuncValueOf): Ditto.
-
-        * kjs/CallData.cpp:
-        (JSC::call): Use asObject and asFunction.
-        * kjs/ConstructData.cpp:
-        (JSC::construct): Ditto.
-
-        * kjs/DateConstructor.cpp:
-        (JSC::constructDate): Use asDateInstance.
-
-        * kjs/DateInstance.h:
-        (JSC::asDateInstance): Added.
-
-        * kjs/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString): Use asDateInstance.
-        (JSC::dateProtoFuncToUTCString): Ditto.
-        (JSC::dateProtoFuncToDateString): Ditto.
-        (JSC::dateProtoFuncToTimeString): Ditto.
-        (JSC::dateProtoFuncToLocaleString): Ditto.
-        (JSC::dateProtoFuncToLocaleDateString): Ditto.
-        (JSC::dateProtoFuncToLocaleTimeString): Ditto.
-        (JSC::dateProtoFuncValueOf): Ditto.
-        (JSC::dateProtoFuncGetTime): Ditto.
-        (JSC::dateProtoFuncGetFullYear): Ditto.
-        (JSC::dateProtoFuncGetUTCFullYear): Ditto.
-        (JSC::dateProtoFuncToGMTString): Ditto.
-        (JSC::dateProtoFuncGetMonth): Ditto.
-        (JSC::dateProtoFuncGetUTCMonth): Ditto.
-        (JSC::dateProtoFuncGetDate): Ditto.
-        (JSC::dateProtoFuncGetUTCDate): Ditto.
-        (JSC::dateProtoFuncGetDay): Ditto.
-        (JSC::dateProtoFuncGetUTCDay): Ditto.
-        (JSC::dateProtoFuncGetHours): Ditto.
-        (JSC::dateProtoFuncGetUTCHours): Ditto.
-        (JSC::dateProtoFuncGetMinutes): Ditto.
-        (JSC::dateProtoFuncGetUTCMinutes): Ditto.
-        (JSC::dateProtoFuncGetSeconds): Ditto.
-        (JSC::dateProtoFuncGetUTCSeconds): Ditto.
-        (JSC::dateProtoFuncGetMilliSeconds): Ditto.
-        (JSC::dateProtoFuncGetUTCMilliseconds): Ditto.
-        (JSC::dateProtoFuncGetTimezoneOffset): Ditto.
-        (JSC::dateProtoFuncSetTime): Ditto.
-        (JSC::setNewValueFromTimeArgs): Ditto.
-        (JSC::setNewValueFromDateArgs): Ditto.
-        (JSC::dateProtoFuncSetYear): Ditto.
-        (JSC::dateProtoFuncGetYear): Ditto.
-
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::thisObject): Use asObject.
-        (JSC::DebuggerCallFrame::evaluate): Use noValue.
-        * kjs/DebuggerCallFrame.h: Added a constructor that
-        takes only a callFrame.
-
-        * kjs/ExecState.h:
-        (JSC::ExecState::clearException): Use noValue.
-
-        * kjs/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString): Use asFunction.
-        (JSC::functionProtoFuncApply): Use asArguments and asArray.
-
-        * kjs/GetterSetter.cpp:
-        (JSC::GetterSetter::getPrimitiveNumber): Use noValue.
-
-        * kjs/GetterSetter.h:
-        (JSC::asGetterSetter): Added.
-
-        * kjs/InternalFunction.cpp:
-        (JSC::InternalFunction::name): Use asString.
-
-        * kjs/InternalFunction.h:
-        (JSC::asInternalFunction): Added.
-
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter): Use asActivation.
-
-        * kjs/JSActivation.h:
-        (JSC::asActivation): Added.
-
-        * kjs/JSArray.cpp:
-        (JSC::JSArray::putSlowCase): Use noValue.
-        (JSC::JSArray::deleteProperty): Ditto.
-        (JSC::JSArray::increaseVectorLength): Ditto.
-        (JSC::JSArray::setLength): Ditto.
-        (JSC::JSArray::pop): Ditto.
-        (JSC::JSArray::sort): Ditto.
-        (JSC::JSArray::compactForSorting): Ditto.
-        * kjs/JSArray.h:
-        (JSC::asArray): Added.
-
-        * kjs/JSCell.cpp:
-        (JSC::JSCell::getJSNumber): Use noValue.
-
-        * kjs/JSCell.h:
-        (JSC::asCell): Added.
-        (JSC::JSValue::asCell): Changed to not preserve const.
-        Given the wide use of JSValue* and JSCell*, it's not
-        really useful to use const.
-        (JSC::JSValue::isNumber): Use asValue.
-        (JSC::JSValue::isString): Ditto.
-        (JSC::JSValue::isGetterSetter): Ditto.
-        (JSC::JSValue::isObject): Ditto.
-        (JSC::JSValue::getNumber): Ditto.
-        (JSC::JSValue::getString): Ditto.
-        (JSC::JSValue::getObject): Ditto.
-        (JSC::JSValue::getCallData): Ditto.
-        (JSC::JSValue::getConstructData): Ditto.
-        (JSC::JSValue::getUInt32): Ditto.
-        (JSC::JSValue::getTruncatedInt32): Ditto.
-        (JSC::JSValue::getTruncatedUInt32): Ditto.
-        (JSC::JSValue::mark): Ditto.
-        (JSC::JSValue::marked): Ditto.
-        (JSC::JSValue::toPrimitive): Ditto.
-        (JSC::JSValue::getPrimitiveNumber): Ditto.
-        (JSC::JSValue::toBoolean): Ditto.
-        (JSC::JSValue::toNumber): Ditto.
-        (JSC::JSValue::toString): Ditto.
-        (JSC::JSValue::toObject): Ditto.
-        (JSC::JSValue::toThisObject): Ditto.
-        (JSC::JSValue::needsThisConversion): Ditto.
-        (JSC::JSValue::toThisString): Ditto.
-        (JSC::JSValue::getJSNumber): Ditto.
-
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::argumentsGetter): Use asFunction.
-        (JSC::JSFunction::callerGetter): Ditto.
-        (JSC::JSFunction::lengthGetter): Ditto.
-        (JSC::JSFunction::construct): Use asObject.
-
-        * kjs/JSFunction.h:
-        (JSC::asFunction): Added.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::lastInPrototypeChain): Use asObject.
-
-        * kjs/JSGlobalObject.h:
-        (JSC::asGlobalObject): Added.
-        (JSC::ScopeChainNode::globalObject): Use asGlobalObject.
-
-        * kjs/JSImmediate.h: Added noValue, asPointer, and makeValue
-        functions. Use rawValue, makeValue, and noValue consistently
-        instead of doing reinterpret_cast in various functions.
-
-        * kjs/JSNumberCell.h:
-        (JSC::asNumberCell): Added.
-        (JSC::JSValue::uncheckedGetNumber): Use asValue and asNumberCell.
-        (JSC::JSValue::toJSNumber): Use asValue.
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::put): Use asObject and asGetterSetter.
-        (JSC::callDefaultValueFunction): Use noValue.
-        (JSC::JSObject::defineGetter): Use asGetterSetter.
-        (JSC::JSObject::defineSetter): Ditto.
-        (JSC::JSObject::lookupGetter): Ditto. Also use asObject.
-        (JSC::JSObject::lookupSetter): Ditto.
-        (JSC::JSObject::hasInstance): Use asObject.
-        (JSC::JSObject::fillGetterPropertySlot): Use asGetterSetter.
-
-        * kjs/JSObject.h:
-        (JSC::JSObject::getDirect): Use noValue.
-        (JSC::asObject): Added.
-        (JSC::JSValue::isObject): Use asValue.
-        (JSC::JSObject::get): Removed unneeded const_cast.
-        (JSC::JSObject::getPropertySlot): Use asObject.
-        (JSC::JSValue::get): Removed unneeded const_cast.
-        Use asValue, asCell, and asObject.
-        (JSC::JSValue::put): Ditto.
-        (JSC::JSObject::allocatePropertyStorageInline): Fixed spelling
-        of "oldPropertStorage".
-
-        * kjs/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot): Use asObject.
-
-        * kjs/JSString.h:
-        (JSC::asString): Added.
-        (JSC::JSValue::toThisJSString): Use asValue.
-
-        * kjs/JSValue.h: Make PreferredPrimitiveType a top level enum
-        instead of a member of JSValue. Added an asValue function that
-        returns this. Removed overload of asCell for const. Use asValue
-        instead of getting right at this.
-
-        * kjs/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncIsPrototypeOf): Use asObject.
-        (JSC::objectProtoFuncDefineGetter): Ditto.
-        (JSC::objectProtoFuncDefineSetter): Ditto.
-
-        * kjs/PropertySlot.h:
-        (JSC::PropertySlot::PropertySlot): Take a const JSValue* so the
-        callers don't have to worry about const.
-        (JSC::PropertySlot::clearBase): Use noValue.
-        (JSC::PropertySlot::clearValue): Ditto.
-
-        * kjs/RegExpConstructor.cpp:
-        (JSC::regExpConstructorDollar1): Use asRegExpConstructor.
-        (JSC::regExpConstructorDollar2): Ditto.
-        (JSC::regExpConstructorDollar3): Ditto.
-        (JSC::regExpConstructorDollar4): Ditto.
-        (JSC::regExpConstructorDollar5): Ditto.
-        (JSC::regExpConstructorDollar6): Ditto.
-        (JSC::regExpConstructorDollar7): Ditto.
-        (JSC::regExpConstructorDollar8): Ditto.
-        (JSC::regExpConstructorDollar9): Ditto.
-        (JSC::regExpConstructorInput): Ditto.
-        (JSC::regExpConstructorMultiline): Ditto.
-        (JSC::regExpConstructorLastMatch): Ditto.
-        (JSC::regExpConstructorLastParen): Ditto.
-        (JSC::regExpConstructorLeftContext): Ditto.
-        (JSC::regExpConstructorRightContext): Ditto.
-        (JSC::setRegExpConstructorInput): Ditto.
-        (JSC::setRegExpConstructorMultiline): Ditto.
-        (JSC::constructRegExp): Use asObject.
-
-        * kjs/RegExpConstructor.h:
-        (JSC::asRegExpConstructor): Added.
-
-        * kjs/RegExpObject.cpp:
-        (JSC::regExpObjectGlobal): Use asRegExpObject.
-        (JSC::regExpObjectIgnoreCase): Ditto.
-        (JSC::regExpObjectMultiline): Ditto.
-        (JSC::regExpObjectSource): Ditto.
-        (JSC::regExpObjectLastIndex): Ditto.
-        (JSC::setRegExpObjectLastIndex): Ditto.
-        (JSC::callRegExpObject): Ditto.
-
-        * kjs/RegExpObject.h:
-        (JSC::asRegExpObject): Added.
-
-        * kjs/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest): Use asRegExpObject.
-        (JSC::regExpProtoFuncExec): Ditto.
-        (JSC::regExpProtoFuncCompile): Ditto.
-        (JSC::regExpProtoFuncToString): Ditto.
-
-        * kjs/StringObject.h:
-        (JSC::StringObject::internalValue): Use asString.
-        (JSC::asStringObject): Added.
-
-        * kjs/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace): Use asRegExpObject.
-        (JSC::stringProtoFuncToString): Ue asStringObject.
-        (JSC::stringProtoFuncMatch): Use asRegExpObject.
-        (JSC::stringProtoFuncSearch): Ditto.
-        (JSC::stringProtoFuncSplit): Ditto.
-
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::getEnumerablePropertyNames): Use asObject.
-        (JSC::StructureID::createCachedPrototypeChain): Ditto.
-        (JSC::StructureIDChain::StructureIDChain): Use asCell and asObject.
-
-        * kjs/collector.h:
-        (JSC::Heap::isNumber): Removed null handling. This can only be called
-        on valid cells.
-        (JSC::Heap::cellBlock): Removed overload for const and non-const.
-        Whether the JSCell* is const or not really should have no effect on
-        whether you can modify the collector block it's in.
-
-        * kjs/interpreter.cpp:
-        (JSC::Interpreter::evaluate): Use noValue and noObject.
-
-        * kjs/nodes.cpp:
-        (JSC::FunctionCallResolveNode::emitCode): Use JSObject for the global
-        object rather than JSValue.
-        (JSC::PostfixResolveNode::emitCode): Ditto.
-        (JSC::PrefixResolveNode::emitCode): Ditto.
-        (JSC::ReadModifyResolveNode::emitCode): Ditto.
-        (JSC::AssignResolveNode::emitCode): Ditto.
-
-        * kjs/operations.h:
-        (JSC::equalSlowCaseInline): Use asString, asCell, asNumberCell, 
-        (JSC::strictEqualSlowCaseInline): Ditto.
-
-2008-10-18  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 21702: Special op_create_activation for the case where there are no named parameters
-        <https://bugs.webkit.org/show_bug.cgi?id=21702>
-
-        This is a 2.5% speedup on the V8 Raytrace benchmark and a 1.1% speedup
-        on the V8 Earley-Boyer benchmark.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_create_arguments_no_params):
-        * VM/Machine.h:
-        * kjs/Arguments.h:
-        (JSC::Arguments::):
-        (JSC::Arguments::Arguments):
-
-2008-10-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - in debug builds, alter the stack to avoid blowing out MallocStackLogging
-        
-        (In essence, while executing a CTI function we alter the return
-        address to jscGeneratedNativeCode so that a single consistent
-        function is on the stack instead of many random functions without
-        symbols.)
-
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::doSetReturnAddress):
-        (JSC::):
-        (JSC::StackHack::StackHack):
-        (JSC::StackHack::~StackHack):
-        (JSC::Machine::cti_op_convert_this):
-        (JSC::Machine::cti_op_end):
-        (JSC::Machine::cti_op_add):
-        (JSC::Machine::cti_op_pre_inc):
-        (JSC::Machine::cti_timeout_check):
-        (JSC::Machine::cti_register_file_check):
-        (JSC::Machine::cti_op_loop_if_less):
-        (JSC::Machine::cti_op_loop_if_lesseq):
-        (JSC::Machine::cti_op_new_object):
-        (JSC::Machine::cti_op_put_by_id):
-        (JSC::Machine::cti_op_put_by_id_second):
-        (JSC::Machine::cti_op_put_by_id_generic):
-        (JSC::Machine::cti_op_put_by_id_fail):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_second):
-        (JSC::Machine::cti_op_get_by_id_generic):
-        (JSC::Machine::cti_op_get_by_id_fail):
-        (JSC::Machine::cti_op_instanceof):
-        (JSC::Machine::cti_op_del_by_id):
-        (JSC::Machine::cti_op_mul):
-        (JSC::Machine::cti_op_new_func):
-        (JSC::Machine::cti_op_call_profiler):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_lazyLinkCall):
-        (JSC::Machine::cti_vm_compile):
-        (JSC::Machine::cti_op_push_activation):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_create_arguments):
-        (JSC::Machine::cti_op_tear_off_activation):
-        (JSC::Machine::cti_op_tear_off_arguments):
-        (JSC::Machine::cti_op_ret_profiler):
-        (JSC::Machine::cti_op_ret_scopeChain):
-        (JSC::Machine::cti_op_new_array):
-        (JSC::Machine::cti_op_resolve):
-        (JSC::Machine::cti_op_construct_JSConstructFast):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_get_by_val):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_sub):
-        (JSC::Machine::cti_op_put_by_val):
-        (JSC::Machine::cti_op_put_by_val_array):
-        (JSC::Machine::cti_op_lesseq):
-        (JSC::Machine::cti_op_loop_if_true):
-        (JSC::Machine::cti_op_negate):
-        (JSC::Machine::cti_op_resolve_base):
-        (JSC::Machine::cti_op_resolve_skip):
-        (JSC::Machine::cti_op_resolve_global):
-        (JSC::Machine::cti_op_div):
-        (JSC::Machine::cti_op_pre_dec):
-        (JSC::Machine::cti_op_jless):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_jtrue):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_lshift):
-        (JSC::Machine::cti_op_bitand):
-        (JSC::Machine::cti_op_rshift):
-        (JSC::Machine::cti_op_bitnot):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_new_func_exp):
-        (JSC::Machine::cti_op_mod):
-        (JSC::Machine::cti_op_less):
-        (JSC::Machine::cti_op_neq):
-        (JSC::Machine::cti_op_post_dec):
-        (JSC::Machine::cti_op_urshift):
-        (JSC::Machine::cti_op_bitxor):
-        (JSC::Machine::cti_op_new_regexp):
-        (JSC::Machine::cti_op_bitor):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_op_throw):
-        (JSC::Machine::cti_op_get_pnames):
-        (JSC::Machine::cti_op_next_pname):
-        (JSC::Machine::cti_op_push_scope):
-        (JSC::Machine::cti_op_pop_scope):
-        (JSC::Machine::cti_op_typeof):
-        (JSC::Machine::cti_op_is_undefined):
-        (JSC::Machine::cti_op_is_boolean):
-        (JSC::Machine::cti_op_is_number):
-        (JSC::Machine::cti_op_is_string):
-        (JSC::Machine::cti_op_is_object):
-        (JSC::Machine::cti_op_is_function):
-        (JSC::Machine::cti_op_stricteq):
-        (JSC::Machine::cti_op_nstricteq):
-        (JSC::Machine::cti_op_to_jsnumber):
-        (JSC::Machine::cti_op_in):
-        (JSC::Machine::cti_op_push_new_scope):
-        (JSC::Machine::cti_op_jmp_scopes):
-        (JSC::Machine::cti_op_put_by_index):
-        (JSC::Machine::cti_op_switch_imm):
-        (JSC::Machine::cti_op_switch_char):
-        (JSC::Machine::cti_op_switch_string):
-        (JSC::Machine::cti_op_del_by_val):
-        (JSC::Machine::cti_op_put_getter):
-        (JSC::Machine::cti_op_put_setter):
-        (JSC::Machine::cti_op_new_error):
-        (JSC::Machine::cti_op_debug):
-        (JSC::Machine::cti_vm_throw):
-
-2008-10-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Optimize op_call by allowing call sites to be directly linked to callees.
-
-        For the hot path of op_call, CTI now generates a check (initially for an impossible
-        value), and the first time the call is executed we attempt to link the call directly
-        to the callee.  We can currently only do so if the arity of the caller and callee
-        match.  The (optimized) setup for the call on the hot path is linked directly to
-        the ctiCode for the callee, without indirection.
-        
-        Two forms of the slow case of the call are generated, the first will be executed the
-        first time the call is reached.  As well as this path attempting to link the call to
-        a callee, it also relinks the slow case to a second slow case, which will not continue
-        to attempt relinking the call.  (This policy could be changed in future, but for not
-        this is intended to prevent thrashing).
-
-        If a callee that the caller has been linked to is garbage collected, then the link
-        in the caller's JIt code will be reset back to a value that cannot match - to prevent
-        any false positive matches.
-
-        ~20% progression on deltablue & richards, >12% overall reduction in v8-tests
-        runtime, one or two percent progression on sunspider.
-
-        Reviewed by Oliver Hunt.
-
-        * VM/CTI.cpp:
-        (JSC::):
-        (JSC::CTI::emitNakedCall):
-        (JSC::unreachable):
-        (JSC::CTI::compileOpCallInitializeCallFrame):
-        (JSC::CTI::compileOpCallSetupArgs):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::unlinkCall):
-        (JSC::CTI::linkCall):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::unlinkCallers):
-        (JSC::CodeBlock::derefStructureIDs):
-        * VM/CodeBlock.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (JSC::CodeBlock::addCaller):
-        (JSC::CodeBlock::removeCaller):
-        (JSC::CodeBlock::getStubInfo):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitConstruct):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_profiler):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_lazyLinkCall):
-        (JSC::Machine::cti_op_construct_JSConstructFast):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        * VM/Machine.h:
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-        * kjs/JSFunction.h:
-        * kjs/nodes.h:
-        (JSC::FunctionBodyNode::):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::getDifferenceBetweenLabels):
-
-2008-10-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff Garen.
-        
-        - remove ASSERT that makes the leaks buildbot cry
-
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-
-2008-10-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich
-        
-        - don't bother to do arguments tearoff when it will have no effect
-
-        ~1% on v8 raytrace
-        
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitReturn):
-
-2008-10-17  Marco Barisione  <marco.barisione@collabora.co.uk>
-
-        Reviewed by Sam Weinig. Landed by Jan Alonzo.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21603
-        [GTK] Minor fixes to GOwnPtr
-
-        * wtf/GOwnPtr.cpp:
-        (WTF::GError):
-        (WTF::GList):
-        (WTF::GCond):
-        (WTF::GMutex):
-        (WTF::GPatternSpec):
-        (WTF::GDir):
-        * wtf/GOwnPtr.h:
-        (WTF::freeOwnedGPtr):
-        (WTF::GOwnPtr::~GOwnPtr):
-        (WTF::GOwnPtr::outPtr):
-        (WTF::GOwnPtr::set):
-        (WTF::GOwnPtr::clear):
-        * wtf/Threading.h:
-
-2008-10-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - speed up transitions that resize the property storage a fair bit
-        
-        ~3% speedup on v8 RayTrace benchmark, ~1% on DeltaBlue
-
-        * VM/CTI.cpp:
-        (JSC::resizePropertyStorage): renamed from transitionObject, and reduced to just resize
-        the object's property storage with one inline call.
-        (JSC::CTI::privateCompilePutByIdTransition): Use a separate function for property storage
-        resize, but still do all the rest of the work in assembly in that case, and pass the known
-        compile-time constants of old and new size rather than structureIDs, saving a bunch of
-        redundant memory access.
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::allocatePropertyStorage): Just call the inline version.
-        * kjs/JSObject.h:
-        (JSC::JSObject::allocatePropertyStorageInline): Inline version of allocatePropertyStorage
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::pushl_i32): Add code to assmeble push of a constant; code originally by Cameron Zwarich.
-
-2008-10-17  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Remove some C style casts.
-
-        * masm/X86Assembler.h:
-        (JSC::JITCodeBuffer::putIntUnchecked):
-        (JSC::X86Assembler::link):
-        (JSC::X86Assembler::linkAbsoluteAddress):
-        (JSC::X86Assembler::getRelocatedAddress):
-
-2008-10-17  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        Remove some C style casts.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::patchGetByIdSelf):
-        (JSC::CTI::patchPutByIdReplace):
-        * VM/Machine.cpp:
-        (JSC::Machine::tryCTICachePutByID):
-        (JSC::Machine::tryCTICacheGetByID):
-        (JSC::Machine::cti_op_put_by_id):
-        (JSC::Machine::cti_op_put_by_id_fail):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_fail):
-
-2008-10-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - Avoid restoring the caller's 'r' value in op_ret
-        https://bugs.webkit.org/show_bug.cgi?id=21319
-
-        This patch stops writing the call frame at call and return points;
-        instead it does so immediately before any CTI call.
-        
-        0.5% speedup or so on the v8 benchmark
-               
-        * VM/CTI.cpp:
-        (JSC::CTI::emitCTICall):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        * VM/CTI.h:
-
-2008-10-17  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Make WREC require CTI because it won't actually compile otherwise.
-
-        * wtf/Platform.h:
-
-2008-10-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
-        - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default
-
-        This time there is no performance regression; we can avoid having
-        to use the fastcall calling convention for CTI functions by using
-        varargs to prevent the compiler from moving things around on the
-        stack.
-        
-        * Configurations/DebugRelease.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        * VM/Machine.h:
-        * wtf/Platform.h:
-
-2008-10-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - fix for REGRESSION: r37631 causing crashes on buildbot
-        https://bugs.webkit.org/show_bug.cgi?id=21682
-        
-        * kjs/collector.cpp:
-        (JSC::Heap::collect): Avoid crashing when a GC occurs while no global objects are live.
-
-2008-10-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21683
-        Don't create intermediate StructureIDs for builtin objects
-
-        First step in reduce number of StructureIDs created when initializing the
-        JSGlobalObject.
-
-        - In order to avoid creating the intermediate StructureIDs use the new putDirectWithoutTransition
-          and putDirectFunctionWithoutTransition to add properties to JSObjects without transitioning
-          the StructureID.  This patch just implements this strategy for ObjectPrototype but alone
-          reduces the number of StructureIDs create for about:blank by 10, from 142 to 132.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        * kjs/JSObject.h:
-        (JSC::JSObject::putDirectWithoutTransition):
-        * kjs/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * kjs/ObjectPrototype.h:
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::addPropertyWithoutTransition):
-        * kjs/StructureID.h:
-
-2008-10-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - fix for: REGRESSION: over 100 StructureIDs leak loading about:blank (result of fix for bug 21633)
-        
-        Apparent slight progression (< 0.5%) on v8 benchmarks and SunSpider.
-
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::~StructureID): Don't deref this object's parent's pointer to
-        itself from the destructor; that doesn't even make sense.
-        (JSC::StructureID::addPropertyTransition): Don't refer the single transition;
-        the rule is that parent StructureIDs are ref'd but child ones are not. Refing
-        the child creates a cycle.
-
-2008-10-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21609
-        Make MessagePorts protect their peers across heaps
-
-        * JavaScriptCore.exp:
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::markCrossHeapDependentObjects):
-        * kjs/JSGlobalObject.h:
-        * kjs/collector.cpp:
-        (JSC::Heap::collect):
-        Before GC sweep phase, a function supplied by global object is now called for all global
-        objects in the heap, making it possible to implement cross-heap dependencies.
-
-2008-10-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21610
-        run-webkit-threads --threaded crashes in StructureID destructor
-
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::~StructureID):
-        Protect access to a static (debug-only) HashSet with a lock.
-
-2008-10-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Goeffrey Garen.
-
-        Add function to dump statistics for StructureIDs.
-
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::dumpStatistics):
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::~StructureID):
-        * kjs/StructureID.h:
-
-2008-10-15  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21633: Avoid using a HashMap when there is only a single transition
-        <https://bugs.webkit.org/show_bug.cgi?id=21633>
-
-        This is a 0.8% speedup on SunSpider and between a 0.5% and 1.0% speedup
-        on the V8 benchmark suite, depending on which harness we use. It will
-        also slightly reduce the memory footprint of a StructureID.
-
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::~StructureID):
-        (JSC::StructureID::addPropertyTransition):
-        * kjs/StructureID.h:
-        (JSC::StructureID::):
-
-2008-10-15  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        1.40% speedup on SunSpider, 1.44% speedup on V8. (Linux)
-        
-        No change on Mac.
-
-        * VM/Machine.cpp:
-        (JSC::fastIsNumber): ALWAYS_INLINE modifier added.
-
-2008-10-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=21345
-        Start the debugger without reloading the inspected page
-
-        * JavaScriptCore.exp: New symbols.
-        * JavaScriptCore.xcodeproj/project.pbxproj: New files.
-
-        * VM/CodeBlock.h:
-        (JSC::EvalCodeCache::get): Updated for tweak to parsing API.
-
-        * kjs/CollectorHeapIterator.h: Added. An iterator for the object heap,
-        which we use to find all the live functions and recompile them.
-
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate): Updated for tweak to parsing API.
-
-        * kjs/FunctionConstructor.cpp:
-        (JSC::constructFunction): Updated for tweak to parsing API.
-
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction): Try to validate our SourceCode in debug
-        builds by ASSERTing that it's syntactically valid. This doesn't catch
-        all SourceCode bugs, but it catches a lot of them.
-
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval): Updated for tweak to parsing API.
-
-        * kjs/Parser.cpp:
-        (JSC::Parser::parse):
-        * kjs/Parser.h:
-        (JSC::Parser::parse): Tweaked the parser to make it possible to parse
-        without an ExecState, and to allow the client to specify a debugger to
-        notify (or not) about the source we parse. This allows the inspector
-        to recompile even though no JavaScript is executing, then notify the
-        debugger about all source code when it's done.
-
-        * kjs/Shell.cpp:
-        (prettyPrintScript): Updated for tweak to parsing API.
-
-        * kjs/SourceRange.h:
-        (JSC::SourceCode::isNull): Added to help with ASSERTs.
-
-        * kjs/collector.cpp:
-        (JSC::Heap::heapAllocate):
-        (JSC::Heap::sweep):
-        (JSC::Heap::primaryHeapBegin):
-        (JSC::Heap::primaryHeapEnd):
-        * kjs/collector.h:
-        (JSC::): Moved a bunch of declarations around to enable compilation of
-        CollectorHeapIterator.
-
-        * kjs/interpreter.cpp:
-        (JSC::Interpreter::checkSyntax):
-        (JSC::Interpreter::evaluate): Updated for tweak to parsing API.
-
-        * kjs/lexer.h:
-        (JSC::Lexer::sourceCode): BUG FIX: Calculate SourceCode ranges relative
-        to the SourceCode range in which we're lexing, otherwise nested functions
-        that are compiled individually get SourceCode ranges that don't reflect
-        their nesting.
-
-        * kjs/nodes.cpp:
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::finishParsing):
-        (JSC::FunctionBodyNode::create):
-        (JSC::FunctionBodyNode::copyParameters):
-        * kjs/nodes.h:
-        (JSC::ScopeNode::setSource):
-        (JSC::FunctionBodyNode::parameterCount): Added some helper functions for
-        copying one FunctionBodyNode's parameters to another. The recompiler uses
-        these when calling "finishParsing".
-
-2008-10-15  Joerg Bornemann  <joerg.bornemann@trolltech.com>
-
-        Reviewed by Darin Adler.
-
-        - part of https://bugs.webkit.org/show_bug.cgi?id=20746
-          Fix compilation on Windows CE.
-
-        str(n)icmp, strdup and vsnprintf are not available on Windows CE,
-        they are called _str(n)icmp, etc. instead
-
-        * wtf/StringExtras.h: Added inline function implementations.
-
-2008-10-15  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Cameron Zwarich.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=20912>
-        Use simple uint32_t multiplication on op_mul if both operands are
-        immediate number and they are between zero and 0x7FFF.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-
-2008-10-09  Darin Fisher  <darin@chromium.org>
-
-        Reviewed by Sam Weinig.
-
-        Make pan scrolling a platform configurable option.
-        https://bugs.webkit.org/show_bug.cgi?id=21515
-
-        * wtf/Platform.h: Add ENABLE_PAN_SCROLLING
-
-2008-10-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Sam Weinig.
-        
-        - revert r37572 and r37581 for now
-        
-        Turns out GCC 4.2 is still a (small) regression, we'll have to do
-        more work to turn it on.
-
-        * Configurations/DebugRelease.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_convert_this):
-        (JSC::Machine::cti_op_end):
-        (JSC::Machine::cti_op_add):
-        (JSC::Machine::cti_op_pre_inc):
-        (JSC::Machine::cti_timeout_check):
-        (JSC::Machine::cti_register_file_check):
-        (JSC::Machine::cti_op_loop_if_less):
-        (JSC::Machine::cti_op_loop_if_lesseq):
-        (JSC::Machine::cti_op_new_object):
-        (JSC::Machine::cti_op_put_by_id):
-        (JSC::Machine::cti_op_put_by_id_second):
-        (JSC::Machine::cti_op_put_by_id_generic):
-        (JSC::Machine::cti_op_put_by_id_fail):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_second):
-        (JSC::Machine::cti_op_get_by_id_generic):
-        (JSC::Machine::cti_op_get_by_id_fail):
-        (JSC::Machine::cti_op_instanceof):
-        (JSC::Machine::cti_op_del_by_id):
-        (JSC::Machine::cti_op_mul):
-        (JSC::Machine::cti_op_new_func):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_compile):
-        (JSC::Machine::cti_op_push_activation):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_create_arguments):
-        (JSC::Machine::cti_op_tear_off_activation):
-        (JSC::Machine::cti_op_tear_off_arguments):
-        (JSC::Machine::cti_op_ret_profiler):
-        (JSC::Machine::cti_op_ret_scopeChain):
-        (JSC::Machine::cti_op_new_array):
-        (JSC::Machine::cti_op_resolve):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_get_by_val):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_sub):
-        (JSC::Machine::cti_op_put_by_val):
-        (JSC::Machine::cti_op_put_by_val_array):
-        (JSC::Machine::cti_op_lesseq):
-        (JSC::Machine::cti_op_loop_if_true):
-        (JSC::Machine::cti_op_negate):
-        (JSC::Machine::cti_op_resolve_base):
-        (JSC::Machine::cti_op_resolve_skip):
-        (JSC::Machine::cti_op_resolve_global):
-        (JSC::Machine::cti_op_div):
-        (JSC::Machine::cti_op_pre_dec):
-        (JSC::Machine::cti_op_jless):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_jtrue):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_lshift):
-        (JSC::Machine::cti_op_bitand):
-        (JSC::Machine::cti_op_rshift):
-        (JSC::Machine::cti_op_bitnot):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_new_func_exp):
-        (JSC::Machine::cti_op_mod):
-        (JSC::Machine::cti_op_less):
-        (JSC::Machine::cti_op_neq):
-        (JSC::Machine::cti_op_post_dec):
-        (JSC::Machine::cti_op_urshift):
-        (JSC::Machine::cti_op_bitxor):
-        (JSC::Machine::cti_op_new_regexp):
-        (JSC::Machine::cti_op_bitor):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_op_throw):
-        (JSC::Machine::cti_op_get_pnames):
-        (JSC::Machine::cti_op_next_pname):
-        (JSC::Machine::cti_op_push_scope):
-        (JSC::Machine::cti_op_pop_scope):
-        (JSC::Machine::cti_op_typeof):
-        (JSC::Machine::cti_op_is_undefined):
-        (JSC::Machine::cti_op_is_boolean):
-        (JSC::Machine::cti_op_is_number):
-        (JSC::Machine::cti_op_is_string):
-        (JSC::Machine::cti_op_is_object):
-        (JSC::Machine::cti_op_is_function):
-        (JSC::Machine::cti_op_stricteq):
-        (JSC::Machine::cti_op_nstricteq):
-        (JSC::Machine::cti_op_to_jsnumber):
-        (JSC::Machine::cti_op_in):
-        (JSC::Machine::cti_op_push_new_scope):
-        (JSC::Machine::cti_op_jmp_scopes):
-        (JSC::Machine::cti_op_put_by_index):
-        (JSC::Machine::cti_op_switch_imm):
-        (JSC::Machine::cti_op_switch_char):
-        (JSC::Machine::cti_op_switch_string):
-        (JSC::Machine::cti_op_del_by_val):
-        (JSC::Machine::cti_op_put_getter):
-        (JSC::Machine::cti_op_put_setter):
-        (JSC::Machine::cti_op_new_error):
-        (JSC::Machine::cti_op_debug):
-        (JSC::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::emitRestoreArgumentReference):
-        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
-        * wtf/Platform.h:
-
-2008-10-14  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20256
-        Array.push and other standard methods disappear
-
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        Don't use static hash tables even on platforms that don't enable JSC_MULTIPLE_THREADS -
-        these tables reference IdentifierTable, which is always per-GlobalData.
-
-2008-10-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - always use CTI_ARGUMENTS and CTI_ARGUMENTS_FASTCALL
-        
-        This is a small regression for GCC 4.0, but simplifies the code
-        for future improvements and lets us focus on GCC 4.2+ and MSVC.
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_convert_this):
-        (JSC::Machine::cti_op_end):
-        (JSC::Machine::cti_op_add):
-        (JSC::Machine::cti_op_pre_inc):
-        (JSC::Machine::cti_timeout_check):
-        (JSC::Machine::cti_register_file_check):
-        (JSC::Machine::cti_op_loop_if_less):
-        (JSC::Machine::cti_op_loop_if_lesseq):
-        (JSC::Machine::cti_op_new_object):
-        (JSC::Machine::cti_op_put_by_id):
-        (JSC::Machine::cti_op_put_by_id_second):
-        (JSC::Machine::cti_op_put_by_id_generic):
-        (JSC::Machine::cti_op_put_by_id_fail):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_second):
-        (JSC::Machine::cti_op_get_by_id_generic):
-        (JSC::Machine::cti_op_get_by_id_fail):
-        (JSC::Machine::cti_op_instanceof):
-        (JSC::Machine::cti_op_del_by_id):
-        (JSC::Machine::cti_op_mul):
-        (JSC::Machine::cti_op_new_func):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_compile):
-        (JSC::Machine::cti_op_push_activation):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_create_arguments):
-        (JSC::Machine::cti_op_tear_off_activation):
-        (JSC::Machine::cti_op_tear_off_arguments):
-        (JSC::Machine::cti_op_ret_profiler):
-        (JSC::Machine::cti_op_ret_scopeChain):
-        (JSC::Machine::cti_op_new_array):
-        (JSC::Machine::cti_op_resolve):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_get_by_val):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_sub):
-        (JSC::Machine::cti_op_put_by_val):
-        (JSC::Machine::cti_op_put_by_val_array):
-        (JSC::Machine::cti_op_lesseq):
-        (JSC::Machine::cti_op_loop_if_true):
-        (JSC::Machine::cti_op_negate):
-        (JSC::Machine::cti_op_resolve_base):
-        (JSC::Machine::cti_op_resolve_skip):
-        (JSC::Machine::cti_op_resolve_global):
-        (JSC::Machine::cti_op_div):
-        (JSC::Machine::cti_op_pre_dec):
-        (JSC::Machine::cti_op_jless):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_jtrue):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_lshift):
-        (JSC::Machine::cti_op_bitand):
-        (JSC::Machine::cti_op_rshift):
-        (JSC::Machine::cti_op_bitnot):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_new_func_exp):
-        (JSC::Machine::cti_op_mod):
-        (JSC::Machine::cti_op_less):
-        (JSC::Machine::cti_op_neq):
-        (JSC::Machine::cti_op_post_dec):
-        (JSC::Machine::cti_op_urshift):
-        (JSC::Machine::cti_op_bitxor):
-        (JSC::Machine::cti_op_new_regexp):
-        (JSC::Machine::cti_op_bitor):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_op_throw):
-        (JSC::Machine::cti_op_get_pnames):
-        (JSC::Machine::cti_op_next_pname):
-        (JSC::Machine::cti_op_push_scope):
-        (JSC::Machine::cti_op_pop_scope):
-        (JSC::Machine::cti_op_typeof):
-        (JSC::Machine::cti_op_is_undefined):
-        (JSC::Machine::cti_op_is_boolean):
-        (JSC::Machine::cti_op_is_number):
-        (JSC::Machine::cti_op_is_string):
-        (JSC::Machine::cti_op_is_object):
-        (JSC::Machine::cti_op_is_function):
-        (JSC::Machine::cti_op_stricteq):
-        (JSC::Machine::cti_op_nstricteq):
-        (JSC::Machine::cti_op_to_jsnumber):
-        (JSC::Machine::cti_op_in):
-        (JSC::Machine::cti_op_push_new_scope):
-        (JSC::Machine::cti_op_jmp_scopes):
-        (JSC::Machine::cti_op_put_by_index):
-        (JSC::Machine::cti_op_switch_imm):
-        (JSC::Machine::cti_op_switch_char):
-        (JSC::Machine::cti_op_switch_string):
-        (JSC::Machine::cti_op_del_by_val):
-        (JSC::Machine::cti_op_put_getter):
-        (JSC::Machine::cti_op_put_setter):
-        (JSC::Machine::cti_op_new_error):
-        (JSC::Machine::cti_op_debug):
-        (JSC::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::emitRestoreArgumentReference):
-        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
-        * wtf/Platform.h:
-
-2008-10-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - make Machine::getArgumentsData an Arguments method and inline it
-        
-        ~2% on v8 raytrace
-
-        * VM/Machine.cpp:
-        * kjs/Arguments.h:
-        (JSC::Machine::getArgumentsData):
-
-2008-10-13  Alp Toker  <alp@nuanti.com>
-
-        Fix autotools dist build target by listing recently added header
-        files only. Not reviewed.
-
-        * GNUmakefile.am:
-
-2008-10-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Mark Rowe.
-        
-        - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
-        - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default
-
-        * Configurations/DebugRelease.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-10-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 21541: Move RegisterFile growth check to callee
-        <https://bugs.webkit.org/show_bug.cgi?id=21541>
-
-        Move the RegisterFile growth check to the callee in the common case,
-        where some of the information is known statically at JIT time. There is
-        still a check in the caller in the case where the caller provides too
-        few arguments.
-
-        This is a 2.1% speedup on the V8 benchmark, including a 5.1% speedup on
-        the Richards benchmark, a 4.1% speedup on the DeltaBlue benchmark, and a
-        1.4% speedup on the Earley-Boyer benchmark. It is also a 0.5% speedup on
-        SunSpider.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompile):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_register_file_check):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        * VM/Machine.h:
-        * VM/RegisterFile.h:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::cmpl_mr):
-        (JSC::X86Assembler::emitUnlinkedJg):
-
-2008-10-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Dan Bernstein.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21577
-        5 false positive StructureID leaks
-
-        - Add leak ignore set to StructureID to selectively ignore leaking some StructureIDs.
-        - Add create method to JSGlolalData to be used when the data will be intentionally
-          leaked and ignore all leaks caused the StructureIDs stored in it.
-
-        * JavaScriptCore.exp:
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::createLeaked):
-        * kjs/JSGlobalData.h:
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::~StructureID):
-        (JSC::StructureID::startIgnoringLeaks):
-        (JSC::StructureID::stopIgnoringLeaks):
-        * kjs/StructureID.h:
-
-2008-10-13  Marco Barisione  <marco.barisione@collabora.co.uk>
-
-        Reviewed by Darin Adler. Landed by Jan Alonzo.
-
-        WebKit GTK Port needs a smartpointer to handle g_free (GFreePtr?)
-        http://bugs.webkit.org/show_bug.cgi?id=20483
-
-        Add a GOwnPtr smart pointer (similar to OwnPtr) to handle memory
-        allocated by GLib and start the conversion to use it.
-
-        * GNUmakefile.am:
-        * wtf/GOwnPtr.cpp: Added.
-        (WTF::GError):
-        (WTF::GList):
-        (WTF::GCond):
-        (WTF::GMutex):
-        (WTF::GPatternSpec):
-        (WTF::GDir):
-        * wtf/GOwnPtr.h: Added.
-        (WTF::freeOwnedPtr):
-        (WTF::GOwnPtr::GOwnPtr):
-        (WTF::GOwnPtr::~GOwnPtr):
-        (WTF::GOwnPtr::get):
-        (WTF::GOwnPtr::release):
-        (WTF::GOwnPtr::rawPtr):
-        (WTF::GOwnPtr::set):
-        (WTF::GOwnPtr::clear):
-        (WTF::GOwnPtr::operator*):
-        (WTF::GOwnPtr::operator->):
-        (WTF::GOwnPtr::operator!):
-        (WTF::GOwnPtr::operator UnspecifiedBoolType):
-        (WTF::GOwnPtr::swap):
-        (WTF::swap):
-        (WTF::operator==):
-        (WTF::operator!=):
-        (WTF::getPtr):
-        * wtf/Threading.h:
-        * wtf/ThreadingGtk.cpp:
-        (WTF::Mutex::~Mutex):
-        (WTF::Mutex::lock):
-        (WTF::Mutex::tryLock):
-        (WTF::Mutex::unlock):
-        (WTF::ThreadCondition::~ThreadCondition):
-        (WTF::ThreadCondition::wait):
-        (WTF::ThreadCondition::timedWait):
-        (WTF::ThreadCondition::signal):
-        (WTF::ThreadCondition::broadcast):
-
-2008-10-12  Gabriella Toth  <gtoth@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        - part of https://bugs.webkit.org/show_bug.cgi?id=21055
-          Bug 21055: not invoked functions
-
-        * kjs/nodes.cpp: Deleted a function that is not invoked:
-        statementListInitializeVariableAccessStack.
-
-2008-10-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        * wtf/unicode/icu/UnicodeIcu.h: Fixed indentation to match WebKit coding style.
-        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
-
-2008-10-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21556
-          Bug 21556: non-ASCII digits are allowed in places where only ASCII should be
-
-        * wtf/unicode/icu/UnicodeIcu.h: Removed isDigit, digitValue, and isFormatChar.
-        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
-
-2008-10-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Make the append method that takes a Vector more strict - it now requires the elements 
-        of the vector to be appended same type as the elements of the Vector they're being appended to.
-        
-        This would cause problems when dealing with Vectors containing other Vectors.
-        
-        * wtf/Vector.h:
-        (WTF::::append):
-
-2008-10-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Clean up RegExpMatchesArray.h to match our coding style.
-
-        * kjs/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        (JSC::RegExpMatchesArray::put):
-        (JSC::RegExpMatchesArray::deleteProperty):
-        (JSC::RegExpMatchesArray::getPropertyNames):
-
-2008-10-11  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 21525: 55 StructureID leaks on Wikitravel's main page
-        <https://bugs.webkit.org/show_bug.cgi?id=21525>
-
-        Bug 21533: Simple JavaScript code leaks StructureIDs
-        <https://bugs.webkit.org/show_bug.cgi?id=21533>
-
-        StructureID::getEnumerablePropertyNames() ends up calling back to itself
-        via JSObject::getPropertyNames(), which causes the PropertyNameArray to
-        be cached twice. This leads to a memory leak in almost every use of
-        JSObject::getPropertyNames() on an object. The fix here is based on a
-        suggestion of Sam Weinig.
-
-        This patch also fixes every StructureID leaks that occurs while running
-        the Mozilla MemBuster test.
-
-        * kjs/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::setCacheable):
-        (JSC::PropertyNameArray::cacheable):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::getEnumerablePropertyNames):
-
-2008-10-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Use fastcall calling convention on GCC > 4.0
-
-        Results in a 2-3% improvement in GCC 4.2 performance, so
-        that it is no longer a regression vs. GCC 4.0
-
-        * VM/CTI.cpp:
-        * VM/Machine.h:
-        * wtf/Platform.h:
-
-2008-10-10  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        - Add a workaround for a bug in ceil in Darwin libc.
-        - Remove old workarounds for JS math functions that are not needed
-          anymore.
-
-        The math functions are heavily tested by fast/js/math.html.
-
-        * kjs/MathObject.cpp:
-        (JSC::mathProtoFuncAbs): Remove workaround.
-        (JSC::mathProtoFuncCeil): Ditto.
-        (JSC::mathProtoFuncFloor): Ditto.
-        * wtf/MathExtras.h:
-        (wtf_ceil): Add ceil workaround for darwin.
-
-2008-10-10  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler
-
-        Add Assertions to JSObject constructor.
-
-        * kjs/JSObject.h:
-        (JSC::JSObject::JSObject):
-
-2008-10-10  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Remove now unused m_getterSetterFlag variable from PropertyMap.
-
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::operator=):
-        * kjs/PropertyMap.h:
-        (JSC::PropertyMap::PropertyMap):
-
-2008-10-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add leaks checking to StructureID.
-
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::~StructureID):
-
-2008-10-09  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20760
-        Implement support for x86 Linux in CTI
-
-        Prepare to enable CTI/WREC on supported architectures.
-
-        Make it possible to use the CTI_ARGUMENT workaround with GCC as well
-        as MSVC by fixing some preprocessor conditionals.
-
-        Note that CTI/WREC no longer requires CTI_ARGUMENT on Linux so we
-        don't actually enable it except when building with MSVC. GCC on Win32
-        remains untested.
-
-        Adapt inline ASM code to use the global symbol underscore prefix only
-        on Darwin and to call the properly mangled Machine::cti_vm_throw
-        symbol name depending on CTI_ARGUMENT.
-
-        Also avoid global inclusion of the JIT infrastructure headers
-        throughout WebCore and WebKit causing recompilation of about ~1500
-        source files after modification to X86Assembler.h, CTI.h, WREC.h,
-        which are only used deep inside JavaScriptCore.
-
-        * GNUmakefile.am:
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * kjs/regexp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::~RegExp):
-        (JSC::RegExp::match):
-        * kjs/regexp.h:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::emitConvertToFastCall):
-        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
-        (JSC::X86Assembler::emitRestoreArgumentReference):
-
-2008-10-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for bug #21160, x=0;1/(x*-1) == -Infinity
-
-        * ChangeLog:
-        * VM/CTI.cpp:
-        (JSC::CTI::emitFastArithDeTagImmediate):
-        (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::emitUnlinkedJs):
-
-2008-10-09  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 21459: REGRESSION (r37324): Safari crashes inside JavaScriptCore while browsing hulu.com
-        <https://bugs.webkit.org/show_bug.cgi?id=21459>
-
-        After r37324, an Arguments object does not mark an associated activation
-        object. This change was made because Arguments no longer directly used
-        the activation object in any way. However, if an activation is torn off,
-        then the backing store of Arguments becomes the register array of the
-        activation object. Arguments directly marks all of the arguments, but
-        the activation object is being collected, which causes its register
-        array to be freed and new memory to be allocated in its place.
-
-        Unfortunately, it does not seem possible to reproduce this issue in a
-        layout test.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::mark):
-        * kjs/Arguments.h:
-        (JSC::Arguments::setActivation):
-        (JSC::Arguments::Arguments):
-        (JSC::JSActivation::copyRegisters):
-
-2008-10-09  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        Build fix for MinGW.
-
-        * wtf/AlwaysInline.h:
-
-2008-10-08  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21497: REGRESSION (r37433): Bytecode JSC tests are severely broken
-        <https://bugs.webkit.org/show_bug.cgi?id=21497>
-
-        Fix a typo in r37433 that causes the failure of a large number of JSC
-        tests with the bytecode interpreter enabled.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-
-2008-10-08  Mark Rowe  <mrowe@apple.com>
-
-        Windows build fix.
-
-        * VM/CTI.cpp:
-        (JSC::): Update type of argument to ctiTrampoline.
-
-2008-10-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21403
-          Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
-
-        Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
-        client over to the new name.
-
-        Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
-        as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
-        accessor functions to get at things in the frame.
-
-        Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
-        JSGlobalData* and in other cases eliminating them entirely.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeFunction):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectDeleteProperty):
-        * API/OpaqueJSString.cpp:
-        * API/OpaqueJSString.h:
-        * VM/CTI.cpp:
-        (JSC::CTI::getConstant):
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-        (JSC::CTI::printOpcodeOperandTypes):
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::compileRegExp):
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitEqualityOp):
-        (JSC::CodeGenerator::emitLoad):
-        (JSC::CodeGenerator::emitUnexpectedLoad):
-        (JSC::CodeGenerator::emitConstruct):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAddSlowCase):
-        (JSC::jsAdd):
-        (JSC::jsTypeStringForValue):
-        (JSC::Machine::resolve):
-        (JSC::Machine::resolveSkip):
-        (JSC::Machine::resolveGlobal):
-        (JSC::inlineResolveBase):
-        (JSC::Machine::resolveBase):
-        (JSC::Machine::resolveBaseAndProperty):
-        (JSC::Machine::resolveBaseAndFunc):
-        (JSC::Machine::slideRegisterWindowForCall):
-        (JSC::isNotObject):
-        (JSC::Machine::callEval):
-        (JSC::Machine::dumpCallFrame):
-        (JSC::Machine::dumpRegisters):
-        (JSC::Machine::unwindCallFrame):
-        (JSC::Machine::throwException):
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
-        (JSC::Machine::execute):
-        (JSC::Machine::debug):
-        (JSC::Machine::createExceptionScope):
-        (JSC::cachePrototypeChain):
-        (JSC::Machine::tryCachePutByID):
-        (JSC::Machine::tryCacheGetByID):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::retrieveArguments):
-        (JSC::Machine::retrieveCaller):
-        (JSC::Machine::retrieveLastCaller):
-        (JSC::Machine::findFunctionCallFrame):
-        (JSC::Machine::getArgumentsData):
-        (JSC::Machine::tryCTICachePutByID):
-        (JSC::Machine::getCTIArrayLengthTrampoline):
-        (JSC::Machine::getCTIStringLengthTrampoline):
-        (JSC::Machine::tryCTICacheGetByID):
-        (JSC::Machine::cti_op_convert_this):
-        (JSC::Machine::cti_op_end):
-        (JSC::Machine::cti_op_add):
-        (JSC::Machine::cti_op_pre_inc):
-        (JSC::Machine::cti_timeout_check):
-        (JSC::Machine::cti_op_loop_if_less):
-        (JSC::Machine::cti_op_loop_if_lesseq):
-        (JSC::Machine::cti_op_new_object):
-        (JSC::Machine::cti_op_put_by_id):
-        (JSC::Machine::cti_op_put_by_id_second):
-        (JSC::Machine::cti_op_put_by_id_generic):
-        (JSC::Machine::cti_op_put_by_id_fail):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_second):
-        (JSC::Machine::cti_op_get_by_id_generic):
-        (JSC::Machine::cti_op_get_by_id_fail):
-        (JSC::Machine::cti_op_instanceof):
-        (JSC::Machine::cti_op_del_by_id):
-        (JSC::Machine::cti_op_mul):
-        (JSC::Machine::cti_op_new_func):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_compile):
-        (JSC::Machine::cti_op_push_activation):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_create_arguments):
-        (JSC::Machine::cti_op_tear_off_activation):
-        (JSC::Machine::cti_op_tear_off_arguments):
-        (JSC::Machine::cti_op_ret_profiler):
-        (JSC::Machine::cti_op_ret_scopeChain):
-        (JSC::Machine::cti_op_new_array):
-        (JSC::Machine::cti_op_resolve):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_get_by_val):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_sub):
-        (JSC::Machine::cti_op_put_by_val):
-        (JSC::Machine::cti_op_put_by_val_array):
-        (JSC::Machine::cti_op_lesseq):
-        (JSC::Machine::cti_op_loop_if_true):
-        (JSC::Machine::cti_op_negate):
-        (JSC::Machine::cti_op_resolve_base):
-        (JSC::Machine::cti_op_resolve_skip):
-        (JSC::Machine::cti_op_resolve_global):
-        (JSC::Machine::cti_op_div):
-        (JSC::Machine::cti_op_pre_dec):
-        (JSC::Machine::cti_op_jless):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_jtrue):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_lshift):
-        (JSC::Machine::cti_op_bitand):
-        (JSC::Machine::cti_op_rshift):
-        (JSC::Machine::cti_op_bitnot):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_new_func_exp):
-        (JSC::Machine::cti_op_mod):
-        (JSC::Machine::cti_op_less):
-        (JSC::Machine::cti_op_neq):
-        (JSC::Machine::cti_op_post_dec):
-        (JSC::Machine::cti_op_urshift):
-        (JSC::Machine::cti_op_bitxor):
-        (JSC::Machine::cti_op_new_regexp):
-        (JSC::Machine::cti_op_bitor):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_op_throw):
-        (JSC::Machine::cti_op_get_pnames):
-        (JSC::Machine::cti_op_next_pname):
-        (JSC::Machine::cti_op_push_scope):
-        (JSC::Machine::cti_op_pop_scope):
-        (JSC::Machine::cti_op_typeof):
-        (JSC::Machine::cti_op_to_jsnumber):
-        (JSC::Machine::cti_op_in):
-        (JSC::Machine::cti_op_push_new_scope):
-        (JSC::Machine::cti_op_jmp_scopes):
-        (JSC::Machine::cti_op_put_by_index):
-        (JSC::Machine::cti_op_switch_imm):
-        (JSC::Machine::cti_op_switch_char):
-        (JSC::Machine::cti_op_switch_string):
-        (JSC::Machine::cti_op_del_by_val):
-        (JSC::Machine::cti_op_put_getter):
-        (JSC::Machine::cti_op_put_setter):
-        (JSC::Machine::cti_op_new_error):
-        (JSC::Machine::cti_op_debug):
-        (JSC::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * VM/Register.h:
-        * VM/RegisterFile.h:
-        * kjs/Arguments.h:
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        (JSC::DebuggerCallFrame::type):
-        (JSC::DebuggerCallFrame::thisObject):
-        (JSC::DebuggerCallFrame::evaluate):
-        * kjs/DebuggerCallFrame.h:
-        * kjs/ExecState.cpp:
-        (JSC::CallFrame::thisValue):
-        * kjs/ExecState.h:
-        * kjs/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::argumentsGetter):
-        * kjs/JSActivation.h:
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * kjs/JSVariableObject.h:
-        * kjs/Parser.cpp:
-        (JSC::Parser::parse):
-        * kjs/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * kjs/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * kjs/Shell.cpp:
-        (prettyPrintScript):
-        * kjs/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        * kjs/identifier.cpp:
-        (JSC::Identifier::checkSameIdentifierTable):
-        * kjs/interpreter.cpp:
-        (JSC::Interpreter::checkSyntax):
-        (JSC::Interpreter::evaluate):
-        * kjs/nodes.cpp:
-        (JSC::ThrowableExpressionData::emitThrowError):
-        (JSC::RegExpNode::emitCode):
-        (JSC::ArrayNode::emitCode):
-        (JSC::InstanceOfNode::emitCode):
-        * kjs/nodes.h:
-        * kjs/regexp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        * kjs/regexp.h:
-        * profiler/HeavyProfile.h:
-        * profiler/Profile.h:
-        * wrec/WREC.cpp:
-        * wrec/WREC.h:
-
-2008-10-08  Mark Rowe  <mrowe@apple.com>
-
-        Typed by Maciej Stachowiak, reviewed by Mark Rowe.
-
-        Fix crash in fast/js/constant-folding.html with CTI disabled.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-
-2008-10-08  Timothy Hatcher  <timothy@apple.com>
-
-        Roll out r37427 because it causes an infinite recursion loading about:blank.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21476
-
-2008-10-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21403
-          Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
-
-        Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
-        client over to the new name.
-
-        Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
-        as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
-        accessor functions to get at things in the frame.
-
-        Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
-        JSGlobalData* and in other cases eliminating them entirely.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeFunction):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectDeleteProperty):
-        * API/OpaqueJSString.cpp:
-        * API/OpaqueJSString.h:
-        * VM/CTI.cpp:
-        (JSC::CTI::getConstant):
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-        (JSC::CTI::printOpcodeOperandTypes):
-        (JSC::CTI::CTI):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::compileRegExp):
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitEqualityOp):
-        (JSC::CodeGenerator::emitLoad):
-        (JSC::CodeGenerator::emitUnexpectedLoad):
-        (JSC::CodeGenerator::emitConstruct):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAddSlowCase):
-        (JSC::jsAdd):
-        (JSC::jsTypeStringForValue):
-        (JSC::Machine::resolve):
-        (JSC::Machine::resolveSkip):
-        (JSC::Machine::resolveGlobal):
-        (JSC::inlineResolveBase):
-        (JSC::Machine::resolveBase):
-        (JSC::Machine::resolveBaseAndProperty):
-        (JSC::Machine::resolveBaseAndFunc):
-        (JSC::Machine::slideRegisterWindowForCall):
-        (JSC::isNotObject):
-        (JSC::Machine::callEval):
-        (JSC::Machine::dumpCallFrame):
-        (JSC::Machine::dumpRegisters):
-        (JSC::Machine::unwindCallFrame):
-        (JSC::Machine::throwException):
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
-        (JSC::Machine::execute):
-        (JSC::Machine::debug):
-        (JSC::Machine::createExceptionScope):
-        (JSC::cachePrototypeChain):
-        (JSC::Machine::tryCachePutByID):
-        (JSC::Machine::tryCacheGetByID):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::retrieveArguments):
-        (JSC::Machine::retrieveCaller):
-        (JSC::Machine::retrieveLastCaller):
-        (JSC::Machine::findFunctionCallFrame):
-        (JSC::Machine::getArgumentsData):
-        (JSC::Machine::tryCTICachePutByID):
-        (JSC::Machine::getCTIArrayLengthTrampoline):
-        (JSC::Machine::getCTIStringLengthTrampoline):
-        (JSC::Machine::tryCTICacheGetByID):
-        (JSC::Machine::cti_op_convert_this):
-        (JSC::Machine::cti_op_end):
-        (JSC::Machine::cti_op_add):
-        (JSC::Machine::cti_op_pre_inc):
-        (JSC::Machine::cti_timeout_check):
-        (JSC::Machine::cti_op_loop_if_less):
-        (JSC::Machine::cti_op_loop_if_lesseq):
-        (JSC::Machine::cti_op_new_object):
-        (JSC::Machine::cti_op_put_by_id):
-        (JSC::Machine::cti_op_put_by_id_second):
-        (JSC::Machine::cti_op_put_by_id_generic):
-        (JSC::Machine::cti_op_put_by_id_fail):
-        (JSC::Machine::cti_op_get_by_id):
-        (JSC::Machine::cti_op_get_by_id_second):
-        (JSC::Machine::cti_op_get_by_id_generic):
-        (JSC::Machine::cti_op_get_by_id_fail):
-        (JSC::Machine::cti_op_instanceof):
-        (JSC::Machine::cti_op_del_by_id):
-        (JSC::Machine::cti_op_mul):
-        (JSC::Machine::cti_op_new_func):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_compile):
-        (JSC::Machine::cti_op_push_activation):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_create_arguments):
-        (JSC::Machine::cti_op_tear_off_activation):
-        (JSC::Machine::cti_op_tear_off_arguments):
-        (JSC::Machine::cti_op_ret_profiler):
-        (JSC::Machine::cti_op_ret_scopeChain):
-        (JSC::Machine::cti_op_new_array):
-        (JSC::Machine::cti_op_resolve):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_get_by_val):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_sub):
-        (JSC::Machine::cti_op_put_by_val):
-        (JSC::Machine::cti_op_put_by_val_array):
-        (JSC::Machine::cti_op_lesseq):
-        (JSC::Machine::cti_op_loop_if_true):
-        (JSC::Machine::cti_op_negate):
-        (JSC::Machine::cti_op_resolve_base):
-        (JSC::Machine::cti_op_resolve_skip):
-        (JSC::Machine::cti_op_resolve_global):
-        (JSC::Machine::cti_op_div):
-        (JSC::Machine::cti_op_pre_dec):
-        (JSC::Machine::cti_op_jless):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_jtrue):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_lshift):
-        (JSC::Machine::cti_op_bitand):
-        (JSC::Machine::cti_op_rshift):
-        (JSC::Machine::cti_op_bitnot):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_new_func_exp):
-        (JSC::Machine::cti_op_mod):
-        (JSC::Machine::cti_op_less):
-        (JSC::Machine::cti_op_neq):
-        (JSC::Machine::cti_op_post_dec):
-        (JSC::Machine::cti_op_urshift):
-        (JSC::Machine::cti_op_bitxor):
-        (JSC::Machine::cti_op_new_regexp):
-        (JSC::Machine::cti_op_bitor):
-        (JSC::Machine::cti_op_call_eval):
-        (JSC::Machine::cti_op_throw):
-        (JSC::Machine::cti_op_get_pnames):
-        (JSC::Machine::cti_op_next_pname):
-        (JSC::Machine::cti_op_push_scope):
-        (JSC::Machine::cti_op_pop_scope):
-        (JSC::Machine::cti_op_typeof):
-        (JSC::Machine::cti_op_to_jsnumber):
-        (JSC::Machine::cti_op_in):
-        (JSC::Machine::cti_op_push_new_scope):
-        (JSC::Machine::cti_op_jmp_scopes):
-        (JSC::Machine::cti_op_put_by_index):
-        (JSC::Machine::cti_op_switch_imm):
-        (JSC::Machine::cti_op_switch_char):
-        (JSC::Machine::cti_op_switch_string):
-        (JSC::Machine::cti_op_del_by_val):
-        (JSC::Machine::cti_op_put_getter):
-        (JSC::Machine::cti_op_put_setter):
-        (JSC::Machine::cti_op_new_error):
-        (JSC::Machine::cti_op_debug):
-        (JSC::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * VM/Register.h:
-        * VM/RegisterFile.h:
-        * kjs/Arguments.h:
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        (JSC::DebuggerCallFrame::type):
-        (JSC::DebuggerCallFrame::thisObject):
-        (JSC::DebuggerCallFrame::evaluate):
-        * kjs/DebuggerCallFrame.h:
-        * kjs/ExecState.cpp:
-        (JSC::CallFrame::thisValue):
-        * kjs/ExecState.h:
-        * kjs/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::argumentsGetter):
-        * kjs/JSActivation.h:
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * kjs/JSVariableObject.h:
-        * kjs/Parser.cpp:
-        (JSC::Parser::parse):
-        * kjs/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * kjs/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * kjs/Shell.cpp:
-        (prettyPrintScript):
-        * kjs/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        * kjs/identifier.cpp:
-        (JSC::Identifier::checkSameIdentifierTable):
-        * kjs/interpreter.cpp:
-        (JSC::Interpreter::checkSyntax):
-        (JSC::Interpreter::evaluate):
-        * kjs/nodes.cpp:
-        (JSC::ThrowableExpressionData::emitThrowError):
-        (JSC::RegExpNode::emitCode):
-        (JSC::ArrayNode::emitCode):
-        (JSC::InstanceOfNode::emitCode):
-        * kjs/nodes.h:
-        * kjs/regexp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        * kjs/regexp.h:
-        * profiler/HeavyProfile.h:
-        * profiler/Profile.h:
-        * wrec/WREC.cpp:
-        * wrec/WREC.h:
-
-2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>
-
-        Reviewed by Oliver Hunt.
-
-        Avoid endless loops when compiling without the computed goto
-        optimization.
-
-        NEXT_OPCODE expands to "continue", which will not work inside
-        loops.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-
-2008-10-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Re-landing the following fix with the crashing bug in it fixed (r37405):
-        
-        - optimize away multiplication by constant 1.0
-        
-        2.3% speedup on v8 RayTrace benchmark
-
-        Apparently it's not uncommon for JavaScript code to multiply by
-        constant 1.0 in the mistaken belief that this converts integer to
-        floating point and that there is any operational difference.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
-        case where parameter is already number.
-        (JSC::CTI::privateCompileSlowCases): ditto
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute): ditto
-        * kjs/grammar.y:
-        (makeMultNode): Transform as follows:
-        +FOO * BAR ==> FOO * BAR
-        FOO * +BAR ==> FOO * BAR
-        FOO * 1 ==> +FOO
-        1 * FOO ==> +FOO
-        (makeDivNode): Transform as follows:
-        +FOO / BAR ==> FOO / BAR
-        FOO / +BAR ==> FOO / BAR
-        (makeSubNode): Transform as follows:
-        +FOO - BAR ==> FOO - BAR
-        FOO - +BAR ==> FOO - BAR
-        * kjs/nodes.h:
-        (JSC::ExpressionNode::stripUnaryPlus): Helper for above
-        grammar.y changes
-        (JSC::UnaryPlusNode::stripUnaryPlus): ditto
-
-2008-10-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        - correctly handle appending -0 to a string, it should stringify as just 0
-
-        * kjs/ustring.cpp:
-        (JSC::concatenate):
-
-2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix WebKit compilation with VC2008SP1
-
-        Apply the TR1 workaround for JavaScriptCore, too.
-
-        * JavaScriptCore.pro:
-
-2008-10-08  Prasanth Ullattil  <pullatti@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix compilation errors on VS2008 64Bit
-
-        * kjs/collector.cpp:
-        (JSC::currentThreadStackBase):
-
-2008-10-08  André Pönitz  <apoenitz@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix compilation with Qt namespaces.
-
-        * wtf/Threading.h:
-
-2008-10-07  Sam Weinig  <sam@webkit.org>
-
-        Roll out r37405.
-
-2008-10-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Switch CTI runtime calls to the fastcall calling convention
-
-        Basically this means that we get to store the argument for CTI
-        calls in the ECX register, which saves a register->memory write
-        and subsequent memory->register read.
-        
-        This is a 1.7% progression in SunSpider and 2.4% on commandline
-        v8 tests on Windows
-
-        * VM/CTI.cpp:
-        (JSC::):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        * VM/CTI.h:
-        * VM/Machine.h:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::emitRestoreArgumentReference):
-        (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
-          We need this to correctly reload ecx from inside certain property access
-          trampolines.
-        * wtf/Platform.h:
-
-2008-10-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        - optimize away multiplication by constant 1.0
-        
-        2.3% speedup on v8 RayTrace benchmark
-
-        Apparently it's not uncommon for JavaScript code to multiply by
-        constant 1.0 in the mistaken belief that this converts integer to
-        floating point and that there is any operational difference.
-        
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
-        case where parameter is already number.
-        (JSC::CTI::privateCompileSlowCases): ditto
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute): ditto
-        * kjs/grammar.y:
-        (makeMultNode): Transform as follows:
-        +FOO * BAR ==> FOO * BAR
-        FOO * +BAR ==> FOO * BAR
-        FOO * 1 ==> +FOO
-        1 * FOO ==> +FOO
-        (makeDivNode): Transform as follows:
-        +FOO / BAR ==> FOO / BAR
-        FOO / +BAR ==> FOO / BAR
-        (makeSubNode): Transform as follows:
-        +FOO - BAR ==> FOO - BAR
-        FOO - +BAR ==> FOO - BAR
-        * kjs/nodes.h:
-        (JSC::ExpressionNode::stripUnaryPlus): Helper for above
-        grammar.y changes
-        (JSC::UnaryPlusNode::stripUnaryPlus): ditto
-
-2008-10-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        - make constant folding code more consistent
-        
-        Added a makeSubNode to match add, mult and div; use the makeFooNode functions always,
-        instead of allocating nodes directly in other places in the grammar.
-
-        * kjs/grammar.y:
-
-2008-10-07  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Move hasGetterSetterProperties flag from PropertyMap to StructureID.
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        * kjs/JSObject.h:
-        (JSC::JSObject::hasGetterSetterProperties):
-        (JSC::JSObject::getOwnPropertySlotForWrite):
-        (JSC::JSObject::getOwnPropertySlot):
-        * kjs/PropertyMap.h:
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::addPropertyTransition):
-        (JSC::StructureID::toDictionaryTransition):
-        (JSC::StructureID::changePrototypeTransition):
-        (JSC::StructureID::getterSetterTransition):
-        * kjs/StructureID.h:
-        (JSC::StructureID::hasGetterSetterProperties):
-        (JSC::StructureID::setHasGetterSetterProperties):
-
-2008-10-07  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Roll r37370 back in with bug fixes.
-
-        - PropertyMap::storageSize() should reflect the number of keys + deletedOffsets
-          and has nothing to do with the internal deletedSentinel count anymore.
-
-2008-10-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Move callframe initialization into JIT code, again.
-        
-        As a part of the restructuring the second result from functions is now
-        returned in edx, allowing the new value of 'r' to be returned via a
-        register, and stored to the stack from JIT code, too.
-
-        4.5% progression on v8-tests. (3% in their harness)
-
-        * VM/CTI.cpp:
-        (JSC::):
-        (JSC::CTI::emitCall):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        * VM/CTI.h:
-        (JSC::CallRecord::CallRecord):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_resolve_func):
-        (JSC::Machine::cti_op_post_inc):
-        (JSC::Machine::cti_op_resolve_with_base):
-        (JSC::Machine::cti_op_post_dec):
-        * VM/Machine.h:
-        * kjs/JSFunction.h:
-        * kjs/ScopeChain.h:
-
-2008-10-07  Mark Rowe  <mrowe@apple.com>
-
-        Fix typo in method name.
-
-        * wrec/WREC.cpp:
-        * wrec/WREC.h:
-
-2008-10-07  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Roll out r37370.
-
-2008-10-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21415
-        Improve the division between PropertyStorageArray and PropertyMap
-
-        - Rework ProperyMap to store offsets in the value so that they don't
-          change when rehashing.  This allows us not to have to keep the 
-          PropertyStorageArray in sync and thus not have to pass it in.
-        - Rename PropertyMap::getOffset -> PropertyMap::get since put/remove
-          now also return offsets.
-        - A Vector of deleted offsets is now needed since the storage is out of
-          band.
-
-        1% win on SunSpider.  Wash on V8 suite.
-
-        * JavaScriptCore.exp:
-        * VM/CTI.cpp:
-        (JSC::transitionWillNeedStorageRealloc):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        Transition logic can be greatly simplified by the fact that
-        the storage capacity is always known, and is correct for the
-        inline case.
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::put): Rename getOffset -> get.
-        (JSC::JSObject::deleteProperty): Ditto.
-        (JSC::JSObject::getPropertyAttributes): Ditto.
-        (JSC::JSObject::removeDirect): Use returned offset to
-        clear the value in the PropertyNameArray.
-        (JSC::JSObject::allocatePropertyStorage): Add assert.
-        * kjs/JSObject.h:
-        (JSC::JSObject::getDirect): Rename getOffset -> get
-        (JSC::JSObject::getDirectLocation): Rename getOffset -> get
-        (JSC::JSObject::putDirect): Use propertyStorageCapacity to determine whether
-        or not to resize.  Also, since put now returns an offset (and thus 
-        addPropertyTransition does also) setting of the PropertyStorageArray is
-        now done here.
-        (JSC::JSObject::transitionTo):
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::checkConsistency): PropertyStorageArray is no longer 
-        passed in.
-        (JSC::PropertyMap::operator=): Copy the delete offsets vector.
-        (JSC::PropertyMap::put): Instead of setting the PropertyNameArray
-        explicitly, return the offset where the value should go.
-        (JSC::PropertyMap::remove): Instead of removing from the PropertyNameArray
-        explicitly, return the offset where the value should be removed.
-        (JSC::PropertyMap::get): Switch to using the stored offset, instead
-        of the implicit one.
-        (JSC::PropertyMap::insert):
-        (JSC::PropertyMap::expand): This is never called when m_table is null,
-        so remove that branch and add it as an assertion.
-        (JSC::PropertyMap::createTable): Consistency checks no longer take
-        a PropertyNameArray.
-        (JSC::PropertyMap::rehash): No need to rehash the PropertyNameArray
-        now that it is completely out of band.
-        * kjs/PropertyMap.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry): Store offset into PropertyNameArray.
-        (JSC::PropertyMap::get): Switch to using the stored offset, instead
-        of the implicit one.
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID): Initialize the propertyStorageCapacity to 
-        JSObject::inlineStorageCapacity.
-        (JSC::StructureID::growPropertyStorageCapacity): Grow the storage capacity as
-        described below.
-        (JSC::StructureID::addPropertyTransition): Copy the storage capacity.
-        (JSC::StructureID::toDictionaryTransition): Ditto.
-        (JSC::StructureID::changePrototypeTransition): Ditto.
-        (JSC::StructureID::getterSetterTransition): Ditto.
-        * kjs/StructureID.h:
-        (JSC::StructureID::propertyStorageCapacity): Add propertyStorageCapacity
-        which is the current capacity for the JSObjects PropertyStorageArray.
-        It starts at the JSObject::inlineStorageCapacity (currently 2), then
-        when it first needs to be resized moves to the JSObject::nonInlineBaseStorageCapacity
-        (currently 16), and after that doubles each time.
-
-2008-10-06  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 21396: Remove the OptionalCalleeActivation call frame slot
-        <https://bugs.webkit.org/show_bug.cgi?id=21396>
-
-        Remove the OptionalCalleeActivation call frame slot. We have to be
-        careful to store the activation object in a register, because objects
-        in the scope chain do not get marked.
-
-        This is a 0.3% speedup on both SunSpider and the V8 benchmark.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::emitReturn):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::dumpRegisters):
-        (JSC::Machine::unwindCallFrame):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_push_activation):
-        (JSC::Machine::cti_op_tear_off_activation):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        * VM/Machine.h:
-        (JSC::Machine::initializeCallFrame):
-        * VM/RegisterFile.h:
-        (JSC::RegisterFile::):
-
-2008-10-06  Tony Chang  <tony@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Chromium doesn't use pthreads on windows, so make its use conditional.
-        
-        Also convert a WORD to a DWORD to avoid a compiler warning.  This
-        matches the other methods around it.
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::wtfThreadEntryPoint):
-        (WTF::ThreadCondition::broadcast):
-
-2008-10-06  Mark Mentovai  <mark@moxienet.com>
-
-        Reviewed by Tim Hatcher.
-
-        Allow ENABLE_DASHBOARD_SUPPORT and ENABLE_MAC_JAVA_BRIDGE to be
-        disabled on the Mac.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21333
-
-        * wtf/Platform.h:
-
-2008-10-06  Steve Falkenburg  <sfalken@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=21416
-        Pass 0 for size to VirtualAlloc, as documented by MSDN.
-        Identified by Application Verifier.
-        
-        Reviewed by Darin Adler.
-
-        * kjs/collector.cpp:
-        (KJS::freeBlock):
-
-2008-10-06  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim Hatcheri and Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21412
-        Bug 21412: Refactor user initiated profile count to be more stable
-        - Export UString::from for use with creating the profile title.
-
-        * JavaScriptCore.exp:
-
-2008-10-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed. Build fix.
-        
-        - revert toBoolean changes (r37333 and r37335); need to make WebCore work with these
-
-        * API/JSValueRef.cpp:
-        (JSValueToBoolean):
-        * ChangeLog:
-        * JavaScriptCore.exp:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_loop_if_true):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_jtrue):
-        * kjs/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncSome):
-        * kjs/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * kjs/GetterSetter.h:
-        * kjs/JSCell.h:
-        (JSC::JSValue::toBoolean):
-        * kjs/JSNumberCell.cpp:
-        (JSC::JSNumberCell::toBoolean):
-        * kjs/JSNumberCell.h:
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::toBoolean):
-        * kjs/JSObject.h:
-        * kjs/JSString.cpp:
-        (JSC::JSString::toBoolean):
-        * kjs/JSString.h:
-        * kjs/JSValue.h:
-        * kjs/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorMultiline):
-        * kjs/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * kjs/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-
-2008-10-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        - optimize op_jtrue, op_loop_if_true and op_not in various ways
-        https://bugs.webkit.org/show_bug.cgi?id=21404
-        
-        1) Make JSValue::toBoolean nonvirtual and completely inline by
-        making use of the StructureID type field.
-        
-        2) Make JSValue::toBoolean not take an ExecState; doesn't need it.
-        
-        3) Make op_not, op_loop_if_true and op_jtrue not read the
-        ExecState (toBoolean doesn't need it any more) and not check
-        exceptions (toBoolean can't throw).
-
-        * API/JSValueRef.cpp:
-        (JSValueToBoolean):
-        * JavaScriptCore.exp:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_loop_if_true):
-        (JSC::Machine::cti_op_not):
-        (JSC::Machine::cti_op_jtrue):
-        * kjs/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncSome):
-        * kjs/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * kjs/GetterSetter.h:
-        * kjs/JSCell.h:
-        (JSC::JSValue::toBoolean):
-        * kjs/JSNumberCell.cpp:
-        * kjs/JSNumberCell.h:
-        (JSC::JSNumberCell::toBoolean):
-        * kjs/JSObject.cpp:
-        * kjs/JSObject.h:
-        (JSC::JSObject::toBoolean):
-        (JSC::JSCell::toBoolean):
-        * kjs/JSString.cpp:
-        * kjs/JSString.h:
-        (JSC::JSString::toBoolean):
-        * kjs/JSValue.h:
-        * kjs/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorMultiline):
-        * kjs/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * kjs/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-
-2008-10-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>
-
-        Reviewed by Simon.
-
-        Build fix for MinGW.
-
-        * JavaScriptCore.pri:
-        * kjs/DateMath.cpp:
-        (JSC::highResUpTime):
-
-2008-10-05  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Remove ScopeNode::containsClosures() now that it is unused.
-
-        * kjs/nodes.h:
-        (JSC::ScopeNode::containsClosures):
-
-2008-10-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - fix releas-only test failures caused by the fix to bug 21375
-
-        * VM/Machine.cpp:
-        (JSC::Machine::unwindCallFrame): Update ExecState while unwinding call frames;
-        it now matters more to have a still-valid ExecState, since dynamicGlobalObject
-        will make use of the ExecState's scope chain.
-        * VM/Machine.h:
-
-2008-10-05  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
-        <https://bugs.webkit.org/show_bug.cgi?id=21364>
-
-        Use information from the parser to detect whether an activation is
-        needed or 'arguments' is used, and emit explicit instructions to tear
-        them off before op_ret. This allows a branch to be removed from op_ret
-        and simplifies some other code. This does cause a small change in the
-        behaviour of 'f.arguments'; it is no longer live when 'arguments' is not
-        mentioned in the lexical scope of the function.
-
-        It should now be easy to remove the OptionaCalleeActivation slot in the
-        call frame, but this will be done in a later patch.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitReturn):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::unwindCallFrame):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::retrieveArguments):
-        (JSC::Machine::cti_op_create_arguments):
-        (JSC::Machine::cti_op_tear_off_activation):
-        (JSC::Machine::cti_op_tear_off_arguments):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::mark):
-        * kjs/Arguments.h:
-        (JSC::Arguments::isTornOff):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::copyRegisters):
-        (JSC::JSActivation::copyRegisters):
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * kjs/JSActivation.h:
-
-2008-10-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        - fixed "REGRESSION (r37297): fast/js/deep-recursion-test takes too long and times out"
-        https://bugs.webkit.org/show_bug.cgi?id=21375
-        
-        The problem is that dynamicGlobalObject had become O(N) in number
-        of call frames, but unwinding the stack for an exception called it
-        for every call frame, resulting in O(N^2) behavior for an
-        exception thrown from inside deep recursion.
-
-        Instead of doing it that way, stash the dynamic global object in JSGlobalData.
-        
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Helper class to temporarily
-        store and later restore a dynamicGlobalObject in JSGlobalData.
-        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
-        (JSC::Machine::execute): In each version, establish a DynamicGlobalObjectScope.
-        For ProgramNode, always establish set new dynamicGlobalObject, for FunctionBody and Eval,
-        only if none is currently set.
-        * VM/Machine.h:
-        * kjs/ExecState.h:
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Ininitalize new dynamicGlobalObject field to 0.
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.h:
-        (JSC::ExecState::dynamicGlobalObject): Moved here from ExecState for benefit of inlining.
-        Return lexical global object if this is a globalExec(), otherwise look in JSGlobalData
-        for the one stashed there.
-
-2008-10-05  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Avoid an extra lookup when transitioning to an existing StructureID
-        by caching the offset of property that caused the transition.
-
-        1% win on V8 suite.  Wash on SunSpider.
-
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::put):
-        * kjs/PropertyMap.h:
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::addPropertyTransition):
-        * kjs/StructureID.h:
-        (JSC::StructureID::setCachedTransistionOffset):
-        (JSC::StructureID::cachedTransistionOffset):
-
-2008-10-05  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
-        <https://bugs.webkit.org/show_bug.cgi?id=21364>
-
-        This patch does not yet remove the branch, but it does a bit of refactoring
-        so that a CodeGenerator now knows whether the associated CodeBlock will need
-        a full scope before doing any code generation. This makes it possible to emit
-        explicit tear-off instructions before every op_ret.
-
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::CodeBlock):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::generate):
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::emitPushScope):
-        (JSC::CodeGenerator::emitPushNewScope):
-        * kjs/nodes.h:
-        (JSC::ScopeNode::needsActivation):
-
-2008-10-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Fix for bug #21387 - using SamplingTool with CTI.
-
-        (1) A repatch offset offset changes due to an additional instruction to update SamplingTool state.
-        (2) Fix an incusion order problem due to ExecState changes.
-        (3) Change to a MACHINE_SAMPLING macro, use of exec should now be accessing global data.
-
-        * VM/CTI.h:
-        (JSC::CTI::execute):
-        * VM/SamplingTool.h:
-        (JSC::SamplingTool::privateExecuteReturned):
-        * kjs/Shell.cpp:
-
-2008-10-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        Add a 'Check For Weak VTables' build phase to catch weak vtables as early as possible.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-10-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix https://bugs.webkit.org/show_bug.cgi?id=21320
-        leaks of PropertyNameArrayData seen on buildbot
-
-        - Fix RefPtr cycle by making PropertyNameArrayData's pointer back
-          to the StructureID a weak pointer.
-
-        * kjs/PropertyNameArray.h:
-        (JSC::PropertyNameArrayData::setCachedStructureID):
-        (JSC::PropertyNameArrayData::cachedStructureID):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::getEnumerablePropertyNames):
-        (JSC::StructureID::clearEnumerationCache):
-        (JSC::StructureID::~StructureID):
-
-2008-10-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21295
-          Bug 21295: Replace ExecState with a call frame Register pointer
-
-        10% faster on Richards; other v8 benchmarks faster too.
-        A wash on SunSpider.
-
-        This does the minimum necessary to get the speedup. Next step in
-        cleaning this up is to replace ExecState with a CallFrame class,
-        and be more judicious about when to pass a call frame and when
-        to pass a global data pointer, global object pointer, or perhaps
-        something else entirely.
-
-        * VM/CTI.cpp: Remove the debug-only check of the exception in
-        ctiVMThrowTrampoline -- already checked in the code the trampoline
-        jumps to, so not all that useful. Removed the exec argument from
-        ctiTrampoline. Removed emitDebugExceptionCheck -- no longer needed.
-        (JSC::CTI::emitCall): Removed code to set ExecState::m_callFrame.
-        (JSC::CTI::privateCompileMainPass): Removed code in catch to extract
-        the exception from ExecState::m_exception; instead, the code that
-        jumps into catch will make sure the exception is already in eax.
-        * VM/CTI.h: Removed exec from the ctiTrampoline. Also removed the
-        non-helpful "volatile". Temporarily left ARG_exec in as a synonym
-        for ARG_r; I'll change that on a future cleanup pass when introducing
-        more use of the CallFrame type.
-        (JSC::CTI::execute): Removed the ExecState* argument.
-
-        * VM/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError): Take
-        JSGlobalData* instead of ExecState*.
-        (JSC::createInterruptedExecutionException): Ditto.
-        * VM/ExceptionHelpers.h: Ditto. Also removed an unneeded include.
-
-        * VM/Machine.cpp:
-        (JSC::slideRegisterWindowForCall): Removed the exec and
-        exceptionValue arguments. Changed to return 0 when there's a stack
-        overflow rather than using a separate exception argument to cut
-        down on memory accesses in the calling convention.
-        (JSC::Machine::unwindCallFrame): Removed the exec argument when
-        constructing a DebuggerCallFrame. Also removed code to set
-        ExecState::m_callFrame.
-        (JSC::Machine::throwException): Removed the exec argument when
-        construction a DebuggerCallFrame.
-        (JSC::Machine::execute): Updated to use the register instead of
-        ExecState and also removed various uses of ExecState.
-        (JSC::Machine::debug):
-        (JSC::Machine::privateExecute): Put globalData into a local
-        variable so it can be used throughout the interpreter. Changed
-        the VM_CHECK_EXCEPTION to get the exception in globalData instead
-        of through ExecState.
-        (JSC::Machine::retrieveLastCaller): Turn exec into a registers
-        pointer by calling registers() instead of by getting m_callFrame.
-        (JSC::Machine::callFrame): Ditto.
-        Tweaked exception macros. Made new versions for when you know
-        you have an exception. Get at global exception with ARG_globalData.
-        Got rid of the need to pass in the return value type.
-        (JSC::Machine::cti_op_add): Update to use new version of exception
-        macros.
-        (JSC::Machine::cti_op_pre_inc): Ditto.
-        (JSC::Machine::cti_timeout_check): Ditto.
-        (JSC::Machine::cti_op_instanceof): Ditto.
-        (JSC::Machine::cti_op_new_func): Ditto.
-        (JSC::Machine::cti_op_call_JSFunction): Optimized by using the
-        ARG values directly instead of through local variables -- this gets
-        rid of code that just shuffles things around in the stack frame.
-        Also get rid of ExecState and update for the new way exceptions are
-        handled in slideRegisterWindowForCall.
-        (JSC::Machine::cti_vm_compile): Update to make exec out of r since
-        they are both the same thing now.
-        (JSC::Machine::cti_op_call_NotJSFunction): Ditto.
-        (JSC::Machine::cti_op_init_arguments): Ditto.
-        (JSC::Machine::cti_op_resolve): Ditto.
-        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
-        (JSC::Machine::cti_op_construct_NotJSConstruct): Ditto.
-        (JSC::Machine::cti_op_resolve_func): Ditto.
-        (JSC::Machine::cti_op_put_by_val): Ditto.
-        (JSC::Machine::cti_op_put_by_val_array): Ditto.
-        (JSC::Machine::cti_op_resolve_skip): Ditto.
-        (JSC::Machine::cti_op_resolve_global): Ditto.
-        (JSC::Machine::cti_op_post_inc): Ditto.
-        (JSC::Machine::cti_op_resolve_with_base): Ditto.
-        (JSC::Machine::cti_op_post_dec): Ditto.
-        (JSC::Machine::cti_op_call_eval): Ditto.
-        (JSC::Machine::cti_op_throw): Ditto. Also rearranged to return
-        the exception value as the return value so it can be used by
-        op_catch.
-        (JSC::Machine::cti_op_push_scope): Ditto.
-        (JSC::Machine::cti_op_in): Ditto.
-        (JSC::Machine::cti_op_del_by_val): Ditto.
-        (JSC::Machine::cti_vm_throw): Ditto. Also rearranged to return
-        the exception value as the return value so it can be used by
-        op_catch.
-
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName): Pass globalData.
-        (JSC::DebuggerCallFrame::evaluate): Eliminated code to make a
-        new ExecState.
-        * kjs/DebuggerCallFrame.h: Removed ExecState argument from
-        constructor.
-
-        * kjs/ExecState.h: Eliminated all data members and made ExecState
-        inherit privately from Register instead. Also added a typedef to
-        the future name for this class, which is CallFrame. It's just a
-        Register* that knows it's a pointer at a call frame. The new class
-        can't be constructed or copied. Changed all functions to use
-        the this pointer instead of m_callFrame. Changed exception-related
-        functions to access an exception in JSGlobalData. Removed functions
-        used by CTI to pass the return address to the throw machinery --
-        this is now done directly with a global in the global data.
-
-        * kjs/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString): Pass globalData instead of exec.
-
-        * kjs/InternalFunction.cpp:
-        (JSC::InternalFunction::name): Take globalData instead of exec.
-        * kjs/InternalFunction.h: Ditto.
-
-        * kjs/JSGlobalData.cpp: Initialize the new exception global to 0.
-        * kjs/JSGlobalData.h: Declare two new globals. One for the current
-        exception and another for the return address used by CTI to
-        implement the throw operation.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init): Removed code to set up globalExec,
-        which is now the same thing as globalCallFrame.
-        (JSC::JSGlobalObject::reset): Get globalExec from our globalExec
-        function so we don't have to repeat the logic twice.
-        (JSC::JSGlobalObject::mark): Removed code to mark the exception;
-        the exception is now stored in JSGlobalData and marked there.
-        (JSC::JSGlobalObject::globalExec): Return a pointer to the end
-        of the global call frame.
-        * kjs/JSGlobalObject.h: Removed the globalExec data member.
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::putDirectFunction): Pass globalData instead of exec.
-
-        * kjs/collector.cpp:
-        (JSC::Heap::collect): Mark the global exception.
-
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart): Pass globalData
-        instead of exec to createCallIdentifier.
-
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::willExecute): Pass globalData instead of exec to
-        createCallIdentifier.
-        (JSC::Profiler::didExecute): Ditto.
-        (JSC::Profiler::createCallIdentifier): Take globalData instead of
-        exec.
-        (JSC::createCallIdentifierFromFunctionImp): Ditto.
-        * profiler/Profiler.h: Change interface to take a JSGlobalData
-        instead of an ExecState.
-
-2008-10-04  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 21369: Add opcode documentation for all undocumented opcodes
-        <https://bugs.webkit.org/show_bug.cgi?id=21369>
-
-        This patch adds opcode documentation for all undocumented opcodes, and
-        it also renames op_init_arguments to op_create_arguments.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_create_arguments):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-
-2008-10-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - "this" object in methods called on primitives should be wrapper object
-        https://bugs.webkit.org/show_bug.cgi?id=21362
-
-        I changed things so that functions which use "this" do a fast
-        version of toThisObject conversion if needed. Currently we miss
-        the conversion entirely, at least for primitive types. Using
-        TypeInfo and the primitive check, I made the fast case bail out
-        pretty fast.
-        
-        This is inexplicably an 1.007x SunSpider speedup (and a wash on V8 benchmarks).
-     
-        Also renamed some opcodes for clarity:
-        
-        init ==> enter
-        init_activation ==> enter_with_activation
-        
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::generate):
-        (JSC::CodeGenerator::CodeGenerator):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_convert_this):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * kjs/JSActivation.h:
-        (JSC::JSActivation::createStructureID):
-        * kjs/JSCell.h:
-        (JSC::JSValue::needsThisConversion):
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructureID):
-        * kjs/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        (JSC::JSStaticScopeObject::createStructureID):
-        * kjs/JSString.h:
-        (JSC::JSString::createStructureID):
-        * kjs/JSValue.h:
-        * kjs/TypeInfo.h:
-        (JSC::TypeInfo::needsThisConversion):
-        * kjs/nodes.h:
-        (JSC::ScopeNode::usesThis):
-
-2008-10-03  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21356: The size of the RegisterFile differs depending on 32-bit / 64-bit and Debug / Release
-        <https://bugs.webkit.org/show_bug.cgi?id=21356>
-
-        The RegisterFile decreases in size (measured in terms of numbers of
-        Registers) as the size of a Register increases. This causes
-
-            js1_5/Regress/regress-159334.js
-
-        to fail in 64-bit debug builds. This fix makes the RegisterFile on all
-        platforms the same size that it is in 32-bit Release builds.
-
-        * VM/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-
-2008-10-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - Some code cleanup to how we handle code features.
-        
-        1) Rename FeatureInfo typedef to CodeFeatures.
-        2) Rename NodeFeatureInfo template to NodeInfo.
-        3) Keep CodeFeature bitmask in ScopeNode instead of trying to break it out into individual bools.
-        4) Rename misleadingly named "needsClosure" method to "containsClosures", which better describes the meaning
-        of ClosureFeature.
-        5) Make setUsersArguments() not take an argument since it only goes one way.
-
-        * JavaScriptCore.exp:
-        * VM/CodeBlock.h:
-        (JSC::CodeBlock::CodeBlock):
-        * kjs/NodeInfo.h:
-        * kjs/Parser.cpp:
-        (JSC::Parser::didFinishParsing):
-        * kjs/Parser.h:
-        (JSC::Parser::parse):
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * kjs/nodes.h:
-        (JSC::ScopeNode::usesEval):
-        (JSC::ScopeNode::containsClosures):
-        (JSC::ScopeNode::usesArguments):
-        (JSC::ScopeNode::setUsesArguments):
-
-2008-10-03  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
-        <https://bugs.webkit.org/show_bug.cgi?id=21343>
-
-        A fix was landed for this issue in r37253, and the ChangeLog assumes
-        that it is a compiler bug, but it turns out that it is a subtle issue
-        with mixing signed and unsigned 32-bit values in a 64-bit environment.
-        In order to properly fix this bug, we should convert our signed offsets
-        into the register file to use ptrdiff_t.
-
-        This may not be the only instance of this issue, but I will land this
-        fix first and look for more later.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::getArgumentsData):
-        * VM/Machine.h:
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        * kjs/Arguments.h:
-        (JSC::Arguments::init):
-
-2008-10-03  Darin Adler  <darin@apple.com>
-
-        * VM/CTI.cpp: Another Windows build fix. Change the args of ctiTrampoline.
-
-        * kjs/JSNumberCell.h: A build fix for newer versions of gcc. Added
-        declarations of JSGlobalData overloads of jsNumberCell.
-
-2008-10-03  Darin Adler  <darin@apple.com>
-
-        - try to fix Windows build
-
-        * kjs/ScopeChain.h: Add forward declaration of JSGlobalData.
-
-2008-10-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - next step of https://bugs.webkit.org/show_bug.cgi?id=21295
-          Turn ExecState into a call frame pointer.
-
-        Remove m_globalObject and m_globalData from ExecState.
-
-        SunSpider says this is a wash (slightly faster but not statistically
-        significant); which is good enough since it's a preparation step and
-        not supposed to be a spedup.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::JSCallbackFunction):
-        * kjs/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * kjs/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * kjs/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * kjs/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * kjs/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * kjs/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * kjs/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * kjs/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * kjs/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * kjs/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * kjs/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        Pass JSGlobalData* instead of ExecState* to the InternalFunction
-        constructor.
-
-        * API/OpaqueJSString.cpp: Added now-needed include.
-
-        * JavaScriptCore.exp: Updated.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitSlowScriptCheck): Changed to use ARGS_globalData
-        instead of ARGS_exec.
-
-        * VM/CTI.h: Added a new argument to the CTI, the global data pointer.
-        While it's possible to get to the global data pointer using the
-        ExecState pointer, it's slow enough that it's better to just keep
-        it around in the CTI arguments.
-
-        * VM/CodeBlock.h: Moved the CodeType enum here from ExecState.h.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::execute): Pass fewer arguments when constructing
-        ExecState, and pass the global data pointer when invoking CTI.
-        (JSC::Machine::firstCallFrame): Added. Used to get the dynamic global
-        object, which is in the scope chain of the first call frame.
-        (JSC::Machine::cti_op_add): Use globalData instead of exec when
-        possible, to keep fast cases fast, since it's now more expensive to
-        get to it through the exec pointer.
-        (JSC::Machine::cti_timeout_check): Ditto.
-        (JSC::Machine::cti_op_put_by_id_second): Ditto.
-        (JSC::Machine::cti_op_get_by_id_second): Ditto.
-        (JSC::Machine::cti_op_mul): Ditto.
-        (JSC::Machine::cti_vm_compile): Ditto.
-        (JSC::Machine::cti_op_get_by_val): Ditto.
-        (JSC::Machine::cti_op_sub): Ditto.
-        (JSC::Machine::cti_op_put_by_val): Ditto.
-        (JSC::Machine::cti_op_put_by_val_array): Ditto.
-        (JSC::Machine::cti_op_negate): Ditto.
-        (JSC::Machine::cti_op_div): Ditto.
-        (JSC::Machine::cti_op_pre_dec): Ditto.
-        (JSC::Machine::cti_op_post_inc): Ditto.
-        (JSC::Machine::cti_op_lshift): Ditto.
-        (JSC::Machine::cti_op_bitand): Ditto.
-        (JSC::Machine::cti_op_rshift): Ditto.
-        (JSC::Machine::cti_op_bitnot): Ditto.
-        (JSC::Machine::cti_op_mod): Ditto.
-        (JSC::Machine::cti_op_post_dec): Ditto.
-        (JSC::Machine::cti_op_urshift): Ditto.
-        (JSC::Machine::cti_op_bitxor): Ditto.
-        (JSC::Machine::cti_op_bitor): Ditto.
-        (JSC::Machine::cti_op_call_eval): Ditto.
-        (JSC::Machine::cti_op_throw): Ditto.
-        (JSC::Machine::cti_op_is_string): Ditto.
-        (JSC::Machine::cti_op_debug): Ditto.
-        (JSC::Machine::cti_vm_throw): Ditto.
-
-        * VM/Machine.h: Added firstCallFrame.
-
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate): Pass fewer arguments when
-        constructing ExecState.
-
-        * kjs/ExecState.cpp: Deleted contents. Later we'll remove the
-        file altogether.
-
-        * kjs/ExecState.h: Removed m_globalObject and m_globalData.
-        Moved CodeType into another header.
-        (JSC::ExecState::ExecState): Take only a single argument, a
-        call frame pointer.
-        (JSC::ExecState::dynamicGlobalObject): Get the object from
-        the first call frame since it's no longer stored.
-        (JSC::ExecState::globalData): Get the global data from the
-        scope chain, since we no longer store a pointer to it here.
-        (JSC::ExecState::identifierTable): Ditto.
-        (JSC::ExecState::propertyNames): Ditto.
-        (JSC::ExecState::emptyList): Ditto.
-        (JSC::ExecState::lexer): Ditto.
-        (JSC::ExecState::parser): Ditto.
-        (JSC::ExecState::machine): Ditto.
-        (JSC::ExecState::arrayTable): Ditto.
-        (JSC::ExecState::dateTable): Ditto.
-        (JSC::ExecState::mathTable): Ditto.
-        (JSC::ExecState::numberTable): Ditto.
-        (JSC::ExecState::regExpTable): Ditto.
-        (JSC::ExecState::regExpConstructorTable): Ditto.
-        (JSC::ExecState::stringTable): Ditto.
-        (JSC::ExecState::heap): Ditto.
-
-        * kjs/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor): Pass
-        JSGlobalData* instead of ExecState* to the InternalFunction
-        constructor.
-        (JSC::constructFunction): Pass the global data pointer when
-        constructing a new scope chain.
-
-        * kjs/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction): Take a JSGlobalData*
-        instead of an ExecState*. Later we can change more places to
-        work this way -- it's more efficient to take the type you need
-        since the caller might already have it.
-        * kjs/InternalFunction.h: Ditto.
-
-        * kjs/JSCell.h:
-        (JSC::JSCell::operator new): Added an overload that takes a
-        JSGlobalData* so you can construct without an ExecState*.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init): Moved creation of the global scope
-        chain in here, since it now requires a pointer to the global data.
-        Moved the initialization of the call frame in here since it requires
-        the global scope chain node. Removed the extra argument to ExecState
-        when creating the global ExecState*.
-        * kjs/JSGlobalObject.h: Removed initialization of globalScopeChain
-        and the call frame from the JSGlobalObjectData constructor. Added
-        a thisValue argument to the init function.
-
-        * kjs/JSNumberCell.cpp: Added versions of jsNumberCell that take
-        JSGlobalData* rather than ExecState*.
-        * kjs/JSNumberCell.h:
-        (JSC::JSNumberCell::operator new): Added a version that takes
-        JSGlobalData*.
-        (JSC::JSNumberCell::JSNumberCell): Ditto.
-        (JSC::jsNumber): Ditto.
-        * kjs/JSString.cpp:
-        (JSC::jsString): Ditto.
-        (JSC::jsSubstring): Ditto.
-        (JSC::jsOwnedString): Ditto.
-        * kjs/JSString.h:
-        (JSC::JSString::JSString): Changed to take JSGlobalData*.
-        (JSC::jsEmptyString): Added a version that takes JSGlobalData*.
-        (JSC::jsSingleCharacterString): Ditto.
-        (JSC::jsSingleCharacterSubstring): Ditto.
-        (JSC::jsNontrivialString): Ditto.
-        (JSC::JSString::getIndex): Ditto.
-        (JSC::jsString): Ditto.
-        (JSC::jsSubstring): Ditto.
-        (JSC::jsOwnedString): Ditto.
-
-        * kjs/ScopeChain.h: Added a globalData pointer to each node.
-        (JSC::ScopeChainNode::ScopeChainNode): Initialize the globalData
-        pointer.
-        (JSC::ScopeChainNode::push): Set the global data pointer in the
-        new node.
-        (JSC::ScopeChain::ScopeChain): Take a globalData argument.
-
-        * kjs/SmallStrings.cpp:
-        (JSC::SmallStrings::createEmptyString): Take JSGlobalData* instead of
-        ExecState*.
-        (JSC::SmallStrings::createSingleCharacterString): Ditto.
-        * kjs/SmallStrings.h:
-        (JSC::SmallStrings::emptyString): Ditto.
-        (JSC::SmallStrings::singleCharacterString): Ditto.
-
-2008-10-03  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
-        <https://bugs.webkit.org/show_bug.cgi?id=21343>
-
-        Add a workaround for a bug in GCC, which affects GCC 4.0, GCC 4.2, and
-        llvm-gcc 4.2. I put it in an #ifdef because it was a slight regression
-        on SunSpider in 32-bit, although that might be entirely random.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-
-2008-10-03  Darin Adler  <darin@apple.com>
-
-        Rubber stamped by Alexey Proskuryakov.
-
-        * kjs/Shell.cpp: (main): Don't delete JSGlobalData. Later, we need to change
-        this tool to use public JavaScriptCore API instead.
-
-2008-10-03  Darin Adler  <darin@apple.com>
-
-        Suggested by Alexey Proskuryakov.
-
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData): Remove call to heap.destroy() because
-        it's too late to ref the JSGlobalData object once it's already being
-        destroyed. In practice this is not a problem because WebCore's JSGlobalData
-        is never destroyed and JSGlobalContextRelease takes care of calling
-        heap.destroy() in advance.
-
-2008-10-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Replace SSE3 check with an SSE2 check, and implement SSE2 check on windows.
-
-        5.6% win on SunSpider on windows.
-
-        * VM/CTI.cpp:
-        (JSC::isSSE2Present):
-        (JSC::CTI::compileBinaryArithOp):
-        (JSC::CTI::compileBinaryArithOpSlowCase):
-
-2008-10-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Rubber stamped by Cameron Zwarich.
-        
-        - fix mistaken change of | to || which caused a big perf regression on EarleyBoyer
-
-        * kjs/grammar.y:
-
-2008-10-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21321
-          Bug 21321: speed up JavaScriptCore by inlining Heap in JSGlobalData
-
-        1.019x as fast on SunSpider.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript): Use heap. instead of heap-> to work with the heap.
-        (JSCheckScriptSyntax): Ditto.
-        (JSGarbageCollect): Ditto.
-        (JSReportExtraMemoryCost): Ditto.
-        * API/JSContextRef.cpp:
-        (JSGlobalContextRetain): Ditto.
-        (JSGlobalContextRelease): Destroy the heap with the destroy function instead
-        of the delete operator.
-        (JSContextGetGlobalObject): Use heap. instead of heap-> to work with the heap.
-        * API/JSObjectRef.cpp:
-        (JSObjectMake): Use heap. instead of heap-> to work with the heap.
-        (JSObjectMakeFunctionWithCallback): Ditto.
-        (JSObjectMakeConstructor): Ditto.
-        (JSObjectMakeFunction): Ditto.
-        (JSObjectMakeArray): Ditto.
-        (JSObjectMakeDate): Ditto.
-        (JSObjectMakeError): Ditto.
-        (JSObjectMakeRegExp): Ditto.
-        (JSObjectHasProperty): Ditto.
-        (JSObjectGetProperty): Ditto.
-        (JSObjectSetProperty): Ditto.
-        (JSObjectGetPropertyAtIndex): Ditto.
-        (JSObjectSetPropertyAtIndex): Ditto.
-        (JSObjectDeleteProperty): Ditto.
-        (JSObjectCallAsFunction): Ditto.
-        (JSObjectCallAsConstructor): Ditto.
-        (JSObjectCopyPropertyNames): Ditto.
-        (JSPropertyNameAccumulatorAddName): Ditto.
-        * API/JSValueRef.cpp:
-        (JSValueIsEqual): Ditto.
-        (JSValueIsInstanceOfConstructor): Ditto.
-        (JSValueMakeNumber): Ditto.
-        (JSValueMakeString): Ditto.
-        (JSValueToNumber): Ditto.
-        (JSValueToStringCopy): Ditto.
-        (JSValueToObject): Ditto.
-        (JSValueProtect): Ditto.
-        (JSValueUnprotect): Ditto.
-
-        * kjs/ExecState.h:
-        (JSC::ExecState::heap): Update to use the & operator.
-
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Update to initialize a heap member
-        instead of calling new to make a heap.
-        (JSC::JSGlobalData::~JSGlobalData): Destroy the heap with the destroy
-        function instead of the delete operator.
-        * kjs/JSGlobalData.h: Change from Heap* to a Heap.
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::mark): Use the & operator here.
-        (JSC::JSGlobalObject::operator new): Use heap. instead of heap-> to work
-        with the heap.
-
-2008-10-02  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 21317: Replace RegisterFile size and capacity information with Register pointers
-        <https://bugs.webkit.org/show_bug.cgi?id=21317>
-
-        This is a 2.3% speedup on the V8 DeltaBlue benchmark, a 3.3% speedup on
-        the V8 Raytrace benchmark, and a 1.0% speedup on SunSpider.
-
-        * VM/Machine.cpp:
-        (JSC::slideRegisterWindowForCall):
-        (JSC::Machine::callEval):
-        (JSC::Machine::execute):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        * VM/RegisterFile.cpp:
-        (JSC::RegisterFile::~RegisterFile):
-        * VM/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::start):
-        (JSC::RegisterFile::end):
-        (JSC::RegisterFile::size):
-        (JSC::RegisterFile::shrink):
-        (JSC::RegisterFile::grow):
-        (JSC::RegisterFile::lastGlobal):
-        (JSC::RegisterFile::markGlobals):
-        (JSC::RegisterFile::markCallFrames):
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::copyGlobalsTo):
-
-2008-10-02  Cameron Zwarich  <zwarich@apple.com>
-
-        Rubber-stamped by Darin Adler.
-
-        Change bitwise operations introduced in r37166 to boolean operations. We
-        only use bitwise operations over boolean operations for increasing
-        performance in extremely hot code, but that does not apply to anything
-        in the parser.
-
-        * kjs/grammar.y:
-
-2008-10-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fix for bug #21232 - should reset m_isPendingDash on flush,
-        and should allow '\-' as beginning or end of a range (though
-        not to specifiy a range itself).
-
-        * ChangeLog:
-        * wrec/CharacterClassConstructor.cpp:
-        (JSC::CharacterClassConstructor::put):
-        (JSC::CharacterClassConstructor::flush):
-        * wrec/CharacterClassConstructor.h:
-        (JSC::CharacterClassConstructor::flushBeforeEscapedHyphen):
-        * wrec/WREC.cpp:
-        (JSC::WRECGenerator::generateDisjunction):
-        (JSC::WRECParser::parseCharacterClass):
-        (JSC::WRECParser::parseDisjunction):
-        * wrec/WREC.h:
-
-2008-10-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - remove the "static" from declarations in a header file, since we
-          don't want them to have internal linkage
-
-        * VM/Machine.h: Remove the static keyword from the constant and the
-        three inline functions that Geoff just moved here.
-
-2008-10-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=21283.
-        Profiler Crashes When Started
-
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        (JSC::makeHostCallFramePointer):
-        (JSC::isHostCallFrame):
-        (JSC::stripHostCallFrameBit): Moved some things to the header so
-        JSGlobalObject could use them.
-
-        * kjs/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Call the
-        new makeHostCallFramePointer API, since 0 no longer indicates a host
-        call frame.
-
-2008-10-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=21304
-        Stop using a static wrapper map for WebCore JS bindings
-
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        (JSC::JSGlobalData::ClientData::~ClientData):
-        * kjs/JSGlobalData.h:
-        Added a client data member to JSGlobalData. WebCore will use it to store bindings-related
-        global data.
-
-        * JavaScriptCore.exp: Export virtual ClientData destructor.
-
-2008-10-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Try to fix Qt build.
-
-        * kjs/Error.h:
-
-2008-10-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler and Cameron Zwarich.
-
-        Preliminary step toward dynamic recompilation: Standardized and
-        simplified the parsing interface.
-        
-        The main goal in this patch is to make it easy to ask for a duplicate
-        compilation, and get back a duplicate result -- same source URL, same
-        debugger / profiler ID, same toString behavior, etc.
-        
-        The basic unit of compilation and evaluation is now SourceCode, which
-        encompasses a SourceProvider, a range in that provider, and a starting
-        line number.
-
-        A SourceProvider now encompasses a source URL, and *is* a source ID,
-        since a pointer is a unique identifier.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax): Provide a SourceCode to the Interpreter, since
-        other APIs are no longer supported.
-        
-        * VM/CodeBlock.h:
-        (JSC::EvalCodeCache::get): Provide a SourceCode to the Interpreter, since
-        other APIs are no longer supported.
-        (JSC::CodeBlock::CodeBlock): ASSERT something that used to be ASSERTed
-        by our caller -- this is a better bottleneck.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator): Updated for the fact that
-        FunctionBodyNode's parameters are no longer a WTF::Vector.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::Arguments): ditto
-
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate): Provide a SourceCode to the Parser,
-        since other APIs are no longer supported.
-
-        * kjs/FunctionConstructor.cpp:
-        (JSC::constructFunction): Provide a SourceCode to the Parser, since
-        other APIs are no longer supported. Adopt FunctionBodyNode's new
-        "finishParsing" API.
-
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getParameterName): Updated for the fact that
-        FunctionBodyNode's parameters are no longer a wtf::Vector.
-
-        * kjs/JSFunction.h: Nixed some cruft.
-
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval): Provide a SourceCode to the Parser, since
-        other APIs are no longer supported. 
-
-        * kjs/Parser.cpp:
-        (JSC::Parser::parse): Require a SourceCode argument, instead of a bunch
-        of broken out parameters. Stop tracking sourceId as an integer, since we
-        use the SourceProvider pointer for this now. Don't clamp the
-        startingLineNumber, since SourceCode does that now.
-
-        * kjs/Parser.h:
-        (JSC::Parser::parse): Standardized the parsing interface to require a
-        SourceCode.
-
-        * kjs/Shell.cpp:
-        (functionRun):
-        (functionLoad):
-        (prettyPrintScript):
-        (runWithScripts):
-        (runInteractive): Provide a SourceCode to the Interpreter, since
-        other APIs are no longer supported.
-
-        * kjs/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::SourceProvider::url):
-        (JSC::SourceProvider::asId):
-        (JSC::UStringSourceProvider::create):
-        (JSC::UStringSourceProvider::UStringSourceProvider): Added new
-        responsibilities described above.
-
-        * kjs/SourceRange.h:
-        (JSC::SourceCode::SourceCode):
-        (JSC::SourceCode::toString):
-        (JSC::SourceCode::provider):
-        (JSC::SourceCode::firstLine):
-        (JSC::SourceCode::data):
-        (JSC::SourceCode::length): Added new responsibilities described above.
-        Renamed SourceRange to SourceCode, based on review feedback. Added
-        a makeSource function for convenience.
-
-        * kjs/debugger.h: Provide a SourceCode to the client, since other APIs
-        are no longer supported.
-
-        * kjs/grammar.y: Provide startingLineNumber when creating a SourceCode.
-
-        * kjs/debugger.h: Treat sourceId as intptr_t to avoid loss of precision
-        on 64bit platforms.
-
-        * kjs/interpreter.cpp:
-        (JSC::Interpreter::checkSyntax):
-        (JSC::Interpreter::evaluate):
-        * kjs/interpreter.h: Require a SourceCode instead of broken out arguments.
-
-        * kjs/lexer.cpp:
-        (JSC::Lexer::setCode):
-        * kjs/lexer.h:
-        (JSC::Lexer::sourceRange): Fold together the SourceProvider and line number
-        into a SourceCode. Fixed a bug where the Lexer would accidentally keep
-        alive the last SourceProvider forever.
-
-        * kjs/nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::generateCode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::finishParsing):
-        (JSC::FunctionBodyNode::create):
-        (JSC::FunctionBodyNode::generateCode):
-        (JSC::ProgramNode::generateCode):
-        (JSC::FunctionBodyNode::paramString):
-        * kjs/nodes.h:
-        (JSC::ScopeNode::):
-        (JSC::ScopeNode::sourceId):
-        (JSC::FunctionBodyNode::):
-        (JSC::FunctionBodyNode::parameterCount):
-        (JSC::FuncExprNode::):
-        (JSC::FuncDeclNode::): Store a SourceCode in all ScopeNodes, since
-        SourceCode is now responsible for tracking URL, ID, etc. Streamlined
-        some ad hoc FunctionBodyNode fixups into a "finishParsing" function, to
-        help make clear what you need to do in order to finish parsing a
-        FunctionBodyNode.
-
-        * wtf/Vector.h:
-        (WTF::::releaseBuffer): Don't ASSERT that releaseBuffer() is only called
-        when buffer is not 0, since FunctionBodyNode is more than happy
-        to get back a 0 buffer, and other functions like RefPtr::release() allow
-        for 0, too.
-
-2008-10-01  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21289: REGRESSION (r37160): Inspector crashes on load
-        <https://bugs.webkit.org/show_bug.cgi?id=21289>
-
-        The code in Arguments::mark() in r37160 was wrong. It marks indices in
-        d->registers, but that makes no sense (they are local variables, not
-        arguments). It should mark those indices in d->registerArray instead.
-
-        This patch also changes Arguments::copyRegisters() to use d->numParameters
-        instead of recomputing it.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::mark):
-        * kjs/Arguments.h:
-        (JSC::Arguments::copyRegisters):
-
-2008-09-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21214
-          work on getting rid of ExecState
-
-        Eliminate some unneeded uses of dynamicGlobalObject.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::contextData): Changed to use a map in the global data instead
-        of on the global object. Also fixed to use only a single hash table lookup.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor): Use lexicalGlobalObject rather than dynamicGlobalObject
-        to get the object prototype.
-
-        * kjs/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString): Use arrayVisitedElements set in global data rather
-        than in the global object.
-        (JSC::arrayProtoFuncToLocaleString): Ditto.
-        (JSC::arrayProtoFuncJoin): Ditto.
-
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Don't initialize opaqueJSClassData, since
-        it's no longer a pointer.
-        (JSC::JSGlobalData::~JSGlobalData): We still need to delete all the values, but
-        we don't need to delete the map since it's no longer a pointer.
-
-        * kjs/JSGlobalData.h: Made opaqueJSClassData a map instead of a pointer to a map.
-        Also added arrayVisitedElements.
-
-        * kjs/JSGlobalObject.h: Removed arrayVisitedElements.
-
-        * kjs/Shell.cpp:
-        (functionRun): Use lexicalGlobalObject instead of dynamicGlobalObject.
-        (functionLoad): Ditto.
-
-2008-10-01  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Speculative Windows build fix.
-
-        * kjs/grammar.y:
-
-2008-10-01  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 21123: using "arguments" in a function should not force creation of an activation object
-        <https://bugs.webkit.org/show_bug.cgi?id=21123>
-
-        Make the 'arguments' object not require a JSActivation. We store the
-        'arguments' object in the OptionalCalleeArguments call frame slot. We
-        need to be able to get the original 'arguments' object to tear it off
-        when returning from a function, but 'arguments' may be assigned to in a
-        number of ways.
-
-        Therefore, we use the OptionalCalleeArguments slot when we want to get
-        the original activation or we know that 'arguments' was not assigned a
-        different value. When 'arguments' may have been assigned a new value,
-        we use a new local variable that is initialized with 'arguments'. Since
-        a function parameter named 'arguments' may overwrite the value of
-        'arguments', we also need to be careful to look up 'arguments' in the
-        symbol table, so we get the parameter named 'arguments' instead of the
-        local variable that we have added for holding the 'arguments' object.
-
-        This is a 19.1% win on the V8 Raytrace benchmark using the SunSpider
-        harness, and a 20.7% win using the V8 harness. This amounts to a 6.5%
-        total speedup on the V8 benchmark suite using the V8 harness.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        * VM/Machine.cpp:
-        (JSC::Machine::unwindCallFrame):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::retrieveArguments):
-        (JSC::Machine::cti_op_init_arguments):
-        (JSC::Machine::cti_op_ret_activation_arguments):
-        * VM/Machine.h:
-        * VM/RegisterFile.h:
-        (JSC::RegisterFile::):
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::mark):
-        (JSC::Arguments::fillArgList):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::put):
-        * kjs/Arguments.h:
-        (JSC::Arguments::setRegisters):
-        (JSC::Arguments::init):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::copyRegisters):
-        (JSC::JSActivation::copyRegisters):
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * kjs/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        * kjs/grammar.y:
-        * kjs/nodes.h:
-        (JSC::ScopeNode::setUsesArguments):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::orl_mr):
-
-2008-10-01  Kevin McCullough  <kmccullough@apple.com>
-
-        Rubberstamped by Geoff Garen.
-
-        Remove BreakpointCheckStatement because it's not used anymore.
-        No effect on sunspider or the jsc tests.
-
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-
-2008-09-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Improve performance of CTI on windows.
-
-        Currently on platforms where the compiler doesn't allow us to safely
-        index relative to the address of a parameter we need to actually
-        provide a pointer to CTI runtime call arguments.  This patch improves
-        performance in this case by making the CTI logic for restoring this
-        parameter much less conservative by only resetting it before we actually
-        make a call, rather than between each and every SF bytecode we generate
-        code for.
-
-        This results in a 3.6% progression on the v8 benchmark when compiled with MSVC.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitCall):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        * VM/CTI.h:
-        * masm/X86Assembler.h:
-        * wtf/Platform.h:
-
-2008-09-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        - track uses of "this", "with" and "catch" in the parser
-        
-        Knowing this up front will be useful for future optimizations.
-        
-        Perf and correctness remain the same.
-        
-        * kjs/NodeInfo.h:
-        * kjs/grammar.y:
-
-2008-09-30  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Add WebKitAvailability macros for JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError,
-        and JSObjectMakeRegExp
-
-        * API/JSObjectRef.h:
-
-2008-09-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21214
-          work on getting rid of ExecState
-
-        Replaced the m_prev field of ExecState with a bit in the
-        call frame pointer to indicate "host" call frames.
-
-        * VM/Machine.cpp:
-        (JSC::makeHostCallFramePointer): Added. Sets low bit.
-        (JSC::isHostCallFrame): Added. Checks low bit.
-        (JSC::stripHostCallFrameBit): Added. Clears low bit.
-        (JSC::Machine::unwindCallFrame): Replaced null check that was
-        formerly used to detect host call frames with an isHostCallFrame check.
-        (JSC::Machine::execute): Pass in a host call frame pointer rather than
-        always passing 0 when starting execution from the host. This allows us
-        to follow the entire call frame pointer chain when desired, or to stop
-        at the host calls when that's desired.
-        (JSC::Machine::privateExecute): Replaced null check that was
-        formerly used to detect host call frames with an isHostCallFrame check.
-        (JSC::Machine::retrieveCaller): Ditto.
-        (JSC::Machine::retrieveLastCaller): Ditto.
-        (JSC::Machine::callFrame): Removed the code to walk up m_prev pointers
-        and replaced it with code that uses the caller pointer and uses the
-        stripHostCallFrameBit function.
-
-        * kjs/ExecState.cpp: Removed m_prev.
-        * kjs/ExecState.h: Ditto.
-
-2008-09-30  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Move all detection of 'arguments' in a lexical scope to the parser, in
-        preparation for fixing
-
-        Bug 21123: using "arguments" in a function should not force creation of an activation object
-        <https://bugs.webkit.org/show_bug.cgi?id=21123>
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        * kjs/NodeInfo.h:
-        * kjs/grammar.y:
-
-2008-09-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        * kjs/Shell.cpp:
-        (runWithScripts): Fixed indentation.
-
-2008-09-30  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Build fix.  Move InternalFunction::classInfo implementation into the .cpp
-        file to prevent the vtable for InternalFunction being generated as a weak symbol.
-        Has no effect on SunSpider.
-
-        * kjs/InternalFunction.cpp:
-        (JSC::InternalFunction::classInfo):
-        * kjs/InternalFunction.h:
-
-2008-09-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        - optimize appending a number to a string
-        https://bugs.webkit.org/show_bug.cgi?id=21203
-        
-        It's pretty common in real-world code (and on some of the v8
-        benchmarks) to append a number to a string, so I made this one of
-        the fast cases, and also added support to UString to do it
-        directly without allocating a temporary UString.
-        
-        ~1% speedup on v8 benchmark.
-
-        * VM/Machine.cpp:
-        (JSC::jsAddSlowCase): Make this NEVER_INLINE because somehow otherwise
-        the change is a regression.
-        (JSC::jsAdd): Handle number + string special case.
-        (JSC::Machine::cti_op_add): Integrate much of the logic of jsAdd to
-        avoid exception check in the str + str, num + num and str + num cases.
-        * kjs/ustring.cpp:
-        (JSC::expandedSize): Make this a non-member function, since it needs to be 
-        called in non-member functions but not outside this file.
-        (JSC::expandCapacity): Ditto.
-        (JSC::UString::expandCapacity): Call the non-member version. 
-        (JSC::createRep): Helper to make a rep from a char*.
-        (JSC::UString::UString): Use above helper.
-        (JSC::concatenate): Guts of concatenating constructor for cases where first
-        item is a UString::Rep, and second is a UChar* and length, or a char*.
-        (JSC::UString::append): Implement for cases where first item is a UString::Rep,
-        and second is an int or double. Sadly duplicates logic of UString::from(int)
-        and UString::from(double).
-        * kjs/ustring.h:
-
-2008-09-29  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21214
-          work on getting rid of ExecState
-
-        * JavaScriptCore.exp: Updated since JSGlobalObject::init
-        no longer takes a parameter.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::execute): Removed m_registerFile argument
-        for ExecState constructors.
-
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate): Removed globalThisValue
-        argument for ExecState constructor.
-
-        * kjs/ExecState.cpp:
-        (JSC::ExecState::ExecState): Removed globalThisValue and
-        registerFile arguments to constructors.
-
-        * kjs/ExecState.h: Removed m_globalThisValue and
-        m_registerFile data members.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init): Removed globalThisValue
-        argument for ExecState constructor.
-
-        * kjs/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject): Got rid of parameter
-        for the init function.
-
-2008-09-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by Cameron Zwarich.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=21225
-        Machine::retrieveLastCaller should check for a NULL codeBlock
-        
-        In order to crash, you would need to call retrieveCaller in a situation
-        where you had two host call frames in a row in the register file. I
-        don't know how to make that happen, or if it's even possible, so I don't
-        have a test case -- but better safe than sorry!
-
-        * VM/Machine.cpp:
-        (JSC::Machine::retrieveLastCaller):
-
-2008-09-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Store the callee ScopeChain, not the caller ScopeChain, in the call frame
-        header. Nix the "scopeChain" local variable and ExecState::m_scopeChain, and
-        access the callee ScopeChain through the call frame header instead.
-
-        Profit: call + return are simpler, because they don't have to update the
-        "scopeChain" local variable, or ExecState::m_scopeChain.
-        
-        Because CTI keeps "r" in a register, reading the callee ScopeChain relative
-        to "r" can be very fast, in any cases we care to optimize.
-
-        0% speedup on empty function call benchmark. (5.5% speedup in bytecode.)
-        0% speedup on SunSpider. (7.5% speedup on controlflow-recursive.)
-        2% speedup on SunSpider --v8.
-        2% speedup on v8 benchmark.
-
-        * VM/CTI.cpp: Changed scope chain access to read the scope chain from
-        the call frame header. Sped up op_ret by changing it not to fuss with
-        the "scopeChain" local variable or ExecState::m_scopeChain.
-
-        * VM/CTI.h: Updated CTI trampolines not to take a ScopeChainNode*
-        argument, since that's stored in the call frame header now.
-
-        * VM/Machine.cpp: Access "scopeChain" and "codeBlock" through new helper
-        functions that read from the call frame header. Updated functions operating
-        on ExecState::m_callFrame to account for / take advantage of the fact that
-        Exec:m_callFrame is now never NULL.
-        
-        Fixed a bug in op_construct, where it would use the caller's default
-        object prototype, rather than the callee's, when constructing a new object.
-
-        * VM/Machine.h: Made some helper functions available. Removed
-        ScopeChainNode* arguments to a lot of functions, since the ScopeChainNode*
-        is now stored in the call frame header.
-
-        * VM/RegisterFile.h: Renamed "CallerScopeChain" to "ScopeChain", since
-        that's what it is now.
-
-        * kjs/DebuggerCallFrame.cpp: Updated for change to ExecState signature.
-
-        * kjs/ExecState.cpp:
-        * kjs/ExecState.h: Nixed ExecState::m_callFrame, along with the unused
-        isGlobalObject function.
-
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h: Gave the global object a fake call frame in
-        which to store the global scope chain, since our code now assumes that
-        it can always read the scope chain out of the ExecState's call frame.
-
-2008-09-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Sam Weinig.
-
-        Remove the isActivationObject() virtual method on JSObject and use
-        StructureID information instead. This should be slightly faster, but
-        isActivationObject() is only used in assertions and unwinding the stack
-        for exceptions.
-
-        * VM/Machine.cpp:
-        (JSC::depth):
-        (JSC::Machine::unwindCallFrame):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_ret_activation):
-        * kjs/JSActivation.cpp:
-        * kjs/JSActivation.h:
-        * kjs/JSObject.h:
-
-2008-09-29  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Reviewed and tweaked by Darin Adler.
-
-        Fix build for non-all-in-one platforms.
-
-        * kjs/StringPrototype.cpp: Added missing ASCIICType.h include.
-
-2008-09-29  Bradley T. Hughes  <bradley.hughes@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix compilation with icpc
-
-        * wtf/HashSet.h:
-        (WTF::::find):
-        (WTF::::contains):
-
-2008-09-29  Thiago Macieira  <thiago.macieira@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Changed copyright from Trolltech ASA to Nokia.
-        
-        Nokia acquired Trolltech ASA, assets were transferred on September 26th 2008.
-        
-
-        * wtf/qt/MainThreadQt.cpp:
-
-2008-09-29  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by Lars Knoll.
-
-        Don't accidentially install libJavaScriptCore.a for the build inside
-        Qt.
-
-        * JavaScriptCore.pro:
-
-2008-09-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 21200: Allow direct access to 'arguments' without using op_resolve
-        <https://bugs.webkit.org/show_bug.cgi?id=21200>
-
-        Allow fast access to the 'arguments' object by adding an extra slot to
-        the callframe to store it.
-
-        This is a 3.0% speedup on the V8 Raytrace benchmark.
-
-        * JavaScriptCore.exp:
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::registerFor):
-        * VM/CodeGenerator.h:
-        (JSC::CodeGenerator::registerFor):
-        * VM/Machine.cpp:
-        (JSC::Machine::initializeCallFrame):
-        (JSC::Machine::dumpRegisters):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::retrieveArguments):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_create_arguments):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * VM/RegisterFile.h:
-        (JSC::RegisterFile::):
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::mark):
-        (JSC::JSActivation::argumentsGetter):
-        * kjs/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        * kjs/NodeInfo.h:
-        * kjs/Parser.cpp:
-        (JSC::Parser::didFinishParsing):
-        * kjs/Parser.h:
-        (JSC::Parser::parse):
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * kjs/nodes.h:
-        (JSC::ScopeNode::usesArguments):
-
-2008-09-28  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add an ASCII fast-path to toLowerCase and toUpperCase.
-
-        The fast path speeds up the common case of an ASCII-only string by up to 60% while adding a less than 5% penalty
-        to the less common non-ASCII case.
-
-        This also removes stringProtoFuncToLocaleLowerCase and stringProtoFuncToLocaleUpperCase, which were identical
-        to the non-locale variants of the functions.  toLocaleLowerCase and toLocaleUpperCase now use the non-locale
-        variants of the functions directly.
-
-        * kjs/StringPrototype.cpp:
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-
-2008-09-28  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Speed up parseInt and parseFloat.
-
-        Repeatedly indexing into a UString is slow, so retrieve a pointer into the underlying buffer once up front
-        and use that instead.  This is a 7% win on a parseInt/parseFloat micro-benchmark.
-
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt):
-        (JSC::parseFloat):
-
-2008-09-28  Simon Hausmann  <hausmann@webkit.org>
-
-        Reviewed by David Hyatt.
-
-        In Qt's initializeThreading re-use an existing thread identifier for the main
-        thread if it exists.
-
-        currentThread() implicitly creates new identifiers and it could be that
-        it is called before initializeThreading().
-
-        * wtf/ThreadingQt.cpp:
-        (WTF::initializeThreading):
-
-2008-09-27  Keishi Hattori  <casey.hattori@gmail.com>
-
-        Added Machine::retrieveCaller to the export list.
-
-        Reviewed by Kevin McCullough and Tim Hatcher.
-
-        * JavaScriptCore.exp: Added Machine::retrieveCaller.
-
-2008-09-27  Anders Carlsson  <andersca@apple.com>
-
-        Fix build.
-
-        * VM/CTI.cpp:
-        (JSC::):
-
-2008-09-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=21175
-
-        Store the callee CodeBlock, not the caller CodeBlock, in the call frame
-        header. Nix the "codeBlock" local variable, and access the callee
-        CodeBlock through the call frame header instead.
-        
-        Profit: call + return are simpler, because they don't have to update the
-        "codeBlock" local variable.
-        
-        Because CTI keeps "r" in a register, reading the callee CodeBlock relative
-        to "r" can be very fast, in any cases we care to optimize. Presently,
-        no such cases seem important.
-        
-        Also, stop writing "dst" to the call frame header. CTI doesn't use it.
-        
-        21.6% speedup on empty function call benchmark.
-        3.8% speedup on SunSpider --v8.
-        2.1% speedup on v8 benchmark.
-        0.7% speedup on SunSpider (6% speedup on controlflow-recursive).
-        
-        Small regression in bytecode, because currently every op_ret reads the
-        callee CodeBlock to check needsFullScopeChain, and bytecode does not
-        keep "r" in a register. On-balance, this is probably OK, since CTI is
-        our high-performance execution model. Also, this should go away once
-        we make needsFullScopeChain statically determinable at parse time.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall): The speedup!
-        (JSC::CTI::privateCompileSlowCases): ditto
-
-        * VM/CTI.h:
-        (JSC::): Fixed up magic trampoline constants to account for the nixed
-        "codeBlock" argument.
-        (JSC::CTI::execute): Changed trampoline function not to take a "codeBlock"
-        argument, since codeBlock is now stored in the call frame header.
-        
-        * VM/Machine.cpp: Read the callee CodeBlock from the register file. Use
-        a NULL CallerRegisters in the call frame header to signal a built-in
-        caller, since CodeBlock is now never NULL.
-
-        * VM/Machine.h: Made some stand-alone functions Machine member functions
-        so they could call the private codeBlock() accessor in the Register
-        class, of which Machine is a friend. Renamed "CallerCodeBlock" to
-        "CodeBlock", since it's no longer the caller's CodeBlock.
-
-        * VM/RegisterFile.h: Marked some methods const to accommodate a 
-        const RegisterFile* being passed around in Machine.cpp.
-
-2008-09-26  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk build fix. Not reviewed.
-
-        Narrow-down the target of the JavaScriptCore .lut.h generator so
-        it won't try to create the WebCore .lut.hs.
-
-        * GNUmakefile.am:
-
-2008-09-26  Matt Lilek  <webkit@mattlilek.com>
-
-        Reviewed by Tim Hatcher.
-
-        Update FEATURE_DEFINES after ENABLE_CROSS_DOCUMENT_MESSAGING was removed.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-09-26  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Anders Carlson.
-
-        Change the name 'sc' to 'scopeChainNode' in a few places.
-
-        * kjs/nodes.cpp:
-        (JSC::EvalNode::generateCode):
-        (JSC::FunctionBodyNode::generateCode):
-        (JSC::ProgramNode::generateCode):
-
-2008-09-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=21152
-        Speedup static property get/put
-
-        Convert getting/setting static property values to use static functions
-        instead of storing an integer and switching in getValueProperty/putValueProperty.
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::getPropertyAttributes):
-        * kjs/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertySlot):
-        * kjs/NumberConstructor.cpp:
-        (JSC::numberConstructorNaNValue):
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-        * kjs/PropertySlot.h:
-        (JSC::PropertySlot::):
-        * kjs/RegExpConstructor.cpp:
-        (JSC::regExpConstructorDollar1):
-        (JSC::regExpConstructorDollar2):
-        (JSC::regExpConstructorDollar3):
-        (JSC::regExpConstructorDollar4):
-        (JSC::regExpConstructorDollar5):
-        (JSC::regExpConstructorDollar6):
-        (JSC::regExpConstructorDollar7):
-        (JSC::regExpConstructorDollar8):
-        (JSC::regExpConstructorDollar9):
-        (JSC::regExpConstructorInput):
-        (JSC::regExpConstructorMultiline):
-        (JSC::regExpConstructorLastMatch):
-        (JSC::regExpConstructorLastParen):
-        (JSC::regExpConstructorLeftContext):
-        (JSC::regExpConstructorRightContext):
-        (JSC::setRegExpConstructorInput):
-        (JSC::setRegExpConstructorMultiline):
-        (JSC::RegExpConstructor::setInput):
-        (JSC::RegExpConstructor::setMultiline):
-        (JSC::RegExpConstructor::multiline):
-        * kjs/RegExpConstructor.h:
-        * kjs/RegExpObject.cpp:
-        (JSC::regExpObjectGlobal):
-        (JSC::regExpObjectIgnoreCase):
-        (JSC::regExpObjectMultiline):
-        (JSC::regExpObjectSource):
-        (JSC::regExpObjectLastIndex):
-        (JSC::setRegExpObjectLastIndex):
-        * kjs/RegExpObject.h:
-        (JSC::RegExpObject::setLastIndex):
-        (JSC::RegExpObject::lastIndex):
-        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::getEnumerablePropertyNames):
-        * kjs/create_hash_table:
-        * kjs/lexer.cpp:
-        (JSC::Lexer::lex):
-        * kjs/lookup.cpp:
-        (JSC::HashTable::createTable):
-        (JSC::HashTable::deleteTable):
-        (JSC::setUpStaticFunctionSlot):
-        * kjs/lookup.h:
-        (JSC::HashEntry::initialize):
-        (JSC::HashEntry::setKey):
-        (JSC::HashEntry::key):
-        (JSC::HashEntry::attributes):
-        (JSC::HashEntry::function):
-        (JSC::HashEntry::functionLength):
-        (JSC::HashEntry::propertyGetter):
-        (JSC::HashEntry::propertyPutter):
-        (JSC::HashEntry::lexerValue):
-        (JSC::HashEntry::):
-        (JSC::HashTable::entry):
-        (JSC::getStaticPropertySlot):
-        (JSC::getStaticValueSlot):
-        (JSC::lookupPut):
-
-2008-09-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak & Oliver Hunt.
-
-        Add support for reusing temporary JSNumberCells.  This change is based on the observation
-        that if the result of certain operations is a JSNumberCell and is consumed by a subsequent
-        operation that would produce a JSNumberCell, we can reuse the object rather than allocating
-        a fresh one.  E.g. given the expression ((a * b) * c), we can statically determine that
-        (a * b) will have a numeric result (or else it will have thrown an exception), so the result
-        will either be a JSNumberCell or a JSImmediate.
-
-        This patch changes three areas of JSC:
-            * The AST now tracks type information about the result of each node.
-            * This information is consumed in bytecode compilation, and certain bytecode operations
-              now carry the statically determined type information about their operands.
-            * CTI uses the information in a number of fashions:
-                * Where an operand to certain arithmetic operations is reusable, it will plant code
-                  to try to perform the operation in JIT code & reuse the cell, where appropriate.
-                * Where it can be statically determined that an operand can only be numeric (typically
-                  the result of another arithmetic operation) the code will not redundantly check that
-                  the JSCell is a JSNumberCell.
-                * Where either of the operands to an add are non-numeric do not plant an optimized
-                  arithmetic code path, just call straight out to the C function.
-
-        +6% Sunspider (10% progression on 3D, 16% progression on math, 60% progression on access-nbody),
-        +1% v8-tests (improvements in raytrace & crypto)
-
-        * VM/CTI.cpp: Add optimized code generation with reuse of temporary JSNumberCells.
-        * VM/CTI.h:
-        * kjs/JSNumberCell.h:
-        * masm/X86Assembler.h:
-
-        * VM/CodeBlock.cpp: Add type information to specific bytecodes.
-        * VM/CodeGenerator.cpp:
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-
-        * kjs/nodes.cpp: Track static type information for nodes.
-        * kjs/nodes.h:
-        * kjs/ResultDescriptor.h: (Added)
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-09-26  Yichao Yin  <yichao.yin@torchmobile.com.cn>
-
-        Reviewed by George Staikos, Maciej Stachowiak.
-
-        Add utility functions needed for upcoming WML code.
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIPrintable):
-
-2008-09-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Reverted the part of r36614 that used static data because static data
-        is not thread-safe.
-
-2008-09-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Removed dynamic check for whether the callee needs an activation object.
-        Replaced with callee code to create the activation object.
-
-        0.5% speedup on SunSpider.
-        No change on v8 benchmark. (Might be a speedup, but it's in range of the
-        variance.)
-
-        0.7% speedup on v8 benchmark in bytecode.
-        1.3% speedup on empty call benchmark in bytecode.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass): Added support for op_init_activation,
-        the new opcode that specifies that the callee's initialization should
-        create an activation object.
-        (JSC::CTI::privateCompile): Removed previous code that did a similar
-        thing in an ad-hoc way.
-
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Added a case for dumping op_init_activation.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::generate): Added fixup code to change op_init to
-        op_init_activation if necessary. (With a better parser, we would know
-        which to use from the beginning.)
-
-        * VM/Instruction.h:
-        (JSC::Instruction::Instruction):
-        (WTF::): Faster traits for the instruction vector. An earlier version
-        of this patch relied on inserting at the beginning of the vector, and
-        depended on this change for speed.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::execute): Removed clients of setScopeChain, the old
-        abstraction for dynamically checking for whether an activation object
-        needed to be created.
-        (JSC::Machine::privateExecute): ditto
-
-        (JSC::Machine::cti_op_push_activation): Renamed this function from
-        cti_vm_updateScopeChain, and made it faster by removing the call to 
-        setScopeChain.
-        * VM/Machine.h:
-
-        * VM/Opcode.h: Declared op_init_activation.
-
-2008-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Move most of the return code back into the callee, now that the callee
-        doesn't have to calculate anything dynamically.
-        
-        11.5% speedup on empty function call benchmark.
-        
-        SunSpider says 0.3% faster. SunSpider --v8 says no change.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-
-2008-09-24  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Remove staticFunctionGetter.  There is only one remaining user of
-        staticFunctionGetter and it can be converted to use setUpStaticFunctionSlot.
-
-        * JavaScriptCore.exp:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-
-2008-09-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        - inline JIT fast case of op_neq
-        - remove extra level of function call indirection from slow cases of eq and neq
-        
-        1% speedup on Richards
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_eq):
-        (JSC::Machine::cti_op_neq):
-        * kjs/operations.cpp:
-        (JSC::equal):
-        (JSC::equalSlowCase):
-        * kjs/operations.h:
-        (JSC::equalSlowCaseInline):
-
-2008-09-24  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=21080
-        <rdar://problem/6243534>
-        Crash below Function.apply when using a runtime array as the argument list
-
-        Test: plugins/bindings-array-apply-crash.html
-
-        * kjs/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply): Revert to the slow case if the object inherits from 
-        JSArray (via ClassInfo) but is not a JSArray.
-
-2008-09-24  Kevin McCullough  <kmccullough@apple.com>
-
-        Style change.
-
-        * kjs/nodes.cpp:
-        (JSC::statementListEmitCode):
-
-2008-09-24  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-        Bug 21031: Breakpoints in the condition of loops only breaks the first
-        time
-        - Now when setting breakpoints in the condition of a loop (for, while,
-        for in, and do while) will successfully break each time throught the
-        loop.
-        - For 'for' loops we need a little more complicated behavior that cannot
-        be accomplished without some more significant changes:
-        https://bugs.webkit.org/show_bug.cgi?id=21073
-
-        * kjs/nodes.cpp:
-        (JSC::statementListEmitCode): We don't want to blindly emit a debug hook
-        at the first line of loops, instead let the loop emit the debug hooks.
-        (JSC::DoWhileNode::emitCode):
-        (JSC::WhileNode::emitCode):
-        (JSC::ForNode::emitCode):
-        (JSC::ForInNode::emitCode):
-        * kjs/nodes.h:
-        (JSC::StatementNode::):
-        (JSC::DoWhileNode::):
-        (JSC::WhileNode::):
-        (JSC::ForInNode::):
-
-2008-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Fixed <rdar://problem/5605532> Need a SPI for telling JS the size of
-        the objects it retains
-
-        * API/tests/testapi.c: Test the new SPI a little.
-
-        * API/JSSPI.cpp: Add the new SPI.
-        * API/JSSPI.h: Add the new SPI.
-        * JavaScriptCore.exp: Add the new SPI.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add the new SPI.
-
-2008-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        * API/JSBase.h: Filled in some missing function names.
-
-2008-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=21057
-        Crash in RegisterID::deref() running fast/canvas/canvas-putImageData.html
-
-        * VM/CodeGenerator.h: Changed declaration order to ensure the
-        m_lastConstant, which is a RefPtr that points into m_calleeRegisters,
-        has its destructor called before the destructor for m_calleeRegisters.
-
-2008-09-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21047
-          speed up ret_activation with inlining
-
-        About 1% on v8-raytrace.
-
-        * JavaScriptCore.exp: Removed JSVariableObject::setRegisters.
-
-        * kjs/JSActivation.cpp: Moved copyRegisters to the header to make it inline.
-        * kjs/JSActivation.h:
-        (JSC::JSActivation::copyRegisters): Moved here. Also removed the registerArraySize
-        argument to setRegisters, since the object doesn't need to store the number of
-        registers.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset): Removed unnecessary clearing left over from when we
-        used this on objects that weren't brand new. These days, this function is really
-        just part of the constructor.
-
-        * kjs/JSGlobalObject.h: Added registerArraySize to JSGlobalObjectData, since
-        JSVariableObjectData no longer needs it. Added a setRegisters override here
-        that handles storing the size.
-
-        * kjs/JSStaticScopeObject.h: Removed code to set registerArraySize, since it
-        no longer exists.
-
-        * kjs/JSVariableObject.cpp: Moved copyRegisterArray and setRegisters to the
-        header to make them inline.
-        * kjs/JSVariableObject.h: Removed registerArraySize from JSVariableObjectData,
-        since it was only used for the global object.
-        (JSC::JSVariableObject::copyRegisterArray): Moved here ot make it inline.
-        (JSC::JSVariableObject::setRegisters): Moved here to make it inline. Also
-        removed the code to set registerArraySize and changed an if statement into
-        an assert to save an unnnecessary branch.
-
-2008-09-24  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        - inline PropertyMap::getOffset to speed up polymorphic lookups
-        
-        ~1.5% speedup on v8 benchmark
-        no effect on SunSpider
-
-        * JavaScriptCore.exp:
-        * kjs/PropertyMap.cpp:
-        * kjs/PropertyMap.h:
-        (JSC::PropertyMap::getOffset):
-
-2008-09-24  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed by Alp Toker.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20992
-        Build fails on GTK+ Mac OS
-
-        * wtf/ThreadingGtk.cpp: Remove platform ifdef as suggested by
-          Richard Hult.
-        (WTF::initializeThreading):
-
-2008-09-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 19968: Slow Script at www.huffingtonpost.com
-        <https://bugs.webkit.org/show_bug.cgi?id=19968>
-
-        Finally found the cause of this accursed issue.  It is triggered
-        by synchronous creation of a new global object from JS.  The new
-        global object resets the timer state in this execution group's
-        Machine, taking timerCheckCount to 0.  Then when JS returns the
-        timerCheckCount is decremented making it non-zero.  The next time
-        we execute JS we will start the timeout counter, however the non-zero
-        timeoutCheckCount means we don't reset the timer information. This
-        means that the timeout check is now checking the cumulative time
-        since the creation of the global object rather than the time since
-        JS was last entered.  At this point the slow script dialog is guaranteed
-        to eventually be displayed incorrectly unless a page is loaded
-        asynchronously (which will reset everything into a sane state).
-
-        The fix for this is rather trivial -- the JSGlobalObject constructor
-        should not be resetting the machine timer state.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::Machine):
-          Now that we can't rely on the GlobalObject initialising the timeout
-          state, we do it in the Machine constructor.
-
-        * VM/Machine.h:
-        (JSC::Machine::stopTimeoutCheck):
-          Add assertions to guard against this happening.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-          Don't reset the timeout state.
-
-2008-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=21038 | <rdar://problem/6240812>
-        Uncaught exceptions in regex replace callbacks crash webkit
-        
-        This was a combination of two problems:
-        
-        (1) the replace function would continue execution after an exception
-        had been thrown.
-        
-        (2) In some cases, the Machine would return 0 in the case of an exception,
-        despite the fact that a few clients dereference the Machine's return
-        value without first checking for an exception.
-        
-        * VM/Machine.cpp:
-        (JSC::Machine::execute):
-        
-        ^ Return jsNull() instead of 0 in the case of an exception, since some
-        clients depend on using our return value.
-        
-        ^ ASSERT that execution does not continue after an exception has been
-        thrown, to help catch problems like this in the future.
-
-        * kjs/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        
-        ^ Stop execution if an exception has been thrown.
-
-2008-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the windows build.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-
-2008-09-23  Alp Toker  <alp@nuanti.com>
-
-        Build fix.
-
-        * VM/CTI.h:
-
-2008-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        * wtf/Platform.h: Removed duplicate #if.
-
-2008-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Changed the layout of the call frame from
-        
-        { header, parameters, locals | constants, temporaries }
-        
-        to
-        
-        { parameters, header | locals, constants, temporaries }
-        
-        This simplifies function entry+exit, and enables a number of future
-        optimizations.
-        
-        13.5% speedup on empty call benchmark for bytecode; 23.6% speedup on
-        empty call benchmark for CTI.
-        
-        SunSpider says no change. SunSpider --v8 says 1% faster.
-
-        * VM/CTI.cpp:
-        
-        Added a bit of abstraction for calculating whether a register is a
-        constant, since this patch changes that calculation:
-        (JSC::CTI::isConstant):
-        (JSC::CTI::getConstant):
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::getConstantImmediateNumericArg):
-
-        Updated for changes to callframe header location:
-        (JSC::CTI::emitPutToCallFrameHeader):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::printOpcodeOperandTypes):
-        
-        Renamed to spite Oliver:
-        (JSC::CTI::emitInitRegister):
-        
-        Added an abstraction for emitting a call through a register, so that
-        calls through registers generate exception info, too:
-        (JSC::CTI::emitCall):
-
-        Updated to match the new callframe header layout, and to support calls
-        through registers, which have no destination address:
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-
-        * VM/CTI.h:
-
-        More of the above:
-        (JSC::CallRecord::CallRecord):
-
-        * VM/CodeBlock.cpp:
-
-        Updated for new register layout:
-        (JSC::registerName):
-        (JSC::CodeBlock::dump):
-
-        * VM/CodeBlock.h:
-        
-        Updated CodeBlock to track slightly different information about the
-        register frame, and tweaked the style of an ASSERT_NOT_REACHED.
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::getStubInfo):
-
-        * VM/CodeGenerator.cpp:
-        
-        Added some abstraction around constant register allocation, since this
-        patch changes it, changed codegen to account for the new callframe
-        layout, and added abstraction around register fetching code
-        that used to assume that all local registers lived at negative indices,
-        since vars now live at positive indices:
-        (JSC::CodeGenerator::generate):
-        (JSC::CodeGenerator::addVar):
-        (JSC::CodeGenerator::addGlobalVar):
-        (JSC::CodeGenerator::allocateConstants):
-        (JSC::CodeGenerator::CodeGenerator):
-        (JSC::CodeGenerator::addParameter):
-        (JSC::CodeGenerator::registerFor):
-        (JSC::CodeGenerator::constRegisterFor):
-        (JSC::CodeGenerator::newRegister):
-        (JSC::CodeGenerator::newTemporary):
-        (JSC::CodeGenerator::highestUsedRegister):
-        (JSC::CodeGenerator::addConstant):
-        
-        ASSERT that our caller referenced the registers it passed to us.
-        Otherwise, we might overwrite them with parameters:
-        (JSC::CodeGenerator::emitCall):
-        (JSC::CodeGenerator::emitConstruct):
-
-        * VM/CodeGenerator.h:
-        
-        Added some abstraction for getting a RegisterID for a given index,
-        since the rules are a little weird:
-        (JSC::CodeGenerator::registerFor):
-
-        * VM/Machine.cpp:
-
-        Utility function to transform a machine return PC to a virtual machine
-        return VPC, for the sake of stack unwinding, since both PCs are stored
-        in the same location now:
-        (JSC::vPCForPC):
-
-        Tweaked to account for new call frame:
-        (JSC::Machine::initializeCallFrame):
-        
-        Tweaked to account for registerOffset supplied by caller:
-        (JSC::slideRegisterWindowForCall):
-
-        Tweaked to account for new register layout:
-        (JSC::scopeChainForCall):
-        (JSC::Machine::callEval):
-        (JSC::Machine::dumpRegisters):
-        (JSC::Machine::unwindCallFrame):
-        (JSC::Machine::execute):
-
-        Changed op_call and op_construct to implement the new calling convention:
-        (JSC::Machine::privateExecute):
-
-        Tweaked to account for the new register layout:
-        (JSC::Machine::retrieveArguments):
-        (JSC::Machine::retrieveCaller):
-        (JSC::Machine::retrieveLastCaller):
-        (JSC::Machine::callFrame):
-        (JSC::Machine::getArgumentsData):
-
-        Changed CTI call helpers to implement the new calling convention:
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-        (JSC::Machine::cti_op_ret_activation):
-        (JSC::Machine::cti_op_ret_profiler):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-        (JSC::Machine::cti_op_call_eval):
-
-        * VM/Machine.h:
-
-        * VM/Opcode.h:
-        
-        Renamed op_initialise_locals to op_init, because this opcode
-        doesn't initialize all locals, and it doesn't initialize only locals.
-        Also, to spite Oliver.
-        
-        * VM/RegisterFile.h:
-        
-        New call frame enumeration values:
-        (JSC::RegisterFile::):
-
-        Simplified the calculation of whether a RegisterID is a temporary,
-        since we can no longer assume that all positive non-constant registers
-        are temporaries:
-        * VM/RegisterID.h:
-        (JSC::RegisterID::RegisterID):
-        (JSC::RegisterID::setTemporary):
-        (JSC::RegisterID::isTemporary):
-
-        Renamed firstArgumentIndex to firstParameterIndex because the assumption
-        that this variable pertained to the actual arguments supplied by the
-        caller caused me to write some buggy code:
-        * kjs/Arguments.cpp:
-        (JSC::ArgumentsData::ArgumentsData):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::fillArgList):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::put):
-
-        Updated for new call frame layout:
-        * kjs/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        (JSC::DebuggerCallFrame::type):
-        * kjs/DebuggerCallFrame.h:
-
-        Changed the activation object to account for the fact that a call frame
-        header now sits between parameters and local variables. This change
-        requires all variable objects to do their own marking, since they
-        now use their register storage differently:
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::mark):
-        (JSC::JSActivation::copyRegisters):
-        (JSC::JSActivation::createArgumentsObject):
-        * kjs/JSActivation.h:
-
-        Updated global object to use the new interfaces required by the change
-        to JSActivation above:
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::mark):
-        (JSC::JSGlobalObject::copyGlobalsFrom):
-        (JSC::JSGlobalObject::copyGlobalsTo):
-        * kjs/JSGlobalObject.h:
-        (JSC::JSGlobalObject::addStaticGlobals):
-
-        Updated static scope object to use the new interfaces required by the 
-        change to JSActivation above:
-        * kjs/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::mark):
-        (JSC::JSStaticScopeObject::~JSStaticScopeObject):
-        * kjs/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        (JSC::JSStaticScopeObject::d):
-
-        Updated variable object to use the new interfaces required by the 
-        change to JSActivation above:
-        * kjs/JSVariableObject.cpp:
-        (JSC::JSVariableObject::copyRegisterArray):
-        (JSC::JSVariableObject::setRegisters):
-        * kjs/JSVariableObject.h:
-
-        Changed the bit twiddling in symbol table not to assume that all indices
-        are negative, since they can be positive now:
-        * kjs/SymbolTable.h:
-        (JSC::SymbolTableEntry::SymbolTableEntry):
-        (JSC::SymbolTableEntry::isNull):
-        (JSC::SymbolTableEntry::getIndex):
-        (JSC::SymbolTableEntry::getAttributes):
-        (JSC::SymbolTableEntry::setAttributes):
-        (JSC::SymbolTableEntry::isReadOnly):
-        (JSC::SymbolTableEntry::pack):
-        (JSC::SymbolTableEntry::isValidIndex):
-
-        Changed call and construct nodes to ref their functions and/or bases,
-        so that emitCall/emitConstruct doesn't overwrite them with parameters.
-        Also, updated for rename to registerFor:
-        * kjs/nodes.cpp:
-        (JSC::ResolveNode::emitCode):
-        (JSC::NewExprNode::emitCode):
-        (JSC::EvalFunctionCallNode::emitCode):
-        (JSC::FunctionCallValueNode::emitCode):
-        (JSC::FunctionCallResolveNode::emitCode):
-        (JSC::FunctionCallBracketNode::emitCode):
-        (JSC::FunctionCallDotNode::emitCode):
-        (JSC::PostfixResolveNode::emitCode):
-        (JSC::DeleteResolveNode::emitCode):
-        (JSC::TypeOfResolveNode::emitCode):
-        (JSC::PrefixResolveNode::emitCode):
-        (JSC::ReadModifyResolveNode::emitCode):
-        (JSC::AssignResolveNode::emitCode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ForInNode::emitCode):
-
-        Added abstraction for getting exception info out of a call through a
-        register:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::emitCall):
-        
-        Removed duplicate #if:
-        * wtf/Platform.h:
-
-2008-09-23  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin.
-
-        Bug 21030: The JS debugger breaks on the do of a do-while not the while
-        (where the conditional statement is)
-        https://bugs.webkit.org/show_bug.cgi?id=21030
-        Now the statementListEmitCode detects if a do-while node is being
-        emited and emits the debug hook on the last line instead of the first.
-
-        This change had no effect on sunspider.
-
-        * kjs/nodes.cpp:
-        (JSC::statementListEmitCode):
-        * kjs/nodes.h:
-        (JSC::StatementNode::isDoWhile):
-        (JSC::DoWhileNode::isDoWhile):
-
-2008-09-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - inline the fast case of instanceof
-        https://bugs.webkit.org/show_bug.cgi?id=20818
-
-        ~2% speedup on EarleyBoyer test.
-        
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_instanceof):
-
-2008-09-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - add forgotten slow case logic for !==
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileSlowCases):
-
-2008-09-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - inline the fast cases of !==, same as for ===
-        
-        2.9% speedup on EarleyBoyer benchmark
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpStrictEq): Factored stricteq codegen into this function,
-        and parameterized so it can do the reverse version as well.
-        (JSC::CTI::privateCompileMainPass): Use the above for stricteq and nstricteq.
-        * VM/CTI.h:
-        (JSC::CTI::): Declare above stuff.
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_nstricteq): Removed fast cases, now handled inline.
-
-2008-09-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 20989: Aguments constructor should put 'callee' and 'length' properties in a more efficient way
-        <https://bugs.webkit.org/show_bug.cgi?id=20989>
-
-        Make special cases for the 'callee' and 'length' properties in the
-        Arguments object.
-
-        This is somewhere between a 7.8% speedup and a 10% speedup on the V8
-        Raytrace benchmark, depending on whether it is run alone or with the
-        other V8 benchmarks.
-
-        * kjs/Arguments.cpp:
-        (JSC::ArgumentsData::ArgumentsData):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::mark):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-
-2008-09-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - speed up instanceof some more
-        https://bugs.webkit.org/show_bug.cgi?id=20818
-        
-        ~2% speedup on EarleyBoyer
-
-        The idea here is to record in the StructureID whether the class
-        needs a special hasInstance or if it can use the normal logic from
-        JSObject. 
-        
-        Based on this I inlined the real work directly into
-        cti_op_instanceof and put the fastest checks up front and the
-        error handling at the end (so it should be fairly straightforward
-        to split off the beginning to be inlined if desired).
-
-        I only did this for CTI, not the bytecode interpreter.
-        
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructureID):
-        * ChangeLog:
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_instanceof):
-        * kjs/JSImmediate.h:
-        (JSC::JSImmediate::isAnyImmediate):
-        * kjs/TypeInfo.h:
-        (JSC::TypeInfo::overridesHasInstance):
-        (JSC::TypeInfo::flags):
-
-2008-09-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=21019
-          make FunctionBodyNode::ref/deref fast
-
-        Speeds up v8-raytrace by 7.2%.
-
-        * kjs/nodes.cpp:
-        (JSC::FunctionBodyNode::FunctionBodyNode): Initialize m_refCount to 0.
-        * kjs/nodes.h:
-        (JSC::FunctionBodyNode::ref): Call base class ref once, and thereafter use
-        m_refCount.
-        (JSC::FunctionBodyNode::deref): Ditto, but the deref side.
-
-2008-09-22  Darin Adler  <darin@apple.com>
-
-        Pointed out by Sam Weinig.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::fillArgList): Fix bad copy and paste. Oops!
-
-2008-09-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20983
-          ArgumentsData should have some room to allocate some extra arguments inline
-
-        Speeds up v8-raytrace by 5%.
-
-        * kjs/Arguments.cpp:
-        (JSC::ArgumentsData::ArgumentsData): Use a fixed buffer if there are 4 or fewer
-        extra arguments.
-        (JSC::Arguments::Arguments): Use a fixed buffer if there are 4 or fewer
-        extra arguments.
-        (JSC::Arguments::~Arguments): Delete the buffer if necessary.
-        (JSC::Arguments::mark): Update since extraArguments are now Register.
-        (JSC::Arguments::fillArgList): Added special case for the only case that's
-        actually used in the practice, when there are no parameters. There are some
-        other special cases in there too, but that's the only one that matters.
-        (JSC::Arguments::getOwnPropertySlot): Updated to use setValueSlot since there's
-        no operation to get you at the JSValue* inside a Register as a "slot".
-
-2008-09-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=21014
-        Speed up for..in by using StructureID to avoid calls to hasProperty
-
-        Speeds up fasta by 8%.
-
-        * VM/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::invalidate):
-        * VM/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::next):
-        * kjs/PropertyNameArray.h:
-        (JSC::PropertyNameArrayData::begin):
-        (JSC::PropertyNameArrayData::end):
-        (JSC::PropertyNameArrayData::setCachedStructureID):
-        (JSC::PropertyNameArrayData::cachedStructureID):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::getEnumerablePropertyNames):
-        (JSC::structureIDChainsAreEqual):
-        * kjs/StructureID.h:
-
-2008-09-22  Kelvin Sherlock  <ksherlock@gmail.com>
-
-        Updated and tweaked by Sam Weinig.
-
-        Reviewed by Geoffrey Garen.
-
-        Bug 20020: Proposed enhancement to JavaScriptCore API
-        <https://bugs.webkit.org/show_bug.cgi?id=20020>
-
-        Add JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError, and JSObjectMakeRegExp
-        functions to create JavaScript Array, Date, Error, and RegExp objects, respectively.
-
-        * API/JSObjectRef.cpp: The functions
-        * API/JSObjectRef.h: Function prototype and documentation
-        * JavaScriptCore.exp: Added functions to exported function list
-        * API/tests/testapi.c: Added basic functionality tests.
-
-        * kjs/DateConstructor.cpp:
-        Replaced static JSObject* constructDate(ExecState* exec, JSObject*, const ArgList& args)
-        with JSObject* constructDate(ExecState* exec, const ArgList& args).
-        Added static JSObject* constructWithDateConstructor(ExecState* exec, JSObject*, const ArgList& args) function
-
-        * kjs/DateConstructor.h:
-        added prototype for JSObject* constructDate(ExecState* exec, const ArgList& args)
-
-        * kjs/ErrorConstructor.cpp:
-        removed static qualifier from ErrorInstance* constructError(ExecState* exec, const ArgList& args)
-
-        * kjs/ErrorConstructor.h:
-        added prototype for ErrorInstance* constructError(ExecState* exec, const ArgList& args)
-
-        * kjs/RegExpConstructor.cpp:
-        removed static qualifier from JSObject* constructRegExp(ExecState* exec, const ArgList& args)
-
-        * kjs/RegExpConstructor.h:
-        added prototype for JSObject* constructRegExp(ExecState* exec, const ArgList& args)
-
-2008-09-22  Matt Lilek  <webkit@mattlilek.com>
-
-        Not reviewed, Windows build fix.
-
-        * kjs/Arguments.cpp:
-        * kjs/FunctionPrototype.cpp:
-
-2008-09-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=20982
-        Speed up the apply method of functions by special-casing array and 'arguments' objects
-
-        1% speedup on v8-raytrace.
-
-        Test: fast/js/function-apply.html
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::fillArgList):
-        * kjs/Arguments.h:
-        * kjs/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply):
-        * kjs/JSArray.cpp:
-        (JSC::JSArray::fillArgList):
-        * kjs/JSArray.h:
-
-2008-09-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20993
-          Array.push/pop need optimized cases for JSArray
-
-        3% or so speedup on DeltaBlue benchmark.
-
-        * kjs/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPop): Call JSArray::pop when appropriate.
-        (JSC::arrayProtoFuncPush): Call JSArray::push when appropriate.
-
-        * kjs/JSArray.cpp:
-        (JSC::JSArray::putSlowCase): Set m_fastAccessCutoff when appropriate, getting
-        us into the fast code path.
-        (JSC::JSArray::pop): Added.
-        (JSC::JSArray::push): Added.
-        * kjs/JSArray.h: Added push and pop.
-
-        * kjs/operations.cpp:
-        (JSC::throwOutOfMemoryError): Don't inline this. Helps us avoid PIC branches.
-
-2008-09-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - speed up instanceof operator by replacing implementsHasInstance method with a TypeInfo flag
-
-        Partial work towards <https://bugs.webkit.org/show_bug.cgi?id=20818>
-        
-        2.2% speedup on EarleyBoyer benchmark.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructureID):
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructureID):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructureID):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::hasInstance):
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor):
-        * JavaScriptCore.exp:
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_instanceof):
-        * kjs/InternalFunction.cpp:
-        * kjs/InternalFunction.h:
-        (JSC::InternalFunction::createStructureID):
-        * kjs/JSObject.cpp:
-        * kjs/JSObject.h:
-        * kjs/TypeInfo.h:
-        (JSC::TypeInfo::implementsHasInstance):
-
-2008-09-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dave Hyatt.
-        
-        Based on initial work by Darin Adler.
-        
-        - replace masqueradesAsUndefined virtual method with a flag in TypeInfo
-        - use this to JIT inline code for eq_null and neq_null
-        https://bugs.webkit.org/show_bug.cgi?id=20823
-
-        0.5% speedup on SunSpider
-        ~4% speedup on Richards benchmark
-        
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/Machine.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_is_undefined):
-        * VM/Machine.h:
-        * kjs/JSCell.h:
-        * kjs/JSValue.h:
-        * kjs/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::create):
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructureID):
-        * kjs/StructureID.h:
-        (JSC::StructureID::mutableTypeInfo):
-        * kjs/TypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        (JSC::TypeInfo::masqueradesAsUndefined):
-        * kjs/operations.cpp:
-        (JSC::equal):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::setne_r):
-        (JSC::X86Assembler::setnz_r):
-        (JSC::X86Assembler::testl_i32m):
-
-2008-09-22  Tor Arne Vestbø  <tavestbo@trolltech.com>
-
-        Reviewed by Simon.
-
-        Initialize QCoreApplication in kjs binary/Shell.cpp
-        
-        This allows us to use QCoreApplication::instance() to
-        get the main thread in ThreadingQt.cpp
-
-        * kjs/Shell.cpp:
-        (main):
-        * wtf/ThreadingQt.cpp:
-        (WTF::initializeThreading):
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        - blind attempt to fix non-all-in-one builds
-
-        * kjs/JSGlobalObject.cpp: Added includes of Arguments.h and RegExpObject.h.
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        - fix debug build
-
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::addPropertyTransition): Use typeInfo().type() instead of m_type.
-        (JSC::StructureID::createCachedPrototypeChain): Ditto.
-
-2008-09-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        - introduce a TypeInfo class, for holding per-type (in the C++ class sense) date in StructureID
-        https://bugs.webkit.org/show_bug.cgi?id=20981
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        * VM/Machine.cpp:
-        (JSC::jsIsObjectType):
-        (JSC::Machine::Machine):
-        * kjs/AllInOneFile.cpp:
-        * kjs/JSCell.h:
-        (JSC::JSCell::isObject):
-        (JSC::JSCell::isString):
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * kjs/JSGlobalObject.h:
-        (JSC::StructureID::prototypeForLookup):
-        * kjs/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructureID):
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::createInheritorID):
-        * kjs/JSObject.h:
-        (JSC::JSObject::createStructureID):
-        * kjs/JSString.h:
-        (JSC::JSString::createStructureID):
-        * kjs/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * kjs/RegExpConstructor.cpp:
-        * kjs/RegExpMatchesArray.h: Added.
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        (JSC::RegExpMatchesArray::put):
-        (JSC::RegExpMatchesArray::deleteProperty):
-        (JSC::RegExpMatchesArray::getPropertyNames):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::addPropertyTransition):
-        (JSC::StructureID::toDictionaryTransition):
-        (JSC::StructureID::changePrototypeTransition):
-        (JSC::StructureID::getterSetterTransition):
-        * kjs/StructureID.h:
-        (JSC::StructureID::create):
-        (JSC::StructureID::typeInfo):
-        * kjs/TypeInfo.h: Added.
-        (JSC::TypeInfo::TypeInfo):
-        (JSC::TypeInfo::type):
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - fix crash logging into Gmail due to recent Arguments change
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::Arguments): Fix window where mark() function could
-        see d->extraArguments with uninitialized contents.
-        (JSC::Arguments::mark): Check d->extraArguments for 0 to handle two
-        cases: 1) Inside the constructor before it's initialized.
-        2) numArguments <= numParameters.
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        - fix loose end from the "duplicate constant values" patch
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitLoad): Add a special case for values the
-        hash table can't handle.
-
-2008-09-21  Mark Rowe  <mrowe@apple.com>
-
-        Fix the non-AllInOneFile build.
-
-        * kjs/Arguments.cpp: Add missing #include.
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich and Mark Rowe.
-
-        - fix test failure caused by my recent IndexToNameMap patch
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::deleteProperty): Added the accidentally-omitted
-        check of the boolean result from toArrayIndex.
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20975
-          inline immediate-number case of ==
-
-        * VM/CTI.h: Renamed emitJumpSlowCaseIfNotImm to
-        emitJumpSlowCaseIfNotImmNum, since the old name was incorrect.
-
-        * VM/CTI.cpp: Updated for new name.
-        (JSC::CTI::privateCompileMainPass): Added op_eq.
-        (JSC::CTI::privateCompileSlowCases): Added op_eq.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_eq): Removed fast case, since it's now
-        compiled.
-
-2008-09-21  Peter Gal  <galpter@inf.u-szeged.hu>
-
-        Reviewed by Tim Hatcher and Eric Seidel.
-
-        Fix the QT/Linux JavaScriptCore segmentation fault.
-        https://bugs.webkit.org/show_bug.cgi?id=20914
-
-        * wtf/ThreadingQt.cpp:
-        (WTF::initializeThreading): Use currentThread() if
-        platform is not a MAC (like in pre 36541 revisions)
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        * kjs/debugger.h: Removed some unneeded includes and declarations.
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20972
-          speed up Arguments further by eliminating the IndexToNameMap
-
-        No change on SunSpider. 1.29x as fast on V8 Raytrace.
-
-        * kjs/Arguments.cpp: Moved ArgumentsData in here. Eliminated the
-        indexToNameMap and hadDeletes data members. Changed extraArguments into
-        an OwnArrayPtr and added deletedArguments, another OwnArrayPtr.
-        Replaced numExtraArguments with numParameters, since that's what's
-        used more directly in hot code paths.
-        (JSC::Arguments::Arguments): Pass in argument count instead of ArgList.
-        Initialize ArgumentsData the new way.
-        (JSC::Arguments::mark): Updated.
-        (JSC::Arguments::getOwnPropertySlot): Overload for the integer form so
-        we don't have to convert integers to identifiers just to get an argument.
-        Integrated the deleted case with the fast case.
-        (JSC::Arguments::put): Ditto.
-        (JSC::Arguments::deleteProperty): Ditto.
-
-        * kjs/Arguments.h: Minimized includes. Made everything private. Added
-        overloads for the integral property name case. Eliminated mappedIndexSetter.
-        Moved ArgumentsData into the .cpp file.
-
-        * kjs/IndexToNameMap.cpp: Emptied out and prepared for deletion.
-        * kjs/IndexToNameMap.h: Ditto.
-
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::createArgumentsObject): Elminated ArgList.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        Removed IndexToNameMap.
-
-2008-09-21  Darin Adler  <darin@apple.com>
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitLoad): One more tweak: Wrote this in a slightly
-        clearer style.
-
-2008-09-21  Judit Jasz  <jasy@inf.u-szeged.hu>
-
-        Reviewed and tweaked by Darin Adler.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20645
-          Elminate duplicate constant values in CodeBlocks.
-
-        Seems to be a wash on SunSpider.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitLoad): Use m_numberMap and m_stringMap to guarantee
-        we emit the same JSValue* for identical numbers and strings.
-        * VM/CodeGenerator.h: Added overload of emitLoad for const Identifier&.
-        Add NumberMap and IdentifierStringMap types and m_numberMap and m_stringMap.
-        * kjs/nodes.cpp:
-        (JSC::StringNode::emitCode): Call the new emitLoad and let it do the
-        JSString creation.
-
-2008-09-21  Paul Pedriana  <webkit@pedriana.com>
-
-        Reviewed and tweaked by Darin Adler.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=16925
-          Fixed lack of Vector buffer alignment for both GCC and MSVC.
-          Since there's no portable way to do this, for now we don't support
-          other compilers.
-
-        * wtf/Vector.h: Added WTF_ALIGH_ON, WTF_ALIGNED, AlignedBufferChar, and AlignedBuffer.
-        Use AlignedBuffer insteadof an array of char in VectorBuffer.
-
-2008-09-21  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=19408
-          Add lightweight constant folding to the parser for *, /, + (only for numbers), <<, >>, ~ operators.
-
-        1.008x as fast on SunSpider.
-
-        * kjs/grammar.y:
-        (makeNegateNode): Fold if expression is a number > 0.
-        (makeBitwiseNotNode): Fold if expression is a number.
-        (makeMultNode): Fold if expressions are both numbers.
-        (makeDivNode): Fold if expressions are both numbers.
-        (makeAddNode): Fold if expressions are both numbers.
-        (makeLeftShiftNode): Fold if expressions are both numbers.
-        (makeRightShiftNode): Fold if expressions are both numbers.
-
-2008-09-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - speed up === operator by generating inline machine code for the fast paths
-        https://bugs.webkit.org/show_bug.cgi?id=20820
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumber):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumbers):
-        (JSC::CTI::emitJumpSlowCaseIfNotImmediates):
-        (JSC::CTI::emitTagAsBoolImmediate):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_stricteq):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::sete_r):
-        (JSC::X86Assembler::setz_r):
-        (JSC::X86Assembler::movzbl_rr):
-        (JSC::X86Assembler::emitUnlinkedJnz):
-
-2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Free memory allocated for extra arguments in the destructor of the
-        Arguments object.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::~Arguments):
-        * kjs/Arguments.h:
-
-2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20815: 'arguments' object creation is non-optimal
-        <https://bugs.webkit.org/show_bug.cgi?id=20815>
-
-        Fix our inefficient way of creating the arguments object by only
-        creating named properties for each of the arguments after a use of the
-        'delete' statement. This patch also speeds up access to the 'arguments'
-        object slightly, but it still does not use the array fast path for
-        indexed access that exists for many opcodes.
-
-        This is about a 20% improvement on the V8 Raytrace benchmark, and a 1.5%
-        improvement on the Earley-Boyer benchmark, which gives a 4% improvement
-        overall.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::mark):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        * kjs/Arguments.h:
-        (JSC::Arguments::ArgumentsData::ArgumentsData):
-        * kjs/IndexToNameMap.h:
-        (JSC::IndexToNameMap::size):
-        * kjs/JSActivation.cpp:
-        (JSC::JSActivation::createArgumentsObject):
-        * kjs/JSActivation.h:
-        (JSC::JSActivation::uncheckedSymbolTableGet):
-        (JSC::JSActivation::uncheckedSymbolTableGetValue):
-        (JSC::JSActivation::uncheckedSymbolTablePut):
-        * kjs/JSFunction.h:
-        (JSC::JSFunction::numParameters):
-
-2008-09-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        - fix crash seen on buildbot
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::mark): Add back mark of arrayPrototype,
-        deleted by accident in my recent check-in.
-
-2008-09-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-        
-        - speculative fix for non-AllInOne builds
-
-        * kjs/operations.h:
-
-2008-09-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        - assorted optimizations to === and !== operators
-        (work towards <https://bugs.webkit.org/show_bug.cgi?id=20820>)
-        
-        2.5% speedup on earley-boyer test
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_stricteq): Use inline version of
-        strictEqualSlowCase; remove unneeded exception check.
-        (JSC::Machine::cti_op_nstricteq): ditto
-        * kjs/operations.cpp:
-        (JSC::strictEqual): Use strictEqualSlowCaseInline
-        (JSC::strictEqualSlowCase): ditto
-        * kjs/operations.h:
-        (JSC::strictEqualSlowCaseInline): Version of strictEqualSlowCase that can be inlined,
-        since the extra function call indirection is a lose for CTI.
-
-2008-09-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        - finish https://bugs.webkit.org/show_bug.cgi?id=20858
-          make each distinct C++ class get a distinct JSC::Structure
-
-        This also includes some optimizations that make the change an overall
-        small speedup. Without those it was a bit of a slowdown.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor): Take a structure.
-        * API/JSCallbackConstructor.h: Ditto.
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::JSCallbackFunction): Pass a structure.
-        * API/JSCallbackObject.h: Take a structure.
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::JSCallbackObject::JSCallbackObject): Ditto.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype): Pass in a structure. Call setPrototype
-        if there's a custom prototype involved.
-        * API/JSObjectRef.cpp:
-        (JSObjectMake): Ditto.
-        (JSObjectMakeConstructor): Pass in a structure.
-
-        * JavaScriptCore.exp: Updated.
-
-        * VM/Machine.cpp:
-        (JSC::jsLess): Added a special case for when both arguments are strings.
-        This avoids converting both strings to with UString::toDouble.
-        (JSC::jsLessEq): Ditto.
-        (JSC::Machine::privateExecute): Pass in a structure.
-        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
-        (JSC::Machine::cti_op_new_regexp): Ditto.
-        (JSC::Machine::cti_op_is_string): Ditto.
-        * VM/Machine.h: Made isJSString public so it can be used in the CTI.
-
-        * kjs/Arguments.cpp:
-        (JSC::Arguments::Arguments): Pass in a structure.
-
-        * kjs/JSCell.h: Mark constructor explicit.
-
-        * kjs/JSGlobalObject.cpp:
-        (JSC::markIfNeeded): Added an overload for marking structures.
-        (JSC::JSGlobalObject::reset): Eliminate code to set data members to
-        zero. We now do that in the constructor, and we no longer use this
-        anywhere except in the constructor. Added code to create structures.
-        Pass structures rather than prototypes when creating objects.
-        (JSC::JSGlobalObject::mark): Mark the structures.
-
-        * kjs/JSGlobalObject.h: Removed unneeded class declarations.
-        Added initializers for raw pointers in JSGlobalObjectData so
-        everything starts with a 0. Added structure data and accessor
-        functions.
-
-        * kjs/JSImmediate.cpp:
-        (JSC::JSImmediate::nonInlineNaN): Added.
-        * kjs/JSImmediate.h:
-        (JSC::JSImmediate::toDouble): Rewrote to avoid PIC branches.
-
-        * kjs/JSNumberCell.cpp:
-        (JSC::jsNumberCell): Made non-inline to avoid PIC branches
-        in functions that call this one.
-        (JSC::jsNaN): Ditto.
-        * kjs/JSNumberCell.h: Ditto.
-
-        * kjs/JSObject.h: Removed constructor that takes a prototype.
-        All callers now pass structures.
-
-        * kjs/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::constructArrayWithSizeQuirk):
-        * kjs/ArrayConstructor.h:
-        * kjs/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * kjs/ArrayPrototype.h:
-        * kjs/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * kjs/BooleanConstructor.h:
-        * kjs/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * kjs/BooleanObject.h:
-        * kjs/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * kjs/BooleanPrototype.h:
-        * kjs/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        (JSC::constructDate):
-        * kjs/DateConstructor.h:
-        * kjs/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * kjs/DateInstance.h:
-        * kjs/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * kjs/DatePrototype.h:
-        * kjs/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        (JSC::constructError):
-        * kjs/ErrorConstructor.h:
-        * kjs/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * kjs/ErrorInstance.h:
-        * kjs/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * kjs/ErrorPrototype.h:
-        * kjs/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * kjs/FunctionConstructor.h:
-        * kjs/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * kjs/FunctionPrototype.h:
-        * kjs/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        * kjs/GlobalEvalFunction.h:
-        * kjs/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * kjs/InternalFunction.h:
-        (JSC::InternalFunction::InternalFunction):
-        * kjs/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::constructEmptyArray):
-        (JSC::constructArray):
-        * kjs/JSArray.h:
-        * kjs/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::construct):
-        * kjs/JSObject.cpp:
-        (JSC::constructEmptyObject):
-        * kjs/JSString.cpp:
-        (JSC::StringObject::create):
-        * kjs/JSWrapperObject.h:
-        * kjs/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * kjs/MathObject.h:
-        * kjs/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        (JSC::NativeErrorConstructor::construct):
-        * kjs/NativeErrorConstructor.h:
-        * kjs/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * kjs/NativeErrorPrototype.h:
-        * kjs/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::constructWithNumberConstructor):
-        * kjs/NumberConstructor.h:
-        * kjs/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        (JSC::constructNumber):
-        (JSC::constructNumberFromImmediateNumber):
-        * kjs/NumberObject.h:
-        * kjs/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * kjs/NumberPrototype.h:
-        * kjs/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::constructObject):
-        * kjs/ObjectConstructor.h:
-        * kjs/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * kjs/ObjectPrototype.h:
-        * kjs/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * kjs/PrototypeFunction.h:
-        * kjs/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        (JSC::constructRegExp):
-        * kjs/RegExpConstructor.h:
-        * kjs/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * kjs/RegExpObject.h:
-        * kjs/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * kjs/RegExpPrototype.h:
-        * kjs/Shell.cpp:
-        (GlobalObject::GlobalObject):
-        * kjs/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        (JSC::constructWithStringConstructor):
-        * kjs/StringConstructor.h:
-        * kjs/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * kjs/StringObject.h:
-        * kjs/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * kjs/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * kjs/StringPrototype.h:
-        Take and pass structures.
-
-2008-09-19  Alp Toker  <alp@nuanti.com>
-
-        Build fix for the 'gold' linker and recent binutils. New behaviour
-        requires that we link to used libraries explicitly.
-
-        * GNUmakefile.am:
-
-2008-09-19  Sam Weinig  <sam@webkit.org>
-
-        Roll r36694 back in.  It did not cause the crash.
-
-        * JavaScriptCore.exp:
-        * VM/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::invalidate):
-        * VM/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::create):
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::getEnumerablePropertyNames):
-        * kjs/PropertyMap.h:
-        * kjs/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * kjs/PropertyNameArray.h:
-        (JSC::PropertyNameArrayData::create):
-        (JSC::PropertyNameArrayData::propertyNameVector):
-        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
-        (JSC::PropertyNameArrayData::cachedPrototypeChain):
-        (JSC::PropertyNameArrayData::begin):
-        (JSC::PropertyNameArrayData::end):
-        (JSC::PropertyNameArrayData::PropertyNameArrayData):
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::addKnownUnique):
-        (JSC::PropertyNameArray::size):
-        (JSC::PropertyNameArray::operator[]):
-        (JSC::PropertyNameArray::begin):
-        (JSC::PropertyNameArray::end):
-        (JSC::PropertyNameArray::setData):
-        (JSC::PropertyNameArray::data):
-        (JSC::PropertyNameArray::releaseData):
-        * kjs/StructureID.cpp:
-        (JSC::structureIDChainsAreEqual):
-        (JSC::StructureID::getEnumerablePropertyNames):
-        (JSC::StructureID::clearEnumerationCache):
-        (JSC::StructureID::createCachedPrototypeChain):
-        * kjs/StructureID.h:
-
-2008-09-19  Sam Weinig  <sam@webkit.org>
-
-        Roll out r36694.
-
-        * JavaScriptCore.exp:
-        * VM/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::invalidate):
-        * VM/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::create):
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::getEnumerablePropertyNames):
-        * kjs/PropertyMap.h:
-        * kjs/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * kjs/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::addKnownUnique):
-        (JSC::PropertyNameArray::begin):
-        (JSC::PropertyNameArray::end):
-        (JSC::PropertyNameArray::size):
-        (JSC::PropertyNameArray::operator[]):
-        (JSC::PropertyNameArray::releaseIdentifiers):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::getEnumerablePropertyNames):
-        * kjs/StructureID.h:
-        (JSC::StructureID::clearEnumerationCache):
-
-2008-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Improve peformance of local variable initialisation.
-
-        Pull local and constant initialisation out of slideRegisterWindowForCall
-        and into its own opcode.  This allows the JIT to generate the initialisation
-        code for a function directly into the instruction stream and so avoids a few
-        branches on function entry.
-
-        Results a 1% progression in SunSpider, particularly in a number of the bitop
-        tests where the called functions are very fast. 
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitInitialiseRegister):
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::CodeGenerator):
-        * VM/Machine.cpp:
-        (JSC::slideRegisterWindowForCall):
-        (JSC::Machine::privateExecute):
-        * VM/Opcode.h:
-
-2008-09-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=20928
-        Speed up JS property enumeration by caching entire PropertyNameArray
-
-        1.3% speedup on Sunspider, 30% on string-fasta.
-
-        * JavaScriptCore.exp:
-        * VM/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::invalidate):
-        * VM/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::create):
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::getEnumerablePropertyNames):
-        * kjs/PropertyMap.h:
-        * kjs/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * kjs/PropertyNameArray.h:
-        (JSC::PropertyNameArrayData::create):
-        (JSC::PropertyNameArrayData::propertyNameVector):
-        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
-        (JSC::PropertyNameArrayData::cachedPrototypeChain):
-        (JSC::PropertyNameArrayData::begin):
-        (JSC::PropertyNameArrayData::end):
-        (JSC::PropertyNameArrayData::PropertyNameArrayData):
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::addKnownUnique):
-        (JSC::PropertyNameArray::size):
-        (JSC::PropertyNameArray::operator[]):
-        (JSC::PropertyNameArray::begin):
-        (JSC::PropertyNameArray::end):
-        (JSC::PropertyNameArray::setData):
-        (JSC::PropertyNameArray::data):
-        (JSC::PropertyNameArray::releaseData):
-        * kjs/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * kjs/StructureID.cpp:
-        (JSC::structureIDChainsAreEqual):
-        (JSC::StructureID::getEnumerablePropertyNames):
-        (JSC::StructureID::clearEnumerationCache):
-        (JSC::StructureID::createCachedPrototypeChain):
-        * kjs/StructureID.h:
-
-2008-09-19  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix a mismatched new[]/delete in JSObject::allocatePropertyStorage
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::allocatePropertyStorage): Spotted by valgrind.
-
-2008-09-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - part 2 of https://bugs.webkit.org/show_bug.cgi?id=20858
-          make each distinct C++ class get a distinct JSC::Structure
-
-        * JavaScriptCore.exp: Exported constructEmptyObject for use in WebCore.
-
-        * kjs/JSGlobalObject.h: Changed the protected constructor to take a
-        structure instead of a prototype.
-
-        * kjs/JSVariableObject.h: Removed constructor that takes a prototype.
-
-2008-09-19  Julien Chaffraix  <jchaffraix@pleyo.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Use the template hoisting technique on the RefCounted class. This reduces the code bloat due to
-        non-template methods' code been copied for each instance of the template.
-        The patch splits RefCounted between a base class that holds non-template methods and attributes
-        and the template RefCounted class that keeps the same functionnality.
-
-        On my Linux with gcc 4.3 for the Gtk port, this is:
-        - a ~600KB save on libwebkit.so in release.
-        - a ~1.6MB save on libwebkit.so in debug.
-
-        It is a wash on Sunspider and a small win on Dromaeo (not sure it is relevant).
-        On the whole, it should be a small win as we reduce the compiled code size and the only
-        new function call should be inlined by the compiler.
-
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::ref): Copied from RefCounted.
-        (WTF::RefCountedBase::hasOneRef): Ditto.
-        (WTF::RefCountedBase::refCount): Ditto.
-        (WTF::RefCountedBase::RefCountedBase): Ditto.
-        (WTF::RefCountedBase::~RefCountedBase): Ditto.
-        (WTF::RefCountedBase::derefBase): Tweaked from the RefCounted version to remove
-        template section.
-        (WTF::RefCounted::RefCounted):
-        (WTF::RefCounted::deref): Small wrapper around RefCountedBase::derefBase().
-        (WTF::RefCounted::~RefCounted): Keep private destructor.
-
-2008-09-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        - part 1 of https://bugs.webkit.org/show_bug.cgi?id=20858
-          make each distinct C++ class get a distinct JSC::Structure
-
-        * kjs/lookup.h: Removed things here that were used only in WebCore:
-        cacheGlobalObject, JSC_DEFINE_PROTOTYPE, JSC_DEFINE_PROTOTYPE_WITH_PROTOTYPE,
-        and JSC_IMPLEMENT_PROTOTYPE.
-
-2008-09-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20927
-          simplify/streamline the code to turn strings into identifiers while parsing
-
-        * kjs/grammar.y: Get rid of string from the union, and use ident for STRING as
-        well as for IDENT.
-
-        * kjs/lexer.cpp:
-        (JSC::Lexer::lex): Use makeIdentifier instead of makeUString for String.
-        * kjs/lexer.h: Remove makeUString.
-
-        * kjs/nodes.h: Changed StringNode to hold an Identifier instead of UString.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::keyForCharacterSwitch): Updated since StringNode now holds an Identifier.
-        (JSC::prepareJumpTableForStringSwitch): Ditto.
-        * kjs/nodes.cpp:
-        (JSC::StringNode::emitCode): Ditto. The comment from here is now in the lexer.
-        (JSC::processClauseList): Ditto.
-        * kjs/nodes2string.cpp:
-        (JSC::StringNode::streamTo): Ditto.
-
-2008-09-18  Sam Weinig  <sam@webkit.org>
-
-        Fix style.
-
-        * VM/Instruction.h:
-        (JSC::Instruction::Instruction):
-
-2008-09-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20911: REGRESSION(r36480?): Reproducible assertion failure below derefStructureIDs 64-bit JavaScriptCore
-        <https://bugs.webkit.org/show_bug.cgi?id=20911>
-
-        The problem was simply caused by the int constructor for Instruction
-        failing to initialise the full struct in 64bit builds.
-
-        * VM/Instruction.h:
-        (JSC::Instruction::Instruction):
-
-2008-09-18  Darin Adler  <darin@apple.com>
-
-        - fix release build
-
-        * wtf/RefCountedLeakCounter.cpp: Removed stray "static".
-
-2008-09-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        * kjs/JSGlobalObject.h: Tiny style guideline tweak.
-
-2008-09-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=20925
-          LEAK messages appear every time I quit
-
-        * JavaScriptCore.exp: Updated, and also added an export
-        needed for future WebCore use of JSC::StructureID.
-
-        * wtf/RefCountedLeakCounter.cpp:
-        (WTF::RefCountedLeakCounter::suppressMessages): Added.
-        (WTF::RefCountedLeakCounter::cancelMessageSuppression): Added.
-        (WTF::RefCountedLeakCounter::RefCountedLeakCounter): Tweaked a bit.
-        (WTF::RefCountedLeakCounter::~RefCountedLeakCounter): Added code to
-        log the reason there was no leak checking done.
-        (WTF::RefCountedLeakCounter::increment): Tweaked a bit.
-        (WTF::RefCountedLeakCounter::decrement): Ditto.
-
-        * wtf/RefCountedLeakCounter.h: Replaced setLogLeakMessages with two
-        new functions, suppressMessages and cancelMessageSuppression. Also
-        added m_ prefixes to the data member names.
-
-2008-09-18  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20437
-
-        Add a proper #define to define which XML Parser implementation to use. Client
-        code can use #if USE(QXMLSTREAM) to decide if the Qt XML StreamReader
-        implementation is going to be used.
-
-        * wtf/Platform.h:
-
-2008-09-18  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Make a Unicode non-breaking space count as a whitespace character in
-        PCRE. This change was already made in WREC, and it fixes one of the
-        Mozilla JS tests. Since it is now fixed in PCRE as well, we can check
-        in a new set of expected test results.
-
-        * pcre/pcre_internal.h:
-        (isSpaceChar):
-        * tests/mozilla/expected.html:
-
-2008-09-18  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Mark Rowe and Maciej Stachowiak.
-
-        add an option use arch to specify which architecture to run.
-
-        * tests/mozilla/jsDriver.pl:
-
-2008-09-17  Oliver Hunt  <oliver@apple.com>
-
-        Correctly restore argument reference prior to SFX runtime calls.
-        
-        Reviewed by Steve Falkenburg.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-
-2008-09-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20876: REGRESSION (r36417, r36427): fast/js/exception-expression-offset.html fails
-        <https://bugs.webkit.org/show_bug.cgi?id=20876>
-
-        r36417 and r36427 caused an get_by_id opcode to be emitted before the
-        instanceof and construct opcodes, in order to enable inline caching of
-        the prototype property. Unfortunately, this regressed some tests dealing
-        with exceptions thrown by 'instanceof' and the 'new' operator. We fix
-        these problems by detecting whether an "is not an object" exception is
-        thrown before op_instanceof or op_construct, and emit the proper
-        exception in those cases.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitConstruct):
-        * VM/CodeGenerator.h:
-        * VM/ExceptionHelpers.cpp:
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAnObjectError):
-        * VM/ExceptionHelpers.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::getOpcode):
-        (JSC::Machine::privateExecute):
-        * VM/Machine.h:
-        * kjs/nodes.cpp:
-        (JSC::NewExprNode::emitCode):
-        (JSC::InstanceOfNode::emitCode):
-
-2008-09-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JIT generation cti_op_construct_verify.
-        
-        Quarter to half percent progression on v8-tests.
-        Roughly not change on SunSpider (possible minor progression).
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-
-2008-09-15  Steve Falkenburg  <sfalken@apple.com>
-
-        Improve timer accuracy for JavaScript Date object on Windows.
-        
-        Use a combination of ftime and QueryPerformanceCounter.
-        ftime returns the information we want, but doesn't have sufficient resolution.
-        QueryPerformanceCounter has high resolution, but is only usable to measure time intervals.
-        To combine them, we call ftime and QueryPerformanceCounter initially. Later calls will use
-        QueryPerformanceCounter by itself, adding the delta to the saved ftime.  We re-sync to
-        correct for drift if the low-res and high-res elapsed time between calls differs by more
-        than twice the low-resolution timer resolution.
-        
-        QueryPerformanceCounter may be inaccurate due to a problems with:
-        - some PCI bridge chipsets (http://support.microsoft.com/kb/274323)
-        - BIOS bugs (http://support.microsoft.com/kb/895980/)
-        - BIOS/HAL bugs on multiprocessor/multicore systems (http://msdn.microsoft.com/en-us/library/ms644904.aspx)
-        
-        Reviewed by Darin Adler.
-
-        * kjs/DateMath.cpp:
-        (JSC::highResUpTime):
-        (JSC::lowResUTCTime):
-        (JSC::qpcAvailable):
-        (JSC::getCurrentUTCTimeWithMicroseconds):
-
-2008-09-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Implement JIT generation of CallFrame initialization, for op_call.
-
-        1% sunspider 2.5% v8-tests.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall):
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_op_call_NotJSFunction):
-
-2008-09-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Optimizations for op_call in CTI.  Move check for (ctiCode == 0) into JIT code,
-        move copying of scopeChain for CodeBlocks that needFullScopeChain into head of
-        functions, instead of checking prior to making the call.
-
-        3% on v8-tests (4% on richards, 6% in delta-blue)
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        * VM/Machine.cpp:
-        (JSC::Machine::execute):
-        (JSC::Machine::cti_op_call_JSFunction):
-        (JSC::Machine::cti_vm_compile):
-        (JSC::Machine::cti_vm_updateScopeChain):
-        (JSC::Machine::cti_op_construct_JSConstruct):
-        * VM/Machine.h:
-
-2008-09-17  Tor Arne Vestbø  <tavestbo@trolltech.com>
-
-        Fix the QtWebKit/Mac build
-
-        * wtf/ThreadingQt.cpp:
-        (WTF::initializeThreading): use QCoreApplication to get the main thread
-
-2008-09-16  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20857: REGRESSION (r36427): ASSERTION FAILED: m_refCount >= 0 in RegisterID::deref()
-        <https://bugs.webkit.org/show_bug.cgi?id=20857>
-
-        Fix a problem stemming from the slightly unsafe behaviour of the
-        CodeGenerator::finalDestination() method by putting the "func" argument
-        of the emitConstruct() method in a RefPtr in its caller. Also, add an
-        assertion guaranteeing that this is always the case.
-
-        CodeGenerator::finalDestination() is still incorrect and can cause
-        problems with a different allocator; see bug 20340 for more details.
-
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitConstruct):
-        * kjs/nodes.cpp:
-        (JSC::NewExprNode::emitCode):
-
-2008-09-16  Alice Liu  <alice.liu@apple.com>
-
-        build fix.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-
-2008-09-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        CTI code generation for op_ret.  The majority of the work
-        (updating variables on the stack & on exec) can be performed
-        directly in generated code.
-
-        We still need to check, & to call out to C-code to handle
-        activation records, profiling, and full scope chains.
-
-        +1.5% Sunspider, +5/6% v8 tests.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitPutCTIParam):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_ret_activation):
-        (JSC::Machine::cti_op_ret_profiler):
-        (JSC::Machine::cti_op_ret_scopeChain):
-        * VM/Machine.h:
-
-2008-09-16  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Fix the Windows build.
-
-        Add some extra parentheses to stop MSVC from complaining so much.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_stricteq):
-        (JSC::Machine::cti_op_nstricteq):
-        * kjs/operations.cpp:
-        (JSC::strictEqual):
-
-2008-09-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - speed up the === and !== operators by choosing the fast cases better
-        
-        No effect on SunSpider but speeds up the V8 EarlyBoyer benchmark about 4%.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_stricteq):
-        (JSC::Machine::cti_op_nstricteq):
-        * kjs/JSImmediate.h:
-        (JSC::JSImmediate::areBothImmediate):
-        * kjs/operations.cpp:
-        (JSC::strictEqual):
-        (JSC::strictEqualSlowCase):
-        * kjs/operations.h:
-
-2008-09-15  Oliver Hunt  <oliver@apple.com>
-
-        RS=Sam Weinig.
-
-        Coding style cleanup.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-
-2008-09-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 20874: op_resolve does not do any form of caching
-        <https://bugs.webkit.org/show_bug.cgi?id=20874>
-
-        This patch adds an op_resolve_global opcode to handle (and cache)
-        property lookup we can statically determine must occur on the global
-        object (if at all).
-
-        3% progression on sunspider, 3.2x improvement to bitops-bitwise-and, and
-        10% in math-partial-sums
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::findScopedProperty):
-        (JSC::CodeGenerator::emitResolve):
-        * VM/Machine.cpp:
-        (JSC::resolveGlobal):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_resolve_global):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-
-2008-09-15  Sam Weinig  <sam@webkit.org>
-
-        Roll out r36462.  It broke document.all.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::Machine):
-        (JSC::Machine::cti_op_eq_null):
-        (JSC::Machine::cti_op_neq_null):
-        * VM/Machine.h:
-        (JSC::Machine::isJSString):
-        * kjs/JSCell.h:
-        * kjs/JSWrapperObject.h:
-        * kjs/StringObject.h:
-        * kjs/StringObjectThatMasqueradesAsUndefined.h:
-
-2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20863: ASSERTION FAILED: addressOffset < instructions.size() in CodeBlock::getHandlerForVPC
-        <https://bugs.webkit.org/show_bug.cgi?id=20863>
-
-        r36427 changed the number of arguments to op_construct without changing
-        the argument index for the vPC in the call to initializeCallFrame() in
-        the CTI case. This caused a JSC test failure. Correcting the argument
-        index fixes the test failure.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_construct_JSConstruct):
-
-2008-09-15  Mark Rowe  <mrowe@apple.com>
-
-        Fix GCC 4.2 build.
-
-        * VM/CTI.h:
-
-2008-09-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed a typo in op_get_by_id_chain that caused it to miss every time
-        in the interpreter.
-        
-        Also, a little cleanup.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute): Set up baseObject before entering the
-        loop, so we compare against the right values.
-
-2008-09-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Removed the CalledAsConstructor flag from the call frame header. Now,
-        we use an explicit opcode at the call site to fix up constructor results.
-
-        SunSpider says 0.4% faster.
-        
-        cti_op_construct_verify is an out-of-line function call for now, but we
-        can fix that once StructureID holds type information like isObject.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass): Codegen for the new opcode.
-
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-
-        * VM/CodeGenerator.cpp: Codegen for the new opcode. Also...
-        (JSC::CodeGenerator::emitCall): ... don't test for known non-zero value.
-        (JSC::CodeGenerator::emitConstruct): ... ditto.
-
-        * VM/Machine.cpp: No more CalledAsConstructor
-        (JSC::Machine::privateExecute): Implementation for the new opcode.
-        (JSC::Machine::cti_op_ret): The speedup: no need to check whether we were
-        called as a constructor.
-        (JSC::Machine::cti_op_construct_verify): Implementation for the new opcode.
-        * VM/Machine.h:
-
-        * VM/Opcode.h: Declare new opcode.
-
-        * VM/RegisterFile.h:
-        (JSC::RegisterFile::): No more CalledAsConstructor
-
-2008-09-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Inline code generation of eq_null/neq_null for CTI.  Uses vptr checking for
-        StringObjectsThatAreMasqueradingAsBeingUndefined.  In the long run, the
-        masquerading may be handled differently (through the StructureIDs - see bug
-        #20823).
-
-        >1% on v8-tests.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitJumpSlowCaseIfIsJSCell):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::Machine):
-        (JSC::Machine::cti_op_eq_null):
-        (JSC::Machine::cti_op_neq_null):
-        * VM/Machine.h:
-        (JSC::Machine::doesMasqueradesAsUndefined):
-        * kjs/JSWrapperObject.h:
-        (JSC::JSWrapperObject::):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * kjs/StringObject.h:
-        (JSC::StringObject::StringObject):
-        * kjs/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-
-2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Oliver Hunt.
-
-        r36427 broke CodeBlock::dump() by changing the number of arguments to
-        op_construct without changing the code that prints it. This patch fixes
-        it by printing the additional argument.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-
-2008-09-15  Adam Roben  <aroben@apple.com>
-
-        Build fix
-
-        * kjs/StructureID.cpp: Removed a stray semicolon.
-
-2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix a crash in fast/js/exception-expression-offset.html caused by not
-        updating all mentions of the length of op_construct in r36427.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_construct_NotJSConstruct):
-
-2008-09-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - fix layout test failure introduced by fix for 20849
-        
-        (The failing test was fast/js/delete-then-put.html)
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::removeDirect): Clear enumeration cache
-        in the dictionary case.
-        * kjs/JSObject.h:
-        (JSC::JSObject::putDirect): Ditto.
-        * kjs/StructureID.h:
-        (JSC::StructureID::clearEnumerationCache): Inline to handle the
-        clear.
-
-2008-09-15  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - fix JSC test failures introduced by fix for 20849
-
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::getEnumerablePropertyNames): Use the correct count.
-
-2008-09-15  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20851: REGRESSION (r36410): fast/js/kde/GlobalObject.html fails
-        <https://bugs.webkit.org/show_bug.cgi?id=20851>
-
-        r36410 introduced an optimization for parseInt() that is incorrect when
-        its argument is larger than the range of a 32-bit integer. If the
-        argument is a number that is not an immediate integer, then the correct
-        behaviour is to return the floor of its value, unless it is an infinite
-        value, in which case the correct behaviour is to return 0.
-
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-
-2008-09-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=20849
-        Cache property names for getEnumerablePropertyNames in the StructureID.
-
-        ~0.5% speedup on Sunspider overall (9.7% speedup on string-fasta).  ~1% speedup
-        on the v8 test suite.
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::getEnumerablePropertyNames):
-        * kjs/PropertyMap.h:
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::getEnumerablePropertyNames):
-        * kjs/StructureID.h:
-
-2008-09-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - speed up JS construction by extracting "prototype" lookup so PIC applies.
-        
-        ~0.5% speedup on SunSpider
-        Speeds up some of the V8 tests as well, most notably earley-boyer.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileOpCall): Account for extra arg for prototype.
-        (JSC::CTI::privateCompileMainPass): Account for increased size of op_construct.
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitConstruct): Emit separate lookup to get prototype property.
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute): Expect prototype arg in op_construct.
-        (JSC::Machine::cti_op_construct_JSConstruct): ditto
-        (JSC::Machine::cti_op_construct_NotJSConstruct): ditto
-
-2008-09-10  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add a protected destructor for RefCounted.
-
-        It is wrong to call its destructor directly, because (1) this should be taken care of by
-        deref(), and (2) many classes that use RefCounted have non-virtual destructors.
-
-        No change in behavior.
-
-        * wtf/RefCounted.h: (WTF::RefCounted::~RefCounted):
-
-2008-09-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Accelerated property accesses.
-
-        Inline more of the array access code into the JIT code for get/put_by_val.
-        Accelerate get/put_by_id by speculatively inlining a disable direct access
-        into the hot path of the code, and repatch this with the correct StructureID
-        and property map offset once these are known.  In the case of accesses to the
-        prototype and reading the array-length a trampoline is genertaed, and the
-        branch to the slow-case is relinked to jump to this.
-
-        By repatching, we mean rewriting the x86 instruction stream.  Instructions are
-        only modified in a simple fasion - altering immediate operands, memory access
-        deisplacements, and branch offsets.
-        
-        For regular get_by_id/put_by_id accesses to an object, a StructureID in an
-        instruction's immediate operant is updateded, and a memory access operation's
-        displacement is updated to access the correct field on the object.  In the case
-        of more complex accesses (array length and get_by_id_prototype) the offset on
-        the branch to slow-case is updated, to now jump to a trampoline.
-
-        +2.8% sunspider, +13% v8-tests
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitCall):
-        (JSC::CTI::emitJumpSlowCaseIfNotJSCell):
-        (JSC::CTI::CTI):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        (JSC::CTI::privateCompileArrayLengthTrampoline):
-        (JSC::CTI::privateCompileStringLengthTrampoline):
-        (JSC::CTI::patchGetByIdSelf):
-        (JSC::CTI::patchPutByIdReplace):
-        (JSC::CTI::privateCompilePatchGetArrayLength):
-        (JSC::CTI::privateCompilePatchGetStringLength):
-        * VM/CTI.h:
-        (JSC::CTI::compileGetByIdSelf):
-        (JSC::CTI::compileGetByIdProto):
-        (JSC::CTI::compileGetByIdChain):
-        (JSC::CTI::compilePutByIdReplace):
-        (JSC::CTI::compilePutByIdTransition):
-        (JSC::CTI::compileArrayLengthTrampoline):
-        (JSC::CTI::compileStringLengthTrampoline):
-        (JSC::CTI::compilePatchGetArrayLength):
-        (JSC::CTI::compilePatchGetStringLength):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::~CodeBlock):
-        * VM/CodeBlock.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        (JSC::CodeBlock::getStubInfo):
-        * VM/Machine.cpp:
-        (JSC::Machine::tryCTICachePutByID):
-        (JSC::Machine::tryCTICacheGetByID):
-        (JSC::Machine::cti_op_put_by_val_array):
-        * VM/Machine.h:
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::cmpl_i8m):
-        (JSC::X86Assembler::emitUnlinkedJa):
-        (JSC::X86Assembler::getRelocatedAddress):
-        (JSC::X86Assembler::getDifferenceBetweenLabels):
-        (JSC::X86Assembler::emitModRm_opmsib):
-
-2008-09-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        - split the "prototype" lookup for hasInstance into opcode stream so it can be cached
-        
-        ~5% speedup on v8 earley-boyer test
-
-        * API/JSCallbackObject.h: Add a parameter for the pre-looked-up prototype.
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::hasInstance): Ditto.
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor): Look up and pass in prototype.
-        * JavaScriptCore.exp:
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass): Pass along prototype.
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Print third arg.
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitInstanceOf): Implement this, now that there
-        is a third argument.
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute): Pass along the prototype.
-        (JSC::Machine::cti_op_instanceof): ditto
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::hasInstance): Expect to get a pre-looked-up prototype.
-        * kjs/JSObject.h:
-        * kjs/nodes.cpp:
-        (JSC::InstanceOfNode::emitCode): Emit a get_by_id of the prototype
-        property and pass that register to instanceof.
-        * kjs/nodes.h:
-
-2008-09-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove unnecessary virtual function call from cti_op_call_JSFunction -
-        ~5% on richards, ~2.5% on v8-tests, ~0.5% on sunspider.
-
-        * VM/Machine.cpp:
-        (JSC::Machine::cti_op_call_JSFunction):
-
-2008-09-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20827: the 'typeof' operator is slow
-        <https://bugs.webkit.org/show_bug.cgi?id=20827>
-
-        Optimize the 'typeof' operator when its result is compared to a constant
-        string.
-
-        This is a 5.5% speedup on the V8 Earley-Boyer test.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitEqualityOp):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_is_undefined):
-        (JSC::Machine::cti_op_is_boolean):
-        (JSC::Machine::cti_op_is_number):
-        (JSC::Machine::cti_op_is_string):
-        (JSC::Machine::cti_op_is_object):
-        (JSC::Machine::cti_op_is_function):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (JSC::BinaryOpNode::emitCode):
-        (JSC::EqualNode::emitCode):
-        (JSC::StrictEqualNode::emitCode):
-        * kjs/nodes.h:
-
-2008-09-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=20844
-        Speed up parseInt for numbers
-
-        Sunspider reports this as 1.029x as fast overall and 1.37x as fast on string-unpack-code.
-        No change on the v8 suite.
-
-        * kjs/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt): Don't convert numbers to strings just to
-        convert them back to numbers.
-
-2008-09-14  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 20816: op_lesseq should be optimized
-        <https://bugs.webkit.org/show_bug.cgi?id=20816>
-
-        Add a loop_if_lesseq opcode that is similar to the loop_if_less opcode.
-
-        This is a 9.4% speedup on the V8 Crypto benchmark.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitJumpIfTrue):
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_loop_if_lesseq):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-
-2008-09-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Cleanup Sampling code.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitCall):
-        (JSC::CTI::privateCompileMainPass):
-        * VM/CTI.h:
-        (JSC::CTI::execute):
-        * VM/SamplingTool.cpp:
-        (JSC::):
-        (JSC::SamplingTool::run):
-        (JSC::SamplingTool::dump):
-        * VM/SamplingTool.h:
-        (JSC::SamplingTool::callingHostFunction):
-
-2008-09-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 20821: Cache property transitions to speed up object initialization
-        https://bugs.webkit.org/show_bug.cgi?id=20821
-
-        Implement a transition cache to improve the performance of new properties
-        being added to objects.  This is extremely beneficial in constructors and
-        shows up as a 34% improvement on access-binary-trees in SunSpider (0.8%
-        overall)
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::):
-        (JSC::transitionWillNeedStorageRealloc):
-        (JSC::CTI::privateCompilePutByIdTransition):
-        * VM/CTI.h:
-        (JSC::CTI::compilePutByIdTransition):
-        * VM/CodeBlock.cpp:
-        (JSC::printPutByIdOp):
-        (JSC::CodeBlock::printStructureIDs):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructureIDs):
-        (JSC::CodeBlock::refStructureIDs):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::emitPutById):
-        * VM/Machine.cpp:
-        (JSC::cachePrototypeChain):
-        (JSC::Machine::tryCachePutByID):
-        (JSC::Machine::tryCacheGetByID):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::tryCTICachePutByID):
-        (JSC::Machine::tryCTICacheGetByID):
-        * VM/Machine.h:
-        * VM/Opcode.h:
-        * kjs/JSObject.h:
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::transitionTo):
-        * kjs/PutPropertySlot.h:
-        (JSC::PutPropertySlot::PutPropertySlot):
-        (JSC::PutPropertySlot::wasTransition):
-        (JSC::PutPropertySlot::setWasTransition):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::transitionTo):
-        (JSC::StructureIDChain::StructureIDChain):
-        * kjs/StructureID.h:
-        (JSC::StructureID::previousID):
-        (JSC::StructureID::setCachedPrototypeChain):
-        (JSC::StructureID::cachedPrototypeChain):
-        (JSC::StructureID::propertyMap):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::addl_i8m):
-        (JSC::X86Assembler::subl_i8m):
-
-2008-09-12  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20819: JSValue::isObject() is slow
-        <https://bugs.webkit.org/show_bug.cgi?id=20819>
-
-        Optimize JSCell::isObject() and JSCell::isString() by making them
-        non-virtual calls that rely on the StructureID type information.
-
-        This is a 0.7% speedup on SunSpider and a 1.0% speedup on the V8
-        benchmark suite.
-
-        * JavaScriptCore.exp:
-        * kjs/JSCell.cpp:
-        * kjs/JSCell.h:
-        (JSC::JSCell::isObject):
-        (JSC::JSCell::isString):
-        * kjs/JSObject.cpp:
-        * kjs/JSObject.h:
-        * kjs/JSString.cpp:
-        * kjs/JSString.h:
-        (JSC::JSString::JSString):
-        * kjs/StructureID.h:
-        (JSC::StructureID::type):
-
-2008-09-11  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Turn off PGO Optimization on CTI.cpp -> <rdar://problem/6207709>.  Fixes
-        crash on CNN and on Dromaeo.
-        Fix Missing close tag in vcproj. 
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2008-09-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Not reviewed.
-
-        Correct an SVN problem with the last commit and actually add the new
-        files.
-
-        * wrec/CharacterClassConstructor.cpp: Added.
-        (JSC::):
-        (JSC::getCharacterClassNewline):
-        (JSC::getCharacterClassDigits):
-        (JSC::getCharacterClassSpaces):
-        (JSC::getCharacterClassWordchar):
-        (JSC::getCharacterClassNondigits):
-        (JSC::getCharacterClassNonspaces):
-        (JSC::getCharacterClassNonwordchar):
-        (JSC::CharacterClassConstructor::addSorted):
-        (JSC::CharacterClassConstructor::addSortedRange):
-        (JSC::CharacterClassConstructor::put):
-        (JSC::CharacterClassConstructor::flush):
-        (JSC::CharacterClassConstructor::append):
-        * wrec/CharacterClassConstructor.h: Added.
-        (JSC::CharacterClassConstructor::CharacterClassConstructor):
-        (JSC::CharacterClassConstructor::isUpsideDown):
-        (JSC::CharacterClassConstructor::charClass):
-
-2008-09-11  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20788: Split CharacterClassConstructor into its own file
-        <https://bugs.webkit.org/show_bug.cgi?id=20788>
-
-        Split CharacterClassConstructor into its own file and clean up some
-        style issues.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wrec/CharacterClassConstructor.cpp: Added.
-        (JSC::):
-        (JSC::getCharacterClassNewline):
-        (JSC::getCharacterClassDigits):
-        (JSC::getCharacterClassSpaces):
-        (JSC::getCharacterClassWordchar):
-        (JSC::getCharacterClassNondigits):
-        (JSC::getCharacterClassNonspaces):
-        (JSC::getCharacterClassNonwordchar):
-        (JSC::CharacterClassConstructor::addSorted):
-        (JSC::CharacterClassConstructor::addSortedRange):
-        (JSC::CharacterClassConstructor::put):
-        (JSC::CharacterClassConstructor::flush):
-        (JSC::CharacterClassConstructor::append):
-        * wrec/CharacterClassConstructor.h: Added.
-        (JSC::CharacterClassConstructor::CharacterClassConstructor):
-        (JSC::CharacterClassConstructor::isUpsideDown):
-        (JSC::CharacterClassConstructor::charClass):
-        * wrec/WREC.cpp:
-        (JSC::WRECParser::parseCharacterClass):
-
-2008-09-10  Simon Hausmann  <hausmann@webkit.org>
-
-        Not reviewed but trivial one-liner for yet unused macro.
-
-        Changed PLATFORM(WINCE) to PLATFORM(WIN_CE) as requested by Mark.
-
-        (part of https://bugs.webkit.org/show_bug.cgi?id=20746)
-
-        * wtf/Platform.h:
-
-2008-09-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Fix a typo by renaming the overloaded orl_rr that takes an immediate to
-        orl_i32r.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::orl_i32r):
-        * wrec/WREC.cpp:
-        (JSC::WRECGenerator::generatePatternCharacter):
-        (JSC::WRECGenerator::generateCharacterClassInverted):
-
-2008-09-10  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Add inline property storage for JSObject.
-
-        1.2% progression on Sunspider. .5% progression on the v8 test suite.
-
-        * JavaScriptCore.exp:
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::mark): There is no reason to check storageSize now that
-        we start from 0.
-        (JSC::JSObject::allocatePropertyStorage): Allocates/reallocates heap storage.
-        * kjs/JSObject.h:
-        (JSC::JSObject::offsetForLocation): m_propertyStorage is not an OwnArrayPtr
-        now so there is no reason to .get()
-        (JSC::JSObject::usingInlineStorage):
-        (JSC::JSObject::JSObject): Start with m_propertyStorage pointing to the
-        inline storage.
-        (JSC::JSObject::~JSObject): Free the heap storage if not using the inline
-        storage.
-        (JSC::JSObject::putDirect): Switch to the heap storage only when we know
-        we know that we are about to add a property that will overflow the inline
-        storage.
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::createTable): Don't allocate the propertyStorage, that is
-        now handled by JSObject.
-        (JSC::PropertyMap::rehash): PropertyStorage is not a OwnArrayPtr anymore.
-        * kjs/PropertyMap.h:
-        (JSC::PropertyMap::storageSize): Rename from markingCount.
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::addPropertyTransition): Don't resize the property storage
-        if we are using inline storage.
-        * kjs/StructureID.h:
-
-2008-09-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Inline immediate number version of op_mul.
-
-        Renamed mull_rr to imull_rr as that's what it's 
-        actually doing, and added imull_i32r for the constant
-        case immediate multiply.
-
-        1.1% improvement to SunSpider.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::imull_rr):
-        (JSC::X86Assembler::imull_i32r):
-
-2008-09-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Not reviewed.
-
-        Mac build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-09-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add optimised access to known properties on the global object.
-
-        Improve cross scope access to the global object by emitting
-        code to access it directly rather than by walking the scope chain.
-
-        This is a 0.8% win in SunSpider and a 1.7% win in the v8 benchmarks.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::emitGetVariableObjectRegister):
-        (JSC::CTI::emitPutVariableObjectRegister):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (JSC::CodeGenerator::findScopedProperty):
-        (JSC::CodeGenerator::emitResolve):
-        (JSC::CodeGenerator::emitGetScopedVar):
-        (JSC::CodeGenerator::emitPutScopedVar):
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (JSC::Machine::privateExecute):
-        * VM/Opcode.h:
-        * kjs/nodes.cpp:
-        (JSC::FunctionCallResolveNode::emitCode):
-        (JSC::PostfixResolveNode::emitCode):
-        (JSC::PrefixResolveNode::emitCode):
-        (JSC::ReadModifyResolveNode::emitCode):
-        (JSC::AssignResolveNode::emitCode):
-
-2008-09-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver.
-        
-        - enable polymorphic inline caching of properties of primitives
-        
-        1.012x speedup on SunSpider.
-
-        We create special structure IDs for JSString and
-        JSNumberCell. Unlike normal structure IDs, these cannot hold the
-        true prototype. Due to JS autoboxing semantics, the prototype used
-        when looking up string or number properties depends on the lexical
-        global object of the call site, not the creation site. Thus we
-        enable StructureIDs to handle this quirk for primitives.
-        
-        Everything else should be straightforward.
-        
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        * VM/CTI.h:
-        (JSC::CTI::compileGetByIdProto):
-        (JSC::CTI::compileGetByIdChain):
-        * VM/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        * VM/Machine.cpp:
-        (JSC::Machine::Machine):
-        (JSC::cachePrototypeChain):
-        (JSC::Machine::tryCachePutByID):
-        (JSC::Machine::tryCacheGetByID):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::tryCTICachePutByID):
-        (JSC::Machine::tryCTICacheGetByID):
-        * kjs/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        * kjs/JSCell.h:
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.h:
-        (JSC::StructureID::prototypeForLookup):
-        * kjs/JSNumberCell.h:
-        (JSC::JSNumberCell::JSNumberCell):
-        (JSC::jsNumberCell):
-        * kjs/JSObject.h:
-        (JSC::JSObject::prototype):
-        * kjs/JSString.cpp:
-        (JSC::jsString):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString):
-        * kjs/JSString.h:
-        (JSC::JSString::JSString):
-        (JSC::JSString::):
-        (JSC::jsSingleCharacterString):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsNontrivialString):
-        * kjs/SmallStrings.cpp:
-        (JSC::SmallStrings::createEmptyString):
-        (JSC::SmallStrings::createSingleCharacterString):
-        * kjs/StructureID.cpp:
-        (JSC::StructureID::StructureID):
-        (JSC::StructureID::addPropertyTransition):
-        (JSC::StructureID::getterSetterTransition):
-        (JSC::StructureIDChain::StructureIDChain):
-        * kjs/StructureID.h:
-        (JSC::StructureID::create):
-        (JSC::StructureID::storedPrototype):
-
-2008-09-09  Joerg Bornemann  <joerg.bornemann@trolltech.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20746
-
-        Added WINCE platform macro.
-
-        * wtf/Platform.h:
-
-2008-09-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Remove unnecessary override of getOffset.
-
-        Sunspider reports this as a .6% progression.
-
-        * JavaScriptCore.exp:
-        * kjs/JSObject.h:
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::getOwnPropertySlotForWrite):
-        (JSC::JSObject::putDirect):
-        * kjs/PropertyMap.cpp:
-        * kjs/PropertyMap.h:
-
-2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20759: Remove MacroAssembler
-        <https://bugs.webkit.org/show_bug.cgi?id=20759>
-
-        Remove MacroAssembler and move its functionality to X86Assembler.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::emitPutArg):
-        (JSC::CTI::emitPutCTIParam):
-        (JSC::CTI::emitGetCTIParam):
-        (JSC::CTI::emitPutToCallFrameHeader):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::emitPutResult):
-        (JSC::CTI::emitDebugExceptionCheck):
-        (JSC::CTI::emitJumpSlowCaseIfNotImm):
-        (JSC::CTI::emitJumpSlowCaseIfNotImms):
-        (JSC::CTI::emitFastArithDeTagImmediate):
-        (JSC::CTI::emitFastArithReTagImmediate):
-        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
-        (JSC::CTI::emitFastArithImmToInt):
-        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
-        (JSC::CTI::emitFastArithIntToImmNoCheck):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateArrayLengthTrampoline):
-        (JSC::CTI::privateStringLengthTrampoline):
-        (JSC::CTI::compileRegExp):
-        * VM/CTI.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::JmpTable::JmpTable):
-        (JSC::SlowCaseEntry::SlowCaseEntry):
-        (JSC::CTI::JSRInfo::JSRInfo):
-        * masm/MacroAssembler.h: Removed.
-        * masm/MacroAssemblerWin.cpp: Removed.
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::emitConvertToFastCall):
-        (JSC::X86Assembler::emitRestoreArgumentReference):
-        * wrec/WREC.h:
-        (JSC::WRECGenerator::WRECGenerator):
-        (JSC::WRECParser::WRECParser):
-
-2008-09-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Don't waste the first item in the PropertyStorage.
-
-        - Fix typo (makingCount -> markingCount)
-        - Remove undefined method declaration.
-
-        No change on Sunspider.
-
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::mark):
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::put):
-        (JSC::PropertyMap::remove):
-        (JSC::PropertyMap::getOffset):
-        (JSC::PropertyMap::insert):
-        (JSC::PropertyMap::rehash):
-        (JSC::PropertyMap::resizePropertyStorage):
-        (JSC::PropertyMap::checkConsistency):
-        * kjs/PropertyMap.h:
-        (JSC::PropertyMap::markingCount): Fix typo.
-
-2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Not reviewed.
-
-        Speculative Windows build fix.
-
-        * masm/MacroAssemblerWin.cpp:
-        (JSC::MacroAssembler::emitConvertToFastCall):
-        (JSC::MacroAssembler::emitRestoreArgumentReference):
-
-2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20755: Create an X86 namespace for register names and other things
-        <https://bugs.webkit.org/show_bug.cgi?id=20755>
-
-        Create an X86 namespace to put X86 register names. Perhaps I will move
-        opcode names here later as well.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::emitPutArg):
-        (JSC::CTI::emitPutArgConstant):
-        (JSC::CTI::emitPutCTIParam):
-        (JSC::CTI::emitGetCTIParam):
-        (JSC::CTI::emitPutToCallFrameHeader):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::emitPutResult):
-        (JSC::CTI::emitDebugExceptionCheck):
-        (JSC::CTI::emitJumpSlowCaseIfNotImms):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateArrayLengthTrampoline):
-        (JSC::CTI::privateStringLengthTrampoline):
-        (JSC::CTI::compileRegExp):
-        * VM/CTI.h:
-        * masm/X86Assembler.h:
-        (JSC::X86::):
-        (JSC::X86Assembler::emitModRm_rm):
-        (JSC::X86Assembler::emitModRm_rm_Unchecked):
-        (JSC::X86Assembler::emitModRm_rmsib):
-        * wrec/WREC.cpp:
-        (JSC::WRECGenerator::generateNonGreedyQuantifier):
-        (JSC::WRECGenerator::generateGreedyQuantifier):
-        (JSC::WRECGenerator::generateParentheses):
-        (JSC::WRECGenerator::generateBackreference):
-        (JSC::WRECGenerator::gernerateDisjunction):
-        * wrec/WREC.h:
-
-2008-09-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove unnecessary friend declaration.
-
-        * kjs/PropertyMap.h:
-
-2008-09-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Replace uses of PropertyMap::get and PropertyMap::getLocation with
-        PropertyMap::getOffset.
-
-        Sunspider reports this as a .6% improvement.
-
-        * JavaScriptCore.exp:
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::getPropertyAttributes):
-        * kjs/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::locationForOffset):
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMap::remove):
-        (JSC::PropertyMap::getOffset):
-        * kjs/PropertyMap.h:
-
-2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Sam Weinig.
-
-        Bug 20754: Remove emit prefix from assembler opcode methods
-        <https://bugs.webkit.org/show_bug.cgi?id=20754>
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitGetArg):
-        (JSC::CTI::emitGetPutArg):
-        (JSC::CTI::emitPutArg):
-        (JSC::CTI::emitPutArgConstant):
-        (JSC::CTI::emitPutCTIParam):
-        (JSC::CTI::emitGetCTIParam):
-        (JSC::CTI::emitPutToCallFrameHeader):
-        (JSC::CTI::emitGetFromCallFrameHeader):
-        (JSC::CTI::emitPutResult):
-        (JSC::CTI::emitDebugExceptionCheck):
-        (JSC::CTI::emitCall):
-        (JSC::CTI::emitJumpSlowCaseIfNotImm):
-        (JSC::CTI::emitJumpSlowCaseIfNotImms):
-        (JSC::CTI::emitFastArithDeTagImmediate):
-        (JSC::CTI::emitFastArithReTagImmediate):
-        (JSC::CTI::emitFastArithPotentiallyReTagImmediate):
-        (JSC::CTI::emitFastArithImmToInt):
-        (JSC::CTI::emitFastArithIntToImmOrSlowCase):
-        (JSC::CTI::emitFastArithIntToImmNoCheck):
-        (JSC::CTI::compileOpCall):
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        (JSC::CTI::privateCompile):
-        (JSC::CTI::privateCompileGetByIdSelf):
-        (JSC::CTI::privateCompileGetByIdProto):
-        (JSC::CTI::privateCompileGetByIdChain):
-        (JSC::CTI::privateCompilePutByIdReplace):
-        (JSC::CTI::privateArrayLengthTrampoline):
-        (JSC::CTI::privateStringLengthTrampoline):
-        (JSC::CTI::compileRegExp):
-        * masm/MacroAssemblerWin.cpp:
-        (JSC::MacroAssembler::emitConvertToFastCall):
-        (JSC::MacroAssembler::emitRestoreArgumentReference):
-        * masm/X86Assembler.h:
-        (JSC::X86Assembler::pushl_r):
-        (JSC::X86Assembler::pushl_m):
-        (JSC::X86Assembler::popl_r):
-        (JSC::X86Assembler::popl_m):
-        (JSC::X86Assembler::movl_rr):
-        (JSC::X86Assembler::addl_rr):
-        (JSC::X86Assembler::addl_i8r):
-        (JSC::X86Assembler::addl_i32r):
-        (JSC::X86Assembler::addl_mr):
-        (JSC::X86Assembler::andl_rr):
-        (JSC::X86Assembler::andl_i32r):
-        (JSC::X86Assembler::cmpl_i8r):
-        (JSC::X86Assembler::cmpl_rr):
-        (JSC::X86Assembler::cmpl_rm):
-        (JSC::X86Assembler::cmpl_i32r):
-        (JSC::X86Assembler::cmpl_i32m):
-        (JSC::X86Assembler::cmpw_rm):
-        (JSC::X86Assembler::orl_rr):
-        (JSC::X86Assembler::subl_rr):
-        (JSC::X86Assembler::subl_i8r):
-        (JSC::X86Assembler::subl_i32r):
-        (JSC::X86Assembler::subl_mr):
-        (JSC::X86Assembler::testl_i32r):
-        (JSC::X86Assembler::testl_rr):
-        (JSC::X86Assembler::xorl_i8r):
-        (JSC::X86Assembler::xorl_rr):
-        (JSC::X86Assembler::sarl_i8r):
-        (JSC::X86Assembler::sarl_CLr):
-        (JSC::X86Assembler::shl_i8r):
-        (JSC::X86Assembler::shll_CLr):
-        (JSC::X86Assembler::mull_rr):
-        (JSC::X86Assembler::idivl_r):
-        (JSC::X86Assembler::cdq):
-        (JSC::X86Assembler::movl_mr):
-        (JSC::X86Assembler::movzwl_mr):
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::movl_i32r):
-        (JSC::X86Assembler::movl_i32m):
-        (JSC::X86Assembler::leal_mr):
-        (JSC::X86Assembler::ret):
-        (JSC::X86Assembler::jmp_r):
-        (JSC::X86Assembler::jmp_m):
-        (JSC::X86Assembler::call_r):
-        * wrec/WREC.cpp:
-        (JSC::WRECGenerator::generateBacktrack1):
-        (JSC::WRECGenerator::generateBacktrackBackreference):
-        (JSC::WRECGenerator::generateBackreferenceQuantifier):
-        (JSC::WRECGenerator::generateNonGreedyQuantifier):
-        (JSC::WRECGenerator::generateGreedyQuantifier):
-        (JSC::WRECGenerator::generatePatternCharacter):
-        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
-        (JSC::WRECGenerator::generateCharacterClassInverted):
-        (JSC::WRECGenerator::generateCharacterClass):
-        (JSC::WRECGenerator::generateParentheses):
-        (JSC::WRECGenerator::gererateParenthesesResetTrampoline):
-        (JSC::WRECGenerator::generateAssertionBOL):
-        (JSC::WRECGenerator::generateAssertionEOL):
-        (JSC::WRECGenerator::generateAssertionWordBoundary):
-        (JSC::WRECGenerator::generateBackreference):
-        (JSC::WRECGenerator::gernerateDisjunction):
-
-2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Clean up the WREC code some more.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::compileRegExp):
-        * wrec/WREC.cpp:
-        (JSC::getCharacterClassNewline):
-        (JSC::getCharacterClassDigits):
-        (JSC::getCharacterClassSpaces):
-        (JSC::getCharacterClassWordchar):
-        (JSC::getCharacterClassNondigits):
-        (JSC::getCharacterClassNonspaces):
-        (JSC::getCharacterClassNonwordchar):
-        (JSC::WRECGenerator::generateBacktrack1):
-        (JSC::WRECGenerator::generateBacktrackBackreference):
-        (JSC::WRECGenerator::generateBackreferenceQuantifier):
-        (JSC::WRECGenerator::generateNonGreedyQuantifier):
-        (JSC::WRECGenerator::generateGreedyQuantifier):
-        (JSC::WRECGenerator::generatePatternCharacter):
-        (JSC::WRECGenerator::generateCharacterClassInvertedRange):
-        (JSC::WRECGenerator::generateCharacterClassInverted):
-        (JSC::WRECGenerator::generateCharacterClass):
-        (JSC::WRECGenerator::generateParentheses):
-        (JSC::WRECGenerator::gererateParenthesesResetTrampoline):
-        (JSC::WRECGenerator::generateAssertionBOL):
-        (JSC::WRECGenerator::generateAssertionEOL):
-        (JSC::WRECGenerator::generateAssertionWordBoundary):
-        (JSC::WRECGenerator::generateBackreference):
-        (JSC::WRECGenerator::gernerateDisjunction):
-        (JSC::WRECParser::parseCharacterClass):
-        (JSC::WRECParser::parseEscape):
-        (JSC::WRECParser::parseTerm):
-        * wrec/WREC.h:
-
-2008-09-09  Mark Rowe  <mrowe@apple.com>
-
-        Build fix, rubber-stamped by Anders Carlsson.
-
-        Silence spurious build warnings about missing format attributes on functions in Assertions.cpp.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-09-09  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Fix builds using the "debug" variant.
-
-        This reverts r36130 and tweaks Identifier to export the same symbols for Debug
-        and Release configurations.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * DerivedSources.make:
-        * JavaScriptCore.Debug.exp: Removed.
-        * JavaScriptCore.base.exp: Removed.
-        * JavaScriptCore.exp: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/identifier.cpp:
-        (JSC::Identifier::addSlowCase): #ifdef the call to checkSameIdentifierTable so that
-        there is no overhead in Release builds.
-        (JSC::Identifier::checkSameIdentifierTable): Add empty functions for Release builds.
-        * kjs/identifier.h:
-        (JSC::Identifier::add): #ifdef the calls to checkSameIdentifierTable so that there is
-        no overhead in Release builds, and remove the inline definitions of checkSameIdentifierTable.
-
-2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Clean up WREC a bit to bring it closer to our coding style guidelines.
-
-        * wrec/WREC.cpp:
-        (JSC::):
-        (JSC::getCharacterClass_newline):
-        (JSC::getCharacterClass_d):
-        (JSC::getCharacterClass_s):
-        (JSC::getCharacterClass_w):
-        (JSC::getCharacterClass_D):
-        (JSC::getCharacterClass_S):
-        (JSC::getCharacterClass_W):
-        (JSC::CharacterClassConstructor::append):
-        (JSC::WRECGenerator::generateNonGreedyQuantifier):
-        (JSC::WRECGenerator::generateGreedyQuantifier):
-        (JSC::WRECGenerator::generateCharacterClassInverted):
-        (JSC::WRECParser::parseQuantifier):
-        (JSC::WRECParser::parsePatternCharacterQualifier):
-        (JSC::WRECParser::parseCharacterClassQuantifier):
-        (JSC::WRECParser::parseBackreferenceQuantifier):
-        * wrec/WREC.h:
-        (JSC::Quantifier::):
-        (JSC::Quantifier::Quantifier):
-
-2008-09-09  Jungshik Shin  <jungshik.shin@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Try MIME charset names before trying IANA names 
-        ( https://bugs.webkit.org/show_bug.cgi?id=17537 )
-
-        * wtf/StringExtras.h: (strcasecmp): Added.
-
-2008-09-09  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Mark Rowe.
-
-        Bug 20719: REGRESSION (r36135-36244): Hangs, then crashes after several seconds
-        <https://bugs.webkit.org/show_bug.cgi?id=20719>
-        <rdar://problem/6205787>
-
-        Fix a typo in the case-insensitive matching of character patterns.
-
-        * wrec/WREC.cpp:
-        (JSC::WRECGenerator::generatePatternCharacter):
-
-2008-09-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        - allow polymorphic inline cache to handle Math object functions and possibly other similar things
-        
-        1.012x speedup on SunSpider.
-
-        * kjs/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertySlot):
-        * kjs/lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * kjs/lookup.h:
-        (JSC::getStaticPropertySlot):
-
-2008-09-08  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak and Oliver Hunt.
-
-        Split storage of properties out of the PropertyMap and into the JSObject
-        to allow sharing PropertyMap on the StructureID.  In order to get this
-        function correctly, the StructureID's transition mappings were changed to
-        transition based on property name and attribute pairs, instead of just
-        property name.
-
-        - Removes the single property optimization now that the PropertyMap is shared.
-          This will be replaced by in-lining some values on the JSObject.
-
-        This is a wash on Sunspider and a 6.7% win on the v8 test suite.
-
-        * JavaScriptCore.base.exp:
-        * VM/CTI.cpp:
-        (JSC::CTI::privateCompileGetByIdSelf): Get the storage directly off the JSObject.
-        (JSC::CTI::privateCompileGetByIdProto): Ditto.
-        (JSC::CTI::privateCompileGetByIdChain): Ditto.
-        (JSC::CTI::privateCompilePutByIdReplace): Ditto.
-        * kjs/JSObject.cpp:
-        (JSC::JSObject::mark): Mark the PropertyStorage.
-        (JSC::JSObject::put): Update to get the propertyMap of the StructureID.
-        (JSC::JSObject::deleteProperty): Ditto.
-        (JSC::JSObject::defineGetter): Return early if the property is already a getter/setter.
-        (JSC::JSObject::defineSetter): Ditto.
-        (JSC::JSObject::getPropertyAttributes): Update to get the propertyMap of the StructureID
-        (JSC::JSObject::getPropertyNames): Ditto.
-        (JSC::JSObject::removeDirect): Ditto.
-        * kjs/JSObject.h: Remove PropertyMap and add PropertyStorage.
-        (JSC::JSObject::propertyStorage): return the PropertyStorage.
-        (JSC::JSObject::getDirect): Update to get the propertyMap of the StructureID.
-        (JSC::JSObject::getDirectLocation): Ditto.
-        (JSC::JSObject::offsetForLocation): Compute location directly.
-        (JSC::JSObject::hasCustomProperties): Update to get the propertyMap of the StructureID.
-        (JSC::JSObject::hasGetterSetterProperties): Ditto.
-        (JSC::JSObject::getDirectOffset): Get by indexing into PropertyStorage.
-        (JSC::JSObject::putDirectOffset): Put by indexing into PropertyStorage.
-        (JSC::JSObject::getOwnPropertySlotForWrite): Update to get the propertyMap of the StructureID.
-        (JSC::JSObject::getOwnPropertySlot): Ditto.
-        (JSC::JSObject::putDirect): Move putting into the StructureID unless the property already exists.
-        * kjs/PropertyMap.cpp: Use the propertyStorage as the storage for the JSValues.
-        (JSC::PropertyMap::checkConsistency): 
-        (JSC::PropertyMap::operator=):
-        (JSC::PropertyMap::~PropertyMap):
-        (JSC::PropertyMap::get):
-        (JSC::PropertyMap::getLocation):
-        (JSC::PropertyMap::put):
-        (JSC::PropertyMap::getOffset):
-        (JSC::PropertyMap::insert):
-        (JSC::PropertyMap::expand):
-        (JSC::PropertyMap::rehash):
-        (JSC::PropertyMap::createTable):
-        (JSC::PropertyMap::resizePropertyStorage): Resize the storage to match the size of the map
-        (JSC::PropertyMap::remove):
-        (JSC::PropertyMap::getEnumerablePropertyNames):
-        * kjs/PropertyMap.h: 
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        (JSC::PropertyMap::isEmpty):
-        (JSC::PropertyMap::size):
-        (JSC::PropertyMap::makingCount):
-        (JSC::PropertyMap::PropertyMap):
-
-        * kjs/StructureID.cpp: 
-        (JSC::StructureID::addPropertyTransition): Transitions now are based off the property name
-        and attributes. 
-        (JSC::StructureID::toDictionaryTransition): Copy the map.
-        (JSC::StructureID::changePrototypeTransition): Copy the map.
-        (JSC::StructureID::getterSetterTransition): Copy the map.
-        (JSC::StructureID::~StructureID): 
-        * kjs/StructureID.h:
-        (JSC::TransitionTableHash::hash): Custom hash for transition map.
-        (JSC::TransitionTableHash::equal): Ditto.
-        (JSC::TransitionTableHashTraits::emptyValue): Custom traits for transition map
-        (JSC::TransitionTableHashTraits::constructDeletedValue): Ditto.
-        (JSC::TransitionTableHashTraits::isDeletedValue): Ditto.
-        (JSC::StructureID::propertyMap): Added.
-
-2008-09-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Bug 20694: Slow Script error pops up when running Dromaeo tests
-
-        Correct error in timeout logic where execution tick count would
-        be reset to incorrect value due to incorrect offset and indirection.
-        Codegen for the slow script dialog was factored out into a separate
-        method (emitSlowScriptCheck) rather than having multiple copies of
-        the same code.  Also added calls to generate slow script checks
-        for loop_if_less and loop_if_true opcodes.
-
-        * VM/CTI.cpp:
-        (JSC::CTI::emitSlowScriptCheck):
-        (JSC::CTI::privateCompileMainPass):
-        (JSC::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-
-2008-09-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Remove references to the removed WRECompiler class.
-
-        * VM/Machine.h:
-        * wrec/WREC.h:
-
-2008-09-08  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Mark Rowe.
-
-        Fix the build with CTI enabled but WREC disabled.
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-
-2008-09-08  Dan Bernstein  <mitz@apple.com>
-
-        - build fix
-
-        * kjs/nodes.h:
-        (JSC::StatementNode::):
-        (JSC::BlockNode::):
-
-2008-09-08  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff.
-
-       <rdar://problem/6134407> Breakpoints in for loops, while loops or
-       conditions without curly braces don't break. (19306)
-       -Statement Lists already emit debug hooks but conditionals without
-       brackets are not lists.
-
-        * kjs/nodes.cpp:
-        (KJS::IfNode::emitCode):
-        (KJS::IfElseNode::emitCode):
-        (KJS::DoWhileNode::emitCode):
-        (KJS::WhileNode::emitCode):
-        (KJS::ForNode::emitCode):
-        (KJS::ForInNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::StatementNode::):
-        (KJS::BlockNode::):
-
-2008-09-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Anders Carlsson.
-        
-        - Cache the code generated for eval to speed up SunSpider and web sites
-        https://bugs.webkit.org/show_bug.cgi?id=20718
-        
-        1.052x on SunSpider
-        2.29x on date-format-tofte
-        
-        Lots of real sites seem to get many hits on this cache as well,
-        including GMail, Google Spreadsheets, Slate and Digg (the last of
-        these gets over 100 hits on initial page load).
-
-        * VM/CodeBlock.h:
-        (JSC::EvalCodeCache::get):
-        * VM/Machine.cpp:
-        (JSC::Machine::callEval):
-        (JSC::Machine::privateExecute):
-        (JSC::Machine::cti_op_call_eval):
-        * VM/Machine.h:
-
-2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 20711: Change KJS prefix on preprocessor macros to JSC
-        <https://bugs.webkit.org/show_bug.cgi?id=20711>
-
-        * kjs/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        * kjs/CommonIdentifiers.h:
-        * kjs/PropertySlot.h:
-        (JSC::PropertySlot::getValue):
-        (JSC::PropertySlot::putValue):
-        (JSC::PropertySlot::setValueSlot):
-        (JSC::PropertySlot::setValue):
-        (JSC::PropertySlot::setRegisterSlot):
-        * kjs/lookup.h:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        (JSC::Node::):
-        (JSC::ExpressionNode::):
-        (JSC::StatementNode::):
-        (JSC::NullNode::):
-        (JSC::BooleanNode::):
-        (JSC::NumberNode::):
-        (JSC::ImmediateNumberNode::):
-        (JSC::StringNode::):
-        (JSC::RegExpNode::):
-        (JSC::ThisNode::):
-        (JSC::ResolveNode::):
-        (JSC::ElementNode::):
-        (JSC::ArrayNode::):
-        (JSC::PropertyNode::):
-        (JSC::PropertyListNode::):
-        (JSC::ObjectLiteralNode::):
-        (JSC::BracketAccessorNode::):
-        (JSC::DotAccessorNode::):
-        (JSC::ArgumentListNode::):
-        (JSC::ArgumentsNode::):
-        (JSC::NewExprNode::):
-        (JSC::EvalFunctionCallNode::):
-        (JSC::FunctionCallValueNode::):
-        (JSC::FunctionCallResolveNode::):
-        (JSC::FunctionCallBracketNode::):
-        (JSC::FunctionCallDotNode::):
-        (JSC::PrePostResolveNode::):
-        (JSC::PostfixResolveNode::):
-        (JSC::PostfixBracketNode::):
-        (JSC::PostfixDotNode::):
-        (JSC::PostfixErrorNode::):
-        (JSC::DeleteResolveNode::):
-        (JSC::DeleteBracketNode::):
-        (JSC::DeleteDotNode::):
-        (JSC::DeleteValueNode::):
-        (JSC::VoidNode::):
-        (JSC::TypeOfResolveNode::):
-        (JSC::TypeOfValueNode::):
-        (JSC::PrefixResolveNode::):
-        (JSC::PrefixBracketNode::):
-        (JSC::PrefixDotNode::):
-        (JSC::PrefixErrorNode::):
-        (JSC::UnaryPlusNode::):
-        (JSC::NegateNode::):
-        (JSC::BitwiseNotNode::):
-        (JSC::LogicalNotNode::):
-        (JSC::MultNode::):
-        (JSC::DivNode::):
-        (JSC::ModNode::):
-        (JSC::AddNode::):
-        (JSC::SubNode::):
-        (JSC::LeftShiftNode::):
-        (JSC::RightShiftNode::):
-        (JSC::UnsignedRightShiftNode::):
-        (JSC::LessNode::):
-        (JSC::GreaterNode::):
-        (JSC::LessEqNode::):
-        (JSC::GreaterEqNode::):
-        (JSC::ThrowableBinaryOpNode::):
-        (JSC::InstanceOfNode::):
-        (JSC::InNode::):
-        (JSC::EqualNode::):
-        (JSC::NotEqualNode::):
-        (JSC::StrictEqualNode::):
-        (JSC::NotStrictEqualNode::):
-        (JSC::BitAndNode::):
-        (JSC::BitOrNode::):
-        (JSC::BitXOrNode::):
-        (JSC::LogicalOpNode::):
-        (JSC::ConditionalNode::):
-        (JSC::ReadModifyResolveNode::):
-        (JSC::AssignResolveNode::):
-        (JSC::ReadModifyBracketNode::):
-        (JSC::AssignBracketNode::):
-        (JSC::AssignDotNode::):
-        (JSC::ReadModifyDotNode::):
-        (JSC::AssignErrorNode::):
-        (JSC::CommaNode::):
-        (JSC::VarDeclCommaNode::):
-        (JSC::ConstDeclNode::):
-        (JSC::ConstStatementNode::):
-        (JSC::EmptyStatementNode::):
-        (JSC::DebuggerStatementNode::):
-        (JSC::ExprStatementNode::):
-        (JSC::VarStatementNode::):
-        (JSC::IfNode::):
-        (JSC::IfElseNode::):
-        (JSC::DoWhileNode::):
-        (JSC::WhileNode::):
-        (JSC::ForNode::):
-        (JSC::ContinueNode::):
-        (JSC::BreakNode::):
-        (JSC::ReturnNode::):
-        (JSC::WithNode::):
-        (JSC::LabelNode::):
-        (JSC::ThrowNode::):
-        (JSC::TryNode::):
-        (JSC::ParameterNode::):
-        (JSC::ScopeNode::):
-        (JSC::ProgramNode::):
-        (JSC::EvalNode::):
-        (JSC::FunctionBodyNode::):
-        (JSC::FuncExprNode::):
-        (JSC::FuncDeclNode::):
-        (JSC::CaseClauseNode::):
-        (JSC::ClauseListNode::):
-        (JSC::CaseBlockNode::):
-        (JSC::SwitchNode::):
-
-2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20704: Replace the KJS namespace
-        <https://bugs.webkit.org/show_bug.cgi?id=20704>
-
-        Rename the KJS namespace to JSC. There are still some uses of KJS in
-        preprocessor macros and comments, but these will also be changed some
-        time in the near future.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        (toGlobalRef):
-        * API/JSBase.cpp:
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.cpp:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::staticValues):
-        (OpaqueJSClass::staticFunctions):
-        * API/JSClassRef.h:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSProfilerPrivate.cpp:
-        * API/JSStringRef.cpp:
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        * API/OpaqueJSString.cpp:
-        * API/OpaqueJSString.h:
-        * JavaScriptCore.Debug.exp:
-        * JavaScriptCore.base.exp:
-        * VM/CTI.cpp:
-        (JSC::):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        * VM/CodeGenerator.h:
-        * VM/ExceptionHelpers.cpp:
-        * VM/ExceptionHelpers.h:
-        * VM/Instruction.h:
-        * VM/JSPropertyNameIterator.cpp:
-        * VM/JSPropertyNameIterator.h:
-        * VM/LabelID.h:
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * VM/Opcode.cpp:
-        * VM/Opcode.h:
-        * VM/Register.h:
-        (WTF::):
-        * VM/RegisterFile.cpp:
-        * VM/RegisterFile.h:
-        * VM/RegisterID.h:
-        (WTF::):
-        * VM/SamplingTool.cpp:
-        * VM/SamplingTool.h:
-        * VM/SegmentedVector.h:
-        * kjs/ArgList.cpp:
-        * kjs/ArgList.h:
-        * kjs/Arguments.cpp:
-        * kjs/Arguments.h:
-        * kjs/ArrayConstructor.cpp:
-        * kjs/ArrayConstructor.h:
-        * kjs/ArrayPrototype.cpp:
-        * kjs/ArrayPrototype.h:
-        * kjs/BatchedTransitionOptimizer.h:
-        * kjs/BooleanConstructor.cpp:
-        * kjs/BooleanConstructor.h:
-        * kjs/BooleanObject.cpp:
-        * kjs/BooleanObject.h:
-        * kjs/BooleanPrototype.cpp:
-        * kjs/BooleanPrototype.h:
-        * kjs/CallData.cpp:
-        * kjs/CallData.h:
-        * kjs/ClassInfo.h:
-        * kjs/CommonIdentifiers.cpp:
-        * kjs/CommonIdentifiers.h:
-        * kjs/ConstructData.cpp:
-        * kjs/ConstructData.h:
-        * kjs/DateConstructor.cpp:
-        * kjs/DateConstructor.h:
-        * kjs/DateInstance.cpp:
-        (JSC::DateInstance::msToGregorianDateTime):
-        * kjs/DateInstance.h:
-        * kjs/DateMath.cpp:
-        * kjs/DateMath.h:
-        * kjs/DatePrototype.cpp:
-        * kjs/DatePrototype.h:
-        * kjs/DebuggerCallFrame.cpp:
-        * kjs/DebuggerCallFrame.h:
-        * kjs/Error.cpp:
-        * kjs/Error.h:
-        * kjs/ErrorConstructor.cpp:
-        * kjs/ErrorConstructor.h:
-        * kjs/ErrorInstance.cpp:
-        * kjs/ErrorInstance.h:
-        * kjs/ErrorPrototype.cpp:
-        * kjs/ErrorPrototype.h:
-        * kjs/ExecState.cpp:
-        * kjs/ExecState.h:
-        * kjs/FunctionConstructor.cpp:
-        * kjs/FunctionConstructor.h:
-        * kjs/FunctionPrototype.cpp:
-        * kjs/FunctionPrototype.h:
-        * kjs/GetterSetter.cpp:
-        * kjs/GetterSetter.h:
-        * kjs/GlobalEvalFunction.cpp:
-        * kjs/GlobalEvalFunction.h:
-        * kjs/IndexToNameMap.cpp:
-        * kjs/IndexToNameMap.h:
-        * kjs/InitializeThreading.cpp:
-        * kjs/InitializeThreading.h:
-        * kjs/InternalFunction.cpp:
-        * kjs/InternalFunction.h:
-        (JSC::InternalFunction::InternalFunction):
-        * kjs/JSActivation.cpp:
-        * kjs/JSActivation.h:
-        * kjs/JSArray.cpp:
-        * kjs/JSArray.h:
-        * kjs/JSCell.cpp:
-        * kjs/JSCell.h:
-        * kjs/JSFunction.cpp:
-        * kjs/JSFunction.h:
-        (JSC::JSFunction::JSFunction):
-        * kjs/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.cpp:
-        * kjs/JSGlobalObject.h:
-        * kjs/JSGlobalObjectFunctions.cpp:
-        * kjs/JSGlobalObjectFunctions.h:
-        * kjs/JSImmediate.cpp:
-        * kjs/JSImmediate.h:
-        * kjs/JSLock.cpp:
-        * kjs/JSLock.h:
-        * kjs/JSNotAnObject.cpp:
-        * kjs/JSNotAnObject.h:
-        * kjs/JSNumberCell.cpp:
-        * kjs/JSNumberCell.h:
-        * kjs/JSObject.cpp:
-        * kjs/JSObject.h:
-        * kjs/JSStaticScopeObject.cpp:
-        * kjs/JSStaticScopeObject.h:
-        * kjs/JSString.cpp:
-        * kjs/JSString.h:
-        * kjs/JSType.h:
-        * kjs/JSValue.cpp:
-        * kjs/JSValue.h:
-        * kjs/JSVariableObject.cpp:
-        * kjs/JSVariableObject.h:
-        * kjs/JSWrapperObject.cpp:
-        * kjs/JSWrapperObject.h:
-        * kjs/LabelStack.cpp:
-        * kjs/LabelStack.h:
-        * kjs/MathObject.cpp:
-        * kjs/MathObject.h:
-        * kjs/NativeErrorConstructor.cpp:
-        * kjs/NativeErrorConstructor.h:
-        * kjs/NativeErrorPrototype.cpp:
-        * kjs/NativeErrorPrototype.h:
-        * kjs/NodeInfo.h:
-        * kjs/NumberConstructor.cpp:
-        * kjs/NumberConstructor.h:
-        * kjs/NumberObject.cpp:
-        * kjs/NumberObject.h:
-        * kjs/NumberPrototype.cpp:
-        * kjs/NumberPrototype.h:
-        * kjs/ObjectConstructor.cpp:
-        * kjs/ObjectConstructor.h:
-        * kjs/ObjectPrototype.cpp:
-        * kjs/ObjectPrototype.h:
-        * kjs/Parser.cpp:
-        * kjs/Parser.h:
-        * kjs/PropertyMap.cpp:
-        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
-        * kjs/PropertyMap.h:
-        * kjs/PropertyNameArray.cpp:
-        * kjs/PropertyNameArray.h:
-        * kjs/PropertySlot.cpp:
-        * kjs/PropertySlot.h:
-        * kjs/PrototypeFunction.cpp:
-        * kjs/PrototypeFunction.h:
-        * kjs/PutPropertySlot.h:
-        * kjs/RegExpConstructor.cpp:
-        * kjs/RegExpConstructor.h:
-        * kjs/RegExpObject.cpp:
-        * kjs/RegExpObject.h:
-        * kjs/RegExpPrototype.cpp:
-        * kjs/RegExpPrototype.h:
-        * kjs/ScopeChain.cpp:
-        * kjs/ScopeChain.h:
-        * kjs/ScopeChainMark.h:
-        * kjs/Shell.cpp:
-        (jscmain):
-        * kjs/SmallStrings.cpp:
-        * kjs/SmallStrings.h:
-        * kjs/SourceProvider.h:
-        * kjs/SourceRange.h:
-        * kjs/StringConstructor.cpp:
-        * kjs/StringConstructor.h:
-        * kjs/StringObject.cpp:
-        * kjs/StringObject.h:
-        * kjs/StringObjectThatMasqueradesAsUndefined.h:
-        * kjs/StringPrototype.cpp:
-        * kjs/StringPrototype.h:
-        * kjs/StructureID.cpp:
-        * kjs/StructureID.h:
-        * kjs/SymbolTable.h:
-        * kjs/collector.cpp:
-        * kjs/collector.h:
-        * kjs/completion.h:
-        * kjs/create_hash_table:
-        * kjs/debugger.cpp:
-        * kjs/debugger.h:
-        * kjs/dtoa.cpp:
-        * kjs/dtoa.h:
-        * kjs/grammar.y:
-        * kjs/identifier.cpp:
-        * kjs/identifier.h:
-        (JSC::Identifier::equal):
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-        * kjs/lexer.cpp:
-        (JSC::Lexer::Lexer):
-        (JSC::Lexer::clear):
-        (JSC::Lexer::makeIdentifier):
-        * kjs/lexer.h:
-        * kjs/lookup.cpp:
-        * kjs/lookup.h:
-        * kjs/nodes.cpp:
-        * kjs/nodes.h:
-        * kjs/nodes2string.cpp:
-        * kjs/operations.cpp:
-        * kjs/operations.h:
-        * kjs/protect.h:
-        * kjs/regexp.cpp:
-        * kjs/regexp.h:
-        * kjs/ustring.cpp:
-        * kjs/ustring.h:
-        (JSC::operator!=):
-        (JSC::IdentifierRepHash::hash):
-        (WTF::):
-        * masm/MacroAssembler.h:
-        * masm/MacroAssemblerWin.cpp:
-        * masm/X86Assembler.h:
-        * pcre/pcre_exec.cpp:
-        * profiler/CallIdentifier.h:
-        (WTF::):
-        * profiler/HeavyProfile.cpp:
-        * profiler/HeavyProfile.h:
-        * profiler/Profile.cpp:
-        * profiler/Profile.h:
-        * profiler/ProfileGenerator.cpp:
-        * profiler/ProfileGenerator.h:
-        * profiler/ProfileNode.cpp:
-        * profiler/ProfileNode.h:
-        * profiler/Profiler.cpp:
-        * profiler/Profiler.h:
-        * profiler/TreeProfile.cpp:
-        * profiler/TreeProfile.h:
-        * wrec/WREC.cpp:
-        * wrec/WREC.h:
-        * wtf/AVLTree.h:
-
-2008-09-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dan Bernstein.
-        
-        - rename IA32MacroAssembler class to X86Assembler
-        
-        We otherwise call the platform X86, and also, I don't see any macros.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * masm/IA32MacroAsm.h: Removed.
-        * masm/MacroAssembler.h:
-        (KJS::MacroAssembler::MacroAssembler):
-        * masm/MacroAssemblerWin.cpp:
-        (KJS::MacroAssembler::emitRestoreArgumentReference):
-        * masm/X86Assembler.h: Copied from masm/IA32MacroAsm.h.
-        (KJS::X86Assembler::X86Assembler):
-        * wrec/WREC.cpp:
-        (KJS::WRECGenerator::generateNonGreedyQuantifier):
-        (KJS::WRECGenerator::generateGreedyQuantifier):
-        (KJS::WRECGenerator::generateParentheses):
-        (KJS::WRECGenerator::generateBackreference):
-        (KJS::WRECGenerator::gernerateDisjunction):
-        * wrec/WREC.h:
-
-2008-09-07  Cameron Zwarich  <cwzwarich@webkit.org>
-
-        Not reviewed.
-
-        Visual C++ seems to have some odd casting rules, so just convert the
-        offending cast back to a C-style cast for now.
-
-        * kjs/collector.cpp:
-        (KJS::otherThreadStackPointer):
-
-2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Mark Rowe.
-
-        Attempt to fix the Windows build by using a const_cast to cast regs.Esp
-        to a uintptr_t instead of a reinterpret_cast.
-
-        * kjs/collector.cpp:
-        (KJS::otherThreadStackPointer):
-
-2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Sam Weinig.
-
-        Remove C-style casts from kjs/collector.cpp.
-
-        * kjs/collector.cpp:
-        (KJS::Heap::heapAllocate):
-        (KJS::currentThreadStackBase):
-        (KJS::Heap::markConservatively):
-        (KJS::otherThreadStackPointer):
-        (KJS::Heap::markOtherThreadConservatively):
-        (KJS::Heap::sweep):
-
-2008-09-07  Mark Rowe  <mrowe@apple.com>
-
-        Build fix for the debug variant.
-
-        * DerivedSources.make: Also use the .Debug.exp exports file when building the debug variant.
-
-2008-09-07  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Timothy Hatcher.
-
-        Remove C-style casts from the CTI code.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitGetArg):
-        (KJS::CTI::emitGetPutArg):
-        (KJS::ctiRepatchCallByReturnAddress):
-        (KJS::CTI::compileOpCall):
-        (KJS::CTI::privateCompileMainPass):
-        (KJS::CTI::privateCompileGetByIdSelf):
-        (KJS::CTI::privateCompileGetByIdProto):
-        (KJS::CTI::privateCompileGetByIdChain):
-        (KJS::CTI::privateCompilePutByIdReplace):
-        (KJS::CTI::privateArrayLengthTrampoline):
-        (KJS::CTI::privateStringLengthTrampoline):
-
-=== End merge of squirrelfish-extreme ===
-
-2008-09-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig. Adapted somewhat by Maciej Stachowiak.
-        
-        - refactor WREC to share more of the JIT infrastructure with CTI
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitGetArg):
-        (KJS::CTI::emitGetPutArg):
-        (KJS::CTI::emitPutArg):
-        (KJS::CTI::emitPutArgConstant):
-        (KJS::CTI::emitPutCTIParam):
-        (KJS::CTI::emitGetCTIParam):
-        (KJS::CTI::emitPutToCallFrameHeader):
-        (KJS::CTI::emitGetFromCallFrameHeader):
-        (KJS::CTI::emitPutResult):
-        (KJS::CTI::emitDebugExceptionCheck):
-        (KJS::CTI::emitJumpSlowCaseIfNotImm):
-        (KJS::CTI::emitJumpSlowCaseIfNotImms):
-        (KJS::CTI::emitFastArithDeTagImmediate):
-        (KJS::CTI::emitFastArithReTagImmediate):
-        (KJS::CTI::emitFastArithPotentiallyReTagImmediate):
-        (KJS::CTI::emitFastArithImmToInt):
-        (KJS::CTI::emitFastArithIntToImmOrSlowCase):
-        (KJS::CTI::emitFastArithIntToImmNoCheck):
-        (KJS::CTI::CTI):
-        (KJS::CTI::compileOpCall):
-        (KJS::CTI::privateCompileMainPass):
-        (KJS::CTI::privateCompileSlowCases):
-        (KJS::CTI::privateCompile):
-        (KJS::CTI::privateCompileGetByIdSelf):
-        (KJS::CTI::privateCompileGetByIdProto):
-        (KJS::CTI::privateCompileGetByIdChain):
-        (KJS::CTI::privateCompilePutByIdReplace):
-        (KJS::CTI::privateArrayLengthTrampoline):
-        (KJS::CTI::privateStringLengthTrampoline):
-        (KJS::CTI::compileRegExp):
-        * VM/CTI.h:
-        (KJS::CallRecord::CallRecord):
-        (KJS::JmpTable::JmpTable):
-        (KJS::SlowCaseEntry::SlowCaseEntry):
-        (KJS::CTI::JSRInfo::JSRInfo):
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        * wrec/WREC.cpp:
-        (KJS::GenerateParenthesesNonGreedyFunctor::GenerateParenthesesNonGreedyFunctor):
-        (KJS::GeneratePatternCharacterFunctor::generateAtom):
-        (KJS::GeneratePatternCharacterFunctor::backtrack):
-        (KJS::GenerateCharacterClassFunctor::generateAtom):
-        (KJS::GenerateCharacterClassFunctor::backtrack):
-        (KJS::GenerateBackreferenceFunctor::generateAtom):
-        (KJS::GenerateBackreferenceFunctor::backtrack):
-        (KJS::GenerateParenthesesNonGreedyFunctor::generateAtom):
-        (KJS::GenerateParenthesesNonGreedyFunctor::backtrack):
-        (KJS::WRECGenerate::generateBacktrack1):
-        (KJS::WRECGenerate::generateBacktrackBackreference):
-        (KJS::WRECGenerate::generateBackreferenceQuantifier):
-        (KJS::WRECGenerate::generateNonGreedyQuantifier):
-        (KJS::WRECGenerate::generateGreedyQuantifier):
-        (KJS::WRECGenerate::generatePatternCharacter):
-        (KJS::WRECGenerate::generateCharacterClassInvertedRange):
-        (KJS::WRECGenerate::generateCharacterClassInverted):
-        (KJS::WRECGenerate::generateCharacterClass):
-        (KJS::WRECGenerate::generateParentheses):
-        (KJS::WRECGenerate::generateParenthesesNonGreedy):
-        (KJS::WRECGenerate::gererateParenthesesResetTrampoline):
-        (KJS::WRECGenerate::generateAssertionBOL):
-        (KJS::WRECGenerate::generateAssertionEOL):
-        (KJS::WRECGenerate::generateAssertionWordBoundary):
-        (KJS::WRECGenerate::generateBackreference):
-        (KJS::WRECGenerate::gernerateDisjunction):
-        (KJS::WRECGenerate::terminateDisjunction):
-        (KJS::WRECParser::parseGreedyQuantifier):
-        (KJS::WRECParser::parseQuantifier):
-        (KJS::WRECParser::parsePatternCharacterQualifier):
-        (KJS::WRECParser::parseCharacterClassQuantifier):
-        (KJS::WRECParser::parseBackreferenceQuantifier):
-        (KJS::WRECParser::parseParentheses):
-        (KJS::WRECParser::parseCharacterClass):
-        (KJS::WRECParser::parseOctalEscape):
-        (KJS::WRECParser::parseEscape):
-        (KJS::WRECParser::parseTerm):
-        (KJS::WRECParser::parseDisjunction):
-        * wrec/WREC.h:
-        (KJS::WRECGenerate::WRECGenerate):
-        (KJS::WRECParser::):
-        (KJS::WRECParser::WRECParser):
-        (KJS::WRECParser::parseAlternative):
-        (KJS::WRECParser::isEndOfPattern):
-
-2008-09-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Fix the sampler build.
-
-        * VM/SamplingTool.h:
-
-2008-09-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Jump through the necessary hoops required to make MSVC cooperate with SFX
-
-        We now explicitly declare the calling convention on all cti_op_* cfunctions,
-        and return int instead of bool where appropriate (despite the cdecl calling
-        convention seems to state MSVC generates code that returns the result value
-        through ecx).  SFX behaves slightly differently under MSVC, specifically it
-        stores the base argument address for the cti_op_* functions in the first
-        argument, and then does the required stack manipulation through that pointer.
-        This is necessary as MSVC's optimisations assume they have complete control
-        of the stack, and periodically elide our stack manipulations, or move
-        values in unexpected ways.  MSVC also frequently produces tail calls which may
-        clobber the first argument, so the MSVC path is slightly less efficient due
-        to the need to restore it.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        (KJS::):
-        (KJS::CTI::compileOpCall):
-        (KJS::CTI::privateCompileMainPass):
-        (KJS::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * masm/MacroAssembler.h:
-        (KJS::MacroAssembler::emitConvertToFastCall):
-        * masm/MacroAssemblerIA32GCC.cpp: Removed.
-           For performance reasons we need these no-op functions to be inlined.
-
-        * masm/MacroAssemblerWin.cpp:
-        (KJS::MacroAssembler::emitRestoreArgumentReference):
-        * wtf/Platform.h:
-
-2008-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak, or maybe the other way around.
-        
-        Added the ability to coalesce JITCode buffer grow operations by first
-        growing the buffer and then executing unchecked puts to it.
-        
-        About a 2% speedup on date-format-tofte.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::compileOpCall):
-        * masm/IA32MacroAsm.h:
-        (KJS::JITCodeBuffer::ensureSpace):
-        (KJS::JITCodeBuffer::putByteUnchecked):
-        (KJS::JITCodeBuffer::putByte):
-        (KJS::JITCodeBuffer::putShortUnchecked):
-        (KJS::JITCodeBuffer::putShort):
-        (KJS::JITCodeBuffer::putIntUnchecked):
-        (KJS::JITCodeBuffer::putInt):
-        (KJS::IA32MacroAssembler::emitTestl_i32r):
-        (KJS::IA32MacroAssembler::emitMovl_mr):
-        (KJS::IA32MacroAssembler::emitMovl_rm):
-        (KJS::IA32MacroAssembler::emitMovl_i32m):
-        (KJS::IA32MacroAssembler::emitUnlinkedJe):
-        (KJS::IA32MacroAssembler::emitModRm_rr):
-        (KJS::IA32MacroAssembler::emitModRm_rr_Unchecked):
-        (KJS::IA32MacroAssembler::emitModRm_rm_Unchecked):
-        (KJS::IA32MacroAssembler::emitModRm_rm):
-        (KJS::IA32MacroAssembler::emitModRm_opr):
-        (KJS::IA32MacroAssembler::emitModRm_opr_Unchecked):
-        (KJS::IA32MacroAssembler::emitModRm_opm_Unchecked):
-
-2008-09-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Disable WREC and CTI on platforms that we have not yet had a chance to test with.
-
-        * wtf/Platform.h:
-
-2008-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Use jo instead of a mask compare when fetching array.length and
-        string.length. 4% speedup on array.length / string.length torture
-        test.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateArrayLengthTrampoline):
-        (KJS::CTI::privateStringLengthTrampoline):
-
-2008-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Removed a CTI compilation pass by recording labels during bytecode
-        generation. This is more to reduce complexity than it is to improve
-        performance.
-
-        SunSpider reports no change.
-
-        CodeBlock now keeps a "labels" set, which holds the offsets of all the
-        instructions that can be jumped to.
-
-        * VM/CTI.cpp: Nixed a pass.
-
-        * VM/CodeBlock.h: Added a "labels" set.
-
-        * VM/LabelID.h: No need for a special LableID for holding jump
-        destinations, since the CodeBlock now knows all jump destinations.
-
-        * wtf/HashTraits.h: New hash traits to accomodate putting offset 0 in
-        the set.
-
-        * kjs/nodes.cpp:
-        (KJS::TryNode::emitCode): Emit a dummy label to record sret targets.
-
-2008-09-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-
-        Move the JITCodeBuffer onto Machine and remove the static variables.
-
-        * VM/CTI.cpp: Initialize m_jit with the Machine's code buffer.
-        * VM/Machine.cpp:
-        (KJS::Machine::Machine): Allocate a JITCodeBuffer.
-        * VM/Machine.h:
-        * kjs/RegExpConstructor.cpp:
-        (KJS::constructRegExp): Pass the ExecState through.
-        * kjs/RegExpPrototype.cpp:
-        (KJS::regExpProtoFuncCompile): Ditto.
-        * kjs/StringPrototype.cpp:
-        (KJS::stringProtoFuncMatch): Ditto.
-        (KJS::stringProtoFuncSearch): Ditto.
-        * kjs/nodes.cpp:
-        (KJS::RegExpNode::emitCode): Compile the pattern at code generation time
-        so that we have access to an ExecState.
-        * kjs/nodes.h:
-        (KJS::RegExpNode::):
-        * kjs/nodes2string.cpp:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Pass the ExecState through.
-        (KJS::RegExp::create): Ditto.
-        * kjs/regexp.h:
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::IA32MacroAssembler): Reset the JITCodeBuffer when we are
-        constructed.
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::compile): Retrieve the JITCodeBuffer from the Machine.
-        * wrec/WREC.h:
-
-2008-09-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-
-        Fix the build when CTI is disabled.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::~CodeBlock):
-        * VM/CodeGenerator.cpp:
-        (KJS::prepareJumpTableForStringSwitch):
-        * VM/Machine.cpp:
-        (KJS::Machine::Machine):
-        (KJS::Machine::~Machine):
-
-2008-09-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Fix some windows abi issues.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompileMainPass):
-        (KJS::CTI::privateCompileSlowCases):
-        * VM/CTI.h:
-        (KJS::CallRecord::CallRecord):
-        (KJS::):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_resolve_func):
-        (KJS::Machine::cti_op_post_inc):
-        (KJS::Machine::cti_op_resolve_with_base):
-        (KJS::Machine::cti_op_post_dec):
-        * VM/Machine.h:
-
-2008-09-05  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix ecma/FunctionObjects/15.3.5.3.js after I broke it in r93.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_call_NotJSFunction): Restore m_callFrame to the correct value after making the native call.
-        (KJS::Machine::cti_op_construct_NotJSConstruct): Ditto.
-
-2008-09-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix fast/dom/Window/console-functions.html.
-
-        The call frame on the ExecState was not being updated on calls into native functions.  This meant that functions
-        such as console.log would use the line number of the last JS function on the call stack.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_call_NotJSFunction): Update the ExecState's call frame before making a native function call,
-        and restore it when the function is done.
-        (KJS::Machine::cti_op_construct_NotJSConstruct): Ditto.
-
-2008-09-05  Oliver Hunt  <oliver@apple.com>
-
-        Start bringing up SFX on windows.
-
-        Reviewed by Mark Rowe and Sam Weinig
-
-        Start doing the work to bring up SFX on windows.  Initially
-        just working on WREC, as it does not make any calls so reduces
-        the amount of code that needs to be corrected.
-        
-        Start abstracting the CTI JIT codegen engine.
-
-        * ChangeLog:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        * masm/IA32MacroAsm.h:
-        * masm/MacroAssembler.h: Added.
-        (KJS::MacroAssembler::MacroAssembler):
-        * masm/MacroAssemblerIA32GCC.cpp: Added.
-        (KJS::MacroAssembler::emitConvertToFastCall):
-        * masm/MacroAssemblerWin.cpp: Added.
-        (KJS::MacroAssembler::emitConvertToFastCall):
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::parseGreedyQuantifier):
-        (KJS::WRECompiler::parseCharacterClass):
-        (KJS::WRECompiler::parseEscape):
-        (KJS::WRECompiler::compilePattern):
-        * wrec/WREC.h:
-
-2008-09-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Support for slow scripts (timeout checking).
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompileMainPass):
-        (KJS::CTI::privateCompile):
-        * VM/Machine.cpp:
-        (KJS::slideRegisterWindowForCall):
-        (KJS::Machine::cti_timeout_check):
-        (KJS::Machine::cti_vm_throw):
-
-2008-09-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Third round of style cleanup.
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/CodeBlock.h:
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * kjs/ExecState.h:
-
-2008-09-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Jon Honeycutt.
-
-        Second round of style cleanup.
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * wrec/WREC.h:
-
-2008-09-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        First round of style cleanup.
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * masm/IA32MacroAsm.h:
-        * wrec/WREC.cpp:
-        * wrec/WREC.h:
-
-2008-09-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-        
-        Merged http://trac.webkit.org/changeset/36081 to work with CTI.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::tryCtiCacheGetByID):
-
-2008-09-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Enable profiling in CTI.
-
-        * VM/CTI.h:
-        (KJS::):
-        (KJS::CTI::execute):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_call_JSFunction):
-        (KJS::Machine::cti_op_call_NotJSFunction):
-        (KJS::Machine::cti_op_ret):
-        (KJS::Machine::cti_op_construct_JSConstruct):
-        (KJS::Machine::cti_op_construct_NotJSConstruct):
-
-2008-09-04  Victor Hernandez  <vhernandez@apple.com>
-
-        Reviewed by Geoffrey Garen.
-        
-        Fixed an #if to support using WREC without CTI.
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::match):
-
-2008-09-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        The array/string length trampolines are owned by the Machine, not the codeblock that compiled them.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateArrayLengthTrampoline):
-        (KJS::CTI::privateStringLengthTrampoline):
-        * VM/Machine.cpp:
-        (KJS::Machine::~Machine):
-        * VM/Machine.h:
-
-2008-09-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough and Sam Weinig.
-
-        Fix a crash on launch of jsc when GuardMalloc is enabled.
-
-        * kjs/ScopeChain.h:
-        (KJS::ScopeChain::ScopeChain): Initialize m_node to 0 when we have no valid scope chain.
-        (KJS::ScopeChain::~ScopeChain): Null-check m_node before calling deref.
-
-2008-09-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Fix inspector and fast array access so that it bounds
-        checks correctly.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass2_Main):
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::):
-        (KJS::IA32MacroAssembler::emitUnlinkedJb):
-        (KJS::IA32MacroAssembler::emitUnlinkedJbe):
-
-2008-09-03  Mark Rowe  <mrowe@apple.com>
-
-        Move the assertion after the InitializeAndReturn block, as
-        that is used even when CTI is enabled.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-09-03  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Replace calls to exit with ASSERT_WITH_MESSAGE or ASSERT_NOT_REACHED.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        (KJS::Machine::cti_vm_throw):
-
-2008-09-03  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Tweak JavaScriptCore to compile on non-x86 platforms.  This is achieved
-        by wrapping more code with ENABLE(CTI), ENABLE(WREC), and PLATFORM(X86)
-        #if's.
-
-        * VM/CTI.cpp:
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::printStructureIDs): Use %td as the format specifier for
-        printing a ptrdiff_t.
-        * VM/Machine.cpp:
-        * VM/Machine.h:
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        (KJS::RegExp::~RegExp):
-        (KJS::RegExp::match):
-        * kjs/regexp.h:
-        * masm/IA32MacroAsm.h:
-        * wrec/WREC.cpp:
-        * wrec/WREC.h:
-        * wtf/Platform.h: Only enable CTI and WREC on x86.  Add an extra define to
-        track whether any MASM-using features are enabled.
-
-2008-09-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Copy Geoff's array/string length optimization for CTI.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateArrayLengthTrampoline):
-        (KJS::CTI::privateStringLengthTrampoline):
-        * VM/CTI.h:
-        (KJS::CTI::compileArrayLengthTrampoline):
-        (KJS::CTI::compileStringLengthTrampoline):
-        * VM/Machine.cpp:
-        (KJS::Machine::Machine):
-        (KJS::Machine::getCtiArrayLengthTrampoline):
-        (KJS::Machine::getCtiStringLengthTrampoline):
-        (KJS::Machine::tryCtiCacheGetByID):
-        (KJS::Machine::cti_op_get_by_id_second):
-        * VM/Machine.h:
-        * kjs/JSString.h:
-        * kjs/ustring.h:
-
-2008-09-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Implement fast array accesses in CTI - 2-3% progression on sunspider.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitFastArithIntToImmNoCheck):
-        (KJS::CTI::compileOpCall):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        * VM/CTI.h:
-        * kjs/JSArray.h:
-
-2008-09-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Enable fast property access support in CTI.
-
-        * VM/CTI.cpp:
-        (KJS::ctiSetReturnAddress):
-        (KJS::ctiRepatchCallByReturnAddress):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile):
-        (KJS::CTI::privateCompileGetByIdSelf):
-        (KJS::CTI::privateCompileGetByIdProto):
-        (KJS::CTI::privateCompileGetByIdChain):
-        (KJS::CTI::privateCompilePutByIdReplace):
-        * VM/CTI.h:
-        (KJS::CTI::compileGetByIdSelf):
-        (KJS::CTI::compileGetByIdProto):
-        (KJS::CTI::compileGetByIdChain):
-        (KJS::CTI::compilePutByIdReplace):
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::~CodeBlock):
-        * VM/CodeBlock.h:
-        * VM/Machine.cpp:
-        (KJS::doSetReturnAddressVmThrowTrampoline):
-        (KJS::Machine::tryCtiCachePutByID):
-        (KJS::Machine::tryCtiCacheGetByID):
-        (KJS::Machine::cti_op_put_by_id):
-        (KJS::Machine::cti_op_put_by_id_second):
-        (KJS::Machine::cti_op_put_by_id_generic):
-        (KJS::Machine::cti_op_put_by_id_fail):
-        (KJS::Machine::cti_op_get_by_id):
-        (KJS::Machine::cti_op_get_by_id_second):
-        (KJS::Machine::cti_op_get_by_id_generic):
-        (KJS::Machine::cti_op_get_by_id_fail):
-        (KJS::Machine::cti_op_throw):
-        (KJS::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * kjs/JSCell.h:
-        * kjs/JSObject.h:
-        * kjs/PropertyMap.h:
-        * kjs/StructureID.cpp:
-        (KJS::StructureIDChain::StructureIDChain):
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::emitCmpl_i32m):
-        (KJS::IA32MacroAssembler::emitMovl_mr):
-        (KJS::IA32MacroAssembler::emitMovl_rm):
-
-2008-09-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Mark Rowe.
-
-        A backslash (\) at the of a RegEx should produce an error.
-        Fixes fast/regex/test1.html.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::parseEscape):
-
-2008-09-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Link jumps for the slow case of op_loop_if_less.  Fixes acid3.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        Switch WREC on by default.
-
-        * wtf/Platform.h:
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix two failures in fast/regex/test1.html
-          - \- in a character class should be treated as a literal -
-          - A missing max quantifier needs to be treated differently than
-            a null max quantifier.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::generateNonGreedyQuantifier):
-        (KJS::WRECompiler::generateGreedyQuantifier):
-        (KJS::WRECompiler::parseCharacterClass):
-        * wrec/WREC.h:
-        (KJS::Quantifier::Quantifier):
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix crash in fast/js/kde/evil-n.html
-
-        * kjs/regexp.cpp: Always pass a non-null offset vector to the wrec function.
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Mark Rowe.
-
-        Add pattern length limit fixing one test in fast/js.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::compile):
-        * wrec/WREC.h:
-        (KJS::WRECompiler::):
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Mark Rowe.
-
-        Make octal escape parsing/back-reference parsing more closely match 
-        prior behavior fixing one test in fast/js.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::parseCharacterClass): 8 and 9 should be IdentityEscaped
-        (KJS::WRECompiler::parseEscape):
-        * wrec/WREC.h:
-        (KJS::WRECompiler::peekDigit):
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Mark Rowe.
-
-        Fix one mozilla test.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::generateCharacterClassInverted): Fix incorrect not
-        ascii upper check.
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Mark Rowe.
-
-        Parse octal escapes in character classes fixing one mozilla test.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::parseCharacterClass):
-        (KJS::WRECompiler::parseOctalEscape):
-        * wrec/WREC.h:
-        (KJS::WRECompiler::consumeOctal):
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fixes two mozilla tests with WREC enabled.
-
-        * wrec/WREC.cpp:
-        (KJS::CharacterClassConstructor::append): Keep the character class sorted
-        when appending another character class.
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Mark Rowe.
-
-        Fixes two mozilla tests with WREC enabled.
-
-        * wrec/WREC.cpp:
-        (KJS::CharacterClassConstructor::addSortedRange): Insert the range at the correct position
-        instead of appending it to the end.
-
-2008-09-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Move cross-compilation unit call into NEVER_INLINE function.
-
-        * VM/Machine.cpp:
-        (KJS::doSetReturnAddressVmThrowTrampoline):
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Fix one test in fast/js.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_construct_NotJSConstruct): Throw a createNotAConstructorError,
-        instead of a createNotAFunctionError.
-
-2008-08-31  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Zero-cost exception handling.  This patch takes the exception checking
-        back of the hot path.  When an exception occurs in a Machine::cti*
-        method, the return address to JIT code is recorded, and is then
-        overwritten with a pointer to a trampoline routine.  When the method
-        returns the trampoline will cause the cti_vm_throw method to be invoked.
-
-        cti_vm_throw uses the return address preserved above, to discover the
-        vPC of the bytecode that raised the exception (using a map build during
-        translation).  From the VPC of the faulting bytecode the vPC of a catch
-        routine may be discovered (unwinding the stack where necesary), and then
-        a bytecode address for the catch routine is looked up.  Final cti_vm_throw
-        overwrites its return address to JIT code again, to trampoline directly
-        to the catch routine.
-        
-        cti_op_throw is handled in a similar fashion.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitPutCTIParam):
-        (KJS::CTI::emitPutToCallFrameHeader):
-        (KJS::CTI::emitGetFromCallFrameHeader):
-        (KJS::ctiSetReturnAddressForArgs):
-        (KJS::CTI::emitDebugExceptionCheck):
-        (KJS::CTI::printOpcodeOperandTypes):
-        (KJS::CTI::emitCall):
-        (KJS::CTI::compileOpCall):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        (KJS::CallRecord::CallRecord):
-        (KJS::):
-        (KJS::CTI::execute):
-        * VM/CodeBlock.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        (KJS::Machine::cti_op_instanceof):
-        (KJS::Machine::cti_op_call_NotJSFunction):
-        (KJS::Machine::cti_op_resolve):
-        (KJS::Machine::cti_op_resolve_func):
-        (KJS::Machine::cti_op_resolve_skip):
-        (KJS::Machine::cti_op_resolve_with_base):
-        (KJS::Machine::cti_op_throw):
-        (KJS::Machine::cti_op_in):
-        (KJS::Machine::cti_vm_throw):
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::):
-        * kjs/ExecState.h:
-        (KJS::ExecState::setCtiReturnAddress):
-        (KJS::ExecState::ctiReturnAddress):
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::):
-        (KJS::IA32MacroAssembler::emitPushl_m):
-        (KJS::IA32MacroAssembler::emitPopl_m):
-        (KJS::IA32MacroAssembler::getRelocatedAddress):
-
-2008-08-31  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fall back to PCRE for any regexp containing parentheses until we correctly backtrack within them.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::parseParentheses):
-        * wrec/WREC.h:
-        (KJS::WRECompiler::):
-
-2008-08-31  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix several issues within ecma_3/RegExp/perlstress-001.js with WREC enabled.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::generateNonGreedyQuantifier): Compare with the maximum quantifier count rather than the minimum.
-        (KJS::WRECompiler::generateAssertionEOL): Do a register-to-register comparison rather than immediate-to-register.
-        (KJS::WRECompiler::parseCharacterClass): Pass through the correct inversion flag.
-
-2008-08-30  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Re-fix the six remaining failures in the Mozilla JavaScript tests in a manner that does not kill performance.
-        This shows up as a 0.6% progression on SunSpider on my machine.
-
-        Grow the JITCodeBuffer's underlying buffer when we run out of space rather than just bailing out.
-
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::~CodeBlock): Switch to using fastFree now that JITCodeBuffer::copy uses fastMalloc.
-        * kjs/regexp.cpp: Ditto.
-        * masm/IA32MacroAsm.h:
-        (KJS::JITCodeBuffer::growBuffer):
-        (KJS::JITCodeBuffer::JITCodeBuffer):
-        (KJS::JITCodeBuffer::~JITCodeBuffer):
-        (KJS::JITCodeBuffer::putByte):
-        (KJS::JITCodeBuffer::putShort):
-        (KJS::JITCodeBuffer::putInt):
-        (KJS::JITCodeBuffer::reset):
-        (KJS::JITCodeBuffer::copy):
-
-2008-08-29  Oliver Hunt  <oliver@apple.com>
-
-        RS=Maciej
-
-        Roll out previous patch as it causes a 5% performance regression
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp:
-        (KJS::getJCB):
-        (KJS::CTI::privateCompile):
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::~CodeBlock):
-        * masm/IA32MacroAsm.h:
-        (KJS::JITCodeBuffer::JITCodeBuffer):
-        (KJS::JITCodeBuffer::putByte):
-        (KJS::JITCodeBuffer::putShort):
-        (KJS::JITCodeBuffer::putInt):
-        (KJS::JITCodeBuffer::getEIP):
-        (KJS::JITCodeBuffer::start):
-        (KJS::JITCodeBuffer::getOffset):
-        (KJS::JITCodeBuffer::reset):
-        (KJS::JITCodeBuffer::copy):
-        (KJS::IA32MacroAssembler::emitModRm_rr):
-        (KJS::IA32MacroAssembler::emitModRm_rm):
-        (KJS::IA32MacroAssembler::emitModRm_rmsib):
-        (KJS::IA32MacroAssembler::IA32MacroAssembler):
-        (KJS::IA32MacroAssembler::emitInt3):
-        (KJS::IA32MacroAssembler::emitPushl_r):
-        (KJS::IA32MacroAssembler::emitPopl_r):
-        (KJS::IA32MacroAssembler::emitMovl_rr):
-        (KJS::IA32MacroAssembler::emitAddl_rr):
-        (KJS::IA32MacroAssembler::emitAddl_i8r):
-        (KJS::IA32MacroAssembler::emitAddl_i32r):
-        (KJS::IA32MacroAssembler::emitAddl_mr):
-        (KJS::IA32MacroAssembler::emitAndl_rr):
-        (KJS::IA32MacroAssembler::emitAndl_i32r):
-        (KJS::IA32MacroAssembler::emitCmpl_i8r):
-        (KJS::IA32MacroAssembler::emitCmpl_rr):
-        (KJS::IA32MacroAssembler::emitCmpl_rm):
-        (KJS::IA32MacroAssembler::emitCmpl_i32r):
-        (KJS::IA32MacroAssembler::emitCmpl_i32m):
-        (KJS::IA32MacroAssembler::emitCmpw_rm):
-        (KJS::IA32MacroAssembler::emitOrl_rr):
-        (KJS::IA32MacroAssembler::emitOrl_i8r):
-        (KJS::IA32MacroAssembler::emitSubl_rr):
-        (KJS::IA32MacroAssembler::emitSubl_i8r):
-        (KJS::IA32MacroAssembler::emitSubl_i32r):
-        (KJS::IA32MacroAssembler::emitSubl_mr):
-        (KJS::IA32MacroAssembler::emitTestl_i32r):
-        (KJS::IA32MacroAssembler::emitTestl_rr):
-        (KJS::IA32MacroAssembler::emitXorl_i8r):
-        (KJS::IA32MacroAssembler::emitXorl_rr):
-        (KJS::IA32MacroAssembler::emitSarl_i8r):
-        (KJS::IA32MacroAssembler::emitSarl_CLr):
-        (KJS::IA32MacroAssembler::emitShl_i8r):
-        (KJS::IA32MacroAssembler::emitShll_CLr):
-        (KJS::IA32MacroAssembler::emitMull_rr):
-        (KJS::IA32MacroAssembler::emitIdivl_r):
-        (KJS::IA32MacroAssembler::emitCdq):
-        (KJS::IA32MacroAssembler::emitMovl_mr):
-        (KJS::IA32MacroAssembler::emitMovzwl_mr):
-        (KJS::IA32MacroAssembler::emitMovl_rm):
-        (KJS::IA32MacroAssembler::emitMovl_i32r):
-        (KJS::IA32MacroAssembler::emitMovl_i32m):
-        (KJS::IA32MacroAssembler::emitLeal_mr):
-        (KJS::IA32MacroAssembler::emitRet):
-        (KJS::IA32MacroAssembler::emitJmpN_r):
-        (KJS::IA32MacroAssembler::emitJmpN_m):
-        (KJS::IA32MacroAssembler::emitCall):
-        (KJS::IA32MacroAssembler::label):
-        (KJS::IA32MacroAssembler::emitUnlinkedJmp):
-        (KJS::IA32MacroAssembler::emitUnlinkedJne):
-        (KJS::IA32MacroAssembler::emitUnlinkedJe):
-        (KJS::IA32MacroAssembler::emitUnlinkedJl):
-        (KJS::IA32MacroAssembler::emitUnlinkedJle):
-        (KJS::IA32MacroAssembler::emitUnlinkedJge):
-        (KJS::IA32MacroAssembler::emitUnlinkedJae):
-        (KJS::IA32MacroAssembler::emitUnlinkedJo):
-        (KJS::IA32MacroAssembler::link):
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::compilePattern):
-        (KJS::WRECompiler::compile):
-        * wrec/WREC.h:
-
-2008-08-29  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Have JITCodeBuffer manage a Vector containing the generated code so that it can grow
-        as needed when generating code for a large function.  This fixes all six remaining failures
-        in Mozilla tests in both debug and release builds.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile):
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::~CodeBlock):
-        * masm/IA32MacroAsm.h:
-        (KJS::JITCodeBuffer::putByte):
-        (KJS::JITCodeBuffer::putShort):
-        (KJS::JITCodeBuffer::putInt):
-        (KJS::JITCodeBuffer::getEIP):
-        (KJS::JITCodeBuffer::start):
-        (KJS::JITCodeBuffer::getOffset):
-        (KJS::JITCodeBuffer::getCode):
-        (KJS::IA32MacroAssembler::emitModRm_rr):
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::compilePattern):
-        * wrec/WREC.h:
-
-2008-08-29  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Implement parsing of octal escapes in regular expressions.  This fixes three Mozilla tests.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::parseOctalEscape):
-        (KJS::WRECompiler::parseEscape): Parse the escape sequence as an octal escape if it has a leading zero.
-        Add a FIXME about treating invalid backreferences as octal escapes in the future.
-        * wrec/WREC.h:
-        (KJS::WRECompiler::consumeNumber): Multiply by 10 rather than 0 so that we handle numbers with more than
-        one digit.
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIOctalDigit):
-
-2008-08-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Pass vPC to instanceof method.  Fixes 2 mozilla tests in debug.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_instanceof):
-
-2008-08-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Pass vPCs to resolve methods for correct exception creation.  Fixes
-        17 mozilla tests in debug.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_resolve):
-        (KJS::Machine::cti_op_resolve_func):
-        (KJS::Machine::cti_op_resolve_skip):
-        (KJS::Machine::cti_op_resolve_with_base):
-
-2008-08-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Remembering to actually throw the exception passed to op throw helps.
-        Regressions 19 -> 6.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_throw):
-        (KJS::Machine::cti_vm_throw):
-
-2008-08-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Support for exception unwinding the stack.
-        
-        Once upon a time, Sam asked me for a bettr ChangeLog entry.  The return address
-        is now preserved on entry to a JIT code function (if we preserve lazily we need
-        restore the native return address during exception stack unwind).  This takes
-        the number of regressions down from ~150 to 19.
-
-        * VM/CTI.cpp:
-        (KJS::getJCB):
-        (KJS::CTI::emitExceptionCheck):
-        (KJS::CTI::compileOpCall):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        (KJS::):
-        * VM/Machine.cpp:
-        (KJS::Machine::throwException):
-        (KJS::Machine::cti_op_call_JSFunction):
-        (KJS::Machine::cti_op_call_NotJSFunction):
-        (KJS::Machine::cti_op_construct_JSConstruct):
-        (KJS::Machine::cti_op_construct_NotJSConstruct):
-        (KJS::Machine::cti_op_throw):
-        (KJS::Machine::cti_vm_throw):
-
-2008-08-29  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix js1_2/regexp/word_boundary.js and four other Mozilla tests with WREC enabled.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::generateCharacterClassInvertedRange): If none of the exact matches
-        succeeded, jump to failure.
-        (KJS::WRECompiler::compilePattern): Restore and increment the current position stored
-        on the stack to ensure that it will be reset to the correct position after a failed
-        match has consumed input.
-
-2008-08-29  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix a hang in ecma_3/RegExp/15.10.2-1.js with WREC enabled.
-        A backreference with a quantifier would get stuck in an infinite
-        loop if the captured range was empty.
-
-        * wrec/WREC.cpp:
-        (KJS::WRECompiler::generateBackreferenceQuantifier): If the captured range
-        was empty, do not attempt to match the backreference.
-        (KJS::WRECompiler::parseBackreferenceQuantifier):
-        * wrec/WREC.h:
-        (KJS::Quantifier::):
-
-2008-08-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Implement op_debug.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::debug):
-        (KJS::Machine::privateExecute):
-        (KJS::Machine::cti_op_debug):
-        * VM/Machine.h:
-
-2008-08-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Implement op_switch_string fixing 1 mozilla test and one test in fast/js.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        (KJS::SwitchRecord::):
-        (KJS::SwitchRecord::SwitchRecord):
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeBlock.h:
-        (KJS::ExpressionRangeInfo::):
-        (KJS::StringJumpTable::offsetForValue):
-        (KJS::StringJumpTable::ctiForValue):
-        (KJS::SimpleJumpTable::add):
-        (KJS::SimpleJumpTable::ctiForValue):
-        * VM/CodeGenerator.cpp:
-        (KJS::prepareJumpTableForStringSwitch):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        (KJS::Machine::cti_op_switch_string):
-        * VM/Machine.h:
-
-2008-08-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Do not recurse on the machine stack when executing op_call.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitGetPutArg):
-        (KJS::CTI::emitPutArg):
-        (KJS::CTI::emitPutArgConstant):
-        (KJS::CTI::compileOpCall):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        (KJS::):
-        (KJS::CTI::compile):
-        (KJS::CTI::execute):
-        (KJS::CTI::):
-        * VM/Machine.cpp:
-        (KJS::Machine::Machine):
-        (KJS::Machine::execute):
-        (KJS::Machine::cti_op_call_JSFunction):
-        (KJS::Machine::cti_op_call_NotJSFunction):
-        (KJS::Machine::cti_op_ret):
-        (KJS::Machine::cti_op_construct_JSConstruct):
-        (KJS::Machine::cti_op_construct_NotJSConstruct):
-        (KJS::Machine::cti_op_call_eval):
-        * VM/Machine.h:
-        * VM/Register.h:
-        (KJS::Register::Register):
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::):
-        * kjs/InternalFunction.h:
-        (KJS::InternalFunction::InternalFunction):
-        * kjs/JSFunction.h:
-        (KJS::JSFunction::JSFunction):
-        * kjs/ScopeChain.h:
-        (KJS::ScopeChain::ScopeChain):
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::):
-        (KJS::IA32MacroAssembler::emitModRm_opm):
-        (KJS::IA32MacroAssembler::emitCmpl_i32m):
-        (KJS::IA32MacroAssembler::emitCallN_r):
-
-2008-08-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Exit instead of crashing in ctiUnsupported and ctiTimedOut.
-
-        * VM/Machine.cpp:
-        (KJS::ctiUnsupported):
-        (KJS::ctiTimedOut):
-
-2008-08-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Implement codegen for op_jsr and op_sret.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        (KJS::CTI::JSRInfo::JSRInfo):
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::emitJmpN_m):
-        (KJS::IA32MacroAssembler::linkAbsoluteAddress):
-
-2008-08-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Initial support for exceptions (throw / catch must occur in same CodeBlock).
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitExceptionCheck):
-        (KJS::CTI::emitCall):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::nativeExceptionCodeForHandlerVPC):
-        * VM/CodeBlock.h:
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitCatch):
-        * VM/Machine.cpp:
-        (KJS::Machine::throwException):
-        (KJS::Machine::privateExecute):
-        (KJS::ctiUnsupported):
-        (KJS::ctiTimedOut):
-        (KJS::Machine::cti_op_add):
-        (KJS::Machine::cti_op_pre_inc):
-        (KJS::Machine::cti_timeout_check):
-        (KJS::Machine::cti_op_loop_if_less):
-        (KJS::Machine::cti_op_put_by_id):
-        (KJS::Machine::cti_op_get_by_id):
-        (KJS::Machine::cti_op_instanceof):
-        (KJS::Machine::cti_op_del_by_id):
-        (KJS::Machine::cti_op_mul):
-        (KJS::Machine::cti_op_call):
-        (KJS::Machine::cti_op_resolve):
-        (KJS::Machine::cti_op_construct):
-        (KJS::Machine::cti_op_get_by_val):
-        (KJS::Machine::cti_op_resolve_func):
-        (KJS::Machine::cti_op_sub):
-        (KJS::Machine::cti_op_put_by_val):
-        (KJS::Machine::cti_op_lesseq):
-        (KJS::Machine::cti_op_loop_if_true):
-        (KJS::Machine::cti_op_negate):
-        (KJS::Machine::cti_op_resolve_skip):
-        (KJS::Machine::cti_op_div):
-        (KJS::Machine::cti_op_pre_dec):
-        (KJS::Machine::cti_op_jless):
-        (KJS::Machine::cti_op_not):
-        (KJS::Machine::cti_op_jtrue):
-        (KJS::Machine::cti_op_post_inc):
-        (KJS::Machine::cti_op_eq):
-        (KJS::Machine::cti_op_lshift):
-        (KJS::Machine::cti_op_bitand):
-        (KJS::Machine::cti_op_rshift):
-        (KJS::Machine::cti_op_bitnot):
-        (KJS::Machine::cti_op_resolve_with_base):
-        (KJS::Machine::cti_op_mod):
-        (KJS::Machine::cti_op_less):
-        (KJS::Machine::cti_op_neq):
-        (KJS::Machine::cti_op_post_dec):
-        (KJS::Machine::cti_op_urshift):
-        (KJS::Machine::cti_op_bitxor):
-        (KJS::Machine::cti_op_bitor):
-        (KJS::Machine::cti_op_call_eval):
-        (KJS::Machine::cti_op_throw):
-        (KJS::Machine::cti_op_push_scope):
-        (KJS::Machine::cti_op_stricteq):
-        (KJS::Machine::cti_op_nstricteq):
-        (KJS::Machine::cti_op_to_jsnumber):
-        (KJS::Machine::cti_op_in):
-        (KJS::Machine::cti_op_del_by_val):
-        (KJS::Machine::cti_vm_throw):
-        * VM/Machine.h:
-        * kjs/ExecState.h:
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::emitCmpl_i32m):
-
-2008-08-28  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Print debugging info to stderr so that run-webkit-tests can capture it.
-        This makes it easy to check whether test failures are due to unimplemented
-        op codes, missing support for exceptions, etc.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::printOpcodeOperandTypes):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        (KJS::CTI::privateCompile):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        (KJS::ctiException):
-        (KJS::ctiUnsupported):
-        (KJS::Machine::cti_op_call):
-        (KJS::Machine::cti_op_resolve):
-        (KJS::Machine::cti_op_construct):
-        (KJS::Machine::cti_op_get_by_val):
-        (KJS::Machine::cti_op_resolve_func):
-        (KJS::Machine::cti_op_resolve_skip):
-        (KJS::Machine::cti_op_resolve_with_base):
-        (KJS::Machine::cti_op_call_eval):
-
-2008-08-27  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough and Maciej Stachowiak.
-
-        Fix fast/js/bitwise-and-on-undefined.html.
-
-        A temporary value in the slow path of op_bitand was being stored in edx, but was
-        being clobbered by emitGetPutArg before we used it.  To fix this, emitGetPutArg
-        now takes a third argument that specifies the scratch register to use when loading
-        from memory.  This allows us to avoid clobbering the temporary in op_bitand.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitGetPutArg):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        * VM/CTI.h:
-
-2008-08-27  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Switch CTI on by default.
-
-        * wtf/Platform.h:
-
-2008-08-27  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix the build of the full WebKit stack.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Mark two new headers as private so they can be pulled in from WebCore.
-        * VM/CTI.h: Fix build issues that show up when compiled with GCC 4.2 as part of WebCore.
-        * wrec/WREC.h: Ditto.
-
-2008-08-27  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Implement op_new_error.  Does not fix any tests as it is always followed by the unimplemented op_throw.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_new_error):
-        * VM/Machine.h:
-
-2008-08-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Implement op_put_getter and op_put_setter.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_put_getter):
-        (KJS::Machine::cti_op_put_setter):
-        * VM/Machine.h:
-
-2008-08-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Implement op_del_by_val fixing 3 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_del_by_val):
-        * VM/Machine.h:
-
-2008-08-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Quick & dirty fix to get SamplingTool sampling op_call.
-
-        * VM/SamplingTool.h:
-        (KJS::SamplingTool::callingHostFunction):
-
-2008-08-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Fix op_put_by_index.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass2_Main): Use emitPutArgConstant instead of emitGetPutArg
-        for the property value.
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_put_by_index): Get the property value from the correct argument.
-
-2008-08-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Implement op_switch_imm in the CTI fixing 13 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_switch_imm):
-        * VM/Machine.h:
-
-2008-08-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Implement op_switch_char in CTI.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitCall):
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        (KJS::CallRecord::CallRecord):
-        (KJS::SwitchRecord::SwitchRecord):
-        * VM/CodeBlock.h:
-        (KJS::SimpleJumpTable::SimpleJumpTable::ctiForValue):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_switch_char):
-        * VM/Machine.h:
-        * masm/IA32MacroAsm.h:
-        (KJS::IA32MacroAssembler::):
-        (KJS::IA32MacroAssembler::emitJmpN_r):
-        (KJS::IA32MacroAssembler::getRelocatedAddress):
-        * wtf/Platform.h:
-
-2008-08-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Implement op_put_by_index to fix 1 mozilla test.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_put_by_index):
-        * VM/Machine.h:
-
-2008-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        More fixes from Geoff's review.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::emitGetArg):
-        (KJS::CTI::emitGetPutArg):
-        (KJS::CTI::emitPutArg):
-        (KJS::CTI::emitPutArgConstant):
-        (KJS::CTI::getConstantImmediateNumericArg):
-        (KJS::CTI::emitGetCTIParam):
-        (KJS::CTI::emitPutResult):
-        (KJS::CTI::emitCall):
-        (KJS::CTI::emitJumpSlowCaseIfNotImm):
-        (KJS::CTI::emitJumpSlowCaseIfNotImms):
-        (KJS::CTI::getDeTaggedConstantImmediate):
-        (KJS::CTI::emitFastArithDeTagImmediate):
-        (KJS::CTI::emitFastArithReTagImmediate):
-        (KJS::CTI::emitFastArithPotentiallyReTagImmediate):
-        (KJS::CTI::emitFastArithImmToInt):
-        (KJS::CTI::emitFastArithIntToImmOrSlowCase):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-
-2008-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Implement op_jmp_scopes to fix 2 Mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_push_new_scope): Update ExecState::m_scopeChain after calling ARG_setScopeChain.
-        (KJS::Machine::cti_op_jmp_scopes):
-        * VM/Machine.h:
-
-2008-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        WebKit Regular Expression Compiler. (set ENABLE_WREC = 1 in Platform.h).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/regexp.cpp:
-        * kjs/regexp.h:
-        * wrec: Added.
-        * wrec/WREC.cpp: Added.
-        * wrec/WREC.h: Added.
-        * wtf/Platform.h:
-
-2008-08-26  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Remove bogus assertion.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_del_by_id):
-
-2008-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Implement op_push_new_scope and stub out op_catch.  This fixes 11 Mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_push_new_scope):
-        (KJS::Machine::cti_op_catch):
-        * VM/Machine.h:
-
-2008-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Clean up op_resolve_base so that it shares its implementation with the bytecode interpreter.
-
-        * VM/Machine.cpp:
-        (KJS::inlineResolveBase):
-        (KJS::resolveBase):
-
-2008-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add codegen support for op_instanceof, fixing 15 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_instanceof):
-        (KJS::Machine::cti_op_del_by_id):
-        * VM/Machine.h:
-        * wtf/Platform.h:
-
-2008-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fixes for initial review comments.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::ctiCompileGetArg):
-        (KJS::CTI::ctiCompileGetPutArg):
-        (KJS::CTI::ctiCompilePutResult):
-        (KJS::CTI::ctiCompileCall):
-        (KJS::CTI::CTI):
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::printOpcodeOperandTypes):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h:
-        * VM/Register.h:
-        * kjs/JSValue.h:
-
-2008-08-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Fix up exception checking code.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_call):
-        (KJS::Machine::cti_op_resolve):
-        (KJS::Machine::cti_op_construct):
-        (KJS::Machine::cti_op_resolve_func):
-        (KJS::Machine::cti_op_resolve_skip):
-        (KJS::Machine::cti_op_resolve_with_base):
-        (KJS::Machine::cti_op_call_eval):
-
-2008-08-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix slowcase for op_post_inc and op_post_dec fixing 2 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-
-2008-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Implement op_in, fixing 8 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_in):
-        * VM/Machine.h:
-
-2008-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Don't hardcode the size of a Register for op_new_array.  Fixes a crash
-        seen during the Mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass2_Main):
-
-2008-08-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Add support for op_push_scope and op_pop_scope, fixing 20 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/CTI.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_push_scope):
-        (KJS::Machine::cti_op_pop_scope):
-        * VM/Machine.h:
-
-2008-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add codegen support for op_del_by_id, fixing 49 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-        * VM/Machine.cpp:
-        (KJS::Machine::cti_op_del_by_id):
-        * VM/Machine.h:
-
-2008-08-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Don't hardcode the size of a Register for op_get_scoped_var and op_put_scoped_var 
-        fixing 513 mozilla tests in debug build.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass2_Main):
-
-2008-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Added code generator support for op_loop, fixing around 60 mozilla tests.
-
-        * VM/CTI.cpp:
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::privateCompile_pass2_Main):
-
-2008-08-26  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Set -fomit-frame-pointer in the correct location.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-        
-        Inital cut of CTI, Geoff's review fixes to follow.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/CTI.cpp: Added.
-        (KJS::getJCB):
-        (KJS::CTI::ctiCompileGetArg):
-        (KJS::CTI::ctiCompileGetPutArg):
-        (KJS::CTI::ctiCompilePutArg):
-        (KJS::CTI::ctiCompilePutArgImm):
-        (KJS::CTI::ctiImmediateNumericArg):
-        (KJS::CTI::ctiCompileGetCTIParam):
-        (KJS::CTI::ctiCompilePutResult):
-        (KJS::CTI::ctiCompileCall):
-        (KJS::CTI::slowCaseIfNotImm):
-        (KJS::CTI::slowCaseIfNotImms):
-        (KJS::CTI::ctiFastArithDeTagConstImmediate):
-        (KJS::CTI::ctiFastArithDeTagImmediate):
-        (KJS::CTI::ctiFastArithReTagImmediate):
-        (KJS::CTI::ctiFastArithPotentiallyReTagImmediate):
-        (KJS::CTI::ctiFastArithImmToInt):
-        (KJS::CTI::ctiFastArithIntToImmOrSlowCase):
-        (KJS::CTI::CTI):
-        (KJS::CTI::privateCompile_pass1_Scan):
-        (KJS::CTI::ctiCompileAdd):
-        (KJS::CTI::ctiCompileAddImm):
-        (KJS::CTI::ctiCompileAddImmNotInt):
-        (KJS::CTI::TEMP_HACK_PRINT_TYPES):
-        (KJS::CTI::privateCompile_pass2_Main):
-        (KJS::CTI::privateCompile_pass3_Link):
-        (KJS::CTI::privateCompile_pass4_SlowCases):
-        (KJS::CTI::privateCompile):
-        * VM/CTI.h: Added.
-        (KJS::CTI2Result::CTI2Result):
-        (KJS::CallRecord::CallRecord):
-        (KJS::JmpTable::JmpTable):
-        (KJS::SlowCaseEntry::SlowCaseEntry):
-        (KJS::CTI::compile):
-        (KJS::CTI::LabelInfo::LabelInfo):
-        * VM/CodeBlock.h:
-        (KJS::CodeBlock::CodeBlock):
-        (KJS::CodeBlock::~CodeBlock):
-        * VM/Machine.cpp:
-        (KJS::Machine::execute):
-        (KJS::Machine::privateExecute):
-        (KJS::ctiException):
-        (KJS::ctiUnsupported):
-        (KJS::ctiTimedOut):
-        (KJS::Machine::cti_op_end):
-        (KJS::Machine::cti_op_add):
-        (KJS::Machine::cti_op_pre_inc):
-        (KJS::Machine::cti_timeout_check):
-        (KJS::Machine::cti_op_loop_if_less):
-        (KJS::Machine::cti_op_new_object):
-        (KJS::Machine::cti_op_put_by_id):
-        (KJS::Machine::cti_op_get_by_id):
-        (KJS::Machine::cti_op_mul):
-        (KJS::Machine::cti_op_new_func):
-        (KJS::Machine::cti_op_call):
-        (KJS::Machine::cti_op_ret):
-        (KJS::Machine::cti_op_new_array):
-        (KJS::Machine::cti_op_resolve):
-        (KJS::Machine::cti_op_construct):
-        (KJS::Machine::cti_op_get_by_val):
-        (KJS::Machine::cti_op_resolve_func):
-        (KJS::Machine::cti_op_sub):
-        (KJS::Machine::cti_op_put_by_val):
-        (KJS::Machine::cti_op_lesseq):
-        (KJS::Machine::cti_op_loop_if_true):
-        (KJS::Machine::cti_op_negate):
-        (KJS::Machine::cti_op_resolve_base):
-        (KJS::Machine::cti_op_resolve_skip):
-        (KJS::Machine::cti_op_div):
-        (KJS::Machine::cti_op_pre_dec):
-        (KJS::Machine::cti_op_jless):
-        (KJS::Machine::cti_op_not):
-        (KJS::Machine::cti_op_jtrue):
-        (KJS::Machine::cti_op_post_inc):
-        (KJS::Machine::cti_op_eq):
-        (KJS::Machine::cti_op_lshift):
-        (KJS::Machine::cti_op_bitand):
-        (KJS::Machine::cti_op_rshift):
-        (KJS::Machine::cti_op_bitnot):
-        (KJS::Machine::cti_op_resolve_with_base):
-        (KJS::Machine::cti_op_new_func_exp):
-        (KJS::Machine::cti_op_mod):
-        (KJS::Machine::cti_op_less):
-        (KJS::Machine::cti_op_neq):
-        (KJS::Machine::cti_op_post_dec):
-        (KJS::Machine::cti_op_urshift):
-        (KJS::Machine::cti_op_bitxor):
-        (KJS::Machine::cti_op_new_regexp):
-        (KJS::Machine::cti_op_bitor):
-        (KJS::Machine::cti_op_call_eval):
-        (KJS::Machine::cti_op_throw):
-        (KJS::Machine::cti_op_get_pnames):
-        (KJS::Machine::cti_op_next_pname):
-        (KJS::Machine::cti_op_typeof):
-        (KJS::Machine::cti_op_stricteq):
-        (KJS::Machine::cti_op_nstricteq):
-        (KJS::Machine::cti_op_to_jsnumber):
-        * VM/Machine.h:
-        * VM/Register.h:
-        (KJS::Register::jsValue):
-        (KJS::Register::getJSValue):
-        (KJS::Register::codeBlock):
-        (KJS::Register::scopeChain):
-        (KJS::Register::i):
-        (KJS::Register::r):
-        (KJS::Register::vPC):
-        (KJS::Register::jsPropertyNameIterator):
-        * VM/SamplingTool.cpp:
-        (KJS::):
-        (KJS::SamplingTool::run):
-        (KJS::SamplingTool::dump):
-        * VM/SamplingTool.h:
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::zeroImmediate):
-        (KJS::JSImmediate::oneImmediate):
-        * kjs/JSValue.h:
-        * kjs/JSVariableObject.h:
-        (KJS::JSVariableObject::JSVariableObjectData::offsetOf_registers):
-        (KJS::JSVariableObject::offsetOf_d):
-        (KJS::JSVariableObject::offsetOf_Data_registers):
-        * masm: Added.
-        * masm/IA32MacroAsm.h: Added.
-        (KJS::JITCodeBuffer::JITCodeBuffer):
-        (KJS::JITCodeBuffer::putByte):
-        (KJS::JITCodeBuffer::putShort):
-        (KJS::JITCodeBuffer::putInt):
-        (KJS::JITCodeBuffer::getEIP):
-        (KJS::JITCodeBuffer::start):
-        (KJS::JITCodeBuffer::getOffset):
-        (KJS::JITCodeBuffer::reset):
-        (KJS::JITCodeBuffer::copy):
-        (KJS::IA32MacroAssembler::):
-        (KJS::IA32MacroAssembler::emitModRm_rr):
-        (KJS::IA32MacroAssembler::emitModRm_rm):
-        (KJS::IA32MacroAssembler::emitModRm_rmsib):
-        (KJS::IA32MacroAssembler::emitModRm_opr):
-        (KJS::IA32MacroAssembler::emitModRm_opm):
-        (KJS::IA32MacroAssembler::IA32MacroAssembler):
-        (KJS::IA32MacroAssembler::emitInt3):
-        (KJS::IA32MacroAssembler::emitPushl_r):
-        (KJS::IA32MacroAssembler::emitPopl_r):
-        (KJS::IA32MacroAssembler::emitMovl_rr):
-        (KJS::IA32MacroAssembler::emitAddl_rr):
-        (KJS::IA32MacroAssembler::emitAddl_i8r):
-        (KJS::IA32MacroAssembler::emitAddl_i32r):
-        (KJS::IA32MacroAssembler::emitAddl_mr):
-        (KJS::IA32MacroAssembler::emitAndl_rr):
-        (KJS::IA32MacroAssembler::emitAndl_i32r):
-        (KJS::IA32MacroAssembler::emitCmpl_i8r):
-        (KJS::IA32MacroAssembler::emitCmpl_rr):
-        (KJS::IA32MacroAssembler::emitCmpl_rm):
-        (KJS::IA32MacroAssembler::emitCmpl_i32r):
-        (KJS::IA32MacroAssembler::emitCmpw_rm):
-        (KJS::IA32MacroAssembler::emitOrl_rr):
-        (KJS::IA32MacroAssembler::emitOrl_i8r):
-        (KJS::IA32MacroAssembler::emitSubl_rr):
-        (KJS::IA32MacroAssembler::emitSubl_i8r):
-        (KJS::IA32MacroAssembler::emitSubl_i32r):
-        (KJS::IA32MacroAssembler::emitSubl_mr):
-        (KJS::IA32MacroAssembler::emitTestl_i32r):
-        (KJS::IA32MacroAssembler::emitTestl_rr):
-        (KJS::IA32MacroAssembler::emitXorl_i8r):
-        (KJS::IA32MacroAssembler::emitXorl_rr):
-        (KJS::IA32MacroAssembler::emitSarl_i8r):
-        (KJS::IA32MacroAssembler::emitSarl_CLr):
-        (KJS::IA32MacroAssembler::emitShl_i8r):
-        (KJS::IA32MacroAssembler::emitShll_CLr):
-        (KJS::IA32MacroAssembler::emitMull_rr):
-        (KJS::IA32MacroAssembler::emitIdivl_r):
-        (KJS::IA32MacroAssembler::emitCdq):
-        (KJS::IA32MacroAssembler::emitMovl_mr):
-        (KJS::IA32MacroAssembler::emitMovzwl_mr):
-        (KJS::IA32MacroAssembler::emitMovl_rm):
-        (KJS::IA32MacroAssembler::emitMovl_i32r):
-        (KJS::IA32MacroAssembler::emitMovl_i32m):
-        (KJS::IA32MacroAssembler::emitLeal_mr):
-        (KJS::IA32MacroAssembler::emitRet):
-        (KJS::IA32MacroAssembler::JmpSrc::JmpSrc):
-        (KJS::IA32MacroAssembler::JmpDst::JmpDst):
-        (KJS::IA32MacroAssembler::emitCall):
-        (KJS::IA32MacroAssembler::label):
-        (KJS::IA32MacroAssembler::emitUnlinkedJmp):
-        (KJS::IA32MacroAssembler::emitUnlinkedJne):
-        (KJS::IA32MacroAssembler::emitUnlinkedJe):
-        (KJS::IA32MacroAssembler::emitUnlinkedJl):
-        (KJS::IA32MacroAssembler::emitUnlinkedJle):
-        (KJS::IA32MacroAssembler::emitUnlinkedJge):
-        (KJS::IA32MacroAssembler::emitUnlinkedJae):
-        (KJS::IA32MacroAssembler::emitUnlinkedJo):
-        (KJS::IA32MacroAssembler::emitPredictionNotTaken):
-        (KJS::IA32MacroAssembler::link):
-        (KJS::IA32MacroAssembler::copy):
-        * wtf/Platform.h:
-
-2008-08-26  Oliver Hunt  <oliver@apple.com>
-
-        RS=Maciej.
-
-        Enabled -fomit-frame-pointer on Release and Production builds, add additional Profiling build config for shark, etc.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-=== Start merge of squirrelfish-extreme ===
-
-2008-09-06  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix the Mac Debug build by adding symbols that are exported only in a
-        Debug configuration.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * DerivedSources.make:
-        * JavaScriptCore.Debug.exp: Added.
-        * JavaScriptCore.base.exp: Copied from JavaScriptCore.exp.
-        * JavaScriptCore.exp: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-09-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20681
-          JSPropertyNameIterator functions need to be inlined
-
-        1.007x as fast on SunSpider overall
-        1.081x as fast on SunSpider math-cordic
-
-        * VM/JSPropertyNameIterator.cpp: Moved functions out of here.
-        * VM/JSPropertyNameIterator.h:
-        (KJS::JSPropertyNameIterator::JSPropertyNameIterator): Moved
-        this into the header and marked it inline.
-        (KJS::JSPropertyNameIterator::create): Ditto.
-        (KJS::JSPropertyNameIterator::next): Ditto.
-
-2008-09-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=20673
-          single-character strings are churning in the Identifier table
-
-        1.007x as fast on SunSpider overall
-        1.167x as fast on SunSpider string-fasta
-
-        * JavaScriptCore.exp: Updated.
-        * kjs/SmallStrings.cpp:
-        (KJS::SmallStrings::singleCharacterStringRep): Added.
-        * kjs/SmallStrings.h: Added singleCharacterStringRep for clients that
-        need just a UString, not a JSString.
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add): Added special cases for single character strings
-        so that the UString::Rep that ends up in the identifier table is the one
-        from the single-character string optimization; otherwise we end up having
-        to look it up in the identifier table over and over again.
-        (KJS::Identifier::addSlowCase): Ditto.
-        (KJS::Identifier::checkSameIdentifierTable): Made this function an empty
-        inline in release builds so that callers don't have to put #ifndef NDEBUG
-        at each call site.
-        * kjs/identifier.h:
-        (KJS::Identifier::add): Removed #ifndef NDEBUG around the calls to
-        checkSameIdentifierTable.
-        (KJS::Identifier::checkSameIdentifierTable): Added. Empty inline version
-        for NDEBUG builds.
-
-2008-09-05  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * kjs/JSObject.h: Move the inline virtual destructor after a non-inline
-        virtual function so that the symbol for the vtable is not marked as a
-        weakly exported symbol.
-
-2008-09-05  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        - fix https://bugs.webkit.org/show_bug.cgi?id=20671
-          JavaScriptCore string manipulation spends too much time in memcpy
-
-        1.011x as fast on SunSpider overall
-        1.028x as fast on SunSpider string tests
-
-        For small strings, use a loop rather than calling memcpy. The loop can
-        be faster because there's no function call overhead, and because it can
-        assume the pointers are aligned instead of checking that. Currently the
-        threshold is set at 20 characters, based on some testing on one particular
-        computer. Later we can tune this for various platforms by setting
-        USTRING_COPY_CHARS_INLINE_CUTOFF appropriately, but it does no great harm
-        if not perfectly tuned.
-
-        * kjs/ustring.cpp:
-        (KJS::overflowIndicator): Removed bogus const.
-        (KJS::maxUChars): Ditto.
-        (KJS::copyChars): Added.
-        (KJS::UString::Rep::createCopying): Call copyChars instead of memcpy.
-        Also eliminated need for const_cast.
-        (KJS::UString::expandPreCapacity): Ditto.
-        (KJS::concatenate): Ditto.
-        (KJS::UString::spliceSubstringsWithSeparators): Ditto.
-        (KJS::UString::append): Ditto.
-
-2008-09-05  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Sam and Alexey.
-
-        Make the profiler work with a null exec state.  This will allow other
-        applications start the profiler to get DTrace probes going without
-        needing a WebView.
-
-        * ChangeLog:
-        * profiler/ProfileGenerator.cpp:
-        (KJS::ProfileGenerator::ProfileGenerator):
-        (KJS::ProfileGenerator::willExecute):
-        (KJS::ProfileGenerator::didExecute):
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::stopProfiling):
-        (KJS::dispatchFunctionToProfiles):
-
-2008-09-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-        
-        Fixed an off-by-one error that would cause the StructureIDChain to
-        be one object too short.
-        
-        Can't construct a test case because other factors make this not crash
-        (yet!).
-
-        * kjs/StructureID.cpp:
-        (KJS::StructureIDChain::StructureIDChain):
-
-2008-09-04  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fixes.
-
-        * JavaScriptCoreSources.bkl:
-
-2008-09-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Fix https://bugs.webkit.org/show_bug.cgi?id=20639.
-        Bug 20639: ENABLE_DASHBOARD_SUPPORT does not need to be a FEATURE_DEFINE
-
-        * Configurations/JavaScriptCore.xcconfig: Remove ENABLE_DASHBOARD_SUPPORT from FEATURE_DEFINES.
-        * wtf/Platform.h: Set ENABLE_DASHBOARD_SUPPORT for PLATFORM(MAC).
-
-2008-09-04  Adele Peterson  <adele@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2008-09-04  Mark Rowe  <mrowe@apple.com>
-
-        Mac build fix.
-
-        * kjs/config.h: Only check the value of HAVE_CONFIG_H if it is defined.
-
-2008-09-04  Marco Barisione  <marco.barisione@collabora.co.uk>
-
-        Reviewed by Eric Seidel.
-
-        http://bugs.webkit.org/show_bug.cgi?id=20380
-        [GTK][AUTOTOOLS] Include autotoolsconfig.h from config.h
-
-        * kjs/config.h: Include the configuration header generated by
-        autotools if available.
-
-2008-09-04  Tor Arne Vestbø  <tavestbo@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix the QtWebKit build to match changes in r36016
-
-        * JavaScriptCore.pri:
-
-2008-09-04  Mark Rowe  <mrowe@apple.com>
-
-        Fix the 64-bit build.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::printStructureID): Store the instruction offset into an unsigned local
-        to avoid a warning related to format specifiers.
-        (KJS::CodeBlock::printStructureIDs): Ditto.
-
-2008-09-04  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Correct the spelling of 'entryIndices'.
-
-        * kjs/PropertyMap.cpp:
-        (KJS::PropertyMap::get):
-        (KJS::PropertyMap::getLocation):
-        (KJS::PropertyMap::put):
-        (KJS::PropertyMap::insert):
-        (KJS::PropertyMap::remove):
-        (KJS::PropertyMap::checkConsistency):
-        * kjs/PropertyMap.h:
-        (KJS::PropertyMapHashTable::entries):
-        (KJS::PropertyMap::getOffset):
-        (KJS::PropertyMap::putOffset):
-        (KJS::PropertyMap::offsetForTableLocation):
-
-2008-09-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-        
-        Fixed <rdar://problem/6193925> REGRESSION: Crash occurs at
-        KJS::Machine::privateExecute() when attempting to load my Mobile Gallery
-        (http://www.me.com/gallery/#home)
-        
-        also
-        
-        https://bugs.webkit.org/show_bug.cgi?id=20633 Crash in privateExecute
-        @ cs.byu.edu
-        
-        The underlying problem was that we would cache prototype properties
-        even if the prototype was a dictionary.
-        
-        The fix is to transition a prototype back from dictionary to normal
-        status when an opcode caches access to it. (This is better than just
-        refusing to cache, since a heavily accessed prototype is almost
-        certainly not a true dictionary.)
-
-        * VM/Machine.cpp:
-        (KJS::Machine::tryCacheGetByID):
-        * kjs/JSObject.h:
-
-2008-09-03  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Sam.
-
-        Clean up Platform.h and add PLATFORM(CHROMIUM), PLATFORM(SKIA) and USE(V8_BINDINGS)
-
-        * Configurations/JavaScriptCore.xcconfig: add missing ENABLE_*
-        * wtf/ASCIICType.h: include <wtf/Assertions.h> since it depends on it.
-        * wtf/Platform.h:
-
-2008-09-03  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        Remove the rest of the "zombie" code from the profiler.
-        - There is no longer a need for the ProfilerClient callback mechanism.
-
-        * API/JSProfilerPrivate.cpp:
-        (JSStartProfiling):
-        * JavaScriptCore.exp:
-        * profiler/HeavyProfile.h:
-        * profiler/ProfileGenerator.cpp:
-        (KJS::ProfileGenerator::create):
-        (KJS::ProfileGenerator::ProfileGenerator):
-        * profiler/ProfileGenerator.h:
-        (KJS::ProfileGenerator::profileGroup):
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::stopProfiling): Immediately return the profile when
-        stopped instead of using a callback.
-        * profiler/Profiler.h:
-        * profiler/TreeProfile.h:
-
-2008-09-03  Adele Peterson  <adele@apple.com>
-
-        Build fix.
-
-        * wtf/win/MainThreadWin.cpp:
-
-2008-09-02  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Darin and Tim.
-
-        Remove most of the "zombie" mode from the profiler.  Next we will need
-        to remove the client callback mechanism in profiles.
-
-        - This simplifies the code, leverages the recent changes I've made in
-        getting line numbers from SquirrelFish, and is a slight speed
-        improvement on SunSpider.
-        - Also the "zombie" mode was a constant source of odd edge cases and
-        obscure bugs so it's good to remove since all of its issues may not have
-        been found.
-
-        * API/JSProfilerPrivate.cpp: No need to call didFinishAllExecution() any
-        more.
-        (JSEndProfiling):
-        * JavaScriptCore.exp: Export the new signature of retrieveLastCaller()
-        * VM/Machine.cpp:
-        (KJS::Machine::execute): No need to call didFinishAllExecution() any
-        more.
-        (KJS::Machine::retrieveCaller): Now operates on InternalFunctions now
-        since the RegisterFile is no longer guaranteeded to store only
-        JSFunctions
-        (KJS::Machine::retrieveLastCaller): Now also retrieve the function's
-        name
-        (KJS::Machine::callFrame): A result of changing retrieveCaller()
-        * VM/Machine.h:
-        * VM/Register.h: 
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject):
-        * kjs/nodes.h:
-        * profiler/ProfileGenerator.cpp:
-        (KJS::ProfileGenerator::create): Now pass the original exec and get the
-        global exec and client when necessary.  We need the original exec so we
-        can have the stack frame where profiling started.
-        (KJS::ProfileGenerator::ProfileGenerator): ditto.
-        (KJS::ProfileGenerator::addParentForConsoleStart): This is where the 
-        parent to star of the profile is added, if there is one.
-        (KJS::ProfileGenerator::willExecute): Remove uglyness!
-        (KJS::ProfileGenerator::didExecute): Ditto!
-        (KJS::ProfileGenerator::stopProfiling):
-        (KJS::ProfileGenerator::removeProfileStart): Use a better way to find
-        and remove the function we are looking for.
-        (KJS::ProfileGenerator::removeProfileEnd): Ditto.
-        * profiler/ProfileGenerator.h:
-        (KJS::ProfileGenerator::client):
-        * profiler/ProfileNode.cpp:
-        (KJS::ProfileNode::removeChild): Add a better way to remove a child from
-        a ProfileNode.
-        (KJS::ProfileNode::stopProfiling):
-        (KJS::ProfileNode::debugPrintData): Modified a debug-only diagnostic
-        function to be sane.
-        * profiler/ProfileNode.h:
-        * profiler/Profiler.cpp: Change to pass the original exec state.
-        (KJS::Profiler::startProfiling):
-        (KJS::Profiler::stopProfiling):
-        (KJS::Profiler::willExecute):
-        (KJS::Profiler::didExecute):
-        (KJS::Profiler::createCallIdentifier):
-        * profiler/Profiler.h:
-
-2008-09-01  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Implement callOnMainThreadAndWait().
-
-        This will be useful when a background thread needs to perform UI calls synchronously
-        (e.g. an openDatabase() call cannot return until the user answers to a confirmation dialog).
-
-        * wtf/MainThread.cpp:
-        (WTF::FunctionWithContext::FunctionWithContext): Added a ThreadCondition member. When
-        non-zero, the condition is signalled after the function is called.
-        (WTF::mainThreadFunctionQueueMutex): Renamed from functionQueueMutex, sinc this is no longer
-        static. Changed to be initialized from initializeThreading() to avoid lock contention.
-        (WTF::initializeMainThread): On non-Windows platforms, just call mainThreadFunctionQueueMutex.
-        (WTF::dispatchFunctionsFromMainThread): Signal synchronous calls when done.
-        (WTF::callOnMainThread): Updated for functionQueueMutex rename.
-        (WTF::callOnMainThreadAndWait):  Added.
-
-        * wtf/MainThread.h: Added callOnMainThreadAndWait(); initializeMainThread() now exists on
-        all platforms.
-
-        * wtf/win/MainThreadWin.cpp: (WTF::initializeMainThread): Added a callOnMainThreadAndWait()
-        call to initialize function queue mutex.
-
-        * wtf/ThreadingGtk.cpp: (WTF::initializeThreading):
-        * wtf/ThreadingPthreads.cpp: (WTF::initializeThreading):
-        * wtf/ThreadingQt.cpp: (WTF::initializeThreading):
-        Only initialize mainThreadIdentifier on non-Darwin platforms. It was not guaranteed to be
-        accurate on Darwin.
-
-2008-09-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Use isUndefinedOrNull() instead of separate checks for each in op_eq_null
-        and op_neq_null.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-09-02  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Bug 20296: OpcodeStats doesn't build on platforms which don't have mergesort().
-        <https://bugs.webkit.org/show_bug.cgi?id=20296>
-
-        * VM/Opcode.cpp:
-        (KJS::OpcodeStats::~OpcodeStats): mergesort() replaced with qsort()
-
-2008-09-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fast path for array.length and string.length.
-        
-        SunSpider says 0.5% faster.
-
-2008-09-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Anders Carlsson.
-        
-        Added optimized paths for comparing to null.
-        
-        SunSpider says 0.5% faster.
-
-2008-09-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Changed jsDriver.pl to dump the exact text you would need in order to
-        reproduce a test result. This enables a fast workflow where you copy
-        and paste a test failure in the terminal.
-
-        * tests/mozilla/jsDriver.pl:
-
-2008-09-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Implemented the rest of Darin's review comments for the 09-01 inline
-        caching patch.
-        
-        SunSpider says 0.5% faster, but that seems like noise.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Put PutPropertySlot into
-        its own file, and added BatchedTransitionOptimizer.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::~CodeBlock): Use array indexing instead of a pointer
-        iterator.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator): Used BatchedTransitionOptimizer to
-        make batched put and remove for declared variables fast, without forever
-        pessimizing the global object. Removed the old getDirect/removeDirect hack
-        that tried to do the same in a more limited way.
-
-        * VM/CodeGenerator.h: Moved IdentifierRepHash to the KJS namespace since
-        it doesn't specialize anything in WTF.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::Machine): Nixed the DummyConstruct tag because it was
-        confusingly named.
-
-        (KJS::Machine::execute):  Used BatchedTransitionOptimizer, as above. Fixed
-        up some comments.
-
-        (KJS::cachePrototypeChain): Cast to JSObject*, since it's more specific.
-
-        (KJS::Machine::tryCachePutByID): Use isNull() instead of comparing to
-        jsNull(), since isNull() leaves more options open for the future.
-        (KJS::Machine::tryCacheGetByID): ditto
-        (KJS::Machine::privateExecute): ditto
-
-        * VM/SamplingTool.cpp:
-        (KJS::SamplingTool::dump): Use C++-style cast, to match our style
-        guidelines.
-
-        * kjs/BatchedTransitionOptimizer.h: Added. New class that allows host
-        code to add a batch of properties to an object in an efficient way.
-
-        * kjs/JSActivation.cpp: Use isNull(), as above.
-
-        * kjs/JSArray.cpp: Get rid of DummyConstruct tag, as above.
-        * kjs/JSArray.h:
-
-        * kjs/JSGlobalData.cpp: Nixed two unused StructureIDs.
-        * kjs/JSGlobalData.h:
-
-        * kjs/JSImmediate.cpp: Use isNull(), as above.
-
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::mark): Moved mark tracing code elsewhere, to make this
-        function more readable.
-
-        (KJS::JSObject::put): Use isNull(), as above.
-
-        (KJS::JSObject::createInheritorID): Return a raw pointer, since the
-        object is owned by a data member, not necessarily the caller.
-        * kjs/JSObject.h:
-
-        * kjs/JSString.cpp: Use isNull(), as above.
-
-        * kjs/PropertyMap.h: Updated to use PropertySlot::invalidOffset.
-
-        * kjs/PropertySlot.h: Changed KJS_INVALID_OFFSET to WTF::notFound
-        because C macros are so 80's.
-
-        * kjs/PutPropertySlot.h: Added. Split out of PropertySlot.h. Also renamed
-        PutPropertySlot::SlotType to PutPropertySlot::Type, and slotBase to base,
-        since "slot" was redundant.
-
-        * kjs/StructureID.cpp: Added a new transition *away* from dictionary
-        status, to support BatchedTransitionOptimizer.
-
-        (KJS::StructureIDChain::StructureIDChain): No need to store m_size as
-        a data member, so keep it in a local, which might be faster.
-        * kjs/StructureID.h:
-
-        * kjs/SymbolTable.h: Moved IdentifierRepHash to KJS namespace, as above.
-        * kjs/ustring.h:
-
-2008-09-02  Adam Roben  <aroben@apple.com>
-
-        Windows build fixes
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add
-        StructureID.{cpp,h} to the project. Also let VS reorder this file.
-        * VM/CodeBlock.cpp: Include StringExtras so that snprintf will be
-        defined on Windows.
-
-2008-09-01  Sam Weinig  <sam@webkit.org>
-
-        Fix release build.
-
-        * JavaScriptCore.exp:
-
-2008-09-01  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Gtk buildfix
-
-        * GNUmakefile.am:
-        * kjs/PropertyMap.cpp: rename Identifier.h to identifier.h
-        * kjs/StructureID.cpp: include JSObject.h
-
-2008-09-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        First cut at inline caching for access to vanilla JavaScript properties.
-        
-        SunSpider says 4% faster. Tests heavy on dictionary-like access have
-        regressed a bit -- we have a lot of room to improve in this area,
-        but this patch is over-ripe as-is.
-        
-        JSCells now have a StructureID that uniquely identifies their layout,
-        and holds their prototype.
-        
-        JSValue::put takes a PropertySlot& argument, so it can fill in details
-        about where it put a value, for the sake of caching.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::CodeGenerator): Avoid calling removeDirect if we
-        can, since it disables inline caching in the global object. This can
-        probably improve in the future.
-
-        * kjs/JSGlobalObject.cpp: Nixed reset(), since it complicates caching, and
-        wasn't really necessary.
-
-        * kjs/JSObject.cpp: Tweaked getter / setter behavior not to rely on the
-        IsGetterSetter flag, since the flag was buggy. This is necessary in order
-        to avoid accidentally accessing a getter / setter as a normal property.
-        
-        Also changed getter / setter creation to honor ReadOnly, matching Mozilla.
-        
-        * kjs/PropertyMap.cpp: Nixed clear(), since it complicates caching and
-        isn't necessary.
-
-        * kjs/Shell.cpp: Moved SamplingTool dumping outside the loop. This allows
-        you to aggregate sampling of multiple files (or the same file repeatedly),
-        which helped me track down regressions.
-
-        * kjs/ustring.h: Moved IdentifierRepHash here to share it.
-
-2008-09-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Eagerly allocate the Math object's numeric constants. This avoids
-        constantly reallocating them in loops, and also ensures that the Math
-        object will not use the single property optimization, which makes
-        properties ineligible for caching.
-
-        SunSpider reports a small speedup, in combination with inline caching.
-
-        * kjs/MathObject.cpp:
-        (KJS::MathObject::MathObject):
-        (KJS::MathObject::getOwnPropertySlot):
-        * kjs/MathObject.h:
-
-2008-09-01  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        Gtk build fix, not reviewed.
-
-        * GNUmakefile.am: Add SmallStrings.cpp in both release and debug builds
-
-2008-08-31  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej Stachowiak.
-
-        Bug 20577: REGRESSION (r36006): Gmail is broken
-        <https://bugs.webkit.org/show_bug.cgi?id=20577>
-
-        r36006 changed stringProtoFuncSubstr() so that it is uses the more
-        efficient jsSubstring(), rather than using UString::substr() and then
-        calling jsString(). However, the change did not account for the case
-        where the start and the length of the substring extend beyond the length
-        of the original string. This patch corrects that.
-
-        * kjs/StringPrototype.cpp:
-        (KJS::stringProtoFuncSubstr):
-
-2008-08-31  Simon Hausmann  <hausmann@wekit.org>
-
-        Unreviewed build fix (with gcc 4.3)
-
-        * kjs/ustring.h: Properly forward declare operator== for UString and
-        the the concatenate functions inside the KJS namespace.
-
-2008-08-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - https://bugs.webkit.org/show_bug.cgi?id=20333
-          improve JavaScript speed when handling single-character strings
-
-        1.035x as fast on SunSpider overall.
-        1.127x as fast on SunSpider string tests.
-        1.910x as fast on SunSpider string-base64 test.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction): Removed unneeded explicit construction of UString.
-
-        * GNUmakefile.am: Added SmallStrings.h and SmallStrings.cpp.
-        * JavaScriptCore.pri: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * JavaScriptCoreSources.bkl: Ditto.
-
-        * JavaScriptCore.exp: Updated.
-
-        * VM/Machine.cpp:
-        (KJS::jsAddSlowCase): Changed to use a code path that doesn't involve
-        a UString constructor. This avoids an extra jump caused by the "in charge"
-        vs. "not in charge" constructors.
-        (KJS::jsAdd): Ditto.
-        (KJS::jsTypeStringForValue): Adopted jsNontrivialString.
-
-        * kjs/ArrayPrototype.cpp:
-        (KJS::arrayProtoFuncToString): Adopted jsEmptyString.
-        (KJS::arrayProtoFuncToLocaleString): Ditto.
-        (KJS::arrayProtoFuncJoin): Ditto.
-        * kjs/BooleanPrototype.cpp:
-        (KJS::booleanProtoFuncToString): Adopted jsNontrivialString.
-        * kjs/DateConstructor.cpp:
-        (KJS::callDate): Ditto.
-        * kjs/DatePrototype.cpp:
-        (KJS::formatLocaleDate): Adopted jsEmptyString and jsNontrivialString.
-        (KJS::dateProtoFuncToString): Ditto.
-        (KJS::dateProtoFuncToUTCString): Ditto.
-        (KJS::dateProtoFuncToDateString): Ditto.
-        (KJS::dateProtoFuncToTimeString): Ditto.
-        (KJS::dateProtoFuncToLocaleString): Ditto.
-        (KJS::dateProtoFuncToLocaleDateString): Ditto.
-        (KJS::dateProtoFuncToLocaleTimeString): Ditto.
-        (KJS::dateProtoFuncToGMTString): Ditto.
-
-        * kjs/ErrorPrototype.cpp:
-        (KJS::ErrorPrototype::ErrorPrototype): Ditto.
-        (KJS::errorProtoFuncToString): Ditto.
-
-        * kjs/JSGlobalData.h: Added SmallStrings.
-
-        * kjs/JSString.cpp:
-        (KJS::jsString): Eliminated the overload that takes a const char*.
-        Added code to use SmallStrings to get strings of small sizes rather
-        than creating a new JSString every time.
-        (KJS::jsSubstring): Added. Used when creating a string from a substring
-        to avoid creating a JSString in cases where the substring will end up
-        empty or as one character.
-        (KJS::jsOwnedString): Added the same code as in jsString.
-
-        * kjs/JSString.h: Added new functions jsEmptyString, jsSingleCharacterString,
-        jsSingleCharacterSubstring, jsSubstring, and jsNontrivialString for various
-        cases where we want to create JSString, and want special handling for small
-        strings.
-        (KJS::JSString::JSString): Added an overload that takes a PassRefPtr of
-        a UString::Rep so you don't have to construct a UString; PassRefPtr can be
-        more efficient.
-        (KJS::jsEmptyString): Added.
-        (KJS::jsSingleCharacterString): Added.
-        (KJS::jsSingleCharacterSubstring): Added.
-        (KJS::jsNontrivialString): Added.
-        (KJS::JSString::getIndex): Adopted jsSingleCharacterSubstring.
-        (KJS::JSString::getStringPropertySlot): Ditto.
-
-        * kjs/NumberPrototype.cpp:
-        (KJS::numberProtoFuncToFixed): Adopted jsNontrivialString.
-        (KJS::numberProtoFuncToExponential): Ditto.
-        (KJS::numberProtoFuncToPrecision): Ditto.
-
-        * kjs/ObjectPrototype.cpp:
-        (KJS::objectProtoFuncToLocaleString): Adopted toThisJSString.
-        (KJS::objectProtoFuncToString): Adopted jsNontrivialString.
-
-        * kjs/RegExpConstructor.cpp: Separated the lastInput value that's used
-        with the lastOvector to return matches from the input value that can be
-        changed via JavaScript. They will be equal in many cases, but not all.
-        (KJS::RegExpConstructor::performMatch): Set input.
-        (KJS::RegExpMatchesArray::RegExpMatchesArray): Ditto.
-        (KJS::RegExpMatchesArray::fillArrayInstance): Adopted jsSubstring. Also,
-        use input rather than lastInput in the appropriate place.
-        (KJS::RegExpConstructor::getBackref): Adopted jsSubstring and jsEmptyString.
-        Added code to handle the case where there is no backref -- before this
-        depended on range checking in UString::substr which is not present in
-        jsSubstring.
-        (KJS::RegExpConstructor::getLastParen): Ditto.
-        (KJS::RegExpConstructor::getLeftContext): Ditto.
-        (KJS::RegExpConstructor::getRightContext): Ditto.
-        (KJS::RegExpConstructor::getValueProperty): Use input rather than lastInput.
-        Also adopt jsEmptyString.
-        (KJS::RegExpConstructor::putValueProperty): Ditto.
-        (KJS::RegExpConstructor::input): Ditto.
-
-        * kjs/RegExpPrototype.cpp:
-        (KJS::regExpProtoFuncToString): Adopt jsNonTrivialString. Also changed to
-        use UString::append to append single characters rather than using += and
-        a C-style string.
-
-        * kjs/SmallStrings.cpp: Added.
-        (KJS::SmallStringsStorage::SmallStringsStorage): Construct the
-        buffer and UString::Rep for all 256 single-character strings for
-        the U+0000 through U+00FF. This covers all the values used in
-        the base64 test as well as most values seen elsewhere on the web
-        as well. It's possible that later we might fix this to only work
-        for U+0000 through U+007F but the others are used quite a bit in
-        the current version of the base64 test.
-        (KJS::SmallStringsStorage::~SmallStringsStorage): Free memory.
-        (KJS::SmallStrings::SmallStrings): Create a set of small strings,
-        initially not created; created later when they are used.
-        (KJS::SmallStrings::~SmallStrings): Deallocate. Not left compiler
-        generated because the SmallStringsStorage class's destructor needs
-        to be visible.
-        (KJS::SmallStrings::mark): Mark all the strings.
-        (KJS::SmallStrings::createEmptyString): Create a cell for the
-        empty string. Called only the first time.
-        (KJS::SmallStrings::createSingleCharacterString): Create a cell
-        for one of the single-character strings. Called only the first time.
-        * kjs/SmallStrings.h: Added.
-
-        * kjs/StringConstructor.cpp:
-        (KJS::stringFromCharCodeSlowCase): Factored out of strinFromCharCode.
-        Only used for cases where the caller does not pass exactly one argument.
-        (KJS::stringFromCharCode): Adopted jsSingleCharacterString.
-        (KJS::callStringConstructor): Adopted jsEmptyString.
-
-        * kjs/StringObject.cpp:
-        (KJS::StringObject::StringObject): Adopted jsEmptyString.
-
-        * kjs/StringPrototype.cpp:
-        (KJS::stringProtoFuncReplace): Adopted jsSubstring.
-        (KJS::stringProtoFuncCharAt): Adopted jsEmptyString and
-        jsSingleCharacterSubstring and also added a special case when the
-        index is an immediate number to avoid conversion to and from floating
-        point, since that's the common case.
-        (KJS::stringProtoFuncCharCodeAt): Ditto.
-        (KJS::stringProtoFuncMatch): Adopted jsSubstring and jsEmptyString.
-        (KJS::stringProtoFuncSlice): Adopted jsSubstring and
-        jsSingleCharacterSubstring. Also got rid of some unneeded locals and
-        removed unneeded code to set the length property of the array, since it
-        is automatically updated as values are added to the array.
-        (KJS::stringProtoFuncSplit): Adopted jsEmptyString.
-        (KJS::stringProtoFuncSubstr): Adopted jsSubstring.
-        (KJS::stringProtoFuncSubstring): Ditto.
-
-        * kjs/collector.cpp:
-        (KJS::Heap::collect): Added a call to mark SmallStrings.
-
-        * kjs/ustring.cpp:
-        (KJS::UString::expandedSize): Made this a static member function since
-        it doesn't need to look at any data members.
-        (KJS::UString::expandCapacity): Use a non-inline function, makeNull, to
-        set the rep to null in failure cases. This avoids adding a PIC branch for
-        the normal case when there is no failure.
-        (KJS::UString::expandPreCapacity): Ditto.
-        (KJS::UString::UString): Ditto.
-        (KJS::concatenate): Refactored the concatenation constructor into this
-        separate function. Calling the concatenation constructor was leading to
-        an extra branch because of the in-charge vs. not-in-charge versions not
-        both being inlined, and this was showing up as nearly 1% on Shark. Also
-        added a special case for when the second string is a single character,
-        since it's a common idiom to build up a string that way and we can do
-        things much more quickly, without involving memcpy for example. Also
-        adopted the non-inline function, nullRep, for the same reason given for
-        makeNull above.
-        (KJS::UString::append): Adopted makeNull for failure cases.
-        (KJS::UString::operator=): Ditto.
-        (KJS::UString::toDouble): Added a special case for converting single
-        character strings to numbers. We're doing this a ton of times while
-        running the base64 test.
-        (KJS::operator==): Added special cases so we can compare single-character
-        strings without calling memcmp. Later we might want to special case other
-        short lengths similarly.
-        (KJS::UString::makeNull): Added.
-        (KJS::UString::nullRep): Added.
-        * kjs/ustring.h: Added declarations for the nullRep and makeNull. Changed
-        expandedSize to be a static member function. Added a declaration of the
-        concatenate function. Removed the concatenation constructor. Rewrote
-        operator+ to use the concatenate function.
-
-2008-08-29  Anders Carlsson  <andersca@apple.com>
-
-        Build fix.
-
-        * VM/Machine.cpp:
-        (KJS::getCPUTime):
-
-2008-08-29  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/6174667> 
-        When a machine is under heavy load, the Slow Script dialog often comes up many times and just gets in the way
-        
-        Instead of using clock time, use the CPU time spent executing the current thread when
-        determining if the script has been running for too long.
-        
-        * VM/Machine.cpp:
-        (KJS::getCPUTime):
-        (KJS::Machine::checkTimeout):
-
-2008-08-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Sam Weinig.
-
-        Change 'term' to 'expr' in variable names to standardize terminology.
-
-        * kjs/nodes.cpp:
-        (KJS::BinaryOpNode::emitCode):
-        (KJS::ReverseBinaryOpNode::emitCode):
-        (KJS::ThrowableBinaryOpNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::BinaryOpNode::BinaryOpNode):
-        (KJS::ReverseBinaryOpNode::ReverseBinaryOpNode):
-        (KJS::MultNode::):
-        (KJS::DivNode::):
-        (KJS::ModNode::):
-        (KJS::AddNode::):
-        (KJS::SubNode::):
-        (KJS::LeftShiftNode::):
-        (KJS::RightShiftNode::):
-        (KJS::UnsignedRightShiftNode::):
-        (KJS::LessNode::):
-        (KJS::GreaterNode::):
-        (KJS::LessEqNode::):
-        (KJS::GreaterEqNode::):
-        (KJS::ThrowableBinaryOpNode::):
-        (KJS::InstanceOfNode::):
-        (KJS::InNode::):
-        (KJS::EqualNode::):
-        (KJS::NotEqualNode::):
-        (KJS::StrictEqualNode::):
-        (KJS::NotStrictEqualNode::):
-        (KJS::BitAndNode::):
-        (KJS::BitOrNode::):
-        (KJS::BitXOrNode::):
-        * kjs/nodes2string.cpp:
-        (KJS::MultNode::streamTo):
-        (KJS::DivNode::streamTo):
-        (KJS::ModNode::streamTo):
-        (KJS::AddNode::streamTo):
-        (KJS::SubNode::streamTo):
-        (KJS::LeftShiftNode::streamTo):
-        (KJS::RightShiftNode::streamTo):
-        (KJS::UnsignedRightShiftNode::streamTo):
-        (KJS::LessNode::streamTo):
-        (KJS::GreaterNode::streamTo):
-        (KJS::LessEqNode::streamTo):
-        (KJS::GreaterEqNode::streamTo):
-        (KJS::InstanceOfNode::streamTo):
-        (KJS::InNode::streamTo):
-        (KJS::EqualNode::streamTo):
-        (KJS::NotEqualNode::streamTo):
-        (KJS::StrictEqualNode::streamTo):
-        (KJS::NotStrictEqualNode::streamTo):
-        (KJS::BitAndNode::streamTo):
-        (KJS::BitXOrNode::streamTo):
-        (KJS::BitOrNode::streamTo):
-
-2008-08-28  Alp Toker  <alp@nuanti.com>
-
-        GTK+ dist/build fix. List newly added header files.
-
-        * GNUmakefile.am:
-
-2008-08-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Change to throw a ReferenceError at runtime instead of a ParseError
-        at parse time, when the left hand side expression of a for-in statement
-        is not an lvalue.
-
-        * kjs/grammar.y:
-        * kjs/nodes.cpp:
-        (KJS::ForInNode::emitCode):
-
-2008-08-28  Alexey Proskuryakov  <ap@webkit.org>
-
-        Not reviewed, build fix (at least for OpenBSD, posssibly more).
-
-        https://bugs.webkit.org/show_bug.cgi?id=20545
-        missing #include <unistd.h> in JavaScriptCore/VM/SamplingTool.cpp
-
-        * VM/SamplingTool.cpp: add the missing include.
-
-2008-08-26  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff and Cameron.
-
-        <rdar://problem/6174603> Hitting assertion in Register::codeBlock when
-        loading facebook (20516).
-
-        - This was a result of my line numbers change.  After a host function is
-        called the stack does not get reset correctly.
-        - Oddly this also appears to be a slight speedup on SunSpider.
-
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-
-2008-08-26  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff and Tim.
-
-        Export new API methods.
-
-        * JavaScriptCore.exp:
-
-2008-08-25  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoff, Tim and Mark.
-
-        <rdar://problem/6150623> JSProfiler: It would be nice if the profiles
-        in the console said what file and line number they came from
-        - Lay the foundation for getting line numbers and other data from the
-        JavaScript engine.  With the cleanup in kjs/ExecState this is actually
-        a slight performance improvement.
-
-        * JavaScriptCore.exp: Export retrieveLastCaller() for WebCore.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * VM/Machine.cpp: Now Host and JS functions set a call frame on the
-        exec state, so this and the profiler code were pulled out of the
-        branches.
-        (KJS::Machine::privateExecute):
-        (KJS::Machine::retrieveLastCaller): This get's the lineNumber, sourceID
-        and sourceURL for the previously called function.
-        * VM/Machine.h:
-        * kjs/ExecState.cpp: Remove references to JSFunction since it's not used
-        anywhere.
-        * kjs/ExecState.h:
-
-2008-08-25  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Ensure that JSGlobalContextRelease() performs garbage collection, even if there are other
-        contexts in the current context's group.
-
-        This is only really necessary when the last reference is released, but there is no way to
-        determine that, and no harm in collecting slightly more often.
-
-        * API/JSContextRef.cpp: (JSGlobalContextRelease): Explicitly collect the heap if it is not
-        being destroyed.
-
-2008-08-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 20093: JSC shell does not clear exceptions after it executes toString on an expression
-        <https://bugs.webkit.org/show_bug.cgi?id=20093>
-
-        Clear exceptions after evaluating any code in the JSC shell. We do not
-        report exceptions that are caused by calling toString on the final
-        valued, but at least we avoid incorrect behaviour.
-
-        Also, print any exceptions that occurred while evaluating code at the
-        interactive prompt, not just while evaluating code from a file.
-
-        * kjs/Shell.cpp:
-        (runWithScripts):
-        (runInteractive):
-
-2008-08-24  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Remove an unnecessary RefPtr to a RegisterID.
-
-        * kjs/nodes.cpp:
-        (KJS::DeleteBracketNode::emitCode):
-
-2008-08-24  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Use the correct version number for when JSGlobalContextCreate was introduced.
-
-        * API/JSContextRef.h:
-
-2008-08-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Rubber-stamped by Mark Rowe.
-
-        Remove modelines.
-
-        * API/APICast.h:
-        * API/JSBase.cpp:
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.cpp:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSClassRef.cpp:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSProfilerPrivate.cpp:
-        * API/JSStringRef.cpp:
-        * API/JSStringRefBSTR.cpp:
-        * API/JSStringRefCF.cpp:
-        * API/JSValueRef.cpp:
-        * API/tests/JSNode.c:
-        * API/tests/JSNode.h:
-        * API/tests/JSNodeList.c:
-        * API/tests/JSNodeList.h:
-        * API/tests/Node.c:
-        * API/tests/Node.h:
-        * API/tests/NodeList.c:
-        * API/tests/NodeList.h:
-        * API/tests/minidom.c:
-        * API/tests/minidom.js:
-        * API/tests/testapi.c:
-        * API/tests/testapi.js:
-        * JavaScriptCore.pro:
-        * kjs/FunctionConstructor.h:
-        * kjs/FunctionPrototype.h:
-        * kjs/JSArray.h:
-        * kjs/JSString.h:
-        * kjs/JSWrapperObject.cpp:
-        * kjs/NumberConstructor.h:
-        * kjs/NumberObject.h:
-        * kjs/NumberPrototype.h:
-        * kjs/lexer.h:
-        * kjs/lookup.h:
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-        * wtf/HashCountedSet.h:
-        * wtf/HashFunctions.h:
-        * wtf/HashIterators.h:
-        * wtf/HashMap.h:
-        * wtf/HashSet.h:
-        * wtf/HashTable.h:
-        * wtf/HashTraits.h:
-        * wtf/ListHashSet.h:
-        * wtf/ListRefPtr.h:
-        * wtf/Noncopyable.h:
-        * wtf/OwnArrayPtr.h:
-        * wtf/OwnPtr.h:
-        * wtf/PassRefPtr.h:
-        * wtf/Platform.h:
-        * wtf/RefPtr.h:
-        * wtf/RefPtrHashMap.h:
-        * wtf/RetainPtr.h:
-        * wtf/UnusedParam.h:
-        * wtf/Vector.h:
-        * wtf/VectorTraits.h:
-        * wtf/unicode/Unicode.h:
-        * wtf/unicode/icu/UnicodeIcu.h:
-
-2008-08-22  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver.
-
-        Some cleanup to match our coding style.
-
-        * VM/CodeGenerator.h:
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * kjs/ExecState.cpp:
-        * kjs/ExecState.h:
-        * kjs/completion.h:
-        * kjs/identifier.cpp:
-        (KJS::Identifier::equal):
-        (KJS::CStringTranslator::hash):
-        (KJS::CStringTranslator::equal):
-        (KJS::CStringTranslator::translate):
-        (KJS::UCharBufferTranslator::equal):
-        (KJS::UCharBufferTranslator::translate):
-        (KJS::Identifier::remove):
-        * kjs/operations.h:
-
-2008-08-20  Alexey Proskuryakov  <ap@webkit.org>
-
-        Windows build fix.
-
-        * API/WebKitAvailability.h: Define DEPRECATED_ATTRIBUTE.
-
-2008-08-19  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        Bring back shared JSGlobalData and implicit locking, because too many clients rely on it.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::~JSGlobalData):
-        (KJS::JSGlobalData::JSGlobalData): Re-add shared instance.
-        (KJS::JSGlobalData::sharedInstanceExists): Ditto.
-        (KJS::JSGlobalData::sharedInstance): Ditto.
-        (KJS::JSGlobalData::sharedInstanceInternal): Ditto.
-
-        * API/JSContextRef.h: Deprecated JSGlobalContextCreate(). Added a very conservative
-        description of its threading model (nothing is allowed).
-
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Use shared JSGlobalData.
-        (JSGlobalContextCreateInGroup): Support passing NULL group to request a unique one.
-        (JSGlobalContextRetain): Added back locking.
-        (JSGlobalContextRelease): Ditto.
-        (JSContextGetGlobalObject): Ditto.
-
-        * API/tests/minidom.c: (main):
-        * API/tests/testapi.c: (main):
-        Switched to JSGlobalContextCreateInGroup() to avoid deprecation warnings.
-
-        * JavaScriptCore.exp: Re-added JSLock methods. Added JSGlobalContextCreateInGroup (d'oh!).
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        (JSGarbageCollect):
-        * API/JSCallbackConstructor.cpp:
-        (KJS::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (KJS::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::init):
-        (KJS::::getOwnPropertySlot):
-        (KJS::::put):
-        (KJS::::deleteProperty):
-        (KJS::::construct):
-        (KJS::::hasInstance):
-        (KJS::::call):
-        (KJS::::getPropertyNames):
-        (KJS::::toNumber):
-        (KJS::::toString):
-        (KJS::::staticValueGetter):
-        (KJS::::callbackGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        (JSObjectCopyPropertyNames):
-        (JSPropertyNameArrayRelease):
-        (JSPropertyNameAccumulatorAddName):
-        * API/JSValueRef.cpp:
-        (JSValueIsEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * ForwardingHeaders/JavaScriptCore/JSLock.h: Added.
-        * GNUmakefile.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        * kjs/AllInOneFile.cpp:
-        * kjs/JSGlobalData.h:
-        * kjs/JSGlobalObject.cpp:
-        (KJS::JSGlobalObject::~JSGlobalObject):
-        (KJS::JSGlobalObject::init):
-        * kjs/JSLock.cpp: Added.
-        (KJS::createJSLockCount):
-        (KJS::JSLock::lockCount):
-        (KJS::setLockCount):
-        (KJS::JSLock::JSLock):
-        (KJS::JSLock::lock):
-        (KJS::JSLock::unlock):
-        (KJS::JSLock::currentThreadIsHoldingLock):
-        (KJS::JSLock::DropAllLocks::DropAllLocks):
-        (KJS::JSLock::DropAllLocks::~DropAllLocks):
-        * kjs/JSLock.h: Added.
-        (KJS::JSLock::JSLock):
-        (KJS::JSLock::~JSLock):
-        * kjs/Shell.cpp:
-        (functionGC):
-        (jscmain):
-        * kjs/collector.cpp:
-        (KJS::Heap::~Heap):
-        (KJS::Heap::heapAllocate):
-        (KJS::Heap::setGCProtectNeedsLocking):
-        (KJS::Heap::protect):
-        (KJS::Heap::unprotect):
-        (KJS::Heap::collect):
-        * kjs/identifier.cpp:
-        * kjs/interpreter.cpp:
-        (KJS::Interpreter::checkSyntax):
-        (KJS::Interpreter::evaluate):
-        Re-added implicit locking.
-
-2008-08-19  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim and Mark.
-
-        Implement DTrace hooks for dashcode and instruments.
-
-        * API/JSProfilerPrivate.cpp: Added. Expose SPI so that profiling can be
-        turned on from a client.  The DTrace probes were added within the
-        profiler mechanism for performance reasons so the profiler must be
-        started to enable tracing.
-        (JSStartProfiling):
-        (JSEndProfiling):
-        * API/JSProfilerPrivate.h: Added. Ditto.
-        * JavaScriptCore.exp: Exposing the start/stop methods to clients.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * kjs/Tracing.d: Define the DTrace probes.
-        * kjs/Tracing.h: Ditto.
-        * profiler/ProfileGenerator.cpp: Implement the DTrace probes in the
-        profiler.
-        (KJS::ProfileGenerator::willExecute):
-        (KJS::ProfileGenerator::didExecute):
-
-2008-08-19  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-        
-        * kjs/operations.cpp:
-        (KJS::equal):
-
-2008-08-18  Timothy Hatcher  <timothy@apple.com>
-
-        Fix an assertion when generating a heavy profile because the
-        empty value and deleted value of CallIdentifier where equal.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20439
-
-        Reviewed by Dan Bernstein.
-
-        * profiler/CallIdentifier.h: Make the emptyValue for CallIdentifier
-        use empty strings for URL and function name.
-
-2008-08-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff.
-
-        - eliminate JSValue::type()
-
-        This will make it slightly easier to change the JSImmediate design without
-        having to touch so many call sites.
-
-        SunSpider says this change is a wash (looked like a slight speedup, but not
-        statistically significant).
-
-        * API/JSStringRef.cpp: Removed include of JSType.h.
-        * API/JSValueRef.cpp: Removed include of JSType.h.
-        (JSValueGetType): Replaced use of JSValue::type() with
-        JSValue::is functions.
-
-        * JavaScriptCore.exp: Updated.
-
-        * VM/JSPropertyNameIterator.cpp: Removed type() implementation.
-        (KJS::JSPropertyNameIterator::toPrimitive): Changed to take
-        PreferredPrimitiveType argument instead of JSType.
-        * VM/JSPropertyNameIterator.h: Ditto.
-
-        * VM/Machine.cpp:
-        (KJS::fastIsNumber): Updated for name change.
-        (KJS::fastToInt32): Ditto.
-        (KJS::fastToUInt32): Ditto.
-        (KJS::jsAddSlowCase): Updated toPrimitive caller for change from
-        JSType to PreferredPrimitiveType.
-        (KJS::jsAdd): Replaced calls to JSValue::type() with calls to
-        JSValue::isString().
-        (KJS::jsTypeStringForValue): Replaced calls to JSValue::type()
-        with multiple calls to JSValue::is -- we could make this a
-        virtual function instead if we want to have faster performance.
-        (KJS::Machine::privateExecute): Renamed JSImmediate::toTruncatedUInt32
-        to JSImmediate::getTruncatedUInt32 for consistency with other functions.
-        Changed two calls of JSValue::type() to JSValue::isString().
-
-        * kjs/GetterSetter.cpp:
-        (KJS::GetterSetter::toPrimitive): Changed to take
-        PreferredPrimitiveType argument instead of JSType.
-        (KJS::GetterSetter::isGetterSetter): Added.
-        * kjs/GetterSetter.h:
-
-        * kjs/JSCell.cpp:
-        (KJS::JSCell::isString): Added.
-        (KJS::JSCell::isGetterSetter): Added.
-        (KJS::JSCell::isObject): Added.
-
-        * kjs/JSCell.h: Eliminated type function. Added isGetterSetter.
-        Made isString and isObject virtual. Changed toPrimitive to take
-        PreferredPrimitiveType argument instead of JSType.
-        (KJS::JSCell::isNumber): Use Heap::isNumber for faster performance.
-        (KJS::JSValue::isGetterSetter): Added.
-        (KJS::JSValue::toPrimitive): Changed to take
-        PreferredPrimitiveType argument instead of JSType.
-
-        * kjs/JSImmediate.h: Removed JSValue::type() and replaced
-        JSValue::toTruncatedUInt32 with JSValue::getTruncatedUInt32.
-        (KJS::JSImmediate::isEitherImmediate): Added.
-
-        * kjs/JSNotAnObject.cpp:
-        (KJS::JSNotAnObject::toPrimitive): Changed to take
-        PreferredPrimitiveType argument instead of JSType.
-        * kjs/JSNotAnObject.h: Ditto.
-        * kjs/JSNumberCell.cpp:
-        (KJS::JSNumberCell::toPrimitive): Ditto.
-        * kjs/JSNumberCell.h:
-        (KJS::JSNumberCell::toInt32): Renamed from fastToInt32. There's no
-        other "slow" version of this once you have a JSNumberCell, so there's
-        no need for "fast" in the name. It's a feature that this hides the
-        base class toInt32, which does the same job less efficiently (and has
-        an additional ExecState argument).
-        (KJS::JSNumberCell::toUInt32): Ditto.
-
-        * kjs/JSObject.cpp:
-        (KJS::callDefaultValueFunction): Use isGetterSetter instead of type.
-        (KJS::JSObject::getPrimitiveNumber): Use PreferredPrimitiveType.
-        (KJS::JSObject::defaultValue): Ditto.
-        (KJS::JSObject::defineGetter): Use isGetterSetter.
-        (KJS::JSObject::defineSetter): Ditto.
-        (KJS::JSObject::lookupGetter): Ditto.
-        (KJS::JSObject::lookupSetter): Ditto.
-        (KJS::JSObject::toNumber): Use PreferredPrimitiveType.
-        (KJS::JSObject::toString): Ditto.
-        (KJS::JSObject::isObject): Added.
-
-        * kjs/JSObject.h:
-        (KJS::JSObject::inherits): Call the isObject from JSCell; it's now
-        hidden by our override of isObject.
-        (KJS::JSObject::getOwnPropertySlotForWrite): Use isGetterSetter
-        instead of type.
-        (KJS::JSObject::getOwnPropertySlot): Ditto.
-        (KJS::JSObject::toPrimitive): Use PreferredPrimitiveType.
-
-        * kjs/JSString.cpp:
-        (KJS::JSString::toPrimitive): Use PreferredPrimitiveType.
-        (KJS::JSString::isString): Added.
-        * kjs/JSString.h: Ditto.
-
-        * kjs/JSValue.h: Removed type(), added isGetterSetter(). Added
-        PreferredPrimitiveType enum and used it as the argument for the
-        toPrimitive function.
-        (KJS::JSValue::getBoolean): Simplified a bit an removed a branch.
-
-        * kjs/collector.cpp:
-        (KJS::typeName): Changed to use JSCell::is functions instead of
-        calling JSCell::type.
-
-        * kjs/collector.h:
-        (KJS::Heap::isNumber): Renamed from fastIsNumber.
-
-        * kjs/nodes.h: Added now-needed include of JSType, since the type
-        is used here to record types of values in the tree.
-
-        * kjs/operations.cpp:
-        (KJS::equal): Rewrote to no longer depend on type().
-        (KJS::strictEqual): Ditto.
-
-2008-08-18  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        If there are no nodes in a profile all the time should be attributed to
-        (idle)
-
-        * profiler/Profile.cpp: If ther are no nodes make sure we still process
-        the head.
-        (KJS::Profile::forEach):
-        * profiler/ProfileGenerator.cpp: Remove some useless code.
-        (KJS::ProfileGenerator::stopProfiling):
-
-2008-08-18  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Maciej.
-
-        Make JSGlobalContextRetain/Release actually work.
-
-        * API/JSContextRef.cpp:
-        (JSGlobalContextRetain):
-        (JSGlobalContextRelease):
-        Ref/deref global data to give checking for globalData.refCount() some sense.
-
-        * API/tests/testapi.c: (main): Added a test for this bug.
-
-        * kjs/JSGlobalData.cpp:
-        (KJS::JSGlobalData::~JSGlobalData):
-        While checking for memory leaks, found that JSGlobalData::emptyList has changed to
-        a pointer, but it was not destructed, causing a huge leak in run-webkit-tests --threaded.
-
-2008-08-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Change the counting of constants so that preincrement and predecrement of
-        const local variables are considered unexpected loads.
-
-        * kjs/nodes.cpp:
-        (KJS::PrefixResolveNode::emitCode):
-        * kjs/nodes.h:
-        (KJS::ScopeNode::neededConstants):
-
-2008-08-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        <rdar://problem/6150322> In Gmail, a crash occurs at KJS::Machine::privateExecute() when applying list styling to text after a quote had been removed
-        <https://bugs.webkit.org/show_bug.cgi?id=20386>
-
-        This crash was caused by "depth()" incorrectly determining the scope depth 
-        of a 0 depth function without a full scope chain.  Because such a function
-        would not have an activation the depth function would return the scope depth
-        of the parent frame, thus triggering an incorrect unwind.  Any subsequent 
-        look up that walked the scope chain would result in incorrect behaviour,
-        leading to a crash or incorrect variable resolution.  This can only actually
-        happen in try...finally statements as that's the only path that can result in
-        the need to unwind the scope chain, but not force the function to need a
-        full scope chain.
-
-        The fix is simply to check for this case before attempting to walk the scope chain.
-
-        * VM/Machine.cpp:
-        (KJS::depth):
-        (KJS::Machine::throwException):
-
-2008-08-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Maciej.
-
-        Bug 20419: Remove op_jless
-        <https://bugs.webkit.org/show_bug.cgi?id=20419>
-
-        Remove op_jless, which is rarely used now that we have op_loop_if_less.
-
-        * VM/CodeBlock.cpp:
-        (KJS::CodeBlock::dump):
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::emitJumpIfTrue):
-        * VM/Machine.cpp:
-        (KJS::Machine::privateExecute):
-        * VM/Opcode.h:
-
-2008-08-17  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Dan Bernstein.
-
-        Fix a typo in r35807 that is also causing build failures for
-        non-AllInOne builds.
-
-        * kjs/NumberConstructor.cpp:
-
-2008-08-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Made room for a free word in JSCell.
-        
-        SunSpider says no change.
-        
-        I changed JSCallbackObjectData, Arguments, JSArray, and RegExpObject to
-        store auxiliary data in a secondary structure.
-
-        I changed InternalFunction to store the function's name in the property
-        map.
-        
-        I changed JSGlobalObjectData to use a virtual destructor, so WebCore's
-        JSDOMWindowBaseData could inherit from it safely. (It's a strange design
-        for JSDOMWindowBase to allocate an object that JSGlobalObject deletes,
-        but that's really our only option, given the size constraint.)
-        
-        I also added a bunch of compile-time ASSERTs, and removed lots of comments
-        in JSObject.h because they were often out of date, and they got in the
-        way of reading what was actually going on.
-        
-        Also renamed JSArray::getLength to JSArray::length, to match our style
-        guidelines.
-
-2008-08-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Sped up property access for array.length and string.length by adding a
-        mechanism for returning a temporary value directly instead of returning
-        a pointer to a function that retrieves the value.
-        
-        Also removed some unused cruft from PropertySlot.
-        
-        SunSpider says 0.5% - 1.2% faster.
-
-        NOTE: This optimization is not a good idea in general, because it's
-        actually a pessimization in the case of resolve for assignment,
-        and it may get in the way of other optimizations in the future.
-        
-2008-08-16  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Disable dead code stripping in debug builds.
-
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-08-15  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6143072> FastMallocZone's enumeration code makes assumptions about handling of remote memory regions that overlap
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Don't directly compare pointers mapped into the local process with
-        a pointer that has not been mapped.  Instead, calculate a local address for the pointer and compare with that.
-        (WTF::TCMallocStats::FreeObjectFinder::findFreeObjects): Pass in the remote address of the central free list so that it can
-        be used when calculating local addresses.
-        (WTF::TCMallocStats::FastMallocZone::enumerate): Ditto.
-
-2008-08-15  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Geoff Garen.
-
-        <rdar://problem/6139914> Please include a _debug version of JavaScriptCore framework
-
-        * Configurations/Base.xcconfig: Factor out the debug-only settings so that they can shared
-        between the Debug configuration and debug Production variant.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Enable the debug variant.
-
-2008-08-15  Mark Rowe  <mrowe@apple.com>
-
-        Fix the 64-bit build.
-
-        Add extra cast to avoid warnings about loss of precision when casting from
-        JSValue* to an integer type.
-
-        * kjs/JSImmediate.h:
-        (KJS::JSImmediate::intValue):
-        (KJS::JSImmediate::uintValue):
-
-2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Still fixing Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Added OpaqueJSString
-        to yet another place.
-
-2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Trying to fix non-Apple builds.
-
-        * ForwardingHeaders/JavaScriptCore/OpaqueJSString.h: Added.
-
-2008-08-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Allow JSImmediate to hold 31 bit signed integer immediate values.  The low two bits of a
-        JSValue* are a tag, with the tag value 00 indicating the JSValue* is a pointer to a
-        JSCell.  Non-zero tag values used to indicate that the JSValue* is not a real pointer,
-        but instead holds an immediate value encoded within the pointer.  This patch changes the
-        encoding so both the tag values 01 and 11 indicate the value is a signed integer, allowing
-        a 31 bit value to be stored.  All other immediates are tagged with the value 10, and
-        distinguished by a secondary tag.
-
-        Roughly +2% on SunSpider.
-
-        * kjs/JSImmediate.h: Encoding of JSImmediates has changed - see comment at head of file for
-                             descption of new layout.
-
-2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        More build fixes.
-
-        * API/OpaqueJSString.h: Add a namespace to friend declaration to appease MSVC.
-        * API/JSStringRefCF.h: (JSStringCreateWithCFString) Cast UniChar* to UChar* explicitly.
-        * JavaScriptCore.exp: Added OpaqueJSString::create(const KJS::UString&) to fix WebCore build.
-
-2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Marked OpaqueJSString as private
-
-        * kjs/identifier.cpp:
-        (KJS::Identifier::checkSameIdentifierTable):
-        * kjs/identifier.h:
-        (KJS::Identifier::add):
-        Since checkSameIdentifierTable is exported for debug build's sake, gcc wants it to be
-        non-inline in release builds, too.
-
-        * JavaScriptCore.exp: Don't export inline OpaqueJSString destructor.
-
-2008-08-15  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        JSStringRef is created context-free, but can get linked to one via an identifier table,
-        breaking an implicit API contract.
-
-        Made JSStringRef point to OpaqueJSString, which is a new string object separate from UString.
-
-        * API/APICast.h: Removed toRef/toJS conversions for JSStringRef, as this is no longer a
-        simple typecast.
-
-        * kjs/identifier.cpp:
-        (KJS::Identifier::checkSameIdentifierTable):
-        * kjs/identifier.h:
-        (KJS::Identifier::add):
-        (KJS::UString::checkSameIdentifierTable):
-        Added assertions to verify that an identifier is not being added to a different JSGlobalData.
-
-        * API/JSObjectRef.cpp:
-        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray): Changed OpaqueJSPropertyNameArray to
-        hold JSStringRefs. This is necessary to avoid having to construct (and leak) a new instance
-        in JSPropertyNameArrayGetNameAtIndex(), now that making a JSStringRef is not just a typecast.
-
-        * API/OpaqueJSString.cpp: Added.
-        (OpaqueJSString::create):
-        (OpaqueJSString::ustring):
-        (OpaqueJSString::identifier):
-        * API/OpaqueJSString.h: Added.
-        (OpaqueJSString::create):
-        (OpaqueJSString::characters):
-        (OpaqueJSString::length):
-        (OpaqueJSString::OpaqueJSString):
-        (OpaqueJSString::~OpaqueJSString):
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        * API/JSCallbackObjectFunctions.h:
-        (KJS::::getOwnPropertySlot):
-        (KJS::::put):
-        (KJS::::deleteProperty):
-        (KJS::::staticValueGetter):
-        (KJS::::callbackGetter):
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithCharacters):
-        (JSStringCreateWithUTF8CString):
-        (JSStringRetain):
-        (JSStringRelease):
-        (JSStringGetLength):
-        (JSStringGetCharactersPtr):
-        (JSStringGetMaximumUTF8CStringSize):
-        (JSStringGetUTF8CString):
-        (JSStringIsEqual):
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-        (JSStringCopyCFString):
-        * API/JSValueRef.cpp:
-        (JSValueMakeString):
-        (JSValueToStringCopy):
-        Updated to use OpaqueJSString.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-        Added OpaqueJSString.
-
-2008-08-14  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Tim.
-
-        <rdar://problem/6115819> Notify of profile in console
-        - Profiles now have a unique ID so that they can be linked to the
-        console message that announces that a profile completed.
-
-        * profiler/HeavyProfile.cpp: 
-        (KJS::HeavyProfile::HeavyProfile):
-        * profiler/Profile.cpp:
-        (KJS::Profile::create):
-        (KJS::Profile::Profile):
-        * profiler/Profile.h:
-        (KJS::Profile::uid):
-        * profiler/ProfileGenerator.cpp:
-        (KJS::ProfileGenerator::create):
-        (KJS::ProfileGenerator::ProfileGenerator):
-        * profiler/ProfileGenerator.h:
-        * profiler/Profiler.cpp:
-        (KJS::Profiler::startProfiling):
-        * profiler/TreeProfile.cpp:
-        (KJS::TreeProfile::create):
-        (KJS::TreeProfile::TreeProfile):
-        * profiler/TreeProfile.h:
-
-2008-08-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Nixed a PIC branch from JSObject::getOwnPropertySlot, by forcing
-        fillGetterProperty, which references a global function pointer,
-        out-of-line.
-        
-        .2% SunSpider speedup, 4.3% access-nbody speedup, 8.7% speedup on a
-        custom property access benchmark for objects with one property.
-
-        * kjs/JSObject.cpp:
-        (KJS::JSObject::fillGetterPropertySlot):
-
-2008-08-13  Alp Toker  <alp@nuanti.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20349
-        WTF::initializeThreading() fails if threading is already initialized
-
-        Fix threading initialization logic to support cases where
-        g_thread_init() has already been called elsewhere.
-
-        Resolves database-related crashers reported in several applications.
-
-        * wtf/ThreadingGtk.cpp:
-        (WTF::initializeThreading):
-
-2008-08-13  Brad Hughes <bhughes@trolltech.com>
-
-        Reviewed by Simon.
-
-        Fix compiling of QtWebKit in release mode with the Intel C++ Compiler for Linux
-
-        The latest upgrade of the intel compiler allows us to compile all of
-        Qt with optimizations enabled (yay!).
-
-        * JavaScriptCore.pro:
-
-2008-08-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Add peephole optimisation to 'op_not... jfalse...' (eg. if(!...) )
-
-        This is a very slight win in sunspider, and a fairly substantial win
-        in hot code that does if(!...), etc.
-
-        * VM/CodeGenerator.cpp:
-        (KJS::CodeGenerator::retrieveLastUnaryOp):
-        (KJS::CodeGenerator::rewindBinaryOp):
-        (KJS::CodeGenerator::rewindUnaryOp):
-        (KJS::CodeGenerator::emitJumpIfFalse):
-        * VM/CodeGenerator.h:
-
-2008-08-12  Dan Bernstein  <mitz@apple.com>
-
-        - JavaScriptCore part of <rdar://problem/6121636>
-          Make fast*alloc() abort() on failure and add "try" variants that
-          return NULL on failure.
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.exp: Exported tryFastCalloc().
-        * VM/RegisterFile.h:
-        (KJS::RegisterFile::RegisterFile): Removed an ASSERT().
-        * kjs/JSArray.cpp:
-        (KJS::JSArray::putSlowCase): Changed to use tryFastRealloc().
-        (KJS::JSArray::increaseVectorLength): Ditto.
-        * kjs/ustring.cpp:
-        (KJS::allocChars): Changed to use tryFastMalloc().
-        (KJS::reallocChars): Changed to use tryFastRealloc().
-        * wtf/FastMalloc.cpp:
-        (WTF::fastZeroedMalloc): Removed null checking of fastMalloc()'s result
-        and removed extra call to InvokeNewHook().
-        (WTF::tryFastZeroedMalloc): Added. Uses tryFastMalloc().
-        (WTF::tryFastMalloc): Renamed fastMalloc() to this.
-        (WTF::fastMalloc): Added. This version abort()s if allocation fails.
-        (WTF::tryFastCalloc): Renamed fastCalloc() to this.
-        (WTF::fastCalloc): Added. This version abort()s if allocation fails.
-        (WTF::tryFastRealloc): Renamed fastRealloc() to this.
-        (WTF::fastRealloc): Added. This version abort()s if allocation fails.
-        (WTF::do_malloc): Made this a function template. When the abortOnFailure
-        template parameter is set, the function abort()s on failure to allocate.
-        Otherwise, it sets errno to ENOMEM and returns zero.
-        (WTF::TCMallocStats::fastMalloc): Defined to abort() on failure.
-        (WTF::TCMallocStats::tryFastMalloc): Added. Does not abort() on
-        failure.
-        (WTF::TCMallocStats::fastCalloc): Defined to abort() on failure.
-        (WTF::TCMallocStats::tryFastCalloc): Added. Does not abort() on
-        failure.
-        (WTF::TCMallocStats::fastRealloc): Defined to abort() on failure.
-        (WTF::TCMallocStats::tryFastRealloc): Added. Does not abort() on
-        failure.
-        * wtf/FastMalloc.h: Declared the "try" variants.
-
-2008-08-11  Adam Roben  <aroben@apple.com>
-
-        Move WTF::notFound into its own header so that it can be used
-        independently of Vector
-
-        Rubberstamped by Darin Adler.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Added NotFound.h to the project.
-        * wtf/NotFound.h: Added. Moved the notFound constant here...
-        * wtf/Vector.h: ...from here.
-
-2008-08-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/6130393> REGRESSION: PhotoBooth hangs after launching under TOT Webkit
-
-        * API/JSContextRef.cpp: (JSGlobalContextRelease): Corrected a comment.
-
-        * kjs/collector.cpp: (KJS::Heap::~Heap): Ensure that JSGlobalData is not deleted while
-        sweeping the heap.
-
-== Rolled over to ChangeLog-2008-08-10 ==

diff --git a/ChangeLog-2010-05-24 b/ChangeLog-2010-05-24
deleted file mode 100644 (file)
index e6ec0f1..0000000
--- a/ChangeLog-2010-05-24
+++ /dev/null
@@ -1,28211 +0,0 @@
-2010-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Sam Weinig.
-
-        Accidentally committed double write of codeblock in Interpreter.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=39583
-        Move creation of 'this' object from caller to callee in construction.
-
-        Presently the caller of a constructor is responsible for providing a this
-        object.  Instead, move the object creation into a new op_create_this opcode,
-        planted in the head of the contructor bytecode for a function.  Since the
-        prototype for the object is provided by performing a get_by_id on the callee,
-        also add a new get_callee opcode (this is used to get the callee JSFunction
-        into a register so that a normal get_by_id can be used).
-
-        Currently the caller is also responsible for detecting when op_construct is
-        performed on a JSFunction representing a host function, in which case an
-        exception is thrown – and this check currently takes place when constructing
-        the this object.  Instead, mirroring the recent changes for non-host functions,
-        add a parallel code-path for native constructors to follow, with a thunk for
-        invoking native constructors provided by JITStubs, and a constructor-specific
-        NativeFunction on NativeExecutable.  Provide an implementation of a host
-        constructor which will throw an exception.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitGetByIdExceptionInfo):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emit_op_get_callee):
-        (JSC::JIT::emit_op_create_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_callee):
-        (JSC::JIT::emit_op_create_this):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiNativeConstruct):
-        (JSC::):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createNotAnObjectError):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::NativeExecutable):
-        * runtime/JSFunction.cpp:
-        (JSC::callHostFunctionAsConstructor):
-        * runtime/JSFunction.h:
-
-2010-05-23  Sam Weinig  <sam@webkit.org>
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-23  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=39575
-        Make JS DOMObject inherit from JSObjectWithGlobalObject instead of JSObject
-
-        Expose the global object stored in JSObjectWithGlobalObject.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSObjectWithGlobalObject.cpp:
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        (JSC::JSObjectWithGlobalObject::globalObject):
-        * runtime/JSObjectWithGlobalObject.h:
-
-2010-05-21  Oliver Hunt  <oliver@apple.com>
-
-        "asm volatile" isn't valid outside of functions.
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JITStubs.cpp:
-
-2010-05-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed build fix.
-
-        Interpreter fix following r59974.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::get):
-        * runtime/JSPropertyNameIterator.h:
-
-2010-05-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        Interpreter fix following r59939.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-05-21  David Levin  <levin@chromium.org>
-
-        Unreviewed build fix.
-
-        * wtf/SizeLimits.cpp: Removed a check while I figure out how to write it properly.
-
-2010-05-21  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Enforce size constraints on various data structures in JavaScriptCore/wtf.
-        https://bugs.webkit.org/show_bug.cgi?id=39327
-
-        I only modified the default build for OSX and Chromium's build file to include WTFCompileAsserts.cpp
-        as those should be sufficient to catch regressions on the size of the data structures.
-
-        * JavaScriptCore.gypi: Added the WTFCompileAsserts.cpp file.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added the WTFCompileAsserts.cpp file.
-        * runtime/UString.cpp: Added a compile assert for UString size.
-        * wtf/SizeLimits.cpp: Added compile asserts for data structures that didn't have cpp files.
-        * wtf/text/StringImpl.cpp: Added a compile assert for StringImpl size.
-
-2010-05-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 39509 - Exceptions raised when JSString::value() is called not always properly thrown.
-        Missing some CHECK_FOR_EXCEPTION()s, cleanup NativeError construction (adding a property
-        via the prototype was inefficient, and whilst trivially true that the property is is not
-        a rope - and thus couldn't except - it would be hard to prove this).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::name):
-        (JSC::InternalFunction::displayName):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::name):
-        (JSC::JSFunction::displayName):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSPropertyNameIterator.cpp:
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::tryGetValue):
-        (JSC::JSString::getIndex):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2010-05-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Fix interpreter build.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-05-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Split out JITCall32_64.cpp, and tightened up some #ifdefs in the hopes
-        of improving compile times.
-        https://bugs.webkit.org/show_bug.cgi?id=39507
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JIT.cpp:
-        * jit/JITArithmetic.cpp:
-        * jit/JITArithmetic32_64.cpp:
-        * jit/JITCall.cpp:
-        * jit/JITCall32_64.cpp: Copied from jit/JITCall.cpp.
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-        * jit/JITStubs.cpp:
-
-2010-05-21  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed buildfix for Qt after r59941.
-
-        * JavaScriptCore.pro: missing runtime/JSObjectWithGlobalObject.cpp added to SOURCES.
-
-2010-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix #3
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix #2
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix #1
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        All callable objects should have a global object reference
-        https://bugs.webkit.org/show_bug.cgi?id=39495
-
-        All objects that may ever return a value other CallTypeNone
-        or ConstructTypeNone now get a global object in their constructor
-        and store that in their first anonymous slot.  We add a new type
-        JSObjectWithGlobalObject to allow us to share this logic as much
-        as possible, however some objects have specific inheritance 
-        requirements so we can't just use it universally.
-
-        To enforce this requirement JSValue::getCallData and getConstructData
-        make use of a new "isValidCallee" function to assert that any object
-        that returns a value other than CallType/ConstructTypeNone has a
-        global object in anonymous slot 0.
-
-        In order to ensure that static function slots are converted into
-        function objects with the correct global object, all prototype objects
-        and other classes with static function slots also gain a global object
-        reference.  Happily this fixes the long standing issue where host
-        function objects get a prototype from the lexical global object of the
-        first function that calls them, instead of the global object that they
-        are defined on.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::JSCallbackFunction):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.cpp:
-        (JSC::):
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        (JSC::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSValueRef.cpp:
-        (JSValueIsObjectOfClass):
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::createStructure):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateConstructor.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/DatePrototype.h:
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * runtime/FunctionPrototype.h:
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        * runtime/GlobalEvalFunction.h:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        * runtime/JSCell.h:
-        (JSC::JSValue::getCallData):
-        (JSC::JSValue::getConstructData):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSObjectWithGlobalObject.cpp: Added.
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSObjectWithGlobalObject.h: Added.
-        (JSC::JSObjectWithGlobalObject::createStructure):
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::isValidCallee):
-        * runtime/JSValue.h:
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/MathObject.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PrototypeFunction.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::constructRegExp):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringConstructor.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-
-2010-05-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed the unused entry in the CallFrame
-        https://bugs.webkit.org/show_bug.cgi?id=39470
-        
-        Removed the unused entry in the CallFrame, and reordered CallFrame
-        writes on the hot path to be in forwards order.
-        
-        SunSpider says 0.3% faster.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-
-2010-05-21  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Split the QScriptValue autotest into smaller chunks.
-
-        File tst_qscriptvalue_generated.cpp was huge and it was difficult to compile
-        it with MSVS2008, because of the code optimization.
-
-        Tests were splited into a few files for better use of distributed
-        compilation.
-        Repeated calls to insert() and operator<<() where replaced by loops,
-        that should reduce time of code optimizing.
-
-        New files were generated by the same application, test logic wasn't changed.
-
-        [Qt] The QScriptValue autotest should be refactored.
-        https://bugs.webkit.org/show_bug.cgi?id=38987
-
-        * qt/tests/qscriptvalue/qscriptvalue.pro:
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp: Removed.
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Added.
-        (tst_QScriptValue::initScriptValues):
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Added.
-        (tst_QScriptValue::isValid_initData):
-        (tst_QScriptValue::isValid_makeData):
-        (tst_QScriptValue::isValid_test):
-        (tst_QScriptValue::isBool_initData):
-        (tst_QScriptValue::isBool_makeData):
-        (tst_QScriptValue::isBool_test):
-        (tst_QScriptValue::isBoolean_initData):
-        (tst_QScriptValue::isBoolean_makeData):
-        (tst_QScriptValue::isBoolean_test):
-        (tst_QScriptValue::isNumber_initData):
-        (tst_QScriptValue::isNumber_makeData):
-        (tst_QScriptValue::isNumber_test):
-        (tst_QScriptValue::isFunction_initData):
-        (tst_QScriptValue::isFunction_makeData):
-        (tst_QScriptValue::isFunction_test):
-        (tst_QScriptValue::isNull_initData):
-        (tst_QScriptValue::isNull_makeData):
-        (tst_QScriptValue::isNull_test):
-        (tst_QScriptValue::isString_initData):
-        (tst_QScriptValue::isString_makeData):
-        (tst_QScriptValue::isString_test):
-        (tst_QScriptValue::isUndefined_initData):
-        (tst_QScriptValue::isUndefined_makeData):
-        (tst_QScriptValue::isUndefined_test):
-        (tst_QScriptValue::isObject_initData):
-        (tst_QScriptValue::isObject_makeData):
-        (tst_QScriptValue::isObject_test):
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Added.
-        (tst_QScriptValue::toString_initData):
-        (tst_QScriptValue::toString_makeData):
-        (tst_QScriptValue::toString_test):
-        (tst_QScriptValue::toNumber_initData):
-        (tst_QScriptValue::toNumber_makeData):
-        (tst_QScriptValue::toNumber_test):
-        (tst_QScriptValue::toBool_initData):
-        (tst_QScriptValue::toBool_makeData):
-        (tst_QScriptValue::toBool_test):
-        (tst_QScriptValue::toBoolean_initData):
-        (tst_QScriptValue::toBoolean_makeData):
-        (tst_QScriptValue::toBoolean_test):
-        (tst_QScriptValue::toInteger_initData):
-        (tst_QScriptValue::toInteger_makeData):
-        (tst_QScriptValue::toInteger_test):
-        (tst_QScriptValue::toInt32_initData):
-        (tst_QScriptValue::toInt32_makeData):
-        (tst_QScriptValue::toInt32_test):
-        (tst_QScriptValue::toUInt32_initData):
-        (tst_QScriptValue::toUInt32_makeData):
-        (tst_QScriptValue::toUInt32_test):
-        (tst_QScriptValue::toUInt16_initData):
-        (tst_QScriptValue::toUInt16_makeData):
-        (tst_QScriptValue::toUInt16_test):
-
-2010-05-21  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        Add COMPILER(MSVC) guard for strnstr
-        https://bugs.webkit.org/show_bug.cgi?id=39397
-
-        BREWMP uses MSVC for simulator build, but it is not OS(WINDOWS).
-        Add COMPILER(MSVC) guard for strnstr.
-
-        * wtf/StringExtras.h:
-
-2010-05-21  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Add !PLATFORM(BREWMP) guard for isMainThread
-        https://bugs.webkit.org/show_bug.cgi?id=39396
-
-        BREWMP sets ENABLE(SINGLE_THREADED), so it uses isMainThread from ThreadingNone.cpp.
-        Exclude isMainThread in MainThread.cpp.
-
-        * wtf/MainThread.cpp:
-
-2010-05-20  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Use skia as BREW MP's graphics backend.
-        https://bugs.webkit.org/show_bug.cgi?id=39407
-
-        Define WTF_PLATFORM_SKIA=1 for BREW MP.
-
-        * wtf/Platform.h:
-
-2010-05-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Fixed naming mixup: it's op_call_put_result, not ret_result.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-05-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Whittling away at CodeBlock use: Removed a little wonkiness in closure lookup
-        https://bugs.webkit.org/show_bug.cgi?id=39444
-        
-        Calculate all lookup depths at compile time. I'm not sure why we couldn't
-        do this before, but whatever the reason, it seems to be gone now.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::findScopedProperty):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global_dynamic):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_resolve_skip):
-
-2010-05-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Fix warnings seen on the buildbots today
-        https://bugs.webkit.org/show_bug.cgi?id=39368
-
-        * profiler/ProfileNode.cpp:
-        (JSC::getCount): Removed unneeded initialization of global variable.
-        These are all initialized to zero anyway, so no need to try to initialize
-        it and get a warning.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::currentTime): Removed unused global variable.
-
-2010-05-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Removed some reliance on callFame[CodeBlock] by storing CodeBlock in a
-        local variable in the Interpreter.
-        https://bugs.webkit.org/show_bug.cgi?id=39447
-
-        Small speedup on SunSpider in Interpreter mode.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jsc.cpp:
-        * wtf/Platform.h:
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 39408 - Unify JIT/interpreter return behaviour.
-
-        Presently the JIT and the interpreter have differing implementations in how
-        they handle storing the result of a function call back to the register file.
-        In both cases the op_call ( / _eval / _varargs / op_construct) opcode has an
-        operand indicating the VM register in which the result should be stored.
-        The JIT plants code after the call to store the result, so the value will be
-        stored as soon as the callee has returned.  In the interpreter the call
-        passes the return value register id into the callee via the callee callframe,
-        and the callee is responsible for writing the result back into its callers
-        register file after it has restored the parents callframe pointer, but before
-        returning.
-
-        Instead, move the task of writing the call result to the register file into a
-        new opcode (op_call_put_result), and after returning the callee should leave
-        the return value in a canonical location.  In the case of the interpreter,
-        this canonical location is a local variable in privateExecute
-        (functionReturnValue), in the case of the JIT this is the normal return value
-        registers (regT0, or regT1:regT0 in JSVALUE32_64).  op_call_put_result stores
-        the result from the canonical location to the registerfile.
-
-        In addition to unifying JIT & interpreter behaviour this change allows us to
-        remove a slot from the callframe, omit the write of the result where the
-        return value from the call is not used, and provides a 2% speedup on sunspider
-        in the interpreter.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::finalDestinationOrIgnored):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::NewExprNode::emitBytecode):
-        (JSC::FunctionCallValueNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::FunctionCallBracketNode::emitBytecode):
-        (JSC::FunctionCallDotNode::emitBytecode):
-        (JSC::CallFunctionCallDotNode::emitBytecode):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::init):
-        (JSC::ExecState::noCaller):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::emit_op_call_put_result):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-
-2010-05-20  Steve Block  <steveblock@google.com>
-
-        Reviewed by Jeremy Orlow.
-
-        Provide bindings for DeviceOrientation
-        https://bugs.webkit.org/show_bug.cgi?id=39210
-
-        Adds ENABLE_DEVICE_ORIENTATION to XCode project file, always disabled.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Errk! rename op_constructor_ret as requested in review of Bug 39399.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitReturn):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_ret_object_or_this):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_ret_object_or_this):
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 39399 - Move responsibility for verifying constructors return objects from the caller to the callee.
-        
-        This is a necessary step to move object creation from caller to callee.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitReturn):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::isConstructor):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionBodyNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_constructor_ret):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_constructor_ret):
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Fix windows build II.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 39393 - JSFunction need not be a subclass of InternalFunction.
-
-        re-landing r59800.
-
-        * JavaScriptCore.exp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveCaller):
-        (JSC::Interpreter::findFunctionCallFrame):
-        * interpreter/Interpreter.h:
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSFunction.cpp:
-        (JSC::):
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::name):
-        (JSC::JSFunction::displayName):
-        (JSC::JSFunction::calculatedDisplayName):
-        * runtime/JSFunction.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        * runtime/JSObject.h:
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Reverting r59800, this b0rked stuff.
-
-        * JavaScriptCore.exp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveCaller):
-        (JSC::Interpreter::findFunctionCallFrame):
-        * interpreter/Interpreter.h:
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSFunction.cpp:
-        (JSC::):
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSFunction.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSObject.h:
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-
-2010-05-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 39393 - JSFunction need not be a subclass of InternalFunction.
-
-        This may prevent us from introducing a more useful parent class to
-        JSFunction, e.g. a JSObject that holds an executable, which could
-        also reference an eval or program executable.
-
-        * JavaScriptCore.exp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveCaller):
-        (JSC::Interpreter::findFunctionCallFrame):
-        * interpreter/Interpreter.h:
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSFunction.cpp:
-        (JSC::):
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::name):
-        (JSC::JSFunction::displayName):
-        (JSC::JSFunction::calculatedDisplayName):
-        * runtime/JSFunction.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        * runtime/JSObject.h:
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-
-2010-05-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        emitJumpIfNotJSCell should special case constant immediate values
-        https://bugs.webkit.org/show_bug.cgi?id=39392
-        <rdar://problem/8001324>
-
-        Make emitJumpSlowCaseIfNotJSCell special case constant immediate
-        values, in addition to the immediate JSCell optimisation.
-
-        Also add assertions to make sure no one else produces code that
-        attempts to load constants from the register file.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
-        (JSC::JSInterfaceJIT::emitLoadInt32):
-        (JSC::JSInterfaceJIT::tagFor):
-        (JSC::JSInterfaceJIT::payloadFor):
-        (JSC::JSInterfaceJIT::emitLoadDouble):
-        (JSC::JSInterfaceJIT::addressFor):
-        * jit/ThunkGenerators.cpp:
-
-2010-05-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Slight refactoring to CodeBlock bytecode access
-        https://bugs.webkit.org/show_bug.cgi?id=39384
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::returnPC):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::retrieveLastCaller): Moved bytecode access into a
-        CodeBlock helper function. Changed CallFrame to accurately represent
-        how the returnPC is stored in JIT vs Interpreter.
-
-2010-05-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Don't build the Interpreter into JIT builds.
-        https://bugs.webkit.org/show_bug.cgi?id=39373
-
-        SunSpider says no change.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * wtf/Platform.h:
-
-2010-05-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        Standardized naming: "bytecode offset" wins; "bytecode index" loses.
-        
-        Also renamed getBytecodeOffset to bytecodeOffset, to match the WebKit
-        naming style.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset):
-        (JSC::getCallReturnOffset):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::callReturnIndexVector):
-        * interpreter/Interpreter.cpp:
-        (JSC::bytecodeOffsetForPC):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileLinkPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::CallRecord::CallRecord):
-        (JSC::JumpTable::JumpTable):
-        (JSC::SwitchRecord::SwitchRecord):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitNakedCall):
-        (JSC::JIT::addSlowCase):
-        (JSC::JIT::addJump):
-        (JSC::JIT::emitJumpSlowToHot):
-        (JSC::JIT::isLabeled):
-        (JSC::JIT::map):
-        (JSC::JIT::unmap):
-        (JSC::JIT::isMapped):
-        (JSC::JIT::getMappedPayload):
-        (JSC::JIT::getMappedTag):
-        (JSC::JIT::emitGetVirtualRegister):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_switch_imm):
-        (JSC::JIT::emit_op_switch_char):
-        (JSC::JIT::emit_op_switch_string):
-        (JSC::JIT::emit_op_new_error):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_mov):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_switch_imm):
-        (JSC::JIT::emit_op_switch_char):
-        (JSC::JIT::emit_op_switch_string):
-        (JSC::JIT::emit_op_new_error):
-        (JSC::JIT::emit_op_convert_this):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emitSlow_op_method_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emitSlow_op_method_check):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emit_op_get_by_pname):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::call):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-05-19  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        The backtrackParenthesesOnceEnd function should store the start position
-        of the subpattern's non-greedy match at the place of the subpattern's
-        start index in the output array instead of the place of the
-        subpattern's end index.
-        Add layout test for checking of non-greedy matching of subpattern in
-        regular expressions.
-        https://bugs.webkit.org/show_bug.cgi?id=39289
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
-
-2010-05-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 39343 - Dynamically generate a native call thunk per NativeFunction
-        
-        https://bugs.webkit.org/show_bug.cgi?id=39252 regressed performance on i386,
-        by adding an extra indirection to making a native call.  By introducing per-
-        NativeFunction thunks we can hard code the function pointer into the thunk
-        so that it need not be loaded from the callee.
-
-        * jit/JIT.h:
-        (JSC::JIT::compileCTINativeCall):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::ctiStub):
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::powThunkGenerator):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::getCTIStub):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * wtf/Platform.h:
-
-2010-05-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Simplified handling of 'arguments' -- 1.2% SunSpider speedup
-        https://bugs.webkit.org/show_bug.cgi?id=39200
-        
-        Removed the reserved OptionalCalleeArguments slot from the CallFrame.
-        Now, slots for 'arguments' are allocated and initialized only by
-        functions that might need them.
-        
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Updated for new bytecode operands.
-
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::unmodifiedArgumentsRegister): Added a helper function for mapping
-        from the arguments register to its unmodified counterpart.
-
-        (JSC::CodeBlock::setArgumentsRegister):
-        (JSC::CodeBlock::argumentsRegister):
-        (JSC::CodeBlock::usesArguments):  Changed from a "usesArguments" bool to
-        an optional int index representing the arguments register.
-
-        * bytecode/Opcode.h: Updated for new bytecode operands.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar): Factored out a helper function for
-        allocating an anonymous var.
-
-        (JSC::BytecodeGenerator::BytecodeGenerator): Merged / simplified some
-        arguments vs activation logic, and added code to allocate the arguments
-        registers when needed.
-
-        (JSC::BytecodeGenerator::createArgumentsIfNecessary): Updated for new bytecode operands.
-
-        (JSC::BytecodeGenerator::emitCallEval): No need to create the arguments
-        object before calling eval; the activation object will lazily create the
-        arguments object if eval resolves it.
-
-        (JSC::BytecodeGenerator::emitReturn): Updated for new bytecode operands.
-
-        (JSC::BytecodeGenerator::emitPushScope):
-        (JSC::BytecodeGenerator::emitPushNewScope): Ditto emitCallEval.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::addVar): Factored out a helper function for
-        allocating an anonymous var.
-
-        (JSC::BytecodeGenerator::registerFor): No more need for special handling
-        of the arguments registers; they're allocated just like normal registers
-        now.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::callerFrame):
-        (JSC::ExecState::init):
-        * interpreter/CallFrameClosure.h:
-        (JSC::CallFrameClosure::resetCallFrame): Nixed optionalCalleeArguments.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments): Opcodes accessing 'arguments' now
-        take operands specifying registers, just like all other opcodes.
-        JSActivation::copyRegisters is no longer responsible for tearing off the
-        arguments object; instead, the VM is responsible for both.
-
-        Also, a behavior change: Each access to f.arguments creates a new object,
-        unless f itself uses 'arguments'. This matches Chrome, and is necessary
-        for the optimization. f.arguments is a nonstandard, deprecated feature,
-        so high fidelity to a given implementation is not necessarily a goal.
-        Also, as illustrated by the new test case, the identity of f.arguments
-        has been broken since 2008, except in the case where f itself accesses
-        f.arguments -- but nobody seemed to notice. So, hopefully this change won't
-        break the web.
-        
-        * interpreter/Register.h: Nixed the special arguments accessor. It's no
-        longer needed.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_tear_off_arguments):
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_init_arguments):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_tear_off_arguments):
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_init_arguments): The actual optimization: Removed
-        OptionalCalleeArguments from the callframe slot. Now, it doesn't need
-        to be initialized for most calls.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::): Updated stubs to support arbitrary 'arguments' registers,
-        instead of hard-coding something in the call frame.
-
-        * runtime/Arguments.h:
-        (JSC::JSActivation::copyRegisters): Removed some obfuscatory abstraction.
-
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::generatedByteCode): Added a helper for accessing
-        the 'arguments' register. In a future patch, that kind of data should
-        probably move out of CodeBlock and into Executable.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot):
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h: Simplified / fixed access to 'arguments' via
-        the activation object. It now implements the same behavior implemented
-        by optimized variable access in the VM. This simplifies some other
-        things, too -- like eval code generation.
-
-2010-05-18  Sam Weinig  <sam@webkit.org>
-
-        Try to fix the windows build.
-
-        * API/JSStringRefBSTR.cpp:
-
-2010-05-18  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add an inlineCapacity template parameter to ListHashSet and use it to shrink the positioned object list hash set.
-        https://bugs.webkit.org/show_bug.cgi?id=39304
-        <rdar://problem/7998366>
-
-        Add an inlineCapacity template parameter to ListHashSet.
-
-        * wtf/ListHashSet.h:
-        (WTF::::ListHashSet):
-        (WTF::::operator):
-        (WTF::::swap):
-        (WTF::::~ListHashSet):
-        (WTF::::size):
-        (WTF::::capacity):
-        (WTF::::isEmpty):
-        (WTF::::begin):
-        (WTF::::end):
-        (WTF::::find):
-        (WTF::::contains):
-        (WTF::::add):
-        (WTF::::insertBefore):
-        (WTF::::remove):
-        (WTF::::clear):
-        (WTF::::unlinkAndDelete):
-        (WTF::::appendNode):
-        (WTF::::insertNodeBefore):
-        (WTF::::deleteAllNodes):
-        (WTF::::makeIterator):
-        (WTF::::makeConstIterator):
-        (WTF::deleteAllValues):
-
-2010-05-18  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Fix the interpreter after r59637
-        https://bugs.webkit.org/show_bug.cgi?id=39287
-
-        * runtime/Executable.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getCallData):
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalData.h:
-
-2010-05-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Oops, meant ebx not eax there.  Fix Qt (and probably Win too).
-
-        * jit/JITOpcodes32_64.cpp:
-
-2010-05-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 39252 - Move host/native JSFunction's NativeFunction onto NativeExecutable.
-
-        Currently host functions reuse JSFunction's ScopeChain as storage for their
-        NativeFunction (the C function pointer to the host function implementation).
-        Instead, move this onto NativeExecutable.  This will allow host functions to
-        have a scopechain (which will be implemented as a separate patch).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::specializedThunk):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiNativeCall):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::powThunkGenerator):
-        * jit/ThunkGenerators.h:
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::function):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::JSFunction::nativeFunction):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::~JSFunction):
-        (JSC::JSFunction::markChildren):
-        (JSC::JSFunction::getCallData):
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getConstructData):
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::scope):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::getThunk):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-
-2010-05-17  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Remove WinCE endian dedection.
-        https://bugs.webkit.org/show_bug.cgi?id=38511
-
-        Windows CE supports little-endian format only.
-        Correct dedection was added in r57804.
-
-        * wtf/Platform.h:
-
-2010-05-16  Simon Fraser  <simon.fraser@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Reduce the size of FunctionExecutable
-        https://bugs.webkit.org/show_bug.cgi?id=39180
-        
-        Change m_numVariables from a size_t to 31 bits in a bitfield,
-        packed with another bit for m_forceUsesArguments (which in turn
-        get packed with the base class).
-        
-        Reduces the size of FunctionExecutable from 160 to 152 bytes.
-
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::variableCount):
-        (JSC::FunctionExecutable::FunctionExecutable):
-
-2010-05-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Incorrect codegen for slowcase of < in 64-bit
-        https://bugs.webkit.org/show_bug.cgi?id=39151
-
-        Call the correct stud for the slowcases of the < operator.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jless):
-
-2010-05-15  Leo Yang  <leo.yang@torchmobile.com.cn>
-
-        Reviewed by Darin Adler.
-
-        Fix bug https://bugs.webkit.org/show_bug.cgi?id=38890
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-
-2010-05-15  Leandro Pereira  <leandro@profusion.mobi>
-
-        Reviewed by Adam Treat.
-
-        [EFL] Add build system for the EFL port.
-        http://webkit.org/b/37945
-
-        * CMakeLists.txt: Added.
-        * CMakeListsEfl.txt: Added.
-        * config.h: Add conditional to look for cmakeconfig.h.
-        * jsc/CMakeLists.txt: Added.
-        * jsc/CMakeListsEfl.txt: Added.
-        * wtf/CMakeLists.txt: Added.
-        * wtf/CMakeListsEfl.txt: Added.
-
-2010-05-15  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        Update MIPS JIT for unsigned right shift, Math.sqrt, load16
-        https://bugs.webkit.org/show_bug.cgi?id=38412
-
-        Fixed MIPS build failure.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::srl):
-        (JSC::MIPSAssembler::srlv):
-        (JSC::MIPSAssembler::sqrtd):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::urshift32):
-        (JSC::MacroAssemblerMIPS::sqrtDouble):
-        (JSC::MacroAssemblerMIPS::load16):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
-        * jit/JSInterfaceJIT.h:
-
-2010-05-15  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Reviewed by Geoffrey Garen.
-
-        WebInspector: JSC Should provide heap size info for Timeline panel.
-        https://bugs.webkit.org/show_bug.cgi?id=38420
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/Collector.cpp:
-        (JSC::Heap::size):
-        * runtime/Collector.h:
-
-2010-05-15  Dave Tapuska  <dtapuska@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Add a new define for we need strict arena alignment. ARMv5 with
-        double word instructions set this value.
-
-        * wtf/Platform.h:
-
-2010-05-14  Stephanie Lewis  <slewis@apple.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Update order files.
-
-        * JavaScriptCore.order:
-
-2010-05-14  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Implementation of QtScript API that provide method to convert a value to an object.
-
-        [Qt] QtScript is missing toObject API
-        https://bugs.webkit.org/show_bug.cgi?id=36594
-
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::toObject):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptvalue.cpp:
-        (QScriptValue::toObject):
-        * qt/api/qscriptvalue.h:
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::toObject):
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::toObject):
-        (tst_QScriptEngine::toObjectTwoEngines):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.cpp:
-        (tst_QScriptValue::toObjectSimple):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-
-2010-05-14  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        String Indexing Failure on JSVALUE32 targets
-        https://bugs.webkit.org/show_bug.cgi?id=39034
-
-        Remove zero-extend/shift-right code on regT1, because we already have
-        it in emit_op_get_by_val().
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-
-2010-05-10  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fix a VS2010 assert in std::copy
-        https://bugs.webkit.org/show_bug.cgi?id=38630
-
-        The assert complains that the output iterator is null.
-
-        * wtf/Vector.h:
-        (WTF::::operator):
-
-2010-05-13  Maciej Stachowiak  <mjs@apple.com>
-
-        No review, attempted build fix.
-
-        Try to fix Tiger build with some gratuitous initialization of
-        seemingly uninitialized variables.
-
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::tryCreateUninitialized):
-
-2010-05-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Various JavaScript string optimizations
-        https://bugs.webkit.org/show_bug.cgi?id=39051
-
-        Approximately 1% SunSpider speedup.
-        
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncJoin): Remove branches from the hot code path
-        by moving the first pass outside the loop, and duplicating the hot loop
-        to extract the loop-invariant branch.
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match): resize ovector to 0 instead of clearing to avoid
-        thrash in case of large matches.
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::performMatch): Mark ALWAYS_INLINE to make the
-        compiler respect our authority.
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators): Inline.
-        (JSC::stringProtoFuncSubstring): Rewrite boundary condition checks to
-        reduce the number of floating point comparisons and branches.
-
-2010-05-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=39039
-        Provide support for separate bytecode/JIT code translations for call/construct usage
-        This will allow us to produce code generated specifically for use as a constructor, not for general function use.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::unlinkCallers):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getBytecodeIndex):
-        (JSC::CodeBlock::getJITCode):
-        (JSC::CodeBlock::executablePool):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::unlinkCallOrConstruct):
-        (JSC::JIT::linkConstruct):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiVirtualConstructLink):
-        (JSC::JITThunks::ctiVirtualConstruct):
-        (JSC::):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * runtime/Arguments.h:
-        (JSC::JSActivation::copyRegisters):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::~FunctionExecutable):
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileForConstruct):
-        (JSC::EvalExecutable::generateJITCode):
-        (JSC::ProgramExecutable::generateJITCode):
-        (JSC::FunctionExecutable::generateJITCodeForCall):
-        (JSC::FunctionExecutable::generateJITCodeForConstruct):
-        (JSC::FunctionExecutable::markAggregate):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        (JSC::FunctionExecutable::recompile):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::isHostFunction):
-        (JSC::ExecutableBase::generatedJITCodeForCall):
-        (JSC::ExecutableBase::generatedJITCodeForConstruct):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::EvalExecutable::jitCode):
-        (JSC::ProgramExecutable::jitCode):
-        (JSC::FunctionExecutable::bytecodeForCall):
-        (JSC::FunctionExecutable::isGeneratedForCall):
-        (JSC::FunctionExecutable::generatedBytecodeForCall):
-        (JSC::FunctionExecutable::bytecodeForConstruct):
-        (JSC::FunctionExecutable::isGeneratedForConstruct):
-        (JSC::FunctionExecutable::generatedBytecodeForConstruct):
-        (JSC::FunctionExecutable::symbolTable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::jitCodeForCall):
-        (JSC::FunctionExecutable::jitCodeForConstruct):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::construct):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::numericCompareFunction):
-
-2010-05-12  Oliver Hunt  <oliver@apple.com>
-
-        build fix
-
-        <rdar://problem/7977960> REGRESSION (r59282): Tiger PPC build broken
-
-        * runtime/UString.h:
-        (JSC::tryMakeString):
-
-2010-05-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://7969718> Incorrect 32-bit codegen for op_jnlesseq
-        https://bugs.webkit.org/show_bug.cgi?id=39038
-
-        Correct the use of incorrect comparison operators.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_jlesseq):
-        (JSC::JIT::emitBinaryDoubleOp):
-
-2010-05-12  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Reviewed by Eric Seidel.
-
-        JavaScriptCore: fix build when some optimizations are disabled
-        https://bugs.webkit.org/show_bug.cgi?id=38800
-
-        Remove outdated UNUSED_PARAMs when using JIT but with
-        ENABLE_JIT_OPTIMIZE_CALL and ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
-        disabled.
-
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-
-2010-05-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Work around GCC stupidity by either explicitly inlining or by
-        using ALWAYS_INLINE
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        * runtime/UString.h:
-        (JSC::UString::~UString):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::RefPtr):
-        (WTF::RefPtr::~RefPtr):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::create):
-        (WebCore::StringImpl::tryCreateUninitialized):
-
-2010-05-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Detect debug mode consistently
-        https://bugs.webkit.org/show_bug.cgi?id=38863
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-        * jsc.pro:
-        * qt/api/QtScript.pro:
-
-2010-05-12  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove a direct jump in generatePatternCharacterGreedy() and
-        generatePatternCharacterClassGreedy() functions if quantityCount of the term
-        is unlimited.
-        https://bugs.webkit.org/show_bug.cgi?id=38898
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassGreedy):
-
-2010-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Slight simplification to the calling convention: read RegisterFile::end()
-        from an absolute address, instead of from a pointer to the RegisterFile
-        on the stack.
-        
-        SunSpider reports no change.
-        
-        This should free us to remove the RegisterFile argument from the stack.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2010-05-11  Brian Weinstein  <bweinstein@apple.com>
-
-        Possible Gtk build fix - use ALWAYS_INLINE on functions that were inlined.
-
-        * wtf/text/AtomicString.h:
-        (WebCore::AtomicString::add): Use ALWAYS_INLINE.
-        * wtf/text/WTFString.h:
-        (WebCore::String::length): Ditto.
-        (WebCore::String::isEmpty): Ditto.
-
-2010-05-11  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add a compile time assert that sizeof(String) == sizeof(AtomicString).
-
-        * wtf/text/AtomicString.cpp:
-
-2010-05-11  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=38961
-        Move some member variables around to reduce class sizes.
-        
-        Make AtomicString no longer inherit from FastAllocBase.
-
-        Since AtomicString's first (and only) member variable, a RefPtr, also inherits from FastAllocBase this
-        was causing the size of AtomicString to contain sizeof(void*) bytes of padding.
-
-        * wtf/text/AtomicString.h:
-
-2010-05-11  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        Patch by Gavin Barraclough.
-        
-        Rest of REGRESSION (r57900-57919): 3% PLT Regression from moving strings into WTF.
-        https://bugs.webkit.org/show_bug.cgi?id=38930
-        <rdar://problem/7937188>
-        
-        Inline string functions that are commonly used in WTFString, CString, and AtomicString.
-
-        * JavaScriptCore.exp: Remove exports of inline functions.
-        * wtf/text/AtomicString.cpp:
-        (WebCore::AtomicString::addSlowCase): Rename add to addSlowCase, and inline the fast path
-            of add.
-        * wtf/text/AtomicString.h:
-        (WebCore::AtomicString::add): Inline the fast path of add.
-        * wtf/text/CString.cpp: Inline implementation of data and length in the header.
-        * wtf/text/CString.h:
-        (WTF::CString::data): Inline implementation of data.
-        (WTF::CString::length): Inline implementation of length.
-        * wtf/text/WTFString.cpp: Remove implementations of functions to be inlined.
-        * wtf/text/WTFString.h:
-        (WebCore::String::String): Inline implementation.
-        (WebCore::String::length): Ditto.
-        (WebCore::String::characters): Ditto.
-        (WebCore::String::operator[]): Ditto.
-        (WebCore::String::isEmpty): Ditto.
-
-2010-05-11  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Steve Falkenburg and Jon Honeycutt.
-        Patch by Gavin Barraclough.
-        
-        REGRESSION (r57900-57919): 3% PLT Regression from moving strings into WTF.
-        https://bugs.webkit.org/show_bug.cgi?id=38930
-        <rdar://problem/7937188>
-        
-        When the String classes were moved from WebCore to WTF, it meant that on Windows, all operations
-        on Strings in WebCore had to cross a DLL boundary (from WebKit.dll to JavaScript.dll).
-        
-        We fix this by refactoring some of the WTF string code, so the code in AtomicString, StringImpl, and
-        WTFString can be built by both WebCore and WTF, and we don't need to talk across a DLL to do operations
-        on Strings.
-
-        * GNUmakefile.am: Add new file to build system.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.pro: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove string exports, because these are now
-            handled in WebCore.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Remove the post-build step that was added
-            here (the post build step is in JavaScriptCoreCommon.vsprops).
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Copy the three cpp files that need to be compiled
-            by WebCore into the WebKitOutputDir directory.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add the StringStatics file.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Add the three WTF string cpp files to this project.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Remove the need to link against WTF.lib (since jsc links against JavaScriptCore).
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add the StringStatics file.
-        * wtf/text/AtomicString.cpp: Moved code to StringStatics.
-        * wtf/text/StringImpl.cpp: Ditto.
-        * wtf/text/StringStatics.cpp: Added. Move functions in WTF Strings that define static variables to here, so 
-            the rest of the files can be compiled in WebCore.
-        (WebCore::StringImpl::empty): Moved from StringImpl.cpp to here.
-        (WebCore::AtomicString::init): Moved from AtomicString.cpp to here.
-
-2010-05-11  Alice Liu  <alice.liu@apple.com>
-
-        Rubber-stamped by Gavin Barraclough.
-
-        Fix build error when enabling debugging block in WebKit win painting code
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-11  Mark Rowe  <mrowe@apple.com>
-
-        Fix the world.
-
-        In r59162 a change was made to WebCore's FeatureDefines.xcconfig that enabled FILE_READER and FILE_WRITER.
-        The author and reviewer of that patch ignored the carefully-worded warning at the top of that file asking
-        that changes to the file be kept in sync across JavaScriptCore, WebCore and WebKit, as well as being kept
-        in sync with build-webkit.  This led to WebCore and WebKit having different views of Document's vtable
-        and results in crashes in Safari shortly after launch when virtual function calls resulted in the wrong
-        function in WebCore being called.
-
-        We fix this by bringing the FeatureDefines.xcconfig files in to sync.  Based on the ChangeLog message and
-        other changes in r59162 it appears that enabling FILE_WRITER was unintentional so that particular change
-        has been reverted.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-05-11  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r59171.
-        http://trac.webkit.org/changeset/59171
-        https://bugs.webkit.org/show_bug.cgi?id=38933
-
-        "Broke the world" (Requested by bweinstein on #webkit).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/AtomicString.cpp:
-        (WebCore::AtomicString::init):
-        * wtf/text/StringImpl.cpp:
-        (WebCore::StringImpl::empty):
-        * wtf/text/StringStatics.cpp: Removed.
-
-2010-05-11  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Steve Falkenburg.
-        Patch by Gavin Barraclough.
-        
-        REGRESSION (r57900-57919): 3% PLT Regression from moving strings into WTF.
-        https://bugs.webkit.org/show_bug.cgi?id=38930
-        <rdar://problem/7937188>
-        
-        When the String classes were moved from WebCore to WTF, it meant that on Windows, all operations
-        on Strings in WebCore had to cross a DLL boundary (from WebKit.dll to JavaScript.dll).
-        
-        We fix this by refactoring some of the WTF string code, so the code in AtomicString, StringImpl, and
-        WTFString can be built by both WebCore and WTF, and we don't need to talk across a DLL to do operations
-        on Strings.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove string exports, because these are now
-            handled in WebCore.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Remove the post-build step that was added
-            here (the post build step is in JavaScriptCoreCommon.vsprops).
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Copy the three cpp files that need to be compiled
-            by WebCore into the WebKitOutputDir directory.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add the StringStatics file.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Add the three WTF string cpp files to this project.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Remove the need to link against WTF.lib (since jsc links against JavaScriptCore).
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add the StringStatics file.
-        * wtf/text/AtomicString.cpp: Moved code to StringStatics.
-        * wtf/text/StringImpl.cpp: Ditto.
-        * wtf/text/StringStatics.cpp: Added. Move functions in WTF Strings that define static variables to here, so 
-            the rest of the files can be compiled in WebCore.
-        (WebCore::StringImpl::empty): Moved from StringImpl.cpp to here.
-        (WebCore::AtomicString::init): Moved from AtomicString.cpp to here.
-
-2010-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed test failures seen on SnowLeopard buildbot.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::replaceCharacter): Don't use size_t and wtf::notFound.
-        Instead, use the individual types and notFound values of the string APIs
-        we're using, since they're not necessarily the same in 64bit.
-
-2010-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt and Darin Adler.
-
-        Start using ropes in String.prototype.replace.
-        
-        1%-1.5% speedup on SunSpider.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope): Updated for RopeImpl refactoring.
-
-        (JSC::JSString::replaceCharacter): Added a replaceCharacter function, which creates
-        a rope for the resulting replacement.
-
-        * runtime/JSString.h: A few changes here:
-        (JSC::):
-        (JSC::RopeBuilder::RopeIterator::RopeIterator):
-        (JSC::RopeBuilder::RopeIterator::operator++):
-        (JSC::RopeBuilder::RopeIterator::operator*):
-        (JSC::RopeBuilder::RopeIterator::operator!=):
-        (JSC::RopeBuilder::RopeIterator::WorkItem::WorkItem):
-        (JSC::RopeBuilder::RopeIterator::WorkItem::operator!=):
-        (JSC::RopeBuilder::RopeIterator::skipRopes): Created a RopeIterator abstraction.
-        We use this to do a substring find without having to resolve the rope.
-        (We could use this iterator when resolving ropes, too, but resolving
-        ropes backwards is usually more efficient.)
-
-        (JSC::RopeBuilder::JSString): Added constructors for 2 & 3 UStrings.
-
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
-        (JSC::RopeBuilder::size): Updated for RopeImpl refactoring.
-
-        * runtime/Operations.h: Updated for RopeImpl refactoring.
-        (JSC::jsString): Added jsString functions for 2 & 3 UStrings.
-
-        * runtime/RopeImpl.cpp:
-        (JSC::RopeImpl::derefFibersNonRecursive):
-        * runtime/RopeImpl.h:
-        (JSC::RopeImpl::initializeFiber):
-        (JSC::RopeImpl::size):
-        (JSC::RopeImpl::fibers):
-        (JSC::RopeImpl::deref):
-        (JSC::RopeImpl::RopeImpl): A little refactoring to make this patch easier:
-        Moved statics to the top of the class; put multi-statement functions on
-        multiple lines; renamed "fiberCount" to "size" to match other collections;
-        changed the "fibers" accessor to return the fibers buffer, instead of an
-        item in the buffer, to make iteration easier.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace): Don't resolve a rope unless we need to. Do
-        use our new replaceCharacter function if possible. Do use a rope to
-        represent splicing three strings together.
-
-2010-05-10  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        [Qt] Disable JIT support for mingw-w64
-        https://bugs.webkit.org/show_bug.cgi?id=38747
-
-        Disale JIT for mingw-w64 as it is reportedly
-        unstable.
-
-        Thanks for Vanboxem Rruben for the investigation.
-
-        * wtf/Platform.h:
-
-2010-05-09  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        JavaScriptCore/wtf/MD5.h: checksum should take a reference to output.
-        https://bugs.webkit.org/show_bug.cgi?id=38723
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/MD5.cpp:
-        (WTF::expectMD5):
-          Fix for checksum change.
-        (WTF::MD5::checksum):
-          Take a reference to output, instead of returning the result by value, to reduce coping for performance.
-        * wtf/MD5.h:
-
-2010-05-09  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        Fix accidental repeat addition of emit_op_new_regexp
-
-        * jit/JITOpcodes.cpp:
-
-2010-05-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION(r57955): RegExp literals should not actually be cached, so r57955 should be rolled out.
-        https://bugs.webkit.org/show_bug.cgi?id=38828
-        <rdar://problem/7961634>
-
-        Rollout r57955
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::regexpToSourceString):
-        (JSC::regexpName):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addRegExp):
-        (JSC::CodeBlock::regexp):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addRegExp):
-        (JSC::BytecodeGenerator::emitNewRegExp):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_regexp):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-
-2010-05-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Reserve a large-ish initial capacity for Lexer::m_buffer16.
-        
-        SunSpider says 0.3% faster.
-        
-        m_buffer16 is used when parsing complex strings -- for example, strings
-        with escape sequences in them. These kinds of strings can be really long,
-        and we want to avoid repeatedly copying as we grow m_buffer16.
-        
-        The net memory cost is quite low, since it's proporitional to source
-        code we already have in memory, and we throw away m_buffer16 right when
-        we're done parsing.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::Lexer): No need to reserve initial capacity in our constructor,
-        since setCode will be called before we're asked to lex anything.
-        (JSC::Lexer::setCode): Reserve enough space to lex half the source code
-        as a complex string without having to copy.
-        (JSC::Lexer::clear): No need to reserve initial capacity here either,
-        since setCode will be called before we're asked to lex anything.
-
-2010-05-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] Remove YARR configuration rules from Qt make system
-        https://bugs.webkit.org/show_bug.cgi?id=38819
-
-        Setting YARR based on JIT seeting is now in Platform.h 
-        for all ports. This patch essentially reverses r49238.
-
-        * JavaScriptCore.pri:
-
-2010-05-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Improve string indexing performance
-        https://bugs.webkit.org/show_bug.cgi?id=38814
-
-        Add an assembly stub to do indexed loads from strings much
-        more cheaply than the current stub dispatch logic.  We can
-        do this because we are able to make guarantees about the
-        register contents when entering the stub so the call overhead
-        is negligible.
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        * jit/JITOpcodes.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-           Moved from JITOpcodes.cpp to keep the slowcase next to
-           the normal case codegen as we do for everything else.
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::emitFastArithImmToInt):
-
-2010-05-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Fixed version of: "Optimized o[s] where o is a cell and s is a string"
-        https://bugs.webkit.org/show_bug.cgi?id=38815
-        
-        Fixed the previous patch for this from Geoff Garen.
-        
-        The two problems were a missing exception check and a PropertySlot
-        initialized improperly, leading to crashes and failures in the case
-        of getters accessed with bracket syntax.
-
-    Previous patch:
-
-        Optimized o[s] where o is a cell and s is a string, removing some old
-        code that wasn't really tuned for the JIT.
-        
-        SunSpider says 0.8% faster.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-
-2010-05-08  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed, build fix.
-
-        Fix missing terminating ' character warning
-
-        The warning has been only seen on the Gtk buildbots.
-
-        * wtf/Platform.h:
-
-2010-05-08  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Refactor YARR and YARR_JIT default rules in Platform.h
-        https://bugs.webkit.org/show_bug.cgi?id=38727
-
-        Turn on YARR and YARR JIT by default of JIT is enabled.
-        Ports can overrule this default decisions as they wish.
-
-        * wtf/Platform.h:
-
-2010-05-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Split JSVALUE32_64 code out of JITOpcodes.cpp and into JITOpcodes32_64.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=38808
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp: Added.
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emit_op_mov):
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_jmp):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emitSlow_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-        (JSC::JIT::emit_op_new_func):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_tear_off_arguments):
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emitSlow_op_to_primitive):
-        (JSC::JIT::emit_op_strcat):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emitSlow_op_not):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emitSlow_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emitSlow_op_jtrue):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_jsr):
-        (JSC::JIT::emit_op_sret):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_stricteq):
-        (JSC::JIT::emitSlow_op_stricteq):
-        (JSC::JIT::emit_op_nstricteq):
-        (JSC::JIT::emitSlow_op_nstricteq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_new_func_exp):
-        (JSC::JIT::emit_op_throw):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_push_scope):
-        (JSC::JIT::emit_op_pop_scope):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emitSlow_op_to_jsnumber):
-        (JSC::JIT::emit_op_push_new_scope):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_jmp_scopes):
-        (JSC::JIT::emit_op_switch_imm):
-        (JSC::JIT::emit_op_switch_char):
-        (JSC::JIT::emit_op_switch_string):
-        (JSC::JIT::emit_op_new_error):
-        (JSC::JIT::emit_op_debug):
-        (JSC::JIT::emit_op_enter):
-        (JSC::JIT::emit_op_enter_with_activation):
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_init_arguments):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call):
-
-2010-05-08  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix halfword loads on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=38741
-
-        The BaseIndex and ImplicitAddress are contain 32bit wide offset, but
-        the load16 functions were working with 8 bit data (encoded in the
-        instruction). If the offset cannot be encoded in an instruction, it
-        should be stored in a temporary register.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::getOffsetForHalfwordDataTransfer):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load16):
-
-2010-05-08  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix spanning branch instruction on Cortex-A8 with Thumb-2 JIT
-        https://bugs.webkit.org/show_bug.cgi?id=38280
-
-        If the 32-bit Thumb-2 branch instruction spans two 4KiB regions and
-        the target of the branch falls within the first region it is
-        possible for the processor to incorrectly determine the branch
-        instruction, and it is also possible in some cases for the processor
-        to enter a deadlock state.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::linkJumpAbsolute):
-
-2010-05-08  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Darin Fisher.
-
-        [WTFURL] Add a buffer for managing the output of the canonicalizer
-        https://bugs.webkit.org/show_bug.cgi?id=38671
-
-        The canonicalizer produces a stream of canonicalized characters, which
-        we will store in a URLBuffer.  URLBuffer is quite similar to Vector,
-        but serves as an abstraction to isolate us from the underlying
-        character storage.  In the case of WebKit, we'll probably implement a
-        subclass of URLBuffer with Vector.  In Chromium, the backing store is a
-        std::string, which avoids an unnecessary memcpy that would be caused by
-        using Vector instead.
-
-        * wtf/url/src/URLBuffer.h: Added.
-        (WTF::URLBuffer::URLBuffer):
-        (WTF::URLBuffer::~URLBuffer):
-        (WTF::URLBuffer::at):
-        (WTF::URLBuffer::set):
-        (WTF::URLBuffer::capacity):
-        (WTF::URLBuffer::length):
-        (WTF::URLBuffer::data):
-        (WTF::URLBuffer::setLength):
-        (WTF::URLBuffer::append):
-        (WTF::URLBuffer::grow):
-
-2010-05-08  Eric Seidel  <eric@webkit.org>
-
-        Unreviewed, just reverting commit.
-
-        REGRESSION(59000): r59000 contained all sorts of changes it should not have, needs revert.
-        https://bugs.webkit.org/show_bug.cgi?id=38798
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-
-2010-05-04  Jer Noble  <jer.noble@apple.com>
-
-        Reviewed by Maciej Stachowiak
-
-        Safari pegs CPU and drops tons of frames using HTML5 Vimeo player
-        <https://bugs.webkit.org/show_bug.cgi?id=34005>
-        <rdar://problem/7569713>
-        
-        Added cancelCallOnMainThread.  callOnMainThread should always now be paired
-        with cancelCallOnMainThread in situations where the refcon passed to callOnMainThread
-        may be dealloced before the main thread function can be dispatched.  
-        
-        * wtf/MainThread.cpp:
-        (WTF::FunctionWithContext::operator == ): Supports the FunctionWithContextFinder predicate functor.
-        (WTF::FunctionWithContextFinder::FunctionWithContextFinder):  Predicate functor for use with Dequeue::findIf
-        (WTF::FunctionWithContextFinder::operator()):
-        (WTF::cancelCallOnMainThread):
-        * wtf/MainThread.h:
-
-2010-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-07  Eric Seidel  <eric@webkit.org>
-
-        Unreviewed, rolling out r58990.
-        http://trac.webkit.org/changeset/58990
-
-        Broke 4 tests on Snow Leopard and Qt.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-
-2010-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Optimize access to the global object from a function that uses eval
-        https://bugs.webkit.org/show_bug.cgi?id=38644
-
-        Fix bug where cross scope access to a global var (vs. property) would
-        be allowed without checking for intervening dynamic scopes.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-
-2010-05-07  Oliver Hunt  <oliver@apple.com>
-
-        32-bit buildfix.
-
-        Macro expansion I stab at thee!
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-
-2010-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Optimized o[s] where o is a cell and s is a string, removing some old
-        code that wasn't really tuned for the JIT.
-        
-        SunSpider says 0.8% faster.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-
-2010-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Optimize access to the global object from a function that uses eval
-        https://bugs.webkit.org/show_bug.cgi?id=38644
-
-        Add op_resolve_global_dynamic, a variant of op_resolve_global that
-        checks each node in the scope chain for dynamically inserted properties
-        and falls back to the normal resolve logic in that case.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::isGlobalResolve):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::findScopedProperty):
-           Now take an additional reference parameter to used to indicate that
-           there were nodes that may gain dynamic properties
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-           deal with additional argument to findScopedProperty
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-           These functions use findScopedProperty directly in order to
-           optimise lookup.  They cannot trivially handle any degree of
-           dynamism in the lookup so we just give up in such case.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_global_dynamic):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-           Happily resolve_global_dynamic can share the slow case!
-        * jit/JITStubs.h:
-        (JSC::):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::isDynamicScope):
-        * runtime/JSActivation.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::isDynamicScope):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::isDynamicScope):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSVariableObject.h:
-
-2010-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed Sputnik failure seen on buildbot.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString): Cast to unsigned before checking magnitude,
-        to efficiently exclude negative numbers, which require two characters
-        instead of one.
-
-2010-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-        
-        Slightly more effective way to guarantee a compile-time constant, at
-        least on gcc.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString): Use pointer notation instead of array
-        notation, so the compiler treats the string and its contents as constant.
-
-2010-05-07  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        [WTFURL] Add core URL parser
-        https://bugs.webkit.org/show_bug.cgi?id=38572
-
-        This patch adds the core of the URL parser.  The URL parser uses a
-        templated notion of a code unit to support different string types.
-        Later we'll add some non-templated APIs with concrete types that
-        clients can use more conveniently.
-
-        The URLParser has a couple calls to ASSERT(), which I've commented out
-        for now.  I'm not 100% sure how to handle the dependency issues there
-        yet, so I've punted on the issue for now.
-
-        Also, there are a number of methods that are declared public in this
-        patch that are only used by the canonicalizer.  My plan is to make
-        those private or protected and make the canonicalizer a friend of the
-        parser.  The details will be in a later patch.
-
-        * wtf/url/src/URLComponent.h:
-        (WTF::URLComponent::fromRange):
-        (WTF::URLComponent::isNonEmpty):
-        (WTF::URLComponent::isEmptyOrInvalid):
-        * wtf/url/src/URLParser.h: Added.
-        (WTF::URLParser::):
-        (WTF::URLParser::isPossibleAuthorityTerminator):
-        (WTF::URLParser::parseAuthority):
-        (WTF::URLParser::extractScheme):
-        (WTF::URLParser::parseAfterScheme):
-        (WTF::URLParser::parseStandardURL):
-        (WTF::URLParser::parsePath):
-        (WTF::URLParser::parsePathURL):
-        (WTF::URLParser::parseMailtoURL):
-        (WTF::URLParser::parsePort):
-        (WTF::URLParser::extractFileName):
-        (WTF::URLParser::extractQueryKeyValue):
-        (WTF::URLParser::isURLSlash):
-        (WTF::URLParser::shouldTrimFromURL):
-        (WTF::URLParser::trimURL):
-        (WTF::URLParser::consecutiveSlashes):
-        (WTF::URLParser::isPortDigit):
-        (WTF::URLParser::nextAuthorityTerminator):
-        (WTF::URLParser::parseUserInfo):
-        (WTF::URLParser::parseServerInfo):
-
-2010-05-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Added a fast path for number-to-character conversion via
-        Number.prototype.toString base 36.
-        
-        0.7% speedup on SunSpider.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString): Made radix interpretation a little more
-        efficient by keeping it in int space. Turned "const char" into
-        "static const char" just in case. Added a fast path for base 36
-        conversion of something that will turn into a character.
-
-2010-05-07  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Darin Fisher.
-
-        [WTFURL] Add a malloc-backed URLBuffer
-        https://bugs.webkit.org/show_bug.cgi?id=38694
-
-        This patch adds a URLBuffer that uses new/delete to manage the backing
-        store for the buffer.
-
-        * wtf/url/src/RawURLBuffer.h: Added.
-        (WTF::RawURLBuffer::RawURLBuffer):
-        (WTF::RawURLBuffer::~RawURLBuffer):
-        (WTF::RawURLBuffer::resize):
-
-2010-05-06  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        JavaScriptCore/wtf/RandomNumber.h should provide using WTF::*
-        https://bugs.webkit.org/show_bug.cgi?id=38719
-
-        * wtf/RandomNumber.h:
-          Add using directives.
-
-2010-05-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Enable YARR_JIT for X86 Mac for QtWebKit
-        https://bugs.webkit.org/show_bug.cgi?id=38668
-
-        * wtf/Platform.h:
-
-2010-05-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 38714 - Add result caching for Math.sin
-
-        Math.sin is frequently called with the same operand, caching the result should
-        improve performance.  CachedTranscendentalFunction adds a generic mechanism to
-        cache results for pure functions with the signature "double func(double)", and
-        where NaN maps to NaN.
-
-        CachedTranscendentalFunction uses a very simple hash function designed to be
-        fast to execute since we cannot cache the result, and trivial to JIT generate,
-        should we wish to do so.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/CachedTranscendentalFunction.h: Added.
-        (JSC::CachedTranscendentalFunction::CachedTranscendentalFunction):
-        (JSC::CachedTranscendentalFunction::~CachedTranscendentalFunction):
-        (JSC::CachedTranscendentalFunction::operator()):
-        (JSC::CachedTranscendentalFunction::initialize):
-        (JSC::CachedTranscendentalFunction::hash):
-        * runtime/JSGlobalData.h:
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncSin):
-        * wtf/Platform.h:
-
-2010-05-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingFlags::sample): Use a cast, so Windows will be happy when
-        this code is enabled.
-        * wtf/Platform.h: Reverted last change to this file, which seems to have
-        been accidental.
-
-2010-05-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add compile switch to make debugger keyword plant breakpoint instructions.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_debug):
-        * wtf/Platform.h:
-
-2010-05-06  Oliver Hunt  <oliver@apple.com>
-
-        Build fix
-
-        Fix ARM builds
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load16):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load16):
-
-2010-05-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Improve performance of single character string compares
-        https://bugs.webkit.org/show_bug.cgi?id=38659
-
-        Add logic to the jit to identify comparisons to single character string literals
-        and then just perform the comparison inline, rather than ignoring the evidence
-        and attempting to perform an integer comparison.
-
-        Multiple changes required -- add jnlesseq opcode, add helper function to identify
-        single character string constants, add a helper to load single character strings.
-        Then add the 32_64 and normal codepaths to the JIT.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::load16):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfTrue):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jless):
-        (JSC::JIT::emitSlow_op_jless):
-        (JSC::JIT::emit_op_jlesseq):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jless):
-        (JSC::JIT::emitSlow_op_jless):
-        (JSC::JIT::emit_op_jlesseq):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emitBinaryDoubleOp):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadCharacterString):
-        (JSC::JIT::isOperandConstantImmediateChar):
-        * jit/JSInterfaceJIT.h:
-        (JSC::ThunkHelpers::stringImplDataOffset):
-        (JSC::ThunkHelpers::jsStringLengthOffset):
-        (JSC::ThunkHelpers::jsStringValueOffset):
-         Moved from ThunkGenerators to make it possible to share.
-        * jit/ThunkGenerators.cpp:
-
-2010-05-06  Martin Robinson  <mrobinson@webkit.org>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [GTK] Enable DOM clipboard and drag-and-drop access
-        https://bugs.webkit.org/show_bug.cgi?id=30623
-
-        Convert dragging portion of drag-and-drop to use DataObjectGtk.
-
-        * wtf/gobject/GRefPtr.h: Add forward declarations for GObject functions.
-
-2010-05-06  Steve Block  <steveblock@google.com>
-
-        Reviewed by Eric Seidel.
-
-        MAC_JAVA_BRIDGE should be renamed JAVA_BRIDGE
-        https://bugs.webkit.org/show_bug.cgi?id=38544
-
-        * wtf/Platform.h:
-
-2010-05-06  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        [WTFURL] Add a class to represent the segments of a URL
-        https://bugs.webkit.org/show_bug.cgi?id=38566
-
-        When paired with a string, this class represents a parsed URL.
-
-        * wtf/url/src/URLSegments.cpp: Added.
-        (WTF::URLSegments::length):
-        (WTF::URLSegments::charactersBefore):
-        * wtf/url/src/URLSegments.h: Added.
-        (WTF::URLSegments::):
-        (WTF::URLSegments::URLSegments):
-        * wtf/url/wtfurl.gyp:
-
-2010-05-05  Tony Gentilcore  <tonyg@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Adding comment with link to RefPtr documentation.
-        https://bugs.webkit.org/show_bug.cgi?id=38601
-
-        * wtf/RefPtr.h:
-
-2010-05-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 38604 - workers-gc2 crashing on Qt
-
-        This appears to be due to a couple of issues.
-        (1) When the atomic string table is deleted it does not clear the 'inTable' bit
-        on AtomicStrings - it implicitly assumes that all AtomicStrings have already
-        been deleted at this point (otherwise they will crash in their destructor when
-        they try to remove themselves from the atomic string table).
-        (2) We don't fix the ordering in which WTF::WTFThreadData and
-        WebCore::ThreadGlobalData are destructed.
-
-        We should make sure that ThreadGlobalData is cleaned up before worker threads
-        terminate and WTF::WTFThreadData is destroyed, and we should clear the inTable
-        bit of members on atomic string table destruction.
-
-        WTF changes (fix issue 1, above) - ensure inTable property is cleared when the
-        atomic string table is destroyed (also, rename InTable to IsAtomic, to make it
-        clear which table we are refering to!)
-
-        * wtf/text/AtomicString.cpp:
-        (WebCore::AtomicStringTable::destroy):
-        (WebCore::CStringTranslator::translate):
-        (WebCore::UCharBufferTranslator::translate):
-        (WebCore::HashAndCharactersTranslator::translate):
-        (WebCore::AtomicString::add):
-        * wtf/text/StringImpl.cpp:
-        (WebCore::StringImpl::~StringImpl):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::isAtomic):
-        (WebCore::StringImpl::setIsAtomic):
-        * wtf/text/StringImplBase.h:
-
-2010-05-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make Array.join specialised for actual arrays
-        https://bugs.webkit.org/show_bug.cgi?id=38592
-
-        Bring Array.join in line with the other array methods by specialising for
-        this === an array.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncJoin):
-
-2010-05-04  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Reviewed by Darin Adler.
-
-        WebKit crashes at DebuggerCallFrame::functionName() if m_callFrame is the top global callframe.
-        https://bugs.webkit.org/show_bug.cgi?id=38535
-
-        Don't call asFunction if callee is not a FunctionType to prevent assertion failure
-        in JSCell::isObject().
-
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        (JSC::DebuggerCallFrame::calculatedFunctionName):
-
-2010-05-04  Steve Falkenburg  <sfalken@apple.com>
-
-        Remove redundant exports to fix Windows build warnings.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-04  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Holger Freyther.
-
-        Fix a memory leak inside the QScriptValue.
-
-        QSciptValuePrivate::toString should release all temporary variables.
-
-        [Qt] QScriptValue::toString have a memory leak.
-        https://bugs.webkit.org/show_bug.cgi?id=38112
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::toString):
-
-2010-05-04  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Reviewed by Darin Adler.
-
-        Does not work on SPARC because of alignment issues
-        https://bugs.webkit.org/show_bug.cgi?id=38455
-
-        Use AllocAlignmentInteger instead of void* on pageheap_memory to
-        avoid crashing at runtime in some architectures. Investigated by
-        Mike Hommey <mh@glandium.org>, change suggested by Darin Adler.
-
-        * wtf/FastMalloc.cpp:
-
-2010-05-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add first WTFURL file
-        https://bugs.webkit.org/show_bug.cgi?id=38470
-
-        This class represents a component of a URL, such as the scheme or path.
-        Essentially, the class is an index into a string buffer.
-
-        * wtf/url: Added.
-            - There was some discussion about where to put the URL library.
-              There are a number of reasonable options, but putting the library
-              in the WTF directory seems like a reasonable alternative.  This
-              location will make more sense once WTF is moved out of
-              JavaScriptCore and into a top-level directory.
-        * wtf/url/src: Added.
-            - I've added this extra directory to the usual structure because we
-              eventually want a "public" folder that defines the public
-              interface to this library that clients outside of svn.webkit.org
-              can rely upon, much like the various subfolders of the WebKit
-              directory often define a public API.
-        * wtf/url/src/URLComponent.h: Added.
-            - I've added this somewhat trivial class to get the ball rolling.
-        (WTF::URLComponent::URLComponent):
-        (WTF::URLComponent::isValid):
-        (WTF::URLComponent::isNonempty):
-        (WTF::URLComponent::reset):
-        (WTF::URLComponent::operator==):
-        (WTF::URLComponent::begin):
-        (WTF::URLComponent::setBegin):
-        (WTF::URLComponent::length):
-        (WTF::URLComponent::setLength):
-        (WTF::URLComponent::end):
-        * wtf/url/wtfurl.gyp: Added.
-            - WTFURL will be an independently buildable library, hence the
-              beginnings of a wtfurl.gyp file.
-
-2010-05-03  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=38368
-        <rdar://problem/7834433> REGRESSSION: 1.5% PLT regression due to 56028 
-        (return memory quicker).
-        Instead of returning everything but the smallest spans spread out 
-        the spans kept over several size lists.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavenge):
-
-2010-05-03  James Robinson  <jamesr@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Clean up a few compiler warnings
-        https://bugs.webkit.org/show_bug.cgi?id=38073
-
-        * wtf/text/StringImpl.cpp:
-        (WebCore::StringImpl::ascii):
-
-2010-05-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (reverting previous commit).
-
-        Rolling out r58114 - this introduced memory leaks of
-        AtomicStrings then workers terminated.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/ThunkGenerators.cpp:
-        (JSC::ThunkHelpers::stringImplDataOffset):
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierTable::~IdentifierTable):
-        (JSC::IdentifierTable::add):
-        (JSC::IdentifierCStringTranslator::hash):
-        (JSC::IdentifierCStringTranslator::equal):
-        (JSC::IdentifierCStringTranslator::translate):
-        (JSC::Identifier::add):
-        (JSC::IdentifierUCharBufferTranslator::hash):
-        (JSC::IdentifierUCharBufferTranslator::equal):
-        (JSC::IdentifierUCharBufferTranslator::translate):
-        (JSC::Identifier::addSlowCase):
-        * runtime/Identifier.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * wtf/WTFThreadData.cpp:
-        (WTF::WTFThreadData::WTFThreadData):
-        (WTF::WTFThreadData::~WTFThreadData):
-        * wtf/WTFThreadData.h:
-        (JSC::IdentifierTable::remove):
-        (JSC::IdentifierTable::literalTable):
-        (WTF::WTFThreadData::atomicStringTable):
-        * wtf/text/AtomicString.cpp:
-        (WebCore::AtomicStringTable::create):
-        (WebCore::AtomicStringTable::table):
-        (WebCore::AtomicStringTable::destroy):
-        (WebCore::stringTable):
-        (WebCore::CStringTranslator::hash):
-        (WebCore::CStringTranslator::equal):
-        (WebCore::CStringTranslator::translate):
-        (WebCore::operator==):
-        (WebCore::AtomicString::add):
-        (WebCore::equal):
-        (WebCore::UCharBufferTranslator::hash):
-        (WebCore::UCharBufferTranslator::equal):
-        (WebCore::UCharBufferTranslator::translate):
-        (WebCore::HashAndCharactersTranslator::hash):
-        (WebCore::HashAndCharactersTranslator::equal):
-        (WebCore::HashAndCharactersTranslator::translate):
-        (WebCore::AtomicString::find):
-        (WebCore::AtomicString::remove):
-        * wtf/text/AtomicStringTable.h: Removed.
-        * wtf/text/StringImpl.cpp:
-        (WebCore::StringImpl::~StringImpl):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::inTable):
-        (WebCore::StringImpl::setInTable):
-        (WebCore::equal):
-        * wtf/text/StringImplBase.h:
-        (WTF::StringImplBase::StringImplBase):
-
-2010-05-03  Kevin Watters  <kevinwatters@gmail.com>
-
-        Reviewed by Kevin Ollivier.
-
-        [wx] Implement scheduleDispatchFunctionsOnMainThread for wx port.
-        https://bugs.webkit.org/show_bug.cgi?id=38480
-
-        * wtf/wx/MainThreadWx.cpp:
-        (wxCallAfter::wxCallAfter):
-        (wxCallAfter::OnCallback):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2010-05-03  Kevin Watters  <kevinwatters@gmail.com>
-
-        Reviewed by Kevin Ollivier.
-
-        [wx] Build and use Mac's ComplexTextController to support complex text in wx.
-        https://bugs.webkit.org/show_bug.cgi?id=38482
-
-        * wtf/Platform.h:
-
-2010-05-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Interpreter crashes due to incorrect refcounting of cached structures.
-        https://bugs.webkit.org/show_bug.cgi?id=38491
-        rdar://problem/7926160
-
-        Make sure we ref/deref structures used for cached custom property getters
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-
-2010-05-02  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] Enable JIT for QtWebKit on Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=38339
-
-        JIT on Symbian has been stable for quite some time, it
-        is time to turn it on by default.
-
-        * wtf/Platform.h:
-
-2010-04-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add codegen support for unsigned right shift
-        https://bugs.webkit.org/show_bug.cgi?id=38375
-
-        Expose unsigned right shift in the macro assembler, and make use of it
-        from the jit.  Currently if the result is outside the range 0..2^31-1
-        we simply fall back to the slow case, even in JSVALUE64 and JSVALUE32_64
-        where technically we could still return an immediate value.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::urshift32):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::urshift32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::urshift32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::shrl_i8r):
-        (JSC::X86Assembler::shrl_CLr):
-           Add unsigned right shift to the x86 assembler
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-           op_rshift no longer simply get thrown to a stub function
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_urshift):
-        (JSC::JIT::emitSlow_op_urshift):
-          JSVALUE32 and JSVALUE64 implementation.  Only supports
-          double lhs in JSVALUE64.
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-        (JSC::JIT::emit_op_urshift):
-        (JSC::JIT::emitSlow_op_urshift):
-          Refactor right shift code to have shared implementation between signed
-          and unsigned versions.
-
-2010-04-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Handle double on righthand side of a right shift
-        https://bugs.webkit.org/show_bug.cgi?id=38363
-
-        In 64-bit we support right shift of a double, and there's no
-        reason not to in 32-bit either.  This is a 1.1% sunspider
-        improvement in 32bit.
-
-        Given high performance javascript code frequently makes
-        use of bit operators to perform double->int conversion i'll
-        follow this patch up with similar patches for bitwise 'and'
-        and 'or'.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-
-2010-04-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Hoist JSVALUE32_64 arithmetic implementations into a separate file.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jless):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITArithmetic32_64.cpp: Added.
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emitSlow_op_negate):
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jless):
-        (JSC::JIT::emitSlow_op_jless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitSlow_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emitSlow_op_bitand):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emitSlow_op_bitor):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emitSlow_op_bitxor):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emitSlow_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emitSlow_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emitSlow_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emitSlow_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emitSlow_op_pre_dec):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSub32Constant):
-        (JSC::JIT::emitSlow_op_sub):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::emitSlow_op_div):
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-
-2010-04-29  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Oliver Hunt
-
-        Add sqrt() instruction support for ARM assembler (using VFP)
-        https://bugs.webkit.org/show_bug.cgi?id=38312
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::fsqrtd_r):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM::sqrtDouble):
-
-2010-04-29  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Refactor qtscriptglobal.h
-        https://bugs.webkit.org/show_bug.cgi?id=37953
-
-        Use the same pattern in qtscriptglobal.h as in 
-        qwebkitglobal.h without checking for specific OSs.
-
-        * qt/api/qtscriptglobal.h:
-
-2010-04-29  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Small cleanup.
-
-        QScriptValuePrivate constructor shouldn't take QScriptEngine pointer
-        as a parameter, because it breaks a private / public separation rule.
-        QScriptEnginePrivate::get(QScriptEngine*) should return
-        a QScriptEnginePrivate pointer instead of a QScriptEnginePtr, it simplifies
-        implementation.
-
-        [Qt] QScriptValuePrivate class needs some cleanup.
-        https://bugs.webkit.org/show_bug.cgi?id=37729
-
-        * qt/api/qscriptengine_p.h:
-        (QScriptEnginePrivate::get):
-        * qt/api/qscriptvalue.cpp:
-        (QScriptValue::QScriptValue):
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::QScriptValuePrivate):
-
-2010-04-29  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Simon Hausmann.
-
-        [WINCE] Export g_stackBase with JS_EXPORTDATA
-        https://bugs.webkit.org/show_bug.cgi?id=37437
-
-        Export g_stackBase with JS_EXPORTDATA as it is used by SharedTimerWince.cpp.
-
-        * runtime/Collector.cpp:
-
-2010-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Do an unordered compare so that we don't treat NaN incorrectly.
-
-        RS=Gavin Barraclough
-
-        * jit/ThunkGenerators.cpp:
-        (JSC::powThunkGenerator):
-
-2010-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add fast paths for Math.pow and Math.sqrt
-        https://bugs.webkit.org/show_bug.cgi?id=38294
-
-        Add specialized thunks for Math.pow and Math.sqrt.
-        This requires adding a sqrtDouble function to the MacroAssembler
-        and sqrtsd to the x86 assembler.
-
-        Math.pow is slightly more complicated, in that we have
-        to implement exponentiation ourselves rather than relying
-        on hardware support.  The inline exponentiation is restricted
-        to positive integer exponents on a numeric base.  Exponentiation
-        is finally performed through the "Exponentiation by Squaring"
-        algorithm.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM::loadDouble):
-        (JSC::MacroAssemblerARM::sqrtDouble):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARMv7::sqrtDouble):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::loadDouble):
-        (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::sqrtDouble):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::loadDouble):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::movsd_mr):
-        (JSC::X86Assembler::sqrtsd_rr):
-        (JSC::X86Assembler::X86InstructionFormatter::twoByteOp):
-        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
-        * create_hash_table:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        * jit/JITOpcodes.cpp:
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiNativeCallThunk):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::emitLoadDouble):
-        (JSC::JSInterfaceJIT::emitJumpIfImmediateNumber):
-        (JSC::JSInterfaceJIT::emitJumpIfNotImmediateNumber):
-        (JSC::JSInterfaceJIT::emitLoadInt32):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::loadDoubleArgument):
-        (JSC::SpecializedThunkJIT::loadInt32Argument):
-        (JSC::SpecializedThunkJIT::returnJSValue):
-        (JSC::SpecializedThunkJIT::returnDouble):
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerators.cpp:
-        (JSC::sqrtThunkGenerator):
-        (JSC::powThunkGenerator):
-        * jit/ThunkGenerators.h:
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::NativeExecutable):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-
-2010-04-28  Mike Thole  <mthole@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Reenable WTF_USE_PROTECTION_SPACE_AUTH_CALLBACK now that an
-        exports file for it has been added.
-
-        * wtf/Platform.h:
-
-2010-04-28  Mike Thole  <mthole@apple.com>
-
-        Build fix, not reviewed.
-
-        * wtf/Platform.h:
-        Disable WTF_USE_PROTECTION_SPACE_AUTH_CALLBACK until an exports file is created.
-
-2010-04-28  Mike Thole  <mthole@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Add canAuthenticateAgainstProtectionSpace() to frame loader so that a protection space 
-        can be inspected before attempting to authenticate against it
-        https://bugs.webkit.org/show_bug.cgi?id=38271
-
-        * wtf/Platform.h: Add WTF_USE_PROTECTION_SPACE_AUTH_CALLBACK define.
-
-2010-04-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Don't use CFAbsoluteTimeGetCurrent on Mac OS X, since it's just a cover
-        for gettimeofday anyway.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::currentTime): Remove the CF version of this. Change the "other POSIX"
-        version to pass 0 for the time zone instead of ignoring a return value.
-        Also get rid of unneeded type casts, since operations involving both
-        integers and doubles are always evaluated as doubles in C without explicit
-        type casting.
-
-2010-04-28  Darin Fisher  <darin@chromium.org>
-
-        Reviewed by David Levin.
-
-        [Chromium] callOnMainThread should equate to MessageLoop::PostTask
-        https://bugs.webkit.org/show_bug.cgi?id=38276
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * wtf/MainThread.cpp:
-        * wtf/chromium/ChromiumThreading.h:
-        * wtf/chromium/MainThreadChromium.cpp:
-        (WTF::initializeMainThread):
-        (WTF::callOnMainThread):
-        (WTF::callOnMainThreadAndWait):
-        (WTF::setMainThreadCallbacksPaused):
-        (WTF::isMainThread):
-
-2010-04-28  Simon Hausmann  <simon.hausmann@nokia.com>, Kent Hansen <kent.hansen@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        JSC's currentThreadStackBase is not reentrant on some platforms
-        https://bugs.webkit.org/show_bug.cgi?id=37195
-
-        This function needs to be reentrant to avoid memory corruption on platforms where
-        the implementation uses global variables.
-
-        This patch adds a mutex lock where necessary and makes the Symbian implementation
-        reentrant.
-
-        * runtime/Collector.cpp:
-        (JSC::currentThreadStackBaseMutex):
-        (JSC::currentThreadStackBase):
-
-2010-04-28  Thiago Macieira <thiago.macieira@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix compilation with gcc 3.4.
-
-        AtomicStringImpl.h:29: error: base `WebCore::StringImpl' with only
-        non-default constructor in class without a constructor
-
-        * wtf/text/AtomicStringImpl.h:
-        (WebCore::AtomicStringImpl::AtomicStringImpl): Provide a default constructor.
-        * wtf/text/StringImpl.h: Allow AtomicStringImpl to call a StringImpl constructor through a friend declaration.
-
-2010-04-27  Stephanie Lewis  <slewis@apple.com>
-
-        Fix Tiger build.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::Carve):
-
-2010-04-26  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=38154 FastMalloc calls madvise too often.
-        <rdar://problem/7834433> REGRESSSION: 1.5% PLT regression due to 56028 (return memory quicker).  
-        To save on madvise calls when recommitting memory recommit the entire span and then carve it
-        instead of carving the span up and only committing the part that will be used immediately.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::New):
-        (WTF::TCMalloc_PageHeap::AllocLarge):
-        (WTF::TCMalloc_PageHeap::Carve):
-
-2010-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add specialized thunks for a char code related string functions
-        https://bugs.webkit.org/show_bug.cgi?id=38177
-
-        This is a simple extension to my prior patch.  Basically hoist the
-        existing character loading logic from the charCodeAt thunk and into
-        a helper function, then add a helper to load strings from the small
-        string cache.  This allows trivial implementations of fromCharCode
-        and charAt. 
-
-        * create_hash_table:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::returnJSCell):
-        (JSC::SpecializedThunkJIT::tagReturnAsJSCell):
-        * jit/ThunkGenerators.cpp:
-        (JSC::stringCharLoad):
-        (JSC::charToString):
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        * jit/ThunkGenerators.h:
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::singleCharacterStrings):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-
-2010-04-27  Thomas Zander <t.zander@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Fix the build on Symbian on Linux using the Makefile based mkspec
-
-        * JavaScriptCore.pri: It is necessary to specify the library search path
-        when linking against JavaScriptCore.
-
-2010-04-21  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Compile fix for Visual Studio 2010
-        https://bugs.webkit.org/show_bug.cgi?id=37867
-
-        Patch by Prasanth Ullattil <prasanth.ullattil@nokia.com>
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::transitionTableAdd):
-        * wtf/MathExtras.h:
-        * wtf/Platform.h:
-
-2010-04-27  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Rename COMPILER(MSVC7) to COMPILER(MSVC7_OR_LOWER)
-
-        * config.h:
-        (JSC::Structure::transitionTableAdd):
-        * wtf/Assertions.h:
-        * wtf/Atomics.h:
-        * wtf/CurrentTime.h:
-        (WTF::getLocalTime):
-        * wtf/Platform.h:
-        * wtf/StaticConstructors.h:
-        * wtf/StringExtras.h:
-        * wtf/Vector.h:
-        (WTF::::append):
-
-2010-04-15  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Fix Mac build break.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37867
-        - Make sure JavaScriptCore's debug_and_release config follows that
-          of WebCore.
-        - Use different name for JavaScriptCore target in debug and release
-          since they might be written in the same path at the same time on
-          parallel builds
-        - Consolidate the DESTDIR determination logic in JavaScriptCore.pri
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-
-2010-04-21  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Make sure WebKit is not compiled using C++0x.
-        https://bugs.webkit.org/show_bug.cgi?id=37867
-
-        As the rest of Qt compiles in the C++0x mode, people might start
-        compiling it in this mode. WebKit don't support this yet.
-
-        Patch by Thiago Macieira <thiago.macieira@nokia.com>
-
-        * JavaScriptCore.pro:
-
-2010-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Fix windows
-
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::argumentToVirtualRegister):
-
-2010-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Need to support more efficient dispatch of lightweight builtins
-        https://bugs.webkit.org/show_bug.cgi?id=38155
-
-        The problem with calling lightweight builtins is that marshalling
-        the call from the nitro calling convention to the system calling
-        convention is very expensive relative to the cost of the actually
-        evaluating the function.  To work around this problem this patch
-        adds the ability to define a custom thunk for a builtin.
-
-        This allows us to use high performance custom implementations of
-        the common and sensible versions of simple builtins.  This patch
-        includes a simple (use of which is currently hardcoded) thunk for
-        charCodeAt.
-
-        This adds a JSInterfaceJIT subclass called SpecializedThunkJIT
-        that has helper functions to remove (or at least reduce) the need
-        to have separate thunk implementations for each JSValue encoding.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-          Many project file updates
-
-        * create_hash_table:
-          Add thunk generation callbacks to the hash tables, currently
-          we hardcode the script to only support charCodeAt
-
-        * jit/JITStubCall.h:
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::~JITThunks):
-        (JSC::JITThunks::specializedThunk):
-        * jit/JITStubs.h:
-        * jit/SpecializedThunkJIT.h: Added.
-        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-        (JSC::SpecializedThunkJIT::loadCellArgument):
-        (JSC::SpecializedThunkJIT::loadJSStringArgument):
-        (JSC::SpecializedThunkJIT::loadInt32Argument):
-        (JSC::SpecializedThunkJIT::appendFailure):
-        (JSC::SpecializedThunkJIT::returnInt32):
-        (JSC::SpecializedThunkJIT::finalize):
-        (JSC::SpecializedThunkJIT::argumentToVirtualRegister):
-        (JSC::SpecializedThunkJIT::tagReturnAsInt32):
-        * jit/ThunkGenerators.cpp: Added.
-        (JSC::ThunkHelpers::stringImplDataOffset):
-        (JSC::ThunkHelpers::jsStringLengthOffset):
-        (JSC::ThunkHelpers::jsStringValueOffset):
-        (JSC::charCodeAtThunkGenerator):
-        * jit/ThunkGenerators.h: Added.
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::NativeExecutable):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::getThunk):
-        * runtime/JSString.h:
-        (JSC::):
-        * runtime/JSValue.h:
-          Protect some of the JSVALUE32 and JSVALUE32_64 only constants
-          and function behind appropriate USE() guards to make it harder
-          to use the wrong flags for the target build.
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable):
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::HashEntry::initialize):
-        (JSC::HashEntry::generator):
-        (JSC::HashEntry::):
-          Make the lookup tables use a specialized thunkGenerator
-          if present
-        * wtf/text/StringImpl.h:
-
-2010-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Build fix
-
-        * runtime/JSImmediate.h:
-        * runtime/JSValue.h:
-
-2010-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Factor some basic JS interface logic out of JIT and into a superclass
-        https://bugs.webkit.org/show_bug.cgi?id=38163
-
-        Create JSInterfaceJIT to hold some common low level functions for
-        interacting with the JS RegisterFile.  Doing this separately from
-        https://bugs.webkit.org/show_bug.cgi?id=38155 to ease reviewing.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        * jit/JSInterfaceJIT.h: Added.
-        (JSC::JSInterfaceJIT::emitLoadJSCell):
-        (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
-        (JSC::JSInterfaceJIT::emitLoadInt32):
-        (JSC::JSInterfaceJIT::tagFor):
-        (JSC::JSInterfaceJIT::payloadFor):
-        (JSC::JSInterfaceJIT::addressFor):
-
-2010-04-26  Sam Weinig  <sam@webkit.org>
-
-        Fix Tiger build.
-
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::isMainThread):
-
-2010-04-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/7766413>
-        
-        Fixed a crash seen when using the JavaScriptCore API with WebKit.
-        
-        No layout test because DumpRenderTree doesn't use the JavaScriptCore API
-        in this way.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::setGlobalObject):
-        (JSC::RegisterFile::clearGlobalObject):
-        (JSC::RegisterFile::globalObject):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile): Use WeakGCPtr for managing m_globalObject,
-        since it's a weak pointer. (We never noticed this error before because,
-        in WebKit, global objects always have a self-reference in a global variable,
-        so marking the register file's global variables would keep m_globalObject
-        alive. In the JavaScriptCore API, you can allocate a global object with
-        no self-reference.)
-
-        * runtime/JSActivation.h: Removed unneeded #include.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject): Don't use ==, since a weak
-        pointer is 0 when the object it points to runs its destructor.
-
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::clear): Changed to return a bool indicating whether the
-        clear actually happened.
-        (JSC::WeakGCPtr::assign): Changed to forbid assignment of 0 as a shorthand
-        for calling clear(). A client should never clear by assigning 0, since
-        clear() should be conditional on whether the object doing the clearing
-        is still pointed to by the weak pointer. (Otherwise, a zombie object might
-        clear a pointer to a new, valid object.)
-
-2010-04-25  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=38097
-        Disentangle initializing the main thread from initializing threading
-
-        This is the first step in getting rid of the WEB_THREAD #define and
-        paving the way to allowing mac both WebKit and WebKit2 to use the same
-        WebCore.
-
-        * JavaScriptCore.exp: Export initializeMainThread and initializeMainThreadToProcessMainThread.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Sort files.
-
-        * wtf/MainThread.cpp:
-        (WTF::mainThreadInitializationMutex):
-        (WTF::mainThreadFunctionQueueMutex):
-        (WTF::initializeMainThread):
-        (WTF::deprecatedInitializeMainThread):
-        * wtf/MainThread.h:
-        Added Mac only initializeMainThreadToProcessMainThread which sets up callOnMainThread
-        and isMainThead calls to assume that WebCore's main thread is also the
-        process's main thread. Since it is possible that both initializeMainThread
-        and initializeMainThreadToProcessMainThread could be called, the first one called
-        wins (either will work).
-
-        * wtf/Threading.h: Moved to top of file.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading): Remove call to initializeMainThread.
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeThreading): Ditto.
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::initializeThreading): Ditto.
-
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::initializeMainThreadPlatform):
-        (WTF::initializeMainThreadToProcessMainThread):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-        (WTF::isMainThread):
-        Add runtime switch between the old behavior of using the system's main
-        thread and a stored pointer to the main thread. Tiger always uses the
-        system's main thread.
-
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::initializeThreading): Remove call to initializeMainThread.
-        * wtf/win/MainThreadWin.cpp:
-        (WTF::initializeMainThreadPlatform): Add call to initializeCurrentThreadInternal
-        removed from initializeThreading.
-
-2010-04-26  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix a memory leak in the QScriptString.
-
-        QScriptStringPrivate's constructor shouldn't call JSStringRetain as
-        QScriptConverter implicitly pass a JSStringRef ownership.
-
-        [Qt] QScriptStringPrivate c'tor problem
-        https://bugs.webkit.org/show_bug.cgi?id=38110
-
-        * qt/api/qscriptstring_p.h:
-        (QScriptStringPrivate::QScriptStringPrivate):
-
-2010-04-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        REGRESSION (r56560): Crash in parseFloat if passed invalid UTF-16 data
-        https://bugs.webkit.org/show_bug.cgi?id=38083
-        rdar://problem/7901044
-
-        Tests: fast/js/ToNumber.html
-               fast/js/parseFloat.html
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt): Added a FIXME comment about a problem I noticed.
-        (JSC::parseFloat): Added a FIXME comment about a problem I noticed;
-        covered by test cases in the test I added.
-        * runtime/UString.cpp:
-        (JSC::UString::toDouble): Added FIXME comments about two problems I
-        noticed; covered by test cases in the tests I added. Added a return
-        statement so we don't crash when illegal UTF-16 sequences are present.
-
-2010-04-24  Anton Muhin  <antonm@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Allow to construct HashTraits<WebCore::QualifiedName>::constructDeletedValue
-
-        Former implementation attempted to use AtomicString(HashTableDeletedValue)
-        however those values cannot be used that way: one cannot construct
-        QualifiedNameImpl out of such AtomicString as we'll try to lookup this string
-        in the table, for example.
-        https://bugs.webkit.org/show_bug.cgi?id=37722
-
-        * wtf/RefPtr.h: expose hash table deleted value
-
-2010-04-23  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by David Levin.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=38060
-        Split up Threading.h
-
-        Move bits for of Threading.h into 3 new files.
-        - Atomics.h for atomic operations.
-        - ThreadSafeShared.h for the ThreadSafeShared class.
-        - ThreadingPrimitives.h for the primitives and platform types.
-
-        Basic threading operations (creation, etc.) remain in Threading.h.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Atomics.h: Copied from wtf/Threading.h.
-        * wtf/ThreadSafeShared.h: Copied from wtf/Threading.h.
-        * wtf/Threading.h:
-        * wtf/ThreadingPrimitives.h: Copied from wtf/Threading.h.
-
-2010-04-23  Sam Weinig  <sam@webkit.org>
-
-        Fix Qt build.
-
-        * wtf/qt/MainThreadQt.cpp: #include <QThread>
-
-2010-04-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=38022
-        Move isMainThread predicate function to MainThread.h
-
-        * wtf/MainThread.cpp:
-        (WTF::initializeMainThread):
-        (WTF::isMainThread):
-        * wtf/MainThread.h:
-        * wtf/Threading.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeThreading):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::initializeThreading):
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::initializeMainThreadPlatform):
-        (WTF::isMainThread):
-        * wtf/qt/MainThreadQt.cpp:
-        (WTF::isMainThread):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::initializeThreading):
-        * wtf/text/AtomicString.cpp:
-
-2010-04-23  Gabor Rapcsanyi  <rgabor@inf.u-szeged.hu>
-
-        Reviewed by Laszlo Gombos.
-
-        Add RVCT support for Linux
-
-        Developed in cooperation with Gabor Loki.
-
-        * API/JSStringRef.h:
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/JITStubs.cpp:
-        * wtf/MathExtras.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2010-04-23  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [WIN] Move OwnPtrWin.cpp into platform specific folder.
-        https://bugs.webkit.org/show_bug.cgi?id=38042
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * wtf/OwnPtrWin.cpp: Removed.
-        * wtf/win/OwnPtrWin.cpp: Copied from JavaScriptCore/wtf/OwnPtrWin.cpp.
-
-2010-04-23  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [BREWMP] Move OwnPtrBrew.cpp into platform specific folder.
-        https://bugs.webkit.org/show_bug.cgi?id=38042
-
-        * wtf/OwnPtrBrew.cpp: Removed.
-        * wtf/brew/OwnPtrBrew.cpp: Copied from JavaScriptCore/wtf/OwnPtrBrew.cpp.
-
-2010-04-22  Steve Block  <steveblock@google.com>
-
-        Reviewed by Adam Barth.
-
-        Update Android to use isfinite, isinf, isnan and signbit from namespace std.
-        https://bugs.webkit.org/show_bug.cgi?id=37948
-
-        * wtf/MathExtras.h:
-
-2010-04-22  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Unreviewed build fix.
-
-        * wtf/MD5.cpp: fix include path of CString.h
-
-2010-04-22  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        MD5 is required for WebSocket new protocol implementation
-        https://bugs.webkit.org/show_bug.cgi?id=37913
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/MD5.cpp: Added.
-        * wtf/MD5.h: Added.
-
-2010-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-        Errk, accidentally committed commenting out two ASSERTs! reverting.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-
-2010-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=38006
-        Change lifetime of JSC::IdentifierTables used by WebCores to match AtomicStringTable
-
-        Presently JSC's IdentifierTables are owned by the JSGlobalData.  For
-        JSGlobalData objects created via the API this should continue to be the case,
-        but for the JSGlobalData objects used by WebCore (the main thread's common
-        global data, and those for workers) use a IdentifierTable provided (and owned)
-        by wtfThreadData.  This allow the lifetime of these IdentifierTable to match
-        those of the corresponding AtomicStringTables.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShim::APIEntryShim):
-        * API/JSContextRef.cpp:
-        (JSContextGroupCreate):
-        * runtime/Collector.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::markRoots):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        (JSC::JSGlobalData::createContextGroup):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::sharedInstance):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::):
-        (JSC::JSGlobalData::isSharedInstance):
-        * runtime/JSLock.cpp:
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::lock):
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        * wtf/WTFThreadData.cpp:
-        (WTF::WTFThreadData::WTFThreadData):
-        (WTF::WTFThreadData::~WTFThreadData):
-
-2010-04-22  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r58110.
-        http://trac.webkit.org/changeset/58110
-        https://bugs.webkit.org/show_bug.cgi?id=38007
-
-        Caused an internal compiler error on Qt (Requested by abarth
-        on #webkit).
-
-        * wtf/MathExtras.h:
-
-2010-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        * API/JSWeakObjectMapRefPrivate.cpp:
-
-2010-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        * API/JSBase.cpp:
-        * API/JSCallbackObject.cpp:
-
-2010-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37978
-        Unify JSC::IdentifierTable and WebCore::AtomicStringTable implementations.
-
-        These two classes both implement a HashSet of uniqued StringImpls, with
-        translator classes to avoid unnecessary object creation. The only difference
-        between the classes is which flag (isIdentifier or inTable) is set.
-        Combine the two classes using a template predicated on which flag to use.
-
-        New class AtomicStringTable created, containing all the goodness from
-        IdentifierTable & AtomicStringTable, expect for Identifier's literalTable,
-        which has been moved onto JSGlobalData. Removed duplicate string translator
-        classes. Renamed StringImpl's inTable flag to more explicit 'isAtomic',
-        and set this on the empty string (which matches Identifier behaviour, and
-        removes a redundant check for zero-length).
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Identifier.cpp:
-        (JSC::createLiteralTable):
-        (JSC::deleteLiteralTable):
-        (JSC::Identifier::add):
-        (JSC::Identifier::addSlowCase):
-        * runtime/Identifier.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * wtf/WTFThreadData.cpp:
-        (WTF::WTFThreadData::WTFThreadData):
-        (WTF::WTFThreadData::~WTFThreadData):
-        * wtf/WTFThreadData.h:
-        (WTF::WTFThreadData::atomicStringTable):
-        * wtf/text/AtomicString.cpp:
-        (WebCore::table):
-        (WebCore::operator==):
-        (WebCore::AtomicString::add):
-        (WebCore::AtomicString::find):
-        (WebCore::AtomicString::remove):
-        * wtf/text/AtomicStringTable.h: Added.
-        (WTF::CStringTranslator::hash):
-        (WTF::CStringTranslator::equal):
-        (WTF::CStringTranslator::translate):
-        (WTF::UCharBufferTranslator::hash):
-        (WTF::UCharBufferTranslator::equal):
-        (WTF::UCharBufferTranslator::translate):
-        (WTF::HashAndCharactersTranslator::hash):
-        (WTF::HashAndCharactersTranslator::equal):
-        (WTF::HashAndCharactersTranslator::translate):
-        (WTF::IdentifierOrAtomicStringTable::remove):
-        (WTF::::~IdentifierOrAtomicStringTable):
-        (WTF::::add):
-        (WTF::::find):
-        * wtf/text/StringImpl.cpp:
-        (WebCore::StringImpl::~StringImpl):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::isAtomic):
-        (WebCore::StringImpl::setIsAtomic):
-        (WebCore::equal):
-        * wtf/text/StringImplBase.h:
-        (WTF::StringImplBase::StringImplBase):
-
-2010-04-22  Steve Block  <steveblock@google.com>
-
-        Reviewed by Adam Barth.
-
-        Update Android to use isfinite, isinf, isnan and signbit from namespace std.
-        https://bugs.webkit.org/show_bug.cgi?id=37948
-
-        * wtf/MathExtras.h:
-
-2010-04-22  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Remove dependency of JSC to QtGui
-        https://bugs.webkit.org/show_bug.cgi?id=37867
-
-        The patch also make sure that hal.h is in the include path on Symbian.
-        The dependency to QtGui took care of that before.
-
-        Patch by Thiago Macieira <thiago.macieira@nokia.com>
-             and Rohan McGovern <rohan.mcgovern@nokia.com>
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-
-2010-04-22  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Corrects symbols visibility for JavaScriptCore.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37867
-
-        * JavaScriptCore.pro:
-
-2010-04-22  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Use BLX and BX to keep happy the return stack predictor above ARMv4
-        https://bugs.webkit.org/show_bug.cgi?id=37862
-
-        Inspired by Jacob Bramley's patch from JaegerMonkey
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::bx):
-        (JSC::ARMAssembler::blx):
-        (JSC::ARMAssembler::loadBranchTarget):
-        (JSC::ARMAssembler::jmp):
-        (JSC::ARMAssembler::getLdrImmAddress):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::jump):
-        (JSC::MacroAssemblerARM::nearCall):
-        (JSC::MacroAssemblerARM::call):
-        (JSC::MacroAssemblerARM::ret):
-        (JSC::MacroAssemblerARM::prepareCall):
-        (JSC::MacroAssemblerARM::call32):
-
-2010-04-21  Andy Estes  <aestes@apple.com>
-
-        Rubber stamped by Mark Rowe.
-
-        Export WTF::deleteOwnedPtr(HFONT).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-04-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Oliver Hunt.
-
-        Make SmallStrings store an array of RefPtr<StringImpl>,
-        instead of a direct array of StringImpls.  This allows
-        us to remove a friend (and a layering violation) from
-        WTF::StringImpl, and makes it so that all StringImpls
-        are individually heap allocated.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::rep):
-        (JSC::SmallStringsStorage::SmallStringsStorage):
-        * wtf/text/StringImpl.h:
-
-2010-04-21  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=37937
-        Wean JavaScriptCore off calls to isMainThread()
-
-        - Replace use of isMainThread() for interpreter reentry checks
-          with a stored value on the JSGlobalData.
-        - Replace use of isMainThread() for useMainThread only check in the
-          collector with a stored exclusive thread.
-
-        * API/JSContextRef.cpp:
-        (JSContextGroupCreate):
-        Always default to a small stack type for uses of the JSC API. It is
-        unlikely that the interpreter reentry required on the web will be as
-        important for other uses of JavaScriptCore. 
-
-        * JavaScriptCore.exp: 
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Update exports.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        Use new stored JSGlobalData::maxReentryDepth instead of isMainThread().
-
-        * interpreter/Interpreter.h:
-        Rename MaxMainThreadReentryDepth to MaxLargeThreadReentryDepth and 
-        MaxSecondaryThreadReentryDepth to MaxSmallThreadReentryDepth.
-
-        * jsc.cpp:
-        (main): Use the a large stack for jsc since it is always using the
-        main thread.
-        
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        Use new stored JSGlobalData::maxReentryDepth instead of isMainThread().
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::registerThread):
-        Use the concept of making JSC run on an exclusiveThread instead of
-        forcing a mainThreadOnly assertion.
-        
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::createNonDefault):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::createLeaked):
-        (JSC::JSGlobalData::sharedInstance):
-        * runtime/JSGlobalData.h:
-        Add ThreadStackType argument to JSGlobalData constructors and set
-        maxReentryDepth based on it.
-
-2010-04-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix pt. 3).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-04-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix pt. 2).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-04-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Qt build fix).
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * wtf/qt/StringQt.cpp: Copied from WebCore/platform/text/qt/StringQt.cpp.
-
-2010-04-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        * API/JSValueRef.cpp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierTable::~IdentifierTable):
-        (JSC::IdentifierTable::add):
-        * runtime/Identifier.h:
-        * wtf/WTFThreadData.h:
-        (JSC::IdentifierTable::remove):
-        (JSC::IdentifierTable::literalTable):
-        * wtf/text/StringImpl.cpp:
-        (WebCore::StringImpl::~StringImpl):
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt, Darin Adler.
-
-        Bug 37906 - Remove JSC::UStringImpl; unify with StringImpl.
-
-        JSC::UStringImpl and WebCore::StringImpl (soon to be renamed to
-        WTF::StringImpl) are almost identical.  Remove duplication of code by unifying
-        the two, move missing features from UStringImpl into StringImpl & delete the
-        class UStringImpl.
-
-        * API/JSClassRef.cpp:
-        * API/JSContextRef.cpp:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/EvalCodeCache.h:
-        * bytecode/JumpTable.cpp:
-        * profiler/ProfileNode.cpp:
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/Identifier.h:
-        (JSC::Identifier::equal):
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-        (WTF::):
-        * runtime/UStringImpl.cpp: Removed.
-        * runtime/UStringImpl.h:
-        * wtf/text/StringHash.h:
-        (WebCore::StringHash::equal):
-        (WebCore::CaseFoldingHash::equal):
-        * wtf/text/StringImpl.cpp:
-        (WebCore::StringImpl::~StringImpl):
-        (WebCore::StringImpl::empty):
-        (WebCore::StringImpl::sharedBuffer):
-        (WebCore::equal):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::StringImpl):
-        (WebCore::StringImpl::create):
-        (WebCore::StringImpl::tryCreateUninitialized):
-        (WebCore::StringImpl::cost):
-        (WebCore::StringImpl::isIdentifier):
-        (WebCore::StringImpl::setIsIdentifier):
-        (WebCore::StringImpl::computeHash):
-        (WebCore::StringImpl::copyChars):
-        (WebCore::StringImpl::):
-
-2010-04-21  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Added missing #include "Lookup.h" in LUT source files.
-        https://bugs.webkit.org/show_bug.cgi?id=37903
-
-        * runtime/ArrayPrototype.cpp:
-        * runtime/DatePrototype.cpp:
-        * runtime/JSONObject.cpp:
-        * runtime/MathObject.cpp:
-        * runtime/NumberConstructor.cpp:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpObject.cpp:
-        * runtime/StringPrototype.cpp:
-
-2010-04-21  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>
-
-        Reviewed by Nikolas Zimmermann.
-
-        Add missing EFL JavaScriptCore file.
-        http://webkit.org/b/37854
-
-        * wtf/efl: Added.
-        * wtf/efl/MainThreadEfl.cpp: Added.
-        (WTF::initializeMainThreadPlatform):
-        (WTF::timeoutFired):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2010-04-20  Xan Lopez  <xlopez@igalia.com>
-
-        Another attempt to fix the build.
-
-        * GNUmakefile.am:
-
-2010-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        [ES5] RegExp literals are constants that should be persistent across multiple function calls.
-        https://bugs.webkit.org/show_bug.cgi?id=37908
-
-        Dump the separate RegExp constant pool, and just use the standard JS constant pool
-        in codeblock.  This allows us to drop op_new_regexp and all associated code as well.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        (JSC::):
-
-2010-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Fix license on create_regex_tables
-
-        * create_regex_tables:
-
-2010-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Fix gtk
-
-        * GNUmakefile.am:
-        * make-generated-sources.sh:
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 37895 - Share common code from UStringImplBase with StringImpl
-
-        The implementation of StringImpl & UStringImpl is very similar.  Restructure
-        StringImpl to match UStringImpl, moving the flags and length into a base class,
-        so that this can be shared between both string types to increase code reuse.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RopeImpl.h:
-        (JSC::RopeImpl::RopeImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::UStringImpl):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::StringImpl):
-        (WebCore::StringImpl::characters):
-        * wtf/text/StringImplBase.h: Copied from JavaScriptCore/runtime/UStringImpl.h.
-        (WTF::StringImplBase::length):
-        (WTF::StringImplBase::operator new):
-        (WTF::StringImplBase::StringImplBase):
-
-2010-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Autogenerate yarr character tables
-        https://bugs.webkit.org/show_bug.cgi?id=37877
-
-        Use a python script to automatically generate character tables
-        for the builtin YARR character classes.  This allows us to generate
-        actual tables as well, by using these tables we can both increase
-        performance of the check (for complex builtins) and reduce the actual
-        code size.
-
-        4-8% win on string-unpack-code, but lots of noise on other tests so
-        i'm only confident saying its a 1% win overall.
-
-        * DerivedSources.make:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::ExtendedAddress::ExtendedAddress):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::branchTest8):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchTest8):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::branchTest8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::cmpb_im):
-        (JSC::X86Assembler::testb_im):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * create_regex_tables: Added.
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::CharacterClassConstructor::charClass):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::matchCharacterClass):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassGreedy):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::CharacterClassTable::create):
-        (JSC::Yarr::CharacterClassTable::CharacterClassTable):
-        (JSC::Yarr::CharacterClass::CharacterClass):
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (speculative windows fix - missed a bit!).
-
-        * wtf/text/AtomicString.h:
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (speculative windows fix).
-
-        * wtf/text/AtomicString.h:
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        Add missing .def file entries.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 37869 - Move URopeImpl to its own .h/.cpp
-        
-        Currently Ropes are implemented by the class URopeImpl, which is defined in
-        UStringImpl.h, and then typedefed to the name JSString::Rope. Remove the
-        typedef, and rename all uses of URopeImpl and JSString::Rope to just RopeImpl.
-
-        Move RopeImpl to its own header, and remove all remaining references to ropes
-        from UStringImpl (rename UStringOrRopeImpl to UStringImplBase, rename or move
-        the isRope & deref methods from UStringOrRopeImpl).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        * runtime/JSString.h:
-        (JSC::):
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::~JSString):
-        (JSC::RopeBuilder::appendStringInConstruct):
-        (JSC::RopeBuilder::JSStringFinalizerStruct::):
-        * runtime/RopeImpl.cpp: Copied from JavaScriptCore/runtime/UStringImpl.cpp.
-        (JSC::RopeImpl::derefFibersNonRecursive):
-        (JSC::RopeImpl::destructNonRecursive):
-        * runtime/RopeImpl.h: Copied from JavaScriptCore/runtime/UStringImpl.h.
-        (JSC::RopeImpl::tryCreateUninitialized):
-        (JSC::RopeImpl::isRope):
-        (JSC::RopeImpl::deref):
-        (JSC::RopeImpl::RopeImpl):
-        * runtime/UStringImpl.cpp:
-        * runtime/UStringImpl.h:
-        (JSC::UStringImplBase::isInvalid):
-        (JSC::UStringImplBase::ref):
-        (JSC::UStringImplBase::UStringImplBase):
-        (JSC::UStringImplBase::):
-        (JSC::UStringImpl::UStringImpl):
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 37828 - Move WebCore's String classes to WTF
-
-        Move these classes up to WTF so they are available to all clients of WTF (in
-        particular JSC).
-
-        As a first patch, making the most minimal change possible, since this patch
-        could easily grow rather large since we'll have to change every class forward
-        declaration ( e.g. every "namespace WebCore { class String; }" much change to
-        "namespace WTF { class String; }").
-
-        Moving the files, but leaving the classes logically in the WebCore namespace -
-        which is technically a layering violation - I'll come back and fix this up in a
-        subsequent patch.
-
-        * Android.mk:
-        * Android.v8.wtf.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * config.h:
-        * wtf/StaticConstructors.h: Copied from WebCore/platform/StaticConstructors.h.
-        * wtf/text/AtomicString.cpp: Copied from WebCore/platform/text/AtomicString.cpp.
-        * wtf/text/AtomicString.h: Copied from WebCore/platform/text/AtomicString.h.
-        * wtf/text/AtomicStringImpl.h: Copied from WebCore/platform/text/AtomicStringImpl.h.
-        * wtf/text/StringBuffer.h: Copied from WebCore/platform/text/StringBuffer.h.
-        * wtf/text/StringHash.h: Copied from WebCore/platform/text/StringHash.h.
-        * wtf/text/StringImpl.cpp: Copied from WebCore/platform/text/StringImpl.cpp.
-        * wtf/text/StringImpl.h: Copied from WebCore/platform/text/StringImpl.h.
-        * wtf/text/WTFString.cpp: Copied from WebCore/platform/text/String.cpp.
-        (WebCore::charactersToFloat):
-        * wtf/text/WTFString.h: Copied from WebCore/platform/text/PlatformString.h.
-
-2010-04-20  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] Unreviewed speculative buildfix for WinCE after r57882
-        https://bugs.webkit.org/show_bug.cgi?id=37701
-
-        * JavaScriptCore.pri: missing wince* case added.
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-        Speculative Chromium/Win build fix, attempt #2.
-
-        * config.h:
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-        Speculative Chromium/Win build fix.
-
-        * config.h: JS_EXPORTDATA should do nothing on !JSC builds.
-
-2010-04-20  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Target(WebCore,jsc,...) must depends on static library of JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=37701
-
-        * JavaScriptCore.pri: dependency added.
-
-2010-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Maciej Stachowiak (relanding r57829).
-        Added missing JS_EXPORTDATA
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-        * API/JSContextRef.cpp:
-        * Android.mk:
-        * Android.v8.wtf.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::remove):
-        (JSC::Identifier::checkCurrentIdentifierTable):
-        * runtime/Identifier.h:
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::create):
-        * wtf/WTFThreadData.cpp: Copied from JavaScriptCore/wtf/WTFThreadData.cpp.
-        * wtf/WTFThreadData.h: Copied from JavaScriptCore/wtf/WTFThreadData.h.
-
-2010-04-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (rolling out r57829).
-        This broke windows.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-        * API/JSContextRef.cpp:
-        * Android.mk:
-        * Android.v8.wtf.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::remove):
-        (JSC::Identifier::checkCurrentIdentifierTable):
-        (JSC::createIdentifierTableSpecificCallback):
-        (JSC::createIdentifierTableSpecific):
-        * runtime/Identifier.h:
-        (JSC::ThreadIdentifierTableData::ThreadIdentifierTableData):
-        (JSC::defaultIdentifierTable):
-        (JSC::setDefaultIdentifierTable):
-        (JSC::currentIdentifierTable):
-        (JSC::setCurrentIdentifierTable):
-        (JSC::resetCurrentIdentifierTable):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::create):
-        * wtf/WTFThreadData.cpp: Removed.
-        * wtf/WTFThreadData.h: Removed.
-
-2010-04-19  Douglas Gregor  <dgregor@apple.com>
-
-        Reviewed and landed by Anders Carlsson.
-
-        * runtime/UStringImpl.h:
-        Fix class/struct declaration mismatches.
-
-2010-04-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Checked in these tests I wrote becuase Balazs Kelemen wanted to use them.
-
-        * tests/perf: Added.
-        * tests/perf/bench-allocate-nonretained.js: Added.
-        * tests/perf/bench-allocate-retained.js: Added.
-
-2010-04-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-04-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37745
-        Move string uniquing tables to (new) WTFThreadData class.
-
-        Remove AtomicString's dependency on ThreadGlobalData so that we can move
-        WebCore's string classes up to WTF.
-
-        WTFThreadData.cpp/.h are based on ThreadGlobalData from WebCore.
-        Moved JSC & WebCore's string uniquing tables to this class.
-
-        This patch introduces a temporary layering violation in providing forward
-        declarations of classes from JSC and WTF; this will be resolved as we move
-        more string code up to WTF.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-        * API/JSContextRef.cpp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::remove):
-        (JSC::Identifier::checkCurrentIdentifierTable):
-        * runtime/Identifier.h:
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::create):
-        * wtf/WTFThreadData.cpp: Copied from WebCore/platform/ThreadGlobalData.cpp.
-        (WTF::WTFThreadData::WTFThreadData):
-        (WTF::WTFThreadData::~WTFThreadData):
-        * wtf/WTFThreadData.h: Copied from WebCore/platform/ThreadGlobalData.h.
-        (WTF::WTFThreadData::atomicStringTable):
-        (WTF::WTFThreadData::initializeIdentifierTable):
-        (WTF::WTFThreadData::currentIdentifierTable):
-        (WTF::WTFThreadData::setCurrentIdentifierTable):
-        (WTF::WTFThreadData::resetCurrentIdentifierTable):
-        (WTF::wtfThreadData):
-
-2010-04-19  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Build fix for WinCE.
-
-        Moved the include of the non-existing errno.h header file inside
-        platform guard macros.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-
-2010-04-18  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Laszlo Gombos.
-
-        [WINCE] Don't define WTF_CPU_MIDDLE_ENDIAN=1
-        https://bugs.webkit.org/show_bug.cgi?id=37434
-
-        Windows CE supports little-endian format only, so don't define
-        WTF_CPU_MIDDLE_ENDIAN=1.
-
-        * wtf/Platform.h:
-
-2010-04-18  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Fix JavaScriptCore's include path for WinCE builds
-
-        https://bugs.webkit.org/show_bug.cgi?id=36751
-
-        * JavaScriptCore.pri:
-
-2010-04-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by nobody, build fix.
-
-2010-04-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by nobody, build fix.
-
-2010-04-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 37730 - Remove JSC::UString dependencies from WebCore::StringImpl
-        (Following on from bug #37675).
-
-        Make the argument ordering for UStringImpl's constructor & create
-        methods match, when passed a shared buffer.
-
-        * JavaScriptCore.exp:
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::create):
-        * runtime/UStringImpl.h:
-
-2010-04-15  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix memory leak in QScriptEngine::evaluate().
-
-        QScriptEnginePrivate::evaluate should release temporary variables.
-
-        [Qt] QScriptEngine::evaluate has memory leak.
-        https://bugs.webkit.org/show_bug.cgi?id=37596
-
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::evaluate):
-        * qt/api/qscriptengine_p.h:
-
-2010-04-14  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix a memory leak in QScriptValue::inherits.
-
-        [Qt] QScriptValue::inherits has a memory leak.
-        https://bugs.webkit.org/show_bug.cgi?id=37617
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::inherits):
-
-2010-04-14  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix a few memory leaks in QScriptEngine.
-
-        Syntax checking caused memory leak, not all temporary variables were released.
-
-        [Qt] Syntax checking  in the QtScript cause a memory leak.
-        https://bugs.webkit.org/show_bug.cgi?id=37610
-
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::checkSyntax):
-        * qt/api/qscriptsyntaxcheckresult.cpp:
-        (QScriptSyntaxCheckResultPrivate::errorMessage):
-        (QScriptSyntaxCheckResultPrivate::errorLineNumber):
-
-2010-04-14  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix memory leak inside QScriptEnginePrivate::makeJSValue.
-
-        QScriptEnginePrivate::makeJSValue should release temporary JSStringRef variable.
-
-        [Qt] tst_QScriptValue::toString has a memory leak.
-        https://bugs.webkit.org/show_bug.cgi?id=37598
-
-        * qt/api/qscriptengine_p.h:
-        (QScriptEnginePrivate::makeJSValue):
-
-2010-04-14  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        Move the YARR JIT fallback detection from RegexJIT.cpp to
-        RegexCompiler.cpp.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37571
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::RegexGenerator::RegexGenerator):
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::operator!):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-
-2010-04-14  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Mac OS X: Use deployment target to determine whether memory tagging should be enabled
-        https://bugs.webkit.org/show_bug.cgi?id=34888
-
-        When building on (Snow) Leopard but targeting Tiger
-        (TARGETING_TIGER defined, BUILDING_ON_TIGER not defined),
-        WebKit would crash on Tiger because the tags passed to mmap
-        caused those function calls to fail.
-
-        Conversely, when building on Tiger but targeting Leopard
-        (BUILDING_ON_TIGER defined, TARGETING_LEOPARD defined), WebKit
-        would crash on Leopard because the tags passed to vm_map and
-        vm_allocate caused those function calls to fail.
-
-        Solution: Use TARGETING_TIGER rather than BUILDING_ON_TIGER to
-        govern the tag definitions. Use the same tags for vm_map and
-        vm_allocate regardless of target, since they work on
-        both. Fall back to the mmap tags that work on Tiger (that is,
-        "no tags") if targeting Tiger, since those tags also work on
-        Leopard.
-
-        * wtf/VMTags.h:
-
-2010-04-12  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by nobody, build fix.
-
-        [Qt] Build fix for Mac when building with build-webkit --qt
-
-        Specifying no configuration on Mac builds WebCore both in debug
-        and release. JavaScriptCore has to follow this rule as well.
-
-        * JavaScriptCore.pro:
-
-2010-04-11  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/7851332> Fix the build.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::): Initialize extra members of malloc_introspection_t to zero.
-
-2010-04-09  Mikhail Naganov  <mnaganov@chromium.org>
-
-        Reviewed by Pavel Feldman.
-
-        Make CallIdentifier constructor to handle null urls.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37341
-
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::CallIdentifier):
-
-2010-04-09  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Fix crashes with package builds in release
-
-        Add NDEBUG to the defines for package build in JavaScriptCore.pri,
-        so that it's consistently used for JavaScriptCore, WebCore, jsc and all
-        other tools using wtf, etc. data structures directly. Mixing NDEBUG with
-        non-NDEBUG builds causes crashes due to differences in data structures when
-        assertions/checks are enabled.
-
-        * JavaScriptCore.pri:
-
-2010-04-09  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Implement NO_RETURN for COMPILER(MSVC).
-        https://bugs.webkit.org/show_bug.cgi?id=33056 
-
-        Added NO_RETURN_WITH_VALUE for functions with non-void return type.
-
-        * jsc.cpp:
-        * wtf/AlwaysInline.h:
-        * wtf/FastMalloc.cpp:
-
-2010-04-08  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Simon Hausmann.
-
-        [WINCE] Check if ARM or _ARM_ is defined
-        https://bugs.webkit.org/show_bug.cgi?id=37200
-
-        MSVC defines ARM and _ARM_ for Windows CE ARM. Define WTF_CPU_ARM=1
-        when either ARM or _ARM_ is defined.
-
-        * wtf/Platform.h:
-
-2010-04-08  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed Oliver Hunt.
-
-        [Qt]r57240 broke Qt build (might be a gcc bug)
-        https://bugs.webkit.org/show_bug.cgi?id=37253
-
-        Workaround until fix. On PLATFORM(QT) use inline instead of ALWAYS_INLINE.
-
-        * wtf/PassRefPtr.h: Qt guards added.
-
-2010-04-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Vector<UString> makes many needless calls to UString::UString and UString::~UString
-
-        Add a VectorTrait<UString> specialisation to allow vector to simply memset/memcpy
-        data around.  Only difference from the VectorTrait<RefPtr<T> > traits is the inability
-        to use memset to initialize data.
-
-        * runtime/UString.h:
-        (WTF::):
-
-2010-04-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Beat gcc with a clue bat -- force inlining of refIfNotNull and derefIfNotNull
-
-        * wtf/PassRefPtr.h:
-
-2010-04-07  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Replace isprint with isASCIIPrintable
-        https://bugs.webkit.org/show_bug.cgi?id=37223
-
-        WebKit does not use functions in <ctype.h> as they are dependent on the current
-        locale. Use the equivalent functions in <wtf/ASCIICType.h>. isASCIIPrintable
-        replaces isprint.
-
-        * pcre/pcre_exec.cpp:
-        (pchars):
-
-2010-04-07  Enrica Casucci  <enrica@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37219
-        
-        This change disables text caret for the iPhone platflorm.
-        
-        * wtf/Platform.h: Disabled text caret for iPhone.
-
-2010-04-06  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        REGRESSION: Worker termination via JS timeout may cause worker tests like fast/workers/worker-terminate.html fail.
-        https://bugs.webkit.org/show_bug.cgi?id=36646
-
-        Add a new exception type for forcibly terminating a JavaScript stack.
-        The new exception functions similarly to the
-        InterruptedExecutionException but is conceptually different because
-        execution is terminated instead of just interrupted.
-
-        * GNUmakefile.am:
-            - Added new Terminator.h file.
-        * JavaScriptCore.gypi:
-            - Added new Terminator.h file.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-            - Added new Terminator.h file.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Added new Terminator.h file.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-            - Fully unwind the stack for TerminatedExecutionException.
-        (JSC::Interpreter::privateExecute):
-            - Check if we've been terminated at the same time we check if we've
-              timed out.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Check if we've been terminated at the same time we check if we've
-              timed out.
-        * runtime/Completion.cpp:
-            - Some exceptions define special completion types so that calls can
-              see why we terminated evaluation.
-        (JSC::evaluate):
-        * runtime/Completion.h:
-            - Define a new completion type for termination.
-        (JSC::):
-        * runtime/ExceptionHelpers.cpp:
-            - Define TerminatedExecutionException and refactor pseudo-RTTI
-              virtual function to be more semantic.
-        (JSC::InterruptedExecutionError::exceptionType):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        (JSC::TerminatedExecutionError::exceptionType):
-        (JSC::TerminatedExecutionError::toString):
-        (JSC::createTerminatedExecutionException):
-        * runtime/ExceptionHelpers.h:
-            - Entry point for generating a TerminatedExecutionException.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-            - Add a Terminator object that can be used to asynchronously
-              terminate a JavaScript execution stack.
-        * runtime/JSGlobalData.h:
-        * runtime/JSObject.h:
-        (JSC::JSObject::exceptionType):
-            - Define that, by default, thrown objects have a normal exception
-              type.
-        * runtime/Terminator.h: Added.
-            - Added a new controller object that can be used to terminate
-              execution asynchronously.  This object is more or less a
-              glorified bool.
-        (JSC::Terminator::Terminator):
-        (JSC::Terminator::termianteSoon):
-        (JSC::Terminator::shouldTerminate):
-
-2010-04-05  Oliver Hunt  <oliver@apple.com>
-
-        And another one.
-
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-
-2010-04-05  Oliver Hunt  <oliver@apple.com>
-
-        And another build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2010-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2010-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Support weak maps in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=37132
-
-        Expose an API to allow creation of a map for storing
-        weak JS references.
-
-        * API/JSWeakObjectMapRefInternal.h: Added.
-        (OpaqueJSWeakObjectMap::create):
-        (OpaqueJSWeakObjectMap::map):
-        (OpaqueJSWeakObjectMap::~OpaqueJSWeakObjectMap):
-        (OpaqueJSWeakObjectMap::OpaqueJSWeakObjectMap):
-        * API/JSWeakObjectMapRefPrivate.cpp: Added.
-        * API/JSWeakObjectMapRefPrivate.h: Added.
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::registerWeakMap):
-        (JSC::JSGlobalObject::deregisterWeakMap):
-
-2010-04-05  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Symbian] Consolidate Symbian WINSCW environment configuration
-        https://bugs.webkit.org/show_bug.cgi?id=37100
-
-        Move the "undefinition" of WIN32 and _WIN32 from WebCore/config.h
-        to JavaScriptCore/wtf/Platform.h as it is not specific to WebCore.
-
-        PLATFORM(WIN) and OS(WIN) no longer needs to be undefined as
-        undefining WIN32 takes care of it.
-
-        * wtf/Platform.h:
-
-2010-04-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=37068
-        Change UString to use a 0 rep for null strings instead of a null object.
-
-        No performance impact.
-
-        * JavaScriptCore.exp:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        * runtime/UString.cpp:
-        (JSC::initializeUString):
-        * runtime/UString.h:
-        (JSC::UString::UString):
-        (JSC::UString::data):
-        (JSC::UString::size):
-        (JSC::UString::isNull):
-        (JSC::UString::isEmpty):
-        (JSC::UString::cost):
-
-2010-04-03  Balazs Kelemen  <kb@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Fix uninitalised members in CallLinkInfo and BytecodeGenerator.
-
-        https://bugs.webkit.org/show_bug.cgi?id=36816
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::CallLinkInfo):
-
-2010-04-03  yael aharon  <yael.aharon@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Enable HTMLProgressElement for Safari on OSX
-        https://bugs.webkit.org/show_bug.cgi?id=36961
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-04-02  Ruben Van Boxem  <vanboxem.ruben@gmail.com>
-
-        Reviewed by Eric Seidel.
-
-        Mingw-w64 fixes for JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=35607
-
-        * runtime/Collector.cpp: use the msvc code for mingw-w64 (but not mingw-w32)
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlockPtr):
-        (JSC::currentThreadStackBase):
-        (JSC::currentThreadStackBase):
-        * wtf/Platform.h: added COMPILER(MINGW64) check to differentiate between mingw.org and mingw-w64 functions
-
-2010-04-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: updated the .def file.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-04-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Inlined toThisString and toThisJSString to avoid virtual function call overhead
-        https://bugs.webkit.org/show_bug.cgi?id=37039
-        
-        Maybe a 1% speedup on iBench JS.
-
-        * JavaScriptCore.exp: New exports.
-
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSNumberCell.cpp:
-        * runtime/JSNumberCell.h:
-        * runtime/JSString.cpp:
-        * runtime/JSString.h:
-        * runtime/JSValue.h:
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::toThisObject): Nixed the old virtual-type implementation.
-
-        * runtime/JSObject.h:
-        (JSC::JSValue::toThisString):
-        (JSC::JSValue::toThisJSString): Added the inlined implementation.
-
-2010-04-02  Jeremy Moskovich  <jeremy@chromium.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Beef up documentation for ASSERT* and CRASH macros a bit.
-
-        https://bugs.webkit.org/show_bug.cgi?id=36527
-
-        * wtf/Assertions.h:
-
-2010-04-02  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed, minor build fix.
-
-        Change the order of the member initialisation list
-        in constructor to match declaration order
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-
-2010-04-01  Kinuko Yasuda  <kinuko@chromium.org>
-
-        Reviewed by Dmitry Titov.
-
-        Add FileThread for async file operation support in FileReader and FileWriter
-        https://bugs.webkit.org/show_bug.cgi?id=36896
-
-        Add ENABLE_FILE_READER and ENABLE_FILE_WRITER flags.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-03-31  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix pt II).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-31  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-31  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 36871 - Remove JSC::CString
-        Use WTF::CString instead (which until recently was WebCore::CString).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-
-2010-03-31  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed, fix after r56842.
-
-        Add UNUSED_PARAM a to silence warning.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-03-31  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed, Symbian build fix.
-
-        Refactor JITStubs.cpp so that the list of STUB_FUNCTIONs
-        are not dependent on the JSVALUE32_64 guard.
-
-        * jit/JITStubs.cpp: Place the JSVALUE32_64 guard inside 
-        the body of cti_op_eq_strings.
-        * jit/JITStubs.h: Remove JSVALUE32_64 guard from 
-        cti_op_eq_strings stub.
-
-2010-03-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        Fixing b0rked version of JavaScriptCore.vcproj - added lines were truncated.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2010-03-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=36866
-        Move CString to WTF
-
-        * Android.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text: Added.
-        * wtf/text/CString.cpp: Copied from WebCore/platform/text/CString.cpp.
-        * wtf/text/CString.h: Copied from WebCore/platform/text/CString.h.
-        (WTF::CStringBuffer::data):
-        (WTF::CStringBuffer::length):
-        (WTF::CStringBuffer::create):
-        (WTF::CStringBuffer::CStringBuffer):
-        (WTF::CStringBuffer::mutableData):
-        (WTF::CString::CString):
-        (WTF::CString::isNull):
-        (WTF::CString::buffer):
-        (WTF::operator!=):
-
-2010-03-30  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by nobody, build break.
-
-        [Qt] Fix build break on Qt Mac.
-
-        DESTDIR path on Mac do not include the configuration path by default
-        like on Windows. Have to force it.
-
-        * JavaScriptCore.pro:
-
-2010-03-29  Alice Liu  <alice.liu@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        add JSObjectRefPrivate.h
-
-2010-03-29  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        MIPS JIT Supports
-        https://bugs.webkit.org/show_bug.cgi?id=30144
-
-        The following changes enable MIPS JIT.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::lbu):
-        (JSC::MIPSAssembler::linkWithOffset):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::load8):
-        (JSC::MacroAssemblerMIPS::branch8):
-        (JSC::MacroAssemblerMIPS::branchTest8):
-        (JSC::MacroAssemblerMIPS::setTest8):
-        (JSC::MacroAssemblerMIPS::setTest32):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::preserveReturnAddressAfterCall):
-        (JSC::JIT::restoreReturnAddressBeforeReturn):
-        * jit/JITOpcodes.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-        (JSC::JITStackFrame::returnAddressSlot):
-        * wtf/Platform.h:
-
-2010-02-26  Kenneth Rohde Christiansen  <kenneth@webkit.org>
-
-        Reviewed by Simon Fraser.
-
-        Add support for Widgets 1.0: View Mode Media Feature
-        https://bugs.webkit.org/show_bug.cgi?id=35446
-
-        Add an enable flag for the Widgets (http://www.w3.org/TR/widgets-reqs/)
-        and turn it on for Qt only.
-
-        * wtf/Platform.h:
-
-2010-03-29  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Corrected name of (u)int64_t compile time assert.
-        https://bugs.webkit.org/show_bug.cgi?id=36739
-
-        int64_t_is_four_bytes -> int64_t_is_eight_bytes
-
-        * os-win32/stdint.h:
-
-2010-03-29  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Use the -l syntax for linking against JavaScriptCore on Windows.
-        This allow qmake to extract dependencies correctly when generating VS
-        solutions.
-
-        * JavaScriptCore.pri:
-
-2010-03-29  Thomas Zander  <t.zander@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        https://bugs.webkit.org/show_bug.cgi?id=36742
-
-        gcc for Symbian doesn't support gcc extensions like atomicity.h - disable
-
-        * wtf/Threading.h: also detect os symbian
-
-2010-03-28  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Remove the definition of WTF_CHANGES guards from the build system
-        https://bugs.webkit.org/show_bug.cgi?id=31670
-  
-        * JavaScriptCore.pro: Remove the definition of WTF_CHANGES
-        as it is already defined in config.h
-
-2010-03-28  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Add API for reporting additional memory cost of JavaScript objects
-        https://bugs.webkit.org/show_bug.cgi?id=36650
-
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::reportAdditionalMemoryCost):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptengine_p.h:
-        (QScriptEnginePrivate::reportAdditionalMemoryCost):
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::reportAdditionalMemoryCost):
-
-2010-03-28  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        QScriptEngine API was enriched by globalObject() method
-        which give an access to the global object.
-
-        [Qt] QScriptEngine doesn't give an access to global object
-        https://bugs.webkit.org/show_bug.cgi?id=36603
-
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::globalObject):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::globalObject):
-        * qt/api/qscriptengine_p.h:
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::globalObject):
-
-2010-03-26  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Build JavaScriptCore as a static library.
-        https://bugs.webkit.org/show_bug.cgi?id=36590
-
-        This patch takes what was left of the unused JavaScriptCore.pro
-        and moved the compilation logic from JavaScriptCore.pri to
-        JavaScriptCore.pro.
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-        * jsc.pro:
-        * qt/api/QtScript.pro:
-
-2010-03-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-
-2010-03-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 36611 - Cleanup JSC::CString
-        Rename CString::c_str() -> CString::data(), CString::size() -> CString::length(),
-        remove UString::getCString() (all uses are wrong, should use UString::UTF8String()).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::printGlobalResolveInfo):
-        (JSC::printStructureStubInfo):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (runInteractive):
-        (fillBufferWithContentsOfFile):
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::c_str):
-        * profiler/Profile.cpp:
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::debugPrintData):
-        (JSC::ProfileNode::debugPrintDataSampleStyle):
-        * runtime/DateConversion.cpp:
-        (JSC::parseDate):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::globalFuncJSCPrint):
-        * runtime/UString.cpp:
-        (JSC::operator==):
-        (JSC::UString::toDouble):
-        * runtime/UString.h:
-        (JSC::CString::length):
-        (JSC::CString::data):
-
-2010-03-25  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by nobody, build fix.
-
-        [Qt] Build fix on MSVC. Reverts r55633 for stdint.h
-
-        This file gets included in generated moc files which don't
-        include the prefix header.
-
-        * os-win32/stdint.h:
-
-2010-03-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-2010-03-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Switch String::latin1, String::utf8, String::fromUTF8 to
-        use WTF's Unicode conversion methods rather than TextEncoder.
-        These methods only perform simple conversion, and don't need
-        really require TextEncoder's full capability (to look up arbitrary
-        encodings by name), switching to only be dependent on WTF will
-        make it easier if we chose to move WebCore::String to WTF.
-
-        * JavaScriptCore.exp:
-
-2010-03-24  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        * wtf/FastMalloc.h: Added a using directive for fastMallocSize, like we do for all public
-        WTF symbols. Also sorted the list alphabetically.
-
-2010-03-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (speculative windows build fix part II).
-
-2010-03-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (speculative windows build fix).
-
-2010-03-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 36519 - JSGlobalContextRelease is unnecessarily slow
-
-        Since [ http://trac.webkit.org/changeset/35917 ], calling
-        JSGlobalContextRelease always triggers a GC heap collection
-        (if not a full destroy). As per 35917's changelog "This is
-        only really necessary when the (JSGlobalObject's) last
-        reference is released, but there is no way to determine that,
-        and no harm in collecting slightly more often."
-        
-        Well, we now know of cases of API clients who are harmed by
-        the performance penalty of collecting too often, so it's time
-        to add a way to determine whether a call to JSGlobalContextRelease
-        is removing the last protect from it's global object.  If further
-        protects are retaining the global object (likely from other
-        JSGlobalContextRefs), then don't trigger a GC collection.
-
-        * API/JSContextRef.cpp:
-        * runtime/Collector.cpp:
-        (JSC::Heap::unprotect): return a boolean indicating that the value is now unprotected.
-        * runtime/Collector.h:
-        * wtf/HashCountedSet.h:
-        (WTF::::remove): return a boolean indicating whether the value was removed from the set.
-
-2010-03-23  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice): Some versions of GCC emit a warning about the implicit 64- to 32-bit truncation
-        that takes place here. An explicit cast is sufficient to silence it.
-
-2010-03-23  Alexey Proskuryakov  <ap@apple.com>
-
-        Build fix.
-
-        * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncSplice): Fixed a typo - length doesn't
-        need to be converted with toInteger().
-
-2010-03-23  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=36511
-        <rdar://problem/7753498> Safari freezes when using SPUTNIK JavaScript conformance check
-
-        Test: fast/js/sputnik-S15.4.4.12_A3_T3.html
-
-        * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncSplice): We were incorrectly computing
-        the start offset, and iterated over (almost) all integers. Note that this can be fixed
-        without using doubles, but the code would be much more complicated, and there is no important
-        reason to stick to integers here.
-
-2010-03-23  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Fix compilation on Itanium in 32-bit mode
-        https://bugs.webkit.org/show_bug.cgi?id=36494
-
-        * wtf/Platform.h: Introduce CPU(IA64_32). Don't define
-          WTF_USE_JSVALUE64 if the CPU is in 32-bit mode.
-
-2010-03-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Interpreter fix for <rdar://problem/7728196> REGRESSION (r46701): -(-2147483648)
-        evaluates to -2147483648 on 32 bit (35842)
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Only take the fast negate path if
-        a bit other than bit 31 is set. If none of bits 0-30 are set, then the
-        value we're negating can only be 0 or -2147483648, and neither can be
-        negated in int space.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emitSlow_op_negate): Updated the JIT implementation to match
-        the interpreter, since it's slightly simpler.
-
-2010-03-22  Siddharth Mathur  <siddharth.mathur@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Symbian] More efficient aligned memory allocation for JSC Collector
-        https://bugs.webkit.org/show_bug.cgi?id=34350
-
-        * JavaScriptCore.pri: Added 2 new Symbian source files and HAL linkage
-
-        * runtime/Collector.cpp: Reduced port-specific code and added private data member
-        (JSC::Heap::Heap):
-        (JSC::Heap::~Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlockPtr):
-
-        * runtime/Collector.h: Added private data member
-
-        * wtf/symbian: Added.
-        * wtf/symbian/BlockAllocatorSymbian.cpp: Added.
-        (WTF::AlignedBlockAllocator::AlignedBlockAllocator): Helper class to allocate 
-        aligned blocks more efficiently as required by Collector
-        (WTF::AlignedBlockAllocator::alloc):
-        (WTF::AlignedBlockAllocator::free):
-        (WTF::AlignedBlockAllocator::destroy):
-        (WTF::AlignedBlockAllocator::~AlignedBlockAllocator):
-        * wtf/symbian/BlockAllocatorSymbian.h: Added.
-
-2010-03-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fixed <rdar://problem/7728196> REGRESSION (r46701): -(-2147483648)
-        evaluates to -2147483648 on 32 bit (35842)
-        
-        Two ways to fix the same bug:
-        
-        1. Check for overflow when negating, since negating the largest negative
-        int causes overflow.
-        
-        2. Constant-fold even when negating a negative, since, like they say in
-        high school, "math works."
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchNeg32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchNeg32): Added a branching version
-        of the negate operator.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate): Use the branching version of the negate 
-        operator to check for overflow.
-
-        (JSC::JIT::emitSlow_op_negate): Link the check for overflow to a slow case.
-        (We could emit inline code for this, since we know what the result would
-        be, but that's probably just a waste of generated code.)
-
-        * parser/Grammar.y: Constant fold even when negating a negative.
-
-2010-03-22  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/36431> Clean up 'int' use in UString.cpp after r54789
-
-        Reviewed by Darin Adler.
-
-        * runtime/UString.cpp:
-        (JSC::UString::from): Changed argument type from 'unsigned int'
-        to 'unsigned' to match WebKit coding style.
-        (JSC::UString::find): Changed static_cast<int>() to
-        static_cast<unsigned>() now that this method returns unsigned.
-        (JSC::UString::rfind): Ditto.
-        * runtime/UString.h:
-        (JSC::UString::from): Changed argument type from 'unsigned int'
-        to 'unsigned' to match WebKit coding style.
-
-2010-03-22  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Add support for syntax checking in the QtScript API.
-
-        New class was created; the QScriptSyntaxCheckResult which main
-        responsibility is to provide results of the ECMA Script code
-        syntax check. The class is not fully functional as the JSC C API
-        doesn't expose an error column number, but it is a good start point
-        for a future development.
-
-        [Qt] QtScript functionality should be extended by syntax checking.
-        https://bugs.webkit.org/show_bug.cgi?id=36123
-
-        * qt/api/QtScript.pro:
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::checkSyntax):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::checkSyntax):
-        * qt/api/qscriptengine_p.h:
-        * qt/api/qscriptsyntaxcheckresult.cpp: Added.
-        (QScriptSyntaxCheckResult::QScriptSyntaxCheckResult):
-        (QScriptSyntaxCheckResult::~QScriptSyntaxCheckResult):
-        (QScriptSyntaxCheckResult::operator=):
-        (QScriptSyntaxCheckResult::state):
-        (QScriptSyntaxCheckResult::errorLineNumber):
-        (QScriptSyntaxCheckResult::errorColumnNumber):
-        (QScriptSyntaxCheckResult::errorMessage):
-        * qt/api/qscriptsyntaxcheckresult.h: Added.
-        * qt/api/qscriptsyntaxcheckresult_p.cpp: Added.
-        (QScriptSyntaxCheckResultPrivate::~QScriptSyntaxCheckResultPrivate):
-        (QScriptSyntaxCheckResultPrivate::errorMessage):
-        (QScriptSyntaxCheckResultPrivate::errorLineNumber):
-        * qt/api/qscriptsyntaxcheckresult_p.h: Added.
-        (QScriptSyntaxCheckResultPrivate::get):
-        (QScriptSyntaxCheckResultPrivate::QScriptSyntaxCheckResultPrivate):
-        (QScriptSyntaxCheckResultPrivate::state):
-        (QScriptSyntaxCheckResultPrivate::errorColumnNumber):
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::checkSyntax_data):
-        (tst_QScriptEngine::checkSyntax):
-
-2010-03-21  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        New class; QScriptProgram.
-
-        The class should be used to evaluate the same script multiple times
-        more efficiently.
-
-        [Qt] QtScript should have QScriptProgram class
-        https://bugs.webkit.org/show_bug.cgi?id=36008
-
-        * qt/api/QtScript.pro:
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::evaluate):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::evaluate):
-        * qt/api/qscriptengine_p.h:
-        (QScriptEnginePrivate::evaluate):
-        * qt/api/qscriptprogram.cpp: Added.
-        (QScriptProgram::QScriptProgram):
-        (QScriptProgram::~QScriptProgram):
-        (QScriptProgram::operator=):
-        (QScriptProgram::isNull):
-        (QScriptProgram::sourceCode):
-        (QScriptProgram::fileName):
-        (QScriptProgram::firstLineNumber):
-        (QScriptProgram::operator==):
-        (QScriptProgram::operator!=):
-        * qt/api/qscriptprogram.h: Added.
-        * qt/api/qscriptprogram_p.h: Added.
-        (QScriptProgramPrivate::get):
-        (QScriptProgramPrivate::QScriptProgramPrivate):
-        (QScriptProgramPrivate::~QScriptProgramPrivate):
-        (QScriptProgramPrivate::isNull):
-        (QScriptProgramPrivate::sourceCode):
-        (QScriptProgramPrivate::fileName):
-        (QScriptProgramPrivate::firstLineNumber):
-        (QScriptProgramPrivate::operator==):
-        (QScriptProgramPrivate::operator!=):
-        (QScriptProgramPrivate::program):
-        (QScriptProgramPrivate::file):
-        (QScriptProgramPrivate::line):
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::evaluateProgram):
-
-2010-03-21  David Kilzer  <ddkilzer@apple.com>
-
-        Blind attempt #2 to fix the Windows build after r56314
-
-        * API/tests/testapi.c: Include JSObjectRefPrivate.h for the new
-        methods instead of declaring them locally (and non-extern).
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Backed out previous change.
-
-2010-03-21  David Kilzer  <ddkilzer@apple.com>
-
-        Blind attempt to fix the Windows build after r56314
-
-        Try to fix the following errors on the Windows buildbot:
-
-            Linking...
-            testapi.obj : error LNK2001: unresolved external symbol "bool __cdecl JSObjectSetPrivateProperty(struct OpaqueJSContext const *,struct OpaqueJSValue *,struct OpaqueJSString *,struct OpaqueJSValue const *)" (?JSObjectSetPrivateProperty@@YA_NPBUOpaqueJSContext@@PAUOpaqueJSValue@@PAUOpaqueJSString@@PBU2@@Z)
-            testapi.obj : error LNK2001: unresolved external symbol "struct OpaqueJSValue const * __cdecl JSObjectGetPrivateProperty(struct OpaqueJSContext const *,struct OpaqueJSValue *,struct OpaqueJSString *)" (?JSObjectGetPrivateProperty@@YAPBUOpaqueJSValue@@PBUOpaqueJSContext@@PAU1@PAUOpaqueJSString@@@Z)
-            C:\cygwin\home\buildbot\slave\win-release\build\WebKitBuild\bin\testapi.exe : fatal error LNK1120: 2 unresolved externals
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added
-        missing symbols to be exported.
-
-2010-03-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Documentation fix for previous patch.
-
-        * API/JSObjectRefPrivate.h:
-
-2010-03-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        JSC needs an API to allow custom objects to have aprivate GC-accessible properties
-        https://bugs.webkit.org/show_bug.cgi?id=36420
-
-        Add new API methods to support "private" properties on custom
-        objects.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSCallbackObjectData):
-        (JSC::JSCallbackObjectData::~JSCallbackObjectData):
-        (JSC::JSCallbackObjectData::getPrivateProperty):
-        (JSC::JSCallbackObjectData::setPrivateProperty):
-        (JSC::JSCallbackObjectData::deletePrivateProperty):
-        (JSC::JSCallbackObjectData::markChildren):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::deletePrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
-        (JSC::JSCallbackObject::getPrivateProperty):
-        (JSC::JSCallbackObject::setPrivateProperty):
-        (JSC::JSCallbackObject::deletePrivateProperty):
-        (JSC::JSCallbackObject::markChildren):
-        * API/JSObjectRef.cpp:
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSObjectRefPrivate.h: Added.
-        * API/tests/testapi.c:
-        (main):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-03-20  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fixes after introduction of Brew files.
-
-        * wscript:
-
-2010-03-18  Tom Callaway  <tcallawa@redhat.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 35429: Fix compile on SPARC64
-        https://bugs.webkit.org/show_bug.cgi?id=35429
-
-        * wtf/Platform.h: Set WTF_USE_JSVALUE64 for SPARC64
-
-2010-03-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add API to directly expose JSON parsing
-        https://bugs.webkit.org/show_bug.cgi?id=34887
-
-        Add API to expose JSON parsing directly, and add tests to testapi
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeFromJSONString):
-        (JSValueCreateJSONString):
-        * API/tests/testapi.c:
-        (main):
-        * JavaScriptCore.exp:
-        * runtime/JSONObject.cpp:
-        (JSC::JSONStringify):
-        * runtime/JSONObject.h:
-
-2010-03-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler and Mark Rowe.
-
-        Update WebKit availability macros for release after 4.0.
-
-        * API/WebKitAvailability.h:
-
-2010-03-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        undefined, NaN, and Infinity should be ReadOnly
-        https://bugs.webkit.org/show_bug.cgi?id=36263
-
-        Simply add the ReadOnly flag to these properties.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-
-2010-03-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Speed up Math.round a little by removing unneeded special case
-        https://bugs.webkit.org/show_bug.cgi?id=36107
-
-        Test: fast/js/math.html
-
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncRound): This function had a special case for numbers
-        between -0.5 and -0.0 to return -0.0. But the algorithm in the function
-        already yields -0.0 for those cases, so the extra checking and branching
-        is unneeded.
-
-2010-03-17  Mike Homey  <glandium@debian.org>
-
-        Reviewed by Gustavo Noronha.
-
-        Build fix for SPARC. Fix missing macro value.
-
-        * wtf/Platform.h:
-
-2010-03-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt, Darin Adler.
-
-        Bug 36083 - REGRESSION (r55772-r55834): Crash in JavaScriptCore RegExp code on PowerPC
-
-        The problem is a bug in our port of PCRE - that a read may take place from the first character in an
-        empty string.  For the time being, revert to using a valid pointer in the data segment rather than
-        an invalid non-null pointer into the zero-page for the empty string's data pointer.  A better fix for
-        this will be to remove PCRE.
-
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::empty):
-
-2010-03-16  Darin Adler  <darin@apple.com>
-
-        Rolled out r56081 since it broke the Windows build.
-
-2010-03-16  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Remove extra <new> include and add guards to operator new/delete definitions
-        https://bugs.webkit.org/show_bug.cgi?id=35967
-
-        Remove extra <new> header include from FastAlloc.cpp since it is included in 
-        FastAlloc.h. Add ENABLE(GLOBAL_FASTMALLOC_NEW) macro guard to operator
-        new/delete/new []/delete [] definitions.
-
-        * wtf/FastMalloc.cpp:
-
-2010-03-15  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Add a function to create a BREW instance without local variable declarations.
-        https://bugs.webkit.org/show_bug.cgi?id=34705
-
-        Add a template function to create a BREW instance in one line.
-
-        * wtf/brew/ShellBrew.h: Added.
-        (WTF::createInstance):
-
-2010-03-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Removed a now-incorrect comment I forgot to remove in my last check-in.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavenge):
-
-2010-03-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fixed a portion of:
-        <rdar://problem/7165917> | https://bugs.webkit.org/show_bug.cgi?id=28676
-        Safari 4 does not release memory back to the operating system fast enough (28676)
-
-        Every few seconds, release a percentage of the minimum unused page count
-        during that time period.
-
-        SunSpider reports no change, command-line or in-browser, Mac or Windows.
-        
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::init):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-        (WTF::TCMalloc_PageHeap::initializeScavenger): Renamed shouldContinueScavenging
-        to shouldScavenge, since scavenging is no longer something that we interrupt.
-
-        (WTF::TCMalloc_PageHeap::scavenge): The new scavenging algorithm. Fixes
-        a bug where the old code would release only one item from each size class
-        per scavenge, potentially leaving large numbers of large-sized objects
-        unreleased for a long time.
-
-        (WTF::TCMalloc_PageHeap::shouldScavenge):
-        (WTF::TCMalloc_PageHeap::New):
-        (WTF::TCMalloc_PageHeap::AllocLarge):
-        (WTF::TCMalloc_PageHeap::Delete):
-        (WTF::TCMalloc_PageHeap::GrowHeap):
-        (WTF::TCMalloc_PageHeap::scavengerThread):
-        (WTF::TCMalloc_PageHeap::periodicScavenge): Updated to track the minimum
-        value of free_committed_pages_ during a given scavenge period.
-
-2010-03-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=35843
-        Re-land reverted fix to JSString::getIndex()
-
-        Calling getIndex() on a JSString in rope form may result in a JSException being thrown
-        if there is insuficient memory so value(exec) returns UString() with length zero,
-        which will be passed to jsSingleCharacterSubstring.
-        Add a slow case function to trap the error & return a safe null value, until the
-        exception is handled.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::getIndexSlowCase):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::JSString::getIndex):
-        (JSC::jsSingleCharacterString):
-        (JSC::JSString::getStringPropertySlot):
-
-2010-03-04  Kenneth Rohde Christiansen  <kenneth@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Add a long long version of abs() for MSVC.
-
-        * wtf/MathExtras.h:
-        (abs):
-
-2010-03-15  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Combine ctiTrampolines on ARM and Thumb-2
-        https://bugs.webkit.org/show_bug.cgi?id=36014
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-
-2010-03-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 36075 - Clean up screwyness re static string impls & Identifiers.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass): Classname may be null/empty, and these are an identifer.  This is okay, since the null/empty strings are shared across all threads.
-        * JavaScriptCore.exp:
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add): No need to explicitly hash null reps, this is done in the ststic UStringImpl constructor.
-        (JSC::Identifier::addSlowCase): UStringImpl::empty() handled & checkCurrentIdentifierTable now called in the header.
-        (JSC::Identifier::checkCurrentIdentifierTable): Replaces checkSameIdentifierTable (this no longer checked the rep since the identifierTable pointer was removed from UString::Rep long ago).
-        * runtime/Identifier.h:
-        (JSC::Identifier::add): Replace call to checkSameIdentifierTable with call to checkCurrentIdentifierTable at head of function.
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::~UStringImpl): Remove call to checkConsistency - this function no longer checks anything interesting.
-        * runtime/UStringImpl.h:
-        (JSC::UStringOrRopeImpl::UStringOrRopeImpl): Set s_refCountFlagIsIdentifier in static constructor.
-        (JSC::UStringImpl::UStringImpl): remove calls to checkConsistency (see above), add new ASSERT to substring constructor.
-        (JSC::UStringImpl::setHash): ASSERT not static (static strings set the hash in their constructor, should not reach this code path).
-        (JSC::UStringImpl::create): Add missing ASSERT.
-        (JSC::UStringImpl::setIsIdentifier): ASSERT !isStatic() (static strings hash set in constructor).
-
-2010-03-12  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by David Levin.
-
-        Two functions tryConsumeCharacter() and tryConsumeCharacterClass() are
-        removed from yarr/RegexInterpreter.cpp because they are never called.
-
-        * yarr/RegexInterpreter.cpp:
-
-2010-03-11  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        The JSNative state was renamed to JSPrimitive. The new name better
-        coresponds to the ECMAScript standard.
-
-        Enum QScriptValuePrivate::States was renamed to State to obey Qt
-        coding style rules ("States" name suggests that a state could
-        mixed together with an other state using bitwise logic operators.
-
-        [Qt] QScriptValuePrivate::States has naming issues
-        https://bugs.webkit.org/show_bug.cgi?id=35968
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::):
-        (QScriptValuePrivate::QScriptValuePrivate):
-        (QScriptValuePrivate::isBool):
-        (QScriptValuePrivate::isNumber):
-        (QScriptValuePrivate::isNull):
-        (QScriptValuePrivate::isString):
-        (QScriptValuePrivate::isUndefined):
-        (QScriptValuePrivate::toString):
-        (QScriptValuePrivate::toNumber):
-        (QScriptValuePrivate::toBool):
-        (QScriptValuePrivate::assignEngine):
-        (QScriptValuePrivate::refinedJSValue):
-
-2010-03-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Windows build fix).
-
-        Add export.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Windows build fix).
-
-        Add export.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        Remove nonsense comments used in development & commited in error.
-
-        * runtime/UStringImpl.h:
-
-2010-03-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Windows build fix).
-
-        Remove export.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=36041
-        Remove unnecessary differences in common code between WebCore::StringImpl & JSC::UStringImpl
-
-        Much of the code in WebCore::StringImpl and JSC::UStringImpl is now very similar,
-        but has trivial and unnecessary formatting differences, such as the exact wording
-        of comments, missing ASSERTs, functions implemented in the .h vs .cpp etc.
-
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add): UStringImpl::empty() now automatically hashes, uas per WebCore strings.
-        (JSC::Identifier::addSlowCase): UStringImpl::empty() now automatically hashes, uas per WebCore strings.
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::~UStringImpl): Only call bufferOwnership() once, add missing ASSERTs.
-        (JSC::UStringImpl::createUninitialized): Move from .h, not commonly called, no need to inline.
-        (JSC::UStringImpl::create): Move from .h, not commonly called, no need to inline.
-        (JSC::UStringImpl::sharedBuffer): Rewritten to more closely match WebCore implementation, remove need for separate baseSharedBuffer() method.
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::UStringImpl): Automatically hash static strings, ASSERT m_data & m_length are non-null/non-zero in non-static strings.
-        (JSC::UStringImpl::setHash): Add missing ASSERT.
-        (JSC::UStringImpl::create): Moved to .cpp / added missing check for empty string creation.
-        (JSC::UStringImpl::adopt): Vector.size() returns size_t, not unsigned.
-        (JSC::UStringImpl::cost): Renamed m_bufferSubstring -> m_substringBuffer
-        (JSC::UStringImpl::hash): Reordered in file.
-        (JSC::UStringImpl::existingHash): Reordered in file.
-        (JSC::UStringImpl::computeHash): Reordered in file, renamed parameter.
-        (JSC::UStringImpl::checkConsistency): rewrote ASSERT.
-        (JSC::UStringImpl::bufferOwnership): Return type should be BufferOwnership.
-        (JSC::UStringImpl::): Moved friends to head of class.
-
-2010-03-11  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/7745082> Make it possible to build WebKit for older Mac OS X versions from the current Mac OS X version
-
-        Default to using the appropriate SDK if the target Mac OS X version is not the current Mac OS X version.
-
-        * Configurations/Base.xcconfig:
-
-2010-03-11  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        <rdar://problem/7745082> Make it possible to build WebKit for older Mac OS X versions from the current Mac OS X version
-
-        Introduce TARGET_MAC_OS_X_VERSION_MAJOR to represent the Mac OS X version that is being targeted.  It defaults to the
-        current Mac OS X version unless otherwise specified.
-
-        Key off TARGET_MAC_OS_X_VERSION_MAJOR where we'd previously been keying off MAC_OS_X_VERSION_MAJOR.
-
-        Explicitly map from the target Mac OS X version to the preferred compiler since Xcode's default compiler choice
-        may not be usable when targetting a different Mac OS X version.
-
-        Key off TARGET_GCC_VERSION rather than MAC_OS_X_VERSION_MAJOR in locations where we'd previously been keying off
-        MAC_OS_X_VERSION_MAJOR but the decision is really related to the compiler version being used.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-        * Configurations/FeatureDefines.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-        * Configurations/Version.xcconfig:
-
-2010-03-11  Simon Fraser  <simon.fraser@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Sort the project file.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-03-11  Simon Fraser  <simon.fraser@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Sort the project file .
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-03-11  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Buildfix for Thumb-2 after r55684. Add branch8 and branchTest8 functions.
-        https://bugs.webkit.org/show_bug.cgi?id=35892
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::):
-        (JSC::ARMv7Assembler::ldrb):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load8):
-        (JSC::MacroAssemblerARMv7::branch8):
-        (JSC::MacroAssemblerARMv7::branchTest8):
-        (JSC::MacroAssemblerARMv7::setTest8):
-
-2010-03-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-        
-        Rename JSC::UStringImpl::data() to characters(), to match WebCore::StringImpl.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::keyForCharacterSwitch):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::processClauseList):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::equal):
-        (JSC::Identifier::addSlowCase):
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        * runtime/UString.cpp:
-        (JSC::UString::toStrictUInt32):
-        (JSC::equal):
-        * runtime/UString.h:
-        (JSC::UString::data):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::characters):
-        (JSC::UStringImpl::hash):
-        (JSC::UStringImpl::setHash):
-
-2010-03-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler, Geoffrey Garen, Maciej Stachowiak.
-
-        https://bugs.webkit.org/show_bug.cgi?id=35991
-        Would be faster to not use a thread specific to implement StringImpl::empty()
-
-        Change JSC::UStringImpl's implementation of empty() match to match StringImpl's new implementation
-        (use a static defined within the empty() method), and change the interface to match too (return
-        a pointer not a reference). 
-
-        ~0% performance impact (possible minor progression from moving empty() from .h to .cpp).
-
-        * JavaScriptCore.exp:
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        (JSC::Identifier::addSlowCase):
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * runtime/UString.cpp:
-        (JSC::initializeUString):
-        (JSC::UString::UString):
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::empty):
-        (JSC::UStringImpl::create):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::adopt):
-        (JSC::UStringImpl::createUninitialized):
-        (JSC::UStringImpl::tryCreateUninitialized):
-
-2010-03-10  Dmitry Titov  <dimich@chromium.org>
-
-        Not reviewed, fixing Snow Leopard build.
-
-        * wtf/mac/MainThreadMac.mm: Forgot 'static' for a new local function.
-        (WTF::postTimer):
-
-2010-03-10  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Make Document::postTask to use a single queue of tasks, to fire them in order
-        https://bugs.webkit.org/show_bug.cgi?id=35943
-
-        The patch uses CFRunLoopTimer to schedule execution of tasks instead of performSelectorOnMainThread which apparently can starve other event sources.
-        The timer is used when the schedule request is coming on the main thread itself. This happens when the task is posted on the main thread or
-        when too many tasks are posted and the queue does 'stop and re-schedule' to make sure run loop has a chance to execute other events.
-
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::timerFired):
-        (WTF::postTimer):
-        (WTF::scheduleDispatchFunctionsOnMainThread): Use timer posted to the current RunLoop if scheduling the task execution while on the main thread.
-
-2010-03-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: added new symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: removed old symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Alexey Proskuryakov, Darin Adler, and Sam Weinig.
-
-        Refactored fastCheckConsistency to match some review comments:
-            - renamed fastCheckConsistency to fastMallocSize, and changed ValueCheck
-              to ASSERT that a pointer's fastMallocSize is not 0.
-            - implemented a version of fastMallocSize for tcmalloc.
-            
-        Also moved some pre-existing code around to avoid a problem related to
-        mismatched #define/#undef of malloc/free in this source file.
-
-        * JavaScriptCore.exp:
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocSize): Renamed. Fixed indentation.
-
-        (WTF::TCMalloc_PageHeap::scavenge): Removed an incorrect ASSERT that
-        got in the way of testing the tcmalloc implementation. (More information
-        on why this ASSERT is incorrect is in <rdar://problem/7165917>.)
-
-        (WTF::TCMallocStats::fastMallocSize): Implemented for tcmalloc.
-
-        * wtf/FastMalloc.h: Updated for rename.
-
-        * wtf/ValueCheck.h:
-        (WTF::): Moved the ASSERT that used to be in fastCheckConsistency here.
-
-2010-03-10  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Eric Seidel.
-
-        Make global new/delete operators configurable for all ports and disable it
-        for the wx port for now.
-
-        * wtf/FastMalloc.h:
-        * wtf/Platform.h:
-
-2010-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (reverting r54510).
-
-        This caused a performance regression, by breaking the code
-        generator's logic to calculate the skip level for resolving
-        variables (traced by rdar:7683350)  Reverting for now.
-
-        * parser/Grammar.y:
-        * parser/NodeConstructors.h:
-        (JSC::ContinueNode::ContinueNode):
-        (JSC::BreakNode::BreakNode):
-        (JSC::ForInNode::ForInNode):
-        * runtime/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        * runtime/CommonIdentifiers.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-
-2010-03-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Changed FastMalloc statistics reporting to be a bit clearer. We now
-        report:
-            - Reserved VM Bytes: the VM that has been mapped into the process.
-            - Committed VM Bytes: the subset of Reserved VM Bytes actually in use.
-            - Free List Bytes: the subset of Committed VM Bytes in a free list.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocStatistics):
-        (WTF::TCMallocStats::fastMallocStatistics): Updated to report the statistics
-        above. Standardized use of "ifdef WTF_CHANGES". Added a SpinLockHolder
-        around all statistics gathering, since it reads from the page heap.
-
-        * wtf/FastMalloc.h: Updated to report the statistics above. 
-
-2010-03-09  Gabor Loki  <loki@webkit.org>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        Buildfix for ARM after r55684. Add branch8 and branchTest8 functions.
-        https://bugs.webkit.org/show_bug.cgi?id=35892
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::dataTransfer32):
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load8):
-        (JSC::MacroAssemblerARM::branch8):
-        (JSC::MacroAssemblerARM::branchTest8):
-
-2010-03-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: 'P' is not a type. Luckily, 'void' is.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastCheckConsistency):
-
-2010-03-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: export a new symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Switching malloc implementations requires a world rebuild
-        https://bugs.webkit.org/show_bug.cgi?id=35899
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastCheckConsistency):
-        (WTF::TCMallocStats::fastCheckConsistency):
-        * wtf/FastMalloc.h:
-        * wtf/ValueCheck.h:
-        (WTF::): Moved pointer checking into a helper function in FastMalloc.cpp,
-        so you can switch malloc implementations without rebuilding the world.
-
-2010-03-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        TypeInfo is unnecessarily large
-        https://bugs.webkit.org/show_bug.cgi?id=35850
-
-        Reduce the size of the type and flags members to a single
-        byte each, reducing the size of Structure by 8 bytes.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branch8):
-        (JSC::MacroAssemblerX86Common::branchTest8):
-        (JSC::MacroAssemblerX86Common::setTest8):
-          Add single byte branches, and correct setTest8 to do a
-          single byte read from memory, and actually store the result
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::cmpb_im):
-        (JSC::X86Assembler::testb_im):
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_construct_verify):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emit_op_construct_verify):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        (JSC::TypeInfo::type):
-
-2010-03-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (reverting regression).
-
-        Reverting 55035, this caused a regression.
-        (https://bugs.webkit.org/show_bug.cgi?id=35843)
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::JSString::getIndex):
-        (JSC::JSString::getStringPropertySlot):
-        * runtime/UStringImpl.cpp:
-        * runtime/UStringImpl.h:
-
-2010-03-08  Stuart Morgan  <stuartmorgan@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Added a new USE definition for secure text mode on the Mac.
-        https://bugs.webkit.org/show_bug.cgi?id=31265
-
-        * wtf/Platform.h:
-
-2010-03-08  Jian Li  <jianli@chromium.org>
-
-        Reviewed by Dmitry Titov.
-
-        Blob.slice support.
-        https://bugs.webkit.org/show_bug.cgi?id=32993
-
-        Add ENABLE_BLOB_SLICE feature define.
-        Also fix a problem that JSValue.toInteger is not exposed on Windows.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-07  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Small performance fix in the QScriptConverter::toString().
-
-        The QByteArray was replaced by the QVarLengthArray which doesn't
-        have to allocate any memory on heap.
-
-        [Qt] QScriptConverter::toString() should use QVarLengthArray instead of QByteArray
-        https://bugs.webkit.org/show_bug.cgi?id=35577
-
-        * qt/api/qscriptconverter_p.h:
-        (QScriptConverter::toString):
-
-2010-03-06  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Remove unnecessary includes of wtf/Platform.h.  This is already pulled in by config.h.
-
-        * API/APICast.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSValueRef.cpp:
-        * assembler/ARMAssembler.h:
-        * assembler/ARMv7Assembler.h:
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/AssemblerBuffer.h:
-        * assembler/AssemblerBufferWithConstantPool.h:
-        * assembler/CodeLocation.h:
-        * assembler/LinkBuffer.h:
-        * assembler/MIPSAssembler.h:
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        * assembler/MacroAssemblerMIPS.h:
-        * assembler/MacroAssemblerX86.h:
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/MacroAssemblerX86_64.h:
-        * assembler/RepatchBuffer.h:
-        * assembler/X86Assembler.h:
-        * jit/JIT.h:
-        * jit/JITCode.h:
-        * jit/JITInlineMethods.h:
-        * jit/JITStubs.h:
-        * os-win32/stdint.h:
-        * runtime/JSAPIValueWrapper.h:
-        * runtime/JSImmediate.h:
-        * wtf/ASCIICType.h:
-        * wtf/StdLibExtras.h:
-        * wtf/VMTags.h:
-        * yarr/RegexCompiler.h:
-        * yarr/RegexInterpreter.h:
-        * yarr/RegexJIT.h:
-        * yarr/RegexParser.h:
-        * yarr/RegexPattern.h:
-
-2010-03-06  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Share OwnPtr.
-        https://bugs.webkit.org/show_bug.cgi?id=35776
-
-        Share OwnPtr implementation with BREW MP and remove OwnPtrBrew.
-
-        * wtf/OwnPtrBrew.cpp: Added.
-        (WTF::deleteOwnedPtr):
-        * wtf/OwnPtrCommon.h:
-        * wtf/brew/OwnPtrBrew.cpp: Removed.
-        * wtf/brew/OwnPtrBrew.h: Removed.
-
-2010-03-06  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Eric Seidel.
-
-        Implemented JIT_OPTIMIZE_NATIVE_CALL for WinCE
-        https://bugs.webkit.org/show_bug.cgi?id=33426
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-
-2010-03-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Add enw exports to windows
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JSC should cache int to Identifier conversion as it does for ordinary strings
-        https://bugs.webkit.org/show_bug.cgi?id=35814
-
-        Make the NumericStrings cache cache unsigned ints in addition to signed.
-        We keep them separate from the int cache as it both simplifies code, and
-        also because the unsigned path is exclusive to property access and therefore
-        seems to have different usage patterns.
-
-        The primary trigger for the unsigned to Identifier propertyName conversion
-        is the construction of array-like objects out of normal objects.  Given these
-        tend to be relative small numbers, and the array-like behaviour lends itself
-        to sequential values this patch also adds a non-colliding cache for all small
-        numbers.
-
-        * JavaScriptCore.exp:
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::from):
-        * runtime/Identifier.h:
-        * runtime/NumericStrings.h:
-        (JSC::NumericStrings::add):
-        (JSC::NumericStrings::lookup):
-        (JSC::NumericStrings::lookupSmallString):
-
-2010-03-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Allow static property getters to interact with JSCs caching
-        https://bugs.webkit.org/show_bug.cgi?id=35716
-
-        Add new opcodes for handling cached lookup of static value getters.
-        More or less the same as with JS getters, all that changes is that
-        instead of calling through a JSFunction we always know that we have
-        a C function to call.
-
-        For the patching routines in the JIT we now need to pass a few
-        new parameters to allow us to pass enough information to the stub
-        function to allow us to call the C function correctly.  Logically
-        this shouldn't actually be necessary as all of these functions ignore
-        the identifier, but removing the ident parameter would require
-        somewhat involved changes to the way we implement getOwnPropertySlot,
-        etc.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        (JSC::Instruction::):
-        * bytecode/Opcode.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/Lookup.h:
-        (JSC::getStaticPropertySlot):
-        (JSC::getStaticValueSlot):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::):
-        (JSC::PropertySlot::PropertySlot):
-        (JSC::PropertySlot::cachedPropertyType):
-        (JSC::PropertySlot::isCacheable):
-        (JSC::PropertySlot::isCacheableValue):
-        (JSC::PropertySlot::setValueSlot):
-        (JSC::PropertySlot::setCacheableCustom):
-        (JSC::PropertySlot::setGetterSlot):
-        (JSC::PropertySlot::setCacheableGetterSlot):
-        (JSC::PropertySlot::clearOffset):
-        (JSC::PropertySlot::customGetter):
-
-2010-03-04  Shinichiro Hamaji  <hamaji@chromium.org>
-
-        Unreviewed. Remove a non-ASCII character introduced in the following bug.
-
-        put_by_id does will incorrectly cache writes where a specific value exists, where at the point of caching the same value is being written.
-        https://bugs.webkit.org/show_bug.cgi?id=35537
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-
-2010-03-04  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Make the OUTPUT_DIR variable in qmake projects independent of build-webkit's logic.
-
-        This also allows shadow builds relying only on qmake to work properly.
-        * jsc.pro:
-        * qt/api/QtScript.pro:
-        * qt/tests/qscriptengine/qscriptengine.pro:
-        * qt/tests/qscriptvalue/qscriptvalue.pro:
-        * qt/tests/tests.pri:
-
-2010-03-03  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        QScriptValue::isObject fix.
-
-        Fix broken internal state evaluation from JSValue to JSNative / JSObject.
-        New function was introduced which should take care about promoting
-        JSValue state inside QScriptValuePrivate. It should be used instead of a
-        direct JSC C API call.
-
-        The bug exposed a weakness in autotest suite, as the QScriptValuePrivate
-        is based on state machine with lazy state evaluation, there is a possibility
-        that serial sequencial calls to the same public const function could return
-        different results. The patch fix the issue.
-
-        [Qt] Sometimes QScriptValue::isObject returns an incorrect value
-        https://bugs.webkit.org/show_bug.cgi?id=35387
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::isBool):
-        (QScriptValuePrivate::isNumber):
-        (QScriptValuePrivate::isNull):
-        (QScriptValuePrivate::isString):
-        (QScriptValuePrivate::isUndefined):
-        (QScriptValuePrivate::isError):
-        (QScriptValuePrivate::isObject):
-        (QScriptValuePrivate::isFunction):
-        (QScriptValuePrivate::call):
-        (QScriptValuePrivate::refineJSValue):
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp:
-        (tst_QScriptValue::initScriptValues):
-        (tst_QScriptValue::isValid_makeData):
-        (tst_QScriptValue::isValid_test):
-        (tst_QScriptValue::isBool_makeData):
-        (tst_QScriptValue::isBool_test):
-        (tst_QScriptValue::isBoolean_makeData):
-        (tst_QScriptValue::isBoolean_test):
-        (tst_QScriptValue::isNumber_makeData):
-        (tst_QScriptValue::isNumber_test):
-        (tst_QScriptValue::isFunction_test):
-        (tst_QScriptValue::isNull_makeData):
-        (tst_QScriptValue::isNull_test):
-        (tst_QScriptValue::isString_makeData):
-        (tst_QScriptValue::isString_test):
-        (tst_QScriptValue::isUndefined_makeData):
-        (tst_QScriptValue::isUndefined_test):
-        (tst_QScriptValue::isObject_makeData):
-        (tst_QScriptValue::isObject_test):
-        (tst_QScriptValue::toString_makeData):
-        (tst_QScriptValue::toString_test):
-        (tst_QScriptValue::toNumber_makeData):
-        (tst_QScriptValue::toNumber_test):
-        (tst_QScriptValue::toBool_makeData):
-        (tst_QScriptValue::toBool_test):
-        (tst_QScriptValue::toBoolean_makeData):
-        (tst_QScriptValue::toBoolean_test):
-        (tst_QScriptValue::toInteger_makeData):
-        (tst_QScriptValue::toInteger_test):
-        (tst_QScriptValue::toInt32_makeData):
-        (tst_QScriptValue::toInt32_test):
-        (tst_QScriptValue::toUInt32_makeData):
-        (tst_QScriptValue::toUInt32_test):
-        (tst_QScriptValue::toUInt16_makeData):
-        (tst_QScriptValue::toUInt16_test):
-
-2010-03-03  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Gavin Barraclough.
-
-        MIPS JIT Supports
-        https://bugs.webkit.org/show_bug.cgi?id=30144
-
-        The following changes enable MIPS YARR and YARR_JIT.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Imm32::Imm32):
-        * assembler/MIPSAssembler.h: Added.
-        (JSC::MIPSRegisters::):
-        (JSC::MIPSAssembler::MIPSAssembler):
-        (JSC::MIPSAssembler::):
-        (JSC::MIPSAssembler::JmpSrc::JmpSrc):
-        (JSC::MIPSAssembler::JmpDst::JmpDst):
-        (JSC::MIPSAssembler::JmpDst::isUsed):
-        (JSC::MIPSAssembler::JmpDst::used):
-        (JSC::MIPSAssembler::emitInst):
-        (JSC::MIPSAssembler::nop):
-        (JSC::MIPSAssembler::loadDelayNop):
-        (JSC::MIPSAssembler::copDelayNop):
-        (JSC::MIPSAssembler::move):
-        (JSC::MIPSAssembler::li):
-        (JSC::MIPSAssembler::lui):
-        (JSC::MIPSAssembler::addiu):
-        (JSC::MIPSAssembler::addu):
-        (JSC::MIPSAssembler::subu):
-        (JSC::MIPSAssembler::mult):
-        (JSC::MIPSAssembler::mfhi):
-        (JSC::MIPSAssembler::mflo):
-        (JSC::MIPSAssembler::mul):
-        (JSC::MIPSAssembler::andInsn):
-        (JSC::MIPSAssembler::andi):
-        (JSC::MIPSAssembler::nor):
-        (JSC::MIPSAssembler::orInsn):
-        (JSC::MIPSAssembler::ori):
-        (JSC::MIPSAssembler::xorInsn):
-        (JSC::MIPSAssembler::xori):
-        (JSC::MIPSAssembler::slt):
-        (JSC::MIPSAssembler::sltu):
-        (JSC::MIPSAssembler::sltiu):
-        (JSC::MIPSAssembler::sll):
-        (JSC::MIPSAssembler::sllv):
-        (JSC::MIPSAssembler::sra):
-        (JSC::MIPSAssembler::srav):
-        (JSC::MIPSAssembler::lw):
-        (JSC::MIPSAssembler::lwl):
-        (JSC::MIPSAssembler::lwr):
-        (JSC::MIPSAssembler::lhu):
-        (JSC::MIPSAssembler::sw):
-        (JSC::MIPSAssembler::jr):
-        (JSC::MIPSAssembler::jalr):
-        (JSC::MIPSAssembler::jal):
-        (JSC::MIPSAssembler::bkpt):
-        (JSC::MIPSAssembler::bgez):
-        (JSC::MIPSAssembler::bltz):
-        (JSC::MIPSAssembler::beq):
-        (JSC::MIPSAssembler::bne):
-        (JSC::MIPSAssembler::bc1t):
-        (JSC::MIPSAssembler::bc1f):
-        (JSC::MIPSAssembler::newJmpSrc):
-        (JSC::MIPSAssembler::appendJump):
-        (JSC::MIPSAssembler::addd):
-        (JSC::MIPSAssembler::subd):
-        (JSC::MIPSAssembler::muld):
-        (JSC::MIPSAssembler::lwc1):
-        (JSC::MIPSAssembler::ldc1):
-        (JSC::MIPSAssembler::swc1):
-        (JSC::MIPSAssembler::sdc1):
-        (JSC::MIPSAssembler::mtc1):
-        (JSC::MIPSAssembler::mfc1):
-        (JSC::MIPSAssembler::truncwd):
-        (JSC::MIPSAssembler::cvtdw):
-        (JSC::MIPSAssembler::ceqd):
-        (JSC::MIPSAssembler::cngtd):
-        (JSC::MIPSAssembler::cnged):
-        (JSC::MIPSAssembler::cltd):
-        (JSC::MIPSAssembler::cled):
-        (JSC::MIPSAssembler::cueqd):
-        (JSC::MIPSAssembler::coled):
-        (JSC::MIPSAssembler::coltd):
-        (JSC::MIPSAssembler::culed):
-        (JSC::MIPSAssembler::cultd):
-        (JSC::MIPSAssembler::label):
-        (JSC::MIPSAssembler::align):
-        (JSC::MIPSAssembler::getRelocatedAddress):
-        (JSC::MIPSAssembler::getDifferenceBetweenLabels):
-        (JSC::MIPSAssembler::size):
-        (JSC::MIPSAssembler::executableCopy):
-        (JSC::MIPSAssembler::getCallReturnOffset):
-        (JSC::MIPSAssembler::linkJump):
-        (JSC::MIPSAssembler::linkCall):
-        (JSC::MIPSAssembler::linkPointer):
-        (JSC::MIPSAssembler::relinkJump):
-        (JSC::MIPSAssembler::relinkCall):
-        (JSC::MIPSAssembler::repatchInt32):
-        (JSC::MIPSAssembler::repatchPointer):
-        (JSC::MIPSAssembler::repatchLoadPtrToLEA):
-        (JSC::MIPSAssembler::relocateJumps):
-        (JSC::MIPSAssembler::linkWithOffset):
-        (JSC::MIPSAssembler::linkCallInternal):
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerMIPS.h: Added.
-        (JSC::MacroAssemblerMIPS::MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::):
-        (JSC::MacroAssemblerMIPS::add32):
-        (JSC::MacroAssemblerMIPS::and32):
-        (JSC::MacroAssemblerMIPS::lshift32):
-        (JSC::MacroAssemblerMIPS::mul32):
-        (JSC::MacroAssemblerMIPS::not32):
-        (JSC::MacroAssemblerMIPS::or32):
-        (JSC::MacroAssemblerMIPS::rshift32):
-        (JSC::MacroAssemblerMIPS::sub32):
-        (JSC::MacroAssemblerMIPS::xor32):
-        (JSC::MacroAssemblerMIPS::load32):
-        (JSC::MacroAssemblerMIPS::load32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerMIPS::loadPtrWithPatchToLEA):
-        (JSC::MacroAssemblerMIPS::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerMIPS::load16):
-        (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerMIPS::store32):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerMIPS::pop):
-        (JSC::MacroAssemblerMIPS::push):
-        (JSC::MacroAssemblerMIPS::move):
-        (JSC::MacroAssemblerMIPS::swap):
-        (JSC::MacroAssemblerMIPS::signExtend32ToPtr):
-        (JSC::MacroAssemblerMIPS::zeroExtend32ToPtr):
-        (JSC::MacroAssemblerMIPS::branch32):
-        (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerMIPS::branch16):
-        (JSC::MacroAssemblerMIPS::branchTest32):
-        (JSC::MacroAssemblerMIPS::jump):
-        (JSC::MacroAssemblerMIPS::branchAdd32):
-        (JSC::MacroAssemblerMIPS::branchMul32):
-        (JSC::MacroAssemblerMIPS::branchSub32):
-        (JSC::MacroAssemblerMIPS::breakpoint):
-        (JSC::MacroAssemblerMIPS::nearCall):
-        (JSC::MacroAssemblerMIPS::call):
-        (JSC::MacroAssemblerMIPS::ret):
-        (JSC::MacroAssemblerMIPS::set32):
-        (JSC::MacroAssemblerMIPS::setTest32):
-        (JSC::MacroAssemblerMIPS::moveWithPatch):
-        (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
-        (JSC::MacroAssemblerMIPS::storePtrWithPatch):
-        (JSC::MacroAssemblerMIPS::tailRecursiveCall):
-        (JSC::MacroAssemblerMIPS::makeTailRecursiveCall):
-        (JSC::MacroAssemblerMIPS::loadDouble):
-        (JSC::MacroAssemblerMIPS::storeDouble):
-        (JSC::MacroAssemblerMIPS::addDouble):
-        (JSC::MacroAssemblerMIPS::subDouble):
-        (JSC::MacroAssemblerMIPS::mulDouble):
-        (JSC::MacroAssemblerMIPS::convertInt32ToDouble):
-        (JSC::MacroAssemblerMIPS::insertRelaxationWords):
-        (JSC::MacroAssemblerMIPS::branchTrue):
-        (JSC::MacroAssemblerMIPS::branchFalse):
-        (JSC::MacroAssemblerMIPS::branchEqual):
-        (JSC::MacroAssemblerMIPS::branchNotEqual):
-        (JSC::MacroAssemblerMIPS::branchDouble):
-        (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerMIPS::linkCall):
-        (JSC::MacroAssemblerMIPS::repatchCall):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * wtf/Platform.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter):
-        (JSC::Yarr::RegexGenerator::generateReturn):
-
-2010-03-03  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-
-2010-03-03  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-
-2010-03-03  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Add virtual memory tags for TCMalloc and WebCore's purgeable buffers.
-
-        * wtf/TCSystemAlloc.cpp:
-        (TryMmap): Use the VM tag.
-        * wtf/VMTags.h: Make use of VM_MEMORY_TCMALLOC and VM_MEMORY_WEBCORE_PURGEABLE_BUFFERS.
-
-2010-03-03  Steve Falkenburg  <sfalken@apple.com>
-
-        Rubber stamped by Adam Roben.
-
-        Fix bogus xcopy that was polluting source tree at build time.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-
-2010-03-02  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Oliver Hunt.
-
-        Allow building smoothly on win32 and win64 using GCC
-        https://bugs.webkit.org/show_bug.cgi?id=35607
-
-        * jit/JITStubs.h:
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlockPtr):
-        (JSC::currentThreadStackBase):
-
-2010-03-02  Jeremy Orlow  <jorlow@chromium.org>
-
-        Reviewed by David Levin.
-
-        Revert database thread changes that are no longer required
-        https://bugs.webkit.org/show_bug.cgi?id=35519
-
-        Jochen Eisinger created 55214 and 55247 to track which database
-        owns which thread.  Dmitry suggested that this could also
-        be done via TLS, though.  After exploring the options, Jochen
-        chose to go the TLS route, so these patches are no longer needed.
-
-        * wtf/Threading.h:
-        * wtf/ThreadingNone.cpp:
-        (WTF::isMainThread):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::identifierByPthreadHandle):
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::pthreadHandleForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::currentThread):
-        * wtf/ThreadingWin.cpp:
-        (WTF::threadMap):
-        (WTF::storeThreadHandleByIdentifier):
-        (WTF::threadHandleForIdentifier):
-        (WTF::createThreadInternal):
-
-2010-03-02  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix QScriptValue::toString().
-
-        More ECMA Script compliance, especially for values as NaN, Inifinite
-        and really big/small numbers.
-
-        [Qt] QScriptValue::toString() returns incorrect values
-        https://bugs.webkit.org/show_bug.cgi?id=34850
-
-        * qt/api/qscriptconverter_p.h:
-        (QScriptConverter::toString):
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::toString):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.cpp:
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp:
-        (tst_QScriptValue::toString_initData):
-        (tst_QScriptValue::toString_makeData):
-        (tst_QScriptValue::toString_test):
-
-2010-03-02  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Introduce a new class; QScriptString.
-
-        The QScriptString class should act as a handle to "interned"
-        strings in a QScriptEngine.
-
-        [Qt] QtScript should provide QScriptString
-        https://bugs.webkit.org/show_bug.cgi?id=34843
-
-        * qt/api/QtScript.pro:
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::toStringHandle):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptengine_p.h:
-        (QScriptEnginePrivate::toStringHandle):
-        * qt/api/qscriptstring.cpp: Added.
-        (QScriptString::QScriptString):
-        (QScriptString::~QScriptString):
-        (QScriptString::operator=):
-        (QScriptString::isValid):
-        (QScriptString::operator==):
-        (QScriptString::operator!=):
-        (QScriptString::toArrayIndex):
-        (QScriptString::toString):
-        (QScriptString::operator QString):
-        (qHash):
-        * qt/api/qscriptstring.h: Added.
-        * qt/api/qscriptstring_p.h: Added.
-        (QScriptStringPrivate::QScriptStringPrivate):
-        (QScriptStringPrivate::~QScriptStringPrivate):
-        (QScriptStringPrivate::get):
-        (QScriptStringPrivate::isValid):
-        (QScriptStringPrivate::operator==):
-        (QScriptStringPrivate::operator!=):
-        (QScriptStringPrivate::toArrayIndex):
-        (QScriptStringPrivate::toString):
-        (QScriptStringPrivate::id):
-        * qt/tests/qscriptstring/qscriptstring.pro: Added.
-        * qt/tests/qscriptstring/tst_qscriptstring.cpp: Added.
-        (tst_QScriptString::tst_QScriptString):
-        (tst_QScriptString::~tst_QScriptString):
-        (tst_QScriptString::test):
-        (tst_QScriptString::hash):
-        (tst_QScriptString::toArrayIndex_data):
-        (tst_QScriptString::toArrayIndex):
-        * qt/tests/tests.pro:
-
-2010-03-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Export function on windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-03-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Refactor named getter function signature to be in line with indexing getter signature
-        https://bugs.webkit.org/show_bug.cgi?id=35563
-
-        This removes the PropertySlot argument from getter functions, and makes them directly
-        pass the slot base.  This makes the semantics for the functions match that of the
-        indexing getters.
-
-        On the down side, this means that we can no longer simply use a proxy function for
-        JS getters, so we now add another marker value to indicate that a getter is present
-        and branch accordingly.
-
-        Against all rationality sunspider reports this as a perf win, but i suspect it's just noise.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::staticValueGetter):
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-        * JavaScriptCore.exp:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::lengthGetter):
-        * runtime/JSFunction.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::numberConstructorNaNValue):
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::getValue):
-        (JSC::PropertySlot::setGetterSlot):
-        (JSC::PropertySlot::setCacheableGetterSlot):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::regExpConstructorDollar1):
-        (JSC::regExpConstructorDollar2):
-        (JSC::regExpConstructorDollar3):
-        (JSC::regExpConstructorDollar4):
-        (JSC::regExpConstructorDollar5):
-        (JSC::regExpConstructorDollar6):
-        (JSC::regExpConstructorDollar7):
-        (JSC::regExpConstructorDollar8):
-        (JSC::regExpConstructorDollar9):
-        (JSC::regExpConstructorInput):
-        (JSC::regExpConstructorMultiline):
-        (JSC::regExpConstructorLastMatch):
-        (JSC::regExpConstructorLastParen):
-        (JSC::regExpConstructorLeftContext):
-        (JSC::regExpConstructorRightContext):
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectGlobal):
-        (JSC::regExpObjectIgnoreCase):
-        (JSC::regExpObjectMultiline):
-        (JSC::regExpObjectSource):
-        (JSC::regExpObjectLastIndex):
-
-2010-03-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        PropertySlot::getValue(ExecState, unsigned) unnecessarily converts index to an Identifier
-        https://bugs.webkit.org/show_bug.cgi?id=35561
-
-        Fix this by defining a separate property getter function for index getters.  This allows
-        us to pass an unsigned number without the conversion to an Identifier.  We then update
-        setCustomIndex to take this new getter type.
-
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::getValue):
-        (JSC::PropertySlot::setCustom):
-        (JSC::PropertySlot::setCustomIndex):
-
-2010-03-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 35537 - put_by_id does will incorrectly cache writes where a specific value exists,
-                    where at the point of caching the same value is being written.
-
-        When performing a put_by_id that is replacing a property already present on the object,
-        there are three interesting cases regarding the state of the specific value:
-
-        (1) No specific value set - nothing to do, leave the structure in it's current state,
-            can cache.
-        (2) A specific value was set, the new put is not of a specified value (i.e. function),
-            or is of a different specific value - in these cases we need to perform a despecifying
-            transition to clear the specific value in the structure, but having done so this is a
-            normal property so as such we can again cache normally.
-        (3) A specific value was set, and we are overwriting with the same value - in these cases
-            leave the structure unchanged, but since a specific value is set we cannot cache this
-            put (we would need the JIT to dynamically check the value being written matched).
-
-        Unfortunately, the current behaviour does not match this.  the checks for a specific value
-        being present & the value matching are combined in such a way that in case (2), above we
-        will unnecessarily prevent the transition being cached, but in case (3) we will incorrectly
-        fail to prevent caching.
-
-        The bug exposes itself if multiple puts of the same specific value are performed to a
-        property, and erroneously the put is allowed to be cached by the JIT.  Method checks may be
-        generated caching calls of this structure.  Subsequent puts performed from JIT code may
-        write different values without triggering a despecify transition, and as such cached method
-        checks will continue to pass, despite the value having changed.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-
-2010-03-01  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix the Qt build on Mac OS X/Cocoa 64-bit
-
-        * JavaScriptCore.pri: Add missing implementation file to resolve JSC symbols
-
-2010-02-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Geoff Garen.
-
-        Remove wrec.  All builds should have switched to yarr by now.
-
-        * Android.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * wrec: Removed.
-        * wrec/CharacterClass.cpp: Removed.
-        * wrec/CharacterClass.h: Removed.
-        * wrec/CharacterClassConstructor.cpp: Removed.
-        * wrec/CharacterClassConstructor.h: Removed.
-        * wrec/Escapes.h: Removed.
-        * wrec/Quantifier.h: Removed.
-        * wrec/WREC.cpp: Removed.
-        * wrec/WREC.h: Removed.
-        * wrec/WRECFunctors.cpp: Removed.
-        * wrec/WRECFunctors.h: Removed.
-        * wrec/WRECGenerator.cpp: Removed.
-        * wrec/WRECGenerator.h: Removed.
-        * wrec/WRECParser.cpp: Removed.
-        * wrec/WRECParser.h: Removed.
-        * wscript:
-
-2010-02-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Make the lookup table generator include an explicit cast to expected
-        type of the function.  We do this because otherwise the blind intptr_t
-        cast that is subsequently applied allows incorrectly typed functions
-        to be inserted into the table, where they will only fail at runtime.
-        This change makes such errors produce a compile time failure.
-
-        * create_hash_table:
-
-2010-02-26  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Symbian specific getCPUTime implemetation
-        https://bugs.webkit.org/show_bug.cgi?id=34742
-
-        Default implementation doesn't work on Symbian devices.
-        This change adds a proper implementation by
-        asking thread execution time from the current thread.
-
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-
-2010-02-25  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        https://bugs.webkit.org/show_bug.cgi?id=35406
-        <rdar://problem/6945502> Make generic array methods work with JavaArray
-
-        Renamed lazyCreationData to subclassData. This is extra data that can be used by JSArray
-        subclasses (you can't add new data members, because it wouldn't fit in JSCell otherwise).
-
-        * JavaScriptCore.exp:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::subclassData):
-        (JSC::JSArray::setSubclassData):
-        * runtime/JSArray.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::~RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::fillArrayInstance):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-        (JSC::RegExpMatchesArray::put):
-        (JSC::RegExpMatchesArray::deleteProperty):
-        (JSC::RegExpMatchesArray::getOwnPropertyNames):
-
-2010-02-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        JSC crashes like crazy in the JSPropertyNameIterator destructor
-
-        Add back null check of m_cachedStructure.  Curse last minute changes.
-
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
-
-2010-02-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Race condition in JSPropertyNameIterator and Structure destruction
-        https://bugs.webkit.org/show_bug.cgi?id=35398
-
-        JSPropertyNameIterator and Structure have a cyclic dependency that they
-        manage by clearing the appropriate reference in each other during their
-        destruction.  However if the Structure is destroyed while the 
-        JSPropertyNameIterator is dead but not yet finalized the Structures
-        WeakGCPtr will return null, and so prevent Structure from clearing
-        the m_cachedStructure pointer of the iterator.  When the iterator is
-        then finalised the m_cachedStructure is invalid, and the attempt to
-        clear the structures back reference fails.
-
-        To fix this we simply make JSPropertyNameIterator keep the Structure
-        alive, using the weak pointer to break the ref cycle.
-
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
-          The iterator now keeps m_cachedStructure alive itself, so no longer needs
-          to check for it being cleared
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::setCachedStructure):
-          Add an assertion to ensure correct usage
-        (JSC::JSPropertyNameIterator::cachedStructure):
-          Add .get()
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-          Add an assertion that our iterator isn't already dead, and remove
-          the now unnecessary attempt to clear the ref in the iterator
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::hasDeadObject):
-          An assert-only function to allow us to assert correct behaviour
-          in the Structure destructor
-
-2010-02-25  Jochen Eisinger  <jochen@chromium.org>
- 
-        Reviewed by Jeremy Orlow.
- 
-        Make the context that was passed to the ThreadFunction accessible.
-        https://bugs.webkit.org/show_bug.cgi?id=35379
-
-        When a database is opened, right now you
-        don't have any context from where it is opened. The problem is that
-        the actual calls that open a database go through the sqlite3 vfs
-        layer, so there's no easy way to pass this function down to to
-        platform/sql/chromium/SQLFileSystemChromium*.cpp
-
-        This patch will allow you to get from anywhere within webkit a pointer
-        to the Thread object that actually created the thread you're currently
-        on (in case of the database, this can be either a thread forked of
-        from the main thread or from a worker thread), and query the object
-        for context information.
-
-        * wtf/Threading.h:
-        * wtf/ThreadingNone.cpp:
-        (WTF::threadContext):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::):
-        (WTF::identifierByPthreadHandle):
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::pthreadHandleForIdentifier):
-        (WTF::contextForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::currentThread):
-        (WTF::threadContext):
-        * wtf/ThreadingWin.cpp:
-        (WTF::):
-        (WTF::threadMap):
-        (WTF::storeThreadHandleByIdentifier):
-        (WTF::threadHandleForIdentifier):
-        (WTF::contextForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::threadContext):
-
-2010-02-25  Jeremy Orlow  <jorlow@chromium.org>
-
-        Reverting to re-submit with better change log.
-
-        * wtf/Threading.h:
-        * wtf/ThreadingNone.cpp:
-        (WTF::isMainThread):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::identifierByPthreadHandle):
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::pthreadHandleForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::currentThread):
-        * wtf/ThreadingWin.cpp:
-        (WTF::threadMap):
-        (WTF::storeThreadHandleByIdentifier):
-        (WTF::threadHandleForIdentifier):
-        (WTF::createThreadInternal):
-
-2010-02-25  Jochen Eisinger  <jochen@chromium.org>
-
-        Reviewed by Jeremy Orlow.
-
-        Make the context that was passed to the ThreadFunction accessible.
-        https://bugs.webkit.org/show_bug.cgi?id=35379
-
-        * wtf/Threading.h:
-        * wtf/ThreadingNone.cpp:
-        (WTF::threadContext):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::):
-        (WTF::identifierByPthreadHandle):
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::pthreadHandleForIdentifier):
-        (WTF::contextForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::currentThread):
-        (WTF::threadContext):
-        * wtf/ThreadingWin.cpp:
-        (WTF::):
-        (WTF::threadMap):
-        (WTF::storeThreadHandleByIdentifier):
-        (WTF::threadHandleForIdentifier):
-        (WTF::contextForIdentifier):
-        (WTF::createThreadInternal):
-        (WTF::threadContext):
-
-2010-02-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        [REGRESSION in r55185] EXC_BAD_ACCESS on opening inspector.
-        https://bugs.webkit.org/show_bug.cgi?id=35335
-
-        compileGetDirectOffset modifies the contents of the object register
-        when the object is not using the inline storage array.  As the object
-        register contains our 'this' pointer we can't allow it to be clobbered.
-        The fix is simply to copy the register into a separate scratch register
-        when we're loading off an object that doesn't use inline storage.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdSelfList):
-
-2010-02-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Speed up getter performance in the jit
-        https://bugs.webkit.org/show_bug.cgi?id=35332
-
-        Implement getter lookup caching in the interpreter.
-        The getter stubs are generated through basically the
-        same code paths as the normal get_by_id caching.
-        Instead of simply loading a property and returning,
-        we load the getter slot, and pass the getter, base value
-        and return address to a shared stub used for getter
-        dispatch.
-
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-        * runtime/GetterSetter.h:
-
-2010-02-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Web Inspector: Regression: r55027+: Inspector broken
-        https://bugs.webkit.org/show_bug.cgi?id=35253
-
-        op_get_by_id_getter_chain was not passing the correct this parameter.
-        The bug was caused by incorrect use of baseCell instead of baseValue,
-        baseValue contains the original object for the lookup (and hence the
-        correct this object), baseCell is clobbered as part of walking the
-        prototype chain.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-02-23  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Rubber-stamped by Dimitri Glazkov.
-
-        Chromium build fix.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2010-02-23  Leandro Pereira  <leandro@profusion.mobi>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        Changes references of GOwnPtr to reflect their new place.
-        http://webkit.org/b/35084
-
-        * JavaScriptCore/JavaScriptCore.gypi:
-        * JavaScriptCore/wtf/Threading.h:
-        * JavaScriptCore/wtf/unicode/glib/UnicodeGLib.h:
-
-2010-02-23  Leandro Pereira  <leandro@profusion.mobi>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Adding the EFL implementation of JavaScriptCore.
-        See https://bugs.webkit.org/show_bug.cgi?id=35084 for details.
-
-        * GNUmakefile.am: Updated to reflect the new location of GOwnPtr and
-                          GRefPtr.
-        * wtf/efl/MainThreadEfl.cpp: Added.
-        * wtf/gobject/GOwnPtr.cpp: Moved from wtf/gtk.
-        * wtf/gobject/GOwnPtr.h: Moved from wtf/gtk.
-        * wtf/gobject/GRefPtr.cpp: Moved from wtf/gtk.
-        * wtf/gobject/GRefPtr.h: Moved from wtf/gtk.
-
-2010-02-22  Julien Chaffraix  <jchaffraix@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Remove auto_ptr usage in JavaScriptCore.
-        https://bugs.webkit.org/show_bug.cgi?id=35221
-
-        * parser/Nodes.h: Removed now unneeded adopt method.
-        * parser/Parser.cpp: Removed <memory> include as it is not required anymore.
-        * wtf/OwnPtr.h: Removed the constructor from auto_ptr.
-        * wtf/VectorTraits.h: Removed a template specialization for auto_ptr.
-        * wtf/unicode/Collator.h: Made userDefault return a PassOwnPtr.
-        * wtf/unicode/CollatorDefault.cpp:
-        (WTF::Collator::userDefault): Changed the method to match the next signature.
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::Collator::userDefault): Ditto.
-
-2010-02-22  Huahui Wu  <hwu@google.com>
-
-        Reviewed by Eric Seidel.
-
-        Add code that enables SquirrelFish Extreme (a.k.a JSCX, JSC JIT)
-        in Android. It's disabled by default, but is enabled when the 
-        enveronment variable ENABLE_JSC_JIT is set to true.
-        https://bugs.webkit.org/show_bug.cgi?id=34855
-
-        * Android.mk:
-        * wtf/Platform.h:
-
-2010-02-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JSStringBuilder should not CRASH if allocation fails, it should throw a JSException.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSStringBuilder.h:
-        (JSC::JSStringBuilder::JSStringBuilder):
-        (JSC::JSStringBuilder::append):
-        (JSC::JSStringBuilder::build):
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::build):
-        * wtf/Vector.h:
-        (WTF::VectorBufferBase::tryAllocateBuffer):
-        (WTF::):
-        (WTF::VectorBuffer::tryAllocateBuffer):
-        (WTF::::tryExpandCapacity):
-        (WTF::::tryReserveCapacity):
-        (WTF::::tryAppend):
-
-2010-02-22  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Map FastMalloc to BREW memory allocator
-        https://bugs.webkit.org/show_bug.cgi?id=33570
-
-        Use MALLOC macro instead of the standard malloc function.
-        Although RVCT provides malloc, we can't use it in BREW
-        because the loader does not initialize the base address properly.
-
-        * wtf/FastMalloc.cpp:
-        * wtf/brew/SystemMallocBrew.h: Added.
-        (mallocBrew):
-        (callocBrew):
-        (freeBrew):
-        (reallocBrew):
-
-2010-02-22  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Build fix for make distcheck.
-
-        * GNUmakefile.am:
-
-2010-02-22  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed build fix.
-
-        [Qt] Build fix for RVCT.
-
-        Fix after r55024. The "-i" option is for perl not for the
-        script.
-
-        * DerivedSources.pro:
-
-2010-02-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Make UString::m_data be const, and make the UChar owned/ref-counted by CrossThreadRefCounted be const too.
-
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::baseSharedBuffer):
-        (JSC::UStringImpl::~UStringImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::create):
-        (JSC::UStringImpl::data):
-        (JSC::UStringImpl::UStringImpl):
-        * wtf/OwnFastMallocPtr.h:
-        (WTF::OwnFastMallocPtr::~OwnFastMallocPtr):
-
-2010-02-21  Yuta Kitamura  <yutak@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        HashMapTranslatorAdapter::translate() needs to set the mapped value.
-
-        HTTPHeaderMap::add(const char*, const String&) does not work
-        https://bugs.webkit.org/show_bug.cgi?id=35227
-
-        * wtf/HashMap.h:
-        (WTF::HashMapTranslatorAdapter::translate):
-
-2010-02-19  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by David Levin.
-
-        Add an ENABLE flag for sandboxed iframes to make it possible to disable it in releases
-        https://bugs.webkit.org/show_bug.cgi?id=35147
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-02-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JSString::getIndex() calls value() to resolve the string value (is a rope)
-        to a UString, then passes the result to jsSingleCharacterSubstring without
-        checking for an exception.  In case of out-of-memory the returned UString
-        is null(), which may result in an out-of-buounds substring being created.
-        This is bad.
-
-        Simple fix is to be able to get an index from a rope without resolving to
-        UString.  This may be a useful optimization in some test cases.
-
-        The same bug exists in some other methods is JSString, these can be fixed
-        by changing them to call getIndex().
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::JSString::getIndex):
-        (JSC::jsSingleCharacterString):
-        (JSC::JSString::getStringPropertySlot):
-        * runtime/UStringImpl.cpp:
-        (JSC::singleCharacterSubstring):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::singleCharacterSubstring):
-
-2010-02-19  Oliver Hunt  <oliver@apple.com>
-
-        RS = Gavin Barraclough.
-
-        Split the 32/64 version of JITPropertyAccess into a separate file.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp: Added.
-        (JSC::JIT::emit_op_put_by_index):
-        (JSC::JIT::emit_op_put_getter):
-        (JSC::JIT::emit_op_put_setter):
-        (JSC::JIT::emit_op_del_by_id):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emitSlow_op_method_check):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchMethodCallProto):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::emit_op_get_by_pname):
-        (JSC::JIT::emitSlow_op_get_by_pname):
-
-2010-02-19  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Laszlo Gombos.
-
-        Added additional parameter to create_rvct_stubs 
-        for setting the regularexpression prefix.
-        Renamed it because it now works for other platforms too.
-        https://bugs.webkit.org/show_bug.cgi?id=34951
-
-        * DerivedSources.pro:
-        * create_jit_stubs: Copied from JavaScriptCore/create_rvct_stubs.
-        * create_rvct_stubs: Removed.
-
-2010-02-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improve interpreter getter performance
-        https://bugs.webkit.org/show_bug.cgi?id=35138
-
-        Improve the performance of getter dispatch by making it possible
-        for the interpreter to cache the GetterSetter object lookup.
-
-        To do this we simply need to make PropertySlot aware of getters
-        as a potentially cacheable property, and record the base and this
-        objects for a getter access.  This allows us to use more-or-less
-        identical code to that used by the normal get_by_id caching, with
-        the dispatch being the only actual difference.
-
-        I'm holding off of implementing this in the JIT until I do some
-        cleanup to try and making coding in the JIT not be as horrible
-        as it is currently.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        * bytecode/Opcode.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::fillGetterPropertySlot):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::isGetter):
-        (JSC::PropertySlot::isCacheable):
-        (JSC::PropertySlot::isCacheableValue):
-        (JSC::PropertySlot::setValueSlot):
-        (JSC::PropertySlot::setGetterSlot):
-        (JSC::PropertySlot::setCacheableGetterSlot):
-        (JSC::PropertySlot::clearOffset):
-        (JSC::PropertySlot::thisValue):
-
-2010-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed a portion of:
-        <rdar://problem/7165917> | https://bugs.webkit.org/show_bug.cgi?id=28676
-        Safari 4 does not release memory back to the operating system fast enough (28676)
-        
-        This patch fixes a surprisingly common edge case in which the page heap
-        would have only one free span, but that span would be larger than the
-        minimum free size, so we would decide not to free it, even though it
-        could be as large as 100MB or more!
-        
-        SunSpider reports no change on Mac or Windows.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavenge): Call shouldContinueScavenging() instead
-        of doing the math ourselves. Don't keep a local value for pagesDecommitted
-        because that lets free_committed_pages_ be wrong temporarily. Instead,
-        update free_committed_pages_ as we go. ASSERT that we aren't releasing
-        a span that has already been released, because we think this is impossible.
-        Finally, don't be afraid to release all free memory in the page heap when
-        scavenging. We only scavenge after 5 seconds of the application's working
-        set not growing, and we keep both thread caches and a central cache on
-        top of the page heap, so the extra free pages in the page heap were just
-        overkill.
-
-2010-02-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=35070
-        Addition of 2 strings of length 2^31 may result in a string of length 0.
-
-        Check for overflow when creating a new JSString as a result of an addition
-        or concatenation, throw an out of memory exception.
-
-        * runtime/JSString.h:
-        (JSC::):
-        * runtime/Operations.h:
-        (JSC::jsString):
-
-2010-02-17  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gustavo Noronha.
-
-        [Linux] Webkit incompatible with Java plugins
-        https://bugs.webkit.org/show_bug.cgi?id=24912
-
-        Add support for GFile to GOwnPtr.
-
-        Based on original work by Gustavo Noronha.
-
-        * wtf/gtk/GOwnPtr.cpp:
-        (WTF::GFile):
-        * wtf/gtk/GOwnPtr.h:
-
-2010-02-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Fix a handful of other leaks seen on the buildbot.
-
-        * runtime/UStringImpl.h:
-        (JSC::UStringOrRopeImpl::deref): Delegate through to the subclass version of deref to ensure that
-        the correct cleanup takes place.  This function previously featured some code that attempted to
-        skip deletion of static UStringImpl's.  Closer inspection revealed that it was in fact equivalent
-        to "if (false)", meaning that UStringImpl's which had their final deref performed via this function
-        were leaked.
-
-2010-02-16  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix a handful of leaks seen on the buildbot.
-
-        * runtime/UStringImpl.h:
-        (JSC::UStringOrRopeImpl::deref): Call URopeImpl::destructNonRecursive rather than delete
-        to ensure that the rope's fibers are also destroyed.
-
-2010-02-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34964
-        Leaks tool reports false memory leaks due to Rope implementation.
-
-        A rope is a recursive data structure where each node in the rope holds a set of
-        pointers, each of which may reference either a string (in UStringImpl form) or
-        another rope node.  A low bit in each pointer is used to distinguish between
-        rope & string elements, in a fashion similar to the recently-removed
-        PtrAndFlags class (see https://bugs.webkit.org/show_bug.cgi?id=33731 ).  Again,
-        this causes a problem for Leaks - refactor to remove the magic pointer
-        mangling.
-
-        Move Rope out from JSString.h and rename to URopeImpl, to match UStringImpl.
-        Give UStringImpl and URopeImpl a common parent class, UStringOrRopeImpl.
-        Repurpose an otherwise invalid permutation to flags (static & should report
-        memory cost) to identify ropes.
-
-        This allows us to change the rope's fibers to interrogate the object rather
-        than storing a bool within the low bits of the pointer (or in some cases the
-        use of a common parent class removes the need to determine the type at all -
-        there is a common interface to ref or get the length of either ropes or strings).
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::keyForCharacterSwitch):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::equal):
-        (JSC::Identifier::addSlowCase):
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        * runtime/JSString.h:
-        (JSC::):
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::~JSString):
-        (JSC::RopeBuilder::appendStringInConstruct):
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
-        (JSC::RopeBuilder::JSStringFinalizerStruct::JSStringFinalizerStruct):
-        (JSC::RopeBuilder::JSStringFinalizerStruct::):
-        * runtime/UString.cpp:
-        (JSC::UString::toStrictUInt32):
-        (JSC::equal):
-        * runtime/UString.h:
-        (JSC::UString::isEmpty):
-        (JSC::UString::size):
-        * runtime/UStringImpl.cpp:
-        (JSC::URopeImpl::derefFibersNonRecursive):
-        (JSC::URopeImpl::destructNonRecursive):
-        * runtime/UStringImpl.h:
-        (JSC::UStringOrRopeImpl::isRope):
-        (JSC::UStringOrRopeImpl::length):
-        (JSC::UStringOrRopeImpl::ref):
-        (JSC::UStringOrRopeImpl::):
-        (JSC::UStringOrRopeImpl::operator new):
-        (JSC::UStringOrRopeImpl::UStringOrRopeImpl):
-        (JSC::UStringImpl::adopt):
-        (JSC::UStringImpl::createUninitialized):
-        (JSC::UStringImpl::tryCreateUninitialized):
-        (JSC::UStringImpl::data):
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::deref):
-        (JSC::UStringImpl::UStringImpl):
-        (JSC::UStringImpl::):
-        (JSC::URopeImpl::tryCreateUninitialized):
-        (JSC::URopeImpl::initializeFiber):
-        (JSC::URopeImpl::fiberCount):
-        (JSC::URopeImpl::fibers):
-        (JSC::URopeImpl::deref):
-        (JSC::URopeImpl::URopeImpl):
-        (JSC::URopeImpl::hasOneRef):
-        (JSC::UStringOrRopeImpl::deref):
-
-2010-02-15  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix the SP at ctiOpThrowNotCaught on Thumb2 (JSVALUE32)
-        https://bugs.webkit.org/show_bug.cgi?id=34939
-
-        * jit/JITStubs.cpp:
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Build Fix!).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Some general Rope related refactoring.
-
-        Rename Rope::m_ropeLength to m_fiberCount, to be more descriptive.
-        Rename Rope::m_stringLength to simply m_length (since this is the
-        more conventional name for the length of a string).  Move append
-        behaviour out into a new RopeBuilder class, so that Rope no longer
-        needs any knowledge of the JSString or UString implementation.
-
-        Make Rope no longer be nested within JSString.
-        (Rope now no-longer need reside within JSString.h, but leaving
-        the change of moving this out to a different header as a separate
-        change from these renames).
-
-        * JavaScriptCore.exp:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * runtime/JSString.cpp:
-        (JSC::Rope::destructNonRecursive):
-        (JSC::Rope::~Rope):
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::toBoolean):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::Rope::Fiber::Fiber):
-        (JSC::Rope::Fiber::deref):
-        (JSC::Rope::Fiber::ref):
-        (JSC::Rope::Fiber::refAndGetLength):
-        (JSC::Rope::Fiber::isRope):
-        (JSC::Rope::Fiber::rope):
-        (JSC::Rope::Fiber::isString):
-        (JSC::Rope::Fiber::string):
-        (JSC::Rope::Fiber::nonFiber):
-        (JSC::Rope::tryCreateUninitialized):
-        (JSC::Rope::append):
-        (JSC::Rope::fiberCount):
-        (JSC::Rope::length):
-        (JSC::Rope::fibers):
-        (JSC::Rope::Rope):
-        (JSC::Rope::operator new):
-        (JSC::):
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::~JSString):
-        (JSC::RopeBuilder::length):
-        (JSC::RopeBuilder::canGetIndex):
-        (JSC::RopeBuilder::appendStringInConstruct):
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
-        (JSC::RopeBuilder::isRope):
-        (JSC::RopeBuilder::fiberCount):
-        (JSC::JSString::getStringPropertySlot):
-        * runtime/Operations.h:
-        (JSC::jsString):
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Add missing cast for !YARR (PPC) builds.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-
-2010-02-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33731
-        Many false leaks in release builds due to PtrAndFlags
-
-        StructureTransitionTable was effectively a smart pointer type,
-        one machine word in size and wholly contained as a member of
-        of Structure.  It either pointed to an actual table, or could
-        be used to describe a single transtion entry without use of a
-        table.
-
-        This, however, worked by using a PtrAndFlags, which is not
-        compatible with the leaks tool.  Since there is no clear way to
-        obtain another bit for 'free' here, and since there are bits
-        available up in Structure, merge this functionality back up into
-        Structure.  Having this in a separate class was quite clean
-        from an enacapsulation perspective, but this solution doesn't
-        seem to bad - all table access is now intermediated through the
-        Structure::structureTransitionTableFoo methods, keeping the
-        optimization fairly well contained.
-
-        This was the last use of PtrAndFlags, so removing the file too.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::hasTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::):
-        (JSC::Structure::structureTransitionTableContains):
-        (JSC::Structure::structureTransitionTableGet):
-        (JSC::Structure::structureTransitionTableHasTransition):
-        (JSC::Structure::structureTransitionTableRemove):
-        (JSC::Structure::structureTransitionTableAdd):
-        (JSC::Structure::structureTransitionTable):
-        (JSC::Structure::setStructureTransitionTable):
-        (JSC::Structure::singleTransition):
-        (JSC::Structure::setSingleTransition):
-        * runtime/StructureTransitionTable.h:
-        * wtf/PtrAndFlags.h: Removed.
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Geoff Garen.
-
-        Bug 34948 - tryMakeString should fail on error in length calculation
-
-        Ooops! - "bool overflow" argument should have been "bool& overflow".
-
-        * runtime/UString.h:
-        (JSC::sumWithOverflow):
-        (JSC::tryMakeString):
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Build Fix (pt 2!)).
-
-        Some symbol names have changed, remove, will readd if required.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Build Fix (pt 1?)).
-
-        Some symbol names have changed, remove, will readd if required.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed some mistaken code added in http://trac.webkit.org/changeset/53860.
-
-        * API/APIShims.h:
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim): No need to start/stop the
-        timeout checker when calling out from the API to the client; we want to
-        monitor the VM for timeouts, not the client. This mistake was harmless /
-        undetectable, since it's totally redundant with the APIEntryShim, which
-        also starts / stops the timeout checker.
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 34952 - String lengths in UString should be unsigned.
-        This matches WebCore::StringImpl, and better unifies behaviour throughout JSC.
-
-        * JavaScriptCore.exp:
-        * bytecode/EvalCodeCache.h:
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::equal):
-        * runtime/Identifier.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEscape):
-        * runtime/JSONObject.cpp:
-        (JSC::gap):
-        (JSC::Stringifier::indent):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncSplit):
-        (JSC::trimString):
-        * runtime/UString.cpp:
-        (JSC::UString::UString):
-        (JSC::UString::from):
-        (JSC::UString::getCString):
-        (JSC::UString::ascii):
-        (JSC::UString::operator[]):
-        (JSC::UString::toStrictUInt32):
-        (JSC::UString::find):
-        (JSC::UString::rfind):
-        (JSC::UString::substr):
-        (JSC::operator<):
-        (JSC::operator>):
-        (JSC::compare):
-        (JSC::equal):
-        (JSC::UString::UTF8String):
-        * runtime/UString.h:
-        (JSC::UString::size):
-        (JSC::operator==):
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::create):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::create):
-        (JSC::UStringImpl::size):
-        (JSC::UStringImpl::computeHash):
-        (JSC::UStringImpl::UStringImpl):
-
-2010-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 34948 - tryMakeString should fail on error in length calculation
-
-        The sum of the length of substrings could overflow.
-
-        * runtime/UString.h:
-        (JSC::sumWithOverflow):
-        (JSC::tryMakeString):
-
-2010-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed <rdar://problem/7628524> Crash beneath JSGlobalContextRelease when
-        typing in Google search field with GuardMalloc/full page heap enabled
-
-        * API/JSContextRef.cpp: Don't use APIEntryShim, since that requires
-        a JSGlobalData, which this function destroys. Do use setCurrentIdentifierTable
-        and JSLock instead, since those are the two features of APIEntryShim we
-        require.
-
-2010-02-15  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Laszlo Gombos.
-
-        Added additional parameter to create_rvct_stubs 
-        for setting the offset of thunkReturnAddress.
-        https://bugs.webkit.org/show_bug.cgi?id=34657
-
-        * create_rvct_stubs:
-        * jit/JITStubs.cpp:
-
-2010-02-15  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix QScriptValue::toIntXX methods.
-
-        More ECMA Script compliance.
-
-        [Qt] QScriptValue::toIntXX returns incorrect values
-        https://bugs.webkit.org/show_bug.cgi?id=34847
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::toInteger):
-        (QScriptValuePrivate::toInt32):
-        (QScriptValuePrivate::toUInt32):
-        (QScriptValuePrivate::toUInt16):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp:
-        (tst_QScriptValue::toInteger_initData):
-        (tst_QScriptValue::toInteger_makeData):
-        (tst_QScriptValue::toInteger_test):
-        (tst_QScriptValue::toInt32_initData):
-        (tst_QScriptValue::toInt32_makeData):
-        (tst_QScriptValue::toInt32_test):
-        (tst_QScriptValue::toUInt32_initData):
-        (tst_QScriptValue::toUInt32_makeData):
-        (tst_QScriptValue::toUInt32_test):
-        (tst_QScriptValue::toUInt16_initData):
-        (tst_QScriptValue::toUInt16_makeData):
-        (tst_QScriptValue::toUInt16_test):
-
-2010-02-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Adam Barth.
-
-        Implement NEVER_INLINE and NO_RETURN for RVCT
-        https://bugs.webkit.org/show_bug.cgi?id=34740
-
-        * wtf/AlwaysInline.h:
-
-2010-02-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33731
-        Remove uses of PtrAndFlags from JIT data stuctures.
-
-        These break the OS X Leaks tool.  Free up a bit in CallLinkInfo, and invalid
-        permutation of pointer states in MethodCallLinkInfo to represent the removed bits.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::seenOnce):
-        (JSC::CallLinkInfo::setSeen):
-        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-        * jit/JIT.cpp:
-        (JSC::JIT::unlinkCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * runtime/UString.h:
-
-2010-02-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33731
-        Many false leaks in release builds due to PtrAndFlags
-
-        Remove UntypedPtrAndBitfield (similar to PtrAndFlags) in UStringImpl,
-        and steal bits from the refCount instead.
-
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::baseSharedBuffer):
-        (JSC::UStringImpl::~UStringImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::isIdentifier):
-        (JSC::UStringImpl::setIsIdentifier):
-        (JSC::UStringImpl::ref):
-        (JSC::UStringImpl::deref):
-        (JSC::UStringImpl::UStringImpl):
-        (JSC::UStringImpl::bufferOwnerString):
-        (JSC::UStringImpl::bufferOwnership):
-        (JSC::UStringImpl::isStatic):
-        (JSC::UStringImpl::):
-
-2010-02-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Removed an unnecessary data dependency from my last patch.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::markChildren): Since isAnyStringMarked being false
-        is a condition of entering the loop, we can just use '=' instead of '|='.
-
-2010-02-12  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Additional refptr/passrefptr workarounds for WINSCW compiler
-        https://bugs.webkit.org/show_bug.cgi?id=28054
-
-        * wtf/PassRefPtr.h:
-        (WTF::refIfNotNull):
-        (WTF::PassRefPtr::PassRefPtr):
-        (WTF::PassRefPtr::~PassRefPtr):
-        (WTF::PassRefPtr::clear):
-        (WTF::::operator):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::RefPtr):
-        (WTF::::operator):
-
-2010-02-12  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Additional refptr/passrefptr workarounds for WINSCW compiler
-        https://bugs.webkit.org/show_bug.cgi?id=28054
-
-        * wtf/PassRefPtr.h:
-        (WTF::refIfNotNull):
-        (WTF::PassRefPtr::PassRefPtr):
-        (WTF::PassRefPtr::~PassRefPtr):
-        (WTF::PassRefPtr::clear):
-        (WTF::::operator):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::RefPtr):
-        (WTF::::operator):
-
-2010-02-12  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Additional refptr/passrefptr workarounds for WINSCW compiler
-        https://bugs.webkit.org/show_bug.cgi?id=28054
-
-        * wtf/PassRefPtr.h:
-        (WTF::refIfNotNull):
-        (WTF::PassRefPtr::PassRefPtr):
-        (WTF::PassRefPtr::~PassRefPtr):
-        (WTF::PassRefPtr::clear):
-        (WTF::::operator):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::RefPtr):
-        (WTF::::operator):
-
-2010-02-12  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Don't import the cmath functions from std:: for WINSCW.
-
-        * wtf/MathExtras.h:
-
-2010-02-12  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Adam Barth.
-
-        Typedef both JSChar and UChar to wchar_t in RVCT.
-        https://bugs.webkit.org/show_bug.cgi?id=34560
-
-        Define both JSChar and UChar to wchar_t as the size
-        of wchar_t is 2 bytes in RVCT.
-
-        * API/JSStringRef.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2010-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt and Darin Adler.
-
-        The rest of the fix for
-        https://bugs.webkit.org/show_bug.cgi?id=34864 | <rdar://problem/7594198>
-        Many objects left uncollected after visiting mail.google.com and closing
-        window
-        
-        Don't unconditionally hang onto small strings. Instead, hang onto all
-        small strings as long as any small string is still referenced.
-        
-        SunSpider reports no change.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::markRoots): Mark the small strings cache last, so it can
-        check if anything else has kept any strings alive.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::isMarked):
-        (JSC::SmallStrings::markChildren): Only keep our strings alive if some
-        other reference to at least one of them exists, too.
-
-2010-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Some progress toward fixing
-        https://bugs.webkit.org/show_bug.cgi?id=34864 | <rdar://problem/7594198>
-        Many objects left uncollected after visiting mail.google.com and closing
-        window
-        
-        SunSpider reports no change.
-        
-        Keep weak references, rather than protected references, to cached for-in
-        property name enumerators.
-        
-        One problem with protected references is that a chain like 
-            [ gc object 1 ] => [ non-gc object ] => [ gc object 2 ]
-        takes two GC passes to break, since the first pass collects [ gc object 1 ],
-        releasing [ non-gc object ] and unprotecting [ gc object 2 ], and only
-        then can a second pass collect [ gc object 2 ].
-        
-        Another problem with protected references is that they can keep a bunch
-        of strings alive long after they're useful. In SunSpider and a few popular
-        websites, the size-speed tradeoff seems to favor weak references.
-
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator): Moved this constructor
-        into the .cpp file, since it's not used elsewhere.
-
-        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator): Added a destructor
-        to support our weak reference.
-
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::Structure::setEnumerationCache):
-        (JSC::Structure::clearEnumerationCache):
-        (JSC::Structure::enumerationCache): Added a function for clearing a
-        Structure's enumeration cache, used by our new destructor. Also fixed
-        indentation to match the rest of the file.
-
-        * runtime/Structure.h: Changed from protected pointer to weak pointer.
-
-2010-02-11  Chris Rogers  <crogers@google.com>
-
-        Reviewed by David Levin.
-
-        audio engine: add Complex number class
-        https://bugs.webkit.org/show_bug.cgi?id=34538
-
-        * wtf/Complex.h: Added.
-        (WebCore::complexFromMagnitudePhase):
-
-2010-02-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Added an SPI for asking about all the different live objects on the heap.
-        Useful for memory debugging.
-
-        * JavaScriptCore.exp: Export the new SPI.
-
-        * runtime/Collector.cpp:
-        (JSC::typeName): Use a little capitalization. Don't crash in the case of
-        a non-object cell, since it might just be an uninitialized cell.
-
-        (JSC::Heap::objectTypeCounts): The new SPI.
-
-        * runtime/Collector.h:
-        * runtime/CollectorHeapIterator.h:
-        (JSC::CollectorHeapIterator::advance):
-        (JSC::LiveObjectIterator::operator++):
-        (JSC::DeadObjectIterator::operator++):
-        (JSC::ObjectIterator::operator++): Made 2 tweaks to these iterators:
-        (1) Skip the last cell in the block, since it's a dummy sentinel, and
-        we don't want it to confuse the object count; (2) Fixed a logic error
-        in LiveObjectIterator that could cause it to iterate dead objects if
-        m_block were equal to m_heap.nextBlock and m_cell were less than
-        m_heap.nextCell. No test for this since I can't think of a way that this
-        could make WebKit behave badly.
-
-2010-02-11  Steve Block  <steveblock@google.com>
-
-        Reviewed by Darin Adler.
-
-        Guard cmath using declarations in MathExtras.h on Android
-        https://bugs.webkit.org/show_bug.cgi?id=34840
-
-        Android does not provide these functions.
-
-        * wtf/MathExtras.h:
-
-2010-02-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Restore ENABLE_RUBY flag so vendors can ship with Ruby disabled if they choose.
-        https://bugs.webkit.org/show_bug.cgi?id=34698
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-02-10  Kevin Watters  <kevinwatters@gmail.com>
-
-        Reviewed by Kevin Ollivier.
-
-        [wx] Add Windows complex text support and Mac support for containsCharacters.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=34759
-
-        * wscript:
-
-2010-02-10  Alexey Proskuryakov  <ap@apple.com>
-
-        Addressing issues found by style bot.
-
-        * wtf/ValueCheck.h: Renamed header guard to match final file name.
-
-        * wtf/Vector.h: (WTF::::checkConsistency): Remove braces around a one-line clause.
-
-2010-02-09  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34490
-        WebCore::ImageEventSender::dispatchPendingEvents() crashes in certain conditions
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Added ValueCheck.h.
-
-        * wtf/ValueCheck.h: Added. Moved code out of HashTraits, since it would be awkward to
-        include that from Vector.h.
-        (WTF::ValueCheck::checkConsistency): Allow null pointers, those are pretty consistent.
-
-        * wtf/HashTraits.h: Moved value checking code out of here.
-
-        * wtf/HashTable.h: (WTF::::checkTableConsistencyExceptSize): Updated for the above changes.
-
-        * wtf/Vector.h:
-        (WTF::::checkConsistency): Check all vector elements.
-        (WTF::ValueCheck): Support checking a Vector as an element in other containers. Currently
-        unused.
-
-2010-02-10  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix QScriptValue::toBool.
-
-        Fix ECMA compliance in the QScriptValue for values like 0, NaN and
-        empty strings.
-
-        [Qt] QScriptValue::toBool problem
-        https://bugs.webkit.org/show_bug.cgi?id=34793
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::toBool):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp:
-        (tst_QScriptValue::toBool_initData):
-        (tst_QScriptValue::toBool_makeData):
-        (tst_QScriptValue::toBool_test):
-        (tst_QScriptValue::toBoolean_initData):
-        (tst_QScriptValue::toBoolean_makeData):
-        (tst_QScriptValue::toBoolean_test):
-
-2009-10-06  Yongjun Zhang  <yongjun.zhang@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Use derefIfNotNull() to work around WINSCW compiler forward declaration bug
-
-        The compiler bug is reported at
-        https://xdabug001.ext.nokia.com/bugzilla/show_bug.cgi?id=9812.
-
-        The change should be reverted when the above bug is fixed in WINSCW compiler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28054
-
-2009-10-06  Yongjun Zhang  <yongjun.zhang@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Get rid of WINSCW hack for UnSpecifiedBoolType
-
-        Add parenthesis around (RefPtr::*UnspecifiedBoolType) to make the WINSCW
-        compiler work with the default UnSpecifiedBoolType() operator.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28054
-
-        * wtf/RefPtr.h:
-
-2010-02-09  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        New functions nullValue() and undefinedValue().
-
-        [Qt] QScriptEngine should contain nullValue and undefinedValue methods
-        https://bugs.webkit.org/show_bug.cgi?id=34749
-
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::nullValue):
-        (QScriptEngine::undefinedValue):
-        * qt/api/qscriptengine.h:
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::nullValue):
-        (tst_QScriptEngine::undefinedValue):
-
-2010-02-09  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fixes for QScriptValue::toNumber().
-
-        Fix ECMA compliance in QScriptValue for values unbound
-        to a QScriptEngine.
-
-        [Qt] QScriptValue::toNumber() is broken
-        https://bugs.webkit.org/show_bug.cgi?id=34592
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::toNumber):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp:
-        (tst_QScriptValue::toNumber_initData):
-        (tst_QScriptValue::toNumber_makeData):
-        (tst_QScriptValue::toNumber_test):
-
-2010-02-09  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix QScriptValue::isNumber().
-
-        The isNumber() should return 'true' if the value is in the CNumber
-        state.
-
-        [Qt] QScriptValue::isNumber() returns an incorrect value
-        https://bugs.webkit.org/show_bug.cgi?id=34575
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::isNumber):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp:
-        (tst_QScriptValue::isNumber_initData):
-        (tst_QScriptValue::isNumber_makeData):
-        (tst_QScriptValue::isNumber_test):
-
-2010-02-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Small refactoring to the small strings cache to allow it to be cleared
-        dynamically.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::SmallStrings):
-        (JSC::SmallStrings::clear):
-        * runtime/SmallStrings.h: Moved initialization code into a shared function,
-        and changed the constructor to call it.
-
-2010-02-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Geoff Garen.
-
-        Rename StringBuilder::release && JSStringBuilder::releaseJSString
-        to 'build()'.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::paramString):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::stringify):
-        * runtime/JSStringBuilder.h:
-        (JSC::JSStringBuilder::build):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lexString):
-        * runtime/NumberPrototype.cpp:
-        (JSC::integerPartNoExp):
-        (JSC::numberProtoFuncToFixed):
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::build):
-
-2010-02-09  John Sullivan  <sullivan@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=34772
-        Overzealous new assertion in URStringImpl::adopt()
-
-        Reviewed by Adam Barth.
-
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::adopt):
-        Only assert that vector.data() is non-zero if vector.size() is non-zero.
-
-2010-02-09  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Not reviewed. Try to fix build problem on SnowLeopard slaves to bring them back.
-
-        * API/JSClassRef.cpp:
-        (tryCreateStringFromUTF8): Mark method as 'static inline' to suppress "warning: no previous prototype for ..."
-
-2010-02-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Three small string fixes:
-        (1) StringBuilder::release should CRASH if the buffer allocation failed.
-        (2) Remove weird, dead code from JSString::tryGetValue, replace with an ASSERT.
-        (3) Move UString::createFromUTF8 out to the API, as tryCreateStringFromUTF8.
-            This is only used from the API, and (now) unlike other UString::create
-            methods may return UString::null() to indicate failure cases.  Better
-            handle these in the API.
-
-        * API/JSClassRef.cpp:
-        (tryCreateStringFromUTF8):
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        * runtime/JSString.h:
-        (JSC::Fiber::tryGetValue):
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::release):
-        * runtime/UString.cpp:
-        (JSC::UString::UString):
-        (JSC::UString::from):
-        (JSC::UString::find):
-        * runtime/UString.h:
-
-2010-02-09  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] use nanval() for Symbian as nonInlineNaN
-        https://bugs.webkit.org/show_bug.cgi?id=34170
-
-        numeric_limits<double>::quiet_NaN is broken in Symbian
-        causing NaN to be evaluated as a number.
-
-        * runtime/JSValue.cpp:
-        (JSC::nonInlineNaN):
-
-2010-02-09  Tamas Szirbucz  <szirbucz@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Add a soft modulo operation to ARM JIT using a trampoline function.
-        The performance progression is about ~1.8% on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=34424
-
-        Developed in cooperation with Gabor Loki.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::softModulo):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiSoftModulo):
-        * wtf/Platform.h:
-
-2010-02-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (SL/win build fixes).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/StringPrototype.cpp:
-
-2010-02-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt
-
-        Make String.replace throw an exception on out-of-memory, rather than
-        returning a null (err, empty-ish) string.  Move String::replaceRange
-        and String::spliceSubstringsWithSeparators out to StringPrototype -
-        these were fairly specific use anyway, and we can better integrate
-        throwing the JS expcetion this way.
-
-        Also removes redundant assignment operator from UString.
-
-        * JavaScriptCore.exp:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringRange::StringRange):
-        (JSC::jsSpliceSubstringsWithSeparators):
-        (JSC::jsReplaceRange):
-        (JSC::stringProtoFuncReplace):
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-
-2010-02-08  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Undefine WTF_OS_WINDOWS and WTF_PLATFORM_WIN
-        https://bugs.webkit.org/show_bug.cgi?id=34561
-
-        As the binary for simulator is built with MSVC 2005,
-        WTF_OS_WINDOWS and WTF_PLATFORM_WIN are defined.
-        Undefine them as we don't target Windows.
-
-        * wtf/Platform.h:
-
-2010-02-08  Chris Rogers  <crogers@google.com>
-
-        Reviewed by Darin Adler.
-
-        audio engine: add Vector3 class
-        https://bugs.webkit.org/show_bug.cgi?id=34548
-
-        * wtf/Vector3.h: Added.
-        (WebCore::Vector3::Vector3):
-        (WebCore::Vector3::abs):
-        (WebCore::Vector3::isZero):
-        (WebCore::Vector3::normalize):
-        (WebCore::Vector3::x):
-        (WebCore::Vector3::y):
-        (WebCore::Vector3::z):
-        (WebCore::operator+):
-        (WebCore::operator-):
-        (WebCore::operator*):
-        (WebCore::dot):
-        (WebCore::cross):
-        (WebCore::distance):
-
-2010-02-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix warning in clang++
-
-        * runtime/Structure.h:
-        (JSC::Structure::propertyStorageSize):
-
-2010-02-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Make makeString CRASH if we fail to allocate a string.
-
-        (tryMakeString or jsMakeNontrivialString can be used where we
-        expect allocation may fail and want to handle the error).
-
-        * runtime/JSStringBuilder.h:
-        (JSC::jsMakeNontrivialString):
-        * runtime/UString.h:
-        (JSC::tryMakeString):
-        (JSC::makeString):
-
-2010-02-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Oliver Hunt.
-
-        Remove a couple of unnecesary C-style casts spotted by Darin.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::globalFuncEscape):
-
-2010-02-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Switch some more StringBuilder/jsNontrivialString code to use
-        JSStringBuilder/jsMakeNontrivialString - these methods will
-        throw an exception if we hit out-of-memory, rather than just
-        CRASHing.
-
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEscape):
-
-2010-02-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Use an empty identifier instead of a null identifier for parse
-        tokens without an identifier.
-
-        This helps encapsulate the null UStringImpl within UString.
-
-        * parser/Grammar.y:
-        * parser/NodeConstructors.h:
-        (JSC::ContinueNode::ContinueNode):
-        (JSC::BreakNode::BreakNode):
-        (JSC::ForInNode::ForInNode):
-        * runtime/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        * runtime/CommonIdentifiers.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-
-2010-02-08  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Build fix for make distcheck.
-
-        * GNUmakefile.am:
-
-2010-02-08  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed RVCT build fix.
-
-        Similar to r54391, don't import the cmath functions from std:: for RVCT.
-
-        * wtf/MathExtras.h:
-
-2010-02-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Change UStringImpl::create to CRASH if the string cannot be allocated,
-        rather than returning a null string (which will behave like a zero-length
-        string if used).
-
-        Also move createRep function from UString to become new overloaded
-        UStringImpl::create methods.  In doing so, bring their behaviour closer to
-        being in line with WebCore::StringImpl, in removing the behaviour that they
-        can be used to produce null UStrings (ASSERT the char* provided is non-null).
-        This behaviour of converting null C-strings to null UStrings is inefficient
-        (cmompared to just using UString::null()), incompatible with WebCore::StringImpl's
-        behaviour, and may generate unexpected behaviour, since in many cases a null
-        UString can be used like an empty string.
-
-        With these changes UStringImpl need not have a concept of null impls, we can
-        start transitioning this to become an implementation detail of UString, that
-        internally it chooses to use a null-object rather than an actually zero impl
-        pointer.
-
-        * JavaScriptCore.exp:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::calculatedFunctionName):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * profiler/Profile.cpp:
-        (JSC::Profile::Profile):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::stopProfiling):
-        * runtime/Error.cpp:
-        (JSC::Error::create):
-        (JSC::throwError):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createError):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * runtime/UString.cpp:
-        (JSC::initializeUString):
-        (JSC::UString::UString):
-        (JSC::UString::operator=):
-        * runtime/UString.h:
-        (JSC::UString::isNull):
-        (JSC::UString::null):
-        (JSC::UString::rep):
-        (JSC::UString::UString):
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::create):
-        * runtime/UStringImpl.h:
-
-2010-02-05  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Define SYSTEM_MALLOC 1
-        https://bugs.webkit.org/show_bug.cgi?id=34640
-
-        Make BREWMP use system malloc because FastMalloc is not ported.
-
-        * wtf/Platform.h:
-
-2010-02-05  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Don't call CRASH() in fastMalloc and fastCalloc when the requested memory size is 0
-        https://bugs.webkit.org/show_bug.cgi?id=34569
-
-        With USE_SYSTEM_MALLOC=1, fastMalloc and fastCalloc call CRASH()
-        if the return value of malloc and calloc is 0.
-        
-        However, these functions can return 0 when the request size is 0.
-        Libc manual says, "If size is 0, then malloc() returns either NULL,
-        or a unique pointer value that can later be successfully passed to free()."
-        Though malloc returns a unique pointer in most systems,
-        0 can be returned in some systems. For instance, BREW's MALLOC returns 0
-        when size is 0.
-
-        If malloc or calloc returns 0 due to allocation size, increase the size
-        to 1 and try again.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMalloc):
-        (WTF::fastCalloc):
-
-2010-02-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Timothy Hatcher.
-
-        Build fix.  Remove a symbol corresponding to an inline function from the linker export
-        file to prevent a weak external failure.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Accommodate rename of script.
-
-2010-02-04  Daniel Bates  <dbates@webkit.org>
-
-        [Qt] Unreviewed, build fix for Qt bot.
-
-        * runtime/JSStringBuilder.h: Changed #include <X.h> notation #include "X.h".
-
-2010-02-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Clearing a WeakGCPtr is weird
-        https://bugs.webkit.org/show_bug.cgi?id=34627
-
-        Added a WeakGCPtr::clear interface.
-        
-        As discussed in https://bugs.webkit.org/show_bug.cgi?id=33383, the old
-        interface made it pretty weird for a client to conditionally clear a
-        WeakGCPtr, which is exactly what clients want to do when objects are
-        finalized.
-
-        * API/JSClassRef.cpp:
-        (clearReferenceToPrototype): Use the new WeakGCPtr::clear() interface. 
-
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::clear): Added an interface for clearing a WeakGCPtr,
-        iff its current value is the value passed in. It's cumbersome for the
-        client to do this test, since WeakGCPtr sometimes pretends to be null.
-
-2010-02-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: export a header.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-02-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add a JSStringBuilder class (similar-to, and derived-from StringBuilder) to
-        construct JSStrings, throwing a JS exception should we run out of memory whilst
-        allocating storage for the string.
-
-        Similarly, add jsMakeNontrivialString methods to use in cases where previously
-        we were calling makeString & passing the result to jsNontrivialString.  Again,
-        these new methods throw if we hit an out of memory condition.
-
-        Move throwOutOfMemoryError into ExceptionHelpers, to make it more widely available.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToGMTString):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::throwOutOfMemoryError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/JSStringBuilder.h: Added.
-        (JSC::JSStringBuilder::releaseJSString):
-        (JSC::jsMakeNontrivialString):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncToString):
-        * runtime/Operations.cpp:
-        * runtime/Operations.h:
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::append):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-
-2010-02-04  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * wtf/MathExtras.h:
-
-2010-02-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by David Levin.
-
-        Make MathExtras.h compatible with <cmath>
-        https://bugs.webkit.org/show_bug.cgi?id=34618
-
-        * wtf/MathExtras.h: Include <cmath> instead of <math.h>.
-        Use "using" as we do elsewhere in WTF for the four functions from <cmath>
-        we want to use without the prefix. Later we could consider making the std
-        explicit at call sites instead.
-
-2010-02-04  Tamas Szirbucz  <szirbucz@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Use an easily appendable structure for trampolines instead of pointer parameters.
-        https://bugs.webkit.org/show_bug.cgi?id=34424
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiStringLengthTrampoline):
-        (JSC::JITThunks::ctiVirtualCallLink):
-        (JSC::JITThunks::ctiVirtualCall):
-        (JSC::JITThunks::ctiNativeCallThunk):
-
-2010-02-04  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Increase test coverage for the QScriptValue.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34533
-
-        * qt/tests/qscriptvalue/qscriptvalue.pro:
-        * qt/tests/qscriptvalue/tst_qscriptvalue.cpp:
-        (tst_QScriptValue::tst_QScriptValue):
-        (tst_QScriptValue::~tst_QScriptValue):
-        (tst_QScriptValue::dataHelper):
-        (tst_QScriptValue::newRow):
-        (tst_QScriptValue::testHelper):
-        (tst_QScriptValue::ctor):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h: Added.
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated.cpp: Added.
-        (tst_QScriptValue::initScriptValues):
-        (tst_QScriptValue::isValid_initData):
-        (tst_QScriptValue::isValid_makeData):
-        (tst_QScriptValue::isValid_test):
-        (tst_QScriptValue::isBool_initData):
-        (tst_QScriptValue::isBool_makeData):
-        (tst_QScriptValue::isBool_test):
-        (tst_QScriptValue::isBoolean_initData):
-        (tst_QScriptValue::isBoolean_makeData):
-        (tst_QScriptValue::isBoolean_test):
-        (tst_QScriptValue::isFunction_initData):
-        (tst_QScriptValue::isFunction_makeData):
-        (tst_QScriptValue::isFunction_test):
-        (tst_QScriptValue::isNull_initData):
-        (tst_QScriptValue::isNull_makeData):
-        (tst_QScriptValue::isNull_test):
-        (tst_QScriptValue::isString_initData):
-        (tst_QScriptValue::isString_makeData):
-        (tst_QScriptValue::isString_test):
-        (tst_QScriptValue::isUndefined_initData):
-        (tst_QScriptValue::isUndefined_makeData):
-        (tst_QScriptValue::isUndefined_test):
-        (tst_QScriptValue::isObject_initData):
-        (tst_QScriptValue::isObject_makeData):
-        (tst_QScriptValue::isObject_test):
-
-2010-02-03  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Define WTF_PLATFORM_BREWMP_SIMULATOR when AEE_SIMULATOR is defined
-        https://bugs.webkit.org/show_bug.cgi?id=34514
-
-        PLATFORM(BREWMP_SIMULATOR) guard is needed to make distinction between BREWMP
-        and BREWMP simulator.
-
-        * wtf/Platform.h:
-
-2010-02-03  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Remove COMPILE_ASSERT conflict with the underlying PLATFORM
-        https://bugs.webkit.org/show_bug.cgi?id=34190
-
-        COMPILE_ASSERT conflicts with the underlying PLATFORM because it is defined
-        both in WTF's Assertions.h and BREWMP's AEEClassIDs.h. Include AEEClassIDs.h
-        in Assertions.h and undef COMPILE_ASSERT to avoid redefining COMPILE_ASSERT.
-
-        * wtf/Assertions.h:
-
-2010-02-03  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Implement OwnPtrBrew to make sure BREW instances are freed.
-        https://bugs.webkit.org/show_bug.cgi?id=34518
-
-        Add OwnPtrBrew to release IFile, IFileMgr and IBitmap instances.
-
-        * wtf/brew/OwnPtrBrew.cpp: Added.
-        (WTF::IFileMgr):
-        (WTF::IFile):
-        (WTF::IBitmap):
-        (WTF::freeOwnedPtrBrew):
-        * wtf/brew/OwnPtrBrew.h: Added.
-        (WTF::OwnPtrBrew::OwnPtrBrew):
-        (WTF::OwnPtrBrew::~OwnPtrBrew):
-        (WTF::OwnPtrBrew::get):
-        (WTF::OwnPtrBrew::release):
-        (WTF::OwnPtrBrew::outPtr):
-        (WTF::OwnPtrBrew::set):
-        (WTF::OwnPtrBrew::clear):
-        (WTF::OwnPtrBrew::operator*):
-        (WTF::OwnPtrBrew::operator->):
-        (WTF::OwnPtrBrew::operator!):
-        (WTF::OwnPtrBrew::operator UnspecifiedBoolType):
-        (WTF::OwnPtrBrew::swap):
-        (WTF::swap):
-        (WTF::operator==):
-        (WTF::operator!=):
-        (WTF::getPtr):
-
-2010-02-03  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Export WTF::fastStrDup symbol
-        https://bugs.webkit.org/show_bug.cgi?id=34526
-
-        * JavaScriptCore.exp:
-
-2010-02-03  Kevin Watters  <kevinwatters@gmail.com>
-
-        Reviewed by Kevin Ollivier.
-
-        [wx] Enable JIT compilation for wx.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=34536
-
-        * wtf/Platform.h:
-
-2010-02-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Crash in CollectorBitmap::get at nbcolympics.com
-        https://bugs.webkit.org/show_bug.cgi?id=34504
-
-        This was caused by the use of m_offset to determine the offset of
-        a new property into the property storage.  This patch corrects
-        the effected cases by incorporating the anonymous slot count. It
-        also removes the duplicate copy of anonymous slot count from the
-        property table as keeping this up to date merely increased the
-        chance of a mismatch.  Finally I've added a large number of
-        assertions in an attempt to prevent such a bug from happening
-        again.
-
-        With the new assertions in place the existing anonymous slot tests
-        all fail without the m_offset fixes.
-
-        * runtime/PropertyMapHashTable.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::get):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::insertIntoPropertyMapHashTable):
-        (JSC::Structure::createPropertyMapHashTable):
-        (JSC::Structure::rehashPropertyMapHashTable):
-        (JSC::Structure::checkConsistency):
-
-2010-02-02  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Copyright year updating for Windows version resources should be automatic
-        https://bugs.webkit.org/show_bug.cgi?id=34503
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc:
-
-2010-02-02  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Add dummy main thread functions
-        https://bugs.webkit.org/show_bug.cgi?id=33569
-
-        Add dummy initializeMainThreadPlatform and
-        scheduleDispatchFunctionsOnMainThread.
-
-        * wtf/brew/MainThreadBrew.cpp: Added.
-        (WTF::initializeMainThreadPlatform):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2010-02-02  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Add using WTF::getLocalTime to CurrentTime.h
-        https://bugs.webkit.org/show_bug.cgi?id=34493
-
-        * wtf/CurrentTime.h:
-
-2010-02-02  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Add HAVE_XXX definitions
-        https://bugs.webkit.org/show_bug.cgi?id=34414
-
-        Add HAVE_ERRNO_H=1
-
-        * wtf/Platform.h:
-
-2010-02-02  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Don't define HAVE_TM_GMTOFF, HAVE_TM_ZONE and HAVE_TIMEGM
-        https://bugs.webkit.org/show_bug.cgi?id=34388
-
-        BREWMP does not have these features.
-
-        * wtf/Platform.h:
-
-2010-02-02  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Define WTF_PLATFORM_BREWMP=1 when BUILDING_BREWMP is defined
-        https://bugs.webkit.org/show_bug.cgi?id=34386
-
-        Define WTF_PLATFORM_BREWMP=1 so that PLATFORM(BREWMP) guard can be used.
-
-        * wtf/Platform.h:
-
-2010-02-01  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Date.UTC() should apply TimeClip operation.
-        https://bugs.webkit.org/show_bug.cgi?id=34461
-
-        ECMAScript 5 15.9.4.3:
-        > 9 Return TimeClip(MakeDate(MakeDay(yr, m, dt), MakeTime(h, min, s, milli))).
-
-        * runtime/DateConstructor.cpp:
-        (JSC::dateUTC): Calls WTF::timeClip().
-
-2010-02-01  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Fix a bug that Math.round() retunrs incorrect results for huge integers
-        https://bugs.webkit.org/show_bug.cgi?id=34462
-
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncRound): Avoid "arg + 0.5".
-
-2010-02-01  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Port WTF's currentTime
-        https://bugs.webkit.org/show_bug.cgi?id=33567
-
-        Combine GETUTCSECONDS and GETTIMEMS to calculate the number
-        of milliseconds since 1970/01/01 00:00:00 UTC.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::currentTime):
-
-2010-02-01  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        [Qt] WinCE buildfix after r52729 and fix for Q_BIG_ENDIAN typo.
-        https://bugs.webkit.org/show_bug.cgi?id=34378
-
-        * wtf/Platform.h:
-
-2010-02-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Structure not accounting for anonymous slots when computing property storage size
-        https://bugs.webkit.org/show_bug.cgi?id=34441
-
-        Previously any Structure with anonymous storage would have a property map, so we
-        were only including anonymous slot size if there was a property map.  Given this
-        is no longer the case we should always include the anonymous slot count in the
-        property storage size.
-
-        * runtime/Structure.h:
-        (JSC::Structure::propertyStorageSize):
-
-2010-02-01  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix, update exports file (again)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-02-01  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix, update exports file
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-01-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        JSC is failing to propagate anonymous slot count on some transitions
-        https://bugs.webkit.org/show_bug.cgi?id=34321
-
-        Remove secondary Structure constructor, and make Structure store a copy
-        of the number of anonymous slots directly so saving an immediate allocation
-        of a property map for all structures with anonymous storage, which also
-        avoids the leaked property map on new property transition in the original
-        version of this patch.
-
-        We need to propagate the the anonymous slot count otherwise we can end up
-        with a structure recording incorrect information about the available and
-        needed space for property storage, or alternatively incorrectly reusing
-        some slots.
-
-        * JavaScriptCore.exp:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::insertIntoPropertyMapHashTable):
-        (JSC::Structure::createPropertyMapHashTable):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::hasAnonymousSlots):
-        (JSC::Structure::anonymousSlotCount):
-
-2010-01-31  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Buildfix for WinCE + style fixes (TLS_OUT_OF_INDEXES is not defined).
-        https://bugs.webkit.org/show_bug.cgi?id=34380
-
-        * wtf/ThreadSpecific.h:
-
-2010-01-31  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        [Windows] Fix a bug of round() with huge integral numbers
-        https://bugs.webkit.org/show_bug.cgi?id=34297
-
-        Fix a bug that round() for huge integral numbers returns incorrect
-        results. For example, round(8639999913600001) returns
-        8639999913600002 without this change though the double type can
-        represent 8639999913600001 precisely.
-
-        Math.round() of JavaScript has a similar problem. But this change
-        doesn't fix it because Math.round() doesn't use round() of
-        MathExtra.h.
-
-        * wtf/MathExtras.h:
-        (round): Avoid to do "num + 0.5" or "num - 0.5".
-        (roundf): Fixed similarly.
-        (llround): Calls round().
-        (llroundf): Calls roundf().
-        (lround): Calls round().
-        (lroundf): Calls roundf().
-
-2010-01-29  Mark Rowe  <mrowe@apple.com>
-
-        Sort Xcode projects.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-01-29  Mark Rowe  <mrowe@apple.com>
-
-        Fix the Mac build.
-
-        Disable ENABLE_INDEXED_DATABASE since it is "completely non-functional".
-
-        As the comment in FeatureDefines.xcconfig notes, the list of feature defines
-        needs to be kept in sync across the various files.  The default values also
-        need to be kept in sync between these files and build-webkit.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-01-29  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        Fix the ARM build.
-
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructure): Call the right Structure::create overload.
-
-2010-01-28  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix for MSW, use ThreadingWin.cpp as the Windows pthreads implementation
-        implements pthread_t in a way that makes it impossible to check its validity,
-        which is needed by ThreadingPthreads.cpp.
-
-        * wscript:
-
-2010-01-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DOM Objects shouldn't all require custom mark functions
-        https://bugs.webkit.org/show_bug.cgi?id=34291
-
-        Make getAnonymousValue const-friendly
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::getAnonymousValue):
-
-2010-01-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Simplify anonymous slot implementation
-        https://bugs.webkit.org/show_bug.cgi?id=34282
-
-        A class must now specify the number of slots it needs at construction time
-        rather than later on with a transition.  This makes many things simpler,
-        we no longer need to need an additional transition on object creation to
-        add the anonymous slots, and we remove the need for a number of transition
-        type checks. 
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSCell.h:
-        (JSC::JSCell::createDummyStructure):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        (JSC::JSObject::putAnonymousValue):
-        (JSC::JSObject::getAnonymousValue):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::Fiber::createStructure):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-        (JSC::Structure::materializePropertyMap):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::anonymousSlotCount):
-        * runtime/StructureTransitionTable.h:
-
-2010-01-27  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-01-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        MessageEvent.data should deserialize in the context of the MessageEvent's global object
-        https://bugs.webkit.org/show_bug.cgi?id=34227
-
-        Add logic to allow us to create an Object, Array, or Date instance
-        so we can create them in the context of a specific global object,
-        rather than just using the current lexical global object.
-
-        * JavaScriptCore.exp:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::constructEmptyObject):
-        (JSC::constructEmptyArray):
-
-2010-01-27  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34150
-        WebKit needs a mechanism to catch stale HashMap entries
-
-        It is very difficult to catch stale pointers that are HashMap keys - since a pointer's hash
-        is just its value, it is very unlikely that any observable problem is reproducible.
-
-        This extends hash table consistency checks to check that pointers are referencing allocated
-        memory blocks, and makes it possible to invoke the checks explicitly (it is not feasible
-        to enable CHECK_HASHTABLE_CONSISTENCY by default, because that affects performance too much).
-
-        * wtf/HashMap.h: (WTF::::checkConsistency): Call through to HashTable implementation. We can
-        add similar calls to HashSet and HashCountedSet, but I haven't seen hard to debug problems
-        with those yet.
-
-        * wtf/HashSet.h: (WTF::::remove): The version of checkTableConsistency that's guarded by
-        CHECK_HASHTABLE_CONSISTENCY is now called internalCheckTableConsistency().
-
-        * wtf/HashTable.h:
-        (WTF::HashTable::internalCheckTableConsistency):
-        (WTF::HashTable::internalCheckTableConsistencyExceptSize):
-        (WTF::HashTable::checkTableConsistencyExceptSize):
-        Expose checkTableConsistency() even if CHECK_HASHTABLE_CONSISTENCY is off.
-        (WTF::::add): Updated for checkTableConsistency renaming.
-        (WTF::::addPassingHashCode): Ditto.
-        (WTF::::removeAndInvalidate): Ditto.
-        (WTF::::remove): Ditto.
-        (WTF::::rehash): Ditto.
-        (WTF::::checkTableConsistency): The assertion for !shouldExpand() was not correct - this
-        function returns true for tables with m_table == 0.
-        (WTF::::checkTableConsistencyExceptSize): Call checkValueConsistency for key. Potentially,
-        we could do the same for values.
-
-        * wtf/HashTraits.h:
-        (WTF::GenericHashTraits::checkValueConsistency): An empty function that can be overridden
-        to add checks. Currently, the only override is for pointer hashes.
-
-        * wtf/RefPtrHashMap.h: (WTF::::remove): Updated for checkTableConsistency renaming.
-
-2010-01-27  Anton Muhin  <antonm@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Remove trailing \ from inline function code
-        https://bugs.webkit.org/show_bug.cgi?id=34223
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMThumbImmediate::countLeadingZerosPartial):
-
-2010-01-27  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Port WTF's randomNumber
-        https://bugs.webkit.org/show_bug.cgi?id=33566
-
-        Use GETRAND to generate 4 byte random byte sequence to implement
-        weakRandomNumber. Create a secure random number generator with
-        AEECLSID_RANDOM to implement randomNumber.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::weakRandomNumber):
-        (WTF::randomNumber):
-
-2010-01-27  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Port getCPUTime
-        https://bugs.webkit.org/show_bug.cgi?id=33572
-
-        Use GETUPTIMEMS which returns a continuously and
-        linearly increasing millisecond timer from the time the device
-        was powered on. This function is enough to implement getCPUTime.
-
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-
-2010-01-27  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Oliver Hunt.
-
-        [BREWMP] Add MarkStack fastMalloc implementation for platforms without VirtualAlloc or mmap.
-        https://bugs.webkit.org/show_bug.cgi?id=33582
-
-        Use fastMalloc and fastFree to implement MarkStack::allocateStack and
-        MarkStack::releaseStack for platforms without page level allocation.
-
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
-        * runtime/MarkStackNone.cpp: Added.
-        (JSC::MarkStack::initializePagesize):
-        (JSC::MarkStack::allocateStack):
-        (JSC::MarkStack::releaseStack):
-
-2010-01-27  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Don't use time function
-        https://bugs.webkit.org/show_bug.cgi?id=33577
-
-        Calling time(0) in BREW devices causes a crash because time
-        is not properly ported in most devices. Cast currentTime() to
-        time_t to get the same result as time(0).
-
-        * wtf/DateMath.cpp:
-        (WTF::calculateUTCOffset):
-
-2010-01-27  Alexey Proskuryakov  <ap@apple.com>
-
-        Revert r53899 (HashMap<AtomicStringImpl*, Value> key checks) and subsequent build fixes,
-        because they make SVG tests crash in release builds.
-
-        * wtf/HashMap.h:
-        (WTF::::remove):
-        * wtf/HashSet.h:
-        (WTF::::remove):
-        * wtf/HashTable.h:
-        (WTF::::add):
-        (WTF::::addPassingHashCode):
-        (WTF::::removeAndInvalidate):
-        (WTF::::remove):
-        (WTF::::rehash):
-        (WTF::::checkTableConsistency):
-        (WTF::::checkTableConsistencyExceptSize):
-        * wtf/HashTraits.h:
-        (WTF::GenericHashTraits::emptyValue):
-        (WTF::):
-        * wtf/RefPtrHashMap.h:
-        (WTF::::remove):
-
-2010-01-26  Alexey Proskuryakov  <ap@apple.com>
-
-        More Windows build fixing.
-
-        * wtf/HashTraits.h: _msize takes void*, remove const qualifier from type.
-
-2010-01-26  Alexey Proskuryakov  <ap@apple.com>
-
-        Windows build fix.
-
-        * wtf/HashTraits.h: Include malloc.h for _msize().
-
-2010-01-26  Alexey Proskuryakov  <ap@apple.com>
-
-        Build fix.
-
-        * wtf/HashTable.h: (WTF::HashTable::checkTableConsistencyExceptSize): Remove const from a
-        static (empty) version of this function.
-
-2010-01-26  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34150
-        WebKit needs a mechanism to catch stale HashMap entries
-
-        It is very difficult to catch stale pointers that are HashMap keys - since a pointer's hash
-        is just its value, it is very unlikely that any observable problem is reproducible.
-
-        This extends hash table consistency checks to check that pointers are referencing allocated
-        memory blocks, and makes it possible to invoke the checks explicitly (it is not feasible
-        to enable CHECK_HASHTABLE_CONSISTENCY by default, because that affects performance too much).
-
-        * wtf/HashMap.h: (WTF::::checkConsistency): Call through to HashTable implementation. We can
-        add similar calls to HashSet and HashCountedSet, but I haven't seen hard to debug problems
-        with those yet.
-
-        * wtf/HashSet.h: (WTF::::remove): The version of checkTableConsistency that's guarded by
-        CHECK_HASHTABLE_CONSISTENCY is now called internalCheckTableConsistency().
-
-        * wtf/HashTable.h:
-        (WTF::HashTable::internalCheckTableConsistency):
-        (WTF::HashTable::internalCheckTableConsistencyExceptSize):
-        (WTF::HashTable::checkTableConsistencyExceptSize):
-        Expose checkTableConsistency() even if CHECK_HASHTABLE_CONSISTENCY is off.
-        (WTF::::add): Updated for checkTableConsistency renaming.
-        (WTF::::addPassingHashCode): Ditto.
-        (WTF::::removeAndInvalidate): Ditto.
-        (WTF::::remove): Ditto.
-        (WTF::::rehash): Ditto.
-        (WTF::::checkTableConsistency): The assertion for !shouldExpand() was not correct - this
-        function returns true for tables with m_table == 0.
-        (WTF::::checkTableConsistencyExceptSize): Call checkValueConsistency for key. Potentially,
-        we could do the same for values.
-
-        * wtf/HashTraits.h:
-        (WTF::GenericHashTraits::checkValueConsistency): An empty function that can be overridden
-        to add checks. Currently, the only override is for pointer hashes.
-
-        * wtf/RefPtrHashMap.h: (WTF::::remove): Updated for checkTableConsistency renaming.
-
-2010-01-26  Lyon Chen  <liachen@rim.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Opcode.h use const void* for Opcode cause error #1211 for RVCT compiler
-        https://bugs.webkit.org/show_bug.cgi?id=33902
-
-        * bytecode/Opcode.h:
-
-2010-01-26  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Windows build references non-existent include paths
-        https://bugs.webkit.org/show_bug.cgi?id=34175
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-
-2010-01-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Using JavaScriptCore API with a webkit vended context can result in slow script dialog
-        https://bugs.webkit.org/show_bug.cgi?id=34172
-
-        Make the APIShim correctly increment and decrement the timeout
-        entry counter.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-
-2010-01-26  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Fix compilation of QtScript with non-gcc compilers
-
-        Variable length stack arrays are a gcc extension. Use QVarLengthArray
-        as a more portable solution that still tries to allocate on the stack
-        first.
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::call):
-
-2010-01-26  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Fix the build on platforms without JIT support.
-
-        The JIT support should be determined at compile-time via wtf/Platform.h
-
-        * qt/api/QtScript.pro:
-
-2010-01-26  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        First steps of the QtScript API.
-        
-        Two new classes were created; QScriptEngine and QScriptValue.
-        The first should encapsulate a javascript context and the second a script
-        value.
-        
-        This API is still in development, so it isn't compiled by default.
-        To trigger compilation, pass --qmakearg="CONFIG+=build-qtscript" to
-        build-webkit.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32565
-
-        * qt/api/QtScript.pro: Added.
-        * qt/api/qscriptconverter_p.h: Added.
-        (QScriptConverter::toString):
-        * qt/api/qscriptengine.cpp: Added.
-        (QScriptEngine::QScriptEngine):
-        (QScriptEngine::~QScriptEngine):
-        (QScriptEngine::evaluate):
-        (QScriptEngine::collectGarbage):
-        * qt/api/qscriptengine.h: Added.
-        * qt/api/qscriptengine_p.cpp: Added.
-        (QScriptEnginePrivate::QScriptEnginePrivate):
-        (QScriptEnginePrivate::~QScriptEnginePrivate):
-        (QScriptEnginePrivate::evaluate):
-        * qt/api/qscriptengine_p.h: Added.
-        (QScriptEnginePrivate::get):
-        (QScriptEnginePrivate::collectGarbage):
-        (QScriptEnginePrivate::makeJSValue):
-        (QScriptEnginePrivate::context):
-        * qt/api/qscriptvalue.cpp: Added.
-        (QScriptValue::QScriptValue):
-        (QScriptValue::~QScriptValue):
-        (QScriptValue::isValid):
-        (QScriptValue::isBool):
-        (QScriptValue::isBoolean):
-        (QScriptValue::isNumber):
-        (QScriptValue::isNull):
-        (QScriptValue::isString):
-        (QScriptValue::isUndefined):
-        (QScriptValue::isError):
-        (QScriptValue::isObject):
-        (QScriptValue::isFunction):
-        (QScriptValue::toString):
-        (QScriptValue::toNumber):
-        (QScriptValue::toBool):
-        (QScriptValue::toBoolean):
-        (QScriptValue::toInteger):
-        (QScriptValue::toInt32):
-        (QScriptValue::toUInt32):
-        (QScriptValue::toUInt16):
-        (QScriptValue::call):
-        (QScriptValue::engine):
-        (QScriptValue::operator=):
-        (QScriptValue::equals):
-        (QScriptValue::strictlyEquals):
-        * qt/api/qscriptvalue.h: Added.
-        (QScriptValue::):
-        * qt/api/qscriptvalue_p.h: Added.
-        (QScriptValuePrivate::):
-        (QScriptValuePrivate::get):
-        (QScriptValuePrivate::QScriptValuePrivate):
-        (QScriptValuePrivate::isValid):
-        (QScriptValuePrivate::isBool):
-        (QScriptValuePrivate::isNumber):
-        (QScriptValuePrivate::isNull):
-        (QScriptValuePrivate::isString):
-        (QScriptValuePrivate::isUndefined):
-        (QScriptValuePrivate::isError):
-        (QScriptValuePrivate::isObject):
-        (QScriptValuePrivate::isFunction):
-        (QScriptValuePrivate::toString):
-        (QScriptValuePrivate::toNumber):
-        (QScriptValuePrivate::toBool):
-        (QScriptValuePrivate::toInteger):
-        (QScriptValuePrivate::toInt32):
-        (QScriptValuePrivate::toUInt32):
-        (QScriptValuePrivate::toUInt16):
-        (QScriptValuePrivate::equals):
-        (QScriptValuePrivate::strictlyEquals):
-        (QScriptValuePrivate::assignEngine):
-        (QScriptValuePrivate::call):
-        (QScriptValuePrivate::engine):
-        (QScriptValuePrivate::context):
-        (QScriptValuePrivate::value):
-        (QScriptValuePrivate::object):
-        (QScriptValuePrivate::inherits):
-        (QScriptValuePrivate::isJSBased):
-        (QScriptValuePrivate::isNumberBased):
-        (QScriptValuePrivate::isStringBased):
-        * qt/api/qtscriptglobal.h: Added.
-        * qt/tests/qscriptengine/qscriptengine.pro: Added.
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp: Added.
-        (tst_QScriptEngine::tst_QScriptEngine):
-        (tst_QScriptEngine::~tst_QScriptEngine):
-        (tst_QScriptEngine::init):
-        (tst_QScriptEngine::cleanup):
-        (tst_QScriptEngine::collectGarbage):
-        (tst_QScriptEngine::evaluate):
-        * qt/tests/qscriptvalue/qscriptvalue.pro: Added.
-        * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Added.
-        (tst_QScriptValue::tst_QScriptValue):
-        (tst_QScriptValue::~tst_QScriptValue):
-        (tst_QScriptValue::init):
-        (tst_QScriptValue::cleanup):
-        (tst_QScriptValue::ctor):
-        (tst_QScriptValue::toString_data):
-        (tst_QScriptValue::toString):
-        (tst_QScriptValue::copyConstructor_data):
-        (tst_QScriptValue::copyConstructor):
-        (tst_QScriptValue::assignOperator_data):
-        (tst_QScriptValue::assignOperator):
-        (tst_QScriptValue::dataSharing):
-        (tst_QScriptValue::constructors_data):
-        (tst_QScriptValue::constructors):
-        (tst_QScriptValue::call):
-        * qt/tests/tests.pri: Added.
-        * qt/tests/tests.pro: Added.
-
-2010-01-25  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by David Levin.
-
-        Fix Chromium Linux tests: the pthread functions on Linux produce segfault if they receive 0 thread handle.
-        After r53714, we can have 0 thread handles passed to pthread_join and pthread_detach if corresponding threads
-        were already terminated and their threadMap entries cleared.
-        Add a 0 check.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-
-2010-01-24  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Refactor JITStubs.cpp so that DEFINE_STUB_FUNCTION is only used once for each function
-        https://bugs.webkit.org/show_bug.cgi?id=33866
-
-        Place the guard USE(JSVALUE32_64) inside the body of the DEFINE_STUB_FUNCTION
-        macro for those functions that are always present.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-01-22  Kevin Watters  <kevinwatters@gmail.com>
-
-        Reviewed by Kevin Ollivier.
-
-        [wx] Remove the Bakefile build system, which is no longer being used.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=34022
-
-        * JavaScriptCoreSources.bkl: Removed.
-        * jscore.bkl: Removed.
-
-2010-01-22  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34025
-        Enable client-based Geolocation abstraction for Mac, Windows AppleWebKit targets.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-01-22  Dmitry Titov  <dimich@chromium.org>
-
-        Not reviewed, attempted Snow Leopard build fix.
-
-        * wtf/ThreadingPthreads.cpp: Add a forward declaration of a function which is not 'static'.
-
-2009-01-22  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix the leak of ThreadIdentifiers in threadMap across threads.
-        https://bugs.webkit.org/show_bug.cgi?id=32689
-
-        Test is added to DumpRenderTree.mm.
-
-        * Android.mk: Added file ThreadIdentifierDataPthreads.(h|cpp) to build.
-        * Android.v8.wtf.mk: Ditto.
-        * GNUmakefile.am: Ditto.
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: Ditto.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp: Added. Contains custom implementation of thread-specific data that uses custom destructor.
-        (WTF::ThreadIdentifierData::~ThreadIdentifierData): Removes the ThreadIdentifier from the threadMap.
-        (WTF::ThreadIdentifierData::identifier):
-        (WTF::ThreadIdentifierData::initialize):
-        (WTF::ThreadIdentifierData::destruct): Custom thread-specific destructor. Resets the value for the key again to cause second invoke.
-        (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
-        (WTF::ThreadIdentifierData::initializeKeyOnce): Need to use pthread_once since initialization may come on any thread(s).
-        * wtf/ThreadIdentifierDataPthreads.h: Added.
-        (WTF::ThreadIdentifierData::ThreadIdentifierData):
-
-        * wtf/Threading.cpp:
-        (WTF::threadEntryPoint): Move initializeCurrentThreadInternal to after the lock to make
-                                 sure it is invoked when ThreadIdentifier is already established.
-
-        * wtf/Threading.h: Rename setThreadNameInternal -> initializeCurrentThreadInternal since it does more then only set the name now.
-        * wtf/ThreadingNone.cpp:
-        (WTF::initializeCurrentThreadInternal): Ditto.
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeCurrentThreadInternal): Ditto.
-        (WTF::initializeThreading): Ditto.
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::initializeCurrentThreadInternal): Ditto.
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::initializeCurrentThreadInternal): Ditto.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::establishIdentifierForPthreadHandle):
-        (WTF::clearPthreadHandleForIdentifier): Make it not 'static' so the ~ThreadIdentifierData() in another file can call it.
-        (WTF::initializeCurrentThreadInternal): Set the thread-specific data. The ThreadIdentifier is already established by creating thread.
-        (WTF::waitForThreadCompletion): Remove call to clearPthreadHandleForIdentifier(threadID) since it is now done in ~ThreadIdentifierData().
-        (WTF::detachThread): Ditto.
-        (WTF::currentThread): Use the thread-specific data to get the ThreadIdentifier. It's many times faster then Mutex-protected iteration through the map.
-                              Also, set the thread-specific data if called first time on the thread.
-
-2010-01-21  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Add ThreadSpecific for ENABLE(SINGLE_THREADED)
-        https://bugs.webkit.org/show_bug.cgi?id=33878
-
-        Implement ThreadSpecific with a simple getter/setter
-        when ENABLE(SINGLE_THREADED) is true.
-
-        Due to the change in https://bugs.webkit.org/show_bug.cgi?id=33236,
-        an implementation of ThreadSpecific must be available to build WebKit.
-        This causes a build failure for platforms without a proper
-        ThreadSpecific implementation.
-
-        * wtf/ThreadSpecific.h:
-        (WTF::::ThreadSpecific):
-        (WTF::::~ThreadSpecific):
-        (WTF::::get):
-        (WTF::::set):
-        (WTF::::destroy):
-
-2010-01-21  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add fastStrDup to FastMalloc
-        https://bugs.webkit.org/show_bug.cgi?id=33937
-
-        The new string returned by fastStrDup is obtained with fastMalloc,
-        and can be freed with fastFree. This makes the memory management 
-        more consistent because we don't need to keep strdup allocated pointers
-        and free them with free(). Instead we can use fastFree everywhere.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastStrDup):
-        * wtf/FastMalloc.h:
-
-2010-01-21  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        history.back() for same-document history traversals isn't synchronous as the specification states.
-        <rdar://problem/7535011> and https://bugs.webkit.org/show_bug.cgi?id=33538
-
-        * wtf/Platform.h: Add a "HISTORY_ALWAYS_ASYNC" enable and turn it on for Chromium.
-
-2010-01-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Always create a prototype for automatically managed classes.
-        
-        This fixes some errors where prototype chains were not correctly hooked
-        up, and also ensures that API classes work correctly with features like
-        instanceof.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::create): Cleaned up some of this code. Also changed it
-        to always create a prototype class.
-
-        * API/tests/testapi.c:
-        (Derived2_class):
-        (main): Fixed a null value crash in the exception checking code.
-        * API/tests/testapi.js: Added some tests for the case where a prototype
-        chain would not be hooked up correctly.
-
-2010-01-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Force JSC to create a prototype chain for API classes with a
-        parent class but no static functions.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::create):
-
-2010-01-21  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Object.getOwnPropertyDescriptor always returns undefined for JS API objects
-        https://bugs.webkit.org/show_bug.cgi?id=33946
-
-        Ideally the getOwnPropertyDescriptor() reimplementation should return an
-        access descriptor that wraps the property getter and setter callbacks, but
-        that approach is much more involved than returning a value descriptor.
-        Keep it simple for now.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyDescriptor):
-        * API/tests/testapi.js:
-
-2010-01-20  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::initializeScavenger): Remove unnecessary function call.
-
-2010-01-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Use the inline i386 assembly for x86_64 as well rather than falling back to using pthread mutexes.
-
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SlowLock):
-
-2010-01-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/7215063> Use GCD instead of an extra thread for FastMalloc scavenging on platforms where it is supported
-
-        Abstract the background scavenging slightly so that an alternate implementation that uses GCD can be used on platforms
-        where it is supported.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::init):
-        (WTF::TCMalloc_PageHeap::initializeScavenger):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-        (WTF::TCMalloc_PageHeap::shouldContinueScavenging):
-        (WTF::TCMalloc_PageHeap::Delete):
-        (WTF::TCMalloc_PageHeap::periodicScavenge):
-        * wtf/Platform.h:
-
-2010-01-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/7562708> REGRESSION(53460): Heap::destroy may not run
-        all destructors
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::freeBlocks): Instead of fully marking protected objects,
-        just set their mark bits. This prevents protected objects from keeping
-        unprotected objects alive. Destructor order is not guaranteed, so it's
-        OK to destroy objects pointed to by protected objects before destroying
-        protected objects.
-
-2010-01-19  David Levin  <levin@chromium.org>
-
-        Reviewed by Oliver Hunt.
-
-        CrossThreadCopier needs to support ThreadSafeShared better.
-        https://bugs.webkit.org/show_bug.cgi?id=33698
-
-        * wtf/TypeTraits.cpp: Added tests for the new type traits.
-        * wtf/TypeTraits.h:
-        (WTF::IsSubclass): Determines if a class is a derived from another class.
-        (WTF::IsSubclassOfTemplate): Determines if a class is a derived from a
-        template class (with one parameter that is unknown).
-        (WTF::RemoveTemplate): Reveals the type for a template parameter.
-
-2010-01-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler and Adam Roben.
-
-        Feature defines are difficult to maintain on Windows builds
-        https://bugs.webkit.org/show_bug.cgi?id=33883
-
-        FeatureDefines.vsprops are now maintained in a way similar to
-        Configurations/FeatureDefines.xcconfig, with the added advantage
-        of having a single FeatureDefines file across all projects.
-
-        * Configurations/FeatureDefines.xcconfig: Add comments about keeping feature definitions in sync.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add FeatureDefines.vsprops inherited property sheet.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add FeatureDefines.vsprops inherited property sheet.
-
-2010-01-20  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] Unreviewed buildfix for r53547.
-
-        * DerivedSources.pro:
-
-2010-01-20  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Make extraCompilers for generated sources depend on their scripts
-
-        * DerivedSources.pro:
-
-2010-01-19  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Tim Hatcher.
-
-        When JavaScriptCore calls Debugger::Exception, have it pass a
-        hasHandler variable that represents if exception is being handled
-        in the same function (not in a parent on the call stack).
-        
-        This just adds a new parameter, no behavior is changed.
-
-        * debugger/Debugger.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-
-2010-01-18  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Inline functions that are hot in DOM manipulation
-        https://bugs.webkit.org/show_bug.cgi?id=33820
-        
-        (3% speedup on Dromaeo DOM Core tests)
-
-        * runtime/WeakGCMap.h:
-        (JSC::::get): inline
-
-2010-01-19  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed build fix for JIT with RVCT.
-
-        Remove IMPORT statement; cti_vm_throw is already defined in JITStubs.h.
-        Remove extra ')'.
-
-        * jit/JITStubs.cpp:
-        (JSC::ctiVMThrowTrampoline):
-
-2010-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESSION (52082): Crash on worker thread when reloading http://radnan.public.iastate.edu/procedural/
-        https://bugs.webkit.org/show_bug.cgi?id=33826
-
-        This bug was caused by a GC-protected object being destroyed early by
-        Heap::destroy. Clients of the GC protect APIs (reasonably) expect pointers
-        to GC-protected memory to be valid.
-
-        The solution is to do two passes of tear-down in Heap::destroy. The first
-        pass tears down all unprotected objects. The second pass ASSERTs that all
-        previously protected objects are now unprotected, and then tears down
-        all perviously protected objects. These two passes simulate the two passes
-        that would have been required to free a protected object during normal GC.
-        
-        * API/JSContextRef.cpp: Removed some ASSERTs that have moved into Heap.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy): Moved ASSERTs to here.
-        (JSC::Heap::freeBlock): Tidied up the use of didShrink by moving its
-        setter to the function that does the shrinking.
-        (JSC::Heap::freeBlocks): Implemented above algorithm.
-        (JSC::Heap::shrinkBlocks): Tidied up the use of didShrink.
-
-2010-01-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Reverting r53455, breaks 2 javascriptcore tests.
-
-        * API/JSContextRef.cpp:
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::freeBlock):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::shrinkBlocks):
-
-2010-01-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Revert r53454, since it causes much sadness in this world.
-
-        * runtime/UString.cpp:
-        (JSC::UString::spliceSubstringsWithSeparators):
-        (JSC::UString::replaceRange):
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::baseSharedBuffer):
-        (JSC::UStringImpl::sharedBuffer):
-        (JSC::UStringImpl::~UStringImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UntypedPtrAndBitfield::UntypedPtrAndBitfield):
-        (JSC::UntypedPtrAndBitfield::asPtr):
-        (JSC::UntypedPtrAndBitfield::operator&=):
-        (JSC::UntypedPtrAndBitfield::operator|=):
-        (JSC::UntypedPtrAndBitfield::operator&):
-        (JSC::UStringImpl::create):
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::isIdentifier):
-        (JSC::UStringImpl::setIsIdentifier):
-        (JSC::UStringImpl::ref):
-        (JSC::UStringImpl::deref):
-        (JSC::UStringImpl::checkConsistency):
-        (JSC::UStringImpl::UStringImpl):
-        (JSC::UStringImpl::bufferOwnerString):
-        (JSC::UStringImpl::bufferOwnership):
-        (JSC::UStringImpl::isStatic):
-        * wtf/StringHashFunctions.h:
-        (WTF::stringHash):
-
-2010-01-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESSION (52082): Crash on worker thread when reloading http://radnan.public.iastate.edu/procedural/
-        https://bugs.webkit.org/show_bug.cgi?id=33826
-
-        This bug was caused by a GC-protected object being destroyed early by
-        Heap::destroy. Clients of the GC protect APIs (reasonably) expect pointers
-        to GC-protected memory to be valid.
-
-        The solution is to do two passes of tear-down in Heap::destroy. The first
-        pass tears down all unprotected objects. The second pass ASSERTs that all
-        previously protected objects are now unprotected, and then tears down
-        all perviously protected objects. These two passes simulate the two passes
-        that would have been required to free a protected object during normal GC.
-        
-        * API/JSContextRef.cpp: Removed some ASSERTs that have moved into Heap.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy): Moved ASSERTs to here.
-        (JSC::Heap::freeBlock): Tidied up the use of didShrink by moving its
-        setter to the function that does the shrinking.
-        (JSC::Heap::freeBlocks): Implemented above algorithm.
-        (JSC::Heap::shrinkBlocks): Tidied up the use of didShrink.
-
-2010-01-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33731
-        Remove UntypedPtrAndBitfield from UStringImpl (akin to PtrAndFlags).
-
-        This break the OS X Leaks tool.  Instead, free up some more bits from the refCount.
-
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::sharedBuffer):
-        (JSC::UStringImpl::~UStringImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::checkConsistency):
-        (JSC::UStringImpl::UStringImpl):
-        (JSC::UStringImpl::bufferOwnerString):
-        (JSC::UStringImpl::):
-        * wtf/StringHashFunctions.h:
-        (WTF::stringHash):
-
-2010-01-18  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        HTMLInputElement::valueAsDate setter support for type=month.
-        https://bugs.webkit.org/show_bug.cgi?id=33021
-
-        Expose the following functions to be used by WebCore:
-         - WTF::msToyear()
-         - WTF::dayInYear()
-         - WTF::monthFromDayInYear()
-         - WTF::dayInMonthFromDayInYear()
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/DateMath.cpp:
-        (WTF::msToYear): Remove "static inline".
-        (WTF::dayInYear): Remove "static inline".
-        (WTF::monthFromDayInYear): Remove "static inline".
-        (WTF::dayInMonthFromDayInYear): Remove "static inline".
-        * wtf/DateMath.h: Declare the above functions.
-
-2010-01-18  Darin Adler  <darin@apple.com>
-
-        Fix build by reverting the previous change.
-
-        * runtime/UString.h: Rolled out the FastAllocBase base class.
-        It was making UString larger, and therefore JSString larger,
-        and too big for a garbage collection cell.
-
-        This raises the unpleasant possibility that many classes became
-        larger because we added the FastAllocBase base class. I am
-        worried about this, and it needs to be investigated.
-
-2010-01-18  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for UString class
-        https://bugs.webkit.org/show_bug.cgi?id=27831
-
-        Inherits the following class from FastAllocBase because it is
-        instantiated by 'new' and no need to be copyable:
-
-        class name     - instantiated at:
-        classs UString - JavaScriptCore/runtime/UString.cpp:160
-
-        * runtime/UString.h:
-
-2010-01-18  Evan Cheng  <evan.cheng@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Add some ALWAYS_INLINE for key functions not inlined by some versions of GCC.
-        rdar://problem/7553780
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::getPropertySlot): ALWAYS_INLINE both overloads.
-        * runtime/JSString.h:
-        (JSC::JSString::JSString): ALWAYS_INLINE the version that takes a UString.
-        * runtime/UString.h:
-        (JSC::operator==): ALWAYS_INLINE the version that compares two UString objects.
-
-2010-01-18  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Delete dftables-xxxxxxxx.in files automatically.
-        https://bugs.webkit.org/show_bug.cgi?id=33796
-
-        * pcre/dftables: unlink unnecessary temporary file.
-
-2010-01-18  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Force qmake to generate a single makefile for DerivedSources.pro
-
-        * DerivedSources.pro:
-
-2010-01-18  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Rubber-stamped by Gustavo Noronha Silva.
-
-        Rolling out r53391 and r53392 because of random crashes on buildbots.
-        https://bugs.webkit.org/show_bug.cgi?id=33731
-
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::seenOnce):
-        (JSC::CallLinkInfo::setSeen):
-        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-        * jit/JIT.cpp:
-        (JSC::JIT::unlinkCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * runtime/UString.cpp:
-        (JSC::UString::spliceSubstringsWithSeparators):
-        (JSC::UString::replaceRange):
-        * runtime/UString.h:
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::baseSharedBuffer):
-        (JSC::UStringImpl::sharedBuffer):
-        (JSC::UStringImpl::~UStringImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UntypedPtrAndBitfield::UntypedPtrAndBitfield):
-        (JSC::UntypedPtrAndBitfield::asPtr):
-        (JSC::UntypedPtrAndBitfield::operator&=):
-        (JSC::UntypedPtrAndBitfield::operator|=):
-        (JSC::UntypedPtrAndBitfield::operator&):
-        (JSC::UStringImpl::create):
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::isIdentifier):
-        (JSC::UStringImpl::setIsIdentifier):
-        (JSC::UStringImpl::ref):
-        (JSC::UStringImpl::deref):
-        (JSC::UStringImpl::checkConsistency):
-        (JSC::UStringImpl::UStringImpl):
-        (JSC::UStringImpl::bufferOwnerString):
-        (JSC::UStringImpl::bufferOwnership):
-        (JSC::UStringImpl::isStatic):
-        * wtf/StringHashFunctions.h:
-        (WTF::stringHash):
-
-2010-01-18  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix the build with strict gcc and RVCT versions: It's not legal to cast a
-        pointer to a function to a void* without an intermediate cast to a non-pointer
-        type. A cast to a ptrdiff_t inbetween fixes it.
-
-        * runtime/JSString.h:
-        (JSC::Fiber::JSString):
-
-2010-01-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33731
-        Remove UntypedPtrAndBitfield from UStringImpl (akin to PtrAndFlags).
-
-        This break the OS X Leaks tool.  Instead, free up some more bits from the refCount.
-
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::sharedBuffer):
-        (JSC::UStringImpl::~UStringImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::checkConsistency):
-        (JSC::UStringImpl::UStringImpl):
-        (JSC::UStringImpl::bufferOwnerString):
-        (JSC::UStringImpl::):
-        * wtf/StringHashFunctions.h:
-        (WTF::stringHash):
-
-2010-01-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33731
-        Remove uses of PtrAndFlags from JIT data stuctures.
-
-        These break the OS X Leaks tool.  Free up a bit in CallLinkInfo, and invalid
-        permutation of pointer states in MethodCallLinkInfo to represent the removed bits.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::seenOnce):
-        (JSC::CallLinkInfo::setSeen):
-        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-        * jit/JIT.cpp:
-        (JSC::JIT::unlinkCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * runtime/UString.h:
-
-2010-01-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Cache JS string values made from DOM strings (Dromaeo speedup)
-        https://bugs.webkit.org/show_bug.cgi?id=33768
-        <rdar://problem/7353576>
-
-        * runtime/JSString.h:
-        (JSC::jsStringWithFinalizer): Added new mechanism for a string to have an optional
-        finalizer callback, for the benefit of weak-referencing caches.
-        (JSC::):
-        (JSC::Fiber::JSString):
-        (JSC::Fiber::~JSString):
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope): Clear fibers so this doesn't look like a string with a finalizer.
-        * runtime/WeakGCMap.h: Include "Collector.h" to make this header includable by itself.
-
-2010-01-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Fix for <rdar://problem/7548432>
-        Add ALWAYS_INLINE to jsLess for a 1% speedup on llvm-gcc.
-
-        * runtime/Operations.h:
-        (JSC::jsLess):
-
-2010-01-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESISON: Google maps buttons not working properly
-        https://bugs.webkit.org/show_bug.cgi?id=31871
-
-        REGRESSION(r52948): JavaScript exceptions thrown on Google Maps when
-        getting directions for a second time
-        https://bugs.webkit.org/show_bug.cgi?id=33446
-        
-        SunSpider and v8 report no change.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID): Update our cached offset in case
-        flattening the dictionary changed any of its offsets.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain): ditto
-
-2010-01-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33705
-        UStringImpl::create() should use internal storage
-
-        When creating a UStringImpl copying of a UChar*, we can use an internal buffer,
-        by calling UStringImpl::tryCreateUninitialized().
-
-        Also, remove duplicate of copyChars from JSString, call UStringImpl's version.
-
-        Small (max 0.5%) progression on Sunspidey.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::create):
-
-2010-01-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Make naming & behaviour of UString[Impl] methods more consistent.
-        https://bugs.webkit.org/show_bug.cgi?id=33702
-
-        UString::create() creates a copy of the UChar* passed, but UStringImpl::create() assumes
-        that it should assume ownership of the provided buffer (with UString::createNonCopying()
-        and UStringImpl::createCopying() providing the alternate behaviours).  Unify on create()
-        taking a copy of the provided buffer.  For non-copying cases, use the name 'adopt', and
-        make this method take a Vector<UChar>&.  For cases where non-copying construction was being
-        used, other than from a Vector<UChar>, change the code to allocate the storage along with
-        the UStringImpl using UStringImpl::createUninitialized().  (The adopt() method also more
-        closely matches that of WebCore::StringImpl).
-
-        Also, UString::createUninitialized() and UStringImpl::createUninitialized() have incompatible
-        behaviours, in that the UString form sets the provided UChar* to a null or non-null value to
-        indicate success or failure, but UStringImpl uses the returned PassRefPtr<UStringImpl> to
-        indicate when allocation has failed (potentially leaving the output Char* uninitialized).
-        This is also incompatible with WebCore::StringImpl's behaviour, in that
-        StringImpl::createUninitialized() will CRASH() if unable to allocate.  Some uses of
-        createUninitialized() in JSC are unsafe, since they do not test the result for null.
-        UStringImpl's indication is preferable, since we may want a successful call to set the result
-        buffer to 0 (specifically, StringImpl returns 0 for the buffer where createUninitialized()
-        returns the empty string, which seems reasonable to catch bugs early).  UString's method
-        cannot support UStringImpl's behaviour directly, since it returns an object rather than a
-        pointer.
-            - remove UString::createUninitialized(), replace with calls to UStringImpl::createUninitialized()
-            - create a UStringImpl::tryCreateUninitialized() form UStringImpl::createUninitialized(),
-              with current behaviour, make createUninitialized() crash on failure to allocate.
-            - make cases in JSC that do not check the result call createUninitialized(), and cases that do
-              check call tryCreateUninitialized().
-
-        Rename computedHash() to existingHash(), to bring this in line wih WebCore::StringImpl.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        * JavaScriptCore.exp:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        * runtime/Identifier.cpp:
-        (JSC::CStringTranslator::translate):
-        (JSC::UCharBufferTranslator::translate):
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable):
-        * runtime/Lookup.h:
-        (JSC::HashTable::entry):
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::release):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncLink):
-        * runtime/Structure.cpp:
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::insertIntoPropertyMapHashTable):
-        (JSC::Structure::checkConsistency):
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTableHash::hash):
-        * runtime/UString.cpp:
-        (JSC::createRep):
-        (JSC::UString::UString):
-        (JSC::UString::spliceSubstringsWithSeparators):
-        (JSC::UString::replaceRange):
-        (JSC::UString::operator=):
-        * runtime/UString.h:
-        (JSC::UString::adopt):
-        (JSC::IdentifierRepHash::hash):
-        (JSC::makeString):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::adopt):
-        (JSC::UStringImpl::create):
-        (JSC::UStringImpl::createUninitialized):
-        (JSC::UStringImpl::tryCreateUninitialized):
-        (JSC::UStringImpl::existingHash):
-
-2010-01-13  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Oliver Hunt.
-
-        JSON.stringify and JSON.parse needlessly process properties in the prototype chain
-        https://bugs.webkit.org/show_bug.cgi?id=33053
-
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::walk):
-
-2010-01-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (buildfix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-01-13  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33641
-        Assertion failure in Lexer.cpp if input stream ends while in string escape
-
-        Test: fast/js/end-in-string-escape.html
-
-        * parser/Lexer.cpp: (JSC::Lexer::lex): Bail out quickly on end of stream, not giving the
-        assertion a chance to fire.
-
-2010-01-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (buildfix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-01-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig & Darin Adler.
-
-        Three quick fixes to UStringImpl.
-            - The destroy() method can be switched back to a normal destructor; since we've switched
-              the way we protect static strings to be using an odd ref-count the destroy() won't abort.
-            - The cost() calculation logic was wrong.  If you have multiple JSStrings wrapping substrings
-              of a base string, they would each report the full cost of the base string to the heap.
-              Instead we should only be reporting once for the base string.
-            - Remove the overloaded new operator calling fastMalloc, replace this with a 'using' to pick
-              up the implementation from the parent class.
-
-        * JavaScriptCore.exp:
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::~UStringImpl):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::deref):
-
-2010-01-13  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Split the build process in two different .pro files.
-        This allows qmake to be run once all source files are available.
-
-        * DerivedSources.pro: Added.
-        * JavaScriptCore.pri: Moved source generation to DerivedSources.pro
-        * pcre/pcre.pri: Moved source generation to DerivedSources.pro
-
-2010-01-12  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Geoffrey Garen.
-
-        [ES5] Implement Object.getOwnPropertyNames
-        https://bugs.webkit.org/show_bug.cgi?id=32242
-
-        Add an extra argument to getPropertyNames() and getOwnPropertyNames()
-        (and all reimplementations thereof) that indicates whether non-enumerable
-        properties should be added.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyNames):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertyNames):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertyNames):
-        * runtime/Arguments.h:
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertyNames):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertyNames):
-        * runtime/JSByteArray.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertyNames):
-        * runtime/JSFunction.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertyNames):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::getClassPropertyNames):
-        (JSC::JSObject::getPropertyNames):
-        (JSC::JSObject::getOwnPropertyNames):
-        * runtime/JSObject.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::getOwnPropertyNames):
-        * runtime/JSVariableObject.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyNames):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertyNames):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertyNames):
-        * runtime/StringObject.h:
-        * runtime/Structure.cpp: Rename getEnumerablePropertyNames() to getPropertyNames(), which takes an extra argument.
-        (JSC::Structure::getPropertyNames):
-        * runtime/Structure.h:
-        (JSC::):
-
-2010-01-12  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33540
-        Make it possible to build in debug mode with assertions disabled
-
-        * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Identifier.cpp: (JSC::Identifier::checkSameIdentifierTable):
-        * wtf/FastMalloc.cpp:
-        * wtf/HashTable.h: (WTF::HashTableConstIterator::checkValidity):
-        * yarr/RegexCompiler.cpp: (JSC::Yarr::compileRegex):
-
-2009-11-23  Yong Li  <yoli@rim.com>
-
-        Reviewed by Adam Treat.
-
-        Make GIF decoder support down-sampling
-        https://bugs.webkit.org/show_bug.cgi?id=31806
-
-        * platform/image-decoders/ImageDecoder.cpp:
-        (WebCore::ImageDecoder::upperBoundScaledY):
-        (WebCore::ImageDecoder::lowerBoundScaledY):
-        * platform/image-decoders/ImageDecoder.h:
-        (WebCore::RGBA32Buffer::scaledRect):
-        (WebCore::RGBA32Buffer::setScaledRect):
-        (WebCore::ImageDecoder::scaledSize):
-        * platform/image-decoders/gif/GIFImageDecoder.cpp:
-        (WebCore::GIFImageDecoder::sizeNowAvailable):
-        (WebCore::GIFImageDecoder::initFrameBuffer):
-        (WebCore::copyOnePixel):
-        (WebCore::GIFImageDecoder::haveDecodedRow):
-        (WebCore::GIFImageDecoder::frameComplete):
-
-2010-01-12  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        ecma/Date/15.9.5.12-1.js fails every night at midnight
-        https://bugs.webkit.org/show_bug.cgi?id=28041
-
-        Change the test to use a concrete time instead of "now".
-
-        * tests/mozilla/ecma/Date/15.9.5.10-1.js:
-        * tests/mozilla/ecma/Date/15.9.5.12-1.js:
-
-2010-01-11  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Ariya Hidayat.
-
-        [Qt] Enable JIT and YARR_JIT if (CPU(X86_64) && OS(LINUX) && GCC_VERSION >= 40100)
-
-        * wtf/Platform.h:
-
-2010-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33481
-        Uninitialized data members in ArrayStorage
-        
-        SunSpider reports no change.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray): Initialize missing data members in the two cases
-        where we don't use fastZeroedMalloc, so it doesn't happen automatically.
-
-2010-01-11  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33480
-        
-        Improve debugging reliability for WTF on Windows.
-        Store WTF static library's PDB file into a better location.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2010-01-11  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-        Remove extraneous entries from def file causing build warning.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-01-10  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        RegExp.prototype.toString returns "//" for empty regular expressions
-        https://bugs.webkit.org/show_bug.cgi?id=33319
-
-        "//" starts a single-line comment, hence "/(?:)/" should be used, according to ECMA.
-
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-
-        * tests/mozilla/ecma_2/RegExp/properties-001.js:
-        (AddRegExpCases):
-        * tests/mozilla/js1_2/regexp/toString.js:
-        Update relevant Mozilla tests (Mozilla has had this behavior since November 2003).
-
-2010-01-10  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/ecma/Array/15.4.1.1.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.1.2.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.2.1-1.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.2.2-1.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.2.2-2.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.2.3.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.3.2.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.3.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.4.1.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Array/15.4.4.js: Added property allow-tabs.
-        * tests/mozilla/ecma/LexicalConventions/7.7.4.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Math/15.8.2.13.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Math/15.8.2.16.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Math/15.8.2.18.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Math/15.8.2.2.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Math/15.8.2.4.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Math/15.8.2.5.js: Added property allow-tabs.
-        * tests/mozilla/ecma/Math/15.8.2.7.js: Added property allow-tabs.
-        * tests/mozilla/ecma/String/15.5.1.js: Added property allow-tabs.
-        * tests/mozilla/ecma/String/15.5.2.js: Added property allow-tabs.
-        * tests/mozilla/ecma/String/15.5.3.1-3.js: Added property allow-tabs.
-        * tests/mozilla/ecma/String/15.5.3.1-4.js: Added property allow-tabs.
-        * tests/mozilla/ecma/String/15.5.3.js: Added property allow-tabs.
-        * tests/mozilla/ecma/TypeConversion/9.5-2.js: Added property allow-tabs.
-        * tests/mozilla/ecma/jsref.js: Modified property allow-tabs.
-        * tests/mozilla/ecma/shell.js: Modified property allow-tabs.
-        * tests/mozilla/ecma_2/LexicalConventions/keywords-001.js: Added property allow-tabs.
-        * tests/mozilla/ecma_2/RegExp/exec-001.js: Added property allow-tabs.
-        * tests/mozilla/ecma_2/String/match-004.js: Added property allow-tabs.
-        * tests/mozilla/ecma_2/String/replace-001.js: Added property allow-tabs.
-        * tests/mozilla/ecma_2/String/split-002.js: Added property allow-tabs.
-        * tests/mozilla/ecma_2/jsref.js: Modified property allow-tabs.
-        * tests/mozilla/ecma_2/shell.js: Added property allow-tabs.
-        * tests/mozilla/ecma_3/Date/shell.js: Modified property allow-tabs.
-        * tests/mozilla/ecma_3/Exceptions/regress-181654.js: Added property allow-tabs.
-        * tests/mozilla/ecma_3/RegExp/regress-209067.js: Added property allow-tabs.
-        * tests/mozilla/ecma_3/RegExp/regress-85721.js: Added property allow-tabs.
-        * tests/mozilla/importList.html: Added property allow-tabs.
-        * tests/mozilla/js1_1/shell.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/Array/general1.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/Array/general2.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/Array/slice.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/Array/splice1.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/Array/splice2.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/Objects/toString-001.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/String/charCodeAt.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/String/concat.js: Modified property allow-tabs.
-        * tests/mozilla/js1_2/String/match.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/String/slice.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/function/Function_object.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/function/Number.js: Modified property allow-tabs.
-        * tests/mozilla/js1_2/function/String.js: Modified property allow-tabs.
-        * tests/mozilla/js1_2/function/nesting.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/function/regexparg-1.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/function/regexparg-2-n.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/jsref.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/operator/equality.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/operator/strictEquality.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_dollar_number.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_input.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_lastIndex.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_lastMatch.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_lastMatch_as_array.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_lastParen.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_lastParen_as_array.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_leftContext.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_leftContext_as_array.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_multiline.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_object.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_rightContext.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/RegExp_rightContext_as_array.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/alphanumeric.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/asterisk.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/backslash.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/backspace.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/beginLine.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/character_class.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/compile.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/control_characters.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/digit.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/dot.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/endLine.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/everything.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/exec.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/flags.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/global.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/hexadecimal.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/ignoreCase.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/interval.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/octal.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/parentheses.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/plus.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/question_mark.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/simple_form.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/source.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/special_characters.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/string_replace.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/string_search.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/string_split.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/test.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/toString.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/vertical_bar.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/whitespace.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/regexp/word_boundary.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/shell.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/statements/break.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/statements/continue.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/statements/do_while.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/statements/switch.js: Added property allow-tabs.
-        * tests/mozilla/js1_2/statements/switch2.js: Added property allow-tabs.
-        * tests/mozilla/js1_3/shell.js: Added property allow-tabs.
-        * tests/mozilla/js1_4/shell.js: Added property allow-tabs.
-        * tests/mozilla/js1_5/Regress/regress-111557.js: Added property allow-tabs.
-        * tests/mozilla/js1_5/Regress/regress-216320.js: Added property allow-tabs.
-        * tests/mozilla/menuhead.html: Added property allow-tabs.
-        * tests/mozilla/mklistpage.pl: Added property allow-tabs.
-        * tests/mozilla/runtests.pl: Added property allow-tabs.
-
-2010-01-08  Daniel Bates  <dbates@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33417
-
-        Cleans up style errors exposed by the patch for bug #33198.
-        Moreover, fixes all "Weird number of spaces at line-start. Are you using a 4-space indent?"
-        errors reported by check-webkit-style.
-
-        No functionality was changed. So, no new tests.
-
-        * wtf/Platform.h:
-
-2010-01-08  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        Don't store RegExp flags string representation
-        https://bugs.webkit.org/show_bug.cgi?id=33321
-
-        It's unused; the string representation is reconstructed from flags.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * runtime/RegExp.h:
-
-2010-01-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Memory use grows grows possibly unbounded in this JavaScript Array test case
-        https://bugs.webkit.org/show_bug.cgi?id=31675
-
-        This fixes one observed bug in this test case, which is that
-        arrays don't report extra cost for the sparse value maps.
-
-        SunSpider reports a small speedup.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase): Report extra memory cost for
-        the sparse value map.
-        * runtime/JSArray.h: 
-
-2010-01-08  Yong Li  <yoli@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Remove unnecessary #include from FastMalloc.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=33393
-
-        * wtf/FastMalloc.cpp:
-
-2010-01-08  Eric Seidel  <eric@webkit.org>
-
-        No review, rolling out r52983.
-        http://trac.webkit.org/changeset/52983
-        https://bugs.webkit.org/show_bug.cgi?id=33321
-
-        Broke 59 JavaScriptCore tests.  I don't think Kent knew about
-        run-javascriptcore-tests.  Sadly neither does the commit-bot,
-        yet.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * runtime/RegExp.h:
-        (JSC::RegExp::flags):
-
-2010-01-08  Eric Seidel  <eric@webkit.org>
-
-        No review, rolling out r52981.
-        http://trac.webkit.org/changeset/52981
-        https://bugs.webkit.org/show_bug.cgi?id=33319
-
-        Caused two JS tests to start failing:
-        ecma_2/RegExp/properties-001.js and js1_2/regexp/toString.js
-
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-
-2010-01-08  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Don't store RegExp flags string representation
-        https://bugs.webkit.org/show_bug.cgi?id=33321
-
-        It's unused; the string representation is reconstructed from flags.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * runtime/RegExp.h:
-
-2010-01-08  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        RegExp.prototype.toString returns "//" for empty regular expressions
-        https://bugs.webkit.org/show_bug.cgi?id=33319
-
-        "//" starts a single-line comment, hence "/(?:)/" should be used, according to ECMA.
-
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-
-2010-01-08  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        RVCT compiler with "-Otime -O3" optimization tries to optimize out 
-        inline new'ed pointers that are passed as arguments.
-        Proposed patch assigns new'ed pointer explicitly outside function call.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33084
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-
-2010-01-08  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove an unnecessary cacheFlush from ARM_TRADITIONAL JIT
-        https://bugs.webkit.org/show_bug.cgi?id=33203
-
-        * assembler/ARMAssembler.cpp: Remove obsolete linkBranch function.
-        (JSC::ARMAssembler::executableCopy): Inline a clean linkBranch code.
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::getLdrImmAddress): Use inline function.
-        (JSC::ARMAssembler::getLdrImmAddressOnPool): Ditto.
-        (JSC::ARMAssembler::patchPointerInternal): Remove an unnecessary cacheFlush.
-        (JSC::ARMAssembler::linkJump): Use patchPointerInternal instead of linkBranch.
-        (JSC::ARMAssembler::linkCall): Ditto.
-        (JSC::ARMAssembler::relinkCall): Ditto.
-
-2010-01-07  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Build fix for JSVALUE32 when ENABLE_JIT_OPTIMIZE* are disabled
-        https://bugs.webkit.org/show_bug.cgi?id=33311
-
-        Move compileGetDirectOffset function to common part of JSVALUE32
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-
-2010-01-07  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Allow call sites to determine if ASSERT_* and LOG_* macros are operational
-        https://bugs.webkit.org/show_bug.cgi?id=33020
-
-        * wtf/Assertions.h: Set ASSERT_MSG_DISABLED, FATAL_DISABLED,
-        ERROR_DISABLED, LOG_DISABLED to 1 if the compiler does not support
-        variadic macros. Refactor for better readibility.
-
-2010-01-07  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32987
-
-        Added ENABLE_XHTMLMP flag. Disabled by default.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-01-07  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [Symbian] Port ARM traditional JIT Trampolines to RVCT
-        https://bugs.webkit.org/show_bug.cgi?id=30552
-
-        Take the GCC implementation and mechanically convert
-        it to RVCT syntax.
-
-        Use 'bx rX' instead of 'mov pc, rX' when it is available.
-
-        Developed in cooperation with Iain Campbell and Gabor Loki.
-
-        * JavaScriptCore.pri: Extra step to generate RVCT stubs. The 
-        script generation intentionally executed all the time not just
-        for RVCT targets.
-
-        * create_rvct_stubs: Added. Perl script to expand precompiler macros
-        for RVCT assembler - the template is defined in JITStubs.cpp.
-
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::ctiVMThrowTrampoline):
-        (JSC::ctiOpThrowNotCaught):
-
-2010-01-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix a crash seen on the buildbots.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init): Disable specific function tracking here,
-        instead of in WebCore, to ensure that the disabling happens before a
-        specific function can be registered.
-
-2010-01-07  Alexey Proskuryakov  <ap@apple.com>
-
-        Mac build fix.
-
-        * JavaScriptCore.exp: Export new JSGlobalData static data members.
-
-2010-01-07  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33057
-        REGRESSION(r49365): typeof(xhr.responseText) != "string" in Windows
-
-        <rdar://problem/7296920> REGRESSION: WebKit fails to start PeaceKeeper benchmark
-
-        Test: fast/js/webcore-string-comparison.html
-
-        In r49365, some code was moved from JSString.cpp to JSString.h, and as a result, WebCore
-        got a way to directly instantiate JSStrings over DLL borders. Since vftable for JSString was
-        not exported, objects created from WebCore got a different vptr, and JavaScriptCore
-        optimizations that relied on vptr of all JSString objects being equal failed.
-
-        * config.h: Added a JS_EXPORTCLASS macro for exporting classes. It's currently the same as
-        JS_EXPORTDATA, but it clearly needed a new name.
-
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::createNonDefault):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::sharedInstance):
-        * runtime/JSGlobalData.h:
-        Store vptrs just once, no need to repeatedly pick and copy them. This makes it possible to
-        assert vptr correctness in object destructors (which don't have access to JSGlobalData,
-        and even Heap::heap(this) will fail for fake objects created from storeVPtrs()).
-
-        * runtime/JSArray.cpp: (JSC::JSArray::~JSArray): Assert that vptr is what we expect it to be.
-        It's important to assert in destructor, because MSVC changes the vptr after constructor
-        is invoked.
-        * runtime/JSByteArray.cpp: (JSC::JSByteArray::~JSByteArray): Ditto.
-        * runtime/JSByteArray.h: Ditto.
-        * runtime/JSFunction.h: Ditto.
-        * runtime/JSFunction.cpp: (JSC::JSFunction::~JSFunction): Ditto.
-
-        * runtime/JSCell.h: (JSC::JSCell::setVPtr): Added a method to substitute vptr for another
-        one.
-
-        * runtime/JSString.h: Export JSString class together with its vftable, and tell other
-        libraries tp import it. This is needed on platforms that have a separate JavaScriptCore
-        dynamic library - and on Mac, we already did the export via JavaScriptCore.exp.
-        (JSC::JSString::~JSString): Assert tha vptr is what we expect it to be.
-        (JSC::fixupVPtr): Store a previously saved primary vftable pointer (do nothing if building
-        JavaScriptCore itself).
-        (JSC::jsSingleCharacterString): Call fixupVPtr in case this is call across DLL boundary.
-        (JSC::jsSingleCharacterSubstring): Ditto.
-        (JSC::jsNontrivialString): Ditto.
-        (JSC::jsString): Ditto.
-        (JSC::jsSubstring): Ditto.
-        (JSC::jsOwnedString): Ditto.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export the new static
-        JSGlobalData members that are used in WebCore via inline functions.
-
-2010-01-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Safari memory usage skyrockets using new Google AdWords interface
-        https://bugs.webkit.org/show_bug.cgi?id=33343
-
-        The memory use was caused by the global object creating too many structures
-        as it thrashed between different specific functions.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::addAnonymousSlotsTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::despecifyAllFunctions):
-        * runtime/Structure.h:
-        (JSC::Structure::disableSpecificFunctionTracking): Track a thrash count
-        for specific functions. Disable specific function tracking once the
-        thrash count has been hit.
-
-2010-01-07  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Enable JIT in debug mode on win32 after r51141 fixed the crashes.
-
-        * JavaScriptCore.pri:
-
-2010-01-07  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Holger Freyther.
-
-        [Mac] Build fix when FAST_MALLOC_MATCH_VALIDATION=1
-        https://bugs.webkit.org/show_bug.cgi?id=33312
-
-        Using of operator += cause compile error on Mac, so it is changed to
-        "= static_cast<AllocAlignmentInteger*>(old_ptr) + 1".
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::realloc):
-
-2010-01-07  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Holger Freyther.
-
-        [Qt] Build fix when FAST_MALLOC_MATCH_VALIDATION=1
-        https://bugs.webkit.org/show_bug.cgi?id=33312
-
-        Remove pByte (committed in r42344 from #20422), because pByte doesn't
-        exist and it is unnecessary.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::realloc):
-
-2010-01-06  Gavin Barraclough  <barraclough@apple.com>
-
-        QT build fix.
-
-        * runtime/Identifier.cpp:
-        (JSC::createIdentifierTableSpecific):
-
-2010-01-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix part I.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-01-06  Dan Bernstein  <mitz@apple.com>
-
-        Build fix
-
-        * runtime/Identifier.cpp:
-        (JSC::createIdentifierTableSpecificCallback):
-
-2010-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33236
-        Remove m_identifierTable pointer from UString
-
-        Currently every string holds a pointer so that during destruction,
-        if a string has been used as an identifier, it can remove itself
-        from the table.  By instead accessing the identifierTable via a
-        thread specific tracking the table associated with the current
-        globaldata, we can save the memory cost of this pointer.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-
-            - change the API shims to track the identifierTable of the current JSGlobalData.
-
-        * API/JSContextRef.cpp:
-        (JSContextGroupCreate):
-
-            - update creation of JSGlobalData for API usage to use new create method.
-            - fix shim instanciation bug in JSGlobalContextCreateInGroup.
-
-        * JavaScriptCore.exp:
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-
-            - add asserts to check the identifierTable is being tracked correctly.
-
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierTable::~IdentifierTable):
-        (JSC::IdentifierTable::add):
-        (JSC::Identifier::remove):
-        (JSC::Identifier::checkSameIdentifierTable):
-        (JSC::createIdentifierTableSpecificCallback):
-        (JSC::createIdentifierTableSpecific):
-        (JSC::createDefaultDataSpecific):
-
-            - Use currentIdentifierTable() instead of UStringImpl::m_identifierTable.
-            - Define methods to access the thread specific identifier tables.
-
-        * runtime/Identifier.h:
-        (JSC::ThreadIdentifierTableData::ThreadIdentifierTableData):
-        (JSC::defaultIdentifierTable):
-        (JSC::setDefaultIdentifierTable):
-        (JSC::currentIdentifierTable):
-        (JSC::setCurrentIdentifierTable):
-        (JSC::resetCurrentIdentifierTable):
-
-            - Declare methods to access the thread specific identifier tables.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::createNonDefault):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::sharedInstance):
-
-            - creation of JSGlobalData objects, other than for API usage, associate themselves with the current thread.
-
-        * runtime/JSGlobalData.h:
-        * runtime/UStringImpl.cpp:
-        (JSC::UStringImpl::destroy):
-
-            - destroy() method should be using isIdentifier().
-
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::isIdentifier):
-        (JSC::UStringImpl::setIsIdentifier):
-        (JSC::UStringImpl::checkConsistency):
-        (JSC::UStringImpl::UStringImpl):
-
-            - replace m_identifierTable with a single m_isIdentifier bit.
-
-        * wtf/StringHashFunctions.h:
-        (WTF::stringHash):
-
-            - change string hash result from 32-bit to 31-bit, to free a bit in UStringImpl for m_isIdentifier.
-
-2009-12-25 Patrick Gansterer <paroga@paroga.com>
- 
-        Reviewed by Eric Seidel.
-
-        Buildfix for WinCE + style fixes.
-        https://bugs.webkit.org/show_bug.cgi?id=32939
-
-        * jsc.cpp:
-        (functionPrint):
-        (functionQuit):
-        (parseArguments):
-        (fillBufferWithContentsOfFile):
- 
-2010-01-05  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Eric Seidel.
-
-        WinCE buildfix after r52791 (renamed PLATFORM(WINCE) to OS(WINCE)).
-        https://bugs.webkit.org/show_bug.cgi?id=33205
-
-        * jit/ExecutableAllocator.h:
-
-2010-01-05  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Added compiler error for unsupported platforms.
-        https://bugs.webkit.org/show_bug.cgi?id=33112
-
-        * jit/JITStubs.cpp:
-
-2010-01-05  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Follow r52729 in ARMAssembler.
-        https://bugs.webkit.org/show_bug.cgi?id=33208
-
-        Use WTF_ARM_ARCH_AT_LEAST instead of ARM_ARCH_VERSION
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::encodeComplexImm): Move tmp declaration to ARMv7
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::bkpt):
-
-2010-01-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Unreviewed build fix for Gtk+
-
-        Don't use // comments in Platform.h, at least some of them seem to make the version of GCC
-        used on the Gtk buildbot unhappy.
-
-        * wtf/Platform.h:
-
-2010-01-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Fisher.
-
-        Reorganize, document and rename OS() platform macros.
-        https://bugs.webkit.org/show_bug.cgi?id=33198
-
-        * wtf/Platform.h: Rename, reorganize and document OS() macros.
-
-        Adapt to name changes. Also fixed a few incorrect OS checks.
-
-        * API/JSContextRef.cpp:
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::isVFPPresent):
-        * assembler/MacroAssemblerX86Common.h:
-        * bytecode/SamplingTool.cpp:
-        * config.h:
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::~RegisterFile):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::grow):
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        * jit/ExecutableAllocatorPosix.cpp:
-        * jit/ExecutableAllocatorSymbian.cpp:
-        * jit/ExecutableAllocatorWin.cpp:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        * jsc.cpp:
-        (main):
-        * parser/Grammar.y:
-        * profiler/ProfileNode.cpp:
-        (JSC::getCount):
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlockPtr):
-        (JSC::currentThreadStackBase):
-        (JSC::getCurrentPlatformThread):
-        (JSC::suspendThread):
-        (JSC::resumeThread):
-        (JSC::getPlatformThreadRegisters):
-        (JSC::otherThreadStackPointer):
-        * runtime/Collector.h:
-        * runtime/DateConstructor.cpp:
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreading):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
-        * runtime/MarkStackPosix.cpp:
-        * runtime/MarkStackSymbian.cpp:
-        * runtime/MarkStackWin.cpp:
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncLastIndexOf):
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-        * runtime/UString.cpp:
-        (JSC::UString::from):
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-        * wtf/CurrentTime.cpp:
-        (WTF::lowResUTCTime):
-        * wtf/CurrentTime.h:
-        (WTF::getLocalTime):
-        * wtf/DateMath.cpp:
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_ThreadCache::InitModule):
-        (WTF::TCMallocStats::):
-        * wtf/FastMalloc.h:
-        * wtf/MathExtras.h:
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-        * wtf/StringExtras.h:
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SlowLock):
-        * wtf/TCSystemAlloc.cpp:
-        * wtf/ThreadSpecific.h:
-        (WTF::::destroy):
-        * wtf/Threading.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        (WTF::isMainThread):
-        * wtf/ThreadingWin.cpp:
-        (WTF::wtfThreadEntryPoint):
-        (WTF::createThreadInternal):
-        * wtf/VMTags.h:
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::Collator::userDefault):
-        * wtf/win/MainThreadWin.cpp:
-        (WTF::initializeMainThreadPlatform):
-
-2010-01-04  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Add missing files to the build system - make distcheck build fix.
-
-        * GNUmakefile.am:
-
-2010-01-04  Gavin Barraclough <barraclough@apple.com>
-
-        Reviewed by Sam Weinig, additional coding by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33163
-        Add string hashing functions to WTF.
-        Use WTF's string hashing functions from UStringImpl.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/UStringImpl.cpp:
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::computeHash):
-        * wtf/HashFunctions.h:
-        * wtf/StringHashFunctions.h: Added.
-        (WTF::stringHash):
-
-2010-01-04  Dmitry Titov  <dimich@chromium.org>
-
-        Not reviewed, attempt to fix ARM bulid.
-
-        * wtf/Platform.h:
-
-2010-01-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoff Garen.
-
-        Add an 'isIdentifier' to UStringImpl, use this where appropriate
-        (where previously 'identifierTable' was being tested).
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::addSlowCase):
-        * runtime/Identifier.h:
-        (JSC::Identifier::add):
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * runtime/UStringImpl.h:
-        (JSC::UStringImpl::isIdentifier):
-
-2010-01-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam "Shimmey Shimmey" Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=33158
-        Refactor JSC API entry/exit to use RAII instead of copy/pasting code.
-        Make it easier to change set of actions taken when passing across the API boundary.
-
-        * API/APIShims.h: Added.
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APIEntryShim::APIEntryShim):
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        (JSGarbageCollect):
-        (JSReportExtraMemoryCost):
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::init):
-        (JSC::::getOwnPropertySlot):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::construct):
-        (JSC::::hasInstance):
-        (JSC::::call):
-        (JSC::::getOwnPropertyNames):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        (JSC::::staticValueGetter):
-        (JSC::::callbackGetter):
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectMakeArray):
-        (JSObjectMakeDate):
-        (JSObjectMakeError):
-        (JSObjectMakeRegExp):
-        (JSObjectGetPrototype):
-        (JSObjectSetPrototype):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCallAsFunction):
-        (JSObjectCallAsConstructor):
-        (JSObjectCopyPropertyNames):
-        (JSPropertyNameArrayRelease):
-        (JSPropertyNameAccumulatorAddName):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeUndefined):
-        (JSValueMakeNull):
-        (JSValueMakeBoolean):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-01-04  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Ada Chan and Mark Rowe.
-
-        Updated copyright string
-
-        * Info.plist:
-        * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc:
-
-2010-01-04  Adam Roben  <aroben@apple.com>
-
-        No review, rolling out r52741.
-        http://trac.webkit.org/changeset/52741
-        https://bugs.webkit.org/show_bug.cgi?id=33056
-
-        * wtf/AlwaysInline.h:
-
-2010-01-04  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Add cacheFlush support for WinCE
-        https://bugs.webkit.org/show_bug.cgi?id=33110
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2010-01-04  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Adam Roben.
-
-        Implement NO_RETURN for COMPILER(MSVC).
-        https://bugs.webkit.org/show_bug.cgi?id=33056
-
-        * wtf/AlwaysInline.h:
-
-2010-01-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix some PLATFORM(*_ENDIAN) uses to CPU()
-        https://bugs.webkit.org/show_bug.cgi?id=33148
-
-        * runtime/JSCell.cpp:
-        (JSC::):
-        * runtime/JSValue.h:
-        (JSC::JSValue::):
-
-2010-01-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Document CPU() macros in comments.
-        https://bugs.webkit.org/show_bug.cgi?id=33147
-
-        * wtf/Platform.h:
-
-2010-01-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Reorganize, document and rename CPU() platform macros.
-        https://bugs.webkit.org/show_bug.cgi?id=33145
-        ExecutableAllocatorSymbian appears to have buggy ARM version check
-        https://bugs.webkit.org/show_bug.cgi?id=33138
-        
-        * wtf/Platform.h:
-        Rename all macros related to detection of particular CPUs or
-        classes of CPUs to CPU(), reorganize and document them.
-
-        All remaining changes are adapting to the renames, plus fixing the
-        second bug cited above.
-        
-        * assembler/ARMAssembler.cpp:
-        * assembler/ARMAssembler.h:
-        * assembler/ARMv7Assembler.h:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Imm32::Imm32):
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerARM.cpp:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
-        * assembler/MacroAssemblerX86.h:
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/MacroAssemblerX86_64.h:
-        * assembler/X86Assembler.h:
-        (JSC::X86Registers::):
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::movl_mEAX):
-        (JSC::X86Assembler::movl_EAXm):
-        (JSC::X86Assembler::repatchLoadPtrToLEA):
-        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        * jit/ExecutableAllocatorPosix.cpp:
-        * jit/ExecutableAllocatorSymbian.cpp:
-        (JSC::ExecutableAllocator::intializePageSize):
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::beginUninterruptedSequence):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        (JSC::JIT::emitCount):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-        * runtime/Collector.cpp:
-        (JSC::currentThreadStackBase):
-        (JSC::getPlatformThreadRegisters):
-        (JSC::otherThreadStackPointer):
-        * wrec/WREC.h:
-        * wrec/WRECGenerator.cpp:
-        (JSC::WREC::Generator::generateEnter):
-        (JSC::WREC::Generator::generateReturnSuccess):
-        (JSC::WREC::Generator::generateReturnFailure):
-        * wrec/WRECGenerator.h:
-        * wtf/FastMalloc.cpp:
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SlowLock):
-        * wtf/Threading.h:
-        * wtf/dtoa.cpp:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter):
-        (JSC::Yarr::RegexGenerator::generateReturn):
-        * yarr/RegexJIT.h:
-
-2010-01-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Clean up COMPILER macros and remove unused ones.
-        https://bugs.webkit.org/show_bug.cgi?id=33132
-        
-        Removed values are COMPILER(BORLAND) and COMPILER(CYGWIN) - they were
-        not used anywhere.
-
-        * wtf/Platform.h:
-
-2010-01-03  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Update wtf/Platform.h to document the new system for porting macros.
-        https://bugs.webkit.org/show_bug.cgi?id=33130
-
-        * wtf/Platform.h:
-
-2009-12-29  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        PLATFORM(CAIRO) should be defined by WIN_CAIRO define
-        https://bugs.webkit.org/show_bug.cgi?id=22250
-
-        * wtf/Platform.h: Define WTF_PLATFORM_CAIRO for GTK port only
-        For the WinCairo port WTF_PLATFORM_CAIRO is already defined in config.h
-
-2009-12-28  Shu Chang  <Chang.Shu@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Delete ThreadPrivate instance after it is finished.
-        https://bugs.webkit.org/show_bug.cgi?id=32614
-
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::ThreadMonitor::instance):
-        (WTF::ThreadMonitor::threadFinished):
-        (WTF::createThreadInternal):
-        (WTF::detachThread):
-
-2009-12-28  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Cleanup of #define JS_EXPORT.
-
-        * API/JSBase.h:
-
-2009-12-27  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Adam Barth.
-
-        WinCE buildfix (HWND_MESSAGE isn't supported there)
-
-        * wtf/win/MainThreadWin.cpp:
-        (WTF::initializeMainThreadPlatform):
-
-2009-12-27  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Adam Barth.
-
-        Added a file with WinMain function to link agains in WinCE.
-
-        * os-win32/WinMain.cpp: Added.
-        (convertToUtf8):
-        (WinMain):
-
-2009-12-24  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed; revert of r52550.
-
-        The change regressed the following LayoutTests for QtWebKit.
-
-        fast/workers/worker-call.html -> crashed
-        fast/workers/worker-close.html -> crashed
-
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-
-2009-12-24  Shu Chang  <Chang.Shu@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Fix memory leak by deleting instance of ThreadPrivate
-        in function waitForThreadCompletion(), synchronously, or in
-        detachThread(), asynchronously.
-        https://bugs.webkit.org/show_bug.cgi?id=32614 
-
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::waitForThreadCompletion):
-        (WTF::detachThread):
-
-2009-12-23  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Laszlo Gombos.
-
-        Include stddef.h for ptrdiff_t
-        https://bugs.webkit.org/show_bug.cgi?id=32891
-
-        ptrdiff_t is typedef-ed in stddef.h.
-        Include stddef.h in jit/ExecutableAllocator.h.
-
-        * jit/ExecutableAllocator.h:
-
-2009-12-23  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Eric Seidel.
-
-        Buildfix after r47092.
-
-        * wtf/wince/MemoryManager.cpp:
-        (WTF::tryFastMalloc):
-        (WTF::tryFastZeroedMalloc):
-        (WTF::tryFastCalloc):
-        (WTF::tryFastRealloc):
-
-2009-12-23  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        HTMLInputElement::valueAsDate getter support.
-        https://bugs.webkit.org/show_bug.cgi?id=32876
-
-        Expose dateToDaysFrom1970().
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/DateMath.cpp:
-        (WTF::dateToDaysFrom1970):
-        * wtf/DateMath.h:
-
-2009-12-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Turn off datagrid by default, at least for all platforms Apple ships.
-        The datagrid implementation isn't ready for general web use yet.
-
-        * Configurations/FeatureDefines.xcconfig: Turn off datagrid by default.
-
-2009-12-22  Steve Block  <steveblock@google.com>
-
-        Reviewed by David Levin.
-
-        Updates Android's scheduleDispatchFunctionsOnMainThread() to use new
-        AndroidThreading class, rather than using JavaSharedClient directly.
-        This fixes the current layering violation.
-        https://bugs.webkit.org/show_bug.cgi?id=32651
-
-        The pattern is copied from Chromium, which uses the ChromiumThreading
-        class. This patch also fixes the style in ChromiumThreading.h.
-
-        * wtf/android/AndroidThreading.h: Added. Declares AndroidThreading.
-        * wtf/android/MainThreadAndroid.cpp: Modified
-        (WTF::scheduleDispatchFunctionsOnMainThread): Uses AndroidThreading.
-        * wtf/chromium/ChromiumThreading.h: Modified. Fixes style.
-
-2009-12-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix a couple of problems with UntypedPtrAndBitfield.
-
-        Add a m_leaksPtr to reduce false positives from leaks in debug builds
-        (this isn't perfect because we'd like a solution for release builds,
-        but this is now at least as good as a PtrAndFlags would be).
-
-        Switch SmallStringsto use a regular string for the base, rather than
-        a static one.  UntypedPtrAndBitfield assumes all strings are at least
-        8 byte aligned; this migt not be true of static strings.  Shared buffers
-        are heap allocated, as are all UStringImpls other than static strings.
-        Static strings cannot end up being the owner string of substrings,
-        since the only static strings are length 0.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::SmallStringsStorage):
-        * runtime/UStringImpl.h:
-        (JSC::UntypedPtrAndBitfield::UntypedPtrAndBitfield):
-        (JSC::UStringImpl::UStringImpl):
-
-2009-12-22  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        RVCT (__ARMCC_VERSION < 400000) does not provide strcasecmp and strncasecmp
-        https://bugs.webkit.org/show_bug.cgi?id=32857
-
-        Add implementation of strcasecmp and strncasecmp for RVCT < 4.0
-        because earlier versions of RVCT 4.0 does not provide these functions.
-
-        * wtf/StringExtras.cpp: Added.
-        (strcasecmp):
-        (strncasecmp):
-        * wtf/StringExtras.h:
-
-2009-12-22  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Define ALWAYS_INLINE and WTF_PRIVATE_INLINE to __forceinline for RVCT
-        https://bugs.webkit.org/show_bug.cgi?id=32853
-
-        Use __forceinline forces RVCT to compile a C or C++ function
-        inline. The compiler attempts to inline the function, regardless of
-        the characteristics of the function.
-
-        * wtf/AlwaysInline.h:
-        * wtf/FastMalloc.h:
-
-2009-12-21  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Prospective GTK build fix: Add UStringImpl.cpp/h to the build.
-
-        * GNUmakefile.am:
-
-2009-12-21  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Fix the Qt build, add UStringImpl.cpp to the build.
-
-        * JavaScriptCore.pri:
-
-2009-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows Build fix part 5.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2009-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix).
-        Fix breakage of world introduced in build fix to r52463.
-
-        * runtime/UStringImpl.h:
-
-2009-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32831
-        Replace UString::Rep implementation, following introduction of ropes to JSC.
-
-            * Remove redundant overcapacity mechanisms.
-            * Reduce memory cost of Rep's.
-            * Add an inline storage mechanism akin to that in WebCore's StringImpl.
-
-        ~1% Sunspider progression.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::SmallStringsStorage):
-        * runtime/UString.cpp:
-        (JSC::initializeUString):
-        (JSC::createRep):
-        (JSC::UString::createFromUTF8):
-        (JSC::UString::createUninitialized):
-        (JSC::UString::spliceSubstringsWithSeparators):
-        (JSC::UString::replaceRange):
-        (JSC::UString::ascii):
-        (JSC::UString::operator=):
-        (JSC::UString::toStrictUInt32):
-        (JSC::equal):
-        * runtime/UString.h:
-        (JSC::UString::isEmpty):
-        (JSC::UString::cost):
-        (JSC::makeString):
-        * runtime/UStringImpl.cpp: Added.
-        (JSC::UStringImpl::baseSharedBuffer):
-        (JSC::UStringImpl::sharedBuffer):
-        (JSC::UStringImpl::destroy):
-        (JSC::UStringImpl::computeHash):
-        * runtime/UStringImpl.h: Added.
-        (JSC::UntypedPtrAndBitfield::UntypedPtrAndBitfield):
-        (JSC::UntypedPtrAndBitfield::asPtr):
-        (JSC::UntypedPtrAndBitfield::operator&=):
-        (JSC::UntypedPtrAndBitfield::operator|=):
-        (JSC::UntypedPtrAndBitfield::operator&):
-        (JSC::UStringImpl::create):
-        (JSC::UStringImpl::createCopying):
-        (JSC::UStringImpl::createUninitialized):
-        (JSC::UStringImpl::data):
-        (JSC::UStringImpl::size):
-        (JSC::UStringImpl::cost):
-        (JSC::UStringImpl::hash):
-        (JSC::UStringImpl::computedHash):
-        (JSC::UStringImpl::setHash):
-        (JSC::UStringImpl::identifierTable):
-        (JSC::UStringImpl::setIdentifierTable):
-        (JSC::UStringImpl::ref):
-        (JSC::UStringImpl::deref):
-        (JSC::UStringImpl::allocChars):
-        (JSC::UStringImpl::copyChars):
-        (JSC::UStringImpl::computeHash):
-        (JSC::UStringImpl::null):
-        (JSC::UStringImpl::empty):
-        (JSC::UStringImpl::checkConsistency):
-        (JSC::UStringImpl::):
-        (JSC::UStringImpl::UStringImpl):
-        (JSC::UStringImpl::operator new):
-        (JSC::UStringImpl::bufferOwnerString):
-        (JSC::UStringImpl::bufferOwnership):
-        (JSC::UStringImpl::isStatic):
-
-2009-12-18  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Move some build decisions from Qt build system into source files
-        https://bugs.webkit.org/show_bug.cgi?id=31956
-
-        * JavaScriptCore.pri: Compile files unconditionally
-        * jit/ExecutableAllocatorPosix.cpp: Guard with PLATFORM(UNIX) && !PLATFORM(SYMBIAN)
-        * jit/ExecutableAllocatorWin.cpp: Guard with PLATFORM(WIN_OS)
-        * runtime/MarkStackPosix.cpp: Guard with PLATFORM(UNIX) && !PLATFORM(SYMBIAN)
-        * runtime/MarkStackSymbian.cpp: Guard with PLATFORM(SYMBIAN)
-        * runtime/MarkStackWin.cpp: Guard with PLATFORM(WIN_OS)
-        * wtf/Platform.h: Guard ENABLE_JSC_MULTIPLE_THREADS with ENABLE_SINGLE_THREADED for the Qt port
-        * wtf/ThreadingNone.cpp: Guard with ENABLE(SINGLE_THREADED)
-        * wtf/qt/ThreadingQt.cpp: Guard with !ENABLE(SINGLE_THREADED)
-
-2009-12-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add createNonCopying method to UString to make replace constructor passed bool,
-        to make behaviour more explicit.  Add createFromUTF8 to UString (wrapping method
-        on UString::Rep), since other cases of transliteration (e.g.  from ascii) are
-        performed in UString constructors.  Add/use setHash & size() accessors on Rep,
-        rather than accessing _hash/len directly.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::ustring):
-        * JavaScriptCore.exp:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::equal):
-        (JSC::CStringTranslator::translate):
-        (JSC::UCharBufferTranslator::translate):
-        (JSC::Identifier::addSlowCase):
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        * runtime/JSString.h:
-        (JSC::JSString::Rope::Fiber::refAndGetLength):
-        (JSC::JSString::Rope::append):
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::release):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncLink):
-        * runtime/UString.cpp:
-        (JSC::UString::UString):
-        (JSC::UString::createNonCopying):
-        (JSC::UString::createFromUTF8):
-        * runtime/UString.h:
-        (JSC::UString::Rep::setHash):
-        (JSC::UString::~UString):
-        (JSC::makeString):
-
-2009-12-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich and Gavin Barraclough.
-        
-        Changed Register constructors to assignment operators, to streamline
-        moving values into registers. (In theory, there's no difference between
-        the two, since the constructor should just inline away, but there seems
-        to be a big difference in the addled mind of the GCC optimizer.)
-
-        In the interpreter, this is a 3.5% SunSpider speedup and a 1K-2K
-        reduction in stack usage per privateExecute stack frame.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::setCalleeArguments):
-        (JSC::ExecState::setCallerFrame):
-        (JSC::ExecState::setScopeChain):
-        (JSC::ExecState::init):
-        (JSC::ExecState::setArgumentCount):
-        (JSC::ExecState::setCallee):
-        (JSC::ExecState::setCodeBlock): Added a little bit of casting so these
-        functions could use the new Register assignment operators.
-
-        * interpreter/Register.h:
-        (JSC::Register::withInt):
-        (JSC::Register::Register):
-        (JSC::Register::operator=): Swapped in assignment operators for constructors.
-
-2009-12-18  Yongjun Zhang  <yongjun.zhang@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32713
-        [Qt] make wtf/Assertions.h compile in winscw compiler.
-
-        Add string arg before ellipsis to help winscw compiler resolve variadic
-        macro definitions in wtf/Assertions.h. 
-
-        * wtf/Assertions.h:
-
-2009-12-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Fixed intermittent failure seen on Windows buildbot, and in other JSC
-        API clients.
-        
-        Added a WeakGCPtr class and changed OpaqueJSClass::cachedPrototype to
-        use it, to avoid vending a stale object as a prototype.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::prototype):
-        * API/JSClassRef.h: Use WeakGCPtr.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/WeakGCPtr.h: Added.
-        (JSC::WeakGCPtr::WeakGCPtr):
-        (JSC::WeakGCPtr::get):
-        (JSC::WeakGCPtr::clear):
-        (JSC::WeakGCPtr::operator*):
-        (JSC::WeakGCPtr::operator->):
-        (JSC::WeakGCPtr::operator!):
-        (JSC::WeakGCPtr::operator bool):
-        (JSC::WeakGCPtr::operator UnspecifiedBoolType):
-        (JSC::WeakGCPtr::assign):
-        (JSC::::operator):
-        (JSC::operator==):
-        (JSC::operator!=):
-        (JSC::static_pointer_cast):
-        (JSC::const_pointer_cast):
-        (JSC::getPtr): Added WeakGCPtr to the project.
-
-2009-12-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32720
-
-        * JavaScriptCore.exp:
-            - Remove exports for UString::append
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Make StringBuilder a private header (was project).
-
-2009-12-18  Martin Robinson  <martin.james.robinson@gmail.com>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [GTK] GRefPtr does not take a reference when assigned a raw pointer
-        https://bugs.webkit.org/show_bug.cgi?id=32709
-
-        Ensure that when assigning a raw pointer to a GRefPtr, the reference
-        count is incremented. Also remove the GRefPtr conversion overload as
-        GRefPtr types have necessarily incompatible reference counting.
-
-        * wtf/gtk/GRefPtr.h:
-        (WTF::GRefPtr::operator=):
-
-2009-12-18  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Clean up the qmake build system to distinguish between trunk builds and package builds
-
-        https://bugs.webkit.org/show_bug.cgi?id=32716
-
-        * pcre/pcre.pri: Use standalone_package instead of QTDIR_build
-
-2009-12-18  Martin Robinson  <martin.james.robinson@gmail.com>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [GTK] Compile warning from line 29 of GRefPtr.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=32703
-
-        Fix memory leak and compiler warning in GRefPtr GHashTable template
-        specialization.
-
-        * wtf/gtk/GRefPtr.cpp:
-        (WTF::refGPtr):
-
-2009-12-17  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Add BUILDING_ON_SNOW_LEOPARD and TARGETING_SNOW_LEOPARD #defines.
-
-        * wtf/Platform.h:
-
-2009-12-17  Adam Roben  <aroben@apple.com>
-
-        Sync JavaScriptCore.vcproj with JavaScriptCore.xcodeproj and the
-        source tree
-
-        Fixes <http://webkit.org/b/32665>.
-
-        Reviewed by Ada Chan.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Moved
-        around files and filters so that the structure matches
-        JavaScriptCore.xcodeproj and the source tree. A few headers that were
-        previously omitted have been added, as well as JSZombie.{cpp,h}.
-
-2009-12-17  Adam Roben  <aroben@apple.com>
-
-        Remove HeavyProfile and TreeProfile completely
-
-        These were mostly removed in r42808, but the empty files were left in
-        place.
-
-        Fixes <http://webkit.org/b/32664>.
-
-        Reviewed by John Sullivan.
-
-        * Android.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCoreSources.bkl:
-        Removed HeavyProfile/TreeProfile source files.
-
-        * profiler/HeavyProfile.cpp: Removed.
-        * profiler/HeavyProfile.h: Removed.
-        * profiler/TreeProfile.cpp: Removed.
-        * profiler/TreeProfile.h: Removed.
-
-2009-12-17  Martin Robinson  <martin.james.robinson@gmail.com>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [GTK] WebKit GTK needs a wrapper for ref counted glib/gobject structs
-        https://bugs.webkit.org/show_bug.cgi?id=21599
-
-        Implement GRefPtr, a smart pointer for reference counted GObject types.
-
-        * GNUmakefile.am:
-        * wtf/gtk/GOwnPtr.cpp:
-        (WTF::GDir):
-        * wtf/gtk/GRefPtr.h: Added.
-        (WTF::):
-        (WTF::GRefPtr::GRefPtr):
-        (WTF::GRefPtr::~GRefPtr):
-        (WTF::GRefPtr::clear):
-        (WTF::GRefPtr::get):
-        (WTF::GRefPtr::operator*):
-        (WTF::GRefPtr::operator->):
-        (WTF::GRefPtr::operator!):
-        (WTF::GRefPtr::operator UnspecifiedBoolType):
-        (WTF::GRefPtr::hashTableDeletedValue):
-        (WTF::::operator):
-        (WTF::::swap):
-        (WTF::swap):
-        (WTF::operator==):
-        (WTF::operator!=):
-        (WTF::static_pointer_cast):
-        (WTF::const_pointer_cast):
-        (WTF::getPtr):
-        (WTF::adoptGRef):
-        (WTF::refGPtr):
-        (WTF::derefGPtr):
-
-2009-12-17  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Unreviewed. Build fixes for make distcheck.
-
-        * GNUmakefile.am:
-
-2009-12-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed <rdar://problem/7355025> Interpreter::privateExecute macro generates
-        bloated code
-        
-        This patch cuts Interpreter stack use by about a third.
-
-        * bytecode/Opcode.h: Changed Opcode to const void* to work with the
-        const static initiliazation we want to do in Interpreter::privateExecute.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter): Moved hashtable initialization here to
-        avoid polluting Interpreter::privateExecute's stack, and changed it from a
-        series of add() calls to one add() call in a loop, to cut down on code size.
-
-        (JSC::Interpreter::privateExecute): Changed a series of label computations
-        to a copy of a compile-time constant array to cut down on code size.
-
-2009-12-16  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.  Disable debug variants of WebKit frameworks.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-12-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam "r=me" Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32498
-        <rdar://problem/7471495>
-        REGRESSION(r51978-r52039): AJAX "Mark This Forum Read" function no longer
-        works
-        
-        Fixed a tyop.
-
-        * runtime/Operations.h:
-        (JSC::jsAdd): Use the '&&' operator, not the ',' operator.
-
-2009-12-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the windows build: don't export this inlined function.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-12-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Inlined JSCell's operator new.
-        
-        3.7% speedup on bench-allocate-nonretained.js.
-
-        * JavaScriptCore.exp:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        (JSC::JSCell::operator new):
-
-2009-12-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed the number heap, replacing it with a one-item free list for
-        numbers, taking advantage of the fact that two number cells fit inside
-        the space for one regular cell, and number cells don't require destruction.
-        
-        SunSpider says 1.6% faster in JSVALUE32 mode (the only mode that
-        heap-allocates numbers).
-        
-        SunSpider says 1.1% faster in JSVALUE32_64 mode. v8 says 0.8% faster
-        in JSVALUE32_64 mode. 10% speedup on bench-alloc-nonretained.js. 6%
-        speedup on bench-alloc-retained.js.
-        
-        There's a lot of formulaic change in this patch, but not much substance.
-
-        * JavaScriptCore.exp:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlock):
-        (JSC::Heap::freeBlockPtr):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::recordExtraCost):
-        (JSC::Heap::allocate):
-        (JSC::Heap::resizeBlocks):
-        (JSC::Heap::growBlocks):
-        (JSC::Heap::shrinkBlocks):
-        (JSC::Heap::markConservatively):
-        (JSC::Heap::clearMarkBits):
-        (JSC::Heap::markedCells):
-        (JSC::Heap::sweep):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::addToStatistics):
-        (JSC::Heap::statistics):
-        (JSC::Heap::isBusy):
-        (JSC::Heap::reset):
-        (JSC::Heap::collectAllGarbage):
-        (JSC::Heap::primaryHeapBegin):
-        (JSC::Heap::primaryHeapEnd):
-        * runtime/Collector.h:
-        (JSC::): Removed all code pertaining to the number heap, and changed all
-        heap template functions and classes to non-template functions and classes.
-
-        (JSC::Heap::allocateNumber): A new optimization to replace the number
-        heap: allocate half-sized number cells in pairs, returning the first
-        cell and caching the second cell for the next allocation.
-
-        * runtime/CollectorHeapIterator.h:
-        (JSC::LiveObjectIterator::LiveObjectIterator):
-        (JSC::LiveObjectIterator::operator++):
-        (JSC::DeadObjectIterator::DeadObjectIterator):
-        (JSC::DeadObjectIterator::operator++):
-        (JSC::ObjectIterator::ObjectIterator):
-        (JSC::ObjectIterator::operator++):
-        * runtime/JSCell.h:
-        (JSC::JSCell::isNumber): Removed all code pertaining to the number heap,
-        and changed all heap template functions and classes to non-template functions
-        and classes.
-
-2009-12-15  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for WeakGCMap class
-        https://bugs.webkit.org/show_bug.cgi?id=32547
-
-        Inherits WeakGCMap from FastAllocBase because it is instantiated by
-        'new' at: WebCore/dom/Document.cpp:512.
-
-        * runtime/WeakGCMap.h:
-
-2009-12-15  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for dtoa's P5Node struct
-        https://bugs.webkit.org/show_bug.cgi?id=32544
-
-        Inherits P5Node struct from Noncopyable because it is instantiated by
-        'new' at wtf/dtoa.cpp:588 and don't need to be copyable.
-
-        * wtf/dtoa.cpp:
-
-2009-12-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32524
-        REGRESSION(52084): fast/dom/prototypes.html failing two CSS tests
-
-        * wtf/StdLibExtras.h:
-        (WTF::bitCount): The original patch put the parentheses in the wrong
-        place, completely changing the calculation and making it almost always
-        wrong. Moved the parentheses around the '+' operation, like the original
-        compiler warning suggested.
-
-2009-12-14  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Unreviewed trivial buildfix.
-
-        Fix crosses initialization of usedPrimaryBlocks for JSValue32
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::markConservatively):
-
-2009-12-14  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Simon Hausmann.
-
-        GCC 4.3.x warning fixed. Suggested parantheses added.
-        warning: ../../../JavaScriptCore/wtf/StdLibExtras.h:77: warning: suggest parentheses around + or - in operand of &
-
-        * wtf/StdLibExtras.h:
-        (WTF::bitCount):
-
-2009-12-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Changed GC from mark-sweep to mark-allocate.
-        
-        Added WeakGCMap to keep WebCore blissfully ignorant about objects that
-        have become garbage but haven't run their destructors yet.
-        
-        1% SunSpider speedup.
-        7.6% v8 speedup (37% splay speedup).
-        17% speedup on bench-alloc-nonretained.js.
-        18% speedup on bench-alloc-retained.js.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * API/JSContextRef.cpp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Updated for renames and new
-        files.
-
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions): Updated to use the Collector
-        iterator abstraction.
-
-        * jsc.cpp:
-        (functionGC): Updated for rename.
-
-        * runtime/Collector.cpp: Slightly reduced the number of allocations per
-        collection, so that small workloads only allocate on collector block,
-        rather than two.
-
-        (JSC::Heap::Heap): Updated to use the new allocateBlock function.
-
-        (JSC::Heap::destroy): Updated to use the new freeBlocks function.
-
-        (JSC::Heap::allocateBlock): New function to initialize a block when
-        allocating it.
-
-        (JSC::Heap::freeBlock): Consolidated the responsibility for running
-        destructors into this function.
-
-        (JSC::Heap::freeBlocks): Updated to use freeBlock.
-
-        (JSC::Heap::recordExtraCost): Sweep the heap in this reporting function,
-        so that allocation, which is more common, doesn't have to check extraCost.
-
-        (JSC::Heap::heapAllocate): Run destructors right before recycling a
-        garbage cell. This has better cache utilization than a separate sweep phase.
-
-        (JSC::Heap::resizeBlocks):
-        (JSC::Heap::growBlocks):
-        (JSC::Heap::shrinkBlocks): New set of functions for managing the size of
-        the heap, now that the heap doesn't maintain any information about its
-        size.
-
-        (JSC::isPointerAligned):
-        (JSC::isHalfCellAligned):
-        (JSC::isPossibleCell):
-        (JSC::isCellAligned):
-        (JSC::Heap::markConservatively): Cleaned up this code a bit.
-
-        (JSC::Heap::clearMarkBits):
-        (JSC::Heap::markedCells): Some helper functions for examining the the mark
-        bitmap.
-
-        (JSC::Heap::sweep): Simplified this function by using a DeadObjectIterator.
-
-        (JSC::Heap::markRoots): Reordered some operations for clarity.
-
-        (JSC::Heap::objectCount):
-        (JSC::Heap::addToStatistics):
-        (JSC::Heap::statistics): Rewrote these functions to calculate an object
-        count on demand, since the heap doesn't maintain this information by 
-        itself.
-
-        (JSC::Heap::reset): New function for resetting the heap once we've
-        exhausted heap space.
-
-        (JSC::Heap::collectAllGarbage): This function matches the old collect()
-        behavior, but it's now an uncommon function used only by API.
-
-        * runtime/Collector.h:
-        (JSC::CollectorBitmap::count):
-        (JSC::CollectorBitmap::isEmpty): Added some helper functions for managing
-        the collector mark bitmap.
-
-        (JSC::Heap::reportExtraMemoryCost): Changed reporting from cell equivalents
-        to bytes, so it's easier to understand.
-        
-        * runtime/CollectorHeapIterator.h:
-        (JSC::CollectorHeapIterator::CollectorHeapIterator):
-        (JSC::CollectorHeapIterator::operator!=):
-        (JSC::CollectorHeapIterator::operator*):
-        (JSC::CollectorHeapIterator::advance):
-        (JSC::::LiveObjectIterator):
-        (JSC::::operator):
-        (JSC::::DeadObjectIterator):
-        (JSC::::ObjectIterator): New iterators for encapsulating details about
-        heap layout, and what's live and dead on the heap.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::increaseVectorLength): Delay reporting extra cost until
-        we're fully constructed, so the heap mark phase won't visit us in an
-        invalid state.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::):
-        (JSC::JSCell::createDummyStructure):
-        (JSC::JSCell::JSCell):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h: Added a dummy cell to simplify allocation logic.
-
-        * runtime/JSString.h:
-        (JSC::jsSubstring): Don't report extra cost for substrings, since they
-        share a buffer that's already reported extra cost.
-
-        * runtime/Tracing.d:
-        * runtime/Tracing.h: Changed these dtrace hooks not to report object
-        counts, since they're no longer cheap to compute.
-
-        * runtime/UString.h: Updated for renames.
-
-        * runtime/WeakGCMap.h: Added.
-        (JSC::WeakGCMap::isEmpty):
-        (JSC::WeakGCMap::uncheckedGet):
-        (JSC::WeakGCMap::uncheckedBegin):
-        (JSC::WeakGCMap::uncheckedEnd):
-        (JSC::::get):
-        (JSC::::take):
-        (JSC::::set):
-        (JSC::::uncheckedRemove): Mentioned above.
-
-        * wtf/StdLibExtras.h:
-        (WTF::bitCount): Added a bit population count function, so the heap can
-        count live objects to fulfill statistics questions.
-
-The very last cell in the block is not allocated -- should not be marked.
-
-2009-12-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Export some new symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-12-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Removed some old exports.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-12-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Use unsigned instead of uint32_t to avoid dependencies.
-
-        * wtf/StdLibExtras.h:
-        (WTF::bitCount):
-
-2009-12-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (speculative Windows build fix).
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-
-2009-12-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32496
-        Switch remaining cases of string construction to use StringBuilder.
-        Builds strings using a vector rather than using string append / addition.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::paramString):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::indent):
-        * runtime/JSString.h:
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lexString):
-        * runtime/NumberPrototype.cpp:
-        (JSC::integerPartNoExp):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-        (JSC::substituteBackreferences):
-        (JSC::stringProtoFuncConcat):
-
-2009-12-08  Jeremy Moskovich  <jeremy@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Add code to allow toggling ATSUI/Core Text rendering at runtime in ComplexTextController.
-        https://bugs.webkit.org/show_bug.cgi?id=31802
-
-        The goal here is to allow for a zero runtime hit for ports that decide to select
-        the API at compile time.
-        When both USE(ATSUI) and USE(CORE_TEXT) are true, the API is toggled
-        at runtime.  Core Text is used for OS Versions >= 10.6.
-
-        * wtf/Platform.h: #define USE_CORE_TEXT and USE_ATSUI on Chrome/Mac.
-
-2009-12-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Unify codegen for forward and backward variants of branches
-        https://bugs.webkit.org/show_bug.cgi?id=32463
-
-        * jit/JIT.h:
-        (JSC::JIT::emit_op_loop): Implemented in terms of forward variant.
-        (JSC::JIT::emit_op_loop_if_true): ditto
-        (JSC::JIT::emitSlow_op_loop_if_true): ditto
-        (JSC::JIT::emit_op_loop_if_false): ditto
-        (JSC::JIT::emitSlow_op_loop_if_false): ditto
-        (JSC::JIT::emit_op_loop_if_less): ditto
-        (JSC::JIT::emitSlow_op_loop_if_less): ditto
-        * jit/JITOpcodes.cpp:
-
-2009-12-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Allow WTFs concept of the main thread to differ from pthreads when necessary.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        (WTF::isMainThread):
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::initializeMainThreadPlatform):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2009-12-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32454
-        Refactor construction of simple strings to avoid string concatenation.
-
-        Building strings through concatenation has a memory and performance cost -
-        a memory cost since we must over-allocate the buffer to leave space to append
-        into, and performance in that the string may still require reallocation (and
-        thus copying during construction).  Instead move the full construction to
-        within a single function call (makeString), so that the arguments' lengths
-        can be calculated and an appropriate sized buffer allocated before copying
-        any characters.
-
-        ~No performance change (~2% progression on date tests).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::escapeQuotes):
-        (JSC::valueToSourceString):
-        (JSC::constantName):
-        (JSC::idName):
-        (JSC::CodeBlock::registerName):
-        (JSC::regexpToSourceString):
-        (JSC::regexpName):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::substitute):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        * runtime/DateConversion.cpp:
-        (JSC::formatDate):
-        (JSC::formatDateUTCVariant):
-        (JSC::formatTime):
-        (JSC::formatTimeUTC):
-        * runtime/DateConversion.h:
-        (JSC::):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToGMTString):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createUndefinedVariableError):
-        (JSC::createErrorMessage):
-        (JSC::createInvalidParamError):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::insertSemicolonIfNeeded):
-        (JSC::functionProtoFuncToString):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncToString):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        * runtime/UString.h:
-        (JSC::):
-        (JSC::makeString):
-
-2009-12-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32400
-        Switch remaining cases of string addition to use ropes.
-
-        Re-landing r51975 - added toPrimitiveString method,
-        performs toPrimitive then subsequent toString operations.
-
-        ~1% progression on Sunspidey.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSString.h:
-        (JSC::JSString::JSString):
-        (JSC::JSString::appendStringInConstruct):
-        * runtime/Operations.cpp:
-        (JSC::jsAddSlowCase):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        (JSC::jsAdd):
-
-2009-12-11  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added
-        $(WebKitOutputDir)/include/private to the include path.
-
-2009-12-11  Adam Roben  <aroben@apple.com>
-
-        Move QuartzCorePresent.h to include/private
-
-        This fixes other projects that use wtf/Platform.h
-
-        Rubber-stamped by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Let VS do its thang.
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Write
-        QuartzCorePresent.h to $(WebKitOutputDir)/include/private.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        Added $(WebKitOutputDir)/include/private to the include path.
-
-2009-12-11  Adam Roben  <aroben@apple.com>
-
-        Fix clean builds and everything rebuilding on every build
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Don't
-        write out QuartzCorePresent.h if it exists but is older than
-        QuartzCore.h. Also, create the directory we write QuartzCorePresent.h
-        into first.
-
-2009-12-11  Adam Roben  <aroben@apple.com>
-
-        Windows build fix for systems with spaces in their paths
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Quote some paths.
-
-2009-12-11  Chris Marrin  <cmarrin@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Add check for presence of QuartzCore headers
-        https://bugs.webkit.org/show_bug.cgi?id=31856
-        
-        The script now checks for the presence of QuartzCore.h. If present
-        it will turn on ACCELERATED_COMPOSITING and 3D_RENDERING to enable
-        HW compositing on Windows. The script writes QuartzCorePresent.h to
-        the build directory which has a define telling whether QuartzCore is 
-        present.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-        * wtf/Platform.h:
-
-2009-12-11  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Fix a problem that JSC::gregorianDateTimeToMS() returns a negative
-        value for a huge year value.
-        https://bugs.webkit.org/show_bug.cgi?id=32304
-
-        * wtf/DateMath.cpp:
-        (WTF::dateToDaysFrom1970): Renamed from dateToDayInYear, and changed the return type to double.
-        (WTF::calculateDSTOffset): Follow the dateToDaysFrom1970() change.
-        (WTF::timeClip): Use maxECMAScriptTime.
-        (JSC::gregorianDateTimeToMS): Follow the dateToDaysFrom1970() change.
-
-2009-12-10  Adam Barth  <abarth@webkit.org>
-
-        No review, rolling out r51975.
-        http://trac.webkit.org/changeset/51975
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSString.h:
-        (JSC::JSString::JSString):
-        (JSC::JSString::appendStringInConstruct):
-        * runtime/Operations.cpp:
-        (JSC::jsAddSlowCase):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        (JSC::jsAdd):
-
-2009-12-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Incorrect caching of prototype lookup with dictionary base
-        https://bugs.webkit.org/show_bug.cgi?id=32402
-
-        Make sure we don't add cached prototype lookup to the proto_list
-        lookup chain if the top level object is a dictionary.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-
-2009-12-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32400
-        Switch remaining cases of string addition to use ropes.
-
-        ~1% progression on Sunspidey.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSString.h:
-        (JSC::JSString::JSString):
-        (JSC::JSString::appendStringInConstruct):
-        * runtime/Operations.cpp:
-        (JSC::jsAddSlowCase):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        (JSC::jsAdd):
-
-2009-12-10  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove JSObject::getPropertyAttributes() and all usage of it.
-        https://bugs.webkit.org/show_bug.cgi?id=31933
-
-        getOwnPropertyDescriptor() should be used instead.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertyDescriptor):
-        * debugger/DebuggerActivation.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::propertyIsEnumerable):
-        * runtime/JSObject.h:
-        * runtime/JSVariableObject.cpp:
-        * runtime/JSVariableObject.h:
-
-2009-12-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt & Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32367
-        Add support for short Ropes (up to 3 entries) inline within JSString.
-        (rather than externally allocating an object to hold the rope).
-        Switch jsAdd of (JSString* + JSString*) to now make use of Ropes.
-
-        ~1% progression on Sunspidey.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::toBoolean):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::JSString::Rope::Fiber::deref):
-        (JSC::JSString::Rope::Fiber::ref):
-        (JSC::JSString::Rope::Fiber::refAndGetLength):
-        (JSC::JSString::Rope::append):
-        (JSC::JSString::JSString):
-        (JSC::JSString::~JSString):
-        (JSC::JSString::value):
-        (JSC::JSString::tryGetValue):
-        (JSC::JSString::length):
-        (JSC::JSString::canGetIndex):
-        (JSC::JSString::appendStringInConstruct):
-        (JSC::JSString::appendValueInConstructAndIncrementLength):
-        (JSC::JSString::isRope):
-        (JSC::JSString::string):
-        (JSC::JSString::ropeLength):
-        (JSC::JSString::getStringPropertySlot):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        (JSC::jsAdd):
-        (JSC::resolveBase):
-
-2009-12-09  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix three more things found by compiling with clang++.
-        
-        * runtime/Structure.h:
-        (JSC::StructureTransitionTable::reifySingleTransition):
-        Add the 'std' qualifier to the call to make_pair.
-
-        * wtf/DateMath.cpp:
-        (WTF::initializeDates):
-        Incrementing a bool is deprecated according to the C++ specification.
-        
-        * wtf/PtrAndFlags.h:
-        (WTF::PtrAndFlags::PtrAndFlags):
-        Name lookup should not be done in dependent bases, so explicitly qualify the call to set.
-
-2009-12-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Google reader gets stuck in the "Loading..." state and does not complete
-        https://bugs.webkit.org/show_bug.cgi?id=32256
-        <rdar://problem/7456388>
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_jless): Fix some backward branches.
-
-2009-12-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32228
-        Make destruction of ropes non-recursive to prevent stack exhaustion.
-        Also, pass a UString& into initializeFiber rather than a Ustring::Rep*,
-        since the Rep is not being ref counted this could result in usage of a
-        Rep with refcount zero (where the Rep comes from a temporary UString
-        returned from a function).
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::Rope::destructNonRecursive):
-        (JSC::JSString::Rope::~Rope):
-        * runtime/JSString.h:
-        (JSC::JSString::Rope::initializeFiber):
-        * runtime/Operations.h:
-        (JSC::concatenateStrings):
-
-2009-12-09  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31930
-
-        Update to r51457. ASSERTs changed to COMPILE_ASSERTs.
-        The speedup is 25%.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::VPtrSet::VPtrSet):
-
-2009-12-09  Steve Block  <steveblock@google.com>
-
-        Reviewed by Adam Barth.
-
-        Updates Android Makefiles with latest additions.
-        https://bugs.webkit.org/show_bug.cgi?id=32278
-
-        * Android.mk: Modified.
-        * Android.v8.wtf.mk: Modified.
-
-2009-12-09  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix a bug found while trying to compile JavaScriptCore with clang++.
-
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::PatternTerm::PatternTerm): Don't self assign here.  Use false instead.
-
-2009-12-09  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Attempt to fix the Windows build.
-        
-        * wtf/FastMalloc.h:
-
-2009-12-09  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix some things found while trying to compile JavaScriptCore with clang++.
-
-        * wtf/FastMalloc.h:
-        Add correct exception specifications for the allocation/deallocation operators.
-        
-        * wtf/Vector.h:
-        * wtf/VectorTraits.h:
-        Fix a bunch of struct/class mismatches.
-
-2009-12-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Adler.
-
-        move code generation portions of Nodes.cpp to bytecompiler directory
-        https://bugs.webkit.org/show_bug.cgi?id=32284
-
-        * bytecompiler/NodesCodegen.cpp: Copied from parser/Nodes.cpp. Removed parts that
-        are not about codegen.
-        * parser/Nodes.cpp: Removed everything that is about codegen.
-
-        Update build systems:
-        
-        * Android.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCoreSources.bkl:
-
-2009-12-08  Kevin Watters  <kevinwatters@gmail.com>
-
-        Reviewed by Kevin Ollivier.
-
-        [wx] Mac plugins support.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=32236
-
-        * wtf/Platform.h:
-
-2009-12-08  Dmitry Titov  <dimich@chromium.org>
-
-        Rubber-stamped by David Levin.
-
-        Revert and reopen "Add asserts to RefCounted to make sure ref/deref happens on the right thread."
-        It may have caused massive increase of reported leaks on the bots.
-        https://bugs.webkit.org/show_bug.cgi?id=31639
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::ref):
-        (WTF::RefCountedBase::hasOneRef):
-        (WTF::RefCountedBase::refCount):
-        (WTF::RefCountedBase::derefBase):
-        * wtf/ThreadVerifier.h: Removed.
-
-2009-12-08  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Reviewed by Darin Adler.
-
-        Make WebKit build correctly on FreeBSD, IA64, and Alpha.
-        Based on work by Petr Salinger <Petr.Salinger@seznam.cz>,
-        and Colin Watson <cjwatson@ubuntu.com>.
-
-        * wtf/Platform.h:
-
-2009-12-08  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Add asserts to RefCounted to make sure ref/deref happens on the right thread.
-        https://bugs.webkit.org/show_bug.cgi?id=31639
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure): Disable thread verification on this class since it uses addressOfCount().
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::ref): Add ASSERT.
-        (WTF::RefCountedBase::hasOneRef): Ditto.
-        (WTF::RefCountedBase::refCount): Ditto.
-        (WTF::RefCountedBase::derefBase): Ditto.
-        (WTF::RefCountedBase::disableThreadVerification): delegate to ThreadVerifier method.
-        * wtf/ThreadVerifier.h: Added.
-        (WTF::ThreadVerifier::ThreadVerifier): New Debug-only class to verify that ref/deref of RefCounted is done on the same thread.
-        (WTF::ThreadVerifier::activate): Activates checks. Called when ref count becomes above 2.
-        (WTF::ThreadVerifier::deactivate): Deactivates checks. Called when ref count drops below 2.
-        (WTF::ThreadVerifier::disableThreadVerification): used on objects that should not be checked (StringImpl etc)
-        (WTF::ThreadVerifier::verifyThread):
-        * GNUmakefile.am: Add ThreadVerifier.h to the build file.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-
-2009-12-08  Steve Block  <steveblock@google.com>
-
-        Reviewed by Adam Barth.
-
-        [Android] Adds Makefiles for Android port.
-        https://bugs.webkit.org/show_bug.cgi?id=31325
-
-        * Android.mk: Added.
-        * Android.v8.wtf.mk: Added.
-
-2009-12-07  Dmitry Titov  <dimich@chromium.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Remove ENABLE_SHARED_SCRIPT flags
-        https://bugs.webkit.org/show_bug.cgi?id=32245
-        This patch was obtained by "git revert" command and then un-reverting of ChangeLog files.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-12-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Windows build fixage part I).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-12-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32184
-        Handle out-of-memory conditions with JSC Ropes with a JS exception, rather than crashing.
-        Switch from using fastMalloc to tryFastMalloc, pass an ExecState to record the exception on.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::toString):
-        * API/JSValueRef.cpp:
-        (JSValueIsStrictEqual):
-        * JavaScriptCore.exp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitEqualityOp):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        (JSC::DebuggerCallFrame::calculatedFunctionName):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::willExecute):
-        (JSC::Profiler::didExecute):
-        (JSC::Profiler::createCallIdentifier):
-        (JSC::createCallIdentifierFromFunctionImp):
-        * profiler/Profiler.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::name):
-        (JSC::InternalFunction::displayName):
-        (JSC::InternalFunction::calculatedDisplayName):
-        * runtime/InternalFunction.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getString):
-        * runtime/JSCell.h:
-        (JSC::JSValue::getString):
-        * runtime/JSONObject.cpp:
-        (JSC::gap):
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::get):
-        * runtime/JSString.cpp:
-        (JSC::JSString::Rope::~Rope):
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::getPrimitiveNumber):
-        (JSC::JSString::toNumber):
-        (JSC::JSString::toString):
-        (JSC::JSString::toThisString):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::JSString::Rope::createOrNull):
-        (JSC::JSString::Rope::operator new):
-        (JSC::JSString::value):
-        (JSC::JSString::tryGetValue):
-        (JSC::JSString::getIndex):
-        (JSC::JSString::getStringPropertySlot):
-        (JSC::JSValue::toString):
-        * runtime/JSValue.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/Operations.cpp:
-        (JSC::JSValue::strictEqualSlowCase):
-        * runtime/Operations.h:
-        (JSC::JSValue::equalSlowCaseInline):
-        (JSC::JSValue::strictEqualSlowCaseInline):
-        (JSC::JSValue::strictEqual):
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAdd):
-        (JSC::concatenateStrings):
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::equalTo):
-        * runtime/PropertyDescriptor.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-
-2009-12-07  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Holger Freyther.
-
-        Turn on (SVG) Filters support, by default.
-        https://bugs.webkit.org/show_bug.cgi?id=32224
-
-        * Configurations/FeatureDefines.xcconfig: Enable FILTERS build flag.
-
-2009-12-07  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix. Be flexible about which version of ICU is used on Windows.
-
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Add optional xcopy commands to copy ICU 4.2.
-
-2009-12-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        op_loop_if_less JIT codegen is broken for 64-bit
-        https://bugs.webkit.org/show_bug.cgi?id=32221
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_false): Fix codegen in this version - test was backwards.
-
-2009-12-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Object.create fails if properties on the descriptor are getters
-        https://bugs.webkit.org/show_bug.cgi?id=32219
-
-        Correctly initialise the PropertySlots with the descriptor object.
-
-        * runtime/ObjectConstructor.cpp:
-        (JSC::toPropertyDescriptor):
-
-2009-12-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-
-        Actually tested 64-bit *and* 32-bit build this time.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_false):
-
-2009-12-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-
-        Really really fix 64-bit build for prior patch (actually tested this time).
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_false):
-        (JSC::JIT::emitSlow_op_loop_if_false):
-
-2009-12-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-
-        Really fix 64-bit build for prior patch.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_jless):
-
-2009-12-06  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-
-        Fix 64-bit build for prior patch.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_loop_if_less):
-
-2009-12-05  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        conway benchmark spends half it's time in op_less (jump fusion fails)
-        https://bugs.webkit.org/show_bug.cgi?id=32190
-
-        <1% speedup on SunSpider and V8
-        2x speedup on "conway" benchmark
-        
-        Two optimizations:
-        1) Improve codegen for logical operators &&, || and ! in a condition context
-        
-        When generating code for combinations of &&, || and !, in a
-        condition context (i.e. in an if statement or loop condition), we
-        used to produce a value, and then separately jump based on its
-        truthiness. Now we pass the false and true targets in, and let the
-        logical operators generate jumps directly. This helps in four
-        ways:
-
-        a) Individual clauses of a short-circuit logical operator can now
-        jump directly to the then or else clause of an if statement (or to
-        the top or exit of a loop) instead of jumping to a jump.
-        
-        b) It used to be that jump fusion with the condition of the first
-        clause of a logical operator was inhibited, because the register
-        was ref'd to be used later, in the actual condition jump; this no
-        longer happens since a jump straight to the final target is
-        generated directly.
-
-        c) It used to be that jump fusion with the condition of the second
-        clause of a logical operator was inhibited, because there was a
-        jump target right after the second clause and before the actual
-        condition jump. But now it's no longer necessary for the first
-        clause to jump there so jump fusion is not blocked.
-
-        d) We avoid generating excess mov statements in some cases.
-        
-        As a concrete example this source:
-        
-        if (!((x < q && y < q) || (t < q && z < q))) {
-            // ...
-        }
-        
-        Used to generate this bytecode:
-        
-        [  34] less              r1, r-15, r-19
-        [  38] jfalse            r1, 7(->45)
-        [  41] less              r1, r-16, r-19
-        [  45] jtrue             r1, 14(->59)
-        [  48] less              r1, r-17, r-19
-        [  52] jfalse            r1, 7(->59)
-        [  55] less              r1, r-18, r-19
-        [  59] jtrue             r1, 17(->76)
-        
-        And now generates this bytecode (also taking advantage of the second optimization below):
-        
-        [  34] jnless            r-15, r-19, 8(->42)
-        [  38] jless             r-16, r-19, 26(->64)
-        [  42] jnless            r-17, r-19, 8(->50)
-        [  46] jless             r-18, r-19, 18(->64)
-        
-        Note the jump fusion and the fact that there's less jump
-        indirection - three of the four jumps go straight to the target
-        clause instead of indirecting through another jump.
-        
-        2) Implement jless opcode to take advantage of the above, since we'll now often generate
-        a less followed by a jtrue where fusion is not forbidden.
-       
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::hasConditionContextCodegen): Helper function to determine
-        whether a node supports special conditional codegen. Return false as this is the default.
-        (JSC::ExpressionNode::emitBytecodeInConditionContext): Assert not reached - only really
-        defined for nodes that do have conditional codegen.
-        (JSC::UnaryOpNode::expr): Add const version.
-        (JSC::LogicalNotNode::hasConditionContextCodegen): Returne true only if subexpression
-        supports it.
-        (JSC::LogicalOpNode::hasConditionContextCodegen): Return true.
-        * parser/Nodes.cpp:
-        (JSC::LogicalNotNode::emitBytecodeInConditionContext): Implemented - just swap
-        the true and false targets for the child node.
-        (JSC::LogicalOpNode::emitBytecodeInConditionContext): Implemented - handle jumps
-        directly, improving codegen quality. Also handles further nested conditional codegen.
-        (JSC::ConditionalNode::emitBytecode): Use condition context codegen when available.
-        (JSC::IfNode::emitBytecode): ditto
-        (JSC::IfElseNode::emitBytecode): ditto
-        (JSC::DoWhileNode::emitBytecode): ditto
-        (JSC::WhileNode::emitBytecode): ditto
-        (JSC::ForNode::emitBytecode): ditto
-
-        * bytecode/Opcode.h: 
-        - Added loop_if_false opcode - needed now that falsey jumps can be backwards.
-        - Added jless opcode to take advantage of new fusion opportunities.
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Handle above.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfTrue): Add peephole for less + jtrue ==> jless.
-        (JSC::BytecodeGenerator::emitJumpIfFalse): Add handling of backwrds falsey jumps.
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNodeInConditionContext): Wrapper to handle tracking of
-        overly deep expressions etc.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Implement the two new opcodes (loop_if_false, jless).
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass): Implement JIT support for the two new opcodes.
-        (JSC::JIT::privateCompileSlowCases): ditto
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jless):
-        (JSC::JIT::emitSlow_op_jless): ditto
-        (JSC::JIT::emitBinaryDoubleOp): ditto
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_loop_if_less): ditto
-        (JSC::JIT::emit_op_loop_if_false): ditto
-        (JSC::JIT::emitSlow_op_loop_if_false): ditto
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        (JSC::):
-
-2009-12-04  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        JavaScript delete operator should return false for string properties
-        https://bugs.webkit.org/show_bug.cgi?id=32012
-
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::deleteProperty):
-
-2009-12-03  Drew Wilson  <atwilson@chromium.org>
-
-        Rolled back r51633 because it causes a perf regression in Chromium.
-
-        * wtf/Platform.h:
-
-2009-12-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Try and fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:  Export a symbol that should be exported.
-
-2009-12-03  Mark Rowe  <mrowe@apple.com>
-
-        Try and fix the Mac build.
-
-        * JavaScriptCore.exp:  Export a symbol that should be exported.
-
-2009-12-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION(4.0.3-48777): Crash in JSC::ExecState::propertyNames() (Debug-only?)
-        https://bugs.webkit.org/show_bug.cgi?id=32133
-
-        Work around odd GCC-ism and correct the scopechain for use by
-        calls made while a cachedcall is active on the callstack.
-
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::newCallFrame):
-        * runtime/JSArray.cpp:
-        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2009-12-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver "Brraaaaiiiinnnnnzzzzzzzz" Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=32136
-        Add a rope representation to JSString.  Presently JSString always holds its data in UString form.
-        Instead, allow the result of a string concatenation to be represented in a tree form - with a
-        variable sized, reference-counted rope node retaining a set of UString::Reps (or other rope nopes).
-
-        Strings must still currently be resolved down to a flat UString representation before being used,
-        but by holding the string in a rope representation during construction we can avoid copying data
-        until we know the final size of the string.
-
-        ~2% progression on SunSpider (~25% on date-format-xparb, ~20% on string-validate-input).
-
-        * JavaScriptCore.exp:
-
-            - Update exports.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-            - Make use of new JSString::length() method to avoid prematurely resolving ropes.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-
-            - Switch the string length trampoline to read the length directly from JSString::m_length,
-              rather than from the JSString's UString::Rep's 'len' property.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-            - Modify op_add such that addition of two strings, where either or both strings are already
-              in rope representation, produces a rope as a result.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::Rope::~Rope):
-        (JSC::copyChars):
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::getPrimitiveNumber):
-        (JSC::JSString::toBoolean):
-        (JSC::JSString::toNumber):
-        (JSC::JSString::toString):
-        (JSC::JSString::toThisString):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::JSString::Rope::Fiber::Fiber):
-        (JSC::JSString::Rope::Fiber::destroy):
-        (JSC::JSString::Rope::Fiber::isRope):
-        (JSC::JSString::Rope::Fiber::rope):
-        (JSC::JSString::Rope::Fiber::string):
-        (JSC::JSString::Rope::create):
-        (JSC::JSString::Rope::initializeFiber):
-        (JSC::JSString::Rope::ropeLength):
-        (JSC::JSString::Rope::stringLength):
-        (JSC::JSString::Rope::fibers):
-        (JSC::JSString::Rope::Rope):
-        (JSC::JSString::Rope::operator new):
-        (JSC::JSString::JSString):
-        (JSC::JSString::value):
-        (JSC::JSString::length):
-        (JSC::JSString::isRope):
-        (JSC::JSString::rope):
-        (JSC::JSString::string):
-        (JSC::JSString::canGetIndex):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::JSString::getIndex):
-        (JSC::jsSubstring):
-        (JSC::JSString::getStringPropertySlot):
-
-            - Add rope form.
-
-        * runtime/Operations.h:
-        (JSC::jsAdd):
-        (JSC::concatenateStrings):
-
-            - Update string concatenation, and addition of ropes, to produce ropes.
-
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertyNames):
-
-            - Make use of new JSString::length() method to avoid prematurely resolving ropes.
-
-2009-11-23  Jeremy Moskovich  <jeremy@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Switch Chrome/Mac to use Core Text APIs rather than ATSUI APIs.
-        https://bugs.webkit.org/show_bug.cgi?id=31802
-
-        No test since this is already covered by existing pixel tests.
-
-        * wtf/Platform.h: #define USE_CORE_TEXT for Chrome/Mac.
-
-2009-12-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add files missed in prior patch.
-
-        * runtime/JSZombie.cpp:
-        (JSC::):
-        (JSC::JSZombie::leakedZombieStructure):
-        * runtime/JSZombie.h: Added.
-        (JSC::JSZombie::JSZombie):
-        (JSC::JSZombie::isZombie):
-        (JSC::JSZombie::classInfo):
-        (JSC::JSZombie::isGetterSetter):
-        (JSC::JSZombie::isAPIValueWrapper):
-        (JSC::JSZombie::isPropertyNameIterator):
-        (JSC::JSZombie::getCallData):
-        (JSC::JSZombie::getConstructData):
-        (JSC::JSZombie::getUInt32):
-        (JSC::JSZombie::toPrimitive):
-        (JSC::JSZombie::getPrimitiveNumber):
-        (JSC::JSZombie::toBoolean):
-        (JSC::JSZombie::toNumber):
-        (JSC::JSZombie::toString):
-        (JSC::JSZombie::toObject):
-        (JSC::JSZombie::markChildren):
-        (JSC::JSZombie::put):
-        (JSC::JSZombie::deleteProperty):
-        (JSC::JSZombie::toThisObject):
-        (JSC::JSZombie::toThisString):
-        (JSC::JSZombie::toThisJSString):
-        (JSC::JSZombie::getJSNumber):
-        (JSC::JSZombie::getOwnPropertySlot):
-
-2009-12-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add zombies to JSC
-        https://bugs.webkit.org/show_bug.cgi?id=32103
-
-        Add a compile time flag to make the JSC collector replace "unreachable"
-        objects with zombie objects.  The zombie object is a JSCell subclass that
-        ASSERTs on any attempt to use the JSCell methods.  In addition there are
-        a number of additional assertions in bottleneck code to catch zombie usage
-        as quickly as possible.
-
-        Grrr. Argh. Brains.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/Register.h:
-        (JSC::Register::Register):
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::append):
-        (JSC::ArgList::ArgList):
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::sweep):
-        * runtime/Collector.h:
-        * runtime/JSCell.h:
-        (JSC::JSCell::isZombie):
-        (JSC::JSValue::isZombie):
-        * runtime/JSValue.h:
-        (JSC::JSValue::decode):
-        (JSC::JSValue::JSValue):
-        * wtf/Platform.h:
-
-2009-12-01  Jens Alfke  <snej@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Added variants of find/contains/add that allow a foreign key type to be used.
-        This will allow AtomicString-keyed maps to be queried by C string without
-        having to create a temporary AtomicString (see HTTPHeaderMap.)
-        The code for this is adapted from the equivalent in HashSet.h.
-
-        * wtf/HashMap.h:
-        (WTF::HashMap::find):
-        (WTF::HashMap::contains):
-        (WTF::HashMap::add):
-        * wtf/HashSet.h: Changed "method" to "function member" in a comment.
-
-2009-12-01  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Revert 51551 because it broke GTK+.
-
-        * wtf/Platform.h:
-
-2009-11-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows Build fix.  Reviewed by NOBODY.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-11-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 31859 - Make world selection for JSC IsolatedWorlds automagical.
-
-        WebCore presently has to explicitly specify the world before entering into JSC,
-        which is a little fragile (particularly since property access via a
-        getter/setter might invoke execution). Instead derive the current world from
-        the lexical global object.
-        
-        Remove the temporary duct tape of willExecute/didExecute virtual hooks on the JSGlobalData::ClientData - these are no longer necessary.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        * API/JSObjectRef.cpp:
-        (JSObjectCallAsFunction):
-        * JavaScriptCore.exp:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalData.h:
-
-2009-11-30  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Remove obsolete PLATFORM(KDE) code
-        https://bugs.webkit.org/show_bug.cgi?id=31958
-
-        KDE is now using unpatched QtWebKit.
-
-        * parser/Lexer.cpp: Remove obsolete KDE_USE_FINAL guard
-        * wtf/Platform.h: Remove PLATFORM(KDE) definition and code 
-        section that is guarded with it.
-
-2009-11-30  Jan-Arve Sæther  <jan-arve.saether@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Fix compilation with win32-icc
-
-        The Intel compiler does not support the __has_trivial_constructor type
-        trait.  The Intel Compiler can report itself as _MSC_VER >= 1400. The
-        reason for that is that the Intel Compiler depends on the Microsoft
-        Platform SDK, and in order to try to be "fully" MS compatible it will
-        "pretend" to be the same MS compiler as was shipped with the MS PSDK.
-        (Thus, compiling with win32-icc with VC8 SDK will make the source code
-        "think" the compiler at hand supports this type trait).
-
-        * wtf/TypeTraits.h:
-
-2009-11-29  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] Mac build has JIT disabled
-        https://bugs.webkit.org/show_bug.cgi?id=31828
-
-        * wtf/Platform.h: Enable JIT for Qt Mac builds
-
-2009-11-28  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        Apply workaround for the limitation of VirtualFree with MEM_RELEASE to all ports running on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=31943
-
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
-
-2009-11-28  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31930
-
-        Seems a typo. We don't need ~270k memory to determine the vptrs.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::VPtrSet::VPtrSet):
-
-2009-11-27  Shinichiro Hamaji  <hamaji@chromium.org>
-
-        Unreviewed. 
-
-        Move GOwnPtr* from wtf to wtf/gtk
-        https://bugs.webkit.org/show_bug.cgi?id=31793
-
-        Build fix for chromium after r51423.
-        Exclude gtk directory from chromium build.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2009-11-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Incorrect behaviour of jneq_null in the interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=31901
-
-        Correct the logic of jneq_null.  This is already covered by existing tests.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-11-26  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Oliver Hunt.
-
-        Move GOwnPtr* from wtf to wtf/gtk
-        https://bugs.webkit.org/show_bug.cgi?id=31793
-
-        * GNUmakefile.am: Change the path for GOwnPtr.*.
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: Remove
-          GOwnPtr.cpp from the exclude list.
-        * JavaScriptCore.gypi: Change the path for GOwnPtr.*.
-        * wscript: Remove GOwnPtr.cpp from the exclude list.
-        * wtf/GOwnPtr.cpp: Removed.
-        * wtf/GOwnPtr.h: Removed.
-        * wtf/Threading.h: Change the path for GOwnPtr.h.
-        * wtf/gtk/GOwnPtr.cpp: Copied from JavaScriptCore/wtf/GOwnPtr.cpp.
-        * wtf/gtk/GOwnPtr.h: Copied from JavaScriptCore/wtf/GOwnPtr.h.
-        * wtf/unicode/glib/UnicodeGLib.h: Change the path for GOwnPtr.h.
-
-2009-11-24  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Add ENABLE_SHARED_SCRIPT feature define and flag for build-webkit
-        https://bugs.webkit.org/show_bug.cgi?id=31444
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-11-24  Chris Marrin  <cmarrin@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Add ability to enable ACCELERATED_COMPOSITING on Windows (currently disabled)
-        https://bugs.webkit.org/show_bug.cgi?id=27314
-
-        * wtf/Platform.h:
-
-2009-11-24  Jason Smith  <dark.panda@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        RegExp#exec's returned Array-like object behaves differently from
-        regular Arrays
-        https://bugs.webkit.org/show_bug.cgi?id=31689
-
-        * JavaScriptCore/runtime/RegExpConstructor.cpp: ensure that undefined
-        values are added to the returned RegExpMatchesArray
-
-2009-11-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        JSON.stringify performance on undefined is very poor
-        https://bugs.webkit.org/show_bug.cgi?id=31839
-
-        Switch from a UString to a Vector<UChar> when building
-        the JSON string, allowing us to safely remove the substr-copy
-        we otherwise did when unwinding an undefined property.
-
-        Also turns out to be a ~5% speedup on stringification.
-
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::StringBuilder::append):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::Holder::appendNextProperty):
-
-2009-11-24  Mark Rowe  <mrowe@apple.com>
-
-        Fix production builds where the source tree may be read-only.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-11-23  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Include "config.h" to meet Coding Style Guidelines
-        https://bugs.webkit.org/show_bug.cgi?id=31792
-
-        * wtf/unicode/UTF8.cpp:
-        * wtf/unicode/glib/UnicodeGLib.cpp:
-        * wtf/unicode/wince/UnicodeWince.cpp:
-
-2009-11-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Streamlined some Math functions where we expect or know the result not
-        to be representable as an int.
-        
-        SunSpider says 0.6% faster.
-
-        * runtime/JSNumberCell.h:
-        (JSC::JSValue::JSValue):
-        * runtime/JSValue.h:
-        (JSC::JSValue::):
-        (JSC::jsDoubleNumber):
-        (JSC::JSValue::JSValue): Added a function for making a numeric JSValue
-        and skipping the "can I encode this as an int?" check, avoiding the
-        overhead of int <-> double roundtripping and double <-> double comparison
-        and branching.
-
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncRandom):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan): For these functions, which we expect or know
-        to produce results not representable as ints, call jsDoubleNumber instead
-        of jsNumber.
-
-2009-11-23  Mark Rowe  <mrowe@apple.com>
-
-        Unreviewed. Unbreak the regression tests after r51329.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript): Null-check clientData before dereferencing it.
-        * API/JSObjectRef.cpp:
-        (JSObjectCallAsFunction): Ditto.
-
-2009-11-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Part 1/3 of <rdar://problem/7377477> REGRESSION: Many web pages fail to render after interesting script runs in isolated world
-
-        Some clients of the JavaScriptCore API expect to be able to make callbacks over the JSC API,
-        and for this to automagically cause execution to take place in the world associated with the
-        global object associated with the ExecState (JSContextRef) passed.  However this is not how
-        things work - the world must be explicitly set within WebCore.
-
-        Making this work just for API calls to evaluate & call will be a far from perfect solution,
-        since direct (non-API) use of JSC still relies on WebCore setting the current world correctly.
-        A better solution would be to make this all work automagically all throughout WebCore, but this
-        will require more refactoring.
-
-        Since the API is in JSC but worlds only exist in WebCore, add callbacks on the JSGlobalData::ClientData
-        to allow it to update the current world on entry/exit via the JSC API.  This is temporary duck
-        tape, and should be removed once the current world no longer needs to be explicitly tracked.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        * API/JSObjectRef.cpp:
-        (JSObjectCallAsFunction):
-        * JavaScriptCore.exp:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::ClientData::beginningExecution):
-        (JSC::JSGlobalData::ClientData::completedExecution):
-        * runtime/JSGlobalData.h:
-
-2009-11-23  Steve Block  <steveblock@google.com>
-
-        Reviewed by Dmitry Titov.
-
-        Adds MainThreadAndroid.cpp with Android-specific WTF threading functions.
-        https://bugs.webkit.org/show_bug.cgi?id=31807
-
-        * wtf/android: Added.
-        * wtf/android/MainThreadAndroid.cpp: Added.
-        (WTF::timeoutFired):
-        (WTF::initializeMainThreadPlatform):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2009-11-23  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Brady Eidson.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31748
-        Make WebSocketHandleCFNet respect proxy auto-configuration files via CFProxySupport
-
-        * JavaScriptCore.exp: Export callOnMainThreadAndWait.
-
-2009-11-23  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Symbian] Fix lastIndexOf() for Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=31773
-
-        Symbian soft floating point library has problems with operators
-        comparing NaN to numbers. Without a workaround lastIndexOf() 
-        function does not work.
-
-        Patch developed by David Leong.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncLastIndexOf):Add an extra test 
-        to check for NaN for Symbian.
-
-2009-11-23  Steve Block  <steveblock@google.com>
-
-        Reviewed by Eric Seidel.
-
-        Android port lacks implementation of atomicIncrement and atomicDecrement.
-        https://bugs.webkit.org/show_bug.cgi?id=31715
-
-        * wtf/Threading.h: Modified.
-        (WTF::atomicIncrement): Added Android implementation.
-        (WTF::atomicDecrement): Added Android implementation.
-
-2009-11-22  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed.
-
-        [Qt] Sort source lists and remove obsolete comments 
-        from the build system.
-
-        * JavaScriptCore.pri:
-
-2009-11-21  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt][Mac] Turn on multiple JavaScript threads for QtWebkit on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=31753
-
-        * wtf/Platform.h:
-
-2009-11-19  Steve Block  <steveblock@google.com>
-
-        Android port lacks configuration in Platform.h and config.h.
-        https://bugs.webkit.org/show_bug.cgi?id=31671
-
-        * wtf/Platform.h: Modified. Added Android-specific configuration.
-
-2009-11-19  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31690
-        Make SocketStreamHandleCFNet work on Windows
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/MainThread.cpp:
-        (WTF::FunctionWithContext::FunctionWithContext):
-        (WTF::dispatchFunctionsFromMainThread):
-        (WTF::callOnMainThreadAndWait):
-        * wtf/MainThread.h:
-        Re-add callOnMainThreadAndWait(), which was removed in bug 23926.
-
-2009-11-19  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by David Levin.
-
-        isMainThread() on Chromium (Mac and Linux) is so slow it timeouts LayoutTests..
-        https://bugs.webkit.org/show_bug.cgi?id=31693
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading): grab and use the pthread_t of the main thread instead of ThreadIdentifier.
-        (WTF::isMainThread): Ditto.
-
-2009-11-19  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Remove HAVE(STRING_H) guard from JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=31668
-
-        * config.h:
-        * runtime/UString.cpp:
-
-2009-11-19  Dumitru Daniliuc  <dumi@chromium.org>
-
-        Reviewed by Dmitry Titov.
-
-        Fixing a bug in MessageQueue::removeIf() that leads to an
-        assertion failure.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31657
-
-        * wtf/MessageQueue.h:
-        (WTF::MessageQueue::removeIf):
-
-2009-11-19  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Remove HAVE(FLOAT_H) guard
-        https://bugs.webkit.org/show_bug.cgi?id=31661
-
-        JavaScriptCore has a dependency on float.h, there is
-        no need to guard float.h.
-
-        * runtime/DatePrototype.cpp: Remove include directive 
-        for float.h as it is included in MathExtras.h already.
-        * runtime/Operations.cpp: Ditto.
-        * runtime/UString.cpp: Ditto.
-        * wtf/dtoa.cpp: Ditto.
-        * wtf/MathExtras.h: Remove HAVE(FLOAT_H) guard.
-        * wtf/Platform.h: Ditto.
-
-2009-11-19  Thiago Macieira <thiago.macieira@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Build fix for 32-bit Sparc machines: these machines are big-endian.
-
-        * wtf/Platform.h:
-
-2009-11-18  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Remove support for Qt v4.3 or older versions
-        https://bugs.webkit.org/show_bug.cgi?id=29469
-
-        * JavaScriptCore.pro:
-        * jsc.pro:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2009-11-18  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Move UString::from(double) implementation to new
-        WTF::doubleToStringInJavaScriptFormat(), and expose it because WebCore
-        code will use it.
-        https://bugs.webkit.org/show_bug.cgi?id=31330
-
-        - Introduce new function createRep(const char*, unsigned) and
-          UString::UString(const char*, unsigned) to reduce 2 calls to strlen().
-        - Fix a bug that dtoa() doesn't update *rve if the input value is NaN
-          or Infinity.
-
-        No new tests because this doesn't change the behavior.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/UString.cpp:
-        (JSC::createRep):
-        (JSC::UString::UString):
-        (JSC::UString::from): Move the code to doubleToStringInJavaScriptFormat().
-        * runtime/UString.h:
-        * wtf/dtoa.cpp:
-        (WTF::dtoa): Fix a bug about rve.
-        (WTF::append): A helper for doubleToStringInJavaScriptFormat().
-        (WTF::doubleToStringInJavaScriptFormat): Move the code from UString::from(double).
-        * wtf/dtoa.h:
-
-2009-11-18  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Remove WTF_USE_JAVASCRIPTCORE_BINDINGS as it is no longer used
-        https://bugs.webkit.org/show_bug.cgi?id=31643
-
-        * JavaScriptCore.pro:
-
-2009-11-18  Nate Chapin  <japhet@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        Remove Chromium's unnecessary dependency on wtf's tcmalloc files.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31648
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2009-11-18  Thiago Macieira <thiago.macieira@nokia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [Qt] Implement symbol hiding for JSC's JIT functions.
-
-        These functions are implemented directly in assembly, so they need the
-        proper directives to enable/disable visibility. On ELF systems, it's
-        .hidden, whereas on Mach-O systems (Mac) it's .private_extern. On
-        Windows, it's not necessary since you have to explicitly export. I
-        also implemented the AIX idiom, though it's unlikely anyone will
-        implement AIX/POWER JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=30864
-
-        * jit/JITStubs.cpp:
-
-2009-11-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Interpreter may do an out of range access when throwing an exception in the profiler.
-        https://bugs.webkit.org/show_bug.cgi?id=31635
-
-        Add bounds check.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-
-2009-11-18  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Fix the clobber list of cacheFlush for ARM and Thumb2 on Linux
-        https://bugs.webkit.org/show_bug.cgi?id=31631
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2009-11-18  Harald Fernengel  <harald.fernengel@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Fix detection of linux-g++
-
-        Never use "linux-g++*" to check for linux-g++, since this will break embedded
-        builds which use linux-arm-g++ and friends. Use 'linux*-g++*' to check for any
-        g++ on linux mkspec.
-
-        * JavaScriptCore.pri:
-
-2009-11-17  Jon Honeycutt  <jhoneycutt@apple.com>
-
-        Add JSContextRefPrivate.h to list of copied files.
-
-        Reviewed by Mark Rowe.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2009-11-17  Martin Robinson  <martin.james.robinson@gmail.com>
-
-        Reviewed by Adam Barth.
-
-        [GTK] Style cleanup for GOwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=31506
-
-        Remove forward declaration in GOwnPtr and do some style cleanup.
-
-        * wtf/GOwnPtr.cpp:
-        * wtf/GOwnPtr.h:
-        (WTF::GOwnPtr::GOwnPtr):
-        (WTF::GOwnPtr::~GOwnPtr):
-        (WTF::GOwnPtr::get):
-        (WTF::GOwnPtr::release):
-        (WTF::GOwnPtr::outPtr):
-        (WTF::GOwnPtr::set):
-        (WTF::GOwnPtr::clear):
-        (WTF::GOwnPtr::operator*):
-        (WTF::GOwnPtr::operator->):
-        (WTF::GOwnPtr::operator!):
-        (WTF::GOwnPtr::operator UnspecifiedBoolType):
-        (WTF::GOwnPtr::swap):
-        (WTF::swap):
-        (WTF::operator==):
-        (WTF::operator!=):
-        (WTF::getPtr):
-        (WTF::freeOwnedGPtr):
-
-2009-11-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Incorrect use of JavaScriptCore API in DumpRenderTree
-        https://bugs.webkit.org/show_bug.cgi?id=31577
-
-        Add assertions to the 'toJS' functions to catch mistakes like
-        this early.  Restructure existing code which blindly passed potentially
-        null values to toJS when forwarding exceptions so that a null check is
-        performed first.
-
-        * API/APICast.h:
-        (toJS):
-        (toJSForGC):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::construct):
-        (JSC::::hasInstance):
-        (JSC::::call):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        (JSC::::staticValueGetter):
-        (JSC::::callbackGetter):
-        * API/tests/testapi.c: Fix errors in the API tester.
-        (MyObject_getProperty):
-        (MyObject_convertToType):
-        (EvilExceptionObject_convertToType):
-
-2009-11-16  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31050
-
-        Minor fixes for JSVALUE32_64: branchConvertDoubleToInt32
-        failed on a CortexA8 CPU, but not on a simulator; and
-        JITCall.cpp modifications was somehow not committed to mainline.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::fmrs_r):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-
-2009-11-16  Joerg Bornemann  <joerg.bornemann@trolltech.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix Qt build on Windows CE 6.
-
-        * JavaScriptCore.pri: Add missing include path.
-        * wtf/Platform.h: Include ce_time.h for Windows CE 6.
-
-2009-11-13  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31050
-
-        Adding optimization support for mode JSVALUE32_64
-        on ARM systems.
-
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emit_op_put_by_id):
-
-2009-11-14  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31050
-
-        Adding JSVALUE32_64 support for ARM (but not turning it
-        on by default). All optimizations must be disabled, since
-        this patch is only the first of a series of patches.
-
-        During the work, a lot of x86 specific code revealed and
-        made platform independent.
-        See revisions: 50531 50541 50593 50594 50595
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::fdivd_r):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::lshift32):
-        (JSC::MacroAssemblerARM::neg32):
-        (JSC::MacroAssemblerARM::rshift32):
-        (JSC::MacroAssemblerARM::branchOr32):
-        (JSC::MacroAssemblerARM::set8):
-        (JSC::MacroAssemblerARM::setTest8):
-        (JSC::MacroAssemblerARM::loadDouble):
-        (JSC::MacroAssemblerARM::divDouble):
-        (JSC::MacroAssemblerARM::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM::zeroDouble):
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        * wtf/StdLibExtras.h:
-
-2009-11-13  Dominik Röttsches  <dominik.roettsches@access-company.com>
-
-        Reviewed by Eric Seidel.
-
-        Unify TextBoundaries implementations by only relying on WTF Unicode abstractions
-        https://bugs.webkit.org/show_bug.cgi?id=31468
-
-        Adding isAlphanumeric abstraction, required
-        by TextBoundaries.cpp.
-
-        * wtf/unicode/glib/UnicodeGLib.h:
-        (WTF::Unicode::isAlphanumeric):
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::isAlphanumeric):
-
-2009-11-13  Norbert Leser  <norbert.leser&nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        Added macros for USERINCLUDE paths within symbian blocks
-        to guarantee inclusion of respective header files from local path
-        first (to avoid clashes with same names of header files in system include path).
-
-        * JavaScriptCore.pri:
-
-2009-11-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        JSValueProtect and JSValueUnprotect don't protect API wrapper values
-        https://bugs.webkit.org/show_bug.cgi?id=31485
-
-        Make JSValueProtect/Unprotect use a new 'toJS' function, 'toJSForGC' that
-        does not attempt to to strip out API wrapper objects.
-
-        * API/APICast.h:
-        (toJSForGC):
-        * API/JSValueRef.cpp:
-        (JSValueProtect):
-        (JSValueUnprotect):
-        * API/tests/testapi.c:
-        (makeGlobalNumberValue):
-        (main):
-
-2009-11-13  İsmail Dönmez  <ismail@namtrac.org>
-
-        Reviewed by Antti Koivisto.
-
-        Fix typo, ce_time.cpp should be ce_time.c
-
-        * JavaScriptCore.pri:
-
-2009-11-12  Steve VanDeBogart  <vandebo@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Calculate the time offset only if we were able to parse
-        the date string. This saves an IPC in Chromium for
-        invalid date strings.
-        https://bugs.webkit.org/show_bug.cgi?id=31416
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-        (JSC::parseDateFromNullTerminatedCharacters):
-
-2009-11-12  Oliver Hunt  <oliver@apple.com>
-
-        Rollout r50896 until i can work out why it causes failures.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitReturn):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * parser/Nodes.cpp:
-        (JSC::EvalNode::emitBytecode):
-
-2009-11-12  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Stephanie Lewis.
-
-        Remove LIBRARY directive from def file to fix Debug_All target.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-11-12  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Rubber-stamped by Holger Freyther.
-
-        Revert r50204, since it makes DRT crash on 32 bits release builds
-        for GTK+.
-
-        * wtf/FastMalloc.h:
-
-2009-11-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Start unifying entry logic for function and eval code.
-
-        Eval now uses a ret instruction to end execution, and sets up
-        a callframe more in line with what we do for function entry.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitReturn):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * parser/Nodes.cpp:
-        (JSC::EvalNode::emitBytecode):
-
-2009-11-12  Richard Moe Gustavsen  <richard.gustavsen@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Disable pthread_setname_np.
-
-        This allows Qt builds on Mac from 10.6 to run on earlier version
-        where this symbol is not present.
-        https://bugs.webkit.org/show_bug.cgi?id=31403
-
-        * wtf/Platform.h:
-
-2009-11-12  Thiago Macieira <thiago.macieira@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Fix linking on Linux 32-bit.
-
-        It was missing the ".text" directive at the top of the file,
-        indicating that code would follow. Without it, the assembler created
-        "NOTYPE" symbols, which would result in linker errors.
-        https://bugs.webkit.org/show_bug.cgi?id=30863
-
-        * jit/JITStubs.cpp:
-
-2009-11-11  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Refactor multiple JavaScriptCore threads
-        https://bugs.webkit.org/show_bug.cgi?id=31328
-
-        Remove the id field from the PlatformThread structure 
-        as it is not used.
-
-        * runtime/Collector.cpp:
-        (JSC::getCurrentPlatformThread):
-        (JSC::suspendThread):
-        (JSC::resumeThread):
-        (JSC::getPlatformThreadRegisters):
-
-2009-11-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Linux build fix: Added an #include for UINT_MAX.
-
-        * runtime/WeakRandom.h:
-
-2009-11-10  Geoffrey Garen  <ggaren@apple.com>
-
-        JavaScriptGlue build fix: Marked a file 'private' instead of 'project'.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-11-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin "avGni arBalroguch" Barraclough.
-
-        Faster Math.random, based on GameRand.
-        
-        SunSpider says 1.4% faster.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added the header to the project.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h: Use an object to track random number generation
-        state, initialized to the current time.
-
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        (JSC::mathProtoFuncRandom): Use the new hotness.
-
-        * runtime/WeakRandom.h: Added.
-        (JSC::WeakRandom::WeakRandom):
-        (JSC::WeakRandom::get):
-        (JSC::WeakRandom::advance): The new hotness.
-
-2009-11-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Imported the v8 DST cache.
-        
-        SunSpider says 1.5% faster.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::resetDateCache): Reset the DST cache when resetting
-        other date data.
-
-        * runtime/JSGlobalData.h:
-        (JSC::DSTOffsetCache::DSTOffsetCache):
-        (JSC::DSTOffsetCache::reset): Added a struct for the DST cache.
-
-        * wtf/DateMath.cpp:
-        (WTF::calculateDSTOffsetSimple):
-        (WTF::calculateDSTOffset):
-        (WTF::parseDateFromNullTerminatedCharacters):
-        (JSC::getDSTOffset):
-        (JSC::gregorianDateTimeToMS):
-        (JSC::msToGregorianDateTime):
-        (JSC::parseDateFromNullTerminatedCharacters):
-        * wtf/DateMath.h: The imported code for probing and updating the cache.
-
-2009-11-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed an edge case that could cause the engine not to notice a timezone
-        change.
-        
-        No test because this case would require manual intervention to change
-        the timezone during the test.
-        
-        SunSpider reports no change.
-
-        * runtime/DateInstanceCache.h:
-        (JSC::DateInstanceCache::DateInstanceCache):
-        (JSC::DateInstanceCache::reset): Added a helper function for resetting
-        this cache. Also, shrank the cache, since we'll be resetting it often.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::resetDateCache): Include resetting the DateInstanceCache
-        in resetting Date data. (Otherwise, a cache hit could bypass a necessary
-        timezone update check.)
-
-2009-11-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Some manual inlining and constant propogation in Date code.
-        
-        SunSpider reports a 0.4% speedup on date-*, no overall speedup. Shark
-        says some previously evident stalls are now gone.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        * runtime/DateConversion.cpp:
-        (JSC::formatTime):
-        (JSC::formatTimeUTC): Split formatTime into UTC and non-UTC variants.
-
-        * runtime/DateConversion.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::calculateGregorianDateTime):
-        (JSC::DateInstance::calculateGregorianDateTimeUTC):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::gregorianDateTime):
-        (JSC::DateInstance::gregorianDateTimeUTC): Split gregorianDateTime into
-        a UTC and non-UTC variant, and split each variant into a fast inline
-        case and a slow out-of-line case.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear): Updated for the gregorianDateTime change above.
-
-2009-11-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: export a new symbol.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-11-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam "Home Wrecker" Weinig.
-
-        Added a tiny cache for Date parsing.
-        
-        SunSpider says 1.2% faster.
-
-        * runtime/DateConversion.cpp:
-        (JSC::parseDate): Try to reuse the last parsed Date, if present.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::resetDateCache):
-        * runtime/JSGlobalData.h: Added storage for last parsed Date. Refactored
-        this code to make resetting the date cache easier.
-
-        * runtime/JSGlobalObject.h:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Updated for
-        refactoring.
-
-        * wtf/DateMath.cpp:
-        (JSC::parseDateFromNullTerminatedCharacters):
-        * wtf/DateMath.h: Changed ExecState to be first parameter, as is the JSC custom.
-
-2009-11-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Can cache prototype lookups on uncacheable dictionaries.
-        https://bugs.webkit.org/show_bug.cgi?id=31198
-
-        Replace fromDictionaryTransition with flattenDictionaryObject and
-        flattenDictionaryStructure.  This change is necessary as we need to
-        guarantee that our attempt to convert away from a dictionary structure
-        will definitely succeed, and in some cases this requires mutating the
-        object storage itself.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/JSObject.h:
-        (JSC::JSObject::flattenDictionaryObject):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        * runtime/Structure.cpp:
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::comparePropertyMapEntryIndices):
-        * runtime/Structure.h:
-
-2009-11-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Not reviewed, build fix.
-
-        Remove extra character from r50701.
-
-        * JavaScriptCore.pri:
-
-2009-11-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Not reviewed, build fix.
-
-        Revert r50695 because it broke QtWebKit (clean builds).
-
-        * JavaScriptCore.pri:
-
-2009-11-09  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Prepended $$PWD to GENERATED_SOURCES_DIR to avoid potential ambiguities when included from WebCore.pro.
-        Some preprocessors consider this GENERATED_SOURCES_DIR relative to current invoking dir (e.g., ./WebCore),
-        and not the working dir of JavaCriptCore.pri (i.e., ../JavaScriptCore/).
-
-        * JavaScriptCore.pri:
-
-2009-11-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Use explicit parentheses to silence gcc 4.4 -Wparentheses warnings
-        https://bugs.webkit.org/show_bug.cgi?id=31040
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-11-08  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (speculative snow leopard and windows build fixes).
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-        (JSC::gregorianDateTimeToMS):
-        (JSC::msToGregorianDateTime):
-        (JSC::parseDateFromNullTerminatedCharacters):
-        * wtf/DateMath.h:
-        (JSC::GregorianDateTime::GregorianDateTime):
-
-2009-11-08  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (chromium build fix).
-        
-        Hopefully, the last build fix.
-
-        Create better separation in DateMath about the JSC
-        and non-JSC portions. Also, only expose the non-JSC
-        version in the exports.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-        (JSC::getUTCOffset):
-        (JSC::gregorianDateTimeToMS):
-        (JSC::msToGregorianDateTime):
-        (JSC::parseDateFromNullTerminatedCharacters):
-        * wtf/DateMath.h:
-        (JSC::gmtoffset):
-
-2009-11-08  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (chromium build fix).
-
-        For the change in DateMath.
-
-        * config.h:
-        * wtf/DateMath.cpp:
-
-2009-11-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: export some symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-11-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: updated export file.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2009-11-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: added some #includes.
-
-        * wtf/CurrentTime.h:
-        * wtf/DateMath.h:
-
-2009-11-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=31197
-        Implemented a timezone cache not based on Mac OS X's notify_check API.
-        
-        If the VM calculates the local timezone offset from UTC, it caches the
-        result until the end of the current VM invocation. (We don't want to cache
-        forever, because the user's timezone may change over time.)
-        
-        This removes notify_* overhead on Mac, and, more significantly, removes
-        OS time and date call overhead on non-Mac platforms.
-
-        ~8% speedup on Date microbenchmark on Mac. SunSpider reports maybe a tiny
-        speedup on Mac. (Speedup on non-Mac platforms should be even more noticeable.)
-
-        * JavaScriptCore.exp:
-
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * runtime/JSGlobalObject.h:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Made the 
-        DynamicGlobalObjectScope constructor responsible for checking whether a
-        dynamicGlobalObject has already been set. This eliminated some duplicate
-        client code, and allowed me to avoid adding even more duplicate client
-        code. Made DynamicGlobalObjectScope responsible for resetting the
-        local timezone cache upon first entry to the VM.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::callDate):
-        (JSC::dateParse):
-        (JSC::dateUTC):
-        * runtime/DateConversion.cpp:
-        (JSC::parseDate):
-        * runtime/DateConversion.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::gregorianDateTime):
-        * runtime/DateInstance.h:
-        * runtime/DateInstanceCache.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * wtf/DateMath.cpp:
-        (WTF::getCurrentUTCTime):
-        (WTF::getCurrentUTCTimeWithMicroseconds):
-        (WTF::getLocalTime):
-        (JSC::getUTCOffset): Use the new cache. Also, see below.
-        (JSC::gregorianDateTimeToMS):
-        (JSC::msToGregorianDateTime):
-        (JSC::initializeDates):
-        (JSC::parseDateFromNullTerminatedCharacters): Simplified the way this function
-        accounts for the local timezone offset, to accomodate our new caching API,
-        and a (possibly misguided) caller in WebCore. Also, see below.
-        * wtf/DateMath.h:
-        (JSC::GregorianDateTime::GregorianDateTime): Moved most of the code in
-        DateMath.* into the JSC namespace. The code needed to move so it could
-        naturally interact with ExecState and JSGlobalData to support caching.
-        Logically, it seemed right to move it, too, since this code is not really
-        as low-level as the WTF namespace might imply -- it implements a set of
-        date parsing and conversion quirks that are finely tuned to the JavaScript
-        language. Also removed the Mac OS X notify_* infrastructure.
-        
-        * wtf/CurrentTime.h:
-        (WTF::currentTimeMS):
-        (WTF::getLocalTime): Moved the rest of the DateMath code here, and renamed
-        it to make it consistent with WTF's currentTime function.
-
-2009-11-06  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Unreviewed trivial buildfix after r50595.
-
-        Rename the remaining rshiftPtr calls to rshift32
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_rshift):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitFastArithImmToInt):
-
-2009-11-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Tidy up the shift methods on the macro-assembler interface.
-
-        Currently behaviour of shifts of a magnitude > 0x1f is undefined.
-        Instead defined that all shifts are masked to this range.  This makes a lot of
-        practical sense, both since having undefined behaviour is not particularly
-        desirable, and because this behaviour is commonly required (particularly since
-        it is required bt ECMA-262 for shifts).
-
-        Update the ARM assemblers to provide this behaviour.  Remove (now) redundant
-        masks from JITArithmetic, and remove rshiftPtr (this was used in case that
-        could be rewritten in a simpler form using rshift32, only optimized JSVALUE32
-        on x86-64, which uses JSVALUE64!)
-
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::lshift32):
-        (JSC::MacroAssemblerARM::rshift32):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::lshift32):
-        (JSC::MacroAssemblerARMv7::rshift32):
-        * assembler/MacroAssemblerX86_64.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-
-2009-11-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Oliver Hunt.
-
-        Remove a magic number (1) from the JIT, instead compute the value with OBJECT_OFFSET.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutJITStubArg):
-        (JSC::JIT::emitPutJITStubArgConstant):
-        (JSC::JIT::emitGetJITStubArg):
-        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::JITStubCall):
-        (JSC::JITStubCall::getArgument):
-        * jit/JITStubs.h:
-
-2009-11-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31159
-        Fix branchDouble behaviour on ARM THUMB2 JIT.
-
-        The x86 branchDouble behaviour is reworked, and all JIT
-        ports should follow the x86 port. See bug 31104 and 31151
-
-        This patch contains a fix for the traditional ARM port
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::fmrs_r):
-        (JSC::ARMAssembler::ftosid_r):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::):
-        (JSC::MacroAssemblerARM::branchDouble):
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
-
-2009-11-05  Chris Jerdonek  <chris.jerdonek@gmail.com>
-
-        Reviewed by Eric Seidel.
-
-        Removed the "this is part of the KDE project" comments from 
-        all *.h, *.cpp, *.idl, and *.pm files.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=31167
-        
-        The maintenance and architecture page in the project wiki lists
-        this as a task.
-        
-        This change includes no changes or additions to test cases 
-        since the change affects only comments.
-        
-        * wtf/wince/FastMallocWince.h:
-
-2009-11-05  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Use ARMv7 specific encoding for immediate constants on ARMv7 target
-        https://bugs.webkit.org/show_bug.cgi?id=31060
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::getOp2): Use INVALID_IMM
-        (JSC::ARMAssembler::getImm): Use encodeComplexImm for complex immediate
-        (JSC::ARMAssembler::moveImm): Ditto.
-        (JSC::ARMAssembler::encodeComplexImm): Encode a constant by one or two
-        instructions or a PC relative load.
-        * assembler/ARMAssembler.h: Use INVALID_IMM if a constant cannot be
-        encoded as an immediate constant.
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::movw_r): 16-bit immediate load
-        (JSC::ARMAssembler::movt_r): High halfword 16-bit immediate load
-        (JSC::ARMAssembler::getImm16Op2): Encode immediate constant for
-        movw_r and mowt_r
-
-2009-11-04  Mark Mentovai  <mark@chromium.org>
-
-        Reviewed by Mark Rowe.
-
-        Provide TARGETING_TIGER and TARGETING_LEOPARD as analogues to
-        BUILDING_ON_TIGER and BUILDING_ON_LEOPARD.  The TARGETING_ macros
-        consider the deployment target; the BUILDING_ON_ macros consider the
-        headers being built against.
-
-        * wtf/Platform.h:
-
-2009-11-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31151
-        Fix branchDouble behaviour on ARM THUMB2 JIT.
-
-        The ARMv7 JIT is currently using ARMv7Assembler::ConditionEQ to branch
-        for DoubleEqualOrUnordered, however this is incorrect - ConditionEQ won't
-        branch on unordered operands.  Similarly, DoubleLessThanOrUnordered &
-        DoubleLessThanOrEqualOrUnordered use ARMv7Assembler::ConditionLO &
-        ARMv7Assembler::ConditionLS, whereas they should be using
-        ARMv7Assembler::ConditionLT & ARMv7Assembler::ConditionLE.
-
-        Fix these, and fill out the missing DoubleConditions.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::):
-        (JSC::MacroAssemblerARMv7::branchDouble):
-
-2009-11-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Oliver Hunt.
-
-        Enable native call optimizations on ARMv7.  (Existing ARM_TRADITIONAL
-        implementation was generic, worked perfectly, just needed turning on).
-
-        * jit/JITOpcodes.cpp:
-        * wtf/Platform.h:
-
-2009-11-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Mark Rowe, Oliver Hunt, and Sam Weinig.
-
-        Add a missing assert to the ARMv7 JIT.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMThumbImmediate::ARMThumbImmediate):
-
-2009-11-04  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Remove bogus op_ prefix on dumped version of three opcodes.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-
-2009-11-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix dumping of constants in bytecode so that they aren't printed as large positive register numbers.
-
-        We do this by having the registerName function return information about the constant if the register
-        number corresponds to a constant.  This requires that registerName, and several functions that call it,
-        be converted to member functions of CodeBlock so that the constant value can be retrieved.  The
-        ExecState also needs to be threaded down through these functions so that it can be passed on to
-        constantName when needed.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::constantName):
-        (JSC::CodeBlock::registerName):
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isConstantRegisterIndex):
-
-2009-11-04  Pavel Heimlich  <tropikhajma@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=30647
-        Solaris build failure due to strnstr.
-
-        * wtf/StringExtras.h: Enable strnstr on Solaris, too.
-
-2009-11-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=31104
-        Refactor x86-specific behaviour out of the JIT.
-
-        - Add explicit double branch conditions for ordered and unordered comparisons (presently the brehaviour is a mix).
-        - Refactor double to int conversion out into the MacroAssembler.
-        - Remove broken double to int conversion for !JSVALUE32_64 builds - this code was broken and slowing us down, fixing it showed it not to be an improvement.
-        - Remove exclusion of double to int conversion from (1 % X) cases in JSVALUE32_64 builds - if this was of benefit this is no longer the case; simplify.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::):
-        (JSC::MacroAssemblerX86Common::convertInt32ToDouble):
-        (JSC::MacroAssemblerX86Common::branchDouble):
-        (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jfalse):
-
-2009-11-04  Mark Mentovai  <mark@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Remove BUILDING_ON_LEOPARD from JavaScriptCore.gyp.  This is supposed
-        to be set as needed only in wtf/Platform.h.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2009-11-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION (r48573): JSC may incorrectly cache chain lookups with a dictionary at the head of the chain
-        https://bugs.webkit.org/show_bug.cgi?id=31045
-
-        Add guards to prevent caching of prototype chain lookups with dictionaries at the
-        head of the chain.  Also add a few tighter assertions to cached prototype lookups
-        to catch this in future.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-
-2009-11-02  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        PLATFORM(CF) should be set when building for Qt on Darwin
-        https://bugs.webkit.org/show_bug.cgi?id=23671
-
-        * wtf/Platform.h: Turn on CF support if both QT and DARWIN
-        platforms are defined.
-
-2009-11-02  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by David Levin.
-
-        Remove threadsafe refcounting from tasks used with WTF::MessageQueue.
-        https://bugs.webkit.org/show_bug.cgi?id=30612
-
-        * wtf/MessageQueue.h:
-        (WTF::MessageQueue::alwaysTruePredicate):
-        (WTF::MessageQueue::~MessageQueue):
-        (WTF::MessageQueue::append):
-        (WTF::MessageQueue::appendAndCheckEmpty):
-        (WTF::MessageQueue::prepend):
-        (WTF::MessageQueue::waitForMessage):
-        (WTF::MessageQueue::waitForMessageFilteredWithTimeout):
-        (WTF::MessageQueue::tryGetMessage):
-        (WTF::MessageQueue::removeIf):
-        The MessageQueue is changed to act as a queue of OwnPtr<DataType>. It takes ownership
-        of posted tasks and passes it to the new owner (in another thread) when the task is fetched.
-        All methods have arguments of type PassOwnPtr<DataType> and return the same type.
-
-        * wtf/Threading.cpp:
-        (WTF::createThread):
-        Superficial change to trigger rebuild of JSC project on Windows,
-        workaround for https://bugs.webkit.org/show_bug.cgi?id=30890
-
-2009-10-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed failing layout test: restore a special case I accidentally deleted.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::setNewValueFromDateArgs): In the case of applying a change to a date
-        that is NaN, reset the date to 0 *and* then apply the change; don't just
-        reset the date to 0.
-
-2009-10-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: update for object-to-pointer change.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-
-2009-10-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=30942
-        Use pointers instead of copies to pass GregorianDateTime objects around.
-        
-        SunSpider reports a shocking 4.5% speedup on date-format-xparb, and 1.3%
-        speedup on date-format-tofte.
-
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::gregorianDateTime):
-        * runtime/DateInstance.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear): Renamed getGregorianDateTime to gregorianDateTime,
-        since it no longer has an out parameter. Uses 0 to indicate invalid dates.
-
-2009-10-30  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's ListHashSet
-        https://bugs.webkit.org/show_bug.cgi?id=30853
-
-        Inherits ListHashSet class from FastAllocBase because it is
-        instantiated by 'new' in WebCore/rendering/RenderBlock.cpp:1813.
-
-        * wtf/ListHashSet.h:
-
-2009-10-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Regression: crash enumerating properties of an object with getters or setters
-        https://bugs.webkit.org/show_bug.cgi?id=30948
-
-        Add a guard to prevent us trying to cache property enumeration on
-        objects with getters or setters.
-
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-
-2009-10-30  Roland Steiner  <rolandsteiner@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Remove ENABLE_RUBY guards as discussed with Dave Hyatt and Maciej Stachowiak.
-
-        Bug 28420 -  Implement HTML5 <ruby> rendering
-        (https://bugs.webkit.org/show_bug.cgi?id=28420)
- 
-        No new tests (no functional change).
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-10-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        REGRESSION (r50218-r50262): E*TRADE accounts page is missing content
-        https://bugs.webkit.org/show_bug.cgi?id=30947
-        <rdar://problem/7348833>
-
-        The logic for flagging that a structure has non-enumerable properties
-        was in addPropertyWithoutTransition, rather than in the core Structure::put
-        method.  Despite this I was unable to produce a testcase that caused
-        the failure that etrade was experiencing, but the new assertion in
-        getEnumerablePropertyNames triggers on numerous layout tests without
-        the fix, so in effecti all for..in enumeration in any test ends up
-        doing the required consistency check.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::put):
-        (JSC::Structure::getEnumerablePropertyNames):
-        (JSC::Structure::checkConsistency):
-
-2009-10-29  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Add cacheFlush support for Thumb-2 on Linux
-        https://bugs.webkit.org/show_bug.cgi?id=30865
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2009-10-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JSC JIT on ARMv7 cannot link jumps >16Mb range
-        https://bugs.webkit.org/show_bug.cgi?id=30891
-
-        Start planing all relative jumps as move-32-bit-immediate-to-register-BX.
-        In the cases where the jump would fall within a relative jump range, use a relative jump.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::~ARMv7Assembler):
-        (JSC::ARMv7Assembler::LinkRecord::LinkRecord):
-        (JSC::ARMv7Assembler::):
-        (JSC::ARMv7Assembler::executableCopy):
-        (JSC::ARMv7Assembler::linkJump):
-        (JSC::ARMv7Assembler::relinkJump):
-        (JSC::ARMv7Assembler::setInt32):
-        (JSC::ARMv7Assembler::isB):
-        (JSC::ARMv7Assembler::isBX):
-        (JSC::ARMv7Assembler::isMOV_imm_T3):
-        (JSC::ARMv7Assembler::isMOVT):
-        (JSC::ARMv7Assembler::isNOP_T1):
-        (JSC::ARMv7Assembler::isNOP_T2):
-        (JSC::ARMv7Assembler::linkJumpAbsolute):
-        (JSC::ARMv7Assembler::twoWordOp5i6Imm4Reg4EncodedImmFirst):
-        (JSC::ARMv7Assembler::twoWordOp5i6Imm4Reg4EncodedImmSecond):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::makeJump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-        * jit/JIT.h:
-        * wtf/Platform.h:
-
-2009-10-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Improve for..in enumeration performance
-        https://bugs.webkit.org/show_bug.cgi?id=30887
-
-        Improve indexing of an object with a for..in iterator by
-        identifying cases where get_by_val is being used with a iterator
-        as the subscript and replace it with a new get_by_pname
-        bytecode.  get_by_pname then optimizes lookups that directly access
-        the base object.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetByVal):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::pushOptimisedForIn):
-        (JSC::BytecodeGenerator::popOptimisedForIn):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::emit_op_get_by_pname):
-        (JSC::JIT::emitSlow_op_get_by_pname):
-        * parser/Nodes.cpp:
-        (JSC::ForInNode::emitBytecode):
-        * runtime/JSObject.h:
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::getOffset):
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        * runtime/JSValue.h:
-        (JSC::JSValue::):
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::addAnonymousSlotsTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-          Track the existence (or not) of non-enumerable properties.
-        * runtime/Structure.h:
-        (JSC::Structure::propertyStorageCapacity):
-        (JSC::Structure::propertyStorageSize):
-        (JSC::Structure::hasNonEnumerableProperties):
-        (JSC::Structure::hasAnonymousSlots):
-
-2009-10-28  Dmitry Titov  <dimich@chromium.org>
-
-        Not reviewed, attemp to fix Windows build.
-
-        Touch the cpp file to cause recompile.
-
-        * wtf/Threading.cpp:
-        (WTF::threadEntryPoint):
-
-2009-10-28  Dmitry Titov  <dimich@chromium.org>
-
-        Reviewed by David Levin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=30805
-        Add MessageQueue::removeIf(Predicate&) to remove certain tasks without pulling them from the queue.
-        Existing Database tests cover this since Database removes tasks when it is stopped.
-
-        * wtf/MessageQueue.h:
-        (WTF::::removeIf):
-
-2009-10-28  Afonso R. Costa Jr.  <afonso.costa@openbossa.org>
-
-        Reviewed by Oliver Hunt.
-
-        [Qt] Enable YARR when YARR_JIT is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=30730
-
-        When enabling or disabling JIT using JAVASCRIPTCORE_JIT, the ENABLE_YARR should
-        be toggled also.
-
-        * JavaScriptCore.pri:
-
-2009-10-24  Martin Robinson  <martin.james.robinson@gmail.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix strict aliasing warning by switching reinterpret_cast to bitwise_cast.
-
-        strict-aliasing warnings in JSFunction.h
-        https://bugs.webkit.org/show_bug.cgi?id=27869
-
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::nativeFunction):
-        (JSC::JSFunction::scopeChain):
-        (JSC::JSFunction::setScopeChain):
-        (JSC::JSFunction::setNativeFunction):
-
-2009-10-28  Jan-Arve Sæther <jan-arve.saether@nokia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Build-fix for 64-bit Windows
-
-        * wtf/Platform.h: Make sure to use WTF_USE_JSVALUE64
-
-2009-10-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix!).
-
-        * jit/JIT.h:
-
-2009-10-26  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Rubber-stamped by Darin Adler.
-
-        Export fastMalloc, fastCalloc, fastRealloc and fastFree on GCC/Unix
-        https://bugs.webkit.org/show_bug.cgi?id=30769
-
-        When using -fvisibility=hidden to hide all internal symbols by default
-        the malloc symbols will be hidden as well. For memory instrumentation
-        it is needed to provide an instrumented version of these symbols and
-        override the normal routines and by changing the visibility back to
-        default this becomes possible.
-
-        The only other solution would be to use system malloc instead of the
-        TCmalloc implementation but this will not allow to analyze memory
-        behavior with the default allocator.
-
-        * wtf/FastMalloc.h: Define WTF_FAST_MALLOC_EXPORT for GCC and !darwin
-
-2009-10-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Samuel Q. Weinig.
-
-        Make the asserts protecting the offsets in the JIT more descriptive.
-
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emit_op_put_by_id):
-
-2009-10-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A little bit of refactoring in the date code.
-
-        * JavaScriptCore.exp: Don't export this unused symbol.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h: Removed some unused functions. Changed the default
-        constructor to ensure that a DateInstance is always initialized.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype): Pass an initializer to our constructor,
-        since it now requires one.
-
-        * wtf/DateMath.cpp:
-        (WTF::msToGregorianDateTime): Only compute our offset from UTC if our
-        output will require it. Otherwise, our offset is 0.
-
-2009-10-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Mark DateInstaceCache.h private, so other frameworks can see it.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-10-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: re-readded this file.
-
-        * runtime/DateInstanceCache.h: Added.
-        (JSC::DateInstanceData::create):
-        (JSC::DateInstanceData::DateInstanceData):
-        (JSC::DateInstanceCache::DateInstanceCache):
-        (JSC::DateInstanceCache::add):
-        (JSC::DateInstanceCache::lookup):
-
-2009-10-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler and Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=30800
-        Cache recently computed date data.
-        
-        SunSpider reports a ~0.5% speedup, mostly from date-format-tofte.js.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new file.
-
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        (JSC::DateInstance::getGregorianDateTime): Use the shared cache.
-
-        * runtime/DateInstance.h: Renamed m_cache to m_data, to avoid the confusion
-        of a "cache cache".
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear): Pass an ExecState to these functions, so they
-        can access the DateInstanceCache.
-
-        * runtime/JSGlobalData.h: Keep a DateInstanceCache.
-
-2009-10-27  James Robinson  <jamesr@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        Ensures that JavaScriptCore/wtf/CurrentTime.cpp is not built in PLATFORM(CHROMIUM) builds.
-
-        Chromium uses a different method to calculate the current time than is used in
-        JavaScriptCore/wtf/CurrentTime.cpp. This can lead to time skew when calls to currentTime() and Chromium's time
-        function are mixed.  In particular, timers can get scheduled in the past which leads to 100% CPU use.
-        See http://code.google.com/p/chromium/issues/detail?id=25892 for an example.
-
-        https://bugs.webkit.org/show_bug.cgi?id=30833
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * wtf/CurrentTime.cpp:
-
-2009-10-27  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Rubber-stamped by Tor Arne Vestbø.
-
-        Fix typo in RegexInterpreter.cpp and RegexJIT.cpp alterantive to
-        alternative.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::alternativeBodyDisjunction):
-        (JSC::Yarr::ByteCompiler::alternativeDisjunction):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-
-2009-10-26  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Make .rc files compile on Windows without depending on MFC headers
-        https://bugs.webkit.org/show_bug.cgi?id=30750
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Use
-        winresrc.h because it exists even when MFC is not installed, and is
-        all that's needed here.
-
-2009-10-26  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        The thunkReturnAddress is on JITStackFrame on ARM JIT as well
-        https://bugs.webkit.org/show_bug.cgi?id=30782
-
-        Move the thunkReturnAddress from top of the stack into the JITStackFrame
-        structure. This is a requirement for JSValue32_64 support on ARM.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::ret): Return with link register
-        (JSC::MacroAssemblerARM::prepareCall): Store the return address in link register
-        * jit/JIT.h: Remove unused ctiReturnRegister
-        * jit/JITInlineMethods.h: Same as ARMv7
-        (JSC::JIT::restoreArgumentReference): Ditto.
-        (JSC::JIT::restoreArgumentReferenceForTrampoline): Ditto.
-        * jit/JITOpcodes.cpp: Remove ctiReturnRegister related instruction
-        * jit/JITStubs.cpp: Store thunkReturnAddress on JITStackFrame. Use
-        small trampoline functions which handle return addresses for each
-        CTI_STUB_FUNCTION.
-        * jit/JITStubs.h: Store thunkReturnAddress on JITStackFrame
-        (JSC::JITStackFrame::returnAddressSlot): Return with the address of thunkReturnAddress
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter): Remove the unnecessary instruction
-
-2009-10-26  Steve Block  <steveblock@google.com>
-
-        Reviewed by Darin Adler.
-
-        Adds ability to disable ReadWriteLock on platforms (eg Android) that use pthreads but do not support pthread_rwlock.
-        https://bugs.webkit.org/show_bug.cgi?id=30713
-
-        * wtf/Platform.h: Modified. Defines HAVE_PTHREAD_RWLOCK for all platforms currently using pthreads.
-        * wtf/Threading.h: Modified. Use pthread_rwlock_t only when HAVE_PTHREAD_RWLOCK is defined.
-        * wtf/ThreadingPthreads.cpp: Modified. Build ReadWriteLock methods only when HAVE_PTHREAD_RWLOCK is defined.
-
-2009-10-24  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Holger Freyther.
-
-        [Qt] [Symbian] Set the capability and memory required to run QtWebKit for Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=30476
-
-        Assign ReadUserData WriteUserData NetworkServices Symbian capabilities
-        to jsc.exe.
-
-        * jsc.pro:
-
-2009-10-23  Steve Block  <steveblock@google.com>
-
-        Reviewed by Dmitry Titov.
-
-        Fixes a leak in createThreadInternal on Android.
-        https://bugs.webkit.org/show_bug.cgi?id=30698
-
-        * wtf/ThreadingPthreads.cpp: Modified.
-        (WTF::createThreadInternal): Avoid leaking a ThreadData object on failure.
-
-2009-10-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fixed ASSERT when opening Safari's Caches window while the Web Inspector
-        is open.
-
-        * runtime/Collector.cpp:
-        (JSC::typeName): Added two new types to the type name list in the Collector.
-        These types have been around for a while, but nobody remembered to consider them here.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::isPropertyNameIterator):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::isPropertyNameIterator): Give the Collector
-        a way to tell if a cell is a JSPropertyNameIterator.
-
-2009-10-22  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Jon Honeycutt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=30686
-        Remove debug-specific def file.
-        Only Debug_All target uses JavaScriptCore_debug.dll naming, and since
-        that target is only used internally, maintaining two files just to
-        suppress a single link warning isn't worthwhile.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Removed.
-
-2009-10-21  Jon Honeycutt  <jhoneycutt@apple.com>
-
-        <rdar://problem/7270320> Screenshots of off-screen plug-ins are blank
-        <rdar://problem/7270314> After halting a transparent PluginView on
-        Windows, the transparency is applied twice
-
-        Reviewed by Dan Bernstein.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Export WTF::deleteOwnedPtr(HDC).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        Ditto.
-
-2009-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: updated variable name.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-
-2009-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_next_pname): Slightly tweaked this #ifdef to match the
-        size of a JSValue because m_jsStrings is an array of JSValues.
-
-2009-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Fixed a 64-bit regression caused by the fix for
-        https://bugs.webkit.org/show_bug.cgi?id=30570.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_next_pname): Use TimesEight stepping on 64-bit, since
-        64-bit pointers are eight bytes long.
-
-2009-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Refactored DateInstance::msToGregorianDateTime so that a DateInstance's
-        caller doesn't need to supply the DateInstance's own internal value to
-        the DateInstance.
-
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::getGregorianDateTime): Renamed from "msToGregorianDateTime".
-
-        * runtime/DateInstance.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear): Also renamed "utc" to "outputIsUTC", for clarity.
-
-2009-10-20  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        The op_next_pname should use 4 bytes addressing mode in case of JSValue32
-        https://bugs.webkit.org/show_bug.cgi?id=30570
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_next_pname):
-
-2009-10-20  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Move OverridesMarkChildren flag from DatePrototype to its parent class
-        https://bugs.webkit.org/show_bug.cgi?id=30372
-
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::createStructure):
-        * runtime/DatePrototype.h:
-
-2009-10-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Tightened up some put_by_id_transition code generation.
-        https://bugs.webkit.org/show_bug.cgi?id=30539
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition): No need to do object type
-        checks or read Structures and prototypes from objects: they're all known
-        constants at compile time.
-
-2009-10-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Added a private API for getting a global context from a context, for
-        clients who want to preserve a context for a later callback.
-
-        * API/APICast.h:
-        (toGlobalRef): Added an ASSERT, since this function is used more often
-        than before.
-
-        * API/JSContextRef.cpp:
-        * API/JSContextRefPrivate.h: Added. The new API.
-
-        * API/tests/testapi.c:
-        (print_callAsFunction):
-        (main): Test the new API.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Build and export the new API.
-
-2009-10-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Tightened up some instanceof code generation.
-        https://bugs.webkit.org/show_bug.cgi?id=30488
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof): No need to do object type checks - 
-        cell type checks and ImplementsDefaultHasIntance checks implicitly
-        supersede object type checks.
-
-2009-10-18  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Use _stricmp and _strnicmp instead of deprecated stricmp and strnicmp.
-        https://bugs.webkit.org/show_bug.cgi?id=30474
-
-        stricmp and strnicmp are deprecated beginning in Visual
-        C++ 2005. Use _stricmp and _strnicmp instead in StringExtras.h.
-
-        * wtf/StringExtras.h:
-        (strncasecmp):
-        (strcasecmp):
-
-2009-10-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: apparently we shouldn't export those symbols?
-
-        * JavaScriptCore.exp:
-
-2009-10-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: export some symbols.
-
-        * JavaScriptCore.exp:
-
-2009-10-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        structure typeinfo flags should be inherited.
-        https://bugs.webkit.org/show_bug.cgi?id=30468
-
-        Add StructureFlag constant to the various JSC classes and use
-        it for the TypeInfo construction.  This allows us to simply
-        accumulate flags by basing each classes StructureInfo on its parents.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSByteArray.h:
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-
-2009-10-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fast for-in enumeration: Cache JSPropertyNameIterator; cache JSStrings
-        in JSPropertyNameIterator; inline more code.
-
-        1.024x as fast on SunSpider (fasta: 1.43x as fast).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetPropertyNames):
-        (JSC::BytecodeGenerator::emitNextPropertyName):
-        * bytecompiler/BytecodeGenerator.h: Added a few extra operands to
-        op_get_pnames and op_next_pname so that we can track iteration state
-        in the register file instead of in the JSPropertyNameIterator. (To be
-        cacheable, the JSPropertyNameIterator must be stateless.)
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID): Updated for rename to
-        "normalizePrototypeChain" and removal of "isCacheable". 
-
-        (JSC::Interpreter::privateExecute): Updated for in-RegisterFile
-        iteration state tracking.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_pnames): Updated for in-RegisterFile
-        iteration state tracking.
-
-        (JSC::JIT::emit_op_next_pname): Inlined code generation for op_next_pname.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID): Updated for rename to
-        "normalizePrototypeChain" and removal of "isCacheable". 
-
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::): Added has_property and to_object stubs. Removed op_next_pname
-        stub, since has_property is all we need anymore.
-
-        * parser/Nodes.cpp:
-        (JSC::ForInNode::emitBytecode): Updated for in-RegisterFile
-        iteration state tracking.
-
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames): Don't do caching at this layer
-        anymore, since we don't create a JSPropertyNameIterator at this layer.
-
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create): Do do caching at this layer.
-        (JSC::JSPropertyNameIterator::get):  Updated for in-RegisterFile
-        iteration state tracking.
-        (JSC::JSPropertyNameIterator::markChildren): Mark our JSStrings.
-
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::size):
-        (JSC::JSPropertyNameIterator::setCachedStructure):
-        (JSC::JSPropertyNameIterator::cachedStructure):
-        (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
-        (JSC::JSPropertyNameIterator::cachedPrototypeChain):
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::Structure::setEnumerationCache): Don't store iteration state in
-        a JSPropertyNameIterator. Do cache a JSPropertyNameIterator in a
-        Structure.
-
-        * runtime/JSValue.h:
-        (JSC::asCell):
-        * runtime/MarkStack.h: Make those mischievous #include gods happy.
-
-        * runtime/ObjectConstructor.cpp:
-
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain): Renamed countPrototypeChainEntriesAndCheckForProxies
-        to normalizePrototypeChain, since it changes dictionary prototypes to
-        non-dictionary objects.
-
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArrayData::PropertyNameArrayData):
-        (JSC::PropertyNameArray::data):
-        (JSC::PropertyNameArray::size):
-        (JSC::PropertyNameArray::begin):
-        (JSC::PropertyNameArray::end): Simplified some code here to help with
-        current and future refactoring.
-
-        * runtime/Protect.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition): No need to clear
-        the enumeration cache with adding / removing properties without
-        transition. It is an error to add / remove properties without transition
-        once an object has been observed, and we can ASSERT to catch that.
-
-        * runtime/Structure.h:
-        (JSC::Structure::enumerationCache): Changed the enumeration cache to
-        hold a JSPropertyNameIterator.
-
-        * runtime/StructureChain.cpp:
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::head): Removed StructureChain::isCacheable because
-        it was wrong-headed in two ways: (1) It gave up when a prototype was a
-        dictionary, but instead we want un-dictionary heavily accessed
-        prototypes; (2) It folded a test for hasDefaultGetPropertyNames() into
-        a generic test for "cacheable-ness", but hasDefaultGetPropertyNames()
-        is only releavant to for-in caching.
-
-2009-10-16  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Add a Debug_All configuration to build entire stack as debug.
-        Change Debug_Internal to:
-        - stop using _debug suffix for all WebKit/Safari binaries
-        - not use _debug as a DLL naming suffix
-        - use non-debug C runtime lib.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Debug build in makefile should build Debug_All.
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add Debug_All configuration.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Add Debug_All configuration.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Renamed single configuration from "Release" to "all".
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add Debug_All configuration.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add Debug_All configuration.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Add Debug_All configuration.
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Add Debug_All configuration.
-
-2009-10-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make typeinfo flags default to false
-        https://bugs.webkit.org/show_bug.cgi?id=30372
-
-        Last part -- replace HasDefaultGetPropertyNames with OverridesGetPropertyNames
-        flag.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::overridesGetPropertyNames):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::isCacheable):
-
-2009-10-16  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wxMSW build fix, we can't use the simple hash there because the PlatformModuleVersion 
-        structure differs.
-
-        * wtf/Platform.h:
-
-2009-10-16  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Implement ExecutableAllocator for Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=29946
-
-        Tested with YARR JIT enabled for Symbian; 
-        This patch does not (yet) enable YARR JIT by default.
-
-        * JavaScriptCore.pri:
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorSymbian.cpp: Added.
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-
-2009-10-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Make typeinfo flags default to false
-        https://bugs.webkit.org/show_bug.cgi?id=30372
-
-        Part 2 -- Reverse the TypeInfo HasDefaultMark flag to OverridesMarkChildren, etc
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        (JSC::MarkStack::markChildren):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::JSString::createStructure):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::overridesMarkChildren):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-
-2009-10-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Make typeinfo flags default to false
-        https://bugs.webkit.org/show_bug.cgi?id=30372
-        
-        Part 1. Reverse the HasStandardGetOwnPropertySlot flag.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        (JSC::JSCell::fastGetOwnPropertySlot):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::JSString::createStructure):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::overridesGetOwnPropertySlot):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-
-2009-10-14  Kevin Ollivier  <kevino@theolliviers.com>
-2009-10-14  Darin Adler  <darin@apple.com>
-
-        Additions so fix for https://bugs.webkit.org/show_bug.cgi?id=18994
-        can build on Windows.
-
-        * wtf/MathExtras.h: Added llround and llroundf for Windows.
-
-2009-10-14  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Set ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for plugins while we're still building stubs.
-
-        * wtf/Platform.h:
-
-2009-10-13  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Refactor ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH
-        https://bugs.webkit.org/show_bug.cgi?id=30278
-
-        Move the definition of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH
-        from the make system into common code.
-
-        * wtf/Platform.h:
-
-2009-10-13  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        ARM compiler does not understand reinterpret_cast<void*>
-        https://bugs.webkit.org/show_bug.cgi?id=29034
-
-        Change reinterpret_cast<void*> to regular C style (void*) cast 
-        for the ARM RVCT compiler.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr): 
-        * jit/JITOpcodes.cpp: Cast to FunctionPtr first 
-           instead of directly casting to reinterpret_cast
-        * jit/JITStubCall.h: Ditto + change the type of m_stub
-          from void* to FunctionPtr.
-        (JSC::JITStubCall::JITStubCall): 
-        (JSC::JITStubCall::call):
-        * jit/JITStubs.cpp: Ditto.
-        (JSC::DEFINE_STUB_FUNCTION(EncodedJSValue, op_throw)):
-
-2009-10-11  Oliver Hunt  <oliver@apple.com>
-
-        Re-enable the JIT.
-
-        * wtf/Platform.h:
-
-2009-10-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Support for String.trim(), String.trimLeft() and String.trimRight() methods
-        https://bugs.webkit.org/show_bug.cgi?id=26590
-
-        Implement trim, trimLeft, and trimRight
-
-        * runtime/StringPrototype.cpp:
-        (JSC::isTrimWhitespace):
-           Our normal string whitespace function does not include U+200B which
-           is needed for compatibility with mozilla's implementation of trim.
-           U+200B does not appear to be expected according to spec, however I am
-           choosing to be lax, and match mozilla behavior so have added this
-           exception.
-        (JSC::trimString):
-
-2009-10-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Eliminated some legacy bytecode weirdness.
-        
-        Use vPC[x] subscripting instead of ++vPC to access instruction operands.
-        This is simpler, and often more efficient.
-
-        To support this, and to remove use of hard-coded offsets in bytecode and
-        JIT code generation and dumping, calculate jump offsets from the beginning
-        of an instruction, rather than the middle or end.
-        
-        Also, use OPCODE_LENGTH instead of hard-coded constants for the sizes of
-        opcodes.
-        
-        SunSpider reports no change in JIT mode, and a 1.01x speedup in Interpreter
-        mode.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::printConditionalJump):
-        (JSC::CodeBlock::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJump):
-        (JSC::BytecodeGenerator::emitJumpIfTrue):
-        (JSC::BytecodeGenerator::emitJumpIfFalse):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-        (JSC::BytecodeGenerator::emitJumpScopes):
-        (JSC::BytecodeGenerator::emitNextPropertyName):
-        (JSC::BytecodeGenerator::emitCatch):
-        (JSC::BytecodeGenerator::emitJumpSubroutine):
-        (JSC::prepareJumpTableForImmediateSwitch):
-        (JSC::prepareJumpTableForCharacterSwitch):
-        (JSC::prepareJumpTableForStringSwitch):
-        (JSC::BytecodeGenerator::endSwitch):
-        * bytecompiler/Label.h:
-        (JSC::Label::setLocation):
-        (JSC::Label::bind):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emitBinaryDoubleOp):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jmp):
-        (JSC::JIT::emit_op_loop):
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emitSlow_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emitSlow_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_loop_if_true):
-        (JSC::JIT::emitSlow_op_loop_if_true):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emitSlow_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emitSlow_op_jtrue):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_jsr):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_jmp_scopes):
-
-2009-10-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Migrated some code that didn't belong out of Structure.
-        
-        SunSpider says maybe 1.03x faster.
-
-        * runtime/JSCell.h: Nixed Structure::markAggregate, and made marking of
-        a Structure's prototype the direct responsility of the object using it.
-        (Giving Structure a mark function was misleading because it implied that
-        all live structures get marked during GC, when they don't.)
-        
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::markChildren): Added code to mark prototypes stored
-        on the global object. Maybe this wasn't necessary, but now we don't have
-        to wonder.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::getEnumerableNamesFromClassInfoTable):
-        * runtime/JSObject.h:
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/PropertyNameArray.h:
-        * runtime/Structure.cpp:
-        * runtime/Structure.h:
-        (JSC::Structure::setEnumerationCache):
-        (JSC::Structure::enumerationCache): Moved property name gathering code
-        from Structure to JSObject because having a Structure iterate its JSObject
-        was a layering violation. A JSObject is implemented using a Structure; not
-        the other way around.
-
-2009-10-09  Mark Rowe  <mrowe@apple.com>
-
-        Attempt to fix the GTK release build.
-
-        * GNUmakefile.am: Include Grammar.cpp in release builds now that
-        AllInOneFile.cpp is gone.
-
-2009-10-09  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Rubber-stamped by Eric Seidel.
-
-        Add ARM JIT support for Gtk port (disabled by default)
-        https://bugs.webkit.org/show_bug.cgi?id=30228
-
-        * GNUmakefile.am:
-
-2009-10-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Tiger build fix: added a few more variable initializations.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncSearch):
-
-2009-10-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Qt build fix: added missing #include.
-
-        * jsc.cpp:
-
-2009-10-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Tiger build fix: initialize variable whose initialization the compiler
-        can't otherwise figure out.
-
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-
-2009-10-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: updated exports.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-10-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Tiger build fix: fixed file name case.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-10-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        At long last, I pronounce the death of AllInOneFile.cpp.
-        
-        SunSpider reports a 1.01x speedup.
-
-        * AllInOneFile.cpp: Removed.
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added missing project files
-        to compilation stages.
-
-        * parser/Grammar.y:
-        * parser/Lexer.cpp:
-        * parser/Lexer.h:
-        (JSC::jscyylex):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/Collector.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::operator new):
-        * runtime/JSCell.h:
-        (JSC::JSCell::operator new):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::operator new):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::operator new):
-        * runtime/JSString.cpp:
-        * runtime/JSString.h:
-        (JSC::jsString):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString):
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructorPrivate::RegExpConstructorPrivate):
-        (JSC::RegExpConstructorPrivate::lastOvector):
-        (JSC::RegExpConstructorPrivate::tempOvector):
-        (JSC::RegExpConstructorPrivate::changeLastOvector):
-        (JSC::RegExpConstructor::performMatch):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        * yarr/RegexJIT.cpp:
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::executeRegex): Inlined a few things that Shark said
-        were hot, on the presumption that AllInOneFile.cpp used to inline them
-        automatically.
-
-2009-10-08  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix for JIT'ed op_call instructions (evals, constructs, etc.)
-        when !ENABLE(JIT_OPTIMIZE_CALL) && USE(JSVALUE32_64)
-
-        https://bugs.webkit.org/show_bug.cgi?id=30201
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-
-2009-10-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: removed no longer exported symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-10-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed <rdar://problem/5751979> Database code takes JSLock on secondary
-        thread, permanently slowing down JavaScript
-        
-        Removed the optional lock from Heap::protect, Heap::unprotect, and friends,
-        since WebCore no longer uses it.
-
-        * JavaScriptCore.exp:
-        * runtime/Collector.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::protectedGlobalObjectCount):
-        (JSC::Heap::protectedObjectCount):
-        (JSC::Heap::protectedObjectTypeCounts):
-        * runtime/Collector.h:
-
-2009-10-07  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's IdentifierArena
-        https://bugs.webkit.org/show_bug.cgi?id=30158
-
-        Inherits IdentifierArena class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/parser/ParserArena.cpp:36.
-
-        * parser/ParserArena.h:
-
-2009-10-07  Adam Roben  <aroben@apple.com>
-
-        Export DateInstance::info in a way that works on Windows
-
-        Fixes <http://webkit.org/b/30171>
-        fast/dom/Window/window-postmessage-clone.html fails on Windows
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        Removed the export of DateInstance::info from here.
-
-        * runtime/DateInstance.h: Use JS_EXPORTDATA to export
-        DateInstance::info, which is the required way of exporting data on
-        Windows.
-
-2009-10-07  Jørgen Lind  <jorgen.lind@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        When enabling or disabling the JIT through .qmake.cache, make sure
-        to also toggle ENABLE_YARR_JIT.
-
-        * JavaScriptCore.pri:
-
-2009-10-06  Priit Laes  <plaes@plaes.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Linking fails with "relocation R_X86_64_PC32 against symbol
-        `cti_vm_throw'"
-        https://bugs.webkit.org/show_bug.cgi?id=28422
-
-        * jit/JITStubs.cpp:
-        Mark cti_vm_throw symbol as PLT-indirect symbol, so it doesn't end up
-        in text segment causing relocation errors on amd64 architecture.
-        Introduced new define SYMBOL_STRING_RELOCATION for such symbols.
-
-2009-10-06  Oliver Hunt  <oliver@apple.com>
-
-        Windows linking fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-10-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (build fix).
-
-        Windows build fix.
-
-        * runtime/DateInstance.cpp:
-
-2009-10-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        It should be possible to post (clone) built-in JS objects to Workers
-        https://bugs.webkit.org/show_bug.cgi?id=22878
-
-        Expose helpers to throw correct exceptions during object graph walk
-        used for cloning and add a helper function to create Date instances
-        without going through the JS Date constructor function.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createTypeError):
-        * runtime/ExceptionHelpers.h:
-
-2009-10-06  David Levin  <levin@chromium.org>
-
-        Reviewed by Oliver Hunt.
-
-        StringImpl needs a method to get an instance for another thread which doesn't copy the underlying buffer.
-        https://bugs.webkit.org/show_bug.cgi?id=30095
-
-        * wtf/CrossThreadRefCounted.h:
-        Removed an unused function and assert improvement.
-        (WTF::CrossThreadRefCounted::isOwnedByCurrentThread): Moved out common code from asserts.
-        (WTF::CrossThreadRefCounted::ref): Changed assert to use the common method.
-        (WTF::CrossThreadRefCounted::deref): Changed assert to use the common method.
-        (WTF::CrossThreadRefCounted::crossThreadCopy): Since this includes a potentially
-        non-threadsafe operation, add an assert that the class is owned by the current thread.
-
-2009-10-05  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Add Symbian files to the list of excludes.
-
-        * wscript:
-
-2009-10-05  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Remove precompiled header from JavaScriptCore compilation to
-        prevent qmake warning during autonomous compilation.
-        https://bugs.webkit.org/show_bug.cgi?id=30069
-
-        * JavaScriptCore.pro:
-
-2009-10-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Removed the concept of a "fast access cutoff" in arrays, because it
-        punished some patterns of array access too much, and made things too
-        complex for inlining in some cases.
-        
-        1.3% speedup on SunSpider.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        (JSC::): Check m_vectorLength instead of m_fastAccessCutoff when
-        getting / putting from / to an array. Inline putting past the end of
-        the array.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (JSC::JSArray::canGetIndex):
-        (JSC::JSArray::canSetIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::markChildrenDirect): Removed m_fastAccessCutoff, and
-        replaced with checks for JSValue() to detect reads and writes from / to
-        uninitialized parts of the array.
-
-2009-10-02  Jonni Rainisto  <jonni.rainisto@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Math.random() gives too low values on Win32 when _CRT_RAND_S is not defined
-        https://bugs.webkit.org/show_bug.cgi?id=29956
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber): Added PLATFORM(WIN_OS) to handle 15bit rand()
-
-2009-10-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Take one branch instead of two to test for JSValue().
-        
-        1.1% SunSpider speedup.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_create_arguments):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val): Test for the empty value tag, instead
-        of testing for the cell tag with a 0 payload.
-
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description): Added support for dumping the new empty value,
-        and deleted values, in debug builds.
-
-        * runtime/JSValue.h:
-        (JSC::JSValue::JSValue()): Construct JSValue() with the empty value tag.
-
-        (JSC::JSValue::JSValue(JSCell*)): Convert null pointer to the empty value
-        tag, to avoid having two different c++ versions of null / empty.
-
-        (JSC::JSValue::operator bool): Test for the empty value tag, instead
-        of testing for the cell tag with a 0 payload.
-
-2009-10-02  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=29989>
-        Safari version number shouldn't be exposed in WebKit code
-        
-        For a WebKit version of 532.3.4:
-        Product version is: 5.32.3.4 (was 4.0.3.0)
-        File version is: 5.32.3.4 (was 4.532.3.4)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc:
-
-2009-10-02  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Rubber-stamped by Simon Hausmann.
-
-        Fix the Qt on Mac OS X build.
-
-        * wtf/FastMalloc.cpp:
-
-2009-10-02  Jørgen Lind  <jorgen.lind@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Allow enabling and disabling of the JIT through a qmake variable.
-
-        Qt's configure may set this variable through .qmake.cache if a
-        commandline option is given and/or the compile test for hwcap.h
-        failed/succeeded.
-
-        * JavaScriptCore.pri:
-
-2009-10-01  Mark Rowe  <mrowe@apple.com>
-
-        Fix the Tiger build.  Don't unconditionally enable 3D canvas as it is not supported on Tiger.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-10-01  Yongjun Zhang  <yongjun.zhang@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29187
-
-        Don't inline ~ListRefPtr() to work around winscw compiler forward declaration
-        bug regarding templated classes.
-
-        The compiler bug is reported at:
-        https://xdabug001.ext.nokia.com/bugzilla/show_bug.cgi?id=9812
-
-        The change will be reverted when the above bug is fixed in winscw compiler.
-
-        * wtf/ListRefPtr.h:
-        (WTF::::~ListRefPtr):
-
-2009-10-01  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Allow custom memory allocation control for the whole JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=27029
-
-        Since in JavaScriptCore almost every class which has been instantiated by operator new is
-        inherited from FastAllocBase (bug #20422), we disable customizing global operator new for the Qt-port
-        when USE_SYSTEM_MALLOC=0.
-
-        Add #include <unistd.h> to FastMalloc.cpp because it's used by TCMalloc_PageHeap::scavengerThread().
-        (It's needed for the functionality of TCmalloc.)
-
-        Add TCSystemAlloc.cpp to JavaScriptCore.pri if USE_SYSTEM_MALLOC is disabled.
-
-        * JavaScriptCore.pri:
-        * wtf/FastMalloc.cpp:
-        (WTF::sleep):
-        * wtf/FastMalloc.h:
-
-2009-09-30  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by George Staikos.
-
-        Defines two pseudo-platforms for ARM and Thumb-2 instruction set.
-        https://bugs.webkit.org/show_bug.cgi?id=29122
-
-        Introduces WTF_PLATFORM_ARM_TRADITIONAL and WTF_PLATFORM_ARM_THUMB2
-        macros on ARM platforms. The PLATFORM(ARM_THUMB2) should be used
-        when Thumb-2 instruction set is the required target. The
-        PLATFORM(ARM_TRADITIONAL) is for generic ARM instruction set. In
-        case where the code is common the PLATFORM(ARM) have to be used.
-
-        Modified by George Wright  <gwright@rim.com> to correctly work
-        with the RVCT-defined __TARGET_ARCH_ARM and __TARGET_ARCH_THUMB
-        compiler macros, as well as adding readability changes.
-
-        * wtf/Platform.h:
-
-2009-09-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Devirtualise array toString conversion
-
-        Tweak the implementation of Array.prototype.toString to have a fast path
-        when acting on a true JSArray.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-
-2009-09-30  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        Buildfix for platforms using JSVALUE32.
-        https://bugs.webkit.org/show_bug.cgi?id=29915
-
-        After http://trac.webkit.org/changeset/48905 the build broke in JSVALUE32 case.
-        Also removed unreachable code.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_add):
-         - Declaration of "OperandTypes types" moved before first use.
-         - Typos fixed: dst modified to result, regT2 added.
-         - Unreachable code removed.
-        (JSC::JIT::emitSlow_op_add):
-         - Missing declaration of "OperandTypes types" added.
-
-2009-09-30  Janne Koskinen  <janne.p.koskinen@digia.com> 
-
-        Reviewed by Simon Hausmann.
-
-        Reduce heap size on Symbian from 64MB to 8MB.
-
-        This is not a perfect fix, it requires more fine tuning.
-        But this makes it possible again to debug in the emulator,
-        which is more important in order to be able to fix other
-        run-time issues.
-
-        * runtime/Collector.h:
-
-2009-09-30  Janne Koskinen  <janne.p.koskinen@digia.com> 
-
-        Reviewed by Simon Hausmann.
-
-        Fix CRASH() macro for Symbian build.
-
-        * wtf/Assertions.h: Added missing }
-
-2009-09-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Inlined a few math operations.
-        
-        ~1% SunSpider speedup.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSlow_op_sub): Don't take a stub call when operating on
-        a constant int and a double.
-
-2009-09-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Tidy up codeblock sampler
-        https://bugs.webkit.org/show_bug.cgi?id=29836
-
-        Some rather simple refactoring of codeblock sampler so that
-        it's easier for us to use it to find problems in non-jsc
-        environments
-
-        * JavaScriptCore.exp:
-        * bytecode/SamplingTool.h:
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::enableSampler):
-        (JSC::Interpreter::dumpSampleData):
-        (JSC::Interpreter::startSampling):
-        (JSC::Interpreter::stopSampling):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::sampler):
-        * jit/JIT.h:
-        * jsc.cpp:
-        (runWithScripts):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::create):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::startSampling):
-        (JSC::JSGlobalData::stopSampling):
-        (JSC::JSGlobalData::dumpSampleData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-
-2009-09-29  Jeremy Orlow  <jorlow@chromium.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add GYP generated files to svn:ignore
-        https://bugs.webkit.org/show_bug.cgi?id=29895
-
-        The following files are generated by JavaScriptCore's GYP file and should be ignored:
-
-        pcre.mk
-        wtf.scons
-        wtf.mk
-        SConstruct
-        wtf_config.scons
-        wtf_config.mk
-        pcre.scons
-
-        * JavaScriptCore.gyp: Changed property svn:ignore.
-
-2009-09-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Standardized an optimization for adding non-numbers.
-        
-        SunSpider says maybe a tiny speedup.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitSlow_op_add):
-
-2009-09-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: export a new symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Removed virtual destructor from JSGlobalObjectData to eliminate pointer
-        fix-ups when accessing JSGlobalObject::d.
-        
-        Replaced with an explicit destructor function pointer.
-        
-        6% speedup on bench-alloc-nonretained.js.
-
-        * JavaScriptCore.exp:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::destroyJSGlobalObjectData):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::JSGlobalObject):
-
-2009-09-29  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by David Kilzer.
-
-        [Qt] Assert messages prints visible in Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=29808
-
-        Asserts use vprintf to print the messages to stderr.
-        In Symbian Open C it is not possible to see stderr so
-        I routed the messages to stdout instead.
-
-        * wtf/Assertions.cpp:
-
-2009-09-29  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Darin Adler.
-
-        [Qt] Symbian CRASH macro implementation
-
-        Added Symbian specific crash macro that
-        stops to crash line if JIT debugging is used.
-        Additional differentiation of access violation
-        (KERN-EXEC 3) and CRASH panic.
-
-        * wtf/Assertions.h:
-
-2009-09-28  Mark Rowe  <mrowe@apple.com>
-
-        Fix the PowerPC build.
-
-        * JavaScriptCore.exp:
-
-2009-09-28  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/7195704> JavaScriptCore fails to mark registers when built for x86_64 using LLVM GCC.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::markCurrentThreadConservatively): Force jmp_buf to use the appropriate alignment for a pointer
-        to ensure that we correctly interpret the contents of registers during marking.
-
-2009-09-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: added new exports.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: removed exports that no longer exist.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        NotNullPassRefPtr: smart pointer optimized for passing references that are not null
-        https://bugs.webkit.org/show_bug.cgi?id=29822
-        
-        Added NotNullPassRefPtr, and deployed it in all places that initialize
-        JavaScript objects.
-        
-        2.2% speedup on bench-allocate-nonretained.js.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::JSCallbackObject::JSCallbackObject):
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addFunctionDecl):
-        (JSC::CodeBlock::addFunctionExpr):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/BooleanObject.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateConstructor.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/DatePrototype.h:
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorInstance.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/FunctionPrototype.h:
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        * runtime/GlobalEvalFunction.h:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSByteArray.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::JSONObject):
-        * runtime/JSObject.h:
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::setStructure):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/MathObject.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        * runtime/NumberObject.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArrayData::setCachedPrototypeChain):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PrototypeFunction.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-        * wtf/PassRefPtr.h:
-        (WTF::NotNullPassRefPtr::NotNullPassRefPtr):
-        (WTF::NotNullPassRefPtr::~NotNullPassRefPtr):
-        (WTF::NotNullPassRefPtr::get):
-        (WTF::NotNullPassRefPtr::clear):
-        (WTF::NotNullPassRefPtr::releaseRef):
-        (WTF::NotNullPassRefPtr::operator*):
-        (WTF::NotNullPassRefPtr::operator->):
-        (WTF::NotNullPassRefPtr::operator!):
-        (WTF::NotNullPassRefPtr::operator UnspecifiedBoolType):
-        * wtf/RefPtr.h:
-        (WTF::RefPtr::RefPtr):
-        (WTF::operator==):
-
-2009-09-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Hard dependency on SSE2 instruction set with JIT
-        https://bugs.webkit.org/show_bug.cgi?id=29779
-
-        Add floating point support checks to op_jfalse and op_jtrue, and
-        fix the logic for the slow case of op_add
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_add):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-
-2009-09-28  Yaar Schnitman  <yaar@chromium.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Chromium port - recognize we are being built independently
-        of chromium and look for dependencies under webkit/chromium rather
-        than chromium/src.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29722
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2009-09-28  Jakub Wieczorek  <faw217@gmail.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Implement XSLT support with QtXmlPatterns.
-        https://bugs.webkit.org/show_bug.cgi?id=28303
-
-        * wtf/Platform.h: Add a WTF_USE_QXMLQUERY #define.
-
-2009-09-28  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        Remove __clear_cache which is an internal function of GCC
-        https://bugs.webkit.org/show_bug.cgi?id=28886
-
-        Although __clear_cache is exported from GCC, this is an internal
-        function. GCC makes no promises about it.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2009-09-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Fix an absolute path to somewhere in Oliver's machine to a relative path
-        for derived JSONObject.lut.h.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-09-28  Joerg Bornemann  <joerg.bornemann@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Add ARM version detection for Windows CE.
-
-        * wtf/Platform.h:
-
-2009-09-26  Yongjun Zhang  <yongjun.zhang@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Add MarkStackSymbian.cpp to build JavascriptCore for Symbian.
-
-        Re-use Windows shrinkAllocation implementation because Symbian doesn't
-        support releasing part of memory region.
-        
-        Use fastMalloc and fastFree to implement allocateStack and releaseStack
-        for Symbian port.
-
-        * JavaScriptCore.pri:
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
-        * runtime/MarkStackSymbian.cpp: Added.
-        (JSC::MarkStack::initializePagesize):
-        (JSC::MarkStack::allocateStack):
-        (JSC::MarkStack::releaseStack):
-
-2009-09-25  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix unaligned data access in YARR_JIT on ARMv5 and below.
-        https://bugs.webkit.org/show_bug.cgi?id=29695
-
-        On ARMv5 and below all data access should be naturally aligned.
-        In the YARR_JIT there is a case when character pairs are
-        loaded from the input string, but this data access is not
-        naturally aligned. This fix introduces load32WithUnalignedHalfWords
-        and branch32WithUnalignedHalfWords functions which contain
-        naturally aligned memory loads - half word loads - on ARMv5 and below.
-
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARMv7::branch32):
-        (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::load32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
-        * wtf/Platform.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterPair):
-
-2009-09-25  Jeremy Orlow  <jorlow@chromium.org>
-
-        This is breaking Chromium try bots, so I'm counting this as a build fix.
-
-        Add more svn:ignore exceptions.  On different platforms, these files are
-        generated with different case for JavaScriptCore.  Also there are some
-        wtf project files that get built apparently.
-
-        * JavaScriptCore.gyp: Changed property svn:ignore.
-
-2009-09-25  Ada Chan  <adachan@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Inlined some object creation code, including lexicalGlobalObject access
-        https://bugs.webkit.org/show_bug.cgi?id=29750
-        
-        SunSpider says 0.5% faster.
-        
-        0.8% speedup on bench-alloc-nonretained.js.
-        2.5% speedup on v8-splay.js.
-
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::lexicalGlobalObject):
-        (JSC::ExecState::globalThisValue):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        (JSC::ScopeChainNode::push):
-        (JSC::ScopeChain::ScopeChain):
-        (JSC::ScopeChain::globalObject): Added a globalObject data member to ScopeChainNode.
-        Replaced accessor function for globalObject() with data member. Replaced
-        globalThisObject() accessor with direct access to globalThis, to match.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        * runtime/JSGlobalObject.h: Inlined array and object construction.
-
-2009-09-25  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add ARM version detection rules for Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=29715
-
-        * wtf/Platform.h:
-
-2009-09-24  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Mark "Do It!" Rowe.
-
-        Some GCC versions don't like C++-style comments in preprocessor
-        directives, change to C-style to shut them up.
-
-        * wtf/Platform.h:
-
-2009-09-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Division is needlessly slow in 64-bit
-        https://bugs.webkit.org/show_bug.cgi?id=29723
-
-        Add codegen for op_div on x86-64
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::emitSlow_op_div):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::isOperandConstantImmediateDouble):
-        (JSC::JIT::addressFor):
-        (JSC::JIT::emitLoadDouble):
-        (JSC::JIT::emitLoadInt32ToDouble):
-        (JSC::JIT::emitJumpSlowCaseIfNotImmediateNumber):
-
-2009-09-24  Jeremy Orlow  <jorlow@chromium.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add GYP generated files to svn:ignore
-        https://bugs.webkit.org/show_bug.cgi?id=29724
-
-        Adding the following files to the svn:ignore list (all in the
-        JavaScriptCore/JavaScriptCore.gyp directory)
-
-        JavaScriptCore.xcodeproj
-        JavaScriptCore.sln
-        JavaScriptCore.vcproj
-        JavaScriptCore_Debug.rules
-        JavaScriptCore_Release.rules
-        JavaScriptCore_Release - no tcmalloc.rules
-        JavaScriptCore_Purify.rules
-        JavaScriptCore.mk
-        JavaScriptCore_Debug_rules.mk
-        JavaScriptCore_Release_rules.mk
-        JavaScriptCore_Release - no tcmalloc_rules.mk
-        JavaScriptCore_Purify_rules.mk
-        JavaScriptCore.scons
-        JavaScriptCore_main.scons
-
-        * JavaScriptCore.gyp: Changed property svn:ignore.
-
-2009-09-24  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by Adam Barth.
-
-        Replace platform-dependent code with WTF::currentTime()
-        https://bugs.webkit.org/show_bug.cgi?id=29148
-
-        * jsc.cpp:
-        (StopWatch::start):
-        (StopWatch::stop):
-        (StopWatch::getElapsedMS):
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-
-2009-09-24  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/7215058> FastMalloc scavenging thread should be named
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavengerThread): Set the thread name.
-        * wtf/Platform.h: Move the knowledge of whether pthread_setname_np exists to here as HAVE(PTHREAD_SETNAME_NP).
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::setThreadNameInternal): Use HAVE(PTHREAD_SETNAME_NP).
-
-2009-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Renamed clear to removeAll, as suggested by Darin Adler.
-
-        * wtf/HashCountedSet.h:
-        (WTF::::removeAll):
-
-2009-09-24  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix FastMalloc to build with assertions enabled.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_Central_FreeList::ReleaseToSpans):
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::IsHeld):
-
-2009-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Suggested by Darin Adler.
-
-        Removed some unnecessary parameter names.
-
-        * wtf/HashCountedSet.h:
-
-2009-09-24  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Simon Hausmann.
-
-        On Windows JSChar is typedef'ed to wchar_t.
-
-        When building with WINSCW for Symbian we need to do the
-        same typedef.
-
-        * API/JSStringRef.h:
-
-2009-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        A piece of my last patch that I forgot.
-
-        * wtf/HashCountedSet.h:
-        (WTF::::clear): Added HashCountedSet::clear.
-
-2009-09-24  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Avoid __clear_cache built-in function if DISABLE_BUILTIN_CLEAR_CACHE define is set
-        https://bugs.webkit.org/show_bug.cgi?id=28886
-
-        There are some GCC packages (for example GCC-2006q3 from CodeSourcery)
-        which contain __clear_cache built-in function only for C while the C++
-        version of __clear_cache is missing on ARM architectures.
-
-        Fixed a small bug in the inline assembly of cacheFlush function on
-        ARM_TRADITIONAL.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2009-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Added the ability to swap vectors with inline capacities, so you can
-        store a vector with inline capacity in a hash table.
-
-        * wtf/Vector.h:
-        (WTF::swap):
-        (WTF::VectorBuffer::swap):
-
-2009-09-23  David Kilzer  <ddkilzer@apple.com>
-
-        Move definition of USE(PLUGIN_HOST_PROCESS) from WebKitPrefix.h to Platform.h
-
-        Reviewed by Mark Rowe.
-
-        * wtf/Platform.h: Define WTF_USE_PLUGIN_HOST_PROCESS to 1 when
-        building on 64-bit SnowLeopard.  Define to 0 elsewhere.
-
-2009-09-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Code sampling builds are broken.
-        https://bugs.webkit.org/show_bug.cgi?id=29662
-
-        Fix build.
-
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecode/SamplingTool.cpp:
-        (JSC::ScriptSampleRecord::sample):
-        (JSC::SamplingTool::doRun):
-        (JSC::SamplingTool::notifyOfScope):
-        (JSC::compareScriptSampleRecords):
-        (JSC::SamplingTool::dump):
-        * bytecode/SamplingTool.h:
-        (JSC::ScriptSampleRecord::ScriptSampleRecord):
-        (JSC::ScriptSampleRecord::~ScriptSampleRecord):
-        (JSC::SamplingTool::SamplingTool):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitNewFunctionExpression):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::makeFunction):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::EvalExecutable::create):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::create):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-
-2009-09-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        * wtf/Forward.h: Added PassOwnPtr.
-
-2009-09-22  Yaar Schnitman  <yaar@chromium.org>
-
-        Reviewed by David Levin.
-
-        Ported chromium.org's javascriptcore.gyp for the webkit chromium port.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29617
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: Added.
-
-2009-09-22  Thiago Macieira  <thiago.macieira@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix compilation with WINSCW: no varargs macros
-
-        Disable variadic arguments for WINSCW just like we do
-        for MSVC7.
-
-        * wtf/Assertions.h:
-
-2009-09-22  Kent Hansen  <khansen@trolltech.com>
-
-        Reviewed by Simon Hausmann.
-
-        Disable variadic macros on MSVC7.
-
-        This was originally added in r26589 but not extended
-        when LOG_DISABLED/ASSERT_DISABLED was introduced.
-
-        * wtf/Assertions.h:
-
-2009-09-22  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed build fix for Windows CE < 5
-
-        Define WINCEBASIC to disable the IsDebuggerPresent() code in
-        wtf/Assertions.cpp.
-
-        * JavaScriptCore.pri:
-
-2009-09-22  Joerg Bornemann  <joerg.bornemann@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix major memory leak in JavaScriptCore RegisterFile on Windows CE
-
-        https://bugs.webkit.org/show_bug.cgi?id=29367
-
-        On Widows CE we must decommit all committed pages before we release
-        them. See VirtualFree documentation.
-        Desktop Windows behaves much smoother in this situation.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::~RegisterFile):
-
-2009-09-21  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Simon Fraser & Sam Weinig.
-
-        Add ENABLE(ORIENTATION_EVENTS)
-        https://bugs.webkit.org/show_bug.cgi?id=29508
-
-        * wtf/Platform.h: Also sort PLATFORM(IPHONE) #defines.
-
-2009-09-21  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Fix] SourceCode's uninitialized member
-        
-        Potential source of crashes and bugs was fixed. Default constructor
-        didn't initialized m_provider member.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29364
-
-        * parser/SourceCode.h:
-        (JSC::SourceCode::SourceCode):
-
-2009-09-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        REGRESSION (r48582): Crash in StructureStubInfo::initPutByIdTransition when reloading trac.webkit.org
-        https://bugs.webkit.org/show_bug.cgi?id=29599
-
-        It is unsafe to attempt to cache new property transitions on
-        dictionaries of any type.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-
-2009-09-21  Oliver Hunt  <oliver@apple.com>
-
-        RS=Maciej Stachowiak.
-
-        Re-land SNES fix with corrected assertion.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::removeDirect):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::getEnumerablePropertyNames):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::toCacheableDictionaryTransition):
-        (JSC::Structure::toUncacheableDictionaryTransition):
-        (JSC::Structure::fromDictionaryTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::isDictionary):
-        (JSC::Structure::isUncacheableDictionary):
-        (JSC::Structure::):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::isCacheable):
-
-2009-09-21  Adam Roben  <aroben@apple.com>
-
-        Revert r48573, as it caused many assertion failures
-
-        * interpreter/Interpreter.cpp:
-        * jit/JITStubs.cpp:
-        * runtime/BatchedTransitionOptimizer.h:
-        * runtime/JSObject.cpp:
-        * runtime/Structure.cpp:
-        * runtime/Structure.h:
-        * runtime/StructureChain.cpp:
-
-2009-09-21  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Unreviewed make dist build fix. Missing files.
-
-        * GNUmakefile.am:
-
-2009-09-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam 'Cabin Boy' Weinig.
-
-        Fix stack alignment with ARM THUMB2 JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=29526
-        
-        Stack is currently being decremented by 0x3c, bump this to 0x40 to make this a
-        multiple of 16 bytes.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-
-2009-09-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        SNES is too slow
-        https://bugs.webkit.org/show_bug.cgi?id=29534
-
-        The problem was that the emulator used multiple classes with
-        more properties than our dictionary cutoff allowed, this resulted
-        in more or less all critical logic inside the emulator requiring
-        uncached property access.
-
-        Rather than simply bumping the dictionary cutoff, this patch
-        recognises that there are two ways to create a "dictionary"
-        structure.  Either by adding a large number of properties, or
-        by removing a property.  In the case of adding properties we
-        know all the existing properties will maintain their existing
-        offsets, so we could cache access to those properties, if we
-        know they won't be removed.
-
-        To make this possible, this patch adds the logic required to
-        distinguish a dictionary created by addition from one created
-        by removal.  With this logic in place we can now cache access
-        to objects with large numbers of properties.
-
-        SNES performance improved by more than 6x.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::removeDirect):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::getEnumerablePropertyNames):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::toCacheableDictionaryTransition):
-        (JSC::Structure::toUncacheableDictionaryTransition):
-        (JSC::Structure::fromDictionaryTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::isDictionary):
-        (JSC::Structure::isUncacheableDictionary):
-        (JSC::Structure::):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::isCacheable):
-
-2009-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Implement ES5 Object.create function
-        https://bugs.webkit.org/show_bug.cgi?id=29524
-
-        Implement Object.create.  Very simple patch, effectively Object.defineProperties
-        only creating the target object itself.
-
-        * runtime/CommonIdentifiers.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorCreate):
-
-2009-09-19  Dan Bernstein  <mitz@apple.com>
-
-        Fix clean debug builds.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-19  Joerg Bornemann  <joerg.bornemann@nokia.com>
-
-        Reviewed by George Staikos.
-
-        QtWebKit Windows CE compile fix
-
-        https://bugs.webkit.org/show_bug.cgi?id=29379
-
-        There is no _aligned_alloc or _aligned_free on Windows CE.
-        We just use the Windows code that was there before and use VirtualAlloc.
-        But that also means that the BLOCK_SIZE must be 64K as this function
-        allocates on 64K boundaries.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlock):
-        * runtime/Collector.h:
-
-2009-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Implement ES5 Object.defineProperties function
-        https://bugs.webkit.org/show_bug.cgi?id=29522
-
-        Implement Object.defineProperties.  Fairly simple patch, simply makes use of
-        existing functionality used for defineProperty.
-
-        * runtime/CommonIdentifiers.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::defineProperties):
-        (JSC::objectConstructorDefineProperties):
-
-2009-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Windows build fix part2
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Buildfix).
-
-        Windows build fix part 1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Implement ES5 Object.defineProperty function
-        https://bugs.webkit.org/show_bug.cgi?id=29503
-
-        Implement Object.defineProperty.  This requires adding the API to
-        ObjectConstructor, along with a helper function that implements the
-        ES5 internal [[ToPropertyDescriptor]] function.  It then adds
-        JSObject::defineOwnProperty that implements the appropriate ES5 semantics.
-        Currently defineOwnProperty uses a delete followed by a put to redefine
-        attributes of a property, clearly this is less efficient than it could be
-        but we can improve this if it needs to be possible in future.
-
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::defineGetter):
-        (JSC::DebuggerActivation::defineSetter):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-          Update defineGetter/Setter calls
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::defineGetter):
-        (JSC::JSGlobalObject::defineSetter):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        (JSC::toPropertyDescriptor):
-        (JSC::objectConstructorDefineProperty):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::writable):
-        (JSC::PropertyDescriptor::enumerable):
-        (JSC::PropertyDescriptor::configurable):
-        (JSC::PropertyDescriptor::isDataDescriptor):
-        (JSC::PropertyDescriptor::isGenericDescriptor):
-        (JSC::PropertyDescriptor::isAccessorDescriptor):
-        (JSC::PropertyDescriptor::getter):
-        (JSC::PropertyDescriptor::setter):
-        (JSC::PropertyDescriptor::setDescriptor):
-        (JSC::PropertyDescriptor::setAccessorDescriptor):
-        (JSC::PropertyDescriptor::setWritable):
-        (JSC::PropertyDescriptor::setEnumerable):
-        (JSC::PropertyDescriptor::setConfigurable):
-        (JSC::PropertyDescriptor::setSetter):
-        (JSC::PropertyDescriptor::setGetter):
-        (JSC::PropertyDescriptor::equalTo):
-        (JSC::PropertyDescriptor::attributesEqual):
-        (JSC::PropertyDescriptor::attributesWithOverride):
-        * runtime/PropertyDescriptor.h:
-        (JSC::PropertyDescriptor::PropertyDescriptor):
-        (JSC::PropertyDescriptor::value):
-        (JSC::PropertyDescriptor::setValue):
-        (JSC::PropertyDescriptor::isEmpty):
-        (JSC::PropertyDescriptor::writablePresent):
-        (JSC::PropertyDescriptor::enumerablePresent):
-        (JSC::PropertyDescriptor::configurablePresent):
-        (JSC::PropertyDescriptor::setterPresent):
-        (JSC::PropertyDescriptor::getterPresent):
-        (JSC::PropertyDescriptor::operator==):
-        (JSC::PropertyDescriptor::):
-
-2009-09-18  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Build fix to enable ARM_THUMB2 on Linux
-        https://bugs.webkit.org/show_bug.cgi?id=
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/JITStubs.cpp:
-        * wtf/Platform.h:
-
-2009-09-18  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Defines two pseudo-platforms for ARM and Thumb-2 instruction set.
-        https://bugs.webkit.org/show_bug.cgi?id=29122
-
-        Introduces WTF_PLATFORM_ARM_TRADITIONAL and WTF_PLATFORM_ARM_THUMB2
-        macros on ARM platforms. The PLATFORM(ARM_THUMB2) should be used
-        when Thumb-2 instruction set is the required target. The
-        PLATFORM(ARM_TRADITIONAL) is for generic ARM instruction set. In
-        case where the code is common the PLATFORM(ARM) have to be used.
-
-        * assembler/ARMAssembler.cpp:
-        * assembler/ARMAssembler.h:
-        * assembler/ARMv7Assembler.h:
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerARM.cpp:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
-        * jit/ExecutableAllocator.h:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::beginUninterruptedSequence):
-        (JSC::JIT::preserveReturnAddressAfterCall):
-        (JSC::JIT::restoreReturnAddressBeforeReturn):
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        * jit/JITOpcodes.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-        * wtf/Platform.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter):
-
-2009-09-18  Joerg Bornemann  <joerg.bornemann@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix the Qt/Windows CE build.
-
-        * JavaScriptCore.pri: Build the ce_time.cpp functions from
-        within Qt externally.
-        * wtf/DateMath.cpp: Removed unnecessary Qt #ifdef, for the
-        Qt build these functions are no external, too.
-
-2009-09-17  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Symbian/WINSCW build fox.
-
-        Repeat Q_OS_WIN wchar_t hack for WINSCW, similar to
-        revision 24774.
-
-        WINSCW defines wchar_t, thus UChar has to be wchar_t
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2009-09-17  Janne Koskinen  <janne.p.koskinen@digia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Symbian/WINSCW build fix.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29186
-
-        WINSCW Template specialisation name in declaration must the be the same as in implementation.
-
-        * runtime/LiteralParser.h:
-
-2009-09-15  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27060
-
-        Symbian compiler for emulator target (WINSCW) fails with
-        "illegal operand" for m_attributesInPrevious in structure.ccp
-        (when calling make_pair functions).
-        This error is apparently due to the compiler not properly
-        resolving the unsigned type of the declared bitfield.
-
-        Initial patch explicitly casted m_attributesInPrevious
-        to unsigned, but since bitfield optimization is not critical for
-        the emulator target, this conditional change in header file
-        appears to be least intrusive.
-
-        * runtime/Structure.h:
-
-2009-09-16  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Fix GCC warnings on ARM_THUMB2 platform
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMThumbImmediate::countLeadingZerosPartial):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
-
-2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Add ENABLE(INSPECTOR)
-        https://bugs.webkit.org/show_bug.cgi?id=29260
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h:
-
-2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Add ENABLE(CONTEXT_MENUS)
-        https://bugs.webkit.org/show_bug.cgi?id=29225
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h:
-
-2009-09-16  Benjamin C Meyer  <benjamin.meyer@torchmobile.com>
-
-        Reviewed by Eric Seidel.
-
-        The webkit stdint and stdbool headers exists because
-        the compiler MSVC doesn't include them.  The check
-        should not check for PLATFORM(WIN_OS) but for MSVC.
-
-        * os-win32/stdbool.h:
-        * os-win32/stdint.h:
-
-2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Add ENABLE(DRAG_SUPPORT)
-        https://bugs.webkit.org/show_bug.cgi?id=29233
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h:
-
-2009-09-16  Kevin Ollivier  <kevino@theolliviers.com>
-
-        waf build fix after flag was moved to correct place.
-
-        * wscript:
-
-2009-09-16  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Build fix for 64-bit Qt on Mac OS X
-
-        * wtf/Platform.h: Use JSVALUE64 on DARWIN, not only on MAC
-
-2009-09-16  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Fix wtf/ThreadSpecific.h under Qt to free thread local objects.
-        https://bugs.webkit.org/show_bug.cgi?id=29295
-
-        This is an important fix when JavaScript workers are in use, since
-        unfreed ThreadGlobalDatas leak a big amount of memory (50-100k each).
-        QThreadStorage calls the destructor of a given object, which is the
-        ThreadSpecific::Data. Unlike pthread, Qt is object oriented, and does
-        not support the calling of a static utility function when the thread
-        is about to close. In this patch we call the ThreadSpecific::destroy()
-        utility function from the destructor of ThreadSpecific::Data. Moreover,
-        since Qt resets all thread local values to 0 before the calling of the
-        appropriate destructors, we set back the pointer to its original value.
-        This is necessary because the get() method of the ThreadSpecific
-        object may be called during the exuction of the destructor.
-
-        * wtf/ThreadSpecific.h:
-        (WTF::ThreadSpecific::Data::~Data):
-        (WTF::::~ThreadSpecific):
-        (WTF::::set):
-        (WTF::::destroy):
-
-2009-09-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Allow anonymous storage inside JSObject
-        https://bugs.webkit.org/show_bug.cgi?id=29168
-
-        Add the concept of anonymous slots to Structures so that it is
-        possible to store references to values that need marking in the
-        standard JSObject storage buffer.  This allows us to reduce the
-        malloc overhead of some objects (by allowing them to store JS
-        values in the inline storage of the object) and reduce the 
-        dependence of custom mark functions (if all an objects children
-        are in the standard object property storage there's no need to
-        mark them manually).
-
-        * JavaScriptCore.exp:
-        * runtime/JSObject.h:
-        (JSC::JSObject::putAnonymousValue):
-        (JSC::JSObject::getAnonymousValue):
-        (JSC::JSObject::addAnonymousSlots):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/PropertyMapHashTable.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addAnonymousSlotsTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::put):
-        (JSC::Structure::rehashPropertyMapHashTable):
-        * runtime/Structure.h:
-        (JSC::Structure::propertyStorageSize):
-        (JSC::StructureTransitionTable::reifySingleTransition):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::TransitionTable::addSlotTransition):
-        (JSC::StructureTransitionTable::TransitionTable::removeSlotTransition):
-        (JSC::StructureTransitionTable::TransitionTable::getSlotTransition):
-        (JSC::StructureTransitionTable::getAnonymousSlotTransition):
-        (JSC::StructureTransitionTable::addAnonymousSlotTransition):
-        (JSC::StructureTransitionTable::removeAnonymousSlotTransition):
-
-2009-09-15  Alex Milowski  <alex@milowski.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Added the ENABLE_MATHML define to the features
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-09-15 Csaba Osztrogonac <oszi@inf.u-szeged.hu>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Build fix for windows.
-
-        After http://trac.webkit.org/changeset/47795 the MinGW build broke,
-        because MinGW has __mingw_aligned_malloc instead of _aligned_malloc.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocateBlock): MinGW case added.
-        (JSC::Heap::freeBlock): MinGW case added.
-
-2009-09-15  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Build fix for Windows/MinGW
-
-        https://bugs.webkit.org/show_bug.cgi?id=29268
-
-        * wtf/Platform.h: JSVALUE32_64 temporarily disabled on PLATFORM(WIN_OS) with COMPILER(MINGW)
-
-2009-09-14  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Detect VFP at runtime in generic ARM port on Linux platform.
-        https://bugs.webkit.org/show_bug.cgi?id=29076
-
-        * JavaScriptCore.pri:
-        * assembler/MacroAssemblerARM.cpp: Added.
-        (JSC::isVFPPresent):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPoint):
-
-2009-09-14  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Tor Arne Vestbø.
-
-        [Qt] Build fix for windows build.
-
-        * JavaScriptCore.pri: Correct a logic error.
-        * pcre/dftables: Add missing paranthesis for tmpdir function.
-
-2009-09-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Build fix for windows exports (again).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Build fix for windows exports.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Correct fix for non-allinonefile builds
-
-        * runtime/ObjectConstructor.cpp:
-
-2009-09-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Fix non-allinonefile builds
-
-        * runtime/ObjectConstructor.cpp:
-
-2009-09-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        [ES5] Implement Object.keys
-        https://bugs.webkit.org/show_bug.cgi?id=29170
-
-        This patch basically requires two separate steps, the first is to split getPropertyNames
-        into two functions -- getOwnPropertyNames and getPropertyNames, basically making them behave
-        in the same way as getOwnPropertySlot and getPropertySlot.  In essence getOwnPropertyNames
-        produces the list of properties on an object excluding its prototype chain and getPropertyNames
-        just iterates the the object and its prototype chain calling getOwnPropertyNames at each level.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyNames):
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertyNames):
-        * debugger/DebuggerActivation.h:
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertyNames):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertyNames):
-        * runtime/JSByteArray.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertyNames):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertyNames):
-        * runtime/JSObject.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::getOwnPropertyNames):
-        * runtime/JSVariableObject.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorKeys):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertyNames):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertyNames):
-        * runtime/StringObject.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::getOwnEnumerablePropertyNames):
-        (JSC::Structure::getEnumerablePropertyNames):
-        * runtime/Structure.h:
-
-2009-09-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        getPropertyNames caching is invalid when the prototype chain contains objects with custom getPropertyNames
-        https://bugs.webkit.org/show_bug.cgi?id=29214
-
-        Add a flag to TypeInfo to indicate whether a type overrides getPropertyNames.
-        This flag is used to make sure that caching of the property name data is safe.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::hasDefaultGetPropertyNames):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::isCacheable):
-
-2009-09-11  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29207
-        Add checks for using WebCore JS context on secondary threads
-
-        * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        Added a new mainThreadOnly flag that WebCore would set.
-
-        * runtime/Collector.cpp: (JSC::Heap::registerThread): JSC API methods always call this,
-        so this is a good place to check that the API isn't used form a wrong thread.
-
-2009-09-11  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Compiling JavaScriptCore on sparc 64 with gcc fails.
-
-        ThreadSafeShared uses the atomic __gnu_cxx::__exchange_and_add with an int,
-        however on sparc 64 the _Atomic_word argument is typedefed to long (8 bytes).
-
-        The patch disables WTF_USE_LOCKFREE_THREADSAFESHARED in ThreadSafeShared to use
-        a mutex instead when compiling for sparc 64 with gcc.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29175
-
-        * wtf/Platform.h:
-        __sparc64__ is not defined on all OS.
-        Uses instead: __sparc__ && __arch64__ || __sparcv9
-        * wtf/Threading.h:
-
-2009-09-11  Prasanth Ullattil  <prasanth.ullattil@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix compile error on Windows7(64Bit) with latest SDK.
-
-        Added the missing include file.
-
-        * runtime/UString.cpp:
-
-2009-09-11  Joerg Bornemann  <joerg.bornemann@trolltech.com>
-
-        Reviewed by Simon Hausmann.
-
-        Qt/Windows CE compile fix, include the executable allocator and
-        markstack implementation in the windows build.
-
-        * JavaScriptCore.pri:
-
-2009-09-08  John Abd-El-Malek  <jam@chromium.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Remove unneeded define for ActiveX.
-        https://bugs.webkit.org/show_bug.cgi?id=29054
-
-        * wtf/Platform.h:
-
-2009-09-10  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Update JavaScriptCore and WebKit's FeatureDefines.xcconfig so that they are in sync with WebCore as they need to be.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-09-10  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Export WTF::tryFastMalloc used in WebSocketChannel.
-        https://bugs.webkit.org/show_bug.cgi?id=28038
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Make StructureTransitionTable use an enum for the PtrAndFlags member
-        used for the single transition slot optimisation.
-
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::StructureTransitionTable):
-        (JSC::StructureTransitionTable::usingSingleTransitionSlot):
-        (JSC::StructureTransitionTable::):
-
-2009-09-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Refactor StructureTransitionTable and Structure to unify handling of the single slot optimization
-        https://bugs.webkit.org/show_bug.cgi?id=29141
-
-        Make StructureTransitionTable encapsulate the single transition slot optimization.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::hasTransition):
-        * runtime/Structure.h:
-        (JSC::StructureTransitionTable::contains):
-        (JSC::StructureTransitionTable::get):
-        (JSC::StructureTransitionTable::hasTransition):
-        (JSC::StructureTransitionTable::reifySingleTransition):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::StructureTransitionTable):
-        (JSC::StructureTransitionTable::~StructureTransitionTable):
-        (JSC::StructureTransitionTable::remove):
-        (JSC::StructureTransitionTable::add):
-        (JSC::StructureTransitionTable::table):
-        (JSC::StructureTransitionTable::singleTransition):
-        (JSC::StructureTransitionTable::usingSingleTransitionSlot):
-        (JSC::StructureTransitionTable::setSingleTransition):
-        (JSC::StructureTransitionTable::setTransitionTable):
-        (JSC::StructureTransitionTable::):
-        * wtf/PtrAndFlags.h:
-        (WTF::PtrAndFlags::PtrAndFlags):
-
-2009-09-10  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Implement fastDeleteSkippingDestructor for FastAllocBase and fastDeleteAllValues for HashSet
-        https://bugs.webkit.org/show_bug.cgi?id=25930
-
-        FastAllocBase has been extended with fastDeleteSkippingDestructor function which
-        releases memory without destructor call. fastDeleteAllValues has been implemented 
-        similar as deleteAllValues but it uses fastDelete function to release memory.
-
-        * wtf/FastAllocBase.h:
-        (WTF::fastDeleteSkippingDestructor):
-        * wtf/HashSet.h:
-        (WTF::fastDeleteAllValues):
-
-2009-09-10  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        ARM compiler does not understand GCC visibility attribute
-        https://bugs.webkit.org/show_bug.cgi?id=29079
-
-        * API/JSBase.h: Make the test more specific to hit only
-        the GCC compiler
-
-2009-09-10  Adam Barth  <abarth@webkit.org>
-
-        Unreviewed revert of the previous change.  It broke the tests.
-
-        * wtf/dtoa.cpp:
-        (WTF::dtoa):
-
-2009-09-10  Ben Laurie  <benl@google.com>
-
-        Reviewed by Adam Barth.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=26836>
-
-        If dtoa was given a small buffer and the number was either infinite or
-        NaN, then the buffer would be overflowed.
-
-        * wtf/dtoa.cpp:
-
-2009-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Change reinterpret_cast to static_cast in r48212.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2009-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Remove WTF_PLATFORM_FORCE_PACK as it is no longer used
-        https://bugs.webkit.org/show_bug.cgi?id=29066
-
-        * wtf/Platform.h:
-
-2009-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Ariya Hidayat.
-
-        Implement flushing the instruction cache for Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=29075
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush): Call IMB_Range to flush
-        the instruction cache on Symbian
-
-2009-09-09  Kent Hansen  <khansen@trolltech.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29024
-        Make JavaScriptCore compile on platforms with case-insensitive file systems and typeinfo.h in STL
-
-        These platforms include Microsoft Visual Studio 2003, and Symbian with Metrowerks compiler.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSTypeInfo.h: Copied from JavaScriptCore/runtime/TypeInfo.h.
-        * runtime/Structure.h:
-        * runtime/TypeInfo.h: Removed.
-
-2009-09-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        JSON.stringify(Date) loses the milliseconds information
-        https://bugs.webkit.org/show_bug.cgi?id=29063
-
-        Make sure we include milliseconds in the output of toISOString.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToISOString):
-
-2009-09-08  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix, generate derived sources earlier in order to make sure
-        they're found by the build system when generating the list of sources to build.
-
-        * wscript:
-
-2009-09-08  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Build fix when USE(LOCKFREE_THREADSAFESHARED) is not defined
-        https://bugs.webkit.org/show_bug.cgi?id=29011
-
-        * wtf/Threading.h: Use LOCKFREE_THREADSAFESHARED guard for 
-        atomicIncrement and atomicDecrement
-
-2009-09-07  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control in Yarr's RegexInterpreter
-        https://bugs.webkit.org/show_bug.cgi?id=29025
-
-        Inherits RegexInterpreter classes from FastAllocBase (bug #20422), which has
-        been instantiated by 'new':
-
-        class ByteDisjunction
-        -> instantiated in JavaScriptCore/yarr/RegexInterpreter.cpp:1462
-
-        struct BytecodePattern
-        -> instantiated in JavaScriptCore/yarr/RegexInterpreter.cpp:1279
-
-        * yarr/RegexInterpreter.h:
-
-2009-09-07  Drew Wilson  <atwilson@google.com>
-
-        Reverting r48121 to fix Windows build errors.
-
-        * JavaScriptCore.exp:
-
-2009-09-07  Drew Wilson  <atwilson@google.com>
-
-        Reviewed by David Levin.
-
-        Enable SHARED_WORKERS by default
-        https://bugs.webkit.org/show_bug.cgi?id=28959
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-09-07  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Export WTF::tryFastMalloc used in WebSocketChannel.
-        https://bugs.webkit.org/show_bug.cgi?id=28038
-
-        * JavaScriptCore.exp:
-
-2009-09-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Fix windows export files
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-09-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [[ToString]] conversion should use the actual toString function for String objects.
-
-        Remove incorrect specialisations of toString conversions on StringObject.
-
-        * JavaScriptCore.exp:
-        * runtime/StringObject.cpp:
-        * runtime/StringObject.h:
-
-2009-09-04  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Add new export.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Add new export.
-
-2009-09-04  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove unneeded export.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Remove unneeded export.
-
-2009-09-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        DateInstance object collected on ARM JIT (JSValue: WTF_USE_JSVALUE32)
-        https://bugs.webkit.org/show_bug.cgi?id=28909
-
-        Part two.
-
-        Make some improvements to garbage collection code:
-
-            1) Create a runtime assertion that catches any classes that
-               override markChildren but have the HasDefaultMark bit set.
-            2) Remove checks of the mark bit outside the MarkStack::append
-               function; they are redundant.
-            3) Improve the efficiency of the asObject and asArray functions
-               when called on JSCell* to avoid a round trip to JSValue.
-            4) Make more callers use the checked asCell and asObject
-               casting functions rather than unchecked casts.
-            5) Removed the JSCell::marked function and other GC-related
-               functions because these operations are no longer things that
-               code other than the core GC code needs to do directly. Fixed
-               callers that were calling them.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::markConservatively): Removed unneeded call to MarkStack::drain.
-        (JSC::Heap::markProtectedObjects): Removed unneeded check of the mark
-        bit and call to MarkStack::drain.
-        (JSC::Heap::collect): Removed unneeded checks of the mark bit and also
-        changed call to SmallStrings::mark to call markChildren instead to match
-        the rest of the objects.
-        (JSC::typeName): Removed unneeded cast to JSObject*.
-
-        * runtime/JSArray.h:
-        (JSC::asArray): Added an overload for JSCell* and changed the JSValue
-        version to call it. Removed some unneeded casts.
-        (JSC::JSArray::markChildrenDirect): Marked this function inline. It's in
-        a header, and if not marked inline this could lead to linking problems.
-        (JSC::MarkStack::markChildren): Added. This helper function is used by
-        the drain function to avoid repating code. Also added the code here to
-        check fro default mark violations in debug code. If a markChildren
-        function adds something to the mark stack, but the type info claimed
-        hasDefaultMark was true, then we will get an assertion now. Also fixed
-        the assertion about the mark bit to use the Heap function directly
-        because we don't have a JSCell::marked function any more.
-        (JSC::MarkStack::drain): Changed a local variable from "v" to "value",
-        and from "currentCell" to "cell". Changed to call markChildren in two
-        places instead of repeating a chain of if statements twice. Changed
-        code that reads and writes the mark bit to use Heap::isCellMarked and
-        Heap::markCell so we can eliminate the JSCell::marked and
-        JSCell::markCellDirect functions.
-
-        * runtime/JSCell.h: Removed JSCell's markCellDirect and marked member
-        functions. Added a comment explaining that asCell should be deprecated
-        in favor of the JSValue asCell member function.
-        (JSC::MarkStack::append): Added the assertion that catches callers
-        that have set the HasDefaultMark bit incorrectly. Changed
-        code that reads and writes the mark bit to use Heap::isCellMarked and
-        Heap::markCell so we can eliminate the JSCell::marked and
-        JSCell::markCellDirect functions. Moved the overload of
-        MarkStack::append for JSValue here so it can call through to the cell
-        version. The old version had a copy of all the code instead, but that
-        repeated the conversion from JSValue to JSCell* and the check for
-        whether a value is a cell multiple times.
-        (JSC::Structure::markAggregate): Moved this function here to avoid
-        dependencies for Structure.h, since this calls MarkStack::append.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::markChildren): Added code to clear
-        m_isCheckingForDefaultMarkViolation so the marking done by JSObject
-        doesn't trigger the assertion.
-
-        * runtime/JSValue.h: Moved some stray includes that were outside the
-        header guard inside it. Not sure how that happened! Removed the
-        GC-related member functions markChildren, hasChildren, marked, and
-        markDirect.
-
-        * runtime/JSWrapperObject.h: Made markChildren private.
-        (JSC::JSWrapperObject::createStructure): Added. Fixes a bug where the
-        HasDefaultMark bit was set.
-
-        * runtime/MarkStack.h: Added m_isCheckingForDefaultMarkViolation and
-        initialized it to false. Moved the append function body from here to
-        JSCell.h. Added a declaration of a private markChildren function used
-        inside the drain function.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::markChildren): Changed the name and style of this
-        function to match other functions. This allows us to share the normal
-        mark stack code path.
-
-        * runtime/SmallStrings.h: Changed the name and interface of mark to
-        the more-normal markChildren style.
-
-        * runtime/Structure.h: Moved the body of markAggregate into the
-        JSCell.h to avoid a circular dependency with JSCell.h.
-
-2009-09-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        DateInstance object collected on ARM JIT (JSValue: WTF_USE_JSVALUE32)
-        https://bugs.webkit.org/show_bug.cgi?id=28909
-
-        Part one.
-
-        Make some improvements to garbage collection code:
-
-            1) Fix the two classes that had the default mark bit set but
-               should not.
-            2) Remove checks of the mark bit outside the MarkStack::append
-               function; they are redundant.
-            3) Make more callers use the checked asCell and asObject
-               casting functions rather than unchecked casts.
-            4) Removed some GC-related functions because these operations are
-               no longer things that code other than the core GC code needs
-               to do directly. Fixed callers that were calling them.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate): Removed unneeded check of the mark
-        bit before calling MarkStack::append.
-
-        * interpreter/Register.h: Removed unneeded marked and markChildren
-        functions.
-
-        * jit/JITStubs.cpp:
-        (op_eq): Removed unneeded assertions, instead using checked casting
-        functions such as asObject.
-
-        * runtime/ArgList.h: Added now-needed forward declaration of MarkStack.
-
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::markChildren): Remmoved unneeded check of the mark bit.
-
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::createStructure): Added. Fixes a bug where the
-        HasDefaultMark bit was set.
-
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getObject): Use asObject to avoid a direct static_cast.
-
-        * runtime/JSObject.h:
-        (JSC::asObject): Added an overload for JSCell* and changed the JSValue
-        version to call it.
-        (JSC::JSValue::get): Use asObject to avoid a direct static_cast.
-
-        * runtime/JSWrapperObject.h: Made markChildren private.
-        (JSC::JSWrapperObject::createStructure): Added. Fixes a bug where the
-        HasDefaultMark bit was set. Later we may want to optimize this for
-        wrapper types that never have cells in their internal values, but there
-        is no measured performance regression in SunSpider or V8 doing this
-        all the time.
-
-        * runtime/MarkStack.cpp: Tweaked formatting.
-
-2009-09-04  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix. Switch USE_ defines over to the compiler so that they can be
-        checked by files not including config.h (like WebCorePrefix.h).
-
-        * wtf/Platform.h:
-
-2009-09-03  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by David Levin.
-
-        Remove unnecessary dependency on unistd.h
-        https://bugs.webkit.org/show_bug.cgi?id=28962
-
-        * runtime/Completion.cpp:
-
-2009-09-03  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Add strnstr for Linux and Windows in StringExtras.h
-        https://bugs.webkit.org/show_bug.cgi?id=28901
-
-        * wtf/StringExtras.h:
-        (strnstr):
-
-2009-09-03  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's HashEntry class
-        https://bugs.webkit.org/show_bug.cgi?id=27830
-
-        Inherits HashEntry class from FastAllocBase because it has been
-        instantiated by 'new' JavaScriptCore/runtime/Lookup.cpp:32.
-
-        * runtime/Lookup.h:
-
-2009-09-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Should crash if JIT code buffer allocation fails.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28926
-        <rdar://problem/7031922>
-
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        * jit/ExecutableAllocatorWin.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-
-2009-09-02  Kevin Ollivier  <kevino@theolliviers.com>
-
-        waf build fixes for Windows/MSVC.
-
-        * wscript:
-
-2009-09-02  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Build fix for building on Windows.
-
-        * wtf/ThreadingPthreads.cpp:
-
-2009-09-02  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        Use fastMalloc when neither MMAP nor VIRTUALALLOC are enabled
-        
-        RegisterFile constructor currently throws #error when both
-        MMAP and VIRTUALALLOC conditions fail.
-        On any platform that does not provide these features
-        (for instance, Symbian),
-        the fallback should be regular malloc (or fastMalloc).
-        It is functionally equivalent in this case, even though it may
-        have certain drawbacks such as lack of dynamic pre-allocation.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::~RegisterFile):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-
-2009-08-31  Robert Agoston  <Agoston.Robert@stud.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed typo.
-        https://bugs.webkit.org/show_bug.cgi?id=28691
-
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-
-2009-08-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        JSON Stringifier does not follow ES5 spec for handling of Number, String and Boolean objects
-        https://bugs.webkit.org/show_bug.cgi?id=28797
-
-        Fixed unwrapBoxedPrimitive to do the right thing, which necessitated a couple of new exception
-        checks, and corrected the logic in gap to correctly convert Number and String objects.
-
-        * runtime/JSONObject.cpp:
-        (JSC::unwrapBoxedPrimitive):
-        (JSC::gap):
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::appendStringifiedValue):
-
-2009-08-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Adam Roben.
-
-        JSON.stringify replacer array does not accept values that are not string primitives.
-        https://bugs.webkit.org/show_bug.cgi?id=28788
-
-        Update the JSON stringifier to initialise its replacer array according to the most
-        recent version of the spec.
-
-        * runtime/Identifier.h:
-        (JSC::Identifier::from):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Stringifier):
-
-2009-08-27  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28753
-        <rdar://problem/7173448> Excessive number of threads (and a crash)
-
-        * wtf/Threading.h: (WTF::atomicIncrement): Changed atomicIncrement to match decrement
-        and return the new value. Also added using directives for these functions, to match
-        te rest of WTF.
-
-2009-08-27  Brent Fulgham  <bfulgham@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Link the testapi against CFLite when building the WinCairo port.
-
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Add new Release_CFLite
-          target.  Update all targets to inherit from either the
-          JavaScriptCF.vsprops (Apple target) or the JavaScriptCFLite.vsprops
-          file (WinCairo target).
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Remove
-          input file CoreFoundation.lib. This is provided by either the
-          JavaScriptCF.vsprops or JavaScriptCFLite.vsprops file.
-
-2009-08-27  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Geoff Garen.
-        
-        Fix Windows-specific crash due to missing memory clearing call.
-        
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocateBlock):
-
-2009-08-27  Brent Fulgham  <bfulgham@webkit.org>
-
-        Build fix: JavaScriptCore_debug.def missing some exports.  Apple
-        Windows build does not use this file, so it was not noticed previously.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        x86-64 GTK broken due to code offsets changing, pointers sometimes packed into immediates.
-        https://bugs.webkit.org/show_bug.cgi?id=28317
-
-        Missed one, fix part II.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::move):
-        * assembler/X86Assembler.h:
-        (JSC::CAN_SIGN_EXTEND_8_32):
-
-2009-08-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Adam Roben.
-
-        JSON.stringify replacer array does not accept values that are not string primitives.
-        https://bugs.webkit.org/show_bug.cgi?id=28788
-
-        Update the JSON stringifier to initialise its replacer array according to the most
-        recent version of the spec.
-
-        * runtime/Identifier.h:
-        (JSC::Identifier::from):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Stringifier):
-
-2009-08-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        JSON parser accepts trailing comma in array literals
-        https://bugs.webkit.org/show_bug.cgi?id=28779
-
-        Update parser to correctly fail if there's a trailing comma.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-
-2009-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        'this' in JSON.parse reviver is the global object
-        https://bugs.webkit.org/show_bug.cgi?id=28752
-
-        This is a technically simple change, we merely update the code for calling
-        the reviver function to pass the correct this object.  Doing so however
-        exposes the holder to arbitrary mutation by the reviver function so it is
-        necessary for us to now guard all property accesses against the possibility
-        of failure.
-
-        * runtime/JSArray.h:
-          JSON needs to delete a property from the array, so we friend its 
-          Walker class so that we can make a non-virtual call to the arrays
-          delete and getOwnPropertySlot methods.
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::callReviver):
-          We need to pass the correct this object
-        (JSC::Walker::walk):
-          Update calls to callReviver, and update property logic logic
-          to correctly handle the holder being mutated by the reviver
-          function.
-
-2009-08-26  Alice Liu  <alice.liu@apple.com>
-
-        Windows build fix: added some exported symbols
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Removed some exported symbols that no longer exist.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Olliejver Hunt.
-
-        x86-64 GTK broken due to code offsets changing, pointers sometimes packed into immediates.
-        https://bugs.webkit.org/show_bug.cgi?id=28317
-
-        We rely on a slightly OS X specific behaviour, that x86-64 applications have a 4Gb zero page,
-        so pointers are never representable as a 32-bit integer, and always have to be represented by
-        a separate immediate load instruction, rather than within the immediate field of an arithmetic
-        or memory operation.
-
-        We explicitly check for a couple of cases where a value might be representable in 32-bit, but
-        these probably never kick in on Mac OS, and only kick in to hose GTK.  Deleting these does not
-        show a performance degradation on SunSpider.  Remove.
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::storePtr):
-        (JSC::MacroAssemblerX86_64::branchPtr):
-
-2009-08-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A bit of Collector refatoring.
-        
-        SunSpider says no change. v8 says 1.003x faster (1.02x faster on splay).
-
-        * JavaScriptCore.exp:
-
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toPrimitive):
-        (JSC::JSCell::getPrimitiveNumber):
-        (JSC::JSCell::toBoolean):
-        (JSC::JSCell::toNumber):
-        (JSC::JSCell::toString):
-        (JSC::JSCell::toObject): Removed pure virtual functions from
-        JSCell, so the collector can construct one. This allowed
-        me to remove a bunch of ASSERT_NOT_REACHED throughout the
-        code, too.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell): ditto
-        (JSC::Heap::heap): Inlined this function because it's trivial.
-
-        * JavaScriptCore.exp:
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlock):
-        (JSC::Heap::freeBlocks): Renamed freeHeap to freeBlocks, since
-        it doesn't actually free the Heap object.
-        (JSC::Heap::heapAllocate):
-        (JSC::Heap::sweep):
-        * runtime/Collector.h: Refactored block allocation and destruction
-        into helper functions.
-        
-        * runtime/GetterSetter.cpp:
-        * runtime/JSAPIValueWrapper.cpp:
-        * runtime/JSPropertyNameIterator.cpp: Removed dummy implementations
-        of pure virtual functions. (See above.)
-
-=== End re-roll-in of r47738:47740 with Windows crash fixed ===
-
-2009-08-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: start out with a 32-bit value to avoid a shortening warning.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::sweep):
-
-2009-08-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Substantially reduced VM thrash in the GC heap.
-        
-        1.08x faster on v8 (1.60x faster on v8-splay).
-        
-        1.40x faster on bench-alloc-nonretained.
-        
-        1.90x faster on bench-alloc-retained.
-        
-        SunSpider says no change.
-        
-        * runtime/Collector.cpp:
-        (JSC::Heap::heapAllocate): Fixed a long-standing bug: update a few local
-        variables unconditionally after calling collect(), since they may be used
-        even if we don't "goto scan". (In the bug I saw, usedBlocks got out of
-        sync with heap.usedBlocks).
-        (JSC::Heap::sweep): Keep enough free heap space to accomodate 
-        the number of objects we'll allocate before the next GC, plus 25%, for
-        good measure.
-        * runtime/Collector.h: Bumped the block size to 256k. This seems to give
-        the best cache performance, and it prevents us from initiating lots of
-        VM traffic to recover very small chunks of memory.
-
-=== Begin re-roll-in of r47738:47740 with Windows crash fixed ===
-
-2009-08-25  Drew Wilson  <atwilson@google.com>
-
-        Reviewed by David Levin.
-
-        postMessage() spec now supports sending arrays of ports
-        https://bugs.webkit.org/show_bug.cgi?id=26902
-
-        Added OwnPtr to VectorTraits so we can store OwnPtrs in Vectors.
-
-        * wtf/VectorTraits.h:
-
-2009-08-26  Xan Lopez  <xlopez@igalia.com>
-
-        Rubber-stamped by Gustavo Noronha.
-
-        Remove duplicated files from file list.
-
-        * GNUmakefile.am:
-
-2009-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        More export fixes.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fix).
-
-        Hopefully fix all the exports from JSC on windows
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Build fixes).
-
-        Forgot I added files to JavaScriptCore. 
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCoreSources.bkl:
-
-2009-08-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [ES5] Implement getOwnPropertyDescriptor
-        https://bugs.webkit.org/show_bug.cgi?id=28724
-
-        Implement the core runtime support for getOwnPropertyDescriptor.
-        This adds a virtual getOwnPropertyDescriptor method to every class
-        that implements getOwnPropertySlot that shadows the behaviour of
-        getOwnPropertySlot.  The alternative would be to make getOwnPropertySlot
-        (or PropertySlots in general) provide property attribute information,
-        but quick testing showed this to be a regression.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        * runtime/ArrayPrototype.h:
-        * runtime/CommonIdentifiers.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::getOwnPropertyDescriptor):
-        * runtime/DatePrototype.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertyDescriptor):
-        * runtime/JSByteArray.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertyDescriptor):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::getOwnPropertySlot):
-        (JSC::JSONObject::getOwnPropertyDescriptor):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        (JSC::JSObject::getPropertyDescriptor):
-        * runtime/JSObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::getStringPropertyDescriptor):
-        (JSC::JSString::getOwnPropertyDescriptor):
-        * runtime/JSString.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::symbolTableGet):
-        * runtime/JSVariableObject.h:
-        * runtime/Lookup.h:
-        (JSC::getStaticPropertyDescriptor):
-        (JSC::getStaticFunctionDescriptor):
-        (JSC::getStaticValueDescriptor):
-          Add property descriptor equivalents of the lookup
-          table access functions
-
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertySlot):
-        (JSC::MathObject::getOwnPropertyDescriptor):
-        * runtime/MathObject.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        * runtime/PropertyDescriptor.cpp: Added.
-        (JSC::PropertyDescriptor::writable):
-        (JSC::PropertyDescriptor::enumerable):
-        (JSC::PropertyDescriptor::configurable):
-        (JSC::PropertyDescriptor::hasAccessors):
-        (JSC::PropertyDescriptor::setUndefined):
-        (JSC::PropertyDescriptor::getter):
-        (JSC::PropertyDescriptor::setter):
-        (JSC::PropertyDescriptor::setDescriptor):
-        (JSC::PropertyDescriptor::setAccessorDescriptor):
-        * runtime/PropertyDescriptor.h: Added.
-        (JSC::PropertyDescriptor::PropertyDescriptor):
-        (JSC::PropertyDescriptor::attributes):
-        (JSC::PropertyDescriptor::isValid):
-        (JSC::PropertyDescriptor::value):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getOwnPropertyDescriptor):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::getOwnPropertyDescriptor):
-        * runtime/RegExpObject.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertyDescriptor):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::getOwnPropertyDescriptor):
-        * runtime/StringPrototype.h:
-
-2009-08-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        How many copies of the parameters do you need?
-        https://bugs.webkit.org/show_bug.cgi?id=28701
-
-        The function parameters in JSC get copied a lot - and unnecessarily so.
-
-        Originally this happened due to duplicating FunctionBodyNodes on recompilation,
-        though the problem has been exacerbated by copying the parameters from the
-        original function body onto the executable, then back onto the real body that
-        will be generated (this happens on every function).  And this is all made worse
-        since the data structures in question are a little ugly - C style arrays of C++
-        objects containing ref counts, so they need a full copy-construct (rather than
-        a simple memcpy).
-
-        This can all be greatly simplified by just punting the parameters off into
-        their own ref-counted object, and forgoing all the copying.
-
-        ~no performance change, possible slight progression.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::makeFunction):
-        * parser/Nodes.cpp:
-        (JSC::FunctionParameters::FunctionParameters):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::finishParsing):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::parameters):
-        (JSC::FunctionBodyNode::parameterCount):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::~FunctionExecutable):
-        (JSC::FunctionExecutable::compile):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        (JSC::FunctionExecutable::paramString):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::parameterCount):
-
-2009-08-25  Brent Fulgham  <bfulgham@webkit.org>
-
-        Reviewed by NOBODY (Buildfix).
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Add Debug_CFLite target
-          that inherits from the debug_wincairo property sheet and therefore
-          links to the proper debug library.
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Add Debug_CFLite target
-          that inherits from the debug_wincairo property sheet and therefore
-          links to the proper debug library.
-
-2009-08-25  Chris Marrin  <cmarrin@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Export tryFastMalloc for Canvas3D work
-        https://bugs.webkit.org/show_bug.cgi?id=28018
-
-        * JavaScriptCore.exp:
-
-2009-08-25  David Levin  <levin@chromium.org>
-
-        Reviewed by Adam Roben.
-
-        PLATFORM(CFNETWORK) should be USE(CFNETWORK).
-        https://bugs.webkit.org/show_bug.cgi?id=28713
-
-        * wtf/Platform.h: Added a #define to catch this issue in the
-        future. The define would generate an error on gcc without the
-        space in the expansion, but Visual C++ needs the space to cause an error.
-
-2009-08-24  Brent Fulgham  <bfulgham@webkit.org>
-
-        Reviewed by Steve Falkenburg.
-
-        Revise CFLite Debug build to emit DLL's with _debug label.
-        https://bugs.webkit.org/show_bug.cgi?id=28695.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Modify
-          Cairo debug build to inherit from new debug_cairo property sheet.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops:
-          Modify to look for debug CFLite when in debug build.
-
-2009-08-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Adler & Darin Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28691
-        Do not retain ScopeNodes outside of parsing
-        
-        There is now no need for these to exist outside of parsing - their use in the runtime is replaced by Executable types.
-
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitNewFunctionExpression):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::makeFunction):
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNodeData::ScopeNodeData):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::adoptData):
-        (JSC::FunctionBodyNode::parameterCount):
-        * parser/Parser.cpp:
-        * parser/Parser.h:
-        (JSC::Parser::arena):
-        (JSC::Parser::Parser):
-        (JSC::Parser::parse):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        (JSC::arrayProtoFuncSort):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::~FunctionExecutable):
-        (JSC::EvalExecutable::compile):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compile):
-        (JSC::FunctionExecutable::compile):
-        (JSC::EvalExecutable::generateJITCode):
-        (JSC::ProgramExecutable::generateJITCode):
-        (JSC::FunctionExecutable::generateJITCode):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        (JSC::FunctionExecutable::recompile):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        (JSC::FunctionExecutable::copyParameters):
-        (JSC::FunctionExecutable::paramString):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::ScriptExecutable::sourceID):
-        (JSC::ScriptExecutable::sourceURL):
-        (JSC::ScriptExecutable::lineNo):
-        (JSC::ScriptExecutable::lastLine):
-        (JSC::ScriptExecutable::usesEval):
-        (JSC::ScriptExecutable::usesArguments):
-        (JSC::ScriptExecutable::needsActivation):
-        (JSC::ScriptExecutable::recordParse):
-        (JSC::EvalExecutable::bytecode):
-        (JSC::EvalExecutable::jitCode):
-        (JSC::ProgramExecutable::bytecode):
-        (JSC::ProgramExecutable::reparseExceptionInfo):
-        (JSC::ProgramExecutable::jitCode):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::make):
-        (JSC::FunctionExecutable::bytecode):
-        (JSC::FunctionExecutable::isGenerated):
-        (JSC::FunctionExecutable::name):
-        (JSC::FunctionExecutable::parameterCount):
-        (JSC::FunctionExecutable::jitCode):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::numericCompareFunction):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-
-2009-08-24  Darin Adler  <darin@apple.com>
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::put): Landed revised version I had tested but forgot
-        to land. Leave out the branch, since we don't need one.
-
-2009-08-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Array index miss case creates a string every time
-        https://bugs.webkit.org/show_bug.cgi?id=28664
-
-        SunSpider test results I saw:
-
-            0.5% faster overall
-            1% faster on crypto-aes
-            20% faster on crypto-md5
-            13% faster on crypto-sha1
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype): Initialize m_hasNoPropertiesWithUInt32Names
-        to true.
-        (JSC::ObjectPrototype::put): Clearly m_hasNoPropertiesWithUInt32Names if the new
-        property has a name that is the string form of a UInt32.
-        (JSC::ObjectPrototype::getOwnPropertySlot): Don't call JSObject::getOwnPropertySlot
-        if m_hasNoPropertiesWithUInt32Names is true, and it is highly likely to be true.
-
-        * runtime/ObjectPrototype.h: Added declarations for the above.
-
-2009-08-24  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Unreviewed. Fix a typo in my distcheck build fix.
-
-        * GNUmakefile.am:
-
-2009-08-23  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Unreviewed build fix for make distcheck.
-
-        * GNUmakefile.am: Added files required for the build.
-
-2009-08-22  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        REGRESSION(r47639-r47660): Webkit crashes on launch on PowerPC
-        https://bugs.webkit.org/show_bug.cgi?id=28655
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction): Initialize properly with a VPtrHackExecutable.
-        * wtf/Platform.h:
-
-2009-08-22  Darin Adler  <darin@apple.com>
-
-        Fix storage leak from syntax tree arena allocation patch.
-
-        * parser/Nodes.h: CommaNode needs to inherit from ParserArenaDeletable
-        because it has a vector.
-
-2009-08-21  Darin Adler  <darin@apple.com>
-
-        Fix Qt build.
-
-        * parser/Nodes.cpp:
-        (JSC::ScopeNodeData::ScopeNodeData): Made non-inline again.
-        This is used outside Nodes.cpp so can't be inline unless
-        it is in the header.
-
-2009-08-21  Darin Adler  <darin@apple.com>
-
-        Two loose ends from the last commit.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Made ParserArena.h
-        and create_hash_table project-internal instead of "private".
-        * runtime/Executable.h: Removed accidentally-added constructor.
-
-2009-08-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Syntax tree nodes should use arena allocation
-        https://bugs.webkit.org/show_bug.cgi?id=25674
-
-        Use an actual arena now. 0.6% speedup on SunSpider.
-
-        New and improved with 100% less leaking of the universe.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        Removed all exports involving the class FunctionBodyNode, which no
-        longer needs to be used outside JavaScriptCore.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Made Nodes.h and
-        Executable.h project-internal instead of "private".
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Updated since VarStack
-        contains const Identifier* now.
-
-        * parser/Grammar.y: Made identifiers from the lexer be const
-        Identifier* and updated since VarStack contains const Identifier* now.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode): Pass in ParserArena, used for identifiers.
-        (JSC::Lexer::makeIdentifier): Changed return type to const Identifier*
-        and changed to call ParserArena.
-        (JSC::Lexer::clear): Removed the code to manage m_identifiers and
-        added code to set m_arena to 0.
-        * parser/Lexer.h: Updated for changes above.
-
-        * parser/NodeConstructors.h:
-        (JSC::ParserArenaFreeable::operator new): Added. Calls allocateFreeable
-        on the arena.
-        (JSC::ParserArenaDeletable::operator new): Changed to call the
-        allocateDeletable function on the arena instead of deleteWithArena.
-        (JSC::PropertyNode::PropertyNode): Added new constructor that makes
-        numeric identifiers. Some day we might want to optimize this for
-        integers so it doesn't create a string for each one.
-        (JSC::ContinueNode::ContinueNode): Initialize m_ident to nullIdentifier
-        since it's now a const Identifier& so it can't be left uninitialized.
-        (JSC::BreakNode::BreakNode): Ditto.
-        (JSC::CaseClauseNode::CaseClauseNode): Updated to use SourceElements*
-        to keep track of the statements rather than a separate statement vector.
-        (JSC::BlockNode::BlockNode): Ditto.
-        (JSC::ForInNode::ForInNode): Initialize m_ident to nullIdentifier.
-
-        * parser/Nodes.cpp: Moved the comment explaining emitBytecode in here.
-        It seemed strangely out of place in the header.
-        (JSC::ThrowableExpressionData::emitThrowError): Added an overload for
-        UString as well as Identifier.
-        (JSC::SourceElements::singleStatement): Added.
-        (JSC::SourceElements::lastStatement): Added.
-        (JSC::RegExpNode::emitBytecode): Changed the throwError code to use
-        the substitution mechanism instead of doing a string append.
-        (JSC::SourceElements::emitBytecode): Added. Replaces the old
-        statementListEmitCode function, since we now keep the SourceElements
-        objects around.
-        (JSC::BlockNode::lastStatement): Added.
-        (JSC::BlockNode::emitBytecode): Changed to use emitBytecode instead of
-        statementListEmitCode.
-        (JSC::CaseClauseNode::emitBytecode): Added.
-        (JSC::CaseBlockNode::emitBytecodeForBlock): Changed to use emitBytecode
-        instead of statementListEmitCode.
-        (JSC::ScopeNodeData::ScopeNodeData): Changed to store the
-        SourceElements* instead of using releaseContentsIntoVector.
-        (JSC::ScopeNode::emitStatementsBytecode): Added.
-        (JSC::ScopeNode::singleStatement): Added.
-        (JSC::ProgramNode::emitBytecode): Call emitStatementsBytecode instead
-        of statementListEmitCode.
-        (JSC::EvalNode::emitBytecode): Ditto.
-        (JSC::FunctionBodyNode::emitBytecode): Call emitStatementsBytecode
-        insetad of statementListEmitCode and check for the return node using
-        the new functions.
-
-        * parser/Nodes.h: Changed VarStack to store const Identifier* instead
-        of Identifier and rely on the arena to control lifetime. Added a new
-        ParserArenaFreeable class. Made ParserArenaDeletable inherit from
-        FastAllocBase instead of having its own operator new. Base the Node
-        class on ParserArenaFreeable. Changed the various Node classes
-        to use const Identifier& instead of Identifier to avoid the need to
-        call their destructors and allow them to function as "freeable" in the
-        arena. Removed extraneous JSC_FAST_CALL on definitions of inline functions.
-        Changed ElementNode, PropertyNode, ArgumentsNode, ParameterNode,
-        CaseClauseNode, ClauseListNode, and CaseBlockNode to use ParserArenaFreeable
-        as a base class since they do not descend from Node. Eliminated the
-        StatementVector type and instead have various classes use SourceElements*
-        instead of StatementVector. This prevents those classes from having to
-        use ParserArenaDeletable to make sure the vector destructor is called.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::parse): Pass the arena to the lexer.
-
-        * parser/Parser.h: Added an include of ParserArena.h, which is no longer
-        included by Nodes.h.
-        (JSC::Parser::parseFunctionFromGlobalCode): Changed to use the
-        singleStatement function, since there is no longer any children function.
-        Removed some unneeded use of RefPtr.
-
-        * parser/ParserArena.cpp:
-        (JSC::ParserArena::ParserArena): Added. Initializes the new members,
-        m_freeableMemory, m_freeablePoolEnd, and m_identifiers.
-        (JSC::ParserArena::freeablePool): Added. Computes the pool pointer,
-        since we store only the current pointer and the end of pool pointer.
-        (JSC::ParserArena::deallocateObjects): Added. Contains the common
-        memory-deallocation logic used by both the destructor and the
-        reset function.
-        (JSC::ParserArena::~ParserArena): Changed to call deallocateObjects.
-        (JSC::ParserArena::reset): Ditto. Also added code to zero out the
-        new structures, and switched to use clear() instead of shrink(0) since
-        we don't really reuse arenas.
-        (JSC::ParserArena::makeNumericIdentifier): Added.
-        (JSC::ParserArena::allocateFreeablePool): Added. Used when the pool
-        is empty.
-        (JSC::ParserArena::isEmpty): Added. No longer inline, which is fine
-        since this is used only for assertions at the moment.
-        (JSC::ParserArena::derefWithArena): Make non-inline.
-
-        * parser/ParserArena.h: Added an actual arena of "freeable" objects,
-        ones that don't need destructors to be called. Also added a separate
-        IdentifierArena object, a segmented vector of identifiers that used
-        to be in the Lexer.
-
-        * runtime/Executable.h: Moved the definition of the
-        FunctionExecutable::make function here. It can't go in JSFunction.h
-        since that header has to be used outside JavaScriptCore and so can't
-        include this, which includes Nodes.h. The function could be moved
-        elswhere if we don't want to include JSFunction.h in this header, but
-        for now this seems to be the best place.
-
-        * runtime/JSFunction.h: Removed the include of Executable.h and
-        definition of the FunctionExecutable::make function.
-
-        * wtf/FastMalloc.cpp: Fixed an incorrect comment.
-
-2009-08-21  Mark Rowe  <mrowe@apple.com>
-
-        Fix the non-JIT build.
-
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-
-2009-08-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative QuickTime build fix.
-
-        * runtime/JSArray.cpp:
-
-2009-08-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative QT build fix.
-
-        * runtime/StringPrototype.cpp:
-
-2009-08-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Restructure Executable types so that host functions do not hold a FunctionExecutable.
-        https://bugs.webkit.org/show_bug.cgi?id=28621
-
-        All JSFunction objects have a pointer to an Executable*.  This is currently always a
-        FunctionExecutable, however this has a couple of drawbacks.  Host functions do not
-        store a range of information that the FunctionExecutable provides (source, name,
-        CodeBlock & information presently held on the FunctionBodyNode). 
-
-        [ * nearly all... see below! ]
-
-        Instead, make JSFunctions hold a pointer to an ExecutableBase, move fields specific
-        to JS sourced executable types (source, node) into a new subclass (ScriptExecutable),
-        and create a new NativeExecutable type.  We now provide a new method in JSFunction
-        to access & downcast to FunctionExecutable, but in doing so we can make an early
-        check (with an ASSERT) to ensure that the Executable read from a function will only
-        be treated as a FunctionExecutable (and thus the JS sepcific fields will only be
-        accessed) if the JSFunction is not a host function.
-
-        There is one JSFunction that currently does not have an Executable, which is the
-        object created to allow us to read out the vtable pointer.  By making this change
-        we can also add a new Executable type fror this object (VPtrHackExecutable).
-        Since this means that really all JSFunctions have an Executable we no longer have
-        to null-check m_executable before us it - particularly in isHostFunction().
-
-        This patch removes CacheableEvalExecutable, since all subclasses of ExecutableBase
-        can now be ref-counted - since both JSFunction holds (and ref-counts) an ExecutableBase
-        that might be a FunctionExecutable or a NativeExecutable.  This does now mean that all
-        ProgramExecutables and EvalExecutables (unnecessarily) provide an interface to be
-        ref-counted, however this seems less-bad than host functions unnecessarily providing
-        interface to access non-host specific information.
-
-        The class hierarcy has changed from this:
-        
-        - ExecutableBase
-            - ProgramExecutable
-            - EvalExecutable
-                - CacheableEvalExecutable (also RefCounted by multiple-inheritance)
-            - FunctionExecutable (also RefCounted by multiple-inheritance, 'special' FunctionExecutable also used for host functions)
-
-        To this:
-        
-        - RefCounted
-            - ExecutableBase
-                - NativeExecutable
-                - VPtrHackExecutable
-                - ScriptExecutable
-                    - ProgramExecutable
-                    - EvalExecutable
-                    - FunctionExecutable
-
-        This patch speeds up sunspidey by a couple of ms (presumably due to the changes to isHostFunction()).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::ownerExecutable):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * profiler/Profiler.cpp:
-        (JSC::createCallIdentifierFromFunctionImp):
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-        (JSC::Arguments::Arguments):
-        * runtime/Executable.cpp:
-        (JSC::NativeExecutable::~NativeExecutable):
-        (JSC::VPtrHackExecutable::~VPtrHackExecutable):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::~ExecutableBase):
-        (JSC::ExecutableBase::isHostFunction):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::VPtrHackExecutable::VPtrHackExecutable):
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::ScriptExecutable::source):
-        (JSC::ScriptExecutable::sourceID):
-        (JSC::ScriptExecutable::sourceURL):
-        (JSC::ScriptExecutable::lineNo):
-        (JSC::ScriptExecutable::lastLine):
-        (JSC::ScriptExecutable::usesEval):
-        (JSC::ScriptExecutable::usesArguments):
-        (JSC::ScriptExecutable::needsActivation):
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::EvalExecutable::create):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::~JSFunction):
-        (JSC::JSFunction::markChildren):
-        (JSC::JSFunction::getCallData):
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getConstructData):
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::executable):
-        (JSC::JSFunction::jsExecutable):
-        (JSC::JSFunction::isHostFunction):
-
-2009-08-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Browser hangs on opening Web Inspector.
-        https://bugs.webkit.org/show_bug.cgi?id=28438
-
-        Code generation needs to be able to walk the entire scopechain in some
-        cases, however the symbol table used by activations was a member of the
-        codeblock.  Following recompilation this may no longer exist, leading
-        to a crash or hang on lookup.
-
-        We fix this by introducing a refcounted SymbolTable subclass, SharedSymbolTable,
-        for the CodeBlocks used by function code.  This allows activations to
-        maintain ownership of a copy of the symbol table even after recompilation so
-        they can continue to work.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::symbolTable):
-        (JSC::CodeBlock::sharedSymbolTable):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        (JSC::FunctionCodeBlock::~FunctionCodeBlock):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveArguments):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::generateBytecode):
-        (JSC::FunctionExecutable::generateBytecode):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        (JSC::JSActivation::JSActivationData::~JSActivationData):
-        * runtime/SymbolTable.h:
-
-2009-08-20  Xan Lopez  <xlopez@igalia.com>
-
-        Add new file to GTK+ build.
-
-        * GNUmakefile.am:
-
-2009-08-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Added a number => string cache.
-        
-        1.07x faster on v8 (1.7x faster on v8-splay).
-        1.004x faster on SunSpider.
-
-        * runtime/JSCell.h: Moved JSValue::toString to JSString.h.
-        * runtime/JSGlobalData.h: Holds the cache.
-        * runtime/JSNumberCell.cpp:
-        (JSC::JSNumberCell::toString):
-        (JSC::JSNumberCell::toThisString): Removed -0 special case.
-        UString handles this now, since too many clients were
-        special-casing it.
-
-        * runtime/JSString.h:
-        (JSC::JSValue::toString): Use the cache when converting
-        an int or double to string.
-
-        * runtime/Operations.h:
-        (JSC::concatenateStrings): Call toString to take advantage
-        of the cache.
-
-        * runtime/SmallStrings.h:
-        (JSC::NumericStrings::add):
-        (JSC::NumericStrings::lookup): The cache.
-
-        * runtime/UString.cpp:
-        (JSC::UString::from): Added -0 special case mentioned above.
-        Removed appendNumeric because it's mutually exclusive with the
-        cache.
-
-2009-08-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION: fast/profiler/call.html is crashing occasionally
-        https://bugs.webkit.org/show_bug.cgi?id=28476
-
-        Using the codeblock for information about how many parameters and
-        locals a function has is unsafe in certain circumstances.  The
-        basic scenario is all function code being cleared in response to
-        the debugger or profiler being enabled, and then an activation is
-        marked before its associated function is re-executed.
-
-        To deal with this scenario we store the variable count of a function
-        directly in the FunctionExecutable, and then use that information.
-
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::generateBytecode):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::variableCount):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-
-2009-08-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Numbering of arguments to emitGetJITStubArg/emitPutJITStubArg incorrect
-        <bug lost in the great bug disasteroony of 08/20/09!>
-
-        The argumentNumber argument to emitGetJITStubArg/emitPutJITStubArg should match
-        the argument number used within the stub functions in JITStubs.cpp, but it doesn't.
-
-        Firstly, all the numbers changed when we added a void* 'reserved' as the first slot
-        (rather than leaving argument 0 unused), and secondly in 32_64 builds the index to
-        peek/poke needs to be multiplies by 2 (since the argument to peek/poke is a number
-        of machine words, and on 32_64 build the argument slots to stub functions are two
-        words wide).
-
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutJITStubArg):
-        (JSC::JIT::emitPutJITStubArgConstant):
-        (JSC::JIT::emitGetJITStubArg):
-        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2009-08-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        REGRESSION: significant slowdown on Celtic Kane "AJAX declaration" subtest
-        https://bugs.webkit.org/show_bug.cgi?id=28332
-
-        Follow up style fixes that were missed in review.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::hasTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-        (JSC::StructureTransitionTable::contains):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::add):
-
-2009-08-20  Oliver Hunt  <oliver@apple.com>
-
-        Add new exports to windows jsc build
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION: significant slowdown on Celtic Kane "AJAX declaration" subtest
-        https://bugs.webkit.org/show_bug.cgi?id=28332
-
-        The method check optimisation made transitions aware of the value being
-        assigned when a transition was assigning a function.  This had the side
-        effect of making every assignment of a function expression result in a
-        new transition, and thus a new Structure.  The net result of this is that
-        the common JS idiom of
-
-            function MyObject() {
-                this.myFunction = function(...){...};
-            }
-            new MyObject();
-
-        Will produce a unique structure on every iteration, meaning that all
-        caching is defeated and there is a significant amount of structure churn.
-
-        The fix is to return the transition to its original form where it is
-        keyed off a property name + attributes tuple, but have each transition
-        support an optional transition on a specific value.
-
-        * JavaScriptCore.exp:
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::hasTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::transitionedFor):
-        (JSC::Structure::hasTransition):
-        (JSC::Structure::):
-        (JSC::StructureTransitionTable::contains):
-        (JSC::StructureTransitionTable::get):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTableHashTraits::emptyValue):
-        (JSC::StructureTransitionTable::hasTransition):
-        (JSC::StructureTransitionTable::remove):
-        (JSC::StructureTransitionTable::add):
-
-2009-08-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Remove FunctionCodeBlock.
-        https://bugs.webkit.org/show_bug.cgi?id=28502
-
-        These only exist to allow JIT code to dereference properties off the
-        CodeBlock for any callee, regardless of whether it is a host function.
-
-        Instead just use the FunctionExecutable.  Copy the m_parameters field
-        from the CodeBlock into the Executable, and use this to distinguish
-        between host functions, functions that have been bytecompiled, and
-        functions that have not.
-
-        m_parameters is moved to ExecutableBase rather than FunctionExecutable
-        so that (as a separate change) we can move make a separate class of
-        executable for host code, which is not devived from FunctionExecutable
-        (host code does not feature any of the properties that normal executable
-        do and will provide, such as source, attributes, and a parsed name).
-
-        1% win on v8 tests, 0.5% on sunspider.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::handlerForBytecodeOffset):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
-        (JSC::CodeBlock::functionRegisterForBytecodeOffset):
-        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
-        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::):
-        (JSC::CodeBlock::source):
-        (JSC::CodeBlock::sourceOffset):
-        (JSC::CodeBlock::evalCodeCache):
-        (JSC::CodeBlock::createRareDataIfNecessary):
-        
-            remove NativeCodeBlocks and the NativeCode code type.
-        
-        * jit/JIT.cpp:
-        (JSC::JIT::linkCall):
-
-            Revert to previous behaviour (as currently still commented!) that Hhost functions have a null codeblock.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-
-            Bring the 32_64 & non-32_64 JITs into line with each other, callee in regT0.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-
-            Rewrite call trampolines to not use the CodeBlock.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-            Make call_JSFunction & call_arityCheck return the callee, don't expect to be passed the CodeBlock.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::generateBytecode):
-        (JSC::FunctionExecutable::recompile):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::):
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::FunctionExecutable::isHostFunction):
-
-            Add m_numParameters.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-
-            Only call generatedBytecode() on JSFunctions non-host FunctionExecutables.
-
-2009-08-20  Yongjun Zhang  <yongjun.zhang@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28054
-       
-        Use a helper function to work around winscw compiler forward declaration bug
-        regarding templated classes.
-
-        Add parenthesis around (PassRefPtr::*UnspecifiedBoolType) to make winscw compiler
-        work with the default UnSpecifiedBoolType() operator, which removes the winscw
-        specific bool cast hack.
-
-        * wtf/PassRefPtr.h:
-        (WTF::derefIfNotNull):
-        (WTF::PassRefPtr::~PassRefPtr):
-
-2009-08-19  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Change namespace ARM to ARMRegisters
-        X86 to X86Registers to avoid conflict with macros
-        https://bugs.webkit.org/show_bug.cgi?id=28428
-
-        * assembler/ARMAssembler.cpp:
-        * assembler/ARMAssembler.h:
-        * assembler/ARMv7Assembler.h:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/MacroAssemblerX86_64.h:
-        * assembler/X86Assembler.h:
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        * jit/JITInlineMethods.h:
-        * jit/JITOpcodes.cpp:
-        * wrec/WRECGenerator.cpp:
-        * wrec/WRECGenerator.h:
-        * yarr/RegexJIT.cpp:
-
-2009-08-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Devirtualise marking
-        https://bugs.webkit.org/show_bug.cgi?id=28294
-
-        We actually need to mark the value in a number object if we're using the
-        32bit number representation.
-
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-
-2009-08-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-         We probably shouldn't be keeping the AST for eval nodes around forevar.
-        https://bugs.webkit.org/show_bug.cgi?id=28469
-
-        EvalNodes don't destroyData() (delete their parser data) since they need to hold onto
-        their varStack.  Copy a list of variable onto EvalCodeBlock, and this can go away.
-
-        * bytecode/CodeBlock.h:
-        (JSC::EvalCodeBlock::variable):
-        (JSC::EvalCodeBlock::numVariables):
-        (JSC::EvalCodeBlock::adoptVariables):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * parser/Nodes.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::generateBytecode):
-        * runtime/Executable.h:
-
-2009-08-19  Jungshik Shin  <jshin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        http://bugs.webkit.org/show_bug.cgi?id=28441
-
-        Fix a build issue with ICU 4.2 or later on Windows with Visual C++. 
-        Instead of defining all isXXX and toupper/tolower as 
-          WTF_Please_use_ASCIICType_instead_of_ctype_see_comment_in_ASCIICType_h,
-        #define them to be different by prepending 'WTF_...ASCIIType_h' with
-        the originial names like 'toupper_WTF_...ASCIIType_h'. 
-
-        * wtf/DisallowCType.h:
-
-2009-08-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Assigning a function to an object should always use the existing transition, even if the transition is not specialized
-        https://bugs.webkit.org/show_bug.cgi?id=28442
-
-        Check for an unspecialized transition as an alternative to always failing if specialisation does not match.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-
-2009-08-18  Dirk Schulze  <krit@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Added additional getter to ByteArray with an unsigned char as return.
-        ByteArray can take unsigned char directly now.
-
-        * wtf/ByteArray.h:
-        (WTF::ByteArray::set):
-        (WTF::ByteArray::get):
-
-2009-08-18  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28415
-        Set svn:eol-style CRLF on all .sln and .vcproj files that don't already
-        have it.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        
-2009-08-18  Xan Lopez  <xlopez@igalia.com>
-
-        Try to fix the GTK+ build.
-
-        * GNUmakefile.am:
-
-2009-08-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        No, silly runtime, AST nodes are not for you.
-
-        We still use AST nodes (ScopeNodes, particularly FunctionBodyNodes) within
-        the runtime, which means that these nodes must be persisted outside of the
-        arena, contain both parser & runtime data, etc.  This is all a bit of a mess.
-
-        Move functionality into a new FunctionExecutable class.
-
-        * API/JSCallbackFunction.cpp:
-        * API/JSObjectRef.cpp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::markAggregate):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getBytecodeIndex):
-        (JSC::CodeBlock::discardBytecode):
-        (JSC::CodeBlock::instructionCount):
-        (JSC::CodeBlock::getJITCode):
-        (JSC::CodeBlock::executablePool):
-        (JSC::CodeBlock::ownerExecutable):
-        (JSC::CodeBlock::extractExceptionInfo):
-        (JSC::CodeBlock::addFunctionDecl):
-        (JSC::CodeBlock::functionDecl):
-        (JSC::CodeBlock::numberOfFunctionDecls):
-        (JSC::CodeBlock::addFunctionExpr):
-        (JSC::CodeBlock::functionExpr):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        (JSC::NativeCodeBlock::NativeCodeBlock):
-        * bytecode/EvalCodeCache.h:
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::doRun):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitNewFunctionExpression):
-        * bytecompiler/BytecodeGenerator.h:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        * interpreter/CallFrameClosure.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::debug):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emit_op_new_func):
-        (JSC::JIT::emit_op_new_func_exp):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-        * parser/Nodes.cpp:
-        (JSC::FunctionBodyNode::reparseDataIfNecessary):
-        * parser/Nodes.h:
-        (JSC::EvalNode::partialDestroyData):
-        * parser/Parser.h:
-        * profiler/ProfileGenerator.cpp:
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        (JSC::createCallIdentifierFromFunctionImp):
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-        (JSC::Arguments::Arguments):
-        (JSC::JSActivation::copyRegisters):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        * runtime/CallData.h:
-        (JSC::):
-        * runtime/Collector.cpp:
-        (JSC::Heap::collect):
-        * runtime/ConstructData.h:
-        (JSC::):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createUndefinedVariableError):
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAFunctionError):
-        (JSC::createNotAnObjectError):
-        * runtime/Executable.cpp: Added.
-        (JSC::EvalExecutable::generateBytecode):
-        (JSC::ProgramExecutable::generateBytecode):
-        (JSC::FunctionExecutable::generateBytecode):
-        (JSC::EvalExecutable::generateJITCode):
-        (JSC::ProgramExecutable::generateJITCode):
-        (JSC::FunctionExecutable::generateJITCode):
-        (JSC::FunctionExecutable::isHostFunction):
-        (JSC::FunctionExecutable::markAggregate):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        (JSC::FunctionExecutable::recompile):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::~ExecutableBase):
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::source):
-        (JSC::ExecutableBase::sourceID):
-        (JSC::ExecutableBase::lastLine):
-        (JSC::ExecutableBase::usesEval):
-        (JSC::ExecutableBase::usesArguments):
-        (JSC::ExecutableBase::needsActivation):
-        (JSC::ExecutableBase::astNode):
-        (JSC::ExecutableBase::generatedJITCode):
-        (JSC::ExecutableBase::getExecutablePool):
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::EvalExecutable::bytecode):
-        (JSC::EvalExecutable::varStack):
-        (JSC::EvalExecutable::evalNode):
-        (JSC::EvalExecutable::jitCode):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::ProgramExecutable::reparseExceptionInfo):
-        (JSC::ProgramExecutable::bytecode):
-        (JSC::ProgramExecutable::programNode):
-        (JSC::ProgramExecutable::jitCode):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::name):
-        (JSC::FunctionExecutable::bytecode):
-        (JSC::FunctionExecutable::generatedBytecode):
-        (JSC::FunctionExecutable::usesEval):
-        (JSC::FunctionExecutable::usesArguments):
-        (JSC::FunctionExecutable::parameterCount):
-        (JSC::FunctionExecutable::paramString):
-        (JSC::FunctionExecutable::isGenerated):
-        (JSC::FunctionExecutable::body):
-        (JSC::FunctionExecutable::jitCode):
-        (JSC::FunctionExecutable::createNativeThunk):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::isDynamicScope):
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::isHostFunction):
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::~JSFunction):
-        (JSC::JSFunction::markChildren):
-        (JSC::JSFunction::getCallData):
-        (JSC::JSFunction::call):
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getConstructData):
-        (JSC::JSFunction::construct):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::executable):
-        (JSC::FunctionExecutable::make):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::numericCompareFunction):
-        * runtime/JSGlobalData.h:
-
-2009-08-17  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fix 300,000+ leaks seen during the regression tests.
-
-        EvalCodeCache::get was heap-allocating an EvalExecutable instance without adopting the initial reference.
-        While fixing this we noticed that EvalExecutable was a RefCounted type that was sometimes stack allocated.
-        To make this cleaner and to prevent clients from attempting to ref a stack-allocated instance, we move the
-        refcounting down to a new CacheableEvalExecutable class that derives from EvalExecutable. EvalCodeCache::get
-        now uses CacheableEvalExecutable::create and avoids the leak.
-
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        * runtime/Executable.h:
-        (JSC::CacheableEvalExecutable::create):
-        (JSC::CacheableEvalExecutable::CacheableEvalExecutable):
-
-2009-08-17  Oliver Hunt  <oliver@apple.com>
-
-        RS=Mark Rowe.
-
-        REGRESSION (r47292): Prototype.js is broken by ES5 Arguments changes
-        https://bugs.webkit.org/show_bug.cgi?id=28341
-        <rdar://problem/7145615>
-
-        Reverting r47292.  Alas Prototype.js breaks with Arguments inheriting
-        from Array as ES5 attempted.  Prototype.js defines $A in terms of a 
-        function it places on (among other global objects) the Array prototype,
-        thus breaking $A for arrays.
-
-        * runtime/Arguments.h:
-        (JSC::Arguments::Arguments):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        * tests/mozilla/ecma_3/Function/arguments-001.js:
-
-2009-08-17  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Steve Falkenburg.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27323
-        Only add Cygwin to the path when it isn't already there.  This avoids
-        causing problems for people who purposefully have non-Cygwin versions of
-        executables like svn in front of the Cygwin ones in their paths.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-
-2009-08-17  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Mark Rowe.
-
-        Fix build with FAST_MALLOC_MATCH_VALIDATION enabled.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMalloc):
-        (WTF::fastCalloc):
-        (WTF::fastRealloc):
-
-2009-08-16  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix crash on ./ecma_2/RegExp/exec-002.js.
-        https://bugs.webkit.org/show_bug.cgi?id=28353
-
-        Change the order of freeParenthesesDisjunctionContext and
-        popParenthesesDisjunctionContext on all call sites as the pop
-        method is accessing backTrack->lastContext which is the context
-        that is about to be freed.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-
-2009-08-16  Holger Hans Peter Freyther  <zecke@selfish.org>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28352
-
-        Fix coding style violations. Use m_ for C++ class members. Remove
-        trailing whitespace on empty lines.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::tryConsumeCharacter):
-        (JSC::Yarr::Interpreter::tryConsumeBackReference):
-        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-        (JSC::Yarr::ByteCompiler::ByteCompiler):
-        (JSC::Yarr::ByteCompiler::compile):
-        (JSC::Yarr::ByteCompiler::checkInput):
-        (JSC::Yarr::ByteCompiler::assertionBOL):
-        (JSC::Yarr::ByteCompiler::assertionEOL):
-        (JSC::Yarr::ByteCompiler::assertionWordBoundary):
-        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
-        (JSC::Yarr::ByteCompiler::atomCharacterClass):
-        (JSC::Yarr::ByteCompiler::atomBackReference):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
-        (JSC::Yarr::ByteCompiler::popParenthesesStack):
-        (JSC::Yarr::ByteCompiler::closeAlternative):
-        (JSC::Yarr::ByteCompiler::closeBodyAlternative):
-        (JSC::Yarr::ByteCompiler::atomParenthesesEnd):
-        (JSC::Yarr::ByteCompiler::regexBegin):
-        (JSC::Yarr::ByteCompiler::alterantiveBodyDisjunction):
-        (JSC::Yarr::ByteCompiler::alterantiveDisjunction):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-
-2009-08-15  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build with JIT disabled.
-
-        * runtime/Arguments.h: Only compile the jitCode method when the JIT is enabled.
-        * runtime/Executable.h: Include PrototypeFunction.h so the compiler knows what
-        NativeFunctionWrapper is when the JIT is disabled.
-
-2009-08-15  Adam Bergkvist  <adam.bergkvist@ericsson.com>
-
-        Reviewed by Sam Weinig.
-
-        Added ENABLE_EVENTSOURCE flag.
-        https://bugs.webkit.org/show_bug.cgi?id=14997
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-08-14  Gavin Barraclough  <barraclough@apple.com>
-
-        * parser/Parser.h:
-        (JSC::EvalExecutable::parse):
-        (JSC::ProgramExecutable::parse):
-        * runtime/Executable.h:
-
-2009-08-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Remove AST nodes from use within the Runtime (outside of parsing), stage 1
-        https://bugs.webkit.org/show_bug.cgi?id=28330
-
-        Remove the EvalNode and ProgramNode from use in the runtime.  They still exist
-        after this patch, but are hidden behind EvalExecutable and FunctionExecutable,
-        and are also still reachable behind CodeBlock::m_ownerNode.
-
-        The next step will be to beat back FunctionBodyNode in the same fashion.
-        Then remove the usage via CodeBlock, then only construct these nodes only on
-        demand during bytecode generation.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.h:
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::GlobalCodeBlock::~GlobalCodeBlock):
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        (JSC::NativeCodeBlock::NativeCodeBlock):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::execute):
-        * interpreter/Interpreter.h:
-        * parser/Nodes.cpp:
-        (JSC::FunctionBodyNode::createNativeThunk):
-        (JSC::FunctionBodyNode::generateBytecode):
-        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        (JSC::Parser::reparse):
-        (JSC::Parser::parseFunctionFromGlobalCode):
-        (JSC::::parse):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Error.cpp:
-        (JSC::throwError):
-        * runtime/Error.h:
-        * runtime/Executable.h: Added.
-        (JSC::TemplateExecutable::TemplateExecutable):
-        (JSC::TemplateExecutable::markAggregate):
-        (JSC::TemplateExecutable::sourceURL):
-        (JSC::TemplateExecutable::lineNo):
-        (JSC::TemplateExecutable::bytecode):
-        (JSC::TemplateExecutable::jitCode):
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/FunctionConstructor.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::numericCompareFunction):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::codeBlocks):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-
-2009-08-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Rename the confusing isObject(<class>) to inherits(<class>).
-        It still works on non-objects, returning false.
-
-        * runtime/ArrayConstructor.cpp:
-        (JSC::arrayConstructorIsArray): Removed unneeded isObject call
-        and updated remaining isObject call to new name, inherits.
-
-        * runtime/JSCell.h: Renamed isObject(<class>) to inherits(<class>)
-        but more importantly, made it non-virtual (it was already inline)
-        so it is now as fast as JSObject::inherits was.
-
-        * runtime/JSObject.h: Removed inherits function since the one
-        in the base class is fine as-is. Also made various JSCell functions
-        that should not be called on JSObject uncallable by making them
-        both private and not implemented.
-        (JSC::JSCell::inherits): Updated name.
-        (JSC::JSValue::inherits): Ditto.
-
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncConcat):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSValue.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChain::localDepth):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToString):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSplit):
-        Updated to new name, inherits, from old name, isObject.
-
-2009-07-31  Harald Fernengel  <harald.fernengel@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Adding QNX as a platform. Currently only tested with Qt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27885
-
-        * JavaScriptCore/runtime/Collector.cpp: Added retrieving of stack base
-          since QNX doesn't have the pthread _nt functions
-        * JavaScriptCore/wtf/Platform.h: Added WTF_PLATFORM_QNX and corresponding
-          defines
-        * WebCore/bridge/npapi.h: Build fix for missing typedefs on QNX
-
-2009-08-14  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        Currently generic ARM and ARMv7 platforms work only with JSVALUE32
-        https://bugs.webkit.org/show_bug.cgi?id=28300
-
-        * wtf/Platform.h:
-
-2009-08-14  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        Enable JIT on ARM for QT by default
-        https://bugs.webkit.org/show_bug.cgi?id=28259
-
-        * wtf/Platform.h:
-
-2009-08-14  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        Enable YARR_JIT on ARM for QT by default
-        https://bugs.webkit.org/show_bug.cgi?id=28259
-
-        * wtf/Platform.h:
-
-2009-08-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [ES5] Arguments object should inherit from Array
-        https://bugs.webkit.org/show_bug.cgi?id=28298
-
-        Make the Arguments object conform to the behaviour specified in ES5.
-        The simple portion of this is to make Arguments use Array.prototype
-        as its prototype rather than Object.prototype.
-
-        The spec then requires us to set instance.constructor to the pristine
-        Object constructor, and instance.toString and instance.toLocaleString
-        to the pristine versions from Object.prototype.  To do this we now 
-        make the ObjectPrototype constructor return its toString and
-        toLocaleString functions (similar to the call and apply functions
-        from FunctionPrototype).
-
-        Oddly enough this reports itself as a slight win, but given the code
-        isn't hit in the tests that claim to have improved I put this down to
-        code motion.
-
-        * runtime/Arguments.h:
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::initializeStandardProperties):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::objectConstructor):
-        (JSC::JSGlobalObject::objectToStringFunction):
-        (JSC::JSGlobalObject::objectToLocaleStringFunction):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        * tests/mozilla/ecma_3/Function/arguments-001.js:
-          Update test to new es5 behaviour
-
-2009-08-14  Oliver Hunt  <oliver@apple.com>
-
-        Remove MarkStack::drain from the JSC exports file
-
-        MarkStack::drain is now marked inline, the including it in the exports file
-        produces an ld warning
-
-        * JavaScriptCore.exp:
-
-2009-08-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Remove accidentally left in debugging statement.
-
-        * runtime/JSArray.h:
-        (JSC::MarkStack::drain):
-
-2009-08-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        [ES5] Implement Array.isArray
-        https://bugs.webkit.org/show_bug.cgi?id=28296
-
-        Add support for Array.isArray to the Array constructor
-
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::arrayConstructorIsArray):
-        * runtime/ArrayConstructor.h:
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSArray.h:
-        (JSC::MarkStack::drain):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-
-2009-08-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (Buildfix).
-
-        Attempt to fix windows build
-
-        * runtime/Collector.cpp:
-
-2009-08-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Devirtualise marking
-        https://bugs.webkit.org/show_bug.cgi?id=28294
-
-        Add a bit to TypeInfo to indicate that an object uses the standard
-        JSObject::markChildren method.  This allows us to devirtualise marking
-        of most objects (though a branch is still needed).  We also add a branch
-        to identify arrays thus devirtualising marking in that case as well.
-
-        In order to make the best use of this devirtualisation I've also reworked
-        the MarkStack::drain() logic to make the iteration more efficient.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * JavaScriptCore.exp:
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::markChildren):
-        * runtime/JSArray.h:
-        (JSC::JSArray::markChildrenDirect):
-        (JSC::MarkStack::drain):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSCell.h:
-        (JSC::MarkStack::append):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSNumberCell.h:
-        (JSC::JSNumberCell::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::markChildren):
-        * runtime/JSObject.h:
-        (JSC::JSObject::markChildrenDirect):
-        (JSC::JSObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::JSString::createStructure):
-        * runtime/JSType.h:
-        (JSC::):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::MarkSet::MarkSet):
-        (JSC::MarkStack::MarkStackArray::last):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/TypeInfo.h:
-        (JSC::TypeInfo::hasDefaultMark):
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Some small bits of housekeeping.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Make Parser.h
-        project instead of private. Remove JSONObject.lut.h.
-
-        * assembler/ARMAssembler.h: Remove unneeded WTF prefix.
-        * assembler/AssemblerBufferWithConstantPool.h: Ditto.
-        * bytecompiler/BytecodeGenerator.h: Ditto.
-
-        * wtf/SegmentedVector.h: Add a "using" statement as we do
-        with the other WTF headers.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Fix Tiger build.
-
-        * parser/Grammar.y: Use a template function so we can compile
-        setStatementLocation even if it comes before YYLTYPE is defined.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by George Staikos.
-
-        Too much use of void* in Grammar.y
-        https://bugs.webkit.org/show_bug.cgi?id=28287
-
-        * parser/Grammar.y: Changed all the helper functions to
-        take a JSGlobalData* instead of a void*. A couple formatting
-        tweaks that I missed when breaking this into pieces.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by George Staikos.
-
-        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
-
-        * parser/Grammar.y: Reduced and sorted includes. Tweaked comment
-        format. Marked a few more functions inline.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by George Staikos.
-
-        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
-
-        * parser/Grammar.y: Pass the number to the PropertyNode instead of
-        first turning it into an Identifier.
-
-        * parser/NodeConstructors.h:
-        (JSC::PropertyNode::PropertyNode): Add an overload that takes a double
-        so the code to convert to a string can be here instead of Grammar.y.
-        * parser/Nodes.h: Ditto.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by George Staikos.
-
-        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
-
-        * parser/Grammar.y: Eliminate the DBG macro.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by George Staikos.
-
-        Another part of https://bugs.webkit.org/show_bug.cgi?id=28287
-
-        * parser/Grammar.y: Eliminate the SET_EXCEPTION_LOCATION macro.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by George Staikos.
-
-        George asked me to break the patch from
-        https://bugs.webkit.org/show_bug.cgi?id=28287
-        into smaller pieces and land it in stages.
-
-        * parser/Grammar.y: Eliminate the LEXER macro.
-
-2009-08-13  Mark Rowe  <mrowe@apple.com>
-
-        Try some more to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export a new symbol.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Ditto.
-
-2009-08-13  Mark Rowe  <mrowe@apple.com>
-
-        Try and fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export a new symbol.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Ditto.
-
-2009-08-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by David Levin.
-
-        JavaScriptCore tweaks to get ready for the parser arena
-        https://bugs.webkit.org/show_bug.cgi?id=28243
-
-        Eliminate dependencies on Nodes.h outside JavaScriptCore,
-        and cut down on them inside JavaScriptCore.
-
-        Change regular expression parsing to use identifiers as
-        with other strings we parse.
-
-        Fix a couple things that are needed to use const Identifier
-        more, which will be part of the parser arena work.
-
-        * JavaScriptCore.exp: Resorted and updated.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Changed
-        CollectorHeapIterator.h to be project-internal.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitPushNewScope): Added const.
-        * bytecompiler/BytecodeGenerator.h: Ditto.
-
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions): Moved this function
-        here from WebCore. Here is better since it uses so many internals.
-        Removed unimportant optimization for the no listener case.
-        * debugger/Debugger.h: Ditto. Also removed unneeded include
-        and tweaked formatting and comments.
-
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName): Call asFunction instead
-        of doing the unchecked static_cast.
-        (JSC::DebuggerCallFrame::calculatedFunctionName): Ditto.
-
-        * jit/JITStubs.cpp:
-        (JSC::op_call_JSFunction): Call isHostFunction on the body rather
-        than on the JSFunction.
-        (JSC::vm_lazyLinkCall): Ditto.
-        (JSC::op_construct_JSConstruct): Ditto.
-
-        * parser/Grammar.y: Changed callers to use new scanRegExp with
-        out arguments instead of relying on state in the Lexer. And
-        callers that just want to skip a regular expression to use
-        skipRegExp.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::scanRegExp): Changed to use out arguments, and to
-        add a prefix argument so we can add in the "=" character as needed.
-        Also rewrote to streamline the logic a bit inspired by suggestions
-        by David Levin.
-        (JSC::Lexer::skipRegExp): Added. Version of the function above that
-        does not actually put the regular expression into a string.
-        (JSC::Lexer::clear): Removed code to clear m_pattern and m_flags.
-        * parser/Lexer.h: Changed scanRegExp to have out arguments. Added
-        skipRegExp. Eliminated pattern, flags, m_pattern, and m_flags.
-
-        * parser/NodeConstructors.h:
-        (JSC::RegExpNode::RegExpNode): Changed to take const Identifier&.
-        * parser/Nodes.cpp:
-        (JSC::RegExpNode::emitBytecode): Changed since m_pattern and
-        m_flags are now Identifier instead of UString.
-        (JSC::FunctionBodyNode::make): Moved this function here instead
-        of putting it in the JSFunction.h header.
-        * parser/Nodes.h: Changed RegExpNode to use Identifier.
-
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier): Changed to use isHostFunction
-        on the body instead of on the JSFunction object.
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString): Ditto.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::isHostFunction): Moved here from header.
-        (JSC::JSFunction::isHostFunctionNonInline): Added.
-        (JSC::JSFunction::JSFunction): Removed unneeded initialization of
-        m_body to 0.
-        (JSC::JSFunction::setBody): Moved here from header.
-
-        * runtime/JSFunction.h: Removed unneeded includes. Moved private
-        constructor down to the private section. Made virtual functions
-        private. Removed unneeded overload of setBody and moved the body
-        of the function into the .cpp file. Changed assertions to use
-        the non-inline version of isHostFunction.
-
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter): Use asFunction instead
-        of doing the unchecked static_cast.
-
-        * wtf/SegmentedVector.h:
-        (WTF::SegmentedVector::isEmpty): Added.
-
-2009-08-13  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Darin Adler.
-
-        Use the version of operator new that takes a JSGlobalData when allocating FuncDeclNode and FuncExprNode
-        from within the grammar to prevent these nodes from being leaked.
-
-        * parser/Grammar.y:
-
-2009-08-13  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Ariya Hidayat.
-
-        Remove the special-case for Qt wrt JSVALUE_32 introduced in
-        r46709. It must've been a dependency issue on the bot, as
-        after a manual build all the tests pass on amd64 and ia32.
-
-        * wtf/Platform.h:
-
-2009-08-12  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Add optimize call and property access support for ARM JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=24986
-
-        For tightly coupled sequences the BEGIN_UNINTERRUPTED_SEQUENCE and
-        END_UNINTERRUPTED_SEQUENCE macros have been introduced which ensure
-        space for instructions and constants of the named sequence. This
-        method is vital for those architecture which are using constant pool.
-
-        The 'latePatch' method - which was linked to JmpSrc - is replaced with
-        a port specific solution (each calls are marked to place their address
-        on the constant pool).
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::linkBranch):
-        (JSC::ARMAssembler::executableCopy): Add extra align for constant pool.
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::JmpSrc::JmpSrc):
-        (JSC::ARMAssembler::sizeOfConstantPool):
-        (JSC::ARMAssembler::jmp):
-        (JSC::ARMAssembler::linkCall):
-        * assembler/ARMv7Assembler.h:
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (JSC::AssemblerBufferWithConstantPool::flushIfNoSpaceFor): Fix the
-        computation of the remaining space.
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branch32):
-        (JSC::MacroAssemblerARM::nearCall):
-        (JSC::MacroAssemblerARM::call):
-        (JSC::MacroAssemblerARM::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM::ensureSpace):
-        (JSC::MacroAssemblerARM::sizeOfConstantPool):
-        (JSC::MacroAssemblerARM::prepareCall):
-        * assembler/X86Assembler.h:
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::beginUninterruptedSequence):
-        (JSC::JIT::endUninterruptedSequence):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emit_op_put_by_id):
-
-2009-08-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Dave Kilzer.
-
-        Disable WTF_USE_JSVALUE32_64 on iPhone for now (support not yet added for ARMv7).
-
-        * wtf/Platform.h:
-
-2009-08-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Maciej Stachoviak.
-
-        Ooops - moved code that had been accidentally added to op_new_func instead of
-        op_new_func_exp, to where it shoulds be.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * wtf/Platform.h:
-
-2009-08-12  Ada Chan  <adachan@apple.com>
-
-        Added workaround for the limitation that VirtualFree with MEM_RELEASE
-        can only accept the base address returned by VirtualAlloc when the region
-        was reserved and it can only free the entire region, and not a part of it.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
-        * runtime/MarkStackWin.cpp:
-        (JSC::MarkStack::releaseStack):
-
-2009-08-12  Balazs Kelemen  <kelemen.balazs.3@stud.u-szeged.hu>
-
-        Reviewed by Ariya Hidayat.
-
-        Build fix: use std::numeric_limits<long long>::min() instead of LLONG_MIN
-        since LLONG_MIN is not defined in standard c++.
-
-        * runtime/UString.cpp:
-        (JSC::UString::from):
-
-2009-08-12  Benjamin Otte  <otte@gnome.org>
-
-        Reviewed by Jan Alonzo.
-
-        Buildfix for Gtk platforms debug builds.
-
-        * GNUmakefile.am: Choose MarkStackPosix.cpp or MarkStackWin.cpp
-        depending on platform.
-
-2009-08-12  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Prospective build fix for Mac and 32-bit Windows.
-
-        * runtime/UString.cpp: Include wtf/StringExtras.h for snprintf.
-        (JSC::UString::from): Use %lld instead of %I64d for snprintf
-        on non-windows platforms.
-
-2009-08-12  Prasanth Ullattil  <prasanth.ullattil@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix compile error on 64Bit Windows, when UString::from
-        is called with an intptr_t.
-
-        Added new UString::From overload with long long parameter.
-
-        Thanks to Holger for the long long idea.
-
-        * runtime/UString.cpp:
-        (JSC::UString::from):
-        * runtime/UString.h:
-
-2009-08-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Minor style fixes.
-
-        * runtime/UString.h:
-        (JSC::UString::Rep::createEmptyBuffer):
-        * wtf/FastMalloc.h:
-        (WTF::TryMallocReturnValue::getValue):
-
-2009-08-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make it harder to misuse try* allocation routines
-        https://bugs.webkit.org/show_bug.cgi?id=27469
-
-        Jump through a few hoops to make it much harder to accidentally
-        miss null-checking of values returned by the try-* allocation
-        routines.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::increaseVectorLength):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncLink):
-        * runtime/UString.cpp:
-        (JSC::allocChars):
-        (JSC::reallocChars):
-        (JSC::expandCapacity):
-        (JSC::UString::Rep::reserveCapacity):
-        (JSC::UString::expandPreCapacity):
-        (JSC::createRep):
-        (JSC::concatenate):
-        (JSC::UString::spliceSubstringsWithSeparators):
-        (JSC::UString::replaceRange):
-        (JSC::UString::append):
-        (JSC::UString::operator=):
-        * runtime/UString.h:
-        (JSC::UString::Rep::createEmptyBuffer):
-        * wtf/FastMalloc.cpp:
-        (WTF::tryFastZeroedMalloc):
-        (WTF::tryFastMalloc):
-        (WTF::tryFastCalloc):
-        (WTF::tryFastRealloc):
-        (WTF::TCMallocStats::tryFastMalloc):
-        (WTF::TCMallocStats::tryFastCalloc):
-        (WTF::TCMallocStats::tryFastRealloc):
-        * wtf/FastMalloc.h:
-        (WTF::TryMallocReturnValue::TryMallocReturnValue):
-        (WTF::TryMallocReturnValue::~TryMallocReturnValue):
-        (WTF::TryMallocReturnValue::operator PossiblyNull<T>):
-        (WTF::TryMallocReturnValue::getValue):
-        * wtf/Platform.h:
-        * wtf/PossiblyNull.h: Added.
-        (WTF::PossiblyNull::PossiblyNull):
-        (WTF::PossiblyNull::~PossiblyNull):
-        (WTF::::getValue):
-
-2009-08-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix part deux).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-11  Gavin Barraclough  <barraclough@apple.com>
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Restrict use of FuncDeclNode & FuncExprNode to the parser.
-        https://bugs.webkit.org/show_bug.cgi?id=28209
-
-        These objects were also being referenced from the CodeBlock.  By changing this
-        to just retain pointers to FunctionBodyNodes these classes can be restricted to
-        use during parsing.
-
-        No performance impact (or sub-percent progression).
-
-        * JavaScriptCore.exp:
-            Update symbols.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::mark):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addFunction):
-        (JSC::CodeBlock::function):
-            Unify m_functions & m_functionExpressions into a single Vector<RefPtr<FuncExprNode> >.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitNewFunctionExpression):
-        * bytecompiler/BytecodeGenerator.h:
-            FunctionStacks now contain FunctionBodyNodes not FuncDeclNodes.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-            Update to reflect chnages in CodeBlock.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_func_exp):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-            Update to reflect chnages in CodeBlock.
-
-        * parser/Grammar.y:
-            FunctionStacks now contain FunctionBodyNodes not FuncDeclNodes.
-
-        * parser/NodeConstructors.h:
-        (JSC::FuncExprNode::FuncExprNode):
-        (JSC::FuncDeclNode::FuncDeclNode):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNodeData::mark):
-        (JSC::FunctionBodyNode::finishParsing):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::ident):
-            Move m_ident & make methods from FuncDeclNode & FuncExprNode to FunctionBodyNode.
-
-        * runtime/JSFunction.h:
-        (JSC::FunctionBodyNode::make):
-            Make this method inline (was FuncDeclNode::makeFunction).
-
-2009-08-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Native JSON.stringify does not omit functions
-        https://bugs.webkit.org/show_bug.cgi?id=28117
-
-        Objects that are callable should be treated as undefined when
-        serialising to JSON.
-
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendStringifiedValue):
-
-2009-08-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        REGRESSION: Hang/crash in BytecodeGenerator::constRegisterFor loading simple page
-        https://bugs.webkit.org/show_bug.cgi?id=28169
-
-        Handle the case where someone has attempted to shadow a property
-        on the global object with a constant.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::constRegisterFor):
-        * parser/Nodes.cpp:
-        (JSC::ConstDeclNode::emitCodeSingle):
-
-2009-08-11  John Gregg  <johnnyg@google.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Desktop Notifications API
-        https://bugs.webkit.org/show_bug.cgi?id=25463
-
-        Adds ENABLE_NOTIFICATION flag.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-08-11  Maxime Simon  <simon.maxime@gmail.com>
-
-        Reviewed by Eric Seidel.
-
-        Modifications on JavaScriptCore to allow Haiku port.
-        https://bugs.webkit.org/show_bug.cgi?id=28121
-
-        * runtime/Collector.cpp: Haiku doesn't have sys/mman.h, using OS.h instead.
-        (JSC::currentThreadStackBase): Haiku uses its own threading system.
-        * wtf/Platform.h: Defining all Haiku platform values.
-        * wtf/haiku/MainThreadHaiku.cpp: Adding a missing header (NotImplemented.h).
-
-2009-08-11  Jessie Berlin  <jberlin@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-11  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Buildfix for Qt-win platforms.
-
-        * JavaScriptCore.pri: Choose MarkStackPosix.cpp or MarkStackWin.cpp depend on platform.
-
-2009-08-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (And another build fix).
-
-        Add new exports for MSVC
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-08-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by NOBODY (yet another build fix).
-
-        Remove obsolete entries from MSVC exports file
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-10  Oliver Hunt  <oliver@apple.com>
-
-        Add includes needed for non-allinonefile builds
-
-        * runtime/GetterSetter.h:
-        * runtime/ScopeChain.h:
-
-2009-08-10  Oliver Hunt  <oliver@apple.com>
-
-        Fix export file for last build fix
-
-        * JavaScriptCore.exp:
-
-2009-08-10  Oliver Hunt  <oliver@apple.com>
-
-        Hoist page size initialization into platform specific code.
-
-        * jit/ExecutableAllocatorPosix.cpp:
-        * jit/ExecutableAllocatorWin.cpp:
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::pageSize):
-        * runtime/MarkStackPosix.cpp:
-        (JSC::MarkStack::initializePagesize):
-        * runtime/MarkStackWin.cpp:
-        (JSC::MarkStack::initializePagesize):
-
-2009-08-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Stack overflow crash in JavaScript garbage collector mark pass
-        https://bugs.webkit.org/show_bug.cgi?id=12216
-
-        Make the GC mark phase iterative by using an explicit mark stack.
-        To do this marking any single object is performed in multiple stages
-          * The object is appended to the MarkStack, this sets the marked
-            bit for the object using the new markDirect() function, and then
-            returns
-          * When the MarkStack is drain()ed the object is popped off the stack
-            and markChildren(MarkStack&) is called on the object to collect 
-            all of its children.  drain() then repeats until the stack is empty.
-
-        Additionally I renamed a number of methods from 'mark' to 'markAggregate'
-        in order to make it more clear that marking of those object was not
-        going to result in an actual recursive mark.
-
-        * GNUmakefile.am
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::markAggregate):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::markChildren):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Register.h:
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::markGlobals):
-        (JSC::RegisterFile::markCallFrames):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNodeData::markAggregate):
-        (JSC::EvalNode::markAggregate):
-        (JSC::FunctionBodyNode::markAggregate):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::markAggregate):
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        * runtime/ArgList.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::markChildren):
-        * runtime/Arguments.h:
-        * runtime/Collector.cpp:
-        (JSC::Heap::markConservatively):
-        (JSC::Heap::markCurrentThreadConservativelyInternal):
-        (JSC::Heap::markCurrentThreadConservatively):
-        (JSC::Heap::markOtherThreadConservatively):
-        (JSC::Heap::markStackObjectsConservatively):
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::collect):
-        * runtime/Collector.h:
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::markChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::createStructure):
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::markChildren):
-        * runtime/GlobalEvalFunction.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::markChildren):
-        * runtime/JSArray.h:
-        * runtime/JSCell.h:
-        (JSC::JSCell::markCellDirect):
-        (JSC::JSCell::markChildren):
-        (JSC::JSValue::markDirect):
-        (JSC::JSValue::markChildren):
-        (JSC::JSValue::hasChildren):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::drain):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::markChildren):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::markChildren):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::markAggregate):
-        (JSC::JSONObject::markStringifiers):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::markChildren):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        * runtime/JSObject.h:
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::markChildren):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSType.h:
-        (JSC::):
-        * runtime/JSValue.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::markChildren):
-        * runtime/JSWrapperObject.h:
-        * runtime/MarkStack.cpp: Added.
-        (JSC::MarkStack::compact):
-        * runtime/MarkStack.h: Added.
-        (JSC::):
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::appendValues):
-        (JSC::MarkStack::~MarkStack):
-        (JSC::MarkStack::MarkSet::MarkSet):
-        (JSC::MarkStack::pageSize):
-        
-        MarkStackArray is a non-shrinking, mmap-based vector type
-        used for storing objects to be marked.
-        (JSC::MarkStack::MarkStackArray::MarkStackArray):
-        (JSC::MarkStack::MarkStackArray::~MarkStackArray):
-        (JSC::MarkStack::MarkStackArray::expand):
-        (JSC::MarkStack::MarkStackArray::append):
-        (JSC::MarkStack::MarkStackArray::removeLast):
-        (JSC::MarkStack::MarkStackArray::isEmpty):
-        (JSC::MarkStack::MarkStackArray::size):
-        (JSC::MarkStack::MarkStackArray::shrinkAllocation):
-        * runtime/MarkStackPosix.cpp: Added.
-        (JSC::MarkStack::allocateStack):
-        (JSC::MarkStack::releaseStack):
-        * runtime/MarkStackWin.cpp: Added.
-        (JSC::MarkStack::allocateStack):
-        (JSC::MarkStack::releaseStack):
-
-        * runtime/ScopeChain.h:
-        * runtime/ScopeChainMark.h:
-        (JSC::ScopeChain::markAggregate):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::mark):
-        * runtime/Structure.h:
-        (JSC::Structure::markAggregate):
-
-2009-08-10  Mark Rowe  <mrowe@apple.com>
-        
-        Reviewed by Darin Adler.
-
-        Fix hundreds of "pointer being freed was not allocated" errors seen on the build bot.
-
-        * wtf/FastMalloc.h: Implement nothrow variants of the delete and delete[] operators since
-        we implement the nothrow variants of new and new[].  The nothrow variant of delete is called
-        explicitly in the implementation of std::sort which was resulting in FastMalloc-allocated
-        memory being passed to the system allocator to free.
-
-2009-08-10  Jan Michael Alonzo  <jmalonzo@webkit.org>
-
-        [Gtk] Unreviewed build fix. Move JSAPIValueWrapper.cpp/.h in the debug
-        section. This file is already part of AllInOneFile in Release builds.
-
-        * GNUmakefile.am:
-
-2009-08-10  Darin Adler  <darin@apple.com>
-
-        * wtf/FastMalloc.h: Fix build.
-
-2009-08-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        FastMalloc.h has cross-platform code but marked as WinCE-only
-        https://bugs.webkit.org/show_bug.cgi?id=28160
-
-        1) The support for nothrow was inside #if PLATFORM(WINCE) even though it is
-           not platform-specific.
-        2) The code tried to override operator delete nothrow, which does not exist.
-        3) The code in the header checks the value of USE_SYSTEM_MALLOC, but the code
-           in FastMalloc.cpp checks only if the macro is defined.
-
-        * wtf/FastMalloc.h: See above.
-        * wtf/FastMalloc.cpp: Ditto.
-
-2009-08-10  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Fix an annoying indentation issue.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-
-2009-08-10  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed build fix.
-
-        Add new files to makefile.
-
-        * GNUmakefile.am:
-
-2009-08-10  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Fix compilation with the interpreter instead of the JIT by including
-        PrototypeFunction.h as forward-declared through NativeFunctionWrapper.h.
-
-        * runtime/ObjectConstructor.cpp:
-
-2009-08-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by George Staikos.
-
-        JSON.stringify replacer returning undefined does not omit object properties
-        https://bugs.webkit.org/show_bug.cgi?id=28118
-
-        Correct behaviour of stringify when using a replacer function that returns
-        undefined.  This is a simple change to move the undefined value check to
-        after the replacer function is called.  This means that the replacer function
-        is now called for properties with the value undefined, however i've confirmed
-        that this behaviour is correct.
-        
-        In addition I've made the cyclic object exception have a more useful error
-        message.
-
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendStringifiedValue):
-
-2009-08-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Eric Seidel and Sam Weinig.
-
-        [ES5] Implement Object.getPrototypeOf
-        https://bugs.webkit.org/show_bug.cgi?id=28114
-
-        Implement getPrototypeOf
-
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConsGetPrototypeOf):
-        * runtime/ObjectConstructor.h:
-
-2009-08-07  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Eric Seidel.
-
-        Allow custom memory allocation control for Noncopyable class
-        https://bugs.webkit.org/show_bug.cgi?id=27879
-
-        Several classes which are inherited from Noncopyable are instantiated by
-        operator new, so Noncopyable class has been inherited from FastAllocBase.
-
-        * wtf/Noncopyable.h:
-
-2009-08-07  George Staikos <george.staikos@torchmobile.com> 
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27305
-        Implement WinCE-specific unicode layer.
-        Written by George Staikos <george.staikos@torchmobile.com>
-        with bug fixes by Yong Li <yong.li@torchmobile.com>
-        refactored by Joe Mason <joe.mason@torchmobile.com> 
-
-        * wtf/Platform.h:
-        * wtf/unicode/Unicode.h:
-        * wtf/unicode/wince/UnicodeWince.cpp: Added.
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isSpace):
-        (WTF::Unicode::isLetter):
-        (WTF::Unicode::isUpper):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::direction):
-        (WTF::Unicode::category):
-        (WTF::Unicode::decompositionType):
-        (WTF::Unicode::combiningClass):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::digitValue):
-        * wtf/unicode/wince/UnicodeWince.h: Added.
-        (WTF::Unicode::):
-        (WTF::Unicode::isSeparatorSpace):
-        (WTF::Unicode::isHighSurrogate):
-        (WTF::Unicode::isLowSurrogate):
-        (WTF::Unicode::isArabicChar):
-        (WTF::Unicode::hasLineBreakingPropertyComplexContext):
-        (WTF::Unicode::umemcasecmp):
-        (WTF::Unicode::surrogateToUcs4):
-
-2009-08-07  Yongjun Zhang  <yongjun.zhang@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=28069
-
-        Add inline to help winscw compiler resolve specialized argument in 
-        templated functions.  
-
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lexString):
-
-2009-08-07  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Eric Seidel.
-
-        Allow custom memory allocation control for RegExpObjectData struct
-        http://bugs.webkit.org/show_bug.cgi?id=26750
-
-        Inherits RegExpObjectData struct from FastAllocBase because
-        it has been instantiated by 'new' in JavaScriptCore/runtime/RegExpObject.cpp:62
-
-        * runtime/RegExpObject.h:
-
-2009-08-06  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Updated patch for bug #27059:
-        Symbian platform always uses little endian encoding,
-        regardless of compiler.
-        We need to make sure that we correctly detect EABI architecture
-        for armv5 targets on Symbian,
-        where __EABI__ is set but not __ARM_EABI__
-
-        * wtf/Platform.h:
-
-2009-08-06  Adam Barth  <abarth@webkit.org>
-
-        Unreviewed revert.
-
-        http://bugs.webkit.org/show_bug.cgi?id=27879
-
-        Revert 46877 because it broke GTK.
-
-        * wtf/Noncopyable.h:
-
-2009-08-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Make get_by_id/put_by_id/method_check/call defer optimization using a data flag rather than a code modification.
-        ( https://bugs.webkit.org/show_bug.cgi?id=27635 )
-
-        This improves performance of ENABLE(ASSEMBLER_WX_EXCLUSIVE) builds by 2-2.5%, reducing the overhead to about 2.5%.
-        (No performance impact with ASSEMBLER_WX_EXCLUSIVE disabled).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::printStructureStubInfo):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
-
-        * bytecode/CodeBlock.h:
-        (JSC::):
-        (JSC::CallLinkInfo::seenOnce):
-        (JSC::CallLinkInfo::setSeen):
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-            - Change a pointer in CallLinkInfo/MethodCallLinkInfo to use a PtrAndFlags, use a flag to track when an op has been executed once.
-
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
-
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        (JSC::StructureStubInfo::initGetByIdSelf):
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initGetByIdSelfList):
-        (JSC::StructureStubInfo::initGetByIdProtoList):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        (JSC::StructureStubInfo::initPutByIdReplace):
-        (JSC::StructureStubInfo::seenOnce):
-        (JSC::StructureStubInfo::setSeen):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID, add a flag to track when an op has been executed once.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::unlinkCall):
-            - Remove the "don't lazy link" stage of calls.
-
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-            - Remove the "don't lazy link" stage of calls.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSlowCase):
-            - Remove the "don't lazy link" stage of calls.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        (JSC::JITStubs::getPolymorphicAccessStructureListSlot):
-            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
-
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiStringLengthTrampoline):
-        (JSC::JITStubs::):
-            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
-
-        * wtf/PtrAndFlags.h:
-        (WTF::PtrAndFlags::PtrAndFlags):
-        (WTF::PtrAndFlags::operator!):
-        (WTF::PtrAndFlags::operator->):
-            - Add ! and -> operators, add constuctor with pointer argument.
-
-2009-08-06  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Adam Barth.
-
-        Allow custom memory allocation control for Noncopyable class
-        https://bugs.webkit.org/show_bug.cgi?id=27879
-
-        Several classes which inherited from Noncopyable are instantiated by
-        operator new, so Noncopyable class has been inherited from FastAllocBase.
-
-        * wtf/Noncopyable.h:
-
-2009-08-06  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-
-        Add explicit dependencies for our build verification scripts to ensure that they always run after linking has completed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-08-06  Mark Rowe  <mrowe@apple.com>
-
-        Bring a little order to our otherwise out of control lives.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-08-06  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's PolymorphicAccessStructureList struct
-        https://bugs.webkit.org/show_bug.cgi?id=27877
-
-        Inherits PolymorphicAccessStructureList struct from FastAllocBase because it has been instantiated by
-        'new' in JavaScriptCore/jit/JITStubs.cpp:1229.
-
-        * bytecode/Instruction.h:
-
-2009-08-05  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's ScopeNodeData struct
-        https://bugs.webkit.org/show_bug.cgi?id=27875
-
-        Inherits ScopeNodeData struct from FastAllocBase because it has been instantiated by
-        'new' in JavaScriptCore/parser/Nodes.cpp:1848.
-
-        * parser/Nodes.h:
-
-2009-08-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Add floating point support for generic ARM port.
-        https://bugs.webkit.org/show_bug.cgi?id=24986
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::doubleTransfer):
-        * assembler/ARMAssembler.h:
-        (JSC::ARM::):
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::faddd_r):
-        (JSC::ARMAssembler::fsubd_r):
-        (JSC::ARMAssembler::fmuld_r):
-        (JSC::ARMAssembler::fcmpd_r):
-        (JSC::ARMAssembler::fdtr_u):
-        (JSC::ARMAssembler::fdtr_d):
-        (JSC::ARMAssembler::fmsr_r):
-        (JSC::ARMAssembler::fsitod_r):
-        (JSC::ARMAssembler::fmstat):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::):
-        (JSC::MacroAssemblerARM::supportsFloatingPoint):
-        (JSC::MacroAssemblerARM::loadDouble):
-        (JSC::MacroAssemblerARM::storeDouble):
-        (JSC::MacroAssemblerARM::addDouble):
-        (JSC::MacroAssemblerARM::subDouble):
-        (JSC::MacroAssemblerARM::mulDouble):
-        (JSC::MacroAssemblerARM::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM::branchDouble):
-        * jit/JIT.h:
-
-2009-08-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Add JIT support for generic ARM port without optimizations.
-        https://bugs.webkit.org/show_bug.cgi?id=24986
-
-        All JIT optimizations are disabled.
-
-        Signed off by Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
-        Signed off by Gabor Loki <loki@inf.u-szeged.hu>
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::baseIndexTransfer32):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Imm32::Imm32):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::store32):
-        (JSC::MacroAssemblerARM::move):
-        (JSC::MacroAssemblerARM::branch32):
-        (JSC::MacroAssemblerARM::add32):
-        (JSC::MacroAssemblerARM::sub32):
-        (JSC::MacroAssemblerARM::load32):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getBytecodeIndex):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        * jit/JITOpcodes.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        (JSC::JITStackFrame::returnAddressSlot):
-        * wtf/Platform.h:
-
-2009-08-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Oiver Hunt.
-
-        Revert r46643 since this breaks the Yarr::Interpreter running the v8 tests.
-        https://bugs.webkit.org/show_bug.cgi?id=27874
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::allocDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeDisjunctionContext):
-        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
-
-2009-08-04  Oliver Hunt  <oliver@apple.com>
-
-        PPC64 Build fix
-
-        * wtf/Platform.h:
-
-2009-08-04  Benjamin C Meyer  <benjamin.meyer@torchmobile.com>
-
-        Reviewed by Adam Treat
-
-        Explicitly include limits.h header when using INT_MAX and INT_MIN
-
-        * interpreter/Interpreter.cpp
-
-2009-08-03  Harald Fernengel  <harald.fernengel@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Fix compile error for ambigous call to abs()
-        https://bugs.webkit.org/show_bug.cgi?id=27873
-
-        Fix ambiguity in abs(long int) call by calling labs() instead
-
-        * wtf/DateMath.cpp: replace call to abs() with labs()
-
-2009-08-03  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] Consolidate common gcc flags to WebKit.pri
-        https://bugs.webkit.org/show_bug.cgi?id=27934
-
-        * JavaScriptCore.pro:
-
-2009-08-03  Ada Chan  <adachan@apple.com>
-
-        Fixed the Tiger build.
-
-        * wtf/FastMalloc.cpp:
-
-2009-08-03  Ada Chan  <adachan@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Don't use background thread to scavenge memory on Tiger until we figure out why it causes a crash.
-        https://bugs.webkit.org/show_bug.cgi?id=27900
-
-        * wtf/FastMalloc.cpp:
-
-2009-08-03  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Jan Alonzo.
-
-        Fix build break on Gtk/x86_64.
-        https://bugs.webkit.org/show_bug.cgi?id=27936
-
-        Use JSVALUE64 for X86_64 LINUX, except Qt.
-
-        * wtf/Platform.h:
-
-2009-08-02  Xan Lopez  <xlopez@igalia.com>
-
-        Fix the GTK+ build.
-
-        * wtf/Platform.h:
-
-2009-08-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Disabled JSVALUE32_64 on Qt builds, since all layout tests mysteriously
-        crash with it enabled.
-
-        * wtf/Platform.h:
-
-2009-08-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Qt build fix.
-
-        Added JSAPIValueWrapper.cpp to the build.
-
-        * JavaScriptCore.pri:
-
-2009-08-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        Exported symbols for JSAPIValueWrapper.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-08-02  Geoffrey Garen  <ggaren@apple.com>
-
-        GTK build fix.
-
-        * jit/JITStubs.cpp: #include <stdarg.h>, for a definition of va_start.
-
-2009-08-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Qt build fix.
-        
-        * runtime/Collector.cpp: #include <limits.h>, for a definition of ULONG_MAX.
-
-2009-08-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Nixed JSImmediate::prototype, JSImmediate::toObject,
-        and JSImmediate::toThisObject, and removed their exported symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * runtime/JSImmediate.cpp:
-        * runtime/JSImmediate.h:
-
-2009-08-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Enabled JSVALUE32_64 by default on all platforms other than x86_64 (which uses JSVALUE64).
-
-        * wtf/Platform.h:
-
-2009-08-02  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Jan Alonzo.
-
-        Script for building the JavaScriptCore library for wx.
-        https://bugs.webkit.org/show_bug.cgi?id=27619
-
-        * wscript: Added.
-
-2009-08-02  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        DateMath depends on strftime and localtime, which need to be imported manually on WinCE
-        https://bugs.webkit.org/show_bug.cgi?id=26558
-
-        * wtf/DateMath.cpp:
-
-2009-08-01  David Kilzer  <ddkilzer@apple.com>
-
-        wtf/Threading.h: added include of Platform.h
-
-        Reviewed by Mark Rowe.
-
-        * wtf/Threading.h: Added #include "Platform.h" since this header
-        uses PLATFORM() and other macros.
-
-2009-08-01  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Roll out r46668 as it was misinformed.  ScopeChain is only used with placement new.
-
-        * runtime/ScopeChain.h:
-
-2009-08-01  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Allow custom memory allocation control for JavaScriptCore's HashMap class
-        http://bugs.webkit.org/show_bug.cgi?id=27871
-
-        Inherits HashMap class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/API/JSClassRef.cpp:148.
-
-        * wtf/RefPtrHashMap.h:
-        (WTF::):
-
-2009-08-01  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Allow custom memory allocation control for JavaScriptCore's ScopeChain class
-        https://bugs.webkit.org/show_bug.cgi?id=27834
-
-        Inherits ScopeChain class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/JSFunction.h:109.
-
-        * runtime/ScopeChain.h:
-
-2009-08-01  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's RegExpConstructorPrivate struct 
-        https://bugs.webkit.org/show_bug.cgi?id=27833
-
-        Inherits RegExpConstructorPrivate class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/RegExpConstructor.cpp:152.
-
-        * runtime/RegExpConstructor.cpp:
-
-2009-07-31  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        Resurrect the old GetTickCount implementation of currentTime, controlled by WTF_USE_QUERY_PERFORMANCE_COUNTER
-        currentSystemTime taken from older WebKit; currentTime written by Yong Li <yong.li@torchmobile.com>; cleanup by Joe Mason <joe.mason@torchmobile.com>
-        https://bugs.webkit.org/show_bug.cgi?id=27848
-
-        * wtf/CurrentTime.cpp:
-        (WTF::currentSystemTime): get current time with GetCurrentFT
-        (WTF::currentTime): track msec elapsed since first currentSystemTime call using GetTickCount
-        * wtf/Platform.h:
-
-2009-07-31  Ada Chan  <adachan@apple.com>
-
-        Fixes the Windows release-PGO build.
-
-        Reviewed by Jon Honeycutt.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Suppresses the warning about unreachable code that we get by adding "return 0" to WTF::TCMalloc_PageHeap::runScavengerThread().
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::runScavengerThread): Fixes the error about the method not returning a value in the release-PGO build.
-
-2009-07-31  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Change malloc to fastMalloc and free to fastFree in Yarr's RegexInterpreter.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=27874
-
-        Use fastMalloc and fastFree instead of malloc and free in RegexInterpreter.cpp's methods.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::allocDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeDisjunctionContext):
-        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
-
-2009-07-30  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Jan Alonzo.
-
-        Fix compiler warning.
-
-        GCC does not like C++-style comments in preprocessor directives.
-
-        * wtf/Platform.h:
-
-2009-07-30  John McCall  <rjmccall@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Optimize the X86_64 trampolines: avoid the need for filler arguments
-        and move the stub-args area closer to the stack pointer.
-
-        * jit/JIT.h: adjust patch offsets because of slight code-size change 
-        * jit/JITCode.h:
-        (JSC::JITCode::execute): don't pass filler args
-        * jit/JITStubs.cpp:
-        (ctiTrampoline): (X86_64): push args onto stack, use args directly
-        (ctiVMThrowTrampoline): (X86_64): adjust %rsp by correct displacement
-        (ctiOpThrowNotCaught): (X86_64): adjust %rsp by correct displacement
-        * jit/JITStubs.h:
-        (JITStackFrame): (X86_64): move args area earlier
-        (ctiTrampoline): remove filler args from prototype
-
-2009-07-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Temporarily revert r46618 since this is b0rking on Linux.
-
-2009-07-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Make get_by_id/put_by_id/method_check/call defer optimization using a data flag rather than a code modification.
-        ( https://bugs.webkit.org/show_bug.cgi?id=27635 )
-
-        This improves performance of ENABLE(ASSEMBLER_WX_EXCLUSIVE) builds by 2-2.5%, reducing the overhead to about 2.5%.
-        (No performance impact with ASSEMBLER_WX_EXCLUSIVE disabled).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::printStructureStubInfo):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
-
-        * bytecode/CodeBlock.h:
-        (JSC::):
-        (JSC::CallLinkInfo::seenOnce):
-        (JSC::CallLinkInfo::setSeen):
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-            - Change a pointer in CallLinkInfo/MethodCallLinkInfo to use a PtrAndFlags, use a flag to track when an op has been executed once.
-
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
-
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        (JSC::StructureStubInfo::initGetByIdSelf):
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initGetByIdSelfList):
-        (JSC::StructureStubInfo::initGetByIdProtoList):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        (JSC::StructureStubInfo::initPutByIdReplace):
-        (JSC::StructureStubInfo::seenOnce):
-        (JSC::StructureStubInfo::setSeen):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID, add a flag to track when an op has been executed once.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-            - Make StructureStubInfo store the type as an integer, rather than an OpcodeID.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::unlinkCall):
-            - Remove the "don't lazy link" stage of calls.
-
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-            - Remove the "don't lazy link" stage of calls.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSlowCase):
-            - Remove the "don't lazy link" stage of calls.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        (JSC::JITStubs::getPolymorphicAccessStructureListSlot):
-            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
-
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiStringLengthTrampoline):
-        (JSC::JITStubs::):
-            - Remove the "don't lazy link" stage of calls, and the "_second" stage of get_by_id/put_by_id/method_check.
-
-        * wtf/PtrAndFlags.h:
-        (WTF::PtrAndFlags::PtrAndFlags):
-        (WTF::PtrAndFlags::operator!):
-        (WTF::PtrAndFlags::operator->):
-            - Add ! and -> operators, add constuctor with pointer argument.
-
-2009-07-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed failing tests seen on Windows buildbot.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::): Use "int" instead of "bool" to guarantee a 32-bit result,
-        regardless of compiler. gcc on mac uses 32-bit values for bool,
-        but gcc on linux and MSVC on Windows use 8-bit values.
-
-2009-07-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: added missing symbols on Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: removed stale symbols on Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-=== End merge of nitro-extreme branch 2009-07-30 ===
-
-2009-07-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed a post-review typo in r46066 that caused tons of test failures.
-        
-        SunSpider reports no change.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray): Initialize the full vector capacity, to avoid
-        uninitialized members at the end.
-
-2009-07-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows WebKit build fix: Added some missing exports.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Get the branch working on windows.
-        https://bugs.webkit.org/show_bug.cgi?id=27391
-        
-        SunSpider says 0.3% faster.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def: Updated
-        MSVC export lists to fix linker errors.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Added / removed
-        new / old project files.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines): Used #pragma pack to tell
-        MSVC that these structures represent actual memory layout, and should not be
-        automatically aligned. Changed the return value load to load a 64bit quantity
-        into the canonical registers.
-
-        * jit/JIT.h: Moved OBJECT_OFFSETOF definition to StdLibExtras.h because
-        it's needed by more than just the JIT, and it supplements a standard library
-        macro (offsetof).
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame): Fixed an incorrectly signed
-        cast to resolve an MSVC warning.
-
-        * jit/JITStubs.h: Used #pragma pack to tell MSVC that these structures
-        represent actual memory layout, and should not be automatically aligned. 
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray): Replaced memset_pattern8 with a for loop, since
-        memset_pattern8 is not portable. (I verified that this version of the loop
-        gives the best performance / generated code in GCC.)
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::JSObject): Removed accidental usage of FIELD_OFFSET --
-        OBJECT_OFFSETOF is our new macro name. (FIELD_OFFSET conflicts with a
-        definition in winnt.h.)
-
-        * runtime/JSValue.cpp: Added some headers needed by non-all-in-one builds.
-        
-        * runtime/JSValue.h:
-        (JSC::JSValue::): Made the tag signed, to match MSVC's signed enum values.
-        (GCC doesn't seem to care one way or the other.)
-
-        * wtf/MainThread.cpp: Moved the StdLibExtras.h #include -- I did this a
-        while ago to resolve a conflict with winnt.h. I can't remember if it's truly
-        still needed, but what the heck.
-
-        * wtf/StdLibExtras.h: Moved OBJECT_OFFSETOF definition here.
-
-2009-07-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig (?).
-        
-        Fixed an assertion seen during the stress test.
-        
-        Don't assume that, if op1 is constant, op2 is not, and vice versa. Sadly,
-        not all constants get folded.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-
-2009-07-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Include op_convert_this in result caching.
-        
-        No change on SunSpider or v8.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_convert_this):
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::): Made the op_convert_this JIT stub return an EncodedJSValue, so
-        to maintain the result caching contract that { tag, payload } can be
-        found in { regT1, regT0 }.
-
-2009-07-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Implemented result chaining.
-        
-        1% faster on SunSpider. 4%-5% faster on v8.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::move):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movl_rr): Added an optimization to eliminate
-        no-op mov instructions, to simplify chaining.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        * jit/JIT.h: Added data members and helper functions for recording
-        chained results. We record both a mapping from virtual to machine register
-        and the opcode for which the mapping is valid, to help ensure that the
-        mapping isn't used after the mapped register has been stomped by other
-        instructions.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_construct_verify):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase): Chain function call results.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadTag):
-        (JSC::JIT::emitLoadPayload):
-        (JSC::JIT::emitLoad):
-        (JSC::JIT::emitLoad2):
-        (JSC::JIT::isLabeled):
-        (JSC::JIT::map):
-        (JSC::JIT::unmap):
-        (JSC::JIT::isMapped):
-        (JSC::JIT::getMappedPayload):
-        (JSC::JIT::getMappedTag): Use helper functions when loading virtual
-        registers into machine registers, in case the loads can be eliminated
-        by chaining.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_mov):
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_catch): Chain results from these opcodes.
-
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call): Load the profiler into regT2 to
-        avoid stomping a chained result.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_get_by_id): Chain results from these opcodes.
-
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::addArgument): Always use { regT1, regT0 }, to facilitate
-        chaining.
-
-        (JSC::JITStubCall::call): Unmap all mapped registers, since our callee
-        stub might stomp them.
-
-2009-07-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Don't reload values in emitBinaryDoubleOp.
-
-        SunSpider reports a 0.6% progression. 
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitBinaryDoubleOp):
-
-2009-07-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Convert op_div to load op1 and op2 up front.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_div):
-
-2009-07-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Don't emit code in emitBinaryDoubleOp if code is unreachable, observable
-        via an empty (unlinked) jumplist passed in.  This only effects op_jnless
-        and op_jnlesseq at present.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emitBinaryDoubleOp):
-
-2009-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Converted op_mod to put { tag, payload } in { regT1, regT0 }, and
-        tidied up its constant case.
-        
-        SunSpider reports a 0.2% regression, but a micro-benchmark of op_mod
-        shows a 12% speedup, and the SunSpider test that uses op_mod most should
-        benefit a lot from result caching in the end, since it almost always
-        performs (expression) % constant.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-
-2009-06-30  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Converted some more arithmetic ops to put { tag, payload } in
-        { regT1, regT0 }.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-
-2009-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Converted some more arithmetic ops to put { tag, payload } in
-        { regT1, regT0 }, and added a case for subtract constant.
-        
-        SunSpider says no change. v8 says 0.3% slower.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSub32Constant):
-        (JSC::JIT::emitSlow_op_sub):
-
-2009-06-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove more uses of addressFor(), load double constants directly from
-        the constantpool in the CodeBlock, rather than from the register file.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitBinaryDoubleOp):
-
-2009-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed a bug in postfix ops, where we would treat x = x++ and x = x--
-        as a no-op, even if x were not an int, and the ++/-- could have side-effects.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emitSlow_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emitSlow_op_post_dec):
-
-2009-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Converted some arithmetic ops to put { tag, payload } in
-        { regT1, regT0 }.
-        
-        SunSpider says 0.7% faster. v8 says no change.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_bitxor):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::isOperandConstantImmediateInt):
-        (JSC::JIT::getOperandConstantImmediateInt):
-
-2009-06-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Start removing cases of addressFor().
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_div):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadDouble):
-        (JSC::JIT::emitLoadInt32ToDouble):
-        (JSC::JIT::emitStoreDouble):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-
-2009-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in my last patch with regression fixed.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-
-2009-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out my last patch because it was a 2% SunSpider regression.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-
-2009-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin "Sam Weinig" Barraclough.
-        
-        Standardized the rest of our opcodes to put { tag, payload } in
-        { regT1, regT0 } where possible.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-
-2009-06-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Replace calls to store32(tagFor()) and store32(payloadFor())
-        with emitStoreInt32(), emitStoreBool(), and emitStoreCell().
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emitBitAnd32Constant):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emitBitOr32Constant):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emitBitXor32Constant):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSub32ConstantLeft):
-        (JSC::JIT::emitSub32ConstantRight):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::emit_op_mod):
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_load_varargs):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitStoreInt32):
-        (JSC::JIT::emitStoreCell):
-        (JSC::JIT::emitStoreBool):
-        (JSC::JIT::emitStore):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::call):
-
-2009-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Standardized the rest of the property access instructions to put { tag,
-        payload } in { regT1, regT0 }.
-
-        Small v8 speedup, 0.2% SunSpider slowdown.
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoad):
-        (JSC::JIT::emitLoad2):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::patchPutByIdReplace):
-
-2009-06-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Various cleanups.
-        - Use fpRegT* instead of X86::xmm*.
-        - Use a switch statement in emitBinaryDoubleOp instead of a bunch of
-          if/elses.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_div):
-
-2009-06-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add inline code dealing with doubles for op_jfalse and op_jtrue.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::):
-        (JSC::MacroAssemblerX86Common::zeroDouble):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-
-2009-06-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Standardized op_get_by_id to put { tag, payload } in { regT1, regT0 }.
-        
-        SunSpider and v8 report maybe 0.2%-0.4% regressions, but the optimization
-        this enables will win much more than that back.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2009-06-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Standardized op_call to put { tag, payload } in { regT1, regT0 }.
-        
-        SunSpider and v8 report no change.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-
-2009-06-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Handle multiplying by zero a little better by
-        inlining the case that both operands are non-negative
-        into the slowpath.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchOr32):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-
-2009-06-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Optimize x++ to ++x inside for loops.
-        
-        Sadly, no measurable speedup, but this should help with result chaining.
-
-        * parser/Nodes.cpp:
-        (JSC::ForNode::emitBytecode):
-
-2009-06-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-
-2009-06-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emitSlow_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emitSlow_op_pre_dec):
-
-2009-06-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emitSlow_op_negate):
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_construct_verify):
-        (JSC::JIT::emitSlow_op_construct_verify):
-
-2009-06-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Standardized some more opcodes to put { tag, payload } in { regT1, regT0 }.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_true):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-
-2009-06-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig (sort of, maybe).
-        
-        Fixed some ASSERTs in http/tests/security.
-        
-        These ASSERTs were introduced by http://trac.webkit.org/changeset/45057,
-        but the underlying problem was actually older. http://trac.webkit.org/changeset/45057
-        just exposed the problem by enabling optimization in more cases.
-        
-        The ASSERTs fired because we tested PropertySlot::slotBase() for validity,
-        but slotBase() ASSERTs if it's invalid, so we would ASSERT before
-        the test could happen. Solution: Remove the ASSERT. Maybe it was valid
-        once, but it clearly goes against a pattern we've deployed of late.
-        
-        The underlying problem was that WebCore would re-use a PropertySlot in
-        the case of a forwarding access, and the second use would not completely
-        overwrite the first use. Solution: Make sure to overwrite m_offset when
-        setting a value on a PropertySlot. (Other values already get implicitly
-        overwritten during reuse.)
-
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::PropertySlot):
-        (JSC::PropertySlot::setValueSlot):
-        (JSC::PropertySlot::setValue):
-        (JSC::PropertySlot::setRegisterSlot):
-        (JSC::PropertySlot::setUndefined):
-        (JSC::PropertySlot::slotBase):
-        (JSC::PropertySlot::clearOffset):
-
-2009-06-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Enable JIT_OPTIMIZE_METHOD_CALLS on the branch, implementation matches current implemenatation in ToT.
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emitSlow_op_method_check):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::compileGetByIdSlowCase):
-
-2009-06-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bit off a tiny bit more of standardizing opcode behavior to help with result
-        caching.
-        
-        SunSpider reports no change, v8 maybe a tiny speedup.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emitSlow_op_to_jsnumber):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-
-2009-06-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bit off a tiny bit more of standardizing opcode behavior to help with result
-        caching -- including removing my old enemy, op_resolve_function, because
-        it was non-standard, and removing it felt better than helping it limp along.
-        
-        SunSpider reports no change, v8 maybe a tiny speedup.
-        
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emitSlow_op_to_primitive):
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * parser/Nodes.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-
-2009-06-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Bit off a tiny bit of standardizing opcode behavior to help with result
-        caching.
-        
-        0.6% SunSpider speedup. 0.3% v8 speedup.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoad): Accomodate a base register that overlaps with payload
-        by loading tag before payload, to avoid stomping base/payload.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_mov): Abide by the standard "tag in regT1, payload in
-        regT0" semantics.
-
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var): Ditto. Also, removed some irrelevent
-        loads while I was at it. The global object's "d" pointer never changes
-        after construction.
-
-2009-06-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove 'arguments' field from Register union (again).
-        This time do so without breaking tests (radical, I know).
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::optionalCalleeArguments):
-        (JSC::ExecState::setArgumentCount):
-        (JSC::ExecState::init):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * interpreter/Register.h:
-        (JSC::Register::withInt):
-        (JSC::Register::):
-        (JSC::Register::Register):
-        (JSC::Register::i):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_tear_off_arguments):
-        * runtime/Arguments.h:
-        (JSC::JSActivation::copyRegisters):
-        (JSC::Register::arguments):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-
-2009-06-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Removed some result register tracking cruft in preparation for a new
-        result tracking mechanism.
-        
-        SunSpider reports no change.
-
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::JmpDst::JmpDst): No need to track jump targets in
-        machine code; we already do this in bytecode.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::emitTimeoutCheck): Make sure to save and restore the result
-        registers, so an opcode with a timeout check can still benefit from result
-        register caching.
-
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases): Removed calls to killLastResultRegister()
-        in preparation for something new.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetFromCallFrameHeaderPtr):
-        (JSC::JIT::emitGetFromCallFrameHeader32):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jmp):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_jsr):
-        (JSC::JIT::emit_op_sret):
-        (JSC::JIT::emit_op_jmp_scopes): ditto
-
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::JITStubCall):
-        (JSC::JITStubCall::getArgument): added a mechanism for reloading an argument
-        you passed to a JIT stub, for use in emitTimeoutCheck.
-
-2009-06-23  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove now-useless inplace variants of binary ops.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emit_op_mul):
-
-2009-06-23  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Move off memory operands to aid in re-enabling result caching.
-
-        - No regression measured.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emitBitAnd32Constant):
-        (JSC::JIT::emitBitAnd32InPlace):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emitBitOr32Constant):
-        (JSC::JIT::emitBitOr32InPlace):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emitBitXor32Constant):
-        (JSC::JIT::emitBitXor32InPlace):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emitSlow_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emitSlow_op_pre_dec):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitAdd32InPlace):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emitSlowAdd32Constant):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSlow_op_sub):
-        (JSC::JIT::emitSub32ConstantLeft):
-        (JSC::JIT::emitSub32ConstantRight):
-        (JSC::JIT::emitSub32InPlaceLeft):
-        (JSC::JIT::emitSub32InPlaceRight):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitMul32InPlace):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::emit_op_mod):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emit_op_to_jsnumber):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-
-2009-06-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed some missing and/or misplaced labels in bytecode generation, so
-        we don't have to work around them in JIT code generation.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpSubroutine):
-        * parser/Nodes.cpp:
-        (JSC::TryNode::emitBytecode):
-
-2009-06-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        For member function calls, emit "this" directly into the "this" slot
-        for the function call, instead of moving it there later. This reduces
-        time spent in op_mov during certain calls, like "a.b.c()".
-        
-        1%-2% speedup on v8, mostly richards and delta-blue.
-
-        * parser/Nodes.cpp:
-        (JSC::FunctionCallDotNode::emitBytecode):
-
-2009-06-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove 'arguments' field from Register union.  Having JSCell derived types in the union is
-        dangerous since it opens the possibility for the field to be written as a raw pointer but
-        then read as a JSValue.  This will lead to statle data being read for the tag, which may
-        be dangerous.  Having removed Arguments* types form Register, all arguments objects must
-        always explicitly be stored in the register file as JSValues.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::optionalCalleeArguments):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * interpreter/Register.h:
-        (JSC::Register::):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_tear_off_arguments):
-        * runtime/Arguments.h:
-        (JSC::JSActivation::copyRegisters):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-
-2009-06-03  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add back known this value optimization by abstracting
-        slow case if not JSCell jumps.
-
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        (JSC::JIT::linkSlowCaseIfNotJSCell):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-
-2009-06-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed some of the regression in crypto-aes.js. (8.5% speedup in
-        crypto-aes.js.)
-        
-        SunSpider reports no change overall.
-        
-        Division was producing double results, which took the slow path through
-        array access code.
-        
-        Strangely, all my attempts at versions of this patch that modified array
-        access code to accept ints encoded as doubles along the fast or slow paths
-        were regressions. So I did this instead.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_div): When dividing an int by an int, go ahead and try
-        to turn the result into an int. Don't just do int division, though, because
-        testing shows it to be slower than SSE double division, and the corner
-        cases are pretty complicated / lengthy on top of that. Also, don't try
-        to canonicalize division of known tiny numerators into ints, since that's a
-        waste of time.
-
-2009-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Fixed a regression caused by my recent fix for NaN.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitBinaryDoubleOp): Actually do the comparison in reverse
-        order, like the ChangeLog said we would, bokay?
-
-2009-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig and Oliver Hunt.
-        
-        Fixed two edge cases in %:
-        
-        - Don't do -2147483648 % x as a fast case, since you might do -2147483648 % -1,
-        which will signal a hardware exception due to overflow.
-
-        - In the case of a zero remainder, be sure to store negative zero if the
-        dividend was zero.
-        
-        SunSpider reports no change.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-
-2009-05-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Fixed a regression when comparing to NaN.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitBinaryDoubleOp): For op_jnless and op_jnless_eq, do the
-        comparison in reverse order, and jump if the result is below or 
-        below-or-equal. This ensures that we do jump in the case of NaN.
-
-2009-05-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        SunSpider says no change.
-        
-        Fixed regressions in fast/js/var-declarations-shadowing.html and
-        fast/js/equality.html, caused by recent == and != optimizations.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_eq): Don't treat "compare to string" as always
-        numeric or string comparison. If the second operand is an object, you
-        need to ToPrimitive it, and start all over again. Also, I wrote out each
-        of the possible cases explicitly, to cut down on redundant branching.
-
-2009-05-25  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix bug in fast/js/constant-folding.html where we were not negating
-        -0 properly.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-
-2009-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-        
-        Refactored new slow case codegen for == and !=.
-        
-        SunSpider reports no change, maybe a tiny speedup.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emitSlow_op_neq): Made a vptr comparison a *Ptr operation,
-        instead of *32, to make it portable to 64bit. Reorganized the string
-        and generic cases to make their control flow a little clearer.
-
-2009-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-        
-        Optimized == and != for our new value representation -- especially for strings.
-        
-        14% speedup on date-format-tofte.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::JITStubCall):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_eq):
-        (JSC::JITStubs::cti_op_eq_strings):
-        (JSC::JITStubs::cti_op_call_eval):
-        * jit/JITStubs.h:
-        (JSC::):
-        * runtime/JSValue.h:
-
-2009-05-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix non-SSE enabled builds.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_add): Don't early return here, we still need to call the JIT stub.
-        (JSC::JIT::emitSlow_op_sub): Ditto.
-
-2009-05-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Here's a thought: let's not take a jit stub call just to multiply by 1,
-        bokay?
-        
-        imul doesn't set the zero flag, so to test for a zero result, we need
-        an explicit instruction. (Luckily, it does set the overflow flag, so
-        we can still use that.)
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emitMul32InPlace):
-
-2009-05-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey "Premature Commit" Garen.
-
-        Add back constant integer cases for op_add.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emitSlowAdd32Constant):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::getConstantOperandImmediateDouble):
-        (JSC::JIT::isOperandConstantImmediateDouble):
-
-2009-05-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added fast double cases for op_jnless and op_jnlesseq.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::JumpList::jumps): New accesor, used by
-        addSlowCase.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::ucomisd_rm): New method for comparing register to
-        memory.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emit_op_div): Modified emitBinaryDoubleOp to accept comparison/jump
-        operations in addition to operations with explicit result registers.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::addSlowCase): Added an "addSlowCase" for JumpLists, so clients
-        can track multiple jumps to the same slow case condition together.
-
-2009-05-21  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Implement op_negate inline fast cases.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::neg32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::negl_m):
-        (JSC::X86Assembler::xorpd_rr):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emitSlow_op_negate):
-
-2009-05-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Update the patchOffsetGetByIdSlowCaseCall constant for the
-        case that OPCODE_SAMPLING is enabled.
-
-        * jit/JIT.h:
-
-2009-05-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Added support for inline subtraction of doubles.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSlow_op_sub):
-        (JSC::JIT::emitSlowSub32InPlaceLeft):
-        (JSC::JIT::emitBinaryDoubleOp):
-
-2009-05-20  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Added support for inline division.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::divsd_rr):
-        (JSC::X86Assembler::divsd_mr):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitBinaryOp):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::emitSlow_op_div):
-
-2009-05-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Added support for inline addition of doubles.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emitSlowAdd32InPlace):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-
-2009-05-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Factored inline double operations into a helper function, so that we
-        can reuse this code for other math operations.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_mul):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-
-2009-05-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added support for inline multiplication of doubles.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::cvtsi2sd_mr): New function, useful for loading an
-        int32 into a double register.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul): Filled out these cases for double arithmetic.
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::addressFor): New function, useful for addressing a JSValue's
-        full 64bits as a double.
-
-2009-05-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement and enable optimized calls.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines): Add ENABLE(JIT_OPTIMIZE_CALL) guards
-        around the the optimize call only trampolines (virtualCallPreLink and virtualCallLink).
-        Update the trampolines to account for the new JSValue representation.
-        (JSC::JIT::unlinkCall): Use NULL instead of JSValue noValue. 
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall): Update to account for the new JSValue representation
-        (JSC::JIT::compileOpCallSlowCase): Ditto.
-
-        * jit/JITStubs.h: Remove incorrect !ENABLE(JIT_OPTIMIZE_CALL) guard.
-
-        * wtf/Platform.h: Enable ENABLE_JIT_OPTIMIZE_CALL.
-
-2009-05-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement and enable optimized property access.
-
-        * assembler/AbstractMacroAssembler.h: Fix comment.
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines): Remove array length trampoline
-        and implement the string length trampoline.
-        * jit/JIT.h: Add new constants for patch offsets.
-        * jit/JITInlineMethods.h: Remove FIELD_OFFSET which is now in StdLibExtras.h.
-        * jit/JITPropertyAccess.cpp: 
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::addArgument): Add version of addArgument that takes
-        two registers for the tag and payload.
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::JITStubs): Remove array length trampoline pointer.
-        (JSC::JITStubs::cti_op_get_by_id_self_fail): 
-        * jit/JITStubs.h:
-        * runtime/JSObject.h:
-        (JSC::JSObject::JSObject): Move m_inheritorID below the property storage
-        to align it to a 16 byte boundary.
-        * wtf/Platform.h: Enable ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS
-        * wtf/StdLibExtras.h: Move FIELD_OFFSET here.
-
-2009-05-17  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove unneeded ExecState parameter from the number JSValue constructors.
-
-        * runtime/JSValue.h:
-        (JSC::jsNumber):
-        (JSC::jsNaN):
-        (JSC::JSValue::JSValue):
-
-2009-05-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implemented fast path for op_put_by_val when putting to arrays.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-
-2009-05-15  Geoffrey Garen  <ggaren@apple.com> (Mostly by Sam)
-
-        Reviewed by Sam Weinig.
-        
-        Implemented fast path for op_get_by_val when accessing array.
-
-        * jit/JIT.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-
-2009-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed a failure in fast/js/math-transforms.html caused by failing to
-        preserve -0 in multiplication.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::jz):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emitMul32Constant):
-        (JSC::JIT::emitMul32InPlace): Check both for overflow and for zero when
-        doing multiplication. Use a slow case to get these right.
-
-2009-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed a bug in the varargs calling convention.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs): Move the argument count into regT1,
-        since that's where ctiVirtualCall expects it to be.
-
-2009-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fixed a small bug in instanceof's looping code.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof): NULL means the object has no prototype,
-        so only loop when *not* equal to NULL.
-
-2009-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed a small bug in instanceof's result writing code.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof): Make sure to fill out the payload bits
-        in all cases.
-
-2009-05-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Removed an invalid assertion in cti_op_urshift which
-        depended on a fast path for op_urshift which has
-        never existed.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_urshift):
-
-2009-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed loop_if_true, which had the same reversed test that jtrue had.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_true):
-
-2009-05-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        In op_neq, we apparently want to check that one value
-        does *not* equal another.  Go figure.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_neq):
-
-2009-05-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        The slow case of op_mod should call op_mod's jit stub,
-        not op_mul.  That would be dumb.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-
-2009-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed problems when using 'arguments' due to a half-initialized register.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::setCalleeArguments):
-        (JSC::ExecState::init): Require a full JSValue when setting up the 
-        'arguments' virtual register, since this register is accessible from JIT
-        code and bytecode, and needs to be a true JSValue.
-
-        * interpreter/CallFrameClosure.h:
-        (JSC::CallFrameClosure::resetCallFrame): ditto
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): ditto
-
-        * interpreter/Register.h: Removed the constructor that allowed assignment
-        of a JSArguments* to a register. That is not safe. See above.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_create_arguments):
-        (JSC::JITStubs::cti_op_create_arguments_no_params): ditto
-
-2009-05-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        We really want to go to the slow case in op_jfalse and
-        op_jtrue if the value is *not* boolean. 
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-
-2009-05-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Flipped the condition when emitting a an op_loop_if_less or op_loop_if_lesseq
-        if the first operand is a constant.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-
-2009-05-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Added missing return in op_jnless and op_jnlesseq. 
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-
-2009-05-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Load constants into the the register file as a temporary measure to
-        aid bring up.  This allows us to use to treat constants like any
-        other virtual register.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_enter):
-        (JSC::JIT::emit_op_enter_with_activation):
-
-2009-05-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Implemented op_strict_eq. Original patch by Snowy, by way of Sam and Gavin.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::set8): Added set8, since it's slightly
-        faster than set32, and the new value representation usually doesn't
-        need set32.
-
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadTag):
-        (JSC::JIT::emitLoadPayload): Added helper functions for dealing with
-        constants. Eventually, we should write special cases for all constants,
-        but these are helpful in the short term.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlow_op_stricteq):
-        (JSC::JIT::emitSlow_op_nstricteq): teh opcodez.
-
-        * runtime/JSValue.h:
-        (JSC::JSValue::):
-        (JSC::JSValue::isDouble): Added a LowestTag for clarity.
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Fixed some bugs in host function calls.
-        
-        testapi now passes!
-
-        * jit/JIT.cpp: Changed some registers around to avoid overwriting edx:eax,
-        which is how JSValues are now returned. Also changed the code that
-        passes thisValue to pass the full 64bits of the value. Also added
-        an #error compiler directive to other platform builds, since the JSValue
-        return signature probably won't return in edx:eax on those platforms,
-        and we'll have to investigate a solution.
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Removed parameters from functions that are intended never to use their
-        parameters.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Ported op_instance_of from TOT. It's basically the same, but some register
-        stuff changed to memory stuff.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
-        (JSC::JIT::emitStore): Changed to use helper functions.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof): Ported from TOT.
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-        
-        Added a comment to explain an exception-handling subtelty that we found
-        hard to remember when reviewing my last patch.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_catch):
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Implemented try/catch.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_throw): Updated to use JITStackFrame abstraction.
-        (JSC::JIT::emit_op_catch): Filled out.
-
-2009-05-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implemented op_loop_if_true, op_jfalse, op_jtrue, op_jeq_null and op_jneq_null
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_instanceof): Moved from below to be next to its
-        fast brother.
-
-        (JSC::JIT::emit_op_loop_if_true): Similar to the old version
-        in that it tries to do the integer case first and reduce the
-        number of jumps you might need to take.
-        (JSC::JIT::emitSlow_op_loop_if_true):
-
-        (JSC::JIT::emit_op_jfalse): Very similar to op_loop_if_true, only
-        the inverse and without a timeout check.
-        (JSC::JIT::emitSlow_op_jfalse):
-
-        (JSC::JIT::emit_op_jtrue): Very similar to op_loop_if_true except
-        without the timeout check.
-        (JSC::JIT::emitSlow_op_jtrue):
-
-        (JSC::JIT::emit_op_jeq_null): Very similar to the implementation
-        of op_eq, except it takes jumps instead of copying the condition
-        to a dst.
-        (JSC::JIT::emit_op_jneq_null): Ditto but for op_neq.
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Implemented op_call_varargs.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::emit_op_call):
-        (JSC::JIT::emit_op_call_eval):
-        (JSC::JIT::emit_op_load_varargs):
-        (JSC::JIT::emit_op_call_varargs):
-        (JSC::JIT::emit_op_construct):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Implemented op_call_eval.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-        (JSC::JIT::compileOpCall):
-        * jit/JITStubCall.h:
-        (JSC::CallEvalJITStub::CallEvalJITStub):
-
-2009-05-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Implemented op_not. (Gavin did most of the work!)
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emitSlow_op_not):
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Implemented op_global_resolve.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq): Added back accidentally removed
-        early returns. 
-
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_resolve_global): Pretty similar to the old code,
-        but we need two reads and a TimesEight step in order to account for the
-        64bit value size.
-
-        * jit/JITStubs.h:
-        (JSC::): Slightly tweaked this code to specialize for a JSGlobalObject*,
-        to avoid having to pass an irrelevant tag pointer to the stub.
-
-2009-05-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implemented op_to_jsnumber.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emitSlow_op_to_jsnumber):
-
-2009-05-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implemented op_convert_this.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-
-2009-05-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Got basic JS function and constructor calls working.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSetupArgs):
-        (JSC::JIT::compileOpCallVarargsSetupArgs):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_construct_verify):
-        (JSC::JIT::emitSlow_op_construct_verify):
-        (JSC::JIT::emitSlow_op_call):
-        (JSC::JIT::emitSlow_op_call_eval):
-        (JSC::JIT::emitSlow_op_call_varargs):
-        (JSC::JIT::emitSlow_op_construct):
-        (JSC::JIT::compileOpCall): Filled out these cases, with call_eval #if'd out.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutJITStubArgFromVirtualRegister):
-        (JSC::JIT::emitLoad): Restored some legacy "*CTIArg*" functions,
-        since I wanted to avoid the complexity of revamping the API here while
-        trying to bring it up. Eventually, we should re-remove all of these functions.
-
-        (JSC::JIT::recordJumpTarget): Removed unnecessary macro cruft. You will
-        not silence me, Sam Weinig! The world will know that you are a crufty,
-        crufty, crufty programmer!!!
-
-        * jit/JITOpcodes.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::):
-        * jit/JITStubs.h: Changed up some offsets in the JITStackFrame class, since
-        and off-by-one error was causing stack misalignment.
-
-2009-05-13  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement op_eq_null and op_neq_null.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::set8):
-        (JSC::MacroAssemblerX86Common::setTest8):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_stricteq):
-        (JSC::JIT::emitSlow_op_stricteq):
-        (JSC::JIT::emit_op_nstricteq):
-        (JSC::JIT::emitSlow_op_nstricteq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jsc.cpp:
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement op_new_error.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_error):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::addArgument): Add a version of addArgument
-        that takes a constant JSValue.
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove now unused emitGetVariableObjectRegister and emitPutVariableObjectRegister.
-
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement op_to_primitive and op_next_pname.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_construct_verify):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emitSlow_op_to_primitive):
-        (JSC::JIT::emitSlow_op_loop_if_true):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_next_pname):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add op_get_global_var, op_put_global_var, emit_op_get_scoped_var, emit_op_put_scoped_var and
-        op_unexpected_load.
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::tagFor):
-        (JSC::JIT::payloadFor):
-        (JSC::JIT::emitLoad):
-        (JSC::JIT::emitStore):
-        (JSC::JIT::emitLoadReturnValue):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_unexpected_load):
-
-2009-05-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Added overflow handling to op_sub.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_sub):
-        (JSC::JIT::emitSlowSub32InPlaceLeft):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove a function call by folding op_get_by_id and op_put_by_id into
-        their respective compile functions.
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Make JITStubCall work in 64bit by making the stack index
-        step dependent on the size of void*.
-
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::JITStubCall):
-        (JSC::JITStubCall::addArgument):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement simple version of property access opcodes
-        which just call a stub functions.
-
-        * jit/JITOpcodes.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_index):
-        (JSC::JIT::emit_op_put_getter):
-        (JSC::JIT::emit_op_put_setter):
-        (JSC::JIT::emit_op_del_by_id):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::addArgument):
-        * jsc.cpp:
-
-2009-05-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added work-around for XCode debugging echo problem.
-
-        * jsc.cpp:
-        (runInteractive):
-
-2009-05-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added overflow handling to op_add.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emitSlowAdd32InPlace):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add slow cases for op_jnless or emit_op_jnlesseq.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add implementations for op_jnless, emit_op_jnlesseq, op_loop_if_less and op_loop_if_lesseq.
-        No slow cases for op_jnless or emit_op_jnlesseq yet.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emitSlow_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emitSlow_op_loop_if_lesseq):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Turn the RECORD_JUMP_TARGET macro into an inline function.
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::recordJumpTarget):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jmp):
-        (JSC::JIT::emit_op_jsr):
-        (JSC::JIT::emit_op_jmp_scopes):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Add MacroAssemblerX86Common::set8 to fix the build.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::set8):
-
-2009-05-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Added overflow recovery for pre_inc and pre_dec.
-        
-        Turned some short-circuit code into early returns, as is the WebKit style.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emitSlow_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emitSlow_op_post_dec):
-        (JSC::JIT::emitSlow_op_pre_inc):
-        (JSC::JIT::emitSlow_op_pre_dec):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement op_jmp, op_loop, op_eq and op_neq.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jmp):
-        (JSC::JIT::emit_op_loop):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::emit_op_enter):
-        (JSC::JIT::emit_op_enter_with_activation):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement the slow cases for arithmetic opcodes.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_lshift):
-        (JSC::JIT::emitSlow_op_rshift):
-        (JSC::JIT::emitSlow_op_bitand):
-        (JSC::JIT::emitSlow_op_bitor):
-        (JSC::JIT::emitSlow_op_bitxor):
-        (JSC::JIT::emitSlow_op_bitnot):
-        (JSC::JIT::emitSlow_op_sub):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emitSlow_op_mod):
-        (JSC::JIT::emit_op_mod):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Implement op_bitnot.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::not32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::notl_m):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_bitnot):
-
-2009-05-12  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add arithmetic opcode implementations from the old nitro-extreme branch.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitSlow_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emitBitAnd32Constant):
-        (JSC::JIT::emitBitAnd32InPlace):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emitSlow_op_bitor):
-        (JSC::JIT::emitBitOr32Constant):
-        (JSC::JIT::emitBitOr32InPlace):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emitSlow_op_bitxor):
-        (JSC::JIT::emitBitXor32Constant):
-        (JSC::JIT::emitBitXor32InPlace):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emitSlow_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emitSlow_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emitSlow_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emitSlow_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emitSlow_op_pre_dec):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitAdd32InPlace):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSlow_op_sub):
-        (JSC::JIT::emitSub32ConstantLeft):
-        (JSC::JIT::emitSub32ConstantRight):
-        (JSC::JIT::emitSub32InPlaceLeft):
-        (JSC::JIT::emitSub32InPlaceRight):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emitMul32Constant):
-        (JSC::JIT::emitMul32InPlace):
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITOpcodes.cpp:
-
-2009-05-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed JIT_OPTIMIZE_ARITHMETIC setting, since it was all about 32bit
-        value representations.
-        
-        Added JSAPIValueWrapper to the repository.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        * runtime/JSAPIValueWrapper.cpp: Added.
-        (JSC::JSAPIValueWrapper::toPrimitive):
-        (JSC::JSAPIValueWrapper::getPrimitiveNumber):
-        (JSC::JSAPIValueWrapper::toBoolean):
-        (JSC::JSAPIValueWrapper::toNumber):
-        (JSC::JSAPIValueWrapper::toString):
-        (JSC::JSAPIValueWrapper::toObject):
-        * runtime/JSAPIValueWrapper.h: Added.
-        (JSC::JSAPIValueWrapper::value):
-        (JSC::JSAPIValueWrapper::isAPIValueWrapper):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        (JSC::jsAPIValueWrapper):
-        * wtf/Platform.h:
-
-2009-05-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Turned on the JIT and got it building and running the most trivial of
-        programs.
-        
-        All configurable optimizations are turned off, and a few opcodes are ad
-        hoc #if'd out.
-        
-        So far, I've only merged op_mov and op_end, but some stub-reliant
-        opcodes work as-is from TOT.
-        
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * bytecode/CodeBlock.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitSlow_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emitSlow_op_bitand):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emitSlow_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emitSlow_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emitSlow_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emitSlow_op_pre_dec):
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emitSlow_op_mul):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpConstructSetupArgs):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::getConstantOperandImmediateInt):
-        (JSC::JIT::isOperandConstantImmediateInt):
-        (JSC::JIT::emitInitRegister):
-        (JSC::JIT::addSlowCase):
-        (JSC::JIT::addJump):
-        (JSC::JIT::emitJumpSlowToHot):
-        (JSC::JIT::tagFor):
-        (JSC::JIT::payloadFor):
-        (JSC::JIT::emitLoad):
-        (JSC::JIT::emitLoadReturnValue):
-        (JSC::JIT::emitStore):
-        (JSC::JIT::emitStoreReturnValue):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_mov):
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_jmp):
-        (JSC::JIT::emit_op_loop):
-        (JSC::JIT::emit_op_loop_if_less):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_construct_verify):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_loop_if_true):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_unexpected_load):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_throw):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_push_scope):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_push_new_scope):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_switch_imm):
-        (JSC::JIT::emit_op_switch_char):
-        (JSC::JIT::emit_op_switch_string):
-        (JSC::JIT::emit_op_new_error):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call):
-        (JSC::JIT::emitSlow_op_construct_verify):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emitSlow_op_loop_if_less):
-        (JSC::JIT::emitSlow_op_loop_if_lesseq):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::emitSlow_op_not):
-        (JSC::JIT::emitSlow_op_instanceof):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_index):
-        (JSC::JIT::emit_op_put_getter):
-        (JSC::JIT::emit_op_put_setter):
-        (JSC::JIT::emit_op_del_by_id):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compilePutByIdHotPath):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::JITStubCall):
-        (JSC::JITStubCall::addArgument):
-        (JSC::JITStubCall::call):
-        (JSC::JITStubCall::):
-        (JSC::CallEvalJITStub::CallEvalJITStub):
-        * jit/JITStubs.cpp:
-        (JSC::):
-        (JSC::JITStubs::cti_op_add):
-        (JSC::JITStubs::cti_op_pre_inc):
-        (JSC::JITStubs::cti_op_mul):
-        (JSC::JITStubs::cti_op_get_by_val):
-        (JSC::JITStubs::cti_op_get_by_val_string):
-        (JSC::JITStubs::cti_op_get_by_val_byte_array):
-        (JSC::JITStubs::cti_op_sub):
-        (JSC::JITStubs::cti_op_put_by_val):
-        (JSC::JITStubs::cti_op_put_by_val_array):
-        (JSC::JITStubs::cti_op_put_by_val_byte_array):
-        (JSC::JITStubs::cti_op_negate):
-        (JSC::JITStubs::cti_op_div):
-        (JSC::JITStubs::cti_op_pre_dec):
-        (JSC::JITStubs::cti_op_post_inc):
-        (JSC::JITStubs::cti_op_eq):
-        (JSC::JITStubs::cti_op_lshift):
-        (JSC::JITStubs::cti_op_bitand):
-        (JSC::JITStubs::cti_op_rshift):
-        (JSC::JITStubs::cti_op_bitnot):
-        (JSC::JITStubs::cti_op_mod):
-        (JSC::JITStubs::cti_op_neq):
-        (JSC::JITStubs::cti_op_post_dec):
-        (JSC::JITStubs::cti_op_urshift):
-        (JSC::JITStubs::cti_op_bitxor):
-        (JSC::JITStubs::cti_op_bitor):
-        (JSC::JITStubs::cti_op_switch_imm):
-        * jit/JITStubs.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-        * runtime/JSValue.h:
-        (JSC::JSValue::payload):
-        * wtf/Platform.h:
-
-2009-05-07  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add some new MacroAssembler and assembler functions that will be needed shortly.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::add32):
-        (JSC::MacroAssemblerX86Common::and32):
-        (JSC::MacroAssemblerX86Common::mul32):
-        (JSC::MacroAssemblerX86Common::neg32):
-        (JSC::MacroAssemblerX86Common::or32):
-        (JSC::MacroAssemblerX86Common::sub32):
-        (JSC::MacroAssemblerX86Common::xor32):
-        (JSC::MacroAssemblerX86Common::branchAdd32):
-        (JSC::MacroAssemblerX86Common::branchMul32):
-        (JSC::MacroAssemblerX86Common::branchSub32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::):
-        (JSC::X86Assembler::addl_rm):
-        (JSC::X86Assembler::andl_mr):
-        (JSC::X86Assembler::andl_rm):
-        (JSC::X86Assembler::andl_im):
-        (JSC::X86Assembler::negl_r):
-        (JSC::X86Assembler::notl_r):
-        (JSC::X86Assembler::orl_rm):
-        (JSC::X86Assembler::orl_im):
-        (JSC::X86Assembler::subl_rm):
-        (JSC::X86Assembler::xorl_mr):
-        (JSC::X86Assembler::xorl_rm):
-        (JSC::X86Assembler::xorl_im):
-        (JSC::X86Assembler::imull_mr):
-
-2009-05-11  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Cameron Zwarich.
-
-        Remove the NumberHeap.
-
-        * JavaScriptCore.exp:
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::recordExtraCost):
-        (JSC::Heap::heapAllocate):
-        (JSC::Heap::markConservatively):
-        (JSC::Heap::sweep):
-        (JSC::Heap::collect):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::statistics):
-        (JSC::typeName):
-        (JSC::Heap::isBusy):
-        * runtime/Collector.h:
-        (JSC::Heap::globalData):
-        * runtime/JSCell.h:
-
-2009-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Land initial commit of new number representation for 32 bit platforms,
-        with JIT disabled.
-
-        * API/APICast.h:
-        (toJS):
-        (toRef):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::hasInstance):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        * API/tests/testapi.c:
-        (EvilExceptionObject_convertToType):
-        * AllInOneFile.cpp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::emitUnexpectedLoad):
-        (JSC::keyForImmediateSwitch):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::privateExecute):
-        * parser/Nodes.cpp:
-        (JSC::ArrayNode::emitBytecode):
-        (JSC::processClauseList):
-        * runtime/ArgList.h:
-        * runtime/Collector.h:
-        (JSC::sizeof):
-        * runtime/DateMath.cpp:
-        * runtime/ExceptionHelpers.h:
-        * runtime/InitializeThreading.cpp:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        (JSC::JSCell::isAPIValueWrapper):
-        (JSC::JSValue::isString):
-        (JSC::JSValue::isGetterSetter):
-        (JSC::JSValue::isObject):
-        (JSC::JSValue::getString):
-        (JSC::JSValue::getObject):
-        (JSC::JSValue::getCallData):
-        (JSC::JSValue::getConstructData):
-        (JSC::JSValue::getUInt32):
-        (JSC::JSValue::marked):
-        (JSC::JSValue::toPrimitive):
-        (JSC::JSValue::getPrimitiveNumber):
-        (JSC::JSValue::toBoolean):
-        (JSC::JSValue::toNumber):
-        (JSC::JSValue::toString):
-        (JSC::JSValue::needsThisConversion):
-        (JSC::JSValue::toThisString):
-        (JSC::JSValue::getJSNumber):
-        (JSC::JSValue::toObject):
-        (JSC::JSValue::toThisObject):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeForLookup):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-        * runtime/JSImmediate.h:
-        * runtime/JSNumberCell.cpp: Removed.
-        * runtime/JSNumberCell.h: Removed.
-        * runtime/JSObject.h:
-        (JSC::JSValue::get):
-        (JSC::JSValue::put):
-        * runtime/JSString.h:
-        (JSC::JSValue::toThisJSString):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toInteger):
-        (JSC::JSValue::toIntegerPreserveNaN):
-        (JSC::JSValue::toObjectSlowCase):
-        (JSC::JSValue::toThisObjectSlowCase):
-        (JSC::JSValue::synthesizeObject):
-        (JSC::JSValue::synthesizePrototype):
-        (JSC::JSValue::description):
-        (JSC::nonInlineNaN):
-        * runtime/JSValue.h:
-        (JSC::JSValue::):
-        (JSC::EncodedJSValueHashTraits::emptyValue):
-        (JSC::jsNaN):
-        (JSC::operator==):
-        (JSC::operator!=):
-        (JSC::toInt32):
-        (JSC::toUInt32):
-        (JSC::JSValue::encode):
-        (JSC::JSValue::decode):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::operator bool):
-        (JSC::JSValue::operator==):
-        (JSC::JSValue::operator!=):
-        (JSC::JSValue::isUndefined):
-        (JSC::JSValue::isNull):
-        (JSC::JSValue::isUndefinedOrNull):
-        (JSC::JSValue::isCell):
-        (JSC::JSValue::isInt32):
-        (JSC::JSValue::isUInt32):
-        (JSC::JSValue::isDouble):
-        (JSC::JSValue::isTrue):
-        (JSC::JSValue::isFalse):
-        (JSC::JSValue::tag):
-        (JSC::JSValue::asInt32):
-        (JSC::JSValue::asUInt32):
-        (JSC::JSValue::asDouble):
-        (JSC::JSValue::asCell):
-        (JSC::JSValue::isNumber):
-        (JSC::JSValue::isBoolean):
-        (JSC::JSValue::getBoolean):
-        (JSC::JSValue::uncheckedGetNumber):
-        (JSC::JSValue::toJSNumber):
-        (JSC::JSValue::getNumber):
-        (JSC::JSValue::toInt32):
-        (JSC::JSValue::toUInt32):
-        * runtime/Operations.h:
-        (JSC::JSValue::equal):
-        (JSC::JSValue::equalSlowCaseInline):
-        (JSC::JSValue::strictEqual):
-        (JSC::JSValue::strictEqualSlowCaseInline):
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAdd):
-        * runtime/PropertySlot.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncIndexOf):
-        * wtf/Platform.h:
-
-=== Start merge of nitro-extreme branch 2009-07-30 ===
-
-2009-07-29  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by George Staikos.
-
-        Resolve class/struct mixup in forward declarations
-        https://bugs.webkit.org/show_bug.cgi?id=27708
-
-        * API/JSClassRef.h:
-        * bytecode/SamplingTool.h:
-        * interpreter/Interpreter.h:
-        * jit/JIT.h:
-        * profiler/ProfileGenerator.h:
-        * profiler/Profiler.h:
-        * runtime/ClassInfo.h:
-        * runtime/ExceptionHelpers.h:
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-
-2009-07-28  Ada Chan  <adachan@apple.com>        
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27236
-        - Implement TCMalloc_SystemRelease and TCMalloc_SystemCommit for Windows.
-        - Use a background thread to periodically scavenge memory to release back to the system.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::init):
-        (WTF::TCMalloc_PageHeap::runScavengerThread):
-        (WTF::TCMalloc_PageHeap::scavenge):
-        (WTF::TCMalloc_PageHeap::shouldContinueScavenging):
-        (WTF::TCMalloc_PageHeap::New):
-        (WTF::TCMalloc_PageHeap::AllocLarge):
-        (WTF::TCMalloc_PageHeap::Delete):
-        (WTF::TCMalloc_PageHeap::GrowHeap):
-        (WTF::sleep):
-        (WTF::TCMalloc_PageHeap::scavengerThread):
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease):
-        (TCMalloc_SystemCommit):
-        * wtf/TCSystemAlloc.h:
-
-2009-07-28  Xan Lopez  <xlopez@igalia.com>
-
-        Add new files, fixes distcheck.
-
-        * GNUmakefile.am:
-
-2009-07-28  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Determining whether to use JIT or interpreter
-        moved from JavaScriptCore.pri to Platform.h
-
-        * JavaScriptCore.pri:
-        * wtf/Platform.h:
-
-2009-07-27  Brian Weinstein  <bweinstein@apple.com>
-
-        Fix of misuse of sort command.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-27  Brian Weinstein  <bweinstein@apple.com>
-
-        Build fix for Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        Fix tyop in JIT, renamed preverveReturnAddressAfterCall -> preserveReturnAddressAfterCall.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::preserveReturnAddressAfterCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2009-07-27  Alexey Proskuryakov  <ap@webkit.org>
-
-        Gtk build fix.
-
-        * runtime/JSLock.cpp: (JSC::JSLock::JSLock): Fix "no threading" case.
-
-2009-07-27  Alexey Proskuryakov  <ap@webkit.org>
-
-        Release build fix.
-
-        * runtime/JSLock.h: (JSC::JSLock::~JSLock):
-
-2009-07-27  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27735
-        Give a helpful name to JSLock constructor argument
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        (JSPropertyNameArrayRelease):
-        (JSPropertyNameAccumulatorAddName):
-        * JavaScriptCore.exp:
-        * jsc.cpp:
-        (functionGC):
-        (cleanupGlobalData):
-        (jscmain):
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy):
-        * runtime/JSLock.cpp:
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::lock):
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-        * runtime/JSLock.h:
-        (JSC::):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::~JSLock):
-
-2009-07-25  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Eric Seidel.
-
-        Allow custom memory allocation control for OpaqueJSPropertyNameArray struct
-        https://bugs.webkit.org/show_bug.cgi?id=27342
-
-        Inherits OpaqueJSPropertyNameArray struct from FastAllocBase because it has been
-        instantiated by 'new' JavaScriptCore/API/JSObjectRef.cpp:473.
-
-        * API/JSObjectRef.cpp:
-
-2009-07-24  Ada Chan  <adachan@apple.com>
-
-        In preparation for https://bugs.webkit.org/show_bug.cgi?id=27236:
-        Remove TCMALLOC_TRACK_DECOMMITED_SPANS.  We'll always track decommitted spans.
-        We have tested this and show it has little impact on performance.
-
-        Reviewed by Mark Rowe.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::New):
-        (WTF::TCMalloc_PageHeap::AllocLarge):
-        (WTF::propagateDecommittedState):
-        (WTF::mergeDecommittedStates):
-        (WTF::TCMalloc_PageHeap::Delete):
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
-
-2009-07-24  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler and Adam Barth.
-
-        Build fix for x86 platforms.
-        https://bugs.webkit.org/show_bug.cgi?id=27602
-
-        * jit/JIT.cpp:
-
-2009-07-23  Kevin Ollivier  <kevino@theolliviers.com>
-
-        wx build fix, adding missing header.
-
-        * jit/JIT.cpp:
-
-2009-07-22  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        Add wince specific memory files into wtf/wince
-        https://bugs.webkit.org/show_bug.cgi?id=27550
-
-        * wtf/wince/FastMallocWince.h: Added.
-        * wtf/wince/MemoryManager.cpp: Added.
-        * wtf/wince/MemoryManager.h: Added.
-
-2009-07-23  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Fix for missing mmap features in Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=24540
-
-        Fix, conditionally for PLATFORM(SYMBIAN), as an alternative 
-        to missing support for the MAP_ANON property flag in mmap. 
-        It utilizes Symbian specific memory allocation features.
-
-        * runtime/Collector.cpp
-
-2009-07-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        With ENABLE(ASSEMBLER_WX_EXCLUSIVE), only change permissions once per repatch event.
-        ( https://bugs.webkit.org/show_bug.cgi?id=27564 )
-
-        Currently we change permissions forwards and backwards for each instruction modified,
-        instead we should only change permissions once per complete repatching event.
-
-        2.5% progression running with ENABLE(ASSEMBLER_WX_EXCLUSIVE) enabled,
-        which recoups 1/3 of the penalty of running with this mode enabled.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::linkBranch):
-            - Replace usage of MakeWritable with cacheFlush.
-        
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::patchPointerInternal):
-        (JSC::ARMAssembler::repatchLoadPtrToLEA):
-            - Replace usage of MakeWritable with cacheFlush.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::relinkJump):
-        (JSC::ARMv7Assembler::relinkCall):
-        (JSC::ARMv7Assembler::repatchInt32):
-        (JSC::ARMv7Assembler::repatchPointer):
-        (JSC::ARMv7Assembler::repatchLoadPtrToLEA):
-        (JSC::ARMv7Assembler::setInt32):
-            - Replace usage of MakeWritable with cacheFlush.
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::performFinalization):
-            - Make explicit call to cacheFlush.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
-            - Make size always available.
-
-        * assembler/RepatchBuffer.h:
-        (JSC::RepatchBuffer::RepatchBuffer):
-        (JSC::RepatchBuffer::~RepatchBuffer):
-            - Add calls to MakeWritable & makeExecutable.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::relinkJump):
-        (JSC::X86Assembler::relinkCall):
-        (JSC::X86Assembler::repatchInt32):
-        (JSC::X86Assembler::repatchPointer):
-        (JSC::X86Assembler::repatchLoadPtrToLEA):
-            - Remove usage of MakeWritable.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getJITCode):
-            - Provide access to CodeBlock's JITCode.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::makeExecutable):
-        (JSC::ExecutableAllocator::cacheFlush):
-            - Remove MakeWritable, make cacheFlush public.
-
-        * jit/JIT.cpp:
-        (JSC::ctiPatchNearCallByReturnAddress):
-        (JSC::ctiPatchCallByReturnAddress):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::unlinkCall):
-        (JSC::JIT::linkCall):
-            - Add CodeBlock argument to RepatchBuffer.
-
-        * jit/JIT.h:
-            - Pass CodeBlock argument for use by RepatchBuffer.
-
-        * jit/JITCode.h:
-        (JSC::JITCode::start):
-        (JSC::JITCode::size):
-            - Provide access to code start & size.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchMethodCallProto):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-            - Add CodeBlock argument to RepatchBuffer.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-            - Pass CodeBlock argument for use by RepatchBuffer.
-
-2009-07-21  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Cache not only the structure of the method, but the
-        structure of its prototype as well.
-        https://bugs.webkit.org/show_bug.cgi?id=27077
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-
-2009-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Move call linking / repatching down from AbstractMacroAssembler into MacroAssemblerARCH classes.
-        ( https://bugs.webkit.org/show_bug.cgi?id=27527 )
-
-        This allows the implementation to be defined per architecture.  Specifically this addresses the
-        fact that x86-64 MacroAssembler implements far calls as a load to register, followed by a call
-        to register.  Patching the call actually requires the pointer load to be patched, rather than
-        the call to be patched.  This is implementation detail specific to MacroAssemblerX86_64, and as
-        such is best handled there.
-
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::linkCall):
-        (JSC::MacroAssemblerARM::repatchCall):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::linkCall):
-        (JSC::MacroAssemblerARMv7::repatchCall):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::linkCall):
-        (JSC::MacroAssemblerX86::repatchCall):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::linkCall):
-        (JSC::MacroAssemblerX86_64::repatchCall):
-
-2009-07-21  Adam Treat  <adam.treat@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        Every wtf file includes other wtf files with <> style includes
-        except this one.  Fix the exception.
-
-        * wtf/ByteArray.h:
-
-2009-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Move LinkBuffer/RepatchBuffer out of AbstractMacroAssembler.
-        ( https://bugs.webkit.org/show_bug.cgi?id=27485 )
-
-        This change is the first step in a process to move code that should be in
-        the architecture-specific MacroAssembler classes up out of Assmbler and
-        AbstractMacroAssembler.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - added new files
-        
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::linkPointer):
-            - rename patchPointer to bring it in line with the current link/repatch naming scheme
-        
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::linkCall):
-        (JSC::ARMv7Assembler::linkPointer):
-        (JSC::ARMv7Assembler::relinkCall):
-        (JSC::ARMv7Assembler::repatchInt32):
-        (JSC::ARMv7Assembler::repatchPointer):
-        (JSC::ARMv7Assembler::setInt32):
-        (JSC::ARMv7Assembler::setPointer):
-            - rename patchPointer to bring it in line with the current link/repatch naming scheme
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::linkJump):
-        (JSC::AbstractMacroAssembler::linkCall):
-        (JSC::AbstractMacroAssembler::linkPointer):
-        (JSC::AbstractMacroAssembler::getLinkerAddress):
-        (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
-        (JSC::AbstractMacroAssembler::repatchJump):
-        (JSC::AbstractMacroAssembler::repatchCall):
-        (JSC::AbstractMacroAssembler::repatchNearCall):
-        (JSC::AbstractMacroAssembler::repatchInt32):
-        (JSC::AbstractMacroAssembler::repatchPointer):
-        (JSC::AbstractMacroAssembler::repatchLoadPtrToLEA):
-            - remove the LinkBuffer/RepatchBuffer classes, but leave a set of (private, friended) methods to interface to the Assembler
-
-        * assembler/LinkBuffer.h: Added.
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::~LinkBuffer):
-        (JSC::LinkBuffer::link):
-        (JSC::LinkBuffer::patch):
-        (JSC::LinkBuffer::locationOf):
-        (JSC::LinkBuffer::locationOfNearCall):
-        (JSC::LinkBuffer::returnAddressOffset):
-        (JSC::LinkBuffer::finalizeCode):
-        (JSC::LinkBuffer::finalizeCodeAddendum):
-        (JSC::LinkBuffer::code):
-        (JSC::LinkBuffer::performFinalization):
-            - new file containing the LinkBuffer class, previously a member of AbstractMacroAssembler
-
-        * assembler/RepatchBuffer.h: Added.
-        (JSC::RepatchBuffer::RepatchBuffer):
-        (JSC::RepatchBuffer::relink):
-        (JSC::RepatchBuffer::repatch):
-        (JSC::RepatchBuffer::repatchLoadPtrToLEA):
-        (JSC::RepatchBuffer::relinkCallerToTrampoline):
-        (JSC::RepatchBuffer::relinkCallerToFunction):
-        (JSC::RepatchBuffer::relinkNearCallerToTrampoline):
-            - new file containing the RepatchBuffer class, previously a member of AbstractMacroAssembler
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::linkJump):
-        (JSC::X86Assembler::linkCall):
-        (JSC::X86Assembler::linkPointerForCall):
-        (JSC::X86Assembler::linkPointer):
-        (JSC::X86Assembler::relinkJump):
-        (JSC::X86Assembler::relinkCall):
-        (JSC::X86Assembler::repatchInt32):
-        (JSC::X86Assembler::repatchPointer):
-        (JSC::X86Assembler::setPointer):
-        (JSC::X86Assembler::setInt32):
-        (JSC::X86Assembler::setRel32):
-            - rename patchPointer to bring it in line with the current link/repatch naming scheme
-
-        * jit/JIT.cpp:
-        (JSC::ctiPatchNearCallByReturnAddress):
-        (JSC::ctiPatchCallByReturnAddress):
-            - include new headers
-            - remove MacroAssembler:: specification from RepatchBuffer usage
-
-        * jit/JITPropertyAccess.cpp:
-        * yarr/RegexJIT.cpp:
-            - include new headers
-
-2009-07-21  Robert Agoston  <Agoston.Robert@stud.u-szeged.hu>
-
-        Reviewed by David Levin.
-
-        Fixed #undef typo.
-        https://bugs.webkit.org/show_bug.cgi?id=27506
-
-        * bytecode/Opcode.h:
-
-2009-07-21  Adam Roben  <aroben@apple.com>
-
-        Roll out r46153, r46154, and r46155
-
-        These changes were causing build failures and assertion failures on
-        Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSArray.cpp:
-        * runtime/StringPrototype.cpp:
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        * wtf/Platform.h:
-        * wtf/PossiblyNull.h: Removed.
-
-2009-07-21  Roland Steiner  <rolandsteiner@google.com>
-
-        Reviewed by David Levin.
-
-        Add ENABLE_RUBY to list of build options
-        https://bugs.webkit.org/show_bug.cgi?id=27324
-
-        * Configurations/FeatureDefines.xcconfig: Added flag ENABLE_RUBY.
-
-2009-07-20  Oliver Hunt  <oliver@apple.com>
-
-        Build fix attempt #2
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-20  Oliver Hunt  <oliver@apple.com>
-
-        Build fix attempt #1
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make it harder to misuse try* allocation routines
-        https://bugs.webkit.org/show_bug.cgi?id=27469
-
-        Jump through a few hoops to make it much harder to accidentally
-        miss null-checking of values returned by the try-* allocation
-        routines.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::increaseVectorLength):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncLink):
-        * runtime/UString.cpp:
-        (JSC::allocChars):
-        (JSC::reallocChars):
-        (JSC::expandCapacity):
-        (JSC::UString::Rep::reserveCapacity):
-        (JSC::UString::expandPreCapacity):
-        (JSC::createRep):
-        (JSC::concatenate):
-        (JSC::UString::spliceSubstringsWithSeparators):
-        (JSC::UString::replaceRange):
-        (JSC::UString::append):
-        (JSC::UString::operator=):
-        * runtime/UString.h:
-        (JSC::UString::Rep::createEmptyBuffer):
-        * wtf/FastMalloc.cpp:
-        (WTF::tryFastZeroedMalloc):
-        (WTF::tryFastMalloc):
-        (WTF::tryFastCalloc):
-        (WTF::tryFastRealloc):
-        (WTF::TCMallocStats::tryFastMalloc):
-        (WTF::TCMallocStats::tryFastCalloc):
-        (WTF::TCMallocStats::tryFastRealloc):
-        * wtf/FastMalloc.h:
-        (WTF::TryMallocReturnValue::TryMallocReturnValue):
-        (WTF::TryMallocReturnValue::~TryMallocReturnValue):
-        (WTF::TryMallocReturnValue::operator Maybe<T>):
-        (WTF::TryMallocReturnValue::getValue):
-        * wtf/PossiblyNull.h:
-        (WTF::PossiblyNull::PossiblyNull):
-        (WTF::PossiblyNull::~PossiblyNull):
-        (WTF::PossiblyNull::getValue):
-        * wtf/Platform.h:
-
-2009-07-20  Gavin Barraclough  <barraclough@apple.com>
-
-        RS Oliver Hunt.
-
-        Add ARM assembler files to xcodeproj, for convenience editing.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-07-20  Jessie Berlin  <jberlin@apple.com>
-
-        Reviewed by David Levin.
-
-        Fix an incorrect assertion in Vector::remove.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=27477
-
-        * wtf/Vector.h:
-        (WTF::::remove):
-        Assert that the position at which to start removing elements + the
-        length (the number of elements to remove) is less than or equal to the
-        size of the entire Vector.
-
-2009-07-20  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27468
-        Back out r46060, which caused problems for some Apple developers.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-
-2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Allow custom memory allocation control in NewThreadContext
-        https://bugs.webkit.org/show_bug.cgi?id=27338
-
-        Inherits NewThreadContext struct from FastAllocBase because it
-        has been instantiated by 'new' JavaScriptCore/wtf/Threading.cpp:76.
-
-        * wtf/Threading.cpp:
-
-2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Allow custom memory allocation control in JavaScriptCore's JSClassRef.h
-        https://bugs.webkit.org/show_bug.cgi?id=27340
-
-        Inherit StaticValueEntry and StaticFunctionEntry struct from FastAllocBase because these
-        have been instantiated by 'new' in JavaScriptCore/API/JSClassRef.cpp:153
-        and in JavaScriptCore/API/JSClassRef.cpp:166.
-
-        * API/JSClassRef.h:
-
-2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control in JavaScriptCore's RegexPattern.h
-        https://bugs.webkit.org/show_bug.cgi?id=27343
-
-        Inherits RegexPattern.h's structs (which have been instantiated by operator new) from FastAllocBase:
-
-        CharacterClass (new call: JavaScriptCore/yarr/RegexCompiler.cpp:144)
-        PatternAlternative (new call: JavaScriptCore/yarr/RegexPattern.h:221) 
-        PatternDisjunction (new call: JavaScriptCore/yarr/RegexCompiler.cpp:446)
-
-        * yarr/RegexPattern.h:
-
-2009-07-20  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's MatchFrame struct
-        https://bugs.webkit.org/show_bug.cgi?id=27344
-
-        Inherits MatchFrame struct from FastAllocBase because it has
-        been instantiated by 'new' JavaScriptCore/pcre/pcre_exec.cpp:359.
-
-        * pcre/pcre_exec.cpp:
-
-2009-07-20  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Holger Freyther.
-
-        Remove some outdated S60 platform specific code
-        https://bugs.webkit.org/show_bug.cgi?id=27423
-
-        * wtf/Platform.h:
-
-2009-07-20  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by Simon Hausmann.
-
-        Qt build fix with MSVC and MinGW.
-
-        * jsc.pro: Make sure jsc is a console application, and turn off
-        exceptions and stl support to fix the build.
-
-2009-07-20  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gustavo Noronha.
-
-        Do not use C++-style comments in preprocessor directives.
-
-        GCC does not like this in some configurations, using C-style
-        comments is safer.
-
-        * wtf/Platform.h:
-
-2009-07-17  Peter Kasting  <pkasting@google.com>
-
-        Reviewed by Steve Falkenburg.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27323
-        Only add Cygwin to the path when it isn't already there.  This avoids
-        causing problems for people who purposefully have non-Cygwin versions of
-        executables like svn in front of the Cygwin ones in their paths.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-
-2009-07-17  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Add YARR support for generic ARM platforms (disabled by default).
-        https://bugs.webkit.org/show_bug.cgi?id=24986
-
-        Add generic ARM port for MacroAssembler. It supports the whole
-        MacroAssembler functionality except floating point.
-
-        The class JmpSrc is extended with a flag which enables to patch
-        the jump destination offset during execution. This feature is
-        required for generic ARM port.
-
-        Signed off by Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
-        Signed off by Gabor Loki <loki@inf.u-szeged.hu>
-
-        * JavaScriptCore.pri:
-        * assembler/ARMAssembler.cpp: Added.
-        (JSC::ARMAssembler::getLdrImmAddress):
-        (JSC::ARMAssembler::linkBranch):
-        (JSC::ARMAssembler::patchConstantPoolLoad):
-        (JSC::ARMAssembler::getOp2):
-        (JSC::ARMAssembler::genInt):
-        (JSC::ARMAssembler::getImm):
-        (JSC::ARMAssembler::moveImm):
-        (JSC::ARMAssembler::dataTransfer32):
-        (JSC::ARMAssembler::baseIndexTransfer32):
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h: Added.
-        (JSC::ARM::):
-        (JSC::ARMAssembler::ARMAssembler):
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::JmpSrc::JmpSrc):
-        (JSC::ARMAssembler::JmpSrc::enableLatePatch):
-        (JSC::ARMAssembler::JmpDst::JmpDst):
-        (JSC::ARMAssembler::JmpDst::isUsed):
-        (JSC::ARMAssembler::JmpDst::used):
-        (JSC::ARMAssembler::emitInst):
-        (JSC::ARMAssembler::and_r):
-        (JSC::ARMAssembler::ands_r):
-        (JSC::ARMAssembler::eor_r):
-        (JSC::ARMAssembler::eors_r):
-        (JSC::ARMAssembler::sub_r):
-        (JSC::ARMAssembler::subs_r):
-        (JSC::ARMAssembler::rsb_r):
-        (JSC::ARMAssembler::rsbs_r):
-        (JSC::ARMAssembler::add_r):
-        (JSC::ARMAssembler::adds_r):
-        (JSC::ARMAssembler::adc_r):
-        (JSC::ARMAssembler::adcs_r):
-        (JSC::ARMAssembler::sbc_r):
-        (JSC::ARMAssembler::sbcs_r):
-        (JSC::ARMAssembler::rsc_r):
-        (JSC::ARMAssembler::rscs_r):
-        (JSC::ARMAssembler::tst_r):
-        (JSC::ARMAssembler::teq_r):
-        (JSC::ARMAssembler::cmp_r):
-        (JSC::ARMAssembler::orr_r):
-        (JSC::ARMAssembler::orrs_r):
-        (JSC::ARMAssembler::mov_r):
-        (JSC::ARMAssembler::movs_r):
-        (JSC::ARMAssembler::bic_r):
-        (JSC::ARMAssembler::bics_r):
-        (JSC::ARMAssembler::mvn_r):
-        (JSC::ARMAssembler::mvns_r):
-        (JSC::ARMAssembler::mul_r):
-        (JSC::ARMAssembler::muls_r):
-        (JSC::ARMAssembler::mull_r):
-        (JSC::ARMAssembler::ldr_imm):
-        (JSC::ARMAssembler::ldr_un_imm):
-        (JSC::ARMAssembler::dtr_u):
-        (JSC::ARMAssembler::dtr_ur):
-        (JSC::ARMAssembler::dtr_d):
-        (JSC::ARMAssembler::dtr_dr):
-        (JSC::ARMAssembler::ldrh_r):
-        (JSC::ARMAssembler::ldrh_d):
-        (JSC::ARMAssembler::ldrh_u):
-        (JSC::ARMAssembler::strh_r):
-        (JSC::ARMAssembler::push_r):
-        (JSC::ARMAssembler::pop_r):
-        (JSC::ARMAssembler::poke_r):
-        (JSC::ARMAssembler::peek_r):
-        (JSC::ARMAssembler::clz_r):
-        (JSC::ARMAssembler::bkpt):
-        (JSC::ARMAssembler::lsl):
-        (JSC::ARMAssembler::lsr):
-        (JSC::ARMAssembler::asr):
-        (JSC::ARMAssembler::lsl_r):
-        (JSC::ARMAssembler::lsr_r):
-        (JSC::ARMAssembler::asr_r):
-        (JSC::ARMAssembler::size):
-        (JSC::ARMAssembler::ensureSpace):
-        (JSC::ARMAssembler::label):
-        (JSC::ARMAssembler::align):
-        (JSC::ARMAssembler::jmp):
-        (JSC::ARMAssembler::patchPointerInternal):
-        (JSC::ARMAssembler::patchConstantPoolLoad):
-        (JSC::ARMAssembler::patchPointer):
-        (JSC::ARMAssembler::repatchInt32):
-        (JSC::ARMAssembler::repatchPointer):
-        (JSC::ARMAssembler::repatchLoadPtrToLEA):
-        (JSC::ARMAssembler::linkJump):
-        (JSC::ARMAssembler::relinkJump):
-        (JSC::ARMAssembler::linkCall):
-        (JSC::ARMAssembler::relinkCall):
-        (JSC::ARMAssembler::getRelocatedAddress):
-        (JSC::ARMAssembler::getDifferenceBetweenLabels):
-        (JSC::ARMAssembler::getCallReturnOffset):
-        (JSC::ARMAssembler::getOp2Byte):
-        (JSC::ARMAssembler::placeConstantPoolBarrier):
-        (JSC::ARMAssembler::RM):
-        (JSC::ARMAssembler::RS):
-        (JSC::ARMAssembler::RD):
-        (JSC::ARMAssembler::RN):
-        (JSC::ARMAssembler::getConditionalField):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::JmpSrc::enableLatePatch):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Call::enableLatePatch):
-        (JSC::AbstractMacroAssembler::Jump::enableLatePatch):
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerARM.h: Added.
-        (JSC::MacroAssemblerARM::):
-        (JSC::MacroAssemblerARM::add32):
-        (JSC::MacroAssemblerARM::and32):
-        (JSC::MacroAssemblerARM::lshift32):
-        (JSC::MacroAssemblerARM::mul32):
-        (JSC::MacroAssemblerARM::not32):
-        (JSC::MacroAssemblerARM::or32):
-        (JSC::MacroAssemblerARM::rshift32):
-        (JSC::MacroAssemblerARM::sub32):
-        (JSC::MacroAssemblerARM::xor32):
-        (JSC::MacroAssemblerARM::load32):
-        (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM::loadPtrWithPatchToLEA):
-        (JSC::MacroAssemblerARM::load16):
-        (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM::store32):
-        (JSC::MacroAssemblerARM::pop):
-        (JSC::MacroAssemblerARM::push):
-        (JSC::MacroAssemblerARM::move):
-        (JSC::MacroAssemblerARM::swap):
-        (JSC::MacroAssemblerARM::signExtend32ToPtr):
-        (JSC::MacroAssemblerARM::zeroExtend32ToPtr):
-        (JSC::MacroAssemblerARM::branch32):
-        (JSC::MacroAssemblerARM::branch16):
-        (JSC::MacroAssemblerARM::branchTest32):
-        (JSC::MacroAssemblerARM::jump):
-        (JSC::MacroAssemblerARM::branchAdd32):
-        (JSC::MacroAssemblerARM::mull32):
-        (JSC::MacroAssemblerARM::branchMul32):
-        (JSC::MacroAssemblerARM::branchSub32):
-        (JSC::MacroAssemblerARM::breakpoint):
-        (JSC::MacroAssemblerARM::nearCall):
-        (JSC::MacroAssemblerARM::call):
-        (JSC::MacroAssemblerARM::ret):
-        (JSC::MacroAssemblerARM::set32):
-        (JSC::MacroAssemblerARM::setTest32):
-        (JSC::MacroAssemblerARM::tailRecursiveCall):
-        (JSC::MacroAssemblerARM::makeTailRecursiveCall):
-        (JSC::MacroAssemblerARM::moveWithPatch):
-        (JSC::MacroAssemblerARM::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM::storePtrWithPatch):
-        (JSC::MacroAssemblerARM::supportsFloatingPoint):
-        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM::loadDouble):
-        (JSC::MacroAssemblerARM::storeDouble):
-        (JSC::MacroAssemblerARM::addDouble):
-        (JSC::MacroAssemblerARM::subDouble):
-        (JSC::MacroAssemblerARM::mulDouble):
-        (JSC::MacroAssemblerARM::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM::branchDouble):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerARM::ARMCondition):
-        (JSC::MacroAssemblerARM::prepareCall):
-        (JSC::MacroAssemblerARM::call32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::JmpSrc::enableLatePatch):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * wtf/Platform.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter):
-        (JSC::Yarr::RegexGenerator::generateReturn):
-
-2009-07-17  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Extend AssemblerBuffer with constant pool handling mechanism.
-        https://bugs.webkit.org/show_bug.cgi?id=24986
-
-        Add a platform independed constant pool framework.
-        This pool can store 32 or 64 bits values which is enough to hold
-        any integer, pointer or double constant.
-
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::putIntUnchecked):
-        (JSC::AssemblerBuffer::putInt64Unchecked):
-        (JSC::AssemblerBuffer::append):
-        (JSC::AssemblerBuffer::grow):
-        * assembler/AssemblerBufferWithConstantPool.h: Added.
-        (JSC::):
-
-2009-07-17  Eric Roman  <eroman@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Build fix for non-Darwin.
-        Add a guard for inclusion of RetainPtr.h which includes CoreFoundation.h
-
-        https://bugs.webkit.org/show_bug.cgi?id=27382
-
-        * wtf/unicode/icu/CollatorICU.cpp:
-
-2009-07-17  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by John Sullivan.
-
-        Get user default collation order via a CFLocale API when available.
-
-        * wtf/unicode/icu/CollatorICU.cpp: (WTF::Collator::userDefault):
-
-2009-07-17  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Fix the include path for the Symbian port
-        https://bugs.webkit.org/show_bug.cgi?id=27358
-
-        * JavaScriptCore.pri:
-
-2009-07-17  Csaba Osztrogonac  <oszi@inf.u-szeged.hu>
-
-        Reviewed by David Levin.
-
-        Build fix on platforms don't have MMAP.
-        https://bugs.webkit.org/show_bug.cgi?id=27365
-
-        * interpreter/RegisterFile.h: Including stdio.h irrespectively of HAVE(MMAP)
-
-2009-07-16  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by David Levin.
-
-        Add --web-sockets flag and ENABLE_WEB_SOCKETS define.
-        https://bugs.webkit.org/show_bug.cgi?id=27206
-        
-        Add ENABLE_WEB_SOCKETS
-
-        * Configurations/FeatureDefines.xcconfig: add ENABLE_WEB_SOCKETS
-
-2009-07-16  Maxime Simon  <simon.maxime@gmail.com>
-
-        Reviewed by Eric Seidel.
-
-        Added Haiku-specific files for JavaScriptCore.
-        https://bugs.webkit.org/show_bug.cgi?id=26620
-
-        * wtf/haiku/MainThreadHaiku.cpp: Added.
-        (WTF::initializeMainThreadPlatform):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2009-07-16  Gavin Barraclough  <barraclough@apple.com>
-
-        RS by Oliver Hunt.
-
-        Revert r45969, this fix does not appear to be valid.
-        https://bugs.webkit.org/show_bug.cgi?id=27077
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::unlinkCallers):
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-
-2009-07-16  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Allow custom memory allocation control in ExceptionInfo and RareData struct
-        https://bugs.webkit.org/show_bug.cgi?id=27336
-
-        Inherits ExceptionInfo and RareData struct from FastAllocBase because these
-        have been instantiated by 'new' in JavaScriptCore/bytecode/CodeBlock.cpp:1289 and
-        in JavaScriptCore/bytecode/CodeBlock.h:453.
-
-        Remove unnecessary WTF:: namespace from CodeBlock inheritance.
- 
-        * bytecode/CodeBlock.h:
-
-2009-07-16  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Geoff Garen.
-
-        Fix FeatureDefines.xcconfig to not be out of sync with the rest of the world.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-07-16  Yong Li  <yong.li@torchmobile.com>
-
-         Reviewed by George Staikos.
-
-         https://bugs.webkit.org/show_bug.cgi?id=27320
-         _countof is only included in CE6; for CE5 we need to define it ourself
-
-         * wtf/Platform.h:
-
-2009-07-16  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Workers + garbage collector: weird crashes
-        https://bugs.webkit.org/show_bug.cgi?id=27077
-
-        We need to unlink cached method call sites when a function is destroyed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::unlinkCallers):
-        * jit/JIT.cpp:
-        (JSC::JIT::unlinkMethodCall):
-        * jit/JIT.h:
-
-2009-07-15  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows Build fix.
-
-        Visual Studio reset our intermediate directory on us.
-        This sets it back.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-2009-07-15  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26794
-        Make Yacc-generated parsers to use fastMalloc/fastFree.
-        
-        Define YYMALLOC and YYFREE to fastMalloc and fastFree
-        respectively.
-
-        * parser/Grammar.y:
-
-2009-07-15  Darin Adler  <darin@apple.com>
-
-        Fix a build for a particular Apple configuration.
-
-        * wtf/FastAllocBase.h: Change include to use "" style for
-        including another wtf header. This is the style we use for
-        including other public headers in the same directory.
-
-2009-07-15  George Staikos  <george.staikos@torchmobile.com>
-
-        Reviewed by Adam Treat.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27303
-        Implement createThreadInternal for WinCE.
-        Contains changes by George Staikos <george.staikos@torchmobile.com> and Joe Mason <joe.mason@torchmobile.com>
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::createThreadInternal):
-
-2009-07-15  Joe Mason  <joe.mason@torchmobile.com>
-
-         Reviewed by George Staikos.
-
-         https://bugs.webkit.org/show_bug.cgi?id=27298
-         Platform defines for WINCE.
-         Contains changes by Yong Li <yong.li@torchmobile.com>,
-         George Staikos <george.staikos@torchmobile.com> and Joe Mason <joe.mason@torchmobile.com>
-
-         * wtf/Platform.h:
-
-2009-07-15  Yong Li  <yong.li@torchmobile.com>
-
-         Reviewed by Adam Treat.
-
-         https://bugs.webkit.org/show_bug.cgi?id=27306
-         Use RegisterClass instead of RegisterClassEx on WinCE.
-
-         * wtf/win/MainThreadWin.cpp:
-         (WTF::initializeMainThreadPlatform):
-
-2009-07-15  Yong Li  <yong.li@torchmobile.com>
-
-         Reviewed by George Staikos.
-
-         https://bugs.webkit.org/show_bug.cgi?id=27301
-         Use OutputDebugStringW on WinCE since OutputDebugStringA is not supported
-         Originally written by Yong Li <yong.li@torchmobile.com> and refactored by
-         Joe Mason <joe.mason@torchmobile.com>
-
-         * wtf/Assertions.cpp: vprintf_stderr_common
-
-2009-07-15  Yong Li  <yong.li@torchmobile.com>
-
-         Reviewed by George Staikos.
-
-         https://bugs.webkit.org/show_bug.cgi?id=27020
-         msToGregorianDateTime should set utcOffset to 0 when outputIsUTC is false
-
-         * wtf/DateMath.cpp:
-         (WTF::gregorianDateTimeToMS):
-
-2009-07-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Cleanup - Remove obsolete code from the make system
-        https://bugs.webkit.org/show_bug.cgi?id=27299
-
-        * JavaScriptCore.pro:
-        * jsc.pro:
-
-2009-07-07  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27056
-
-        Alternate bool operator for codewarrior compiler (WINSCW).
-        Compiler (latest b482) reports error for UnspecifiedBoolType construct:
-        "illegal explicit conversion from 'WTF::OwnArrayPtr<JSC::Register>' to 'bool'"
-
-        Same fix as in r38391.
-
-        * JavaScriptCore/wtf/OwnArrayPtr.h:
-
-2009-07-15  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Qualify include path with wtf to fix compilation
-        on Symbian.
-        https://bugs.webkit.org/show_bug.cgi?id=27055
-
-        * interpreter/Interpreter.h:
-
-2009-07-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Dave Kilzer.
-
-        Turn off non-portable date manipulations for SYMBIAN
-        https://bugs.webkit.org/show_bug.cgi?id=27064
-
-        Introduce HAVE(TM_GMTOFF), HAVE(TM_ZONE) and HAVE(TIMEGM) guards 
-        and place the rules for controlling the guards in Platform.h.
-        Turn off these newly introduced guards for SYMBIAN.
-
-        * wtf/DateMath.cpp:
-        (WTF::calculateUTCOffset):
-        * wtf/DateMath.h:
-        (WTF::GregorianDateTime::GregorianDateTime):
-        (WTF::GregorianDateTime::operator tm):
-        * wtf/Platform.h:
-
-2009-07-15  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Undef ASSERT on Symbian, to avoid excessive warnings
-        https://bugs.webkit.org/show_bug.cgi?id=27052
-
-        * wtf/Assertions.h:
-
-2009-07-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Simon Hausmann.
-
-        REGRESSION: fast/js/postfix-syntax.html fails with interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=27294
-
-        When postfix operators operating on locals assign to the same local
-        the order of operations has to be to store the incremented value, then
-        store the unmodified number.  Rather than implementing this subtle
-        semantic in the interpreter I've just made the logic explicit in the
-        bytecode generator, so x=x++ effectively becomes x=ToNumber(x) (for a
-        local var x).
-
-        * parser/Nodes.cpp:
-        (JSC::emitPostIncOrDec):
-
-2009-07-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Simon Hausmann.
-
-        REGRESSION(43559): fast/js/kde/arguments-scope.html fails with interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=27259
-
-        The interpreter was incorrectly basing its need to create the arguments object
-        based on the presence of the callframe's argument reference rather than the local
-        arguments reference.  Based on this it then overrode the local variable reference.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-07-14  Steve Falkenburg  <sfalken@apple.com>
-
-        Reorganize JavaScriptCore headers into:
-        API: include/JavaScriptCore/
-        Private: include/private/JavaScriptCore/
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-
-2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Change JSCell's superclass to NoncopyableCustomAllocated
-        https://bugs.webkit.org/show_bug.cgi?id=27248
-
-        JSCell class customizes operator new, since Noncopyable will be 
-        inherited from FastAllocBase, NoncopyableCustomAllocated has 
-        to be used.
-
-        * runtime/JSCell.h:
-
-2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Change all Noncopyable inheriting visibility to public.
-        https://bugs.webkit.org/show_bug.cgi?id=27225
-
-        Change all Noncopyable inheriting visibility to public because
-        it is needed to the custom allocation framework (bug #20422).
-
-        * bytecode/SamplingTool.h:
-        * bytecompiler/RegisterID.h:
-        * interpreter/CachedCall.h:
-        * interpreter/RegisterFile.h:
-        * parser/Lexer.h:
-        * parser/Parser.h:
-        * runtime/ArgList.h:
-        * runtime/BatchedTransitionOptimizer.h:
-        * runtime/Collector.h:
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSLock.h:
-        * runtime/JSONObject.cpp:
-        * runtime/SmallStrings.cpp:
-        * runtime/SmallStrings.h:
-        * wtf/CrossThreadRefCounted.h:
-        * wtf/GOwnPtr.h:
-        * wtf/Locker.h:
-        * wtf/MessageQueue.h:
-        * wtf/OwnArrayPtr.h:
-        * wtf/OwnFastMallocPtr.h:
-        * wtf/OwnPtr.h:
-        * wtf/RefCounted.h:
-        * wtf/ThreadSpecific.h:
-        * wtf/Threading.h:
-        * wtf/Vector.h:
-        * wtf/unicode/Collator.h:
-
-2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Change ParserArenaRefCounted's superclass to RefCountedCustomAllocated
-        https://bugs.webkit.org/show_bug.cgi?id=27249
-
-        ParserArenaDeletable customizes operator new, to avoid double inheritance
-        ParserArenaDeletable's superclass has been changed to RefCountedCustomAllocated.
-
-        * parser/Nodes.h:
-
-2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Add RefCountedCustomAllocated to RefCounted.h
-        https://bugs.webkit.org/show_bug.cgi?id=27232
-
-        Some class which are inherited from RefCounted customize
-        operator new, but RefCounted is inherited from Noncopyable
-        which will be inherited from FastAllocBase. To avoid
-        conflicts Noncopyable inheriting was moved down to RefCounted
-        and to avoid double inheritance this class has been added.
-
-        * wtf/RefCounted.h:
-        (WTF::RefCountedCustomAllocated::deref):
-        (WTF::RefCountedCustomAllocated::~RefCountedCustomAllocated):
-
-2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Add NoncopyableCustomAllocated to Noncopyable.h.
-        https://bugs.webkit.org/show_bug.cgi?id=27228
-        
-        Some classes which inherited from Noncopyable overrides operator new
-        since Noncopyable'll be inherited from FastAllocBase, Noncopyable.h 
-        needs to be extended with this new class to support the overriding. 
-
-        * wtf/Noncopyable.h:
-        (WTFNoncopyable::NoncopyableCustomAllocated::NoncopyableCustomAllocated):
-        (WTFNoncopyable::NoncopyableCustomAllocated::~NoncopyableCustomAllocated):
-
-2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's IdentifierTable class
-        https://bugs.webkit.org/show_bug.cgi?id=27260
-
-        Inherits IdentifierTable class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/Identifier.cpp:70.
-
-        * runtime/Identifier.cpp:
-
-2009-07-14  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Allow custom memory allocation control for JavaScriptCore's Profiler class
-        https://bugs.webkit.org/show_bug.cgi?id=27253
-
-        Inherits Profiler class from FastAllocBase because it has been instantiated by
-        'new' in JavaScriptCore/profiler/Profiler.cpp:56.
-
-        * profiler/Profiler.h:
-
-2009-07-06  George Staikos  <george.staikos@torchmobile.com>
-
-        Reviewed by Adam Treat.
-
-        Authors: George Staikos <george.staikos@torchmobile.com>, Joe Mason <joe.mason@torchmobile.com>, Makoto Matsumoto <matumoto@math.keio.ac.jp>, Takuji Nishimura
-
-        https://bugs.webkit.org/show_bug.cgi?id=27030
-        Implement custom RNG for WinCE using Mersenne Twister
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-        * wtf/wince/mt19937ar.c: Added.
-        (init_genrand):
-        (init_by_array):
-        (genrand_int32):
-        (genrand_int31):
-        (genrand_real1):
-        (genrand_real2):
-        (genrand_real3):
-        (genrand_res53):
-
-2009-07-13  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Unreviewed make dist build fix.
-
-        * GNUmakefile.am:
-
-2009-07-13  Drew Wilson  <atwilson@google.com>
-
-        Reviewed by David Levin.
-
-        Add ENABLE(SHARED_WORKERS) flag and define SharedWorker APIs
-        https://bugs.webkit.org/show_bug.cgi?id=26932
-
-        Added ENABLE(SHARED_WORKERS) flag (off by default).
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-07-07  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Maciej Stachoviak.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27058
-
-        Removed superfluous parenthesis around single expression.
-        Compilers on Symbian platform fail to properly parse and compile.
-
-        * JavaScriptCore/wtf/Platform.h:
-
-2009-07-13  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Maciej Stachoviak.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27054
-
-        Renamed Translator to HashTranslator
-
-        Codewarrior compiler (WINSCW) latest b482 cannot resolve typename
-        mismatch between template declaration and definition
-        (HashTranslator / Translator)
-
-        * wtf/HashSet.h:
-
-2009-07-13  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27053
-
-        Ambiguity in LabelScope initialization
-
-        Codewarrior compiler (WINSCW) latest b482 on Symbian cannot resolve
-        type of "0" unambiguously. Set expression explicitly to
-        PassRefPtr<Label>::PassRefPtr()
-
-        * bytecompiler/BytecodeGenerator.cpp
-
-2009-07-11  Simon Fraser  <simon.fraser@apple.com>
-
-        Enable support for accelerated compositing and 3d transforms on Leopard.
-        <https://bugs.webkit.org/show_bug.cgi?id=20166>
-        <rdar://problem/6120614>
-
-        Reviewed by Oliver Hunt.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-07-10  Mark Rowe  <mrowe@apple.com>
-
-        Second part of the "make Windows happier" dance.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-10  Mark Rowe  <mrowe@apple.com>
-
-        Try and make the Windows build happy.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-07-10  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        * debugger/Debugger.h: Made this function virtual for use in WebCore's
-        WebInspector.
-
-2009-07-10  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        ParserArenaDeletable should override delete
-        https://bugs.webkit.org/show_bug.cgi?id=26790
-
-        ParserArenaDeletable overrides new, but it does not override delete.
-        ParserArenaDeletable must be freed by fastFree
-        because it is allocated by fastMalloc.
-
-        * parser/NodeConstructors.h:
-        (JSC::ParserArenaDeletable::operator delete):
-        * parser/Nodes.h:
-
-2009-07-10  Adam Roben  <aroben@apple.com>
-
-        Sort all our Xcode projects
-
-        Accomplished using sort-Xcode-project-file.
-
-        Requested by Dave Kilzer.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2009-07-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed, build fix.
-
-        Windows build fix for the last change.
-
-        * wtf/dtoa.cpp: Forgot to include Vector.h
-
-2009-07-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION: crash in edge cases of floating point parsing.
-        https://bugs.webkit.org/show_bug.cgi?id=27110
-        <rdar://problem/7044458>
-        
-        Tests: fast/css/number-parsing-crash.html
-               fast/css/number-parsing-crash.html
-               fast/js/number-parsing-crash.html
-        
-        * wtf/dtoa.cpp:
-        (WTF::BigInt::BigInt): Converted this to more a proper class, using a Vector
-        with inline capacity
-
-        (WTF::lshift): Rearranged logic somewhat nontrivially to deal with the new way of sizing BigInts.
-        Added an assertion to verify that invariants are maintained.
-
-        All other functions are adapted fairly mechanically to the above changes.
-        (WTF::BigInt::clear):
-        (WTF::BigInt::size):
-        (WTF::BigInt::resize):
-        (WTF::BigInt::words):
-        (WTF::BigInt::append):
-        (WTF::multadd):
-        (WTF::s2b):
-        (WTF::i2b):
-        (WTF::mult):
-        (WTF::cmp):
-        (WTF::diff):
-        (WTF::b2d):
-        (WTF::d2b):
-        (WTF::ratio):
-        (WTF::strtod):
-        (WTF::quorem):
-        (WTF::dtoa):
-
-2009-07-09  Drew Wilson  <atwilson@google.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Turned on CHANNEL_MESSAGING by default because the MessageChannel API
-        can now be implemented for Web Workers and is reasonably stable.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2009-07-09  Oliver Hunt  <oliver@apple.com>
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-07-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 27016 - Interpreter crashes due to invalid array indexes
-        <https://bugs.webkit.org/show_bug.cgi?id=27016>
-
-        Unsigned vs signed conversions results in incorrect behaviour in
-        64bit interpreter builds.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-07-09  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        [Chromium] Upstream JavaScriptCore.gypi, the project file for Chromium build.
-        https://bugs.webkit.org/show_bug.cgi?id=27135
-
-        * JavaScriptCore.gypi: Added.
-
-2009-07-09  Joe Mason  <joe.mason@torchmobile.com>
-
-        Reviewed by George Staikos.
-        
-        Authors: Yong Li <yong.li@torchmobile.com>, Joe Mason <joe.mason@torchmobile.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=27031
-        Add an override for deleteOwnedPtr(HDC) on Windows
-        
-        * wtf/OwnPtrCommon.h:
-        * wtf/OwnPtrWin.cpp:
-        (WTF::deleteOwnedPtr):
-
-2009-07-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Guard singal.h dependency with HAVE(SIGNAL_H) to enable building jsc
-        on SYMBIAN.
-
-        https://bugs.webkit.org/show_bug.cgi?id=27026
-
-        Based on Norbert Leser's work.
-
-        * jsc.cpp:
-        (printUsageStatement):
-        (parseArguments):
-        * wtf/Platform.h:
-
-2009-07-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Stop loading constants into the register file.
-
-        Instead, use high register values (highest bit bar the sign bit set) to indicate
-        constants in the instruction stream, and when we encounter such a value load it
-        directly from the CodeBlock.
-
-        Since constants are no longer copied into the register file, this patch renders
-        the 'unexpected constant' mechanism redundant, and removes it.
-
-        2% improvement, thanks to Sam Weinig.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::mark):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isTemporaryRegisterIndex):
-        (JSC::CodeBlock::constantRegister):
-        (JSC::CodeBlock::isConstantRegisterIndex):
-        (JSC::CodeBlock::getConstant):
-        (JSC::ExecState::r):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::preserveLastVar):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitEqualityOp):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitNewError):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNode):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::noCaller):
-        (JSC::ExecState::hasHostCallFrameFlag):
-        (JSC::ExecState::addHostCallFrameFlag):
-        (JSC::ExecState::removeHostCallFrameFlag):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::resolveBaseAndFunc):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadDouble):
-        (JSC::JIT::emitLoadInt32ToDouble):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_error):
-        (JSC::JIT::emit_op_enter):
-        (JSC::JIT::emit_op_enter_with_activation):
-        * parser/Nodes.cpp:
-        (JSC::DeleteResolveNode::emitBytecode):
-        (JSC::DeleteValueNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * wtf/Platform.h:
-
-2009-07-07  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fix <https://bugs.webkit.org/show_bug.cgi?id=27025> / <rdar://problem/7033448>.
-        Bug 27025: Crashes and regression test failures related to regexps in 64-bit
-
-        For x86_64 RegexGenerator uses rbx, a callee-save register, as a scratch register but
-        neglects to save and restore it.  The change in handling of the output vector in r45545
-        altered code generation so that the RegExp::match was now storing important data in rbx,
-        which caused crashes and bogus results when it was clobbered.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter): Save rbx.
-        (JSC::Yarr::RegexGenerator::generateReturn): Restore rbx.
-
-2009-07-06  Ada Chan  <adachan@apple.com>
-
-        Reviewed by Darin Adler and Mark Rowe.
-
-        Decommitted spans are added to the list of normal spans rather than 
-        the returned spans in TCMalloc_PageHeap::Delete().
-        https://bugs.webkit.org/show_bug.cgi?id=26998
-        
-        In TCMalloc_PageHeap::Delete(), the deleted span can be decommitted in 
-        the process of merging with neighboring spans that are also decommitted.  
-        The merged span needs to be placed in the list of returned spans (spans 
-        whose memory has been returned to the system).  Right now it's always added 
-        to the list of the normal spans which can theoretically cause thrashing.  
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::Delete):
-
-2009-07-05  Lars Knoll  <lars.knoll@nokia.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26843
-
-        Fix run-time crashes in JavaScriptCore with the Metrowerks compiler on Symbian.
-
-        The Metrowerks compiler on the Symbian platform moves the globally
-        defined Hashtables into read-only memory, despite one of the members
-        being mutable. This causes crashes at run-time due to write access to
-        read-only memory.
-
-        Avoid the use of const with this compiler by introducing the
-        JSC_CONST_HASHTABLE macro.
-
-        Based on idea by Norbert Leser.
-
-        * runtime/Lookup.h: Define JSC_CONST_HASHTABLE as const for !WINSCW.
-        * create_hash_table: Use JSC_CONST_HASHTABLE for hashtables.
-        * runtime/JSGlobalData.cpp: Import various global hashtables via the macro.
-
-2009-07-04  Dan Bernstein  <mitz@apple.com>
-
-        - debug build fix
-
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getLastParen):
-
-2009-07-03  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by Maciej Stachowiak (and revised slightly)
-
-        RegExp::match to be optimized
-        https://bugs.webkit.org/show_bug.cgi?id=26957
-
-        Allow regexp matching to use Vectors with inline capacity instead of
-        allocating a new ovector buffer every time.
-        
-        ~5% speedup on SunSpider string-unpack-code test, 0.3% on SunSpider overall.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructorPrivate::RegExpConstructorPrivate):
-        (JSC::RegExpConstructorPrivate::lastOvector):
-        (JSC::RegExpConstructorPrivate::tempOvector):
-        (JSC::RegExpConstructorPrivate::changeLastOvector):
-        (JSC::RegExpConstructor::performMatch):
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::fillArrayInstance):
-        (JSC::RegExpConstructor::getBackref):
-        (JSC::RegExpConstructor::getLastParen):
-        (JSC::RegExpConstructor::getLeftContext):
-        (JSC::RegExpConstructor::getRightContext):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSplit):
-
-2009-06-30  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        Override operator new/delete with const std::nothrow_t& as the second
-        argument.
-        https://bugs.webkit.org/show_bug.cgi?id=26792
-
-        On Windows CE, operator new/delete, new[]/delete[] with const
-        std::nothrow_t& must be overrided because some standard template
-        libraries use these operators.
-
-        The problem occurs when memory allocated by new(size_t s, const
-        std::nothrow_t&) is freed by delete(void* p). This causes the umatched
-        malloc/free problem.
-
-        The patch overrides all new, delete, new[] and delete[] to use
-        fastMaloc and fastFree consistently.
-
-        * wtf/FastMalloc.h:
-        (throw):
-
-2009-06-30  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Sam Weinig.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=24986>
-
-        Remove unnecessary references to AssemblerBuffer.
-
-        * interpreter/Interpreter.cpp:
-        * interpreter/Interpreter.h:
-
-2009-06-29  David Levin  <levin@chromium.org>
-
-        Reviewed by Oliver Hunt.
-
-        Still seeing occasional leaks from UString::sharedBuffer code
-        https://bugs.webkit.org/show_bug.cgi?id=26420
-
-        The problem is that the pointer to the memory allocation isn't visible
-        by "leaks" due to the lower bits being used as flags.  The fix is to
-        make the pointer visible in memory (in debug only). The downside of
-        this fix that the memory allocated by sharedBuffer will still look like
-        a leak in non-debug builds when any flags are set.
-
-        * wtf/PtrAndFlags.h:
-        (WTF::PtrAndFlags::set):
-
-2009-06-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Remove more unused scons support.
-
-        * SConstruct: Removed.
-
-2009-06-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/7016214> JSON.parse fails to parse valid JSON with most Unicode characters
-        <https://bugs.webkit.org/show_bug.cgi?id=26802>
-
-        In the original JSON.parse patch unicode was handled correctly, however in some last
-        minute "clean up" I oversimplified isSafeStringCharacter.  This patch corrects this bug.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::isSafeStringCharacter):
-        (JSC::LiteralParser::Lexer::lexString):
-
-2009-06-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        <rdar://problem/7009684> REGRESSION(r45039): Crashes inside JSEvent::put on PowerPC (26746)
-        <https://bugs.webkit.org/show_bug.cgi?id=26746>
-
-        Fix for r45039 incorrectly uncached a get_by_id by converting it to put_by_id.  Clearly this
-        is less than correct.  This patch corrects that error.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID):
-
-2009-06-26  Eric Seidel  <eric@webkit.org>
-
-        No review, only rolling out r45259.
-
-        Roll out r45259 after crash appeared on the bots:
-        plugins/undefined-property-crash.html
-        ASSERTION FAILED: s <= HeapConstants<heapType>::cellSize
-        (leopard-intel-debug-tests/build/JavaScriptCore/runtime/Collector.cpp:278
-        void* JSC::Heap::heapAllocate(size_t) [with JSC::HeapType heapType = PrimaryHeap])
-
-        * runtime/DateInstance.cpp:
-        * runtime/Identifier.cpp:
-        * runtime/Lookup.h:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpObject.h:
-        * runtime/ScopeChain.h:
-        * runtime/UString.h:
-
-2009-06-26  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Add support for QDataStream operators to Vector.
-
-        * wtf/Vector.h:
-        (WTF::operator<<):
-        (WTF::operator>>):
-
-2009-06-24  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Make the opcode sampler work once again.
-
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compileCTIMachineTrampolines):
-        (JSC::JIT::compilePatchGetArrayLength):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::call):
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Maciej Stachowiak.
-
-        Extend FastAllocBase.h with 'using WTF::FastAllocBase' to avoid
-        unnecessary WTF:: usings.
-        Remove existing unnecessary WTF:: usings.
-
-        * interpreter/Interpreter.h:
-        * profiler/CallIdentifier.h:
-        * runtime/ScopeChain.h:
-        * wtf/FastAllocBase.h:
-
-2009-06-24  David Levin  <levin@chromium.org>
-
-        Fix all builds.
-
-        * bytecode/CodeBlock.h:
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Register.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Maciej Stachowiak.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=26677
-
-        Inherits CodeBlock class from FastAllocBase because it
-        has been instantiated by 'new' in JavaScriptCore/bytecode/CodeBlock.h:217.
-
-        * bytecode/CodeBlock.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Maciej Stachowiak.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=26676
-
-        Inherits BytecodeGenerator class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/parser/Nodes.cpp:1892.
-
-        * bytecompiler/BytecodeGenerator.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Maciej Stachowiak.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=26675
-
-        Inherits Register class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/JSVariableObject.h:149.
-
-        * interpreter/Register.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=26674
-
-        Inherits HashMap class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/Structure.cpp:458.
-
-        * wtf/HashMap.h:
-
-2009-06-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/6940519> REGRESSION (Safari 4 Public Beta - TOT): google.com/adplanner shows blank page instead of site details in "basic research'
-
-        The problem was caused by the page returned with a function using a
-        var declaration list containing around ~3000 variables.  The solution
-        to this is to flatten the comma expression representation and make
-        codegen comma expressions and initializer lists iterative rather than
-        recursive.
-
-        * parser/Grammar.y:
-        * parser/NodeConstructors.h:
-        (JSC::CommaNode::CommaNode):
-        * parser/Nodes.cpp:
-        (JSC::CommaNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::isCommaNode):
-        (JSC::CommaNode::isCommaNode):
-        (JSC::CommaNode::append):
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Maciej Stachowiak.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26645
-
-        Inherits ScopeChainNode class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/ScopeChain.h:95.
-
-        * wtf/RefPtr.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26648
-
-        Inherits Deque class from FastAllocBase because it has been
-        instantiated by 'new' with DEFINE_STATIC_LOCAL macro in 
-        JavaScriptCore/wtf/MainThread.cpp:62.
-
-        * wtf/Deque.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26644
-
-        Inherits RefPtr class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/StructureChain.cpp:41.
-
-        * wtf/RefPtr.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Inherits HashSet class from FastAllocBase, because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/Collector.h:116.
-
-        * wtf/HashSet.h:
-
-2009-06-24  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        Inherits Vector class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/Structure.cpp:633.
-
-        * wtf/Vector.h:
-
-2009-06-24  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Maciej Stachoviak.
-
-        The BytecodeGenerator objects were instantiated on stack, which takes up ~38kB per instance
-        (each instance includes copy of JSC::CodeBlock with large SymbolTable, etc.).
-        Specifically, since there is nested invocation (e.g., GlobalCode --> FunctionCode),
-        the stack overflows immediately on Symbian hardware (max. 80 kB).
-        Proposed change allocates generator objects on heap.
-        Performance impact (if any) should be negligible and change is proposed as general fix,
-        rather than ifdef'd for SYMBIAN.
-
-        * parser/Nodes.cpp:
-        (JSC::ProgramNode::generateBytecode):
-        (JSC::EvalNode::generateBytecode):
-        (JSC::EvalNode::bytecodeForExceptionInfoReparse):
-        (JSC::FunctionBodyNode::generateBytecode):
-        (JSC::FunctionBodyNode::bytecodeForExceptionInfoReparse):
-
-2009-06-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/6992806> REGRESSION: Enumeration can skip new properties in cases of prototypes that have more than 64 (26593)
-        <https://bugs.webkit.org/show_bug.cgi?id=26593>
-
-        Do not attempt to cache structure chains if they contain a dictionary at any level.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        * runtime/Structure.cpp:
-        (JSC::Structure::getEnumerablePropertyNames):
-        (JSC::Structure::addPropertyTransition):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::isCacheable):
-        * runtime/StructureChain.h:
-
-2009-06-23  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26654
-        Add the proper export define for the JavaScriptCore API when building for WINCE.
-
-        * API/JSBase.h:
-
-2009-06-23  Joe Mason  <joe.mason@torchmobile.com>
-
-        Reviewed by Adam Treat.
-
-        Authors: Yong Li <yong.li@torchmobile.com>, Joe Mason <joe.mason@torchmobile.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=26611
-        Implement currentThreadStackBase on WINCE by adding a global,
-        g_stackBase, which must be set to the address of a local variable
-        by the caller before calling any WebKit function that invokes JSC.
-
-        * runtime/Collector.cpp:
-        (JSC::isPageWritable):
-        (JSC::getStackBase):
-          Starts at the top of the stack and returns the entire range of
-          consecutive writable pages as an estimate of the actual stack.
-          This will be much bigger than the actual stack range, so some
-          dead objects can't be collected, but it guarantees live objects
-          aren't collected prematurely.
-
-        (JSC::currentThreadStackBase):
-          On WinCE, returns g_stackBase if set or call getStackBase as a
-          fallback if not.
-
-2009-06-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fix stupid performance problem in the LiteralParser
-
-        The LiteralParser was making a new UString in order to use
-        toDouble, however UString's toDouble allows a much wider range
-        of numberic strings than the LiteralParser accepts, and requires
-        an additional heap allocation or two for the construciton of the
-        UString.  To rectify this we just call WTF::dtoa directly using
-        a stack allocated buffer to hold the validated numeric literal.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-
-2009-06-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Bug 26640: JSON.stringify needs to special case Boolean objects
-        <https://bugs.webkit.org/show_bug.cgi?id=26640>
-
-        Add special case handling of the Boolean object so we match current
-        ES5 errata.
-
-        * runtime/JSONObject.cpp:
-        (JSC::unwrapBoxedPrimitive): renamed from unwrapNumberOrString
-        (JSC::gap):
-        (JSC::Stringifier::appendStringifiedValue):
-
-2009-06-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 26591: Support revivers in JSON.parse
-        <https://bugs.webkit.org/show_bug.cgi?id=26591>
-
-        Add reviver support to JSON.parse.  This completes the JSON object.
-
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::Walker):
-        (JSC::Walker::callReviver):
-        (JSC::Walker::walk):
-        (JSC::JSONProtoFuncParse):
-
-2009-06-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 26592: Support standard toJSON functions
-        <https://bugs.webkit.org/show_bug.cgi?id=26592>
-
-        Add support for the standard Date.toJSON function.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToJSON):
-
-2009-06-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 26594: JSC needs to support Date.toISOString
-        <https://bugs.webkit.org/show_bug.cgi?id=26594>
-
-        Add support for Date.toISOString.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToISOString):
-
-2009-06-21  Oliver Hunt  <oliver@apple.com>
-
-        Remove dead code.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-
-2009-06-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler and Cameron Zwarich.
-
-        Bug 26587: Support JSON.parse
-        <https://bugs.webkit.org/show_bug.cgi?id=26587>
-
-        Extend the LiteralParser to support the full strict JSON
-        grammar, fix a few places where the grammar was incorrectly
-        lenient.   Doesn't yet support the JSON.parse reviver function
-        but that does not block the JSON.parse functionality itself.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::isSafeStringCharacter):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::tryJSONParse):
-        (JSC::LiteralParser::):
-        (JSC::LiteralParser::Lexer::Lexer):
-
-2009-06-21  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (speculative build fix for windows).
-
-        Simply removed some whitespace form this file to make windows build wtf and
-        hopefully copy the new MessageQueque.h so that WebCore picks it up.
-
-        * wtf/Assertions.cpp:
-
-2009-06-21  Drew Wilson  <atwilson@google.com>
-
-        Reviewed by David Levin.
-
-        <https://bugs.webkit.org/show_bug.cgi?id=25043>
-        Added support for multi-threaded MessagePorts.
-
-        * wtf/MessageQueue.h:
-        (WTF::::appendAndCheckEmpty):
-            Added API to test whether the queue was empty before adding an element.
-  
-2009-06-20  David D. Kilzer  <ddkilzer@webkit.org>
-
-        Fix namespace comment in SegmentedVector.h
-
-        * wtf/SegmentedVector.h: Updated namespace comment to reflect
-        new namespace after r44897.
-
-2009-06-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Bug 24986: ARM JIT port
-        <https://bugs.webkit.org/show_bug.cgi?id=24986>
-
-        Reviewed by Oliver Hunt.
-
-        An Iterator added for SegmentedVector. Currently
-        only the pre ++ operator is supported.
-
-        * wtf/SegmentedVector.h:
-        (WTF::SegmentedVectorIterator::~SegmentedVectorIterator):
-        (WTF::SegmentedVectorIterator::operator*):
-        (WTF::SegmentedVectorIterator::operator->):
-        (WTF::SegmentedVectorIterator::operator++):
-        (WTF::SegmentedVectorIterator::operator==):
-        (WTF::SegmentedVectorIterator::operator!=):
-        (WTF::SegmentedVectorIterator::operator=):
-        (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
-        (WTF::SegmentedVector::alloc):
-        (WTF::SegmentedVector::begin):
-        (WTF::SegmentedVector::end):
-
-2009-06-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Bug 24986: ARM JIT port
-        <https://bugs.webkit.org/show_bug.cgi?id=24986>
-
-        Reviewed by Oliver Hunt.
-
-        Move SegmentedVector to /wtf subdirectory
-        and change "namespace JSC" to "namespace WTF"
-
-        Additional build file updates by David Kilzer.
-
-        * GNUmakefile.am: Updated path to SegmentedVector.h.
-        * JavaScriptCore.order: Updated SegmentedVector namespace from
-        JSC to WTF in mangled C++ method name.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Removed reference to bytecompiler\SegmentedVector.h.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added reference to
-        wtf\SegmentedVector.h.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Moved
-        SegmentedVector.h definition from bytecompiler subdirectory to
-        wtf subdirectory.
-        * bytecompiler/BytecodeGenerator.h: Updated #include path to
-        SegmentedVector.h and prepended WTF:: namespace to its use.
-        * parser/Lexer.h: Ditto.
-        * wtf/SegmentedVector.h: Renamed from JavaScriptCore/bytecompiler/SegmentedVector.h.
-        (WTF::SegmentedVector::SegmentedVector):
-        (WTF::SegmentedVector::~SegmentedVector):
-        (WTF::SegmentedVector::size):
-        (WTF::SegmentedVector::at):
-        (WTF::SegmentedVector::operator[]):
-        (WTF::SegmentedVector::last):
-        (WTF::SegmentedVector::append):
-        (WTF::SegmentedVector::removeLast):
-        (WTF::SegmentedVector::grow):
-        (WTF::SegmentedVector::clear):
-        (WTF::SegmentedVector::deleteAllSegments):
-        (WTF::SegmentedVector::segmentExistsFor):
-        (WTF::SegmentedVector::segmentFor):
-        (WTF::SegmentedVector::subscriptFor):
-        (WTF::SegmentedVector::ensureSegmentsFor):
-        (WTF::SegmentedVector::ensureSegment):
-
-2009-06-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (build fix take 2 - rename FIELD_OFFSET to something that doesn't conflict with winnt.h).
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emitGetVariableObjectRegister):
-        (JSC::JIT::emitPutVariableObjectRegister):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        (JSC::JIT::checkStructure):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_construct_verify):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-
-2009-06-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Windows build fix).
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-
-2009-06-19  Gabor Loki  <loki@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Reorganize ARM architecture specific macros.
-        Use PLATFORM_ARM_ARCH(7) instead of PLATFORM(ARM_V7).
-
-        Bug 24986: ARM JIT port
-        <https://bugs.webkit.org/show_bug.cgi?id=24986>
-
-        * assembler/ARMv7Assembler.h:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Imm32::Imm32):
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * wtf/Platform.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter):
-        (JSC::Yarr::RegexGenerator::generateReturn):
-
-2009-06-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix armv7 JIT build issues.
-
-        Unfortunate the arm compiler does not like the use of offsetof on JITStackFrame (since it now contains non POD types),
-        and the FIELD_OFFSET macro does not appear constantish enough for it to be happy with its use in COMPILE_ASSERT macros.
-
-        * Replace offsetofs with FIELD_OFFSETs (safe on C++ objects).
-        * Move COMPILE_ASSERTs defending layout of JITStackFrame structure on armv7 into JITThunks constructor.
-
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReference):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_catch):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-
-2009-06-19  Adam Treat  <adam.treat@torchmobile.com>
-
-        Blind attempt at build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-06-19  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Inherits CallIdentifier struct from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/profiler/CallIdentifier.h:86.
-
-        * wtf/HashCountedSet.h:
-
-2009-06-19  Adam Treat  <adam.treat@torchmobile.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26540
-        Modify the test shell to add a new function 'checkSyntax' that will
-        only parse the source instead of executing it. In this way we can test
-        pure parsing performance against some of the larger scripts in the wild.
-
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionCheckSyntax):
-
-2009-06-19  Zoltan Horvath  <hzoltan@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-        
-        Inherits HashCountedSet class from FastAllocBase because it has been
-        instantiated by 'new' in JavaScriptCore/runtime/Collector.cpp:1095.
-
-        * wtf/HashCountedSet.h:
-
-2009-06-19  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26558
-        Declare these symbols extern for WINCE as they are provided by libce.
-
-        * runtime/DateConstructor.cpp:
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-
-2009-06-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        <rdar://problem/6988973> ScopeChain leak in interpreter builds
-
-        Move the Scopechain destruction code in JSFunction outside of the ENABLE(JIT)
-        path.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::~JSFunction):
-        * wtf/Platform.h:
-
-2009-06-19  Yong Li  <yong.li@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26543
-        Windows CE uses 'GetLastError' instead of 'errno.'
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::grow):
-
-2009-06-19  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (Windows build fix).
-
-        Add export for Windows corresponding to OSX export done in r44844.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore_debug.def:
-
-2009-06-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin "Viceroy of Venezuela" Barraclough.
-
-        Bug 26532: Native functions do not correctly unlink from optimised callsites when they're collected
-        <https://bugs.webkit.org/show_bug.cgi?id=26532> <rdar://problem/6625385>
-
-        We need to make sure that each native function instance correctly unlinks any references to it
-        when it is collected.  Allowing this to happen required a few changes:
-            * Every native function needs a codeblock to track the link information
-            * To have this codeblock, every function now also needs its own functionbodynode
-              so we no longer get to have a single shared instance.
-            * Identifying a host function is now done by looking for CodeBlock::codeType() == NativeCode
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-           Constructor for NativeCode CodeBlock
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::handlerForBytecodeOffset):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
-        (JSC::CodeBlock::functionRegisterForBytecodeOffset):
-        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
-        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
-        (JSC::CodeBlock::setJITCode):
-           Add assertions to ensure we don't try and use NativeCode CodeBlocks as
-           a normal codeblock.
-
-        * bytecode/CodeBlock.h:
-        (JSC::):
-        (JSC::CodeBlock::source):
-        (JSC::CodeBlock::sourceOffset):
-        (JSC::CodeBlock::evalCodeCache):
-        (JSC::CodeBlock::createRareDataIfNecessary):
-          More assertions.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::linkCall):
-          Update logic to allow native function caching
-
-        * jit/JITStubs.cpp:
-        * parser/Nodes.cpp:
-        (JSC::FunctionBodyNode::createNativeThunk):
-        (JSC::FunctionBodyNode::isHostFunction):
-        * parser/Nodes.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::~JSFunction):
-        (JSC::JSFunction::mark):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-
-2009-06-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Windows build fix).
-
-        * wtf/DateMath.cpp:
-        (WTF::calculateUTCOffset):
-
-2009-06-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Timezone calculation incorrect in Venezuela.
-
-        https://bugs.webkit.org/show_bug.cgi?id=26531
-        <rdar://problem/6646169> Time is incorrectly reported to JavaScript in both Safari 3 and Firefox 3
-
-        The problem is that we're calculating the timezone relative to 01/01/2000,
-        but the VET timezone changed from -4 hours to -4:30 hours on 12/09/2007.
-        According to the spec, section 15.9.1.9 states "the time since the beginning
-        of the year", presumably meaning the *current* year.  Change the calculation
-        to be based on whatever the current year is, rather than a canned date.
-
-        No performance impact.
-
-        * wtf/DateMath.cpp:
-        (WTF::calculateUTCOffset):
-
-2009-06-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Mark Rowe (originally reviewed by Sam Weinig).
-
-        (Reintroducing patch added in r44492, and reverted in r44796.)
-
-        Change the implementation of op_throw so the stub function always modifies its
-        return address - if it doesn't find a 'catch' it will switch to a trampoline
-        to force a return from JIT execution.  This saves memory, by avoiding the need
-        for a unique return for every op_throw.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_throw):
-            JITStubs::cti_op_throw now always changes its return address,
-            remove return code generated after the stub call (this is now
-            handled by ctiOpThrowNotCaught).
-        * jit/JITStubs.cpp:
-        (JSC::):
-            Add ctiOpThrowNotCaught definitions.
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-            Change cti_op_throw to always change its return address.
-        * jit/JITStubs.h:
-            Add ctiOpThrowNotCaught declaration.
-
-2009-06-18  Kevin McCullough  <kmccullough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6940880> REGRESSION: Breakpoints don't break in 64-bit
-
-        - Exposed functions now needed by WebCore.
-
-        * JavaScriptCore.exp:
-
-2009-06-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 26429: Make JSON.stringify non-recursive so it can handle objects
-        of arbitrary complexity
-        https://bugs.webkit.org/show_bug.cgi?id=26429
-
-        For marking I decided not to use gcProtect, because this is inside the engine
-        so it's easy enough to just do marking. And that darned gcProtect does locking!
-        Oliver tried to convince me to used MarkedArgumentBuffer, but the constructor
-        for that class says "FIXME: Remove all clients of this API, then remove this API."
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::collect): Add a call to JSONObject::markStringifiers.
-
-        * runtime/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers): Added emptyIdentifier.
-        * runtime/CommonIdentifiers.h: Ditto.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Initialize firstStringifierToMark to 0.
-        * runtime/JSGlobalData.h: Added firstStringifierToMark.
-
-        * runtime/JSONObject.cpp: Cut down the includes to the needed ones only.
-        (JSC::unwrapNumberOrString): Added. Helper for unwrapping number and string
-        objects to get their number and string values.
-        (JSC::ReplacerPropertyName::ReplacerPropertyName): Added. The class is used
-        to wrap an identifier or integer so we don't have to do any work unless we
-        actually call a replacer.
-        (JSC::ReplacerPropertyName::value): Added.
-        (JSC::gap): Added. Helper function for the Stringifier constructor.
-        (JSC::PropertyNameForFunctionCall::PropertyNameForFunctionCall): Added.
-        The class is used to wrap an identifier or integer so we don't have to
-        allocate a number or string until we actually call toJSON or a replacer.
-        (JSC::PropertyNameForFunctionCall::asJSValue): Added.
-        (JSC::Stringifier::Stringifier): Updated and moved out of the class
-        definition. Added code to hook this into a singly linked list for marking.
-        (JSC::Stringifier::~Stringifier): Remove from the singly linked list.
-        (JSC::Stringifier::mark): Mark all the objects in the holder stacks.
-        (JSC::Stringifier::stringify): Updated.
-        (JSC::Stringifier::appendQuotedString): Tweaked and streamlined a bit.
-        (JSC::Stringifier::toJSON): Renamed from toJSONValue.
-        (JSC::Stringifier::appendStringifiedValue): Renamed from stringify.
-        Added code to use the m_holderStack to do non-recursive stringify of
-        objects and arrays. This code also uses the timeout checker since in
-        pathological cases it could be slow even without calling into the
-        JavaScript virtual machine.
-        (JSC::Stringifier::willIndent): Added.
-        (JSC::Stringifier::indent): Added.
-        (JSC::Stringifier::unindent): Added.
-        (JSC::Stringifier::startNewLine): Added.
-        (JSC::Stringifier::Holder::Holder): Added.
-        (JSC::Stringifier::Holder::appendNextProperty): Added. This is the
-        function that handles the format of arrays and objects.
-        (JSC::JSONObject::getOwnPropertySlot): Moved this down to the bottom
-        of the file so the JSONObject class is not interleaved with the
-        Stringifier class.
-        (JSC::JSONObject::markStringifiers): Added. Calls mark.
-        (JSC::JSONProtoFuncStringify): Streamlined the code here. The code
-        to compute the gap string is now a separate function.
-
-        * runtime/JSONObject.h: Made everything private. Added markStringifiers.
-
-2009-06-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/6974140> REGRESSION(r43849): Crash in cti_op_call_NotJSFunction when getting directions on maps.google.com
-
-        Roll out r43849 as it appears that we cannot rely on the address of
-        an objects property storage being constant even if the structure is
-        unchanged.
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2009-06-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Mark Rowe.
-
-        Fully revert r44492 & r44748 while we fix a bug they cause on internal builds <rdar://problem/6955963>.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_throw):
-        * jit/JITStubs.cpp:
-        (JSC::):
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-
-2009-06-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/6947426> sunspider math-cordic.js exhibits different intermediate results running 32-bit vs. 64-bit
-
-        On 64-bit, NaN-encoded values must be detagged before they can be used in rshift.
-
-        No performance impact.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_rshift):
-
-2009-06-17  Adam Treat  <adam.treat@torchmobile.com>
-
-        Reviewed by George Staikos.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23155
-        Move WIN_CE -> WINCE as previously discussed with Qt WINCE folks.
-
-        * jsc.cpp:
-        (main):
-
-2009-06-17  George Staikos  <george.staikos@torchmobile.com>
-
-        Reviewed by Adam Treat.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23155
-        Move WIN_CE -> WINCE as previously discussed with Qt WINCE folks.
-
-        * config.h:
-        * jsc.cpp:
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-        * wtf/CurrentTime.cpp:
-        (WTF::lowResUTCTime):
-        * wtf/DateMath.cpp:
-        (WTF::getLocalTime):
-        * wtf/MathExtras.h:
-        * wtf/Platform.h:
-        * wtf/StringExtras.h:
-        * wtf/Threading.h:
-        * wtf/win/MainThreadWin.cpp:
-
-2009-06-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/6974175> ASSERT in JITStubs.cpp at appsaccess.apple.com
-
-        Remove PropertySlot::putValue - PropertySlots should only be used for getting,
-        not putting.  Rename JSGlobalObject::getOwnPropertySlot to hasOwnPropertyForWrite,
-        which is what it really was being used to ask, and remove some other getOwnPropertySlot
-        & getOwnPropertySlotForWrite methods, which were unused and likely to lead to confusion.
-
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::hasOwnPropertyForWrite):
-        * runtime/JSObject.h:
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/PropertySlot.h:
-
-2009-06-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver hunt.
-
-        Temporarily partially disable r44492, since this is causing some problems on internal builds.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_throw):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::DEFINE_STUB_FUNCTION):
-
-2009-06-16  Sam Weinig  <sam@webkit.org>
-
-        Fix windows build.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-
-2009-06-16  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Initialize m_bytecodeIndex to -1 in JIT, and correctly initialize
-        it for each type of stub using the return address to find the correct
-        offset.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compileCTIMachineTrampolines):
-        (JSC::JIT::compilePatchGetArrayLength):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::call):
-
-== Rolled over to ChangeLog-2009-06-16 ==

diff --git a/ChangeLog-2011-02-16 b/ChangeLog-2011-02-16
deleted file mode 100644 (file)
index 9f81b2b..0000000
--- a/ChangeLog-2011-02-16
+++ /dev/null
@@ -1,24628 +0,0 @@
-2011-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 54524 - Allow JSObject to fully utilize cell's capacity for inline storage.
-
-        Currently JSObject is both directly instantiated for regular JS objects, and
-        derived to implement subtypes. A consequence of this is that we need to ensure
-        that sufficient space from the cell is left unused and available for any data
-        members that will be introduced by subclasses of JSObject. By restructuring
-        the internal storage array out of JSObject we can increase the size in the
-        internal storage for regular objects.
-
-        Add classes JSFinalObject and JSNonFinalObject. JSNonFinalObject retains as
-        much additional capacity as is currently available to allow for data members
-        in subclasses. JSFinalObject utilizes all available space for internal storage,
-        and only allows construction through JSFinalObject::create().
-
-        The additional storage made available in the JSObject means that we need no
-        longer rely on a union of the internal storage with a pointer to storage that
-        is only valid for external storage. This means we can go back to always having
-        a valid pointer to property storage, regardless of whether this is internal or
-        external. This simplifies some cases of access to the array from C code, and
-        significantly simplifies JIT access, since repatching no longer needs to be
-        able to change between a load of the storage pointer / a LEA of the internal
-        storage.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        * assembler/ARMAssembler.h:
-        * assembler/ARMv7Assembler.h:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::repatchPointer):
-        * assembler/MIPSAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        * assembler/MacroAssemblerMIPS.h:
-        * assembler/MacroAssemblerX86.h:
-        * assembler/MacroAssemblerX86_64.h:
-        * assembler/RepatchBuffer.h:
-        * assembler/X86Assembler.h:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::emit_op_get_by_pname):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::emit_op_get_by_pname):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.h:
-        (JSC::Arguments::Arguments):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorInstance.h:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalObject.h:
-        (JSC::constructEmptyObject):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::JSNotAnObject):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::createInheritorID):
-        (JSC::JSObject::allocatePropertyStorage):
-        * runtime/JSObject.h:
-        (JSC::JSObject::propertyStorage):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSNonFinalObject::createStructure):
-        (JSC::JSFinalObject::create):
-        (JSC::JSFinalObject::createStructure):
-        (JSC::JSFinalObject::JSFinalObject):
-        (JSC::JSObject::offsetOfInlineStorage):
-        (JSC::constructEmptyObject):
-        (JSC::createEmptyObjectStructure):
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::~JSObject):
-        (JSC::Structure::isUsingInlineStorage):
-        * runtime/JSObjectWithGlobalObject.cpp:
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSObjectWithGlobalObject.h:
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        (JSC::TypeInfo::isVanilla):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructObject):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-        * runtime/StrictEvalActivation.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::growPropertyStorageCapacity):
-
-2011-02-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Incorrect handling of global writes in dynamic contexts
-        https://bugs.webkit.org/show_bug.cgi?id=49383
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-          Can't use the existing callframe to return an uncaught exception
-          as by definition that callframe has already been torn down.
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::ASTBuilder):
-        (JSC::ASTBuilder::varDeclarations):
-        (JSC::ASTBuilder::funcDeclarations):
-        (JSC::ASTBuilder::features):
-        (JSC::ASTBuilder::numConstants):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::addVar):
-        (JSC::ASTBuilder::incConstants):
-        (JSC::ASTBuilder::usesThis):
-        (JSC::ASTBuilder::usesCatch):
-        (JSC::ASTBuilder::usesClosures):
-        (JSC::ASTBuilder::usesArguments):
-        (JSC::ASTBuilder::usesAssignment):
-        (JSC::ASTBuilder::usesWith):
-        (JSC::ASTBuilder::usesEval):
-          Don't need a vector of scopes in the ASTBuilder
-        * runtime/Operations.h:
-        (JSC::resolveBase):
-          In strict mode the optimisation that we use to skip a lookup
-          on the global object is incorrect and lead to us always
-          disallowing global writes when we needed to do a dynamic slot
-          lookup.  Now the strict mode path actually checks for the
-          property.
-
-2011-02-15  Jon Honeycutt  <jhoneycutt@apple.com>
-
-        Windows build fix for
-        https://bugs.webkit.org/show_bug.cgi?id=54415
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Remove deleted files.
-
-2011-02-15  Oliver Hunt  <oliver@apple.com>
-
-        Fix EFL build for
-        https://bugs.webkit.org/show_bug.cgi?id=54415
-
-        * CMakeLists.txt:
-
-2011-02-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-
-        Refactor handles and weak pointers to become nicer and more automatic
-        https://bugs.webkit.org/show_bug.cgi?id=54415
-
-        Move to a true handle based mechanism for GC value protection.  This
-        also allows us to switch to a more sensible behaviour for weak pointers
-        in which weak pointers are automatically updated.
-
-        This allows us to remove the old (and convoluted) that required all
-        objects that may be held by a weak reference to be aware of the reference
-        and manually clear them in their destructors.
-
-        This also adds a few new data types to JSC that we use to efficiently
-        allocate and return the underlying handle storage.
-
-        This patch is largely renaming and removing now unnecessary destructors
-        from objects.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::create):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::contextData):
-        (OpaqueJSClass::prototype):
-        * API/JSClassRef.h:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * collector/handles/Global.h: Added.
-            New Global handle type used to keep gc objects live, even if they're not
-            marked.
-        (JSC::Global::Global):
-        (JSC::Global::~Global):
-        (JSC::Global::set):
-            We can only assign directly to a global from another global.
-            In all other cases we need the JSGlobalData to be provided
-            explicitly so we use a set function.
-        (JSC::Global::operator=):
-        (JSC::Global::clear):
-        (JSC::Global::isHashTableDeletedValue):
-        (JSC::Global::internalSet):
-        * collector/handles/Handle.h: Added.
-            Root "Handle" type used for immutable handles and to provide the basic
-            APIs needed for pointer-like behaviour.
-        (JSC::HandleBase::operator!):
-        (JSC::HandleBase::operator UnspecifiedBoolType*):
-        (JSC::HandleBase::isEmpty):
-        (JSC::HandleBase::HandleBase):
-        (JSC::HandleBase::slot):
-        (JSC::HandleBase::invalidate):
-        (JSC::HandleBase::setSlot):
-        (JSC::HandleTypes::getFromSlot):
-        (JSC::HandleTypes::toJSValue):
-        (JSC::HandleTypes::validateUpcast):
-        (JSC::HandleConverter::operator->):
-        (JSC::HandleConverter::operator*):
-        (JSC::Handle::Handle):
-        (JSC::Handle::get):
-        (JSC::Handle::wrapSlot):
-        (JSC::operator==):
-        (JSC::operator!=):
-        * collector/handles/HandleHeap.cpp: Added.
-            New heap for global handles.
-        (JSC::HandleHeap::HandleHeap):
-        (JSC::HandleHeap::grow):
-        (JSC::HandleHeap::markStrongHandles):
-        (JSC::HandleHeap::updateAfterMark):
-        (JSC::HandleHeap::clearWeakPointers):
-        (JSC::HandleHeap::writeBarrier):
-        * collector/handles/HandleHeap.h: Added.
-        (JSC::HandleHeap::heapFor):
-        (JSC::HandleHeap::toHandle):
-        (JSC::HandleHeap::toNode):
-        (JSC::HandleHeap::allocate):
-        (JSC::HandleHeap::deallocate):
-        (JSC::HandleHeap::makeWeak):
-            Convert a hard handle into weak handle that does not
-            protect the object it points to.
-        (JSC::HandleHeap::makeSelfDestroying):
-            Converts a handle to a weak handle that will be returned
-            to the free list when the referenced object dies.
-        (JSC::HandleHeap::Node::Node):
-        (JSC::HandleHeap::Node::slot):
-        (JSC::HandleHeap::Node::handleHeap):
-        (JSC::HandleHeap::Node::setFinalizer):
-        (JSC::HandleHeap::Node::makeWeak):
-        (JSC::HandleHeap::Node::isWeak):
-        (JSC::HandleHeap::Node::makeSelfDestroying):
-        (JSC::HandleHeap::Node::isSelfDestroying):
-        (JSC::HandleHeap::Node::finalizer):
-        (JSC::HandleHeap::Node::setPrev):
-        (JSC::HandleHeap::Node::prev):
-        (JSC::HandleHeap::Node::setNext):
-        (JSC::HandleHeap::Node::next):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        * interpreter/Interpreter.h:
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::globalObjectCollected):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        * runtime/GCHandle.cpp: Removed.
-        * runtime/GCHandle.h: Removed.
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::markRoots):
-        * runtime/Heap.h:
-        (JSC::Heap::allocateGlobalHandle):
-        (JSC::Heap::reportExtraMemoryCost):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::allocateGlobalHandle):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        (JSC::JSPropertyNameIterator::~JSPropertyNameIterator):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        (JSC::Structure::setEnumerationCache):
-        (JSC::Structure::clearEnumerationCache):
-        * runtime/Protect.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-        * runtime/Structure.h:
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtrBase::get):
-        (JSC::WeakGCPtrBase::clear):
-        (JSC::WeakGCPtrBase::operator!):
-        (JSC::WeakGCPtrBase::operator UnspecifiedBoolType*):
-        (JSC::WeakGCPtrBase::~WeakGCPtrBase):
-        (JSC::WeakGCPtrBase::WeakGCPtrBase):
-        (JSC::WeakGCPtrBase::internalSet):
-        (JSC::LazyWeakGCPtr::LazyWeakGCPtr):
-        (JSC::LazyWeakGCPtr::set):
-        (JSC::WeakGCPtr::WeakGCPtr):
-        (JSC::WeakGCPtr::operator=):
-        * runtime/WriteBarrier.h:
-        * wtf/BlockStack.h: Added.
-        (WTF::::BlockStack):
-        (WTF::::~BlockStack):
-        (WTF::::blocks):
-        (WTF::::grow):
-        (WTF::::shrink):
-        * wtf/SentinelLinkedList.h: Added.
-        (WTF::::SentinelLinkedList):
-        (WTF::::begin):
-        (WTF::::end):
-        (WTF::::push):
-        (WTF::::remove):
-        * wtf/SinglyLinkedList.h: Added.
-        (WTF::::SinglyLinkedList):
-        (WTF::::isEmpty):
-        (WTF::::push):
-        (WTF::::pop):
-
-2011-02-15  Pratik Solanki  <psolanki@apple.com>
-
-        Move WTF_USE_CFNETWORK to Platform.h
-        https://bugs.webkit.org/show_bug.cgi?id=54168
-
-        Reviewed by Darin Adler.
-
-        * wtf/Platform.h: Define WTF_USE_CFNETWORK for Windows builds.
-
-2011-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Moved MarkedBlock data members to the head of the block
-        https://bugs.webkit.org/show_bug.cgi?id=54482
-        
-        This allows for a variable-sized tail, to accommodate oversized blocks.
-
-        SunSpider reports no change.
-        
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedBlock::allocate):
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::destroy):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::sweep):
-        * runtime/MarkedBlock.h: Added missing element to the CELLS_PER_BLOCK
-        calculation. This kind of error is why we want to migrate to the system
-        described below.
-
-        (JSC::roundUpToMultipleOf):
-        (JSC::MarkedBlock::firstCell):
-        (JSC::MarkedBlock::cells):
-        (JSC::MarkedBlock::cellNumber): Use subtraction instead of masking to
-        calculate cell number. The mask is no longer correct because the first
-        cell is not at the head of the block.
-
-        (JSC::MarkedBlock::forEach): Replaced m_cells data member with a cells()
-        accessor. We want to use sizeof(MarkedBlock) to calculate the size of the
-        block header, so we can't have an explicit data member to represent the block tail.
-        
-        Also replaced iteration from zero with iteration from startCell(), since
-        the first N cells are now occupied by the header.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::reset): Replaced iteration from zero as above.
-
-2011-02-15  Chris Rogers  <crogers@google.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fix Mutex::tryLock() on Windows to work properly with PlatformCondition::timedWait()
-        https://bugs.webkit.org/show_bug.cgi?id=54408
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::PlatformCondition::timedWait):
-
-2011-02-15  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Remove some dead code in ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=54461
-
-        * assembler/ARMv7Assembler.h: remove dead code.
-
-2011-02-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by Gavin Barraclough.
-
-        Some MarkedBlock refactoring.
-        
-        Made cells private.
-        
-        Renamed cells => m_cells
-                marked => m_marks.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedBlock::allocate):
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::destroy):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::sweep):
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::isEmpty):
-        (JSC::MarkedBlock::clearMarks):
-        (JSC::MarkedBlock::markCount):
-        (JSC::MarkedBlock::isMarked):
-        (JSC::MarkedBlock::testAndSetMarked):
-        (JSC::MarkedBlock::setMarked):
-        (JSC::MarkedBlock::forEach):
-
-2011-02-14  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add basic parser for Content Security Policy
-        https://bugs.webkit.org/show_bug.cgi?id=54379
-
-        Add a constructor for copying a Vector into a String.  I suspect there
-        are a number of call sites that are doing this manually that would
-        benefit from being moved to this API.
-
-        * wtf/text/WTFString.h:
-        (WTF::String::String):
-
-2011-02-14  Pavel Podivilov  <podivilov@chromium.org>
-
-        Reviewed by Yury Semikhatsky.
-
-        Web Inspector: use call frame column to determine execution line in source frame.
-        https://bugs.webkit.org/show_bug.cgi?id=54001
-
-        * wtf/text/TextPosition.h:
-        (WTF::ZeroBasedNumber::convertAsOneBasedInt):
-
-2011-02-13  Jeremy Moskovich  <jeremy@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Add a compile-time option to completely disable WebArchive support.
-        https://bugs.webkit.org/show_bug.cgi?id=52712
-
-        Add an ENABLE(WEB_ARCHIVE) compile-time setting and use it for all WebArchive code.
-        Ports Affected:
-            WebArchive support is currently enabled for all ports that define PLATFORM(CF) apart from Qt.
-            This patch preserves this behavior except that it also disables support in the Chromium port.
-
-        * wtf/Platform.h: Add ENABLE_WEB_ARCHIVE definition and turn it off explicitly for Qt & Chromium ports.
-
-2011-02-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Bug 53760 - JSC fails to build with TOT Clang
-        https://bugs.webkit.org/show_bug.cgi?id=53760
-
-        Fix -Woverloaded-virtual warnings. This is also a 6% speedup on the v8 raytrace
-        benchmark; it is nothing-to-noise on everything else.
-
-        * API/JSCallbackObject.h: Remove pointlessly overloaded method.
-        * API/JSCallbackObjectFunctions.h: Ditto.
-        * runtime/Arguments.cpp: 
-        (JSC::Arguments::put): Change signature to match the base class. This implementation
-        was no longer being called by anyone. This wasn't noticed because it is merely an
-        optimization of the base class' implementation.
-        * runtime/Arguments.h: Ditto.
-
-2011-02-12  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Use /dev/urandom as the OSRandomSource on OS(DARWIN)
-        https://bugs.webkit.org/show_bug.cgi?id=54279
-
-        I'm not sure it makes much of a difference whether we use arc4random or
-        /dev/urandom on Mac.  However, there's some aesthetic benefit to using
-        the same underlying API on as many platforms as reasonable.
-
-        * config.h:
-        * wtf/OSRandomSource.cpp:
-        (WTF::cryptographicallyRandomValuesFromOS):
-
-2011-02-12  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Kenneth Russell.
-
-        Enable ArrayBuffers by default
-        https://bugs.webkit.org/show_bug.cgi?id=54310
-
-        Export the required functions.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-11  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove explicit disable ENABLE_ASSEMBLER_WX_EXCLUSIVE on non-iOS ports
-        https://bugs.webkit.org/show_bug.cgi?id=54107
-        
-        It is unnecessary to explicitly disable ENABLE_ASSEMBLER_WX_EXCLUSIVE
-        by the definition of ENABLE().
-
-        * wtf/Platform.h:
-
-2011-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Randomly touch some build files in the hopes of fixing the Qt build.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-
-2011-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Garbage collection timer cycles forever, even when nothing is happening
-        https://bugs.webkit.org/show_bug.cgi?id=54320
-        
-        (Rolling back in r78386 with the build fixed.)
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallbackPlatformData::trigger): Be sure to make
-        our timer inert after forcing a GC, to avoid GC'ing repeatedly.
-
-2011-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-        
-        Used svn merge -r78386:78385 to roll out r78386 because it broke the build.
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallbackPlatformData::trigger):
-
-2011-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Garbage collection timer cycles forever, even when nothing is happening
-        https://bugs.webkit.org/show_bug.cgi?id=54320
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallbackPlatformData::trigger): Be sure to make
-        our timer inert after forcing a GC, to avoid GC'ing repeatedly.
-
-2011-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build: added an exported symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A little more encapsulation for the heap: Removed CollectorHeapIterator
-        https://bugs.webkit.org/show_bug.cgi?id=54298
-        
-        CollectorHeapIterator is a God object that knows the internals of each
-        of the pieces of the heap. This undermines the encapsulation I'm trying
-        to achieve by splitting concepts into different classes.
-        
-        As an alternative, I've given each class a forEach iteration function,
-        which takes a functor as an argument. Now, each class just needs to
-        know how to iterate the things it knows about.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed CollectorHeapIterator.
-
-        * debugger/Debugger.cpp:
-        (JSC::Recompiler::Recompiler):
-        (JSC::Recompiler::~Recompiler):
-        (JSC::Recompiler::operator()):
-        (JSC::Debugger::recompileAllJSFunctions): Updated to use forEach interface
-        instead of an iterator.
-
-        * runtime/CollectorHeapIterator.h: Removed.
-
-        * runtime/Heap.cpp:
-        (JSC::TypeCounter::TypeCounter):
-        (JSC::TypeCounter::typeName):
-        (JSC::TypeCounter::operator()):
-        (JSC::TypeCounter::take):
-        (JSC::Heap::protectedObjectTypeCounts):
-        (JSC::Heap::objectTypeCounts): Added forEach and removed iterator.
-
-        * runtime/Heap.h:
-        (JSC::Heap::forEach):
-        * runtime/JSGlobalData.cpp:
-        (JSC::Recompiler::operator()):
-        (JSC::JSGlobalData::recompileAllJSFunctions):
-
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::forEach): Added forEach. Removed friend declaration
-        for CollectorHeapIterator. Now, we can make all our data private and
-        change it without breaking any other classes.
-
-        * runtime/MarkedSpace.cpp:
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::forEach): Added forEach and removed iterator.
-
-2011-02-11  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        CryptographicRandomNumber has its threading ifdefs backwards
-        https://bugs.webkit.org/show_bug.cgi?id=54280
-
-        Turns out we want the mutex when thread is enabled.  :)
-
-        * wtf/CryptographicallyRandomNumber.cpp:
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
-
-2011-02-10  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        WebKit should have a cryptographic RNG
-        https://bugs.webkit.org/show_bug.cgi?id=22049
-
-        Teach JavaScriptCore how to export this function.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-02-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A little more encapsulation for MarkedBlock: Made all constants private
-        so clients don't know whether allocations are fixed-sized or not
-        https://bugs.webkit.org/show_bug.cgi?id=54270
-        
-        SunSpider reports no change.
-
-        * runtime/CollectorHeapIterator.h:
-        (JSC::CollectorHeapIterator::advance): Updated for removal of HeapConstants.
-
-        * runtime/Error.cpp: Switched to using ASSERT_CLASS_FITS_IN_CELL, like
-        all other classes.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::allocate): Updated for removal of HeapConstants.
-        (JSC::Heap::reset): Updated to use size(), instead of calculating size
-        on our own.
-
-        * runtime/Heap.h: Moved the ASSERT here to MarkedBlock, since it enforces
-        on special knowledge of fixed-sizery, which only MarkedBlock is supposed
-        to know about.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedBlock::allocate): Updated for removal of HeapConstants.
-        Also changed to reset nextCell to 0 at the end of a block, since that
-        seems more consistent.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs): Changed to use a fixed array of char.
-        This hard-coded size is a little wonky, but the compiler will tell us
-        if it's ever wrong, so I think it's OK.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::destroy):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::sweep): Updated for removal of HeapConstants.
-
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::isEmpty):
-        (JSC::MarkedBlock::clearMarks):
-        (JSC::MarkedBlock::size):
-        (JSC::MarkedBlock::capacity): Made constants private to this class.
-        Removed HeapConstants. Added size() and capacity() functions.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::objectCount):
-        (JSC::MarkedSpace::size):
-        (JSC::MarkedSpace::capacity):
-        * runtime/MarkedSpace.h: Use MarkedBlock helper functions instead of
-        direct knowledge of MarkedBlock internals.
-
-2011-02-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A little more encapsulation for MarkedBlock: Made mark bits private
-        https://bugs.webkit.org/show_bug.cgi?id=54264
-        
-        SunSpider reports no change.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots):
-        (JSC::Heap::reset): Renamed clearMarkBits => clearMarks, since clients
-        don't need to know that marks are represented as bits. Renamed
-        markedCells => markCount, since clients don't need to know that blocks
-        are split into cells.
-
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::isEmpty):
-        (JSC::MarkedBlock::clearMarks):
-        (JSC::MarkedBlock::markCount): New helper functions for encapsulating
-        the information clients actually need.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::destroy):
-        (JSC::MarkedSpace::shrink):
-        (JSC::MarkedSpace::clearMarks):
-        (JSC::MarkedSpace::markCount):
-        (JSC::MarkedSpace::objectCount):
-        * runtime/MarkedSpace.h: Use new helper functions instead of accessing
-        MarkedBlock data directly.
-
-2011-02-10  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Cached JavaScript Parser Data Being Left in Memory Cache
-        https://bugs.webkit.org/show_bug.cgi?id=54245
-
-        Added clear method which removes SourceProviderCache items.
-        Cleaned up extraneous whitespace.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * parser/SourceProviderCache.cpp:
-        (JSC::SourceProviderCache::~SourceProviderCache):
-        (JSC::SourceProviderCache::clear):
-        (JSC::SourceProviderCache::byteSize):
-        (JSC::SourceProviderCache::add):
-        * parser/SourceProviderCache.h:
-
-2011-02-10  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Follow-up fix to r78291. I should pass (int) 0, not '0' to memset. 
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallback::commonConstructor): fix mistaken post-review change.
-
-2011-02-10  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Make DefaultGCActivityCallback for PLATFORM(CF) Easier to Subclass
-        https://bugs.webkit.org/show_bug.cgi?id=54257
-
-        A subclass may want to specify the CFRunLoop that the Garbage Collection
-        will happen on. It was difficult to manipulate this in a subclass because
-        the current DefaultGCActivityCallback class does this in its constructor.
-        This patch generalizes things a bit more so that a specific run loop can
-        be passed in to the constructor. This makes it so all run loop management
-        can stay in DefaultGCActivityCallback and a subclass can specify any runloop.
-
-        * runtime/GCActivityCallback.h: expose a PLATFORM(CF) constructor that can
-        specify the runloop GC can be scheduled on.
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): two constructors,
-        one that specifies the run loop and passes that on to commonConstructor and
-        the old constructor defaults to the current run loop.
-        (JSC::DefaultGCActivityCallback::commonConstructor): do normal construction,
-        adding the timer to the given runloop.
-
-2011-02-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A little more encapsulation for MarkedBlock: Moved allocate() and sweep() into MarkedBlock
-        https://bugs.webkit.org/show_bug.cgi?id=54253
-        
-        SunSpider reports no change.
-
-        * runtime/CollectorHeapIterator.h: Removed DeadObjectIterator, since it
-        is now unused.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reset): Moved the call to shrink() here, since it seems a
-        little more clear for MarkedSpace's client to tell it explicitly when to
-        shrink.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedBlock::allocate): Split out from MarkedSpace::allocate.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep): Split out from MarkedSpace::sweep, and
-        converted to more directly iterate a MarkedBlock based on knowing its
-        internal structure.
-
-        * runtime/MarkedBlock.h:
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::sweep):
-        * runtime/MarkedSpace.h: Split out the code mentioned above.
-
-2011-02-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Fix compilation error on OpenBSD
-        https://bugs.webkit.org/show_bug.cgi?id=53766
-
-        Add a HAVE_STRNSTR in Platform.h and define it only on Darwin and FreeBSD.
-
-        * wtf/Platform.h:
-        * wtf/StringExtras.h: Use HAVE(STRNSTR) now.
-
-2011-02-10  Adam Roben  <aroben@apple.com>
-
-        Print locations of assertions and logs in a way that Visual Studio understands
-
-        With this change, double-clicking one of these locations in Visual Studio's Output Window
-        will focus that line of code in the editor.
-
-        Fixes <http://webkit.org/b/54208> Double-clicking locations of assertions/logs in Visual
-        Studio's Output Window does nothing
-
-        Reviewed by Alexey Proskuryakov.
-
-        * wtf/Assertions.cpp:
-        (printCallSite): Use OS(WINDOWS) instead of the meaningless OS(WIN). When we aren't using
-        the debug CRT (and thus can't call _CrtDbgReport), print the file and line number using the
-        same format that cl.exe uses when it prints compiler errors.
-
-2011-02-10  Dan Bernstein  <mitz@apple.com>
-
-        LLVM Compiler build fix.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-
-2011-02-10  Peter Varga  <pvarga@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Remove PCRE source from trunk
-        https://bugs.webkit.org/show_bug.cgi?id=54188
-
-        * Android.mk:
-        * Android.v8.wtf.mk:
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pro:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.order:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * pcre/AUTHORS: Removed.
-        * pcre/COPYING: Removed.
-        * pcre/dftables: Removed.
-        * pcre/pcre.h: Removed.
-        * pcre/pcre.pri: Removed.
-        * pcre/pcre_compile.cpp: Removed.
-        * pcre/pcre_exec.cpp: Removed.
-        * pcre/pcre_internal.h: Removed.
-        * pcre/pcre_tables.cpp: Removed.
-        * pcre/pcre_ucp_searchfuncs.cpp: Removed.
-        * pcre/pcre_xclass.cpp: Removed.
-        * pcre/ucpinternal.h: Removed.
-        * pcre/ucptable.cpp: Removed.
-        * wscript:
-
-2011-02-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Add randomValuesFromOS for OS(WINDOWS)
-        https://bugs.webkit.org/show_bug.cgi?id=54155
-
-        Use CryptGenRandom for generating cryptographically secure random numbers.
-        This will work on WinCE and MinGW too.
-
-        * config.h:
-        * wtf/OSRandomSource.cpp:
-        (WTF::randomValuesFromOS):
-
-2011-02-10  Jarred Nicholls  <jarred@sencha.com>
-
-        Reviewed by Adam Barth.
-
-        REGRESSION(r78149): Return value of read() shouldn't be ignored.
-        https://bugs.webkit.org/show_bug.cgi?id=54167
-        
-        stdio read should have its return value handled. Build error in gcc 4.4.5.
-
-        * wtf/OSRandomSource.cpp:
-        (WTF::randomValuesFromOS):
-
-2011-02-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Rename randomValuesFromOS to cryptographicallyRandomValuesFromOS
-        https://bugs.webkit.org/show_bug.cgi?id=54156
-
-        randomValuesFromOS generates random numbers of cryptographic quality.
-        Make this clear by adding "cryptographically" to the function name.
-
-        * wtf/CryptographicallyRandomNumber.cpp:
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::stir):
-        * wtf/OSRandomSource.cpp:
-        (WTF::cryptographicallyRandomValuesFromOS):
-        * wtf/OSRandomSource.h:
-
-2011-02-09  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/8805364> Malloc zone enumeration code should be safe in the face of errors from the memory reader.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::PageHeapAllocator::recordAdministrativeRegions): Use the new helper function to walk the linked list safely.
-        (WTF::TCMalloc_ThreadCache_FreeList::enumerateFreeObjects): Ditto.
-        (WTF::TCMalloc_Central_FreeList::enumerateFreeObjects): Ditto.
-        (WTF::TCMallocStats::PageMapFreeObjectFinder::visit): Bail out if the span could not be read.
-        (WTF::TCMallocStats::PageMapMemoryUsageRecorder::visit): Ditto.
-        * wtf/MallocZoneSupport.h:
-        (WTF::RemoteMemoryReader::operator()): Remove an assert that is not valid.
-        (WTF::RemoteMemoryReader::nextEntryInLinkedList): Add a helper function for retrieving the next entry in
-        a linked list. It maps a failed read of the remote memory in to a null pointer, which all callers can
-        handle gracefully.
-
-2011-02-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 54164 - Optimize global_var accesses on JSVALUE64
-
-        Directly embed the pointer to d->registers, optimize out the load
-        from the variable object, as we do already in JSVALUE32_64.
-
-        This is a ~1.5% win on sunspidey.
-
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-
-2011-02-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A little more encapsulation for MarkedBlock: Made MarkedBlock responsible
-        for its own initialization and destruction
-        https://bugs.webkit.org/show_bug.cgi?id=54137
-
-        * runtime/CollectorHeapIterator.h: Removed ObjectIterator since it is
-        now unused.
-
-        * runtime/JSCell.h: Maded MarkedBlock a friend so it can construct and
-        destruct JSCells.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::destroy):
-        (JSC::MarkedBlock::MarkedBlock): Migrated initialization and destruction
-        code from MarkedSpace, updating it not to use ObjectIterator. We don't
-        want to use an abstract iterator since iteration will be unique to each
-        block in the future.
-
-        * runtime/MarkedBlock.h: Made the consructor private and moved it into
-        the .cpp file because it's big now.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::freeBlock): Migrated code.
-
-        * runtime/MarkedSpace.h:
-        (JSC::CollectorHeap::collectorBlock): Keep a vector of MarkedBlock
-        pointers instead of aligned allocations -- how MarkedBlocks are allocated
-        is now an implementation detail of MarkedBlock.
-
-2011-02-09  Adam Barth  <abarth@webkit.org>
-
-        Another attempt to fix the Qt Windows build.
-
-        * config.h:
-        * wtf/OSRandomSource.cpp:
-        (WTF::randomValuesFromOS):
-
-2011-02-09  Adam Barth  <abarth@webkit.org>
-
-        Attempt to fix the Qt Windows build.
-
-        * wtf/OSRandomSource.cpp:
-        (WTF::randomValuesFromOS):
-
-2011-02-09  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add WTF::cryptographicallyRandomNumber
-        https://bugs.webkit.org/show_bug.cgi?id=54083
-
-        Introduce a cryptographically strong random number generator to WTF.
-        The random number generator is based on arc4random as found in:
-
-        http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/arc4random.c?rev=1.22
-
-        I've changed to source to WebKit style and abstracted the operating
-        system interaction to OSRandomSource.  We'll use this functionality to
-        expose a cryptographically strong random number generator to
-        JavaScript.
-
-        * Android.mk:
-        * Android.v8.wtf.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * config.h:
-        * wtf/CMakeLists.txt:
-        * wtf/CryptographicallyRandomNumber.cpp: Added.
-        (WTF::initMutexIfNeeded):
-        (WTF::init):
-        (WTF::addRandomData):
-        (WTF::stir):
-        (WTF::stirIfNeeded):
-        (WTF::getByte):
-        (WTF::getWord):
-        (WTF::cryptographicallyRandomNumber):
-        (WTF::cryptographicallyRandomValues):
-        * wtf/CryptographicallyRandomNumber.h: Added.
-        * wtf/OSRandomSource.cpp: Added.
-        (WTF::randomValuesFromOS):
-        * wtf/OSRandomSource.h: Added.
-        * wtf/wtf.pri:
-
-2011-02-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the build.
-
-        * wtf/Bitmap.h: Include string.h for memset. Not sure why this started
-        failing now.
-
-2011-02-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A tiny bit of encapsulation for MarkedBlock: made its heap data member private
-        https://bugs.webkit.org/show_bug.cgi?id=54129
-
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::isCellAligned):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::heap): Made the heap data member private, and provided
-        a constructor and an accessor.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocateBlock):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::heap): Use the constructor and accessor.
-
-2011-02-09  Peter Varga  <pvarga@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Replace PCRE with Yarr in WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=53496
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * create_regex_tables:
-        * runtime/RegExp.cpp:
-        * wtf/Platform.h:
-        * yarr/Yarr.h:
-        * yarr/YarrJIT.cpp:
-        * yarr/YarrJIT.h:
-        * yarr/YarrParser.h:
-        * yarr/YarrPattern.h:
-        * yarr/YarrSyntaxChecker.h:
-        * yarr/yarr.pri: Added.
-
-2011-02-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Removed some dead code from Heap
-        https://bugs.webkit.org/show_bug.cgi?id=54064
-
-        * runtime/MarkedSpace.cpp: Removed some now-unused constants and
-        declarations.
-
-        (JSC::MarkedSpace::allocate): Removed some ASSERTs that are also ASSERTed
-        by our caller. Removed redundant typedefs.
-
-2011-02-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Use a vector to track blocks in the Heap, instead of hand-rolled vector-like code
-        https://bugs.webkit.org/show_bug.cgi?id=54062
-        
-        SunSpider reports no change.
-
-        * runtime/CollectorHeapIterator.h:
-        (JSC::CollectorHeapIterator::isValid):
-        (JSC::CollectorHeapIterator::isLive): Updated for new mark invariant: To
-        know if an object is live, you just need to test its mark bit.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace): Moved waterMark and highWaterMark from
-        CollectorHeap into MarkedSpace, since they're global state. Removed call
-        to memset since CollectorHeap is a true class with its own constructor now.
-
-        (JSC::MarkedSpace::destroy): Change uses of m_heap.usedBlocks to
-        m_heap.blocks.size(), and m_heap.numBlocks to m_heap.blocks.capacity().
-
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::freeBlock): No need to manage our vector manually anymore.
-
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::shrink):
-        (JSC::MarkedSpace::clearMarkBits):
-        (JSC::MarkedSpace::markedCells):
-        (JSC::MarkedSpace::sweep):
-        (JSC::MarkedSpace::objectCount):
-        (JSC::MarkedSpace::capacity):
-        (JSC::MarkedSpace::reset):
-        (JSC::MarkedSpace::primaryHeapEnd):
-        * runtime/MarkedSpace.h:
-        (JSC::CollectorHeap::CollectorHeap):
-        (JSC::MarkedSpace::highWaterMark):
-        (JSC::MarkedSpace::setHighWaterMark):
-        (JSC::MarkedSpace::contains): Same as above.
-
-2011-02-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Give each MarkedBlock enough mark bits to cover the whole block
-        https://bugs.webkit.org/show_bug.cgi?id=54029
-        
-        SunSpider reports no change.
-
-        This simplifies access to mark bits, since any cell-aligned pointer
-        into a block now has a valid mark bit to test.
-        
-        * runtime/MarkedBlock.h: Changed CELLS_PER_BLOCK to account for the extra
-        mark bits. This happens not to change its actual value.
-        (JSC::MarkedBlock::cellNumber):
-        (JSC::MarkedBlock::isMarked):
-        (JSC::MarkedBlock::testAndSetMarked):
-        (JSC::MarkedBlock::setMarked): Changed const JSCell* to const void* to
-        remove a cast from our caller, and to more accurately reflect the fact
-        that MarkedBlock is agnostic about the types pointed to by the pointers
-        you pass to it.
-
-        (JSC::MarkedBlock::isPossibleCell): Removed a null check. We now consider
-        the null pointer to be a possible cell with a 0 (impossible) block. This
-        removes a null check from marking.
-
-        * runtime/MarkedSpace.cpp:
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::contains): Simplified the contains check, and inlined
-        the whole thing, now that it's so simple.
-
-2011-02-08  Daniel Bates  <dbates@rim.com>
-
-        Rubber-stamped by Martin Robinson.
-
-        Rename enum ProtectionSeting [sic] to ProtectionSetting.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::reprotectRegion):
-        * jit/ExecutableAllocator.h:
-
-2011-02-08  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Should not always define USE_SYSTEM_MALLOC
-        https://bugs.webkit.org/show_bug.cgi?id=54007
-
-        * wtf/Platform.h:
-
-2011-02-08  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        LLVM Compiler build fix.
-
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrier::WriteBarrier):
-
-2011-02-07  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        JSVariableObject::setRegisters should take PassOwnArrayPtr for registersArray.
-        https://bugs.webkit.org/show_bug.cgi?id=53902
-
-        * runtime/Arguments.h:
-        (JSC::JSActivation::copyRegisters): Uses OwnArrayPtr<Register> instead of Register*.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::copyGlobalsFrom): Ditto.
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::setRegisters): Takes PassOwnArrayPtr<Register> instead of Register*
-        for registerArray.
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::copyRegisterArray): Returns PassOwnArrayPtr<Register> instead of Register*.
-        (JSC::JSVariableObject::setRegisters): Takes PassOwnArrayPtr<Register> instead of Register*
-        for registerArray.
-
-2011-02-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Removed some dead code from Heap
-        https://bugs.webkit.org/show_bug.cgi?id=53969
-        
-        SunSpider reports no change.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::shrink):
-        (JSC::MarkedSpace::sweep):
-        * runtime/MarkedSpace.h: Removed resizeBlocks and growBlocks, and
-        renamed shrinkBlocks to shrink, making it unconditionally shrink as
-        much as possible.
-
-2011-02-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Simplified the marked space's mark invariant
-        https://bugs.webkit.org/show_bug.cgi?id=53968
-        
-        SunSpider reports no change.
-        
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocate): Mark objects when allocating them. This
-        means that, at all times other than the mark phase, an object is live
-        if and only if it is marked.
-
-        (JSC::MarkedSpace::containsSlowCase): Use the new mark invariant to
-        simplify testing whether an object is live.
-
-2011-02-07  Beth Dakin  <bdakin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=53950
-        USE_WK_SCROLLBAR_PAINTER in ScrollbarThemeMac should be in
-        Platform.h instead
-
-        * wtf/Platform.h:
-
-2011-02-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Antti Koivisto.
-
-        Add built-in decoder for UTF-8 for improved performance
-        https://bugs.webkit.org/show_bug.cgi?id=53898
-
-        * wtf/unicode/UnicodeMacrosFromICU.h: Added U8_MAX_LENGTH and
-        U8_APPEND_UNSAFE. Also fixed header.
-
-2011-02-07  Adam Roben  <aroben@apple.com>
-
-        Delete precompiled headers whenever any .vsprops file changes
-
-        Precompiled headers need to be rebuilt if, e.g., an ENABLE_* macro is changed in one of our
-        .vsprops files. Unfortunately, Visual Studio isn't smart enough to figure this out, so we
-        give it some assistance by deleting the precompiled headers whenever any .vsprops file
-        changes.
-
-        I also made some drive-by fixes while I was in the area.
-
-        Fixes <http://webkit.org/b/53826> react-to-vsprops-changes.py doesn't force precompiled
-        headers to be rebuilt, but should
-
-        Reviewed by David Kilzer.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Stop ignoring the
-        return code from react-to-vsprops-changes.py so we will notice when errors are introduced.
-        But skip the script entirely in production builds, where it is both unnecessary and can't
-        function correctly (due to not having the entire source tree available to it).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-        (main): Removed an extra '*' in the glob for finding manifest files. The extra '*' was
-        leftover from before we rearranged WebKitBuild in r75138. Moved code to delete an old file
-        to the new delete_if_older_than function. Added code to delete any precompiled headers older
-        than the newest .vsprops file.
-        (delete_if_older_than): Added. Code came from main.
-
-2011-02-07  Antti Koivisto  <antti@apple.com>
-
-        Not reviewed.
-        
-        ASSERTS_DISABLED -> ASSERT_DISABLED
-
-        * wtf/BloomFilter.h:
-
-2011-02-06  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Unreviewed; speculative Qt build fix.
-
-        * JavaScriptCore.pro:
-
-2011-02-06  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        OwnArraryPtr.h uses deleteOwnedPtr but doesn’t include OwnPtrCommon.h
-        https://bugs.webkit.org/show_bug.cgi?id=52867
-
-        Removed LOOSE_OWN_ARRAY_PTR and OwnArrayPtr<T>::set. Replaced all calls to OwnArrayPtr::set
-        and loose instantiation of OwnArrayPtr by calls to operator= and adoptArrayPtr. Also removed
-        OwnArrayPtrCommon.h since PassOwnArrayPtr.h needs to include OwnArrayPtr.h and there is
-        no point in putting deleteOwnedArrayPtr into a separate header.
-        
-        Note: if this patch breaks build, the code is either instiantiating OwnArrayPtr
-        without calling adoptArrayPtr or calling set on ArrayOwnPtr instead of operator=.
-
-        No tests are added since this is a refactoring.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString): Calls adoptArrayPtr.
-        * GNUmakefile.am: Removed OwnArrayPtrCommon.h
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::deleteProperty): Calls adoptArrayPtr.
-        * runtime/Arguments.h:
-        (JSC::Arguments::copyRegisters): Ditto.
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator): Ditto.
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::setRegisters): Calls operator= instead of set.
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain): Ditto.
-        * wtf/CMakeLists.txt:
-        * wtf/DateMath.h:
-        (JSC::GregorianDateTime::GregorianDateTime): No longer instnatiates OwnArrayPtr
-        with a null pointer.
-        * wtf/OwnArrayPtr.h:
-        * wtf/OwnArrayPtrCommon.h: Removed.
-        * wtf/PassOwnArrayPtr.h: No longer includes OwnArrayCommon.h
-        (WTF::deleteOwnedArrayPtr): Moved from OwnArrayPtrCommon.h
-
-2011-02-06  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Use bloom filter for descendant selector filtering
-        https://bugs.webkit.org/show_bug.cgi?id=53880
-        
-        Implement a bloom filter with k=2 and 8 bit counting.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/BloomFilter.h: Added.
-        (WTF::BloomFilter::maximumCount):
-        (WTF::BloomFilter::BloomFilter):
-        (WTF::BloomFilter::mayContain):
-        (WTF::BloomFilter::add):
-        (WTF::BloomFilter::remove):
-        (WTF::BloomFilter::firstSlot):
-        (WTF::BloomFilter::secondSlot):
-        (WTF::::add):
-        (WTF::::remove):
-        (WTF::::clear):
-        (WTF::::likelyEmpty):
-        (WTF::::isClear):
-
-2011-02-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Rolled back in r77612 with ASSERT/crash fixed.
-        https://bugs.webkit.org/show_bug.cgi?id=53759
-        
-        Don't shrink the heap to 0 unconditionally. Instead, shrink to 1 if
-        necessary. For now, the heap assumes that it always has at least one
-        block live.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::reset):
-        * runtime/Heap.h:
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::shrinkBlocks):
-        (JSC::MarkedSpace::sweep):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::highWaterMark):
-        (JSC::MarkedSpace::setHighWaterMark):
-
-2011-02-04  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX: REALLY remove the last vestiges of JSVALUE32!
-
-        <rdar://problem/8957409> Remove last vestiges of JSVALUE32
-        <http://webkit.org/b/53779>
-
-        * DerivedSources.make: Removed dependency on
-        JavaScriptCore.JSVALUE32.exp.
-
-2011-02-04  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8957409> Remove last vestiges of JSVALUE32
-        <http://webkit.org/b/53779>
-
-        Reviewed by Darin Adler.
-
-        Support for JSVALUE32 was originaly removed in r70111.
-
-        * Configurations/JavaScriptCore.xcconfig: Changed armv6 to use
-        JavaScriptCore.JSVALUE32_64.exp and ppc64 to use
-        JavaScriptCore.JSVALUE64.exp to match Platform.h.
-        * DerivedSources.make: Removed rule for
-        JavaScriptCore.JSVALUE32.exp.
-        * JavaScriptCore.JSVALUE32only.exp: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed references
-        to JavaScriptCore.JSVALUE32only.exp.
-
-2011-02-04  David Kilzer  <ddkilzer@apple.com>
-
-        Use static_cast and other style cleanup in YarrInterpreter.cpp
-        <http://webkit.org/b/53772>
-
-        Reviewed by John Sullivan.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::InputStream::readChecked): Use
-        static_cast.
-        (JSC::Yarr::Interpreter::InputStream::checkInput): Remove
-        unnecessary else block.
-        (JSC::Yarr::Interpreter::matchAssertionEOL): Ditto.
-        (JSC::Yarr::Interpreter::backtrackBackReference): Ditto.
-        (JSC::Yarr::ByteCompiler::emitDisjunction): Use static_cast.
-
-2011-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r77625 and r77626.
-        http://trac.webkit.org/changeset/77625
-        http://trac.webkit.org/changeset/77626
-        https://bugs.webkit.org/show_bug.cgi?id=53765
-
-        It broke Windows builds (Requested by Ossy_ on #webkit).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * create_regex_tables:
-        * runtime/RegExp.cpp:
-        * wtf/Platform.h:
-        * yarr/Yarr.h:
-        * yarr/YarrJIT.cpp:
-        * yarr/YarrJIT.h:
-        * yarr/YarrParser.h:
-        * yarr/YarrPattern.h:
-        * yarr/YarrSyntaxChecker.h:
-        * yarr/yarr.pri: Removed.
-
-2011-02-04  Jessie Berlin  <jberlin@apple.com>
-
-        Windows build fix. Unreviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2011-02-04  Peter Varga  <pvarga@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Replace PCRE with Yarr in WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=53496
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * create_regex_tables:
-        * runtime/RegExp.cpp:
-        * wtf/Platform.h:
-        * yarr/Yarr.h:
-        * yarr/YarrJIT.cpp:
-        * yarr/YarrJIT.h:
-        * yarr/YarrParser.h:
-        * yarr/YarrPattern.h:
-        * yarr/YarrSyntaxChecker.h:
-        * yarr/yarr.pri: Added.
-
-2011-02-04  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed rollout two patches r77614 and r77612.
-
-        REGRESSION: Snow Leopard Intel Release anumber of failing tests.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::reset):
-        * runtime/Heap.h:
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::sweep):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-
-2011-02-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix 32bit build.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reset): Use an explicit cast to avoid shortening warnings,
-        since 1.5 is double (64bit), and the result is size_t (32bit).
-
-2011-02-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Changed MarkedSpace to delegate grow/shrink decisions to Heap
-        https://bugs.webkit.org/show_bug.cgi?id=53759
-        
-        SunSpider reports no change.
-        
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::reset):
-        * runtime/Heap.h: Reorganized a few data members for better cache locality.
-        Added a grow policy.
-        
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::sweep):
-        (JSC::MarkedSpace::reset): Don't shrink automatically. Instead, wait for
-        the heap to make an explicit sweep call.
-
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::highWaterMark):
-        (JSC::MarkedSpace::setHighWaterMark): Use a watermark to determine how
-        many bytes to allocate before failing and giving the heap an opportunity
-        to collect garbage. This also means that we allocate blocks on demand,
-        instead of ahead of time.
-
-2011-02-03  James Kozianski  <koz@chromium.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add navigator.registerProtocolHandler behind a flag.
-        https://bugs.webkit.org/show_bug.cgi?id=52609
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-02-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Not all blocks are freed when the heap is freed (counting is hard!)
-        https://bugs.webkit.org/show_bug.cgi?id=53732
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::destroy): Freeing a block compacts the list, so just
-        keep freeing block 0 until there are no blocks left.
-
-2011-02-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Mac build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: The new MarkedBlock.h header
-        needs to be private, not project, so other projects can include headers
-        that depend on it.
-
-2011-02-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Start using MarkedBlock instead of CollectorBlock
-        https://bugs.webkit.org/show_bug.cgi?id=53693
-        
-        SunSpider reports no change.
-        
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::blockFor):
-        (JSC::MarkedBlock::setMarked):
-        (JSC::MarkedBlock::isCellAligned):
-        (JSC::MarkedBlock::isPossibleCell): Updated for const-ness.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::containsSlowCase):
-        (JSC::MarkedSpace::clearMarkBits): Updated for const-ness.
-
-        * runtime/MarkedSpace.h:
-        (JSC::CollectorHeap::collectorBlock):
-        (JSC::MarkedSpace::heap):
-        (JSC::MarkedSpace::isMarked):
-        (JSC::MarkedSpace::testAndSetMarked):
-        (JSC::MarkedSpace::setMarked):
-        (JSC::MarkedSpace::contains): Switched from CollectorBlock to MarkedBlock,
-        and deleted dead CollectorBlock-related code.
-
-2011-02-03  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Avoid strlen() in AtomicString::fromUTF8
-        https://bugs.webkit.org/show_bug.cgi?id=50516
-
-        Add an overload to calculateStringHashFromUTF8 to get
-        strlen() of the input data with only one call.
-
-        This change shows about 3% performance win on the xml-parser benchmark.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::fromUTF8):
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
-        (WTF::Unicode::calculateStringHashFromUTF8):
-        (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
-        * wtf/unicode/UTF8.h:
-
-2011-02-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-02  Gavin Barraclough  <barraclough@apple.com>
-
-        oops, build fix!
-
-        * wtf/Assertions.cpp:
-
-2011-02-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 53650 - Add a BACKTRACE macro to Assertions.h
-
-        Add a BACKTRACE macro to Assertions.h, which will print a backtrace on
-        debug Mac builds, make CRASH (and thus ASSERT) automatically call this.
-
-        * JavaScriptCore.exp:
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-
-2011-02-02  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improper backtrack of nested non-capturing greedy paren to prior paren
-        https://bugs.webkit.org/show_bug.cgi?id=53261
-
-        A paren that follows a non-capturing greedy paren nested within a 
-        non-capturing fixed paren was back tracking to the last paren 
-        processed instead of the immediately prior paren.
-        Refactored default backtracking of parens to prior paren to work for
-        both nested (within) and immediately prior (after) parens.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::TermGenerationState):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::setJumpListToPriorParen):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::getJumpListToPriorParen):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::ParenthesesTail):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
-        (JSC::Yarr::YarrGenerator::generateParenthesesDisjunction):
-        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
-        (JSC::Yarr::YarrGenerator::generateDisjunction):
-
-2011-02-02  Jeff Miller  <jeffm@apple.com>
-
-        Reviewed by Darin Adler and Steve Falkenburg.
-
-        Add DerivedSources.make to some Visual Studio projects
-        https://bugs.webkit.org/show_bug.cgi?id=53607
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add DerivedSources.make.
-
-2011-02-02  Steve Lacey  <sjl@chromium.org>
-
-        Reviewed by Eric Carlson.
-
-        Implement basic media statistics on media elements.
-        https://bugs.webkit.org/show_bug.cgi?id=53322
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-02-02  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fixes for wxWebKit.
-
-        * wtf/wx/StringWx.cpp:
-        (WTF::String::String):
-
-2011-02-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A little more Heap refactoring
-        https://bugs.webkit.org/show_bug.cgi?id=53577
-        
-        SunSpider reports no change.
-        
-        Split out MarkedBlock into its own file / class.
-        
-        Did the following renames:
-            isCellMarked => isMarked
-            checkMarkCell => testAndSetMarked
-            markCell => setMarked
-            cellOffset => cellNumber
-            collectorBlock => blockFor
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Heap.cpp:
-        (JSC::WeakGCHandlePool::update):
-        * runtime/Heap.h:
-        (JSC::Heap::isMarked):
-        (JSC::Heap::testAndSetMarked):
-        (JSC::Heap::setMarked):
-        * runtime/JSArray.h:
-        (JSC::MarkStack::markChildren):
-        (JSC::MarkStack::drain):
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkStack::internalAppend):
-        * runtime/MarkedBlock.cpp: Added.
-        * runtime/MarkedBlock.h: Added.
-        (JSC::MarkedBlock::blockFor):
-        (JSC::MarkedBlock::cellNumber):
-        (JSC::MarkedBlock::isMarked):
-        (JSC::MarkedBlock::testAndSetMarked):
-        (JSC::MarkedBlock::setMarked):
-        (JSC::MarkedBlock::isCellAligned):
-        (JSC::MarkedBlock::isPossibleCell):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::isMarked):
-        (JSC::MarkedSpace::testAndSetMarked):
-        (JSC::MarkedSpace::setMarked):
-        * runtime/SmallStrings.cpp:
-        (JSC::isMarked):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::isValid):
-        (JSC::::get):
-        (JSC::::take):
-        (JSC::::set):
-
-2011-02-02  Sam Weinig  <sam@webkit.org>
-
-        Fix windows clean build.
-
-        * DerivedSources.make:
-
-2011-02-02  Alejandro G. Castro  <alex@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Fix dist compilation
-        https://bugs.webkit.org/show_bug.cgi?id=53579
-
-        * GNUmakefile.am: Added WriteBarrier.h to the sources, it was
-        added in r77151
-
-2011-02-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r77297.
-        http://trac.webkit.org/changeset/77297
-        https://bugs.webkit.org/show_bug.cgi?id=53538
-
-        caused leopard crashes (Requested by paroga on #webkit).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::fromUTF8):
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::calculateStringHashFromUTF8):
-        * wtf/unicode/UTF8.h:
-
-2011-02-01  Sam Weinig  <sam@webkit.org>
-
-        Fix Mac production builds.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-02-01  Sam Weinig  <sam@webkit.org>
-
-        Try to fix the windows build.
-
-        * DerivedSources.make:
-
-2011-02-01  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Avoid strlen() in AtomicString::fromUTF8
-        https://bugs.webkit.org/show_bug.cgi?id=50516
-
-        Add an overload to calculateStringHashFromUTF8 to get
-        strlen() of the input data with only one call.
-
-        This change shows about 3% performance win on the xml-parser benchmark.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::fromUTF8):
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
-        (WTF::Unicode::calculateStringHashFromUTF8):
-        (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
-        * wtf/unicode/UTF8.h:
-
-2011-02-01  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Beth Dakin.
-
-        Part 2 for <rdar://problem/8492788>
-        Adopt WKScrollbarPainterController
-
-        Use header detection to define scrollbar painting controller #define.
-
-        * DerivedSources.make:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-02-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Refactor JSGlobalObject-related tear-down
-        https://bugs.webkit.org/show_bug.cgi?id=53478
-        
-        While investigating crashes caused by r77082, I noticed some strange
-        destructor-time behaviors. This patch makes them less strange.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObject):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::GlobalCodeBlock::~GlobalCodeBlock): Store the set of global code
-        blocks on the Heap, instead of on independent global objects. The heap
-        is guaranteed to outlast any GC-owned data structure. The heap is also
-        a natural place to store objects that needs out-of-band marking, since
-        the heap is responsible for marking all roots.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots):
-        (JSC::Heap::globalObjectCount):
-        (JSC::Heap::protectedGlobalObjectCount):
-        * runtime/Heap.h:
-        (JSC::Heap::codeBlocks):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::init):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        * runtime/MarkedSpace.cpp: Store the set of global objects in a weak map
-        owned by JSGlobalData, instead of an instrusive circular linked list.
-        This is simpler, and it avoids destructor-time access between garbage
-        collected objects, which is hard to get right.
-
-        (JSC::MarkedSpace::destroy): Make sure to clear mark bits before tearing
-        everything down. Otherwise, weak data structures will incorrectly report
-        that objects pending destruction are still alive.
-
-2011-02-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESSION(77082): GC-related crashes seen: on WebKit2 bot; on GTK 32bit
-        bot; loading trac pages; typing in search field
-        https://bugs.webkit.org/show_bug.cgi?id=53519
-        
-        The crashes were all caused by failure to run an object's destructor.
-
-        * runtime/CollectorHeapIterator.h:
-        (JSC::ObjectIterator::ObjectIterator): Don't skip forward upon
-        construction. The iterator class used to do that when it was designed
-        for prior-to-beginning initialization. I forgot to remove this line
-        of code when I changed the iterator to normal initialization.
-        
-        Skipping forward upon construction was causing the heap to skip running
-        the destructor for the very first object in a block when destroying the
-        block. This usually did not crash, since block destruction is rare and
-        most objects have pretty trivial destructors. However, in the rare case
-        when the heap would destroy a block whose first object was a global
-        object or a DOM node, BOOM.
-
-2011-01-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Update JSObject storage for new marking API
-        https://bugs.webkit.org/show_bug.cgi?id=53467
-
-        JSObject no longer uses EncodedJSValue for its property storage.
-        This produces a stream of mechanical changes to PropertySlot and
-        anonymous storage APIs.
-
-        * JavaScriptCore.exp:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/BooleanObject.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::fillGetterPropertySlot):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::offsetForLocation):
-        (JSC::JSObject::putAnonymousValue):
-        (JSC::JSObject::clearAnonymousValue):
-        (JSC::JSObject::getAnonymousValue):
-        (JSC::JSObject::putThisToAnonymousValue):
-        (JSC::JSObject::locationForOffset):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        * runtime/JSObjectWithGlobalObject.cpp:
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/NumberConstructor.cpp:
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        (JSC::constructNumber):
-        * runtime/NumberObject.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::getValue):
-        (JSC::PropertySlot::setValue):
-        (JSC::PropertySlot::setRegisterSlot):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-
-2011-02-01  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Antonio Gomes.
-
-        Modify RandomNumberSeed.h to use USE(MERSENNE_TWISTER_19937)
-        https://bugs.webkit.org/show_bug.cgi?id=53506
-
-        Currently, use of the Mersenne Twister pseudorandom number generator
-        is hardcoded to the Windows CE port. With the passing of bug #53253,
-        we can generalize support for this PRNG to all ports that use srand(3)
-        and rand(3), including Windows CE.
-
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-
-2011-02-01  Dave Tapuska  <dtapuska@rim.com>
-
-        Reviewed by Gavin Barraclough.
-
-        MacroAssemblerARM would generate code that did 32bit loads
-        on addresses that were not aligned. More specifically it would
-        generate a ldr r8,[r1, #7] which isn't valid on ARMv5 and lower.
-        The intended instruction really is ldrb r8,[r1, #7]; ensure we
-        call load8 instead of load32.
-
-        https://bugs.webkit.org/show_bug.cgi?id=46095
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::set32Test32):
-        (JSC::MacroAssemblerARM::set32Test8):
-
-2011-02-01  Darin Fisher  <darin@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Fix some Visual Studio compiler warnings.
-        https://bugs.webkit.org/show_bug.cgi?id=53476
-
-        * wtf/MathExtras.h:
-        (clampToInteger):
-        (clampToPositiveInteger):
-        * wtf/ThreadingWin.cpp:
-        (WTF::absoluteTimeToWaitTimeoutInterval):
-
-2011-01-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bogus callframe during stack unwinding
-        https://bugs.webkit.org/show_bug.cgi?id=53454
-
-        Trying to access a callframe's globalData after destroying its
-        ScopeChain is not a good thing.  While we could access the
-        globalData directly through the (known valid) scopechain we're
-        holding on to, it feels fragile.  Instead we push the valid
-        ScopeChain onto the callframe again to ensure that the callframe
-        itself remains valid.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-
-2011-01-31  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
-        https://bugs.webkit.org/show_bug.cgi?id=53271
-
-        Reapplying this change again.
-        Changed isValid() to use .get() as a result of change r77151.
-
-        Added new isValid() methods to check if a contained object in
-        a WeakGCMap is valid when using an unchecked iterator.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::isValid):
-
-2011-01-31  Oliver Hunt  <oliver@apple.com>
-
-        Convert markstack to a slot visitor API
-        https://bugs.webkit.org/show_bug.cgi?id=53219
-
-        rolling r77098, r77099, r77100, r77109, and
-        r77111 back in, along with a few more Qt fix attempts.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
-        (JSC::JSCallbackObject::setPrivateProperty):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::put):
-        (JSC::::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        (JSObjectSetPrivateProperty):
-        * API/JSWeakObjectMapRefInternal.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObject):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        (JSC::BytecodeGenerator::findScopedProperty):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::markChildren):
-        * debugger/DebuggerActivation.h:
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::exception):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::appendSourceToError):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::markChildren):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::setActivation):
-        (JSC::Arguments::Arguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeSet::grow):
-        * runtime/ConservativeSet.h:
-        (JSC::ConservativeSet::~ConservativeSet):
-        (JSC::ConservativeSet::mark):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::markChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::getter):
-        (JSC::GetterSetter::setGetter):
-        (JSC::GetterSetter::setter):
-        (JSC::GetterSetter::setSetter):
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        (JSC::GlobalEvalFunction::markChildren):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::cachedGlobalObject):
-        * runtime/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::value):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::put):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::markChildrenDirect):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkStack::append):
-        (JSC::JSCell::MarkStack::internalAppend):
-        (JSC::JSCell::MarkStack::deprecatedAppend):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::regExpConstructor):
-        (JSC::JSGlobalObject::errorConstructor):
-        (JSC::JSGlobalObject::evalErrorConstructor):
-        (JSC::JSGlobalObject::rangeErrorConstructor):
-        (JSC::JSGlobalObject::referenceErrorConstructor):
-        (JSC::JSGlobalObject::syntaxErrorConstructor):
-        (JSC::JSGlobalObject::typeErrorConstructor):
-        (JSC::JSGlobalObject::URIErrorConstructor):
-        (JSC::JSGlobalObject::evalFunction):
-        (JSC::JSGlobalObject::objectPrototype):
-        (JSC::JSGlobalObject::functionPrototype):
-        (JSC::JSGlobalObject::arrayPrototype):
-        (JSC::JSGlobalObject::booleanPrototype):
-        (JSC::JSGlobalObject::stringPrototype):
-        (JSC::JSGlobalObject::numberPrototype):
-        (JSC::JSGlobalObject::datePrototype):
-        (JSC::JSGlobalObject::regExpPrototype):
-        (JSC::JSGlobalObject::methodCallDummy):
-        (JSC::Structure::prototypeForLookup):
-        (JSC::constructArray):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::object):
-        (JSC::Stringifier::Holder::objectSlot):
-        (JSC::Stringifier::markAggregate):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::callReviver):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::putUndefinedAtDirectOffset):
-        (JSC::JSObject::flattenDictionaryObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSValue::putDirect):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::get):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/JSValue.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::markChildren):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::deprecatedAppendValues):
-        (JSC::MarkStack::appendValues):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        (JSC::resolveBase):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::setExistingProperty):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::base):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        (JSC::ScopeChainIterator::operator*):
-        (JSC::ScopeChainIterator::operator->):
-        (JSC::ScopeChain::top):
-        * runtime/ScopeChainMark.h:
-        (JSC::ScopeChain::markAggregate):
-        * runtime/SmallStrings.cpp:
-        (JSC::isMarked):
-        (JSC::SmallStrings::markChildren):
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::emptyString):
-        (JSC::SmallStrings::singleCharacterString):
-        (JSC::SmallStrings::singleCharacterStrings):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::storedPrototype):
-        (JSC::Structure::storedPrototypeSlot):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::uncheckedGet):
-        (JSC::WeakGCMap::uncheckedGetSlot):
-        (JSC::::get):
-        (JSC::::take):
-        (JSC::::set):
-        (JSC::::uncheckedRemove):
-        * runtime/WriteBarrier.h: Added.
-        (JSC::DeprecatedPtr::DeprecatedPtr):
-        (JSC::DeprecatedPtr::get):
-        (JSC::DeprecatedPtr::operator*):
-        (JSC::DeprecatedPtr::operator->):
-        (JSC::DeprecatedPtr::slot):
-        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
-        (JSC::DeprecatedPtr::operator!):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::clear):
-        (JSC::WriteBarrierBase::slot):
-        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
-        (JSC::WriteBarrierBase::operator!):
-        (JSC::WriteBarrier::WriteBarrier):
-        (JSC::operator==):
-
-2011-01-31  Dan Winship  <danw@gnome.org>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        wss (websockets ssl) support for gtk via new gio TLS support
-        https://bugs.webkit.org/show_bug.cgi?id=50344
-
-        Add a GPollableOutputStream typedef for TLS WebSockets support
-
-        * wtf/gobject/GTypedefs.h:
-
-2011-01-31  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=53352
-        Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().
-
-        The FixedVMPoolAllocator currently uses a best fix policy -
-        switch to first fit, this is less prone to external fragmentation.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
-        (JSC::AllocationTableSizeClass::blockSize):
-        (JSC::AllocationTableSizeClass::blockCount):
-        (JSC::AllocationTableSizeClass::blockAlignment):
-        (JSC::AllocationTableSizeClass::size):
-        (JSC::AllocationTableLeaf::AllocationTableLeaf):
-        (JSC::AllocationTableLeaf::~AllocationTableLeaf):
-        (JSC::AllocationTableLeaf::allocate):
-        (JSC::AllocationTableLeaf::free):
-        (JSC::AllocationTableLeaf::isEmpty):
-        (JSC::AllocationTableLeaf::isFull):
-        (JSC::AllocationTableLeaf::size):
-        (JSC::AllocationTableLeaf::classForSize):
-        (JSC::AllocationTableLeaf::dump):
-        (JSC::LazyAllocationTable::LazyAllocationTable):
-        (JSC::LazyAllocationTable::~LazyAllocationTable):
-        (JSC::LazyAllocationTable::allocate):
-        (JSC::LazyAllocationTable::free):
-        (JSC::LazyAllocationTable::isEmpty):
-        (JSC::LazyAllocationTable::isFull):
-        (JSC::LazyAllocationTable::size):
-        (JSC::LazyAllocationTable::dump):
-        (JSC::LazyAllocationTable::classForSize):
-        (JSC::AllocationTableDirectory::AllocationTableDirectory):
-        (JSC::AllocationTableDirectory::~AllocationTableDirectory):
-        (JSC::AllocationTableDirectory::allocate):
-        (JSC::AllocationTableDirectory::free):
-        (JSC::AllocationTableDirectory::isEmpty):
-        (JSC::AllocationTableDirectory::isFull):
-        (JSC::AllocationTableDirectory::size):
-        (JSC::AllocationTableDirectory::classForSize):
-        (JSC::AllocationTableDirectory::dump):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::allocated):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::FixedVMPoolAllocator::classForSize):
-        (JSC::FixedVMPoolAllocator::offsetToPointer):
-        (JSC::FixedVMPoolAllocator::pointerToOffset):
-        (JSC::ExecutableAllocator::committedByteCount):
-        (JSC::ExecutableAllocator::isValid):
-        (JSC::ExecutableAllocator::underMemoryPressure):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::PageReservation):
-        (WTF::PageReservation::commit):
-        (WTF::PageReservation::decommit):
-        (WTF::PageReservation::committed):
-
-2011-01-31  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r76969.
-        http://trac.webkit.org/changeset/76969
-        https://bugs.webkit.org/show_bug.cgi?id=53418
-
-        "It is causing crashes in GTK+ and Leopard bots" (Requested by
-        alexg__ on #webkit).
-
-        * runtime/WeakGCMap.h:
-
-2011-01-30  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed, rolling out r77098, r77099, r77100, r77109, and
-        r77111.
-        http://trac.webkit.org/changeset/77098
-        http://trac.webkit.org/changeset/77099
-        http://trac.webkit.org/changeset/77100
-        http://trac.webkit.org/changeset/77109
-        http://trac.webkit.org/changeset/77111
-        https://bugs.webkit.org/show_bug.cgi?id=53219
-
-        Qt build is broken
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
-        (JSC::JSCallbackObject::setPrivateProperty):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::put):
-        (JSC::::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        (JSObjectSetPrivateProperty):
-        * API/JSWeakObjectMapRefInternal.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObject):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        (JSC::BytecodeGenerator::findScopedProperty):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::markChildren):
-        * debugger/DebuggerActivation.h:
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::exception):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::appendSourceToError):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::markChildren):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::setActivation):
-        (JSC::Arguments::Arguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeSet::grow):
-        * runtime/ConservativeSet.h:
-        (JSC::ConservativeSet::~ConservativeSet):
-        (JSC::ConservativeSet::mark):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::markChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::getter):
-        (JSC::GetterSetter::setGetter):
-        (JSC::GetterSetter::setter):
-        (JSC::GetterSetter::setSetter):
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        (JSC::GlobalEvalFunction::markChildren):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::cachedGlobalObject):
-        * runtime/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::value):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::put):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::markChildrenDirect):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::toThisObject):
-        (JSC::JSCell::MarkStack::append):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::regExpConstructor):
-        (JSC::JSGlobalObject::errorConstructor):
-        (JSC::JSGlobalObject::evalErrorConstructor):
-        (JSC::JSGlobalObject::rangeErrorConstructor):
-        (JSC::JSGlobalObject::referenceErrorConstructor):
-        (JSC::JSGlobalObject::syntaxErrorConstructor):
-        (JSC::JSGlobalObject::typeErrorConstructor):
-        (JSC::JSGlobalObject::URIErrorConstructor):
-        (JSC::JSGlobalObject::evalFunction):
-        (JSC::JSGlobalObject::objectPrototype):
-        (JSC::JSGlobalObject::functionPrototype):
-        (JSC::JSGlobalObject::arrayPrototype):
-        (JSC::JSGlobalObject::booleanPrototype):
-        (JSC::JSGlobalObject::stringPrototype):
-        (JSC::JSGlobalObject::numberPrototype):
-        (JSC::JSGlobalObject::datePrototype):
-        (JSC::JSGlobalObject::regExpPrototype):
-        (JSC::JSGlobalObject::methodCallDummy):
-        (JSC::Structure::prototypeForLookup):
-        (JSC::constructArray):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::object):
-        (JSC::Stringifier::markAggregate):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::callReviver):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::flattenDictionaryObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSValue::putDirect):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::get):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/JSValue.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::markChildren):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::appendValues):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        (JSC::resolveBase):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::setExistingProperty):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::base):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        (JSC::ScopeChainIterator::operator*):
-        (JSC::ScopeChainIterator::operator->):
-        (JSC::ScopeChain::top):
-        * runtime/ScopeChainMark.h:
-        (JSC::ScopeChain::markAggregate):
-        * runtime/SmallStrings.cpp:
-        (JSC::isMarked):
-        (JSC::SmallStrings::markChildren):
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::emptyString):
-        (JSC::SmallStrings::singleCharacterString):
-        (JSC::SmallStrings::singleCharacterStrings):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::storedPrototype):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::uncheckedGet):
-        (JSC::WeakGCMap::isValid):
-        (JSC::::get):
-        (JSC::::take):
-        (JSC::::set):
-        (JSC::::uncheckedRemove):
-        * runtime/WriteBarrier.h: Removed.
-
-2011-01-30  Simon Fraser  <simon.fraser@apple.com>
-
-        Build fix the build fix. I assume Oliver meant m_cell, not m_value.
-
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::clear):
-
-2011-01-30  Oliver Hunt  <oliver@apple.com>
-
-        More Qt build fixes
-
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::clear):
-
-2011-01-30  Oliver Hunt  <oliver@apple.com>
-
-        Convert markstack to a slot visitor API
-        https://bugs.webkit.org/show_bug.cgi?id=53219
-
-        rolling r77006 and r77020 back in.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
-        (JSC::JSCallbackObject::setPrivateProperty):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::put):
-        (JSC::::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        (JSObjectSetPrivateProperty):
-        * API/JSWeakObjectMapRefInternal.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObject):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        (JSC::BytecodeGenerator::findScopedProperty):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::markChildren):
-        * debugger/DebuggerActivation.h:
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::exception):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::appendSourceToError):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::markChildren):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::setActivation):
-        (JSC::Arguments::Arguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeSet::grow):
-        * runtime/ConservativeSet.h:
-        (JSC::ConservativeSet::~ConservativeSet):
-        (JSC::ConservativeSet::mark):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::markChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::getter):
-        (JSC::GetterSetter::setGetter):
-        (JSC::GetterSetter::setter):
-        (JSC::GetterSetter::setSetter):
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        (JSC::GlobalEvalFunction::markChildren):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::cachedGlobalObject):
-        * runtime/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::value):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::put):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::markChildrenDirect):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkStack::append):
-        (JSC::JSCell::MarkStack::internalAppend):
-        (JSC::JSCell::MarkStack::deprecatedAppend):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::regExpConstructor):
-        (JSC::JSGlobalObject::errorConstructor):
-        (JSC::JSGlobalObject::evalErrorConstructor):
-        (JSC::JSGlobalObject::rangeErrorConstructor):
-        (JSC::JSGlobalObject::referenceErrorConstructor):
-        (JSC::JSGlobalObject::syntaxErrorConstructor):
-        (JSC::JSGlobalObject::typeErrorConstructor):
-        (JSC::JSGlobalObject::URIErrorConstructor):
-        (JSC::JSGlobalObject::evalFunction):
-        (JSC::JSGlobalObject::objectPrototype):
-        (JSC::JSGlobalObject::functionPrototype):
-        (JSC::JSGlobalObject::arrayPrototype):
-        (JSC::JSGlobalObject::booleanPrototype):
-        (JSC::JSGlobalObject::stringPrototype):
-        (JSC::JSGlobalObject::numberPrototype):
-        (JSC::JSGlobalObject::datePrototype):
-        (JSC::JSGlobalObject::regExpPrototype):
-        (JSC::JSGlobalObject::methodCallDummy):
-        (JSC::Structure::prototypeForLookup):
-        (JSC::constructArray):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::object):
-        (JSC::Stringifier::Holder::objectSlot):
-        (JSC::Stringifier::markAggregate):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::callReviver):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::putUndefinedAtDirectOffset):
-        (JSC::JSObject::flattenDictionaryObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSValue::putDirect):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::get):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/JSValue.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::markChildren):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::deprecatedAppendValues):
-        (JSC::MarkStack::appendValues):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        (JSC::resolveBase):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::setExistingProperty):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::base):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        (JSC::ScopeChainIterator::operator*):
-        (JSC::ScopeChainIterator::operator->):
-        (JSC::ScopeChain::top):
-        * runtime/ScopeChainMark.h:
-        (JSC::ScopeChain::markAggregate):
-        * runtime/SmallStrings.cpp:
-        (JSC::isMarked):
-        (JSC::SmallStrings::markChildren):
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::emptyString):
-        (JSC::SmallStrings::singleCharacterString):
-        (JSC::SmallStrings::singleCharacterStrings):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::storedPrototype):
-        (JSC::Structure::storedPrototypeSlot):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::uncheckedGet):
-        (JSC::WeakGCMap::uncheckedGetSlot):
-        (JSC::WeakGCMap::isValid):
-        (JSC::::get):
-        (JSC::::take):
-        (JSC::::set):
-        (JSC::::uncheckedRemove):
-        * runtime/WriteBarrier.h: Added.
-        (JSC::DeprecatedPtr::DeprecatedPtr):
-        (JSC::DeprecatedPtr::get):
-        (JSC::DeprecatedPtr::operator*):
-        (JSC::DeprecatedPtr::operator->):
-        (JSC::DeprecatedPtr::slot):
-        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
-        (JSC::DeprecatedPtr::operator!):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::slot):
-        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
-        (JSC::WriteBarrierBase::operator!):
-        (JSC::WriteBarrier::WriteBarrier):
-        (JSC::operator==):
-
-2011-01-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Filter all Heap collection through a common reset function, in
-        preparation for adding features triggered by collection.
-        https://bugs.webkit.org/show_bug.cgi?id=53396
-        
-        SunSpider reports no change.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reportExtraMemoryCostSlowCase): When we're over the extraCost
-        limit, just call collectAllGarbage() instead of rolling our own special
-        way of resetting the heap. In theory, this may be slower in some cases,
-        but it also fixes cases of pathological heap growth that we've seen,
-        where the only objects being allocated are temporary and huge
-        (<rdar://problem/8885843>).
-
-        (JSC::Heap::allocate):
-        (JSC::Heap::collectAllGarbage): Use the shared reset function.
-
-        (JSC::Heap::reset):
-        * runtime/Heap.h: Carved a new shared reset function out of the old
-        collectAllGarbage.
-
-2011-01-30  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r77025.
-        http://trac.webkit.org/changeset/77025
-        https://bugs.webkit.org/show_bug.cgi?id=53401
-
-        It made js1_5/Regress/regress-159334.js fail on 64 bit Linux
-        (Requested by Ossy on #webkit).
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FreeListEntry::FreeListEntry):
-        (JSC::AVLTreeAbstractorForFreeList::get_less):
-        (JSC::AVLTreeAbstractorForFreeList::set_less):
-        (JSC::AVLTreeAbstractorForFreeList::get_greater):
-        (JSC::AVLTreeAbstractorForFreeList::set_greater):
-        (JSC::AVLTreeAbstractorForFreeList::get_balance_factor):
-        (JSC::AVLTreeAbstractorForFreeList::set_balance_factor):
-        (JSC::AVLTreeAbstractorForFreeList::null):
-        (JSC::AVLTreeAbstractorForFreeList::compare_key_key):
-        (JSC::AVLTreeAbstractorForFreeList::compare_key_node):
-        (JSC::AVLTreeAbstractorForFreeList::compare_node_node):
-        (JSC::reverseSortFreeListEntriesByPointer):
-        (JSC::reverseSortCommonSizedAllocations):
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::addToFreeList):
-        (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::FixedVMPoolAllocator::allocInternal):
-        (JSC::FixedVMPoolAllocator::isWithinVMPool):
-        (JSC::FixedVMPoolAllocator::addToCommittedByteCount):
-        (JSC::ExecutableAllocator::committedByteCount):
-        (JSC::maybeModifyVMPoolSize):
-        (JSC::ExecutableAllocator::isValid):
-        (JSC::ExecutableAllocator::underMemoryPressure):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::PageReservation):
-        (WTF::PageReservation::commit):
-        (WTF::PageReservation::decommit):
-
-2011-01-30  Leo Yang  <leo.yang@torchmobile.com.cn>
-
-        Reviewed by Daniel Bates.
-
-        Code style issue in JavaScriptCore/wtf/CurrentTime.h
-        https://bugs.webkit.org/show_bug.cgi?id=53394
-
-        According to rule #3 at http://webkit.org/coding/coding-style.html,
-        This patch fix style issue in CurrentTime.h.
-
-        No functionality change, no new tests.
-
-        * wtf/CurrentTime.h:
-        (WTF::currentTimeMS):
-        (WTF::getLocalTime):
-
-2011-01-30  Benjamin Poulain  <ikipou@gmail.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] JavaScriptCore does not link on Mac if building WebKit 2
-        https://bugs.webkit.org/show_bug.cgi?id=53377
-
-        The option "-whole-archive" is not availabe with the libtool of Mac OS X,
-        instead, we can use "-all_load" on Mac.
-
-        * JavaScriptCore.pri:
-
-2011-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Sorry Leopard bot -- I committed a change by accident.
-
-        * JavaScriptCore.exp: You may have your symbols back now.
-
-2011-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Simplified Heap iteration
-        https://bugs.webkit.org/show_bug.cgi?id=53393
-
-        * runtime/CollectorHeapIterator.h:
-        (JSC::CollectorHeapIterator::isValid):
-        (JSC::CollectorHeapIterator::isLive):
-        (JSC::CollectorHeapIterator::advance): Removed "max" argument to
-        advance because it's a constant.
-        (JSC::LiveObjectIterator::LiveObjectIterator):
-        (JSC::LiveObjectIterator::operator++):
-        (JSC::DeadObjectIterator::DeadObjectIterator):
-        (JSC::DeadObjectIterator::operator++):
-        (JSC::ObjectIterator::ObjectIterator):
-        (JSC::ObjectIterator::operator++): Factored out common checks into
-        two helper functions -- isValid() for "Am I past the end?" and isLive()
-        for "Is the cell I'm pointing to live?".
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::freeBlock):
-        (JSC::MarkedSpace::sweep): Always sweep from the beginning of the heap
-        to the end, to avoid making sweep subtly reliant on internal Heap state.
-        (JSC::MarkedSpace::primaryHeapBegin):
-        (JSC::MarkedSpace::primaryHeapEnd): Always be explicit about where
-        iteration begins.
-
-2011-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Simplified heap destruction
-        https://bugs.webkit.org/show_bug.cgi?id=53392
-
-        * JavaScriptCore.exp:
-        * runtime/Heap.cpp:
-        (JSC::Heap::destroy):
-        * runtime/Heap.h:
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::destroy):
-        * runtime/MarkedSpace.h: Don't go out of our way to destroy GC-protected
-        cells last -- the difficult contortions required to do so just don't seem
-        justified. We make no guarantees about GC protection after the client
-        throws away JSGlobalData, and it doesn't seem like any meaningful
-        guarantee is even possible.
-
-2011-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Switched heap to use the Bitmap class and removed CollectorBitmap
-        https://bugs.webkit.org/show_bug.cgi?id=53391
-        
-        SunSpider says 1.005x as fast. Seems like a fluke.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocate): Updated for rename and returning a value
-        rather than taking a value by reference.
-
-        * runtime/MarkedSpace.h: Code reuse is good.
-
-        * wtf/Bitmap.h:
-        (WTF::::testAndSet): Added, since this is the one thing Bitmap was missing
-        which CollectorBitmap had. (Renamed from the less conventional "getset".)
-
-        (WTF::::nextPossiblyUnset): Renamed and changed to return a value for
-        clarity. It's all the same with inlining.
-
-2011-01-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Some more Heap cleanup.
-        https://bugs.webkit.org/show_bug.cgi?id=53357
-        
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated exported symbols.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reportExtraMemoryCostSlowCase): Renamed recordExtraCost to 
-        reportExtraMemoryCostSlowCase to match our naming conventions.
-
-        (JSC::Heap::capacity): Renamed size to capacity because this function
-        returns the capacity of the heap, including unused portions.
-
-        * runtime/Heap.h:
-        (JSC::Heap::globalData):
-        (JSC::Heap::markedSpace):
-        (JSC::Heap::machineStackMarker):
-        (JSC::Heap::reportExtraMemoryCost): Moved statics to the top of the file.
-        Moved ctor and dtor to the beginning of the class definition. Grouped
-        functions by purpose.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::capacity): Renamed size to capacity because this
-        function returns the capacity of the heap, including unused portions.
-
-        * runtime/MarkedSpace.h: Removed statistics and the Statistics class because
-        the same information can be gotten just by calling size() and capacity().
-
-        * runtime/MemoryStatistics.cpp:
-        * runtime/MemoryStatistics.h: Ditto.
-
-2011-01-29  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Eric Seidel.
-
-        Move wince/mt19937ar.c to ThirdParty and make it a policy choice
-        https://bugs.webkit.org/show_bug.cgi?id=53253
-
-        Make inclusion of MT19937 a policy decision.
-
-        Currently, we hardcoded to  use MT19937 when building for
-        Windows CE. Instead, we should make this a policy decision
-        with the Windows CE port using this by default.
-
-        * JavaScriptCore.pri: Append Source/ThirdParty to the end
-        of the list include directories.
-        * wtf/CMakeLists.txt: Ditto.
-        * wtf/Platform.h: Defined WTF_USE_MERSENNE_TWISTER_19937 when
-        building for Windows CE.
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber): Substituted USE(MERSENNE_TWISTER_19937) for OS(WINCE).
-
-2011-01-29  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Bug 53374 - Remove uses of unsafe string functions in debugging code
-        https://bugs.webkit.org/show_bug.cgi?id=53374
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::printTraceData):
-
-2011-01-29  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JavaScriptCoreUseJIT environment variable broken
-        https://bugs.webkit.org/show_bug.cgi?id=53372
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Check the actual value in the string returned
-        by getenv() rather than just doing a NULL check on the return value.
-
-2011-01-29  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Move CharacterNames.h into WTF directory
-        https://bugs.webkit.org/show_bug.cgi?id=49618
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/unicode/CharacterNames.h: Renamed from WebCore/platform/text/CharacterNames.h.
-        * wtf/unicode/UTF8.cpp:
-
-2011-01-28  Simon Fraser  <simon.fraser@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add various clampToInt() methods to MathExtras.h
-        https://bugs.webkit.org/show_bug.cgi?id=52910
-        
-        Add functions for clamping doubles and floats to valid int
-        ranges, for signed and positive integers.
-
-        * wtf/MathExtras.h:
-        (clampToInteger):
-        (clampToPositiveInteger):
-
-2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r77006 and r77020.
-        http://trac.webkit.org/changeset/77006
-        http://trac.webkit.org/changeset/77020
-        https://bugs.webkit.org/show_bug.cgi?id=53360
-
-        "Broke Windows tests" (Requested by rniwa on #webkit).
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
-        (JSC::JSCallbackObject::setPrivateProperty):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::put):
-        (JSC::::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        (JSObjectSetPrivateProperty):
-        * API/JSWeakObjectMapRefInternal.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObject):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        (JSC::BytecodeGenerator::findScopedProperty):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::markChildren):
-        * debugger/DebuggerActivation.h:
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::exception):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::appendSourceToError):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::markChildren):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::setActivation):
-        (JSC::Arguments::Arguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeSet::grow):
-        * runtime/ConservativeSet.h:
-        (JSC::ConservativeSet::~ConservativeSet):
-        (JSC::ConservativeSet::mark):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::markChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::getter):
-        (JSC::GetterSetter::setGetter):
-        (JSC::GetterSetter::setter):
-        (JSC::GetterSetter::setSetter):
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        (JSC::GlobalEvalFunction::markChildren):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::cachedGlobalObject):
-        * runtime/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::value):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::put):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::markChildrenDirect):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::toThisObject):
-        (JSC::JSCell::MarkStack::append):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::regExpConstructor):
-        (JSC::JSGlobalObject::errorConstructor):
-        (JSC::JSGlobalObject::evalErrorConstructor):
-        (JSC::JSGlobalObject::rangeErrorConstructor):
-        (JSC::JSGlobalObject::referenceErrorConstructor):
-        (JSC::JSGlobalObject::syntaxErrorConstructor):
-        (JSC::JSGlobalObject::typeErrorConstructor):
-        (JSC::JSGlobalObject::URIErrorConstructor):
-        (JSC::JSGlobalObject::evalFunction):
-        (JSC::JSGlobalObject::objectPrototype):
-        (JSC::JSGlobalObject::functionPrototype):
-        (JSC::JSGlobalObject::arrayPrototype):
-        (JSC::JSGlobalObject::booleanPrototype):
-        (JSC::JSGlobalObject::stringPrototype):
-        (JSC::JSGlobalObject::numberPrototype):
-        (JSC::JSGlobalObject::datePrototype):
-        (JSC::JSGlobalObject::regExpPrototype):
-        (JSC::JSGlobalObject::methodCallDummy):
-        (JSC::Structure::prototypeForLookup):
-        (JSC::constructArray):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::object):
-        (JSC::Stringifier::markAggregate):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::callReviver):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::flattenDictionaryObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSValue::putDirect):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::get):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/JSValue.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::markChildren):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::appendValues):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        (JSC::resolveBase):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::setExistingProperty):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::base):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        (JSC::ScopeChainIterator::operator*):
-        (JSC::ScopeChainIterator::operator->):
-        (JSC::ScopeChain::top):
-        * runtime/ScopeChainMark.h:
-        (JSC::ScopeChain::markAggregate):
-        * runtime/SmallStrings.cpp:
-        (JSC::isMarked):
-        (JSC::SmallStrings::markChildren):
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::emptyString):
-        (JSC::SmallStrings::singleCharacterString):
-        (JSC::SmallStrings::singleCharacterStrings):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::storedPrototype):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::uncheckedGet):
-        (JSC::WeakGCMap::isValid):
-        (JSC::::get):
-        (JSC::::take):
-        (JSC::::set):
-        (JSC::::uncheckedRemove):
-        * runtime/WriteBarrier.h: Removed.
-
-2011-01-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=53352
-        Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().
-
-        The FixedVMPoolAllocator currently uses a best fix policy -
-        switch to first fit, this is less prone to external fragmentation.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
-        (JSC::AllocationTableSizeClass::blockSize):
-        (JSC::AllocationTableSizeClass::blockCount):
-        (JSC::AllocationTableSizeClass::blockAlignment):
-        (JSC::AllocationTableSizeClass::size):
-        (JSC::AllocationTableLeaf::AllocationTableLeaf):
-        (JSC::AllocationTableLeaf::~AllocationTableLeaf):
-        (JSC::AllocationTableLeaf::allocate):
-        (JSC::AllocationTableLeaf::free):
-        (JSC::AllocationTableLeaf::isEmpty):
-        (JSC::AllocationTableLeaf::isFull):
-        (JSC::AllocationTableLeaf::size):
-        (JSC::AllocationTableLeaf::classForSize):
-        (JSC::AllocationTableLeaf::dump):
-        (JSC::LazyAllocationTable::LazyAllocationTable):
-        (JSC::LazyAllocationTable::~LazyAllocationTable):
-        (JSC::LazyAllocationTable::allocate):
-        (JSC::LazyAllocationTable::free):
-        (JSC::LazyAllocationTable::isEmpty):
-        (JSC::LazyAllocationTable::isFull):
-        (JSC::LazyAllocationTable::size):
-        (JSC::LazyAllocationTable::dump):
-        (JSC::LazyAllocationTable::classForSize):
-        (JSC::AllocationTableDirectory::AllocationTableDirectory):
-        (JSC::AllocationTableDirectory::~AllocationTableDirectory):
-        (JSC::AllocationTableDirectory::allocate):
-        (JSC::AllocationTableDirectory::free):
-        (JSC::AllocationTableDirectory::isEmpty):
-        (JSC::AllocationTableDirectory::isFull):
-        (JSC::AllocationTableDirectory::size):
-        (JSC::AllocationTableDirectory::classForSize):
-        (JSC::AllocationTableDirectory::dump):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::allocated):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::FixedVMPoolAllocator::classForSize):
-        (JSC::FixedVMPoolAllocator::offsetToPointer):
-        (JSC::FixedVMPoolAllocator::pointerToOffset):
-        (JSC::ExecutableAllocator::committedByteCount):
-        (JSC::ExecutableAllocator::isValid):
-        (JSC::ExecutableAllocator::underMemoryPressure):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::PageReservation):
-        (WTF::PageReservation::commit):
-        (WTF::PageReservation::decommit):
-        (WTF::PageReservation::committed):
-
-2011-01-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Convert markstack to a slot visitor API
-        https://bugs.webkit.org/show_bug.cgi?id=53219
-
-        Move the MarkStack over to a slot based marking API.
-
-        In order to avoiding aliasing concerns there are two new types
-        that need to be used when holding on to JSValues and JSCell that
-        need to be marked: WriteBarrier and DeprecatedPtr.  WriteBarrier
-        is expected to be used for any JSValue or Cell that's lifetime and
-        marking is controlled by another GC object.  DeprecatedPtr is used
-        for any value that we need to rework ownership for.
-
-        The change over to this model has produced a large amount of
-        code changes, but they are mostly mechanical (forwarding JSGlobalData,
-        etc).
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
-        (JSC::JSCallbackObject::setPrivateProperty):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::put):
-        (JSC::::staticFunctionGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeConstructor):
-        (JSObjectSetPrivateProperty):
-        * API/JSWeakObjectMapRefInternal.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObject):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        (JSC::BytecodeGenerator::findScopedProperty):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::markChildren):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::appendSourceToError):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Register.h:
-        (JSC::Register::jsValueSlot):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::markChildren):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::setActivation):
-        (JSC::Arguments::Arguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/ConservativeSet.h:
-        (JSC::ConservativeSet::mark):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::markChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::getter):
-        (JSC::GetterSetter::setGetter):
-        (JSC::GetterSetter::setter):
-        (JSC::GetterSetter::setSetter):
-        * runtime/GlobalEvalFunction.cpp:
-        (JSC::GlobalEvalFunction::GlobalEvalFunction):
-        (JSC::GlobalEvalFunction::markChildren):
-        * runtime/GlobalEvalFunction.h:
-        (JSC::GlobalEvalFunction::cachedGlobalObject):
-        * runtime/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::value):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::put):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::markChildrenDirect):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkStack::append):
-        (JSC::JSCell::MarkStack::appendCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::regExpConstructor):
-        (JSC::JSGlobalObject::errorConstructor):
-        (JSC::JSGlobalObject::evalErrorConstructor):
-        (JSC::JSGlobalObject::rangeErrorConstructor):
-        (JSC::JSGlobalObject::referenceErrorConstructor):
-        (JSC::JSGlobalObject::syntaxErrorConstructor):
-        (JSC::JSGlobalObject::typeErrorConstructor):
-        (JSC::JSGlobalObject::URIErrorConstructor):
-        (JSC::JSGlobalObject::evalFunction):
-        (JSC::JSGlobalObject::objectPrototype):
-        (JSC::JSGlobalObject::functionPrototype):
-        (JSC::JSGlobalObject::arrayPrototype):
-        (JSC::JSGlobalObject::booleanPrototype):
-        (JSC::JSGlobalObject::stringPrototype):
-        (JSC::JSGlobalObject::numberPrototype):
-        (JSC::JSGlobalObject::datePrototype):
-        (JSC::JSGlobalObject::regExpPrototype):
-        (JSC::JSGlobalObject::methodCallDummy):
-        (JSC::constructArray):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::object):
-        (JSC::Stringifier::Holder::objectSlot):
-        (JSC::Stringifier::markAggregate):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::callReviver):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::putUndefinedAtDirectOffset):
-        (JSC::JSObject::flattenDictionaryObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectFunction):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSValue::putDirect):
-        (JSC::JSObject::allocatePropertyStorageInline):
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/JSValue.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::markChildren):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/MarkStack.h:
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        (JSC::resolveBase):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::setExistingProperty):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::base):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        (JSC::ScopeChainIterator::operator*):
-        (JSC::ScopeChainIterator::operator->):
-        (JSC::ScopeChain::top):
-        * runtime/ScopeChainMark.h:
-        (JSC::ScopeChain::markAggregate):
-        * runtime/SmallStrings.cpp:
-        (JSC::isMarked):
-        (JSC::SmallStrings::markChildren):
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::emptyString):
-        (JSC::SmallStrings::singleCharacterString):
-        (JSC::SmallStrings::singleCharacterStrings):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/Structure.cpp:
-        (JSC::Structure::flattenDictionaryStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::storedPrototypeSlot):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::uncheckedGet):
-        (JSC::WeakGCMap::uncheckedGetSlot):
-        (JSC::::get):
-        (JSC::::take):
-        (JSC::::set):
-        (JSC::::uncheckedRemove):
-        * runtime/WriteBarrier.h: Added.
-        (JSC::DeprecatedPtr::DeprecatedPtr):
-        (JSC::DeprecatedPtr::get):
-        (JSC::DeprecatedPtr::operator*):
-        (JSC::DeprecatedPtr::operator->):
-        (JSC::DeprecatedPtr::slot):
-        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
-        (JSC::DeprecatedPtr::operator!):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::slot):
-        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
-        (JSC::WriteBarrierBase::operator!):
-        (JSC::WriteBarrier::WriteBarrier):
-        (JSC::operator==):
-
-2011-01-28  Adam Roben  <aroben@apple.com>
-
-        Chromium build fix after r76967
-
-        * wtf/ThreadingPrimitives.h: Use OS(WINDOWS) instead of PLATFORM(WIN), to match other
-        similar macros in this file.
-
-2011-01-28  Michael Saboff  <msaboff@apple.com>
-
-        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
-        https://bugs.webkit.org/show_bug.cgi?id=53271
-
-        Reapplying this this change.  No change from prior patch in
-        JavaScriptCore.
-
-        Added new isValid() methods to check if a contained object in
-        a WeakGCMap is valid when using an unchecked iterator.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::isValid):
-
-2011-01-27  Adam Roben  <aroben@apple.com>
-
-        Extract code to convert a WTF absolute time to a Win32 wait interval into a separate
-        function
-
-        Fixes <http://webkit.org/b/53208> <rdar://problem/8922490> BinarySemaphore should wrap a
-        Win32 event
-
-        Reviewed by Dave Hyatt.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export the new function.
-
-        * wtf/ThreadingPrimitives.h: Declare the new function.
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::ThreadCondition::timedWait): Moved code to convert the absolute time to a wait
-        interval from here...
-        (WTF::absoluteTimeToWaitTimeoutInterval): ...to here.
-
-2011-01-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add basic rubber banding support
-        <rdar://problem/8219429>
-        https://bugs.webkit.org/show_bug.cgi?id=53277
-
-        * wtf/Platform.h: Add ENABLE for rubber banding.
-
-2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r76893.
-        http://trac.webkit.org/changeset/76893
-        https://bugs.webkit.org/show_bug.cgi?id=53287
-
-        It made some tests crash on GTK and Qt debug bots (Requested
-        by Ossy on #webkit).
-
-        * runtime/WeakGCMap.h:
-
-2011-01-27  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add WTFString method to compare equality with Vector<UChar>
-        https://bugs.webkit.org/show_bug.cgi?id=53266
-
-        I'm planning to use this method in the new XSS filter implementation,
-        but it seems generally useful.
-
-        * wtf/text/StringImpl.h:
-        (WTF::equalIgnoringNullity):
-        * wtf/text/WTFString.h:
-        (WTF::equalIgnoringNullity):
-
-2011-01-27  Michael Saboff  <msaboff@apple.com>
-
-        Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
-        https://bugs.webkit.org/show_bug.cgi?id=53271
-
-        Added new isValid() methods to check if a contained object in
-        a WeakGCMap is valid when using an unchecked iterator.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::isValid):
-
-2011-01-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add events to represent the start/end of a gesture scroll
-        https://bugs.webkit.org/show_bug.cgi?id=53215
-
-        * wtf/Platform.h: Add ENABLE for gesture events. 
-
-2011-01-26  Yael Aharon  <yael.aharon@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt][Symbian] Fix --minimal build
-        https://bugs.webkit.org/show_bug.cgi?id=52839
-
-        Move definition of USE_SYSTEM_MALLOC out of pri file.
-        Put it in platform.h instead.
-
-        * wtf/Platform.h:
-        * wtf/TCSystemAlloc.cpp:
-        * wtf/wtf.pri:
-
-2011-01-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        [WINCE] Add JIT support to build system
-        https://bugs.webkit.org/show_bug.cgi?id=53079
-
-        * CMakeListsWinCE.txt:
-
-2011-01-25  Adam Roben  <aroben@apple.com>
-
-        Windows Production build fix
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Set BUILDSTYLE to Release_PGO at the very start
-        of the file so that ConfigurationBuildDir takes that into account. Also set it the right way
-        (by redefining the macro) rather than the wrong way (by modifying the environment variable).
-
-2011-01-25  Steve Falkenburg  <sfalken@apple.com>
-
-        Rubber-stamped by Adam Roben.
-
-        Windows production build fix.
-        Use correct environment variable escaping
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2011-01-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JSON.stringify processing time exponentially grows with size of object
-        https://bugs.webkit.org/show_bug.cgi?id=51922
-
-        Remove last use of reserveCapacity from JSON stringification, as it results
-        in appalling append behaviour when there are a large number of property names
-        and nothing else.
-
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendQuotedString):
-
-2011-01-25  Antti Koivisto  <antti@apple.com>
-
-        Not reviewed.
-        
-        Try to fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-01-25  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESSION: Leak in JSParser::Scope::copyCapturedVariablesToVector()
-        https://bugs.webkit.org/show_bug.cgi?id=53061
-         
-        Cache did not know about the subclass so failed to fully delete the items. 
-        Got rid of the subclass and moved the classes to separate files.
-
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::saveFunctionInfo):
-        (JSC::JSParser::Scope::restoreFunctionInfo):
-        (JSC::JSParser::findCachedFunctionInfo):
-        (JSC::JSParser::parseFunctionInfo):
-        * parser/SourceProvider.h:
-        * parser/SourceProviderCache.cpp: Added.
-        (JSC::SourceProviderCache::~SourceProviderCache):
-        (JSC::SourceProviderCache::byteSize):
-        * parser/SourceProviderCache.h: Added.
-        (JSC::SourceProviderCache::SourceProviderCache):
-        (JSC::SourceProviderCache::add):
-        (JSC::SourceProviderCache::get):
-        * parser/SourceProviderCacheItem.h: Added.
-        (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
-        (JSC::SourceProviderCacheItem::approximateByteSize):
-        (JSC::SourceProviderCacheItem::closeBraceToken):
-
-2011-01-25  Marcilio Mendonca  <mamendonca@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 53087: Refactoring: replaced a hanging "else" with a "return"
-        statement
-        https://bugs.webkit.org/show_bug.cgi?id=53087.
-
-        Refactoring work: Replaced a hanging "else" within an #if PLATFORM(M
-        with a "return" so that the code is more readable and less error pro
-        (e.g., "else" doesn't use braces so adding extra lines to the else
-        block won't have any effect; even worse, code still compiles
-        successfully.
-
-        * wtf/Assertions.cpp:
-
-2011-01-24  Chris Marrin  <cmarrin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Change ENABLE_3D_CANVAS to ENABLE_WEBGL
-        https://bugs.webkit.org/show_bug.cgi?id=53041
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-01-25  Adam Roben  <aroben@apple.com>
-
-        Windows Production build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Added a missing "set".
-
-2011-01-25  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add missing defines for COMPILER(RVCT) && CPU(ARM_THUMB2)
-        https://bugs.webkit.org/show_bug.cgi?id=52949
-
-        * jit/JITStubs.cpp:
-
-2011-01-24  Adam Roben  <aroben@apple.com>
-
-        Windows Production build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Update for move of JavaScriptCore into Source.
-
-2011-01-24  Peter Varga  <pvarga@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Optimize regex patterns which contain empty alternatives
-        https://bugs.webkit.org/show_bug.cgi?id=51395
-
-        Eliminate the empty alternatives from the regex pattern and convert it to do
-        the matching in an easier way.
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
-
-2011-01-24  Andras Becsi  <abecsi@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt] Move project files into Source
-        https://bugs.webkit.org/show_bug.cgi?id=52891
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-        * jsc.pro:
-
-2011-01-23  Mark Rowe  <mrowe@apple.com>
-
-        Follow-up to r76477.
-
-        Fix the scripts that detect problematic code such as static initializers
-        and destructors, weak vtables, inappropriate files in the framework wrappers,
-        and public headers including private headers. These had all been broken
-        since the projects were moved in to the Source directory as the paths to the
-        scripts were not updated at that time.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-01-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Use WTF::StringHasher in WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=52934
-
-        Add an additional function to calculate the hash
-        of data with a runtimedependent size.
-
-        * wtf/StringHasher.h:
-        (WTF::StringHasher::createBlobHash):
-
-2011-01-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Fix comment in String::ascii()
-        https://bugs.webkit.org/show_bug.cgi?id=52980
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::ascii):
-
-2011-01-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Add String::containsOnlyLatin1()
-        https://bugs.webkit.org/show_bug.cgi?id=52979
-
-        * wtf/text/WTFString.h:
-        (WTF::String::containsOnlyLatin1):
-        (WTF::charactersAreAllLatin1):
-
-2011-01-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Remove obsolete JSVALUE32 code
-        https://bugs.webkit.org/show_bug.cgi?id=52948
-
-        r70111 removed support for JSVALUE32.
-        ARM, MIPS and X86 support JSVALUE32_64 only.
-
-        * jit/JITStubs.cpp:
-
-2011-01-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        ASSERT running run-webkit-tests --threaded.
-        https://bugs.webkit.org/show_bug.cgi?id=52971
-        
-        SunSpider and v8 report no change.
-
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeSet::grow):
-        (JSC::ConservativeSet::add):
-        * runtime/ConservativeSet.h: Tweaked the inline capacity to 128, and
-        the growth policy to 2X, to make SunSpider and v8 happy.
-        (JSC::ConservativeSet::ConservativeSet):
-        (JSC::ConservativeSet::~ConservativeSet):
-        (JSC::ConservativeSet::mark): Use OSAllocator directly, instead of malloc.
-        Malloc is forbidden during a multi-threaded mark phase because it can
-        cause deadlock.
-
-2011-01-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        A few of Maciej's review suggestions for my last patch.
-        https://bugs.webkit.org/show_bug.cgi?id=52946        
-
-        SunSpider reports no change.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Updated build systems.
-
-        * runtime/ConservativeSet.cpp: Added.
-        (JSC::isPointerAligned):
-        (JSC::ConservativeSet::add):
-        * runtime/ConservativeSet.h: Added.
-        (JSC::ConservativeSet::ConservativeSet):
-        (JSC::ConservativeSet::mark): Split ConservativeSet out into its own
-        file, and moved the conservative check into ConservativeSet::add, making
-        ConservativeSet's responsibility clearer.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/MachineStackMarker.cpp:
-        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
-        (JSC::MachineStackMarker::markOtherThreadConservatively):
-        * runtime/MachineStackMarker.h:
-        * runtime/MarkStack.h: Updated for changes above.
-
-2011-01-22  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed WinCE build fix for r76430.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::swapIfBackwards):
-
-2011-01-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Reorganized MarkedSpace, making many of its functions private.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::Heap::heap):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::globalData):
-        (JSC::MarkedSpace::heap):
-
-2011-01-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix build: moved helper function out of #ifdef.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::swapIfBackwards):
-
-2011-01-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by Maciej Stachowiak.
-
-        A few of Maciej's review suggestions for my last patch.
-        https://bugs.webkit.org/show_bug.cgi?id=52946        
-
-        SunSpider reports no change.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::swapIfBackwards): Added a helper function for handling platforms
-        where the stack can grow in any direction.
-
-        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
-        (JSC::MachineStackMarker::markOtherThreadConservatively): Use the helper
-        function.
-
-        (JSC::isPointerAligned): Use "!" instead of "==0" because a robot told me to.
-
-        (JSC::MachineStackMarker::markConservatively): Changed to use a more
-        standard looping idiom, and to use the helper function above.
-
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::isCellAligned): Use "!" instead of "==0" because a robot told me to.
-
-2011-01-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Cleaned up some conservative marking code.
-        https://bugs.webkit.org/show_bug.cgi?id=52946
-        
-        SunSpider reports no change.
-
-        * interpreter/RegisterFile.h: No need for a special marking function,
-        since we already expose a start() and end().
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::registerFile):
-        (JSC::Heap::markRoots):
-        * runtime/Heap.h:
-        (JSC::Heap::contains): Migrated markConservatively() to the machine stack
-        marker class. Now, Heap just provides a contains() function, which the
-        machine stack marker uses for checking whether a pointer points into the heap.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
-        (JSC::MachineStackMarker::markOtherThreadConservatively):
-        (JSC::isPointerAligned):
-        (JSC::MachineStackMarker::markConservatively):
-        * runtime/MachineStackMarker.h: Move the conservative marking code here.
-
-        * runtime/MarkStack.h:
-        (JSC::ConservativeSet::add):
-        (JSC::ConservativeSet::mark): Changed to using a vector instead of hash
-        set. Vector seems to be a bit faster, and it generates smaller code.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::containsSlowCase):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::isCellAligned):
-        (JSC::MarkedSpace::isPossibleCell):
-        (JSC::MarkedSpace::contains): Kept the code for determining whether a
-        pointer pointed into marked space, and moved the code for marking
-        a set of conservative pointers into the machine stack marker.
-
-        * wtf/HashSet.h:
-        (WTF::::add): Added two missing inlines that I noticed while testing
-        vector vs hash set.
-
-2011-01-21  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Work around a Clang bug <rdar://problem/8876150> that leads to it incorrectly emitting an access
-        control warning when a client tries to use operator bool exposed above via "using PageBlock::operator bool".
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::operator bool):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::operator bool):
-
-2011-01-21  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        [RegexFuzz] Hang with forward assertion
-        https://bugs.webkit.org/show_bug.cgi?id=52825
-        <rdar://problem/8894332>
-
-        The backtrackTo label from the first term in a list of terms is
-        being overwritten by processing of subsequent terms.  Changed
-        copyBacktrackToLabel() to check for an existing bcaktrackTo label
-        before copying and renamed it to propagateBacktrackToLabel() since
-        it no longer copies.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::propagateBacktrackToLabel):
-        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
-
-2011-01-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Moved the mark stack from global data to the heap, since it pertains
-        to the heap, and not the virtual machine as a whole.
-        https://bugs.webkit.org/show_bug.cgi?id=52930
-        
-        SunSpider reports no change.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::markRoots):
-        * runtime/Heap.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-
-2011-01-21  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION(r76177): All JavaScriptCore tests fail on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=52814
-
-        Get the approximateByteSize value before releasing the OwnPtr.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseFunctionInfo):
-
-2011-01-21  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Remove unnecessary <stdio.h> include
-        https://bugs.webkit.org/show_bug.cgi?id=52884
-
-        * jit/JIT.cpp: remove unnecessary include.
-
-2011-01-20  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        Added OwnPtrCommon.h because OwnArrayPtr::set calls deleteOwnedPtr.
-
-        * wtf/OwnArrayPtr.h:
-
-2011-01-20  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        [WINCE] Remove obsolete JSVALUE32 code
-        https://bugs.webkit.org/show_bug.cgi?id=52450
-
-        Remove the "offset hack" in create_jit_stubs, since we
-        only support JSVALUE32_64 in the meantime.
-
-        * create_jit_stubs: Removed offset argument
-        * jit/JITStubs.cpp:
-
-2011-01-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        When marking conservatively, guard against reviving dead objects.
-        https://bugs.webkit.org/show_bug.cgi?id=52840
-        
-        SunSpider and v8 say no change.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::markCallFrames): Updated to use the ConservativeSet API.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::recordExtraCost): No need to guard against conservative
-        marking reviving dead objects anymore, since the conservative marking
-        mechanism guards against this now.
-
-        (JSC::Heap::markConservatively):
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors): Don't drain the mark stack inside a
-        marking function. We want to establish a separation of concerns between
-        visiting roots and draining the mark stack.
-
-        (JSC::Heap::markRoots): Gather the set of conservative references before
-        clearning mark bits, because conservative marking now uses the mark bits
-        to determine if a reference is valid, and avoid reviving dead objects.
-
-        (JSC::Heap::collectAllGarbage): No need to guard against conservative
-        marking reviving dead objects anymore, since the conservative marking
-        mechanism guards against this now.
-
-        * runtime/Heap.h: Updated to use the ConservativeSet API.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
-        (JSC::MachineStackMarker::markCurrentThreadConservatively):
-        (JSC::MachineStackMarker::markOtherThreadConservatively):
-        (JSC::MachineStackMarker::markMachineStackConservatively):
-        * runtime/MachineStackMarker.h: Ditto.
-
-        * runtime/MarkStack.h:
-        (JSC::ConservativeSet::add):
-        (JSC::ConservativeSet::mark): Added ConservativeSet, for gathering the
-        set of conservative references. This is different from MarkStack, since
-        we don't mark the set until it is completely gathered.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::freeBlock):
-        (JSC::MarkedSpace::resizeBlocks):
-        (JSC::MarkedSpace::markConservatively):
-        * runtime/MarkedSpace.h: When marking conservatively, guard against
-        reviving dead objects.
-
-2011-01-20  Siddharth Mathur  <siddharth.mathur@nokia.com>
-
-        Reviewed by Geoffrey Garen.
-
-        [Symbian] Fix StackBounds::initialize()
-        https://bugs.webkit.org/show_bug.cgi?id=52842
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize): Use TThreadStackInfo.iLimit for stack limit
-
-2011-01-20  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
-        https://bugs.webkit.org/show_bug.cgi?id=52773
-
-        Fixed case where an existing DataLabelPtr is overwritten.  The
-        replacing DataLabelPtr is now resolved immediately in
-        linkDataLabelToBacktrackIfExists().  Cleanup - eliminated bool
-        return value for the routine as it was never used.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
-
-2011-01-20  Andras Becsi  <abecsi@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt][WK2] WebKit2 enabled build fails to link
-
-        Work around undefined reference linking issues until the buildsystem gets redesigned.
-        These issues first occured in minimal builds (see BUG 50519).
-
-        * JavaScriptCore.pri: link as whole-archive for WebKit2 builds
-
-2011-01-20  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Refactoring of the custom allocation framework
-        https://bugs.webkit.org/show_bug.cgi?id=49897
-
-        Inheriting from FastAllocBase can result in objects getting larger (bug #33896, #46589).
-        The modification replaces Noncopyable and FastAllocBase classes and these inherits with their
-        equivalent macro implementation at the necessary places.
-
-        * wtf/FastAllocBase.h: Turn FastAllocBase's implementation into a macro.
-
-2011-01-20  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Follow-up to r75766 / <rdar://problem/5469576>.
-
-        We were failing to initialize the key, causing all sorts of unexpected behavior.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::setThreadHeap):
-        (WTF::TCMalloc_ThreadCache::GetThreadHeap):
-        (WTF::TCMalloc_ThreadCache::InitTSD): Ensure that the key is initialized.
-
-2011-01-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Rolled back in r76078, with crash fixed.
-        https://bugs.webkit.org/show_bug.cgi?id=52668
-        
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::markChildren): Account for the fact that the global
-        object moves its variables into and out of the register file. While out
-        of the register file, the symbol table's size is not an accurate count
-        for the size of the register array, since the BytecodeGenerator might
-        be compiling, adding items to the symbol table.
-        
-2011-01-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Stack overflow when converting an Error object to string
-        https://bugs.webkit.org/show_bug.cgi?id=46410
-
-        * Android.mk: Added StringRecursionChecker.cpp and
-        StringRecursionChecker.h.
-        * CMakeLists.txt: Ditto.
-        * GNUmakefile.am: Ditto.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.pro: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString): Use StringRecursionChecker instead
-        of the older hand-written code to do the same thing.
-        (JSC::arrayProtoFuncToLocaleString): Ditto.
-        (JSC::arrayProtoFuncJoin): Ditto.
-
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString): Use StringRecursionChecker.
-
-        * runtime/JSGlobalData.h: Renamed arrayVisitedElements to
-        stringRecursionCheckVisitedObjects.
-
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString): Use StringRecursionChecker.
-
-        * runtime/StringRecursionChecker.cpp: Added.
-        * runtime/StringRecursionChecker.h: Added.
-
-2011-01-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove non-spec support for callable RegExp
-        https://bugs.webkit.org/show_bug.cgi?id=28285
-
-        Remove support for callable regexps.  If it breaks sites we can
-        just roll this out.
-
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpObject.h:
-        * tests/mozilla/expected.html: update results.
-
-2011-01-19  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Cache function offsets to speed up javascript parsing
-        https://bugs.webkit.org/show_bug.cgi?id=52622
-        
-        Use cache to save function offsets and some other info.
-        This avoids quite a bit of work when reparsing the source.
-
-        * parser/ASTBuilder.h:
-        * parser/JSParser.cpp:
-        (JSC::JSParser::CachedFunctionInfo::CachedFunctionInfo):
-        (JSC::JSParser::CachedFunctionInfo::approximateByteSize):
-        (JSC::JSParser::CachedFunctionInfo::closeBraceToken):
-        (JSC::JSParser::Scope::copyCapturedVariablesToVector):
-        (JSC::JSParser::Scope::saveFunctionInfo):
-        (JSC::JSParser::Scope::restoreFunctionInfo):
-        (JSC::JSParser::findCachedFunctionInfo):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseFunctionInfo):
-        * parser/Lexer.h:
-        (JSC::Lexer::setOffset):
-        (JSC::Lexer::setLineNumber):
-        (JSC::Lexer::sourceProvider):
-        * parser/SourceProvider.h:
-        (JSC::SourceProviderCache::SourceProviderCache):
-        (JSC::SourceProviderCache::~SourceProviderCache):
-        (JSC::SourceProviderCache::byteSize):
-        (JSC::SourceProviderCache::add):
-        (JSC::SourceProviderCache::get):
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::SourceProvider::~SourceProvider):
-        (JSC::SourceProvider::cache):
-        (JSC::SourceProvider::notifyCacheSizeChanged):
-        (JSC::SourceProvider::cacheSizeChanged):
-        * parser/SyntaxChecker.h:
-
-2011-01-19  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Follow-up to r75766 / <rdar://problem/5469576>.
-
-        * DerivedSources.make: Evaluate the SDKROOT variable correctly.
-
-2011-01-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [jsfunfuzz] Defining a function called __proto__ inside an eval triggers an assertion
-        https://bugs.webkit.org/show_bug.cgi?id=52672
-
-        Rather than coming up with a somewhat convoluted mechanism to ensure that
-        developers can override the global objects prototype with a function named
-        __proto__ and expect it to work, we just disallow it at the syntax level.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseFunctionInfo):
-
-2011-01-19  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/8882994> Regression: Simple nested backtrack hangs
-        https://bugs.webkit.org/show_bug.cgi?id=52675
-
-        The changeset (r76076) for https://bugs.webkit.org/show_bug.cgi?id=52540
-        broke simple backtracking in some cases.  Reworked that change to 
-        link both jumps and labels.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::hasBacktrackToLabel):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::propagateBacktrackingFrom):
-        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
-
-2011-01-19  Pavel Podivilov  <podivilov@chromium.org>
-
-        Reviewed by Yury Semikhatsky.
-
-        Web Inspector: [JSC] scripts have incorrect starting line (always 1).
-        https://bugs.webkit.org/show_bug.cgi?id=52721
-
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * debugger/Debugger.h:
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * parser/SourceCode.h:
-        (JSC::SourceCode::SourceCode):
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::startPosition):
-
-2011-01-19  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Laszlo Gombos and Tor Arne Vestbø.
-
-        [Qt] Remove unnecessary "../Source" from paths
-        after moving source files into Source is finished.
-
-        * JavaScriptCore.pri:
-
-2011-01-19  Benjamin Kalman  <kalman@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Don't return void from void function String::split
-        https://bugs.webkit.org/show_bug.cgi?id=52684
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::split):
-
-2011-01-18  Kenneth Russell  <kbr@google.com>
-
-        Unreviewed, rolling out r76078.
-        http://trac.webkit.org/changeset/76078
-        https://bugs.webkit.org/show_bug.cgi?id=52668
-
-        Caused crashes of fast/canvas/webgl/constants.html,
-        fast/canvas/webgl/gl-enum-tests.html, and possibly other layout
-        test crashes in Release mode. WebGL crashes were observed with
-        "run-webkit-tests fast/canvas/webgl". It was necessary to run
-        multiple tests to provoke the crash.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::markGlobals):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::markChildren):
-
-2011-01-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [jsfunfuzz] Assertion asking activation for arguments when arguments is overridden
-        https://bugs.webkit.org/show_bug.cgi?id=52690
-
-        Clean up code to retrieve arguments from activation and function objects.
-        Remove the incorrect assertion from JSActivation's argumentsGetter.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveArguments):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-
-2011-01-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Removed RegisterFile::markGlobals because it was obtuse, and it
-        unnecessarily relied on conservative marking.
-        https://bugs.webkit.org/show_bug.cgi?id=52668
-
-        * interpreter/RegisterFile.h: Removed markGlobals.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren): Added a comment explaning why some
-        JSActivations don't always mark their registers arrays.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::markChildren): Instead of calling markGlobals, mark
-        the registers array directly.
-
-2011-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/8875432> Regression: Some text-only e-mails cause hang beneath RegExp::match (52540)
-        https://bugs.webkit.org/show_bug.cgi?id=52540
-        https://bugs.webkit.org/show_bug.cgi?id=52662
-
-        Directly use backtrack label with parentheses nested under a
-        non-capturing parentheses.  Also linked current parentheses
-        tail code object for possible parens nested within a non-capturing
-        parentheses.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::linkBacktrackToLabel):
-        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
-
-2011-01-18  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Only use moving memory model assumption in ExecutableAllocator::intializePageSize() for Symbian OS
-        https://bugs.webkit.org/show_bug.cgi?id=52517
-
-        Patch by David Tapuska
-
-        Currently, we compile code with respect to the Symbian-specific moving memory model
-        assumption for all ARMv5 or lower architectures. Instead, we should only compile
-        such code when building for Symbian OS on those architectures because this model
-        is Symbian-specific.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::intializePageSize):
-
-2011-01-18  Dimitry Andric  <dim@freebsd.org>
-
-        Reviewed by Andreas Kling.
-
-        Fix linking JavaScriptCore on FreeBSD/amd64
-        https://bugs.webkit.org/show_bug.cgi?id=52591
-
-        Linking of JavaScriptCore on FreeBSD/amd64 fails, for the same reason as
-        in bug 28422: cti_vm_throw needs a "@plt" suffix, otherwise the linker
-        complains about the relocation type.
-
-        * jit/JITStubs.cpp: use @plt suffix on x86_64 platforms, for both Linux
-        and FreeBSD.
-
-2011-01-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Antti Koivisto.
-
-        [jsfunfuzz] Assertion in codegen for array of NaN constants
-        https://bugs.webkit.org/show_bug.cgi?id=52643
-
-        Don't cache NaN literals in the code generator, as NaN doesn't compare
-        as equal to itself it causes problems when rehashing the number cache.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-
-2011-01-17  Jarred Nicholls  <jarred@sencha.com>
-
-        Reviewed by Csaba Osztrogonác.
-
-        REGRESSION(r75709): Return value of fscanf() shouldn't be ignored.
-        https://bugs.webkit.org/show_bug.cgi?id=52585
-        
-        gcc 4.4.4+ has warn_unused_value attribute on fscanf, so we should check
-        the return value to get around the gcc warning
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::maybeModifyVMPoolSize):
-
-2011-01-17  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        [regexfuzz] Crash running regex with lookahead
-        https://bugs.webkit.org/show_bug.cgi?id=52548
-
-        Eliminated agressive chaining of backtracks.  This code was overwriting
-        already valid backtrack information.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::processBacktracks):
-
-2011-01-17  Tony Gentilcore  <tonyg@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fix some headers with missing or misspelled #ifndef guards
-        https://bugs.webkit.org/show_bug.cgi?id=52545
-
-        * wtf/RefPtrHashMap.h:
-
-2011-01-17  Dan Bernstein  <mitz@apple.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Update xcodeproj svn:ignore to include xcuserdata.
-
-        * JavaScriptCore.xcodeproj: Modified property svn:ignore.
-
-2011-01-16  Adam Barth  <abarth@webkit.org>
-
-        Rubber-stamped by Eric Seidel.
-
-        Move WebKit into Source
-        https://bugs.webkit.org/show_bug.cgi?id=52530
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-01-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        [jsfunfuzz] Parser doesn't correctly validate for-loop syntax
-        https://bugs.webkit.org/show_bug.cgi?id=52516
-
-        Ensure that we always check for a semicolon after encountering
-        multiple declarations in the initialiser portion of a for-loop.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseForStatement):
-
-2011-01-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Strict mode restrictions on arguments and eval usage aren't complete
-        https://bugs.webkit.org/show_bug.cgi?id=52528
-
-        Fix a few bugs in strict mode where we incorrect allow mutation of
-        arguments and eval in the parser.
-
-        Alas the "optimisation" used by the syntax checker for validating
-        binary and unary expressions was too aggressive: we do actually need
-        a stack for operations and operands although it needn't be as complete
-        as that used for the full AST builder.
-
-        Also disallow assignment to arguments in all cases as allowing arguments
-        to be assignable is always an error in strict mode, regardless of context.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::BinaryExprContext::BinaryExprContext):
-        (JSC::ASTBuilder::UnaryExprContext::UnaryExprContext):
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseAssignmentExpression):
-        (JSC::JSParser::parseBinaryExpression):
-        (JSC::JSParser::parseUnaryExpression):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::BinaryExprContext::BinaryExprContext):
-        (JSC::SyntaxChecker::BinaryExprContext::~BinaryExprContext):
-        (JSC::SyntaxChecker::UnaryExprContext::UnaryExprContext):
-        (JSC::SyntaxChecker::UnaryExprContext::~UnaryExprContext):
-        (JSC::SyntaxChecker::appendBinaryExpressionInfo):
-        (JSC::SyntaxChecker::operatorStackPop):
-
-2011-01-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Rolled back in r75886.
-        https://bugs.webkit.org/show_bug.cgi?id=52527
-        
-        r75886 broke the GTK Linux bot because Linux was -- quite surprisingly --
-        set up to use the constants for embedded devices.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::maybeModifyVMPoolSize): Separated Linux constants from embedded
-        constants.
-
-2011-01-15  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r75886.
-        http://trac.webkit.org/changeset/75886
-        https://bugs.webkit.org/show_bug.cgi?id=52526
-
-        "Broke GTK+ 64bit" (Requested by xan_ on #webkit).
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-
-2011-01-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/8870429> Shrink the executable pool on embedded devices
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp: Dropped the pool size from 32MB
-        to 16MB.
-
-2011-01-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Incorrect behavior changing attributes of an accessor
-        https://bugs.webkit.org/show_bug.cgi?id=52515
-
-        defineProperty doesn't correctly handle changing attributes of an accessor
-        property.  This is because we don't pass the full descriptor to the 
-        putDescriptor helper function, which means we have insufficient information
-        to do the right thing. Once that's passed the correct behavior is relatively
-        simple to implement.
-
-        * runtime/JSObject.cpp:
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-
-2011-01-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        [jsfunfuzz] Incorrect handling of consecutive duplicate labels
-        https://bugs.webkit.org/show_bug.cgi?id=52505
-
-        Compare StringImpl*'s instead of Identifier*'s when looking for duplicate
-        labels.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseExpressionOrLabelStatement):
-
-2011-01-14  Simon Fraser  <simon.fraser@apple.com>
-
-        No review.
-        
-        Initialize m_operationInProgress after r75855.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-
-2011-01-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reverted accidentally committed code from my last checkin.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots):
-
-2011-01-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-        
-        Try to fix the GTK bot.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::markRoots): Kids, remember to initialize your data members.
-        Knowing is half the battle.
-
-2011-01-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Stephanie Lewis.
-
-        [jsfunfuzz] We should be clearing the lexers temporary character buffers when switching to strict mode
-        https://bugs.webkit.org/show_bug.cgi?id=52501
-
-        Clear the temporary character buffers used for reading escaped characters and
-        numbers.
-
-        * parser/Lexer.h:
-        (JSC::Lexer::setOffset):
-
-2011-01-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix non-Dtrace builds: #include Tracing.h instead of TracingDtrace.h.
-
-        * runtime/Heap.cpp:
-
-2011-01-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Split out a MarkedSpace strategy object from Heap.
-        https://bugs.webkit.org/show_bug.cgi?id=52421
-        
-        SunSpider reports no change.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Updated our 7 build systems. Which is cool.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::recordExtraCost):
-        (JSC::Heap::allocate):
-        (JSC::Heap::markConservatively):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::statistics):
-        (JSC::Heap::size):
-        (JSC::Heap::isBusy):
-        (JSC::Heap::collectAllGarbage):
-        (JSC::Heap::primaryHeapBegin):
-        (JSC::Heap::primaryHeapEnd):
-        * runtime/Heap.h:
-        (JSC::Heap::globalData):
-        (JSC::Heap::markedSpace):
-        (JSC::Heap::isCellMarked):
-        (JSC::Heap::checkMarkCell):
-        (JSC::Heap::markCell): Moved all code pertaining to managing chunks of
-        collector memory out of this class. Heap now just delegates to MarkedSpace.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::Heap::heap): Updated for MarkedSpace delegation.
-
-        * runtime/JSValue.h: Moved the ValueStringPair typedef to help with #includes.
-
-        * runtime/MarkedSpace.cpp: Copied from runtime/Heap.cpp.
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::destroy):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::freeBlock):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::resizeBlocks):
-        (JSC::MarkedSpace::growBlocks):
-        (JSC::MarkedSpace::shrinkBlocks):
-        (JSC::MarkedSpace::markConservatively):
-        (JSC::MarkedSpace::clearMarkBits):
-        (JSC::MarkedSpace::markedCells):
-        (JSC::MarkedSpace::sweep):
-        (JSC::MarkedSpace::objectCount):
-        (JSC::MarkedSpace::addToStatistics):
-        (JSC::MarkedSpace::statistics):
-        (JSC::MarkedSpace::size):
-        (JSC::MarkedSpace::reset):
-        (JSC::MarkedSpace::primaryHeapBegin):
-        (JSC::MarkedSpace::primaryHeapEnd):
-        * runtime/MarkedSpace.h: Copied from runtime/Heap.h.
-        (JSC::MarkedSpace::globalData):
-        (JSC::MarkedSpace::didShrink):
-        (JSC::MarkedSpace::cellBlock):
-        (JSC::MarkedSpace::cellOffset):
-        (JSC::MarkedSpace::isCellMarked):
-        (JSC::MarkedSpace::checkMarkCell):
-        (JSC::MarkedSpace::markCell): Moved all code pertaining to managing chunks of
-        collector memory into this class.
-
-        * runtime/MemoryStatistics.cpp:
-        (JSC::heapStatistics):
-        * runtime/MemoryStatistics.h: Updated for MarkedSpace delegation.
-
-2011-01-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [jsfunfuzz] parser doesn't enforce continue restrictions correctly.
-        https://bugs.webkit.org/show_bug.cgi?id=52493
-
-        This patch reworks handling of break, continue and label statements
-        to correctly handle all the valid and invalid cases.  Previously certain
-        errors would be missed by the parser in strict mode, but the bytecode 
-        generator needed to handle those cases for non-strict code so nothing
-        failed, it simply became non-standard behaviour.
-
-        Now that we treat break and continue errors as early faults in non-strict
-        mode as well that safety net has been removed so the parser bugs result in
-        crashes at codegen time.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::ScopeLabelInfo::ScopeLabelInfo):
-        (JSC::JSParser::next):
-        (JSC::JSParser::nextTokenIsColon):
-        (JSC::JSParser::continueIsValid):
-            Continue is only valid in loops so we can't use breakIsValid()
-        (JSC::JSParser::pushLabel):
-            We now track whether the label is for a loop (and is therefore a
-            valid target for continue.
-        (JSC::JSParser::popLabel):
-        (JSC::JSParser::getLabel):
-            Replace hasLabel with getLabel so that we can validate the target
-            when parsing continue statements.
-        (JSC::JSParser::Scope::continueIsValid):
-        (JSC::JSParser::Scope::pushLabel):
-        (JSC::JSParser::Scope::getLabel):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseBreakStatement):
-        (JSC::JSParser::parseContinueStatement):
-        (JSC::LabelInfo::LabelInfo):
-        (JSC::JSParser::parseExpressionOrLabelStatement):
-            Consecutive labels now get handled iteratively so that we can determine
-            whether they're valid targets for continue.
-        * parser/Lexer.cpp:
-        (JSC::Lexer::nextTokenIsColon):
-        * parser/Lexer.h:
-        (JSC::Lexer::setOffset):
-
-2011-01-14  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Use the Windows thread pool instead of an extra thread for FastMalloc scavenging
-        https://bugs.webkit.org/show_bug.cgi?id=45186
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scheduleScavenger): Added missing this pointer to CreateTimerQueueTimer().
-
-2011-01-14  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Use the Windows thread pool instead of an extra thread for FastMalloc scavenging
-        https://bugs.webkit.org/show_bug.cgi?id=45186
-
-        r75819 accidentally changed the initial state of the scavenge timer.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::initializeScavenger): Changed initial state of m_scavengingSuspended to true.
-
-2011-01-14  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed Windows Release build fix.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavengerTimerFired):
-
-2011-01-14  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed Windows Release build fix.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavengerTimerFired):
-
-2011-01-14  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Use the Windows thread pool instead of an extra thread for FastMalloc scavenging
-        https://bugs.webkit.org/show_bug.cgi?id=45186
-
-        Use CreateTimerQueueTimer() to start periodicScavenge() and stop it with DeleteTimerQueueTimer().
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::initializeScavenger):
-        (WTF::TCMalloc_PageHeap::isScavengerSuspended):
-        (WTF::TCMalloc_PageHeap::scheduleScavenger):
-        (WTF::TCMalloc_PageHeap::rescheduleScavenger):
-        (WTF::TCMalloc_PageHeap::suspendScavenger):
-        (WTF::scavengerTimerFired):
-        (WTF::TCMalloc_PageHeap::periodicScavenge):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-
-2011-01-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Align import/export directives
-        https://bugs.webkit.org/show_bug.cgi?id=52208
-
-        * API/JSBase.h: Align import/export directives with
-        WebKit2/Shared/API/c/WKBase.h
-
-2011-01-14  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Incorrect backtracking for nested alternatives
-        https://bugs.webkit.org/show_bug.cgi?id=52387
-
-        In the process of propigating a datalabel it wasn't getting connected
-        to a destination when the destination was an indirect jump.  Added
-        code to recognize a direct backtrack destination that was an indirect
-        jump and added mechanism to associate DataLabelPtrs with indirect
-        jump entries.
-        Removed dead method
-        BacktrackDestination::linkDataLabelToHereIfExists()
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::IndirectJumpEntry::IndirectJumpEntry):
-        (JSC::Yarr::YarrGenerator::IndirectJumpEntry::addDataLabel):
-        (JSC::Yarr::YarrGenerator::GenerationState::addIndirectJumpEntry):
-        (JSC::Yarr::YarrGenerator::GenerationState::emitIndirectJumpTable):
-        Changes to link indirect jumps with DataLabelPtr's.
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::clearSubDataLabelPtr):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists): 
-        Updated to handle immediate linking of indirect jumps to
-        DataLabelPtr.
-        (JSC::Yarr::YarrGenerator::generateParenthesesDisjunction): Changed to
-        reflect updated linkDataLabelToBacktrackIfExists().
-
-2011-01-14  Pavel Podivilov  <podivilov@chromium.org>
-
-        Reviewed by Yury Semikhatsky.
-
-        Web Inspector: provide script column offset to frontend.
-        https://bugs.webkit.org/show_bug.cgi?id=52377
-
-        * parser/SourceCode.h:
-        (JSC::SourceCode::SourceCode):
-        (JSC::SourceCode::firstColumn):
-
-2011-01-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/5469576> Use __PTK_FRAMEWORK_JAVASCRIPTCORE_KEY0 if available.
-
-        * DerivedSources.make: Create a header file, HeaderDetection.h, that tells
-        us whether pthread_machdep.h is available.
-        * wtf/FastMalloc.cpp: If __PTK_FRAMEWORK_JAVASCRIPTCORE_KEY0 is available, then
-        don't do the pthread_getspecific_function_pointer trick.
-        (WTF::setThreadHeap): Ditto, but set thread-specific data.
-        (WTF::TCMalloc_ThreadCache::GetThreadHeap): Ditto, but get rather than set.
-
-2011-01-13  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
-        https://bugs.webkit.org/show_bug.cgi?id=42756
-
-        The FixedVMPool Allocator does not work well on systems where
-        allocating very large amounts of memory upfront is not reasonable,
-        like Linux without overcommit enabled. As a workaround, on Linux,
-        default to the values used in embedded environments (in the MB
-        range), and only jump to the GB range if we detect at runtime that
-        overcommit is enabled. Should fix crashes on Linux/x86_64 with
-        less than 3 or 4GB of RAM.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::free): use new variables for VM pool
-        size and coalesce limit.
-        (JSC::ExecutableAllocator::isValid): swap the variables from
-        embedded to generic values at runtime, on linux, if overcommit is
-        enabled.
-        (JSC::ExecutableAllocator::underMemoryPressure): use new variables
-        for VM pool size and coalesce limit.
-
-2011-01-12  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Add new Yarr.h header to the list file.
-
-        * GNUmakefile.am: ditto.
-
-2011-01-12  Martin Robinson  <mrobinson@igalia.com>
-
-        Missing Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h in WebKitGtk tarball
-        https://bugs.webkit.org/show_bug.cgi?id=52299
-
-        * GNUmakefile.am: Fix the GTK+ build on ARMv7 by including missing source
-        files in the source list.
-
-2011-01-12  Peter Varga  <pvarga@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Add Yarr.h to YARR
-        https://bugs.webkit.org/show_bug.cgi?id=51021
-
-        Move other common constants and functions from YARR's different files
-        to Yarr.h.
-        Use Yarr.h header instead of including other YARR headers where it
-        is possible.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RegExp.cpp:
-        * yarr/Yarr.h: Added.
-        * yarr/YarrInterpreter.cpp:
-        * yarr/YarrInterpreter.h:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::jitCompile):
-        (JSC::Yarr::execute):
-        * yarr/YarrJIT.h:
-        * yarr/YarrParser.h:
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPattern::compile):
-        (JSC::Yarr::YarrPattern::YarrPattern):
-        * yarr/YarrPattern.h:
-
-2011-01-12  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r75595.
-        http://trac.webkit.org/changeset/75595
-        https://bugs.webkit.org/show_bug.cgi?id=52286
-
-        It broke fast/regex/pcre-test-1.html (Requested by Ossy on
-        #webkit).
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RegExp.cpp:
-        * yarr/Yarr.h: Removed.
-        * yarr/YarrInterpreter.cpp:
-        * yarr/YarrInterpreter.h:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::jitCompile):
-        * yarr/YarrJIT.h:
-        (JSC::Yarr::execute):
-        * yarr/YarrParser.h:
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::compile):
-        (JSC::Yarr::YarrPattern::YarrPattern):
-        * yarr/YarrPattern.h:
-
-2011-01-12  Peter Varga  <pvarga@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Add Yarr.h to YARR
-        https://bugs.webkit.org/show_bug.cgi?id=51021
-
-        Move other common constants and functions from YARR's different files
-        to Yarr.h.
-        Use Yarr.h header instead of including other YARR headers where it
-        is possible.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RegExp.cpp:
-        * yarr/Yarr.h: Added.
-        * yarr/YarrInterpreter.cpp:
-        * yarr/YarrInterpreter.h:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::jitCompile):
-        (JSC::Yarr::execute):
-        * yarr/YarrJIT.h:
-        * yarr/YarrParser.h:
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPattern::compile):
-        (JSC::Yarr::YarrPattern::YarrPattern):
-        * yarr/YarrPattern.h:
-
-2011-01-11  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Missing call to popTempSortVector() for exception case in JSArray::sort.
-        https://bugs.webkit.org/show_bug.cgi?id=50718
-
-        Fix to patch of 50718 that added pushTempSortVector() and 
-        popTempSortVector() to JSArray::sort() to mark elements during sort.
-        Need to add popTempSortVector() for the return case if toString()
-        had an exception.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort): Added popTempSortVector()
-
-2011-01-11  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Darin Adler.
-
-        Microoptimization in ~JSString
-        https://bugs.webkit.org/show_bug.cgi?id=52222
-
-        The case where m_fibers is 0 seems to be the most common one
-        (almost 1/2 of the time, followed at some distance by m_fibers = 1
-        in 1/4 of the cases in a typical SunSpider execution). We can save
-        one comparison in this common case by doing a bit of refactoring
-        in the JSString destructor; overall a 0.3% progression, but only
-        the string tests show improvement.
-
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::~JSString):
-
-2011-01-10  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        ASSERTION Failure in JSC::binaryChop
-        https://bugs.webkit.org/show_bug.cgi?id=25614
-
-        Changed JITStubs::cti_register_file_check() to use the current stack's
-        return PC to find the bytecode for handling the exception in the prior
-        frame.  Also added the appropriate arrity check routine call to the
-        JIT to bytecode vector (m_callReturnIndexVector) in the CodeBlock.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile): Changed the arrity check call location
-        so that it gets added to the m_calls list so that it's included in
-        CodeBlock::m_callReturnIndexVector.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Use the current call frame's return PC.
-
-2011-01-10  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Martin Robinson.
-
-        Remove extraneous COMPILER(GCC) condition when checking GCC_VERSION_AT_LEAST()
-        https://bugs.webkit.org/show_bug.cgi?id=52178
-
-        It is sufficient to test GCC_VERSION_AT_LEAST() instead of both COMPILER(GCC) and
-        GCC_VERSION_AT_LEAST(). Notice GCC_VERSION_AT_LEAST() is defined to be 0 when we
-        are not compiling with GCC.
-
-        Fixes style issues at the callsites (i.e. replace comma with comma-space in
-        macro function argument list). Also, makes a spelling correction in a comment.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * wtf/Platform.h:
-
-2011-01-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: removed some uses of nextNumber that I missed last time.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reset):
-        (JSC::Heap::collectAllGarbage):
-
-2011-01-10  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Use __builtin_expect when compiling using RVCT in GNU mode
-        https://bugs.webkit.org/show_bug.cgi?id=51866
-
-        We should only use __builtin_expect if we are compiling with GCC or RVCT 3 or higher in GNU mode
-        as pointed out by Siddharth Mathur per <http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0202h/Cjabddedbde.html>.
-
-        * wtf/AlwaysInline.h:
-        * wtf/Platform.h: Removed define WTF_COMPILER_RVCT4_OR_GREATER. Instead added macro
-        function RVCT_VERSION_AT_LEAST so that we can test for an arbitrary minimum RVCT
-        version.
-
-2011-01-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Moved Collector.* => Heap.*, since the file contains a class named "Heap".
-
-        * API/JSCallbackObject.cpp:
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/Interpreter.cpp:
-        * interpreter/RegisterFile.h:
-        * jit/JITStubs.cpp:
-        * runtime/Collector.cpp: Removed.
-        * runtime/Collector.h: Removed.
-        * runtime/CollectorHeapIterator.h:
-        * runtime/GCActivityCallbackCF.cpp:
-        * runtime/Heap.cpp: Copied from JavaScriptCore/runtime/Collector.cpp.
-        * runtime/Heap.h: Copied from JavaScriptCore/runtime/Collector.h.
-        * runtime/InitializeThreading.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalData.h:
-        * runtime/JSLock.cpp:
-        * runtime/JSNumberCell.h:
-        * runtime/MachineStackMarker.cpp:
-        * runtime/MemoryStatistics.h:
-        * runtime/Protect.h:
-        * runtime/UString.cpp:
-        * runtime/WeakGCMap.h:
-        * runtime/WeakGCPtr.h:
-
-2011-01-10  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove unused isString() case in JSString::toPrimitiveString()
-        https://bugs.webkit.org/show_bug.cgi?id=52167
-
-        We never call toPrimitiveString() with strings, so remove the
-        check and add an ASSERT ensuring this never happens. 0.7% overall
-        progression in sunspider, since one of the call sites is very hot.
-
-        * runtime/JSString.h:
-        (JSC::JSValue::toPrimitiveString):
-
-2011-01-10  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Rename the existing YARR files and classes
-        https://bugs.webkit.org/show_bug.cgi?id=51872
-
-        Replace the "Regex" prefix with "Yarr" in the name of YARR files and classes.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        (JSC::RegExp::printTraceData):
-        * yarr/YarrInterpreter.cpp: Renamed from Source/JavaScriptCore/yarr/RegexInterpreter.cpp.
-        (JSC::Yarr::Interpreter::appendParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::popParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::DisjunctionContext::DisjunctionContext):
-        (JSC::Yarr::Interpreter::DisjunctionContext::operator new):
-        (JSC::Yarr::Interpreter::allocDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeDisjunctionContext):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::operator new):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::restoreOutput):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::getDisjunctionContext):
-        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::InputStream::InputStream):
-        (JSC::Yarr::Interpreter::InputStream::next):
-        (JSC::Yarr::Interpreter::InputStream::rewind):
-        (JSC::Yarr::Interpreter::InputStream::read):
-        (JSC::Yarr::Interpreter::InputStream::readPair):
-        (JSC::Yarr::Interpreter::InputStream::readChecked):
-        (JSC::Yarr::Interpreter::InputStream::reread):
-        (JSC::Yarr::Interpreter::InputStream::prev):
-        (JSC::Yarr::Interpreter::InputStream::getPos):
-        (JSC::Yarr::Interpreter::InputStream::setPos):
-        (JSC::Yarr::Interpreter::InputStream::atStart):
-        (JSC::Yarr::Interpreter::InputStream::atEnd):
-        (JSC::Yarr::Interpreter::InputStream::checkInput):
-        (JSC::Yarr::Interpreter::InputStream::uncheckInput):
-        (JSC::Yarr::Interpreter::InputStream::isNotAvailableInput):
-        (JSC::Yarr::Interpreter::testCharacterClass):
-        (JSC::Yarr::Interpreter::checkCharacter):
-        (JSC::Yarr::Interpreter::checkCasedCharacter):
-        (JSC::Yarr::Interpreter::checkCharacterClass):
-        (JSC::Yarr::Interpreter::tryConsumeBackReference):
-        (JSC::Yarr::Interpreter::matchAssertionBOL):
-        (JSC::Yarr::Interpreter::matchAssertionEOL):
-        (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
-        (JSC::Yarr::Interpreter::backtrackPatternCharacter):
-        (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
-        (JSC::Yarr::Interpreter::matchCharacterClass):
-        (JSC::Yarr::Interpreter::backtrackCharacterClass):
-        (JSC::Yarr::Interpreter::matchBackReference):
-        (JSC::Yarr::Interpreter::backtrackBackReference):
-        (JSC::Yarr::Interpreter::recordParenthesesMatch):
-        (JSC::Yarr::Interpreter::resetMatches):
-        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
-        (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
-        (JSC::Yarr::Interpreter::matchParenthesesOnceEnd):
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
-        (JSC::Yarr::Interpreter::matchParenthesesTerminalBegin):
-        (JSC::Yarr::Interpreter::matchParenthesesTerminalEnd):
-        (JSC::Yarr::Interpreter::backtrackParenthesesTerminalBegin):
-        (JSC::Yarr::Interpreter::backtrackParenthesesTerminalEnd):
-        (JSC::Yarr::Interpreter::matchParentheticalAssertionBegin):
-        (JSC::Yarr::Interpreter::matchParentheticalAssertionEnd):
-        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionBegin):
-        (JSC::Yarr::Interpreter::backtrackParentheticalAssertionEnd):
-        (JSC::Yarr::Interpreter::matchParentheses):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-        (JSC::Yarr::Interpreter::lookupForBeginChars):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::matchNonZeroDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        (JSC::Yarr::Interpreter::Interpreter):
-        (JSC::Yarr::ByteCompiler::ParenthesesStackEntry::ParenthesesStackEntry):
-        (JSC::Yarr::ByteCompiler::ByteCompiler):
-        (JSC::Yarr::ByteCompiler::compile):
-        (JSC::Yarr::ByteCompiler::checkInput):
-        (JSC::Yarr::ByteCompiler::assertionBOL):
-        (JSC::Yarr::ByteCompiler::assertionEOL):
-        (JSC::Yarr::ByteCompiler::assertionWordBoundary):
-        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
-        (JSC::Yarr::ByteCompiler::atomCharacterClass):
-        (JSC::Yarr::ByteCompiler::atomBackReference):
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
-        (JSC::Yarr::ByteCompiler::popParenthesesStack):
-        (JSC::Yarr::ByteCompiler::dumpDisjunction):
-        (JSC::Yarr::ByteCompiler::closeAlternative):
-        (JSC::Yarr::ByteCompiler::closeBodyAlternative):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
-        (JSC::Yarr::ByteCompiler::regexBegin):
-        (JSC::Yarr::ByteCompiler::regexEnd):
-        (JSC::Yarr::ByteCompiler::alternativeBodyDisjunction):
-        (JSC::Yarr::ByteCompiler::alternativeDisjunction):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        (JSC::Yarr::byteCompile):
-        (JSC::Yarr::interpret):
-        * yarr/YarrInterpreter.h: Renamed from Source/JavaScriptCore/yarr/RegexInterpreter.h.
-        (JSC::Yarr::ByteTerm::ByteTerm):
-        (JSC::Yarr::ByteTerm::BOL):
-        (JSC::Yarr::ByteTerm::CheckInput):
-        (JSC::Yarr::ByteTerm::EOL):
-        (JSC::Yarr::ByteTerm::WordBoundary):
-        (JSC::Yarr::ByteTerm::BackReference):
-        (JSC::Yarr::ByteTerm::BodyAlternativeBegin):
-        (JSC::Yarr::ByteTerm::BodyAlternativeDisjunction):
-        (JSC::Yarr::ByteTerm::BodyAlternativeEnd):
-        (JSC::Yarr::ByteTerm::AlternativeBegin):
-        (JSC::Yarr::ByteTerm::AlternativeDisjunction):
-        (JSC::Yarr::ByteTerm::AlternativeEnd):
-        (JSC::Yarr::ByteTerm::SubpatternBegin):
-        (JSC::Yarr::ByteTerm::SubpatternEnd):
-        (JSC::Yarr::ByteTerm::invert):
-        (JSC::Yarr::ByteTerm::capture):
-        (JSC::Yarr::ByteDisjunction::ByteDisjunction):
-        (JSC::Yarr::BytecodePattern::BytecodePattern):
-        (JSC::Yarr::BytecodePattern::~BytecodePattern):
-        * yarr/YarrJIT.cpp: Renamed from Source/JavaScriptCore/yarr/RegexJIT.cpp.
-        (JSC::Yarr::YarrGenerator::optimizeAlternative):
-        (JSC::Yarr::YarrGenerator::matchCharacterClassRange):
-        (JSC::Yarr::YarrGenerator::matchCharacterClass):
-        (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
-        (JSC::Yarr::YarrGenerator::jumpIfAvailableInput):
-        (JSC::Yarr::YarrGenerator::checkInput):
-        (JSC::Yarr::YarrGenerator::atEndOfInput):
-        (JSC::Yarr::YarrGenerator::notAtEndOfInput):
-        (JSC::Yarr::YarrGenerator::jumpIfCharEquals):
-        (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
-        (JSC::Yarr::YarrGenerator::readCharacter):
-        (JSC::Yarr::YarrGenerator::storeToFrame):
-        (JSC::Yarr::YarrGenerator::storeToFrameWithPatch):
-        (JSC::Yarr::YarrGenerator::loadFromFrame):
-        (JSC::Yarr::YarrGenerator::loadFromFrameAndJump):
-        (JSC::Yarr::YarrGenerator::IndirectJumpEntry::IndirectJumpEntry):
-        (JSC::Yarr::YarrGenerator::IndirectJumpEntry::addJump):
-        (JSC::Yarr::YarrGenerator::AlternativeBacktrackRecord::AlternativeBacktrackRecord):
-        (JSC::Yarr::YarrGenerator::GenerationState::GenerationState):
-        (JSC::Yarr::YarrGenerator::GenerationState::addIndirectJumpEntry):
-        (JSC::Yarr::YarrGenerator::GenerationState::emitIndirectJumpTable):
-        (JSC::Yarr::YarrGenerator::GenerationState::incrementParenNestingLevel):
-        (JSC::Yarr::YarrGenerator::GenerationState::decrementParenNestingLevel):
-        (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
-        (JSC::Yarr::YarrGenerator::GenerationState::emitParenthesesTail):
-        (JSC::Yarr::YarrGenerator::GenerationState::addJumpToNextInteration):
-        (JSC::Yarr::YarrGenerator::GenerationState::addJumpsToNextInteration):
-        (JSC::Yarr::YarrGenerator::GenerationState::addDataLabelToNextIteration):
-        (JSC::Yarr::YarrGenerator::GenerationState::linkToNextIteration):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::BacktrackDestination):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::clear):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::clearDataLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::hasDestination):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::isStackOffset):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::isLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::isJumpList):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::hasDataLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::copyTarget):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::copyTo):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::addBacktrackJump):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setStackOffset):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setNextBacktrackLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::copyBacktrackToLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setBacktrackToLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setBacktrackJumpList):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setBacktrackSourceLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setDataLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::setSubDataLabelPtr):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::linkToNextBacktrack):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::getStackOffset):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::getLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::getBacktrackJumps):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::getDataLabel):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::jumpToBacktrack):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::linkDataLabelToHereIfExists):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::plantJumpToBacktrackIfExists):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::linkAlternativeBacktracks):
-        (JSC::Yarr::YarrGenerator::BacktrackDestination::linkAlternativeBacktracksTo):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::TermGenerationState):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::resetAlternative):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::alternativeValid):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::nextAlternative):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::alternative):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::isLastAlternative):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::resetTerm):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::termValid):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::nextTerm):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::term):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::isLastTerm):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::getSubParenNum):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::isMainDisjunction):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::setParenthesesTail):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::getParenthesesTail):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::lookaheadTerm):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::isSinglePatternCharacterLookaheadTerm):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::inputOffset):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::clearBacktrack):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::jumpToBacktrack):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::plantJumpToBacktrackIfExists):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::addBacktrackJump):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::setBacktrackDataLabel):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::setBackTrackStackOffset):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::setBacktrackLabel):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::linkAlternativeBacktracks):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::linkAlternativeBacktracksTo):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::setBacktrackLink):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::chainBacktracks):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::chainBacktrackJumps):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::getBacktrackDestination):
-        (JSC::Yarr::YarrGenerator::TermGenerationState::propagateBacktrackingFrom):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::ParenthesesTail):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::processBacktracks):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::setNextIteration):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::addAfterParenJump):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
-        (JSC::Yarr::YarrGenerator::generateAssertionBOL):
-        (JSC::Yarr::YarrGenerator::generateAssertionEOL):
-        (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
-        (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterPair):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassSingle):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateParenthesesDisjunction):
-        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
-        (JSC::Yarr::YarrGenerator::generateParenthesesGreedyNoBacktrack):
-        (JSC::Yarr::YarrGenerator::generateParentheticalAssertion):
-        (JSC::Yarr::YarrGenerator::generateTerm):
-        (JSC::Yarr::YarrGenerator::generateDisjunction):
-        (JSC::Yarr::YarrGenerator::generateEnter):
-        (JSC::Yarr::YarrGenerator::generateReturn):
-        (JSC::Yarr::YarrGenerator::YarrGenerator):
-        (JSC::Yarr::YarrGenerator::generate):
-        (JSC::Yarr::YarrGenerator::compile):
-        (JSC::Yarr::jitCompile):
-        * yarr/YarrJIT.h: Renamed from Source/JavaScriptCore/yarr/RegexJIT.h.
-        (JSC::Yarr::YarrCodeBlock::YarrCodeBlock):
-        (JSC::Yarr::YarrCodeBlock::~YarrCodeBlock):
-        (JSC::Yarr::YarrCodeBlock::setFallBack):
-        (JSC::Yarr::YarrCodeBlock::isFallBack):
-        (JSC::Yarr::YarrCodeBlock::set):
-        (JSC::Yarr::YarrCodeBlock::execute):
-        (JSC::Yarr::YarrCodeBlock::getAddr):
-        (JSC::Yarr::execute):
-        * yarr/YarrParser.h: Renamed from Source/JavaScriptCore/yarr/RegexParser.h.
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::begin):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::end):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
-        (JSC::Yarr::Parser::Parser):
-        (JSC::Yarr::Parser::parseEscape):
-        (JSC::Yarr::Parser::parseAtomEscape):
-        (JSC::Yarr::Parser::parseCharacterClassEscape):
-        (JSC::Yarr::Parser::parseCharacterClass):
-        (JSC::Yarr::Parser::parseParenthesesBegin):
-        (JSC::Yarr::Parser::parseParenthesesEnd):
-        (JSC::Yarr::Parser::parseQuantifier):
-        (JSC::Yarr::Parser::parseTokens):
-        (JSC::Yarr::Parser::parse):
-        (JSC::Yarr::Parser::saveState):
-        (JSC::Yarr::Parser::restoreState):
-        (JSC::Yarr::Parser::atEndOfPattern):
-        (JSC::Yarr::Parser::peek):
-        (JSC::Yarr::Parser::peekIsDigit):
-        (JSC::Yarr::Parser::peekDigit):
-        (JSC::Yarr::Parser::consume):
-        (JSC::Yarr::Parser::consumeDigit):
-        (JSC::Yarr::Parser::consumeNumber):
-        (JSC::Yarr::Parser::consumeOctal):
-        (JSC::Yarr::Parser::tryConsume):
-        (JSC::Yarr::Parser::tryConsumeHex):
-        (JSC::Yarr::parse):
-        * yarr/YarrPattern.cpp: Renamed from Source/JavaScriptCore/yarr/RegexPattern.cpp.
-        (JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
-        (JSC::Yarr::CharacterClassConstructor::reset):
-        (JSC::Yarr::CharacterClassConstructor::append):
-        (JSC::Yarr::CharacterClassConstructor::putChar):
-        (JSC::Yarr::CharacterClassConstructor::isUnicodeUpper):
-        (JSC::Yarr::CharacterClassConstructor::isUnicodeLower):
-        (JSC::Yarr::CharacterClassConstructor::putRange):
-        (JSC::Yarr::CharacterClassConstructor::charClass):
-        (JSC::Yarr::CharacterClassConstructor::addSorted):
-        (JSC::Yarr::CharacterClassConstructor::addSortedRange):
-        (JSC::Yarr::BeginCharHelper::BeginCharHelper):
-        (JSC::Yarr::BeginCharHelper::addBeginChar):
-        (JSC::Yarr::BeginCharHelper::merge):
-        (JSC::Yarr::BeginCharHelper::addCharacter):
-        (JSC::Yarr::BeginCharHelper::linkHotTerms):
-        (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
-        (JSC::Yarr::YarrPatternConstructor::~YarrPatternConstructor):
-        (JSC::Yarr::YarrPatternConstructor::reset):
-        (JSC::Yarr::YarrPatternConstructor::assertionBOL):
-        (JSC::Yarr::YarrPatternConstructor::assertionEOL):
-        (JSC::Yarr::YarrPatternConstructor::assertionWordBoundary):
-        (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
-        (JSC::Yarr::YarrPatternConstructor::atomBuiltInCharacterClass):
-        (JSC::Yarr::YarrPatternConstructor::atomCharacterClassBegin):
-        (JSC::Yarr::YarrPatternConstructor::atomCharacterClassAtom):
-        (JSC::Yarr::YarrPatternConstructor::atomCharacterClassRange):
-        (JSC::Yarr::YarrPatternConstructor::atomCharacterClassBuiltIn):
-        (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
-        (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
-        (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
-        (JSC::Yarr::YarrPatternConstructor::atomBackReference):
-        (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
-        (JSC::Yarr::YarrPatternConstructor::copyTerm):
-        (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
-        (JSC::Yarr::YarrPatternConstructor::disjunction):
-        (JSC::Yarr::YarrPatternConstructor::regexBegin):
-        (JSC::Yarr::YarrPatternConstructor::regexEnd):
-        (JSC::Yarr::YarrPatternConstructor::regexError):
-        (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
-        (JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets):
-        (JSC::Yarr::YarrPatternConstructor::setupOffsets):
-        (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
-        (JSC::Yarr::YarrPatternConstructor::optimizeBOL):
-        (JSC::Yarr::YarrPatternConstructor::addBeginTerm):
-        (JSC::Yarr::YarrPatternConstructor::setupDisjunctionBeginTerms):
-        (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms):
-        (JSC::Yarr::YarrPatternConstructor::setupBeginChars):
-        (JSC::Yarr::compile):
-        (JSC::Yarr::YarrPattern::YarrPattern):
-        * yarr/YarrPattern.h: Renamed from Source/JavaScriptCore/yarr/RegexPattern.h.
-        (JSC::Yarr::CharacterRange::CharacterRange):
-        (JSC::Yarr::CharacterClassTable::create):
-        (JSC::Yarr::CharacterClassTable::CharacterClassTable):
-        (JSC::Yarr::CharacterClass::CharacterClass):
-        (JSC::Yarr::PatternTerm::PatternTerm):
-        (JSC::Yarr::PatternTerm::ForwardReference):
-        (JSC::Yarr::PatternTerm::BOL):
-        (JSC::Yarr::PatternTerm::EOL):
-        (JSC::Yarr::PatternTerm::WordBoundary):
-        (JSC::Yarr::PatternTerm::invert):
-        (JSC::Yarr::PatternTerm::capture):
-        (JSC::Yarr::PatternTerm::quantify):
-        (JSC::Yarr::PatternAlternative::PatternAlternative):
-        (JSC::Yarr::PatternAlternative::lastTerm):
-        (JSC::Yarr::PatternAlternative::removeLastTerm):
-        (JSC::Yarr::PatternAlternative::setOnceThrough):
-        (JSC::Yarr::PatternAlternative::onceThrough):
-        (JSC::Yarr::PatternDisjunction::PatternDisjunction):
-        (JSC::Yarr::PatternDisjunction::~PatternDisjunction):
-        (JSC::Yarr::PatternDisjunction::addNewAlternative):
-        (JSC::Yarr::TermChain::TermChain):
-        (JSC::Yarr::BeginChar::BeginChar):
-        (JSC::Yarr::YarrPattern::~YarrPattern):
-        (JSC::Yarr::YarrPattern::reset):
-        (JSC::Yarr::YarrPattern::containsIllegalBackReference):
-        (JSC::Yarr::YarrPattern::newlineCharacterClass):
-        (JSC::Yarr::YarrPattern::digitsCharacterClass):
-        (JSC::Yarr::YarrPattern::spacesCharacterClass):
-        (JSC::Yarr::YarrPattern::wordcharCharacterClass):
-        (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
-        (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
-        (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
-
-2011-01-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * parser/SyntaxChecker.h:
-
-2011-01-10  Dave Tapuska  <dtapuska@rim.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add CTI ASM versions for RVCT ARM THUMB2 mode.
-
-        https://bugs.webkit.org/show_bug.cgi?id=52154
-
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::ctiVMThrowTrampoline):
-        (JSC::ctiOpThrowNotCaught):
-
-2011-01-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Qt build fix.
-
-        * JavaScriptCore.pro:
-
-2011-01-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 52079 - Syntax errors should be early errors.
-
-        From chapter 16 the spec:
-            An implementation must report most errors at the time the relevant ECMAScript language construct is
-            evaluated. An early error is an error that can be detected and reported prior to the evaluation of
-            any construct in the Program containing the error. An implementation must report early errors in a
-            Program prior to the first evaluation of that Program. Early errors in eval code are reported at
-            the time eval is called but prior to evaluation of any construct within the eval code. All errors
-            that are not early errors are runtime errors.
-
-            An implementation must treat any instance of the following kinds of errors as an early error:
-                * Any syntax error."
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            Added new files.
-        * bytecode/CodeBlock.cpp:
-            Removed op_throw_syntax_error.
-        * bytecode/Opcode.h:
-            Removed op_throw_syntax_error.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-            If m_expressionTooDeep then throw a runtime error.
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-            Initialize m_expressionTooDeep.
-        (JSC::BytecodeGenerator::emitThrowExpressionTooDeepException):
-            Sets m_expressionTooDeep.
-        * bytecompiler/BytecodeGenerator.h:
-            Added m_expressionTooDeep, removed emitThrowSyntaxError.
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-            Conditions that threw syntax error are now handled during parsing;
-            during bytecompilation these are now just ASSERTs.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-            Removed op_throw_syntax_error.
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createRegExp):
-            Renamed; added syntax check.
-        * parser/JSParser.cpp:
-        (JSC::JSParser::breakIsValid):
-        (JSC::JSParser::hasLabel):
-        (JSC::JSParser::Scope::Scope):
-        (JSC::JSParser::Scope::setIsFunction):
-        (JSC::JSParser::Scope::isFunctionBoundary):
-        (JSC::JSParser::ScopeRef::hasContainingScope):
-        (JSC::JSParser::ScopeRef::containingScope):
-        (JSC::JSParser::AutoPopScopeRef::AutoPopScopeRef):
-        (JSC::JSParser::AutoPopScopeRef::~AutoPopScopeRef):
-        (JSC::JSParser::AutoPopScopeRef::setPopped):
-        (JSC::JSParser::popScopeInternal):
-        (JSC::JSParser::popScope):
-        (JSC::jsParse):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseBreakStatement):
-        (JSC::JSParser::parseContinueStatement):
-        (JSC::JSParser::parseReturnStatement):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseFunctionInfo):
-        (JSC::JSParser::parseExpressionOrLabelStatement):
-        (JSC::JSParser::parsePrimaryExpression):
-        * parser/JSParser.h:
-        * parser/Nodes.h:
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createRegExp):
-            Renamed; added syntax check.
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createOutOfMemoryError):
-        (JSC::throwOutOfMemoryError):
-        * runtime/ExceptionHelpers.h:
-            Broke out createOutOfMemoryError.
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-            Add check for exception after bytecode generation.
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-            RegExp error prefixes not included in error string.
-        * yarr/RegexParser.h:
-        (JSC::Yarr::Parser::parse):
-            Removed regexBegin/regexEnd/regexError.
-        * yarr/RegexPattern.cpp:
-        (JSC::Yarr::RegexPatternConstructor::regexBegin):
-            Removed regexEnd/regexError.
-        (JSC::Yarr::compileRegex):
-            Add call to regexBegin (no longer called from the parser).
-        * yarr/YarrSyntaxChecker.cpp: Added.
-        (JSC::Yarr::SyntaxChecker::assertionBOL):
-        (JSC::Yarr::SyntaxChecker::assertionEOL):
-        (JSC::Yarr::SyntaxChecker::assertionWordBoundary):
-        (JSC::Yarr::SyntaxChecker::atomPatternCharacter):
-        (JSC::Yarr::SyntaxChecker::atomBuiltInCharacterClass):
-        (JSC::Yarr::SyntaxChecker::atomCharacterClassBegin):
-        (JSC::Yarr::SyntaxChecker::atomCharacterClassAtom):
-        (JSC::Yarr::SyntaxChecker::atomCharacterClassRange):
-        (JSC::Yarr::SyntaxChecker::atomCharacterClassBuiltIn):
-        (JSC::Yarr::SyntaxChecker::atomCharacterClassEnd):
-        (JSC::Yarr::SyntaxChecker::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::SyntaxChecker::atomParentheticalAssertionBegin):
-        (JSC::Yarr::SyntaxChecker::atomParenthesesEnd):
-        (JSC::Yarr::SyntaxChecker::atomBackReference):
-        (JSC::Yarr::SyntaxChecker::quantifyAtom):
-        (JSC::Yarr::SyntaxChecker::disjunction):
-        (JSC::Yarr::checkSyntax):
-        * yarr/YarrSyntaxChecker.h: Added.
-            Check RegExp syntax.
-
-2011-01-10  Adam Roben  <aroben@apple.com>
-
-        Roll out r75289
-
-        It was causing assertion failures. See <http://webkit.org/b/52156>.
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize):
-
-2011-01-08  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Unify string table adding in AtomicString
-        https://bugs.webkit.org/show_bug.cgi?id=51927
-
-        Move code for adding a string into a separate function.
-        This removes multiple occurrence of the same logic.
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::addToStringTable): Added.
-        (WTF::AtomicString::add): Use addToStringTable().
-        (WTF::AtomicString::fromUTF8): Ditto.
-
-2011-01-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Split machine stack marking functions into their own class (MachineStackMarker)
-        https://bugs.webkit.org/show_bug.cgi?id=52088
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Moved registerThread()
-        call behind an #ifdef because we shouldn't be registering threads at all
-        if we don't support usage on multiple threads.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Updated projects.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::markRoots):
-        * runtime/Collector.h:
-        (JSC::Heap::machineStackMarker): Moved code to machineStackMarker.
-
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::makeUsableFromMultipleThreads): Removed an unnecessary
-        level of indirection, to make Heap less of a God class.
-
-        * runtime/MachineStackMarker.h: Copied from Source/JavaScriptCore/runtime/Collector.h.
-        * runtime/MachineStackMarker.cpp: Copied from Source/JavaScriptCore/runtime/Collector.cpp.
-        (JSC::MachineStackMarker::MachineStackMarker):
-        (JSC::MachineStackMarker::~MachineStackMarker):
-        (JSC::MachineStackMarker::makeUsableFromMultipleThreads):
-        (JSC::MachineStackMarker::registerThread):
-        (JSC::MachineStackMarker::unregisterThread):
-        (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
-        (JSC::MachineStackMarker::markCurrentThreadConservatively):
-        (JSC::MachineStackMarker::markOtherThreadConservatively):
-        (JSC::MachineStackMarker::markMachineStackConservatively): Moved code from Heap.
-
-2011-01-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 26276 - Need a mechanism to determine stack extent on WINDOWS, SOLARIS, OPENBSD, SYMBIAN, HAIKU, WINCE platforms
-
-        Fix for win32.  The base of the stack is stored in the "deallocation stack" field of the
-        Thread Information Block - see: http://en.wikipedia.org/wiki/Win32_Thread_Information_Block
-        for more information!
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize):
-
-2011-01-07  Adam Roben  <aroben@apple.com>
-
-        Update react-to-vsprops-changes.py after r74855
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-
-2011-01-07  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Port scrollbar painting to GtkStyleContext
-        https://bugs.webkit.org/show_bug.cgi?id=52051
-
-        * wtf/gobject/GTypedefs.h: Add GtkStyleContext forward
-        declaration.
-
-2011-01-07  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Martin Robinson.
-
-        Enable PCRE computed gotos when compiling with RCVT 4.0 or greater in GNU mode
-        https://bugs.webkit.org/show_bug.cgi?id=52034
-
-        Derived from a patch by Eli Fidler.
-
-        RVCT 4 or greater in GNU mode supports the computed goto GNU language extension
-        as per <http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/ch03s07s12.html>.
-
-        * pcre/pcre_exec.cpp: Modified to check for feature, HAVE(COMPUTED_GOTO), instead
-        of hardcoding the GCC compiler.
-        * wtf/Platform.h: Define WTF_COMPILER_RVCT4_OR_GREATER if __ARMCC_VERSION >= 400000.
-
-2011-01-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 52035 - Unregistering DOMWrapperWorlds is unsafe
-
-        The method DOMWrapperWorld::unregisterWorld() effectively calls the DOMWrapperWorld's
-        destructor early, in order to release wrappers once we know we no longer intend to use them.
-        Whilst it is okay to have a method to throw away wrappers (assuming we know we're willing to
-        lose any state stored on them) it is not okay to deregister the world from the JSGlobalData.
-        A sequence of events that triggers the bug would look like this:
-
-        (1) Create a DOMWrapperWorld.
-        (2) Register a timer in the world.
-        (3) Call unregisterWorld() on the world.
-        (4) Timer goes off, code is executed in the world, creates a Node not attached to a Document.
-        (5) We attempt to lookup a wrapper map for the world on the JSGlobalData, but because we've
-            called forgetWorld() none exists.
-        (6) Attempt to add a wrapper to a NULL map.
-
-        Fix the problem by not removing the JSGlobalData's wrapper map until the world really goes away.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::clear):
-
-2011-01-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 52021 - zeroDouble broken on ARMv7
-
-        The bug here is that zeroDouble was working incorrectly,
-        leading to op_loop_if_true failing - specifically in the
-        case where the value being checked is 0.0 encoded as a
-        double (rather than an integer immediate).
-
-        Additionally this patch removes a redundant duplicate compare
-        in some (many) case.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::vcmp_F64):
-        (JSC::ARMv7Assembler::vcmpz_F64):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchDoubleNonZero):
-        (JSC::MacroAssemblerARM::branchDoubleZeroOrNaN):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchDouble):
-        (JSC::MacroAssemblerARMv7::branchDoubleNonZero):
-        (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN):
-        (JSC::MacroAssemblerARMv7::compare32):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branchDoubleNonZero):
-        (JSC::MacroAssemblerMIPS::branchDoubleZeroOrNaN):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchDoubleNonZero):
-        (JSC::MacroAssemblerX86Common::branchDoubleZeroOrNaN):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-
-2011-01-06  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Added debug code to compare the results of JIT regexp with 
-        interpreted regexp and displays discrepencies.  This debug code is
-        controlled by the ENABLE_YARR_JIT_DEBUG macro in wtf/Platform.h and
-        is only valid if ENABLE_YARR_JIT is enabled.
-
-        Fixed a discovered problem in RegExp::printTraceData, changing
-        m_pattern to the getter pattern().
-        Also deleted an extraneous semicolon.
-
-        Enhancement: Add Regexp Debug Compare between JIT and Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=51834
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        (JSC::RegExp::printTraceData):
-        * wtf/Platform.h:
-
-2011-01-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        [WINCE] Remove JSC::g_stackBase
-        https://bugs.webkit.org/show_bug.cgi?id=51779
-
-        * wtf/StackBounds.cpp:
-
-2011-01-06  Joone Hur  <joone.hur@collabora.co.uk>
-
-        Reviewed by Eric Seidel.
-
-        WML Parser should treat line/column number in a consistent way
-        https://bugs.webkit.org/show_bug.cgi?id=51601
-
-        Add the equality operators to TextPosition class.
-
-        * wtf/text/TextPosition.h:
-        (WTF::TextPosition::operator==): Added.
-        (WTF::TextPosition::operator!=): Added.
-        (WTF::TextPosition::belowRangePosition): Use belowBase() instead of base().
-        (WTF::ZeroBasedNumber::operator==): Added.
-        (WTF::ZeroBasedNumber::operator!=): Added.
-        (WTF::OneBasedNumber::operator==): Added.
-        (WTF::OneBasedNumber::operator!=): Added.
-
-2011-01-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        [WINCE] Determine stack extent
-        https://bugs.webkit.org/show_bug.cgi?id=26276
-
-        Scan the stack for writeable pages and use the limits.
-
-        * wtf/StackBounds.cpp:
-        (WTF::detectGrowingDownward):
-        (WTF::isPageWritable):
-        (WTF::getLowerStackBound):
-        (WTF::getUpperStackBound):
-        (WTF::StackBounds::initialize):
-
-2011-01-05  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Revert change to additional library search path needed to find ICU.
-
-2011-01-05  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Debug and Release builds on Windows clobber each other
-        https://bugs.webkit.org/show_bug.cgi?id=49185
-        
-        Changes the structure of WebKitBuild build products directory so we
-        completely separate each build configuration into independent directories.
-        
-        Although we previously had per-configuration directories for obj, this change adds
-        per-configuration directories for bin, lib, obj, and include. Each configuration's
-        build products are stored within a directory inside of WebKitBuild.
-        
-        Most use of $(WebKitOutputDir) in the build files has been replaced by $(ConfigurationBuildDir),
-        defined in common.vsprops to be $(WebKitOutputDir)\$(ConfigurationName).
-        
-        For PGO, $(ConfigurationBuildDir) points to the same directory (Release_PGO) to allow
-        for proper operation of the instrumentation/optimization scripts.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePGOOptimize.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd:
-        * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
-        * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd:
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd:
-        * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd:
-
-2011-01-05  Brent Fulgham  <bfulgham@webkit.org>
-
-        Unreviewed build fix.
-
-        * wtf/Encoder.h: Add <stdint.h> include for systems that
-        do not natively know about uint8_t, etc.
-
-2011-01-05  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        [CMake] Fix the usage of SOURCE_GROUP
-        https://bugs.webkit.org/show_bug.cgi?id=51739
-
-        * CMakeLists.txt:
-
-2011-01-05  Andras Becsi  <abecsi@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt][V8] Fix the build after recent changes.
-
-        * pcre/pcre.pri: Correct the path after Source was introduced.
-
-2011-01-04  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix. Update path to FindSafari after source code reorganization.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-
-2011-01-04  Daniel Bates  <dbates@rim.com>
-
-        Fix the Android build after changeset 74975 <http://trac.webkit.org/changeset/74975>
-        (https://bugs.webkit.org/show_bug.cgi?id=51855).
-
-        * wtf/ThreadingPthreads.cpp: Add include of PassOwnPtr.h.
-        (WTF::runThreadWithRegistration): Use -> instead of . to dereference pointer.
-
-2011-01-04  Martin Robinson  <mrobinson@igalia.com>
-
-        Try to fix the EFL build.
-
-        * wtf/CMakeLists.txt: Remove PlatformRefPtr from the CMake source list.
-
-2011-01-04  James Robinson  <jamesr@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        StackBounds initialization in WTFThreadData should be guarded by #if USE(JSC)
-        https://bugs.webkit.org/show_bug.cgi?id=51881
-
-        The StackBounds class is only used by JavaScriptCore.
-
-        * wtf/WTFThreadData.cpp:
-        (WTF::WTFThreadData::WTFThreadData):
-        * wtf/WTFThreadData.h:
-        (WTF::WTFThreadData::resetCurrentIdentifierTable):
-
-2011-01-03  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Darin Adler.
-
-        Remove the last non-GObject usage of PlatformRefPtr and move the code to GRefPtr
-        https://bugs.webkit.org/show_bug.cgi?id=51846
-
-        * GNUmakefile.am: Remove PlatformRefPtr.h from the sources list.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * jit/ExecutableAllocator.h: Change references to PlatformRefPtr to RefPtr.
-        (JSC::ExecutableAllocator::cacheFlush): Ditto.
-        * wtf/PlatformRefPtr.h: Removed.
-        * wtf/RandomNumber.cpp: Change references to PlatformRefPtr to RefPtr.
-        (WTF::randomNumber): Ditto.
-        * wtf/brew/RefPtrBrew.h: Ditto.
-        (WTF::refIfNotNull): Added.
-        (WTF::derefIfNotNull): Added.
-        * wtf/brew/ShellBrew.h: Change references to PlatformRefPtr to RefPtr.
-        (WTF::createRefPtrInstance): Modified to return a RefPtr.
-        * wtf/gobject/GRefPtr.cpp: 
-        (WTF::refGPtr): Moved from PlatformRefPtr here.
-        (WTF::derefGPtr): Ditto.
-        * wtf/gobject/GRefPtr.h: Ditto.
-        (WTF::GRefPtr::GRefPtr): Ditto.
-        (WTF::GRefPtr::~GRefPtr): Ditto.
-        (WTF::GRefPtr::clear): Ditto.
-        (WTF::GRefPtr::isHashTableDeletedValue): Ditto.
-        (WTF::GRefPtr::get): Ditto.
-        (WTF::GRefPtr::operator*): Ditto.
-        (WTF::GRefPtr::operator->): Ditto.
-        (WTF::GRefPtr::operator!): Ditto.
-        (WTF::GRefPtr::operator UnspecifiedBoolType): Ditto.
-        (WTF::GRefPtr::hashTableDeletedValue): Ditto.
-        (WTF::::operator): Ditto.
-        (WTF::::swap): Ditto.
-        (WTF::swap): Ditto.
-        (WTF::operator==): Ditto.
-        (WTF::operator!=): Ditto.
-        (WTF::static_pointer_cast): Ditto.
-        (WTF::const_pointer_cast): Ditto.
-        (WTF::getPtr): Ditto.
-        (WTF::adoptGRef): Ditto.
-        (WTF::refGPtr): Ditto.
-        (WTF::derefGPtr): Ditto.
-
-2011-01-04  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Adam Roben.
-
-        LEAK: Deallocate instance of ThreadFunctionInvocation if thread creation fails
-        https://bugs.webkit.org/show_bug.cgi?id=51860
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::createThreadInternal):
-
-2011-01-04  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Ariya Hidayat.
-
-        [Qt][Symbian] Make sure that WebKit headers are included before platform headers on Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=31273
-
-        On Symbian PREPEND_INCLUDEPATH is the best way to make sure that WebKit headers
-        are included before platform headers. On all other platforms continue to use
-        INCLUDEPATH (as before). This is a continuation of r65877.
-
-        No new tests as there is no new functionality.
-
-        * JavaScriptCore.pri:
-
-2011-01-04  Darin Adler  <darin@apple.com>
-
-        Try to fix Windows build.
-
-        * wtf/ThreadingWin.cpp: Added include of PassOwnPtr.h. Fixed paragraphing
-        of conditional includes.
-        (WTF::wtfThreadEntryPoint): Use -> instead of . to dereference pointer.
-        (WTF::createThreadInternal): Tweaked #if to not need separate macro.
-
-2011-01-04  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Adam Roben.
-
-        Extract ThreadFunctionInvocation into separate file and share between Apple Windows and Android
-        https://bugs.webkit.org/show_bug.cgi?id=51855
-
-        Both the Apple Windows and Android ports implement a similar adapter structure,
-        called ThreadFunctionInvocation and ThreadData respectively, as part of
-        their thread creation process. Instead, we should share such an adapter
-        structure and remove duplicate code.
-
-        * JavaScriptCore.gypi: Added header wtf/ThreadFunctionInvocation.h.
-        * wtf/ThreadFunctionInvocation.h: Added.
-        (WTF::ThreadFunctionInvocation::ThreadFunctionInvocation):
-        * wtf/ThreadingPthreads.cpp: Removed Android-specific structure ThreadData; Instead, use ThreadFunctionInvocation.
-        (WTF::runThreadWithRegistration):
-        (WTF::createThreadInternal): 
-        * wtf/ThreadingWin.cpp: Moved structure ThreadFunctionInvocation to its own file so that
-        it can be shared with the Android implementation of createThreadInternal().
-        (WTF::wtfThreadEntryPoint): Use OwnPtr to hold passed instance of ThreadFunctionInvocation.
-
-2011-01-04  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Use __builtin_expect when compiling using RVCT in GNU mode
-        https://bugs.webkit.org/show_bug.cgi?id=51866
-
-        Derived from a patch by Dave Tapuska.
-
-        * wtf/AlwaysInline.h:
-
-2011-01-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Brady Eidson.
-
-        * wtf/Forward.h: Added Decoder and Encoder.
-
-2011-01-03  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Add Encode/Decode machinery Darin and I plan to work with for back/forward stuff in WebKit2.
-
-        Starting out with a pure virtual interface to be implemented in WK2, but we might change that later.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-
-        * wtf/Decoder.h: Added.
-        * wtf/Encoder.h: Added.
-
-2011-01-03  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed build fix.
-
-        [Qt] Add NullPtr.cpp introduced in r71155 to the Qt build system.
-
-        This fix is required for builds where HAVE(NULLPTR) is false
-        (e.g. some MSVC and Symbian builds).
-
-        * wtf/wtf.pri:
-
-2011-01-02  Dan Bernstein  <mitz@apple.com>
-
-        Rubber-stamped by Simon Fraser.
-
-        <rdar://problem/8812159> Update copyright strings
-
-        * Info.plist:
-
-2011-01-02  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Fix GTK+ build after r74855.
-
-        Reviewed by Xan Lopez.
-
-        * GNUmakefile.am: Fix include pathes.
-
-2011-01-02  Adam Barth  <abarth@webkit.org>
-
-        One more .. missing in the Qt build.
-
-        * jsc.pro:
-
-2011-01-02  Xan Lopez  <xlopez@igalia.com>
-
-        Fix GTK+ build.
-
-        * GNUmakefile.am: add -I$(srcdir)/Source to the JSC cppflags so
-        that anyone can include its headers without adding the prefix
-        'Source/'.
-
-2011-01-02  Carl Lobo  <carllobo@gmail.com>
-
-        Reviewed by Adam Barth.
-
-        Fix Windows Build for non-production where VSPropsRedirectionDir is not defined.
-        https://bugs.webkit.org/show_bug.cgi?id=51797
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-2011-01-01  Adam Barth  <abarth@webkit.org>
-
-        Fix relative include paths in an attempt to fix the Qt build.
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-
-2011-01-01  Adam Barth  <abarth@webkit.org>
-
-        Another speculative build fix for GTK.
-
-        * GNUmakefile.am:
-
-2011-01-01  Adam Barth  <abarth@webkit.org>
-
-        Speculative build fix for GTK.  Update the paths in GNUmakefile to
-        include "Source".
-
-        * GNUmakefile.am:
-
-2011-01-01  Adam Barth  <abarth@webkit.org>
-
-        Update relative paths in JavaScriptCore.gyp to account for the extra
-        level of directories.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2010-12-31  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add a fast case for ASCII strings in HashAndUTF8CharactersTranslator::equal
-        https://bugs.webkit.org/show_bug.cgi?id=50517
-
-        This change shows about 2% performance win on the xml-parser benchmark.
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::HashAndUTF8CharactersTranslator::equal):
-
-2010-12-30  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Ariya Hidayat.
-
-        [CMake] Add WTF_HEADERS
-        https://bugs.webkit.org/show_bug.cgi?id=51741
-
-        Add the WTF headers to show them in Visual Studio.
-
-        * wtf/CMakeLists.txt:
-        * wtf/CMakeListsWinCE.txt:
-
-2010-12-30  Konstantin Tokarev  <annulen@yandex.ru>
-
-        Reviewed by David Kilzer.
-
-        [Qt] Don't build wtf/TCSystemAlloc.cpp if --system-malloc option is
-        used
-        https://bugs.webkit.org/show_bug.cgi?id=51672
-
-        * wtf/wtf.pri: Replaced USE_SYSTEM_MALLOC with USE_SYSTEM_MALLOC=1
-
-2010-12-30  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Use OS(WINDOWS) instead of COMPILER(MSVC) in FastMalloc.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=51743
-
-        Most of the ifdefs belong to windows and not to the MSVC compiler.
-
-        * wtf/FastMalloc.cpp:
-
-2010-12-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 51724 - In strict mode string literals should allow \0, but disallow \8 and \9.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseString):
-
-2010-12-29  Helder Correia  <helder@sencha.com>
-
-        Reviewed by Eric Seidel.
-
-        <VT> and <FF> are not valid JSON whitespace characters
-        https://bugs.webkit.org/show_bug.cgi?id=51671
-
-        Vertical Tab and Form Feed are not allowed white spaces by the JSON
-        RFC 4627: http://www.ietf.org/rfc/rfc4627.txt (2. JSON Grammar).
-
-        Tests: ietestcenter/Javascript/15.12.1.1-0-2.html
-               ietestcenter/Javascript/15.12.1.1-0-3.html
-
-        * runtime/LiteralParser.cpp:
-        (JSC::isJSONWhiteSpace):
-        (JSC::LiteralParser::Lexer::lex):
-
-2010-12-28  Helder Correia  <helder@sencha.com>
-
-        Reviewed by Eric Seidel.
-
-        JSON.stringify must exist as a function taking 3 parameters
-        https://bugs.webkit.org/show_bug.cgi?id=51667
-
-        The reported function length is 1 instead.
-
-        Test: ietestcenter/Javascript/15.12.3-0-2.html
-
-        * runtime/JSONObject.cpp:
-
-2010-12-28  Helder Correia  <helder@sencha.com>
-
-        Reviewed by Sam Weinig.
-
-        JSON.parse must exist as a function taking 2 parameters
-        https://bugs.webkit.org/show_bug.cgi?id=51666
-
-        Support for revivers was introduced in bug 26591, but the function
-        length has since remained unchanged.
-
-        Test: ietestcenter/Javascript/15.12.2-0-2.html
-
-        * runtime/JSONObject.cpp:
-
-2010-12-27  Jake Helfert  <jake@jakeonthenet.com>
-
-        Reviewed and reworked by Darin Adler.
-
-        Building WebKit with Visual Studio 2010 fails due
-        to ambiguous assignment operator errors.
-        https://bugs.webkit.org/show_bug.cgi?id=51116
-
-        * wtf/NullPtr.h: Added a HAVE(NULLPTR) definition for use with
-        Platform.h HAVE macro, and included the Visual Studio 2010 compiler
-        as one of the ones that has nullptr.
-        * wtf/NullPtr.cpp: Updated condition to match.
-        
-        * wtf/PassOwnArrayPtr.h: Don't include the operator=(nullptr_t)
-        overload if we are compiling in loose mode and the compiler has
-        nullptr, because assignment of 0 will otherwise encounter
-        ambiguitity with this overload and the overload for loose mode
-        that takes a raw pointer. The conditional can be removed when we
-        get rid of loose mode.
-        * wtf/PassOwnPtr.h: Ditto.
-
-        * wtf/PassRefPtr.h: Don't include the operator=(nullptr_t) overload
-        if the compiler has nullptr, because assignment of 0 would be
-        ambiguous with the overload that takes a raw pointer. The conditional
-        can be removed if we ever decide we no longer need to support
-        assigning 0, but might need a way to catch that usage on older compilers.
-        * wtf/RefPtr.h: Ditto.
-        * wtf/RetainPtr.h: Ditto
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added NullPtr.cpp,
-        accidentally omitted when the file was first added.
-
-2010-12-26  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Eric Seidel.
-
-        [GTK] Add standalone target for JSC
-        https://bugs.webkit.org/show_bug.cgi?id=51607
-
-        * GNUmakefile.am: add convenience target to only build jsc and its
-        dependencies.
-
-2010-12-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        [WINCE] Add CPU(MIPS) detection
-        https://bugs.webkit.org/show_bug.cgi?id=51342
-
-        WinCE usually defines MIPS and _MIPS_.
-
-        * wtf/Platform.h:
-
-2010-12-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Rename RegexCompiler.cpp to RegexPattern.cpp.
-        Implicitly call compileRegex from RegexPattern's constructor.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        * yarr/RegexCompiler.cpp: Removed.
-        * yarr/RegexCompiler.h: Removed.
-        * yarr/RegexInterpreter.cpp:
-        * yarr/RegexJIT.cpp:
-        * yarr/RegexPattern.cpp: Copied from JavaScriptCore/yarr/RegexCompiler.cpp.
-        (JSC::Yarr::compileRegex):
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        * yarr/RegexPattern.h:
-
-2010-12-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed build fix for WinCE after r74360.
-
-        Move the OS(WINDOWS) section after the OS(WINCE) section
-        and add missing argument to the getStackMax call.
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize):
-
-2010-12-22  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed build fix.
-
-        [Symbian] Make sure OSAllocatorSymbian builds
-
-        This patch only addresses the build problem.
-
-        https://bugs.webkit.org/show_bug.cgi?id=51128 tracks the full
-        (re)implementation of the Symbian allocator.
-
-        * wtf/OSAllocatorSymbian.cpp:
-        (WTF::OSAllocator::reserveUncommitted):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit):
-
-2010-12-22  Dan Bernstein  <mitz@apple.com>
-
-        Changed WebKitTools to Tools.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-
-2010-12-22  Dan Bernstein  <mitz@apple.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Changed WebKitTools to Tools in script build phases.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-12-22  Andrei Popescu  <andreip@google.com>
-
-        Unreviewed build fix.
-
-        Fix Chromium Linux shared library build.
-        [Chromium] r74431 broke the Chromium Linux shared library build
-        https://bugs.webkit.org/show_bug.cgi?id=51462
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-
-2010-12-21  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r74462.
-        http://trac.webkit.org/changeset/74462
-        https://bugs.webkit.org/show_bug.cgi?id=51449
-
-        broke chromium win (Requested by tonyg-cr on #webkit).
-
-        * JavaScriptCore.gypi:
-
-2010-12-21  Tony Gentilcore  <tonyg@chromium.org>
-
-        Unreviewed build fix.
-
-        [chromium] Build fix after r74431
-        https://bugs.webkit.org/show_bug.cgi?id=51447
-
-        * JavaScriptCore.gypi:
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative build fix.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::underMemoryPressure):
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 26276 - Need a mechanism to determine stack extent
-
-        This patch adds accurate stack size calculation for:
-            DARWIN, QNX, UNIX
-        We still need to fix:
-            WINDOWS, SOLARIS, OPENBSD, SYMBIAN, HAIKU, WINCE
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize):
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-         Reviewed by Geoff Garen.
- 
-        <rdar://problem/8765333> CRASH running out of executable memory, loading io9.com
-        https://bugs.webkit.org/show_bug.cgi?id=51443
-
-        The problem here is that each page uses a reasonable amount of memory, (~4Mb),
-        and that when miultiple pages are open we keep all JIT code for all functions
-        in all pages alive.
-
-        Add a check to detect high memory pressure situations in the executable allocator
-        (>50% of available memory allocated), and upon a top level entry into JSC (no code
-        running on the stack) in this situation throw away all JIT code.
-
-        * JavaScriptCore.exp:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions): stop passing exec to recompile.
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutablePool::systemAlloc): Count allocations.
-        (JSC::ExecutablePool::systemRelease): Count deallocations.
-        (JSC::ExecutablePool::underMemoryPressure): Check memory pressure.
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::underMemoryPressure): Stub out; only meaningful with FixedVMPool.
-        * jit/ExecutableAllocatorWin.cpp:
-        (JSC::ExecutablePool::underMemoryPressure): Stub out; only meaningful with FixedVMPool.
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::recompile): Remove ExecState argument to recompile.
-        * runtime/Executable.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::recompileAllJSFunctions): throws away all JIT code.
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): add check / call to throw away.
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/8241425> JIT executable memory excessive usage due to regex caching
-        https://bugs.webkit.org/show_bug.cgi?id=51434
-
-        Reduce the amount of memory the RegExpCache can hold on to on iOS.
-        Currently the RegExpCache can hold 256 RegExp objects. If each falls into a separate
-        ExecutablePool, with a common size of 16Kb, this means we end up holding onto 4Mb of
-        memory. Firstly, we can reduce this by simply reducing the size of the cache to 32
-        entries. Secondly, we can use a separate set of ExecutablePools for JIT code generated
-        from RegExp objects. This helps in two ways (1) it increases the probability that
-        RegExps in the cache share the same pool, and (2) it means that a RegExp can't end
-        up holding on to a large ExecutablePool containing a translation of JS code.
-        (A RegExp could end up keeping a larger RegExp alive that happened to be sharing the
-        same pool, but large RegExp patterns are less common).
-
-        * runtime/JSGlobalData.h:
-        * runtime/RegExpCache.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::compile):
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Eeeep! build fix!
-
-        * wtf/OSAllocator.h:
-        (WTF::OSAllocator::decommitAndRelease):
-
-2010-12-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Ooops, fixed typo in comment.
-
-        * wtf/OSAllocator.h:
-
-2010-12-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough & Oliver Hunt.
-
-        Added PageAllocationAligned, a cross-platform abstraction for memory allocations with arbitrary alignment requirements
-        https://bugs.webkit.org/show_bug.cgi?id=51359
-        
-        I think this patch fixes <rdar://problem/8107952> [5.0.1] WER crash in
-        Heap::allocateBlock (1902752929), and some other leaks and crashes as well.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Updated build files.
-
-        * runtime/AlignedMemoryAllocator.h: Removed. Supplanted by
-        PageAllocationAligned.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlock):
-        (JSC::Heap::addWeakGCHandle):
-        * runtime/Collector.h: Switched from AlignedMemoryAllocator to
-        PageAllocationAligned.
-
-        * runtime/GCHandle.cpp:
-        * runtime/GCHandle.h: Ditto.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::PageAllocation): Removed aligned memory allocation
-        functions. Supplanted by PageAllocationAligned.
-
-        * wtf/PageAllocationAligned.cpp: Added.
-        (WTF::PageAllocationAligned::allocate):
-        (WTF::PageAllocationAligned::deallocate):
-        * wtf/PageAllocationAligned.h: Added.
-        (WTF::PageAllocationAligned::PageAllocationAligned): New cross-platform
-        class for doing aligned memory allocation. This class properly matches
-        allocation and deallocation library calls, fixing a long-standing bug
-        in PageAllocation.
-
-        * wtf/Platform.h: Removed some defunction VM platform defines.
-
-        * wtf/wtf.pri: Updated build files.
-
-2010-12-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        ASSERTION FAILED: base->index() == m_codeBlock->argumentsRegister() while loading taobao.com
-        https://bugs.webkit.org/show_bug.cgi?id=49006
-
-        This problem was caused by having a parameter named 'arguments'.
-        The fix is to treat parameters named 'arguments' as shadowing
-        the actual arguments property, and so logically turn the function
-        into one that doesn't "use" arguments.
-
-        This required a bit of fiddling in the parser to ensure we correctly
-        propagate the 'feature' of shadowing is set correctly.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::createArgumentsIfNecessary):
-          Change assertion to an early return as we may now reference
-          a property named 'arguments' without being in a function that
-          has the ArgumentsFeature
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::Scope):
-        (JSC::JSParser::Scope::declareParameter):
-        (JSC::JSParser::Scope::shadowsArguments):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseFormalParameters):
-        (JSC::JSParser::parseFunctionInfo):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::usesArguments):
-
-2010-12-21  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Eric Seidel and Darin Adler.
-
-        Deallocate GregorianDateTime.timeZone (if allocated) when copying so that we don't leak memory.
-        https://bugs.webkit.org/show_bug.cgi?id=51367
-
-        Inspired by a patch by George Staikos.
-
-        * wtf/DateMath.cpp:
-        (JSC::msToGregorianDateTime): Modified to set timeZone to nullptr since timeZone is now
-        of type OwnPtrArray<char>.
-        * wtf/DateMath.h: Change timeZone to type OwnArrayPtr<char>; Removed destructor since it is no longer needed.
-        (JSC::GregorianDateTime::GregorianDateTime): Modified to use OwnPtrArray semantics for timeZone.
-        (JSC::GregorianDateTime::operator tm): Ditto.
-        (JSC::GregorianDateTime::copyFrom): Ditto.
-
-2010-12-21  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r74402.
-        http://trac.webkit.org/changeset/74402
-        https://bugs.webkit.org/show_bug.cgi?id=51402
-
-        This patch broke the Windows 7 Release Layout Tests (Requested
-        by jessieberlin on #webkit).
-
-        * wtf/StackBounds.cpp:
-        (WTF::estimateStackBound):
-        (WTF::StackBounds::initialize):
-
-2010-12-21  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Unify the name of parentheses in YARR: rename parenthesis to
-        parentheses.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomParenthesesEnd):
-
-2010-12-21  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Set BUILDING_QT__ consistently
-        https://bugs.webkit.org/show_bug.cgi?id=51341
-
-        * JavaScriptCore.pri: Remove the definition of BUILDING_QT__ as it
-        is already defined in WebKit.pri.
-
-2010-12-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 26276 - Need a mechanism to determine stack extent
-
-        This patch adds accurate stack size calculation for:
-            DARWIN, WINDOWS, QNX, UNIX
-        We still need to fix:
-            SOLARIS, OPENBSD, SYMBIAN, HAIKU, WINCE
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize):
-
-2010-12-20  Gavin Barraclough  <barraclough@apple.com>
-
-        PPC build fix; stop using std::swap on PageAllocation/PageReservation,
-        this was failing on some compilers since the lack of default construction
-        for the m_executable/m_writable fields meant the value being swapped may
-        not have been fully initialized.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::deallocate):
-        * wtf/PageBlock.h:
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::deallocate):
-
-2010-12-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        |delete name| in strict mode code should be an early error
-        https://bugs.webkit.org/show_bug.cgi?id=50431
-
-        Disallow the |delete IDENTIFIER| production in strict mode, and removed
-        a bunch of now unnecessary code.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::collectFreeVariables):
-        (JSC::jsParse):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseUnaryExpression):
-        * parser/JSParser.h:
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-
-2010-12-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Olver Hunt.
-
-        Bug 51358 - Should check stack depth rather than using recursion limits in byte compilation
-
-        The current implementation of recursion limit checking is not safe on smaller stacks.
-        Switch to using a common mechanism, shared with the parser, to check recursion limits.
-
-        Make bytecompiler use StackBounds. Empirical testing shows emitStrcat to have the largest
-        footprint on the stack, at just under 1k on x86-64.  Given this, the default recursion
-        check (requiring 4k of available space to recurse) seems reasonable.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNode):
-        (JSC::BytecodeGenerator::emitNodeInConditionContext):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BinaryOpNode::emitStrcat):
-
-2010-12-20  Tony Gentilcore  <tonyg@chromium.org>
-
-        Unreviewed build fix.
-
-        Include pthread to fix chromium mac build (broken by r74360)
-        https://bugs.webkit.org/show_bug.cgi?id=51356
-
-        * wtf/StackBounds.cpp:
-
-2010-12-20  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gustavo Noronha.
-
-        * GNUmakefile.am: add missing files.
-
-2010-12-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 26276 - Need a mechanism to determine stack extent
-
-        This patch adds a class 'StackBounds', to hold information about the machine stack.
-        The implementation of this class broadly adheres to the current implmentation of
-        stack limit checking, and as such does not solve the problem of determining stack
-        extent, but gives us a common place to do so.
-
-        Currently two mechanism are provided to determine the stack origin (the point the
-        stack is growing away from). currentThreadStackBase() in Collector provides a
-        more accurate determination of the stack origin, so use this to calculate
-        StackBounds::m_origin; WTFThreadData::approximatedStackStart is less accurate, and
-        as such can be removed.  Cache the StackBounds on WTFThreadData such that they
-        need only be determined once per thread, and for non-API contexts cache this
-        information in JSGlobalData, to save a thread-specific access.
-
-        For the time being retain the estimate of stack size used by JSC's parser
-        (128 * sizeof(void*) * 1024), with a view to replacing this with something more
-        accurate in the near future.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::canRecurse):
-        (JSC::JSParser::JSParser):
-            Change to use StackBounds.
-        * runtime/Collector.cpp:
-        (JSC::Heap::registerThread):
-        (JSC::Heap::markCurrentThreadConservativelyInternal):
-            Change to use StackBounds, cached on JSGlobalData.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::stack):
-            Add a cached copy of StackBounds.
-        * wtf/StackBounds.cpp: Copied from JavaScriptCore/runtime/Collector.cpp.
-        (WTF::estimateStackBound):
-        (WTF::StackBounds::initialize):
-        (WTF::getStackMax):
-            Copy code from Collector.cpp to determine stack origin.
-        * wtf/StackBounds.h: Added.
-        (WTF::StackBounds::StackBounds):
-            No argument constructor; returns a null StackBounds.
-        (WTF::StackBounds::currentThreadStackBounds):
-            Returns a StackBounds object representing the stack limits
-            of the current thread.
-        (WTF::StackBounds::origin):
-            Returns to stack origin (the point the stack is growing away
-            from; the highest extent of the stack on machines where the
-            stack grows downwards.
-        (WTF::StackBounds::recursionLimit):
-            Returns a limit value that is 'a comfortable distance from
-            the end of the stack'. Our concept of this is currently 1 page
-            away from the end, however the default value may be tuned in
-            the future, and clients may override passing a larger delta;
-            should only be called on StackBounds object representing the
-            stack of the thread this method is called on (checked by
-            checkConsistency).
-        (WTF::StackBounds::recursionCheck):
-            Checks whether we are currently 'a comfortable distance from
-            the end of the stack'. Our concept of this is currently 1 page
-            away from the end, however the default value may be tuned in
-            the future, and clients may override passing a larger delta
-            to apply when checking, if they wish to do so. This method
-            should only be called on StackBounds object representing the
-            stack of the thread this method is called on (checked by
-            checkConsistency).
-        (WTF::StackBounds::current):
-            Approximate current stack position. On machines where the stack
-            is growing downwards this is the lowest address that might need
-            conservative collection.
-        (WTF::StackBounds::isGrowingDownward):
-            True for all platforms other than WINCE, which has to check.
-        (WTF::StackBounds::checkConsistency):
-            This is called in methods that shoulds only be operating on a
-            valid set of bounds; as such we expect m_origin != m_bounds
-            (i.e. stack size != zero) - we're really testing that this
-            object is not null (the constructor initializes both fields
-            to zero).  Also checks that current() is within the stack's
-            bounds.
-        * wtf/WTFThreadData.cpp:
-        (WTF::WTFThreadData::WTFThreadData):
-        * wtf/WTFThreadData.h:
-        (WTF::WTFThreadData::stack):
-            Add the StackBounds member variable.
-
-2010-12-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Factored common page set management into a new PageBlock base class
-        https://bugs.webkit.org/show_bug.cgi?id=51285
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::intializePageSize):
-        * wtf/PageAllocation.cpp: Removed.
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::deallocate):
-        (WTF::PageAllocation::PageAllocation):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::commit):
-        (WTF::PageReservation::decommit):
-        (WTF::PageReservation::deallocate):
-        (WTF::PageReservation::PageReservation):
-        * wtf/wtf.pri:
-
-2010-12-17  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        RegExp Jit'ed expression crashes clicking link on yelp.com
-        https://bugs.webkit.org/show_bug.cgi?id=51284
-
-        When transitioning between an non-repeating beginning of line
-        anchored expression and the remaining refactored repeating 
-        expression, we should not clear any residual datalabel in 
-        state's m_backtrack.  It will be resolved and cleared in subsequent
-        code when linkAlternativeBacktracks() is called for the repeating
-        alternative(s).
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::clear):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::clearBacktrack):
-
-2010-12-17  Dan Bernstein  <mitz@apple.com>
-
-        Rubber-stamped by Mark Rowe.
-
-        Updated for the renaming of WebKitTools to Tools
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh:
-
-2010-12-17  Ariya Hidayat  <ariya@sencha.com>
-
-        Reviewed by Oliver Hunt.
-
-        [JSC] parseAssignmentExpression should use TreeBuilder::CreatesAST
-        https://bugs.webkit.org/show_bug.cgi?id=51268
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseAssignmentExpression):
-
-2010-12-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed RChunk from PageAllocation/PageReservation, since it's now unused.
-        https://bugs.webkit.org/show_bug.cgi?id=51276
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::PageAllocation):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::PageReservation):
-
-2010-12-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Incorrect encoding of some constants in ARMv7 JIT
-        https://bugs.webkit.org/show_bug.cgi?id=51273
-        <rdar://problem/8650210>
-
-        When using immediate encoding 3 we need to write the byte
-        that holds a duplicated value.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMThumbImmediate::makeEncodedImm):
-
-2010-12-16  Evan Martin  <evan@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        [chromium] useless warnings when building on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=50985
-
-        Disable some compiler warnings that aren't indicative of real problems.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2010-12-16  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=51166
-        ExecutableAllocator::cacheFlush should call sys_cache_control
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush): Use the more correct and forward looking API -
-        sys_cache_control(kCacheFunctionPrepareForExecution,...).
-
-2010-12-16  Ariya Hidayat  <ariya@sencha.com>
-
-        Reviewed by Andreas Kling.
-
-        [JSC] Const correctness in ASTBuilder and SyntaxChecker
-        https://bugs.webkit.org/show_bug.cgi?id=51141
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::getName):
-        (JSC::ASTBuilder::getType):
-        (JSC::ASTBuilder::isResolve):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::operatorStackPop):
-
-2010-12-15  Kenneth Russell  <kbr@google.com>
-
-        Reviewed by James Robinson.
-
-        Web Audio API: port FFTFrame to MKL
-        https://bugs.webkit.org/show_bug.cgi?id=50986
-
-        Fixed bug in log2 emulation function provided for Windows port of
-        Web Audio API.
-
-        * wtf/MathExtras.h:
-        (log2):
-
-2010-12-14  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <http://webkit.org/b/51064> Reproducible crash inside WebCore::MediaPlayerPrivateQTKit::createQTMovie when loading <video>
-
-        * wtf/text/WTFString.h: Prevent String from being implicitly convertable to bool.
-        It was previously implicitly convertible to bool on Mac via operator NSString*,
-        but since that always has a non-zero return value it would give unexpected results.
-
-2010-12-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] [Symbian] Do not use pkg-config on Symbian as it is not supported
-        https://bugs.webkit.org/show_bug.cgi?id=50231
-
-        Guard CONFIG+=link_pkgconfig with !symbian.
-
-        * jsc.pro:
-
-2010-12-14  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Revert accidental change disabling the JIT for most platforms.
-
-        * wtf/Platform.h:
-
-2010-12-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Clang fails to build the JSC interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=51016
-
-        Clang does not allow indirect gotos out of scopes with cleanup. GCC 4.2 allows
-        them, but it does not correctly generate the cleanup, causing a leak if the
-        cleanup decrements a reference count.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Put an Identifier into its own scope.
-
-2010-12-14  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Simplify context-menu handling code
-        https://bugs.webkit.org/show_bug.cgi?id=49658
-
-        * wtf/PlatformRefPtr.h: Add leakRef()
-
-2010-12-13  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JavaScriptCore should not use "asm volatile" outside of a function
-        https://bugs.webkit.org/show_bug.cgi?id=50991
-
-        * jit/JITStubs.cpp: Remove the volatile keyword from asm statements.
-
-2010-12-13  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows production build fix.
-        Try copying ICU 4.6 in addition to 4.4 and 4.2.
-
-        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
-
-2010-12-13  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESSION: mobileme mail viewing is broken
-        https://bugs.webkit.org/show_bug.cgi?id=50884
-
-        Fixed problem where simple parenthesis (those without capture and
-        with a fixed count) where not propagating backtrack to labels for 
-        nested parentheses.  Also added the nesting level for the parentheses 
-        state created in that case as well.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::copyBacktrackToLabel):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isLastTerm):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::generateCode):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-
-2010-12-13  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Reduce the size of the RegexStackSpaceForBackTrackInfoParentheses in YARR
-        https://bugs.webkit.org/show_bug.cgi?id=49385
-
-        Remove the BackTrackInfoParentheses struct prevBegin and prevEnd members.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchParentheses):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-        * yarr/RegexPattern.h:
-
-2010-12-10  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION Hang inside Yarr::RegexCodeBlock::execute when visiting
-        bugs.webkit.org
-        https://bugs.webkit.org/show_bug.cgi?id=50816
-
-        First nested parentheses of the second or greater alternative
-        where backtracking to the prior parentheses.  Changed the default
-        handling of initial parentheses for all alternatives to go back
-        to the immediate outer paren.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::GenerationState::addParenthesesTail):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::TermGenerationState):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isLastTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::getTermIndex):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::setParenthesesTail):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::getParenthesesTail):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::ParenthesesTail):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::processBacktracks):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::generateCode):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-
-2010-12-11  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add an overload to makeString for Vector<char>
-        https://bugs.webkit.org/show_bug.cgi?id=50123
-
-        Also cleanup StringTypeAdapter.
-
-        * wtf/text/StringConcatenate.h:
-
-2010-12-10  Siddharth Mathur  <siddharth.mathur@nokia.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] Build fix for Symbian: don't compile POSIX memory management implementation 
-        https://bugs.webkit.org/show_bug.cgi?id=50707
-
-        * wtf/wtf.pri:
-
-2010-12-10  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows production build fix.
-        
-        Don't stop if react-to-vsprops-changes.py exits with an error,
-        since this will occur in production builds.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2010-12-10  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Turn on USE(CROSS_PLATFORM_CONTEXT_MENUS) for Windows.
-
-        * wtf/Platform.h:
-
-2010-12-10  Martin Robinson  <mrobinson@igalia.com>
-
-        Unreviewed, rolling out r73703.
-        http://trac.webkit.org/changeset/73703
-        https://bugs.webkit.org/show_bug.cgi?id=49658
-
-        This patch is causing crashes on the GTK+ bots.
-
-        * wtf/PlatformRefPtr.h:
-
-2010-12-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Cleanup StringWx.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=50525
-
-        Use StringImpl::createUninitialized to avoid memcpy and fix style issues.
-
-        * wtf/wx/StringWx.cpp:
-        (WTF::String::String):
-
-2010-12-10  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Simplify context-menu handling code
-        https://bugs.webkit.org/show_bug.cgi?id=49658
-
-        * wtf/PlatformRefPtr.h:
-
-2010-12-09  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION (r73065?): A regex no longer works 
-        https://bugs.webkit.org/show_bug.cgi?id=50570
-
-        Changed the handling of adjacent parentheses backtracks in two ways.
-        First, only outer most paren backtracks default to back tracking
-        to the "next character" looping code.  Second, added a jump around 
-        backtracks that fall through to the next backtrack where the
-        second backtrack has some greedy processing before the backtracking
-        from outside the parentheses code.
-        Also cleaned up extraneous white spce, removing white space at the
-        end of or that makes up a whole line.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::GenerationState::GenerationState):
-        (JSC::Yarr::RegexGenerator::GenerationState::incrementParenNestingLevel):
-        (JSC::Yarr::RegexGenerator::GenerationState::decrementParenNestingLevel):
-        (JSC::Yarr::RegexGenerator::GenerationState::addParenthesesTail):
-        (JSC::Yarr::RegexGenerator::GenerationState::emitParenthesesTail):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::ParenthesesTail):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::setNextIteration):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::generateCode):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-
-2010-12-09  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Addressed the "FIXME" issues in array sort for toString() methods that
-        mutate the array in either size or contents.  The change is to mark
-        the temporary array contents so that they are not garbage collected
-        and to make sure the array is large enough to hold the contents
-        of the sorted temporary vector.
-        https://bugs.webkit.org/show_bug.cgi?id=50718
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::addTempSortVector):
-        (JSC::Heap::removeTempSortVector):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * runtime/Collector.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort):
-        * runtime/JSValue.h:
-
-2010-12-09  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Changed setting of backtrack labels to not overwrite a prior
-        label.  Where losing prior labe which then reverted back to 
-        next character label.
-        https://bugs.webkit.org/show_bug.cgi?id=50579
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setBacktrackToLabel):
-
-2010-12-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Permit Character Class Escape in CharacterRange in Character Class.
-        https://bugs.webkit.org/show_bug.cgi?id=50483
-        https://bugs.webkit.org/show_bug.cgi?id=50538
-        https://bugs.webkit.org/show_bug.cgi?id=50654
-        https://bugs.webkit.org/show_bug.cgi?id=50646
-
-        We recently tightened up our spec conformance in generating syntax
-        error in these cases, however testing in the wild has shown this
-        to be problematic. This reverts the previous change in allowing
-        class escapes (e.g. \d) in ranges in character classes ([]), but
-        does retain some closer conformance to the spec in only allowing
-        ranges that would be permitted per the grammar rules in the spec
-        (e.g. in /[\d-a-z]/ "a-z" cannot be considered as a range).
-
-        * yarr/RegexParser.h:
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
-        (JSC::Yarr::Parser::parse):
-
-2010-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Try to fix crash-on-launch seen on Windows builder.
-
-        * wtf/OSAllocatorWin.cpp:
-        (WTF::OSAllocator::release): Disabled an ASSERT, because it checks for
-        a bug that hasn't been fixed yet.
-
-2010-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated .def file.
-
-2010-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated .def
-        file to remove a symbol -- the next build failure will say which symbol
-        to add back.
-
-2010-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated .def file.
-
-2010-12-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix GTK Linux build.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        * runtime/AlignedMemoryAllocator.h:
-        (JSC::::AlignedMemoryAllocator): Updated for Usage enum moving to OSAllocator.
-
-2010-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Migrated OS-specific allocation code from PageReservation and PageAllocation to OSAllocator
-        https://bugs.webkit.org/show_bug.cgi?id=50653
-
-        * JavaScriptCore.exp: Updated for new function signature.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::grow):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator): Removed checkAllocatedOkay.
-        OSAllocator is now the central location for verifying that allocation succeeds.
-        This allowed me to remove some complicating cross-platform cruft.
-
-        * runtime/AlignedMemoryAllocator.h:
-        (JSC::::allocate): Updated for code motion.
-
-        * wtf/OSAllocator.h: Added Usage, writable, and executable parameters, to
-        support VM features required by clients of PageAllocation and PageReservation.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit): Moved PageAllocation support for randomizing
-        executable memory here.
-
-        * wtf/OSAllocatorSymbian.cpp:
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit): Updated for new function signatures.
-
-        * wtf/OSAllocatorWin.cpp:
-        (WTF::protection):
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::release): Updated for new function signatures. Moved
-        some protection-related and WINCE-related code from PageAllocation here.
-
-        * wtf/PageAllocation.cpp: Nixed cross-platform lastError abstraction, since
-        it was only used by checkAllocatedOkay, which is now gone.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::allocate):
-        (WTF::PageAllocation::allocateAligned):
-        (WTF::PageAllocation::deallocate):
-        (WTF::PageAllocation::isPowerOfTwo):
-        (WTF::PageAllocation::systemAllocateAligned): Removed system* functions,
-        and replaced calls to them with calls to OSAllocator.
-
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::commit):
-        (WTF::PageReservation::decommit):
-        (WTF::PageReservation::reserve):
-        (WTF::PageReservation::deallocate):
-        (WTF::PageReservation::PageReservation): Ditto. Added m_writable and
-        m_executable because these flags are now required when committing memory.
-
-2010-12-08  Chris Rogers  <crogers@google.com>
-
-        Reviewed by Kenneth Russell.
-
-        Add web audio files to mac port Xcode projects
-        https://bugs.webkit.org/show_bug.cgi?id=50721
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-12-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Marking the active global object re-enters through markConservatively
-        https://bugs.webkit.org/show_bug.cgi?id=50711
-
-        draining of the MarkStack is not allowed to be re-entrant, we got away
-        with this simply due to the logic in MarkStack::drain implicitly handling
-        changes that could be triggered by the re-entry.
-
-        Just to be safe this patch removes the re-entry through markConservatively
-        so we don't accidentally introduce such an issue in future.  I've also
-        added an assertion to catch such errors.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::markConservatively):
-        (JSC::Heap::markCurrentThreadConservativelyInternal):
-        (JSC::Heap::markOtherThreadConservatively):
-        * runtime/JSArray.h:
-        (JSC::MarkStack::drain):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-
-2010-12-08  Chris Marrin  <cmarrin@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Share code between Mac (CA) and Windows (CACF) GraphicsLayer implementations
-        https://bugs.webkit.org/show_bug.cgi?id=49388
-
-        Added a WTF_PLATFORM_CA flag. Set when platform is MAC or IOS or (WINDOWS AND CG)
-        which was decided was the best way to identify a build with CoreAnimation
-
-        * wtf/Platform.h:
-
-2010-12-07  Anders Carlsson  <andersca@apple.com>
-
-        Build fix follow up build fix.
-
-        * pcre/pcre_ucp_searchfuncs.cpp:
-        (jsc_pcre_ucp_othercase):
-
-2010-12-07  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fix clang++ build
-        https://bugs.webkit.org/show_bug.cgi?id=50645
-
-        Explicitly cast offset to int.
-
-        * pcre/pcre_ucp_searchfuncs.cpp:
-        (jsc_pcre_ucp_othercase):
-
-2010-12-07  Kenneth Russell  <kbr@google.com>
-
-        Reviewed by David Levin.
-
-        Fix compilation of core web audio files on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=50603
-
-        Added log2 definition to MathExtras.h on Windows platform.
-
-        * wtf/MathExtras.h:
-        (log2):
-
-2010-12-07  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=50412
-        http://www.wunderground.com/US/CA/Hayward.html causes big memory spike during page loading 
-        
-        Creating a substring caused the original string be flattened if it was in the rope form. This could use
-        significant amount of memory by reducing buffer sharing between strings.
-        
-        Add a rope specific substring function that constructs the substring by reusing the rope fibers
-        instead of flattening the rope.
-        
-        No change observed in SunSpider.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::substringFromRope):
-        * runtime/JSString.h:
-        (JSC::jsSubstring):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-
-2010-12-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Simplified some ASLR-related code in PageAllocation/Reservation
-        https://bugs.webkit.org/show_bug.cgi?id=50599
-        
-        Removed reserveAt, allocateAt, and friends, since they all existed to
-        serve one feature: ASLR for executable memory on x86_64 on Mac. Moved
-        ASLR code down into systemAllocate -- now, any time you allocate
-        executable memory on a supporting platform, the memory's location is
-        randomized.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator): No need for the caller
-        to randomize anything.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::systemAllocate): Removed some *At() functions, and
-        beefed up executable allocation with randomization.
-
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::systemReserve): Removed some *At() functions.
-
-2010-12-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        reserveAndCommit doesn't commit on MADVISE_FREE_REUSE systems
-        https://bugs.webkit.org/show_bug.cgi?id=50588
-        
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit): Tightened up some comments. Changed
-        reserveAndCommit to actually commit on MADVISE_FREE_REUSE systems.
-
-2010-12-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        [WINCE] Add build system
-        https://bugs.webkit.org/show_bug.cgi?id=50522
-
-        * CMakeListsWinCE.txt: Added.
-        * shell/CMakeListsWinCE.txt: Added.
-        * wtf/CMakeListsWinCE.txt: Added.
-
-2010-12-06  John Tantalo  <john.tantalo@gmail.com>
-
-        Reviewed by Geoffrey Garen.
-
-        jsc does not ignore shebang
-        https://bugs.webkit.org/show_bug.cgi?id=49576
-
-        * jsc.cpp:
-        (fillBufferWithContentsOfFile):
-          - translate shebang into a valid JavaScript comment so the lexer ignores it
-
-2010-12-05  Adam Roben  <aroben@apple.com>
-
-        Windows production build fix
-
-        Put spaces after trailing backslashes when setting
-        %WebKitVSPropsRedirectionDir%. According to MSDN
-        <http://msdn.microsoft.com/en-us/library/2kzfk8c7(v=VS.80).aspx>:
-
-           A backslash ( \ ) followed by a newline character is interpreted as
-           a space in the command; use a backslash at the end of a line to
-           continue a command onto the next line. NMAKE interprets the
-           backslash literally if any other character, including a space or
-           tab, follows the backslash.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-
-2010-12-04  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed, build fix after r69132.
-
-        * shell/CMakeLists.txt: Fix directory name (jsc -> shell).
-
-2010-12-04  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Drop GdkDrawable usage, it's deprecated in GTK+3.x and we can use GdkWindow
-        https://bugs.webkit.org/show_bug.cgi?id=50451
-
-        * wtf/gobject/GTypedefs.h: add GdkWindow defines.
-
-2010-12-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        Bug 50509 - set* methods on MacroAssembler are awfully named.
-
-        Methods set32 and setTest32 compare 32-bit operands, and set a 32-bit results based on the comparison.
-        set8 compares 32-bit operands, and sets an 8-bit result based on the comparison.
-        setTest8 compares 8-bit operands, and sets a 32-bit result based on the comparison.
-
-        Rename to clarify.
-
-        set32 -> set32Compare32
-        setTest32 -> set32Test32
-        set8 -> set8Compare32
-        setTest8 -> set32Test8
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::setPtr):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::set32Compare32):
-        (JSC::MacroAssemblerARM::set8Compare32):
-        (JSC::MacroAssemblerARM::set32Test32):
-        (JSC::MacroAssemblerARM::set32Test8):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::set32Compare32):
-        (JSC::MacroAssemblerARMv7::set8Compare32):
-        (JSC::MacroAssemblerARMv7::set32Test32):
-        (JSC::MacroAssemblerARMv7::set32Test8):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::set8Compare32):
-        (JSC::MacroAssemblerMIPS::set32Compare32):
-        (JSC::MacroAssemblerMIPS::set32Test8):
-        (JSC::MacroAssemblerMIPS::set32Test32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::set8Compare32):
-        (JSC::MacroAssemblerX86Common::set32Compare32):
-        (JSC::MacroAssemblerX86Common::set32Test8):
-        (JSC::MacroAssemblerX86Common::set32Test32):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-
-2010-12-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Incorrect logic for returning memory at the end of linking.
-        Reviewed by Geoff Garen.
-
-        At the end of linking we return any space at the end of the
-        allocated executable region that was saved due to branch
-        compaction.  This is currently by done by subtracting the
-        different from the m_freePtr in the allocation pool.  This
-        can be incorrect if your allocation was made from a new
-        page that was not selected for subsequent allocations.
-
-        This patch corrects this behaviour by verifying that the
-        memory being returned actually comes from the current
-        allocation pool.
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::linkCode):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::tryShrink):
-
-2010-12-03  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough
-
-        Changes to significantly reduce branches to branches in JIT'ed
-        parentheses backtrack processing.  The changes include the following:
-        - Taking the backtracking processing out of line and adding it as
-          code at the end of the JIT'ed routine.
-        - Allow backtracks to be direct via an indirect branch for an address
-          pushed onto the stack.  If the use of an indirect branch is from a
-          conditional jump, then we emit a trampoline at the end of the 
-          routine.
-        - Propogate backtracks instead of adding trampolines.  Backtracks are
-          propogated to where they are used.  This change also eliminated 
-          trampoline branch code that aren't used.
-        - Added global expression state to keep track of parentheses tail
-          code and indirect branches.
-        Other changes made to support these changes.
-        - Split invertOrCapture flag on Patterns to two separate flags.  Added
-          getters for these flags.  Rippled these changes to both the JIT 
-          and interpreter code.
-        - Split BacktrackDestination out off TermGenerationState struct.
-          This is done to hold references to a backtrack for later code
-          generation.
-        https://bugs.webkit.org/show_bug.cgi?id=50295
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::JmpDst::isSet):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::JmpDst::isSet):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Label::isSet):
-        (JSC::AbstractMacroAssembler::DataLabelPtr::isUsed):
-        (JSC::AbstractMacroAssembler::DataLabelPtr::used):
-        (JSC::AbstractMacroAssembler::JumpList::clear):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::JmpDst::isSet):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::JmpDst::isSet):
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::RegexPatternConstructor::atomParentheticalAssertionBegin):
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::setupAlternativeBeginTerms):
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/RegexInterpreter.h:
-        (JSC::Yarr::ByteTerm::ByteTerm):
-        (JSC::Yarr::ByteTerm::BackReference):
-        (JSC::Yarr::ByteTerm::invert):
-        (JSC::Yarr::ByteTerm::capture):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::IndirectJumpEntry::IndirectJumpEntry):
-        (JSC::Yarr::RegexGenerator::IndirectJumpEntry::addJump):
-        (JSC::Yarr::RegexGenerator::GenerationState::GenerationState):
-        (JSC::Yarr::RegexGenerator::GenerationState::addIndirectJumpEntry):
-        (JSC::Yarr::RegexGenerator::GenerationState::emitIndirectJumpTable):
-        (JSC::Yarr::RegexGenerator::GenerationState::addParenthesesTail):
-        (JSC::Yarr::RegexGenerator::GenerationState::emitParenthesesTail):
-        (JSC::Yarr::RegexGenerator::GenerationState::addJumpToNextInteration):
-        (JSC::Yarr::RegexGenerator::GenerationState::addJumpsToNextInteration):
-        (JSC::Yarr::RegexGenerator::GenerationState::addDataLabelToNextIteration):
-        (JSC::Yarr::RegexGenerator::GenerationState::linkToNextIteration):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::BacktrackDestination):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::clear):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::clearDataLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::haveDestination):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::isStackOffset):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::isLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::isJumpList):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::haveDataLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::copyTarget):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::copyTo):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::addBacktrackJump):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setStackOffset):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setNextBacktrackLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setBacktrackToLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setBacktrackJumpList):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setBacktrackSourceLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setDataLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::setSubDataLabelPtr):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::linkToNextBacktrack):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::getStackOffset):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::getLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::getBacktrackJumps):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::getDataLabel):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::jumpToBacktrack):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::linkDataLabelToHereIfExists):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::plantJumpToBacktrackIfExists):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::linkAlternativeBacktracks):
-        (JSC::Yarr::RegexGenerator::BacktrackDestination::linkAlternativeBacktracksTo):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::TermGenerationState):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::resetAlternative):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isLastAlternative):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::clearBacktrack):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::jumpToBacktrack):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::plantJumpToBacktrackIfExists):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::addBacktrackJump):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::setDataLabelPtr):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::setBackTrackStackOffset):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::setBacktrackLabel):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::linkAlternativeBacktracks):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::linkAlternativeBacktracksTo):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::setBacktrackLink):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::chainBacktracks):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::chainBacktrackJumps):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::getBacktrackDestination):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::propagateBacktrackingFrom):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::ParenthesesTail):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::processBacktracks):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::setNextIteration):
-        (JSC::Yarr::RegexGenerator::ParenthesesTail::generateCode):
-        (JSC::Yarr::RegexGenerator::generateAssertionBOL):
-        (JSC::Yarr::RegexGenerator::generateAssertionEOL):
-        (JSC::Yarr::RegexGenerator::generateAssertionWordBoundary):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterSingle):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterPair):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassSingle):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassFixed):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassGreedy):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateParenthesesDisjunction):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-        (JSC::Yarr::RegexGenerator::generateParenthesesGreedyNoBacktrack):
-        (JSC::Yarr::RegexGenerator::generateParentheticalAssertion):
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-        (JSC::Yarr::RegexGenerator::compile):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::PatternTerm::PatternTerm):
-        (JSC::Yarr::PatternTerm::invert):
-        (JSC::Yarr::PatternTerm::capture):
-
-2010-12-03  Chris Rogers  <crogers@google.com>
-
-        Reviewed by Kenneth Russell.
-
-        First steps to adding web audio files to build systems
-        https://bugs.webkit.org/show_bug.cgi?id=49952
-
-        * wtf/Complex.h:
-
-2010-12-03  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Move StringWx.cpp into wtf directory
-        https://bugs.webkit.org/show_bug.cgi?id=50060
-
-        * wtf/wx/StringWx.cpp: Renamed from WebCore/platform/text/wx/StringWx.cpp.
-        (WTF::String::String):
-
-2010-12-03  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Move StringBrew.cpp into wtf directory
-        https://bugs.webkit.org/show_bug.cgi?id=50058
-
-        * wtf/brew/StringBrew.cpp: Renamed from WebCore/platform/text/brew/StringBrew.cpp.
-        (WTF::String::String):
-
-2010-12-03  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Move StringHaiku.cpp into wtf directory
-        https://bugs.webkit.org/show_bug.cgi?id=50057
-
-        * wtf/haiku/StringHaiku.cpp: Renamed from WebCore/platform/text/haiku/StringHaiku.cpp.
-        (WTF::String::String):
-        (WTF::String::operator BString):
-
-2010-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build.
-
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::synchronize): Added a non-CF implementation.
-
-2010-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed <rdar://problem/8310571> CrashTracer: 60 crashes in Photo Booth at
-        com.apple.JavaScriptCore: JSC::Heap::markRoots + 746
-        
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Call our new
-        synchronize() function.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::activityCallback):
-        * runtime/Collector.h: Added an activityCallback() accessor, for the
-        call above.
-
-        * runtime/GCActivityCallback.h:
-        (JSC::GCActivityCallback::synchronize):
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::operator()):
-        (JSC::DefaultGCActivityCallback::synchronize): Track the run loop we're
-        scheduled in. If we begin/resume execution within a new run loop, reschedule
-        on it. This prevents a crash when using a lockless context group on
-        multiple threads -- the crash would happen if the GC timer scheduled on
-        thread A, then you continued execution on thread B, then the thread A
-        timer fired.
-
-2010-12-02  Darin Adler  <darin@apple.com>
-
-        * wtf/ASCIICType.h: Fix wrong type from last check-in.
-
-2010-12-02  Darin Adler  <darin@apple.com>
-
-        Try to fix certain builds (Qt Windows).
-
-        * wtf/ASCIICType.h: Added an overload for unsigned because in obsolete
-        versions of ICU, UChar32 can be a typedef for unsigned. Adding this
-        overload should make us compatible with these old ICUs.
-
-2010-12-02  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add AtomicString::fromUTF8
-        https://bugs.webkit.org/show_bug.cgi?id=45594
-
-        Unicode::calculateStringHashFromUTF8 creates a StringHash out of UTF8 input data and
-        calculates the required length for the UTF16 conversation in one step.
-        This is then used in a specialized translator for the string table of AtomicString.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/AtomicString.cpp:
-        (WTF::CStringTranslator::equal):
-        (WTF::HashAndUTF8CharactersTranslator::hash):
-        (WTF::HashAndUTF8CharactersTranslator::equal):
-        (WTF::HashAndUTF8CharactersTranslator::translate):
-        (WTF::AtomicString::add):
-        (WTF::AtomicString::addSlowCase):
-        (WTF::AtomicString::find):
-        (WTF::AtomicString::fromUTF8):
-        * wtf/text/AtomicString.h:
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.h:
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::readUTF8Sequence):
-        (WTF::Unicode::convertUTF8ToUTF16):
-        (WTF::Unicode::calculateStringHashFromUTF8):
-        (WTF::Unicode::equalUTF16WithUTF8):
-        * wtf/unicode/UTF8.h:
-
-2010-12-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Added a little hardening to OSAllocator.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::release):
-        * wtf/OSAllocatorWin.cpp:
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-        (WTF::OSAllocator::release): CRASH() if the OS's virtual memory system
-        reports an error.
-
-2010-12-02  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        [Qt] Make platform managing of OSAllocator better than r73106
-        https://bugs.webkit.org/show_bug.cgi?id=50385
-
-        * wtf/OSAllocatorPosix.cpp: Remove platform specific guard.
-        * wtf/OSAllocatorSymbian.cpp: Remove platform specific guard.
-        * wtf/OSAllocatorWin.cpp: Remove platform specific guard.
-        * wtf/wtf.pri: Add the correct platform specific source file instead of all of them.
-
-2010-12-02  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        [WINCE] Use GetTickCount() for srand()
-        https://bugs.webkit.org/show_bug.cgi?id=50338
-
-        time() is not a native function on WinCE, so use GetTickCount() instead.
-
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-
-2010-12-02  Norbert Leser  <norbert.leser@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] [Symbian] Reintroduce compiler optimizations for JSC
-        https://bugs.webkit.org/show_bug.cgi?id=50270
-
-        Add compiler optimization (symbian ARM target) which was lost after split from WebCore.
-        Tested via Sunspider and V8 - both of which show significant performance improvement.
-
-        * JavaScriptCore.pro:
-
-2010-12-02  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Move regex parsing and fallback handling to runtime/RegExp.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=50015
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        (JSC::RegExp::printTraceData):
-        * runtime/RegExp.h:
-        (JSC::RegExp::pattern):
-        * yarr/RegexInterpreter.cpp:
-        * yarr/RegexInterpreter.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::compile):
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::setFallBack):
-        (JSC::Yarr::RegexCodeBlock::isFallBack):
-        (JSC::Yarr::executeRegex):
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the GTK build.
-
-        * GNUmakefile.am: Use a full path to OSAllocator*.cpp.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the EFL Linux build.
-
-        * CMakeListsEfl.txt: Added OSAllocator to the project.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt build: Include all OS files for Qt's sake, and then
-        use #ifdefs in the files to exclude things based on OS.
-        
-        This is a pretty bad way to manage platforms -- hopefully we can
-        fix the Qt build system and move away from this in the future.
-
-        * wtf/OSAllocatorPosix.cpp:
-        * wtf/OSAllocatorSymbian.cpp:
-        * wtf/OSAllocatorWin.cpp:
-        * wtf/wtf.pri:
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Chromium build.
-        
-        * JavaScriptCore.gypi: This is a Windows build file, so use OSAllocatorWin.cpp.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the GTK build.
-
-        * GNUmakefile.am: Added OSAllocator to another project.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the GTK Linux build.
-
-        * JavaScriptCore.gypi: Added OSAllocator to the project.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt Linux build.
-
-        * wtf/OSAllocatorPosix.cpp: Use the right errno.h.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build: export some more symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt Linux build.
-
-        * wtf/wtf.pri: Use the POSIX OSAllocator for Qt Linux.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: commit doesn't have a return value.
-
-        * wtf/OSAllocatorWin.cpp:
-        (WTF::OSAllocator::commit):
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Export some symbols.
-
-        * JavaScriptCore.exp:
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Export OSAllocator.h as private
-        so other projects can see it.
-
-        * wtf/OSAllocatorPosix.cpp: #include UnusedParam.h for UNUSED_PARAM.
-
-2010-12-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Baby step toward a cross-platform virtual memory abstraction: created
-        an all-static OSAllocator class and changed MarkStack to use it.
-
-        * JavaScriptCore.exp: These functions are inlined now.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added OSAllocatorWin.cpp.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added OSAllocatorPosix.cpp.
-
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::allocateStack):
-        (JSC::MarkStack::releaseStack): Use OSAllocator instead of rolling our
-        own platform-specific code.
-
-        * runtime/MarkStackNone.cpp: Removed. Nothing used this.
-
-        * runtime/MarkStackPosix.cpp: 
-        * runtime/MarkStackSymbian.cpp:
-        * runtime/MarkStackWin.cpp: Removed custom platform-specific code, since
-        we use the OSAllocator abstraction now.
-
-        * wtf/OSAllocator.h: Added.
-        * wtf/OSAllocatorPosix.cpp: Added.
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-        (WTF::OSAllocator::release):
-        * wtf/OSAllocatorSymbian.cpp: Added.
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-        (WTF::OSAllocator::release):
-        * wtf/OSAllocatorWin.cpp: Added.
-        (WTF::OSAllocator::reserve):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-        (WTF::OSAllocator::release): The new OSAllocator abstraction.
-
-        * wtf/wtf.pri: Added OSAllocatorSymbian.cpp.
-
-2010-12-01  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        WinCairo build should not use link-time code generation (LTCG)
-        https://bugs.webkit.org/show_bug.cgi?id=50353
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-010-12-01  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        vcproj changes can't be applied cleanly by the Windows EWS bot
-        https://bugs.webkit.org/show_bug.cgi?id=50328
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Added property svn:eol-style.
-
-2010-12-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 50298 - /()()()()()()()()()(?:(\10a|b)(X|Y))+/.exec("bXXaYYaY") ASSERTs
-
-        For unmatched subpattens we previously used to set the subpattern end to -1,
-        but now we only set the start value. E.g. consider the following:
-            /a(b)?c/.exec("ac");
-        Previously we would generate an internal results array of:
-            [ 0, 2, -1, -1 ]
-        Since fairly recently we have generated results of:
-            [ 0, 2, -1, ??? ]
-        (With the end index of the subpattern uninitialized).
-
-        Update these ASSERTs to account for this.
-
-        Also, when stripping out self-referencing backreferences, (e.g. /(\1)/) we
-        were checking the wrong property on the pattern term. We should have been
-        looking at term.parentheses.subpatternId, but instead were checking
-        term.subpatternId. The latter is actually only the subpatternId for
-        back reference terms. Rename this to backReferenceSubpatternId.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchBackReference):
-        (JSC::Yarr::Interpreter::backtrackBackReference):
-
-2010-11-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        Bug 50297 - \s in YARR should match BOMs.
-
-        From section 15.10.2.12 CharacterClassEscape contains:
-
-        The production CharacterClassEscape :: s evaluates by returning the set of characters containing the
-        characters that are on the right-hand side of the WhiteSpace (7.2) or LineTerminator (7.3) productions.
-
-        Table 2 in section 7.2 contains:
-
-        \uFEFF Byte Order Mark <BOM>
-
-        * create_regex_tables:
-            Add BOM to spaces table.
-
-2010-11-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fixed review comments following bug #48101.
-        Mostly typos, plus gave quantifyInfinite a symbolic name.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        (JSC::Yarr::RegexPatternConstructor::checkForTerminalParentheses):
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
-        (JSC::Yarr::Interpreter::matchParenthesesTerminalBegin):
-        (JSC::Yarr::Interpreter::backtrackParenthesesTerminalBegin):
-        (JSC::Yarr::Interpreter::backtrackParenthesesTerminalEnd):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::RegexGenerator::generatePatternCharacterNonGreedy):
-        (JSC::Yarr::RegexGenerator::generateCharacterClassGreedy):
-        * yarr/RegexParser.h:
-        (JSC::Yarr::Parser::parseTokens):
-        (JSC::Yarr::parse):
-
-2010-11-30  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler.
-
-        WTF project missing build-stopping code from its pre-build event
-        https://bugs.webkit.org/show_bug.cgi?id=50281
-
-        * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd:
-
-2010-11-30  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Cleanup UTF8.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=49581
-
-        Use macros and functions instead of range values directly.
-
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::inlineUTF8SequenceLength):
-        (WTF::Unicode::UTF8SequenceLength):
-        (WTF::Unicode::convertUTF16ToUTF8):
-        (WTF::Unicode::readUTF8Sequence):
-        (WTF::Unicode::convertUTF8ToUTF16):
-        * wtf/unicode/UnicodeMacrosFromICU.h: Added U_IS_SUPPLEMENTARY macro.
-
-2010-11-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed a crash seen when using a PageAllocation to store itself.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::systemDeallocate): Zero out m_base before unmapping
-        it, in case unmapping m_base unmaps the PageAllocation.
-
-        * wtf/BumpPointerAllocator.h:
-        (WTF::BumpPointerPool::destroy): Now this work-around isn't needed!
-
-2010-11-30  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Darin Adler.
-
-        m_hasNonEnumerableProperties is never initialized in Structure
-        https://bugs.webkit.org/show_bug.cgi?id=50266
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure): initialize member variable.
-
-2010-11-29  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix (part 1). Use correct environment variable syntax in cmd files.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd:
-        * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd:
-        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
-        * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd:
-        * JavaScriptCore.vcproj/jsc/jscPreLink.cmd:
-        * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd:
-        * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd:
-        * JavaScriptCore.vcproj/testapi/testapiPreLink.cmd:
-
-2010-11-29  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Darin Adler.
-
-        WTF support for <rdar://problem/8650085> adding word-prefix search options to the text search API.
-        https://bugs.webkit.org/show_bug.cgi?id=50038
-
-        * wtf/unicode/UnicodeMacrosFromICU.h: Copied additional macros from icu/unicode/utf16.h.
-
-2010-11-29  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler.
-
-        JavaScriptCore projects on Windows should use cmd files for build events
-        https://bugs.webkit.org/show_bug.cgi?id=50193
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd: Added.
-        * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: Added.
-        * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd: Added.
-        * JavaScriptCore.vcproj/jsc/jscPreLink.cmd: Added.
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd: Added.
-        * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd: Added.
-        * JavaScriptCore.vcproj/testapi/testapiPreLink.cmd: Added.
-
-2010-11-29  Dai Mikurube  <dmikurube@google.com>
-
-        Reviewed by Kent Tamura.
-
-        when empty, clicking "down" on outer-spin-button returns "max value"
-        https://bugs.webkit.org/show_bug.cgi?id=45491
-
-        It is required to calculate UTC/DST offsets to retrieve the current local milliseconds for
-        date/time type inputs. WTF::currentTimeMS() returns a UTC time, and WTF::getLocalTime()
-        returns a struct tm, not milliseconds.
-
-        Calculating milliseconds from a struct tm is not simple since timegm() cannot be used in all
-        environments. This calculation is already done in calculateUTCOffset(), and complicated.
-        Duplicating this complicated calculation is unreasonable because of maintainability.
-        To achieve this without duplication, we must call calculate{UTC|DST}Offset in some way.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/DateMath.cpp: Changed calculateUTCOffset() and calculateDSTOffset() to external functions.
-        (WTF::calculateUTCOffset):
-        (WTF::calculateDSTOffset):
-        * wtf/DateMath.h:
-
-2010-11-29  Chris Rogers  <crogers@google.com>
-
-        Reviewed by Kenneth Russell.
-
-        Switch web audio code to use FloatPoint3D instead of Vector3
-        https://bugs.webkit.org/show_bug.cgi?id=50186
-
-        * wtf/Vector3.h: Removed.
-
-2010-11-29  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Add a mechanism for Windows pre-build/pre-link/post-build events to be separated into individual cmd files
-        https://bugs.webkit.org/show_bug.cgi?id=49858
-
-        We're migrating our prebuild/prelink/postbuild steps out of vcproj and vsprops files:
-        - To simplify editing (editing vsprops build steps is confusing).
-        - For more readable diffs.
-
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Added.
-        * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Added.
-
-2010-11-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Improved accuracy of command-line SunSpider.
-
-        * jsc.cpp:
-        (functionRun): Changed the "run" function to run a given test in
-        its own global object. Previously, all tests ran in the same global
-        object, which created name conflicts, and made globals from previous
-        tests artificially survive into later tests.
-        
-        Also changed "run" to return the elapsed milliseconds when running a
-        given test, for slightly more accurate numbers.
-
-        (functionCheckSyntax): Ditto on returning elapsed milliseconds.
-
-2010-11-29  Darin Adler  <darin@apple.com>
-
-        Reviewed by Andreas Kling.
-
-        Remove a couple unneeded overflow checks
-        https://bugs.webkit.org/show_bug.cgi?id=49816
-
-        * wtf/text/CString.cpp:
-        (WTF::CString::init): Use an ASSERT instead of
-        an overflow check with CRASH.
-
-2010-11-29  Adam Roben  <aroben@apple.com>
-
-        Robustify react-to-vsprops-changes.py against changes to its location
-        or the location of the .vsprops files
-
-        Suggested by John Sullivan.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-        Removed file_modification_times.
-        (main): Use glob.glob to find the .vsprops files and assert that we found some.
-
-2010-11-29  Adam Roben  <aroben@apple.com>
-
-        Touch wtf/Platform.h whenever any .vsprops file changes
-
-        This will cause all files to be recompiled, which will make changes to
-        preprocessor macros (e.g., ENABLE_*) actually take effect.
-
-        Fixes <http://webkit.org/b/50167> Windows build fails when ENABLE_*
-        macros are changed (because not enough files are rebuilt)
-
-        Reviewed by John Sullivan.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-        (main): Touch wtf/Platform.h if it's older than any .vsprops file. Also
-        added some comments and logging to make it clearer what the script is
-        doing and why.
-
-2010-11-29  Adam Roben  <aroben@apple.com>
-
-        Update react-to-vsprops-changes.py after r72555
-
-        .vsprops files are no longer accessed relative to $WebKitLibrariesDir.
-
-        Fixes <http://webkit.org/b/50166> REGRESSION (r72555):
-        react-to-vsprops-changes.py no longer works for people with a
-        non-default $WebKitLibrariesDir
-
-        Reviewed by John Sullivan.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-        (main): Always look in WebKitLibraries/win for .vsprops files, not in
-        $WebKitLibrariesDir.
-
-2010-11-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 48100 - YARR allows what seems like a bogus character-class range
-
-        Per ECMA-262 character classes containing character ranges containing
-        character classes are invalid, eg:
-            /[\d-x]/
-            /[x-\d]/
-            /[\d-\d]/
-        These should throw a syntax error.
-
-        * yarr/RegexParser.h:
-
-2010-11-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 48101 - Yarr gives different results for /(?:a*?){2,}/
-
-        The test cases in the linked mozilla bug demonstrate a couple of
-        problems in subpattern matching. These bugs lie in the optimized
-        cases - for matching parentheses with a quantity count of 1, and
-        for matching greedy quantified parentheses at the end of a regex
-        (which do not backtrack).
-
-        In both of these cases we are failing to correctly handle empty
-        matches. In the case of parentheses-single matches (quantity count
-        one) we are failing to test for empty matches at all. In the case
-        of terminal subpattern matches we do currently check, however there
-        is a subtler bug here too. In the case of an empty match we will
-        presently immediately fall through to the next alternative (or
-        complete the regex match), whereas upon a failed match we should
-        be backtracking into the failing alternative, to give it a chance
-        to match further (e.g. consider /a??b?|a/.exec("ab") - upon first
-        attempting to match the first alternative this will match the empty
-        string - since a?? is non-greedy, however rather than moving on to
-        the second alternative we should be re-matching the first one, at
-        which point the non-greedy a?? will match, and as such the result
-        should be "ab", not "a").
-
-        Terminal subpattern matching contains a second bug, too. The frame
-        location values in the subpattern should be being allocated with
-        the outer disjunction's frame (as we do for the parentheses-single
-        optimization). Consider the following three regexes:
-            /a*(?:b*)*c*/
-            /a*(?:b*)c*/
-            /a*(?:b*)*/
-        Considering only the frame location required by the atoms a,b, and
-        c, (ignoring space associated with the nested subpattern) the first
-        regex (a normal subpattern match) requires a frame size of 2 for
-        the outer disjunction, (to backtrack terms a & c), with each
-        iteration of the subpattern requiring a frame of size 1 (in order
-        to backtrack b). In the case of the second regex (where the
-        parentheses-single optimization will kick in) the outer frame must
-        be set up with a frame size of 3, since the outer frame will also
-        be used when running the nested subpattern. We will currently only
-        allocate a farme of size 1 for the outer disjuntion (to contain a),
-        howver the frame size should be 2 (since the subpattern will be
-        evaluated in the outer frame). In addition to failing to allocate
-        frame space the frame offsets are also presently invalid - in the
-        case of the last regex b's frame location will be set assuming it
-        to be the first term in the frame, whereas in this case b lies
-        after the term a, and should be taking a separate frame location.
-
-        In order to correctly allocate the frame for terminal subpattern
-        matches we must move this optimization back up from the JIT into
-        the compiler (and thus interpreter too), since this is where the
-        frame allocation takes place.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::setupAlternativeOffsets):
-        (JSC::Yarr::RegexPatternConstructor::checkForTerminalParentheses):
-        (JSC::Yarr::compileRegex):
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
-        (JSC::Yarr::Interpreter::matchParenthesesOnceEnd):
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
-        (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
-        (JSC::Yarr::Interpreter::matchParenthesesTerminalBegin):
-        (JSC::Yarr::Interpreter::matchParenthesesTerminalEnd):
-        (JSC::Yarr::Interpreter::backtrackParenthesesTerminalBegin):
-        (JSC::Yarr::Interpreter::backtrackParenthesesTerminalEnd):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/RegexInterpreter.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-        (JSC::Yarr::RegexGenerator::generateParenthesesGreedyNoBacktrack):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::PatternTerm::PatternTerm):
-
-2010-11-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Remove Bakefile build system files
-        https://bugs.webkit.org/show_bug.cgi?id=49983
-
-        r53757 only removed the content, but not the files.
-        This patch removes that empty files.
-
-        * JavaScriptCoreSources.bkl: Removed.
-        * jscore.bkl: Removed.
-
-2010-11-24  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Merge the usage of jumps and calls at ARM-JIT
-        https://bugs.webkit.org/show_bug.cgi?id=50008
-
-        Those JmpSrc objects which represent jumps (not calls) should point to
-        after the jump instruction.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::blx):
-        (JSC::ARMAssembler::loadBranchTarget):
-        (JSC::ARMAssembler::getAbsoluteJumpAddress):
-        (JSC::ARMAssembler::linkJump):
-        (JSC::ARMAssembler::relinkJump):
-        (JSC::ARMAssembler::linkCall):
-        (JSC::ARMAssembler::relinkCall):
-        (JSC::ARMAssembler::getRelocatedAddress):
-        (JSC::ARMAssembler::getDifferenceBetweenLabels):
-        (JSC::ARMAssembler::getCallReturnOffset):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::call):
-
-2010-11-24  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] Optimize foldCase, toLower and toUpper methods in glib unicode backend
-        https://bugs.webkit.org/show_bug.cgi?id=48625
-
-        GLib methods use UTF-8 strings, so we have to convert from UTF-16 to
-        UTF-8 to perform the case operations and then convert back the result to
-        UTF-16. GLib conversion methods return a new allocated string, so we
-        have to memcpy the result into the destination buffer too. Using our
-        own methods to convert between UTF-8 and UTF-16 from wtf/unicode/UTF8.h
-        we don't need such memcpy, since they take an already allocated buffer
-        rather than returning a new one. There's another optimization for the
-        case when the destination buffer is not large enough. In that case,
-        methods should return the expected destination buffer size and are
-        called again with a new buffer. We can avoid the conversion to UTF-16 by
-        pre-calculating the required size for the destination buffer.
-
-        * wtf/unicode/glib/UnicodeGLib.cpp:
-        (WTF::Unicode::getUTF16LengthFromUTF8):
-        (WTF::Unicode::convertCase):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-
-2010-11-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        Use WTF::StringHasher directly in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=49893
-
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::Hash::hash):
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierCStringTranslator::hash):
-        (JSC::IdentifierUCharBufferTranslator::hash):
-
-2010-11-22  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        Add WTF::FixedArray::size()
-        https://bugs.webkit.org/show_bug.cgi?id=49891
-
-        Add a method to get the size of a FixedArray.
-
-        * wtf/FixedArray.h:
-        (WTF::FixedArray::size):
-
-2010-11-22  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        [WINCE] Set correct preprocessor definitions
-        https://bugs.webkit.org/show_bug.cgi?id=49887
-
-        * wtf/Platform.h:
-
-2010-11-22  Adam Roben  <aroben@apple.com>
-
-        Use paths relative to $WebKitVSPropsRedirectionDir to access shared .vsprops files
-
-        Apple's Windows build allows placing header files and import libraries for WebKit's
-        dependencies (CoreGraphics, CFNetwork, SQLite, etc.) outside the source tree via the
-        $WebKitLibrariesDir environment variable. This is both required for production builds and
-        convenient for Apple-internal developer builds. Apple's production builds also require that
-        WebKit's shared .vsprops files be accessed relative to $WebKitLibrariesDir. In production
-        builds, the files are copied into that directory tree by the
-        WebKitLibraries/win/tools/WinTools.make file. In Apple-internal developer builds, the
-        copying is done by
-        JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
-
-        This .vsprops copying is problematic in one very important case: when a developer updates
-        their source tree and then tries to build. Visual Studio only reads .vsprops files when a
-        project is first loaded. So, when Visual Studio is first opened after the .vsprops files are
-        updated, it reads in the old files that were already residing in $WebKitLibrariesDir. When a
-        build is started, JavaScriptCoreGenerated.make copies the new .vsprops files into
-        $WebKitLibrariesDir, but Visual Studio will not pick up the changes.  The rest of the build
-        will proceed with out-of-date .vsprops files, which will likely result in a build failure.
-
-        To fix this, we now use normal relative paths to access the .vsprops files in the source
-        tree rather than in $WebKitLibrariesDir, but prefix those paths with a new environment
-        variable, $WebKitVSPropsRedirectionDir. In developer builds, this environment variable is
-        unset, so the normal relative paths are used to read the .vsprops files out of the source
-        tree directly. In production builds, this environment variable is set to a fake directory
-        that will cause the .vsprops files in $WebKitLibrariesDir to be found when the relative path
-        is resolved.
-        
-        For example, JavaScriptCore.vcproj uses this path for FeatureDefines.vsprops:
-
-        $(WebKitVSPropsRedirectionDir)..\..\..\WebKitLibraries\win\tools\vsprops\FeatureDefines.vsprops
-
-        In developer builds, where $WebKitVSPropsRedirectionDir is unset, this will point to the
-        files in WebKitLibraries\win\tools\vsprops in the source tree. In production builds,
-        JavaScriptCore.make sets $WebKitVSPropsRedirectionDir to
-        "$(SRCROOT)\AppleInternal\tools\vsprops\OpenSource\1\2\3\", so the full path for
-        FeatureDefines.vsprops becomes:
-
-        $(SRCROOT)\AppleInternal\tools\vsprops\OpenSource\1\2\3\..\..\..\WebKitLibraries\win\tools\vsprops\FeatureDefines.vsprops
-
-        which resolves to:
-
-        $(SRCROOT)\AppleInternal\tools\vsprops\OpenSource\WebKitLibraries\win\tools\vsprops\FeatureDefines.vsprops
-
-        (We rely on the fact that Windows doesn't care whether the directories "1", "2", and "3"
-        actually exist since they are matched by an equal number of ".." path components.)
-
-        Note that Visual Studio still won't pick up changes made to .vsprops files while Visual
-        Studio is open, but that problem hasn't seemed to cause developers many headaches so far.
-
-        Fixes <http://webkit.org/b/49181> Windows build fails mysteriously when .vsprops files are
-        updated
-
-        Reviewed by Dave Hyatt.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Set $WebKitVSPropsRedirectionDir so that
-        production builds can find the .vsprops files.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Stopy copying the
-        .vsprops files. It isn't needed anymore.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        Changed to use paths relative to $WebKitVSPropsRedirectionDir to access shared .vsprops
-        files.
-
-2010-11-19  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        YARR JIT should fallback to YARR Interpreter instead of PCRE.
-        https://bugs.webkit.org/show_bug.cgi?id=46719
-
-        Remove the ENABLE_YARR macro and the option of matching regular
-        expressions with PCRE from JavaScriptCore.
-
-        * runtime/JSGlobalData.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        * tests/mozilla/expected.html:
-        * wtf/Platform.h:
-        * yarr/RegexCompiler.cpp:
-        * yarr/RegexCompiler.h:
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::byteCompileRegex):
-        * yarr/RegexInterpreter.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::~RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::getFallback):
-        (JSC::Yarr::RegexCodeBlock::isFallback):
-        (JSC::Yarr::RegexCodeBlock::setFallback):
-        (JSC::Yarr::executeRegex):
-        * yarr/RegexParser.h:
-        * yarr/RegexPattern.h:
-
-2010-11-20  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by David Kilzer.
-
-        [BREWMP] Replace DBGPRINTF and DBGPRINTF_FATAL with dbg_Message
-        https://bugs.webkit.org/show_bug.cgi?id=49520
-
-        DBGPRINTF and DBGPRINTF_FATAL macros are prohibited in Mod1. Use dbg_Message instead.
-
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-
-2010-11-20  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Support JIT_OPTIMIZE_MOD on Thumb-2
-        https://bugs.webkit.org/show_bug.cgi?id=49432
-
-        Rewrite the soft modulo operation into macroassembler form, and move it
-        to JSValue32_64 section.
-        Add support for soft modulo on Thumb-2 JIT also.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::clz):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::countLeadingZeros32):
-        (JSC::MacroAssemblerARM::relativeTableJump):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::countLeadingZeros32):
-        (JSC::MacroAssemblerARMv7::relativeTableJump):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::softModulo):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * wtf/Platform.h:
-
-2010-11-20  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/49848> Make it possible to display the last character of a secure text field unobscured
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.exp:
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::secure): Added argument that controls whether
-        the last character is obscured or not.  Implemented behavior.
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::LastCharacterBehavior): Added enum.
-        (WTF::StringImpl::secure): Updated method signature.
-
-2010-11-19  William Chan  <willchan@chromium.org>
-
-        Reviewed by David Levin.
-
-        Add USE(CHROMIUM_NET)
-
-        Indicates the use of Chromium's network stack.  Chromium's network
-        stack performs better when it has full view of all resource requests,
-        so USE(CHROMIUM_NET) can be used to bypass throttles.
-
-        https://bugs.webkit.org/show_bug.cgi?id=49778
-
-        * wtf/Platform.h:
-
-2010-11-19  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Add Debug_Cairo_CFLite and Release_Cairo_CFLite configurations for all vcproj files
-        https://bugs.webkit.org/show_bug.cgi?id=49819
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-2010-11-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Don't check for constant registers when we can guarantee that the register won't be in the constant pool
-        https://bugs.webkit.org/show_bug.cgi?id=49814
-
-        Add uncheckedR(int) to CallFrame, and replace all the uses of r() with uncheckedR()
-        when we can guarantee that the register is not referring to a constant.
-        This makes the interpreter about 0.5% faster, and makes the CallFrame initialisation
-        logic correct when we're using a faked callframe (as in the case of the globalExec).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::createActivation):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::thisObject):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::uncheckedR):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-
-2010-11-19  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Normalize Cairo/CFLite project/solution configuration names
-        https://bugs.webkit.org/show_bug.cgi?id=49818
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-2010-11-18  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Windows vcproj configuration names should be normalized across projects
-        https://bugs.webkit.org/show_bug.cgi?id=49776
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-
-2010-11-19  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed, build fix after r72360.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-
-2010-11-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoff Garen.
-
-        Bug 49577 - Function.prototype should be non-configurable
-
-        Ooops, Function.prototype should not be enumerable!
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-
-2010-11-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 49708 - Stop recompiling functions to regenerate exception info.
-
-        Instead only hold info as necessary – keep divot info is the inspector
-        is enabled, line number info is debugging or profiling, and handler
-        info for functions with try/catch.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpStatistics):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::addExpressionInfo):
-        (JSC::CodeBlock::addLineInfo):
-        (JSC::CodeBlock::hasExpressionInfo):
-        (JSC::CodeBlock::hasLineInfo):
-        (JSC::CodeBlock::needsCallReturnIndices):
-        (JSC::CodeBlock::callReturnIndexVector):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNode):
-        (JSC::BytecodeGenerator::emitNodeInConditionContext):
-        (JSC::BytecodeGenerator::emitExpressionInfo):
-        (JSC::BytecodeGenerator::addLineInfo):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::appendSourceToError):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::jitThrow):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Collector.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::usingAPI):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::supportsRichSourceInfo):
-        (JSC::JSGlobalObject::globalData):
-
-2010-11-18  Adam Roben  <aroben@apple.com>
-
-        Add a script to delete manifest-related files when they are older than
-        any .vsprops file
-
-        Changes to .vsprops files can cause the manifest files to become
-        invalid, and Visual Studio doesn't always figure out that it needs to
-        rebuild them.
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        Call the new script.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        Added the new script.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Added.
-        (file_modification_times): Generator to return the modification time of
-        each file in a directory hierarchy.
-        (main): Get the modification time of the newest vsprops file, then find
-        all manifest-related files in the obj directory. Delete all
-        manifest-related files that are older than the newest vsprops file.
-
-2010-11-18  Mark Rowe  <mrowe@apple.com>
-
-        Rubber-stamped by Adam Roben.
-
-        <rdar://problem/8602509&8602717&8602724> Enable compaction support.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2010-11-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 49635 - Profiler implementation is fragile
-
-        The profile presently requires the exception handling mechanism to explicitly
-        remove all stack frames that are exited during the exception unwind mechanism.
-        This is fragile in a number of ways:
-          * We have to change bytecode register allocation when compiling code to run
-            when profiling, to preserve the callee function (this is also required to
-            call did_call after the call has returned).
-          * In the JIT we have to maintain additional data structures
-            (CodeBlock::RareData::m_functionRegisterInfos) to map back to the register
-            containing the callee.
-          * In the interpreter we use 'magic values' to offset into the instruction
-            stream to rediscover the register containing the function.
-
-        Instead, move profiling into the head and tail of functions.
-          * This correctly accounts the cost of the call itself to the caller.
-          * This allows us to access the callee function object from the callframe.
-          * This means that at the point a call is made we can track the stack depth
-            on the ProfileNode.
-          * When unwinding we can simply report the depth at which the exception is
-            being handled - all call frames above this level are freed.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::methodCallLinkInfo):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * profiler/Profile.cpp:
-        (JSC::Profile::Profile):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-        (JSC::ProfileGenerator::exceptionUnwind):
-        (JSC::ProfileGenerator::stopProfiling):
-        * profiler/ProfileGenerator.h:
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::ProfileNode):
-        (JSC::ProfileNode::willExecute):
-        * profiler/ProfileNode.h:
-        (JSC::ProfileNode::create):
-        (JSC::ProfileNode::callerCallFrame):
-        * profiler/Profiler.cpp:
-        (JSC::dispatchFunctionToProfiles):
-        (JSC::Profiler::_willExecute):
-        (JSC::Profiler::_didExecute):
-        (JSC::Profiler::exceptionUnwind):
-        * profiler/Profiler.h:
-
-2010-11-18  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Remove leftover Windows Debug_Internal configurations
-        https://bugs.webkit.org/show_bug.cgi?id=49758
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-2010-11-18  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Avoid increasing required alignment of target type warning
-        https://bugs.webkit.org/show_bug.cgi?id=43963
-
-        * runtime/UString.h:
-        (JSC::UStringHash::equal):
-        * wtf/StdLibExtras.h:
-
-2010-11-17  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        Add stubbed out ScrollAnimator for the Mac
-        https://bugs.webkit.org/show_bug.cgi?id=49678
-
-        * wtf/Platform.h: Enable SMOOTH_SCROLLING on the Mac, this has no
-        change in behavior at the moment.
-
-2010-11-17  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/49634> Make overflow guards in WTF::String::utf8 explicit
-
-        Reviewed by Darin Adler.
-
-        Add an explicit overflow check prior to allocating our buffer,
-        rather than implicitly relying on the guard in convertUTF16ToUTF8.
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::utf8):
-
-2010-11-17  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r72197.
-        http://trac.webkit.org/changeset/72197
-        https://bugs.webkit.org/show_bug.cgi?id=49661
-
-        broke fast/regex/test1.html (Requested by stampho on #webkit).
-
-        * runtime/JSGlobalData.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExpRepresentation::~RegExpRepresentation):
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        * tests/mozilla/expected.html:
-        * wtf/Platform.h:
-        * yarr/RegexCompiler.cpp:
-        * yarr/RegexCompiler.h:
-        * yarr/RegexInterpreter.cpp:
-        * yarr/RegexInterpreter.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::~RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::getFallback):
-        (JSC::Yarr::RegexCodeBlock::setFallback):
-        (JSC::Yarr::executeRegex):
-        * yarr/RegexParser.h:
-        * yarr/RegexPattern.h:
-
-2010-11-17  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        YARR JIT should fallback to YARR Interpreter instead of PCRE.
-        https://bugs.webkit.org/show_bug.cgi?id=46719
-
-        Remove the ENABLE_YARR macro and the option of matching regular
-        expressions with PCRE from JavaScriptCore.
-
-        * runtime/JSGlobalData.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        * tests/mozilla/expected.html:
-        * wtf/Platform.h:
-        * yarr/RegexCompiler.cpp:
-        * yarr/RegexCompiler.h:
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::byteCompileRegex):
-        * yarr/RegexInterpreter.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::~RegexCodeBlock):
-        (JSC::Yarr::RegexCodeBlock::getFallback):
-        (JSC::Yarr::RegexCodeBlock::isFallback):
-        (JSC::Yarr::RegexCodeBlock::setFallback):
-        (JSC::Yarr::executeRegex):
-        * yarr/RegexParser.h:
-        * yarr/RegexPattern.h:
-
-2010-11-17  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Extend YARR Interpreter with beginning character look-up optimization
-        https://bugs.webkit.org/show_bug.cgi?id=45751
-
-        Add beginning character look-up optimization which sets the start
-        index to the first possible successful pattern match.
-        Extend YARR Interpreter with lookupForBeginChars function which
-        implements the beginning character look-up optimization.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::InputStream::readPair):
-        (JSC::Yarr::Interpreter::InputStream::isNotAvailableInput):
-        (JSC::Yarr::Interpreter::lookupForBeginChars):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        * yarr/RegexInterpreter.h:
-        (JSC::Yarr::BytecodePattern::BytecodePattern):
-
-2010-11-17  Alexis Menard  <alexis.menard@nokia.com>, Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Kenneth Christiansen, Tor Arne Vestbø.
-
-        [Qt] Add support for use GStreamer with the Qt build
-
-        Enable the build/inclusion of the wtf/QObject convenience classes.
-
-        * JavaScriptCore.pri:
-        * wtf/wtf.pri:
-
-2010-11-17  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Collect the beginning characters in a RegExp pattern for look-up
-        optimization
-        https://bugs.webkit.org/show_bug.cgi?id=45748
-
-        Extend the YARR's parser with an algorithm which collects the potential
-        beginning characters from a RegExp pattern for later look-up optimization.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::BeginCharHelper::BeginCharHelper):
-        (JSC::Yarr::BeginCharHelper::addBeginChar):
-        (JSC::Yarr::BeginCharHelper::merge):
-        (JSC::Yarr::BeginCharHelper::addCharacter):
-        (JSC::Yarr::BeginCharHelper::linkHotTerms):
-        (JSC::Yarr::RegexPatternConstructor::RegexPatternConstructor):
-        (JSC::Yarr::RegexPatternConstructor::addBeginTerm):
-        (JSC::Yarr::RegexPatternConstructor::setupDisjunctionBeginTerms):
-        (JSC::Yarr::RegexPatternConstructor::setupAlternativeBeginTerms):
-        (JSC::Yarr::RegexPatternConstructor::setupBeginChars):
-        (JSC::Yarr::compileRegex):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::TermChain::TermChain):
-        (JSC::Yarr::BeginChar::BeginChar):
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-
-2010-11-17  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r72160.
-        http://trac.webkit.org/changeset/72160
-        https://bugs.webkit.org/show_bug.cgi?id=49646
-
-        Broke lots of fast/profiler tests, among others (Requested by
-        aroben on #webkit).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::functionRegisterForBytecodeOffset):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addFunctionRegisterInfo):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        (JSC::BytecodeGenerator::emitReturn):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::CallArguments::profileHookRegister):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::CallArguments::CallArguments):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * profiler/Profile.cpp:
-        (JSC::Profile::Profile):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-        (JSC::ProfileGenerator::stopProfiling):
-        * profiler/ProfileGenerator.h:
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::ProfileNode):
-        (JSC::ProfileNode::willExecute):
-        * profiler/ProfileNode.h:
-        (JSC::ProfileNode::create):
-        (JSC::ProfileNode::operator==):
-        * profiler/Profiler.cpp:
-        (JSC::dispatchFunctionToProfiles):
-        (JSC::Profiler::willExecute):
-        (JSC::Profiler::didExecute):
-        * profiler/Profiler.h:
-
-2010-11-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 49635 - Profiler implementation is fragile
-
-        The profile presently requires the exception handling mechanism to explicitly
-        remove all stack frames that are exited during the exception unwind mechanism.
-        This is fragile in a number of ways:
-          * We have to change bytecode register allocation when compiling code to run
-            when profiling, to preserve the callee function (this is also required to
-            call did_call after the call has returned).
-          * In the JIT we have to maintain additional data structures
-            (CodeBlock::RareData::m_functionRegisterInfos) to map back to the register
-            containing the callee.
-          * In the interpreter we use 'magic values' to offset into the instruction
-            stream to rediscover the register containing the function.
-
-        Instead, move profiling into the head and tail of functions.
-          * This correctly accounts the cost of the call itself to the caller.
-          * This allows us to access the callee function object from the callframe.
-          * This means that at the point a call is made we can track the stack depth
-            on the ProfileNode.
-          * When unwinding we can simply report the depth at which the exception is
-            being handled - all call frames above this level are freed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::methodCallLinkInfo):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        (JSC::BytecodeGenerator::emitReturn):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::CallArguments::count):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::CallArguments::CallArguments):
-        * interpreter/Interpreter.cpp:
-        (JSC::ProfileHostCall::ProfileHostCall):
-        (JSC::ProfileHostCall::~ProfileHostCall):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_profile_has_called):
-        (JSC::JIT::emit_op_profile_will_return):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_profile_has_called):
-        (JSC::JIT::emit_op_profile_will_return):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * profiler/Profile.cpp:
-        (JSC::Profile::Profile):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-        (JSC::ProfileGenerator::exceptionUnwind):
-        (JSC::ProfileGenerator::stopProfiling):
-        * profiler/ProfileGenerator.h:
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::ProfileNode):
-        (JSC::ProfileNode::willExecute):
-        * profiler/ProfileNode.h:
-        (JSC::ProfileNode::create):
-        (JSC::ProfileNode::operator==):
-        (JSC::ProfileNode::exec):
-        * profiler/Profiler.cpp:
-        (JSC::dispatchFunctionToProfiles):
-        (JSC::Profiler::hasCalled):
-        (JSC::Profiler::willEvaluate):
-        (JSC::Profiler::willReturn):
-        (JSC::Profiler::didEvaluate):
-        (JSC::Profiler::exceptionUnwind):
-        * profiler/Profiler.h:
-
-2010-11-16  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Adam Roben and Steve Falkenburg.
-
-        Touch Platform.h to force a rebuild for Windows.
-
-        * wtf/Platform.h:
-
-2010-11-16  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Disable LTCG for Windows Release builds. Add new Release_LTCG configuration.
-        https://bugs.webkit.org/show_bug.cgi?id=49632
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-
-2010-11-16  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        The number of recursive match calls isn't limited in YARR Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=47906
-
-        Check the number of the matchDisjunction recursive calls to avoid unbounded
-        recursion.
-        Now the matchDisjunction function returns JSRegExpResult instead of bool.
-        The JSRegExpResult enum contains the result of matching or the error code
-        of the failure (like HitLimit) which terminates the matching.
-        The error codes are based on pcre's jsRegExpExecute error codes.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::parenthesesDoBacktrack):
-        (JSC::Yarr::Interpreter::matchParentheses):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::matchNonZeroDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        (JSC::Yarr::Interpreter::Interpreter):
-        * yarr/RegexInterpreter.h:
-
-2010-11-16  Brian Weinstein  <bweinstein@apple.com>
-
-        Rest of the Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-11-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix pt 1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-11-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=49606
-
-        The bug here is that we read the prototype from the RHS argument using a regular
-        op_get_by_id before op_instanceof has checked that this is an object implementing
-        HasInstance. This incorrect behaviour gives rise to further unnecessary complexity
-        in the code base, since we have additional logic (implemented using the
-        GetByIdExceptionInfo data structures on CodeBlock) to convert not an object errors
-        from the get_by_id into invalid parameter errors. Having fixed this bug this code
-        is all redundant, since in these cases the get_by_id will never have been reached.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addExpressionInfo):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitCheckHasInstance):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::InstanceOfNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_check_has_instance):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_check_has_instance):
-        (JSC::JIT::emitSlow_op_instanceof):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_check_has_instance):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_check_has_instance):
-        (JSC::JIT::emitSlow_op_instanceof):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createInterruptedExecutionException):
-        (JSC::createTerminatedExecutionException):
-        (JSC::createUndefinedVariableError):
-        (JSC::createNotAFunctionError):
-        (JSC::createNotAnObjectError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toPrimitive):
-        (JSC::JSNotAnObject::getPrimitiveNumber):
-        (JSC::JSNotAnObject::toBoolean):
-        (JSC::JSNotAnObject::toNumber):
-        (JSC::JSNotAnObject::toString):
-        (JSC::JSNotAnObject::toObject):
-        (JSC::JSNotAnObject::getOwnPropertySlot):
-        (JSC::JSNotAnObject::getOwnPropertyDescriptor):
-        (JSC::JSNotAnObject::put):
-        (JSC::JSNotAnObject::deleteProperty):
-        (JSC::JSNotAnObject::getOwnPropertyNames):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::JSNotAnObject):
-        * runtime/JSObject.h:
-        (JSC::JSObject::isActivationObject):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toObjectSlowCase):
-        (JSC::JSValue::synthesizeObject):
-        (JSC::JSValue::synthesizePrototype):
-
-2010-11-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Harden additional string functions against large lengths
-        https://bugs.webkit.org/show_bug.cgi?id=49574
-
-        * wtf/text/CString.cpp:
-        (WTF::CString::init): Check for length that is too large for CString.
-        (WTF::CString::newUninitialized): Ditto.
-        (WTF::CString::copyBufferIfNeeded): Fix types so the length stays
-        in a size_t.
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::append): Check for length that is too large.
-
-2010-11-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 49577 - Function.prototype should be non-configurable
-
-        JSC lazily allocates the prototype property of Function objects.
-
-        We check the prototype exists on 'get', but not on 'put'.
-        If you 'put' without having first done a 'get' you can end up with a configurable
-        prototype (prototype should only ever be non-configurable).
-
-        This is visible in a couple of ways:
-          * 'delete' on the property may succeed. (the next access will result in a new,
-          reset prototype object).
-          * the prototype may be set to a getter.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertyNames):
-            Reify the prototype property before allowing an enumerate including don't enum properties.
-        (JSC::JSFunction::put):
-            Reify the prototype property before any put to it.
-
-2010-11-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 49488 - Only add source specific information to exceptions in Interpreter::throwException
-
-        Three types of source location information are added to errors.
-
-        (1) Divot information.
-
-        This was added with the intention of using it to provide better source highlighting in the inspector.
-        We may still want to do so, but we probably should not be exposing these values in a manner visible to
-        user scripts – only through an internal C++ interface. The code adding divot properties to objects has
-        been removed.
-
-        (2) Line number information.
-
-        Line number information is presently sometimes added at the point the exception is created, and sometimes
-        added at the point the exception passes through throwException. Change this so that throwException has
-        the sole responsibility for adding line number and source file information.
-
-        (3) Source snippets in the message of certain type errors (e.g. 'doc' in `Result of expression 'doc' [undefined] is not an object.`).
-
-        These messages are currently created at the point the exceptions is raised. Instead reformat the message
-        such that the source snippet is located at the end (`Result of expression 'b1' [undefined] is not an object.`
-        becomes `'undefined' is not an object (evaluating 'b1.property')`), and append these to the message at
-        the in throw Exception. This presents a number of advantages:
-          * we no longer need to have source location information to create these TypeErrors.
-          * we can chose to append source location information in other error messages, including those where
-            passing source location to the point of construction would be inconvenient.
-          * we can chose in future to omit to append source location information when running in a non-debug mode.
-
-        This also cleans up some error output, e.g. removing double brackets ('[[]]') around objects in output,
-        removing double periods (..) at end of lines, and adding slightly more context to some errors.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-            - Separated called to access line and range information.
-
-        * bytecode/CodeBlock.h:
-            - Separated called to access line and range information.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::isInvalidParamForIn):
-        (JSC::isInvalidParamForInstanceOf):
-            - Update parameters passed to error constructors.
-        (JSC::appendSourceToError):
-            - Update message property to add location information (previously added in createErrorMessage, in ExceptionHelpers)
-        (JSC::Interpreter::throwException):
-            - Updated to call appendSourceToError. 
-        (JSC::Interpreter::privateExecute):
-            - Update parameters passed to error constructors.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Update parameters passed to error constructors.
-
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        (JSC::hasErrorInfo):
-            - Removed divot properties.
-
-        * runtime/Error.h:
-            - Removed divot properties.
-
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-            - Initialize new property.
-
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::appendSourceToMessage):
-        (JSC::ErrorInstance::setAppendSourceToMessage):
-        (JSC::ErrorInstance::clearAppendSourceToMessage):
-            - Added flag to check for errors needing location information appending.
-        (JSC::ErrorInstance::isErrorInstance):
-            - Added virtual method to check for ErrorInstances.
-
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createUndefinedVariableError):
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAFunctionError):
-        (JSC::createNotAnObjectError):
-            - Update parameters passed to error constructors, stopped adding line number information early, changed TypeError messages.
-
-        * runtime/ExceptionHelpers.h:
-            - Updated function signatures.
-
-        * runtime/JSFunction.cpp:
-        (JSC::callHostFunctionAsConstructor):
-            - Update parameters passed to error constructors.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::isErrorInstance):
-            - Added virtual method to check for ErrorInstances.
-
-2010-11-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam Roben.
-
-        CString(const char*) crashes when passed a null pointer
-        https://bugs.webkit.org/show_bug.cgi?id=49450
-
-        * wtf/text/CString.cpp:
-        (WTF::CString::CString):
-        Return early if str is null.
-
-2010-11-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 49420 - Clean up syntax/reference error throw.
-
-        Some errors detected at compile time are thrown at runtime. We currently do so using a op_new_error/op_throw bytecode pair.
-        This is not ideal. op_throw is used for explicit user throw statements, and has different requirements in terms or meta data
-        attached to the exception (controlled by the explicitThrow parameter passed to Interpreter::throwException). To work around
-        this, op_new_error has to add the meta data at an early stage, which is unlike other VM exceptions being raised.
-
-        We can simplify this and bring into line with other exception behaviour by changing new_error from just allocating an
-        Exception instance to also throwing it – but as a regular VM throw, correctly passing explicitThrow as false.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitThrowReferenceError):
-        (JSC::BytecodeGenerator::emitThrowSyntaxError):
-        (JSC::BytecodeGenerator::emitThrowExpressionTooDeepException):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNodeInConditionContext):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ThrowableExpressionData::emitThrowReferenceError):
-        (JSC::ThrowableExpressionData::emitThrowSyntaxError):
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::PostfixErrorNode::emitBytecode):
-        (JSC::PrefixErrorNode::emitBytecode):
-        (JSC::AssignErrorNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_throw_reference_error):
-        (JSC::JIT::emit_op_throw_syntax_error):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_throw_reference_error):
-        (JSC::JIT::emit_op_throw_syntax_error):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * parser/Nodes.h:
-
-2010-11-11  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Harden some string functions against large lengths
-        https://bugs.webkit.org/show_bug.cgi?id=49293
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::create): Fix incorrect use of PassRefPtr. Check for
-        strlen results that are too large for StringImpl.
-        (WTF::StringImpl::lower): Check for lengths that are too large for
-        int32_t.
-        (WTF::StringImpl::upper): Fix incorrect use of PassRefPtr. Check for
-        lengths that are too large for int32_t.
-        (WTF::StringImpl::secure): Fix incorect use of PassRefPtr. Use unsigned
-        rather than int and int32_t so we can handle any length.
-        (WTF::StringImpl::foldCase): Fix incorrect use of PassRefPtr. Check for
-        lengths that are too large for int32_t.
-        (WTF::StringImpl::find): Check for strlen results that are too large for
-        StringImpl.
-        (WTF::StringImpl::findIgnoringCase): Ditto.
-        (WTF::StringImpl::replace): Fix incorrect use of PassRefPtr.
-        (WTF::StringImpl::createWithTerminatingNullCharacter): Check before
-        incrementing length.
-
-2010-11-11  Dan Horák  <dan@danny.cz>
-
-        Reviewed by Andreas Kling.
-
-        Add support for the s390/s390x architectures, it's big-endian
-        with s390 being 32-bit and s390x being 64-bit.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34786
-
-        * wtf/Platform.h:
-
-2010-11-10  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by David Hyatt.
-
-        HTML5 Ruby support should be mandatory feature
-        https://bugs.webkit.org/show_bug.cgi?id=49272
-
-        Remove Ruby as optional feature.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * JavaScriptCorePrefix.h:: Touch it to avoid incremental build failure on Windows.
-
-2010-11-10  Peter Rybin  <peter.rybin@gmail.com>
-
-        Reviewed by Adam Barth.
-
-        HTML parser should provide script column position within HTML document to JavaScript engine
-        https://bugs.webkit.org/show_bug.cgi?id=45271
-
-        Adds TextPosition* classes -- a structure that stores line/column/generation
-        level coordinates inside text document. Adds *BasedNumber classes -- typesafe int
-        wrappers that emphasize whether int number is used as zero-based or
-        one-based.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/TextPosition.h: Added.
-        (WTF::TextPosition::TextPosition):
-        (WTF::TextPosition::minimumPosition):
-        (WTF::TextPosition::belowRangePosition):
-        (WTF::ZeroBasedNumber::fromZeroBasedInt):
-        (WTF::ZeroBasedNumber::ZeroBasedNumber):
-        (WTF::ZeroBasedNumber::zeroBasedInt):
-        (WTF::ZeroBasedNumber::base):
-        (WTF::ZeroBasedNumber::belowBase):
-        (WTF::OneBasedNumber::fromOneBasedInt):
-        (WTF::OneBasedNumber::OneBasedNumber):
-        (WTF::OneBasedNumber::oneBasedInt):
-        (WTF::OneBasedNumber::convertAsZeroBasedInt):
-        (WTF::OneBasedNumber::convertToZeroBased):
-        (WTF::OneBasedNumber::base):
-        (WTF::OneBasedNumber::belowBase):
-        (WTF::toZeroBasedTextPosition):
-        (WTF::toOneBasedTextPosition):
-        (WTF::ZeroBasedNumber::convertToOneBased):
-
-2010-11-09  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        ARM JIT asserts when loading http://reader.google.com in debug mode
-        https://bugs.webkit.org/show_bug.cgi?id=48912
-
-        There are several cases when the uninterrupted sequence is larger than
-        maximum required offset for pathing the same sequence. Eg.: if in a
-        uninterrupted sequence the last macroassembler's instruction is a stub
-        call, it emits store instruction(s) which should not be included in the
-        calculation of length of uninterrupted sequence. So, the insnSpace and
-        constSpace should be upper limit instead of hard limit.
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::endUninterruptedSequence):
-
-2010-11-09  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/49279> Fix include statements for local headers
-
-        Reviewed by Gavin Barraclough.
-
-        Use "Foo.h" instead of <Foo.h> for local headers.
-
-        * assembler/AbstractMacroAssembler.h: Also fixed sort order.
-        * assembler/CodeLocation.h:
-        * yarr/RegexJIT.h:
-        * yarr/RegexParser.h:
-
-2010-11-08  Adam Roben  <aroben@apple.com>
-
-        Roll out r71532
-
-        It broke the build for Cygwin 1.7 installs. Cygwin 1.7's default
-        .bashrc unsets %TEMP%, which broke copy-tools.cmd.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-tools.cmd: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/show-alert.js: Removed.
-
-2010-11-08  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        >=webkitgtk-1.2.5: parallel build fails with libtool: link: cannot find the library `libwebkit-1.0.la' or unhandled argument `libwebkit-1.0.la'
-        https://bugs.webkit.org/show_bug.cgi?id=49128
-
-        r59042 introduced a C++-style comment in Platform.h, which is often
-        included in C source files. Change it to a C-style comment.
-
-        * wtf/Platform.h: Fix the C++-style comment.
-
-2010-11-08  Adam Roben  <aroben@apple.com>
-
-        Show a message and cause the build to immediately fail when any
-        .vsprops files are copied
-
-        When $WebKitLibrariesDir is set to a non-standard location, the
-        .vsprops files have to be copied from WebKitLibraries/win to
-        $WebKitLibrariesDir. When this happens, Visual Studio doesn't pick up
-        changes to the .vsprops files until the next time it opens the solution
-        file. Before this patch, the build would soldier on with the old
-        .vsprops files, leading to strange build failures. Now we detect that
-        the .vsprops files have been updated, display a message to the user
-        telling them what to do, and make the build fail immediately.
-
-        Fixes <http://webkit.org/b/49181> Windows build fail mysteriously when
-        .vsprops files are updated
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        Moved code to copy the tools directory to the new copy-tools.cmd
-        script. Moved that after the command that writes the buildfailed file
-        so the build will be considered a failure if copy-tools.cmd fails.
-        Changed to write the project name into buildfailed like all our other
-        projects do, so those other projects will know that the failure was due
-        to this project.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        Added new scripts.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-tools.cmd: Added. Copies
-        the tools directory to $WebKitLibrariesDir. If any files were copied,
-        we display a message to the user and exit with error code 1 to cause
-        the build to fail. In non-interactive builds, we just print the message
-        to the build log. In interactive builds, we show the message in an
-        alert.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/show-alert.js: Added. Uses
-        Windows Scripting Host to display a message in an alert.
-
-2010-11-07  Sam Magnuson  <smagnuson@netflix.com>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] make install does not cause JavaScriptCore to be built
-        https://bugs.webkit.org/show_bug.cgi?id=49114
-
-        * JavaScriptCore.pro:
-
-2010-11-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Website consistently crashing TOT in JIT::execute() on news.com.au
-        https://bugs.webkit.org/show_bug.cgi?id=48954
-
-        The problem here was the strict pass of this conversion was loading the
-        this structure into one register but doing the flags check off a different
-        register.  This is clearly wrong.  I have been unable to trigger the crash
-        with a reduction, but I've added an assertion to the this conversion to
-        attempt to make it more readily catchable in future.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_convert_this_strict):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_convert_this_strict):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-11-04  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Adam Barth.
-
-        Use leakRef instead of releaseRef
-        https://bugs.webkit.org/show_bug.cgi?id=48974
-
-        Use leakRef instead of the deprecated releaseRef. This was renamed
-        some time ago because 'releaseRef' is too close to 'release',
-        which does something completely different.
-
-2010-11-04  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION(49798): Crash in HTMLObjectElement::parseMappedAttribute
-        https://bugs.webkit.org/show_bug.cgi?id=48789
-
-        The contract for all String/AtomicString methods seems to be that it's
-        safe to call them, even when the String is null (impl() returns 0).
-        This contract was broken by r49798 (unintentionally) when optimizing
-        for dromeo.
-        This patch adds a null check to AtomicString::lower() fixing this
-        crash and preventing future confusion.
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::lower):
-
-2010-11-04  Adam Barth  <abarth@webkit.org>
-
-        Enabled ICCJPEG on Chromium Mac
-        https://bugs.webkit.org/show_bug.cgi?id=48977
-
-        * wtf/Platform.h:
-
-2010-11-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Crash in Function.prototype.call.apply
-        https://bugs.webkit.org/show_bug.cgi?id=48485
-
-        The problem here was op_load_varargs failing to ensure that
-        there was sufficient space for the entire callframe prior to
-        op_call_varargs.  This meant that when we then re-entered the
-        VM it was possible to stomp over an earlier portion of the
-        stack, so causing sub-optimal behaviour.
-
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoadVarargs):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_load_varargs):
-
-2010-11-03  Kenneth Russell  <kbr@google.com>
-
-        Reviewed by Chris Marrin.
-
-        Redesign extension mechanism in GraphicsContext3D
-        https://bugs.webkit.org/show_bug.cgi?id=46894
-
-        * JavaScriptCore.exp:
-         - Exposed String::split(const String&, Vector<String>).
-
-2010-11-03  Adam Roben  <aroben@apple.com>
-
-        Bring WTF.vcproj up to date
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added filters for the text and
-        unicode directories, added new files, removed old files.
-
-2010-11-03  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Remove unused initializeWeakRandomNumberGenerator
-        https://bugs.webkit.org/show_bug.cgi?id=48899
-
-        WeakRandom class is used instead of weakRandomNumber and its initializer.
-
-        * wtf/RandomNumberSeed.h:
-
-2010-11-03  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Unused class: JSFastMath with JSValue64
-        https://bugs.webkit.org/show_bug.cgi?id=48835
-
-        Remove unused JSFastMath class.
-
-        * runtime/JSImmediate.h:
-
-2010-11-02  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r71127
-
-        MSVC isn't smart enough to figure out that the definition of the global
-        nullptr variable isn't needed, so we provide one for it.
-
-        Fixes <http://webkit.org/b/48862> Windows build is broken due to
-        undefined symbol nullptr
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export nullptr.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Added NullPtr.cpp and let VS
-        resort the files.
-
-        * wtf/NullPtr.cpp: Added.
-
-2010-11-02  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        Remove special handling of HashTableDeletedValue in PlatformRefPtr and manually manage memory that cannot be controlled by HashTraits
-        https://bugs.webkit.org/show_bug.cgi?id=48841
-
-        Remove special handling of HashTableDeletedValue in PlatformRefPtr.
-        This is better handled on a case-by-case basis, when HashTraits
-        cannot account for it.
-
-        * wtf/PlatformRefPtr.h:
-        (WTF::PlatformRefPtr::~PlatformRefPtr):
-        (WTF::PlatformRefPtr::clear):
-        (WTF::::operator):
-
-2010-10-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION: r69429-r69611: Crash in JSC::Interpreter::privateExecute
-        https://bugs.webkit.org/show_bug.cgi?id=47573
-
-        I think the interpreter portion of this was introduced by
-        an incorrect but silent merge when I updated prior to committing.
-        The JIT change is basically just a correctness fix, but it is
-        needed to prevent the testcase from asserting in debug builds.
-
-        The basic problem is incorrectly setting the activation object
-        on an arguments object.  The crash was due to us setting a null
-        activation in the interpreter, in the jit we were setting the
-        activation of a strict mode arguments object.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * wtf/Platform.h:
-
-2010-10-29  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Adam Roben and David Kilzer.
-
-        Fix and cleanup of build systems
-        https://bugs.webkit.org/show_bug.cgi?id=48342
-
-        * Configurations/FeatureDefines.xcconfig: Add missing ENABLE_FULLSCREEN_API
-
-2010-10-28  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Include stddef.h unconditionally in Assertions.h
-        https://bugs.webkit.org/show_bug.cgi?id=48573
-
-        There is no reason to have stddef.h include be MSVC-only.
-
-        * wtf/Assertions.h:
-
-2010-10-28  Herczeg Zoltan  <zherczeg@webkit.org>
-
-        Rubber stamped by Csaba Osztrogonác.
-
-        Try to fix interpreter build.
-
-        Needed parentheses around assignment to avoid GCC warning after
-        http://trac.webkit.org/changeset/70703
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-10-28  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Csaba Osztrogonác.
-
-        resetAssertionMatches() is an unused function in YARR Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=48503
-
-        The resetAssertionMatches() function is removed from YARR Interpreter
-        because it's never called.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::resetMatches):
-
-2010-10-28  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Wrong instruction form for BKPT
-        https://bugs.webkit.org/show_bug.cgi?id=48427
-
-        One '0' is missing from BKPT instruction.
-        Thanks for Jacob Bramley for reporting this error.
-
-        * assembler/ARMAssembler.h:
-
-2010-10-28  Xan Lopez  <xlopez@igalia.com>
-
-        Try to fix Snow Leopard build.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::testPrototype):
-
-2010-10-28  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Oliver Hunt.
-
-        Do not have two different asCell APIs in JSValue
-        https://bugs.webkit.org/show_bug.cgi?id=47979
-
-        Remove JSCell* asCell(JSValue) in favor of only using
-        JSValue::asCell().
-
-        * API/APICast.h:
-        (toRef):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::testPrototype):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/GetterSetter.h:
-        (JSC::asGetterSetter):
-        * runtime/JSByteArray.h:
-        (JSC::asByteArray):
-        * runtime/JSCell.h:
-        (JSC::JSCell::getCallData):
-        (JSC::JSCell::getConstructData):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
-        (JSC::asString):
-        * runtime/JSValue.h:
-        * runtime/Operations.cpp:
-        (JSC::jsIsObjectType):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        * runtime/Protect.h:
-        (JSC::gcProtect):
-        (JSC::gcUnprotect):
-
-2010-10-27  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        Support emit_op_mod() for MIPS on JSVALUE32_64
-        https://bugs.webkit.org/show_bug.cgi?id=46511
-
-        This patch uses MIPS div instructions for op_mod to improve performance.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_mod):
-
-2010-10-27  Brent Fulgham  <bfulgham@webkit.org>
-
-        Unreviewed build correction.
-
-        * wtf/Platform.h: Make sure ACCELERATED_COMPOSITING is
-        turned off in the WinCairo port.  This isn't supported (yet.)
-
-2010-10-27  Chris Rogers  <crogers@google.com>
-
-        Reviewed by Chris Marrin.
-
-        Add ENABLE_WEB_AUDIO feature enable flag (initially disabled) to build-webkit
-        https://bugs.webkit.org/show_bug.cgi?id=48279
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-10-27  Brian Weinstein  <bweinstein@apple.com>
-
-        Windows build fix.
-
-        * jit/JITStubs.cpp:
-        (JSC::jitThrow):
-
-2010-10-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 48365 - Remove output parameters from JITStackFrame
-
-        The JIT stub functions presently use the stackframe to provide a couple of additional return values.
-          * In the case of uncaught exceptions the exception value is returned on the stackframe.exception property.
-          * In the case of caught exceptions the updated value for the callFrame register is returned on the stackframe.callFrame property.
-
-        Change exception returns such that exceptions are always returned on JSGlobalData::exception.
-        Change op_catch such that the new CallFrame value is returned from op_throw / vm_throw in regT0.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        (JSC::CachedCall::call):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::exception):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        * jit/JITCode.h:
-        (JSC::JITCode::execute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_catch):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_catch):
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::jitThrow):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        * runtime/CallData.cpp:
-        (JSC::call):
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/ConstructData.cpp:
-        (JSC::construct):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createErrorForInvalidGlobalAssignment):
-        (JSC::throwOutOfMemoryError):
-        (JSC::throwStackOverflowError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2010-10-27  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=48060
-        Speed up op_jeq_null and op_jneq_null.
-
-        For both opcodes the NullTag and UndefinedTag are checked to control the
-        jump. These values can be simply checked by AboveOrEqual or Below
-        condition if they are the two highest unsigned integers from JSValue's
-        Tag field.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        * runtime/JSValue.h:
-
-2010-10-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=41948
-        REGRESSION(r60392): Registerfile can be unwound too far following an exception
-        
-        SunSpider reports no change.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException): Walk the stack to calculate the high
-        water mark currently in use. It's not safe to assume that the current
-        CallFrame's high water mark is the highest high water mark because
-        calls do not always set up at the end of a CallFrame. A large caller
-        CallFrame can encompass a small callee CallFrame.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall): Make sure to set a 0 CodeBlock
-        in the CallFrame of a host call, like the Interpreter does, instead of
-        leaving the CodeBlock field uninitialized. The backtracing code requires
-        a valid CodeBlock field in each CallFrame.
-
-2010-10-27  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Add cmn to branch32(reg, imm) on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=48062
-
-        The conditional comparison can be done with cmn if the imm value is
-        negative and can fit into the cmn instruction.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branch32):
-
-2010-10-26  Oliver Hunt  <oliver@apple.com>
-
-        Interpreter build fix.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-10-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove exec and globalData arguments from jsNumber
-        https://bugs.webkit.org/show_bug.cgi?id=48270
-
-        Remove the now unused exec and globalData arguments from jsNumber
-        and mechanically update all users of jsNumber.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::emitBytecode):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_mod):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (functionRun):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/CachedTranscendentalFunction.h:
-        (JSC::CachedTranscendentalFunction::operator()):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        (JSC::dateParse):
-        (JSC::dateNow):
-        (JSC::dateUTC):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        * runtime/Error.cpp:
-        (JSC::addErrorSourceInfo):
-        (JSC::addErrorDivotInfo):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::getIndex):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        * runtime/JSNumberCell.h:
-        (JSC::JSValue::JSValue):
-        (JSC::jsNaN):
-        (JSC::JSValue::toJSNumber):
-        * runtime/JSONObject.cpp:
-        (JSC::unwrapBoxedPrimitive):
-        (JSC::PropertyNameForFunctionCall::value):
-        (JSC::JSONStringify):
-        * runtime/JSString.cpp:
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::JSString::getStringPropertySlot):
-        * runtime/JSValue.h:
-        (JSC::jsDoubleNumber):
-        (JSC::jsNumber):
-        (JSC::jsNaN):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::toJSNumber):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRandom):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::numberConstructorNaNValue):
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-        (JSC::constructWithNumberConstructor):
-        (JSC::callNumberConstructor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/Operations.cpp:
-        (JSC::jsAddSlowCase):
-        * runtime/Operations.h:
-        (JSC::jsAdd):
-        * runtime/PrototypeFunction.cpp:
-        (JSC::PrototypeFunction::PrototypeFunction):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpMatchesArray::fillArrayInstance):
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectLastIndex):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncLocaleCompare):
-
-2010-10-25  David Tapuska  <dtapuska@rim.com>
-
-        Reviewed by David Kilzer.
-
-        Enable VFP if our compiler settings indicated we had a hardware
-        VFP.
-
-        https://bugs.webkit.org/show_bug.cgi?id=46096
-
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::isVFPPresent):
-
-2010-10-25  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r70451.
-        http://trac.webkit.org/changeset/70451
-        https://bugs.webkit.org/show_bug.cgi?id=48249
-
-        Broke set-unloaded-frame-location.html under Qt (Requested by
-        caseq on #webkit).
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/TextPosition.h: Removed.
-
-2010-10-25  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Replace _countof with WTF_ARRAY_LENGTH
-        https://bugs.webkit.org/show_bug.cgi?id=48229
-
-        * wtf/Platform.h:
-
-2010-10-25  Peter Rybin  <peter.rybin@gmail.com>
-
-        Reviewed by Adam Barth.
-
-        HTML parser should provide script column position within HTML document to JavaScript engine
-        https://bugs.webkit.org/show_bug.cgi?id=45271
-
-        Adds TextPosition* classes -- a structure that stores line/column/generation
-        level coordinates inside text document. Adds *BasedNumber classes -- typesafe int
-        wrappers that emphasize whether int number is used as zero-based or
-        one-based.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/TextPosition.h: Added.
-        (WTF::TextPosition::TextPosition):
-        (WTF::TextPosition::minimumPosition):
-        (WTF::TextPosition::belowRangePosition):
-        (WTF::ZeroBasedNumber::fromZeroBasedInt):
-        (WTF::ZeroBasedNumber::ZeroBasedNumber):
-        (WTF::ZeroBasedNumber::zeroBasedInt):
-        (WTF::ZeroBasedNumber::base):
-        (WTF::ZeroBasedNumber::belowBase):
-        (WTF::OneBasedNumber::fromOneBasedInt):
-        (WTF::OneBasedNumber::OneBasedNumber):
-        (WTF::OneBasedNumber::oneBasedInt):
-        (WTF::OneBasedNumber::convertAsZeroBasedInt):
-        (WTF::OneBasedNumber::convertToZeroBased):
-        (WTF::OneBasedNumber::base):
-        (WTF::OneBasedNumber::belowBase):
-        (WTF::toZeroBasedTextPosition):
-        (WTF::toOneBasedTextPosition):
-        (WTF::ZeroBasedNumber::convertToOneBased):
-
-2010-10-24  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by David Kilzer.
-
-        Check endianness with __BIG_ENDIAN in RVCT.
-        https://bugs.webkit.org/show_bug.cgi?id=46122
-
-        RVCT defines __BIG_ENDIAN if compiling for a big-endian target.
-
-        * wtf/Platform.h:
-
-2010-10-24  Dan Bernstein  <mitz@apple.com>
-
-        Rubber-stamped by Dave Kilzer.
-
-        Removed empty directories.
-
-        * JavaScriptCore: Removed.
-        * JavaScriptCore/runtime: Removed.
-
-2010-10-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed, fix typo of last build fix.
-
-        * wtf/DateMath.cpp:
-
-2010-10-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed build fix for chromium.
-
-        * wtf/DateMath.cpp: Added missing include.
-
-2010-10-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Add WTF_ARRAY_LENGTH macro to WTF
-        https://bugs.webkit.org/show_bug.cgi?id=32828
-
-        Unify the different implementations and usages.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendQuotedString):
-        (JSC::Stringifier::toJSON):
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/UString.cpp:
-        (JSC::UString::number):
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-        * wtf/StdLibExtras.h:
-
-2010-10-24  Dirk Schulze  <krit@webkit.org>
-
-        Reviewed by Nikolas Zimmermann.
-
-        Filter example Chiseled from SVG Wow! is slow
-        https://bugs.webkit.org/show_bug.cgi?id=48174
-
-        Added 'using WTF::ByteArray;' at the end of ByteArray.h
-
-        * wtf/ByteArray.h:
-
-2010-10-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Inline WTF::bitwise_cast and fix style
-        https://bugs.webkit.org/show_bug.cgi?id=48208
-
-        * wtf/StdLibExtras.h:
-        (WTF::bitwise_cast):
-        (WTF::bitCount):
-
-2010-10-23  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Sam Weinig.
-
-        Unify globalData APIs
-        https://bugs.webkit.org/show_bug.cgi?id=47969
-
-        Make JSGlobalObject::globalData return a reference and adapt
-        callers. This unifies the API with the existing
-        CallFrame::globalData, which also returns a reference.
-
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * interpreter/CallFrame.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        * jsc.cpp:
-        (runWithScripts):
-        * parser/JSParser.cpp:
-        (JSC::jsParse):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * runtime/Error.cpp:
-        (JSC::createError):
-        (JSC::createEvalError):
-        (JSC::createRangeError):
-        (JSC::createReferenceError):
-        (JSC::createSyntaxError):
-        (JSC::createTypeError):
-        (JSC::createURIError):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::globalData):
-
-2010-10-23  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Unreviewed, rolling out r70369.
-        http://trac.webkit.org/changeset/70369
-        https://bugs.webkit.org/show_bug.cgi?id=47974
-
-        Caused weird artifacts in expected results.
-
-        * wtf/Platform.h:
-
-2010-10-23  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        Crashes randomly in cairo_scaled_font_destroy
-        https://bugs.webkit.org/show_bug.cgi?id=46794
-
-        Make PlatformRefPtr aware of hashTableDeletedValue. When PlatformRefPtr
-        goes away this should probably be handled in the future via some special
-        hooks in RefCounted (or its contained type).
-
-        * wtf/PlatformRefPtr.h:
-        (WTF::PlatformRefPtr::~PlatformRefPtr):
-        (WTF::PlatformRefPtr::clear):
-        (WTF::::operator):
-
-2010-10-22  Adam Roben  <aroben@apple.com>
-
-        Remove the QuartzCorePresent.h mechanism
-
-        This header was used to detect whether QuartzCore headers were present
-        on the system. Everyone should have these headers now so we no longer
-        need to detect.
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Remove
-        code to generate QuartzCorePresent.h.
-
-        * wtf/Platform.h: Stop including QuartzCorePresent.h on Windows and
-        collapse all USE_ACCELERATED_COMPOSITING settings into one #ifdef.
-
-2010-10-22  Adam Barth  <abarth@webkit.org>
-
-        Unreviewed, rolling out r70290.
-        http://trac.webkit.org/changeset/70290
-        https://bugs.webkit.org/show_bug.cgi?id=48111
-
-        Undelete Android build files.
-
-        * Android.mk: Added.
-
-2010-10-22  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        JSC interpreter regressions after r69940
-        https://bugs.webkit.org/show_bug.cgi?id=47839
-
-        Wrong "if": It should test whether the result exists,
-        and not the opposite. It is an interpreter bug, hence
-        the bots does not capture it.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveBase):
-
-2010-10-21  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by David Levin.
-
-        Remove Android build system
-        https://bugs.webkit.org/show_bug.cgi?id=48111
-
-        * Android.mk: Removed.
-
-2010-10-21  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Add a String constructor which takes AECHAR*
-        https://bugs.webkit.org/show_bug.cgi?id=45043
-
-        Add String(const AECHAR*) constructor for convenience.
-
-        * wtf/text/WTFString.h:
-
-2010-10-21  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Use GCharsetConverter instead of g_iconv in TextCodecGtk
-        https://bugs.webkit.org/show_bug.cgi?id=47896
-
-        * wtf/gobject/GTypedefs.h:
-
-2010-10-21  Adam Barth  <abarth@webkit.org>
-
-        Unreviewed, rolling out r70174.
-        http://trac.webkit.org/changeset/70174
-        https://bugs.webkit.org/show_bug.cgi?id=41948
-
-        This patch reverts a change that causes
-        http/tests/xmlhttprequest/origin-whitelisting-removal.html to crash.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-
-2010-10-20  Simon Fraser  <simon.fraser@apple.com>
-
-        Fix the EFL build.
-
-        * wtf/CMakeLists.txt:
-
-2010-10-20  Simon Fraser  <simon.fraser@apple.com>
-
-        Fix Windows build: export needed symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-10-19  Simon Fraser  <simon.fraser@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=47851
-        
-        Add methods to DecimalNumber to return the buffer length
-        required for decimal and exponential output.
-        
-        Make some of the DecimalNumber code non-inline (no
-        effect on Sunspider), adding DecimalNumber.cpp to various
-        build systems.
-        
-        Make some DecimalNumber methods 'const'.
-
-        * Android.mk:
-        * Android.v8.wtf.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        * wtf/DecimalNumber.cpp: Added.
-        (WTF::DecimalNumber::bufferLengthForStringDecimal):
-        (WTF::DecimalNumber::bufferLengthForStringExponential):
-        (WTF::DecimalNumber::toStringDecimal):
-        (WTF::DecimalNumber::toStringExponential):
-        * wtf/DecimalNumber.h:
-        (WTF::DecimalNumber::sign):
-        (WTF::DecimalNumber::exponent):
-        (WTF::DecimalNumber::significand):
-        (WTF::DecimalNumber::precision):
-        * wtf/dtoa.cpp:
-        (WTF::dtoa):
-        * wtf/dtoa.h:
-        * wtf/wtf.pri:
-
-2010-10-20  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r70165.
-        http://trac.webkit.org/changeset/70165
-        https://bugs.webkit.org/show_bug.cgi?id=48007
-
-        It broke tests on Qt bot (Requested by Ossy on #webkit).
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/TextPosition.h: Removed.
-
-2010-10-20  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Fix the Windows build after r70165. Move the copying of JavaScript headers from JavaScriptCore's post-build
-        step to JavaScriptCoreGenerated, so the copying is done even when a cpp file in JavaScriptCore is changed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2010-10-20  Dumitru Daniliuc  <dumi@chromium.org>
-
-        Unreviewed, fixing the Win build.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2010-10-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=41948
-        REGRESSION(r60392): Registerfile can be unwound too far following an exception
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException): Walk the stack to calculate the high
-        water mark currently in use. It's not safe to assume that the current
-        CallFrame's high water mark is the highest high water mark because
-        calls do not always set up at the end of a CallFrame. A large caller
-        CallFrame can encompass a small callee CallFrame.
-
-2010-10-20  Peter Rybin  <peter.rybin@gmail.com>
-
-        Reviewed by Adam Barth.
-
-        HTML parser should provide script column position within HTML document to JavaScript engine
-        https://bugs.webkit.org/show_bug.cgi?id=45271
-
-        Adds TextPosition* classes -- a structure that stores line/column/generation
-        level coordinates inside text document. Adds *BasedNumber classes -- typesafe int
-        wrappers that emphasize whether int number is used as zero-based or
-        one-based.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/TextPosition.h: Added.
-        (WTF::TextPosition::TextPosition):
-        (WTF::TextPosition::minimumPosition):
-        (WTF::TextPosition::belowRangePosition):
-        (WTF::ZeroBasedNumber::fromZeroBasedInt):
-        (WTF::ZeroBasedNumber::ZeroBasedNumber):
-        (WTF::ZeroBasedNumber::zeroBasedInt):
-        (WTF::ZeroBasedNumber::base):
-        (WTF::ZeroBasedNumber::belowBase):
-        (WTF::OneBasedNumber::fromOneBasedInt):
-        (WTF::OneBasedNumber::OneBasedNumber):
-        (WTF::OneBasedNumber::oneBasedInt):
-        (WTF::OneBasedNumber::convertAsZeroBasedInt):
-        (WTF::OneBasedNumber::convertToZeroBased):
-        (WTF::OneBasedNumber::base):
-        (WTF::OneBasedNumber::belowBase):
-        (WTF::toZeroBasedTextPosition):
-        (WTF::toOneBasedTextPosition):
-        (WTF::ZeroBasedNumber::convertToOneBased):
-
-2010-10-19  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by David Kilzer.
-
-        [BREWMP] Turn off JIT for simulator build
-        https://bugs.webkit.org/show_bug.cgi?id=47937
-
-        We don't need to test x86 JIT.
-
-        * wtf/Platform.h:
-
-2010-10-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove support for JSVALUE32 from JSC
-        https://bugs.webkit.org/show_bug.cgi?id=47948
-
-        Remove all the code for supporting JSVALUE32 from JSC.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitSlow_op_lshift):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_rshift):
-        (JSC::JIT::emit_op_urshift):
-        (JSC::JIT::emitSlow_op_urshift):
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emit_op_jless):
-        (JSC::JIT::emitSlow_op_jless):
-        (JSC::JIT::emit_op_jlesseq):
-        (JSC::JIT::emitSlow_op_jlesseq):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITCall.cpp:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitGetFromCallFrameHeaderPtr):
-        (JSC::JIT::emitGetFromCallFrameHeader32):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_next_pname):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        * jit/JITStubs.h:
-        * jit/JSInterfaceJIT.h:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::returnDouble):
-        (JSC::SpecializedThunkJIT::tagReturnAsInt32):
-        * jit/ThunkGenerators.cpp:
-        (JSC::sqrtThunkGenerator):
-        (JSC::powThunkGenerator):
-        * runtime/Collector.cpp:
-        (JSC::isPossibleCell):
-        (JSC::typeName):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeForLookup):
-        * runtime/JSImmediate.h:
-        (JSC::reinterpretIntptrToDouble):
-        (JSC::JSImmediate::isIntegerNumber):
-        (JSC::JSImmediate::isDouble):
-        (JSC::JSImmediate::areBothImmediateIntegerNumbers):
-        (JSC::JSImmediate::makeDouble):
-        (JSC::JSImmediate::doubleValue):
-        (JSC::JSImmediate::toBoolean):
-        (JSC::JSImmediate::fromNumberOutsideIntegerRange):
-        (JSC::JSImmediate::from):
-        (JSC::JSImmediate::toDouble):
-        (JSC::JSFastMath::rightShiftImmediateNumbers):
-        * runtime/JSNumberCell.cpp:
-        * runtime/JSNumberCell.h:
-        * runtime/JSObject.h:
-        (JSC::JSObject::JSObject):
-        * runtime/JSValue.h:
-        * runtime/NumberObject.h:
-        * wtf/Platform.h:
-
-2010-10-19  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        BytecodeGenerator::m_lastOpcodePosition must be initialized in all constructors
-        https://bugs.webkit.org/show_bug.cgi?id=47920
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Add missing member initialization.
-
-2010-10-19  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by David Kilzer.
-
-        RVCT fails to compile DateMath.cpp due to overloaded function pow
-        https://bugs.webkit.org/show_bug.cgi?id=47844
-
-        Choose std::pow(double, double) among multiple overloaded pow functions
-        to fix build for RVCT.
-
-        * wtf/DateMath.cpp:
-        (WTF::parseES5DateFromNullTerminatedCharacters):
-
-2010-10-19  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Use UChar instead of wchar_t in UnicodeWinCE
-        https://bugs.webkit.org/show_bug.cgi?id=47904
-
-        Make UnicodeWinCE more portable, so we can use it for other ports too.
-
-        * wtf/unicode/wince/UnicodeWinCE.cpp:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isSpace):
-        (WTF::Unicode::isLetter):
-        (WTF::Unicode::isUpper):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::isAlphanumeric):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::digitValue):
-        * wtf/unicode/wince/UnicodeWinCE.h:
-        (WTF::Unicode::isSeparatorSpace):
-        (WTF::Unicode::isHighSurrogate):
-        (WTF::Unicode::isLowSurrogate):
-        (WTF::Unicode::umemcasecmp):
-        (WTF::Unicode::surrogateToUcs4):
-
-2010-10-19  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Fix style of UnicodeWinCE
-        https://bugs.webkit.org/show_bug.cgi?id=47818
-
-        * wtf/unicode/wince/UnicodeWinCE.cpp:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        * wtf/unicode/wince/UnicodeWinCE.h:
-
-2010-10-18  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.am: add missing file.
-
-2010-10-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Strict mode: Functions created with the function constructor don't implement strict mode semantics
-        https://bugs.webkit.org/show_bug.cgi?id=47860
-
-        When creating the FunctionExecutable for a new function the function constructor
-        was always passing false for whether or not a function was strict, rather than
-        using the information from the freshly parsed function itself.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::fromGlobalCode):
-
-2010-10-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Strict mode: |this| should be undefined if it is not explicitly provided
-        https://bugs.webkit.org/show_bug.cgi?id=47833
-
-        To make strict mode behave correctly we want to pass undefined instead of null
-        as the default this value.  This has no impact on behaviour outside of strict
-        mode as both values are replaced with the global object if necessary.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallValueNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::CallFunctionCallDotNode::emitBytecode):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-
-
-2010-10-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Make a nullptr that works with OwnPtr and RefPtr
-        https://bugs.webkit.org/show_bug.cgi?id=47756
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added NullPtr.h.
-
-        * wtf/NullPtr.h: Added.
-
-        * wtf/OwnArrayPtr.h: Add an overload of = taking nullptr.
-        * wtf/OwnPtr.h: Ditto.
-        * wtf/PassOwnArrayPtr.h: Ditto.
-        * wtf/PassOwnPtr.h: Ditto.
-        * wtf/PassRefPtr.h: Ditto.
-        * wtf/RefPtr.h: Ditto.
-        * wtf/RetainPtr.h: Ditto.
-
-2010-10-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Strict mode: JIT doesn't check for |this| being an immediate before dereferencing
-        https://bugs.webkit.org/show_bug.cgi?id=47826
-
-        There's no guarantee that |this| will be a cell in a strict mode function, so
-        don't claim that it is.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isKnownNotImmediate):
-
-2010-10-18  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        if (0) throw "x" ; else { } throws parse error after r69906
-        https://bugs.webkit.org/show_bug.cgi?id=47807
-
-        r69906 introduced a bug: the semicolon is not parsed after a throw
-        expression anymore. Thus, the semicolon terminates the "if" parsing
-        in the example above, and the else token results a parse error.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseThrowStatement):
-
-2010-10-18  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Andreas Kling.
-
-        Remove some unnecessary lines of code from Parser.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=47816
-
-        * parser/Parser.cpp:
-
-2010-10-18  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Build broken with JIT disabled
-        https://bugs.webkit.org/show_bug.cgi?id=47801
-
-        This is a regression caused by r69940.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveBase):
-
-2010-10-18  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Change FastAllocBase implementation into a macro
-        https://bugs.webkit.org/show_bug.cgi?id=42998
-
-        It was investigated in bug #33896 that inheriting classes from FastAllocBase 
-        can result in objects getting larger which leads to memory regressions. 
-        Using a macro instead of inheriting classes from FastAllocBase would solve the issue. 
-
-        * wtf/FastAllocBase.h: Add a WTF_MAKE_FAST_ALLOCATED macro
-
-2010-10-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Strict mode: arguments is not valid as the base expression for pre- or post-fix expressions
-        https://bugs.webkit.org/show_bug.cgi?id=47791
-
-        Simple fix, check for arguments in addition to eval.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseUnaryExpression):
-
-2010-10-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Strict mode: Assignment that would create a global should be a late ReferenceError, not a syntax failure
-        https://bugs.webkit.org/show_bug.cgi?id=47788
-
-        Fixing this required a couple of changes:
-         * resolve_base now has a flag to indicate whether it is being used for a put in strict mode.
-           this allows us to throw an exception when we're doing a completely generic resolve for
-           assignment, and that assignment would create a new global.
-         * There is a new opcode 'op_ensure_property_exists' that is used to determine whether
-           the property being assigned to already exists on the global object.  This currently
-           has no caching, but such caching could be added relatively trivially.  It is only used
-           in the case where we know that a property will be placed on the global object, and
-           we cannot verify that the property already exists.
-
-        In the jit we plant a call to cti_op_resolve_base_strict_put in the effected case rather
-        than making op_resolve_base have an additional runtime branch.
-
-        There's also a new helper function to create the exception for the invalid assignment.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_ensure_property_exists):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_ensure_property_exists):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseProgram):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createErrorForInvalidGlobalAssignment):
-        * runtime/ExceptionHelpers.h:
-        * runtime/Operations.h:
-        (JSC::resolveBase):
-
-2010-10-17  Simon Fraser  <simon.fraser@apple.com>
-
-        First part of fix for Windows build failure. Will wait for the
-        next set of link errors to determine the mangled forms for dtoaRoundSF
-        and dtoaRoundDP.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-10-17  Simon Fraser  <simon.fraser@apple.com>
-
-        Reviewed by Nikolas Zimmermann.
-
-        Very large and small numbers fail to round-trip through CSS
-        https://bugs.webkit.org/show_bug.cgi?id=20674
-        
-        New exports required to use DecimalNumber in WebCore.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-10-16  Kyusun Kim  <maniagoon@company100.net>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Add using declarations for currentTimeMS() and parseDateFromNullTerminatedCharacters()
-        https://bugs.webkit.org/show_bug.cgi?id=47758
-
-        * wtf/CurrentTime.h:
-        * wtf/DateMath.h:
-
-2010-10-16  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Rename StringHasherFunctions.h to StringHasher.h
-        https://bugs.webkit.org/show_bug.cgi?id=47200
-
-        Now StringHasherFunctions.h only contains the StringHasher class, so rename it to the correct name.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/StringHashFunctions.h: Removed.
-        * wtf/StringHasher.h: Copied from JavaScriptCore/wtf/StringHashFunctions.h.
-        * wtf/text/StringHash.h:
-        * wtf/text/StringImpl.h:
-
-2010-10-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Automatic Semicolon Insertion incorrectly inserts semicolon after break, continue, and return followed by a newline
-        https://bugs.webkit.org/show_bug.cgi?id=47762
-
-        The old YACC parser depended on the lexer for some classes of semicolon insertion.
-        The new parser handles ASI entirely on its own so when the lexer inserts a semicolon
-        on its own the net result is a spurious semicolon in the input stream.  This can result
-        in incorrect parsing in some cases:
-
-        if (0)
-            break
-        ;else {}
-
-        Would result in a parse failure as the output from the lexer is essentially
-
-        if (0)
-             break
-        ;;else
-
-        So the second semicolon is interpreted as a empty statement, which terminates the if,
-        making the else an error.
-
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseThrowStatement):
-          Parsing of throw statement was wrong, and only worked due to the weird behaviour
-          in the lexer
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-          Remove bogus semicolon insertion from the newline handling
-
-2010-10-15  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Dirk Schulze.
-
-        Replace some String::format() usages by StringConcatenate in WebKit
-        https://bugs.webkit.org/show_bug.cgi?id=47714
-
-        * wtf/text/StringConcatenate.h: Add UChar specific StringTypeAdapter, to accept single UChars in makeString().
-
-2010-10-15  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed build fix for Debug Leopard which is failng to compile after r69842.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-
-2010-10-15  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        The parenthetical assertion checking isn't working in some cases with YARR
-        Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=46893
-
-        Calculate the countToCheck value of a TypeParentheticalAssertion by
-        subtracting the number of characters which follows
-        a TypeParentheticalAssertion term with the number of characters which should
-        be matched by terms which are contained
-        in the TypeParentheticalAssertion term (minimumSize).
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-
-2010-10-14  Nathan Vander Wilt  <nate@andyet.net>
-
-        Reviewed by Darin Adler.
-
-        Added parser for ECMAScript 5 standard date format, so Date.parse can handle RFC 3339 timestamps: https://bugs.webkit.org/show_bug.cgi?id=44632
-
-        * runtime/DateConversion.cpp:
-        (JSC::parseDate):
-        * wtf/DateMath.cpp:
-        (WTF::ymdhmsToSeconds):
-        (WTF::parseES5DateFromNullTerminatedCharacters):
-        * wtf/DateMath.h:
-
-2010-10-14  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Replace lots of String::format() usages by StringConcatenate
-        https://bugs.webkit.org/show_bug.cgi?id=47664
-
-        Add StringTypeAdapter<char> to accept single characters for makeString().
-
-        * wtf/text/StringConcatenate.h:
-        (WTF::makeString):
-
-2010-10-14  David Goodwin  <david_goodwin@apple.com>
-
-        Reviewed by Darin Adler.
-
-        need way to measure size of JITed ARM code
-        https://bugs.webkit.org/show_bug.cgi?id=47121
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::linkCode):
-        (JSC::LinkBuffer::dumpLinkStats):
-        (JSC::LinkBuffer::dumpCode):
-
-2010-10-14  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        The backreference checking isn't working in some cases with YARR Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=46904
-
-        The Interpreter::matchBackReference() function returns true without matching
-        when a backreference points to the same parentheses where it is.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchBackReference):
-
-2010-10-14  No'am Rosenthal  <noam.rosenthal@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Text breaking is slow: enable ICU as an opt-in
-        https://bugs.webkit.org/show_bug.cgi?id=40332
-
-        Added a config flag that enables ICU as an opt-in instead of the Qt specific code.
-        Because of the inclusion of ICU headers, some explicit casting was necessary in UnicodeQt4.h
-
-        * JavaScriptCore.pri:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isSeparatorSpace):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::combiningClass):
-        (WTF::Unicode::direction):
-        (WTF::Unicode::category):
-
-2010-10-14  Anton Faern  <anton@bladehawke.com>
-
-        Reviewed by Csaba Osztrogonác.
-
-        https://bugs.webkit.org/show_bug.cgi?id=47658
-        NetBSD was not included in the WTF_PLATFORM_FOO to WTF_OS_FOO
-        change.  This means that OS(NETBSD) is also undefined.
-
-        * wtf/Platform.h: s/_PLATFORM_/_OS_/ for NetBSD
-
-2010-10-13  David Goodwin  <david_goodwin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        ARMv7 JIT should generated conditional branches when possible
-        https://bugs.webkit.org/show_bug.cgi?id=47384
-
-        Use different jump padding sizes for conditional and unconditional
-        jumps (12 bytes and 10 bytes respectively). This allows the JIT to
-        include the IT instruction as part of the conditional jump sequence
-        which in turn allows it to optimize away the IT using an ARMv7 
-        conditional branch instruction. Use 2-byte B(T1) and 4-byte B(T3) for
-        conditional branches when displacement is in range. Also use IT/B(T4)
-        for conditional branch when displacement does not fit in B(T3).
-
-        For unconditional jump, instruction selection options are:
-        B(T2), B(T4), MOVW/MOVT/BX. For conditional jump, instruction selection
-        options are: B(T1), B(T3), IT/B(T4), ITTT/MOVW/MOVT/BX.
-
-        * assembler/ARMv7Assembler.cpp:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::JmpSrc::JmpSrc):
-        (JSC::ARMv7Assembler::ifThenElse):
-        (JSC::ARMv7Assembler::jumpSizeDelta):
-        (JSC::ARMv7Assembler::canCompact):
-        (JSC::ARMv7Assembler::computeJumpType):
-        (JSC::ARMv7Assembler::link):
-        (JSC::ARMv7Assembler::canBeJumpT1):
-        (JSC::ARMv7Assembler::canBeJumpT3):
-        (JSC::ARMv7Assembler::canBeJumpT4):
-        (JSC::ARMv7Assembler::linkJumpT1):
-        (JSC::ARMv7Assembler::linkJumpT3):
-        (JSC::ARMv7Assembler::linkJumpT4):
-        (JSC::ARMv7Assembler::linkConditionalJumpT4):
-        (JSC::ARMv7Assembler::linkBX):
-        (JSC::ARMv7Assembler::linkConditionalBX):
-        (JSC::ARMv7Assembler::linkJumpAbsolute):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::linkCode):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::canCompact):
-        (JSC::MacroAssemblerARMv7::computeJumpType):
-        (JSC::MacroAssemblerARMv7::jumpSizeDelta):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::nearCall):
-        (JSC::MacroAssemblerARMv7::call):
-        (JSC::MacroAssemblerARMv7::ret):
-        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::makeJump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-
-2010-10-13  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Darin Adler.
-
-        Don't depend on Windows on sched_yield and sched.h
-        https://bugs.webkit.org/show_bug.cgi?id=45543
-
-        sched.h is part of pthreads and sched_yield is implemented
-        in pthreads-win32 as Sleep(0). This patch avoids a gratuitous
-        dependency on pthreads-win32 in this file.
-
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SlowLock):
-
-2010-10-13  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Port unicode
-        https://bugs.webkit.org/show_bug.cgi?id=45716
-
-        Brew MP port uses only the subset of ICU library to reduce the binary size.
-        Follow the WinCE's implementation.
-
-        * wtf/Platform.h:
-        * wtf/unicode/Unicode.h:
-        * wtf/unicode/brew/UnicodeBrew.cpp: Added.
-        (WTF::Unicode::toLower):
-        (WTF::Unicode::toUpper):
-        (WTF::Unicode::foldCase):
-        (WTF::Unicode::isPrintableChar):
-        (WTF::Unicode::isUpper):
-        (WTF::Unicode::isLower):
-        (WTF::Unicode::isDigit):
-        (WTF::Unicode::isPunct):
-        (WTF::Unicode::isAlphanumeric):
-        (WTF::Unicode::toTitleCase):
-        (WTF::Unicode::direction):
-        (WTF::Unicode::category):
-        (WTF::Unicode::decompositionType):
-        (WTF::Unicode::combiningClass):
-        (WTF::Unicode::mirroredChar):
-        (WTF::Unicode::digitValue):
-        (WTF::Unicode::isSpace):
-        (WTF::Unicode::isLetter):
-        * wtf/unicode/brew/UnicodeBrew.h: Added.
-        (WTF::Unicode::isArabicChar):
-        (WTF::Unicode::isSeparatorSpace):
-        (WTF::Unicode::hasLineBreakingPropertyComplexContext):
-        (WTF::Unicode::hasLineBreakingPropertyComplexContextOrIdeographic):
-        (WTF::Unicode::umemcasecmp):
-
-2010-10-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-10-13  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        [WTFURL] Add URLQueryCanonicalizer
-        https://bugs.webkit.org/show_bug.cgi?id=45088
-
-        This class canonicalizes the query component of URLs.  The main tricky
-        bit there is the convertCharset function, which I've moved to a
-        templated dependency.  There'll likely be more about that in future
-        patches.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/url/src/URLEscape.cpp: Added.
-        * wtf/url/src/URLEscape.h: Added.
-        (WTF::appendEscapedCharacter):
-        * wtf/url/src/URLQueryCanonicalizer.h: Added.
-        (WTF::URLQueryCanonicalizer::canonicalize):
-        (WTF::URLQueryCanonicalizer::isAllASCII):
-        (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
-        (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
-
-2010-10-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 43987 - Downloading using XHR is much slower than before
-        Change StringBuilder to use overcapacity in a StringImpl, rather than a Vector.
-        Fundamentally this should be the same (copies current contents to expand capacity,
-        rather than using a rope), but this approach allows the intermadiate state of the
-        String to be inspected in the buffer without copying to resolve.
-
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendQuotedString):
-        (JSC::Stringifier::Holder::appendNextProperty):
-            Renamed StringBuilder::size() -> length() (to match other String types).
-
-        * runtime/UStringBuilder.h:
-        (JSC::UStringBuilder::append):
-        (JSC::UStringBuilder::toUString):
-            Update for changes in parent class, can just 'using' the append methods.
-
-        * wtf/text/StringBuilder.cpp: Added.
-        (WTF::StringBuilder::reifyString):
-        (WTF::StringBuilder::resize):
-        (WTF::StringBuilder::reserveCapacity):
-        (WTF::StringBuilder::allocateBuffer):
-        (WTF::StringBuilder::appendUninitialized):
-        (WTF::StringBuilder::append):
-        (WTF::StringBuilder::shrinkToFit):
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::StringBuilder):
-        (WTF::StringBuilder::append):
-        (WTF::StringBuilder::toString):
-        (WTF::StringBuilder::toStringPreserveCapacity):
-        (WTF::StringBuilder::length):
-        (WTF::StringBuilder::isEmpty):
-        (WTF::StringBuilder::operator[]):
-        (WTF::StringBuilder::clear):
-            Class updated to use overcapacity in a StringImpl, rather than a Vector.
-
-        * Android.mk:
-        * Android.v8.wtf.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/wtf.pri:
-
-2010-10-13  Adam Roben  <aroben@apple.com>
-
-        Export tryFastRealloc for WebKit2's benefit
-
-        Rubber-stamped by Anders Carlsson.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added
-        tryFastRealloc. Removed RegExpObject::info, which is now exported via
-        JS_EXPORTDATA.
-
-2010-10-13  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Maciej Stachowiak.
-
-        [WTFURL] Add a mechanism for classifying types of characters
-        https://bugs.webkit.org/show_bug.cgi?id=45085
-
-        Various characters have different escaping rules depending on where
-        they are in URLs.  This patch adds a table containing that information.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/url/src/URLCharacterTypes.cpp: Added.
-        * wtf/url/src/URLCharacterTypes.h: Added.
-        (WTF::URLCharacterTypes::isQueryChar):
-        (WTF::URLCharacterTypes::isIPv4Char):
-        (WTF::URLCharacterTypes::isHexChar):
-        (WTF::URLCharacterTypes::isCharOfType):
-
-2010-10-13  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Missing parameters for bytecode dump of next_pname
-        https://bugs.webkit.org/show_bug.cgi?id=47590
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): add missing parameters to the dump.
-
-2010-10-13  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Dirk Schulze.
-
-        Add wtf/text/StringConcatenate
-        https://bugs.webkit.org/show_bug.cgi?id=47584
-
-        Move runtime/StringConcatenate.h to wtf/text, make it work for Strings too.
-        Add a special runtime/UStringConcatenate.h class that inherits from StringConcatenate, and extends it for use with UString.
-        Exactly the same design that has been followed while refactoring StringBuilder.
-
-        The UString variants can all be removed as soon as WTF::String & JSC::UString converge.
-
-        * GNUmakefile.am: Add wtf/text/StringConcatenate.h and runtime/UStringConcatenate.h.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * bytecode/CodeBlock.cpp: s/makeString/makeUString/
-        (JSC::escapeQuotes):
-        (JSC::valueToSourceString):
-        (JSC::constantName):
-        (JSC::idName):
-        (JSC::CodeBlock::registerName):
-        (JSC::regexpToSourceString):
-        (JSC::regexpName):
-        * bytecompiler/NodesCodegen.cpp: Ditto.
-        (JSC::substitute):
-        * profiler/Profiler.cpp: Ditto.
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/ExceptionHelpers.cpp: Ditto.
-        (JSC::createUndefinedVariableError):
-        (JSC::createErrorMessage):
-        (JSC::createInvalidParamError):
-        * runtime/FunctionConstructor.cpp: Ditto.
-        (JSC::constructFunction):
-        * runtime/FunctionPrototype.cpp: Ditto.
-        (JSC::insertSemicolonIfNeeded):
-        * runtime/JSONObject.cpp: Ditto.
-        (JSC::Stringifier::indent):
-        * runtime/JSStringBuilder.h:
-        (JSC::jsMakeNontrivialString):
-        * runtime/RegExpConstructor.cpp: Ditto.
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp: Ditto.
-        (JSC::RegExpObject::match):
-        * runtime/RegExpPrototype.cpp: Ditto.
-        (JSC::regExpProtoFuncCompile):
-        * runtime/StringConcatenate.h: Removed.
-        * runtime/UStringConcatenate.h: Added. Only contains the StringTypeAdapter<JSC::UString> code and the makeUString variants, the rest lives in wtf/text/StringConcatenate.h
-        (JSC::makeUString):
-        * wtf/text/StringConcatenate.h: Copied from runtime/StringConcatenate.h.
-        (WTF::makeString):
-
-2010-10-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::length):
-
-2010-10-12  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Unify JSC::StringBuilder & WebCore::StringBuilder
-        https://bugs.webkit.org/show_bug.cgi?id=47538
-
-        Move runtime/StringBuilder.h to wtf/text/StringBuilder.h. Rename build() to toString() and return a WTF::String().
-        Move the append(const JSC::UString&) method into runtime/UStringBuilder.h.
-        UStringBuilder inherits from StringBuilder.h and adds append(const JSC::UString&) and UString toUString() functionality.
-
-        No new code, just move code around.
-
-        * GNUmakefile.am: Add wtf/text/StringBuilder.h / runtime/UStringBuilder.h. Remove runtime/StringBuilder.h.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::paramString): Use UStringBuilder, instead of StringBuilder. Rename build() -> toUString().
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction): Ditto.
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncUnescape): Ditto.
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::stringify): Ditto.
-        (JSC::Stringifier::appendQuotedString): Ditto.
-        (JSC::Stringifier::appendStringifiedValue): Ditto.
-        (JSC::Stringifier::startNewLine): Ditto.
-        (JSC::Stringifier::Holder::appendNextProperty): Ditto.
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lexString): Ditto.
-        * runtime/NumberPrototype.cpp: Remove unneeded JSStringBuilder.h / StringBuilder.h include.
-        * runtime/StringBuilder.h: Removed.
-        * runtime/UStringBuilder.h: Added. Inherits from WTF::StringBuilder, extending it by two methods.
-        (JSC::UStringBuilder::append): append(const JSC::UString&)
-        (JSC::UStringBuilder::toUString):
-        * wtf/text/StringBuilder.h: Copied from runtime/StringBuilder.h. Move JSC::UString parts into runtime/UStringBuilder.h
-        (WTF::StringBuilder::append): Renamed m_buffer to buffer everywhere.
-        (WTF::StringBuilder::isEmpty): Ditto (+ constify method). 
-        (WTF::StringBuilder::reserveCapacity): Ditto.
-        (WTF::StringBuilder::resize): Ditto.
-        (WTF::StringBuilder::size): Ditto.
-        (WTF::StringBuilder::operator[]): Ditto.
-        (WTF::StringBuilder::toString): Ditto (+ renamed from build()). Returns a String, not an UString. The old build() method is now named toUString() and lives in UStringBuilder.
-
-2010-10-12  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Cleaned up the processing of replacements after regular expression
-        processing, especially the case where there wasn't a match.
-        Changed to use empty strings instead of computing a zero length sub
-        string.
-        https://bugs.webkit.org/show_bug.cgi?id=47506
-
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators):
-        (JSC::stringProtoFuncReplace):
-
-2010-10-11  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed.
-
-        Clang build fix after r69472.
-        https://bugs.webkit.org/show_bug.cgi?id=46523
-
-        * wtf/text/StringHash.h:
-
-2010-10-11  Oliver Hunt  <oliver@apple.com>
-
-        Undo last minute change to 32bit build.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_convert_this_strict):
-
-2010-10-11  Brian Weinstein  <bweinstein@apple.com>
-
-        Build fix for Windows. Add a necessary export from r69516.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-10-11  Oliver Hunt  <oliver@apple.com>
-
-        Fix interpreter build -- was broken by incorrect merge.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-10-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [ES5] Implement strict mode
-        https://bugs.webkit.org/show_bug.cgi?id=10701
-
-        Initial strict mode implementation.  This is the simplest
-        implementation that could possibly work and adds (hopefully)
-        all of the restrictions required by strict mode.  There are
-        a number of inefficiencies, especially in the handling of
-        arguments and eval as smart implementations would make this
-        patch more complicated.  
-
-        The SyntaxChecker AST builder has become somewhat more complex
-        as strict mode does require more parse tree information to
-        validate the syntax.
-
-        Summary of major changes to the parser:
-            * We track when we enter strict mode (this may come as a surprise)
-            * Strict mode actually requires a degree of AST knowledge to validate
-              so the SyntaxChecker now produces values that can be used to distinguish
-              "node" types.
-            * We now track variables that are written to.  We do this to
-              statically identify writes to global properties that don't exist
-              and abort at that point.  This should actually make it possible
-              to optimise some other cases in the future but for now it's
-              purely for validity checking.  Currently writes are only tracked
-              in strict mode code.
-            * Labels are now tracked as it is now a syntax error to jump to a label
-              that does not exist (or to use break, continue, or return in a context
-              where they would be invalid).
-
-        Runtime changes:
-            * In order to get correct hanlding of the Arguments object all
-              strict mode functions that reference arguments create and tearoff
-              the arguments object on entry.  This is not strictly necessary
-              but was the least work necessary to get the correct behaviour.
-            * PutPropertySlot now tracks whether it is being used for a strict
-              mode write, and if so Object::put will throw when a write can't be
-              completed.
-            * StrictEvalActivation was added as an "activation" object for strict
-              mode eval (so that strict eval does not introduce new variables into
-              the containing scope).
-
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isStrictMode):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::createArgumentsIfNecessary):
-        (JSC::BytecodeGenerator::emitReturn):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::isStrictMode):
-        (JSC::BytecodeGenerator::makeFunction):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_convert_this_strict):
-        (JSC::JIT::emitSlow_op_convert_this_strict):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_pnames):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::isResolve):
-        * parser/JSParser.cpp:
-        (JSC::JSParser::next):
-        (JSC::JSParser::startLoop):
-        (JSC::JSParser::endLoop):
-        (JSC::JSParser::startSwitch):
-        (JSC::JSParser::endSwitch):
-        (JSC::JSParser::setStrictMode):
-        (JSC::JSParser::strictMode):
-        (JSC::JSParser::isValidStrictMode):
-        (JSC::JSParser::declareParameter):
-        (JSC::JSParser::breakIsValid):
-        (JSC::JSParser::pushLabel):
-        (JSC::JSParser::popLabel):
-        (JSC::JSParser::hasLabel):
-        (JSC::JSParser::DepthManager::DepthManager):
-        (JSC::JSParser::DepthManager::~DepthManager):
-        (JSC::JSParser::Scope::Scope):
-        (JSC::JSParser::Scope::startSwitch):
-        (JSC::JSParser::Scope::endSwitch):
-        (JSC::JSParser::Scope::startLoop):
-        (JSC::JSParser::Scope::endLoop):
-        (JSC::JSParser::Scope::inLoop):
-        (JSC::JSParser::Scope::breakIsValid):
-        (JSC::JSParser::Scope::pushLabel):
-        (JSC::JSParser::Scope::popLabel):
-        (JSC::JSParser::Scope::hasLabel):
-        (JSC::JSParser::Scope::isFunction):
-        (JSC::JSParser::Scope::declareVariable):
-        (JSC::JSParser::Scope::declareWrite):
-        (JSC::JSParser::Scope::deleteProperty):
-        (JSC::JSParser::Scope::declareParameter):
-        (JSC::JSParser::Scope::setNeedsFullActivation):
-        (JSC::JSParser::Scope::collectFreeVariables):
-        (JSC::JSParser::Scope::getUncapturedWrittenVariables):
-        (JSC::JSParser::Scope::getDeletedVariables):
-        (JSC::JSParser::Scope::setStrictMode):
-        (JSC::JSParser::Scope::strictMode):
-        (JSC::JSParser::Scope::isValidStrictMode):
-        (JSC::JSParser::pushScope):
-        (JSC::JSParser::popScope):
-        (JSC::JSParser::declareVariable):
-        (JSC::JSParser::declareWrite):
-        (JSC::JSParser::deleteProperty):
-        (JSC::jsParse):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseSourceElements):
-        (JSC::JSParser::parseDoWhileStatement):
-        (JSC::JSParser::parseWhileStatement):
-        (JSC::JSParser::parseVarDeclarationList):
-        (JSC::JSParser::parseConstDeclarationList):
-        (JSC::JSParser::parseForStatement):
-        (JSC::JSParser::parseBreakStatement):
-        (JSC::JSParser::parseContinueStatement):
-        (JSC::JSParser::parseReturnStatement):
-        (JSC::JSParser::parseWithStatement):
-        (JSC::JSParser::parseSwitchStatement):
-        (JSC::JSParser::parseSwitchClauses):
-        (JSC::JSParser::parseSwitchDefaultClause):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseBlockStatement):
-        (JSC::JSParser::parseStatement):
-        (JSC::JSParser::parseFormalParameters):
-        (JSC::JSParser::parseFunctionBody):
-        (JSC::JSParser::parseFunctionInfo):
-        (JSC::JSParser::parseFunctionDeclaration):
-        (JSC::JSParser::parseExpressionOrLabelStatement):
-        (JSC::JSParser::parseIfStatement):
-        (JSC::JSParser::parseExpression):
-        (JSC::JSParser::parseAssignmentExpression):
-        (JSC::JSParser::parseConditionalExpression):
-        (JSC::JSParser::parseBinaryExpression):
-        (JSC::JSParser::parseStrictObjectLiteral):
-        (JSC::JSParser::parsePrimaryExpression):
-        (JSC::JSParser::parseMemberExpression):
-        (JSC::JSParser::parseUnaryExpression):
-        * parser/JSParser.h:
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-        (JSC::Lexer::isReparsing):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::isStrictMode):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::SyntaxChecker):
-        (JSC::SyntaxChecker::makeFunctionCallNode):
-        (JSC::SyntaxChecker::appendToComma):
-        (JSC::SyntaxChecker::createCommaExpr):
-        (JSC::SyntaxChecker::makeAssignNode):
-        (JSC::SyntaxChecker::makePrefixNode):
-        (JSC::SyntaxChecker::makePostfixNode):
-        (JSC::SyntaxChecker::makeTypeOfNode):
-        (JSC::SyntaxChecker::makeDeleteNode):
-        (JSC::SyntaxChecker::makeNegateNode):
-        (JSC::SyntaxChecker::makeBitwiseNotNode):
-        (JSC::SyntaxChecker::createLogicalNot):
-        (JSC::SyntaxChecker::createUnaryPlus):
-        (JSC::SyntaxChecker::createVoid):
-        (JSC::SyntaxChecker::thisExpr):
-        (JSC::SyntaxChecker::createResolve):
-        (JSC::SyntaxChecker::createObjectLiteral):
-        (JSC::SyntaxChecker::createArray):
-        (JSC::SyntaxChecker::createNumberExpr):
-        (JSC::SyntaxChecker::createString):
-        (JSC::SyntaxChecker::createBoolean):
-        (JSC::SyntaxChecker::createNull):
-        (JSC::SyntaxChecker::createBracketAccess):
-        (JSC::SyntaxChecker::createDotAccess):
-        (JSC::SyntaxChecker::createRegex):
-        (JSC::SyntaxChecker::createNewExpr):
-        (JSC::SyntaxChecker::createConditionalExpr):
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createFunctionExpr):
-        (JSC::SyntaxChecker::createFunctionBody):
-        (JSC::SyntaxChecker::appendBinaryExpressionInfo):
-        (JSC::SyntaxChecker::operatorStackPop):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::createStrictModeCallerIfNecessary):
-        (JSC::Arguments::createStrictModeCalleeIfNecessary):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        * runtime/Arguments.h:
-        (JSC::Arguments::Arguments):
-        * runtime/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getConstructData):
-        (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        (JSC::createTypeErrorFunction):
-        * runtime/Error.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        (JSC::ProgramExecutable::reparseExceptionInfo):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::ScriptExecutable::isStrictMode):
-        (JSC::EvalExecutable::create):
-        (JSC::FunctionExecutable::create):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::toStrictThisObject):
-        * runtime/JSActivation.h:
-        * runtime/JSFunction.cpp:
-        (JSC::createDescriptorForThrowingProperty):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::put):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::internalFunctionStructure):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::toStrictThisObject):
-        (JSC::throwTypeError):
-        * runtime/JSObject.h:
-        (JSC::JSObject::isStrictModeFunction):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirect):
-        (JSC::JSValue::putDirect):
-        (JSC::JSValue::toStrictThisObject):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::toStrictThisObject):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSValue.h:
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::toStrictThisObject):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::PutPropertySlot):
-        (JSC::PutPropertySlot::isStrictMode):
-        * runtime/StrictEvalActivation.cpp: Added.
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-        (JSC::StrictEvalActivation::deleteProperty):
-        (JSC::StrictEvalActivation::toThisObject):
-        (JSC::StrictEvalActivation::toStrictThisObject):
-        * runtime/StrictEvalActivation.h: Added.
-
-2010-10-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed.
-
-        Windows build fix after r69472.
-
-        * wtf/text/StringHash.h:
-        (WTF::CaseFoldingHash::hash):
-
-2010-10-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Use WTF::StringHasher in WTF::CaseFoldingHash
-        https://bugs.webkit.org/show_bug.cgi?id=46523
-
-        * wtf/text/StringHash.h:
-        (WTF::CaseFoldingHash::foldCase):
-        (WTF::CaseFoldingHash::hash):
-
-2010-10-09  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Xan Lopez.
-
-        https://bugs.webkit.org/show_bug.cgi?id=47445
-        Remove unused function WTFThreadData::initializeIdentifierTable()
-
-        * wtf/WTFThreadData.h:
-
-2010-10-08  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Added check to start of subexpression being positive before using
-        subexpression in replacement.
-        https://bugs.webkit.org/show_bug.cgi?id=47324
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-
-2010-10-08  Chris Evans  <cevans@google.com>
-
-        Reviewed by David Levin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=47393
-
-        Use unsigned consistently to check for max StringImpl length.
-        Add a few integer overflow checks.
-        Uses the existing paradigm of CRASH() when we can't reasonably handle a crazily large request.
-
-        * wtf/text/WTFString.cpp:
-        * wtf/text/StringImpl.h:
-        * wtf/text/StringImpl.cpp:
-        Better use of size_t vs. unsigned; check for integer overflows.
-
-2010-10-07  David Goodwin  <david_goodwin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        ARM JIT generates undefined operations due to partially uninitialized ShiftTypeAndAmount
-        https://bugs.webkit.org/show_bug.cgi?id=47356
-
-        * assembler/ARMv7Assembler.h:
-
-2010-10-06  Chris Evans  <cevans@google.com>
-
-        Reviewed by David Levin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=47248
-
-        Use size_t consistently in CString, to prevent theoretical trouble
-        with > 4GB strings on 64-bit platforms.
-
-        * wtf/text/CString.h:
-        * wtf/text/CString.cpp:
-        Use size_t for string lengths.
-        * wtf/MD5.cpp:
-        (WTF::expectMD5): use suitable format string + cast for size_t.
-        * JavaScriptCore.exp:
-        Update symbol name.
-
-2010-10-06  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Start cleaning up Arguments.h
-        https://bugs.webkit.org/show_bug.cgi?id=47304
-
-        * wtf/TypeTraits.h:
-        * wtf/TypeTraits.cpp:
-        Add RemoveReference type trait.
-
-2010-10-06  Rafael Antognolli  <antognolli@profusion.mobi>
-
-        Unreviewed build fix.
-
-        [EFL] Build fix for glib support.
-        https://bugs.webkit.org/show_bug.cgi?id=47221
-
-        If compiling with GLib support enabled, we also need to link wtf against
-        glib library.
-
-        * wtf/CMakeListsEfl.txt:
-
-2010-10-05  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Gavin Barraclough.
-
-        [BREWMP] Port ExecutableAllocator::cacheFlush to enable ARM JIT
-        https://bugs.webkit.org/show_bug.cgi?id=47117
-
-        Use IMemCache1 to flush data cache and invalidate instruction cache.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2010-10-05  Leandro Pereira  <leandro@profusion.mobi>
-
-        Unreviewed. Build fix.
-
-        Moved "jsc" directory to "shell", so that the name does not clash with the
-        JavaScriptCore shell in some build systems.
-        http://webkit.org/b/47049
-
-        * CMakeLists.txt: Changed reference from "jsc" to "shell".
-        * jsc: Removed.
-        * jsc/CMakeLists.txt: Removed.
-        * jsc/CMakeListsEfl.txt: Removed.
-        * shell: Copied from JavaScriptCore/jsc.
-
-2010-10-05  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Use PlatformRefPtr in randomNumber
-        https://bugs.webkit.org/show_bug.cgi?id=46989
-
-        Use PlatformRefPtr to free memory automatically.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-
-2010-10-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION(r68338): JavaScript error on PowerPC only (crashes on Interpreter built for x86_64)
-        https://bugs.webkit.org/show_bug.cgi?id=46690
-
-        Use the correct register value when initialising the arguments
-        object in the interpreter.  This is covered by existing tests.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-10-04  David Goodwin  <david_goodwin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        ARMv7 JIT should take advantage of 2-byte branches to reduce code size
-        https://bugs.webkit.org/show_bug.cgi?id=47007
-
-        * assembler/ARMv7Assembler.cpp:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::computeJumpType):
-        (JSC::ARMv7Assembler::link):
-        (JSC::ARMv7Assembler::canBeJumpT2):
-        (JSC::ARMv7Assembler::canBeJumpT4):
-        (JSC::ARMv7Assembler::linkBX):
-        (JSC::ARMv7Assembler::linkJumpT4):
-        (JSC::ARMv7Assembler::linkJumpT2):
-        (JSC::ARMv7Assembler::linkJumpAbsolute):
-
-2010-10-04  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
-
-        Reviewed by Antonio Gomes.
-
-        [EFL] Use fast malloc for WebKit EFL
-        https://bugs.webkit.org/show_bug.cgi?id=46691
-
-        Use fast malloc for WebKit EFL because the fast malloc is to allocate
-        memory quickly.
-
-        * wtf/CMakeListsEfl.txt:
-
-2010-10-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Lazily create activation objects
-        https://bugs.webkit.org/show_bug.cgi?id=47107
-
-        Make it possible to lazily create the activation object
-        for a function that needs one.  This allows us to reduce
-        the overhead of entering a function that may require
-        an activation in some cases, but not always.
-
-        This does make exception handling a little more complex as
-        it's now necessary to verify that a callframes activation
-        has been created, and create it if not, in all of the
-        paths used in exception handling.
-
-        We also need to add logic to check for the existence of
-        the activation in the scoped_var opcodes, as well as
-        op_ret, op_ret_object_or_this and op_tearoff_activation
-        so that we can avoid creating an activation unnecesarily
-        on function exit. 
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::createActivation):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setActivationRegister):
-        (JSC::CodeBlock::activationRegister):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitNewFunctionInternal):
-        (JSC::BytecodeGenerator::emitNewFunctionExpression):
-        (JSC::BytecodeGenerator::createActivationIfNecessary):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBase):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::emit_op_create_activation):
-        (JSC::JIT::emit_op_resolve_global_dynamic):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_create_activation):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-10-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        Remove ENABLE_SANDBOX
-        https://bugs.webkit.org/show_bug.cgi?id=47032
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-10-01  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Geoffrey Garen.
-        Specify ALWAYS_INLINE at function declaration not function definition
-        https://bugs.webkit.org/show_bug.cgi?id=46960
-
-        For functions defined with ALWAYS_INLINE, add the attribute to the declaration as well.
-
-        * bytecompiler/BytecodeGenerator.h:
-        * wtf/FastMalloc.cpp:
-
-2010-10-01  Kwang Yul Seo  <skyul@company100.net>
-
-        Unreviewed.
-
-        [BREWMP] Change Collector BLOCK_SIZE to 64KB
-        https://bugs.webkit.org/show_bug.cgi?id=46436
-
-        Lower BLOCK_SIZE to 64KB because Brew MP runs on low end devices.
-
-        * runtime/Collector.h:
-
-2010-10-01  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Stack overflow on symbian platform.
-        https://bugs.webkit.org/show_bug.cgi?id=40598
-        
-        Move big allocation in arrayProtoFuncToString from stack to heap.
-        JSC::arrayProtoFuncToString function can be called recursivly and
-        1K allocation on stack cahse stack overflow.
-        Can be useful for other platforms with limited stack size.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-
-2010-09-30  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Add a factory function which returns an instance wrapped in PlatformRefPtr.
-        https://bugs.webkit.org/show_bug.cgi?id=46373
-
-        A Brew MP instance has reference count 1 when it is created, so call adoptPlatformRef
-        to wrap the instance in PlatformRefPtr.
-
-        * wtf/brew/ShellBrew.h:
-        (WTF::createRefPtrInstance):
-
-2010-09-30  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Port PlatformRefPtr
-        https://bugs.webkit.org/show_bug.cgi?id=46370
-
-        Implement refPlatformPtr and derefPlatformPtr to use PlatformRefPtr in Brew MP.
-
-        * wtf/brew/RefPtrBrew.h: Added.
-        (WTF::refPlatformPtr):
-        (WTF::derefPlatformPtr):
-
-2010-09-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add additional checks to StringBuffer.
-        <rdar://problem/7756381>
-
-        * wtf/text/StringBuffer.h:
-        (WTF::StringBuffer::StringBuffer):
-        (WTF::StringBuffer::resize):
-
-2010-09-30  Chris Marrin  <cmarrin@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Make 2D accelerated canvas rendering build on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=46007
-        
-        Added ACCELERATED_2D_CANVAS to FeatureDefines
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-09-30  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] wxMSW build fix. Make sure we copy the compiler flags and remove exception handling from
-        the copy so as not to alter global settings.
-
-        * wscript:
-
-2010-09-30  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        The case-insensitivity backreference checking isn't working with YARR
-        Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=46882
-
-        Add ignorecase checking to the Interpreter::tryConsumeBackReference() function.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::tryConsumeBackReference):
-
-2010-09-30  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Andreas Kling.
-
-        [BREWMP] Leave initializeRandomNumberGenerator empty.
-        https://bugs.webkit.org/show_bug.cgi?id=46851
-
-        On Brew MP, AEECLSID_RANDOM initializes itself.
-
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-
-2010-09-30  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Remove unnecessary cacheFlush calls from Thumb-2
-        https://bugs.webkit.org/show_bug.cgi?id=46702
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::relinkCall):
-        (JSC::ARMv7Assembler::repatchInt32):
-        (JSC::ARMv7Assembler::repatchPointer):
-
-2010-09-29  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed.
-
-        Next try to fix cygwin build.
-
-        * wtf/Assertions.cpp:
-
-2010-09-29  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed.
-
-        Build fix for cygwin #2. It's OS(WINDOWS), not OS(WIN).
-
-        * wtf/Assertions.cpp:
-
-2010-09-29  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed.
-
-        Build fix for cygwin.
-
-        * wtf/Assertions.cpp:
-
-2010-09-29  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        [WINCE] Buildfix for Assertions.cpp after r68511.
-        https://bugs.webkit.org/show_bug.cgi?id=46807
-
-        Some, but not all WinCE environments have support for IsDebuggerPresent().
-        Add HAVE(ISDEBUGGERPRESENT) to make this a build option.
-        HAVE(ISDEBUGGERPRESENT) will be 1 for all OS(WIN) by default.
-
-        * wtf/Assertions.cpp:
-        * wtf/Platform.h:
-
-2010-09-29  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Csaba Osztrogonác.
-
-        JSC compile fails on 32bit platform when Regexp Tracing is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=46713
-
-        Fix the cast of pointer in regexp tracing to avoid the warning.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-
-2010-09-28  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Begin hooking up painting in the plug-in process
-        https://bugs.webkit.org/show_bug.cgi?id=46766
-
-        * JavaScriptCore.exp:
-        Add tryFastRealloc, used by WebKit2.
-
-2010-09-28  Philippe Normand  <pnormand@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Guard GRefPtr/GOwnPtr files with ENABLE(GLIB_SUPPORT)
-        https://bugs.webkit.org/show_bug.cgi?id=46721
-
-        Enable GOwnPtr/GRefPtr build only if glib support has been
-        explicitly enabled using the WTF_ENABLE_GLIB_SUPPORT macro.
-
-        * wtf/gobject/GOwnPtr.cpp:
-        * wtf/gobject/GOwnPtr.h:
-        * wtf/gobject/GRefPtr.cpp:
-        * wtf/gobject/GRefPtr.h:
-
-2010-09-28  İsmail Dönmez  <ismail@namtrac.org>
-
-        Reviewed by Andreas Kling.
-
-        Test for WINCE instead of WINCEBASIC, compiler always defines WINCE.
-        Remove reference to unexisting path JavaScriptCore/os-wince.
-
-        * JavaScriptCore.pri:
-        * wtf/Assertions.cpp:
-
-2010-09-27  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Changed the initialization of JSArray objects to have space for 
-        3 elements for the constructor that takes a ArgList argument.
-        This improves v8-deltablue performance by about 2.8% by reducing 
-        the number of realloc() calls.
-        https://bugs.webkit.org/show_bug.cgi?id=46664
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-
-2010-09-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 46680 - Inlining string concatenation can regress interpreter performance
-        <rdar://problem/8362752> REGRESSION: ~6.4% sunspider regression in interpreter
-        Do not inline calls to string concatenation in the interpret loop.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::concatenateStrings):
-        (JSC::Interpreter::privateExecute):
-
-2010-09-27  Anders Carlsson  <andersca@apple.com>
-
-        Fix thinko.
-
-        * runtime/JSCell.h:
-
-2010-09-27  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Try to fix Windows build.
-
-        * runtime/JSCell.h:
-        (JSC::MSVCBugWorkaround::MSVCBugWorkaround):
-        (JSC::MSVCBugWorkaround::~MSVCBugWorkaround):
-
-2010-09-27  Erik Arvidsson  <arv@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Add operator == for AtomicString and Vector<Uchar>
-        https://bugs.webkit.org/show_bug.cgi?id=46509
-
-        * JavaScriptCore.exp:
-        * wtf/text/AtomicString.cpp:
-        (WTF::operator==):
-        * wtf/text/AtomicString.h:
-        (WTF::operator==):
-        (WTF::operator!=):
-
-2010-09-27  Anders Carlsson  <andersca@apple.com>
-
-        Try to fix the Windows build.
-
-        * wtf/Noncopyable.h:
-
-2010-09-26  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Alexey Proskuryakov and Adam Barth.
-
-        Add WTF_MAKE_NONCOPYABLE macro
-        https://bugs.webkit.org/show_bug.cgi?id=46589
-
-        Going forward, we'd like to get rid of the Noncopyable and FastAllocBase classes. The
-        reason for this is that the Itanium C++ ABI states that no empty classes of the same type
-        can be laid out at the same offset in the class. This can result in objects getting larger
-        which leads to memory regressions. (One example of this is the String class which grew by
-        sizeof(void*) when both its base class and its first member variable inherited indirectly
-        from FastAllocBase).
-
-        * wtf/Noncopyable.h:
-        Add a WTF_MAKE_NONCOPYABLE macro and get rid of NoncopyableCustomAllocated.
-        
-        * runtime/JSCell.h:
-        * wtf/RefCounted.h:
-        Don't inherit from NoncopyableCustomAllocated. Instead, use WTF_MAKE_NONCOPYABLE.
-
-2010-09-27  Philippe Normand  <pnormand@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] use ENABLE(GLIB_SUPPORT)
-        https://bugs.webkit.org/show_bug.cgi?id=46630
-
-        * wtf/Platform.h: Include GTypedefs.h only if glib support
-        is explicitly enabled.
-
-2010-09-25  Holger Hans Peter Freyther  <holger@moiji-mobile.com>
-
-        Reviewed by Adam Barth.
-
-        jsc: Document the strcat opcode.
-        https://bugs.webkit.org/show_bug.cgi?id=46571
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-09-21  Holger Hans Peter Freyther  <holger@moiji-mobile.com>
-
-        Reviewed by Adam Barth.
-
-        make-bytecode-docs.pl: Add a comment to the generated HTML
-        https://bugs.webkit.org/show_bug.cgi?id=46570
-
-        Generate an HTML Comment that this file was generated from
-        Interpreter.cpp with the make-bytecode-docs.pl script.
-
-        * docs/make-bytecode-docs.pl:
-
-2010-09-27  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Remove WTF::stringHash functions
-        https://bugs.webkit.org/show_bug.cgi?id=46520
-
-        Since r68289 the stringHash functions are only wrappers around StringHasher::createHash.
-        So use StringHasher::createHash directly and remove stringHash.
-
-        * wtf/StringHashFunctions.h:
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::computeHash): Use WTF::StringHasher::createHash directly.
-
-2010-09-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Add WTF::StringHasher::createBlobHash
-        https://bugs.webkit.org/show_bug.cgi?id=46514
-
-        Add this function for hashing FormElementKey and QualifiedNameComponents.
-
-        * wtf/StringHashFunctions.h:
-        (WTF::StringHasher::createBlobHash):
-
-2010-09-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        REGRESSION (r68289): Assertion failure in StringHasher::addCharacter() (ch != invalidCharacterValue)
-        running websocket/tests/bad-sub-protocol-non-ascii.html
-        https://bugs.webkit.org/show_bug.cgi?id=46553
-
-        Because we use StringHasher for binary data too, so the check for invalid unicode input is wrong.
-        Add an additional member variable to indicate if we have an pending character
-        instead of only using an invalid character for this purpose.
-
-        * wtf/StringHashFunctions.h:
-        (WTF::StringHasher::StringHasher):
-        (WTF::StringHasher::addCharacters):
-        (WTF::StringHasher::addCharacter):
-        (WTF::StringHasher::hash):
-
-2010-09-26  Mark Hahnenberg  <mhahnenb@gmail.com>
-
-        Reviewed by Oliver Hunt.
-
-        valueOf called in wrong order in atan2 and date constructors.
-        https://bugs.webkit.org/show_bug.cgi?id=26978
-
-        Fixed the bug where the arguments to atan2 were being evaluated 
-        out of order.
-
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncATan2):
-
-2010-09-26  Mark Hahnenberg  <mhahnenb@gmail.com>
-
-        Reviewed by Oliver Hunt.
-
-        valueOf called in wrong order in atan2 and date constructors.
-        https://bugs.webkit.org/show_bug.cgi?id=26978
-
-        Fixed the issue where the parameters to the Date constructor
-        were being evaluated to numbers more than once.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::dateUTC):
-
-2010-09-25  Oliver Hunt  <oliver@apple.com>
-
-        Fix various builds
-
-        Relearning the lesson that last minute changes are bad.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetArgumentsLength):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-
-2010-09-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Avoid constructing arguments object when accessing length and index properties
-        https://bugs.webkit.org/show_bug.cgi?id=46572
-
-        Add opcodes to read argument length and properties, and then implement them.
-        Much like other lazy opcodes these opcodes take a fast path when the arguments
-        object has not been instantiated, and fall back on generic access mechanisms
-        if they are acting on an instantiated object.
-
-        3% win on v8-earleyboyer, no change elsewhere.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetArgumentsLength):
-        (JSC::BytecodeGenerator::emitGetArgumentByVal):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BracketAccessorNode::emitBytecode):
-        (JSC::DotAccessorNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_arguments_length):
-        (JSC::JIT::emitSlow_op_get_arguments_length):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_arguments_length):
-        (JSC::JIT::emitSlow_op_get_arguments_length):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-
-2010-09-25  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed.
-
-        Fix typo in StringHasher class
-        https://bugs.webkit.org/show_bug.cgi?id=45970
-
-        * wtf/StringHashFunctions.h:
-        (WTF::StringHasher::createHash):
-
-2010-09-24  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add WTF::StringHasher
-        https://bugs.webkit.org/show_bug.cgi?id=45970
-
-        StringHasher is a class for calculation stringHash out of character string.
-        This class will unify the different usages of the same algorithm.
-
-        * wtf/StringHashFunctions.h:
-        (WTF::StringHasher::StringHasher):
-        (WTF::StringHasher::addCharacters):
-        (WTF::StringHasher::addCharacter):
-        (WTF::StringHasher::hash):
-        (WTF::StringHasher::createHash):
-        (WTF::StringHasher::defaultCoverter):
-        (WTF::StringHasher::addCharactersToHash):
-        (WTF::stringHash):
-
-2010-09-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Variable declarations inside a catch scope don't get propogated to the parent scope
-        https://bugs.webkit.org/show_bug.cgi?id=46501
-
-        Add logic to make variable declaration look for a scope for the
-        new variable.  This allows us to create a scope (eg. for catch)
-        and then seal it, so that additional variable declarations
-        contained are propogated to the correct target.  Strangely this
-        comes out as a performance win, but I think it's mostly cache
-        effects.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::Scope):
-        (JSC::JSParser::Scope::preventNewDecls):
-        (JSC::JSParser::Scope::allowsNewDecls):
-        (JSC::JSParser::declareVariable):
-        (JSC::JSParser::parseVarDeclarationList):
-        (JSC::JSParser::parseConstDeclarationList):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseFormalParameters):
-        (JSC::JSParser::parseFunctionDeclaration):
-
-2010-09-24  İsmail Dönmez  <ismail@namtrac.org>
-
-       Reviewed by Csaba Osztrogonác.
-
-       Add a Windows compatible inttypes.h header to fix WinCE build.
-       https://bugs.webkit.org/show_bug.cgi?id=46463
-
-       * os-win32/inttypes.h: Added.
-
-2010-09-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION(r68223): It broke 2-3 tests on bots (Requested by Ossy on #webkit).
-        https://bugs.webkit.org/show_bug.cgi?id=46448
-
-        Roll this back in, with additional logic to prevent us from delaying construction
-        of functions named "arguments"
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitInitLazyRegister):
-        (JSC::BytecodeGenerator::registerFor):
-        (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
-        (JSC::BytecodeGenerator::constRegisterFor):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        (JSC::BytecodeGenerator::emitNewFunctionInternal):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_init_lazy_reg):
-        (JSC::JIT::emit_op_new_func):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_init_lazy_reg):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::needsActivationForMoreThanVariables):
-
-2010-09-23  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r68223.
-        http://trac.webkit.org/changeset/68223
-        https://bugs.webkit.org/show_bug.cgi?id=46448
-
-        It broke 2-3 tests on bots (Requested by Ossy on #webkit).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::registerFor):
-        (JSC::BytecodeGenerator::constRegisterFor):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_func):
-        (JSC::JIT::emit_op_init_arguments):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_new_func):
-        (JSC::JIT::emit_op_init_arguments):
-        * parser/Nodes.h:
-
-2010-09-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Delay construction of functions that aren't captured
-        https://bugs.webkit.org/show_bug.cgi?id=46433
-
-        If a function isn't captured by an activation there's no
-        way it can be accessed indirectly, so we can delay the
-        construction until it's used (similar to what we do with
-        arguments).  We rename the existing op_init_arguments to
-        op_init_lazy_reg and removed its implicit handling of
-        the anonymous argument register, and make op_new_function
-        take a parameter to indicate whether it should null check
-        the target slot before creating the function object.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitInitLazyRegister):
-        (JSC::BytecodeGenerator::registerFor):
-        (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
-        (JSC::BytecodeGenerator::constRegisterFor):
-        (JSC::BytecodeGenerator::emitNewFunction):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        (JSC::BytecodeGenerator::emitNewFunctionInternal):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_init_lazy_reg):
-        (JSC::JIT::emit_op_new_func):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_init_lazy_reg):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::needsActivationForMoreThanVariables):
-
-2010-09-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8460731> ~9.9% speedup when compiling interpreter with llvm-gcc-4.2
-        https://bugs.webkit.org/show_bug.cgi?id=46423
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Disable the gcc computed
-        goto hacks added in r55564 when compiling with llvm-gcc-4.2.
-
-2010-09-23  Lucas De Marchi  <lucas.demarchi@profusion.mobi>
-
-        Reviewed by Darin Adler.
-
-        Fix usage of enum as if it was a define
-        https://bugs.webkit.org/show_bug.cgi?id=46355
-
-        pthread.h defines PTHREAD_MUTEX_DEFAULT and PTHREAD_MUTEX_NORMAL as an
-        enum.  Hence, it cannot be used by the preprocessor which always
-        evaluates that condition as true. This was giving a warning when
-        compiling with gcc and "-Wundef" flag.
-
-        The second path, when PTHREAD_MUTEX_DEFAULT is not the same of
-        PTHREAD_MUTEX_NORMAL, is not slow. So, let's eliminate the first path
-        and get rid of that #if.
-
-        * wtf/ThreadingPthreads.cpp: Always call pthread_mutexattr_init() to
-        set mutex type to PTHREAD_MUTEX_NORMAL.
-        (WTF::Mutex::Mutex):
-
-2010-09-23  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Removed extraneous truncation of ovector on entry and error exit.
-        Changed the initialization to -1 of vector to only initialize
-        the start indecies, which is sufficient for the pattern/subpatterns.
-        Changed the JIT code to not clear the end index for subpatterns
-        as it isn't needed.  These changes are worth ~2.7% on v8-regexp.
-        https://bugs.webkit.org/show_bug.cgi?id=46404
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-
-2010-09-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Only copy captured variables into activation
-        https://bugs.webkit.org/show_bug.cgi?id=46330
-
-        We now track free variable information which means that
-        we no longer need to copy every variable defined in a
-        function.  With this patch activations only retain those
-        variables needed for correctness.  In order to interact
-        safely with the inspector this means that JSActivation
-        now provides its own lookup functions so it can avoid 
-        trying to read or write to variables that have been
-        optimised out.
-
-        * bytecode/CodeBlock.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::capturedVariableCount):
-        (JSC::ScopeNode::captures):
-        * runtime/Arguments.h:
-        (JSC::JSActivation::copyRegisters):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::capturedVariableCount):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        * runtime/JSActivation.h:
-
-2010-09-23  Ismail Donmez  <ismail@namtrac.org>
-
-        Reviewed by Andreas Kling.
-
-        Fix jsc.exe build for Windows CE
-
-        * jsc.pro: Add mmtimer.lib for Windows CE.
-
-2010-09-23  Ismail Donmez  <ismail@namtrac.org>
-
-        Unreviewed.
-
-        JIT should be disabled on Windows CE. Broken in r64176.
-
-        * wtf/Platform.h:
-
-2010-09-23  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Gavin Barraclough.
-
-        Reduce the number of BOL checks in YARR Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=46260
-
-        Extend the YARR Interpreter with an optimization which reduces the number of
-        BOL assertion checks. If a "TypeBodyAlternative" byteTerm is followed by a
-        "TypeAssertionBOL" byteTerm it will be checked just one time.
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::ByteCompiler::compile):
-        (JSC::Yarr::ByteCompiler::regexBegin):
-        (JSC::Yarr::ByteCompiler::alternativeBodyDisjunction):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/RegexInterpreter.h:
-        (JSC::Yarr::ByteTerm::BodyAlternativeBegin):
-        (JSC::Yarr::ByteTerm::BodyAlternativeDisjunction):
-        (JSC::Yarr::ByteTerm::BodyAlternativeEnd):
-        (JSC::Yarr::ByteTerm::AlternativeBegin):
-        (JSC::Yarr::ByteTerm::AlternativeDisjunction):
-        (JSC::Yarr::ByteTerm::AlternativeEnd):
-
-2010-09-22  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed the cross over from alternatives executed once and
-        those that loop.  This fixed the problem where the index
-        was getting messed up for looping alternatives causing an
-        infinite loop.
-        https://bugs.webkit.org/show_bug.cgi?id=46189
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-
-2010-09-22  Steve Falkenburg  <sfalken@apple.com>
-
-        Rubber stamped by Jon Honeycutt.
-
-        Allow jsc.exe to be run against unversioned ICU.
-
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-
-2010-09-22  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Laszlo Gombos.
-
-        Use "typedef wchar_t JSChar" when compiled with RVCT
-        https://bugs.webkit.org/show_bug.cgi?id=40651
-
-        Use wchar_t for JSChar and UChar when compiled with RVCT.
-        Linux is the exception for this rule.
-
-        * API/JSStringRef.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2010-09-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [INTERPRETER] Two tests fail with SputnikError: #1.1: if argArray is neither an array nor an arguments object (see 10.1.8), a TypeError exception is thrown
-        https://bugs.webkit.org/show_bug.cgi?id=44245
-
-        Remove incorrect code from op_load_varargs in the interpreter.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-09-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [JIT] fast/js/sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.5/S15.3.5.3_A2_T6.html fails
-        https://bugs.webkit.org/show_bug.cgi?id=44246
-
-        JIT code generated for instanceof was not checking to ensure that the prototype property was
-        an object, this patch ensures that it does.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-
-2010-09-22  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Inline UTF8SequenceLength
-        https://bugs.webkit.org/show_bug.cgi?id=45589
-
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::convertUTF8ToUTF16): Use inline version of UTF8SequenceLength to improve performance.
-
-2010-09-21  Oliver Hunt  <oliver@apple.com>
-
-        RS=Gavin Barraclough.
-
-        Fix codeblock dumping
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-
-2010-09-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Speed up function.apply(..., arguments)
-        https://bugs.webkit.org/show_bug.cgi?id=46207
-
-        Add code to do argument copying inline in the case
-        where we're using Function.apply to forward our arguments
-        directly.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-           Splitted op_load_varargs into fast and slow paths, so add the call
-           to the slow path generator.
-        * jit/JIT.h:
-        * jit/JITCall32_64.cpp:
-          Remove 32bit specific emit_op_load_varargs as the logic is the
-          same for all value representations
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_load_varargs):
-          Copy arguments inline
-        (JSC::JIT::emitSlow_op_load_varargs):
-
-2010-09-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/8363003> REGRESSION: ~1.4% sunspider regression in
-        interpreter due to 54724 and 54596
-        
-        Fixed a typo (using "UNLIKELY" instead of "LIKELY").
-        
-        * wtf/PassRefPtr.h:
-        (WTF::refIfNotNull):
-        (WTF::derefIfNotNull): It is likely that m_ptr != 0 because most RefPtrs
-        hold real data. Also, in cases where they do not hold real data, the
-        compiler usually sees a call to release() right before the call to the
-        destructor, so it can probably optimize out the test completely.
-
-2010-09-21  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Martin Robinson.
-
-        Build issues with Windows versions of the GTK+ port
-        https://bugs.webkit.org/show_bug.cgi?id=45844
-
-        Link with winmm.dll when necessary and specify the executable extension
-        explicitely so that the Programs/jsc-@WEBKITGTK_API_MAJOR_VERSION@
-        rule actually works.
-
-        Don't try to build the ThreadSpecificWin.cpp since GTK+ port uses
-        a section in ThreadSpecific.cpp
-
-        * GNUmakefile.am:
-
-2010-09-21  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] 'make dist' should be fixed in preparation for the next release
-        https://bugs.webkit.org/show_bug.cgi?id=46129
-
-        * GNUmakefile.am: Update the sources list to include missing headers.
-
-2010-09-21  Dave Tapuska  <dtapuska@rim.com>
-
-        Reviewed by Csaba Osztrogonác.
-
-        https://bugs.webkit.org/show_bug.cgi?id=45673
-
-        r65596 caused ENABLE_PROFILER_REFERENCE_OFFSET to not be
-        8 byte aligned. A non 8 byte divisible value for this will
-        cause the sp to become non 8 byte aligned.
-
-        Verify and correct offset values that r65596 effected that
-        weren't updated.
-
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-
-2010-09-21  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Fix Opcode stats compilation
-        https://bugs.webkit.org/show_bug.cgi?id=46079
-
-        The FixedArray API had changed, and <stdio.h> was not included for
-        printf.
-
-        * bytecode/Opcode.cpp:
-        (JSC::OpcodeStats::~OpcodeStats):
-
-2010-09-20  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed detection of alternative smaller than the first alternative
-        to only check looping alternatives.
-        https://bugs.webkit.org/show_bug.cgi?id=46049
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-
-2010-09-20  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        REGRESSION(67790): jsc tests are failed with YARR interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=46083
-
-        Fix the initializing of the lastSubpatternId member of
-        parentheses.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomParenthesesEnd):
-
-2010-09-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 46077 - ASSERT failure in YARR JIT
-
-        We will currently attempt to loop if there are multiple alternatives, they are all
-        BOL predicated, and the last alternative is longer then the first - however if all
-        alternatives are BOL predicated the head of loop label will not have been set, and
-        we'll try to link a jump to an undefined label. Stop doing so.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-
-2010-09-20  Adam Roben  <aroben@apple.com>
-
-        Export RegExpObject::info from JavaScriptCore
-
-        This allows obj->inherits(&RegExpObject::info) to work correctly from
-        outside JavaScriptCore.dll on Windows.
-
-        Fixes <http://webkit.org/b/46098>
-        fast/loader/stateobjects/pushstate-object-types.html fails on Windows
-
-        Reviewed by John Sullivan.
-
-        * runtime/RegExpObject.h: Added JS_EXPORTDATA to the info member, as
-        we already have for some other classes whose info members have to be
-        used from outside the DLL.
-
-2010-09-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix pt 2.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-09-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix pt 1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-09-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix - implicit double-to-int conversion invalid on 32-bit.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::fillStructuresUsingDateArgs):
-        (JSC::dateProtoFuncSetYear):
-
-2010-09-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 46065 - Unify implementation of ToInt32 and ToUInt32, don't use fmod.
-
-        These methods implement the same conversion (see discussion in the notes
-        of sections of 9.5 and 9.6 of the spec), only differing in how the result
-        is interpretted.
-
-        Date prototype is incorrectly using toInt32, and this is causing us to
-        provide an output value indicating whether the input to ToInt32 was finite
-        (the corresponding methods on Date are actually spec'ed to use ToInteger,
-        not ToInt32).  This patch partially fixes this in order to remove this
-        bogus output value, hoewever more work will be require to bring Date
-        fully up to spec compliance (the constructor is still performing ToInt32
-        conversions).
-
-        * JavaScriptCore.exp:
-        * runtime/DatePrototype.cpp:
-        (JSC::fillStructuresUsingTimeArgs):
-        (JSC::fillStructuresUsingDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/JSValue.cpp:
-        (JSC::toInt32):
-        * runtime/JSValue.h:
-        (JSC::toUInt32):
-        (JSC::JSValue::toInt32):
-        (JSC::JSValue::toUInt32):
-
-2010-09-18  Darin Adler  <darin@apple.com>
-
-        First step in fixing Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Removed incorrect symbol. The build will probably still fail,
-        but the failure will tell us what symbol to add.
-
-2010-09-18  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Added code to unroll regular expressions containing ^.
-        Alternatives that begin with ^ are tagged during parsing
-        and rolled up in containing sub expression structs.
-        After parsing, a regular expression flagged as containing
-        a ^ (a.k.a. BOL) is processed further in optimizeBOL().
-        A copy of the disjunction is made excluding alternatives that
-        are rooted with BOL.  The original alternatives are flagged
-        to only be executed once.  The copy of the other alternatives are
-        added to the original expression.
-        In the case that all original alternatives are flagged, there
-        won't be any looping alternatives.
-        The JIT generator will emit code accordingly, executing the
-        original alternatives once and then looping over the
-        alternatives that aren't anchored with a BOL (if any).
-        https://bugs.webkit.org/show_bug.cgi?id=45787
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::assertionBOL):
-        (JSC::Yarr::RegexPatternConstructor::atomParenthesesEnd):
-        (JSC::Yarr::RegexPatternConstructor::copyDisjunction):
-        (JSC::Yarr::RegexPatternConstructor::copyTerm):
-        (JSC::Yarr::RegexPatternConstructor::optimizeBOL):
-        (JSC::Yarr::compileRegex):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::PatternAlternative::PatternAlternative):
-        (JSC::Yarr::PatternAlternative::setOnceThrough):
-        (JSC::Yarr::PatternAlternative::onceThrough):
-        (JSC::Yarr::PatternDisjunction::PatternDisjunction):
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-
-2010-09-18  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Rename Wince files to WinCE
-        https://bugs.webkit.org/show_bug.cgi?id=37287
-
-        * wtf/unicode/Unicode.h:
-        * wtf/unicode/wince/UnicodeWinCE.cpp: Copied from JavaScriptCore/wtf/unicode/wince/UnicodeWince.cpp.
-        * wtf/unicode/wince/UnicodeWinCE.h: Copied from JavaScriptCore/wtf/unicode/wince/UnicodeWince.h.
-        * wtf/unicode/wince/UnicodeWince.cpp: Removed.
-        * wtf/unicode/wince/UnicodeWince.h: Removed.
-        * wtf/wince/FastMallocWinCE.h: Copied from JavaScriptCore/wtf/wince/FastMallocWince.h.
-        * wtf/wince/FastMallocWince.h: Removed.
-
-2010-09-18  Ademar de Souza Reis Jr  <ademar.reis@openbossa.org>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Enable Platform Strategies on Qt
-
-        [Qt] Turn on PLATFORM_STRATEGIES
-        https://bugs.webkit.org/show_bug.cgi?id=45831
-
-        * wtf/Platform.h: Enable Platform Strategies when building QtWebkit
-
-2010-09-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Imprecise tracking of variable capture leads to overly pessimistic creation of activations
-        https://bugs.webkit.org/show_bug.cgi?id=46020
-
-        The old logic for track free and captured variables would cause us
-        to decide we needed an activation in every function along the scope
-        chain between a variable capture and its declaration.  We now track
-        captured variables precisely which requires a bit of additional work
-
-        The most substantial change is that the parsing routine needs to
-        be passed the list of function parameters when reparsing a function
-        as when reparsing we don't parse the function declaration itself only
-        its body.
-
-        * JavaScriptCore.exp:
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::Scope):
-        (JSC::JSParser::Scope::needsFullActivation):
-           We need to distinguish between use of a feature that requires
-           an activation and eval so we now get this additional flag.
-        (JSC::JSParser::Scope::collectFreeVariables):
-        (JSC::JSParser::Scope::getCapturedVariables):
-           We can't simply return the list of "capturedVariables" now as
-           is insufficiently precise, so we compute them instead.
-        (JSC::JSParser::popScope):
-        (JSC::jsParse):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseWithStatement):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseFunctionInfo):
-        (JSC::JSParser::parseFunctionDeclaration):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseMemberExpression):
-        * parser/JSParser.h:
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        (JSC::FunctionExecutable::fromGlobalCode):
-           Pass function parameters (if available) to the parser.
-
-2010-09-17  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add IsFloatingPoint and IsArithmetic type traits
-        https://bugs.webkit.org/show_bug.cgi?id=46018
-
-        * wtf/TypeTraits.h:
-        * wtf/TypeTraits.cpp:
-
-2010-09-17  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Oliver Hunt.
-
-        [GTK] FontPlatformDataFreeType should use smart pointers to hold its members
-        https://bugs.webkit.org/show_bug.cgi?id=45917
-
-        Added support to PlatformRefPtr for handling HashTableDeletedValue.
-
-        * wtf/PlatformRefPtr.h:
-        (WTF::PlatformRefPtr::PlatformRefPtr): Added a constructor that takes HashTableDeletedValue.
-        (WTF::PlatformRefPtr::isHashTableDeletedValue): Added.
-
-2010-09-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Crash due to timer triggered GC on one heap while another heap is active
-        https://bugs.webkit.org/show_bug.cgi?id=45932
-        <rdar://problem/8318446>
-
-        The GC timer may trigger for one heap while another heap is active.  This
-        is safe, but requires us to ensure that we have temporarily associated the
-        thread's identifierTable with the heap we're collecting on.  Otherwise we
-        may end up with the identifier tables in an inconsistent state leading to
-        an eventual crash.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocate):
-        (JSC::Heap::reset):
-        (JSC::Heap::collectAllGarbage):
-           Add assertions to ensure we have the correct identifierTable active
-           while collecting.
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallbackPlatformData::trigger):
-           Temporarily make the expected IdentifierTable active
-        * wtf/WTFThreadData.h:
-        (JSC::IdentifierTable::remove):
-           Make it possible to see when IdentifierTable::remove has succeeded
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::~StringImpl):
-           CRASH if an StringImpl is an Identifier but isn't present in the
-           active IdentifierTable.  If we get to this state something has
-           gone wrong and we should just crash immediately.
-
-2010-09-16  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] Implement dissolveDragImageToFraction
-        https://bugs.webkit.org/show_bug.cgi?id=45826
-
-        * wtf/gobject/GTypedefs.h: Added forward declarations for GtkWindow and GdkEventExpose.
-
-2010-09-16  Eric Uhrhane  <ericu@chromium.org>
-
-        Reviewed by Jian Li.
-
-        Unify FILE_SYSTEM and FILE_WRITER enables under the name FILE_SYSTEM.
-        https://bugs.webkit.org/show_bug.cgi?id=45798
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-09-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Use free variable analysis to improve activation performance
-        https://bugs.webkit.org/show_bug.cgi?id=45837
-
-        Adds free and captured variable tracking to the JS parser.  This
-        allows us to avoid construction of an activation object in some
-        cases.  Future patches will make more use of this information to
-        improve those cases where activations are still needed.
-
-        * parser/ASTBuilder.h:
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::Scope):
-        (JSC::JSParser::Scope::declareVariable):
-        (JSC::JSParser::Scope::useVariable):
-        (JSC::JSParser::Scope::collectFreeVariables):
-        (JSC::JSParser::Scope::capturedVariables):
-        (JSC::JSParser::ScopeRef::ScopeRef):
-        (JSC::JSParser::ScopeRef::operator->):
-        (JSC::JSParser::ScopeRef::index):
-        (JSC::JSParser::currentScope):
-        (JSC::JSParser::pushScope):
-        (JSC::JSParser::popScope):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseVarDeclarationList):
-        (JSC::JSParser::parseConstDeclarationList):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseFormalParameters):
-        (JSC::JSParser::parseFunctionInfo):
-        (JSC::JSParser::parseFunctionDeclaration):
-        (JSC::JSParser::parsePrimaryExpression):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNodeData::ScopeNodeData):
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::needsActivation):
-        (JSC::ScopeNode::hasCapturedVariables):
-        * parser/Parser.cpp:
-        (JSC::Parser::didFinishParsing):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * parser/SyntaxChecker.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::needsActivation):
-        (JSC::ScriptExecutable::recordParse):
-
-2010-09-14  Hyung Song  <beergun@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Add IMemGroup and IMemSpace to OwnPtr type.
-        https://bugs.webkit.org/show_bug.cgi?id=44764
-
-        * wtf/OwnPtrCommon.h:
-        * wtf/brew/OwnPtrBrew.cpp:
-        (WTF::deleteOwnedPtr):
-
-2010-09-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Sort with non-numeric custom sort function fails on array with length but no values
-        https://bugs.webkit.org/show_bug.cgi?id=45781
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort): Replaced early exit for an array of length zero to instead
-        exit for any array without values, even if it has a non-0 length.
-
-2010-09-14  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows production build fix.
-        Roll out r65143.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2010-09-14  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Share UnicodeMacrosFromICU.h
-        https://bugs.webkit.org/show_bug.cgi?id=45710
-
-        glib, qt4 and wince use the same macros from ICU.
-        Remove the code duplication and use the same header file.
-
-        * wtf/unicode/UnicodeMacrosFromICU.h: Copied from JavaScriptCore/wtf/unicode/glib/UnicodeMacrosFromICU.h.
-        * wtf/unicode/glib/UnicodeMacrosFromICU.h: Removed.
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        * wtf/unicode/wince/UnicodeWince.h:
-
-2010-09-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Preparation for eliminating deprecatedParseURL
-        https://bugs.webkit.org/show_bug.cgi?id=45695
-
-        * wtf/text/WTFString.h: Added isAllSpecialCharacters, moved here from
-        the HTML tree builder.
-
-2010-09-13  Darin Fisher  <darin@chromium.org>
-
-        Reviewed by David Levin.
-
-        Add option to conditionally compile smooth scrolling support.
-        https://bugs.webkit.org/show_bug.cgi?id=45689
-
-        ENABLE(SMOOTH_SCROLLING) is disabled by default for all platforms.
-
-        * wtf/Platform.h:
-
-2010-09-13  Adam Roben  <aroben@apple.com>
-
-        Copy JavaScriptCore's generated sources to the right directory
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Fixed typo.
-
-2010-09-13  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Don't call _msize
-        https://bugs.webkit.org/show_bug.cgi?id=45556
-
-        Because Brew MP uses its own memory allocator, it is not correct to use
-        _msize in fastMallocSize. Add !PLATFORM(BREWMP) guard.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocSize):
-
-2010-09-11  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] V8 port: webcore project files changes
-        https://bugs.webkit.org/show_bug.cgi?id=45141
-
-        * JavaScriptCore.pro: Moved wtf specific files to wtf.pri,
-        so that they can also be used from WebCore.pro for v8 builds.
-        * wtf/wtf.pri: Added.
-
-2010-09-10  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Andreas Kling.
-
-        Add a define missing when building with glib unicode backend
-        https://bugs.webkit.org/show_bug.cgi?id=45544
-
-        * wtf/unicode/glib/UnicodeMacrosFromICU.h:
-
-2010-09-10  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-        
-        Refactor JavaScriptCore memory statistics so that WebKit doesn't need to know 
-        about the JIT and other implementation details of JavaScriptCore.  Necessary 
-        to fix PPC build.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=45528
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/MemoryStatistics.cpp: Added.
-        (JSC::memoryStatistics):
-        * runtime/MemoryStatistics.h: Added.
-
-2010-09-09  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Added a regular expression tracing facility.  This tracing is connected
-        to jsc.  Every compiled regular expression object is added to a list.
-        When the process exits, each regular expression dumps its pattern,
-        JIT address, number of times it was executed and the number of matches.
-        This tracing is controlled by the macro ENABLE_REGEXP_TRACING in
-        wtf/Platform.h.
-        https://bugs.webkit.org/show_bug.cgi?id=45401
-
-        * JavaScriptCore.exp:
-        * jsc.cpp:
-        (runWithScripts):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        (JSC::JSGlobalData::addRegExpToTrace):
-        (JSC::JSGlobalData::dumpRegExpTrace):
-        * runtime/JSGlobalData.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * wtf/Platform.h:
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::getAddr):
-
-2010-09-09  John Therrell  <jtherrell@apple.com>
-
-        32-bit build fix.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::committedByteCount):
-
-2010-09-09  John Therrell  <jtherrell@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Added statistics sampling and reporting for JavaScriptCore's RegisterFile and ExecutableAllocator classes
-        https://bugs.webkit.org/show_bug.cgi?id=45134
-
-        Added thread-safe committed byte counting and reporting functionality to RegisterFile and 
-        ExecutableAllocator.
-
-        * JavaScriptCore.exp:
-        Exported new symbols to allow for WebKit to get statistics from JavaScriptCore classes.
-        
-        * interpreter/RegisterFile.cpp:
-        (JSC::registerFileStatisticsMutex):
-        Added function which returns a static Mutex used for locking during read/write access to
-        static committed byte count variable.
-        (JSC::RegisterFile::~RegisterFile):
-        Added call to addToStatistics since memory is decommitted here.
-        (JSC::RegisterFile::releaseExcessCapacity):
-        Added call to addToStatistics since memory is decommitted here.
-        (JSC::RegisterFile::initializeThreading):
-        Added function which calls registerFileStatisticsMutex().
-        (JSC::RegisterFile::committedByteCount):
-        Added function which returns the current committed byte count for RegisterFile.
-        (JSC::RegisterFile::addToCommittedByteCount):
-        Added function which updates committed byte count.
-        
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        Added call to addToStatistics since memory is committed here.
-        (JSC::RegisterFile::grow):
-        Added call to addToStatistics since memory is committed here.
-        
-        * jit/ExecutableAllocator.h:
-        Added function prototype for public static function committedByteCount().
-        
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::release):
-        Added call to addToStatistics since memory is decommitted here.
-        (JSC::FixedVMPoolAllocator::reuse):
-        Added call to addToStatistics since memory is committed here.
-        (JSC::FixedVMPoolAllocator::addToCommittedByteCount):
-        Added function which updates committed byte count.
-        (JSC::ExecutableAllocator::committedByteCount):
-        Added function which returns the current committed byte count for ExecutableAllocator.
-        
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        Added call to RegisterFile::initializeThreading.
-
-2010-09-09  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <http://webkit.org/b/45502> JSObjectSetPrivateProperty does not handle NULL values as it claims
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetPrivateProperty): Don't call toJS if we have a NULL value as that will cause an assertion
-        failure. Instead map NULL directly to the null JSValue.
-        * API/tests/testapi.c:
-        (main): Add test coverage for the NULL value case.
-
-2010-09-09  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        [Qt] JSVALUE32_64 not works on Windows platform with MinGW compiler
-        https://bugs.webkit.org/show_bug.cgi?id=29268
-
-        * wtf/Platform.h: Enable JSVALUE32_64 for Qt/Windows/MinGW, because it works now.
-
-2010-09-08  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Removing doneSemicolon label in the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=45289
-
-        As a side effect of moving the multiline comment parsing
-        to a separate function, an opportunity raised to simplify
-        the single line comment parsing, and removing doneSemicolon
-        label. Slight performance increase on --parse-only
-        tests (from 32.8ms to 31.5ms)
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-
-2010-09-08  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Remove accessor for private member variable in JSParser
-        https://bugs.webkit.org/show_bug.cgi?id=45378
-
-        m_token is private to JSParser, so it does not seem to be useful
-        to have an accessor for it. On top of that, the file was both
-        using the accessor and directly accessing the member variable,
-        only one style should be used.
-
-2010-09-08  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        [Qt] REGRESSION(63348): jsc is broken
-        https://bugs.webkit.org/show_bug.cgi?id=42818
-
-        Need fastcall conventions on Qt/Win/MinGW.
-        Based on patches of Gavin Barraclough: r63947 and r63948.
-
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-
-2010-09-08  Robert Hogan  <robert@webkit.org>
-
-        Reviewed by Antonio Gomes.
-
-        Remove some unnecessary duplicate calls to string functions
-
-        https://bugs.webkit.org/show_bug.cgi?id=45314
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::format):
-
-2010-09-08  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        Re-Disable JIT for MSVC 64bit to fix the build on this compiler.
-        https://bugs.webkit.org/show_bug.cgi?id=45382
-
-        It was enabled in the cleanup made in r64176, though it is still
-        not implemented.
-
-        * wtf/Platform.h:
-
-2010-09-08  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] Need a WebSocket implementation
-        https://bugs.webkit.org/show_bug.cgi?id=45197
-
-        Add a GIO-based WebSocket implementation.
-
-        * wtf/gobject/GRefPtr.cpp: Added PlatformRefPtr support for GSource.
-        (WTF::refPlatformPtr):
-        (WTF::derefPlatformPtr):
-        * wtf/gobject/GRefPtr.h: Added new template specialization declarations.
-        * wtf/gobject/GTypedefs.h: Add some more GLib/GIO forward declarations.
-
-2010-08-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Handle MediaQueryExp memory management exclusively with smart pointers
-        https://bugs.webkit.org/show_bug.cgi?id=44874
-        
-        Implemented a non-copying sort function to make it possible to sort a Vector
-        of OwnPtrs (which cannot be copied). This is required for the above.
-
-        * wtf/NonCopyingSort.h: Added.
-        (WTF::nonCopyingSort): It's secretly heapsort.
-        (WTF::heapSort): heapsort implementation.
-        (WTF::siftDown): Helper function for heapsort.
-        (WTF::heapify): ditto
-
-        Adjust build systems.
-        
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-09-08  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Refactoring multiline comments in the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=45289
-
-        MultiLine comment parsing is moved to a separate function.
-
-        Slight performance increase on --parse-only tests (from 33.6ms to 32.8ms)
-        SunSpider reports no change (from 523.1ms to 521.2ms).
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseMultilineComment):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-
-2010-09-07  James Robinson  <jamesr@chromium.org>
-
-        Compile fix attempt for windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-09-07  Mihai Parparita  <mihaip@chromium.org>
-
-        Reviewed by James Robinson.
-
-        Fix Windows build after r66936
-        https://bugs.webkit.org/show_bug.cgi?id=45348
-
-        Add symbol names that were missing from r66936.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-09-07  Mihai Parparita  <mihaip@chromium.org>
-
-        Reviewed by Oliver Hunt.
-
-        pushState and replaceState do not clone RegExp objects correctly
-        https://bugs.webkit.org/show_bug.cgi?id=44718
-        
-        Move internal representation of JSC::RegExp (which depends on wether
-        YARR and YARR_JIT is enabled) into RegExpRepresentation which can live
-        in the implementation only. This makes it feasible to use RegExp in
-        WebCore without bringing in all of YARR.
-
-        * JavaScriptCore.exp: Export RegExp and RegExpObject functions that are
-        needed inside WebCore's JSC bindings.
-        * runtime/RegExp.cpp:
-        (JSC::RegExpRepresentation::~RegExpRepresentation):
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::~RegExp):
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-
-2010-09-07  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/8381749> -Wcast-align warning emitted when building with clang
-
-        Remove the -Wcast-align-warning since it isn't really useful, and clang is more aggressive about warning than gcc.
-
-        * Configurations/Base.xcconfig:
-
-2010-09-07  Zoltan Horvath  <zoltan@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION(66741): Undefined pthread macros
-        https://bugs.webkit.org/show_bug.cgi?id=45246
-
-        PTHREAD_MUTEX_NORMAL and PTHREAD_MUTEX_DEFAULT (introduced in r60487) are not defined on Linux, 
-        but used in a statement. Add an additional check to test this.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::initializeScavenger):
-
-2010-09-06  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix
-
-2010-09-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        SerializedScriptValue needs to use a flat storage mechanism
-        https://bugs.webkit.org/show_bug.cgi?id=45244
-
-        Export JSArray::put
-
-        * JavaScriptCore.exp:
-
-2010-09-06  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        Support JSVALUE32_64 on MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=43999
-
-        Add missing functions to support JSVALUE32_64 on MIPS.
-        Remove JSVALUE32 as the default for MIPS.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::divd):
-        (JSC::MIPSAssembler::mthc1):
-        (JSC::MIPSAssembler::cvtwd):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::neg32):
-        (JSC::MacroAssemblerMIPS::branchOr32):
-        (JSC::MacroAssemblerMIPS::set8):
-        (JSC::MacroAssemblerMIPS::loadDouble):
-        (JSC::MacroAssemblerMIPS::divDouble):
-        (JSC::MacroAssemblerMIPS::convertInt32ToDouble):
-        (JSC::MacroAssemblerMIPS::branchDouble):
-        (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerMIPS::zeroDouble):
-        * jit/JIT.h:
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-        * wtf/Platform.h:
-
-2010-09-06  Robert Hogan  <robert@webkit.org>
-
-        Unreviewed, compile fix.
-
-        Fix compile failure in r66843
-
-        Revert to original patch in bugzilla. Leave bug open for
-        discussion on potential removal of double utf8 conversion.
-
-        https://bugs.webkit.org/show_bug.cgi?id=45240
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::format):
-
-2010-09-06  Robert Hogan  <robert@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] utf8 encoding of console() messages
-
-        Unskip:
-        http/tests/security/xssAuditor/embed-tag-null-char.html
-        http/tests/security/xssAuditor/object-embed-tag-null-char.html
-
-        Both tests failed because Qt's implementation of String::format()
-        is casting a utf8 result to String, which assumes latin1 in
-        its constructor. So instead of casting a QString to a String, use
-        StringImpl::create() instead. Unfortunately, this involves a lot
-        of extra casts but the end result is correct.
-
-        https://bugs.webkit.org/show_bug.cgi?id=45240
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::format):
-
-2010-09-03  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=45135
-        <rdar://problem/7823714> TCMalloc_PageHeap doesn't hold a mutex while manipulating shared data
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::initializeScavenger): Make sure to create a non-recursive mutex
-        regardless of platform default, so that we can assert that it's held (this is for platforms
-        that don't have libdispatch).
-        (WTF::TCMalloc_PageHeap::signalScavenger): Assert that the mutex is held, so we can look
-        at m_scavengeThreadActive. For platforms that have libdispatch, assert that pageheap_lock
-        is held.
-        (WTF::TCMalloc_PageHeap::periodicScavenge): Make sure that pageheap_lock is held before
-        manipulating m_scavengeThreadActive. Otherwise, there is an obvious race condition, and we
-        can make unbalanced calls to dispatch_resume().
-
-2010-09-03  Lucas De Marchi  <lucas.demarchi@profusion.mobi>
-
-        Reviewed by Martin Robinson.
-
-        [EFL] Regression (66531) Build break with Glib Support
-        https://bugs.webkit.org/show_bug.cgi?id=45011
-
-        Move GtkTypedefs.h to GTypedefs.h and let it inside gobject directory
-        since when glib is enabled, EFL port needs it, too.
-
-        * CMakeListsEfl.txt: Include gobject directory to find new header
-        file.
-        * GNUmakefile.am: Ditto.
-        * wtf/CMakeListsEfl.txt: Ditto.
-        * wtf/Platform.h: Include header if port is EFL and glib support is
-        enabled.
-        * wtf/gtk/GtkTypedefs.h: Removed.
-        * wtf/gobject/GTypedefs.h: Added. Sections specific to GTK are now
-        guarded by PLATFORM(GTK).
-
-2010-09-03  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Simon Hausmann.
-
-        Fix warning in wtf/ByteArray.h
-        https://bugs.webkit.org/show_bug.cgi?id=44672
-
-        * wtf/ByteArray.h: Use maximal sized array for MSVC and unsized array for other compilers.
-
-2010-09-02  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Actually parse a URL from ParsedURL
-        https://bugs.webkit.org/show_bug.cgi?id=45080
-
-        This patch only handles standard URLs.  At some point we'll need to
-        distinguish between standard URLs and other kinds of URLs.
-
-        * wtf/url/api/ParsedURL.cpp:
-        (WTF::ParsedURL::ParsedURL):
-
-2010-09-02  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add ParsedURL and URLString to WTFURL API
-        https://bugs.webkit.org/show_bug.cgi?id=45078
-
-        Currently there's no actual URL parsing going on, but this patch is a
-        start to sketching out the API.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/url/api/ParsedURL.cpp: Added.
-        (WTF::ParsedURL::ParsedURL):
-        (WTF::ParsedURL::scheme):
-        (WTF::ParsedURL::username):
-        (WTF::ParsedURL::password):
-        (WTF::ParsedURL::host):
-        (WTF::ParsedURL::port):
-        (WTF::ParsedURL::path):
-        (WTF::ParsedURL::query):
-        (WTF::ParsedURL::fragment):
-        (WTF::ParsedURL::segment):
-        * wtf/url/api/ParsedURL.h: Added.
-        (WTF::ParsedURL::spec):
-        * wtf/url/api/URLString.h: Added.
-        (WTF::URLString::URLString):
-        (WTF::URLString::string):
-
-2010-09-02  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add WTFURL to the JavaScriptCore build on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=45075
-
-        Building code is good.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-09-02  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=43230
-        <rdar://problem/8254215> REGRESSION: Memory leak within JSParser::JSParser
-
-        One can't delete a ThreadSpecific object that has data in it. It's not even possible to
-        enumerate data objects in all threads, much less destroy them from a thread that's destroying
-        the ThreadSpecific.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::JSParser):
-        * runtime/JSGlobalData.h: 
-        * wtf/WTFThreadData.cpp:
-        (WTF::WTFThreadData::WTFThreadData):
-        * wtf/WTFThreadData.h:
-        (WTF::WTFThreadData::approximatedStackStart):
-        Moved stack guard tracking from JSGlobalData to WTFThreadData.
-
-        * wtf/ThreadSpecific.h: Made destructor unimplemented. It's dangerous, and we probably won't
-        ever face a situation where we'd want to delete a ThreadSpecific object.
-
-2010-09-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        Ecma-262 15.11.1.1 states that if the argument is undefined then an
-        Error object's message property should be set to the empty string.
-
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        (JSC::ErrorInstance::create):
-        * runtime/ErrorInstance.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-
-2010-08-31  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavenge): Replaced somewhat-quirky code that
-        mixed types with code that uses size_t.
-
-        * wtf/TCPageMap.h: Removed names of unused arguments to avoid warning.
-
-2010-08-31  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [GTK] Isolate all GTK+ typedefs into one file
-        https://bugs.webkit.org/show_bug.cgi?id=44900
-
-        * GNUmakefile.am: Add GtkTypedefs.h to the source lists.
-        * wtf/Platform.h: #include GtkTypedefs.h for the GTK+ build.
-        * wtf/ThreadingPrimitives.h: Remove GTK+ typedefs.
-        * wtf/gobject/GOwnPtr.h: Ditto.
-        * wtf/gobject/GRefPtr.h: Ditto.
-        * wtf/gtk/GtkTypedefs.h: Added.
-
-2010-08-31  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [GTK] Fix 'make dist' in preparation of the 1.3.3 release
-        https://bugs.webkit.org/show_bug.cgi?id=44978
-
-        * GNUmakefile.am: Adding missing headers to the sources list.
-
-2010-08-31  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        Support emit_op_mod() for MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=42855
-
-        This patch uses MIPS div instructions for op_mod to improve performance.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::div):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-
-2010-08-31  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Modify ASSERT_UNUSED and UNUSED_PARAM similar to Qt's Q_UNUSED.
-        https://bugs.webkit.org/show_bug.cgi?id=44870
-
-        * wtf/Assertions.h:
-        * wtf/UnusedParam.h:
-
-2010-08-31  Benjamin Poulain  <benjamin.poulain@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        JSC TimeoutChecker::didTimeOut overflows on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=38538
-
-        Make getCPUTime() return values relative to the first call.
-        The previous implementation relied on simply on currentTime(), which
-        return a time since epoch and not a time since the thread started. This
-        made the return value of getCPUTime() overflow on 32 bits.
-
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-
-2010-08-30  Mihai Parparita  <mihaip@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        HISTORY_ALWAYS_ASYNC should be removed (history should always be async)
-        https://bugs.webkit.org/show_bug.cgi?id=44315
-
-        Remove ENABLE_HISTORY_ALWAYS_ASYNC #define.
-
-        * wtf/Platform.h: 
-
-2010-08-30  Chris Rogers  <crogers@google.com>
-
-        Reviewed by Kenneth Russell.
-
-        Fix namespace for wtf/Complex.h and wtf/Vector3.h
-        https://bugs.webkit.org/show_bug.cgi?id=44892
-
-        * wtf/Complex.h:
-        * wtf/Vector3.h:
-
-2010-08-30  Andy Estes  <aestes@apple.com>
-
-        Reviewed by Eric Carlson.
-
-        Strings returned by asciiDebug() should be NULL-terminated.
-        https://bugs.webkit.org/show_bug.cgi?id=44866
-
-        * wtf/text/WTFString.cpp:
-        (asciiDebug):
-
-2010-08-30  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Refactor number parsing in the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=44104
-
-        Number parsing was full of gotos, and needed a complete
-        redesign to remove them (Only one remained). Furthermore
-        integer arithmetic is empolyed for fast cases (= small
-        integer numbers).
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseHex):
-        (JSC::Lexer::parseOctal):
-        (JSC::Lexer::parseDecimal):
-        (JSC::Lexer::parseNumberAfterDecimalPoint):
-        (JSC::Lexer::parseNumberAfterExponentIndicator):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-
-2010-08-29  Darin Adler  <darin@apple.com>
-
-        Fix Qt build.
-
-        * wtf/unicode/glib/UnicodeMacrosFromICU.h: Added U_IS_BMP.
-        * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
-        * wtf/unicode/wince/UnicodeWince.h: Ditto.
-
-2010-08-29  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Port vprintf_stderr_common
-        https://bugs.webkit.org/show_bug.cgi?id=33568
-
-        Use BREW's DBGPRINTF to output debug messages.
-
-        * wtf/Assertions.cpp:
-
-2010-08-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 44830 - In Array's prototype functyions we're incorrectly handing large index values
-
-        We are in places casting doubles to unsigneds, and unsigneds to ints, without always check
-        that the result is within bounds. This is problematic in the case of double-to-unsigned
-        conversion because we should be saturating to array length.
-
-        Also, the error return value from Array.splice should be [], not undefined.
-
-        I don't see any security concerns here. These methods are spec'ed in such a way that they
-        can be applied to non Array objects, so in all cases the (potentially bogus) indices are
-        being passed to functions that will safely check accesses are within bounds.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::argumentClampedIndexFromStartOrEnd):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/JSValue.h:
-        (JSC::JSValue::toUInt32):
-
-2010-08-28  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Add an ENABLE define for purgeable memory support
-        https://bugs.webkit.org/show_bug.cgi?id=44777
-
-        * wtf/Platform.h:
-
-2010-08-27  Kimmo Kinnunen  <kimmo.t.kinnunen@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] NPAPI Plugin metadata should be cached, and loading a plugin should not require loading every plugin
-        https://bugs.webkit.org/show_bug.cgi?id=43179
-
-        Add ENABLE_NETSCAPE_PLUGIN_METADATA_CACHE flag to enable persistent
-        NPAPI Plugin Cache. The flag is enabled by default.
-
-        * wtf/Platform.h: Add ENABLE_NETSCAPE_PLUGIN_METADATA_CACHE
-
-2010-07-27  Jer Noble  <jer.noble@apple.com>
-
-        Reviewed by Eric Carlson.
-
-        Add JavaScript API to allow a page to go fullscreen.
-        rdar://problem/6867795
-        https://bugs.webkit.org/show_bug.cgi?id=43099
-
-        * wtf/Platform.h: Enable FULLSCREEN_API mode for the Mac (except iOS).
-
-2010-08-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix pt 2.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix pt 1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 44745 - Number.toFixed/toExponential/toPrecision are inaccurate.
-
-        These methods should be using a version of dtoa that can generate results accurate
-        to the requested precision, whereas our version of dtoa is only currently able to
-        support producing results sufficiently accurate to distinguish the value from any
-        other IEEE-754 double precision number.
-
-        This change has no impact on benchmarks we track.
-
-        On microbenchmarks for these functions, this is a slight regression where a high
-        precision is requested (dtoa now need to iterate further to generate a a greater
-        number of digits), but with smaller precision values (hopefully more common) this
-        improves performance, since it reduced the accurate of result dtoa is required,
-        to produce, and removes the need to pre-round values before calling dtoa. 
-
-        * JavaScriptCore.exp:
-            doubleToStringInJavaScriptFormat renamed to numberToString
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-            doubleToStringInJavaScriptFormat renamed to numberToString
-
-        * runtime/UString.cpp:
-        (JSC::UString::number):
-            doubleToStringInJavaScriptFormat renamed to numberToString
-
-        * wtf/DecimalNumber.h:
-        (WTF::DecimalNumber::DecimalNumber):
-        (WTF::DecimalNumber::toStringDecimal):
-        (WTF::DecimalNumber::toStringExponential):
-            Remove all pre-rounding of values, instead call dtoa correctly.
-
-        * wtf/dtoa.cpp:
-        (WTF::dtoa):
-        * wtf/dtoa.h:
-            Reenable support for rounding to specific-figures/decimal-places in dtoa.
-            Modify to remove unbiased rounding, provide ECMA required away-from-zero.
-            Rewrite doubleToStringInJavaScriptFormat to use DecimalNumber, rename to
-            numberToString.
-
-2010-08-27  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        Byte alignment issue on MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=29415
-
-        MIPS accesses one byte at a time for now to avoid the help from the
-        kernel to fix unaligned accesses.
-
-        * wtf/text/AtomicString.cpp:
-        (WebCore::equal):
-        * wtf/text/StringHash.h:
-        (WebCore::StringHash::equal):
-
-2010-08-27  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Tor Arne Vestbø.
-
-        Fix a couple of typos in comment.
-
-        * bytecode/CodeBlock.h:
-
-2010-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * wtf/dtoa.cpp:
-
-2010-08-26  Gavin Barraclough  <baraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 44735 - Clean up dtoa.cpp
-        Remove unused & unmaintained code paths, reformat code to match
-        coding standard & use platform #defines from Platform.h directly.
-
-        * wtf/dtoa.cpp:
-        (WTF::storeInc):
-        (WTF::multadd):
-        (WTF::s2b):
-        (WTF::lo0bits):
-        (WTF::mult):
-        (WTF::pow5mult):
-        (WTF::lshift):
-        (WTF::diff):
-        (WTF::ulp):
-        (WTF::b2d):
-        (WTF::d2b):
-        (WTF::ratio):
-        (WTF::):
-        (WTF::strtod):
-        (WTF::quorem):
-        (WTF::dtoa):
-
-2010-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Oliver Hunt.
-
-        Partially revert r65959. The toString changes regressed the v8 tests,
-        but keep the toFixed/toExponential/toPrecision changes.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/NumberPrototype.cpp:
-        * runtime/UString.cpp:
-        (JSC::UString::number):
-        * wtf/DecimalNumber.h:
-        * wtf/dtoa.cpp:
-        (WTF::append):
-        (WTF::doubleToStringInJavaScriptFormat):
-        * wtf/dtoa.h:
-        * wtf/text/WTFString.cpp:
-        * wtf/text/WTFString.h:
-
-2010-08-26  James Robinson  <jamesr@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        [chromium] Remove the USE(GLES2_RENDERING) define and associated code
-        https://bugs.webkit.org/show_bug.cgi?id=43761
-
-        Remove WTF_USE_GLES2_RENDERING from the list of defines in chromium, it's unused.
-
-        * wtf/Platform.h:
-
-2010-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Rolling out r64608, this regressed performance.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::~LinkBuffer):
-        (JSC::LinkBuffer::performFinalization):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::executableCopy):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initGetByIdSelfList):
-        (JSC::StructureStubInfo::initGetByIdProtoList):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::create):
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::poolForSize):
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::allocInternal):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compilePatchGetArrayLength):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        * jit/JITStubs.h:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * runtime/ExceptionHelpers.cpp:
-        * runtime/ExceptionHelpers.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::compile):
-
-2010-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Brady Eidson.
-
-        Bug 44655 - Add debug only convenience methods to obtain a Vector<char> from a String/StringImpl.
-
-        * wtf/text/WTFString.cpp:
-        (asciiDebug):
-            Return a Vector<char> containing the contents of a string as ASCII.
-
-2010-08-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add PassOwnArrayPtr
-        https://bugs.webkit.org/show_bug.cgi?id=44627
-
-        * GNUmakefile.am:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Add the new files.
-
-        * wtf/Forward.h:
-        Forward declare PassOwnArrayPtr.
-        
-        * wtf/OwnArrayPtr.h:
-        Mimic the OwnPtr interface.
-
-        * wtf/OwnArrayPtrCommon.h: Added.
-        (WTF::deleteOwnedArrayPtr):
-        Move delete function here so it can be shared by OwnArrayPtr and
-        PassOwnArrayPtr.
-
-        * wtf/PassOwnArrayPtr.h: Added.
-        Mimic the PassOwnPtr interface.
-
-2010-08-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [JSC] JavaScript parsing error when loading Equifax web page
-        https://bugs.webkit.org/show_bug.cgi?id=42900
-
-        '-->' is ostensibly only meant to occur when there is only
-        whitespace preceeding it on the line.  However firefox treats
-        multiline comments as a space character, so they are allowed.
-        One side effect of the firefox model is that any line terminators
-        inside the multiline comment are ignored, so
-
-            foo/*
-            */-->
-
-        is treated as
-
-            foo -->
-
-        and so '-->' will not be a comment in this case.  Happily this simply
-        means that to fix this issue all we need to do is stop updating
-        m_atLineStart when handling multiline comments.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-
-2010-08-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Improve overflow handling in StringImpl::Replace
-        https://bugs.webkit.org/show_bug.cgi?id=42502
-        <rdar://problem/8203794>
-
-        Harden StringImpl::replace against overflow -- I can't see how this
-        could be abused, but it's better to be safe than sorry.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::replace):
-
-2010-08-26  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] The GNUmakefile.am files contain a myriad of confusing preprocessor and compiler flag definitions
-        https://bugs.webkit.org/show_bug.cgi?id=44624
-
-        Clean up GNUmakefile.am.
-
-        * GNUmakefile.am: Alphabetize the include order in javascriptcore_cppflags. Move
-        a couple include lines from the top-level GNUmakefile.am.
-
-2010-08-25  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Kent Tamura.
-
-        Local variables 'k' and 'y' in s2b() in dtoa.cpp are computed but not used
-        https://bugs.webkit.org/show_bug.cgi?id=29259
-
-        Remove unused code in dtoa.cpp, spotted by Wan-Teh Chang.
-
-        * wtf/dtoa.cpp:
-        (WTF::s2b):
-
-2010-08-25  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kevin Ollivier.
-
-        [BREWMP] Add build system
-        https://bugs.webkit.org/show_bug.cgi?id=44645
-
-        Make waf script portable so that we can add more ports.
-
-        * wscript:
-
-2010-08-25  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove the single entry regular expression cache introduced as part of
-        the fix for https://bugs.webkit.org/show_bug.cgi?id=41238.
-        The performance problem in Dromaeo that initiated that bug is no 
-        longer present. Dromaeo has been modified so that the regular
-        expression tests are somewhat random and don't benefit from a
-        single entry cache.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-
-2010-08-25  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        Cairo and EFL port shouldn't depend on glib.
-        https://bugs.webkit.org/show_bug.cgi?id=44354
-
-        Replace GRefPtr with PlatformRefPtr. Keep GLib specific bits in
-        GRefPtr.h.
-
-        * GNUmakefile.am: Add PlatformRefPtr.h to the source list.
-        * wtf/PlatformRefPtr.h: Migrated from GRefPtr.h.
-        (WTF::PlatformRefPtr::PlatformRefPtr): Ditto.
-        (WTF::PlatformRefPtr::~PlatformRefPtr): Ditto.
-        (WTF::PlatformRefPtr::clear): Ditto.
-        (WTF::PlatformRefPtr::get): Ditto.
-        (WTF::PlatformRefPtr::operator*): Ditto.
-        (WTF::PlatformRefPtr::operator->): Ditto.
-        (WTF::PlatformRefPtr::operator!): Ditto.
-        (WTF::PlatformRefPtr::operator UnspecifiedBoolType): Ditto.
-        (WTF::PlatformRefPtr::hashTableDeletedValue): Ditto.
-        (WTF::::operator): Ditto.
-        (WTF::::swap): Ditto.
-        (WTF::swap): Ditto.
-        (WTF::operator==): Ditto.
-        (WTF::operator!=): Ditto.
-        (WTF::static_pointer_cast): Ditto.
-        (WTF::const_pointer_cast): Ditto.
-        (WTF::getPtr): Ditto.
-        (WTF::adoptPlatformRef): Ditto.
-        * wtf/gobject/GRefPtr.cpp: Changes to reflect new names.
-        (WTF::refPlatformPtr):
-        (WTF::derefPlatformPtr):
-        * wtf/gobject/GRefPtr.h: Ditto.
-        (WTF::refPlatformPtr):
-        (WTF::derefPlatformPtr):
-
-2010-08-25  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Remove dead code in JSGlobalObject
-        https://bugs.webkit.org/show_bug.cgi?id=44615
-
-        The recursion data member in the JSGlobalObject and its getter
-        plus inc/dec methods seems to be unused, remove them.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        * runtime/JSGlobalObject.h:
-
-2010-08-25  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Changed the initial and subsequent allocation of vector storage to
-        Array()s. The changes are to limit sparse arrays to 100000 entries
-        and fixed the sparse map to vector storage conversion to use the 
-        minimum amount of memory needed to store the current number of entries.
-        These changes address https://bugs.webkit.org/show_bug.cgi?id=43707
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::getNewVectorLength):
-
-2010-08-16  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Avoid increasing required alignment of target type warning
-        https://bugs.webkit.org/show_bug.cgi?id=43963
-
-        Fix platform independent alignment warnings.
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetNodeAllocator::pool):
-
-2010-08-19  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Enable truncated floating point feature on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=44233
-
-        Enable truncated floating point feature with the help of VCVTR.S32.F64
-        instruction. If VCVTR.S32.F64 can't fit the result into a 32-bit
-        integer/register, it saturates at INT_MAX or INT_MIN. Testing this
-        looks quicker than testing FPSCR for exception.
-
-        Inspired by Jacob Bramley's patch from JaegerMonkey
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::cmn_r):
-        (JSC::ARMAssembler::vcvtr_s32_f64_r):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
-
-2010-08-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/DecimalNumber.h:
-        (WTF::DecimalNumber::intPow10):
-        * wtf/dtoa.cpp:
-        * wtf/dtoa.h:
-
-2010-08-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=44487
-
-        Number.toExponential/toFixed/toPrecision all contain a spaghetti of duplicated
-        code & unnecessary complexity. Add a new DecimalNumber class to encapsulate
-        double to string conversion, share the implementations of rounding &
-        decimal-fraction/exponential formatting.
-
-        * JavaScriptCore.exp:
-            Update exports.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::toThisNumber):
-        (JSC::getIntegerArgumentInRange):
-            Helper methods used in implementing toExponential/toFixed/toString.
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-            Reimplemented using new DecimalNumber class.
-            
-        * runtime/UString.cpp:
-        (JSC::UString::number):
-            Updated to call numberToString.
-
-        * wtf/DecimalNumber.h: Added.
-        (WTF::):
-        (WTF::DecimalNumber::DecimalNumber):
-        (WTF::DecimalNumber::toStringDecimal):
-        (WTF::DecimalNumber::toStringExponential):
-        (WTF::DecimalNumber::sign):
-        (WTF::DecimalNumber::exponent):
-        (WTF::DecimalNumber::significand):
-        (WTF::DecimalNumber::precision):
-        (WTF::DecimalNumber::init):
-        (WTF::DecimalNumber::isZero):
-        (WTF::DecimalNumber::roundToPrecision):
-            New class to perform double to string conversion.
-            Has three constructors, which allow conversion with no rounding,
-            rounding to significant-figures, or rounding to decimal-places,
-            and two methods for formatting strings, either using decimal
-            fraction or exponential encoding. Internal implementation uses
-            pre-rounding of the values before calling dtoa rather than
-            relying on dtoa to correctly round, which does not produce
-            fully accurate results. Hopefully we can address this in the
-            near future.
-
-        * wtf/dtoa.cpp:
-        (WTF::intPow10):
-        * wtf/dtoa.h:
-            intPow10 is used internally by DecimalNumber.
-            
-        * wtf/text/WTFString.cpp:
-        (WTF::copyToString):
-        (WTF::nanOrInfToString):
-            Used internally in numberToString for NaN/Infinity handling.
-        (WTF::numberToString):
-            Added new method to convert doubles to strings.
-
-        * wtf/text/WTFString.h:
-            Added declaration for numberToString. This is here because
-            we should switch over to using this for all double to string
-            conversion in WebCore (see section 2.4.4.3 of the HTML5 spec).
-
-2010-08-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Don't seed the JS random number generator from time()
-        https://bugs.webkit.org/show_bug.cgi?id=41868
-        <rdar://problem/8171025>
-
-        Switch to using the secure random number generator to
-        seed the fast random generator, and make the generator
-        be per global object.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::weakRandomNumber):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncRandom):
-
-2010-08-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Make overflow guards in UString::utf8 explicit
-        https://bugs.webkit.org/show_bug.cgi?id=44540
-
-        Add an explicit overflow check prior to allocating our buffer,
-        rather than implicitly relying on the guard in convertUTF16ToUTF8.
-
-        * runtime/UString.cpp:
-        (JSC::UString::utf8):
-
-2010-08-24  Yael Aharon  <yael.aharon@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Symbian] Fix commit/decommit of system memory using RChunk
-
-        Swap accidentially reversed start and m_base values for determining the
-        offset within the RChunk.
-
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::systemCommit):
-        (WTF::PageReservation::systemDecommit):
-
-2010-08-23  Patrick Gansterer  <paroga@paroga.com>
-
-        Rubber-stamped by Gabor Loki.
-
-        [WINCE] Buildfix for GeneratedJITStubs after r64818
-        https://bugs.webkit.org/show_bug.cgi?id=44469
-
-        Use " THUNK_RETURN_ADDRESS_OFFSET" instead of "#offset#".
-
-        * jit/JITStubs.cpp:
-
-2010-08-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        [REGRESSION] Interpreter incorrectly excludes prototype chain when validating put_by_id_transition
-        https://bugs.webkit.org/show_bug.cgi?id=44240
-        <rdar://problem/8328995>
-
-        Fix an error I introduced when cleaning up the interpreter side of the logic
-        to prevent setters being called in object initialisers.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-08-23  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed case where a single character search string in a string.replace()
-        did not properly handle back reference replacement.  The fix is to 
-        check for a '$' as part of the check to see if we can execute the
-        single character replace optimization.
-        https://bugs.webkit.org/show_bug.cgi?id=44067
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2010-08-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JSON.stringify is much slower than Firefox on particular pathological input
-        https://bugs.webkit.org/show_bug.cgi?id=44456
-
-        Make StringBuilder::reserveCapacity reserve additional space so we don't end up
-        repeatedly copying the entire result string.
-
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::append):
-        (JSC::StringBuilder::reserveCapacity):
-
-2010-08-23  Jian Li  <jianli@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        Handle blob resource.
-        https://bugs.webkit.org/show_bug.cgi?id=43941
-
-        * JavaScriptCore.exp: Add an export that is neede by BlobResourceHandle.
-
-2010-08-19  Andreas Kling  <andreas.kling@nokia.com>
-
-        Reviewed by Geoffrey Garen.
-
-        JSC: Move the static_cast into to(U)Int32 fast case
-        https://bugs.webkit.org/show_bug.cgi?id=44037
-
-        Do the static_cast<(u)int32_t> inline to avoid the function call overhead
-        for easily converted values (within (u)int32_t range.)
-
-        * runtime/JSValue.cpp:
-        (JSC::toInt32SlowCase):
-        (JSC::toUInt32SlowCase):
-        * runtime/JSValue.h:
-        (JSC::JSValue::toInt32):
-        (JSC::JSValue::toUInt32):
-
-2010-08-18  Andreas Kling  <andreas.kling@nokia.com>
-
-        Reviewed by Geoffrey Garen.
-
-        REGRESSION(r58469): Math.pow() always returns double-backed JSValue which is extremely slow as array subscript
-        https://bugs.webkit.org/show_bug.cgi?id=43742
-
-        Add codegen for pow() to return Int32 values when possible.
-
-        * jit/ThunkGenerators.cpp:
-        (JSC::powThunkGenerator):
-
-2010-08-18  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        The JITStackFrame is wrong using Thumb-2 JIT with JSVALUE32_64
-        https://bugs.webkit.org/show_bug.cgi?id=43897
-
-        A 64 bits wide member in a structure is aligned to 8 bytes on ARM by
-        default, but this is not taken into account in the offset defines of
-        JITStackFrame.
-
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-
-2010-08-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        Rename UString::substr to substringSharingImpl, add to WTF::String.
-        Now WTF::String can do everything that JSC::UString can do!
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::escapeQuotes):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::substitute):
-        * parser/SourceProvider.h:
-        (JSC::UStringSourceProvider::getRange):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::insertSemicolonIfNeeded):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt):
-        * runtime/JSONObject.cpp:
-        (JSC::gap):
-        (JSC::Stringifier::indent):
-        (JSC::Stringifier::unindent):
-        * runtime/JSString.cpp:
-        (JSC::JSString::replaceCharacter):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::trimString):
-        * runtime/UString.cpp:
-        (JSC::UString::substringSharingImpl):
-        * runtime/UString.h:
-        * wtf/text/WTFString.cpp:
-        (WTF::String::substringSharingImpl):
-        * wtf/text/WTFString.h:
-
-2010-08-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-08-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-08-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 44146 - Remove toDouble/toUInt32 methods from UString.
-
-        These methods all implement JavaScript language specific behaviour, and as such
-        are not suited to being on a generic string object.  They are also inefficient
-        and incorrectly used, refactor & cleanup.  Uses of these methods really divide
-        out into two cases.
-
-        ToNumber:
-        Uses of toDouble from JSString and from parseFloat are implementing ecma's
-        ToNumber conversion from strings (see ecma-262 9.3.1), so UString::toDouble
-        should largely just be moved out to a global jsToNumber function.  ToNumber is
-        capable of recognizing either decimal or hexadecimal numbers, but parseFloat
-        should only recognize decimal values.  This is currently handled by testing for
-        hexadecimal before calling toDouble, which should unnecessary - instead we can
-        just split out the two parts to the grammar into separate functions. Also,
-        strtod recognizes a set of literals (nan, inf, and infinity - all with any
-        capitalization) - which are not defined by any of the specs we are implementing.
-        To handle this we need to perform additional work in toDouble to convert the
-        unsupported cases of infinities back to NaNs.  Instead we should simply remove
-        support for this literals from strtod.  This should provide a more desirable
-        behaviour for all clients of strtod.
-
-        Indexed properties:
-        Uses of the toStrictUInt32 methods are were all converting property names to
-        indices, and all uses of toUInt32 were incorrect; in all cases we should have
-        been calling toUInt32.  This error results in some incorrect behaviour in the
-        DOM (accessing property "0 " of a NodeList should fail; it currently does not).
-        Move this method onto Identifier (our canonical property name), and make it
-        always perform a strict conversion. Add a layout test to check NodeList does
-        convert indexed property names correctly.
-
-        * JavaScriptCore.exp:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::toUInt32):
-        * runtime/Identifier.h:
-        (JSC::Identifier::toUInt32):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::deleteProperty):
-        * runtime/JSArray.h:
-        (JSC::Identifier::toArrayIndex):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertySlot):
-        (JSC::JSByteArray::getOwnPropertyDescriptor):
-        (JSC::JSByteArray::put):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::isInfinity):
-        (JSC::jsHexIntegerLiteral):
-        (JSC::jsStrDecimalLiteral):
-        (JSC::jsToNumber):
-        (JSC::parseFloat):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::getPrimitiveNumber):
-        (JSC::JSString::toNumber):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSC::JSString::getStringPropertySlot):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::put):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::deleteProperty):
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-        * wtf/dtoa.cpp:
-        (WTF::strtod):
-
-2010-08-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 44099 - REGRESSION(r65468): Crashes in StringImpl::find
-
-        Bug 44080 introuduced a couple of cases in which array bounds could be overrun.
-        One of these was fixed in r65493, this patch fixes the other and address the
-        concerns voiced in comment #6 by restructuring the loops to remove the code
-        dupliction without introducing an additional if check.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::find):
-        (WTF::StringImpl::findIgnoringCase):
-        (WTF::StringImpl::reverseFind):
-        (WTF::StringImpl::reverseFindIgnoringCase):
-
-2010-08-17  No'am Rosenthal  <noam.rosenthal@nokia.com>
-
-        Reviewed by Ariya Hidayat.
-
-        [Qt] Move the accelerated compositing build flag to the right place
-        https://bugs.webkit.org/show_bug.cgi?id=43882
-
-        * wtf/Platform.h:
-
-2010-08-17  Yuta Kitamura  <yutak@chromium.org>
-
-        Reviewed by Shinichiro Hamaji.
-
-        Avoid uninitialized memory read in StringImpl::find().
-
-        REGRESSION(r65468): Crashes in StringImpl::find
-        https://bugs.webkit.org/show_bug.cgi?id=44099
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::find):
-
-2010-08-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig
-
-        Add VectorTraits to String & DefaultHash traits to UString to unify behaviour.
-
-        * runtime/UString.h:
-        (JSC::UStringHash::hash):
-        (JSC::UStringHash::equal):
-        (WTF::):
-        * wtf/text/WTFString.h:
-        (WTF::):
-
-2010-08-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig
-
-        Remove unnecessary includes from UString.h, add new includes as necessary.
-
-        * profiler/CallIdentifier.h:
-        * profiler/ProfileNode.h:
-        * runtime/DateConversion.cpp:
-        * runtime/Identifier.h:
-        (JSC::IdentifierRepHash::hash):
-        * runtime/RegExpCache.h:
-        * runtime/RegExpKey.h:
-        * runtime/UString.cpp:
-        (JSC::UString::substr):
-        * runtime/UString.h:
-        * wtf/text/WTFString.h:
-
-2010-08-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Bug 44080 - String find/reverseFind methods need tidying up
-        These methods have a couple of problems with their interface, and implementation.
-
-        These methods take and int index, and return an int - however this is problematic
-        since on 64-bit string indices may have a full 32-bit range.  This spills out into
-        surrounding code, which unsafely casts string indices from unsigned to int. Code
-        checking the result of these methods check for a mix of "== -1", "< 0", and
-        "== notFound".  Clean this up by changing these methods to take an unsigned
-        starting index, and return a size_t. with a failed match indicated by notFound.
-        reverseFind also has a special meaning for the starting index argument, in that a
-        negative index is interpreted as an offset back from the end of the string. Remove
-        this functionality, in the (1!) case where it is used we should just calculate the
-        offset by subtracting from the string's length.
-
-        The implementation has a few problems too.  The code is not in webkit style, in
-        using assorted abbreviations in variable names, and implementations of similar
-        find methods with differing argument types were unnecessarily inconsistent. When
-        find is passed const char* data the string would be handled as latin1 (zero
-        extended to UTF-16) for all characters but the first; this is sign extended.
-        Case-insensitive find is broken for unicode strings; the hashing optimization is
-        not unicode safe, and could result in false negatives.
-
-        Unify UString find methods to match String.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::escapeQuotes):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::substitute):
-        * runtime/JSString.cpp:
-        (JSC::JSString::replaceCharacter):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * runtime/RegExpKey.h:
-        (JSC::RegExpKey::getFlagsValue):
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-        (JSC::substituteBackreferences):
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncSplit):
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-        (JSC::UString::find):
-        (JSC::UString::reverseFind):
-        * wtf/text/AtomicString.h:
-        (WTF::AtomicString::find):
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::find):
-        (WTF::StringImpl::findCaseInsensitive):
-        (WTF::StringImpl::reverseFind):
-        (WTF::StringImpl::reverseFindCaseInsensitive):
-        (WTF::StringImpl::endsWith):
-        (WTF::StringImpl::replace):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::startsWith):
-        * wtf/text/WTFString.cpp:
-        (WTF::String::split):
-        * wtf/text/WTFString.h:
-        (WTF::String::find):
-        (WTF::String::reverseFind):
-        (WTF::String::findCaseInsensitive):
-        (WTF::String::reverseFindCaseInsensitive):
-        (WTF::String::contains):
-        (WTF::find):
-        (WTF::reverseFind):
-
-2010-08-16  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix, do not build WebCore as a convenience library as this leads to
-        errors in the Win build w/export symbols and causes problems with DOM bindings
-        debugging in gdb. 
-
-        * wscript:
-
-2010-08-16  Leandro Pereira  <leandro@profusion.mobi>
-
-        [EFL] Build fix after r65366.
-
-        * CMakeLists.txt: Use if (VAR) instead of if (${VAR}) to check if
-        they're empty.
-        * jsc/CMakeLists.txt: Ditto.
-        * wtf/CMakeLists.txt: Ditto.
-
-2010-08-15  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix, don't build intermediate source in DerivedSources dir.
-
-        * wscript:
-
-2010-08-14  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [CMake] Add preprocessor detection for generator scripts
-        https://bugs.webkit.org/show_bug.cgi?id=43984
-
-        * CMakeLists.txt:
-
-2010-08-14  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [CMake] Set target properties only if available
-        https://bugs.webkit.org/show_bug.cgi?id=43978
-
-        * CMakeLists.txt:
-        * jsc/CMakeLists.txt:
-        * wtf/CMakeLists.txt:
-
-2010-08-13  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix, add CString to the list of forwards.
-
-        * wtf/Forward.h:
-
-2010-08-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-        Switch String::/UString::ascii() to return a CString.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::dumpCaller):
-        * jsc.cpp:
-        (runWithScripts):
-        (runInteractive):
-        * runtime/Identifier.h:
-        (JSC::Identifier::ascii):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/UString.cpp:
-        (JSC::UString::ascii):
-        (JSC::UString::latin1):
-        * runtime/UString.h:
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::asciiOLD):
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.cpp:
-        (WTF::String::ascii):
-        (WTF::String::latin1):
-        * wtf/text/WTFString.h:
-
-2010-08-13  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Avoid increasing required alignment of target type warning on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=38045
-
-        The reinterpret_cast<Type1*>([pointer to Type2]) expressions - where
-        sizeof(Type1) > sizeof(Type2) - cause the following warning on ARM:
-        increases required alignment of target type warnings.
-        Casting the type of [pointer to Type2] object to void* bypasses the
-        warning.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::putShortUnchecked):
-        (JSC::AssemblerBuffer::putIntUnchecked):
-        (JSC::AssemblerBuffer::putInt64Unchecked):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::grow):
-        * jit/JITStubs.cpp:
-        * pcre/pcre_compile.cpp:
-        (jsRegExpCompile):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::increaseVectorPrefixLength):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        * wtf/FastMalloc.cpp:
-        (WTF::PageHeapAllocator::New):
-        (WTF::TCMalloc_Central_FreeList::Populate):
-        * wtf/MD5.cpp:
-        (WTF::reverseBytes):
-        (WTF::MD5::addBytes):
-        (WTF::MD5::checksum):
-        * wtf/StdLibExtras.h:
-        (isPointerTypeAlignmentOkay):
-        (reinterpret_cast_ptr):
-        * wtf/Vector.h:
-        (WTF::VectorBuffer::inlineBuffer):
-        * wtf/qt/StringQt.cpp:
-        (WTF::String::String):
-
-2010-08-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Unify UString::UTF8String() & String::utf8() methods,
-        remove UString::cost() & make atArrayIndex a free function.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::constantName):
-        (JSC::idName):
-        (JSC::CodeBlock::registerName):
-        (JSC::regexpName):
-        (JSC::printGlobalResolveInfo):
-        (JSC::printStructureStubInfo):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (runInteractive):
-        (fillBufferWithContentsOfFile):
-        * pcre/pcre_exec.cpp:
-        (Histogram::~Histogram):
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::c_str):
-        * profiler/Profile.cpp:
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::debugPrintData):
-        (JSC::ProfileNode::debugPrintDataSampleStyle):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        * runtime/DateConversion.cpp:
-        (JSC::parseDate):
-        * runtime/Identifier.h:
-        (JSC::Identifier::toStrictUInt32):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::deleteProperty):
-        * runtime/JSArray.h:
-        (JSC::toArrayIndex):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::parseInt):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        * runtime/UString.cpp:
-        (JSC::UString::toDouble):
-        (JSC::putUTF8Triple):
-        (JSC::UString::utf8):
-        * runtime/UString.h:
-        (JSC::UString::~UString):
-        (JSC::UString::isNull):
-        (JSC::UString::isEmpty):
-        (JSC::UString::impl):
-        * wtf/text/WTFString.cpp:
-        (WTF::String::utf8):
-        * wtf/text/WTFString.h:
-        (WTF::String::~String):
-        (WTF::String::swap):
-        (WTF::String::isNull):
-        (WTF::String::isEmpty):
-        (WTF::String::impl):
-        (WTF::String::length):
-        (WTF::String::String):
-        (WTF::String::isHashTableDeletedValue):
-
-2010-08-12  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Refactoring the fpu code generator for the ARM port
-        https://bugs.webkit.org/show_bug.cgi?id=43842
-
-        Support up to 32 double precision registers, and the
-        recent VFP instruction formats. This patch is mainly
-        a style change which keeps the current functionality.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMRegisters::):
-        (JSC::ARMAssembler::):
-        (JSC::ARMAssembler::emitInst):
-        (JSC::ARMAssembler::emitDoublePrecisionInst):
-        (JSC::ARMAssembler::emitSinglePrecisionInst):
-        (JSC::ARMAssembler::vadd_f64_r):
-        (JSC::ARMAssembler::vdiv_f64_r):
-        (JSC::ARMAssembler::vsub_f64_r):
-        (JSC::ARMAssembler::vmul_f64_r):
-        (JSC::ARMAssembler::vcmp_f64_r):
-        (JSC::ARMAssembler::vsqrt_f64_r):
-        (JSC::ARMAssembler::vmov_vfp_r):
-        (JSC::ARMAssembler::vmov_arm_r):
-        (JSC::ARMAssembler::vcvt_f64_s32_r):
-        (JSC::ARMAssembler::vcvt_s32_f64_r):
-        (JSC::ARMAssembler::vmrs_apsr):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::addDouble):
-        (JSC::MacroAssemblerARM::divDouble):
-        (JSC::MacroAssemblerARM::subDouble):
-        (JSC::MacroAssemblerARM::mulDouble):
-        (JSC::MacroAssemblerARM::sqrtDouble):
-        (JSC::MacroAssemblerARM::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM::branchDouble):
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
-
-2010-08-12  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r65295.
-        http://trac.webkit.org/changeset/65295
-        https://bugs.webkit.org/show_bug.cgi?id=43950
-
-        It broke 4 sputnik tests (Requested by Ossy on #webkit).
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::constantName):
-        (JSC::idName):
-        (JSC::CodeBlock::registerName):
-        (JSC::regexpName):
-        (JSC::printGlobalResolveInfo):
-        (JSC::printStructureStubInfo):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (runInteractive):
-        (fillBufferWithContentsOfFile):
-        * pcre/pcre_exec.cpp:
-        (Histogram::~Histogram):
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::c_str):
-        * profiler/Profile.cpp:
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::debugPrintData):
-        (JSC::ProfileNode::debugPrintDataSampleStyle):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        * runtime/DateConversion.cpp:
-        (JSC::parseDate):
-        * runtime/Identifier.h:
-        (JSC::Identifier::Identifier):
-        (JSC::Identifier::toArrayIndex):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::deleteProperty):
-        * runtime/JSArray.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::parseInt):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        * runtime/UString.cpp:
-        (JSC::UString::toDouble):
-        (JSC::UString::UTF8String):
-        * runtime/UString.h:
-        (JSC::UString::isNull):
-        (JSC::UString::isEmpty):
-        (JSC::UString::impl):
-        (JSC::UString::cost):
-        (JSC::UString::~UString):
-        (JSC::UString::toArrayIndex):
-        * wtf/text/WTFString.cpp:
-        (WTF::String::utf8):
-        * wtf/text/WTFString.h:
-        (WTF::String::String):
-        (WTF::String::isHashTableDeletedValue):
-        (WTF::String::length):
-        (WTF::String::operator[]):
-        (WTF::String::isNull):
-        (WTF::String::isEmpty):
-        (WTF::String::impl):
-
-2010-08-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Unify UString::UTF8String() & String::utf8() methods,
-        remove UString::cost() & make atArrayIndex a free function.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::constantName):
-        (JSC::idName):
-        (JSC::CodeBlock::registerName):
-        (JSC::regexpName):
-        (JSC::printGlobalResolveInfo):
-        (JSC::printStructureStubInfo):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (runInteractive):
-        (fillBufferWithContentsOfFile):
-        * pcre/pcre_exec.cpp:
-        (Histogram::~Histogram):
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::c_str):
-        * profiler/Profile.cpp:
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::debugPrintData):
-        (JSC::ProfileNode::debugPrintDataSampleStyle):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        * runtime/DateConversion.cpp:
-        (JSC::parseDate):
-        * runtime/Identifier.h:
-        (JSC::Identifier::toStrictUInt32):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::deleteProperty):
-        * runtime/JSArray.h:
-        (JSC::toArrayIndex):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::parseInt):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        * runtime/UString.cpp:
-        (JSC::UString::toDouble):
-        (JSC::putUTF8Triple):
-        (JSC::UString::utf8):
-        * runtime/UString.h:
-        (JSC::UString::~UString):
-        (JSC::UString::isNull):
-        (JSC::UString::isEmpty):
-        (JSC::UString::impl):
-        * wtf/text/WTFString.cpp:
-        (WTF::String::utf8):
-        * wtf/text/WTFString.h:
-        (WTF::String::~String):
-        (WTF::String::swap):
-        (WTF::String::isNull):
-        (WTF::String::isEmpty):
-        (WTF::String::impl):
-        (WTF::String::length):
-        (WTF::String::String):
-        (WTF::String::isHashTableDeletedValue):
-
-2010-08-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Eeerk! - revert accidentally committed changes in UString!
-
-        * JavaScriptCore.exp:
-        * runtime/UString.cpp:
-        (JSC::UString::UString):
-        * runtime/UString.h:
-
-2010-08-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Change UString constructors to match those in WTF::String.
-        This changes behaviour of UString((char*)0) to create null
-        strings, akin to UString() rather than UString::empty().
-        (This matches String).  Remove unused constructors from
-        UString, and add null-terminated UTF-16 constructor, to
-        match String.  Move String's constructor into the .cpp to
-        match UString.
-
-        * JavaScriptCore.exp:
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::calculatedFunctionName):
-        * runtime/RegExpKey.h:
-        (JSC::RegExpKey::RegExpKey):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::createSingleCharacterString):
-        * runtime/UString.cpp:
-        (JSC::UString::UString):
-        * runtime/UString.h:
-        (JSC::UString::UString):
-        (JSC::UString::swap):
-        (JSC::UString::adopt):
-        (JSC::UString::operator[]):
-        * wtf/text/WTFString.h:
-        (WTF::String::String):
-        (WTF::String::adopt):
-        (WTF::String::operator[]):
-
-2010-08-12  David Levin  <levin@chromium.org>
-
-        Reviewed by NOBODY (build fix).
-
-        * runtime/UString.h: Removed unneccessary #include.
-
-2010-08-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Revert changes to ALWAYS_INLINEness of a couple of functions in UString.
-        This appears to have degraded performance.
-
-        * runtime/UString.cpp:
-        (JSC::UString::ascii):
-        * runtime/UString.h:
-        (JSC::UString::length):
-        (JSC::UString::isEmpty):
-        (JSC::UString::~UString):
-
-2010-08-12  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Antonio Gomes.
-
-        [Qt] Fix warnings: unknown conversion type character 'l' in format
-        https://bugs.webkit.org/show_bug.cgi?id=43359
-
-        Qt port doesn't call any printf in String::format(...), consequently
-        using __attribute__((format(printf,m,n))) is incorrect and causes
-        false positive warnings on Windows if you build with MinGW.
-
-        Qt port calls QString::vsprintf(...) , which is platform
-        independent, and handles %lli, %llu and %llx on all platforms.
-        (http://trac.webkit.org/changeset/35712)
-
-        * wtf/text/WTFString.h:
-
-2010-08-12  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix the array subscript is above array bounds warning in ByteArray on ARM.
-        https://bugs.webkit.org/show_bug.cgi?id=43358
-
-        The warning is very similar to this one: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=37861
-
-        * wtf/ByteArray.cpp:
-        (WTF::ByteArray::create):
-
-2010-08-12  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Use GSettings to save/restore Web Inspector settings
-        https://bugs.webkit.org/show_bug.cgi?id=43512
-
-        * wtf/gobject/GRefPtr.cpp: Added support for GVariant, used by our
-        GSettings support.
-        (WTF::refGPtr):
-        (WTF::derefGPtr):
-        * wtf/gobject/GRefPtr.h:
-
-2010-08-12  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Simon Hausmann.
-
-        The scratch register should be saved in YARR with ARM JIT
-        https://bugs.webkit.org/show_bug.cgi?id=43910
-
-        Reported by Jocelyn Turcotte.
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateEnter):
-        (JSC::Yarr::RegexGenerator::generateReturn):
-
-2010-08-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Forward.h:
-
-2010-08-11  Leo Yang  <leo.yang@torchmobile.com.cn>
-
-        Reviewed by Geoffrey Garen.
-
-        Date("") should be an invalid date. For IE, Firefox and Chrome, Date("") is invalid date,
-        which means isNaN(new Date("")) should return true.
-        https://bugs.webkit.org/show_bug.cgi?id=43793
-        Tests: fast/js/date-constructor.html
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::resetDateCache):
-
-2010-08-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows & !JIT build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-
-2010-08-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamp by sam weinig
-
-        Touch a file to stop the bot rolling a bit change out!
-
-        * runtime/UString.cpp:
-        (JSC::UString::ascii):
-
-2010-08-11  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix for wx and WebDOM bindings, add CString classes to the list of forwards.
-
-        * wtf/Forward.h:
-
-2010-08-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamps by Darin Adler & Sam Weinig.
-
-        Bug 43867 - Some UString cleanup
-
-        Change JSC::UString data(), size(), and from(), to characters(), length(), and number() to match WTF::String.
-        Move string concatenation methods to a new header to simplify down UString.h.  Remove is8Bit().
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClass::className):
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::create):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::constantName):
-        (JSC::idName):
-        (JSC::CodeBlock::registerName):
-        (JSC::regexpName):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::processClauseList):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createRegex):
-        * parser/ParserArena.h:
-        (JSC::IdentifierArena::makeNumericIdentifier):
-        * parser/SourceProvider.h:
-        (JSC::UStringSourceProvider::data):
-        (JSC::UStringSourceProvider::length):
-        * profiler/Profiler.cpp:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyNames):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        * runtime/ExceptionHelpers.cpp:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::insertSemicolonIfNeeded):
-        * runtime/Identifier.h:
-        (JSC::Identifier::characters):
-        (JSC::Identifier::length):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::decode):
-        (JSC::parseInt):
-        (JSC::parseFloat):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        * runtime/JSNumberCell.cpp:
-        (JSC::JSNumberCell::toString):
-        * runtime/JSONObject.cpp:
-        (JSC::gap):
-        (JSC::Stringifier::appendQuotedString):
-        (JSC::Stringifier::appendStringifiedValue):
-        (JSC::Stringifier::indent):
-        (JSC::Stringifier::unindent):
-        (JSC::Walker::walk):
-        * runtime/JSString.cpp:
-        (JSC::JSString::replaceCharacter):
-        (JSC::JSString::getIndexSlowCase):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
-        (JSC::RopeBuilder::fiberCount):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsNontrivialString):
-        (JSC::JSString::getIndex):
-        (JSC::jsString):
-        (JSC::jsStringWithFinalizer):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString):
-        * runtime/JSStringBuilder.h:
-        (JSC::JSStringBuilder::append):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::Lexer::Lexer):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/NumericStrings.h:
-        (JSC::NumericStrings::add):
-        (JSC::NumericStrings::lookupSmallString):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getRightContext):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::append):
-        * runtime/StringConcatenate.h: Copied from JavaScriptCore/runtime/UString.h.
-        (JSC::):
-        (JSC::sumWithOverflow):
-        (JSC::tryMakeString):
-        (JSC::makeString):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertyNames):
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-        (JSC::localeCompare):
-        (JSC::jsSpliceSubstringsWithSeparators):
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncLink):
-        (JSC::trimString):
-        * runtime/UString.cpp:
-        (JSC::UString::number):
-        (JSC::UString::ascii):
-        (JSC::UString::operator[]):
-        (JSC::UString::toDouble):
-        (JSC::UString::find):
-        (JSC::UString::rfind):
-        (JSC::UString::substr):
-        (JSC::operator==):
-        (JSC::operator<):
-        (JSC::operator>):
-        (JSC::UString::UTF8String):
-        * runtime/UString.h:
-        (JSC::UString::UString):
-        (JSC::UString::adopt):
-        (JSC::UString::length):
-        (JSC::UString::characters):
-        (JSC::UString::isNull):
-        (JSC::UString::isEmpty):
-        (JSC::UString::impl):
-        (JSC::UString::cost):
-        (JSC::operator==):
-        (JSC::operator!=):
-        (JSC::codePointCompare):
-        (JSC::UString::toArrayIndex):
-        (JSC::IdentifierRepHash::hash):
-        (WTF::):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexParser.h:
-        (JSC::Yarr::Parser::Parser):
-
-2010-08-11  Gabor Loki  <loki@webkit.org>
-
-        Qt build fix (ARMv7).
-
-        Fix invalid conversion from int to Condition.
-        Add ARMv7Assembler.cpp to JavaScriptCore.pro.
-
-        * JavaScriptCore.pro:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::):
-        (JSC::ARMv7Assembler::JmpSrc::JmpSrc):
-
-2010-08-11  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        At collection time, we frequently want to mark a cell, while checking
-        whether it was originally checked.  Previously, this was a get
-        operation follwed by a set operation.  Fusing the two saves
-        computation and gives a 0.5% sunspider speedup.
-
-        * runtime/Collector.h:
-        (JSC::CollectorBitmap::getset):
-        (JSC::Heap::checkMarkCell):
-        * runtime/JSArray.h:
-        (JSC::MarkStack::drain):
-        * runtime/JSCell.h:
-        (JSC::MarkStack::append):
-
-2010-08-11  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Improve vsprops copying for Windows build
-        https://bugs.webkit.org/show_bug.cgi?id=41982
-
-        When we detect a new SDK, always copy a new set of vsprops files.
-        Previously, if someone updated their SDK after updating their sources,
-        they could end up with out-of-date vsprops files.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2010-08-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add leakRef and clear to all RefPtr variants
-        https://bugs.webkit.org/show_bug.cgi?id=42389
-
-        * API/JSRetainPtr.h: Changed all uses of "template <...>" to instead do
-        "template<...>". We should probably put this in the style guide and do it
-        consitently. Fixed other minor style issues. Defined many of the inlined
-        functions outside the class definition, to avoid style checker warnings
-        about multiple statements on a single line and for slightly better clarity
-        of the class definition itself. Renamed releaseRef to leakRef. Added a
-        releaseRef that calls leakRef so we don't have to rename all callers oat
-        once. Added a clear function.
-
-        * wtf/PassRefPtr.h: Changed all uses of releaseRef to leakRef.
-n
-        * wtf/RefPtr.h: Changed all uses of "template <...>" to instead do
-        "template<...>". Tidied up declarations and comments a bit.
-         Changed all uses of releaseRef to leakRef.
-
-        * wtf/RetainPtr.h: Changed all uses of "template <...>" to instead do
-        "template<...>". Defined many of the inlined functions outside the class
-        definition, to avoid style checker warnings about multiple statements on
-        a single line and for slightly better clarity of the class definition itself.
-        Renamed releaseRef to leakRef. Added a releaseRef that calls leakRef so we
-        don't have to rename all callers at once. Added a clear function.
-
-2010-08-10  Dumitru Daniliuc  <dumi@chromium.org>
-
-        Unreviewed, reverting an unintentional change to a file submitted in r65108.
-
-        * bytecode/CodeBlock.h:
-        (JSC::binaryChop):
-
-2010-08-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig
-
-        Bug 43817 - Remove UString::Rep
-        UString::Rep has for a long time been replaced by UStringImpl (Rep
-        remaining as a typedef).  UStringImpl has since been removed too
-        (unified with StringImpl). Remove Rep, rename rep() to impl() and
-        m_rep to m_impl.  Also add impl() method to Identifier, and rename
-        its UString member from _ustring to m_string.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::deletePrivateProperty):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::getOwnPropertyNames):
-        (JSC::::staticValueGetter):
-        (JSC::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (tryCreateStringFromUTF8):
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        * API/JSClassRef.h:
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::ustring):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::offsetForValue):
-        (JSC::StringJumpTable::ctiForValue):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addParameter):
-        (JSC::BytecodeGenerator::registerFor):
-        (JSC::BytecodeGenerator::willResolveToArguments):
-        (JSC::BytecodeGenerator::uncheckedRegisterForArguments):
-        (JSC::BytecodeGenerator::constRegisterFor):
-        (JSC::BytecodeGenerator::isLocal):
-        (JSC::BytecodeGenerator::isLocalConstant):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::findScopedProperty):
-        (JSC::keyForCharacterSwitch):
-        (JSC::prepareJumpTableForStringSwitch):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::processClauseList):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseStrictObjectLiteral):
-        * pcre/pcre_exec.cpp:
-        (Histogram::add):
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::Hash::hash):
-        * profiler/Profile.cpp:
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::debugPrintDataSampleStyle):
-        * profiler/ProfileNode.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::equal):
-        (JSC::IdentifierCStringTranslator::hash):
-        (JSC::IdentifierCStringTranslator::equal):
-        (JSC::IdentifierCStringTranslator::translate):
-        (JSC::Identifier::add):
-        (JSC::IdentifierUCharBufferTranslator::hash):
-        (JSC::IdentifierUCharBufferTranslator::equal):
-        (JSC::IdentifierUCharBufferTranslator::translate):
-        (JSC::Identifier::addSlowCase):
-        * runtime/Identifier.h:
-        (JSC::Identifier::Identifier):
-        (JSC::Identifier::ustring):
-        (JSC::Identifier::impl):
-        (JSC::Identifier::data):
-        (JSC::Identifier::size):
-        (JSC::Identifier::ascii):
-        (JSC::Identifier::isNull):
-        (JSC::Identifier::isEmpty):
-        (JSC::Identifier::toUInt32):
-        (JSC::Identifier::toStrictUInt32):
-        (JSC::Identifier::toArrayIndex):
-        (JSC::Identifier::toDouble):
-        (JSC::Identifier::equal):
-        (JSC::Identifier::add):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::displayName):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::displayName):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::addStaticGlobals):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        * runtime/JSString.h:
-        (JSC::):
-        (JSC::RopeBuilder::appendStringInConstruct):
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsSubstring):
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::deleteProperty):
-        (JSC::JSVariableObject::symbolTableGet):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::symbolTableGet):
-        (JSC::JSVariableObject::symbolTablePut):
-        (JSC::JSVariableObject::symbolTablePutWithAttributes):
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable):
-        (JSC::HashTable::deleteTable):
-        * runtime/Lookup.h:
-        (JSC::HashEntry::initialize):
-        (JSC::HashEntry::setKey):
-        (JSC::HashEntry::key):
-        (JSC::HashTable::entry):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArray::add):
-        (JSC::PropertyNameArray::addKnownUnique):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::create):
-        * runtime/RegExpKey.h:
-        (JSC::RegExpKey::RegExpKey):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::rep):
-        (JSC::SmallStrings::singleCharacterStringRep):
-        * runtime/SmallStrings.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        * runtime/Structure.cpp:
-        (JSC::Structure::~Structure):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::put):
-        (JSC::Structure::hasTransition):
-        (JSC::Structure::remove):
-        (JSC::Structure::checkConsistency):
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-        (JSC::Structure::hasTransition):
-        * runtime/StructureTransitionTable.h:
-        * runtime/SymbolTable.h:
-        * runtime/UString.cpp:
-        (JSC::UString::UString):
-        (JSC::UString::toStrictUInt32):
-        (JSC::UString::substr):
-        * runtime/UString.h:
-        (JSC::UString::UString):
-        (JSC::UString::adopt):
-        (JSC::UString::data):
-        (JSC::UString::size):
-        (JSC::UString::isNull):
-        (JSC::UString::isEmpty):
-        (JSC::UString::impl):
-        (JSC::UString::cost):
-        (JSC::operator==):
-        (JSC::codePointCompare):
-        (JSC::IdentifierRepHash::hash):
-        (WTF::):
-
-2010-08-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Bug 43816 - Remove UStringImpl
-        The class was actually removed a long time ago, replaced by StringImpl.
-        UStringImpl is just a typedef onto StringImpl.  Remove this.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::replaceCharacter):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::RopeIterator::operator*):
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::appendStringInConstruct):
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsSubstring):
-        * runtime/JSStringBuilder.h:
-        (JSC::jsMakeNontrivialString):
-        * runtime/RopeImpl.cpp:
-        (JSC::RopeImpl::derefFibersNonRecursive):
-        * runtime/RopeImpl.h:
-        (JSC::RopeImpl::deref):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::SmallStringsStorage):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncLink):
-        * runtime/UString.cpp:
-        (JSC::initializeUString):
-        * runtime/UString.h:
-        (JSC::UString::adopt):
-        (JSC::tryMakeString):
-        (JSC::makeString):
-        * runtime/UStringImpl.h: Removed.
-
-2010-08-10  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Eric Seidel.
-
-        Make FastMalloc more portable.
-        https://bugs.webkit.org/show_bug.cgi?id=41790
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_Central_FreeList::Populate):
-        (WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
-
-2010-08-10  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by David Levin.
-
-        [WINCE] Buildfix for CE 6.0
-        https://bugs.webkit.org/show_bug.cgi?id=43027
-
-        CE 6.0 doesn't define localtime in the system include files.
-
-        * wtf/Platform.h: Include ce_time.h on all OS(WINCE).
-
-2010-08-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        Bug 43786 - Move AtomicStringHash from WebCore to WTF
-        Also remove deprecated string headers from WebCore/platform/text.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/AtomicString.h:
-        * wtf/text/AtomicStringHash.h: Copied from WebCore/platform/text/AtomicStringHash.h.
-
-2010-08-09  Oliver Hunt  <oliver@apple.com>
-
-        Fix Qt/ARM again, this time including the other changed file.
-
-        * jit/JIT.h:
-
-2010-08-09  Oliver Hunt  <oliver@apple.com>
-
-        Fix Qt/ARM
-
-        C++ overload resolution I stab at thee
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::beginUninterruptedSequence):
-        (JSC::JIT::endUninterruptedSequence):
-
-2010-08-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Allow an assembler/macroassembler to compact branches to more concise forms when linking
-        https://bugs.webkit.org/show_bug.cgi?id=43745
-
-        This patch makes it possible for an assembler to convert jumps into a different
-        (presumably more efficient) form at link time.  Currently implemented in the
-        ARMv7 JIT as that already had logic to delay linking of jumps until the end of
-        compilation already.  The ARMv7 JIT chooses between either a 4 byte short jump
-        or a full 32-bit offset (and rewrites ITTT instructions as appropriate), so does
-        not yet produce the most compact form possible.  The general design of the linker
-        should make it relatively simple to introduce new branch types with little effort,
-        as the linker has no knowledge of the exact form of any of the branches.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMv7Assembler.cpp: Added.
-        (JSC::):
-          Record jump sizes
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::LinkRecord::LinkRecord):
-        (JSC::ARMv7Assembler::LinkRecord::from):
-        (JSC::ARMv7Assembler::LinkRecord::setFrom):
-        (JSC::ARMv7Assembler::LinkRecord::to):
-        (JSC::ARMv7Assembler::LinkRecord::type):
-        (JSC::ARMv7Assembler::LinkRecord::linkType):
-        (JSC::ARMv7Assembler::LinkRecord::setLinkType):
-          Encapsulate LinkRecord fields so we can compress the values somewhat
-
-        (JSC::ARMv7Assembler::JmpSrc::JmpSrc):
-          Need to record the jump type now
-
-        (JSC::ARMv7Assembler::b):
-        (JSC::ARMv7Assembler::blx):
-        (JSC::ARMv7Assembler::bx):
-          Need to pass the jump types
-
-        (JSC::ARMv7Assembler::executableOffsetFor):
-        (JSC::ARMv7Assembler::jumpSizeDelta):
-        (JSC::ARMv7Assembler::linkRecordSourceComparator):
-        (JSC::ARMv7Assembler::computeJumpType):
-        (JSC::ARMv7Assembler::convertJumpTo):
-        (JSC::ARMv7Assembler::recordLinkOffsets):
-        (JSC::ARMv7Assembler::jumpsToLink):
-        (JSC::ARMv7Assembler::link):
-        (JSC::ARMv7Assembler::unlinkedCode):
-          Helper functions for the linker
-
-        (JSC::ARMv7Assembler::linkJump):
-        (JSC::ARMv7Assembler::canBeShortJump):
-        (JSC::ARMv7Assembler::linkLongJump):
-        (JSC::ARMv7Assembler::linkShortJump):
-        (JSC::ARMv7Assembler::linkJumpAbsolute):
-           Moving code around for the various jump linking functions
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
-        (JSC::AbstractMacroAssembler::endUninterruptedSequence):
-          We have to track uninterrupted sequences in any assembler that compacts
-          branches as that's not something we're allowed to do in such sequences.
-          AbstractMacroAssembler has a nop version of these functions as it makes the
-          code elsewhere nicer.
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::link):
-        (JSC::LinkBuffer::patch):
-        (JSC::LinkBuffer::locationOf):
-        (JSC::LinkBuffer::locationOfNearCall):
-        (JSC::LinkBuffer::returnAddressOffset):
-        (JSC::LinkBuffer::trampolineAt):
-          Updated these functions to adjust for any changed offsets in the linked code
-
-        (JSC::LinkBuffer::applyOffset):
-          A helper function to deal with the now potentially moved labels
-
-        (JSC::LinkBuffer::linkCode):
-          The new and mighty linker function
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::beginUninterruptedSequence):
-        (JSC::MacroAssemblerARMv7::endUninterruptedSequence):
-        (JSC::MacroAssemblerARMv7::jumpsToLink):
-        (JSC::MacroAssemblerARMv7::unlinkedCode):
-        (JSC::MacroAssemblerARMv7::computeJumpType):
-        (JSC::MacroAssemblerARMv7::convertJumpTo):
-        (JSC::MacroAssemblerARMv7::recordLinkOffsets):
-        (JSC::MacroAssemblerARMv7::jumpSizeDelta):
-        (JSC::MacroAssemblerARMv7::link):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::branchMul32):
-        (JSC::MacroAssemblerARMv7::breakpoint):
-        (JSC::MacroAssemblerARMv7::nearCall):
-        (JSC::MacroAssemblerARMv7::call):
-        (JSC::MacroAssemblerARMv7::ret):
-        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::executableOffsetFor):
-        (JSC::MacroAssemblerARMv7::inUninterruptedSequence):
-        (JSC::MacroAssemblerARMv7::makeJump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-           All branches need to pass on their type now
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::returnLastBytes):
-           We can't know ahead of time how much space will be necessary to
-           hold the linked code if we're compacting branches, this new
-           function allows us to return the unused bytes at the end of linking
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compile):
-           The JIT class now needs to take a linker offset so that recompilation
-           can generate the same jumps when using branch compaction.
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-          Update for new trampolineAt changes
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::):
-        * wtf/Platform.h:
-
-2010-08-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Qt build fix III.
-
-        * wtf/text/WTFString.h:
-
-2010-08-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Qt build fix.
-
-        * wtf/qt/StringQt.cpp:
-
-2010-08-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig
-
-        Bug 43594 - Add string forwards to Forward.h
-        This allows us to remove forward declarations for these classes from
-        WebCore/WebKit (a step in moving these class from WebCore:: to WTF::).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Forward.h:
-
-2010-08-07  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r64938.
-        http://trac.webkit.org/changeset/64938
-        https://bugs.webkit.org/show_bug.cgi?id=43685
-
-        Did not compile on several ports (Requested by abarth on
-        #webkit).
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::load32):
-        (JSC::MacroAssemblerX86::store32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::movl_mr):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::):
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::):
-        * jit/JIT.h:
-        * jit/JITMarkObjects.cpp: Removed.
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::setupPolymorphicProtoList):
-        * wtf/Platform.h:
-
-2010-08-07  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        The JIT code contains a number of direct references to GC'd objects.
-        When we have movable objects, these references will need to be
-        updated.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::int32AtLocation):
-        (JSC::AbstractMacroAssembler::pointerAtLocation):
-        (JSC::AbstractMacroAssembler::jumpTarget):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::loadPtrWithPatch):
-            Normally, loadPtr will optimize when the register is eax.  Since
-            the slightly smaller instruction changes the offsets, it messes up
-            our ability to repatch the code.  We added this new instruction
-            that garuntees a constant size.
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::load32WithPatch):
-            Changed load32 in the same way described above.
-        (JSC::MacroAssemblerX86::load32):
-            Moved the logic to optimize laod32 from movl_mr to load32
-        (JSC::MacroAssemblerX86::store32):
-            Moved the logic to optimize store32 from movl_rm to store32
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movl_rm):
-        (JSC::X86Assembler::movl_mr):
-        (JSC::X86Assembler::int32AtLocation):
-        (JSC::X86Assembler::pointerAtLocation):
-        (JSC::X86Assembler::jumpTarget):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/Instruction.h:
-            As described in StructureStubInfo.h, we needed to add additional
-            fields to both StructureStubInfo and
-            PolymorphicAccessStructureList so that we can determine the
-            structure of the JITed code at patch time.
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::markAggregate):
-            Added this function to mark the JITed code that correosponds to
-            this structure stub info.
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::):
-        * jit/JIT.h:
-        * jit/JITMarkObjects.cpp: Added.
-        (JSC::JIT::patchPrototypeStructureAddress):
-        (JSC::JIT::patchGetDirectOffset):
-        (JSC::JIT::markGetByIdProto):
-        (JSC::JIT::markGetByIdChain):
-        (JSC::JIT::markGetByIdProtoList):
-        (JSC::JIT::markPutByIdTransition):
-        (JSC::JIT::markGlobalObjectReference):
-        * jit/JITPropertyAccess.cpp:
-            Added asserts for the patch offsets.
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::setupPolymorphicProtoList):
-        * wtf/Platform.h:
-            Added ENABLE_MOVABLE_GC_OBJECTS flag
-
-2010-08-07  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Revert JSArray to point to the beginning of the contained ArrayStorage
-        struct.  This is described in
-        https://bugs.webkit.org/show_bug.cgi?id=43526.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::getNewVectorLength):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::increaseVectorPrefixLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::subclassData):
-        (JSC::JSArray::setSubclassData):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (JSC::JSArray::length):
-        (JSC::JSArray::canGetIndex):
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::markChildrenDirect):
-
-2010-08-07  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        Add ENABLE(YARR) guard around JSGlobalData::m_regexAllocator
-        https://bugs.webkit.org/show_bug.cgi?id=43399
-
-        m_regexAllocator is used only by RegExp::compile which is guarded with ENABLE(YARR).
-
-        * runtime/JSGlobalData.h:
-
-2010-08-07  Patrick Roland Gansterer  <paroga@paroga.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] Enable JIT on WinCE
-        https://bugs.webkit.org/show_bug.cgi?id=43303
-
-        Add ExtraCompiler for generating GeneratedJITStubs_MSVC.asm.
-
-        * DerivedSources.pro:
-
-2010-08-07  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Created a separate SimpleFontData constructor exclusively for SVG fonts and moved the CTFontRef
-        from SimpleFontData to FontPlatformData.
-        https://bugs.webkit.org/show_bug.cgi?id=43674
-
-        * wtf/Platform.h: Moved definitions of WTF_USE_CORE_TEXT and WTF_USE_ATSUI here from WebCore/config.h.
-
-2010-08-07  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Bitmap.h has no default constructor
-        https://bugs.webkit.org/show_bug.cgi?id=43619
-
-        Without a constructor, the initial bits of the Bitmap class
-        are undefinied. If only a few, or zero bits are 0, the memory
-        area provided by AlignedMemoryAllocator can be easly exhausted.
-
-        Csaba Osztrogonác helped to find this bug.
-
-        * wtf/Bitmap.h:
-        (WTF::::Bitmap):
-
-2010-08-06  Rafael Antognolli  <antognolli@profusion.mobi>
-
-        [EFL] Build fix.
-
-        * CMakeLists.txt: add runtime/CGHandle.cpp.
-
-2010-08-06  Jessie Berlin  <jberlin@apple.com>
-
-        Roll out http://trac.webkit.org/changeset/64801, which broke the Safari Windows Build.
-        Unreviewed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Forward.h:
-
-2010-08-06  Jessie Berlin  <jberlin@apple.com>
-
-        Windows Build Fix (continued). Unreviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-06  Jessie Berlin  <jberlin@apple.com>
-
-        Windows Build Fix. Unreviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Add GCHandle.h and GCHandle.cpp.
-
-2010-08-06  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=43207
-
-        WeakGCPtr's should instead of directly pointing to the GC'd object
-        should be directed to an array of pointers that can be updated for
-        movable objects.
-
-        * Android.mk:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Collector.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlock):
-        (JSC::Heap::updateWeakGCHandles):
-        (JSC::WeakGCHandlePool::update):
-        (JSC::Heap::addWeakGCHandle):
-        (JSC::Heap::markRoots):
-        * runtime/Collector.h:
-        (JSC::Heap::weakGCHandlePool):
-        * runtime/GCHandle.cpp: Added.
-        (JSC::WeakGCHandle::pool):
-        (JSC::WeakGCHandlePool::WeakGCHandlePool):
-        (JSC::WeakGCHandlePool::allocate):
-        (JSC::WeakGCHandlePool::free):
-        (JSC::WeakGCHandlePool::operator new):
-        * runtime/GCHandle.h: Added.
-        (JSC::WeakGCHandle::isValidPtr):
-        (JSC::WeakGCHandle::isPtr):
-        (JSC::WeakGCHandle::isNext):
-        (JSC::WeakGCHandle::invalidate):
-        (JSC::WeakGCHandle::get):
-        (JSC::WeakGCHandle::set):
-        (JSC::WeakGCHandle::getNextInFreeList):
-        (JSC::WeakGCHandle::setNextInFreeList):
-        (JSC::WeakGCHandlePool::isFull):
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::WeakGCPtr):
-        (JSC::WeakGCPtr::~WeakGCPtr):
-        (JSC::WeakGCPtr::get):
-        (JSC::WeakGCPtr::clear):
-        (JSC::WeakGCPtr::assign):
-        (JSC::get):
-
-2010-08-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Antonio Gomes.
-
-        [Qt] Fix warnings about difference in symbol visiblity on Mac OS X
-
-        * jsc.pro:
-
-2010-08-06  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Refactor identifier parsing in lexer
-        https://bugs.webkit.org/show_bug.cgi?id=41845
-
-        The code is refactored to avoid gotos. The new code
-        has the same performance as the old one.
-
-        SunSpider --parse-only: no change (from 34.0ms to 33.6ms)
-        SunSpider: no change (from 523.2ms to 523.5ms)
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdent):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-
-2010-08-06  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        The ARM JIT does not support JSValue32_64 with RVCT
-        https://bugs.webkit.org/show_bug.cgi?id=43411
-
-        JSValue32_64 is enabled for RVCT by default.
-
-        * create_jit_stubs:
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::ctiVMThrowTrampoline):
-        (JSC::ctiOpThrowNotCaught):
-        * wtf/Platform.h:
-
-2010-08-05  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Darin Adler.
-
-        Define WTF_USE_ARENA_ALLOC_ALIGNMENT_INTEGER for MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=43514
-
-        MIPS needs to define WTF_USE_ARENA_ALLOC_ALIGNMENT_INTEGER, so that
-        RenderArena::allocate() can return 8-byte aligned memory to avoid
-        exceptions on sdc1/ldc1.
-
-        * wtf/Platform.h:
-
-2010-08-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig
-
-        Bug 43594 - Add string forwards to Forward.h
-        This allows us to remove forward declarations for these classes from
-        WebCore/WebKit (a step in moving these class from WebCore:: to WTF::).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Forward.h:
-
-2010-08-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Fixed leak seen on buildbot.
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::operator()): Make out timer a RetainPtr,
-        since anything less would be uncivilized.
-
-2010-08-05  Andy Estes  <aestes@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Rename iOS-related OS and PLATFORM macros.
-        https://bugs.webkit.org/show_bug.cgi?id=43493
-        
-        Rename WTF_OS_IPHONE_OS to WTF_OS_IOS, WTF_PLATFORM_IPHONE to
-        WTF_PLATFORM_IOS, and WTF_PLATFORM_IPHONE_SIMULATOR to
-        WTF_PLATFORM_IOS_SIMULATOR.
-
-        * jit/ExecutableAllocator.h:
-        * jit/JITStubs.cpp:
-        * profiler/ProfilerServer.mm:
-        (-[ProfilerServer init]):
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::):
-        * wtf/Platform.h:
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::Collator::userDefault):
-
-2010-08-05  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=43464
-
-        Currently, the global object is being embedded in the JavaScriptCore
-        bytecode, however since the global object is the same for all opcodes
-        in a code block, we can have the global object just be a member of the
-        associated code block.
-
-        Additionally, I added an assert inside of emitOpcode that verifies
-        that the last generated opcode was of the correct length.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObject):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        * bytecode/Opcode.h:
-        (JSC::opcodeLength):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitOpcode):
-            Added an assert to check that the last generated opcode is the
-            correct length.
-        (JSC::BytecodeGenerator::rewindBinaryOp):
-            Changed the last opcode to op_end since the length will no longer
-            be correct.
-        (JSC::BytecodeGenerator::rewindUnaryOp):
-            Changed the last opcode to op_end since the length will no longer
-            be correct.
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitGetScopedVar):
-        (JSC::BytecodeGenerator::emitPutScopedVar):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_global_dynamic):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        * jit/JITStubs.cpp:
-        (JSC::cti_op_resolve_global):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-
-2010-08-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 43185 - Switch RegisterFile over to use PageAllocation
-
-        Remove platform-specific memory allocation code.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::~RegisterFile):
-        (JSC::RegisterFile::releaseExcessCapacity):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::grow):
-        (JSC::RegisterFile::checkAllocatedOkay):
-        * wtf/PageAllocation.cpp:
-        (WTF::PageAllocation::lastError):
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::allocate):
-        (WTF::PageAllocation::allocateAt):
-        (WTF::PageAllocation::allocateAligned):
-        (WTF::PageAllocation::pageSize):
-        (WTF::PageAllocation::isPageAligned):
-        (WTF::PageAllocation::isPowerOfTwo):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::commit):
-        (WTF::PageReservation::decommit):
-        (WTF::PageReservation::reserve):
-        (WTF::PageReservation::reserveAt):
-
-2010-08-05  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fixed https://bugs.webkit.org/show_bug.cgi?id=43401 where array 
-        content aren't properly initialized as part of unshift.  
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::unshiftCount):
-
-2010-08-05  Jian Li  <jianli@chromium.org>
-
-        Reviewed by David Levin.
-
-        Unify blob related feature defines to ENABLE(BLOB).
-        https://bugs.webkit.org/show_bug.cgi?id=43081
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-08-05  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Rubber-stamped by Xan Lopez.
-
-        Remove GHashTable left-overs. GHashTable is ref-counted, and is
-        correctly supported by GRefPtr.
-
-        * wtf/gobject/GOwnPtr.h:
-
-2010-08-05  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Unreviewed.
-
-        Typo fix that makes distcheck happy.
-
-        * GNUmakefile.am:
-
-2010-08-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt and Beth Dakin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=43461
-        Invalid NaN parsing
-        
-        * wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a
-        non-standard NaN representation, since our NaN encoding assumes that all
-        true NaNs have the standard bit pattern.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber): Don't allow an API client to accidentally specify
-        a non-standard NaN either.
-
-2010-08-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix part II.
-
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::systemReserve):
-
-2010-08-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::systemReserve):
-
-2010-08-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix - add new header to !Mac projects.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2010-08-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 43515 - Fix small design issues with PageAllocation, split out PageReservation.
-
-        The PageAllocation class has a number of issues:
-        * Changes in bug #43269 accidentally switched SYMBIAN over to use malloc/free to allocate
-          blocks of memory for the GC heap, instead of allocating RChunks.  Revert this change in
-          behaviour.
-        * In order for PageAllocation to work correctly on WinCE we should be decommitting memory
-          before deallocating.  In order to simplify understanding the expected state at deallocate,
-          split behaviour out into PageAllocation and PageReservation classes.  Require that all
-          memory be decommitted before calling deallocate on a PageReservation, add asserts to
-          enforce this.
-        * add many missing asserts.
-        * inline more functions.
-        * remove ability to create sub-PageAllocations from an existing PageAllocations object -
-          this presented an interface that would allow sub regions to be deallocated, which would
-          not have provided expected behaviour.
-        * remove writable/executable arguments to commit, this value can be cached at the point
-          the memory is reserved.
-        * remove writable/executable arguments to allocateAligned, protection other than RW is not
-          supported.
-        * add missing checks for overflow & failed allocation to mmap path through allocateAligned.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::intializePageSize):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::Allocation::Allocation):
-        (JSC::ExecutablePool::Allocation::base):
-        (JSC::ExecutablePool::Allocation::size):
-        (JSC::ExecutablePool::Allocation::operator!):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::allocInternal):
-        * runtime/AlignedMemoryAllocator.h:
-        (JSC::::allocate):
-        (JSC::::AlignedMemoryAllocator):
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocateBlock):
-        * runtime/Collector.h:
-        * wtf/PageAllocation.cpp:
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::operator!):
-        (WTF::PageAllocation::allocate):
-        (WTF::PageAllocation::allocateAt):
-        (WTF::PageAllocation::allocateAligned):
-        (WTF::PageAllocation::deallocate):
-        (WTF::PageAllocation::pageSize):
-        (WTF::PageAllocation::systemAllocate):
-        (WTF::PageAllocation::systemAllocateAt):
-        (WTF::PageAllocation::systemAllocateAligned):
-        (WTF::PageAllocation::systemDeallocate):
-        (WTF::PageAllocation::systemPageSize):
-        * wtf/PageReservation.h: Copied from JavaScriptCore/wtf/PageAllocation.h.
-        (WTF::PageReservation::PageReservation):
-        (WTF::PageReservation::commit):
-        (WTF::PageReservation::decommit):
-        (WTF::PageReservation::reserve):
-        (WTF::PageReservation::reserveAt):
-        (WTF::PageReservation::deallocate):
-        (WTF::PageReservation::systemCommit):
-        (WTF::PageReservation::systemDecommit):
-        (WTF::PageReservation::systemReserve):
-        (WTF::PageReservation::systemReserveAt):
-        * wtf/Platform.h:
-
-2010-08-04  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r64655.
-        http://trac.webkit.org/changeset/64655
-        https://bugs.webkit.org/show_bug.cgi?id=43496
-
-        JavaScriptCore references patch seems to have caused
-        regressions in QT and GTK builds (Requested by nlawrence on
-        #webkit).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * runtime/Collector.cpp:
-        (JSC::Heap::markConservatively):
-        * runtime/JSCell.h:
-        (JSC::JSValue::asCell):
-        (JSC::MarkStack::append):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::object):
-        * runtime/JSObject.h:
-        (JSC::JSObject::prototype):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSValue.h:
-        (JSC::JSValue::):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::asCell):
-        * runtime/MarkStack.h:
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorConstructor.h:
-        * runtime/Structure.h:
-        (JSC::Structure::storedPrototype):
-
-2010-08-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        Enable JSVALUE64 for CPU(PPC64).
-        Basic browsing seems to work.
-
-        * wtf/Platform.h:
-
-2010-08-04  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Refactoring MarkStack::append to take a reference.  This is in
-        preparation for movable objects when we will need to update pointers.
-        http://bugs.webkit.org/show_bug.cgi?id=41177
-
-        Unless otherwise noted, all changes are to either return by reference
-        or pass a reference to MarkStack::append.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::markAggregate):
-        * runtime/Collector.cpp:
-        (JSC::Heap::markConservatively):
-            Added a temporary variable to prevent marking from changing an
-            unknown value on the stack
-        * runtime/JSCell.h:
-        (JSC::JSValue::asCell):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::appendInternal):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::object):
-        * runtime/JSObject.h:
-        (JSC::JSObject::prototype):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSValue.h:
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::asCell):
-        * runtime/MarkStack.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::createStructure):
-            Changed the structure flags to include a custom markChildren.
-        (JSC::NativeErrorConstructor::markChildren):
-            Update the prototype of the stored structure.
-        * runtime/NativeErrorConstructor.h:
-            Added structure flags.
-        * runtime/Structure.h:
-        (JSC::Structure::storedPrototype):
-
-2010-08-03  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Tightened up some get_by_id_chain* code generation
-        https://bugs.webkit.org/show_bug.cgi?id=40935
-
-        This is in the style of
-        https://bugs.webkit.org/show_bug.cgi?id=30539, and changed code to
-        call accessor functions when it was not necessary to directly access
-        the private variables.
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2010-08-03  Adam Roben  <aroben@apple.com>
-
-        Turn on PLATFORM_STRATEGIES on Windows
-
-        Fixes <http://webkit.org/b/43431>.
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/Platform.h:
-
-2010-08-04  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Enable JSValue32_64 for GCC on ARM by default
-        https://bugs.webkit.org/show_bug.cgi?id=43410
-
-        * wtf/Platform.h:
-
-2010-08-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative windows build fix.
-
-        * wtf/Bitmap.h:
-
-2010-08-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix following r64624.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/PageAllocation.h:
-
-2010-08-03  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        https://bugs.webkit.org/show_bug.cgi?id=43269
-
-        Added new allocateAligned methods to PageAllocation.  In order to
-        prevent a regress in performance, the function needs to be inlined.
-
-        Additionally, I ported the symbian block allocator to use
-        PageAllocation and added a new WTF::Bitmap class to support this.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/AlignedMemoryAllocator.h: Added.
-        (JSC::AlignedMemory::deallocate):
-        (JSC::AlignedMemory::base):
-        (JSC::AlignedMemory::AlignedMemory):
-        (JSC::AlignedMemoryAllocator::destroy):
-        (JSC::AlignedMemoryAllocator::allocate):
-        (JSC::AlignedMemoryAllocator::AlignedMemoryAllocator):
-        (JSC::AlignedMemoryAllocator::~AlignedMemoryAllocator):
-        (JSC::AlignedMemoryAllocator::free):
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlock):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::allocate):
-        (JSC::Heap::shrinkBlocks):
-        (JSC::Heap::markConservatively):
-        (JSC::Heap::clearMarkBits):
-        (JSC::Heap::markedCells):
-        * runtime/Collector.h:
-        (JSC::CollectorHeap::collectorBlock):
-        * runtime/CollectorHeapIterator.h:
-        (JSC::CollectorHeapIterator::operator*):
-        (JSC::LiveObjectIterator::operator++):
-        (JSC::DeadObjectIterator::operator++):
-        * wtf/Bitmap.h: Added.
-        (WTF::Bitmap::get):
-        (WTF::Bitmap::set):
-        (WTF::Bitmap::clear):
-        (WTF::Bitmap::clearAll):
-        (WTF::Bitmap::advanceToNextFreeBit):
-        (WTF::Bitmap::count):
-        (WTF::Bitmap::isEmpty):
-        (WTF::Bitmap::isFull):
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::operator UnspecifiedBoolType):
-        (WTF::PageAllocation::allocateAligned):
-        (WTF::PageAllocation::reserveAligned):
-        * wtf/Platform.h:
-        * wtf/symbian: Removed.
-        * wtf/symbian/BlockAllocatorSymbian.cpp: Removed.
-        * wtf/symbian/BlockAllocatorSymbian.h: Removed.
-
-2010-08-03  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix for https://bugs.webkit.org/show_bug.cgi?id=43314.  The prior code
-        was using the wrong "length" value to move array contents when adding
-        space to the beginning of an array for an unshift() or similar
-        operation.  Instead of using m_vectorLength, the length of the
-        allocated JSValue array, the code was using m_length, the declared
-        length of the array.  These two values do not need to match.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::increaseVectorPrefixLength):
-
-2010-08-03  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix following https://bugs.webkit.org/show_bug.cgi?id=43089
-        (accidentally inverted a compiler version check).
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2010-08-03  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Implement DEFINE_STUB_FUNCTION for WinCE.
-        https://bugs.webkit.org/show_bug.cgi?id=34953
-
-        * jit/JITStubs.cpp:
-        (JSC::):
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-08-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 43390 - Do not CRASH if we run out of room for jit code.
-
-        Change the ExecutableAllocator implementations not to crash, and to return 0 if memory cannot be allocated.
-        The assemblers should pass this through without trying to use it in executableCopy.
-        Change the LinkBuffer to handle this, and to provide an allocationSuccessful() method to test for this.
-
-        Change the JIT to throw an exception if allocation fails.
-        Make JIT optimizations fail gracefully if memory cannot be allocated (use non-optimized path).
-        Change YARR JIT to fallback to PCRE 
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::executableCopy):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::allocationSuccessful):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::executableCopy):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initGetByIdSelfList):
-        (JSC::StructureStubInfo::initGetByIdProtoList):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutablePool::systemAlloc):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::allocInternal):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compilePatchGetArrayLength):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::setupPolymorphicProtoList):
-        * jit/JITStubs.h:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createOutOfMemoryError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::compile):
-
-2010-08-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed a crash seen on the GTK 64bit buildbot.
-        
-        When JSArray is allocated for the vptr stealing hack, it's not allocated
-        in the heap, so the JSArray constructor can't safely call Heap::heap().
-        
-        Since this was subtle enough to confuse smart people, I've changed JSArray
-        to have an explicit vptr stealing constructor.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-        (JSC::JSArray::):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs):
-
-2010-08-03  Alex Milowski  <alex@milowski.com>
-
-        Reviewed by Beth Dakin.
-
-        Changed the ENABLE_MATHML value to enable MathML by default.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-08-03  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Change to keep returned pointer from malloc family functions to
-        quiet memory leak detect.  The pointer is saved in the new m_allocBase
-        member of the ArrayStorage structure.  This fixes the issue found in 
-        https://bugs.webkit.org/show_bug.cgi?id=43229.
-
-        As part of this change, we use m_allocBase when reallocating and
-        freeing the memory associated with ArrayStorage.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::increaseVectorPrefixLength):
-        * runtime/JSArray.h:
-
-2010-08-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=43444
-        PLATFORM(CF) is false on Windows in JavaScriptCore
-
-        Moved some PLATFORM(WIN) #defines down into JavaScriptCore.
-
-        * wtf/Platform.h: Added WTF_PLATFORM_CF 1 and WTF_USE_PTHREADS 0, inherited
-        from WebCore/config.h. Removed WTF_USE_WININET 1 since WebCore/config.h
-        just #undefined that later.
-
-2010-08-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build: Don't use GCActivityCallbackCF on Windows, since
-        PLATFORM(CF) is not defined on Windows.
-        
-        We'll need to enable the GC activity callback some other way, but this
-        change should get the build back to normal.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-        * runtime/GCActivityCallbackCF.cpp: Make it easier to detect this error
-        in the future with an explicit error message.
-
-2010-08-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build: update .def file.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-08-03  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=41318
-        GC should reclaim garbage even when new objects are not being allocated rapidly
-
-        Added a callback in JavaScriptCore that gets triggered after an
-        allocation causes the heap to reset.  This is useful for adding a
-        timer that will trigger garbage collection after the "last" allocation.
-
-        Also needed was to add lock and unlock methods to JSLock that needed
-        only a JSGlobalData object versus an ExecState object.
-
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        * runtime/Collector.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::reset):
-        (JSC::Heap::setActivityCallback):
-        * runtime/Collector.h:
-        * runtime/GCActivityCallback.cpp: Added.
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::operator()):
-        * runtime/GCActivityCallback.h: Added.
-        (JSC::GCActivityCallback::~GCActivityCallback):
-        (JSC::GCActivityCallback::operator()):
-        (JSC::GCActivityCallback::GCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/GCActivityCallbackCF.cpp: Added.
-        (JSC::DefaultGCActivityCallbackPlatformData::trigger):
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::operator()):
-        * runtime/JSLock.cpp:
-        (JSC::JSLock::JSLock):
-        * runtime/JSLock.h:
-
-2010-08-02  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix after removal of need to compile ExecutableAllocatorPosix.cpp
-
-        * wscript:
-
-2010-08-02  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [QT] build fix for symbian
-        https://bugs.webkit.org/show_bug.cgi?id=43234
-
-        1) wrong order of passing param's
-        2) static_cast complains on symbian so using reinterpret_cast
-
-        No new tests added. Just a build fix for qt symbian
-
-        * wtf/PageAllocation.cpp:
-        (WTF::PageAllocation::commit):
-        (WTF::PageAllocation::decommit):
-        (WTF::PageAllocation::reserve):
-
-2010-07-30  Luiz Agostini  <luiz.agostini@openbossa.org>
-
-        Reviewed by Simon Fraser.
-
-        Enabling view modes to all platforms
-        https://bugs.webkit.org/show_bug.cgi?id=37505
-
-        Removing ENABLE_WIDGETS_10_SUPPORT flag.
-
-        As view mode media feature is not part of widget 1.0 specification
-        any more the ENABLE_WIDGETS_10_SUPPORT flag may be removed. The only use
-        of this flag was related to view mode media feature implementation in Qt. 
-
-        * wtf/Platform.h:
-
-2010-07-30  Andy Estes  <aestes@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Add Xcode support for compiling WebKit against iOS SDKs.
-        https://bugs.webkit.org/show_bug.cgi?id=42796
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-07-30  Dumitru Daniliuc  <dumi@chromium.org>
-
-        Reviewed by Davin Levin.
-
-        Added a yield() function.
-        https://bugs.webkit.org/show_bug.cgi?id=42843
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/Threading.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::yield):
-        * wtf/ThreadingWin.cpp:
-        (WTF::yield):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::yield):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::yield):
-
-2010-07-30  Rafael Antognolli  <antognolli@profusion.mobi>
-
-        Reviewed by Antonio Gomes.
-
-        [EFL] Add library version and soname to EFL generated libraries and binary.
-        https://bugs.webkit.org/show_bug.cgi?id=43212
-
-        Add version and soname to libjavascriptcore.so and libwtf.so in case of
-        linking as shared libraries, and version to jsc executable.
-
-        * CMakeLists.txt:
-        * jsc/CMakeLists.txt:
-        * wtf/CMakeLists.txt:
-
-2010-07-30  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [QT] build fix for symbian
-        https://bugs.webkit.org/show_bug.cgi?id=43234
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::PageAllocation):
-
-2010-07-29  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r64313.
-        http://trac.webkit.org/changeset/64313
-        https://bugs.webkit.org/show_bug.cgi?id=43233
-
-        Some Chromium bots are not happy with it for some unknown
-        reason. (Requested by dumi on #webkit).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/Threading.h:
-        * wtf/ThreadingPthreads.cpp:
-        * wtf/ThreadingWin.cpp:
-        * wtf/gtk/ThreadingGtk.cpp:
-        * wtf/qt/ThreadingQt.cpp:
-
-2010-07-29  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r64302.
-        http://trac.webkit.org/changeset/64302
-        https://bugs.webkit.org/show_bug.cgi?id=43223
-
-        Assertion is bogus (Requested by olliej on #webkit).
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::putShortUnchecked):
-        (JSC::AssemblerBuffer::putIntUnchecked):
-        (JSC::AssemblerBuffer::putInt64Unchecked):
-        * jit/JITStubs.cpp:
-        * pcre/pcre_compile.cpp:
-        (jsRegExpCompile):
-        * wtf/FastMalloc.cpp:
-        (WTF::PageHeapAllocator::New):
-        (WTF::TCMalloc_Central_FreeList::Populate):
-        * wtf/MD5.cpp:
-        (WTF::reverseBytes):
-        (WTF::MD5::addBytes):
-        (WTF::MD5::checksum):
-        * wtf/StdLibExtras.h:
-        * wtf/Vector.h:
-        (WTF::VectorBuffer::inlineBuffer):
-        * wtf/qt/StringQt.cpp:
-        (WebCore::String::String):
-
-2010-07-29  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Changed the handling for removing and adding elements at the front
-        of an array.  The code now keeps a bias that indicates the amount of
-        JSValue sized holes are prior to the ArrayStorage block.  This means
-        that shift operations are now memmove's of the header part of
-        the ArrayStorage and unshift operations are similar, but may require a
-        realloc first to create the space.  Similar operations are performed
-        for special cases of splice and slice.
-        Also optimized the new Array(size) case so that we don't allocate and
-        initialize array elements until the JS code starts using elements.
-        The array growth code is slightly more aggressive for initial growth
-        based on size growth of any previous array.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::getNewVectorLength):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::increaseVectorPrefixLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::subclassData):
-        (JSC::JSArray::setSubclassData):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (JSC::JSArray::length):
-        (JSC::JSArray::canGetIndex):
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::arrayStorage):
-        (JSC::JSArray::setArrayStorage):
-        (JSC::JSArray::markChildrenDirect):
-
-2010-07-29  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Changed MINIMUM_CELL_SIZE to be fixed at 64 bytes.
-
-        * runtime/Collector.h:
-
-2010-07-28  Dumitru Daniliuc  <dumi@chromium.org>
-
-        Reviewed by David Levin.
-
-        Added a yield() function.
-        https://bugs.webkit.org/show_bug.cgi?id=42843
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/Threading.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::yield):
-        * wtf/ThreadingWin.cpp:
-        (WTF::yield):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::yield):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::yield):
-
-2010-07-29  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed issue where RegExp greedy jit code loops when no input is
-        consumed.  Changed the code to only loop if some input was consumed,
-        but fall through if we successfully match an alternative that 
-        doesn't consume any input.
-        https://bugs.webkit.org/show_bug.cgi?id=42664
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateParenthesesGreedyNoBacktrack):
-
-2010-07-29  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Avoid increasing required alignment of target type warning on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=38045
-
-        The reinterpret_cast<Type1*>([pointer to Type2]) expressions - where
-        sizeof(Type1) > sizeof(Type2) - cause the following warning on ARM:
-        increases required alignment of target type warnings.
-        Casting the type of [pointer to Type2] object to void* bypasses the
-        warning.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::putShortUnchecked):
-        (JSC::AssemblerBuffer::putIntUnchecked):
-        (JSC::AssemblerBuffer::putInt64Unchecked):
-        * jit/JITStubs.cpp:
-        * pcre/pcre_compile.cpp:
-        (jsRegExpCompile):
-        * wtf/FastMalloc.cpp:
-        (WTF::PageHeapAllocator::New):
-        (WTF::TCMalloc_Central_FreeList::Populate):
-        * wtf/MD5.cpp:
-        (WTF::reverseBytes):
-        (WTF::MD5::addBytes):
-        (WTF::MD5::checksum):
-        * wtf/StdLibExtras.h:
-        (reinterpret_cast_ptr):
-        * wtf/Vector.h:
-        (WTF::VectorBuffer::inlineBuffer):
-        * wtf/qt/StringQt.cpp:
-        (WebCore::String::String):
-
-2010-07-29  Martin Robinson  <mrobinson@igalia.com>
-
-        Unreviewed build fix.
-
-        Include a missing header in the source list to fix 'make dist.'
-
-        * GNUmakefile.am: Include missing header.
-
-2010-07-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 43162 - Add support for MADV_FREE to PageAllocation.
-
-        * wtf/PageAllocation.cpp:
-        (WTF::PageAllocation::commit):
-        (WTF::PageAllocation::decommit):
-
-2010-07-27  Kinuko Yasuda  <kinuko@chromium.org>
-
-        Reviewed by Ojan Vafai.
-
-        Add FILE_SYSTEM build flag for FileSystem API
-        https://bugs.webkit.org/show_bug.cgi?id=42915
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Temporarily rolling out http://trac.webkit.org/changeset/64177,
-        this seems to give QT ARM/Win a headache (specifically, looks
-        like structure layour differs, objects get too large - 
-        "..\..\..\JavaScriptCore\runtime\ArrayPrototype.cpp:41:"
-        "error: size of array 'dummyclass_fits_in_cell' is negative").
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        * runtime/JSArray.cpp:
-        (JSC::increasedVectorLength):
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::subclassData):
-        (JSC::JSArray::setSubclassData):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (JSC::JSArray::length):
-        (JSC::JSArray::canGetIndex):
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::markChildrenDirect):
-
-2010-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative build fix for Chromium/Win
-
-        * wtf/Platform.h:
-
-2010-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Oh! that makes more sense!  Maybe C++-style comments are bringing teh bad mojo.
-
-        * wtf/Platform.h:
-
-2010-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative build fix for GTK/64 ... seems to be barfing on a comment o_O
-
-        * wtf/Platform.h:
-
-2010-07-27  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Changed the handling for removing and adding elements at the front
-        of an array.  The code now keeps a bias that indicates the amount of
-        JSValue sized holes are prior to the ArrayStorage block.  This means
-        that shift operations are now memmove's of the header part of
-        the ArrayStorage and unshift operations are similar, but may require a
-        realloc first to create the space.  Similar operations are performed
-        for special cases of splice and slice.
-        Also optimized the new Array(size) case so that we don't allocate and
-        initialize array elements until the JS code starts using elements.
-        The array growth code is slightly more aggressive for initial growth
-        based on size growth of any previous array.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::getNewVectorLength):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::increaseVectorPrefixLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToRegisters):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::subclassData):
-        (JSC::JSArray::setSubclassData):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (JSC::JSArray::length):
-        (JSC::JSArray::canGetIndex):
-        (JSC::JSArray::getIndex):
-        (JSC::JSArray::setIndex):
-        (JSC::JSArray::uncheckedSetIndex):
-        (JSC::JSArray::arrayStorage):
-        (JSC::JSArray::setArrayStorage):
-        (JSC::JSArray::markChildrenDirect):
-
-2010-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 43089 - Cleanup JIT related switched in Platform.h
-
-        The code the enable to JIT checks every permutation of platform & OS individually, but
-        now the JIT is enabled on the majority much all x86/x86-64/ARM/MIPS systems.  It should
-        be cleaner to just enable by default on these platforms, and explicitly disable on configs
-        that don't aren't supported.
-
-        Also, rename ENABLE_JIT_OPTIMIZE_MOD to ENABLE_JIT_USE_SOFT_MODULO.  I always find this
-        confusing since enabling this "optimization" would be possible, but would be a regression
-        on x86/x86-64 systems!  I think it's clearer to reserve "JIT_OPTIMIZE" for compiler
-        technologies applicable to all platforms, and make a more optional behaviour like this a
-        "USE".
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * wtf/Platform.h:
-
-2010-07-27  James Robinson  <jamesr@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        [chromium] Make PLATFORM(CHROMIUM) and not OS(MAC) turn USE(GLES2_RENDERING) on
-        https://bugs.webkit.org/show_bug.cgi?id=43084
-
-        This turns USE(GLES2_RENDERING) on for chromium on windows/linux.  This causes no
-        change in behavior, that's all controlled by ENABLE() macros that are currently off.
-
-        * wtf/Platform.h:
-
-2010-07-23  Helder Correia  <heldercorreia@codeaurora.org>
-
-        Reviewed by Darin Adler.
-
-        Canvas tests 2d.imageData.object.round and 2d.imageData.object.wrap are
-        failing. For canvas image data manipulation, the values passed should
-        be truncated and wrapped. Also fix the canvas-ImageData-behaviour test
-        to expect wrapping rather than clamping, and add some new checkings.
-        https://bugs.webkit.org/show_bug.cgi?id=40272
-
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::setIndex):
-        (JSC::JSByteArray::JSByteArray):
-
-2010-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 42621 - Add a bump allocator for the YARR interpreter
-
-        The regex engine requires lifo allocation, however currently uses the general purpose
-        malloc/free memory allocation.  A simple bump pointer allocator should provide a lower
-        overhead allocation solution.
-
-        When using YARR interpreter, 15% progression on v8-regex.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSGlobalData.h:
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        * wtf/BumpPointerAllocator.h: Added.
-        (WTF::BumpPointerPool::ensureCapacity):
-        (WTF::BumpPointerPool::alloc):
-        (WTF::BumpPointerPool::dealloc):
-        (WTF::BumpPointerPool::operator new):
-        (WTF::BumpPointerPool::BumpPointerPool):
-        (WTF::BumpPointerPool::create):
-        (WTF::BumpPointerPool::shrink):
-        (WTF::BumpPointerPool::destroy):
-        (WTF::BumpPointerPool::ensureCapacityCrossPool):
-        (WTF::BumpPointerPool::deallocCrossPool):
-        (WTF::BumpPointerAllocator::BumpPointerAllocator):
-        (WTF::BumpPointerAllocator::~BumpPointerAllocator):
-        (WTF::BumpPointerAllocator::startAllocator):
-        (WTF::BumpPointerAllocator::stopAllocator):
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::Interpreter::allocDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeDisjunctionContext):
-        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::freeParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::interpret):
-        (JSC::Yarr::Interpreter::Interpreter):
-        (JSC::Yarr::ByteCompiler::compile):
-        (JSC::Yarr::byteCompileRegex):
-        * yarr/RegexInterpreter.h:
-        (JSC::Yarr::BytecodePattern::BytecodePattern):
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix from Chromium/GTK build fix!
-
-        * wtf/PageAllocation.cpp:
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Chromium/GTK build fix
-
-        * wtf/PageAllocation.cpp:
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix for !Mac platforms.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 43009 - Abstract out page allocation from executable allocators
-
-        It would be great to have a single platform abstraction for block allocation, rather than copy/paste code.
-
-        In this initial implementation I've made Symbian fall back to use malloc/free for non-executable memory.
-        I think this will match current behaviour for the next client we will want to port across (RegisterFile &
-        Collector).
-
-        * CMakeListsEfl.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        (JSC::ExecutableAllocator::isValid):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::FixedVMPoolAllocator::isWithinVMPool):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * jit/ExecutableAllocatorPosix.cpp: Removed.
-        * jit/ExecutableAllocatorSymbian.cpp: Removed.
-        * jit/ExecutableAllocatorWin.cpp: Removed.
-        * wscript:
-        * wtf/PageAllocator.cpp: Added.
-        (WTF::protection):
-        (WTF::PageAllocation::commit):
-        (WTF::PageAllocation::decommit):
-        (WTF::PageAllocator::allocate):
-        (WTF::PageAllocator::reserve):
-        (WTF::PageAllocator::deallocate):
-        (WTF::PageAllocator::pagesize):
-        * wtf/PageAllocator.h: Added.
-        (WTF::PageAllocation::PageAllocation):
-        (WTF::PageAllocation::base):
-        (WTF::PageAllocation::size):
-        (WTF::PageAllocation::chunk):
-        (WTF::PageAllocation::operator!):
-        (WTF::PageAllocator::):
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Rolling out r64097:64100, oops, more b0rked than I relized by my last changes, sorry!
-
-        * CMakeListsEfl.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::reprotectRegion):
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::FixedVMPoolAllocator::isWithinVMPool):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * jit/ExecutableAllocatorPosix.cpp: Added.
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        (JSC::ExecutableAllocator::isValid):
-        * jit/ExecutableAllocatorSymbian.cpp: Added.
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        (JSC::ExecutableAllocator::isValid):
-        * jit/ExecutableAllocatorWin.cpp: Added.
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        (JSC::ExecutableAllocator::isValid):
-        * wscript:
-        * wtf/PageAllocation.cpp: Removed.
-        * wtf/PageAllocation.h: Removed.
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative !debug build fix II.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::PageAllocation):
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative !debug build fix.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::PageAllocation):
-
-2010-07-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 43009 - Abstract out page allocation from executable allocators
-
-        It would be great to have a single platform abstraction for block allocation, rather than copy/paste code.
-
-        In this initial implementation I've made Symbian fall back to use malloc/free for non-executable memory.
-        I think this will match current behaviour for the next client we will want to port across (RegisterFile &
-        Collector).
-
-        * CMakeListsEfl.txt:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::intializePageSize):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        (JSC::ExecutableAllocator::isValid):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::FixedVMPoolAllocator::isWithinVMPool):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * jit/ExecutableAllocatorPosix.cpp: Removed.
-        * jit/ExecutableAllocatorSymbian.cpp: Removed.
-        * jit/ExecutableAllocatorWin.cpp: Removed.
-        * wscript:
-        * wtf/PageAllocator.cpp: Added.
-        (WTF::protection):
-        (WTF::PageAllocation::commit):
-        (WTF::PageAllocation::decommit):
-        (WTF::PageAllocator::allocate):
-        (WTF::PageAllocator::reserve):
-        (WTF::PageAllocator::deallocate):
-        (WTF::PageAllocator::pagesize):
-        * wtf/PageAllocator.h: Added.
-        (WTF::PageAllocation::PageAllocation):
-        (WTF::PageAllocation::base):
-        (WTF::PageAllocation::size):
-        (WTF::PageAllocation::chunk):
-        (WTF::PageAllocation::operator!):
-        (WTF::PageAllocator::):
-
-2009-10-30  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Use the default timeout interval for JS as the HTML tokenizer delay for setHtml()
-
-        This ensures that long-running JavaScript (for example due to a modal alert() dialog),
-        will not trigger a deferred load after only 500ms (the default tokenizer delay) while
-        still giving a reasonable timeout (10 seconds) to prevent deadlock.
-
-        https://bugs.webkit.org/show_bug.cgi?id=29381
-
-        * runtime/TimeoutChecker.h: Add getter for the timeout interval
-
-2010-07-25  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Kent Tamura.
-
-        [WINCE] Buildfix for JSC in release mode
-        https://bugs.webkit.org/show_bug.cgi?id=42934
-
-        * jsc.cpp: Don't use __try on WinCE.
-
-2010-07-24  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        [MSVC] Ensure 4 byte alignment on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=42935
-
-        * jit/JITStubs.h: Added #pragma pack(4) around JITStackFrame.
-
-2010-07-24  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        [WINCE] Cleanup defines in Platform.h
-        https://bugs.webkit.org/show_bug.cgi?id=42933
-
-        * wtf/Platform.h:
-
-2010-07-23  Rafael Antognolli  <antognolli@profusion.mobi>
-
-        Reviewed by Antonio Gomes.
-
-        [EFL] Cleanup glib support (make it optional)
-        https://bugs.webkit.org/show_bug.cgi?id=42480
-
-        Remove gobject/GRefPtr.cpp if not using soup/glib.
-
-        * wtf/CMakeListsEfl.txt:
-
-2010-07-23  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Adam Roben.
-
-        [WINCE] Implement TCSpinLock.
-        https://bugs.webkit.org/show_bug.cgi?id=41792
-
-        Implement the SpinLock with InterlockedExchange from the Windows API.
-
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Lock):
-        (TCMalloc_SpinLock::Unlock):
-        (TCMalloc_SpinLock::IsHeld):
-        (TCMalloc_SpinLock::Init):
-        (TCMalloc_SlowLock):
-
-2010-07-22  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed rolling out r63947 and r63948, because they broke Qt Windows build.
-
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-
-2010-07-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Eeeep! r63947 hosed all non-x86 builds!
-
-        * jit/JITStubs.h:
-
-2010-07-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 42818 - [Qt] REGRESSION(63348): jsc is broken
-        Speculative fix, need fastcall conventions on Qt/Win.
-
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-
-2010-07-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Do more constant folding
-        https://bugs.webkit.org/show_bug.cgi?id=42867
-
-        Constant fold a few more operations.  SunSpider says this is
-        a win but I suspect that's just code motion at play.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::makeModNode):
-        (JSC::ASTBuilder::makeURightShiftNode):
-        (JSC::ASTBuilder::makeBitOrNode):
-        (JSC::ASTBuilder::makeBitAndNode):
-        (JSC::ASTBuilder::makeBitXOrNode):
-        (JSC::ASTBuilder::makeBinaryNode):
-
-2010-07-22  Kent Hansen  <kent.hansen@nokia.com>
-
-        Reviewed by Kent Tamura.
-
-        Error properties of the Global Object are missing the DontEnum attribute
-        https://bugs.webkit.org/show_bug.cgi?id=28771
-
-        Add the attributes to become spec compliant.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-
-2010-07-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        WebKit on Windows should build optionally with an unversioned ICU DLL
-        https://bugs.webkit.org/show_bug.cgi?id=42722
-        <rdar://problem/8211743> JavaScriptCore needs to link against unversioned ICU
-        
-        Dynamically create a new header, ICUVersion.h, as part of build-generated-files.sh.
-        Header contains a preprocessor define (U_DISABLE_RENAMING) indicating to ICU whether the ICU API
-        should be namespaced with the current ICU version number. Proper value is determined
-        by checking for the presence of libicuuc.lib, the unversioned copy of ICU.
-        
-        To get the proper value for U_DISABLE_RENAMING into all source files, we force
-        the include of ICUVersion.h (our generated header) via the compiler options.
-        
-        Since the versioned and unversioned ICU have different filenames (libicuuc.lib vs icuuc.lib)
-        we copy the ICU lib to an intermediate location under obj with a common name. This
-        allows us to link properly with either without adding a new build configuration.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        Copy ICU libs into a common location with a common name.
-        Add additional library search path to pick up icu lib.
-        Change ICU library filename specified to linker.
-        Add forced include of ICUVersion.h.
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Generate ICUVersion.h
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Add forced include of ICUVersion.h.
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        Copy ICU libs into a common location with a common name.
-        Add additional library search path to pick up icu lib.
-        Change ICU library filename specified to linker.
-        Add forced include of ICUVersion.h.
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
-        Copy ICU libs into a common location with a common name.
-        Add additional library search path to pick up icu lib.
-        Change ICU library filename specified to linker.
-        Add forced include of ICUVersion.h.
-
-2010-07-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Re-save vsprops files after no-op edits in Visual Studio
-        to fix manual edit issues.
-
-2010-07-20  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
-
-        Reviewed by Steve Block.
-
-        Need to be able to configure Geolocation policy regarding user permissions
-        https://bugs.webkit.org/show_bug.cgi?id=42068
-
-        If CLIENT_BASED_GEOLOCATION is enabled, enable preemtive permission policy
-        by default 
-
-        * wtf/Platform.h:
-        
-2010-07-20  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r63742.
-        http://trac.webkit.org/changeset/63742
-        https://bugs.webkit.org/show_bug.cgi?id=42641
-
-        Broke Leopard Intel build. (Requested by bbandix on #webkit).
-
-        * wtf/Platform.h:
-
-2010-07-20  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
-
-        Reviewed by Steve Block.
-
-        Need to be able to configure Geolocation policy regarding user permissions
-        https://bugs.webkit.org/show_bug.cgi?id=42068
-
-        If CLIENT_BASED_GEOLOCATION is enabled, enable preemtive permission policy
-        by default 
-
-        * wtf/Platform.h:
-        
-2010-07-19  Dirk Schulze  <krit@webkit.org>
-
-        Reviewed by Nikolas Zimmermann.
-
-        SVG CleanUp of SVGPathData parsing
-        https://bugs.webkit.org/show_bug.cgi?id=41410
-
-        Added piOverTwo to MathExtras.
-
-        * wtf/MathExtras.h:
-
-2010-07-19  Mike Moretti  <mike.moretti@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Symbian] Build fix after r63404.
-
-        Implement isValid() function for the Symbian executable allocator.
-
-        * jit/ExecutableAllocatorSymbian.cpp:
-        (JSC::ExecutableAllocator::isValid):
-
-2010-07-19  Chris Marrin  <cmarrin@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=42118
-        Disable WebGL on Leopard for now. 
-
-        LayoutTests fail on some graphics hardware on Leopard because one of the features we use,
-        GL_ARB_framebuffer_object, is not universally available in Leopard like it is in
-        SnowLeopard. This will allow LayoutTests to pass on Leopard until we add logic to use a
-        software OpenGL driver on machines without this support.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-07-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Use OwnPtr for CodeBlock objects
-        https://bugs.webkit.org/show_bug.cgi?id=42490
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::EvalExecutable): Moved this here and made it non-inline.
-        Eliminated the code that used to initialize the raw pointer since it's now
-        an OwnPtr.
-        (JSC::EvalExecutable::~EvalExecutable): Removed the explicit delete here.
-        (JSC::ProgramExecutable::ProgramExecutable): Ditto.
-        (JSC::ProgramExecutable::~ProgramExecutable): Ditto.
-        (JSC::FunctionExecutable::FunctionExecutable): Ditto.
-        (JSC::FunctionExecutable::~FunctionExecutable): Ditto.
-        (JSC::EvalExecutable::compileInternal): Added use of adoptPtr and get.
-        (JSC::ProgramExecutable::compileInternal): Ditto.
-        (JSC::FunctionExecutable::compileForCallInternal): Ditto.
-        (JSC::FunctionExecutable::compileForConstructInternal): Ditto.
-        (JSC::FunctionExecutable::recompile): Use clear instead of delete followed
-        by assignment of 0.
-
-        * runtime/Executable.h: Moved constructors to the cpp file and changed
-        raw pointers to OwnPtr.
-
-2010-07-19  Lucas De Marchi  <lucas.demarchi@profusion.mobi>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [EFL] Fix build on 64-bit systems. According to
-        JavaScriptCore/wtf/Platform.h, x86_64 uses fixed allocator, which
-        needs jit/ExecutableAllocatorFixedVMPool.cpp to be included in build
-        system.
-        https://bugs.webkit.org/show_bug.cgi?id=42559
-
-        * CMakeListsEfl.txt: add missing file for x86_64.
-
-2010-07-16  Leandro Pereira  <leandro@profusion.mobi>
-
-        [EFL] Unreviewed build system cleanup.
-
-        Move ExecutableAllocator{FixedVMPool,Posix,Symbian,Win}.cpp from
-        root CMakeLists.txt to the platform CMakeLists.txt.
-
-        * CMakeLists.txt:
-        * CMakeListsEfl.txt: Add ExecutableAllocatorPosix.cpp.
-
-2010-07-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        ES5 allows use of reserved words as IdentifierName
-        https://bugs.webkit.org/show_bug.cgi?id=42471
-
-        Modify the lexer to allow us to avoid identifying reserved
-        words in those contexts where they are valid identifiers, and
-        we know it's safe.  Additionally tag the reserved word tokens
-        so we can easily identify them in those cases where we can't
-        guarantee that we've skipped reserved word identification.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::next):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseMemberExpression):
-        * parser/JSParser.h:
-        (JSC::):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-        (JSC::Lexer::):
-
-2010-07-16  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        clang++ build fixes for JavaScriptCore and WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=42478
-
-        * runtime/RegExpKey.h:
-        (JSC::operator==):
-        Move the RegExpKey equals operator into the JSC namespace so it can be found by ADL.
-
-2010-07-16  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by David Levin.
-
-        Really add WARN_UNUSED_RESULT to leakRef
-        https://bugs.webkit.org/show_bug.cgi?id=42464
-
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::):
-        (WTF::NonNullPassRefPtr::):
-        Put the WARN_UNUSED_RESULT attribute at the right place.
-
-        * wtf/RetainPtr.h:
-        (WTF::RetainPtr::releaseRef):
-        Remove WARN_UNUSED_RESULT here for now, it leads to two warnings that need
-        to be fixed first.
-
-2010-07-15  Victor Wang  <victorw@chromium.org>
-
-        Reviewed by David Levin.
-
-        [Chromium] Disable c4291 for chromium windows multi dll build.
-
-        https://bugs.webkit.org/show_bug.cgi?id=42177
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2010-07-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Crash entering mail.yahoo.com
-        https://bugs.webkit.org/show_bug.cgi?id=42394
-    
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::argumentNumberFor): Added a NULL check. If the
-        identifier we're resolving is not a local variable, registerFor returns
-        NULL.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionBodyNode::emitBytecode): Unrelated to the crash, but I
-        noticed this while working on it: No need to NULL-check returnNode,
-        since an early return has already done so.
-
-2010-07-15  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Oliver Hunt.
-
-        [GTK] Simplify the distribution step
-        https://bugs.webkit.org/show_bug.cgi?id=42414
-
-        * GNUmakefile.am: Add extra dist files directly to EXTRA_DIST instead
-        of adding them by proxy via javascriptcore_dist. Sort the EXTRA_DIST list.
-        Refer to create_hash_table and create_regexp_tables directly, as is the
-        behavior with other code generation scripts.
-
-2010-07-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Fix dumping of op_put_by_id.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printPutByIdOp):
-
-2010-07-15  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Refactoring some parts of the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=41845
-
-        This patch is a precursor of refactoring the identifier
-        parsing, which currently slows down the lexer, and not
-        ready for landing. This patch contains those sources,
-        which does not slow down the lexer (mainly style changes).
-
-        SunSpider: no change (529.4ms to 528.7ms)
-        --parse-only: no change (31.0ms to 31.2ms)
-
-        * parser/Lexer.cpp:
-        (JSC::isIdentStart): using typesOfASCIICharacters to determine
-             whether the current character is in identifier start
-        (JSC::isIdentPart): using typesOfASCIICharacters to determine
-             whether the current character is in identifier part
-        (JSC::Lexer::parseString): style fix
-        (JSC::Lexer::lex): removing the else after the main which
-             which reduces code duplication
-
-2010-07-15  Mark Rowe  <mrowe@apple.com>
-
-        Update the sorting in the Xcode project files.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-07-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make sure that mixed interpreter/jit builds don't try to use the jit if the allocator fails
-        https://bugs.webkit.org/show_bug.cgi?id=42310
-
-        Add some null checks to deal with the Fixed VM allocator failing
-        to get the requested executable region, delay the creation of the
-        JITStubs in JSGlobalData until after we know whether we're using
-        the JIT.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::poolForSize):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::ExecutableAllocator::isValid):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutableAllocator::isValid):
-        * jit/ExecutableAllocatorWin.cpp:
-        (JSC::ExecutableAllocator::isValid):
-        * jit/JIT.cpp:
-        (JSC::JIT::linkCall):
-        (JSC::JIT::linkConstruct):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        (JSC::JIT::compileCTINativeCall):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_mod):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_mod):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::powThunkGenerator):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::getCTIStub):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::jitCompileRegex):
-
-2010-07-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative Qt/Windows build fix.
-
-        * jit/JITStubs.h:
-
-2010-07-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=42280
-        JIT_STUB_ARGUMENT_VA_LIST is only slowing us down! Remove it!
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * wtf/Platform.h:
-
-2010-07-14  Oliver Hunt  <oliver@apple.com>
-
-        RS=Geoff Garen.
-
-        Guard the CF path of interpreter vs. jit selection with PLATFORM(CF)
-
-        This allows the code to work on windows as well.  Also unifies the
-        environment variable with the preference name.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2010-07-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Don Melton.
-
-        Crash when trying to enable JIT and Interpreter in a single build.
-
-        CFPreferences code added at the last minute failed to account for
-        the preference not being present and then attempted to CFRelease
-        a null value.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2010-07-14  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Change indentations in the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=41845
-
-        This patch fixes an old, indentation error comes from kjs,
-        as webkit has a different style rule for switches, and change
-        the indentation of the main switch, which is a temporary
-        style error. This change makes easier to see the behavioural
-        changes in the follow-up patch.
-
-        No behavioural changes.
-
-        * parser/Lexer.cpp:
-        (JSC::singleEscape):
-        (JSC::Lexer::lex):
-
-2010-07-13  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r63262.
-        http://trac.webkit.org/changeset/63262
-        https://bugs.webkit.org/show_bug.cgi?id=42229
-
-        broke Windows compile (Requested by bweinstein on #webkit).
-
-        * API/tests/testapi.c:
-        (assertEqualsAsCharactersPtr):
-        (main):
-        * testapi.pro: Removed.
-
-2010-07-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        ES5 requires BOMs to be treated as whitespace
-        https://bugs.webkit.org/show_bug.cgi?id=42218
-
-        Add BOM character to the Lexer's definition of whitespace,
-        and remove the logic that dealt with stripping BOMs and
-        caching the cleaned string.
-
-        * parser/Lexer.h:
-        (JSC::Lexer::isWhiteSpace):
-        * parser/SourceProvider.h:
-        (JSC::UStringSourceProvider::create):
-        (JSC::UStringSourceProvider::UStringSourceProvider):
-        * wtf/text/StringImpl.h:
-
-2010-07-13  Andreas Kling  <andreas.kling@nokia.com>
-
-        Reviewed by Darin Adler.
-
-        Avoid slow-path for put() in Array.splice()
-        https://bugs.webkit.org/show_bug.cgi?id=41920
-
-        Defer creation of the returned array until its final size is known
-        to avoid growing it while adding elements.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray): Add two modes of creation, CreateInitialized (old)
-        and CreateCompact (which should only be used when constructing arrays whose
-        size and contents are known at the time of creation.)
-        (JSC::JSArray::setLength): Skip first consistency check if in CreateCompact
-        initialization mode. (Only applies to non-empty arrays.)
-        (JSC::JSArray::checkConsistency): Build fix (JSValue::type() is gone)
-        * runtime/JSArray.h:
-        (JSC::JSArray::uncheckedSetIndex): Added for fast initialization of compact
-        arrays. Does no bounds or other sanity checking.
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice): Optimized creation of the returned JSArray.
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk): Pass CreateInitialized to ctor.
-        * runtime/JSGlobalObject.h:
-        (JSC::constructEmptyArray): Pass CreateInitialized to ctor.
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpMatchesArray::RegExpMatchesArray): Pass CreateInitialized to ctor.
-
-2010-07-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 42207 - Clean up interface to compile executables, always check for exceptions
-
-        Presently interface to compile executable is inconsistent between eval/program and
-        function code, and is error prone in allowing a caller to byte compile without JIT
-        compiling an executable (we rely on all executables with codeblocks having JIT code).
-        Unify on an interface where all compilation is performed by a single compile (with
-        ForCall|ForConstruct variants) method, and make all clients check for errors.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * parser/Parser.h:
-        (JSC::Parser::isFunctionBodyNode):
-        (JSC::Parser::parse):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createStackOverflowError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::compile):
-        (JSC::EvalExecutable::generatedBytecode):
-        (JSC::EvalExecutable::generatedJITCode):
-        (JSC::ProgramExecutable::compile):
-        (JSC::ProgramExecutable::generatedBytecode):
-        (JSC::ProgramExecutable::generatedJITCode):
-        (JSC::FunctionExecutable::generatedBytecode):
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileForConstruct):
-        (JSC::FunctionExecutable::generatedJITCodeForConstructWithArityCheck):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::canUseJIT):
-
-2010-07-13  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Reviewed by Oliver Hunt.
-
-        testapi.c depends on the Core Foundation.
-        https://bugs.webkit.org/show_bug.cgi?id=40058
-
-        Separate CoreFoundation specific tests in JSC's testapi.c. Enabling it
-        to compile in Qt environments.
-
-        All tests should work except for the JSStringCreateWithCharacters() function,
-        because its tests depend on Core Foundation specific functions.
-
-        * API/tests/testapi.c:
-        (testJSStringRefCF): moved CoreFoundation specific tests to this function.
-        (main): The moves plus some minor tweaks.
-        * testapi.pro: Added.
-
-2010-07-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 42182 - Change how numeric compare functions are detected
-
-        There are three problems with the current mechanism:
-          * It requires that a function executable be bytecode compiled without
-            being JIT generated (in order to copy the bytecode from the numeric
-            compare function).  This is a problem since we have an invariant when
-            running with the JIT that functions are never bytecode compiled without
-            also being JIT generated (after checking the codeblock we assume the
-            function has JIT code).  To help maintain this invariant 
-          * This implementation will prevent us from experimenting with alternate
-            compilation paths which do not compile via bytecode.
-          * It doesn't work.  Functions passing more than two arguments will match
-            if they are comparing their last two arguments, not the first two.
-            Generally the mapping back from bytecode to semantics may be more
-            complex then initially expected.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::setIsNumericCompareFunction):
-        (JSC::BytecodeGenerator::argumentNumberFor):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BlockNode::singleStatement):
-        (JSC::FunctionBodyNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::isSubtract):
-        (JSC::BinaryOpNode::lhs):
-        (JSC::BinaryOpNode::rhs):
-        (JSC::SubNode::isSubtract):
-        (JSC::ReturnNode::value):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-
-2010-07-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        REGRESSION: Crash at JSC::JIT::privateCompile(JSC::MacroAssemblerCodePtr*)
-        https://bugs.webkit.org/show_bug.cgi?id=41763
-
-        There are two parts to this patch, the first is to fix the actual
-        problem.  When calling copyStringWithoutBOMs on a string we know
-        to contain BOMs we return a value indicating that there are no
-        BOMs.
-
-        The second part of this fix is simply to harden the path that
-        led to a crash when parsing failed.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-           Harden compilation stubs against parser failure.
-        * parser/Lexer.cpp:
-        (JSC::Lexer::sourceCode):
-           Add assertions to ensure that subranges into a source provider
-           are always actually braces.  Hopefully this should catch similar
-           failures in future.  These assertions fire on existing tests
-           without this fix.
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::tryJitCodeForCall):
-        (JSC::FunctionExecutable::tryJitCodeForConstruct):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::copyStringWithoutBOMs):
-           Make copyStringWithBOMs do the right thing.
-
-2010-07-13  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix the constant encoding in data transfer instructions on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=42166
-
-        The getImm function is designed to produce modified immediate constant
-        for data processing instructions. It should not be used to encode
-        any constant for data transfer. In the current situation there is no
-        way to use any immediate constant for data transfer. So, the moveImm
-        function is the desired method to pass the offset value to the data
-        transfer instructions.
-
-        Reported by Jacob Bramley.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::dataTransfer32):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::call32):
-
-2010-07-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        String to number coercion is not spec compliant
-        https://bugs.webkit.org/show_bug.cgi?id=31349
-
-        ToNumber should ignore NBSP (\u00a0)
-        https://bugs.webkit.org/show_bug.cgi?id=25490
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseIntOverflow): Added a version that works on UChar.
-        * runtime/JSGlobalObjectFunctions.h: Ditto.
-
-        * runtime/UString.cpp:
-        (JSC::isInfinity): Added helper functions.
-        (JSC::UString::toDouble): Use isStrWhiteSpace instead of
-        isSASCIISpace to define what we should skip. Got rid of the
-        code that used CString and UTF8String, instead processing the
-        UChar of the string directly, except for when we call strtod.
-        For strtod, use our own home-grown conversion function that
-        does not try to do any UTF-16 processing. Tidied up the logic
-        a bit as well.
-
-2010-07-12  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] make dist is broken because of missing headers and other miscellaneous reasons
-        https://bugs.webkit.org/show_bug.cgi?id=42107
-
-        * GNUmakefile.am: Add missing header to the sources list.
-
-2010-07-12  Adam Roben  <aroben@apple.com>
-
-        Stop generating stripped symbols for Release builds
-
-        It turns out we can strip the symbols after-the-fact using PDBCopy.
-
-        Fixes <http://webkit.org/b/42085>.
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        Removed the pre-link event, which just created the public\sym
-        directory.
-
-2010-07-12  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Add WARN_UNUSED_RETURN to the smart pointer "leak" member functions
-        https://bugs.webkit.org/show_bug.cgi?id=42086
-
-        * wtf/OwnPtr.h:
-        * wtf/PassOwnPtr.h:
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::releaseRef):
-        (WTF::NonNullPassRefPtr::leakRef):
-        (WTF::NonNullPassRefPtr::releaseRef):
-        * wtf/RetainPtr.h:
-        (WTF::RetainPtr::releaseRef):
-
-2010-07-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        HAVE_COMPUTED_GOTO is dependent on the interpreter being enabled
-        https://bugs.webkit.org/show_bug.cgi?id=42039
-
-        Separate the existence of computed goto support in the compiler
-        from whether or not we are using the interpreter.  All the current
-        HAVE(COMPUTED_GOTO) guards are for the interpreter, but I'd like
-        the option of using it elsewhere.  The interpreter now uses
-        ENABLE(COMPUTED_GOTO_INTERPRETER) 
-
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::getOpcode):
-        (JSC::Interpreter::getOpcodeID):
-        * wtf/Platform.h:
-
-2010-07-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove switches from inner expression loops in the parser
-        https://bugs.webkit.org/show_bug.cgi?id=42035
-
-        Use bitmasks and flags on the token types to identify unary and
-        binary operators, rather than switching on the token type to
-        identify them.
-
-        * parser/JSParser.cpp:
-        (JSC::isUnaryOp):
-        (JSC::JSParser::isBinaryOperator):
-        * parser/JSParser.h:
-        (JSC::):
-
-2010-07-09  Leon Clarke  <leonclarke@google.com>
-
-        Reviewed by Adam Barth.
-
-        add support for link prefetching
-        https://bugs.webkit.org/show_bug.cgi?id=3652
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-07-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Tidy up lexer token ids
-        https://bugs.webkit.org/show_bug.cgi?id=42014
-
-        Stop using character literals to identify single character tokens
-        and instead use symbolic names for all tokens.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::makeBinaryNode):
-        * parser/JSParser.cpp:
-        (JSC::JSParser::consume):
-        (JSC::JSParser::match):
-        (JSC::JSParser::autoSemiColon):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::allowAutomaticSemicolon):
-        (JSC::JSParser::parseDoWhileStatement):
-        (JSC::JSParser::parseWhileStatement):
-        (JSC::JSParser::parseVarDeclarationList):
-        (JSC::JSParser::parseConstDeclarationList):
-        (JSC::JSParser::parseForStatement):
-        (JSC::JSParser::parseReturnStatement):
-        (JSC::JSParser::parseWithStatement):
-        (JSC::JSParser::parseSwitchStatement):
-        (JSC::JSParser::parseSwitchClauses):
-        (JSC::JSParser::parseSwitchDefaultClause):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseDebuggerStatement):
-        (JSC::JSParser::parseStatement):
-        (JSC::JSParser::parseFormalParameters):
-        (JSC::JSParser::parseFunctionInfo):
-        (JSC::JSParser::parseExpressionOrLabelStatement):
-        (JSC::JSParser::parseIfStatement):
-        (JSC::JSParser::parseExpression):
-        (JSC::JSParser::parseAssignmentExpression):
-        (JSC::JSParser::parseConditionalExpression):
-        (JSC::isUnaryOp):
-        (JSC::JSParser::isBinaryOperator):
-        (JSC::JSParser::parseBinaryExpression):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseObjectLiteral):
-        (JSC::JSParser::parseStrictObjectLiteral):
-        (JSC::JSParser::parseArrayLiteral):
-        (JSC::JSParser::parsePrimaryExpression):
-        (JSC::JSParser::parseArguments):
-        (JSC::JSParser::parseMemberExpression):
-        (JSC::JSParser::parseUnaryExpression):
-        * parser/JSParser.h:
-        (JSC::):
-        * parser/Lexer.cpp:
-        (JSC::):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-
-2010-07-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 42015 - Enable JSValue32_64 on ARMv7
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * jit/JIT.h:
-        * jit/JITStubs.cpp:
-        * wtf/Platform.h:
-
-2010-07-09  Kenneth Russell  <kbr@google.com>
-
-        Reviewed by Dimitri Glazkov.
-
-        Assertion failure in String::utf8() for certain invalid UTF16 inputs
-        https://bugs.webkit.org/show_bug.cgi?id=41983
-
-        * wtf/text/WTFString.cpp:
-        (WebCore::String::utf8):
-         - Fixed assertion when sourceExhausted is returned from convertUTF16ToUTF8.
-
-2010-07-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove a couple of excess writes from the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=41981
-
-        Remove a couple of fields from JSTokenInfo, and rename the remaining ones
-        to something more accurate
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::next):
-        (JSC::JSParser::tokenStart):
-        (JSC::JSParser::tokenLine):
-        (JSC::JSParser::tokenEnd):
-        * parser/JSParser.h:
-        (JSC::JSTokenInfo::JSTokenInfo):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-
-2010-07-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Property declarations in an object literal should not consider the prototype chain when being added to the new object
-        https://bugs.webkit.org/show_bug.cgi?id=41929
-
-        To fix this all we need to do is ensure that all new properties are
-        added with putDirect rather than a fully generic call to put.  This
-        is safe as an object literal is by definition going to produce a
-        completely normal object.
-
-        Rather than duplicating all the put_by_id logic we add an additional
-        flag to op_put_by_id to indicate it should be using putDirect.  In
-        the interpreter this adds a runtime branch, but in the jit this is
-        essentially free as the branch is taken at compile time.  This does
-        actually improve object literal creation time even in the interpreter
-        as we no longer need to walk the prototype chain to verify that the
-        cached put is safe.
-
-        We still emit normal put_by_id code when emitting __proto__ as we want
-        to get the correct handling for changing the prototype.
-
-        Sunspider claims this is a 0.7% speedup which is conceivably real due
-        to the performance improvement in object literals, but I suspect its
-        really just the result of code motion.
-
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.h:
-        (JSC::JIT::compilePutByIdTransition):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchPutByIdReplace):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchPutByIdReplace):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirect):
-        (JSC::JSValue::putDirect):
-        * runtime/JSValue.h:
-
-2010-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        String.prototype methods should CheckObjectCoercible (test this is not null or undefined).
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::trimString):
-
-2010-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Date.prototype.toJSON takes one argument, report this correctly.
-
-        * runtime/DatePrototype.cpp:
-
-2010-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        RegExp's prototype should be an object of type RegExp.
-
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/RegExpPrototype.h:
-
-2010-07-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JavaScript parser violates ECMA automatic semicolon insertion rule
-        https://bugs.webkit.org/show_bug.cgi?id=41844
-
-        Remove (very) old and bogus logic that automatically inserted a semicolon
-        at the end of a script's source.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-
-2010-07-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Anders Carlson.
-
-        Tidy up the lexer
-
-        Remove some of the old yacc/lex-isms still present in the lexer
-
-        * parser/JSParser.h:
-        (JSC::):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-
-2010-07-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make object-literal parsing conformant with the spec.
-        https://bugs.webkit.org/show_bug.cgi?id=41892
-
-        Bring our parsing of object literals into conformance with the ES5 spec.
-        Basically disallow conflicting accessor vs. normal property definitions
-        The bulk of this patch is just fiddling to maintain performance.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createProperty):
-        (JSC::ASTBuilder::getName):
-        (JSC::ASTBuilder::getType):
-        * parser/JSParser.cpp:
-        (JSC::jsParse):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseObjectLiteral):
-        (JSC::JSParser::parseStrictObjectLiteral):
-        * parser/JSParser.h:
-        * parser/Lexer.cpp:
-        (JSC::Lexer::clear):
-        * parser/Lexer.h:
-        (JSC::Lexer::currentOffset):
-        (JSC::Lexer::setOffset):
-          Add logic to allow us to roll the lexer back in the input stream.
-        * parser/Nodes.h:
-        (JSC::PropertyNode::):
-        (JSC::PropertyNode::type):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::SourceProvider::isValid):
-        (JSC::SourceProvider::setValid):
-          SourceProvider now records whether the input text
-          has already been validated.
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::SyntaxChecker):
-        (JSC::SyntaxChecker::Property::Property):
-        (JSC::SyntaxChecker::Property::operator!):
-        (JSC::SyntaxChecker::createProperty):
-        (JSC::SyntaxChecker::createPropertyList):
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-          The SyntaxChecker mode now needs to maintain a bit more information
-          to ensure that we can validate object literals correctly.
-
-2010-07-08  Darin Adler  <darin@apple.com>
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::sharedInstance): Fix typo.
-
-2010-07-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fix assertion seen on the Leopard buildbot.
-        The single shared instance of JSGlobalData was not being
-        adopted after creation.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::sharedInstance): Do adoptRef and then leakRef.
-
-2010-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        BOMs are whitespace.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::isStrWhiteSpace):
-
-2010-07-08  Martin Robinson  <mrobinson@igalia.com>
-
-        Unreviewed.
-
-        Try fix the GTK+ build by touching this file.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-
-2010-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        GTK build fix take two.
-
-        * GNUmakefile.am:
-
-2010-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        GTK build fix.
-
-        * GNUmakefile.am:
-
-2010-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=41641
-
-        Update compile flags to allow use of ExecutableAllocatorFixedVMPool on platforms
-        other than x86-64 (this may be useful on 32-bit platforms, too).
-
-        Simplify ifdefs by dividing into thwo broad allocation strategies
-        (ENABLE_EXECUTABLE_ALLOCATOR_FIXED & ENABLE_EXECUTABLE_ALLOCATOR_DEMAND).
-
-        Rename constant used in the code to have names descriptive of their purpose,
-        rather than their specific value on a given platform.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::reprotectRegion):
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::ExecutablePool::systemAlloc):
-        * jit/ExecutableAllocatorPosix.cpp:
-        * jit/ExecutableAllocatorSymbian.cpp:
-        * jit/ExecutableAllocatorWin.cpp:
-        * wtf/Platform.h:
-
-2010-07-08  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gustavo Noronha.
-
-        Silence a few noisy build rules.
-
-        * GNUmakefile.am:
-
-2010-07-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r62765.
-        http://trac.webkit.org/changeset/62765
-        https://bugs.webkit.org/show_bug.cgi?id=41840
-
-        All jscore and layout tests crash on Qt bot (Requested by Ossy
-        on #webkit).
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::initializeScavenger):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-        (WTF::TCMalloc_PageHeap::scavengerThread):
-
-2010-07-08  Andreas Kling  <andreas.kling@nokia.com>
-
-        Reviewed by Oliver Hunt.
-
-        Interpreter: Crash in op_load_varargs on 64-bit
-        https://bugs.webkit.org/show_bug.cgi?id=41795
-
-        Added missing cast of argCount to int32_t in op_load_varargs.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-07-08  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make FastMalloc more portable.
-        https://bugs.webkit.org/show_bug.cgi?id=41790
-
-        Use WTF::Mutex instead of pthread_mutex_t and
-        replace pthread_cond_t with WTF::ThreadCondition.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::initializeScavenger):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-        (WTF::TCMalloc_PageHeap::scavengerThread):
-
-2010-07-08  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Remove needless #include <fcntl.h> from TCSystemAlloc.cpp.
-        https://bugs.webkit.org/show_bug.cgi?id=41777
-
-        * wtf/TCSystemAlloc.cpp:
-
-2010-07-07  Darin Adler  <darin@apple.com>
-
-        Fixed build in configurations like PowerPC.
-
-        * runtime/RegExpConstructor.cpp: Added include of PassOwnPtr.h.
-        * runtime/RegExpObject.cpp: Ditto.
-        * wtf/SizeLimits.cpp: Changed compile time assertion to work
-        even on platforms where two bool members do not end up taking
-        the same size as one int member!
-
-2010-07-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Lazy mode of parser allows invalid syntax in object literals.
-        https://bugs.webkit.org/show_bug.cgi?id=41809
-
-        Make the parser itself validate getter and setter syntax rather
-        than offloading it to the AST builder.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseProperty):
-
-2010-07-07  Dumitru Daniliuc  <dumi@chromium.org>
-
-        Reviewed by Adam Roben.
-
-        Revert r62689.
-        https://bugs.webkit.org/show_bug.cgi?id=41804
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::freeBlocks):
-
-2010-07-07  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        Add reverseFind to Vector and deploy in HTML5 parser
-        https://bugs.webkit.org/show_bug.cgi?id=41778
-
-        This method seems generally useful.  I'm slightly surprised we don't
-        have it already.
-
-        * wtf/Vector.h:
-        (WTF::::reverseFind):
-
-2010-07-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Turn on adoptRef assertion for RefCounted
-        https://bugs.webkit.org/show_bug.cgi?id=41547
-
-        * wtf/CrossThreadRefCounted.h: Fixed include style. Includes of other
-        WTF headers should use "" includes; consistent in most WTF headers.
-        Added a call to relaxAdoptionRequirement.
-
-        * wtf/RefCounted.h: Fixed include style. Removed LOOSE_REF_COUNTED.
-        Added relaxAdoptionRequirement.
-
-2010-07-07  Anders Carlsson  <andersca@apple.com>
-
-        Try to fix the Windows build.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::freeBlocks):
-
-2010-07-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Barth.
-
-        More OwnPtr work
-        https://bugs.webkit.org/show_bug.cgi?id=41727
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::setPrivateProperty): Use adoptPtr.
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::JSCallbackObject::JSCallbackObject): Ditto.
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock): Ditto.
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::createRareDataIfNecessary): Ditto.
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode): Ditto.
-        * parser/ParserArena.cpp:
-        (JSC::ParserArena::ParserArena): Ditto.
-        * runtime/Arguments.h:
-        (JSC::Arguments::Arguments): Ditto.
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compile): Ditto.
-        (JSC::ProgramExecutable::compile): Ditto.
-        (JSC::FunctionExecutable::compileForCall): Ditto.
-        (JSC::FunctionExecutable::compileForConstruct): Ditto.
-        (JSC::FunctionExecutable::reparseExceptionInfo): Ditto.
-        (JSC::EvalExecutable::reparseExceptionInfo): Ditto.
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort): Ditto.
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor): Ditto.
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject): Ditto.
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::createSingleCharacterString): Ditto.
-        (JSC::SmallStrings::singleCharacterStringRep): Ditto.
-
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::Collator::userDefault): Use adoptPtr.
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::ByteCompiler): Ditto.
-        (JSC::Yarr::ByteCompiler::compile): Ditto.
-        (JSC::Yarr::ByteCompiler::regexBegin): Ditto.
-        (JSC::Yarr::byteCompileRegex): Ditto.
-        * yarr/RegexInterpreter.h:
-        (JSC::Yarr::BytecodePattern::BytecodePattern): Ditto.
-
-2010-07-07  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Make clear set the pointer to 0 before deletion
-        https://bugs.webkit.org/show_bug.cgi?id=41727
-
-        * wtf/OwnArrayPtr.h: Changed code so we always set the pointer to its new
-        value before deleting the old one, including in the set function and the
-        clear function. This required changing safeDelete.
-        * wtf/OwnPtr.h: Ditto. Also removed some extra null checks.
-        * wtf/PassOwnPtr.h: Ditto.
-
-        * wtf/PassRefPtr.h: Changed code so we always set the pointer to its new
-        value before deref'ing the old one in the clear function. Also added a
-        leakRef function for NonNullPassRefPtr.
-        * wtf/RefPtr.h: Ditto.
-
-        * wtf/gobject/GOwnPtr.h: More of the same.
-        * wtf/gobject/GRefPtr.h: Ditto.
-
-2010-07-07  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Refactored string parsing inside the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=41606
-
-        Does not use goto. Although the last sunspider
-        parse-only tests yields 1.044x speedup, I think the
-        patch can have a slight improvement at most.
-
-        * parser/Lexer.cpp:
-        (JSC::singleEscape):
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-
-2010-07-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Make it possible to have both the JIT and Interpreter available in a single build
-        https://bugs.webkit.org/show_bug.cgi?id=41722
-
-        Separate the concept of !ENABLE(JIT) and ENABLE(INTERPRETER) and make it possible
-        to have both JIT and INTERPRETER enabled at the same time.  This doesn't add
-        support for mix mode execution, but it does allow a single build to contain all
-        the code needed to use either the interpreter or the jit.
-
-        If both ENABLE(INTERPRETER) and ENABLE(JIT) are true then setting the environment
-        variable JSC_FORCE_INTERPRETER will force JSC to use the interpreter.
-
-        This patch basically consists of replacing !ENABLE(JIT) with ENABLE(INTERPRETER),
-        or converting #if ENABLE(JIT) ... #else ... into #if ENABLE(JIT) ... #endif
-        #if ENABLE(INTERPRETER), etc.  There are also a few functions that need to be
-        renamed to resolve return type ambiguity.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::returnVPC):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::generateJITCode):
-        (JSC::ProgramExecutable::generateJITCode):
-        (JSC::FunctionExecutable::generateJITCodeForCall):
-        (JSC::FunctionExecutable::generateJITCodeForConstruct):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        * runtime/JSFunction.cpp:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::canUseJIT):
-        * wtf/Platform.h:
-
-2010-07-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Add adoptPtr and leakPtr functions for OwnPtr and PassOwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=41320
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary): Use assignment
-        instead of set since the result of reparseExceptionInfo is now a
-        PassOwnPtr.
-
-        * bytecode/CodeBlock.h: Change extractExceptionInfo to return a
-        PassOwnPtr instead of a raw pointer.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::reparseExceptionInfo): Return a PassOwnPtr.
-        (JSC::EvalExecutable::reparseExceptionInfo): Ditto.
-        (JSC::ProgramExecutable::reparseExceptionInfo): Added. This was
-        in the header before, but it's better to not have it there to reduce
-        header dependencies. Return a PassOwnPtr.
-
-        * runtime/Executable.h: Made reparseExceptionInfo return a PassOwnPtr,
-        and put it in the private sections of classes other than the base class.
-
-        * wtf/MessageQueue.h:
-        (WTF::MessageQueue::append): Use leakPtr instead of release.
-        (WTF::MessageQueue::appendAndCheckEmpty): Ditto.
-        (WTF::MessageQueue::prepend): Ditto.
-
-        * wtf/OwnPtr.h: Tweaked formatting. Changed the release function to return
-        a PassOwnPtr rather than a raw pointer. Added a leakPtr function that
-        returns a raw pointer. Put the constructor that takes a raw pointer and
-        the set function into a section guarded by LOOSE_OWN_PTR. Adapted to the
-        new adoptPtr function from PassOwnPtr.h.
-
-        * wtf/PassOwnPtr.h: Tweaked formatting. Renamed the release function
-        to leakPtr. Added an adoptPtr function that creates a new PassOwnPtr.
-        Put the constructor and assignment operators that take a raw pointer
-        into a section guarded by LOOSE_PASS_OWN_PTR.
-
-2010-07-06  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler
-
-        Update comment in StringExtras.h to be more accurate.
-
-        * wtf/StringExtras.h:
-
-2010-07-06  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r62511.
-        http://trac.webkit.org/changeset/62511
-        https://bugs.webkit.org/show_bug.cgi?id=41686
-
-        Breaks Linux/64bit compilation (Requested by xan_ on #webkit).
-
-        * jit/ExecutableAllocator.cpp:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::ExecutablePool::systemAlloc):
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutableAllocator::reprotectRegion):
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/ExecutableAllocatorSymbian.cpp:
-        * jit/ExecutableAllocatorWin.cpp:
-        * wtf/Platform.h:
-
-2010-07-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=41641
-
-        Update compile flags to allow use of ExecutableAllocatorFixedVMPool on platforms
-        other than x86-64 (this may be useful on 32-bit platforms, too).
-
-        Simplify ifdefs by dividing into thwo broad allocation strategies
-        (ENABLE_EXECUTABLE_ALLOCATOR_FIXED & ENABLE_EXECUTABLE_ALLOCATOR_DEMAND).
-
-        Rename constant used in the code to have names descriptive of their purpose,
-        rather than their specific value on a given platform.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::reprotectRegion):
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::ExecutablePool::systemAlloc):
-        * jit/ExecutableAllocatorPosix.cpp:
-        * jit/ExecutableAllocatorSymbian.cpp:
-        * jit/ExecutableAllocatorWin.cpp:
-        * wtf/Platform.h:
-
-2010-07-05  Steve Block  <steveblock@google.com>
-
-        Reviewed by Darin Adler.
-
-        ThreadingPthreads.cpp should use JNIUtility.h on Android, not outdated jni_utility.h
-        https://bugs.webkit.org/show_bug.cgi?id=41594
-
-        * wtf/ThreadingPthreads.cpp:
-
-2010-07-04  Mark Rowe  <mrowe@apple.com>
-
-        Build fix after r62456.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Be slightly more consistent in using uint32_t to prevent
-        warnings about comparisons between signed and unsigned types, and attempts to call an overload
-        of std::min that doesn't exist.
-
-2010-07-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=41553
-        Make StringExtras.h versions of snprintf and vsnprintf match the unix versions.
-
-        - MSVC does not ensure the buffers are null terminated as the unix versions do.
-
-        * runtime/JSGlobalObjectFunctions.cpp: Cleanup includes.
-        * runtime/UString.cpp: Clean up includes.
-        (JSC::UString::from): Don't pass sizeof(buf) - 1, that is wrong.
-        * wtf/StringExtras.h:
-        (snprintf): Ensure null termination of buffer.
-        (vsnprintf): Ditto.
-
-2010-07-03  Yong Li  <yoli@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Make Arguments::MaxArguments clamping work for numbers >= 0x80000000 in
-        the interpreter as well as the JIT.
-
-        https://bugs.webkit.org/show_bug.cgi?id=41351
-        rdar://problem/8142141
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Fix signed integer overflow problem
-        in op_load_varargs handling. 0xFFFFFFFF was read as -1.
-
-2010-06-26  Jeremy Orlow  <jorlow@chromium.org>
-
-        Reviewed by Dumitru Daniliuc.
-
-        Support for keys and in-memory storage for IndexedDB
-        https://bugs.webkit.org/show_bug.cgi?id=41252
-
-        Set the role to Private.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-07-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Move BOM handling out of the lexer and parser
-        https://bugs.webkit.org/show_bug.cgi?id=41539
-
-        Doing the BOM stripping in the lexer meant that we could
-        end up having to strip the BOMs from a source multiple times.
-        To deal with this we now require all strings provided by
-        a SourceProvider to already have had the BOMs stripped.
-        This also simplifies some of the lexer logic.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode):
-        (JSC::Lexer::sourceCode):
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::UStringSourceProvider::create):
-        (JSC::UStringSourceProvider::getRange):
-        (JSC::UStringSourceProvider::UStringSourceProvider):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::copyStringWithoutBOMs):
-
-2010-07-03  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Kent Tamura.
-
-        [WINCE] Implement Unicode::isAlphanumeric and Unicode::isArabicChar.
-        https://bugs.webkit.org/show_bug.cgi?id=41411
-
-        * wtf/unicode/wince/UnicodeWince.cpp:
-        (WTF::Unicode::isAlphanumeric):
-        * wtf/unicode/wince/UnicodeWince.h:
-        (WTF::Unicode::isArabicChar):
-
-2010-07-03  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Change the CRASH() macro to print "WebKit CRASH" log.
-        https://bugs.webkit.org/show_bug.cgi?id=41524
-
-        Print "WebKit CRASH" before crashing.
-
-        * wtf/Assertions.h:
-
-2010-07-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 41565 - Repatching in ARMv7Assembler::repatchLoadPtrToLEA is broken
-
-        This method tried to repatch a LDR (T2) into an ADD (T3) - but it only
-        repatches the first instruction word.  The layout of the fields in the
-        second word is different, and also needs repatching.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::repatchLoadPtrToLEA):
-
-2010-07-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Clamp the number of arguments supported by function.apply
-        https://bugs.webkit.org/show_bug.cgi?id=41351
-        <rdar://problem/8142141>
-
-        Add clamping logic to function.apply similar to that
-        enforced by firefox.  We have a smaller clamp than
-        firefox as our calling convention means that stack
-        usage is proportional to argument count -- the firefox
-        limit is larger than you could actually call.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.h:
-        (JSC::Arguments::):
-
-2010-07-02  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Oliver Hunt.
-
-        Re-enable JIT_OPTIMIZE_NATIVE_CALL on MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=40179
-
-        Add the MIPS part to re-enable JIT_OPTIMIZE_NATIVE_CALL.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * wtf/Platform.h:
-
-2010-07-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 41552 - Clean up ARMv7 vfp code generation
-        Emit separate opcode individually, remove magic numbers.
-
-        Also remove invalid assert from JSImmediate (number cells are not CELL_MASK aligned).
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::):
-        (JSC::ARMv7Assembler::vadd_F64):
-        (JSC::ARMv7Assembler::vcmp_F64):
-        (JSC::ARMv7Assembler::vcvt_F64_S32):
-        (JSC::ARMv7Assembler::vcvtr_S32_F64):
-        (JSC::ARMv7Assembler::vdiv_F64):
-        (JSC::ARMv7Assembler::vldr):
-        (JSC::ARMv7Assembler::vmov_F64_0):
-        (JSC::ARMv7Assembler::vmov):
-        (JSC::ARMv7Assembler::vmrs):
-        (JSC::ARMv7Assembler::vmul_F64):
-        (JSC::ARMv7Assembler::vstr):
-        (JSC::ARMv7Assembler::vsub_F64):
-        (JSC::ARMv7Assembler::VFPOperand::VFPOperand):
-        (JSC::ARMv7Assembler::VFPOperand::bits1):
-        (JSC::ARMv7Assembler::VFPOperand::bits4):
-        (JSC::ARMv7Assembler::vcvtOp):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchDouble):
-        * runtime/JSImmediate.h:
-        (JSC::JSValue::isCell):
-
-2010-07-02  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r62410.
-        http://trac.webkit.org/changeset/62410
-        https://bugs.webkit.org/show_bug.cgi?id=41549
-
-        accursed last minute changes (Requested by olliej on #webkit).
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode):
-        (JSC::Lexer::copyCodeWithoutBOMs):
-        (JSC::Lexer::sourceCode):
-        * parser/SourceProvider.h:
-        (JSC::):
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::SourceProvider::hasBOMs):
-        (JSC::UStringSourceProvider::create):
-        (JSC::UStringSourceProvider::getRange):
-        (JSC::UStringSourceProvider::UStringSourceProvider):
-        * wtf/text/StringImpl.h:
-
-2010-07-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=41548
-        Use snprintf instead of sprintf everywhere in JavaScriptCore
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::globalFuncEscape):
-        * runtime/UString.cpp:
-        (JSC::UString::from):
-
-2010-07-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Move BOM handling out of the lexer and parser
-        https://bugs.webkit.org/show_bug.cgi?id=41539
-
-        Doing the BOM stripping in the lexer meant that we could
-        end up having to strip the BOMs from a source multiple times.
-        To deal with this we now require all strings provided by
-        a SourceProvider to already have had the BOMs stripped.
-        This also simplifies some of the lexer logic.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode):
-        (JSC::Lexer::sourceCode):
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::UStringSourceProvider::create):
-        (JSC::UStringSourceProvider::getRange):
-        (JSC::UStringSourceProvider::UStringSourceProvider):
-        * wtf/text/StringImpl.h:
-        (WebCore::StringImpl::copyStringWithoutBOMs):
-
-2010-07-02  Renata Hodovan  <reni@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-        
-        [ Updated after rollout. ]
-
-        Merged RegExp constructor and RegExp::create methods.
-        Both functions are called with three parameters and check whether 
-        flags (the third param) is given or not.
-        Avoid extra hash lookups in RegExpCache::create by passing a pre-computed
-        iterator parameter.
-        https://bugs.webkit.org/show_bug.cgi?id=41055
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * runtime/RegExp.h:
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpCache.h:
-
-2010-07-02  Martin Robinson  <mrobinson@igalia.com>
-
-        Unreviewed. Build fix for GTK+.
-
-        Build Lexer.lut.h with the rest of the .lut.h files. Later these should
-        all probably be moved to DerivedSources.
-
-        * GNUmakefile.am:
-
-2010-06-23  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [GTK] Separate DerivedSources per-project
-        https://bugs.webkit.org/show_bug.cgi?id=41109
-
-        Generate JavaScriptCore derived sources in <builddir>/DerivedSources/JavaScriptCore.
-
-        * GNUmakefile.am:
-
-2010-07-02  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        The alternativeFrameLocation value is wrong in the emitDisjunction function in
-        case of PatternTerm::TypeParentheticalAssertion. This value needs to be
-        computed from term.frameLocation instead of term.inputPosition. This mistake caused glibc
-        memory corruption in some cases.
-        Layout test added for checking of TypeParentheticalAssertion case.
-        https://bugs.webkit.org/show_bug.cgi?id=41458
-
-        * yarr/RegexInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-
-2010-07-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add a FixedArray template to encapsulate fixed length arrays
-        https://bugs.webkit.org/show_bug.cgi?id=41506
-
-        This new type is used in place of fixed length C arrays so
-        that debug builds can guard against attempts to go beyond
-        the end of the array.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Opcode.cpp:
-        (JSC::OpcodeStats::~OpcodeStats):
-        * pcre/pcre_compile.cpp:
-        (calculateCompiledPatternLength):
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::allocate):
-        * runtime/Collector.h:
-        (JSC::CollectorBitmap::clearAll):
-        * runtime/CollectorHeapIterator.h:
-        (JSC::CollectorHeapIterator::operator*):
-        * runtime/DateInstanceCache.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::replaceCharacter):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSStringFinalizerStruct::):
-        * runtime/NumericStrings.h:
-        * runtime/RegExpCache.h:
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::singleCharacterStrings):
-        * wtf/AVLTree.h:
-        * wtf/FixedArray.h: Added.
-        (WTF::FixedArray::operator[]):
-        (WTF::FixedArray::data):
-
-2010-07-01  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Improve the main lexer switch by mapping input characters to their type
-        https://bugs.webkit.org/show_bug.cgi?id=41459
-
-        Sunsipder: no change (from 532.9ms to 531.5ms)
-        SunSpider --parse-only: 1.025x as fast (from 33.1ms to 32.3ms)
-
-        * parser/Lexer.cpp:
-        (JSC::):
-        (JSC::Lexer::lex):
-
-2010-07-01  Sam Weinig  <sam@webkit.org>
-
-        Rubber-stamped by Ander Carlsson.
-
-        Define HAVE_HOSTED_CORE_ANIMATION on Snow Leopard.
-
-        * wtf/Platform.h:
-
-2010-07-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 41490 - Add missing operations to MacroAssemblerARMv7
-        Also, make single, double, quad register numbers in ARMv7Assembler distinct & strongly typed.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMRegisters::):
-        (JSC::ARMRegisters::asSingle):
-        (JSC::ARMRegisters::asDouble):
-        (JSC::VFPImmediate::VFPImmediate):
-        (JSC::VFPImmediate::isValid):
-        (JSC::VFPImmediate::value):
-        (JSC::ARMv7Assembler::singleRegisterMask):
-        (JSC::ARMv7Assembler::doubleRegisterMask):
-        (JSC::ARMv7Assembler::):
-        (JSC::ARMv7Assembler::add_S):
-        (JSC::ARMv7Assembler::neg):
-        (JSC::ARMv7Assembler::orr_S):
-        (JSC::ARMv7Assembler::sub):
-        (JSC::ARMv7Assembler::sub_S):
-        (JSC::ARMv7Assembler::vadd_F64):
-        (JSC::ARMv7Assembler::vcmp_F64):
-        (JSC::ARMv7Assembler::vcvt_F64_S32):
-        (JSC::ARMv7Assembler::vcvtr_S32_F64):
-        (JSC::ARMv7Assembler::vdiv_F64):
-        (JSC::ARMv7Assembler::vldr):
-        (JSC::ARMv7Assembler::vmov_F64_0):
-        (JSC::ARMv7Assembler::vmov):
-        (JSC::ARMv7Assembler::vmul_F64):
-        (JSC::ARMv7Assembler::vstr):
-        (JSC::ARMv7Assembler::vsub_F64):
-        (JSC::ARMv7Assembler::vcvt):
-        (JSC::ARMv7Assembler::vmem):
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::fpTempRegisterAsSingle):
-        (JSC::MacroAssemblerARMv7::neg32):
-        (JSC::MacroAssemblerARMv7::loadDouble):
-        (JSC::MacroAssemblerARMv7::divDouble):
-        (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
-        (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARMv7::zeroDouble):
-        (JSC::MacroAssemblerARMv7::branchOr32):
-        (JSC::MacroAssemblerARMv7::set32):
-        (JSC::MacroAssemblerARMv7::set8):
-        * assembler/MacroAssemblerMIPS.h:
-        * assembler/MacroAssemblerX86Common.h:
-
-2010-07-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Improve reentrancy logic in polymorphic cache stubs
-        <https://bugs.webkit.org/show_bug.cgi?id=41482>
-        <rdar://problem/8094380>
-
-        Make the polymorphic cache stubs handle reentrancy
-        better.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::getPolymorphicAccessStructureListSlot):
-
-2010-07-01  Antti Koivisto  <koivisto@iki.fi>
-
-        Revert accidental commit.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocateBlock):
-
-2010-06-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Add assertion, off by default, for when you forget to do adoptRef
-        https://bugs.webkit.org/show_bug.cgi?id=41422
-
-        * wtf/PassRefPtr.h: Tweaked formatting. Added a new adopted
-        function, called on the pointer by adoptRef, with an empty inline
-        default version, meant to be overloaded. Unified the inlining
-        with a macro named REF_DEREF_INLINE to make it clearer what's
-        going on in the refIfNotNull/derefIfNotNull functions. Renamed
-        releaseRef to leakRef, but left the old name in for compatibility
-        for now.
-
-        * wtf/RefCounted.h: Added code to require adoption and assert if
-        you don't call adoptRef. For now, it is turned off because of the
-        LOOSE_REF_COUNTED define in this header. Later we can turn it on
-        once we get everything working without asserting.
-
-2010-06-29  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 41238 - RegExp performance slow on Dromaeo benchmark
-
-        Other javascript engines appear to cache prior results of regular 
-        expression operations.
-
-        Suggest adding some sort of caching mechanism to regular expression 
-        processing.
-
-        Added a single entry cache of match() results to RegExp class.
-
-        Also added performance improvements to UString == operator.
-        First check the impls for equality.  Then get the length of
-        each of the non-null impls.  Next check the sizes for equality.
-        Then check the data for the case of different impls that point 
-        to the same data (most likely due to substrings from the beginning of
-        another string).  Lastly we check the underlying data for equality.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        * runtime/UString.h:
-        (JSC::operator==):
-
-2010-06-29  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        WTF::HashSet iterators are quasi-mutable.  Changing the value through
-        dereferencing an iterator will not change the behavior of methods like
-        contains or find, but will change the behavior of iterating.
-
-        * wtf/HashSet.h:
-        (WTF::::begin):
-        (WTF::::end):
-        (WTF::::find):
-        (WTF::::remove):
-        * wtf/HashTable.h:
-
-2010-06-29  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] Clean up the source lists in the GNUMakefile.am files
-        https://bugs.webkit.org/show_bug.cgi?id=41229
-
-        Clean up the GNUMakefile.am a little bit. Alphabetize and conglomerate
-        the source lists.
-
-        * GNUmakefile.am:
-
-2010-06-29  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Fix QtScript build after QScriptValuePrivate ctor changes
-        https://bugs.webkit.org/show_bug.cgi?id=41307
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::prototype):
-        * qt/benchmarks/qscriptengine/qscriptengine.pro:
-
-2010-06-28  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] QScriptEngine API should contain a newArray function
-        https://bugs.webkit.org/show_bug.cgi?id=39115
-
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::newArray):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::newArray):
-        * qt/api/qscriptengine_p.h:
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::newArray):
-
-2010-06-28  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gustavo Noronha.
-
-        Install jsc as jsc-X where X is the major API version to allow
-        parallel installation of both GTK+ 2.x and 3.x versions.
-
-        * GNUmakefile.am:
-
-2010-06-28  John Gregg  <johnnyg@google.com>
-
-        Reviewed by Kent Tamura.
-
-        add ENABLE_DIRECTORY_UPLOAD build support
-        https://bugs.webkit.org/show_bug.cgi?id=41100
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-06-28  Xan Lopez  <xlopez@igalia.com>
-
-        Revert to build jsc, since the tests expect this.
-
-        * GNUmakefile.am:
-
-2010-06-28  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Only one character lookahead should be enough for the lexer
-        https://bugs.webkit.org/show_bug.cgi?id=41213
-
-        The lexer had 4 character lookahead before, which required
-        a complex shifting mechanism. This can be improved by using
-        only one character lookahead for most decisions, and a
-        peek() function as a fallback when it is absolutely necessary.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::currentCharacter):
-        (JSC::Lexer::currentOffset):
-        (JSC::Lexer::setCode):
-        (JSC::Lexer::shift):
-        (JSC::Lexer::peek):
-        (JSC::Lexer::getUnicodeCharacter):
-        (JSC::Lexer::shiftLineTerminator):
-        (JSC::Lexer::lastTokenWasRestrKeyword):
-        (JSC::Lexer::lex):
-        (JSC::Lexer::scanRegExp):
-        (JSC::Lexer::skipRegExp):
-        * parser/Lexer.h:
-
-2010-06-28  Lucas De Marchi  <lucas.demarchi@profusion.mobi>
-
-        Unreviewed build fix.
-
-        [EFL] Build fix for latest version of Ecore library.
-        Ecore recently changed return type of callbacks from int to Eina_Bool.
-
-        * wtf/efl/MainThreadEfl.cpp:
-        (WTF::timeoutFired): Return Eina_Bool instead of int.
-
-2010-06-28  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] QScriptValue should have API for accessing object properties
-        https://bugs.webkit.org/show_bug.cgi?id=40903
-
-        Make possible to access properties inside QScriptValues. While this
-        still doesn't support the ResolveLocal parameter, it is already useful
-        for testing the API.
-
-        The tests from upstream QtScript weren't imported since most of them
-        depend on the setProperty() function as well. A simple test was created.
-
-        * qt/api/qscriptvalue.cpp:
-        (QScriptValue::property):
-        * qt/api/qscriptvalue.h:
-        (QScriptValue::):
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::property):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.cpp:
-        (tst_QScriptValue::propertySimple):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-
-2010-06-28  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gustavo Noronha.
-
-        [GTK] Add support for GTK+3
-        https://bugs.webkit.org/show_bug.cgi?id=41253
-
-        Suffix jsc with the API version of the library, so that
-        libwebkitgtk 1.x and 3.x can install jsc.
-
-        * GNUmakefile.am:
-
-2010-06-27  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Turn ENABLE(SINGLE_THREADED) on.
-        https://bugs.webkit.org/show_bug.cgi?id=41135
-
-        Brew MP does not support preemptive multi-threading.
-        Disable threading for Brew MP.
-
-        * wtf/Platform.h:
-
-2010-06-26  Tony Gentilcore  <tonyg@chromium.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add an ENABLE_WEB_TIMING option for enabling Web Timing support.
-        https://bugs.webkit.org/show_bug.cgi?id=38924
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-06-25  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        We assume in testapi.c that the value aHeapRef refers to will not be
-        moved.  When we have movable objects, this will not be the case.
-
-        * API/tests/testapi.c:
-        (main):
-
-2010-06-25  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r61924.
-        http://trac.webkit.org/changeset/61924
-        https://bugs.webkit.org/show_bug.cgi?id=41240
-
-        It was rolled out, but cq+ wasn't removed (Requested by Ossy_
-        on #webkit).
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        * runtime/RegExp.h:
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpCache.h:
-
-2010-06-25  Renata Hodovan  <reni@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        Merge RegExp constructor and RegExp::create methods into one.
-        Both of function are called with tree parameters and check whether 
-        flags (the third param) is given or not.
-        Simplify hash lookups in RegExpCache::create with giving them an extra 
-        iterator parameter.
-        https://bugs.webkit.org/show_bug.cgi?id=41055
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * runtime/RegExp.h:
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpCache.h:
-
-2010-06-25  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Introduce QtScript benchmarks.
-
-        The QtScript performance should be tested regularly. The patch introduces
-        micro benchmarks for existing API.
-
-        [Qt] Performance of the QtScript API is not tested.
-        https://bugs.webkit.org/show_bug.cgi?id=40911
-
-        * qt/benchmarks/benchmarks.pri: Copied from JavaScriptCore/qt/tests/tests.pri.
-        * qt/benchmarks/benchmarks.pro: Added.
-        * qt/benchmarks/qscriptengine/qscriptengine.pro: Added.
-        * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Added.
-        (tst_QScriptEngine::checkSyntax_data):
-        (tst_QScriptEngine::checkSyntax):
-        (tst_QScriptEngine::constructor):
-        (tst_QScriptEngine::evaluateString_data):
-        (tst_QScriptEngine::evaluateString):
-        (tst_QScriptEngine::evaluateProgram_data):
-        (tst_QScriptEngine::evaluateProgram):
-        (tst_QScriptEngine::newObject):
-        (tst_QScriptEngine::nullValue):
-        (tst_QScriptEngine::undefinedValue):
-        (tst_QScriptEngine::globalObject):
-        (tst_QScriptEngine::toStringHandle):
-        * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Added.
-        * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Added.
-        (tst_QScriptValue::tst_QScriptValue):
-        (tst_QScriptValue::~tst_QScriptValue):
-        (tst_QScriptValue::values_data):
-        (tst_QScriptValue::ctorBool):
-        (tst_QScriptValue::ctorReal):
-        (tst_QScriptValue::ctorNumber):
-        (tst_QScriptValue::ctorQString):
-        (tst_QScriptValue::ctorCString):
-        (tst_QScriptValue::ctorSpecial):
-        (tst_QScriptValue::ctorQScriptValue):
-        (tst_QScriptValue::isValid_data):
-        (tst_QScriptValue::isValid):
-        (tst_QScriptValue::isBool_data):
-        (tst_QScriptValue::isBool):
-        (tst_QScriptValue::isNumber_data):
-        (tst_QScriptValue::isNumber):
-        (tst_QScriptValue::isFunction_data):
-        (tst_QScriptValue::isFunction):
-        (tst_QScriptValue::isNull_data):
-        (tst_QScriptValue::isNull):
-        (tst_QScriptValue::isString_data):
-        (tst_QScriptValue::isString):
-        (tst_QScriptValue::isUndefined_data):
-        (tst_QScriptValue::isUndefined):
-        (tst_QScriptValue::isObject_data):
-        (tst_QScriptValue::isObject):
-        (tst_QScriptValue::isError_data):
-        (tst_QScriptValue::isError):
-        (tst_QScriptValue::toString_data):
-        (tst_QScriptValue::toString):
-        (tst_QScriptValue::toNumber_data):
-        (tst_QScriptValue::toNumber):
-        (tst_QScriptValue::toBool_data):
-        (tst_QScriptValue::toBool):
-        (tst_QScriptValue::toInteger_data):
-        (tst_QScriptValue::toInteger):
-        (tst_QScriptValue::toInt32_data):
-        (tst_QScriptValue::toInt32):
-        (tst_QScriptValue::toUInt32_data):
-        (tst_QScriptValue::toUInt32):
-        (tst_QScriptValue::toUInt16_data):
-        (tst_QScriptValue::toUInt16):
-        (tst_QScriptValue::toObject_data):
-        (tst_QScriptValue::toObject):
-        (tst_QScriptValue::equals_data):
-        (tst_QScriptValue::equals):
-        (tst_QScriptValue::strictlyEquals_data):
-        (tst_QScriptValue::strictlyEquals):
-        (tst_QScriptValue::instanceOf_data):
-        (tst_QScriptValue::instanceOf):
-
-2010-06-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Remove old js parser
-        https://bugs.webkit.org/show_bug.cgi?id=41222
-
-        Remove the old yacc parser, this also solves the tiger problem.  Which
-        was a conflict between yacc generated token values and those in the
-        custom parser
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pro:
-        * GNUmakefile.am:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * parser/Grammar.y: Removed.
-        * parser/JSParser.cpp:
-        * parser/JSParser.h:
-        * parser/Lexer.cpp:
-        * parser/NodeConstructors.h:
-        (JSC::Node::Node):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * wtf/Platform.h:
-
-2010-06-25  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        New QtScript API; setPrototype() and prototype().
-
-        This patch implements QScriptValue's prototype accessors.
-
-        [Qt] QScriptValue should have accessors to a prototype.
-        https://bugs.webkit.org/show_bug.cgi?id=39356
-
-        * qt/api/qscriptvalue.cpp:
-        (QScriptValue::prototype):
-        (QScriptValue::setPrototype):
-        * qt/api/qscriptvalue.h:
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::prototype):
-        (QScriptValuePrivate::setPrototype):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.cpp:
-        (tst_QScriptValue::getSetPrototype):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-
-2010-06-25  Lucas De Marchi  <lucas.demarchi@profusion.mobi>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [CMake] Add option to enable JIT.
-        JIT is disabled by default, but now it's possible to enable it through
-        an option to CMake: -DENABLE_JIT will enable it.
-        https://bugs.webkit.org/show_bug.cgi?id=40936
-
-        * CMakeLists.txt: Add missing files and re-sort.
-
-2010-06-25  Lucas De Marchi  <lucas.demarchi@profusion.mobi>
-
-        Reviewed by Gustavo Noronha Silva.
-
-        [CMake] Remove unused variable in EFL build system. It was previously
-        being used to set the flags of each port but it was superseded by
-        other flags.
-        https://bugs.webkit.org/show_bug.cgi?id=40931
-
-        * jsc/CMakeLists.txt:
-
-2010-06-25  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Aligning AssemblerBuffer to 128 bytes gives a 0.4% speedup on
-        sunspider.
-
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::AssemblerBuffer):
-
-2010-06-25  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r61842.
-        http://trac.webkit.org/changeset/61842
-        https://bugs.webkit.org/show_bug.cgi?id=41208
-
-        It broke Windows build (Requested by Ossy_ on #webkit).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * wtf/OwnPtrCommon.h:
-        * wtf/brew/OwnPtrBrew.h: Removed.
-        * wtf/win/OwnPtrWin.h: Removed.
-
-2010-06-25  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r61833.
-        http://trac.webkit.org/changeset/61833
-        https://bugs.webkit.org/show_bug.cgi?id=41205
-
-        It broke Leopard and GTK (Requested by Ossy_ on #webkit).
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        * runtime/RegExp.h:
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpCache.h:
-
-2010-06-25  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Adam Barth.
-
-        Change OwnPtrCommon to include platform-specific headers
-        https://bugs.webkit.org/show_bug.cgi?id=40279
-
-        Adding new type to OwnPtrCommon needlessly causes all ports to do full rebuilds.
-        Change OwnPtrCommon to include platform-specific headers to avoid all ports rebuilds.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * wtf/OwnPtrCommon.h:
-        * wtf/brew/OwnPtrBrew.h: Added.
-        * wtf/win/OwnPtrWin.h: Added.
-
-2010-06-25  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Darin Adler.
-
-        Add the possibility for a head and footer section to create_jit_stubs.
-        https://bugs.webkit.org/show_bug.cgi?id=36050
-
-        * create_jit_stubs:
-
-2010-06-24  Renata Hodovan  <reni@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        Merge RegExp constructor and RegExp::create methods into one.
-        Both of function are called with tree parameters and check whether 
-        flags (the third param) is given or not.
-        Simplify hash lookups in RegExpCache::create with giving them an extra 
-        iterator parameter.
-        https://bugs.webkit.org/show_bug.cgi?id=41055
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * runtime/RegExp.h:
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpCache.h:
-
-2010-06-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Incorrect use of '+ 4' and 0 instead of tag and payload offsets in JSValue32_64
-        https://bugs.webkit.org/show_bug.cgi?id=41193
-
-        I noticed a use of '+ 4' in some of the 32_64 code paths and realised there
-        were a few places where endianness was being hardcoded.  This patch fixes
-        the errors i could find through code inspection.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-
-2010-06-24  Oliver Hunt  <oliver@apple.com>
-
-        Build fix
-
-        Temporarily get the tiger bot working again by disabling the
-        new JS parser.  GCC on tiger is miscompiling the parser and
-        I don't have access to a tiger machine right now.
-
-        * wtf/Platform.h:
-
- 2010-06-21  Nathan Lawrence  <nlawrence@apple.com>
-
-         Reviewed by Geoff Garen.
-
-         https://bugs.webkit.org/show_bug.cgi?id=40128
-         Fixed broken debug functionality.
-
-         * interpreter/Interpreter.cpp:
-         (JSC::Interpreter::dumpRegisters):
-             Fixed to work with updated call frame.
-         * runtime/JSImmediate.h:
-         (JSC::JSValue::isCell):
-             Added assert for aligned cell.
-         * runtime/JSValue.cpp:
-         (JSC::JSValue::description):
-             Fixed to work with current JSValue implementation.
-         * runtime/JSZombie.cpp:
-         (JSC::JSZombie::leakedZombieStructure):
-             JSombies compile again.
-
-2010-06-24  Leandro Pereira  <leandro@profusion.mobi>
-
-        Unreviewed build fix.
-
-        * CMakeLists.txt: Add JSParser.cpp.
-
-2010-06-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Single character string replacement may replace too many characters
-        https://bugs.webkit.org/show_bug.cgi?id=41138
-        <rdar://problem/8097496>
-
-        Simple fix to stop the rope path of single character replacement
-        once the first replacement occurs.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::replaceCharacter):
-
-2010-06-24  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix the length of instruction stream controlled by constant pool
-        https://bugs.webkit.org/show_bug.cgi?id=40293
-
-        The initial/maximum length of instruction stream (m_maxDistance) should
-        be set when the first constant arrives to the constant pool. Otherwise
-        the constant pool could be placed into an uninterrupted sequence.
-
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (JSC::):
-
-2010-06-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        We assume bytecodeOffset will always return a value > 1,
-        so we adjust the failure case to return 1 instead of 0.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-
-2010-06-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Custom-written JavaScript parser
-        https://bugs.webkit.org/show_bug.cgi?id=34019
-
-        Implement a recursive descent parser similar to that used by V8 and
-        SpiderMonkey.  Greater than 2x improvement in SunSpider parsing tests.
-
-        The parser consists of a JSParser class that uses a TreeBuilder to actually
-        build the AST.  There are currently two builders -- the ASTBuilder and
-        SyntaxChecker which separate the job of building an AST for code generation
-        and simply checking syntactic correctness.
-
-        There's still some less than ideal code remaining in the parser to allow
-        us to retain the existing lexing code with minimal changes.  We'll tidy
-        this up at a later date.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * parser/ASTBuilder.h: Added.
-        (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo):
-        (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo):
-        (JSC::ASTBuilder::ASTBuilder):
-        (JSC::ASTBuilder::createSourceElements):
-        (JSC::ASTBuilder::varDeclarations):
-        (JSC::ASTBuilder::funcDeclarations):
-        (JSC::ASTBuilder::features):
-        (JSC::ASTBuilder::numConstants):
-        (JSC::ASTBuilder::appendToComma):
-        (JSC::ASTBuilder::createCommaExpr):
-        (JSC::ASTBuilder::createLogicalNot):
-        (JSC::ASTBuilder::createUnaryPlus):
-        (JSC::ASTBuilder::createVoid):
-        (JSC::ASTBuilder::thisExpr):
-        (JSC::ASTBuilder::createResolve):
-        (JSC::ASTBuilder::createObjectLiteral):
-        (JSC::ASTBuilder::createArray):
-        (JSC::ASTBuilder::createNumberExpr):
-        (JSC::ASTBuilder::createString):
-        (JSC::ASTBuilder::createBoolean):
-        (JSC::ASTBuilder::createNull):
-        (JSC::ASTBuilder::createBracketAccess):
-        (JSC::ASTBuilder::createDotAccess):
-        (JSC::ASTBuilder::createRegex):
-        (JSC::ASTBuilder::createNewExpr):
-        (JSC::ASTBuilder::createConditionalExpr):
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createFunctionExpr):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createArguments):
-        (JSC::ASTBuilder::createArgumentsList):
-        (JSC::ASTBuilder::createProperty):
-        (JSC::ASTBuilder::createPropertyList):
-        (JSC::ASTBuilder::createElementList):
-        (JSC::ASTBuilder::createFormalParameterList):
-        (JSC::ASTBuilder::createClause):
-        (JSC::ASTBuilder::createClauseList):
-        (JSC::ASTBuilder::setUsesArguments):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createBlockStatement):
-        (JSC::ASTBuilder::createExprStatement):
-        (JSC::ASTBuilder::createIfStatement):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::createEmptyStatement):
-        (JSC::ASTBuilder::createVarStatement):
-        (JSC::ASTBuilder::createReturnStatement):
-        (JSC::ASTBuilder::createBreakStatement):
-        (JSC::ASTBuilder::createContinueStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createSwitchStatement):
-        (JSC::ASTBuilder::createWhileStatement):
-        (JSC::ASTBuilder::createDoWhileStatement):
-        (JSC::ASTBuilder::createLabelStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::createThrowStatement):
-        (JSC::ASTBuilder::createDebugger):
-        (JSC::ASTBuilder::createConstStatement):
-        (JSC::ASTBuilder::appendConstDecl):
-        (JSC::ASTBuilder::appendStatement):
-        (JSC::ASTBuilder::addVar):
-        (JSC::ASTBuilder::combineCommaNodes):
-        (JSC::ASTBuilder::evalCount):
-        (JSC::ASTBuilder::appendBinaryExpressionInfo):
-        (JSC::ASTBuilder::operatorStackPop):
-        (JSC::ASTBuilder::operatorStackHasHigherPrecedence):
-        (JSC::ASTBuilder::getFromOperandStack):
-        (JSC::ASTBuilder::shrinkOperandStackBy):
-        (JSC::ASTBuilder::appendBinaryOperation):
-        (JSC::ASTBuilder::operatorStackAppend):
-        (JSC::ASTBuilder::popOperandStack):
-        (JSC::ASTBuilder::appendUnaryToken):
-        (JSC::ASTBuilder::unaryTokenStackLastType):
-        (JSC::ASTBuilder::unaryTokenStackLastStart):
-        (JSC::ASTBuilder::unaryTokenStackRemoveLast):
-        (JSC::ASTBuilder::assignmentStackAppend):
-        (JSC::ASTBuilder::createAssignment):
-        (JSC::ASTBuilder::Scope::Scope):
-        (JSC::ASTBuilder::setExceptionLocation):
-        (JSC::ASTBuilder::incConstants):
-        (JSC::ASTBuilder::usesThis):
-        (JSC::ASTBuilder::usesCatch):
-        (JSC::ASTBuilder::usesClosures):
-        (JSC::ASTBuilder::usesArguments):
-        (JSC::ASTBuilder::usesAssignment):
-        (JSC::ASTBuilder::usesWith):
-        (JSC::ASTBuilder::usesEval):
-        (JSC::ASTBuilder::createNumber):
-        (JSC::ASTBuilder::makeTypeOfNode):
-        (JSC::ASTBuilder::makeDeleteNode):
-        (JSC::ASTBuilder::makeNegateNode):
-        (JSC::ASTBuilder::makeBitwiseNotNode):
-        (JSC::ASTBuilder::makeMultNode):
-        (JSC::ASTBuilder::makeDivNode):
-        (JSC::ASTBuilder::makeAddNode):
-        (JSC::ASTBuilder::makeSubNode):
-        (JSC::ASTBuilder::makeLeftShiftNode):
-        (JSC::ASTBuilder::makeRightShiftNode):
-        (JSC::ASTBuilder::makeFunctionCallNode):
-        (JSC::ASTBuilder::makeBinaryNode):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/JSParser.cpp: Added.
-        (JSC::JSParser::AllowInOverride::AllowInOverride):
-        (JSC::JSParser::AllowInOverride::~AllowInOverride):
-        (JSC::JSParser::token):
-        (JSC::JSParser::next):
-        (JSC::JSParser::consume):
-        (JSC::JSParser::match):
-        (JSC::JSParser::tokenStart):
-        (JSC::JSParser::tokenLine):
-        (JSC::JSParser::tokenEnd):
-        (JSC::JSParser::):
-        (JSC::JSParser::autoSemiColon):
-        (JSC::JSParser::canRecurse):
-        (JSC::JSParser::lastTokenEnd):
-        (JSC::jsParse):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::allowAutomaticSemicolon):
-        (JSC::JSParser::parseSourceElements):
-        (JSC::JSParser::parseVarDeclaration):
-        (JSC::JSParser::parseConstDeclaration):
-        (JSC::JSParser::parseDoWhileStatement):
-        (JSC::JSParser::parseWhileStatement):
-        (JSC::JSParser::parseVarDeclarationList):
-        (JSC::JSParser::parseConstDeclarationList):
-        (JSC::JSParser::parseForStatement):
-        (JSC::JSParser::parseBreakStatement):
-        (JSC::JSParser::parseContinueStatement):
-        (JSC::JSParser::parseReturnStatement):
-        (JSC::JSParser::parseThrowStatement):
-        (JSC::JSParser::parseWithStatement):
-        (JSC::JSParser::parseSwitchStatement):
-        (JSC::JSParser::parseSwitchClauses):
-        (JSC::JSParser::parseSwitchDefaultClause):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseDebuggerStatement):
-        (JSC::JSParser::parseBlockStatement):
-        (JSC::JSParser::parseStatement):
-        (JSC::JSParser::parseFormalParameters):
-        (JSC::JSParser::parseFunctionBody):
-        (JSC::JSParser::parseFunctionInfo):
-        (JSC::JSParser::parseFunctionDeclaration):
-        (JSC::JSParser::parseExpressionOrLabelStatement):
-        (JSC::JSParser::parseExpressionStatement):
-        (JSC::JSParser::parseIfStatement):
-        (JSC::JSParser::parseExpression):
-        (JSC::JSParser::parseAssignmentExpression):
-        (JSC::JSParser::parseConditionalExpression):
-        (JSC::isUnaryOp):
-        (JSC::JSParser::isBinaryOperator):
-        (JSC::JSParser::parseBinaryExpression):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseObjectLiteral):
-        (JSC::JSParser::parseArrayLiteral):
-        (JSC::JSParser::parsePrimaryExpression):
-        (JSC::JSParser::parseArguments):
-        (JSC::JSParser::parseMemberExpression):
-        (JSC::JSParser::parseUnaryExpression):
-        * parser/JSParser.h: Added.
-        (JSC::):
-        (JSC::JSTokenInfo::JSTokenInfo):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-        (JSC::Lexer::setLastLineNumber):
-        (JSC::Lexer::lastLineNumber):
-        * parser/NodeConstructors.h:
-        (JSC::Node::Node):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-        * parser/SyntaxChecker.h: Added.
-        (JSC::SyntaxChecker::SyntaxChecker):
-        (JSC::SyntaxChecker::createSourceElements):
-        (JSC::SyntaxChecker::makeFunctionCallNode):
-        (JSC::SyntaxChecker::appendToComma):
-        (JSC::SyntaxChecker::createCommaExpr):
-        (JSC::SyntaxChecker::makeAssignNode):
-        (JSC::SyntaxChecker::makePrefixNode):
-        (JSC::SyntaxChecker::makePostfixNode):
-        (JSC::SyntaxChecker::makeTypeOfNode):
-        (JSC::SyntaxChecker::makeDeleteNode):
-        (JSC::SyntaxChecker::makeNegateNode):
-        (JSC::SyntaxChecker::makeBitwiseNotNode):
-        (JSC::SyntaxChecker::createLogicalNot):
-        (JSC::SyntaxChecker::createUnaryPlus):
-        (JSC::SyntaxChecker::createVoid):
-        (JSC::SyntaxChecker::thisExpr):
-        (JSC::SyntaxChecker::createResolve):
-        (JSC::SyntaxChecker::createObjectLiteral):
-        (JSC::SyntaxChecker::createArray):
-        (JSC::SyntaxChecker::createNumberExpr):
-        (JSC::SyntaxChecker::createString):
-        (JSC::SyntaxChecker::createBoolean):
-        (JSC::SyntaxChecker::createNull):
-        (JSC::SyntaxChecker::createBracketAccess):
-        (JSC::SyntaxChecker::createDotAccess):
-        (JSC::SyntaxChecker::createRegex):
-        (JSC::SyntaxChecker::createNewExpr):
-        (JSC::SyntaxChecker::createConditionalExpr):
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createFunctionExpr):
-        (JSC::SyntaxChecker::createFunctionBody):
-        (JSC::SyntaxChecker::createArguments):
-        (JSC::SyntaxChecker::createArgumentsList):
-        (JSC::SyntaxChecker::createProperty):
-        (JSC::SyntaxChecker::createPropertyList):
-        (JSC::SyntaxChecker::createElementList):
-        (JSC::SyntaxChecker::createFormalParameterList):
-        (JSC::SyntaxChecker::createClause):
-        (JSC::SyntaxChecker::createClauseList):
-        (JSC::SyntaxChecker::setUsesArguments):
-        (JSC::SyntaxChecker::createFuncDeclStatement):
-        (JSC::SyntaxChecker::createBlockStatement):
-        (JSC::SyntaxChecker::createExprStatement):
-        (JSC::SyntaxChecker::createIfStatement):
-        (JSC::SyntaxChecker::createForLoop):
-        (JSC::SyntaxChecker::createForInLoop):
-        (JSC::SyntaxChecker::createEmptyStatement):
-        (JSC::SyntaxChecker::createVarStatement):
-        (JSC::SyntaxChecker::createReturnStatement):
-        (JSC::SyntaxChecker::createBreakStatement):
-        (JSC::SyntaxChecker::createContinueStatement):
-        (JSC::SyntaxChecker::createTryStatement):
-        (JSC::SyntaxChecker::createSwitchStatement):
-        (JSC::SyntaxChecker::createWhileStatement):
-        (JSC::SyntaxChecker::createWithStatement):
-        (JSC::SyntaxChecker::createDoWhileStatement):
-        (JSC::SyntaxChecker::createLabelStatement):
-        (JSC::SyntaxChecker::createThrowStatement):
-        (JSC::SyntaxChecker::createDebugger):
-        (JSC::SyntaxChecker::createConstStatement):
-        (JSC::SyntaxChecker::appendConstDecl):
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-        (JSC::SyntaxChecker::appendStatement):
-        (JSC::SyntaxChecker::addVar):
-        (JSC::SyntaxChecker::combineCommaNodes):
-        (JSC::SyntaxChecker::evalCount):
-        (JSC::SyntaxChecker::appendBinaryExpressionInfo):
-        (JSC::SyntaxChecker::operatorStackPop):
-        * runtime/JSGlobalData.h:
-        * wtf/Platform.h:
-        * wtf/ThreadSpecific.h:
-        (WTF::T):
-
-2010-06-23  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        Optimization of the QScriptValuePrivate.
-
-        Patch change only internals of the QScriptValuePrivate.
-        Most of the QScriptValuePrivate's attributes were moved
-        into an union.
-
-        [Qt] Optimization of the QScriptVAluePrivate.
-        https://bugs.webkit.org/show_bug.cgi?id=40415
-
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::globalObject):
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::):
-        (QScriptValuePrivate::~QScriptValuePrivate):
-        (QScriptValuePrivate::QScriptValuePrivate):
-        (QScriptValuePrivate::toString):
-        (QScriptValuePrivate::toNumber):
-        (QScriptValuePrivate::toBool):
-        (QScriptValuePrivate::toObject):
-        (QScriptValuePrivate::equals):
-        (QScriptValuePrivate::strictlyEquals):
-        (QScriptValuePrivate::assignEngine):
-        (QScriptValuePrivate::operator JSValueRef):
-        (QScriptValuePrivate::operator JSObjectRef):
-        (QScriptValuePrivate::refinedJSValue):
-
-2010-06-23  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Oliver Hunt.
-
-        [GTK] Implement ThreadSpecific with glib
-        https://bugs.webkit.org/show_bug.cgi?id=39829
-
-        Implement ThreadSpecific with glib's GStaticPrivate.
-        This patch makes it possible to build GTK port without pthread.
-
-        * wtf/ThreadSpecific.h:
-        (WTF::::ThreadSpecific):
-        (WTF::::~ThreadSpecific):
-        (WTF::::get):
-        (WTF::::set):
-        (WTF::::destroy):
-
-2010-06-23  Leandro Pereira  <leandro@profusion.mobi>
-
-        Unreviewed build fix.
-
-        * CMakeLists.txt: Add runtime/RegExpCache.cpp.
-
-2010-06-22  Renata Hodovan  <hodovan@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        Adding regular expression caching to JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=38142
-
-        The cache is based on Round Robin eviction policy, and
-        can cache at most 256 character long regular expressions,
-        and at most 256 of them. These values can be changed at compile time.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::regExpCache):
-        * runtime/RegExpCache.cpp: Added.
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        (JSC::RegExpCache::RegExpCache):
-        * runtime/RegExpCache.h: Added.
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpKey.h: Added.
-        (JSC::RegExpKey::RegExpKey):
-        (JSC::RegExpKey::getFlagsValue):
-        (WTF::operator==):
-        (WTF::):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-
-2010-06-22  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Add native call support for ARM and Thumb-2 JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=40231
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * wtf/Platform.h:
-
-2010-06-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make JSC more resilient in the face of parse failures
-        https://bugs.webkit.org/show_bug.cgi?id=40951
-
-        A number of recent bugs have occurred due to issues like miscounting
-        BOMs, etc which lead to interesting crashes later on.  Adding this
-        logic hardens JSC in the face of these errors, and has no impact on
-        performance (32bit jit actually gets 0.7% faster but I put that down
-        to cache effects).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileForConstruct):
-        (JSC::FunctionExecutable::generateJITCodeForCall):
-        (JSC::FunctionExecutable::generateJITCodeForConstruct):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::bytecodeForCall):
-        (JSC::FunctionExecutable::bytecodeForConstruct):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::numericCompareFunction):
-
-2010-06-21  John Sullivan  <sullivan@apple.com>
-
-        Reviewed by Adam Roben.
-
-        RetainPtr can't be used in HashMaps or HashSets
-        <https://bugs.webkit.org/show_bug.cgi?id=40938>
-        
-        Added hashing knowledge similar to that in COMPtr.h.
-
-        * wtf/RetainPtr.h:
-        (WTF::RetainPtr::RetainPtr):
-        New function, copied from COMPtr.h but for the type change.
-        (WTF::RetainPtr::isHashTableDeletedValue):
-        Ditto.
-        (WTF::RetainPtr::hashTableDeletedValue):
-        Ditto.
-        Added template code for HashTraits and PtrHash copied from COMPtr.h but for the type change.
-        The only difference is that constructDeletedValue() matches the RefPtr implementation (in HashTraits.h)
-        rather than the COMPtr implementation.
-
-2010-06-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Need to ensure that we grow the RegisterFile when creating a callframe for host code
-        https://bugs.webkit.org/show_bug.cgi?id=40858
-        <rdar://problem/8108986>
-
-        In the past the use of the callframe in hostcode was much more
-        limited.  Now that we expect the callframe to always be valid
-        we need to grow the RegisterFile so that this is actually the
-        case.  In this particular case the problem was failing to grow
-        the registerfile could lead to a callframe that extended beyond
-        RegisterFiler::end(), so vm re-entry would clobber the callframe
-        other scenarios could also lead to badness.
-
-        I was unable to construct a simple testcase to trigger badness,
-        and any such testcase would be so dependent on exact vm stack
-        layout that it would be unlikely to work as a testcase following
-        any callframe or register allocation changes anyway.
-
-        Thankfully the new assertion I added should help to catch these
-        failures in future, and triggers on a couple of tests currently.
-
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::registerFile):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::init):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-06-21  Satish Sampath  <satish@chromium.org>
-
-        Reviewed by Steve Block.
-
-        Speech Input Patch 0: Added compilation argument to conditionally compile pending patches.
-        https://bugs.webkit.org/show_bug.cgi?id=40878
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-06-21  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Kent Tamura.
-
-        [BREWMP] Use global new/delete operator overloading with USE_SYSTEM_MALLOC=1
-        https://bugs.webkit.org/show_bug.cgi?id=40653
-
-        Currently, other ports do not use global new/delete operator overloading
-        when USE_SYSTEM_MALLOC=1. Brew MP uses system malloc, but it needs to enable
-        "global fastMalloc new" because the default new/delete causes crash on device.
-        We need to replace them with Brew MP's MALLOC/FREE.
-
-        * wtf/FastMalloc.h:
-
-2010-06-18  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Work around a build problem with libjscore on Symbian.
-        https://bugs.webkit.org/show_bug.cgi?id=40840
-
-        Sbsv2 sometimes have problems with debug/release configuration
-        determination causing QtWebKit in release to try linking with the debug
-        JavaScriptCore static library. This patch limit the jscore/jscored
-        r58306 fix necessary for mac builds only to the mac platform to prevent the
-        different name problem.
-
-        The real fix would be to fix qmake or the toolchain, this patch might
-        help meanwhile.
-
-        * JavaScriptCore.pri:
-
-2010-06-21  Patrick Gansterer  <paroga@paroga.com>
-
-        Reviewed by Kent Tamura.
-
-        Buildfix after r61338.
-        https://bugs.webkit.org/show_bug.cgi?id=40888
-
-        roundUpAllocationSize is needed in RegisterFile.h.
-
-        * jit/ExecutableAllocator.h:
-
-2010-06-19  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Include <string.h> in StringExtras.h
-        https://bugs.webkit.org/show_bug.cgi?id=40808
-
-        Without string.h, RVCT 2.2 can't compile StringExtras.h.
-        It can't find strlen and strncmp.
-
-        * wtf/StringExtras.h:
-
-2010-06-19  Thiago Macieira <thiago.macieira@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Don't use __attribute__((may_alias)) with the Intel compiler,
-        as it doesn't understand it.
-
-        * wtf/Vector.h:
-
-2010-06-19  Thiago Macieira <thiago.macieira@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix compilation with the Intel C++ compiler (11.1.072).
-
-        Like RVCT, label pointers must be void*, not const void*.
-
-        * bytecode/Opcode.h:
-
-2010-06-19  Thiago Macieira <thiago.macieira@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Add the WTF_COMPILER_INTEL for when the Intel compiler is used
-        for building. Usually, the Intel compiler masquerades as
-        another compiler in the system and gets away with it, but some
-        times specific fixes are required (such as when using language
-        extensions).
-
-        * wtf/Platform.h:
-
-2010-06-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Incorrect handling of multiple BOMs scattered through a file.
-        https://bugs.webkit.org/show_bug.cgi?id=40865
-
-        When determining the offset of open and close braces in a source
-        with BOMs we were finishing our count early as we failed to account
-        for BOMs prior to the open/close brace positions effecting those
-        positions.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::sourceCode):
-
-2010-06-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Don't throw away exception information for functions that use exceptions
-        https://bugs.webkit.org/show_bug.cgi?id=40786
-
-        Simple patch to stop JSC from throwing away the exception information
-        of a function that uses "exceptiony" features like try and throw.  This
-        is a speed up for catching expressions but it's difficult to quantify as
-        the old cost of reparsing is amortised over all exceptions caught in the
-        effected function.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::reparseForExceptionInfoIfNecessary):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::emitCatch):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitThrow):
-
-2010-06-18  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add PlatformStrategies and PluginStrategy classes.
-        https://bugs.webkit.org/show_bug.cgi?id=40850
-
-        * wtf/Platform.h:
-
-2010-06-18  Leandro Pereira  <leandro@profusion.mobi>
-
-        [EFL] Unreviewed build fix.
-
-        * wtf/CMakeLists.txt: Add MD5.cpp.
-
-2010-06-17  Shu Chang  <chang.shu@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [Qt] Fix the link error on symbian with ENABLE_JIT=0.
-        1. Add "#if ENABLE(JIT)" in the header file;
-        2. Put feature enable/disable logic to a common.pri so
-        that both JavaScriptCore.pri and WebCore.pri can share.
-
-        https://bugs.webkit.org/show_bug.cgi?id=40780
-
-        * JavaScriptCore.pri:
-        * jit/ExecutableAllocator.h:
-
-2010-06-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Use adoptRef and create functions in more code paths
-        https://bugs.webkit.org/show_bug.cgi?id=40760
-
-        * API/JSClassRef.h: Removed unneeded include of RefCounted.h.
-        * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
-
-        * bytecode/CodeBlock.h:
-        (JSC::FunctionCodeBlock::FunctionCodeBlock): Use the
-        SharedSymbolTable::create function instead of calling new directly.
-
-        * runtime/SymbolTable.h: Added a create function to the SharedSymbolTable
-        class and made the constructor private.
-
-2010-06-17  Mark Brand  <mabrand@mabrand.nl>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] use "win32-g++*" scope to match all MinGW makespecs
-
-        The scope "win32-g++" comes from the name of the makespec. However, it
-        is frequently used to check for MinGW. This works fine as long as
-        win32-g++ is the only makespec for MinGW. Now we need the wildcard
-        to cover "win32-g++-cross" as well.
-
-        * JavaScriptCore.pro:
-
-2010-06-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by David Levin.
-
-        Deploy adoptRef in more places, including all HTML and MathML elements
-        https://bugs.webkit.org/show_bug.cgi?id=39941
-
-        * wtf/ThreadSafeShared.h: Made the constructor protected and removed the
-        unneeded support for initial reference counts other than 1.
-
-2010-06-16  Peter Varga  <pvarga@inf.u-szeged.hu>
-
-        Reviewed by Geoffrey Garen.
-
-        Store matchBegin directly in the array of output instead of the stack.
-        https://bugs.webkit.org/show_bug.cgi?id=38988
-
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateDisjunction):
-        (JSC::Yarr::RegexGenerator::generate):
-
-2010-06-15  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Make JavaScriptCore build with clang++.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutVirtualRegister):
-        Explicitly cast to an int.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::compileRegex):
-        Return 0 instead of false.
-
-2010-06-15  Adam Roben  <aroben@apple.com>
-
-        Make WebCore's and JavaScriptCore's DerivedSources available for debugging in production builds
-
-        Fixes <http://webkit.org/b/40626> <rdar://problem/8094205>.
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Copy the contents of
-        JavaScriptCore's DerivedSources directory to
-        AppleInternal/Sources/JavaScriptCore.
-
-2010-06-15  Gabor Loki  <loki@webkit.org>
-
-        Rubber-stamped by Eric Seidel.
-
-        Fix invalid access to non-static data member warning in JITPropertyAccess32_64 on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=40423
-
-        Using OBJECT_OFFSETOF macro instead of objectof to bypass access to
-        non-static data member warning.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2010-06-11  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Rename the rest of the *Tokenizer classes to *DocumentParser
-        https://bugs.webkit.org/show_bug.cgi?id=40507
-
-        * wtf/Platform.h:
-         - fixed a comment to match new names.
-
-2010-06-11  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Explicit conversions from QtScript types to JSC opaque types were removed.
-        https://bugs.webkit.org/show_bug.cgi?id=40412
-
-        Conversion between a JSC C types and a QtScript private types, takes
-        main part of the source code. In most cases a mapping between the types
-        is one to one. New cast operators were added to simplify the code.
-
-        The QScriptValuePrivate could be casted to the JSValueRef and the JSObjectRef.
-        The QScriptEnginePrivate could be casted to the JSGlobalContext.
-        The QScriptProgramPrivate could be casted to the JSStringRef.
-
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::evaluate):
-        (QScriptEnginePrivate::newObject):
-        (QScriptEnginePrivate::globalObject):
-        * qt/api/qscriptengine_p.h:
-        (QScriptEnginePrivate::operator JSGlobalContextRef):
-        * qt/api/qscriptprogram_p.h:
-        (QScriptProgramPrivate::operator JSStringRef):
-        * qt/api/qscriptsyntaxcheckresult.cpp:
-        (QScriptSyntaxCheckResultPrivate::~QScriptSyntaxCheckResultPrivate):
-        (QScriptSyntaxCheckResultPrivate::errorMessage):
-        (QScriptSyntaxCheckResultPrivate::errorLineNumber):
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::~QScriptValuePrivate):
-        (QScriptValuePrivate::QScriptValuePrivate):
-        (QScriptValuePrivate::isBool):
-        (QScriptValuePrivate::isNumber):
-        (QScriptValuePrivate::isNull):
-        (QScriptValuePrivate::isString):
-        (QScriptValuePrivate::isUndefined):
-        (QScriptValuePrivate::isFunction):
-        (QScriptValuePrivate::toString):
-        (QScriptValuePrivate::toNumber):
-        (QScriptValuePrivate::toBool):
-        (QScriptValuePrivate::toObject):
-        (QScriptValuePrivate::equals):
-        (QScriptValuePrivate::strictlyEquals):
-        (QScriptValuePrivate::instanceOf):
-        (QScriptValuePrivate::call):
-        (QScriptValuePrivate::operator JSValueRef):
-        (QScriptValuePrivate::operator JSObjectRef):
-        (QScriptValuePrivate::setValue):
-        (QScriptValuePrivate::inherits):
-        (QScriptValuePrivate::refinedJSValue):
-
-2010-05-31  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Implement the simple text code path.
-        https://bugs.webkit.org/show_bug.cgi?id=40077
-
-        Remove the FONT_FAST_PATH macro and use the Qt's
-        fast text implementation instead of the one of WebKit.
-
-        The Qt::TextBypassShaping flag is used to tell Qt to
-        only use the glyph advances.
-
-        Qt 4.7 is needed to get this flag thus the complex path is always
-        used if QtWebKit is compiled against an earlier version.
-
-        Contrary to the WebKit's implementation, the complex code path
-        is taken if the text is RightToLeft, justified or is formatted
-        with non-zero letter or word spacing.
-
-        * wtf/Platform.h:
-
-2010-06-11  Luiz Agostini  <luiz.agostini@openbossa.org>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        add codePointCompare to JavaScriptCore.exp
-        https://bugs.webkit.org/show_bug.cgi?id=40426
-
-        * JavaScriptCore.exp:
-
-2010-06-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Math Javascript Bug on Safari 5 (webkit 533.16) under "32bit" mode
-        https://bugs.webkit.org/show_bug.cgi?id=40367
-
-        If we're in the slow case of right shift we must write the type tag as
-        the only reason we hit this code path is because we know we're working
-        with a double.  eg. we are guaranteed that the tag cannot be reused.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitRightShiftSlowCase):
-
-2010-06-10  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        Remove weakRandomNumber
-        https://bugs.webkit.org/show_bug.cgi?id=40291
-
-        weakRandomNumber is used nowhere. Currently, WeakRandom is used instead.
-
-        * wtf/RandomNumber.cpp:
-        * wtf/RandomNumber.h:
-
-2010-06-09  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Brady Eidson.
-
-        Export StringImpl::ascii(). It might be not very useful, but it's a public function.
-
-        * JavaScriptCore.exp:
-
-2010-06-09  Leandro Pereira  <leandro@profusion.mobi>
-
-        Reviewed by Adam Treat.
-
-        [EFL] Allow building core libraries as shared objects to speed up
-        linking time on machines with small amounts of memory.
-        http://webkit.org/b/39899
-
-        * CMakeLists.txt: If building with shared core, install the lib.
-        * jsc/CMakeListsEfl.txt: Needs Glib and Ecore to link dynamically.
-        * wtf/CMakeLists.txt: If building with shared core, install the lib.
-
-2010-06-09  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by David Levin.
-
-        Remove some unused variable warnings from JITOpcodes
-        https://bugs.webkit.org/show_bug.cgi?id=40298
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-
-2010-05-18  Yuzo Fujishima  <yuzo@google.com>
-
-        Reviewed by Shinichiro Hamaji.
-
-        Fix for Bug 34529 -  [CSSOM] issues with cssText and selectorText
-        Add U16_LENGTH that is needed to implement CSS character serialization.
-        https://bugs.webkit.org/show_bug.cgi?id=34529
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        * wtf/unicode/wince/UnicodeWince.h:
-
-2010-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r60830.
-        http://trac.webkit.org/changeset/60830
-        https://bugs.webkit.org/show_bug.cgi?id=40305
-
-        Broke the Windows build (Requested by abarth on #webkit).
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * wtf/OwnPtrCommon.h:
-        * wtf/brew/OwnPtrBrew.h: Removed.
-        * wtf/win/OwnPtrWin.h: Removed.
-
-2010-06-08  MORITA Hajime  <morrita@google.com>
-
-        Unreviewed. An attempt to fix test break.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-06-08  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Adam Barth.
-
-        Change OwnPtrCommon to include platform-specific headers
-        https://bugs.webkit.org/show_bug.cgi?id=40279
-
-        Adding new type to OwnPtrCommon needlessly causes all ports to do full rebuilds.
-        Change OwnPtrCommon to include platform-specific headers to avoid all ports rebuilds.
-
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * wtf/OwnPtrCommon.h:
-        * wtf/brew/OwnPtrBrew.h: Added.
-        * wtf/win/OwnPtrWin.h: Added.
-
-2010-06-07  MORITA Hajime  <morrita@google.com>
-        
-        Reviewed by Kent Tamura.
-
-        https://bugs.webkit.org/show_bug.cgi?id=40219
-        [Mac] ENABLE_METER_TAG should be enabled
-        
-        Added ENABLE_METER_TAG.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-06-07  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Add more types to OwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=39667
-
-        Add ISSL and ISocket to the list of OwnPtr-ed type.
-
-        * wtf/OwnPtrCommon.h:
-        * wtf/brew/OwnPtrBrew.cpp:
-        (WTF::deleteOwnedPtr):
-
-2010-06-07  Benjamin Poulain  <benjamin.poulain@nokia.com>
-
-        Reviewed by Simon Hausmann.
-
-        [Qt] Crash when compiling on Snow Leopard and running on Leopard
-        https://bugs.webkit.org/show_bug.cgi?id=31403
-
-        Disable the use of pthread_setname_np and other symbols
-        when targetting Leopard.
-
-        Use the defines TARGETING_XX instead of BUILDING_ON_XX 
-        for features that cannot be used before Snow Leopard.
-
-        * wtf/Platform.h:
-
-2010-06-07  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by NOBODY (JSVALUE32_64 build fix).
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-
-2010-06-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix pt 2).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-06-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix pt 1).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-06-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 40214 - Clean up error construction / throwing in JSC.
-        
-        The one egregious insanity here is that creating an error requires
-        a VM-entry-esqe-host call (the string argument is wrapped as a JS
-        object & pushed on the RegisterFile, then unwrapped back to a
-        UString).  Changing this also means you only require a global
-        object, not an ExecState, to create an error.
-
-        The methods to create error objects are also parameterized
-        requiring a switch on the type, which can be made cleaner and
-        faster by moving to a separate method per error type.  Code to add
-        divot information to error had been duplicated, and is coalesced
-        back into a single function.
-
-        Convenience methods added to create & throw type & syntax error
-        with a default error message, since this is a common case.
-
-        Also, errors are currently thrown either using
-        "throwError(exec, error)" or "exec->setException(error)" - unify
-        on the former, since this is more commonly used.  Add
-        "throwVMError(exec, error)" equivalents, as a convenience for
-        cases where the result was being wrapped in "JSValue::encode(...)".
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::construct):
-        (JSC::::hasInstance):
-        (JSC::::call):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        (JSC::::staticValueGetter):
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeError):
-        * JavaScriptCore.exp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitNewError):
-        (JSC::BytecodeGenerator::emitThrowExpressionTooDeepException):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ThrowableExpressionData::emitThrowError):
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::PostfixErrorNode::emitBytecode):
-        (JSC::PrefixErrorNode::emitBytecode):
-        (JSC::AssignErrorNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        * interpreter/CallFrame.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (functionRun):
-        (functionLoad):
-        (functionCheckSyntax):
-        * parser/Nodes.h:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetMilliSeconds):
-        (JSC::dateProtoFuncSetUTCMilliseconds):
-        (JSC::dateProtoFuncSetSeconds):
-        (JSC::dateProtoFuncSetUTCSeconds):
-        (JSC::dateProtoFuncSetMinutes):
-        (JSC::dateProtoFuncSetUTCMinutes):
-        (JSC::dateProtoFuncSetHours):
-        (JSC::dateProtoFuncSetUTCHours):
-        (JSC::dateProtoFuncSetDate):
-        (JSC::dateProtoFuncSetUTCDate):
-        (JSC::dateProtoFuncSetMonth):
-        (JSC::dateProtoFuncSetUTCMonth):
-        (JSC::dateProtoFuncSetFullYear):
-        (JSC::dateProtoFuncSetUTCFullYear):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        (JSC::dateProtoFuncToJSON):
-        * runtime/Error.cpp:
-        (JSC::createError):
-        (JSC::createEvalError):
-        (JSC::createRangeError):
-        (JSC::createReferenceError):
-        (JSC::createSyntaxError):
-        (JSC::createTypeError):
-        (JSC::createURIError):
-        (JSC::addErrorSourceInfo):
-        (JSC::addErrorDivotInfo):
-        (JSC::addErrorInfo):
-        (JSC::hasErrorInfo):
-        (JSC::throwError):
-        (JSC::throwTypeError):
-        (JSC::throwSyntaxError):
-        * runtime/Error.h:
-        (JSC::throwVMError):
-        (JSC::throwVMTypeError):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::constructWithErrorConstructor):
-        (JSC::callErrorConstructor):
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        (JSC::ErrorInstance::create):
-        * runtime/ErrorInstance.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createStackOverflowError):
-        (JSC::createUndefinedVariableError):
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAFunctionError):
-        (JSC::createNotAnObjectError):
-        (JSC::throwOutOfMemoryError):
-        * runtime/ExceptionHelpers.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compile):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compile):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::from):
-        * runtime/Identifier.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::put):
-        * runtime/JSFunction.cpp:
-        (JSC::callHostFunctionAsConstructor):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendStringifiedValue):
-        (JSC::Walker::walk):
-        (JSC::JSONProtoFuncParse):
-        (JSC::JSONProtoFuncStringify):
-        * runtime/JSObject.cpp:
-        (JSC::throwSetterError):
-        (JSC::JSObject::put):
-        (JSC::JSObject::putWithAttributes):
-        (JSC::JSObject::defaultValue):
-        (JSC::JSObject::hasInstance):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toObjectSlowCase):
-        (JSC::JSValue::synthesizeObject):
-        (JSC::JSValue::synthesizePrototype):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::constructWithNativeErrorConstructor):
-        (JSC::callNativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetPrototypeOf):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        (JSC::toPropertyDescriptor):
-        (JSC::objectConstructorDefineProperty):
-        (JSC::objectConstructorDefineProperties):
-        (JSC::objectConstructorCreate):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncToString):
-
-2010-06-05  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Eric Seidel.
-
-        [BREWMP] Add PLATFORM(BREWMP) guard for using std::xxx
-        https://bugs.webkit.org/show_bug.cgi?id=39710
-
-        Build fix for BREW MP.
-
-        * wtf/MathExtras.h:
-
-2010-06-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        HTML5 parser should be within 1% of old parser performance
-        https://bugs.webkit.org/show_bug.cgi?id=40172
-
-        Fix cast in this operator= to allow for assignment between vectors with
-        different inline capacities (as clearly intended by its author).
-
-        * wtf/Vector.h:
-        (WTF::::operator):
-
-2010-06-04  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        New QtScript API; QScriptValue::instanceOf.
-
-        New function create an easy way to check value's prototype hierarchy.
-
-        [Qt] QScriptValue should have an instanceOf method
-        https://bugs.webkit.org/show_bug.cgi?id=40120
-
-        * qt/api/qscriptvalue.cpp:
-        (QScriptValue::instanceOf):
-        * qt/api/qscriptvalue.h:
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::instanceOf):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp:
-        (tst_QScriptValue::instanceOf_initData):
-        (tst_QScriptValue::instanceOf_makeData):
-        (tst_QScriptValue::instanceOf_test):
-
-2010-06-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (interpreter build fix).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-06-04  Mark Rowe  <mrowe@apple.com>
-
-        Silence some warnings seen on the build bot.
-
-        * JavaScriptCore.JSVALUE32_64only.exp: Add a trailing newline.
-        * JavaScriptCore.JSVALUE32only.exp: Ditto.
-        * JavaScriptCore.JSVALUE64only.exp: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Remove the .exp files from all targets so that Xcode doesn't
-        complain about not knowing how to compile them.
-
-2010-06-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 40187 - Change function signature of NativeConstructor to match NativeFunction
-
-        Mostly for consistency, but constructor & args arguments are redundant,
-        and this will help if we wish to be able to JIT calls to more constructors.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::construct):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::executeConstruct):
-        * interpreter/Interpreter.h:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructWithArrayConstructor):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructWithBooleanConstructor):
-        * runtime/ConstructData.cpp:
-        (JSC::construct):
-        * runtime/ConstructData.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::constructWithDateConstructor):
-        * runtime/Error.cpp:
-        (JSC::constructNativeError):
-        (JSC::Error::create):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::constructWithErrorConstructor):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructWithFunctionConstructor):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::constructWithNativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::errorStructure):
-        * runtime/NumberConstructor.cpp:
-        (JSC::constructWithNumberConstructor):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructWithObjectConstructor):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructWithRegExpConstructor):
-        * runtime/StringConstructor.cpp:
-        (JSC::constructWithStringConstructor):
-
-2010-06-04  Tony Gentilcore  <tonyg@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Add a takeFirst() method to Deque and use it where appropriate.
-        https://bugs.webkit.org/show_bug.cgi?id=40089
-
-        * wtf/Deque.h:
-        (WTF::::takeFirst):
-        * wtf/MainThread.cpp:
-        (WTF::dispatchFunctionsFromMainThread):
-        * wtf/MessageQueue.h:
-        (WTF::::tryGetMessage):
-
-2010-06-04  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Remove a QEXPECT_FAIL flag from an autotest.
-
-        Test tst_QScriptEngine::globalObject pass after 36600 bug
-        fix have been applied.
-
-        [Qt] Expected fail in the tst_QScriptEngine::globalObject should be removed.
-        https://bugs.webkit.org/show_bug.cgi?id=40114
-
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::globalObject):
-
-2010-06-04  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix QScriptValue::equals.
-
-        Handling for a few edge cases were added. Now comparison between
-        NaN, an invalid objects should works as supposed.
-
-        [Qt] QScriptValue::equals problems
-        https://bugs.webkit.org/show_bug.cgi?id=40110
-
-        * qt/api/qscriptvalue.cpp:
-        (QScriptValue::equals):
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::equals):
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp:
-        (tst_QScriptValue::equals_initData):
-        (tst_QScriptValue::equals_makeData):
-        (tst_QScriptValue::equals_test):
-
-2010-06-03  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        New states in QScriptValuePrivate.
-
-        The CSpecial state was divided into CNull and CUndefined. It simplify
-        the QScriptValue code by avoiding a few "cast" and "if".
-        Moreover the MSVS compiler didn't like casting between a double and an
-        enum which is avoided now.
-
-        [Qt] The QScriptValuePrivate::CSpecial is too generic.
-        https://bugs.webkit.org/show_bug.cgi?id=40067
-
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::):
-        (QScriptValuePrivate::QScriptValuePrivate):
-        (QScriptValuePrivate::isNull):
-        (QScriptValuePrivate::isUndefined):
-        (QScriptValuePrivate::toString):
-        (QScriptValuePrivate::toNumber):
-        (QScriptValuePrivate::toBool):
-        (QScriptValuePrivate::toObject):
-        (QScriptValuePrivate::assignEngine):
-        (QScriptValuePrivate::isNumberBased):
-
-2010-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Qt build fix).
-
-        * wtf/Platform.h:
-
-2010-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Bug 40150 - ENABLE_JIT_OPTIMIZE_NATIVE_CALL on all x86/x86_64 platforms
-        This was fixed in bug #40094.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/Platform.h:
-
-2010-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (Interpreter build fix).
-
-        * JavaScriptCore.JSVALUE32_64only.exp:
-        * JavaScriptCore.JSVALUE32only.exp:
-        * JavaScriptCore.JSVALUE64only.exp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix II).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (windows build fix).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-06-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 40094 - The return type of NativeFunction should be EncodedJSValue
-        On Windows & Linux, using JSVALUE32_64, EncodedJSValue is returned in registers, but JSValue is not.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::call):
-        * JavaScriptCore.exp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::executeCall):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionGC):
-        (functionVersion):
-        (functionRun):
-        (functionLoad):
-        (functionCheckSyntax):
-        (functionSetSamplingFlags):
-        (functionClearSamplingFlags):
-        (functionReadline):
-        (functionQuit):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::callArrayConstructor):
-        (JSC::arrayConstructorIsArray):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::callBooleanConstructor):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/CallData.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        (JSC::dateParse):
-        (JSC::dateNow):
-        (JSC::dateUTC):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::dateProtoFuncSetMilliSeconds):
-        (JSC::dateProtoFuncSetUTCMilliseconds):
-        (JSC::dateProtoFuncSetSeconds):
-        (JSC::dateProtoFuncSetUTCSeconds):
-        (JSC::dateProtoFuncSetMinutes):
-        (JSC::dateProtoFuncSetUTCMinutes):
-        (JSC::dateProtoFuncSetHours):
-        (JSC::dateProtoFuncSetUTCHours):
-        (JSC::dateProtoFuncSetDate):
-        (JSC::dateProtoFuncSetUTCDate):
-        (JSC::dateProtoFuncSetMonth):
-        (JSC::dateProtoFuncSetUTCMonth):
-        (JSC::dateProtoFuncSetFullYear):
-        (JSC::dateProtoFuncSetUTCFullYear):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        (JSC::dateProtoFuncToJSON):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::callErrorConstructor):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::callFunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::callFunctionPrototype):
-        (JSC::functionProtoFuncToString):
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/JSCell.h:
-        (JSC::getCallData):
-        (JSC::getConstructData):
-        * runtime/JSFunction.cpp:
-        (JSC::callHostFunctionAsConstructor):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncIsNaN):
-        (JSC::globalFuncIsFinite):
-        (JSC::globalFuncDecodeURI):
-        (JSC::globalFuncDecodeURIComponent):
-        (JSC::globalFuncEncodeURI):
-        (JSC::globalFuncEncodeURIComponent):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        (JSC::JSONProtoFuncStringify):
-        * runtime/JSObject.cpp:
-        (JSC::callDefaultValueFunction):
-        * runtime/JSValue.h:
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRandom):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::callNativeErrorConstructor):
-        * runtime/NumberConstructor.cpp:
-        (JSC::callNumberConstructor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::callObjectConstructor):
-        (JSC::objectConstructorGetPrototypeOf):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        (JSC::toPropertyDescriptor):
-        (JSC::objectConstructorDefineProperty):
-        (JSC::objectConstructorDefineProperties):
-        (JSC::objectConstructorCreate):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncValueOf):
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        (JSC::objectProtoFuncToLocaleString):
-        (JSC::objectProtoFuncToString):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::callRegExpConstructor):
-        * runtime/RegExpObject.cpp:
-        (JSC::callRegExpObject):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCode):
-        (JSC::callStringConstructor):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToString):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        (JSC::stringProtoFuncTrim):
-        (JSC::stringProtoFuncTrimLeft):
-        (JSC::stringProtoFuncTrimRight):
-
-2010-06-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add value-representation specific sections to the mac export file.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * DerivedSources.make:
-        * JavaScriptCore.JSVALUE32_64only.exp: Added.
-        * JavaScriptCore.JSVALUE32only.exp: Added.
-        * JavaScriptCore.JSVALUE64only.exp: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-06-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        <rdar://problem/8054988> Work around an LLVM GCC code generation bug that results in crashes inside PCRE.
-
-        * pcre/pcre_exec.cpp:
-        (repeatInformationFromInstructionOffset): Change the type of instructionOffset to int.  There's no good
-        reason for it to be a short, and using int prevents this code from triggering the LLVM GCC bug.
-
-2010-06-02  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Fix the QScriptValue::strictlyEquals function.
-
-        Handling for a few edge cases was added.
-
-        New autotest that covers the QScriptValue::strictlyEquals function.
-
-        [Qt] QScriptValue::strictlyEquals is broken
-        https://bugs.webkit.org/show_bug.cgi?id=36600
-
-        * qt/api/qscriptvalue.cpp:
-        (QScriptValue::strictlyEquals):
-        * qt/api/qscriptvalue_p.h:
-        (QScriptValuePrivate::strictlyEquals):
-        * qt/tests/qscriptvalue/qscriptvalue.pro:
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h:
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Added.
-        (tst_QScriptValue::strictlyEquals_initData):
-        (tst_QScriptValue::strictlyEquals_makeData):
-        (tst_QScriptValue::strictlyEquals_test):
-
-2010-06-02  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        New function QScriptEngine::newObject.
-
-        The function creates a object of class Object and returns it
-        as a QScriptValue.
-
-        [Qt] QScriptEngine API should contain a newObject function
-        https://bugs.webkit.org/show_bug.cgi?id=39114
-
-        * qt/api/qscriptengine.cpp:
-        (QScriptEngine::newObject):
-        * qt/api/qscriptengine.h:
-        * qt/api/qscriptengine_p.cpp:
-        (QScriptEnginePrivate::newObject):
-        * qt/api/qscriptengine_p.h:
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp:
-        (tst_QScriptEngine::newObject):
-
-2010-06-02  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-        https://bugs.webkit.org/show_bug.cgi?id=40011
-
-        Thumb-2 build fix: The offset parameter of ldrh should be encoded as an
-        imm12 immediate constant in load16. If it is not fit in the instruction
-        a temporary register has to be used.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load16):
-
-2010-06-02  Sterling Swigart  <sswigart@google.com>
-
-        Reviewed by David Levin.
-
-        Image Resizer Patch 0: Added compilation argument to conditionally compile pending patches.
-        https://bugs.webkit.org/show_bug.cgi?id=39906
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-06-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 40021 - Refactor bytecode generation for calls so that register for this & args are allocated together
-
-        This is a useful stepping stone towards reversing argument order.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addParameter):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallEval):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::CallArguments::thisRegister):
-        (JSC::CallArguments::argumentRegister):
-        (JSC::CallArguments::callFrame):
-        (JSC::CallArguments::count):
-        (JSC::BytecodeGenerator::shouldEmitProfileHooks):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::NewExprNode::emitBytecode):
-        (JSC::CallArguments::CallArguments):
-        (JSC::EvalFunctionCallNode::emitBytecode):
-        (JSC::FunctionCallValueNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::FunctionCallBracketNode::emitBytecode):
-        (JSC::FunctionCallDotNode::emitBytecode):
-        (JSC::CallFunctionCallDotNode::emitBytecode):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-
-2010-06-01  Yong Li  <yoli@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Explicitly use PTHREAD_MUTEX_NORMAL to create pthread mutex.
-        https://bugs.webkit.org/show_bug.cgi?id=39893
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::Mutex::Mutex):
-
-2010-06-01  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] Use DEFINE_STATIC_LOCAL for threadMapMutex and threadMap
-        https://bugs.webkit.org/show_bug.cgi?id=39831
-
-        Use DEFINE_STATIC_LOCAL for static local variables.
-
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::threadMapMutex):
-        (WTF::threadMap):
-        (WTF::identifierByGthreadHandle):
-
-2010-06-01  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Shinichiro Hamaji.
-
-        Fix style errors of dtoa
-        https://bugs.webkit.org/show_bug.cgi?id=39972
-
-        Fix all errors reported by check-webkit-style.
-
-        * wtf/dtoa.cpp:
-        * wtf/dtoa.h:
-
-2010-05-30  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        * wtf/OwnArrayPtr.h:
-        (WTF::OwnArrayPtr::set): Fix the assertion in here to match the one in OwnPtr.
-        At some point someone fixed the "asserts when assigning to 0 and the pointer is
-        already 0" issue in OwnPtr but forgot to do it here.
-
-2010-05-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Updated exported symbols.
-        
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Disabled ENABLE_JIT_OPTIMIZE_NATIVE_CALL on Windows for now, until I
-        can figure out why it's crashing.
-
-        * wtf/Platform.h:
-
-2010-05-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed Windows crash seen on buildbot.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall): __fastcall puts the first
-        argument in ecx.
-
-2010-05-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Updated exported symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Qt build fix: disable a little more stuff when JIT_OPTIMIZE_NATIVE_CALL
-        is disabled.
-
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        * wtf/Platform.h:
-
-2010-05-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: Updated exported symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2010-05-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig, Gavin Barraclough, Oliver Hunt.
-
-        Simplified the host calling convention.
-        
-        22.5% speedup on 32-bit host function calls. 9.5% speedup on 64-bit host
-        function calls.
-        
-        No change on SunSpider.
-        
-        All JS calls (but not constructs, yet) now go through the normal JS
-        calling convention via the RegisterFile. As a result, the host calling
-        convention, which used to be this
-
-            JSValue (JSC_HOST_CALL *NativeFunction)(ExecState*, JSObject*, JSValue thisValue, const ArgList&)
-            
-        is now this
-
-            JSValue (JSC_HOST_CALL *NativeFunction)(ExecState*)
-            
-        Callee, 'this', and argument access all hapen relative to the ExecState*,
-        which is a pointer into the RegisterFile.
-        
-        This patch comes in two parts.
-        
-        PART ONE: Functional code changes.
-        
-        * wtf/Platform.h: Disabled optimized calls on platforms I didn't test.
-        We can re-enable once we verify that host calls on these platforms are
-        correct.
-
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        (JSC::DebuggerCallFrame::calculatedFunctionName): Updated for change to
-        ExecState::callee().
-
-        (JSC::DebuggerCallFrame::thisObject): Updated for removal of ExecState::thisValue().
-
-        * interpreter/CallFrame.cpp:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::callee):
-        (JSC::ExecState::scopeChain):
-        (JSC::ExecState::init): Changed callee() to be JSObject* instead of
-        JSFunction* -- now, it might be some other callable host object.
-
-        (JSC::ExecState::hostThisRegister):
-        (JSC::ExecState::hostThisValue):
-        (JSC::ExecState::argumentCount):
-        (JSC::ExecState::argumentCountIncludingThis):
-        (JSC::ExecState::argument):
-        (JSC::ExecState::setArgumentCountIncludingThis):
-        (JSC::ExecState::setCallee): Added convenient accessors for arguments
-        from within a host function. Removed thisValue() because it was too
-        tempting to use incorrectly, and it only had one or two clients, anyway.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval): Updated for removal of ExecState::thisValue().
-
-        (JSC::Interpreter::throwException): Be sure to shrink the register file
-        before invoking the exception handler, to reduce the chances that the
-        handler will re-throw in the case of stack overflow. (Re-throwing is now
-        more likely than it used to be, since standardizing the calling convention
-        implicitly added stack overflow checks to some places where they used to be missing.)
-
-        (JSC::Interpreter::execute): Clarified the scope of DynamicGlobalObjectScope.
-        Updated for CallFrame::init API change.
-
-        (JSC::Interpreter::executeCall): Clarified scope of DynamicGlobalObjectScope.
-        Updated for CallFrame::init API change. Added support for calling a host
-        function.
-
-        (JSC::Interpreter::executeConstruct): Clarified scope of DynamicGlobalObjectScope.
-        Updated for CallFrame::init API change. 
-
-        (JSC::Interpreter::prepareForRepeatCall): Updated for CallFrame::init API change. 
-
-        (JSC::Interpreter::privateExecute): Updated for CallFrame::init API change.
-        Added some explicit JSValue(JSObject*) initialization, since relaxing
-        the JSFunction* restriction on callee has made register types more ambiguous.
-        Removed toThisObject() conversion, since all callees do it themselves now.
-        Updated host function call for new host function signature. Updated for
-        change to ExecState::argumentCount() API.
-
-        * interpreter/Register.h:
-        (JSC::Register::):
-        (JSC::Register::operator=):
-        (JSC::Register::function): Changed callee() to be JSObject* instead of
-        JSFunction* -- now, it might be some other callable host object.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall): Deleted a bunch of code that
-        set up the arguments to host functions -- all but one of the arguments
-        are gone now. This is the actual optimization.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Updated for ExecState and Register API
-        changes noted above. Removed toThisObject() conversion, since all callees
-        do it themselves now.
-        
-        * runtime/ArgList.h:
-        (JSC::ArgList::ArgList): ArgList is getting close to unused. Added a
-        temporary shim for converting from ExecState* to ArgList where it's still
-        necessary.
-
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-        (JSC::Arguments::Arguments): Updated for ExecState and Register API
-        changes noted above. 
-
-        * runtime/CallData.cpp:
-        (JSC::call): Changed call always to call Interpreter::executeCall, even
-        for host functions. This ensures that the normal calling convention is
-        set up in the RegsiterFile when calling from C++ to host function.
-
-        * runtime/CallData.h: Changed host function signature as described above.
-
-        * runtime/ConstructData.cpp:
-        (JSC::construct): Moved JSFunction::construct code here so I could nix
-        JSFunction::call and JSFunction::call. We want a JSFunction-agnostic
-        way to call and construct, so that everything works naturally for non-
-        JSFunction objects. 
-
-        * runtime/JSFunction.cpp:
-        (JSC::callHostFunctionAsConstructor):
-        * runtime/JSFunction.h: Updated for ExecState and Register API changes
-        noted above. Nixed JSFunction::call and JSFunction::construct, noted above.
- 
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init): Ditto.
-
-        PART TWO: Global search and replace.
-        
-        In the areas below, I used global search-and-replace to change
-            (ExecState*, JSObject*, JSValue, const ArgList&) => (ExecState*)
-            args.size() => exec->argumentCount()
-            args.at(i) => exec->argument(i)
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::call):
-        * JavaScriptCore.exp:
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionGC):
-        (functionVersion):
-        (functionRun):
-        (functionLoad):
-        (functionCheckSyntax):
-        (functionSetSamplingFlags):
-        (functionClearSamplingFlags):
-        (functionReadline):
-        (functionQuit):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::callArrayConstructor):
-        (JSC::arrayConstructorIsArray):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::callBooleanConstructor):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString):
-        (JSC::booleanProtoFuncValueOf):
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        (JSC::dateParse):
-        (JSC::dateNow):
-        (JSC::dateUTC):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::fillStructuresUsingTimeArgs):
-        (JSC::fillStructuresUsingDateArgs):
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToLocaleString):
-        (JSC::dateProtoFuncToLocaleDateString):
-        (JSC::dateProtoFuncToLocaleTimeString):
-        (JSC::dateProtoFuncGetTime):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncToGMTString):
-        (JSC::dateProtoFuncGetMonth):
-        (JSC::dateProtoFuncGetUTCMonth):
-        (JSC::dateProtoFuncGetDate):
-        (JSC::dateProtoFuncGetUTCDate):
-        (JSC::dateProtoFuncGetDay):
-        (JSC::dateProtoFuncGetUTCDay):
-        (JSC::dateProtoFuncGetHours):
-        (JSC::dateProtoFuncGetUTCHours):
-        (JSC::dateProtoFuncGetMinutes):
-        (JSC::dateProtoFuncGetUTCMinutes):
-        (JSC::dateProtoFuncGetSeconds):
-        (JSC::dateProtoFuncGetUTCSeconds):
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::dateProtoFuncGetTimezoneOffset):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetMilliSeconds):
-        (JSC::dateProtoFuncSetUTCMilliseconds):
-        (JSC::dateProtoFuncSetSeconds):
-        (JSC::dateProtoFuncSetUTCSeconds):
-        (JSC::dateProtoFuncSetMinutes):
-        (JSC::dateProtoFuncSetUTCMinutes):
-        (JSC::dateProtoFuncSetHours):
-        (JSC::dateProtoFuncSetUTCHours):
-        (JSC::dateProtoFuncSetDate):
-        (JSC::dateProtoFuncSetUTCDate):
-        (JSC::dateProtoFuncSetMonth):
-        (JSC::dateProtoFuncSetUTCMonth):
-        (JSC::dateProtoFuncSetFullYear):
-        (JSC::dateProtoFuncSetUTCFullYear):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncGetYear):
-        (JSC::dateProtoFuncToJSON):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::callErrorConstructor):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::callFunctionConstructor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::callFunctionPrototype):
-        (JSC::functionProtoFuncToString):
-        (JSC::functionProtoFuncApply):
-        (JSC::functionProtoFuncCall):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncIsNaN):
-        (JSC::globalFuncIsFinite):
-        (JSC::globalFuncDecodeURI):
-        (JSC::globalFuncDecodeURIComponent):
-        (JSC::globalFuncEncodeURI):
-        (JSC::globalFuncEncodeURIComponent):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape):
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        (JSC::JSONProtoFuncStringify):
-        * runtime/JSString.h:
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncAbs):
-        (JSC::mathProtoFuncACos):
-        (JSC::mathProtoFuncASin):
-        (JSC::mathProtoFuncATan):
-        (JSC::mathProtoFuncATan2):
-        (JSC::mathProtoFuncCeil):
-        (JSC::mathProtoFuncCos):
-        (JSC::mathProtoFuncExp):
-        (JSC::mathProtoFuncFloor):
-        (JSC::mathProtoFuncLog):
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        (JSC::mathProtoFuncRandom):
-        (JSC::mathProtoFuncRound):
-        (JSC::mathProtoFuncSin):
-        (JSC::mathProtoFuncSqrt):
-        (JSC::mathProtoFuncTan):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::callNativeErrorConstructor):
-        * runtime/NumberConstructor.cpp:
-        (JSC::callNumberConstructor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::callObjectConstructor):
-        (JSC::objectConstructorGetPrototypeOf):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        (JSC::objectConstructorDefineProperty):
-        (JSC::objectConstructorDefineProperties):
-        (JSC::objectConstructorCreate):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncValueOf):
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        (JSC::objectProtoFuncToLocaleString):
-        (JSC::objectProtoFuncToString):
-        * runtime/ObjectPrototype.h:
-        * runtime/Operations.h:
-        (JSC::jsString):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::callRegExpConstructor):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::test):
-        (JSC::RegExpObject::exec):
-        (JSC::callRegExpObject):
-        (JSC::RegExpObject::match):
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCodeSlowCase):
-        (JSC::stringFromCharCode):
-        (JSC::callStringConstructor):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncToString):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        (JSC::stringProtoFuncTrim):
-        (JSC::stringProtoFuncTrimLeft):
-        (JSC::stringProtoFuncTrimRight):
-
-2010-05-28  Jedrzej Nowacki  <jedrzej.nowacki@nokia.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix the JSObjectSetPrototype function.
-
-        A cycle in a prototype chain can cause an application hang or
-        even crash.
-        A check for a prototype chain cycles was added to
-        the JSObjectSetPrototype.
-
-        JSObjectSetPrototype doesn't check for cycle in prototype chain.
-        https://bugs.webkit.org/show_bug.cgi?id=39360
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetPrototype):
-        * API/tests/testapi.c:
-        (assertTrue):
-        (checkForCycleInPrototypeChain):
-        (main):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/JSObject.h:
-        (JSC::JSObject::setPrototypeWithCycleCheck):
-
-2010-05-28  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Eric Seidel.
-
-        Fix MIPS JIT DoubleGreaterThanOrEqual Operands
-        https://bugs.webkit.org/show_bug.cgi?id=39504
-
-        Swapped two operands of left and right for DoubleGreaterThanOrEqual.
-        This patch fixed two layout tests as follows.
-        fast/js/comparison-operators-greater.html
-        fast/js/comparison-operators-less.html
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branchDouble):
-
-2010-05-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Move jit compilation from linking thunks into cti_vm_lazyLink methods.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2010-05-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 39898 - Move arity check into callee.
-        
-        We can reduce the size of the virtual call trampolines by moving the arity check
-        into the callee functions.  As a following step we will be able to remove the
-        check for native function / codeblocks by performing translation in a lazy stub.
-        
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::init):
-        (JSC::ExecState::setReturnPC):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::linkConstruct):
-        * jit/JIT.h:
-        (JSC::JIT::compile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::generateJITCodeForCall):
-        (JSC::FunctionExecutable::generateJITCodeForConstruct):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::FunctionExecutable::generatedJITCodeForCallWithArityCheck):
-        (JSC::FunctionExecutable::generatedJITCodeForConstructWithArityCheck):
-
-2010-05-27  Luiz Agostini  <luiz.agostini@openbossa.org>
-
-        Reviewed by Darin Adler.
-
-        UTF-16 code points compare() for String objects
-        https://bugs.webkit.org/show_bug.cgi?id=39701
-
-        Moving compare() implementation from UString to StringImpl for it to be shared
-        with String. Adding overloaded free functions codePointCompare() in StringImpl
-        and WTFString. Renaming function compare in UString to codePointCompare to be
-        consistent.
-
-        * runtime/JSArray.cpp:
-        (JSC::compareByStringPairForQSort):
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-        (JSC::codePointCompare):
-        * wtf/text/StringImpl.cpp:
-        (WebCore::codePointCompare):
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.cpp:
-        (WebCore::codePointCompare):
-        * wtf/text/WTFString.h:
-
-2010-05-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kent Tamura.
-
-        Null characters handled incorrectly in ToNumber conversion
-        https://bugs.webkit.org/show_bug.cgi?id=38088
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt): Changed code to use UTF8String().data() instead of
-        ascii() to fix the thread safety issue. Code path is covered by existing
-        tests in run-javascriptcore-tests.
-        (JSC::parseFloat): Moved comment to UString::toDouble since the issue
-        affects all clients, not just parseFloat. Specifically, this also affects
-        standard JavaScript numeric conversion, ToNumber.
-
-        * runtime/UString.cpp:
-        (JSC::UString::toDouble): Added a comment about incorrect space skipping.
-        Changed trailing junk check to use the length of the CString instead of
-        checking for a null character. Also got rid of a little unneeded logic
-        in the case where we tolerate trailing junk.
-
-2010-05-27  Nathan Lawrence  <nlawrence@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Search for the new allocation one word at a time.  Improves
-        performance on SunSpider by approximately 1%.
-        http://bugs.webkit.org/show_bug.cgi?id=39758
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::allocate):
-        * runtime/Collector.h:
-        (JSC::CollectorBitmap::advanceToNextPossibleFreeCell):
-
-2010-05-27  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fixes for Windows after recent changes.
-
-        * wscript:
-
-2010-05-27  Gustavo Noronha Silva  <gns@gnome.org>
-
-        More build fixage for make dist.
-
-        * GNUmakefile.am:
-
-2010-05-27  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        RVCT does not have strnstr.
-        https://bugs.webkit.org/show_bug.cgi?id=39719
-
-        Add COMPILER(RVCT) guard to strnstr in StringExtras.h as RVCT does not provide strnstr.
-
-        * wtf/StringExtras.h:
-
-2010-05-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 39795 - Add support for YARR JIT generation of greedy quantified parens at the end of the main disjunction.
-        (relanding r60267)
-
-        If the last item in a main disjunction is a quantified set of parentheses,
-        this is easier to code generate for than the general case for quantified
-        parentheses. This is because we never need to backtrack into the parentheses
-        - the first match will be the final and accepted match.
-
-        This patch also somewhat reverts a recent change to when fallback to PCRE
-        occurs. At the minute the compiler is tracking on patterns which will
-        require JIT fallback. This is handy from a performance perspective (it saves
-        the failed attempt at JIT compilation), but it means introducing knowledge
-        of the JITs capabilities into the other layers of the regex compilers. For
-        the specific feature of back-references, add a flag tracking their presence
-        on the pattern, and make these expressions fallback without attempting to
-        JIT. For parentheses, return to detecting which cases are have or have not
-        been handled during JIT compilation.
-
-        18% progression on tagcloud, ~1.5% overall on sunspidey.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isLastTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isMainDisjunction):
-        (JSC::Yarr::RegexGenerator::generateParenthesesGreedyNoBacktrack):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::RegexGenerator::RegexGenerator):
-        (JSC::Yarr::RegexGenerator::shouldFallBack):
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-
-2010-05-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (revert).
-
-        Temporarily rolling out r60267, I appear to have hoesed perf at the last minute. :-/ Fixing.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::TermGenerationState::term):
-        (JSC::Yarr::RegexGenerator::generateParenthesesSingle):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::RegexGenerator::RegexGenerator):
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-
-2010-05-26  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Build fixes for make distcheck.
-
-        * GNUmakefile.am:
-
-2010-05-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 39795 - Add support for YARR JIT generation of greedy quantified parens at the end of the main disjunction.
-
-        If the last item in a main disjunction is a quantified set of parentheses,
-        this is easier to code generate for than the general case for quantified
-        parentheses. This is because we never need to backtrack into the parentheses
-        - the first match will be the final and accepted match.
-
-        This patch also somewhat reverts a recent change to when fallback to PCRE
-        occurs. At the minute the compiler is tracking on patterns which will
-        require JIT fallback. This is handy from a performance perspective (it saves
-        the failed attempt at JIT compilation), but it means introducing knowledge
-        of the JITs capabilities into the other layers of the regex compilers. For
-        the specific feature of back-references, add a flag tracking their presence
-        on the pattern, and make these expressions fallback without attempting to
-        JIT. For parentheses, return to detecting which cases are have or have not
-        been handled during JIT compilation.
-
-        18% progression on tagcloud, ~1.5% overall on sunspidey.
-
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isLastTerm):
-        (JSC::Yarr::RegexGenerator::TermGenerationState::isMainDisjunction):
-        (JSC::Yarr::RegexGenerator::generateParenthesesGreedyNoBacktrack):
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::RegexGenerator::RegexGenerator):
-        (JSC::Yarr::RegexGenerator::shouldFallBack):
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-
-2010-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fixed a crash seen on the Leopard bot, caused by merge.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Get the return address from the callframe,
-        since it's no longer passed to us as an argument.
-
-2010-05-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed build failure caused by merge.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): On error, return a single value, since this
-        function no longer returns a pair.
-
-2010-05-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/8020221>
-        
-        Fixed a crash seen on Windows when calling a function with too many
-        arguments.
-        
-        SunSpider reports no change.
-        
-        No test because the ASSERT I added fires in existing tests.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Make sure to grow the registerFile when too
-        many arguments have been provided, since the caller only allocated enough
-        registerFile space for the arguments it provided, not enough for the extra
-        copy of arguments we're going to need.
-
-2010-05-25  Kwang Yul Seo  <skyul@company100.net>
-
-        Reviewed by Darin Adler.
-
-        Build fix for JSFunction
-        https://bugs.webkit.org/show_bug.cgi?id=39658
-
-        MSVC can't compile one of JSFunction constructors when JIT is disabled.
-        "PassRefPtr<NativeExecutable>" causes the compile error as NativeExecutable is not defined. 
-        Add ENABLE(JIT) guard to the constructor.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSFunction.h:
-
-2010-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 39643 - Clean up code generation in the JIT of stub function calls for op_call.
-
-        Presently, as soon as op-call strays off the hot path we set up a set of values on
-        the stack to be passed as arguments to cti functions, in case any should be called.
-
-        Instead, hoist the setup of the callframe to happen slightly sooner, and make the
-        cti functions to compile & check arity read these values from the callframe. This
-        allows up to remove the deprecated methods to manually set up cti arguments, rather
-        than using JITStubCall.h.
-
-        * interpreter/CallFrame.h:
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC::):
-
-2010-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-        Relanding r60075.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::getByIdExceptionInfoForBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitGetByIdExceptionInfo):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emit_op_get_callee):
-        (JSC::JIT::emit_op_create_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_callee):
-        (JSC::JIT::emit_op_create_this):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiNativeConstruct):
-        (JSC::):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createNotAnObjectError):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::NativeExecutable):
-        * runtime/JSFunction.cpp:
-        (JSC::callHostFunctionAsConstructor):
-        * runtime/JSFunction.h:
-        * wtf/Platform.h:
-
-== Rolled over to ChangeLog-2010-05-24 ==

diff --git a/ChangeLog-2012-05-22 b/ChangeLog-2012-05-22
deleted file mode 100644 (file)
index 2b3dee1..0000000
--- a/ChangeLog-2012-05-22
+++ /dev/null
@@ -1,70902 +0,0 @@
-2012-05-22  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] getPlatformThreadRegisters() should fetch target thread's registers
-        https://bugs.webkit.org/show_bug.cgi?id=87148
-
-        Reviewed by George Staikos.
-
-        Our previous implementation of getPlatformThreadRegisters() read registers in current
-        thread's context but it is supposed to read the target thread's registers.
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::getPlatformThreadRegisters):
-
-2012-05-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should support reflective arguments access
-        https://bugs.webkit.org/show_bug.cgi?id=85721
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r116345 from dfgopt.
-        
-        This adds support for op_create_arguments to the DFG. No other arguments-related
-        opcodes are added by this change, though it does add a lot of the scaffolding
-        necessary for the other ops.
-        
-        This also adds GetByVal/PutByVal optimizations for Arguments.
-        
-        Finally, this rationalizes slowPathCall with no return. Previously, that would
-        work via callOperation() overloads that took InvalidGPRReg as the return GPR.
-        But that creates awful ambiguity, since we had template functions that were
-        polymorphic over all parameters except the second, which was a GPRReg, and a
-        bunch of non-template overloads that also potentially had GPRReg as the second
-        argument. I finally started to hit this ambiguity and was getting absolutely
-        bizarre compiler errors, that made me feel like I was programming in SML. So,
-        I changed the no-argument overloads to take NoResultTag instead, which made
-        everything sensible again by eliminating the overload ambiguity.
-        
-        This is a ~7% speed-up on V8/earley and neutral elsewhere.
-
-        * bytecode/PredictedType.h:
-        (JSC::isArgumentsPrediction):
-        (JSC):
-        (JSC::isActionableMutableArrayPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGCommon.h:
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::unmodifiedArgumentsRegister):
-        (Node):
-        (JSC::DFG::Node::shouldSpeculateArguments):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::pickCanTrample):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Arguments.h:
-        (ArgumentsData):
-        (Arguments):
-        (JSC::Arguments::offsetOfData):
-
-2011-05-21  Geoffrey Garen  <ggaren@apple.com>
-
-        GC allocation trigger should be tuned to system RAM
-        https://bugs.webkit.org/show_bug.cgi?id=87039
-
-        Reviewed by Darin Adler.
-
-        This helps avoid OOM crashes on small platforms, and helps avoid "too much GC"
-        performance issues on big platforms.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (Heap): GC balances between a fixed minimum and a proportional multiplier,
-        which are limited based on system RAM.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::createContextGroup):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::createLeaked):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData): Renamed HeapSize to HeapType because the exact size is
-        influenced by the heap type, but not determined by it.
-
-2012-05-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Disable private names by default in WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=87088
-
-        Reviewed by Geoff Garen.
-
-        r117859 introduced a preliminary implementation of ES6-like private name objects to JSC.
-        These are probably not yet ready to be web-facing, so disabling by default in WebCore.
-        Opting-in for JSC & DumpRenderTree so that we can still run the fast/js/names.html test.
-
-        * jsc.cpp:
-        (GlobalObject):
-        (GlobalObject::javaScriptExperimentsEnabled):
-            - Implemented new trap to opt-in to private names support.
-        * runtime/JSGlobalObject.cpp:
-        (JSC):
-        (JSC::JSGlobalObject::reset):
-            - Only add the Name property to the global object if experiments are enabled.
-        * runtime/JSGlobalObject.h:
-        (GlobalObjectMethodTable):
-            - Added new trap to enabled experiments.
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::finishCreation):
-            - Set the global object's m_experimentsEnabled state on construction.
-        (JSC::JSGlobalObject::javaScriptExperimentsEnabled):
-            - Defaults to off.
-
-2012-05-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Truncating multiplication on integers should not OSR exit every time
-        https://bugs.webkit.org/show_bug.cgi?id=85752
-
-        Reviewed by Gavin Barraclough.
-        
-        Merge r116264 from dfgopt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::mulShouldSpeculateInteger):
-        (Graph):
-        (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileArithMul):
-
-2012-05-21  Csaba Osztrogonác  <ossy@webkit.org>
-
-        DFG should be able to compute dominators
-        https://bugs.webkit.org/show_bug.cgi?id=85269
-
-        Unreviewed trivial 32 bit buildfix after r117861.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-
-2012-05-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to compute dominators
-        https://bugs.webkit.org/show_bug.cgi?id=85269
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r115754 from dfgopt.
-        
-        Implements a naive dominator calculator, which is currently just used to
-        print information in graph dumps. I've enabled it by default mainly to
-        be able to track its performance impact. So far it appears that there is
-        none, which is unsurprising given that the number of basic blocks in most
-        procedures is small.
-        
-        Also tweaked bytecode dumping to reveal more useful information about the
-        nature of the code block.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * dfg/DFGDominators.cpp: Added.
-        (DFG):
-        (JSC::DFG::Dominators::Dominators):
-        (JSC::DFG::Dominators::~Dominators):
-        (JSC::DFG::Dominators::compute):
-        (JSC::DFG::Dominators::iterateForBlock):
-        * dfg/DFGDominators.h: Added.
-        (DFG):
-        (Dominators):
-        (JSC::DFG::Dominators::invalidate):
-        (JSC::DFG::Dominators::computeIfNecessary):
-        (JSC::DFG::Dominators::isValid):
-        (JSC::DFG::Dominators::dominates):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (Graph):
-
-2012-05-21  Michael Saboff  <msaboff@apple.com>
-
-        Cleanup of Calls to operationStrCat and operationNewArray and Use Constructor after r117729
-        https://bugs.webkit.org/show_bug.cgi?id=87027
-
-        Reviewed by Oliver Hunt.
-
-        Change calls to operationStrCat and operationNewArray to provide the
-        pointer to the EncodedJSValue* data buffer instead of the ScratchBuffer
-        that contains it.  Added a ScratchBuffer::create() function.
-        This is a clean-up to r117729.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSGlobalData.h:
-        (JSC::ScratchBuffer::create):
-        (JSC::ScratchBuffer::dataBuffer):
-        (JSC::JSGlobalData::scratchBufferForSize):
-
-2012-05-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Add support for private names
-        https://bugs.webkit.org/show_bug.cgi?id=86509
-
-        Reviewed by Oliver Hunt.
-
-        The spec isn't final, but we can start adding support to allow property maps
-        to contain keys that aren't identifiers.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::getStaticValue):
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-            - Only expose public named properties over the JSC API.
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pri:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-            - Added new files to build system.
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationPutByValInternal):
-            - Added support for property access with name objects.
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::privateNamePrototypeTable):
-            - Added hash table for NamePrototype
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-            - Added support for property access with name objects.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Added support for property access with name objects.
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::getByVal):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::opIn):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-            - Added support for property access with name objects.
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-            - Added hash table for NamePrototype
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::privateNameStructure):
-        (JSC::JSGlobalObject::symbolTableHasProperty):
-            - Added new global properties.
-        * runtime/JSType.h:
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::isName):
-            - Added type for NameInstances, for fast isName check.
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::deleteProperty):
-        (JSC::JSVariableObject::symbolTableGet):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::symbolTableGet):
-        (JSC::JSVariableObject::symbolTablePut):
-        (JSC::JSVariableObject::symbolTablePutWithAttributes):
-            - symbol table lookup should take a PropertyName.
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::HashTable::entry):
-            - entry lookup should take a PropertyName.
-        * runtime/NameConstructor.cpp: Added.
-        (JSC):
-        (JSC::NameConstructor::NameConstructor):
-        (JSC::NameConstructor::finishCreation):
-        (JSC::constructPrivateName):
-        (JSC::NameConstructor::getConstructData):
-        (JSC::NameConstructor::getCallData):
-        * runtime/NameConstructor.h: Added.
-        (JSC):
-        (NameConstructor):
-        (JSC::NameConstructor::create):
-        (JSC::NameConstructor::createStructure):
-            - Added constructor.
-        * runtime/NameInstance.cpp: Added.
-        (JSC):
-        (JSC::NameInstance::NameInstance):
-        (JSC::NameInstance::destroy):
-        * runtime/NameInstance.h: Added.
-        (JSC):
-        (NameInstance):
-        (JSC::NameInstance::createStructure):
-        (JSC::NameInstance::create):
-        (JSC::NameInstance::privateName):
-        (JSC::NameInstance::nameString):
-        (JSC::NameInstance::finishCreation):
-        (JSC::isName):
-            - Added instance.
-        * runtime/NamePrototype.cpp: Added.
-        (JSC):
-        (JSC::NamePrototype::NamePrototype):
-        (JSC::NamePrototype::finishCreation):
-        (JSC::NamePrototype::getOwnPropertySlot):
-        (JSC::NamePrototype::getOwnPropertyDescriptor):
-        (JSC::privateNameProtoFuncToString):
-        * runtime/NamePrototype.h: Added.
-        (JSC):
-        (NamePrototype):
-        (JSC::NamePrototype::create):
-        (JSC::NamePrototype::createStructure):
-            - Added prototype.
-        * runtime/PrivateName.h: Added.
-        (JSC):
-        (PrivateName):
-        (JSC::PrivateName::PrivateName):
-        (JSC::PrivateName::uid):
-            - A private name object holds a StringImpl that can be used as a unique key in a property map.
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::find):
-        (JSC::PropertyTable::findWithString):
-            - Strings should only match keys in the table that are identifiers.
-        * runtime/PropertyName.h:
-        (JSC::PropertyName::PropertyName):
-        (PropertyName):
-        (JSC::PropertyName::uid):
-        (JSC::PropertyName::publicName):
-        (JSC::PropertyName::asIndex):
-        (JSC::operator==):
-        (JSC::operator!=):
-            - replaced impl() & ustring() with uid() [to get the raw impl] and publicName() [impl or null, if not an identifier].
-        * runtime/Structure.cpp:
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::remove):
-        (JSC::Structure::getPropertyNamesFromStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-            - call uid() to get a PropertyName raw impl, for use as a key.
-
-2012-04-30  Filip Pizlo  <fpizlo@apple.com>
-
-        Bytecode dumps should contain data about the state of get_by_id caches
-        https://bugs.webkit.org/show_bug.cgi?id=85246
-
-        Reviewed by Gavin Barraclough.
-        
-        Merge r115694 from dfgopt.
-        
-        Changed the DFG bytecode parser (and the code that calls it) to be able
-        to call codeBlock->dump() on the code blocks being parsed.
-        
-        Changed bytecode dumping to be able to print the state of get_by_id
-        caches inline with the bytecode.
-        
-        Removed the old StructureStubInfo dumping code, which no longer worked
-        right, and was incapable of telling us information about chain and list
-        accesses.
-        
-        This change does not add dumping for put_by_id caches. We can add that
-        at a later time.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::dumpStructure):
-        (JSC):
-        (JSC::dumpChain):
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::printGlobalResolveInfo):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::visitStructures):
-        (JSC::ProgramCodeBlock::jitCompileImpl):
-        (JSC::EvalCodeBlock::jitCompileImpl):
-        (JSC::FunctionCodeBlock::jitCompileImpl):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::jitCompile):
-        (ProgramCodeBlock):
-        (EvalCodeBlock):
-        (FunctionCodeBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        (JSC::DFG::parse):
-        * dfg/DFGByteCodeParser.h:
-        (DFG):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGDriver.h:
-        (DFG):
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::jitCompile):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::jitCompile):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::jitCompileForCall):
-        (JSC::FunctionExecutable::jitCompileForConstruct):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (EvalExecutable):
-        (ProgramExecutable):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::jitCompileFor):
-        * runtime/ExecutionHarness.h:
-        (JSC::prepareForExecution):
-        (JSC::prepareFunctionForExecution):
-
-2012-05-21  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header files.
-
-2012-05-21  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
-
-        GCC 4.7 and C++11
-        https://bugs.webkit.org/show_bug.cgi?id=86465
-
-        Reviewed by Darin Adler.
-
-        Set emptyValueIsZero flag so RegExpKey can be used with the non-copyable RegExp values.
-
-        * runtime/RegExpKey.h:
-
-2012-05-20  Michael Saboff  <msaboff@apple.com>
-
-        JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection
-        https://bugs.webkit.org/show_bug.cgi?id=86553
-
-        Reviewed by Gavin Barraclough.
-
-        Scratch buffers can contain the only reference to live objects.
-        Therefore visit scratch buffer contents as conservative roots.
-        Changed the scratch buffers to be a struct with an "active"
-        length and the actual buffer.  The users of the scratch
-        buffer emit code where needed to set and clear the active
-        length as appropriate.  During marking, the active count is
-        used for conservative marking.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::gatherConservativeRoots):
-        * runtime/JSGlobalData.h:
-        (JSC::ScratchBuffer::ScratchBuffer):
-        (ScratchBuffer):
-        (JSC::ScratchBuffer::allocationSize):
-        (JSC::ScratchBuffer::setActiveLength):
-        (JSC::ScratchBuffer::activeLength):
-        (JSC::ScratchBuffer::activeLengthPtr):
-        (JSC::ScratchBuffer::dataBuffer):
-        (JSGlobalData):
-        (JSC::JSGlobalData::scratchBufferForSize):
-
-2012-05-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Predicted types should know about arguments
-        https://bugs.webkit.org/show_bug.cgi?id=85165
-
-        Reviewed by Oliver Hunt.
-        
-        Merge r115604 from dfgopt.
-
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionToAbbreviatedString):
-        (JSC::predictionFromClassInfo):
-        * bytecode/PredictedType.h:
-        (JSC):
-        (JSC::isMyArgumentsPrediction):
-        (JSC::isArgumentsPrediction):
-
-2012-05-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Bytecompiler should emit trivially fewer jumps in loops
-        https://bugs.webkit.org/show_bug.cgi?id=85144
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r115587 from dfgopt.
-        
-        1-2% across the board win.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-
-2012-05-19  Vivek Galatage  <vivekgalatage@gmail.com>
-
-        Windows build broken due to changes in the http://trac.webkit.org/changeset/117646
-        https://bugs.webkit.org/show_bug.cgi?id=86939
-
-        The changeset 117646 changed the JSString::toBoolean signature. This
-        change is for fixing the windows build break.
-
-        Reviewed by Ryosuke Niwa.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-05-18  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(117646): fast/canvas/webgl/glsl-conformance.html is crashing in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=86929
-
-        Reviewed by Oliver Hunt.
-        
-        The problem was that if CFG simplification saw a Branch with identical successors,
-        it would always perform a basic block merge. But that's wrong if the successor has
-        other predecessors.
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-
-2012-05-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFG simplification crashes if it's trying to remove an unreachable block
-        that has an already-killed-off unreachable successor
-        https://bugs.webkit.org/show_bug.cgi?id=86918
-
-        Reviewed by Oliver Hunt.
-        
-        This fixes crashes in:
-        inspector/styles/styles-computed-trace.html
-        inspector/console/console-big-array.html
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::fixPhis):
-
-2012-05-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have control flow graph simplification
-        https://bugs.webkit.org/show_bug.cgi?id=84553
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r115512 from dfgopt.
-
-        This change gives the DFG the ability to simplify the control flow graph
-        as part of an optimization fixpoint that includes CSE, CFA, and constant
-        folding. This required a number of interesting changes including:
-        
-        - Solidifying the set of invariants that the DFG obeys. For example, the
-          head and tail of each basic block must advertise the set of live locals
-          and the set of available locals, respectively. It must do so by
-          referring to the first access to the local in the block (for head) and
-          the last one (for tail). This patch introduces the start of a
-          validation step that may be turned on even with asserts disabled. To
-          ensure that these invariants are preserved, I had to remove the
-          redundant phi elimination phase. For now I just remove the call, but in
-          the future we will probably remove it entirely unless we find a use for
-          it.
-        
-        - Making it easier to get the boolean version of a JSValue. This is a
-          pure operation, but we previously did not treat it as such.
-        
-        - Fixing the merging and filtering of AbstractValues that correspond to
-          concrete JSValues. This was previously broken and was limiting the
-          effect of running constant folding. Fixing this meant that I had to
-          change how constant folding eliminates GetLocal nodes, so as to ensure
-          that the resulting graph still obeys DFG rules.
-        
-        - Introducing simplified getters for some of the things that DFG phases
-          want to know about, like the Nth child of a node (now just
-          graph.child(...) if you don't care about performance too much) or
-          getting successors of a basic block.
-        
-        The current CFG simplifier can handle almost all of the cases that it
-        ought to handle; the noteworthy one that is not yet handled is removing
-        basic blocks that just have jumps. To do this right we need to be able
-        to remove jump-only blocks that also perform keep-alive on some values.
-        To make this work, we need to be able to hoist the keep-alive into (or
-        just above) a Branch. This is not fundamentally difficult but I opted to
-        let this patch omit this optimization. We can handle this later.
-        
-        This is a big win on programs that include inline functions that are
-        often called with constant arguments. Of course, SunSpider, V8, and
-        Kraken don't count. Those benchmarks are completely neutral with this
-        change.
-
-        * API/JSValueRef.cpp:
-        (JSValueToBoolean):
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
-        * bytecode/Operands.h:
-        (JSC::Operands::setOperandFirstTime):
-        (Operands):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::isClear):
-        (JSC::DFG::AbstractValue::operator!=):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::validateIgnoringValue):
-        (AbstractValue):
-        * dfg/DFGAdjacencyList.h:
-        (JSC::DFG::AdjacencyList::child):
-        (JSC::DFG::AdjacencyList::setChild):
-        (AdjacencyList):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::~BasicBlock):
-        (BasicBlock):
-        (JSC::DFG::BasicBlock::numNodes):
-        (JSC::DFG::BasicBlock::nodeIndex):
-        (JSC::DFG::BasicBlock::isPhiIndex):
-        (JSC::DFG::BasicBlock::isInPhis):
-        (JSC::DFG::BasicBlock::isInBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::run):
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        (JSC::DFG::performCFA):
-        * dfg/DFGCFAPhase.h:
-        (DFG):
-        * dfg/DFGCFGSimplificationPhase.cpp: Added.
-        (DFG):
-        (CFGSimplificationPhase):
-        (JSC::DFG::CFGSimplificationPhase::CFGSimplificationPhase):
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::killUnreachable):
-        (JSC::DFG::CFGSimplificationPhase::findOperandSource):
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
-        (JSC::DFG::CFGSimplificationPhase::fixPhis):
-        (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
-        (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
-        (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
-        (OperandSubstitution):
-        (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
-        (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        (JSC::DFG::performCFGSimplification):
-        * dfg/DFGCFGSimplificationPhase.h: Added.
-        (DFG):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::run):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::impureCSE):
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-        (JSC::DFG::performCSE):
-        * dfg/DFGCSEPhase.h:
-        (DFG):
-        * dfg/DFGCommon.h:
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-        (JSC::DFG::performConstantFolding):
-        * dfg/DFGConstantFoldingPhase.h:
-        (DFG):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGEdge.h:
-        (Edge):
-        (JSC::DFG::Edge::operator UnspecifiedBoolType*):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::run):
-        (JSC::DFG::FixupPhase::fixupBlock):
-        (JSC::DFG::performFixup):
-        * dfg/DFGFixupPhase.h:
-        (DFG):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::handleSuccessor):
-        (DFG):
-        (JSC::DFG::Graph::determineReachability):
-        (JSC::DFG::Graph::resetReachability):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::deref):
-        (JSC::DFG::Graph::changeIndex):
-        (Graph):
-        (JSC::DFG::Graph::changeEdge):
-        (JSC::DFG::Graph::numSuccessors):
-        (JSC::DFG::Graph::successor):
-        (JSC::DFG::Graph::successorForCondition):
-        (JSC::DFG::Graph::isPredictedNumerical):
-        (JSC::DFG::Graph::byValIsPure):
-        (JSC::DFG::Graph::clobbersWorld):
-        (JSC::DFG::Graph::numChildren):
-        (JSC::DFG::Graph::child):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToConstant):
-        (JSC::DFG::Node::numSuccessors):
-        (Node):
-        (JSC::DFG::Node::successor):
-        (JSC::DFG::Node::successorForCondition):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGPhase.cpp:
-        (JSC::DFG::Phase::endPhase):
-        * dfg/DFGPhase.h:
-        (JSC::DFG::runPhase):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::run):
-        (JSC::DFG::performPredictionPropagation):
-        * dfg/DFGPredictionPropagationPhase.h:
-        (DFG):
-        * dfg/DFGRedundantPhiEliminationPhase.cpp:
-        (JSC::DFG::RedundantPhiEliminationPhase::run):
-        (JSC::DFG::performRedundantPhiElimination):
-        * dfg/DFGRedundantPhiEliminationPhase.h:
-        (DFG):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::use):
-        (ScoreBoard):
-        (JSC::DFG::ScoreBoard::useIfHasResult):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::createOSREntries):
-        (JSC::DFG::SpeculativeJIT::linkOSREntries):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        (JSC::DFG::SpeculativeJIT::compileRegExpExec):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::nextBlock):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::use):
-        (JSC::DFG::SpeculativeJIT::jump):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGValidate.cpp: Added.
-        (DFG):
-        (Validate):
-        (JSC::DFG::Validate::Validate):
-        (JSC::DFG::Validate::validate):
-        (JSC::DFG::Validate::reportValidationContext):
-        (JSC::DFG::Validate::dumpData):
-        (JSC::DFG::Validate::dumpGraphIfAppropriate):
-        (JSC::DFG::validate):
-        * dfg/DFGValidate.h: Added.
-        (DFG):
-        (JSC::DFG::validate):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-        (JSC::DFG::performVirtualRegisterAllocation):
-        * dfg/DFGVirtualRegisterAllocationPhase.h:
-        (DFG):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncSome):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSObject.cpp:
-        (JSC):
-        * runtime/JSObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::toBoolean):
-        * runtime/JSString.h:
-        (JSString):
-        (JSC::JSCell::toBoolean):
-        (JSC::JSValue::toBoolean):
-        * runtime/JSValue.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::toPropertyDescriptor):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorMultiline):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-
-2012-05-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
-
-2012-04-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have constant propagation
-        https://bugs.webkit.org/show_bug.cgi?id=84004
-
-        Reviewed by Gavin Barraclough.
-        
-        Merge r114554 from dfgopt.
-        
-        Changes AbstractValue to be able to hold a "set" of constants, where
-        the maximum set size is 1 - so merging a value containing constant A
-        with another value containing constant B where A != B will result in
-        the AbstractValue claiming that it does not know any constants (i.e.
-        it'll just have a predicted type and possible a structure).
-        
-        Added a constant folding phase that uses this new information to
-        replace pure operations known to have constant results with
-        JSConstants. This is OSR-exit-aware, in that it will prepend a Phantom
-        that refers to all of the kids of the node we replaced.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::clear):
-        (JSC::DFG::AbstractValue::isClear):
-        (JSC::DFG::AbstractValue::makeTop):
-        (JSC::DFG::AbstractValue::clobberValue):
-        (AbstractValue):
-        (JSC::DFG::AbstractValue::valueIsTop):
-        (JSC::DFG::AbstractValue::value):
-        (JSC::DFG::AbstractValue::set):
-        (JSC::DFG::AbstractValue::operator==):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::validate):
-        (JSC::DFG::AbstractValue::checkConsistency):
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGAdjacencyList.h:
-        (JSC::DFG::AdjacencyList::initialize):
-        (AdjacencyList):
-        (JSC::DFG::AdjacencyList::reset):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::constantCSE):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGConstantFoldingPhase.cpp: Added.
-        (DFG):
-        (ConstantFoldingPhase):
-        (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
-        (JSC::DFG::ConstantFoldingPhase::run):
-        (JSC::DFG::performConstantFolding):
-        * dfg/DFGConstantFoldingPhase.h: Added.
-        (DFG):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.h:
-        (Graph):
-        (JSC::DFG::Graph::convertToConstant):
-        * dfg/DFGInsertionSet.h:
-        (JSC::DFG::InsertionSet::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToConstant):
-        (Node):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/JSValue.h:
-        (JSValue):
-
-2012-05-18  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Fix build for Qt by using ASSERT_UNUSED in DFGSpeculativeJIT
-        https://bugs.webkit.org/show_bug.cgi?id=86902
-
-        Reviewed by Andreas Kling.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
-
-2012-04-16  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have out-of-line slow paths
-        https://bugs.webkit.org/show_bug.cgi?id=83992
-
-        Reviewed by Oliver Hunt.
-        
-        Merge of r114472 and r114553 from dfgopt.
-        
-        Introduces the notion of slow path code generation closures in the DFG.
-        These are defined in DFGSlowPathGenerator.h, though they are fairly
-        extensible so DFGSpeculativeJIT64.cpp and DFGSpeculativeJIT32_64.cpp
-        define a couple special-purpose ones. A slow path generation closure
-        (DFG::SlowPathGenerator) is executed after the main speculative path is
-        generated. This makes them great for scheduling slow path code out of
-        the way of the hot paths.
-        
-        This patch also converts most - but not all - of the DFG to use slow
-        path generators instead of inline slow paths.
-        
-        The result is a sub-1% improvement on SunSpider and V8, and a miniscule
-        regression on Kraken.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
-        (TrustedImmPtr):
-        (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
-        (TrustedImm32):
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGCommon.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (DFG):
-        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
-        (PropertyAccessRecord):
-        (JITCompiler):
-        * dfg/DFGSilentRegisterSavePlan.h: Added.
-        (DFG):
-        (SilentRegisterSavePlan):
-        (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
-        (JSC::DFG::SilentRegisterSavePlan::spillAction):
-        (JSC::DFG::SilentRegisterSavePlan::fillAction):
-        (JSC::DFG::SilentRegisterSavePlan::nodeIndex):
-        (JSC::DFG::SilentRegisterSavePlan::gpr):
-        (JSC::DFG::SilentRegisterSavePlan::fpr):
-        * dfg/DFGSlowPathGenerator.h: Added.
-        (DFG):
-        (SlowPathGenerator):
-        (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
-        (JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
-        (JSC::DFG::SlowPathGenerator::generate):
-        (JSC::DFG::SlowPathGenerator::label):
-        (JSC::DFG::SlowPathGenerator::call):
-        (JumpingSlowPathGenerator):
-        (JSC::DFG::JumpingSlowPathGenerator::JumpingSlowPathGenerator):
-        (JSC::DFG::JumpingSlowPathGenerator::linkFrom):
-        (JSC::DFG::JumpingSlowPathGenerator::jumpTo):
-        (CallSlowPathGenerator):
-        (JSC::DFG::CallSlowPathGenerator::CallSlowPathGenerator):
-        (JSC::DFG::CallSlowPathGenerator::call):
-        (JSC::DFG::CallSlowPathGenerator::setUp):
-        (JSC::DFG::CallSlowPathGenerator::recordCall):
-        (JSC::DFG::CallSlowPathGenerator::tearDown):
-        (CallResultAndNoArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::CallResultAndNoArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::generateInternal):
-        (CallResultAndOneArgumentSlowPathGenerator):
-        (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::CallResultAndOneArgumentSlowPathGenerator):
-        (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::generateInternal):
-        (CallResultAndTwoArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::CallResultAndTwoArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::generateInternal):
-        (CallResultAndThreeArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::CallResultAndThreeArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::generateInternal):
-        (CallResultAndFourArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::CallResultAndFourArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::generateInternal):
-        (CallResultAndFiveArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::CallResultAndFiveArgumentsSlowPathGenerator):
-        (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::generateInternal):
-        (JSC::DFG::slowPathCall):
-        (AssigningSlowPathGenerator):
-        (JSC::DFG::AssigningSlowPathGenerator::AssigningSlowPathGenerator):
-        (JSC::DFG::AssigningSlowPathGenerator::generateInternal):
-        (JSC::DFG::slowPathMove):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::~SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::addSlowPathGenerator):
-        (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (DFG):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
-        (JSC::DFG::SpeculativeJIT::silentSpill):
-        (JSC::DFG::SpeculativeJIT::silentFill):
-        (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
-        (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
-        (JSC::DFG::SpeculativeJIT::pickCanTrample):
-        (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (ValueToNumberSlowPathGenerator):
-        (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator):
-        (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (CompareAndBoxBooleanSlowPathGenerator):
-        (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
-        (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (ValueToNumberSlowPathGenerator):
-        (JSC::DFG::ValueToNumberSlowPathGenerator::ValueToNumberSlowPathGenerator):
-        (JSC::DFG::ValueToNumberSlowPathGenerator::generateInternal):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (CompareAndBoxBooleanSlowPathGenerator):
-        (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
-        (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::generateInternal):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-18  Tony Chang  <tony@chromium.org>
-
-        remove the CSS_GRID_LAYOUT compiler define, but default grid layout to off
-        https://bugs.webkit.org/show_bug.cgi?id=86767
-
-        Reviewed by Ojan Vafai.
-
-        * Configurations/FeatureDefines.xcconfig: Remove ENABLE_CSS_GRID_LAYOUT.
-
-2012-05-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Setting array index -1 and looping over array causes bad behavior
-        https://bugs.webkit.org/show_bug.cgi?id=86733
-        <rdar://problem/11477670>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGOperations.cpp:
-
-2012-05-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Rolled out r117495 because it caused som out of memory crashes.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-
-2012-05-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored the Heap to move more MarkedSpace logic into MarkedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=86790
-
-        Reviewed by Gavin Barraclough.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::lastChanceToFinalize):
-        (JSC::Heap::markRoots):
-        (JSC):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::size):
-        (JSC::Heap::capacity):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (Heap): Took all the functors from here...
-
-        * heap/MarkedBlock.h:
-        (CountFunctor):
-        (JSC::MarkedBlock::CountFunctor::CountFunctor):
-        (JSC::MarkedBlock::CountFunctor::count):
-        (JSC::MarkedBlock::CountFunctor::returnValue):
-        (MarkedBlock):
-        * heap/MarkedSpace.h:
-        (JSC::ClearMarks::operator()):
-        (JSC):
-        (JSC::Sweep::operator()):
-        (JSC::MarkCount::operator()):
-        (JSC::Size::operator()):
-        (JSC::Capacity::operator()):
-        (MarkedSpace):
-        (JSC::MarkedSpace::clearMarks):
-        (JSC::MarkedSpace::sweep):
-        (JSC::MarkedSpace::objectCount):
-        (JSC::MarkedSpace::size):
-        (JSC::MarkedSpace::capacity): and put them here.
-
-2012-05-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Increase the GC allocation trigger
-        https://bugs.webkit.org/show_bug.cgi?id=86699
-
-        Reviewed by Sam Weinig.
-
-        This helps a lot when the heap is growing, and helps to resolve
-        the regression caused by r116484.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-
-2012-05-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        GC in the middle of JSObject::allocatePropertyStorage can cause badness
-        https://bugs.webkit.org/show_bug.cgi?id=83839
-
-        Reviewed by Geoff Garen.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're 
-        growing our already-existing PropertyStorage.
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage 
-        and the new structure so that we can be sure a GC never occurs when our Structure
-        info is out of sync with our PropertyStorage.
-        (JSC):
-        (JSC::JSObject::putDirectInternal): Moved the check to see if we should 
-        allocate more backing store before the actual property insertion into 
-        the structure.
-        (JSC::JSObject::putDirectWithoutTransition): Ditto.
-        (JSC::JSObject::transitionTo): Ditto.
-        * runtime/Structure.cpp:
-        (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy 
-        for property backing stores contained within the Structure class.
-        (JSC):
-        * runtime/Structure.h:
-        (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion 
-        into the Structure would require resizing the property backing store so that they can 
-        preallocate the required storage.
-        (Structure):
-
-2012-05-16  Geoffrey Garen  <ggaren@apple.com>
-
-        GC is not thread-safe when moving values between C stacks
-        https://bugs.webkit.org/show_bug.cgi?id=86672
-
-        Reviewed by Phil Pizlo.
-
-        GC pauses thread A while marking thread A, and then B while marking B,
-        which isn't safe against A and B moving values between each others'
-        stacks.
-
-        This is a theoretical bug -- I haven't been able to reproduce it
-        in the wild.
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::gatherFromOtherThread):
-        (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the
-        duration of stack marking, to avoid missing values that might be moving
-        between C stacks.
-
-2012-05-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Block freeing thread should not free blocks when we are actively requesting them
-        https://bugs.webkit.org/show_bug.cgi?id=86519
-
-        Reviewed by Geoff Garen.
-
-        * heap/BlockAllocator.h:
-        (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done 
-        while we hold the lock to ensure proper locking.
-
-2012-05-15  Filip Pizlo  <fpizlo@apple.com>
-
-        shrinkToFit() is often not called for Vectors in CodeBlock
-        https://bugs.webkit.org/show_bug.cgi?id=86436
-
-        Reviewed by Oliver Hunt.
-        
-        The vectors in CodeBlock are often appended to during various stages of
-        compilation, but we neglect to shrink them after compilation finishes. This
-        patch takes the most brutal possible approach: shrink all the vectors after
-        the bytecompile phase, and then shrink them again after the appropriate
-        JITing phase. The two shrinks are necessary because the JIT may append more
-        stuff, but may also generate code that directly references things in other
-        vectors; hence some can only be shrunk before JIT and some after. Also,
-        we may allow a CodeBlock to sit around for a long time - possibly forever -
-        before invoking the JIT, hence it makes sense to have two shrinks.
-        
-        This is performance neutral on the major benchmarks we track.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::appendWeakReferenceTransition):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2012-05-15  Oliver Hunt  <oliver@apple.com>
-
-        Make error information available even if all we have is line number information.
-        https://bugs.webkit.org/show_bug.cgi?id=86547
-
-        Reviewed by Filip Pizlo.
-
-        We don't need expression information to generate useful line, file, and stack information,
-        so only require that we have line number info available.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        * runtime/Executable.h:
-        (JSC):
-
-2012-05-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Block freeing thread should not free blocks when we are actively requesting them
-        https://bugs.webkit.org/show_bug.cgi?id=86519
-
-        Reviewed by Geoffrey Garen.
-
-        The block freeing thread shoots us in the foot if it decides to run while we're actively 
-        requesting blocks and returning them. This situation can arise when there is a lot of copying 
-        collection going on in steady state. We allocate a large swath of pages to copy into, then we 
-        return all the newly free old pages to the BlockAllocator. In this state, if the block freeing 
-        thread wakes up in between collections (which is more likely than it waking up during a 
-        collection) and frees half of these pages, they will be needed almost immediately during the 
-        next collection, causing a storm of VM allocations which we know are going to be very slow.
-
-        What we'd like is for when things have quieted down the block freeing thread can then return 
-        memory to the OS. Usually this will be when a page has fully loaded and has a low allocation 
-        rate. In this situation, our opportunistic collections will only be running at least every few 
-        seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say, 
-        while a page is loading.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator): Initialize our new field.
-        (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently.
-        If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out 
-        on an update, we'll see it when we wake up again.
-        * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests.
-        (BlockAllocator):
-        (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks 
-        that to true. We don't bother locking since we assume that writing to a bool is atomic.
-
-2012-05-14  Luke Macpherson  <macpherson@chromium.org>
-
-        Introduce ENABLE_CSS_VARIABLES compile flag.
-        https://bugs.webkit.org/show_bug.cgi?id=86338
-
-        Reviewed by Dimitri Glazkov.
-
-        Add a configuration option for CSS Variables support, disabling it by default.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Cannot login to iCloud
-        https://bugs.webkit.org/show_bug.cgi?id=86321
-
-        Reviewed by Filip Pizlo.
-
-        This is a bug introduced by bug#85853, we shouldn't allow assignment to
-        the prototype property of functions to be cached, since we need to clear
-        the cached inheritorID.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::put):
-
-2012-05-14  Michael Saboff  <msaboff@apple.com>
-
-        Enh: Add the Ability to Disable / Enable JavaScript GC Timer
-        https://bugs.webkit.org/show_bug.cgi?id=86382
-
-        Reviewed by Darin Adler.
-
-        Add flag to GCActivityCallback to enable / disable activity timer.
-        Add api via Heap to set the flag's value.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Windows export
-        * heap/Heap.cpp:
-        (JSC::Heap::setGarbageCollectionTimerEnabled):
-        * heap/Heap.h:
-        * runtime/GCActivityCallback.h:
-        (JSC::GCActivityCallback::isEnabled):
-        (JSC::GCActivityCallback::setEnabled):
-        (JSC::GCActivityCallback::GCActivityCallback):
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
-
-2012-05-14  Michael Saboff  <msaboff@apple.com>
-
-        Increase Debug Logging in MarkStack::validate()
-        https://bugs.webkit.org/show_bug.cgi?id=86408
-
-        Rubber-stamped by Filip Pizlo.
-
-        Added some descriptive debug messages for the conditions and
-        values when a cell validation fails.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::validate):
-
-2012-05-14  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header file.
-
-2012-05-14  Yong Li  <yoli@rim.com>
-
-        DFG JIT didn't work with ARM EABI.
-        https://bugs.webkit.org/show_bug.cgi?id=84449
-
-        Reviewed by Filip Pizlo.
-
-        Add a 32-bit dummy argument for some callOperation()
-        methods to make it work for ARM EABI.
-
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-
-2012-05-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Introduce PropertyName class
-        https://bugs.webkit.org/show_bug.cgi?id=86241
-
-        Reviewed by Darin Adler.
-
-        This patch introduced a couple of small bugs.
-
-        * runtime/PropertyName.h:
-        (JSC::toUInt32FromCharacters):
-            - Returning wrong value for "" - should not convert to 0.
-        (JSC::PropertyName::PropertyName):
-            - Remove the ASSERT, it was a little too aspirational.
-
-2012-05-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG performs incorrect constant folding on double-to-uint32 conversion in
-        Uint32Array PutByVal
-        https://bugs.webkit.org/show_bug.cgi?id=86330
-
-        Reviewed by Darin Adler.
-        
-        static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d).
-        In particular, C++ casts on typical hardware (like x86 and similar) will
-        return 0x80000000 for double values that are out of range of the int32 domain
-        (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call
-        for wrap-around; for example the double value 4294967297 ought to become the
-        int32 value 1, not 0x80000000.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-
-2012-05-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Introduce PropertyName class
-        https://bugs.webkit.org/show_bug.cgi?id=86241
-
-        Reviewed by Geoff Garen.
-
-        Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
-        This change paves the way to allow for properties keyed by values that are not Identifiers.
-
-        This change is largely a mechanical find & replace.
-        It also changes JSFunction's constructor to take a UString& instead of an Identifier&
-        (since in some cases we can no longer guarantee that we'lll have an Identifier), and
-        unifies Identifier's methods to obtain array indices onto PropertyName.
-
-        The new PropertyName class retains the ability to support .impl() and .ustring(), but
-        in a future patch we may need to rework this, since not all PropertyNames should be
-        equal based on their string representation.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::finishCreation):
-        * API/JSCallbackFunction.h:
-        (JSCallbackFunction):
-        (JSC::JSCallbackFunction::create):
-        * API/JSCallbackObject.h:
-        (JSCallbackObject):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot):
-        (JSC::::getOwnPropertyDescriptor):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::getStaticValue):
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithCallback):
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertySlot):
-        (JSC::DebuggerActivation::put):
-        (JSC::DebuggerActivation::putDirectVirtual):
-        (JSC::DebuggerActivation::deleteProperty):
-        (JSC::DebuggerActivation::getOwnPropertyDescriptor):
-        (JSC::DebuggerActivation::defineOwnProperty):
-        * debugger/DebuggerActivation.h:
-        (DebuggerActivation):
-        * jsc.cpp:
-        (GlobalObject::addFunction):
-        (GlobalObject::addConstructableFunction):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        (JSC::Arguments::defineOwnProperty):
-        * runtime/Arguments.h:
-        (Arguments):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::finishCreation):
-        (JSC::ArrayConstructor::getOwnPropertySlot):
-        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
-        * runtime/ArrayConstructor.h:
-        (ArrayConstructor):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlot):
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        (JSC::putProperty):
-        * runtime/ArrayPrototype.h:
-        (ArrayPrototype):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::finishCreation):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::getOwnPropertySlot):
-        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
-        * runtime/BooleanPrototype.h:
-        (BooleanPrototype):
-        * runtime/ClassInfo.h:
-        (MethodTable):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::finishCreation):
-        (JSC::DateConstructor::getOwnPropertySlot):
-        (JSC::DateConstructor::getOwnPropertyDescriptor):
-        * runtime/DateConstructor.h:
-        (DateConstructor):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::getOwnPropertySlot):
-        (JSC::DatePrototype::getOwnPropertyDescriptor):
-        * runtime/DatePrototype.h:
-        (DatePrototype):
-        * runtime/Error.h:
-        (JSC::StrictModeTypeErrorFunction::create):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::finishCreation):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::getOwnPropertySlot):
-        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
-        * runtime/ErrorPrototype.h:
-        (ErrorPrototype):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::finishCreation):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::finishCreation):
-        (JSC::FunctionPrototype::addFunctionProperties):
-        (JSC::functionProtoFuncBind):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::create):
-        (FunctionPrototype):
-        * runtime/Identifier.cpp:
-        (JSC):
-        * runtime/Identifier.h:
-        (Identifier):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::finishCreation):
-        * runtime/InternalFunction.h:
-        (InternalFunction):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        (JSC::JSActivation::getOwnPropertySlot):
-        (JSC::JSActivation::put):
-        (JSC::JSActivation::putDirectVirtual):
-        (JSC::JSActivation::deleteProperty):
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        (JSActivation):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::defineOwnProperty):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::deleteProperty):
-        * runtime/JSArray.h:
-        (JSArray):
-        (JSC):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::create):
-        (JSC::JSBoundFunction::finishCreation):
-        * runtime/JSBoundFunction.h:
-        (JSBoundFunction):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnPropertySlot):
-        (JSC::JSCell::put):
-        (JSC::JSCell::deleteProperty):
-        (JSC::JSCell::putDirectVirtual):
-        (JSC::JSCell::defineOwnProperty):
-        (JSC::JSCell::getOwnPropertyDescriptor):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::create):
-        (JSC::JSFunction::finishCreation):
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::lengthGetter):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::deleteProperty):
-        (JSC::JSFunction::defineOwnProperty):
-        (JSC::getCalculatedDisplayName):
-        * runtime/JSFunction.h:
-        (JSFunction):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::put):
-        (JSC::JSGlobalObject::putDirectVirtual):
-        (JSC::JSGlobalObject::defineOwnProperty):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::createThrowTypeError):
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::hasOwnPropertyForWrite):
-        (JSC::JSGlobalObject::symbolTableHasProperty):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertySlot):
-        (JSC::JSNotAnObject::getOwnPropertyDescriptor):
-        (JSC::JSNotAnObject::put):
-        (JSC::JSNotAnObject::deleteProperty):
-        * runtime/JSNotAnObject.h:
-        (JSNotAnObject):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::getOwnPropertySlot):
-        (JSC::JSONObject::getOwnPropertyDescriptor):
-        * runtime/JSONObject.h:
-        (JSONObject):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::putDirectVirtual):
-        (JSC::JSObject::putDirectAccessor):
-        (JSC::JSObject::hasProperty):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::hasOwnProperty):
-        (JSC::callDefaultValueFunction):
-        (JSC::JSObject::findPropertyHashEntry):
-        (JSC::JSObject::getPropertySpecificValue):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        (JSC::JSObject::getPropertyDescriptor):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::getOwnPropertySlot):
-        (JSC::JSCell::fastGetOwnPropertySlot):
-        (JSC::JSObject::getPropertySlot):
-        (JSC::JSObject::get):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putOwnDataProperty):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSValue::get):
-        (JSC::JSValue::put):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-        (JSC::JSStaticScopeObject::putDirectVirtual):
-        (JSC::JSStaticScopeObject::getOwnPropertySlot):
-        * runtime/JSStaticScopeObject.h:
-        (JSStaticScopeObject):
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot):
-        (JSC::JSString::getStringPropertyDescriptor):
-        * runtime/JSString.h:
-        (JSString):
-        (JSC::JSString::getStringPropertySlot):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::putToPrimitive):
-        * runtime/JSValue.h:
-        (JSC):
-        (JSValue):
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::deleteProperty):
-        (JSC::JSVariableObject::symbolTableGet):
-        (JSC::JSVariableObject::putDirectVirtual):
-        * runtime/JSVariableObject.h:
-        (JSVariableObject):
-        (JSC::JSVariableObject::symbolTableGet):
-        (JSC::JSVariableObject::symbolTablePut):
-        (JSC::JSVariableObject::symbolTablePutWithAttributes):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::HashTable::entry):
-        (JSC):
-        (JSC::getStaticPropertySlot):
-        (JSC::getStaticPropertyDescriptor):
-        (JSC::getStaticFunctionSlot):
-        (JSC::getStaticFunctionDescriptor):
-        (JSC::getStaticValueSlot):
-        (JSC::getStaticValueDescriptor):
-        (JSC::lookupPut):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertySlot):
-        (JSC::MathObject::getOwnPropertyDescriptor):
-        * runtime/MathObject.h:
-        (MathObject):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::finishCreation):
-        * runtime/NumberConstructor.cpp:
-        (JSC):
-        (JSC::NumberConstructor::finishCreation):
-        (JSC::NumberConstructor::getOwnPropertySlot):
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        (JSC::NumberConstructor::put):
-        (JSC::numberConstructorNaNValue):
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        (JSC::numberConstructorMaxValue):
-        (JSC::numberConstructorMinValue):
-        * runtime/NumberConstructor.h:
-        (NumberConstructor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::getOwnPropertySlot):
-        (JSC::NumberPrototype::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.h:
-        (NumberPrototype):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::finishCreation):
-        (JSC::ObjectConstructor::getOwnPropertySlot):
-        (JSC::ObjectConstructor::getOwnPropertyDescriptor):
-        * runtime/ObjectConstructor.h:
-        (ObjectConstructor):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::put):
-        (JSC::ObjectPrototype::defineOwnProperty):
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
-        * runtime/ObjectPrototype.h:
-        (ObjectPrototype):
-        * runtime/PropertySlot.h:
-        (PropertySlot):
-        (JSC::PropertySlot::getValue):
-        * runtime/RegExpConstructor.cpp:
-        (JSC):
-        (JSC::RegExpConstructor::finishCreation):
-        (JSC::RegExpConstructor::getOwnPropertySlot):
-        (JSC::RegExpConstructor::getOwnPropertyDescriptor):
-        (JSC::regExpConstructorDollar1):
-        (JSC::regExpConstructorDollar2):
-        (JSC::regExpConstructorDollar3):
-        (JSC::regExpConstructorDollar4):
-        (JSC::regExpConstructorDollar5):
-        (JSC::regExpConstructorDollar6):
-        (JSC::regExpConstructorDollar7):
-        (JSC::regExpConstructorDollar8):
-        (JSC::regExpConstructorDollar9):
-        (JSC::regExpConstructorInput):
-        (JSC::regExpConstructorMultiline):
-        (JSC::regExpConstructorLastMatch):
-        (JSC::regExpConstructorLastParen):
-        (JSC::regExpConstructorLeftContext):
-        (JSC::regExpConstructorRightContext):
-        (JSC::RegExpConstructor::put):
-        * runtime/RegExpConstructor.h:
-        (RegExpConstructor):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-        (JSC::RegExpMatchesArray::put):
-        (JSC::RegExpMatchesArray::deleteProperty):
-        (JSC::RegExpMatchesArray::defineOwnProperty):
-        * runtime/RegExpObject.cpp:
-        (JSC):
-        (JSC::RegExpObject::getOwnPropertySlot):
-        (JSC::RegExpObject::getOwnPropertyDescriptor):
-        (JSC::RegExpObject::deleteProperty):
-        (JSC::RegExpObject::defineOwnProperty):
-        (JSC::regExpObjectGlobal):
-        (JSC::regExpObjectIgnoreCase):
-        (JSC::regExpObjectMultiline):
-        (JSC::regExpObjectSource):
-        (JSC::RegExpObject::put):
-        * runtime/RegExpObject.h:
-        (RegExpObject):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::getOwnPropertySlot):
-        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
-        * runtime/RegExpPrototype.h:
-        (RegExpPrototype):
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::deleteProperty):
-        * runtime/StrictEvalActivation.h:
-        (StrictEvalActivation):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::finishCreation):
-        (JSC::StringConstructor::getOwnPropertySlot):
-        (JSC::StringConstructor::getOwnPropertyDescriptor):
-        * runtime/StringConstructor.h:
-        (StringConstructor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertySlot):
-        (JSC::StringObject::getOwnPropertyDescriptor):
-        (JSC::StringObject::put):
-        (JSC::StringObject::defineOwnProperty):
-        (JSC::StringObject::deleteProperty):
-        * runtime/StringObject.h:
-        (StringObject):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::getOwnPropertySlot):
-        (JSC::StringPrototype::getOwnPropertyDescriptor):
-        * runtime/StringPrototype.h:
-        (StringPrototype):
-        * runtime/Structure.cpp:
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::remove):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::get):
-
-2012-05-11  Michael Saboff  <msaboff@apple.com>
-
-        Rolling out r116659.
-
-        Causes ASSERT failures on bots.
-
-        Rubber stamped by Geoff Garen.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::markingThreadMain):
-        (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::MarkStackThreadSharedData::reset):
-        (JSC::MarkStack::reset):
-        (JSC):
-        (JSC::SlotVisitor::copyAndAppend):
-        * heap/MarkStack.h:
-        (MarkStackThreadSharedData):
-        (MarkStack):
-        * runtime/JSString.h:
-        (JSString):
-        (JSC::JSString::finishCreation):
-        (JSC::JSString::is8Bit):
-        (JSC::JSRopeString::finishCreation):
-
-2012-05-11  Oliver Hunt  <oliver@apple.com>
-
-        Appease thread verifier when dealing with the JSC API's shared VM
-        https://bugs.webkit.org/show_bug.cgi?id=86268
-
-        Reviewed by Geoffrey Garen.
-
-        If we're the shared VM, just disable the verifier.  This makes debug builds
-        livable against non-webkit clients.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2012-05-11  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT memory allocator is not returning memory to the OS on Darwin
-        https://bugs.webkit.org/show_bug.cgi?id=86047
-
-        Reviewed by Geoff Garen.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-
-2012-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Clarified JSGlobalData (JavaScript VM) lifetime
-        https://bugs.webkit.org/show_bug.cgi?id=85142
-
-        Reviewed by Alexey Proskuryakov.
-
-        (Follow-up fix.)
-
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef.
-        (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on
-        test, because apps might have been linked on older OS's.)
-
-2012-05-11  Sam Weinig  <sam@webkit.org>
-
-        Fix crash seen when running with libgmalloc
-        <rdar://problem/11435411>
-        https://bugs.webkit.org/show_bug.cgi?id=86232
-
-        Reviewed by Gavin Barraclough.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::markingThreadMain):
-        Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its
-        destructor.
-
-2012-05-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove op_get_callee
-
-        Rubber stamped by Geoff Garen.
-        
-        This is now redundant.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-05-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Cache inheritorID on JSFunction
-        https://bugs.webkit.org/show_bug.cgi?id=85853
-
-        Reviewed by Geoff Garen & Filip Pizlo.
-
-        An object's prototype is indicated via its structure.  To create an otherwise
-        empty object with object A as its prototype, we require a structure with its
-        prototype set to point to A.  We wish to use this same structure for all empty
-        objects created with a prototype of A, so we presently store this structure as
-        a property of A, known as the inheritorID.
-
-        When a function F is invoked as a constructor, where F has a property 'prototype'
-        set to point to A, in order to create the 'this' value for the constructor to
-        use the following steps are taken:
-          - the 'prototype' proptery of F is read, via a regular [[Get]] access.
-          - the inheritorID internal property of the prototype is read.
-          - a new, empty object is constructed with its structure set to point to inheritorID.
-
-        There are two drawbacks to the current approach:
-          - it requires that every object has an inheritorID field.
-          - it requires a [[Get]] access on every constructor call to access the 'prototype' property.
-
-        Instead, switch to caching a copy of the inheritorID on the function.  Constructor
-        calls now only need read the internal property from the callee, saving a [[Get]].
-        This also means that JSObject::m_inheritorID is no longer commonly read, and in a
-        future patch we can move to storing this in a more memory efficient fashion.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSFunction):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emitSlow_op_create_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emitSlow_op_create_this):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::cacheInheritorID):
-        (JSC):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::defineOwnProperty):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::cachedInheritorID):
-        (JSFunction):
-        (JSC::JSFunction::offsetOfCachedInheritorID):
-
-2012-05-10  Michael Saboff  <msaboff@apple.com>
-
-        Enh: Hash Const JSString in Backing Stores to Save Memory
-        https://bugs.webkit.org/show_bug.cgi?id=86024
-
-        Reviewed by Filip Pizlo.
-
-        During garbage collection, each marking thread keeps a HashMap of
-        strings.  While visiting via MarkStack::copyAndAppend(), we check to
-        see if the string we are visiting is already in the HashMap.  If not
-        we add it.  If so, we change the reference to the current string we're
-        visiting to the prior string.
-
-        To somewhat reduce the performance impact of this change, if a string
-        is unique at the end of a marking it will not be checked during further
-        GC phases.  In some cases this won't catch all duplicates, but we are
-        trying to catch the growth of duplicate strings.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::resetChildren): New method called by the 
-        main thread to reset the slave threads.  This is primarily done to
-        clear the m_uniqueStrings HashMap.
-        (JSC):
-        (JSC::MarkStackThreadSharedData::markingThreadMain):
-        (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::MarkStackThreadSharedData::reset):
-        (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
-        (JSC::MarkStack::internalAppend): New method that performs the hash consting.
-        (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash consting
-        internalAppend()
-        * heap/MarkStack.h:
-        (MarkStackThreadSharedData):
-        (MarkStack):
-        (JSC::MarkStack::sharedData):
-        * runtime/JSString.h:
-        (JSString): Added m_isHashConstSingleton flag, accessors for the flag and
-        code to initialize the flag.
-        (JSC::JSString::finishCreation):
-        (JSC::JSString::isHashConstSingleton):
-        (JSC::JSString::clearHashConstSingleton):
-        (JSC::JSString::setHashConstSingleton):
-        (JSC::JSRopeString::finishCreation):
-
-2012-05-09  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT memory allocator is not returning memory to the OS on Darwin
-        https://bugs.webkit.org/show_bug.cgi?id=86047
-        <rdar://problem/11414948>
-
-        Reviewed by Geoff Garen.
-        
-        Work around the problem by using a different madvise() flag, but only for the JIT memory
-        allocator. Also put in ASSERTs that the call is actually working.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage):
-        (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-
-2012-05-09  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to get useful debug logging from the JIT memory allocator
-        https://bugs.webkit.org/show_bug.cgi?id=86042
-
-        Reviewed by Geoff Garen.
-
-        * jit/ExecutableAllocator.h:
-
-2012-05-09  Gavin Barraclough  <barraclough@apple.com>
-
-        GC race condition in OpaqueJSClass::prototype
-        https://bugs.webkit.org/show_bug.cgi?id=86034
-
-        Build fix.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-            - Eeeep, landed bad version of patch!
-
-2012-05-09  Gavin Barraclough  <barraclough@apple.com>
-
-        GC race condition in OpaqueJSClass::prototype
-        https://bugs.webkit.org/show_bug.cgi?id=86034
-
-        Reviewed by Filip Pizlo.
-
-        The bug here is basically:
-            if (weakref) weakref->method()
-        where a GC may occur between the if & the method call.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-
-2012-05-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        CopiedSpace does not add pinned blocks back to the to-space filter
-        https://bugs.webkit.org/show_bug.cgi?id=86011
-
-        Reviewed by Geoffrey Garen.
-
-        After a collection has finished, we go through the blocks in from-space 
-        and move any of them that are pinned into to-space. At the beginning of 
-        collection, we reset the to-space block filter that is used during 
-        conservative scanning and add back the blocks that are filled during the 
-        collection. However, we neglect to add back those blocks that are moved 
-        from from-space to to-space, which can cause the conservative scan to 
-        think that some pinned items are not actually in CopiedSpace.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the 
-        to-space filter. Also added a comment and assert for future readers that 
-        indicates that it's okay that we don't also add the block to the 
-        to-space block set since it was never removed.
-
-
-2012-05-09  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Use independent version numbers for public libraries
-        https://bugs.webkit.org/show_bug.cgi?id=85984
-
-        Reviewed by Gustavo Noronha Silva.
-
-        * GNUmakefile.am: Use LIBJAVASCRIPTCOREGTK_VERSION for library
-        version.
-
-2012-05-09  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Do not install JavaScriptCore platform-specific headers
-        https://bugs.webkit.org/show_bug.cgi?id=85983
-
-        Reviewed by Gustavo Noronha Silva.
-
-        JavaScriptCore.h includes JSStringRefCF.h unconditionally. It was
-        renamed to JavaScript.h in r29234 and it still exists for
-        compatibility with mac and windows users.
-
-        * GNUmakefile.list.am: Remove JavaScriptCore.h, JSStringRefCF.h
-        and JSStringRefBSTR.h from the sources and headers list.
-
-2012-05-08  Gavin Barraclough  <barraclough@apple.com>
-
-        ROLLING OUT r114255
-        
-        GC in the middle of JSObject::allocatePropertyStorage can cause badness
-        https://bugs.webkit.org/show_bug.cgi?id=83839
-
-        Reviewed by nobody.
-
-        This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::allocatePropertyStorage):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::isUsingInlineStorage):
-        (JSC):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::transitionTo):
-        * runtime/Structure.cpp:
-        (JSC):
-        * runtime/Structure.h:
-        (JSC::Structure::didTransition):
-
-2012-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Heap should not continually allocate new pages in steady state
-        https://bugs.webkit.org/show_bug.cgi?id=85936
-
-        Reviewed by Geoff Garen.
-
-        Currently, in steady state (i.e. a constant amount of live GC 
-        memory with a constant rate of allocation) assuming we've just 
-        finished a collection with X live blocks in CopiedSpace, we 
-        increase our working set by X blocks in CopiedSpace with each 
-        collection we perform. This is due to the fact that we allocate 
-        until we run out of free blocks to use in the Heap before we 
-        consider whether we should run a collection. 
-
-        In the longer term, this issue will be mostly resolved by 
-        implementing quick release for the CopiedSpace. In the shorter 
-        term, we should change our policy to check whether we should 
-        allocate before trying to use a free block from the Heap. We 
-        can change our policy to something more appropriate once we 
-        have implemented quick release.
-
-        This change should also have the convenient side effect of 
-        reducing the variance in GC-heavy tests (e.g. v8-splay) due 
-        to fact that we are doing less VM allocation during copying 
-        collection. Overall, this patch is performance neutral across 
-        the benchmarks we track.
-
-        * heap/CopiedSpace.cpp: 
-        (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator
-        around so that we only do it if the block request must succeed 
-        i.e. after we've already checked whether we should do a collection.
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase): Ditto.
-        (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this 
-        function because by the time we've called it, we've already checked whether we 
-        should run a collection so there's no point in returning null.
-        * heap/MarkedAllocator.h: Removing old arguments from function declaration.
-        (MarkedAllocator):
-
-2012-05-08  Gavin Barraclough  <barraclough@apple.com>
-
-        SIGFPE on divide in classic interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=85917
-
-        Rubber stamped by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-            - check for divisor of -1.
-
-2012-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Rolling out r110287
-
-        RS=Filip Pizlo
-
-        r110287 was meant to be refactoring only, but changed behavior
-        enough to break some websites, including qq.com.
-
-2012-05-07  Andy Estes  <aestes@apple.com>
-
-        ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-07  Oliver Hunt  <oliver@apple.com>
-
-        Fix release build.
-
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2012-05-07  Oliver Hunt  <oliver@apple.com>
-
-        LLInt doesn't check for Ropes when performing a character switch
-        https://bugs.webkit.org/show_bug.cgi?id=85837
-
-        Reviewed by Filip Pizlo.
-
-        Make LLint check if the scrutinee of a char switch is a rope, and if
-        so fall back to a slow case.
-
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (LLInt):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-05-07  Eric Seidel  <eric@webkit.org>
-
-        Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed
-        https://bugs.webkit.org/show_bug.cgi?id=85822
-
-        Reviewed by Adam Barth.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove TrustedImm32::m_isPointer
-        https://bugs.webkit.org/show_bug.cgi?id=85726
-
-        Rubber stamped by Sam Weinig.
-
-        We used to rely on being able to generate code with known, fixed offsets – to do so we
-        would inhibit more optimal code generation for pointers. This is no longer necessary.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
-        (TrustedImm32):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::store32):
-        (JSC::MacroAssemblerARM::move):
-        (JSC::MacroAssemblerARM::branch32):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::move):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::add32):
-        (JSC::MacroAssemblerMIPS::and32):
-        (JSC::MacroAssemblerMIPS::mul32):
-        (JSC::MacroAssemblerMIPS::or32):
-        (JSC::MacroAssemblerMIPS::sub32):
-        (JSC::MacroAssemblerMIPS::store32):
-        (JSC::MacroAssemblerMIPS::move):
-
-2012-05-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not Flush GetLocal's
-        https://bugs.webkit.org/show_bug.cgi?id=85663
-        <rdar://problem/11373600>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::flushArgument):
-        (JSC::DFG::ByteCodeParser::handleCall):
-
-2012-05-04  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
-
-        Doesn't build with ENABLE_JIT=0 
-        https://bugs.webkit.org/show_bug.cgi?id=85042
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/Operands.h:
-
-2012-05-03  Oliver Hunt  <oliver@apple.com>
-
-        Regression(r114702): Clobbering the caller frame register before we've stored it.
-        https://bugs.webkit.org/show_bug.cgi?id=85564
-
-        Reviewed by Filip Pizlo.
-
-        Don't use t0 as a temporary, when we're about to use the value in t0.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Removing remainder of accidental printfs.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-
-2012-05-03  Andy Estes  <aestes@apple.com>
-
-        If you add printf()s to your garbage collector, the layout tests are gonna have a bad time.
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
-
-2012-05-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection
-        https://bugs.webkit.org/show_bug.cgi?id=85543
-
-        Reviewed by Filip Pizlo.
-
-        Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its 
-        allocation limit for the current cycle, thus hastening an allocation-triggered collection. 
-        In reality, it should just affect the opportunistic GC timer. We should track the bytes 
-        we think have been abandoned and the bytes that have been allocated separately.
-
-        * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much 
-        we think we've abandoned.
-        (JSC::Heap::Heap): 
-        (JSC::Heap::reportAbandonedObjectGraph): 
-        (JSC):
-        (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call 
-        rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather 
-        than bytes allocated. Also notifies the timer, summing the two values together.
-        (JSC::Heap::collect):
-        (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting 
-        to GCActivityCallback.
-        * heap/Heap.h:
-        (Heap):
-
-2012-05-02  Eric Seidel  <eric@webkit.org>
-
-        Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate)
-        https://bugs.webkit.org/show_bug.cgi?id=85433
-
-        Reviewed by Adam Barth.
-
-        I have a script which can autogenerate these xcconfig files as well as the
-        vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists
-        from a central feature list file.
-        In preparation for posting such a tool, I'm re-sorting these xcconfig files to be
-        alphabetically ordered (currently they're close, but not quite).
-        There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which
-        I will fix in a second pass.  I will also sort the FEATURE_DEFINES = line in a follow-up patch.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-02  Hojong Han  <hojong.han@samsung.com>
-
-        ARM_TRADITIONAL build fix
-        https://bugs.webkit.org/show_bug.cgi?id=85358
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::lshift32):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::or32):
-        (JSC::MacroAssemblerARM::urshift32):
-        (JSC::MacroAssemblerARM::xor32):
-        (JSC::MacroAssemblerARM::branchSub32):
-
-2012-05-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Opportunistic GC should give up if the Heap is paged out
-        https://bugs.webkit.org/show_bug.cgi?id=85411
-
-        Reviewed by Filip Pizlo.
-
-        Opportunistic GC is punishing us severely in limited memory situations because its 
-        assumptions about how much time a collection will take are way out of whack when the Heap 
-        has been paged out by the OS. We should add a simple detection function to the Heap that 
-        detects if its is paged out. It will do this by iterating each block of both the MarkedSpace 
-        and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms), 
-        the function returns true. This function will only be run prior to an opportunistic 
-        collection (i.e. it will not run during our normal allocation-triggered collections).
-
-        In my tests, steady state was drastically improved in high memory pressure situations (i.e. 
-        the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC
-        would be triggered due to pages doing things in the background, which would cause a 
-        significant pause. As we close pages we now cause normal collections rather than full 
-        collections, which prevents us from collecting all of the dead memory immediately. One 
-        nice way to deal with this issue might be to do incremental sweeping.
-
-
-        * heap/CopiedSpace.cpp:
-        (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over 
-        to-space, from-space, and the oversize blocks.
-        (JSC):
-        (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out
-        by iterating all of the blocks.
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/Heap.cpp:
-        (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the 
-        MarkedSpace and CopiedSpace if they are paged out.
-        (JSC):
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off 
-        each time it determines that the Heap is paged out.
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's
-        list of blocks are paged out.
-        (JSC):
-        * heap/MarkedAllocator.h:
-        (MarkedAllocator):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out.
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::cancel):
-        (JSC):
-        * runtime/GCActivityCallback.h:
-        (JSC::GCActivityCallback::cancel):
-        (DefaultGCActivityCallback):
-        * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining
-        whether the Heap is paged out or not.
-        (JSC):
-        (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we 
-        should attempt a collection based on whether or not we can iterate the blocks of the Heap in 
-        100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to 
-        do a collection. This gives us a nice linear backoff so we're not constantly re-trying in
-        steady state paged-out-ness.
-        (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing 
-        exactly the same thing as willCollect, is more obvious as to what it's doing when we call it 
-        in timerDidFire.
-
-2012-05-02  Yong Li  <yoli@rim.com>
-
-        Fix GCC X86 build error
-        https://bugs.webkit.org/show_bug.cgi?id=85379
-
-        Reviewed by Rob Buis.
-
-        Always explicitly claim ".text" to make sure
-        functions defined with inline assembly will be
-        created in the correct section.
-
-        * dfg/DFGOperations.cpp:
-        (JSC):
-
-2012-05-02  Oliver Hunt  <oliver@apple.com>
-
-        Unreviewed, rolling out r115388.
-        http://trac.webkit.org/changeset/115388
-        https://bugs.webkit.org/show_bug.cgi?id=85011
-
-        This caused many weird performance problems, and needs to be
-        landed in pieces.
-
-        * dfg/DFGOperations.cpp:
-        * heap/Heap.cpp:
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::dumpCaller):
-        (JSC):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::init):
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::execute):
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::growSlowCase):
-        (JSC::RegisterFile::gatherConservativeRoots):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::end):
-        (JSC::RegisterFile::size):
-        (JSC::RegisterFile::addressOfEnd):
-        (RegisterFile):
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::shrink):
-        (JSC::RegisterFile::grow):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::jitCompileFor):
-        (JSC::lazyLinkFor):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::handleHostCall):
-        * llint/LowLevelInterpreter.asm:
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::arityCheckFor):
-
-2012-05-01  Oliver Hunt  <oliver@apple.com>
-
-        Physijs demo crashes due to DFG not updating topCallFrame correctly.
-        https://bugs.webkit.org/show_bug.cgi?id=85311
-
-        Reviewed by Filip Pizlo.
-
-        A few of the dfg operations failed to correctly set the topCallFrame,
-        and so everything goes wrong.  This patch corrects the effected operations,
-        and makes debug builds poison topCallFrame before calling a dfg operation.
-
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
-        (JSC::DFG::SpeculativeJIT::appendCallSetResult):
-
-2012-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Should be able to use YARR JIT without the JS language JIT
-        https://bugs.webkit.org/show_bug.cgi?id=85252
-
-        Reviewed by Geoff Garen.
-
-        Need to split canUseRegExpJIT out of canUseJIT.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-        (JSC::useJIT):
-        (JSC::JSGlobalData::JSGlobalData):
-            - replace m_canUseJIT with m_canUseAssembler
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        (JSC::JSGlobalData::canUseRegExpJIT):
-            - Added canUseRegExpJIT, distinct from canUseJIT.
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::compileMatchOnly):
-            - Call canUseRegExpJIT instead of canUseJIT.
-
-2012-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Should be able to build YARR JIT without the JS language JIT
-        https://bugs.webkit.org/show_bug.cgi?id=85242
-
-        Reviewed by Michael Saboff.
-
-        Some build macros are wrong.
-
-        * assembler/RepatchBuffer.h:
-        * jit/ExecutableAllocator.h:
-        (JSC):
-        * jit/JITExceptions.cpp:
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-
-2012-04-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Arguments object resets attributes on redefinition of a parameter
-        https://bugs.webkit.org/show_bug.cgi?id=84994
-
-        Rubber stamped by Oliver Hunt.
-
-        There is a bug that we always re-add the original property before
-        redefinition, doing so in a way that will reset the attributes
-        without checking configurability.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::defineOwnProperty):
-            - Only instantiate the property once - do not re-add if
-              it has already been added, or if it has been deleted.
-
-2012-04-30  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Remove an erroneous assertion after r115655.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::toUStringWithRadix):
-
-2012-04-30  Myles Maxfield  <mmaxfield@google.com>
-
-        End of Interpreter::tryCacheGetByID can trigger the garbage collector
-        https://bugs.webkit.org/show_bug.cgi?id=84927
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID):
-
-2012-04-30  Benjamin Poulain  <benjamin@webkit.org>
-
-        jsSingleCharacterString and jsSingleCharacterSubstring are not inlined
-        https://bugs.webkit.org/show_bug.cgi?id=85147
-
-        Reviewed by Darin Adler.
-
-        The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined
-        by the compiler. This annihilate the gains of using SmallStrings.
-
-        On stringProtoFuncCharAt(), this patch improves the performance by 11%.
-
-        * runtime/JSString.h:
-        (JSC::jsSingleCharacterString):
-        (JSC::jsSingleCharacterSubstring):
-
-2012-04-30  Benjamin Poulain  <bpoulain@apple.com>
-
-        Add fast patch for radix == 10 on numberProtoFuncToString
-        https://bugs.webkit.org/show_bug.cgi?id=85120
-
-        Reviewed by Darin Adler.
-
-        When radix, we use to turn the doubleValue into a JSValue just to convert
-        it to a String. The problem is that was using the slow path for conversion and
-        for the toString() operation.
-
-        This patch shortcuts the creation of a JSValue and uses NumericStrings directly.
-        The conversion is split between Integer and Double to ensure the fastest conversion
-        for the common case of integer arguments.
-
-        Converting number with radix 10 becomes 5% faster.
-
-        Due to the simpler conversion of number to string for integer, converting
-        integers that do not fall in the two previous optimizations get 32% faster.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::extractRadixFromArgs):
-        (JSC::integerValueToString):
-        (JSC::numberProtoFuncToString):
-
-2012-04-30  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header.
-
-2012-04-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Factored threaded block allocation into a separate object
-        https://bugs.webkit.org/show_bug.cgi?id=85148
-
-        Reviewed by Sam Weinig.
-
-        99% of this patch just moves duplicated block allocation and 
-        deallocation code into a new object named BlockAllocator, with these 
-        exceptions:
-
-        * heap/BlockAllocator.h: Added.
-        (BlockAllocator::BlockAllocator): The order of declarations here now 
-        guards us against an unlikely race condition during startup.
-
-        * heap/BlockAllocator.cpp:
-        JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to 
-        highlight a lack of clarity we have in our block deallocation routines.
-
-2012-04-28  Sam Weinig  <sam@webkit.org>
-
-        Try to fix the Qt build.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::lastChanceToFinalize):
-
-2012-04-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Clarified JSGlobalData (JavaScript VM) lifetime
-        https://bugs.webkit.org/show_bug.cgi?id=85142
-
-        Reviewed by Anders Carlsson.
-
-        This was so confusing that I didn't feel like I could reason about 
-        memory lifetime in the heap without fixing it.
-
-        The rules are:
-
-        (1) JSGlobalData owns the virtual machine and all memory in it.
-
-        (2) Deleting a JSGlobalData frees the virtual machine and all memory 
-        in it.
-
-        (Caveat emptor: if you delete the virtual machine while you're running 
-        JIT code or accessing GC objects, you're gonna have a bad time.)
-
-        (I opted not to make arbitrary sub-objects keep the virtual machine 
-        alive automatically because:
-
-                (a) doing that right would be complex and slow;
-
-                (b) in the case of an exiting thread or process, there's no 
-                clear way to give the garbage collector a chance to try again 
-                later; 
-
-                (c) continuing to run the garbage collector after we've been 
-                asked to shut down the virtual machine seems rude;
-
-                (d) we've never really supported that feature, anyway.)
-
-        (3) Normal ref-counting will do. No need to call a battery of 
-        specialty functions to tear down a JSGlobalData. Its foibles 
-        notwithstanding, C++ does in fact know how to execute destructors in 
-        order.
-
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate): Removed compatibility shim for older 
-        operating systems because it's no longer used.
-
-        (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do 
-        the right thing", this code is much simpler. We still have one special 
-        case to notify the garbage collector if we're removing the last 
-        reference to the global object, since this can improve memory behavior.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::freeAllBlocks):
-        * heap/CopiedSpace.h:
-        (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true 
-        destruction-time behaviors should be limited to our C++ destructor.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::~Heap):
-        (JSC):
-        (JSC::Heap::lastChanceToFinalize):
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because 
-        true destruction-time behaviors should be limited to our C++ 
-        destructor.
-
-        Reorganized the code, putting code that must run before any objects 
-        get torn down into lastChanceToFinalize, and code that just tears down 
-        objects into our destructor.
-
-        * heap/Local.h:
-        (JSC::LocalStack::LocalStack):
-        (JSC::LocalStack::push):
-        (LocalStack): See rule (2).
-
-        * jsc.cpp:
-        (functionQuit):
-        (main):
-        (printUsageStatement):
-        (parseArguments):
-        (jscmain):
-        * testRegExp.cpp:
-        (main):
-        (printUsageStatement):
-        (parseArguments):
-        (realMain): See rule (3).
-
-        I removed the feature of ensuring orderly tear-down when calling quit()
-        or running in --help mode because it didn't seem very useful and 
-        making it work with Windows structured exception handling and 
-        NO_RETURN didn't seem like a fun way to spend a Saturday.
-
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data 
-        member in JSGlobalData to ensure that it's destructed last, so other 
-        objects that reference it destruct without crashing. This allowed me 
-        to remove clearBuiltinStructures() altogether, and helped guarantee 
-        rule (3).
-
-        (JSC::JSGlobalData::~JSGlobalData): Explicitly call 
-        lastChanceToFinalize() at the head of our destructor to ensure that 
-        all pending finalizers run while the virtual machine is still in a 
-        valid state. Trying to resurrect (re-ref) the virtual machine at this 
-        point is not valid, but all other operations are.
-
-        Changed a null to a 0xbbadbeef to clarify just how bad this beef is.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::globalData): See rule (3).
-
-2012-04-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        * heap/WeakBlock.h:
-        (WeakBlock):
-
-2012-04-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Made WeakSet::allocate() static and removed its JSGlobalData argument
-        https://bugs.webkit.org/show_bug.cgi?id=85128
-
-        Reviewed by Anders Carlsson.
-
-        This is a step toward faster finalization.
-
-        WeakSet::allocate() now deduces which WeakSet to allocate from based on
-        its JSCell* argument. (Currently, there's only one WeakSet, but soon
-        there will be many.)
-
-        This was a global replace of "globalData.heap.weakSet()->allocate" with
-        "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument.
-
-        * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h.
-
-        I had to split out WeakSet::allocate() in to a separate header to avoid
-        a cycle.
-
-        (JSC::WeakSet::allocate): We can mask the pointer we're passed to
-        figure out where to allocate our WeakImpl. (Soon, we'll use this to
-        associate the WeakImpl with the GC block it references.)
-
-2012-04-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Stop using aligned allocation for WeakBlock
-        https://bugs.webkit.org/show_bug.cgi?id=85124
-
-        Reviewed by Anders Carlsson.
-
-        We don't actually use the alignment for anything.
-
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::create):
-        (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular
-        allocation.
-
-        * heap/WeakBlock.h:
-        (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned
-        allocation. This change required me to add some declarations that we used
-        to inherit from HeapBlock.
-
-        (WeakBlock::blockFor): Removed. This function relied on aligned allocation
-        but didn't do anything for us.
-
-        (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation
-        logic, so it shouldn't own the function.
-
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::~WeakSet):
-        (JSC::WeakSet::finalizeAll):
-        (JSC::WeakSet::visitLiveWeakImpls):
-        (JSC::WeakSet::visitDeadWeakImpls):
-        (JSC::WeakSet::sweep):
-        (JSC::WeakSet::shrink):
-        (JSC::WeakSet::resetAllocator):
-        (JSC::WeakSet::tryFindAllocator):
-        * heap/WeakSet.h:
-        (WeakSet): Updated declarations to reflect WeakBlock not inheriting from
-        HeapBlock. This allowed me to remove some casts, which was nice.
-
-        (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of
-        asking WeakBlock to do it for us.  We don't need to have a WeakBlock
-        pointer to set the flag, so stop asking for one.
-
-2012-04-27  Kentaro Hara  <haraken@chromium.org>
-
-        [JSC] Implement a helper method createNotEnoughArgumentsError()
-        https://bugs.webkit.org/show_bug.cgi?id=85102
-
-        Reviewed by Geoffrey Garen.
-
-        In bug 84787, kbr@ requested to avoid hard-coding
-        createTypeError(exec, "Not enough arguments") here and there.
-        This patch implements createNotEnoughArgumentsError(exec)
-        and uses it in JSC bindings.
-
-        c.f. a corresponding bug for V8 bindings is bug 85097.
-
-        * runtime/Error.cpp:
-        (JSC::createNotEnoughArgumentsError):
-        (JSC):
-        * runtime/Error.h:
-        (JSC):
-
-2012-04-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Only allow non-null pointers in the WeakSet
-        https://bugs.webkit.org/show_bug.cgi?id=85119
-
-        Reviewed by Darin Adler.
-
-        This is a step toward more efficient finalization.
-
-        No clients put non-pointers (JSValues) into Weak<T> and PassWeak<T>.
-
-        Some clients put null pointers into Weak<T> and PassWeak<T>, but this is
-        more efficient and straight-forward to model with a null in the Weak<T>
-        or PassWeak<T> instead of allocating a WeakImpl just to hold null.
-
-        * heap/PassWeak.h:
-        (JSC): Removed the Unknown (JSValue) type of weak pointer because it's
-        unused now.
-
-        (PassWeak): Don't provide a default initializer for our JSCell* argument.
-        This feature was only used in one place, and it was a bug.
-
-        (JSC::::get): Don't check for a null stored inside our WeakImpl: that's 
-        not allowed anymore.
-
-        (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of
-        allocating a WeakImpl and storing null into it.
-
-        * heap/Weak.h:
-        (Weak):
-        (JSC::::Weak): Same changes as in PassWeak<T>.
-
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::visitLiveWeakImpls):
-        (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in
-        the WeakSet now, so no need to check for non-cells and null cell pointers.
-
-        * heap/WeakImpl.h:
-        (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet
-        now, so ASSERT that.
-
-2012-04-27  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/7909395> Math in JavaScript is inaccurate on iOS
-
-        By defalut IEEE754 denormal support is disabled on iOS;
-        turn it on.
-
-        Reviewed by Filip Pizlo.
-
-        * jsc.cpp:
-        (main):
-            - clear the appropriate bit in the fpscr.
-
-2012-04-27  Michael Saboff  <msaboff@apple.com>
-
-        Memory wasted in JSString for non-rope strings
-        https://bugs.webkit.org/show_bug.cgi?id=84907
-
-        Reviewed by Geoffrey Garen.
-
-        Split JSString into two classes, JSString as a base class that does not
-        include the fibers of a Rope, and a subclass JSRopeString that has the
-        rope functionality.  Both classes "share" the same ClassInfo.  Added
-        a bool to JSString to indicate that the string was allocated as a JSRopeString
-        to properly handle visiting the fiber children when the rope is resolved and
-        the JSRopeString appears as a JSString.  Didn't change the interface of JSString
-        to require any JIT changes.
-
-        As part of this change, removed "cellSize" from ClassInfo since both classes
-        share the same ClassInfo, but have different sizes.  The only use I could find
-        for cellSize was an ASSERT in allocateCell().
-
-        This appears to be neutral on performance tests.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope
-                to JSRopeString::resolveRope
-        * runtime/ClassInfo.h:
-        (JSC):
-        (ClassInfo):
-        * runtime/JSCell.h:
-        (JSC::allocateCell):
-        * runtime/JSString.cpp:
-        (JSC::JSRopeString::RopeBuilder::expand):
-        (JSC::JSString::visitChildren):
-        (JSC):
-        (JSC::JSRopeString::visitFibers):
-        (JSC::JSRopeString::resolveRope):
-        (JSC::JSRopeString::resolveRopeSlowCase8):
-        (JSC::JSRopeString::resolveRopeSlowCase):
-        (JSC::JSRopeString::outOfMemory):
-        (JSC::JSRopeString::getIndexSlowCase):
-        * runtime/JSString.h:
-        (JSC):
-        (JSString):
-        (JSC::JSString::finishCreation):
-        (JSC::JSString::create):
-        (JSC::JSString::isRope):
-        (JSC::JSString::is8Bit):
-        (JSRopeString):
-        (RopeBuilder):
-        (JSC::JSRopeString::RopeBuilder::RopeBuilder):
-        (JSC::JSRopeString::RopeBuilder::append):
-        (JSC::JSRopeString::RopeBuilder::release):
-        (JSC::JSRopeString::RopeBuilder::length):
-        (JSC::JSRopeString::JSRopeString):
-        (JSC::JSRopeString::finishCreation):
-        (JSC::JSRopeString::createNull):
-        (JSC::JSRopeString::create):
-        (JSC::JSString::value):
-        (JSC::JSString::tryGetValue):
-        (JSC::JSString::getIndex):
-        (JSC::jsStringBuilder):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        (JSC::jsStringFromArguments):
-
-2012-04-27  Oliver Hunt  <oliver@apple.com>
-
-        Correct assertion.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-
-2012-04-27  Oliver Hunt  <oliver@apple.com>
-
-        Lazy link phase of baseline jit fails to propagate exception
-        https://bugs.webkit.org/show_bug.cgi?id=85092
-
-        Reviewed by Filip Pizlo.
-
-        Very simple patch, when linking produces an error we need to actually store
-        the exception prior to throwing it.  I can't find any other examples of this,
-        but as we're already in the slow path when throwing an exception I've hardened
-        exception throwing against null exceptions.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        * jit/JITStubs.cpp:
-        (JSC::lazyLinkFor):
-
-2012-04-27  Benjamin Poulain  <benjamin@webkit.org>
-
-        Generalize the single character optimization of numberProtoFuncToString
-        https://bugs.webkit.org/show_bug.cgi?id=85027
-
-        Reviewed by Geoffrey Garen.
-
-        The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString()
-        when the radix is 36.
-
-        This patch generalize the optimization for any radix. Any positive number smaller than its radix
-        can be represented by a single character of radixDigits.
-
-        This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-
-2012-04-27  Gavin Peters  <gavinp@chromium.org>
-
-        Add new ENABLE_LINK_PRERENDER define to control the Prerendering API
-        https://bugs.webkit.org/show_bug.cgi?id=84871
-
-        Reviewed by Adam Barth.
-
-        Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
-        API separates it from prefetching.  Having separate include guards lets ports enable prefetching,
-        a relatively easy change, without needing to build the infrastructure for prerendering, which
-        is considerably more complicated.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Allocating WeakImpl should not trigger GC, as that makes the world very tricksy.
-        https://bugs.webkit.org/show_bug.cgi?id=85020
-
-        Reviewed by Gavin Barraclough.
-
-        Now in the event that we are unable to find an allocator for a new handle, just
-        add a new allocator rather than trying to recover "dead" handles through a GC.
-
-        Find allocator is now much simpler, and addAllocator directly reports the
-        increased memory usage to the heap without causing any GC to happen immediately.
-
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::findAllocator):
-        (JSC::WeakSet::addAllocator):
-
-2012-04-26  Oliver Hunt  <oliver@apple.com>
-
-        Remove RegisterFile::end()/m_end
-        https://bugs.webkit.org/show_bug.cgi?id=85011
-
-        Reviewed by Gavin Barraclough.
-
-        Get rid of end() and m_end from RegisterFile.  From now on
-        we only care about the end of the committed region when calling
-        code.  When re-entering the VM we now plant the new CallFrame
-        immediately after whatever the current topCallFrame is.  This
-        required adding a routine to CallFrame to determine exactly what
-        we should be doing (in the absence of an existing CallFrame, we
-        can't reason about the frameExtent() so we check for that).
-
-        This also now means that the GC only marks the portion of the
-        RegisterFile that is actually in use, and that VM re-entry doesn't
-        exhaust the RegisterFile as rapidly.
-
-        * dfg/DFGOperations.cpp:
-        * heap/Heap.cpp:
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::init):
-        (JSC::ExecState::startOfReusableRegisterFile):
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::execute):
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::growSlowCase):
-        (JSC::RegisterFile::gatherConservativeRoots):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::commitEnd):
-        (JSC::RegisterFile::addressOfEnd):
-        (RegisterFile):
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::shrink):
-        (JSC::RegisterFile::grow):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::jitCompileFor):
-        (JSC::lazyLinkFor):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::handleHostCall):
-        * llint/LowLevelInterpreter.asm:
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::arityCheckFor):
-
-2012-04-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ARMv7 backend should optimize Float32 arrays
-        https://bugs.webkit.org/show_bug.cgi?id=85000
-        <rdar://problem/10652827>
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::flds):
-        (JSC::ARMv7Assembler::fsts):
-        (JSC::ARMv7Assembler::vcvtds):
-        (JSC::ARMv7Assembler::vcvtsd):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::loadFloat):
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::storeFloat):
-        (JSC::MacroAssemblerARMv7::convertFloatToDouble):
-        (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
-        * bytecode/PredictedType.h:
-        (JSC::isActionableFloatMutableArrayPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateFloat32Array):
-
-2012-04-25  Benjamin Poulain  <benjamin@webkit.org>
-
-        Add a version of StringImpl::find() without offset
-        https://bugs.webkit.org/show_bug.cgi?id=83968
-
-        Reviewed by Sam Weinig.
-
-        Add support for the new StringImpl::find() to UString.
-
-        Change stringProtoFuncIndexOf() to specifically take advatage of the feature.
-        This gives a 12% gains on a distribution of strings between 30 and 100 characters.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferences):
-        (JSC::stringProtoFuncIndexOf):
-        * runtime/UString.h:
-        (UString):
-        (JSC::UString::find):
-
-2012-04-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        WebCore shouldn't call collectAllGarbage directly
-        https://bugs.webkit.org/show_bug.cgi?id=84897
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol 
-        for reportAbanondedObjectGraph so WebCore can use it.
-        * heap/Heap.h: Ditto.
-
-2012-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Biolab disaster crashes on ToT
-        https://bugs.webkit.org/show_bug.cgi?id=84898
-
-        Reviewed by Filip Pizlo.
-
-        Whoops, committed without saving reviewer requested change.
-
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Biolab disaster crashes on ToT
-        https://bugs.webkit.org/show_bug.cgi?id=84898
-
-        Reviewed by Filip Pizlo.
-
-        I recently added an assertion to the Interpreter to catch incorrect
-        updates of topCallFrame.  This caused a bunch of sites (including biolab
-        disaster) to crash as we were not correctly handling callee registers
-        of inlined functions, leading to a mismatch.
-
-        I could not actually make this trigger directly, although it does trigger
-        already on some of the GTK and QT bots.
-
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-04-25  Kenneth Russell  <kbr@google.com>
-
-        Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced
-        https://bugs.webkit.org/show_bug.cgi?id=83655
-
-        Reviewed by Oliver Hunt.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionToAbbreviatedString):
-        (JSC::predictionFromClassInfo):
-        * bytecode/PredictedType.h:
-        (JSC):
-        (JSC::isActionableIntMutableArrayPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNode.h:
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueSource::forPrediction):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::getByVal):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/JSByteArray.cpp: Removed.
-        * runtime/JSByteArray.h: Removed.
-        * runtime/JSGlobalData.cpp:
-
-2012-04-25  Filip Pizlo  <fpizlo@apple.com>
-
-        http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=84815
-        <rdar://problem/11319514>
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-
-2012-04-25  Michael Saboff  <msaboff@apple.com>
-
-        Closure in try {} with catch captures all locals from the enclosing function
-        https://bugs.webkit.org/show_bug.cgi?id=84804
-
-        Reviewed by Oliver Hunt.
-
-        Changed the capturing of local variables from capturing when eval is used,
-        within a "with" or within a "catch" to be just when an eval is used.
-        Renamed the function returning that we should capture from
-        getCapturedVariables() to usesEval(), since that what it noew returns.
-        Needed to fix the "with" code to only range check when the activation
-        has actually been torn off.  Added m_isTornOff to JSActivation to
-        track this.
-
-        * parser/Parser.h:
-        (JSC::Scope::usesEval):
-        (JSC::Scope::getCapturedVariables):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        * runtime/JSActivation.h:
-        (JSActivation):
-        (JSC::JSActivation::tearOff):
-
-2012-04-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        GC Activity Callback timer should be based on how much has been allocated since the last collection
-        https://bugs.webkit.org/show_bug.cgi?id=84763
-
-        Reviewed by Geoffrey Garen.
-
-        The desired behavior for the GC timer is to collect at some point in the future, 
-        regardless of how little we've allocated. A secondary goal, which is almost if not 
-        as important, is for the timer to collect sooner if there is the potential to 
-        collect a greater amount of memory. Conversely, as we allocate more memory we'd 
-        like to reduce the delay to the next collection. If we're allocating quickly enough, 
-        the timer should be preempted in favor of a normal allocation-triggered collection. 
-        If allocation were to slow or stop, we'd like the timer to be able to opportunistically 
-        run a collection without us having to allocate to the hard limit set by the Heap.
-
-        This type of policy can be described in terms of the amount of CPU we are willing 
-        to dedicate to reclaim a single MB of memory. For example, we might be willing to 
-        dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of 
-        the last collection, e.g. if our last collection took 1ms, we would want to wait about 
-        100ms before running another collection to reclaim 1 MB. These constants should be 
-        tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB.
-
-        * API/JSBase.cpp: Use the new reportAbandonedObjectGraph.
-        (JSGarbageCollect):
-        * API/JSContextRef.cpp: Ditto.
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call
-        this function to notify the Heap that some unknown number of JSC objects might have just 
-        been abandoned and are now garbage. The Heap might schedule a new collection timer based 
-        on this notification.
-        (JSC):
-        (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect.
-        * heap/Heap.h:
-        (Heap):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the 
-        current allocator's FreeList once zapping was complete.
-        * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by 
-        Heap::reportAbandonedObjectGraph.
-        (JSC):
-        * runtime/GCActivityCallback.h:
-        (JSC::GCActivityCallback::willCollect):
-        (DefaultGCActivityCallback):
-        * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the 
-        timer based on how much we have allocated since the last collection up to a certain amount. 
-        We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered
-        collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB.
-        (DefaultGCActivityCallbackPlatformData):
-        (JSC):
-        (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::commonConstructor):
-        (JSC::scheduleTimer):
-        (JSC::cancelTimer):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-
-2012-04-24  Michael Saboff  <msaboff@apple.com>
-
-        objectProtoFuncToString creates new string every invocation
-        https://bugs.webkit.org/show_bug.cgi?id=84781
-
-        Reviewed by Geoffrey Garen.
-
-        Cache the results of object toString() in the attached Structure.
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncToString):
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue.
-        * runtime/Structure.h: Added new member m_hasObjectToStringValue
-        (JSC):
-        (JSC::Structure::objectToStringValue):
-        (Structure):
-        (JSC::Structure::setObjectToStringValue):
-
-2012-04-24  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=84727.
-        Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::or32):
-        (JSC::MacroAssemblerSH4::and32):
-        (JSC::MacroAssemblerSH4::lshift32):
-        (JSC::MacroAssemblerSH4::xor32):
-        (JSC::MacroAssemblerSH4::branchSub32):
-        (JSC::MacroAssemblerSH4::urshift32):
-
-2012-04-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Add explicit patchableBranchPtrWithPatch/patchableJump methods
-        https://bugs.webkit.org/show_bug.cgi?id=84498
-
-        Reviewed by Filip Pizlo.
-
-        Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump):
-        (PatchableJump):
-        (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&):
-        (AbstractMacroAssembler):
-        (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
-            - Added PatchableJump type, removed inUninterruptedSequence.
-        * assembler/LinkBuffer.h:
-        (LinkBuffer):
-        (JSC::LinkBuffer::locationOf):
-            - Only allow the location to be taken of patchable branches
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::patchableBranchPtrWithPatch):
-        (JSC::MacroAssembler::patchableJump):
-        (JSC::MacroAssembler::shouldBlind):
-            - Added default implementation of patchableBranchPtrWithPatch, patchableJump.
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::patchableJump):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-            - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump.
-        * dfg/DFGCorrectableJumpPoint.h:
-        (DFG):
-        (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
-            - Late jumps are PatchableJumps.
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-            - replace use of inUninterruptedSequence
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
-        (PropertyAccessRecord):
-            - replace use of inUninterruptedSequence
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-            - replace use of inUninterruptedSequence
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-            - replace use of inUninterruptedSequence
-        * jit/JIT.h:
-        (PropertyStubCompilationInfo):
-            - replace use of inUninterruptedSequence
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::beginUninterruptedSequence):
-        (JSC::JIT::endUninterruptedSequence):
-            - replace use of inUninterruptedSequence
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-            - replace use of inUninterruptedSequence
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-            - replace use of inUninterruptedSequence
-
-2012-04-24  Benjamin Poulain  <bpoulain@apple.com>
-
-        Generalize the single character optimization of r114072
-        https://bugs.webkit.org/show_bug.cgi?id=83961
-
-        Reviewed by Eric Seidel.
-
-        Use the regular String::find(StringImpl*) in all cases now that it has been made faster.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingStringSearch):
-
-2012-04-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, 32-bit build fix.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-04-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG performs incorrect DCE on (some?) intrinsics
-        https://bugs.webkit.org/show_bug.cgi?id=84746
-        <rdar://problem/11310772>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::setIntrinsicResult):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-04-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray
-        https://bugs.webkit.org/show_bug.cgi?id=84648
-
-        Reviewed by Geoffrey Garen.
-
-        When emit_op_new_array successfully allocates a new JSArray but fails to allocate 
-        the corresponding ArrayStorage for it, it falls back to the out-of-line stub call 
-        to constructArray, which constructs and entirely new JSArray/ArrayStorage pair. 
-        This leaves us with a JSArray hanging around on the stack or in a register that 
-        did not go through its own constructor, thus giving it uninitialized memory in the 
-        two fields that are checked in JSArray::visitChildren.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that 
-        if we fail we haven't generated the poisonous JSArray that can cause a GC crash.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_new_array):
-
-2012-04-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG on ARMv7 should not OSR exit on every integer division
-        https://bugs.webkit.org/show_bug.cgi?id=84661
-
-        Reviewed by Oliver Hunt.
-        
-        On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since
-        that was broken with the introduction of Int32ToDouble) nor does it have to know
-        whether or not to convert its result to integer. This is now taken care of for free
-        with the addition of the DoubleAsInt32 node, which represents a double-is-really-int
-        speculation.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-04-24  Geoffrey Garen  <ggaren@apple.com>
-
-        "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink
-        https://bugs.webkit.org/show_bug.cgi?id=84740
-        <rdar://problem/9917638>
-
-        Reviewed by Gavin Barraclough.
-
-        Shrink!
-
-        * heap/Heap.cpp:
-        (JSC::Heap::destroy): Be more specific about what's shrinking, since we
-        can also shrink the WeakSet, but we don't do so here.
-
-        (JSC::Heap::collect): If we're going to shrink the heap, shrink the
-        WeakSet too. Otherwise, its footprint is permanent.
-
-        * heap/Heap.h:
-        (Heap): Removed shrink() as a public interface, since it's vague about
-        which parts of the heap it affects, and it's really an internal detail.
-
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has
-        already taken place, since that's the convention for shrink() in the heap.
-
-        * heap/WeakSet.h:
-        (WeakSet): New function!
-
-2012-04-24  Adam Klein  <adamk@chromium.org>
-
-        Fix includes in StrongInlines.h and ScriptValue.h
-        https://bugs.webkit.org/show_bug.cgi?id=84659
-
-        Reviewed by Geoffrey Garen.
-
-        * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's
-        definiition is required here.
-
-2012-04-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit should ensure that all variables have been initialized
-        https://bugs.webkit.org/show_bug.cgi?id=84653
-        <rdar://problem/11258183>
-
-        Reviewed by Gavin Barraclough.
-        
-        Initialize all uncaptured dead variables to undefined on OSR exit.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-
-2012-04-23  Oliver Hunt  <oliver@apple.com>
-
-        Call instruction for the baseline JIT stores origin info in wrong callframe
-        https://bugs.webkit.org/show_bug.cgi?id=84645
-
-        Reviewed by Gavin Barraclough.
-
-        The baseline JIT was updating the wrong callframe when making a call.  If the
-        call failed during dispatch (unable to perform codegen, calling a non-object)
-        we would attempt to use this information, but it would be completely wrong.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-
-2012-04-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG must keep alive values that it will perform speculations on
-        https://bugs.webkit.org/show_bug.cgi?id=84638
-        <rdar://problem/11258183>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGNodeType.h:
-        (DFG):
-
-2012-04-23  Oliver Hunt  <oliver@apple.com>
-
-        Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::executeCall):
-
-2012-04-22  Jon Lee  <jonlee@apple.com>
-
-        Remove notifications support on Mac Lion.
-        https://bugs.webkit.org/show_bug.cgi?id=84554
-        <rdar://problem/11297128>
-
-        Reviewed by Sam Weinig.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-04-21  Darin Adler  <darin@apple.com>
-
-        Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
-        https://bugs.webkit.org/show_bug.cgi?id=84523
-
-        Reviewed by Oliver Hunt.
-
-        Profiles showed that checks against -1 were costly, and I saw they could be eliminated.
-        Streamlined this code to use standard character types and 0 rather than -1. One benefit
-        of this is that there's no widening and narrowing. Another is that there are many cases
-        where we already have the correct behavior for 0, so can eliminate a branch that was
-        used to test for -1 before. Also eliminates typecasts in the code.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a
-        character type, not an int.
-        (JSC::Lexer::setCode): Use 0 rather than -1 when past the end.
-        (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit.
-        (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end
-        of the code. This can be used places we used to cheeck for -1.
-        (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment.
-        (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int.
-        (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that
-        had a data-member-style name.
-        (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart
-        function already returns false for the 0 character. Updated types in a couple other places. Used
-        the atEnd function where needed.
-        (JSC::Lexer::parseIdentifierSlowCase): More of the same.
-        (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString.
-        (JSC::Lexer::parseString): Ditto.
-        (JSC::Lexer::parseStringSlowCase): Ditto.
-        (JSC::Lexer::parseMultilineComment): Ditto.
-        (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in
-        the tokenInfo instead of putting it in a local variable first, saving some memory access.
-        (JSC::Lexer::scanRegExp): Ditto.
-        (JSC::Lexer::skipRegExp): Ditto.
-
-        * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to
-        the character type. Added atEnd function.
-        (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize. 
-        (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1.
-
-2012-04-21  Darin Adler  <darin@apple.com>
-
-        Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
-        https://bugs.webkit.org/show_bug.cgi?id=84523
-
-        Reviewed by Oliver Hunt.
-
-        Separate preparation step of copyright dates, renaming, and other small tweaks.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions.
-        (JSC::Lexer::peek): Removed meaningless comment.
-        (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about
-        what this function does.
-        (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name.
-        (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex.
-        (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage.
-
-        * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class.
-        Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed
-        getUnicodeCharacter to parseFourDigitUnicodeHex.
-
-2012-04-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize int8 and int16 arrays on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=84503
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::ldrsb):
-        (JSC::ARMv7Assembler::ldrsh):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load16Signed):
-        (JSC::MacroAssemblerARMv7::load8Signed):
-        * bytecode/PredictedType.h:
-        (JSC::isActionableIntMutableArrayPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateInt8Array):
-        (JSC::DFG::Node::shouldSpeculateInt16Array):
-
-2012-04-20  Oliver Hunt  <oliver@apple.com>
-
-        Add an ability to find the extent of a callframe
-        https://bugs.webkit.org/show_bug.cgi?id=84513
-
-        Reviewed by Filip Pizlo.
-
-        Add a function to get the extent of a callframe and
-        use that function for a new assertion to make sure the
-        RegisterFile makes sense using that information.
-
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::frameExtentInternal):
-        (JSC):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::frameExtent):
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::executeCall):
-
-2012-04-20  Benjamin Poulain  <bpoulain@apple.com>
-
-        Inline the JSArray constructor
-        https://bugs.webkit.org/show_bug.cgi?id=84416
-
-        Reviewed by Geoffrey Garen.
-
-        The constructor is trivial, no reason to jump for it.
-
-        This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays).
-
-        * runtime/JSArray.cpp:
-        (JSC):
-        * runtime/JSArray.h:
-        (JSC::JSArray::JSArray):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Heap should cancel GC timer at the start of the collection
-        https://bugs.webkit.org/show_bug.cgi?id=84477
-
-        Reviewed by Geoffrey Garen.
-
-        Currently the Heap cancels the GC timer at the conclusion of a collection. 
-        We should change this to be at the beginning because something (e.g. a finalizer) 
-        could call didAbandonObjectGraph(), which will schedule the timer, but then 
-        we'll immediately unschedule the timer at the conclusion of the collection, 
-        thus potentially preventing large swaths of memory from being reclaimed in a timely manner.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is 
-        busy or not, since we're just scheduling a timer to run a GC in the future.
-        * heap/Heap.cpp:
-        (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the 
-        top of Heap::collect.
-        * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect.
-        (JSC::DefaultGCActivityCallback::willCollect):
-        * runtime/GCActivityCallback.h: Ditto.
-        (JSC::GCActivityCallback::willCollect):
-        (DefaultGCActivityCallback): 
-        * runtime/GCActivityCallbackCF.cpp: Ditto.
-        (JSC::DefaultGCActivityCallback::willCollect):
-
-2012-04-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSGarbageCollect should not call collectAllGarbage()
-        https://bugs.webkit.org/show_bug.cgi?id=84476
-
-        Reviewed by Geoffrey Garen.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph.
-
-2012-04-19  Oliver Hunt  <oliver@apple.com>
-
-        Exception stack traces aren't complete when the exception starts in native code
-        https://bugs.webkit.org/show_bug.cgi?id=84073
-
-        Reviewed by Filip Pizlo.
-
-        Refactored building the stack trace to so that we can construct
-        it earlier, and don't rely on any prior work performed in the
-        exception handling machinery. Also updated LLInt and the DFG to
-        completely initialise the callframes of host function calls.
-
-        Also fixed a few LLInt paths that failed to correctly update the
-        topCallFrame.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * interpreter/Interpreter.cpp:
-        (JSC::eval):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC):
-        (JSC::Interpreter::throwException):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jsc.cpp:
-        (functionJSCStack):
-        * llint/LLIntExceptions.cpp:
-        (JSC::LLInt::interpreterThrowInCaller):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::handleHostCall):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * parser/Parser.h:
-        (JSC::::parse):
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        (JSC::throwError):
-        * runtime/Error.h:
-        (JSC):
-
-2012-04-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        We're collecting pathologically due to small allocations
-        https://bugs.webkit.org/show_bug.cgi?id=84404
-
-        Reviewed by Geoffrey Garen.
-
-        No change in performance on run-jsc-benchmarks.
-
-        * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList.
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no 
-        longer useful. 
-        (JSC::CopiedSpace::CopiedSpace):
-        (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than 
-        carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace.
-        (JSC::CopiedSpace::tryAllocateOversize):  Call the new didAllocate to notify the Heap of 
-        newly allocated stuff.
-        (JSC::CopiedSpace::tryReallocateOversize):
-        (JSC::CopiedSpace::doneFillingBlock):
-        (JSC::CopiedSpace::doneCopying):
-        (JSC::CopiedSpace::destroy):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::startedCopying):
-        * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and 
-        bytesAllocatedLimit to track how much memory has been allocated since the last collection.
-        (JSC::Heap::Heap):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering 
-        a collection to be the size of the Heap after the previous collection. Thus, we still have our 
-        2x allocation amount.
-        (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated 
-        thus far and then adds the new number of bytes to the current total.
-        (JSC):
-        * heap/Heap.h: Removed water mark related stuff.
-        (JSC::Heap::notifyIsSafeToCollect):
-        (Heap):
-        (JSC::Heap::shouldCollect):
-        (JSC):
-        * heap/MarkedAllocator.cpp: 
-        (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct.
-        (JSC::MarkedAllocator::allocateSlowCase):
-        (JSC::MarkedAllocator::addBlock):
-        * heap/MarkedAllocator.h: 
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::allocate): 
-        (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell.
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::specializedSweep):
-        (JSC::MarkedBlock::sweep):
-        (JSC::MarkedBlock::sweepHelper):
-        (JSC::MarkedBlock::zapFreeList):
-        * heap/MarkedBlock.h:
-        (FreeList): Added a new struct that keeps track of the current MarkedAllocator's
-        free list including the number of bytes of stuff in the free list so that when the free list is 
-        exhausted, the correct amount can be reported to Heap.
-        (MarkedBlock):
-        (JSC::MarkedBlock::FreeList::FreeList):
-        (JSC):
-        * heap/MarkedSpace.cpp: Removing all water mark related stuff.
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC):
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This 
-        function still needs work though now that the Heap knows how many bytes have been allocated 
-        since the last collection.
-        * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct.
-        (JSC::JIT::emitAllocateBasicJSObject): Ditto.
-        * llint/LowLevelInterpreter.asm: Ditto.
-        * runtime/GCActivityCallback.cpp: 
-        (JSC::DefaultGCActivityCallback::didAllocate): 
-        * runtime/GCActivityCallback.h:
-        (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that 
-        the allocation that is being reported has already taken place.
-        (DefaultGCActivityCallback):
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC):
-        (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of 
-        allocation since the last collection is not above a threshold (initially arbitrarily chosen to 
-        be 128KB). 
-
-2012-04-19  Filip Pizlo  <fpizlo@apple.com>
-
-        MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal
-        https://bugs.webkit.org/show_bug.cgi?id=84401
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
-
-2012-04-19  Don Olmstead  <don.olmstead@am.sony.com>
-
-        KeywordLookupGenerator.py should take an output file as an argument
-        https://bugs.webkit.org/show_bug.cgi?id=84292
-
-        Reviewed by Eric Seidel.
-
-        Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script.
-
-        * KeywordLookupGenerator.py:
-
-2012-04-19  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to perform debugCall on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=84381
-
-        Reviewed by Oliver Hunt.
-        
-        debugCall() was clobbering the argument to the call it was making, leading to a
-        corrupt ExecState*. This change fixes that issue by using a scratch register that
-        does not clobber arguments, and it also introduces more assertions that we have
-        a valid call frame.
-
-        * dfg/DFGAssemblyHelpers.cpp:
-        (DFG):
-        (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::selectScratchGPR):
-        (AssemblyHelpers):
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::selectScratchGPR):
-
-2012-04-19  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that
-        the PB/PC has been preserved
-        https://bugs.webkit.org/show_bug.cgi?id=84367
-
-        Reviewed by Oliver Hunt.
-
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-04-19  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to load from Float64 arrays on ARMv7 without crashing
-        https://bugs.webkit.org/show_bug.cgi?id=84361
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::loadDouble):
-        (JSC::MacroAssemblerARMv7::storeDouble):
-
-2012-04-19  Dominik Röttsches  <dominik.rottsches@linux.intel.com>
-
-        [CMake] Build fix after r114575
-        https://bugs.webkit.org/show_bug.cgi?id=84322
-
-        Reviewed by Simon Hausmann.
-
-        Build fix, adding WTF when linking jsc shell.
-
-        * shell/CMakeLists.txt:
-
-2012-04-18  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC testing should have complete coverage over typed array types
-        https://bugs.webkit.org/show_bug.cgi?id=84302
-
-        Reviewed by Geoff Garen.
-        
-        Added Uint8ClampedArray to the set of typed arrays that are supported by jsc
-        command-line.
-
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-
-2012-04-18  Filip Pizlo  <fpizlo@apple.com>
-
-        jsc command line should support typed arrays by default
-        https://bugs.webkit.org/show_bug.cgi?id=84298
-
-        Rubber stamped by Gavin Barraclough.
-
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-
-2012-04-18  Filip Pizlo  <fpizlo@apple.com>
-
-        JSVALUE32_64 should be able to perform division on ARM without crashing, and variables
-        forced double should not be scrambled when performing OSR entry
-        https://bugs.webkit.org/show_bug.cgi?id=84272
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-
-2012-04-18  Don Olmstead  <don.olmstead@am.sony.com> 
-
-        JavaScriptCore.gypi not current
-        https://bugs.webkit.org/show_bug.cgi?id=84224
-
-        Reviewed by Eric Seidel.
-
-        Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself.
-
-        Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory.
-
-        * JavaScriptCore.gypi:
-
-2012-04-18  Benjamin Poulain  <bpoulain@apple.com>
-
-        Remove m_subclassData from JSArray, move the attribute to subclass as needed
-        https://bugs.webkit.org/show_bug.cgi?id=84249
-
-        Reviewed by Geoffrey Garen.
-
-        JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves
-        the attribute to RuntimeArray to avoid allocating memory for the pointer in the common
-        case.
-
-        This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations
-        of CopiedSpace.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSArray):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-
-2012-04-18  Benjamin Poulain  <bpoulain@apple.com>
-
-        replaceUsingStringSearch: delay the creation of the replace string until needed
-        https://bugs.webkit.org/show_bug.cgi?id=83841
-
-        Reviewed by Geoffrey Garen.
-
-        We do not need to obtain the replaceValue until we have a match. By moving the intialization
-        of replaceValue when needed, we save a few instructions when there is no match.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingRegExpSearch):
-        (JSC::replaceUsingStringSearch):
-        (JSC::stringProtoFuncReplace):
-
-2012-04-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        GC activity timer should be tied to allocation, not collection
-        https://bugs.webkit.org/show_bug.cgi?id=83919
-
-        Reviewed by Geoffrey Garen.
-
-        * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've 
-        released a global object, we're abandoning a potentially large number of objects that JSC might want 
-        to collect.
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate 
-        that we've hit a slow path and are allocating now, so schedule the timer.
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to 
-        throw away too much code during our benchmarks (especially vp8, which is very large and thus has large 
-        amounts of compiled code).
-        (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we 
-        can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a 
-        collection to see if we should throw away our compiled code. Currently this is set to happen about once 
-        every minute.
-        * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code.
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like 
-        in CopiedSpace.
-        * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms.
-        (JSC::DefaultGCActivityCallback::willAllocate):
-        (JSC):
-        (JSC::DefaultGCActivityCallback::didCollect):
-        (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
-        * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing 
-        the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection 
-        occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for 
-        when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of 
-        objects and that JSC might want to clean them up.
-        (JSC::GCActivityCallback::~GCActivityCallback):
-        (JSC::GCActivityCallback::willAllocate):
-        (JSC::GCActivityCallback::didCollect):
-        (JSC::GCActivityCallback::didAbandonObjectGraph):
-        (JSC::GCActivityCallback::synchronize):
-        (DefaultGCActivityCallback):
-        * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions. 
-        We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually 
-        turned out to be quite expensive (although Instruments couldn't tell us this).
-        (DefaultGCActivityCallbackPlatformData):
-        (JSC):
-        (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
-        (JSC::DefaultGCActivityCallback::commonConstructor):
-        (JSC::scheduleTimer):
-        (JSC::cancelTimer):
-        (JSC::DefaultGCActivityCallback::willAllocate):
-        (JSC::DefaultGCActivityCallback::didCollect):
-        (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
-
-2012-04-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not attempt to get rare case counts for op_mod on ARM
-        https://bugs.webkit.org/show_bug.cgi?id=84218
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::isX86):
-        (DFG):
-
-2012-04-17  Myles Maxfield  <mmaxfield@google.com>
-
-        BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE
-        https://bugs.webkit.org/show_bug.cgi?id=80912
-
-        Reviewed by Hajime Morita.
-
-        * wtf/BumpPointerAllocator.h:
-        (WTF::BumpPointerPool::create):
-
-2012-04-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Attempt to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-17  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to create an inheritorID for the global this object without crashing
-        https://bugs.webkit.org/show_bug.cgi?id=84200
-        <rdar://problem/11251082>
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSGlobalThis.cpp:
-        (JSC::JSGlobalThis::setUnwrappedObject):
-        * runtime/JSGlobalThis.h:
-        (JSC::JSGlobalThis::unwrappedObject):
-        (JSGlobalThis):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::createInheritorID):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::resetInheritorID):
-
-2012-04-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG and LLInt should not clobber the frame pointer on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=84185
-        <rdar://problem/10767252>
-
-        Reviewed by Gavin Barraclough.
-        
-        Changed LLInt to use a different register. Changed DFG to use one fewer
-        registers. We should revisit this and switch the DFG to use a different
-        register instead of r7, but we can do that in a subsequent step since
-        the performance effect is tiny.
-
-        * dfg/DFGGPRInfo.h:
-        (GPRInfo):
-        (JSC::DFG::GPRInfo::toRegister):
-        (JSC::DFG::GPRInfo::toIndex):
-        * offlineasm/armv7.rb:
-
-2012-04-17  Filip Pizlo  <fpizlo@apple.com>
-
-        use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument
-        https://bugs.webkit.org/show_bug.cgi?id=83942
-        <rdar://problem/11247370>
-
-        Reviewed by Gavin Barraclough.
-        
-        Don't use references to the graph after resizing the graph.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::flushArgument):
-
-2012-04-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Array.prototype.toString should be generic
-        https://bugs.webkit.org/show_bug.cgi?id=81588
-
-        Reviewed by Sam Weinig.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-            - check for join function, use fast case if base object is array & join is present & default.
-        * runtime/CommonIdentifiers.h:
-            - added 'join'.
-
-2012-04-16  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck issues.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2012-04-16  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r114309.
-        http://trac.webkit.org/changeset/114309
-        https://bugs.webkit.org/show_bug.cgi?id=84097
-
-        it broke everything (Requested by olliej on #webkit).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/CodeBlock.h:
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::throwException):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (functionJSCStack):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::handleHostCall):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        (JSC::throwError):
-        * runtime/Error.h:
-        (JSC):
-
-2012-04-16  Oliver Hunt  <oliver@apple.com>
-
-        Exception stack traces aren't complete when the exception starts in native code
-        https://bugs.webkit.org/show_bug.cgi?id=84073
-
-        Reviewed by Gavin Barraclough.
-
-        Refactored building the stack trace to so that we can construct
-        it earlier, and don't rely on any prior work performed in the
-        exception handling machinery. Also updated LLInt and the DFG to
-        completely initialise the callframes of host function calls.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::codeOriginIndexForReturn):
-        (CodeBlock):
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC):
-        (JSC::Interpreter::throwException):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (functionJSCStack):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::handleHostCall):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        (JSC::throwError):
-        * runtime/Error.h:
-        (JSC):
-
-2012-04-16  Oliver Hunt  <oliver@apple.com>
-
-        Fix COMMANDLINE_TYPEDARRAYS build
-        https://bugs.webkit.org/show_bug.cgi?id=84051
-
-        Reviewed by Gavin Barraclough.
-
-        Update for new putByIndex API and wtf changes.
-
-        * JSCTypedArrayStubs.h:
-        (JSC):
-
-2012-04-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        GC in the middle of JSObject::allocatePropertyStorage can cause badness
-        https://bugs.webkit.org/show_bug.cgi?id=83839
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're 
-        growing our already-existing PropertyStorage.
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage 
-        and the new structure so that we can be sure a GC never occurs when our Structure
-        info is out of sync with our PropertyStorage.
-        (JSC):
-        (JSC::JSObject::putDirectInternal): Moved the check to see if we should 
-        allocate more backing store before the actual property insertion into 
-        the structure.
-        (JSC::JSObject::putDirectWithoutTransition): Ditto.
-        (JSC::JSObject::transitionTo): Ditto.
-        * runtime/Structure.cpp:
-        (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy 
-        for property backing stores contained within the Structure class.
-        (JSC):
-        * runtime/Structure.h:
-        (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion 
-        into the Structure would require resizing the property backing store so that they can 
-        preallocate the required storage.
-        (Structure):
-
-2012-04-13  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r114185.
-        http://trac.webkit.org/changeset/114185
-        https://bugs.webkit.org/show_bug.cgi?id=83967
-
-        Broke a bunch of JavaScript related tests (Requested by
-        andersca on #webkit).
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        * runtime/CommonIdentifiers.h:
-        * tests/mozilla/ecma/Array/15.4.4.2.js:
-        (getTestCases):
-
-2012-04-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Don't rely on fixed offsets to patch calls
-        https://bugs.webkit.org/show_bug.cgi?id=83966
-
-        Rubber stamped by Oliver Hunt.
-
-        These aren't being used anywhere!
-
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-
-2012-04-13  Hojong Han  <hojong.han@samsung.com>
-
-        Array.prototype.toString and Array.prototype.toLocaleString should be generic
-        https://bugs.webkit.org/show_bug.cgi?id=81588
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        * runtime/CommonIdentifiers.h:
-        * tests/mozilla/ecma/Array/15.4.4.2.js:
-        (getTestCases.array.item.new.TestCase):
-        (getTestCases):
-
-2012-04-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Don't rely on fixed offsets to patch method checks
-        https://bugs.webkit.org/show_bug.cgi?id=83958
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/StructureStubInfo.h:
-            - Add fields for the method check info.
-        * jit/JIT.cpp:
-        (JSC::PropertyStubCompilationInfo::copyToStubInfo):
-            - Store the offsets on the stub info, instead of asserting.
-        * jit/JIT.h:
-            - Delete all the method check related offsets.
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-            - Use the offset from the stubInfo.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Pass the stubInfo to patchMethodCallProto.
-
-2012-04-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Don't rely on fixed offsets to patch get_by_id/put_by_id
-        https://bugs.webkit.org/show_bug.cgi?id=83924
-
-        Reviewed by Oliver Hunt.
-
-        Store offsets in the structure stub info, as we do for the DFG JIT.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::differenceBetween):
-            - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!)
-        * bytecode/StructureStubInfo.h:
-            - added new fields for baseline JIT offsets.
-        * jit/JIT.cpp:
-        (JSC::PropertyStubCompilationInfo::copyToStubInfo):
-            - moved out from JIT::privateCompile.
-        (JSC::JIT::privateCompile):
-            - moved out code to PropertyStubCompilationInfo::copyToStubInfo.
-        * jit/JIT.h:
-        (PropertyStubCompilationInfo):
-            - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info.
-            - removed many offsets.
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-            - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
-            - changed repatch functions to read offsets from the structure stub info.
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-            - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
-            - changed repatch functions to read offsets from the structure stub info.
-
-2012-04-13  Rob Buis  <rbuis@rim.com>
-
-        Fix some compiler warnings (miscellaneous)
-        https://bugs.webkit.org/show_bug.cgi?id=80790
-
-        Reviewed by Antonio Gomes.
-
-        Fix signed/unsigned comparison warning.
-
-        * parser/Lexer.cpp:
-        (JSC::::record16):
-
-2012-04-12  Benjamin Poulain  <bpoulain@apple.com>
-
-        Improve replaceUsingStringSearch() for case of a single character searchValue
-        https://bugs.webkit.org/show_bug.cgi?id=83738
-
-        Reviewed by Geoffrey Garen.
-
-        This patch improves replaceUsingStringSearch() with the following:
-        -Add a special case for single character search, taking advantage of the faster WTF::find().
-        -Inline replaceUsingStringSearch().
-        -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds
-         by definition.
-
-        This gives less than 1% improvement for the multicharacter replace.
-        The single character search show about 9% improvement.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingStringSearch):
-
-2012-04-12  Michael Saboff  <msaboff@apple.com>
-
-        StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects
-        https://bugs.webkit.org/show_bug.cgi?id=83823
-
-        Reviewed by Gavin Barraclough.
-
-        Put the clearing of the accessType to after the call to deref() so that
-        deref() can use the accessType to delete referenced objects as needed.
-
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::reset):
-
-2012-04-12  Balazs Kelemen  <kbalazs@webkit.org>
-
-        [Qt] Fix WebKit1 build with V8
-        https://bugs.webkit.org/show_bug.cgi?id=83322
-
-        Reviewed by Adam Barth.
-
-        * yarr/yarr.pri:
-
-2012-04-12  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=83821
-        Move dfg repatching properties of structure stub info into a union
-
-        Reviewed by Oliver Hunt.
-
-        We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this.
-
-        * bytecode/StructureStubInfo.h:
-        (StructureStubInfo):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchByIdSelfAccess):
-        (JSC::DFG::linkRestoreScratch):
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::tryBuildPutByIdList):
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-
-2012-04-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Delete a bunch of unused, copy & pasted values in JIT.h
-        https://bugs.webkit.org/show_bug.cgi?id=83822
-
-        Reviewed by Oliver Hunt.
-        
-        The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense.
-
-        * jit/JIT.h:
-        (JIT):
-
-2012-04-12  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt][ARM] Buildfix after r113934.
-
-        Reviewed by Zoltan Herczeg.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::compare8):
-        (MacroAssemblerARM):
-
-2012-04-11  Filip Pizlo  <fpizlo@apple.com>
-
-        It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail
-        https://bugs.webkit.org/show_bug.cgi?id=83744
-        <rdar://problem/11206946>
-
-        Reviewed by Andy Estes.
-        
-        This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node
-        that is statically known to return boolean results.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2012-04-11  Michael Saboff  <msaboff@apple.com>
-
-        Invalid Union Reference in StructureStubInfo.{cpp.h}
-        https://bugs.webkit.org/show_bug.cgi?id=83735
-
-        Reviewed by Filip Pizlo.
-
-        Changed the references to u.getByIdProtoList and u.getByIdSelfList
-        to be consistent.
-
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::visitWeakReferences):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdSelfList):
-
-2012-04-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed attempting to make Qt's eccentric hardware work.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::compare8):
-        (MacroAssemblerARM):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::compare8):
-        (MacroAssemblerMIPS):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::compare8):
-        (MacroAssemblerSH4):
-
-2012-04-11  Filip Pizlo  <fpizlo@apple.com>
-
-        op_is_foo should be optimized
-        https://bugs.webkit.org/show_bug.cgi?id=83666
-
-        Reviewed by Gavin Barraclough.
-        
-        This implements inlining of op_is_undefined, op_is_string, op_is_number,
-        and op_is_boolean in LLInt and the baseline JIT. op_is_object and
-        op_is_function are not inlined because they are quite a bit more complex.
-        
-        This also implements all of the op_is_foo opcodes in the DFG, but it does
-        not do any type profiling based optimizations, yet.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::compare8):
-        (MacroAssemblerARMv7):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::compare8):
-        (MacroAssemblerX86Common):
-        * assembler/MacroAssemblerX86_64.h:
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::testPtr):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArguments):
-        (CCallHelpers):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::appendCallSetResult):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC):
-        (JSC::JIT::emit_op_is_boolean):
-        (JSC::JIT::emit_op_is_number):
-        (JSC::JIT::emit_op_is_string):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC):
-        (JSC::JIT::emit_op_is_boolean):
-        (JSC::JIT::emit_op_is_number):
-        (JSC::JIT::emit_op_is_string):
-        * jit/JITStubs.cpp:
-        (JSC):
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/armv7.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/x86.rb:
-
-2012-04-11  Filip Pizlo  <fpizlo@apple.com>
-
-        If you use an IntegerOperand and want to return it with integerResult, you need to
-        zero extend to get rid of the box
-        https://bugs.webkit.org/show_bug.cgi?id=83734
-        <rdar://problem/11232296>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-
-2012-04-11  Filip Pizlo  <fpizlo@apple.com>
-
-        SpeculativeJIT::fillStorage() should work with all the states that a cell may be in
-        https://bugs.webkit.org/show_bug.cgi?id=83722
-
-        Reviewed by Gavin Barraclough.
-        
-        It's now possible to do StorageOperand on a cell, in the case that the storage is
-        inline. But this means that fillStorage() must be able to handle all of the states
-        that a cell might be in. Previously it didn't.
-        
-        With this change, it now does handle all of the states, and moreover, it does so
-        by preserving the DataFormat of cells and performing all of the cell speculations
-        that should be performed if you're using a cell as storage. But if you use this on
-        something that is known to be storage already then it behaves as it did before.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-
-2012-04-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Global variable predictions should not be coalesced unnecessarily
-        https://bugs.webkit.org/show_bug.cgi?id=83678
-
-        Reviewed by Geoff Garen.
-        
-        Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar
-        to have a heapPrediction like a civilized DFG opcode ought to.
-        
-        No performance effect.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.h:
-        * bytecode/PredictionTracker.h: Removed.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGenerationInfo.h:
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasHeapPrediction):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-04-11  Benjamin Poulain  <bpoulain@apple.com>
-
-        Optimize String.split() for 1 character separator
-        https://bugs.webkit.org/show_bug.cgi?id=83546
-
-        Reviewed by Gavin Barraclough.
-
-        This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case
-        where the separator is a single character.
-
-        The two main gains are:
-        -Use of the find() function with a single character instead of doing a full string matching.
-        -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline
-         function.
-
-        The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits.
-
-        This makes String.split() faster by about 13% in that particular case.
-
-        * runtime/StringPrototype.cpp:
-        (JSC):
-        (JSC::splitStringByOneCharacterImpl):
-        (JSC::stringProtoFuncSplit):
-
-2012-04-10  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck issues.
-
-        * GNUmakefile.list.am: Ad missing files.
-
-2012-04-10  Mark Rowe  <mrowe@apple.com>
-
-        Attempt to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Cleanup wtf/Platform.h and config.h files
-        https://bugs.webkit.org/show_bug.cgi?id=83431
-
-        Reviewed by Eric Seidel.
-
-        The ENABLE() and USE() macros take care about the case when the flag
-        isn't defined. So there is no need to define anything with 0.
-
-        Also move duplicated code from the config.h files to Platform.h and
-        merge a few preprocessor commands to make the file more readable.
-
-        * config.h:
-
-2012-04-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should flush SetLocals to arguments
-        https://bugs.webkit.org/show_bug.cgi?id=83554
-
-        Reviewed by Gavin Barraclough.
-        
-        This is necessary to match baseline JIT argument capture behavior.
-        
-        But to make this work right we need to have a story for arguments into
-        which we store values of different formats. This patch introduces the
-        notion of an ArgumentPosition - i.e. an argument in a particular inline
-        call frame - and forces unification of all data pertinent to selecting
-        the argument's data format.
-        
-        Also fixed an amusing bug in the handling of OSR on SetLocals if there
-        was any insertion/deletion of nodes in the basic block. This is benign
-        for now but won't be eventually since the DFG is getting smarter. So
-        better fix it now.
-        
-        Also fixed an amusing bug in the handling of OSR on SetLocals if they
-        are immediately followed by a Flush. I think this bug might have always
-        been there but now it'll happen more commonly, and it's covered by the
-        run-javascriptcore-tests.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArgumentPosition.h: Added.
-        (DFG):
-        (ArgumentPosition):
-        (JSC::DFG::ArgumentPosition::ArgumentPosition):
-        (JSC::DFG::ArgumentPosition::addVariable):
-        (JSC::DFG::ArgumentPosition::mergeArgumentAwareness):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGDoubleFormatState.h: Added.
-        (DFG):
-        (JSC::DFG::mergeDoubleFormatStates):
-        (JSC::DFG::mergeDoubleFormatState):
-        (JSC::DFG::doubleFormatStateToString):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::predict):
-        (JSC::DFG::VariableAccessData::argumentAwarePrediction):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction):
-        (JSC::DFG::VariableAccessData::doubleFormatState):
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
-        (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
-        (JSC::DFG::VariableAccessData::mergeDoubleFormatState):
-        (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
-
-2012-04-10  Adam Klein  <adamk@chromium.org>
-
-        Remove unused NonNullPassRefPtr from WTF
-        https://bugs.webkit.org/show_bug.cgi?id=82389
-
-        Reviewed by Kentaro Hara.
-
-        * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr.
-
-2012-04-10  Darin Adler  <darin@apple.com>
-
-        Remove unused data member from Lexer class
-        https://bugs.webkit.org/show_bug.cgi?id=83429
-
-        Reviewed by Kentaro Hara.
-
-        I noticed that m_delimited was "write-only", so I deleted it.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::setCode): Removed code to set m_delimited.
-        (JSC::Lexer::parseIdentifier): Ditto.
-        (JSC::Lexer::parseIdentifierSlowCase): Ditto.
-        (JSC::Lexer::lex): Ditto.
-        * parser/Lexer.h: Deleted m_delimited.
-
-2012-04-10  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Enable USE_FOLDERS property
-        https://bugs.webkit.org/show_bug.cgi?id=83571
-
-        Reviewed by Daniel Bates.
-
-        Setting the FOLDER property on targets gives more structure 
-        to the generated Visual Studio solutions.
-        This does not affect other CMake generators.
-
-        * CMakeLists.txt:
-        * shell/CMakeLists.txt:
-
-2012-04-10  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to see why a code block was not compiled by the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=83553
-
-        Reviewed by Geoff Garen.
-        
-        If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the
-        opcode that caused the rejection.
-
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::debugFail):
-        (DFG):
-        (JSC::DFG::canHandleOpcodes):
-
-2012-04-09  Gavin Barraclough  <barraclough@apple.com>
-
-        If a callback constructor returns a C++ null, throw a type error.
-        https://bugs.webkit.org/show_bug.cgi?id=83537
-
-        Rubber Stamped by Geoff Garen.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-            - If a callback constructor returns a C++ null, throw a type error.
-        * API/tests/testapi.c:
-        (Base_returnHardNull):
-        * API/tests/testapi.js:
-            - Add a test case for callback constructors that return a C++ null.
-
-2012-04-09  Gavin Barraclough  <barraclough@apple.com>
-
-        If a callback function returns a C++ null, convert to undefined.
-        https://bugs.webkit.org/show_bug.cgi?id=83534
-
-        Reviewed by Geoff Garen.
-
-        * API/JSCallbackFunction.cpp:
-            - If a callback function returns a C++ null, convert to undefined.
-        (JSC::JSCallbackFunction::call):
-        * API/tests/testapi.c:
-        (Base_returnHardNull):
-        * API/tests/testapi.js:
-            - Add a test case for callback functions that return a C++ null.
-
-2012-04-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that
-        are currently being generated
-        https://bugs.webkit.org/show_bug.cgi?id=83531
-        <rdar://problem/11215200>
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-
-2012-04-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks.
-
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        * offlineasm/armv7.rb:
-
-2012-04-09  Patrick Gansterer  <paroga@webkit.org>
-
-        Remove HAVE_STDINT_H
-        https://bugs.webkit.org/show_bug.cgi?id=83434
-
-        Reviewed by Kentaro Hara.
-
-        HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already.
-
-        * config.h:
-
-2012-04-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not load the property storage if it is inline.
-        https://bugs.webkit.org/show_bug.cgi?id=83455
-
-        Reviewed by Gavin Barraclough.
-        
-        We had previously decided to have all property storage accesses go through
-        the property storage pointer even if they don't "really" have to, because
-        we were thinking this would help GC barriers somehow. Well, we never ended
-        up doing anything with that. Hence, doing these wasted loads of the
-        property storage pointer when the storage is inline is just a waste of CPU
-        cycles.
-        
-        This change makes the DFG's inline property accesses (GetByOffset and
-        PutByOffset) go directly to the inline property storage if the structure(s)
-        tell us that it's OK.
-        
-        This looks like an across-the-board 1% win.
-
-        * bytecode/StructureSet.h:
-        (JSC):
-        (JSC::StructureSet::allAreUsingInlinePropertyStorage):
-        (StructureSet):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-
-2012-04-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Command-line jsc's exception handling should be rationalized
-        https://bugs.webkit.org/show_bug.cgi?id=83437
-
-        Reviewed by Dan Bernstein.
-        
-        - If an exception is thrown during run() execution, it is now propagated,
-          so that it will terminate program execution unless it is caught.
-          
-        - If program execution terminates with an exception, the exception is now
-          always printed.
-          
-        - When printing the exception, the backtrace is now also printed if one is
-          available. It will only not be available if you use something akin to my
-          favorite line of code, 'throw "error"', since primitives don't have
-          properties and hence we cannot attach a "stack" property to them.
-
-        * jsc.cpp:
-        (functionRun):
-        (runWithScripts):
-
-2012-04-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Forced OSR exits should lead to recompilation based on count, not rate
-        https://bugs.webkit.org/show_bug.cgi?id=83247
-        <rdar://problem/10720925>
-
-        Reviewed by Geoff Garen.
-        
-        Track which OSR exits happen because of inadequate coverage. Count them
-        separately. If the count reaches a threshold, immediately trigger
-        reoptimization.
-        
-        This is in contrast to the recompilation trigger for all other OSR exits.
-        Normally recomp is triggered when the exit rate exceeds a certain ratio.
-        
-        Looks like a slight V8 speedup (sub 1%).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::forcedOSRExitCounter):
-        (JSC::CodeBlock::addressOfForcedOSRExitCounter):
-        (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
-        (JSC::CodeBlock::shouldReoptimizeNow):
-        (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
-        (CodeBlock):
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * dfg/DFGOSRExitCompiler.cpp:
-        (JSC::DFG::OSRExitCompiler::handleExitCounts):
-        (DFG):
-        * dfg/DFGOSRExitCompiler.h:
-        (OSRExitCompiler):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-
-2012-04-06  Benjamin Poulain  <bpoulain@apple.com>
-
-        Do not abuse ArrayStorage's m_length for testing array consistency
-        https://bugs.webkit.org/show_bug.cgi?id=83403
-
-        Reviewed by Geoffrey Garen.
-
-        Array creation from a list of values is a 3 steps process:
-        -JSArray::tryCreateUninitialized()
-        -JSArray::initializeIndex() for each values
-        -JSArray::completeInitialization()
-
-        Previously, the attribute m_length was not set to the final size
-        JSArray::tryCreateUninitialized() because it was used to test the array
-        consistency JSArray::initializeIndex().
-
-        This caused the initialization loop using JSArray::initializeIndex() maintain
-        two counters:
-        -index of the loop
-        -storage->m_length++
-
-        This patch fixes this by using the index of the initialization loop for the indinces of
-        JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex
-        is introduced if CHECK_ARRAY_CONSISTENCY is defined.
-
-        The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined.
-
-        This improves the performance of JSArray creation from literals by 8%.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::tryFinishCreationUninitialized):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (ArrayStorage):
-        (JSC::JSArray::initializeIndex):
-        (JSC::JSArray::completeInitialization):
-
-2012-04-06  Jon Lee  <jonlee@apple.com>
-
-        Build fix for Windows bots.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol.
-
-2012-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Renamed
-
-                WeakHeap => WeakSet
-                HandleHeap => HandleSet
-
-        Reviewed by Sam Weinig.
-
-        These sets do have internal allocators, but it's confusing to call them
-        heaps because they're sub-objects of an object called "heap".
-
-        * heap/HandleHeap.cpp: Removed.
-        * heap/HandleHeap.h: Removed.
-        * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp.
-        * heap/WeakHeap.cpp: Removed.
-        * heap/WeakHeap.h: Removed.
-        * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp.
-        * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h.
-
-        Plus global rename using grep.
-
-2012-04-06  Dan Bernstein  <mitz@apple.com>
-
-        <rdar://problem/10912476> HiDPI: Have canvas use a hidpi backing store, but downsample upon access
-
-        Reviewed by Sam Weinig.
-
-        * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS.
-
-2012-04-06  Rob Buis  <rbuis@rim.com>
-
-        Fix cast-align warnings in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=80790
-
-        Reviewed by George Staikos.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::computeJumpType):
-        (JSC::ARMv7Assembler::link):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::linkCode):
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::copyAndAppend):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * wtf/RefCountedArray.h:
-        (WTF::RefCountedArray::Header::payload):
-
-2012-04-06  Darin Adler  <darin@apple.com>
-
-        Streamline strtod and fix some related problems
-        https://bugs.webkit.org/show_bug.cgi?id=82857
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number
-        and we know it has only correct characters, leading spaces, trailing junk, and
-        trailing spaces are not a possibility. No need to add a trailing null character.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need
-        to allow trailing junk since the code above already allows only numeric digits
-        in the string. This code path is used only in unusual cases, so it's not
-        optimized for 8-bit strings, but easily could be.
-        (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this
-        function template because all the callers are OK with trailing junk. Use the
-        parseDouble function. No need to copy the data into a byte buffer, because
-        parseDouble handles that.
-        (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the
-        jsStrDecimalLiteral function template. That's OK because this function
-        already checks for trailing junk and handles it appropriately. The old code
-        path was doing it twice.
-        (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the
-        jsStrDecimalLiteral function template; the template allows junk unconditionally.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number
-        and we know it has only correct characters, leading spaces, trailing junk, and
-        trailing spaces are not a possibility. No need to add a trailing null character.
-        No need to copy the data into a byte buffer, because parseDouble handles that.
-        We could optimize the UChar case even more because we know all the characters
-        are ASCII, but not doing that at this time.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated.
-
-2012-04-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Remove JSC dependency from GregorianDateTime
-        https://bugs.webkit.org/show_bug.cgi?id=83290
-
-        Reviewed by Geoffrey Garen.
-
-        This allows us to move it to WTF later.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        * runtime/JSDateMath.h:
-
-2012-04-05  Michael Saboff  <msaboff@apple.com>
-
-        Call Heap::discardAllCompiledCode() in low memory situations
-        https://bugs.webkit.org/show_bug.cgi?id=83335
-
-        Reviewed by Geoffrey Garen.
-
-        Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?"
-        check inline so that it can be called directly without this check.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::discardAllCompiledCode):
-        (JSC::Heap::collectAllGarbage):
-        * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be
-        called from WebCore.
-        (Heap):
-        * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration.
-        (JSGlobalData):
-
-2012-04-05  Benjamin Poulain  <bpoulain@apple.com>
-
-        Speed up the conversion from JSValue to String for bulk operations
-        https://bugs.webkit.org/show_bug.cgi?id=83243
-
-        Reviewed by Geoffrey Garen.
-
-        When making operations on primitive types, we loose some time converting
-        values to JSString in order to extract the string.
-
-        This patch speeds up some basic Array operations by avoiding the creation
-        of intermediary JSString when possible.
-
-        For the cases where we need to convert a lot of JSValue in a tight loop,
-        an inline conversion is used.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncSort):
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort):
-        * runtime/JSString.h:
-        (JSC::JSValue::toUString):
-        (JSC):
-        (JSC::inlineJSValueNotStringtoUString):
-        (JSC::JSValue::toUStringInline):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toUStringSlowCase):
-        (JSC):
-        * runtime/JSValue.h:
-        (JSValue):
-
-2012-04-05  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use QuickSort when sorting primitive values by string representation
-        https://bugs.webkit.org/show_bug.cgi?id=83312
-
-        Reviewed by Gavin Barraclough.
-
-        When the value we are sorting are all primitive values, we do not need to
-        ensure a stable sort as two values with equal string representation are
-        indistinguishable from JavaScript.
-
-        This gives about 16% performance increase when sorting primitive values.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort):
-
-2012-04-05  Oliver Hunt  <oliver@apple.com>
-
-        SIGILL in JavaScriptCore on a Geode processor
-        https://bugs.webkit.org/show_bug.cgi?id=82496
-
-        Reviewed by Gavin Barraclough.
-
-        Don't attempt to use the DFG when SSE2 is not available.
-
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::canCompileOpcodes):
-
-2012-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Fix 32-bit build.
-
-        * API/APICast.h:
-        (toJS):
-
-2012-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Replace static_cast with jsCast when casting JSCell subclasses in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=83307
-
-        Reviewed by Gavin Barraclough.
-
-        Replace all usage of static_cast<JSCell subtype*> with jsCast<> in JavaScriptCore.
-        This results in assertions when unsafe casts are performed, but simply leaves
-        a static_cast<> in release builds.
-
-        * API/APICast.h:
-        (toJS):
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::asCallbackObject):
-        (JSC::::finishCreation):
-        (JSC::::construct):
-        (JSC::::call):
-        * API/JSObjectRef.cpp:
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSValueRef.cpp:
-        (JSValueIsObjectOfClass):
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::finishCreation):
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Executable.h:
-        (JSC::isHostFunction):
-        * runtime/JSActivation.h:
-        (JSC::asActivation):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::defineOwnProperty):
-        * runtime/JSArray.h:
-        (JSC::asArray):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::boundFunctionCall):
-        (JSC::boundFunctionConstruct):
-        * runtime/JSByteArray.h:
-        (JSC::asByteArray):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toObject):
-        * runtime/JSCell.h:
-        (JSC::jsCast):
-        * runtime/JSGlobalObject.h:
-        (JSC::asGlobalObject):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::setPrototypeWithCycleCheck):
-        (JSC::JSObject::allowsAccessFrom):
-        (JSC::JSObject::toThisObject):
-        (JSC::JSObject::unwrappedObject):
-        * runtime/JSObject.h:
-        (JSC::asObject):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::Register::propertyNameIterator):
-        * runtime/JSString.h:
-        (JSC::asString):
-        (JSC::JSValue::toString):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSubstr):
-
-2012-04-05  Benjamin Poulain  <bpoulain@apple.com>
-
-        Make something faster than JSStringBuilder for joining an array of JSValue
-        https://bugs.webkit.org/show_bug.cgi?id=83180
-
-        Reviewed by Geoffrey Garen.
-
-        This patch add the class JSStringJoiner optimized for join() operations.
-
-        This class makes stricter constraints than JSStringBuilder in order avoid
-        memory allocations.
-
-        In the best case, the class allocate memory only twice:
-        -Allocate an array to keep a list of UString to join.
-        -Allocate the final string.
-
-        We also avoid the conversion from 8bits strings to 16bits strings since
-        they are costly and unlikly to help for subsequent calls.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        * runtime/JSStringJoiner.cpp: Added.
-        (JSC):
-        (JSC::appendStringToData):
-        (JSC::joinStrings):
-        (JSC::JSStringJoiner::build):
-        * runtime/JSStringJoiner.h: Added.
-        (JSC):
-        (JSStringJoiner):
-        (JSC::JSStringJoiner::JSStringJoiner):
-        (JSC::JSStringJoiner::append):
-
-2012-04-05  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=77293
-        [Un]Reserve 'let'
-
-        Rubber stamped by Oliver Hunt.
-
-        Revert r106198.
-        This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html
-        If we're going to reserve let, we're going to have to do so in a more
-        circumspect fashion.
-
-        * parser/Keywords.table:
-
-2012-04-05  Michael Saboff  <msaboff@apple.com>
-
-        Rolling out http://trac.webkit.org/changeset/113262.
-        Original code was fine.
-
-        Rubber-stamped by Oliver Hunt.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::additionBlindedConstant):
-
-2012-04-05  Patrick Gansterer  <paroga@webkit.org>
-
-        [WinCE] Remove unnecessary function decleration
-        https://bugs.webkit.org/show_bug.cgi?id=83155
-
-        Reviewed by Kentaro Hara.
-
-        * runtime/JSDateMath.cpp:
-
-2012-04-04  Patrick Gansterer  <paroga@webkit.org>
-
-        Add WTF::getCurrentLocalTime()
-        https://bugs.webkit.org/show_bug.cgi?id=83164
-
-        Reviewed by Alexey Proskuryakov.
-
-        Replace the calls to WTF::getLocalTime() with time(0) with the new function.
-        This allows us to use Win32 API on windows to get the same result in a next step.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-
-2012-04-04  Oliver Hunt  <oliver@apple.com>
-
-        Parser fails to revert some state after parsing expression and object literals.
-        https://bugs.webkit.org/show_bug.cgi?id=83236
-
-        Reviewed by Gavin Barraclough.
-
-        Reset left hand side counter after parsing the literals.
-
-        * parser/Parser.cpp:
-        (JSC::::parseObjectLiteral):
-        (JSC::::parseStrictObjectLiteral):
-        (JSC::::parseArrayLiteral):
-
-2012-04-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG InstanceOf should not uselessly speculate cell
-        https://bugs.webkit.org/show_bug.cgi?id=83234
-
-        Reviewed by Oliver Hunt.
-        
-        If InstanceOf is the only user of its child then don't speculate cell, since
-        the not-cell case is super easy to handle.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-
-2012-04-04  Michael Saboff  <msaboff@apple.com>
-
-        Fixed minor error: "& 3" should be "& 2".
-
-        Rubber-stamped by Oliver Hunt.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::additionBlindedConstant):
-
-2012-04-04  Michael Saboff  <msaboff@apple.com>
-
-        Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP
-        https://bugs.webkit.org/show_bug.cgi?id=83191
-
-        Reviewed by Oliver Hunt.
-
-        Make are that blinded constant pairs are similarly aligned to the
-        original immediate values so that instructions that expect that
-        alignment work correctly.  One example is ARMv7 add/sub imm to SP.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned.
-        (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned.
-        (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned.
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::additionBlindedConstant):
-
-2012-04-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should short-circuit Branch(LogicalNot(...))
-        https://bugs.webkit.org/show_bug.cgi?id=83181
-
-        Reviewed by Geoff Garen.
-        
-        Slight (sub 1%) speed-up on V8.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2012-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode
-        https://bugs.webkit.org/show_bug.cgi?id=83139
-
-        Reviewed by Sam Weinig.
-
-        * heap/PassWeak.h:
-        (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error,
-        so work around that here. (Long-term, we should make 32-bit and 64-bit
-        agree on the right behavior.)
-
-2012-04-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Updated JSC expected test results to reflect recent bug fixes <disapproving look>.
-
-        Reviewed by Sam Weinig.
-
-        * tests/mozilla/expected.html:
-
-2012-03-29  Geoffrey Garen  <ggaren@apple.com>
-
-        First step toward incremental Weak<T> finalization
-        https://bugs.webkit.org/show_bug.cgi?id=82670
-
-        Reviewed by Filip Pizlo.
-
-        This patch implements a Weak<T> heap that is compatible with incremental
-        finalization, while making as few behavior changes as possible. The behavior
-        changes it makes are:
-
-        (*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
-        instead, a separate flag indicates that the JSValue is no longer valid.
-        (This is required so that the JSValue can be preserved for later finalization.)
-        Objects dealing with WeakImpls directly must change to check the flag.
-
-        (*) Weak<T> is no longer a subclass of Handle<T>.
-
-        (*) DOM GC performance is different -- 9% faster in the geometric mean,
-        but 15% slower in one specific case:
-                gc-dom1.html: 6%  faster
-                gc-dom2.html: 23% faster
-                gc-dom3.html: 17% faster
-                gc-dom4.html: 15% *slower*
-
-        The key features of this new heap are:
-
-        (*) Each block knows its own state, independent of any other blocks.
-
-        (*) Each block caches its own sweep result.
-
-        (*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
-        mark them yet, since that would be a behavior change.)
-
-        * API/JSCallbackObject.cpp:
-        (JSC::JSCallbackObjectData::finalize):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::init): Updated to use the new WeakHeap API.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri: Paid the build system tax since I added some new files.
-
-        * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,
-        so we can keep passing a Handle<T> to finalizers, to avoid more surface
-        area change in this patch. A follow-up patch should change the type we
-        pass to finalizers.
-
-        * heap/HandleHeap.cpp:
-        (JSC):
-        (JSC::HandleHeap::writeBarrier):
-        (JSC::HandleHeap::isLiveNode):
-        * heap/HandleHeap.h:
-        (JSC):
-        (HandleHeap):
-        (Node):
-        (JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
-        we have a separate WeakHeap now.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
-        for through our watermark now. Removed m_waterMark because it was unused.
-
-        (JSC::Heap::destroy): Updated for addition of WeakHeap.
-
-        (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
-        variable to participating in the watermark strategy. I wanted to standardize
-        WeakHeap and all other Heap clients on this strategy, to make sure it's
-        accurate.
- 
-        (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
-        dead visit pass, as explained above.
-
-        (JSC::Heap::collect):
-        (JSC::Heap::resetAllocators): Updated for addition of WeakHeap.
-
-        (JSC::Heap::addFinalizer):
-        (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.
-
-        * heap/Heap.h:
-        (JSC::Heap::weakHeap):
-        (Heap):
-        (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
-        strategy, since this is the best way for WeakHeap to report its memory
-        cost. (I plan to update this in a follow-up patch to make it more accurate,
-        but for now it is not less accurate than it used to be.)
-
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::addToWaterMark):
-        (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
-        it was unused, and I didn't want to update WeakHeap to keep an usused
-        variable working. Added API for above.
-
-        * heap/PassWeak.h:
-        (JSC):
-        (WeakImplAccessor):
-        (PassWeak):
-        (JSC::::operator):
-        (JSC::::get):
-        (JSC::::was):
-        (JSC::::PassWeak):
-        (JSC::::~PassWeak):
-        (JSC::UnspecifiedBoolType):
-        (JSC::::leakImpl):
-        (JSC::adoptWeak):
-        * heap/Strong.h:
-        (JSC::Strong::operator!):
-        (Strong):
-        (JSC::Strong::operator UnspecifiedBoolType*):
-        (JSC::Strong::get):
-        * heap/Weak.h:
-        (Weak):
-        (JSC::::Weak):
-        (JSC):
-        (JSC::::isHashTableDeletedValue):
-        (JSC::::~Weak):
-        (JSC::::swap):
-        (JSC::=):
-        (JSC::::operator):
-        (JSC::UnspecifiedBoolType):
-        (JSC::::release):
-        (JSC::::clear):
-        (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
-        down to two things:
-
-        (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.
-
-        (*) Explicitly check WeakImpl::state() for non-liveness before returning
-        a value (explained above).
-
-        These files implement the new Weak<T> heap behavior described above:
-
-        * heap/WeakBlock.cpp: Added.
-        * heap/WeakBlock.h: Added.
-        * heap/WeakHandleOwner.cpp: Added.
-        * heap/WeakHandleOwner.h: Added.
-        * heap/WeakHeap.cpp: Added.
-        * heap/WeakHeap.h: Added.
-        * heap/WeakImpl.h: Added.
-
-        One interesting difference from the old heap is that we don't allow
-        clients to overwrite a WeakImpl after allocating it, and we don't recycle
-        WeakImpls prior to garbage collection. This is required for lazy finalization,
-        but it will also help us esablish a useful invariant in the future: allocating
-        a WeakImpl will be a binding contract to run a finalizer at some point in the
-        future, even if the WeakImpl is later deallocated.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
-        its JSValue, since that's our API contract now, and the JSValue might
-        be stale.
-
-        * runtime/JSCell.h:
-        (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.
-
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::add): I can't remember why I did this.
-
-        * runtime/StructureTransitionTable.h:
-        * runtime/WeakGCMap.h: I had to update these classes because they allocate
-        and deallocate weak pointers manually. They should probably stop doing that.
-
-2012-04-03  Keishi Hattori  <keishi@webkit.org>
-
-        Disable ENABLE_DATALIST for now
-        https://bugs.webkit.org/show_bug.cgi?id=82871
-
-        Reviewed by Kent Tamura.
-
-        * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST.
-
-2012-04-02  Filip Pizlo  <fpizlo@apple.com>
-
-        jsr/sret should be removed
-        https://bugs.webkit.org/show_bug.cgi?id=82986
-        <rdar://problem/11017015>
-
-        Reviewed by Sam Weinig and Geoff Garen.
-        
-        Replaces jsr/sret with finally block inlining.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::pushFinallyContext):
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-        (JSC):
-        * bytecompiler/BytecodeGenerator.h:
-        (FinallyContext):
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::TryNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITOpcodes.cpp:
-        (JSC):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-04-03  Mark Rowe  <mrowe@apple.com>
-
-        Make it possible to install the JavaScriptCore test tools.
-
-        Part of <rdar://problem/11158607>.
-        
-        Reviewed by Filip Pizlo.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named
-        Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on
-        those targets individually to depending on the new aggregate target.
-
-2012-04-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm ARM backend has a very convoluted way of saying it wants to emit a
-        three-operand multiply instruction
-        https://bugs.webkit.org/show_bug.cgi?id=83100
-
-        Reviewed by Darin Adler.
-        
-        Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was
-        already smart enough to do the Right Thing for multiply.
-
-        * offlineasm/armv7.rb:
-
-2012-04-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm ARM backend uses the wrong mnemonic for multiply
-        https://bugs.webkit.org/show_bug.cgi?id=83098
-        <rdar://problem/11168744>
-
-        Reviewed by Gavin Barraclough.
-        
-        Use "mul" instead of "muls" since we're passing three operands, not two.
-
-        * offlineasm/armv7.rb:
-
-2012-04-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Linux crashes during boot
-        https://bugs.webkit.org/show_bug.cgi?id=83096
-
-        Reviewed by Filip Pizlo.
-
-        The bug here is that we add empty JSValues to the sparse map, and then set them
-        - but a GC may occur before doing so (due to a call to reportExtraMemory cost).
-        We may want to consider making it safe to mark empty JSValues, but the simple &
-        contained fix to this specific bug is to just initialize these values to
-        something other than JSValue().
-
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::add):
-            - Initialize sparse map entries.
-
-2012-04-02  Oliver Hunt  <oliver@apple.com>
-
-        Incorrect liveness information when inlining
-        https://bugs.webkit.org/show_bug.cgi?id=82985
-
-        Reviewed by Filip Pizlo.
-
-        Don't remap register numbers that have already been remapped.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-
-2012-04-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we
-        try to create an arguments object from the activation
-        https://bugs.webkit.org/show_bug.cgi?id=82947
-        <rdar://problem/11058598>
-
-        Reviewed by Gavin Barraclough.
-        
-        We now copy the entire call frame header just to be sure. This is mostly perf-netural,
-        except for a 3.7% slow-down in V8/earley.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::tearOff):
-
-2012-04-02  Daniel Bates  <dbates@webkit.org>
-
-        Remove Source/JavaScriptCore/wtf and its empty subdirectories
-
-        Rubber-stamped by Eric Seidel.
-
-        Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF
-        (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory
-        Source/JavaScriptCore/wtf and its empty subdirectories.
-
-        * wtf: Removed.
-        * wtf/android: Removed.
-        * wtf/blackberry: Removed.
-        * wtf/chromium: Removed.
-        * wtf/dtoa: Removed.
-        * wtf/efl: Removed.
-        * wtf/gobject: Removed.
-        * wtf/gtk: Removed.
-        * wtf/mac: Removed.
-        * wtf/qt: Removed.
-        * wtf/qt/compat: Removed.
-        * wtf/tests: Removed.
-        * wtf/text: Removed.
-        * wtf/threads: Removed.
-        * wtf/threads/win: Removed.
-        * wtf/unicode: Removed.
-        * wtf/unicode/glib: Removed.
-        * wtf/unicode/icu: Removed.
-        * wtf/unicode/qt4: Removed.
-        * wtf/unicode/wince: Removed.
-        * wtf/url: Removed.
-        * wtf/url/api: Removed.
-        * wtf/url/src: Removed.
-        * wtf/win: Removed.
-        * wtf/wince: Removed.
-        * wtf/wx: Removed.
-
-2012-04-02  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck issues.
-
-        * GNUmakefile.list.am: Add missing file.
-
-2012-04-01  Darin Adler  <darin@apple.com>
-
-        Fix incorrect path for libWTF.a in Mac project file.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that
-        would cause other configurations to try to link with the "Release" version of
-        libWTF.a instead of the correct version.
-
-2012-03-29  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize a==b for a being an object and b being either an object or
-        null/undefined, and vice versa
-        https://bugs.webkit.org/show_bug.cgi?id=82656
-
-        Reviewed by Oliver Hunt.
-        
-        Implements additional object equality optimizations for the case that one
-        operand is predicted to be an easily speculated object (like FinalObject or
-        Array) and the other is either an easily speculated object or Other, i.e.
-        Null or Undefined.
-        
-        2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8.
-        
-        I also took the opportunity to clean up the control flow for the speculation
-        decisions in the various Compare opcodes. And to fix a build bug in SamplingTool.
-        And to remove debug cruft I stupidly committed in my last patch.
-        
-        * bytecode/SamplingTool.h:
-        (SamplingRegion):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compare):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-
-2012-03-30  David Barr  <davidbarr@chromium.org>
-
-        Split up top-level .gitignore and .gitattributes
-        https://bugs.webkit.org/show_bug.cgi?id=82687
-
-        Reviewed by Tor Arne Vestbø.
-
-        * JavaScriptCore.gyp/.gitignore: Added.
-
-2012-03-30  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows (make based) build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them.
-
-2012-03-30  Keishi Hattori  <keishi@webkit.org>
-
-        Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium
-        https://bugs.webkit.org/show_bug.cgi?id=80972
-
-        Reviewed by Kent Tamura.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-03-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Refactor recompileAllJSFunctions() to be less expensive
-        https://bugs.webkit.org/show_bug.cgi?id=80330
-
-        Reviewed by Filip Pizlo.
-
-        This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
-        load performance, which currently does at least a couple full GCs per navigation.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
-        because the function doesn't actually recompile anything (and never did); it simply throws code
-        away for it to be recompiled later if we determine we should do so.
-        (JSC):
-        (JSC::Heap::collectAllGarbage):
-        (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
-        (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
-        be used in DoublyLinkedLists.
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
-        * runtime/Executable.h:
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
-        * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
-        the list of FunctionExecutables.
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
-
-2012-03-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for non-x86 platforms.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-
-2012-03-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix p2.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix p1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Template the Yarr::Interpreter on the character type
-        https://bugs.webkit.org/show_bug.cgi?id=82637
-
-        Reviewed by Sam Weinig.
-
-        We should be able to call to the interpreter after having already checked the character type,
-        without having to re-package the character pointer back up into a string!
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        (JSC::RegExp::matchCompareWithInterpreter):
-            - Don't pass length.
-        * yarr/Yarr.h:
-            - moved function declarations to YarrInterpreter.h.
-        * yarr/YarrInterpreter.cpp:
-        (Yarr):
-        (Interpreter):
-        (JSC::Yarr::Interpreter::InputStream::InputStream):
-        (InputStream):
-        (JSC::Yarr::Interpreter::Interpreter):
-        (JSC::Yarr::interpret):
-            - templated Interpreter class on CharType.
-        * yarr/YarrInterpreter.h:
-        (Yarr):
-            - added function declarations.
-
-2012-03-29  David Kilzer  <ddkilzer@apple.com>
-
-        Don't use a flattened framework path when building on OS X
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME
-        to select different INSTALL_PATH values.
-
-2012-03-29  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed build fix, add Win-specific sources
-        the wx port needs after WTF move.
-
-        * wscript:
-
-2012-03-29  Andy Estes  <aestes@apple.com>
-
-        Remove an unused variable that breaks the build with newer versions of clang.
-
-        Rubber stamped by Gavin Barraclough.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
-
-2012-03-29  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        HashMap<>::add should return a more descriptive object
-        https://bugs.webkit.org/show_bug.cgi?id=71063
-
-        Reviewed by Ryosuke Niwa.
-
-        Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps
-        the iterator type, there's a need for its own AddResult type -- instantiated from
-        HashTableAddResult template class.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::contextData):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * debugger/Debugger.cpp:
-        * dfg/DFGAssemblyHelpers.cpp:
-        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::ctiStub):
-        (JSC::JITThunks::hostFunctionStub):
-        * parser/Parser.cpp:
-        (JSC::::parseStrictObjectLiteral):
-        * parser/Parser.h:
-        (JSC::Scope::declareParameter):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        (JSC::Identifier::add8):
-        (JSC::Identifier::addSlowCase):
-        * runtime/Identifier.h:
-        (JSC::Identifier::add):
-        (JSC::IdentifierTable::add):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::add):
-        (JSC::SparseArrayValueMap::put):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::JSArray::enterDictionaryMode):
-        (JSC::JSArray::defineOwnNumericProperty):
-        * runtime/JSArray.h:
-        (SparseArrayValueMap):
-        * runtime/PropertyNameArray.cpp:
-        (JSC::PropertyNameArray::add):
-        * runtime/StringRecursionChecker.h:
-        (JSC::StringRecursionChecker::performCheck):
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::add):
-        * runtime/WeakGCMap.h:
-        (WeakGCMap):
-        (JSC::WeakGCMap::add):
-        (JSC::WeakGCMap::set):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::sampleChild):
-
-2012-03-29  Patrick Gansterer  <paroga@webkit.org>
-
-        Build fix for !ENABLE(YARR_JIT) after r112454.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::invalidateCode):
-
-2012-03-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG object equality speculations should be simplified
-        https://bugs.webkit.org/show_bug.cgi?id=82557
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateFinalObject):
-        (JSC::DFG::Node::shouldSpeculateArray):
-
-2012-03-28  David Kilzer  <ddkilzer@apple.com>
-
-        minidom configurations should be based on ToolExecutable.xcconfig
-        <http://webkit.org/b/82513>
-
-        Reviewed by Mark Rowe.
-
-        Note that this patch changes minidom from being installed in
-        /usr/local/bin to JavaScriptCore.framework/Resources.
-
-        * Configurations/ToolExecutable.xcconfig: Add semi-colon.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
-        configurations on ToolExecutable.xcconfig.  Remove redundant
-        PRODUCT_NAME and SKIP_INSTALL variables.
-
-2012-03-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix - some compiles generating NORETURN related warnings.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::setSubpatternStart):
-        (JSC::Yarr::YarrGenerator::setSubpatternEnd):
-        (JSC::Yarr::YarrGenerator::clearSubpatternStart):
-
-2012-03-28  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed. Build fix, move WTF back into JSCore target
-        until issues with JSCore not linking in all WTF symbols are resolved.
-        
-        * wscript:
-
-2012-03-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Yarr: if we're not using the output array, don't populate it!
-        https://bugs.webkit.org/show_bug.cgi?id=82519
-
-        Reviewed by Sam Weinig.
-
-        * runtime/RegExp.cpp:
-        (JSC):
-            - Missed review comment! - didn't fully remove RegExpRepresentation.
-
-2012-03-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Yarr: if we're not using the output array, don't populate it!
-        https://bugs.webkit.org/show_bug.cgi?id=82519
-
-        Reviewed by Sam Weinig.
-
-        Add a new variant of the match method to RegExp that returns a MatchResult,
-        and modify YarrJIT to be able to compile code that doesn't use an output vector.
-
-        This is a 3% progression on v8-regexp.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Moved MatchResult into its own header.
-        * assembler/AbstractMacroAssembler.h:
-            - Added missing include.
-        * runtime/MatchResult.h: Added.
-        (MatchResult::MatchResult):
-        (MatchResult):
-        (MatchResult::failed):
-        (MatchResult::operator bool):
-        (MatchResult::empty):
-            - Moved MatchResult into its own header.
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::compileIfNecessary):
-        (JSC::RegExp::match):
-            - Changed due to execute & representation changes.
-        (JSC::RegExp::compileMatchOnly):
-        (JSC::RegExp::compileIfNecessaryMatchOnly):
-            - Added helper to compile MatchOnly code.
-        (JSC::RegExp::invalidateCode):
-        (JSC::RegExp::matchCompareWithInterpreter):
-        (JSC::RegExp::printTraceData):
-            - Changed due representation changes.
-        * runtime/RegExp.h:
-        (RegExp):
-        (JSC::RegExp::hasCode):
-            - Made YarrCodeBlock a member.
-        * runtime/RegExpConstructor.h:
-        (RegExpConstructor):
-        (JSC::RegExpConstructor::performMatch):
-            - Added no-ovector form.
-        * runtime/RegExpMatchesArray.cpp:
-        (JSC::RegExpMatchesArray::reifyAllProperties):
-            - Match now takes a reference to ovector, not a pointer.
-        * runtime/RegExpObject.h:
-        (JSC):
-            - Moved MatchResult into its own header.
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSplit):
-            - Match now takes a reference to ovector, not a pointer.
-        * testRegExp.cpp:
-        (testOneRegExp):
-            - Match now takes a reference to ovector, not a pointer.
-        * yarr/YarrJIT.cpp:
-        (Yarr):
-        (YarrGenerator):
-        (JSC::Yarr::YarrGenerator::initCallFrame):
-        (JSC::Yarr::YarrGenerator::removeCallFrame):
-        (JSC::Yarr::YarrGenerator::setSubpatternStart):
-        (JSC::Yarr::YarrGenerator::setSubpatternEnd):
-        (JSC::Yarr::YarrGenerator::clearSubpatternStart):
-        (JSC::Yarr::YarrGenerator::setMatchStart):
-        (JSC::Yarr::YarrGenerator::getMatchStart):
-            - Added helper functions to intermediate access to output.
-        (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
-        (JSC::Yarr::YarrGenerator::generate):
-        (JSC::Yarr::YarrGenerator::backtrack):
-        (JSC::Yarr::YarrGenerator::generateEnter):
-        (JSC::Yarr::YarrGenerator::compile):
-            - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
-        (JSC::Yarr::jitCompile):
-            - Needs to template of MatchOnly or IncludeSubpatterns.
-        * yarr/YarrJIT.h:
-        (YarrCodeBlock):
-        (JSC::Yarr::YarrCodeBlock::set8BitCode):
-        (JSC::Yarr::YarrCodeBlock::set16BitCode):
-        (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
-        (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
-        (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
-        (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
-        (JSC::Yarr::YarrCodeBlock::execute):
-        (JSC::Yarr::YarrCodeBlock::clear):
-            - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
-
-2012-03-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit should not generate an exit for variables of inlinees if the
-        inlinees are not in scope
-        https://bugs.webkit.org/show_bug.cgi?id=82312
-
-        Reviewed by Oliver Hunt.
-        
-        * bytecode/CodeBlock.h:
-        (JSC::baselineCodeBlockForInlineCallFrame):
-        (JSC):
-        (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::computeNumVariablesForCodeOrigin):
-        (DFG):
-        (JSC::DFG::OSRExit::OSRExit):
-
-2012-03-27  Matt Lilek  <mrl@apple.com>
-
-        Stop compiling Interpreter.cpp with -fno-var-tracking
-        https://bugs.webkit.org/show_bug.cgi?id=82299
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-27  Pratik Solanki  <psolanki@apple.com>
-
-        Compiler warning when JIT is not enabled
-        https://bugs.webkit.org/show_bug.cgi?id=82352
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::create):
-
-2012-03-26  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Unaligned userspace access for SH4 platforms
-        https://bugs.webkit.org/show_bug.cgi?id=79104
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/AbstractMacroAssembler.h:
-        (Jump):
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::load16Unaligned):
-        (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerSH4::branchDouble):
-        (JSC::MacroAssemblerSH4::branchTrue):
-        (JSC::MacroAssemblerSH4::branchFalse):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::extraInstrForBranch):
-        (SH4Assembler):
-        (JSC::SH4Assembler::bra):
-        (JSC::SH4Assembler::linkJump):
-        * jit/JIT.h:
-        (JIT):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2012-03-26  Ryosuke Niwa  <rniwa@webkit.org>
-
-        cssText should use shorthand notations
-        https://bugs.webkit.org/show_bug.cgi?id=81737
-
-        Reviewed by Enrica Casucci.
-
-        Export symbols of BitVector on Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should assert that argument value recoveries can only be
-        AlreadyInRegisterFile or Constant
-        https://bugs.webkit.org/show_bug.cgi?id=82249
-
-        Reviewed by Michael Saboff.
-        
-        Made the assertions that the DFG makes for argument value recoveries match
-        what Arguments expects.
-
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::isConstant):
-        (ValueRecovery):
-        (JSC::ValueRecovery::isAlreadyInRegisterFile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-26  Dan Bernstein  <mitz@apple.com>
-
-        Tried to fix the Windows build.
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::CharacterClassConstructor::putRange):
-
-2012-03-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed - speculative Windows build fix.
-
-        * yarr/YarrCanonicalizeUCS2.h:
-        (JSC::Yarr::getCanonicalPair):
-
-2012-03-26  Dan Bernstein  <mitz@apple.com>
-
-        Fixed builds with assertions disabled.
-
-        * yarr/YarrCanonicalizeUCS2.h:
-        (JSC::Yarr::areCanonicallyEquivalent):
-
-2012-03-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed - errk! - accidentally the whole pbxproj.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Greek sigma is handled wrong in case independent regexp.
-        https://bugs.webkit.org/show_bug.cgi?id=82063
-
-        Reviewed by Oliver Hunt.
-
-        The bug here is that we assume that any given codepoint has at most one additional value it
-        should match under a case insensitive match, and that the pair of codepoints that match (if
-        a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
-        given codepoint). Life is not that simple.
-
-        Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
-        it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
-        we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
-        simple binary search to find an entry in typically eight compares.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * yarr/yarr.pri:
-            - Added new files to build systems.
-        * yarr/YarrCanonicalizeUCS2.cpp: Added.
-            - New - autogenerated, UCS2 canonicalized comparison tables.
-        * yarr/YarrCanonicalizeUCS2.h: Added.
-        (JSC::Yarr::rangeInfoFor):
-            - Look up the canonicalization info for a UCS2 character.
-        (JSC::Yarr::getCanonicalPair):
-            - For a UCS2 character with a single equivalent value, look it up.
-        (JSC::Yarr::isCanonicallyUnique):
-            - Returns true if no other UCS2 code points are canonically equal.
-        (JSC::Yarr::areCanonicallyEquivalent):
-            - Compare two values, under canonicalization rules.
-        * yarr/YarrCanonicalizeUCS2.js: Added.
-            - script used to generate YarrCanonicalizeUCS2.cpp.
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::tryConsumeBackReference):
-            - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-            - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::CharacterClassConstructor::putChar):
-            - Updated to determine canonical equivalents correctly.
-        (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
-            - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
-        (JSC::Yarr::CharacterClassConstructor::putRange):
-            - Updated to determine canonical equivalents correctly.
-        (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
-            - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
-
-2012-03-26  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
-        so we make sure it finds the API headers on all platforms.
-
-        * wscript:
-
-2012-03-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Build fix for WinCE after r112039.
-
-        * interpreter/Register.h:
-        (Register): Removed inline keyword from decleration since
-                    there is an ALWAYS_INLINE at the definition anyway.
-
-2012-03-26  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2012-03-25  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed build fix. Move WTF to its own static lib build.
-
-        * wscript:
-
-2012-03-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG int-to-double conversion should be revealed to CSE
-        https://bugs.webkit.org/show_bug.cgi?id=82135
-
-        Reviewed by Oliver Hunt.
-        
-        This introduces the notion of an Int32ToDouble node, which is injected
-        into the graph anytime we know that we have a double use of a node that
-        was predicted integer. The Int32ToDouble simplifies double speculation
-        on integers by skipping the path that would unbox doubles, if we know
-        that the value is already proven to be an integer. It allows integer to
-        double conversions to be subjected to common subexpression elimination
-        (CSE) by allowing the CSE phase to see where these conversions are
-        occurring. Finally, it allows us to see when a constant is being used
-        as both a double and an integer. This is a bit odd, since it means that
-        sometimes a double use of a constant will not refer directly to the
-        constant. This should not cause problems, for now, but it may require
-        some canonizalization in the future if we want to support strength
-        reductions of double operations based on constants.
-        
-        To allow injection of nodes into the graph, this change introduces the
-        DFG::InsertionSet, which is a way of lazily inserting elements into a
-        list. This allows the FixupPhase to remain O(N) despite performing
-        multiple injections in a single basic block. Without the InsertionSet,
-        each injection would require performing an insertion into a vector,
-        which is O(N), leading to O(N^2) performance overall. With the
-        InsertionSet, each injection simply records what insertion would have
-        been performed, and all insertions are performed at once (via
-        InsertionSet::execute) after processing of a basic block is completed.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/PredictedType.h:
-        (JSC::isActionableIntMutableArrayPrediction):
-        (JSC):
-        (JSC::isActionableFloatMutableArrayPrediction):
-        (JSC::isActionableTypedMutableArrayPrediction):
-        (JSC::isActionableMutableArrayPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::useKindToString):
-        (DFG):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::run):
-        (JSC::DFG::FixupPhase::fixupBlock):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGInsertionSet.h: Added.
-        (DFG):
-        (Insertion):
-        (JSC::DFG::Insertion::Insertion):
-        (JSC::DFG::Insertion::index):
-        (JSC::DFG::Insertion::element):
-        (InsertionSet):
-        (JSC::DFG::InsertionSet::InsertionSet):
-        (JSC::DFG::InsertionSet::append):
-        (JSC::DFG::InsertionSet::execute):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::IntegerOperand::IntegerOperand):
-        (JSC::DFG::DoubleOperand::DoubleOperand):
-        (JSC::DFG::JSValueOperand::JSValueOperand):
-        (JSC::DFG::StorageOperand::StorageOperand):
-        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGOperands should be moved out of the DFG and into bytecode
-        https://bugs.webkit.org/show_bug.cgi?id=82151
-
-        Reviewed by Dan Bernstein.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
-        * dfg/DFGBasicBlock.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGOSREntry.h:
-        * dfg/DFGOSRExit.h:
-        * dfg/DFGOperands.h: Removed.
-        * dfg/DFGVariableAccessData.h:
-
-2012-03-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG 64-bit Branch implementation should not be creating a JSValueOperand that
-        it isn't going to use
-        https://bugs.webkit.org/show_bug.cgi?id=82136
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed. Fix the build after WTF move.
-
-        * wscript:
-
-2012-03-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG double voting may be overzealous in the case of variables that end up
-        being used as integers
-        https://bugs.webkit.org/show_bug.cgi?id=82008
-
-        Reviewed by Oliver Hunt.
-        
-        Cleaned up propagation, making the intent more explicit in most places.
-        Back-propagate NodeUsedAsInt for cases where a node was used in a context
-        that is known to strongly prefer integers.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::run):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
-        (JSC::DFG::PredictionPropagationPhase::vote):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        (JSC::DFG::PredictionPropagationPhase::fixupNode):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
-
-2012-03-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::Node::shouldNotSpeculateInteger() should be eliminated
-        https://bugs.webkit.org/show_bug.cgi?id=82123
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (Node):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-
-2012-03-24  Yong Li  <yoli@rim.com>
-
-        Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
-        https://bugs.webkit.org/show_bug.cgi?id=81521
-
-        Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
-        for CPU(ARM_TRADITIONAL) to fit actual need.
-
-        Reviewed by Oliver Hunt.
-
-        * jit/JIT.h:
-        (JIT):
-
-2012-03-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG Fixup should be able to short-circuit trivial ValueToInt32's
-        https://bugs.webkit.org/show_bug.cgi?id=82030
-
-        Reviewed by Michael Saboff.
-        
-        Takes the fixup() method of the prediction propagation phase and makes it
-        into its own phase. Adds the ability to short-circuit trivial ValueToInt32
-        nodes, and mark pure ValueToInt32's as such.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCommon.h:
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGFixupPhase.cpp: Added.
-        (DFG):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::FixupPhase):
-        (JSC::DFG::FixupPhase::run):
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixIntEdge):
-        (JSC::DFG::performFixup):
-        * dfg/DFGFixupPhase.h: Added.
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::run):
-        (PredictionPropagationPhase):
-
-2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        tryReallocate could break the zero-ed memory invariant of CopiedBlocks
-        https://bugs.webkit.org/show_bug.cgi?id=82087
-
-        Reviewed by Filip Pizlo.
-
-        Removing this optimization turned out to be ~1% regression on kraken, so I simply 
-        undid the modification to the current block if we fail.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
-        to reallocate from the current block.
-
-2012-03-23  Alexey Proskuryakov  <ap@apple.com>
-
-        [Mac] No need for platform-specific ENABLE_BLOB values
-        https://bugs.webkit.org/show_bug.cgi?id=82102
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-03-23  Michael Saboff  <msaboff@apple.com>
-
-        DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
-        https://bugs.webkit.org/show_bug.cgi?id=81805
-
-        Reviewed by Filip Pizlo.
-
-        Added SpeculativeJIT::checkGeneratedType() to determine the current format
-        of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
-        to generate code that will use integer and JSValue types in integer
-        format directly without a conversion to double.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkGeneratedType):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        * dfg/DFGSpeculativeJIT.h:
-        (DFG):
-        (SpeculativeJIT):
-
-2012-03-23  Steve Falkenburg  <sfalken@apple.com>
-
-        Update Apple Windows build files for WTF move
-        https://bugs.webkit.org/show_bug.cgi?id=82069
-
-        Reviewed by Jessie Berlin.
-
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
-
-2012-03-23  Dean Jackson  <dino@apple.com>
-
-        Disable CSS_SHADERS in Apple builds
-        https://bugs.webkit.org/show_bug.cgi?id=81996
-
-        Reviewed by Simon Fraser.
-
-        Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-03-23  Gavin Barraclough  <barraclough@apple.com>
-
-        RexExp constructor last match properties should not rely on previous ovector
-        https://bugs.webkit.org/show_bug.cgi?id=82077
-
-        Reviewed by Oliver Hunt.
-
-        This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
-
-        This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
-        Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
-        a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
-        location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
-        a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
-        reified state. This means that next time a match is performed, the store of the result will
-        automatically blow away the reified value.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Added new files.
-        * runtime/RegExp.cpp:
-        (JSC::RegExpFunctionalTestCollector::outputOneTest):
-            - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
-        * runtime/RegExpCachedResult.cpp: Added.
-        (JSC::RegExpCachedResult::visitChildren):
-        (JSC::RegExpCachedResult::lastResult):
-        (JSC::RegExpCachedResult::setInput):
-            - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
-        * runtime/RegExpCachedResult.h: Added.
-        (RegExpCachedResult):
-            - Added new class.
-        (JSC::RegExpCachedResult::RegExpCachedResult):
-        (JSC::RegExpCachedResult::record):
-        (JSC::RegExpCachedResult::input):
-            - Initialize the object, record the result of a RegExp match, access the stored input property.
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-            - Initialize m_result/m_multiline properties.
-        (JSC::RegExpConstructor::visitChildren):
-            - Make sure the cached results (or lazy source for them) are marked.
-        (JSC::RegExpConstructor::getBackref):
-        (JSC::RegExpConstructor::getLastParen):
-        (JSC::RegExpConstructor::getLeftContext):
-        (JSC::RegExpConstructor::getRightContext):
-            - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
-        (JSC::regExpConstructorInput):
-        (JSC::setRegExpConstructorInput):
-            - Changed to use RegExpCachedResult.
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::create):
-        (RegExpConstructor):
-        (JSC::RegExpConstructor::setMultiline):
-        (JSC::RegExpConstructor::multiline):
-            - Move multiline property onto the constructor object; it is not affected by the last match.
-        (JSC::RegExpConstructor::setInput):
-        (JSC::RegExpConstructor::input):
-            - These defer to RegExpCachedResult.
-        (JSC::RegExpConstructor::performMatch):
-        * runtime/RegExpMatchesArray.cpp: Added.
-        (JSC::RegExpMatchesArray::visitChildren):
-            - Eeeep! added missing visitChildren!
-        (JSC::RegExpMatchesArray::finishCreation):
-        (JSC::RegExpMatchesArray::reifyAllProperties):
-        (JSC::RegExpMatchesArray::reifyMatchProperty):
-            - Moved from RegExpConstructor.cpp.
-        (JSC::RegExpMatchesArray::leftContext):
-        (JSC::RegExpMatchesArray::rightContext):
-            - Since the match start/
-        * runtime/RegExpMatchesArray.h:
-        (RegExpMatchesArray):
-            - Declare new methods & structure flags.
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-            - performMatch now requires the JSString input, to cache.
-        * runtime/StringPrototype.cpp:
-        (JSC::removeUsingRegExpSearch):
-        (JSC::replaceUsingRegExpSearch):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-            - performMatch now requires the JSString input, to cache.
-
-2012-03-23  Tony Chang  <tony@chromium.org>
-
-        [chromium] rename newwtf target back to wtf
-        https://bugs.webkit.org/show_bug.cgi?id=82064
-
-        Reviewed by Adam Barth.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Simplify memory usage tracking in CopiedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=80705
-
-        Reviewed by Filip Pizlo.
-
-        * heap/CopiedAllocator.h:
-        (CopiedAllocator): Rename currentUtilization to currentSize.
-        (JSC::CopiedAllocator::currentCapacity):
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-        (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
-        declaration.
-        (JSC):
-        (JSC::CopiedBlock::size): Add new function to calculate the block's size.
-        (JSC::CopiedBlock::capacity): Ditto for capacity.
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
-        field for the water mark.
-        (JSC::CopiedSpace::init):
-        (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
-        block, we need to update our current water mark with the size of the block.
-        (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
-        need to update our current water mark with the size of the used portion of the block.
-        (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
-        reallocating because it will either get accounted for when we fill up the block later 
-        in the case of being able to reallocate in the current block or it will get picked up 
-        immediately because we'll have to get a new block.
-        (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
-        realloc-ing an oversize block because we deallocate the old block and allocate a brand 
-        new one.
-        (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
-        the CopiedSpace by the SlotVisitors.
-        (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
-        (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
-        not we should collect now instead of doing the calculation ourself.
-        (JSC::CopiedSpace::destroy):
-        (JSC):
-        (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
-        MarkedSpace does.
-        (JSC::CopiedSpace::capacity): Ditto for capacity.
-        * heap/CopiedSpace.h:
-        (JSC::CopiedSpace::waterMark):
-        (CopiedSpace):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
-        collection.
-        (JSC::CopiedSpace::allocateNewBlock):
-        (JSC::CopiedSpace::fitsInBlock):
-        (JSC::CopiedSpace::allocateFromBlock):
-        * heap/Heap.cpp:
-        (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
-        (JSC::Heap::capacity): Ditto for capacity.
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
-        determine whether they should initiate a collection or continue to allocate new blocks.
-        (JSC):
-        (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
-        Heap (MarkedSpace and CopiedSpace).
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
-
-2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
-
-        BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
-        https://bugs.webkit.org/show_bug.cgi?id=82012
-
-        Reviewed by Filip Pizlo.
-
-        Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
-
-        * wtf/BitVector.cpp:
-        (WTF::BitVector::resizeOutOfLine):
-        * wtf/BitVector.h:
-        (BitVector):
-        (OutOfLineBits):
-
-2012-03-22  Michael Saboff  <msaboff@apple.com>
-
-        ExecutableAllocator::memoryPressureMultiplier() might can return NaN
-        https://bugs.webkit.org/show_bug.cgi?id=82002
-
-        Reviewed by Filip Pizlo.
-
-        Guard against divide by zero and then make sure the return
-        value is >= 1.0.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::memoryPressureMultiplier):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutableAllocator::memoryPressureMultiplier):
-
-2012-03-22  Jessie Berlin  <jberlin@apple.com>
-
-        Windows build fix after r111778.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        Don't include and try to build files owned by WTF.
-        Also, let VS have its way with the vcproj in terms of file ordering.
-
-2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
-
-        [CMake] Unreviewed build fix after r111778.
-
-        * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
-        the include paths so that the right config.h is used.
-
-2012-03-22  Tony Chang  <tony@chromium.org>
-
-        Unreviewed, fix chromium build after wtf move.
-
-        Remove old wtf_config and wtf targets.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-03-22  Martin Robinson  <mrobinson@igalia.com>
-
-        Fixed the GTK+ WTF/JavaScriptCore build after r111778.
-
-        * GNUmakefile.list.am: Removed an extra trailing backslash.
-
-2012-03-22  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build.
-
-        * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
-        rather than only those that contain symbols that JavaScriptCore itself uses.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
-
-2012-03-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG NodeFlags has some duplicate code and naming issues
-        https://bugs.webkit.org/show_bug.cgi?id=81975
-
-        Reviewed by Gavin Barraclough.
-        
-        Removed most references to "ArithNodeFlags" since those are now just part
-        of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
-        NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
-        because the former was never called and the latter did the same things as
-        mergeFlags().
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::arithNodeFlags):
-        (Node):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        (JSC::DFG::nodeUsedAsNumber):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
-
-2012-03-22  Eric Seidel  <eric@webkit.org>
-
-        Actually move WTF files to their new home
-        https://bugs.webkit.org/show_bug.cgi?id=81844
-
-        Unreviewed.  The details of the port-specific changes
-        have been seen by contributors from those ports, but
-        the whole 5MB change isn't very reviewable as-is.
-
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-        * JSCTypedArrayStubs.h:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jsc.cpp:
-
-2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed. Adding Source/WTF to the build.
-
-        * wscript:
-
-2012-03-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Add JSValue::isFunction
-        https://bugs.webkit.org/show_bug.cgi?id=81935
-
-        Reviewed by Geoff Garen.
-
-        This would be useful in the WebCore bindings code.
-        Also, remove asFunction, replace with jsCast<JSFunction*>.
-
-        * API/JSContextRef.cpp:
-        * debugger/Debugger.cpp:
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::valueOfFunctionConstant):
-        * dfg/DFGOperations.cpp:
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::isInlineCallFrameSlow):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::jitCompileFor):
-        (JSC::lazyLinkFor):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::traceFunctionPrologue):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::setUpCall):
-        * runtime/Arguments.h:
-        (JSC::Arguments::finishCreation):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::arityCheckFor):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::compileFor):
-        (JSC::FunctionExecutable::compileOptimizedFor):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncToString):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::lengthGetter):
-        * runtime/JSFunction.h:
-        (JSC):
-        (JSC::asJSFunction):
-        (JSC::JSValue::isFunction):
-        * runtime/JSGlobalData.cpp:
-        (WTF::Recompiler::operator()):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-        * runtime/JSValue.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingRegExpSearch):
-
-2012-03-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculation on booleans should be rationalized
-        https://bugs.webkit.org/show_bug.cgi?id=81840
-
-        Reviewed by Gavin Barraclough.
-        
-        This removes isKnownBoolean() and replaces it with AbstractState-based
-        optimization, and cleans up the control flow in code gen methods for
-        Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
-        and removes isKnownNotBoolean() since that method appeared to be a
-        helper used solely by 32_64's speculateBooleanOperation().
-        
-        This is performance-neutral.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateNumber):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-21  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build.
-
-        * wtf/MetaAllocator.h:
-        (MetaAllocator): Export the destructor.
-
-2012-03-21  Eric Seidel  <eric@webkit.org>
-
-        Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=81834
-
-        Reviewed by Adam Barth.
-
-        * jsc.cpp:
-        * os-win32/WinMain.cpp:
-        * runtime/JSDateMath.cpp:
-        * runtime/TimeoutChecker.cpp:
-        * testRegExp.cpp:
-        * tools/CodeProfiling.cpp:
-
-2012-03-21  Eric Seidel  <eric@webkit.org>
-
-        WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
-        https://bugs.webkit.org/show_bug.cgi?id=81838
-
-        Reviewed by Geoffrey Garen.
-
-        My understanding is that weak vtables happen when the compiler/linker cannot
-        determine which compilation unit should constain the vtable.  In this case
-        because there were only pure virtual functions as well as an "inline"
-        virtual destructor (thus the virtual destructor was defined in many compilation
-        units).  Since you can't actually "inline" a virtual function (it still has to
-        bounce through the vtable), the "inline" on this virutal destructor doesn't
-        actually help performance, and is only serving to confuse the compiler here.
-        I've moved the destructor implementation to the .cpp file, thus making
-        it clear to the compiler where the vtable should be stored, and solving the error.
-
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocator::~MetaAllocator):
-        (WTF):
-        * wtf/MetaAllocator.h:
-
-2012-03-20  Gavin Barraclough  <barraclough@apple.com>
-
-        RegExpMatchesArray should not copy the ovector
-        https://bugs.webkit.org/show_bug.cgi?id=81742
-
-        Reviewed by Michael Saboff.
-
-        Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
-        This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
-        main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
-        and the results never accessed).
-        If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
-
-        * dfg/DFGOperations.cpp:
-            - RegExpObject match renamed back to test (test returns a bool).
-        * runtime/RegExpConstructor.cpp:
-        (JSC):
-            - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
-        (JSC::RegExpMatchesArray::finishCreation):
-            - Removed RegExpConstructorPrivate parameter.
-        (JSC::RegExpMatchesArray::reifyAllProperties):
-            - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
-            If there are sub-pattern properties, the RegExp is re-run to generate their values.
-        (JSC::RegExpMatchesArray::reifyMatchProperty):
-            - Reify just the match (index 0) property of the RegExpMatchesArray.
-        * runtime/RegExpConstructor.h:
-        (RegExpConstructor):
-        (JSC::RegExpConstructor::performMatch):
-            - performMatch now returns a MatchResult, rather than using out-parameters.
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-            - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
-        (RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::create):
-            - Now passed the input string matched against, the RegExp, and the MatchResult.
-        (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
-        (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
-            - Helpers to conditionally reify properties.
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
-        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-        (JSC::RegExpMatchesArray::put):
-        (JSC::RegExpMatchesArray::putByIndex):
-        (JSC::RegExpMatchesArray::deleteProperty):
-        (JSC::RegExpMatchesArray::deletePropertyByIndex):
-        (JSC::RegExpMatchesArray::getOwnPropertyNames):
-        (JSC::RegExpMatchesArray::defineOwnProperty):
-            - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
-            (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::exec):
-        (JSC::RegExpObject::match):
-            - match now returns a MatchResult.
-        * runtime/RegExpObject.h:
-        (JSC::MatchResult::MatchResult):
-            - Added the result of a match is a start & end tuple.
-        (JSC::MatchResult::failed):
-            - A failure is indicated by (notFound, 0).
-        (JSC::MatchResult::operator bool):
-            - Evaluates to false if the match failed.
-        (JSC::MatchResult::empty):
-            - Evaluates to true if the match succeeded with length 0.
-        (JSC::RegExpObject::test):
-            - Now returns a bool.
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-            - RegExpObject match renamed back to test (test returns a bool).
-        * runtime/StringPrototype.cpp:
-        (JSC::removeUsingRegExpSearch):
-        (JSC::replaceUsingRegExpSearch):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-            - performMatch now returns a MatchResult, rather than using out-parameters.
-
-2012-03-21  Hojong Han  <hojong.han@samsung.com>
-
-        Fix out of memory by allowing overcommit
-        https://bugs.webkit.org/show_bug.cgi?id=81743
-
-        Reviewed by Geoffrey Garen.
-
-        Garbage collection is not triggered and new blocks are added
-        because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-
-2012-03-21  Jessie Berlin  <jberlin@apple.com>
-
-        More Windows build fixing.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        Fix the order of the include directories to look in include/private first before looking
-        in include/private/JavaScriptCore.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
-        Look in the Production output directory (where the wtf headers will be). This is the same
-        thing that is done for jsc and testRegExp in ReleasePGO.
-
-2012-03-21  Jessie Berlin  <jberlin@apple.com>
-
-        WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
-        $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
-        https://bugs.webkit.org/show_bug.cgi?id=81739
-
-        Reviewed by Dan Bernstein.
-
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
-        subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
-        * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
-        Ditto.
-
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
-        Get the headers for those 4 files from the wtf subdirectory of the build output, not the
-        JavaScriptCore/wtf subdirectory.
-        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
-        Ditto.
-
-2012-03-20  Eric Seidel  <eric@webkit.org>
-
-        Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
-        https://bugs.webkit.org/show_bug.cgi?id=80911
-
-        Reviewed by Adam Barth.
-
-        Update the various build systems to depend on Source/WTF headers
-        as well as remove references to Platform.h (since it's now moved).
-
-        * CMakeLists.txt:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-
-2012-03-20  Filip Pizlo  <fpizlo@apple.com>
-
-        op_mod fails on many interesting corner cases
-        https://bugs.webkit.org/show_bug.cgi?id=81648
-
-        Reviewed by Oliver Hunt.
-        
-        Removed most strength reduction for op_mod, and fixed the integer handling
-        to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
-        which this patch also fixes.
-        
-        This patch is performance neutral on all of the major benchmarks we track.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileArithMod):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITArithmetic.cpp:
-        (JSC):
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC):
-        * jit/JITStubs.h:
-        (TrampolineStructure):
-        (JSC::JITThunks::ctiNativeConstruct):
-        * llint/LowLevelInterpreter64.asm:
-        * wtf/Platform.h:
-        * wtf/SimpleStats.h:
-        (WTF::SimpleStats::variance):
-
-2012-03-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows (make based) build fix.
-        <rdar://problem/11069015>
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
-
-2012-03-20  Steve Falkenburg  <sfalken@apple.com>
-
-        Move WTF-related Windows project files out of JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=80680
-
-        This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
-        It does not move any source code. This is in preparation for the WTF source move out of
-        JavaScriptCore.
-
-        Reviewed by Jessie Berlin.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-        * JavaScriptCore.vcproj/WTF: Removed.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
-        * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
-        * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
-
-2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
-
-        Cache the type string of JavaScript object
-        https://bugs.webkit.org/show_bug.cgi?id=81446
-
-        Reviewed by Geoffrey Garen.
-
-        Instead of creating the JSString every time, we create
-        lazily the strings in JSGlobalData.
-
-        This avoid the construction of the StringImpl and of the JSString,
-        which gives some performance improvements.
-
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toStringSlowCase):
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::SmallStrings):
-        (JSC::SmallStrings::finalizeSmallStrings):
-        (JSC::SmallStrings::initialize):
-        (JSC):
-        * runtime/SmallStrings.h:
-        (SmallStrings):
-
-2012-03-20  Oliver Hunt  <oliver@apple.com>
-
-        Allow LLINT to work even when executable allocation fails.
-        https://bugs.webkit.org/show_bug.cgi?id=81693
-
-        Reviewed by Gavin Barraclough.
-
-        Don't crash if executable allocation fails if we can fall back on LLINT
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-
-2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
-        https://bugs.webkit.org/show_bug.cgi?id=81428
-
-        32 bit buildfix after r111355.
-
-        2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
-        The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
-
-        Reviewed by Zoltan Herczeg.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
-
-2012-03-19  Jochen Eisinger  <jochen@chromium.org>
-
-        Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
-        https://bugs.webkit.org/show_bug.cgi?id=80983
-
-        Reviewed by Darin Adler.
-
-        This allows printing a backtrace acquired by an earlier WTFGetBacktrace
-        call which is useful for local debugging.
-
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-
-2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
-
-        Do not copy the script source in the SourceProvider, just reference the existing string
-        https://bugs.webkit.org/show_bug.cgi?id=81466
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/SourceCode.h: Remove the unused, and incorrect, function data().
-        * parser/SourceProvider.h: Add OVERRIDE for clarity.
-
-2012-03-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Division optimizations fail to infer cases of truncated division and
-        mishandle -2147483648/-1
-        https://bugs.webkit.org/show_bug.cgi?id=81428
-        <rdar://problem/11067382>
-
-        Reviewed by Oliver Hunt.
-
-        If you're a division over integers and you're only used as an integer, then you're
-        an integer division and remainder checks become unnecessary. If you're dividing
-        -2147483648 by -1, don't crash.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (MacroAssemblerX86Common):
-        (JSC::MacroAssemblerX86Common::add32):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * llint/LowLevelInterpreter64.asm:
-
-2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
-
-        Simplify SmallStrings
-        https://bugs.webkit.org/show_bug.cgi?id=81445
-
-        Reviewed by Gavin Barraclough.
-
-        SmallStrings had two methods that should not be public: count() and clear().
-
-        The method clear() is effectively replaced by finalizeSmallStrings(). The body
-        of the method was moved to the constructor since the code is obvious.
-
-        The method count() is unused.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::SmallStrings):
-        * runtime/SmallStrings.h:
-        (SmallStrings):
-
-2012-03-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG can no longer compile V8-v4/regexp in debug mode
-        https://bugs.webkit.org/show_bug.cgi?id=81592
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
-        change throughout the fixpoint
-        https://bugs.webkit.org/show_bug.cgi?id=81583
-
-        Reviewed by Michael Saboff.
-
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-03-19  Filip Pizlo  <fpizlo@apple.com>
-
-        GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
-        the process of being generated
-        https://bugs.webkit.org/show_bug.cgi?id=81565
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::finalizeUnconditionally):
-
-2012-03-19  Eric Seidel  <eric@webkit.org>
-
-        Fix WTF header include discipline in Chromium WebKit
-        https://bugs.webkit.org/show_bug.cgi?id=81281
-
-        Reviewed by James Robinson.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * wtf/unicode/icu/CollatorICU.cpp:
-
-2012-03-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
-        https://bugs.webkit.org/show_bug.cgi?id=81556
-
-        Rubber stamped by Gavin Barraclough.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::forNode):
-        * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
-        (JSC::DFG::AdjacencyList::AdjacencyList):
-        (JSC::DFG::AdjacencyList::child):
-        (JSC::DFG::AdjacencyList::setChild):
-        (JSC::DFG::AdjacencyList::child1):
-        (JSC::DFG::AdjacencyList::child2):
-        (JSC::DFG::AdjacencyList::child3):
-        (JSC::DFG::AdjacencyList::setChild1):
-        (JSC::DFG::AdjacencyList::setChild2):
-        (JSC::DFG::AdjacencyList::setChild3):
-        (JSC::DFG::AdjacencyList::child1Unchecked):
-        (JSC::DFG::AdjacencyList::initialize):
-        (AdjacencyList):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addVarArgChild):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::canonicalize):
-        (JSC::DFG::CSEPhase::performSubstitution):
-        * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
-        (DFG):
-        (JSC::DFG::Edge::Edge):
-        (JSC::DFG::Edge::operator==):
-        (JSC::DFG::Edge::operator!=):
-        (Edge):
-        (JSC::DFG::operator==):
-        (JSC::DFG::operator!=):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::operator[]):
-        (JSC::DFG::Graph::at):
-        (JSC::DFG::Graph::ref):
-        (JSC::DFG::Graph::deref):
-        (JSC::DFG::Graph::clearAndDerefChild1):
-        (JSC::DFG::Graph::clearAndDerefChild2):
-        (JSC::DFG::Graph::clearAndDerefChild3):
-        (Graph):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::getPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::child1):
-        (JSC::DFG::Node::child1Unchecked):
-        (JSC::DFG::Node::child2):
-        (JSC::DFG::Node::child3):
-        (Node):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::arithNodeFlagsAsString):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        (JSC::DFG::nodeUsedAsNumber):
-        * dfg/DFGNodeReferenceBlob.h: Removed.
-        * dfg/DFGNodeUse.h: Removed.
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
-        (JSC::DFG::PredictionPropagationPhase::vote):
-        (JSC::DFG::PredictionPropagationPhase::fixupNode):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::use):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::useChildren):
-        (JSC::DFG::SpeculativeJIT::writeBarrier):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::at):
-        (JSC::DFG::SpeculativeJIT::canReuse):
-        (JSC::DFG::SpeculativeJIT::use):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (JSC::DFG::IntegerOperand::IntegerOperand):
-        (JSC::DFG::DoubleOperand::DoubleOperand):
-        (JSC::DFG::JSValueOperand::JSValueOperand):
-        (JSC::DFG::StorageOperand::StorageOperand):
-        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2012-03-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Object.freeze broken on latest Nightly
-        https://bugs.webkit.org/show_bug.cgi?id=80577
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::defineOwnProperty):
-            - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
-            been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::defineOwnProperty):
-            - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
-            the object must be extensible; this is incorrect since these properties should already exist
-            on the object. In addition, it was asserting that the arguments/caller values must match the
-            corresponding magic data properties, but for strict mode function this is incorrect. Instead,
-            just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
-
-2012-03-19  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
-        https://bugs.webkit.org/show_bug.cgi?id=81559
-
-        Reviewed by Michael Saboff.
-
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2012-03-19  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
-        https://bugs.webkit.org/show_bug.cgi?id=77013
-
-        We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
-        implement memory decommitting for QNX.
-
-        Reviewed by Rob Buis.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveUncommitted):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-
-2012-03-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed - revent a couple of files accidentally committed.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::defineOwnProperty):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::defineOwnProperty):
-
-2012-03-19  Jessie Berlin  <jberlin@apple.com>
-
-        Another Windows build fix after r111129.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
-
-        Cross-platform processor core counter: fix build on FreeBSD.
-        https://bugs.webkit.org/show_bug.cgi?id=81482
-
-        Reviewed by Zoltan Herczeg.
-
-        The documentation of sysctl(3) shows that <sys/types.h> should be
-        included before <sys/sysctl.h> (sys/types.h tends to be the first
-        included header in general).
-
-        This should fix the build on FreeBSD and other systems where
-        sysctl.h really depends on types defined in types.h.
-
-        * wtf/NumberOfCores.cpp:
-
-2012-03-19  Jessie Berlin  <jberlin@apple.com>
-
-        Windows build fix after r111129.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-19  Gavin Barraclough  <barraclough@apple.com>
-
-        JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
-        https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
-
-        Reviewed by Oliver Hunt.
-
-        The API specifies that convertToType may opt not to handle a conversion:
-            "@result The objects's converted value, or NULL if the object was not converted."
-        In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
-        conversion functions, and failing that call the JSObject::defaultValue function.
-
-        Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
-        the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
-        bug#73368, these will return the result from the first convertToType they find, regardless
-        of whether this result is null, and if no convertToType method is found in the api class
-        hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
-        chain), they will also return a null pointer. This is unsafe.
-
-        It would be easy to make the approach based around toStringCallback/valueOfCallback continue
-        to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
-        (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
-        Making the fallback work with toString/valueOf methods attached to api objects is probably
-        not the right thing to do – instead, we should just implement the defaultValue trap for api
-        objects.
-
-        In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
-        null to be returned from C to JavaScript - this is not okay. Handle with an exception.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-            - Should be null checking the return value.
-        (JSC):
-            - Remove toStringCallback/valueOfCallback.
-        * API/JSCallbackFunction.h:
-        (JSCallbackFunction):
-            - Remove toStringCallback/valueOfCallback.
-        * API/JSCallbackObject.h:
-        (JSCallbackObject):
-            - Add defaultValue mthods to JSCallbackObject.
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::defaultValue):
-            - Add defaultValue mthods to JSCallbackObject.
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-            - Remove toStringCallback/valueOfCallback.
-        * API/tests/testapi.js:
-            - Revert this test, now we no longer artificially introduce a toString method onto the api object.
-
-2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
-
-        [EFL] Include ICU_INCLUDE_DIRS when building.
-        https://bugs.webkit.org/show_bug.cgi?id=81483
-
-        Reviewed by Daniel Bates.
-
-        So far, only the ICU libraries were being included when building
-        JavaScriptCore, however the include path is also needed, otherwise the
-        build will fail when ICU is installed into a non-standard location.
-
-        * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
-
-2012-03-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Strength reduction, RegExp.exec -> RegExp.test
-        https://bugs.webkit.org/show_bug.cgi?id=81459
-
-        Reviewed by Sam Weinig.
-
-        RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
-        expression for a match against a string - however exec is more expensive, since
-        it allocates a matches array object. In cases where the result is consumed in a
-        boolean context the allocation of the matches array can be trivially elided.
-
-        For example:
-            function f()
-            {
-                for (i =0; i < 10000000; ++i)
-                    if(!/a/.exec("a"))
-                        err = true;
-            }
-
-        This is a 2.5x speedup on this example microbenchmark loop.
-
-        In a more advanced form of this optimization, we may be able to avoid allocating
-        the array where access to the array can be observed.
-
-        * create_hash_table:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasHeapPrediction):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileRegExpExec):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jsc.cpp:
-        (GlobalObject::addConstructableFunction):
-        * runtime/Intrinsic.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::create):
-        (JSC):
-        * runtime/JSFunction.h:
-        (JSFunction):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::exec):
-        (JSC::RegExpObject::match):
-        * runtime/RegExpObject.h:
-        (RegExpObject):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncTest):
-        (JSC::regExpProtoFuncExec):
-
-2012-03-16  Michael Saboff  <msaboff@apple.com>
-
-        Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
-        https://bugs.webkit.org/show_bug.cgi?id=81244
-
-        Rubber stamped by Filip Pizlo.
-
-        Changed type and name of JSGlobalData::m_isInitializingObject to
-        ClassInfo* and m_initializingObjectClass.
-        Changed JSGlobalData::setInitializingObject to
-        JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
-        the debugger to determine what type of object is being initialized.
-        
-        * runtime/JSCell.h:
-        (JSC::JSCell::finishCreation):
-        (JSC::allocateCell):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        (JSC::JSGlobalData::isInitializingObject):
-        (JSC::JSGlobalData::setInitializingObjectClass):
-        * runtime/Structure.h:
-        (JSC::JSCell::finishCreation):
-
-2012-03-16  Mark Rowe  <mrowe@apple.com>
-
-        Build fix. Do not preserve owner and group information when installing the WTF headers.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-15  David Dorwin  <ddorwin@chromium.org>
-
-        Make the array pointer parameters in the Typed Array create() methods const.
-        https://bugs.webkit.org/show_bug.cgi?id=81147
-
-        Reviewed by Kenneth Russell.
-
-        This allows const arrays to be passed to these methods.
-        They use PassRefPtr<Subclass> create(), which already has a const parameter.
-
-        * wtf/Int16Array.h:
-        (Int16Array):
-        (WTF::Int16Array::create):
-        * wtf/Int32Array.h:
-        (Int32Array):
-        (WTF::Int32Array::create):
-        * wtf/Int8Array.h:
-        (Int8Array):
-        (WTF::Int8Array::create):
-        * wtf/Uint16Array.h:
-        (Uint16Array):
-        (WTF::Uint16Array::create):
-        * wtf/Uint32Array.h:
-        (Uint32Array):
-        (WTF::Uint32Array::create):
-        * wtf/Uint8Array.h:
-        (Uint8Array):
-        (WTF::Uint8Array::create):
-        * wtf/Uint8ClampedArray.h:
-        (Uint8ClampedArray):
-        (WTF::Uint8ClampedArray::create):
-
-2012-03-15  Myles Maxfield  <mmaxfield@google.com>
-
-        CopiedSpace::tryAllocateOversize assumes system page size
-        https://bugs.webkit.org/show_bug.cgi?id=80615
-
-        Reviewed by Geoffrey Garen.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateOversize):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::oversizeBlockFor):
-        * wtf/BumpPointerAllocator.h:
-        (WTF::BumpPointerPool::create):
-        * wtf/StdLibExtras.h:
-        (WTF::roundUpToMultipleOf):
-
-2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing Windows build breakage
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-15  Patrick Gansterer  <paroga@webkit.org>
-
-        [EFL] Make zlib a general build requirement
-        https://bugs.webkit.org/show_bug.cgi?id=80153
-
-        Reviewed by Hajime Morita.
-
-        After r109538 WebSocket module needs zlib to support deflate-frame extension.
-
-        * wtf/Platform.h:
-
-2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
-
-        NumericStrings should be inlined
-        https://bugs.webkit.org/show_bug.cgi?id=81183
-
-        Reviewed by Gavin Barraclough.
-
-        NumericStrings is not always inlined. When it is not, the class is not faster
-        than using UString::number() directly.
-
-        * runtime/NumericStrings.h:
-        (JSC::NumericStrings::add):
-        (JSC::NumericStrings::lookupSmallString):
-
-2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
-
-        Fix ARM build after r110792.
-
-        Unreviewed build fix.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        Remove superfluous curly brackets.
-
-2012-03-15  Gavin Barraclough  <barraclough@apple.com>
-
-        ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
-        https://bugs.webkit.org/show_bug.cgi?id=81256
-
-        Reviewed by Oliver Hunt.
-
-        This is a 0.5% sunspider progression.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
-            - switch which form of vmov we use.
-
-2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
-
-        [EFL] Add OwnPtr specialization for Ecore_Timer.
-        https://bugs.webkit.org/show_bug.cgi?id=80119
-
-        Reviewed by Hajime Morita.
-
-        Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
-
-        * wtf/OwnPtrCommon.h:
-        (WTF):
-        * wtf/efl/OwnPtrEfl.cpp:
-        (WTF::deleteOwnedPtr):
-        (WTF):
-
-2012-03-15  Hojong Han  <hojong.han@samsung.com>
-
-        Linux has madvise enough to support OSAllocator::commit/decommit
-        https://bugs.webkit.org/show_bug.cgi?id=80505
-
-        Reviewed by Geoffrey Garen.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveUncommitted):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-
-2012-03-15  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
-        * JavaScriptCore.vcproj/WTF/copy-files.cmd:
-        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
-
-2012-03-15  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-
-2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Move wx port to using export macros
-        https://bugs.webkit.org/show_bug.cgi?id=77279
-
-        Reviewed by Hajime Morita.
-
-        * wscript:
-        * wtf/Platform.h:
-
-2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
-
-        Avoid StringImpl::getData16SlowCase() when sorting array
-        https://bugs.webkit.org/show_bug.cgi?id=81070
-
-        Reviewed by Geoffrey Garen.
-
-        The function codePointCompare() is used intensively when sorting strings.
-        This patch improves its performance by:
-        -Avoiding character conversion.
-        -Inlining the function.
-
-        This makes Peacekeeper's arrayCombined test 30% faster.
-
-        * wtf/text/StringImpl.cpp:
-        * wtf/text/StringImpl.h:
-        (WTF):
-        (WTF::codePointCompare):
-        (WTF::codePointCompare8):
-        (WTF::codePointCompare16):
-        (WTF::codePointCompare8To16):
-
-2012-03-14  Hojong Han  <hojong.han@samsung.com>
-
-        Fix memory allocation failed by fastmalloc
-        https://bugs.webkit.org/show_bug.cgi?id=79614
-
-        Reviewed by Geoffrey Garen.
-
-        Memory allocation failed even if the heap grows successfully.
-        It is wrong to get the span only from the large list after the heap grows,
-        because new span could be added in the normal list.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::New):
-
-2012-03-14  Hojong Han  <hojong.han@samsung.com>
-
-        Run cacheFlush page by page to assure of flushing all the requested ranges
-        https://bugs.webkit.org/show_bug.cgi?id=77712
-
-        Reviewed by Geoffrey Garen.
-
-        Current MetaAllocator concept, always coalesces adjacent free spaces,
-        doesn't meet memory management of Linux kernel.
-        In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
-        Therefore cacheFlush page by page guarantees a flush-requested range.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2012-03-14  Oliver Hunt  <oliver@apple.com>
-
-        Make ARMv7 work again
-        https://bugs.webkit.org/show_bug.cgi?id=81157
-
-        Reviewed by Geoffrey Garen.
-
-        We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
-        where we the ARMv7MacroAssembler would also try to use dataRegister for its own
-        nefarious purposes.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::store32):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-
-2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Heap::destroy leaks CopiedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=81055
-
-        Reviewed by Geoffrey Garen.
-
-        Added a destroy() function to CopiedSpace that moves all normal size 
-        CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
-        as well as deallocates all of the oversize blocks in the CopiedSpace. 
-        This function is now called in Heap::destroy().
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::destroy):
-        (JSC):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/Heap.cpp:
-        (JSC::Heap::destroy):
-
-2012-03-14  Andrew Lo  <anlo@rim.com>
-
-        [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
-        https://bugs.webkit.org/show_bug.cgi?id=81000
-
-        Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
-
-        Reviewed by Antonio Gomes.
-
-        * wtf/Platform.h:
-
-2012-03-13  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueToInt32 speculation will cause OSR exits even when it does not have to
-        https://bugs.webkit.org/show_bug.cgi?id=81068
-        <rdar://problem/11043926>
-
-        Reviewed by Anders Carlsson.
-        
-        Two related changes:
-        1) ValueToInt32 will now always just defer to the non-speculative path, instead
-           of exiting, if it doesn't know what speculations to perform.
-        2) ValueToInt32 will speculate boolean if it sees this to be profitable.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateBoolean):
-        (Node):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-
-2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        More Windows build fixing
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Type conversion of exponential part failed
-        https://bugs.webkit.org/show_bug.cgi?id=80673
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/Lexer.cpp:
-        (JSC::::lex):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt):
-        (JSC):
-        (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
-        we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
-        parameter for strtod to allow trailing spaces.
-        (JSC::toDouble):
-        (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
-        * runtime/LiteralParser.cpp:
-        (JSC::::Lexer::lexNumber):
-        * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
-        we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
-        * wtf/dtoa.cpp:
-        (WTF):
-        (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
-        broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
-        * wtf/dtoa.h:
-        * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
-        Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
-        A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
-        here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
-        * wtf/text/WTFString.cpp:
-        (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
-
-2012-03-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
-        Removing the assert for now.
-
-        * dfg/DFGOperations.h:
-        * llint/LLIntSlowPaths.h:
-
-2012-03-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Functions with C linkage should return POD types
-        https://bugs.webkit.org/show_bug.cgi?id=81061
-
-        Reviewed by Mark Rowe.
-
-        * dfg/DFGOperations.h:
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        (SlowPathReturnType):
-        (JSC::LLInt::encodeResult):
-
-2012-03-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
-        https://bugs.webkit.org/show_bug.cgi?id=80979
-        <rdar://problem/11036848>
-
-        Reviewed by Oliver Hunt.
-        
-        Also improved DFG IR dumping to include type information in a somewhat more
-        intuitive way.
-
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToAbbreviatedString):
-        (JSC):
-        * bytecode/PredictedType.h:
-        (JSC):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-
-2012-03-13  George Staikos  <staikos@webkit.org>
-
-        The callback is only used if SA_RESTART is defined.  Compile it out
-        otherwise to avoid a warning.
-        https://bugs.webkit.org/show_bug.cgi?id=80926
-
-        Reviewed by Alexey Proskuryakov.
-
-        * heap/MachineStackMarker.cpp:
-        (JSC):
-
-2012-03-13  Hojong Han  <hojong.han@samsung.com>
-
-        Dump the generated code for ARM_TRADITIONAL
-        https://bugs.webkit.org/show_bug.cgi?id=80975
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::dumpCode):
-
-2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
-
-        Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
-        https://bugs.webkit.org/show_bug.cgi?id=78853
-
-        Reviewed by Adam Barth.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2012-03-13  Kwonjin Jeong  <gram@company100.net>
-
-        Remove SlotVisitor::copy() method.
-        https://bugs.webkit.org/show_bug.cgi?id=80973
-
-        Reviewed by Geoffrey Garen.
-
-        SlotVisitor::copy() method isn't called anywhere.
-
-        * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
-        * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
-
-2012-03-12  Hojong Han  <hojong.han@samsung.com>
-
-        Fix test cases for RegExp multiline
-        https://bugs.webkit.org/show_bug.cgi?id=80822
-
-        Reviewed by Gavin Barraclough.
-
-        * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
-        * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
-        * tests/mozilla/js1_2/regexp/beginLine.js:
-        * tests/mozilla/js1_2/regexp/endLine.js:
-
-2012-03-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Arithmetic use inference should be procedure-global and should run in tandem
-        with type propagation
-        https://bugs.webkit.org/show_bug.cgi?id=80819
-        <rdar://problem/11034006>
-
-        Reviewed by Gavin Barraclough.
-        
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
-        * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::isNotZero):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::flags):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeFlags):
-
-2012-03-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Node::op and Node::flags should be private
-        https://bugs.webkit.org/show_bug.cgi?id=80824
-        <rdar://problem/11033435>
-
-        Reviewed by Gavin Barraclough.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
-        (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::flushArgument):
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (JSC::DFG::ByteCodeParser::isJSConstant):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::linkBlock):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::canonicalize):
-        (JSC::DFG::CSEPhase::endIndexForPureCSE):
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::byValIsPure):
-        (JSC::DFG::CSEPhase::clobbersWorld):
-        (JSC::DFG::CSEPhase::impureCSE):
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkFunctionElimination):
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (DFG):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::addShouldSpeculateInteger):
-        (JSC::DFG::Graph::negateShouldSpeculateInteger):
-        (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
-        * dfg/DFGNode.cpp: Removed.
-        * dfg/DFGNode.h:
-        (DFG):
-        (JSC::DFG::Node::Node):
-        (Node):
-        (JSC::DFG::Node::op):
-        (JSC::DFG::Node::flags):
-        (JSC::DFG::Node::setOp):
-        (JSC::DFG::Node::setFlags):
-        (JSC::DFG::Node::mergeFlags):
-        (JSC::DFG::Node::filterFlags):
-        (JSC::DFG::Node::clearFlags):
-        (JSC::DFG::Node::setOpAndDefaultFlags):
-        (JSC::DFG::Node::mustGenerate):
-        (JSC::DFG::Node::isConstant):
-        (JSC::DFG::Node::isWeakConstant):
-        (JSC::DFG::Node::valueOfJSConstant):
-        (JSC::DFG::Node::hasVariableAccessData):
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::resolveGlobalDataIndex):
-        (JSC::DFG::Node::hasArithNodeFlags):
-        (JSC::DFG::Node::arithNodeFlags):
-        (JSC::DFG::Node::setArithNodeFlag):
-        (JSC::DFG::Node::mergeArithNodeFlags):
-        (JSC::DFG::Node::hasConstantBuffer):
-        (JSC::DFG::Node::hasRegexpIndex):
-        (JSC::DFG::Node::hasVarNumber):
-        (JSC::DFG::Node::hasScopeChainDepth):
-        (JSC::DFG::Node::hasResult):
-        (JSC::DFG::Node::hasInt32Result):
-        (JSC::DFG::Node::hasNumberResult):
-        (JSC::DFG::Node::hasJSResult):
-        (JSC::DFG::Node::hasBooleanResult):
-        (JSC::DFG::Node::isJump):
-        (JSC::DFG::Node::isBranch):
-        (JSC::DFG::Node::isTerminal):
-        (JSC::DFG::Node::hasHeapPrediction):
-        (JSC::DFG::Node::hasFunctionCheckData):
-        (JSC::DFG::Node::hasStructureTransitionData):
-        (JSC::DFG::Node::hasStructureSet):
-        (JSC::DFG::Node::hasStorageAccessData):
-        (JSC::DFG::Node::hasFunctionDeclIndex):
-        (JSC::DFG::Node::hasFunctionExprIndex):
-        (JSC::DFG::Node::child1):
-        (JSC::DFG::Node::child2):
-        (JSC::DFG::Node::child3):
-        (JSC::DFG::Node::firstChild):
-        (JSC::DFG::Node::numChildren):
-        * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
-        * dfg/DFGNodeFlags.h: Added.
-        (DFG):
-        (JSC::DFG::nodeUsedAsNumber):
-        (JSC::DFG::nodeCanTruncateInteger):
-        (JSC::DFG::nodeCanIgnoreNegativeZero):
-        (JSC::DFG::nodeMayOverflow):
-        (JSC::DFG::nodeCanSpeculateInteger):
-        * dfg/DFGNodeType.h: Added.
-        (DFG):
-        (JSC::DFG::defaultFlags):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::vote):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        (JSC::DFG::PredictionPropagationPhase::fixupNode):
-        * dfg/DFGRedundantPhiEliminationPhase.cpp:
-        (JSC::DFG::RedundantPhiEliminationPhase::run):
-        (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
-        (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::useChildren):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compare):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Minor DataLog fixes
-        https://bugs.webkit.org/show_bug.cgi?id=80826
-
-        Reviewed by Andreas Kling.
-
-        * bytecode/ExecutionCounter.cpp:
-        Do not include DataLog.h, it is not used.
-        
-        * jit/ExecutableAllocator.cpp:
-        Ditto.
-
-        * wtf/DataLog.cpp:
-        (WTF::initializeLogFileOnce):
-        Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
-
-        * wtf/HashTable.cpp:
-        Include DataLog as it is used.
-
-2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
-
-        Integer overflow check code in arithmetic operation in classic interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=80465
-
-        Reviewed by Gavin Barraclough.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2012-03-12  Zeno Albisser  <zeno@webkit.org>
-
-        [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
-        https://bugs.webkit.org/show_bug.cgi?id=80827
-
-        Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
-
-        Reviewed by Simon Hausmann.
-
-        * wtf/Platform.h:
-
-2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed prospective Qt/Mac build fix
-
-        * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
-        whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
-        constructor.
-
-2012-03-12  Filip Pizlo  <fpizlo@apple.com>
-
-        All DFG nodes should have a mutable set of flags
-        https://bugs.webkit.org/show_bug.cgi?id=80779
-        <rdar://problem/11026218>
-
-        Reviewed by Gavin Barraclough.
-        
-        Got rid of NodeId, and placed all of the flags that distinguished NodeId
-        from NodeType into a separate Node::flags field. Combined what was previously
-        ArithNodeFlags into Node::flags.
-        
-        In the process of debugging, I found that the debug support in the virtual
-        register allocator was lacking, so I improved it. I also realized that the
-        virtual register allocator was assuming that the nodes in a basic block were
-        contiguous, which is no longer the case. So I fixed that. The fix also made
-        it natural to have more extreme assertions, so I added them. I suspect this
-        will make it easier to catch virtual register allocation bugs in the future.
-        
-        This is mostly performance neutral; if anything it looks like a slight
-        speed-up.
-        
-        This patch does leave some work for future refactorings; for example, Node::op
-        is unencapsulated. This was already the case, though now it feels even more
-        like it should be. I avoided doing that because this patch has already grown
-        way bigger than I wanted.
-        
-        Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
-        move some unnecessarily inline stuff out of DFGNode.h.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
-        (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::endIndexForPureCSE):
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::clobbersWorld):
-        (JSC::DFG::CSEPhase::impureCSE):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-        (CSEPhase):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::opName):
-        (JSC::DFG::Graph::dump):
-        (DFG):
-        * dfg/DFGNode.cpp: Added.
-        (DFG):
-        (JSC::DFG::arithNodeFlagsAsString):
-        * dfg/DFGNode.h:
-        (DFG):
-        (JSC::DFG::nodeUsedAsNumber):
-        (JSC::DFG::nodeCanTruncateInteger):
-        (JSC::DFG::nodeCanIgnoreNegativeZero):
-        (JSC::DFG::nodeMayOverflow):
-        (JSC::DFG::nodeCanSpeculateInteger):
-        (JSC::DFG::defaultFlags):
-        (JSC::DFG::Node::Node):
-        (Node):
-        (JSC::DFG::Node::setOpAndDefaultFlags):
-        (JSC::DFG::Node::mustGenerate):
-        (JSC::DFG::Node::arithNodeFlags):
-        (JSC::DFG::Node::setArithNodeFlag):
-        (JSC::DFG::Node::mergeArithNodeFlags):
-        (JSC::DFG::Node::hasResult):
-        (JSC::DFG::Node::hasInt32Result):
-        (JSC::DFG::Node::hasNumberResult):
-        (JSC::DFG::Node::hasJSResult):
-        (JSC::DFG::Node::hasBooleanResult):
-        (JSC::DFG::Node::isJump):
-        (JSC::DFG::Node::isBranch):
-        (JSC::DFG::Node::isTerminal):
-        (JSC::DFG::Node::child1):
-        (JSC::DFG::Node::child2):
-        (JSC::DFG::Node::child3):
-        (JSC::DFG::Node::firstChild):
-        (JSC::DFG::Node::numChildren):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::vote):
-        (JSC::DFG::PredictionPropagationPhase::fixupNode):
-        * dfg/DFGScoreBoard.h:
-        (ScoreBoard):
-        (JSC::DFG::ScoreBoard::~ScoreBoard):
-        (JSC::DFG::ScoreBoard::assertClear):
-        (JSC::DFG::ScoreBoard::use):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::useChildren):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-03-10  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt should support JSVALUE64
-        https://bugs.webkit.org/show_bug.cgi?id=79609
-        <rdar://problem/10063437>
-
-        Reviewed by Gavin Barraclough and Oliver Hunt.
-        
-        Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
-        patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
-        file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
-        specialized for value representation.
-        
-        Also made some minor changes to offlineasm and the slow-paths.
-
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LLIntEntrypoints.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::llint_trace_value):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        (SlowPathReturnType):
-        (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
-        (JSC::LLInt::encodeResult):
-        * llint/LLIntThunks.cpp:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/armv7.rb:
-        * offlineasm/asm.rb:
-        * offlineasm/ast.rb:
-        * offlineasm/backends.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/parser.rb:
-        * offlineasm/registers.rb:
-        * offlineasm/transform.rb:
-        * offlineasm/x86.rb:
-        * wtf/Platform.h:
-
-2012-03-10  Yong Li  <yoli@rim.com>
-
-        Web Worker crashes with WX_EXCLUSIVE
-        https://bugs.webkit.org/show_bug.cgi?id=80532
-
-        Let each JS global object own a meta allocator
-        for WX_EXCLUSIVE to avoid conflicts from Web Worker.
-        Also fix a mutex leak in MetaAllocator's dtor.
-
-        Reviewed by Filip Pizlo.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
-        (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
-        (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
-        (DemandExecutableAllocator):
-        (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
-        (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
-        (JSC::DemandExecutableAllocator::allocateNewSpace):
-        (JSC::DemandExecutableAllocator::allocators):
-        (JSC::DemandExecutableAllocator::allocatorsMutex):
-        (JSC):
-        (JSC::ExecutableAllocator::initializeAllocator):
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::underMemoryPressure):
-        (JSC::ExecutableAllocator::memoryPressureMultiplier):
-        (JSC::ExecutableAllocator::allocate):
-        (JSC::ExecutableAllocator::committedByteCount):
-        (JSC::ExecutableAllocator::dumpProfile):
-        * jit/ExecutableAllocator.h:
-        (JSC):
-        (ExecutableAllocator):
-        (JSC::ExecutableAllocator::allocator):
-        * wtf/MetaAllocator.h:
-        (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
-        * wtf/TCSpinLock.h:
-        (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
-
-2012-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Object.freeze broken on latest Nightly
-        https://bugs.webkit.org/show_bug.cgi?id=80577
-
-        Reviewed by Oliver Hunt.
-
-        The problem here is that deleteProperty rejects deletion of prototype.
-        This is correct in most cases, however defineOwnPropery is presently
-        implemented internally to ensure the attributes change by deleting the
-        old property, and creating a new one.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::deleteProperty):
-            - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
-
-2012-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Array.prototype.toLocaleString visits elements in wrong order under certain conditions
-        https://bugs.webkit.org/show_bug.cgi?id=80663
-
-        Reviewed by Michael Saboff.
-
-        The bug here is actually that we're continuing to process the array after an exception
-        has been thrown, and that the second value throw is overriding the first.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToLocaleString):
-
-2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
-
-        WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
-        https://bugs.webkit.org/show_bug.cgi?id=80080
-
-        Reviewed by Filip Pizlo.
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingRegion::Locker::Locker):
-        (JSC::SamplingRegion::Locker::~Locker):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingRegion::exchangeCurrent):
-        * wtf/Atomics.h:
-        (WTF):
-        (WTF::weakCompareAndSwap):
-        (WTF::weakCompareAndSwapUIntPtr):
-
-2012-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
-        https://bugs.webkit.org/show_bug.cgi?id=49989
-
-        Reviewed by Oliver Hunt.
-
-        Patch originally by chris reiss <christopher.reiss@nokia.com>,
-        allow the year to appear before the timezone in date strings.
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-
-2012-03-09  Mark Rowe  <mrowe@apple.com>
-
-        Ensure that the WTF headers are copied at installhdrs time.
-
-        Reviewed by Dan Bernstein and Jessie Berlin.
-
-        * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
-        so that our script phases are invoked at installhdrs time. The only one that
-        does any useful work at that time is the one that installs WTF headers.
-
-2012-03-09  Jon Lee  <jonlee@apple.com>
-
-        Add support for ENABLE(LEGACY_NOTIFICATIONS)
-        https://bugs.webkit.org/show_bug.cgi?id=80497
-
-        Reviewed by Adam Barth.
-
-        Prep for b80472: Update API for Web Notifications
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
-
-        Bash scripts should support LF endings only
-        https://bugs.webkit.org/show_bug.cgi?id=79509
-
-        Reviewed by David Kilzer.
-
-        * gyp/generate-derived-sources.sh: Added property svn:eol-style.
-        * gyp/run-if-exists.sh: Added property svn:eol-style.
-        * gyp/update-info-plist.sh: Added property svn:eol-style.
-
-2012-03-09  Jessie Berlin  <jberlin@apple.com>
-
-        Windows debug build fix.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::shouldBlind):
-        Fix unreachable code warnings (which we treat as errors).
-
-2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Zoltan Herczeg.
-
-        [Qt] Fix the SH4 build after r109834
-        https://bugs.webkit.org/show_bug.cgi?id=80492
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchAdd32):
-        (JSC::MacroAssemblerSH4::branchSub32):
-
-2012-03-09  Andy Wingo  <wingo@igalia.com>
-
-        Refactor code feature analysis in the parser
-        https://bugs.webkit.org/show_bug.cgi?id=79112
-
-        Reviewed by Geoffrey Garen.
-
-        This commit refactors the parser to more uniformly propagate flag
-        bits down and up the parse process, as the parser descends and
-        returns into nested blocks.  Some flags get passed town to
-        subscopes, some apply to specific scopes only, and some get
-        unioned up after parsing subscopes.
-
-        The goal is to eventually be very precise with scoping
-        information, once we have block scopes: one block scope might use
-        `eval', which would require the emission of a symbol table within
-        that block and containing blocks, whereas another block in the
-        same function might not, allowing us to not emit a symbol table.
-
-        * parser/Nodes.h:
-        (JSC::ScopeFlags): Rename from CodeFeatures.
-        (JSC::ScopeNode::addScopeFlags):
-        (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
-        (JSC::ScopeNode::isStrictMode):
-        (JSC::ScopeNode::usesEval):
-        (JSC::ScopeNode::usesArguments):
-        (JSC::ScopeNode::setUsesArguments):
-        (JSC::ScopeNode::usesThis):
-        (JSC::ScopeNode::needsActivationForMoreThanVariables):
-        (JSC::ScopeNode::needsActivation): Refactor these accessors to
-        operate on the m_scopeFlags member.
-        (JSC::ScopeNode::source):
-        (JSC::ScopeNode::sourceURL):
-        (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
-        semantic change.
-        (JSC::ScopeNode::ScopeNode)
-        (JSC::ProgramNode::ProgramNode)
-        (JSC::EvalNode::EvalNode)
-        (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
-        take a ScopeFlags as an argument, instead of a bool inStrictContext.
-
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create): Adapt constructors to change.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::ASTBuilder):
-        (JSC::ASTBuilder::thisExpr):
-        (JSC::ASTBuilder::createResolve):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::addVar):
-        (JSC::ASTBuilder::Scope::Scope):
-        (Scope):
-        (ASTBuilder):
-        (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
-        features here.  Instead rely on the base Parser mechanism to track
-        features.
-
-        * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
-
-        * parser/Parser.h:
-        (JSC::Scope::Scope): Manage scope through flags, not
-        bit-booleans.  This lets us uniformly propagate them up and down.
-        (JSC::Scope::declareWrite):
-        (JSC::Scope::declareParameter):
-        (JSC::Scope::useVariable):
-        (JSC::Scope::collectFreeVariables):
-        (JSC::Scope::getCapturedVariables):
-        (JSC::Scope::saveFunctionInfo):
-        (JSC::Scope::restoreFunctionInfo):
-        (JSC::Parser::pushScope): Adapt to use scope flags and their
-        accessors instead of bit-booleans.
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        (JSC::::parseInner):
-        (JSC::::didFinishParsing):
-        (JSC::::parseSourceElements):
-        (JSC::::parseVarDeclarationList):
-        (JSC::::parseConstDeclarationList):
-        (JSC::::parseWithStatement):
-        (JSC::::parseTryStatement):
-        (JSC::::parseFunctionBody):
-        (JSC::::parseFunctionInfo):
-        (JSC::::parseFunctionDeclaration):
-        (JSC::::parsePrimaryExpression): Hoist some of the flag handling
-        out of the "context" (ASTBuilder or SyntaxChecker) and to here.
-        Does not seem to have a performance impact.
-
-        * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
-        Cache the scopeflags.
-        * parser/SyntaxChecker.h: Remove evalCount() decl.
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::ScriptExecutable::usesEval):
-        (JSC::ScriptExecutable::usesArguments):
-        (JSC::ScriptExecutable::needsActivation):
-        (JSC::ScriptExecutable::isStrictMode):
-        (JSC::ScriptExecutable::recordParse):
-        (ScriptExecutable): ScopeFlags, not features.
-
-2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
-
-        Build fix for MSVC after r110266
-
-        Unreviewed. A #ifdef for MSVC was left over in r110266.
-
-        * runtime/RegExpObject.h:
-        (RegExpObject):
-
-2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
-
-        Allocate the RegExpObject's data with the Cell
-        https://bugs.webkit.org/show_bug.cgi?id=80654
-
-        Reviewed by Gavin Barraclough.
-
-        This patch removes the creation of RegExpObject's data to avoid the overhead
-        create by the allocation and destruction.
-
-        We RegExp are created repeatedly, this provides some performance improvment.
-        The PeaceKeeper test stringDetectBrowser improves by 10%.
-
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        (JSC::RegExpObject::visitChildren):
-        (JSC::RegExpObject::getOwnPropertyDescriptor):
-        (JSC::RegExpObject::defineOwnProperty):
-        (JSC::RegExpObject::match):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::setRegExp):
-        (JSC::RegExpObject::regExp):
-        (JSC::RegExpObject::setLastIndex):
-        (JSC::RegExpObject::getLastIndex):
-        (RegExpObject):
-
-2012-03-08  Steve Falkenburg  <sfalken@apple.com>
-
-        Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
-        https://bugs.webkit.org/show_bug.cgi?id=80657
-        
-        Preparation for WTF separation from JavaScriptCore.
-        The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
-        dependencies for generated files.
-        
-        This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
-        versions of the WTF code independent of the JavaScriptCore code.
-
-        Reviewed by Jessie Berlin.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
-        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
-        * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
-        * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
-        * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
-        * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
-        * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
-        * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
-
-2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
-
-        Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
-        https://bugs.webkit.org/show_bug.cgi?id=80652
-
-        Reviewed by Eric Seidel.
-
-        Fix the header, URLSegments.h is not part of the API.
-
-        * wtf/url/api/ParsedURL.h:
-
-2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Mac build fix for micro data API.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-03-08  Gavin Barraclough  <barraclough@apple.com>
-
-        String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
-        https://bugs.webkit.org/show_bug.cgi?id=26890
-
-        Reviewed by Oliver Hunt.
-
-        Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingRegExpSearch):
-        (JSC::stringProtoFuncMatch):
-            - added calls to setLastIndex.
-
-2012-03-08  Matt Lilek  <mrl@apple.com>
-
-        Don't enable VIDEO_TRACK on all OS X platforms
-        https://bugs.webkit.org/show_bug.cgi?id=80635
-
-        Reviewed by Eric Carlson.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-03-08  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.  That day is not today.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::shouldBlind):
-        * assembler/MacroAssemblerX86Common.h:
-        (MacroAssemblerX86Common):
-        (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
-
-2012-03-08  Oliver Hunt  <oliver@apple.com>
-
-        Build fix. One of these days I'll manage to commit something that works everywhere.
-
-        * assembler/AbstractMacroAssembler.h:
-        (AbstractMacroAssembler):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
-        (MacroAssemblerX86Common):
-
-2012-03-08  Chao-ying Fu  <fu@mips.com>
-
-        Update MIPS patchOffsetGetByIdSlowCaseCall
-        https://bugs.webkit.org/show_bug.cgi?id=80302
-
-        Reviewed by Oliver Hunt.
-
-        * jit/JIT.h:
-        (JIT):
-
-2012-03-08  Oliver Hunt  <oliver@apple.com>
-
-        Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
-        https://bugs.webkit.org/show_bug.cgi?id=80633
-
-        Reviewed by Gavin Barraclough.
-
-        Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
-        if there isn't a machine specific implementation (otherwise the 64bit value
-        got truncated and 32bit checks were used -- leaving 32bits untested).
-        Also add a bit of logic to ensure that we don't try to blind a few common
-        constants that go through the ImmPtr paths -- encoded numeric JSValues and
-        unencoded doubles with common "safe" values.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::shouldBlindDouble):
-        (MacroAssembler):
-        (JSC::MacroAssembler::shouldBlind):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
-
-2012-03-08  Mark Rowe  <mrowe@apple.com>
-
-        <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
-
-        Reviewed by Dan Bernstein.
-
-        * Configurations/Base.xcconfig:
-
-2012-03-08  Steve Falkenburg  <sfalken@apple.com>
-
-        Fix line endings for copy-files.cmd.
-        
-        If a cmd file doesn't have Windows line endings, it doesn't work properly.
-        In this case, the label :clean wasn't found, breaking the clean build.
-        
-        Reviewed by Jessie Berlin.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-
-2012-03-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA incorrectly handles ValueToInt32
-        https://bugs.webkit.org/show_bug.cgi?id=80568
-
-        Reviewed by Gavin Barraclough.
-        
-        Changed it match exactly the decision pattern used in
-        DFG::SpeculativeJIT::compileValueToInt32
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
-
-        [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
-        https://bugs.webkit.org/show_bug.cgi?id=80524
-
-        Reviewed by Simon Hausmann.
-
-        Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
-        of WTF library.
-
-        * runtime/Identifier.cpp:
-        * wtf/WTFThreadData.cpp:
-        (JSC):
-        (JSC::IdentifierTable::~IdentifierTable):
-        (JSC::IdentifierTable::add):
-
-2012-03-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG instruction count threshold should be lifted to 10000
-        https://bugs.webkit.org/show_bug.cgi?id=80579
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/Options.cpp:
-        (JSC::Options::initializeOptions):
-
-2012-03-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Incorrect tracking of abstract values of variables forced double
-        https://bugs.webkit.org/show_bug.cgi?id=80566
-        <rdar://problem/11001442>
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-
-2012-03-07  Chao-yng Fu  <fu@mips.com>
-
-        [Qt] Fix the MIPS/SH4 build after r109834
-        https://bugs.webkit.org/show_bug.cgi?id=80492
-
-        Reviewed by Oliver Hunt.
-
-        Implement three-argument branch(Add,Sub)32.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::add32):
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::sub32):
-        (JSC::MacroAssemblerMIPS::branchAdd32):
-        (JSC::MacroAssemblerMIPS::branchSub32):
-
-2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r110127.
-        http://trac.webkit.org/changeset/110127
-        https://bugs.webkit.org/show_bug.cgi?id=80562
-
-        compile failed on AppleWin (Requested by ukai on #webkit).
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage):
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::finalize):
-        * runtime/Executable.h:
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::create):
-        * runtime/JSGlobalData.cpp:
-        (WTF):
-        (Recompiler):
-        (WTF::Recompiler::operator()):
-        (JSC::JSGlobalData::recompileAllJSFunctions):
-        (JSC):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-
-2012-03-07  Hojong Han  <hojong.han@samsung.com>
-
-        The end atom of the marked block considered to filter invalid cells
-        https://bugs.webkit.org/show_bug.cgi?id=79191
-
-        Reviewed by Geoffrey Garen.
-
-        Register file could have stale pointers beyond the end atom of marked block.
-        Those pointers can weasel out of filtering in-middle-of-cell pointer.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isLiveCell):
-
-2012-03-07  Jessie Berlin  <jberlin@apple.com>
-
-        Clean Windows build fails after r110033
-        https://bugs.webkit.org/show_bug.cgi?id=80553
-
-        Rubber-stamped by Jon Honeycutt and Eric Seidel.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        Place the implementation files next to their header files in the wtf/text subdirectory.
-        Use echo -F to tell xcopy that these are files (since there is apparently no flag).
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        Update the path to those implementation files.
-        * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
-        Ditto.
-
-2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Eliminate redundant Phis in DFG
-        https://bugs.webkit.org/show_bug.cgi?id=80415
-
-        Reviewed by Filip Pizlo.
-
-        Although this may not have any advantage at current stage, this is towards
-        minimal SSA to make more high level optimizations (like bug 76770) easier.
-        We have the choices either to build minimal SSA from scratch or to
-        keep current simple Phi insertion mechanism and remove the redundancy
-        in another phase. Currently we choose the latter because the change
-        could be smaller.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
-        (DFG):
-        (RedundantPhiEliminationPhase):
-        (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
-        (JSC::DFG::RedundantPhiEliminationPhase::run):
-        (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
-        (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
-        (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
-        (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
-        (JSC::DFG::performRedundantPhiElimination):
-        * dfg/DFGRedundantPhiEliminationPhase.h: Added.
-        (DFG):
-
-2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Refactor recompileAllJSFunctions() to be less expensive
-        https://bugs.webkit.org/show_bug.cgi?id=80330
-
-        Reviewed by Geoffrey Garen.
-
-        This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
-        load performance, which currently does at least a couple full GCs per navigation.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
-        because the function doesn't actually recompile anything (and never did); it simply throws code
-        away for it to be recompiled later if we determine we should do so.
-        (JSC):
-        (JSC::Heap::collectAllGarbage):
-        (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
-        (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
-        be used in DoublyLinkedLists.
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
-        * runtime/Executable.h:
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
-        * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
-        the list of FunctionExecutables.
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
-
-2012-03-06  Oliver Hunt  <oliver@apple.com>
-
-        Further harden 64-bit JIT
-        https://bugs.webkit.org/show_bug.cgi?id=80457
-
-        Reviewed by Filip Pizlo.
-
-        This patch implements blinding for ImmPtr.  Rather than xor based blinding
-        we perform randomised pointer rotations in order to avoid the significant
-        cost in executable memory that would otherwise be necessary (and to avoid
-        the need for an additional scratch register in some cases).
-
-        As with the prior blinding patch there's a moderate amount of noise as we
-        correct the use of ImmPtr vs. TrustedImmPtr.
-
-        * assembler/AbstractMacroAssembler.h:
-        (ImmPtr):
-        (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::branchPtr):
-        (JSC::MacroAssembler::shouldBlind):
-        (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
-        (RotatedImmPtr):
-        (JSC::MacroAssembler::rotationBlindConstant):
-        (JSC::MacroAssembler::loadRotationBlindedConstant):
-        (JSC::MacroAssembler::convertInt32ToDouble):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::poke):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::storeDouble):
-        (JSC::MacroAssemblerARMv7::branchAdd32):
-        * assembler/MacroAssemblerX86_64.h:
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::rotateRightPtr):
-        (JSC::MacroAssemblerX86_64::xorPtr):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::xorq_rm):
-        (JSC::X86Assembler::rorq_i8r):
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::createOSREntries):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentFillGPR):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::emitEdgeCode):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_post_inc):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-        (JSC::JIT::emitGetVirtualRegister):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_mov):
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emit_op_strcat):
-        (JSC::JIT::emit_op_ensure_property_exists):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emit_op_jmp_scopes):
-        (JSC::JIT::emit_op_switch_imm):
-        (JSC::JIT::emit_op_switch_char):
-        (JSC::JIT::emit_op_switch_string):
-        (JSC::JIT::emit_op_throw_reference_error):
-        (JSC::JIT::emit_op_debug):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emitSlow_op_new_array):
-        (JSC::JIT::emit_op_new_array_buffer):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emit_op_strcat):
-        (JSC::JIT::emit_op_ensure_property_exists):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emit_op_jmp_scopes):
-        (JSC::JIT::emit_op_switch_imm):
-        (JSC::JIT::emit_op_switch_char):
-        (JSC::JIT::emit_op_switch_string):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_by_index):
-        * jit/JITStubCall.h:
-        (JITStubCall):
-        (JSC::JITStubCall::addArgument):
-
-2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        ARM build fix.
-
-        Reviewed by Zoltan Herczeg.
-
-        Implement three-argument branch(Add,Sub)32.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::add32):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::sub32):
-        (JSC::MacroAssemblerARM::branchAdd32):
-        (JSC::MacroAssemblerARM::branchSub32):
-
-2012-03-07  Andy Wingo  <wingo@igalia.com>
-
-        Parser: Inline ScopeNodeData into ScopeNode
-        https://bugs.webkit.org/show_bug.cgi?id=79776
-
-        Reviewed by Geoffrey Garen.
-
-        It used to be that some ScopeNode members were kept in a separate
-        structure because sometimes they wouldn't be needed, and
-        allocating a ParserArena was expensive.  This patch makes
-        ParserArena lazily allocate its IdentifierArena, allowing the
-        members to be included directly, which is simpler and easier to
-        reason about.
-
-        * parser/ParserArena.cpp:
-        (JSC::ParserArena::ParserArena):
-        (JSC::ParserArena::reset):
-        (JSC::ParserArena::isEmpty):
-        * parser/ParserArena.h:
-        (JSC::ParserArena::identifierArena): Lazily allocate the
-        IdentifierArena.
-
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ScopeNode::singleStatement):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (JSC::ScopeNode::destroyData):
-        (JSC::ScopeNode::needsActivationForMoreThanVariables):
-        (JSC::ScopeNode::needsActivation):
-        (JSC::ScopeNode::hasCapturedVariables):
-        (JSC::ScopeNode::capturedVariableCount):
-        (JSC::ScopeNode::captures):
-        (JSC::ScopeNode::varStack):
-        (JSC::ScopeNode::functionStack):
-        (JSC::ScopeNode::neededConstants):
-        (ScopeNode):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
-        into ScopeNode.  Adapt accessors.
-
-2012-03-06  Eric Seidel  <eric@webkit.org>
-
-        Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
-        https://bugs.webkit.org/show_bug.cgi?id=80363
-
-        Reviewed by Mark Rowe.
-
-        Historically WTF has been part of JavaScriptCore, and on Mac and Windows
-        its headers have appeared as part of the "private" headers exported by
-        JavaScriptCore.  All of the WTF headers there are "flattened" into a single
-        private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
-        to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
-
-        However, very soon, we are moving the WTF source code out of JavaScriptCore into its
-        own directory and project.  As part of such, the WTF headers will no longer be part of
-        the JavaScriptCore private interfaces.
-        In preparation for that, this change makes both the Mac and Win builds export
-        WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
-        (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
-
-        There are 5 parts to this change.
-        1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
-            (and header directories) into the appropriate places in the build directory.
-        2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
-            (WebCore, WebKit, etc. had already been taught to look in previous patches).
-        3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
-            using fully qualified paths.
-        4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
-        5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
-
-        Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
-        It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
-        headers, those will have to be updated to use <wtf/Foo.h> after this change.
-        I've discussed this proposed change at length with Mark Rowe, and my understanding is they
-        are ready for (and interested in) this change happening.
-
-        * API/tests/JSNode.c:
-        * API/tests/JSNodeList.c:
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerCodeRef.h:
-        * bytecompiler/BytecodeGenerator.h:
-        * dfg/DFGOperations.cpp:
-        * heap/GCAssertions.h:
-        * heap/HandleHeap.h:
-        * heap/HandleStack.h:
-        * heap/MarkedSpace.h:
-        * heap/PassWeak.h:
-        * heap/Strong.h:
-        * heap/Weak.h:
-        * jit/HostCallReturnValue.cpp:
-        * jit/JIT.cpp:
-        * jit/JITStubs.cpp:
-        * jit/ThunkGenerators.cpp:
-        * parser/Lexer.cpp:
-        * runtime/Completion.cpp:
-        * runtime/Executable.cpp:
-        * runtime/Identifier.h:
-        * runtime/InitializeThreading.cpp:
-        * runtime/JSDateMath.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSStringBuilder.h:
-        * runtime/JSVariableObject.h:
-        * runtime/NumberPrototype.cpp:
-        * runtime/WriteBarrier.h:
-        * tools/CodeProfile.cpp:
-        * tools/TieredMMapArray.h:
-        * wtf/AVLTree.h:
-        * wtf/Alignment.h:
-        * wtf/AlwaysInline.h:
-        * wtf/ArrayBufferView.h:
-        * wtf/Assertions.h:
-        * wtf/Atomics.h:
-        * wtf/Bitmap.h:
-        * wtf/BoundsCheckedPointer.h:
-        * wtf/CheckedArithmetic.h:
-        * wtf/Deque.h:
-        * wtf/ExportMacros.h:
-        * wtf/FastAllocBase.h:
-        * wtf/FastMalloc.h:
-        * wtf/Float32Array.h:
-        * wtf/Float64Array.h:
-        * wtf/Functional.h:
-        * wtf/HashCountedSet.h:
-        * wtf/HashFunctions.h:
-        * wtf/HashMap.h:
-        * wtf/HashSet.h:
-        * wtf/HashTable.h:
-        * wtf/HashTraits.h:
-        * wtf/Int16Array.h:
-        * wtf/Int32Array.h:
-        * wtf/Int8Array.h:
-        * wtf/IntegralTypedArrayBase.h:
-        * wtf/ListHashSet.h:
-        * wtf/MainThread.h:
-        * wtf/MetaAllocator.h:
-        * wtf/Noncopyable.h:
-        * wtf/OwnArrayPtr.h:
-        * wtf/OwnPtr.h:
-        * wtf/PackedIntVector.h:
-        * wtf/ParallelJobs.h:
-        * wtf/PassOwnArrayPtr.h:
-        * wtf/PassOwnPtr.h:
-        * wtf/PassRefPtr.h:
-        * wtf/PassTraits.h:
-        * wtf/Platform.h:
-        * wtf/PossiblyNull.h:
-        * wtf/RefCounted.h:
-        * wtf/RefCountedLeakCounter.h:
-        * wtf/RefPtr.h:
-        * wtf/RetainPtr.h:
-        * wtf/SimpleStats.h:
-        * wtf/Spectrum.h:
-        * wtf/StdLibExtras.h:
-        * wtf/TCPageMap.h:
-        * wtf/TemporaryChange.h:
-        * wtf/ThreadSafeRefCounted.h:
-        * wtf/Threading.h:
-        * wtf/ThreadingPrimitives.h:
-        * wtf/TypeTraits.h:
-        * wtf/TypedArrayBase.h:
-        * wtf/Uint16Array.h:
-        * wtf/Uint32Array.h:
-        * wtf/Uint8Array.h:
-        * wtf/Uint8ClampedArray.h:
-        * wtf/UnusedParam.h:
-        * wtf/Vector.h:
-        * wtf/VectorTraits.h:
-        * wtf/dtoa/double-conversion.h:
-        * wtf/dtoa/utils.h:
-        * wtf/gobject/GRefPtr.h:
-        * wtf/gobject/GlibUtilities.h:
-        * wtf/text/AtomicString.h:
-        * wtf/text/AtomicStringImpl.h:
-        * wtf/text/CString.h:
-        * wtf/text/StringConcatenate.h:
-        * wtf/text/StringHash.h:
-        * wtf/text/WTFString.h:
-        * wtf/unicode/CharacterNames.h:
-        * wtf/unicode/UTF8.h:
-        * wtf/unicode/glib/UnicodeGLib.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        * wtf/unicode/wince/UnicodeWinCE.h:
-        * wtf/url/api/ParsedURL.h:
-        * wtf/url/api/URLString.h:
-        * wtf/wince/FastMallocWinCE.h:
-        * yarr/YarrJIT.cpp:
-
-2012-03-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Array.prototype functions should throw if delete fails
-        https://bugs.webkit.org/show_bug.cgi?id=80467
-
-        Reviewed by Oliver Hunt.
-
-        All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
-        In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
-        in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
-        one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
-        routines, for handling arrays with holes. These three copies should be unified.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::shift):
-        (JSC::unshift):
-            - Added - shared copies of the shift/unshift functionality.
-        (JSC::arrayProtoFuncPop):
-            - should throw if the delete fails.
-        (JSC::arrayProtoFuncReverse):
-            - should throw if the delete fails.
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-            - use shift/unshift.
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-            - Don't try to handle arrays with holes; return a value indicating
-              the generic routine should be used instead.
-        * runtime/JSArray.h:
-            - declaration for shiftCount/unshiftCount changed.
-        * tests/mozilla/js1_6/Array/regress-304828.js:
-            - this was asserting incorrect behaviour.
-
-2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
-        https://bugs.webkit.org/show_bug.cgi?id=80469
-
-        Reviewed by Antonio Gomes.
-
-        * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
-        property on the library being created.
-
-2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG BasicBlock should group the Phi nodes together and separate them
-        from the other nodes
-        https://bugs.webkit.org/show_bug.cgi?id=80361
-
-        Reviewed by Filip Pizlo.
-
-        This would make it more efficient to remove the redundant Phi nodes or
-        insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
-        This is performance neutral on SunSpider, V8 and Kraken.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::clobberStructures):
-        (JSC::DFG::AbstractState::dump):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::insertPhiNode):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::impureCSE):
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkFunctionElimination):
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        GCActivityCallback timer should vary with the length of the previous GC
-        https://bugs.webkit.org/show_bug.cgi?id=80344
-
-        Reviewed by Geoffrey Garen.
-
-        * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
-        GC length so that the GC Activity Callback can use it.
-        (JSC::Heap::Heap):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (JSC::Heap::lastGCLength):
-        (Heap):
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC):
-        (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
-        GC to determine the length of our timer trigger (currently set at 100x the duration 
-        of the last GC).
-
-2012-03-06  Rob Buis  <rbuis@rim.com>
-
-        BlackBerry] Fix cast-align gcc warnings when compiling JSC
-        https://bugs.webkit.org/show_bug.cgi?id=80420
-
-        Reviewed by Gavin Barraclough.
-
-        Fix warnings given in Blackberry build.
-
-        * heap/CopiedBlock.h:
-        (JSC::CopiedBlock::CopiedBlock):
-        * wtf/RefCountedArray.h:
-        (WTF::RefCountedArray::Header::fromPayload):
-
-2012-03-06  Gavin Barraclough  <barraclough@apple.com>
-
-        writable/configurable not respected for some properties of Function/String/Arguments
-        https://bugs.webkit.org/show_bug.cgi?id=80436
-
-        Reviewed by Oliver Hunt.
-
-        Special properties should behave like regular properties.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::defineOwnProperty):
-            - Mis-nested logic for making read-only properties non-live.
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::put):
-            - arguments/length/caller are non-writable, non-configurable - reject appropriately.
-        (JSC::JSFunction::deleteProperty):
-            - Attempting to delete prototype/caller should fail.
-        (JSC::JSFunction::defineOwnProperty):
-            - Ensure prototype is reified on attempt to reify it.
-            - arguments/length/caller are non-writable, non-configurable - reject appropriately.
-        * runtime/JSFunction.h:
-            - added declaration for defineOwnProperty.
-        (JSFunction):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::put):
-            - length is non-writable, non-configurable - reject appropriately.
-
-2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
-
-        TypedArray subarray call for subarray does not clamp the end index parameter properly
-        https://bugs.webkit.org/show_bug.cgi?id=80285
-
-        Reviewed by Kenneth Russell.
-
-        * wtf/ArrayBufferView.h:
-        (WTF::ArrayBufferView::calculateOffsetAndLength):
-
-2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r109837.
-        http://trac.webkit.org/changeset/109837
-        https://bugs.webkit.org/show_bug.cgi?id=80399
-
-        breaks Mac Productions builds, too late to try and fix it
-        tonight (Requested by eseidel on #webkit).
-
-        * API/tests/JSNode.c:
-        * API/tests/JSNodeList.c:
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerCodeRef.h:
-        * bytecompiler/BytecodeGenerator.h:
-        * dfg/DFGOperations.cpp:
-        * heap/GCAssertions.h:
-        * heap/HandleHeap.h:
-        * heap/HandleStack.h:
-        * heap/MarkedSpace.h:
-        * heap/PassWeak.h:
-        * heap/Strong.h:
-        * heap/Weak.h:
-        * jit/HostCallReturnValue.cpp:
-        * jit/JIT.cpp:
-        * jit/JITStubs.cpp:
-        * jit/ThunkGenerators.cpp:
-        * parser/Lexer.cpp:
-        * runtime/Completion.cpp:
-        * runtime/Executable.cpp:
-        * runtime/Identifier.h:
-        * runtime/InitializeThreading.cpp:
-        * runtime/JSDateMath.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSStringBuilder.h:
-        * runtime/JSVariableObject.h:
-        * runtime/NumberPrototype.cpp:
-        * runtime/WriteBarrier.h:
-        * tools/CodeProfile.cpp:
-        * tools/TieredMMapArray.h:
-        * yarr/YarrJIT.cpp:
-
-2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt][ARM] Speculative buildfix after r109834.
-
-        Reviewed by Csaba Osztrogonác.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::and32):
-        (MacroAssemblerARM):
-
-2012-03-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed windows build fix pt 2.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed windows build fix pt 1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-03-05  Gavin Barraclough  <barraclough@apple.com>
-
-        putByIndex should throw in strict mode
-        https://bugs.webkit.org/show_bug.cgi?id=80335
-
-        Reviewed by Filip Pizlo.
-
-        Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
-
-        This is a largely mechanical change, simply adding an extra parameter to a number
-        of functions. Some call sites need perform additional exception checks, and
-        operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
-
-        This patch doesn't fix a missing throw from some cases of shift/unshift (this is
-        an existing bug), I'll follow up with a third patch to handle that.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetPropertyAtIndex):
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::putByIndex):
-        * runtime/Arguments.h:
-        (Arguments):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        * runtime/ClassInfo.h:
-        (MethodTable):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putByIndex):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        * runtime/JSArray.h:
-        (SparseArrayValueMap):
-        (JSArray):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::putByIndex):
-        * runtime/JSByteArray.h:
-        (JSByteArray):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::putByIndex):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::putByIndex):
-        * runtime/JSNotAnObject.h:
-        (JSNotAnObject):
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putByIndex):
-        * runtime/JSObject.h:
-        (JSC::JSValue::putByIndex):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpMatchesArray::fillArrayInstance):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::putByIndex):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSplit):
-
-2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        PredictNone is incorrectly treated as isDoublePrediction
-        https://bugs.webkit.org/show_bug.cgi?id=80365
-
-        Reviewed by Filip Pizlo.
-
-        Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
-
-        * bytecode/PredictedType.h:
-        (JSC::isFixedIndexedStorageObjectPrediction):
-        (JSC::isDoublePrediction):
-
-2012-03-05  Filip Pizlo  <fpizlo@apple.com>
-
-        The LLInt should work even when the JIT is disabled
-        https://bugs.webkit.org/show_bug.cgi?id=80340
-        <rdar://problem/10922235>
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
-        (MacroAssemblerCodeRef):
-        (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTINativeCall):
-        * jit/JITStubs.h:
-        (JSC::JITThunks::ctiNativeCall):
-        (JSC::JITThunks::ctiNativeConstruct):
-        * llint/LLIntEntrypoints.cpp:
-        (JSC::LLInt::getFunctionEntrypoint):
-        (JSC::LLInt::getEvalEntrypoint):
-        (JSC::LLInt::getProgramEntrypoint):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (LLInt):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.h:
-        * llint/LowLevelInterpreter32_64.asm:
-        * runtime/Executable.h:
-        (NativeExecutable):
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::finishCreation):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::parse):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-        * wtf/Platform.h:
-
-2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Checks for dead variables are not sufficient when fixing the expected
-        values in DFG OSR entry
-        https://bugs.webkit.org/show_bug.cgi?id=80371
-
-        Reviewed by Filip Pizlo.
-
-        A dead variable should be identified when there's no node referencing it.
-        But we currently failed to catch the case where there are some nodes
-        referencing a variable but those nodes are actually not referenced by
-        others so will be ignored in code generation. In such case we should
-        also consider that variable to be a dead variable in the block and fix
-        the expected values.
-        This is performance neutral on SunSpider, V8 and Kraken.
-
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-
-2012-03-05  Oliver Hunt  <oliver@apple.com>
-
-        Fix Qt build.
-
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSub32Constant):
-
-2012-03-05  Eric Seidel  <eric@webkit.org>
-
-        Update JavaScriptCore files to use fully-qualified WTF include paths
-        https://bugs.webkit.org/show_bug.cgi?id=79960
-
-        Reviewed by Adam Barth.
-
-        This change does 5 small/related things:
-         1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
-            (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
-            was not installing headers there.)
-         2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
-            header search path, as that's where the WTF headers will be installed.
-         3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
-            in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
-         4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
-            since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
-         5. Makes build-webkit build the WTF XCode project by default.
-
-        * API/tests/JSNode.c:
-        * API/tests/JSNodeList.c:
-        * Configurations/Base.xcconfig:
-        * assembler/MacroAssemblerCodeRef.h:
-        * bytecompiler/BytecodeGenerator.h:
-        * dfg/DFGOperations.cpp:
-        * heap/GCAssertions.h:
-        * heap/HandleHeap.h:
-        * heap/HandleStack.h:
-        * heap/MarkedSpace.h:
-        * heap/PassWeak.h:
-        * heap/Strong.h:
-        * heap/Weak.h:
-        * jit/HostCallReturnValue.cpp:
-        * jit/JIT.cpp:
-        * jit/JITStubs.cpp:
-        * jit/ThunkGenerators.cpp:
-        * parser/Lexer.cpp:
-        * runtime/Completion.cpp:
-        * runtime/Executable.cpp:
-        * runtime/Identifier.h:
-        * runtime/InitializeThreading.cpp:
-        * runtime/JSDateMath.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSStringBuilder.h:
-        * runtime/JSVariableObject.h:
-        * runtime/NumberPrototype.cpp:
-        * runtime/WriteBarrier.h:
-        * tools/CodeProfile.cpp:
-        * tools/TieredMMapArray.h:
-        * yarr/YarrJIT.cpp:
-
-2012-03-05  Oliver Hunt  <oliver@apple.com>
-
-        Add basic support for constant blinding to the JIT
-        https://bugs.webkit.org/show_bug.cgi?id=80354
-
-        Reviewed by Filip Pizlo.
-
-        This patch adds basic constant blinding support to the JIT, at the
-        MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
-        get constant blinding.  Woo!
-
-        This patch only introduces blinding for Imm32, a later patch will do similar
-        for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
-        impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
-        accessor that's needed to access the actual value.  This also means you cannot
-        accidentally pass an untrusted value to a function that does not perform
-        blinding.
-
-        To make everything work sensibly, this patch also corrects some code that was using
-        Imm32 when TrustedImm32 could be used, and refactors a few callers that use
-        untrusted immediates, so that they call slightly different varaints of the functions
-        that they used previously.  This is largely necessary to deal with x86-32 not having
-        sufficient registers to handle the additional work required when we choose to blind
-        a constant.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
-        (Imm32):
-        (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
-        (JSC::AbstractMacroAssembler::endUninterruptedSequence):
-        (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
-        (AbstractMacroAssembler):
-        (JSC::AbstractMacroAssembler::inUninterruptedSequence):
-        (JSC::AbstractMacroAssembler::random):
-        (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
-        (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addressForPoke):
-        (MacroAssembler):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::branchPtr):
-        (JSC::MacroAssembler::branch32):
-        (JSC::MacroAssembler::convertInt32ToDouble):
-        (JSC::MacroAssembler::shouldBlind):
-        (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
-        (BlindedImm32):
-        (JSC::MacroAssembler::keyForConstant):
-        (JSC::MacroAssembler::xorBlindConstant):
-        (JSC::MacroAssembler::additionBlindedConstant):
-        (JSC::MacroAssembler::andBlindedConstant):
-        (JSC::MacroAssembler::orBlindedConstant):
-        (JSC::MacroAssembler::loadXorBlindedConstant):
-        (JSC::MacroAssembler::add32):
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::and32):
-        (JSC::MacroAssembler::andPtr):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::or32):
-        (JSC::MacroAssembler::store32):
-        (JSC::MacroAssembler::sub32):
-        (JSC::MacroAssembler::subPtr):
-        (JSC::MacroAssembler::xor32):
-        (JSC::MacroAssembler::branchAdd32):
-        (JSC::MacroAssembler::branchMul32):
-        (JSC::MacroAssembler::branchSub32):
-        (JSC::MacroAssembler::trustedImm32ForShift):
-        (JSC::MacroAssembler::lshift32):
-        (JSC::MacroAssembler::rshift32):
-        (JSC::MacroAssembler::urshift32):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
-        (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::branchSubPtr):
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emit_op_div):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emitSub32Constant):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emit_op_div):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::updateTopCallFrame):
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emitSlow_op_jfalse):
-        (JSC::JIT::emitSlow_op_jtrue):
-        * jit/JITStubCall.h:
-        (JITStubCall):
-        (JSC::JITStubCall::addArgument):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::backtrack):
-
-2012-03-05  Gavin Barraclough  <barraclough@apple.com>
-
-        putByIndex should throw in strict mode
-        https://bugs.webkit.org/show_bug.cgi?id=80335
-
-        Reviewed by Filip Pizlo.
-
-        We'll need to pass an additional parameter.
-
-        Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
-        to match the method in the MethodTable, make this take a parameter indicating
-        whether the put should throw. This fixes the cases where the base of the put
-        is a primitive.
-
-        * dfg/DFGOperations.cpp:
-        (DFG):
-        (JSC::DFG::putByVal):
-        (JSC::DFG::operationPutByValInternal):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/JSObject.h:
-        (JSC::JSValue::putByIndex):
-        * runtime/JSValue.cpp:
-        (JSC):
-        * runtime/JSValue.h:
-        (JSValue):
-
-2012-03-05  Sam Weinig  <sam@webkit.org>
-
-        Add support for hosting layers in the window server in WebKit2
-        <rdar://problem/10400246>
-        https://bugs.webkit.org/show_bug.cgi?id=80310
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/Platform.h:
-        Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
-
-2012-03-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
-
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
-        * bytecode/ExecutionCounter.h:
-
-2012-03-05  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r109705.
-
-        * bytecode/ExecutionCounter.cpp:
-        * bytecode/ExecutionCounter.h:
-
-2012-03-05  Andy Wingo  <wingo@igalia.com>
-
-        Lexer: Specialize character predicates for LChar, UChar
-        https://bugs.webkit.org/show_bug.cgi?id=79677
-
-        Reviewed by Oliver Hunt.
-
-        This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
-        and isLineTerminator to perform a more limited number of checks if
-        the lexer is being instantiated to work on LChar sequences.  This
-        is about a 1.5% win on the --parse-only suite, here.
-
-        * parser/Lexer.cpp:
-        (JSC::isLatin1): New static helper, specialized for LChar and
-        UChar.
-        (JSC::typesOfLatin1Characters): Rename from
-        typesOfASCIICharacters, and expand to the range of the LChar
-        type.  All uses of isASCII are changed to use isLatin1.  Generated
-        using libunistring.
-        (JSC::isNonLatin1IdentStart):
-        (JSC::isIdentStart):
-        (JSC::isNonLatin1IdentPart):
-        (JSC::isIdentPart):
-        (JSC::Lexer::shiftLineTerminator):
-        (JSC::Lexer::parseIdentifier):
-        (JSC::Lexer::parseIdentifierSlowCase):
-        (JSC::Lexer::parseStringSlowCase):
-        (JSC::Lexer::parseMultilineComment):
-        (JSC::Lexer::lex):
-        (JSC::Lexer::scanRegExp):
-        (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
-        * parser/Lexer.h:
-        (JSC::Lexer::isWhiteSpace):
-        (JSC::Lexer::isLineTerminator):
-        * KeywordLookupGenerator.py:
-        (Trie.printAsC): Declare specialized isIdentPart static functions.
-
-2012-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header file.
-
-2012-03-05  Andy Wingo  <wingo@igalia.com>
-
-        WTF: Micro-optimize cleanup of empty vectors and hash tables
-        https://bugs.webkit.org/show_bug.cgi?id=79903
-
-        Reviewed by Michael Saboff and Geoffrey Garen.
-
-        This patch speeds up cleanup of vectors and hash tables whose
-        backing store was never allocated.  This is the case by default
-        for most vectors / hash tables that never had any entries added.
-
-        The result for me is that calling checkSyntax 1000 times on
-        concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
-        2.4% speedup.
-
-        * wtf/HashTable.h:
-        (WTF::HashTable::~HashTable):
-        (WTF::::clear): Don't deallocate the storage or frob member
-        variables if there is no backing storage.
-        * wtf/Vector.h:
-        (WTF::VectorBufferBase::deallocateBuffer): Likewise.
-
-2012-03-04  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT heuristics should be hyperbolic
-        https://bugs.webkit.org/show_bug.cgi?id=80055
-        <rdar://problem/10922260>
-
-        Reviewed by Oliver Hunt.
-        
-        Added tracking of the amount of executable memory typically used for a bytecode
-        instruction. Modified the execution counter scheme to use this, and the amount
-        of free memory, to determine how long to wait before invoking the JIT.
-        
-        The result is that even if we bomb the VM with more code than can fit in our
-        executable memory pool, we still keep running and almost never run out of
-        executable memory - which ensures that if we have to JIT something critical, then
-        we'll likely have enough memory to do so. This also does not regress performance
-        on the three main benchmarks.
-        
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::predictedMachineCodeSize):
-        (JSC):
-        (JSC::CodeBlock::usesOpcode):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::checkIfJITThresholdReached):
-        (JSC::CodeBlock::dontJITAnytimeSoon):
-        (JSC::CodeBlock::jitAfterWarmUp):
-        (JSC::CodeBlock::jitSoon):
-        (JSC::CodeBlock::llintExecuteCounter):
-        (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
-        (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
-        (JSC::CodeBlock::addressOfJITExecuteCounter):
-        (JSC::CodeBlock::offsetOfJITExecuteCounter):
-        (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
-        (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
-        (JSC::CodeBlock::jitExecuteCounter):
-        (JSC::CodeBlock::checkIfOptimizationThresholdReached):
-        (JSC::CodeBlock::optimizeNextInvocation):
-        (JSC::CodeBlock::dontOptimizeAnytimeSoon):
-        (JSC::CodeBlock::optimizeAfterWarmUp):
-        (JSC::CodeBlock::optimizeAfterLongWarmUp):
-        (JSC::CodeBlock::optimizeSoon):
-        * bytecode/ExecutionCounter.cpp: Added.
-        (JSC):
-        (JSC::ExecutionCounter::ExecutionCounter):
-        (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
-        (JSC::ExecutionCounter::setNewThreshold):
-        (JSC::ExecutionCounter::deferIndefinitely):
-        (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
-        (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
-        (JSC::ExecutionCounter::hasCrossedThreshold):
-        (JSC::ExecutionCounter::setThreshold):
-        (JSC::ExecutionCounter::reset):
-        * bytecode/ExecutionCounter.h: Added.
-        (JSC):
-        (ExecutionCounter):
-        (JSC::ExecutionCounter::formattedTotalCount):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::DemandExecutableAllocator::allocateNewSpace):
-        (JSC::ExecutableAllocator::underMemoryPressure):
-        (JSC):
-        (JSC::ExecutableAllocator::memoryPressureMultiplier):
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutableAllocator::memoryPressureMultiplier):
-        (JSC):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        * llint/LowLevelInterpreter32_64.asm:
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-        * wtf/SimpleStats.h: Added.
-        (WTF):
-        (SimpleStats):
-        (WTF::SimpleStats::SimpleStats):
-        (WTF::SimpleStats::add):
-        (WTF::SimpleStats::operator!):
-        (WTF::SimpleStats::count):
-        (WTF::SimpleStats::sum):
-        (WTF::SimpleStats::sumOfSquares):
-        (WTF::SimpleStats::mean):
-        (WTF::SimpleStats::variance):
-        (WTF::SimpleStats::standardDeviation):
-
-2012-03-04  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
-        https://bugs.webkit.org/show_bug.cgi?id=71507
-
-        Reviewed by Antonio Gomes.
-
-        * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
-
-2012-03-04  David Kilzer  <ddkilzer@apple.com>
-
-        Fix build when the classic interpreter is enabled
-
-        Reviewed by Gavin Barraclough.
-
-        Fixes the following build error when running the "Generate
-        Derived Sources" build phase script:
-
-            offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
-            ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
-                    from JavaScriptCore/offlineasm/asm.rb:131
-            Command /bin/sh failed with exit code 1
-
-        Gavin's fix in r109674 avoided the #error statement in
-        JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
-        caused the "Generate Derived Sources" build phase script to fail
-        when JavaScriptCore/offlineasm/asm.rb was run.  The solution is
-        to detect when the classic interpreter is being built and simply
-        exit early from asm.rb in that case.
-
-        * llint/LLIntOffsetsExtractor.cpp:
-        (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
-        JIT is disabled.  Note that offsets.rb doesn't care about the
-        return value here, but instead it cares about finding the magic
-        values in the binary.  The magic values are no longer present
-        when the JIT is disabled.
-        * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
-        early with a status message.
-        * offlineasm/offsets.rb:
-        (MissingMagicValuesException): Add new exception class.
-        (offsetsAndConfigurationIndex): Throw
-        MissingMagicValuesException when no magic values are found.
-
-2012-03-04  Jurij Smakov  <jurij@wooyd.org>
-
-        SPARC also needs aligned accesses.
-
-        Rubber-stamped by Gustavo Noronha Silva.
-
-        * wtf/Platform.h:
-
-2012-03-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed build fix.
-
-        * jit/JITStubs.h:
-            - Move ENABLE(JIT) to head of file.
-
-2012-03-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
-        https://bugs.webkit.org/show_bug.cgi?id=80217
-
-        Reviewed by Filip Pizlo.
-
-        putByIndex() provides similar behavior to put(), but for indexed property names.
-        Many places in ArrayPrototype call putByIndex() where they really mean to call
-        [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
-        calling numeric accessors (& respecting numeric read only properties) on the
-        prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
-        putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        * runtime/JSArray.cpp:
-        (JSC):
-        (JSC::reject):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::putDirectIndexBeyondVectorLength):
-        * runtime/JSArray.h:
-        (SparseArrayValueMap):
-        (JSArray):
-        (JSC::JSArray::putDirectIndex):
-
-2012-03-03  Benjamin Poulain  <benjamin@webkit.org>
-
-        Implement the basis of KURLWTFURL
-        https://bugs.webkit.org/show_bug.cgi?id=79600
-
-        Reviewed by Adam Barth.
-
-        Add an API to know if a ParsedURL is valid.
-
-        * wtf/url/api/ParsedURL.cpp:
-        (WTF::ParsedURL::ParsedURL):
-        (WTF):
-        (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
-        and by KURL's detach() on write.
-        (WTF::ParsedURL::baseAsString):
-        (WTF::ParsedURL::segment):
-        Add a stronger constraint on accessors: the client of this API should never ask for the segments
-        on an invalid URL.
-        * wtf/url/api/ParsedURL.h:
-        (WTF):
-        (WTF::ParsedURL::ParsedURL):
-        (ParsedURL):
-        (WTF::ParsedURL::isValid):
-
-2012-03-03  Hans Wennborg  <hans@chromium.org>
-
-        Implement Speech JavaScript API
-        https://bugs.webkit.org/show_bug.cgi?id=80019
-
-        Reviewed by Adam Barth.
-
-        Add ENABLE_SCRIPTED_SPEECH.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-03-02  Filip Pizlo  <fpizlo@apple.com>
-
-        When getting the line number of a call into a call frame with no code block, it's
-        incorrect to rely on the returnPC
-        https://bugs.webkit.org/show_bug.cgi?id=80195
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs):
-
-2012-03-02  Han Hojong  <hojong.han@samsung.com>
-
-        Expected results updated for checking type conversion
-        https://bugs.webkit.org/show_bug.cgi?id=80138
-
-        Reviewed by Gavin Barraclough.
-
-        * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
-
-2012-03-02  Kenichi Ishibashi  <bashi@chromium.org>
-
-        Adding WebSocket per-frame DEFLATE extension
-        https://bugs.webkit.org/show_bug.cgi?id=77522
-
-        Added USE(ZLIB) flag.
-
-        Reviewed by Kent Tamura.
-
-        * wtf/Platform.h:
-
-2012-03-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-
-2012-03-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
-        virtue of being in the transitive closure
-        https://bugs.webkit.org/show_bug.cgi?id=80098
- 
-        Reviewed by Anders Carlsson.
-        
-        If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
-        then you might have the visitAggregate() method called concurrently by multiple threads.
-        This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
-        racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
-        due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
-        
-        It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
-        not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
-        any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
-        Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
-        don't lead to two threads racing over each other as they clobber state. This patch
-        achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
-        trivially linearizable) will get to trace the CodeBlock; all other threads give up and
-        go home.
-        
-        Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
-        times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
-        even when it's gotten sufficient counts. But that takes a while - sometimes up to a
-        minute to get a crash. I have no other reliable repro case.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        (DFGData):
-        * heap/DFGCodeBlocks.cpp:
-        (JSC::DFGCodeBlocks::clearMarks):
-
-2012-03-01  Filip Pizlo  <fpizlo@apple.com>
-
-        The JIT should not crash the entire process just because there is not enough executable
-        memory, if the LLInt is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=79962
-
-        Reviewed by Csaba Osztrogonác.
-        
-        Fix for ARM, SH4.
-
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (JSC::AssemblerBufferWithConstantPool::executableCopy):
-
-2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Revert my change. Broke builds.
-        Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
-        Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
-
-        * wtf/Atomics.h:
-        (WTF):
-        (WTF::weakCompareAndSwap):
-
-2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Gcc build fix.
-
-        Rubber-stamped by Filip Pizlo.
-
-        * wtf/Atomics.h:
-        (WTF):
-        (WTF::weakCompareAndSwap):
-
-2012-03-01  Gavin Barraclough  <barraclough@apple.com>
-
-        ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
-        https://bugs.webkit.org/show_bug.cgi?id=80011
-
-        Reviewed by Oliver Hunt.
-
-        Also, fix getting the caller from within a bound function, for within a getter,
-        or setter (make our implementation match other browsers).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-            - Allow this to get the caller of host functions.
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-            - This should use getCallerInfo, and should skip over function bindings.
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::callerGetter):
-            - This should never return a strict-mode function.
-
-2012-03-01  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG local CSE for a node can be terminated earlier
-        https://bugs.webkit.org/show_bug.cgi?id=80014
-
-        Reviewed by Filip Pizlo.
-
-        When one of the node's childredn is met in the process of back traversing
-        the nodes, we don't need to traverse the remaining nodes.
-        This is performance neutral on SunSpider, V8 and Kraken.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::impureCSE):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkFunctionElimination):
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-
-2012-02-29  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG BasicBlocks should not require that their nodes have continuous indices in the graph
-        https://bugs.webkit.org/show_bug.cgi?id=79899
-
-        Reviewed by Filip Pizlo.
-
-        This will make it more convenient to insert nodes into the DFG.
-        With this capability we now place the Phi nodes in the corresponding
-        blocks.
-        Local CSE is modified to not to rely on the assumption of continuous
-        node indices in a block.
-        This is performance neutral on SunSpider, V8 and Kraken.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::AbstractState):
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::clobberStructures):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        (JSC::DFG::AbstractState::dump):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::forNode):
-        (AbstractState):
-        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
-        (ArithNodeFlagsInferencePhase):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::insertPhiNode):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::linkBlock):
-        (JSC::DFG::ByteCodeParser::determineReachability):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        (CFAPhase):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::CSEPhase):
-        (JSC::DFG::CSEPhase::endIndexForPureCSE):
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::impureCSE):
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkFunctionElimination):
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-        (CSEPhase):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGPhase.cpp:
-        (JSC::DFG::Phase::beginPhase):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-02-29  Filip Pizlo  <fpizlo@apple.com>
-
-        The JIT should not crash the entire process just because there is not
-        enough executable memory, if the LLInt is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=79962
-        <rdar://problem/10922215>
-
-        Unreviewed, adding forgotten file.
-
-        * jit/JITCompilationEffort.h: Added.
-        (JSC):
-
-2012-02-29  Filip Pizlo  <fpizlo@apple.com>
-
-        The JIT should not crash the entire process just because there is not
-        enough executable memory, if the LLInt is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=79962
-        <rdar://problem/10922215>
-
-        Reviewed by Gavin Barraclough.
-        
-        Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
-        a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
-        JITCompilationMustSucceed. This preserves the old behavior of LLInt is
-        disabled or if we're compiling something that can't be interpreted (like
-        an OSR exit stub).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        (ARMAssembler):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::~LinkBuffer):
-        (LinkBuffer):
-        (JSC::LinkBuffer::didFailToAllocate):
-        (JSC::LinkBuffer::isValid):
-        (JSC::LinkBuffer::linkCode):
-        (JSC::LinkBuffer::performFinalization):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::executableCopy):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::executableCopy):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-        * bytecode/CodeBlock.cpp:
-        (JSC::ProgramCodeBlock::jitCompileImpl):
-        (JSC::EvalCodeBlock::jitCompileImpl):
-        (JSC::FunctionCodeBlock::jitCompileImpl):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::jitCompile):
-        (CodeBlock):
-        (ProgramCodeBlock):
-        (EvalCodeBlock):
-        (FunctionCodeBlock):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JITCompiler):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::DemandExecutableAllocator::allocateNewSpace):
-        (JSC::ExecutableAllocator::allocate):
-        * jit/ExecutableAllocator.h:
-        (ExecutableAllocator):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutableAllocator::allocate):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compile):
-        (JIT):
-        * jit/JITCompilationEffort.h: Added.
-        (JSC):
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        (JSC::LLInt::entryOSR):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::jitCompile):
-        (JSC::ProgramExecutable::jitCompile):
-        (JSC::FunctionExecutable::jitCompileForCall):
-        (JSC::FunctionExecutable::jitCompileForConstruct):
-        * runtime/Executable.h:
-        (EvalExecutable):
-        (ProgramExecutable):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::jitCompileFor):
-        * runtime/ExecutionHarness.h:
-        (JSC::prepareForExecution):
-        (JSC::prepareFunctionForExecution):
-
-2012-02-29  No'am Rosenthal  <noam.rosenthal@nokia.com>
-
-        [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
-        https://bugs.webkit.org/show_bug.cgi?id=79501
-
-        Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * wtf/Platform.h:
-
-2012-02-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        * tests/mozilla/ecma_2/RegExp/constructor-001.js:
-        * tests/mozilla/ecma_2/RegExp/function-001.js:
-        * tests/mozilla/ecma_2/RegExp/properties-001.js:
-            - Check in new test cases results.
-
-2012-02-29  Mark Rowe  <mrowe@apple.com>
-
-        Stop installing JSCLLIntOffsetsExtractor.
-
-        Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
-        that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
-        This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
-
-        While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
-        for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
-        to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
-        allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
-
-        Reviewed by Filip Pizlo.
-
-        * Configurations/TestRegExp.xcconfig: Removed.
-        * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-02-28  Filip Pizlo  <fpizlo@apple.com>
-
-        RefCounted::deprecatedTurnOffVerifier() should not be deprecated
-        https://bugs.webkit.org/show_bug.cgi?id=79864
-
-        Reviewed by Oliver Hunt.
-        
-        Removed the word "deprecated" from the name of this method, since this method
-        should not be deprecated. It works just fine as it is, and there is simply no
-        alternative to calling this method for many interesting JSC classes.
-
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        * runtime/SymbolTable.h:
-        (JSC::SharedSymbolTable::SharedSymbolTable):
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
-        (WTF::MetaAllocator::allocate):
-        * wtf/RefCounted.h:
-        (RefCountedBase):
-        (WTF::RefCountedBase::turnOffVerifier):
-
-2012-02-29  Gavin Barraclough  <barraclough@apple.com>
-
-        'source' property of RegExp instance cannot be ""
-        https://bugs.webkit.org/show_bug.cgi?id=79938
-
-        Reviewed by Oliver Hunt.
-
-        15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
-        and also states that the result must be a valid RegularExpressionLiteral. '//' is
-        not a valid RegularExpressionLiteral (since it is a single line comment), and hence
-        source cannot ever validly be "". If the source is empty, return a different Pattern
-        that would match the same thing.
-
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectSource):
-            - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-            - No need to special case the empty string - this should be being done by 'source'.
-
-2012-02-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Writable attribute not set correctly when redefining an accessor to a data descriptor
-        https://bugs.webkit.org/show_bug.cgi?id=79931
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineOwnProperty):
-            - use attributesOverridingCurrent instead of attributesWithOverride.
-        * runtime/PropertyDescriptor.cpp:
-        * runtime/PropertyDescriptor.h:
-            - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
-
-2012-02-29  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Add JSCore symbol exports needed by wx port
-        https://bugs.webkit.org/show_bug.cgi?id=77280
-
-        Reviewed by Hajime Morita.
-
-        * wtf/ArrayBufferView.h:
-        * wtf/ExportMacros.h:
-
-2012-02-28  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [CMake] Always build wtf as a static library.
-        https://bugs.webkit.org/show_bug.cgi?id=79857
-
-        Reviewed by Eric Seidel.
-
-        To help the efforts in bug 75673 to move WTF out of
-        JavaScriptCore, act more like the other ports and remove the
-        possibility of building WTF as a shared library.
-
-        It does not make much sense to, for example, ship WTF as a
-        separate .so with webkit-efl packages, and it should be small
-        enough not to cause problems during linking.
-
-        * wtf/CMakeLists.txt:
-
-2012-02-28  Dmitry Lomov  <dslomov@google.com>
-
-        [JSC] Implement ArrayBuffer transfer
-        https://bugs.webkit.org/show_bug.cgi?id=73493.
-        Implement ArrayBuffer transfer, per Khronos spec:  http://www.khronos.org/registry/typedarray/specs/latest/#9.
-        This brings parity with V8 implementation of transferable typed arrays.
-
-        Reviewed by Oliver Hunt.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
-        * wtf/ArrayBuffer.h:
-        (ArrayBuffer): Added extra export.
-
-2012-02-28  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed. Build fix after recent LLInt additions.
-        
-        * wscript:
-
-2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Refactor SpeculativeJIT::emitAllocateJSFinalObject
-        https://bugs.webkit.org/show_bug.cgi?id=79801
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
-        function, which is more generic in that it can allocate a variety of classes.
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
-
-2012-02-28  Gavin Barraclough  <barraclough@apple.com>
-
-        [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
-        https://bugs.webkit.org/show_bug.cgi?id=79588
-
-        Reviewed by Oliver Hunt.
-
-        In the case of [[Get]], this is a pretty trivial bug - just don't wrap
-        primitives at the point you call a getter.
-
-        For setters, this is a little more involved, since we have already wrapped
-        the value up in a synthesized object. Stop doing so. There is also a further
-        subtely, that in strict mode all attempts to create a new data property on
-        the object should throw.
-
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::put):
-            - [[Put]] to a string primitive should use JSValue::putToPrimitive.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-            - Remove static function called in one place.
-        * runtime/JSObject.h:
-        (JSC::JSValue::put):
-            - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::synthesizePrototype):
-            - Add support for synthesizing the prototype of strings.
-        (JSC::JSValue::putToPrimitive):
-            - Added, implements [[Put]] for primitive bases, per 8.7.2.
-        * runtime/JSValue.h:
-        (JSValue):
-            - Add declaration for JSValue::putToPrimitive.
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-            - Don't call ToObject on primitive this values.
-
-2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Re-enable parallel GC on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=79837
-
-        Rubber stamped by Filip Pizlo.
-
-        * runtime/Options.cpp:
-        (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
-        so we removed it and things should go back to normal.
-
-2012-02-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Some run-javascriptcore-tests broken for 32-bit debug
-        https://bugs.webkit.org/show_bug.cgi?id=79844
-
-        Rubber stamped by Oliver Hunt.
-        
-        These assertions are just plain wrong for 32-bit. We could either have a massive
-        assertion that depends on value representation, that has to be changed every
-        time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
-        could get rid of the assertions. I pick the latter.
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Get rid of padding cruft in CopiedBlock
-        https://bugs.webkit.org/show_bug.cgi?id=79686
-
-        Reviewed by Filip Pizlo.
-
-        * heap/CopiedBlock.h:
-        (CopiedBlock): Removed the extra padding that was used for alignment purposes until 
-        the calculation of the payload offset into CopiedBlocks was redone recently.
-
-2012-02-28  Anders Carlsson  <andersca@apple.com>
-
-        Fix build with newer versions of clang.
-
-        Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
-        but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
-        takes a string literal.
-
-        * wtf/Assertions.cpp:
-
-2012-02-28  Mario Sanchez Prada  <msanchez@igalia.com>
-
-        [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
-        https://bugs.webkit.org/show_bug.cgi?id=79496
-
-        Reviewed by Martin Robinson.
-
-        Handle GMainLoop and GMainContext in GRefPtr, by calling
-        g_main_loop_(un)ref and g_main_context_(un)ref in the
-        implementation of the refGPtr and derefGPtr template functions.
-
-        * wtf/gobject/GRefPtr.cpp:
-        (WTF::refGPtr):
-        (WTF):
-        (WTF::derefGPtr):
-        * wtf/gobject/GRefPtr.h:
-        (WTF):
-        * wtf/gobject/GTypedefs.h:
-
-2012-02-28  Yong Li  <yoli@rim.com>
-
-        JSString::resolveRope() should report extra memory cost to the heap.
-        https://bugs.webkit.org/show_bug.cgi?id=79555
-
-        Reviewed by Michael Saboff.
-
-        At the time a JSString is constructed with fibers, it doesn't report
-        extra memory cost, which is reasonable because it hasn't allocate
-        new memory. However when the rope is resolved, it should report meory
-        cost for the new buffer.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-
-2012-02-27  Oliver Hunt  <oliver@apple.com>
-
-        sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=79728
-
-        Reviewed by Gavin Barraclough.
-
-        When initialising a chained get instruction we may end up in a state where
-        the instruction stream says we have a scopechain, but it has not yet been set
-        (eg. if allocating the StructureChain itself is what leads to the GC).  We could
-        re-order the allocation, but it occurs in a couple of places, so it seems less
-        fragile simply to null check the scopechain slot before we actually visit the slot.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitStructures):
-
-2012-02-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Old JIT's style of JSVALUE64 strict equality is subtly wrong
-        https://bugs.webkit.org/show_bug.cgi?id=79700
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::comparePtr):
-        (MacroAssemblerX86_64):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlow_op_stricteq):
-        (JSC::JIT::emitSlow_op_nstricteq):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2012-02-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement support for op_negate and op_bitnot in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=79617
-
-        Reviewed by Filip Pizlo.
-
-        Add an ArithNegate op to the DFG JIT, to implement op_negate.
-
-        This patch also adds support for op_negate to the JSVALUE64 baseline JIT
-        (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
-
-        This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::sub_S):
-            - Added sub_S from immediate.
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::vneg):
-            - Added double negate.
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::negateDouble):
-            - Added double negate.
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::branchNeg32):
-            - Added.
-        * assembler/MacroAssemblerX86.h:
-        (MacroAssemblerX86):
-            - moved loadDouble, absDouble to common.
-        * assembler/MacroAssemblerX86Common.h:
-        (MacroAssemblerX86Common):
-        (JSC::MacroAssemblerX86Common::absDouble):
-            - implementation can be shared.
-        (JSC::MacroAssemblerX86Common::negateDouble):
-            - Added.
-        (JSC::MacroAssemblerX86Common::loadDouble):
-            - allow absDouble to have a common implementation.
-        * assembler/MacroAssemblerX86_64.h:
-        (MacroAssemblerX86_64):
-            - moved loadDouble, absDouble to common.
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-            - support ArithNegate.
-        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
-        (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
-            - support ArithNegate.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-            - support ArithNegate.
-        (JSC::DFG::ByteCodeParser::parseBlock):
-            - support op_negate.
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-            - support ArithNegate.
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-            - support op_negate.
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::negateShouldSpeculateInteger):
-            - support ArithNegate.
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasArithNodeFlags):
-            - support ArithNegate.
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-            - support ArithNegate.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileArithNegate):
-            - support ArithNegate.
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-            - support ArithNegate.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - support ArithNegate.
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - support ArithNegate.
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-            - Add support for op_negate in JSVALUE64.
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emitSlow_op_negate):
-            - Add support for op_negate in JSVALUE64.
-
-2012-02-27  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
-
-        Unreviewed. Build fix for linux-bot (qt) after r109021.
-
-        * runtime/Error.cpp:
-
-2012-02-27  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
-        https://bugs.webkit.org/show_bug.cgi?id=79693
-
-        Reviewed by Filip Pizlo.
-
-        Alas we can't provide the stack trace as an array, as despite everyone wanting
-        an array, everyone arbitrarily creates the array by calling split on the stack
-        trace.  To create the array we would have provided them in the first place.
-
-        This changes the exception's stack property to a \n separated string.  To get the
-        old array just do <exception>.stack.split("\n").
-
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-
-2012-02-27  Gavin Barraclough  <barraclough@apple.com>
-
-        RegExp lastIndex should behave as a regular property
-        https://bugs.webkit.org/show_bug.cgi?id=79446
-
-        Reviewed by Sam Weinig.
-
-        lastIndex should be a regular data descriptor, with the attributes configurable:false,
-        enumerable:false, writable:true. As such, it should be possible to reconfigure writable
-        as false. If the lastIndex property is reconfigured to be read-only, we should respect
-        this correctly.
-
-        * runtime/CommonIdentifiers.h:
-            - Removed some unused identifiers, added lastIndex.
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::getOwnPropertySlot):
-            - lastIndex is no longer a static value, provided specific handling.
-        (JSC::RegExpObject::getOwnPropertyDescriptor):
-            - lastIndex is no longer a static value, provided specific handling.
-        (JSC::RegExpObject::deleteProperty):
-            - lastIndex is no longer a static value, provided specific handling.
-        (JSC::RegExpObject::getOwnPropertyNames):
-            - lastIndex is no longer a static value, provided specific handling.
-        (JSC::RegExpObject::getPropertyNames):
-            - lastIndex is no longer a static value, provided specific handling.
-        (JSC::reject):
-            - helper function for defineOwnProperty.
-        (JSC::RegExpObject::defineOwnProperty):
-            - lastIndex is no longer a static value, provided specific handling.
-        (JSC::RegExpObject::put):
-            - lastIndex is no longer a static value, provided specific handling.
-        (JSC::RegExpObject::match):
-            - Pass setLastIndex an ExecState, so it can throw if read-only.
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::setLastIndex):
-            - Pass setLastIndex an ExecState, so it can throw if read-only.
-        (RegExpObjectData):
-            - Added lastIndexIsWritable.
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-            - Pass setLastIndex an ExecState, so it can throw if read-only.
-
-2012-02-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement support for op_negate and op_bitnot in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=79617
-
-        Reviewed by Sam Weinig.
-
-        Remove op_bitnop - this is redundant, ~x === x^-1.
-        This is a fractional (<1%) progression.
-
-        Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
-        Remove CanReuse from the result type - this was unused.
-        Remove op_bitnot.
-
-        * assembler/MacroAssemblerARM.h:
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::xor32):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::xor32):
-        * assembler/MacroAssemblerMIPS.h:
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::xor32):
-        * assembler/MacroAssemblerSH4.h:
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::xor32):
-        * assembler/MacroAssemblerX86Common.h:
-        (MacroAssemblerX86Common):
-        (JSC::MacroAssemblerX86Common::xor32):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC):
-        (JSC::BitwiseNotNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC):
-        * jit/JITOpcodes.cpp:
-        (JSC):
-        * jit/JITStubs.cpp:
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter32_64.asm:
-        * parser/NodeConstructors.h:
-        (JSC::NegateNode::NegateNode):
-        (JSC::BitwiseNotNode::BitwiseNotNode):
-        (JSC::MultNode::MultNode):
-        (JSC::DivNode::DivNode):
-        (JSC::ModNode::ModNode):
-        (JSC::SubNode::SubNode):
-        (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
-        * parser/Nodes.h:
-        (BitwiseNotNode):
-        (JSC::BitwiseNotNode::expr):
-        (JSC):
-        * parser/ResultType.h:
-        (ResultType):
-        (JSC::ResultType::numberTypeIsInt32):
-        (JSC::ResultType::stringOrNumberType):
-        (JSC::ResultType::forAdd):
-        (JSC::ResultType::forBitOp):
-
-2012-02-27  Michael Saboff  <msaboff@apple.com>
-
-        Error check regexp min quantifier
-        https://bugs.webkit.org/show_bug.cgi?id=70648
-
-        Reviewed by Gavin Barraclough.
-
-        Added checking for min or only quantifier being UINT_MAX.
-        When encountered this becomes a SyntaxError during parsing.
-
-        * yarr/YarrParser.h:
-        (JSC::Yarr::Parser::parseQuantifier):
-        (JSC::Yarr::Parser::parse):
-        (Parser):
-
-2012-02-27  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2012-02-26  Hajime Morrita  <morrita@chromium.org>
-
-        Move ChromeClient::showContextMenu() to ContextMenuClient
-        https://bugs.webkit.org/show_bug.cgi?id=79427
-
-        Reviewed by Adam Barth.
-
-        Added ACCESSIBILITY_CONTEXT_MENUS.
-
-        * wtf/Platform.h:
-
-2012-02-26  Filip Pizlo  <fpizlo@apple.com>
-
-        LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=79616
-
-        Reviewed by Oliver Hunt.
-        
-        Guard against the fact that in JSVALUE64, JSValue().isCell() == true.
-
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::validate):
-
-2012-02-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should support activations and nested functions
-        https://bugs.webkit.org/show_bug.cgi?id=79554
-
-        Reviewed by Sam Weinig.
-        
-        Fix 32-bit. The 32-bit function+activation code had some really weird
-        register reuse bugs.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Getting the instruction stream for a code block should not require two loads
-        https://bugs.webkit.org/show_bug.cgi?id=79608
-
-        Reviewed by Sam Weinig.
-        
-        Introduced the RefCountedArray class, which contains a single inline pointer
-        to a ref-counted non-resizeable vector backing store. This satisfies the
-        requirements of CodeBlock, which desires the ability to share instruction
-        streams with other CodeBlocks. It also reduces the number of loads required
-        for getting the instruction stream by one.
-        
-        This patch also gets rid of the bytecode discarding logic, since we don't
-        use it anymore and it's unlikely to ever work right with DFG or LLInt. And
-        I didn't feel like porting dead code to use RefCountedArray.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::instructionOffsetForNth):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::handlerForBytecodeOffset):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::numberOfInstructions):
-        (JSC::CodeBlock::instructions):
-        (JSC::CodeBlock::instructionCount):
-        (JSC::CodeBlock::valueProfileForBytecodeOffset):
-        (JSC):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::Label::setLocation):
-        (JSC):
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::newLabel):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC):
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::instructions):
-        * bytecompiler/Label.h:
-        (JSC::Label::Label):
-        (Label):
-        * dfg/DFGByteCodeCache.h:
-        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::get):
-        * jit/JITExceptions.cpp:
-        (JSC::genericThrow):
-        * llint/LowLevelInterpreter32_64.asm:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        * wtf/RefCountedArray.h: Added.
-        (WTF):
-        (RefCountedArray):
-        (WTF::RefCountedArray::RefCountedArray):
-        (WTF::RefCountedArray::operator=):
-        (WTF::RefCountedArray::~RefCountedArray):
-        (WTF::RefCountedArray::size):
-        (WTF::RefCountedArray::data):
-        (WTF::RefCountedArray::begin):
-        (WTF::RefCountedArray::end):
-        (WTF::RefCountedArray::at):
-        (WTF::RefCountedArray::operator[]):
-        (Header):
-        (WTF::RefCountedArray::Header::size):
-        (WTF::RefCountedArray::Header::payload):
-        (WTF::RefCountedArray::Header::fromPayload):
-        * wtf/Platform.h:
-
-2012-02-26  Yusuke Suzuki  <utatane.tea@gmail.com>
-
-        StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
-        https://bugs.webkit.org/show_bug.cgi?id=79571
-
-        Reviewed by Gavin Barraclough.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        * parser/Parser.cpp:
-        (JSC::::parseProperty):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-
-2012-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Implement fast path for op_new_array in the baseline JIT
-        https://bugs.webkit.org/show_bug.cgi?id=78612
-
-        Reviewed by Filip Pizlo.
-
-        heap/CopiedAllocator.h:
-        (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
-        * heap/CopiedSpace.h:
-        (CopiedSpace): Friended the JIT to allow access to isOversize.
-        (JSC::CopiedSpace::allocator):
-        * heap/Heap.h:
-        (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
-        can use it for simple allocation i.e. when we can just bump the offset without having to 
-        do anything else.
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
-        we have to bail out because the fast allocation path fails for whatever reason.
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
-        allocate generic backing stores. This function is used by emitAllocateJSArray.
-        (JSC):
-        (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
-        more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
-        it will also be used for emit_op_new_array_buffer.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
-        a stub call for oversize arrays.
-        (JSC):
-        (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 
-        fail in any way on the fast path.
-        * runtime/JSArray.cpp:
-        (JSC):
-        * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
-        initialize in the JIT.
-        (ArrayStorage):
-        (JSC::ArrayStorage::lengthOffset):
-        (JSC::ArrayStorage::numValuesInVectorOffset):
-        (JSC::ArrayStorage::allocBaseOffset):
-        (JSC::ArrayStorage::vectorOffset):
-        (JSArray):
-        (JSC::JSArray::sparseValueMapOffset):
-        (JSC::JSArray::subclassDataOffset):
-        (JSC::JSArray::indexBiasOffset):
-        (JSC):
-        (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
-        to being a static function in the JSArray class. This move allows the JIT to call it to 
-        see what size it should allocate.
-
-2012-02-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getLineNumberForCallFrame):
-        (JSC::Interpreter::getStackTrace):
-
-2012-02-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r108681.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getLineNumberForCallFrame):
-
-2012-02-25  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt assembly file should be split into 32-bit and 64-bit parts
-        https://bugs.webkit.org/show_bug.cgi?id=79584
-
-        Reviewed by Sam Weinig.
-        
-        Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
-        the ability to include files, and correctly track dependencies: it restricts
-        the include mechanism to using the same directory as the source file, and uses
-        the SHA1 hash of all .asm files in that directory as an input hash.
-
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm: Added.
-            - This is just the entire contents of what was previously LowLevelInterpreter.asm
-        * llint/LowLevelInterpreter64.asm: Added.
-        * offlineasm/asm.rb:
-        * offlineasm/ast.rb:
-        * offlineasm/generate_offset_extractor.rb:
-        * offlineasm/parser.rb:
-        * offlineasm/self_hash.rb:
-
-2012-02-25  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm should support X86_64
-        https://bugs.webkit.org/show_bug.cgi?id=79581
-
-        Reviewed by Oliver Hunt.
-
-        * llint/LLIntOfflineAsmConfig.h:
-        * offlineasm/backends.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/settings.rb:
-        * offlineasm/x86.rb:
-
-2012-02-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should support activations and nested functions
-        https://bugs.webkit.org/show_bug.cgi?id=79554
-
-        Reviewed by Oliver Hunt.
-        
-        Wrote the simplest possible implementation of activations. Big speed-up on
-        code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
-        Kraken) because they do not appear to have sufficient coverage over code
-        that uses activations.
-
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionFromValue):
-        * bytecode/PredictedType.h:
-        (JSC):
-        (JSC::isEmptyPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::needsActivation):
-        * dfg/DFGNode.h:
-        (DFG):
-        (JSC::DFG::Node::storageAccessDataIndex):
-        (Node):
-        (JSC::DFG::Node::hasFunctionDeclIndex):
-        (JSC::DFG::Node::functionDeclIndex):
-        (JSC::DFG::Node::hasFunctionExprIndex):
-        (JSC::DFG::Node::functionExprIndex):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-25  Benjamin Poulain  <benjamin@webkit.org>
-
-        Add an empty skeleton of KURL for WTFURL
-        https://bugs.webkit.org/show_bug.cgi?id=78990
-
-        Reviewed by Adam Barth.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
-        so that can use them in WebCore.
-
-2012-02-25  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix build for DFG disabled and LLInt enabled.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2012-02-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fix the CopiedBlock offset alignment in a cross platform fashion
-        https://bugs.webkit.org/show_bug.cgi?id=79556
-
-        Reviewed by Filip Pizlo.
-
-        Replaced m_payload with a payload() method that calculates the offset
-        of the payload with the proper alignment. This change allows us to 
-        avoid alignment-related issues in a cross-platform manner.
-
-        * heap/CopiedAllocator.h:
-        (JSC::CopiedAllocator::currentUtilization):
-        * heap/CopiedBlock.h:
-        (JSC::CopiedBlock::CopiedBlock):
-        (JSC::CopiedBlock::payload):
-        (CopiedBlock):
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::doneFillingBlock):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::borrowBlock):
-        (JSC::CopiedSpace::allocateFromBlock):
-
-2012-02-24  Michael Saboff  <msaboff@apple.com>
-
-        Unreviewed, Windows build fix.  Changed signature in export to match
-        change made in r108858.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG support for op_new_regexp should be enabled
-        https://bugs.webkit.org/show_bug.cgi?id=79538
-
-        Reviewed by Oliver Hunt.
-        
-        No performance change.
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGCommon.h:
-
-2012-02-24  Michael Saboff  <msaboff@apple.com>
-
-        ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
-        https://bugs.webkit.org/show_bug.cgi?id=73728
-
-        Reviewed by Gavin Barraclough.
-
-        Fixed the mixing of signed and unsigned character indeces in YARR
-        interpreter.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match): Added code to check for match longer than 2^31 and
-        return no match after resetting the offsets.
-        * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
-        handling except when matching back references.
-        (JSC::Yarr::Interpreter::InputStream::readChecked):
-        (JSC::Yarr::Interpreter::InputStream::checkInput):
-        (JSC::Yarr::Interpreter::InputStream::uncheckInput):
-        (JSC::Yarr::Interpreter::InputStream::atStart):
-        (JSC::Yarr::Interpreter::InputStream::atEnd):
-        (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
-        (JSC::Yarr::Interpreter::checkCharacter):
-        (JSC::Yarr::Interpreter::checkCasedCharacter):
-        (JSC::Yarr::Interpreter::checkCharacterClass):
-        (JSC::Yarr::Interpreter::tryConsumeBackReference):
-        (JSC::Yarr::Interpreter::matchAssertionBOL):
-        (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
-        (JSC::Yarr::Interpreter::backtrackPatternCharacter):
-        (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
-        (JSC::Yarr::Interpreter::matchCharacterClass):
-        (JSC::Yarr::Interpreter::backtrackCharacterClass):
-        (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        (JSC::Yarr::ByteCompiler::assertionBOL):
-        (JSC::Yarr::ByteCompiler::assertionEOL):
-        (JSC::Yarr::ByteCompiler::assertionWordBoundary):
-        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
-        (JSC::Yarr::ByteCompiler::atomCharacterClass):
-        (JSC::Yarr::ByteCompiler::atomBackReference):
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/YarrInterpreter.h:
-
-2012-02-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
-        enabled.
-
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LowLevelInterpreter.asm:
-
-2012-02-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to handle variables getting captured
-        https://bugs.webkit.org/show_bug.cgi?id=79469
-
-        Reviewed by Oliver Hunt.
-        
-        Made captured variables work by placing a Flush on the SetLocal and
-        forcing the emission of the GetLocal even if copy propagation tells us
-        who has the value.
-        
-        Changed the CFA and various prediction codes to understand that we can't
-        really prove anything about captured variables. Well, we could in the
-        future by just looking at what side effects are happening, but in this
-        first cut we just assume that we can't reason about captured variables.
-        
-        Also added a mode where the DFG pretends that all variables and arguments
-        got captured. Used this mode to harden the code.
-        
-        This is performance neutral. Capturing all variables is a slow down, but
-        not too big of one. This seems to predict that when we add activation
-        support, the amount of speed benefit we'll get from increased coverage
-        will far outweigh the pessimism that we'll have to endure for captured
-        variables.
-
-        * bytecode/CodeType.h:
-        (JSC::codeTypeToString):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::merge):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::flushArgument):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::mightInlineFunctionForCall):
-        (JSC::DFG::mightInlineFunctionForConstruct):
-        * dfg/DFGCommon.h:
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::needsActivation):
-        (Graph):
-        (JSC::DFG::Graph::argumentIsCaptured):
-        (JSC::DFG::Graph::localIsCaptured):
-        (JSC::DFG::Graph::isCaptured):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldGenerate):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (ValueSource):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-
-2012-02-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Should not allow malformed \x escapes
-        https://bugs.webkit.org/show_bug.cgi?id=79462
-
-        Reviewed by Oliver Hunt.
-
-        * parser/Lexer.cpp:
-        (JSC::::parseString):
-        (JSC::::parseStringSlowCase):
-            - Prohibit malformed '\x' escapes
-        * tests/mozilla/ecma/Array/15.4.5.1-1.js:
-        * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
-        * tests/mozilla/ecma_2/RegExp/hex-001.js:
-        * tests/mozilla/js1_2/regexp/hexadecimal.js:
-            - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
-
-2012-02-24  Daniel Bates  <dbates@webkit.org>
-
-        Fix change log entry for changeset r108819; add bug URL
-        https://bugs.webkit.org/show_bug.cgi?id=79504
-
-        Changeset r108819 is associated with bug #79504.
-
-        * ChangeLog
-
-2012-02-24  Daniel Bates  <dbates@webkit.org>
-
-        Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=79504
-
-        Reviewed by Oliver Hunt.
-
-        There are a few places in Interpreter.cpp that need to be updated to use
-        ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
-        ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
-        (https://bugs.webkit.org/show_bug.cgi?id=78791).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getLineNumberForCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::getSourceURLFromCallFrame):
-
-2012-02-24  Adam Roben  <aroben@apple.com>
-
-        Undo the BUILDING_WTF part of r108808
-
-        This broke the build, which is obviously worse than the linker warning it was trying to
-        solve.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-
-2012-02-24  Adam Roben  <aroben@apple.com>
-
-        Fix linker warnings on Windows
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
-        exported via JS_EXPORTDATA.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
-        aren't actually building WTF, but we are statically linking it, so we need to define this
-        symbol so that we export WTF's exports.
-
-2012-02-24  Philippe Normand  <pnormand@igalia.com>
-
-        Fix GTK WebAudio build for WebKitGTK 1.7.90.
-
-        Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
-        Rubber-stamped by Philippe Normand.
-
-        * GNUmakefile.list.am: Add Complex.h to the list of files so it
-        gets disted in the tarballs.
-
-2012-02-24  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
-        https://bugs.webkit.org/show_bug.cgi?id=79199
-
-        Ruber stamped by Csaba Osztrogonác.
-
-        Temporary fix since the new member wastes a little space on
-        64 bit systems. Although it is harmless, it is only needed
-        for 32 bit systems.
-
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-
-2012-02-24  Han Hojong  <hojong.han@samsung.com>
-
-        Remove useless jump instructions for short circuit
-        https://bugs.webkit.org/show_bug.cgi?id=75602
-
-        Reviewed by Michael Saboff.
-
-        Jump instruction is inserted to make short circuit, 
-        however it does nothing but moving to the next instruction.
-        Therefore useless jump instructions are removed, 
-        and jump list is moved into the case not for a short circuit,
-        so that only necessary instructions are added to JIT code
-        unless it has a 16 bit pattern character and an 8 bit string.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
-
-2012-02-24  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r108731.
-        http://trac.webkit.org/changeset/108731
-        https://bugs.webkit.org/show_bug.cgi?id=79464
-
-        Broke Chromium Win tests (Requested by bashi on #webkit).
-
-        * wtf/Platform.h:
-
-2012-02-24  Andrew Lo  <anlo@rim.com>
-
-        [BlackBerry] Enable requestAnimationFrame
-        https://bugs.webkit.org/show_bug.cgi?id=79408
-
-        Use timer implementation of requestAnimationFrame on BlackBerry.
-
-        Reviewed by Rob Buis.
-
-        * wtf/Platform.h:
-
-2012-02-24  Mathias Bynens  <mathias@qiwi.be>
-
-        `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
-        https://bugs.webkit.org/show_bug.cgi?id=78908
-
-        Add additional checks for zero-width non-joiner (0x200C) and
-        zero-width joiner (0x200D) characters.
-
-        Reviewed by Michael Saboff.
-
-        * parser/Lexer.cpp:
-        (JSC::isNonASCIIIdentPart)
-        * runtime/LiteralParser.cpp:
-        (JSC::::Lexer::lexIdentifier)
-
-2012-02-23  Kenichi Ishibashi  <bashi@chromium.org>
-
-        Adding WebSocket per-frame DEFLATE extension
-        https://bugs.webkit.org/show_bug.cgi?id=77522
-
-        Added USE(ZLIB) flag.
-
-        Reviewed by Kent Tamura.
-
-        * wtf/Platform.h:
-
-2012-02-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Zero out CopiedBlocks on initialization
-        https://bugs.webkit.org/show_bug.cgi?id=79199
-
-        Reviewed by Filip Pizlo.
-
-        Made CopyBlocks zero their payloads during construction. This allows 
-        JSArray to avoid having to manually clear its backing store upon allocation
-        and also alleviates any future pain with regard to the garbage collector trying 
-        to mark what it thinks are values in what is actually uninitialized memory.
-
-        * heap/CopiedBlock.h:
-        (JSC::CopiedBlock::CopiedBlock):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::finishCreation):
-        (JSC::JSArray::tryFinishCreationUninitialized):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::unshiftCountSlowCase):
-
-2012-02-23  Oliver Hunt  <oliver@apple.com>
-
-        Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
-        https://bugs.webkit.org/show_bug.cgi?id=79407
-
-        Reviewed by Gavin Barraclough.
-
-        Outside of exception handling, we don't know what our source line number is.  This
-        change allows us to pass -1 is as the initial line number, and get the correct line
-        number in the resultant stack trace.  We can't completely elide the initial line
-        number (yet) due to some idiosyncrasies of the exception handling machinery.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getLineNumberForCallFrame):
-        (JSC):
-        (JSC::Interpreter::getStackTrace):
-
-2012-02-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit value profiling should have graceful handling of local variables and arguments
-        https://bugs.webkit.org/show_bug.cgi?id=79310
-
-        Reviewed by Gavin Barraclough.
-        
-        Previously, if we OSR exited because a prediction in a local was wrong, we'd
-        only realize what the true type of the local was if the regular value profiling
-        kicked in and told us. Unless the local was block-locally copy propagated, in
-        which case we'd know from an OSR exit profile.
-        
-        This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
-        exit because of a mispredicted local or argument type, we'll know what the type of
-        the local or argument should be immediately upon exiting.
-        
-        The way that local variable OSR exit profiling works is that we now have a lazily
-        added set of OSR-exit-only value profiles for exit sites that are BadType and that
-        cited a GetLocal as their value source. The value profiles are only added if the
-        OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
-        operand. The look-up is performed by querying the
-        CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
-        the bytecode index and the operand. Because the value profiles are added at random
-        times, they are not sorted; instead they are just stored in an arbitrarily-ordered
-        SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
-        creates a LazyOperandValueProfileParser, which turns the
-        CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
-        of DFG parsing.
-        
-        Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
-        into which values observed during OSR exit would be placed. Now it uses a lazy
-        thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
-        either contain a ValueProfile inside it (which works for previous uses of OSR exit
-        profiling) or it may just have knowledge of how to go about creating the
-        LazyOperandValueProfile in the case that the OSR exit is actually taken. This
-        ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
-        value profiling buckets unless we actually did OSR exit on every single operand,
-        in every single instruction, in each code block (that's probably unlikely).
-        
-        This appears to be neutral on the major benchmarks, but is a double-digit speed-up
-        on code deliberately written to have data flow that spans basic blocks and where
-        the code exhibits post-optimization polymorphism in a local variable.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::lazyOperandValueProfiles):
-        * bytecode/LazyOperandValueProfile.cpp: Added.
-        (JSC):
-        (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
-        (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
-        (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
-        (JSC::CompressedLazyOperandValueProfileHolder::add):
-        (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
-        (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
-        (JSC::LazyOperandValueProfileParser::getIfPresent):
-        (JSC::LazyOperandValueProfileParser::prediction):
-        * bytecode/LazyOperandValueProfile.h: Added.
-        (JSC):
-        (LazyOperandValueProfileKey):
-        (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
-        (JSC::LazyOperandValueProfileKey::operator!):
-        (JSC::LazyOperandValueProfileKey::operator==):
-        (JSC::LazyOperandValueProfileKey::hash):
-        (JSC::LazyOperandValueProfileKey::bytecodeOffset):
-        (JSC::LazyOperandValueProfileKey::operand):
-        (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
-        (JSC::LazyOperandValueProfileKeyHash::hash):
-        (JSC::LazyOperandValueProfileKeyHash::equal):
-        (LazyOperandValueProfileKeyHash):
-        (WTF):
-        (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
-        (LazyOperandValueProfile):
-        (JSC::LazyOperandValueProfile::key):
-        (CompressedLazyOperandValueProfileHolder):
-        (LazyOperandValueProfileParser):
-        * bytecode/MethodOfGettingAValueProfile.cpp: Added.
-        (JSC):
-        (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
-        (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
-        * bytecode/MethodOfGettingAValueProfile.h: Added.
-        (JSC):
-        (MethodOfGettingAValueProfile):
-        (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
-        (JSC::MethodOfGettingAValueProfile::operator!):
-        * bytecode/ValueProfile.cpp: Removed.
-        * bytecode/ValueProfile.h:
-        (JSC):
-        (ValueProfileBase):
-        (JSC::ValueProfileBase::ValueProfileBase):
-        (JSC::ValueProfileBase::dump):
-        (JSC::ValueProfileBase::computeUpdatedPrediction):
-        (JSC::MinimalValueProfile::MinimalValueProfile):
-        (ValueProfileWithLogNumberOfBuckets):
-        (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
-        (JSC::ValueProfile::ValueProfile):
-        (JSC::getValueProfileBytecodeOffset):
-        (JSC::getRareCaseProfileBytecodeOffset):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::valueProfileFor):
-        (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
-        (Graph):
-        * dfg/DFGNode.h:
-        (Node):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGPhase.cpp:
-        (JSC::DFG::Phase::beginPhase):
-        (JSC::DFG::Phase::endPhase):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
-        (VariableAccessData):
-
-2012-02-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix.
-
-        * llint/LLIntOffsetsExtractor.cpp:
-
-2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.
-
-        * llint/LLIntOffsetsExtractor.cpp:
-        * wtf/Platform.h:
-
-2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix for non-Mac wx builds.
-
-        * runtime/DatePrototype.cpp:
-
-2012-02-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
-        https://bugs.webkit.org/show_bug.cgi?id=79334
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::flush):
-
-2012-02-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Object.isSealed / Object.isFrozen don't work for native objects
-        https://bugs.webkit.org/show_bug.cgi?id=79331
-
-        Reviewed by Sam Weinig.
-
-        Need to inspect all properties, including static ones.
-        This exposes a couple of bugs in Array & Arguments:
-            - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
-            - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::defineOwnProperty):
-            - Add handling for callee/caller/length.
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertyDescriptor):
-            - report length's writability correctly.
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorSeal):
-        (JSC::objectConstructorFreeze):
-        (JSC::objectConstructorIsSealed):
-        (JSC::objectConstructorIsFrozen):
-            - Add spec-based implementation for non-final objects.
-
-2012-02-23  Gavin Barraclough  <barraclough@apple.com>
-
-        pop of array hole should get from the prototype chain
-        https://bugs.webkit.org/show_bug.cgi?id=79338
-
-        Reviewed by Sam Weinig.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::pop):
-            - If the fast fast vector case fails, more closely follow the spec.
-
-2012-02-23  Yong Li  <yoli@rim.com>
-
-        JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
-        https://bugs.webkit.org/show_bug.cgi?id=79268
-
-        Reviewed by Michael Saboff.
-
-        resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
-        after it fails to allocate a buffer for m_value. So outOfMemory() should assert
-        isRope() rather than !isRope().
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::outOfMemory):
-
-2012-02-23  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
-        https://bugs.webkit.org/show_bug.cgi?id=79371
-
-        Reviewed by Daniel Bates.
-
-        * CMakeLists.txt:
-        * shell/CMakeLists.txt:
-        * wtf/CMakeLists.txt:
-
-2012-02-23  Aron Rosenberg  <arosenberg@logitech.com>
-
-        Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
-        https://bugs.webkit.org/show_bug.cgi?id=76210
-
-        Add compile time check for Visual Studio 2005 or newer.
-
-        Reviewed by Simon Hausmann.
-
-        * os-win32/inttypes.h:
-
-2012-02-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement [[DefineOwnProperty]] for the arguments object
-        https://bugs.webkit.org/show_bug.cgi?id=79309
-
-        Reviewed by Sam Weinig.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::deletePropertyByIndex):
-        (JSC::Arguments::deleteProperty):
-            - Deleting an argument should also delete the copy on the object, if any.
-        (JSC::Arguments::defineOwnProperty):
-            - Defining a property may override the live mapping.
-        * runtime/Arguments.h:
-        (Arguments):
-
-2012-02-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix Object.freeze for non-final objects.
-        https://bugs.webkit.org/show_bug.cgi?id=79286
-
-        Reviewed by Oliver Hunt.
-
-        For vanilla objects we implement this with a single transition, for objects
-        with special properties we should just follow the spec defined algorithm.
-
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-            - this does need to handle inextensible objects.
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorSeal):
-        (JSC::objectConstructorFreeze):
-            - Implement spec defined algorithm for non-final objects.
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::freezeTransition):
-            - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
-        * runtime/Structure.h:
-        (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
-        (JSC::Structure::setHasGetterSetterProperties):
-        (JSC::Structure::setContainsReadOnlyProperties):
-        (Structure):
-            - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
-
-2012-02-22  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Allocations from CopiedBlocks should always be 8-byte aligned
-        https://bugs.webkit.org/show_bug.cgi?id=79271
-
-        Reviewed by Geoffrey Garen.
-
-        * heap/CopiedAllocator.h:
-        (JSC::CopiedAllocator::allocate):
-        * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always 
-        guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
-        (CopiedBlock):
-        * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::getFreshBlock):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::allocateFromBlock):
-        * runtime/JSArray.h:
-        (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte 
-        aligned on both 64- and 32-bit platforms.
-        * wtf/StdLibExtras.h:
-        (WTF::is8ByteAligned): Added new utility function that functions similarly to the 
-        way isPointerAligned does, but it just always checks for 8 byte alignment.
-        (WTF):
-
-2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r108456.
-        http://trac.webkit.org/changeset/108456
-        https://bugs.webkit.org/show_bug.cgi?id=79223
-
-        Broke fast/regex/pcre-test-4.html and cannot find anyone on
-        IRC (Requested by zherczeg on #webkit).
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
-
-2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r108468.
-        http://trac.webkit.org/changeset/108468
-        https://bugs.webkit.org/show_bug.cgi?id=79219
-
-        Broke Chromium Win release build (Requested by bashi on
-        #webkit).
-
-        * wtf/Platform.h:
-
-2012-02-22  Kenichi Ishibashi  <bashi@chromium.org>
-
-        Adding WebSocket per-frame DEFLATE extension
-        https://bugs.webkit.org/show_bug.cgi?id=77522
-
-        Added USE(ZLIB) flag.
-
-        Reviewed by Kent Tamura.
-
-        * wtf/Platform.h:
-
-2012-02-22  Hojong Han  <hojong.han@samsung.com>
-
-        Short circuit fixed for a 16 bt pattern character and an 8 bit string.
-        https://bugs.webkit.org/show_bug.cgi?id=75602
-
-        Reviewed by Gavin Barraclough.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
-
-2012-02-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix for systems with case sensitive disks.
-
-        * llint/LLIntOfflineAsmConfig.h:
-
-2012-02-21  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should be a triple-tier VM
-        https://bugs.webkit.org/show_bug.cgi?id=75812
-        <rdar://problem/10079694>
-
-        Reviewed by Gavin Barraclough.
-        
-        Implemented an interpreter that uses the JIT's calling convention. This
-        interpreter is called LLInt, or the Low Level Interpreter. JSC will now
-        will start by executing code in LLInt and will only tier up to the old
-        JIT after the code is proven hot.
-        
-        LLInt is written in a modified form of our macro assembly. This new macro
-        assembly is compiled by an offline assembler (see offlineasm), which
-        implements many modern conveniences such as a Turing-complete CPS-based
-        macro language and direct access to relevant C++ type information
-        (basically offsets of fields and sizes of structs/classes).
-        
-        Code executing in LLInt appears to the rest of the JSC world "as if" it
-        were executing in the old JIT. Hence, things like exception handling and
-        cross-execution-engine calls just work and require pretty much no
-        additional overhead.
-        
-        This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
-        V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
-        V8, and Kraken, but appear to get a double-digit improvement on real-world
-        websites due to a huge reduction in the amount of JIT'ing.
-        
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/LinkBuffer.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        (MacroAssemblerCodePtr):
-        (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
-        * bytecode/BytecodeConventions.h: Added.
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::computeFromLLInt):
-        (JSC):
-        (JSC::CallLinkStatus::computeFor):
-        * bytecode/CallLinkStatus.h:
-        (JSC::CallLinkStatus::isSet):
-        (JSC::CallLinkStatus::operator!):
-        (CallLinkStatus):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        (JSC):
-        (JSC::CodeBlock::unlinkCalls):
-        (JSC::CodeBlock::unlinkIncomingCalls):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::ProgramCodeBlock::jettison):
-        (JSC::EvalCodeBlock::jettison):
-        (JSC::FunctionCodeBlock::jettison):
-        (JSC::ProgramCodeBlock::jitCompileImpl):
-        (JSC::EvalCodeBlock::jitCompileImpl):
-        (JSC::FunctionCodeBlock::jitCompileImpl):
-        * bytecode/CodeBlock.h:
-        (JSC):
-        (CodeBlock):
-        (JSC::CodeBlock::baselineVersion):
-        (JSC::CodeBlock::linkIncomingCall):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::jitCompile):
-        (JSC::CodeBlock::hasOptimizedReplacement):
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::addLLIntCallLinkInfo):
-        (JSC::CodeBlock::addGlobalResolveInfo):
-        (JSC::CodeBlock::numberOfMethodCallLinkInfos):
-        (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
-        (JSC::CodeBlock::likelyToTakeSlowCase):
-        (JSC::CodeBlock::couldTakeSlowCase):
-        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
-        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
-        (JSC::CodeBlock::likelyToTakeAnySlowCase):
-        (JSC::CodeBlock::addFrequentExitSite):
-        (JSC::CodeBlock::dontJITAnytimeSoon):
-        (JSC::CodeBlock::jitAfterWarmUp):
-        (JSC::CodeBlock::jitSoon):
-        (JSC::CodeBlock::llintExecuteCounter):
-        (ProgramCodeBlock):
-        (EvalCodeBlock):
-        (FunctionCodeBlock):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        (JSC):
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/GetByIdStatus.h:
-        (JSC::GetByIdStatus::GetByIdStatus):
-        (JSC::GetByIdStatus::wasSeenInJIT):
-        (GetByIdStatus):
-        * bytecode/Instruction.h:
-        (JSC):
-        (JSC::Instruction::Instruction):
-        (Instruction):
-        * bytecode/LLIntCallLinkInfo.h: Added.
-        (JSC):
-        (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
-        (LLIntCallLinkInfo):
-        (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
-        (JSC::LLIntCallLinkInfo::isLinked):
-        (JSC::LLIntCallLinkInfo::unlink):
-        * bytecode/MethodCallLinkStatus.cpp:
-        (JSC::MethodCallLinkStatus::computeFor):
-        * bytecode/Opcode.cpp:
-        (JSC):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFromLLInt):
-        (JSC):
-        (JSC::PutByIdStatus::computeFor):
-        * bytecode/PutByIdStatus.h:
-        (PutByIdStatus):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::emitCatch):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOperations.cpp:
-        * heap/Heap.h:
-        (JSC):
-        (JSC::Heap::firstAllocatorWithoutDestructors):
-        (Heap):
-        * heap/MarkStack.cpp:
-        (JSC::visitChildren):
-        * heap/MarkedAllocator.h:
-        (JSC):
-        (MarkedAllocator):
-        * heap/MarkedSpace.h:
-        (JSC):
-        (MarkedSpace):
-        (JSC::MarkedSpace::firstAllocator):
-        * interpreter/CallFrame.cpp:
-        (JSC):
-        (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
-        (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
-        (JSC::CallFrame::currentVPC):
-        (JSC::CallFrame::setCurrentVPC):
-        (JSC::CallFrame::trueCallerFrame):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::hasReturnPC):
-        (JSC::ExecState::clearReturnPC):
-        (ExecState):
-        (JSC::ExecState::bytecodeOffsetForNonDFGCode):
-        (JSC::ExecState::currentVPC):
-        (JSC::ExecState::setCurrentVPC):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::~Interpreter):
-        (JSC):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (Interpreter):
-        (JSC::Interpreter::getOpcode):
-        (JSC::Interpreter::getOpcodeID):
-        (JSC::Interpreter::classicEnabled):
-        * interpreter/RegisterFile.h:
-        (JSC):
-        (RegisterFile):
-        * jit/ExecutableAllocator.h:
-        (JSC):
-        * jit/HostCallReturnValue.cpp: Added.
-        (JSC):
-        (JSC::getHostCallReturnValueWithExecState):
-        * jit/HostCallReturnValue.h: Added.
-        (JSC):
-        (JSC::initializeHostCallReturnValue):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JITCode.h:
-        (JSC::JITCode::isOptimizingJIT):
-        (JITCode):
-        (JSC::JITCode::isBaselineCode):
-        (JSC::JITCode::JITCode):
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * jit/JITExceptions.cpp:
-        (JSC::jitThrow):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::updateTopCallFrame):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        (JSC):
-        * jit/JSInterfaceJIT.h:
-        * llint: Added.
-        * llint/LLIntCommon.h: Added.
-        * llint/LLIntData.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::Data::Data):
-        (JSC::LLInt::Data::performAssertions):
-        (JSC::LLInt::Data::~Data):
-        * llint/LLIntData.h: Added.
-        (JSC):
-        (LLInt):
-        (Data):
-        (JSC::LLInt::Data::exceptionInstructions):
-        (JSC::LLInt::Data::opcodeMap):
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LLIntEntrypoints.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::getFunctionEntrypoint):
-        (JSC::LLInt::getEvalEntrypoint):
-        (JSC::LLInt::getProgramEntrypoint):
-        * llint/LLIntEntrypoints.h: Added.
-        (JSC):
-        (LLInt):
-        (JSC::LLInt::getEntrypoint):
-        * llint/LLIntExceptions.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::interpreterThrowInCaller):
-        (JSC::LLInt::returnToThrowForThrownException):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntExceptions.h: Added.
-        (JSC):
-        (LLInt):
-        * llint/LLIntOfflineAsmConfig.h: Added.
-        * llint/LLIntOffsetsExtractor.cpp: Added.
-        (JSC):
-        (LLIntOffsetsExtractor):
-        (JSC::LLIntOffsetsExtractor::dummy):
-        (main):
-        * llint/LLIntSlowPaths.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::llint_trace_operand):
-        (JSC::LLInt::llint_trace_value):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::traceFunctionPrologue):
-        (JSC::LLInt::shouldJIT):
-        (JSC::LLInt::entryOSR):
-        (JSC::LLInt::resolveGlobal):
-        (JSC::LLInt::getByVal):
-        (JSC::LLInt::handleHostCall):
-        (JSC::LLInt::setUpCall):
-        (JSC::LLInt::genericCall):
-        * llint/LLIntSlowPaths.h: Added.
-        (JSC):
-        (LLInt):
-        * llint/LLIntThunks.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::generateThunkWithJumpTo):
-        (JSC::LLInt::functionForCallEntryThunkGenerator):
-        (JSC::LLInt::functionForConstructEntryThunkGenerator):
-        (JSC::LLInt::functionForCallArityCheckThunkGenerator):
-        (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
-        (JSC::LLInt::evalEntryThunkGenerator):
-        (JSC::LLInt::programEntryThunkGenerator):
-        * llint/LLIntThunks.h: Added.
-        (JSC):
-        (LLInt):
-        * llint/LowLevelInterpreter.asm: Added.
-        * llint/LowLevelInterpreter.cpp: Added.
-        * llint/LowLevelInterpreter.h: Added.
-        * offlineasm: Added.
-        * offlineasm/armv7.rb: Added.
-        * offlineasm/asm.rb: Added.
-        * offlineasm/ast.rb: Added.
-        * offlineasm/backends.rb: Added.
-        * offlineasm/generate_offset_extractor.rb: Added.
-        * offlineasm/instructions.rb: Added.
-        * offlineasm/offset_extractor_constants.rb: Added.
-        * offlineasm/offsets.rb: Added.
-        * offlineasm/opt.rb: Added.
-        * offlineasm/parser.rb: Added.
-        * offlineasm/registers.rb: Added.
-        * offlineasm/self_hash.rb: Added.
-        * offlineasm/settings.rb: Added.
-        * offlineasm/transform.rb: Added.
-        * offlineasm/x86.rb: Added.
-        * runtime/CodeSpecializationKind.h: Added.
-        (JSC):
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::arityCheckFor):
-        (CommonSlowPaths):
-        * runtime/Executable.cpp:
-        (JSC::jettisonCodeBlock):
-        (JSC):
-        (JSC::EvalExecutable::jitCompile):
-        (JSC::samplingDescription):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::jitCompile):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::baselineCodeBlockFor):
-        (JSC::FunctionExecutable::jitCompileForCall):
-        (JSC::FunctionExecutable::jitCompileForConstruct):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC):
-        (EvalExecutable):
-        (ProgramExecutable):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::jitCompileFor):
-        * runtime/ExecutionHarness.h: Added.
-        (JSC):
-        (JSC::prepareForExecution):
-        (JSC::prepareFunctionForExecution):
-        * runtime/JSArray.h:
-        (JSC):
-        (JSArray):
-        * runtime/JSCell.h:
-        (JSC):
-        (JSCell):
-        * runtime/JSFunction.h:
-        (JSC):
-        (JSFunction):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData):
-        * runtime/JSGlobalObject.h:
-        (JSC):
-        (JSGlobalObject):
-        * runtime/JSObject.h:
-        (JSC):
-        (JSObject):
-        (JSFinalObject):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC):
-        (JSPropertyNameIterator):
-        * runtime/JSString.h:
-        (JSC):
-        (JSString):
-        * runtime/JSTypeInfo.h:
-        (JSC):
-        (TypeInfo):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/JSValue.h:
-        (LLInt):
-        (JSValue):
-        * runtime/JSVariableObject.h:
-        (JSC):
-        (JSVariableObject):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-        * runtime/ScopeChain.h:
-        (JSC):
-        (ScopeChainNode):
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-        * runtime/Structure.h:
-        (JSC):
-        (Structure):
-        * runtime/StructureChain.h:
-        (JSC):
-        (StructureChain):
-        * wtf/InlineASM.h:
-        * wtf/Platform.h:
-        * wtf/SentinelLinkedList.h:
-        (SentinelLinkedList):
-        (WTF::SentinelLinkedList::isEmpty):
-        * wtf/text/StringImpl.h:
-        (JSC):
-        (StringImpl):
-
-2012-02-21  Oliver Hunt  <oliver@apple.com>
-
-        Unbreak double-typed arrays on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=79177
-
-        Reviewed by Gavin Barraclough.
-
-        The existing code had completely broken address arithmetic.
-
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::storeDouble):
-        (JSC::MacroAssemblerARMv7::storeFloat):
-
-2012-02-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Should be able to reconfigure a non-configurable property as read-only
-        https://bugs.webkit.org/show_bug.cgi?id=79170
-
-        Reviewed by Sam Weinig.
-
-        See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable,
-        but does not inhibit making a writable property read-only.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::setInDefineOwnProperty):
-        (JSGlobalData):
-        (JSC::JSGlobalData::isInDefineOwnProperty):
-            - Added flag, tracking whether we are in JSObject::defineOwnProperty.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::deleteProperty):
-        (DefineOwnPropertyScope):
-            - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing!
-        (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
-        (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
-            - Added RAII helper.
-        (JSC::JSObject::defineOwnProperty):
-            - Track on the globalData when we are in this method.
-
-2012-02-21  Oliver Hunt  <oliver@apple.com>
-
-        Make TypedArrays be available in commandline jsc
-        https://bugs.webkit.org/show_bug.cgi?id=79163
-
-        Reviewed by Gavin Barraclough.
-
-        Adds a compile time option to have jsc support a basic implementation
-        of the TypedArrays available in WebCore.  This lets us test the typed
-        array logic in the JIT witout having to build webcore.
-
-        * JSCTypedArrayStubs.h: Added.
-        (JSC):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (GlobalObject):
-        (GlobalObject::addConstructableFunction):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-
-2012-02-21  Tom Sepez  <tsepez@chromium.org>
-
-        equalIgnoringNullity() only comparing half the bytes for equality
-        https://bugs.webkit.org/show_bug.cgi?id=79135
-
-        Reviewed by Adam Barth.
-
-        * wtf/text/StringImpl.h:
-        (WTF::equalIgnoringNullity):
-
-2012-02-21  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
-
-        Unnecessary preprocessor macros in MainThread.h/cpp
-        https://bugs.webkit.org/show_bug.cgi?id=79083
-
-        Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro.
-
-        * wtf/MainThread.cpp:
-        (WTF):
-        * wtf/MainThread.h:
-        (WTF):
-
-2012-02-21  Sam Weinig  <sam@webkit.org>
-
-        Attempt to fix the Snow Leopard build.
-
-        * Configurations/Base.xcconfig:
-
-2012-02-21  Sam Weinig  <sam@webkit.org>
-
-        Use libc++ when building with Clang on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=78981
-
-        Reviewed by Dan Bernstein.
-
-        * Configurations/Base.xcconfig:
-
-2012-02-21  Adam Roben  <aroben@apple.com>
-
-        Roll out r108309, r108323, and r108326
-
-        They broke the 32-bit Lion build.
-
-        Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
-
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/LinkBuffer.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        * bytecode/BytecodeConventions.h: Removed.
-        * bytecode/CallLinkStatus.cpp:
-        * bytecode/CallLinkStatus.h:
-        * bytecode/CodeBlock.cpp:
-        * bytecode/CodeBlock.h:
-        * bytecode/GetByIdStatus.cpp:
-        * bytecode/GetByIdStatus.h:
-        * bytecode/Instruction.h:
-        * bytecode/LLIntCallLinkInfo.h: Removed.
-        * bytecode/MethodCallLinkStatus.cpp:
-        * bytecode/Opcode.cpp:
-        * bytecode/Opcode.h:
-        * bytecode/PutByIdStatus.cpp:
-        * bytecode/PutByIdStatus.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        * dfg/DFGByteCodeParser.cpp:
-        * dfg/DFGCapabilities.h:
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOperations.cpp:
-        * heap/Heap.h:
-        * heap/MarkStack.cpp:
-        * heap/MarkedAllocator.h:
-        * heap/MarkedSpace.h:
-        * interpreter/CallFrame.cpp:
-        * interpreter/CallFrame.h:
-        * interpreter/Interpreter.cpp:
-        * interpreter/Interpreter.h:
-        * interpreter/RegisterFile.h:
-        * jit/ExecutableAllocator.h:
-        * jit/HostCallReturnValue.cpp: Removed.
-        * jit/HostCallReturnValue.h: Removed.
-        * jit/JIT.cpp:
-        * jit/JITCode.h:
-        * jit/JITDriver.h:
-        * jit/JITExceptions.cpp:
-        * jit/JITInlineMethods.h:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * jit/JSInterfaceJIT.h:
-        * llint/LLIntCommon.h: Removed.
-        * llint/LLIntData.cpp: Removed.
-        * llint/LLIntData.h: Removed.
-        * llint/LLIntEntrypoints.cpp: Removed.
-        * llint/LLIntEntrypoints.h: Removed.
-        * llint/LLIntExceptions.cpp: Removed.
-        * llint/LLIntExceptions.h: Removed.
-        * llint/LLIntOfflineAsmConfig.h: Removed.
-        * llint/LLIntOffsetsExtractor.cpp: Removed.
-        * llint/LLIntSlowPaths.cpp: Removed.
-        * llint/LLIntSlowPaths.h: Removed.
-        * llint/LLIntThunks.cpp: Removed.
-        * llint/LLIntThunks.h: Removed.
-        * llint/LowLevelInterpreter.asm: Removed.
-        * llint/LowLevelInterpreter.cpp: Removed.
-        * llint/LowLevelInterpreter.h: Removed.
-        * offlineasm/armv7.rb: Removed.
-        * offlineasm/asm.rb: Removed.
-        * offlineasm/ast.rb: Removed.
-        * offlineasm/backends.rb: Removed.
-        * offlineasm/generate_offset_extractor.rb: Removed.
-        * offlineasm/instructions.rb: Removed.
-        * offlineasm/offset_extractor_constants.rb: Removed.
-        * offlineasm/offsets.rb: Removed.
-        * offlineasm/opt.rb: Removed.
-        * offlineasm/parser.rb: Removed.
-        * offlineasm/registers.rb: Removed.
-        * offlineasm/self_hash.rb: Removed.
-        * offlineasm/settings.rb: Removed.
-        * offlineasm/transform.rb: Removed.
-        * offlineasm/x86.rb: Removed.
-        * runtime/CodeSpecializationKind.h: Removed.
-        * runtime/CommonSlowPaths.h:
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-        * runtime/ExecutionHarness.h: Removed.
-        * runtime/JSArray.h:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSString.h:
-        * runtime/JSTypeInfo.h:
-        * runtime/JSValue.cpp:
-        * runtime/JSValue.h:
-        * runtime/JSVariableObject.h:
-        * runtime/Options.cpp:
-        * runtime/Options.h:
-        * runtime/ScopeChain.h:
-        * runtime/Structure.cpp:
-        * runtime/Structure.h:
-        * runtime/StructureChain.h:
-        * wtf/InlineASM.h:
-        * wtf/Platform.h:
-        * wtf/SentinelLinkedList.h:
-        * wtf/text/StringImpl.h:
-
-2012-02-21  Gustavo Noronha Silva  <kov@debian.org> and Bob Tracy  <rct@frus.com>
-
-        Does not build on IA64, SPARC and Alpha
-        https://bugs.webkit.org/show_bug.cgi?id=79047
-
-        Rubber-stamped by Kent Tamura.
-
-        * wtf/dtoa/utils.h: these architectures also have correct double
-        operations, so add them to the appropriate side of the check.
-
-2012-02-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build.
-        https://bugs.webkit.org/show_bug.cgi?id=75812
-
-        Reviewed by Csaba Osztrogonác.
-
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        * jit/HostCallReturnValue.h:
-        (JSC::initializeHostCallReturnValue):
-
-2012-02-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Attempted build fix for ELF platforms.
-
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        (JSC::getHostCallReturnValueWithExecState):
-        * jit/HostCallReturnValue.cpp:
-        (JSC):
-        * jit/HostCallReturnValue.h:
-        (JSC::initializeHostCallReturnValue):
-
-2012-02-20  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should be a triple-tier VM
-        https://bugs.webkit.org/show_bug.cgi?id=75812
-        <rdar://problem/10079694>
-
-        Reviewed by Gavin Barraclough.
-        
-        Implemented an interpreter that uses the JIT's calling convention. This
-        interpreter is called LLInt, or the Low Level Interpreter. JSC will now
-        will start by executing code in LLInt and will only tier up to the old
-        JIT after the code is proven hot.
-        
-        LLInt is written in a modified form of our macro assembly. This new macro
-        assembly is compiled by an offline assembler (see offlineasm), which
-        implements many modern conveniences such as a Turing-complete CPS-based
-        macro language and direct access to relevant C++ type information
-        (basically offsets of fields and sizes of structs/classes).
-        
-        Code executing in LLInt appears to the rest of the JSC world "as if" it
-        were executing in the old JIT. Hence, things like exception handling and
-        cross-execution-engine calls just work and require pretty much no
-        additional overhead.
-        
-        This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
-        V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
-        V8, and Kraken, but appear to get a double-digit improvement on real-world
-        websites due to a huge reduction in the amount of JIT'ing.
-        
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/LinkBuffer.h:
-        * assembler/MacroAssemblerCodeRef.h:
-        (MacroAssemblerCodePtr):
-        (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
-        * bytecode/BytecodeConventions.h: Added.
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::computeFromLLInt):
-        (JSC):
-        (JSC::CallLinkStatus::computeFor):
-        * bytecode/CallLinkStatus.h:
-        (JSC::CallLinkStatus::isSet):
-        (JSC::CallLinkStatus::operator!):
-        (CallLinkStatus):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        (JSC):
-        (JSC::CodeBlock::unlinkCalls):
-        (JSC::CodeBlock::unlinkIncomingCalls):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::ProgramCodeBlock::jettison):
-        (JSC::EvalCodeBlock::jettison):
-        (JSC::FunctionCodeBlock::jettison):
-        (JSC::ProgramCodeBlock::jitCompileImpl):
-        (JSC::EvalCodeBlock::jitCompileImpl):
-        (JSC::FunctionCodeBlock::jitCompileImpl):
-        * bytecode/CodeBlock.h:
-        (JSC):
-        (CodeBlock):
-        (JSC::CodeBlock::baselineVersion):
-        (JSC::CodeBlock::linkIncomingCall):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::jitCompile):
-        (JSC::CodeBlock::hasOptimizedReplacement):
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::addLLIntCallLinkInfo):
-        (JSC::CodeBlock::addGlobalResolveInfo):
-        (JSC::CodeBlock::numberOfMethodCallLinkInfos):
-        (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
-        (JSC::CodeBlock::likelyToTakeSlowCase):
-        (JSC::CodeBlock::couldTakeSlowCase):
-        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
-        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
-        (JSC::CodeBlock::likelyToTakeAnySlowCase):
-        (JSC::CodeBlock::addFrequentExitSite):
-        (JSC::CodeBlock::dontJITAnytimeSoon):
-        (JSC::CodeBlock::jitAfterWarmUp):
-        (JSC::CodeBlock::jitSoon):
-        (JSC::CodeBlock::llintExecuteCounter):
-        (ProgramCodeBlock):
-        (EvalCodeBlock):
-        (FunctionCodeBlock):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        (JSC):
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/GetByIdStatus.h:
-        (JSC::GetByIdStatus::GetByIdStatus):
-        (JSC::GetByIdStatus::wasSeenInJIT):
-        (GetByIdStatus):
-        * bytecode/Instruction.h:
-        (JSC):
-        (JSC::Instruction::Instruction):
-        (Instruction):
-        * bytecode/LLIntCallLinkInfo.h: Added.
-        (JSC):
-        (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
-        (LLIntCallLinkInfo):
-        (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
-        (JSC::LLIntCallLinkInfo::isLinked):
-        (JSC::LLIntCallLinkInfo::unlink):
-        * bytecode/MethodCallLinkStatus.cpp:
-        (JSC::MethodCallLinkStatus::computeFor):
-        * bytecode/Opcode.cpp:
-        (JSC):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFromLLInt):
-        (JSC):
-        (JSC::PutByIdStatus::computeFor):
-        * bytecode/PutByIdStatus.h:
-        (PutByIdStatus):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::emitCatch):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOperations.cpp:
-        * heap/Heap.h:
-        (JSC):
-        (JSC::Heap::firstAllocatorWithoutDestructors):
-        (Heap):
-        * heap/MarkStack.cpp:
-        (JSC::visitChildren):
-        * heap/MarkedAllocator.h:
-        (JSC):
-        (MarkedAllocator):
-        * heap/MarkedSpace.h:
-        (JSC):
-        (MarkedSpace):
-        (JSC::MarkedSpace::firstAllocator):
-        * interpreter/CallFrame.cpp:
-        (JSC):
-        (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
-        (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
-        (JSC::CallFrame::currentVPC):
-        (JSC::CallFrame::setCurrentVPC):
-        (JSC::CallFrame::trueCallerFrame):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::hasReturnPC):
-        (JSC::ExecState::clearReturnPC):
-        (ExecState):
-        (JSC::ExecState::bytecodeOffsetForNonDFGCode):
-        (JSC::ExecState::currentVPC):
-        (JSC::ExecState::setCurrentVPC):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::~Interpreter):
-        (JSC):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (Interpreter):
-        (JSC::Interpreter::getOpcode):
-        (JSC::Interpreter::getOpcodeID):
-        (JSC::Interpreter::classicEnabled):
-        * interpreter/RegisterFile.h:
-        (JSC):
-        (RegisterFile):
-        * jit/ExecutableAllocator.h:
-        (JSC):
-        * jit/HostCallReturnValue.cpp: Added.
-        (JSC):
-        (JSC::getHostCallReturnValueWithExecState):
-        * jit/HostCallReturnValue.h: Added.
-        (JSC):
-        (JSC::initializeHostCallReturnValue):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JITCode.h:
-        (JSC::JITCode::isOptimizingJIT):
-        (JITCode):
-        (JSC::JITCode::isBaselineCode):
-        (JSC::JITCode::JITCode):
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * jit/JITExceptions.cpp:
-        (JSC::jitThrow):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::updateTopCallFrame):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        (JSC):
-        * jit/JSInterfaceJIT.h:
-        * llint: Added.
-        * llint/LLIntCommon.h: Added.
-        * llint/LLIntData.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::Data::Data):
-        (JSC::LLInt::Data::performAssertions):
-        (JSC::LLInt::Data::~Data):
-        * llint/LLIntData.h: Added.
-        (JSC):
-        (LLInt):
-        (Data):
-        (JSC::LLInt::Data::exceptionInstructions):
-        (JSC::LLInt::Data::opcodeMap):
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LLIntEntrypoints.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::getFunctionEntrypoint):
-        (JSC::LLInt::getEvalEntrypoint):
-        (JSC::LLInt::getProgramEntrypoint):
-        * llint/LLIntEntrypoints.h: Added.
-        (JSC):
-        (LLInt):
-        (JSC::LLInt::getEntrypoint):
-        * llint/LLIntExceptions.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::interpreterThrowInCaller):
-        (JSC::LLInt::returnToThrowForThrownException):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntExceptions.h: Added.
-        (JSC):
-        (LLInt):
-        * llint/LLIntOfflineAsmConfig.h: Added.
-        * llint/LLIntOffsetsExtractor.cpp: Added.
-        (JSC):
-        (LLIntOffsetsExtractor):
-        (JSC::LLIntOffsetsExtractor::dummy):
-        (main):
-        * llint/LLIntSlowPaths.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::llint_trace_operand):
-        (JSC::LLInt::llint_trace_value):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::traceFunctionPrologue):
-        (JSC::LLInt::shouldJIT):
-        (JSC::LLInt::entryOSR):
-        (JSC::LLInt::resolveGlobal):
-        (JSC::LLInt::getByVal):
-        (JSC::LLInt::handleHostCall):
-        (JSC::LLInt::setUpCall):
-        (JSC::LLInt::genericCall):
-        * llint/LLIntSlowPaths.h: Added.
-        (JSC):
-        (LLInt):
-        * llint/LLIntThunks.cpp: Added.
-        (LLInt):
-        (JSC::LLInt::generateThunkWithJumpTo):
-        (JSC::LLInt::functionForCallEntryThunkGenerator):
-        (JSC::LLInt::functionForConstructEntryThunkGenerator):
-        (JSC::LLInt::functionForCallArityCheckThunkGenerator):
-        (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
-        (JSC::LLInt::evalEntryThunkGenerator):
-        (JSC::LLInt::programEntryThunkGenerator):
-        * llint/LLIntThunks.h: Added.
-        (JSC):
-        (LLInt):
-        * llint/LowLevelInterpreter.asm: Added.
-        * llint/LowLevelInterpreter.cpp: Added.
-        * llint/LowLevelInterpreter.h: Added.
-        * offlineasm: Added.
-        * offlineasm/armv7.rb: Added.
-        * offlineasm/asm.rb: Added.
-        * offlineasm/ast.rb: Added.
-        * offlineasm/backends.rb: Added.
-        * offlineasm/generate_offset_extractor.rb: Added.
-        * offlineasm/instructions.rb: Added.
-        * offlineasm/offset_extractor_constants.rb: Added.
-        * offlineasm/offsets.rb: Added.
-        * offlineasm/opt.rb: Added.
-        * offlineasm/parser.rb: Added.
-        * offlineasm/registers.rb: Added.
-        * offlineasm/self_hash.rb: Added.
-        * offlineasm/settings.rb: Added.
-        * offlineasm/transform.rb: Added.
-        * offlineasm/x86.rb: Added.
-        * runtime/CodeSpecializationKind.h: Added.
-        (JSC):
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::arityCheckFor):
-        (CommonSlowPaths):
-        * runtime/Executable.cpp:
-        (JSC::jettisonCodeBlock):
-        (JSC):
-        (JSC::EvalExecutable::jitCompile):
-        (JSC::samplingDescription):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::jitCompile):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::baselineCodeBlockFor):
-        (JSC::FunctionExecutable::jitCompileForCall):
-        (JSC::FunctionExecutable::jitCompileForConstruct):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC):
-        (EvalExecutable):
-        (ProgramExecutable):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::jitCompileFor):
-        * runtime/ExecutionHarness.h: Added.
-        (JSC):
-        (JSC::prepareForExecution):
-        (JSC::prepareFunctionForExecution):
-        * runtime/JSArray.h:
-        (JSC):
-        (JSArray):
-        * runtime/JSCell.h:
-        (JSC):
-        (JSCell):
-        * runtime/JSFunction.h:
-        (JSC):
-        (JSFunction):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData):
-        * runtime/JSGlobalObject.h:
-        (JSC):
-        (JSGlobalObject):
-        * runtime/JSObject.h:
-        (JSC):
-        (JSObject):
-        (JSFinalObject):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC):
-        (JSPropertyNameIterator):
-        * runtime/JSString.h:
-        (JSC):
-        (JSString):
-        * runtime/JSTypeInfo.h:
-        (JSC):
-        (TypeInfo):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/JSValue.h:
-        (LLInt):
-        (JSValue):
-        * runtime/JSVariableObject.h:
-        (JSC):
-        (JSVariableObject):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-        * runtime/ScopeChain.h:
-        (JSC):
-        (ScopeChainNode):
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-        * runtime/Structure.h:
-        (JSC):
-        (Structure):
-        * runtime/StructureChain.h:
-        (JSC):
-        (StructureChain):
-        * wtf/InlineASM.h:
-        * wtf/Platform.h:
-        * wtf/SentinelLinkedList.h:
-        (SentinelLinkedList):
-        (WTF::SentinelLinkedList::isEmpty):
-        * wtf/text/StringImpl.h:
-        (JSC):
-        (StringImpl):
-
-2012-02-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, rolling out http://trac.webkit.org/changeset/108291
-        It completely broke the 32-bit JIT.
-
-        * heap/CopiedAllocator.h:
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/Heap.h:
-        (JSC::Heap::allocatorForObjectWithDestructor):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        * runtime/JSArray.cpp:
-        (JSC::storageSize):
-        (JSC):
-        * runtime/JSArray.h:
-        (ArrayStorage):
-        (JSArray):
-
-2012-02-20  Gavin Barraclough  <barraclough@apple.com>
-
-        [[Put]] should throw if prototype chain contains a readonly property.
-        https://bugs.webkit.org/show_bug.cgi?id=79069
-
-        Reviewed by Oliver Hunt.
-
-        Currently we only check the base of the put, not the prototype chain.
-        Fold this check in with the test for accessors.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-            - Updated to test all objects in the propotype chain for readonly properties.
-        (JSC::JSObject::putDirectAccessor):
-        (JSC::putDescriptor):
-            - Record the presence of readonly properties on the structure.
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-            - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
-        * runtime/Structure.h:
-        (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
-        (JSC::Structure::setHasGetterSetterProperties):
-            - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
-        (JSC::Structure::setContainsReadOnlyProperties):
-            - Added.
-
-2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Implement fast path for op_new_array in the baseline JIT
-        https://bugs.webkit.org/show_bug.cgi?id=78612
-
-        Reviewed by Filip Pizlo.
-
-        * heap/CopiedAllocator.h:
-        (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
-        * heap/CopiedSpace.h:
-        (CopiedSpace): Friended the JIT to allow access to 
-        (JSC::CopiedSpace::allocator):
-        * heap/Heap.h:
-        (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
-        can use it for simple allocation i.e. when we can just bump the offset without having to 
-        do anything else.
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
-        we have to bail out because the fast allocation path fails for whatever reason.
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
-        allocate generic backing stores. This function is used by emitAllocateJSArray.
-        (JSC):
-        (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
-        more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
-        it will also be used for emit_op_new_array_buffer.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
-        a stub call for oversize arrays.
-        (JSC):
-        (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on 
-        the fast path.
-        * runtime/JSArray.cpp:
-        (JSC):
-        * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
-        initialize in the JIT.
-        (ArrayStorage):
-        (JSC::ArrayStorage::lengthOffset):
-        (JSC::ArrayStorage::numValuesInVectorOffset):
-        (JSC::ArrayStorage::allocBaseOffset):
-        (JSC::ArrayStorage::vectorOffset):
-        (JSArray):
-        (JSC::JSArray::sparseValueMapOffset):
-        (JSC::JSArray::subclassDataOffset):
-        (JSC::JSArray::indexBiasOffset):
-        (JSC):
-        (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
-        to being a static function in the JSArray class. This move allows the JIT to call it to 
-        see what size it should allocate.
-
-2012-02-20  Gavin Barraclough  <barraclough@apple.com>
-
-        DefineOwnProperty fails with numeric properties & Object.prototype
-        https://bugs.webkit.org/show_bug.cgi?id=79059
-
-        Reviewed by Oliver Hunt.
-
-        ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names),
-        calls to defineOwnProperty need to update this cache.
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::put):
-        (JSC::ObjectPrototype::defineOwnProperty):
-        (JSC):
-        (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
-        * runtime/ObjectPrototype.h:
-        (ObjectPrototype):
-
-2012-02-20  Pino Toscano  <pino@debian.org>
-
-        Does not build on GNU Hurd
-        https://bugs.webkit.org/show_bug.cgi?id=79045
-
-        Reviewed by Gustavo Noronha Silva.
-
-        * wtf/Platform.h: define WTF_OS_HURD.
-        * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix
-        for the lack of PTHREAD_KEYS_MAX definition, with a value which
-        should not cause issues.
-
-2012-02-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Undoing accidental changes
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage):
-
-2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Factor out allocation in CopySpace into a separate CopyAllocator
-        https://bugs.webkit.org/show_bug.cgi?id=78610
-
-        Reviewed by Oliver Hunt.
-
-        Added a new CopyAllocator class, which allows us to do allocations without 
-        having to load the current offset and store the current offset in the current 
-        block. This change will allow us to easily do inline assembly in the JIT for 
-        array allocations.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/CopiedAllocator.h: Added.
-        (JSC):
-        (CopiedAllocator):
-        (JSC::CopiedAllocator::currentBlock):
-        (JSC::CopiedAllocator::CopiedAllocator):
-        (JSC::CopiedAllocator::allocate):
-        (JSC::CopiedAllocator::fitsInCurrentBlock):
-        (JSC::CopiedAllocator::wasLastAllocation):
-        (JSC::CopiedAllocator::startedCopying):
-        (JSC::CopiedAllocator::resetCurrentBlock):
-        (JSC::CopiedAllocator::currentUtilization):
-        (JSC::CopiedAllocator::resetLastAllocation):
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-        * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we 
-        weren't really getting any benefits from having such big functions in a header file.
-        (JSC::CopiedSpace::CopiedSpace):
-        (JSC):
-        (JSC::CopiedSpace::init):
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::tryReallocate):
-        (JSC::CopiedSpace::tryReallocateOversize):
-        (JSC::CopiedSpace::doneFillingBlock):
-        (JSC::CopiedSpace::doneCopying):
-        (JSC::CopiedSpace::getFreshBlock):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC):
-        (JSC::CopiedSpace::startedCopying):
-        (JSC::CopiedSpace::addNewBlock):
-        (JSC::CopiedSpace::allocateNewBlock):
-        (JSC::CopiedSpace::fitsInBlock):
-        (JSC::CopiedSpace::tryAllocate):
-        (JSC::CopiedSpace::allocateFromBlock):
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage):
-        * heap/HeapBlock.h:
-        (HeapBlock):
-
-2012-02-20  Patrick Gansterer  <paroga@webkit.org>
-
-        Fix Visual Studio 2010 build.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-
-2012-02-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Move special __proto__ property to Object.prototype
-        https://bugs.webkit.org/show_bug.cgi?id=78409
-
-        Reviewed by Oliver Hunt.
-
-        Re-implement this as a regular accessor property.  This has three key benefits:
-        1) It makes it possible for objects to be given properties named __proto__.
-        2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
-        3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
-
-        * parser/Parser.cpp:
-        (JSC::::parseFunctionInfo):
-            - No need to prohibit functions named __proto__.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-            - Add __proto__ accessor to Object.prototype.
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncProtoGetter):
-        (JSC::globalFuncProtoSetter):
-            - Definition of the __proto__ accessor functions.
-        * runtime/JSGlobalObjectFunctions.h:
-            - Declaration of the __proto__ accessor functions.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-            - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
-        (JSC::JSObject::putDirectAccessor):
-            - Track on the structure whether an object contains accessors other than one for __proto__.
-        (JSC::JSObject::defineOwnProperty):
-            - No need to prohibit definition of own properties named __proto__.
-        * runtime/JSObject.h:
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-            - Remove the special handling for __proto__.
-        (JSC::JSValue::get):
-            - Remove the special handling for __proto__.
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot):
-            - Remove the special handling for __proto__.
-        * runtime/JSValue.h:
-        (JSValue):
-            - Made synthesizePrototype public (this may be needed by the __proto__ getter).
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetPrototypeOf):
-            - Perform the security check & call prototype() directly.
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
-        * runtime/Structure.h:
-        (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
-        (JSC::Structure::setHasGetterSetterProperties):
-        (Structure):
-            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
-
-2012-02-20  Michael Saboff  <msaboff@apple.com>
-
-        Update toLower and toUpper tests for Unicode 6.1 changes
-        https://bugs.webkit.org/show_bug.cgi?id=78923
-
-        Reviewed by Oliver Hunt.
-
-        * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test
-        to handle a third set of results for updated Unicode 6.1
-        changes.
-        (getTestCases):
-        (TestCaseMultiExpected):
-        (writeTestCaseResultMultiExpected):
-        (getTestCaseResultMultiExpected):
-        (test):
-        (GetUnicodeValues):
-        (DecimalToHexString):
-
-2012-02-20  Andy Wingo  <wingo@igalia.com>
-
-        Remove unused features from CodeFeatures
-        https://bugs.webkit.org/show_bug.cgi?id=78804
-
-        Reviewed by Gavin Barraclough.
-
-        * parser/Nodes.h:
-        * parser/ASTBuilder.h:
-        (JSC::ClosureFeature):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::usesClosures):
-        Remove "ClosureFeature".  Since we track captured variables more
-        precisely, this bit doesn't do us any good.
-
-        (JSC::AssignFeature):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        (JSC::ASTBuilder::usesAssignment):
-        Similarly, remove AssignFeature.  It is unused.
-
-2012-02-19  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck issues.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2012-02-18  Sam Weinig  <sam@webkit.org>
-
-        Fix style issues in DFG Phase classes
-        https://bugs.webkit.org/show_bug.cgi?id=78983
-
-        Reviewed by Ryosuke Niwa.
-
-        * dfg/DFGArithNodeFlagsInferencePhase.cpp:
-        * dfg/DFGCFAPhase.cpp:
-        * dfg/DFGCSEPhase.cpp:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        Add a space before the colon in class declarations.
-
-2012-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Attempt to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-18  Sam Weinig  <sam@webkit.org>
-
-        Fix the libc++ build.
-
-        Reviewed by Anders Carlsson.
-
-        * heap/Weak.h:
-        Libc++'s nullptr emulation does not allow default construction
-        of the nullptr_t type. Work around this with the arguably clearer
-        just returning nullptr.
-
-2012-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGPropagator.cpp has too many things
-        https://bugs.webkit.org/show_bug.cgi?id=78956
-
-        Reviewed by Oliver Hunt.
-        
-        Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
-        various things and put them into separate files. These new phases follow
-        the naming convention "DFG<name>Phase" where <name> is a noun. They are
-        called via functions of the form "perform<name>".
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
-        (DFG):
-        (JSC::DFG::performArithNodeFlagsInference):
-        * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
-        (DFG):
-        * dfg/DFGCFAPhase.cpp: Added.
-        (DFG):
-        (JSC::DFG::performCFA):
-        * dfg/DFGCFAPhase.h: Added.
-        (DFG):
-        * dfg/DFGCSEPhase.cpp: Added.
-        (DFG):
-        (JSC::DFG::performCSE):
-        * dfg/DFGCSEPhase.h: Added.
-        (DFG):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGPhase.cpp: Added.
-        (DFG):
-        (JSC::DFG::Phase::beginPhase):
-        (JSC::DFG::Phase::endPhase):
-        * dfg/DFGPhase.h: Added.
-        (DFG):
-        (Phase):
-        (JSC::DFG::Phase::Phase):
-        (JSC::DFG::Phase::~Phase):
-        (JSC::DFG::Phase::globalData):
-        (JSC::DFG::Phase::codeBlock):
-        (JSC::DFG::Phase::profiledBlock):
-        (JSC::DFG::Phase::beginPhase):
-        (JSC::DFG::Phase::endPhase):
-        (JSC::DFG::runPhase):
-        * dfg/DFGPredictionPropagationPhase.cpp: Added.
-        (DFG):
-        (JSC::DFG::performPredictionPropagation):
-        * dfg/DFGPredictionPropagationPhase.h: Added.
-        (DFG):
-        * dfg/DFGPropagator.cpp: Removed.
-        * dfg/DFGPropagator.h: Removed.
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
-        (DFG):
-        (JSC::DFG::performVirtualRegisterAllocation):
-        * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
-        (DFG):
-
-2012-02-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and
-        the CodeBlock that was used for profiling
-        https://bugs.webkit.org/show_bug.cgi?id=78954
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/CodeBlock.h:
-        (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
-        (JSC):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::AbstractState):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractState.h:
-        * dfg/DFGAssemblyHelpers.h:
-        (AssemblyHelpers):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::parse):
-        * dfg/DFGByteCodeParser.h:
-        (DFG):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::Graph):
-        (Graph):
-        (JSC::DFG::Graph::getJSConstantPrediction):
-        (JSC::DFG::Graph::addShouldSpeculateInteger):
-        (JSC::DFG::Graph::isInt32Constant):
-        (JSC::DFG::Graph::isDoubleConstant):
-        (JSC::DFG::Graph::isNumberConstant):
-        (JSC::DFG::Graph::isBooleanConstant):
-        (JSC::DFG::Graph::isFunctionConstant):
-        (JSC::DFG::Graph::valueOfJSConstant):
-        (JSC::DFG::Graph::valueOfInt32Constant):
-        (JSC::DFG::Graph::valueOfNumberConstant):
-        (JSC::DFG::Graph::valueOfBooleanConstant):
-        (JSC::DFG::Graph::valueOfFunctionConstant):
-        (JSC::DFG::Graph::baselineCodeBlockFor):
-        (JSC::DFG::Graph::valueProfileFor):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::JITCompiler):
-        (JITCompiler):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::Propagator):
-        (JSC::DFG::Propagator::isNotNegZero):
-        (JSC::DFG::Propagator::isNotZero):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
-        (JSC::DFG::Propagator::globalCFA):
-        (JSC::DFG::propagate):
-        * dfg/DFGPropagator.h:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isConstant):
-        (JSC::DFG::SpeculativeJIT::isJSConstant):
-        (JSC::DFG::SpeculativeJIT::isInt32Constant):
-        (JSC::DFG::SpeculativeJIT::isDoubleConstant):
-        (JSC::DFG::SpeculativeJIT::isNumberConstant):
-        (JSC::DFG::SpeculativeJIT::isBooleanConstant):
-        (JSC::DFG::SpeculativeJIT::isFunctionConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
-        (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-
-2012-02-17  Ahmad Sharif  <asharif.tools@gmail.com>
-
-        There is a warning in memset in glibc that gets triggered through a
-        warndecl when the fill-value of memset is a non-zero constant and the
-        size is zero. This warning is enabled when building with
-        -D_FORTIFY_SOURCE=2. This patch fixes the warning.
-
-        https://bugs.webkit.org/show_bug.cgi?id=78513
-
-        Reviewed by Alexey Proskuryakov
-
-        * wtf/Vector.h:
-
-2012-02-17  Kalev Lember  <kalevlember@gmail.com>
-
-        Remove unused parameters from WTF threading API
-        https://bugs.webkit.org/show_bug.cgi?id=78389
-
-        Reviewed by Adam Roben.
-
-        waitForThreadCompletion() had an out param 'void **result' to get the
-        'void *' returned by ThreadFunction. However, the implementation in
-        ThreadingWin.cpp ignored the out param, not filling it in. This had
-        led to a situation where none of the client code made use of the param
-        and just ignored it.
-
-        To clean this up, the patch changes the signature of ThreadFunction to
-        return void instead of void* and drops the the unused 'void **result'
-        parameter from waitForThreadCompletion. Also, all client code is
-        updated for the API change.
-
-        As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even
-        though the change only affects internal API, Safari is using it
-        directly and we'll need to keep the old versions around for ABI
-        compatibility. For this, the patch adds compatibility wrappers with
-        the old ABI.
-
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingThread::threadStartFunc):
-        (JSC::SamplingThread::stop):
-        * bytecode/SamplingTool.h:
-        (SamplingThread):
-        * heap/Heap.cpp:
-        (JSC::Heap::~Heap):
-        (JSC::Heap::blockFreeingThreadStartFunc):
-        * heap/Heap.h:
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
-        (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
-        * heap/MarkStack.h:
-        (MarkStackThreadSharedData):
-        * wtf/ParallelJobsGeneric.cpp:
-        (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
-        * wtf/ParallelJobsGeneric.h:
-        (ThreadPrivate):
-        * wtf/ThreadFunctionInvocation.h: Update the signature of
-        ThreadFunction.
-        (WTF):
-        * wtf/Threading.cpp:
-        (WTF::threadEntryPoint): Update for ThreadFunction signature change.
-        (WTF):
-        (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation):
-        ABI compatibility function for Safari.
-        (ThreadFunctionWithReturnValueInvocation): Ditto.
-        (WTF::compatEntryPoint): Ditto.
-        (WTF::createThread): Ditto.
-        (WTF::waitForThreadCompletion): Ditto.
-        * wtf/Threading.h: Update the signature of ThreadFunction and
-        waitForThreadCompletion.
-        (WTF):
-        * wtf/ThreadingPthreads.cpp: Implement the new API.
-        (WTF::wtfThreadEntryPoint):
-        (WTF):
-        (WTF::createThreadInternal):
-        (WTF::waitForThreadCompletion):
-        * wtf/ThreadingWin.cpp: Implement the new API.
-        (WTF::wtfThreadEntryPoint):
-        (WTF::waitForThreadCompletion):
-
-2012-02-16  Oliver Hunt  <oliver@apple.com>
-
-        Implement Error.stack
-        https://bugs.webkit.org/show_bug.cgi?id=66994
-
-        Reviewed by Gavin Barraclough.
-
-        Implement support for stack traces on exception objects.  This is a rewrite
-        of the core portion of the last stack walking logic, but the mechanical work
-        of adding the information to an exception comes from the original work by
-        Juan Carlos Montemayor Elosua.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-        (JSC):
-        (JSC::getSourceURLFromCallFrame):
-        (JSC::getStackFrameCodeType):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (StackFrame):
-        (JSC::StackFrame::toString):
-        (Interpreter):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (functionJSCStack):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::setInferredName):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/Error.h:
-        (JSC):
-
-2012-02-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename Bump* to Copy*
-        https://bugs.webkit.org/show_bug.cgi?id=78573
-
-        Reviewed by Geoffrey Garen.
-
-        Renamed anything with "Bump" in the name to have "Copied" instead.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/BumpBlock.h: Removed.
-        * heap/BumpSpace.cpp: Removed.
-        * heap/BumpSpace.h: Removed.
-        * heap/BumpSpaceInlineMethods.h: Removed.
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::ConservativeRoots):
-        (JSC::ConservativeRoots::genericAddPointer):
-        * heap/ConservativeRoots.h:
-        (ConservativeRoots):
-        * heap/CopiedBlock.h: Added.
-        (JSC):
-        (CopiedBlock):
-        (JSC::CopiedBlock::CopiedBlock):
-        * heap/CopiedSpace.cpp: Added.
-        (JSC):
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        * heap/CopiedSpace.h: Added.
-        (JSC):
-        (CopiedSpace):
-        (JSC::CopiedSpace::isInCopyPhase):
-        (JSC::CopiedSpace::totalMemoryAllocated):
-        (JSC::CopiedSpace::totalMemoryUtilized):
-        * heap/CopiedSpaceInlineMethods.h: Added.
-        (JSC):
-        (JSC::CopiedSpace::CopiedSpace):
-        (JSC::CopiedSpace::init):
-        (JSC::CopiedSpace::contains):
-        (JSC::CopiedSpace::pin):
-        (JSC::CopiedSpace::startedCopying):
-        (JSC::CopiedSpace::doneCopying):
-        (JSC::CopiedSpace::doneFillingBlock):
-        (JSC::CopiedSpace::recycleBlock):
-        (JSC::CopiedSpace::getFreshBlock):
-        (JSC::CopiedSpace::borrowBlock):
-        (JSC::CopiedSpace::addNewBlock):
-        (JSC::CopiedSpace::allocateNewBlock):
-        (JSC::CopiedSpace::fitsInBlock):
-        (JSC::CopiedSpace::fitsInCurrentBlock):
-        (JSC::CopiedSpace::tryAllocate):
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::allocateFromBlock):
-        (JSC::CopiedSpace::tryReallocate):
-        (JSC::CopiedSpace::tryReallocateOversize):
-        (JSC::CopiedSpace::isOversize):
-        (JSC::CopiedSpace::isPinned):
-        (JSC::CopiedSpace::oversizeBlockFor):
-        (JSC::CopiedSpace::blockFor):
-        * heap/Heap.cpp:
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::SlotVisitor::drainFromShared):
-        (JSC::SlotVisitor::startCopying):
-        (JSC::SlotVisitor::allocateNewSpace):
-        (JSC::SlotVisitor::doneCopying):
-        * heap/MarkStack.h:
-        (MarkStackThreadSharedData):
-        * heap/SlotVisitor.h:
-        (SlotVisitor):
-        * runtime/JSArray.cpp:
-        * runtime/JSObject.cpp:
-
-2012-02-16  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Add JSC code profiling support on Linux x86
-        https://bugs.webkit.org/show_bug.cgi?id=78871
-
-        Reviewed by Gavin Barraclough.
-
-        We don't unwind the stack for now as we cannot guarantee all the
-        libraries are compiled without -fomit-frame-pointer.
-
-        * tools/CodeProfile.cpp:
-        (JSC::CodeProfile::sample):
-        * tools/CodeProfiling.cpp:
-        (JSC):
-        (JSC::profilingTimer):
-        (JSC::CodeProfiling::begin):
-        (JSC::CodeProfiling::end):
-
-2012-02-16  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed. Rolling out r107980, because it broke 32 bit platforms.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (Interpreter):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::setInferredName):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/Error.h:
-        (JSC):
-
-2012-02-16  Filip Pizlo  <fpizlo@apple.com>
-
-        ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER
-        https://bugs.webkit.org/show_bug.cgi?id=78791
-
-        Rubber stamped by Oliver Hunt.
-        
-        Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
-        COMPUTED_GOTO_CLASSIC_INTERPRETER.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        (JSC):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        * interpreter/AbstractPC.cpp:
-        (JSC::AbstractPC::AbstractPC):
-        * interpreter/AbstractPC.h:
-        (AbstractPC):
-        * interpreter/CallFrame.h:
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::getOpcode):
-        (JSC::Interpreter::getOpcodeID):
-        (Interpreter):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (NativeExecutable):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-        * wtf/Platform.h:
-
-2012-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Made Weak<T> single-owner, adding PassWeak<T>
-        https://bugs.webkit.org/show_bug.cgi?id=78740
-
-        Reviewed by Sam Weinig.
-
-        This works basically the same way as OwnPtr<T> and PassOwnPtr<T>.
-
-        This clarifies the semantics of finalizers: It's ambiguous and probably
-        a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
-        twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a 
-        Weak<T>, we now use PassWeak<T>.
-
-        This also makes Weak<T> HashMaps more efficient.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since 
-        set() is gone now.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Export!
-
-        * heap/PassWeak.h: Added.
-        (JSC):
-        (PassWeak):
-        (JSC::PassWeak::PassWeak):
-        (JSC::PassWeak::~PassWeak):
-        (JSC::PassWeak::get):
-        (JSC::::leakHandle):
-        (JSC::adoptWeak):
-        (JSC::operator==):
-        (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>.
-
-        * heap/Weak.h:
-        (Weak):
-        (JSC::Weak::Weak):
-        (JSC::Weak::release):
-        (JSC::Weak::hashTableDeletedValue):
-        (JSC::=):
-        (JSC): Changed to be non-copyable, removing a lot of copying-related
-        APIs. Added hash traits so hash maps still work.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by
-        our new hash map API.
-
-2012-02-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fix the broken viewport tests
-        https://bugs.webkit.org/show_bug.cgi?id=78774
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/WTFString.cpp:
-        (WTF):
-        (WTF::toDoubleType): Template-ized to allow other functions to specify whether they
-        want to allow trailing junk or not when calling strtod.
-        (WTF::charactersToDouble):
-        (WTF::charactersToFloat):
-        (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows 
-        trailing junk.
-        * wtf/text/WTFString.h:
-        (WTF):
-
-2012-02-16  Oliver Hunt  <oliver@apple.com>
-
-        Implement Error.stack
-        https://bugs.webkit.org/show_bug.cgi?id=66994
-
-        Reviewed by Gavin Barraclough.
-
-        Implement support for stack traces on exception objects.  This is a rewrite
-        of the core portion of the last stack walking logic, but the mechanical work
-        of adding the information to an exception comes from the original work by
-        Juan Carlos Montemayor Elosua.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-        (JSC):
-        (JSC::getSourceURLFromCallFrame):
-        (JSC::getStackFrameCodeType):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (StackFrame):
-        (JSC::StackFrame::toString):
-        (Interpreter):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (functionJSCStack):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::setInferredName):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/Error.h:
-        (JSC):
-
-2012-02-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Numerous trivial bugs in Object.defineProperty
-        https://bugs.webkit.org/show_bug.cgi?id=78777
-
-        Reviewed by Sam Weinig.
-
-        There are a handful of really trivial bugs, related to Object.defineProperty:
-            * Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
-            * Calling an undefined setter should only throw in strict mode.
-            * When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
-            * Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
-            * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
-            * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
-            * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
-            * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
-            * Should be able to define an non-configurable accessor.
-        These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute.
-
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-            - Added ASSERT.
-            - Calling an undefined setter should only throw in strict mode.
-        (JSC::JSArray::putDescriptor):
-            - Should be able to define an non-configurable accessor.
-        (JSC::JSArray::defineOwnNumericProperty):
-            - Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-            - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
-        * runtime/JSArray.h:
-        (JSArray):
-            - made enterDictionaryMode public, called from JSObject.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-            - Calling an undefined setter should only throw in strict mode.
-        (JSC::JSObject::preventExtensions):
-            - Put array objects into dictionary mode to handle this!
-        (JSC::JSObject::defineOwnProperty):
-            - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
-            - Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorDefineProperties):
-            - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::attributesWithOverride):
-            - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
-        (JSC::PropertyDescriptor::attributesOverridingCurrent):
-            - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
-        * runtime/Structure.cpp:
-        (JSC::Structure::freezeTransition):
-            - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
-        (JSC::Structure::isFrozen):
-            - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
-
-2012-02-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not check the types of arguments that are dead
-        https://bugs.webkit.org/show_bug.cgi?id=78518
-
-        Reviewed by Geoff Garen.
-        
-        The argument checks are now elided if the corresponding SetArgument is dead,
-        and the abstract value of the argument is set to bottom (None, []). This is
-        performance neutral on the benchmarks we currently track.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-
-2012-02-15  Oliver Hunt  <oliver@apple.com>
-
-        Ensure that the DFG JIT always plants a CodeOrigin when making calls
-        https://bugs.webkit.org/show_bug.cgi?id=78763
-
-        Reviewed by Gavin Barraclough.
-
-        Make all calls plant a CodeOrigin prior to the actual
-        call.  Also clobbers the Interpreter with logic to ensure
-        that the interpreter always plants a bytecode offset.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (CallBeginToken):
-        (JSC::DFG::JITCompiler::beginJSCall):
-        (JSC::DFG::JITCompiler::beginCall):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryBuildGetByIDList):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * interpreter/AbstractPC.cpp:
-        (JSC::AbstractPC::AbstractPC):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallFrame):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::bytecodeOffsetForNonDFGCode):
-        (ExecState):
-        (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
-        (JSC::ExecState::codeOriginIndexForDFG):
-
-2012-02-14  Oliver Hunt  <oliver@apple.com>
-
-        Fix Interpreter.
-
-        * runtime/Executable.cpp:
-        (JSC):
-        * runtime/Executable.h:
-        (ExecutableBase):
-
-2012-02-14  Matt Lilek  <mrl@apple.com>
-
-        Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms
-        https://bugs.webkit.org/show_bug.cgi?id=78629
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-02-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix for non-DFG platforms.
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-
-2012-02-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix build and configuration goof.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::invert):
-        * dfg/DFGCommon.h:
-
-2012-02-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to emit code on control flow edges
-        https://bugs.webkit.org/show_bug.cgi?id=78515
-
-        Reviewed by Gavin Barraclough.
-        
-        This gets us a few steps closer to being able to perform global register allocation,
-        by allowing us to have landing pads on control flow edges. This will let us reshuffle
-        registers if it happens to be necessary due to different reg alloc decisions in
-        differen blocks.
-        
-        This also introduces the notion of a landing pad for OSR entry, which will allow us
-        to emit code that places data into registers when we're entering into the DFG from
-        the old JIT.
-        
-        Finally, this patch introduces a verification mode that checks that the landing pads
-        are actually emitted and do actually work as advertised. When verification is disabled,
-        this has no effect on behavior.
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::invert):
-        (JSC::MacroAssembler::isInvertible):
-        * dfg/DFGCommon.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::createOSREntries):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::linkOSREntries):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::branchDouble):
-        (JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
-        (JSC::DFG::SpeculativeJIT::branch32):
-        (JSC::DFG::SpeculativeJIT::branchTest32):
-        (JSC::DFG::SpeculativeJIT::branchPtr):
-        (JSC::DFG::SpeculativeJIT::branchTestPtr):
-        (JSC::DFG::SpeculativeJIT::branchTest8):
-        (JSC::DFG::SpeculativeJIT::jump):
-        (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit):
-        (JSC::DFG::SpeculativeJIT::emitEdgeCode):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Assertion failure under JSC::DFG::AbstractState::execute loading economist.com
-        https://bugs.webkit.org/show_bug.cgi?id=78153
-        <rdar://problem/10861712> <rdar://problem/10861947>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-
-2012-02-14  Eric Seidel  <eric@webkit.org>
-
-        Upstream Android's additions to Platform.h
-        https://bugs.webkit.org/show_bug.cgi?id=78536
-
-        Reviewed by Adam Barth.
-
-        * wtf/Platform.h:
-
-2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Replace old strtod with new strtod
-        https://bugs.webkit.org/show_bug.cgi?id=68044
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
-        (JSC::::lex):
-        * runtime/JSGlobalObjectFunctions.cpp: Ditto.
-        (JSC::parseInt):
-        (JSC::jsStrDecimalLiteral):
-        * runtime/LiteralParser.cpp: Ditto.
-        (JSC::::Lexer::lexNumber):
-        * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
-        It takes a template argument to allow clients to determine statically whether it should allow 
-        junk after the numbers or not.
-        (WTF):
-        (WTF::strtod):
-        * wtf/dtoa.h:
-        (WTF):
-        * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
-        (WTF::toDoubleType):
-
-2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        More windows build fixing
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-13  Oliver Hunt  <oliver@apple.com>
-
-        Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
-        https://bugs.webkit.org/show_bug.cgi?id=76315
-
-        Reviewed by Gavin Barraclough.
-
-        Perform a 3 byte compare using two comparisons, rather than trying to perform the
-        operation with a four byte load.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2012-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Replace old strtod with new strtod
-        https://bugs.webkit.org/show_bug.cgi?id=68044
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
-        (JSC::::lex):
-        * runtime/JSGlobalObjectFunctions.cpp: Ditto.
-        (JSC::parseInt):
-        (JSC::jsStrDecimalLiteral):
-        * runtime/LiteralParser.cpp: Ditto.
-        (JSC::::Lexer::lexNumber):
-        * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
-        It takes a template argument to allow clients to determine statically whether it should allow 
-        junk after the numbers or not.
-        (WTF):
-        (WTF::strtod):
-        * wtf/dtoa.h:
-        (WTF):
-        * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
-        (WTF::toDoubleType):
-
-2012-02-13  Sam Weinig  <sam@webkit.org>
-
-        Move JSC related assertions out of Assertions.h and into their own header
-        https://bugs.webkit.org/show_bug.cgi?id=78508
-
-        Reviewed by Gavin Barraclough.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Add GCAssertions.h
-
-        * heap/GCAssertions.h: Added.
-        Move assertions here.
-
-        * runtime/WriteBarrier.h:
-        Add #include of GCAssertions.h
-
-        * wtf/Assertions.h:
-        Remove JSC related assertions.
-
-        * wtf/Compiler.h:
-        Add compiler check for __has_trivial_destructor.
-
-2012-02-13  Chao-ying Fu  <fu@mips.com>
-
-        Update MIPS patchOffsetGetByIdSlowCaseCall
-        https://bugs.webkit.org/show_bug.cgi?id=78392
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JIT.h:
-        (JIT):
-
-2012-02-13  Patrick Gansterer  <paroga@webkit.org>
-
-        Remove obsolete #if from ThreadSpecific.h
-        https://bugs.webkit.org/show_bug.cgi?id=78485
-
-        Reviewed by Adam Roben.
-
-        Since alle platform use either pthread or Win32 for threading,
-        we can remove all PLATFORM() preprocessor statements.
-
-        * wtf/ThreadSpecific.h:
-        (ThreadSpecific):
-
-2012-02-13  Jessie Berlin  <jberlin@apple.com>
-
-        Fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-13  Sam Weinig  <sam@webkit.org>
-
-        Use C11's _Static_assert for COMPILE_ASSERT if it is available
-        https://bugs.webkit.org/show_bug.cgi?id=78506
-
-        Rubber-stamped by Antti Koivisto.
-
-        Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly
-        better error messages.
-
-        * wtf/Assertions.h:
-        Use _Static_assert if it is available.
-
-        * wtf/Compiler.h:
-        Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler.
-
-2012-02-13  Mario Sanchez Prada  <msanchez@igalia.com>
-
-        [GTK] Add GSList to the list of GObject types in GOwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=78487
-
-        Reviewed by Philippe Normand.
-
-        Handle the GSList type in GOwnPtr, by calling g_slist_free in the
-        implementation of the freeOwnedGPtr template function.
-
-        * wtf/gobject/GOwnPtr.cpp:
-        (WTF::GSList):
-        (WTF):
-        * wtf/gobject/GOwnPtr.h:
-        (WTF):
-        * wtf/gobject/GTypedefs.h:
-
-2012-02-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [EFL] Drop support for the Curl network backend.
-        https://bugs.webkit.org/show_bug.cgi?id=77874
-
-        Reviewed by Eric Seidel.
-
-        Nobody seems to be maintaining the Curl backend in WebCore, the
-        EFL port developers all seem to be using the Soup backend and the
-        port itself has many features which are only implemented for the
-        latter.
-
-        * wtf/PlatformEfl.cmake: Always build the gobject-dependent source
-        files.
-
-2012-02-13  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r107485.
-
-        * bytecode/PolymorphicPutByIdList.cpp:
-
-2012-02-13  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=78434
-        Unreviewed - temporarily reverting r107498 will I fix a couple of testcases.
-
-        * parser/Parser.cpp:
-        (JSC::::parseFunctionInfo):
-        * runtime/ClassInfo.h:
-        (MethodTable):
-        (JSC):
-        * runtime/JSCell.cpp:
-        (JSC):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC):
-        * runtime/JSGlobalObjectFunctions.h:
-        (JSC):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC):
-        (JSC::JSObject::putDirectAccessor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSValue::get):
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot):
-        * runtime/JSValue.h:
-        (JSValue):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetPrototypeOf):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/Structure.h:
-        (JSC::Structure::setHasGetterSetterProperties):
-        (Structure):
-
-2012-02-12  Ashod Nakashian  <ashodnakashian@yahoo.com>
-
-        KeywordLookupGenerator.py script fails in some cases
-        https://bugs.webkit.org/show_bug.cgi?id=77886
-
-        Reviewed by Benjamin Poulain.
-
-        * parser/Keywords.table: Converted to LF-only.
-
-2012-02-12  Shinya Kawanaka  <shinyak@google.com>
-
-        Introduce ShadowRootList.
-        https://bugs.webkit.org/show_bug.cgi?id=78069
-
-        Reviewed by Hajime Morita.
-
-        DoublyLinkedList should have tail() method to take the last element.
-
-        * wtf/DoublyLinkedList.h:
-        (DoublyLinkedList):
-        (WTF::::tail):
-        (WTF):
-
-2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [CMake] Move source files in WTF_HEADERS to WTF_SOURCES.
-        https://bugs.webkit.org/show_bug.cgi?id=78436
-
-        Reviewed by Daniel Bates.
-
-        * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES,
-        and correctly sort the files which start with 'M'.
-
-2012-02-12  Sam Weinig  <sam@webkit.org>
-
-        Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj.
-
-        Rubber-stamped by Anders Carlsson.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-02-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [CMake] Remove unused or empty variable definitions.
-        https://bugs.webkit.org/show_bug.cgi?id=78437
-
-        Reviewed by Daniel Bates.
-
-        * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition.
-        * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition.
-        * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will
-        be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES).
-
-2012-02-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution()
-        https://bugs.webkit.org/show_bug.cgi?id=78431
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2012-02-11  Benjamin Poulain  <benjamin@webkit.org>
-
-        Add back WTFURL to WebKit
-        https://bugs.webkit.org/show_bug.cgi?id=77291
-
-        Reviewed by Adam Barth.
-
-        WTFURL was removed from WebKit in r86787.
-
-        This patch adds the code back to WTF with the following changes:
-        -Guard the feature with USE(WTFURL).
-        -Change the typename CHAR to CharacterType to follow recent WebKit conventions.
-        -Fix some coding style to make check-webkit-style happy.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Platform.h:
-        * wtf/url/api/ParsedURL.cpp: Added.
-        (WTF):
-        (WTF::ParsedURL::ParsedURL):
-        (WTF::ParsedURL::scheme):
-        (WTF::ParsedURL::username):
-        (WTF::ParsedURL::password):
-        (WTF::ParsedURL::host):
-        (WTF::ParsedURL::port):
-        (WTF::ParsedURL::path):
-        (WTF::ParsedURL::query):
-        (WTF::ParsedURL::fragment):
-        (WTF::ParsedURL::segment):
-        * wtf/url/api/ParsedURL.h: Added.
-        (WTF):
-        (ParsedURL):
-        (WTF::ParsedURL::spec):
-        * wtf/url/api/URLString.h: Added.
-        (WTF):
-        (URLString):
-        (WTF::URLString::URLString):
-        (WTF::URLString::string):
-        * wtf/url/src/RawURLBuffer.h: Added.
-        (WTF):
-        (RawURLBuffer):
-        (WTF::RawURLBuffer::RawURLBuffer):
-        (WTF::RawURLBuffer::~RawURLBuffer):
-        (WTF::RawURLBuffer::resize):
-        * wtf/url/src/URLBuffer.h: Added.
-        (WTF):
-        (URLBuffer):
-        (WTF::URLBuffer::URLBuffer):
-        (WTF::URLBuffer::~URLBuffer):
-        (WTF::URLBuffer::at):
-        (WTF::URLBuffer::set):
-        (WTF::URLBuffer::capacity):
-        (WTF::URLBuffer::length):
-        (WTF::URLBuffer::data):
-        (WTF::URLBuffer::setLength):
-        (WTF::URLBuffer::append):
-        (WTF::URLBuffer::grow):
-        * wtf/url/src/URLCharacterTypes.cpp: Added.
-        (WTF):
-        ():
-        * wtf/url/src/URLCharacterTypes.h: Added.
-        (WTF):
-        (URLCharacterTypes):
-        (WTF::URLCharacterTypes::isQueryChar):
-        (WTF::URLCharacterTypes::isIPv4Char):
-        (WTF::URLCharacterTypes::isHexChar):
-        ():
-        (WTF::URLCharacterTypes::isCharOfType):
-        * wtf/url/src/URLComponent.h: Added.
-        (WTF):
-        (URLComponent):
-        (WTF::URLComponent::URLComponent):
-        (WTF::URLComponent::fromRange):
-        (WTF::URLComponent::isValid):
-        (WTF::URLComponent::isNonEmpty):
-        (WTF::URLComponent::isEmptyOrInvalid):
-        (WTF::URLComponent::reset):
-        (WTF::URLComponent::operator==):
-        (WTF::URLComponent::begin):
-        (WTF::URLComponent::setBegin):
-        (WTF::URLComponent::length):
-        (WTF::URLComponent::setLength):
-        (WTF::URLComponent::end):
-        * wtf/url/src/URLEscape.cpp: Added.
-        (WTF):
-        ():
-        * wtf/url/src/URLEscape.h: Added.
-        (WTF):
-        (WTF::appendURLEscapedCharacter):
-        * wtf/url/src/URLParser.h: Added.
-        (WTF):
-        (URLParser):
-        ():
-        (WTF::URLParser::isPossibleAuthorityTerminator):
-        (WTF::URLParser::parseAuthority):
-        (WTF::URLParser::extractScheme):
-        (WTF::URLParser::parseAfterScheme):
-        (WTF::URLParser::parseStandardURL):
-        (WTF::URLParser::parsePath):
-        (WTF::URLParser::parsePathURL):
-        (WTF::URLParser::parseMailtoURL):
-        (WTF::URLParser::parsePort):
-        (WTF::URLParser::extractFileName):
-        (WTF::URLParser::extractQueryKeyValue):
-        (WTF::URLParser::isURLSlash):
-        (WTF::URLParser::shouldTrimFromURL):
-        (WTF::URLParser::trimURL):
-        (WTF::URLParser::consecutiveSlashes):
-        (WTF::URLParser::isPortDigit):
-        (WTF::URLParser::nextAuthorityTerminator):
-        (WTF::URLParser::parseUserInfo):
-        (WTF::URLParser::parseServerInfo):
-        * wtf/url/src/URLQueryCanonicalizer.h: Added.
-        (WTF):
-        (URLQueryCanonicalizer):
-        (WTF::URLQueryCanonicalizer::canonicalize):
-        (WTF::URLQueryCanonicalizer::isAllASCII):
-        (WTF::URLQueryCanonicalizer::isRaw8Bit):
-        (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
-        (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
-        * wtf/url/src/URLSegments.cpp: Added.
-        (WTF):
-        (WTF::URLSegments::length):
-        (WTF::URLSegments::charactersBefore):
-        * wtf/url/src/URLSegments.h: Added.
-        (WTF):
-        (URLSegments):
-        ():
-        (WTF::URLSegments::URLSegments):
-
-2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path
-        https://bugs.webkit.org/show_bug.cgi?id=78430
-        <rdar://problem/10849469> <rdar://problem/10849684>
-
-        Reviewed by Gavin Barraclough.
-        
-        The old JIT's put_by_id transition caching involves repatching the slow call to
-        a generated stub. That means that the call is counted as "slow case". So, this
-        patch inserts code to decrement the slow case count if the stub succeeds.
-        
-        Looks like a ~1% speed-up on V8.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix for Qt.
-
-        * wtf/DataLog.h:
-
-2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to send all JSC debug logging to a file
-        https://bugs.webkit.org/show_bug.cgi?id=78418
-
-        Reviewed by Sam Weinig.
-        
-        Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
-        and WTF::dataLogV. Changed all debugging- and profiling-related printfs
-        to use WTF::dataLog() or one of its friends. By default, debug logging
-        goes to stderr, unless you change the setting in wtf/DataLog.cpp.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::dumpLinkStatistics):
-        (JSC::LinkBuffer::dumpCode):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::vprintfStdoutInstr):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::printGlobalResolveInfo):
-        (JSC::printStructureStubInfo):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::dumpStatistics):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::tallyFrequentExitSites):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/Opcode.cpp:
-        (JSC::OpcodeStats::~OpcodeStats):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingFlags::stop):
-        (JSC::SamplingRegion::dumpInternal):
-        (JSC::SamplingTool::dump):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::linkBlock):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCommon.h:
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::printWhiteSpace):
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
-        (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::propagatePredictionsForward):
-        (JSC::DFG::Propagator::propagatePredictionsBackward):
-        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::fixup):
-        (JSC::DFG::Propagator::startIndexForChildren):
-        (JSC::DFG::Propagator::endIndexForPureCSE):
-        (JSC::DFG::Propagator::setReplacement):
-        (JSC::DFG::Propagator::eliminate):
-        (JSC::DFG::Propagator::performNodeCSE):
-        (JSC::DFG::Propagator::localCSE):
-        (JSC::DFG::Propagator::allocateVirtualRegisters):
-        (JSC::DFG::Propagator::performBlockCFA):
-        (JSC::DFG::Propagator::performForwardCFA):
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::dump):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::dump):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::dump):
-        (JSC::DFG::SpeculativeJIT::checkConsistency):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        * heap/Heap.cpp:
-        (JSC::Heap::destroy):
-        * heap/MarkedBlock.h:
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::dumpCaller):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * profiler/Profile.cpp:
-        (JSC::Profile::debugPrintData):
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::debugPrintData):
-        (JSC::ProfileNode::debugPrintDataSampleStyle):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::dumpRegExpTrace):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::matchCompareWithInterpreter):
-        * runtime/SamplingCounter.cpp:
-        (JSC::AbstractSamplingCounter::dump):
-        * runtime/SamplingCounter.h:
-        (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/Structure.cpp:
-        (JSC::Structure::dumpStatistics):
-        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
-        * tools/CodeProfile.cpp:
-        (JSC::CodeProfile::report):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::dumpInternal):
-        * wtf/CMakeLists.txt:
-        * wtf/DataLog.cpp: Added.
-        (WTF):
-        (WTF::initializeLogFileOnce):
-        (WTF::initializeLogFile):
-        (WTF::dataFile):
-        (WTF::dataLogV):
-        (WTF::dataLog):
-        * wtf/DataLog.h: Added.
-        (WTF):
-        * wtf/HashTable.cpp:
-        (WTF::HashTableStats::~HashTableStats):
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocator::dumpProfile):
-        * wtf/text/WTFString.cpp:
-        (String::show):
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::dumpDisjunction):
-
-2012-02-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Move special __proto__ property to Object.prototype
-        https://bugs.webkit.org/show_bug.cgi?id=78409
-
-        Reviewed by Oliver Hunt.
-
-        Re-implement this as a regular accessor property.  This has three key benefits:
-        1) It makes it possible for objects to be given properties named __proto__.
-        2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
-        3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
-
-        * parser/Parser.cpp:
-        (JSC::::parseFunctionInfo):
-            - No need to prohibit functions named __proto__.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-            - Add __proto__ accessor to Object.prototype.
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncProtoGetter):
-        (JSC::globalFuncProtoSetter):
-            - Definition of the __proto__ accessor functions.
-        * runtime/JSGlobalObjectFunctions.h:
-            - Declaration of the __proto__ accessor functions.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-            - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
-        (JSC::JSObject::putDirectAccessor):
-            - Track on the structure whether an object contains accessors other than one for __proto__.
-        (JSC::JSObject::defineOwnProperty):
-            - No need to prohibit definition of own properties named __proto__.
-        * runtime/JSObject.h:
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-            - Remove the special handling for __proto__.
-        (JSC::JSValue::get):
-            - Remove the special handling for __proto__.
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot):
-            - Remove the special handling for __proto__.
-        * runtime/JSValue.h:
-        (JSValue):
-            - Made synthesizePrototype public (this may be needed by the __proto__ getter).
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetPrototypeOf):
-            - Perform the security check & call prototype() directly.
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
-        * runtime/Structure.h:
-        (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
-        (JSC::Structure::setHasGetterSetterProperties):
-        (Structure):
-            - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
-
-2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA assumes that a WeakJSConstant's structure is known
-        https://bugs.webkit.org/show_bug.cgi?id=78428
-        <rdar://problem/10849492> <rdar://problem/10849621>
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Qt debug build fix
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate 
-        JSFinalObjects in the destuctor subspace, so we should remove this assert so it 
-        doesn't cause crashes.
-
-2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Old 32_64 JIT should assert that its use of map() is consistent with the DFG
-        OSR exit's expectations
-        https://bugs.webkit.org/show_bug.cgi?id=78419
-        <rdar://problem/10817121>
-
-        Reviewed by Oliver Hunt.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::map):
-
-2012-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Reduce the reentrancy limit of the interpreter for the iOS simulator
-        https://bugs.webkit.org/show_bug.cgi?id=78400
-
-        Reviewed by Gavin Barraclough.
-
-        * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks.
-        (JSC):
-
-2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        [DFG] Misuse of WeakJSConstants in silentFillGPR code.
-        https://bugs.webkit.org/show_bug.cgi?id=78423
-        <rdar://problem/10849353> <rdar://problem/10804043>
-
-        Reviewed by Sam Weinig.
-        
-        The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
-        This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
-        hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentFillGPR):
-
-2012-02-11  Sam Weinig  <sam@webkit.org>
-
-        Prepare JavaScriptCore to build with libc++
-        <rdar://problem/10426673>
-        https://bugs.webkit.org/show_bug.cgi?id=78424
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/NullPtr.cpp:
-        * wtf/NullPtr.h:
-        libc++ provides std::nullptr emulation, so we don't have to.
-
-2012-02-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have polymorphic put_by_id caching
-        https://bugs.webkit.org/show_bug.cgi?id=78062
-        <rdar://problem/10326439> <rdar://problem/10824839>
-
-        Reviewed by Oliver Hunt.
-        
-        Implemented polymorphic put_by_id caching in the DFG, and added much of the
-        machinery that would be needed to implement it in the old JIT as well.
-        
-        I decided against using the old PolymorphicAccessStructureList mechanism as
-        this didn't quite fit with put_by_id. In particular, I wanted the ability to
-        have one list that captured all relevant cases (including proto put_by_id
-        if we ever decided to do it). And I wanted the code to have better
-        encapsulation. And I didn't want to get confused by the fact that the
-        original (non-list) put_by_id cache may itself consist of a stub routine.
-        
-        This code is still sub-optimal (for example adding a replace to a list whose
-        previous elements are all transitions should just repatch the original code,
-        but here it will generate a stub) but it already generates a >20% speed-up
-        on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/PolymorphicPutByIdList.cpp: Added.
-        (JSC):
-        (JSC::PutByIdAccess::fromStructureStubInfo):
-        (JSC::PutByIdAccess::visitWeak):
-        (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
-        (JSC::PolymorphicPutByIdList::from):
-        (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList):
-        (JSC::PolymorphicPutByIdList::isFull):
-        (JSC::PolymorphicPutByIdList::isAlmostFull):
-        (JSC::PolymorphicPutByIdList::addAccess):
-        (JSC::PolymorphicPutByIdList::visitWeak):
-        * bytecode/PolymorphicPutByIdList.h: Added.
-        (JSC):
-        (PutByIdAccess):
-        (JSC::PutByIdAccess::PutByIdAccess):
-        (JSC::PutByIdAccess::transition):
-        (JSC::PutByIdAccess::replace):
-        (JSC::PutByIdAccess::isSet):
-        (JSC::PutByIdAccess::operator!):
-        (JSC::PutByIdAccess::type):
-        (JSC::PutByIdAccess::isTransition):
-        (JSC::PutByIdAccess::isReplace):
-        (JSC::PutByIdAccess::oldStructure):
-        (JSC::PutByIdAccess::structure):
-        (JSC::PutByIdAccess::newStructure):
-        (JSC::PutByIdAccess::chain):
-        (JSC::PutByIdAccess::stubRoutine):
-        (PolymorphicPutByIdList):
-        (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
-        (JSC::PolymorphicPutByIdList::isEmpty):
-        (JSC::PolymorphicPutByIdList::size):
-        (JSC::PolymorphicPutByIdList::at):
-        (JSC::PolymorphicPutByIdList::operator[]):
-        (JSC::PolymorphicPutByIdList::kind):
-        * bytecode/PutKind.h: Added.
-        (JSC):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        (JSC::StructureStubInfo::visitWeakReferences):
-        * bytecode/StructureStubInfo.h:
-        (JSC):
-        (JSC::isPutByIdAccess):
-        (JSC::StructureStubInfo::initPutByIdList):
-        (StructureStubInfo):
-        (JSC::StructureStubInfo::reset):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        (DFG):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::appropriateGenericPutByIdFunction):
-        (JSC::DFG::appropriateListBuildingPutByIdFunction):
-        (DFG):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::dfgRepatchPutByID):
-        (JSC::DFG::tryBuildPutByIdList):
-        (JSC::DFG::dfgBuildPutByIdList):
-        (JSC::DFG::dfgResetPutByID):
-        * dfg/DFGRepatch.h:
-        (DFG):
-        * runtime/WriteBarrier.h:
-        (WriteBarrierBase):
-        (JSC::WriteBarrierBase::copyFrom):
-
-2012-02-10  Vineet Chaudhary  <rgf748@motorola.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=72756
-        DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it 
-
-        Reviewed by Timothy Hatcher.
-
-        * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and
-          AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions.
-
-2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing windows build
-
-        Unreviewed build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-02-10  Adam Klein  <adamk@chromium.org>
-
-        Enable MUTATION_OBSERVERS by default on all platforms
-        https://bugs.webkit.org/show_bug.cgi?id=78196
-
-        Reviewed by Ojan Vafai.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-02-10  Yong Li  <yoli@rim.com>
-
-        ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
-        https://bugs.webkit.org/show_bug.cgi?id=76724
-
-        Reviewed by Rob Buis.
-
-        This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on.
-        The size used to call makeExecutable can be smaller than the one that was used for makeWritable.
-        So it can leave pages behind that are not set back to default flags. When an assembly on one of those
-        pages is executed or JIT returns to those pages in the case it was already executing from there, the
-        software will crash.
-
-        * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization().
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::linkCode):
-        (JSC::LinkBuffer::performFinalization):
-        (LinkBuffer):
-
-2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Split MarkedSpace into destructor and destructor-free subspaces
-        https://bugs.webkit.org/show_bug.cgi?id=77761
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
-        * heap/Heap.h:
-        (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to 
-        pick which subspace they want to allocate out of.
-        (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
-        (Heap):
-        (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
-        (JSC):
-        (JSC::Heap::allocateWithoutDestructor): Ditto.
-        * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate 
-        their MarkedBlocks correctly.
-        (JSC::MarkedAllocator::allocateBlock):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::cellsNeedDestruction):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC):
-        (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
-        an init function that does all of that stuff in fewer lines.
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::recycle):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make 
-        checking the m_cellsNeedDestructor flag faster and cleaner looking.
-        (JSC):
-        (JSC::MarkedBlock::specializedSweep):
-        (JSC::MarkedBlock::sweep):
-        (JSC::MarkedBlock::sweepHelper):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::cellsNeedDestruction):
-        (JSC):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::TakeIfUnmarked::operator()):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (Subspace):
-        (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of 
-        allocators.
-        (JSC):
-        (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
-        (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
-        (JSC::MarkedSpace::allocateWithDestructor): Ditto.
-        (JSC::MarkedSpace::forEachBlock):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateJSFinalObject):
-        (JSC::JIT::emitAllocateJSFunction):
-        * runtime/JSArray.cpp:
-        (JSC):
-        * runtime/JSArray.h:
-        (JSArray):
-        (JSC::JSArray::create):
-        (JSC):
-        (JSC::JSArray::tryCreateUninitialized):
-        * runtime/JSCell.h:
-        (JSCell):
-        (JSC):
-        (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires 
-        destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this 
-        constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
-        (JSC::allocateCell): 
-        * runtime/JSFunction.cpp:
-        (JSC):
-        * runtime/JSFunction.h:
-        (JSFunction):
-        * runtime/JSObject.cpp:
-        (JSC):
-        * runtime/JSObject.h:
-        (JSNonFinalObject):
-        (JSC):
-        (JSFinalObject):
-        (JSC::JSFinalObject::create):
-
-2012-02-10  Adrienne Walker  <enne@google.com>
-
-        Remove implicit copy constructor usage in HashMaps with OwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=78071
-
-        Reviewed by Darin Adler.
-
-        Change the return type of emptyValue() in PairHashTraits to be the
-        actual type returned rather than the trait type to avoid an implicit
-        generation of the OwnPtr copy constructor. This happens for hash
-        traits involving OwnPtr where the empty value is not zero and each
-        hash bucket needs to be initialized with emptyValue().
-
-        Also, update StructureTransitionTable to use default hash traits
-        rather than rolling its own, in order to update it to handle
-        EmptyValueType.
-
-        Test: patch from bug 74154 compiles on Clang with this patch
-
-        * runtime/StructureTransitionTable.h:
-        (StructureTransitionTable):
-        * wtf/HashTraits.h:
-        (GenericHashTraits):
-        (PairHashTraits):
-        (WTF::PairHashTraits::emptyValue):
-
-2012-02-10  Aron Rosenberg  <arosenberg@logitech.com>
-
-        [Qt] Fix compiler warning in Visual Studio 2010 about TR1
-        https://bugs.webkit.org/show_bug.cgi?id=63642
-
-        Reviewed by Simon Hausmann.
-
-        * JavaScriptCore.pri:
-
-2012-02-10  Michael Saboff  <msaboff@apple.com>
-
-        Yarr assert with regexp where alternative in *-quantified group matches empty
-        https://bugs.webkit.org/show_bug.cgi?id=67752        
-
-        Reviewed by Gavin Barraclough.
-
-        Added backtracking for the prior alternative if it matched
-        but didn't consume any input characters.
-
-        * yarr/YarrJIT.cpp:
-        (YarrOp): New jump.
-        (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
-        when an alternative matches and no input was consumed.  Moved the
-        zero length match check for a set of alternatives to the alternative
-        code from the parentheses cases to the alternative end cases.
-        Converted the existing zero length checks in the parentheses cases
-        to runtime assertion checks.
-        (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
-        to prior term.
-
-2012-02-10  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
-
-        [Qt] GC should be parallel on Qt platform
-        https://bugs.webkit.org/show_bug.cgi?id=73309
-
-        Reviewed by Zoltan Herczeg.
-
-        These changes made the parallel gc feature available for Qt port.
-        The implementation of "registerGCThread" and "isMainThreadOrGCThread",
-        and a local static function [initializeGCThreads] is moved from
-        MainThreadMac.mm to the common MainThread.cpp to make them available
-        for other platforms.
-
-        Measurement results:
-        V8           speed-up:  1.025x as fast  [From: 663.4ms  To: 647.0ms ]
-        V8 Splay     speed-up:  1.185x as fast  [From: 138.4ms  To: 116.8ms ]
-
-        Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
-
-        * JavaScriptCore.order:
-        * wtf/MainThread.cpp:
-        (WTF::initializeMainThread):
-        (WTF):
-        (WTF::initializeGCThreads):
-        (WTF::registerGCThread):
-        (WTF::isMainThreadOrGCThread):
-        * wtf/MainThread.h:
-        (WTF):
-        * wtf/Platform.h:
-        * wtf/mac/MainThreadMac.mm:
-        (WTF):
-
-2012-02-09  Andy Wingo  <wingo@igalia.com>
-
-        Eliminate dead code in BytecodeGenerator::resolve()
-        https://bugs.webkit.org/show_bug.cgi?id=78242
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve):
-        BytecodeGenerator::shouldOptimizeLocals() is only true for
-        FunctionCode, and thus cannot be true for GlobalCode.
-
-2012-02-09  Andy Wingo  <wingo@igalia.com>
-
-        Remove BytecodeGenerator::isLocal
-        https://bugs.webkit.org/show_bug.cgi?id=78241
-
-        Minor refactor to BytecodeGenerator.
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::isLocal):
-        (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused
-        methods.
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::isPure): Use the ResolveResult mechanism
-        instead of isLocal.  This will recognize more resolve nodes as
-        being pure.
-        (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the
-        location instead of isLocalConstant.
-
-2012-02-09  Oliver Hunt  <oliver@apple.com>
-
-        The JS Parser scope object needs a VectorTrait specialization
-        https://bugs.webkit.org/show_bug.cgi?id=78308
-
-        Reviewed by Gavin Barraclough.
-
-        This showed up as a periodic crash in various bits of generated code
-        originally, but I've added an assertion in the bytecode generator
-        that makes the effected code much more crash-happy should it go
-        wrong again.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        * parser/Parser.cpp:
-        * parser/Parser.h:
-        (JSC):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::isValidScopedLookup):
-        (JSActivation):
-
-2012-02-08  Oliver Hunt  <oliver@apple.com>
-
-        Whoops, fix the build.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-
-2012-02-08  Oliver Hunt  <oliver@apple.com>
-
-        Fix issue encountered while debugging stacktraces
-        https://bugs.webkit.org/show_bug.cgi?id=78147
-
-        Reviewed by Gavin Barraclough.
-
-        Debugging is easier if we always ensure that we have a non-null
-        inferred name.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-
-2012-02-08  Oliver Hunt  <oliver@apple.com>
-
-        updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs
-        https://bugs.webkit.org/show_bug.cgi?id=78145
-
-        Reviewed by Gavin Barraclough.
-
-        Fix the updateTopCallFrame helper to store additional information
-        that becomes necessary when we are trying to provide more stack
-        frame information.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::bytecodeOffsetForBaselineJIT):
-        (ExecState):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::updateTopCallFrame):
-
-2012-02-07  Robert Kroeger  <rjkroege@chromium.org>
-
-        [chromium] Remove the enable marcro for the no longer necessary Chromium
-        gesture recognizer.
-        https://bugs.webkit.org/show_bug.cgi?id=77492
-
-        Reviewed by Adam Barth.
-
-        * wtf/Platform.h:
-
-2012-02-07  Tony Chang  <tony@chromium.org>
-
-        merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in
-        https://bugs.webkit.org/show_bug.cgi?id=78036
-
-        Reviewed by Darin Adler.
-
-        * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES.
-
-2012-02-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
-
-        [CMAKE] Use *bin* and *lib* directories for executable and libraries.
-        https://bugs.webkit.org/show_bug.cgi?id=77928
-
-        Reviewed by Daniel Bates.
-
-        CMake has used *Programs* directory for executable. In addition, shared libraries are being
-        built in source directory. It is better to set common places in order to maintain executable
-        and libraries. *bin* is for executable and *lib* is for library.
-
-        * shell/CMakeLists.txt: Change *Programs* with *bin*.
-
-2012-02-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Crash on http://www.rickshawbags.com/
-        https://bugs.webkit.org/show_bug.cgi?id=78045
-
-        Reviewed by Darin Adler.
-
-        Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
-        
-        This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
-        isVariableObject() checks were excluding StaticScopeObjects, this patch
-        inadvertently changed them to be included.
-
-        * runtime/JSType.h:
-            - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
-              and thus is excluded from isVariableObject() checks.
-
-2012-02-06  Jer Noble  <jer.noble@apple.com>
-
-        Use CMClock as a timing source for PlatformClock where available.
-        https://bugs.webkit.org/show_bug.cgi?id=77885
-
-        Reviewed by Eric Carlson.
-
-        * wtf/Platform.h: Added WTF_USE_COREMEDIA.
-
-2012-02-06  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueToNumber and ValueToDouble nodes don't do anything and should be removed
-        https://bugs.webkit.org/show_bug.cgi?id=77855
-        <rdar://problem/10811325>
-
-        Reviewed by Gavin Barraclough.
-        
-        Removed ValueToNumber and ValueToDouble, because the only thing they were doing
-        was wasting registers.
-        
-        This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken,
-        mostly due to a >10% win on gaussian-blur. No win anywhere else.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getToInt32):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        (DFG):
-        (JSC::DFG::Node::hasArithNodeFlags):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::vote):
-        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
-        (Propagator):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::canonicalize):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed WinCE build fix after r106197.
-
-        * tools/CodeProfiling.cpp:
-        (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it.
-
-2012-02-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
-        https://bugs.webkit.org/show_bug.cgi?id=77451
-
-        Reviewed by Sam Weinig.
-
-        These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
-        Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
-
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::defineOwnProperty):
-        * debugger/DebuggerActivation.h:
-        (DebuggerActivation):
-        * runtime/ClassInfo.h:
-        (MethodTable):
-        (JSC):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::finishCreation):
-        * runtime/JSCell.cpp:
-        (JSC):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::defineOwnProperty):
-        (JSC):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        * runtime/JSObject.cpp:
-        (JSC):
-        * runtime/JSObject.h:
-        (JSObject):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-
-2012-02-06  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2012-02-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG's child references from one node to another should have room for type information
-        https://bugs.webkit.org/show_bug.cgi?id=77797
-
-        Reviewed by Oliver Hunt.
-        
-        The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned)
-        and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated
-        together as a DFG::NodeUse, which can in most cases still be used as an index (for
-        example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places
-        where they really want a NodeIndex).
-        
-        The NodeUse stores both the index and the UseKind without bloating the memory usage of
-        DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is
-        roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile
-        something - likely a sensible assumption! - then we will only be able to have room for
-        about 24 million nodes, which means we only need about 24.5 bits for the node index).
-        Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index,
-        but stores the index as a signed number to make NoNode work naturally. Hence we really
-        just have 27 bits for the index.
-        
-        This is performance-neutral on all benchmarks we track.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::forNode):
-        (AbstractState):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (JSC::DFG::ByteCodeParser::addVarArgChild):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        * dfg/DFGCommon.h:
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (DFG):
-        * dfg/DFGGraph.h:
-        (Graph):
-        (JSC::DFG::Graph::operator[]):
-        (JSC::DFG::Graph::at):
-        (JSC::DFG::Graph::ref):
-        (JSC::DFG::Graph::deref):
-        (JSC::DFG::Graph::clearAndDerefChild1):
-        (JSC::DFG::Graph::clearAndDerefChild2):
-        (JSC::DFG::Graph::clearAndDerefChild3):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::getPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::child1):
-        (JSC::DFG::Node::child1Unchecked):
-        (JSC::DFG::Node::child2):
-        (JSC::DFG::Node::child3):
-        (JSC::DFG::Node::firstChild):
-        (JSC::DFG::Node::numChildren):
-        (JSC::DFG::Node::dumpChildren):
-        (Node):
-        * dfg/DFGNodeReferenceBlob.h: Added.
-        (DFG):
-        (NodeReferenceBlob):
-        (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob):
-        (JSC::DFG::NodeReferenceBlob::child):
-        (JSC::DFG::NodeReferenceBlob::child1):
-        (JSC::DFG::NodeReferenceBlob::child2):
-        (JSC::DFG::NodeReferenceBlob::child3):
-        (JSC::DFG::NodeReferenceBlob::child1Unchecked):
-        (JSC::DFG::NodeReferenceBlob::initialize):
-        (JSC::DFG::NodeReferenceBlob::firstChild):
-        (JSC::DFG::NodeReferenceBlob::setFirstChild):
-        (JSC::DFG::NodeReferenceBlob::numChildren):
-        (JSC::DFG::NodeReferenceBlob::setNumChildren):
-        * dfg/DFGNodeUse.h: Added.
-        (DFG):
-        (NodeUse):
-        (JSC::DFG::NodeUse::NodeUse):
-        (JSC::DFG::NodeUse::indexUnchecked):
-        (JSC::DFG::NodeUse::index):
-        (JSC::DFG::NodeUse::setIndex):
-        (JSC::DFG::NodeUse::useKind):
-        (JSC::DFG::NodeUse::setUseKind):
-        (JSC::DFG::NodeUse::isSet):
-        (JSC::DFG::NodeUse::operator!):
-        (JSC::DFG::NodeUse::operator==):
-        (JSC::DFG::NodeUse::operator!=):
-        (JSC::DFG::NodeUse::shift):
-        (JSC::DFG::NodeUse::makeWord):
-        (JSC::DFG::operator==):
-        (JSC::DFG::operator!=):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::vote):
-        (JSC::DFG::Propagator::toDouble):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::canonicalize):
-        (JSC::DFG::Propagator::startIndex):
-        (JSC::DFG::Propagator::globalVarLoadElimination):
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::performSubstitution):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::use):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::useChildren):
-        (JSC::DFG::SpeculativeJIT::writeBarrier):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::at):
-        (JSC::DFG::SpeculativeJIT::canReuse):
-        (JSC::DFG::SpeculativeJIT::use):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (JSC::DFG::IntegerOperand::IntegerOperand):
-        (JSC::DFG::DoubleOperand::DoubleOperand):
-        (JSC::DFG::JSValueOperand::JSValueOperand):
-        (JSC::DFG::StorageOperand::StorageOperand):
-        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compileValueAdd):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileValueAdd):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-05  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
-
-        [CMAKE] Support javascriptcore test for EFL port. 
-        https://bugs.webkit.org/show_bug.cgi?id=77425
-
-        Reviewed by Daniel Bates.
-
-        Efl and WinCE as well as Blackberry port are now using Cmake as its build system
-        and they are share the make file to create jsc excutable. In order to run
-        "run-javascriptcore-tests", EFL port needs to change jsc installation configuration
-        with executable output directory(e.g. Programs). So, this patch change jsc installation
-        configuration only for EFL port.
-
-        * shell/CMakeLists.txt:
-
-2012-02-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
-            - Fix comment.
-
-2012-02-04  Kalev Lember  <kalevlember@gmail.com>
-
-        [GTK] CurrentTime: Reorder headers for win32
-        https://bugs.webkit.org/show_bug.cgi?id=77808
-
-        Reviewed by Martin Robinson.
-
-        In GTK+ win32 port, monotonicallyIncreasingTime() implementation is
-        based on g_get_monotonic_time(). Reorder headers to make sure glib.h
-        gets included even when the platform is win32.
-
-        CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()':
-        CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope
-        CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type]
-
-        * wtf/CurrentTime.cpp:
-
-2012-02-03  Anders Carlsson  <andersca@apple.com>
-
-        Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores
-        https://bugs.webkit.org/show_bug.cgi?id=77788
-
-        Reviewed by Andreas Kling.
-
-        The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to 
-        code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening.
-
-        * wtf/FastAllocBase.h:
-
-2012-02-03  Rob Buis  <rbuis@rim.com>
-
-        Fix alignment warnings in ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=55368
-
-        Reviewed by Filip Pizlo.
-
-        Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code.
-
-        * heap/HandleTypes.h:
-        (JSC::HandleTypes::getFromSlot):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::specializedSweep):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::forEachCell):
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::unvalidatedGet):
-
-2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Build fix
-
-        Unreviewed build fix
-
-        Forgot to add a couple files.
-
-        * heap/MarkedAllocator.cpp: Added.
-        (JSC):
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::tryAllocate):
-        (JSC::MarkedAllocator::allocateSlowCase):
-        (JSC::MarkedAllocator::allocateBlock):
-        (JSC::MarkedAllocator::addBlock):
-        (JSC::MarkedAllocator::removeBlock):
-        * heap/MarkedAllocator.h: Added.
-        (JSC):
-        (DFG):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::cellSize):
-        (JSC::MarkedAllocator::heap):
-        (JSC::MarkedAllocator::setHeap):
-        (JSC::MarkedAllocator::setCellSize):
-        (JSC::MarkedAllocator::setMarkedSpace):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::allocate):
-        (JSC::MarkedAllocator::reset):
-        (JSC::MarkedAllocator::zapFreeList):
-        (JSC::MarkedAllocator::forEachBlock):
-
-2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Refactor MarkedBlock::SizeClass into a separate class
-        https://bugs.webkit.org/show_bug.cgi?id=77600
-
-        Reviewed by Geoffrey Garen.
-
-        We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
-        the responsibility of allocating objects from the collection of MarkedBlocks 
-        that it manages. Also limited the amount of coupling to internal data fields 
-        from other places, although it's mostly unavoidable in the JIT code.
-
-        Eventually MarkedAllocator will implement various policies to do with object 
-        management, e.g. whether or not to run destructors on objects that it manages.
-        MarkedSpace will manage a collection of MarkedAllocators with varying policies,
-        as it does now but to a larger extent. 
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        (JSC::Heap::resetAllocators):
-        * heap/Heap.h:
-        (JSC::Heap::allocatorForObject):
-        (Heap):
-        * heap/MarkedAllocator.cpp: Added.
-        (JSC):
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::tryAllocate):
-        (JSC::MarkedAllocator::allocateSlowCase):
-        (JSC::MarkedAllocator::allocateBlock):
-        (JSC::MarkedAllocator::addBlock):
-        (JSC::MarkedAllocator::removeBlock):
-        * heap/MarkedAllocator.h: Added.
-        (JSC):
-        (DFG):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::cellSize):
-        (JSC::MarkedAllocator::heap):
-        (JSC::MarkedAllocator::setHeap):
-        (JSC::MarkedAllocator::setCellSize):
-        (JSC::MarkedAllocator::setMarkedSpace):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::allocate):
-        (JSC::MarkedAllocator::reset):
-        (JSC::MarkedAllocator::zapFreeList):
-        (JSC::MarkedAllocator::forEachBlock):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::TakeIfUnmarked::operator()):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::allocatorFor):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::forEachBlock):
-        (JSC::MarkedSpace::didAddBlock):
-        (JSC::MarkedSpace::didConsumeFreeList):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-
-2012-02-03  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Replace GNU linker script for exports with export macros in WTF/JSC
-        https://bugs.webkit.org/show_bug.cgi?id=77723
-
-        Reviewed by Tor Arne Vestbø.
-
-        * wtf/Platform.h: Enable use of export macros.
-
-2012-02-02  Hajime Morrita  <morrita@chromium.org>
-
-        Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation.
-
-        * interpreter/Interpreter.h:
-        (Interpreter):
-
-2012-01-31  Hajime Morrita  <morrita@chromium.org>
-
-        [Mac] eliminate JavaScriptCore.exp
-        https://bugs.webkit.org/show_bug.cgi?id=72854
-
-        Reviewed by Darin Adler.
-
-        - Removed exp files and corresponding makefile entries.
-        - Changed the build configuration no to use exp file.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * DerivedSources.make:
-        * JavaScriptCore.JSVALUE32_64only.exp: Removed.
-        * JavaScriptCore.JSVALUE64only.exp: Removed.
-        * JavaScriptCore.exp: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Platform.h:
-
-2012-02-02  Benjamin Poulain  <bpoulain@apple.com>
-
-        Running a Web Worker on about:blank crashes the interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=77593
-
-        Reviewed by Michael Saboff.
-
-        The method Interpreter::execute() was crashing on empty programs because
-        the assumption is made the source is not null.
-
-        This patch shortcut the execution when the String is null to avoid invalid
-        memory access.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2012-02-02  Kalev Lember  <kalevlember@gmail.com>
-
-        [GTK] Use win32 native threading
-        https://bugs.webkit.org/show_bug.cgi?id=77676
-
-        Reviewed by Martin Robinson.
-
-        r97269 switched from glib threading to pthreads, breaking win32 GTK+.
-        This is a follow up, removing some leftovers in ThreadSpecific.h and
-        switching win32 to use the native threading in ThreadingWin.cpp.
-
-        * GNUmakefile.list.am: Compile in win32 native threading support
-        * wtf/ThreadSpecific.h: Remove GTK+-specific definitions
-        (ThreadSpecific):
-        (WTF::::destroy):
-
-2012-02-02  Filip Pizlo  <fpizlo@apple.com>
-
-        retrieveCallerFromVMCode should call trueCallerFrame
-        https://bugs.webkit.org/show_bug.cgi?id=77684
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-
-2012-02-02  Kalev Lember  <kalevlember@gmail.com>
-
-        [GTK] Implement current executable path finding for win32
-        https://bugs.webkit.org/show_bug.cgi?id=77677
-
-        Reviewed by Martin Robinson.
-
-        The WTF helper for getting the binary path that was added in r101710
-        left out the win32 implementation. Fix this.
-
-        * wtf/gobject/GlibUtilities.cpp:
-        (getCurrentExecutablePath):
-
-2012-02-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Throwing away bytecode and then reparsing during DFG optimization is just
-        plain wrong and makes things crash
-        https://bugs.webkit.org/show_bug.cgi?id=77680
-        <rdar://problem/10798490>
-
-        Reviewed by Oliver Hunt.
-
-        This is the minimal surgical fix: it removes the code that triggered bytecode
-        throw-away. Once we're confident that this is a good idea, we can kill all of
-        the code that implements the feature.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::discardBytecodeLater):
-        (JSC::CodeBlock::addValueProfile):
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-
-2012-02-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Release build debugging should be easier
-        https://bugs.webkit.org/show_bug.cgi?id=77669
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/ARMAssembler.h:
-        (ARMAssembler):
-        (JSC::ARMAssembler::debugOffset):
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::debugOffset):
-        (ARMInstructionFormatter):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
-        * assembler/AbstractMacroAssembler.h:
-        (AbstractMacroAssembler):
-        (JSC::AbstractMacroAssembler::debugOffset):
-        * assembler/AssemblerBuffer.h:
-        (AssemblerBuffer):
-        (JSC::AssemblerBuffer::debugOffset):
-        * assembler/LinkBuffer.h:
-        (LinkBuffer):
-        (JSC::LinkBuffer::debugSize):
-        * assembler/MIPSAssembler.h:
-        (MIPSAssembler):
-        (JSC::MIPSAssembler::debugOffset):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::debugOffset):
-        (X86InstructionFormatter):
-        (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/CodeOrigin.h:
-        (CodeOrigin):
-        (JSC):
-        (JSC::CodeOrigin::inlineStack):
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * bytecode/DataFormat.h:
-        (JSC::dataFormatToString):
-        * bytecode/PredictedType.cpp:
-        (JSC):
-        (JSC::predictionToString):
-        * bytecode/PredictedType.h:
-        (JSC):
-        * bytecode/ValueRecovery.h:
-        (ValueRecovery):
-        (JSC::ValueRecovery::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC):
-        (JSC::BytecodeGenerator::setDumpsGeneratedCode):
-        (JSC::BytecodeGenerator::dumpsGeneratedCode):
-        (JSC::BytecodeGenerator::generate):
-        * dfg/DFGAbstractValue.h:
-        (StructureAbstractValue):
-        (JSC::DFG::StructureAbstractValue::dump):
-        (AbstractValue):
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGAssemblyHelpers.h:
-        (DFG):
-        (AssemblyHelpers):
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        * dfg/DFGFPRInfo.h:
-        (FPRInfo):
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        (GPRInfo):
-        (JSC::DFG::GPRInfo::debugName):
-        * dfg/DFGGraph.cpp:
-        (DFG):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGNode.h:
-        (DFG):
-        (JSC::DFG::arithNodeFlagsAsString):
-        (Node):
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::dumpChildren):
-        * dfg/DFGOSRExit.cpp:
-        (DFG):
-        (JSC::DFG::OSRExit::dump):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * runtime/JSValue.cpp:
-        (JSC):
-        (JSC::JSValue::description):
-        * runtime/JSValue.h:
-        (JSValue):
-        * wtf/BitVector.cpp:
-        (WTF):
-        (WTF::BitVector::dump):
-        * wtf/BitVector.h:
-        (BitVector):
-
-2012-02-02  Oliver Hunt  <oliver@apple.com>
-
-        Getters and setters cause line numbers in errors/console.log to be offset for the whole file
-        https://bugs.webkit.org/show_bug.cgi?id=77675
-
-        Reviewed by Timothy Hatcher.
-
-        Our default literal parsing logic doesn't handle the extra work required for
-        getters and setters.  When it encounters one, it rolls back the lexer and 
-        then switches to a more complete parsing function.  Unfortunately it was only
-        winding back the character position, and was ignoring the line number and
-        other lexer data.  This led to every getter and setter causing the line number
-        to be incorrectly incremented leading to increasingly incorrect numbers for
-        the rest of the file.
-
-        * parser/Parser.cpp:
-        (JSC::::parseObjectLiteral):
-
-2012-02-02  Andy Wingo  <wingo@igalia.com>
-
-        Fix type punning warning in HashTable.h debug builds
-        https://bugs.webkit.org/show_bug.cgi?id=77422
-
-        Reviewed by Gavin Barraclough.
-
-        * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning
-        warning appearing in debug builds with gcc-4.6.2 on GNU/Linux.
-
-2012-02-01  Michael Saboff  <msaboff@apple.com>
-
-        Yarr crash with regexp replace
-        https://bugs.webkit.org/show_bug.cgi?id=67454
-
-        Reviewed by Gavin Barraclough.
-
-        Properly handle the case of a back reference to an unmatched
-        subpattern by always matching without consuming any characters.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchBackReference):
-        (JSC::Yarr::Interpreter::backtrackBackReference):
-
-2012-02-01  Gavin Barraclough  <barraclough@apple.com>
-
-        calling function on catch block scope containing an eval result in wrong this value being passed
-        https://bugs.webkit.org/show_bug.cgi?id=77581
-
-        Reviewed by Oliver Hunt.
-
-        javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::TryNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createTryStatement):
-        * parser/NodeConstructors.h:
-        (JSC::TryNode::TryNode):
-        * parser/Nodes.h:
-        (TryNode):
-        * parser/Parser.cpp:
-        (JSC::::parseTryStatement):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createTryStatement):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::isStaticScopeObject):
-        (JSC):
-
-2012-02-01  Oliver Hunt  <oliver@apple.com>
-
-        Add support for inferred function names
-        https://bugs.webkit.org/show_bug.cgi?id=77579
-
-        Reviewed by Gavin Barraclough.
-
-        Add new "inferred" names to function expressions, getters, and setters.
-        This property is not exposed to JS, so is only visible in the debugger
-        and profiler.
-
-        * JavaScriptCore.exp:
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::makeFunction):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::calculatedFunctionName):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createProperty):
-        (JSC::ASTBuilder::makeAssignNode):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::setInferredName):
-        (JSC::FunctionBodyNode::inferredName):
-        (FunctionBodyNode):
-        * profiler/Profiler.cpp:
-        (JSC):
-        (JSC::Profiler::createCallIdentifier):
-        (JSC::createCallIdentifierFromFunctionImp):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::create):
-        (JSC::FunctionExecutable::inferredName):
-        (FunctionExecutable):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::calculatedDisplayName):
-        (JSC):
-        (JSC::getCalculatedDisplayName):
-        * runtime/JSFunction.h:
-        (JSC):
-
-2012-02-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should fold double-to-int conversions
-        https://bugs.webkit.org/show_bug.cgi?id=77532
-
-        Reviewed by Oliver Hunt.
-        
-        Performance neutral on major benchmarks. But it makes calling V8's
-        Math.random() 4x faster.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        (JSC::CodeBlock::addOrFindConstant):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addConstant):
-        (CodeBlock):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getJSConstantForValue):
-        (JSC::DFG::ByteCodeParser::isInt32Constant):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::addShouldSpeculateInteger):
-        (Graph):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
-        (JSC::DFG::Propagator::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSValueInlineMethods.h:
-        (JSC::JSValue::asDouble):
-
-2012-02-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG graph dump for GetScopedVar should show the correct prediction
-        https://bugs.webkit.org/show_bug.cgi?id=77530
-
-        Reviewed by Geoff Garen.
-        
-        GetScopedVar has a heap prediction, not a variable prediction. But it does
-        have a variable. Hence we need to check for heap predictions before checking
-        for variable predictions.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-
-2012-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Replace JSArray destructor with finalizer
-        https://bugs.webkit.org/show_bug.cgi?id=77488
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.exp:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::finalize): Added finalizer.
-        (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
-        (JSC):
-        (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
-        (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode 
-        because the old name was confusing because we could have a sparse array that never 
-        called enterSparseMode.
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::setLengthWritable):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSArray):
-
-2012-02-01  Andy Wingo  <wingo@igalia.com>
-
-        Refactor identifier resolution in BytecodeGenerator
-        https://bugs.webkit.org/show_bug.cgi?id=76285
-
-        Reviewed by Geoffrey Garen.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::ResolveResult): New class, to describe the storage
-        location corresponding to an identifier in a program.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve): New function, replacing
-        findScopedProperty.
-        (JSC::BytecodeGenerator::resolveConstDecl): New function,
-        encapsulating what ConstDeclNode::emitBytecode used to do.
-        (JSC::BytecodeGenerator::emitGetStaticVar):
-        (JSC::BytecodeGenerator::emitPutStaticVar): New functions,
-        corresponding to the old emitGetScopedVar and emitPutScopedVar.
-        (JSC::BytecodeGenerator::registerFor): Remove version that took an
-        Identifier&; replaced by ResolveResult::local().
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a
-        "resolveResult" argument.  This is more clear, and reduces the
-        amount of double analysis happening at compile-time.
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::emitBytecode):
-        (JSC::EvalFunctionCallNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::DeleteResolveNode::emitBytecode):
-        (JSC::TypeOfResolveNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ForInNode::emitBytecode): Refactor to use the new
-        ResolveResult structure.
-
-2012-02-01  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Implement Error.stack
-        https://bugs.webkit.org/show_bug.cgi?id=66994
-
-        Unreviewed, rolling out r106407.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/AbstractPC.cpp:
-        (JSC::AbstractPC::AbstractPC):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (Interpreter):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/Error.h:
-        (JSC):
-
-2012-01-31  Hajime Morrita  <morrita@chromium.org>
-
-        Add missing JS_PRIVATE_EXPORTs
-        https://bugs.webkit.org/show_bug.cgi?id=77507
-
-        Reviewed by Kevin Ollivier.
-
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * runtime/JSValue.h:
-        (JSValue):
-        * wtf/text/AtomicString.h:
-        (WTF::AtomicString::add):
-        * wtf/text/WTFString.h:
-        (WTF):
-
-2012-01-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Stop using -fomit-frame-pointer
-        https://bugs.webkit.org/show_bug.cgi?id=77403
-
-        Reviewed by Filip Pizlo.
-        
-        JavaScriptCore is too fast. I'm just the man to fix it.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2012-01-31  Michael Saboff  <msaboff@apple.com>
-
-        StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
-        https://bugs.webkit.org/show_bug.cgi?id=76647
-
-        Reviewed by Darin Adler.
-
-        Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
-        to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle to special
-        cases.  One case is s-sharp (0xdf) which converts to "SS".  The other case is 
-        for characters which become 16 bit values when converted to upper case.  For
-        those, we up convert the the source string and use the 16 bit path.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncToUpperCase):
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::upper):
-        * wtf/unicode/CharacterNames.h:
-        (smallLetterSharpS): New constant
-
-2012-01-31  Oliver Hunt  <oliver@apple.com>
-
-        Remove unneeded sourceId property
-        https://bugs.webkit.org/show_bug.cgi?id=77495
-
-        Reviewed by Filip Pizlo.
-
-        sourceId isn't used anymore, so we'll just remove it.
-
-        * runtime/Error.cpp:
-        (JSC):
-        (JSC::addErrorInfo):
-        (JSC::hasErrorInfo):
-
-2012-01-31  Oliver Hunt  <oliver@apple.com>
-
-        Implement Error.stack
-        https://bugs.webkit.org/show_bug.cgi?id=66994
-
-        Reviewed by Gavin Barraclough.
-
-        Original patch by Juan Carlos Montemayor Elosua:
-            This patch utilizes topCallFrame to create a stack trace when
-            an error is thrown. Users will also be able to use the stack()
-            command in jsc to get arrays with stack trace information.
-
-        Modified to be correct on ToT, with a variety of correctness,
-        performance, and security improvements.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerLine):
-        (JSC::getSourceURLFromCallFrame):
-        (JSC::getStackFrameCodeType):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::throwException):
-        * interpreter/Interpreter.h:
-        (JSC::StackFrame::toString):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (functionJSCStack):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/Error.h:
-
-2012-01-31  Scott Graham  <scottmg@chromium.org>
-
-        [Chromium] Remove references to gyp cygwin build target
-        https://bugs.webkit.org/show_bug.cgi?id=77253
-
-        Reviewed by Julien Chaffraix.
-
-        Target dependency is no longer required, it's done earlier in the
-        build process.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-01-31  Michael Saboff  <msaboff@apple.com>
-
-        ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
-        https://bugs.webkit.org/show_bug.cgi?id=77443
-
-        Reviewed by Gavin Barraclough.
-
-        Removed failing ASSERT() and thus destructor.  The ASSERT isn't needed.
-        We are hitting it in the YARR JIT case where we bail out and go to the
-        interpreter with a partially JIT'ed function.  Since we haven't linked
-        the JIT'ed code, there is likely to be some unresolved jumps in the vector
-        when the ARMv7Assembler destructor is called.  For the case where we
-        complete the JIT process, we clear the vector at the end of
-        LinkBuffer::linkCode (LinkBuffer.h:292).
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-
-2012-01-31  Anders Carlsson  <andersca@apple.com>
-
-        Vector<T>::operator== shouldn't require T to have operator!=
-        https://bugs.webkit.org/show_bug.cgi?id=77448
-
-        Reviewed by Andreas Kling.
-
-        Change VectorComparer::compare to use !(a == b) instead of a != b since
-        it makes more sense for Vector::operator== to use the element's operator==.
-
-        * wtf/Vector.h:
-
-2012-01-30  Oliver Hunt  <oliver@apple.com>
-
-        get_by_val_arguments is broken in the interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=77389
-
-        Reviewed by Gavin Barraclough.
-
-        When get_by_val had wad a value profile added, the same slot was not added to
-        get_by_val_arguments.  This broke the interpreter as the interpreter falls
-        back on its regular get_by_val implementation.
-
-        No tests are added as the interpreter is fairly broken in its
-        current state (multiple tests fail due to this bug).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        ():
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetArgumentByVal):
-
-2012-01-30  Oliver Hunt  <oliver@apple.com>
-
-        Unexpected syntax error
-        https://bugs.webkit.org/show_bug.cgi?id=77340
-
-        Reviewed by Gavin Barraclough.
-
-        Function calls and new expressions have the same semantics for
-        assignment, so should simply share their lhs handling.
-
-        * parser/Parser.cpp:
-        (JSC::::parseMemberExpression):
-
-2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed ARMv7 build fix.
-
-        * tools/CodeProfiling.cpp:
-        (JSC):
-        (JSC::setProfileTimer):
-        (JSC::CodeProfiling::begin):
-        (JSC::CodeProfiling::end):
-
-2012-01-30  David Levin  <levin@chromium.org>
-
-        Using OS(WIN) or OS(MAC) should cause a build error.
-        https://bugs.webkit.org/show_bug.cgi?id=77162
-
-        Reviewed by Darin Adler.
-
-        * wtf/Platform.h: Expand them into something that will
-         cause a compile error.
-
-2012-01-30  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM
-        https://bugs.webkit.org/show_bug.cgi?id=77360
-
-        Reviewed by Rob Buis.
-
-        Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM)
-        for OS(QNX).
-
-        * wtf/Platform.h:
-
-2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative Windows build fix.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (FunctionPtr):
-
-2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=77163
-        MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
-
-        Rubber stamped by Geoff Garen
-
-        * assembler/MacroAssemblerCodeRef.h:
-
-2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed build fix for interpreter builds.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * tools/CodeProfile.cpp:
-        (JSC::CodeProfile::sample):
-
-2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed build fix following bug#76855
-
-        * JavaScriptCore.exp:
-
-2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-        CaseFoldingHash::hash() doesn't handle 8 bit strings directly
-        https://bugs.webkit.org/show_bug.cgi?id=76652
-
-        Reviewed by Andreas Kling.
-
-        * wtf/text/StringHash.h:
-        (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
-
-2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-        stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
-        https://bugs.webkit.org/show_bug.cgi?id=76651
-
-        Reviewed by Geoffrey Garen.
-
-        Made local function substituteBackreferencesSlow a template function
-        based on character width.  Cleaned up getCharacters() in both UString
-        and StringImpl.  Changed getCharacters<UChar> to up convert an 8 bit
-        string to 16 bits if necessary.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow):
-        (JSC::substituteBackreferences):
-        * runtime/UString.h:
-        (JSC::LChar):
-        (JSC::UChar):
-        * wtf/text/StringImpl.h:
-        (WTF::UChar):
-
-2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Clean up putDirect
-        https://bugs.webkit.org/show_bug.cgi?id=76232
-
-        Reviewed by Sam Weinig.
-
-        Part 3 - merge op_put_getter & op_put_setter.
-
-        Putting these separately is inefficient (and makes future optimiation,
-        e.g. making GetterSetter immutable) harder. Change to emit a single
-        op_put_getter_setter bytecode op. Ultimately we should probably be
-        able to merge this with put direct, to create a common op to initialize
-        object literal properties.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        ():
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitPutGetterSetter):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_getter_setter):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_getter_setter):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        ():
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putDirectVirtual):
-        (JSC::JSObject::putDirectAccessor):
-        (JSC):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        ():
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-
-2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-        Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=76649
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.exp: Added export for charactersToDouble.
-
-2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-        WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
-        https://bugs.webkit.org/show_bug.cgi?id=76648
-
-        Reviewed by Geoffrey Garen.
-
-        Added a new overloaded append member that takes a String& argument, an offest
-        and a length to do direct sub string appending to a StringBuilder.
-
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::append):
-
-2012-01-29  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Custom written CSS lexer
-        https://bugs.webkit.org/show_bug.cgi?id=70107
-
-        Reviewed by Antti Koivisto and Oliver Hunt.
-
-        Add new helper functions for the custom written CSS lexer.
-
-        * wtf/ASCIICType.h:
-        (WTF::toASCIILowerUnchecked):
-        (WTF):
-        (WTF::isASCIIAlphaCaselessEqual):
-
-2012-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const
-        https://bugs.webkit.org/show_bug.cgi?id=77146
-        <rdar://problem/10770586>
-
-        Reviewed by Oliver Hunt.
-        
-        The old JIT expects that the result of the last operation is in the lastResultRegister.  The DFG JIT is
-        designed to correctly track the lastResultRegister by looking at SetLocal nodes.  However, when the DFG
-        JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the
-        lastResultRegister.  Hence if we OSR exit on the first node following the end of an inlined code block
-        that had a return value, and that first node uses the return value, the old JIT will get massively
-        confused.  This patch takes a surgical approach: instead of making the DFG smarter, it makes the old
-        JIT slightly dumber.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_call_put_result):
-
-2012-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix for Mac non-x64 platforms.
-
-        * tools/CodeProfiling.cpp:
-        (JSC):
-
-2012-01-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reserve 'let'
-        https://bugs.webkit.org/show_bug.cgi?id=77293
-
-        Rubber stamped by Oliver Hunt.
-
-        'let' may become a keyword in ES6.  We're going to try experimentally reserving it,
-        to see if this breaks the web.
-
-        * parser/Keywords.table:
-
-2012-01-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement a JIT-code aware sampling profiler for JSC
-        https://bugs.webkit.org/show_bug.cgi?id=76855
-
-        Reviewed by Oliver Hunt.
-
-        To enable the profiler, set the JSC_CODE_PROFILING environment variable to
-        1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
-        trace all samples).
-
-        The profiler requires -fomit-frame-pointer to be removed from the build flags.
-
-        * JavaScriptCore.exp:
-            - Removed an export.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Added new files
-        * bytecode/CodeBlock.cpp:
-            - For baseline codeblocks, cache the result of canCompileWithDFG.
-        * bytecode/CodeBlock.h:
-            - For baseline codeblocks, cache the result of canCompileWithDFG.
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::initializeAllocator):
-            - Notify the profiler when the allocator is created.
-        (JSC::ExecutableAllocator::allocate):
-            - Inform the allocated of the ownerUID.
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutableAllocator::initializeAllocator):
-            - Notify the profiler when the allocator is created.
-        (JSC::ExecutableAllocator::allocate):
-            - Inform the allocated of the ownerUID.
-        * jit/JITStubs.cpp:
-            - If profiling, don't mask the return address in JIT code.
-              (We do so to provide nicer backtraces in debug builds).
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-            - Notify the profiler of script evaluations.
-        * tools: Added.
-        * tools/CodeProfile.cpp: Added.
-        (JSC::symbolName):
-            - Helper function to get the name of a symbol in the framework.
-        (JSC::truncateTrace):
-            - Helper to truncate traces into methods know to have uninformatively deep stacks.
-        (JSC::CodeProfile::sample):
-            - Record a stack trace classifying samples.
-        (JSC::CodeProfile::report):
-            - {Print profiler output.
-        * tools/CodeProfile.h: Added.
-            - new class, captures a set of samples associated with an evaluated script,
-              and nested to record samples from subscripts.
-        * tools/CodeProfiling.cpp: Added.
-        (JSC::CodeProfiling::profilingTimer):
-            - callback fired then a timer event occurs.
-        (JSC::CodeProfiling::notifyAllocator):
-            - called when the executable allocator is constructed.
-        (JSC::CodeProfiling::getOwnerUIDForPC):
-            - helper to lookup the codeblock from an address in JIT code
-        (JSC::CodeProfiling::begin):
-            - enter a profiling scope.
-        (JSC::CodeProfiling::end):
-            - exit a profiling scope.
-        * tools/CodeProfiling.h: Added.
-            - new class, instantialed from Completion to define a profiling scope.
-        * tools/ProfileTreeNode.h: Added.
-            - new class, used to construct a tree of samples.
-        * tools/TieredMMapArray.h: Added.
-            - new class, a malloc-free vector (can be used while the main thread is suspended,
-              possibly holding the malloc heap lock).
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
-        (WTF::MetaAllocator::allocate):
-            - Allow allocation handles to track information about their owner.
-        * wtf/MetaAllocator.h:
-        (MetaAllocator):
-            - Allow allocation handles to track information about their owner.
-        * wtf/MetaAllocatorHandle.h:
-        (MetaAllocatorHandle):
-        (WTF::MetaAllocatorHandle::ownerUID):
-            - Allow allocation handles to track information about their owner.
-        * wtf/OSAllocator.h:
-        (WTF::OSAllocator::reallocateCommitted):
-            - reallocate an existing, committed memory allocation.
-
-2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r106187.
-        http://trac.webkit.org/changeset/106187
-        https://bugs.webkit.org/show_bug.cgi?id=77276
-
-        The last rollout was a false charge. (Requested by morrita on
-        #webkit).
-
-        * runtime/ExceptionHelpers.h:
-        (InterruptedExecutionError):
-        * runtime/JSBoundFunction.h:
-        (JSBoundFunction):
-        * runtime/RegExp.h:
-        (RegExp):
-        * runtime/RegExpMatchesArray.h:
-        (RegExpMatchesArray):
-
-2012-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r106151.
-        http://trac.webkit.org/changeset/106151
-        https://bugs.webkit.org/show_bug.cgi?id=77275
-
-        may break windows build (Requested by morrita on #webkit).
-
-        * runtime/ExceptionHelpers.h:
-        (InterruptedExecutionError):
-        * runtime/JSBoundFunction.h:
-        (JSBoundFunction):
-        * runtime/RegExp.h:
-        (RegExp):
-        * runtime/RegExpMatchesArray.h:
-        (RegExpMatchesArray):
-
-2012-01-28  Filip Pizlo  <fpizlo@apple.com>
-
-        GC invoked while doing an old JIT property storage reallocation may lead
-        to an object that refers to a dead structure
-        https://bugs.webkit.org/show_bug.cgi?id=77273
-        <rdar://problem/10770565>
-
-        Reviewed by Gavin Barraclough.
-        
-        The put_by_id transition was already saving the old structure by virtue of
-        having the object on the stack, so that wasn't going to get deleted. But the
-        new structure was unprotected in the transition. I've now changed the
-        transition code to save the new structure, ensuring that the GC will know it
-        to be marked if invoked from within put_by_id_transition_realloc.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC):
-        ():
-
-2012-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r106167.
-        http://trac.webkit.org/changeset/106167
-        https://bugs.webkit.org/show_bug.cgi?id=77264
-
-        broke LayoutTests/fast/js/string-capitalization.html
-        (Requested by msaboff on #webkit).
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::upper):
-
-2012-01-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix for interpreter platforms.
-
-        * interpreter/AbstractPC.cpp:
-        (JSC::AbstractPC::AbstractPC):
-
-2012-01-27  Michael Saboff  <msaboff@apple.com>
-
-        StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
-        https://bugs.webkit.org/show_bug.cgi?id=76647
-
-        Reviewed by Geoffrey Garen.
-
-        Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar
-        to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle the two
-        8 bit characters that when converted to upper case become 16 bit characters.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace.
-        (JSC::stringProtoFuncToUpperCase):
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::upper):
-
-2012-01-27  Hajime Morita  <morrita@google.com>
-
-        [JSC] ThunkGenerators.cpp should hide its asm-defined symbols
-        https://bugs.webkit.org/show_bug.cgi?id=77244
-
-        Reviewed by Filip Pizlo.
-
-        * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS()
-        * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp
-
-2012-01-27  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [JSC] Asm-originated symbols should be marked as hidden
-        https://bugs.webkit.org/show_bug.cgi?id=77150
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches,
-        but they were missing in the CPU(X86) and the CPU(X86_64) cases.
-
-2012-01-27  MORITA Hajime  <morrita@google.com>
-
-        [JSC] Some JS_EXPORTDATA may not be necessary.
-        https://bugs.webkit.org/show_bug.cgi?id=77145
-
-        Reviewed by Darin Adler.
-
-        Removed JS_EXPORTDATA attributes whose attributing symbols are
-        not exported on Mac port.
-        
-        * runtime/ExceptionHelpers.h:
-        (InterruptedExecutionError):
-        * runtime/JSBoundFunction.h:
-        (JSBoundFunction):
-        * runtime/RegExp.h:
-        (RegExp):
-        * runtime/RegExpMatchesArray.h:
-        (RegExpMatchesArray):
-
-2012-01-27  MORITA Hajime  <morrita@google.com>
-
-        [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs
-        https://bugs.webkit.org/show_bug.cgi?id=77113
-
-        Reviewed by Darin Adler.
-
-        * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export.
-
-2012-01-27  Zeno Albisser  <zeno@webkit.org>
-
-        [Qt][Mac] Build fails after adding ICU support (r105997).
-        https://bugs.webkit.org/show_bug.cgi?id=77118
-
-        Use Apple code path for unicode date formats on mac.
-
-        Reviewed by Tor Arne Vestbø.
-
-        * runtime/DatePrototype.cpp:
-        ():
-
-2012-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Add a GKeyFile especialization to GOwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=77191
-
-        Reviewed by Martin Robinson.
-
-        * wtf/gobject/GOwnPtr.cpp:
-        (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
-        * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
-        * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.
-
-2012-01-25  Yury Semikhatsky  <yurys@chromium.org>
-
-        Web Inspector: should be possible to open function declaration from script popover
-        https://bugs.webkit.org/show_bug.cgi?id=76913
-
-        Added display function name and source location to the popover in scripts panel.
-        Now when a function is hovered user can navigate to its definition.
-
-        Reviewed by Pavel Feldman.
-
-        * JavaScriptCore/JavaScriptCore.exp
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSFunction.h:
-        (JSFunction):
-
-2012-01-26  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
-        
-        * runtime/DatePrototype.cpp:
-        ():
-
-2012-01-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merge AllocationSpace into MarkedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=77116
-
-        Reviewed by Geoffrey Garen.
-
-        Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to 
-        MarkedSpace allocation.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/AllocationSpace.cpp: Removed.
-        * heap/AllocationSpace.h: Removed.
-        * heap/BumpSpace.h:
-        (BumpSpace):
-        * heap/Heap.h:
-        (JSC::Heap::objectSpace):
-        (Heap):
-        ():
-        * heap/HeapBlock.h:
-        ():
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::tryAllocateHelper):
-        (JSC):
-        (JSC::MarkedSpace::tryAllocate):
-        (JSC::MarkedSpace::allocateSlowCase):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::freeBlocks):
-        (TakeIfUnmarked):
-        (JSC::TakeIfUnmarked::TakeIfUnmarked):
-        (JSC::TakeIfUnmarked::operator()):
-        (JSC::TakeIfUnmarked::returnValue):
-        (JSC::MarkedSpace::shrink):
-        (GatherDirtyCells):
-        (JSC::GatherDirtyCells::returnValue):
-        (JSC::GatherDirtyCells::GatherDirtyCells):
-        (JSC::GatherDirtyCells::operator()):
-        (JSC::MarkedSpace::gatherDirtyCells):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::blocks):
-        (JSC::MarkedSpace::forEachCell):
-        (JSC):
-        (JSC::MarkedSpace::allocate):
-
-2012-01-26  Oliver Hunt  <oliver@apple.com>
-
-        MSVC bug fix.
-        <rdar://problem/10703671> MSVC generates bad code for enum compare.
-
-        RS=Geoff
-
-        Make bitfield large enough to work around MSVC's desire to make enums
-        signed types.
-
-        * bytecode/CallLinkInfo.h:
-        (CallLinkInfo):
-
-2012-01-26  Filip Pizlo  <fpizlo@apple.com>
-
-        All DFG helpers that may call out to arbitrary JS code must know where they
-        were called from due to inlining and call stack walking
-        https://bugs.webkit.org/show_bug.cgi?id=77070
-        <rdar://problem/10750834>
-
-        Reviewed by Geoff Garen.
-        
-        Changed the DFG to always record a code origin index in the tag of the argument
-        count (which we previously left blank for the benefit of LLInt, but is still
-        otherwise unused by the DFG), so that if we ever need to walk the stack accurately
-        we know where to start. In particular, if the current ExecState* points several
-        semantic call frames away from the true semantic call frame because we had
-        performed inlining, having the code origin index recorded means that we can reify
-        those call frames as necessary to give runtime/library code an accurate view of
-        the current JS state.
-        
-        This required several large but mechanical changes:
-        
-        - Calling a function from the DFG now plants a store32 instruction to store the
-          code origin index. But the indices of code origins were previously picked by
-          the DFG::JITCompiler after code generation completed. I changed this somewhat;
-          even though the code origins are put into the CodeBlock after code gen, the
-          code gen now knows a priori what their indices will be. Extensive assertions
-          are in place to ensure that the two don't get out of sync, in the form of the
-          DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
-          those don't need the code origin index set in the call frame because we can get
-          it by doing a binary search on the return PC.
-
-        - Stack walking now always calls trueCallFrame() first before beginning the walk,
-          since even the top call frame may be wrong. It still calls trueCallerFrame() as
-          before to get to the next frame, though trueCallerFrame() is now mostly a
-          wrapper around callerFrame()->trueCallFrame().
-          
-        - Because the mechanism for getting the code origin of a call frame is bimodal
-          (either the call frame knows its code origin because the code origin index was
-          set, or it's necessary to use the callee frame's return PC), I put in extra
-          mechanisms to determine whether your caller, or your callee, corresponds to
-          a call out of C++ code. Previously we just had the host call flag, but this is
-          insufficient as it does not cover the case of someone calling JSC::call(). But
-          luckily we can determine this just by looking at the return PC: if the return
-          PC is in range of the ctiTrampiline, then two things are true: this call
-          frame's PC will tell you nothing about where you came from in your caller, and
-          the caller already knows where it's at because it must have set the code origin
-          index (unless it's not DFG code, in which case we don't care because there is
-          no inlining to worry about).
-          
-        - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
-          inlining code, so I fixed it.
-
-        - Finally because I was tired of doing random #if's for checking if I should be
-          passing around an Instruction* or a ReturnAddressPtr, I created a class called
-          AbstractPC that holds whatever notion of a PC is appropriate for the current
-          execution environment. It's designed to work gracefully even if both the
-          interpreter and the JIT are compiled in, and should integrate nicely with the
-          LLInt.
-          
-        This is neutral on all benchmarks and fixes some nasty corner-case regressions of
-        evil code that uses combinations of getters/setters and function.arguments.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::codeOrigin):
-        (CodeBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (CallBeginToken):
-        (JSC::DFG::CallBeginToken::CallBeginToken):
-        (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
-        (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
-        (DFG):
-        (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
-        (CallExceptionRecord):
-        (JSC::DFG::JITCompiler::JITCompiler):
-        (JITCompiler):
-        (JSC::DFG::JITCompiler::nextCallBeginToken):
-        (JSC::DFG::JITCompiler::beginCall):
-        (JSC::DFG::JITCompiler::notifyCall):
-        (JSC::DFG::JITCompiler::addExceptionCheck):
-        (JSC::DFG::JITCompiler::addFastExceptionCheck):
-        * dfg/DFGOperations.cpp:
-        ():
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryBuildGetByIDList):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * interpreter/AbstractPC.cpp: Added.
-        (JSC):
-        (JSC::AbstractPC::AbstractPC):
-        * interpreter/AbstractPC.h: Added.
-        (JSC):
-        (AbstractPC):
-        (JSC::AbstractPC::AbstractPC):
-        (JSC::AbstractPC::hasJITReturnAddress):
-        (JSC::AbstractPC::jitReturnAddress):
-        (JSC::AbstractPC::hasInterpreterReturnAddress):
-        (JSC::AbstractPC::interpreterReturnAddress):
-        (JSC::AbstractPC::isSet):
-        (JSC::AbstractPC::operator!):
-        ():
-        * interpreter/CallFrame.cpp:
-        (JSC):
-        (JSC::CallFrame::trueCallFrame):
-        (JSC::CallFrame::trueCallerFrame):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::abstractReturnPC):
-        (JSC::ExecState::codeOriginIndexForDFGWithInlining):
-        (ExecState):
-        (JSC::ExecState::trueCallFrame):
-        (JSC::ExecState::trueCallFrameFromVMCode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveArgumentsFromVMCode):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        (JSC::Interpreter::findFunctionCallFrameFromVMCode):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        ():
-        * jit/JITStubs.cpp:
-        (JSC):
-        ():
-        * jit/JITStubs.h:
-        (JSC):
-        (JSC::returnAddressIsInCtiTrampoline):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::argumentsGetter):
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-
-2012-01-26  Peter Varga  <pvarga@webkit.org>
-
-        Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
-        https://bugs.webkit.org/show_bug.cgi?id=77104
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGOperations.cpp:
-        ():
-
-2012-01-26  Michael Saboff  <msaboff@apple.com>
-
-        String::latin1() should take advantage of 8 bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=76646
-
-        Reviewed by Geoffrey Garen.
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::latin1): For 8 bit strings, use existing buffer
-        without conversion.
-
-2012-01-26  Michael Saboff  <msaboff@apple.com>
-
-        Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
-        https://bugs.webkit.org/show_bug.cgi?id=76645
-
-        Reviewed by Geoffrey Garen.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::equalIgnoringCase): New LChar version.
-        (WTF::findInner): New helper function.
-        (WTF::StringImpl::find): Added 8 bit path.
-        (WTF::reverseFindInner): New helper funciton.
-        (WTF::StringImpl::reverseFind): Added 8 bit path.
-        (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
-        * wtf/text/StringImpl.h:
-        (WTF):
-
-2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt][Win] One more speculative buildfix after r105970.
-
-        * JavaScriptCore.pri:
-
-2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt][Win] Speculative buildfix after r105970.
-
-        * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().
-
-2012-01-26  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r105982.
-        http://trac.webkit.org/changeset/105982
-        https://bugs.webkit.org/show_bug.cgi?id=77090
-
-        breaks the world (Requested by WildFox on #webkit).
-
-        * wtf/MainThread.cpp:
-        (WTF):
-        * wtf/Platform.h:
-        * wtf/mac/MainThreadMac.mm:
-        (WTF):
-        (WTF::registerGCThread):
-        (WTF::isMainThreadOrGCThread):
-
-2012-01-26  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
-
-        [Qt] GC should be parallel on Qt platform
-        https://bugs.webkit.org/show_bug.cgi?id=73309
-
-        Reviewed by Zoltan Herczeg.
-
-        These changes made the parallel gc feature available for Qt port.
-        The implementation of "registerGCThread" and "isMainThreadOrGCThread"
-        is moved from MainThreadMac.mm to the common MainThread.cpp to make
-        them available for other platforms.
-
-        Measurement results:
-        V8           speed-up:  1.071x as fast  [From: 746.1ms  To: 696.4ms ]
-        WindScorpion speed-up:  1.082x as fast  [From: 3490.4ms To: 3226.7ms]
-        V8 Splay     speed-up:  1.158x as fast  [From: 145.8ms  To: 125.9ms ]
-
-        Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
-
-        * wtf/MainThread.cpp:
-        (WTF):
-        (WTF::registerGCThread):
-        (WTF::isMainThreadOrGCThread):
-        * wtf/Platform.h:
-        * wtf/mac/MainThreadMac.mm:
-
-2012-01-26  Andy Estes  <aestes@apple.com>
-
-        REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
-        https://bugs.webkit.org/show_bug.cgi?id=77073
-
-        Reviewed by Ryosuke Niwa.
-        
-        r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
-        This should have been changed to OS(WINDOWS). This causes the
-        preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
-        causing allocations made by Win32 to be deleted by fastmalloc.
-
-        * wtf/OwnPtrCommon.h:
-        (WTF): Use OS(WINDOWS) instead of OS(WIN).
-
-2012-01-25  Mark Rowe  <mrowe@apple.com>
-
-        Attempted Mac build fix after r105939.
-
-        * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
-        It isn't used on these platforms and isn't available in the ICU headers
-        for Mac.
-
-2012-01-25  Mark Rowe  <mrowe@apple.com>
-
-        Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
-
-        <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH
-
-        Reviewed by David Kilzer.
-
-        * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
-        the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
-        to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
-        * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
-        the normal framework location. This prevents an incorrect install name from being used when
-        installing in to the staged frameworks directory.
-
-2012-01-25  Eli Fidler  <efidler@rim.com>
-
-        Implement Date.toLocaleString() using ICU
-        https://bugs.webkit.org/show_bug.cgi?id=76714
-
-        Reviewed by Darin Adler.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-
-2012-01-25  Hajime Morita  <morrita@google.com>
-
-        ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
-        https://bugs.webkit.org/show_bug.cgi?id=76863
-
-        Reviewed by Dimitri Glazkov.
-
-        Added a feature flag.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-01-25  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Implement OSAllocator::commit/decommit.
-        BlackBerry port should support virtual memory decommiting.
-        https://bugs.webkit.org/show_bug.cgi?id=77013
-
-        Reviewed by Rob Buis.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveUncommitted):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-        * wtf/Platform.h:
-
-2012-01-24  Oliver Hunt  <oliver@apple.com>
-
-        Make DFG update topCallFrame
-        https://bugs.webkit.org/show_bug.cgi?id=76969
-
-        Reviewed by Filip Pizlo.
-
-        Add NativeCallFrameTracer to manage topCallFrame assignment
-        in the DFG operations, and make use of it.
-
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationPutByValInternal):
-        ():
-        * interpreter/Interpreter.h:
-        (JSC):
-        (NativeCallFrameTracer):
-        (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
-
-2012-01-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Inlining breaks call frame walking when the walking is done from outside the inlinee,
-        but inside a code block that had inlining
-        https://bugs.webkit.org/show_bug.cgi?id=76978
-        <rdar://problem/10720904>
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::codeOriginForReturn):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallerFrame):
-
-2012-01-24  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=76855
-        Implement a JIT-code aware sampling profiler for JSC
-
-        Reviewed by Oliver Hunt.
-
-        Add support to MetaAllocator.cpp to track all live handles in a map,
-        allowing lookup based on any address within the allocation.
-
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocatorTracker::notify):
-        (WTF::MetaAllocatorTracker::release):
-            - Track live handle objects in a map.
-        (WTF::MetaAllocator::release):
-            - Removed support for handles with null m_allocator (no longer used).
-            - Notify the tracker of handles being released.
-        (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
-            - Moved functionality out into MetaAllocator::release.
-        (WTF::MetaAllocatorHandle::shrink):
-            - Removed support for handles with null m_allocator (no longer used).
-        (WTF::MetaAllocator::MetaAllocator):
-            - Initialize m_tracker.
-        (WTF::MetaAllocator::allocate):
-            - Notify the tracker of new allocations.
-        * wtf/MetaAllocator.h:
-        (WTF::MetaAllocatorTracker::find):
-            - Lookup a MetaAllocatorHandle based on an address inside the allocation.
-        (WTF::MetaAllocator::trackAllocations):
-            - Register a callback object to track allocation state.
-        * wtf/MetaAllocatorHandle.h:
-            - Remove unused createSelfManagedHandle/constructor.
-        (WTF::MetaAllocatorHandle::key):
-            - Added, for use in RedBlackTree.
-
-2012-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Use copying collector for out-of-line JSObject property storage
-        https://bugs.webkit.org/show_bug.cgi?id=76665
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
-        Also added a temporary variable to avoid warnings from GCC.
-        (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
-        operator new. Also added a temporary variable to avoid warnings from GCC.
-        * runtime/JSObject.h:
-
-2012-01-24  Geoffrey Garen  <ggaren@apple.com>
-
-        JSValue::toString() should return a JSString* instead of a UString
-        https://bugs.webkit.org/show_bug.cgi?id=76861
-
-        Fixed two failing layout tests after my last patch.
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
-        in all other cases.
-        
-        I missed this case because the JSString* type has a valid operator<,
-        so the compiler didn't complain.
-
-2012-01-24  Kenichi Ishibashi  <bashi@chromium.org>
-
-        [V8] Add Uint8ClampedArray support
-        https://bugs.webkit.org/show_bug.cgi?id=76803
-
-        Reviewed by Kenneth Russell.
-
-        * wtf/ArrayBufferView.h:
-        (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added.
-        * wtf/Uint8ClampedArray.h:
-        (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true.
-
-2012-01-23  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Add WebKitDownload to WebKit2 GTK+ API
-        https://bugs.webkit.org/show_bug.cgi?id=72949
-
-        Reviewed by Martin Robinson.
-
-        * wtf/gobject/GOwnPtr.cpp:
-        (WTF::GTimer): Use g_timer_destroy() to free a GTimer.
-        * wtf/gobject/GOwnPtr.h: Add GTimer template.
-        * wtf/gobject/GTypedefs.h: Add GTimer forward declaration.
-
-2012-01-24  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed build fix for Qt LinuxSH4 build after r105698.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2012-01-23  Geoffrey Garen  <ggaren@apple.com>
-
-        JSValue::toString() should return a JSString* instead of a UString
-        https://bugs.webkit.org/show_bug.cgi?id=76861
-
-        Reviewed by Gavin Barraclough.
-        
-        This makes the common case -- toString() on a string -- faster and
-        inline-able. (Not a measureable speedup, but we can now remove a bunch
-        of duplicate hand-rolled code for this optimization.)
-        
-        This also clarifies the boundary between "C++ strings" and "JS strings".
-        
-        In all cases other than true, false, null, undefined, and multi-digit
-        numbers, the JS runtime was just retrieving a UString from a JSString,
-        so returning a JSString* is strictly better. In the other cases, we can
-        optimize to avoid creating a new JSString if we care to, but it doesn't
-        seem to be a big deal.
-
-        * JavaScriptCore.exp: Export!
-        
-        * jsc.cpp:
-        (functionPrint):
-        (functionDebug):
-        (functionRun):
-        (functionLoad):
-        (functionCheckSyntax):
-        (runWithScripts):
-        (runInteractive):
-        * API/JSValueRef.cpp:
-        (JSValueToStringCopy):
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString): Call value() after calling toString(), to
-        convert from "JS string" (JSString*) to "C++ string" (UString), since
-        toString() no longer returns a "C++ string".
-
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationValueAddNotNumber):
-        * jit/JITStubs.cpp:
-        (op_add): Updated for removal of toPrimitiveString():
-        all '+' operands can use toString(), except for object operands, which
-        need to take a slow path to call toPrimitive().
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncPush):
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::opIn):
-        * runtime/DateConstructor.cpp:
-        (JSC::dateParse):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate): Call value() after calling toString(), as above.
-
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::create): Simplified down to one canonical create()
-        function, to make string handling easier.
-
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createInvalidParamError):
-        (JSC::createNotAConstructorError):
-        (JSC::createNotAFunctionError):
-        (JSC::createNotAnObjectError):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunctionSkippingEvalEnabledCheck):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncBind):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sort): Call value() after calling toString(), as above.
-
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
-        job now. Doing it in JSCell is slower (requires extra type checking), and
-        creates the misimpression that language-defined toString() behavior is
-        an implementation detail of JSCell.
-        
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncParseFloat):
-        (JSC::globalFuncEscape):
-        (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
-
-        * runtime/JSONObject.cpp:
-        (JSC::unwrapBoxedPrimitive):
-        (JSC::Stringifier::Stringifier):
-        (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
-        takes care of.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::toString):
-        * runtime/JSObject.h: Updated to return JSString*.
-
-        * runtime/JSString.cpp:
-        * runtime/JSString.h:
-        (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
-
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
-        spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
-        basically did what we want all the time. (Note that the toPrimitive()
-        preference changes from NoPreference to PreferString, because that's
-        how ToString is defined in the language. op_add does not want this behavior.)
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
-        returns a JSString*.
-
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        (JSC::objectConstructorDefineProperty):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-        (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
-
-        * runtime/Operations.cpp:
-        (JSC::jsAddSlowCase): Need to check for object before taking the toString()
-        fast path becuase adding an object to a string requires calling toPrimitive()
-        on the object, not toString(). (They differ in their preferred conversion
-        type.)
-
-        * runtime/Operations.h:
-        (JSC::jsString):
-        (JSC::jsStringFromArguments): This code gets simpler, now that toString()
-        does the right thing.
-
-        (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
-
-        * runtime/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorInput):
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        (JSC::regExpProtoFuncToString): More calls to value(), as above.
-
-        * runtime/StringConstructor.cpp:
-        (JSC::constructWithStringConstructor):
-        (JSC::callStringConstructor): This code gets simpler, now that toString()
-        does the right thing.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingRegExpSearch):
-        (JSC::replaceUsingStringSearch):
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncConcat):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        (JSC::trimString): Some of this code gets simpler, now that toString()
-        does the right thing. More calls to value(), as above.
-
-2012-01-23  Luke Macpherson   <macpherson@chromium.org>
-
-        Unreviewed, rolling out r105676.
-        http://trac.webkit.org/changeset/105676
-        https://bugs.webkit.org/show_bug.cgi?id=76665
-
-        Breaks build on max due to compile warnings.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::finalize):
-        (JSC::JSObject::visitChildren):
-        (JSC::JSObject::allocatePropertyStorage):
-        * runtime/JSObject.h:
-
-2012-01-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Use copying collector for out-of-line JSObject property storage
-        https://bugs.webkit.org/show_bug.cgi?id=76665
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
-        (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
-        operator new.
-        * runtime/JSObject.h:
-
-2012-01-23  Brian Weinstein  <bweinstein@apple.com>
-
-        More build fixing after r105646.
-
-        * JavaScriptCore.exp:
-
-2012-01-23  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=76855
-        Implement a JIT-code aware sampling profiler for JSC
-
-        Reviewed by Geoff Garen.
-
-        Step 2: generalize RedBlackTree. The profiler is going to want tio use
-        a RedBlackTree, allow this class to work with subclasses of
-        RedBlackTree::Node, Node should not need to know the names of the m_key
-        and m_value fields (the subclass can provide a key() accessor), and
-        RedBlackTree does not need to know anything about ValueType.
-
-        * JavaScriptCore.exp:
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocator::findAndRemoveFreeSpace):
-        (WTF::MetaAllocator::debugFreeSpaceSize):
-        (WTF::MetaAllocator::addFreeSpace):
-        * wtf/MetaAllocator.h:
-        (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
-        (WTF::MetaAllocator::FreeSpaceNode::key):
-        * wtf/MetaAllocatorHandle.h:
-        (WTF::MetaAllocatorHandle::key):
-        * wtf/RedBlackTree.h:
-        (WTF::RedBlackTree::Node::successor):
-        (WTF::RedBlackTree::Node::predecessor):
-        (WTF::RedBlackTree::Node::parent):
-        (WTF::RedBlackTree::Node::setParent):
-        (WTF::RedBlackTree::Node::left):
-        (WTF::RedBlackTree::Node::setLeft):
-        (WTF::RedBlackTree::Node::right):
-        (WTF::RedBlackTree::Node::setRight):
-        (WTF::RedBlackTree::insert):
-        (WTF::RedBlackTree::remove):
-        (WTF::RedBlackTree::findExact):
-        (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
-        (WTF::RedBlackTree::findGreatestLessThanOrEqual):
-        (WTF::RedBlackTree::first):
-        (WTF::RedBlackTree::last):
-        (WTF::RedBlackTree::size):
-        (WTF::RedBlackTree::treeMinimum):
-        (WTF::RedBlackTree::treeMaximum):
-        (WTF::RedBlackTree::treeInsert):
-        (WTF::RedBlackTree::leftRotate):
-        (WTF::RedBlackTree::rightRotate):
-        (WTF::RedBlackTree::removeFixup):
-
-2012-01-23  Andy Estes  <aestes@apple.com>
-
-        Fix the build after r105635.
-
-        * JavaScriptCore.exp:
-
-2012-01-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove StackBounds from JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=76310
-
-        Reviewed by Sam Weinig.
-
-        Removed StackBounds and the stack() function from JSGlobalData since it no 
-        longer accessed any members of JSGlobalData.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::addCurrentThread):
-        (JSC::MachineThreads::gatherFromCurrentThread):
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-
-2012-01-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement a JIT-code aware sampling profiler for JSC
-        https://bugs.webkit.org/show_bug.cgi?id=76855
-
-        Rubber stanmped by Geoff Garen.
-
-        Mechanical change - pass CodeBlock through to the executable allocator,
-        such that we will be able to map ranges of JIT code back to their owner.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (JSC::AssemblerBufferWithConstantPool::executableCopy):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::linkCode):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::executableCopy):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::executableCopy):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryCachePutByID):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::allocate):
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutableAllocator::allocate):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::compile):
-
-2012-01-23  Xianzhu Wang  <wangxianzhu@chromium.org>
-
-        Basic enhancements to StringBuilder
-        https://bugs.webkit.org/show_bug.cgi?id=67081
-
-        This change contains the following enhancements to StringBuilder,
-        for convenience, performance, testability, etc.:
-        - Change toStringPreserveCapacity() to const
-        - new public methods: capacity(), swap(), toAtomicString(), canShrink()
-          and append(const StringBuilder&)
-        - == and != opearators to compare StringBuilders and a StringBuilder/String
-
-        Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/AtomicString.cpp:
-        (WTF::SubstringTranslator::hash):
-        (WTF::SubstringTranslator::equal):
-        (WTF::SubstringTranslator::translate):
-        (WTF::AtomicString::add):
-        (WTF::AtomicString::addSlowCase):
-        * wtf/text/AtomicString.h:
-        (WTF::AtomicString::AtomicString):
-        (WTF::AtomicString::add):
-        * wtf/text/StringBuilder.cpp:
-        (WTF::StringBuilder::reifyString):
-        (WTF::StringBuilder::resize):
-        (WTF::StringBuilder::canShrink):
-        (WTF::StringBuilder::shrinkToFit):
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::append):
-        (WTF::StringBuilder::toString):
-        (WTF::StringBuilder::toStringPreserveCapacity):
-        (WTF::StringBuilder::toAtomicString):
-        (WTF::StringBuilder::isEmpty):
-        (WTF::StringBuilder::capacity):
-        (WTF::StringBuilder::is8Bit):
-        (WTF::StringBuilder::swap):
-        (WTF::equal):
-        (WTF::operator==):
-        (WTF::operator!=):
-        * wtf/text/StringImpl.h:
-
-2012-01-23  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing files, remove deleted files and
-        fix indentation.
-
-2012-01-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix for non-DFG platforms that error out on warn-unused-parameter.
-
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::computeFor):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/MethodCallLinkStatus.cpp:
-        (JSC::MethodCallLinkStatus::computeFor):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFor):
-
-2012-01-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix for non-DFG platforms.
-
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::computeFor):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/MethodCallLinkStatus.cpp:
-        (JSC::MethodCallLinkStatus::computeFor):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFor):
-
-2012-01-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not have code that directly decodes the states of old JIT inline
-        cache data structures
-        https://bugs.webkit.org/show_bug.cgi?id=76768
-
-        Reviewed by Sam Weinig.
-        
-        Introduced new classes (like GetByIdStatus) that encapsulate the set of things
-        that the DFG would like to know about property accesses and calls. Whereas it
-        previously got this information by directly decoding the data structures used
-        by the old JIT for inline caching, it now uses these classes, which do the work
-        for it. This should make it somewhat more straight forward to introduce new
-        ways of profiling the same information.
-        
-        Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by
-        code in bytecode/.
-        
-        Making this work right involved carefully ensuring that the heuristics for
-        choosing how to handle property accesses was at least as good as what we had
-        before, since I completely restructured that code. Currently the performance
-        looks neutral. Since I rewrote the code I did change some things that I never
-        liked before, like previously if a put_bu_id had executed exactly once then
-        we'd compile it as if it had taken slow-path. Executing once is special because
-        then the inline cache is not baked in, so there is no information about how the
-        DFG should optimize the code. Now this is rationalized: if the put_by_id does
-        not offer enough information to be optimized (i.e. had executed 0 or 1 times)
-        then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id
-        still has the old behavior; I left it that way because I didn't want to make
-        too many changes at once.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CallLinkStatus.cpp: Added.
-        (JSC::CallLinkStatus::computeFor):
-        * bytecode/CallLinkStatus.h: Added.
-        (JSC::CallLinkStatus::CallLinkStatus):
-        (JSC::CallLinkStatus::isSet):
-        (JSC::CallLinkStatus::operator!):
-        (JSC::CallLinkStatus::couldTakeSlowPath):
-        (JSC::CallLinkStatus::callTarget):
-        * bytecode/GetByIdStatus.cpp: Added.
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/GetByIdStatus.h: Added.
-        (JSC::GetByIdStatus::GetByIdStatus):
-        (JSC::GetByIdStatus::state):
-        (JSC::GetByIdStatus::isSet):
-        (JSC::GetByIdStatus::operator!):
-        (JSC::GetByIdStatus::isSimpleDirect):
-        (JSC::GetByIdStatus::takesSlowPath):
-        (JSC::GetByIdStatus::makesCalls):
-        (JSC::GetByIdStatus::structureSet):
-        (JSC::GetByIdStatus::offset):
-        * bytecode/MethodCallLinkStatus.cpp: Added.
-        (JSC::MethodCallLinkStatus::computeFor):
-        * bytecode/MethodCallLinkStatus.h: Added.
-        (JSC::MethodCallLinkStatus::MethodCallLinkStatus):
-        (JSC::MethodCallLinkStatus::isSet):
-        (JSC::MethodCallLinkStatus::operator!):
-        (JSC::MethodCallLinkStatus::needsPrototypeCheck):
-        (JSC::MethodCallLinkStatus::structure):
-        (JSC::MethodCallLinkStatus::prototypeStructure):
-        (JSC::MethodCallLinkStatus::function):
-        (JSC::MethodCallLinkStatus::prototype):
-        * bytecode/PutByIdStatus.cpp: Added.
-        (JSC::PutByIdStatus::computeFor):
-        * bytecode/PutByIdStatus.h: Added.
-        (JSC::PutByIdStatus::PutByIdStatus):
-        (JSC::PutByIdStatus::state):
-        (JSC::PutByIdStatus::isSet):
-        (JSC::PutByIdStatus::operator!):
-        (JSC::PutByIdStatus::isSimpleReplace):
-        (JSC::PutByIdStatus::isSimpleTransition):
-        (JSC::PutByIdStatus::takesSlowPath):
-        (JSC::PutByIdStatus::oldStructure):
-        (JSC::PutByIdStatus::newStructure):
-        (JSC::PutByIdStatus::structureChain):
-        (JSC::PutByIdStatus::offset):
-        * bytecode/StructureSet.h: Added.
-        (JSC::StructureSet::StructureSet):
-        (JSC::StructureSet::clear):
-        (JSC::StructureSet::add):
-        (JSC::StructureSet::addAll):
-        (JSC::StructureSet::remove):
-        (JSC::StructureSet::contains):
-        (JSC::StructureSet::isSubsetOf):
-        (JSC::StructureSet::isSupersetOf):
-        (JSC::StructureSet::size):
-        (JSC::StructureSet::at):
-        (JSC::StructureSet::operator[]):
-        (JSC::StructureSet::last):
-        (JSC::StructureSet::predictionFromStructures):
-        (JSC::StructureSet::operator==):
-        (JSC::StructureSet::dump):
-        * dfg/DFGAbstractValue.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGStructureSet.h: Removed.
-
-2012-01-20  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT compilation should not require ExecState
-        https://bugs.webkit.org/show_bug.cgi?id=76729
-        <rdar://problem/10731545>
-
-        Reviewed by Gavin Barraclough.
-        
-        Changed the relevant JIT driver functions to take JSGlobalData& instead of
-        ExecState*, since really they just needed the global data.
-
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGDriver.h:
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2012-01-20  David Levin  <levin@chromium.org>
-
-        Make OwnPtr<HDC> work for the Chromium Windows port.
-        https://bugs.webkit.org/show_bug.cgi?id=76738
-
-        Reviewed by Jian Li.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the
-        Chromium Windows build.
-        * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for
-        OwnPtr<HDC> and similar constructs.
-
-2012-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed some regexp entry boilerplate code
-        https://bugs.webkit.org/show_bug.cgi?id=76687
-
-        Reviewed by Darin Adler.
-        
-        1% - 2% speedup on regexp tests, no change overall.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-            - ASSERT that our startIndex is non-negative, because anything less
-            would be uncivilized.
-            
-            - ASSERT that our input is not the null string for the same reason.
-
-            - No need to test for startOffset being past the end of the string,
-            since the regular expression engine will do this test for us.
-
-            - No need to initialize the output vector, since the regular expression
-            engine will fill it in for us.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::interpret):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::compile):
-        
-            RegExp used to do these jobs for us, but now we do them for ourselves
-            because it's a better separation of concerns, and the JIT can do them
-            more efficiently than C++ code:
-
-            - Test for "past the end" before doing any matching -- otherwise
-            a* will match with zero length past the end of the string, which is wrong.
-
-            - Initialize the output vector before doing any matching.
-
-2012-01-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Build fix for no-DFG configuration.
-        Needed for <rdar://problem/10727689>.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitProfiledOpcode):
-        * jit/JIT.h:
-        (JSC::JIT::emitValueProfilingSite):
-
-2012-01-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Bytecode instructions that may have value profiling should have a direct inline
-        link to the ValueProfile instance
-        https://bugs.webkit.org/show_bug.cgi?id=76682
-        <rdar://problem/10727689>
-
-        Reviewed by Sam Weinig.
-        
-        Each opcode that gets value profiled now has a link to its ValueProfile. This
-        required rationalizing the emission of value profiles for opcode combos, like
-        op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
-        sense for one of them to have a value profile link, and it makes most sense
-        for it to be the one that actually sets the result. The previous behavior was
-        to have op_method_check profile for op_get_by_id when they were used together,
-        but otherwise for op_get_by_id to have its own profiles. op_call already did
-        the right thing; all profiling was done by op_call_put_result.
-        
-        But rationalizing this code required breaking some of the natural boundaries
-        that the code had; for instance the code in DFG that emits a GetById in place
-        of both op_method_check and op_get_by_id must now know that it's the latter of
-        those that has the value profile, while the first of those constitutes the OSR
-        target. Hence each CodeOrigin must now have two bytecode indices - one for
-        OSR exit and one for profiling.
-        
-        Finally this change required some refiddling of our optimization heuristics,
-        because now all code blocks have "more instructions" due to the value profile
-        slots.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::valueProfileForBytecodeOffset):
-        * bytecode/CodeOrigin.h:
-        (JSC::CodeOrigin::CodeOrigin):
-        (JSC::CodeOrigin::bytecodeIndexForValueProfile):
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitProfiledOpcode):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitGetScopedVar):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitGetByVal):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::currentCodeOrigin):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::getPrediction):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::valueProfileFor):
-        * jit/JIT.h:
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_call_put_result):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emit_op_call_put_result):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emitSlow_op_method_check):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_get_global_var):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emitSlow_op_method_check):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_get_global_var):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::callWithValueProfiling):
-        * runtime/Options.cpp:
-        (JSC::Options::initializeOptions):
-
-2012-01-20  ChangSeok Oh  <shivamidow@gmail.com>
-
-        undefined reference to symbol eina_module_free
-        https://bugs.webkit.org/show_bug.cgi?id=76681
-
-        Reviewed by Martin Robinson.
-
-        eina_module_free has been used without including eina libraries after r104936.
-
-        * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES.
-
-2012-01-19  Tony Chang  <tony@chromium.org>
-
-        [chromium] Remove an obsolete comment about features.gypi
-        https://bugs.webkit.org/show_bug.cgi?id=76643
-
-        There can be only one features.gypi.
-
-        Reviewed by James Robinson.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Implicit creation of a regular expression should eagerly check for syntax errors
-        https://bugs.webkit.org/show_bug.cgi?id=76642
-
-        Reviewed by Oliver Hunt.
-        
-        This is a correctness fix and a slight optimization.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
-        correct behavior.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
-        of code change, many lines of indentation change.)
-
-        Since we have no clients that try to match a RegExp that is a syntax error,
-        let's optimize out the check.
-
-2012-01-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Implement a new allocator for backing stores
-        https://bugs.webkit.org/show_bug.cgi?id=75181
-
-        Reviewed by Filip Pizlo.
-
-        We want to move away from using fastMalloc for the backing stores for 
-        some of our objects (e.g. JSArray, JSObject, JSString, etc).  These backing 
-        stores have a nice property in that they only have a single owner (i.e. a 
-        single pointer to them at any one time).  One way that we can take advantage 
-        of this property is to implement a simple bump allocator/copying collector, 
-        which will run alongside our normal mark/sweep collector, that only needs to 
-        update the single owner pointer rather than having to redirect an arbitrary 
-        number of pointers in from-space to to-space.
-
-        This plan can give us a number of benefits. We can beat fastMalloc in terms 
-        of both performance and memory usage, we can track how much memory we're using 
-        far more accurately than our rough estimation now through the use of 
-        reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed 
-        to being limited to size classes like we have been historically). This is also 
-        another step toward moving away from lazy destruction, which will improve our memory footprint.
-
-        We start by creating said allocator and moving the ArrayStorage for JSArray 
-        to use it rather than fastMalloc.
-
-        The design of the collector is as follows:
-        Allocation:
-        -The collector allocates 64KB chunks from the OS to use for object allocation.
-        -Each chunk contains an offset, a flag indicating if the block has been pinned, 
-         and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
-        -Any allocation greater than 64KB gets its own separate oversize block, which 
-         is managed separately from the rest.
-        -If the allocator receives a request for more than the remaining amount in the 
-         current block, it grabs a fresh block.
-        -Grabbing a fresh block means grabbing one off of the global free list (which is now 
-         shared between the mark/sweep allocator and the bump allocator) if there is one. 
-         If there isn't a new one we do one of two things: allocate a new block from the OS 
-         if we're not ready for a GC yet, or run a GC and then try again. If we still don't 
-         have enough space after the GC, we allocate a new block from the OS.
-
-        Garbage collection:
-        -At the start of garbage collection during conservative stack scanning, if we encounter 
-         what appears to be a pointer to a bump-allocated block of memory, we pin that block so 
-         that it will not be copied for this round of collection.
-        -We also pin any oversize blocks that we encounter, which effectively doubles as a 
-         "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying 
-         are given back to the OS.
-        -Marking threads are now also responsible for copying bump-allocated objects to newSpace
-        -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
-        -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
-        -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
-        -At the conclusion of copying (which is done by the end of the marking phase), we un-pin 
-         any pinned blocks and give any blocks left in from-space to the global free list.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/AllocationSpace.cpp:
-        (JSC::AllocationSpace::allocateSlowCase):
-        (JSC::AllocationSpace::allocateBlock):
-        (JSC::AllocationSpace::freeBlocks):
-        * heap/AllocationSpace.h:
-        (JSC::AllocationSpace::waterMark):
-        * heap/BumpBlock.h: Added.
-        (JSC::BumpBlock::BumpBlock):
-        * heap/BumpSpace.cpp: Added.
-        (JSC::BumpSpace::tryAllocateSlowCase):
-        * heap/BumpSpace.h: Added.
-        (JSC::BumpSpace::isInCopyPhase):
-        (JSC::BumpSpace::totalMemoryAllocated):
-        (JSC::BumpSpace::totalMemoryUtilized):
-        * heap/BumpSpaceInlineMethods.h: Added.
-        (JSC::BumpSpace::BumpSpace):
-        (JSC::BumpSpace::init):
-        (JSC::BumpSpace::contains):
-        (JSC::BumpSpace::pin):
-        (JSC::BumpSpace::startedCopying):
-        (JSC::BumpSpace::doneCopying):
-        (JSC::BumpSpace::doneFillingBlock):
-        (JSC::BumpSpace::recycleBlock):
-        (JSC::BumpSpace::getFreshBlock):
-        (JSC::BumpSpace::borrowBlock):
-        (JSC::BumpSpace::addNewBlock):
-        (JSC::BumpSpace::allocateNewBlock):
-        (JSC::BumpSpace::fitsInBlock):
-        (JSC::BumpSpace::fitsInCurrentBlock):
-        (JSC::BumpSpace::tryAllocate):
-        (JSC::BumpSpace::tryAllocateOversize):
-        (JSC::BumpSpace::allocateFromBlock):
-        (JSC::BumpSpace::tryReallocate):
-        (JSC::BumpSpace::tryReallocateOversize):
-        (JSC::BumpSpace::isOversize):
-        (JSC::BumpSpace::isPinned):
-        (JSC::BumpSpace::oversizeBlockFor):
-        (JSC::BumpSpace::blockFor):
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::ConservativeRoots):
-        (JSC::ConservativeRoots::genericAddPointer):
-        (JSC::ConservativeRoots::add):
-        * heap/ConservativeRoots.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::blockFreeingThreadMain):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        (JSC::Heap::releaseFreeBlocks):
-        * heap/Heap.h:
-        (JSC::Heap::waterMark):
-        (JSC::Heap::highWaterMark):
-        (JSC::Heap::setHighWaterMark):
-        (JSC::Heap::tryAllocateStorage):
-        (JSC::Heap::tryReallocateStorage):
-        * heap/HeapBlock.h: Added.
-        (JSC::HeapBlock::HeapBlock):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::drainFromShared):
-        (JSC::SlotVisitor::startCopying):
-        (JSC::SlotVisitor::allocateNewSpace):
-        (JSC::SlotVisitor::copy):
-        (JSC::SlotVisitor::copyAndAppend):
-        (JSC::SlotVisitor::doneCopying):
-        * heap/MarkStack.h:
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::recycle):
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::forEachBlock):
-        (JSC::MarkedSpace::SizeClass::resetAllocator):
-        * heap/SlotVisitor.h:
-        (JSC::SlotVisitor::SlotVisitor):
-        * heap/TinyBloomFilter.h:
-        (JSC::TinyBloomFilter::reset):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::finishCreation):
-        (JSC::JSArray::tryFinishCreationUninitialized):
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::enterSparseMode):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::setLengthWritable):
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::unshiftCountSlowCase):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::visitChildren):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::subclassData):
-        (JSC::JSArray::setSubclassData):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (JSC::JSArray::inSparseMode):
-        (JSC::JSArray::isLengthWritable):
-        * wtf/CheckedBoolean.h: Added.
-        (CheckedBoolean::CheckedBoolean):
-        (CheckedBoolean::~CheckedBoolean):
-        (CheckedBoolean::operator bool):
-        * wtf/DoublyLinkedList.h:
-        (WTF::::push):
-        * wtf/StdLibExtras.h:
-        (WTF::isPointerAligned):
-
-2012-01-19  Joi Sigurdsson  <joi@chromium.org>
-
-        Enable use of precompiled headers in Chromium port on Windows.
-
-        Bug 76381 - Use precompiled headers in Chromium port on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=76381
-
-        Reviewed by Tony Chang.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi.
-
-2012-01-18  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
-
-        Cross-platform processor core counter fix
-        https://bugs.webkit.org/show_bug.cgi?id=76540
-
-        Reviewed by Zoltan Herczeg.
-
-        I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)"
-        and I removed the OS checking macros from ParallelJobsGeneric.cpp because
-        the NumberOfCores.cpp contains them for counting CPU cores.
-        The processor core counter patch located at
-        https://bugs.webkit.org/show_bug.cgi?id=76530
-
-        * wtf/NumberOfCores.cpp:
-        * wtf/ParallelJobsGeneric.cpp:
-
-2012-01-18  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Cross-platform processor core counter
-        https://bugs.webkit.org/show_bug.cgi?id=76530
-
-        Unreviewed cross-MinGW buildfix after r105270.
-
-        * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h.
-
-2012-01-18  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
-
-        Cross-platform processor core counter
-        https://bugs.webkit.org/show_bug.cgi?id=76530
-
-        Reviewed by Zoltan Herczeg.
-
-        Two files have been created that include the processor core counter function.
-        It used to be in ParallelJobsGeneric.h/cpp before.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Options.cpp:
-        (JSC::Options::initializeOptions):
-        * wtf/CMakeLists.txt:
-        * wtf/NumberOfCores.cpp: Added.
-        (WTF::numberOfProcessorCores):
-        * wtf/NumberOfCores.h: Added.
-        * wtf/ParallelJobsGeneric.cpp:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        * wtf/ParallelJobsGeneric.h:
-
-2012-01-18  Balazs Kelemen  <kbalazs@webkit.org>
-
-        [Qt] Consolidate layout test crash logging
-        https://bugs.webkit.org/show_bug.cgi?id=75088
-
-        Reviewed by Simon Hausmann.
-
-        Move backtrace generating logic into WTFReportBacktrace
-        and add a way to deinstall signal handlers if we know
-        that we have already printed the backtrace.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/Assertions.cpp:
-        (WTFLogLocker::WTFReportBacktrace):
-        (WTFLogLocker::WTFSetCrashHook):
-        (WTFLogLocker::WTFInvokeCrashHook):
-        * wtf/Assertions.h:
-
-2012-01-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Factored out some code into a helper function.
-        
-        I think this might help getting rid of omit-frame-pointer.
-
-        Reviewed by Sam Weinig.
-        
-        No benchmark change.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::removeUsingRegExpSearch): Moved to here...
-        (JSC::replaceUsingRegExpSearch): ...from here.
-
-2012-01-17  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Uint8ClampedArray support
-        https://bugs.webkit.org/show_bug.cgi?id=74455
-
-        Reviewed by Filip Pizlo.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionFromClassInfo):
-        * bytecode/PredictedType.h:
-        (JSC::isUint8ClampedArrayPrediction):
-        (JSC::isActionableMutableArrayPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::clampDoubleToByte):
-        (JSC::DFG::compileClampIntegerToByte):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.h:
-        * wtf/Forward.h:
-        * wtf/Uint8Array.h:
-        * wtf/Uint8ClampedArray.h: Added.
-        (WTF::Uint8ClampedArray::set):
-        (WTF::Uint8ClampedArray::create):
-        (WTF::Uint8ClampedArray::Uint8ClampedArray):
-        (WTF::Uint8ClampedArray::subarray):
-
-2012-01-17  Sam Weinig  <sam@webkit.org>
-
-        Add helper macro for forward declaring objective-c classes
-        https://bugs.webkit.org/show_bug.cgi?id=76485
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/Compiler.h:
-        Add OBJC_CLASS macro which helps reduce code when forward declaring an
-        objective-c class in a header which can be included from both Objective-C
-        and non-Objective-C files.
-
-2012-01-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to do JS and custom getter caching
-        https://bugs.webkit.org/show_bug.cgi?id=76361
-
-        Reviewed by Csaba Osztrogonác.
-        
-        Fix for 32-bit.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryBuildGetByIDList):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-01-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to do JS and custom getter caching
-        https://bugs.webkit.org/show_bug.cgi?id=76361
-        <rdar://problem/10698060>
-
-        Reviewed by Geoff Garen.
-        
-        Added the ability to cache JS getter calls and custom getter calls in the DFG.
-        Most of this is pretty mundane, since the old JIT supported this functionality
-        as well. But a couple interesting things had to happen:
-        
-        - There are now two variants of GetById: GetById, which works as before, and
-          GetByIdFlush, which flushes registers prior to doing the GetById. Only
-          GetByIdFlush can be used for caching getters. We detect which GetById style
-          to use by looking at the inline caches of the old JIT.
-        
-        - Exception handling for getter calls planted in stubs uses a separate lookup
-          handler routine, which uses the CodeOrigin stored in the StructureStubInfo.
-          
-        This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of
-        the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and
-        Kraken.
-
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::willNeedFlush):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupResults):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
-        (JSC::DFG::JITCompiler::addExceptionCheck):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::hasHeapPrediction):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-01-16  Jon Lee  <jonlee@apple.com>
-
-        Build fix for r105086.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2012-01-16  Jon Lee  <jonlee@apple.com>
-
-        Remove HTML notifications support on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=76401
-        <rdar://problem/10589881>
-
-        Reviewed by Sam Weinig.
-
-        * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro.
-
-2012-01-16  Zeno Albisser  <zeno@webkit.org>
-
-        [Qt] Fix QT_VERSION related warnings when building on Mac OS X
-        https://bugs.webkit.org/show_bug.cgi?id=76340
-
-        This bug was caused by r104826.
-        As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239
-        we should not use "using namespace WebCore" in header files,
-        because it might cause ambiguous references.
-        This patch reverts the changes from r104826 and r104981
-        and removes the "using namespace WebCore" statement from
-        two header files.
-
-        Reviewed by Tor Arne Vestbø.
-
-        * wtf/Platform.h:
-
-2012-01-16  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Fix typo.
-
-2012-01-16  Pavel Heimlich  <tropikhajma@gmail.com>
-
-        Solaris Studio supports alignment macros too
-        https://bugs.webkit.org/show_bug.cgi?id=75453
-
-        Reviewed by Hajime Morita.
-
-        * wtf/Alignment.h:
-
-2012-01-16  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Build fix on 32bit if verbose debug is enabled in DFG
-        https://bugs.webkit.org/show_bug.cgi?id=76351
-
-        Reviewed by Hajime Morita.
-
-        Mostly change "%lu" to "%zu" to print a "size_t" variable.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-
-2012-01-15  Filip Pizlo  <fpizlo@apple.com>
-
-        The C calling convention logic in DFG::SpeculativeJIT should be available even
-        when not generating code for the DFG speculative path
-        https://bugs.webkit.org/show_bug.cgi?id=76355
-
-        Reviewed by Dan Bernstein.
-        
-        Moved all of the logic for placing C call arguments into the right place (stack
-        or registers) into a new class, DFG::CCallHelpers.  This class inherits from
-        AssemblyHelpers, another DFG grab-bag of helper functions.  I could have moved
-        this code into AssemblyHelpers, but decided against it, because I wanted to
-        limit the number of methods each class in the JIT has.  Hence now we have a
-        slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction
-        emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers
-        (understands calls to C functions) <= JITCompiler (can compile a graph to machine
-        code).  Each of these except for JITCompiler can be reused for stub compilation.
-        
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGCCallHelpers.h: Added.
-        (JSC::DFG::CCallHelpers::CCallHelpers):
-        (JSC::DFG::CCallHelpers::resetCallArguments):
-        (JSC::DFG::CCallHelpers::addCallArgument):
-        (JSC::DFG::CCallHelpers::setupArguments):
-        (JSC::DFG::CCallHelpers::setupArgumentsExecState):
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (JSC::DFG::CCallHelpers::setupTwoStubArgs):
-        (JSC::DFG::CCallHelpers::setupStubArguments):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::JITCompiler):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-
-2012-01-15  Pablo Flouret  <pablof@motorola.com>
-
-        Fix compilation errors on build-webkit --debug --no-video on mac.
-        https://bugs.webkit.org/show_bug.cgi?id=75867
-
-        Reviewed by Philippe Normand.
-
-        Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature
-        doesn't build without video.
-
-        * wtf/Platform.h:
-
-2012-01-14  David Levin  <levin@chromium.org>
-
-        HWndDC should be in platform/win instead of wtf.
-        https://bugs.webkit.org/show_bug.cgi?id=76314
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-
-2012-01-13  David Levin  <levin@chromium.org>
-
-        check-webkit-style: should encourage the use of Own* classes for Windows DC.
-        https://bugs.webkit.org/show_bug.cgi?id=76227
-
-        Reviewed by Dirk Pranke.
-
-        * wtf/win/HWndDCWin.h:
-        (WTF::HwndDC::HwndDC): Add a way to do GetDCEx.
-        There are no users, but I want to catch this in check-webkit-style
-        and tell any users to use HwndDC to avoid leaks.
-
-2012-01-13  David Levin  <levin@chromium.org>
-
-        Header file is missing header guard.
-
-        Reviewed by Dirk Pranke.
-
-        * wtf/win/HWndDCWin.h: Added the guards.
-
-2012-01-13  Andy Wingo  <wingo@igalia.com>
-
-        Eval in strict mode does not need dynamic checks
-        https://bugs.webkit.org/show_bug.cgi?id=76286
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation):
-        Eval in strict mode cannot introduce variables, so it not impose
-        the need for dynamic checks.
-
-2012-01-13  David Levin  <levin@chromium.org>
-
-        HWndDC is a better name than HwndDC.
-        https://bugs.webkit.org/show_bug.cgi?id=76281
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h.
-        (WTF::HWndDC::HWndDC):
-        (WTF::HWndDC::~HWndDC):
-        (WTF::HWndDC::operator HDC):
-
-2012-01-13  YoungTaeck Song  <youngtaeck.song@samsung.com>
-
-        [EFL] Add OwnPtr specialization for Eina_Module.
-        https://bugs.webkit.org/show_bug.cgi?id=76255
-
-        Reviewed by Andreas Kling.
-
-        Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port.
-
-        * wtf/OwnPtrCommon.h:
-        * wtf/efl/OwnPtrEfl.cpp:
-        (WTF::deleteOwnedPtr):
-
-2012-01-13  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2012-01-12  Hajime Morrita  <morrita@chromium.org>
-
-        JavaScriptCore: Mark all exported symbols in the header file automatically.
-        https://bugs.webkit.org/show_bug.cgi?id=72855
-
-        Reviewed by Darin Adler.
-
-        Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files.
-        The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables)
-
-        * API/OpaqueJSString.h:
-        * bytecode/CodeBlock.h:
-        * bytecode/SamplingTool.h:
-        * debugger/Debugger.h:
-        * debugger/DebuggerActivation.h:
-        * debugger/DebuggerCallFrame.h:
-        * heap/AllocationSpace.h:
-        * heap/HandleHeap.h:
-        * heap/Heap.h:
-        * heap/MachineStackMarker.h:
-        * heap/MarkStack.h:
-        * heap/VTableSpectrum.h:
-        * heap/WriteBarrierSupport.h:
-        * parser/Nodes.h:
-        * parser/ParserArena.h:
-        * profiler/Profile.h:
-        * runtime/ArgList.h:
-        * runtime/CallData.h:
-        * runtime/Completion.h:
-        * runtime/ConstructData.h:
-        * runtime/DateInstance.h:
-        * runtime/Error.h:
-        * runtime/ExceptionHelpers.h:
-        * runtime/FunctionConstructor.h:
-        * runtime/Identifier.h:
-        * runtime/InitializeThreading.h:
-        * runtime/InternalFunction.h:
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSGlobalThis.h:
-        * runtime/JSLock.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        * runtime/JSValue.h:
-        * runtime/JSVariableObject.h:
-        * runtime/Lookup.h:
-        * runtime/MemoryStatistics.h:
-        * runtime/ObjectPrototype.h:
-        * runtime/Options.h:
-        * runtime/PropertyDescriptor.h:
-        * runtime/PropertyNameArray.h:
-        * runtime/PropertySlot.h:
-        * runtime/RegExp.h:
-        * runtime/RegExpObject.h:
-        * runtime/SamplingCounter.h:
-        * runtime/SmallStrings.h:
-        * runtime/StringObject.h:
-        * runtime/Structure.h:
-        * runtime/TimeoutChecker.h:
-        * runtime/UString.h:
-        * runtime/WriteBarrier.h:
-        * wtf/ArrayBufferView.h:
-        * wtf/ByteArray.h:
-        * wtf/CryptographicallyRandomNumber.h:
-        * wtf/CurrentTime.h:
-        * wtf/DateMath.h:
-        * wtf/DecimalNumber.h:
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        * wtf/MD5.h:
-        * wtf/MainThread.h:
-        * wtf/MetaAllocator.h:
-        * wtf/MetaAllocatorHandle.h:
-        * wtf/OSAllocator.h:
-        * wtf/PageBlock.h:
-        * wtf/RandomNumber.h:
-        * wtf/RefCountedLeakCounter.h:
-        * wtf/SHA1.h:
-        * wtf/Threading.cpp:
-        * wtf/Threading.h:
-        * wtf/ThreadingPrimitives.h:
-        * wtf/WTFThreadData.h:
-        * wtf/dtoa.h:
-        * wtf/text/AtomicString.h:
-        * wtf/text/CString.h:
-        * wtf/text/StringBuilder.h:
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.h:
-        * wtf/unicode/Collator.h:
-        * wtf/unicode/UTF8.h:
-        * yarr/Yarr.h:
-        * yarr/YarrPattern.h:
-
-2012-01-12  MORITA Hajime  <morrita@google.com>
-
-        [Chromium] JSExportMacros.h should be visible.
-        https://bugs.webkit.org/show_bug.cgi?id=76147
-
-        Reviewed by Tony Chang.
-
-        * config.h:
-
-2012-01-12  David Levin  <levin@chromium.org>
-
-        HwndDC is a better name than OwnGetDC.
-        https://bugs.webkit.org/show_bug.cgi?id=76235
-
-        Reviewed by Dmitry Titov.
-
-        This is a better name for two reasons:
-        1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC).
-        2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr)
-           classes always take something to hold on to. In this case, the object (the DC)
-           is created by the class once it is given a Window to ensure that the HDC
-           was actually created using GetDC.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h.
-        (WTF::HwndDC::HwndDC):
-        (WTF::HwndDC::~HwndDC):
-        (WTF::HwndDC::operator HDC):
-
-2012-01-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Clean up putDirect (part 2)
-        https://bugs.webkit.org/show_bug.cgi?id=76232
-
-        Reviewed by Sam Weinig.
-
-        Rename putWithAttributes to putDirectVirtual, to identify that this
-        has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
-        to be templated on an enum indicating which behaviour it is supposed to be
-        implementing, and change clients that are defining properties to call
-        putDirectInternal correctly.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetProperty):
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::putDirectVirtual):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * runtime/ClassInfo.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::putDirectVirtual):
-        * runtime/JSActivation.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::putDirectVirtual):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::putDirectVirtual):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::putDirectVirtual):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::initializeGetterSetterProperty):
-        (JSC::JSObject::defineSetter):
-        (JSC::putDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putOwnDataProperty):
-        (JSC::JSObject::putDirect):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::putDirectVirtual):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::putDirectVirtual):
-        * runtime/JSVariableObject.h:
-
-2012-01-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Clean up putDirect (part 1)
-        https://bugs.webkit.org/show_bug.cgi?id=76232
-
-        Reviewed by Sam Weinig.
-
-        putDirect has ambiguous semantics, clean these up a bit.
-
-        putDirect generally behaves a bit like a fast defineOwnProperty, but one that
-        always creates the property, with no checking to validate the put it permitted.
-
-        It also encompasses two slightly different behaviors.
-        (1) a fast form of put for JSActivation, which doesn't have to handle searching
-            the prototype chain, getter/setter properties, or the magic __proto__ value.
-            Break this out as a new method, 'putOwnDataProperty'.
-        (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
-            values, in strict mode. This is, however, not so smart on a few level, since
-            it is only called from op_put_by_id with direct set, which is only used with
-            an object as the base, and is only used to put new properties onto objects.
-
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::put):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putOwnDataProperty):
-        * runtime/JSValue.h:
-
-2012-01-12  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=76141
-        defineSetter/defineGetter may fail to update Accessor attribute
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::initializeGetterSetterProperty):
-        (JSC::JSObject::defineSetter):
-        * runtime/Structure.cpp:
-        (JSC::Structure::attributeChangeTransition):
-        * runtime/Structure.h:
-
-2012-01-12  David Levin  <levin@chromium.org>
-
-        [chromium] Fix DC leak in WebScreenInfoFactory.
-        https://bugs.webkit.org/show_bug.cgi?id=76203
-
-        Reviewed by Dmitry Titov.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h
-        * JavaScriptCore.gypi: Added OwnGetDCWin.h
-        * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC.
-
-2012-01-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Allow accessor get/set property to be set to undefined
-        https://bugs.webkit.org/show_bug.cgi?id=76148
-
-        Reviewed by Oliver Hunt.
-
-        AccessorDescriptor properties may have their get & set properties defined to reference a function
-        (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
-        (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
-        three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).
-
-        On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
-        any JSObject* (with a constraint that this must be callable).
-
-        Logically the get/set property of an accessor descriptor on an object might be in any of the three
-        states above, but in practice there is no way to distinguish between the first two states. As such
-        we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
-        undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.
-
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::setGetter):
-        (JSC::GetterSetter::setSetter):
-            - Allow the getter/setter to be cleared.
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putDescriptor):
-            - Changed to call getterObject/setterObject.
-        (JSC::JSArray::defineOwnNumericProperty):
-            - Added ASSERT.
-        * runtime/JSObject.cpp:
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-            - Changed to call getterObject/setterObject.
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-            - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
-        (JSC::toPropertyDescriptor):
-            - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::getterObject):
-        (JSC::PropertyDescriptor::setterObject):
-            - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
-        (JSC::PropertyDescriptor::setDescriptor):
-        (JSC::PropertyDescriptor::setAccessorDescriptor):
-            - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
-        * runtime/PropertyDescriptor.h:
-            - Declare getterObject/setterObject.
-
-2012-01-12  Zeno Albisser  <zeno@webkit.org>
-
-        [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560.
-        https://bugs.webkit.org/show_bug.cgi?id=76175
-
-        Defining ENABLE_CSS_FILTERS leads to ambiguous references
-        due to MacTypes.h being included.
-        Defining CF_OPEN_SOURCE works around this problem.
-
-        Reviewed by Simon Hausmann.
-
-        * wtf/Platform.h:
-
-2012-01-12  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Make the new WTF module build on Qt
-        https://bugs.webkit.org/show_bug.cgi?id=76163
-
-        Reviewed by Tor Arne Vestbø.
-
-        * JavaScriptCore.pro: Removed wtf from the subdirs to build.
-
-2012-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter
-        https://bugs.webkit.org/show_bug.cgi?id=76144
-        <rdar://problem/10681711>
-
-        Rubber stamped by Gavin Barraclough.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addressOfJITExecuteCounter):
-        (JSC::CodeBlock::offsetOfJITExecuteCounter):
-        (JSC::CodeBlock::jitExecuteCounter):
-        (JSC::CodeBlock::optimizeNextInvocation):
-        (JSC::CodeBlock::dontOptimizeAnytimeSoon):
-        (JSC::CodeBlock::optimizeAfterWarmUp):
-        (JSC::CodeBlock::optimizeAfterLongWarmUp):
-        (JSC::CodeBlock::optimizeSoon):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-
-2012-01-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Merge 'Getter'/'Setter' attributes into 'Accessor'
-        https://bugs.webkit.org/show_bug.cgi?id=76141
-
-        Reviewed by Filip Pizlo.
-
-        These are currently ambiguous (and used inconsistently). It would logically appear
-        that either being bit set implies that the corresponding type of accessor is present
-        but (a) we don't correctly enforce this, and (b) this means the attributes would not
-        be able to distinguish between a data descriptor and an accessor descriptor with
-        neither a getter nor setter defined (which is a descriptor permissible under the spec).
-        This ambiguity would lead to unsafe property caching behavior (though this does not
-        represent an actual current bug, since we are currently unable to create descriptors
-        that have neither a getter nor setter, it just prevents us from doing so).
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::createStrictModeCallerIfNecessary):
-        (JSC::Arguments::createStrictModeCalleeIfNecessary):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-        (JSC::JSArray::putDescriptor):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::finishCreation):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::initializeGetterSetterProperty):
-        (JSC::JSObject::defineSetter):
-        (JSC::putDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorDefineProperty):
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::setDescriptor):
-        (JSC::PropertyDescriptor::setAccessorDescriptor):
-        (JSC::PropertyDescriptor::setSetter):
-        (JSC::PropertyDescriptor::setGetter):
-        (JSC::PropertyDescriptor::attributesOverridingCurrent):
-
-2012-01-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Object.defineProperty([], 'length', {}) should not make length read-only
-        https://bugs.webkit.org/show_bug.cgi?id=76097
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::defineOwnProperty):
-            - We should be checking writablePresent().
-
-2012-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Code duplication for invoking the JIT and DFG should be reduced
-        https://bugs.webkit.org/show_bug.cgi?id=76117
-        <rdar://problem/10680189>
-
-        Rubber stamped by Geoff Garen.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITDriver.h: Added.
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2012-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Bytecode dumping is broken for call opcodes (due to two new operands)
-        https://bugs.webkit.org/show_bug.cgi?id=75886
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
-        to fix this more than once. The helper function skips the extra two operands
-        at the end of the opcode, used for optimization.
-        
-        (JSC::CodeBlock::dump): Used the helper function.
-
-        * bytecode/CodeBlock.h: Declared the helper function.
-
-2012-01-09  Geoffrey Garen  <ggaren@apple.com>
-
-        REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
-        https://bugs.webkit.org/show_bug.cgi?id=75911
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
-        explicitly cast to our return type in C++.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
-        into a temporary register before evaluating our arguments, since argument
-        evaluation might include function calls or assignments that overwrite our callee by name.
-
-2012-01-11  Michael Saboff  <msaboff@apple.com>
-
-        v8-regexp spends 35% of its time allocating and copying internal regexp results data
-        https://bugs.webkit.org/show_bug.cgi?id=76079
-
-        Reviewed by Geoffrey Garen.
-
-        Added a new RegExpResults struct that has the input string, the number of
-        subexpressions and the output vector.  Changed RegExpConstructor to
-        include a RegExpConstructorPrivate instead of having a reference to one.
-        Changed RegExpMatchesArray to include a RegExpResults instead of a 
-        reference to a RegExpConstructorPrivate.  Created an overloaded assignment
-        operator to assign a RegExpConstructorPrivate to a RegExpResults.
-        Collectively this change is worth 24% performance improvement to v8-regexp.
-        
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpResult::operator=):
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::finishCreation):
-        (JSC::RegExpMatchesArray::~RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::fillArrayInstance):
-        (JSC::RegExpConstructor::arrayOfMatches):
-        (JSC::RegExpConstructor::getBackref):
-        (JSC::RegExpConstructor::getLastParen):
-        (JSC::RegExpConstructor::getLeftContext):
-        (JSC::RegExpConstructor::getRightContext):
-        (JSC::RegExpConstructor::setInput):
-        (JSC::RegExpConstructor::input):
-        (JSC::RegExpConstructor::setMultiline):
-        (JSC::RegExpConstructor::multiline):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpResult::RegExpResult):
-        (JSC::RegExpConstructor::performMatch):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::create):
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
-        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-        (JSC::RegExpMatchesArray::put):
-        (JSC::RegExpMatchesArray::putByIndex):
-        (JSC::RegExpMatchesArray::deleteProperty):
-        (JSC::RegExpMatchesArray::deletePropertyByIndex):
-        (JSC::RegExpMatchesArray::getOwnPropertyNames):
-
-2012-01-11  Eugene Girard  <girard@google.com>
-
-        Typo in error message: Unexpected token 'defualt'
-        https://bugs.webkit.org/show_bug.cgi?id=75105
-
-        Reviewed by Simon Fraser.
-
-        * parser/Parser.h:
-        (JSC::Parser::getTokenName):
-
-2012-01-11  Anders Carlsson  <andersca@apple.com>
-
-        Assertion failure in JSC::allocateCell trying to allocate a JSString
-        https://bugs.webkit.org/show_bug.cgi?id=76101
-
-        Reviewed by Adam Roben.
-
-        Remove the ExecutableBase::s_info and JSString::s_info static member variables  from the .def file and
-        export them explicitly using the JS_EXPORTDATA macro.
-
-        member variables explicitly using 
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/Executable.h:
-        * runtime/JSString.h:
-
-2012-01-10  Mark Rowe  <mrowe@apple.com>
-
-        <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder
-
-        This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT
-        as JavaScriptCore.framework or in to a different one.
-
-        Rubber-stamped by Dan Bernstein.
-
-        * Configurations/JSC.xcconfig: Update INSTALL_PATH.
-
-2012-01-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG inlining block linking compares BlockIndex against bytecode index
-        https://bugs.webkit.org/show_bug.cgi?id=76018
-        <rdar://problem/10671979>
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-
-2012-01-10  Filip Pizlo  <fpizlo@apple.com>
-
-        CodeBlock.h declares too many things
-        https://bugs.webkit.org/show_bug.cgi?id=76001
-
-        Rubber stamped by Gavin Barraclough.
-        
-        Removed all non-CodeBlock type declarations from CodeBlock.h, and put them
-        into separate header files. Also removed all non-CodeBlock method implementations
-        from CodeBlock.cpp and put them into corresponding cpp files.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/RepatchBuffer.h:
-        * bytecode/CallLinkInfo.cpp: Added.
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/CallLinkInfo.h: Added.
-        (JSC::CallLinkInfo::callTypeFor):
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (JSC::CallLinkInfo::~CallLinkInfo):
-        (JSC::CallLinkInfo::isLinked):
-        (JSC::CallLinkInfo::seenOnce):
-        (JSC::CallLinkInfo::setSeen):
-        (JSC::getCallLinkInfoReturnLocation):
-        (JSC::getCallLinkInfoBytecodeIndex):
-        * bytecode/CallReturnOffsetToBytecodeOffset.h: Added.
-        (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset):
-        (JSC::getCallReturnOffset):
-        * bytecode/CodeBlock.cpp:
-        * bytecode/CodeBlock.h:
-        * bytecode/CodeType.h: Added.
-        * bytecode/ExpressionRangeInfo.h: Added.
-        * bytecode/GlobalResolveInfo.h: Added.
-        (JSC::GlobalResolveInfo::GlobalResolveInfo):
-        * bytecode/HandlerInfo.h: Added.
-        * bytecode/LineInfo.h: Added.
-        * bytecode/MethodCallLinkInfo.cpp: Added.
-        (JSC::MethodCallLinkInfo::reset):
-        * bytecode/MethodCallLinkInfo.h: Added.
-        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-        (JSC::getMethodCallLinkInfoReturnLocation):
-        (JSC::getMethodCallLinkInfoBytecodeIndex):
-        * bytecode/StructureStubInfo.h:
-        (JSC::getStructureStubInfoReturnLocation):
-        (JSC::getStructureStubInfoBytecodeIndex):
-
-2012-01-10  Anders Carlsson  <andersca@apple.com>
-
-        Hang opening movie that requires authentication
-        https://bugs.webkit.org/show_bug.cgi?id=75989
-        <rdar://problem/9601915>
-
-        Reviewed by Sam Weinig.
-
-        * wtf/Functional.h:
-        Add function wrapper for a function that takes three parameters.
-
-2012-01-10  Filip Pizlo  <fpizlo@apple.com>
-
-        CodeBlock::m_numParameters should be encapsulated
-        https://bugs.webkit.org/show_bug.cgi?id=75985
-        <rdar://problem/10671020>
-
-        Reviewed by Oliver Hunt.
-        
-        Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
-        into it.  This appears to be performance neutral.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::setNumParameters):
-        (JSC::CodeBlock::addParameter):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::numParameters):
-        (JSC::CodeBlock::addressOfNumParameters):
-        (JSC::CodeBlock::offsetOfNumParameters):
-        (JSC::CodeBlock::numberOfArgumentValueProfiles):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addParameter):
-        (JSC::BytecodeGenerator::emitReturn):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::AbstractState):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::slideRegisterWindowForCall):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::arityCheckFor):
-        (JSC::lazyLinkFor):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2012-01-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935
-
-        Fix 32-bit builds.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::setLength):
-
-2012-01-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Do not allow Array length to be set if it is non-configurable
-        https://bugs.webkit.org/show_bug.cgi?id=75935
-
-        Reviewed by Sam Weinig.
-
-        Do not allow Array length to be set if it is non-configurable, and if the new
-        length is less than the old length then intervening properties should removed
-        in reverse order. Removal of properties should cease if an intervening indexed
-        property being removed is non-configurable.
-
-        * JavaScriptCore.exp:
-            - Removed export for setLength.
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-            - JSArray::setLength now takes an ExecState*
-        (JSC::arrayProtoFuncSlice):
-            - JSArray::setLength now takes an ExecState*
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::defineOwnProperty):
-            - JSArray::setLength now takes an ExecState*
-        (JSC::JSArray::put):
-            - JSArray::setLength now takes an ExecState*
-        (JSC::compareKeysForQSort):
-            - Keys extracted from the map can be stored as unsigneds.
-        (JSC::JSArray::getOwnPropertyNames):
-            - Keys extracted from the map can be stored as unsigneds.
-        (JSC::JSArray::setLength):
-            - Check lengthIsReadOnly(), rather than copying the entire map to iterate
-              over to determine which keys to remove, instead just copy the keys from
-              the map to a Vector. When inSparseMode sort the keys in the Vector so
-              that we can remove properties in reverse order.
-        * runtime/JSArray.h:
-            - JSArray::setLength now takes an ExecState*
-
-2012-01-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Use SameValue to compare property descriptor values
-        https://bugs.webkit.org/show_bug.cgi?id=75975
-
-        Reviewed by Sam Weinig.
-
-        Rather than strictEqual.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::defineOwnNumericProperty):
-            - Missing configurablePresent() check.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineOwnProperty):
-            - call sameValue.
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::sameValue):
-            - Moved from JSArray.cpp, fix NaN comparison.
-        (JSC::PropertyDescriptor::equalTo):
-            - call sameValue.
-        * runtime/PropertyDescriptor.h:
-            - Added declaration for sameValue.
-2012-01-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Error handling : in ISO8601 timezone
-        https://bugs.webkit.org/show_bug.cgi?id=75919
-
-        Reviewed by Sam Weinig.
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-            - need to increment the string position.
-
-2012-01-09  Mark Rowe  <mrowe@apple.com>
-
-        JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target
-        <http://webkit.org/b/75907> / <rdar://problem/10659862>
-
-        We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit
-        dependencies prevent this.
-
-        Reviewed by Dan Bernstein.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-01-09  Adam Treat  <atreat@rim.com>
-
-        Log is a little to verbose for blackberry port
-        https://bugs.webkit.org/show_bug.cgi?id=75728
-
-        The BlackBerry::Platform::Log* functions take care of the call to vfprintf
-        which is resulting in unintentional noise in our logs.  Add a conditional
-        directive to fix.
-
-        Change to using BlackBerry::Platform::logStreamV which does not insert
-        threading info and newlines unlike BlackBerry::Platform::log.
-
-        Finally, add log locking and unlocking which the BlackBerry platform
-        uses to ensure that N threads do not trample on each other's logs.
-
-        Reviewed by Rob Buis.
-
-        * wtf/Assertions.cpp:
-        (WTFLogLocker::WTFReportAssertionFailure):
-        (WTFLogLocker::WTFReportAssertionFailureWithMessage):
-        (WTFLogLocker::WTFReportArgumentAssertionFailure):
-        (WTFLogLocker::WTFReportFatalError):
-        (WTFLogLocker::WTFReportError):
-        (WTFLogLocker::WTFLog):
-        (WTFLogLocker::WTFLogVerbose):
-
-2012-01-09  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75789
-        defineOwnProperty not implemented for Array objects
-
-        Reviewed by Sam Weinig.
-
-        Implements support for getter/setter & non-default attribute properties on arrays,
-        by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
-        test failures.
-
-        * JavaScriptCore.exp:
-            - Updated exports.
-        * dfg/DFGOperations.cpp:
-            - JSArray::pop now requires an exec state.
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPop):
-            - JSArray::pop now requires an exec state.
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::add):
-            - Add a potentially empty entry into the map.
-        (JSC::SparseArrayValueMap::put):
-            - Changed to call setter.
-        (JSC::SparseArrayEntry::get):
-            - calls getters.
-        (JSC::SparseArrayEntry::getNonSparseMode):
-            - does not call getters.
-        (JSC::JSArray::enterSparseMode):
-            - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
-        (JSC::JSArray::putDescriptor):
-            - Create a numeric property based on a descriptor.
-        (JSC::sameValue):
-            - See ES5.1 9.12.
-        (JSC::reject):
-            - Helper for the [[DefineOwnProperty]] algorithm.
-        (JSC::JSArray::defineOwnNumericProperty):
-            - Define an indexed property on an array object.
-        (JSC::JSArray::setLengthWritable):
-            - Marks the length read-only, enters SparseMode as necessary.
-        (JSC::JSArray::defineOwnProperty):
-            - Defines either an indexed property or 'length' on an array object.
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-            - Updated to correctly handle accessor descriptors & attributes.
-        (JSC::JSArray::getOwnPropertyDescriptor):
-            - Updated to correctly handle accessor descriptors & attributes.
-        (JSC::JSArray::put):
-            - Pass strict mode flag to setLength.
-        (JSC::JSArray::putByIndex):
-            - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-            - Pass exec to SparseArrayValueMap::put.
-        (JSC::JSArray::deletePropertyByIndex):
-            - Do not allow deletion of non-configurable properties.
-        (JSC::compareKeysForQSort):
-            - used in implementation of getOwnPropertyNames.
-        (JSC::JSArray::getOwnPropertyNames):
-            - Properties in the sparse map should be iterated in order.
-        (JSC::JSArray::setLength):
-            - Updated to take a 'shouldThrow' flag, return a result indicating error.
-        (JSC::JSArray::pop):
-            - pop should throw an error if length is not writable, even if the array is empty.
-        (JSC::JSArray::push):
-            - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
-        (JSC::JSArray::sort):
-            - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
-        (JSC::JSArray::compactForSorting):
-            - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
-        * runtime/JSArray.h:
-        (JSC::SparseArrayValueMap::lengthIsReadOnly):
-            - Check if the length is read only.
-        (JSC::SparseArrayValueMap::setLengthIsReadOnly):
-            - Mark the length as read only.
-        (JSC::SparseArrayValueMap::find):
-            - Moved into header.
-        (JSC::JSArray::isLengthWritable):
-            - Wraps SparseArrayValueMap::lengthIsReadOnly.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineOwnProperty):
-            - Should be returning the result of putDescriptor.
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::attributesOverridingCurrent):
-            - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
-        * runtime/PropertyDescriptor.h:
-            - Added attributesOverridingCurrent.
-
-2012-01-09  Pavel Heimlich  <tropikhajma@gmail.com>
-
-        There is no support for fastcall in Solaris Studio.
-        Fixes build on Solaris.
-        https://bugs.webkit.org/show_bug.cgi?id=75736
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JITStubs.h:
-
-2012-01-09  Pavel Heimlich  <tropikhajma@gmail.com>
-
-        Fix build failure on Solaris
-        https://bugs.webkit.org/show_bug.cgi?id=75733
-
-        Reviewed by Gavin Barraclough.
-
-        * wtf/ByteArray.h:
-
-2012-01-01  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [CMake] Clean up some cruft from WTF's CMakeLists.txt
-        https://bugs.webkit.org/show_bug.cgi?id=75420
-
-        Reviewed by Daniel Bates.
-
-        * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add
-        all needed paths to WTF_INCLUDE_DIRECTORIES in a single place.
-
-2012-01-08  Xianzhu Wang  <wangxianzhu@chromium.org>
-
-        Fix compilation error about ListHashSetReverseIterator
-        https://bugs.webkit.org/show_bug.cgi?id=75372
-
-        Reviewed by Darin Adler.
-
-        There is a typo in class ListHashSetReverseIterator:
-        typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
-        Should be
-        typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
-
-        * wtf/ListHashSet.h:
-
-2012-01-08  Ryosuke Niwa  <rniwa@webkit.org>
-
-        WinCE build fix after r104415.
-
-        * jit/JITExceptions.cpp:
-        * jit/JITExceptions.h:
-
-2012-01-08  Filip Pizlo  <fpizlo@apple.com>
-
-        The JIT's protocol for exception handling should be available to other parts of the system
-        https://bugs.webkit.org/show_bug.cgi?id=75808
-        <rdar://problem/10661025>
-
-        Reviewed by Oliver Hunt.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * jit/JITExceptions.cpp: Added.
-        (JSC::genericThrow):
-        (JSC::jitThrow):
-        * jit/JITExceptions.h: Added.
-        * jit/JITStubs.cpp:
-        * runtime/JSGlobalData.h:
-
-2012-01-06  Hajime Morrita  <morrita@chromium.org>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75296
-        JSString should not have JS_EXPORTCLASS annotation
-
-        Reviewed by Kevin Ollivier.
-
-        * runtime/JSString.h: Removed JS_EXPORTCLASS annotation.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Added missing symbols which were hidden by JS_EXPORTCLASS.
-
-2012-01-06  Michael Saboff  <msaboff@apple.com>
-
-        JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound()
-        https://bugs.webkit.org/show_bug.cgi?id=75757
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::pop): Changed map->end() to map->notFound().
-
-2012-01-06  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT stub slow paths that would be identical to that of an interpreter should be factored out
-        https://bugs.webkit.org/show_bug.cgi?id=75743
-        <rdar://problem/10657024>
-
-        Reviewed by Geoff Garen.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/CommonSlowPaths.h: Added.
-        (JSC::CommonSlowPaths::opInstanceOfSlow):
-        (JSC::CommonSlowPaths::opIn):
-        (JSC::CommonSlowPaths::opResolve):
-        (JSC::CommonSlowPaths::opResolveSkip):
-        (JSC::CommonSlowPaths::opResolveWithBase):
-        (JSC::CommonSlowPaths::opResolveWithThis):
-
-2012-01-06  Sam Weinig  <sam@webkit.org>
-
-        Fix windows build.
-
-        * wtf/TypeTraits.cpp:
-
-2012-01-05  Michael Saboff  <msaboff@apple.com>
-
-        Default HashTraits for Opcode don't work for Opcode = 0
-        https://bugs.webkit.org/show_bug.cgi?id=75595
-
-        Reviewed by Oliver Hunt.
-
-        Removed the populating of the m_opcodeIDTable table in the
-        case where the OpcodeID and Opcode are the same (m_enabled is false).
-        Instead we just cast the one type to the other.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::isOpcode):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::getOpcodeID):
-
-2012-01-06  Sam Weinig  <sam@webkit.org>
-
-        Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr
-        https://bugs.webkit.org/show_bug.cgi?id=75737
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/TypeTraits.cpp:
-        * wtf/TypeTraits.h:
-        Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray
-        is composed of some helpers which are also exposed, Conditional<>, which
-        can provide one type or another based on a boolean predicate, IsArray<>
-        which can deduce array types, and RemoveExtent<>, which removes the extent
-        from an array type. 
-
-2012-01-06  Oliver Hunt  <oliver@apple.com>
-
-        GetByteArrayLength is incorrect
-        https://bugs.webkit.org/show_bug.cgi?id=75735
-
-        Reviewed by Filip Pizlo.
-
-        Load the byte array length from the correct location.
-        This stops an existing test from hanging.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-01-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-01-06  Oliver Hunt  <oliver@apple.com>
-
-        DFG no longer optimises CanvasPixelArray
-        https://bugs.webkit.org/show_bug.cgi?id=75729
-
-        Reviewed by Gavin Barraclough.
-
-        Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match
-        the future name when we switch over to the new typed-array based
-        ImageData specification.
-
-        * runtime/JSByteArray.cpp:
-
-2012-01-06  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Use HashMap<OwnPtr> for SourceProviderCache items
-        https://bugs.webkit.org/show_bug.cgi?id=75346
-
-        Reviewed by Daniel Bates.
-
-        * parser/Parser.cpp:
-        * parser/SourceProviderCache.cpp:
-        (JSC::SourceProviderCache::clear):
-        (JSC::SourceProviderCache::add):
-        * parser/SourceProviderCache.h:
-
-2012-01-06  Sam Weinig  <sam@webkit.org>
-
-        Remove unused OwnFastMallocPtr class.
-        https://bugs.webkit.org/show_bug.cgi?id=75722
-
-        Reviewed by Geoffrey Garen.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/OwnFastMallocPtr.h: Removed.
-        * wtf/text/StringImpl.h:
-        * wtf/wtf.pro:
-
-2012-01-06  Benjamin Poulain  <bpoulain@webkit.org>
-
-        [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates
-        https://bugs.webkit.org/show_bug.cgi?id=75631
-
-        Reviewed by Andreas Kling.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-01-06  Eric Seidel  <eric@webkit.org> and Gustavo Noronha Silva  <gustavo.noronha@collabora.com>
-
-        Make the new WTF module build on Gtk
-        https://bugs.webkit.org/show_bug.cgi?id=75669
-
-        * GNUmakefile.am:
-
-2012-01-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Remove un-needed VPATHs from project includes
-
-        Reviewed by Simon Hausmann.
-
-        * JavaScriptCore.pri:
-        * wtf/wtf.pri:
-
-2012-01-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Move listing of include paths and libs to pri files in sources
-
-        Includepaths are sometimes modified by non-Qt contributors so keeping
-        them in files inside Sources makes it more likely that they are updated
-        along with project files for the other ports.
-
-        Using pri files instead of prf files for this also has the benefit that
-        the include() from the main target file can be parsed and followed by
-        Qt Creator -- something that does not work with load().
-
-        Dependency from a target to a library through the WEBKIT variable are
-        handled through forwarding-files in Tools/qmake/mkspecs/modules, which
-        set the source root of the module and include the right pri file.
-
-        Ideally we'd use the variant of include() that takes an optional
-        namespace to read the variables into, or the fromfile() function,
-        but both of these add an overhead of about 40% on the total qmake
-        runtime, due to making a deep copy of all the variables in the
-        project or re-reading all the prf files from scratch.
-
-        Reviewed by Simon Hausmann.
-        Reviewed by Ossy.
-
-        * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf.
-        * Target.pri:
-        * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf.
-        * wtf/wtf.pro:
-
-2012-01-06  Hajime Morrita  <morrita@chromium.org>
-
-        WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE
-        https://bugs.webkit.org/show_bug.cgi?id=75612
-
-        Reviewed by Kevin Ollivier.
-
-        * wtf/text/WTFString.h:
-        (WTF::String::findIgnoringCase):
-        (WTF::String::append):
-        (WTF::String::fromUTF8):
-        (WTF::String::fromUTF8WithLatin1Fallback):
-        (WTF::String::isHashTableDeletedValue):
-
-2012-01-05  Dan Bernstein  <mitz@apple.com>
-
-        <rdar://problem/10633760> Update copyright strings
-
-        Reviewed by Mark Rowe.
-
-        * Info.plist:
-
-2012-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Date constructor handles infinite values incorrectly.
-        https://bugs.webkit.org/show_bug.cgi?id=70998
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-            - should be checking !finite rather then isnan.
-
-2012-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        date.toISOString produces incorrect results for dates with ms prior to 1970
-        https://bugs.webkit.org/show_bug.cgi?id=75684
-
-        Reviewed by Sam Weinig.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToISOString):
-
-2012-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Array.prototype.lastIndexOf ignores undefined fromIndex.
-        https://bugs.webkit.org/show_bug.cgi?id=75678
-
-        Reviewed by Sam Weinig.
-
-        array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x)
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncLastIndexOf):
-            - should check argumnet count, rather than checking agument value for undefined.
-
-2012-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Date parsing is too restrictive.
-        https://bugs.webkit.org/show_bug.cgi?id=75671
-
-        Reviewed by Oliver Hunt.
-
-        ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15).
-        The spec allow a date to be date only, or date + time.
-
-        The date portion on the should match: (pseudocode!:)
-            [(+|-)YY]YYYY[-MM[-DD]]
-        though we are slightly more liberal (permitted by the spec), allowing:
-            [+|-]Y+[-MM[-DD]]
-        The time portion should match:
-            THH:mm[:ss[.sss]][Z|(+|-)HH:mm]
-        again we're slightly more liberal, allowing:
-            THH:mm[:ss[.s+]][Z|(+|-)HH:mm]
-
-        * wtf/DateMath.cpp:
-        (WTF::parseES5DatePortion):
-            - Month/day fields are optional, default to 01.
-        (WTF::parseES5TimePortion):
-            - Hours/Minutes are requires, seconds/timezone are optional.
-        (WTF::parseES5DateFromNullTerminatedCharacters):
-            - Dates may be date only, or date + time.
-
-2012-01-05  Bruno Dilly  <bdilly@profusion.mobi>
-
-        [EFL] Undefined references to ICU_I18N symbols on WTF
-        https://bugs.webkit.org/show_bug.cgi?id=75642
-
-        Unreviewed build fix.
-
-        Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake.
-        Some undefined references were ucol_setAttribute_44, ucol_close_44,
-        ucol_getAttribute_44...
-
-        * wtf/PlatformEfl.cmake:
-
-2012-01-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Refined the fast path for StringImpl::hash()
-        https://bugs.webkit.org/show_bug.cgi?id=75178
-
-        Reviewed by Darin Adler.
-
-        Moved the hash calculation code into an out-of-line function to clean up
-        the hot path.
-
-        No measurable benchmark change, but this knocks some samples off in
-        Instruments, and I think this is a step toward removing -fomit-frame-pointer.
-        
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::hashSlowCase):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::hash): The patch.
-
-        * wtf/text/StringStatics.cpp:
-        (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build
-        scheme, which requires all out-of-line StringImpl functions used by
-        WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.)
-
-2012-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Literal tab in JSONString fails
-        https://bugs.webkit.org/show_bug.cgi?id=71772
-
-        Reviewed by Oliver Hunt.
-
-        rfc4627 does not allow literal tab characters in JSON source.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::isSafeStringCharacter):
-            - do not allow literal tab in StrictJSON mode.
-
-2012-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        push/shift fifo may consume excessive memory
-        https://bugs.webkit.org/show_bug.cgi?id=75610
-
-        Reviewed by Sam Weinig.
-
-        Array object commonly store data in a vector, consisting of a portion that is
-        in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
-        m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
-        the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
-        never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
-        amount of memory, whilst having a relatively small active length.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::increaseVectorLength):
-            - If m_indexBias is non-zero, decay it over time.
-
-2012-01-05  Csaba Osztrogonác  <ossy@webkit.org>
-
-        unshift/pop fifo may consume excessive memory
-        https://bugs.webkit.org/show_bug.cgi?id=75588
-
-        Reviewed by Zoltan Herczeg.
-
-        Buildfix after r104120.
-
-        * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true
-        (JSC::JSArray::unshiftCount):
-
-2012-01-05  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Unreviewed gardening after r104134.
-
-        * wtf/Assertions.cpp:
-
-2012-01-05  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Unreviewed gardening after r75605.
-
-        Rubber stamped by NOBODY Csaba Osztrogonác.
-
-        * wtf/Assertions.cpp:
-
-2012-01-05  Benjamin Poulain  <benjamin@webkit.org>
-
-        Improve charactersAreAllASCII() to compare multiple characters at a time
-        https://bugs.webkit.org/show_bug.cgi?id=74063
-
-        Reviewed by Darin Adler.
-
-        A new header ASCIIFastPath.h contains the functions related to
-        the detection of ASCII by using machine words. Part of it comes from
-        WebCore's TextCodecASCIIFastPath.h.
-
-        The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h
-        and is implemented with computer word comparison.
-        The gain over the previous implementation of charactersAreAllASCII() is of
-        the order of how many comparison are avoided (4x, 8x, 16x depending on the
-        format and the CPU type).
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/text/ASCIIFastPath.h: Added.
-        (WTF::isAlignedToMachineWord):
-        (WTF::alignToMachineWord):
-        (WTF::isAllASCII):
-        (WTF::charactersAreAllASCII):
-        * wtf/text/WTFString.h:
-        * wtf/wtf.pro:
-
-2012-01-05  Mark Rowe  <mrowe@apple.com>
-
-        <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
-
-        We should always log to both ASL and stderr on platforms where this won't result in launchd
-        duplicating the messages.
-
-        Reviewed by Dan Bernstein.
-
-        * wtf/Assertions.cpp:
-        (vprintf_stderr_common):
-
-2012-01-05  Mark Rowe  <mrowe@apple.com>
-
-        <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line
-
-        Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a
-        single line of text. This results in strangely formatted output if vprintf_stderr_common is
-        retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented
-        like stderr.
-
-        Reviewed by Dan Bernstein.
-
-        * wtf/Assertions.cpp:
-        (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format
-        string before handing it off to vprintf_stderr_common. This requires disabling warnings about
-        calling a printf-like function with a non-literal format string for this piece of code. It's
-        safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix.
-        (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the
-        given format string if one does not already exist. It requires the same treatment with regards
-        to the non-literal format string warning.
-        (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix.
-        (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common.
-        (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix.
-        (WTFReportError): Ditto.
-        (WTFLog): Switch to using vprintf_stderr_with_trailing_newline.
-        (WTFLogVerbose): Ditto.
-
-2012-01-04  Gavin Barraclough  <barraclough@apple.com>
-
-        unshift/pop fifo may consume excessive memory
-        https://bugs.webkit.org/show_bug.cgi?id=75588
-
-        Reviewed by Sam Weinig.
-
-        The Array object commonly store data in a vector, consisting of a portion that
-        is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
-        m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
-        current algorithm for increasePrefixVectorLength (used by unshift) will never
-        stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
-        of memory, whilst having a relatively small active length.
-
-        * runtime/JSArray.cpp:
-        (JSC::storageSize):
-            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
-        (JSC::SparseArrayValueMap::put):
-            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
-        (JSC::JSArray::increaseVectorLength):
-            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
-        (JSC::JSArray::unshiftCountSlowCase):
-            - renamed from increaseVectorPrefixLength (this was a bad name, since it
-              also moved the ArrayStorage header), rewritten.
-        (JSC::JSArray::shiftCount):
-            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
-        (JSC::JSArray::unshiftCount):
-            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
-              increaseVectorPrefixLength renamed to unshiftCountSlowCase
-        (JSC::JSArray::sortNumeric):
-        * runtime/JSArray.h:
-            - Updated function declarations, m_indexBias should be unsigned.
-
-2012-01-04  Mark Rowe  <mrowe@apple.com>
-
-        <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments
-
-        Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
-        to ensure that the correct destructor is invoked. This is necessary because
-        JSCell subclasses all intentionally have non-virtual destructors.
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::destroy):
-        * runtime/Arguments.h:
-
-2012-01-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, accidentally turned off the JIT in previous commit. Turning
-        it back on.
-
-        * wtf/Platform.h:
-
-2012-01-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Changed "return" to "break" in some macrology I introduced in
-        http://trac.webkit.org/changeset/104086. This is a benign change, as
-        "return" was technically correct for all uses of the macro.
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGGraph.cpp:
-        * wtf/Platform.h:
-
-2012-01-04  Michael Saboff  <msaboff@apple.com>
-
-        StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset
-        https://bugs.webkit.org/show_bug.cgi?id=75583
-
-        Reviewed by Filip Pizlo.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding
-        StructureStubInfo and reset the appropriate JIT and
-        the StructureStubInfo itself when reseting a MethodCallLinkInfo.
-
-2012-01-04  Michael Saboff  <msaboff@apple.com>
-
-        Invalid ASSERT() in DFGRepatch.cpp near line 385
-        https://bugs.webkit.org/show_bug.cgi?id=75584
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==.
-
-2012-01-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Incorrect use of DFG node reference counts when mutating the graph
-        https://bugs.webkit.org/show_bug.cgi?id=75580
-        <rdar://problem/10644607>
-
-        Reviewed by Oliver Hunt.
-        
-        Made deref(node) follow the pattern of ref(node), which it should have
-        to begin with.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::refChildren):
-        (JSC::DFG::Graph::derefChildren):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::deref):
-        (JSC::DFG::Graph::clearAndDerefChild1):
-        (JSC::DFG::Graph::clearAndDerefChild2):
-        (JSC::DFG::Graph::clearAndDerefChild3):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::deref):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixupNode):
-
-2012-01-04  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies
-
-        The custom qmake variable 'WEBKIT' is used for signaling that a
-        target depends in some way on other subproject of the WebKit
-        project. For now this is limited to the set of intermediate
-        libraries: wtf, javascriptcore, webcore, and webkit2.
-
-        This replaces the previous convension of using load(foo) for
-        just include paths, and CONFIG += foo to also link against foo.
-
-        Adding a dependency results in additional include paths being
-        available, and potentially linking to the library. This is
-        decided by the build system based on conditions such as what
-        kind of target is being built and the general build config.
-
-        An advantage to his approach is that it simplifies the individual
-        foo.prf files, for example by allowing us to use INCLUDEPATH +=
-        and LIBS += as normal instead of prepending.
-
-        Reviewed by Simon Hausmann.
-
-        * Target.pri:
-        * jsc.pro:
-        * wtf/wtf.pro:
-
-2012-01-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong
-        https://bugs.webkit.org/show_bug.cgi?id=75516
-        <rdar://problem/10640266>
-
-        Reviewed by Gavin Barraclough.
-        
-        Removed the offending assertion, since it was wrong.  Also hardened the code to make
-        this case less likely by first having the propagator fixpoint converge, and then doing
-        double voting combined with a second fixpoint.  This is neutral on benchmarks and
-        fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double
-        until we've converged to the conclusion that it really is double).
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagatePredictions):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
-
-2012-01-03  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds
-        https://bugs.webkit.org/show_bug.cgi?id=75303
-        <rdar://problem/10633533>
-
-        Reviewed by Gavin Barraclough.
-        
-        The this argument was not being kept alive in some cases during inlining and intrinsic
-        optimizations.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::emitFunctionCheck):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-
-2012-01-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-03  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75140
-
-        Reviewed by Sam Weinig.
-
-        Rewrite JSArray::putSlowCase to be much cleaner & simpler.
-
-        This rewrite only significantly changes behaviour for sparse array, specifically
-        in how sparse arrays are reified back to vector form. This does not affect arrays
-        with less than 10000 entries (since these always use a vector). The more common
-        cases of sparse array behavior (though large sparse arrays are rare) - arrays that
-        always remain sparse, and arrays that are filled in reverse sequential order -
-        should be just as fast or faster (since reification is simpler & no longer
-        requires map lookups) after these changes.
-
-        Simplifying this code allows all cases of putByIndex that need to grow the vector
-        to do so via increaseVectorLength, which means that this method can encapsulate
-        the policy of determining how the vector should be grown.
-
-        No performance impact.
-
-        * runtime/JSArray.cpp:
-        (JSC::isDenseEnoughForVector):
-            - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
-        (JSC::JSArray::putByIndex):
-            - simplify & comment.
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-            - Re-written to be much clearer & simpler.
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::increaseVectorPrefixLength):
-            - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
-        (JSC::JSArray::push):
-            - simplify & comment.
-        * runtime/JSArray.h:
-            - removed SparseArrayValueMap::take.
-
-2012-01-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-01-03  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75140
-
-        Reviewed by Sam Weinig.
-
-        Simplify JSArray creation - remove ArgsList/JSValue* create methods
-        (this functionality can be implemented in terms of tryCreateUninitialized).
-
-        * JavaScriptCore.exp:
-        * runtime/ArrayConstructor.cpp:
-            - use constructArray/constructEmptyArray instead of calling JSArray::create directly
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/JSArray.cpp:
-        * runtime/JSArray.h:
-            - removed ArgsList/JSValue* create methods
-        * runtime/JSGlobalObject.h:
-        (JSC::constructEmptyArray):
-        (JSC::constructArray):
-            - changed to be implemented in terms of JSArray::tryCreateUninitialized
-
-2012-01-03  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75429
-        ThrowTypeError should be a singleton object
-
-        Reviewed by Sam Weinig.
-
-        Per section 13.2.3 of the spec.
-        We could change setAccessorDescriptor to be able to share the global
-        GetterSetter object, rather than storing the accessor functions and
-        creating a new GetterSetter in defineProperty - but this won't be a
-        small change to PropertyDescriptors (and would probably mean making
-        GetterSetter objects immutable?) - so I'll leave that for another
-        patch.
-
-        * JavaScriptCore.exp:
-            - don't export setAccessorDescriptor
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::createStrictModeCallerIfNecessary):
-        (JSC::Arguments::createStrictModeCalleeIfNecessary):
-            - call throwTypeErrorGetterSetter instead of createTypeErrorFunction
-        * runtime/Error.cpp:
-        * runtime/Error.h:
-            - remove createTypeErrorFunction
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-            - remove unused createDescriptorForThrowingProperty
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-            - removed m_strictModeTypeErrorFunctionStructure.
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::internalFunctionStructure):
-            - removed m_strictModeTypeErrorFunctionStructure.
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::setAccessorDescriptor):
-            - changed to take a GetterSetter
-        * runtime/PropertyDescriptor.h:
-            - changed to take a GetterSetter
-
-2012-01-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Check in fixes for jsc tests following bug #75455.
-
-        * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
-        * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js:
-
-2012-01-02  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75452
-        If argument to Error is undefined, message is not set
-
-        Reviewed by Sam Weinig.
-
-        Per section 15.11.1.1 of the spec.
-
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::create):
-        (JSC::ErrorInstance::finishCreation):
-
-2012-01-02  Gavin Barraclough  <barraclough@apple.com>
-
-        ES5 prohibits parseInt from supporting octal
-        https://bugs.webkit.org/show_bug.cgi?id=75455
-
-        Reviewed by Sam Weinig.
-
-        See sections 15.1.2.2 and annex E.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt):
-
-2012-01-02  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=55343
-        Global JSON should be configurable but isn't
-
-        Reviewed by Sam Weinig.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-            - make JSON configurable
-
-2012-01-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Call instructions should leave room for linking information
-        https://bugs.webkit.org/show_bug.cgi?id=75422
-        <rdar://problem/10633985>
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-
-2011-12-31  Dan Bernstein  <mitz@apple.com>
-
-        Continue trying to fix the Windows build after r103823.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-12-31  Dan Bernstein  <mitz@apple.com>
-
-        Start trying to fix the Windows build after r103823.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-12-30  Anders Carlsson  <andersca@apple.com>
-
-        Add a ParamStorageTraits specialization for RetainPtr
-        https://bugs.webkit.org/show_bug.cgi?id=75392
-
-        Reviewed by Daniel Bates.
-
-        * wtf/Functional.h:
-        Add a partial specialization of ParamStorageTraits for RetainPtr<T>.
-
-        * wtf/RetainPtr.h:
-        Bring in the retainPtr function template from WTF.
-
-2011-12-29  Sam Weinig  <sam@webkit.org>
-
-        It should be easier to iterate a Vector backwards
-        https://bugs.webkit.org/show_bug.cgi?id=75359
-
-        Reviewed by Anders Carlsson.
-
-        Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(),
-        a new proxy driven way to access a vector backwards. One can use
-        reversed() in a range-based for loop like so:
-
-            for (auto val: myVector.reversed())
-                doSomething(val)
-
-        * wtf/Vector.h:
-        (WTF::Vector::~Vector):
-        Fix style.
-
-        (WTF::Vector::rbegin):
-        (WTF::Vector::rend):
-        Added using standard adaptor std::reverse_iterator.
-
-        (WTF::Vector::reversed):
-        (WTF::Vector::VectorReverseProxy::begin):
-        (WTF::Vector::VectorReverseProxy::end):
-        Add proxy similar to one used in HashMap for keys() and values()
-        which allows access to a Vector backwards for use in range-based
-        for loops.
-
-2011-12-29  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75140
-
-        Reviewed by Oliver Hunt.
-
-        Start cleaning up JSArray construction. JSArray has a set of create methods,
-        one of which (currently) takes a 'creation mode' enum parameter. Based on that
-        parameter, the constructor does one of two completely different things. If the
-        parameter is 'CreateInitialized' it creates an array, setting the length, but
-        does not eagerly allocate a storage vector of the specified length. A small
-        (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
-        access to the vector will read the hole value (return undefined). The alternate
-        usage of this method ('CreateCompact') does something very different. It tries
-        to create an array of the requested length, and also allocates a storage vector
-        large enough to hold all properties. It does not clear the storage vector,
-        leaving the memory uninitialized and requiring the user to call a method
-        'uncheckedSetIndex' to initialize values in the vector.
-
-        This patch factors out these two behaviours, moving the 'CreateCompact' mode
-        into its own method, 'tryCreateUninitialized' (matching the naming for this
-        functionality in the string classes). 'tryCreateUninitialized' may return 0 if
-        memory allocation fails during construction of the object. The construction
-        pattern changes such that values added during initialization will be marked if
-        a GC is triggered during array allocation. 'CreateInitialized' no longer need
-        be passed to create a normal, fully constructed array with a length, and this
-        method is merged with the version of 'create' that does not take an initial
-        length (length parameter defaults to 0).
-
-        * JavaScriptCore.exp:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-            - removed 'CreateInitialized' argument
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-            - changed to call 'tryCreateUninitialized'
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncBind):
-            - changed to call 'tryCreateUninitialized'
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-            - initialize m_storage to null; if construction fails, make destruction safe
-        (JSC::JSArray::finishCreation):
-            - merge versions of this method, takes an initialLength parameter defaulting to zero
-        (JSC::JSArray::tryFinishCreationUninitialized):
-            - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
-        (JSC::JSArray::~JSArray):
-            - check for null m_storage, in case array construction failed.
-        (JSC::JSArray::increaseVectorPrefixLength):
-        * runtime/JSArray.h:
-        (JSC::JSArray::create):
-            - merge versions of this method, takes an initialLength parameter defaulting to zero
-        (JSC::JSArray::tryCreateUninitialized):
-            - version of 'create' that tries to eagerly allocate storage; may fail & return 0
-        (JSC::JSArray::initializeIndex):
-        (JSC::JSArray::completeInitialization):
-            - used in conjunction with 'tryCreateUninitialized' to initialize the array
-        * runtime/JSGlobalObject.h:
-        (JSC::constructEmptyArray):
-            - removed 'CreateInitialized' argument
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpMatchesArray::finishCreation):
-            - removed 'CreateInitialized' argument
-
-2011-12-29  Anders Carlsson  <andersca@apple.com>
-
-        Add a retainPtr function template
-        https://bugs.webkit.org/show_bug.cgi?id=75365
-
-        Reviewed by Dan Bernstein.
-
-        This makes it easier to make a RetainPtr using template argument deduction, which
-        is useful when passing RetainPtr objects as function arguments.
-
-        * wtf/RetainPtr.h:
-        (WTF::retainPtr):
-
-2011-12-28  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        spill unboxed values in DFG 32_64
-        https://bugs.webkit.org/show_bug.cgi?id=75291
-
-        Reviewed by Filip Pizlo.
-
-        Currently all the values are spilled as boxed in DFG 32_64, which is
-        not necessary and introduces additional stores/loads. Instead we
-        can spill them as unboxed if feasible. It can be applied to the
-        Integers, Cells and Booleans in DFG 32_64. Doubles are left as is
-        because they don't need to be boxed at all. The modifications to the
-        spill/fill and the OSR exit are required, as well as a bug fix to the
-        "isUnknownJS" logic.
-
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::displacedInRegisterFile):
-        (JSC::ValueRecovery::virtualRegister):
-        (JSC::ValueRecovery::dump):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::isUnknownJS):
-        (JSC::DFG::GenerationInfo::spill):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::isKnownNotBoolean):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentFillGPR):
-        (JSC::DFG::SpeculativeJIT::spill):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-28  Anders Carlsson  <andersca@apple.com>
-
-        Add an implicit block conversion operator to WTF::Function
-        https://bugs.webkit.org/show_bug.cgi?id=75325
-
-        Reviewed by Dan Bernstein.
-
-        * wtf/Compiler.h:
-        Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation
-        is buggy, especially when it comes to C++.
-
-        * wtf/Functional.h:
-        Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed.
-
-2011-12-27  Anders Carlsson  <andersca@apple.com>
-
-        Add a new WTF::bind overload that takes 6 parameters
-        https://bugs.webkit.org/show_bug.cgi?id=75287
-
-        Reviewed by Sam Weinig.
-
-        * wtf/Functional.h:
-
-2011-12-27  Sam Weinig  <sam@webkit.org>
-
-        Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro
-        https://bugs.webkit.org/show_bug.cgi?id=75268
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/Compiler.h:
-        Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
-
-        * wtf/Noncopyable.h:
-        Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
-
-        * wtf/NullPtr.cpp:
-        * wtf/NullPtr.h:
-        Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR).
-
-        * wtf/RefPtr.h:
-        * wtf/RetainPtr.h:
-        Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR).
-
-2011-12-27  Anders Carlsson  <andersca@apple.com>
-
-        Misc fixes and cleanups in Functional.h
-        https://bugs.webkit.org/show_bug.cgi?id=75281
-
-        Reviewed by Andreas Kling.
-
-        - Reformat template declarations so that the class begins on a new line.
-        - Change the parameter template parameters to start at P1 instead of P0.
-        - Add function wrappers and bind overloads for 4 and 5 parameter functions.
-        - Change the Function call operator to be const so const functions can be called.
-
-        * wtf/Functional.h:
-
-2011-12-27  Tony Chang  <tony@chromium.org>
-
-        [chromium] Minor cleanup of gyp files.
-        https://bugs.webkit.org/show_bug.cgi?id=75269
-
-        Reviewed by Adam Barth.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed
-        and vim/emacs specific hooks should be added by the user.
-
-2011-12-27  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75260
-        Null name for host function can result in dereference of uninitialize memory
-
-        Reviewed by Filip Pizlo.
-
-        This is a recent regression in ToT, if the name passed to finishCreation of a host function is null,
-        we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the
-        aspect of the change that introduced the issue.  It might be better if functions that don't have a
-        name don't have this property at all, but that's change should be separate from fixing the bug.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::finishCreation):
-            - Always initialize the name property.
-
-2011-12-27  Anders Carlsson  <andersca@apple.com>
-
-        Function should handle wrapping/unwrapping RefPtr and PassRefPtr
-        https://bugs.webkit.org/show_bug.cgi?id=75266
-
-        Reviewed by Sam Weinig.
-
-        Add ParamStorageTraits that can be used for deciding how bound parameters should be stored
-        and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn.
-        For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking.
-
-        * wtf/Functional.h:
-        (WTF::ParamStorageTraits::wrap):
-        (WTF::ParamStorageTraits::unwrap):
-
-2011-12-27  Tony Chang  <tony@chromium.org>
-
-        [chromium] really enable wpo for WebCore libs and for WTF
-        https://bugs.webkit.org/show_bug.cgi?id=75264
-
-        Reviewed by Adam Barth.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr.
-
-2011-12-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Errk! OS X build fix.
-
-        * JavaScriptCore.exp:
-
-2011-12-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSObject.h:
-
-2011-12-26  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75231
-        Fail to throw in strict mode on assign to read only static properties
-
-        Reviewed by Filip Pizlo.
-
-        There are three bugs here:
-        * symbolTablePut should throw for strict mode accesses.
-        * lookupPut should throw for strict mode accesses.
-        * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::put):
-        * runtime/JSActivation.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::put):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::symbolTablePut):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::put):
-        * runtime/NumberConstructor.h:
-
-2011-12-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix miss-commit of utf8 change.
-
-        Reviewed by Filip Pizlo
-
-        Eeep, patch as landed a while ago had no effect! - acidentally landed
-        modified version of patch used for performance testing.
-
-        (This isn't covered by layout tests because layour tests don't use jsc,
-        and the tests/mozilla tests use latin1, which was already supported!)
-
-        Landing changes as intended (and as originally reviewed).
-
-        * jsc.cpp:
-        (jscSource):
-
-2011-12-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for ARMv7.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load16Signed):
-        (JSC::MacroAssemblerARMv7::load8Signed):
-
-2011-12-26  Hajime Morrita  <morrita@google.com>
-
-        Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE
-        https://bugs.webkit.org/show_bug.cgi?id=74990
-
-        Reviewed by Kevin Ollivier.
-
-        * runtime/JSExportMacros.h: Removed JS_INLINE
-        * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE
-
-2011-12-24  Filip Pizlo  <fpizlo@apple.com>
-
-        The ArgumentCount field in the CallFrame should have its tag left blank for other uses
-        https://bugs.webkit.org/show_bug.cgi?id=75199
-        <rdar://problem/10625105>
-        <rdar://problem/10625106>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::argumentCountIncludingThis):
-        (JSC::ExecState::setArgumentCountIncludingThis):
-        * interpreter/Register.h:
-        (JSC::Register::unboxedInt32):
-        (JSC::Register::unboxedBoolean):
-        (JSC::Register::unboxedCell):
-        (JSC::Register::payload):
-        (JSC::Register::tag):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        (JSC::JIT::compileOpCall):
-
-2011-12-25  Andreas Kling  <awesomekling@apple.com>
-
-        Yarr: Avoid copying vectors in CharacterClassConstructor.
-        <http://webkit.org/b/75206>
-
-        Reviewed by Darin Adler.
-
-        Yarr::CharacterClassConstructor::charClass() was hot when loading twitter
-        feeds (1.2%), replace the usage of Vector::append() by swap() since we're
-        always clearing the source vector afterwards anyway.
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::CharacterClassConstructor::charClass):
-
-2011-12-24  Darin Adler  <darin@apple.com>
-
-        Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn
-        https://bugs.webkit.org/show_bug.cgi?id=72476
-
-        Reviewed by Sam Weinig.
-
-        * wtf/HashTraits.h: Defined PassInType and store function in HashTraits<RefPtr>.
-
-2011-12-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Inlined Yarr::execute
-        https://bugs.webkit.org/show_bug.cgi?id=75180
-
-        Reviewed reluctantly by Beth Dakin.
-        
-        Tiny speedup on SunSpider string tests. Removes some samples from
-        Instruments. A step toward removing -fomit-frame-pointer.
-
-        * yarr/YarrJIT.cpp:
-        * yarr/YarrJIT.h:
-        (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?!
-
-2011-12-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG loads from signed 8-bit and 16-bit typed arrays are broken
-        https://bugs.webkit.org/show_bug.cgi?id=75163
-
-        Reviewed by Geoffrey Garen.
-        
-        Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm
-        currently disabling Int8Array and Int16Array optimizations on ARM.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::load8Signed):
-        (JSC::MacroAssemblerX86Common::load16Signed):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movswl_mr):
-        (JSC::X86Assembler::movsbl_mr):
-        * bytecode/PredictedType.h:
-        (JSC::isActionableMutableArrayPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateInt8Array):
-        (JSC::DFG::Node::shouldSpeculateInt16Array):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-
-2011-12-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG does double-to-int conversion incorrectly when storing into int typed arrays
-        https://bugs.webkit.org/show_bug.cgi?id=75164
-        <rdar://problem/10557547>
-
-        Reviewed by Geoffrey Garen.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32):
-        (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-
-2011-12-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored String.prototype.replace
-        https://bugs.webkit.org/show_bug.cgi?id=75114
-        
-        Reviewed by Darin Adler.
-
-        No performance difference.
-        
-        I think this is a step toward removing -fomit-frame-pointer.
-
-        * runtime/JSString.cpp:
-        * runtime/JSString.h: Removed the test and special case for a single-character
-        search string because the standard path does this test and special case
-        for us. (As an aside, if we do come up with a unique single-character
-        replace optimization in future, it probably belongs in the replace function,
-        and not in JSString.)
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace): Split this mega-sized function into:
-        (JSC::replaceUsingStringSearch): - This reasonably sized function, and
-        (JSC::replaceUsingRegExpSearch): - This still mega-sized function.
-
-2011-12-23  Pierre Rossi  <pierre.rossi@gmail.com>
-
-        [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html
-        https://bugs.webkit.org/show_bug.cgi?id=75087
-
-        monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds.
-
-        Reviewed by Darin Adler.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::monotonicallyIncreasingTime):
-
-2011-12-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not speculate array even when predictions say that the base is not an array
-        https://bugs.webkit.org/show_bug.cgi?id=75160
-        <rdar://problem/10622646>
-        <rdar://problem/10622649>
-
-        Reviewed by Oliver Hunt.
-        
-        Added the ability to call slow path when the base is known to not be an array.
-        Also rationalized the logic for deciding when the index is not an int, and
-        cleaned up the logic for deciding when to speculate typed array.
-        
-        Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can
-        likely be mitigated by having the notion of a polymorphic array access, where we
-        try, but don't speculate, to access the array one way before either trying some
-        other ways or calling slow path.
-
-        * bytecode/PredictedType.h:
-        (JSC::isActionableMutableArrayPrediction):
-        (JSC::isActionableArrayPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateInt8Array):
-        (JSC::DFG::Node::shouldSpeculateInt16Array):
-        (JSC::DFG::Node::shouldSpeculateInt32Array):
-        (JSC::DFG::Node::shouldSpeculateUint8Array):
-        (JSC::DFG::Node::shouldSpeculateUint16Array):
-        (JSC::DFG::Node::shouldSpeculateUint32Array):
-        (JSC::DFG::Node::shouldSpeculateFloat32Array):
-        (JSC::DFG::Node::shouldSpeculateFloat64Array):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::byValIsPure):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed - fix stylebot issues from last patch.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-
-2011-12-22  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=75151
-        Add attributes field to JSArray's SparseMap
-
-        Reviewed by Sam Weinig.
-
-        This will be necessary to be able to support non- writable/configurable/enumerable
-        properties, and helpful for getters/setters.
-
-        Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort):
-            - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
-              (must fall back to generic sort alogrithm).
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::finishCreation):
-            - moved reportedMapCapacity into the SparseArrayValueMap object.
-        (JSC::SparseArrayValueMap::find):
-        (JSC::SparseArrayValueMap::put):
-        (JSC::SparseArrayValueMap::visitChildren):
-            - Added.
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::visitChildren):
-            - Updated for changes in SparseArrayValueMap.
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-            - Disallow on 'SparseMode' arrays.
-        * runtime/JSArray.h:
-        (JSC::SparseArrayEntry::SparseArrayEntry):
-            - An entry in the sparse array - value (WriteBarrier) + attributes.
-        (JSC::SparseArrayValueMap::SparseArrayValueMap):
-        (JSC::SparseArrayValueMap::sparseMode):
-        (JSC::SparseArrayValueMap::setSparseMode):
-            - Flags to track whether an Array is forced into SparseMode.
-        (JSC::SparseArrayValueMap::remove):
-        (JSC::SparseArrayValueMap::notFound):
-        (JSC::SparseArrayValueMap::isEmpty):
-        (JSC::SparseArrayValueMap::contains):
-        (JSC::SparseArrayValueMap::size):
-        (JSC::SparseArrayValueMap::begin):
-        (JSC::SparseArrayValueMap::end):
-            - accessors to the map
-        (JSC::SparseArrayValueMap::take):
-            - only for use on non-SpareMode arrays.
-        (JSC::JSArray::inSparseMode):
-            - Added.
-
-2011-12-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array
-        https://bugs.webkit.org/show_bug.cgi?id=75150
-        <rdar://problem/10621900>
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2011-12-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does exactly the wrong thing when doing strict equality on two known cells
-        https://bugs.webkit.org/show_bug.cgi?id=75138
-        <rdar://problem/10621526>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-
-2011-12-22  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Fix debug build with assertions disabled
-        https://bugs.webkit.org/show_bug.cgi?id=75075
-
-        Reviewed by Darin Adler.
-
-        Check whether assertions are disabled instead of NDEBUG
-        where appropriate to avoid "defined but not used" warnings.
-
-        * wtf/DateMath.cpp:
-        (WTF::initializeDates):
-
-2011-12-22  Mariusz Grzegorczyk  <mariusz.g@samsung.com>
-
-        [EFL] Missing plugins support for efl port
-        https://bugs.webkit.org/show_bug.cgi?id=44505
-
-        Reviewed by Anders Carlsson.
-
-        Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port.
-
-        * wtf/Platform.h:
-
-2011-12-22  Wei Charles  <charles.wei@torchmobile.com.cn>
-
-        Remove un-used data member of LiteralParser::Lex::m_string
-        https://bugs.webkit.org/show_bug.cgi?id=68216
-
-        Reviewed by George Staikos.
-
-        * runtime/LiteralParser.h:
-
-2011-12-21  Dan Bernstein  <mitz@apple.com>
-
-        OS X build fix after r103488.
-
-        * JavaScriptCore.exp:
-
-2011-12-21  Konrad Piascik  <kpiascik@rim.com>
-
-        Implement the JavaScriptCore bindings for eventListenerHandlerLocation
-        https://bugs.webkit.org/show_bug.cgi?id=74313
-
-        Reviewed by Eric Seidel.
-
-        Updated project files to get Windows and Mac builds working.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-12-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object
-        https://bugs.webkit.org/show_bug.cgi?id=75058
-        <rdar://problem/10616612>
-        <rdar://problem/10617500>
-
-        Reviewed by Oliver Hunt.
-        
-        Added a call to toThisObject() in the DFG when planting a direct reference to the global this object.
-        Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed
-        a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState*
-        is optional.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::globalThisObjectFor):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSObject.h:
-
-2011-12-21  Pierre Rossi  <pierre.rossi@gmail.com>
-
-        Implement montonicallyIncreasingClock() on Qt
-        https://bugs.webkit.org/show_bug.cgi?id=62159
-
-        Reviewed by Darin Adler.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::monotonicallyIncreasingTime):
-
-2011-12-20  Filip Pizlo  <fpizlo@apple.com>
-
-        32_64 baseline JIT should attempt to convert division results to integers, and record when that fails
-        https://bugs.webkit.org/show_bug.cgi?id=74997
-        <rdar://problem/10612389>
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_div):
-
-2011-12-20  Filip Pizlo  <fpizlo@apple.com>
-
-        JavaScriptCore should be consistent about how it reads and writes ArgumentCount
-        https://bugs.webkit.org/show_bug.cgi?id=74989
-        <rdar://problem/10612006>
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_arguments_length):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-
-2011-12-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Value Profiles for arguments should be more easily accessible to the interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=74984
-        <rdar://problem/10611364>
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setArgumentValueProfileSize):
-        (JSC::CodeBlock::numberOfArgumentValueProfiles):
-        (JSC::CodeBlock::valueProfileForArgument):
-        (JSC::CodeBlock::addValueProfile):
-        (JSC::CodeBlock::valueProfile):
-        (JSC::CodeBlock::valueProfileForBytecodeOffset):
-        (JSC::CodeBlock::totalNumberOfValueProfiles):
-        (JSC::CodeBlock::getFromAllValueProfiles):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::ValueProfile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-
-2011-12-20  Gavin Barraclough  <barraclough@apple.com>
-
-        JSC shell should accept utf8 input.
-
-        Reviewed by Filip Pizlo.
-
-        * jsc.cpp:
-        (jscSource):
-        (functionRun):
-        (functionLoad):
-        (functionCheckSyntax):
-        (runWithScripts):
-        (runInteractive):
-
-2011-12-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Sam Weinig
-
-        * runtime/JSGlobalData.cpp:
-            - removed some dead code.
-
-2011-12-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Tightened up Vector<T>::append
-        https://bugs.webkit.org/show_bug.cgi?id=74906
-
-        Reviewed by Sam Weinig.
-
-        Not a measurable speedup, but code inspection shows better code generated,
-        and I believe this is a step toward turning off -fomit-frame-pointer.
-
-        * wtf/Vector.h:
-        (WTF::::append):
-        (WTF::::appendSlowCase): Split out the slow case into a separate function
-        to keep unnecessary instructions off the hot path. This means the hot
-        path can now be inlined more often.
-        
-        Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a
-        compiler work-around from 2007.
-
-2011-12-19  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Temporary GPR should not be lazily allocated in DFG JIT on X86
-        https://bugs.webkit.org/show_bug.cgi?id=74908
-
-        Reviewed by Filip Pizlo.
-
-        On X86, we used to allocate a temporary GPR lazily when it's really
-        used rather than defined. This may cause potential issues of
-        allocating registers inside control flow and result in problems in
-        subsequent code generation, for example the DFG JIT may think an
-        operand already being spilled (to satisfy the allocation request) and
-        generate code to read the data from memory, but the allocation and
-        spilling are in a branch which is not taken at runtime, so the
-        generated code is incorrect.
-
-        Although current DFG JIT code doesn't have this problematic pattern,
-        it's better to cut-off the root to avoid any potential issues in the
-        future.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::GPRTemporary::gpr):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-19  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Remove unused code for non-speculative Arith operations from DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=74905
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        * dfg/DFGSpeculativeJIT64.cpp:
-
-2011-12-19  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=74903
-        Exceptions not thrown correctly from DFG JIT on 32bit
-
-        Reviewed by Oliver Hunt.
-
-        Arguments for lookupExceptionHandler are not setup correctly.
-        In the case of ARMv7 we rely on lr being preserved over a call,
-        this in invalid. On x86 we don't should be poking the arguments onto the stack!
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
-        * dfg/DFGGPRInfo.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addExceptionCheck):
-        (JSC::DFG::JITCompiler::addFastExceptionCheck):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-
-2011-12-19  Filip Pizlo  <fpizlo@apple.com>
-
-        If we detect that we can use the JIT, don't use computed opcode lookups
-        https://bugs.webkit.org/show_bug.cgi?id=74899
-        <rdar://problem/10604551>
-
-        Reviewed by Gavin Barraclough.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::getOpcode):
-        (JSC::Interpreter::getOpcodeID):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2011-12-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt build.
-
-        Unreviewed.
-
-        * wtf/ThreadSpecific.h: #include!
-
-2011-12-18  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to change the value of an Options variable without recompiling the world
-        https://bugs.webkit.org/show_bug.cgi?id=74807
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/Options.cpp:
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-
-2011-12-19  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r103250.
-        http://trac.webkit.org/changeset/103250
-        https://bugs.webkit.org/show_bug.cgi?id=74877
-
-        it still breaks codegen (Requested by olliej on #webkit).
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::byValIsPure):
-        (JSC::DFG::Propagator::clobbersWorld):
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-16  Oliver Hunt  <oliver@apple.com>
-
-        Rolling r103120 back in with merge errors corrected.
-
-        PutByVal[Alias] unnecessarily reloads the storage buffer
-        https://bugs.webkit.org/show_bug.cgi?id=74747
-
-        Reviewed by Gavin Barraclough.
-
-        Make PutByVal use GetIndexedStorage to load the storage buffer.
-        This required switching PutByVal to a vararg node (which is
-        responsible for most of the noise in this patch).  This fixes the
-        remaining portion of the kraken regression caused by the GetByVal
-        storage load elimination, and a 1-5% win on some of the sub tests of
-        the typed array benchmark at:
-        http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::byValIndexIsPure):
-        (JSC::DFG::Propagator::clobbersWorld):
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Placement new does an unnecessary NULL check
-        https://bugs.webkit.org/show_bug.cgi?id=74676
-
-        Reviewed by Sam Weinig.
-
-        We can define our own version, which skips the NULL check.
-        
-        Not a measurable speedup, but code inspection shows better code generated,
-        and I believe this is a step toward turning off -fomit-frame-pointer.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::create):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::create): Use the NotNull version of placement
-        new to skip the NULL check.
-
-        * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
-
-        (JSC::JSCallbackObject::create):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::create):
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::grow):
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::allocate):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::recycle):
-        * jit/JITCode.h:
-        (JSC::JITCode::clear):
-        * jsc.cpp:
-        (GlobalObject::create):
-        * profiler/CallIdentifier.h:
-        * runtime/Arguments.h:
-        (JSC::Arguments::create):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::create):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::create):
-        * runtime/BooleanConstructor.h:
-        (JSC::BooleanConstructor::create):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::create):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::create):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::create):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::create):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::create):
-        * runtime/Error.h:
-        (JSC::StrictModeTypeErrorFunction::create):
-        * runtime/ErrorConstructor.h:
-        (JSC::ErrorConstructor::create):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::create):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::create):
-        * runtime/ExceptionHelpers.h:
-        (JSC::InterruptedExecutionError::create):
-        (JSC::TerminatedExecutionError::create):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::EvalExecutable::create):
-        (JSC::ProgramExecutable::create):
-        (JSC::FunctionExecutable::create):
-        * runtime/FunctionConstructor.h:
-        (JSC::FunctionConstructor::create):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::create):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::create):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::create):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::create):
-        * runtime/JSArray.h:
-        (JSC::JSArray::create):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::create):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::create): Use the NotNull version of placement
-        new to skip the NULL check.
-
-        * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::create):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::create):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::create):
-        * runtime/JSGlobalThis.h:
-        (JSC::JSGlobalThis::create):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::create):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::create):
-        * runtime/JSObject.h:
-        (JSC::JSFinalObject::create):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::create):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::createNull):
-        (JSC::RopeBuilder::create):
-        (JSC::RopeBuilder::createHasOtherOwner):
-        * runtime/MathObject.h:
-        (JSC::MathObject::create):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::create):
-        * runtime/NativeErrorPrototype.h:
-        (JSC::NativeErrorPrototype::create):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::create):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::create):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::create):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::create):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::create):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::createWithoutCaching):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::create):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::create):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::create):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::create):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::create):
-        * runtime/StrictEvalActivation.h:
-        (JSC::StrictEvalActivation::create):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::create):
-        * runtime/StringObject.h:
-        (JSC::StringObject::create):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::create):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::createStructure):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-        * testRegExp.cpp:
-        (GlobalObject::create):
-        * wtf/BitVector.cpp:
-        (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
-        new to skip the NULL check.
-
-        * wtf/BumpPointerAllocator.h:
-        (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
-
-        * wtf/ByteArray.cpp:
-        (WTF::ByteArray::create):
-        * wtf/Deque.h:
-        (WTF::::append):
-        (WTF::::prepend): Use NotNull, as above.
-
-        * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
-        hide the name of the global placement new.
-
-        (WTF::fastNew): Standardized spacing. Most of these functions don't need
-        NotNull, since they check for NULL, and the optimizer can see that.
-
-        * wtf/HashTable.h:
-        * wtf/HashTraits.h:
-        (WTF::SimpleClassHashTraits::constructDeletedValue):
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
-
-        * wtf/StdLibExtras.h:
-        (throw): This is our NotNull placement new. Declaring that we throw is
-        the C++ way to say that operator new will not return NULL.
-
-        * wtf/ThreadSpecific.h:
-        (WTF::T):
-        * wtf/Vector.h:
-        (WTF::::append):
-        (WTF::::tryAppend):
-        (WTF::::uncheckedAppend):
-        (WTF::::insert):
-        * wtf/text/AtomicStringHash.h:
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::createUninitialized):
-        (WTF::StringImpl::reallocate):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::tryCreateUninitialized):
-        * wtf/text/StringStatics.cpp:
-        (WTF::AtomicString::init): Use NotNull, as above.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::allocDisjunctionContext):
-        (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
-        spacing for easy grep.
-
-2011-12-19  Eric Carlson  <eric.carlson@apple.com>
-
-        Enable <track> for Mac build
-        https://bugs.webkit.org/show_bug.cgi?id=74838
-
-        Reviewed by Darin Adler.
-
-        * wtf/Platform.h:
-
-2011-12-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG is too sloppy with register allocation
-        https://bugs.webkit.org/show_bug.cgi?id=74835
-
-        Reviewed by Gavin Barraclough.
-        
-        Added assertions that at the end of a successfully generated basic block,
-        all use counts should be zero. This revealed a number of bugs:
-        
-        - Array length optimizations were turning a must-generate node into one
-          that is not must-generate, but failing to change the ref count
-          accordingly.
-          
-        - Indexed property storage optimizations were failing to deref their
-          children, or to deref the indexed property storage node itself. Also,
-          they used the Phantom node as a replacement. But the Phantom node is
-          must-generate, which was causing bizarre issues. So this introduces a
-          Nop node, which should be used in cases where you want a node that is
-          skipped and has no children.
-          
-        This does not have any significant performance effect, but it should
-        relieve some register pressure. The main thing this patch adds, though,
-        are the assertions, which should make it easier to do register allocation
-        related changes in the future.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::initConstant):
-        (JSC::DFG::GenerationInfo::initInteger):
-        (JSC::DFG::GenerationInfo::initJSValue):
-        (JSC::DFG::GenerationInfo::initCell):
-        (JSC::DFG::GenerationInfo::initBoolean):
-        (JSC::DFG::GenerationInfo::initDouble):
-        (JSC::DFG::GenerationInfo::initStorage):
-        (JSC::DFG::GenerationInfo::use):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::clearAndDerefChild1):
-        (JSC::DFG::Graph::clearAndDerefChild2):
-        (JSC::DFG::Graph::clearAndDerefChild3):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::deref):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-18  Benjamin Poulain  <bpoulain@apple.com>
-
-        Remove the duplicated code from ASCIICType.h
-        https://bugs.webkit.org/show_bug.cgi?id=74771
-
-        Reviewed by Andreas Kling.
-
-        Use isASCIIDigit() and isASCIIAlpha() instead of copying the code.
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIDigit):
-        (WTF::isASCIIAlphanumeric):
-        (WTF::isASCIIHexDigit):
-
-2011-12-18  Anders Carlsson  <andersca@apple.com>
-
-        Set the main frame view scroll position asynchronously
-        https://bugs.webkit.org/show_bug.cgi?id=74823
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.exp:
-
-2011-12-10  Andreas Kling  <kling@webkit.org>
-
-        OpaqueJSClass: Remove RVCT2 workarounds.
-        <http://webkit.org/b/74250>
-
-        Reviewed by Benjamin Poulain.
-
-        We no longer need workarounds for the RVCT2 compiler since it was
-        only used for the Symbian port of WebKit which is now defunct.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-
-2011-12-16  Benjamin Poulain  <bpoulain@apple.com>
-
-        Remove the duplicated code from ASCIICType.h
-        https://bugs.webkit.org/show_bug.cgi?id=74771
-
-        Reviewed by Andreas Kling.
-
-        The functions were sharing similar code and were defined for the various input types.
-        Use templates instead to avoid code duplication.
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCII):
-        (WTF::isASCIIAlpha):
-        (WTF::isASCIIAlphanumeric):
-        (WTF::isASCIIDigit):
-        (WTF::isASCIIHexDigit):
-        (WTF::isASCIILower):
-        (WTF::isASCIIOctalDigit):
-        (WTF::isASCIIPrintable):
-        (WTF::isASCIISpace):
-        (WTF::isASCIIUpper):
-        (WTF::toASCIILower):
-        (WTF::toASCIIUpper):
-        (WTF::toASCIIHexValue):
-        (WTF::lowerNibbleToASCIIHexDigit):
-        (WTF::upperNibbleToASCIIHexDigit):
-
-2011-12-16  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit may get confused about where in the scratch buffer it stored a value
-        https://bugs.webkit.org/show_bug.cgi?id=74695
-
-        Reviewed by Oliver Hunt.
-        
-        The code that reads from the scratch buffer now explicitly knows which locations to
-        read from. No new tests, since this patch covers a case so uncommon that I don't know
-        how to make a test for it.
-
-        * dfg/DFGOSRExitCompiler.h:
-        (JSC::DFG::OSRExitCompiler::badIndex):
-        (JSC::DFG::OSRExitCompiler::initializePoisoned):
-        (JSC::DFG::OSRExitCompiler::poisonIndex):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-
-2011-12-16  Oliver Hunt  <oliver@apple.com>
-
-        PutByVal[Alias] unnecessarily reloads the storage buffer
-        https://bugs.webkit.org/show_bug.cgi?id=74747
-
-        Reviewed by Gavin Barraclough.
-
-        Make PutByVal use GetIndexedStorage to load the storage buffer.
-        This required switching PutByVal to a vararg node (which is
-        responsible for most of the noise in this patch).  This fixes the
-        remaining portion of the kraken regression caused by the GetByVal
-        storage load elimination, and a 1-5% win on some of the sub tests of
-        the typed array benchmark at:
-        http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::byValIndexIsPure):
-        (JSC::DFG::Propagator::clobbersWorld):
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-16  Daniel Bates  <dbates@rim.com>
-
-        Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h
-
-        Rubber-stamped by Antonio Gomes.
-
-        BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't
-        declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h
-        instead of BlackBerryPlatformMisc.h.
-
-        * wtf/Assertions.cpp:
-
-2011-12-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize destructors
-        https://bugs.webkit.org/show_bug.cgi?id=74331
-
-        Reviewed by Geoffrey Garen.
-
-        This is a megapatch which frees us from the chains of virtual destructors.
-
-        In order to remove the virtual destructors, which are the last of the virtual 
-        functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to 
-        the cell rather than to the structure because in order to be able to lazily call 
-        the static destroy() functions that will replace the virtual destructors, we 
-        need to be able to access the ClassInfo without the danger of the object's 
-        Structure being collected before the object itself.
-
-        After adding the ClassInfo to the cell, we can then begin to remove our use 
-        of vptrs for optimizations within the JIT and the GC.  When we have removed 
-        all of the stored vptrs from JSGlobalData, we can then also remove all of 
-        the related VPtrStealingHack code.
-
-        The replacement for virtual destructors will be to add a static destroy function 
-        pointer to the MethodTable stored in ClassInfo.  Any subclass of JSCell that has 
-        a non-trivial destructor will require its own static destroy function to static 
-        call its corresponding destructor, which will now be non-virtual.  In future 
-        patches we will slowly move away from destructors altogether as we make more and 
-        more objects backed by GC memory rather than malloc-ed memory.  The GC will now 
-        call the static destroy method rather than the virtual destructor.
-
-        As we go through the hierarchy and add static destroy functions to classes, 
-        we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes 
-        to which it applies.  The future goal is to eventually have every class have that assert.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call 
-        ~JSCallbackConstructor because it has some extra destruction logic.
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction.
-        * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject 
-        because it has a member OwnPtr that needs destruction.
-        (JSC::::destroy):
-        * API/JSCallbackObject.h:
-        * JavaScriptCore.exp: Add/remove necessary symbols for JSC.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols.
-        * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't 
-        have its own ClassInfo despite the fact that it overrides a number of MethodTable 
-        methods.  Added the ClassInfo, along with an assertion that its destructor is trivial.
-        * debugger/DebuggerActivation.h:
-        * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray, 
-        isJSString, as it is no longer necessary.
-        (JSC::DFG::putByVal):
-        * dfg/DFGRepatch.cpp:  Ditto.  Also remove uses of jsArrayVPtr in favor of using the 
-        JSArray ClassInfo pointer.
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:  Replace uses of the old vptrs with new ClassInfo 
-        comparisons since we don't have vptrs anymore.
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT.h: Ditto.
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * dfg/DFGSpeculativeJIT32_64.cpp: Ditto.
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp: Ditto.
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with 
-        ClassInfo comparisons.
-        (JSC::Heap::Heap):
-        * heap/MarkStack.cpp: Ditto.
-        (JSC::MarkStackThreadSharedData::markingThreadMain):
-        (JSC::visitChildren):
-        (JSC::SlotVisitor::drain):
-        * heap/MarkStack.h: Ditto.
-        (JSC::MarkStack::MarkStack):
-        * heap/MarkedBlock.cpp: Ditto.
-        (JSC::MarkedBlock::callDestructor):
-        (JSC::MarkedBlock::specializedSweep):
-        * heap/MarkedBlock.h: Ditto.
-        * heap/SlotVisitor.h: Ditto.
-        (JSC::SlotVisitor::SlotVisitor):
-        * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them.  
-        We'll have to rename this class and make it use ClassInfo ptrs in a future patch.
-        (JSC::VTableSpectrum::count):
-        * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray, 
-        etc. functions.
-        (JSC::loadVarargs):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject 
-        * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting, 
-        remove all vtable related code.
-        (JSC::JIT::emitLoadCharacterString):
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateJSFinalObject):
-        (JSC::JIT::emitAllocateJSFunction):
-        * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo.
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_convert_this):
-        * jit/JITOpcodes32_64.cpp: Ditto.
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_convert_this):
-        * jit/JITPropertyAccess.cpp: Ditto.
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp: Ditto.
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITStubs.cpp: Remove global data argument from isJSString, etc.
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff.
-        (JSC::SpecializedThunkJIT::loadJSStringArgument):
-        * runtime/ArrayConstructor.cpp: Add trivial destructor assert.
-        * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray.
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        * runtime/BooleanConstructor.cpp: Add trivial destructor assert.
-        * runtime/BooleanObject.cpp: Ditto.
-        * runtime/BooleanPrototype.cpp: Ditto.
-        * runtime/ClassInfo.h: Add destroy function pointer to MethodTable.
-        * runtime/DateConstructor.cpp: Add trivial destructor assert.
-        * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr 
-        that needs destruction.
-        (JSC::DateInstance::destroy):
-        * runtime/DateInstance.h:
-        * runtime/Error.cpp: Ditto (because of UString member).
-        (JSC::StrictModeTypeErrorFunction::destroy):
-        * runtime/Error.h:
-        * runtime/ErrorConstructor.cpp: Add trivial destructor assert.
-        * runtime/ErrorInstance.cpp: Ditto.
-        * runtime/ExceptionHelpers.cpp: Ditto.
-        * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses.
-        (JSC::ExecutableBase::destroy):
-        (JSC::NativeExecutable::destroy):
-        (JSC::ScriptExecutable::destroy):
-        (JSC::EvalExecutable::destroy):
-        (JSC::ProgramExecutable::destroy):
-        (JSC::FunctionExecutable::destroy):
-        * runtime/Executable.h:
-        * runtime/FunctionConstructor.cpp: Add trivial destructor assert.
-        * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray.
-        (JSC::functionProtoFuncApply):
-        * runtime/GetterSetter.cpp: Ditto.
-        * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no 
-        longer exists.
-        (JSC::initializeThreadingOnce):
-        * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert, 
-        remove first arg from isJSString.
-        (JSC::InternalFunction::displayName):
-        * runtime/InternalFunction.h: Remove VPtrStealingHack.
-        * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert.
-        * runtime/JSArray.cpp: Add static destroy to call ~JSArray.  Replace vptr checks in 
-        destructor with ClassInfo checks.
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::destroy):
-        * runtime/JSArray.h: Remove VPtrStealingHack.  Remove globalData argument from isJSArray 
-        and change them to check the ClassInfo rather than the vptrs.
-        (JSC::isJSArray):
-        * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray.
-        (JSC::boundFunctionCall):
-        (JSC::boundFunctionConstruct):
-        * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks.
-        (JSC::JSByteArray::~JSByteArray):
-        (JSC::JSByteArray::destroy):
-        * runtime/JSByteArray.h: Remove VPtrStealingHack code.
-        (JSC::isJSByteArray):
-        * runtime/JSCell.cpp: Add trivial destructor assert.  Add static destroy function.
-        (JSC::JSCell::destroy):
-        * runtime/JSCell.h: Remove VPtrStealingHack code.  Add function for returning the offset 
-        of the ClassInfo pointer in the object for use by the JIT.  Add the ClassInfo pointer to 
-        the JSCell itself, and grab it from the Structure.  Remove the vptr and setVPtr functions, 
-        as they are no longer used.  Add a validatedClassInfo function to JSCell for any clients 
-        that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the 
-        same one as that contained in the Structure.  This isn't used too often, because most of 
-        the places where we compare the ClassInfo to things can be called during destruction.  
-        Since the Structure is unreliable during the phase when destructors are being called, 
-        we can't call validatedClassInfo.
-        (JSC::JSCell::classInfoOffset):
-        (JSC::JSCell::structure):
-        (JSC::JSCell::classInfo):
-        * runtime/JSFunction.cpp: Remove VPtrStealingHack code.  Add static destroy, remove vtableAnchor, 
-        remove first arg from call to isJSString.
-        (JSC::JSFunction::destroy):
-        (JSC::JSFunction::displayName):
-        * runtime/JSFunction.h: 
-        * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs, 
-        as these vptrs are no longer needed in the codebase.
-        * runtime/JSGlobalData.h:
-        (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use 
-        ClassInfo rather than the vptr.
-        * runtime/JSGlobalObject.cpp: Add static destroy function.
-        (JSC::JSGlobalObject::destroy):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSGlobalThis.cpp: Add trivial destructor assert.
-        * runtime/JSNotAnObject.cpp: Ditto.
-        * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls.
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp: 
-        (JSC::JSFinalObject::destroy):
-        (JSC::JSNonFinalObject::destroy):
-        (JSC::JSObject::destroy):
-        * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor 
-        from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and 
-        JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code.
-        (JSC::JSObject::finishCreation):
-        (JSC::JSNonFinalObject::finishCreation):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::isJSFinalObject):
-        * runtime/JSPropertyNameIterator.cpp: Add static destroy.
-        (JSC::JSPropertyNameIterator::destroy):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp: Ditto.
-        (JSC::JSStaticScopeObject::destroy):
-        * runtime/JSStaticScopeObject.h: Ditto. 
-        * runtime/JSString.cpp:
-        (JSC::JSString::destroy):
-        * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code, 
-        since we no longer need to fixup vptrs.
-        (JSC::jsSingleCharacterString):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsNontrivialString):
-        (JSC::jsString):
-        (JSC::jsSubstring8):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString):
-        (JSC::jsStringBuilder):
-        (JSC::isJSString):
-        * runtime/JSVariableObject.cpp: 
-        (JSC::JSVariableObject::destroy):
-        * runtime/JSVariableObject.h: Ditto.
-        * runtime/JSWrapperObject.cpp:
-        * runtime/JSWrapperObject.h: Add trivial destructor assert.
-        * runtime/MathObject.cpp: Ditto.
-        * runtime/NativeErrorConstructor.cpp: Ditto.
-        * runtime/NumberConstructor.cpp: Ditto.
-        * runtime/NumberObject.cpp: Ditto.
-        * runtime/NumberPrototype.cpp: Ditto.
-        * runtime/ObjectConstructor.cpp: Ditto.
-        * runtime/ObjectPrototype.cpp: Ditto.
-        * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString.
-        (JSC::jsString):
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        * runtime/RegExp.cpp: Add static destroy.
-        (JSC::RegExp::destroy):
-        * runtime/RegExp.h:
-        * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray.
-        (JSC::RegExpConstructor::destroy):
-        (JSC::RegExpMatchesArray::destroy):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        * runtime/RegExpObject.cpp: Add static destroy.
-        (JSC::RegExpObject::destroy):
-        * runtime/RegExpObject.h:
-        * runtime/ScopeChain.cpp: Add trivial destructor assert.
-        * runtime/ScopeChain.h:
-        * runtime/StrictEvalActivation.cpp: Ditto.
-        * runtime/StringConstructor.cpp:
-        * runtime/StringObject.cpp: Ditto. Remove vtableAnchor.
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp: Ditto.
-        * runtime/Structure.cpp: Add static destroy.
-        (JSC::Structure::destroy):
-        * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h 
-        because they need to have the full Structure type to access the ClassInfo to store in the JSCell.
-        (JSC::JSCell::setStructure):
-        (JSC::JSCell::validatedClassInfo):
-        (JSC::JSCell::JSCell):
-        (JSC::JSCell::finishCreation):
-        * runtime/StructureChain.cpp: Add static destroy.
-        (JSC::StructureChain::destroy):
-        * runtime/StructureChain.h:
-        * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs 
-        ability to tell us when a class has a trivial destructor. We will use this assert 
-        more in future patches as we move toward having all JSC objects backed by GC memory, 
-        which means moving away from using destructors/finalizers.
-
-2011-12-15  Martin Robinson  <mrobinson@igalia.com>
-
-        Fix 'make dist' in preparation for the GTK+ release.
-
-        * GNUmakefile.list.am: Add missing header.
-
-2011-12-15  Sam Weinig  <sam@webkit.org>
-
-        <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly
-
-        Reviewed by Gavin Barraclough.
-
-        Original patch by Jim Grosbach.
-
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::ctiVMThrowTrampoline):
-        Replace uses of the 'cpy' mnemonic with 'mov'.
-
-2011-12-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Value profiling should distinguished between NaN and non-NaN doubles
-        https://bugs.webkit.org/show_bug.cgi?id=74682
-
-        Reviewed by Gavin Barraclough.
-        
-        Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
-        of the two.
-
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionFromValue):
-        * bytecode/PredictedType.h:
-        (JSC::isDoubleRealPrediction):
-        (JSC::isDoublePrediction):
-
-2011-12-15  Anders Carlsson  <andersca@apple.com>
-
-        Regression (r102866): Navigating away from or closing a page with a plugin crashes
-        https://bugs.webkit.org/show_bug.cgi?id=74655
-        <rdar://problem/10590024>
-
-        Reviewed by Sam Weinig.
-
-        Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes,
-        using a modified version of the technique described here:
-        http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699
-        
-        * wtf/Functional.h:
-
-2011-12-15  Andy Wingo  <wingo@igalia.com>
-
-        Warnings fixes in Interpreter.cpp and PrivateExecute.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=74624
-
-        Reviewed by Darin Adler.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Fix variables unused in
-        release mode.
-        * wtf/ParallelJobsGeneric.cpp:
-        (WTF::ParallelEnvironment::ParallelEnvironment): Fix
-        signed/unsigned comparison warning, with a cast.
-
-2011-12-15  Andy Wingo  <wingo@igalia.com>
-
-        Use more macrology in JSC::Options
-        https://bugs.webkit.org/show_bug.cgi?id=72938
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/Options.cpp:
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h: Use macros to ensure that all heuristics are
-        declared and have initializers.
-
-2011-12-15  Anders Carlsson  <andersca@apple.com>
-
-        Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define
-        https://bugs.webkit.org/show_bug.cgi?id=74639
-
-        Reviewed by Andreas Kling.
-
-        Add ENABLE_THREADED_SCROLLING #define.
-
-        * wtf/Platform.h:
-
-2011-12-15  Anders Carlsson  <andersca@apple.com>
-
-        EventDispatcher should handle wheel events on the connection queue
-        https://bugs.webkit.org/show_bug.cgi?id=74627
-
-        Reviewed by Andreas Kling.
-
-        Add a BoundFunctionImpl specialization that takes three parameters.
-
-        * wtf/Functional.h:
-        (WTF::C::):
-        (WTF::R):
-        (WTF::bind):
-
-2011-12-14  Anders Carlsson  <andersca@apple.com>
-
-        Add WTF::Function to wtf/Forward.h
-        https://bugs.webkit.org/show_bug.cgi?id=74576
-
-        Reviewed by Adam Roben.
-
-        * jsc.cpp:
-        Work around a name conflict in the readline library.
-
-        * wtf/Forward.h:
-        Add Function.
-
-2011-12-15  Igor Oliveira  <igor.oliveira@openbossa.org>
-
-        [Qt] Support requestAnimationFrame API
-        https://bugs.webkit.org/show_bug.cgi?id=74528
-
-        Let Qt port use REQUEST_ANIMATION_FRAME_TIMER.
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * wtf/Platform.h:
-
-2011-12-15  Andy Wingo  <wingo@igalia.com>
-
-        Minor refactor to Parser::parseTryStatement
-        https://bugs.webkit.org/show_bug.cgi?id=74507
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the
-        Parser's declareVariable instead of going directly to the scope.
-        This will facilitate future checks related to harmony block
-        scoping.
-
-2011-12-15  Andy Wingo  <wingo@igalia.com>
-
-        Rename JSC::Heuristics to JSC::Options
-        https://bugs.webkit.org/show_bug.cgi?id=72889
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp.
-        * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shouldOptimizeNow):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::likelyToTakeSlowCase):
-        (JSC::CodeBlock::couldTakeSlowCase):
-        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
-        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
-        (JSC::CodeBlock::likelyToTakeAnySlowCase):
-        (JSC::CodeBlock::reoptimizationRetryCounter):
-        (JSC::CodeBlock::countReoptimization):
-        (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
-        (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
-        (JSC::CodeBlock::optimizeNextInvocation):
-        (JSC::CodeBlock::dontOptimizeAnytimeSoon):
-        (JSC::CodeBlock::optimizeSoon):
-        (JSC::CodeBlock::largeFailCountThreshold):
-        (JSC::CodeBlock::largeFailCountThresholdForLoop):
-        (JSC::CodeBlock::shouldReoptimizeNow):
-        (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::mightCompileEval):
-        (JSC::DFG::mightCompileProgram):
-        (JSC::DFG::mightCompileFunctionForCall):
-        (JSC::DFG::mightCompileFunctionForConstruct):
-        (JSC::DFG::mightInlineFunctionForCall):
-        (JSC::DFG::mightInlineFunctionForConstruct):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackSegmentAllocator::allocate):
-        (JSC::MarkStackSegmentAllocator::shrinkReserve):
-        (JSC::MarkStackArray::MarkStackArray):
-        (JSC::MarkStackArray::donateSomeCellsTo):
-        (JSC::MarkStackArray::stealSomeCellsFrom):
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::SlotVisitor::donateSlow):
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::drainFromShared):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
-        (JSC::MarkStack::addOpaqueRoot):
-        (JSC::MarkStackArray::canDonateSomeCells):
-        * heap/SlotVisitor.h:
-        (JSC::SlotVisitor::donate):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce): Adapt callers and build systems.
-
-        * testRegExp.cpp:
-        (CommandLine::CommandLine):
-        * jsc.cpp:
-        (CommandLine::CommandLine):
-        Rename from Options, to avoid name conflict.
-
-2011-12-14  Sam Weinig  <sam@webkit.org>
-
-        Revert unintentional change to JavaScriptCore.def
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-12-14  Sam Weinig  <weinig@apple.com>
-
-        Remove whitespace from InheritedPropertySheets attributes in
-        vsprops files to appease the Visual Studio project migrator.
-
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscDebug.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
-
-2011-12-14  Anders Carlsson  <andersca@apple.com>
-
-        binding a member function should ref/deref the object pointer if needed
-        https://bugs.webkit.org/show_bug.cgi?id=74552
-
-        Reviewed by Sam Weinig.
-
-        Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref
-        member functions which the right type. Use this to determine if we should ref/deref the first parameter.
-
-        * wtf/Functional.h:
-        (WTF::R):
-        (WTF::C::):
-        (WTF::RefAndDeref::ref):
-        (WTF::RefAndDeref::deref):
-
-2011-12-14  Hajime Morrita  <morrita@chromium.org>
-
-        JS_INLINE and WTF_INLINE should be visible from WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=73191
-
-        - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
-        - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
-        - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
-
-        Reviewed by Kevin Ollivier.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * config.h:
-        * runtime/JSExportMacros.h: Added.
-        * wtf/ExportMacros.h:
-        * wtf/Platform.h:
-        * wtf/WTFThreadData.h:
-        * wtf/text/AtomicString.h:
-        * wtf/text/StringStatics.cpp:
-
-2011-12-14  Anders Carlsson  <andersca@apple.com>
-
-        Work around a bug in the MSVC2005 compiler
-        https://bugs.webkit.org/show_bug.cgi?id=74550
-
-        Reviewed by Sam Weinig.
-
-        Add template parameters for the return types of the partial specializations of BoundFunctionImpl.
-
-        * wtf/Functional.h:
-        (WTF::R):
-
-2011-12-13  Jon Lee  <jonlee@apple.com>
-
-        Enable notifications on Mac.
-
-        Reviewed by Sam Weinig.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-12-14  David Kilzer  <ddkilzer@apple.com>
-
-        Remove definition of old ENABLE(YARR) macro
-        <http://webkit.org/b/74532>
-
-        Reviewed by Darin Adler.
-
-        * wtf/Platform.h: Removed ENABLE_YARR macros.
-
-2011-12-14  Anders Carlsson  <andersca@apple.com>
-
-        bind should handle member functions
-        https://bugs.webkit.org/show_bug.cgi?id=74529
-
-        Reviewed by Sam Weinig.
-
-        Add FunctionWrapper partial specializations for member function pointers.
-
-        * wtf/Functional.h:
-        (WTF::C::):
-
-2011-12-14  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG relies on returning a struct in registers
-        https://bugs.webkit.org/show_bug.cgi?id=74527
-
-        Reviewed by Geoff Garen.
-
-        This will not work on all platforms. Returning a uint64_t will more reliably achieve
-        what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        (JSC::DFG::DFGHandler::dfgHandlerEncoded):
-
-2011-12-14  Anders Carlsson  <andersca@apple.com>
-
-        Add unary and binary bind overloads
-        https://bugs.webkit.org/show_bug.cgi?id=74524
-
-        Reviewed by Sam Weinig.
-
-        * wtf/Functional.h:
-        (WTF::R):
-        (WTF::FunctionWrapper::ResultType):
-        (WTF::bind):
-
-2011-12-14  Anders Carlsson  <andersca@apple.com>
-
-        Add back the callOnMainThread overload that takes a WTF::Function
-        https://bugs.webkit.org/show_bug.cgi?id=74512
-
-        Reviewed by Darin Adler.
-
-        Add back the overload; the changes to WebCore should hopefully keep Windows building.
-
-        * wtf/MainThread.cpp:
-        (WTF::callFunctionObject):
-        (WTF::callOnMainThread):
-        * wtf/MainThread.h:
-
-2011-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should infer when local variables are doubles
-        https://bugs.webkit.org/show_bug.cgi?id=74480
-
-        Reviewed by Oliver Hunt.
-        
-        Introduced the notion that a local variable (though not an argument, yet!) can
-        be stored as a double, and will be guaranteed to always contain a double. This
-        requires more magic in the OSR (conversion in both entry and exit). The inference
-        is quite unorthodox: all uses of a variable vote on whether they think it should
-        be a double or a JSValue, based on how they use it. If they use it in an integer
-        or boxed value context, they vote JSValue. If they use it in a double context,
-        they vote double. This voting is interleaved in the propagator's fixpoint, so
-        that variables voted double then have a double prediction propagated from them.
-        This interleaving is needed because a variable that actually always contains an
-        integer that always gets used in arithmetic that involves doubles may end up
-        being voted double, which then means that all uses of the variable will see a
-        double rather than an integer.
-        
-        This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7%
-        to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to
-        Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial.
-        It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken.  Similar
-        results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall
-        win on SunSpider.
-
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble):
-        (JSC::ValueRecovery::dump):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::boxDouble):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSREntry.h:
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::vote):
-        (JSC::DFG::Propagator::doRoundOfDoubleVoting):
-        (JSC::DFG::Propagator::propagatePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::clearVotes):
-        (JSC::DFG::VariableAccessData::vote):
-        (JSC::DFG::VariableAccessData::doubleVoteRatio):
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
-        (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::tearOff):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-
-2011-12-13  Anders Carlsson  <andersca@apple.com>
-
-        Try to fix the Windows build.
-
-        Remove the callOnMainThread overload that takes a WTF::Function since it's not being used.
-
-        * wtf/MainThread.cpp:
-        * wtf/MainThread.h:
-
-2011-12-13  Anders Carlsson  <andersca@apple.com>
-
-        Add a very bare-bones implementation of bind and Function to WTF
-        https://bugs.webkit.org/show_bug.cgi?id=74462
-
-        Reviewed by Sam Weinig.
-
-        In order to make it easier to package up function calls and send them across
-        threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new
-        wtf/Functional.h header.
-
-        Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied,
-        but I'll add more as the need arises.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Functional.h: Added.
-        (WTF::R):
-        (WTF::FunctionImplBase::~FunctionImplBase):
-        (WTF::FunctionWrapper::ResultType):
-        (WTF::FunctionBase::isNull):
-        (WTF::FunctionBase::FunctionBase):
-        (WTF::FunctionBase::impl):
-        (WTF::bind):
-        * wtf/MainThread.cpp:
-        (WTF::callFunctionObject):
-        (WTF::callOnMainThread):
-        * wtf/MainThread.h:
-        * wtf/wtf.pro:
-
-2011-12-13  Geoffrey Garen  <ggaren@apple.com>
-
-        <rdar://problem/10577239> GC Crash introduced in r102545
-
-        Reviewed by Gavin Barraclough.
-        
-        MarkedArgumentBuffer was still marking items in forwards order, even though
-        the argument order has been reversed.
-        
-        I fixed this bug, and replaced address calculation code with some helper
-        functions -- mallocBase() and slotFor() -- so it stays fixed everywhere.
-
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        (JSC::MarkedArgumentBuffer::slowAppend):
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
-        (JSC::MarkedArgumentBuffer::at):
-        (JSC::MarkedArgumentBuffer::append):
-        (JSC::MarkedArgumentBuffer::last):
-        (JSC::MarkedArgumentBuffer::slotFor):
-        (JSC::MarkedArgumentBuffer::mallocBase):
-
-2011-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit for UInt32ToNumber should roll forward, not roll backward
-        https://bugs.webkit.org/show_bug.cgi?id=74463
-
-        Reviewed by Gavin Barraclough.
-        
-        Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
-        how to execute the slow path of UInt32ToNumber.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::lastOSRExit):
-        * bytecode/CodeOrigin.h:
-        (JSC::CodeOrigin::operator!=):
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::uint32InGPR):
-        (JSC::ValueRecovery::gpr):
-        (JSC::ValueRecovery::dump):
-        * dfg/DFGAssemblyHelpers.cpp:
-        * dfg/DFGAssemblyHelpers.h:
-        * dfg/DFGOSRExit.h:
-        (JSC::DFG::OSRExit::valueRecoveryForOperand):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-13  Oliver Hunt  <oliver@apple.com>
-
-        Arguments object doesn't handle mutation of length property correctly
-        https://bugs.webkit.org/show_bug.cgi?id=74454
-
-        Reviewed by Gavin Barraclough.
-
-        Correct handling of arguments objects with overridden length property
-
-        * interpreter/Interpreter.cpp:
-        (JSC::loadVarargs):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::copyToArguments):
-        (JSC::Arguments::fillArgList):
-
-2011-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG GetByVal CSE rule should match PutByValAlias
-        https://bugs.webkit.org/show_bug.cgi?id=74390
-
-        Reviewed by Geoff Garen.
-        
-        Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::getByValLoadElimination):
-
-2011-12-13  Andy Wingo  <wingo@igalia.com>
-
-        Fix interpreter debug build.
-        https://bugs.webkit.org/show_bug.cgi?id=74439
-
-        Reviewed by Geoffrey Garen.
-
-        * bytecode/ValueRecovery.h: Include stdio.h on debug builds.
-
-2011-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should know exactly why recompilation was triggered
-        https://bugs.webkit.org/show_bug.cgi?id=74362
-
-        Reviewed by Oliver Hunt.
-        
-        Each OSR exit is now individually counted, as well as counting the total number 
-        of OSR exits that occurred in a code block. If recompilation is triggered, we
-        check to see if there are OSR exit sites that make up a sufficiently large
-        portion of the total OSR exits that occurred. For any such OSR exit sites, we
-        add a description of the site (bytecode index, kind) to a data structure in the
-        corresponding baseline CodeBlock. Then, when we recompile the code, we immediately
-        know which speculations would be unwise based on the fact that previous such
-        speculations proved to be fruitless.
-        
-        This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue,
-        and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less
-        than 0.5%.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::tallyFrequentExitSites):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addFrequentExitSite):
-        (JSC::CodeBlock::exitProfile):
-        (JSC::CodeBlock::reoptimize):
-        (JSC::CodeBlock::tallyFrequentExitSites):
-        * bytecode/DFGExitProfile.cpp: Added.
-        (JSC::DFG::ExitProfile::ExitProfile):
-        (JSC::DFG::ExitProfile::~ExitProfile):
-        (JSC::DFG::ExitProfile::add):
-        (JSC::DFG::QueryableExitProfile::QueryableExitProfile):
-        (JSC::DFG::QueryableExitProfile::~QueryableExitProfile):
-        * bytecode/DFGExitProfile.h: Added.
-        (JSC::DFG::exitKindToString):
-        (JSC::DFG::exitKindIsCountable):
-        (JSC::DFG::FrequentExitSite::FrequentExitSite):
-        (JSC::DFG::FrequentExitSite::operator!):
-        (JSC::DFG::FrequentExitSite::operator==):
-        (JSC::DFG::FrequentExitSite::hash):
-        (JSC::DFG::FrequentExitSite::bytecodeOffset):
-        (JSC::DFG::FrequentExitSite::kind):
-        (JSC::DFG::FrequentExitSite::isHashTableDeletedValue):
-        (JSC::DFG::FrequentExitSiteHash::hash):
-        (JSC::DFG::FrequentExitSiteHash::equal):
-        (JSC::DFG::QueryableExitProfile::hasExitSite):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock):
-        (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExit.h:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
-        (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileArithMul):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-
-2011-12-13  Michael Saboff  <msaboff@apple.com>
-
-        Cleanup of StringImpl::equal in r102631 post commit
-        https://bugs.webkit.org/show_bug.cgi?id=74421
-
-        Reviewed by Darin Adler.
-
-        * wtf/text/AtomicString.h:
-        (WTF::operator==): Removed cast no longer needed.
-        * wtf/text/StringImpl.h:
-        (WTF::equal): Changed template to several overloaded methods.
-
-2011-12-12  Michael Saboff  <msaboff@apple.com>
-
-        Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h
-        https://bugs.webkit.org/show_bug.cgi?id=73622
-
-        Reviewed by Oliver Hunt.
-
-        Moved equal(charType1 *, charType2, unsigned) template methods
-        from static StringImpl.cpp to StringImpl.h and then replaced the
-        processor specific character comparison code in StringHash::equal
-        with calls to these methods.
-
-        This change is worth 3% on SunSpider string-unpack-code as reported
-        by the SunSpider command line harness.  No other tests appear to
-        have measurable performance changes.
-
-        * wtf/text/AtomicString.h:
-        (WTF::operator==):
-        * wtf/text/StringHash.h:
-        (WTF::StringHash::equal):
-        * wtf/text/StringImpl.cpp:
-        * wtf/text/StringImpl.h:
-        (WTF::LChar):
-        (WTF::UChar):
-        (WTF::equal):
-
-2011-12-12  Filip Pizlo  <fpizlo@apple.com>
-
-        ARMv7 version of DFG soft modulo does register allocation inside of control flow
-        https://bugs.webkit.org/show_bug.cgi?id=74354
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-
-2011-12-12  Andy Wingo  <wingo@igalia.com>
-
-        Simplify autotools configure.ac
-        https://bugs.webkit.org/show_bug.cgi?id=74312
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags.
-
-2011-12-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber
-        https://bugs.webkit.org/show_bug.cgi?id=74329
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::getByValLoadElimination):
-
-2011-12-09  Alexander Pavlov  <apavlov@chromium.org>
-
-        WebKit does not enumerate over CSS properties in HTMLElement.style
-        https://bugs.webkit.org/show_bug.cgi?id=23946
-
-        Reviewed by Darin Adler.
-
-        Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
-        introduce an std::sort() comparator function.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/WTFString.h:
-        (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
-
-2011-12-12  Alexander Pavlov  <apavlov@chromium.org>
-
-        Unreviewed, build fix.
-
-        Revert r102570 which broke SnowLeopard builders.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/WTFString.h:
-
-2011-12-09  Alexander Pavlov  <apavlov@chromium.org>
-
-        WebKit does not enumerate over CSS properties in HTMLElement.style
-        https://bugs.webkit.org/show_bug.cgi?id=23946
-
-        Reviewed by Darin Adler.
-
-        Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
-        introduce an std::sort() comparator function.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/WTFString.h:
-        (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
-
-2011-12-12  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck issues.
-
-        * GNUmakefile.list.am:
-
-2011-12-11  Sam Weinig  <sam@webkit.org>
-
-        Fix another signed vs. unsigned warning
-
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
-
-2011-12-11  Sam Weinig  <sam@webkit.org>
-
-        Fix a signed vs. unsigned warning.
-
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::slowAppend):
-        Cast inlineCapacity to an int to appease the warning. This is known OK
-        since inlineCapacity is defined to be 8.
-
-2011-12-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out *another* debugging change I committed accidentally.
-
-        Unreviewed.
-
-        * Configurations/Base.xcconfig:
-
-2011-12-11  Geoffrey Garen  <ggaren@apple.com>
-        
-        Rolled out a debug counter I committed accidentally.
-
-        Unreviewed.
-
-        * jit/JITStubs.cpp:
-        (JSC::arityCheckFor):
-
-2011-12-10  Geoffrey Garen  <ggaren@apple.com>
-
-        v8 benchmark takes 12-13 million function call slow paths due to extra arguments
-        https://bugs.webkit.org/show_bug.cgi?id=74244
-
-        Reviewed by Filip Pizlo.
-        
-        .arguments function of order the Reversed
-        
-        10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
-        and SunSpider.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
-        to this function is an argument number.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
-        helper functions for computing offsets for arguments, rather than doing
-        the math by hand.
-        
-        Switched to iterating argument offsets backwards (--) instead of forwards (++).
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::CallArguments::thisRegister):
-        (JSC::CallArguments::argumentRegister):
-        (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
-
-        * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::flush):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
-        that just-in-time convert to bytecode operands (i.e., indexes in the register
-        file) through helper functions. This means only one piece of code needs
-        to know how arguments are laid out in the register file.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump): Ditto.
-
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::valueProfileFor): Ditto.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
-        Treat too many arguments as an arity match.
-
-        * dfg/DFGOSRExit.h:
-        (JSC::DFG::OSRExit::variableForIndex):
-        (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
-
-        * dfg/DFGOperands.h:
-        (JSC::DFG::operandToArgument):
-        (JSC::DFG::argumentToOperand): These are now the only two lines of code in
-        the DFG compiler that know how arguments are laid out in memory.
-
-        (JSC::DFG::Operands::operand):
-        (JSC::DFG::Operands::setOperand): Use helper functions, as above.
-
-        * dfg/DFGOperations.cpp: The whole point of this patch:
-        Treat too many arguments as an arity match.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
-        
-        Also, don't tag the caller frame slot as a cell, because it's not a cell.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
-
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
-        argument virtual register instead of recomputing by hand.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callFrameSlot):
-        (JSC::DFG::SpeculativeJIT::argumentSlot):
-        (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
-        (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
-        (JSC::DFG::SpeculativeJIT::argumentTagSlot):
-        (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
-        functions for dealing with callee arguments specifically. These still
-        build on top of our other helper functions, and have no direct knowledge
-        of how arguments are laid out in the register file.
-
-        (JSC::DFG::SpeculativeJIT::resetCallArguments):
-        (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
-        argumentOffset to match CallFrame naming.
-
-        (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
-        functions, as above.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::argumentOffset):
-        (JSC::ExecState::argumentOffsetIncludingThis):
-        (JSC::ExecState::argument):
-        (JSC::ExecState::setArgument):
-        (JSC::ExecState::thisArgumentOffset):
-        (JSC::ExecState::thisValue):
-        (JSC::ExecState::setThisValue):
-        (JSC::ExecState::offsetFor):
-        (JSC::ExecState::hostThisRegister):
-        (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
-        computing where an argument is in the register file. Anything in the
-        runtime that needs to access arguments should use these helpers.
-
-        * interpreter/CallFrameClosure.h:
-        (JSC::CallFrameClosure::setThis):
-        (JSC::CallFrameClosure::setArgument):
-        (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
-        that too many arguments counts as an arity match and doesn't require
-        preserving two copies of our arguments.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
-        special if the caller provided too few arguments.
-        
-        Key simplification: We never need to maintain two copies of our arguments
-        anymore.
-
-        (JSC::eval):
-        (JSC::loadVarargs): Use helper functions.
-
-        (JSC::Interpreter::unwindCallFrame): Updated for new interface.
-
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
-        functions.
-
-        (JSC::Interpreter::privateExecute): No need to check for stack overflow
-        when calling host functions because they have zero callee registers.
-
-        (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
-        object, since there's no special constructor for this anymore.
-
-        * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
-        workers tests were hitting stack overflow in some of my testing. We should
-        make this test more exact in future.
-
-        * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
-        location that does not belong to the CallFrame class!
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
-        
-        Also, the whole point of this patch: Treat too many arguments as an arity match.
-
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
-        helper functions, for backwards-correctness. Removed the condition
-        pertaining to declared argument count because, now that arguments are
-        always in just one place, this optimization is valid for all functions.
-        Standardized the if predicate for each line of the optimization. This might
-        fix a bug, but I couldn't get the bug to crash in practice.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
-        optimization because it's no longer an optimization, now that arguments
-        are always contiguous in a known location.
-        
-        Updated argument access opcode math for backwards-correctness.
-
-        * jit/JITStubs.cpp:
-        (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
-        function is slightly different because it copies the call frame in
-        addition to the arguments. (In the Interpreter, the call frame is not
-        set up by this point.)
-
-        (JSC::lazyLinkFor): The whole point of this patch: Treat too many
-        arguments as an arity match.
-
-        (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
-
-        * jit/JITStubs.h:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::loadDoubleArgument):
-        (JSC::SpecializedThunkJIT::loadCellArgument):
-        (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
-        build strong bones and teeth!
-
-        * runtime/ArgList.cpp:
-        (JSC::ArgList::getSlice):
-        (JSC::MarkedArgumentBuffer::slowAppend):
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
-        (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
-        (JSC::MarkedArgumentBuffer::at):
-        (JSC::MarkedArgumentBuffer::clear):
-        (JSC::MarkedArgumentBuffer::append):
-        (JSC::MarkedArgumentBuffer::removeLast):
-        (JSC::MarkedArgumentBuffer::last):
-        (JSC::ArgList::ArgList):
-        (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
-        play nice with backwards-ness, so I changed to using manual allocation.
-        
-        Fixed a FIXME about not all values being marked in the case of out-of-line
-        arguments. I had to rewrite the loop anyway, and I didn't feel like
-        maintaining fidelity to its old bugs.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        (JSC::Arguments::copyToArguments):
-        (JSC::Arguments::fillArgList):
-        (JSC::Arguments::getOwnPropertySlotByIndex):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::putByIndex):
-        (JSC::Arguments::put):
-        (JSC::Arguments::tearOff):
-        * runtime/Arguments.h:
-        (JSC::Arguments::create):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::argument):
-        (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
-        lots of tricky code designed to maintain two different copies of function
-        arguments. Now that arguments are always contiguous in one place in memory,
-        this complexity can go away.
-        
-        Reduced down to one create function for the Arguments class, from three.
-
-        Moved tearOff() into an out-of-line function because it's huge.
-        
-        Moved logic about whether to tear off eagerly into the Arguments class,
-        so we didn't have to duplicate it elsewhere.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
-        m_numCapturedArgs because if the value really were m_numParametersMinusThis
-        we would be marking too much. (We shouldn't mark 'this' because it can't
-        be captured.) Also, use helper functions.
-
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::tearOff): Use helper functions.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::copyToArguments):
-        * runtime/JSArray.h: Use helper functions, as above.
-
-2011-12-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSC testapi is crashing on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=74233
-
-        Reviewed by Sam Weinig.
-
-        Same error we've encountered before where we are calling the wrong version of 
-        visitChildren and objects that are still reachable aren't getting marked.
-        This problem will go away soon with the removal of vptrs for these sorts of 
-        optimizations in favor of using the ClassInfo, but for now we can simply give 
-        JSFinalObject a bogus virtual method that Visual Studio can't optimize away to
-        ensure that JSFinalObject will always have a unique vptr.  We don't have to worry 
-        about JSString or JSArray right now, which are the other two special cases for
-        visitChildren, since they already have their own virtual functions.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSObject.cpp:
-        (JSC::JSFinalObject::vtableAnchor):
-        * runtime/JSObject.h:
-
-2011-12-10  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Unused variable in YarrJIT.cpp.
-        https://bugs.webkit.org/show_bug.cgi?id=74237
-
-        Reviewed by Andreas Kling.
-
-        Variable is set but not used so we can remove it.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2011-12-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ArithMul power-of-two case does not check for overflow
-        https://bugs.webkit.org/show_bug.cgi?id=74230
-
-        Reviewed by Gavin Barraclough.
-        
-        Disabled power-of-2 peephole optimization for multiplication, because it was wrong,
-        and any attempt to fix it would likely introduce code bloat and register pressure.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileArithMul):
-
-2011-12-09  David Levin  <levin@chromium.org>
-
-        REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock
-        https://bugs.webkit.org/show_bug.cgi?id=73886
-
-        Reviewed by Darin Adler.
-
-        * runtime/SymbolTable.h:
-        (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for
-        another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads.
-        Bug 58091 is about changing these deprecated calls to something else but that something
-        else will still need to be in all of these places.
-
-2011-12-09  Konrad Piascik  <kpiascik@rim.com>
-
-        Remove unnecessary file DissasemblerARM.cpp from build system
-        https://bugs.webkit.org/show_bug.cgi?id=74184
-
-        Reviewed by Daniel Bates.
-
-        * PlatformBlackBerry.cmake:
-
-2011-12-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG's interpretation of rare case profiles should be frequency-based not count-based
-        https://bugs.webkit.org/show_bug.cgi?id=74170
-
-        Reviewed by Geoff Garen.
-        
-        DFG optimizes for rare cases only when the rare case counter is above some threshold
-        and it also constitutes a large enough fraction of total function executions. Also
-        added some minor debug logic.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::likelyToTakeSlowCase):
-        (JSC::CodeBlock::couldTakeSlowCase):
-        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
-        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
-        (JSC::CodeBlock::likelyToTakeAnySlowCase):
-        (JSC::CodeBlock::executionEntryCount):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-
-2011-12-09  Oliver Hunt  <oliver@apple.com>
-
-        PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage
-        https://bugs.webkit.org/show_bug.cgi?id=74223
-
-        Reviewed by Geoffrey Garen.
-
-        Don't clobber GetIndexedPropertyStorage when we see PutByValAlias
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
-
-2011-12-09  David Levin  <levin@chromium.org>
-
-        Hash* iterators should allow comparison between const and const versions.
-        https://bugs.webkit.org/show_bug.cgi?id=73370
-
-        Reviewed by Darin Adler.
-
-        * wtf/HashTable.h: Add the operators needed to do this.
-        (WTF::HashTableConstIterator::operator==):
-        (WTF::HashTableConstIterator::operator!=):
-        (WTF::HashTableIterator::operator==):
-        (WTF::HashTableIterator::operator!=):
-        (WTF::operator==):
-        (WTF::operator!=):
-
-2011-12-09  Michael Saboff  <msaboff@apple.com>
-
-        YARR: Multi-character read optimization for 8bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=74191
-
-        Reviewed by Oliver Hunt.
-
-        Changed generatePatternCharacterOnce to generate
-        code for 1 to 4 characters in the 8 bit case.
-        This is worth 29% improvement on SunSpider regexp-dna test.
-        It provides no benefit to v8-regexp.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-        (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment.
-
-2011-12-09  David Levin  <levin@chromium.org>
-
-        Regression(r53595): Sync xhr requests in workers aren't terminated on worker close.
-        https://bugs.webkit.org/show_bug.cgi?id=71695
-
-        Reviewed by Zoltan Herczeg.
-
-        * wtf/MessageQueue.h:
-        (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages
-        even after the queue has been killed. This is useful when one wants to
-        kill a queue but then go through it to run clean up tasks from it.
-
-2011-12-09  Adrienne Walker  <enne@google.com>
-
-        Fix HashMap<..., OwnPtr<...> >::add compilation errors
-        https://bugs.webkit.org/show_bug.cgi?id=74159
-
-        Reviewed by Darin Adler.
-
-        Add a constructor to OwnPtr that takes the empty value (nullptr_t)
-        from HashTraits so that this function can compile.
-
-        * wtf/OwnPtr.h:
-        (WTF::OwnPtr::OwnPtr):
-
-2011-12-09  Oliver Hunt  <oliver@apple.com>
-
-        Avoid reloading storage pointer for indexed properties unnecessarily
-        https://bugs.webkit.org/show_bug.cgi?id=74136
-
-        Reviewed by Filip Pizlo.
-
-        Add a node to represent loading property storage for indexed properties.
-        This allows us to reduce code generated for sequential access of arrays,
-        strings, etc.  This results in up to 5% improvement in code that is 
-        very heavy on indexed reads, such as matrix operations in typed arrays
-        and 20% faster on microbenchmarks.
-
-        Currently this is only supported by GetByVal and other similar indexed reads.
-
-        * bytecode/PredictedType.h:
-        (JSC::isFixedIndexedStorageObjectPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-08  Fady Samuel  <fsamuel@chromium.org>
-
-        [Chromium] Enable viewport metatag
-        https://bugs.webkit.org/show_bug.cgi?id=73495
-
-        Reviewed by Darin Fisher.
-
-        * wtf/Platform.h: Added ENABLE(VIEWPORT) tag.
-
-2011-12-08  Adam Klein  <adamk@chromium.org>
-
-        Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
-        https://bugs.webkit.org/show_bug.cgi?id=73964
-
-        Reviewed by Darin Adler.
-
-        * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs.
-
-2011-12-08  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=74005
-        fix unaligned access memory in generatePatternCharacterOnce function
-        for SH4 platforms.
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load16Unaligned):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load16Unaligned):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::load16Unaligned):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::lshift32):
-        (JSC::MacroAssemblerSH4::load8):
-        (JSC::MacroAssemblerSH4::load16):
-        (JSC::MacroAssemblerSH4::load16Unaligned):
-        (JSC::MacroAssemblerSH4::branch8):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::load16Unaligned):
-        * jit/JIT.h:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2011-12-08  Michael Saboff  <msaboff@apple.com>
-
-        Add 8 bit paths for StringTypeAdapter classes
-        https://bugs.webkit.org/show_bug.cgi?id=73882
-
-        Reviewed by Darin Adler.
-
-        Added is8Bit() method and writeTo(LChar*) methods
-        to StringTypeAdapter<> classes.  The writeTo(LChar*)
-        method can be used if is8Bit() returns true.  The
-        non-native 8 bit classes contain ASSERT(is8Bit())
-        in their writeTo(LChar*).
-
-        Updated all of the various versions of tryMakeString() to
-        use 8 bit processing in the updated StringTypeAdapter<>
-        classes.
-
-        This has slight if any performance improvement on kraken.
-
-        * runtime/UStringConcatenate.h:
-        * wtf/text/StringConcatenate.h:
-        (WTF::tryMakeString):
-        * wtf/text/StringOperators.h:
-        (WTF::StringAppend::is8Bit):
-        (WTF::StringAppend::writeTo):
-
-2011-12-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE should know that CheckFunction is pure
-        https://bugs.webkit.org/show_bug.cgi?id=74044
-
-        Reviewed by Oliver Hunt.
-        
-        Possible slight win on V8, no regressions.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::checkFunctionElimination):
-
-2011-12-07  Michael Saboff  <msaboff@apple.com>
-
-        StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing.
-        https://bugs.webkit.org/show_bug.cgi?id=73995
-
-        Reviewed by Geoffrey Garen.
-
-        Problem was that a call to characters on an StringImpl associated
-        with a StringBuilder that is being appended to gets stale.
-        Added a new m_valid16BitShadowlen that keeps the length of
-        the 16 bit shadow that has been upconverted or will be up converted
-        with the first getCharacters().  When StringBuilder::characters or
-        ::reifyString is called, further characters are upconverted if
-        we have a shadow16bit copy and the m_valid16BitShadowlen is updated.
-
-        * JavaScriptCore.exp:
-        * wtf/text/StringBuilder.cpp:
-        (WTF::StringBuilder::reifyString):
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::StringBuilder):
-        (WTF::StringBuilder::characters):
-        (WTF::StringBuilder::clear): Cleaned up as part of the change.
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::getData16SlowCase):
-        (WTF::StringImpl::upconvertCharacters):
-        * wtf/text/StringImpl.h:
-
-2011-12-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Compare and Swap should be enabled on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=74023
-
-        Reviewed by Geoff Garen.
-        
-        Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC.
-        It gives the expected speed-up on multi-core ARMv7 devices.
-
-        * wtf/Atomics.h:
-        (WTF::weakCompareAndSwap):
-        * wtf/Platform.h:
-
-2011-12-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE is overzealous with GetByVal
-        https://bugs.webkit.org/show_bug.cgi?id=74042
-
-        Reviewed by Oliver Hunt.
-        
-        Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal
-        is tested in all places that matter.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::byValIsPure):
-        (JSC::DFG::Propagator::clobbersWorld):
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-
-2011-12-07  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r102267.
-        http://trac.webkit.org/changeset/102267
-        https://bugs.webkit.org/show_bug.cgi?id=74032
-
-        Breaks build on Chromium Mac Debug (Requested by aklein on
-        #webkit).
-
-        * wtf/HashTraits.h:
-
-2011-12-07  Adam Klein  <adamk@chromium.org>
-
-        Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
-        https://bugs.webkit.org/show_bug.cgi?id=73964
-
-        Reviewed by Ryosuke Niwa.
-
-        * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null.
-
-2011-12-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Non-Mac devices should benefit from a larger heap
-        https://bugs.webkit.org/show_bug.cgi?id=74015
-
-        Reviewed by Geoff Garen.
-        
-        Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in
-        Heap.cpp, and got in the way of having more granular, per-platform control over
-        what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB).
-
-        * heap/Heap.cpp:
-        (JSC::GCTimer::heapSizeForHint):
-        * wtf/Platform.h:
-
-2011-11-30  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] V8 build fixes.
-
-        Reviewed by Tor Arne Vestbø.
-
-        * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in
-        VPATH. Prefix SOURCES correctly and make sure that runtime/ is
-        in the include search path when building with v8.
-
-2011-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Zapping a block that is Marked leads to dead objects being mistaken for live ones
-        https://bugs.webkit.org/show_bug.cgi?id=73982
-
-        Reviewed by Geoff Garen.
-        
-        Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
-        the code asserts that:
-        
-        - If we zap a Marked or Zapped block then the free list is empty, because this
-          can only happen if the block was never free-listed.
-          
-        - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
-          blocks are those that cannot be referred to by SizeClass::currentBlock (since
-          SizeClass::currentBlock only refers to blocks that are candidates for allocation,
-          and Allocated blocks are those who have been exhausted by allocation and will not
-          be allocated from again), and New blocks cannot be referred to by anything except
-          during a brief window inside the allocation slow-path.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::zapFreeList):
-
-2011-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG 32_64 call linking does not handle non-cell callees correctly
-        https://bugs.webkit.org/show_bug.cgi?id=73965
-
-        Reviewed by Sam Weinig.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-
-2011-12-06  Sam Weinig  <sam@webkit.org>
-
-        Remove unintentional type name shadowing in the Interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=73963
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable,
-        which shadows the FunctionExecutable type name, with functionExecutable.
-
-2011-12-06  Michael Saboff  <msaboff@apple.com>
-
-        r102146 from 73875 broke fast/js/encode-URI-test.html
-        https://bugs.webkit.org/show_bug.cgi?id=73950
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncUnescape): Restructured to handle
-        the %uHHHH case to output the resulting character
-        and continue so that a failure in finding 4 hex
-        digits will fall through and output the '%'.
-        Due to style check, changed the temporary
-        character variable to a more descriptive name.
-
-2011-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-        GC zapping logic could benefit from some more assertions
-        https://bugs.webkit.org/show_bug.cgi?id=73947
-
-        Reviewed by Gavin Barraclough.
-        
-        - If you're in a zapped block and you're zapped, then your mark bit should
-          never be set.
-          
-        - If you're being marked, then you should never be zapped.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isLive):
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend):
-
-2011-12-06  Oliver Hunt  <oliver@apple.com>
-
-        Don't allocate register in typedarray control flow
-        https://bugs.webkit.org/show_bug.cgi?id=73944
-
-        Reviewed by Gavin Barraclough.
-
-        Move a temporary allocation outside of control flow.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-
-2011-12-06  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=68328
-        The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant
-
-        Reviewed by Geoff Garen.
-
-        Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions
-        that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the
-        hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select
-        a thunk genertaor to use based on the Intrinsic.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * create_hash_table:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGCapabilities.h:
-        * dfg/DFGIntrinsic.h: Removed.
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::intrinsic):
-        (JSC::NativeExecutable::intrinsic):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::intrinsicFor):
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::finishCreation):
-        * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h.
-        * runtime/JSGlobalData.cpp:
-        (JSC::thunkGeneratorForIntrinsic):
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable):
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::HashEntry::initialize):
-        (JSC::HashEntry::intrinsic):
-
-2011-12-06  Michael Saboff  <msaboff@apple.com>
-
-        Add 8 bit paths to global object functions
-        https://bugs.webkit.org/show_bug.cgi?id=73875
-
-        Added 8 bit paths for converions methods.
-
-        This is worth 1.5% on kraken audio-oscillator,
-        1.6% on stanford-crypto-ccm and 2.5% on
-        stanford-crypto-sha256-iterative.  See bug for
-        a full report.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::decode): Split into a templated helper.
-        (JSC::parseInt): Split into a templated helper.
-        (JSC::parseFloat): Added an 8 bit path
-        (JSC::globalFuncEscape): Added 8 bit path
-        (JSC::globalFuncUnescape): Added 8 bit path
-        * runtime/JSStringBuilder.h:
-        (JSC::JSStringBuilder::append): New append for LChar
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::append): New append for LChar
-
-2011-11-21  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Enable ParallelJobs by default
-        https://bugs.webkit.org/show_bug.cgi?id=70032
-
-        Reviewed by Zoltan Herczeg.
-
-        According to measurements on Mac and Linux it is a
-        considerable speedup for SVG on multicore.
-
-        Remove the ENABLE(PARALLEL_JOBS) guard.
-        Fix build on Windows and Chromium.
-
-        * JavaScriptCore.gypi:  Add the files to the build. It was
-        missing for the gyp build system.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Export symbols.
-        * wtf/ParallelJobs.h:
-        * wtf/ParallelJobsGeneric.cpp:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::execute):
-        Deinline these to avoid exporting a lot of symbols.
-        These are non-trivial and called only once on a given object
-        so it doesn't seems to be worthwile to inline them.
-        Additionally fix a signed-unsigned comparison in the constructor.
-        * wtf/ParallelJobsGeneric.h:
-        * wtf/Platform.h:
-
-2011-12-06  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] build-jsc script doesn't work
-        https://bugs.webkit.org/show_bug.cgi?id=73910
-
-        Reviewed by Tor Arne Vestbø.
-
-        * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC
-        (moved from top-level WebKit.pro). Also add v8 scopes to only build
-        WTF during v8 builds.
-
-2011-12-05  Anders Carlsson  <andersca@apple.com>
-
-        Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11.
-
-        Reviewed by Darin Adler.
-
-        * wtf/HashMap.h:
-
-2011-12-05  Michael Saboff  <msaboff@apple.com>
-
-        Create StringImpl::empty() as an 8 bit string
-        https://bugs.webkit.org/show_bug.cgi?id=73871
-
-        Reviewed by Oliver Hunt.
-
-        * wtf/text/StringStatics.cpp:
-        (WTF::StringImpl::empty): Changed to be an 8 bit string.
-
-2011-12-05  Darin Adler  <darin@apple.com>
-
-        Convert JSClassRef to use HashMap<OwnPtr>
-        https://bugs.webkit.org/show_bug.cgi?id=73780
-
-        Reviewed by Andreas Kling.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map
-        entries because the hash map now has an OwnPtr instead of a raw pointer.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and
-        m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating.
-        Removed the code that gets and deletes existing entries, and just use set,
-        which now handles deletion automatically due to it being OwnPtr.
-        (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion
-        with assertion-only NDEBUG-only code.
-        (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when
-        allocating. Use OwnPtr when adding. Removed unneeded code to set
-        staticValues and staticFunctions to 0. Removed unneeded destructor.
-        (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local.
-        (OpaqueJSClass::staticFunctions): Ditto.
-        (OpaqueJSClass::prototype): Added use of adoptPtr.
-
-        * API/JSClassRef.h: Made the static values and static functions tables
-        use OwnPtr for the entries. Also used OwnPtr for the pointers to the
-        tables themselves. Also removed ~OpaqueJSClassContextData(), letting
-        the compiler generate it.
-
-2011-12-05  Oliver Hunt  <oliver@apple.com>
-
-        Land uncommitted bit of float array support
-        https://bugs.webkit.org/show_bug.cgi?id=73873
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-
-2011-12-05  Benjamin Poulain  <benjamin@webkit.org>
-
-        Update String::containsOnlyASCII() to handle 8 bits strings
-        https://bugs.webkit.org/show_bug.cgi?id=73799
-
-        Reviewed by Darin Adler.
-
-        Implement String::containsOnlyASCII() so that it does not
-        call String::characters().
-
-        * wtf/text/WTFString.h:
-        (WTF::String::containsOnlyASCII):
-
-2011-12-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for non-DFG platforms.
-
-        * dfg/DFGRepatch.h:
-
-2011-12-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they
-        were compact offsets
-        https://bugs.webkit.org/show_bug.cgi?id=73861
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::resetPatchPutById):
-
-2011-12-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fixes for ARM.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::unreachableForPlatform):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::loadDouble):
-        (JSC::MacroAssemblerARMv7::loadFloat):
-        (JSC::MacroAssemblerARMv7::storeFloat):
-        (JSC::MacroAssemblerARMv7::convertFloatToDouble):
-        (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
-
-2011-12-05  Benjamin Poulain  <benjamin@webkit.org>
-
-        Update String::containsOnlyLatin1() to avoid converting to 16 bits
-        https://bugs.webkit.org/show_bug.cgi?id=73797
-
-        Reviewed by Andreas Kling.
-
-        When the String use 8bits StringImpl, there is no need to iterate
-        over the string.
-
-        The function charactersAreAllLatin1() is removed because it is not
-        used anywhere.
-
-        * wtf/text/WTFString.h:
-        (WTF::String::containsOnlyLatin1):
-
-2011-12-05  Michael Saboff  <msaboff@apple.com>
-
-        8 bit string work slows down Kraken json-stringify-tinderbox
-        https://bugs.webkit.org/show_bug.cgi?id=73457
-
-        Added 8 bit path to StringBuilder.  StringBuilder starts
-        assuming 8 bit contents and gets converted to 16 bit upon
-        seeing the first 16 bit character or string.  Split
-        appendUninitialiezed into an inlined fast and function call
-        slow case.
-
-        Factored out the processing of the UString argument from
-        Stringifier::appendQuotedString() to a static templated function
-        based on character size.
-
-        This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox.
-        This change introduces a 4.8% slowdown to json-parse-financial.
-        This slowdown will be addressed in a subsequent patch to StringImpl::equal.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSONObject.cpp:
-        (JSC::appendStringToUStringBuilder):
-        (JSC::Stringifier::appendQuotedString):
-        * wtf/text/StringBuilder.cpp:
-        (WTF::StringBuilder::resize):
-        (WTF::StringBuilder::allocateBuffer):
-        (WTF::StringBuilder::allocateBufferUpConvert):
-        (WTF::LChar):
-        (WTF::UChar):
-        (WTF::StringBuilder::reserveCapacity):
-        (WTF::StringBuilder::appendUninitialized):
-        (WTF::StringBuilder::appendUninitializedSlow):
-        (WTF::StringBuilder::append):
-        (WTF::StringBuilder::shrinkToFit):
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::StringBuilder):
-        (WTF::StringBuilder::append):
-        (WTF::StringBuilder::operator[]):
-        (WTF::StringBuilder::characters8):
-        (WTF::StringBuilder::characters16):
-        (WTF::StringBuilder::charactersBlah):
-        (WTF::LChar):
-        (WTF::UChar):
-
-2011-12-01  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=73624
-        JIT + INTERPRETER builds are broken
-
-        Reviewed by Geoff Garen, Sam Weinig.
-
-        These don't fallback to the interpreter correctly.
-        Thunk creation assumes that is the JIT is compiled in, then it is enabled.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::finishCreation):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::getHostFunction):
-
-2011-12-05  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        MacroAssemblerSH4 does not implement readCallTarget
-        https://bugs.webkit.org/show_bug.cgi?id=73434
-
-        Reviewed by Csaba Osztrogonác.
-
-        * assembler/MacroAssemblerSH4.h: Support for SH4.
-        (JSC::MacroAssemblerSH4::readCallTarget):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::readCallTarget):
-
-2011-12-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize strict equality
-        https://bugs.webkit.org/show_bug.cgi?id=73764
-
-        Reviewed by Oliver Hunt.
-        
-        1% speed-up on V8.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-03  Darin Adler  <darin@apple.com>
-
-        Use HashMap<OwnPtr> for ScriptSampleRecordMap
-        https://bugs.webkit.org/show_bug.cgi?id=73758
-
-        Reviewed by Andreas Kling.
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::notifyOfScope): Added adoptPtr.
-        (JSC::SamplingTool::dump): Added get.
-        * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr.
-
-2011-12-03  Darin Adler  <darin@apple.com>
-
-        Use HashMap<OwnPtr> for the opaqueJSClassData map
-        https://bugs.webkit.org/show_bug.cgi?id=73759
-
-        Reviewed by Andreas Kling.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::contextData): Update types.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the
-        timing the same. If we didn't care about the order of operations, we could remove this, too.
-        * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the
-        opaqueJSClassData map.
-
-2011-12-03  Darin Adler  <darin@apple.com>
-
-        Change HashMap implementation to use the pass type and peek type from traits for the mapped value
-        https://bugs.webkit.org/show_bug.cgi?id=72474
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType,
-        and PeekType from the traits of the mapped value instead of hard-coding them here.
-        Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself,
-        to accomodate a PassInType that can't be copied. Use the store, peek, and passOut
-        functions from the traits as well.
-
-        * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include
-        PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had
-        an earlier version that was just PassType, PeekType, pass, and peek. Also commented
-        the HashTraits for RefPtr to foreshadow some work we can do there.
-
-        * wtf/RefPtrHashMap.h: Same changes as HashMap.h.
-
-2011-12-02  David Levin  <levin@chromium.org>
-
-        Rename WTF class from TemporarilyChange to TemporaryChange.
-        https://bugs.webkit.org/show_bug.cgi?id=73479
-
-        Reviewed by Eric Seidel.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h.
-        (WTF::TemporaryChange::TemporaryChange):
-        (WTF::TemporaryChange::~TemporaryChange):
-
-2011-12-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        REGRESSION (r99754): All layout tests crash on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=72305
-
-        Reviewed by Geoffrey Garen.
-
-        Fixes a crash in release builds on Windows.  Windows was optimizing the out-of-line virtual destructor in 
-        JSFunction away, which left it with no virtual functions.  Its vtable ptr was then identical to that of 
-        a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an 
-        incorrect version of visitChildren on the object, which left its children unmarked, causing them to be 
-        collected when they were still reachable.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away.
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization
-        purposes are distinct from one another.
-
-2011-12-02  Oliver Hunt  <oliver@apple.com>
-
-        Improve float array support in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=73722
-
-        Reviewed by Gavin Barraclough.
-
-        Add basic support for float typed arrays in JSC.  This is currently
-        less optimal than it could be in the following ways:
-         * float32Array1[0] = float32Array2[0] (eg. an element by element copy) 
-           promotes float to double and then back to float.
-         * float64Array[0] will always perform NaN tests in order to prevent
-           signalling NaNs from entering the engine.
-
-        We also don't support Float32Array on ARMv7
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::loadDouble):
-        (JSC::MacroAssemblerARMv7::loadFloat):
-        (JSC::MacroAssemblerARMv7::storeDouble):
-        (JSC::MacroAssemblerARMv7::storeFloat):
-        (JSC::MacroAssemblerARMv7::convertFloatToDouble):
-        (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::loadDouble):
-        (JSC::MacroAssemblerX86Common::loadFloat):
-        (JSC::MacroAssemblerX86Common::storeDouble):
-        (JSC::MacroAssemblerX86Common::storeFloat):
-        (JSC::MacroAssemblerX86Common::convertDoubleToFloat):
-        (JSC::MacroAssemblerX86Common::convertFloatToDouble):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::cvtsd2ss_rr):
-        (JSC::X86Assembler::cvtss2sd_rr):
-        (JSC::X86Assembler::movsd_rm):
-        (JSC::X86Assembler::movss_rm):
-        (JSC::X86Assembler::movsd_mr):
-        (JSC::X86Assembler::movss_mr):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateFloat32Array):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-12-02  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r101801.
-        http://trac.webkit.org/changeset/101801
-        https://bugs.webkit.org/show_bug.cgi?id=73667
-
-        Build is still broken (Requested by Ossy on #webkit).
-
-        * assembler/SH4Assembler.h:
-
-2011-12-01  Darin Adler  <darin@apple.com>
-
-        Prepare to deploy pass and peek types in the HashMap class
-        https://bugs.webkit.org/show_bug.cgi?id=73477
-
-        Reviewed by Adam Roben.
-
-        This patch adds private typedefs inside the HashMap class,
-        and uses them as appropriate. A future patch will actually
-        tie those typedefs to hash traits, which will allow us to
-        make HashMap work with OwnPtr mapped values and to optimize
-        how HashMap works with RefPtr mapped values.
-
-        Also changed the hash translator and adapter struct templates
-        to use template functions to simplify them and make them more
-        flexible.
-
-        Also removed some unused template arguments.
-
-        This goes out of its way to not change behavior. Future patches
-        will change the peek type to be a reference type, which will
-        reduce reference count churn a bit for hash tables with RefPtr
-        mapped values, and then do further optimizations for RefPtr
-        and OwnPtr by getting types from the hash traits.
-
-        * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType,
-        and MappedPeekType typedefs, and used them for the arguments
-        and return types of the get, set, add, take, and inlineAdd
-        functions.
-        (WTF::HashMapTranslator): Changed this struct template to take
-        fewer arguments, and changed its member functions to be
-        function templates instead. This allows the compiler to
-        determine types more flexibly and also simplifies use of it.
-        (WTF::HashMapTranslatorAdapter): Ditto.
-        (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter.
-        Also reduced the arguments passed to the HashTable function template.
-        (WTF::HashMap::contains): Ditto.
-        (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
-        (WTF::HashMap::set): Ditto.
-        (WTF::HashMap::add): Ditto.
-        (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
-        (WTF::HashMap::get): Ditto.
-        (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
-        that type in the implementation.
-        (WTF::deleteAllValues): Removed unneeded template arguments from
-        call to deleteAllPairSeconds.
-        (WTF::deleteAllKeys): Removed unneeded template arguments from
-        call to deleteAllPairFirsts.
-
-        * wtf/HashSet.h:
-        (WTF::IdentityExtractor): Changed this to be a struct rather than
-        a struct template, and replaced the extract function with a function
-        template. This allows the compiler to deduce the type.
-        (WTF::HashSetTranslatorAdapter): Changed this struct template to take
-        fewer arguments, and changed its member functions to be
-        function templates instead. This allows the compiler to
-        determine types more flexibly and also simplifies use of it.
-        (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter.
-        Also reduced the arguments passed to the HashTable function template.
-        (WTF::HashSet::contains): Ditto.
-        (WTF::HashSet::add): Ditto.
-
-        * wtf/HashTable.h:
-        (WTF::IdentityHashTranslator): Changed this struct template to take
-        fewer arguments, and changed its member functions to be
-        function templates instead. This allows the compiler to
-        determine types more flexibly and also simplifies use of it.
-        (WTF::HashTable::add): Reduced arguments passed to the function template.
-        (WTF::HashTable::find): Ditto, also reversed the template arguments so the
-        translator comes first so the compiler can deduce the other type.
-        (WTF::HashTable::contains): Ditto.
-        (WTF::HashTable::lookup): Ditto.
-        (WTF::HashTable::lookupForWriting): Ditto.
-        (WTF::HashTable::checkKey): Ditto.
-        (WTF::HashTable::fullLookupForWriting): Ditto.
-        (WTF::HashTable::add): Ditto.
-        (WTF::HashTable::addPassingHashCode): Ditto.
-        (WTF::HashTable::find): Ditto.
-        (WTF::HashTable::contains): Ditto.
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take
-        fewer arguments, and changed its member functions to be function templates
-        instead. This allows the compiler to determine types more flexibly and
-        also simplifies use of it.
-        (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable
-        functon template.
-        (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the
-        same way we changed ListHashSetNodeHashFunctions above.
-        (WTF::ListHashSetTranslatorAdapter::equal):
-        (WTF::::contains):
-        (WTF::::add):
-        (WTF::::insertBefore):
-
-        * wtf/RefPtrHashMap.h: Updated comments. Removed the
-        RefPtrHashMapRawKeyTranslator struct template; we can use the
-        HashMapTranslator struct template from HashMap.h instead now that
-        it is more flexible. Added MappedPassInType, MappedPassOutType,
-        and MappedPeekType typedefs, and used them for the arguments
-        and return types of the get, inlineGet, set, add, take, and inlineAdd
-        functions. Changed the name of the RawKeyTranslator type to
-        Translator since it's now a class that can handle both raw keys
-        and conventional keys.
-        (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator.
-        Reduced the arguments passed to the HashTable function template.
-        (WTF::HashMap::contains): Ditto.
-        (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
-        (WTF::HashMap::set): Ditto.
-        (WTF::HashMap::add): Ditto.
-        (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
-        (WTF::HashMap::get): Ditto.
-        (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
-        that type in the implementation.
-        (WTF::deleteAllValues): Removed unneeded template arguments from
-        call to deleteAllPairSeconds.
-        (WTF::deleteAllKeys): Removed unneeded template arguments from
-        call to deleteAllPairFirsts.
-
-2011-12-02  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        MacroAssemblerSH4 does not implement readCallTarget
-        https://bugs.webkit.org/show_bug.cgi?id=73434
-
-        Reviewed by Csaba Osztrogonác.
-
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::readCallTarget): Support for SH4.
-
-2011-12-02  Hajime Morrita  <morrita@chromium.org>
-
-        Unreviewed, rolling out r101751 and r101775.
-        http://trac.webkit.org/changeset/101751
-        http://trac.webkit.org/changeset/101775
-        https://bugs.webkit.org/show_bug.cgi?id=73191
-
-        breaks Windows build
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * config.h:
-        * runtime/JSExportMacros.h: Removed.
-        * wtf/ExportMacros.h:
-        * wtf/Platform.h:
-        * wtf/WTFThreadData.h:
-        * wtf/text/AtomicString.h:
-        * wtf/text/StringStatics.cpp:
-
-2011-12-01  Hajime Morrita  <morrita@chromium.org>
-
-        JS_INLINE and WTF_INLINE should be visible from WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=73191
-
-        - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
-        - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
-        - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
-
-        Reviewed by Kevin Ollivier.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * config.h:
-        * runtime/JSExportMacros.h: Added.
-        * wtf/ExportMacros.h:
-        * wtf/Platform.h:
-        * wtf/WTFThreadData.h:
-        * wtf/text/AtomicString.h:
-        * wtf/text/StringStatics.cpp:
-
-2011-12-01  Michael Saboff  <msaboff@apple.com>
-
-        Changes proposed for 73457 slow down Kraken json-parse-financial
-        https://bugs.webkit.org/show_bug.cgi?id=73584
-
-        Restructured StringImpl::equal to take advantage of 8 or 4 bytes
-        at a time when possible.
-
-        This is worth ~3% on Kraken json-parse-financial. It provides 
-        ~2% on SunSpider string-unpack-code.
-
-        Reviewed by Sam Weinig.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::equal):
-
-2011-12-01  Oliver Hunt  <oliver@apple.com>
-
-        Support integer typed arrays in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=73608
-
-        Reviewed by Filip Pizlo.
-
-        Add support for all the integral typed arrays in the DFG JIT.
-        Currently this loads the contents of Uint32 arrays as doubles,
-        which is clearly not as efficient as it could be, but this is
-        still in the order of 10-20x faster than the existing behaviour.
-
-        This needed us to add support for writing 16bit values to the
-        macroassembler, and also to support double<->unsigned conversion.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::strh):
-        (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::store16):
-        (JSC::MacroAssemblerARMv7::truncateDoubleToUint32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::store16):
-        (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movw_rm):
-        (JSC::X86Assembler::cvttsd2siq_rr):
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionFromClassInfo):
-        * bytecode/PredictedType.h:
-        (JSC::isInt8ArrayPrediction):
-        (JSC::isInt16ArrayPrediction):
-        (JSC::isInt32ArrayPrediction):
-        (JSC::isUint8ArrayPrediction):
-        (JSC::isUint16ArrayPrediction):
-        (JSC::isUint32ArrayPrediction):
-        (JSC::isFloat32ArrayPrediction):
-        (JSC::isFloat64ArrayPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateInt8Array):
-        (JSC::DFG::Node::shouldSpeculateInt16Array):
-        (JSC::DFG::Node::shouldSpeculateInt32Array):
-        (JSC::DFG::Node::shouldSpeculateUint8Array):
-        (JSC::DFG::Node::shouldSpeculateUint16Array):
-        (JSC::DFG::Node::shouldSpeculateUint32Array):
-        (JSC::DFG::Node::shouldSpeculateFloat32Array):
-        (JSC::DFG::Node::shouldSpeculateFloat64Array):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSGlobalData.h:
-
-2011-12-01  Benjamin Poulain  <benjamin@webkit.org>
-
-        URLs are encoded in UTF-8, then decoded as if they are Latin1
-        https://bugs.webkit.org/show_bug.cgi?id=71758
-
-        Reviewed by Darin Adler.
-
-        Add the operator == between a String and a Vector of char. The implementation
-        is the same as the comparison of String and char* but adds the length as a
-        parameter for comparing the strings.
-
-        * JavaScriptCore.exp:
-        * wtf/text/StringImpl.h:
-        (WTF::equal):
-        * wtf/text/WTFString.h:
-        (WTF::operator==):
-        (WTF::operator!=):
-
-2011-12-01  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Read fonts from the jhbuild root
-        https://bugs.webkit.org/show_bug.cgi?id=73487
-
-        Reviewed by Gustavo Noronha Silva.
-
-        Read fonts from the jhbuild root instead of from the system. This will ensure
-        that all testers use the same fonts instead of leaving this up to luck.
-
-        * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner.
-
-2011-12-01  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Add a helper function to find the current executable's path
-        https://bugs.webkit.org/show_bug.cgi?id=73473
-
-        Reviewed by Gustavo Noronha Silva.
-
-        Add a WTF helper which gets the binary path. This is currently only used
-        in WebKit2.
-
-        * GNUmakefile.list.am: Add the new file to the source list.
-        * wtf/gobject/GlibUtilities.cpp: Added.
-        (getCurrentExecutablePath):
-        * wtf/gobject/GlibUtilities.h: Added.
-
-2011-12-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r101691.
-        http://trac.webkit.org/changeset/101691
-        https://bugs.webkit.org/show_bug.cgi?id=73588
-
-        Tests fail on Chromium bots, early warning system warned
-        committer, please adjust test_expectations in patch (Requested
-        by scheib on #webkit).
-
-        * JavaScriptCore.exp:
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.h:
-
-2011-12-01  Filip Pizlo  <fpizlo@apple.com>
-
-        ARMv7 only allows for one-shot patching of compact offsets, while the
-        JIT expects to be able to repatch
-        https://bugs.webkit.org/show_bug.cgi?id=73548
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::setUInt7ForLoad):
-
-2011-11-30  Benjamin Poulain  <benjamin@webkit.org>
-
-        URLs are encoded in UTF-8, then decoded as if they are Latin1
-        https://bugs.webkit.org/show_bug.cgi?id=71758
-
-        Reviewed by Darin Adler.
-
-        Add the operator == between a String and a Vector of char. The implementation
-        is the same as the comparison of String and char* but adds the length as a
-        parameter for comparing the strings.
-
-        * JavaScriptCore.exp:
-        * wtf/text/StringImpl.h:
-        (WTF::equal):
-        * wtf/text/WTFString.h:
-        (WTF::operator==):
-        (WTF::operator!=):
-
-2011-11-30  Dmitry Lomov  <dslomov@google.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=73503
-        [Chromium][V8] Implement ArrayBuffer transfer in chromium.
-        Portions of this patch come from Luke Zarko.
-
-        Reviewed by David Levin.
-
-        * wtf/ArrayBuffer.cpp:
-        (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr.
-        * wtf/ArrayBuffer.h:
-        (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr.
-        (WTF::ArrayBuffer::isNeutered):
-        * wtf/TypedArrayBase.h:
-        (WTF::TypedArrayBase::neuter):
-
-2011-12-01  Chao-ying Fu  <fu@mips.com>
-
-        MacroAssemblerMIPS does not implement readCallTarget
-        https://bugs.webkit.org/show_bug.cgi?id=73432
-
-        Reviewed by Zoltan Herczeg.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::readCallTarget):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::readCallTarget):
-
-2011-12-01  Noel Gordon  <noel.gordon@gmail.com>
-
-        [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects
-        https://bugs.webkit.org/show_bug.cgi?id=73527
-
-        Reviewed by Simon Hausmann.
-
-        wtf/qt/ThreadingQt.cpp was removed in r101477
-
-        * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp
-
-2011-12-01  Filip Pizlo  <fpizlo@apple.com>
-
-        BitVector isInline check could fail
-        https://bugs.webkit.org/show_bug.cgi?id=70691
-
-        Reviewed by Gavin Barraclough.
-        
-        Switch back to using the high bit as the inline marker, to make
-        all of the bit indexing operations simpler. Computing the size in
-        words and in bytes of a bitvector, using the number of bits as
-        input is error-prone enough; and with the current approach to
-        solving the X86 bug we end up getting it wrong. Making it right
-        seems hard.
-        
-        So instead, to solve the original problem (the high bit may be
-        meaningful on 32-bit systems), the out-of-line storage pointer is
-        right-shifted by 1. Compared to the original BitVector code, this
-        is a much smaller change (just three lines).
-        
-        This solves a bug where the DFG was corrupting its call frame
-        because BitVector lost track of some bits.
-
-        * wtf/BitVector.cpp:
-        (WTF::BitVector::setSlow):
-        (WTF::BitVector::resizeOutOfLine):
-        * wtf/BitVector.h:
-        (WTF::BitVector::quickGet):
-        (WTF::BitVector::quickSet):
-        (WTF::BitVector::quickClear):
-        (WTF::BitVector::makeInlineBits):
-        (WTF::BitVector::isInline):
-        (WTF::BitVector::outOfLineBits):
-
-2011-11-30  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should make it easier to notice node boundaries in disassembly
-        https://bugs.webkit.org/show_bug.cgi?id=73509
-
-        Rubber-stamped by Gavin Barraclough
-        
-        If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will
-        be emitted at node boundaries, where the immediate being xor'd is the
-        node index.
-
-        * dfg/DFGCommon.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed ArgList iterators.
-
-        Reviewed by Gavin Barraclough.
-        
-        Another step toward reversing the argument order.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct): Switched from iterator to int.
-
-        * runtime/ArgList.h:
-        (JSC::ArgList::ArgList):
-        (JSC::ArgList::isEmpty): Removed iterators.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::finishCreation): Switched from iterator to int.
-
-2011-11-30  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        32 bit DFG should handle logicalNot slow case instead of simply bailing out
-        https://bugs.webkit.org/show_bug.cgi?id=73515
-
-        Reviewed by Filip Pizlo.
-
-        This improves Kraken performance by 14%, mainly due to ~3X improvement
-        on imaging-desaturate.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-
-2011-11-30  Max Vujovic  <mvujovic@adobe.com>
-
-        Some date values not handled consistently with IE/Firefox
-        https://bugs.webkit.org/show_bug.cgi?id=14176
-
-        Reviewed by Gavin Barraclough.
-
-        Changed time zone offset parsing behavior to match IE/Firefox/Opera's in
-        implementation dependent cases like "GMT-4".
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-
-2011-11-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback
-        https://bugs.webkit.org/show_bug.cgi?id=73368
-
-        Reviewed by Darin Adler.
-
-        We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever
-        happens to be in the first class of the chain, which potentially could be null.
-
-        <rdar://problem/10493218>
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::toStringCallback):
-        (JSC::JSCallbackFunction::valueOfCallback):
-
-2011-11-29  Sam Weinig  <sam@webkit.org>
-
-        Add adoptCF and adoptNS convenience functions to RetainPtr.h
-        https://bugs.webkit.org/show_bug.cgi?id=73399
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/RetainPtr.h:
-        (WTF::adoptCF):
-        (WTF::adoptNS):
-        These adoption functions match the pattern we use in other
-        smart pointer classes.
-
-2011-11-30  Adam Roben  <aroben@apple.com>
-
-        Fix RetainPtr's move assignment operators
-
-        Fixes <http://webkit.org/b/73449> RetainPtr's move assignment operators don't modify the
-        pointer being assigned to
-
-        I didn't write a test for this because we don't have a way of unit testing C++11 code (see
-        <http://webkit.org/b/73448>).
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/RetainPtr.h:
-        (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own
-        pointer.
-
-2011-11-30  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed rolling out incorrect r101481.
-
-        * assembler/MIPSAssembler.h:
-        * assembler/MacroAssemblerMIPS.h:
-
-2011-11-30  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Fix compilation with MingW.
-
-        Reviewed by Csaba Osztrogonác.
-
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for
-        the time being make the thread name setting unimplemented for MingW.
-
-2011-11-30  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed propective build fix for Qt/Windows part 2 after r101477.
-
-        * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific<T>::Data
-
-2011-11-30  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed propective build fix for Qt/Windows after r101477.
-
-        * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's
-        only referenced from within another OS(WINDOWS) section.
-
-2011-11-30  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed speculative buildfix after r101457.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::readCallTarget):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::readCallTarget):
-
-2011-11-30  Andrew Wason  <rectalogic@rectalogic.com>
-
-        Replace Qt QThread threading back-end with pthread/Win32 threading back-ends
-        https://bugs.webkit.org/show_bug.cgi?id=72155
-
-        Reviewed by Simon Hausmann.
-
-        Use ThreadingPthreads and ThreadingWin instead of ThreadingQt.
-
-        * heap/MachineStackMarker.cpp:
-        * wtf/MainThread.cpp:
-        (WTF::initializeMainThread):
-        * wtf/Platform.h:
-        * wtf/ThreadSpecific.h: Drop QThreadStorage related code.
-        (WTF::::destroy):
-        * wtf/ThreadingPrimitives.h:
-        * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread().
-        (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread.
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-        * wtf/qt/ThreadingQt.cpp: Removed.
-        * wtf/wtf.pro:
-
-2011-11-30  Csaba Osztrogonác  <ossy@webkit.org>
-
-        MacroAssemblerARM does not implement readCallTarget
-        https://bugs.webkit.org/show_bug.cgi?id=73413
-
-        Based on Filip Pizlo's patch.
-
-        Buildfix. Rubber-stamped by Gabor Loki.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::readCallTarget):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::readCallTarget):
-
-2011-11-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Resetting a put_by_id inline cache should preserve the "isDirect" bit
-        https://bugs.webkit.org/show_bug.cgi?id=73375
-
-        Reviewed by Gavin Barraclough.
-        
-        For the replace case, we can find out if it was direct by looking at the
-        slow call. For the transition case, we explicitly remember if it was
-        direct.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::printStructureStubInfo):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        (JSC::StructureStubInfo::visitWeakReferences):
-        * bytecode/StructureStubInfo.h:
-        (JSC::isPutByIdAccess):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCachePutByID):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::resetPatchPutById):
-        (JSC::JIT::isDirectPutById):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-
-2011-11-29  Sam Weinig  <sam@webkit.org>
-
-        Remove RetainPtr::releaseRef
-        https://bugs.webkit.org/show_bug.cgi?id=73396
-
-        Reviewed by Dan Bernstein.
-
-        * wtf/RetainPtr.h:
-        Be gone releaseRef! Long live leakRef!
-
-2011-11-29  Sam Weinig  <sam@webkit.org>
-
-        Add move semantics to RetainPtr
-        https://bugs.webkit.org/show_bug.cgi?id=73393
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/RetainPtr.h:
-        (WTF::RetainPtr::RetainPtr):
-        Add a move constructor and move enabled assignment operators
-        to RetainPtr if the compiler being used supports rvalue
-        references. If the compiler does not support it, we fallback
-        to the copy semantics we have always had.
-
-2011-11-29  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG local CSE may cause incorrect reference counting for a node
-        https://bugs.webkit.org/show_bug.cgi?id=73390
-
-        Reviewed by Filip Pizlo.
-
-        When performing a node substitution, the ref count of the replaced
-        child will be increased, no matter whether the user node is skipped in
-        code generation or not. This will cause the reference count of the
-        replaced child never get the chance to become zero and so the
-        registers occupied by it cannot be reused simply without spilling, if
-        it's used by a "skipped" node.
-        This is a 1% gain on V8 benchmark, tested on IA32 Linux.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::performSubstitution):
-        (JSC::DFG::Propagator::performNodeCSE):
-
-2011-11-29  David Levin  <levin@chromium.org>
-
-        Add a way to revert a variable to its previous value after leaving a scope.
-        https://bugs.webkit.org/show_bug.cgi?id=73371
-
-        Reviewed by Adam Barth.
-
-        In case anyone from Chromium sees this, it is nearly identical to AutoReset
-        but if the same name were used, it causes unnecessary ambiguity.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/TemporarilyChange.h: Added.
-        (WTF::TemporarilyChange::TemporarilyChange):
-        (WTF::TemporarilyChange::~TemporarilyChange):
-
-2011-11-29  Sam Weinig  <sam@webkit.org>
-
-        Add COMPILER_SUPPORTS macro to allow for compiler feature testing
-        https://bugs.webkit.org/show_bug.cgi?id=73386
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/Compiler.h:
-        Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and
-        rvalue references for Clang.
-
-2011-11-29  Oliver Hunt  <oliver@apple.com>
-
-        Allow WebCore to describe typed arrays to JSC
-        https://bugs.webkit.org/show_bug.cgi?id=73355
-
-        Reviewed by Gavin Barraclough.
-
-        Allow globaldata to track the structure of typed arrays.
-
-        * runtime/JSGlobalData.h:
-        (JSC::TypedArrayDescriptor::TypedArrayDescriptor):
-
-2011-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG debugCall() mechanism only works on X86 and X86-64
-        https://bugs.webkit.org/show_bug.cgi?id=73282
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::debugCall):
-
-2011-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG non-X86 ArithDiv does speculation failure after mutating state,
-        without a value recovery
-        https://bugs.webkit.org/show_bug.cgi?id=73286
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fixes for ARM.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::readCallTarget):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
-
-2011-11-20  Roland Steiner  <rolandsteiner@chromium.org>
-
-        <style scoped>: add ENABLE(STYLE_SCOPED) flag to WebKit
-        https://bugs.webkit.org/show_bug.cgi?id=72848
-
-        Add ENABLE_STYLE_SCOPED flag.
-
-        Reviewed by Dimitri Glazkov.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-11-28  Jon Lee  <jonlee@apple.com>
-
-        Create skeleton framework for notifications support in WK2
-        https://bugs.webkit.org/show_bug.cgi?id=73253
-        <rdar://problem/10356943>
-
-        * Configurations/FeatureDefines.xcconfig: Split out ENABLE_NOTIFICATIONS based on platform.
-
-2011-11-28  Oliver Hunt  <oliver@apple.com>
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-28  Oliver Hunt  <oliver@apple.com>
-
-        Fix gyp build
-
-        * JavaScriptCore.gypi:
-
-2011-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        GetById should not always speculate cell
-        https://bugs.webkit.org/show_bug.cgi?id=73181
-
-        Reviewed by Gavin Barraclough.
-        
-        GetById will now speculate cell if the predictions of the base are cell.
-        Otherwise it will do like the old JIT (and like the old non-speculative
-        DFG JIT): if not cell, go straight to slow-path but otherwise don't OSR
-        out. This is a 1% speed-up on SunSpider.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-28  Oliver Hunt  <oliver@apple.com>
-
-        Move typed array implementations into wtf
-        https://bugs.webkit.org/show_bug.cgi?id=73248
-
-        Reviewed by Sam Weinig.
-
-        Move typed array implementation files from WebCore to wtf.  Inline the
-        .cpp files for each of the array views to cut down on unnecessary exports
-        and function call overhead for trivial operations.
-
-        Added files to all the project files.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/ArrayBuffer.cpp: Renamed from Source/WebCore/html/canvas/Float32Array.cpp.
-        (WTF::ArrayBuffer::transfer):
-        (WTF::ArrayBuffer::addView):
-        (WTF::ArrayBuffer::removeView):
-        * wtf/ArrayBuffer.h: Renamed from Source/WebCore/html/canvas/ArrayBuffer.cpp.
-        (WTF::ArrayBufferContents::ArrayBufferContents):
-        (WTF::ArrayBufferContents::data):
-        (WTF::ArrayBufferContents::sizeInBytes):
-        (WTF::ArrayBufferContents::transfer):
-        (WTF::ArrayBuffer::~ArrayBuffer):
-        (WTF::ArrayBuffer::clampValue):
-        (WTF::ArrayBuffer::create):
-        (WTF::ArrayBuffer::ArrayBuffer):
-        (WTF::ArrayBuffer::data):
-        (WTF::ArrayBuffer::byteLength):
-        (WTF::ArrayBuffer::slice):
-        (WTF::ArrayBuffer::sliceImpl):
-        (WTF::ArrayBuffer::clampIndex):
-        (WTF::ArrayBufferContents::tryAllocate):
-        (WTF::ArrayBufferContents::~ArrayBufferContents):
-        * wtf/ArrayBufferView.cpp: Copied from Source/WebCore/bindings/js/JSArrayBufferCustom.cpp.
-        (WTF::ArrayBufferView::ArrayBufferView):
-        (WTF::ArrayBufferView::~ArrayBufferView):
-        (WTF::ArrayBufferView::neuter):
-        * wtf/ArrayBufferView.h: Renamed from Source/WebCore/html/canvas/ArrayBufferView.h.
-        (WTF::ArrayBufferView::isByteArray):
-        (WTF::ArrayBufferView::isUnsignedByteArray):
-        (WTF::ArrayBufferView::isShortArray):
-        (WTF::ArrayBufferView::isUnsignedShortArray):
-        (WTF::ArrayBufferView::isIntArray):
-        (WTF::ArrayBufferView::isUnsignedIntArray):
-        (WTF::ArrayBufferView::isFloatArray):
-        (WTF::ArrayBufferView::isDoubleArray):
-        (WTF::ArrayBufferView::isDataView):
-        (WTF::ArrayBufferView::buffer):
-        (WTF::ArrayBufferView::baseAddress):
-        (WTF::ArrayBufferView::byteOffset):
-        (WTF::ArrayBufferView::verifySubRange):
-        (WTF::ArrayBufferView::clampOffsetAndNumElements):
-        (WTF::ArrayBufferView::setImpl):
-        (WTF::ArrayBufferView::setRangeImpl):
-        (WTF::ArrayBufferView::zeroRangeImpl):
-        (WTF::ArrayBufferView::calculateOffsetAndLength):
-        * wtf/CMakeLists.txt:
-        * wtf/Float32Array.h: Renamed from Source/WebCore/html/canvas/Float32Array.h.
-        (WTF::Float32Array::set):
-        (WTF::Float32Array::item):
-        (WTF::Float32Array::isFloatArray):
-        (WTF::Float32Array::create):
-        (WTF::Float32Array::Float32Array):
-        (WTF::Float32Array::subarray):
-        * wtf/Float64Array.h: Renamed from Source/WebCore/html/canvas/Float64Array.h.
-        (WTF::Float64Array::set):
-        (WTF::Float64Array::item):
-        (WTF::Float64Array::isDoubleArray):
-        (WTF::Float64Array::create):
-        (WTF::Float64Array::Float64Array):
-        (WTF::Float64Array::subarray):
-        * wtf/Int16Array.h: Renamed from Source/WebCore/html/canvas/Int16Array.cpp.
-        (WTF::Int16Array::set):
-        (WTF::Int16Array::isShortArray):
-        (WTF::Int16Array::create):
-        (WTF::Int16Array::Int16Array):
-        (WTF::Int16Array::subarray):
-        * wtf/Int32Array.h: Renamed from Source/WebCore/html/canvas/Int32Array.cpp.
-        (WTF::Int32Array::set):
-        (WTF::Int32Array::isIntArray):
-        (WTF::Int32Array::create):
-        (WTF::Int32Array::Int32Array):
-        (WTF::Int32Array::subarray):
-        * wtf/Int8Array.h: Renamed from Source/WebCore/html/canvas/Int8Array.cpp.
-        (WTF::Int8Array::set):
-        (WTF::Int8Array::isByteArray):
-        (WTF::Int8Array::create):
-        (WTF::Int8Array::Int8Array):
-        (WTF::Int8Array::subarray):
-        * wtf/IntegralTypedArrayBase.h: Renamed from Source/WebCore/html/canvas/IntegralTypedArrayBase.h.
-        (WTF::IntegralTypedArrayBase::set):
-        (WTF::IntegralTypedArrayBase::item):
-        (WTF::IntegralTypedArrayBase::IntegralTypedArrayBase):
-        * wtf/TypedArrayBase.h: Renamed from Source/WebCore/html/canvas/TypedArrayBase.h.
-        (WTF::TypedArrayBase::data):
-        (WTF::TypedArrayBase::set):
-        (WTF::TypedArrayBase::setRange):
-        (WTF::TypedArrayBase::zeroRange):
-        (WTF::TypedArrayBase::length):
-        (WTF::TypedArrayBase::byteLength):
-        (WTF::TypedArrayBase::TypedArrayBase):
-        (WTF::TypedArrayBase::create):
-        (WTF::TypedArrayBase::subarrayImpl):
-        * wtf/Uint16Array.h: Renamed from Source/WebCore/html/canvas/Uint16Array.cpp.
-        (WTF::Uint16Array::set):
-        (WTF::Uint16Array::isUnsignedShortArray):
-        (WTF::Uint16Array::create):
-        (WTF::Uint16Array::Uint16Array):
-        (WTF::Uint16Array::subarray):
-        * wtf/Uint32Array.h: Renamed from Source/WebCore/html/canvas/Uint32Array.cpp.
-        (WTF::Uint32Array::set):
-        (WTF::Uint32Array::isUnsignedIntArray):
-        (WTF::Uint32Array::create):
-        (WTF::Uint32Array::Uint32Array):
-        (WTF::Uint32Array::subarray):
-        * wtf/Uint8Array.h: Renamed from Source/WebCore/html/canvas/Uint8Array.h.
-        (WTF::Uint8Array::set):
-        (WTF::Uint8Array::isUnsignedByteArray):
-        (WTF::Uint8Array::create):
-        (WTF::Uint8Array::Uint8Array):
-        (WTF::Uint8Array::subarray):
-        * wtf/wtf.pro:
-
-2011-11-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Don't try to optimize huge code blocks
-        https://bugs.webkit.org/show_bug.cgi?id=73187
-
-        Reviewed by Oliver Hunt.
-        
-        This unifies the heuristics used for deciding if a code block is too big
-        to optimize, and sets this heuristic to 1000, which is intuitively better
-        than numeric_limits<unsigned>::max(). It also results in what looks like
-        a speed-up on both SunSpider and V8 (in Tools/Scripts/bencher).
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::mightCompileEval):
-        (JSC::DFG::mightCompileProgram):
-        (JSC::DFG::mightCompileFunctionForCall):
-        (JSC::DFG::mightCompileFunctionForConstruct):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-
-2011-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Either remove the GetMethod node from the DFG backend, or find a use for it
-        https://bugs.webkit.org/show_bug.cgi?id=73178
-
-        Reviewed by Gavin Barraclough.
-        
-        More testing seemed to imply that the GetMethod code was indeed not profitable
-        in any major test. So, it's probably best to just remove it.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::MethodCallLinkInfo::reset):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::hasHeapPrediction):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGRepatch.cpp:
-        * dfg/DFGRepatch.h:
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-28  Michael Saboff  <msaboff@apple.com>
-
-        Change set 101187 from bug 73154 removed already lower case optimization
-        https://bugs.webkit.org/show_bug.cgi?id=73174
-
-        Added back the "string is already lower case" optimization.
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncToLowerCase):
-
-2011-11-28  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed prospective build fix. Touch the file to trigger correct
-        rebuild on the Qt mips/sh4/sl bot.
-
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2011-11-28  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Remove cruft from project file
-
-        Reviewed by Simon Hausmann.
-
-        * Target.pri:
-
-2011-11-28  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] WTF should be built as separate static library
-        https://bugs.webkit.org/show_bug.cgi?id=73201
-
-        Reviewed by Tor Arne Vestbø.
-
-        * Target.pri: Don't claim to build WTF, as that would cause
-        the debug-with-shlibs build to not link in wtf.
-        * jsc.pro: Require wtf.
-        * wtf/wtf.pri: Removed.
-        * wtf/wtf.pro: Added. Pro file to build wtf statically.
-
-2011-11-28  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] JavaScriptCore generated sources should build in the DerivedSources directory
-        https://bugs.webkit.org/show_bug.cgi?id=73197
-
-        Reviewed by Philippe Normand.
-
-        Build all JavaScriptCore generated sources in DerivedSources.
-
-        * GNUmakefile.am: Update generation rules.
-        * GNUmakefile.list.am: Update source lists.
-
-2011-11-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not emit GetMethod node
-        https://bugs.webkit.org/show_bug.cgi?id=73175
-
-        Reviewed by Gavin Barraclough.
-        
-        Replaces all instances of the GetMethod node with GetById. This appears to
-        be a slight win on V8. This patch leaves GetMethod support in the code-base,
-        making this decision easy to reverse, for now.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-11-26  Hajime Morrita  <morrita@chromium.org>
-
-        Needs WTF_INLINE and JS_INLINE
-        https://bugs.webkit.org/show_bug.cgi?id=72853
-
-        Reviewed by Kevin Ollivier.
-
-        Added WTF_HIDDEN, WTF_INLINE and JS_INLINE which
-        indirect __attribute__((visibility("hidden"))
-
-        * config.h:
-        * wtf/ExportMacros.h:
-
-2011-11-25  Michael Saboff  <msaboff@apple.com>
-
-        String.prototype.toLower should be optimized for 8 bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=73154
-
-        Changed stringProtoFuncToLowerCase to use StringImpl::lower() which has
-        been optimized for 8 bit strings.
-
-        This is worth ~7% to sunspider string.tagcloud.
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncToLowerCase):
-
-2011-11-25  Michael Saboff  <msaboff@apple.com>
-
-        Array.toString always uses StringImpl::characters()
-        https://bugs.webkit.org/show_bug.cgi?id=72969
-
-        If all component strings are 8 bit, create an 8 bit result string for toString().
-
-        This appears to be performance neutral to sunspider and v8.
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-
-2011-11-24  Michael Saboff  <msaboff@apple.com>
-
-        UString methods are not character size aware
-        https://bugs.webkit.org/show_bug.cgi?id=72975
-
-        Changed the UString number constructors to build 8 bit strings.
-        Modified the other methods to check string bitness and process
-        with 8 bits wherre appropriate.
-
-        * runtime/UString.cpp:
-        (JSC::UString::number):
-        (JSC::operator==):
-        (JSC::operator<):
-        (JSC::UString::ascii):
-
-2011-11-24  Michael Saboff  <msaboff@apple.com>
-
-        JavaScript string to number conversion functions use characters()
-        https://bugs.webkit.org/show_bug.cgi?id=72974
-
-        Change the various JS to number routines to process strings
-        using characters8() or characters16() as appropriate.
-        Implemented using static template methods.
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::isInfinity):
-        (JSC::jsHexIntegerLiteral):
-        (JSC::jsStrDecimalLiteral):
-        (JSC::toDouble):
-        (JSC::jsToNumber):
-
-2011-11-24  Michael Saboff  <msaboff@apple.com>
-
-        Empty JSStrings are created as 16 bit
-        https://bugs.webkit.org/show_bug.cgi?id=72968
-
-        Clear m_is8Bit flag for empty strings.
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::finishCreation):
-
-2011-11-24  Michael Saboff  <msaboff@apple.com>
-
-        Tune JSStringBuilder for 8 bit Strings
-        https://bugs.webkit.org/show_bug.cgi?id=72683
-
-        Changed JSStringBuilder to use 8 bit buffers until 16 bit data is added.
-        When 16 bit data is to be added, the 8 bit buffer is converted to 16 bit
-        and building continues with a 16 bit buffer.
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/JSStringBuilder.h:
-        (JSC::JSStringBuilder::JSStringBuilder):
-        (JSC::JSStringBuilder::append):
-        (JSC::JSStringBuilder::upConvert):
-        (JSC::JSStringBuilder::build):
-        * runtime/UString.h:
-        (JSC::UString::adopt):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::adopt):
-
-2011-11-24  Zeno Albisser  <zeno@webkit.org>
-
-        [Qt]WK2][Mac] Use Mac port's IPC implementation instead of Unix sockets
-        https://bugs.webkit.org/show_bug.cgi?id=72495
-
-        Update defines to not use Unix Domain Sockets for platform Qt on Mac.
-        This enables Qt to reuse existing code for mach ports and Grand
-        Central Dispatch based IPC.
-
-        Reviewed by Simon Hausmann.
-
-        * wtf/Platform.h:
-
-2011-11-24  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] REGRESSION(r101131): WTF::scheduleDispatchFunctionsOnMainThread() doesn't work reliably
-
-        Reviewed by Andreas Kling.
-
-        We must make sure that the MainThreadInvoker object lives in the gui thread. There are a few
-        ways of doing that and this fix seems like the least intrusive one by simply pushing the
-        invoker to the gui thread if it's not there already.
-
-        * wtf/qt/MainThreadQt.cpp:
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2011-11-24  Patrick Gansterer  <paroga@webkit.org>
-
-        [Qt] Use QEvent for dispatchFunctionsFromMainThread()
-        https://bugs.webkit.org/show_bug.cgi?id=72704
-
-        Reviewed by Simon Hausmann.
-
-        Replace QMetaObject::invokeMethod with QCoreApplication::postEvent.
-        This is the same as what invokeMethod does internally, but reduces
-        the dependency on some internal QThread stuff.
-
-        * wtf/qt/MainThreadQt.cpp:
-        (WTF::MainThreadInvoker::MainThreadInvoker):
-        (WTF::MainThreadInvoker::event):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2011-11-23  George Staikos  <staikos@webkit.org>
-
-        Remove BlackBerry OS support from RandomNumberSeed, making QNX=UNIX.
-        https://bugs.webkit.org/show_bug.cgi?id=73028
-
-        Reviewed by Daniel Bates.
-
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-
-2011-11-23  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Add flags/precision arguments to String::number(double) to allow fine-grained control over the result string
-        https://bugs.webkit.org/show_bug.cgi?id=72793
-
-        Reviewed by Zoltan Herczeg.
-
-        This new code will be used in follow-up patches to replace the String::format("%.2f") usage in
-        platform/text/TextStream.cpp, and String::format("%.6lg") usage in svg/SVGPathStringBuilder.cpp.
-
-        The String::number(double) currently calls String::format("%.6lg") in trunk. In order to replace
-        this by a variant that properly rounds to six significant figures, JSC code could be refactored.
-        JSCs Number.toPrecision/toFixed uses wtf/dtoa/double-conversion which provides all features we need,
-        except truncating trailing zeros, needed to mimic the "g" format, which is either f or e but with
-        trailing zeros removed, producing shorter results. Changed the default signature to:
-
-        "static String number(double, unsigned = ShouldRoundSignificantFigures | ShouldTruncateTrailingZeros, unsigned precision = 6);".
-
-        In WebCore we can now replace String::format() calls like this:
-        String::format("%.2f", f) -> String::number(f, ShouldRoundDecimalPlaces, 2)
-        String::format("%.6lg", f) -> String::number(f)
-
-        The default parameters for precison & flags exactly match the format of the string produced now, except that the result
-        is rounded according to the rounding mode / formatting mode and precision. This paves the way towards reliable results
-        in the d="" attribute dumps of SVG paths  across platforms. The dtoa rounding code enforces a unique zero, resolving
-        all 0.0 vs. -0.0 issues currently seen on Windows, and some Gtk/Qt bots.
-
-        This patch needs a rebaseline of svg/dom/length-list-parser.html as we don't perfecly mimic the String::format() "lg" mode
-        result for exponentials, we used to return eg. "e-7" and now return "e-07" - the trailing zero truncation hasn't been
-        implemented for exponentials, as this really affects only this test and thus wasn't worth the trouble - in contrary the
-        trailing zero truncation is needed for thousands of other results in "f" notation, and thus needed to match the DRT results.
-
-        Here's a performance comparision using a JSC release build and some arbitary numbers:
-        Converting 123.456 using old approach took 95.527100ms. avg 0.000955ms/call.
-        Converting 123.456 using new approach took 28.126953ms. avg 0.000281ms/call.
-
-        Converting 123 using old approach took 85.411133ms. avg 0.000854ms/call.
-        Converting 123 using new approach took 24.190186ms. avg 0.000242ms/call.
-
-        Converting 0.1 using old approach took 92.622803ms. avg 0.000926ms/call.
-        Converting 0.1 using new approach took 23.317871ms. avg 0.000233ms/call.
-
-        Converting 1/i using old approach took 106.893066ms. avg 0.001069ms/call.
-        Converting 1/i using new approach took 27.164062ms. avg 0.000272ms/call.
-
-        For all numbers I've tested in RoundingSignificantFigures mode and 6 digit precision the speedup was at least 250%.
-
-        * JavaScriptCore.exp: Change String::number(double) signature.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Ditto.
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToFixed): Refactor this into numberToFixedPrecisionString(), move to wtf/dtoa.cpp.
-        (JSC::numberProtoFuncToPrecision): Ditto, refactor this into numberToFixedWidthString.
-        * wtf/dtoa.cpp: Moved fixedWidth/Precision helpers into dtoa, extend numberToFixedPrecisionString(). Add a mode which allows to truncate trailing zeros/decimal point.
-                        to make it possible to use them to generate strings that match the output from String::format("%6.lg"), while using our dtoas rounding facilities.
-        * wtf/dtoa.h:
-        * wtf/dtoa/utils.h: Expose new helper method, which allows us to truncate the result, before generating the output const char*.
-        (WTF::double_conversion::StringBuilder::SetPosition):
-        * wtf/text/WTFString.cpp:
-        (WTF::String::number): Remove String::format("%6.lg") usage! Switch to rounding to six significant figures, while matching the output of String::format.
-        * wtf/text/WTFString.h:
-
-2011-11-23  Hajime Morrita  <morrita@chromium.org>
-
-        WTF::String has extra WTF_EXPORT_PRIVATE
-        https://bugs.webkit.org/show_bug.cgi?id=72858
-
-        Reviewed by Kevin Ollivier.
-
-        * wtf/text/WTFString.h:
-        (WTF::String::String):
-
-2011-11-23  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        [CMake] Move the top-level logic to the top-level directory.
-        https://bugs.webkit.org/show_bug.cgi?id=72685
-
-        Reviewed by Brent Fulgham.
-
-        * CMakeLists.txt: Point to the right Source/ directory.
-        * wtf/CMakeLists.txt: Ditto.
-
-2011-11-22  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Strength reduction for Mul and Mod operations for known constants in DFG
-        https://bugs.webkit.org/show_bug.cgi?id=72878
-
-        Reviewed by Filip Pizlo.
-
-        Also the code should be commonly shared by both 32_64 and 64.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::nodeMayOverflow):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::fmodAsDFGOperation):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-        (JSC::DFG::isPowerOfTwo):
-        (JSC::DFG::logTwo):
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileArithMul):
-        (JSC::DFG::SpeculativeJIT::compileArithMod):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-22  Daniel Bates  <dbates@rim.com>
-
-        Add WTF infrastructure for the BlackBerry port
-        https://bugs.webkit.org/show_bug.cgi?id=72970
-
-        Reviewed by Antonio Gomes.
-
-        * wtf/Assertions.cpp: Added BlackBerry-specific logging directive.
-        * wtf/MathExtras.h:
-        (abs): Added; stdlib doesn't contain abs() on QNX.
-        * wtf/Platform.h: Define WTF_PLATFORM_BLACKBERRY and enable some platform features.
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator): For the BlackBerry port, we initialize
-        the bad pseudo random number generator using time(3) before initializing the
-        Mersenne Twister random number generator.
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::createThreadInternal): Added.
-        * wtf/blackberry: Added.
-        * wtf/blackberry/MainThreadBlackBerry.cpp: Added.
-        (WTF::initializeMainThreadPlatform):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-        * wtf/text/WTFString.h: Added constructor and conversion operator for
-        BlackBerry WebString string object.
-
-2011-11-22  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r100988.
-        http://trac.webkit.org/changeset/100988
-        https://bugs.webkit.org/show_bug.cgi?id=72941
-
-        "Broke pixel tests on Chromium-Linux" (Requested by kbalazs on
-        #webkit).
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/ParallelJobs.h:
-        * wtf/ParallelJobsGeneric.cpp:
-        * wtf/ParallelJobsGeneric.h:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::execute):
-        * wtf/Platform.h:
-
-2011-11-21  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Enable ParallelJobs by default
-        https://bugs.webkit.org/show_bug.cgi?id=70032
-
-        Reviewed by Zoltan Herczeg.
-
-        According to measurements on Mac and Linux it is a
-        considerable speedup for SVG on multicore.
-
-        Remove the ENABLE(PARALLEL_JOBS) guard.
-        Fix build on Windows and Chromium.
-
-        * JavaScriptCore.gypi:  Add the files to the build. It was
-        missing for the gyp build system.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Export symbols.
-        * wtf/ParallelJobs.h:
-        * wtf/ParallelJobsGeneric.cpp:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::execute):
-        Deinline these to avoid exporting a lot of symbols.
-        These are non-trivial and called only once on a given object
-        so it doesn't seems to be worthwile to inline them.
-        Additionally fix a signed-unsigned comparison in the constructor.
-        * wtf/ParallelJobsGeneric.h:
-        * wtf/Platform.h:
-
-2011-11-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have richer debug output for CFA and phi processing
-        https://bugs.webkit.org/show_bug.cgi?id=72922
-
-        Reviewed by Gavin Barraclough.
-        
-        In the default verbose mode, we now print information about variable
-        state at the bottom of basic blocks in addition to the top, and we
-        also print local variable linking. In the verbose propagation mode,
-        the state of phi processing is dumped more richly and CFA merging (the
-        most subtle part of CFA) is traced as well.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::StructureAbstractValue::dump):
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::NodeIndexTraits::dump):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::dumpChildren):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOperands.h:
-        (JSC::DFG::OperandValueTraits::dump):
-        (JSC::DFG::dumpOperands):
-
-2011-11-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
-        https://bugs.webkit.org/show_bug.cgi?id=71505
-
-        Reviewed by Gavin Barraclough.
-        
-        It turns out that we were corrupting phi nodes in case of overflow. The bug is
-        really obvious, but producing a test case that causes the badness is hard. Even
-        when the phi nodes do get corrupt, there's more that has to happen before it
-        causes incorrect execution - and I wasn't able to reproduce in any kind of
-        sensible reduced case.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-
-2011-11-21  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Speed up debug builds.
-        https://bugs.webkit.org/show_bug.cgi?id=72882
-
-        Reviewed by Tor Arne Vestbø.
-
-        * Target.pri: Make BUILDING_JavaScriptCore available earlier, so it can be
-        used by the build system.
-
-2011-11-21  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r100913.
-        http://trac.webkit.org/changeset/100913
-        https://bugs.webkit.org/show_bug.cgi?id=72885
-
-        "Break Windows build" (Requested by kbalazs on #webkit).
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/ParallelJobs.h:
-        * wtf/ParallelJobsGeneric.cpp:
-        * wtf/ParallelJobsGeneric.h:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::execute):
-        * wtf/Platform.h:
-
-2011-11-21  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Enable ParallelJobs by default
-        https://bugs.webkit.org/show_bug.cgi?id=70032
-
-        Reviewed by Zoltan Herczeg.
-
-        According to measurements on Mac and Linux it is a
-        considerable speedup for SVG on multicore.
-
-        Remove the ENABLE(PARALLEL_JOBS) guard.
-        Fix build on Windows and Chromium.
-
-        * JavaScriptCore.gypi:  Add the files to the build. It was
-        missing for the gyp build system.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Export symbols.
-        * wtf/ParallelJobs.h:
-        * wtf/ParallelJobsGeneric.cpp:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::execute):
-        Deinline these to avoid exporting a lot of symbols.
-        These are non-trivial and called only once on a given object
-        so it doesn't seems to be worthwile to inline them.
-        Additionally fix a signed-unsigned comparison in the constructor.
-        * wtf/ParallelJobsGeneric.h:
-        * wtf/Platform.h:
-
-2011-11-21  Andy Wingo  <wingo@igalia.com>
-
-        Add .dir-locals.el file for better Emacs defaults
-        https://bugs.webkit.org/show_bug.cgi?id=72483
-
-        Reviewed by Xan Lopez.
-
-        * .dir-locals.el: Set appropriate directory-local variables for Emacs.
-
-2011-11-21  Filip Pizlo  <fpizlo@apple.com>
-        
-        Another attempt at a build fix.
-
-        * dfg/DFGRepatch.h:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-
-2011-11-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed interpreter build fix.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::finalizeUnconditionally):
-        * dfg/DFGRepatch.h:
-
-2011-11-20  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Improve modulo operation on 32bit platforms
-        https://bugs.webkit.org/show_bug.cgi?id=72501
-
-        Reviewed by Filip Pizlo.
-
-        Extend softModulo to support X86 and MIPS in baseline JIT.
-        Apply the same optimization to 32bit DFG JIT.
-        1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit.
-
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_mod):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::softModulo):
-        * wtf/Platform.h:
-
-2011-11-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Inline caches that refer to otherwise dead objects should be cleared
-        https://bugs.webkit.org/show_bug.cgi?id=72311
-
-        Reviewed by Geoff Garen.
-
-        DFG code blocks now participate in the weak reference harvester fixpoint
-        so that they only consider themselves to be live if either they are
-        currently executing, or their owner is live and all of their weak references
-        are live. If not, the relevant code blocks are jettisoned.
-
-        Inline caches in both the old JIT and the DFG are now cleared if any of
-        their references are not marked at the end of a GC.
-
-        This is performance-neutral on SunSpider, V8, and Kraken. With the clear-
-        all-code-on-GC policy that we currently have, it shows a slight reduction
-        in memory usage. If we turn that policy off, it's pretty easy to come up
-        with an example program that will cause ToT to experience linear heap
-        growth, while with this patch, the heap stays small and remains at a
-        constant size.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::readCallTarget):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::readCallTarget):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::readCallTarget):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::readCallTarget):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CodeBlock::performTracingFixpointIteration):
-        (JSC::CodeBlock::visitWeakReferences):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        (JSC::MethodCallLinkInfo::reset):
-        (JSC::ProgramCodeBlock::jettison):
-        (JSC::EvalCodeBlock::jettison):
-        (JSC::FunctionCodeBlock::jettison):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::reoptimize):
-        (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::visitWeak):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::visitWeakReferences):
-        * bytecode/StructureStubInfo.h:
-        (JSC::isGetByIdAccess):
-        (JSC::isPutByIdAccess):
-        (JSC::StructureStubInfo::reset):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchByIdSelfAccess):
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-        * dfg/DFGRepatch.h:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITWriteBarrier.h:
-        (JSC::JITWriteBarrierBase::clearToMaxUnsigned):
-
-2011-11-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
-        https://bugs.webkit.org/show_bug.cgi?id=71505
-
-        Reviewed by Oliver Hunt.
-        
-        The bytecode generator was assuming that call_varargs never reuses the base register
-        (i.e. the function being called) for the result. This is no longer true.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-
-2011-11-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG 32_64 should directly store double virtual registers on SetLocal
-        https://bugs.webkit.org/show_bug.cgi?id=72845
-
-        Reviewed by Oliver Hunt.
-        
-        2% win on Kraken.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-20  Noel Gordon  <noel.gordon@gmail.com>
-
-        [chromium] Remove DFG::JITCodeGenerator from the gyp projects
-        https://bugs.webkit.org/show_bug.cgi?id=72842
-
-        Reviewed by Filip Pizlo.
-
-        dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244
-
-        * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp}
-
-2011-11-18  Daniel Bates  <dbates@rim.com>
-
-        Add CMake build infrastructure for the BlackBerry port
-        https://bugs.webkit.org/show_bug.cgi?id=72768
-
-        Reviewed by Antonio Gomes.
-
-        * PlatformBlackBerry.cmake: Added.
-        * shell/PlatformBlackBerry.cmake: Added.
-        * wtf/PlatformBlackBerry.cmake: Added.
-
-2011-11-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT fails speculation on InstanceOf if the base is not an object
-        https://bugs.webkit.org/show_bug.cgi?id=72709
-
-        Reviewed by Geoff Garen.
-        
-        InstanceOf already leverages the fact that we only allow the default
-        hasInstance implementation. So, if the base is predicted to possibly
-        be not an object and the CFA has not yet proven otherwise, InstanceOf
-        will abstain from speculating cell and instead return false if the
-        base is not a cell.
-        
-        This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so
-        speed-up in earley-boyer. Neutral according to bencher on SunSpider,
-        V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9%
-        win on V8 even on my harness, due to a 12.5% win on earley-boyer.
-        
-        I also took this opportunity to make the code for InstanceOf common
-        between the two JITs. This was partially successful, in that the
-        "common code" has a bunch of #if's, but overall it seems like a code
-        size reduction.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Forgot to completely de-virtualize isDynamicScope
-        https://bugs.webkit.org/show_bug.cgi?id=72763
-
-        Reviewed by Darin Adler.
-
-        * runtime/JSActivation.h: Removed virtual keyword.
-
-2011-11-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
-        https://bugs.webkit.org/show_bug.cgi?id=72292
-
-        Reviewed by Darin Adler.
-        
-        Fix this for 32_64.
-
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-
-2011-11-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize ExecutableBase::intrinsic
-        https://bugs.webkit.org/show_bug.cgi?id=72548
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value. 
-        * runtime/Executable.h:
-        * runtime/JSCell.h:
-        (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo
-        rather than requiring C++ RTTI.
-
-2011-11-18  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Remove duplicate dtoa files from CMakeLists.txt
-        https://bugs.webkit.org/show_bug.cgi?id=72711
-
-        Reviewed by Brent Fulgham.
-
-        * wtf/CMakeLists.txt:
-
-2011-11-17  Michael Saboff  <msaboff@apple.com>
-
-        [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=72602
-
-        Fixed StringImpl::foldCase by adding return in the case we need to handle
-        folding of 8 bit strings with Latin-1 characters.
-
-        Fixed case where StringImpl::replace was using a char temp instead of an
-        LChar temp.
-
-        Because of the second change, I changed other uses of char or
-        unsigned char to LChar.
-
-        Reviewed by Zoltan Herczeg.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::upper):
-        (WTF::StringImpl::foldCase):
-        (WTF::equal):
-        (WTF::equalIgnoringCase):
-        (WTF::StringImpl::replace):
-
-2011-11-17  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt
-        https://bugs.webkit.org/show_bug.cgi?id=72644
-
-        Reviewed by Brent Fulgham.
-
-        All ports need to do the same determination about fast malloc. Move the CMake code from
-        platform specific files into the generic one, so that additional ports can reuse it.
-
-        * wtf/CMakeLists.txt:
-        * wtf/PlatformEfl.cmake:
-        * wtf/PlatformWinCE.cmake:
-
-2011-11-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add finalizer to JSActivation
-        https://bugs.webkit.org/show_bug.cgi?id=72575
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation.
-        (JSC::JSActivation::finalize):
-        * runtime/JSActivation.h: Replaced virtual destructor with static finalize function.
-
-2011-11-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Code block jettisoning should be part of the GC's transitive closure
-        https://bugs.webkit.org/show_bug.cgi?id=72467
-
-        Reviewed by Geoff Garen.
-        
-        Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all
-        DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak
-        references) and helps track what state each of those code blocks is in during
-        GC. The state consists of two flags; mayBeExecuting, which tells if the code block
-        is live from call frames; and isJettisoned, which tells if the code block is
-        not owned by any executable and thus should be deleted as soon as it is not
-        mayBeExecuting.
-        
-        - Not executing, Not jettisoned: The code block may or may not be reachable from
-          any executables, but it is owned by an executable, and hence should be
-          kept alive if its executable is live and if all of its weak references are
-          live. Otherwise it should be deleted during the current GC cycle, and its
-          outgoing references should not be scanned.
-          
-        - Not executing but jettisoned: The code block should be deleted as soon as
-          possible and none of its outgoing references should be scanned.
-          
-        - Executing but not jettisoned: The code block should be kept alive during this
-          GC cycle, and all of its outgoing references (including the weak ones)
-          should be scanned and marked strongly. The mayBeExecuting bit will be cleared at
-          the end of the GC cycle.
-          
-        - Executing and jettisoned: The code block should be kept alive during this
-          GC cycle, and all of its outgoing references (including the weak ones)
-          should be scanned and marked strongly. However, on the next GC cycle, it
-          will have its mayBeExecuting bit cleared and hence it will become a candidate
-          for immediate deletion provided it is not executing again.
-
-        This is performance-neutral.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setJITCode):
-        (JSC::CodeBlock::DFGData::DFGData):
-        (JSC::DFGCodeBlocks::mark):
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::add):
-        * heap/ConservativeRoots.h:
-        * heap/DFGCodeBlocks.cpp: Added.
-        (JSC::DFGCodeBlocks::DFGCodeBlocks):
-        (JSC::DFGCodeBlocks::~DFGCodeBlocks):
-        (JSC::DFGCodeBlocks::jettison):
-        (JSC::DFGCodeBlocks::clearMarks):
-        (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
-        (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
-        * heap/DFGCodeBlocks.h: Added.
-        * heap/Heap.cpp:
-        (JSC::Heap::jettisonDFGCodeBlock):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        * heap/JettisonedCodeBlocks.cpp: Removed.
-        * heap/JettisonedCodeBlocks.h: Removed.
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::gatherConservativeRoots):
-        * interpreter/RegisterFile.h:
-        * runtime/Executable.cpp:
-        (JSC::jettisonCodeBlock):
-
-2011-11-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix for 32-bit.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Some CachedCall cleanup, in preparation for reversing argument order.
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter,
-        so I can test it.
-
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because
-        we are not that desperate for character saving.
-
-        (JSC::CachedCall::setThis):
-        (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for
-        CallFrameClosure.
-
-        * interpreter/CallFrameClosure.h:
-        (JSC::CallFrameClosure::setThis):
-        (JSC::CallFrameClosure::setArgument):
-        (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing,
-        with an explicit setter for 'this', since that's how most clients think.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::prepareForRepeatCall):
-        * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis,
-        for clarity.
-
-2011-11-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize ScriptExecutable::unlinkCalls
-        https://bugs.webkit.org/show_bug.cgi?id=72546
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error
-        due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which 
-        didn't have complete type information on the things that needed to be destructed in the implicit destructor.
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::createStructure): Used new type value from JSType
-        (JSC::ProgramExecutable::createStructure): Ditto
-        (JSC::FunctionExecutable::createStructure): Ditto
-        (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation.
-        * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable.  Remove explicit numbers, since 
-        that just adds noise to patches and they currently have no significance.
-
-2011-11-16  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC::CodeBlock should know which references generated by the DFG are weak
-        https://bugs.webkit.org/show_bug.cgi?id=72563
-
-        Reviewed by Geoff Garen.
-        
-        CodeBlock::m_dfgData now tracks weak references and weak reference transitions
-        (like ephemerons) generated by the DFG. The DFG makes sure to notify the
-        CodeBlock of all uses of weak references and weak reference transitions.
-        CodeBlock currently marks them strongly, since the weak marking logic is not
-        in place, yet.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CodeBlock::stronglyVisitWeakReferences):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::appendWeakReference):
-        (JSC::CodeBlock::shrinkWeakReferencesToFit):
-        (JSC::CodeBlock::appendWeakReferenceTransition):
-        (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
-        (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
-        * bytecode/CodeOrigin.h:
-        (JSC::CodeOrigin::codeOriginOwner):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addWeakReference):
-        (JSC::DFG::JITCompiler::addWeakReferenceTransition):
-        (JSC::DFG::JITCompiler::branchWeakPtr):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-16  Michael Saboff  <msaboff@apple.com>
-
-        LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185)
-        https://bugs.webkit.org/show_bug.cgi?id=72561
-
-        Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED().
-        Simplified the code in the process.
-
-        Reviewed by James Robinson.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::CharAccess::CharAccess):
-        (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
-
-2011-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Interpreter build fixes.
-
-        * bytecode/CodeBlock.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2011-11-16  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r100363.
-
-        * bytecode/CodeBlock.h:
-
-2011-11-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in r100375 and r100385 with 32-bit build fixed.
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArgList.cpp:
-        (JSC::ArgList::getSlice):
-        * runtime/ArgList.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::finishCreation):
-        * runtime/JSArray.h:
-        (JSC::JSArray::create):
-        * runtime/JSGlobalObject.h:
-        (JSC::constructArray):
-
-2011-11-16  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG global variable CSE mishandles the cross-global-object inlining corner case
-        https://bugs.webkit.org/show_bug.cgi?id=72542
-
-        Reviewed by Geoff Garen.
-        
-        Moved code to get the global object for a code origin into CodeBlock, so it is
-        more broadly accessible. Fixed CSE to compare both the variable number, and the
-        global object, before deciding to perform elimination.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalObjectFor):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::globalObjectFor):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::globalVarLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-
-2011-11-16  Michael Saboff  <msaboff@apple.com>
-
-        Enable 8 Bit Strings in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=71337
-
-        This patch turns on 8 bit strings in StringImpl and enables
-        their use in JavaScriptCore. Some of the changes are to
-        turn on code that had been staged (Lexer.cpp, Identifier.cpp,
-        SmallStrings.cpp and some of StringImpl.{h,cpp}).
-        Other changes are minor fixes to make 8 bit strings work
-        (UString.h, StringImpl::getData16SlowCase()).
-        Changed StringBuffer to be a templated class based on character
-        type.  This change rippled into WebCore code as well.
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.exp:
-        * parser/Lexer.cpp:
-        (JSC::::append8): Changed to use 8 bit buffers.
-        (JSC::::parseIdentifier): Changed to use 8 bit buffers.
-        (JSC::::parseString): Changed to use 8 bit buffers.
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit
-        (JSC::Identifier::toUInt32FromCharacters): Templated helper.
-        (JSC::Identifier::toUInt32): Added 8 bit optimized path.
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings
-        * runtime/UString.h:
-        (JSC::UString::characters): Now calls StringImpl::characters()
-        * wtf/Forward.h:
-        * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type.
-        (WTF::StringBuffer::StringBuffer):
-        (WTF::StringBuffer::characters):
-        (WTF::StringBuffer::release):
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::create):
-        (WTF::StringImpl::getData16SlowCase): Fixed null terminated case.
-        (WTF::StringImpl::removeCharacters): Added 8 bit path.
-        (WTF::StringImpl::simplifyMatchedCharactersToSpace):
-        (WTF::StringImpl::simplifyWhiteSpace):
-        (WTF::equal): Removed bug from code copied from null terminated version.
-        (WTF::StringImpl::adopt): Added 8 bit path.
-        (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation.
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::StringImpl): Added new 8 bit constructor.
-        (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED().
-        (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings.
-        (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings.
-        * wtf/text/WTFString.h:
-        (WTF::String::adopt): Changed to use StringBuffer template.
-
-2011-11-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize ExecutableBase::clearCodeVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=72337
-
-        Reviewed by Darin Adler.
-
-        Added static finalize functions to the subclasses of ExecutableBase that provide an implementation 
-        of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method,
-        and had the finalize functions call the corresponding clearCode methods.
-
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::clearCode):
-        (JSC::NativeExecutable::finalize):
-        (JSC::EvalExecutable::finalize):
-        (JSC::EvalExecutable::clearCode):
-        (JSC::ProgramExecutable::finalize):
-        (JSC::ProgramExecutable::clearCode):
-        (JSC::FunctionExecutable::discardCode):
-        (JSC::FunctionExecutable::finalize):
-        (JSC::FunctionExecutable::clearCode):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::finishCreation):
-        (JSC::NativeExecutable::create):
-        (JSC::EvalExecutable::create):
-        (JSC::ProgramExecutable::create):
-        (JSC::FunctionExecutable::create):
-
-2011-11-16  Yusuke Suzuki  <utatane.tea@gmail.com>
-
-        String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral
-        https://bugs.webkit.org/show_bug.cgi?id=71572
-
-        Reviewed by Gavin Barraclough and Darin Adler.
-
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectSource):
-
-2011-11-16  Darin Adler  <darin@apple.com>
-
-        Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer
-        https://bugs.webkit.org/show_bug.cgi?id=72475
-
-        Reviewed by Adam Roben.
-
-        * wtf/HashTraits.h: Specialize HashTraits for OwnPtr.
-        Do overloads so we can pass a nullptr and also be sure to get the
-        raw pointer type from the OwnPtr template so we handle both forms
-        of OwnPtr: OwnPtr<T> and OwnPtr<T*>.
-
-2011-11-16  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
-
-        Reviewed by Tor Arne Vestbø.
-
-        * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
-
-2011-11-16  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed, rolling out r100266.
-        http://trac.webkit.org/changeset/100266
-
-        Broke WTR.
-
-        * Target.pri:
-
-2011-11-16  Darin Adler  <darin@apple.com>
-
-        Add a "pass type" and "peek type" concept to HashTraits
-        https://bugs.webkit.org/show_bug.cgi?id=72473
-
-        Reviewed by Filip Pizlo.
-
-        * wtf/HashTraits.h: Added the pass type and peek type.
-        For OwnPtr, the pass type will be PassOwnPtr and the peek
-        type will be a raw pointer.
-
-2011-11-16  Darin Adler  <darin@apple.com>
-
-        Fix some hash traits that don't derive from the base hash traits
-        https://bugs.webkit.org/show_bug.cgi?id=72470
-
-        Reviewed by Filip Pizlo.
-
-        Hash traits structures need to derive from the base hash traits in
-        HashTraits.h, but some were not. This is needed for compatibility with
-        some additional traits we will be adding to make OwnPtr work with HashMap.
-
-        * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from
-        HashTraits<int>. This enabled removal of all the members except for the
-        ones that control the empty value, because this is otherwise the same
-        as the standard int hash.
-
-        * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive
-        from HashTraits<SymbolTableEntry> and removed redundant members.
-
-2011-11-15  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r100375 and r100385.
-        http://trac.webkit.org/changeset/100375
-        http://trac.webkit.org/changeset/100385
-        https://bugs.webkit.org/show_bug.cgi?id=72465
-
-        They broke 32 bit builds on Qt (Requested by ossy on #webkit).
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArgList.cpp:
-        (JSC::ArgList::getSlice):
-        * runtime/ArgList.h:
-        (JSC::ArgList::ArgList):
-        * runtime/JSArray.cpp:
-        * runtime/JSArray.h:
-        * runtime/JSGlobalObject.h:
-
-2011-11-15  George Staikos  <staikos@webkit.org>
-
-        Remove the guard page from the addressable stack region on QNX.
-        https://bugs.webkit.org/show_bug.cgi?id=72455
-
-        Reviewed by Daniel Bates.
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize):
-
-2011-11-15  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=72323
-
-        Added 8 bit optimized paths for String and UString ascii() and utf8() methods.
-
-        Added String::characters8(), characters16() and is8Bit() helper methods.
-
-        Added an new Unicode::convertLatin1ToUTF8() method that works on
-        LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8().
-
-        Reviewed by Geoff Garen.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/UString.cpp:
-        (JSC::UString::utf8):
-        * wtf/text/WTFString.cpp:
-        (WTF::String::ascii):
-        (WTF::String::utf8):
-        * wtf/text/WTFString.h:
-        (WTF::String::characters8):
-        (WTF::String::characters16):
-        (WTF::String::is8Bit):
-        (WTF::LChar):
-        (WTF::UChar):
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::convertLatin1ToUTF8):
-        * wtf/unicode/UTF8.h:
-        * wtf/unicode/Unicode.h:
-
-2011-11-15  Darin Adler  <darin@apple.com>
-
-        REGRESSION (r98887): ParserArena and Keywords leaking
-        https://bugs.webkit.org/show_bug.cgi?id=72428
-
-        Reviewed by Sam Weinig.
-
-        * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr
-        need to be able to destroy it.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members.
-
-        * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr.
-
-2011-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed another use of ArgList that baked in the assumption that arguments
-        are forward in the regiter file.
-
-        Reviewed by Sam Weinig.
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of
-        working through ArgList.
-
-        * runtime/ArgList.h: Removed!
-
-2011-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed a use of ArgList that baked in the assumption that arguments
-        are forward in the regiter file.
-
-        Reviewed by Sam Weinig.
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Use new API.
-
-        * runtime/ArgList.cpp:
-        (JSC::ArgList::getSlice): No need to provide an arbitrary constructor --
-        getSlice can do the right thing by using its rights to private data.
-
-        * runtime/ArgList.h: Removed constructor that took a forward-contiguous
-        set of arguments.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::finishCreation):
-        * runtime/JSArray.h:
-        (JSC::JSArray::create):
-        * runtime/JSGlobalObject.h:
-        (JSC::constructArray): Added explicit support for creating an array from
-        a pre-allocated set of values, so we could stop relying on the ArgList
-        API we want to remove.
-
-2011-11-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
-        https://bugs.webkit.org/show_bug.cgi?id=72292
-
-        Reviewed by Geoff Garen.
-        
-        We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling
-        an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion()
-        instead of CodeBlock::alternative().
-        
-        No performance effect.
-        
-        No tests because all of our heuristics work very hard to make sure that this never happens in
-        the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation)
-        is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still
-        because the whole point of jettisoning is to bring the probability of future OSR exits to as
-        close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR
-        exit after a jettison to be the first of its kind; our whole design tries to ensure that
-        CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning
-        is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR
-        compilation. So this is a truly evil case, and any test for it would be quite fragile.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::specializationKind):
-        (JSC::CodeBlock::largeFailCountThreshold):
-        (JSC::CodeBlock::largeFailCountThresholdForLoop):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
-        (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
-        (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-
-2011-11-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Use MarkedArgumentBuffer to avoid making assumptions about argument order
-        https://bugs.webkit.org/show_bug.cgi?id=72418
-
-        Reviewed by Sam Weinig.
-        
-        A step toward reversing the argument order.
-
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::toJSON):
-        (JSC::Stringifier::appendStringifiedValue):
-        (JSC::Walker::callReviver): Don't assume that ArgList wants to point
-        at arguments in forward order. Instead, use MarkedArgumentBuffer, which
-        will make the decision for us.
-
-2011-11-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should distinguish between constants in the constant pool and weak
-        constants added as artifacts of code generation
-        https://bugs.webkit.org/show_bug.cgi?id=72367
-
-        Reviewed by Geoff Garen.
-        
-        Added the notion of a WeakJSConstant, which is like a JSConstant except that
-        it can only refer to JSCell*. Currently all WeakJSConstants are also backed
-        by constants in the constant pool, since weak references originated from
-        machine code are not yet properly handled.
-        
-        Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant
-        and CheckStructure. This results in improved CSE, leading to a 1% win on V8.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::prepareToParseBlock):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::getJSConstantPrediction):
-        (JSC::DFG::Graph::valueOfJSConstant):
-        (JSC::DFG::Graph::valueOfInt32Constant):
-        (JSC::DFG::Graph::valueOfNumberConstant):
-        (JSC::DFG::Graph::valueOfBooleanConstant):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::isWeakConstant):
-        (JSC::DFG::Node::hasConstant):
-        (JSC::DFG::Node::weakConstant):
-        (JSC::DFG::Node::valueOfJSConstant):
-        (JSC::DFG::Node::isInt32Constant):
-        (JSC::DFG::Node::isDoubleConstant):
-        (JSC::DFG::Node::isNumberConstant):
-        (JSC::DFG::Node::isBooleanConstant):
-        (JSC::DFG::Node::hasIdentifier):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-15  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 bit Strings - Initial JS String Tuning
-        https://bugs.webkit.org/show_bug.cgi?id=72326
-
-        Added 8 bit optimized paths for the methods below.
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSString.h:
-        (JSC::jsSubstring8):
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstrings):
-        (JSC::jsSpliceSubstringsWithSeparators):
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncCharCodeAt):
-
-2011-11-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Result of Error.prototype.toString not ES5 conformant
-        https://bugs.webkit.org/show_bug.cgi?id=70889
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-
-2011-11-15  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
-
-        Reviewed by Tor Arne Vestbø.
-
-        * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
-
-2011-11-15  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Remove DFGJITCompilerInlineMethods
-        https://bugs.webkit.org/show_bug.cgi?id=72366
-
-        Reviewed by Filip Pizlo.
-
-        Those methods are actually seldom used. Modify the few such places and
-        remove DFGJITCompilerInlineMethods stuffs totally.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addressOfDoubleConstant):
-        * dfg/DFGJITCompilerInlineMethods.h: Removed.
-        * dfg/DFGSpeculativeJIT.cpp:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentFillFPR):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::cachedGetMethod):
-
-2011-11-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined
-        https://bugs.webkit.org/show_bug.cgi?id=72348
-
-        Reviewed by Gavin Barraclough.
-        
-        Moved all of JITCodeGenerator into SpeculativeJIT.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGJITCodeGenerator.cpp: Removed.
-        * dfg/DFGJITCodeGenerator.h: Removed.
-        * dfg/DFGJITCodeGenerator32_64.cpp: Removed.
-        * dfg/DFGJITCodeGenerator64.cpp: Removed.
-        * dfg/DFGJITCompiler.cpp:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryCachePutByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::clearGenerationInfo):
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-        (JSC::DFG::SpeculativeJIT::useChildren):
-        (JSC::DFG::SpeculativeJIT::isStrictInt32):
-        (JSC::DFG::SpeculativeJIT::isKnownInteger):
-        (JSC::DFG::SpeculativeJIT::isKnownNumeric):
-        (JSC::DFG::SpeculativeJIT::isKnownCell):
-        (JSC::DFG::SpeculativeJIT::isKnownNotCell):
-        (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
-        (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
-        (JSC::DFG::SpeculativeJIT::isKnownBoolean):
-        (JSC::DFG::SpeculativeJIT::writeBarrier):
-        (JSC::DFG::SpeculativeJIT::markCellCard):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
-        (JSC::DFG::dataFormatString):
-        (JSC::DFG::SpeculativeJIT::dump):
-        (JSC::DFG::SpeculativeJIT::checkConsistency):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        (JSC::DFG::GPRTemporary::adopt):
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::at):
-        (JSC::DFG::SpeculativeJIT::lock):
-        (JSC::DFG::SpeculativeJIT::unlock):
-        (JSC::DFG::SpeculativeJIT::canReuse):
-        (JSC::DFG::SpeculativeJIT::reuse):
-        (JSC::DFG::SpeculativeJIT::allocate):
-        (JSC::DFG::SpeculativeJIT::tryAllocate):
-        (JSC::DFG::SpeculativeJIT::fprAllocate):
-        (JSC::DFG::SpeculativeJIT::isFilled):
-        (JSC::DFG::SpeculativeJIT::isFilledDouble):
-        (JSC::DFG::SpeculativeJIT::use):
-        (JSC::DFG::SpeculativeJIT::selectScratchGPR):
-        (JSC::DFG::SpeculativeJIT::silentSpillGPR):
-        (JSC::DFG::SpeculativeJIT::silentSpillFPR):
-        (JSC::DFG::SpeculativeJIT::silentFillGPR):
-        (JSC::DFG::SpeculativeJIT::silentFillFPR):
-        (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
-        (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
-        (JSC::DFG::SpeculativeJIT::boxDouble):
-        (JSC::DFG::SpeculativeJIT::unboxDouble):
-        (JSC::DFG::SpeculativeJIT::spill):
-        (JSC::DFG::SpeculativeJIT::isConstant):
-        (JSC::DFG::SpeculativeJIT::isJSConstant):
-        (JSC::DFG::SpeculativeJIT::isInt32Constant):
-        (JSC::DFG::SpeculativeJIT::isDoubleConstant):
-        (JSC::DFG::SpeculativeJIT::isNumberConstant):
-        (JSC::DFG::SpeculativeJIT::isBooleanConstant):
-        (JSC::DFG::SpeculativeJIT::isFunctionConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
-        (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
-        (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
-        (JSC::DFG::SpeculativeJIT::isNullConstant):
-        (JSC::DFG::SpeculativeJIT::identifier):
-        (JSC::DFG::SpeculativeJIT::flushRegisters):
-        (JSC::DFG::SpeculativeJIT::isFlushed):
-        (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr):
-        (JSC::DFG::SpeculativeJIT::bitOp):
-        (JSC::DFG::SpeculativeJIT::shiftOp):
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::addressOfCallData):
-        (JSC::DFG::SpeculativeJIT::tagOfCallData):
-        (JSC::DFG::SpeculativeJIT::payloadOfCallData):
-        (JSC::DFG::SpeculativeJIT::integerResult):
-        (JSC::DFG::SpeculativeJIT::noResult):
-        (JSC::DFG::SpeculativeJIT::cellResult):
-        (JSC::DFG::SpeculativeJIT::booleanResult):
-        (JSC::DFG::SpeculativeJIT::jsValueResult):
-        (JSC::DFG::SpeculativeJIT::storageResult):
-        (JSC::DFG::SpeculativeJIT::doubleResult):
-        (JSC::DFG::SpeculativeJIT::initConstantInfo):
-        (JSC::DFG::SpeculativeJIT::resetCallArguments):
-        (JSC::DFG::SpeculativeJIT::addCallArgument):
-        (JSC::DFG::SpeculativeJIT::setupArguments):
-        (JSC::DFG::SpeculativeJIT::setupArgumentsExecState):
-        (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
-        (JSC::DFG::SpeculativeJIT::setupTwoStubArgs):
-        (JSC::DFG::SpeculativeJIT::setupStubArguments):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
-        (JSC::DFG::SpeculativeJIT::setupResults):
-        (JSC::DFG::SpeculativeJIT::appendCallSetResult):
-        (JSC::DFG::SpeculativeJIT::addBranch):
-        (JSC::DFG::SpeculativeJIT::linkBranches):
-        (JSC::DFG::SpeculativeJIT::block):
-        (JSC::DFG::SpeculativeJIT::checkConsistency):
-        (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
-        (JSC::DFG::IntegerOperand::IntegerOperand):
-        (JSC::DFG::IntegerOperand::~IntegerOperand):
-        (JSC::DFG::IntegerOperand::index):
-        (JSC::DFG::IntegerOperand::format):
-        (JSC::DFG::IntegerOperand::gpr):
-        (JSC::DFG::IntegerOperand::use):
-        (JSC::DFG::DoubleOperand::DoubleOperand):
-        (JSC::DFG::DoubleOperand::~DoubleOperand):
-        (JSC::DFG::DoubleOperand::index):
-        (JSC::DFG::DoubleOperand::fpr):
-        (JSC::DFG::DoubleOperand::use):
-        (JSC::DFG::JSValueOperand::JSValueOperand):
-        (JSC::DFG::JSValueOperand::~JSValueOperand):
-        (JSC::DFG::JSValueOperand::index):
-        (JSC::DFG::JSValueOperand::gpr):
-        (JSC::DFG::JSValueOperand::jsValueRegs):
-        (JSC::DFG::JSValueOperand::isDouble):
-        (JSC::DFG::JSValueOperand::fill):
-        (JSC::DFG::JSValueOperand::tagGPR):
-        (JSC::DFG::JSValueOperand::payloadGPR):
-        (JSC::DFG::JSValueOperand::fpr):
-        (JSC::DFG::JSValueOperand::use):
-        (JSC::DFG::StorageOperand::StorageOperand):
-        (JSC::DFG::StorageOperand::~StorageOperand):
-        (JSC::DFG::StorageOperand::index):
-        (JSC::DFG::StorageOperand::gpr):
-        (JSC::DFG::StorageOperand::use):
-        (JSC::DFG::GPRTemporary::~GPRTemporary):
-        (JSC::DFG::GPRTemporary::gpr):
-        (JSC::DFG::FPRTemporary::~FPRTemporary):
-        (JSC::DFG::FPRTemporary::fpr):
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        (JSC::DFG::GPRResult::GPRResult):
-        (JSC::DFG::GPRResult2::GPRResult2):
-        (JSC::DFG::FPRResult::FPRResult):
-        (JSC::DFG::FPRResult::lockedResult):
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::cachedGetMethod):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::cachedGetMethod):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * runtime/JSFunction.h:
-
-2011-11-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Weak reference harvesters should run to fixpoint
-        https://bugs.webkit.org/show_bug.cgi?id=72346
-
-        Reviewed by Oliver Hunt.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * heap/ListableHandler.h:
-        (JSC::ListableHandler::next):
-        (JSC::ListableHandler::List::head):
-        (JSC::ListableHandler::List::removeNext):
-        (JSC::ListableHandler::List::removeAll):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::reset):
-        (JSC::SlotVisitor::harvestWeakReferences):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::isEmpty):
-
-2011-11-14  Oliver Hunt  <oliver@apple.com>
-
-        Start migrating typed array impl types to WTF
-        https://bugs.webkit.org/show_bug.cgi?id=72336
-
-        Reviewed by Geoffrey Garen.
-
-        Add typed array impls to WTF forwarding header.
-
-        * wtf/Forward.h:
-
-2011-11-14  Julien Chaffraix  <jchaffraix@webkit.org>
-
-        Add --css-grid-layout to build-webkit and the build systems
-        https://bugs.webkit.org/show_bug.cgi?id=72320
-
-        Reviewed by Ojan Vafai.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-11-14  Geoffrey Garen  <ggaren@apple.com>
-
-        A little bit of arguments / activation cleanup
-        https://bugs.webkit.org/show_bug.cgi?id=72339
-
-        Reviewed by Gavin Barraclough.
-        
-        Renamed copyRegisters => tearOff to match bytecode and other terminology.
-        
-        Renamed setActivation => didTearOffActivation to indicate that this is a
-        notification the object may choose to ignore. Moved "Should I ignore?"
-        code into the arguments object to avoid duplication elsewhere.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createAndTearOff):
-        (JSC::Arguments::didTearOffActivation):
-        (JSC::Arguments::finishCreationButDontTearOff):
-        (JSC::Arguments::finishCreation):
-        (JSC::Arguments::finishCreationAndTearOff):
-        (JSC::Arguments::tearOff):
-
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::tearOff): Moved Activation's code into its own header
-        because that's where it belongs.
-
-2011-11-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Should sign the jsc binary
-        https://bugs.webkit.org/show_bug.cgi?id=72332
-
-        Reviewed by David Kilzer.
-
-        * Configurations/JSC.xcconfig:
-        * entitlements.plist: Added.
-
-2011-11-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG's inline references to objects should be tracked
-        https://bugs.webkit.org/show_bug.cgi?id=72313
-
-        Reviewed by Gavin Barraclough.
-        
-        Added a pinCell() method in the parser that currently creates a
-        dummy constant in CodeBlock. Added calls to pinCell() wherever the
-        DFG would inline a constant reference that the original code would
-        not have referred to.
-        
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getCellConstantIndex):
-        (JSC::DFG::ByteCodeParser::pinCell):
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-11-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG put_by_id transition optimizations test the wrong structures
-        https://bugs.webkit.org/show_bug.cgi?id=72324
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::structureChainIsStillValid):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2011-11-14  Michael Saboff  <msaboff@apple.com>
-
-        Further changes and cleanup to JSString.h and cpp.
-
-        Reviewed by Darin Adler.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr.  Eliminated exec in slow case calls.
-        (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name.
-        (JSC::JSString::resolveRopeSlowCase): Removed exec parameter.
-        * runtime/JSString.h:
-
-2011-11-14  Adam Barth  <abarth@webkit.org>
-
-        DateMath.cpp should not depend on JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=71747
-
-        Reviewed by Darin Adler.
-
-        This patch moves the JSC-specific parts of DateMath into JSDateMath in
-        JavaScriptCore.  There shouldn't be any behavior change.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateConversion.cpp:
-        * runtime/DateInstance.cpp:
-        * runtime/DateInstanceCache.h:
-        * runtime/DatePrototype.cpp:
-        * runtime/InitializeThreading.cpp:
-        * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp.
-        (JSC::timeToMS):
-        (JSC::msToSeconds):
-        * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h.
-        * wtf/DateMath.cpp:
-        (WTF::isLeapYear):
-        (WTF::msToDays):
-        (WTF::msToMinutes):
-        (WTF::msToHours):
-        (WTF::parseDateFromNullTerminatedCharacters):
-        (WTF::makeRFC2822DateString):
-        * wtf/DateMath.h:
-
-2011-11-14  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 bit strings - Add 8 bit handling to JSString Ropes
-        https://bugs.webkit.org/show_bug.cgi?id=72317
-
-        Added bit to track that a rope is made up of all 8 bit fibers.
-        Created an 8 bit path (fast and slow cases) to handle 8 bit 
-        only ropes.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::resolveRopeSlowCase8):
-        (JSC::JSString::resolveRopeSlowCase16):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::finishCreation):
-        (JSC::RopeBuilder::is8Bit):
-        (JSC::jsSubstring8):
-
-2011-11-14  Geoffrey Garen  <ggaren@apple.com>
-
-        A little bit of function call cleanup
-        https://bugs.webkit.org/show_bug.cgi?id=72314
-
-        Reviewed by Oliver Hunt.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset
-        because this value doesn't give you the offset of the callee's call frame.
-
-        (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead
-        of greater-than. Removed comment since its reasoning was wrong.
-        
-        (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above.
-
-        (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way
-        to ask this question, giving the bytecode generator more freedom to change
-        internal implementation details.
-        
-        * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because
-        16 was overkill.
-        (JSC::CallArguments::registerOffset): Updated for rename mentioned above.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::CallArguments::CallArguments):
-        (JSC::CallArguments::newArgument): Factored out argument allocation into
-        a helper function, so I can change it later.
-
-        (JSC::CallFunctionCallDotNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above.
-
-2011-11-14  Tony Chang  <tony@chromium.org>
-
-        Remove the CSS3_FLEXBOX compile time flag and enable on all ports
-        https://bugs.webkit.org/show_bug.cgi?id=72196
-
-        Reviewed by Ojan Vafai.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-11-14  Mark Rowe  <mrowe@apple.com>
-
-        <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore
-
-        testRegExp and testapi.js were being installed in the JavaScriptCore framework.
-        As test-only tools they shouldn't be installed there by default, only when
-        FORCE_TOOL_INSTALL is set to YES.
-
-        This patch incorprorates a few related changes:
-        1) Make the jsc and testRegExp targets be configured via .xcconfig files.
-        2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when
-           FORCE_TOOL_INSTALL is YES.
-        3) Switches the testapi target to using a script build phase to install testapi.js
-           so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure
-           why this isn't the built-in behavior when a Copy Files build phase has "Copy only
-           when installing" checked, but it doesn't seem to be.
-        4) Other random cleanup such as removing a bogus group that refers to files that do
-           not exist, moving testRegExp.cpp in to the tests group, etc.
-
-        Reviewed by Geoff Garen.
-
-        * Configurations/JSC.xcconfig: Added.
-        * Configurations/TestRegExp.xcconfig: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-11-14  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 bit strings - Add 8 bit paths to StringImpl methods
-        https://bugs.webkit.org/show_bug.cgi?id=72290
-
-        Added 8 bit patchs to StringImpl to number and find methods.
-
-        Reviewed by Oliver Hunt.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::toIntStrict):
-        (WTF::StringImpl::toUIntStrict):
-        (WTF::StringImpl::toInt64Strict):
-        (WTF::StringImpl::toUInt64Strict):
-        (WTF::StringImpl::toIntPtrStrict):
-        (WTF::StringImpl::toInt):
-        (WTF::StringImpl::toUInt):
-        (WTF::StringImpl::toInt64):
-        (WTF::StringImpl::toUInt64):
-        (WTF::StringImpl::toIntPtr):
-        (WTF::StringImpl::toDouble):
-        (WTF::StringImpl::toFloat):
-        (WTF::StringImpl::find):
-        (WTF::StringImpl::reverseFind):
-        * wtf/text/WTFString.cpp:
-        (WTF::toIntegralType):
-        (WTF::lengthOfCharactersAsInteger):
-        (WTF::charactersToIntStrict):
-        (WTF::charactersToUIntStrict):
-        (WTF::charactersToInt64Strict):
-        (WTF::charactersToUInt64Strict):
-        (WTF::charactersToIntPtrStrict):
-        (WTF::charactersToInt):
-        (WTF::charactersToUInt):
-        (WTF::charactersToInt64):
-        (WTF::charactersToUInt64):
-        (WTF::charactersToIntPtr):
-        (WTF::toDoubleType):
-        (WTF::charactersToDouble):
-        (WTF::charactersToFloat):
-        * wtf/text/WTFString.h:
-        (WTF::find):
-        (WTF::reverseFind):
-
-2011-11-14  Vincent Scheib  <scheib@chromium.org>
-
-        Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags
-        https://bugs.webkit.org/show_bug.cgi?id=72286
-
-        Reviewed by Adam Barth.
-
-        * wtf/Platform.h:
-
-2011-11-14  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=72280
-
-        Rubber stamped by Geoff Garen.
-
-        Fix 32-bit Lion.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-
-2011-11-14  Geoffrey Garen  <ggaren@apple.com>
-
-        32-bit Build fix: declare virtual register indices to be int rather than
-        unsigned, since they can be positive or negative.
-        
-        For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
-        state, since we'll never load and operate on the ReturnPC as a JS value.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadTag):
-        (JSC::JIT::emitLoadPayload):
-        (JSC::JIT::emitLoad):
-        (JSC::JIT::emitLoad2):
-        (JSC::JIT::emitLoadDouble):
-        (JSC::JIT::emitLoadInt32ToDouble):
-        (JSC::JIT::emitStore):
-        (JSC::JIT::emitStoreInt32):
-        (JSC::JIT::emitStoreAndMapInt32):
-        (JSC::JIT::emitStoreCell):
-        (JSC::JIT::emitStoreBool):
-        (JSC::JIT::emitStoreDouble):
-        (JSC::JIT::map):
-        (JSC::JIT::unmap):
-        (JSC::JIT::isMapped):
-        (JSC::JIT::getMappedPayload):
-        (JSC::JIT::getMappedTag):
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-
-2011-11-14  Michael Saboff  <msaboff@apple.com>
-
-        Remove unused m_data member from UStringSourceProvider
-        https://bugs.webkit.org/show_bug.cgi?id=72289
-
-        Removed unused m_data member from UStringSourceProvider.
-
-        Reviewed by Oliver Hunt.
-
-        * parser/SourceProvider.h:
-        (JSC::UStringSourceProvider::UStringSourceProvider):
-
-2011-11-14  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 Bit Strings: Templatize YARR Parser
-        https://bugs.webkit.org/show_bug.cgi?id=72288
-
-        Changed Yarr::Parser to be a template based on character type.
-
-        Reviewed by Oliver Hunt.
-
-        * yarr/YarrParser.h:
-        (JSC::Yarr::Parser::Parser):
-        (JSC::Yarr::parse):
-
-2011-11-14  Geoffrey Garen  <ggaren@apple.com>
-
-        32-bit build fix: Removed unused declaration.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-11-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Standardized the JS calling convention
-        https://bugs.webkit.org/show_bug.cgi?id=72221
-        
-        Reviewed by Oliver Hunt.
-
-        This patch standardizes the calling convention so that the caller always
-        sets up the callee's CallFrame. Adjustments for call type, callee type,
-        argument count, etc. now always take place after that initial setup.
-        
-        This is a step toward reversing the argument order, but also has these
-        immediate benefits (measured on x64):
-        
-        (1) 1% benchmark speedup across the board.
-        
-        (2) 50% code size reduction in baseline JIT function calls.
-        
-        (3) 1.5x speedup for single-dispatch .apply forwarding.
-        
-        (4) 1.1x speedup for multi-dispatch .apply forwarding.
-
-        This change affected the baseline JIT most, since the baseline JIT had
-        lots of ad hoc calling conventions for different caller / callee types.
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::branchPtr):
-        (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
-        a test, like other assemblers do. (I added some compares to 0, and didn't
-        want them to be slow.)
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
-        op_call_varargs could share code generation with other forms of op_call.
-        This is also a small optimization, since op_*varargs no longer have to
-        pass arguments to each other through the register file.
-
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
-        us to link functions called through .apply syntax. We need to distinguish
-        CallVarargs from Call because CallVarargs changes its argument count
-        on each inovcation, so we must always link to the argument count checking
-        version of the callee.
-
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
-        some of this bytecode generation to remove redundant copies.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
-        DFG doesn't support this type, but its code needs to change slightly
-        to accomodate a 3-state variable.
-
-        Stopped passing the argument count in regT1 because this is non-standard.
-        (The argument count goes in the CallFrame. This trades speed on the slow
-        path for speed and code size on the fast path, and simplicity on all paths.
-        A good trade, in my opinion.)
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
-        setup more obvious when single-stepping. Also, updated for argument count
-        not being in regT1.
-
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addJSCall):
-        (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
-        type: CallVarargs.
-
-        * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
-        doing anything else. Don't check for stack overflow because we have no callee
-        registers, and our caller has already checked for its own registers.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
-        count doesn't match -- we just need to link to the argument count checking
-        version.
-
-        * interpreter/CallFrameClosure.h:
-        (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
-        arguments from C++, we need to supply a full copy of the arguments prior
-        to the subset copy that matches our callee's argument count. (That is what
-        the standard calling convention would have produced in JS.) I would have
-        split this into its own patch, but I couldn't find a way to get the JIT
-        to fail a regression test in this area without my patch applied.
-
-        * interpreter/Interpreter.cpp: Let the true code bomb begin!
-
-        (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
-        and not eval()'s caller frame. We no longer leave the CallFrame pointing
-        to eval()'s caller during a call to eval(), since that is not standard.
-
-        (JSC::loadVarargs): Factored out a shared helper function for use by JIT
-        and interpreter because half the code means one quarter the bugs -- in my
-        programming, at least.
-
-        (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
-        
-        (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
-        putDirect, because it got in the way of my testing. (When putting a
-        function, the cached base of a PutPropertySlot can be 0 to signify "do
-        not optimize".)
-        
-        op_call_eval: Updated for new, standard eval calling convention.
-        
-        op_load_varargs: Merged op_load_varargs into op_call_varargs.
-
-        op_call_varags: Updated for new, standard eval calling convention. Don't
-        check for stack overflow because the loadVarargs helper function already
-        checked.
-
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::execute): Headers are fun and educational!
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::growSlowCase):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::grow): Factored out the slow case into a slow
-        case because it was cramping the style of my fast case.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile): Moved initialization of
-        RegisterFile::CodeBlock to make it more obvious when debugging. Removed
-        assumption that argument count is in regT1, as above. Removed call to
-        restoreArgumentReference() because the JITStubCall abstraction does this for us.
-
-        (JSC::JIT::linkFor): Link even if we miss on argument count, as above.
-
-        * jit/JIT.h:
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emitSlow_op_call):
-        (JSC::JIT::emitSlow_op_call_eval):
-        (JSC::JIT::emitSlow_op_call_varargs):
-        (JSC::JIT::emitSlow_op_construct):
-        (JSC::JIT::emit_op_call_eval):
-        (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
-        Don't count call_eval when accounting for linkable function calls because
-        eval doesn't link. (Its fast path is to perform the eval.)
-
-        (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
-        to our new calling convention. The key to this optimization is the
-        observation that, in a function that declares no arguments, if any
-        arguments are passed, they all end up right behind 'this'.
-
-        (JSC::JIT::compileCallEval):
-        (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
-
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
-        this is the whole point of my patch. The caller now unconditionally moves
-        the CallFrame forward and fills in the data it knows before taking any
-        branches to deal with weird caller/callee pairs.
-        
-        This also means that there is almost no slow path for calls -- it all
-        gets folded into the shared virtual call stub. The only things remaining
-        in the slow path are the rare case counter and a call to the stub.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
-        different registers or in memory, based on our new standard calling
-        convention.
-        
-        Added a shared path for calling out to CTI helper functions for non-JS
-        calls.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check): method_check emits its own code and
-        the following get_by_id's code, so it needs to add both when informing
-        result chaining of its result. This is important because the standard
-        calling convention can now take advantage of this chaining.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        (JSC::JIT::compileCallEval):
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emit_op_call_eval):
-        (JSC::JIT::emit_op_call_varargs):
-        (JSC::JIT::emitSlow_op_call):
-        (JSC::JIT::emitSlow_op_call_eval):
-        (JSC::JIT::emitSlow_op_call_varargs):
-        (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
-        second time, now with 64 bits.
-
-        * jit/JITStubs.cpp:
-        (JSC::throwExceptionFromOpCall):
-        (JSC::jitCompileFor):
-        (JSC::arityCheckFor):
-        (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
-        Exceptions thrown in the middle of a function call now use a shared helper
-        function (throwExceptionFromOpCall). This function understands that the
-        CallFrame currently points to the callEE, and the exception must be
-        thrown by the callER. (The old calling convention would often still have
-        the CallFrame pointing at the callER at the point of an exception. That
-        is not the way of our new, standard calling convention.)
-
-        (JSC::op_call_eval): Finish standard CallFrame setup before calling 
-        our eval helper function, which now depends on that setup.
-
-        * runtime/Arguments.h:
-        (JSC::Arguments::length): Renamed numProvidedArguments() to length()
-        because that's what other objects call it, and the difference made our
-        new loadVarargs helper function hard to read.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
-        fixes.
-
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
-        the .apply call_varargs optimization fails. (This bug appears on layout
-        tests when you disable the optimization.)
-
-2011-11-11  Jer Noble  <jer.noble@apple.com>
-
-        Implement MediaController.
-        https://bugs.webkit.org/show_bug.cgi?id=71408
-
-        Reviewed by Eric Carlson.
-
-        Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as 
-        CoreAudioClock.h is not available there.
-
-        * wtf/Platform.h:
-
-2011-11-14  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Remove dependency on pthread from FastMalloc
-        https://bugs.webkit.org/show_bug.cgi?id=72098
-
-        Reviewed by Adam Roben.
-
-        All pthread calls are already ported to native Windows calls.
-        Use the native version for all OS(WINDOWS) to remove the
-        runtime dependency on the pthread dll.
-
-        * wtf/FastMalloc.cpp:
-
-2011-11-14  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Replace use of QApplication with QGuiApplication.
-
-        Reviewed by Tor Arne Vestbø.
-
-        * wtf/qt/compat/qguiapplication.h:
-        (QGuiApplication::styleHints): Introduce styleHints wrapper hack.
-
-2011-11-14  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck build.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2011-11-11  Yury Semikhatsky  <yurys@chromium.org>
-
-        Web Inspector: function remote objetct should provide access to function position in the script
-        https://bugs.webkit.org/show_bug.cgi?id=71808
-
-        Exposed accessor for function source code.
-
-        Reviewed by Pavel Feldman.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::sourceCode):
-        * runtime/JSFunction.h:
-
-2011-11-13  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Fix silent spilling/filling GPRs in DFG 32_64
-        https://bugs.webkit.org/show_bug.cgi?id=72201
-
-        Reviewed by Gavin Barraclough.
-
-        Current silentSpillGPR/silentFillGPR may not work as expected for some
-        cases in 32_64. If there's a JSValue which was retained by two GPRs,
-        we may end up failing to spill/fill some GPRs or redundantly
-        spilling/filling some GPRs. For example, if we tend to exclude "eax"
-        from spilling while a JSValue is retained by both "eax" and "edx",
-        then "edx" won't be spilled as well (wrong). And if another JSValue is
-        retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
-        twice. The similar problem applies to silentFillGPR.
-        The fix is to make silentSpillGPR/silentFillGPR more straightforward,
-        i.e., spilling/filling based on the GPR instead of the virtual
-        register. FPR spilling/filling is also modified accordingly to make it
-        consistent with GPR spilling/filling.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
-        (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
-
-2011-11-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        [Qt][Symbian] Remove support for WINSCW compiler
-        https://bugs.webkit.org/show_bug.cgi?id=70178
-
-        Reviewed by Chang Shu.
-
-        * API/JSStringRef.h:
-        * create_hash_table: Revert r45553.
-        * runtime/JSGlobalData.cpp: Revert r45553.
-        * runtime/LiteralParser.cpp: Remove WINSCW comment.
-        (JSC::LiteralParser::Lexer::lexString):
-        * runtime/Lookup.h: Revert r45553.
-        * runtime/Structure.h: Revert r48461.
-        * wtf/Alignment.h:
-        * wtf/Assertions.h: Revert r52337.
-        * wtf/Compiler.h:
-        * wtf/ListRefPtr.h: Revert r48988.
-        (WTF::ListRefPtr::~ListRefPtr):
-        * wtf/OwnArrayPtr.h: Revert r45911.
-        (WTF::OwnArrayPtr::operator UnspecifiedBoolType):
-        * wtf/PassOwnArrayPtr.h:
-        (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType):
-        * wtf/PassRefPtr.h:
-        * wtf/StaticConstructors.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-
-2011-11-12  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code.
-
-        * dfg/DFGCorrectableJumpPoint.cpp:
-        * dfg/DFGCorrectableJumpPoint.h:
-
-2011-11-12  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Move list of DFG source files into correct file
-        https://bugs.webkit.org/show_bug.cgi?id=72212
-
-        Reviewed by Daniel Bates.
-
-        The DFG files are platform independent. So move them from
-        the EFL specific file into the general CMakeLists.txt.
-
-        * CMakeLists.txt:
-        * PlatformEfl.cmake:
-
-2011-11-12  Patrick Gansterer  <paroga@webkit.org>
-
-        Fix "unused variable" warning in JSLock
-        https://bugs.webkit.org/show_bug.cgi?id=72213
-
-        Reviewed by Anders Carlsson.
-
-        Use ASSERT_UNUSED() instead of ASSERT() to make sure
-        that the variable is also used in the release build.
-
-        * runtime/JSLock.cpp:
-        (JSC::JSLock::lock):
-        (JSC::JSLock::unlock):
-
-2011-11-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Update iOS compiler version.
-
-        Reviewed by David Kilzer.
-
-        * Configurations/CompilerVersion.xcconfig:
-            - Update compiler version.
-
-2011-11-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Update iOS port's configuration setting, particularly in Platform.h
-        https://bugs.webkit.org/show_bug.cgi?id=72187
-        
-        Reviewed by David Kilzer.
-
-        * interpreter/Interpreter.h:
-            - Lower the reentry depth.
-        * runtime/DatePrototype.cpp:
-            - iOS also uses CF.
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
-            - Update fastmalloc configuration for iOS.
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-            - Added flag.
-        * wtf/Platform.h:
-            - Update platform configuration for iOS.
-
-2011-11-11  David Kilzer  <ddkilzer@apple.com>
-
-        Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X
-        <http://webkit.org/b/72175>
-
-        Reviewed by Joseph Pecoraro.
-
-        * wtf/Platform.h: Move the definition of the BUILDING_ON_* and
-        TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined
-        so that they're only defined on Mac OS X builds.  Also include
-        Availability.h, which is needed on iOS builds.
-
-2011-11-11  Darin Adler  <darin@apple.com>
-
-        Remove all releaseRef implementations except for RetainPtr
-        https://bugs.webkit.org/show_bug.cgi?id=71423
-
-        Reviewed by Julien Chaffraix.
-
-        * API/JSRetainPtr.h: Removed releaseRef.
-        * wtf/PassRefPtr.h: Removed releaseRef.
-
-2011-11-11  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
-        If an older Xcode downgrades this file and we have a risk of some kind of
-        oscillating commit situation, please contact me so I know not to do this again.
-
-2011-11-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add jsCast to replace static_cast
-        https://bugs.webkit.org/show_bug.cgi?id=72071
-
-        Reviewed by Geoffrey Garen.
-
-        Added new jsCast and changed all of the static_cast sites in functions that 
-        are in the MethodTable to use jsCast instead.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::toStringCallback):
-        (JSC::JSCallbackFunction::valueOfCallback):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::visitChildren):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::className):
-        (JSC::::getOwnPropertySlot):
-        (JSC::::getOwnPropertyDescriptor):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::deletePropertyByIndex):
-        (JSC::::getConstructData):
-        (JSC::::hasInstance):
-        (JSC::::getCallData):
-        (JSC::::getOwnPropertyNames):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::visitChildren):
-        (JSC::DebuggerActivation::className):
-        (JSC::DebuggerActivation::getOwnPropertySlot):
-        (JSC::DebuggerActivation::put):
-        (JSC::DebuggerActivation::putWithAttributes):
-        (JSC::DebuggerActivation::deleteProperty):
-        (JSC::DebuggerActivation::getOwnPropertyNames):
-        (JSC::DebuggerActivation::getOwnPropertyDescriptor):
-        (JSC::DebuggerActivation::defineGetter):
-        (JSC::DebuggerActivation::defineSetter):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        (JSC::Arguments::getOwnPropertySlotByIndex):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::getOwnPropertyNames):
-        (JSC::Arguments::putByIndex):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deletePropertyByIndex):
-        (JSC::Arguments::deleteProperty):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::getOwnPropertySlot):
-        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlot):
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::getOwnPropertySlot):
-        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getOwnPropertySlot):
-        (JSC::DateConstructor::getOwnPropertyDescriptor):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::getOwnPropertySlot):
-        (JSC::DatePrototype::getOwnPropertyDescriptor):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::getOwnPropertySlot):
-        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::clearCode):
-        (JSC::EvalExecutable::visitChildren):
-        (JSC::ProgramExecutable::visitChildren):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::visitChildren):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::getOwnPropertySlot):
-        (JSC::JSActivation::put):
-        (JSC::JSActivation::putWithAttributes):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putByIndex):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::visitChildren):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::hasInstance):
-        (JSC::JSBoundFunction::visitChildren):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertySlot):
-        (JSC::JSByteArray::getOwnPropertyDescriptor):
-        (JSC::JSByteArray::getOwnPropertySlotByIndex):
-        (JSC::JSByteArray::put):
-        (JSC::JSByteArray::putByIndex):
-        (JSC::JSByteArray::getOwnPropertyNames):
-        * runtime/JSCell.h:
-        (JSC::JSCell::visitChildren):
-        (JSC::jsCast):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::visitChildren):
-        (JSC::JSFunction::getCallData):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::getOwnPropertyNames):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::deleteProperty):
-        (JSC::JSFunction::getConstructData):
-        * runtime/JSGlobalData.cpp:
-        (JSC::StackPreservingRecompiler::operator()):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::put):
-        (JSC::JSGlobalObject::putWithAttributes):
-        (JSC::JSGlobalObject::defineGetter):
-        (JSC::JSGlobalObject::defineSetter):
-        (JSC::JSGlobalObject::visitChildren):
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        (JSC::JSGlobalObject::clearRareData):
-        * runtime/JSGlobalThis.cpp:
-        (JSC::JSGlobalThis::visitChildren):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::getOwnPropertySlot):
-        (JSC::JSONObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::finalize):
-        (JSC::JSObject::visitChildren):
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::put):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::deletePropertyByIndex):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getOwnPropertySlot):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::visitChildren):
-        (JSC::JSStaticScopeObject::put):
-        (JSC::JSStaticScopeObject::putWithAttributes):
-        (JSC::JSStaticScopeObject::getOwnPropertySlot):
-        * runtime/JSString.cpp:
-        (JSC::JSString::visitChildren):
-        (JSC::JSString::toThisObject):
-        (JSC::JSString::getOwnPropertySlot):
-        (JSC::JSString::getOwnPropertySlotByIndex):
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::deleteProperty):
-        (JSC::JSVariableObject::getOwnPropertyNames):
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::visitChildren):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertySlot):
-        (JSC::MathObject::getOwnPropertyDescriptor):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::visitChildren):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertySlot):
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::getOwnPropertySlot):
-        (JSC::NumberPrototype::getOwnPropertyDescriptor):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getOwnPropertySlot):
-        (JSC::ObjectConstructor::getOwnPropertyDescriptor):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::put):
-        (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getOwnPropertySlot):
-        (JSC::RegExpConstructor::getOwnPropertyDescriptor):
-        (JSC::RegExpConstructor::put):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
-        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-        (JSC::RegExpMatchesArray::put):
-        (JSC::RegExpMatchesArray::putByIndex):
-        (JSC::RegExpMatchesArray::deleteProperty):
-        (JSC::RegExpMatchesArray::deletePropertyByIndex):
-        (JSC::RegExpMatchesArray::getOwnPropertyNames):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::visitChildren):
-        (JSC::RegExpObject::getOwnPropertySlot):
-        (JSC::RegExpObject::getOwnPropertyDescriptor):
-        (JSC::RegExpObject::put):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::getOwnPropertySlot):
-        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::visitChildren):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getOwnPropertySlot):
-        (JSC::StringConstructor::getOwnPropertyDescriptor):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertySlot):
-        (JSC::StringObject::getOwnPropertySlotByIndex):
-        (JSC::StringObject::getOwnPropertyDescriptor):
-        (JSC::StringObject::deleteProperty):
-        (JSC::StringObject::getOwnPropertyNames):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::getOwnPropertySlot):
-        (JSC::StringPrototype::getOwnPropertyDescriptor):
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildren):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::visitChildren):
-
-2011-11-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Enable DFG JIT for ARMv7/iOS.
-
-        Rubber stamped by Oliver Hunt.
-
-        * wtf/Platform.h:
-            - enable DFG JIT for ARMv7/iOS.
-
-2011-11-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
-        https://bugs.webkit.org/show_bug.cgi?id=72035
-
-        Reviewed by Geoffrey Garen.
-
-        De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable.
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * interpreter/Interpreter.cpp: Ditto.
-        (JSC::Interpreter::execute):
-        * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers.
-        * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table.
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers.
-        (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table.
-        (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto.
-        (JSC::JSGlobalObject::shouldInterruptScript): Ditto.
-        * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup.
-        (JSC::TimeoutChecker::didTimeOut):
-
-2011-11-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSGlobalObject::allowsAccessFrom
-        https://bugs.webkit.org/show_bug.cgi?id=71969
-
-        Reviewed by Darin Adler.
-
-        * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to 
-        JSDOMWindowBase and WebScriptObject.
-
-2011-11-11  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r99950.
-        http://trac.webkit.org/changeset/99950
-        https://bugs.webkit.org/show_bug.cgi?id=72117
-
-        "Landed wrong patch by mistake" (Requested by yurys on
-        #webkit).
-
-        * JavaScriptCore.exp:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-
-2011-11-11  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r99898.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2011-11-10  Dan Bernstein  <mitz@apple.com>
-
-        Disabling assertions breaks the debug build
-        https://bugs.webkit.org/show_bug.cgi?id=72091
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGNode.h: Made hasIdentifier() available when assertions are
-        disabled. It is used in Graph::dump().
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation
-        only if assertions are enabled.
-        * wtf/Deque.h:
-        (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED.
-        * wtf/ThreadRestrictionVerifier.h:
-        (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of
-        a local variable that is only used in an assertion.
-
-2011-11-10  Filip Pizlo  <fpizlo@apple.com>
-
-        JSString forgets to clear m_fibers when resolving ropes
-        https://bugs.webkit.org/show_bug.cgi?id=72089
-
-        Reviewed by Geoff Garen.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRopeSlowCase):
-
-2011-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG byte array support sometimes clamps values incorrectly
-        https://bugs.webkit.org/show_bug.cgi?id=71975
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-
-2011-11-10  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueProfile/PredictedType contains dead code, and doesn't recognize functions
-        https://bugs.webkit.org/show_bug.cgi?id=72065
-
-        Reviewed by Gavin Barraclough and Geoff Garen.
-        
-        Added PredictFunction support, and did some cleaning up along the way.
-        ValueProfile no longer has statistics machinery, because we never used
-        it. Rearranged some bits in PredictedType to more easily make room for
-        one more object type. Changed some debug code to use more consistent
-        conventions (ByteArray becomes Bytearray so that if we ever have a
-        "Byte" prediction we don't get confused between a prediction that is
-        the union of Byte and Array and a prediction that indicates precisely
-        a ByteArray).
-
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionFromClassInfo):
-        * bytecode/PredictedType.h:
-        (JSC::isFunctionPrediction):
-        * bytecode/ValueProfile.cpp:
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::dump):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-11-10  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
-
-        Reviewed by Joseph Pecoraro.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
-        script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
-        for installation.  Also removed "Versions/A/" from the path
-        since this is unneeded due the default symlinks present in the
-        framework.
-
-2011-11-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Add ARMv7 support to the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=72061
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
-        (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
-        (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
-        (JSC::DFG::AssemblyHelpers::boxDouble):
-        (JSC::DFG::AssemblyHelpers::unboxDouble):
-            - Add CPU(ARM) copies of these functions.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::spill):
-            - Fix matching of '}' re #if blocks, makes some tools happy.
-        (JSC::DFG::JITCodeGenerator::setupArguments):
-        (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState):
-        (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult):
-        (JSC::DFG::JITCodeGenerator::appendCallSetResult):
-            - Add CPU(ARM) / 4 argument register copies of these functions.
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-            - Should use callOperation to plant a call to a DFG_OPERATION.
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-            - These methods need to plant a relinkable jump; we currently do so
-              using beginUninterruptedSequence() / endUninterruptedSequence().
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-            - Should use callOperation to plant a call to a DFG_OPERATION.
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-            - This method needs to plant a relinkable jump; we currently do so
-              using beginUninterruptedSequence() / endUninterruptedSequence().
-        (JSC::DFG::JITCompiler::compileBody):
-            - Add abstraction to retrieve the pc after a call.
-        * dfg/DFGOSRExitCompiler.cpp:
-            - Fix a bug - CodeLocationLabel needs a data address rather than an
-              executable one, but can just take a MacroAssemblerCodePtr instead!
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::compileClampDoubleToByte):
-            - Add FIXME comment to come back to! - bug#72054.
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-            - Add missing method (ooops, required by bug#72047)
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-            - Need to wrap fmod on ARMv7.
-
-
-2011-11-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not reparse code that was just parsed
-        https://bugs.webkit.org/show_bug.cgi?id=71977
-
-        Reviewed by Geoff Garen.
-        
-        The instruction stream of a code block is now kept around until
-        the next GC. When doing either an optimizing compilation of an
-        executable, or inlining of an executable, we now try to find the
-        already preexisting bytecode. If we find it, we don't have to parse.
-        If we don't find it, we parse as before. Inlining takes the extra
-        step of caching code blocks, so if the same executable gets inlined
-        multiple times into the same caller, then we parse it at most once
-        even if prior to inlining that executable did not have any code
-        blocks with an instruction stream.
-        
-        Also fixed a silly bug where the strict mode for various operations
-        was being determined by looking at the machine code block rather
-        than the inlinee.
-
-        To enable the delete-on-next-GC policy, I introduced the notion
-        of an ultra weak finalizer, which anyone can register during
-        tracing. This is thread-safe (for parallel GC) and
-        stop-the-world-safe (so calls to free() are postponed until the
-        world is resumed). This required reusing some facilities previously
-        created for WeakReferenceHarvester, so I created a common utility
-        class. I also retweaked the handling of WeakReferenceHarvesters,
-        since they should be executed during stop-the-world since in the
-        future we may want to allow them to call drain().
-        
-        2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
-        elsewhere.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CodeBlock::copyPostParseDataFrom):
-        (JSC::CodeBlock::copyPostParseDataFromAlternative):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::canProduceCopyWithBytecode):
-        (JSC::CodeBlock::discardBytecodeLater):
-        (JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
-        (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::strictModeFor):
-        * dfg/DFGByteCodeCache.h: Added.
-        (JSC::DFG::CodeBlockKey::CodeBlockKey):
-        (JSC::DFG::CodeBlockKey::operator==):
-        (JSC::DFG::CodeBlockKey::hash):
-        (JSC::DFG::CodeBlockKey::executable):
-        (JSC::DFG::CodeBlockKey::kind):
-        (JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
-        (JSC::DFG::CodeBlockKeyHash::hash):
-        (JSC::DFG::CodeBlockKeyHash::equal):
-        (JSC::DFG::ByteCodeCache::ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::get):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/Heap.cpp:
-        (JSC::Heap::finalizeUnconditionally):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        * heap/ListableHandler.h: Added.
-        (JSC::ListableHandler::ListableHandler):
-        (JSC::ListableHandler::~ListableHandler):
-        (JSC::ListableHandler::List::List):
-        (JSC::ListableHandler::List::addNotThreadSafe):
-        (JSC::ListableHandler::List::addThreadSafe):
-        (JSC::ListableHandler::List::hasNext):
-        (JSC::ListableHandler::List::removeNext):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::SlotVisitor::harvestWeakReferences):
-        (JSC::SlotVisitor::finalizeUnconditionally):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::addWeakReferenceHarvester):
-        (JSC::MarkStack::addUnconditionalFinalizer):
-        * heap/SlotVisitor.h:
-        * heap/UnconditionalFinalizer.h: Added.
-        (JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
-        * heap/WeakReferenceHarvester.h:
-        (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
-        (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::baselineCodeBlockFor):
-        (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::profiledCodeBlockFor):
-
-2011-11-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Add ARMv7 register info for the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=72050
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::toRegister):
-        (JSC::DFG::FPRInfo::toIndex):
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::GPRInfo::toRegister):
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-
-2011-11-10  Gavin Barraclough  <barraclough@apple.com>
-
-        #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64
-        https://bugs.webkit.org/show_bug.cgi?id=72047
-
-        Reviewed by Geoff Garen.
-
-        We currently don't attempt to abstract divide through the macro assembler,
-        due to these instructions commonly having specific requirements. This means
-        there is architecture specific code in the JIT - #ifdef it, and provide a
-        common implementation.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::fmodAsDFGOperation):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Add ENABLE_VALUE_PROFILER support for ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=72043
-
-        Reviewed by Geoff Garen.
-
-        This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-            - cleanup location of UNUSED_PARAM
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::ctiVMThrowTrampoline):
-        (JSC::ctiOpThrowNotCaught):
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-            - Update JITStackFrame structure & asm code to spill more registers.
-        * jit/JSInterfaceJIT.h:
-            - Assign a bucketCounterRegister.
-
-2011-11-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix sampling counters on ARMv7, move add64 functionality to macro assembler
-        https://bugs.webkit.org/show_bug.cgi?id=72040
-
-        Reviewed by Geoff Garen.
-
-        The ability to add an integer to a uint64_t in memory is poorly copied in
-        multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly
-        designed interface since add32 is not required to set flags (we have no
-        concept of flags in the macro assembler interface).
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::add64):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::add64):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::add64):
-        * dfg/DFGAssemblyHelpers.cpp:
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::emitCount):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitCount):
-
-011-11-10  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake
-        https://bugs.webkit.org/show_bug.cgi?id=56705
-
-        Reviewed by Adam Roben.
-
-        * CMakeLists.txt:
-        * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt.
-        * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt.
-        * shell/CMakeLists.txt:
-        * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt.
-        * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt.
-        * wtf/CMakeLists.txt:
-        * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt.
-        * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt.
-
-2011-11-10  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck build.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2011-11-09  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type
-        https://bugs.webkit.org/show_bug.cgi?id=71862
-
-        Changed LiteralParser to be templatized of character type.
-
-        Moved five enums out of class definition to work around a clang compiler defect.
-
-        Added lexIdentifier templated method to break out character specific versions.
-        Added static setParserTokenString templated method to handle setting approriately
-        sized string pointer.
-
-        To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two
-        flavors of LiteralParser are explicitly instantiated at the end of
-        LiteralParser.cpp.
-
-        Reviewed by Oliver Hunt.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeFromJSONString):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::execute):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::isJSONWhiteSpace):
-        (JSC::::tryJSONPParse):
-        (JSC::::makeIdentifier):
-        (JSC::::Lexer::lex):
-        (JSC::::Lexer::lexIdentifier):
-        (JSC::::Lexer::next):
-        (JSC::LChar):
-        (JSC::UChar):
-        (JSC::isSafeStringCharacter):
-        (JSC::::Lexer::lexString):
-        (JSC::::Lexer::lexNumber):
-        (JSC::::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::getErrorMessage):
-        (JSC::LiteralParser::tryLiteralParse):
-        (JSC::LiteralParser::Lexer::Lexer):
-        (JSC::LiteralParser::Lexer::currentToken):
-        (JSC::LiteralParser::Lexer::getErrorMessage):
-        * runtime/UString.h:
-        (JSC::LChar):
-        (JSC::UChar):
-        * wtf/text/StringBuilder.cpp:
-        (WTF::StringBuilder::append):
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::append):
-
-2011-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Multiple CodeBlock should be able to share the same instruction
-        stream without copying
-        https://bugs.webkit.org/show_bug.cgi?id=71978
-
-        Reviewed by Oliver Hunt.
-        
-        This refactors CodeBlock::m_instructions to be a Vector boxed in a
-        ref-counted object, but otherwise does not take advantage of this.
-        
-        This is performance neutral.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::hasInstructions):
-        (JSC::CodeBlock::numberOfInstructions):
-        (JSC::CodeBlock::instructions):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-
-2011-11-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Renovate ARMv7 assembler/macro-assembler
-        https://bugs.webkit.org/show_bug.cgi?id=71982
-
-        Reviewed by Geoff Garen.
-
-        ARMv7Assembler:
-        * add support for strb (byte stores)
-        * rename the VMOV_CtoS opcodes (there are currently backwards!)
-        * add support for adc (add with carry)
-        * add support for vsqrt, vabs
-        * add support for vmov (between FPRs, and to/from GPR pairs).
-        * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures).
-        * rename vcvt_F64_S32  to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32).
-        * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates).
-
-        MacroAssemblerARMv7:
-        * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32, 
-        * add store8, and store32 imm to base-index.
-        * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code).
-        * Update supportsFloating* flags (all features now supported).
-        * add moveDouble, storeDouble to absolute address, addDouble to absolute address
-        * add 3-operand double operations.
-        * implement sqrtDouble/absDouble
-        * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32
-        * move should do nothing if src == dest
-        * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed).
-        * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address.
-
-2011-11-09  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=71873
-
-        Reviewed by Geoff Garen.
-
-        Incrementally re-landing these changes, trying to determine what went wrong.
-        (The whole patch failed tests on the build bot but worked locally.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-
-2011-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit code should be lazily generated
-        https://bugs.webkit.org/show_bug.cgi?id=71744
-
-        Reviewed by Gavin Barraclough.
-        
-        The OSR exit code is now generated the first time it is executed,
-        rather than right after speculative compilation. Because most OSR
-        exits are never taken, this should greatly reduce both code size
-        and compilation time.
-        
-        This is a 1% win on SunSpider, and a 1% win on V8 when running in
-        my harness. No change in V8 in V8's harness (due to the long runs,
-        so compile time is not an issue) and no change in Kraken (again,
-        long runs of small code so compile time has no measurable effect).
-
-        * CMakeListsEfl.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::jump):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::jump):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::jmp_m):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::createDFGDataIfNecessary):
-        (JSC::CodeBlock::appendDFGOSREntryData):
-        (JSC::CodeBlock::numberOfDFGOSREntries):
-        (JSC::CodeBlock::dfgOSREntryData):
-        (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
-        (JSC::CodeBlock::appendOSRExit):
-        (JSC::CodeBlock::appendSpeculationRecovery):
-        (JSC::CodeBlock::numberOfOSRExits):
-        (JSC::CodeBlock::numberOfSpeculationRecoveries):
-        (JSC::CodeBlock::osrExit):
-        (JSC::CodeBlock::speculationRecovery):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        * dfg/DFGCorrectableJumpPoint.cpp: Added.
-        (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
-        * dfg/DFGCorrectableJumpPoint.h: Added.
-        (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
-        (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
-        (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
-        (JSC::DFG::CorrectableJumpPoint::correctLateJump):
-        (JSC::DFG::CorrectableJumpPoint::initialJump):
-        (JSC::DFG::CorrectableJumpPoint::lateJump):
-        (JSC::DFG::CorrectableJumpPoint::correctJump):
-        (JSC::DFG::CorrectableJumpPoint::getJump):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGOSRExit.cpp: Added.
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::OSRExit::dump):
-        * dfg/DFGOSRExit.h:
-        * dfg/DFGOSRExitCompiler.cpp: Added.
-        * dfg/DFGOSRExitCompiler.h:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        * dfg/DFGThunks.cpp: Added.
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-        * dfg/DFGThunks.h: Added.
-        * jit/JITCode.h:
-        (JSC::JITCode::dataAddressAtOffset):
-        * runtime/JSGlobalData.h:
-
-2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing build breakage
-
-        Unreviewed build fix
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSVariableObject::isDynamicScope
-        https://bugs.webkit.org/show_bug.cgi?id=71933
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope
-        (JSC::JSActivation::isDynamicScope):
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope
-        (JSC::JSGlobalObject::isDynamicScope):
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope
-        (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType
-        (JSC::JSStaticScopeObject::isDynamicScope):
-        * runtime/JSType.h: Added new type for JSStaticScopeObject
-        * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the 
-        object's type and calls the corresponding implementation.
-        (JSC::JSVariableObject::isDynamicScope):
-        * runtime/JSVariableObject.h:
-
-2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSGlobalObject::hasOwnPropertyForWrite
-        https://bugs.webkit.org/show_bug.cgi?id=71934
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it.
-
-2011-11-09  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=71873
-
-        Reviewed by Geoff Garen.
-
-        Incrementally re-landing these changes, trying to determine what went wrong.
-        (The whole patch failed tests on the build bot but worked locally.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::absDouble):
-        * assembler/MacroAssemblerARMv7.h:
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::absDouble):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::absDouble):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::absDouble):
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::absDouble):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/ThunkGenerators.cpp:
-        (JSC::absThunkGenerator):
-
-2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::getOwnPropertyDescriptor
-        https://bugs.webkit.org/show_bug.cgi?id=71523
-
-        Reviewed by Sam Weinig.
-
-        Added getOwnPropertyDescriptor to the MethodTable, changed all of the 
-        virtual versions of getOwnPropertyDescriptor to static ones, and 
-        changed all of the call sites to the corresponding lookup in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyDescriptor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertyDescriptor):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        * runtime/Arguments.h:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
-        * runtime/BooleanPrototype.h:
-        * runtime/ClassInfo.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getOwnPropertyDescriptor):
-        * runtime/DateConstructor.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::getOwnPropertyDescriptor):
-        * runtime/DatePrototype.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
-        * runtime/ErrorPrototype.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertyDescriptor):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnPropertyDescriptor):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertyDescriptor):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::getOwnPropertyDescriptor):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::vtableAnchor):
-        (JSC::JSObject::propertyIsEnumerable):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        (JSC::JSObject::getPropertyDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a 
-        bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject.  There were 
-        no call sites for this version of getOwnPropertyDescriptor in the entire project.
-        * runtime/JSString.h:
-        * runtime/Lookup.h:
-        (JSC::getStaticPropertyDescriptor):
-        (JSC::getStaticFunctionDescriptor):
-        (JSC::getStaticValueDescriptor):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertyDescriptor):
-        * runtime/MathObject.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getOwnPropertyDescriptor):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getOwnPropertyDescriptor):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::getOwnPropertyDescriptor):
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getOwnPropertyDescriptor):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
-        (JSC::StringObject::getOwnPropertyDescriptor):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::getOwnPropertyDescriptor):
-        * runtime/StringPrototype.h:
-
-2011-11-09  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=71873
-
-        Reviewed by Geoff Garen.
-
-        Incrementally re-landing these changes, trying to determine what went wrong.
-        (The whole patch failed tests on the build bot but worked locally.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPoint):
-        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::supportsFloatingPoint):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::supportsFloatingPoint):
-        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
-        * jit/ThunkGenerators.cpp:
-        (JSC::absThunkGenerator):
-
-2011-11-08  Darin Adler  <darin@apple.com>
-
-        Add code path in HashTable for emptyValueIsZero that does not require copying the empty value
-        https://bugs.webkit.org/show_bug.cgi?id=71875
-
-        Reviewed by Anders Carlsson.
-
-        This is a step along the path of making OwnPtr work as HashMap value types.
-
-        * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here.
-        Also fixed include style. To include other WTF headers inside WTF, we use "" includes.
-        I did not change the code to fix style checker complaints.
-
-        * wtf/HashTable.h: Added includes as needed and fixed include style.
-        (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which
-        gave it internal linkage for no good reason.
-        (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid
-        construction/destruction problems instead of doing the trick where we construct and destroy
-        an empty value twice. It's cleaner and simpler and avoids copying the empty value.
-        (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the
-        empty value is zero rather than copying an empty value.
-
-        * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h.
-
-2011-11-09  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Buildfix for 32bit debug mode.
-
-        Reviewed by Csaba Osztrogonác.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::dump):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-
-2011-11-09  Andy Wingo  <wingo@igalia.com>
-
-        Enable the DFG JIT on X86-64 Linux platforms
-        https://bugs.webkit.org/show_bug.cgi?id=71373
-
-        Reviewed by Csaba Osztrogonác.
-
-        * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
-        x86-64 GNU/Linux platform.
-        * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
-
-2011-11-09  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Enable the DFG JIT on x86-64 Linux platforms
-        https://bugs.webkit.org/show_bug.cgi?id=71373
-
-        Enable DFG JIT by default on X86 Linux and Mac platforms
-        https://bugs.webkit.org/show_bug.cgi?id=71686
-
-        Buildfix for stricter compilers: -Werror=unused-but-set-variable
-
-        Reviewed by Zoltan Herczeg.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-09  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r99678.
-        http://trac.webkit.org/changeset/99678
-        https://bugs.webkit.org/show_bug.cgi?id=71882
-
-        broke the build with -Werror=unused-but-set-variable
-        (Requested by tronical_ on #webkit).
-
-        * CMakeListsEfl.txt:
-        * wtf/Platform.h:
-
-2011-11-09  Andy Wingo  <wingo@igalia.com>
-
-        Enable the DFG JIT on X86-64 Linux platforms
-        https://bugs.webkit.org/show_bug.cgi?id=71373
-
-        Reviewed by Filip Pizlo.
-
-        * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
-        x86-64 GNU/Linux platform.
-        * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
-
-2011-11-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::defineOwnProperty
-        https://bugs.webkit.org/show_bug.cgi?id=71429
-
-        Reviewed by Geoffrey Garen.
-
-        Added defineOwnProperty to the MethodTable, changed all the virtual 
-        implementations of defineOwnProperty to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::createStrictModeCallerIfNecessary):
-        (JSC::Arguments::createStrictModeCalleeIfNecessary):
-        * runtime/ClassInfo.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::defineOwnProperty):
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorDefineProperty):
-        (JSC::defineProperties):
-
-2011-11-09  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Build system cleanup
-        https://bugs.webkit.org/show_bug.cgi?id=71815
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf.
-
-2011-11-08  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Replace use of QApplication with QGuiApplication
-        https://bugs.webkit.org/show_bug.cgi?id=71794
-
-        Reviewed by Andreas Kling.
-
-        Add compat headers for use when building with Qt 4: QGuiApplication
-        is typedef'ed to QApplication.
-
-        * wtf/qt/compat/QGuiApplication: Added.
-        * wtf/qt/compat/qguiapplication.h: Added.
-
-2011-11-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r99647.
-        http://trac.webkit.org/changeset/99647
-        https://bugs.webkit.org/show_bug.cgi?id=71876
-
-        It broke jsc and layout tests on all bot (Requested by
-        Ossy_night on #webkit).
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPoint):
-        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM::supportsDoubleBitops):
-        (JSC::MacroAssemblerARM::andnotDouble):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::andnotDouble):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::supportsFloatingPoint):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerSH4::supportsDoubleBitops):
-        (JSC::MacroAssemblerSH4::andnotDouble):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::supportsFloatingPoint):
-        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerX86::supportsDoubleBitops):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::andnotDouble):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
-        * assembler/X86Assembler.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/ThunkGenerators.cpp:
-        (JSC::absThunkGenerator):
-        * runtime/JSGlobalData.cpp:
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Better abstract 'abs' operation through the MacroAssembler.
-        https://bugs.webkit.org/show_bug.cgi?id=71873
-
-        Reviewed by Geoff Garen.
-
-        Currently the x86 specific instruction sequence to perform a double abs
-        is duplicated throughout the JITs / thunk generators.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPoint):
-        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
-        (JSC::MacroAssemblerARM::absDouble):
-            - Renamed supportsFloatingPointAbs, make these methods static so that
-              we can check the JIT's capabilites before we begin compilation.
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
-            - Renamed supportsFloatingPointAbs, make these methods static so that
-              we can check the JIT's capabilites before we begin compilation.
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::absDouble):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
-            - Renamed supportsFloatingPointAbs, make these methods static so that
-              we can check the JIT's capabilites before we begin compilation.
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::supportsFloatingPoint):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
-        (JSC::MacroAssemblerSH4::absDouble):
-            - Renamed supportsFloatingPointAbs, make these methods static so that
-              we can check the JIT's capabilites before we begin compilation.
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::absDouble):
-        (JSC::MacroAssemblerX86::supportsFloatingPoint):
-        (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
-            - Made supports* methods static so that we can check the JIT's
-              capabilites before we begin compilation. Added absDouble.
-        * assembler/MacroAssemblerX86Common.h:
-            - Removed andnotDouble, added s_maskSignBit.
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::absDouble):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
-            - Made supports* methods static so that we can check the JIT's
-              capabilites before we begin compilation. Added absDouble.
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::andpd_rr):
-        (JSC::X86Assembler::andpd_mr):
-            - Added support for andpd instruction.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-            - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Switched to use doubleAbs, we can now also reuse the operand register for the result.
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Switched to use doubleAbs, we can now also reuse the operand register for the result.
-        * jit/ThunkGenerators.cpp:
-            - Switched to use doubleAbs.
-        (JSC::absThunkGenerator):
-        * runtime/JSGlobalData.cpp:
-            - Declared MacroAssemblerX86Common::s_maskSignBit here.
-              This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
-              to the compile for just one constant.
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Move duplicates of SYMBOL_STRING* macros to the single location
-        https://bugs.webkit.org/show_bug.cgi?id=71456
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        * wtf/InlineASM.h: Added.
-            - Moved asm related macros.
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Move code to handle 8bit regs from X86Assembler to MacroAssembler
-        https://bugs.webkit.org/show_bug.cgi?id=71867
-
-        Reviewed by Oliver Hunt.
-
-        This code is fine, but is in the wrong place really. X86 assembler should
-        basically just format up exactly the instruction you request - not expand
-        out to a set of instructions (that is what the macro assembler layer is
-        for!). For other 8-bit ops, on X86 we don't guard against clients accessing
-        the XH registers.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::store8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movb_rm):
-            - moved some code.
-
-2011-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for GTK.
-
-        * GNUmakefile.list.am:
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix.
-
-        * assembler/X86Assembler.h:
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Errrk, failed to commit this in last change.
-
-        * assembler/X86Assembler.h:
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove an unused method.
-
-        Rubber stamped by Geoff Garen.
-
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/AssemblerBuffer.h:
-            - removed rewindToLabel.
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
-        https://bugs.webkit.org/show_bug.cgi?id=71864
-
-        Reviewed by Filip Pizlo.
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::offsetOf):
-            - We use this to return the offsets into the code of the entry points.
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-            - Move the construction of the speculative JIT outside of
-              compileBody, such that it is still available to link the
-              OSR entry points at the point we are linking.
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-            - Pass the label of the block & linkbuffer into noticeOSREntry.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::linkOSREntries):
-            - Moved call to noticeOSREntry until we we linking.
-        * dfg/DFGSpeculativeJIT.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-            - Moved calculation of entries until we we linking.
-        * jit/JIT.h:
-            - Removed some members.
-
-2011-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit code should be generated by a separate compiler, not
-        related to DFG::JITCompiler
-        https://bugs.webkit.org/show_bug.cgi?id=71787
-
-        Reviewed by Gavin Barraclough.
-        
-        Moves the exitSpeculativeWithOSR() method from JITCompiler to
-        OSRExitCompiler::compileExit().
-
-        * CMakeListsEfl.txt:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        * dfg/DFGJITCompiler32_64.cpp: Removed.
-        * dfg/DFGOSRExitCompiler.h: Added.
-        (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
-        * dfg/DFGOSRExitCompiler32_64.cpp: Added.
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp: Added.
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * runtime/JSValue.h:
-
-2011-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Basic DFG definitions should be moved out of DFGNode.h
-        https://bugs.webkit.org/show_bug.cgi?id=71861
-
-        Rubber-stamped by Gavin Barraclough.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGCommon.h: Added.
-        (JSC::DFG::NodeIndexTraits::defaultValue):
-        * dfg/DFGNode.h:
-        * dfg/DFGOSRExit.h:
-        * dfg/DFGRegisterBank.h:
-
-2011-11-08  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
-        https://bugs.webkit.org/show_bug.cgi?id=71761
-
-        Templatized Parser based on Lexer<T>. Moved two enums,
-        SourceElementsMode and FunctionRequirements out of Parser definition
-        to work around a clang compiler defect.
-
-        Cleaned up SourceCode data() to return StringImpl* and eliminated
-        the recently added stringData() virtual method.
-
-        To keep code in Parser.cpp and keep Parser.h small, the two flavors
-        of Parser are explicitly instantiated at the end of Parser.cpp.
-
-        Reviewed by Gavin Barraclough.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::appendSourceToError):
-        * parser/Lexer.cpp:
-        (JSC::::setCode):
-        (JSC::::sourceCode):
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        (JSC::::~Parser):
-        (JSC::::parseInner):
-        (JSC::::didFinishParsing):
-        (JSC::::allowAutomaticSemicolon):
-        (JSC::::parseSourceElements):
-        (JSC::::parseVarDeclaration):
-        (JSC::::parseConstDeclaration):
-        (JSC::::parseDoWhileStatement):
-        (JSC::::parseWhileStatement):
-        (JSC::::parseVarDeclarationList):
-        (JSC::::parseConstDeclarationList):
-        (JSC::::parseForStatement):
-        (JSC::::parseBreakStatement):
-        (JSC::::parseContinueStatement):
-        (JSC::::parseReturnStatement):
-        (JSC::::parseThrowStatement):
-        (JSC::::parseWithStatement):
-        (JSC::::parseSwitchStatement):
-        (JSC::::parseSwitchClauses):
-        (JSC::::parseSwitchDefaultClause):
-        (JSC::::parseTryStatement):
-        (JSC::::parseDebuggerStatement):
-        (JSC::::parseBlockStatement):
-        (JSC::::parseStatement):
-        (JSC::::parseFormalParameters):
-        (JSC::::parseFunctionBody):
-        (JSC::::parseFunctionInfo):
-        (JSC::::parseFunctionDeclaration):
-        (JSC::::parseExpressionOrLabelStatement):
-        (JSC::::parseExpressionStatement):
-        (JSC::::parseIfStatement):
-        (JSC::::parseExpression):
-        (JSC::::parseAssignmentExpression):
-        (JSC::::parseConditionalExpression):
-        (JSC::::isBinaryOperator):
-        (JSC::::parseBinaryExpression):
-        (JSC::::parseProperty):
-        (JSC::::parseObjectLiteral):
-        (JSC::::parseStrictObjectLiteral):
-        (JSC::::parseArrayLiteral):
-        (JSC::::parsePrimaryExpression):
-        (JSC::::parseArguments):
-        (JSC::::parseMemberExpression):
-        (JSC::::parseUnaryExpression):
-        * parser/Parser.h:
-        (JSC::::parse):
-        (JSC::parse):
-        * parser/SourceCode.h:
-        (JSC::SourceCode::data):
-        (JSC::SourceCode::subExpression):
-        * parser/SourceProvider.h:
-        (JSC::UStringSourceProvider::data):
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
-        https://bugs.webkit.org/show_bug.cgi?id=71855
-
-        Reviewed by Filip Pizlo.
-
-        The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
-        This won't work on ARMv7.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::locationOf):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
-        (JSC::DFG::JITCompiler::addPropertyAccess):
-
-2011-11-08  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT calculation of OSR entry points is not THUMB2 safe
-        https://bugs.webkit.org/show_bug.cgi?id=71852
-
-        Reviewed by Oliver Hunt.
-
-        Executable addresses are tagged with a low bit set to distinguish
-        between THUMB2 and traditional ARM.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * jit/JITCode.h:
-        (JSC::JITCode::executableAddressAtOffset):
-        (JSC::JITCode::start):
-        (JSC::JITCode::size):
-
-2011-11-08  Michael Saboff  <msaboff@apple.com>
-
-        JSC::Parser::Parser leaks Lexer member
-        https://bugs.webkit.org/show_bug.cgi?id=71847
-
-        Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
-
-        Reviewed by Oliver Hunt.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::Parser):
-        (JSC::Parser::parseFunctionBody):
-        * parser/Parser.h:
-
-2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Enable DFG JIT by default on X86 Linux and Mac platforms
-        https://bugs.webkit.org/show_bug.cgi?id=71686
-
-        Reviewed by Filip Pizlo.
-
-        We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
-
-        * wtf/Platform.h:
-
-2011-11-08  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
-        https://bugs.webkit.org/show_bug.cgi?id=71768
-
-        Reviewed by Geoffrey Garen.
-
-        Also includes a fix to make the newly introduced AssemblyHelpers
-        friend of JSValue as we need the Tag definitions.
-
-        * CMakeListsEfl.txt:
-        * GNUmakefile.list.am:
-        * Target.pri:
-        * runtime/JSValue.h:
-
-2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Fix gcc 4.4 compilation warnings in DFG 32_64
-        https://bugs.webkit.org/show_bug.cgi?id=71762
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::registersMatched):
-
-2011-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG code base should allow for classes not related to DFG::JITCompiler
-        to use DFG idioms
-        https://bugs.webkit.org/show_bug.cgi?id=71746
-
-        Reviewed by Gavin Barraclough.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAssemblyHelpers.cpp: Added.
-        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
-        (JSC::DFG::AssemblyHelpers::emitCount):
-        (JSC::DFG::AssemblyHelpers::setSamplingFlag):
-        (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
-        * dfg/DFGAssemblyHelpers.h: Added.
-        * dfg/DFGJITCompiler.cpp:
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::JITCompiler):
-        (JSC::DFG::JITCompiler::graph):
-        * dfg/DFGJITCompiler32_64.cpp:
-        * dfg/DFGOSRExit.h: Added.
-        (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
-        (JSC::DFG::SpeculationRecovery::type):
-        (JSC::DFG::SpeculationRecovery::dest):
-        (JSC::DFG::SpeculationRecovery::src):
-        (JSC::DFG::OSRExit::numberOfRecoveries):
-        (JSC::DFG::OSRExit::valueRecovery):
-        (JSC::DFG::OSRExit::isArgument):
-        (JSC::DFG::OSRExit::isVariable):
-        (JSC::DFG::OSRExit::argumentForIndex):
-        (JSC::DFG::OSRExit::variableForIndex):
-        (JSC::DFG::OSRExit::operandForArgument):
-        (JSC::DFG::OSRExit::operandForIndex):
-        * dfg/DFGSpeculativeJIT.h:
-
-2011-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
-        but it appears to help on other benchmarks.
-
-        Rubber stamped by Oliver Hunt.
-
-        * bytecode/ValueProfile.h:
-
-2011-11-07  Ariya Hidayat  <ariya@sencha.com>
-
-        "use strict" can not contain escape sequences or line continuation
-        https://bugs.webkit.org/show_bug.cgi?id=71532
-
-        Reviewed by Darin Adler.
-
-        Store the actual literal length (before the escapes and line
-        continuation are encoded) while parsing the directive and use it
-        for the directive comparison.
-
-        * parser/Parser.cpp:
-        (JSC::Parser::parseSourceElements):
-        (JSC::Parser::parseStatement):
-        * parser/Parser.h:
-
-2011-11-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG operationCreateThis slow path may get the wrong callee in case of inlining
-        https://bugs.webkit.org/show_bug.cgi?id=71647
-
-        Reviewed by Oliver Hunt.
-        
-        No new tests because I only saw this manifest itself when I had other bugs
-        leading to spurious slow path executions.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::putWithAttributes
-        https://bugs.webkit.org/show_bug.cgi?id=71716
-
-        Reviewed by Darin Adler.
-
-        Added putWithAttributes to the MethodTable, changed all the virtual 
-        implementations of putWithAttributes to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetProperty):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::putWithAttributes):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * runtime/ClassInfo.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::putWithAttributes):
-        * runtime/JSActivation.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::putWithAttributes):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::putWithAttributes):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putWithAttributes):
-        (JSC::putDescriptor):
-        * runtime/JSObject.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::putWithAttributes):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::putWithAttributes):
-        * runtime/JSVariableObject.h:
-
-2011-11-07  Dmitry Lomov  <dslomov@google.com>
-
-        Unreviewed. Release build fix.
-
-        * parser/Lexer.cpp:
-        (JSC::assertCharIsIn8BitRange):
-
-2011-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Switch the value profiler back to 8 buckets, because we suspect that while this
-        is more expensive it's also more stable.
-
-        Rubber stamped by Geoff Garen.
-
-        * bytecode/ValueProfile.h:
-
-2011-11-07  Andrew Wason  <rectalogic@rectalogic.com>
-
-        Uninitialized Heap member var
-        https://bugs.webkit.org/show_bug.cgi?id=71722
-
-        Reviewed by Filip Pizlo.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
-
-2011-11-07  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
-        https://bugs.webkit.org/show_bug.cgi?id=71684
-
-        Reviewed by Filip Pizlo.
-
-        Currently in DFG JIT, we try to reuse the physical register of an
-        operand for temporary usage if the current use of the operand is the
-        last use. But sometimes this can be wrong, for example if there are
-        possible speculation failures and we need to fallback to baseline JIT,
-        the value of the operand which is supposed to be hold in the physical
-        register can be modified by register reusing. The fixes the last
-        inspector failures in layout test on Mac 32-bit if switching on DFG.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-07  Ryosuke Niwa  <rniwa@webkit.org>
-
-        REGRESSION(r99436): Broke Snow Leopard debug build
-        https://bugs.webkit.org/show_bug.cgi?id=71713
-
-        Reviewed by Darin Adler.
-
-        Put the assertion in a template and use template specialization
-        to avoid warning when instantiated with UChar or LChar.
-
-        In the long term, we should have traits for unsigned integral types
-        and use that to specialize template instead of specializing it for UChar and LChar.
-
-        * parser/Lexer.cpp:
-        (JSC::assertCharIsIn8BitRange):
-        (JSC::::append8):
-
-2011-11-07  ChangSeok Oh  <shivamidow@gmail.com>
-
-        [EFL] Support requestAnimationFrame API
-        https://bugs.webkit.org/show_bug.cgi?id=67112
-
-        Reviewed by Andreas Kling.
-
-        Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
-
-        * wtf/Platform.h:
-
-2011-11-07  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
-        https://bugs.webkit.org/show_bug.cgi?id=71331
-
-        Change the Lexer class to be a template class based on the character
-        type of the source.  In the process updated the parseIdentifier()
-        and parseString() methods to create 8 bit strings where possible.
-        Also added some helper methods for accumulating temporary string
-        data in the 8 and 16 bit vectors.
-
-        Changed the SourceProvider::data() virtual method to return a
-        StringImpl* instead of a UChar*.
-
-        Updated the KeywordLookup generator to create code to match keywords
-        for both 8 and 16 bit source strings.
-
-        Due to a compiler bug (<rdar://problem/10194295>) moved enum
-        definition outside of Lexer class declaration.  Remove second enum
-        no longer needed.
-
-        Reviewed by Darin Adler.
-
-        * KeywordLookupGenerator.py:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        * parser/Lexer.cpp:
-        (JSC::::Lexer):
-        (JSC::::~Lexer):
-        (JSC::::getInvalidCharMessage):
-        (JSC::::currentCharacter):
-        (JSC::::setCode):
-        (JSC::::internalShift):
-        (JSC::::shift):
-        (JSC::::peek):
-        (JSC::::getUnicodeCharacter):
-        (JSC::::shiftLineTerminator):
-        (JSC::::lastTokenWasRestrKeyword):
-        (JSC::::record8):
-        (JSC::::append8):
-        (JSC::::append16):
-        (JSC::::record16):
-        (JSC::::parseIdentifier):
-        (JSC::::parseIdentifierSlowCase):
-        (JSC::::parseString):
-        (JSC::::parseStringSlowCase):
-        (JSC::::parseHex):
-        (JSC::::parseOctal):
-        (JSC::::parseDecimal):
-        (JSC::::parseNumberAfterDecimalPoint):
-        (JSC::::parseNumberAfterExponentIndicator):
-        (JSC::::parseMultilineComment):
-        (JSC::::nextTokenIsColon):
-        (JSC::::lex):
-        (JSC::::scanRegExp):
-        (JSC::::skipRegExp):
-        (JSC::::clear):
-        (JSC::::sourceCode):
-        * parser/Lexer.h:
-        (JSC::Lexer::append16):
-        (JSC::Lexer::currentOffset):
-        (JSC::Lexer::setOffsetFromCharOffset):
-        (JSC::::isWhiteSpace):
-        (JSC::::isLineTerminator):
-        (JSC::::convertHex):
-        (JSC::::convertUnicode):
-        (JSC::::makeIdentifier):
-        (JSC::::setCodeStart):
-        (JSC::::makeIdentifierLCharFromUChar):
-        (JSC::::lexExpectIdentifier):
-        * parser/Parser.cpp:
-        (JSC::Parser::Parser):
-        (JSC::Parser::parseProperty):
-        (JSC::Parser::parseMemberExpression):
-        * parser/Parser.h:
-        (JSC::Parser::next):
-        (JSC::Parser::nextExpectIdentifier):
-        * parser/ParserArena.h:
-        (JSC::IdentifierArena::makeIdentifier):
-        (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
-        * parser/SourceCode.h:
-        (JSC::SourceCode::subExpression):
-        * parser/SourceProvider.h:
-        (JSC::UStringSourceProvider::stringData):
-        * parser/SourceProviderCache.h:
-        * parser/SyntaxChecker.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::insertSemicolonIfNeeded):
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierTable::add):
-        (JSC::IdentifierLCharFromUCharTranslator::hash):
-        (JSC::IdentifierLCharFromUCharTranslator::equal):
-        (JSC::IdentifierLCharFromUCharTranslator::translate):
-        (JSC::Identifier::add8):
-        * runtime/Identifier.h:
-        (JSC::Identifier::Identifier):
-        (JSC::Identifier::createLCharFromUChar):
-        (JSC::Identifier::canUseSingleCharacterString):
-        (JSC::IdentifierCharBufferTranslator::hash):
-        (JSC::IdentifierCharBufferTranslator::equal):
-        (JSC::IdentifierCharBufferTranslator::translate):
-        (JSC::Identifier::add):
-        (JSC::Identifier::equal):
-        (JSC::IdentifierTable::add):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::decode):
-        (JSC::parseIntOverflow):
-        (JSC::globalFuncUnescape):
-        * runtime/JSGlobalObjectFunctions.h:
-        (JSC::parseIntOverflow):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::tryJSONPParse):
-        (JSC::LiteralParser::Lexer::lexString):
-        * wtf/text/StringImpl.h:
-
-2011-11-07  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
-
-        Allows us to not package up the whole Source/JavaScriptCore directory for the
-        buildbots.
-
-        Reviewed-by Simon Hausmann.
-
-        * jsc.pro:
-
-2011-11-06  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
-        to initializeMainThread, and crashes
-        https://bugs.webkit.org/show_bug.cgi?id=71643
-
-        Reviewed by Sam Weinig.
-
-        * jsc.cpp:
-        (main):
-
-2011-11-06  Sam Weinig  <sam@webkit.org>
-
-        Add space missing from some class declarations
-        https://bugs.webkit.org/show_bug.cgi?id=71632
-
-        Reviewed by Anders Carlsson.
-
-        * assembler/AssemblerBufferWithConstantPool.h:
-        * bytecode/CodeBlock.h:
-        * dfg/DFGVariableAccessData.h:
-        * heap/VTableSpectrum.h:
-        * jit/ExecutableAllocator.cpp:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        * wtf/MetaAllocatorHandle.h:
-        * wtf/UnionFind.h:
-
-2011-11-06  Sam Weinig  <sam@webkit.org>
-
-        Allow use of FINAL in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=71630
-
-        Reviewed by Anders Carlsson.
-
-        * Configurations/Base.xcconfig:
-        Don't warn about C++11 extensions used in C++98 mode.
-
-2011-11-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Value profiling should just use two buckets
-        https://bugs.webkit.org/show_bug.cgi?id=71619
-
-        Reviewed by Gavin Barraclough.
-        
-        Added one more configuration options (like Heuristics::minimumOptimizationDelay),
-        improved debugging in JIT optimization support, changed the number of buckets
-        in the value profile from 9 to 2, and wrote a more optimal value profiling path
-        in the old JIT to take advantage of this. It's still possible to play around with
-        larger numbers of buckets, and we should probably keep this for a little while
-        until we convince ourselves that using just two buckets is the right call.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shouldOptimizeNow):
-        * bytecode/ValueProfile.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-
-2011-11-03  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should be able to sample itself in a more flexible way than just sampling flags
-        https://bugs.webkit.org/show_bug.cgi?id=71522
-
-        Reviewed by Gavin Barraclough.
-        
-        Added a construct that looks like SamplingRegion samplingRegion("name").
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingRegion::Locker::Locker):
-        (JSC::SamplingRegion::Locker::~Locker):
-        (JSC::SamplingRegion::sample):
-        (JSC::SamplingRegion::dump):
-        (JSC::SamplingRegion::dumpInternal):
-        (JSC::SamplingThread::threadStartFunc):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingRegion::SamplingRegion):
-        (JSC::SamplingRegion::~SamplingRegion):
-        (JSC::SamplingRegion::exchangeCurrent):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        * heap/VTableSpectrum.cpp:
-        (JSC::VTableSpectrum::countVPtr):
-        (JSC::VTableSpectrum::dump):
-        * heap/VTableSpectrum.h:
-        * jsc.cpp:
-        (main):
-        (runWithScripts):
-        * parser/Parser.h:
-        (JSC::parse):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * wtf/Atomics.h:
-        (WTF::weakCompareAndSwap):
-        * wtf/Platform.h:
-        * wtf/Spectrum.h: Added.
-        (WTF::Spectrum::Spectrum):
-        (WTF::Spectrum::add):
-        (WTF::Spectrum::get):
-        (WTF::Spectrum::begin):
-        (WTF::Spectrum::end):
-        (WTF::Spectrum::KeyAndCount::KeyAndCount):
-        (WTF::Spectrum::KeyAndCount::operator<):
-        (WTF::Spectrum::buildList):
-        * wtf/wtf.pri:
-
-2011-11-05  Sam Weinig  <sam@webkit.org>
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-04  Sam Weinig  <sam@webkit.org>
-
-        Reduce the number of putWithAttributes
-        https://bugs.webkit.org/show_bug.cgi?id=71597
-
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Remove exports of removed functions.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::putWithAttributes):
-        Calling the overload without the extra parameters does the same thing.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putWithAttributes):
-        * runtime/JSObject.h:
-        Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
-        two overloads not virtual, since no one overrides it.
-
-2011-11-04  Pratik Solanki  <psolanki@apple.com>
-
-        sqrtDouble and andnotDouble should be declared noreturn
-        https://bugs.webkit.org/show_bug.cgi?id=71592
-
-        Reviewed by Sam Weinig.
-
-        * assembler/MacroAssemblerARMv7.h:
-
-2011-11-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::hasInstance
-        https://bugs.webkit.org/show_bug.cgi?id=71430
-
-        Reviewed by Darin Adler.
-
-        Added hasInstance to the MethodTable, changed all the virtual 
-        implementations of hasInstance to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::hasInstance):
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ClassInfo.h:
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::hasInstance):
-        * runtime/JSBoundFunction.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::hasInstance):
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::hasInstance):
-        * runtime/JSObject.h:
-
-2011-11-04  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Refactor and clean up the qmake build system
-
-        The qmake build system has accumulated a bit of cruft and redundancy
-        over time. There's also a fairly tight coupling between how to build
-        the various targets, and _what_ to build, making it harder to add new
-        rules or sources. This patch aims to elevate these issues somewhat.
-
-        This is a short-list of the changes:
-
-          * The rules for how to build targets are now mostly contained as
-            prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
-            allows us to do pre- and post-processing of each project file,
-            which helps to clean up the actual project files.
-
-          * Derived sources are no longer generated as a separate make-step
-            but is part of each target's project file as a subdir. Makefile
-            rules are used to ensure that we run make on the derived sources
-            before running qmake on the actual target makefile. This makes
-            it easier to keep a proper dependency between derived sources
-            and the target.
-
-          * We use GNU make and the compiler to generate dependencies on
-            UNIX-based systems running Qt 5. This allows us to lessen the
-            need to run qmake, which should reduce compile time.
-
-          * WebKit2 is now build by default if building with Qt 5. It can
-            be disabled by passing --no-webkit2 to build-webkit.
-
-        The result of these changes are hopefully a cleaner and easier
-        build system to modify, and faster build times due to no longer
-        running qmake on every single build. It's also a first step
-        towards possibly generating the list of sources using another
-        build system.
-
-        https://bugs.webkit.org/show_bug.cgi?id=71222
-
-        Reviewed by Simon Hausmann.
-
-        * DerivedSources.pri: Added.
-        * DerivedSources.pro: Removed.
-        * JavaScriptCore.pro:
-        * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
-        * headers.pri: Removed.
-        * jsc.pro:
-        * wtf/wtf.pri:
-        * yarr/yarr.pri:
-
-2011-11-04  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        More code clean-up in DFG 32_64
-        https://bugs.webkit.org/show_bug.cgi?id=71540
-
-        Remove unnecessary code duplications, and fix compilation warnings.
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::emitCount):
-        (JSC::DFG::JITCompiler::setSamplingFlag):
-        (JSC::DFG::JITCompiler::clearSamplingFlag):
-        (JSC::DFG::JITCompiler::jitAssertIsCell):
-        * dfg/DFGJITCompiler32_64.cpp:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-04  Csaba Osztrogonác  <ossy@webkit.org>
-
-        De-virtualize JSObject::hasInstance
-        https://bugs.webkit.org/show_bug.cgi?id=71430
-
-        Unreviewed rolling out r99238, because it made a test crash on all platform.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::hasInstance):
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ClassInfo.h:
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::hasInstance):
-        * runtime/JSBoundFunction.h:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::hasInstance):
-        * runtime/JSObject.h:
-
-2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::getPropertyNames
-        https://bugs.webkit.org/show_bug.cgi?id=71306
-
-        Reviewed by Darin Adler.
-
-        Added getPropertyNames to the MethodTable, changed all the virtual 
-        implementations of getPropertyNames to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectCopyPropertyNames):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertyNames):
-        * runtime/ClassInfo.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getPropertyNames):
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        (JSC::JSObject::getOwnPropertyNames):
-        * runtime/JSObject.h:
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        * runtime/Structure.cpp:
-        (JSC::Structure::getPropertyNamesFromStructure):
-        * runtime/Structure.h:
-
-2011-11-03  Darin Adler  <darin@apple.com>
-
-        Change remaining callers of releaseRef to call leakRef
-        https://bugs.webkit.org/show_bug.cgi?id=71422
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
-
-2011-11-02  Darin Adler  <darin@apple.com>
-
-        Change remaining callers of releaseRef to call leakRef
-        https://bugs.webkit.org/show_bug.cgi?id=71422
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
-
-2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::hasInstance
-        https://bugs.webkit.org/show_bug.cgi?id=71430
-
-        Reviewed by Darin Adler.
-
-        Added hasInstance to the MethodTable, changed all the virtual 
-        implementations of hasInstance to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::hasInstance):
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ClassInfo.h:
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::hasInstance):
-        * runtime/JSBoundFunction.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::hasInstance):
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::hasInstance):
-        * runtime/JSObject.h:
-
-2011-11-03  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT-specific code should be able to refer to register types even on JIT-disabled builds
-        https://bugs.webkit.org/show_bug.cgi?id=71498
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler::MacroAssembler):
-
-2011-11-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::className
-        https://bugs.webkit.org/show_bug.cgi?id=71428
-
-        Reviewed by Sam Weinig.
-
-        Added className to the MethodTable, changed all the virtual 
-        implementations of className to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::className):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::className):
-        * debugger/DebuggerActivation.h:
-        * jsc.cpp:
-        (GlobalObject::createStructure):
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::createCallIdentifier):
-        * runtime/ClassInfo.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::className):
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::className):
-        * runtime/JSObject.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncToString):
-        * testRegExp.cpp:
-        (GlobalObject::createStructure):
-
-2011-11-02  Jer Noble  <jer.noble@apple.com>
-
-        Add Clock class and platform-specific implementations.
-        https://bugs.webkit.org/show_bug.cgi?id=71341
-
-        Reviewed by Sam Weinig.
-
-        Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
-
-        * wtf/Platform.h:
-
-2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
-
-        Not reviewed: fixing win build. step2.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-03  Pavel Feldman  <pfeldman@chromium.org>
-
-        Not reviewed: fix windows build, step1
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-11-03  Pavel Feldman  <pfeldman@google.com>
-
-        Web Inspector: preserve script location for inline handlers.
-        https://bugs.webkit.org/show_bug.cgi?id=71367
-
-        Makes SourceCode factories receive TextPosition instead of the line number;
-        Stores consistent position values in SourceCode and SourceProvider;
-
-        Reviewed by Yury Semikhatsky.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        * parser/SourceCode.h:
-        (JSC::makeSource):
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::SourceProvider::startPosition):
-        (JSC::UStringSourceProvider::create):
-        (JSC::UStringSourceProvider::UStringSourceProvider):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        (JSC::constructFunctionSkippingEvalEnabledCheck):
-        * runtime/FunctionConstructor.h:
-
-2011-11-03  Kentaro Hara  <haraken@chromium.org>
-
-        Fixed wrong implementation of doubleValue % 2^{64}.
-        https://bugs.webkit.org/show_bug.cgi?id=67980
-
-        Reviewed by Hajime Morita.
-
-        fast/events/constructors/progress-event-constructor.html was failing
-        because of the wrong implementation of conversion from an ECMAScript value
-        to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
-        In particular, the calculation of doubleValue % 2^{64} was wrong.
-        This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
-
-        * wtf/MathExtras.h:
-        (doubleToInteger): Implemented the spec correctly.
-
-2011-11-03  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r99089.
-        http://trac.webkit.org/changeset/99089
-        https://bugs.webkit.org/show_bug.cgi?id=71448
-
-        @plt postfix for math functions cause crash on Linux 32 (the
-        symbol is defined but it points to NULL) (Requested by
-        zherczeg on #webkit).
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        * jit/ThunkGenerators.cpp:
-
-2011-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG inlining breaks function.arguments[something] if the argument being
-        retrieved was subjected to DFG's unboxing optimizations
-        https://bugs.webkit.org/show_bug.cgi?id=71436
-
-        Reviewed by Oliver Hunt.
-        
-        This makes inlined arguments retrieval use some of the same machinery as
-        OSR to determine where from, and how, to retrieve a value that the DFG
-        might have somehow squirreled away while the old JIT would put it in its
-        obvious location, using an obvious format.
-        
-        To that end, previously DFG-internal notions such as DataFormat,
-        VirtualRegister, and ValueRecovery are now in bytecode/ since they are
-        stored as part of InlineCallFrames.
-
-        * bytecode/CodeOrigin.h:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallerFrame):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::inlineCallFrame):
-        * interpreter/Register.h:
-        (JSC::Register::asInlineCallFrame):
-        (JSC::Register::unboxedInt32):
-        (JSC::Register::unboxedBoolean):
-        (JSC::Register::unboxedCell):
-        * runtime/Arguments.h:
-        (JSC::Arguments::finishCreationAndCopyRegisters):
-
-2011-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueRecovery should be moved out of the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=71439
-
-        Reviewed by Oliver Hunt.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/DataFormat.h: Added.
-        (JSC::dataFormatToString):
-        (JSC::needDataFormatConversion):
-        (JSC::isJSFormat):
-        (JSC::isJSInteger):
-        (JSC::isJSDouble):
-        (JSC::isJSCell):
-        (JSC::isJSBoolean):
-        * bytecode/ValueRecovery.h: Added.
-        (JSC::ValueRecovery::ValueRecovery):
-        (JSC::ValueRecovery::alreadyInRegisterFile):
-        (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
-        (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
-        (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
-        (JSC::ValueRecovery::inGPR):
-        (JSC::ValueRecovery::inPair):
-        (JSC::ValueRecovery::inFPR):
-        (JSC::ValueRecovery::displacedInRegisterFile):
-        (JSC::ValueRecovery::constant):
-        (JSC::ValueRecovery::technique):
-        (JSC::ValueRecovery::isInRegisters):
-        (JSC::ValueRecovery::gpr):
-        (JSC::ValueRecovery::tagGPR):
-        (JSC::ValueRecovery::payloadGPR):
-        (JSC::ValueRecovery::fpr):
-        (JSC::ValueRecovery::virtualRegister):
-        (JSC::ValueRecovery::dump):
-        * bytecode/VirtualRegister.h: Added.
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::isJSFormat):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGVariableAccessData.h:
-
-2011-11-02  Sam Weinig  <sam@webkit.org>
-
-        Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
-        https://bugs.webkit.org/show_bug.cgi?id=71333
-
-        Reviewed by Gavin Barraclough.
-
-        Tested by fast/dom/getter-on-window-object2.html
-
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::PropertyDescriptor::setDescriptor):
-        The attributes returned from Structure::get do not include Getter or Setter, so
-        instead check if the value is a GetterSetter like we do elsewhere. If it is, update
-        the descriptor's attributes accordingly.
-
-2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        FunctionPtr should accept FASTCALL functions on X86
-        https://bugs.webkit.org/show_bug.cgi?id=71434
-
-        Reviewed by Filip Pizlo.
-
-        On X86 we sometimes use FASTCALL convention functions, for example the
-        cti functions, and we may need the pointers to such functions, e.g.,
-        in current DFG register file check and arity check, though long term
-        we may avoid such usage of cti calls in DFG.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr):
-
-2011-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Inlined uses of the global object should use the right global object
-        https://bugs.webkit.org/show_bug.cgi?id=71427
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::globalObjectFor):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Remove some unnecessary loads/stores in DFG JIT 32_64
-        https://bugs.webkit.org/show_bug.cgi?id=71090
-
-        Reviewed by Filip Pizlo.
-
-        In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
-        be eliminated.
-
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-
-2011-11-02  Adam Klein  <adamk@chromium.org>
-
-        Replace usage of StringImpl with String where possible in CharacterData and Text
-        https://bugs.webkit.org/show_bug.cgi?id=71383
-
-        Reviewed by Darin Adler.
-
-        * wtf/text/WTFString.h:
-        (WTF::String::containsOnlyWhitespace): Added new method.
-
-2011-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::getOwnPropertyNames
-        https://bugs.webkit.org/show_bug.cgi?id=71307
-
-        Reviewed by Darin Adler.
-
-        Added getOwnPropertyNames to the MethodTable, changed all the virtual 
-        implementations of getOwnPropertyNames to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyNames):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertyNames):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertyNames):
-        * runtime/Arguments.h:
-        * runtime/ClassInfo.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertyNames):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertyNames):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertyNames):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnPropertyNames):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertyNames):
-        * runtime/JSFunction.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertyNames):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        (JSC::JSObject::getOwnPropertyNames):
-        * runtime/JSObject.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::~JSVariableObject):
-        (JSC::JSVariableObject::getOwnPropertyNames):
-        * runtime/JSVariableObject.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        (JSC::defineProperties):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertyNames):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertyNames):
-        * runtime/StringObject.h:
-        * runtime/Structure.h:
-
-2011-11-02  Dean Jackson  <dino@apple.com>
-
-        Add ENABLE_CSS_SHADERS flag
-        https://bugs.webkit.org/show_bug.cgi?id=71394
-
-        Reviewed by Sam Weinig.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-11-02  Alexey Shabalin  <a.shabalin@gmail.com>
-
-        TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
-        https://bugs.webkit.org/show_bug.cgi?id=70610
-
-        Reviewed by Martin Robinson.
-
-        Properly annotate ASM on BSD and Linux x86 systems.
-
-        * dfg/DFGOperations.cpp: Add annotation for X86.
-        * jit/JITStubs.cpp: Ditto.
-        * jit/ThunkGenerators.cpp: Ditto.
-
-2011-11-02  Xianzhu Wang  <wangxianzhu@chromium.org>
-
-        Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
-        https://bugs.webkit.org/show_bug.cgi?id=71347
-
-        Reviewed by Geoffrey Garen.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::reallocate):
-
-2011-11-01  Darin Adler  <darin@apple.com>
-
-        Cut down on malloc/free a bit in the parser arena
-        https://bugs.webkit.org/show_bug.cgi?id=71343
-
-        Reviewed by Oliver Hunt.
-
-        * parser/ParserArena.cpp:
-        (JSC::ParserArena::deallocateObjects): Call the destructors of
-        the deletable objects before freeing the pools. Don't call
-        fastFree on the deletable objects any more.
-
-        * parser/ParserArena.h:
-        (JSC::ParserArena::allocateDeletable): Use allocateFreeable
-        instead of fastMalloc here.
-
-2011-11-01  Sam Weinig  <sam@webkit.org>
-
-        Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
-        https://bugs.webkit.org/show_bug.cgi?id=71336
-
-        Reviewed by Darin Adler.
-
-        * debugger/DebuggerActivation.cpp:
-        * debugger/DebuggerActivation.h:
-        Remove overrides of lookupGetter/lookupSetter, which are no longer needed
-        due to implementing getPropertyDescriptor.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::lookupGetter):
-        (JSC::JSObject::lookupSetter):
-        * runtime/JSObject.h:
-        De-virtualize lookupGetter/lookupSetter, and implement them in terms of
-        getPropertyDescriptor.
-
-2011-11-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::defineSetter
-        https://bugs.webkit.org/show_bug.cgi?id=71303
-
-        Reviewed by Darin Adler.
-
-        Added defineSetter to the MethodTable, changed all the virtual 
-        implementations of defineSetter to static ones, and replaced 
-        all call sites with corresponding lookups in the MethodTable.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::defineSetter):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ClassInfo.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::defineSetter):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::defineSetter):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineSetter):
-        (JSC::putDescriptor):
-        * runtime/JSObject.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineSetter):
-
-2011-11-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG inlining breaks function.arguments
-        https://bugs.webkit.org/show_bug.cgi?id=71329
-
-        Reviewed by Oliver Hunt.
-        
-        The DFG was forgetting to store code origin mappings for inlined
-        call sites. Some of the fast-path optimizations for
-        CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
-        was wrong.
-        
-        I also took the opportunity to decrease code duplication between
-        DFG64 and DFG32_64, because I didn't feel like writing the same
-        code twice.
-
-        * bytecode/CodeBlock.h:
-        (JSC::ExecState::isInlineCallFrame):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler32_64.cpp:
-        * dfg/DFGNode.h:
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallerFrame):
-        * interpreter/CallFrame.h:
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-
-2011-11-01  Xianzhu Wang  <wangxianzhu@chromium.org>
-
-        StringImpl::reallocate() should have a 8-bit version
-        https://bugs.webkit.org/show_bug.cgi?id=71210
-
-        Reviewed by Geoffrey Garen.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::reallocate):
-        * wtf/text/StringImpl.h:
-
-2011-10-31  Filip Pizlo  <fpizlo@apple.com>
-
-        The GC should be parallel
-        https://bugs.webkit.org/show_bug.cgi?id=70995
-
-        Reviewed by Geoff Garen.
-        
-        Added parallel tracing to the GC. This works by having local mark
-        stacks per thread, and a global shared one. Threads sometimes
-        donate cells from the mark stack to the global one if the heuristics
-        tell them that it's affordable to do so. Threads that have depleted
-        their local mark stacks try to steal some from the shared one.
-
-        Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
-        
-        This is a 23% speed-up on V8-splay when I use 4 marking threads,
-        leading to a 3.5% speed-up on V8.
-        
-        It also appears that this reduces GC pause times on real websites by
-        more than half.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::~Heap):
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
-        (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
-        (JSC::MarkStackSegmentAllocator::allocate):
-        (JSC::MarkStackSegmentAllocator::release):
-        (JSC::MarkStackSegmentAllocator::shrinkReserve):
-        (JSC::MarkStackArray::MarkStackArray):
-        (JSC::MarkStackArray::~MarkStackArray):
-        (JSC::MarkStackArray::expand):
-        (JSC::MarkStackArray::refill):
-        (JSC::MarkStackArray::donateSomeCellsTo):
-        (JSC::MarkStackArray::stealSomeCellsFrom):
-        (JSC::MarkStackThreadSharedData::markingThreadMain):
-        (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
-        (JSC::MarkStackThreadSharedData::reset):
-        (JSC::MarkStack::reset):
-        (JSC::SlotVisitor::donateSlow):
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::drainFromShared):
-        (JSC::MarkStack::mergeOpaqueRoots):
-        (JSC::SlotVisitor::harvestWeakReferences):
-        * heap/MarkStack.h:
-        (JSC::MarkStackSegment::data):
-        (JSC::MarkStackSegment::capacityFromSize):
-        (JSC::MarkStackSegment::sizeFromCapacity):
-        (JSC::MarkStackArray::postIncTop):
-        (JSC::MarkStackArray::preDecTop):
-        (JSC::MarkStackArray::setTopForFullSegment):
-        (JSC::MarkStackArray::setTopForEmptySegment):
-        (JSC::MarkStackArray::top):
-        (JSC::MarkStackArray::validatePrevious):
-        (JSC::MarkStack::addWeakReferenceHarvester):
-        (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
-        (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::addOpaqueRoot):
-        (JSC::MarkStack::containsOpaqueRoot):
-        (JSC::MarkStack::opaqueRootCount):
-        (JSC::MarkStackArray::append):
-        (JSC::MarkStackArray::canRemoveLast):
-        (JSC::MarkStackArray::removeLast):
-        (JSC::MarkStackArray::isEmpty):
-        (JSC::MarkStackArray::canDonateSomeCells):
-        (JSC::MarkStackArray::size):
-        (JSC::ParallelModeEnabler::ParallelModeEnabler):
-        (JSC::ParallelModeEnabler::~ParallelModeEnabler):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::testAndSetMarked):
-        * heap/SlotVisitor.h:
-        (JSC::SlotVisitor::donate):
-        (JSC::SlotVisitor::donateAndDrain):
-        (JSC::SlotVisitor::donateKnownParallel):
-        (JSC::SlotVisitor::SlotVisitor):
-        * heap/WeakReferenceHarvester.h:
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-        * wtf/Atomics.h:
-        (WTF::weakCompareAndSwap):
-        * wtf/Bitmap.h:
-        (WTF::::Bitmap):
-        (WTF::::get):
-        (WTF::::set):
-        (WTF::::testAndSet):
-        (WTF::::testAndClear):
-        (WTF::::concurrentTestAndSet):
-        (WTF::::concurrentTestAndClear):
-        (WTF::::clear):
-        (WTF::::clearAll):
-        (WTF::::nextPossiblyUnset):
-        (WTF::::findRunOfZeros):
-        (WTF::::count):
-        (WTF::::isEmpty):
-        (WTF::::isFull):
-        * wtf/MainThread.h:
-        (WTF::isMainThreadOrGCThread):
-        * wtf/Platform.h:
-        * wtf/ThreadSpecific.h:
-        (WTF::::isSet):
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::initializeGCThreads):
-        (WTF::initializeMainThreadPlatform):
-        (WTF::initializeMainThreadToProcessMainThreadPlatform):
-        (WTF::registerGCThread):
-        (WTF::isMainThreadOrGCThread):
-
-2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::defaultValue
-        https://bugs.webkit.org/show_bug.cgi?id=71146
-
-        Reviewed by Sam Weinig.
-
-        Added defaultValue to the MethodTable.  Replaced all virtual versions of 
-        defaultValue with static versions.  Replaced all call sites with lookups in the 
-        MethodTable.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/ClassInfo.h:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::defaultValue):
-        (JSC::TerminatedExecutionError::defaultValue):
-        * runtime/ExceptionHelpers.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::defaultValue):
-        * runtime/JSCell.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::defaultValue):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPrimitiveNumber):
-        (JSC::JSObject::defaultValue):
-        * runtime/JSObject.h:
-        (JSC::JSObject::toPrimitive):
-
-2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Interpreter build fix
-
-        Unreviewed build fix
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-10-31  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exits should add to value profiles
-        https://bugs.webkit.org/show_bug.cgi?id=71202
-
-        Reviewed by Oliver Hunt.
-        
-        Value profiles now have an extra special slot not used by the old JIT's
-        profiling, which is reserved for OSR exits.
-        
-        The DFG's OSR exit code now knows which register, node index, and value
-        profiling site was responsible for the (possibly flawed) information that
-        led to the OSR failure. This is somewhat opportunistic and imperfect;
-        if there's a lot of control flow between the value profiling site and the
-        OSR failure point, then this mechanism simply gives up. It also gives up
-        if the OSR failure is caused by either known deficiencies in the DFG
-        (like that we always assume that the index in a strict charCodeAt access
-        is within bounds) or where the OSR failure would be catalogues and
-        profiled through other means (like slow case counters).
-        
-        This patch also adds the notion of a JSValueRegs, which is either a
-        single register in JSVALUE64 or a pair in JSVALUE32_64. We should
-        probably move the 32_64 DFG towards using this, since it often makes it
-        easier to share code between 64 and 32_64.
-        
-        Also fixed a number of pathologies that this uncovered. op_method_check 
-        didn't have a value profiling site on the slow path. GetById should not
-        always force OSR exit if it never executed in the old JIT; we may be
-        able to infer its type if it's a array or string length get. Finally,
-        these changes benefit from a slight tweak to optimization delay
-        heuristics (profile fullness is now 0.35 instead of 0.25).
-        
-        3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
-        and imaging-darkroom.
-
-        * bytecode/ValueProfile.cpp:
-        (JSC::ValueProfile::computeStatistics):
-        (JSC::ValueProfile::computeUpdatedPrediction):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::ValueProfile):
-        (JSC::ValueProfile::specFailBucket):
-        (JSC::ValueProfile::numberOfSamples):
-        (JSC::ValueProfile::isLive):
-        (JSC::ValueProfile::numberOfInt32s):
-        (JSC::ValueProfile::numberOfDoubles):
-        (JSC::ValueProfile::numberOfCells):
-        (JSC::ValueProfile::numberOfObjects):
-        (JSC::ValueProfile::numberOfFinalObjects):
-        (JSC::ValueProfile::numberOfStrings):
-        (JSC::ValueProfile::numberOfArrays):
-        (JSC::ValueProfile::numberOfBooleans):
-        (JSC::ValueProfile::dump):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::getPrediction):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::JSValueRegs::JSValueRegs):
-        (JSC::DFG::JSValueRegs::operator!):
-        (JSC::DFG::JSValueRegs::gpr):
-        (JSC::DFG::JSValueSource::JSValueSource):
-        (JSC::DFG::JSValueSource::unboxedCell):
-        (JSC::DFG::JSValueSource::operator!):
-        (JSC::DFG::JSValueSource::isAddress):
-        (JSC::DFG::JSValueSource::offset):
-        (JSC::DFG::JSValueSource::base):
-        (JSC::DFG::JSValueSource::gpr):
-        (JSC::DFG::JSValueSource::asAddress):
-        (JSC::DFG::JSValueSource::notAddress):
-        (JSC::DFG::JSValueRegs::tagGPR):
-        (JSC::DFG::JSValueRegs::payloadGPR):
-        (JSC::DFG::JSValueSource::tagGPR):
-        (JSC::DFG::JSValueSource::payloadGPR):
-        (JSC::DFG::JSValueSource::hasKnownTag):
-        (JSC::DFG::JSValueSource::tag):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::jsValueRegs):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::valueProfileFor):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::JSValueOperand::jsValueRegs):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::valueProfileFor):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_method_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emitSlow_op_method_check):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/JSValue.h:
-
-2011-10-31  Sam Weinig  <sam@webkit.org>
-
-        Remove need for virtual JSObject::unwrappedObject
-        https://bugs.webkit.org/show_bug.cgi?id=71034
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.exp:
-        Update exports.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Add JSGlobalThis.cpp.
-
-        * runtime/JSGlobalThis.cpp: Added.
-        (JSC::JSGlobalThis::visitChildren):
-        (JSC::JSGlobalThis::unwrappedObject):
-        * runtime/JSGlobalThis.h:
-        (JSC::JSGlobalThis::createStructure):
-        Move underlying object from JSDOMWindowShell down to JSGlobalThis
-        and corresponding visitChildren method.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::unwrappedObject):
-        Change unwrappedObject from virtual, to just needing an if check.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::isGlobalThis):
-        * runtime/JSType.h:
-        Add isGlobalThis predicate and type.
-
-2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
-
-        WTF::StringImpl::create(const char*, unsigned) calls itself
-        https://bugs.webkit.org/show_bug.cgi?id=71206
-
-        The original implementation just calls itself, causing infinite recursion.
-        Cast the first parameter to const LChar* to fix that.
-
-        Reviewed by Ryosuke Niwa.
-
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::create):
-
-2011-10-31  Andy Wingo  <wingo@igalia.com>
-
-        Fix DFG JIT compilation on Linux targets.
-        https://bugs.webkit.org/show_bug.cgi?id=70904
-
-        Reviewed by Darin Adler.
-
-        * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
-        macro.
-
-        * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
-        simplified definition from jit/JITStubs.cpp.
-        (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
-        Use the macro to access trampoline targets through the PLT on PIC
-        systems, instead of introducing a text relocation.  Otherwise, the
-        library fails to link.
-
-2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSObject::defineGetter
-        https://bugs.webkit.org/show_bug.cgi?id=71134
-
-        Reviewed by Darin Adler.
-
-        Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
-        with static versions.  Replaced all call sites with lookups in the MethodTable.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::defineGetter):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ClassInfo.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::defineGetter):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::defineGetter):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::putDescriptor):
-        * runtime/JSObject.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineGetter):
-
-2011-10-31  Michael Saboff  <msaboff@apple.com>
-
-        Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=71138
-
-        Restructure and movement of Lexer and Parser code.
-        Moved Lexer and Parser objects out of JSGlobalData.
-        Added a new ParserTokens class and instance to JSGlobalData that
-        have JavaScript token related definitions.
-        Replaced JSGlobalData arguments to Node classes with lineNumber,
-        as that was the only use of the JSGlobalData.
-        Combined JSParser and Parser classes into one class,
-        eliminating JSParser.h and .cpp.
-        Various supporting #include changes.
-
-        These mostly mechanical changes are done in preparation to
-        making the Lexer and Parser template classes.
-
-        Reviewed by Darin Adler.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::ASTBuilder):
-        (JSC::ASTBuilder::createSourceElements):
-        (JSC::ASTBuilder::createCommaExpr):
-        (JSC::ASTBuilder::createLogicalNot):
-        (JSC::ASTBuilder::createUnaryPlus):
-        (JSC::ASTBuilder::createVoid):
-        (JSC::ASTBuilder::thisExpr):
-        (JSC::ASTBuilder::createResolve):
-        (JSC::ASTBuilder::createObjectLiteral):
-        (JSC::ASTBuilder::createArray):
-        (JSC::ASTBuilder::createNumberExpr):
-        (JSC::ASTBuilder::createString):
-        (JSC::ASTBuilder::createBoolean):
-        (JSC::ASTBuilder::createNull):
-        (JSC::ASTBuilder::createBracketAccess):
-        (JSC::ASTBuilder::createDotAccess):
-        (JSC::ASTBuilder::createRegExp):
-        (JSC::ASTBuilder::createNewExpr):
-        (JSC::ASTBuilder::createConditionalExpr):
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createFunctionExpr):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createArguments):
-        (JSC::ASTBuilder::createArgumentsList):
-        (JSC::ASTBuilder::createPropertyList):
-        (JSC::ASTBuilder::createElementList):
-        (JSC::ASTBuilder::createFormalParameterList):
-        (JSC::ASTBuilder::createClause):
-        (JSC::ASTBuilder::createClauseList):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createBlockStatement):
-        (JSC::ASTBuilder::createExprStatement):
-        (JSC::ASTBuilder::createIfStatement):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::createEmptyStatement):
-        (JSC::ASTBuilder::createVarStatement):
-        (JSC::ASTBuilder::createReturnStatement):
-        (JSC::ASTBuilder::createBreakStatement):
-        (JSC::ASTBuilder::createContinueStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createSwitchStatement):
-        (JSC::ASTBuilder::createWhileStatement):
-        (JSC::ASTBuilder::createDoWhileStatement):
-        (JSC::ASTBuilder::createLabelStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::createThrowStatement):
-        (JSC::ASTBuilder::createDebugger):
-        (JSC::ASTBuilder::createConstStatement):
-        (JSC::ASTBuilder::appendConstDecl):
-        (JSC::ASTBuilder::combineCommaNodes):
-        (JSC::ASTBuilder::appendBinaryOperation):
-        (JSC::ASTBuilder::createAssignment):
-        (JSC::ASTBuilder::createNumber):
-        (JSC::ASTBuilder::makeTypeOfNode):
-        (JSC::ASTBuilder::makeDeleteNode):
-        (JSC::ASTBuilder::makeNegateNode):
-        (JSC::ASTBuilder::makeBitwiseNotNode):
-        (JSC::ASTBuilder::makeMultNode):
-        (JSC::ASTBuilder::makeDivNode):
-        (JSC::ASTBuilder::makeModNode):
-        (JSC::ASTBuilder::makeAddNode):
-        (JSC::ASTBuilder::makeSubNode):
-        (JSC::ASTBuilder::makeLeftShiftNode):
-        (JSC::ASTBuilder::makeRightShiftNode):
-        (JSC::ASTBuilder::makeURightShiftNode):
-        (JSC::ASTBuilder::makeBitOrNode):
-        (JSC::ASTBuilder::makeBitAndNode):
-        (JSC::ASTBuilder::makeBitXOrNode):
-        (JSC::ASTBuilder::makeFunctionCallNode):
-        (JSC::ASTBuilder::makeBinaryNode):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/JSParser.cpp: Removed.
-        * parser/JSParser.h: Removed.
-        * parser/Lexer.cpp:
-        (JSC::Keywords::Keywords):
-        (JSC::Lexer::Lexer):
-        (JSC::Lexer::~Lexer):
-        (JSC::Lexer::setCode):
-        (JSC::Lexer::parseIdentifier):
-        * parser/Lexer.h:
-        (JSC::Keywords::isKeyword):
-        (JSC::Keywords::getKeyword):
-        (JSC::Keywords::~Keywords):
-        (JSC::Lexer::setIsReparsing):
-        (JSC::Lexer::isReparsing):
-        (JSC::Lexer::lineNumber):
-        (JSC::Lexer::setLastLineNumber):
-        (JSC::Lexer::lastLineNumber):
-        (JSC::Lexer::prevTerminator):
-        (JSC::Lexer::sawError):
-        (JSC::Lexer::getErrorMessage):
-        (JSC::Lexer::currentOffset):
-        (JSC::Lexer::setOffset):
-        (JSC::Lexer::setLineNumber):
-        (JSC::Lexer::sourceProvider):
-        (JSC::Lexer::isWhiteSpace):
-        (JSC::Lexer::isLineTerminator):
-        (JSC::Lexer::convertHex):
-        (JSC::Lexer::convertUnicode):
-        (JSC::Lexer::makeIdentifier):
-        (JSC::Lexer::lexExpectIdentifier):
-        * parser/NodeConstructors.h:
-        (JSC::ParserArenaFreeable::operator new):
-        (JSC::ParserArenaDeletable::operator new):
-        (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
-        (JSC::Node::Node):
-        (JSC::ExpressionNode::ExpressionNode):
-        (JSC::StatementNode::StatementNode):
-        (JSC::NullNode::NullNode):
-        (JSC::BooleanNode::BooleanNode):
-        (JSC::NumberNode::NumberNode):
-        (JSC::StringNode::StringNode):
-        (JSC::RegExpNode::RegExpNode):
-        (JSC::ThisNode::ThisNode):
-        (JSC::ResolveNode::ResolveNode):
-        (JSC::ElementNode::ElementNode):
-        (JSC::ArrayNode::ArrayNode):
-        (JSC::PropertyNode::PropertyNode):
-        (JSC::PropertyListNode::PropertyListNode):
-        (JSC::ObjectLiteralNode::ObjectLiteralNode):
-        (JSC::BracketAccessorNode::BracketAccessorNode):
-        (JSC::DotAccessorNode::DotAccessorNode):
-        (JSC::ArgumentListNode::ArgumentListNode):
-        (JSC::ArgumentsNode::ArgumentsNode):
-        (JSC::NewExprNode::NewExprNode):
-        (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
-        (JSC::FunctionCallValueNode::FunctionCallValueNode):
-        (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
-        (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
-        (JSC::FunctionCallDotNode::FunctionCallDotNode):
-        (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
-        (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
-        (JSC::PrePostResolveNode::PrePostResolveNode):
-        (JSC::PostfixResolveNode::PostfixResolveNode):
-        (JSC::PostfixBracketNode::PostfixBracketNode):
-        (JSC::PostfixDotNode::PostfixDotNode):
-        (JSC::PostfixErrorNode::PostfixErrorNode):
-        (JSC::DeleteResolveNode::DeleteResolveNode):
-        (JSC::DeleteBracketNode::DeleteBracketNode):
-        (JSC::DeleteDotNode::DeleteDotNode):
-        (JSC::DeleteValueNode::DeleteValueNode):
-        (JSC::VoidNode::VoidNode):
-        (JSC::TypeOfResolveNode::TypeOfResolveNode):
-        (JSC::TypeOfValueNode::TypeOfValueNode):
-        (JSC::PrefixResolveNode::PrefixResolveNode):
-        (JSC::PrefixBracketNode::PrefixBracketNode):
-        (JSC::PrefixDotNode::PrefixDotNode):
-        (JSC::PrefixErrorNode::PrefixErrorNode):
-        (JSC::UnaryOpNode::UnaryOpNode):
-        (JSC::UnaryPlusNode::UnaryPlusNode):
-        (JSC::NegateNode::NegateNode):
-        (JSC::BitwiseNotNode::BitwiseNotNode):
-        (JSC::LogicalNotNode::LogicalNotNode):
-        (JSC::BinaryOpNode::BinaryOpNode):
-        (JSC::MultNode::MultNode):
-        (JSC::DivNode::DivNode):
-        (JSC::ModNode::ModNode):
-        (JSC::AddNode::AddNode):
-        (JSC::SubNode::SubNode):
-        (JSC::LeftShiftNode::LeftShiftNode):
-        (JSC::RightShiftNode::RightShiftNode):
-        (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
-        (JSC::LessNode::LessNode):
-        (JSC::GreaterNode::GreaterNode):
-        (JSC::LessEqNode::LessEqNode):
-        (JSC::GreaterEqNode::GreaterEqNode):
-        (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
-        (JSC::InstanceOfNode::InstanceOfNode):
-        (JSC::InNode::InNode):
-        (JSC::EqualNode::EqualNode):
-        (JSC::NotEqualNode::NotEqualNode):
-        (JSC::StrictEqualNode::StrictEqualNode):
-        (JSC::NotStrictEqualNode::NotStrictEqualNode):
-        (JSC::BitAndNode::BitAndNode):
-        (JSC::BitOrNode::BitOrNode):
-        (JSC::BitXOrNode::BitXOrNode):
-        (JSC::LogicalOpNode::LogicalOpNode):
-        (JSC::ConditionalNode::ConditionalNode):
-        (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
-        (JSC::AssignResolveNode::AssignResolveNode):
-        (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
-        (JSC::AssignBracketNode::AssignBracketNode):
-        (JSC::AssignDotNode::AssignDotNode):
-        (JSC::ReadModifyDotNode::ReadModifyDotNode):
-        (JSC::AssignErrorNode::AssignErrorNode):
-        (JSC::CommaNode::CommaNode):
-        (JSC::ConstStatementNode::ConstStatementNode):
-        (JSC::SourceElements::SourceElements):
-        (JSC::EmptyStatementNode::EmptyStatementNode):
-        (JSC::DebuggerStatementNode::DebuggerStatementNode):
-        (JSC::ExprStatementNode::ExprStatementNode):
-        (JSC::VarStatementNode::VarStatementNode):
-        (JSC::IfNode::IfNode):
-        (JSC::IfElseNode::IfElseNode):
-        (JSC::DoWhileNode::DoWhileNode):
-        (JSC::WhileNode::WhileNode):
-        (JSC::ForNode::ForNode):
-        (JSC::ContinueNode::ContinueNode):
-        (JSC::BreakNode::BreakNode):
-        (JSC::ReturnNode::ReturnNode):
-        (JSC::WithNode::WithNode):
-        (JSC::LabelNode::LabelNode):
-        (JSC::ThrowNode::ThrowNode):
-        (JSC::TryNode::TryNode):
-        (JSC::ParameterNode::ParameterNode):
-        (JSC::FuncExprNode::FuncExprNode):
-        (JSC::FuncDeclNode::FuncDeclNode):
-        (JSC::CaseClauseNode::CaseClauseNode):
-        (JSC::ClauseListNode::ClauseListNode):
-        (JSC::CaseBlockNode::CaseBlockNode):
-        (JSC::SwitchNode::SwitchNode):
-        (JSC::ConstDeclNode::ConstDeclNode):
-        (JSC::BlockNode::BlockNode):
-        (JSC::ForInNode::ForInNode):
-        * parser/NodeInfo.h:
-        * parser/Nodes.cpp:
-        (JSC::StatementNode::setLoc):
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (JSC::Node::lineNo):
-        * parser/Parser.cpp:
-        (JSC::Parser::Parser):
-        (JSC::Parser::~Parser):
-        (JSC::Parser::parseInner):
-        (JSC::Parser::allowAutomaticSemicolon):
-        (JSC::Parser::parseSourceElements):
-        (JSC::Parser::parseVarDeclaration):
-        (JSC::Parser::parseConstDeclaration):
-        (JSC::Parser::parseDoWhileStatement):
-        (JSC::Parser::parseWhileStatement):
-        (JSC::Parser::parseVarDeclarationList):
-        (JSC::Parser::parseConstDeclarationList):
-        (JSC::Parser::parseForStatement):
-        (JSC::Parser::parseBreakStatement):
-        (JSC::Parser::parseContinueStatement):
-        (JSC::Parser::parseReturnStatement):
-        (JSC::Parser::parseThrowStatement):
-        (JSC::Parser::parseWithStatement):
-        (JSC::Parser::parseSwitchStatement):
-        (JSC::Parser::parseSwitchClauses):
-        (JSC::Parser::parseSwitchDefaultClause):
-        (JSC::Parser::parseTryStatement):
-        (JSC::Parser::parseDebuggerStatement):
-        (JSC::Parser::parseBlockStatement):
-        (JSC::Parser::parseStatement):
-        (JSC::Parser::parseFormalParameters):
-        (JSC::Parser::parseFunctionBody):
-        (JSC::Parser::parseFunctionInfo):
-        (JSC::Parser::parseFunctionDeclaration):
-        (JSC::LabelInfo::LabelInfo):
-        (JSC::Parser::parseExpressionOrLabelStatement):
-        (JSC::Parser::parseExpressionStatement):
-        (JSC::Parser::parseIfStatement):
-        (JSC::Parser::parseExpression):
-        (JSC::Parser::parseAssignmentExpression):
-        (JSC::Parser::parseConditionalExpression):
-        (JSC::isUnaryOp):
-        (JSC::Parser::isBinaryOperator):
-        (JSC::Parser::parseBinaryExpression):
-        (JSC::Parser::parseProperty):
-        (JSC::Parser::parseObjectLiteral):
-        (JSC::Parser::parseStrictObjectLiteral):
-        (JSC::Parser::parseArrayLiteral):
-        (JSC::Parser::parsePrimaryExpression):
-        (JSC::Parser::parseArguments):
-        (JSC::Parser::parseMemberExpression):
-        (JSC::Parser::parseUnaryExpression):
-        * parser/Parser.h:
-        (JSC::isEvalNode):
-        (JSC::EvalNode):
-        (JSC::DepthManager::DepthManager):
-        (JSC::DepthManager::~DepthManager):
-        (JSC::ScopeLabelInfo::ScopeLabelInfo):
-        (JSC::Scope::Scope):
-        (JSC::Scope::startSwitch):
-        (JSC::Scope::endSwitch):
-        (JSC::Scope::startLoop):
-        (JSC::Scope::endLoop):
-        (JSC::Scope::inLoop):
-        (JSC::Scope::breakIsValid):
-        (JSC::Scope::continueIsValid):
-        (JSC::Scope::pushLabel):
-        (JSC::Scope::popLabel):
-        (JSC::Scope::getLabel):
-        (JSC::Scope::setIsFunction):
-        (JSC::Scope::isFunction):
-        (JSC::Scope::isFunctionBoundary):
-        (JSC::Scope::declareVariable):
-        (JSC::Scope::declareWrite):
-        (JSC::Scope::preventNewDecls):
-        (JSC::Scope::allowsNewDecls):
-        (JSC::Scope::declareParameter):
-        (JSC::Scope::useVariable):
-        (JSC::Scope::setNeedsFullActivation):
-        (JSC::Scope::collectFreeVariables):
-        (JSC::Scope::getUncapturedWrittenVariables):
-        (JSC::Scope::getCapturedVariables):
-        (JSC::Scope::setStrictMode):
-        (JSC::Scope::strictMode):
-        (JSC::Scope::isValidStrictMode):
-        (JSC::Scope::shadowsArguments):
-        (JSC::Scope::copyCapturedVariablesToVector):
-        (JSC::Scope::saveFunctionInfo):
-        (JSC::Scope::restoreFunctionInfo):
-        (JSC::ScopeRef::ScopeRef):
-        (JSC::ScopeRef::operator->):
-        (JSC::ScopeRef::index):
-        (JSC::ScopeRef::hasContainingScope):
-        (JSC::ScopeRef::containingScope):
-        (JSC::Parser::AllowInOverride::AllowInOverride):
-        (JSC::Parser::AllowInOverride::~AllowInOverride):
-        (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
-        (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
-        (JSC::Parser::AutoPopScopeRef::setPopped):
-        (JSC::Parser::currentScope):
-        (JSC::Parser::pushScope):
-        (JSC::Parser::popScopeInternal):
-        (JSC::Parser::popScope):
-        (JSC::Parser::declareVariable):
-        (JSC::Parser::declareWrite):
-        (JSC::Parser::findCachedFunctionInfo):
-        (JSC::Parser::isFunctionBodyNode):
-        (JSC::Parser::next):
-        (JSC::Parser::nextExpectIdentifier):
-        (JSC::Parser::nextTokenIsColon):
-        (JSC::Parser::consume):
-        (JSC::Parser::getToken):
-        (JSC::Parser::match):
-        (JSC::Parser::tokenStart):
-        (JSC::Parser::tokenLine):
-        (JSC::Parser::tokenEnd):
-        (JSC::Parser::getTokenName):
-        (JSC::Parser::updateErrorMessageSpecialCase):
-        (JSC::Parser::updateErrorMessage):
-        (JSC::Parser::updateErrorWithNameAndMessage):
-        (JSC::Parser::startLoop):
-        (JSC::Parser::endLoop):
-        (JSC::Parser::startSwitch):
-        (JSC::Parser::endSwitch):
-        (JSC::Parser::setStrictMode):
-        (JSC::Parser::strictMode):
-        (JSC::Parser::isValidStrictMode):
-        (JSC::Parser::declareParameter):
-        (JSC::Parser::breakIsValid):
-        (JSC::Parser::continueIsValid):
-        (JSC::Parser::pushLabel):
-        (JSC::Parser::popLabel):
-        (JSC::Parser::getLabel):
-        (JSC::Parser::autoSemiColon):
-        (JSC::Parser::canRecurse):
-        (JSC::Parser::lastTokenEnd):
-        (JSC::Parser::DepthManager::DepthManager):
-        (JSC::Parser::DepthManager::~DepthManager):
-        (JSC::Parser::parse):
-        (JSC::parse):
-        * parser/ParserTokens.h: Added.
-        (JSC::JSTokenInfo::JSTokenInfo):
-        * parser/SourceCode.h:
-        (JSC::SourceCode::subExpression):
-        * parser/SourceProviderCacheItem.h:
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::SyntaxChecker):
-        (JSC::SyntaxChecker::makeFunctionCallNode):
-        (JSC::SyntaxChecker::createCommaExpr):
-        (JSC::SyntaxChecker::makeAssignNode):
-        (JSC::SyntaxChecker::makePrefixNode):
-        (JSC::SyntaxChecker::makePostfixNode):
-        (JSC::SyntaxChecker::makeTypeOfNode):
-        (JSC::SyntaxChecker::makeDeleteNode):
-        (JSC::SyntaxChecker::makeNegateNode):
-        (JSC::SyntaxChecker::makeBitwiseNotNode):
-        (JSC::SyntaxChecker::createLogicalNot):
-        (JSC::SyntaxChecker::createUnaryPlus):
-        (JSC::SyntaxChecker::createVoid):
-        (JSC::SyntaxChecker::thisExpr):
-        (JSC::SyntaxChecker::createResolve):
-        (JSC::SyntaxChecker::createObjectLiteral):
-        (JSC::SyntaxChecker::createArray):
-        (JSC::SyntaxChecker::createNumberExpr):
-        (JSC::SyntaxChecker::createString):
-        (JSC::SyntaxChecker::createBoolean):
-        (JSC::SyntaxChecker::createNull):
-        (JSC::SyntaxChecker::createBracketAccess):
-        (JSC::SyntaxChecker::createDotAccess):
-        (JSC::SyntaxChecker::createRegExp):
-        (JSC::SyntaxChecker::createNewExpr):
-        (JSC::SyntaxChecker::createConditionalExpr):
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createFunctionExpr):
-        (JSC::SyntaxChecker::createFunctionBody):
-        (JSC::SyntaxChecker::createArguments):
-        (JSC::SyntaxChecker::createArgumentsList):
-        (JSC::SyntaxChecker::createProperty):
-        (JSC::SyntaxChecker::createPropertyList):
-        (JSC::SyntaxChecker::createFuncDeclStatement):
-        (JSC::SyntaxChecker::createBlockStatement):
-        (JSC::SyntaxChecker::createExprStatement):
-        (JSC::SyntaxChecker::createIfStatement):
-        (JSC::SyntaxChecker::createForLoop):
-        (JSC::SyntaxChecker::createForInLoop):
-        (JSC::SyntaxChecker::createEmptyStatement):
-        (JSC::SyntaxChecker::createVarStatement):
-        (JSC::SyntaxChecker::createReturnStatement):
-        (JSC::SyntaxChecker::createBreakStatement):
-        (JSC::SyntaxChecker::createContinueStatement):
-        (JSC::SyntaxChecker::createTryStatement):
-        (JSC::SyntaxChecker::createSwitchStatement):
-        (JSC::SyntaxChecker::createWhileStatement):
-        (JSC::SyntaxChecker::createWithStatement):
-        (JSC::SyntaxChecker::createDoWhileStatement):
-        (JSC::SyntaxChecker::createLabelStatement):
-        (JSC::SyntaxChecker::createThrowStatement):
-        (JSC::SyntaxChecker::createDebugger):
-        (JSC::SyntaxChecker::createConstStatement):
-        (JSC::SyntaxChecker::appendConstDecl):
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-        (JSC::SyntaxChecker::combineCommaNodes):
-        (JSC::SyntaxChecker::operatorStackPop):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::tryJSONPParse):
-
-2011-10-31  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
-        https://bugs.webkit.org/show_bug.cgi?id=71227
-
-        Reviewed by Oliver Hunt.
-        
-        No new tests, since while I can see exactly where the DFG went wrong on the
-        site in question from looking at the generated machine code, and while I can
-        certainly believe that such a scenario would happen, I cannot visualize how
-        to make it happen reproducibly. It requires an odd combination of double
-        values getting spilled and then refilled, but then reboxed at just the right
-        time so that the spilled value is an unboxed double while the in-register
-        value is a boxed double.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-30  Filip Pizlo  <fpizlo@apple.com>
-
-        JSParser::parsePrimaryExpression should have an overflow check
-        https://bugs.webkit.org/show_bug.cgi?id=71197
-
-        Reviewed by Geoff Garen.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parsePrimaryExpression):
-
-2011-10-30  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ValueAdd(string, int) should not fail speculation
-        https://bugs.webkit.org/show_bug.cgi?id=71195
-
-        Reviewed by Geoff Garen.
-        
-        1% speed-up on V8.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldNotSpeculateInteger):
-        (JSC::DFG::Node::shouldSpeculateInteger):
-
-2011-10-30  Filip Pizlo  <fpizlo@apple.com>
-
-        The DFG inliner should not flush the callee
-        https://bugs.webkit.org/show_bug.cgi?id=71191
-
-        Reviewed by Oliver Hunt.
-        
-        0.6% speed-up on V8.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeOrigin.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::flush):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallerFrameSlow):
-
-2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
-        https://bugs.webkit.org/show_bug.cgi?id=70968
-
-        Reviewed by Geoffrey Garen.
-
-        * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
-        TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
-        needed it because Windows wouldn't build without it.
-        (JSC::::createStructure):
-        * API/JSCallbackObject.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
-        (JSC::ErrorInstance::createStructure):
-        * runtime/ErrorPrototype.h: Ditto
-        (JSC::ErrorPrototype::createStructure):
-        * runtime/JSActivation.h: Ditto
-        (JSC::JSActivation::createStructure):
-        * runtime/JSGlobalObject.h: Ditto
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
-        (JSC::JSObject::isGlobalObject):
-        (JSC::JSObject::isVariableObject):
-        (JSC::JSObject::isActivationObject):
-        (JSC::JSObject::isErrorInstance):
-        * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
-        * runtime/JSVariableObject.cpp: Removed virtual function.
-        * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
-        (JSC::JSVariableObject::createStructure):
-
-2011-10-28  Pavel Feldman  <pfeldman@google.com>
-
-        Reset line numbers for scripts generated with document.write.
-        https://bugs.webkit.org/show_bug.cgi?id=71099
-
-        Reviewed by Yury Semikhatsky.
-
-        * wtf/text/TextPosition.h:
-        (WTF::OrdinalNumber::OrdinalNumber):
-
-2011-10-27  Daniel Bates  <dbates@rim.com>
-
-        CMake: Add support to optionally install the built JavaScript shell
-        https://bugs.webkit.org/show_bug.cgi?id=71062
-
-        Reviewed by Antonio Gomes.
-
-        Generate an installation rule for installing the JavaScript shell in
-        /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
-        is defined.
-
-        * shell/CMakeLists.txt:
-
-2011-10-27  Kentaro Hara  <haraken@chromium.org>
-
-        Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
-        https://bugs.webkit.org/show_bug.cgi?id=70215
-
-        Reviewed by Adam Barth.
-
-        Added a method that judges if a given JSValue is empty.
-
-        Tests: transforms/svg-vs-css.xhtml
-               transforms/cssmatrix-2d-interface.xhtml
-               transforms/cssmatrix-3d-interface.xhtml
-
-        * runtime/JSValue.h:
-        * runtime/JSValueInlineMethods.h:
-        (JSC::JSValue::isEmpty):
-
-2011-10-27  Michael Saboff  <msaboff@apple.com>
-
-        ENH: Add 8 bit string support to JSC JIT
-        https://bugs.webkit.org/show_bug.cgi?id=71073
-
-        Changed the JIT String character access generation to create code
-        to check the character size and load8() or load16() as approriate.
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::load8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movzbl_mr):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadCharacterString):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        * jit/JSInterfaceJIT.h:
-        (JSC::ThunkHelpers::stringImplFlagsOffset):
-        (JSC::ThunkHelpers::stringImpl8BitFlag):
-        * jit/ThunkGenerators.cpp:
-        (JSC::stringCharLoad):
-
-2011-10-27  Filip Pizlo  <fpizlo@apple.com>
-
-        If the bytecode generator emits code after the return in the first basic block,
-        DFG's inliner crashes
-        https://bugs.webkit.org/show_bug.cgi?id=71071
-
-        Reviewed by Gavin Barraclough.
-        
-        Removed some cruft dealing with parsing failures due to unsupported functionality
-        (that's never reached anymore due to it being caught in DFGCapabilities). This
-        allowed me to repurpose the bool return from parseBlock() to mean: true if we
-        should continue to parse, or false if we've already parsed all live code.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-
-2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Make FeatureDefines Identical Across OS X Projects
-        https://bugs.webkit.org/show_bug.cgi?id=71051
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-10-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
-        https://bugs.webkit.org/show_bug.cgi?id=71045
-
-        Reviewed by Geoff Garen.
-        
-        Make sure that if a structure is pinned, it also has a property map.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::pin):
-        (JSC::Structure::copyPropertyTableForPinning):
-        * runtime/Structure.h:
-        (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
-
-2011-10-27  Michael Saboff  <msaboff@apple.com>
-
-        32bit build failure after r98624
-        https://bugs.webkit.org/show_bug.cgi?id=71064
-
-        Disambiguated operator overload with unsigned index (0u).
-
-        Reviewed by Sam Weinig.
-
-        * runtime/UString.h:
-        (JSC::operator==):
-
-2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Fix building on GNU/kFreeBSD
-        https://bugs.webkit.org/show_bug.cgi?id=71005
-
-        Reviewed by Darin Adler.
-
-        * config.h:
-        * wtf/Platform.h:
-
-2011-10-27  Michael Saboff  <msaboff@apple.com>
-
-        Investigate storing strings in 8-bit buffers when possible
-        https://bugs.webkit.org/show_bug.cgi?id=66161
-
-        Investigate storing strings in 8-bit buffers when possible
-        https://bugs.webkit.org/show_bug.cgi?id=66161
-
-        Added support for 8 bit string data in StringImpl.  Changed
-        (UChar*) m_data to m_data16.  Added char* m_data8 as a union
-        with m_data16.  Added UChar* m_copyData16 to the other union
-        to store a 16 bit copy of an 8 bit string when needed.
-        Added characters8() and characters16() accessor methods
-        that assume the caller has checked the underlying string type
-        via the new is8Bit() method. The characters() method will
-        return a UChar* of the string, materializing a 16 bit copy if the
-        string is an 8 bit string.  Added two flags, one for 8 bit buffer
-        and a second for a 16 bit copy for an 8 bit string.
-
-        Fixed method name typo (StringHasher::defaultCoverter()).
-
-        Over time the goal is to eliminate calls to characters() and
-        us the character8() and characters16() accessors.
-
-        This patch does not include changes that actually create 8 bit
-        strings. This is the first of at least 8 patches.  Subsequent
-        patches will be submitted for JIT changes, making the JSC lexer,
-        parser and literal parser, JavaScript string changes and
-        then changes in webcore to take advantage of the 8 bit strings.
-
-        This change is performance neutral for SunSpider and V8 when
-        run from the command line with "jsc".
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        * parser/SourceProvider.h:
-        (JSC::UStringSourceProvider::data):
-        (JSC::UStringSourceProvider::UStringSourceProvider):
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierCStringTranslator::hash):
-        (JSC::IdentifierCStringTranslator::equal):
-        (JSC::IdentifierCStringTranslator::translate):
-        (JSC::Identifier::add):
-        (JSC::Identifier::toUInt32):
-        * runtime/Identifier.h:
-        (JSC::Identifier::equal):
-        (JSC::operator==):
-        (JSC::operator!=):
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::resolveRopeSlowCase):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::match):
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators):
-        * runtime/UString.cpp:
-        (JSC::UString::UString):
-        (JSC::equalSlowCase):
-        (JSC::UString::utf8):
-        * runtime/UString.h:
-        (JSC::UString::characters):
-        (JSC::UString::characters8):
-        (JSC::UString::characters16):
-        (JSC::UString::is8Bit):
-        (JSC::UString::operator[]):
-        (JSC::UString::find):
-        (JSC::operator==):
-        * wtf/StringHasher.h:
-        (WTF::StringHasher::computeHash):
-        (WTF::StringHasher::defaultConverter):
-        * wtf/text/AtomicString.cpp:
-        (WTF::CStringTranslator::hash):
-        (WTF::CStringTranslator::equal):
-        (WTF::CStringTranslator::translate):
-        (WTF::AtomicString::add):
-        * wtf/text/AtomicString.h:
-        (WTF::AtomicString::AtomicString):
-        (WTF::AtomicString::contains):
-        (WTF::AtomicString::find):
-        (WTF::AtomicString::add):
-        (WTF::operator==):
-        (WTF::operator!=):
-        (WTF::equalIgnoringCase):
-        * wtf/text/StringConcatenate.h:
-        * wtf/text/StringHash.h:
-        (WTF::StringHash::equal):
-        (WTF::CaseFoldingHash::hash):
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::~StringImpl):
-        (WTF::StringImpl::createUninitialized):
-        (WTF::StringImpl::create):
-        (WTF::StringImpl::getData16SlowCase):
-        (WTF::StringImpl::containsOnlyWhitespace):
-        (WTF::StringImpl::substring):
-        (WTF::StringImpl::characterStartingAt):
-        (WTF::StringImpl::lower):
-        (WTF::StringImpl::upper):
-        (WTF::StringImpl::fill):
-        (WTF::StringImpl::foldCase):
-        (WTF::StringImpl::stripMatchedCharacters):
-        (WTF::StringImpl::removeCharacters):
-        (WTF::StringImpl::simplifyMatchedCharactersToSpace):
-        (WTF::StringImpl::toIntStrict):
-        (WTF::StringImpl::toUIntStrict):
-        (WTF::StringImpl::toInt64Strict):
-        (WTF::StringImpl::toUInt64Strict):
-        (WTF::StringImpl::toIntPtrStrict):
-        (WTF::StringImpl::toInt):
-        (WTF::StringImpl::toUInt):
-        (WTF::StringImpl::toInt64):
-        (WTF::StringImpl::toUInt64):
-        (WTF::StringImpl::toIntPtr):
-        (WTF::StringImpl::toDouble):
-        (WTF::StringImpl::toFloat):
-        (WTF::equal):
-        (WTF::equalIgnoringCase):
-        (WTF::StringImpl::find):
-        (WTF::StringImpl::findIgnoringCase):
-        (WTF::StringImpl::reverseFind):
-        (WTF::StringImpl::replace):
-        (WTF::StringImpl::defaultWritingDirection):
-        (WTF::StringImpl::adopt):
-        (WTF::StringImpl::createWithTerminatingNullCharacter):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::StringImpl):
-        (WTF::StringImpl::create):
-        (WTF::StringImpl::create8):
-        (WTF::StringImpl::tryCreateUninitialized):
-        (WTF::StringImpl::flagsOffset):
-        (WTF::StringImpl::flagIs8Bit):
-        (WTF::StringImpl::dataOffset):
-        (WTF::StringImpl::is8Bit):
-        (WTF::StringImpl::characters8):
-        (WTF::StringImpl::characters16):
-        (WTF::StringImpl::characters):
-        (WTF::StringImpl::has16BitShadow):
-        (WTF::StringImpl::setHash):
-        (WTF::StringImpl::hash):
-        (WTF::StringImpl::copyChars):
-        (WTF::StringImpl::operator[]):
-        (WTF::StringImpl::find):
-        (WTF::StringImpl::findIgnoringCase):
-        (WTF::equal):
-        (WTF::equalIgnoringCase):
-        (WTF::StringImpl::isolatedCopy):
-        * wtf/text/WTFString.cpp:
-        (WTF::String::String):
-        (WTF::String::append):
-        (WTF::String::format):
-        (WTF::String::fromUTF8):
-        (WTF::String::fromUTF8WithLatin1Fallback):
-        * wtf/text/WTFString.h:
-        (WTF::String::find):
-        (WTF::String::findIgnoringCase):
-        (WTF::String::contains):
-        (WTF::String::append):
-        (WTF::String::fromUTF8):
-        (WTF::String::fromUTF8WithLatin1Fallback):
-        (WTF::operator==):
-        (WTF::operator!=):
-        (WTF::equalIgnoringCase):
-        * wtf/unicode/Unicode.h:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::execute):
-        * yarr/YarrJIT.h:
-        (JSC::Yarr::YarrCodeBlock::execute):
-        * yarr/YarrParser.h:
-        (JSC::Yarr::Parser::Parser):
-
-2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing windows build
-
-        Unreviewed build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add ability to check for presence of static members at compile time
-        https://bugs.webkit.org/show_bug.cgi?id=70986
-
-        Reviewed by Geoffrey Garen.
-
-        Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
-        HAS_MEMBER_NAMED macro to use that template to check if the specified class 
-        does indeed have a method with that name.  This mechanism is not currently 
-        used anywhere, but will be in the future when adding virtual methods from 
-        JSObject to the MethodTable.
-
-        * runtime/ClassInfo.h:
-
-2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSCell::toThisObject
-        https://bugs.webkit.org/show_bug.cgi?id=70958
-
-        Reviewed by Geoffrey Garen.
-
-        Converted all instances of toThisObject to static functions, 
-        added toThisObject to the MethodTable, and replaced all call sites
-        with a corresponding lookup in the MethodTable.
-
-        * API/JSContextRef.cpp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/ClassInfo.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::toThisObject):
-        * runtime/JSActivation.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toThisObject):
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::toThisObject):
-        * runtime/JSObject.h:
-        (JSC::JSValue::toThisObject):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::toThisObject):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::toThisObject):
-        * runtime/JSString.h:
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::toThisObject):
-        * runtime/StrictEvalActivation.h:
-
-2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Fix a small bug in callOperation after r98431
-        https://bugs.webkit.org/show_bug.cgi?id=70984
-
-        Reviewed by Geoffrey Garen.
-
-        TrustedImmPtr is not expecting "int" type parameters.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-
-2011-10-26  Oliver Hunt  <oliver@apple.com>
-
-        Restore structure-clearing behaviour of allocateCell<>
-        https://bugs.webkit.org/show_bug.cgi?id=70976
-
-        Reviewed by Geoffrey Garen.
-
-        This restores the logic that allows the markstack to filter
-        live objects that have not yet been initialised.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::clearStructure):
-           Validation-safe method to clear a cell's structure.
-        (JSC::allocateCell):
-           Call the above method.
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend):
-           Don't visit cells that haven't been initialised.
-
-2011-10-26  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r97030): Cannot log in to progressive.com
-        https://bugs.webkit.org/show_bug.cgi?id=70094
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-
-2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove getOwnPropertySlotVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=70741
-
-        Reviewed by Geoffrey Garen.
-
-        Removed all declarations and definitions of getOwnPropertySlotVirtual.
-        Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
-        corresponding lookup in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyDescriptor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertySlot):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        * runtime/Arguments.h:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateConstructor.h:
-        * runtime/DatePrototype.cpp:
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::create):
-        * runtime/ErrorPrototype.cpp:
-        * runtime/ErrorPrototype.h:
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::getOwnPropertyNames):
-        (JSC::JSFunction::put):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::walk):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::hasOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSCell::fastGetOwnPropertySlot):
-        (JSC::JSObject::getPropertySlot):
-        (JSC::JSValue::get):
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot):
-        * runtime/JSString.h:
-        * runtime/MathObject.cpp:
-        * runtime/MathObject.h:
-        (JSC::MathObject::create):
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberConstructor.h:
-        * runtime/NumberPrototype.cpp:
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::createStructure):
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        * runtime/StringPrototype.h:
-
-2011-10-26  Alejandro G. Castro  <alex@igalia.com>
-
-        [GTK] [WK2] Add WebKit2 distcheck support
-        https://bugs.webkit.org/show_bug.cgi?id=70933
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
-
-2011-10-26  Michael Saboff  <msaboff@apple.com>
-
-        Increase StringImpl Flag Bits for 8 bit Strings
-        https://bugs.webkit.org/show_bug.cgi?id=70937
-
-        Increased the number of bits used for flags in StringImpl
-        from 6 to 8 bits. This frees up 2 flag bits that will be
-        used for 8-bit string support. Updated hash methods accordingly.
-        Changed hash value masking from the low bits to the high
-        bits.
-
-        Reviewed by Darin Adler.
-
-        * create_hash_table:
-        * wtf/StringHasher.h:
-        (WTF::StringHasher::hash):
-        * wtf/text/StringImpl.h:
-
-2011-10-26  Dan Bernstein  <mitz@apple.com>
-
-        Build fix.
-
-        Reverted r98488, which caused the scripts’ status messages to be included in the generated
-        files.
-
-        * create_hash_table:
-        * create_jit_stubs:
-
-2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        Don't print regular output to STDERR when generating hashtables and JIT stubs
-
-        Reviewed by Simon Hausmann.
-
-        * create_hash_table:
-        * create_jit_stubs:
-
-2011-10-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Split DFGJITCodeGenerator::callOperation methods
-        https://bugs.webkit.org/show_bug.cgi?id=70870
-
-        Reviewed by Filip Pizlo.
-
-        The DFGJITCodeGenerator currently contains two sets of callOperation methods.
-        One set works with the JSVALUE64 value representation and passes arguments in
-        registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
-        value representation and passes arguments in memory  (suitable for use on x86).
-        By refactoring out the representation and calling convention specific aspects
-        of the code we can also configure the DFG JIT to operator on platforms that use
-        the JSVALUE32_64 value representation but pass arguments in registers.
-
-        On platforms supported by the JIT, the payload precedes the tag of a value in
-        argument/result ordering, as such, in order to make the setupResults method
-        generally applicable to return the results of a function that are returned in
-        two registers, the ordering of arguments to this function has been reversed -
-        as is the ordering of augments passed to setupArguments methods, with respect
-        to the ordering with which they are passed in to callOperation.
-        This inconsistency will be resolved in a later change when we combine the pairs
-        of arguments passed into callOperation, such that the function signatures can
-        be made consistent across the two value representations (the callOperation
-        methods will be passed a reference to a struct representing the JSValue
-        temporary, this will consist of two gprs on 32_64 and one on 64).
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::resetCallArguments):
-        (JSC::DFG::addCallArgument):
-            - moved, removed tag,payload version of this method.
-        (JSC::DFG::setupArguments):
-        (JSC::DFG::setupArgumentsExecState):
-        (JSC::DFG::setupArgumentsWithExecState):
-            - Calling convention specific portion of callOperation refactored out into these methods.
-        (JSC::DFG::callOperation):
-            - updated these methods to use setupArguments* methods.
-        (JSC::DFG::setupResults):
-            - setupResults is now passed payload,tag.
-        (JSC::DFG::appendCallWithExceptionCheckSetResult):
-            - Added fpr versions of this function.
-        (JSC::DFG::appendCallSetResult):
-            - Added versions of this function without exception check.
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-            - setupResults is now passed payload,tag.
-
-2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove deletePropertyVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=70738
-
-        Reviewed by Geoffrey Garen.
-
-        Removed all declarations and definitions of deletePropertyVirtual.
-        Also replaced all call sites to deletePropertyVirtual with a 
-        corresponding lookup in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::deletePropertyByIndex):
-        * API/JSObjectRef.cpp:
-        (JSObjectDeleteProperty):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::deleteProperty):
-        * debugger/DebuggerActivation.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.cpp:
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::deletePropertyByIndex):
-        * runtime/JSArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::deleteProperty):
-        (JSC::JSCell::deletePropertyByIndex):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/JSVariableObject.cpp:
-        * runtime/JSVariableObject.h:
-        * runtime/RegExpMatchesArray.h:
-        * runtime/StrictEvalActivation.cpp:
-        * runtime/StrictEvalActivation.h:
-        * runtime/StringObject.cpp:
-        * runtime/StringObject.h:
-
-2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove putVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=70740
-
-        Reviewed by Geoffrey Garen.
-
-        Removed all declarations and definitions of putVirtual.
-        Also replaced all call sites to putVirtual with a 
-        corresponding lookup in the MethodTable.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSObjectRef.cpp:
-        (JSObjectSetProperty):
-        (JSObjectSetPropertyAtIndex):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::put):
-        * debugger/DebuggerActivation.h:
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * runtime/Arguments.cpp:
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::putProperty):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::put):
-        (JSC::JSCell::putByIndex):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSValue::put):
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpObject.h:
-        * runtime/StringObject.cpp:
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSplit):
-
-2011-10-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Separate out function linking & exception check data structures.
-        https://bugs.webkit.org/show_bug.cgi?id=70858
-
-        Reviewed by Oliver Hunt.
-
-        This will make it easier to refactor the callOperation methods to spilt the value
-        representation specific handling from the cpu/calling-convention implementation.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::appendCallWithExceptionCheck):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::CallLinkRecord::CallLinkRecord):
-        (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
-        (JSC::DFG::JITCompiler::JITCompiler):
-        (JSC::DFG::JITCompiler::notifyCall):
-        (JSC::DFG::JITCompiler::appendCall):
-        (JSC::DFG::JITCompiler::addExceptionCheck):
-        (JSC::DFG::JITCompiler::addFastExceptionCheck):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-
-2011-10-25  Filip Pizlo  <fpizlo@apple.com>
-
-        Tiered compilation may introduce dangling pointers in constant buffers
-        https://bugs.webkit.org/show_bug.cgi?id=70854
-
-        Reviewed by Oliver Hunt.
-        
-        Tiered compilation now copies constant buffers, which fixes the regression in
-        https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
-        regression relies on a subtle interleaving of optimized compilation and garbage
-        collection, and cannot be reproduced in a simple test.
-        
-        This also adds some new debug support, which was used to fix this bug and is
-        likely to be useful in the future.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::copyDataFrom):
-        (JSC::CodeBlock::usesOpcode):
-        * bytecode/CodeBlock.h:
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-
-2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing Windows build after r98367
-
-        Unreviewed build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Add missing DFG file entries to the make lists for GTK and Qt ports
-        https://bugs.webkit.org/show_bug.cgi?id=70806
-
-        Reviewed by Darin Adler.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pro:
-
-2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add getOwnPropertySlot to MethodTable
-        https://bugs.webkit.org/show_bug.cgi?id=69807
-
-        Reviewed by Oliver Hunt.
-
-        * JavaScriptCore.exp:
-        * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
-        * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
-        reference it in their MethodTables.
-
-2011-10-25  Oliver Hunt  <oliver@apple.com>
-
-        Need to support marking of multiple nested codeblocks when compiling
-        https://bugs.webkit.org/show_bug.cgi?id=70832
-
-        Reviewed by Gavin Barraclough.
-
-        When inlining a function we end up with multiple codeblocks being
-        compiled at the same time, so we need to support a list of live
-        codeblocks.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::startedCompiling):
-        (JSC::JSGlobalData::finishedCompiling):
-
-2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
-        https://bugs.webkit.org/show_bug.cgi?id=70798
-
-        Reviewed by Filip Pizlo.
-
-        When filling an integer for a known integer node (not speculated), it
-        should accept DataFormatJSInteger as well.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-
-2011-10-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: removed some cases of threadsafeCopy() that I missed in
-        my previous patch.
-
-        * JavaScriptCore.order:
-
-2011-10-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed SharedUChar and tightened language around its previous uses
-        https://bugs.webkit.org/show_bug.cgi?id=70698
-
-        Reviewed by David Levin.
-
-        - Removed SharedUChar because most of its functionality has moved into
-        other abstraction layers, and we want remaining clients to choose their
-        abstractions explicitly instead of relying on StringImpl to provide this
-        behavior implicitly, since we think they can sometimes make more efficient
-        choices.
-
-        - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
-        the former names could give the impression that the resulting object was
-        thread-safe, but actually it's just an isolated copy, which is not
-        thread-safe by itself, but can be used to implement a thread-safe
-        algorithm through isolation.
-
-        * wtf/CrossThreadRefCounted.h: Removed.
-
-        * JavaScriptCore.exp: Export!
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
-
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::length): Ditto.
-
-        (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
-
-        * wtf/text/WTFString.cpp:
-        (WTF::String::isolatedCopy):
-        * wtf/text/WTFString.h: Updated for StringImpl changes.
-
-        * API/OpaqueJSString.h:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/OwnFastMallocPtr.h:
-        * wtf/RefCounted.h:
-        * wtf/SizeLimits.cpp:
-        * wtf/ThreadSafeRefCounted.h:
-        * wtf/wtf.pri:
-        * yarr/YarrPattern.h: Updated these files to accomodate removal of
-        CrossThreadRefCounted.h.
-
-2011-10-24  Oliver Hunt  <oliver@apple.com>
-
-        Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
-        https://bugs.webkit.org/show_bug.cgi?id=70689
-
-        Reviewed by Filip Pizlo.
-
-        While performing codegen we need to make the GlobalData explicitly
-        aware of the codeblock being compiled, as compilation may trigger GC
-        and CodeBlock holds GC values, but has not yet been assigned to its
-        owner executable.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::~BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        * heap/AllocationSpace.cpp:
-        (JSC::AllocationSpace::allocateSlowCase):
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::startedCompiling):
-        (JSC::JSGlobalData::finishedCompiling):
-
-2011-10-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Object-or-other branch speculation may corrupt the state for OSR if the child of the
-        branch is an integer
-        https://bugs.webkit.org/show_bug.cgi?id=70777
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2011-10-24  Filip Pizlo  <fpizlo@apple.com>
-
-        op_new_array_buffer is not inlined correctly
-        https://bugs.webkit.org/show_bug.cgi?id=70770
-
-        Reviewed by Oliver Hunt.
-        
-        Disabled inlining of op_new_array_buffer, for now.
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineOpcode):
-
-2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Add boolean speculations to DFG JIT 32_64
-        https://bugs.webkit.org/show_bug.cgi?id=70706
-
-        Reviewed by Filip Pizlo.
-
-        Different from the boolean speculations in DFG 64, the boolean
-        speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
-        boolean instead of a JSBoolean. This choice is not only for
-        performance, but also to save a register as we're short of registers on
-        X86.
-        To accomplish this we make use of DataFormatBoolean, allow a value to
-        be represented as a primitive boolean and converted from/to a
-        JSBoolean.
-        This patch also fixes SpillOrder in 32_64, which should be different
-        from 64, and fixes needDataFormatConversion logic in 32_64.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchTest32):
-            We don't expect byte test actually as it doesn't work for registers
-            esp..edi on X86.
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::needDataFormatConversion):
-        (JSC::DFG::GenerationInfo::initBoolean):
-        (JSC::DFG::GenerationInfo::gpr):
-        (JSC::DFG::GenerationInfo::fillInteger):
-        (JSC::DFG::GenerationInfo::fillBoolean):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::checkConsistency):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::use):
-        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::spill):
-        (JSC::DFG::cellResult):
-        (JSC::DFG::booleanResult):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::ValueRecovery::dump):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueSource::forPrediction):
-        (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
-        (JSC::DFG::ValueRecovery::inGPR):
-        (JSC::DFG::ValueRecovery::gpr):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing Windows build
-
-        Unreviewed build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        BitVector isInline check could fail
-        https://bugs.webkit.org/show_bug.cgi?id=70691
-
-        Reviewed by Geoffrey Garen.
-
-        Current BitVector uses the highest bit of m_bitsOrPointer to indicate
-        whether it's an inlined bit set or a pointer to an outOfLine bit set.
-        This check may fail in case the pointer also has the highest bit set,
-        which is surely possible on IA32 (Linux).
-        In this case the check failure can result in unexpected behaviors,
-        for example if the BitVector is incorrectly determined as having an
-        inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
-        modify the memory adjacent to the BitVector object.
-        This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
-        or outofline, based on the assumption that the pointer to OutOfLineBits
-        should be 4 or 8 byte aligned.
-        We could mark the lowest bit (bit 0) with 1 for inlined bit set,
-        and bits 1~bitsInPointer are used for bit set/test.
-        In this case we need do one bit more shift for bit set/test.
-
-        * wtf/BitVector.cpp:
-        (WTF::BitVector::resizeOutOfLine):
-        * wtf/BitVector.h:
-        (WTF::BitVector::quickGet):
-        (WTF::BitVector::quickSet):
-        (WTF::BitVector::quickClear):
-        (WTF::BitVector::makeInlineBits):
-        (WTF::BitVector::isInline):
-
-2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
-        https://bugs.webkit.org/show_bug.cgi?id=70271
-
-        Reviewed by Darin Adler.
-
-        Renaming versions of getOwnPropertySlot that use an unsigned as the property
-        name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
-        MethodTable, which requires unique names for each method.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlotVirtual):
-        (JSC::Arguments::getOwnPropertySlotByIndex):
-        * runtime/Arguments.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlotVirtual):
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertySlot):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertySlotVirtual):
-        (JSC::JSByteArray::getOwnPropertySlotByIndex):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnPropertySlotVirtual):
-        (JSC::JSCell::getOwnPropertySlotByIndex):
-        * runtime/JSCell.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
-        (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertySlotVirtual):
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        * runtime/JSObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlotVirtual):
-        (JSC::JSString::getOwnPropertySlotByIndex):
-        * runtime/JSString.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
-        (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
-        (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertySlotVirtual):
-        (JSC::StringObject::getOwnPropertySlotByIndex):
-        * runtime/StringObject.h:
-
-2011-10-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Interpreter build fix after r98179.
-
-        * bytecode/CodeBlock.h:
-        Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
-        since it is only used there.
-
-2011-10-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed a typo Darin spotted.
-
-        * wtf/StringHasher.h:
-        (WTF::StringHasher::hash): Expelliarmus!
-
-2011-10-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed StringImpl::createStrippingNullCharacters
-        https://bugs.webkit.org/show_bug.cgi?id=70700
-
-        Reviewed by David Levin.
-        
-        It was unused.
-
-        * JavaScriptCore.exp:
-        * wtf/text/StringImpl.cpp:
-        * wtf/text/StringImpl.h:
-
-2011-10-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline constructors
-        https://bugs.webkit.org/show_bug.cgi?id=70675
-
-        Reviewed by Oliver Hunt.
-        
-        Adds support for inlining constructors. Also fixes two pathologies
-        uncovered along the way: CheckMethod claimed that it never returned a
-        result (causing CheckMethod -> SetLocal -> GetLocal sequences to
-        result in the GetLocal doing OSR exit), and get_by_id parsing never
-        checked if it was hot in slow path. Also fiddled with inlining
-        heuristics; it appears that for now, the more inlining, the happier
-        V8 is. Finally, a bug was uncovered where a silent spill of a boxed
-        integer that had previously been spilled unboxed causes the silent
-        fill to forget to unbox.
-        
-        This appears to be a 4% speed-up on V8 in their harness, or a 1%
-        speed-up in my harness. The difference is due to warm-up: in my
-        harness we see significant amounts of time spent in compilation, but
-        in V8's harness compilation gets amortizes. Profiling indicates that
-        we have the potential for a 5% win from basic optimizations like
-        generating OSR exits lazily and holding onto bytecode longer.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::mightInlineFunctionForConstruct):
-        (JSC::DFG::canInlineOpcode):
-        (JSC::DFG::mightInlineFunctionFor):
-        (JSC::DFG::canInlineFunctionFor):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        * runtime/Executable.h:
-        (JSC::isCall):
-        (JSC::ExecutableBase::intrinsicFor):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-
-2011-10-23  Noel Gordon  <noel.gordon@gmail.com>
-
-        [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
-        https://bugs.webkit.org/show_bug.cgi?id=70703
-
-        Reviewed by Kent Tamura.
-
-        runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
-        to these files from the gyp project files.
-
-        * JavaScriptCore.gypi:
-
-2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add deleteProperty to the MethodTable
-        https://bugs.webkit.org/show_bug.cgi?id=70162
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.exp:
-        * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
-        * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 
-        be protected rather than private for subclasses who don't provide their own
-        implementation.
-
-2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove getConstructDataVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=70638
-
-        Reviewed by Darin Adler.
-
-        Removed all declarations and definitions of getConstructDataVirtual.
-        Also replaced all call sites to getConstructDataVirtual with a 
-        corresponding lookup in the MethodTable.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSObjectRef.cpp:
-        (JSObjectIsConstructor):
-        (JSObjectCallAsConstructor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayConstructor.h:
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateConstructor.h:
-        * runtime/Error.h:
-        (JSC::StrictModeTypeErrorFunction::getConstructData):
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionConstructor.h:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-        * runtime/JSObject.h:
-        (JSC::getConstructData):
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectConstructor.h:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringConstructor.h:
-
-2011-10-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the SL build.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
-        away int vs unisgned warning.
-
-2011-10-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Separated string lifetime bits from character buffer state bits
-        https://bugs.webkit.org/show_bug.cgi?id=70673
-
-        Reviewed by Anders Carlsson.
-        
-        Moved the static/immortal bit into the bottom bit of the refcount, and
-        moved all other bits into the high bits of the hash code.
-        
-        This is the first step toward a new Characters/PassString class, and it
-        makes ref/deref slightly more efficient.
-
-        * create_hash_table:
-        * wtf/StringHasher.h:
-        (WTF::StringHasher::hash): Tweaked the string hashing function to leave
-        the top bits clear, so they can be used as flags.
-        
-        Fixed some small differences between the PERL copy of this function and
-        the C++ copy of this function, which could have in theory caused subtle
-        crashes.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::sharedBuffer):
-        (WTF::StringImpl::createWithTerminatingNullCharacter):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::StringImpl):
-        (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
-        s_didReportExtraCost, since the original name was both self-contradictory
-        and used as a double-negative.
-
-        (WTF::StringImpl::isIdentifier):
-        (WTF::StringImpl::setIsIdentifier):
-        (WTF::StringImpl::hasTerminatingNullCharacter):
-        (WTF::StringImpl::isAtomic):
-        (WTF::StringImpl::setIsAtomic):
-        (WTF::StringImpl::setHash):
-        (WTF::StringImpl::rawHash):
-        (WTF::StringImpl::hasHash):
-        (WTF::StringImpl::existingHash):
-        (WTF::StringImpl::hash):
-        (WTF::StringImpl::hasOneRef):
-        (WTF::StringImpl::ref):
-        (WTF::StringImpl::deref):
-        (WTF::StringImpl::bufferOwnership):
-        (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
-        bit of the refcount. Now, all lifetime information lives in the refcount
-        field. Moved the other bits into the hash code field.
-
-2011-10-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG inlining sometimes fails to reset constant references
-        https://bugs.webkit.org/show_bug.cgi?id=70668
-
-        Reviewed by Anders Carlsson.
-        
-        Reset constant references when we need to (new block created) and not
-        when we don't (change of inlining depth).
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::prepareToParseBlock):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-
-2011-10-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have inlining
-        https://bugs.webkit.org/show_bug.cgi?id=69996
-
-        Reviewed by Oliver Hunt.
-        
-        Implements inlining that's hooked into the bytecode parser. Only
-        works for calls, for now, though nothing fundamentally prevents us
-        from inlining constructor calls. 2% overall speed-up on all
-        benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
-        richards respectively), neutral on Kraken and SunSpider. 
-        
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::baselineVersion):
-        (JSC::CodeBlock::setInstructionCount):
-        (JSC::CodeBlock::likelyToTakeSlowCase):
-        (JSC::CodeBlock::couldTakeSlowCase):
-        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
-        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
-        (JSC::CodeBlock::likelyToTakeAnySlowCase):
-        * bytecode/CodeOrigin.h:
-        (JSC::CodeOrigin::inlineDepthForCallFrame):
-        (JSC::CodeOrigin::inlineDepth):
-        (JSC::CodeOrigin::operator==):
-        (JSC::CodeOrigin::inlineStack):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (JSC::DFG::BasicBlock::ensureLocals):
-        (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getDirect):
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::setDirect):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::flush):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::linkBlock):
-        (JSC::DFG::ByteCodeParser::linkBlocks):
-        (JSC::DFG::ByteCodeParser::handleSuccessor):
-        (JSC::DFG::ByteCodeParser::determineReachability):
-        (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::canHandleOpcodes):
-        (JSC::DFG::canCompileOpcodes):
-        (JSC::DFG::canInlineOpcodes):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::mightCompileEval):
-        (JSC::DFG::mightCompileProgram):
-        (JSC::DFG::mightCompileFunctionForCall):
-        (JSC::DFG::mightCompileFunctionForConstruct):
-        (JSC::DFG::mightInlineFunctionForCall):
-        (JSC::DFG::mightInlineFunctionForConstruct):
-        (JSC::DFG::canInlineOpcode):
-        (JSC::DFG::canInlineOpcodes):
-        (JSC::DFG::canInlineFunctionForCall):
-        (JSC::DFG::canInlineFunctionForConstruct):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::printWhiteSpace):
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::GetBytecodeBeginForBlock::operator()):
-        (JSC::DFG::Graph::blockIndexForBytecodeOffset):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::decodedCodeMapFor):
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::debugCall):
-        (JSC::DFG::JITCompiler::baselineCodeBlockFor):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasVariableAccessData):
-        (JSC::DFG::Node::shouldGenerate):
-        * dfg/DFGOperands.h:
-        (JSC::DFG::Operands::ensureLocals):
-        (JSC::DFG::Operands::setLocal):
-        (JSC::DFG::Operands::getLocal):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallerFrameSlow):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::baselineCodeBlockFor):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::profiledCodeBlockFor):
-        (JSC::FunctionExecutable::parameterCount):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h:
-        * runtime/JSFunction.h:
-
-2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add put to the MethodTable
-        https://bugs.webkit.org/show_bug.cgi?id=70439
-
-        Reviewed by Oliver Hunt.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
-        * runtime/JSFunction.h: Changed access modifier for put to protected since some
-        subclasses of JSFunction need to reference it in their MethodTables.
-
-2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add finalizer to JSObject
-        https://bugs.webkit.org/show_bug.cgi?id=70336
-
-        Reviewed by Darin Adler.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::callDestructor): Skip the call to the destructor 
-        if we're a JSFinalObject, since the finalizer takes care of things.
-        * runtime/JSCell.h:
-        (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with 
-        future changes and the fact that we no longer always call the destructor, making 
-        the information provided less useful.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::finalize): Add finalizer for JSObject.
-        (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
-        property storage, we add a finalizer to ourself.
-        * runtime/JSObject.h:
-
-2011-10-21  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Remove QtScript source code from WebKit.
-        https://bugs.webkit.org/show_bug.cgi?id=64088
-
-        Reviewed by Tor Arne Vestbø.
-
-        Removed dead code that isn't developed anymore.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * qt/api/QtScript.pro: Removed.
-        * qt/api/qscriptconverter_p.h: Removed.
-        * qt/api/qscriptengine.cpp: Removed.
-        * qt/api/qscriptengine.h: Removed.
-        * qt/api/qscriptengine_p.cpp: Removed.
-        * qt/api/qscriptengine_p.h: Removed.
-        * qt/api/qscriptfunction.cpp: Removed.
-        * qt/api/qscriptfunction_p.h: Removed.
-        * qt/api/qscriptoriginalglobalobject_p.h: Removed.
-        * qt/api/qscriptprogram.cpp: Removed.
-        * qt/api/qscriptprogram.h: Removed.
-        * qt/api/qscriptprogram_p.h: Removed.
-        * qt/api/qscriptstring.cpp: Removed.
-        * qt/api/qscriptstring.h: Removed.
-        * qt/api/qscriptstring_p.h: Removed.
-        * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
-        * qt/api/qscriptsyntaxcheckresult.h: Removed.
-        * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
-        * qt/api/qscriptvalue.cpp: Removed.
-        * qt/api/qscriptvalue.h: Removed.
-        * qt/api/qscriptvalue_p.h: Removed.
-        * qt/api/qscriptvalueiterator.cpp: Removed.
-        * qt/api/qscriptvalueiterator.h: Removed.
-        * qt/api/qscriptvalueiterator_p.h: Removed.
-        * qt/api/qtscriptglobal.h: Removed.
-        * qt/benchmarks/benchmarks.pri: Removed.
-        * qt/benchmarks/benchmarks.pro: Removed.
-        * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
-        * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
-        * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
-        * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
-        * qt/tests/qscriptengine/qscriptengine.pro: Removed.
-        * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
-        * qt/tests/qscriptstring/qscriptstring.pro: Removed.
-        * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
-        * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
-        * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
-        * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
-        * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
-        * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
-        * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
-        * qt/tests/tests.pri: Removed.
-        * qt/tests/tests.pro: Removed.
-
-2011-10-21  Zheng Liu  <zheng.z.liu@intel.com>
-
-        bytecompiler sometimes generates incorrect bytecode for put_by_id
-        https://bugs.webkit.org/show_bug.cgi?id=70403
-
-        Reviewed by Filip Pizlo.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::AssignDotNode::emitBytecode):
-        (JSC::AssignBracketNode::emitBytecode):
-
-2011-10-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not try to predict argument types by looking at the values of
-        argument registers at the time of compilation
-        https://bugs.webkit.org/show_bug.cgi?id=70578
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/CodeBlock.cpp:
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGDriver.h:
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileOptimizedForCall):
-        (JSC::FunctionExecutable::compileOptimizedForConstruct):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileForConstruct):
-        (JSC::FunctionExecutable::compileFor):
-        (JSC::FunctionExecutable::compileOptimizedFor):
-
-2011-10-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG call optimization handling will fail if the call had been unlinked due
-        to the callee being optimized
-        https://bugs.webkit.org/show_bug.cgi?id=70468
-
-        Reviewed by Geoff Garen.
-        
-        If a call had ever been linked, we remember this fact as well as the function
-        to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
-        called.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkFor):
-        * jit/JIT.cpp:
-        (JSC::JIT::linkFor):
-
-2011-10-20  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT 32_64 - Fix ByteArray speculation
-        https://bugs.webkit.org/show_bug.cgi?id=70571
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueSource::forPrediction):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-20  Vincent Scheib  <scheib@chromium.org>
-
-        MouseLock compile and run time flags.
-        https://bugs.webkit.org/show_bug.cgi?id=70530
-
-        Reviewed by Darin Fisher.
-
-        * wtf/Platform.h:
-
-2011-10-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename static deleteProperty to deletePropertyByIndex
-        https://bugs.webkit.org/show_bug.cgi?id=70257
-
-        Reviewed by Geoffrey Garen.
-
-        Renaming versions of deleteProperty that use an unsigned as the property
-        name to "deletePropertyByIndex" in preparation for adding them to the 
-        MethodTable, which requires unique names for each method.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::deletePropertyVirtual):
-        (JSC::::deletePropertyByIndex):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::deletePropertyVirtual):
-        (JSC::Arguments::deletePropertyByIndex):
-        * runtime/Arguments.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::deletePropertyVirtual):
-        (JSC::JSArray::deletePropertyByIndex):
-        * runtime/JSArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::deletePropertyVirtual):
-        (JSC::JSCell::deletePropertyByIndex):
-        * runtime/JSCell.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::deletePropertyVirtual):
-        (JSC::JSNotAnObject::deletePropertyByIndex):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::deletePropertyVirtual):
-        (JSC::JSObject::deletePropertyByIndex):
-        * runtime/JSObject.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::deletePropertyVirtual):
-        (JSC::RegExpMatchesArray::deletePropertyByIndex):
-
-2011-10-20  Filip Pizlo  <fpizlo@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=70482
-        DFG-related stubs in the old JIT should not be built if the DFG is disabled
-
-        Reviewed by Zoltan Herczeg.
-        
-        Aiming for a slight code size/build time reduction if the DFG is not in
-        play. This should also make further DFG development slightly easier since
-        the bodies of these JIT stubs can now safely refer to things that are only
-        declared when the DFG is enabled.
-
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-
-2011-10-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ConvertThis emits slow code when the source node is known to be,
-        but not predicted to be, a final object
-        https://bugs.webkit.org/show_bug.cgi?id=70466
-
-        Reviewed by Oliver Hunt.
-        
-        Added a new case in ConvertThis compilation.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Optimization triggers in the old JIT may sometimes fire repeatedly even
-        though there is no optimization to be done
-        https://bugs.webkit.org/show_bug.cgi?id=70467
-
-        Reviewed by Oliver Hunt.
-        
-        If optimize_from_ret does nothing, it delays the next optimization trigger.
-        This is performance-neutral.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Heuristics.cpp:
-        (JSC::Heuristics::initializeHeuristics):
-
-2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
-        https://bugs.webkit.org/show_bug.cgi?id=70460
-
-        Reviewed by Filip Pizlo.
-
-        As pointed out by Gavin in bug #70418, when a value is already in memory
-        we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
-        This gives 9% improvement on Kraken if without the change in bug #70418,
-        and 1% if based on the code with bug #70418 change.
-        Performance is neutral in V8 and SunSpider.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-10-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Poisoning of strict caller,arguments inappropriately poisoning "in"
-        https://bugs.webkit.org/show_bug.cgi?id=63398
-
-        Reviewed by Oliver Hunt.
-
-        This fixes the problem by correctly implementing the spec -
-        the error should actually be being thrown from a standard JS getter/setter.
-        This implements spec correct behaviour for strict mode JS functions & bound
-        functions, I'll follow up with a patch to do the same for arguments.
-
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::finishCreation):
-            - Add the poisoned caller/arguments properties.
-        * runtime/JSBoundFunction.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::finishCreation):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::put):
-            - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::createThrowTypeError):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
-            - Add a ThrowTypeError type, per ES5 13.2.3.
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncThrowTypeError):
-        * runtime/JSGlobalObjectFunctions.h:
-            - Implementation of ThrowTypeError.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::initializeGetterSetterProperty):
-        * runtime/JSObject.h:
-            - This function adds a new property (must not exist already) that is an initialized getter/setter.
-
-2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT 32_64 - improve double boxing/unboxing
-        https://bugs.webkit.org/show_bug.cgi?id=70418
-
-        Reviewed by Gavin Barraclough.
-
-        Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
-        which tries to exchange data through memory.
-        On X86 some SSE instructions can help us on such operations with better performance.
-        This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
-        and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::lshiftPacked):
-        (JSC::MacroAssemblerX86Common::rshiftPacked):
-        (JSC::MacroAssemblerX86Common::orPacked):
-        (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
-        (JSC::MacroAssemblerX86Common::movePackedToInt32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movd_rr):
-        (JSC::X86Assembler::psllq_i8r):
-        (JSC::X86Assembler::psrlq_i8r):
-        (JSC::X86Assembler::por_rr):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::boxDouble):
-        (JSC::DFG::JITCodeGenerator::unboxDouble):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::boxDouble):
-        (JSC::DFG::JITCompiler::unboxDouble):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::convertToDouble):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-19  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
-
-        [EFL] Fix DSO linkage of wtf_efl.
-
-        Unreviewed build fix.
-
-        Need to add -ldl to jsc_efl (requested by dladdr).
-
-        * wtf/CMakeListsEfl.txt:
-
-2011-10-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed StringImplBase, fusing it into StringImpl
-        https://bugs.webkit.org/show_bug.cgi?id=70443
-
-        Reviewed by Gavin Barraclough.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::StringImpl):
-        (WTF::StringImpl::ref):
-        (WTF::StringImpl::length):
-        * wtf/text/StringImplBase.h: Removed.
-        * wtf/wtf.pri: Removed!
-
-2011-10-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add getConstructData to the MethodTable
-        https://bugs.webkit.org/show_bug.cgi?id=70163
-
-        Reviewed by Geoffrey Garen.
-
-        Adding getConstructData to the MethodTable in order to be able to 
-        remove all calls to getConstructDataVirtual soon.  Part of the process 
-        of de-virtualizing JSCell.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/ClassInfo.h:
-
-2011-10-18  Oliver Hunt  <oliver@apple.com>
-
-        Support CanvasPixelArray in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=70384
-
-        Reviewed by Filip Pizlo.
-
-        Add support for the old CanvasPixelArray optimisations to the
-        DFG.  This removes the regression seen in the DFG when using
-        a CPA.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::store8):
-        (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movb_rm):
-        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        (JSC::predictionFromClassInfo):
-        * bytecode/PredictedType.h:
-        (JSC::isByteArrayPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateByteArray):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::compileClampDoubleToByte):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::offsetOfStorage):
-        * wtf/ByteArray.cpp:
-        * wtf/ByteArray.h:
-        (WTF::ByteArray::offsetOfSize):
-        (WTF::ByteArray::offsetOfData):
-
-2011-10-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Some rope cleanup following r97827
-        https://bugs.webkit.org/show_bug.cgi?id=70398
-
-        Reviewed by Oliver Hunt.
-
-        9% speedup on date-format-xparb, neutral overall.
-        
-        - Removed RopeImpl*.
-        - Removed JSString::m_fiberCount, since this can be deduced from other data.
-        - Renamed a jsString() variant to jsStringFromArguments for clarity.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.order:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadCharacterString):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::loadJSStringArgument):
-        * jit/ThunkGenerators.cpp:
-        (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
-        of testing m_fiberCount, since m_fiberCount is gone now.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::RopeBuilder::expand):
-        (JSC::JSString::visitChildren):
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::resolveRopeSlowCase):
-        (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
-        in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
-
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::finishCreation):
-        (JSC::RopeBuilder::offsetOfLength):
-        (JSC::RopeBuilder::isRope):
-        (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
-        jsString => jsStringFromArguments for clarity.
-
-        * runtime/Operations.h:
-        (JSC::jsStringFromArguments): Renamed.
-
-        * runtime/RopeImpl.cpp: Removed.
-        * runtime/RopeImpl.h: Removed.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
-        which is slightly faster.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncConcat): Updated for rename.
-
-        * wtf/text/StringImplBase.h:
-        (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
-        StringImpl, since this was only used by RopeImpl, which is now gone.
-
-2011-10-19  Rafael Antognolli  <antognolli@profusion.mobi>
-
-        [EFL] Fix DSO linkage of jsc_efl.
-        https://bugs.webkit.org/show_bug.cgi?id=70412
-
-        Unreviewed build fix.
-
-        Need to add -ldl to jsc_efl (requested by dladdr).
-
-        * shell/CMakeListsEfl.txt:
-
-2011-10-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out last Windows build fix because it was wrong.
-
-2011-10-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out last Windows build fix because it was wrong.
-
-2011-10-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix part of the Windows build.
-        
-        Export!
-
-2011-10-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Switched ropes from malloc memory to GC memory
-        https://bugs.webkit.org/show_bug.cgi?id=70364
-
-        Reviewed by Gavin Barraclough.
-
-        ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
-        having C++ destructors.
-
-        * heap/MarkStack.cpp:
-        (JSC::visitChildren): Call the JSString visitChildren function now,
-        since it's no longer a no-op.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::~JSString): Moved this destructor out of line because
-        it's called virtually, so there's no value to inlining.
-
-        (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
-        initializing wrapper around JSString. JSString now represents ropes
-        directly, rather than relying on an underlying malloc object.
-
-        (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
-        objects now.
-
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::resolveRopeSlowCase):
-        (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
-        of malloc objects.
-
-        (JSC::JSString::replaceCharacter): Removed optimizations for substringing
-        ropes and replacing subsections of ropes. We want to reimplement versions
-        of these optimizations in the future, but this patch already has good
-        performance without them.
-
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::finishCreation):
-        (JSC::RopeBuilder::createNull):
-        (JSC::RopeBuilder::create):
-        (JSC::RopeBuilder::createHasOtherOwner):
-        (JSC::jsSingleCharacterString):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsNontrivialString):
-        (JSC::jsString):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString): Lots of mechanical changes here. The two important
-        things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
-        malloc objects; (2) I simplified the JSString constructor interface to
-        only accept PassRefPtr<StringImpl>, instead of variations on that like
-        UString, reducing refcount churn.
-
-        * runtime/JSValue.h:
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toPrimitiveString): Updated this function to return a
-        JSString instead of a UString, since that's what clients want now.
-
-        * runtime/Operations.cpp:
-        (JSC::jsAddSlowCase):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
-
-        * runtime/StringConstructor.cpp:
-        (JSC::constructWithStringConstructor):
-        * runtime/StringObject.h:
-        (JSC::StringObject::create): Don't create a new JSString if we already
-        have a JSString.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncConcat): Updated for interface changes above.
-
-2011-10-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Errrk, fix partial commit of r97825!
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToISOString):
-
-2011-10-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Date.prototype.toISOString fails to throw exception
-        https://bugs.webkit.org/show_bug.cgi?id=70394
-
-        Reviewed by Sam Weinig.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToISOString):
-            - Should throw a range error if the internal value is not finite.
-
-2011-10-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename static put to putByIndex
-        https://bugs.webkit.org/show_bug.cgi?id=70281
-
-        Reviewed by Geoffrey Garen.
-
-        Renaming versions of deleteProperty that use an unsigned as the property
-        name to "deletePropertyByIndex" in preparation for adding them to the 
-        MethodTable, which requires unique names for each method.
-
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::putVirtual):
-        (JSC::Arguments::putByIndex):
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncMap):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::put):
-        (JSC::JSArray::putVirtual):
-        (JSC::JSArray::putByIndex):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::putVirtual):
-        (JSC::JSByteArray::putByIndex):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::putVirtual):
-        (JSC::JSCell::putByIndex):
-        * runtime/JSCell.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::putVirtual):
-        (JSC::JSNotAnObject::putByIndex):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putVirtual):
-        (JSC::JSObject::putByIndex):
-        * runtime/JSObject.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpMatchesArray::fillArrayInstance):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::putVirtual):
-        (JSC::RegExpMatchesArray::putByIndex):
-
-2011-10-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Array.prototype methods missing exception checks
-        https://bugs.webkit.org/show_bug.cgi?id=70360
-
-        Reviewed by Geoff Garen.
-
-        Missing exception checks after calls to the static getProperty helper,
-        these may result in the wrong exception being thrown (or an ASSERT being hit,
-        as is currently the case running test-262).
-
-        No performance impact.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-
-2011-10-18  Adam Barth  <abarth@webkit.org>
-
-        Always enable ENABLE(XPATH)
-        https://bugs.webkit.org/show_bug.cgi?id=70217
-
-        Reviewed by Eric Seidel.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-10-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Indexed arguments on the Arguments object should be enumerable.
-        https://bugs.webkit.org/show_bug.cgi?id=70302
-
-        Reviewed by Sam Weinig.
-
-        See ECMA-262 5.1 chapter 10.6 step 11b.
-        This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertyDescriptor):
-            - The 'enumerable' property should be true for indexed arguments.
-        (JSC::Arguments::getOwnPropertyNames):
-            - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
-
-2011-10-18  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Fix distcheck.
-
-        * GNUmakefile.list.am: fix a typo and add a missing header to the
-        list.
-
-2011-10-18  Balazs Kelemen  <kbalazs@webkit.org>
-
-        ParallelJobs: maximum number of threads should be determined dynamically
-        https://bugs.webkit.org/show_bug.cgi?id=68540
-
-        Reviewed by Zoltan Herczeg.
-
-        Add logic to determine the number of cores and use this as
-        the maximum number of threads. The implementation currently
-        covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
-        The patch was tested on Linux, Mac and Windows which was enough to
-        cover all code path. It should work on the rest accoring to the
-        documentation of those OS's. The hard coded constant is still used
-        on uncovered OS's which should be fixed in the future.
-
-        * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
-        argument because clients should always fill it and the 0 default value
-        was incorrect anyway.
-        (WTF::ParallelJobs::ParallelJobs):
-        * wtf/ParallelJobsGeneric.cpp:
-        (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
-        * wtf/ParallelJobsGeneric.h:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-
-2011-10-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reverted r997709, this caused test failures.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::hasProperty):
-        (JSC::JSObject::hasOwnProperty):
-
-2011-10-17  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Rename deregister* to unregister*
-        https://bugs.webkit.org/show_bug.cgi?id=70272
-
-        Reviewed by Darin Adler.
-
-        Renamed deregisterWeakMap to unregisterWeakMap.
-
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::unregisterWeakMap):
-
-2011-10-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Poisoning of strict caller/arguments inappropriately poisoning "in"
-        https://bugs.webkit.org/show_bug.cgi?id=63398
-
-        Reviewed by Sam Weinig.
-
-        The problem here is that the has[Own]Property methods get the slot rather than
-        the descriptor, and getting the slot may cause the property to be eagerly accessed.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - We don't expect hasProperty to ever throw. If it does, it won't get caught
-              (since it is after the exception check), so ASSERT to guard against this.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::hasProperty):
-        (JSC::JSObject::hasOwnProperty):
-            - These methods should not check for the presence of the descriptor; never get the value.
-
-2011-10-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Exception ordering in String.prototype.replace
-        https://bugs.webkit.org/show_bug.cgi?id=70290
-
-        If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2011-10-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG bytecode parser should understand inline stacks
-        https://bugs.webkit.org/show_bug.cgi?id=70278
-
-        Reviewed by Oliver Hunt.
-        
-        The DFG bytecode parser is now capable of parsing multiple code blocks at
-        once. This remains turned off since not all inlining functionality is
-        implemented.       
-        
-        This required making a few changes elsewhere in the system. The bytecode
-        parser now may do some of the same things that the bytecode generator does,
-        like allocating constants and identifiers. Basic block linking relies on
-        bytecode indices, which are only meaningful within the context of one basic
-        block. This is fine, so long as linking is done eagerly whenever switching
-        from one code block to another.
-
-        * bytecode/CodeOrigin.h:
-        (JSC::CodeOrigin::CodeOrigin):
-        * bytecompiler/BytecodeGenerator.h:
-        * dfg/DFGBasicBlock.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::getThis):
-        (JSC::DFG::ByteCodeParser::setThis):
-        (JSC::DFG::ByteCodeParser::currentCodeOrigin):
-        (JSC::DFG::ByteCodeParser::getPrediction):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::linkBlock):
-        (JSC::DFG::ByteCodeParser::linkBlocks):
-        (JSC::DFG::ByteCodeParser::setupPredecessors):
-        (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
-        (JSC::DFG::GetBytecodeBeginForBlock::operator()):
-        (JSC::DFG::Graph::blockIndexForBytecodeOffset):
-        * dfg/DFGNode.h:
-        * runtime/Identifier.h:
-        (JSC::IdentifierMapIndexHashTraits::emptyValue):
-        * runtime/JSValue.h:
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearchWithFunctor):
-
-2011-10-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Incorrect behavior from String match/search & undefined pattern
-        https://bugs.webkit.org/show_bug.cgi?id=70286
-
-        Reviewed by Sam weinig.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-            - In case of undefined, pattern is "".
-        (JSC::stringProtoFuncSearch):
-            - In case of undefined, pattern is "".
-
-2011-10-17  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=70207
-        After deleting __defineSetter__, it is absent but appears in name list
-
-        Reviewed by Darin Adler.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertyNames):
-            - This should check whether static functions have been reified.
-
-2011-10-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Mac build fix.
-
-        * JavaScriptCore.exp: Export!
-
-2011-10-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
-
-2011-10-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        * heap/HandleStack.cpp: Added a missing #include.
-
-2011-10-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
-        longer existant symbol.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
-
-2011-10-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Simplified GC marking logic
-        https://bugs.webkit.org/show_bug.cgi?id=70258
-
-        Reviewed by Filip Pizlo.
-        
-        No perf. change.
-        
-        This is a first step toward GC allocating string backing stores, starting
-        with ropes. It also enables future simplifications and optimizations.
-        
-        - Replaced some complex mark stack logic with a simple linear stack of
-        JSCell pointers.
-        
-        - Replaced logic for short-circuiting marking based on JSType and/or
-        Structure flags with special cases for object, array, and string.
-        
-        - Fiddled with inlining for better codegen.
-
-        * JavaScriptCore.exp:
-        * heap/HandleStack.cpp: Build!
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
-
-        * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackArray::MarkStackArray):
-        (JSC::MarkStackArray::~MarkStackArray):
-        (JSC::MarkStackArray::expand):
-        (JSC::MarkStackArray::shrinkAllocation):
-        (JSC::MarkStack::reset):
-        (JSC::visitChildren):
-        (JSC::SlotVisitor::drain):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::~MarkStack):
-        (JSC::MarkStackArray::append):
-        (JSC::MarkStackArray::removeLast):
-        (JSC::MarkStackArray::isEmpty):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::appendUnbarrieredPointer):
-        (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
-        simple linear stack.
-
-        * heap/SlotVisitor.h:
-        (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * runtime/JSArray.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        * runtime/JSObject.h: Don't inline visitChildren; it's too big.
-
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
-        because it prevented strings from owning GC pointers.
-
-        * runtime/WriteBarrier.h:
-        (JSC::MarkStack::appendValues): No need to validate; internalAppend will
-        do that for us.
-
-2011-10-17  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r97536, part 3
-
-        * runtime/JSAPIValueWrapper.h:
-        * runtime/JSObject.h:
-        Use JS_EXPORTDATA to export the s_info members.
-
-2011-10-17  Adam Roben  <aroben@apple.com>
-
-        Interpreter build fix after r97564
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
-        there.
-
-2011-10-17  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r97536, part 2
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
-        JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
-        was at it.
-
-2011-10-17  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r97536
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
-        JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
-        s_info members, which need to be exported via JS_EXPORTDATA instead.
-
-2011-10-17  Patrick Gansterer  <paroga@webkit.org>
-
-        Interpreter build fix after r97436, r97506, r97532 and r97537.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2011-10-16  Adam Barth  <abarth@webkit.org>
-
-        Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
-        https://bugs.webkit.org/show_bug.cgi?id=70216
-
-        Reviewed by Eric Seidel.
-
-        * wtf/Platform.h:
-
-2011-10-16  Noel Gordon  <noel.gordon@gmail.com>
-
-        [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
-        https://bugs.webkit.org/show_bug.cgi?id=70205
-
-        Reviewed by James Robinson.
-
-        wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
-        wtf/gtk/ThreadingGtk.cpp was removed in r97269.
-
-        * JavaScriptCore.gypi:
-
-2011-10-16  Adam Barth  <abarth@webkit.org>
-
-        Always enable ENABLE(DOM_STORAGE)
-        https://bugs.webkit.org/show_bug.cgi?id=70189
-
-        Reviewed by Eric Seidel.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-10-15  Dan Horák <dan@danny.cz>
-
-        The s390 and s390x architectures both use 64-bit double type
-        that conforms to the IEEE-754 standard.
-
-        https://bugs.webkit.org/show_bug.cgi?id=69940
-
-        Reviewed by Gavin Barraclough.
-
-        * wtf/dtoa/utils.h:
-
-2011-10-14  Filip Pizlo  <fpizlo@apple.com>
-
-        FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
-        https://bugs.webkit.org/show_bug.cgi?id=70157
-
-        Reviewed by Geoff Garen.
-        
-        Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
-        and compileForConstructInternal() to use this method. This required more cleanly
-        exposing some of CodeBlock's tiering functionality and moving the CompilationKind
-        enum to Executable.h, as this was the easiest way to make it available to the
-        declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::copyDataFrom):
-        (JSC::CodeBlock::copyDataFromAlternative):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setAlternative):
-        * bytecompiler/BytecodeGenerator.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::codeBlockFor):
-
-2011-10-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
-        https://bugs.webkit.org/show_bug.cgi?id=69920
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-        * heap/MarkStack.h:
-        (JSC::::shrinkAllocation):
-        * jit/ExecutableAllocator.cpp:
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/JITStubs.cpp:
-        * jsc.pro:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncLastIndexOf):
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-        * wtf/Atomics.h:
-        * wtf/MathExtras.h:
-        * wtf/OSAllocator.h:
-        (WTF::OSAllocator::decommitAndRelease):
-        * wtf/OSAllocatorSymbian.cpp: Removed.
-        * wtf/OSRandomSource.cpp:
-        (WTF::cryptographicallyRandomValuesFromOS):
-        * wtf/PageAllocation.h:
-        * wtf/PageAllocatorSymbian.h: Removed.
-        * wtf/PageBlock.cpp:
-        * wtf/Platform.h:
-        * wtf/StackBounds.cpp:
-        * wtf/wtf.pri:
-
-2011-10-15  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Trivial fix for a missing change in r97512
-        https://bugs.webkit.org/show_bug.cgi?id=70166
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::link):
-
-2011-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename getOwnPropertySlot to getOwnPropertySlotVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=69810
-
-        Reviewed by Geoffrey Garen.
-
-        Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
-        in preparation for when we add the static getOwnPropertySlot to the MethodTable 
-        in ClassInfo.
-
-        Also added a few static getOwnPropertySlot functions where they had been overlooked 
-        before (especially in CodeGeneratorJS.pm).
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlotVirtual):
-        (JSC::::getOwnPropertySlot):
-        (JSC::::getOwnPropertyDescriptor):
-        (JSC::::staticFunctionGetter):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertySlotVirtual):
-        (JSC::DebuggerActivation::getOwnPropertySlot):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlotVirtual):
-        (JSC::Arguments::getOwnPropertySlot):
-        * runtime/Arguments.h:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::getOwnPropertySlotVirtual):
-        (JSC::ArrayConstructor::getOwnPropertySlot):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlotVirtual):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::getOwnPropertySlotVirtual):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getOwnPropertySlotVirtual):
-        * runtime/DateConstructor.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::getOwnPropertySlotVirtual):
-        * runtime/DatePrototype.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::getOwnPropertySlotVirtual):
-        * runtime/ErrorPrototype.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlotVirtual):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlotVirtual):
-        (JSC::JSArray::getOwnPropertySlot):
-        * runtime/JSArray.h:
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::getOwnPropertySlotVirtual):
-        * runtime/JSBoundFunction.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertySlotVirtual):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnPropertySlotVirtual):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlotVirtual):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::getOwnPropertyNames):
-        (JSC::JSFunction::put):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::getOwnPropertySlotVirtual):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::hasOwnPropertyForWrite):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::JSONObject::getOwnPropertySlotVirtual):
-        (JSC::Walker::walk):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertySlotVirtual):
-        (JSC::JSObject::getOwnPropertySlot):
-        (JSC::JSObject::hasOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getOwnPropertySlotVirtual):
-        (JSC::JSCell::fastGetOwnPropertySlot):
-        (JSC::JSObject::getPropertySlot):
-        (JSC::JSValue::get):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlotVirtual):
-        (JSC::JSString::getOwnPropertySlot):
-        * runtime/JSString.h:
-        * runtime/Lookup.h:
-        (JSC::getStaticPropertySlot):
-        (JSC::getStaticFunctionSlot):
-        (JSC::getStaticValueSlot):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertySlotVirtual):
-        * runtime/MathObject.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertySlotVirtual):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::getOwnPropertySlotVirtual):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getOwnPropertySlotVirtual):
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getOwnPropertySlotVirtual):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::getOwnPropertySlotVirtual):
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::getOwnPropertySlotVirtual):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getOwnPropertySlotVirtual):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertySlotVirtual):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::getOwnPropertySlotVirtual):
-        * runtime/StringPrototype.h:
-
-2011-10-14  Gavin Barraclough  <baraclough@apple.com>
-
-        Most built-in properties are not deletable
-        https://bugs.webkit.org/show_bug.cgi?id=61014
-
-        Reviewed by Filip Pizlo.
-
-        Our static hash tables don't allow for deleting properties.
-        This is the cause of a bunch of expected failures in LayoutTests/sputnik.
-
-        This fixes the problem by reifying all static functions immediately prior
-        to the first deletion.  Reification is tracked by a flag on the structure,
-        so properties will no longer 'bounce-back' on later access.
-
-        Theoretically there could probably also be an issue with custom accessor
-        properties, but we probably do not really require any of these to be
-        Configurable anyway. I'll follow up with a separate patch to address this.
-
-        * runtime/ClassInfo.h:
-        (JSC::ClassInfo::hasStaticProperties):
-            - detects static property tables.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::deleteProperty):
-            - call reifyStaticFunctions before deletion.
-        (JSC::JSObject::reifyStaticFunctions):
-            - If the class has static functions, set them up now.
-        * runtime/JSObject.h:
-        (JSC::JSObject::staticFunctionsReified):
-            - returns true if static functions have been reified,
-              and as such should no longer be added.
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-            - If static functions have been reified do not add.
-        * runtime/Lookup.h:
-        (JSC::HashTable::ConstIterator::ConstIterator):
-        (JSC::HashTable::ConstIterator::operator->):
-        (JSC::HashTable::ConstIterator::operator*):
-        (JSC::HashTable::ConstIterator::operator!=):
-        (JSC::HashTable::ConstIterator::operator++):
-        (JSC::HashTable::ConstIterator::skipInvalidKeys):
-        (JSC::HashTable::begin):
-        (JSC::HashTable::end):
-        (JSC::getStaticPropertySlot):
-        (JSC::getStaticPropertyDescriptor):
-        (JSC::getStaticFunctionSlot):
-        (JSC::getStaticFunctionDescriptor):
-            - setUpStaticFunctionSlot may not add, returns a bool.
-        (JSC::lookupPut):
-            - remove redundant branch.
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-            - initialize new flag in constructors.
-        * runtime/Structure.h:
-        (JSC::Structure::staticFunctionsReified):
-        (JSC::Structure::setStaticFunctionsReified):
-            - added flag
-
-2011-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename virtual put to putVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=69851
-
-        Reviewed by Darin Adler.
-
-        Renamed virtual versions of put to putVirtual in prepration for 
-        adding the static put to the MethodTable in ClassInfo since the 
-        compiler gets mad if the virtual and static versions have the same 
-        name.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::putVirtual):
-        * API/JSObjectRef.cpp:
-        (JSObjectSetProperty):
-        (JSObjectSetPropertyAtIndex):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::putVirtual):
-        (JSC::DebuggerActivation::put):
-        * debugger/DebuggerActivation.h:
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::putVirtual):
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::putProperty):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::putVirtual):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::putVirtual):
-        (JSC::JSArray::putSlowCase):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::putVirtual):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::putVirtual):
-        (JSC::JSCell::put):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::putVirtual):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::putVirtual):
-        (JSC::JSGlobalObject::putWithAttributes):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::putVirtual):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putVirtual):
-        (JSC::JSObject::put):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSValue::put):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::putVirtual):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::putVirtual):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpMatchesArray::fillArrayInstance):
-        (JSC::RegExpConstructor::putVirtual):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::putVirtual):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::putVirtual):
-        * runtime/RegExpObject.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::putVirtual):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSplit):
-
-2011-10-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Reflective Arguments retrieval should be hardened for the
-        possibility of inlining
-        https://bugs.webkit.org/show_bug.cgi?id=70068
-
-        Reviewed by Oliver Hunt.
-        
-        CodeBlock can now track, as part of its RareData, the virtual inline
-        stack at callsites. CallFrame walking can now rematerialize "inline"
-        CallFrames by combining the meta-data in CodeBlock with the information
-        already in the JS stack. Arguments can now safely retrieve the
-        arguments from inline CallFrames.
-        
-        The DFG already had the notion of a "CodeOrigin" in preparation for
-        inlining. This notion will now be saved into the CodeBlock, if the DFG
-        had done inlining. So, CodeOrigin has been moved to bytecode/ and has
-        been changed to behave more like a struct since that is how it's
-        meant to be used.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::inlineCallFrames):
-        (JSC::CodeBlock::codeOrigins):
-        (JSC::CodeBlock::hasCodeOrigins):
-        (JSC::CodeBlock::codeOriginForReturn):
-        * bytecode/CodeOrigin.h: Added.
-        (JSC::CodeOrigin::CodeOrigin):
-        (JSC::CodeOrigin::isSet):
-        (JSC::getCallReturnOffsetForCodeOrigin):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGNode.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::isInlineCallFrame):
-        (JSC::CallFrame::trueCallerFrame):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::inlineCallFrame):
-        (JSC::ExecState::setInlineCallFrame):
-        (JSC::ExecState::isInlineCallFrame):
-        (JSC::ExecState::trueCallerFrame):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::findFunctionCallFrame):
-        * interpreter/Register.h:
-        (JSC::Register::operator=):
-        (JSC::Register::inlineCallFrame):
-        * runtime/Arguments.h:
-        (JSC::Arguments::getArgumentsData):
-        (JSC::Arguments::finishCreationButDontCopyRegisters):
-        (JSC::Arguments::finishCreation):
-        (JSC::Arguments::finishCreationAndCopyRegisters):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::parameterCount):
-
-2011-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename virtual deleteProperty to deletePropertyVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=69884
-
-        Reviewed by Darin Adler.
-
-        Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for 
-        adding the static deleteProperty to the MethodTable in ClassInfo since the 
-        compiler gets mad if the virtual and static versions have the same name.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::deletePropertyVirtual):
-        (JSC::::deleteProperty):
-        * API/JSObjectRef.cpp:
-        (JSObjectDeleteProperty):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::deletePropertyVirtual):
-        (JSC::DebuggerActivation::deleteProperty):
-        * debugger/DebuggerActivation.h:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::deletePropertyVirtual):
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::deletePropertyVirtual):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::deletePropertyVirtual):
-        (JSC::JSArray::deleteProperty):
-        * runtime/JSArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::deletePropertyVirtual):
-        (JSC::JSCell::deleteProperty):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::deletePropertyVirtual):
-        * runtime/JSFunction.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::deletePropertyVirtual):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::deletePropertyVirtual):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::deletePropertyVirtual):
-        * runtime/JSVariableObject.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::deletePropertyVirtual):
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::deletePropertyVirtual):
-        * runtime/StrictEvalActivation.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::deletePropertyVirtual):
-        * runtime/StringObject.h:
-
-2011-10-14  Peter Beverloo  <peter@chromium.org>
-
-        [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo
-        https://bugs.webkit.org/show_bug.cgi?id=70028
-
-        Reviewed by Adam Barth.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-10-14  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT 32_64 - Performance fix for ResolveGlobal
-        https://bugs.webkit.org/show_bug.cgi?id=70096
-
-        Reviewed by Gavin Barraclough.
-
-        Structure check of global object should be a pointer comparison
-        instead of a tag and payload pair comparison. This fix improves
-        SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X.
-        Also two trivial fixes for successful 32-bit build are included.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Speculation failures in ValueToInt32 are causing a 2x slow-down
-        in Kraken/stanford-crypto-pbkdf2
-        https://bugs.webkit.org/show_bug.cgi?id=70089
-
-        Reviewed by Gavin Barraclough.
-        
-        If we can't truncate to Int32 using machine code, then don't fail
-        speculation. Just call JSC::toInt32.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename virtual getConstructData to getConstructDataVirtual
-        https://bugs.webkit.org/show_bug.cgi?id=69872
-
-        Reviewed by Geoffrey Garen.
-
-        Renamed virtual getConstructData functions to getConstructDataVirtual to 
-        avoid conflicts when we add static getConstructData to the MethodTable.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::getConstructDataVirtual):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getConstructDataVirtual):
-        * API/JSObjectRef.cpp:
-        (JSObjectIsConstructor):
-        (JSObjectCallAsConstructor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::getConstructDataVirtual):
-        * runtime/ArrayConstructor.h:
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::getConstructDataVirtual):
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getConstructDataVirtual):
-        * runtime/DateConstructor.h:
-        * runtime/Error.h:
-        (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::getConstructDataVirtual):
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::getConstructDataVirtual):
-        * runtime/FunctionConstructor.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getConstructDataVirtual):
-        * runtime/JSCell.h:
-        (JSC::getConstructData):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getConstructDataVirtual):
-        * runtime/JSFunction.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::getConstructDataVirtual):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getConstructDataVirtual):
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getConstructDataVirtual):
-        * runtime/ObjectConstructor.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getConstructDataVirtual):
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getConstructDataVirtual):
-        * runtime/StringConstructor.h:
-
-2011-10-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Rubber stamped Stephanie Lewis.
-        
-        DFG_ENABLE() macro was always returning false.
-
-        * dfg/DFGNode.h:
-
-2011-10-13  Gavin Barraclough  <baraclough@apple.com>
-
-        Speculative build fix for !DFG builds.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2011-10-13  Oliver Hunt  <oliver@apple.com>
-
-        Fix performance of ValueToInt32 node when predicting double
-        https://bugs.webkit.org/show_bug.cgi?id=70063
-
-        Reviewed by Filip Pizlo.
-
-        Currently we fail to inline double to int conversion when
-        performing a ValueToInt32 operation on a value we predict
-        to be a double.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-           Apply correct filter for the double prediction path
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-           Support double parameters even when value has been spilled.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-           Moved old valueToInt32 code to this function, and added
-           path for double prediction
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-           Made the two implementations of ValueToInt32 call a single
-           shared compileValueToInt32 function.
-
-2011-10-13  Chris Marrin  <cmarrin@apple.com>
-
-        Sync requestAnimationFrame callback to CVDisplayLink on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=68911
-
-        Reviewed by Simon Fraser.
-
-        Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations
-        that use the DisplayRefreshMonitor logic.
-
-        * wtf/Platform.h:
-
-2011-10-13  Gavin Barraclough  <baraclough@apple.com>
-
-        DFG JIT should not be using ENABLE macro to enable features
-        https://bugs.webkit.org/show_bug.cgi?id=70060
-
-        Reviewed by Oliver Hunt.
-
-        The ENABLE macro is only intended to be used to detect features that are configured
-        in Platform.h. Using its to detect settings defined in other headers is an error.
-
-        The problem is that the ENABLE macro checks if the value is defined, so will silently
-        return false if you fail to include the header defining the switch. This is not a problem
-        if (1) the settings are defined in the same header that defines the macro that tests them,
-        or (2) the header is included everywhere.  In the case of ENABLE settings defined in
-        Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro.
-
-        * bytecode/CodeBlock.cpp:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getPrediction):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCodeGenerator.cpp:
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGNode.h:
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
-        (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::propagatePredictionsForward):
-        (JSC::DFG::Propagator::propagatePredictionsBackward):
-        (JSC::DFG::Propagator::propagatePredictions):
-        (JSC::DFG::Propagator::toDouble):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::fixup):
-        (JSC::DFG::Propagator::startIndexForChildren):
-        (JSC::DFG::Propagator::endIndexForPureCSE):
-        (JSC::DFG::Propagator::setReplacement):
-        (JSC::DFG::Propagator::eliminate):
-        (JSC::DFG::Propagator::performNodeCSE):
-        (JSC::DFG::Propagator::localCSE):
-        (JSC::DFG::Propagator::allocateVirtualRegisters):
-        (JSC::DFG::Propagator::performBlockCFA):
-        (JSC::DFG::Propagator::performForwardCFA):
-        (JSC::DFG::Propagator::globalCFA):
-        * dfg/DFGScoreBoard.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2011-10-13  Gavin Barraclough  <baraclough@apple.com>
-
-        terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell
-
-        Rubber stamped by Filip Pizlo
-
-        This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-10-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualized JSCell::toNumber
-        https://bugs.webkit.org/show_bug.cgi?id=69858
-
-        Reviewed by Sam Weinig.
-
-
-        Removed JSCallbackObject::toNumber because its no longer necessary since 
-        JSObject::toNumber now suffices since we implicitly add valueOf to an object's
-        prototype whenever a convertToType callback is provided.
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-        De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber.
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toNumber):
-        * runtime/JSCell.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-
-        Removed JSNotAnObject::toNumber because its result doesn't matter and it implements 
-        defaultValue, therefore JSObject::toNumber can cover its case.
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-
-2011-10-13  Xianzhu Wang  <wangxianzhu@chromium.org>
-
-        Use realloc() to expand/shrink StringBuilder buffer
-        https://bugs.webkit.org/show_bug.cgi?id=69913
-
-        Reviewed by Darin Adler.
-
-        * wtf/text/StringBuilder.cpp:
-        (WTF::StringBuilder::reserveCapacity):
-        (WTF::StringBuilder::reallocateBuffer):
-        (WTF::StringBuilder::appendUninitialized):
-        (WTF::StringBuilder::shrinkToFit):
-        * wtf/text/StringBuilder.h:
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer.
-        * wtf/text/StringImpl.h:
-
-2011-10-12  Filip Pizlo  <fpizlo@apple.com>
-
-        If an Arguments object is being used to copy the arguments, then
-        make this explicit
-        https://bugs.webkit.org/show_bug.cgi?id=69995
-
-        Reviewed by Sam Weinig.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveArguments):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createAndCopyRegisters):
-        (JSC::Arguments::finishCreationButDontCopyRegisters):
-        (JSC::Arguments::finishCreation):
-        (JSC::Arguments::finishCreationAndCopyRegisters):
-
-2011-10-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA does not filter structures aggressively enough.
-        https://bugs.webkit.org/show_bug.cgi?id=69989
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::clear):
-        (JSC::DFG::AbstractValue::makeTop):
-        (JSC::DFG::AbstractValue::clobberStructures):
-        (JSC::DFG::AbstractValue::set):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::checkConsistency):
-
-2011-10-12  Adam Barth  <abarth@webkit.org>
-
-        Remove ENABLE(XHTMLMP) and associated code
-        https://bugs.webkit.org/show_bug.cgi?id=69729
-
-        Reviewed by David Levin.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-10-12  Gavin Barraclough  <baraclough@apple.com>
-
-        MacroAssemblerX86 8-bit register ops unsafe on CPU(X86)
-        https://bugs.webkit.org/show_bug.cgi?id=69978
-
-        Reviewed by Filip Pizlo.
-
-        Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ).
-
-        compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding
-        a couple of xchg instructions.
-
-        branchTest8 with a register argument is also affected. In all cases this is currently used
-        this is testing a value that is correct to 32 or more bits, so we can simply switch these
-        to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the
-        32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction).
-
-        This fixes the remaining fast/js failures with the DFG JIT 32_64.
-
-        * assembler/MacroAssemblerARMv7.h
-            - removed branchTest8.
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::compare32):
-        (JSC::MacroAssemblerX86Common::test8):
-        (JSC::MacroAssemblerX86Common::test32):
-        (JSC::MacroAssemblerX86Common::set32):
-            - added set32 helper that is 'h' register safe.
-            - removed branchTest8.
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-            - switch uses of branchTest8 to branchTest32.
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-            - switch uses of branchTest8 to branchTest32.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-            - switch uses of branchTest8 to branchTest32.
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-            - switch uses of branchTest8 to branchTest32.
-
-2011-10-12  Gavin Barraclough  <baraclough@apple.com>
-
-        Errrk, revert accidental commit!
-
-        * wtf/Platform.h:
-
-2011-10-12  Gavin Barraclough  <baraclough@apple.com>
-
-        Unreviewed, re-land changes from #69890, #69903.
-
-        These were reverted due to bug #69897, but #69903 fixed this problem.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-12  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly
-        https://bugs.webkit.org/show_bug.cgi?id=69906
-
-        Reviewed by Gavin Barraclough.
-        
-        It turns out that the simplest fix is to switch computeUpdatedPredictions()
-        to using predictionFromValue() combined with mergePrediction(). Doing so
-        allowed me to kill off weakBuckets and visitWeakReferences(). Hence this
-        not only fixes a performance bug but kills off a lot of code that I never
-        liked to begin with.
-        
-        This appears to be a 1% win on V8.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionFromValue):
-        * bytecode/ValueProfile.cpp:
-        (JSC::ValueProfile::computeStatistics):
-        (JSC::ValueProfile::computeUpdatedPrediction):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::classInfo):
-        (JSC::ValueProfile::numberOfSamples):
-        (JSC::ValueProfile::isLive):
-        (JSC::ValueProfile::dump):
-
-2011-10-12  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSCell::toString
-        https://bugs.webkit.org/show_bug.cgi?id=69677
-
-        Reviewed by Sam Weinig.
-
-        Removed toString from JSCallbackObject, since it is no 
-        longer necessary since we now implicitly add toString and valueOf
-        functions to object prototypes when a convertToType callback 
-        is provided, which is now the standard way to override toString 
-        and valueOf in the JSC C API.
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-        Removed toString from InterruptedExecutionError and 
-        TerminatedExecutionError and replaced it with defaultValue,
-        which JSObject::toString calls.  We'll probably have to de-virtualize 
-        defaultValue eventually, but we'll cross that bridge when we 
-        come to it.
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::defaultValue):
-        (JSC::TerminatedExecutionError::defaultValue):
-        * runtime/ExceptionHelpers.h:
-
-        Removed toString from JSNotAnObject, since its return value doesn't
-        actually matter and JSObject::toString can cover it.
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-
-        De-virtualized JSCell::toString, JSObject::toString and JSString::toString.
-        Added handling of all cases for JSCell to JSCell::toString.
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toString):
-        * runtime/JSCell.h:
-
-2011-10-12  Oliver Hunt  <oliver@apple.com>
-
-        Global stringStructure caches its prototype chain, abandoning a web page
-        https://bugs.webkit.org/show_bug.cgi?id=69952
-
-        Reviewed by Filip Pizlo.
-
-        When visiting a structure, we don't keep the prototype chain
-        alive if we're not the structure for an object type.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildren):
-
-2011-10-12  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT 32_64 - Fix ArrayPop
-        https://bugs.webkit.org/show_bug.cgi?id=69918
-
-        Reviewed by Filip Pizlo.
-
-        The storageLengthGPR is polluted by EmptyValueTag and later used to
-        index the array, which results in abnormal behaviors in execution.
-        This fix makes 32_64 DFG pass v8-deltablue and kraken
-        crypto-sha256-iterative on Linux ia32.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::store32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movl_i32m):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-12  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>
-
-        Fix build with GLib 2.31
-        https://bugs.webkit.org/show_bug.cgi?id=69840
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.list.am: removed ThreadingGtk.cpp.
-        * wtf/ThreadingPrimitives.h: remove GTK+-specific definitions.
-        * wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations.
-        * wtf/gobject/GOwnPtr.h: ditto.
-        * wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations.
-        * wtf/gtk/ThreadingGtk.cpp: Removed.
-
-2011-10-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Layout tests crashing in DFG JIT code
-        https://bugs.webkit.org/show_bug.cgi?id=69897
-
-        Reviewed by Gavin Barraclough.
-        
-        Abstract value filtration didn't take into account cases where a structure
-        set filter, combined with predicted type knowledge, could lead to a stronger
-        filter for the structure abstract value.
-        
-        This bug would have been benign in release builds; it would have just meant
-        that the analysis was less precise and some optimization opportunities would
-        be missed. I have an ASSERT that is meant to catch such cases, and it was
-        triggering sporadically in one of the LayoutTests.
-
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::filter):
-
-2011-10-11  Gavin Barraclough  <baraclough@apple.com>
-
-        Unreviewed, temporarily reverted r97216 due to bug #69897.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-11  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG 32_64 - fix silentFillGPR
-        https://bugs.webkit.org/show_bug.cgi?id=69903
-
-        Reviewed by Filip Pizlo.
-
-        Fix a small bug in silentFillGPR,
-        and add the newly introduced DFG file to CMakeListsEfl.
-
-        * CMakeListsEfl.txt:
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG does not have flow-sensitive intraprocedural control flow analysis
-        https://bugs.webkit.org/show_bug.cgi?id=69690
-
-        Reviewed by Gavin Barraclough.
-
-        Implemented a control flow analysis (CFA). It currently propagates type
-        proofs only. For example, if all predecessors to a basic block have
-        checks that variable X is a JSFinalObject with structure 0xabcdef, then
-        this basic block will now know this fact and will know that it does not
-        have to emit either JSFinalObject checks or any structure checks since
-        the structure is precisely known. The CFA takes heap side-effects into
-        account (though somewhat conservatively), so that if the object pointed
-        to by variable X could have possibly undergone a structure transition
-        then this is reflected: the analysis may simply say that X's structure
-        is unknown.
-        
-        This also propagates a wealth of other type information which is
-        currently not being used. For example, we now know when a variable can
-        only hold doubles. Even if a variable may hold other types at different
-        points in its live range, we can still prove exactly when it will only
-        be double.
-        
-        There's a bunch of stuff that the CFA could do that it still does not
-        do, like precise handling of PutStructure (i.e. structure transitions),
-        precise handling of CheckFunction and CheckMethod, etc. So this is
-        very much intended to be a starting point rather than an end unto
-        itself.
-        
-        This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue)
-        and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate).
-        Neutral on SunSpider.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/ActionablePrediction.h: Removed.
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        * bytecode/PredictedType.h:
-        * dfg/DFGAbstractState.cpp: Added.
-        (JSC::DFG::AbstractState::AbstractState):
-        (JSC::DFG::AbstractState::~AbstractState):
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::reset):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::clobberStructures):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        (JSC::DFG::AbstractState::merge):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
-        (JSC::DFG::AbstractState::dump):
-        * dfg/DFGAbstractState.h: Added.
-        (JSC::DFG::AbstractState::forNode):
-        (JSC::DFG::AbstractState::isValid):
-        * dfg/DFGAbstractValue.h: Added.
-        (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
-        (JSC::DFG::StructureAbstractValue::clear):
-        (JSC::DFG::StructureAbstractValue::makeTop):
-        (JSC::DFG::StructureAbstractValue::top):
-        (JSC::DFG::StructureAbstractValue::add):
-        (JSC::DFG::StructureAbstractValue::addAll):
-        (JSC::DFG::StructureAbstractValue::contains):
-        (JSC::DFG::StructureAbstractValue::isSubsetOf):
-        (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
-        (JSC::DFG::StructureAbstractValue::isSupersetOf):
-        (JSC::DFG::StructureAbstractValue::filter):
-        (JSC::DFG::StructureAbstractValue::isClear):
-        (JSC::DFG::StructureAbstractValue::isTop):
-        (JSC::DFG::StructureAbstractValue::size):
-        (JSC::DFG::StructureAbstractValue::at):
-        (JSC::DFG::StructureAbstractValue::operator[]):
-        (JSC::DFG::StructureAbstractValue::last):
-        (JSC::DFG::StructureAbstractValue::predictionFromStructures):
-        (JSC::DFG::StructureAbstractValue::operator==):
-        (JSC::DFG::StructureAbstractValue::dump):
-        (JSC::DFG::AbstractValue::AbstractValue):
-        (JSC::DFG::AbstractValue::clear):
-        (JSC::DFG::AbstractValue::isClear):
-        (JSC::DFG::AbstractValue::makeTop):
-        (JSC::DFG::AbstractValue::clobberStructures):
-        (JSC::DFG::AbstractValue::isTop):
-        (JSC::DFG::AbstractValue::top):
-        (JSC::DFG::AbstractValue::set):
-        (JSC::DFG::AbstractValue::operator==):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::validate):
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGBasicBlock.h: Added.
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (JSC::DFG::BasicBlock::getBytecodeBegin):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::setupPredecessors):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::block):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGNode.h:
-        (JSC::DFG::NodeIndexTraits::defaultValue):
-        (JSC::DFG::Node::variableAccessData):
-        (JSC::DFG::Node::takenBytecodeOffsetDuringParsing):
-        (JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing):
-        (JSC::DFG::Node::setTakenBlockIndex):
-        (JSC::DFG::Node::setNotTakenBlockIndex):
-        (JSC::DFG::Node::takenBlockIndex):
-        (JSC::DFG::Node::notTakenBlockIndex):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSREntry.h:
-        * dfg/DFGOperands.h: Added.
-        (JSC::DFG::operandIsArgument):
-        (JSC::DFG::OperandValueTraits::defaultValue):
-        (JSC::DFG::Operands::Operands):
-        (JSC::DFG::Operands::numberOfArguments):
-        (JSC::DFG::Operands::numberOfLocals):
-        (JSC::DFG::Operands::argument):
-        (JSC::DFG::Operands::local):
-        (JSC::DFG::Operands::setLocal):
-        (JSC::DFG::Operands::setArgumentFirstTime):
-        (JSC::DFG::Operands::setLocalFirstTime):
-        (JSC::DFG::Operands::operand):
-        (JSC::DFG::Operands::setOperand):
-        (JSC::DFG::Operands::clear):
-        (JSC::DFG::dumpOperands):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::propagatePredictions):
-        (JSC::DFG::Propagator::performBlockCFA):
-        (JSC::DFG::Propagator::performForwardCFA):
-        (JSC::DFG::Propagator::globalCFA):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureSet.h:
-        (JSC::DFG::StructureSet::clear):
-        (JSC::DFG::StructureSet::predictionFromStructures):
-        (JSC::DFG::StructureSet::operator==):
-        (JSC::DFG::StructureSet::dump):
-        * dfg/DFGVariableAccessData.h: Added.
-
-2011-10-11  Gavin Barraclough  <baraclough@apple.com>
-
-        DFG JIT 32_64 - Fix silentFillGPR for non-integer constants.
-        https://bugs.webkit.org/show_bug.cgi?id=69890
-
-        Reviewed by Oliver Hunt.
-
-        Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-
-2011-10-11  Ryosuke Niwa  <rniwa@webkit.org>
-
-        GTK build fix attempt after r97197.
-
-        * wtf/BitVector.h:
-
-2011-10-11  Oliver Hunt  <oliver@apple.com>
-
-        Remove unintentional logging.
-
-        * heap/Heap.cpp:
-
-2011-10-11  Oliver Hunt  <oliver@apple.com>
-
-        Tidy up card walking logic
-        https://bugs.webkit.org/show_bug.cgi?id=69883
-
-        Reviewed by Gavin Barraclough.
-
-        Special case common cell sizes when walking a block's
-        cards.
-
-        * heap/CardSet.h:
-        (JSC::::testAndClear):
-        * heap/Heap.cpp:
-        (JSC::GCTimer::GCCounter::GCCounter):
-        (JSC::GCTimer::GCCounter::count):
-        (JSC::GCTimer::GCCounter::~GCCounter):
-        (JSC::Heap::markRoots):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::reset):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::visitCount):
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::append):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::gatherDirtyCellsWithSize):
-        (JSC::MarkedBlock::gatherDirtyCells):
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend):
-
-2011-10-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG virtual register allocator should be more aggressive in
-        reusing temporary slots
-        https://bugs.webkit.org/show_bug.cgi?id=69868
-
-        Reviewed by Oliver Hunt.
-        
-        1.2% win on V8, neutral elsewhere. The win is probably because it
-        increases precision of GC conservative scans.
-        
-        This required making the DFG::ScoreBoard operate over a bitvector
-        of preserved variables, rather than just a preserved variable
-        threshold. To do this, I improved the WTF::BitVector class to make
-        it more user-friendly. It still retains all previous functionality.
-        Also made changes to PackedIntVector to accomodate those changes.
-        Finally, this adds more debugging to the virtual register allocator
-        and to the OSR exit code, as this was necessary to track down bugs
-        in an earlier version of this patch.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::allocateVirtualRegisters):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::ScoreBoard):
-        (JSC::DFG::ScoreBoard::~ScoreBoard):
-        (JSC::DFG::ScoreBoard::allocate):
-        (JSC::DFG::ScoreBoard::use):
-        (JSC::DFG::ScoreBoard::highWatermark):
-        (JSC::DFG::ScoreBoard::dump):
-        (JSC::DFG::ScoreBoard::max):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueRecovery::dump):
-        * wtf/BitVector.cpp:
-        (WTF::BitVector::setSlow):
-        (WTF::BitVector::resizeOutOfLine):
-        (WTF::BitVector::dump):
-        * wtf/BitVector.h:
-        (WTF::BitVector::BitVector):
-        (WTF::BitVector::operator=):
-        (WTF::BitVector::quickGet):
-        (WTF::BitVector::quickSet):
-        (WTF::BitVector::quickClear):
-        (WTF::BitVector::get):
-        (WTF::BitVector::set):
-        (WTF::BitVector::clear):
-        * wtf/PackedIntVector.h:
-        (WTF::PackedIntVector::get):
-        (WTF::PackedIntVector::set):
-
-2011-10-11  Gavin Barraclough  <baraclough@apple.com>
-
-        DFG JIT 32_64 - Switch to cdecl calling convention.
-        https://bugs.webkit.org/show_bug.cgi?id=69863
-
-        Reviewed by Oliver Hunt.
-
-        This makes it easier to keep the stack correctly aligned, which is required on OS X.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr):
-            - Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-            - Switch calls to poke arguments rather than pushing them.
-        (JSC::DFG::resetCallArguments):
-        (JSC::DFG::addCallArgument):
-        (JSC::DFG::addCallArgumentBoxed):
-            - Helper functions to stack up call arguments on X86.
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-            - Don't push, poke!
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::compileBody):
-            - Don't push, poke!
-        * dfg/DFGOperations.cpp:
-            - Switch ReturnAddress wrappers to push return address last, update asm trampolines.
-        * dfg/DFGOperations.h:
-            - switch DFG_OPERATION to assert CDECL on STDCALL platforms.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::fmodWithCDecl):
-        (JSC::DFG::SpeculativeJIT::compile):
-            - On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL.
-
-2011-10-11  Gavin Barraclough  <baraclough@apple.com>
-
-        Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t
-        https://bugs.webkit.org/show_bug.cgi?id=69821
-
-        Reviewed by Filip Pizlo.
-
-        Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an
-        intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building.
-
-        dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for
-        JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary
-        move), so by switching all associated operations to return a size_t we can fix the type
-        problem on Linux & make it a small tweak that removes an unnecessary instruction.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
-            - comparisons now return a size_t.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-            - Removed Z_DFGOperation_EJ form.
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-            - comparisons now return a size_t.
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-            - comparisons now return a size_t.
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-            - Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t,
-              Both need to return values zero extended to fill a register.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-            - comparisons now return a size_t.
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-            - comparisons now return a size_t.
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-            - comparisons now return a size_t.
-
-2011-10-11  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Remove all references to QTDIR_build and standalone_package
-
-        Qt is now modularized, which means we no longer import WebKit into
-        the Qt source tree. Instead we use git submodules, and building
-        QtWebKit as "part of Qt" is really building QtWebKit as from trunk.
-
-        To decrease the number of buildsystem configurations we also remove
-        the standalone_package code-path used when we were providing tarballs
-        with the derived sources pre-generated.
-
-        Reviewed by Simon Hausmann.
-
-        * DerivedSources.pro:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-
-2011-10-11  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Add missing copyright notice in DFG JIT files
-        https://bugs.webkit.org/show_bug.cgi?id=69809
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        * dfg/DFGJITCompiler32_64.cpp:
-        * dfg/DFGJITCompilerInlineMethods.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-
-2011-10-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JSVALUE64 spill/fill code should not box integers and doubles
-        https://bugs.webkit.org/show_bug.cgi?id=69782
-
-        Reviewed by Oliver Hunt.
-        
-        Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat.
-        This required changing all of the places that spill registers (both silently
-        and not) and filling registers (both silently and on demand). It also required
-        changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile)
-        may have the wrong format for the old JIT (unboxed int or double).
-        
-        This is a slight win on Kraken (0.25%) and neutral elsewhere.
-
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::spill):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::JITCodeGenerator::spill):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueRecovery::displacedInRegisterFile):
-        (JSC::DFG::ValueRecovery::virtualRegister):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-
-2011-10-10  Gavin Barraclough  <baraclough@apple.com>
-
-        DFG JIT switch dfgConvert methods to use callOperation
-        https://bugs.webkit.org/show_bug.cgi?id=69806
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        * dfg/DFGOperations.h:
-
-2011-10-10  Gavin Barraclough  <baraclough@apple.com>
-
-        Remove some unused methods from the DFG JIT.
-
-        Rubber stamped by Oliver Hunt
-
-        Thee methods were only used by the non-speculative JIT, and can be removed.
-
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        * dfg/DFGJITCodeGenerator64.cpp:
-            - removed:
-                nonSpeculativeAdd
-                nonSpeculativeArithSub
-                nonSpeculativeArithMod
-                nonSpeculativeCheckHasInstance
-                nonSpeculativeInstanceOf
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-            - removed:
-                operationArithMod
-                operationInstanceOf
-                operationThrowHasInstanceError
-
-2011-10-10  Gavin Barraclough  <baraclough@apple.com>
-
-        Switch most calls in DFGJITCodeGenerator to use callOperation.
-        https://bugs.webkit.org/show_bug.cgi?id=69802
-
-        Reviewed by Oliver Hunt.
-
-        Compares, add, mod are the easy cases.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-
-2011-10-10  Gavin Barraclough  <baraclough@apple.com>
-
-        DFG: Switch GetById / PutById to use callOperation
-        https://bugs.webkit.org/show_bug.cgi?id=69795
-
-        Reviewed by Oliver Hunt.
-
-        Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::appropriatePutByIdFunction):
-
-2011-10-10  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
-        https://bugs.webkit.org/show_bug.cgi?id=69412
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-
-2011-10-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove getCallDataVirtual methods
-        https://bugs.webkit.org/show_bug.cgi?id=69186
-
-        Reviewed by Geoffrey Garen.
-
-        Removed all getCallDataVirtual methods and replaced their call sites 
-        with an explicit lookup in the MethodTable.
-
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSObjectRef.cpp:
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayConstructor.h:
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateConstructor.h:
-
-        Moved StrictModeTypeErrorFunction to Error.h in order to be able to include 
-        the class definition in JSGlobalObject.cpp.
-        * runtime/Error.cpp:
-        (JSC::createTypeErrorFunction):
-        * runtime/Error.h:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        (JSC::StrictModeTypeErrorFunction::create):
-        (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getConstructData):
-        (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        (JSC::StrictModeTypeErrorFunction::createStructure):
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/FunctionPrototype.h:
-
-        To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have 
-        to declare their own ClassInfo if they don't override getCallData, provided 
-        an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same 
-        functionality as of the pure virtual method InternalFunction used to have.
-        Also made this new implementation protected rather than private for the same reason.
-        Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever 
-        object is being created provides their own implementation of getCallData.  This 
-        just makes execution fail earlier in a place where the source of the error is 
-        easy to trace.  These ASSERTs are better than putting a null in the MethodTable because
-        they appear much more intentional to anybody who fails to provide their own 
-        implementation or who tries to explicitly call InternalFunction::getCallData.
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::finishCreation):
-        (JSC::InternalFunction::getCallData):
-        * runtime/InternalFunction.h:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-
-        Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable 
-        it to be reused rather than creating a new Structure every time we instantiate it.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::toJSON):
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/JSObject.h:
-        (JSC::getCallData):
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectConstructor.h:
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringConstructor.h:
-        * runtime/Structure.h:
-
-2011-10-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Switch last calls from DFGSpeculativeJIT to use callOperation.
-        https://bugs.webkit.org/show_bug.cgi?id=69780
-
-        Reviewed by Oliver Hunt.
-
-        Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * wtf/Platform.h:
-
-2011-10-10  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace"
-        https://bugs.webkit.org/show_bug.cgi?id=69748
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetMethod):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-
-2011-10-10  Adam Roben  <aroben@apple.com>
-
-        Build fix
-
-        * wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros.
-
-2011-10-10  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT - Bug fix for BranchNull
-        https://bugs.webkit.org/show_bug.cgi?id=69743
-
-        Reviewed by Darin Adler.
-
-        This fixes the error in access-binary-trees. All SunSpider cases passed.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-
-2011-10-07  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT: callOperation should return the Call.
-        https://bugs.webkit.org/show_bug.cgi?id=69682
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        (JSC::DFG::appendCallWithExceptionCheckSetResult):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::appendCall):
-        * wtf/Platform.h:
-
-2011-10-10  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r97045.
-        http://trac.webkit.org/changeset/97045
-        https://bugs.webkit.org/show_bug.cgi?id=69746
-
-        makes apple bots very crashy :( (Requested by kling on
-        #webkit).
-
-        * config.h:
-
-2011-10-10  Andreas Kling  <kling@webkit.org>
-
-        Shrink BorderValue.
-        https://bugs.webkit.org/show_bug.cgi?id=69521
-
-        Reviewed by Antti Koivisto.
-
-        * config.h: Touch to force full rebuild.
-
-2011-10-09  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Improve Null or Undefined test in 32_64 DFG
-        https://bugs.webkit.org/show_bug.cgi?id=69734
-
-        Reviewed by Darin Adler.
-
-        Currently Null or Undefined value test in 32_64 DFG will check
-        Null and Undefined tag separately and introduce one more branch.
-        It can be improved in the way how the baseline JIT is doing - by
-        relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1".
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2011-10-09  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT - Bug fix for ConvertThis
-        https://bugs.webkit.org/show_bug.cgi?id=69721
-
-        Reviewed by Darin Adler.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-09  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Remove unused callOperation code of DFG JIT on X86
-        https://bugs.webkit.org/show_bug.cgi?id=69722
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-
-2011-10-09  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble
-        https://bugs.webkit.org/show_bug.cgi?id=69720
-
-        Reviewed by Filip Pizlo.
-
-        In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by
-        a FPR and will be used for further optimizations, though we currently
-        don't fully utilize it. For now when filling a JS value which was
-        spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat
-        to DataFormatJS to avoid compilation errors.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-
-2011-10-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not always speculate that a ByVal access has an integer index
-        https://bugs.webkit.org/show_bug.cgi?id=69716
-
-        Reviewed by Oliver Hunt.
-        
-        1% win on SunSpider, neutral elsewhere.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGNode.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::byValHasIntBase):
-        (JSC::DFG::Propagator::clobbersWorld):
-        (JSC::DFG::Propagator::getMethodLoadElimination):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-09  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Fix value profiling in 32_64 JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69717
-
-        Reviewed by Filip Pizlo.
-
-        Current value profiling for 32_64 JIT is broken and cannot record
-        correct predicated types, which results in many speculation failures
-        in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
-        again and again. 
-        With this fix 32_64 DFG JIT can demonstrate real performance gains.
-
-        * bytecode/ValueProfile.cpp:
-        (JSC::ValueProfile::computeStatistics):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::classInfo):
-        (JSC::ValueProfile::numberOfSamples):
-        (JSC::ValueProfile::isLive):
-        (JSC::ValueProfile::numberOfInt32s):
-        (JSC::ValueProfile::numberOfDoubles):
-        (JSC::ValueProfile::numberOfBooleans):
-        (JSC::ValueProfile::dump):
-            Empty value check should be performed on decoded JSValue,
-            as for 32_64 empty value is not identical to encoded 0.
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::callWithValueProfiling):
-            Record the right profiling result for 32_64.
-
-2011-10-09  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Remove 32 bit restrictions in DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69711
-
-        Reviewed by Filip Pizlo.
-
-        op_call/op_construct support was disabled for 32 bit DFG JIT because
-        there was regression in javascriptcore tests. Now the bugs are fixed
-        and there should be no regression. This makes 32 bit DFG have the same
-        capability as 64 bit DFG, and improves the coverage.
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-
-2011-10-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static version of JSCell::getConstructData
-        https://bugs.webkit.org/show_bug.cgi?id=69673
-
-        Reviewed by Geoffrey Garen.
-
-        Added static version of getConstructData to all classes that 
-        override it and changed the virtual versions to call the static 
-        versions.  This is the first step in de-virtualizing JSCell::getConstructData.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::getConstructData):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getConstructData):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::getConstructData):
-        * runtime/ArrayConstructor.h:
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::getConstructData):
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getConstructData):
-        * runtime/DateConstructor.h:
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::getConstructData):
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::getConstructData):
-        * runtime/FunctionConstructor.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getConstructData):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getConstructData):
-        * runtime/JSFunction.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::getConstructData):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getConstructData):
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getConstructData):
-        * runtime/ObjectConstructor.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getConstructData):
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getConstructData):
-        * runtime/StringConstructor.h:
-
-2011-10-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static version of JSCell::getOwnPropertySlot
-        https://bugs.webkit.org/show_bug.cgi?id=69593
-
-        Reviewed by Geoffrey Garen.
-
-        Added static version of getOwnPropertySlot to every class that overrides
-        JSCell::getOwnPropertySlot.  The virtual versions now call the static versions.
-        This is the first step in de-virtualizing JSCell::getOwnPropertySlot.
-
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::getOwnPropertySlot):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        * runtime/Arguments.h:
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlot):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::getOwnPropertySlot):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getOwnPropertySlot):
-        * runtime/DateConstructor.h:
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::getOwnPropertySlot):
-        * runtime/DatePrototype.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::getOwnPropertySlot):
-        * runtime/ErrorPrototype.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::getOwnPropertySlot):
-        * runtime/JSArray.h:
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::getOwnPropertySlot):
-        * runtime/JSBoundFunction.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::getOwnPropertySlot):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnPropertySlot):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::getOwnPropertySlot):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::getOwnPropertySlot):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertySlot):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getOwnPropertySlot):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::getOwnPropertySlot):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::getOwnPropertySlot):
-        * runtime/JSString.h:
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::getOwnPropertySlot):
-        * runtime/MathObject.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertySlot):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::getOwnPropertySlot):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getOwnPropertySlot):
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getOwnPropertySlot):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::getOwnPropertySlot):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::getOwnPropertySlot):
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::getOwnPropertySlot):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getOwnPropertySlot):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::getOwnPropertySlot):
-        * runtime/StringObject.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::getOwnPropertySlot):
-        * runtime/StringPrototype.h:
-
-2011-10-08  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions
-        https://bugs.webkit.org/show_bug.cgi?id=69699
-
-        Reviewed by Filip Pizlo.
-
-        It should match SetLocal where only payload is stored for array predictions.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-08  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot
-        https://bugs.webkit.org/show_bug.cgi?id=69702
-
-        Reviewed by Filip Pizlo.
-
-        There are some errors in generating code for Branch and LogicalNot,
-        when the operand is predicted as ObjectOrOther.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-
-2011-10-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r96996.
-        http://trac.webkit.org/changeset/96996
-        https://bugs.webkit.org/show_bug.cgi?id=69697
-
-        It broke all tests on the Qt bot (Requested by Ossy_night on
-        #webkit).
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::getCallDataVirtual):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getCallDataVirtual):
-        * API/JSObjectRef.cpp:
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::getCallDataVirtual):
-        * runtime/ArrayConstructor.h:
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::getCallDataVirtual):
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getCallDataVirtual):
-        * runtime/DateConstructor.h:
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        (JSC::StrictModeTypeErrorFunction::create):
-        (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getConstructData):
-        (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        (JSC::StrictModeTypeErrorFunction::createStructure):
-        (JSC::createTypeErrorFunction):
-        * runtime/Error.h:
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::getCallDataVirtual):
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::getCallDataVirtual):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::getCallDataVirtual):
-        * runtime/FunctionPrototype.h:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::finishCreation):
-        * runtime/InternalFunction.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getCallDataVirtual):
-        * runtime/JSCell.h:
-        (JSC::getCallData):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getCallDataVirtual):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::toJSON):
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/JSObject.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::getCallDataVirtual):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getCallDataVirtual):
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getCallDataVirtual):
-        * runtime/ObjectConstructor.h:
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getCallDataVirtual):
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getCallDataVirtual):
-        * runtime/StringConstructor.h:
-        * runtime/Structure.h:
-
-2011-10-08  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT - only Array predictions can result in unboxed cells in register file
-        https://bugs.webkit.org/show_bug.cgi?id=69695
-
-        Reviewed by Filip Pizlo.
-
-        In current DFG JIT, only array predictions can result in unboxed cells
-        in register file, not for the other cell predictions.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueSource::forPrediction):
-
-2011-10-07  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69696
-
-        Reviewed by Filip Pizlo.
-
-        On 32-bit, we should use TimesEight (8) instead of ScalePtr (4)
-        to compute the address of a JS array element.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static version of JSCell::deleteProperty
-        https://bugs.webkit.org/show_bug.cgi?id=69659
-
-        Reviewed by Geoffrey Garen.
-
-        Added static version of both versions of put to all classes that 
-        override them and changed the virtual versions to call the static 
-        versions.  This is the first step in de-virtualizing JSCell::deleteProperty.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::deleteProperty):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::deleteProperty):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::deleteProperty):
-        * runtime/Arguments.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::deleteProperty):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::deleteProperty):
-        * runtime/JSArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::deleteProperty):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::deleteProperty):
-        * runtime/JSFunction.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::deleteProperty):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::deleteProperty):
-        * runtime/JSObject.h:
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::deleteProperty):
-        * runtime/JSVariableObject.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::deleteProperty):
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::deleteProperty):
-        * runtime/StrictEvalActivation.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::deleteProperty):
-        * runtime/StringObject.h:
-
-2011-10-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove getCallDataVirtual methods
-        https://bugs.webkit.org/show_bug.cgi?id=69186
-
-        Reviewed by Geoffrey Garen.
-
-        Removed all getCallDataVirtual methods and replaced their call sites 
-        with an explicit lookup in the MethodTable.
-
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSObjectRef.cpp:
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayConstructor.h:
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateConstructor.h:
-        * runtime/Error.cpp:
-        (JSC::createTypeErrorFunction):
-
-        Moved StrictModeTypeErrorFunction to Error.h in order to be able to include 
-        the class definition in JSGlobalObject.cpp.
-        * runtime/Error.h:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        (JSC::StrictModeTypeErrorFunction::create):
-        (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getConstructData):
-        (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        (JSC::StrictModeTypeErrorFunction::createStructure):
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/FunctionPrototype.h:
-
-        To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have 
-        to declare their own ClassInfo if they don't override getCallData, provided 
-        an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same 
-        functionality as of the pure virtual method InternalFunction used to have.
-        Also made this new implementation protected rather than private for the same reason.
-        Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever 
-        object is being created provides their own implementation of getCallData.  This 
-        just makes execution fail earlier in a place where the source of the error is 
-        easy to trace.  These ASSERTs are better than putting a null in the MethodTable because
-        they appear much more intentional to anybody who fails to provide their own 
-        implementation or who tries to explicitly call InternalFunction::getCallData.
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::finishCreation):
-        (JSC::InternalFunction::getCallData):
-        * runtime/InternalFunction.h:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-
-        Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable 
-        it to be reused rather than creating a new Structure every time we instantiate it.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::toJSON):
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/JSObject.h:
-        (JSC::getCallData):
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectConstructor.h:
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringConstructor.h:
-        * runtime/Structure.h:
-
-2011-10-07  Oliver Hunt  <oliver@apple.com>
-
-        Add missing break statement.
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-10-07  Oliver Hunt  <oliver@apple.com>
-
-        Support some string intrinsics in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69678
-
-        Reviewed by Gavin Barraclough.
-
-        Add support for charAt and charCodeAt intrinsics in the DFG.
-
-        * create_hash_table:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGIntrinsic.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static version of JSCell::put
-        https://bugs.webkit.org/show_bug.cgi?id=69382
-
-        Reviewed by Geoffrey Garen.
-
-        Added static version of both versions of put to all classes that 
-        override them and changed the virtual versions to call the static 
-        versions.
-
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::put):
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::put):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::put):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::put):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::put):
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::put):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::put):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::put):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::put):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/JSObject.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::put):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::put):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::put):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::put):
-        * runtime/RegExpObject.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::put):
-        * runtime/StringObject.h:
-
-2011-10-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Refactor DFG to make for use of callOperation
-        https://bugs.webkit.org/show_bug.cgi?id=69672
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-            - Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too).
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-            - Switch operationNewObject/operationCreateThis to return Cells,
-            - Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Replace code plating calls to operations to with calls to callOperation.
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Replace code plating calls to operations to with calls to callOperation.
-
-2011-10-07  Oliver Hunt  <oliver@apple.com>
-
-        Support string indexing in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=69671
-
-        Reviewed by Gavin Barraclough.
-
-        Emit code to support inline indexing of strings 
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-            Shared code to perform string indexing.
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            Use compileGetByValOnString if we predict that the base object
-            is a string in GetByVal.
-        * runtime/JSString.h:
-        (JSC::JSString::offsetOfFiberCount):
-        (JSC::JSString::offsetOfValue):
-
-2011-10-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ConvertThis speculation logic is wrong
-        https://bugs.webkit.org/show_bug.cgi?id=69663
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixupNode):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-07  Oliver Hunt  <oliver@apple.com>
-
-        Verify that our call speculation is valid.
-
-        Reviewed by Filip Pizlo.
-
-        Before specialising an intrinsic we need to verify that
-        we our speculation is correct.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-10-07  Brent Fulgham  <bfulgham@webkit.org>
-
-        [WinCairo] Unreviewed build correction for the build bot.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing
-        Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that
-        build-jsc can find the target it needs to run the JSC tests.
-
-2011-10-07  Oliver Hunt  <oliver@apple.com>
-
-        Fix 32-bit build.
-
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-
-2011-10-07  Oliver Hunt  <oliver@apple.com>
-
-        Support direct calls to intrinsic functions
-        https://bugs.webkit.org/show_bug.cgi?id=69646
-
-        Reviewed by Gavin Barraclough.
-
-        Add support for optimising non-method_check calls
-        to intrinsic functions (eg. when Math.abs, etc are
-        cached in local variables). 
-
-        * bytecode/CodeBlock.h:
-        (JSC::getCallLinkInfoBytecodeIndex):
-            Support searching CallLinkInfos by bytecode index
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-            Add support for linked calls in addition to method_check
-            when searching for intrinsics
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasFunctionCheckData):
-        (JSC::DFG::Node::function):
-            Add ability to store a JSFunction* in a node - this is safe
-            as the function will be marked by the codeblock we're compiling
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::checkFunctionElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-            Add support for new CheckFunction node, and implement CSE pass.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            Rather trivial implementation of CheckFunction
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-            Need to propagate bytecode index for calls now.
-
-2011-10-07  Dominic Cooney  <dominicc@chromium.org>
-
-        [JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles
-        https://bugs.webkit.org/show_bug.cgi?id=69599
-
-        Reviewed by Sam Weinig.
-
-        DFG JIT manipulates MetaAllocatorHandles across threads, eg in
-        allocating JITCode buffers on a background thread to execute a
-        proxy autoconfiguration PAC file but garbage collecting it in
-        response to allocation on the main thread. Disabling
-        ThreadRestrictionVerification until there is a verification scheme
-        that understands this handoff.
-
-        * wtf/MetaAllocator.cpp:
-        (WTF::MetaAllocator::allocate):
-
-2011-10-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not always speculate that ConvertThis is operating on an object
-        https://bugs.webkit.org/show_bug.cgi?id=69570
-
-        Reviewed by Oliver Hunt.
-        
-        Mostly neutral, but with a slight regression in Kraken since it increases
-        coverage in DFG and thus reveals some performance pathologies (which I
-        prefer to think of as performance opportunities, in a good way).
-
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        * bytecode/PredictedType.h:
-        (JSC::isOtherPrediction):
-        (JSC::mergePredictions):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Windows build fix
-
-        Unreviewed build fix.  Weird runtime failures on Windows due to 
-        linking issues caused by the ClassInfo struct in JSByteArray not 
-        being declared with JS_EXPORTDATA.
-
-        * runtime/JSByteArray.h:
-
-2011-10-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure does not reset m_previous when pinning the property map
-        https://bugs.webkit.org/show_bug.cgi?id=69583
-
-        Reviewed by Gavin Barraclough.
-        
-        This is an 0.6% performance improvement in V8, and 0.2% overall.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::pin):
-        * runtime/Structure.h:
-
-2011-10-06  Anders Carlsson  <andersca@apple.com>
-
-        When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors
-        https://bugs.webkit.org/show_bug.cgi?id=69586
-
-        Reviewed by Darin Adler.
-
-        * Configurations/Base.xcconfig:
-        Add -Wglobal-constructors and -Wexit-time-destructors when building with clang.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        When building with clang, we don't need to run the check-for-global-initializers and
-        check-for-exit-time-destructors anymore.
-
-        * jsc.cpp:
-        (runInteractive):
-        Move interpreterName into runInteractive.
-
-        * wtf/StdLibExtras.h:
-        When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors
-        warnings around the variable declaration.
-
-2011-10-06  Anders Carlsson  <andersca@apple.com>
-
-        Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds
-        https://bugs.webkit.org/show_bug.cgi?id=69584
-
-        Reviewed by Darin Adler.
-
-        Add DEFINE_DEBUG_ONLY_GLOBAL macro.
-
-        * wtf/StdLibExtras.h:
-
-2011-10-06  Oliver Hunt  <oliver@apple.com>
-
-        Write barrier shouldn't allocate temporaries inside control flow
-        https://bugs.webkit.org/show_bug.cgi?id=69582
-
-        Reviewed by Gavin Barraclough.
-
-        Reorder the code to avoid spill-related badness.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-
-2011-10-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::shouldSpeculate methods are too complicated
-        https://bugs.webkit.org/show_bug.cgi?id=69560
-
-        Reviewed by Geoffrey Garen.
-        
-        Moved shouldSpeculate methods to DFG::Node, and cleaned them up to
-        just use node predictions.
-        
-        By itself this would have meant that SpeculativeJIT code would have
-        had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ().
-        So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced
-        all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex).
-        
-        This is an 0.4% progression overall that shows up in all benchmarks,
-        for reasons unknown.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::at):
-        (JSC::DFG::JITCodeGenerator::canReuse):
-        (JSC::DFG::JITCodeGenerator::isFilled):
-        (JSC::DFG::JITCodeGenerator::isFilledDouble):
-        (JSC::DFG::JITCodeGenerator::use):
-        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::detectPeepHoleBranch):
-        (JSC::DFG::integerResult):
-        (JSC::DFG::noResult):
-        (JSC::DFG::cellResult):
-        (JSC::DFG::jsValueResult):
-        (JSC::DFG::storageResult):
-        (JSC::DFG::doubleResult):
-        (JSC::DFG::initConstantInfo):
-        (JSC::DFG::appendCallWithExceptionCheck):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateInteger):
-        (JSC::DFG::Node::shouldSpeculateDouble):
-        (JSC::DFG::Node::shouldSpeculateNumber):
-        (JSC::DFG::Node::shouldNotSpeculateInteger):
-        (JSC::DFG::Node::shouldSpeculateFinalObject):
-        (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
-        (JSC::DFG::Node::shouldSpeculateArray):
-        (JSC::DFG::Node::shouldSpeculateArrayOrOther):
-        (JSC::DFG::Node::shouldSpeculateObject):
-        (JSC::DFG::Node::shouldSpeculateCell):
-        (JSC::DFG::Node::canSpeculateInteger):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isInteger):
-        (JSC::DFG::SpeculativeJIT::isKnownArray):
-        (JSC::DFG::SpeculativeJIT::isKnownString):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::convertToDouble):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-06  Gavin Peters  <gavinp@chromium.org>
-
-        REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1"
-        https://bugs.webkit.org/show_bug.cgi?id=69556
-
-        Reviewed by Adam Roben.
-
-        * wtf/Assertions.cpp:
-
-2011-10-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG implementation of UInt32ToNumber is missing a break statement
-        https://bugs.webkit.org/show_bug.cgi?id=69552
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed build fix for DFG JIT 32_64 release builds.
-
-        * dfg/DFGJITCompiler.cpp:
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGJITCompiler32_64.cpp:
-            - Remove three unused methods.
-
-2011-10-06  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT 32_64 should check type of values being filled by fillSpeculateInt
-        https://bugs.webkit.org/show_bug.cgi?id=69549
-
-        Reviewed by Oliver Hunt.
-
-        This breaks sunspider/3d-cube.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-            - Speculation check on the tag. 
-
-2011-10-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Snow Leopard build fix
-
-        Unreviewed build fix
-
-        * JavaScriptCore.exp:
-
-2011-10-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Add explicit JSGlobalThis type.
-        https://bugs.webkit.org/show_bug.cgi?id=69478
-
-        Reviewed by Darin Adler.
-
-        JSC supports a split global object, as used by WebCore for the Window. As a stage
-        of making this visible to JSC, make it so that if the global this value is not the
-        global object itself, it must be a subclass of JSGlobalThis.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::finishCreation):
-            - Don't pass the thisValue to JSGlobalObject::finishCreation.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Added JSGlobalThis.h
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-            - Don't pass the thisValue to JSGlobalObject::finishCreation.
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::create):
-        (JSC::JSGlobalObject::finishCreation):
-            - finishCreation takes a JSGlobalThis, or thisValue is implicit.
-        * runtime/JSGlobalThis.h: Added.
-        (JSC::JSGlobalThis::create):
-        (JSC::JSGlobalThis::JSGlobalThis):
-        (JSC::JSGlobalThis::finishCreation):
-            - Thin wrapper on JSNonFinalObject to allow type checking.
-        * testRegExp.cpp:
-        (GlobalObject::finishCreation):
-            - Don't pass the thisValue to JSGlobalObject::finishCreation.
-
-2011-10-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSC objects need to know their own cell size at runtime.
-        https://bugs.webkit.org/show_bug.cgi?id=69390
-
-        Reviewed by Geoffrey Garen.
-
-        Added the cellSize field to ClassInfo and the static calculation of 
-        size of each class to the CREATE_METHOD_TABLE macro, which will be 
-        renamed in a followup patch to make its name match its broader use.
-
-        Also added a few ClassInfo structs so that each object that is allocated has its 
-        correct size.  
-
-        * JavaScriptCore.exp:
-        * runtime/ClassInfo.h:
-
-        Changed JSByteArray s_defaultInfo to s_info so that the template will get the 
-        correct ClassInfo struct from it when it's allocated.
-        * runtime/JSByteArray.cpp:
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.h:
-        (JSC::allocateCell):
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSObject.h:
-        (JSC::JSCell::cellSize):
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/StrictEvalActivation.cpp:
-        * runtime/StrictEvalActivation.h:
-
-2011-10-06  Gavin Peters  <gavinp@chromium.org>
-
-        export new stack dumping method
-        https://bugs.webkit.org/show_bug.cgi?id=69018
-
-        The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use
-        of this function, many builds broke.  So here we add the exports, so that the function is usable.
-
-        Reviewed by Adam Roben.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-06  Csaba Osztrogonác  <ossy@webkit.org>
-
-        REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS)
-        https://bugs.webkit.org/show_bug.cgi?id=69413
-
-        Reviewed by Darin Adler.
-
-        * assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way.
-
-2011-10-05  Filip Pizlo  <fpizlo@apple.com>
-
-        SpeculativeJIT::isKnownString() is wrong
-        https://bugs.webkit.org/show_bug.cgi?id=69501
-
-        Reviewed by Oliver Hunt.
-        
-        Removed the wrong case (GetLocal predicted String) and added a case that
-        works (StrCat).
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isKnownString):
-
-2011-10-05  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Windows build fix attempt after r96760.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-10-05  Chris Rogers  <crogers@google.com>
-
-        Define a log2f() function for Windows in wtf/MathExtras.h
-        https://bugs.webkit.org/show_bug.cgi?id=69491
-
-        Reviewed by Darin Adler.
-
-        * wtf/MathExtras.h:
-        (log2f):
-
-2011-10-05  Jer Noble  <jer.noble@apple.com>
-
-        Enable WEB_AUDIO by default in the WebKit/mac port.
-        https://bugs.webkit.org/show_bug.cgi?id=68587
-
-        Reviewed by Simon Fraser.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2011-10-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots
-        https://bugs.webkit.org/show_bug.cgi?id=69346
-
-        Reviewed by Oliver Hunt.
-        
-        Removed the assertion, since it was completely wrong for op_post_inc.
-        Short of having specialized PostInc nodes in the DFG, there is no
-        robust way of asserting what this assertion was trying to assert while
-        also supporting op_post_inc.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Added a simpler mechanism for registering one-off finalizers
-        https://bugs.webkit.org/show_bug.cgi?id=69466
-
-        Reviewed by Oliver Hunt.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::addFinalizer):
-        (JSC::Heap::FinalizerOwner::finalize):
-        * heap/Heap.h: New function for adding an arbitrary finalizer for an
-        arbitrary cell without declaring any special classes or Handles yourself.
-
-        * JavaScriptCore.exp: Fix build.
-
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::clearCode):
-        (JSC::ExecutableBase::clearCodeVirtual):
-        (JSC::EvalExecutable::clearCodeVirtual):
-        (JSC::ProgramExecutable::clearCodeVirtual):
-        (JSC::FunctionExecutable::discardCode):
-        (JSC::FunctionExecutable::clearCodeVirtual):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::finishCreation): Use the new mechanism for eager
-        finalization of executables.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::clearRareData):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::createRareDataIfNeeded):
-        (JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager
-        finalization of weak maps.
-
-2011-10-05  Adam Roben  <aroben@apple.com>
-
-        Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer
-
-        RetainPtr's behavior of allowing the template parameter to be either a pointer type or a
-        pointed-to type confused us when we implemented hashTableDeletedValue.
-
-        Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type
-        in HashMap/HashSet fails to compile
-
-        Reviewed by John Sullivan.
-
-        * wtf/RetainPtr.h:
-        (WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*,
-        since T might itself be a pointer.
-
-        (WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't
-        seem to be causing a problem.
-
-2011-10-05  Oliver Hunt  <oliver@apple.com>
-
-        Remove last vestiges of anonymous storage.
-
-        Reviewed by Gavin Barraclough.
-
-        One anonymous storage function escaped my prior purge of
-        this feature, this patch removes it.
-
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::finishCreation):
-        * runtime/JSObject.h:
-
-2011-10-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be capable of a broader range of speculations on branch and not
-        https://bugs.webkit.org/show_bug.cgi?id=69322
-
-        Reviewed by Oliver Hunt.
-        
-        * bytecode/PredictedType.h:
-        (JSC::isFinalObjectOrOtherPrediction):
-        (JSC::isArrayOrOtherPrediction):
-        * dfg/DFGJITCodeGenerator.cpp:
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther):
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2011-10-05  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r96733.
-        http://trac.webkit.org/changeset/96733
-        https://bugs.webkit.org/show_bug.cgi?id=69454
-
-        Broke GCC for some reason (Requested by andersca on #webkit).
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
-        (WTF::ListHashSetReverseIterator::get):
-        (WTF::ListHashSetReverseIterator::operator*):
-        (WTF::ListHashSetReverseIterator::operator->):
-        (WTF::ListHashSetReverseIterator::operator++):
-        (WTF::ListHashSetReverseIterator::operator--):
-        (WTF::ListHashSetReverseIterator::operator==):
-        (WTF::ListHashSetReverseIterator::operator!=):
-        (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
-        (WTF::ListHashSetReverseIterator::node):
-        (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
-        (WTF::ListHashSetConstReverseIterator::get):
-        (WTF::ListHashSetConstReverseIterator::operator*):
-        (WTF::ListHashSetConstReverseIterator::operator->):
-        (WTF::ListHashSetConstReverseIterator::operator++):
-        (WTF::ListHashSetConstReverseIterator::operator--):
-        (WTF::ListHashSetConstReverseIterator::operator==):
-        (WTF::ListHashSetConstReverseIterator::operator!=):
-        (WTF::ListHashSetConstReverseIterator::node):
-        (WTF::::rbegin):
-        (WTF::::rend):
-        (WTF::::makeReverseIterator):
-        (WTF::::makeConstReverseIterator):
-
-2011-10-04  Oliver Hunt  <oliver@apple.com>
-
-        Add rudimentary filtering to write barriers
-        https://bugs.webkit.org/show_bug.cgi?id=69392
-
-        Reviewed by Filip Pizlo.
-
-        Add approximate filtering for write barriers based on the
-        target's mark bit.  Also add some macros to support dumping
-        GC phase timings.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::markCellCard):
-        * heap/Heap.cpp:
-        (JSC::GCTimer::GCTimerScope::GCTimerScope):
-        (JSC::GCTimer::GCTimerScope::~GCTimerScope):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-           Add phase timing information.
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::offsetOfMarks):
-        (JSC::MarkedBlock::gatherDirtyCells):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitWriteBarrier):
-
-2011-10-05  Anders Carlsson  <andersca@apple.com>
-
-        Use std::reverse_iterator for ListHashSet reverse iterators
-        https://bugs.webkit.org/show_bug.cgi?id=69446
-
-        Reviewed by Darin Adler.
-
-        * wtf/ListHashSet.h:
-        Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators
-        and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes.
-
-2011-10-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Make Object.prototype getter/setter methods match ES5 behaviour
-        https://bugs.webkit.org/show_bug.cgi?id=69393
-
-        Reviewed by Sam Weinig.
-
-        The rest of Object.prototype no longer substitute Null/Undefined with the global object,
-        this is old ES3 behaviour. Remove it here too.
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncLookupGetter):
-        (JSC::objectProtoFuncLookupSetter):
-
-2011-10-05  Patrick Gansterer  <paroga@webkit.org>
-
-        Get rid of posixThread in MachineStackMarker::Thread
-        https://bugs.webkit.org/show_bug.cgi?id=54836
-
-        Reviewed by Oliver Hunt.
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::Thread::Thread):
-        (JSC::getCurrentPlatformThread):
-        (JSC::equalThread):
-        (JSC::MachineThreads::addCurrentThread):
-        (JSC::MachineThreads::removeCurrentThread):
-        (JSC::MachineThreads::gatherConservativeRoots):
-
-2011-10-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed JSValue::toJSNumber
-        https://bugs.webkit.org/show_bug.cgi?id=69399
-
-        No perf. change.
-
-        toJSNumber() used to provide an implicit fast path for immediate numbers,
-        but those fast paths are all explicit now, so it's just cruft.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSValue.h:
-        * runtime/JSValueInlineMethods.h:
-
-2011-10-05  Gavin Peters  <gavinp@chromium.org>
-
-        REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces
-        https://bugs.webkit.org/show_bug.cgi?id=69424
-
-        Skip an extra frame in WTFReportBacktrace.  As well, I now don't count skipped frames in maxFrames,
-        so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively
-        31 reported frames.
-
-        Reviewed by Adam Roben.
-
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-
-2011-10-05  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed WinCE build fix for r96595.
-
-        * wtf/Assertions.cpp:
-        RtlCaptureStackBackTrace() isn't available on WinCE.
-
-2011-10-04  Kent Tamura  <tkent@chromium.org>
-
-        Introduce feature flags for incomplete input types
-        https://bugs.webkit.org/show_bug.cgi?id=68971
-
-        Reviewed by Hajime Morita.
-
-        * Configurations/FeatureDefines.xcconfig:
-        Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS.
-
-2011-10-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening.
-
-2011-10-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static ClassInfo structs to classes that override JSCell::getCallData
-        https://bugs.webkit.org/show_bug.cgi?id=69311
-
-        Reviewed by Darin Adler.
-
-        Added ClassInfo structs to each class that defined its own getCallData 
-        function but did not already have its own ClassInfo struct.  This is a 
-        necessary addition for when we switch over to looking up getCallData from 
-        the MethodTable in ClassInfo rather than doing the virtual call (which we 
-        are removing).  These new ClassInfo structs are public because we often 
-        use these structs in other areas of the code to uniquely identify JSC classes and 
-        to enforce runtime invariants based on those class identities using ASSERTs.
-        Also added new createStructure methods to those classes that didn't have 
-        them so that the new ClassInfo structs would be used when creating the Structures 
-        in these classes.
-
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanConstructor.h:
-        (JSC::BooleanConstructor::createStructure):
-
-        getCallData was not marked as static in StrictModeTypeErrorFunction.  
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        (JSC::StrictModeTypeErrorFunction::createStructure):
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorConstructor.h:
-        (JSC::ErrorConstructor::createStructure):
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionConstructor.h:
-        (JSC::FunctionConstructor::createStructure):
-        * runtime/FunctionPrototype.cpp:
-        * runtime/FunctionPrototype.h:
-
-2011-10-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Some JSValue cleanup
-        https://bugs.webkit.org/show_bug.cgi?id=69320
-
-        Reviewed by Darin Adler.
-        
-        No measurable performance change.
-
-        Removed some JSValue::get* functions. get* used to be an optimization
-        when every value operation was a virtual function call: get* would combine
-        two virtual calls into one. Now, with non-virtual, inlined functions, get*
-        isn't faster, and may be slightly slower.
-
-        Merged getBoolean(bool&) and getBoolean() into asBoolean().
-
-        Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
-        asNumber().
-
-        * runtime/JSValue.h:
-        * runtime/JSValueInlineMethods.h:
-        (JSC::JSValue::asNumber):
-        (JSC::JSValue::asBoolean): As promised!
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::toThisNumber):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        (JSC::numberProtoFuncToString):
-        (JSC::numberProtoFuncToLocaleString):
-        (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
-        by switching to toThisNumber().
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::toNumber):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::valueOfNumberConstant):
-        (JSC::DFG::Graph::valueOfBooleanConstant):
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::internalNumber):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncBind):
-        * runtime/JSArray.cpp:
-        (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
-        getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
-
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h: Nixed getJSNumber().
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-        * runtime/JSONObject.cpp:
-        (JSC::gap):
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/NumberObject.cpp:
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/Operations.h:
-        (JSC::JSValue::equalSlowCaseInline):
-        (JSC::JSValue::strictEqual):
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-        (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
-        getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
-
-2011-10-04  Scott Graham  <scottmg@chromium.org>
-
-        Add GAMEPAD feature flag
-        https://bugs.webkit.org/show_bug.cgi?id=66859
-
-        Reviewed by Darin Fisher.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-10-03  Filip Pizlo  <fpizlo@apple.com>
-
-        JITCodeGenerator should no longer have code that tries too hard
-        to be both speculative and non-speculative
-        https://bugs.webkit.org/show_bug.cgi?id=69321
-
-        Reviewed by Gavin Barraclough.
-        
-        Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
-        This required moving emitBranch() to SpeculativeJIT, since it was
-        the main user of that field and method. Other than trvial clean-ups
-        in emitBranch(), the code is unchanged (and still has some disparity
-        between 64 and 32_64, and still lacks some obvious optimizations).
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        * dfg/DFGJITCodeGenerator64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2011-10-04  David Hyatt  <hyatt@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=69372
-        
-        [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
-        
-        Add support for reverse iteration to ListHashSet to support being able to walk them
-        backwards easily.
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/ListHashSet.h:
-        (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
-        (WTF::ListHashSetReverseIterator::get):
-        (WTF::ListHashSetReverseIterator::operator*):
-        (WTF::ListHashSetReverseIterator::operator->):
-        (WTF::ListHashSetReverseIterator::operator++):
-        (WTF::ListHashSetReverseIterator::operator--):
-        (WTF::ListHashSetReverseIterator::operator==):
-        (WTF::ListHashSetReverseIterator::operator!=):
-        (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
-        (WTF::ListHashSetReverseIterator::node):
-        (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
-        (WTF::ListHashSetConstReverseIterator::get):
-        (WTF::ListHashSetConstReverseIterator::operator*):
-        (WTF::ListHashSetConstReverseIterator::operator->):
-        (WTF::ListHashSetConstReverseIterator::operator++):
-        (WTF::ListHashSetConstReverseIterator::operator--):
-        (WTF::ListHashSetConstReverseIterator::operator==):
-        (WTF::ListHashSetConstReverseIterator::operator!=):
-        (WTF::ListHashSetConstReverseIterator::node):
-        (WTF::::rbegin):
-        (WTF::::rend):
-        (WTF::::makeReverseIterator):
-        (WTF::::makeConstReverseIterator):
-        (WTF::::makeConstIterator):
-
-2011-10-04  Gavin Peters  <gavinp@chromium.org>
-
-        fix gtk breakage caused by changeset 96595
-        https://bugs.webkit.org/show_bug.cgi?id=69371
-
-        ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
-        the pretty printer on gtk, which should fix the build on that platform.
-
-        Reviewed by NOBODY, this is a build fix.
-
-        * wtf/Assertions.cpp:
-
-2011-10-04  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r96630.
-        http://trac.webkit.org/changeset/96630
-        https://bugs.webkit.org/show_bug.cgi?id=69368
-
-        Caused assertion failures in validateCell (Requested by
-        mhahnenberg on #webkit).
-
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanConstructor.h:
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/FunctionPrototype.h:
-
-2011-10-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static ClassInfo structs to classes that override JSCell::getCallData
-        https://bugs.webkit.org/show_bug.cgi?id=69311
-
-        Reviewed by Darin Adler.
-
-        Added ClassInfo structs to each class that defined its own getCallData 
-        function but did not already have its own ClassInfo struct.  This is a 
-        necessary addition for when we switch over to looking up getCallData from 
-        the MethodTable in ClassInfo rather than doing the virtual call (which we 
-        are removing).  These new ClassInfo structs are public because we often 
-        use these structs in other areas of the code to uniquely identify JSC classes and 
-        to enforce runtime invariants based on those class identities using ASSERTs.
-
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanConstructor.h:
-
-        getCallData was not marked as static is StrictModeTypeErrorFunction.  
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/FunctionPrototype.h:
-
-2011-10-04  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Leopard build fix after r96613.
-
-        * wtf/Platform.h:
-
-2011-10-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Implicitly add toString and valueOf to prototype when convertToType callback is provided
-        https://bugs.webkit.org/show_bug.cgi?id=69156
-
-        Reviewed by Geoffrey Garen.
-
-        Added callbacks for toString and valueOf which are implicitly added to a client object's
-        prototype if they provide a convertToType callback when declaring their class through 
-        the JSC API.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::toStringCallback):
-        (JSC::JSCallbackFunction::valueOfCallback):
-        * API/JSCallbackFunction.h:
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/tests/testapi.js:
-
-2011-10-03  Jon Lee  <jonlee@apple.com>
-
-        Extend DOM WheelEvent to differentiate between physical and logical scroll directions
-        https://bugs.webkit.org/show_bug.cgi?id=68959
-        <rdar://problem/10036688>
-
-        Reviewed by Sam Weinig.
-
-        * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.
-
-2011-10-04  Csaba Osztrogonác  <ossy@webkit.org>
-
-        MinGW warning fix after r96286.
-
-        Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:
-        #define __stdcall __attribute__((stdcall))
-        #define STDCALL __stdcall
-
-        Reviewed by Tor Arne Vestbø.
-
-        * assembler/MacroAssemblerCodeRef.h:
-
-2011-10-04  Gavin Peters  <gavinp@chromium.org>
-
-       add more stack dumping methods
-       https://bugs.webkit.org/show_bug.cgi?id=69018
-
-       In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
-       WebKit programmatically retrieve the current stack.  This is useful if you need to add more
-       reporting to field crash report uploads, if you're tracking down an irreproducable bug,
-       for instance.
-
-       Reviewed by Darin Adler.
-
-       * wtf/Assertions.cpp:
-       * wtf/Assertions.h:
-
-2011-10-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline Array.push and Array.pop
-        https://bugs.webkit.org/show_bug.cgi?id=69314
-
-        Reviewed by Geoff Garen.
-        
-        Fix 32-bit.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline Array.push and Array.pop
-        https://bugs.webkit.org/show_bug.cgi?id=69314
-
-        Reviewed by Oliver Hunt.
-        
-        1% speed-up in V8 due to 6% speed-up in V8-deltablue.
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::storePtr):
-        * create_hash_table:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGIntrinsic.h:
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasHeapPrediction):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::getMethodLoadElimination):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-03  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC ASSERT Opening the Web Inspector
-        https://bugs.webkit.org/show_bug.cgi?id=69293
-
-        Reviewed by Oliver Hunt.
-        
-        If a polymorphic access structure list has a duplicated structure, then
-        don't crash.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2011-10-03  Gavin Barraclough  <barraclough@apple.com>
-
-        On X86, switch bucketCount into a register, timeoutCheck into memory
-        https://bugs.webkit.org/show_bug.cgi?id=69299
-
-        Reviewed by Geoff Garen.
-
-        We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
-        it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
-        but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
-        function too frequently (regressing performance). This patch has no perf impact on sunspider.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::branchAdd32):
-        (JSC::MacroAssemblerX86::branchSub32):
-            - Added branchSub32 with AbsoluteAddress.
-        * jit/JIT.cpp:
-        (JSC::JIT::emitTimeoutCheck):
-            - Keep timeout count in memory on X86.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-            - remove X86 specific code, switch bucket count back into a register.
-        * jit/JITStubs.cpp:
-            - Stop initializing esi (it is no longer the timeoutCheck!)
-        * jit/JSInterfaceJIT.h:
-            - change definition of esi to be the bucketCountRegister.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-            - Add timeoutCount as a property to global data (the counter should be per-thread).
-
-2011-10-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG backends don't have access to per-node predictions from the propagator
-        https://bugs.webkit.org/show_bug.cgi?id=69291
-
-        Reviewed by Oliver Hunt.
-        
-        Nodes now have two notion of predictions: the heap prediction, which is
-        what came directly from value profiling, and the propagator's predictions,
-        which arise out of abstract interpretation. Every node has a propagator
-        prediction, but not every node has a heap prediction; and there is no
-        guarantee that a node that has both will keep them consistent as the
-        propagator may have additional information available to it.
-        
-        This is performance neutral.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::getPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::hasHeapPrediction):
-        (JSC::DFG::Node::getHeapPrediction):
-        (JSC::DFG::Node::predictHeap):
-        (JSC::DFG::Node::prediction):
-        (JSC::DFG::Node::predict):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::Propagator):
-        (JSC::DFG::Propagator::setPrediction):
-        (JSC::DFG::Propagator::mergePrediction):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::isPredictedNumerical):
-        (JSC::DFG::Propagator::logicalNotIsPure):
-        (JSC::DFG::Propagator::setReplacement):
-
-2011-10-03  Jer Noble  <jer.noble@apple.com>
-
-        Unreviewed, rolling out r96526.
-        http://trac.webkit.org/changeset/96526
-        https://bugs.webkit.org/show_bug.cgi?id=68587
-
-        WEB_AUDIO has numerous 64->32 bit casting warnings, causing
-        build breakages where -Wall is enabled.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2011-10-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed build fix for DFG JIT 32_64.
-
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-10-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should speculate more aggressively on obvious cases on
-        polymorphic get_by_id
-        https://bugs.webkit.org/show_bug.cgi?id=69235
-
-        Reviewed by Oliver Hunt.
-        
-        This implements trivial polymorphic get_by_id. It also fixes
-        problems in the CSE for CheckStructure in the put_by_id
-        transition case.
-        
-        Doing this required knowing whether a polymorphic get_by_id stub
-        was doing a direct access rather than a call of some kind.
-        
-        Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
-        scaled mean of all benchmarks.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::addStructureSet):
-        (JSC::DFG::Graph::addStructureTransitionData):
-        * dfg/DFGNode.h:
-        (JSC::DFG::StructureTransitionData::StructureTransitionData):
-        (JSC::DFG::Node::hasStructureTransitionData):
-        (JSC::DFG::Node::structureTransitionData):
-        (JSC::DFG::Node::hasStructureSet):
-        (JSC::DFG::Node::structureSet):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureSet.h: Added.
-        (JSC::DFG::StructureSet::StructureSet):
-        (JSC::DFG::StructureSet::add):
-        (JSC::DFG::StructureSet::addAll):
-        (JSC::DFG::StructureSet::remove):
-        (JSC::DFG::StructureSet::contains):
-        (JSC::DFG::StructureSet::isSubsetOf):
-        (JSC::DFG::StructureSet::isSupersetOf):
-        (JSC::DFG::StructureSet::size):
-        (JSC::DFG::StructureSet::at):
-        (JSC::DFG::StructureSet::operator[]):
-        (JSC::DFG::StructureSet::last):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::getPolymorphicAccessStructureListSlot):
-
-2011-10-03  Jer Noble  <jer.noble@apple.com>
-
-        Enable WEB_AUDIO by default in the WebKit/mac port.
-        https://bugs.webkit.org/show_bug.cgi?id=68587
-
-        Reviewed by Simon Fraser.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2011-10-03  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Fix make distcheck build
-        https://bugs.webkit.org/show_bug.cgi?id=69243
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.list.am:
-
-2011-10-03  Pierre Rossi  <pierre.rossi@gmail.com>
-
-        [Qt] Build fix: Qt::escape is deprecated in Qt5
-        https://bugs.webkit.org/show_bug.cgi?id=69162
-
-        Use QString::toHtmlEscaped in the Qt5 case.
-
-        Reviewed by Andreas Kling.
-
-        * JavaScriptCore.pri:
-        * wtf/qt/UtilsQt.h: Added.
-        (escapeHtml):
-        * wtf/wtf.pri:
-
-2011-10-03  Balazs Kelemen  <kbalazs@webkit.org>
-
-        libdispatch based ParallelJobs is not enough parallel
-        https://bugs.webkit.org/show_bug.cgi?id=66378
-
-        Reviewed by Zoltan Herczeg.
-
-        Use the appropriate libdispatch API for our use case.
-        Throw away the hard coded limit of parallel threads
-        and use dispatch_apply with the default priority normal
-        queue istead of using our own custom serial queue (which
-        was a misuse of the API). Enabling PARALLEL_JOBS is now
-        a 60% win (2.63x as fast) on the methanol benchmark
-        (https://gitorious.org/methanol) with an SVG centric test set
-        while the old implementation was almost identical (less than 5% win).
-
-        * wtf/ParallelJobsLibdispatch.h:
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::execute):
-
-2011-10-02  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt]REGRESSION(r95912): It made sputnik tests flakey
-        https://bugs.webkit.org/show_bug.cgi?id=68990
-
-        Reviewed by Geoffrey Garen.
-
-        Changing signed char to int in r96354 solved the
-        problem. However transitionCount still returns
-        with a signed char and should be changed to int.
-
-        * runtime/Structure.h:
-        (JSC::Structure::transitionCount):
-
-2011-10-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG misses some obvious opportunities for common subexpression elimination
-        https://bugs.webkit.org/show_bug.cgi?id=69233
-
-        Reviewed by Oliver Hunt.
-        
-        0.7% speed-up on SunSpider.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::getMethodLoadElimination):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-
-2011-10-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Bug 67455 - Different regular expression result
-
-        Reviewed by Darin Adler.
-        
-        Fix a regression introduced in r72140. A return was added to the backtracking loop for
-        backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
-        This is incorrect. The additional return should only trigger to force an early return if
-        an error has occured.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchParentheses):
-            - Simplify some nested if else logic.
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-            - Simplify some nested if else logic.
-            - Only return early from backtrackParentheses on success/error, not on failure.
-
-2011-10-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed redundant helper functions for allocating Strong handles
-        https://bugs.webkit.org/show_bug.cgi?id=69218
-
-        Reviewed by Sam Weinig.
-
-        * heap/Heap.h:
-        (JSC::Heap::handleHeap):
-        * runtime/JSGlobalData.h: Removed these helper functions, since they
-        just created indirection.
-
-        * heap/StrongInlines.h: Added. Broke out a header for inline functions
-        to resolve circular dependencies created by inlining. I'm told this is
-        the future for JavaScriptCore.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::init):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::add):
-        (JSC::WeakGCMap::set):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::setSingleTransition):
-        * heap/Local.h:
-        (JSC::::Local):
-        * heap/Strong.h:
-        (JSC::::Strong):
-        (JSC::::set):
-        * heap/Weak.h:
-        (JSC::Weak::Weak):
-        (JSC::Weak::set): Allocate handles directly instead of going through a
-        chain of forwarding functions.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        * runtime/JSGlobalData.cpp:
-        * runtime/LiteralParser.cpp:
-        * runtime/RegExpCache.cpp: Updated for header changes.
-
-2011-09-30  Filip Pizlo  <fpizlo@apple.com>
-
-        All of JSC's heuristics should be in one place for easier tuning
-        https://bugs.webkit.org/show_bug.cgi?id=69201
-
-        Reviewed by Oliver Hunt.
-        
-        This makes it possible to change tiered compilation heuristics in
-        one place (Heuristics.cpp) without recompiling the whole project.
-        
-        It also makes it possible to enable setting heuristics using
-        environment variables. This is off by default. When turned on, it
-        makes tuning the system much easier.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shouldOptimizeNow):
-        * bytecode/CodeBlock.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        * runtime/Heuristics.cpp: Added.
-        (JSC::Heuristics::parse):
-        (JSC::Heuristics::setHeuristic):
-        (JSC::Heuristics::initializeHeuristics):
-        * runtime/Heuristics.h: Added.
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-
-2011-10-01  Oliver Hunt  <oliver@apple.com>
-
-        Support string length in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=69215
-
-        Reviewed by Geoff Garen.
-
-        Adds a GetStringLength node to the DFG so that we can support
-        string.length inline.
-
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isKnownString):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSString.h:
-        (JSC::JSString::offsetOfLength):
-
-2011-10-01  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69205
-
-        Reviewed by Gavin Barraclough.
-
-        If there are unboxed integers and cells in register file (e.g. by SetLocal), 
-        they must be reboxed before exiting from the speculative DFG JIT execution.
-        This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
-        ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).
-
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::ValueRecovery::dump):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueSource::forPrediction):
-        (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
-
-2011-10-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r96421.
-        http://trac.webkit.org/changeset/96421
-        https://bugs.webkit.org/show_bug.cgi?id=69206
-
-        It broke Qt-WK2 build (Requested by ossy on #webkit).
-
-        * JavaScriptCore.pri:
-        * wtf/qt/UtilsQt.h: Removed.
-        * wtf/wtf.pri:
-
-2011-09-30  Daniel Bates  <dbates@webkit.org>
-
-        Attempt to fix the Apple Windows and WinCairo Debug builds after
-        <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
-        ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
-        corresponding function, JSValue::toStrictThisObject(), was removed.
-
-2011-09-30  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG operation results are not set correctly in JSVALUE32_64 DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69126
-
-        Reviewed by Gavin Barraclough.
-
-        The setupResults routine has the bug of reversing the source and destination. 
-        Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::setupTwoStubArgs):
-        (JSC::DFG::setupResults):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-
-2011-09-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove toStrictThisObject, toThisString, toThisJSString
-        https://bugs.webkit.org/show_bug.cgi?id=69203
-
-        Rubber stamped by Sam Weinig
-
-        These are no longer used.
-
-        * JavaScriptCore.exp:
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSObject.h:
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSValue.h:
-        * runtime/StrictEvalActivation.cpp:
-        * runtime/StrictEvalActivation.h:
-
-2011-09-30  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG does not speculate aggressively enough on put_by_id
-        https://bugs.webkit.org/show_bug.cgi?id=69114
-
-        Reviewed by Oliver Hunt.
-
-        This adds new nodes along with optimizations for those nodes:
-        
-        GetPropertyStorage: CheckStructure used to do both the structure
-        check and retrieve the storage pointer. Now CheckStructure just
-        checks the structure, and GetPropertyStorage retrieves the
-        storage pointer.
-        
-        PutStructure: Changes the structure, and has the expected store
-        to load optimization with CheckStructure.
-        
-        PutByOffset: Directly sets the value. Has store to load
-        optimization with GetByOffset.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasStructure):
-        (JSC::DFG::Node::hasStorageAccessData):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::impureCSE):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
-        (JSC::DFG::Propagator::eliminate):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-30  Gavin Barraclough  <barraclough@apple.com>
-
-        StringRecursionChecker should not work in terms of EncodedJSValue
-        https://bugs.webkit.org/show_bug.cgi?id=69188
-
-        Reviewed by Oliver Hunt.
-
-        0 is not the empty value on 32_64.
-        Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::errorProtoFuncToString):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-        * runtime/StringRecursionChecker.cpp:
-        (JSC::StringRecursionChecker::throwStackOverflowError):
-        (JSC::StringRecursionChecker::emptyString):
-        * runtime/StringRecursionChecker.h:
-        (JSC::StringRecursionChecker::performCheck):
-        (JSC::StringRecursionChecker::earlyReturnValue):
-
-2011-09-30  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT, Branch on integer can always be a 32-bit compare.
-        https://bugs.webkit.org/show_bug.cgi?id=69174
-
-        Reviewed by Sam Weinig.
-
-        if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
-        the JSVALUE64 JIT will currently compare all 64bits in the register, but in
-        these cases the DataFormat is always a JS boxed integer. In these cases we
-        can just compare the low 32bits anyway - no need to check the tag.
-        This allows the code to be unified with the JSVALUE32_64 JIT.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-30  Oliver Hunt  <oliver@apple.com>
-
-        Need a sensible GGC policy
-
-        Reviewed by Geoff Garen.
-
-        This replaces the existing random collection policy
-        with a deterministic policy based on nursery size.
-
-        * heap/AllocationSpace.cpp:
-        (JSC::AllocationSpace::allocateSlowCase):
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocator):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::nurseryWaterMark):
-        (JSC::MarkedSpace::allocate):
-
-2011-09-30  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG 32-bit support for op_call and op_construct causes
-        run-javascriptcore-tests to fail
-        https://bugs.webkit.org/show_bug.cgi?id=69171
-
-        Reviewed by Gavin Barraclough.
-        
-        This fixes one obvious bug that was causing test failures (no
-        support for dummy slow case for op_add in 32_64), and disables
-        op_call and op_construct by default.        
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitSlow_op_add):
-
-2011-09-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Crash due to out of bounds read/write in MarkedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=69148
-        
-        This was a case of being surprised by a poorly aritulcated cell size limit,
-        plus an incorrect ASSERT guarding the cell size limit.
-
-        Reviewed by Oliver Hunt.
-
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive,
-        since it makes the ranges easier to understand.
-        
-        Bumped up the max cell size to support the use case in this bug. Since the
-        atomSize is much bigger than it used to be, there isn't much accounting
-        cost to handling more size classes.
-        
-        Switched to FixedArray, to help catch SizeClass indexing bugs in the future.
-
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocator):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges
-        being inclusive.
-
-2011-09-30  Pierre Rossi  <pierre.rossi@gmail.com>
-
-        [Qt] Build fix: Qt::escape is deprecated in Qt5
-        https://bugs.webkit.org/show_bug.cgi?id=69162
-
-        Use QString::toHtmlEscaped in the Qt5 case.
-
-        Reviewed by Andreas Kling.
-
-        * JavaScriptCore.pri:
-        * wtf/qt/UtilsQt.h: Added.
-        (escapeHtml):
-        * wtf/wtf.pri:
-
-2011-09-30  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Fix bug in getHostCallReturnValue of DFG JIT on X86
-        https://bugs.webkit.org/show_bug.cgi?id=69133
-
-        Reviewed by Gavin Barraclough.
-
-        We need to insert the additional argument in the stack slot before
-        return address instead of simply pushing it afterwards.
-        Also getHostCallReturnValue* should be attributed as stdcall
-        to make the stack cleaned up by the callee.
-
-        * dfg/DFGOperations.cpp:
-
-2011-09-30  Pierre Rossi  <pierre.rossi@gmail.com>
-
-        [Qt] wtf header files are unknown to Qt Creator
-        https://bugs.webkit.org/show_bug.cgi?id=69158
-
-        Adding the HEADERS variable in wtf.pri so that
-        the header files can be accessed easily.
-
-        Reviewed by Andreas Kling.
-
-        * wtf/wtf.pri:
-
-2011-09-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Merge some more of DFGSpeculativeJIT 32_64/64
-        https://bugs.webkit.org/show_bug.cgi?id=69164
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        * dfg/DFGJITCodeGenerator64.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileValueAdd):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileValueAdd):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add getCallData to MethodTable in ClassInfo
-        https://bugs.webkit.org/show_bug.cgi?id=69024
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-        Added the getCallData to the MethodTable in the ClassInfo struct.
-        * runtime/ClassInfo.h:
-
-2011-09-29  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Add op_call/op_constructor support to JSVALUE32_64 DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69120
-
-        Reviewed by Gavin Barraclough.
-
-        Improve the coverage of JSVALUE32_64 DFG JIT.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::tagOfCallData):
-        (JSC::DFG::payloadOfCallData):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-09-29  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG JIT - register not unlocked after usage in ArithDiv
-        https://bugs.webkit.org/show_bug.cgi?id=69122
-
-        Reviewed by Geoffrey Garen.
-
-        Some allocated register is not unlocked after the usage in ArithDiv. 
-        Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK".
-
-        * dfg/DFGNode.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSCell::toObject
-        https://bugs.webkit.org/show_bug.cgi?id=68937
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-        De-virtualized JSCell::toObject and changed its implementation to manually check the 
-        cases for JSString and JSObject rather than leaving it up to the virtual method call.
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toObject):
-        * runtime/JSCell.h:
-
-        Removed JSNotAnObject::toObject because the case for JSObject works for it.
-        Also removed JSObject::toObject because it was essentially the identity function,
-        which is not necessary since toObject is no longer virtual.
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSObject.h:
-
-        De-virtualized JSObject::toObject and JSString::toObject.
-        * runtime/JSString.h:
-
-2011-09-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Start refactoring DFGSpeculativeJIT
-        https://bugs.webkit.org/show_bug.cgi?id=69112
-
-        Reviewed by Oliver Hunt.
-
-        Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::ValueRecovery::dump):
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::OSRExit::dump):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-        * dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp.
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Refactor out trivially duplicated code in DFGJITCodeGenerator.
-        https://bugs.webkit.org/show_bug.cgi?id=69109
-
-        Reviewed by Oliver Hunt.
-
-        Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp
-
-        Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code
-        in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp.
-
-        For some function differences are trivial & make more sense to ifdef individually, and some
-        Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
-        (JSC::DFG::JITCodeGenerator::isKnownBoolean):
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-        (JSC::DFG::JITCodeGenerator::dump):
-        (JSC::DFG::JITCodeGenerator::checkConsistency):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        * dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp.
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::branchIfNotCell):
-        * dfg/DFGJITCompilerInlineMethods.h:
-
-2011-09-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should infer which uses of a variable are not aliased
-        https://bugs.webkit.org/show_bug.cgi?id=68593
-
-        Reviewed by Oliver Hunt.
-        
-        This separates how a variable is stored (i.e. its virtual register)
-        from how it's predicted. Each variable now takes a
-        VariableAccessData as its operand, instead of the virtual register.
-        The VariableAccessData stores the operand and the prediction. If
-        multiple uses of a variable are aliased, their VariableAccessDatas
-        are unified.
-        
-        This also adds tracking of which argument values are used. It
-        correctly observes that an argument value is not used, if the
-        argument is assigned to inside the function before being used.
-        
-        This also adds tracking of which variables are live at the head of
-        a basic block, and separates that from a variable being live at the
-        tail.
-        
-        Finally, this communicates to both OSR entry and OSR exit code how
-        a variable is predicted at a particular point in the code, rather
-        than just communicating how it was predicted in the entire code
-        block (since with this patch there is no longer the notion of a
-        variable having just one prediction for a code block).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/ActionablePrediction.h: Added.
-        (JSC::actionablePredictionFromPredictedType):
-        (JSC::valueObeysPrediction):
-        (JSC::actionablePredictionToString):
-        (JSC::ActionablePredictions::ActionablePredictions):
-        (JSC::ActionablePredictions::setArgument):
-        (JSC::ActionablePredictions::argument):
-        (JSC::ActionablePredictions::setVariable):
-        (JSC::ActionablePredictions::variable):
-        (JSC::ActionablePredictions::argumentUpperBound):
-        (JSC::ActionablePredictions::variableUpperBound):
-        (JSC::ActionablePredictions::pack):
-        (JSC::ActionablePredictions::packVector):
-        * bytecode/CodeBlock.h:
-        * bytecode/PredictionTracker.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::newVariableAccessData):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::nameOfVariableAccessData):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::operandIsArgument):
-        (JSC::DFG::VariableRecord::setFirstTime):
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::getPrediction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasVariableAccessData):
-        (JSC::DFG::Node::hasLocal):
-        (JSC::DFG::Node::variableAccessData):
-        (JSC::DFG::Node::local):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSREntry.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueSource::ValueSource):
-        (JSC::DFG::ValueSource::forPrediction):
-        (JSC::DFG::ValueSource::isSet):
-        (JSC::DFG::ValueSource::kind):
-        (JSC::DFG::ValueSource::nodeIndex):
-        (JSC::DFG::ValueSource::nodeIndexFromKind):
-        (JSC::DFG::ValueSource::kindFromNodeIndex):
-        (JSC::DFG::SpeculativeJIT::isKnownArray):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * wtf/PackedIntVector.h: Added.
-        (WTF::PackedIntVector::PackedIntVector):
-        (WTF::PackedIntVector::operator=):
-        (WTF::PackedIntVector::size):
-        (WTF::PackedIntVector::ensureSize):
-        (WTF::PackedIntVector::resize):
-        (WTF::PackedIntVector::clearAll):
-        (WTF::PackedIntVector::get):
-        (WTF::PackedIntVector::set):
-        (WTF::PackedIntVector::mask):
-        * wtf/Platform.h:
-        * wtf/UnionFind.h: Added.
-        (WTF::UnionFind::UnionFind):
-        (WTF::UnionFind::find):
-        (WTF::UnionFind::unify):
-
-2011-09-29  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        * heap/AllocationSpace.h:
-
-2011-09-29  Oliver Hunt  <oliver@apple.com>
-
-        Add logic to collect dirty objects as roots
-        https://bugs.webkit.org/show_bug.cgi?id=69100
-
-        Reviewed by Geoff Garen.
-
-        This gives us the ability to walk all the MarkedBlocks in an
-        AllocationSpace and collect the dirty objects, and then use
-        them as GC roots.
-        
-        I also rearranged the order of these instructions because it
-        makes them smaller on some platforms with some card sizes.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::markCellCard):
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::markCellCard):
-        * heap/AllocationSpace.cpp:
-           Tidy up the write barrier logic a bit.
-        (JSC::MarkedBlock::gatherDirtyObjects):
-        (JSC::TakeIfDirty::returnValue):
-        (JSC::TakeIfDirty::TakeIfDirty):
-        (JSC::TakeIfDirty::operator()):
-        (JSC::AllocationSpace::gatherDirtyObjects):
-        * heap/AllocationSpace.h:
-        * heap/CardSet.h:
-        (JSC::::isCardMarked):
-        (JSC::::clearCard):
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        (JSC::Heap::writeBarrier):
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::visitChildren):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::setDirtyObject):
-        (JSC::MarkedBlock::addressOfCardFor):
-        * heap/SlotVisitor.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitWriteBarrier):
-           Tidy the write barrier a bit.
-
-2011-09-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed windows build fix.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        * dfg/DFGOperations.h:
-
-2011-09-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure transitions involving many (> 64) properties sometimes cause structure corruption
-        https://bugs.webkit.org/show_bug.cgi?id=69102
-
-        Reviewed by Darin Adler.
-        
-        Made m_offset an int instead of a signed char. Changed the code to ensure that transitions
-        don't lead to the dictionary kind being forgotten.
-        
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/Structure.h:
-
-2011-09-29  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69058
-
-        Reviewed by Gavin Barraclough.
-
-        Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr):
-
-2011-09-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods
-        https://bugs.webkit.org/show_bug.cgi?id=68839
-
-        Reviewed by Geoffrey Garen.
-
-        Removed the remaining visitChildrenVirtual methods.  This patch completes the process of 
-        de-virtualizing visitChildren.
-
-        * API/JSCallbackObject.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.cpp:
-        * runtime/Arguments.h:
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-        * runtime/GetterSetter.cpp:
-        * runtime/GetterSetter.h:
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        * runtime/JSArray.h:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSPropertyNameIterator.cpp:
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSValue.h:
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorConstructor.h:
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpObject.h:
-        * runtime/Structure.cpp:
-        * runtime/Structure.h:
-        * runtime/StructureChain.cpp:
-        * runtime/StructureChain.h:
-
-        Inlined the method table access and call to the visitChildren function (the only call sites 
-        to visitChildren are here).
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::visitChildren):
-
-        Changed the field name for the visitChildren function pointer to visitChildren (from 
-        visitChildrenFunctionPtr) to make call sites less verbose.
-        * runtime/ClassInfo.h:
-
-        Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but 
-        overrides visitChildren, so it needs to have its own ClassInfo.
-        * runtime/JSBoundFunction.cpp:
-        * runtime/JSBoundFunction.h:
-
-        Had to move className up to make sure that the virtual destructor in JSObject wasn't 
-        the first non-inline virtual method in JSObject (as per the comment in the file).
-        Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
-        to mitigate the cost of an extra method call.
-
-        Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make 
-        call sites more concise.  Implementation is inline in JSObject.h.
-        * runtime/JSObject.h:
-        (JSC::JSCell::methodTable):
-        * runtime/JSCell.h:
-
-        Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to 
-        appease the vtable gods.  It refused to compile if there were no virtual methods in 
-        both of these classes due to the presence of a weak vtable pointer.
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::~JSWrapperObject):
-        * runtime/JSWrapperObject.h:
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::~ScopeChainNode):
-        * runtime/ScopeChain.h:
-
-2011-09-29  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=69075
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-29  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor
-        https://bugs.webkit.org/show_bug.cgi?id=69054
-
-        Reviewed by Gavin Barraclough.
-
-        size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS.
-
-        * dfg/DFGNode.h:
-
-2011-09-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG checkArgumentTypes fails to check boolean predictions
-        https://bugs.webkit.org/show_bug.cgi?id=69059
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-
-2011-09-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix pt 2 for r96286.
-
-        * assembler/MacroAssemblerCodeRef.h:
-
-2011-09-28  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Build fix attempt for r96286.
-
-        * assembler/MacroAssemblerCodeRef.h:
-
-2011-09-28  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT Operations on 32_64 should use stdcall calling convention.
-        https://bugs.webkit.org/show_bug.cgi?id=69046
-
-        Reviewed by Sam Weinig.
-
-        All calls out are expecting stdcall conventions, but the default on OS X are cdecl.
-        Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link
-        directly to std library functions like fmod - leave these calls obeying the default
-        platform calling convention.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr):
-            - Add implicit constructors for std calls.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-            - Make this work non-Mac platforms.
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationPutByValInternal):
-        * dfg/DFGOperations.h:
-            - Mark all operations as stdcalls.
-
-2011-09-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT falls back on numerical comparisons when it does not
-        recognize a prediction
-        https://bugs.webkit.org/show_bug.cgi?id=68977
-
-        Reviewed by Geoffrey Garen.
-        
-        This fixes both the way comparison implementations are selected. It
-        also fixes a bug where comparisons other than equality (like < or >)
-        on objects are compiled as if the comparison was equality.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-
-2011-09-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64
-        https://bugs.webkit.org/show_bug.cgi?id=69026
-
-        Reviewed by Sam Weinig.
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::fstpl):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-
-2011-09-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64
-        https://bugs.webkit.org/show_bug.cgi?id=69017
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-28  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64679
-        Fix bugs in Array.prototype this handling.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-            - These methods should throw if this value is undefined.
-
-2011-09-27  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Value profiling in baseline JIT for JSVALUE32_64
-        https://bugs.webkit.org/show_bug.cgi?id=68750
-
-        Reviewed by Geoff Garen.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emit_op_div):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emit_op_call_put_result):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_get_global_var):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::callWithValueProfiling):
-
-2011-09-28  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Wrong integer checks in JSVALUE32_64 DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=68985
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-09-28  Adam Barth  <abarth@webkit.org>
-
-        Remove empty directories.
-
-        * wtf/brew: Removed.
-        * wtf/unicode/brew: Removed.
-
-2011-09-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT cannot compile op_new_object, op_new_array,
-        op_new_array_buffer, or op_new_regexp
-        https://bugs.webkit.org/show_bug.cgi?id=68580
-
-        Reviewed by Oliver Hunt.
-        
-        This implements all four opcodes, but has op_new_regexp turns off
-        by default because it unveils some bad speculation logic when
-        compiling string-validate-input.
-        
-        With op_new_regexp turned off, this is a 5% win on Kraken and a
-        0.7% speed-up on V8. Neutral on SunSpider.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::callOperation):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasConstantBuffer):
-        (JSC::DFG::Node::startConstant):
-        (JSC::DFG::Node::numConstants):
-        (JSC::DFG::Node::hasRegexpIndex):
-        (JSC::DFG::Node::regexpIndex):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isKnownArray):
-
-2011-09-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should speculate more aggressively on reads of array.length
-        https://bugs.webkit.org/show_bug.cgi?id=68932
-
-        Reviewed by Oliver Hunt.
-        
-        This is a 2% speed-up on Kraken, neutral elsewhere.
-
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-27  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT - merge changes between 95905 - 96175
-        https://bugs.webkit.org/show_bug.cgi?id=68963
-
-        Reviewed by Sam Weinig.
-
-        Merge missing changes from bug#68677, bug#68784, bug#68785.
-
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Get JSVALUE32_64 DFG JIT building on OS X.
-        https://bugs.webkit.org/show_bug.cgi?id=68961
-
-        Reviewed by Geoff Garen.
-
-        * Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file).
-        * Forward-declare functions in DFGOperations.cpp
-        * UNUSED_PARAM for unused arguments
-        * NO_RETURN for unimplemented function that ASSERT_NOT_REACHED
-        * Fix argument types handled by OpInfo constructor.
-        * Use SYMBOL_STRING instead of STRINGIZE for asm symbols.
-        * Add files to Xcode project.
-
-2011-09-27  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=68755
-
-        Reviewed by Gavin Barraclough.
-
-        We need to load/store and repatch both tag and payload of a property
-        for GetById/PutById. Also reorder the loads of tag and payload for
-        GetByOffset as the result tag GPR could reuse the storage GPR.
-
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGJITCodeGenerator32_64.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addPropertyAccess):
-        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
-        * dfg/DFGJITCompiler32_64.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchByIdSelfAccess):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Macro assembler branch8 & 16 methods vary in treatment of upper bits
-        https://bugs.webkit.org/show_bug.cgi?id=68301
-
-        Reviewed by Sam Weinig.
-
-        Fix for branch16 - remove it!
-        No performance impact.
-
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        * assembler/MacroAssemblerMIPS.h:
-        * assembler/MacroAssemblerSH4.h:
-        * assembler/MacroAssemblerX86Common.h:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
-
-2011-09-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static version of JSCell::getCallData
-        https://bugs.webkit.org/show_bug.cgi?id=68741
-
-        Reviewed by Darin Adler.
-
-        In this patch we just extract the bodies of the virtual getCallData methods
-        throughout the JSCell inheritance hierarchy out into static methods, which are 
-        now called from the virtual methods.  This is an intermediate step in trying to 
-        move the virtual-ness of getCallData into our own method table stored in 
-        ClassInfo.  We need to convert the methods to static methods because static methods 
-        can be represented as function pointers rather than pointers to member functions, and
-        function pointers are smaller and faster to call than pointers to member functions.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::getCallDataVirtual):
-        (JSC::JSCallbackFunction::getCallData):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getCallDataVirtual):
-        (JSC::::getCallData):
-        * API/JSObjectRef.cpp:
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::getCallDataVirtual):
-        (JSC::ArrayConstructor::getCallData):
-        * runtime/ArrayConstructor.h:
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::getCallDataVirtual):
-        (JSC::BooleanConstructor::getCallData):
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::getCallDataVirtual):
-        (JSC::DateConstructor::getCallData):
-        * runtime/DateConstructor.h:
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
-        (JSC::StrictModeTypeErrorFunction::getCallData):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::getCallDataVirtual):
-        (JSC::ErrorConstructor::getCallData):
-        * runtime/ErrorConstructor.h:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::getCallDataVirtual):
-        (JSC::FunctionConstructor::getCallData):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::getCallDataVirtual):
-        (JSC::FunctionPrototype::getCallData):
-        * runtime/FunctionPrototype.h:
-        * runtime/InternalFunction.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getCallDataVirtual):
-        (JSC::JSCell::getCallData):
-        * runtime/JSCell.h:
-        (JSC::getCallData):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getCallDataVirtual):
-        (JSC::JSFunction::getCallData):
-        * runtime/JSFunction.h:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::toJSON):
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::getCallDataVirtual):
-        (JSC::NativeErrorConstructor::getCallData):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getCallDataVirtual):
-        (JSC::NumberConstructor::getCallData):
-        * runtime/NumberConstructor.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::getCallDataVirtual):
-        (JSC::ObjectConstructor::getCallData):
-        * runtime/ObjectConstructor.h:
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        (JSC::jsIsFunctionType):
-        * runtime/PropertySlot.cpp:
-        (JSC::PropertySlot::functionGetter):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::getCallDataVirtual):
-        (JSC::RegExpConstructor::getCallData):
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::getCallDataVirtual):
-        (JSC::StringConstructor::getCallData):
-        * runtime/StringConstructor.h:
-
-2011-09-27  Tim Horton  <timothy_horton@apple.com>
-
-        Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption
-        https://bugs.webkit.org/show_bug.cgi?id=68816
-        <rdar://problem/10186468>
-
-        Reviewed by Simon Fraser.
-        
-        Add ByteArray::clear, which zeros the memory in the ByteArray.
-
-        * wtf/ByteArray.h:
-        (WTF::ByteArray::clear): Added.
-
-2011-09-27  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r96131.
-        http://trac.webkit.org/changeset/96131
-        https://bugs.webkit.org/show_bug.cgi?id=68927
-
-        It made 18+ tests crash on all platform (Requested by
-        Ossy_night on #webkit).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        * interpreter/Interpreter.h:
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/Error.h:
-
-2011-09-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSCell::getPrimitiveNumber
-        https://bugs.webkit.org/show_bug.cgi?id=68851
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-        Changed JSCell::getPrimitiveNumber to manually handle the dispatch for 
-        JSCells (JSObject and JSString in this case).
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getPrimitiveNumber):
-        * runtime/JSCell.h:
-
-        Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't 
-        matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
-        can cover the case for JSNotAnObject.
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-
-        De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber 
-        and changed them to be const.  Also made JSString::getPrimitiveNumber public 
-        because it needs to be called from JSCell::getPrimitiveNumber and also since it's 
-        no longer virtual, we want people who have a more specific pointer (JSString* 
-        instead of JSCell*) to not have to pay the cost of a virtual method call.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPrimitiveNumber):
-        * runtime/JSObject.h:
-        * runtime/JSString.cpp:
-        (JSC::JSString::getPrimitiveNumber):
-        * runtime/JSString.h:
-
-2011-09-27  Juan Carlos Montemayor Elosua  <j.mont@me.com>
-
-        Implement Error.stack
-        https://bugs.webkit.org/show_bug.cgi?id=66994
-
-        Reviewed by Oliver Hunt.
-
-        This patch utilizes topCallFrame to create a stack trace when
-        an error is thrown. Users will also be able to use the stack()
-        command in jsc to get arrays with stack trace information.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerLine):
-        (JSC::getSourceURLFromCallFrame):
-        (JSC::getStackFrameCodeType):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::throwException):
-        * interpreter/Interpreter.h:
-        (JSC::StackFrame::toString):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (functionJSCStack):
-        * parser/Parser.h:
-        (JSC::Parser::parse):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Error.cpp:
-        (JSC::addErrorInfo):
-        * runtime/Error.h:
-
-2011-09-27  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Reorganize header files
-        https://bugs.webkit.org/show_bug.cgi?id=65616
-
-        Reviewed by Martin Robinson.
-
-        Install header files under $libwebkitgtkincludedir/JavaScriptCore.
-
-        * GNUmakefile.am: Use $libwebkitgtkincludedir.
-        * javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir.
-
-2011-09-26  Geoffrey Garen  <ggaren@apple.com>
-
-        REGRESSION (r95912): Conservative marking doesn't filter out pointers to
-        MarkedBlock metadata
-        https://bugs.webkit.org/show_bug.cgi?id=68860
-
-        Reviewed by Oliver Hunt.
-        
-        Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask
-        because the mask doesn't produce the actual atom number.
-
-        (JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good
-        enough; we also need to test that a pointer is beyond the metadata section
-        of a MarkedBlock, to avoid treating random metadata as a JSCell.
-
-2011-09-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Make JSCell::toBoolean non-virtual
-        https://bugs.webkit.org/show_bug.cgi?id=67727
-
-        Reviewed by Geoffrey Garen.
-
-        JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where 
-        before it was simply virtual and would crash if its implementation was called). 
-        Its descendants in JSObject and JSString have also been made non-virtual.  JSCell now
-        explicitly covers all cases of toBoolean, so having a virtual implementation of 
-        JSCell::toBoolean is no longer necessary.  This is part of a larger process of un-virtualizing JSCell.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        (JSC::JSCell::toBoolean):
-        (JSC::JSValue::toBoolean):
-
-2011-09-26  Chris Marrin  <cmarrin@apple.com>
-
-        Enable requestAnimationFrame on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=68397
-
-        Reviewed by Simon Fraser.
-
-        Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows
-
-        * wtf/Platform.h:
-
-2011-09-26  Noel Gordon  <noel.gordon@gmail.com>
-
-        [Chromium] Remove DFGAliasTracker.h references from gyp project files
-        https://bugs.webkit.org/show_bug.cgi?id=68787
-
-        Reviewed by Geoffrey Garen.
-
-        DFG/DFGAliasTracker.h was removed in r95389.  Cleanup (remove) references
-        to that file from the gyp project files.
-
-        * JavaScriptCore.gypi:
-
-2011-09-26  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt]REGRESSION(r95865): It made 4 tests crash
-        https://bugs.webkit.org/show_bug.cgi?id=68780
-        
-        Reviewed by Oliver Hunt.
-
-        emitJumpSlowCaseIfNotJSCell(...) cannot be moved
-        away since the next load depends on it.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-
-2011-09-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add custom vtable struct to ClassInfo struct
-        https://bugs.webkit.org/show_bug.cgi?id=68567
-
-        Reviewed by Oliver Hunt.
-
-        Declared/defined the MethodTable struct and added it to the ClassInfo struct.
-        Also defined the CREATE_METHOD_TABLE macro to generate these method tables 
-        succinctly where they need to be defined.
-
-        Also added to it the first function to use this macro, visitChildren. 
-
-        This is part of the process of getting rid of all C++ virtual methods in JSCell.  
-        Eventually all virtual functions in JSCell that can't easily be converted to 
-        non-virtual functions will be put into this custom vtable structure.
-        * runtime/ClassInfo.h:
-
-        Added the CREATE_METHOD_TABLE macro call as the last argument to each of the 
-        ClassInfo structs declared in these classes.  This saves us from having to visit 
-        each s_info definition in the future when we add more methods to the MethodTable.
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackObject.cpp:
-        * JavaScriptCore.exp:
-        * runtime/Arguments.cpp:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/BooleanObject.cpp:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateInstance.cpp:
-        * runtime/DatePrototype.cpp:
-        * runtime/ErrorInstance.cpp:
-        * runtime/ErrorPrototype.cpp:
-        * runtime/ExceptionHelpers.cpp:
-        * runtime/Executable.cpp:
-        * runtime/GetterSetter.cpp:
-        * runtime/InternalFunction.cpp:
-        * runtime/JSAPIValueWrapper.cpp:
-        * runtime/JSActivation.cpp:
-        * runtime/JSArray.cpp:
-        * runtime/JSByteArray.cpp:
-        * runtime/JSFunction.cpp:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSONObject.cpp:
-        * runtime/JSObject.cpp:
-        * runtime/JSPropertyNameIterator.cpp:
-        * runtime/JSString.cpp:
-        * runtime/MathObject.cpp:
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberObject.cpp:
-        * runtime/NumberPrototype.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/RegExp.cpp:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/ScopeChain.cpp:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringObject.cpp:
-        * runtime/StringPrototype.cpp:
-        * runtime/Structure.cpp:
-        * runtime/StructureChain.cpp:
-
-        Had to make visitChildren and visitChildrenVirtual protected instead of private
-        because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
-        visitChildren function pointer in their vtable since they don't provide their own
-        implementation. Same for RegExpObject.
-        * runtime/JSWrapperObject.h:
-        * runtime/RegExpObject.h:
-
-2011-09-25  Adam Barth  <abarth@webkit.org>
-
-        Finish removing PLATFORM(BREWMP) by removing associated code
-        https://bugs.webkit.org/show_bug.cgi?id=68779
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-        * wscript:
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMallocSize):
-        * wtf/Vector.h:
-        * wtf/brew: Removed.
-        * wtf/brew/MainThreadBrew.cpp: Removed.
-        * wtf/brew/OwnPtrBrew.cpp: Removed.
-        * wtf/brew/RefPtrBrew.h: Removed.
-        * wtf/brew/ShellBrew.h: Removed.
-        * wtf/brew/StringBrew.cpp: Removed.
-        * wtf/brew/SystemMallocBrew.h: Removed.
-        * wtf/unicode/brew: Removed.
-        * wtf/unicode/brew/UnicodeBrew.cpp: Removed.
-        * wtf/unicode/brew/UnicodeBrew.h: Removed.
-
-2011-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not count speculation successes correctly
-        https://bugs.webkit.org/show_bug.cgi?id=68785
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGOperations.cpp:
-
-2011-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG support for op_resolve_global is not enabled
-        https://bugs.webkit.org/show_bug.cgi?id=68786
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-
-2011-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG static prediction code is no longer needed and should be removed
-        https://bugs.webkit.org/show_bug.cgi?id=68784
-
-        Reviewed by Oliver Hunt.
-        
-        This gets rid of static prediction code, and ensures that we do not
-        try to compile code where dynamic predictions are not available.
-        This is accomplished by immediately performing an OSR exit wherever
-        a value is retrieved for which no predictions exist.
-        
-        This also adds value profiling for this on functions used for calls.
-        
-        The heuristics for deciding when to optimize code are also tweaked,
-        since it is now profitable to optimize sooner. This may need to be
-        tweaked further, but this patch only makes minimal changes.
-        
-        This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
-        overall win on Kraken.  It's neutral elsewhere.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        * bytecode/PredictedType.h:
-        (JSC::isCellPrediction):
-        (JSC::isObjectPrediction):
-        (JSC::isFinalObjectPrediction):
-        (JSC::isStringPrediction):
-        (JSC::isArrayPrediction):
-        (JSC::isInt32Prediction):
-        (JSC::isDoublePrediction):
-        (JSC::isNumberPrediction):
-        (JSC::isBooleanPrediction):
-        (JSC::mergePredictions):
-        * bytecode/PredictionTracker.h:
-        (JSC::PredictionTracker::predictArgument):
-        (JSC::PredictionTracker::predict):
-        (JSC::PredictionTracker::predictGlobalVar):
-        * bytecode/ValueProfile.cpp:
-        (JSC::ValueProfile::computeUpdatedPrediction):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::getPrediction):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::predictGlobalVar):
-        (JSC::DFG::Graph::getMethodCheckPrediction):
-        (JSC::DFG::Graph::getJSConstantPrediction):
-        (JSC::DFG::Graph::getPrediction):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-        (JSC::DFG::JITCodeGenerator::emitBranch):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::getPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::valueOfJSConstantNode):
-        (JSC::DFG::Node::isInt32Constant):
-        (JSC::DFG::Node::isDoubleConstant):
-        (JSC::DFG::Node::isNumberConstant):
-        (JSC::DFG::Node::isBooleanConstant):
-        (JSC::DFG::Node::predict):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::Propagator):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::isPredictedNumerical):
-        (JSC::DFG::Propagator::logicalNotIsPure):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
-        (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2011-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT Construct opcode takes a this argument even though it's
-        not passed
-        https://bugs.webkit.org/show_bug.cgi?id=68782
-
-        Reviewed by Oliver Hunt.
-        
-        This is performance-neutral, mostly. It's a slight speed-up on
-        v8-splay.
-        
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addCall):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG tracking of the value in cachedResultRegister does not handle
-        op_mov correctly
-        https://bugs.webkit.org/show_bug.cgi?id=68781
-
-        Reviewed by Oliver Hunt.
-        
-        This takes the simplest approach: it makes the old JIT dumber rather
-        than making the DFG JIT smarter. This is performance-neutral.
-
-        * jit/JIT.h:
-        (JSC::JIT::canBeOptimized):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_mov):
-
-2011-09-25  Adam Barth  <abarth@webkit.org>
-
-        Remove PLATFORM(HAIKU) and associated code
-        https://bugs.webkit.org/show_bug.cgi?id=68774
-
-        Reviewed by Sam Weinig.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-        * heap/MachineStackMarker.cpp:
-        * wtf/PageAllocation.h:
-        * wtf/Platform.h:
-        * wtf/StackBounds.cpp:
-        * wtf/haiku: Removed.
-        * wtf/haiku/MainThreadHaiku.cpp: Removed.
-        * wtf/haiku/StringHaiku.cpp: Removed.
-        * wtf/text/WTFString.h:
-
-2011-09-24  Adam Barth  <abarth@webkit.org>
-
-        Always enable ENABLE(OFFLINE_WEB_APPLICATIONS)
-        https://bugs.webkit.org/show_bug.cgi?id=68767
-
-        Reviewed by Eric Seidel.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-24  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT implementation of put_by_val increments m_length instead of setting
-        it to index+1
-        https://bugs.webkit.org/show_bug.cgi?id=68766
-
-        Reviewed by Geoffrey Garen.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-
-2011-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        More build fixage.
-
-        * heap/ConservativeRoots.cpp: Our system of #includes, it is chaos.
-
-2011-09-24  Filip Pizlo  <fpizlo@apple.com>
-
-        The DFG should not attempt to guess types in the absence of value
-        profiles
-        https://bugs.webkit.org/show_bug.cgi?id=68677
-
-        Reviewed by Oliver Hunt.
-        
-        This adds the ForceOSRExit node, which is ignored by the propagator
-        and virtual register allocator (and hence ensuring that liveness analysis
-        works correctly), but forces terminateSpeculativeExecution() in the
-        back-end. This appears to be a slight speed-up on benchmark averages,
-        with ~5% swings on individual benchmarks, in both directions. But it's
-        never a regression on any average, and appears to be a ~1% progression
-        in the SunSpider average.
-        
-        This also adds a bit better debugging support in the old JIT and in DFG,
-        as this was necessary to debug the much more frequent OSR transitions
-        that occur with this change.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::getStrongPrediction):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-
-2011-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Some Windows build fixage.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isLive): Show the compiler that all control paths
-        return a value. There, there, compiler. Everything's going to be OK.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::setVPtr): Oops! Unrename this function.
-
-2011-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Allocate new objects unmarked
-        https://bugs.webkit.org/show_bug.cgi?id=68764
-
-        Reviewed by Oliver Hunt.
-        
-        This is a pre-requisite to using the mark bit to determine object age.
-
-        ~2% v8 speedup, mostly due to a 12% v8-splay speedup.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isLive):
-        (JSC::MarkedBlock::isLiveCell): These two functions are the reason for
-        this patch. They can now determine object liveness without relying on
-        newly allocated objects having their mark bits set. Each MarkedBlock
-        now has a state variable that tells us how to determine whether its
-        cells are live. (This new state variable supercedes the old one about
-        destructor state. The rest of this patch is just refactoring to support
-        the invariants of this new state variable without introducing a
-        performance regression.)
-
-        (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
-        state when a block becomes fully allocated.
-
-        (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
-        this function because, logically, clearing all mark bits is the first
-        step in saying "mark bits now exactly reflect object liveness".
-
-        (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
-        that this function only tells you about the mark bits, so it's only
-        meaningful if you've put the mark bits into a meaningful state before
-        calling it.
-
-        (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
-        instead of testing mark bits, since mark bits are not always the right
-        way to find out if an object is live anymore. (New objects are live, but
-        not marked.)
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::recycle):
-        (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
-        initialization when recycling an old block -- into the MarkedBlock
-        constructor, for simplicity.
-
-        (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
-        a zapped cell before running a destructor, and always zap after
-        running a destructor. This does not seem to be expensive, and the
-        alternative just creates a too-confusing matrix of possible cell states
-        ((zombie undestructed cell + zombie destructed cell + zapped destructed
-        cell) * 5! permutations for progressing through block states = "Oh my!").
-
-        (JSC::MarkedBlock::specializedSweep):
-        (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
-        optimization to use template specialization to constant fold lots of
-        branches and elide certain operations entirely during a sweep. Merged
-        four or five functions that were logically about sweeping into this one
-        function pair, so there's only one way to do things now, it's
-        automatically correct, and it's always fast.
-
-        (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
-        about exactly what it does, and to honor the new block state system.
-
-        * heap/AllocationSpace.cpp:
-        (JSC::AllocationSpace::allocateBlock): Updated for rename.
-
-        (JSC::AllocationSpace::freeBlocks): Updated for changed interface.
-
-        (JSC::TakeIfUnmarked::TakeIfUnmarked):
-        (JSC::TakeIfUnmarked::operator()):
-        (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
-        to clarify that this functor only tests the mark bits, so it's only
-        valid if you've put the mark bits into a meaningful state before
-        calling it.
-        
-        (JSC::AllocationSpace::shrink): Updated for rename.
-
-        * heap/AllocationSpace.h:
-        (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
-        little more specific about what we're making canonical.
-
-        (JSC::AllocationSpace::forEachCell): Updated for rename.
-
-        (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
-        liveness data before iterating blocks -- clients that want iterated
-        blocks to have valid cell lieveness data should make this call for
-        themselves. (And not all clients want it.)
-
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
-        obsolete comment.
-
-        * heap/Heap.cpp:
-        (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
-        because clearMarks() now does that implicitly.
-
-        (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
-        tear-down tests cell liveness when running destructors.
-
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
-        and into collect, since it strictly depends on root marking, and does
-        not contribute to root marking.
-
-        (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
-        specific about what we're making canonical.
-
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
-        data before iterating protected cells, since we know they're all live,
-        and don't need to test for it.
-
-        * heap/Local.h:
-        (JSC::::set): Can't make the same ASSERT we used to because we just don't
-        have the mark bits for it anymore. Perhaps we can bring this ASSERT back
-        in a weaker form in the future.
-
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::addBlock):
-        (JSC::MarkedSpace::removeBlock): Updated for interface change.
-        (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
-        specific about what we're making canonical.
-
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::SizeClass::SizeClass):
-        (JSC::MarkedSpace::SizeClass::resetAllocator):
-        (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
-        functionality a bit. We now track only one block -- "currentBlock" --
-        and rely on its internal state to know whether it has more cells to
-        allocate.
-
-        * heap/Weak.h:
-        (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
-        have the mark bits for it anymore. Perhaps we can bring this ASSERT back
-        in a weaker form in the future.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::vptr):
-        (JSC::JSCell::zap):
-        (JSC::JSCell::isZapped):
-        (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
-        In the future, exactly how a JSCell zaps itself will change, as the
-        internal representation of JSCell changes.
-
-2011-09-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should not eagerly initialize integer tags in the register file
-        https://bugs.webkit.org/show_bug.cgi?id=68763
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueRecovery::dump):
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
-        (JSC::DFG::OSRExit::operandForArgument):
-        (JSC::DFG::OSRExit::operandForIndex):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-
-2011-09-23  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Add JSVALUE32_64 support to DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=67460
-
-        Reviewed by Gavin Barraclough.
-
-        This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
-        It's tested on IA32 Linux EFL port currently. It still cannot run
-        all the test cases and benchmarks so should be turned off now.
-        
-        The major work includes:
-        1) dealing with JSVALUE32_64 data format in DFG JIT;
-        2) bindings between 64-bit JS Value and 32-bit registers;
-        3) handling of function calls. Currently for DFG operation function
-        calls we follow the X86 cdecl calling convention on Linux, and the
-        implementation is in a naive way by pushing the arguments into stack
-        one by one.
-        
-        The known issues include:
-        1) some code duplicates unnecessarily, especially in Speculative JIT
-        code generation, where most of the operations on SpeculataInteger /
-        SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
-        is needed in the future;
-        2) lack of op_call and op_construct support, comparing to current
-        JSVALUE64 DFG;
-        3) currently integer speculations assume to be StrictInt32;
-        4) lack of JSBoolean speculations;
-        5) boxing and unboxing doubles could be improved;
-        6) DFG X86 register description is different with the baseline JIT,
-        the timeoutCheckRegister is used for general purpose usage;
-        7) calls to runtime functions with primitive double parameters (e.g.
-        fmod) don't work. Support needs to be added to the assembler to
-        implement the mechanism of passing double parameters for X86 cdecl
-        convention.
-        
-        And there should be many other hidden bugs which should be exposed and
-        resolved in later debugging process.
-
-        * CMakeListsEfl.txt:
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::loadDouble):
-        (JSC::MacroAssemblerX86::storeDouble):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movsd_rm):
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::GPRInfo::toRegister):
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::needDataFormatConversion):
-        (JSC::DFG::GenerationInfo::initJSValue):
-        (JSC::DFG::GenerationInfo::initDouble):
-        (JSC::DFG::GenerationInfo::gpr):
-        (JSC::DFG::GenerationInfo::tagGPR):
-        (JSC::DFG::GenerationInfo::payloadGPR):
-        (JSC::DFG::GenerationInfo::fpr):
-        (JSC::DFG::GenerationInfo::fillJSValue):
-        (JSC::DFG::GenerationInfo::fillCell):
-        (JSC::DFG::GenerationInfo::fillDouble):
-        * dfg/DFGJITCodeGenerator.cpp:
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::allocate):
-        (JSC::DFG::JITCodeGenerator::use):
-        (JSC::DFG::JITCodeGenerator::registersMatched):
-        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
-        (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
-        (JSC::DFG::JITCodeGenerator::boxDouble):
-        (JSC::DFG::JITCodeGenerator::unboxDouble):
-        (JSC::DFG::JITCodeGenerator::spill):
-        (JSC::DFG::addressOfDoubleConstant):
-        (JSC::DFG::integerResult):
-        (JSC::DFG::jsValueResult):
-        (JSC::DFG::setupResults):
-        (JSC::DFG::callOperation):
-        (JSC::JSValueOperand::JSValueOperand):
-        (JSC::JSValueOperand::~JSValueOperand):
-        (JSC::JSValueOperand::isDouble):
-        (JSC::JSValueOperand::fill):
-        (JSC::JSValueOperand::tagGPR):
-        (JSC::JSValueOperand::payloadGPR):
-        (JSC::JSValueOperand::fpr):
-        (JSC::GPRTemporary::~GPRTemporary):
-        (JSC::GPRTemporary::gpr):
-        (JSC::GPRResult2::GPRResult2):
-        * dfg/DFGJITCodeGenerator32_64.cpp: Added.
-        (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::fillStorage):
-        (JSC::DFG::JITCodeGenerator::useChildren):
-        (JSC::DFG::JITCodeGenerator::isStrictInt32):
-        (JSC::DFG::JITCodeGenerator::isKnownInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownNumeric):
-        (JSC::DFG::JITCodeGenerator::isKnownCell):
-        (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
-        (JSC::DFG::JITCodeGenerator::isKnownBoolean):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        (JSC::DFG::JITCodeGenerator::cachedGetMethod):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
-        (JSC::DFG::JITCodeGenerator::emitBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        (JSC::DFG::JITCodeGenerator::speculationCheck):
-        (JSC::DFG::dataFormatString):
-        (JSC::DFG::JITCodeGenerator::dump):
-        (JSC::DFG::JITCodeGenerator::checkConsistency):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        * dfg/DFGJITCompiler.cpp:
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::tagForGlobalVar):
-        (JSC::DFG::JITCompiler::payloadForGlobalVar):
-        (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
-        (JSC::DFG::JITCompiler::addressOfDoubleConstant):
-        (JSC::DFG::JITCompiler::boxDouble):
-        (JSC::DFG::JITCompiler::unboxDouble):
-        (JSC::DFG::JITCompiler::addPropertyAccess):
-        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
-        * dfg/DFGJITCompiler32_64.cpp: Added.
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::fillInt32ToInteger):
-        (JSC::DFG::JITCompiler::fillToJS):
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        (JSC::DFG::JITCompiler::jitAssertIsInt32):
-        (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
-        (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
-        (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
-        (JSC::DFG::JITCompiler::jitAssertIsCell):
-        (JSC::DFG::JITCompiler::emitCount):
-        (JSC::DFG::JITCompiler::setSamplingFlag):
-        (JSC::DFG::JITCompiler::clearSamplingFlag):
-        * dfg/DFGJITCompilerInlineMethods.h: Added.
-        (JSC::DFG::JITCompiler::emitLoadTag):
-        (JSC::DFG::JITCompiler::emitLoadPayload):
-        (JSC::DFG::JITCompiler::emitLoad):
-        (JSC::DFG::JITCompiler::emitLoad2):
-        (JSC::DFG::JITCompiler::emitLoadDouble):
-        (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
-        (JSC::DFG::JITCompiler::emitStore):
-        (JSC::DFG::JITCompiler::emitStoreInt32):
-        (JSC::DFG::JITCompiler::emitStoreCell):
-        (JSC::DFG::JITCompiler::emitStoreBool):
-        (JSC::DFG::JITCompiler::emitStoreDouble):
-        * dfg/DFGNode.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryCachePutByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueRecovery::inGPR):
-        (JSC::DFG::ValueRecovery::inPair):
-        (JSC::DFG::ValueRecovery::tagGPR):
-        (JSC::DFG::ValueRecovery::payloadGPR):
-        * dfg/DFGSpeculativeJIT32_64.cpp: Added.
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::ValueRecovery::dump):
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::OSRExit::dump):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::convertToDouble):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * runtime/JSValue.h:
-
-2011-09-23  Filip Pizlo  <fpizlo@apple.com>
-
-        wtf/BitVector.h has a variety of bugs which manifest when the
-        vector grows beyond 63 bits
-        https://bugs.webkit.org/show_bug.cgi?id=68746
-
-        Reviewed by Oliver Hunt.
-        
-        Out-of-lined slow path code in BitVector so that not every user
-        of CodeBlock ends up having to compile it. Fixed a variety of
-        index computation and size computation bugs.
-        
-        I have not seen these issues manifest themselves, but they are
-        blocking a patch that uses BitVector more aggressively.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/BitVector.cpp: Added.
-        (BitVector::BitVector):
-        (BitVector::operator=):
-        (BitVector::resize):
-        (BitVector::clearAll):
-        (BitVector::OutOfLineBits::create):
-        (BitVector::OutOfLineBits::destroy):
-        (BitVector::resizeOutOfLine):
-        * wtf/BitVector.h:
-        (WTF::BitVector::ensureSize):
-        (WTF::BitVector::get):
-        (WTF::BitVector::set):
-        (WTF::BitVector::clear):
-        (WTF::BitVector::byteCount):
-        (WTF::BitVector::OutOfLineBits::numWords):
-        (WTF::BitVector::OutOfLineBits::bits):
-        (WTF::BitVector::outOfLineBits):
-        * wtf/CMakeLists.txt:
-        * wtf/wtf.pri:
-
-2011-09-23  Adam Klein  <adamk@chromium.org>
-
-        Add ENABLE_MUTATION_OBSERVERS feature flag
-        https://bugs.webkit.org/show_bug.cgi?id=68732
-
-        Reviewed by Ojan Vafai.
-
-        This flag will guard an implementation of the "Mutation Observers" proposed in
-        http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        De-virtualize JSCell::getJSNumber
-        https://bugs.webkit.org/show_bug.cgi?id=68651
-
-        Reviewed by Oliver Hunt.
-
-        Added a new JSType to check whether or not something is a 
-        NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not 
-        currently a better way to determine whether something is indeed a NumberObject.
-        Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo 
-        for whether the object is a NumberObject or not.  This patch is part of 
-        the larger process of de-virtualizing JSCell.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getJSNumber):
-        * runtime/JSCell.h:
-        (JSC::JSValue::getJSNumber):
-        * runtime/JSType.h:
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::isNumberObject):
-        * runtime/JSValue.h:
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::getJSNumber):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::createStructure):
-
-2011-09-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Resolve opcodes should have value profiling.
-        https://bugs.webkit.org/show_bug.cgi?id=68723
-
-        Reviewed by Oliver Hunt.
-        
-        This adds value profiling to all forms of op_resolve in the
-        old JIT, and patches that information into the DFG along with
-        performing the appropriate type propagation.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::resolveGlobalDataIndex):
-        (JSC::DFG::Node::hasPrediction):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::callWithValueProfiling):
-
-2011-09-23  Oliver Hunt  <oliver@apple.com>
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Strict mode does not work in non-trivial nested functions.
-        https://bugs.webkit.org/show_bug.cgi?id=68740
-
-        Reviewed by Oliver Hunt.
-
-        Function-info caching does not preserve all state that it should.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::saveFunctionInfo):
-        (JSC::JSParser::Scope::restoreFunctionInfo):
-        (JSC::JSParser::parseFunctionInfo):
-        * parser/SourceProviderCacheItem.h:
-
-2011-09-23  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED
-        https://bugs.webkit.org/show_bug.cgi?id=68724
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-09-23  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-09-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG implementation of PutScopedVar corrupts register allocation
-        https://bugs.webkit.org/show_bug.cgi?id=68735
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-23  Oliver Hunt  <oliver@apple.com>
-
-        Make write barriers actually do something when enabled
-        https://bugs.webkit.org/show_bug.cgi?id=68717
-
-        Reviewed by Geoffrey Garen.
-
-        Add a basic card marking style write barrier to JSC (currently
-        turned off).  This requires two scratch registers in the JIT
-        so there was some register re-arranging to satisfy that requirement.
-        Happily this produced a minor perf bump in sunspider (~0.5%).
-
-        Turning the barriers on causes an overall regression of around 1.5%
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::store8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movb_i8m):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownNotCell):
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-        (JSC::DFG::JITCodeGenerator::markCellCard):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCachePutByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/CardSet.h: Added.
-        (JSC::CardSet::CardSet):
-        (JSC::::cardForAtom):
-        (JSC::::cardMarkedForAtom):
-        (JSC::::markCardForAtom):
-        * heap/Heap.cpp:
-        * heap/Heap.h:
-        (JSC::Heap::addressOfCardFor):
-        (JSC::Heap::writeBarrierFastCase):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::setDirtyObject):
-        (JSC::MarkedBlock::addressOfCardFor):
-        (JSC::MarkedBlock::offsetOfCards):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emitWriteBarrier):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_put_global_var):
-
-2011-09-23  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=68077
-        SH4 assemblers doesn't refer to executable memory handle.
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branch8):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::executableCopy):
-
-2011-09-23  Oliver Hunt  <oliver@apple.com>
-
-        PutScopedVar nodes should report that it has a var number
-        https://bugs.webkit.org/show_bug.cgi?id=68721
-
-        Reviewed by Anders Carlsson.
-
-        Another assertion fix.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasVarNumber):
-
-2011-09-23  Oliver Hunt  <oliver@apple.com>
-
-        Add a bunch of unhandled node types to the propagator
-        https://bugs.webkit.org/show_bug.cgi?id=68716
-
-        Reviewed by Darin Adler.
-
-        Remove the ASSERT_NOT_REACHED() default for debug builds in the
-        prediction propagator, this way unhandled nodes will just cause
-        compile time failures rather than failing at some point in the
-        future.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-09-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add static version of JSCell::visitChildren
-        https://bugs.webkit.org/show_bug.cgi?id=68404
-
-        Reviewed by Darin Adler.
-
-        In this patch we just extract the bodies of the virtual visitChildren methods
-        throughout the JSCell inheritance hierarchy out into static methods, which are 
-        now called from the virtual methods.  This is an intermediate step in trying to 
-        move the virtual-ness of visitChildren into our own custom vtable stored in 
-        ClassInfo.  We need to convert the methods to static methods in order to be 
-        able to more easily store and refer to them in our custom vtable since normal 
-        member methods store some implicit information in their types, making it 
-        impossible to store them generically in ClassInfo.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::visitChildrenVirtual):
-        (JSC::JSCallbackObject::visitChildren):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::visitChildrenVirtual):
-        (JSC::DebuggerActivation::visitChildren):
-        * debugger/DebuggerActivation.h:
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::visitChildren):
-        (JSC::SlotVisitor::drain):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildrenVirtual):
-        (JSC::Arguments::visitChildren):
-        * runtime/Arguments.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::visitChildrenVirtual):
-        (JSC::EvalExecutable::visitChildren):
-        (JSC::ProgramExecutable::visitChildrenVirtual):
-        (JSC::ProgramExecutable::visitChildren):
-        (JSC::FunctionExecutable::visitChildrenVirtual):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/Executable.h:
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::visitChildrenVirtual):
-        (JSC::GetterSetter::visitChildren):
-        * runtime/GetterSetter.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildrenVirtual):
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildrenVirtual):
-        (JSC::JSArray::visitChildren):
-        * runtime/JSArray.h:
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::visitChildrenVirtual):
-        (JSC::JSBoundFunction::visitChildren):
-        * runtime/JSBoundFunction.h:
-        * runtime/JSCell.h:
-        (JSC::JSCell::visitChildrenVirtual):
-        (JSC::JSCell::visitChildren):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::visitChildrenVirtual):
-        (JSC::JSFunction::visitChildren):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildrenVirtual):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildrenVirtual):
-        (JSC::JSObject::visitChildren):
-        * runtime/JSObject.h:
-        (JSC::JSObject::visitChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildrenVirtual):
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::visitChildrenVirtual):
-        (JSC::JSStaticScopeObject::visitChildren):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::visitChildrenVirtual):
-        (JSC::JSWrapperObject::visitChildren):
-        * runtime/JSWrapperObject.h:
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::visitChildrenVirtual):
-        (JSC::NativeErrorConstructor::visitChildren):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::visitChildrenVirtual):
-        (JSC::RegExpObject::visitChildren):
-        * runtime/RegExpObject.h:
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::visitChildrenVirtual):
-        (JSC::ScopeChainNode::visitChildren):
-        * runtime/ScopeChain.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildrenVirtual):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::visitChildrenVirtual):
-        (JSC::StructureChain::visitChildren):
-        * runtime/StructureChain.h:
-
-2011-09-23  Oliver Hunt  <oliver@apple.com>
-
-        Node propagation doesn't handle PutScopedVar
-        https://bugs.webkit.org/show_bug.cgi?id=68713
-
-        Reviewed by Sam Weinig.
-
-        This was causing assertion failures.
-
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-
-2011-09-23  Anders Carlsson  <andersca@apple.com>
-
-        Make sure to define OVERRIDE and FINAL for older builds of clang.
-
-        * wtf/Compiler.h:
-
-2011-09-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement op_resolve_global in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=68704
-
-        Reviewed by Oliver Hunt.
-
-        This is performance neutral, but increases coverage.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::resolveInfoIndex):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-23  Mark Rowe  <mrowe@apple.com>
-
-        Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h.
-
-        * wtf/Platform.h:
-
-2011-09-22  Anders Carlsson  <andersca@apple.com>
-
-        We should add support for OVERRIDE and FINAL annotations
-        https://bugs.webkit.org/show_bug.cgi?id=68654
-
-        Reviewed by David Hyatt.
-
-        Add OVERRIDE and FINAL macros for compilers that support them.
-
-        * wtf/Compiler.h:
-
-2011-09-22  Filip Pizlo  <fpizlo@apple.com>
-
-        GetScopedVar should have value profiling
-        https://bugs.webkit.org/show_bug.cgi?id=68676
-
-        Reviewed by Oliver Hunt.
-        
-        Added GetScopedVar value profiling and predictin propagation.
-        Added GetScopeChain to CSE.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasPrediction):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::getScopeChainLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-
-2011-09-22  Filip Pizlo  <fpizlo@apple.com>
-
-        PPC build fix, part 3.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-09-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Another PPC build fix.
-
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-
-2011-09-22  Dean Jackson  <dino@apple.com>
-
-        Add ENABLE_CSS_FILTERS
-        https://bugs.webkit.org/show_bug.cgi?id=68652
-
-        Reviewed by Simon Fraser.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Incorrect this value passed to callbacks.
-        https://bugs.webkit.org/show_bug.cgi?id=68668
-
-        Reviewed by Oliver Hunt.
-
-        From Array/String prototype function.  Should be undefined, but
-        global object is passed instead (this is visible for strict callbacks).
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        * runtime/JSArray.cpp:
-        (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
-        (JSC::JSArray::sort):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-
-2011-09-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Function.prototype.bind.length shoudl be 1.
-
-        Rubber stamped by Olier Hunt.
-
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-
-2011-09-22  Filip Pizlo  <fpizlo@apple.com>
-
-        PPC build fix.
-
-        * bytecode/CodeBlock.h:
-
-2011-09-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix pt. 2
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix pt. 1
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not support to_primitive or strcat
-        https://bugs.webkit.org/show_bug.cgi?id=68582
-
-        Reviewed by Darin Adler.
-        
-        This adds functional support for to_primitive and strcat. It focuses
-        on minimizing the amount of code emitted on to_primitive (if we know
-        that it is a primitive or can speculate cheaply, then we omit the
-        slow path) and on keeping the implementation of strcat simple while
-        leveraging whatever optimizations we have already. In particular,
-        unlike the Call and Construct nodes which require extending the size
-        of the DFG's callee registers, StrCat takes advantage of the fact
-        that no JS code can run while StrCat is in progress and uses a
-        scratch buffer, rather than the register file, to store the list of
-        values to concatenate. This was done mainly to keep the code simple,
-        but there are probably other benefits to keeping call frame sizes
-        down. Essentially, this patch ensures that the presence of an
-        op_strcat does not mess up any other optimizations we might do while
-        ensuring that if you do execute it, it'll work about as well as you'd
-        expect.
-        
-        When combined with the previous patch for integer division, this is a
-        14% speed-up on Kraken. Without it, it would have been a 2% loss.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::callOperation):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        * dfg/DFGNode.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::scratchBufferForSize):
-
-2011-09-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should support integer division
-        https://bugs.webkit.org/show_bug.cgi?id=68597
-
-        Reviewed by Darin Adler.
-        
-        This adds support for ArithDiv speculating integer, and speculating
-        that the result is integer (i.e. remainder = 0).
-        
-        This is a 4% win on Kraken and a 1% loss on V8.
-
-        * bytecode/CodeBlock.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasArithNodeFlags):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_div):
-
-2011-09-22  Oliver Hunt  <oliver@apple.com>
-
-        Implement put_scoped_var in the DFG jit
-        https://bugs.webkit.org/show_bug.cgi?id=68653
-
-        Reviewed by Gavin Barraclough.
-
-        Naive implementation of put_scoped_var.  Same story as the
-        get_scoped_var implementation, although I've hoisted scope
-        object acquisition into a separate dfg node.  Ideally in the
-        future we would reuse the resolved scope chain object, but
-        for now we don't.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasScopeChainDepth):
-        (JSC::DFG::Node::scopeChainDepth):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Implement Function.prototype.bind
-        https://bugs.webkit.org/show_bug.cgi?id=26382
-
-        Reviewed by Sam Weinig.
-
-        This patch provides a basic functional implementation
-        for Function.bind. It should (hopefully!) be fully
-        functionally correct, and the bound functions can be
-        called to quickly (since they are a subclass of
-        JSFunction, not InternalFunction), but we'll probably
-        want to follow up with some optimization work to keep
-        bound calls in JIT code.
-
-        * JavaScriptCore.JSVALUE32_64only.exp:
-        * JavaScriptCore.JSVALUE64only.exp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * jsc.cpp:
-        (GlobalObject::addFunction):
-        * runtime/CommonIdentifiers.h:
-        * runtime/ConstructData.h:
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::NativeExecutable):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-        (JSC::functionProtoFuncBind):
-        * runtime/FunctionPrototype.h:
-        * runtime/JSBoundFunction.cpp: Added.
-        (JSC::boundFunctionCall):
-        (JSC::boundFunctionConstruct):
-        (JSC::JSBoundFunction::create):
-        (JSC::JSBoundFunction::hasInstance):
-        (JSC::JSBoundFunction::getOwnPropertySlot):
-        (JSC::JSBoundFunction::getOwnPropertyDescriptor):
-        (JSC::JSBoundFunction::JSBoundFunction):
-        (JSC::JSBoundFunction::finishCreation):
-        * runtime/JSBoundFunction.h: Added.
-        (JSC::JSBoundFunction::targetFunction):
-        (JSC::JSBoundFunction::boundThis):
-        (JSC::JSBoundFunction::boundArgs):
-        (JSC::JSBoundFunction::createStructure):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::create):
-        (JSC::JSFunction::finishCreation):
-        (JSC::createDescriptorForThrowingProperty):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::boundFunctionStructure):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-
-2011-09-22  Oliver Hunt  <oliver@apple.com>
-
-        Implement get_scoped_var in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=68640
-
-        Reviewed by Gavin Barraclough.
-
-        Naive implementation of get_scoped_var in the DFG.  Essentially this
-        is the bare minimum required to get correct behaviour, so there's no
-        load/store coalescing or type profiling involved, even though these
-        would be wins.  No impact on SunSpider or V8.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasVarNumber):
-        (JSC::DFG::Node::hasScopeChainDepth):
-        (JSC::DFG::Node::scopeChainDepth):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-22  Adam Roben  <aroben@apple.com>
-
-        Remove FindSafari from all our .sln files
-
-        It isn't used anymore, so there's no point in building it.
-
-        Part of <http://webkit.org/b/68628> Remove FindSafari
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-
-2011-09-22  Filip Pizlo  <fpizlo@apple.com>
-
-        32-bit call code clobbers the function cell tag
-        https://bugs.webkit.org/show_bug.cgi?id=68606
-
-        Reviewed by Csaba Osztrogonác.
-        
-        This is a minimalistic fix: it simply emits code to restore the
-        cell tag on the slow path, if we know that we failed due to
-        emitCallIfNotType.
-
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallVarargsSlowCase):
-        (JSC::JIT::compileOpCallSlowCase):
-
-2011-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Add missing addPtr->add32 mapping for X86.
-
-        Rubber stamped by Sam Weinig.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addPtr):
-
-2011-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Add missing addDouble for AbsoluteAddress to X86
-
-        Rubber stamped by Geoff Garen.
-
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::addDouble):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::addsd_mr):
-        (JSC::X86Assembler::cvtsi2sd_rr):
-        (JSC::X86Assembler::cvtsi2sd_mr):
-
-2011-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix following fix for bug #68586.
-
-        * jit/JIT.cpp:
-        * jit/JITInlineMethods.h:
-
-2011-09-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should be able to compile op_throw
-        https://bugs.webkit.org/show_bug.cgi?id=68571
-
-        Reviewed by Geoffrey Garen.
-        
-        This compiles op_throw in the simplest way possible: it's an OSR
-        point back to the old JIT. This is a good step towards increasing
-        coverage, particularly on Kraken, but it's neutral because the
-        same functions that do throw also use some other unsupported
-        opcodes.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should support continuous optimization
-        https://bugs.webkit.org/show_bug.cgi?id=68329
-
-        Reviewed by Geoffrey Garen.
-        
-        This adds the ability to reoptimize a code block if speculation
-        failures happen frequently. 6% speed-up on Kraken, 1% slow-down
-        on V8, neutral on SunSpider.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::ProgramCodeBlock::jettison):
-        (JSC::EvalCodeBlock::jettison):
-        (JSC::FunctionCodeBlock::jettison):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getStrongPrediction):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSREntry.h:
-        (JSC::DFG::getOSREntryDataBytecodeIndex):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::ConservativeRoots):
-        (JSC::ConservativeRoots::~ConservativeRoots):
-        (JSC::DummyMarkHook::mark):
-        (JSC::ConservativeRoots::genericAddPointer):
-        (JSC::ConservativeRoots::genericAddSpan):
-        (JSC::ConservativeRoots::add):
-        * heap/ConservativeRoots.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::addJettisonCodeBlock):
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        * heap/JettisonedCodeBlocks.cpp: Added.
-        (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks):
-        (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks):
-        (JSC::JettisonedCodeBlocks::addCodeBlock):
-        (JSC::JettisonedCodeBlocks::clearMarks):
-        (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks):
-        (JSC::JettisonedCodeBlocks::traceCodeBlocks):
-        * heap/JettisonedCodeBlocks.h: Added.
-        (JSC::JettisonedCodeBlocks::mark):
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::gatherConservativeRoots):
-        * interpreter/RegisterFile.h:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Executable.cpp:
-        (JSC::jettisonCodeBlock):
-        (JSC::EvalExecutable::jettisonOptimizedCode):
-        (JSC::ProgramExecutable::jettisonOptimizedCode):
-        (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
-        (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
-        * wtf/BitVector.h: Added.
-        (WTF::BitVector::BitVector):
-        (WTF::BitVector::~BitVector):
-        (WTF::BitVector::operator=):
-        (WTF::BitVector::size):
-        (WTF::BitVector::ensureSize):
-        (WTF::BitVector::resize):
-        (WTF::BitVector::clearAll):
-        (WTF::BitVector::get):
-        (WTF::BitVector::set):
-        (WTF::BitVector::clear):
-        (WTF::BitVector::bitsInPointer):
-        (WTF::BitVector::maxInlineBits):
-        (WTF::BitVector::byteCount):
-        (WTF::BitVector::makeInlineBits):
-        (WTF::BitVector::OutOfLineBits::numBits):
-        (WTF::BitVector::OutOfLineBits::numWords):
-        (WTF::BitVector::OutOfLineBits::bits):
-        (WTF::BitVector::OutOfLineBits::create):
-        (WTF::BitVector::OutOfLineBits::destroy):
-        (WTF::BitVector::OutOfLineBits::OutOfLineBits):
-        (WTF::BitVector::isInline):
-        (WTF::BitVector::outOfLineBits):
-        (WTF::BitVector::resizeOutOfLine):
-        (WTF::BitVector::bits):
-
-2011-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Add X86 GPRInfo for DFG JIT.
-        https://bugs.webkit.org/show_bug.cgi?id=68586
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::GPRInfo::toRegister):
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-
-2011-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Should support value profiling on CPU(X86)
-        https://bugs.webkit.org/show_bug.cgi?id=68575
-
-        Reviewed by Sam Weinig.
-
-        Fix verbose profiling in ToT (SlowCaseProfile had been
-        partially renamed to RareCaseProfile), add in-memory
-        bucket counter for CPU(X86), move JIT::m_canBeOptimized
-        out of the DFG_JIT ifdef.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::resetRareCaseProfiles):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-
-2011-09-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG does not support compiling functions as constructors
-        https://bugs.webkit.org/show_bug.cgi?id=68500
-
-        Reviewed by Oliver Hunt.
-        
-        This adds support for compiling constructors to the DFG. It's a
-        1% speed-up on V8, mostly due to a 6% speed-up on early-boyer.
-        It's also a 13% win on access-binary-trees, but it's neutral in
-        the SunSpider and Kraken averages.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::mightCompileFunctionForConstruct):
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGNode.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileOptimizedForConstruct):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::compileForConstruct):
-        (JSC::FunctionExecutable::compileFor):
-        (JSC::FunctionExecutable::compileOptimizedFor):
-
-2011-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Replace jsFunctionVPtr compares with a type check on the Structure.
-        https://bugs.webkit.org/show_bug.cgi?id=68557
-
-        Reviewed by Oliver Hunt.
-
-        This will permit calls to still optimize to subclasses of JSFunction
-        that have the correct type (but a different C++ vptr).
-
-        This patch stops passing the globalData into numerous functions.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::isFunctionConstant):
-        (JSC::DFG::Graph::valueOfFunctionConstant):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::isFunctionConstant):
-        (JSC::DFG::JITCompiler::valueOfFunctionConstant):
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfNotType):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Executable.h:
-        (JSC::isHostFunction):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::putWithAttributes):
-        * runtime/JSObject.h:
-        (JSC::getJSFunction):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        * runtime/JSType.h:
-
-2011-09-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed WTFTHREADDATA_MULTITHREADED, making it always true
-        https://bugs.webkit.org/show_bug.cgi?id=68549
-
-        Reviewed by Darin Adler.
-        
-        Another part of making threads exist in WebKit.
-
-        * wtf/WTFThreadData.cpp:
-        * wtf/WTFThreadData.h:
-        (WTF::wtfThreadData):
-
-2011-09-21  Dan Bernstein  <mitz@apple.com>
-
-        JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes
-        https://bugs.webkit.org/show_bug.cgi?id=68451
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes
-        check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS".
-
-2011-09-20  Gavin Barraclough  <barraclough@apple.com>
-
-        MacroAssembler fixes.
-        https://bugs.webkit.org/show_bug.cgi?id=68494
-
-        Reviewed by Sam Weinig.
-
-        Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::orPtr):
-        (JSC::MacroAssembler::loadPtr):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::or32):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::or32):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::or32):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::or32):
-        (JSC::MacroAssemblerSH4::load32):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::load32):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::load32):
-
-2011-09-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Some Heap cleanup.
-
-        Reviewed by Beth Dakin.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath()
-        because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock()
-        since there is only one now.
-
-        * heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused.
-        Updated mark bit overhead calculation. Deployed atomsPerBlock in one
-        place where we were recalculating it.
-
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::addBlock): Updated for rename.
-
-2011-09-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT always speculates integer on modulo
-        https://bugs.webkit.org/show_bug.cgi?id=68485
-
-        Reviewed by Oliver Hunt.
-        
-        Added support for double modulo, which is a call to fmod().
-        Also added support for recording the old JIT's statistics
-        on op_mod and propagating them along the graph. Finally,
-        fixed a goof in the ArithNodeFlags propagation logic that
-        was made obvious when I started testing ArithMod.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasArithNodeFlags):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-20  ChangSeok Oh  <shivamidow@gmail.com>
-
-        [GTK] requestAnimationFrame support for gtk port
-        https://bugs.webkit.org/show_bug.cgi?id=66280
-
-        Reviewed by Martin Robinson.
-
-        Let GTK port use REQUEST_ANIMATION_FRAME_TIMER.
-
-        * wtf/Platform.h:
-
-2011-09-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT performs too many negative zero checks, and too many
-        overflow checks
-        https://bugs.webkit.org/show_bug.cgi?id=68430
-
-        Reviewed by Oliver Hunt.
-        
-        This adds comprehensive support for deciding how to perform an
-        arithmetic operations based on a combination of overflow profiling,
-        negative zero profiling, value profiling, and a static analysis of
-        how the results of these operations get used.
-        
-        This is a 72% speed-up on stanford-crypto-sha256-iterative, and a
-        2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8
-        geomean, and neutral on SunSpider. It's also an 8.5% speed-up on
-        V8-crypto, because apparenty everything we do speeds up crypto.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (JSC::DFG::ByteCodeParser::toNumber):
-        (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
-        (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
-        (JSC::DFG::ByteCodeParser::weaklyPredictInt32):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
-        * dfg/DFGNode.h:
-        (JSC::DFG::nodeUsedAsNumber):
-        (JSC::DFG::nodeCanTruncateInteger):
-        (JSC::DFG::nodeCanIgnoreNegativeZero):
-        (JSC::DFG::nodeCanSpeculateInteger):
-        (JSC::DFG::arithNodeFlagsAsString):
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::hasArithNodeFlags):
-        (JSC::DFG::Node::rawArithNodeFlags):
-        (JSC::DFG::Node::arithNodeFlags):
-        (JSC::DFG::Node::arithNodeFlagsForCompare):
-        (JSC::DFG::Node::setArithNodeFlag):
-        (JSC::DFG::Node::mergeArithNodeFlags):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::isNotNegZero):
-        (JSC::DFG::Propagator::isNotZero):
-        (JSC::DFG::Propagator::propagateArithNodeFlags):
-        (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
-        (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
-        (JSC::DFG::Propagator::propagateNodePredictions):
-        (JSC::DFG::Propagator::propagatePredictionsForward):
-        (JSC::DFG::Propagator::propagatePredictionsBackward):
-        (JSC::DFG::Propagator::toDouble):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::fixup):
-        (JSC::DFG::Propagator::startIndexForChildren):
-        (JSC::DFG::Propagator::endIndexForPureCSE):
-        (JSC::DFG::Propagator::pureCSE):
-        (JSC::DFG::Propagator::clobbersWorld):
-        (JSC::DFG::Propagator::setReplacement):
-        (JSC::DFG::Propagator::performNodeCSE):
-        (JSC::DFG::Propagator::localCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Refactor Heap allocation logic into separate AllocationSpace class
-        https://bugs.webkit.org/show_bug.cgi?id=68409
-
-        Reviewed by Gavin Barraclough.
-
-        This patch hoists direct manipulation of the MarkedSpace and related
-        data out of Heap and into a separate class.  This will allow us to
-        have multiple allocation spaces in future, so easing the way towards
-        having GC'd backing stores for objects.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * heap/AllocationSpace.cpp: Added.
-        (JSC::AllocationSpace::tryAllocate):
-        (JSC::AllocationSpace::allocateSlowCase):
-        (JSC::AllocationSpace::allocateBlock):
-        (JSC::AllocationSpace::freeBlocks):
-        (JSC::TakeIfEmpty::TakeIfEmpty):
-        (JSC::TakeIfEmpty::operator()):
-        (JSC::TakeIfEmpty::returnValue):
-        (JSC::AllocationSpace::shrink):
-        * heap/AllocationSpace.h: Added.
-        (JSC::AllocationSpace::AllocationSpace):
-        (JSC::AllocationSpace::blocks):
-        (JSC::AllocationSpace::sizeClassFor):
-        (JSC::AllocationSpace::setHighWaterMark):
-        (JSC::AllocationSpace::highWaterMark):
-        (JSC::AllocationSpace::canonicalizeBlocks):
-        (JSC::AllocationSpace::resetAllocator):
-        (JSC::AllocationSpace::forEachCell):
-        (JSC::AllocationSpace::forEachBlock):
-        (JSC::AllocationSpace::allocate):
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::clearMarks):
-        (JSC::Heap::sweep):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::size):
-        (JSC::Heap::capacity):
-        (JSC::Heap::globalObjectCount):
-        (JSC::Heap::objectTypeCounts):
-        (JSC::Heap::collect):
-        (JSC::Heap::canonicalizeBlocks):
-        (JSC::Heap::resetAllocator):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::shrink):
-        * heap/Heap.h:
-        (JSC::Heap::objectSpace):
-        (JSC::Heap::sizeClassForObject):
-        (JSC::Heap::allocate):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::recompileAllJSFunctions):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-09-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed BREWMP* platform #ifdefs
-        https://bugs.webkit.org/show_bug.cgi?id=68425
-        
-        BREWMP* has no maintainer, and this is dead code.
-
-        Reviewed by Darin Adler.
-
-        * heap/MarkStack.h:
-        (JSC::::shrinkAllocation):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-        * wtf/CurrentTime.cpp:
-        * wtf/DateMath.cpp:
-        (WTF::calculateUTCOffset):
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMalloc):
-        (WTF::fastCalloc):
-        (WTF::fastMallocSize):
-        * wtf/FastMalloc.h:
-        * wtf/MainThread.cpp:
-        * wtf/MathExtras.h:
-        * wtf/OwnPtrCommon.h:
-        * wtf/Platform.h:
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-        * wtf/RandomNumberSeed.h:
-        (WTF::initializeRandomNumberGenerator):
-        * wtf/text/WTFString.h:
-        * wtf/unicode/Unicode.h:
-
-2011-09-20  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r95523
-
-        * wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined.
-
-2011-09-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not speculate aggressively enough on GetById
-        https://bugs.webkit.org/show_bug.cgi?id=68320
-
-        Reviewed by Oliver Hunt.
-        
-        This adds the ability to access properties directly, by offset.
-        This optimization kicks in when at the time of DFG compilation,
-        it appears that the given get_by_id is self-cached by the old JIT.
-        Two new opcodes get introduced: CheckStructure and GetByOffset.
-        CheckStructure performs a speculation check on the object's
-        structure, and returns the storage pointer. GetByOffset performs
-        a direct read of the field from the storage pointer. Both
-        CheckStructure and GetByOffset can be CSE'd, so that we can
-        eliminate redundant structure checks, and redundant reads of the
-        same field.
-        
-        This is a 4% speed-up on V8, a 2% slow-down on Kraken, and
-        neutral on SunSpider.
-
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionFromClassInfo):
-        (JSC::predictionFromStructure):
-        (JSC::predictionFromCell):
-        * bytecode/PredictedType.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::dataFormatToString):
-        (JSC::DFG::needDataFormatConversion):
-        (JSC::DFG::GenerationInfo::initStorage):
-        (JSC::DFG::GenerationInfo::spill):
-        (JSC::DFG::GenerationInfo::fillStorage):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::getPrediction):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::fillStorage):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::spill):
-        (JSC::DFG::JITCodeGenerator::storageResult):
-        (JSC::DFG::StorageOperand::StorageOperand):
-        (JSC::DFG::StorageOperand::~StorageOperand):
-        (JSC::DFG::StorageOperand::index):
-        (JSC::DFG::StorageOperand::gpr):
-        (JSC::DFG::StorageOperand::use):
-        * dfg/DFGNode.h:
-        (JSC::DFG::OpInfo::OpInfo):
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::hasPrediction):
-        (JSC::DFG::Node::hasStructure):
-        (JSC::DFG::Node::structure):
-        (JSC::DFG::Node::hasStorageAccessData):
-        (JSC::DFG::Node::storageAccessDataIndex):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNode):
-        (JSC::DFG::Propagator::globalVarLoadElimination):
-        (JSC::DFG::Propagator::getMethodLoadElimination):
-        (JSC::DFG::Propagator::checkStructureLoadElimination):
-        (JSC::DFG::Propagator::getByOffsetLoadElimination):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * wtf/StdLibExtras.h:
-        (WTF::safeCast):
-
-2011-09-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove toPrimitive from JSCell
-        https://bugs.webkit.org/show_bug.cgi?id=67875
-
-        Reviewed by Darin Adler.
-
-        Part of the refactoring process to un-virtualize JSCell.  We move 
-        all of the implicit functionality provided by the virtual toPrimitive method 
-        in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while 
-        also de-virtualizing JSCell::toPrimitive.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toPrimitive):
-        * runtime/JSCell.h:
-
-        We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from 
-        JSObject.  This pushes the virtual method further down, enabling us to get rid 
-        of the virtual call in JSCell.  Eventually we'll probably have to deal with this
-        again, but we'll cross that bridge when we come to it.
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::defaultValue):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-
-2011-09-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs
-        https://bugs.webkit.org/show_bug.cgi?id=68424
-
-        As discussed on webkit-dev. All ports build with threads enabled in JSC now.
-        
-        This may break WinCE and other ports that have not built and tested with
-        this configuration. I've filed bugs for port maintainers. It's time for
-        WebKit to move forward.
-
-        Reviewed by Mark Rowe.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::~Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::blockFreeingThreadMain):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::releaseFreeBlocks):
-        * heap/Heap.h:
-        * wtf/Platform.h:
-
-2011-09-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs
-        https://bugs.webkit.org/show_bug.cgi?id=68423
-
-        As discussed on webkit-dev. All ports build with threads enabled in WTF now.
-        
-        This may break WinCE and other ports that have not built and tested with
-        this configuration. I've filed bugs for port maintainers. It's time for
-        WebKit to move forward.
-
-        Reviewed by Mark Rowe.
-
-        * wtf/CryptographicallyRandomNumber.cpp:
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
-        * wtf/FastMalloc.cpp:
-        * wtf/Platform.h:
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-        * wtf/RefCountedLeakCounter.cpp:
-        (WTF::RefCountedLeakCounter::increment):
-        (WTF::RefCountedLeakCounter::decrement):
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeThreading):
-        * wtf/dtoa.cpp:
-        (WTF::pow5mult):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::initializeThreading):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::initializeThreading):
-
-2011-09-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs.
-        https://bugs.webkit.org/show_bug.cgi?id=68422
-        
-        As discussed on webkit-dev. All ports build with threads enabled in JSC now.
-        
-        This may break WinCE and other ports that have not built and tested with
-        this configuration. I've filed bugs for port maintainers. It's time for
-        WebKit to move forward.
-
-        Reviewed by Sam Weinig.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        * API/JSContextRef.cpp:
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::MachineThreads):
-        (JSC::MachineThreads::~MachineThreads):
-        (JSC::MachineThreads::gatherConservativeRoots):
-        * heap/MachineStackMarker.h:
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        (JSC::initializeThreading):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::sharedInstance):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::makeUsableFromMultipleThreads):
-        * runtime/JSLock.cpp:
-        * runtime/Structure.cpp:
-        * wtf/Platform.h:
-
-2011-09-19  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r95493 and r95496.
-        http://trac.webkit.org/changeset/95493
-        http://trac.webkit.org/changeset/95496
-        https://bugs.webkit.org/show_bug.cgi?id=68418
-
-        Broke Windows build (Requested by rniwa on #webkit).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * heap/AllocationSpace.cpp: Removed.
-        * heap/AllocationSpace.h: Removed.
-        * heap/Heap.cpp:
-        (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
-        (JSC::CountFunctor::TakeIfEmpty::operator()):
-        (JSC::CountFunctor::TakeIfEmpty::returnValue):
-        (JSC::Heap::Heap):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::tryAllocate):
-        (JSC::Heap::allocateSlowCase):
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::clearMarks):
-        (JSC::Heap::sweep):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::size):
-        (JSC::Heap::capacity):
-        (JSC::Heap::globalObjectCount):
-        (JSC::Heap::objectTypeCounts):
-        (JSC::Heap::collect):
-        (JSC::Heap::canonicalizeBlocks):
-        (JSC::Heap::resetAllocator):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::shrink):
-        * heap/Heap.h:
-        (JSC::Heap::markedSpace):
-        (JSC::Heap::forEachCell):
-        (JSC::Heap::forEachBlock):
-        (JSC::Heap::sizeClassFor):
-        (JSC::Heap::allocate):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::recompileAllJSFunctions):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-09-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Errrk, missed stylebot comments in last commit.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncSplit):
-
-2011-09-19  Gavin Barraclough  <barraclough@apple.com>
-
-        String#split is buggy
-        https://bugs.webkit.org/show_bug.cgi?id=68348
-
-        Reviewed by Sam Weinig.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::jsStringWithReuse):
-            - added helper function to reuse original JSString value.
-        (JSC::stringProtoFuncSplit):
-            - Rewritten from the spec.
-        * tests/mozilla/ecma/String/15.5.4.8-2.js:
-        (getTestCases):
-            - This test is not ES5 compliant.
-
-2011-09-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed lots of friend declarations from JSCell, so we can more
-        effectively make use of private and protected.
-
-        Reviewed by Sam Weinig.
-
-        * runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of
-        confusion for not much safety.
-        (JSC::JSCell::operator new): Made this public because it is used by a
-        few clients, and not really dangerous.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::getPropertySpecificValue):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::seal):
-        (JSC::JSObject::freeze):
-        (JSC::JSObject::preventExtensions):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::createInheritorID):
-        (JSC::JSObject::allocatePropertyStorage):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::hasCustomProperties):
-        (JSC::JSObject::hasGetterSetterProperties):
-        (JSC::JSObject::isSealed):
-        (JSC::JSObject::isFrozen):
-        (JSC::JSObject::isExtensible):
-        (JSC::JSObject::flattenDictionaryObject):
-        (JSC::JSObject::finishCreation):
-        (JSC::JSObject::prototype):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSCell::fastGetOwnProperty):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::transitionTo):
-        (JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to
-        structure() / setStructure(), so we don't have to be a friend of JSCell.
-
-        * runtime/Structure.h:
-        (JSC::JSCell::setStructure): Added, to avoid direct access by JSObject
-        to JSCell::m_structure.
-
-2011-09-19  Adam Barth  <abarth@webkit.org>
-
-        Always enable ENABLE(EVENTSOURCE)
-        https://bugs.webkit.org/show_bug.cgi?id=68414
-
-        Reviewed by Eric Seidel.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-19  Eli Fidler  <efidler@rim.com>
-
-        Enable JSC_MULTIPLE_THREADS for OS(QNX).
-        https://bugs.webkit.org/show_bug.cgi?id=68047
-
-        Reviewed by Daniel Bates.
-
-        SA_RESTART was required for SIGUSR2-based debugging, but is not
-        present on QNX. This debugging doesn't seem critical to
-        JSC_MULTIPLE_THREADS, so allow it to proceed.
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::Thread::Thread):
-        (JSC::getPlatformThreadRegisters):
-        (JSC::otherThreadStackPointer):
-        (JSC::freePlatformThreadRegisters):
-        * wtf/Platform.h: enable PTHREADS for OS(QNX)
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Refactor Heap allocation logic into separate AllocationSpace class
-        https://bugs.webkit.org/show_bug.cgi?id=68409
-
-        Reviewed by Gavin Barraclough.
-
-        This patch hoists direct manipulation of the MarkedSpace and related
-        data out of Heap and into a separate class.  This will allow us to
-        have multiple allocation spaces in future, so easing the way towards
-        having GC'd backing stores for objects.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * heap/AllocationSpace.cpp: Added.
-        (JSC::AllocationSpace::tryAllocate):
-        (JSC::AllocationSpace::allocateSlowCase):
-        (JSC::AllocationSpace::allocateBlock):
-        (JSC::AllocationSpace::freeBlocks):
-        (JSC::TakeIfEmpty::TakeIfEmpty):
-        (JSC::TakeIfEmpty::operator()):
-        (JSC::TakeIfEmpty::returnValue):
-        (JSC::AllocationSpace::shrink):
-        * heap/AllocationSpace.h: Added.
-        (JSC::AllocationSpace::AllocationSpace):
-        (JSC::AllocationSpace::blocks):
-        (JSC::AllocationSpace::sizeClassFor):
-        (JSC::AllocationSpace::setHighWaterMark):
-        (JSC::AllocationSpace::highWaterMark):
-        (JSC::AllocationSpace::canonicalizeBlocks):
-        (JSC::AllocationSpace::resetAllocator):
-        (JSC::AllocationSpace::forEachCell):
-        (JSC::AllocationSpace::forEachBlock):
-        (JSC::AllocationSpace::allocate):
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::clearMarks):
-        (JSC::Heap::sweep):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::size):
-        (JSC::Heap::capacity):
-        (JSC::Heap::globalObjectCount):
-        (JSC::Heap::objectTypeCounts):
-        (JSC::Heap::collect):
-        (JSC::Heap::canonicalizeBlocks):
-        (JSC::Heap::resetAllocator):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::shrink):
-        * heap/Heap.h:
-        (JSC::Heap::objectSpace):
-        (JSC::Heap::sizeClassForObject):
-        (JSC::Heap::allocate):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::recompileAllJSFunctions):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-09-19  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r95310
-
-        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added
-        include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found.
-
-2011-09-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculation failures should act as additional value profiles
-        https://bugs.webkit.org/show_bug.cgi?id=68335
-
-        Reviewed by Oliver Hunt.
-        
-        This adds slow-case counters to the old JIT. It also ensures that
-        negative zero in multiply is handled carefully. The old JIT
-        previously took slow path if the result of a multiply was zero,
-        which, without any changes, would cause the DFG to think that
-        every such multiply produced a double result.
-        
-        This also fixes a bug in the old JIT's handling of decrements. It
-        would take the slow path if the result was zero, but not if it
-        underflowed.
-        
-        By itself, this would be a 1% slow-down on V8 and Kraken. But then
-        I wrote optimizations in the DFG that take advantage of this new
-        information. It's no longer the case that every multiply needs to
-        do a check for negative zero; it only happens if the negative
-        zero is ignored.
-        
-        This results in a 12% speed-up on v8-crypto, for a 1.4% geomean
-        speed-up in V8. It's mostly neutral on Kraken. I can see an
-        0.5% slow-down and it appears to be significant.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::resetRareCaseProfiles):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        * bytecode/ValueProfile.h:
-        (JSC::RareCaseProfile::RareCaseProfile):
-        (JSC::getRareCaseProfileBytecodeOffset):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNode):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::clobbersWorld):
-        (JSC::DFG::Propagator::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JSC::JIT::linkDummySlowCase):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::compileBinaryArithOp):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitSlow_op_add):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::addSlowCase):
-
-2011-09-19  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r94575
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp
-        now builds just before FindSafari.
-
-2011-09-19  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r95466.
-        http://trac.webkit.org/changeset/95466
-        https://bugs.webkit.org/show_bug.cgi?id=68389
-
-        Incorrect version of the patch. (Requested by mhahnenberg on
-        #webkit).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toPrimitive):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::toPrimitive):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toPrimitive):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-
-2011-09-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove toPrimitive from JSCell
-        https://bugs.webkit.org/show_bug.cgi?id=67875
-
-        Reviewed by Geoffrey Garen.
-
-        Part of the refactoring process to un-virtualize JSCell.  We move 
-        all of the implicit functionality provided by the virtual toPrimitive method 
-        in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while 
-        also de-virtualizing JSCell::toPrimitive.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toPrimitive):
-        * runtime/JSCell.h:
-
-        We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from 
-        JSObject.  This pushes the virtual method further down, enabling us to get rid 
-        of the virtual call in JSCell.  Eventually we'll probably have to deal with this
-        again, but we'll cross that bridge when we come to it.
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::defaultValue):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        (JSC::JSValue::toPrimitive):
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp}
-        https://bugs.webkit.org/show_bug.cgi?id=68376
-
-        Reviewed by Gavin Barraclough.
-
-        Renamed the the MarkedSpace files to match new name, and
-        updated the relevant references.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Heap.h:
-        * heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp.
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::addBlock):
-        (JSC::MarkedSpace::removeBlock):
-        (JSC::MarkedSpace::resetAllocator):
-        (JSC::MarkedSpace::canonicalizeBlocks):
-        * heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h.
-        (JSC::MarkedSpace::waterMark):
-        (JSC::MarkedSpace::highWaterMark):
-        (JSC::MarkedSpace::setHighWaterMark):
-        (JSC::MarkedSpace::sizeClassFor):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::forEachBlock):
-        (JSC::MarkedSpace::SizeClass::SizeClass):
-        (JSC::MarkedSpace::SizeClass::resetAllocator):
-        (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
-        * runtime/JSCell.h:
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Rename NewSpace to MarkedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=68375
-
-        Reviewed by Gavin Barraclough.
-
-        Rename NewSpace to a more accurate name, and update all uses.
-        This patch doesn't rename the files themselves as that will
-        just make the patch appear bigger than it is.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/Heap.cpp:
-        (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
-        (JSC::CountFunctor::TakeIfEmpty::operator()):
-        (JSC::Heap::Heap):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::tryAllocate):
-        (JSC::Heap::allocateSlowCase):
-        (JSC::Heap::collect):
-        (JSC::Heap::canonicalizeBlocks):
-        (JSC::Heap::resetAllocator):
-        (JSC::Heap::isValidAllocation):
-        (JSC::Heap::shrink):
-        * heap/Heap.h:
-        (JSC::Heap::markedSpace):
-        (JSC::Heap::sizeClassFor):
-        (JSC::Heap::allocate):
-        * heap/NewSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::addBlock):
-        (JSC::MarkedSpace::removeBlock):
-        (JSC::MarkedSpace::resetAllocator):
-        (JSC::MarkedSpace::canonicalizeBlocks):
-        * heap/NewSpace.h:
-        (JSC::MarkedSpace::waterMark):
-        (JSC::MarkedSpace::highWaterMark):
-        (JSC::MarkedSpace::setHighWaterMark):
-        (JSC::MarkedSpace::sizeClassFor):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::forEachBlock):
-        (JSC::MarkedSpace::SizeClass::SizeClass):
-        (JSC::MarkedSpace::SizeClass::resetAllocator):
-        (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-
-2011-09-19  Peter Rybin  <peter.rybin@gmail.com>
-
-        TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes
-        https://bugs.webkit.org/show_bug.cgi?id=63541
-
-        Reviewed by Adam Barth.
-
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::startPosition):
-        * wtf/text/TextPosition.h:
-        (WTF::OrdinalNumber::fromZeroBasedInt):
-        (WTF::OrdinalNumber::fromOneBasedInt):
-        (WTF::OrdinalNumber::OrdinalNumber):
-        (WTF::OrdinalNumber::zeroBasedInt):
-        (WTF::OrdinalNumber::oneBasedInt):
-        (WTF::OrdinalNumber::operator==):
-        (WTF::OrdinalNumber::operator!=):
-        (WTF::OrdinalNumber::first):
-        (WTF::OrdinalNumber::beforeFirst):
-        (WTF::TextPosition::TextPosition):
-        (WTF::TextPosition::minimumPosition):
-        (WTF::TextPosition::belowRangePosition):
-
-2011-09-19  Dan Bernstein  <mitz@apple.com>
-
-        JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes
-        https://bugs.webkit.org/show_bug.cgi?id=68323
-
-        Reviewed by Sam Weinig.
-
-        Renamed WTFMainThreadCaller to JSWTFMainThreadCaller.
-
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::initializeMainThreadPlatform):
-        (WTF::initializeMainThreadToProcessMainThreadPlatform):
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Remove direct property slot pointers from the instruction stream
-        https://bugs.webkit.org/show_bug.cgi?id=68373
-
-        Reviewed by Gavin Barraclough.
-
-        Use an indirect load to access prototype properties rather than directly
-        storing the property address in the instruction stream.  This should allow
-        further optimisations in future, and also provides a 0.5% win to sunspider.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        * runtime/JSObject.h:
-        (JSC::JSObject::addressOfPropertyStorage):
-
-2011-09-19  Oliver Hunt  <oliver@apple.com>
-
-        Remove bump allocator
-        https://bugs.webkit.org/show_bug.cgi?id=68370
-
-        Reviewed by Sam Weinig.
-
-        Can't do anything with this allocator currently, and it's
-        increasing the complexity of the GC code.  Slight progression
-        on SunSpider, slight regression (undoing the original progression)
-        in V8.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::NewSpace):
-        * heap/NewSpace.h:
-        (JSC::NewSpace::allocate):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::allocatePropertyStorage):
-        * runtime/JSObject.h:
-        (JSC::JSObject::~JSObject):
-        (JSC::JSObject::visitChildrenDirect):
-        * runtime/StorageBarrier.h:
-        (JSC::StorageBarrier::set):
-
-2011-09-19  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Fix distcheck build
-        https://bugs.webkit.org/show_bug.cgi?id=68346
-
-        Reviewed by Philippe Normand.
-
-        * GNUmakefile.list.am:
-
-2011-09-19  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Fix distcheck build
-        https://bugs.webkit.org/show_bug.cgi?id=68241
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.list.am:
-
-2011-09-18  Dan Bernstein  <mitz@apple.com>
-
-        Removed ProfilerServer.
-
-        Reviewed by Mark Rowe.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * profiler/ProfilerServer.h: Removed.
-        * profiler/ProfilerServer.mm: Removed.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * wscript:
-
-2011-09-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should inline Math.min, Math.max, and Math.sqrt
-        https://bugs.webkit.org/show_bug.cgi?id=68318
-
-        Reviewed by Gavin Barraclough.
-        
-        Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for
-        a function to have an intrinsic but not a thunk generator. This is
-        a 7% speed-up on access-nbody, and neutral elsewhere, mainly because
-        we're still not DFG compiling the bulk of the hot code in Kraken audio
-        benchmarks.
-
-        * create_hash_table:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGIntrinsic.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNode):
-        (JSC::DFG::Propagator::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-
-2011-09-18  Nico Weber  <thakis@chromium.org>
-
-        Remove two files from JavaScriptCore.gypi that were removed in r95240
-        https://bugs.webkit.org/show_bug.cgi?id=68327
-
-        Unreviewed, build warning fix.
-
-        * JavaScriptCore.gypi:
-
-2011-09-17  Oliver Hunt  <oliver@apple.com>
-
-        Remove special case handling of inline storage from the JIT
-        https://bugs.webkit.org/show_bug.cgi?id=68319
-
-        Reviewed by Gavin Barraclough.
-
-        Simplify logic used for reading and writing to property storage
-        by removing the special cases for inline storage.  This has no
-        perf impact.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryBuildGetByIDList):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-
-2011-09-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not have full block-local CSE
-        https://bugs.webkit.org/show_bug.cgi?id=68316
-
-        Reviewed by Oliver Hunt.
-        
-        This adds block-local CSE to the DFG. CSE runs in the propagator just after
-        type propagation. It is part of the propagator itself because it needs to
-        use the propagator's internal data structures to determine which operations
-        may have side effects. Because it changes the live-ranges of nodes, the
-        virtual register allocator had to be moved into the propagator so that it
-        runs after CSE. To ensure that the back-end knows to keep the inputs to
-        any eliminated node alive for OSR, a new node type, Phantom, was introduced.
-        It is a no-op but prolonges the live-range of its inputs.
-        
-        This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on
-        Kraken.
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAliasTracker.h: Removed.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::MethodCheckData::operator==):
-        (JSC::DFG::MethodCheckData::operator!=):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasVirtualRegister):
-        (JSC::DFG::Node::setRefCount):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::Propagator):
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::propagateNode):
-        (JSC::DFG::Propagator::canonicalize):
-        (JSC::DFG::Propagator::computeStartIndex):
-        (JSC::DFG::Propagator::startIndex):
-        (JSC::DFG::Propagator::pureCSE):
-        (JSC::DFG::Propagator::globalVarLoadElimination):
-        (JSC::DFG::Propagator::getByValLoadElimination):
-        (JSC::DFG::Propagator::getMethodLoadElimination):
-        (JSC::DFG::Propagator::performSubstitution):
-        (JSC::DFG::Propagator::setReplacement):
-        (JSC::DFG::Propagator::performNodeCSE):
-        (JSC::DFG::Propagator::performBlockCSE):
-        (JSC::DFG::Propagator::localCSE):
-        (JSC::DFG::Propagator::allocateVirtualRegisters):
-        (JSC::DFG::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-16  Filip Pizlo  <fpizlo@apple.com>
-
-        method_check should repatch itself if it finds that the new structure(s)
-        are the result of transitions from the old structure(s)
-        https://bugs.webkit.org/show_bug.cgi?id=68294
-
-        Reviewed by Gavin Barraclough.
-        
-        Previously a patched method_check would slow-path to get_by_id. Now it
-        slow-paths to method_check_update, which attempts to correct the
-        method_check due to structure transitions before bailing to get_by_id.
-        
-        This is a 1-2% speed-up on some benchmarks and is not a slow-down
-        anywhere, leading to a 0.6% speed-up on the Kraken geomean.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * runtime/Structure.h:
-        (JSC::Structure::transitivelyTransitionedFrom):
-
-2011-09-16  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests).
-
-        * wtf/Platform.h:
-
-2011-09-16  Sam Weinig  <sam@webkit.org>
-
-        Rename APIValueWrapper type to APIValueWrapperType for consistency
-        https://bugs.webkit.org/show_bug.cgi?id=68306
-
-        Reviewed by Anders Carlsson.
-
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        Update name.
-
-        * runtime/JSType.h:
-        Update name and un-indent.
-
-        * runtime/Structure.h:
-        (JSC::JSCell::isAPIValueWrapper):
-        Update name.
-
-2011-09-16  Sam Weinig  <sam@webkit.org>
-
-        Remove unused isStrictModeFunction function
-        https://bugs.webkit.org/show_bug.cgi?id=68305
-
-        Reviewed by Anders Carlsson.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::isStrictModeFunction):
-
-2011-09-16  Sam Weinig  <sam@webkit.org>
-
-        Cleanup JSTypeInfo a bit
-        https://bugs.webkit.org/show_bug.cgi?id=68289
-
-        Reviewed by Anders Carlsson.
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        Replace direct access to flags() with predicate.
-
-        * runtime/JSObject.h:
-        (JSC::JSFinalObject::createStructure):
-        Pass FinalObjectType instead of using special IsJSFinalObject.
-
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set.
-
-        (JSC::TypeInfo::isFinalObject):
-        Added.
-
-        (JSC::TypeInfo::masqueradesAsUndefined):
-        (JSC::TypeInfo::implementsHasInstance):
-        (JSC::TypeInfo::isEnvironmentRecord):
-        (JSC::TypeInfo::overridesHasInstance):
-        (JSC::TypeInfo::implementsDefaultHasInstance):
-        (JSC::TypeInfo::overridesGetOwnPropertySlot):
-        (JSC::TypeInfo::overridesVisitChildren):
-        (JSC::TypeInfo::overridesGetPropertyNames):
-        (JSC::TypeInfo::prohibitsPropertyCaching):
-        (JSC::TypeInfo::isSetOnFlags1):
-        (JSC::TypeInfo::isSetOnFlags2):
-        Replace direct bit twiddling with helper functions.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        Use new isFinalObject() predicate.
-
-2011-09-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Unsigned bit shift fails under certain conditions in 32 bit builds
-        https://bugs.webkit.org/show_bug.cgi?id=68166
-
-        Reviewed by Geoff Garen.
-
-        The major bug here is that the slow case (which handles shifts of
-        doubles) doesn't check for negative results from an unsigned shift
-        (which should be unsigned, and as such can't be represented by a
-        signed integer immediate).  The implementation is also flawed for
-        shifts by negative shift amounts (treats as shift by zero).
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitRightShift):
-        (JSC::JIT::emitRightShiftSlowCase):
-
-2011-09-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed undetectable style.filter.
-
-        Reviewed by Sam Weinig.
-        
-        This feature was added in http://trac.webkit.org/changeset/15557 to
-        support housingmaps.com. But housingmaps.com no longer needs this hack,
-        we don't know of other websites that need it, and we don't know of
-        any other browsers that have implemented this feature.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSTypeInfo.h:
-        * runtime/StringObjectThatMasqueradesAsUndefined.h: Removed.
-
-2011-09-15  Sam Weinig  <sam@webkit.org>
-
-        Prepare JSTypes for more Object subtypes
-        https://bugs.webkit.org/show_bug.cgi?id=68200
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::branchIfNotObject):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfNotObject):
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeForLookup):
-        * runtime/JSObject.h:
-        (JSC::JSObject::finishCreation):
-        * runtime/JSType.h:
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::type):
-        (JSC::TypeInfo::isObject):
-        (JSC::TypeInfo::isFinal):
-        (JSC::TypeInfo::prohibitsPropertyCaching):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::finishCreation):
-        * runtime/Operations.cpp:
-        (JSC::jsIsObjectType):
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::isObject):
-        (JSC::JSCell::isObject):
-
-2011-09-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in r95201 with test failure fixed.
-        
-        I missed two cases of jumpSlowToHot in rshift -- these cases need to be
-        sure to initialize regT1 to the int tag, since it will otherwise hold
-        the top 32 bits of a double.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitRightShift):
-        (JSC::JIT::emitRightShiftSlowCase):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitStoreAndMapInt32):
-
-2011-09-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed Windows build fix after 95318.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-16  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r95310
-
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the
-        include path so DFGIntrinsic.h can be found.
-
-2011-09-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Rationalize JSObject::putDirect* methods
-        https://bugs.webkit.org/show_bug.cgi?id=68274
-
-        Reviewed by Sam Weinig.
-        
-        Delete the *Function variants. These are overall inefficient,
-        in the way they get the name back from the function rather
-        than just passing it in.
-
-        * JavaScriptCore.exp:
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (GlobalObject::addFunction):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::putWithAttributes):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::lookupPut):
-
-2011-09-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2011-09-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for non-DFG builds.
-
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::finishCreation):
-
-2011-09-16  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should inline Math.abs
-        https://bugs.webkit.org/show_bug.cgi?id=68227
-
-        Reviewed by Oliver Hunt.
-        
-        This adds the ability to track intrinsic functions throughout the
-        host function infrastructure, so that the DFG can easily query
-        whether or not a call's target is intrinsic, and if so, which
-        intrinsic it is.
-        
-        On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs)
-        is transformed into ValueToNumber<-ArithAbs nodes. These nodes
-        then get optimized using the usual tricks.
-        
-        Also had to make a completely unrelated change to
-        DateInstanceCache.h in order to fix a preexisting alphabetical
-        sorting problem in JSGlobalData.h
-        
-        This results in a big win in imaging-gaussian-blur: 61% faster
-        than before. The net win on Kraken is around 13%.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * create_hash_table:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::isFunctionConstant):
-        (JSC::DFG::Graph::valueOfFunctionConstant):
-        * dfg/DFGIntrinsic.h: Added.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::isFunctionConstant):
-        (JSC::DFG::JITCodeGenerator::valueOfFunctionConstant):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::isFunctionConstant):
-        (JSC::DFG::JITCompiler::valueOfFunctionConstant):
-        * dfg/DFGNode.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * runtime/DateInstanceCache.h:
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::intrinsic):
-        (JSC::NativeExecutable::intrinsic):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::finishCreation):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable):
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::HashEntry::initialize):
-        (JSC::HashEntry::intrinsic):
-
-2011-09-16  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences
-        using Domino's online ordering
-        https://bugs.webkit.org/show_bug.cgi?id=68220
-
-        Reviewed by Oliver Hunt.
-        
-        Weak handle processing can result in new objects being marked, which
-        results in new WeakReferencesHarvesters being added. But weak
-        reference harvesters are only processed before weak handle processing,
-        so there's the risk that a weak reference harvester will persist
-        until the next collection, by which time it may have been deleted.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-
-2011-09-16  Csaba Osztrogonác  <ossy@webkit.org>
-
-        REGRESSION(r95201): It made two tests fail
-        https://bugs.webkit.org/show_bug.cgi?id=68230
-
-        Unreviewed rolling out r95201.
-
-        * jit/JIT.h:
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitRightShift):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        * jit/JITInlineMethods.h:
-
-2011-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not optimize method_check
-        https://bugs.webkit.org/show_bug.cgi?id=68215
-
-        Reviewed by Oliver Hunt.
-        
-        MethodCallLinkInfo and StructureStubInfo are now searchable by
-        bytecodeIndex, so that DFG::ByteCodeParser can use that information
-        to determine how to optimize GetMethod.
-        
-        A new node op has been added to DFG: CheckMethod. This is a variant
-        of GetMethod that has been optimized for the case that GetMethod
-        always takes the fast path. CheckMethod results in only a very
-        small amount of code (two loads and two branches in the worst case,
-        one load and one branch in the best case). CheckMethod behaves as
-        if it were a constant.  
-        
-        Introduced the notion that a DFG node that is not JSConstant
-        behaves as a constant. CheckMethod uses this functionality.
-        
-        This is a 3% speed-up on Kraken, and a small speed-up on V8.
-        Appears to be neutral on SunSpider.
-
-        * bytecode/CodeBlock.h:
-        (JSC::getStructureStubInfoBytecodeIndex):
-        (JSC::getMethodCallLinkInfoBytecodeIndex):
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionFromCell):
-        (JSC::predictionFromValue):
-        * bytecode/PredictedType.h:
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::recordGetMethod):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::getMethodCheckPrediction):
-        (JSC::DFG::Graph::getPrediction):
-        (JSC::DFG::Graph::isConstant):
-        (JSC::DFG::Graph::isJSConstant):
-        (JSC::DFG::Graph::valueOfJSConstant):
-        (JSC::DFG::Graph::valueOfInt32Constant):
-        (JSC::DFG::Graph::valueOfNumberConstant):
-        (JSC::DFG::Graph::valueOfBooleanConstant):
-        (JSC::DFG::Graph::valueOfJSConstantNode):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::fillInt32ToInteger):
-        (JSC::DFG::JITCompiler::fillToJS):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasConstant):
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::hasMethodCheckData):
-        (JSC::DFG::Node::methodCheckDataIndex):
-        (JSC::DFG::Node::valueOfJSConstant):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
-        (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::structureAddress):
-
-2011-09-15  Adam Barth  <abarth@webkit.org>
-
-        Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE)
-        https://bugs.webkit.org/show_bug.cgi?id=68205
-
-        Reviewed by Eric Seidel.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2011-09-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (7/7)
-        https://bugs.webkit.org/show_bug.cgi?id=68122
-
-        Reviewed by Geoffrey Garen.
-
-        Completed the seventh and final level of the refactoring to add finishCreation() 
-        methods to all classes within the JSCell hierarchy with non-trivial 
-        constructor bodies.
-
-        JSCallbackObject was missed in previous patches due to the fact that 
-        it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so 
-        this is just a bit of retroactive cleanup.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::create):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-
-2011-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        The DFG non-speculative JIT is no longer used and should be removed.
-        https://bugs.webkit.org/show_bug.cgi?id=68177
-
-        Reviewed by Geoffrey Garen.
-        
-        This removes the non-speculative JIT and everything that relied on it,
-        including the ability to turn on DFG but not tiered compilation the,
-        ability to perform speculation failure into non-speculative JIT code,
-        and the ability to statically terminate speculation.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoopHint):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getStrongPrediction):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGenerationInfo.h:
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCodeGenerator.cpp:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp: Removed.
-        * dfg/DFGNonSpeculativeJIT.h: Removed.
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGPropagator.cpp:
-        * dfg/DFGPropagator.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::osrExits):
-        (JSC::DFG::SpeculativeJIT::speculationRecovery):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITCode.h:
-        (JSC::JITCode::bottomTierJIT):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * wtf/Platform.h:
-
-2011-09-15  Eric Seidel  <eric@webkit.org>
-
-        Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default
-        https://bugs.webkit.org/show_bug.cgi?id=68182
-
-        Reviewed by Adam Barth.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT sometimes asserts that a value is not a number
-        even when it doesn't know anything about the number
-        https://bugs.webkit.org/show_bug.cgi?id=68189
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::isUnknownJS):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
-
-2011-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        All of the functionality in the non-speculative JIT should be
-        available to the speculative JIT via helper methods
-        https://bugs.webkit.org/show_bug.cgi?id=68186
-
-        Reviewed by Oliver Hunt.
-        
-        Stole all of the goodness from NonSpeculativeJIT and placed it
-        in JITCodeGenerator.  Left all of the badness (i.e. subtle code
-        duplication with SpeculativeJIT, etc).  This is in preparation
-        for removing the NonSpeculativeJIT entirely, but having its
-        goodness available for reuse in the SpeculativeJIT if necessary.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-
-2011-09-15  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r95167.
-        http://trac.webkit.org/changeset/95167
-        https://bugs.webkit.org/show_bug.cgi?id=68191
-
-        Patch needs further work. (Requested by mhahnenberg on
-        #webkit).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::toBoolean):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::toBoolean):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toBoolean):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean):
-
-2011-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for platforms that expect a linkable symbol
-        for primitive static const's.
-
-        * bytecode/CodeBlock.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-
-2011-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for assertion on existence of alternative
-        CodeBlock.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Value profiles collect no information for global variables
-        https://bugs.webkit.org/show_bug.cgi?id=68143
-
-        Reviewed by Geoffrey Garen.
-        
-        17% speed-up on string-fasta.  Neutral elsewhere.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getStrongPrediction):
-        (JSC::DFG::ByteCodeParser::stronglyPredict):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_global_var):
-
-2011-09-15  Eric Seidel  <eric@webkit.org>
-
-        Remove ENABLE_SVG_ANIMATION as all major ports have it on by default
-        https://bugs.webkit.org/show_bug.cgi?id=68022
-
-        Reviewed by Ryosuke Niwa.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Ooops, revert accidentally commited unreviewed changes.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        * jit/JSInterfaceJIT.h:
-        * runtime/JSValue.h:
-
-2011-09-15  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r95163.
-        http://trac.webkit.org/changeset/95163
-        https://bugs.webkit.org/show_bug.cgi?id=68180
-
-        [Qt] The QT_GCC_X variables were removed in Qt5 by accident.
-        (Requested by darktears on #webkit).
-
-        * JavaScriptCore.pro:
-
-2011-09-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix p1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        * jit/JSInterfaceJIT.h:
-        * runtime/JSValue.h:
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Tiered compilation should be enabled by default on platforms
-        that support the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=68136
-
-        Reviewed by Sam Weinig.
-        
-        Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on
-        Kraken.  Large progressions on some benchmarks, including
-        3x on imaging-desaturate.
-
-        * wtf/Platform.h:
-
-2011-09-15  Gavin Barraclough  <barraclough@apple.com>
-
-        devirtualize preventExtensions
-        https://bugs.webkit.org/show_bug.cgi?id=68176
-
-        Reviewed by Oliver Hunt.
-
-        This is virtual due to problems in JSFunction putting the prototype
-        property, but we can fix this problem a different way, just setting
-        the checkReadOnly flag to false in the put.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSFunction.h:
-        * runtime/JSObject.h:
-
-2011-09-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Value chaining for JSValue32_64 bitops.
-
-        Reviewed by Sam Weinig.
-        
-        SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto).
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores
-        that can chain their results, which is the common case.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitRightShift):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec): Deployed new function.
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec): Had to reorder these functions so they
-        computed their result values last, to make them elligible for chaining.
-
-2011-09-15  Adam Roben  <aroben@apple.com>
-
-        Clang build fix after r95172
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
-        Added parentheses to make precendence clear.
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG does not speculate aggressively enough on comparisons
-        https://bugs.webkit.org/show_bug.cgi?id=68138
-
-        Reviewed by Oliver Hunt.
-        
-        This is a 75% speed-up on Kraken/ai-astar.  It's a 1% win on
-        V8 and an 8.5% win on Kraken.  Neutral on SunSpider.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compare):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not leverage integer speculations on branches
-        https://bugs.webkit.org/show_bug.cgi?id=68140
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isStrictInt32):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-14  Gavin Barraclough  <barraclough@apple.com>
-
-        [n]stricteq code is bogus in JSValue32_64 JIT
-        https://bugs.webkit.org/show_bug.cgi?id=68141
-
-        Reviewed by Sam Weinig.
-
-        The code tries to check for both ints or cells, but this check also
-        catches cases where values that are undefined, null, etc (probably
-        was incorrectly assuming cell was the 2nd highest tag?).
-
-        Also, there is no need not to handle int on the fast path.
-        stricteq is just a case of comparing the payloads, if we:
-            * handle cases of differing tags on a slow path
-            * handle doubles a slow path
-            * handle both-are-string on a slow path
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emitSlow_op_stricteq):
-        (JSC::JIT::emitSlow_op_nstricteq):
-
-2011-09-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Make JSCell::toBoolean non-virtual
-        https://bugs.webkit.org/show_bug.cgi?id=67727
-
-        Reviewed by Sam Weinig.
-
-        JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where 
-        before it was simply virtual and would crash if its implementation was called). 
-        Its descendants in JSObject and JSString have also been made non-virtual.  JSCell now
-        explicitly covers all cases of toBoolean, so having a virtual implementation of 
-        JSCell::toBoolean is no longer necessary.  This is part of a larger process of un-virtualizing JSCell.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSString.h:
-        (JSC::JSCell::toBoolean):
-        (JSC::JSValue::toBoolean):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-
-2011-09-14  Alexis Menard  <alexis.menard@openbossa.org>
-
-        [Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore.
-        https://bugs.webkit.org/show_bug.cgi?id=68114
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Use the new GCC_X variables defined in WebKit.pri to replace
-        the usage of QT_GCC_X.
-
-        * JavaScriptCore.pro:
-
-2011-09-14  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r95145.
-        http://trac.webkit.org/changeset/95145
-        https://bugs.webkit.org/show_bug.cgi?id=68139
-
-        The GTK+ build is working now, so revert this trial build fix.
-        (Requested by mrobinson on #webkit).
-
-        * GNUmakefile.list.am:
-
-2011-09-14  Patrick Gansterer  <paroga@webkit.org>
-
-        Port MachineStackMarker to Windows ARM and MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=68068
-
-        Reviewed by Geoffrey Garen.
-
-        Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS).
-        Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for
-        CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for
-        CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS).
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::getPlatformThreadRegisters):
-        (JSC::otherThreadStackPointer):
-
-2011-09-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT always speculates that ValueAdd is a numeric addition
-        https://bugs.webkit.org/show_bug.cgi?id=67956
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
-
-2011-09-14  Anders Carlsson  <andersca@apple.com>
-
-        Stop building BinarySemaphore to see if that's what's breaking the GTK+ build.
-
-        * GNUmakefile.list.am:
-
-2011-09-14  Anders Carlsson  <andersca@apple.com>
-
-        This is getting old. Yet another build fix attempt.
-
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-
-2011-09-14  Anders Carlsson  <andersca@apple.com>
-
-        Yet another build fix attempt.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-
-2011-09-14  Anders Carlsson  <andersca@apple.com>
-
-        How I &quot;love&quot; Visual Studio...
-
-        Try to fix build again.
-
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-
-2011-09-14  Anders Carlsson  <andersca@apple.com>
-
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
-
-2011-09-14  Anders Carlsson  <andersca@apple.com>
-
-        Add BinarySemaphore class from WebKit2 to WTF
-        https://bugs.webkit.org/show_bug.cgi?id=68132
-
-        Reviewed by Sam Weinig.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        Update build systems.
-
-        * wtf/threads: Added.
-        * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp.
-        * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h.
-        * wtf/threads/win: Added.
-        * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp.
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for Interpreter.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2011-09-14  Anders Carlsson  <andersca@apple.com>
-
-        Add wtf/threads and wtf/threads/win, so we can be sure that the EWS
-        bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132
-
-        Rubber-stamped by Sam Weinig.
-
-        * wtf/threads: Added.
-        * wtf/threads/win: Added.
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT should not speculate integer if the value is always going to be
-        used as a double anyway
-        https://bugs.webkit.org/show_bug.cgi?id=68127
-
-        Reviewed by Oliver Hunt.
-        
-        Added a ValueToDouble node, which is a variant of ValueToNumber that
-        hints that it will only be used as a double and never as an integer.
-        Thus, it turns off integer speculation even if the value profiler
-        told us that the value source is an int. The logic for converting a
-        ValueToNumber into a ValueToDouble is found in Propagator.
-        
-        This appears to be a 22% speed-up in imaging-darkroom.
-
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::toDouble):
-        (JSC::DFG::Propagator::fixupNode):
-        (JSC::DFG::Propagator::fixup):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Tiered compilation heuristics do not account for value profile fullness
-        https://bugs.webkit.org/show_bug.cgi?id=68116
-
-        Reviewed by Oliver Hunt.
-        
-        Tiered compilation avoids invoking the DFG JIT if it finds that value
-        profiles contain insufficient information. Instead, it produces a
-        prediction from the current value profile, and then clears the value
-        profile. This allows the value profile to heat up from scratch for
-        some number of additional executions. The new profiles will then be
-        merged with the previous prediction. Once the amount of information
-        in predictions is enough according to heuristics in CodeBlock.cpp,
-        DFG optimization is allowed to proceed.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CodeBlock::visitWeakReferences):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        * bytecode/PredictedType.cpp:
-        (JSC::predictionToString):
-        * bytecode/PredictedType.h:
-        * bytecode/ValueProfile.cpp: Added.
-        (JSC::ValueProfile::computeStatistics):
-        (JSC::ValueProfile::computeUpdatedPrediction):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::ValueProfile):
-        (JSC::ValueProfile::classInfo):
-        (JSC::ValueProfile::numberOfSamples):
-        (JSC::ValueProfile::totalNumberOfSamples):
-        (JSC::ValueProfile::isLive):
-        (JSC::ValueProfile::numberOfInt32s):
-        (JSC::ValueProfile::numberOfDoubles):
-        (JSC::ValueProfile::numberOfBooleans):
-        (JSC::ValueProfile::dump):
-        (JSC::getValueProfileBytecodeOffset):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::stronglyPredict):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not speculate that the child of LogicalNot is a boolean if
-        predictions tell us otherwise
-        https://bugs.webkit.org/show_bug.cgi?id=68118
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix.  Turn off tiered compilation.
-
-        * wtf/Platform.h:
-
-2011-09-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Prediction tracking is not precise enough
-        https://bugs.webkit.org/show_bug.cgi?id=67993
-
-        Reviewed by Oliver Hunt.
-        
-        Added a richer set of type predictions, including JSFinalObject, JSString,
-        object that is not a JSFinalObject or JSArray (ObjectOther), some object
-        but we don't or care know what kind (SomeObject), definitely an object,
-        cell that is not an object or JSString, an value that is none of the above
-        (so either Undefined or Null). Made the propagator and value profiler work
-        with the new types.
-        
-        Performance is neutral, because the DFG JIT does not take advantage of this
-        new knowledge yet.
-        
-        In the process of writing predictionToString() (which is now considerably
-        more complex) I decided to finally add a BoundsCheckedPointer, which
-        should come in handy in other places, like at least the OSR scratch buffer
-        and the CompactJITCodeMap. It's great for cases where you want to
-        do pointer arithmetic, you want to have assertions about the
-        pointer not going out of bounds, but you don't want to write those
-        assertions yourself.
-        
-        This also required refactoring inherits(), since the ValueProfiler may
-        want to do the equivalent of inherits() but given two ClassInfo's.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/PredictedType.cpp: Added.
-        (JSC::predictionToString):
-        (JSC::makePrediction):
-        (JSC::predictionFromValue):
-        * bytecode/PredictedType.h:
-        (JSC::isCellPrediction):
-        (JSC::isObjectPrediction):
-        (JSC::isFinalObjectPrediction):
-        (JSC::isStringPrediction):
-        (JSC::mergePredictions):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::numberOfObjects):
-        (JSC::ValueProfile::numberOfFinalObjects):
-        (JSC::ValueProfile::numberOfStrings):
-        (JSC::ValueProfile::probabilityOfObject):
-        (JSC::ValueProfile::probabilityOfFinalObject):
-        (JSC::ValueProfile::probabilityOfString):
-        (JSC::ValueProfile::dump):
-        (JSC::ValueProfile::Statistics::Statistics):
-        (JSC::ValueProfile::computeStatistics):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::stronglyPredict):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::predict):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::propagateNode):
-        * runtime/ClassInfo.h:
-        (JSC::ClassInfo::isSubClassOf):
-        * runtime/JSObject.h:
-        (JSC::JSCell::inherits):
-        * wtf/BoundsCheckedPointer.h: Added.
-        (WTF::BoundsCheckedPointer::BoundsCheckedPointer):
-        (WTF::BoundsCheckedPointer::operator=):
-        (WTF::BoundsCheckedPointer::operator+=):
-        (WTF::BoundsCheckedPointer::operator-=):
-        (WTF::BoundsCheckedPointer::operator+):
-        (WTF::BoundsCheckedPointer::operator-):
-        (WTF::BoundsCheckedPointer::operator++):
-        (WTF::BoundsCheckedPointer::operator--):
-        (WTF::BoundsCheckedPointer::operator<):
-        (WTF::BoundsCheckedPointer::operator<=):
-        (WTF::BoundsCheckedPointer::operator>):
-        (WTF::BoundsCheckedPointer::operator>=):
-        (WTF::BoundsCheckedPointer::operator==):
-        (WTF::BoundsCheckedPointer::operator!=):
-        (WTF::BoundsCheckedPointer::operator!):
-        (WTF::BoundsCheckedPointer::get):
-        (WTF::BoundsCheckedPointer::operator*):
-        (WTF::BoundsCheckedPointer::operator[]):
-        (WTF::BoundsCheckedPointer::strcat):
-        (WTF::BoundsCheckedPointer::validate):
-        * wtf/CMakeLists.txt:
-
-2011-09-14  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] Win32 builds with threads turned off
-        https://bugs.webkit.org/show_bug.cgi?id=67864
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.pri: Link pthread library on Windows platform.
-        * wtf/Platform.h: Enable multiple threads.
-
-2011-09-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (6/7)
-        https://bugs.webkit.org/show_bug.cgi?id=67692
-
-        Reviewed by Geoffrey Garen.
-
-        Completed the sixth level of the refactoring to add finishCreation() 
-        methods to all classes within the JSCell hierarchy with non-trivial 
-        constructor bodies.
-
-        This primarily consists of pushing the calls to finishCreation() down 
-        into the constructors of the subclasses of the fifth level of the hierarchy 
-        as well as pulling the finishCreation() calls out into the class's corresponding
-        create() method if it has one.  Doing both simultaneously allows us to 
-        maintain the invariant that the finishCreation() method chain is called exactly 
-        once during the creation of an object, since calling it any other number of 
-        times (0, 2, or more) will cause an assertion failure.
-
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::JSCallbackFunction):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::create):
-        * jsc.cpp:
-        (GlobalObject::create):
-        (GlobalObject::GlobalObject):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::create):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/BooleanConstructor.h:
-        (JSC::BooleanConstructor::create):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::create):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::create):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::create):
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        (JSC::StrictModeTypeErrorFunction::create):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorConstructor.h:
-        (JSC::ErrorConstructor::create):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionConstructor.h:
-        (JSC::FunctionConstructor::create):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::create):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::create):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        (JSC::NativeErrorPrototype::finishCreation):
-        * runtime/NativeErrorPrototype.h:
-        (JSC::NativeErrorPrototype::create):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::create):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::create):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::create):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::create):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::create):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::create):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::create):
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::create):
-
-2011-09-13  Eric Seidel  <eric@webkit.org>
-
-        Remove ENABLE_SVG_USE as <use> is required by HTML5
-        https://bugs.webkit.org/show_bug.cgi?id=68019
-
-        Reviewed by Ryosuke Niwa.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-14  Iain Merrick  <husky@google.com>
-
-        HashTraits.h should include template specialization for WTF::String
-        https://bugs.webkit.org/show_bug.cgi?id=67851
-
-        Ensure that the template specialization for HashTraits<String> is always
-        picked up. (Previously it was possible to include HashSet and String but
-        not the correct HashTraits, so you would get an inefficient template
-        instantiation.)
-
-        Reviewed by Darin Adler.
-
-        * wtf/HashTraits.h:
-        * wtf/text/StringHash.h:
-
-2011-09-13  Filip Pizlo  <fpizlo@apple.com>
-
-        SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should
-        return false if either node can be double
-        https://bugs.webkit.org/show_bug.cgi?id=67985
-
-        Reviewed by Geoffrey Garen.
-        
-        This is a 17% speed-up on 3d-cube.
-        
-        This required allowing us to check if a constant is double but not
-        integer, and making the shouldSpeculateInteger() check test for
-        any hints of doubly-ness in its operands. This also required
-        changing some terminology: previously "isDouble" often meant
-        "isDouble or isInt32".  Now "isDouble" means exactly what the name
-        suggests, and "isNumber" means "isDouble or isInt32".
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::toNumber):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::isJSFormat):
-        (JSC::DFG::isJSInteger):
-        (JSC::DFG::isJSDouble):
-        (JSC::DFG::isJSCell):
-        (JSC::DFG::isJSBoolean):
-        (JSC::DFG::GenerationInfo::isJSFormat):
-        (JSC::DFG::GenerationInfo::isJSInteger):
-        (JSC::DFG::GenerationInfo::isJSDouble):
-        (JSC::DFG::GenerationInfo::isJSCell):
-        (JSC::DFG::GenerationInfo::isJSBoolean):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::isNumberConstant):
-        (JSC::DFG::Graph::valueOfNumberConstant):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::isKnownInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownNumeric):
-        (JSC::DFG::JITCodeGenerator::isKnownCell):
-        (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownBoolean):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::JITCodeGenerator::isNumberConstant):
-        (JSC::DFG::JITCodeGenerator::valueOfNumberConstant):
-        (JSC::DFG::JITCodeGenerator::initConstantInfo):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::fillToJS):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::isNumberConstant):
-        (JSC::DFG::JITCompiler::valueOfNumberConstant):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::isDoubleConstant):
-        (JSC::DFG::Node::isNumberConstant):
-        (JSC::DFG::Node::valueOfNumberConstant):
-        (JSC::DFG::Node::hasNumberResult):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isInteger):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-
-2011-09-13  Anders Carlsson  <andersca@apple.com>
-
-        Disable C++ exceptions when building with clang
-        https://bugs.webkit.org/show_bug.cgi?id=68031
-        <rdar://problem/9556880>
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig:
-
-2011-09-13  Eric Seidel  <eric@webkit.org>
-
-        Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5
-        https://bugs.webkit.org/show_bug.cgi?id=68018
-
-        Reviewed by Ryosuke Niwa.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-09-13  Sam Weinig  <sam@webkit.org>
-
-        Object.getPrototypeOf should use JSValue::get()
-        https://bugs.webkit.org/show_bug.cgi?id=67973
-
-        Reviewed by Darin Adler.
-
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetPrototypeOf):
-        Pipe through JSValue::get() to allow overrides.
-
-2011-09-12  Filip Pizlo  <fpizlo@apple.com>
-
-        JavaScriptCore does not have baseline->speculative OSR
-        https://bugs.webkit.org/show_bug.cgi?id=67920
-
-        Reviewed by Oliver Hunt.
-        
-        This adds the ability to on-stack-replace (OSR) from code that is
-        running hot in the old JIT to code compiled by the new JIT.  This
-        ensures that long-running loops benefit from DFG optimization.
-        It also ensures that if code experiences a speculation failure
-        in DFG code, it has an opportunity to reenter the DFG once every
-        1,000 loop iterations or so.
-        
-        This results in a 2.88x speed-up on Kraken/imaging-desaturate,
-        and is a pure win on the main three benchmark suites (SunSpider,
-        V8, Kraken), when tiered compilation is enabled.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::ProgramCodeBlock::compileOptimized):
-        (JSC::EvalCodeBlock::compileOptimized):
-        (JSC::FunctionCodeBlock::compileOptimized):
-        * bytecode/CodeBlock.h:
-        * bytecode/Opcode.h:
-        * bytecode/PredictedType.h: Added.
-        (JSC::isCellPrediction):
-        (JSC::isArrayPrediction):
-        (JSC::isInt32Prediction):
-        (JSC::isDoublePrediction):
-        (JSC::isNumberPrediction):
-        (JSC::isBooleanPrediction):
-        (JSC::isStrongPrediction):
-        (JSC::predictionToString):
-        (JSC::mergePredictions):
-        (JSC::mergePrediction):
-        (JSC::makePrediction):
-        * bytecode/PredictionTracker.h: Added.
-        (JSC::operandIsArgument):
-        (JSC::PredictionSlot::PredictionSlot):
-        (JSC::PredictionTracker::PredictionTracker):
-        (JSC::PredictionTracker::initializeSimilarTo):
-        (JSC::PredictionTracker::copyLocalsFrom):
-        (JSC::PredictionTracker::numberOfArguments):
-        (JSC::PredictionTracker::numberOfVariables):
-        (JSC::PredictionTracker::argumentOffsetForOperand):
-        (JSC::PredictionTracker::predictArgument):
-        (JSC::PredictionTracker::predict):
-        (JSC::PredictionTracker::predictGlobalVar):
-        (JSC::PredictionTracker::getArgumentPrediction):
-        (JSC::PredictionTracker::getPrediction):
-        (JSC::PredictionTracker::getGlobalVarPrediction):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoopHint):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::getPrediction):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGNode.h:
-        * dfg/DFGOSREntry.cpp: Added.
-        (JSC::DFG::predictionIsValid):
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSREntry.h: Added.
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGPredictionTracker.h: Removed.
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::mergeUse):
-        (JSC::DFG::Propagator::mergePrediction):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/CompactJITCodeMap.h:
-        (JSC::CompactJITCodeMap::numberOfEntries):
-        (JSC::CompactJITCodeMap::decode):
-        (JSC::CompactJITCodeMap::Decoder::Decoder):
-        (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining):
-        (JSC::CompactJITCodeMap::Decoder::read):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        (JSC::JIT::emitTimeoutCheck):
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JSC::JIT::emit_op_loop_hint):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-09-12  Sam Weinig  <sam@webkit.org>
-
-        Don't allow setting __proto__ to be a getter or setter
-        https://bugs.webkit.org/show_bug.cgi?id=67982
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        Disallow setting a getter or setter on __proto__.
-
-2011-09-12  James Robinson  <jamesr@chromium.org>
-
-        Unreviewed build fix for chromium.
-
-        Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which
-        is currently only compiled in by ports that use JavaScriptCore.  This code is currently unreachable in builds so
-        no change in functionality.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::CharAccess::CharAccess):
-
-2011-09-09  Filip Pizlo  <fpizlo@apple.com>
-
-        JavaScriptCore does not have speculative->baseline OSR
-        https://bugs.webkit.org/show_bug.cgi?id=67826
-
-        Reviewed by Oliver Hunt.
-        
-        This adds the ability to bail out of DFG speculative JIT execution by
-        performing an on-stack replacement (OSR) that results in the control
-        flow going to the equivalent code generated by the old JIT.
-        
-        This required a number of new features, as well as taking advantage of
-        some features that happened to already be present:
-        
-        We already had a policy of storing the bytecode index for which a DFG
-        node was generated inside the DFG::Node class. This was previously
-        called exceptionInfo. It's now renamed to codeOrigin to reflect that
-        it's used for more than just excpetions. OSR uses this to figure out
-        which bytecode index to use to look up the machine code location in
-        the code generated by the old JIT that we should be jumping to.
-        
-        CodeBlock now stores a mapping between bytecode indices and machine
-        code offsets for code generated by the old JIT. This is implemented
-        by CompactJITCodeMap, which tries to compress this data a bit.  The
-        OSR compiler decodes this and uses it to find the machine code
-        locations it should be jumping to.
-        
-        We already had a mechanism that emitted SetLocal nodes in the DFG graph
-        that told us the time at which the old JIT would have stored something
-        into its register file, and the DFG::Node that corresponds to the value
-        that it would have stored. These SetLocal's were mostly dead-code-
-        eliminated, but our DCE leaves the nodes intact except for making them
-        have 0 as the ref count. This allows the OSR compiler to construct a
-        mapping between the state as it would have been seen by the old JIT
-        and the state as the DFG JIT sees it. The OSR compiler uses this to
-        generate code that reshapes the call frame so that it is like what the
-        old JIT would expect.
-        
-        Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION)
-        we no longer emit the non-speculative path.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::currentCodeOrigin):
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        * dfg/DFGGPRInfo.h:
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::alive):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::CallRecord::CallRecord):
-        (JSC::DFG::JITCompiler::notifyCall):
-        (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
-        (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
-        (JSC::DFG::JITCompiler::addJSCall):
-        (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
-        * dfg/DFGNode.h:
-        (JSC::DFG::CodeOrigin::CodeOrigin):
-        (JSC::DFG::CodeOrigin::isSet):
-        (JSC::DFG::CodeOrigin::bytecodeIndex):
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::child1Unchecked):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::ValueRecovery::dump):
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::ValueSource::ValueSource):
-        (JSC::DFG::ValueSource::isSet):
-        (JSC::DFG::ValueSource::nodeIndex):
-        (JSC::DFG::ValueRecovery::ValueRecovery):
-        (JSC::DFG::ValueRecovery::alreadyInRegisterFile):
-        (JSC::DFG::ValueRecovery::inGPR):
-        (JSC::DFG::ValueRecovery::inFPR):
-        (JSC::DFG::ValueRecovery::displacedInRegisterFile):
-        (JSC::DFG::ValueRecovery::constant):
-        (JSC::DFG::ValueRecovery::technique):
-        (JSC::DFG::ValueRecovery::gpr):
-        (JSC::DFG::ValueRecovery::fpr):
-        (JSC::DFG::ValueRecovery::virtualRegister):
-        (JSC::DFG::OSRExit::numberOfRecoveries):
-        (JSC::DFG::OSRExit::valueRecovery):
-        (JSC::DFG::OSRExit::isArgument):
-        (JSC::DFG::OSRExit::argumentForIndex):
-        (JSC::DFG::OSRExit::variableForIndex):
-        (JSC::DFG::OSRExit::operandForIndex):
-        (JSC::DFG::SpeculativeJIT::osrExits):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
-        (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
-        (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        * jit/CompactJITCodeMap.h: Added.
-        (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset):
-        (JSC::BytecodeAndMachineOffset::getBytecodeIndex):
-        (JSC::BytecodeAndMachineOffset::getMachineCodeOffset):
-        (JSC::CompactJITCodeMap::~CompactJITCodeMap):
-        (JSC::CompactJITCodeMap::decode):
-        (JSC::CompactJITCodeMap::CompactJITCodeMap):
-        (JSC::CompactJITCodeMap::at):
-        (JSC::CompactJITCodeMap::decodeNumber):
-        (JSC::CompactJITCodeMap::Encoder::Encoder):
-        (JSC::CompactJITCodeMap::Encoder::~Encoder):
-        (JSC::CompactJITCodeMap::Encoder::append):
-        (JSC::CompactJITCodeMap::Encoder::finish):
-        (JSC::CompactJITCodeMap::Encoder::appendByte):
-        (JSC::CompactJITCodeMap::Encoder::encodeNumber):
-        (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::osrScratchBufferForSize):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-
-2011-09-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Re-enabled ENABLE(LAZY_BLOCK_FREEING).
-        
-        Reviewed by Stephanie Lewis.
-
-        I accidentally disabled this in r94890, causing a big performance regression.
-
-        * wtf/Platform.h:
-
-2011-09-12  Michael Saboff  <msaboff@apple.com>
-
-        Broken Build for ARM - lshift32() needs TrustedImm32 arg
-        https://bugs.webkit.org/show_bug.cgi?id=67965
-
-        Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1);
-
-        Reviewed by Anders Carlsson.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branch16):
-
-2011-09-12  Michael Saboff  <msaboff@apple.com>
-
-        Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h
-        https://bugs.webkit.org/show_bug.cgi?id=67961
-
-        Added missing semicolon.
-
-        Reviewed by Ryosuke Niwa.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branch16):
-
-2011-09-12  Michael Saboff  <msaboff@apple.com>
-
-        Update RegExp and related classes to use 8 bit strings when available
-        https://bugs.webkit.org/show_bug.cgi?id=67337
-
-        Modified both the Yarr interpreter and JIT to handle 8 bit subject strings.
-        The code paths are triggered by the UString::is8bit() method which currently
-        returns false.  Implemented JIT changes for all current architectures.
-        Tested X86_64 and ARM v7.
-
-        This includes some code that will likely change as we complete the
-        8 bit string changes.  This includes the way the raw buffer pointers
-        are accessed as well as replacing the CharAccess class with a
-        string interator returned from UString.
-
-        Fixed build breakage in testRegExp.cpp due to globalObject construction
-        changes.
-
-        Reviewed by Gavin Barraclough.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * testRegExp.cpp:
-        (GlobalObject::finishCreation):
-        (GlobalObject::GlobalObject):
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::baseIndexTransfer32):
-        * assembler/ARMAssembler.h:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::ubfx):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load8):
-        (JSC::MacroAssemblerARM::branch8):
-        (JSC::MacroAssemblerARM::branch16):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load8):
-        (JSC::MacroAssemblerARMv7::branch16):
-        (JSC::MacroAssemblerARMv7::branch8):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::load8):
-        (JSC::MacroAssemblerMIPS::branch8):
-        (JSC::MacroAssemblerMIPS::branch16):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::load8):
-        (JSC::MacroAssemblerSH4::branch8):
-        (JSC::MacroAssemblerSH4::branch16):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::load8):
-        (JSC::MacroAssemblerX86Common::branch16):
-        (JSC::MacroAssemblerX86Common::branch8):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::extub):
-        (JSC::SH4Assembler::printInstr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::cmpw_ir):
-        (JSC::X86Assembler::movzbl_mr):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::compileIfNecessary):
-        (JSC::RegExp::match):
-        (JSC::RegExp::matchCompareWithInterpreter):
-        * runtime/RegExp.h:
-        * runtime/UString.h:
-        (JSC::UString::is8Bit):
-        * yarr/Yarr.h:
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::CharAccess::CharAccess):
-        (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
-        (JSC::Yarr::Interpreter::CharAccess::operator[]):
-        (JSC::Yarr::Interpreter::InputStream::InputStream):
-        (JSC::Yarr::Interpreter::Interpreter):
-        (JSC::Yarr::interpret):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
-        (JSC::Yarr::YarrGenerator::readCharacter):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
-        (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
-        (JSC::Yarr::YarrGenerator::YarrGenerator):
-        (JSC::Yarr::YarrGenerator::compile):
-        (JSC::Yarr::jitCompile):
-        (JSC::Yarr::execute):
-        * yarr/YarrJIT.h:
-        (JSC::Yarr::YarrCodeBlock::has8BitCode):
-        (JSC::Yarr::YarrCodeBlock::has16BitCode):
-        (JSC::Yarr::YarrCodeBlock::set8BitCode):
-        (JSC::Yarr::YarrCodeBlock::set16BitCode):
-        (JSC::Yarr::YarrCodeBlock::execute):
-        * yarr/YarrParser.h:
-        (JSC::Yarr::Parser::Parser):
-
-2011-09-12  Andras Becsi  <andras.becsi@nokia.com>
-
-        [Qt] Build fails after r94920 with strict compiler
-        https://bugs.webkit.org/show_bug.cgi?id=67928
-
-        Reviewed by Csaba Osztrogonác.
-
-        * wtf/RedBlackTree.h:
-        (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot.
-
-2011-09-12  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed build fix after r94871.
-
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * wtf/FastMalloc.cpp:
-        * wtf/RefCountedLeakCounter.h:
-
-2011-09-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGNode.h has macros that indicate the enabling of a feature, but
-        they do not use the ENABLE() idiom.
-        https://bugs.webkit.org/show_bug.cgi?id=67907
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::stronglyPredict):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCodeGenerator.cpp:
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillInt32ToInteger):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::propagateNode):
-        (JSC::DFG::Propagator::propagateForward):
-        (JSC::DFG::Propagator::propagateBackward):
-        (JSC::DFG::propagate):
-        * dfg/DFGScoreBoard.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2011-09-11  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Unreviewed build fix for chromium/mac & clang.
-
-        Fix the macro redefinition error by r94927, because chromium set
-        ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
-        it is not PLATFORM(QT).
-         ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
-         #define ENABLE_JSC_MULTIPLE_THREADS 1
-         <command line>:43:9: note: previous definition is here
-         #define ENABLE_JSC_MULTIPLE_THREADS 0
-         1 error generated.
-
-        * wtf/Platform.h:
-
-2011-09-11  Sam Weinig  <sam@webkit.org>
-
-        Remove JSCell::isPropertyNameIterator(), it is unused
-        https://bugs.webkit.org/show_bug.cgi?id=67911
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSCell.h:
-        * runtime/JSPropertyNameIterator.h:
-
-2011-09-11  Sam Weinig  <sam@webkit.org>
-
-        De-virtualize JSCell::isAPIValueWrapper
-        https://bugs.webkit.org/show_bug.cgi?id=67909
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        Set the correct type on structure creation.
-
-        * runtime/JSCell.h:
-        Remove virtual keyword and default implementation.
-
-        * runtime/JSType.h:
-        Add type for APIValueWrapper. It must come after CompoundType since
-        the APIValueWrapper has children in need of marking.
-
-        * runtime/Structure.h:
-        (JSC::JSCell::isAPIValueWrapper):
-        Implement predicate using type info.
-
-2011-09-10  Sam Weinig  <sam@webkit.org>
-
-        De-virtualize JSCell::isGetterSetter, type information is available for it
-        https://bugs.webkit.org/show_bug.cgi?id=67902
-
-        Reviewed by Dan Bernstein.
-
-        * runtime/GetterSetter.cpp:
-        * runtime/GetterSetter.h:
-        Remove override of isGetterSetter.
-
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        De-virtualize and remove silly base implementation.
-
-        * runtime/Structure.h:
-        (JSC::JSCell::isGetterSetter):
-        Use type info to determine getter-setter-hood.
-
-2011-09-09  Oliver Hunt  <oliver@apple.com>
-
-        Remove support for anonymous storage from jsobjects
-        https://bugs.webkit.org/show_bug.cgi?id=67881
-
-        Reviewed by Sam Weinig.
-
-        Remove all use of anonymous slots, essentially a mechanical change
-        in JavaScriptCore
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::validateValue):
-        * heap/MarkStack.h:
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::createStructure):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::finishCreation):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::createStructure):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::createStructure):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::createStructure):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::createStructure):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::finishCreation):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::createStructure):
-        * runtime/ExceptionHelpers.h:
-        (JSC::InterruptedExecutionError::createStructure):
-        (JSC::TerminatedExecutionError::createStructure):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::createStructure):
-        (JSC::NativeExecutable::createStructure):
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::finishCreation):
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        (JSC::JSNonFinalObject::createStructure):
-        (JSC::JSFinalObject::createStructure):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::createStructure):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::createStructure):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::createStructure):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::finishCreation):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::createStructure):
-        * runtime/RegExp.h:
-        (JSC::RegExp::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::createStructure):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::createStructure):
-        * runtime/StrictEvalActivation.h:
-        (JSC::StrictEvalActivation::createStructure):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::createStructure):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::get):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::remove):
-        (JSC::Structure::checkConsistency):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::propertyStorageSize):
-        (JSC::Structure::get):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::createStructure):
-
-2011-09-11  Jarred Nicholls  <jarred@sencha.com>
-
-        [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
-        https://bugs.webkit.org/show_bug.cgi?id=67864
-        
-        Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
-
-        Reviewed by Csaba Osztrogonác.
-
-        * wtf/Platform.h:
-
-2011-09-11  Filip Pizlo  <fpizlo@apple.com>
-
-        ARM and MIPS assemblers still refer to executable pools.
-        https://bugs.webkit.org/show_bug.cgi?id=67903
-
-        Reviewed by Csaba Osztrogonác.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        * assembler/AssemblerBufferWithConstantPool.h:
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::executableCopy):
-
-2011-09-08  Filip Pizlo  <fpizlo@apple.com>
-
-        The executable allocator makes it difficult to free individual
-        chunks of executable memory
-        https://bugs.webkit.org/show_bug.cgi?id=66363
-
-        Reviewed by Oliver Hunt.
-        
-        Introduced a best-fit, balanced-tree based allocator. The allocator
-        required a balanced tree that does not allocate memory and that
-        permits the removal of individual nodes directly (as opposed to by
-        key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
-        Changed all references to executable code to use a reference counted
-        handle.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::finalizeCode):
-        (JSC::LinkBuffer::linkCode):
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
-        (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
-        (JSC::MacroAssemblerCodeRef::executableMemory):
-        (JSC::MacroAssemblerCodeRef::code):
-        (JSC::MacroAssemblerCodeRef::size):
-        (JSC::MacroAssemblerCodeRef::operator!):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-        * bytecode/CodeBlock.h:
-        * bytecode/Instruction.h:
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::tryCachePutByID):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::initializeAllocator):
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::allocate):
-        (JSC::ExecutableAllocator::committedByteCount):
-        (JSC::ExecutableAllocator::dumpProfile):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::dumpProfile):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutableAllocator::initializeAllocator):
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::isValid):
-        (JSC::ExecutableAllocator::underMemoryPressure):
-        (JSC::ExecutableAllocator::allocate):
-        (JSC::ExecutableAllocator::committedByteCount):
-        (JSC::ExecutableAllocator::dumpProfile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        (JSC::JIT::compileCTINativeCall):
-        * jit/JITCode.h:
-        (JSC::JITCode::operator !):
-        (JSC::JITCode::addressForCall):
-        (JSC::JITCode::offsetOf):
-        (JSC::JITCode::execute):
-        (JSC::JITCode::start):
-        (JSC::JITCode::size):
-        (JSC::JITCode::getExecutableMemory):
-        (JSC::JITCode::HostFunction):
-        (JSC::JITCode::JITCode):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::JITThunks::ctiStub):
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        (JSC::powThunkGenerator):
-        * jit/ThunkGenerators.h:
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::dumpSampleData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::getCTIStub):
-        * wtf/CMakeLists.txt:
-        * wtf/MetaAllocator.cpp: Added.
-        (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
-        (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
-        (WTF::MetaAllocatorHandle::shrink):
-        (WTF::MetaAllocator::MetaAllocator):
-        (WTF::MetaAllocator::allocate):
-        (WTF::MetaAllocator::currentStatistics):
-        (WTF::MetaAllocator::findAndRemoveFreeSpace):
-        (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
-        (WTF::MetaAllocator::addFreshFreeSpace):
-        (WTF::MetaAllocator::debugFreeSpaceSize):
-        (WTF::MetaAllocator::addFreeSpace):
-        (WTF::MetaAllocator::incrementPageOccupancy):
-        (WTF::MetaAllocator::decrementPageOccupancy):
-        (WTF::MetaAllocator::roundUp):
-        (WTF::MetaAllocator::allocFreeSpaceNode):
-        (WTF::MetaAllocator::freeFreeSpaceNode):
-        (WTF::MetaAllocator::dumpProfile):
-        * wtf/MetaAllocator.h: Added.
-        (WTF::MetaAllocator::bytesAllocated):
-        (WTF::MetaAllocator::bytesReserved):
-        (WTF::MetaAllocator::bytesCommitted):
-        (WTF::MetaAllocator::dumpProfile):
-        (WTF::MetaAllocator::~MetaAllocator):
-        * wtf/MetaAllocatorHandle.h: Added.
-        * wtf/RedBlackTree.h: Added.
-        (WTF::RedBlackTree::Node::Node):
-        (WTF::RedBlackTree::Node::successor):
-        (WTF::RedBlackTree::Node::predecessor):
-        (WTF::RedBlackTree::Node::reset):
-        (WTF::RedBlackTree::Node::parent):
-        (WTF::RedBlackTree::Node::setParent):
-        (WTF::RedBlackTree::Node::left):
-        (WTF::RedBlackTree::Node::setLeft):
-        (WTF::RedBlackTree::Node::right):
-        (WTF::RedBlackTree::Node::setRight):
-        (WTF::RedBlackTree::Node::color):
-        (WTF::RedBlackTree::Node::setColor):
-        (WTF::RedBlackTree::RedBlackTree):
-        (WTF::RedBlackTree::insert):
-        (WTF::RedBlackTree::remove):
-        (WTF::RedBlackTree::findExact):
-        (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
-        (WTF::RedBlackTree::findGreatestLessThanOrEqual):
-        (WTF::RedBlackTree::first):
-        (WTF::RedBlackTree::last):
-        (WTF::RedBlackTree::size):
-        (WTF::RedBlackTree::isEmpty):
-        (WTF::RedBlackTree::treeMinimum):
-        (WTF::RedBlackTree::treeMaximum):
-        (WTF::RedBlackTree::treeInsert):
-        (WTF::RedBlackTree::leftRotate):
-        (WTF::RedBlackTree::rightRotate):
-        (WTF::RedBlackTree::removeFixup):
-        * wtf/wtf.pri:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::compile):
-        * yarr/YarrJIT.h:
-        (JSC::Yarr::YarrCodeBlock::execute):
-        (JSC::Yarr::YarrCodeBlock::getAddr):
-
-2011-09-10  Sam Weinig  <sam@webkit.org>
-
-        Remove JSC::isZombie() function, it did nothing and was called by no-one.
-        https://bugs.webkit.org/show_bug.cgi?id=67901
-
-        Reviewed by Andy Estes.
-
-        * JavaScriptCore.exp:
-        * runtime/JSCell.cpp:
-        * runtime/JSValue.h:
-
-2011-09-10  Sam Weinig  <sam@webkit.org>
-
-        Add isInterruptedExecutionException and isTerminatedExecutionException predicates
-        https://bugs.webkit.org/show_bug.cgi?id=67892
-
-        Reviewed by Andy "First Time Reviewer" Estes.
-
-        * JavaScriptCore.exp:
-        Add symbols.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        Use new predicates.
-
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createInterruptedExecutionException):
-        (JSC::isInterruptedExecutionException):
-        (JSC::createTerminatedExecutionException):
-        (JSC::isTerminatedExecutionException):
-        * runtime/ExceptionHelpers.h:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        Add predicates.
-
-2011-09-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT completely undoes speculative compilation even in the case of
-        a partial static speculation failure
-        https://bugs.webkit.org/show_bug.cgi?id=67798
-
-        Reviewed by Geoffrey Garen.
-        
-        This is a regression with static speculation, so it is turned off by
-        default.  But it is a necessary prerequisite for further work on
-        dynamic speculation.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2011-09-09  Chris Marrin  <cmarrin@apple.com>
-
-        requestAnimationFrame doesn't throttle on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=67171
-
-        Reviewed by Simon Fraser.
-
-        Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
-        requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
-        Currently only enabled for PLATFORM(MAC)
-
-        * wtf/Platform.h:
-
-2011-09-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Removed ENABLE(SINGLE_THREADED) support, since it is always false
-        https://bugs.webkit.org/show_bug.cgi?id=67862
-
-        Next step toward making the baseline platform assumption that threads exist.
-
-        * wtf/wtf.pri:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
-        ThreadingNone.cpp, which was only compiled in single-threaded mode.
-
-        * wtf/Platform.h:
-        * wtf/ThreadSpecific.h:
-        (WTF::::destroy):
-        * wtf/qt/ThreadingQt.cpp: Removed now-dead code.
-
-        * wtf/ThreadingNone.cpp: Removed.
-
-2011-09-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (5/7)
-        https://bugs.webkit.org/show_bug.cgi?id=67420
-
-        Reviewed by Geoffrey Garen.
-
-        Completed the fifth level of the refactoring to add finishCreation() 
-        methods to all classes within the JSCell hierarchy with non-trivial 
-        constructor bodies.
-
-        This primarily consists of pushing the calls to finishCreation() down 
-        into the constructors of the subclasses of the second level of the hierarchy 
-        as well as pulling the finishCreation() calls out into the class's corresponding
-        create() method if it has one.  Doing both simultaneously allows us to 
-        maintain the invariant that the finishCreation() method chain is called exactly 
-        once during the creation of an object, since calling it any other number of 
-        times (0, 2, or more) will cause an assertion failure.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::create):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::JSCallbackFunction):
-        (JSC::JSCallbackFunction::finishCreation):
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        (JSC::::finishCreation):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::create):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (GlobalObject::GlobalObject):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::ArrayConstructor::finishCreation):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::create):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::BooleanConstructor::finishCreation):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::create):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        (JSC::BooleanPrototype::finishCreation):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        (JSC::DateConstructor::finishCreation):
-        * runtime/DateConstructor.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::create):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        (JSC::DatePrototype::finishCreation):
-        * runtime/DatePrototype.h:
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        (JSC::ErrorConstructor::finishCreation):
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::create):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        (JSC::FunctionConstructor::finishCreation):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        (JSC::FunctionPrototype::finishCreation):
-        * runtime/FunctionPrototype.h:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::create):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::create):
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::create):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::create):
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/MathObject.h:
-        (JSC::MathObject::create):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::finishCreation):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        (JSC::NativeErrorPrototype::finishCreation):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::NumberConstructor::finishCreation):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::create):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        (JSC::NumberPrototype::finishCreation):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::ObjectConstructor::finishCreation):
-        * runtime/ObjectConstructor.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpConstructor::finishCreation):
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::create):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::create):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        (JSC::StringConstructor::finishCreation):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        (JSC::StringObject::create):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        (JSC::StringPrototype::finishCreation):
-        * runtime/StringPrototype.h:
-
-2011-09-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Guard against double-#define for something already #defined
-        by the build system.
-
-        * wtf/Platform.h:
-
-2011-09-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
-        !ENABLE_WTF_MULTIPLE_THREADS
-        https://bugs.webkit.org/show_bug.cgi?id=67860
-
-        First step toward making the baseline platform assumption that threads
-        exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
-        or !ENABLE_WTF_MULTIPLE_THREADS.
-
-        * wtf/Platform.h:
-
-2011-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        [Qt] Remove common.pri
-        https://bugs.webkit.org/show_bug.cgi?id=67814
-
-        Reviewed by Andreas Kling.
-
-        * JavaScriptCore.pri:
-
-2011-09-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        REGRESSION(r94811): Assertion failure in 2 worker tests
-        https://bugs.webkit.org/show_bug.cgi?id=67829
-
-        Reviewed by Sam Weinig.
-
-        Fixing a couple tests that were broken due to the wrong values being 
-        set in the parent class pointers in the ClassInfo structs for 
-        TerminatedExecutionError and InterruptedExecutionError.
-
-        * runtime/ExceptionHelpers.cpp:
-
-2011-09-08  Oliver Hunt  <oliver@apple.com>
-
-        Use bump allocator for initial property storage
-        https://bugs.webkit.org/show_bug.cgi?id=67494
-
-        Reviewed by Geoffrey Garen.
-
-        Use a bump allocator for initial allocation of property storage,
-        and promote to fastMalloc memory only if it survives a GC pass.
-
-        Comes out as a 1% win on v8, and is a useful step on the way to
-        GC allocation of all property storage.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (JSC::Heap::allocatePropertyStorage):
-        (JSC::Heap::inPropertyStorageNursery):
-        * heap/MarkedBlock.h:
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::NewSpace):
-        * heap/NewSpace.h:
-        (JSC::NewSpace::resetPropertyStorageNursery):
-        (JSC::NewSpace::allocatePropertyStorage):
-        (JSC::NewSpace::inPropertyStorageNursery):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::allocatePropertyStorage):
-        * runtime/JSObject.h:
-        (JSC::JSObject::isUsingInlineStorage):
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::propertyStorage):
-        (JSC::JSObject::~JSObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSObject::transitionTo):
-        (JSC::JSObject::visitChildrenDirect):
-        * runtime/StorageBarrier.h: Added.
-        (JSC::StorageBarrier::StorageBarrier):
-        (JSC::StorageBarrier::set):
-        (JSC::StorageBarrier::operator->):
-        (JSC::StorageBarrier::operator*):
-        (JSC::StorageBarrier::operator[]):
-        (JSC::StorageBarrier::get):
-
-2011-09-08  Sam Weinig  <sam@webkit.org>
-
-        Remove the Completion object from JSC, I have never liked it
-        https://bugs.webkit.org/show_bug.cgi?id=67755
-
-        Reviewed by Gavin Barraclough.
-
-        - Removes the Completion object and replaces its use with out parameter exceptions.
-        - Remove ComplType and virtual exceptionType() function on JSObject. Replace with
-          ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        * jsc.cpp:
-        (functionLoad):
-        (functionCheckSyntax):
-        (runWithScripts):
-        (runInteractive):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Completion.h:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::toString):
-        (JSC::TerminatedExecutionError::toString):
-        (JSC::createInterruptedExecutionException):
-        * runtime/ExceptionHelpers.h:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        (JSC::InterruptedExecutionError::create):
-        (JSC::InterruptedExecutionError::createStructure):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        (JSC::TerminatedExecutionError::create):
-        (JSC::TerminatedExecutionError::createStructure):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSObject.h:
-
-2011-09-08  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Build fix.
-
-        * dfg/DFGCapabilities.cpp:
-
-2011-09-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Value profling and execution count profiling is performed even for
-        code that cannot be optimized
-        https://bugs.webkit.org/show_bug.cgi?id=67694
-
-        Reviewed by Gavin Barraclough.
-        
-        This is a 2% speed-up on V8 when tiered compilation is enabled.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::ProgramCodeBlock::canCompileWithDFG):
-        (JSC::EvalCodeBlock::canCompileWithDFG):
-        (JSC::FunctionCodeBlock::canCompileWithDFG):
-        * bytecode/CodeBlock.h:
-        * dfg/DFGCapabilities.cpp: Added.
-        (JSC::DFG::canCompileOpcodes):
-        * dfg/DFGCapabilities.h: Added.
-        (JSC::DFG::mightCompileEval):
-        (JSC::DFG::mightCompileProgram):
-        (JSC::DFG::mightCompileFunctionForCall):
-        (JSC::DFG::mightCompileFunctionForConstruct):
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canCompileEval):
-        (JSC::DFG::canCompileProgram):
-        (JSC::DFG::canCompileFunctionForCall):
-        (JSC::DFG::canCompileFunctionForConstruct):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::shouldEmitProfiling):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-
-2011-09-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
-        https://bugs.webkit.org/show_bug.cgi?id=67840
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
-
-2011-09-08  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=67771
-
-        Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
-        and patchOffsetGetByIdSlowCaseCall
-        and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JIT.h:
-        * wtf/dtoa/utils.h:
-
-2011-09-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove getUInt32 from JSCell
-        https://bugs.webkit.org/show_bug.cgi?id=67691
-
-        Reviewed by Oliver Hunt.
-
-         We don't use JSCell::getUInt32 anymore, so it has been removed.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-
-2011-09-07  Filip Pizlo  <fpizlo@apple.com>
-
-        PPC build fix.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-
-2011-09-07  Oliver Hunt  <oliver@apple.com>
-
-        Release mode build fix.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::create):
-
-2011-09-06  Oliver Hunt  <oliver@apple.com>
-
-        Remove JSObjectWithGlobalObject
-        https://bugs.webkit.org/show_bug.cgi?id=67689
-
-        Reviewed by Geoff Garen.
-
-        Remove JSObjectWithGlobalObject, and update code to stop using anonymous
-        storage to access the global object that a JSObject comes from.  Largely
-        mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        (JSC::JSCallbackConstructor::finishCreation):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackObject.cpp:
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::create):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        (JSC::::finishCreation):
-        (JSC::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSValueRef.cpp:
-        (JSValueIsObjectOfClass):
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchGetMethodFast):
-        (JSC::DFG::tryCacheGetMethod):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSFunction):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/DatePrototype.cpp:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        (JSC::InternalFunction::finishCreation):
-        * runtime/InternalFunction.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::finishCreation):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::create):
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        (JSC::JSONObject::finishCreation):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.h:
-        (JSC::JSObject::globalObject):
-        * runtime/JSObjectWithGlobalObject.cpp: Removed.
-        * runtime/JSObjectWithGlobalObject.h: Removed.
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::isValidCallee):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        (JSC::MathObject::finishCreation):
-        * runtime/MathObject.h:
-        * runtime/NumberPrototype.cpp:
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        (JSC::RegExpObject::finishCreation):
-        * runtime/RegExpObject.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::globalObject):
-
-2011-09-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Refactor JIT checks for ObjectType into helper functions.
-
-        Rubber stamped by Sam Weinig.
-
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::branchIfNotObject):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.h:
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emit_op_ret_object_or_this):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfNotObject):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_create_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_create_this):
-
-2011-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r94627 and r94632.
-        http://trac.webkit.org/changeset/94627
-        http://trac.webkit.org/changeset/94632
-        https://bugs.webkit.org/show_bug.cgi?id=67698
-
-        It broke tests on GTK and Qt (Requested by Ossy on #webkit).
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::create):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::JSCallbackFunction):
-        * API/JSCallbackFunction.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::create):
-        * debugger/DebuggerActivation.h:
-        * jsc.cpp:
-        (GlobalObject::constructorBody):
-        (GlobalObject::GlobalObject):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::create):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::create):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateConstructor.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::create):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/DatePrototype.h:
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorConstructor.h:
-        (JSC::ErrorConstructor::create):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::create):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/FunctionPrototype.h:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::create):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::create):
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::create):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::create):
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/MathObject.h:
-        (JSC::MathObject::create):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::constructorBody):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        (JSC::NativeErrorPrototype::constructorBody):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::create):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/ObjectConstructor.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::create):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::create):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        (JSC::StringObject::create):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-
-2011-09-06  Xianzhu Wang  <wangxianzhu@chromium.org>
-
-        Replace usages of Vector<UChar> with existing StringBuilder
-        https://bugs.webkit.org/show_bug.cgi?id=67079
-
-        Reviewed by Gavin Barraclough.
-
-        This is part of work to support 8-bit string buffers.
-        Adds StringBuilder::characters() because the original Vector<UChar>::data()
-        is widely used.
-        Sets the minimum size of buffer to 16 to prevent possible performance
-        regression. Further performance investigation should be done in
-        https://bugs.webkit.org/show_bug.cgi?id=67084.
-
-        * wtf/Forward.h:
-        * wtf/text/StringBuilder.cpp:
-        (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::operator[]):
-        (WTF::StringBuilder::characters): Added.
-
-2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fix broken snow leopard build
-        https://bugs.webkit.org/show_bug.cgi?id=67693
-
-        Reviewed by Daniel Bates.
-
-        Removed unnecessary symbol export.
-
-        * JavaScriptCore.exp:
-
-2011-09-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not optimize booleans
-        https://bugs.webkit.org/show_bug.cgi?id=67670
-
-        Reviewed by Gavin Barraclough.
-        
-        This adds boolean value profiling, boolean prediction in the DFG,
-        boolean forward flow propagation in the DFGPropagator, boolean
-        data format in DFG generation info, and comprehensive optimizations
-        based on both boolean prediction and boolean generation info.
-        This is brings the speed-up on v8-richards to 12%, and gives slight
-        speed-ups elsewhere as well.
-        
-        Making this work right required navigating some subtleties in
-        value profiling.  Some functions get compiled with insufficient
-        information because some important path of the function never
-        executed.  In these cases, we wish to fall back on static
-        speculation.  But to do so, we need to ensure that predictions that
-        are inherent in the code (like that GetById almost certainly takes
-        a cell operand) are reflected in predictions that we make in
-        DFGPropagator.  Thus, DFGPropagator now does both backward and
-        forward flow, using a both forward and backward fixpoint.
-        
-        The backward flow in DFGPropagator is a separate static analysis,
-        and needs to keep a set of backward flow abstract values for
-        variables, arguments, and globals.  To make this easy, this patch
-        factors out DFGGraph's prediction tracking capability into
-        DFGPredictionTracker, which now gets used by both DFGGraph (for
-        forward flow predictions) and DFGPropagator (for backward flow
-        predictions).  Backward flow predictions eventually get merged
-        into forward flow ones, but the two are not equivalent: a forward
-        flow prediction is a superset of the backward flow prediction.
-        
-        Debugging these prediction issues required a better understanding
-        of where we fail speculation, and what our value predictions look
-        like.  This patch also adds optional verbose speculation failure
-        (so an informative printf fires whenever speculation failure occurs)
-        and slight improvements to the verbosity in other places.
-
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::numberOfBooleans):
-        (JSC::ValueProfile::probabilityOfBoolean):
-        (JSC::ValueProfile::dump):
-        (JSC::ValueProfile::computeStatistics):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::stronglyPredict):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::dataFormatToString):
-        (JSC::DFG::needDataFormatConversion):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::Graph):
-        (JSC::DFG::Graph::predictions):
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::predictGlobalVar):
-        (JSC::DFG::Graph::getPrediction):
-        (JSC::DFG::Graph::getGlobalVarPrediction):
-        (JSC::DFG::Graph::isBooleanConstant):
-        (JSC::DFG::Graph::valueOfBooleanConstant):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownBoolean):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::emitBranch):
-        (JSC::DFG::JITCodeGenerator::speculationCheck):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::isBooleanConstant):
-        (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::debugCall):
-        (JSC::DFG::JITCompiler::isBooleanConstant):
-        (JSC::DFG::JITCompiler::valueOfBooleanConstant):
-        * dfg/DFGNode.h:
-        (JSC::DFG::isBooleanPrediction):
-        (JSC::DFG::predictionToString):
-        (JSC::DFG::mergePredictions):
-        (JSC::DFG::makePrediction):
-        (JSC::DFG::Node::isBooleanConstant):
-        (JSC::DFG::Node::valueOfBooleanConstant):
-        (JSC::DFG::Node::hasBooleanResult):
-        (JSC::DFG::Node::hasNumericResult):
-        (JSC::DFG::Node::predict):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionTracker.h: Added.
-        (JSC::DFG::operandIsArgument):
-        (JSC::DFG::PredictionSlot::PredictionSlot):
-        (JSC::DFG::PredictionTracker::PredictionTracker):
-        (JSC::DFG::PredictionTracker::initializeSimilarTo):
-        (JSC::DFG::PredictionTracker::numberOfArguments):
-        (JSC::DFG::PredictionTracker::numberOfVariables):
-        (JSC::DFG::PredictionTracker::argumentOffsetForOperand):
-        (JSC::DFG::PredictionTracker::predictArgument):
-        (JSC::DFG::PredictionTracker::predict):
-        (JSC::DFG::PredictionTracker::predictGlobalVar):
-        (JSC::DFG::PredictionTracker::getArgumentPrediction):
-        (JSC::DFG::PredictionTracker::getPrediction):
-        (JSC::DFG::PredictionTracker::getGlobalVarPrediction):
-        * dfg/DFGPropagator.cpp:
-        (JSC::DFG::Propagator::Propagator):
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::setPrediction):
-        (JSC::DFG::Propagator::mergeUse):
-        (JSC::DFG::Propagator::mergePrediction):
-        (JSC::DFG::Propagator::propagateNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
-        (JSC::DFG::SpeculateBooleanOperand::index):
-        (JSC::DFG::SpeculateBooleanOperand::gpr):
-        (JSC::DFG::SpeculateBooleanOperand::use):
-        * runtime/JSGlobalData.h:
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-
-2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (5/7)
-        https://bugs.webkit.org/show_bug.cgi?id=67420
-
-        Reviewed by Geoffrey Garen.
-
-        Completed the fifth level of the refactoring to add finishCreation() 
-        methods to all classes within the JSCell hierarchy with non-trivial 
-        constructor bodies.
-
-        This primarily consists of pushing the calls to finishCreation() down 
-        into the constructors of the subclasses of the second level of the hierarchy 
-        as well as pulling the finishCreation() calls out into the class's corresponding
-        create() method if it has one.  Doing both simultaneously allows us to 
-        maintain the invariant that the finishCreation() method chain is called exactly 
-        once during the creation of an object, since calling it any other number of 
-        times (0, 2, or more) will cause an assertion failure.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::create):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::JSCallbackFunction):
-        (JSC::JSCallbackFunction::finishCreation):
-        * API/JSCallbackFunction.h:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::create):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (GlobalObject::GlobalObject):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::ArrayConstructor::finishCreation):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::create):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        (JSC::BooleanConstructor::finishCreation):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::create):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        (JSC::BooleanPrototype::finishCreation):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        (JSC::DateConstructor::finishCreation):
-        * runtime/DateConstructor.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::create):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        (JSC::DatePrototype::finishCreation):
-        * runtime/DatePrototype.h:
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        (JSC::ErrorConstructor::finishCreation):
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::create):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        (JSC::FunctionConstructor::finishCreation):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        (JSC::FunctionPrototype::finishCreation):
-        * runtime/FunctionPrototype.h:
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::create):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::create):
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::create):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::create):
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/MathObject.h:
-        (JSC::MathObject::create):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::finishCreation):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        (JSC::NativeErrorPrototype::finishCreation):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        (JSC::NumberConstructor::finishCreation):
-        * runtime/NumberConstructor.h:
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::create):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        (JSC::NumberPrototype::finishCreation):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::ObjectConstructor::finishCreation):
-        * runtime/ObjectConstructor.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpConstructor::finishCreation):
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::create):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::create):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        (JSC::StringConstructor::finishCreation):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        (JSC::StringObject::create):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        (JSC::StringPrototype::finishCreation):
-        * runtime/StringPrototype.h:
-
-2011-09-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Accessibility tests crashing in BasicRawSentinelNode code
-        https://bugs.webkit.org/show_bug.cgi?id=67682
-
-        Reviewed by Geoffrey Garen.
-        
-        A CodeBlock should ensure that no other CodeBlocks have references to it after
-        it is destroyed.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-
-2011-09-06  Yong Li  <yoli@rim.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=67486
-        This reverts r65993 which gives wrong results for rshift
-        in some corner cases (see the test).
-
-        Reviewed by Gavin Barraclough.
-
-        New test: fast/js/floating-point-truncate-rshift.html
-
-        * assembler/ARMAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
-
-2011-09-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for r94559.
-        
-        Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
-        new out-of-line JIT-specific method definitions with !ENABLE(JIT).
-
-        * bytecode/CodeBlock.cpp:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-
-2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fix broken PPC build due to new dtoa library
-        https://bugs.webkit.org/show_bug.cgi?id=67654
-
-        Reviewed by Dan Bernstein.
-
-        Added condition for PPC in the new dtoa compatibility check so that
-        building won't fail.
-
-        * wtf/dtoa/utils.h:
-
-2011-09-05  Oliver Hunt  <oliver@apple.com>
-
-        An object's structure should reference the global object responsible for its creation
-        https://bugs.webkit.org/show_bug.cgi?id=67624
-
-        Reviewed by Gavin Barraclough.
-
-        Add a reference to a GlobalObject to Structure, and update all calls to
-        Structure::create() to pass the global object that is the origin for that
-        structure.  For objects where the appropriate global object isn't available
-        at construction time (global object prototypes, etc), or objects that
-        logically don't have a global object (strings, etc) we just pass null.
-
-        This change is largely mechanical (passing a new globalObject parameter
-        around).
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * API/JSContextRef.cpp:
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::createStructure):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::createStructure):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::createStructure):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::createStructure):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::createStructure):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::createStructure):
-        (JSC::NativeExecutable::createStructure):
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSByteArray.h:
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::finishCreation):
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::createInheritorID):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        (JSC::JSNonFinalObject::createStructure):
-        (JSC::JSFinalObject::createStructure):
-        (JSC::createEmptyObjectStructure):
-        * runtime/JSObjectWithGlobalObject.h:
-        (JSC::JSObjectWithGlobalObject::createStructure):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::createStructure):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::createStructure):
-        (JSC::NativeErrorConstructor::constructorBody):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::createStructure):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::createStructure):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::createStructure):
-        * runtime/RegExp.h:
-        (JSC::RegExp::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::createStructure):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::createStructure):
-        * runtime/StrictEvalActivation.h:
-        (JSC::StrictEvalActivation::createStructure):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::create):
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::createStructure):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::globalObject):
-        (JSC::Structure::setGlobalObject):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::createStructure):
-
-2011-09-06  Michael Saboff  <msaboff@apple.com>
-
-        Add windows changes for JSC:RegExp functional tests
-        https://bugs.webkit.org/show_bug.cgi?id=67521
-
-        Windows build changes for regular expression functional test.
-
-        Rubber-stamped by Gavin Barraclough.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/testRegExp: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
-
-2011-09-06  Filip Pizlo  <fpizlo@apple.com>
-
-        JavaScriptCore does not have tiered compilation
-        https://bugs.webkit.org/show_bug.cgi?id=67176
-
-        Reviewed by Gavin Barraclough.
-        
-        This adds the ability to have multiple CodeBlocks associated with
-        a particular role in an Executable.  These are stored in
-        descending order of compiler tier.  CodeBlocks are optimized when
-        a counter (m_executeCounter) that is incremented in loops and
-        epilogues becomes positive.  Optimizing means that all calls to
-        the old CodeBlock are unlinked.
-        
-        The DFG can now pull in predictions from ValueProfiles, and
-        propagate them along the graph.  To support the new phase while
-        maintaing some level of abstraction, a DFGDriver was introduced
-        that encapsulates how to run the DFG compiler.
-        
-        This is turned off by default because it's not yet a performance
-        win on all benchmarks.  It speeds up crypto and richards by
-        10% and 6% respectively, but still does not do as good of a job
-        as it could.  Notably, the DFG backend has not changed, and
-        is largely oblivious to the new information being made available
-        to it.
-        
-        When turned off (the default), this patch is performance neutral.
-
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::branchAdd32):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::branchAdd32):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CallLinkInfo::unlink):
-        (JSC::CodeBlock::unlinkCalls):
-        (JSC::CodeBlock::unlinkIncomingCalls):
-        (JSC::CodeBlock::clearEvalCache):
-        (JSC::replaceExistingEntries):
-        (JSC::CodeBlock::copyDataFromAlternative):
-        (JSC::ProgramCodeBlock::replacement):
-        (JSC::EvalCodeBlock::replacement):
-        (JSC::FunctionCodeBlock::replacement):
-        (JSC::ProgramCodeBlock::compileOptimized):
-        (JSC::EvalCodeBlock::compileOptimized):
-        (JSC::FunctionCodeBlock::compileOptimized):
-        * bytecode/CodeBlock.h:
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::ProgramCodeBlock::ProgramCodeBlock):
-        (JSC::EvalCodeBlock::EvalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::dump):
-        (JSC::ValueProfile::computeStatistics):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::dynamicallyPredict):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::parse):
-        * dfg/DFGDriver.cpp: Added.
-        (JSC::DFG::compile):
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGDriver.h: Added.
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::predictGlobalVar):
-        (JSC::DFG::Graph::isConstant):
-        (JSC::DFG::Graph::isJSConstant):
-        (JSC::DFG::Graph::isInt32Constant):
-        (JSC::DFG::Graph::isDoubleConstant):
-        (JSC::DFG::Graph::valueOfJSConstant):
-        (JSC::DFG::Graph::valueOfInt32Constant):
-        (JSC::DFG::Graph::valueOfDoubleConstant):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::isConstant):
-        (JSC::DFG::JITCompiler::isJSConstant):
-        (JSC::DFG::JITCompiler::isInt32Constant):
-        (JSC::DFG::JITCompiler::isDoubleConstant):
-        (JSC::DFG::JITCompiler::valueOfJSConstant):
-        (JSC::DFG::JITCompiler::valueOfInt32Constant):
-        (JSC::DFG::JITCompiler::valueOfDoubleConstant):
-        * dfg/DFGNode.h:
-        (JSC::DFG::isCellPrediction):
-        (JSC::DFG::isNumberPrediction):
-        (JSC::DFG::predictionToString):
-        (JSC::DFG::mergePrediction):
-        (JSC::DFG::makePrediction):
-        (JSC::DFG::Node::valueOfJSConstant):
-        (JSC::DFG::Node::isInt32Constant):
-        (JSC::DFG::Node::isDoubleConstant):
-        (JSC::DFG::Node::valueOfInt32Constant):
-        (JSC::DFG::Node::valueOfDoubleConstant):
-        (JSC::DFG::Node::predict):
-        * dfg/DFGPropagation.cpp: Added.
-        (JSC::DFG::Propagator::Propagator):
-        (JSC::DFG::Propagator::fixpoint):
-        (JSC::DFG::Propagator::setPrediction):
-        (JSC::DFG::Propagator::mergePrediction):
-        (JSC::DFG::Propagator::propagateNode):
-        (JSC::DFG::Propagator::propagateForward):
-        (JSC::DFG::Propagator::propagateBackward):
-        (JSC::DFG::propagate):
-        * dfg/DFGPropagation.h: Added.
-        (JSC::DFG::propagate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkFor):
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::Node::Node):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        (JSC::JIT::emitTimeoutCheck):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkFor):
-        * jit/JIT.h:
-        (JSC::JIT::emitOptimizationCheck):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        * jit/JITCode.h:
-        (JSC::JITCode::JITCode):
-        (JSC::JITCode::bottomTierJIT):
-        (JSC::JITCode::topTierJIT):
-        (JSC::JITCode::nextTierJIT):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileOptimized):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileOptimized):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileOptimizedForCall):
-        (JSC::FunctionExecutable::compileOptimizedForConstruct):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::compile):
-        (JSC::ProgramExecutable::compile):
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileForConstruct):
-        (JSC::FunctionExecutable::compileOptimizedFor):
-        * wtf/Platform.h:
-        * wtf/SentinelLinkedList.h:
-        (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
-        (WTF::BasicRawSentinelNode::setPrev):
-        (WTF::BasicRawSentinelNode::setNext):
-        (WTF::BasicRawSentinelNode::prev):
-        (WTF::BasicRawSentinelNode::next):
-        (WTF::BasicRawSentinelNode::isOnList):
-        (WTF::::remove):
-        (WTF::::SentinelLinkedList):
-        (WTF::::begin):
-        (WTF::::end):
-        (WTF::::push):
-
-2011-09-05  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r94445 and r94448.
-        http://trac.webkit.org/changeset/94445
-        http://trac.webkit.org/changeset/94448
-        https://bugs.webkit.org/show_bug.cgi?id=67595
-
-        It broke everything (Requested by ossy on #webkit).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::NewSpace):
-        * heap/NewSpace.h:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::allocatePropertyStorage):
-        * runtime/JSObject.h:
-        (JSC::JSObject::~JSObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSObject::transitionTo):
-        (JSC::JSObject::visitChildrenDirect):
-
-2011-09-05  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed build fix for r94452.
-
-        Add config.h as the first header to the cc files as required by the coding style.
-        Reuse macros from Assertions.h instead of adding addional #ifdefs.
-
-        * wtf/dtoa/bignum-dtoa.cc:
-        * wtf/dtoa/bignum.cc:
-        * wtf/dtoa/cached-powers.cc:
-        * wtf/dtoa/diy-fp.cc:
-        * wtf/dtoa/double-conversion.cc:
-        * wtf/dtoa/fast-dtoa.cc:
-        * wtf/dtoa/fixed-dtoa.cc:
-        * wtf/dtoa/strtod.cc:
-        * wtf/dtoa/utils.h:
-
-2011-09-05  Andras Becsi  <andras.becsi@nokia.com>
-
-        [Qt][WK2] Fix the build
-
-        Rubber-stamped by Csaba Osztrogonác.
-
-        * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
-        The variable fractional_part is only set but never used.
-
-2011-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
-        https://bugs.webkit.org/show_bug.cgi?id=67562
-
-        Reviewed by Darin Adler.
-
-        Fixing the build (again which was broken by the dtoa patch.  Needed 
-        to make sure WTF::double_conversion::initialize() is called for Qt
-        as well as adding a check for WinCE in dtoa/utils.h
-
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * wtf/dtoa/cached-powers.cc:
-        * wtf/dtoa/utils.h:
-
-2011-09-03  Filip Pizlo  <fpizlo@apple.com>
-
-        ThunkGenerators does not convert positive double zero into integer zero
-        https://bugs.webkit.org/show_bug.cgi?id=67553
-
-        Reviewed by Gavin Barraclough.
-        
-        This is an 0.5% speed-up on V8 and neutral elsewhere.
-
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::returnDouble):
-
-2011-09-03  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
-
-        * wscript:
-
-2011-09-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG variable predictions only work for local variables, not temporaries
-        https://bugs.webkit.org/show_bug.cgi?id=67554
-
-        Reviewed by Gavin Barraclough.
-        
-        This appears to be a slight speed-up in Kraken (0.3% but significant)
-        and neutral elsewhere.
-
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-
-2011-09-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT speculation failure does recovery of additions in reverse and
-        doesn't rebox
-        https://bugs.webkit.org/show_bug.cgi?id=67551
-
-        Reviewed by Sam Weinig.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-09-02  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueProfile does not make it safe to introspect cell values
-        after garbage collection
-        https://bugs.webkit.org/show_bug.cgi?id=67354
-
-        Reviewed by Gavin Barraclough.
-        
-        ValueProfile buckets are now weak references, implemented using a
-        light-weight weak reference mechanism that this patch also adds (the
-        WeakReferenceHarvester).  If a cell stored in a ValueProfile bucket
-        is not marked, then the bucket is transformed into a Structure
-        pointer.  If the Structure is not marked either, then it is turned
-        into a ClassInfo pointer.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CodeBlock::visitWeakReferences):
-        * bytecode/CodeBlock.h:
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfile::ValueProfile):
-        (JSC::ValueProfile::classInfo):
-        (JSC::ValueProfile::numberOfInt32s):
-        (JSC::ValueProfile::numberOfDoubles):
-        (JSC::ValueProfile::numberOfCells):
-        (JSC::ValueProfile::numberOfArrays):
-        (JSC::ValueProfile::probabilityOfArray):
-        (JSC::ValueProfile::WeakBucket::WeakBucket):
-        (JSC::ValueProfile::WeakBucket::operator!):
-        (JSC::ValueProfile::WeakBucket::isEmpty):
-        (JSC::ValueProfile::WeakBucket::isClassInfo):
-        (JSC::ValueProfile::WeakBucket::isStructure):
-        (JSC::ValueProfile::WeakBucket::asStructure):
-        (JSC::ValueProfile::WeakBucket::asClassInfo):
-        (JSC::ValueProfile::WeakBucket::getClassInfo):
-        * heap/Heap.cpp:
-        (JSC::Heap::harvestWeakReferences):
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::harvestWeakReferences):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::addWeakReferenceHarvester):
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::appendUnbarrieredPointer):
-        * heap/SlotVisitor.h:
-        * heap/WeakReferenceHarvester.h: Added.
-        (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
-        (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
-
-2011-09-02  Michael Saboff  <msaboff@apple.com>
-
-        Replace local implementation of string equals() methods with UString versions
-        https://bugs.webkit.org/show_bug.cgi?id=67342
-
-        In preparation to allowing StringImpl to be backed by 8 bit 
-        characters when appropriate, we need to eliminate or change the
-        usage of StringImpl::characters(). Change the uses of characters()
-        that are used to implement redundant equals() methods.
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::equal):
-        * runtime/Identifier.h:
-        (JSC::Identifier::equal):
-        * wtf/text/AtomicString.cpp:
-        (WTF::CStringTranslator::equal): Moved an optimized method to here.
-        (WTF::operator==):
-        * wtf/text/StringImpl.cpp:
-        (WTF::equal):
-        * wtf/text/StringImpl.h:
-
-2011-09-02  Michael Saboff  <msaboff@apple.com>
-
-        Add JSC:RegExp functional tests
-        https://bugs.webkit.org/show_bug.cgi?id=67339
-
-        Added new test driver program (testRegExp) and corresponding data file
-        along with build scripts changes.
-
-        Reviewed by Gavin Barraclough.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * testRegExp.cpp: Added.
-        (Options::Options):
-        (StopWatch::start):
-        (StopWatch::stop):
-        (StopWatch::getElapsedMS):
-        (RegExpTest::RegExpTest):
-        (GlobalObject::create):
-        (GlobalObject::className):
-        (GlobalObject::GlobalObject):
-        (main):
-        (cleanupGlobalData):
-        (testOneRegExp):
-        (scanString):
-        (parseRegExpLine):
-        (parseTestLine):
-        (runFromFiles):
-        (printUsageStatement):
-        (parseArguments):
-        (realMain):
-        * tests/regexp: Added.
-        * tests/regexp/RegExpTest.data: Added.
-
-2011-09-02  Michael Saboff  <msaboff@apple.com>
-
-        Add JSC:RegExp functional test data generator
-        https://bugs.webkit.org/show_bug.cgi?id=67519
-
-        Add a data generator for regular expressions.  To enable, change the
-        #undef REGEXP_FUNC_TEST_DATA_GEN to #define.  Then compile and use
-        regular expressions.  The resulting data will be in /tmp/RegExpTestsData.
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/RegExp.cpp:
-        (JSC::regExpFlags):
-        (JSC::RegExpFunctionalTestCollector::clearRegExp):
-        (JSC::RegExpFunctionalTestCollector::get):
-        (JSC::RegExpFunctionalTestCollector::outputOneTest):
-        (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
-        (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
-        (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
-        (JSC::RegExp::~RegExp):
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        (JSC::RegExp::matchCompareWithInterpreter):
-
-2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fix the broken build due to dtoa patch
-        https://bugs.webkit.org/show_bug.cgi?id=67534
-
-        Reviewed by Oliver Hunt.
-
-        Fixing the build.
-
-        * GNUmakefile.list.am:
-        * wtf/dtoa/bignum.cc:
-        * wtf/dtoa/fast-dtoa.cc:
-        * wtf/dtoa/utils.h:
-
-2011-09-02  Oliver Hunt  <oliver@apple.com>
-
-        Remove OldSpace classes
-        https://bugs.webkit.org/show_bug.cgi?id=67533
-
-        Reviewed by Gavin Barraclough.
-
-        Remove the unused OldSpace classes
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Heap.cpp:
-        (JSC::Heap::writeBarrierSlowCase):
-        * heap/MarkedBlock.h:
-        * heap/OldSpace.cpp: Removed.
-        * heap/OldSpace.h: Removed.
-
-2011-09-02  James Robinson  <jamesr@chromium.org>
-
-        Compile fix for mac build.
-
-        * wtf/CheckedArithmetic.h:
-        (WTF::operator+):
-        (WTF::operator-):
-        (WTF::operator*):
-
-2011-08-30  Matthew Delaney  <mdelaney@apple.com>
-
-        Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
-        https://bugs.webkit.org/show_bug.cgi?id=65352
-
-        Reviewed by Simon Fraser.
-
-        New test: fast/canvas/canvas-getImageData-large-crash.html
-
-        This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
-        calls that specify widths and heights that end up overflowing the ints that we store those values in
-        as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
-        arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
-        is just to add a new helper method described below.
-
-        * wtf/MathExtras.h:
-        (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
-
-2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Incorporate newer, faster dtoa library
-        https://bugs.webkit.org/show_bug.cgi?id=66346
-
-        Reviewed by Oliver Hunt.
-
-        Added new dtoa library at http://code.google.com/p/double-conversion/.
-        Replaced old call to dtoa.  The new library is much faster than the old one.
-        We still use the old dtoa for some stuff in WebCore as well as the old strtod, 
-        but we can phase these out eventually as well.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/InitializeThreading.cpp:
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        * runtime/UString.cpp:
-        (JSC::UString::number):
-        * wtf/CMakeLists.txt:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeThreading):
-        * wtf/dtoa.cpp:
-        (WTF::dtoa):
-        * wtf/dtoa.h:
-        * wtf/dtoa/COPYING: Added.
-        * wtf/dtoa/LICENSE: Added.
-        * wtf/dtoa/README: Added.
-        * wtf/dtoa/bignum-dtoa.cc: Added.
-        * wtf/dtoa/bignum-dtoa.h: Added.
-        * wtf/dtoa/bignum.cc: Added.
-        * wtf/dtoa/bignum.h: Added.
-        (WTF::double_conversion::Bignum::Times10):
-        (WTF::double_conversion::Bignum::Equal):
-        (WTF::double_conversion::Bignum::LessEqual):
-        (WTF::double_conversion::Bignum::Less):
-        (WTF::double_conversion::Bignum::PlusEqual):
-        (WTF::double_conversion::Bignum::PlusLessEqual):
-        (WTF::double_conversion::Bignum::PlusLess):
-        (WTF::double_conversion::Bignum::EnsureCapacity):
-        (WTF::double_conversion::Bignum::BigitLength):
-        * wtf/dtoa/cached-powers.cc: Added.
-        * wtf/dtoa/cached-powers.h: Added.
-        * wtf/dtoa/diy-fp.cc: Added.
-        * wtf/dtoa/diy-fp.h: Added.
-        (WTF::double_conversion::DiyFp::DiyFp):
-        (WTF::double_conversion::DiyFp::Subtract):
-        (WTF::double_conversion::DiyFp::Minus):
-        (WTF::double_conversion::DiyFp::Times):
-        (WTF::double_conversion::DiyFp::Normalize):
-        (WTF::double_conversion::DiyFp::f):
-        (WTF::double_conversion::DiyFp::e):
-        (WTF::double_conversion::DiyFp::set_f):
-        (WTF::double_conversion::DiyFp::set_e):
-        * wtf/dtoa/double-conversion.cc: Added.
-        * wtf/dtoa/double-conversion.h: Added.
-        (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
-        (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
-        * wtf/dtoa/double.h: Added.
-        (WTF::double_conversion::double_to_uint64):
-        (WTF::double_conversion::uint64_to_double):
-        (WTF::double_conversion::Double::Double):
-        (WTF::double_conversion::Double::AsDiyFp):
-        (WTF::double_conversion::Double::AsNormalizedDiyFp):
-        (WTF::double_conversion::Double::AsUint64):
-        (WTF::double_conversion::Double::NextDouble):
-        (WTF::double_conversion::Double::Exponent):
-        (WTF::double_conversion::Double::Significand):
-        (WTF::double_conversion::Double::IsDenormal):
-        (WTF::double_conversion::Double::IsSpecial):
-        (WTF::double_conversion::Double::IsNan):
-        (WTF::double_conversion::Double::IsInfinite):
-        (WTF::double_conversion::Double::Sign):
-        (WTF::double_conversion::Double::UpperBoundary):
-        (WTF::double_conversion::Double::NormalizedBoundaries):
-        (WTF::double_conversion::Double::value):
-        (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
-        (WTF::double_conversion::Double::Infinity):
-        (WTF::double_conversion::Double::NaN):
-        (WTF::double_conversion::Double::DiyFpToUint64):
-        * wtf/dtoa/fast-dtoa.cc: Added.
-        * wtf/dtoa/fast-dtoa.h: Added.
-        * wtf/dtoa/fixed-dtoa.cc: Added.
-        * wtf/dtoa/fixed-dtoa.h: Added.
-        * wtf/dtoa/strtod.cc: Added.
-        * wtf/dtoa/strtod.h: Added.
-        * wtf/dtoa/utils.h: Added.
-        (WTF::double_conversion::Max):
-        (WTF::double_conversion::Min):
-        (WTF::double_conversion::StrLength):
-        (WTF::double_conversion::Vector::Vector):
-        (WTF::double_conversion::Vector::SubVector):
-        (WTF::double_conversion::Vector::length):
-        (WTF::double_conversion::Vector::is_empty):
-        (WTF::double_conversion::Vector::start):
-        (WTF::double_conversion::Vector::operator[]):
-        (WTF::double_conversion::Vector::first):
-        (WTF::double_conversion::Vector::last):
-        (WTF::double_conversion::StringBuilder::StringBuilder):
-        (WTF::double_conversion::StringBuilder::~StringBuilder):
-        (WTF::double_conversion::StringBuilder::size):
-        (WTF::double_conversion::StringBuilder::position):
-        (WTF::double_conversion::StringBuilder::Reset):
-        (WTF::double_conversion::StringBuilder::AddCharacter):
-        (WTF::double_conversion::StringBuilder::AddString):
-        (WTF::double_conversion::StringBuilder::AddSubstring):
-        (WTF::double_conversion::StringBuilder::AddPadding):
-        (WTF::double_conversion::StringBuilder::Finalize):
-        (WTF::double_conversion::StringBuilder::is_finalized):
-        (WTF::double_conversion::BitCast):
-        * wtf/wtf.pri:
-
-2011-09-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG graph has no way of distinguishing or reconciling between static
-        and dynamic predictions
-        https://bugs.webkit.org/show_bug.cgi?id=67343
-
-        Reviewed by Gavin Barraclough.
-        
-        PredictedType now stores the source of the prediction.  Merging predictions,
-        which was previously done with a bitwise or, is now done via the
-        mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
-        functions, which correctly handle combinations of static and dynamic.
-        
-        This is performance-neutral, since all predictions are currently static and
-        so the code has no visible effects.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::staticallyPredictArray):
-        (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::predictGlobalVar):
-        * dfg/DFGNode.h:
-        (JSC::DFG::isArrayPrediction):
-        (JSC::DFG::isInt32Prediction):
-        (JSC::DFG::isDoublePrediction):
-        (JSC::DFG::isDynamicPrediction):
-        (JSC::DFG::mergePredictions):
-        (JSC::DFG::mergePrediction):
-        (JSC::DFG::makePrediction):
-        (JSC::DFG::Node::predict):
-
-2011-09-02  Oliver Hunt  <oliver@apple.com>
-
-        Fix 32bit build.
-
-        * heap/NewSpace.h:
-        (JSC::NewSpace::allocatePropertyStorage):
-        (JSC::NewSpace::inPropertyStorageNursery):
-
-2011-09-02  Oliver Hunt  <oliver@apple.com>
-
-        Use bump allocator for initial property storage
-        https://bugs.webkit.org/show_bug.cgi?id=67494
-
-        Reviewed by Gavin Barraclough.
-
-        Switch to a bump allocator for the initial out of line
-        property storage.  This gives us slightly faster allocation
-        for short lived objects that need out of line storage at
-        the cost of an additional memcpy when the object survives
-        a GC pass.
-
-        No performance impact.
-
-        * JavaScriptCore.exp:
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (JSC::Heap::allocatePropertyStorage):
-        (JSC::Heap::inPropertyStorageNursary):
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::NewSpace):
-        * heap/NewSpace.h:
-        (JSC::NewSpace::resetPropertyStorageNursary):
-        (JSC::NewSpace::allocatePropertyStorage):
-        (JSC::NewSpace::inPropertyStorageNursary):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::allocatePropertyStorage):
-        * runtime/JSObject.h:
-        (JSC::JSObject::~JSObject):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        (JSC::JSObject::transitionTo):
-        (JSC::JSObject::visitChildrenDirect):
-
-2011-09-01  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build.
-
-        * JavaScriptCore.JSVALUE32_64only.exp:
-        * JavaScriptCore.JSVALUE64only.exp:
-        * JavaScriptCore.exp:
-
-2011-09-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (4/7)
-        https://bugs.webkit.org/show_bug.cgi?id=67174
-
-        Reviewed by Oliver Hunt.
-
-        Completed the fourth level of the refactoring to add finishCreation() 
-        methods to all classes within the JSCell hierarchy with non-trivial 
-        constructor bodies.
-
-        This primarily consists of pushing the calls to finishCreation() down 
-        into the constructors of the subclasses of the second level of the hierarchy 
-        as well as pulling the finishCreation() calls out into the class's corresponding
-        create() method if it has one.  Doing both simultaneously allows us to 
-        maintain the invariant that the finishCreation() method chain is called exactly 
-        once during the creation of an object, since calling it any other number of 
-        times (0, 2, or more) will cause an assertion failure.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        (JSC::JSCallbackConstructor::finishCreation):
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::create):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        (JSC::::finishCreation):
-        * JavaScriptCore.JSVALUE64only.exp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::create):
-        * debugger/DebuggerActivation.h:
-        * runtime/Arguments.h:
-        (JSC::Arguments::create):
-        (JSC::Arguments::createNoParameters):
-        (JSC::Arguments::Arguments):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        (JSC::ArrayPrototype::finishCreation):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        (JSC::BooleanObject::finishCreation):
-        * runtime/BooleanObject.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        (JSC::DateInstance::finishCreation):
-        * runtime/DateInstance.h:
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::create):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        (JSC::ErrorPrototype::finishCreation):
-        * runtime/ErrorPrototype.h:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        (JSC::InterruptedExecutionError::create):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        (JSC::TerminatedExecutionError::create):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::EvalExecutable::create):
-        (JSC::ProgramExecutable::create):
-        (JSC::FunctionExecutable::create):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        (JSC::InternalFunction::finishCreation):
-        * runtime/InternalFunction.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::finishCreation):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-        (JSC::JSArray::create):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::create):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::finishCreation):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::create):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::finishCreation):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::JSNotAnObject):
-        (JSC::JSNotAnObject::create):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        (JSC::JSONObject::finishCreation):
-        * runtime/JSONObject.h:
-        * runtime/JSObjectWithGlobalObject.cpp:
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSObjectWithGlobalObject.h:
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::create):
-        (JSC::JSStaticScopeObject::finishCreation):
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        (JSC::MathObject::finishCreation):
-        * runtime/MathObject.h:
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        (JSC::NumberObject::finishCreation):
-        * runtime/NumberObject.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::create):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::finishCreation):
-        * runtime/RegExpMatchesArray.h:
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        (JSC::RegExpObject::finishCreation):
-        * runtime/RegExpObject.h:
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-        * runtime/StrictEvalActivation.h:
-        (JSC::StrictEvalActivation::create):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        (JSC::StringObject::finishCreation):
-        * runtime/StringObject.h:
-
-2011-09-01  Daniel Bates  <dbates@rim.com>
-
-        QNX GCC distribution doesn't support vasprintf()
-        https://bugs.webkit.org/show_bug.cgi?id=67423
-
-        Reviewed by Antonio Gomes.
-
-        * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
-
-2011-09-01  Michael Saboff  <msaboff@apple.com>
-
-        Remove simple usage of UString::characters() from JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=67340
-
-        In preparation to allowing StringImpl to be backed by 8 bit 
-        characters when appropriate, we need to eliminate or change the
-        usage of StringImpl::characters().  Most of the changes below
-        change s->characters()[0] to s[0].
-
-        Reviewed by Geoffrey Garen.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::keyForCharacterSwitch):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::processClauseList):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::addSlowCase):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::jsToNumber):
-        (JSC::parseFloat):
-        * runtime/JSString.cpp:
-        (JSC::JSString::substringFromRope):
-        * runtime/JSString.h:
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsString):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString):
-        * runtime/RegExp.cpp:
-        (JSC::regExpFlags):
-        * wtf/text/StringBuilder.h:
-        (WTF::StringBuilder::operator[]):
-
-2011-09-01  Ada Chan  <adachan@apple.com>
-
-        Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-09-01  Hao Zheng  <zhenghao@chromium.org>
-
-        Define PTHREAD_KEYS_MAX to fix Android port build.
-        https://bugs.webkit.org/show_bug.cgi?id=67362
-
-        Reviewed by Adam Barth.
-
-        PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp:
-
-2011-08-31  Oliver Hunt  <oliver@apple.com>
-
-        Fix build.
-
-        * wtf/CheckedArithmetic.h:
-        (WTF::Checked::Checked):
-        (WTF::Checked::operator=):
-
-2011-08-31  Oliver Hunt  <oliver@apple.com>
-
-        fast/regex/overflow.html asserts in debug builds
-        https://bugs.webkit.org/show_bug.cgi?id=67326
-
-        Reviewed by Gavin Barraclough.
-
-        The deliberate overflows in these expressions don't interact nicely
-        with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
-        intermediate calculations.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
-
-2011-08-31  Jeff Miller  <jeffm@apple.com>
-
-        REGRESSION(92210): AVFoundation media engine is disabled on OS X
-        https://bugs.webkit.org/show_bug.cgi?id=67316
-
-        Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
-        since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
-        changes that were made in r92210.
-
-        Reviewed by Darin Adler.
-
-        * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
-
-2011-08-31  Peter Beverloo  <peter@chromium.org>
-
-        Add Android's platform specification and the right atomic functions.
-        https://bugs.webkit.org/show_bug.cgi?id=66687
-
-        Reviewed by Adam Barth.
-
-        * wtf/Atomics.h:
-        (WTF::atomicIncrement):
-        (WTF::atomicDecrement):
-        * wtf/Platform.h:
-
-2011-08-30  Oliver Hunt  <oliver@apple.com>
-
-        Add support for checked arithmetic
-        https://bugs.webkit.org/show_bug.cgi?id=67095
-
-        Reviewed by Sam Weinig.
-
-        Add a checked arithmetic class Checked<T> that provides overflow-safe
-        arithmetic over all integral types.  Checked<T> supports addition, subtraction
-        and multiplication, along with "bool" conversions and equality operators.
-
-        Checked<> can be used in either CRASH() on overflow or delayed failure modes,
-        although the default is to CRASH().
-
-        To ensure the code is actually in use (rather than checking in dead code) I've
-        made a couple of properties in YARR use Checked<int> and Checked<unsigned>
-        instead of raw value arithmetic.  This has resulted in a moderate set of changes,
-        to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
-        to unsigned for some uses of sizeof, as Checked<> currently does not support
-        mixed signed-ness of types wider that 32 bits.
-
-        Happily the increased type safety of Checked<> means that it's not possible to
-        accidentally assign away precision, nor accidentally call integer overload of
-        a function instead of the bool version.
-
-        No measurable regression in performance, and SunSpider claims this patch to be
-        a progression of 0.3%.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CheckedArithmetic.h: Added.
-        (WTF::CrashOnOverflow::overflowed):
-        (WTF::CrashOnOverflow::clearOverflow):
-        (WTF::CrashOnOverflow::hasOverflowed):
-        (WTF::RecordOverflow::RecordOverflow):
-        (WTF::RecordOverflow::overflowed):
-        (WTF::RecordOverflow::clearOverflow):
-        (WTF::RecordOverflow::hasOverflowed):
-        (WTF::isInBounds):
-        (WTF::safeAdd):
-        (WTF::safeSub):
-        (WTF::safeMultiply):
-        (WTF::safeEquals):
-        (WTF::workAroundClangBug):
-        (WTF::Checked::Checked):
-        (WTF::Checked::operator=):
-        (WTF::Checked::operator++):
-        (WTF::Checked::operator--):
-        (WTF::Checked::operator!):
-        (WTF::Checked::operator UnspecifiedBoolType*):
-        (WTF::Checked::get):
-        (WTF::Checked::operator+=):
-        (WTF::Checked::operator-=):
-        (WTF::Checked::operator*=):
-        (WTF::Checked::operator==):
-        (WTF::Checked::operator!=):
-        (WTF::operator+):
-        (WTF::operator-):
-        (WTF::operator*):
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::atomPatternCharacter):
-        (JSC::Yarr::ByteCompiler::atomCharacterClass):
-        (JSC::Yarr::ByteCompiler::atomBackReference):
-        (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
-        (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
-        * yarr/YarrInterpreter.h:
-        (JSC::Yarr::ByteTerm::ByteTerm):
-        (JSC::Yarr::ByteTerm::CheckInput):
-        (JSC::Yarr::ByteTerm::UncheckInput):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generateAssertionEOL):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
-        * yarr/YarrPattern.h:
-
-2011-08-31  Andrei Popescu  <andreip@google.com>
-
-        Investigate current uses of OS(ANDROID)
-        https://bugs.webkit.org/show_bug.cgi?id=66761
-
-        Unreviewed, build fix for ARM platforms.
-
-        * wtf/Platform.h:
-
-2011-08-31  Andrei Popescu  <andreip@google.com>
-
-        Investigate current uses of OS(ANDROID)
-        https://bugs.webkit.org/show_bug.cgi?id=66761
-
-        Reviewed by Darin Adler.
-
-        Remove the last legacy Android code.
-
-        No new tests needed as the code wasn't tested in the first place.
-
-        * wtf/Atomics.h:
-        * wtf/Platform.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::createThreadInternal):
-
-2011-08-30  Aaron Colwell  <acolwell@chromium.org>
-
-        Add MediaSource API to HTMLMediaElement
-        https://bugs.webkit.org/show_bug.cgi?id=64731
-
-        Reviewed by Eric Carlson.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-08-30  Oliver Hunt  <oliver@apple.com>
-
-        TypedArrays don't ensure that denormalised values are normalised
-        https://bugs.webkit.org/show_bug.cgi?id=67178
-
-        Reviewed by Gavin Barraclough.
-
-        Add a couple of assertions to jsNumber() to ensure that
-        we block signaling NaNs
-
-        * runtime/JSValue.h:
-        (JSC::jsDoubleNumber):
-        (JSC::jsNumber):
-
-2011-08-30  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
-
-        [Qt] Do not unconditionally use pkg-config in .pro files
-        https://bugs.webkit.org/show_bug.cgi?id=67055
-
-        Reviewed by Andreas Kling.
-
-        Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
-
-        Using the first pkg-config in PATH is prone to errors when cross
-        compiling inside the Qt repository (using Qt's build-system).
-
-        This patch protect calls for pkg-config with
-        !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
-        QT_CONFIG by Qt's 'configure' when cross-compiling on systems
-        without pkg-config.
-
-        The respective change in Qt's configure has been submited already.
-
-        No new tests as this is just a build change.
-
-        * wtf/wtf.pri: protect pkg-config calls
-
-2011-08-29  Daniel Bates  <dbates@webkit.org>
-
-        Add HAVE(VASPRINTF) macro to test for vasprintf() support
-        https://bugs.webkit.org/show_bug.cgi?id=67156
-
-        Reviewed by Darin Adler.
-
-        Encapsulate testing of vasprintf() support in a HAVE macro
-        instead of hardcoding the list of supported/unsupported
-        compilers at the call site.
-
-        * wtf/Platform.h:
-
-2011-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (3/7)
-        https://bugs.webkit.org/show_bug.cgi?id=67064
-
-        Reviewed by Darin Adler.
-
-        Completed the third level of the refactoring to add finishCreation() 
-        methods to all classes within the JSCell hierarchy with non-trivial 
-        constructor bodies.
-
-        This primarily consists of pushing the calls to finishCreation() down 
-        into the constructors of the subclasses of the second level of the hierarchy 
-        as well as pulling the finishCreation() calls out into the class's corresponding
-        create() method if it has one.  Doing both simultaneously allows us to 
-        maintain the invariant that the finishCreation() method chain is called exactly 
-        once during the creation of an object, since calling it any other number of 
-        times (0, 2, or more) will cause an assertion failure.
-
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::finishCreation):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::create):
-        * runtime/Arguments.h:
-        (JSC::Arguments::create):
-        (JSC::Arguments::createNoParameters):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::finishCreation):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::finishCreation):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        Moved the assignment of m_firstLine and m_lastLine into the 
-        FunctionExecutable::finishCreation() method in Executable.h
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::EvalExecutable::create):
-        (JSC::ProgramExecutable::create):
-        (JSC::FunctionExecutable::create):
-        (JSC::FunctionExecutable::finishCreation):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::finishCreation):
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::finishCreation):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::JSNotAnObject):
-        * runtime/JSObject.h:
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        * runtime/JSObjectWithGlobalObject.cpp:
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        (JSC::JSObjectWithGlobalObject::finishCreation):
-        * runtime/JSObjectWithGlobalObject.h:
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        (JSC::JSVariableObject::finishCreation):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        (JSC::ObjectPrototype::finishCreation):
-        * runtime/ObjectPrototype.h:
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-
-2011-08-29  Andreas Kling  <kling@webkit.org>
-
-        Unreviewed build fix after r93990.
-
-        * wtf/HashTable.h:
-
-2011-08-29  Andreas Kling  <kling@webkit.org>
-
-        Viewing a post on reddit.com wastes a lot of memory on event listeners.
-        https://bugs.webkit.org/show_bug.cgi?id=67133
-
-        Reviewed by Darin Adler.
-
-        Add a minimum table size to the HashTraits, instead of having it hard coded.
-        The default value remains at 64, but can now be specialized.
-
-        * runtime/StructureTransitionTable.h:
-        * wtf/HashTable.h:
-        (WTF::HashTable::shouldShrink):
-        (WTF::::expand):
-        (WTF::::checkTableConsistencyExceptSize):
-        * wtf/HashTraits.h:
-
-2011-08-28  Jonathan Liu  <net147@gmail.com>
-
-        Fix build error when compiling with MinGW-w64 by disabling JIT
-        on Windows 64-bit
-        https://bugs.webkit.org/show_bug.cgi?id=61235
-
-        Reviewed by Gavin Barraclough.
-
-        The fixed mmap executable allocator for JIT on x86_64 requires
-        sys/mman.h which is not available on Windows.
-
-        * wtf/Platform.h:
-
-2011-08-27  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC::Executable is inconsistent about using weak handle finalizers
-        and destructors for releasing memory
-        https://bugs.webkit.org/show_bug.cgi?id=67072
-
-        Reviewed by Darin Adler.
-        
-        Moved more of the destruction of Executable state into the finalizer,
-        which also resulted in an opportunity to mostly combine this with
-        discardCode().  This also means that the finalizer is now enabled even
-        when the JIT is turned off.  This is performance neutral on SunSpider,
-        V8, and Kraken.
-
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::clearCode):
-        (JSC::ExecutableFinalizer::finalize):
-        (JSC::EvalExecutable::clearCode):
-        (JSC::ProgramExecutable::clearCode):
-        (JSC::FunctionExecutable::discardCode):
-        (JSC::FunctionExecutable::clearCode):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::finishCreation):
-
-2011-08-26  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT - ArithMod may clobber operands.
-        https://bugs.webkit.org/show_bug.cgi?id=67085
-
-        Reviewed by Sam Weinig.
-
-        unboxDouble must be called on a temporary.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::boxDouble):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-08-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (2/7)
-        https://bugs.webkit.org/show_bug.cgi?id=66957
-
-        Reviewed by Darin Adler.
-
-        Completed the second level of the refactoring to add finishCreation()
-        methods to all classes within the JSCell hierarchy with non-trivial 
-        constructor bodies.
-
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::create):
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::finishCreation):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::ScriptExecutable::finishCreation):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::create):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::create):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSObject.h:
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSNonFinalObject::finishCreation):
-        (JSC::JSFinalObject::create):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::JSFinalObject::JSFinalObject):
-        (JSC::JSObject::JSObject):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::createWithoutCaching):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        (JSC::ScopeChainNode::create):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::finishCreation):
-        (JSC::Structure::createStructure):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-
-2011-08-26  Filip Pizlo  <fpizlo@apple.com>
-
-        The GC does not have a facility for profiling the kinds of objects
-        that occupy the heap
-        https://bugs.webkit.org/show_bug.cgi?id=66849
-
-        Reviewed by Geoffrey Garen.
-        
-        Destructor calls and object scans are now optionally counted, per
-        vtable. When the heap is destroyed and profiling is enabled, the
-        counts are dumped, with care taken to print the names of classes
-        (modulo C++ mangling) sorted in descending commonality.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Heap.cpp:
-        (JSC::Heap::destroy):
-        * heap/Heap.h:
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::visitChildren):
-        (JSC::SlotVisitor::drain):
-        * heap/MarkStack.h:
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::callDestructor):
-        * heap/MarkedBlock.h:
-        * heap/VTableSpectrum.cpp: Added.
-        (JSC::VTableSpectrum::VTableSpectrum):
-        (JSC::VTableSpectrum::~VTableSpectrum):
-        (JSC::VTableSpectrum::countVPtr):
-        (JSC::VTableSpectrum::count):
-        (JSC::VTableAndCount::VTableAndCount):
-        (JSC::VTableAndCount::operator<):
-        (JSC::VTableSpectrum::dump):
-        * heap/VTableSpectrum.h: Added.
-        * wtf/Platform.h:
-
-2011-08-26  Juan C. Montemayor  <jmont@apple.com>
-
-        Update topCallFrame when calling host functions in the JIT
-        https://bugs.webkit.org/show_bug.cgi?id=67010
-
-        Reviewed by Oliver Hunt.
-        
-        The topCallFrame is not being updated when a host function is
-        called by the JIT. This causes problems when trying to create a
-        stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-
-2011-08-26  Alexey Proskuryakov  <ap@apple.com>
-
-        Get rid of frame life support timer
-        https://bugs.webkit.org/show_bug.cgi?id=66874
-
-        Reviewed by Geoff Garen.
-
-        * runtime/JSGlobalObject.h:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
-
-2011-08-26  Chao-ying Fu  <fu@mips.com>
-
-        Fix MIPS patchOffsetGetByIdSlowCaseCall
-        https://bugs.webkit.org/show_bug.cgi?id=67046
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JIT.h:
-
-2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing broken build due to unused variables in release mode
-        https://bugs.webkit.org/show_bug.cgi?id=67004
-
-        Unreviewed, release build fix.
-
-        Fixing broken build due to unused variables in ASSERTs in release build.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::finishCreation):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::finishCreation):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::finishCreation):
-
-2011-08-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Unzip initialization lists and constructors in JSCell hierarchy (1/7)
-        https://bugs.webkit.org/show_bug.cgi?id=66827
-
-        Reviewed by Geoffrey Garen.
-
-        Added finishCreation() methods to all immediately subclasses of JSCell with
-        non-empty constructors.  Part of a larger refactoring to "unzip" initialization
-        lists and constructor bodies.  Also renamed JSCell's constructorBody() method
-        to finishCreation().
-
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::constructorBody):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::constructorBody):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::JSCell):
-        (JSC::JSCell::JSCell::constructorBody):
-        * runtime/JSObject.h:
-        (JSC::JSObject::constructorBody):
-        (JSC::JSObject::JSObject):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::constructorBody):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::constructorBody):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::constructorBody):
-        * runtime/RegExp.h:
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        (JSC::ScopeChainNode::constructorBody):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-        (JSC::StructureChain::constructorBody):
-
-2011-08-25  Gabor Loki  <loki@webkit.org>
-
-        REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
-        https://bugs.webkit.org/show_bug.cgi?id=66956
-
-        Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
-
-        Reviewed by Oliver Hunt.
-
-        * jit/JIT.h:
-
-2011-08-24  Juan C. Montemayor  <jmont@apple.com>
-
-        Keep track of topCallFrame for Stack traces
-        https://bugs.webkit.org/show_bug.cgi?id=66571
-
-        Reviewed by Geoffrey Garen.
-
-        This patch adds a TopCallFrame to JSC in order to have that information
-        when an error is thrown to create a stack trace. The TopCallFrame is
-        updated throughout select points in the Interpreter and the JSC.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC::TopCallFrameSetter::TopCallFrameSetter):
-        (JSC::TopCallFrameSetter::~TopCallFrameSetter):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::updateTopCallFrame):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::call):
-        * jit/JITStubs.cpp:
-        (JSC::throwExceptionFromOpCall):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::arityCheckFor):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-
-2011-08-24  Filip Pizlo  <fpizlo@apple.com>
-
-        ErrorInstance::create sometimes has two heap object constructions
-        in flight at once
-        https://bugs.webkit.org/show_bug.cgi?id=66845
-
-        Reviewed by Darin Adler.
-        
-        The fix is simple since there is already a second create() method
-        that takes a UString.
-
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::create):
-
-2011-08-24  Filip Pizlo  <fpizlo@apple.com>
-
-        There is no facility for profiling how the write barrier is used
-        https://bugs.webkit.org/show_bug.cgi?id=66747
-
-        Reviewed by Geoffrey Garen.
-        
-        Added facilities for the JIT to specify the kind of write barrier
-        being executed.  Added code for profiling the number of each kind
-        of barrier encountered.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::writeBarrier):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::emitCount):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::emitCount):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCachePutByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/Heap.h:
-        (JSC::Heap::writeBarrier):
-        * heap/WriteBarrierSupport.cpp: Added.
-        (JSC::WriteBarrierCounters::initialize):
-        * heap/WriteBarrierSupport.h: Added.
-        (JSC::WriteBarrierCounters::WriteBarrierCounters):
-        (JSC::WriteBarrierCounters::jitCounterFor):
-        (JSC::WriteBarrierCounters::countWriteBarrier):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emitWriteBarrier):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emitWriteBarrier):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-
-2011-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add checks to ensure allocation does not take place during initialization of GC-managed objects
-        https://bugs.webkit.org/show_bug.cgi?id=65288
-
-        Reviewed by Darin Adler.
-
-        Adding the new validation functionality.  In its current state, it will performs checks, 
-        but they don't fail unless you do allocation in the arguments to the parent constructor in the 
-        initialization list of a class.  The allocateCell() method turns on the global flag disallowing any new 
-        allocations, and the constructorBody() method in JSCell turns it off.  This way, allocation is still 
-        allowed in constructor bodies while other refactoring efforts continue.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::constructorBody):
-        (JSC::JSCell::JSCell::JSCell):
-        (JSC::JSCell::allocateCell):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::isInitializingObject):
-        (JSC::JSGlobalData::setInitializingObject):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::create):
-
-2011-08-23  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=55347
-        "name" and "message" enumerable on *Error.prototype
-
-        Reviewed by Sam Weinig.
-
-        The default value of a NativeErrorPrototype's message
-        property is "", not the name of the error.
-
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::create):
-        (JSC::NativeErrorConstructor::constructorBody):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        (JSC::NativeErrorPrototype::constructorBody):
-        * runtime/NativeErrorPrototype.h:
-        (JSC::NativeErrorPrototype::create):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::create):
-
-2011-08-23  Steve Block  <steveblock@google.com>
-
-        Remove last occurrences of PLATFORM(ANDROID)
-        https://bugs.webkit.org/show_bug.cgi?id=66763
-
-        Reviewed by Tony Gentilcore.
-
-        * wtf/Platform.h:
-
-2011-08-23  Steve Block  <steveblock@google.com>
-
-        Remove all mention of removed Android files from build scripts
-        https://bugs.webkit.org/show_bug.cgi?id=66755
-
-        Reviewed by Tony Gentilcore.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-
-2011-08-23  Adam Barth  <abarth@webkit.org>
-
-        Remove WebCore/editing/android and other Android-specific directories
-        https://bugs.webkit.org/show_bug.cgi?id=66739
-
-        Reviewed by Steve Block.
-
-        Now that Android shares more code with Chromium, we don't need these
-        Android-specific files.
-
-        * wtf/android: Removed.
-        * wtf/android/AndroidThreading.h: Removed.
-        * wtf/android/MainThreadAndroid.cpp: Removed.
-
-2011-08-23  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed build fix for compile error on Windows for r93560.
-
-        * runtime/SamplingCounter.h:
-
-2011-08-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Sampling counter support is in the bytecode directory
-        https://bugs.webkit.org/show_bug.cgi?id=66724
-
-        Reviewed by Darin Adler.
-        
-        Moved SamplingCounter to a separate header in runtime/.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/SamplingTool.cpp:
-        * bytecode/SamplingTool.h:
-        * runtime/SamplingCounter.cpp: Added.
-        (JSC::AbstractSamplingCounter::dump):
-        * runtime/SamplingCounter.h: Added.
-        (JSC::AbstractSamplingCounter::count):
-        (JSC::AbstractSamplingCounter::addressOfCounter):
-        (JSC::AbstractSamplingCounter::init):
-        (JSC::SamplingCounter::SamplingCounter):
-        (JSC::GlobalSamplingCounter::name):
-        (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
-        (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
-
-2011-08-21  Martin Robinson  <mrobinson@igalia.com>
-
-        Fix 'make dist' for WebKitGTK+.
-
-        * GNUmakefile.list.am: Add a missing header to the sources list.
-
-2011-08-20  Filip Pizlo  <fpizlo@apple.com>
-
-        JavaScriptCore bytecompiler does not compute scope depth correctly
-        in the case of constant declarations
-        https://bugs.webkit.org/show_bug.cgi?id=66572
-
-        Reviewed by Oliver Hunt.
-        
-        Changed the handling of const to add the dynamic scope depth.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ConstDeclNode::emitCodeSingle):
-
-2011-08-19  Daniel Bates  <dbates@webkit.org>
-
-        Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
-        https://bugs.webkit.org/show_bug.cgi?id=66617
-
-        Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
-        But we cause a compile error if the platform doesn't support SA_RESTART regardless of
-        whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
-        SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
-
-        Reviewed by Antonio Gomes.
-
-        * heap/MachineStackMarker.cpp:
-
-2011-08-19  Filip Pizlo  <fpizlo@apple.com>
-
-        The JSC JIT currently has no facility to profile and report
-        the types of values
-        https://bugs.webkit.org/show_bug.cgi?id=65901
-
-        Reviewed by Gavin Barraclough.
-        
-        Added the ability to profile the values seen at function calls (both
-        arguments and results) and heap loads.  This is done with emphasis
-        on performance.  A value profiling site consists of: add, and,
-        move, and store; no branching is necessary.  Each value profiling
-        site (called a ValueProfile) has a ring buffer of 8 recently-seen
-        values.  ValueProfiles are stored in the CodeBlock; there will be
-        one for each argument (excluding this) and each heap load or callsite.
-        Each time a value profiling site executes, it stores the value into
-        a pseudo-random element in the ValueProfile buffer.  The point is
-        that for frequently executed code, we will have 8 somewhat recent
-        values in the buffer and will be able to not only figure out what
-        type it is, but also to be able to reason about the actual values
-        if we wish to do so.
-        
-        This feature is currently disabled by default.  When enabled, it
-        results in a 3.7% slow-down on SunSpider.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addValueProfile):
-        (JSC::CodeBlock::numberOfValueProfiles):
-        (JSC::CodeBlock::valueProfile):
-        (JSC::CodeBlock::valueProfileForBytecodeOffset):
-        * bytecode/ValueProfile.h: Added.
-        (JSC::ValueProfile::ValueProfile):
-        (JSC::ValueProfile::numberOfSamples):
-        (JSC::ValueProfile::computeProbability):
-        (JSC::ValueProfile::numberOfInt32s):
-        (JSC::ValueProfile::numberOfDoubles):
-        (JSC::ValueProfile::numberOfCells):
-        (JSC::ValueProfile::probabilityOfInt32):
-        (JSC::ValueProfile::probabilityOfDouble):
-        (JSC::ValueProfile::probabilityOfCell):
-        (JSC::getValueProfileBytecodeOffset):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_call_put_result):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitValueProfilingSite):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        * jit/JSInterfaceJIT.h:
-        * wtf/Platform.h:
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearch):
-        (WTF::genericBinarySearch):
-
-2011-08-19  Daniel Bates  <dbates@webkit.org>
-
-        Don't include DisallowCType.h when building on QNX
-        https://bugs.webkit.org/show_bug.cgi?id=66616
-
-        Reviewed by Antonio Gomes.
-
-        * config.h:
-
-2011-08-19  Daniel Bates  <dbates@webkit.org>
-
-        Implement ExecutableAllocator::cacheFlush() for QNX
-        https://bugs.webkit.org/show_bug.cgi?id=66611
-
-        Reviewed by Antonio Gomes.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2011-08-19  Daniel Bates  <dbates@webkit.org>
-
-        Implement WTF::atomic{Increment, Decrement}() for QNX
-        https://bugs.webkit.org/show_bug.cgi?id=66605
-
-        Reviewed by Darin Adler.
-
-        * wtf/Atomics.h:
-        (WTF::atomicIncrement):
-        (WTF::atomicDecrement):
-
-2011-08-19  Beth Dakin  <bdakin@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=66590
-        Re-name scrollbar painter types
-
-        Reviewed by Sam Weinig.
-
-        WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer 
-        applies.
-        * wtf/Platform.h:
-
-2011-08-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Move allocation in constructors into separate constructorBody() methods
-        https://bugs.webkit.org/show_bug.cgi?id=66265
-
-        Reviewed by Oliver Hunt.
-
-        Refactoring to put all allocations that need to be done after the object's 
-        initialization list has executed but before the object is ready for use 
-        into a separate constructorBody() method.  This method is still called by the constructor, 
-        so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * jsc.cpp:
-        (GlobalObject::constructorBody):
-        (GlobalObject::GlobalObject):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::constructorBody):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        (JSC::ErrorPrototype::constructorBody):
-        * runtime/ErrorPrototype.h:
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::constructorBody):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::constructorBody):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::constructorBody):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::constructorBody):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::constructorBody):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::constructorBody):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::constructorBody):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::constructorBody):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        (JSC::NativeErrorPrototype::constructorBody):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/StringObject.cpp:
-        * runtime/StringObject.h:
-        (JSC::StringObject::create):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::create):
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::create):
-
-2011-08-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG non-speculative JIT does not inline the double case of ValueAdd
-        https://bugs.webkit.org/show_bug.cgi?id=66025
-
-        Reviewed by Gavin Barraclough.
-        
-        This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
-        benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
-        stanford-crypto-sha256-iterative).  It looks like it might have
-        a speed-up in SunSpider (though not statistically significant or
-        particularly reproducible) and a slight slow-down in V8 (0.14%,
-        not statistically significant).  It does slow down v8-crypto by
-        1.5%.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownNumeric):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-        * dfg/DFGOperations.cpp:
-
-2011-08-18  Filip Pizlo  <fpizlo@apple.com>
-
-        [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
-        https://bugs.webkit.org/show_bug.cgi?id=66426
-
-        Reviewed by Oliver Hunt.
-        
-        Changed the branchTestPtr to branchTest32.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-08-17  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=66379
-        implements load32WithCompactAddressOffsetPatch function 
-        and fixes store32 and moveWithPatch functions for SH4 platforms.
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::rshift32):
-        (JSC::MacroAssemblerSH4::store32):
-        (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerSH4::moveWithPatch):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::movlMemRegCompact):
-        (JSC::SH4Assembler::readPointer):
-        (JSC::SH4Assembler::repatchCompact):
-        * jit/JIT.h:
-
-2011-08-17  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC verbose debugging output sometimes doesn't work as expected.
-        https://bugs.webkit.org/show_bug.cgi?id=66107
-
-        Reviewed by Gavin Barraclough.
-        
-        Hardened the CodeBlock::dump() code so that it no longer crashes.  Improved
-        the DFG verbose code so that it prints slightly more useful information.
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::debugSize):
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::numberOfRegExps):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-
-2011-08-16  Michael Saboff  <msaboff@apple.com>
-
-        Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
-        https://bugs.webkit.org/show_bug.cgi?id=66351
-
-        JIT::privateCompilePutByIdTransition expects that regT0 and regT1
-        have the basePayload and baseTag respectively.  In some cases,
-        we may get to this generated code with one or both of these
-        registers trash.  One know case is that regT0 on ARM may be
-        trashed as regT0 (r0) is also arg0 and can be overrun with sp due
-        to calls to JIT::restoreReturnAddress().  This patch uses the
-        values on the stack.  A longer term solution is to work out all
-        cases so that the register entry assumptions can assured.
-
-        While fixing this, also determined that the additional stack offset
-        of sizeof(void*) is not needed for ARM.
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2011-08-15  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=66263
-        DFG JIT does not always zero extend boolean result of DFG operations
-
-        Reviewed by Sam Weinig.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-            - Change bool return values to a 64-bit type.
-
-2011-08-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Crash accessing static property on sealed object
-        https://bugs.webkit.org/show_bug.cgi?id=66242
-
-        Reviewed by Sam Weinig.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-            - should only check isExtensible if checkReadOnly.
-
-2011-08-15  Sam Weinig  <sam@webkit.org>
-
-        Fix release build when building with Clang.
-
-        Reviewed by Anders Carlsson.
-
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::checkCurrentIdentifierTable):
-        Add NO_RETURN_DUE_TO_CRASH.
-
-2011-08-15  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
-
-        Reviewed by Nikolas Zimmermann.
-
-        Speed up SVGSMILElement::findInstanceTime.
-        https://bugs.webkit.org/show_bug.cgi?id=61025
-
-        Add a new parameter to StdlibExtras.h::binarySerarch function
-        to also handle cases when the array does not contain the key value.
-        This is needed for an svg function.
-
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearch):
-
-2011-08-13  Sam Weinig  <sam@webkit.org>
-
-        Add back 0xbbadbeef to CRASH to allow for old habits
-        https://bugs.webkit.org/show_bug.cgi?id=66190
-
-        Reviewed by David Kilzer.
-
-        * wtf/Assertions.h:
-        Add back the assignment to the memory address 0xbbadbeef in the CRASH
-        macro, as it does not cause issue in the clang static analyzer and many
-        people use its presence in crash reports to easily identify ASSERTs. 
-
-2011-08-13  Sam Weinig  <sam@webkit.org>
-
-        Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=66182
-
-        Reviewed by Dan Bernstein.
-
-        Fixes 10 warnings in JavaScriptCore and 2 in testapi.
-
-        * API/tests/testapi.c:
-        (main):
-        Remove dead variables.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        Initialize hasPrinted and silence an unused warning by casting to void (Ok here
-        since it is debug code and I want to keep it clear that if other cases are added,
-        the hasPrinted flag would be needed).
-
-        * wtf/dtoa.cpp:
-        (WTF::d2b):
-        The variable "de" in the else block is always zero, so there is no reason to
-        use it.
-
-2011-08-12  Sam Weinig  <sam@webkit.org>
-
-        Use __builtin_trap() for CRASH when building with clang
-        https://bugs.webkit.org/show_bug.cgi?id=66152
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/Assertions.h:
-        Add Clang specific CRASH macro that calls __builtin_trap() instead
-        of silly techniques to crash. This allows the static analyzer to understand
-        that we are intentionally crashing. As a result, we need to mark some functions
-        as not returning.
-
-        Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
-
-        * wtf/Compiler.h:
-        Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::Internal::fastMallocMatchFailed):
-        Add NO_RETURN_DUE_TO_CRASH.
-
-        * yarr/YarrParser.h:
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
-        Add NO_RETURN_DUE_TO_ASSERT.
-
-2011-08-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT has inconsistent use of boxDouble and unboxDouble,
-        inconsistent use of assertions regarding doubles, and those
-        assertions are not turned on in debug builds
-        https://bugs.webkit.org/show_bug.cgi?id=66160
-
-        Reviewed by Gavin Barraclough.
-        
-        JIT assertions are now turned on in debug builds.  JIT
-        assertions are now used for boxing and unboxing doubles, and boxing
-        and unboxing no longer involves code duplication.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::boxDouble):
-        (JSC::DFG::JITCodeGenerator::unboxDouble):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::GeneralizedRegister::moveTo):
-        (JSC::DFG::GeneralizedRegister::swapWith):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::boxDouble):
-        (JSC::DFG::JITCompiler::unboxDouble):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::convertToDouble):
-
-2011-08-12  Mark Rowe  <mrowe@apple.com>
-
-        Be more forward-looking in the choice of compiler.
-
-        Rubber-stamped by Jon Honeycutt.
-
-        * Configurations/CompilerVersion.xcconfig:
-
-2011-08-12  Kalev Lember  <kalevlember@gmail.com>
-
-        [GTK] Fix non-pthreads build after r91906.
-        https://bugs.webkit.org/show_bug.cgi?id=66151
-
-        Reviewed by David Levin.
-
-        r91906 broke the non-pthreads GTK+ build by including a header which
-        doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
-
-        * wtf/gtk/ThreadingGtk.cpp:
-
-2011-08-12  Mark Rowe  <mrowe@apple.com>
-
-        Update some configuration settings that were missed back in r92432.
-
-        * Configurations/CompilerVersion.xcconfig:
-
-2011-08-12  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
-        Matrix3D.invert)
-        https://bugs.webkit.org/show_bug.cgi?id=66038
-
-        Reviewed by Gavin Barraclough.
-        
-        Simplest and lowest-impact fix for the case where the spilled format
-        of a DFG node differs from the register format: if the format is
-        converted then indicate that the spilled value is no longer valid
-        ("kill the spill").
-
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::killSpilled):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-08-12  Sam Weinig  <sam@webkit.org>
-
-        Move compiler specific macros to their own header
-        https://bugs.webkit.org/show_bug.cgi?id=66119
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        Add Compiler.h
-
-        * wtf/AlwaysInline.h:
-        Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
-        Compiler.h.  We can remove this file in a later commit.
-
-        * wtf/Compiler.h: Added.
-        Put all compiler specific checks and features in this file.
-
-        * wtf/Platform.h:
-        Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
-        to Compiler.h.  Include Compiler.h since it is necessary.
-
-2011-08-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT-specific structure stub info code offset fields are signed
-        8-bit, but it is possible for the offsets to be greater than 127
-        https://bugs.webkit.org/show_bug.cgi?id=66122
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-
-2011-08-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT speculation failure code sometimes picks the wrong register
-        as a scratch register.
-        https://bugs.webkit.org/show_bug.cgi?id=66104
-
-        Reviewed by Gavin Barraclough.
-        
-        Hardened the code with more assertions and fixed the bug.  Now a
-        spilled register is only used for scratch if it also isn't being
-        used for shuffling.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-08-11  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r92880.
-        http://trac.webkit.org/changeset/92880
-        https://bugs.webkit.org/show_bug.cgi?id=66123
-
-        Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
-
-        * wtf/PassRefPtr.h:
-
-2011-08-11  Mark Rowe  <mrowe@apple.com>
-
-        Don't conditionalize the use of -fomit-frame-pointer on compiler version as
-        all of our supported compilers are now new enough to have the same, sane behavior.
-
-        Rubber-stamped by Sam Weinig.
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2011-08-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT verbose mode does not report the generated types of nodes
-        https://bugs.webkit.org/show_bug.cgi?id=65830
-
-        Reviewed by Sam Weinig.
-        
-        Added code that prints the type selected for each node's result.
-
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::dataFormatToString):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-08-11  James Robinson  <jamesr@chromium.org>
-
-        nullptr can't be used for PassRefPtr
-        https://bugs.webkit.org/show_bug.cgi?id=66024
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::PassRefPtr):
-
-2011-08-11  Daniel Bates  <dbates@rim.com>
-
-        Removed unused variable in StackBounds::initialize() to resolve
-        compiler warning when building on QNX.
-        https://bugs.webkit.org/show_bug.cgi?id=66072
-
-        Reviewed by Antonio Gomes.
-
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::initialize):
-
-2011-08-11  Devdatta Deshpande  <pwjd73@motorola.com>
-
-        Implementation of monotonically increasing clock on GTK
-        https://bugs.webkit.org/show_bug.cgi?id=62175
-
-        Reviewed by Martin Robinson.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::monotonicallyIncreasingTime):
-        The default implementation of monotonicallyIncreasingTime only
-        guarantees the result to be non-decreasing.
-        If the system time is changed to past then default implementation will
-        still fail and WebCore timers will not fire.
-
-2011-08-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed some incorrect code that was dead.
-
-        Reviewed by Oliver Hunt.
-
-        clearSingleTransition() wasn't resetting m_data. Luckily,
-        no one cares, because its caller was unused. Removed both.
-
-        * runtime/Structure.cpp:
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::~StructureTransitionTable):
-
-2011-08-10  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
-        https://bugs.webkit.org/show_bug.cgi?id=66010
-
-        Reviewed by Oliver Hunt.
-        
-        Made sure that Construct calls use() on the this argument.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-08-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSC should always throw when function arg list is too long
-        https://bugs.webkit.org/show_bug.cgi?id=65869
-
-        Reviewed by Oliver Hunt.
-
-        Changed the behavior of the interpreter and JIT to throw an exception 
-        when too many arguments are passed rather than truncating the list.  Added 
-        a new method to create a "Too many arguments." exception used by this 
-        new functionality.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createTooManyParamsError):
-        * runtime/ExceptionHelpers.h:
-
-2011-08-10  Oliver Hunt  <oliver@apple.com>
-
-        Make GC checks more aggressive in release builds
-        https://bugs.webkit.org/show_bug.cgi?id=66001
-
-        Reviewed by Gavin Barraclough.
-
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::visitStrongHandles):
-        (JSC::HandleHeap::visitWeakHandles):
-        (JSC::HandleHeap::finalizeWeakHandles):
-        (JSC::HandleHeap::writeBarrier):
-        (JSC::HandleHeap::isLiveNode):
-        (JSC::HandleHeap::isValidWeakNode):
-           Increase handle heap validation logic, and make some of
-           the crashes trigger in release builds as well as debug.
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::allocate):
-        (JSC::HandleHeap::makeWeak):
-           Ditto
-        * runtime/JSGlobalData.cpp:
-        (WTF::Recompiler::operator()):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildren):
-           Fix GC bugs found while testing this patch
-
-2011-08-10  Oliver Hunt  <oliver@apple.com>
-
-        JSEvaluteScript does not return the correct object when given JSONP data
-        https://bugs.webkit.org/show_bug.cgi?id=66003
-
-        Reviewed by Gavin Barraclough.
-
-        Make sure we propagate the result of the function call rather than the
-        argument.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2011-08-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT heap prediction causes regressions when combined with
-        aggressive integer prediction
-        https://bugs.webkit.org/show_bug.cgi?id=65954
-
-        Reviewed by Gavin Barraclough.
-        
-        Disabled heap prediction, but did not remove the capability.
-        This improves V8 crypto performance by 20%.
-
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-
-2011-08-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not speculative integers as aggressively as it should
-        https://bugs.webkit.org/show_bug.cgi?id=65949
-
-        Reviewed by Gavin Barraclough.
-        
-        Added a tree walk to propagate integer predictions through arithmetic
-        expressions.
-        
-        This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
-        translates to a 19% speed-up on Kraken overall.  It's neutral on
-        other benchmarks.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::predictInt32):
-
-2011-08-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT has no way of propagating predictions to loads and calls
-        https://bugs.webkit.org/show_bug.cgi?id=65883
-
-        Reviewed by Gavin Barraclough.
-        
-        This introduces the capability to store predictions on graph
-        nodes.  To save space while being somewhat consistent, the
-        prediction is always stored in the second OpInfo slot (since
-        a GetById will use the first one for the identifier).  This
-        change is a natural extension of r92593 (global variable
-        prediction).
-        
-        This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
-        win on V8 in the geometric mean.  It is neutral on SunSpider
-        and Kraken.  Interestingly, on V8 it regresses crypto by 3%
-        while progressing deltablue and richards by 2.6% and 4.3%,
-        respectively.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::getPrediction):
-        * dfg/DFGNode.h:
-        (JSC::DFG::isCellPrediction):
-        (JSC::DFG::isArrayPrediction):
-        (JSC::DFG::isInt32Prediction):
-        (JSC::DFG::isDoublePrediction):
-        (JSC::DFG::isNumberPrediction):
-        (JSC::DFG::predictionToString):
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::hasPrediction):
-        (JSC::DFG::Node::getPrediction):
-        (JSC::DFG::Node::predict):
-
-2011-08-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT passes the this argument to constructors even though
-        it's not necessary
-        https://bugs.webkit.org/show_bug.cgi?id=65943
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-
-2011-08-09  Chao-ying Fu  <fu@mips.com>
-
-        Fix one MIPS instruction to call JITStubThunked_##op
-        https://bugs.webkit.org/show_bug.cgi?id=65942
-
-        Reviewed by Gavin Barraclough.
-
-        Changed "bal" to "jalr" for a possible processor mode change from
-        MIPS32 to MIPS16.
-
-        * jit/JITStubs.cpp:
-
-2011-08-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT failure loading web site
-        https://bugs.webkit.org/show_bug.cgi?id=65930
-
-        Reviewed by Oliver Hunt.
-        
-        Put the use() call after the fpr()/gpr() calls, since doing otherwise
-        breaks the register allocator.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-08-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add ParentClass typedef in all JSC classes
-        https://bugs.webkit.org/show_bug.cgi?id=65731
-
-        Reviewed by Oliver Hunt.
-
-        Just added the Base typedefs in all the classes that are a subclass of JSCell 
-        to point at their parent classes.  This is a change to support future changes to the way
-        constructors and destructors are implemented in JS objects, among other things.
-
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        (JSC::JSCallbackObject::visitChildren):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::asCallbackObject):
-        (JSC::::JSCallbackObject):
-        (JSC::::init):
-        (JSC::::className):
-        (JSC::::getOwnPropertySlot):
-        (JSC::::getOwnPropertyDescriptor):
-        (JSC::::put):
-        (JSC::::deleteProperty):
-        (JSC::::getConstructData):
-        (JSC::::construct):
-        (JSC::::hasInstance):
-        (JSC::::getCallData):
-        (JSC::::call):
-        (JSC::::getOwnPropertyNames):
-        (JSC::::toNumber):
-        (JSC::::toString):
-        (JSC::::setPrivate):
-        (JSC::::getPrivate):
-        (JSC::::inherits):
-        (JSC::::getStaticValue):
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-        * debugger/DebuggerActivation.h:
-        * jsc.cpp:
-        * runtime/Arguments.h:
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.h:
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.h:
-        * runtime/DateInstance.h:
-        * runtime/DatePrototype.h:
-        * runtime/Error.cpp:
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorInstance.h:
-        * runtime/ErrorPrototype.h:
-        * runtime/ExceptionHelpers.cpp:
-        * runtime/Executable.h:
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.h:
-        * runtime/GetterSetter.h:
-        * runtime/InternalFunction.h:
-        * runtime/JSAPIValueWrapper.h:
-        * runtime/JSActivation.h:
-        * runtime/JSArray.h:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.h:
-        * runtime/JSObject.h:
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSString.h:
-        * runtime/JSVariableObject.h:
-        * runtime/JSWrapperObject.h:
-        * runtime/MathObject.h:
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.h:
-        * runtime/NumberObject.h:
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExp.h:
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpMatchesArray.h:
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::create):
-        * runtime/RegExpPrototype.h:
-        * runtime/ScopeChain.h:
-        * runtime/StrictEvalActivation.h:
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.h:
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        * runtime/StringPrototype.h:
-        * runtime/Structure.h:
-        * runtime/StructureChain.h:
-
-2011-08-08  Oliver Hunt  <oliver@apple.com>
-
-        Using mprotect to create guard pages breaks our use of madvise to release executable memory
-        https://bugs.webkit.org/show_bug.cgi?id=65870
-
-        Reviewed by Gavin Barraclough.
-
-        Use mmap rather than mprotect to clear guard page permissions.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-
-2011-08-08  Oliver Hunt  <oliver@apple.com>
-
-        Non-extensibility does not prevent mutating [[Prototype]]
-        https://bugs.webkit.org/show_bug.cgi?id=65832
-
-        Reviewed by Gavin Barraclough.
-
-        Disallow mutation of __proto__ on objects that are not extensible.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-
-2011-08-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not track speculation decisions for global variables
-        https://bugs.webkit.org/show_bug.cgi?id=65825
-
-        Reviewed by Gavin Barraclough.
-        
-        Added the capability to track predictions for global variables, and
-        ensured that code can abstract over the source of prediction (local
-        versus global variable) wherever it is appropriate to do so.  Also
-        cleaned up the code in SpeculativeJIT that decides how to speculate
-        based on recorded predictions (for example instead of using isInteger,
-        which makes sense for local predictions where the GetLocal would
-        return an integer value, we now tend to use shouldSpeculateInteger,
-        which checks if the value is either already an integer or should be
-        speculated to be an integer).
-        
-        This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
-        win on controlflow-recursive.  It's also a 4.8% win on v8-crypto.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::predictArray):
-        (JSC::DFG::ByteCodeParser::predictInt32):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::predictGlobalVar):
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::getGlobalVarPrediction):
-        (JSC::DFG::Graph::getPrediction):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
-
-2011-08-07  Martin Robinson  <mrobinson@igalia.com>
-
-        Distribution fix for GTK+.
-
-        * GNUmakefile.list.am: Strip removed files from the source list.
-
-2011-08-06  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=65821
-        Don't form identifiers the first time a string is used as a property name.
-
-        Reviewed by Oliver Hunt.
-
-        This is a 1% win on SunSpider.
-
-        * dfg/DFGOperations.cpp:
-            - Use fastGetOwnProperty.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Use fastGetOwnProperty.
-        * runtime/JSCell.h:
-        * runtime/JSObject.h:
-        (JSC::JSCell::fastGetOwnProperty):
-            - Fast call to get a property without creating an identifier the first time.
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::find):
-        (JSC::PropertyTable::findWithString):
-            - Add interface to look up by either strinsg or identifiers.
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-            - Add a get() call that takes a UString, not an Identifier.
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::hasHash):
-            - Add a call to check if the has has been set (to detect the first use as a property name).
-
-2011-08-06  Aron Rosenberg  <arosenberg@logitech.com>
-
-        Reviewed by Benjamin Poulain.
-
-        [Qt] Fix build with Intel compiler on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=65088
-
-        Intel compiler needs .lib suffixes instead of .a
-        Intel compiler doesn't support nullptr
-        Intel compiler supports unsized arrays
-
-        * JavaScriptCore.pri:
-        * jsc.cpp:
-        * wtf/ByteArray.h:
-        * wtf/NullPtr.h:
-
-2011-08-05  Gavin Barraclough  <barraclough@apple.com>
-
-        String replace with the empty string means string removal
-        https://bugs.webkit.org/show_bug.cgi?id=65799
-
-        Reviewed by Sam Weinig.
-
-        Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstrings):
-        (JSC::stringProtoFuncReplace):
-
-2011-08-05  Noel Gordon  <noel.gordon@gmail.com>
-
-        [Chromium] Remove JSZombie references from gyp project files.
-        https://bugs.webkit.org/show_bug.cgi?id=65798
-
-        JSC runtime/JSZombie.{cpp,h} were removed in r92046.  Remove references to these
-        file names from the gyp projects.
-
-        Reviewed by Darin Adler.
-
-        * JavaScriptCore.gypi: zombies be gone.
-
-2011-08-05  Mark Rowe  <mrowe@apple.com>
-
-        <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
-        is tied to a particular dispatch queue
-
-        A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
-        with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
-        to ensure that all operations are performed on the given dispatch queue.
-
-        Reviewed by Anders Carlsson.
-
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::setDispatchQueueForVerifier):
-        * wtf/ThreadRestrictionVerifier.h:
-        (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
-        (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
-        (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
-        (WTF::ThreadRestrictionVerifier::setShared):
-        (WTF::ThreadRestrictionVerifier::isSafeToUse):
-
-2011-08-05  Oliver Hunt  <oliver@apple.com>
-
-        Inline allocation of function objects
-        https://bugs.webkit.org/show_bug.cgi?id=65779
-
-        Reviewed by Gavin Barraclough.
-
-        Inline allocation and initilisation of function objects
-        in generated code.  This ended up being a 60-70% improvement
-        in function allocation performance.  This improvement shows
-        up as a ~2% improvement in 32bit sunspider and V8, but is a
-        wash on 64-bit.
-
-        We currently don't inline the allocation of named function
-        expressions, as that requires being able to gc allocate a
-        variable object.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JSC::JIT::emitStoreCell):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateJSFinalObject):
-        (JSC::JIT::emitAllocateJSFunction):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_func):
-        (JSC::JIT::emitSlow_op_new_func):
-        (JSC::JIT::emit_op_new_func_exp):
-        (JSC::JIT::emitSlow_op_new_func_exp):
-        * jit/JITOpcodes32_64.cpp:
-            Removed duplicate implementation of op_new_func and op_new_func_exp
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::offsetOfScopeChain):
-        (JSC::JSFunction::offsetOfExecutable):
-
-2011-08-04  David Levin  <levin@chromium.org>
-
-        CStringBuffer should have thread safety checks turned on.
-        https://bugs.webkit.org/show_bug.cgi?id=58093
-
-        Reviewed by Dmitry Titov.
-
-        * wtf/text/CString.h:
-        (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
-        turned this off for Chromium.
-
-2011-08-04  Mark Rowe  <mrowe@apple.com>
-
-        Future-proof Xcode configuration settings.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-        * Configurations/Version.xcconfig:
-
-2011-08-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Interpreter can potentially GC in the middle of initializing a structure chain
-        https://bugs.webkit.org/show_bug.cgi?id=65638
-
-        Reviewed by Oliver Hunt.
-
-        Moved the allocation of a prototype StructureChain before the initialization of 
-        the structure chain within the interpreter that was causing intermittent GC crashes.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        * wtf/Platform.h:
-
-2011-08-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Eval handling attempts literal parsing even when the eval
-        string is in the cache
-        https://bugs.webkit.org/show_bug.cgi?id=65675
-
-        Reviewed by Oliver Hunt.
-        
-        This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
-        in SunSpider.  It's neutral on V8.
-
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::tryGet):
-        (JSC::EvalCodeCache::getSlow):
-        (JSC::EvalCodeCache::get):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-
-2011-08-03  Mark Rowe  <mrowe@apple.com>
-
-        Bring some order to FeatureDefines.xcconfig to make it easier to follow.
-
-        Reviewed by Sam Weinig.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-08-03  Mark Rowe  <mrowe@apple.com>
-
-        Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
-
-        Reviewed by Dave Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-08-03  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC heap size improvement breaks build on some platforms due to
-        unused parameter
-        https://bugs.webkit.org/show_bug.cgi?id=65641
-
-        Reviewed by Darin Adler.
-        
-        Fix build on non-x86 platforms, by ensuring that the relevant
-        parameter always appears to be used even when it isn't.
-
-        * heap/Heap.cpp:
-
-2011-08-03  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [GTK] Reorganize pkg-config files
-        https://bugs.webkit.org/show_bug.cgi?id=65548
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.am:
-        * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
-
-2011-08-01  David Levin  <levin@chromium.org>
-
-        Add asserts to RefCounted to make sure ref/deref happens on the right thread.
-        https://bugs.webkit.org/show_bug.cgi?id=31639
-
-        Reviewed by Dmitry Titov.
-
-        * GNUmakefile.list.am: Added new files to the build.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
-        due to not being able to figure out what was guarding it (bug 58091).
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider): Ditto.
-        * wtf/CMakeLists.txt: Added new files to the build.
-        * wtf/ThreadRestrictionVerifier.h: Added.
-        Everything is done in the header to avoid the issue with exports
-        that are only useful in debug but still needing to export them.
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
-        and filed bug 58171 about making it stricter.
-        (WTF::RefCountedBase::hasOneRef): Ditto.
-        (WTF::RefCountedBase::refCount): Ditto.
-        (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
-        on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
-        (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
-        Filed bug 58174 to remove this method.
-        (WTF::RefCountedBase::derefBase):
-        * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
-        * wtf/text/CString.h:
-        (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
-        done in Chromium (bug 58093).
-
-2011-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC may not be able to reuse partially-free blocks after a
-        full collection
-        https://bugs.webkit.org/show_bug.cgi?id=65585
-
-        Reviewed by Darin Adler.
-        
-        This fixes the linked list management bug.  This fix is performance
-        neutral on SunSpider.
-
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::removeBlock):
-
-2011-07-30  Oliver Hunt  <oliver@apple.com>
-
-        Simplify JSFunction creation for functions written in JS
-        https://bugs.webkit.org/show_bug.cgi?id=65422
-
-        Reviewed by Gavin Barraclough.
-
-        Remove hash lookups used to write name property and transition
-        function structure by caching the resultant structure and property
-        offset in JSGlobalObject.  This doesn't impact performance, but
-        we can use this change to make other improvements later.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::FunctionExecutable::jsName):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::namedFunctionStructure):
-        (JSC::JSGlobalObject::functionNameOffset):
-
-2011-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC uses dummy cells to avoid having to remember which cells
-        it has already destroyed
-        https://bugs.webkit.org/show_bug.cgi?id=65556
-
-        Reviewed by Oliver Hunt.
-        
-        This gets rid of dummy cells, and ensures that it's not necessary
-        to invoke a destructor on cells that have already been swept.  In
-        the common case, a block knows that either all of its free cells
-        still need to have destructors called, or none of them do, which
-        minimizes the amount of branching that needs to happen per cell
-        when performing a sweep.
-        
-        This is performance neutral on SunSpider and V8.  It is meant as
-        a stepping stone to simplify the implementation of more
-        sophisticated sweeping algorithms.
-
-        * heap/Heap.cpp:
-        (JSC::CountFunctor::ClearMarks::operator()):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::initForCellSize):
-        (JSC::MarkedBlock::callDestructor):
-        (JSC::MarkedBlock::specializedReset):
-        (JSC::MarkedBlock::reset):
-        (JSC::MarkedBlock::specializedSweep):
-        (JSC::MarkedBlock::sweep):
-        (JSC::MarkedBlock::produceFreeList):
-        (JSC::MarkedBlock::lazySweep):
-        (JSC::MarkedBlock::blessNewBlockForFastPath):
-        (JSC::MarkedBlock::blessNewBlockForSlowPath):
-        (JSC::MarkedBlock::canonicalizeBlock):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::FreeCell::setNoObject):
-        (JSC::MarkedBlock::setDestructorState):
-        (JSC::MarkedBlock::destructorState):
-        (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::JSCell):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::clearBuiltinStructures):
-        * runtime/JSGlobalData.h:
-        * runtime/Structure.h:
-
-2011-08-01  Michael Saboff  <msaboff@apple.com>
-
-        Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
-        https://bugs.webkit.org/show_bug.cgi?id=65502
-
-        Reviewed by Anders Carlsson.
-
-        With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
-        added an assert to the return code of madvise to catch any regressions.
-
-        * wtf/TCSystemAlloc.cpp:
-        (TCMalloc_SystemRelease):
-
-2011-08-02  Anders Carlsson  <andersca@apple.com>
-
-        Fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-08-02  Anders Carlsson  <andersca@apple.com>
-
-        Fix a Windows build error.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC is far too conservative about growing the heap size, particularly
-        on desktop platforms
-        https://bugs.webkit.org/show_bug.cgi?id=65438
-
-        Reviewed by Oliver Hunt.
-
-        The minimum heap size is now 16MB instead of 512KB, provided all of the
-        following are true:
-        a) ENABLE(LARGE_HEAP) is set, which currently only happens on
-           x86 targets, but could reasonably happen on any platform that is
-           known to have a decent amount of RAM.
-        b) JSGlobalData is initialized with HeapSize = LargeHeap, which
-           currently only happens when it's the JSDOMWindowBase in WebCore or
-           in the jsc command-line tool.
-           
-        This is a 4.1% speed-up on SunSpider.
-
-        * JavaScriptCore.exp:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        * jsc.cpp:
-        (main):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::createContextGroup):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::createLeaked):
-        (JSC::JSGlobalData::sharedInstance):
-        * runtime/JSGlobalData.h:
-        * wtf/Platform.h:
-
-2011-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC does a GC even when the heap still has free pages
-        https://bugs.webkit.org/show_bug.cgi?id=65445
-
-        Reviewed by Oliver Hunt.
-        
-        If the high watermark is not reached, then we allocate new blocks as
-        before.  If the current watermark does reach (or exceed) the high
-        watermark, then we check if there is a block on the free block pool.
-        If there is, we simply allocation from it.  If there isn't, we
-        invoke a collectin as before.  This effectively couples the elastic
-        scavenging to the collector's decision function.  That is, if an
-        application rapidly varies its heap usage (sometimes using more and
-        sometimes less) then the collector will not thrash as it used to.
-        But if heap usage drops and stays low then the scavenger thread and
-        the GC will eventually reach a kind of consensus: the GC will set
-        the watermark low because of low heap usage, and the scavenger thread
-        will steadily eliminate pages from the free page pool, until the size
-        of the free pool is below the high watermark.
-        
-        On command-line, this is neutral on SunSpider and Kraken and a 3% win
-        on V8.  In browser, this is a 1% win on V8 and neutral on the other
-        two.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::allocateSlowCase):
-        (JSC::Heap::allocateBlock):
-        * heap/Heap.h:
-
-2011-08-02  Jeff Miller  <jeffm@apple.com>
-
-        Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
-        https://bugs.webkit.org/show_bug.cgi?id=65552
-        
-        Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
-
-        Reviewed by Adam Roben.
-
-        * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
-
-2011-08-01  Jean-luc Brouillet  <jeanluc@chromium.org>
-
-        Removing old source files in gyp files that slow build
-        https://bugs.webkit.org/show_bug.cgi?id=65503
-
-        Reviewed by Adam Barth.
-
-        A number of stale files are listed in the gyp files. These slow the
-        build on Visual Studio 2010. Removing them.
-
-        * JavaScriptCore.gypi:
-
-2011-07-14  David Levin  <levin@chromium.org>
-
-        currentThread is too slow!
-        https://bugs.webkit.org/show_bug.cgi?id=64577
-
-        Reviewed by Darin Adler and Dmitry Titov.
-
-        The problem is that currentThread results in a pthread_once call which always takes a lock.
-        With this change, currentThread is 10% faster than isMainThread in release mode and only
-        5% slower than isMainThread in debug.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp:
-        (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
-        which is no longer needed because this is called from initializeThreading().
-        (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
-        intialization of the pthread key should already be done.
-        (WTF::ThreadIdentifierData::initialize): Ditto.
-        * wtf/ThreadIdentifierDataPthreads.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading): Acquire the pthread key here.
-
-2011-08-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT sometimes creates speculation check data structures that have
-        invalid information about the format of a register
-        https://bugs.webkit.org/show_bug.cgi?id=65490
-
-        Reviewed by Gavin Barraclough.
-        
-        The code now makes sure to (1) always have correct and up-to-date
-        information about register format at the time that a speculation
-        check is emitted, (2) assert that speculation data is correct
-        inside the speculation check implementation, and (3) avoid creating
-        speculation data altogether if compilation has already failed, since
-        at that point the format data is almost guaranteed to be bogus.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::EntryLocation::EntryLocation):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculationCheck::SpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-
-2011-08-01  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r92092): Build fails on 64 bit
-        https://bugs.webkit.org/show_bug.cgi?id=65458
-
-        Reviewed by Oliver Hunt.
-        
-        The build was broken because some compilers were smart enough to see
-        an array index out of bounds due to the decision fuction for when to
-        go from precise size classes to imprecise size classes being broken:
-        it would assume that sizes in the range 97..128 belonged to a precise
-        size class when in fact they belonged to an imprecise one.
-        
-        In fact, the code would have run correctly, by way of a fluke, because
-        though the 4th precise size class (for 97..128) didn't exist, the next
-        array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
-        its first entry would have been a size class that is appropriate for
-        allocations in the range 97..128.  However, this relies on specific
-        ordering of fields in NewSpace, so it's still a bug.
-        
-        This fixes the bug by ensuring that allocations larger than 96 use
-        the imprecise size classes.
-
-        * heap/NewSpace.h:
-        (JSC::NewSpace::sizeClassFor):
-
-2011-07-31  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64679
-        Fix bugs in Array.prototype this handling.
-
-        Unreviewed - rolling out r91290.
-
-        Looks like the wild wild web isn't ready for this yet.
-
-        This change broke http://slides.html5rocks.com/#landing-slide.
-        Interestingly, this might only be due to our lack of bind support -
-        it looks like this site is calling  Array.prototype.slice as a part
-        of its bind implementation.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-
-2011-07-31  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC lays out size classes under wrong assumptions about expected
-        object size.
-        https://bugs.webkit.org/show_bug.cgi?id=65437
-
-        Reviewed by Oliver Hunt.
-        
-        Changed the atom size - which is both the smallest allocation size and
-        the smallest possible stepping unit for size class spacing - from
-        8 bytes to 4 pointer-size words.  This is a 1% win on SunSpider.
-
-        * heap/MarkedBlock.h:
-
-2011-07-31  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG non-speculative JIT does not optimize PutByVal
-        https://bugs.webkit.org/show_bug.cgi?id=65424
-
-        Reviewed by Gavin Barraclough.
-        
-        Added code to emit PutByVal inline fast path.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-07-31  Filip Pizlo  <fpizlo@apple.com>
-
-        The JSC garbage collector returns memory to the operating system too
-        eagerly.
-        https://bugs.webkit.org/show_bug.cgi?id=65382
-
-        Reviewed by Oliver Hunt.
-        
-        This introduces a memory reuse model similar to the one in FastMalloc.
-        A periodic scavenger thread runs in the background and returns half the
-        free memory to the OS on each timer fire.  New block allocations first
-        attempt to get the memory from the collector's internal pool, reverting
-        to OS allocation only when this pool is empty.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::~Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
-        (JSC::Heap::waitForRelativeTime):
-        (JSC::Heap::blockFreeingThreadStartFunc):
-        (JSC::Heap::blockFreeingThreadMain):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::releaseFreeBlocks):
-        * heap/Heap.h:
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::destroy):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::initForCellSize):
-        (JSC::MarkedBlock::reset):
-        * heap/MarkedBlock.h:
-        * wtf/Platform.h:
-
-2011-07-30  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT speculation failure pass sometimes forgets to emit code to
-        move certain registers.
-        https://bugs.webkit.org/show_bug.cgi?id=65421
-
-        Reviewed by Oliver Hunt.
-        
-        Restructured the offending loops (for gprs and fprs).  It's once again
-        possible to use spreadsheets on docs.google.com.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-07-30  Patrick Gansterer  <paroga@webkit.org>
-
-        Remove inclusion of MainThread.h from Threading.h
-        https://bugs.webkit.org/show_bug.cgi?id=65081
-
-        Reviewed by Darin Adler.
-
-        Add missing and remove unneeded include statements for MainThread.
-
-        * wtf/CryptographicallyRandomNumber.cpp:
-        * wtf/Threading.h:
-        * wtf/ThreadingPthreads.cpp:
-        * wtf/text/StringStatics.cpp:
-
-2011-07-30  Oliver Hunt  <oliver@apple.com>
-
-        Reduce the size of JSGlobalObject slightly
-        https://bugs.webkit.org/show_bug.cgi?id=65417
-
-        Reviewed by Dan Bernstein.
-
-        Push a few members that either aren't commonly used,
-        or aren't frequently accessed into a separate struct.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
-        (JSC::JSGlobalObject::createRareDataIfNeeded):
-        (JSC::JSGlobalObject::setProfileGroup):
-        (JSC::JSGlobalObject::profileGroup):
-        (JSC::JSGlobalObject::registerWeakMap):
-        (JSC::JSGlobalObject::deregisterWeakMap):
-
-2011-07-30  Balazs Kelemen  <kbalazs@webkit.org>
-
-        MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
-        https://bugs.webkit.org/show_bug.cgi?id=65263
-
-        Reviewed by Dmitry Titov.
-
-        * wtf/Deque.h:
-        (WTF::::operator): Don't check the validity of an iterator
-        that will be reassigned right now.
-        * wtf/MessageQueue.h:
-        (WTF::::removeIf): Revert r51198 as I beleave this is the better
-        solution for the problem that was solved by that.
-
-2011-07-29  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC zombie support no longer works, and is likely no longer needed.
-        https://bugs.webkit.org/show_bug.cgi?id=65404
-
-        Reviewed by Darin Adler.
-        
-        This removes zombies, because they no longer work, are not tested, are
-        probably not needed, and are getting in the way of GC optimization
-        work.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Handle.h:
-        (JSC::HandleConverter::operator->):
-        (JSC::HandleConverter::operator*):
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::isValidWeakNode):
-        * heap/Heap.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::collect):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::clearMarks):
-        * interpreter/Register.h:
-        (JSC::Register::Register):
-        (JSC::Register::operator=):
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::append):
-        (JSC::ArgList::ArgList):
-        * runtime/JSCell.cpp:
-        (JSC::isZombie):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::clearBuiltinStructures):
-        * runtime/JSGlobalData.h:
-        * runtime/JSValue.h:
-        * runtime/JSValueInlineMethods.h:
-        (JSC::JSValue::JSValue):
-        * runtime/JSZombie.cpp: Removed.
-        * runtime/JSZombie.h: Removed.
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::setEarlyValue):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-        * wtf/Platform.h:
-
-2011-07-29  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT verbose mode provides no details about predictions
-        https://bugs.webkit.org/show_bug.cgi?id=65389
-
-        Reviewed by Darin Adler.
-        
-        Added a print-out of the predictions to the IR dump, with names as follows:
-        "p-bottom" = the parser made no predictions
-        "p-int32" = the parser predicted int32
-        ... (same for array, cell, double, number)
-        "p-top" = the parser made conflicting predictions which will be ignored.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::predictionToString):
-
-2011-07-29  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not have any way of undoing double speculation.
-        https://bugs.webkit.org/show_bug.cgi?id=65334
-
-        Reviewed by Gavin Barraclough.
-        
-        This adds code to do a branchConvertDoubleToInt on specualtion failure.
-        This is performance-neutral on most benchmarks but does result in
-        a slight improvement in Kraken.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::GeneralizedRegister::moveTo):
-        (JSC::DFG::GeneralizedRegister::swapWith):
-        (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
-        (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-
-2011-07-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Crash when opening docs.google.com
-        https://bugs.webkit.org/show_bug.cgi?id=65327
-
-        Reviewed by Gavin Barraclough.
-        
-        The speculative JIT was only checking whether a value is an array when
-        we had already checked that it was, rather then when we hadn't.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-28  Oliver Hunt  <oliver@apple.com>
-
-        *_list instructions are only used in one place, where the code is wrong.
-        https://bugs.webkit.org/show_bug.cgi?id=65348
-
-        Reviewed by Darin Adler.
-
-        Simply remove the instructions and all users.  Speeds up the interpreter
-        slightly due to code motion, but otherwise has no effect (because none
-        of the _list instructions are ever used).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::isPropertyAccess):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::visitStructures):
-        * bytecode/Instruction.h:
-        * bytecode/Opcode.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-
-2011-07-28  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=65325
-        Performance tweak to parseInt
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-            - This change may an existing optimization redundant,
-              cleanup from Darin's comments, plus fix existing bugs.
-
-2011-07-28  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=65325
-        Performance tweak to parseInt
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-            - parseInt applied to small positive numbers = floor.
-
-2011-07-28  Dan Bernstein  <mitz@apple.com>
-
-        Build fix.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCallInternal):
-
-2011-07-28  Kent Tamura  <tkent@chromium.org>
-
-        Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
-        https://bugs.webkit.org/show_bug.cgi?id=65300
-
-        Reviewed by Darin Adler.
-
-        r91837 had performance regression of StringImpl::stripWhiteSpace()
-        and simplifyWhiteSpace(). This changes the code so that compilers
-        generates code equivalent to r91836 or piror.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::stripMatchedCharacters):
-        A template member function for stripWhiteSpace(). This function takes a functor.
-        (WTF::UCharPredicate):
-        A functor for generic predicate for single UChar argument.
-        (WTF::SpaceOrNewlinePredicate):
-        A special functor for isSpaceOrNewline().
-        (WTF::StringImpl::stripWhiteSpace):
-        Use stripmatchedCharacters().
-        (WTF::StringImpl::simplifyMatchedCharactersToSpace):
-        A template member function for simplifyWhiteSpace().
-        (WTF::StringImpl::simplifyWhiteSpace):
-        Use simplifyMatchedCharactersToSpace().
-        * wtf/text/StringImpl.h:
-
-2011-07-27  Dmitry Lomov  <dslomov@google.com>
-
-        [chromium] Turn on WTF_MULTIPLE_THREADS.
-        https://bugs.webkit.org/show_bug.cgi?id=61017
-        The patch turns on WTF_MULTIPLE_THREADS in chromium and 
-        pushes some relevant initializations from JSC::initializeThreading
-        to WTF::initializeThreading.
-
-        Reviewed by David Levin.
-
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * wtf/FastMalloc.cpp:
-        (WTF::isForbidden):
-        (WTF::fastMallocForbid):
-        (WTF::fastMallocAllow):
-        * wtf/Platform.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-        * wtf/ThreadingWin.cpp:
-        (WTF::initializeThreading):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::initializeThreading):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::initializeThreading):
-
-2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove operator new from JSCell
-        https://bugs.webkit.org/show_bug.cgi?id=64999
-
-        Reviewed by Oliver Hunt.
-
-        Removed the implementation of operator new in JSCell, so any further uses
-        will not successfully link.  Also removed any remaining uses of operator new.
-
-        * API/JSContextRef.cpp:
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::create):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::create):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::create):
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        * runtime/StrictEvalActivation.h:
-        (JSC::StrictEvalActivation::create):
-
-2011-07-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG graph has no notion of double prediction.
-        https://bugs.webkit.org/show_bug.cgi?id=65234
-
-        Reviewed by Gavin Barraclough.
-        
-        Added the notion of PredictDouble, and PredictNumber, which is the least
-        upper bound of PredictInt32 and PredictDouble.  Least upper bound is
-        defined as the bitwise-or of two predictions.  Bottom is defined as 0,
-        and Top is defined as all bits being set.  Added the ability to explicitly
-        distinguish between a node having had a prediction associated with it,
-        and that prediction still being valid (i.e. no conflicting predictions
-        have also been added).  Used this to guard the speculative JIT from
-        speculating Int32 in cases where the graph knows that the value is
-        double, which currently only happens for GetLocal nodes on arguments
-        which were double at compile-time.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::isCellPrediction):
-        (JSC::DFG::isArrayPrediction):
-        (JSC::DFG::isInt32Prediction):
-        (JSC::DFG::isDoublePrediction):
-        (JSC::DFG::isNumberPrediction):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
-
-2011-07-27  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=65294
-        DFG JIT - may speculate based on wrong arguments.
-
-        Reviewed by Oliver Hunt
-
-        In the case of a DFG compiled function calling to and compiling a second function that
-        also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
-        we call compileFor passing the caller functions exec state, rather than the callee's.
-        This may lead to mis-optimization, since the DFG compiler will example the exec state's
-        arguments on the assumption that these will be passed to the callee - it is wanting the
-        callee exec state, not the caller's exec state.
-
-        Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
-        function is compiled, & the structure of the calls in the Interpreter::execute methods.
-        Only fix for compilation from the JIT, in other calls don't speculate based on arguments
-        for now.
-
-        * dfg/DFGOperations.cpp:
-        * runtime/Executable.cpp:
-        (JSC::tryDFGCompile):
-        (JSC::tryDFGCompileFunction):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileFor):
-
-2011-07-27  Oliver Hunt  <oliver@apple.com>
-
-        Handle callback oriented JSONP
-        https://bugs.webkit.org/show_bug.cgi?id=65271
-
-        Reviewed by Gavin Barraclough.
-
-        Handle the callback oriented versions of JSONP.  The Literal parser
-        now handles <Identifier> (. <Identifier>)* (jsonData).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::tryJSONPParse):
-        (JSC::LiteralParser::Lexer::lex):
-        * runtime/LiteralParser.h:
-
-2011-07-27  Stephanie Lewis  <slewis@apple.com>
-
-        Revert http://trac.webkit.org/changeset/90415.
-        Caused a 5% sunspider regression in-browser.
-
-        Unreviewed rollout.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::releaseExecutableMemory):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::invalidateCode):
-        * runtime/RegExp.h:
-
-2011-07-27  Shinya Kawanaka  <shinyak@google.com>
-
-        Added an interface to take IsWhiteSpaceFunctionPtr.
-        https://bugs.webkit.org/show_bug.cgi?id=57746
-
-        Reviewed by Kent Tamura.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::stripWhiteSpace):
-          Added an interface to take IsWhiteSpaceFunctionPtr.
-        (WTF::StringImpl::simplifyWhiteSpace): ditto.
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.cpp:
-        (WTF::String::stripWhiteSpace): ditto.
-        (WTF::String::simplifyWhiteSpace): ditto.
-        * wtf/text/WTFString.h:
-
-2011-07-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT speculation failure code performs incorrect conversions in
-        the case where two registers need to be swapped.
-        https://bugs.webkit.org/show_bug.cgi?id=65233
-
-        Reviewed by Gavin Barraclough.
-        
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::GeneralizedRegister::swapWith):
-
-2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        reduce and reduceRight bind callback's this to null rather than undefined
-        https://bugs.webkit.org/show_bug.cgi?id=62264
-
-        Reviewed by Oliver Hunt.
-
-        Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
-        when calling the callback function without an argument for this, which means it should 
-        be undefined according to ES 15.4.4.21 and 15.4.4.22.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-
-2011-07-26  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC command-line tool does not come with any facility for
-        measuring time precisely.
-        https://bugs.webkit.org/show_bug.cgi?id=65223
-
-        Reviewed by Gavin Barraclough.
-        
-        Exposed WTF::currentTime() as currentTimePrecise().
-
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionPreciseTime):
-
-2011-07-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT never emits inline double comparisons, even when it
-        would be obvious more efficient to do so.
-        https://bugs.webkit.org/show_bug.cgi?id=65212
-
-        Reviewed by Gavin Barraclough.
-        
-        This handles the obvious case of inlining double comparisons: it only addresses
-        the speculative JIT, and only for fused compare/branch sequences.  But it does
-        handle the case where both operands are double (and there is no slow path),
-        or where one operand is double and the other is unknown type (in which case it
-        attempts to unbox the double, otherwise taking slow path).  This is an 0.8%
-        speed-up on SunSpider.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertToDouble):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-
-2011-07-26  Filip Pizlo  <fpizlo@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64969
-        DFG JIT generates inefficient code for speculation failures.
-
-        Reviewed by Gavin Barraclough.
-        
-        This implements a speculation failure strategy where (1) values spilled on
-        non-speculative but not spilled on speculative are spilled, (2) values that
-        are in registers on both paths are rearranged without ever touching memory,
-        and (3) values spilled on speculative but not spilled on non-speculative are
-        filled.
-        
-        The register shuffling is the most interesting part of this patch.  It
-        constructs a permutation graph for registers.  Each node represents a
-        register, and each directed edge corresponds to the register's value having
-        to be moved to a different register as part of the shuffling.  This is a
-        directed graph where each node may only have 0 or 1 incoming edges, and
-        0 or 1 outgoing edges.  The algorithm then first finds maximal non-cyclic
-        subgraphs where all nodes in the subgraph are reachable from a start node.
-        Such subgraphs always resemble linked lists, and correspond to simply
-        moving the value in the second-to-last register into the last register, and
-        then moving the value in the third-to-last register into the second-to-last
-        register, and so on.  Once these subgraphs are taken care of, the remaining
-        subgraphs are cycles, and are handled using either (a) conversion or no-op
-        if the cycle involves one node, (b) swap if it involves two nodes, or (c)
-        a cyclic shuffle involving a scratch register if there are three or more
-        nodes.
-        
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::needDataFormatConversion):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
-        (JSC::DFG::GeneralizedRegister::createGPR):
-        (JSC::DFG::GeneralizedRegister::createFPR):
-        (JSC::DFG::GeneralizedRegister::dump):
-        (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
-        (JSC::DFG::GeneralizedRegister::findInEntryLocation):
-        (JSC::DFG::GeneralizedRegister::previousDataFormat):
-        (JSC::DFG::GeneralizedRegister::nextDataFormat):
-        (JSC::DFG::GeneralizedRegister::convert):
-        (JSC::DFG::GeneralizedRegister::moveTo):
-        (JSC::DFG::GeneralizedRegister::swapWith):
-        (JSC::DFG::ShuffledRegister::ShuffledRegister):
-        (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
-        (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
-        (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
-        (JSC::DFG::ShuffledRegister::lookup):
-        (JSC::DFG::lookupForRegister):
-        (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
-        (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
-        (JSC::DFG::NodeToRegisterMap::set):
-        (JSC::DFG::NodeToRegisterMap::end):
-        (JSC::DFG::NodeToRegisterMap::find):
-        (JSC::DFG::NodeToRegisterMap::clear):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        (JSC::DFG::JITCompiler::linkSpeculationChecks):
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::EntryLocation::EntryLocation):
-        * dfg/DFGNonSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculationCheck::SpeculationCheck):
-        * dfg/DFGSpeculativeJIT.h:
-
-2011-07-26  Oliver Hunt  <oliver@apple.com>
-
-        Buffer overflow creating error messages for JSON.parse
-        https://bugs.webkit.org/show_bug.cgi?id=65211
-
-        Reviewed by Darin Adler.
-
-        Parse string length to the UString constructor.
-
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::parse):
-
-2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Refactor automatically generated JS DOM bindings to replace operator new with static create methods
-        https://bugs.webkit.org/show_bug.cgi?id=64732
-
-        Reviewed by Oliver Hunt.
-
-        Replacing the public constructors in the automatically generated JS DOM bindings with static 
-        create methods.  JSByteArray is used by several of these bindings in WebCore.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::create):
-        * runtime/JSByteArray.h:
-
-2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Unreviewed build fix for Qt/Linux.
-
-        On platforms with no glib and gstreamer we should not build javascriptcore
-        with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
-
-        * wtf/wtf.pri:
-
-2011-07-26  Juan C. Montemayor  <jmont@apple.com>
-
-        JSON errors should be informative
-        https://bugs.webkit.org/show_bug.cgi?id=63339
-
-        Added error messages to the JSON Parser.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::getErrorMessage):
-        (JSC::LiteralParser::Lexer::sawError):
-        (JSC::LiteralParser::Lexer::getErrorMessage):
-
-2011-07-26  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r91746.
-        http://trac.webkit.org/changeset/91746
-        https://bugs.webkit.org/show_bug.cgi?id=65180
-
-        It broke SL build (Requested by Ossy on #webkit).
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::stripWhiteSpace):
-        (WTF::StringImpl::simplifyWhiteSpace):
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.cpp:
-        * wtf/text/WTFString.h:
-
-2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
-        https://bugs.webkit.org/show_bug.cgi?id=63472
-
-        Enable the bits needed for GStreamer only when QtMultimedia is not used.
-
-        * wtf/wtf.pri:
-
-2011-07-26  Shinya Kawanaka  <shinyak@google.com>
-
-        Added an interface to take IsWhiteSpaceFunctionPtr.
-        https://bugs.webkit.org/show_bug.cgi?id=57746
-
-        Reviewed by Kent Tamura.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::stripWhiteSpace):
-          Added an interface to take IsWhiteSpaceFunctionPtr.
-        (WTF::StringImpl::simplifyWhiteSpace): ditto.
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.cpp:
-        (WTF::String::stripWhiteSpace): ditto.
-        (WTF::String::simplifyWhiteSpace): ditto.
-        * wtf/text/WTFString.h:
-
-2011-07-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG non-speculative JIT emits inefficient code for arithmetic
-        involving two registers
-        https://bugs.webkit.org/show_bug.cgi?id=65160
-
-        Reviewed by Gavin Barraclough.
-        
-        The non-speculative JIT now emits inline code for double arithmetic, but
-        still attempts integer arithmetic first.  This is a speed-up on SunSpider
-        (albeit a small one), and a large speed-up on Kraken.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-
-2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        [EFL] Build break with --debug after r89153.
-        https://bugs.webkit.org/show_bug.cgi?id=65150
-
-        Unreviewed build fix.
-
-        * wtf/CMakeListsEfl.txt: Add missing libraries.
-
-2011-07-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG non-speculative JIT emits obviously inefficient code for arithmetic
-        where one operand is a constant.
-        https://bugs.webkit.org/show_bug.cgi?id=65146
-
-        Reviewed by Gavin Barraclough.
-        
-        Changed the code to emit double arithmetic inline.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-
-2011-07-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT bytecode parser misuses pointers into objects allocated as part of a
-        WTF::Vector.
-        https://bugs.webkit.org/show_bug.cgi?id=65128
-
-        Reviewed by Gavin Barraclough.
-        
-        The bytecode parser code seems to be right to have a DFGNode& phiNode reference
-        into the graph, since this makes the code greatly more readable.  This patch
-        thus makes the minimal change necessary to make the code right: it uses a
-        pointer (to disambiguate between reloading the pointer and performing a
-        copy from one location of the vector to another) and reloads it after the
-        calls to addToGraph().
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-
-2011-07-25  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r91686.
-        http://trac.webkit.org/changeset/91686
-        https://bugs.webkit.org/show_bug.cgi?id=65144
-
-        1.5% regression in JSC (Requested by jmontemayor on #webkit).
-
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-
-2011-07-25  Jon Lee  <jonlee@apple.com>
-
-        Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
-        https://bugs.webkit.org/show_bug.cgi?id=65132
-        <rdar://problem/9836297>
-        
-        Reviewed by Oliver Hunt.
-        
-        Make sure the JIT is available to use before running the following calls:
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
-
-2011-07-25  Juan C. Montemayor  <jmont@apple.com>
-
-        JSON errors should be informative
-        https://bugs.webkit.org/show_bug.cgi?id=63339
-
-        Added error messages to the JSON Parser.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::getErrorMessage):
-        (JSC::LiteralParser::Lexer::sawError):
-        (JSC::LiteralParser::Lexer::getErrorMessage):
-
-2011-07-25  Filip Pizlo  <fpizlo@apple.com>
-
-        X86-64 assembler emits three instructions instead of two for certain
-        loads and stores.
-        https://bugs.webkit.org/show_bug.cgi?id=65095
-
-        Reviewed by Gavin Barraclough.
-        
-        Simply made these four methods in the assembler use the scratch register,
-        which they were previously avoiding.  It still optimizes for the case where
-        an absolute address memory accesses is using EAX.  This results in a slight
-        performance improvement.
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::load32):
-        (JSC::MacroAssemblerX86_64::store32):
-        (JSC::MacroAssemblerX86_64::loadPtr):
-        (JSC::MacroAssemblerX86_64::storePtr):
-
-2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
-        https://bugs.webkit.org/show_bug.cgi?id=64354
-
-        Use ecore_time_unix_get which returns unix time as double type for currentTime
-        and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
-
-        Reviewed by Kent Tamura.
-
-        * wtf/CurrentTime.cpp:
-        (WTF::currentTime):
-        (WTF::monotonicallyIncreasingTime):
-
-2011-07-22  Sommer Panage  <panage@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
-        https://bugs.webkit.org/show_bug.cgi?id=64981
-
-        UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
-        Currently, the C API does not provide the tools to do this. However, the private API
-        does expose the necessary functionality to get a backtrace
-        (via Interpreter::retrieveLastCaller). We recognize this information may result in
-        failure in the cases of programs run by 'eval', stack frames beneath host function
-        call frames, and in programs run from other programs. Thus, we propose exporting our
-        JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
-        we need while not advertising an API that isn't really ready for full use.
-
-        * API/JSContextRef.cpp:
-        * API/JSContextRefPrivate.h:
-        * JavaScriptCore.exp:
-
-
-2011-07-22  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=65051
-        DFG JIT - Enable by default for mac platform on x86-64.
-
-        Rubber Stamped by Geoff Garen.
-
-        This is now a performance progression.
-
-        * wtf/Platform.h:
-            - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
-
-2011-07-22  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=65047
-        DFG JIT - Add support for op_resolve/op_resolve_base
-
-        Reviewed by Sam Weinig.
-
-        These are necessary for any significant eval code coverage
-        (and as such increase LayoutTest coverage).
-
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::recordResolve):
-            - Conservatively blow aliasing optimizations for now.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-            - Add support for op_resolve/op_resolve_base.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::callOperation):
-            - Add call with exec, identifer aguments.
-        * dfg/DFGNode.h:
-            - Add new node types.
-        (JSC::DFG::Node::hasIdentifier):
-            - Resolve nodes have identifiers, too!
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-            - Add generation for new Nodes.
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-            - Added new operations.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Add generation for new Nodes.
-
-2011-07-22  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=65036
-        Messing with the register allocation within flow control = badness.
-
-        Reviewed by Sam Weinig.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-            - Fix register allocation.
-
-2011-07-22  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
-        https://bugs.webkit.org/show_bug.cgi?id=63986
-
-        Reviewed by Geoffrey Garen.
-
-        Changed the implementation of Date.prototype.toISOString() to use the extended year
-        format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncToISOString):
-
-2011-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-07-21  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Build fix after r91555.
-
-        * JavaScriptCore.exp:
-
-2011-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=19271
-        eliminate PIC branches by changing NaN handling in JSValue::toNumber
-
-        Reviewed by Sam Weinig.
-
-        Moving the non-numeric cases out of line seems to be a consistent
-        win on SunSpider for me, to the order of about 0.5%.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::toNumber):
-            - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toNumberSlowCase):
-            - Added toNumberSlowCase, handling non-numeric cases.
-        * runtime/JSValue.h:
-            - Add declaration of toNumberSlowCase.
-
-2011-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64875
-        Use of `yield` keyword is broken
-
-        Reviewed by Sam Weinig.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-            - The bug here is that a successful match of a RESERVED_IF_STRICT token from
-              parseKeyword is being nullified back to IDENT. The problem is that in the
-              case of IDENT matches parseKeyword should not move the lexer's input
-              position, but in the case of RESERVED_IF_STRICT it has done so.
-
-2011-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64900
-        Function.prototype.apply should accept an array-like object as its second argument
-
-        Reviewed by Sam Weinig.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncApply):
-            - Remove the type error if object is not an array.
-
-2011-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64964
-        DFG JIT - Enable support for eval code
-
-        Reviewed by Sam Weinig.
-
-        This is basically the same as program code, to the JIT!
-
-        * bytecode/Opcode.cpp:
-        * bytecode/Opcode.h:
-            - Enable opcodeNames in !NDEBUG builds.
-        * dfg/DFGOperations.cpp:
-            - Fix a bug exposed by eval support, throw correct type error for new.
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-            - Enable DFG JIT for eval code.
-
-2011-07-20  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r91380.
-        http://trac.webkit.org/changeset/91380
-        https://bugs.webkit.org/show_bug.cgi?id=64924
-
-        Caused assertion failures in Chromium's IndexedDB tests
-        (Requested by rniwa on #webkit).
-
-        * wtf/ThreadIdentifierDataPthreads.cpp:
-        (WTF::ThreadIdentifierData::identifier):
-        (WTF::ThreadIdentifierData::initialize):
-        (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
-        (WTF::ThreadIdentifierData::initializeKeyOnce):
-        * wtf/ThreadIdentifierDataPthreads.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-
-2011-07-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG non-speculative JIT does not use() the aliased GetByVal,
-        resulting in bloated use counts.
-        https://bugs.webkit.org/show_bug.cgi?id=64911
-
-        Reviewed by Gavin Barraclough.
-        
-        Inserted a call to use() for the aliased GetByVal.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-07-20  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64909
-        DFG JIT - Missing ToInt32 conversions for double constants.
-
-        Reviewed by Sam Weinig.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::toInt32):
-            - We cannot trivially omit ToInt32 conversions on double constants.
-
-2011-07-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT sometimes claims to use compare operands twice, leading to
-        use count corruption.
-        https://bugs.webkit.org/show_bug.cgi?id=64903
-
-        Reviewed by Gavin Barraclough.
-        
-        Move the calls to use() in SpeculativeJIT::compare() so that they only happen
-        if the JITCodeGenerator's helper method (which also calls use()) is not called.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-
-2011-07-20  Oliver Hunt  <oliver@apple.com>
-
-        Don't throw away code when JSGarbageCollect API is called
-        https://bugs.webkit.org/show_bug.cgi?id=64894
-
-        Reviewed by Sam Weinig.
-
-        Just call collectAllGarbage.  That will clean up all unneeded
-        code without causing any pathological recompilation problems.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-
-2011-07-20  Oliver Hunt  <oliver@apple.com>
-
-        Codeblock doesn't visit cached structures in global resolve instructions
-        https://bugs.webkit.org/show_bug.cgi?id=64889
-
-        Reviewed by Sam Weinig.
-
-        Visit the global resolve instructions.  This fixes a couple
-        of random crashes seen in the jquery tests when using the
-        interpreter.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-
-2011-07-20  James Robinson  <jamesr@chromium.org>
-
-        Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
-        https://bugs.webkit.org/show_bug.cgi?id=64841
-
-        Reviewed by Mark Rowe.
-
-        http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
-        monotonic clock instead of WTF::currentTime().  This broke many plugin tests on WebKit2 for reasons that are
-        unclear.  This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::ThreadCondition::timedWait):
-        * wtf/ThreadingWin.cpp:
-        (WTF::absoluteTimeToWaitTimeoutInterval):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::ThreadCondition::timedWait):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-2011-07-14  David Levin  <levin@chromium.org>
-
-        currentThread is too slow!
-        https://bugs.webkit.org/show_bug.cgi?id=64577
-
-        Reviewed by Darin Adler and Dmitry Titov.
-
-        The problem is that currentThread results in a pthread_once call which always takes a lock.
-        With this change, currentThread is 10% faster than isMainThread in release mode and only
-        5% slower than isMainThread in debug.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp:
-        (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
-        which is no longer needed because this is called from initializeThreading().
-        (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
-        intialization of the pthread key should already be done.
-        (WTF::ThreadIdentifierData::initialize): Ditto.
-        * wtf/ThreadIdentifierDataPthreads.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading): Acquire the pthread key here.
-
-2011-07-20  Mark Rowe  <mrowe@apple.com>
-
-        Fix the 32-bit build.
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncToString):
-
-2011-07-19  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64678
-        Fix bugs in Object.prototype this handling.
-
-        Reviewed by Darin Adler.
-
-        Fix ES5.1 correctness issues identified by Mads Ager.
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncToString):
-            - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
-
-2011-07-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
-        https://bugs.webkit.org/show_bug.cgi?id=63918
-
-        Reviewed by Darin Adler.
-
-        When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
-        method due to additional string copying within several of the constructors when dealing with 
-        UStrings.  This has been added to the UString version of the appendStringInConstruct method 
-        within the JSString class.
-
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::appendStringInConstruct):
-
-2011-07-19  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64679
-        Fix bugs in Array.prototype this handling.
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-            - These methods should throw if this value is undefined.
-
-2011-07-19  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64677
-        Fix bugs in String.prototype this handling.
-
-        Reviewed by Oliver Hunt.
-
-        undefined/null this values should throw TypeErrors, not convert to
-        the global object, and primitive values should not be converted via
-        object types.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncCharAt):
-        (JSC::stringProtoFuncCharCodeAt):
-        (JSC::stringProtoFuncIndexOf):
-        (JSC::stringProtoFuncLastIndexOf):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSlice):
-        (JSC::stringProtoFuncSplit):
-        (JSC::stringProtoFuncSubstr):
-        (JSC::stringProtoFuncSubstring):
-        (JSC::stringProtoFuncToLowerCase):
-        (JSC::stringProtoFuncToUpperCase):
-        (JSC::stringProtoFuncLocaleCompare):
-        (JSC::stringProtoFuncBig):
-        (JSC::stringProtoFuncSmall):
-        (JSC::stringProtoFuncBlink):
-        (JSC::stringProtoFuncBold):
-        (JSC::stringProtoFuncFixed):
-        (JSC::stringProtoFuncItalics):
-        (JSC::stringProtoFuncStrike):
-        (JSC::stringProtoFuncSub):
-        (JSC::stringProtoFuncSup):
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-        (JSC::trimString):
-            - These methods should throw if this value is undefined,
-              convert ToString directly, not via ToObject.
-
-2011-07-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT sometimes emits spill code even when the respective values
-        are never needed.
-        https://bugs.webkit.org/show_bug.cgi?id=64774
-
-        Reviewed by Gavin Barraclough.
-        
-        The main high-level change is that it is now easier to call use() on a
-        virtual register.  JSValueOperand and its other-typed relatives now have
-        a handy use() method, and jsValueResult() and friends now make it easier to
-        pass UseChildrenCalledExplicitly.
-        
-        The rest of this patch hoists the call to use() as high as possible for
-        all of those cases where either flushRegisters() or silentSpillAllRegisters()
-        may be called.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedGetMethod):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
-        (JSC::DFG::JITCodeGenerator::emitBranch):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::use):
-        (JSC::DFG::JITCodeGenerator::integerResult):
-        (JSC::DFG::JITCodeGenerator::jsValueResult):
-        (JSC::DFG::IntegerOperand::use):
-        (JSC::DFG::DoubleOperand::use):
-        (JSC::DFG::JSValueOperand::use):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::valueToNumber):
-        (JSC::DFG::NonSpeculativeJIT::valueToInt32):
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculateStrictInt32Operand::use):
-        (JSC::DFG::SpeculateCellOperand::use):
-
-2011-07-19  Xan Lopez  <xlopez@igalia.com>
-
-        ARMv7 backend broken, lacks 3 parameter rshift32 method
-        https://bugs.webkit.org/show_bug.cgi?id=64571
-
-        Reviewed by Zoltan Herczeg.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
-
-2011-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not optimize strict equality as effectively as the old JIT does.
-        https://bugs.webkit.org/show_bug.cgi?id=64759
-
-        Reviewed by Gavin Barraclough.
-        
-        This adds a more complete set of strict equality optimizations.  If either
-        operand is known numeric, then the code reverts to the old style of optimizing
-        (first try integer comparison).  Otherwise it uses the old JIT's trick of
-        first simultaneously checking if both operands are either numbers or cells;
-        if not then a fast path is taken.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-18  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64760
-        DFG JIT - Should be able to compile program code.
-
-        Reviewed by Geoff Garen.
-
-        Add support for op_end, hooks to compile program code in Executable.cpp.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-            - Add support for op_end
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileBody):
-        (JSC::DFG::JITCompiler::link):
-            - Added, separate out steps of compileFunction.
-        (JSC::DFG::JITCompiler::compile):
-            - Added, compile program code.
-        (JSC::DFG::JITCompiler::compileFunction):
-            - Sections separated out to helper functions.
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::JITCompiler):
-            - Added m_exceptionCheckCount.
-        * runtime/Executable.cpp:
-        (JSC::tryDFGCompile):
-        (JSC::tryDFGCompileFunction):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-            - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
-
-2011-07-18  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64678
-        Fix bugs in Object.prototype this handling.
-
-        Reviewed by Oliver Hunt.
-
-        undefined/null this values should throw TypeErrors, not convert to the global object,
-        also, to toLocaleString should be calling the ToObject & invoking the object's toString
-        function, even for values that are already strings.
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncValueOf):
-        (JSC::objectProtoFuncHasOwnProperty):
-        (JSC::objectProtoFuncIsPrototypeOf):
-        (JSC::objectProtoFuncPropertyIsEnumerable):
-        (JSC::objectProtoFuncToLocaleString):
-        (JSC::objectProtoFuncToString):
-
-2011-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC lazy sweep does not inline the common cases of cell destruction.
-        https://bugs.webkit.org/show_bug.cgi?id=64745
-
-        Reviewed by Oliver Hunt.
-        
-        This inlines the case of JSFinalObject destruction.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::lazySweep):
-
-2011-07-18  Oliver Hunt  <oliver@apple.com>
-
-        Interpreter build-fix
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2011-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not optimize equal-null comparisons and branches.
-        https://bugs.webkit.org/show_bug.cgi?id=64659
-
-        Reviewed by Gavin Barraclough.
-        
-        Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
-        which is used by both the speculative and non-speculative JIT.  Through
-        the use of the new isNullConstant helper, the two JITs invoke the
-        nonSpecualtiveCompareNull() helper instead of their regular comparison
-        helpers when compiling CompareEq.  Through the use of the new isKnownCell
-        helper, the compare-null code will skip the is-a-cell check if the
-        speculative JIT had been speculating cell.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownCell):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::isNullConstant):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-18  James Robinson  <jamesr@chromium.org>
-
-        Timer scheduling should be based off the monotonic clock
-        https://bugs.webkit.org/show_bug.cgi?id=64544
-
-        Reviewed by Darin Adler.
-
-        Switches ThreadCondition::timedWait and related utility functions from currentTime() to
-        monotonicallyIncreasingTime().
-
-        Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::ThreadCondition::timedWait):
-        * wtf/ThreadingWin.cpp:
-        (WTF::absoluteTimeToWaitTimeoutInterval):
-        * wtf/gtk/ThreadingGtk.cpp:
-        (WTF::ThreadCondition::timedWait):
-        * wtf/qt/ThreadingQt.cpp:
-        (WTF::ThreadCondition::timedWait):
-
-2011-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC JIT does not inline GC allocation fast paths
-        https://bugs.webkit.org/show_bug.cgi?id=64582
-
-        Reviewed by Oliver Hunt.
-
-        This addresses inlining allocation for the easiest-to-allocate cases:
-        op_new_object and op_create_this.  Inlining GC allocation fast paths
-        required three changes.  First, the JSGlobalData now saves the vtable
-        pointer of JSFinalObject, since that's what op_new_object and
-        op_create_this allocate.  Second, the Heap exposes a reference to
-        the appropriate SizeClass, so that the JIT may inline accesses
-        directly to the SizeClass for JSFinalObject allocations.  And third,
-        the JIT is extended with code to emit inline fast paths for GC
-        allocation.  A stub call is emitted in the case where the inline fast
-        path fails.
-
-        * heap/Heap.h:
-        (JSC::Heap::sizeClassFor):
-        (JSC::Heap::allocate):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSFinalObject):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emitSlow_op_new_object):
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emitSlow_op_create_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emitSlow_op_new_object):
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emitSlow_op_create_this):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs):
-        * runtime/JSGlobalData.h:
-        * runtime/JSObject.h:
-        (JSC::JSFinalObject::JSFinalObject):
-        (JSC::JSObject::offsetOfInheritorID):
-
-2011-07-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Refactor JSC to replace JSCell::operator new with static create method
-        https://bugs.webkit.org/show_bug.cgi?id=64466
-
-        Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
-
-        First step in a longer refactoring process to remove the use of
-        operator new overloading in order to allocate GC objects and to replace
-        this method with static create methods for each individual type of heap-allocated
-        JS object.  This particular patch only deals with replacing uses of
-        operator new within JSC proper.  Future patches will remove it from the
-        parts that interface with the DOM.  Due to the DOM's continued dependence
-        on it, operator new has not actually been removed from JSCell.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::create):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::create):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::operator new):
-        (JSC::JSCallbackObject::create):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::createActivation):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::makeFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::create):
-        (GlobalObject::GlobalObject):
-        (functionRun):
-        (jscmain):
-        * runtime/Arguments.h:
-        (JSC::Arguments::create):
-        (JSC::Arguments::createNoParameters):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::create):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::create):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanConstructor.h:
-        (JSC::BooleanConstructor::create):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::create):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::create):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::create):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::create):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::create):
-        * runtime/Error.cpp:
-        (JSC::createError):
-        (JSC::createEvalError):
-        (JSC::createRangeError):
-        (JSC::createReferenceError):
-        (JSC::createSyntaxError):
-        (JSC::createTypeError):
-        (JSC::createURIError):
-        (JSC::StrictModeTypeErrorFunction::create):
-        (JSC::createTypeErrorFunction):
-        * runtime/ErrorConstructor.h:
-        (JSC::ErrorConstructor::create):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        (JSC::ErrorInstance::create):
-        * runtime/ErrorInstance.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::create):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        (JSC::InterruptedExecutionError::create):
-        (JSC::createInterruptedExecutionException):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        (JSC::TerminatedExecutionError::create):
-        (JSC::createTerminatedExecutionException):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::create):
-        (JSC::NativeExecutable::create):
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::EvalExecutable::create):
-        (JSC::ProgramExecutable::create):
-        (JSC::FunctionExecutable::create):
-        (JSC::FunctionExecutable::make):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunctionSkippingEvalEnabledCheck):
-        * runtime/FunctionConstructor.h:
-        (JSC::FunctionConstructor::create):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::create):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::create):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::create):
-        (JSC::jsAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::create):
-        * runtime/JSArray.h:
-        (JSC::JSArray::create):
-        * runtime/JSCell.h:
-        (JSC::JSCell::allocateCell):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::create):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::constructEmptyArray):
-        (JSC::constructArray):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::create):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::create):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::putDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSFinalObject::create):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSString.cpp:
-        (JSC::JSString::substringFromRope):
-        (JSC::JSString::replaceCharacter):
-        (JSC::StringObject::create):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::create):
-        (JSC::RopeBuilder::createHasOtherOwner):
-        (JSC::jsSingleCharacterString):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsNontrivialString):
-        (JSC::jsString):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toObjectSlowCase):
-        (JSC::JSValue::synthesizeObject):
-        (JSC::JSValue::synthesizePrototype):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/MathObject.h:
-        (JSC::MathObject::create):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::create):
-        * runtime/NativeErrorPrototype.h:
-        (JSC::NativeErrorPrototype::create):
-        * runtime/NumberConstructor.cpp:
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::create):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::create):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::create):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::create):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::create):
-        * runtime/Operations.h:
-        (JSC::jsString):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::createWithoutCaching):
-        (JSC::RegExp::create):
-        * runtime/RegExp.h:
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::arrayOfMatches):
-        (JSC::constructRegExp):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::create):
-        * runtime/RegExpMatchesArray.h:
-        (JSC::RegExpMatchesArray::create):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::create):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::create):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::create):
-        (JSC::ScopeChainNode::push):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::createEmptyString):
-        (JSC::SmallStrings::createSingleCharacterString):
-        * runtime/StringConstructor.cpp:
-        (JSC::constructWithStringConstructor):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::create):
-        * runtime/StringObject.h:
-        (JSC::StringObject::create):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::create):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::create):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::createStructure):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-
-2011-07-17  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
-        https://bugs.webkit.org/show_bug.cgi?id=64337
-
-        Replace ecore_timer_add to Ecore_Pipe.
-        This is needed because ecore_timer should not be called in a child thread,
-        but in the main thread.
-
-        Reviewed by Antonio Gomes.
-
-        * wtf/efl/MainThreadEfl.cpp:
-        (WTF::pipeObject):
-        (WTF::monitorDispatchFunctions):
-        (WTF::initializeMainThreadPlatform):
-        (WTF::scheduleDispatchFunctionsOnMainThread):
-
-2011-07-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
-        https://bugs.webkit.org/show_bug.cgi?id=64637
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGOperations.cpp:
-
-2011-07-16  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64657
-        Converted this value not preserved when accessed via direct eval.
-
-        Reviewed by Oliver Hunt.
-
-        Upon entry into a non-strict function, primitive this values should be boxed as Object types
-        (or substituted with the global object) - which is done by op_convert_this. However we only
-        do so where this is used lexically within the function (we omit the conversion op if not).
-        The problem comes if a direct eval (running within the function's scope) accesses the this
-        value.
-
-        We are safe in the case of a single eval, since the this object will be converted within
-        callEval, however the converted value is not preserved, and a new wrapper object is allocated
-        each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
-        object will be lost between eval statements.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-            - If a function uses eval, we always need to convert this.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-            - Don't convert primitive values here - this is too late!
-        (JSC::Interpreter::privateExecute):
-            - Changed op_convert_this to call new isPrimitive method.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Changed op_convert_this to call new isPrimitive method.
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::isPrimitive):
-            - Added JSValue::isPrimitive.
-        * runtime/JSValue.h:
-            - Added JSValue::isPrimitive.
-
-2011-07-16  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT compare/branch code emits is-integer tests even when a value is
-        definitely not an integer.
-        https://bugs.webkit.org/show_bug.cgi?id=64654
-
-        Reviewed by Gavin Barraclough.
-        
-        Added the isKnownNotInteger() method, which returns true if a node is
-        definitely not an integer and will always fail any is-integer test.  Then
-        modified the compare and branch code to use this method; if it returns
-        true then is-int tests are omitted and the compiler always emits a slow
-        call.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-
-2011-07-16  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT has dead code for slow calls for branches.
-        https://bugs.webkit.org/show_bug.cgi?id=64653
-
-        Reviewed by Gavin Barraclough.
-        
-        Removed SpeculativeJIT::compilePeepHoleCall.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        * dfg/DFGSpeculativeJIT.h:
-
-2011-07-15  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build.
-
-        * dfg/DFGGraph.h:
-
-2011-07-15  Gavin Barraclough  <barraclough@apple.com>
-
-        NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
-        https://bugs.webkit.org/show_bug.cgi?id=55346
-
-        Reviewed by Sam Weinig.
-
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-            - Switch to putDirect since we're not the only ones tranitioning this Structure now.
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NativeErrorPrototype.h:
-            - Switch base class to ErrorPrototype.
-
-2011-07-15  Gavin Barraclough  <barraclough@apple.com>
-
-        DFG JIT - Where arguments passed are integers, speculate this.
-        https://bugs.webkit.org/show_bug.cgi?id=64630
-
-        Reviewed by Sam Weinig.
-
-        Presently the DFG JIT is overly aggressively predicting double.
-        Use a bit of dynamic information, and curtail this a little.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::predictArgumentTypes):
-            - Check for integer arguments.
-        * dfg/DFGGraph.h:
-            - Function declaration.
-        * runtime/Executable.cpp:
-        (JSC::tryDFGCompile):
-        (JSC::FunctionExecutable::compileForCallInternal):
-            - Add call to predictArgumentTypes.
-
-2011-07-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT is inconsistent about fusing branches and speculating
-        integer comparisons for branches.
-        https://bugs.webkit.org/show_bug.cgi?id=64573
-
-        Reviewed by Gavin Barraclough.
-        
-        This patch moves some of NonSpeculativeJIT's functionality up into the
-        JITCodeGenerator superclass so that it can be used from both JITs.  Now,
-        in cases where the speculative JIT doesn't want to speculate but still
-        wants to emit good code, it can reliably emit the same code sequence as
-        the non-speculative JIT.  This patch also extends the non-speculative
-        JIT's compare optimizations to include compare/branch fusing, and
-        extends the speculative JIT's compare optimizations to cover StrictEqual.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::isKnownInteger):
-        (JSC::DFG::JITCodeGenerator::isKnownNumeric):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
-        (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        * wtf/Platform.h:
-
-2011-07-14  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64250
-        Global strict mode function leaking global object as "this".
-
-        Reviewed by Oliver Hunt.
-
-        The root problem here is that we pass the wrong values into
-        calls, and then try to fix them up in the callee. Correct
-        behaviour per the spec is to pass in the value undefined,
-        as this unless either (1) the function call is based on an
-        explicit property access or (2) the base of the call comes
-        directly from a 'with'.
-
-        This change does away with the need for this conversion of
-        objects (non strict code should only box primitives), and
-        does away with all this conversion for strict functions.
-
-        This patch may have web compatibility ramifications, and may
-        require some advocacy.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * bytecode/Opcode.h:
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * bytecompiler/BytecodeGenerator.h:
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::EvalFunctionCallNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Change NeedsThisConversion check to test for JSString's vptr
-              (objects no longer need conversion).
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveThisAndProperty):
-            - Based on resolveBaseAndProperty, but produce correct this value.
-        (JSC::Interpreter::privateExecute):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * interpreter/Interpreter.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_with_this):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-            - Change NeedsThisConversion check to test for JSString's vptr
-              (objects no longer need conversion).
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_with_this):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-            - Change NeedsThisConversion check to test for JSString's vptr
-              (objects no longer need conversion).
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * jit/JITStubs.h:
-            - Removed op_convert_this_strict, added op_resolve_with_this.
-        * runtime/JSActivation.h:
-            - removed NeedsThisConversion flag, added IsEnvironmentRecord.
-        * runtime/JSStaticScopeObject.h:
-            - removed NeedsThisConversion flag, added IsEnvironmentRecord.
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::createStructure):
-            - removed NeedsThisConversion.
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::isEnvironmentRecord):
-        (JSC::TypeInfo::overridesHasInstance):
-            - removed NeedsThisConversion flag, added IsEnvironmentRecord.
-        * runtime/JSValue.h:
-            - removed NeedsThisConversion.
-        * runtime/JSVariableObject.h:
-            - Corrected StructureFlags inheritance.
-        * runtime/StrictEvalActivation.h:
-        (JSC::StrictEvalActivation::createStructure):
-            - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
-        * runtime/Structure.h:
-            - removed NeedsThisConversion.
-        * tests/mozilla/ecma/String/15.5.4.6-2.js:
-        (getTestCases):
-            - Removed invalid test case.
-
-2011-07-15  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r91082, r91087, and r91089.
-        http://trac.webkit.org/changeset/91082
-        http://trac.webkit.org/changeset/91087
-        http://trac.webkit.org/changeset/91089
-        https://bugs.webkit.org/show_bug.cgi?id=64616
-
-        gtk tests are failing a lot after this change. (Requested by
-        dave_levin on #webkit).
-
-        * wtf/ThreadIdentifierDataPthreads.cpp:
-        (WTF::ThreadIdentifierData::identifier):
-        (WTF::ThreadIdentifierData::initialize):
-        (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
-        (WTF::ThreadIdentifierData::initializeKeyOnce):
-        * wtf/ThreadIdentifierDataPthreads.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading):
-
-2011-07-15  David Levin  <levin@chromium.org>
-
-        Another attempted build fix.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
-        up the definition of PTHREAD_KEYS_MAX.
-
-2011-07-15  David Levin  <levin@chromium.org>
-
-        Chromium build fix.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
-        up the definition of PTHREAD_KEYS_MAX.
-
-2011-07-14  David Levin  <levin@chromium.org>
-
-        currentThread is too slow!
-        https://bugs.webkit.org/show_bug.cgi?id=64577
-
-        Reviewed by Darin Adler and Dmitry Titov.
-
-        The problem is that currentThread results in a pthread_once call which always takes a lock.
-        With this change, currentThread is 10% faster than isMainThread in release mode and only
-        5% slower than isMainThread in debug.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp:
-        (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
-        which is no longer needed because this is called from initializeThreading().
-        (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
-        intialization of the pthread key should already be done.
-        (WTF::ThreadIdentifierData::initialize): Ditto.
-        * wtf/ThreadIdentifierDataPthreads.h:
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeThreading): Acquire the pthread key here.
-
-2011-07-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not optimize Branch as well as it could.
-        https://bugs.webkit.org/show_bug.cgi?id=64574
-
-        Reviewed by Gavin Barraclough.
-        
-        This creates a common code path for emitting unfused branches, which does
-        no speculation, and only performs a slow call if absolutely necessary.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitBranch):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-14  Filip Pizlo  <fpizlo@apple.com>
-
-        GC allocation fast path has too many operations.
-        https://bugs.webkit.org/show_bug.cgi?id=64493
-
-        Reviewed by Darin Adler.
-        
-        Changed the timing of the lazy sweep so that it occurs when we land on
-        a previously-unsweeped block, rather than whenever we land on an unsweeped
-        cell.  After the per-block lazy sweep occurs, the block is turned into a
-        singly linked list of free cells.  The allocation fast path is now just a
-        load-branch-store to remove a cell from the head of the list.
-        
-        Additionally, this changes the way new blocks are allocated.  Previously,
-        they would be populated with dummy cells.  With this patch, they are
-        turned into a free list, which means that there will never be destructor
-        calls for allocations in fresh blocks.
-        
-        These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
-        SunSpider.  There are no observed statistically significant slow-downs
-        on any individual benchmark.
-
-        * JavaScriptCore.exp:
-        * heap/Heap.cpp:
-        (JSC::Heap::allocateSlowCase):
-        (JSC::Heap::collect):
-        (JSC::Heap::canonicalizeBlocks):
-        (JSC::Heap::resetAllocator):
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell):
-        (JSC::Heap::forEachCell):
-        (JSC::Heap::forEachBlock):
-        (JSC::Heap::allocate):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::lazySweep):
-        (JSC::MarkedBlock::blessNewBlockForFastPath):
-        (JSC::MarkedBlock::blessNewBlockForSlowPath):
-        (JSC::MarkedBlock::canonicalizeBlock):
-        * heap/MarkedBlock.h:
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::addBlock):
-        (JSC::NewSpace::canonicalizeBlocks):
-        * heap/NewSpace.h:
-        (JSC::NewSpace::allocate):
-        (JSC::NewSpace::SizeClass::SizeClass):
-        (JSC::NewSpace::SizeClass::canonicalizeBlock):
-        * heap/OldSpace.cpp:
-        (JSC::OldSpace::addBlock):
-
-2011-07-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT crashes on host constructor calls in debug mode.
-        https://bugs.webkit.org/show_bug.cgi?id=64562
-        
-        Reviewed by Gavin Barraclough.
-        
-        Fixed the relevant ASSERT.
-
-        * dfg/DFGOperations.cpp:
-
-2011-07-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT contains a FIXME for rewinding speculative code generation that
-        has already been fixed.
-        https://bugs.webkit.org/show_bug.cgi?id=64022
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2011-07-14  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        [EFL] Add OwnPtr specialization for Ecore_Pipe.
-        https://bugs.webkit.org/show_bug.cgi?id=64515
-
-        Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
-
-        Reviewed by Xan Lopez.
-
-        * wtf/OwnPtrCommon.h:
-        * wtf/efl/OwnPtrEfl.cpp:
-        (WTF::deleteOwnedPtr):
-
-2011-07-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT unnecessarily boxes and unboxes values during silent spilling.
-        https://bugs.webkit.org/show_bug.cgi?id=64068
-
-        Reviewed by Gavin Barraclough.
-        
-        Silent spilling and filling of registers is done during slow-path C
-        function calls.  The silent spill/fill logic does not affect register
-        allocation on paths that don't involve the C function call.
-        
-        This changes the silent spilling code to spill in unboxed form.  The
-        silent fill will refill in whatever form the register was spilled in.
-        For example, the silent spill code may choose not to spill the register
-        because it was already spilled previously, which would imply that it
-        was spilled in boxed form.  The filling code detects this and either
-        unboxes, or not, depending on what is appropriate.
-        
-        This change also results in a simplification of the silent spill/fill
-        API: silent spilling no longer needs to know about the set of registers
-        that cannot be trampled, since it never does boxing and hence does not
-        need a temporary register.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::valueToNumber):
-        (JSC::DFG::NonSpeculativeJIT::valueToInt32):
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-        (JSC::DFG::NonSpeculativeJIT::compare):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-13  Michael Saboff  <msaboff@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64202
-        Enh: Improve handling of RegExp in the form of /.*blah.*/
-
-        Reviewed by Gavin Barraclough.
-
-        Added code to both the Yarr interpreter and JIT to handle
-        these expressions a little differently.  First off, the terms
-        in between the leading and trailing .*'s cannot capture and
-        also this enhancement is limited to single alternative expressions.
-        If an expression is of the right form with the aforementioned
-        restrictions, we process the inner terms and then look for the
-        beginning of the string and end of the string.  There is handling 
-        for multiline expressions to allow the beginning and end to be 
-        right after and right before newlines.
-
-        This enhancement speeds up expressions of this type 12x on
-        a MacBookPro.
-
-        Cleaned up 'case' statement indentation.
-
-        A new set of tests was added as LayoutTests/fast/regex/dotstar.html
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::InputStream::end):
-        (JSC::Yarr::Interpreter::matchDotStarEnclosure):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/YarrInterpreter.h:
-        (JSC::Yarr::ByteTerm::DotStarEnclosure):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
-        (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
-        (JSC::Yarr::YarrGenerator::generateTerm):
-        (JSC::Yarr::YarrGenerator::backtrackTerm):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
-        (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
-        (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
-        (JSC::Yarr::YarrPattern::compile):
-        * yarr/YarrPattern.h:
-        (JSC::Yarr::PatternTerm::PatternTerm):
-
-2011-07-13  Xan Lopez  <xlopez@igalia.com>
-
-        [GTK] Fix distcheck
-
-        Reviewed by Martin Robinson.
-
-        * GNUmakefile.list.am: add missing files.
-
-2011-07-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not implement prototype chain or list caching for get_by_id.
-        https://bugs.webkit.org/show_bug.cgi?id=64147
-
-        Reviewed by Gavin Barraclough.
-        
-        This implements unified support for prototype caching, prototype chain
-        caching, and polymorphic (i.e. list) prototype and prototype chain
-        caching.  This is done by creating common code for emitting prototype
-        or chain access stubs, and having it factored out into
-        generateProtoChainAccessStub().  This function is called by
-        tryCacheGetByID once the latter determines that some form of prototype
-        access caching is necessary (i.e. the slot being accessed is not on the
-        base value but on some other object).
-        
-        Direct prototype list, and prototype chain list, caching is implemented by
-        linking the slow path to operationGetByIdProtoBuildList(), which uses the
-        same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
-        
-        This change required ensuring that the value in the scratchGPR field in
-        StructureStubInfo is preserved even after the stub info is in the
-        chain, or proto_list, states.  Hence scratchGPR was moved out of the union
-        and into the top-level of StructureStubInfo.
-        
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitRestoreScratch):
-        (JSC::DFG::linkRestoreScratch):
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::dfgBuildGetByIDProtoList):
-        (JSC::DFG::tryCachePutByID):
-        * dfg/DFGRepatch.h:
-
-2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
-
-        Standardize WinCairo conditionalized code under PLATFORM macro.
-        https://bugs.webkit.org/show_bug.cgi?id=64377
-
-        Reviewed by Maciej Stachowiak.
-
-        * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
-
-2011-07-13  David Levin  <levin@chromium.org>
-
-        Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
-        https://bugs.webkit.org/show_bug.cgi?id=64465
-
-        Reviewed by Dmitry Titov.
-
-        There isn't a good way to test this as it is very highly unlikely to occur.
-
-        * wtf/ThreadIdentifierDataPthreads.cpp:
-        (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
-        isn't thread-safe, change the initialization to be global.
-
-2011-07-12  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64424
-        Our direct eval behaviour deviates slightly from the spec.
-
-        Reviewed by Oliver Hunt.
-
-        The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
-        behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
-        or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
-        may be introduced into the caller's environment.
-
-        ES5 direct calls are any call where the callee function is provided by a reference, a base
-        of that Reference is an EnvironmentRecord (this corresponds to all productions
-        "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
-        of the reference is "eval". This means any expression of the form "eval(...)", and that
-        calls the standard built in eval method from on the Global Object, is considered to be
-        direct.
-
-        In JavaScriptCore we are currently overly restrictive. We also check that the
-        EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
-        at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
-        that hits a var eval in a nested scope is not considered to be direct. This behaviour does
-        not emanate from the spec, and is incorrect.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-            - Fixed direct eval check in op_call_eval.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Fixed direct eval check in op_call_eval.
-        * runtime/Executable.h:
-        (JSC::isHostFunction):
-            - Added check for host function with specific NativeFunction.
-
-2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
-
-        Reviewed by Andreas Kling.
-
-        Broken build on QNX
-        https://bugs.webkit.org/show_bug.cgi?id=63717
-
-        QNX doesn't support pthread's SA_RESTART (required by
-        JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
-        few minor compilation errors here and there.
-
-        Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
-        tested by him on QNX v6.5 (x86)
-
-        * wtf/DateMath.cpp: fix usage of abs/labs
-        * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
-        * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
-
-2011-07-12  Anders Carlsson  <andersca@apple.com>
-
-        If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
-        https://bugs.webkit.org/show_bug.cgi?id=64429
-
-        Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
-
-        * wtf/NullPtr.h:
-
-2011-07-13  MORITA Hajime  <morrita@google.com>
-
-        Refactoring: Ignored ExceptionCode value should be less annoying.
-        https://bugs.webkit.org/show_bug.cgi?id=63688
-
-        Added ASSERT_AT macro.
-
-        Reviewed by Darin Adler.
-
-        * wtf/Assertions.h:
-
-2011-07-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not implement op_construct.
-        https://bugs.webkit.org/show_bug.cgi?id=64066
-
-        Reviewed by Gavin Barraclough.
-        
-        This is a fixed implementation of op_construct.  Constructor calls are implemented
-        by reusing almost all of the code for Call, with care taken to make sure that
-        where the are differences (like selecting different code blocks), those differences
-        are respected.  The two fixes over the last patch are: (1) make sure the
-        CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
-        make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
-        (either CodeForCall or CodeForConstruct) when invoking the compiler.
-
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::recordConstruct):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkFor):
-        * dfg/DFGRepatch.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/CodeBlock.cpp:
-        (JSC::CodeBlock::unlinkCalls):
-
-2011-07-12  Oliver Hunt  <oliver@apple.com>
-
-        Overzealous type validation in method_check
-        https://bugs.webkit.org/show_bug.cgi?id=64415
-
-        Reviewed by Gavin Barraclough.
-
-        method_check is essentially just a value look up
-        optimisation, but it internally stores the value
-        as a JSFunction, even though it never relies on
-        this fact.  Under GC validation however we end up
-        trying to enforce that assumption.  The fix is
-        simply to store the value as a correct supertype.
-
-        * bytecode/CodeBlock.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchGetMethodFast):
-        (JSC::DFG::tryCacheGetMethod):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2011-07-12  Filip Pizlo  <fpizlo@apple.com>
-
-        COLLECT_ON_EVERY_ALLOCATION no longer works.
-        https://bugs.webkit.org/show_bug.cgi?id=64388
-
-        Reviewed by Oliver Hunt.
-        
-        Added a flag to Heap that determines if it's safe to collect (which for now means that
-        JSGlobalObject has actually been initialized, but it should work for other things, too).
-        This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
-        GCing it just grows the heap, if necessary.
-        
-        Then changed Heap::allocate() to not recurse ad infinitum when
-        COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
-        resilient against bugs; this change allowed me to put in handy assertions, such as that
-        an allocation must succeed after either a collection or after a new block was added.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::tryAllocate):
-        (JSC::Heap::allocate):
-        (JSC::Heap::collectAllGarbage):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (JSC::Heap::notifyIsSafeToCollect):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2011-07-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT put_by_id transition caching does not inform the GC about the structure and
-        prototype chain that it is referencing.
-        https://bugs.webkit.org/show_bug.cgi?id=64387
-
-        Reviewed by Gavin Barraclough.
-        
-        Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCachePutByID):
-
-2011-07-12  Adam Roben  <aroben@apple.com>
-
-        Ensure no intermediate WTF::Strings are created when concatenating with string literals
-
-        Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
-        operator+ is suboptimal
-
-        Reviewed by Darin Adler.
-
-        * wtf/text/StringConcatenate.h:
-        (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
-        many WTF::Strings get copied while evaluating an operator+ expression.
-
-        * wtf/text/StringOperators.h:
-        (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
-        side, since operator+ is left-associative. Having the StringAppend on the right-hand side
-        was causing us to make intermediate WTF::Strings when evaluating expressions that contained
-        multiple calls to operator+. Added some more overloads for that take a left-hand side of
-        const char* to resolve overload ambiguity for certain expressions. Added overloads that take
-        a left-hand side of const UChar* (matching the const char* overloads) so that wide string
-        literals don't first have to be converted to a WTF::String in operator+ expressions.
-
-2011-07-12  Adam Roben  <aroben@apple.com>
-
-        Unreviewed, rolling out r90811.
-        http://trac.webkit.org/changeset/90811
-        https://bugs.webkit.org/show_bug.cgi?id=61025
-
-        Several svg tests failing assertions beneath
-        SVGSMILElement::findInstanceTime
-
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearch):
-
-2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
-
-        Reviewed by Nikolas Zimmermann.
-
-        Speed up SVGSMILElement::findInstanceTime.
-        https://bugs.webkit.org/show_bug.cgi?id=61025
-
-        Add a new parameter to StdlibExtras.h::binarySerarch function
-        to also handle cases when the array does not contain the key value.
-        This is needed for an svg function.
-
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearch):
-
-2011-07-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT does not guard itself against floating point speculation
-        failures on non-floating-point constants.
-        https://bugs.webkit.org/show_bug.cgi?id=64330
-
-        Reviewed by Gavin Barraclough.
-        
-        Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
-        soon as it notices that it's speculating on something that is a non-numeric
-        JSConstant.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2011-07-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG Speculative JIT does not always insert speculation checks when speculating
-        arrays.
-        https://bugs.webkit.org/show_bug.cgi?id=64254
-
-        Reviewed by Gavin Barraclough.
-        
-        Changed the SetLocal instruction to always validate that the value being stored
-        into the local variable is an array, if that variable was marked PredictArray.
-        This is necessary since uses of arrays assume that if a PredictArray value is
-        in a local variable then the speculation check validating that the value is an
-        array was already performed.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-11  Gabor Loki  <loki@webkit.org>
-
-        Fix the condition of the optimized code in doubleTransfer
-        https://bugs.webkit.org/show_bug.cgi?id=64261
-
-        Reviewed by Zoltan Herczeg.
-
-        The condition of the optimized code in doubleTransfer is wrong. The
-        data transfer should be executed with four bytes aligned address.
-        VFP cannot perform unaligned memory access.
-
-        Reported by Jacob Bramley.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::doubleTransfer):
-
-2011-07-11  Gabor Loki  <loki@webkit.org>
-
-        Signed arithmetic bug in dataTransfer32.
-        https://bugs.webkit.org/show_bug.cgi?id=64257
-
-        Reviewed by Zoltan Herczeg.
-
-        An arithmetic bug is fixed. If the offset of dataTransfer is half of the
-        addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
-        a load instruction is emitted with a wrong zero offset.
-
-        Inspired by Jacob Bramley's patch from JaegerMonkey.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::dataTransfer32):
-
-2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
-
-        Fix unaligned userspace access for SH4 platforms. 
-        https://bugs.webkit.org/show_bug.cgi?id=62993
-
-        * wtf/Platform.h:
-
-2011-07-09  Chao-ying Fu  <fu@mips.com>
-
-        Fix MIPS build due to readInt32 and readPointer
-        https://bugs.webkit.org/show_bug.cgi?id=63962
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::readInt32):
-        (JSC::MIPSAssembler::readPointer):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::rshift32):
-
-2011-07-08  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64181
-        REGRESSION (r90602): Gmail doesn't load
-
-        Rolling out r90601, r90602.
-
-        * dfg/DFGAliasTracker.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addVarArgChild):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::dfgLinkCall):
-        * dfg/DFGRepatch.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSObject.h:
-        (JSC::JSObject::isUsingInlineStorage):
-
-2011-07-08  Kalev Lember  <kalev@smartlink.ee>
-
-        Reviewed by Adam Roben.
-
-        Add missing _WIN32_WINNT and WINVER definitions
-        https://bugs.webkit.org/show_bug.cgi?id=59702
-
-        Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
-        available for all source files.
-
-        In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
-        DeleteTimerQueueTimer which are both guarded by
-        #if (_WIN32_WINNT >= 0x0500)
-        in MinGW headers.
-
-        * config.h:
-        * wtf/Assertions.cpp:
-
-2011-07-08  Chang Shu  <cshu@webkit.org>
-
-        Rename "makeSecure" to "fill" and remove the support for displaying last character
-        to avoid layering violatation.
-        https://bugs.webkit.org/show_bug.cgi?id=59114
-
-        Reviewed by Alexey Proskuryakov.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.order:
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::fill):
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.h:
-        (WTF::String::fill):
-
-2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
-
-        [WK2] Do not forward touch events to the web process when it does not need them
-        https://bugs.webkit.org/show_bug.cgi?id=64164
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Add a convenience function to obtain a reference to the last element of a Deque.
-
-        * wtf/Deque.h:
-        (WTF::Deque::last):
-
-2011-07-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not implement op_construct.
-        https://bugs.webkit.org/show_bug.cgi?id=64066
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::recordConstruct):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkFor):
-        * dfg/DFGRepatch.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not implement get_by_id prototype caching.
-        https://bugs.webkit.org/show_bug.cgi?id=64077
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitRestoreScratch):
-        (JSC::DFG::linkRestoreScratch):
-        (JSC::DFG::tryCacheGetByID):
-        * runtime/JSObject.h:
-        (JSC::JSObject::addressOfPropertyAtOffset):
-
-2011-07-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT method_check implementation does not link to optimized get_by_id
-        slow path.
-        https://bugs.webkit.org/show_bug.cgi?id=64073
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchGetMethodFast):
-
-2011-07-07  Oliver Hunt  <oliver@apple.com>
-
-        Encode jump and link sizes into the appropriate enums
-        https://bugs.webkit.org/show_bug.cgi?id=64123
-
-        Reviewed by Sam Weinig.
-
-        Finally kill off the out of line jump and link size arrays, 
-        so we can avoid icky loads and constant fold the linking arithmetic.
-
-        * assembler/ARMv7Assembler.cpp:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::jumpSizeDelta):
-        (JSC::ARMv7Assembler::computeJumpType):
-
-2011-07-06  Juan C. Montemayor  <jmont@apple.com>
-
-        ASSERT_NOT_REACHED running test 262
-        https://bugs.webkit.org/show_bug.cgi?id=63951
-        
-        Added a case to the switch statement where the code was failing. Fixed
-        some logic as well that gave faulty error messages.
-
-        Reviewed by Gavin Barraclough.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::getTokenName):
-        (JSC::JSParser::updateErrorMessageSpecialCase):
-        (JSC::JSParser::updateErrorMessage):
-
-2011-07-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT implementation of op_call results in regressions on sunspider
-        controlflow-recursive.
-        https://bugs.webkit.org/show_bug.cgi?id=64039
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isInteger):
-
-2011-07-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not support method_check
-        https://bugs.webkit.org/show_bug.cgi?id=63972
-
-        Reviewed by Gavin Barraclough.
-
-        * assembler/CodeLocation.h:
-        (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::recordGetMethod):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedGetMethod):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addMethodGet):
-        (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchGetMethodFast):
-        (JSC::DFG::tryCacheGetMethod):
-        (JSC::DFG::dfgRepatchGetMethod):
-        * dfg/DFGRepatch.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITWriteBarrier.h:
-        (JSC::JITWriteBarrier::set):
-
-2011-07-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT op_call implementation will flush registers even when those registers are dead
-        https://bugs.webkit.org/show_bug.cgi?id=64023
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::integerResult):
-        (JSC::DFG::JITCodeGenerator::noResult):
-        (JSC::DFG::JITCodeGenerator::cellResult):
-        (JSC::DFG::JITCodeGenerator::jsValueResult):
-        (JSC::DFG::JITCodeGenerator::doubleResult):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculative JIT may crash when speculating int on a non-int JSConstant.
-        https://bugs.webkit.org/show_bug.cgi?id=64017
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
-
-        Reviewed by David Levin.
-
-        Allow substitution of dynamic annotations and prevent identical code folding by the linker.
-        https://bugs.webkit.org/show_bug.cgi?id=62443
-
-        * wtf/DynamicAnnotations.cpp:
-        (WTFAnnotateBenignRaceSized):
-        (WTFAnnotateHappensBefore):
-        (WTFAnnotateHappensAfter):
-
-2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Calls on 32 bit machines are failed after r90423
-        https://bugs.webkit.org/show_bug.cgi?id=63980
-
-        Reviewed by Gavin Barraclough.
-
-        Copy the necessary lines from JITCall.cpp.
-
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-
-2011-07-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT virtual call implementation is inefficient.
-        https://bugs.webkit.org/show_bug.cgi?id=63974
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGOperations.cpp:
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
-        (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
-        (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
-        (JSC::ExecutableBase::hasJITCodeForCall):
-        (JSC::ExecutableBase::hasJITCodeForConstruct):
-        (JSC::ExecutableBase::hasJITCodeFor):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::scopeUnchecked):
-
-2011-07-05  Oliver Hunt  <oliver@apple.com>
-
-        Force inlining of simple functions that show up as not being inlined
-        https://bugs.webkit.org/show_bug.cgi?id=63964
-
-        Reviewed by Gavin Barraclough.
-
-        Looking at profile data indicates the gcc is failing to inline a
-        number of trivial functions.  This patch hits the ones that show
-        up in profiles with the ALWAYS_INLINE hammer.
-
-        We also replace the memcpy() call in linking with a manual loop.
-        Apparently memcpy() is almost never faster than an inlined loop.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::add):
-        (JSC::ARMv7Assembler::add_S):
-        (JSC::ARMv7Assembler::ARM_and):
-        (JSC::ARMv7Assembler::asr):
-        (JSC::ARMv7Assembler::b):
-        (JSC::ARMv7Assembler::blx):
-        (JSC::ARMv7Assembler::bx):
-        (JSC::ARMv7Assembler::clz):
-        (JSC::ARMv7Assembler::cmn):
-        (JSC::ARMv7Assembler::cmp):
-        (JSC::ARMv7Assembler::eor):
-        (JSC::ARMv7Assembler::it):
-        (JSC::ARMv7Assembler::ldr):
-        (JSC::ARMv7Assembler::ldrCompact):
-        (JSC::ARMv7Assembler::ldrh):
-        (JSC::ARMv7Assembler::ldrb):
-        (JSC::ARMv7Assembler::lsl):
-        (JSC::ARMv7Assembler::lsr):
-        (JSC::ARMv7Assembler::movT3):
-        (JSC::ARMv7Assembler::mov):
-        (JSC::ARMv7Assembler::movt):
-        (JSC::ARMv7Assembler::mvn):
-        (JSC::ARMv7Assembler::neg):
-        (JSC::ARMv7Assembler::orr):
-        (JSC::ARMv7Assembler::orr_S):
-        (JSC::ARMv7Assembler::ror):
-        (JSC::ARMv7Assembler::smull):
-        (JSC::ARMv7Assembler::str):
-        (JSC::ARMv7Assembler::sub):
-        (JSC::ARMv7Assembler::sub_S):
-        (JSC::ARMv7Assembler::tst):
-        (JSC::ARMv7Assembler::linkRecordSourceComparator):
-        (JSC::ARMv7Assembler::link):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::linkCode):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::nearCall):
-        (JSC::MacroAssemblerARMv7::call):
-        (JSC::MacroAssemblerARMv7::ret):
-        (JSC::MacroAssemblerARMv7::moveWithPatch):
-        (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::storePtrWithPatch):
-        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-
-2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Make "Add optimised paths for a few maths functions" work on Qt
-        https://bugs.webkit.org/show_bug.cgi?id=63893
-
-        Reviewed by Oliver Hunt.
-
-        Move the generated code to the .text section instead of .data section.
-        Fix alignment for the 32 bit thunk code.
-
-        * jit/ThunkGenerators.cpp:
-
-2011-07-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG JIT does not implement op_call.
-        https://bugs.webkit.org/show_bug.cgi?id=63858
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::unlinkCalls):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setNumberOfCallLinkInfos):
-        (JSC::CodeBlock::numberOfCallLinkInfos):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::lookupGetByVal):
-        (JSC::DFG::AliasTracker::recordCall):
-        (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::addVarArgChild):
-        (JSC::DFG::ByteCodeParser::predictInt32):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::opName):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::refChildren):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::useChildren):
-        (JSC::DFG::JITCodeGenerator::emitCall):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::addressOfCallData):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::CallRecord::CallRecord):
-        (JSC::DFG::JITCompiler::notifyCall):
-        (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
-        (JSC::DFG::JITCompiler::addJSCall):
-        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
-        (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::child1):
-        (JSC::DFG::Node::child2):
-        (JSC::DFG::Node::child3):
-        (JSC::DFG::Node::firstChild):
-        (JSC::DFG::Node::numChildren):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-        (JSC::DFG::NonSpeculativeJIT::compare):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkCall):
-        * dfg/DFGRepatch.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::calleeAsValue):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::linkConstruct):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCode.h:
-        (JSC::JITCode::JITCode):
-        (JSC::JITCode::jitType):
-        (JSC::JITCode::HostFunction):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.h:
-
-2011-07-05  Oliver Hunt  <oliver@apple.com>
-
-        Initialize new MarkStack member
-
-        * heap/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-
-2011-07-05  Oliver Hunt  <oliver@apple.com>
-
-        Don't throw out compiled code repeatedly
-        https://bugs.webkit.org/show_bug.cgi?id=63960
-
-        Reviewed by Gavin Barraclough.
-
-        Stop throwing away all compiled code every time
-        we're told to do a full GC.  Instead unlink all
-        callsites during such GC passes to maximise the
-        number of collectable functions, but otherwise
-        leave compiled functions alone.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::shouldUnlinkCalls):
-        (JSC::MarkStack::setShouldUnlinkCalls):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::recompileAllJSFunctions):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::invalidateCode):
-        * runtime/RegExp.h:
-
-2011-07-05  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC JIT has code duplication for the handling of call and construct
-        https://bugs.webkit.org/show_bug.cgi?id=63957
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::linkFor):
-        * jit/JIT.h:
-        * jit/JITStubs.cpp:
-        (JSC::jitCompileFor):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::arityCheckFor):
-        (JSC::lazyLinkFor):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::generatedJITCodeFor):
-        (JSC::FunctionExecutable::compileFor):
-        (JSC::FunctionExecutable::isGeneratedFor):
-        (JSC::FunctionExecutable::generatedBytecodeFor):
-        (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
-
-2011-07-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix following last patch.
-
-        * runtime/JSFunction.cpp:
-        (JSC::createPrototypeProperty):
-
-2011-07-05  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=63947
-        ASSERT running Object.preventExtensions(Math.sin)
-
-        Reviewed by Oliver Hunt.
-
-        This is due to calling scope() on a hostFunction as a part of
-        calling createPrototypeProperty to reify the prototype property.
-        But host functions don't have a prototype property anyway!
-
-        Prevent callling createPrototypeProperty on a host function.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::createPrototypeProperty):
-        (JSC::JSFunction::preventExtensions):
-
-2011-07-04  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=63880
-        Evaluation order of conversions of operands to >, >= incorrect.
-
-        Reviewed by Sam Weinig.
-
-        Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
-        spec. This allows these methods to be reused to perform >, >= relational compares
-        with correct ordering of type conversions.
-
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Operations.h:
-        (JSC::jsLess):
-        (JSC::jsLessEq):
-
-2011-07-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=16652
-        Firefox and JavaScriptCore differ in Number.toString(integer)
-
-        Our arbitrary radix (2..36) toString conversion is inaccurate.
-        This is partly because it uses doubles to perform math that requires
-        higher accuracy, and partly becasue it does not attempt to correctly
-        detect where to terminate, instead relying on a simple 'epsilon'.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::decomposeDouble):
-            - helper function to extract sign, exponent, mantissa from IEEE doubles.
-        (JSC::Uint16WithFraction::Uint16WithFraction):
-            - helper class, u16int with infinite precision fraction, used to convert
-              the fractional part of the number to a string.
-        (JSC::Uint16WithFraction::operator*=):
-            - Multiply by a uint16.
-        (JSC::Uint16WithFraction::operator<):
-            - Compare two Uint16WithFractions.
-        (JSC::Uint16WithFraction::floorAndSubtract):
-            - Extract the integer portion of the number, and subtract it (clears the integer portion).
-        (JSC::Uint16WithFraction::comparePoint5):
-            - Compare to 0.5.
-        (JSC::Uint16WithFraction::sumGreaterThanOne):
-            - Passed a second Uint16WithFraction, returns true if the result of adding
-              the two values would be greater than one.
-        (JSC::Uint16WithFraction::isNormalized):
-            - Used by ASSERTs to consistency check internal representation.
-        (JSC::BigInteger::BigInteger):
-            - helper class, unbounded integer value, used to convert the integer part
-              of the number to a string.
-        (JSC::BigInteger::divide):
-            - Divide this value through by a uint32.
-        (JSC::BigInteger::operator!):
-            - test for zero.
-        (JSC::toStringWithRadix):
-            - Performs number to string conversion, with the given radix (2..36).
-        (JSC::numberProtoFuncToString):
-            - Changed to use toStringWithRadix.
-
-2011-07-04  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=63881
-        Need separate bytecodes for handling >, >= comparisons.
-
-        Reviewed by Oliver Hunt.
-
-        This clears the way to fix Bug#63880. We currently handle greater-than comparisons
-        as being using the corresponding op_less, etc opcodes.  This is incorrect with
-        respect to evaluation ordering of the implicit conversions performed on operands -
-        we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
-        but instead convert RHS then LHS.
-
-        This patch adds opcodes for greater-than comparisons mirroring existing ones used
-        for less-than.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfTrue):
-        (JSC::BytecodeGenerator::emitJumpIfFalse):
-        * bytecompiler/NodesCodegen.cpp:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compare):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JSC::JIT::emit_op_loop_if_greater):
-        (JSC::JIT::emitSlow_op_loop_if_greater):
-        (JSC::JIT::emit_op_loop_if_greatereq):
-        (JSC::JIT::emitSlow_op_loop_if_greatereq):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jgreater):
-        (JSC::JIT::emit_op_jgreatereq):
-        (JSC::JIT::emit_op_jngreater):
-        (JSC::JIT::emit_op_jngreatereq):
-        (JSC::JIT::emitSlow_op_jgreater):
-        (JSC::JIT::emitSlow_op_jgreatereq):
-        (JSC::JIT::emitSlow_op_jngreater):
-        (JSC::JIT::emitSlow_op_jngreatereq):
-        (JSC::JIT::emit_compareAndJumpSlow):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitBinaryDoubleOp):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * parser/NodeConstructors.h:
-        (JSC::GreaterNode::GreaterNode):
-        (JSC::GreaterEqNode::GreaterEqNode):
-        * parser/Nodes.h:
-
-2011-07-03  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=63879
-        Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
-
-        Reviewed by Sam Weinig.
-        
-        There is a lot of copy & paste code here; we can reduce duplication by making
-        a shared implementation.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::branch32):
-        (JSC::MacroAssembler::commute):
-            - Make these function platform agnostic.
-        * assembler/MacroAssemblerX86Common.h:
-            - Moved branch32/commute up to MacroAssembler.
-        * jit/JIT.h:
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emitSlow_op_loop_if_lesseq):
-            - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_jless):
-        (JSC::JIT::emit_op_jlesseq):
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emit_op_jnlesseq):
-        (JSC::JIT::emitSlow_op_jless):
-        (JSC::JIT::emitSlow_op_jlesseq):
-        (JSC::JIT::emitSlow_op_jnless):
-        (JSC::JIT::emitSlow_op_jnlesseq):
-            - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
-        (JSC::JIT::emit_compareAndJump):
-        (JSC::JIT::emit_compareAndJumpSlow):
-            - Internal implmementation of jless etc for JSVALUE64.
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_compareAndJump):
-        (JSC::JIT::emit_compareAndJumpSlow):
-            - Internal implmementation of jless etc for JSVALUE32_64.
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-            - Remove old implementation of emit_op_loop_if_lesseq.
-
-2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r90347.
-        http://trac.webkit.org/changeset/90347
-        https://bugs.webkit.org/show_bug.cgi?id=63886
-
-        Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
-        (Requested by tkent on #webkit).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/BigInteger.h: Removed.
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToPrecision):
-        (JSC::numberProtoFuncToString):
-        * runtime/Uint16WithFraction.h: Removed.
-        * wtf/MathExtras.h:
-
-2011-06-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=16652
-        Firefox and JavaScriptCore differ in Number.toString(integer)
-
-        Our arbitrary radix (2..36) toString conversion is inaccurate.
-        This is partly because it uses doubles to perform math that requires
-        higher accuracy, and partly becasue it does not attempt to correctly
-        detect where to terminate, instead relying on a simple 'epsilon'.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::decomposeDouble):
-            - helper function to extract sign, exponent, mantissa from IEEE doubles.
-        (JSC::Uint16WithFraction::Uint16WithFraction):
-            - helper class, u16int with infinite precision fraction, used to convert
-              the fractional part of the number to a string.
-        (JSC::Uint16WithFraction::operator*=):
-            - Multiply by a uint16.
-        (JSC::Uint16WithFraction::operator<):
-            - Compare two Uint16WithFractions.
-        (JSC::Uint16WithFraction::floorAndSubtract):
-            - Extract the integer portion of the number, and subtract it (clears the integer portion).
-        (JSC::Uint16WithFraction::comparePoint5):
-            - Compare to 0.5.
-        (JSC::Uint16WithFraction::sumGreaterThanOne):
-            - Passed a second Uint16WithFraction, returns true if the result of adding
-              the two values would be greater than one.
-        (JSC::Uint16WithFraction::isNormalized):
-            - Used by ASSERTs to consistency check internal representation.
-        (JSC::BigInteger::BigInteger):
-            - helper class, unbounded integer value, used to convert the integer part
-              of the number to a string.
-        (JSC::BigInteger::divide):
-            - Divide this value through by a uint32.
-        (JSC::BigInteger::operator!):
-            - test for zero.
-        (JSC::toStringWithRadix):
-            - Performs number to string conversion, with the given radix (2..36).
-        (JSC::numberProtoFuncToString):
-            - Changed to use toStringWithRadix.
-
-2011-07-02  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=63866
-        DFG JIT - implement instanceof
-
-        Reviewed by Sam Weinig.
-
-        Add ops CheckHasInstance & InstanceOf to implement bytecodes
-        op_check_has_instance & op_instanceof. This is an initial
-        functional implementation, performance is a wash. We can
-        follow up with changes to fuse the InstanceOf node with
-        a subsequant branch, as we do with other comparisons.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::jitAssertIsCell):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::jitAssertIsCell):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-07-01  Oliver Hunt  <oliver@apple.com>
-
-        IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
-        https://bugs.webkit.org/show_bug.cgi?id=63732
-
-        Reviewed by Gavin Barraclough.
-
-        Initialise the memory at the head of the new storage so that
-        GC is safe if triggered by reportExtraMemoryCost.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::increaseVectorPrefixLength):
-
-2011-07-01  Oliver Hunt  <oliver@apple.com>
-
-        GC sweep can occur before an object is completely initialised
-        https://bugs.webkit.org/show_bug.cgi?id=63836
-
-        Reviewed by Gavin Barraclough.
-
-        In rare cases it's possible for a GC sweep to occur while a
-        live, but not completely initialised object is on the stack.
-        In such a case we may incorrectly choose to mark it, even
-        though it has no children that need marking.
-
-        We resolve this by always zeroing out the structure of any
-        value returned from JSCell::operator new(), and making the
-        markstack tolerant of a null structure. 
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::~JSCell):
-        (JSC::JSCell::JSCell::operator new):
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend):
-
-2011-07-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG non-speculative JIT always performs slow C calls for div and mod.
-        https://bugs.webkit.org/show_bug.cgi?id=63684
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-
-2011-07-01  Juan C. Montemayor  <jmont@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Lexer error messages are currently appalling
-        https://bugs.webkit.org/show_bug.cgi?id=63340
-
-        Added error messages for the Lexer. These messages will be displayed
-        instead of the lexer error messages from the parser that are currently
-        shown.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::getInvalidCharMessage):
-        (JSC::Lexer::setCode):
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::lex):
-        (JSC::Lexer::clear):
-        * parser/Lexer.h:
-        (JSC::Lexer::getErrorMessage):
-        (JSC::Lexer::setOffset):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-
-2011-07-01  Jungshik Shin  <jshin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
-        build files for ports not using ICU.
-        Add icu/unicode/uscript.h for ports using ICU. It's taken from 
-        ICU 3.6 (the version used on Mac OS 10.5)
-
-        http://bugs.webkit.org/show_bug.cgi?id=20797
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * icu/unicode/uscript.h: Added for UScriptCode enum.
-        * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
-        * wtf/unicode/icu/UnicodeIcu.h:
-        * wtf/unicode/brew/UnicodeBrew.h:
-        * wtf/unicode/glib/UnicodeGLib.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        * wtf/unicode/wince/UnicodeWinCE.h:
-
-2011-07-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63819
-        Escaping of forwardslashes in strings incorrect if multiple exist.
-
-        The bug is in the parameters passed to a substring - should be
-        start & length, but we're passing start & end indices!
-
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectSource):
-
-2011-07-01  Adam Roben  <aroben@apple.com>
-
-        Roll out r90194
-        http://trac.webkit.org/changeset/90194
-        https://bugs.webkit.org/show_bug.cgi?id=63778
-
-        Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
-        assertions in WriteBarrierBase<JSC::Structure>::get
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::~JSCell):
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add optimised paths for a few maths functions
-        https://bugs.webkit.org/show_bug.cgi?id=63757
-
-        Relanding as a Mac only patch.
-
-        This adds specialised thunks for Math.abs, Math.round, Math.ceil,
-        Math.floor, Math.log, and Math.exp as they are apparently more
-        important in real web content than we thought, which is somewhat
-        mind-boggling.  On average doubles the performance of the common
-        cases (eg. actually passing numbers in).  They're not as efficient
-        as they could be, but this way gives them the most portability.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsDoubleBitops):
-        (JSC::MacroAssemblerARM::andnotDouble):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
-        (JSC::MacroAssemblerARMv7::andnotDouble):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::andnotDouble):
-        (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::supportsDoubleBitops):
-        (JSC::MacroAssemblerSH4::andnotDouble):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::supportsDoubleBitops):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::andnotDouble):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::andnpd_rr):
-        * create_hash_table:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        (JSC::SpecializedThunkJIT::callDoubleToDouble):
-        * jit/ThunkGenerators.cpp:
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        * jit/ThunkGenerators.h:
-
-2011-07-01  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
-
-        Fixes the following build error in clang:
-
-            JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
-                 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
-                     ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
-            JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
-                 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
-                                                ^
-                     (                         )
-            fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
-            fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
-            JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
-                 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
-                                        ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-            1 error generated.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
-        tertiary expression evaluate first.
-
-2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r90177 and r90179.
-        http://trac.webkit.org/changeset/90177
-        http://trac.webkit.org/changeset/90179
-        https://bugs.webkit.org/show_bug.cgi?id=63790
-
-        It caused crashes on Qt in debug mode (Requested by Ossy on
-        #webkit).
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::rshift32):
-        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM::sqrtDouble):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARMv7::sqrtDouble):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::sqrtDouble):
-        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::sqrtDouble):
-        * assembler/MacroAssemblerX86.h:
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/MacroAssemblerX86_64.h:
-        * assembler/X86Assembler.h:
-        * create_hash_table:
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::emitLoadDouble):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerators.cpp:
-        * jit/ThunkGenerators.h:
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Beth Dakin.
-
-        Make GC validation clear cell structure on destruction
-        https://bugs.webkit.org/show_bug.cgi?id=63778
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::~JSCell):
-
-2011-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Added write barrier that was missing from put_by_id_transition
-        https://bugs.webkit.org/show_bug.cgi?id=63775
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
-        MacroAssembler& argument so our patching functions could use it.
-
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCachePutByID): Missing barrier!
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
-        because its meaning isn't clear -- maybe in the future we'll have a
-        clear way to pass all stores through a common function that guarantees
-        a write barrier, but that's not the case right now.
-
-2011-06-30  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG non-speculative JIT does not reuse registers when compiling comparisons.
-        https://bugs.webkit.org/show_bug.cgi?id=63565
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-        (JSC::DFG::NonSpeculativeJIT::compare):
-
-2011-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Added empty write barrier stubs in all the right places in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=63764
-        
-        SunSpider thinks this might be a 0.5% speedup. Meh.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
-
-        (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
-        for the case where base == scratch, since we now require base and scratch
-        to be not equal, for the sake of the write barrier.
-
-        * dfg/DFGJITCodeGenerator.h: Le stub.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
-        as the scratch register, since that's incompatible with the write barrier,
-        which needs a distinct base and scratch.
-        
-        Do put the global object into a register before loading its var storage,
-        since it needs to be in a register for the write barrier to operate on it.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
-        places.
-
-        (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
-        is a little more than meaningless.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
-        places.
-
-        (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
-        is a little more than meaningless.
-
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
-        we put the global object in a register and only then load its var storage
-        by offset.
-
-        (JSC::JIT::emitWriteBarrier):
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-        Fix ARMv6 build
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::rshift32):
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add optimised paths for a few maths functions
-        https://bugs.webkit.org/show_bug.cgi?id=63757
-
-        This adds specialised thunks for Math.abs, Math.round, Math.ceil,
-        Math.floor, Math.log, and Math.exp as they are apparently more
-        important in real web content than we thought, which is somewhat
-        mind-boggling.  On average doubles the performance of the common
-        cases (eg. actually passing numbers in).  They're not as efficient
-        as they could be, but this way gives them the most portability.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::supportsDoubleBitops):
-        (JSC::MacroAssemblerARM::andnotDouble):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
-        (JSC::MacroAssemblerARMv7::andnotDouble):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::andnotDouble):
-        (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::supportsDoubleBitops):
-        (JSC::MacroAssemblerSH4::andnotDouble):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::supportsDoubleBitops):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::andnotDouble):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::andnpd_rr):
-        * create_hash_table:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        (JSC::SpecializedThunkJIT::callDoubleToDouble):
-        * jit/ThunkGenerators.cpp:
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        * jit/ThunkGenerators.h:
-
-2011-06-30  Cary Clark  <caryclark@google.com>
-
-        Reviewed by James Robinson.
-
-        Use Skia if Skia on Mac Chrome is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=62999
-
-        * wtf/Platform.h:
-        Add switch to use Skia if, externally,
-        Skia has been enabled by a gyp define.
-
-2011-06-30  Juan C. Montemayor  <jmont@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Web Inspector fails to display source for eval with syntax error
-        https://bugs.webkit.org/show_bug.cgi?id=63583
-
-        Web Inspector now displays a link to an eval statement that contains
-        a syntax error.
-
-        * parser/Parser.h:
-        (JSC::isEvalNode):
-        (JSC::EvalNode):
-        (JSC::Parser::parse):
-
-2011-06-30  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        X86Assembler does not encode byte registers in 64-bit mode correctly.
-        https://bugs.webkit.org/show_bug.cgi?id=63665
-
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::testb_rr):
-        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
-
-2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r90102.
-        http://trac.webkit.org/changeset/90102
-        https://bugs.webkit.org/show_bug.cgi?id=63714
-
-        Lots of tests asserting beneath
-        SVGSMILElement::findInstanceTime (Requested by aroben on
-        #webkit).
-
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearch):
-
-2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
-
-        Reviewed by Nikolas Zimmermann.
-
-        Speed up SVGSMILElement::findInstanceTime.
-        https://bugs.webkit.org/show_bug.cgi?id=61025
-
-        Add a new parameter to StdlibExtras.h::binarySerarch function
-        to also handle cases when the array does not contain the key value.
-        This is needed for an svg function.
-
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearch):
-
-2011-06-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63669
-        DFG JIT - fix spectral-norm regression
-
-        The problem is a mis-speculation leading to us falling off the speculative path.
-        Make the speculation logic slightly smarter, don't predict int if one of the
-        operands is already loaded as a double (we use this logic already for compares).
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
-
-2011-06-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG JIT does not do put_by_id transition caching.
-        https://bugs.webkit.org/show_bug.cgi?id=63662
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addPropertyAccess):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::testPrototype):
-        (JSC::DFG::tryCachePutByID):
-
-2011-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Added a dummy write barrier emitting function in all the right places in the old JIT
-        https://bugs.webkit.org/show_bug.cgi?id=63667
-        
-        SunSpider reports no change.
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emit_op_put_scoped_var): Do it.
-
-        (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
-        for the sake of the write barrier.
-
-        (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emit_op_put_scoped_var): Do it.
-
-        (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
-        for the sake of the write barrier.
-
-        (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
-
-2011-06-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG JIT does not perform get_by_id self list caching.
-        https://bugs.webkit.org/show_bug.cgi?id=63605
-
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::dfgBuildGetByIDList):
-        * dfg/DFGRepatch.h:
-
-2011-06-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG JIT lacks array.length caching.
-        https://bugs.webkit.org/show_bug.cgi?id=63505
-
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::tryAllocate):
-        (JSC::DFG::JITCodeGenerator::selectScratchGPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addPropertyAccess):
-        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::tryAllocate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-
-2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
-
-        Reviewed by Eric Seidel.
-
-        Warnings in JSC's JIT on 32 bit
-        https://bugs.webkit.org/show_bug.cgi?id=63259
-
-        Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-
-2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r89968.
-        http://trac.webkit.org/changeset/89968
-        https://bugs.webkit.org/show_bug.cgi?id=63581
-
-        Broke chromium windows compile (Requested by jamesr on
-        #webkit).
-
-        * wtf/Platform.h:
-
-2011-06-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix sampling build
-        https://bugs.webkit.org/show_bug.cgi?id=63579
-
-        Gets opcode sampling building again, doesn't seem to work alas
-
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::notifyOfScope):
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingTool::SamplingTool):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::enableSampler):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::ScriptExecutable):
-
-2011-06-28  Cary Clark  <caryclark@google.com>
-
-        Reviewed by James Robinson.
-
-        Use Skia if Skia on Mac Chrome is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=62999
-
-        * wtf/Platform.h:
-        Add switch to use Skia if, externally,
-        Skia has been enabled by a gyp define.
-
-2011-06-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        ASSERT when launching debug builds with interpreter and jit enabled
-        https://bugs.webkit.org/show_bug.cgi?id=63566
-
-        Add appropriate guards to the various Executable's memory reporting
-        logic.
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-06-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63563
-        DFG JIT - add support for double arith to speculative path
-
-        Add integer support for div & mod, add double support for div, mod,
-        add, sub & mul, dynamically selecting based on operand types.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::assembler):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::index):
-        (JSC::DFG::SpeculateDoubleOperand::fpr):
-
-2011-06-28  Oliver Hunt  <oliver@apple.com>
-
-        Fix interpreter build.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2011-06-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63561
-        DFG JIT - don't always assume integer in relational compare
-
-        If neither operand is known integer, or either is in double representation,
-        then at least use a function call (don't bail off the speculative path).
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
-        (JSC::DFG::SpeculativeJIT::compareIsInteger):
-
-2011-06-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make constant array optimisation less strict about what constitutes a constant
-        https://bugs.webkit.org/show_bug.cgi?id=63554
-
-        Now allow string constants in array literals to actually be considered constant,
-        and so avoid codegen in array literals with strings in them.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addConstantBuffer):
-        (JSC::CodeBlock::constantBuffer):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addConstantBuffer):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitNewArray):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2011-06-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63560
-        DFG_JIT allow allocation of specific machine registers
-
-        This allow us to allocate the registers necessary to perform x86
-        idiv instructions for div/mod, and may be useful for shifts, too.
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::allocate):
-        (JSC::DFG::GPRResult::GPRResult):
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::allocateSpecific):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isInteger):
-
-2011-06-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=55040
-        RegExp constructor returns the argument regexp instead of a new object
-
-        Per 15.10.3.1, our current behaviour is correct if called as a function,
-        but incorrect when called as a constructor.
-
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        (JSC::constructWithRegExpConstructor):
-        * runtime/RegExpConstructor.h:
-
-2011-06-28  Luke Macpherson   <macpherson@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
-        https://bugs.webkit.org/show_bug.cgi?id=63469
-
-        * wtf/MathExtras.h:
-        (defaultMinimumForClamp):
-        Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
-        (defaultMaximumForClamp):
-        Symmetric alias for std::numeric_limits::max()
-        (clampTo):
-        New templated clamping function that supports arbitrary output types.
-        (clampToInteger):
-        Use new clampTo template.
-        (clampToFloat):
-        Use new clampTo template.
-        (clampToPositiveInteger):
-        Use new clampTo template.
-
-2011-06-28  Adam Roben  <aroben@apple.com>
-
-        Windows Debug build fix after r89885
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
-        JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
-
-2011-06-28  Shinya Kawanaka  <shinyak@google.com>
-
-        Reviewed by Kent Tamura.
-
-        Add const to show() method in WTFString and AtomicString.
-        https://bugs.webkit.org/show_bug.cgi?id=63515
-
-        The lack of const in show() method is painful when
-        doing something like printf-debug.
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::show):
-        * wtf/text/AtomicString.h:
-        * wtf/text/WTFString.cpp:
-        (String::show):
-        * wtf/text/WTFString.h:
-
-2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Build fix attempt after r89885.
-
-        * JavaScriptCore.exp:
-        * jsc.cpp:
-
-2011-06-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Support throwing away non-running code even while other code is running
-        https://bugs.webkit.org/show_bug.cgi?id=63485
-
-        Add a function to CodeBlock to support unlinking direct linked callsites,
-        and then with that in place add logic to discard code from any function
-        that is not currently on the stack.
-
-        The unlinking completely reverts any optimized call sites, such that they
-        may be relinked again in future.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::unlinkCalls):
-        (JSC::CodeBlock::clearEvalCache):
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::clear):
-        * heap/Heap.cpp:
-        (JSC::Heap::getConservativeRegisterRoots):
-        * heap/Heap.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITWriteBarrier.h:
-        (JSC::JITWriteBarrierBase::clear):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionReleaseExecutableMemory):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::unlinkCalls):
-        (JSC::ProgramExecutable::unlinkCalls):
-        (JSC::FunctionExecutable::discardCode):
-        (JSC::FunctionExecutable::unlinkCalls):
-        * runtime/Executable.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::SafeRecompiler::returnValue):
-        (JSC::SafeRecompiler::operator()):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-
-2011-06-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler & Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=50554
-        RegExp.prototype.toString does not escape slashes
-
-        The problem here is that we don't escape forwards slashes when converting
-        a RegExp to a string. This means that RegExp("/").toString() is "///",
-        which is not a valid RegExp literal. Also, we return an invalid literal
-        for RegExp.prototype.toString() ("//", which is an empty single-line comment).
-
-        From ES5:
-        "NOTE: The returned String has the form of a RegularExpressionLiteral that
-        evaluates to another RegExp object with the same behaviour as this object."
-
-        * runtime/RegExpObject.cpp:
-        (JSC::regExpObjectSource):
-            - Escape forward slashes when getting the source of a RegExp.
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-            - Remove unnecessary and erroneous hack to return "//" as the string
-            representation of RegExp.prototype. This is not a valid RegExp literal
-            (it is an empty single-line comment).
-
-2011-06-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63497
-        Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-27  Juan C. Montemayor  <jmont@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
-        https://bugs.webkit.org/show_bug.cgi?id=63392
-        
-        When both TextPosition.h and XPathGrammar.h are included a compile-error
-        is caused, since XPathGrammar.h defines a macro called NUMBER and 
-        TextPosition has a typedef named NUMBER.
-
-        * wtf/text/TextPosition.h:
-        (WTF::TextPosition::TextPosition):
-        (WTF::TextPosition::minimumPosition):
-        (WTF::TextPosition::belowRangePosition):
-
-2011-06-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG JIT does not perform put_by_id caching.
-        https://bugs.webkit.org/show_bug.cgi?id=63409
-
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedPutById):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addPropertyAccess):
-        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchByIdSelfAccess):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::appropriatePutByIdFunction):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::dfgRepatchPutByID):
-        * dfg/DFGRepatch.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Unreviewed build fix. One more filed missing during distcheck, for
-        the MIPS build.
-
-        * GNUmakefile.list.am:
-
-2011-06-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
-        https://bugs.webkit.org/show_bug.cgi?id=63347
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-            - Changed arithmetic operations to speculate in favor of integers.
-        (JSC::DFG::NonSpeculativeJIT::valueToNumber):
-        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
-        (JSC::DFG::NonSpeculativeJIT::basicArithOp):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-        * dfg/DFGOperations.cpp:
-            - Added slow-path routines for arithmetic that perform no speculation; the
-              non-speculative JIT will generate calls to these in cases where its
-              speculation fails.
-        * dfg/DFGOperations.h:
-
-2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Rob Buis.
-
-        Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
-        https://bugs.webkit.org/show_bug.cgi?id=59085
-
-        * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
-
-2011-06-24  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
-        https://bugs.webkit.org/show_bug.cgi?id=63345
-
-        The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
-        return 9 and 10 bit quantities, therefore changed their return type from
-        uint8_t to uint16_t.  Also casted the places where they are used as they
-        are currently shifted and used as 7 or 8 bit values.
-
-        These methods are currently used for literals for stack offsets, 
-        including creating and destroying stack frames.  The prior truncation of
-        the upper bits caused stack frames to be too small, thus allowing a
-        JIT'ed function to access and overwrite stack space outside of the
-        incorrectly sized stack frame.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMThumbImmediate::getUInt9):
-        (JSC::ARMThumbImmediate::getUInt10):
-        (JSC::ARMv7Assembler::add):
-        (JSC::ARMv7Assembler::ldr):
-        (JSC::ARMv7Assembler::str):
-        (JSC::ARMv7Assembler::sub):
-        (JSC::ARMv7Assembler::sub_S):
-
-2011-06-24  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
-        https://bugs.webkit.org/show_bug.cgi?id=63015
-
-        Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
-        min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
-        adjustments are a bug.  These need to reflect the pages that are released
-        in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
-        Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
-        Check() and helper method CheckList() to check the number of actual free pages
-        with free_committed_pages_.
-
-        The symptom of the problem of the existing code is that the scavenger may
-        run unneccesarily without any real work to do, i.e. pages on the free lists.
-        The scanvenger would also end up freeing too many pages, that is going below 
-        the current 528 target free pages.
-
-        Note that the style of the changes was kept consistent with the
-        existing style.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::Check):
-        (WTF::TCMalloc_PageHeap::CheckList):
-        (WTF::TCMalloc_PageHeap::ReleaseFreeList):
-
-2011-06-24  Abhishek Arya  <inferno@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Match other clampTo* functions in style with clampToInteger(float)
-        function.
-        https://bugs.webkit.org/show_bug.cgi?id=53449
-
-        * wtf/MathExtras.h:
-        (clampToInteger):
-        (clampToFloat):
-        (clampToPositiveInteger):
-
-2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r89594.
-        http://trac.webkit.org/changeset/89594
-        https://bugs.webkit.org/show_bug.cgi?id=63316
-
-        It broke 5 tests on the Qt bot (Requested by Ossy_DC on
-        #webkit).
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * icu/unicode/uscript.h: Removed.
-        * wtf/unicode/ScriptCodesFromICU.h: Removed.
-        * wtf/unicode/brew/UnicodeBrew.h:
-        * wtf/unicode/glib/UnicodeGLib.h:
-        * wtf/unicode/icu/UnicodeIcu.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        * wtf/unicode/wince/UnicodeWinCE.h:
-
-2011-06-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
-        https://bugs.webkit.org/show_bug.cgi?id=63173
-
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::cachedGetById):
-        * dfg/DFGJITCodeGenerator.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-23  Oliver Hunt  <oliver@apple.com>
-
-        Fix Qt again.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::readPointer):
-
-2011-06-23  Oliver Hunt  <oliver@apple.com>
-
-        Fix Qt Build
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::readPointer):
-
-2011-06-23  Stephanie Lewis  <slewis@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63298
-        Replace Malloc with FastMalloc to match the rest of wtf.
-
-        * wtf/BlockStack.h:
-        (WTF::::~BlockStack):
-        (WTF::::grow):
-        (WTF::::shrink):
-
-2011-06-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add the ability to dynamically modify linked call sites
-        https://bugs.webkit.org/show_bug.cgi?id=63291
-
-        Add JITWriteBarrier as a writebarrier class that allows
-        reading and writing directly into the code stream.
-
-        This required adding logic to all the assemblers to allow
-        us to read values back out of the instruction stream.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::readPointer):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::readPointer):
-        (JSC::ARMv7Assembler::readInt32):
-        (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
-        (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::readPointer):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::readInt32):
-        (JSC::MIPSAssembler::readPointer):
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodePtr::operator!):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::readPCrelativeAddress):
-        (JSC::SH4Assembler::readPointer):
-        (JSC::SH4Assembler::readInt32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::readPointer):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-        * heap/MarkStack.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::linkConstruct):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * jit/JITPropertyAccess32_64.cpp:
-        * jit/JITWriteBarrier.h: Added.
-        (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
-        (JSC::JITWriteBarrierBase::operator!):
-        (JSC::JITWriteBarrierBase::setFlagOnBarrier):
-        (JSC::JITWriteBarrierBase::isFlagged):
-        (JSC::JITWriteBarrierBase::setLocation):
-        (JSC::JITWriteBarrierBase::location):
-        (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
-        (JSC::JITWriteBarrierBase::set):
-        (JSC::JITWriteBarrierBase::get):
-        (JSC::JITWriteBarrier::JITWriteBarrier):
-        (JSC::JITWriteBarrier::set):
-        (JSC::JITWriteBarrier::get):
-        (JSC::MarkStack::append):
-
-2011-06-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=61585
-        Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
-
-        This is due to use of int instead of unsigned, bad math around
-        the 2^31 boundary.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-            - Change some uses of int to unsigned, refactor compare logic to
-              restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generate):
-        (JSC::Yarr::YarrGenerator::backtrack):
-            - Ditto.
-
-2011-06-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=63218
-        DFG JIT - remove machine type guarantees from graph
-
-        The DFG JIT currently makes assumptions about the types of machine registers
-        that certain nodes will be loaded into. This will be broken as we generate
-        nodes to produce both integer and double code paths. Remove int<->double
-        conversions nodes. This design decision also gave rise to multiple types of
-        constant nodes, requiring separate handling for each type. Merge these back
-        into JSConstant.
-
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getToInt32):
-        (JSC::DFG::ByteCodeParser::getToNumber):
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (JSC::DFG::ByteCodeParser::toNumber):
-        (JSC::DFG::ByteCodeParser::isInt32Constant):
-        (JSC::DFG::ByteCodeParser::isDoubleConstant):
-        (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
-        (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
-        (JSC::DFG::ByteCodeParser::one):
-        (JSC::DFG::ByteCodeParser::predictInt32):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::JITCodeGenerator::isJSConstant):
-        (JSC::DFG::JITCodeGenerator::isDoubleConstant):
-        (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::fillInt32ToInteger):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::isJSConstant):
-        (JSC::DFG::JITCompiler::isInt32Constant):
-        (JSC::DFG::JITCompiler::isDoubleConstant):
-        (JSC::DFG::JITCompiler::valueOfJSConstant):
-        (JSC::DFG::JITCompiler::valueOfInt32Constant):
-        (JSC::DFG::JITCompiler::valueOfDoubleConstant):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::isConstant):
-        (JSC::DFG::Node::notTakenBytecodeOffset):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
-        (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-06-23  Jungshik Shin  <jshin@chromium.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
-        build files for ports not using ICU.
-        Add icu/unicode/uscript.h for ports using ICU. It's taken from 
-        ICU 3.6 (the version used on Mac OS 10.5)
-
-        http://bugs.webkit.org/show_bug.cgi?id=20797
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * icu/unicode/uscript.h: Added for UScriptCode enum.
-        * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
-        * wtf/unicode/icu/UnicodeIcu.h:
-        * wtf/unicode/brew/UnicodeBrew.h:
-        * wtf/unicode/glib/UnicodeGLib.h:
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        * wtf/unicode/wince/UnicodeWinCE.h:
-
-2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        Reviewed by Andreas Kling.
-
-        [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
-        https://bugs.webkit.org/show_bug.cgi?id=63228
-
-        * wtf/Platform.h: Add PLATFORM(EFL) guard.
-
-2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r89547.
-        http://trac.webkit.org/changeset/89547
-        https://bugs.webkit.org/show_bug.cgi?id=63252
-
-        "Chrmium crash on start" (Requested by yurys on #webkit).
-
-        * wtf/DynamicAnnotations.cpp:
-        (WTFAnnotateBenignRaceSized):
-        (WTFAnnotateHappensBefore):
-        (WTFAnnotateHappensAfter):
-        * wtf/DynamicAnnotations.h:
-
-2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
-
-        Reviewed by David Levin.
-
-        Make dynamic annotations weak symbols and prevent identical code folding by the linker
-        https://bugs.webkit.org/show_bug.cgi?id=62443
-
-        * wtf/DynamicAnnotations.cpp:
-        (WTFAnnotateBenignRaceSized):
-        (WTFAnnotateHappensBefore):
-        (WTFAnnotateHappensAfter):
-        * wtf/DynamicAnnotations.h:
-
-2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Add a build flag for building with libxml2 and libxslt.
-        https://bugs.webkit.org/show_bug.cgi?id=63113
-
-        * wtf/Platform.h:
-
-2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r89489.
-        http://trac.webkit.org/changeset/89489
-        https://bugs.webkit.org/show_bug.cgi?id=63203
-
-        Broke chromium mac build on build.webkit.org (Requested by
-        abarth on #webkit).
-
-        * wtf/Platform.h:
-
-2011-06-22  Cary Clark  <caryclark@google.com>
-
-        Reviewed by Darin Fisher.
-
-        Use Skia if Skia on Mac Chrome is enabled
-        https://bugs.webkit.org/show_bug.cgi?id=62999
-
-        * wtf/Platform.h:
-        Add switch to use Skia if, externally,
-        Skia has been enabled by a gyp define.
-
-2011-06-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
-
-2011-06-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed the conceit that global variables are local variables when running global code
-        https://bugs.webkit.org/show_bug.cgi?id=63106
-        
-        This is required for write barrier correctness.
-        
-        SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
-        I was able to reduce the regression with a tiny peephole optimization in
-        the bytecompiler, but not eliminate it. I'm committing this assuming
-        that turning on generational GC will win back at least 0.5%.
-
-        (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
-        the global object's var storage. I considered doing the same kind of
-        optimization in the existing JIT, but it seemed like moving in the wrong
-        direction.)
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
-        negative indices, since they're no longer negatively offset from the
-        current stack frame.
-        
-        Do give global variables monotonically increasing positive indices, since
-        that's much easier to work with.
-        
-        Don't limit the number of optimizable global variables, since it's no
-        longer limited by the register file, since they're no longer stored in
-        the register file.
-
-        (JSC::BytecodeGenerator::registerFor): Global code never has any local
-        registers because a var in global code is actually a property of the
-        global object.
-
-        (JSC::BytecodeGenerator::constRegisterFor): Ditto.
-
-        (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
-        propagation and dead code elimination to speed up our compiles and
-        reduce WTFs / minute.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
-
-        (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
-        global code, since there are none.
-
-        (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
-        in global code (i.e., global vars), since there are some.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::execute):
-        * interpreter/Interpreter.h: Updated for deleted / renamed code.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::gatherConservativeRoots):
-        (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
-        data members.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::begin):
-        (JSC::RegisterFile::size):
-        (JSC::RegisterFile::RegisterFile):
-        (JSC::RegisterFile::shrink): Removed all code and comments dealing with
-        global variables stored in the register file.
-
-        (JSC::RegisterFile::grow): Updated for same.
-        
-        Also, a slight correctness fix: Test the VM commit end, and not just the
-        in-use end, when checking for stack overflow. In theory, it's invalid to
-        commit past the end of your allocation, even if you never touch that
-        memory. This makes the usable size of the stack slightly smaller. No test
-        because we don't know of any case in practice where this crashes.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::resizeRegisters):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
-        increasing indexes, always located in our external storage.
-
-2011-06-21  MORITA Hajime  <morrita@google.com>
-
-        Unreviewed, rolling out r89401 and r89403.
-        http://trac.webkit.org/changeset/89401
-        http://trac.webkit.org/changeset/89403
-        https://bugs.webkit.org/show_bug.cgi?id=62970
-
-        Breaks mac build and mistakenly enables the spellcheck API
-
-        * Configurations/FeatureDefines.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-21  Kent Tamura  <tkent@chromium.org>
-
-        [Mac] Sort Xcode project files.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-20  MORITA Hajime  <morrita@google.com>
-
-        Reviewed by Kent Tamura.
-
-        Spellcheck API should be build-able.
-        https://bugs.webkit.org/show_bug.cgi?id=62970
-
-        No new tests, changing only build related files
-        
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-06-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Moved 'const' off the global-variable-as-local-variable crack pipe
-        https://bugs.webkit.org/show_bug.cgi?id=63105
-        
-        This is necessary for moving the rest of the code off of same.
-        
-        Many problems remain in our handling of const. I have fixed none of them.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
-        const to directly implement its unique scoping rules.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
-        for writing, so we don't overwrite const variables.
-
-        (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
-        variables are available as local variables, since this won't be the case
-        once global variables are not available as local variables. Instead, use
-        put_scoped_var in the case where there is no local variable. Like a local
-        variable, put_scoped_var succeeds even though const properties are
-        read-only, since put_scoped_var skips read-only checks. (Yay?)
-
-2011-06-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
-        https://bugs.webkit.org/show_bug.cgi?id=63052
-
-        Release mode only failure, the stack overflow guards were getting there error
-        handling inlined, so that they were essentially causing their own demise.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::updateErrorMessage):
-        (JSC::JSParser::updateErrorWithNameAndMessage):
-
-2011-06-20  Kenneth Russell  <kbr@google.com>
-
-        Unreviewed.
-
-        Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
-        https://bugs.webkit.org/show_bug.cgi?id=63022
-
-        * wtf/Platform.h:
-
-2011-06-18  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
-        https://bugs.webkit.org/show_bug.cgi?id=62940
-
-        Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
-
-        * wtf/PassOwnArrayPtr.h:
-        (WTF::PassOwnArrayPtr::operator=):
-        * wtf/PassOwnPtr.h:
-        (WTF::PassOwnPtr::operator=):
-        * wtf/PassRefPtr.h:
-        (WTF::PassRefPtr::operator=):
-        (WTF::NonNullPassRefPtr::operator=):
-
-2011-06-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION (r79060): Searching for a flight at united.com fails
-        https://bugs.webkit.org/show_bug.cgi?id=63003
-
-        This original change also broke Twitter, and we attempted to refine the fix to 
-        address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
-        we need to revert the change until we understand the problem better.
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-
-2011-06-20  Juan C. Montemayor  <jmont@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        No context for javascript parse errors.
-        https://bugs.webkit.org/show_bug.cgi?id=62613
-        
-        Parse errors now show more details like:
-        "Unexpected token: ]"
-        or
-        "Expected token: while"
-        
-        For reserved names, numbers, indentifiers, strings, lexer errors, 
-        and EOFs, the following error messages are printed:
-        
-        "Use of reserved word: super"
-        "Unexpected number: 42"
-        "Unexpected identifier: "
-        "Unexpected string: "foobar""
-        "Invalid token character sequence: \u4023"
-        "Unexpected EOF"
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::consume):
-        (JSC::JSParser::getToken):
-        (JSC::JSParser::getTokenName):
-        (JSC::JSParser::updateErrorMessageSpecialCase):
-        (JSC::JSParser::updateErrorMessage):
-        (JSC::JSParser::updateErrorWithNameAndMessage):
-        (JSC::jsParse):
-        (JSC::JSParser::JSParser):
-        (JSC::JSParser::parseProgram):
-        (JSC::JSParser::parseVarDeclarationList):
-        (JSC::JSParser::parseForStatement):
-        (JSC::JSParser::parseBreakStatement):
-        (JSC::JSParser::parseContinueStatement):
-        (JSC::JSParser::parseWithStatement):
-        (JSC::JSParser::parseTryStatement):
-        (JSC::JSParser::parseStatement):
-        (JSC::JSParser::parseFormalParameters):
-        (JSC::JSParser::parseFunctionInfo):
-        (JSC::JSParser::parseAssignmentExpression):
-        (JSC::JSParser::parsePrimaryExpression):
-        (JSC::JSParser::parseMemberExpression):
-        (JSC::JSParser::parseUnaryExpression):
-        * parser/JSParser.h:
-        * parser/Lexer.cpp:
-        (JSC::Lexer::lex):
-        * parser/Parser.cpp:
-        (JSC::Parser::parse):
-
-2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Rob Buis.
-
-        Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
-        https://bugs.webkit.org/show_bug.cgi?id=59085
-
-        * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
-
-2011-06-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Correct logic for putting errors on the correct line when handling JSONP
-        https://bugs.webkit.org/show_bug.cgi?id=62962
-
-        Minor fix for the minor fix.  *sigh*
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2011-06-19  Oliver Hunt  <oliver@apple.com>
-
-        Minor fix to correct layout test results.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2011-06-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JSONP is unnecessarily slow
-        https://bugs.webkit.org/show_bug.cgi?id=62920
-
-        JSONP has unfortunately become a fairly common idiom online, yet
-        it triggers very poor performance in JSC as we end up doing codegen
-        for a large number of property accesses that will
-           * only be run once, so the vast amount of logic we dump to handle
-             caching of accesses is unnecessary.
-           * We are doing codegen that is directly proportional to just
-             creating the object in the first place.
-
-        This patch extends the use of the literal parser to JSONP-like structures
-        in global code, handling a number of different forms I have seen online.
-        In an extreme case this improves performance of JSONP by more than 2x
-        due to removal of code generation and execution time, and a few optimisations
-        that I made to the parser itself.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeFromJSONString):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::execute):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::isKeyword):
-        * parser/Lexer.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::tryJSONPParse):
-        (JSC::LiteralParser::makeIdentifier):
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::next):
-        (JSC::isSafeStringCharacter):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::tryLiteralParse):
-        (JSC::LiteralParser::Lexer::Lexer):
-
-2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r89184.
-        http://trac.webkit.org/changeset/89184
-        https://bugs.webkit.org/show_bug.cgi?id=62927
-
-        It broke 22 tests on all bot (Requested by Ossy_weekend on
-        #webkit).
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeFromJSONString):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::execute):
-        * parser/Lexer.cpp:
-        * parser/Lexer.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::isSafeStringCharacter):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::tryLiteralParse):
-        (JSC::LiteralParser::Lexer::Lexer):
-        (JSC::LiteralParser::Lexer::next):
-
-2011-06-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JSONP is unnecessarily slow
-        https://bugs.webkit.org/show_bug.cgi?id=62920
-
-        JSONP has unfortunately become a fairly common idiom online, yet
-        it triggers very poor performance in JSC as we end up doing codegen
-        for a large number of property accesses that will
-           * only be run once, so the vast amount of logic we dump to handle
-             caching of accesses is unnecessary.
-           * We are doing codegen that is directly proportional to just
-             creating the object in the first place.
-
-        This patch extends the use of the literal parser to JSONP-like structures
-        in global code, handling a number of different forms I have seen online.
-        In an extreme case this improves performance of JSONP by more than 2x
-        due to removal of code generation and execution time, and a few optimisations
-        that I made to the parser itself.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeFromJSONString):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::execute):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::isKeyword):
-        * parser/Lexer.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::tryJSONPParse):
-        (JSC::LiteralParser::makeIdentifier):
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::next):
-        (JSC::isSafeStringCharacter):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::tryLiteralParse):
-        (JSC::LiteralParser::Lexer::Lexer):
-
-2011-06-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Moved some property access JIT code into property access JIT files
-        https://bugs.webkit.org/show_bug.cgi?id=62906
-
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-
-2011-06-17  Anders Carlsson  <andersca@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Leopard build?
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Added some write barrier action, compiled out by default
-        https://bugs.webkit.org/show_bug.cgi?id=62844
-
-        * JavaScriptCore.exp: Build!
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
-        issue with Heap.cpp.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::writeBarrierSlowCase):
-        * heap/Heap.h:
-        (JSC::Heap::writeBarrier):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isAtomAligned):
-        (JSC::MarkedBlock::blockFor):
-        (JSC::MarkedBlock::atomNumber):
-        (JSC::MarkedBlock::ownerSetNumber):
-        (JSC::MarkedBlock::addOldSpaceOwner):
-        (JSC::MarkedBlock::OwnerSet::OwnerSet):
-        (JSC::MarkedBlock::OwnerSet::add):
-        (JSC::MarkedBlock::OwnerSet::clear):
-        (JSC::MarkedBlock::OwnerSet::size):
-        (JSC::MarkedBlock::OwnerSet::didOverflow):
-        (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
-        tracks owners for regions within blocks. Currently unused.
-
-2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
-
-        Reviewed by Eric Seidel.
-
-        [EFL] Add some OwnPtr specializations for EFL types.
-        For now there are specializations for Ecore_Evas and Evas_Object.
-        https://bugs.webkit.org/show_bug.cgi?id=62877
-
-        * wtf/CMakeListsEfl.txt:
-        * wtf/OwnPtrCommon.h:
-        * wtf/efl/OwnPtrEfl.cpp: Added.
-        (WTF::deleteOwnedPtr):
-
-2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
-
-        Reviewed by Martin Robinson.
-
-        [GTK] Replace GdkRectangle by cairo_rectangle_int_t
-        https://bugs.webkit.org/show_bug.cgi?id=60687
-
-        Replace GdkRectangle by cairo_rectangle_int_t.
-
-        * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
-
-2011-06-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=53014
-        ES5 strict mode keyword restrictions aren't implemented
-
-        The following are future restricted words is strict mode code:
-            implements, interface, let, package, private, protected, public, static, yield
-
-        * parser/JSParser.h:
-            - Add RESERVED_IF_STRICT token.
-        * parser/Keywords.table:
-            - Add new future restricted words.
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-            - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
-        (JSC::Lexer::lex):
-            - Pass strictMode flag to parseIdentifier.
-        * parser/Lexer.h:
-            - parseIdentifier needs a strictMode flag.
-        * runtime/CommonIdentifiers.h:
-            - Add identifiers for new reserved words.
-
-2011-06-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=23611
-        Multiline Javascript comments cause incorrect parsing of following script.
-
-        From the spec:
-        "A MultiLineComment [is] simply discarded if it contains no line terminator,
-        but if a MultiLineComment contains one or more line terminators, then it is
-        replaced with a single line terminator, which becomes part of the stream of
-        inputs for the syntactic grammar." 
-
-        This may result in behavioural changes, due to automatic semicolon insertion.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseMultilineComment):
-            - Set m_terminator is we see a line terminator in a multiline comment.
-
-2011-06-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=62824
-        DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
-
-        CompareEq of non-integer values is the most common cause of speculation failure.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-            - Support Equals.
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
-            - new! - peephole optimized Eq of JSValues.
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Add peephole optimization for CompareEq.
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-            - Add support for dead nodes between compare & branch.
-        (JSC::DFG::SpeculativeJIT::isInteger):
-            - Added to determine which form of peephole to do in CompareEq.
-
-2011-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
-        symbol.
-
-        * bytecode/EvalCodeCache.h:
-        * heap/HandleHeap.h:
-        * heap/HeapRootVisitor.h:
-        * heap/NewSpace.h:
-        * runtime/ArgList.h:
-        * runtime/ScopeChain.h:
-        * runtime/SmallStrings.h:
-        * runtime/Structure.h: Stop forward-declaring things that don't really
-        exist anymore.
-
-2011-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
-        project while crossing my fingers and facing west.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Removed an incorrect symbol on Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Removed an accidental commit from the future.
-
-        * CMakeLists.txt:
-
-2011-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Introduced SlotVisitor into the project
-        https://bugs.webkit.org/show_bug.cgi?id=62820
-        
-        This resolves a class vs typedef forward declaration issue, and gives all
-        exported symbols the correct names.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Build!
-
-        * bytecode/EvalCodeCache.h:
-        * heap/HandleHeap.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
-        clients operate on a MarkStack.
-
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::visitChildren):
-        (JSC::SlotVisitor::drain):
-        * heap/SlotVisitor.h: Added.
-        (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
-        inheritance to give SlotVisitor all the attributes of MarkStack without
-        making this change giant. Over time, we will move more behavior into
-        SlotVisitor and its subclasses.
-
-        * heap/MarkStack.h:
-        * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
-        clients operate on a MarkStack.
-
-        * runtime/ArgList.h:
-        * runtime/JSCell.h:
-        * runtime/JSObject.h:
-        * runtime/ScopeChain.h:
-        * runtime/SmallStrings.h:
-        * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
-        clients operate on a MarkStack.
-
-2011-06-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Reduce memory usage of resolve_global
-        https://bugs.webkit.org/show_bug.cgi?id=62765
-
-        If we have a large number of resolve_globals in a single
-        block start planting plain resolve instructions instead 
-        whenever we aren't in a loop.  This allows us to reduce
-        the code size for extremely large functions without
-        losing the performance benefits of op_resolve_global.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalResolveInfoCount):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        * bytecompiler/BytecodeGenerator.h:
-
-2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Fix building with CONFIG(use_system_icu)
-        https://bugs.webkit.org/show_bug.cgi?id=62744
-
-        Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
-
-        * wtf/Platform.h:
-
-2011-06-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adam Barth.
-
-        Remove obsolete LOOSE_OWN_PTR code
-        https://bugs.webkit.org/show_bug.cgi?id=59909
-
-        The internal Apple dependency on this is gone now.
-
-        * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
-        set function that takes a raw pointer.
-
-        * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
-        set functino that takes a raw pointer.
-
-        * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
-        and assignment operator that takes a nullptr unconditional.
-        Made constructor that takes a raw pointer private and explicit,
-        and removed assignment operator that takes a raw pointer.
-
-        * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
-        unconditional. Made constructor that takes a raw pointer private
-        and explicit, and removed assignment operator that takes a raw pointer.
-
-2011-06-15  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen and Gavin Barraclough.
-
-        Make access-nseive ~9x faster on the non-speculative path by
-        adding special casing for doubles that can lossless-ly be converted
-        to a uint32_t in getByVal and putByVal. This avoids calls to stringification
-        and the hash lookup.  Long term, we should try and get property of a getByVal
-        and putByVal to be an integer immediate even in the non-speculative path.
-
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        (JSC::DFG::operationPutByValInternal):
-
-2011-06-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION (r88719): 5by5.tv schedule is not visible
-        https://bugs.webkit.org/show_bug.cgi?id=62720
-
-        Problem here is that the lexer wasn't considering '$' to be
-        a valid character in an identifier.
-
-        * parser/Lexer.h:
-        (JSC::Lexer::lexExpectIdentifier):
-
-2011-06-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Reduce the size of global_resolve
-        https://bugs.webkit.org/show_bug.cgi?id=62738
-
-        Reduce the code size of global_resolve in the JIT by replacing
-        multiple pointer loads with a single pointer move + two offset
-        loads.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-
-2011-06-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Fixed an inavlid ASSERT I found while investigating
-        <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
-        https://bugs.webkit.org/show_bug.cgi?id=62699        
-
-        No test since we don't know of a way to get WebCore to deallocate the
-        next-to-finalize handle, which is also the last handle in the list,
-        while finalizing the second-to-last handle in the list.
-
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
-        non-0 next() after updating it, since it is valid to update m_nextToFinalize
-        to point to the tail sentinel.
-        
-        Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
-        since it is not valid to update m_nextToFinalize to point past the tail
-        sentinel.
-        
-        Also, use m_nextToFinalize consistently for clarity.
-
-2011-06-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=43841
-        SegmentedVector::operator== typo
-
-        * wtf/SegmentedVector.h:
-        (WTF::SegmentedVectorIterator::operator==):
-        (WTF::SegmentedVectorIterator::operator!=):
-
-2011-06-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Constant array literals result in unnecessarily large amounts of code
-        https://bugs.webkit.org/show_bug.cgi?id=62658
-
-        Add a new version of op_new_array that simply copies values from a buffer
-        we hang off of the CodeBlock, rather than generating code to place each
-        entry into the registerfile, and then copying it from the registerfile into
-        the array.  This is a slight improvement on some sunspider tests, but no
-        measurable overall change.  That's okay though as our goal was to reduce
-        code size without hurting performance.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addImmediateBuffer):
-        (JSC::CodeBlock::immediateBuffer):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addImmediateBuffer):
-        (JSC::BytecodeGenerator::emitNewArray):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emit_op_new_array_buffer):
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-
-2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r88841.
-        http://trac.webkit.org/changeset/88841
-        https://bugs.webkit.org/show_bug.cgi?id=62672
-
-        Caused many tests to crash (Requested by rniwa on #webkit).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitNewArray):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_new_array):
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-
-2011-06-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Constant array literals result in unnecessarily large amounts of code
-        https://bugs.webkit.org/show_bug.cgi?id=62658
-
-        Add a new version of op_new_array that simply copies values from a buffer
-        we hang off of the CodeBlock, rather than generating code to place each
-        entry into the registerfile, and then copying it from the registerfile into
-        the array.  This is a slight improvement on some sunspider tests, but no
-        measurable overall change.  That's okay though as our goal was to reduce
-        code size without hurting performance.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addImmediateBuffer):
-        (JSC::CodeBlock::immediateBuffer):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addImmediateBuffer):
-        (JSC::BytecodeGenerator::emitNewArray):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emit_op_new_array_buffer):
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-
-2011-06-14  Stephanie Lewis  <slewis@apple.com>
-
-        Rubber stamped by Oliver Hunt.
-
-        <rdar://problem/9511169>
-        Update order files.
-
-        * JavaScriptCore.order:
-
-2011-06-14  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix dumping of constants to have the correct constant number.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-
-2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        KeywordLookupGenerator's Trie does not work with Python 3
-        https://bugs.webkit.org/show_bug.cgi?id=62635
-
-        With Python 3, dict.items() return an iterator. Since the iterator
-        protocol changed between Python 2 and 3, the easiest way to get the
-        values is to have something that use the iterator implicitely, like a
-        for() loop.
-
-        * KeywordLookupGenerator.py:
-
-2011-06-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix llocp and lvalp names in the lexer to something more meaningful
-        https://bugs.webkit.org/show_bug.cgi?id=62605
-
-        A simple rename
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-        (JSC::Lexer::lexExpectIdentifier):
-
-2011-06-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make it possible to inline the common case of identifier lexing
-        https://bugs.webkit.org/show_bug.cgi?id=62600
-
-        Add a lexing function that expects to lex an "normal" alpha numeric
-        identifier (that ignores keywords) so it's possible to inline the
-        common parsing cases.  This comes out as a reasonable parsing speed
-        boost.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::nextExpectIdentifier):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseMemberExpression):
-        * parser/Lexer.cpp:
-        * parser/Lexer.h:
-        (JSC::Lexer::makeIdentifier):
-        (JSC::Lexer::lexExpectIdentifier):
-
-2011-06-13  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Distcheck fixes.
-
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-
-2011-06-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Make it possible to inline Identifier::equal
-        https://bugs.webkit.org/show_bug.cgi?id=62584
-
-        Move Identifier::equal to the Identifier header file.
-
-        * runtime/Identifier.cpp:
-        * runtime/Identifier.h:
-        (JSC::Identifier::equal):
-
-2011-06-13  Tony Chang  <tony@chromium.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
-        https://bugs.webkit.org/show_bug.cgi?id=62578
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-06-13  Tony Chang  <tony@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
-        https://bugs.webkit.org/show_bug.cgi?id=62545
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-06-12  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r88604.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-
-2011-06-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=16777
-
-        Remove #define NaN per Darin's comments.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseIntOverflow):
-        (JSC::parseInt):
-        (JSC::jsStrDecimalLiteral):
-        (JSC::jsToNumber):
-        (JSC::parseFloat):
-        * wtf/DateMath.cpp:
-        (WTF::equivalentYearForDST):
-        (WTF::parseES5DateFromNullTerminatedCharacters):
-        (WTF::parseDateFromNullTerminatedCharacters):
-        (WTF::timeClip):
-        (JSC::parseDateFromNullTerminatedCharacters):
-
-2011-06-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=62503
-        Remove JIT_OPTIMIZE_* switches
-
-        The alternative code paths are untested, and not well maintained.
-        These were useful when there was more churn in the JIT, but now
-        are a maintenance overhead. Time to move on, removing.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkConstruct):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        * jit/JITCall32_64.cpp:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::softModulo):
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        * wtf/Platform.h:
-
-2011-06-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=16777
-        Eliminate JSC::NaN and JSC::Inf
-
-        There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
-        The ones in std::numeric_limits are perfectly good.
-        Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::toNumber):
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber):
-        (JSValueToNumber):
-        * JavaScriptCore.exp:
-        * runtime/CachedTranscendentalFunction.h:
-        (JSC::CachedTranscendentalFunction::initialize):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        * runtime/DateInstanceCache.h:
-        (JSC::DateInstanceData::DateInstanceData):
-        (JSC::DateInstanceCache::reset):
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::getPrimitiveNumber):
-        (JSC::JSCell::JSValue::toNumber):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::resetDateCache):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-        (JSC::globalFuncIsFinite):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toNumber):
-        * runtime/JSValue.cpp:
-        * runtime/JSValue.h:
-        * runtime/JSValueInlineMethods.h:
-        (JSC::jsNaN):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        * runtime/NumberConstructor.cpp:
-        (JSC::numberConstructorNegInfinity):
-        (JSC::numberConstructorPosInfinity):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        (JSC::numberProtoFuncToString):
-        * runtime/UString.cpp:
-        * wtf/DecimalNumber.h:
-        (WTF::DecimalNumber::DecimalNumber):
-        * wtf/dtoa.cpp:
-        (WTF::dtoa):
-
-2011-06-10  Tony Chang  <tony@chromium.org>
-
-        Reviewed by Ojan Vafai.
-
-        add a compile guard ENABLE(FLEXBOX)
-        https://bugs.webkit.org/show_bug.cgi?id=62049
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-06-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=55347
-        "name" and "message" enumerable on *Error.prototype
-
-        This arises from chapter 15 of the spec:
-            "Every other property described in this clause has the attributes
-            { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
-            unless otherwise specified."
-        Standardized properties are not enumerable.
-
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-
-2011-06-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Corrected header spelling.
-
-        * heap/OldSpace.h:
-
-2011-06-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Added OldSpace to the project
-        https://bugs.webkit.org/show_bug.cgi?id=62417
-        
-        Currently unused.
-        
-        Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
-        per-block flag for testing whether you're in NewSpace vs OldSpace.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Build!
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::inNewSpace):
-        (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
-        write barrier.
-
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::addBlock):
-        (JSC::NewSpace::removeBlock):
-        * heap/NewSpace.h:
-        (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
-        NewSpace-specific operations.
-
-        * heap/OldSpace.cpp: Added.
-        (JSC::OldSpace::OldSpace):
-        (JSC::OldSpace::addBlock):
-        (JSC::OldSpace::removeBlock):
-        * heap/OldSpace.h: Added.
-        (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
-        Not in use yet.
-
-2011-06-09  Hyowon Kim  <hw1008.kim@samsung.com>
-
-        Reviewed by Antonio Gomes.
-
-        [EFL] Make accelerated compositing build in Webkit-EFL
-        https://bugs.webkit.org/show_bug.cgi?id=62361
-
-        Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
-
-        * wtf/Platform.h:
-
-2011-06-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 62405 - Fix integer overflow in Array.prototype.push
-
-        Fix geoff's review comments re static_cast.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPush):
-
-2011-06-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Factored MarkedBlock set management into a helper class with a fast case Bloom filter
-        https://bugs.webkit.org/show_bug.cgi?id=62413
-        
-        SunSpider reports a small speedup.
-        
-        This is in preparation for having ConservativeSet operate on arbitrary
-        sets of MarkedBlocks, and in preparation for conservative scanning
-        becoming proportionally more important than other GC activities.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
-
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::add):
-        * heap/ConservativeRoots.h:
-        (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
-        directly, instead of a Heap, so we can operate on subsets of the Heap
-        instead.
-        
-        Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
-        is particularly important since we expect not to find our subject pointer
-        in the MarkedBlock hash, and hash misses are more expensive than typical
-        hash lookups because they have high collision rates.
-        
-        No need for single-pointer add() to be public anymore, since nobody uses it.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        (JSC::Heap::forEachCell):
-        (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
-        ConservativeRoots relies on.
-        
-        Nixed contains(), since nobody uses it anymore.
-
-        * heap/MarkedBlock.h:
-        (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
-        the VM layout properties of MarkedBlocks.
-
-        * heap/MarkedBlockSet.h: Added.
-        (JSC::MarkedBlockSet::add):
-        (JSC::MarkedBlockSet::remove):
-        (JSC::MarkedBlockSet::recomputeFilter):
-        (JSC::MarkedBlockSet::filter):
-        (JSC::MarkedBlockSet::set):
-        * heap/TinyBloomFilter.h: Added.
-        (JSC::TinyBloomFilter::TinyBloomFilter):
-        (JSC::TinyBloomFilter::add):
-        (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
-        exclude values by tag -- the tiny bloom filter is already a register-register
-        compare, so adding another "rule out" factor just slows things down.
-
-2011-06-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 62405 - Fix integer overflow in Array.prototype.push
-
-        There are three integer overflows here, leading to safe (not a security risk)
-        but incorrect (non-spec-compliant) behaviour.
-
-        Two overflows occur when calculating the new length after pushing (one in the
-        fast version of push in JSArray, one in the generic version in ArrayPrototype).
-        The other occurs calculating indices to write to when multiple items are pushed.
-
-        These errors result in three test-262 failures.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncPush):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::put):
-        (JSC::JSArray::push):
-
-2011-06-09  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Add Vector::reverse()
-        https://bugs.webkit.org/show_bug.cgi?id=62393
-
-        * wtf/Vector.h:
-        (WTF::Vector::reverse): Added
-
-2011-06-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Factored a bunch of Heap functionality into stand-alone functors
-        https://bugs.webkit.org/show_bug.cgi?id=62337
-        
-        This is in preparation for making these functors operate on arbitrary
-        sets of MarkedBlocks.
-
-        * JavaScriptCore.exp: This file is a small tragedy.
-
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
-
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
-        strong handles, so we can play along in the functor game.
-
-        * heap/Heap.cpp:
-        (JSC::CountFunctor::CountFunctor::CountFunctor):
-        (JSC::CountFunctor::CountFunctor::count):
-        (JSC::CountFunctor::CountFunctor::returnValue):
-        (JSC::CountFunctor::ClearMarks::operator()):
-        (JSC::CountFunctor::ResetAllocator::operator()):
-        (JSC::CountFunctor::Sweep::operator()):
-        (JSC::CountFunctor::MarkCount::operator()):
-        (JSC::CountFunctor::Size::operator()):
-        (JSC::CountFunctor::Capacity::operator()):
-        (JSC::CountFunctor::Count::operator()):
-        (JSC::CountFunctor::CountIfGlobalObject::operator()):
-        (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
-        (JSC::CountFunctor::TakeIfEmpty::operator()):
-        (JSC::CountFunctor::TakeIfEmpty::returnValue):
-        (JSC::CountFunctor::RecordType::RecordType):
-        (JSC::CountFunctor::RecordType::typeName):
-        (JSC::CountFunctor::RecordType::operator()):
-        (JSC::CountFunctor::RecordType::returnValue): These functors factor out
-        behavior that used to be in the functions below.
-
-        (JSC::Heap::clearMarks):
-        (JSC::Heap::sweep):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::size):
-        (JSC::Heap::capacity):
-        (JSC::Heap::protectedGlobalObjectCount):
-        (JSC::Heap::protectedObjectCount):
-        (JSC::Heap::protectedObjectTypeCounts):
-        (JSC::Heap::objectTypeCounts):
-        (JSC::Heap::resetAllocator):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::shrink): Factored out behavior into the functors above.
-
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell):
-        (JSC::Heap::forEachCell):
-        (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
-        functor-based templates instead of plain iterators because they're simpler
-        to implement in this case and they require a lot less code at the call site.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
-        trivial functors.
-
-        (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
-        we have a few different kind of "for each" now.
-
-        * runtime/JSGlobalData.cpp:
-        (WTF::Recompile::operator()):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
-
-        * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
-
-2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
-
-        Reviewed by Pavel Feldman.
-
-        Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
-        https://bugs.webkit.org/show_bug.cgi?id=52791
-
-        No new tests. The problem can be reproduced by trying to create InspectorValue
-        from 1.0e-100 and call ->toJSONString() on this.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        export 2 functions DecimalNumber::bufferLengthForStringExponential and
-        DecimalNumber::toStringExponential.
-
-2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r88404.
-        http://trac.webkit.org/changeset/88404
-        https://bugs.webkit.org/show_bug.cgi?id=62342
-
-        broke win and mac build (Requested by tony^work on #webkit).
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-08  Evan Martin  <evan@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        [chromium] use gyp 'settings' type for settings target
-        https://bugs.webkit.org/show_bug.cgi?id=62323
-
-        The 'settings' gyp target type is for targets that exist solely
-        for their settings (no build rules).  The comment above this target
-        says it's for this, but it incorrectly uses 'none'.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-08  Sailesh Agrawal  <sail@chromium.org>
-
-        Reviewed by Mihai Parparita.
-
-        Chromium Mac: Enable overlay scrollbars
-        https://bugs.webkit.org/show_bug.cgi?id=59756
-
-        Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
-
-        * wtf/Platform.h:
-
-2011-06-08  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Add faster lookup cache for multi character identifiers
-        https://bugs.webkit.org/show_bug.cgi?id=62327
-
-        Add a non-hash lookup for mutiple character identifiers.  This saves us from
-        adding repeated identifiers to the ParserArena's identifier list as people
-        tend to not start all their variables and properties with the same character
-        and happily identifier locality works in our favour.
-
-        * parser/ParserArena.h:
-        (JSC::IdentifierArena::isEmpty):
-        (JSC::IdentifierArena::clear):
-        (JSC::IdentifierArena::makeIdentifier):
-
-2011-06-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Took some responsibilities away from NewSpace
-        https://bugs.webkit.org/show_bug.cgi?id=62325
-        
-        NewSpace is basically just an allocator now.
-        
-        Heap acts as a controller, responsible for managing the set of all
-        MarkedBlocks.
-        
-        This is in preparation for moving parts of the controller logic into
-        separate helper classes that can act on arbitrary sets of MarkedBlocks
-        that may or may not be in NewSpace.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::allocate):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::clearMarks):
-        (JSC::Heap::sweep):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::size):
-        (JSC::Heap::capacity):
-        (JSC::Heap::collect):
-        (JSC::Heap::resetAllocator):
-        (JSC::Heap::allocateBlock):
-        (JSC::Heap::freeBlocks):
-        (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
-        along with all functions that operate on the set of MarkedBlocks. Also
-        moved responsibility for deciding whether to allocate a new MarkedBlock,
-        and for allocating it.
-
-        * heap/Heap.h:
-        (JSC::Heap::contains):
-        (JSC::Heap::forEach): Ditto.
-
-        * heap/NewSpace.cpp:
-        (JSC::NewSpace::addBlock):
-        (JSC::NewSpace::removeBlock):
-        (JSC::NewSpace::resetAllocator):
-        * heap/NewSpace.h:
-        (JSC::NewSpace::waterMark):
-        (JSC::NewSpace::allocate): Ditto.
-
-2011-06-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Some more MarkedSpace => NewSpace renaming
-        https://bugs.webkit.org/show_bug.cgi?id=62305
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::destroy):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::allocate):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::objectCount):
-        (JSC::Heap::size):
-        (JSC::Heap::capacity):
-        (JSC::Heap::collect):
-        (JSC::Heap::isValidAllocation):
-        * heap/Heap.h:
-        (JSC::Heap::markedSpace):
-        (JSC::Heap::contains):
-        (JSC::Heap::forEach):
-        (JSC::Heap::allocate):
-        * runtime/JSCell.h:
-
-2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Eric Seidel.
-
-        Add export macros to profiler headers.
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * profiler/Profiler.h:
-
-2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Eric Seidel.
-
-        Add export symbols to parser headers.
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * parser/SourceProviderCache.h:
-
-2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Eric Seidel.
-
-        Add export symbols to interpreter headers.
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * interpreter/Interpreter.h:
-
-2011-06-08  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Eric Seidel.
-
-        Add export symbols to debugger headers.
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * debugger/Debugger.h:
-        * debugger/DebuggerCallFrame.h:
-
-2011-06-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
-        https://bugs.webkit.org/show_bug.cgi?id=62268
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Heap.h:
-        * heap/MarkedBlock.h:
-        * heap/MarkedSpace.cpp: Removed.
-        * heap/MarkedSpace.h: Removed.
-        * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
-        * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
-
-2011-06-08  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r88365.
-        http://trac.webkit.org/changeset/88365
-        https://bugs.webkit.org/show_bug.cgi?id=62301
-
-        windows bots broken (Requested by loislo_ on #webkit).
-
-        * JavaScriptCore.exp:
-
-2011-06-08  Ryan Sleevi  <rsleevi@chromium.org>
-
-        Reviewed by Tony Chang.
-
-        Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
-
-        Compiling Chromium port under GCC 4.6 produces warnings about nullptr
-        https://bugs.webkit.org/show_bug.cgi?id=62242
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-08  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
-
-        Reviewed by Andreas Kling.
-
-        Webkit on SPARC Solaris has wrong endian
-        https://bugs.webkit.org/show_bug.cgi?id=29407
-
-        Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
-        there are more ocurrences of the same code pattern in webkit.
-
-        This patch includes the check on these other parts of the code.
-
-        This is a speculative fix, I don't have a sparc machine to test and
-        don't know which kind of test would trigger a crash (but it's quite
-        obvious that it's the same code duplicated in different files).
-
-        * runtime/UString.h:
-        (JSC::UStringHash::equal):
-        * wtf/text/StringHash.h:
-        (WTF::StringHash::equal):
-
-2011-06-08  Yael Aharon  <yael.aharon@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Build fix for building QtWebKit inside of Qt.
-        https://bugs.webkit.org/show_bug.cgi?id=62280
-
-        Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
-        into QtWebKit.prl.
-
-        No new tests, as this is just a build fix.
-
-        * JavaScriptCore.pri:
-
-2011-06-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Split 'reset' into 'collect' and 'resetAllocator'
-        https://bugs.webkit.org/show_bug.cgi?id=62267
-
-        * heap/Heap.cpp:
-        (JSC::Heap::allocate):
-        (JSC::Heap::collectAllGarbage):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::resetAllocator):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::resetAllocator):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::SizeClass::resetAllocator):
-
-2011-06-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Renamed some more marks to visits
-        https://bugs.webkit.org/show_bug.cgi?id=62254
-
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::visitStrongHandles):
-        (JSC::HandleHeap::visitWeakHandles):
-        * heap/HandleHeap.h:
-        * heap/HandleStack.cpp:
-        (JSC::HandleStack::visit):
-        * heap/HandleStack.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * heap/HeapRootVisitor.h:
-        (JSC::HeapRootVisitor::visit):
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-
-2011-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig
-
-        https://bugs.webkit.org/show_bug.cgi?id=55537
-        Functions claim to have 'callee' which they actually don't (and shouldn't)
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertyNames):
-
-2011-06-07  Juan C. Montemayor  <jmont@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Make JSStaticFunction and JSStaticValue less "const"
-        https://bugs.webkit.org/show_bug.cgi?id=62222
-
-        * API/JSObjectRef.h:
-        * API/tests/testapi.c:
-        (checkConstnessInJSObjectNames):
-        (main):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=62240
-        DFG JIT - add support for for-loop array initialization.
-
-        Support put by val beyond vector length.
-        Add a operationPutByValBeyondArrayBounds operation, make
-        PutValVal call this if the vector length check fails.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
-        (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
-        (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
-        (JSC::DFG::JITCodeGenerator::isIntegerConstant):
-        (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationPutByValInternal):
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-
-2011-06-06  James Simonsen  <simonjam@chromium.org>
-
-        Reviewed by James Robinson.
-
-        Add monotonicallyIncreasingTime() to get monotonically increasing time
-        https://bugs.webkit.org/show_bug.cgi?id=37743
-
-        * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
-        (WTF::monotonicallyIncreasingTime):
-        * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
-
-2011-06-06  Alexandru Chiculita  <achicu@adobe.com>
-
-        Reviewed by Kent Tamura.
-
-        Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
-        https://bugs.webkit.org/show_bug.cgi?id=61628
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-06-06  Mihnea Ovidenie  <mihnea@adobe.com>
-
-        Reviewed by Kent Tamura.
-
-        Add ENABLE(CSS_REGIONS) guard for CSS Regions support
-        https://bugs.webkit.org/show_bug.cgi?id=61631
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-06-06  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix the GTK+ build.
-
-        * GNUmakefile.am: Add javascriptcore_cflags variable.
-
-2011-06-04  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
-        to build on Mac.
-
-        * wtf/Platform.h:
-
-2011-06-04  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Unreviewed, MIPS build fix.
-
-        WebKitGTK+ tarball fails to build on MIPS.
-        https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
-
-        * GNUmakefile.list.am: Add missing MIPS-related file to the list
-        of files that are added to the tarball on make dist, and fix
-        sorting.
-
-2011-06-04  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Fix formatting of the output generated by KeywordLookupGenerator.py
-        https://bugs.webkit.org/show_bug.cgi?id=62083
-
-        - Uses correct year for copyright.
-        - Puts ending brace on same line as "else if"
-        - Puts starting brace of function on its own line.
-        - Adds some tasteful whitespace.
-        - Adds comments to make clear that scopes are ending
-        - Make macros actually split on two lines.
-
-        * KeywordLookupGenerator.py:
-
-2011-06-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        KeywordLookupGenerator.py spams stdout in Chromium Linux build
-        https://bugs.webkit.org/show_bug.cgi?id=62087
-
-        This action does not appear to be needed.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Lexer needs to provide Identifier for reserved words
-        https://bugs.webkit.org/show_bug.cgi?id=62086
-
-        Alas it is necessary to provide an Identifier reference for keywords
-        so that we can do the right thing when they're used in object literals.
-        We now keep Identifiers for all reserved words in the CommonIdentifiers
-        structure so that we can access them without a hash lookup.
-
-        * KeywordLookupGenerator.py:
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-        * parser/Lexer.h:
-        * runtime/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        * runtime/CommonIdentifiers.h:
-
-2011-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add debug code to break on speculation failures.
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGNode.h:
-
-2011-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=62082
-        DFG JIT - bug passing arguments that need swap
-
-        This is really just a typo.
-        When setting up the arguments for a call out to a C operation, we'll
-        fail to swap arguments where this is necessary. For example, in the
-        case of 2 arg calls, where the first argument is in %rdx & the second
-        is in %rsi we should swap (exec will be passed in %rdi), but we don't.
-
-        This can also affect function calls passing three arguments.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
-            - Call swap with the correct arguments.
-
-2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Force inlining of some hot lexer functions
-        https://bugs.webkit.org/show_bug.cgi?id=62079
-
-        Fix more GCC stupidity
-
-        * parser/Lexer.h:
-        (JSC::Lexer::isWhiteSpace):
-        (JSC::Lexer::isLineTerminator):
-
-2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        GCC not inlining some functions that it really should be
-        https://bugs.webkit.org/show_bug.cgi?id=62075
-
-        Add ALWAYS_INLINE to a number of parsing and lexing functions
-        that should always be inlined.  This gets us ~1.4% on my ad hoc
-        parser test.
-
-        * KeywordLookupGenerator.py:
-        * parser/JSParser.cpp:
-        (JSC::JSParser::next):
-        (JSC::JSParser::nextTokenIsColon):
-        (JSC::JSParser::consume):
-        (JSC::JSParser::match):
-        (JSC::JSParser::tokenStart):
-        (JSC::JSParser::tokenLine):
-        (JSC::JSParser::tokenEnd):
-        * parser/Lexer.cpp:
-        (JSC::isIdentPart):
-
-2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Whoops, fix last minute bug.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-
-2011-06-03  Martin Robinson  <mrobinson@igalia.com>
-
-        Try to fix the GTK+ build.
-
-        * GNUmakefile.am: Clean up some spaces that should be tabs.
-        * GNUmakefile.list.am: Add KeywordLookup.h to the source list
-        and clean up some spaces that should be tabs.
-
-2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Improve keyword lookup
-        https://bugs.webkit.org/show_bug.cgi?id=61913
-
-        Rather than doing multiple hash lookups as we currently
-        do when trying to identify keywords we now use an 
-        automatically generated decision tree (essentially it's
-        a hard coded patricia trie).  We still use the regular
-        lookup table for the last few characters of an input as
-        this allows us to completely skip all bounds checks.
-
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pro:
-        * GNUmakefile.am:
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * KeywordLookupGenerator.py: Added.
-        * make-generated-sources.sh:
-        * parser/Lexer.cpp:
-        (JSC::Lexer::internalShift):
-        (JSC::Lexer::shift):
-        (JSC::Lexer::parseIdentifier):
-        * parser/Lexer.h:
-
-2011-06-03  Siddharth Mathur  <siddharth.mathur@nokia.com>
-
-        Reviewed by Benjamin Poulain.
-
-        [Qt] Build flag for experimental ICU library support
-        https://bugs.webkit.org/show_bug.cgi?id=60786
-
-        Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental 
-        ICU powered Unicode support. 
-
-        * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
-        * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE). 
-
-2011-06-03  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Reviewed by Benjamin Poulain.
-
-        [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
-        https://bugs.webkit.org/show_bug.cgi?id=61957
-
-        When building inside the Qt source tree, qmake always append the mkspecs
-        defines after ours. We have to workaround and make sure that we append 
-        our flags after the qmake variable used inside Qt. This workaround was provided 
-        by our qmake folks. We need to append in both case because qmake behave differently
-        when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
-
-        * JavaScriptCore.pro:
-
-2011-06-02  Jay Civelli  <jcivelli@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Added a method to generate RFC 2822 compliant date strings.
-        https://bugs.webkit.org/show_bug.cgi?id=7169
-
-        * wtf/DateMath.cpp:
-        (WTF::twoDigitStringFromNumber):
-        (WTF::makeRFC2822DateString):
-        * wtf/DateMath.h:
-
-2011-06-02  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
-        https://bugs.webkit.org/show_bug.cgi?id=61957
-
-        When building inside the Qt source tree, qmake always append the mkspecs
-        defines after ours. We have to workaround and make sure that we append  
-        our flags after the qmake variable used inside Qt. This workaround was provided
-        by our qmake folks.
-
-        * JavaScriptCore.pro:
-
-2011-06-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Add single character lookup cache to IdentifierArena
-        https://bugs.webkit.org/show_bug.cgi?id=61879
-
-        Add a simple lookup cache for single ascii character
-        identifiers.  Produces around a 2% improvement in parse
-        time for my adhoc parser test.
-
-        * parser/ParserArena.h:
-        (JSC::IdentifierArena::IdentifierArena):
-        (JSC::IdentifierArena::clear):
-        (JSC::IdentifierArena::makeIdentifier):
-
-2011-05-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Freezing a function and its prototype causes browser to crash.
-        https://bugs.webkit.org/show_bug.cgi?id=61758
-
-        Make JSObject::preventExtensions virtual so that we can override it
-        and instantiate all lazy
-
-        * JavaScriptCore.exp:
-        * runtime/JSFunction.cpp:
-        (JSC::createPrototypeProperty):
-        (JSC::JSFunction::preventExtensions):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSFunction.h:
-        * runtime/JSObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::seal):
-        (JSC::JSObject::seal):
-
-2011-06-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r87788.
-        http://trac.webkit.org/changeset/87788
-        https://bugs.webkit.org/show_bug.cgi?id=61856
-
-        breaks windows chromium canary (Requested by jknotten on
-        #webkit).
-
-        * wtf/DateMath.cpp:
-        (WTF::timeClip):
-        * wtf/DateMath.h:
-
-2011-06-01  Jay Civelli  <jcivelli@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Added a method to generate RFC 2822 compliant date strings.
-        https://bugs.webkit.org/show_bug.cgi?id=7169
-
-        * wtf/DateMath.cpp:
-        (WTF::twoDigitStringFromNumber):
-        (WTF::makeRFC2822DateString):
-        * wtf/DateMath.h:
-
-2011-05-31  Yong Li  <yoli@rim.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=54807
-        We have been assuming plain bitfields (like "int a : 31") are always signed integers.
-        However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
-        bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
-        http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
-        Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
-        always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
-        rule we should have in order to make our code independent from compilers and compiler flags.
-
-        No new test added because this change is not known to fix any issue.
-
-        * bytecode/StructureStubInfo.h:
-
-2011-05-30  Hojong Han  <hojong.han@samsung.com>
-
-        Reviewed by Geoffrey Garen.
-
-        [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
-        https://bugs.webkit.org/show_bug.cgi?id=61416
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branch32):
-        * tests/mozilla/ecma/Expressions/11.12-1.js:
-        (getTestCases):
-
-2011-05-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Some heap refactoring
-        https://bugs.webkit.org/show_bug.cgi?id=61704
-        
-        SunSpider says no change.
-
-        * JavaScriptCore.exp: Export!
-
-        * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
-
-        (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
-
-        (JSC::Heap::allocate): Changed inline allocation code to only select the
-        size class, since this can be optimized out at compile time -- everything
-        else is now inlined into this out-of-line function.
-        
-        No need to duplicate ASSERTs made in our caller.
-
-        * heap/Heap.h:
-        (JSC::Heap::heap):
-        (JSC::Heap::isMarked):
-        (JSC::Heap::testAndSetMarked):
-        (JSC::Heap::testAndClearMarked):
-        (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
-        a layer of indirection through MarkedSpace.
-
-        (JSC::Heap::allocate): See above.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
-
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::allocateBlock):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::allocate): Updated to match changes above.
-
-2011-05-28  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX when building only the interpreter
-
-        Fixes the following compiler warning:
-
-            JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
-             void releaseExecutableMemory(JSGlobalData& globalData)
-                  ^
-
-        * jit/ExecutableAllocator.h: Moved declaration of
-        JSC::releaseExecutableMemory().
-
-2011-05-28  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::linkCode): Added missing argument.
-
-2011-05-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JS API is too aggressive about throwing exceptions for NULL get or set operations
-        https://bugs.webkit.org/show_bug.cgi?id=61678
-
-        * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
-        function that returns a JSValue, so it can fail and still forward to
-        normal property lookup.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
-        access a static property -- just forward the access. This allows objects
-        to observe get/set operations but still let the JS object manage lifetime.
-
-        (JSC::::put): Ditto.
-
-        (JSC::::getStaticValue): Same as JSCallbackObject.h.
-
-        * API/tests/testapi.c:
-        (MyObject_set_nullGetForwardSet):
-        * API/tests/testapi.js: Updated tests to reflect slightly less strict
-        behavior, which matches headerdoc claims.
-
-2011-05-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Property caching is too aggressive for API objects
-        https://bugs.webkit.org/show_bug.cgi?id=61677
-
-        * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
-        callback APIs allow the client to change its mind about our propertis at
-        any time.
-
-        * API/tests/testapi.c:
-        (PropertyCatchalls_getProperty):
-        (PropertyCatchalls_setProperty):
-        (PropertyCatchalls_getPropertyNames):
-        (PropertyCatchalls_class):
-        (main):
-        * API/tests/testapi.js: Some tests for dynamic API objects.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
-        requires it.
-
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        (JSC::TypeInfo::isFinal):
-        (JSC::TypeInfo::prohibitsPropertyCaching):
-        (JSC::TypeInfo::flags): Added a flag to track opting out of property
-        caching. Fixed an "&&" vs "&" typo that was previously harmless, but
-        is now harmful since m_flags2 can have more than one bit set.
-
-2011-05-27  Stephanie Lewis  <slewis@apple.com>
-
-        Unreviewed.
-
-        Fix a typo in the order_file flag.
-
-        * Configurations/Base.xcconfig:
-
-2011-05-27  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
-
-        * runtime/JSGlobalData.cpp:
-        (JSGlobalData::JSGlobalData):
-
-2011-05-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Add a few validity assertions to JSCallbackObject
-        https://bugs.webkit.org/show_bug.cgi?id=61659
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::visitChildren):
-
-2011-05-27  Oliver Hunt  <oliver@apple.com>
-
-        Build fix
-
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::invalidateCode):
-
-2011-05-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Try to release unused executable memory when the FixedVMPool allocator is under pressure
-        https://bugs.webkit.org/show_bug.cgi?id=61651
-
-        Rather than crashing when full the FixedVMPool allocator now returns a null
-        allocation.  We replace the code that used to CRASH() on null allocations
-        with logic that asks the provided globalData to release any executable memory
-        that it can.  Currently this just means throwing away all regexp code, but
-        in future we'll try to be more aggressive.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::linkCode):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::executableCopy):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::executableCopy):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::create):
-        (JSC::ExecutablePool::alloc):
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::poolForSize):
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::alloc):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::powThunkGenerator):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-        (JSC::releaseExecutableMemory):
-        * runtime/JSGlobalData.h:
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::invalidateCode):
-        * runtime/RegExpCache.h:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::compile):
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Optimized ConservativeSet to avoid double-visiting objects
-        https://bugs.webkit.org/show_bug.cgi?id=61592
-        
-        SunSpider thinks this might be a 1% speedup
-
-        * heap/ConservativeRoots.h:
-        (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting
-        an object.
-
-        * heap/Heap.h:
-        (JSC::Heap::isMarked):
-        (JSC::Heap::testAndSetMarked):
-        (JSC::Heap::testAndClearMarked):
-        (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type
-        to void*, since clients want to ask questions about arbitrary pointers
-        into the heap, even when they aren't known to be JSCells.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::testAndClearMarked):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::isMarked):
-        (JSC::MarkedSpace::testAndSetMarked):
-        (JSC::MarkedSpace::testAndClearMarked):
-        (JSC::MarkedSpace::setMarked):
-        (JSC::MarkedSpace::contains): Ditto.
-
-        * wtf/Bitmap.h:
-        (WTF::::testAndClear): New function for ConservativeRoots's inverted
-        marking pass.
-
-2011-05-27  Stephanie Lewis  <slewis@apple.com>
-
-        Rubber Stamped by Adam Roben.
-
-        Update Order Files.  Use -order_file flag since it can order more of the binary.
-
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.order:
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Renamed heapRootMarker to heapRootVisitor to match its class name
-        https://bugs.webkit.org/show_bug.cgi?id=61584
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed some interdependency between Heap and SmallStrings by simplifying
-        the SmallStrings lifetime model
-        https://bugs.webkit.org/show_bug.cgi?id=61579
-        
-        SunSpider reports no change.
-        
-        Using Weak<T> could accomplish this too, but we're not sure it will give
-        us the performance we need. This is a first step, and it accomplishes
-        most of the value of using Weak<T>.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::reset): Finalize small strings just like other weak handles.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::finalize):
-        (JSC::SmallStrings::finalizeSmallStrings):
-        * runtime/SmallStrings.h: Make all small strings trivially weak, instead
-        of having an "all for one, one for all" memory model.
-
-2011-05-26  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make RegExpCache a weak map
-        https://bugs.webkit.org/show_bug.cgi?id=61554
-
-        Switch to a weak map for the regexp cache, and hide that
-        behaviour behind RegExp::create.
-
-        When a RegExp is compiled it attempts to add itself to
-        the "strong" cache.  This cache is a simple round-robin
-        buffer as was the old strong cache.  Happily this can
-        be smaller than the old strong cache as RegExps are only
-        added when they're compiled so it is under less pressure
-        to evict.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        (JSC::RegExp::gcShouldInvalidateCode):
-        (JSC::RegExp::hasCode):
-        (JSC::RegExp::key):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::RegExpCache):
-        (JSC::RegExpCache::isReachableFromOpaqueRoots):
-        (JSC::RegExpCache::finalize):
-        * runtime/RegExpCache.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Moved Heap-related functions out of JSCell.h and into respective header files
-        https://bugs.webkit.org/show_bug.cgi?id=61567
-
-        * heap/Heap.h:
-        (JSC::Heap::allocate):
-        (JSC::Heap::heap):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::allocate):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::sizeClassFor):
-        (JSC::MarkedSpace::allocate):
-        * runtime/JSCell.h:
-        (JSC::JSCell::destructor):
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-26  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        [debug feature] WTFString should have show() method
-        https://bugs.webkit.org/show_bug.cgi?id=61149
-
-        Added String::show and AtomicString::show in NDEBUG.
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::show):
-        * wtf/text/AtomicString.h:
-        * wtf/text/WTFString.cpp:
-        (String::show):
-        * wtf/text/WTFString.h:
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Factored out some Heap ASSERTs
-        https://bugs.webkit.org/show_bug.cgi?id=61565
-
-        * JavaScriptCore.exp:
-        * heap/Heap.cpp:
-        (JSC::isValidSharedInstanceThreadState):
-        (JSC::isValidThreadState):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::isValidAllocation):
-        * heap/Heap.h:
-        * runtime/JSCell.h:
-        (JSC::JSCell::Heap::allocate):
-
-2011-05-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=61508
-        DFG JIT - Add support for get by id self caching.
-
-        Change the call out to be an unexpected call (using silent spill/fill functions),
-        add a structure check & compact load to the JIT code, and add repatching mechanisms.
-        Since DFGOperations may want to be be implemented in asm, make these symbols be extern
-        "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation,
-        so that it can look up its StructureStubInfo.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Added new files.
-        * bytecode/StructureStubInfo.h:
-            - Added 'unset' entries to union.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
-            - Return the call, we need this to populate the StructureStubInfo.
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-            - Populate the CodebBlock's StructureStubInfo Vector.
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
-            - Return the call, we need this to populate the StructureStubInfo.
-        (JSC::DFG::JITCompiler::addPropertyAccess):
-        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
-            - Add structures to record property access info during compilation.
-        * dfg/DFGOperations.cpp:
-            - Made all external methods extern "C".
-        (JSC::DFG::operationPutByValInternal):
-            - Moved outside of the extern "C" block.
-        * dfg/DFGOperations.h:
-            - Made all external methods extern "C".
-        * dfg/DFGRepatch.cpp: Added.
-        (JSC::DFG::dfgRepatchCall):
-            - repatch a call to link to a new callee function.
-        (JSC::DFG::dfgRepatchGetByIdSelf):
-            - Modify the JIT code to optimize self accesses.
-        (JSC::DFG::tryCacheGetByID):
-            - Internal implementation of dfgRepatchGetByID (factor out failing cases).
-        (JSC::DFG::dfgRepatchGetByID):
-            - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses!
-        * dfg/DFGRepatch.h: Added.
-            - Expose dfgRepatchGetByID.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Changed implementation of GetById ops.
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        * wtf/DoublyLinkedList.h:
-        (WTF::::DoublyLinkedListNode):
-        (WTF::::setPrev):
-        (WTF::::setNext):
-        (WTF::::prev):
-        (WTF::::next):
-        (WTF::::DoublyLinkedList):
-        (WTF::::isEmpty):
-        (WTF::::size):
-        (WTF::::clear):
-        (WTF::::head):
-        (WTF::::append):
-        (WTF::::remove):
-        (WTF::::removeHead):
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out http://trac.webkit.org/changeset/87408 because it broke the
-        Windows build.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::setPrev):
-        (JSC::MarkedBlock::setNext):
-        (JSC::MarkedBlock::prev):
-        (JSC::MarkedBlock::next):
-        * wtf/DoublyLinkedList.h:
-        (WTF::::DoublyLinkedList):
-        (WTF::::isEmpty):
-        (WTF::::head):
-        (WTF::::append):
-        (WTF::::remove):
-
-2011-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Provide a real owner when copying a property table, for the sake of
-        write barriers.
-        https://bugs.webkit.org/show_bug.cgi?id=61547
-        
-        No test because we can't enable the writeBarrier() ASSERT just yet.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-
-2011-05-26  Adam Roben  <aroben@apple.com>
-
-        Windows build fix after r87346
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match
-        reality.
-
-2011-05-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        ASSERT(isMainThread()) when using single threaded jsc executable
-        https://bugs.webkit.org/show_bug.cgi?id=60846
-
-        Remove the ASSERT since we do not have the concept of MainThread in JSC.
-
-        * wtf/CryptographicallyRandomNumber.cpp:
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
-
-2011-05-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=61506
-
-        Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator
-        so that they are available to the SpeculativeJIT.
-
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
-        (JSC::DFG::JITCodeGenerator::silentFillGPR):
-        (JSC::DFG::JITCodeGenerator::silentFillFPR):
-        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
-        (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
-        * dfg/DFGNonSpeculativeJIT.h:
-
-2011-05-25  Ryosuke Niwa  <rniwa@webkit.org>
-
-        An attempt to revive Windows bots.
-
-        * runtime/RegExp.cpp:
-        * runtime/RegExp.h:
-
-2011-05-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT
-
-        This data structure, used at runtime by the JIT, is currently unnecessarily populated
-        with default entries during byte compilation.
-
-        Aside from meaning that there is JIT specific code in the bytecompiler, this also ties
-        us to one entry per corresponding bytecode op, which may be undesirable. Instead,
-        populate this array from the JIT.
-
-        The type StructureStubInfo has two unused states, one for gets & one for puts. Unify
-        these, so that the class can have a default constructor (and to simply switch statements
-        in code walking over the table).
-
-        This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure
-        to check for functions containing property access. Instead do so in the DFGByteCodeParser.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::printStructureStubInfo):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::setNumberOfStructureStubInfos):
-        (JSC::CodeBlock::numberOfStructureStubInfos):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        (JSC::StructureStubInfo::visitAggregate):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        * runtime/Executable.cpp:
-        (JSC::tryDFGCompile):
-
-2011-05-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Call::Call):
-        (JSC::AbstractMacroAssembler::Call::fromTailJump):
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-        (JSC::AbstractMacroAssembler::Jump::isSet):
-        (JSC::AbstractMacroAssembler::differenceBetween):
-        (JSC::AbstractMacroAssembler::linkJump):
-        (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::link):
-        (JSC::LinkBuffer::locationOf):
-        (JSC::LinkBuffer::locationOfNearCall):
-        (JSC::LinkBuffer::returnAddressOffset):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::linkCall):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::linkCall):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::linkCall):
-        * assembler/MacroAssemblerSH4.cpp:
-        (JSC::MacroAssemblerSH4::linkCall):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::linkCall):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::linkCall):
-
-2011-05-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=61500
-        Add JSObject::offsetOfPropertyStorage
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        * runtime/JSObject.h:
-        (JSC::JSObject::offsetOfPropertyStorage):
-
-2011-05-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make RegExp GC allocated
-        https://bugs.webkit.org/show_bug.cgi?id=61490
-
-        Make RegExp GC allocated.  Basically mechanical change to replace
-        most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
-        where actual ownership happens.
-
-        Made the RegExpCache use Strong<> references currently to avoid any
-        changes in behaviour.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addRegExp):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addRegExp):
-        (JSC::BytecodeGenerator::emitNewRegExp):
-        * bytecompiler/BytecodeGenerator.h:
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::clearBuiltinStructures):
-        (JSC::JSGlobalData::addRegExpToTrace):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-        (JSC::RegExp::invalidateCode):
-        * runtime/RegExp.h:
-        (JSC::RegExp::createStructure):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpCache.h:
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        (JSC::RegExpObject::visitChildren):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::setRegExp):
-        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        (JSC::regExpProtoFuncCompile):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-
-2011-05-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Generate regexp code lazily
-        https://bugs.webkit.org/show_bug.cgi?id=61476
-
-        RegExp construction now simply validates the RegExp, it does
-        not perform actual codegen.
-
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::recompile):
-        (JSC::RegExp::compile):
-        (JSC::RegExp::match):
-        * runtime/RegExp.h:
-        (JSC::RegExp::recompileIfNecessary):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::performMatch):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::match):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncReplace):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSplit):
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Removed MarkSetProperties because it was unused
-        https://bugs.webkit.org/show_bug.cgi?id=61418
-
-        * heap/MarkStack.h:
-        (JSC::MarkSet::MarkSet):
-        (JSC::MarkStack::append):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSArray.h:
-        (JSC::JSArray::visitChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/WriteBarrier.h:
-        (JSC::MarkStack::appendValues):
-
-2011-05-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make allocations with guard pages ensure that the allocation succeeded
-        https://bugs.webkit.org/show_bug.cgi?id=61453
-
-        Add null checks, and make PageBlock's operator bool() use
-        the realbase, rather than the start of usable memory.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-        * wtf/PageBlock.h:
-        (WTF::PageBlock::operator bool):
-        (WTF::PageBlock::PageBlock):
-
-2011-04-10  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Eric Seidel.
-
-        Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * bytecompiler/BytecodeGenerator.h:
-
-2011-05-24  Keishi Hattori  <keishi@webkit.org>
-
-        Reviewed by Kent Tamura.
-
-        Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer.
-        https://bugs.webkit.org/show_bug.cgi?id=61273
-
-        * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag.
-
-2011-05-24  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Eric Seidel.
-
-        Add export macros to WTFString.h.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * wtf/text/WTFString.h:
-        (WTF::String::String):
-        (WTF::String::findIgnoringCase):
-        (WTF::String::isHashTableDeletedValue):
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Maybe fix the Mac build now?
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Maybe fix the Mac build?
-        
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Split HeapRootVisitor into its own class
-        https://bugs.webkit.org/show_bug.cgi?id=61399
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/HandleHeap.cpp:
-        * heap/HandleStack.cpp:
-        * heap/Heap.cpp:
-        * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h.
-        * heap/MarkStack.h:
-        * runtime/ArgList.cpp:
-        * runtime/SmallStrings.cpp:
-
-2011-05-24  Jay Civelli  <jcivelli@chromium.org>
-
-        Rubberstamped by David Kilzer.
-
-        Updated some files that I forgot in my previous MHTML CL.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Fix the Mac build: Yes, please do remove these files, svn.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Let's just have one way to get the system page size, bokay?
-        https://bugs.webkit.org/show_bug.cgi?id=61384
-
-        * CMakeListsEfl.txt:
-        * CMakeListsWinCE.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
-        is gone completely now, since it only existed to provide a duplicate way
-        to access the system page size.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::reset):
-        * heap/MarkStack.h:
-        (JSC::::MarkStackArray):
-        (JSC::::shrinkAllocation): Use WTF::pageSize.
-
-        * heap/MarkStackPosix.cpp:
-        * heap/MarkStackSymbian.cpp:
-        * heap/MarkStackWin.cpp: Removed now-empty files.
-
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::reprotectRegion):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutablePool::ExecutablePool):
-        (JSC::ExecutablePool::poolAllocate):
-        * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
-
-        * wscript: Removed now-empty files.
-
-        * wtf/PageBlock.cpp:
-        (WTF::systemPageSize): Integrated questionable Symbian page size rule
-        from ExecutableAllocator, because that seems like what the original
-        author should have done.
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
-        https://bugs.webkit.org/show_bug.cgi?id=61385
-
-        The interpreter uses the structure slot of get_by_id and put_by_id to hold
-        the initial structure it encountered so that it can identify whether a
-        given access is stable.
-
-        When marking though we only visit the slot when we've decided to cache, and
-        so this value could die.  This was "safe" as the value was only used for a
-        pointer compare, but it was incorrect.  We now just mark the slot like we
-        should have been doing already.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitStructures):
-
-2011-05-24  Adam Roben  <aroben@apple.com>
-
-        Windows build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions.
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix: update the #if OS(WINDOWS) section to match my last patch.
-
-        * heap/MarkStack.h:
-        (JSC::::shrinkAllocation):
-
-2011-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Split out function definitions and class definitions from class
-        declarations in MarkStack.h, for readability.
-
-        * heap/MarkStack.h:
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::~MarkStack):
-        (JSC::MarkStack::addOpaqueRoot):
-        (JSC::MarkStack::containsOpaqueRoot):
-        (JSC::MarkStack::opaqueRootCount):
-        (JSC::MarkSet::MarkSet):
-        (JSC::MarkStack::allocateStack):
-        (JSC::MarkStack::releaseStack):
-        (JSC::MarkStack::pageSize):
-        (JSC::::MarkStackArray):
-        (JSC::::~MarkStackArray):
-        (JSC::::expand):
-        (JSC::::append):
-        (JSC::::removeLast):
-        (JSC::::last):
-        (JSC::::isEmpty):
-        (JSC::::size):
-        (JSC::::shrinkAllocation):
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Avoid creating unnecessary identifiers and strings in the syntax checker
-        https://bugs.webkit.org/show_bug.cgi?id=61378
-
-        Selectively tell the lexer that there are some places it does not need to
-        do the real work of creating Identifiers for IDENT and STRING tokens.
-
-        Make parseString and parseIdentifier templatized on whether they should
-        do real work, or merely validate the tokens.
-
-        SunSpider --parse-only reports ~5-8% win depending on hardware.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createDotAccess):
-        * parser/JSParser.cpp:
-        (JSC::JSParser::next):
-        (JSC::JSParser::consume):
-        (JSC::JSParser::parseVarDeclarationList):
-        (JSC::JSParser::parseConstDeclarationList):
-        (JSC::JSParser::parseExpression):
-        (JSC::JSParser::parseAssignmentExpression):
-        (JSC::JSParser::parseConditionalExpression):
-        (JSC::JSParser::parseBinaryExpression):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseObjectLiteral):
-        (JSC::JSParser::parseArrayLiteral):
-        (JSC::JSParser::parseArguments):
-        (JSC::JSParser::parseMemberExpression):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createDotAccess):
-        (JSC::SyntaxChecker::createProperty):
-
-2011-05-23  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Safari often freezes when clicking "Return free memory" in Caches dialog
-        https://bugs.webkit.org/show_bug.cgi?id=61325
-
-        There are two fixes and improvement in instrumentation code used to find 
-        one of the problems.
-        Changed ReleaseFreeList() to set the "decommitted" bit when releasing
-        pages to the system and moving Spans from the normal list to the returned 
-        list.
-        Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
-        to eliminate an infinite loop if we can't meet the pagesToRelease target.
-        Added a check for the decommitted bit being set properly in 
-        TCMalloc_PageHeap::CheckList.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavenge):
-        (WTF::TCMalloc_PageHeap::Check):
-        (WTF::TCMalloc_PageHeap::CheckList):
-        (WTF::ReleaseFreeList):
-
-2011-05-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=61306
-
-        The begin characters optimization currently has issues (#61129),
-        and does not appear to still be a performance win. The prudent
-        next step seems to be to disable while we ascertain whether this
-        is still a useful performance optimization.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        * yarr/YarrInterpreter.h:
-        (JSC::Yarr::BytecodePattern::BytecodePattern):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
-        (JSC::Yarr::YarrPattern::compile):
-        (JSC::Yarr::YarrPattern::YarrPattern):
-        * yarr/YarrPattern.h:
-        (JSC::Yarr::YarrPattern::reset):
-
-2011-05-23  Matthew Delaney  <mdelaney@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
-        https://bugs.webkit.org/show_bug.cgi?id=58216
-
-        * wtf/MathExtras.h:
-        (clampToInteger):
-        (clampToPositiveInteger):
-
-2011-05-23  Ruben  <chromium@hybridsource.org>
-
-        Reviewed by Tony Chang.
-
-        Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
-        https://bugs.webkit.org/show_bug.cgi?id=61219
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-05-23  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [SH4] AssemblerLabel does not name a type
-        https://bugs.webkit.org/show_bug.cgi?id=59927
-
-        SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.
-
-        * assembler/MacroAssemblerSH4.h:
-
-2011-05-23  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        Rubber stamped by Eric Seidel.
-
-        [CMAKE] Refactoring wtf related code.
-        https://bugs.webkit.org/show_bug.cgi?id=60146
-
-        Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.
-
-        * CMakeLists.txt:
-        * CMakeListsEfl.txt:
-        * wtf/CMakeLists.txt:
-        * wtf/CMakeListsEfl.txt:
-
-2011-05-22  Adam Barth  <abarth@webkit.org>
-
-        Enable strict PassOwnPtr for everyone.  I expect this patch will need
-        some followups to make the GTK and EFL bots green again.
-
-        * wtf/PassOwnPtr.h:
-
-2011-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Reduce size of inline cache path of get_by_id on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=61221
-
-        This reduces the code size of get_by_id by 20 bytes
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::ldrCompact):
-        (JSC::ARMv7Assembler::repatchCompact):
-        (JSC::ARMv7Assembler::setUInt7ForLoad):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
-        * jit/JIT.h:
-
-2011-05-20  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Oliver Hunt.
-
-        Zombies should "live" forever
-        https://bugs.webkit.org/show_bug.cgi?id=61170
-
-        Reusing zombie cells could still hide garbage
-        collected cell related bugs.
-
-        * JavaScriptCore.pro:
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::clearMarks):
-        * heap/MarkedBlock.h:
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::destroy):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::isZombie):
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::~JSZombie):
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-
-2011-05-20  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
-        Horrendous bug in callOnMainThreadAndWait
-
-        * wtf/MainThread.cpp:
-        (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
-          syncFlag condition, reacquire the mutex first.
-
-2011-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Remove unnecessary double->int conversion at the end of op_div
-        https://bugs.webkit.org/show_bug.cgi?id=61198
-
-        We don't attempt this conversion on 64bit, removing it actually speeds
-        up sunspider and v8 slightly, and it reduces code size.
-
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_div):
-
-2011-05-19  Evan Martin  <evan@chromium.org>
-
-        Reviewed by Tony Chang.
-
-        [chromium] remove <(library) variable
-        https://bugs.webkit.org/show_bug.cgi?id=61158
-
-        This was for a build experiment; we can just use the correct value now.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Interpreter uses wrong bytecode offset for determining exception handler
-        https://bugs.webkit.org/show_bug.cgi?id=61191
-
-        The bytecode offset given for the returnPC from the JIT is
-        actually the offset for the start of the instruction triggering
-        the call, whereas in the interpreter it is the actual return
-        VPC.  This means if the next instruction following a call was
-        in an exception region we would incorrectly redirect to its
-        handler.  Long term we want to completely redo how exceptions
-        are handled anyway so the simplest and lowest risk fix here is
-        to simply subtract one from the return vPC so that we have an
-        offset in the triggering instruction.
-
-        It turns out this is caught by a couple of tests already.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-
-2011-05-20  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Oliver Hunt.
-
-        JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
-        https://bugs.webkit.org/show_bug.cgi?id=42756
-
-        Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
-        check of the available memory. This should give us an
-        overcommit-like behavior in most systems, which is what we want.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.
-
-2011-05-19  Gabor Loki  <loki@webkit.org>
-
-        Fix ARM build after r86919
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::nop):
-
-2011-05-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Randomise code starting location a little
-        https://bugs.webkit.org/show_bug.cgi?id=61161
-
-        Add a nop() function to the Assemblers so that we
-        can randomise code offsets slightly at no real cost.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::nop):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::nop):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::nop):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::nop):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::nop):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::nop):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::nop):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::nop):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * runtime/WeakRandom.h:
-        (JSC::WeakRandom::getUint32):
-
-2011-05-19  Oliver Hunt  <oliver@apple.com>
-
-        Fix windows build.
-
-        * wtf/OSAllocatorWin.cpp:
-        (WTF::OSAllocator::reserveUncommitted):
-        (WTF::OSAllocator::reserveAndCommit):
-
-2011-05-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add guard pages to each end of the memory region used by the fixedvm allocator
-        https://bugs.webkit.org/show_bug.cgi?id=61150
-
-        Add mechanism to notify the OSAllocator that pages at either end of an
-        allocation should be considered guard pages.  Update PageReservation,
-        PageAllocation, etc to handle this.
-
-        * JavaScriptCore.exp:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        * wtf/OSAllocator.h:
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveUncommitted):
-        (WTF::OSAllocator::reserveAndCommit):
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::PageAllocation):
-        * wtf/PageAllocationAligned.h:
-        (WTF::PageAllocationAligned::PageAllocationAligned):
-        * wtf/PageBlock.h:
-        (WTF::PageBlock::PageBlock):
-        * wtf/PageReservation.h:
-        (WTF::PageReservation::reserve):
-        (WTF::PageReservation::reserveWithGuardPages):
-            Add a new function to make a reservation that will add guard
-            pages to the ends of an allocation.
-        (WTF::PageReservation::PageReservation):
-
-2011-05-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make Executables release their JIT code as soon as they become dead
-        https://bugs.webkit.org/show_bug.cgi?id=61134
-
-        Add an ability to clear an Executable's jit code without requiring
-        it to be destroyed, and then call that from a finalizer.
-
-        * heap/Weak.h:
-        (JSC::Weak::Weak):
-        (JSC::Weak::leak):
-        * jit/JITCode.h:
-        (JSC::JITCode::clear):
-        * runtime/Executable.cpp:
-        (JSC::ExecutableFinalizer::finalize):
-        (JSC::ExecutableBase::executableFinalizer):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::clearExecutableCode):
-
-2011-05-19  Adam Roben  <aroben@apple.com>
-
-        Remove a redundant and broken data export
-
-        Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
-        JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
-        to a linker warning about multiple definitions.)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
-
-2011-05-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
-        https://bugs.webkit.org/show_bug.cgi?id=61064
-
-        Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
-        for its inline storage.  This resolves the problem of GC occurring before
-        a subclass has initialised its anonymous storage.
-
-        * runtime/JSObject.h:
-
-2011-05-18  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Sam Weinig.
-
-        Delete WTFURL
-        https://bugs.webkit.org/show_bug.cgi?id=61084
-
-        It's been a year and we've failed to complete this project.  It's time
-        to throw in the towel.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/url: Removed.
-        * wtf/url/api: Removed.
-        * wtf/url/api/ParsedURL.cpp: Removed.
-        * wtf/url/api/ParsedURL.h: Removed.
-        * wtf/url/api/URLString.h: Removed.
-        * wtf/url/src: Removed.
-        * wtf/url/src/RawURLBuffer.h: Removed.
-        * wtf/url/src/URLBuffer.h: Removed.
-        * wtf/url/src/URLCharacterTypes.cpp: Removed.
-        * wtf/url/src/URLCharacterTypes.h: Removed.
-        * wtf/url/src/URLComponent.h: Removed.
-        * wtf/url/src/URLEscape.cpp: Removed.
-        * wtf/url/src/URLEscape.h: Removed.
-        * wtf/url/src/URLParser.h: Removed.
-        * wtf/url/src/URLQueryCanonicalizer.h: Removed.
-        * wtf/url/src/URLSegments.cpp: Removed.
-        * wtf/url/src/URLSegments.h: Removed.
-        * wtf/url/wtfurl.gyp: Removed.
-
-2011-05-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
-        https://bugs.webkit.org/show_bug.cgi?id=61090
-
-        Remove the Structure-free JSGlobalObject constructor and instead always
-        pass the structure into the JSGlobalObject constructor.
-        Stop DebuggerActivation creating a new structure every time, and simply
-        use a single shared structure held by the GlobalData.
-
-        * API/JSContextRef.cpp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionRun):
-        (jscmain):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::clearBuiltinStructures):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-
-2011-05-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Disable gc validation in release builds
-        https://bugs.webkit.org/show_bug.cgi?id=60680
-
-        Add back the NDEBUG check
-
-        * wtf/Platform.h:
-
-2011-05-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out attempts to fix EFL build because they're not enough -- the
-        build script needs to be fixed.
-
-        * runtime/BooleanPrototype.cpp:
-        * runtime/DateConstructor.cpp:
-        * runtime/ErrorPrototype.cpp:
-
-2011-05-17  Geoffrey Garen  <ggaren@apple.com>
-
-        More attempts to work around the EFL build system being borken.
-
-        * runtime/DateConstructor.cpp:
-        * runtime/ErrorPrototype.cpp:
-
-2011-05-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the EFL build.
-
-        * runtime/BooleanPrototype.cpp:
-
-2011-05-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolling back in r86653 with build fixed.
-
-        Reviewed by Gavin Barraclough and Oliver Hunt.
-
-        Global object initialization is expensive
-        https://bugs.webkit.org/show_bug.cgi?id=60933
-        
-        Changed a bunch of globals to allocate their properties lazily, and changed
-        the global object to allocate a bunch of its globals lazily.
-        
-        This reduces the footprint of a global object from 287 objects with 58
-        functions for 24K to 173 objects with 20 functions for 15K.
-
-        Large patch, but it's all mechanical.
-
-        * DerivedSources.make:
-        * JavaScriptCore.exp: Build!
-
-        * create_hash_table: Added a special case for fromCharCode, since it uses
-        a custom "thunk generator".
-
-        * heap/Heap.cpp:
-        (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
-        overcount objects that were owned through more than one mechanism because
-        it was getting in the way of counting the results for this patch.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::arrayConstructorTable):
-        (JSC::ExecState::arrayPrototypeTable):
-        (JSC::ExecState::booleanPrototypeTable):
-        (JSC::ExecState::dateConstructorTable):
-        (JSC::ExecState::errorPrototypeTable):
-        (JSC::ExecState::globalObjectTable):
-        (JSC::ExecState::numberConstructorTable):
-        (JSC::ExecState::numberPrototypeTable):
-        (JSC::ExecState::objectPrototypeTable):
-        (JSC::ExecState::regExpPrototypeTable):
-        (JSC::ExecState::stringConstructorTable): Added new tables.
-
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::ArrayConstructor::getOwnPropertySlot):
-        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::createStructure):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlot):
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        (JSC::BooleanPrototype::getOwnPropertySlot):
-        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::createStructure):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        (JSC::DateConstructor::getOwnPropertySlot):
-        (JSC::DateConstructor::getOwnPropertyDescriptor):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::createStructure):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        (JSC::ErrorPrototype::getOwnPropertySlot):
-        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::createStructure): Standardized these objects
-        to use static tables for function properties.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h: Added new tables.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
-        static table for its global functions. This required uninlining some
-        things to avoid a circular header dependency. However, those things
-        probably shouldn't have been inlined in the first place.
-        
-        Even more global object properties can be made lazy, but that requires
-        more in-depth changes.
-
-        * runtime/MathObject.cpp:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertySlot):
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        (JSC::NumberPrototype::getOwnPropertySlot):
-        (JSC::NumberPrototype::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::createStructure):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        (JSC::ObjectPrototype::put):
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::createStructure):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        (JSC::RegExpPrototype::getOwnPropertySlot):
-        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::createStructure):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        (JSC::StringConstructor::getOwnPropertySlot):
-        (JSC::StringConstructor::getOwnPropertyDescriptor):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::createStructure): Standardized these objects
-        to use static tables for function properties.
-
-2011-05-17  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        JSGlobalContextRelease should not trigger a synchronous garbage collection
-        https://bugs.webkit.org/show_bug.cgi?id=60990
-
-        * API/JSContextRef.cpp:
-        Change synchronous call to collectAllGarbage to a call to trigger the
-        activityCallback.
-
-2011-05-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Reduce code size for inline cache
-        https://bugs.webkit.org/show_bug.cgi?id=60942
-
-        This patch introduces the concept of a "compact" address that
-        allows individual architectures to control the maximum offset
-        used for the inline path of get_by_id.  This reduces the code
-        size of get_by_id by 3 bytes on x86 and x86_64 and slightly
-        improves performance on v8 tests.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::repatchCompact):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::repatchCompact):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
-        (JSC::AbstractMacroAssembler::differenceBetween):
-        (JSC::AbstractMacroAssembler::repatchCompact):
-        * assembler/CodeLocation.h:
-        (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
-        (JSC::CodeLocationCommon::dataLabelCompactAtOffset):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::locationOf):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::repatchCompact):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::repatchCompact):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
-        * assembler/RepatchBuffer.h:
-        (JSC::RepatchBuffer::repatch):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::repatchCompact):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::movl_mr_disp8):
-        (JSC::X86Assembler::movq_mr_disp8):
-        (JSC::X86Assembler::repatchCompact):
-        (JSC::X86Assembler::setInt8):
-        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
-        (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
-        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::patchGetByIdSelf):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::patchGetByIdSelf):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-
-2011-05-16  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r86653.
-        http://trac.webkit.org/changeset/86653
-        https://bugs.webkit.org/show_bug.cgi?id=60944
-
-        "Caused regressions on Windows, OSX and EFL" (Requested by
-        yutak on #webkit).
-
-        * DerivedSources.make:
-        * DerivedSources.pro:
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * create_hash_table:
-        * heap/Heap.cpp:
-        (JSC::TypeCounter::operator()):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::arrayTable):
-        (JSC::ExecState::numberTable):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlot):
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateConstructor.h:
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::addStaticGlobals):
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncJSCPrint):
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/MathObject.cpp:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertySlot):
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        (JSC::ObjectPrototype::put):
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/RegExpPrototype.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringConstructor.h:
-
-2011-05-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Global object initialization is expensive
-        https://bugs.webkit.org/show_bug.cgi?id=60933
-        
-        Changed a bunch of globals to allocate their properties lazily, and changed
-        the global object to allocate a bunch of its globals lazily.
-        
-        This reduces the footprint of a global object from 287 objects with 58
-        functions for 24K to 173 objects with 20 functions for 15K.
-
-        Large patch, but it's all mechanical.
-
-        * DerivedSources.make:
-        * JavaScriptCore.exp: Build!
-
-        * create_hash_table: Added a special case for fromCharCode, since it uses
-        a custom "thunk generator".
-
-        * heap/Heap.cpp:
-        (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
-        overcount objects that were owned through more than one mechanism because
-        it was getting in the way of counting the results for this patch.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::arrayConstructorTable):
-        (JSC::ExecState::arrayPrototypeTable):
-        (JSC::ExecState::booleanPrototypeTable):
-        (JSC::ExecState::dateConstructorTable):
-        (JSC::ExecState::errorPrototypeTable):
-        (JSC::ExecState::globalObjectTable):
-        (JSC::ExecState::numberConstructorTable):
-        (JSC::ExecState::numberPrototypeTable):
-        (JSC::ExecState::objectPrototypeTable):
-        (JSC::ExecState::regExpPrototypeTable):
-        (JSC::ExecState::stringConstructorTable): Added new tables.
-
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::ArrayConstructor::getOwnPropertySlot):
-        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::createStructure):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlot):
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        (JSC::BooleanPrototype::getOwnPropertySlot):
-        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::createStructure):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        (JSC::DateConstructor::getOwnPropertySlot):
-        (JSC::DateConstructor::getOwnPropertyDescriptor):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::createStructure):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        (JSC::ErrorPrototype::getOwnPropertySlot):
-        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::createStructure): Standardized these objects
-        to use static tables for function properties.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h: Added new tables.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
-        static table for its global functions. This required uninlining some
-        things to avoid a circular header dependency. However, those things
-        probably shouldn't have been inlined in the first place.
-        
-        Even more global object properties can be made lazy, but that requires
-        more in-depth changes.
-
-        * runtime/MathObject.cpp:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertySlot):
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        (JSC::NumberPrototype::getOwnPropertySlot):
-        (JSC::NumberPrototype::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::createStructure):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        (JSC::ObjectPrototype::put):
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::createStructure):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        (JSC::RegExpPrototype::getOwnPropertySlot):
-        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::createStructure):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        (JSC::StringConstructor::getOwnPropertySlot):
-        (JSC::StringConstructor::getOwnPropertyDescriptor):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::createStructure): Standardized these objects
-        to use static tables for function properties.
-
-2011-05-16  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
-        <rdar://problem/9446430>
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Fixed typo.
-
-2011-05-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        JSWeakObjectMap finalisation may occur while gc is in inconsistent state
-        https://bugs.webkit.org/show_bug.cgi?id=60908
-        <rdar://problem/9409491>
-
-        We need to ensure that we have called all the weak map finalizers while
-        the global object (and hence global context) is still in a consistent
-        state.  The best way to achieve this is to simply use a weak handle and
-        finalizer on the global object.
-
-        * JavaScriptCore.exp:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::registerWeakMap):
-
-2011-05-16  Siddharth Mathur  <siddharth.mathur@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt][WK2][Symbian] Shared memory implementation for Symbian
-        https://bugs.webkit.org/show_bug.cgi?id=55875
-
-        * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users
-
-2011-05-16  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=60866
-        Evaluation order broken for empty alternatives in subpatterns
-
-        Reverting https://bugs.webkit.org/show_bug.cgi?id=51395
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
-
-2011-05-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen & Michael Saboff.
-
-        https://bugs.webkit.org/show_bug.cgi?id=60860
-        Simplify backtracking in YARR JIT
-
-        YARR JIT currently performs a single pass of code generation over the pattern,
-        with special handling to allow the code generation for some backtracking code
-        out of line. We can simplify things by moving to a common mechanism whereby all
-        forwards matching code is generated in one pass, and all backtracking code is
-        generated in another. Backtracking code can be generated in reverse order, to
-        optimized the common fall-through case.
-
-        To make it easier to walk over the pattern, we can first convert to a more
-        byte-code like format before JIT generating. In time we should unify this with
-        the YARR interpreter to more closely unify the two.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
-        (JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::append):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::link):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
-        (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
-        (JSC::Yarr::YarrGenerator::generateAssertionBOL):
-        (JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
-        (JSC::Yarr::YarrGenerator::generateAssertionEOL):
-        (JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
-        (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
-        (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
-        (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
-        (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
-        (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
-        (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateTerm):
-        (JSC::Yarr::YarrGenerator::backtrackTerm):
-        (JSC::Yarr::YarrGenerator::generate):
-        (JSC::Yarr::YarrGenerator::backtrack):
-        (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
-        (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
-        (JSC::Yarr::YarrGenerator::opCompileAlternative):
-        (JSC::Yarr::YarrGenerator::opCompileBody):
-        (JSC::Yarr::YarrGenerator::YarrGenerator):
-        (JSC::Yarr::YarrGenerator::compile):
-
-2011-05-15  Adam Barth  <abarth@webkit.org>
-
-        Enable strict PassOwnPtr on Qt.  (Build fixes to follow.)
-
-        * wtf/PassOwnPtr.h:
-
-2011-05-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
-        in browser than on command line
-        
-        This patch fixes a few issues in generated code that could unreasonably
-        prolong object lifetimes.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage): Throw away all function code before doing
-        a major collection. We want to clear polymorphic caches, since they can
-        keep alive large object graphs that have gone "stale". For the same reason,
-        but to a lesser extent, we also want to clear linked functions and other
-        one-off caches.
-
-        This has the side-benefit of reducing memory footprint from run-once
-        functions, and of allowing predictions and caches that have failed to
-        re-specialize.
-
-        Eventually, if compilation costs rise far enough, we may want a more
-        limited strategy for de-specializing code without throwing it away
-        completely, but this works for now, and it's the simplest solution.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * runtime/JSFunction.cpp: Made the host function stub cache weak --
-        otherwise it's effectively a memory leak that can seriously fragment the
-        GC and JIT heaps.
-
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::visitChildren): Cleared up some comments that confused
-        me when working with this code.
-
-2011-05-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make GC validation more aggressive
-        https://bugs.webkit.org/show_bug.cgi?id=60802
-
-        This patch makes the checks performed under GC_VALIDATION
-        much more aggressive, and adds the checks to more places
-        in order to allow us to catch GC bugs much closer to the
-        point of failure.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::visitChildren):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedSpace.cpp:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::visitChildren):
-        (JSC::ProgramExecutable::visitChildren):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/Executable.h:
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::visitChildren):
-        * runtime/GetterSetter.h:
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * runtime/JSCell.cpp:
-        (JSC::slowValidateCell):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::unvalidatedStructure):
-        (JSC::JSCell::JSCell::JSCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::visitChildren):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildren):
-        (JSC::slowValidateCell):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::visitChildren):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::visitChildren):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::visitChildren):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::visitChildren):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::visitChildren):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC::JSCell::classInfo):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::visitChildren):
-        * runtime/StructureChain.h:
-        * runtime/WriteBarrier.h:
-        (JSC::validateCell):
-        (JSC::JSCell):
-        (JSC::JSGlobalObject):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::setMayBeNull):
-        (JSC::WriteBarrierBase::setEarlyValue):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::unvalidatedGet):
-        (JSC::WriteBarrier::WriteBarrier):
-        * wtf/Assertions.h:
-
-2011-05-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make GC validation more aggressive
-        https://bugs.webkit.org/show_bug.cgi?id=60802
-
-        This patch makes the checks performed under GC_VALIDATION
-        much more aggressive, and adds the checks to more places
-        in order to allow us to catch GC bugs much closer to the
-        point of failure.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::visitChildren):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedSpace.cpp:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::visitChildren):
-        (JSC::ProgramExecutable::visitChildren):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/Executable.h:
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::visitChildren):
-        * runtime/GetterSetter.h:
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * runtime/JSCell.cpp:
-        (JSC::slowValidateCell):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::unvalidatedStructure):
-        (JSC::JSCell::JSCell::JSCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::visitChildren):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildren):
-        (JSC::slowValidateCell):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::visitChildren):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::visitChildren):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::visitChildren):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::visitChildren):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::visitChildren):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC::JSCell::classInfo):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::visitChildren):
-        * runtime/StructureChain.h:
-        * runtime/WriteBarrier.h:
-        (JSC::validateCell):
-        (JSC::JSCell):
-        (JSC::JSGlobalObject):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::setMayBeNull):
-        (JSC::WriteBarrierBase::setEarlyValue):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::unvalidatedGet):
-        (JSC::WriteBarrier::WriteBarrier):
-        * wtf/Assertions.h:
-
-2011-05-14  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
-
-        Make GC validation more aggressive
-        https://bugs.webkit.org/show_bug.cgi?id=60802
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::visitChildren):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedSpace.cpp:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::visitChildren):
-        (JSC::ProgramExecutable::visitChildren):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/Executable.h:
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::visitChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::JSCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::visitChildren):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::visitChildren):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::createStructure):
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::visitChildren):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::visitChildren):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::visitChildren):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::visitChildren):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC::Structure::createStructure):
-        (JSC::JSCell::classInfo):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::visitChildren):
-        * runtime/StructureChain.h:
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrier::WriteBarrier):
-        * wtf/Assertions.h:
-
-2011-05-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make GC validation more aggressive
-        https://bugs.webkit.org/show_bug.cgi?id=60802
-
-        This patch makes the checks performed under GC_VALIDATION
-        much more aggressive, and adds the checks to more places
-        in order to allow us to catch GC bugs much closer to the
-        point of failure.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::visitChildren):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedSpace.cpp:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::visitChildren):
-        (JSC::ProgramExecutable::visitChildren):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/Executable.h:
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::visitChildren):
-        * runtime/GetterSetter.h:
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * runtime/JSCell.cpp:
-        (JSC::slowValidateCell):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::unvalidatedStructure):
-        (JSC::JSCell::JSCell::JSCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::visitChildren):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildren):
-        (JSC::slowValidateCell):
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::visitChildren):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::visitChildren):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::visitChildren):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::visitChildren):
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::visitChildren):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC::JSCell::classInfo):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::visitChildren):
-        * runtime/StructureChain.h:
-        * runtime/WriteBarrier.h:
-        (JSC::validateCell):
-        (JSC::JSCell):
-        (JSC::JSGlobalObject):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::setMayBeNull):
-        (JSC::WriteBarrierBase::setEarlyValue):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::unvalidatedGet):
-        (JSC::WriteBarrier::WriteBarrier):
-        * wtf/Assertions.h:
-
-2011-05-01  Holger Hans Peter Freyther  <holger@moiji-mobile.com>
-
-        Reviewed by Steve Block.
-
-        [android] OS(ANDROID) does not imply PLATFORM(ANDROID)
-        https://bugs.webkit.org/show_bug.cgi?id=59888
-
-        It is possible to build QtWebKit and others for OS(ANDROID). Let
-        the buildsystem decide which platform is to be build.
-
-        * wtf/Platform.h:
-
-2011-05-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin Adler.
-
-        XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
-        https://bugs.webkit.org/show_bug.cgi?id=59394
-
-        This portion of the change introduces a PassTraits template, which
-        is used to enable takeFirst() to work for a Deque holding OwnPtrs,
-        and optimize it for a Deque holding RefPtrs. In the future it can
-        be deployed elsewhere to make our data structures work better with
-        our smart pointers.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/Deque.h:
-        (WTF::::takeFirst):
-        * wtf/PassTraits.h: Added.
-        (WTF::PassTraits::transfer):
-
-2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Not reviewed.
-
-        Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Not reviewed.
-
-        String operator+ reallocates unnecessarily when concatting > 2 strings
-        https://bugs.webkit.org/show_bug.cgi?id=58420
-
-        Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-12  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Darin Adler.
-
-        String operator+ reallocates unnecessarily when concatting > 2 strings
-        https://bugs.webkit.org/show_bug.cgi?id=58420
-
-        Provide a faster String append operator.
-        Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
-        object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
-        N strings using operator+, this leads to N-1 reallocations.
-
-        Replace this with a flexible operator+ implementation, that avoids these reallocations.
-        When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
-        a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
-        creation of the final string, until operator String() is invoked.
-
-        template<typename T>
-        StringAppend<String, T> operator+(const String& string1, T string2)
-        {
-            return StringAppend<String, T>(string1, string2);
-        }
-
-        template<typename U, typename V, typename W>
-        StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
-        {
-            return StringAppend<U, StringAppend<V, W> >(string1, string2);
-        }
-
-        When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
-        first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
-        Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
-        a StringAppend<String, StringAppend<String, String> > object.
-        Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
-        final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
-        against too big string allocations, etc.
-
-        Note that the second template, defines a recursive way to concat an arbitary number of strings
-        into a single String with just one allocation.
-
-        * GNUmakefile.list.am: Add StringOperators.h to build.
-        * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
-        * JavaScriptCore.gypi: Add StringOperators.h to build.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
-        * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
-        * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
-        (WTF::StringAppend::StringAppend):
-        (WTF::StringAppend::operator String):
-        (WTF::StringAppend::operator AtomicString):
-        (WTF::StringAppend::writeTo):
-        (WTF::StringAppend::length):
-        (WTF::operator+):
-        * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append(). 
-        (WTF::emptyString): Add new shared empty string free function.
-        * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
-
-2011-05-12  Philippe Normand  <pnormand@igalia.com>
-
-        Unreviewed, GTK build fix.
-
-        * wtf/Platform.h:
-
-2011-05-12  Keith Kyzivat  <keith.kyzivat@nokia.com>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt] Arm debug build failing on ARMAssembler::debugOffset()
-        https://bugs.webkit.org/show_bug.cgi?id=60688
-
-        Related to svn rev 85523
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::debugOffset):
-
-2011-05-11  Igor Oliveira  <igor.oliveira@openbossa.org>
-
-        Reviewed by Eric Seidel.
-
-        WebKit does not build with GCCE
-        https://bugs.webkit.org/show_bug.cgi?id=60667
-
-        Allow compile WebKit with GCCE
-
-        * wtf/Alignment.h:
-        * wtf/Platform.h:
-
-2011-05-11  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Enable strict PassOwnPtr on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=60684
-
-        This should build cleanly now.
-
-        * wtf/PassOwnPtr.h:
-
-2011-05-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Protect JSC from WebCore executing JS during JS wrapper finalization
-        https://bugs.webkit.org/show_bug.cgi?id=60672
-        <rdar://problem/9350997>
-
-        Detect when we're trying to execute JS during GC and prevent the
-        execution from happening.  We also assert that this isn't happening
-        as it implies incorrect behaviour of an object's destructor.
-
-        * JavaScriptCore.exp:
-        * heap/Heap.cpp:
-        * heap/Heap.h:
-        (JSC::Heap::isBusy):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::isCollectorBusy):
-
-2011-05-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Enable gc mark validation in temporarily in release builds
-        https://bugs.webkit.org/show_bug.cgi?id=60678
-
-        Make it easier to turn the gc mark validation on and off, and
-        temporarily turn it on for all builds.
-
-        * heap/MarkStack.cpp:
-        * heap/MarkStack.h:
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::internalAppend):
-        * runtime/WriteBarrier.h:
-        (JSC::MarkStack::appendValues):
-        * wtf/Platform.h:
-
-2011-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
-        
-        SunSpider reports no change.
-
-        This bug was caused by changing Structure and Executable to being GC
-        objects, and by a long-standing bug that would thrash the global object
-        between dictionary and non-dictionary states.
-
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
-        eagerly transition to dictionary -- this can cause pathological dictionary
-        churn, and it's not necessary, since objects know how to automatically
-        transition to dictionary when necessary.
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
-        extra cost from compilation, because it can be quite high. This is especially
-        important for program code, since DOM timers can repeatedly allocate
-        program code without allocating any other objects.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::removeDirect): Don't transition to the uncacheable state
-        if the thing we're trying to remove doesn't exist. This can happen during
-        compilation, since the compiler needs to ensure that no pre-existing
-        conflicting definitions exist for certain declarations.
-
-2011-05-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make mark stack validation functions do something useful in a release build
-        https://bugs.webkit.org/show_bug.cgi?id=60645
-
-        Turn ASSERTs into actual if(...) CRASH(); statements.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::validateValue):
-
-2011-05-11  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Fix copy&paste error in comment.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator): the value is stored in
-        regT2, not regT1.
-
-2011-05-11  Adam Roben  <aroben@apple.com>
-
-        WinCE build fixes for strict PassOwnPtr
-
-        * wtf/unicode/CollatorDefault.cpp:
-        (WTF::Collator::userDefault): Use adoptPtr.
-
-2011-05-11  Holger Hans Peter Freyther  <holger@moiji-mobile.com>
-
-        Unreviewed build fix.
-
-        [MIPS] Fix compilation of the MIPS JIT
-
-        Include the MIPSAssembler.h first to indirectly include
-        AssemblerBuffer.h before the AbstractMacroAssembler.h. This
-        order is used for the ARM and X86 MacroAssembler*.h
-
-        * assembler/MacroAssemblerMIPS.h:
-
-2011-05-11  Adam Roben  <aroben@apple.com>
-
-        Turn on strict PassOwnPtr on Windows
-
-        Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled
-
-        Reviewed by Adam Barth.
-
-        * wtf/PassOwnPtr.h:
-
-2011-05-10  Stephanie Lewis  <slewis@apple.com>
-
-        Unreviewed.
-
-        Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2011-05-10  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by David Levin.
-
-        Enable strict PassOwnPtr on Chromium
-        https://bugs.webkit.org/show_bug.cgi?id=60502
-
-        Other platforms to follow.
-
-        * wtf/PassOwnPtr.h:
-
-2011-05-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
-        https://bugs.webkit.org/show_bug.cgi?id=60532
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Build!
-
-        * heap/Handle.h: Moved HandleTypes to its own header because that's the
-        WebKit style, and it was necessary to resolve a circular dependency
-        between Handle.h and WriteBarrier.h.
-
-        * heap/Heap.h:
-        (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
-        verify that all the code is in the right place.
-
-        * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
-        resolve a circular dependency.
-
-        * runtime/ArgList.h:
-        * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
-        free anymore.
-
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
-        function, now that it exists.
-
-        * runtime/SmallStrings.h: Removed a stray #include to resolve a circular
-        dependency.
-
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::set):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::appendValues): Updated to match the changes above.
-
-2011-05-10  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::validateValue):
-
-2011-05-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add some aggressive GC validation to debug builds.
-        https://bugs.webkit.org/show_bug.cgi?id=60601
-
-        When assertions are enabled we now do some validity checking
-        of objects being added to the mark stack.
-
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
-        (JSC::PolymorphicAccessStructureList::visitAggregate):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::validateSet):
-        (JSC::MarkStack::validateValue):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::appendValues):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::internalAppend):
-
-2011-05-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        http://bugs.webkit.org/show_bug.cgi?id=60509
-        Wrong type used for return value from strlen
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
-        fastMalloc won't return if it fails.
-
-2011-05-09  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        CSP should block Function constructor
-        https://bugs.webkit.org/show_bug.cgi?id=60240
-
-        When eval is disabled, we need to block the use of the function
-        constructor.  However, the WebCore JSC bindings call the function
-        constructor directly to create inline event listeners.  To support that
-        use, this patch adds an entrypoint that bypasses the check for whether
-        eval is enabled.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        (JSC::constructFunctionSkippingEvalEnabledCheck):
-        * runtime/FunctionConstructor.h:
-
-2011-05-09  Adam Roben  <aroben@apple.com>
-
-        Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes
-
-        Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
-        WebKit1 IDL file changes to avoid build errors
-
-        Reviewed by Tim Hatcher.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        Updated for script rename.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
-        from react-to-vsprops-changes.py.
-        (top level): Moved a constant here from main.
-        (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
-        react_to_webkit1_interface_changes function.
-        (react_to_vsprops_changes): Moved code here from main. Updated to use the
-        TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
-        and touch_if_older_than.
-        (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
-        file has changed.
-        (mtime_of_newest_file_matching_glob): Added. Code came from main.
-        (touch_if_older_than): Added. Code came from main.
-
-2011-05-08  Jessie Berlin  <jberlin@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Make JSRetainPtr work with JSGlobalContextRefs.
-        https://bugs.webkit.org/show_bug.cgi?id=60452
-
-        Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.
-
-        * API/JSRetainPtr.h:
-        (JSRetain):
-        (JSRelease):
-
-2011-05-07  Dawit Alemayehu  <adawit@kde.org>
-
-        Reviewed by Daniel Bates.
-
-        Fix compile with GCC 4.6.0
-        https://bugs.webkit.org/show_bug.cgi?id=60380
-
-        Remove unused local variable from code.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-
-2011-05-06  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Unreviewed build fix with gcc 4.6.0 on linux and c++0x support.
-
-        std::tr1::has_trivial_constructor is in <tr1/memory>.
-
-        * wtf/TypeTraits.h:
-
-2011-05-05  Jay Civelli  <jcivelli@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Added convenience methods to convert from a byte to hex ASCII digit
-        characters and vice-versa.
-        https://bugs.webkit.org/show_bug.cgi?id=59834
-
-        * wtf/ASCIICType.h:
-        (WTF::toASCIIHexValue):
-        (WTF::lowerNibbleToASCIIHexDigit):
-        (WTF::upperNibbleToASCIIHexDigit):
-
-2011-05-05  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Reviewed by Benjamin Poulain.
-
-        [Qt] Make QtWebKit build when using gcc 4.6.0
-        https://bugs.webkit.org/show_bug.cgi?id=60265
-
-        If QtWebKit is compiled with gcc 4.6.0 or later we don't want to deactivate
-        the c++0x support because it works.
-
-        * JavaScriptCore.pro:
-
-2011-05-04  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Geoffrey Garen.
-
-        Port MachineStackMarker.cpp to Windows x64
-        https://bugs.webkit.org/show_bug.cgi?id=60216
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::getPlatformThreadRegisters): the CONTEXT struct is usable also
-        on 64-bit Windows.
-        (JSC::otherThreadStackPointer): return the Rsp register on Windows x64.
-
-2011-05-04  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Martin Robinson.
-
-        Link libjavascriptcoregtk on Windows with winmm.dll
-        https://bugs.webkit.org/show_bug.cgi?id=60215
-
-        * GNUmakefile.am:
-
-2011-05-04  Tao Bai  <michaelbai@chromium.org>
-
-        Reviewed by David Kilzer.
-
-        Populate touch-icon url to FrameLoaderClient
-        https://bugs.webkit.org/show_bug.cgi?id=59143
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-05-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
-        code that accidentally survived the conversion to a switch statement,
-        causing a lot of important code not to run most of the time.
-
-        Since this is not a trivial finger-picking mistake, I will not call it a
-        typo.
-
-2011-05-04  Adam Roben  <aroben@apple.com>
-
-        Another attempted build fix
-
-        * wtf/OwnPtr.h:
-        (WTF::OwnPtr::operator==):
-        (WTF::OwnPtr::operator!=):
-        * wtf/PassOwnPtr.h:
-        (WTF::PassOwnPtr::operator==):
-        (WTF::PassOwnPtr::operator!=):
-        Added a return statement. And made a tweak based on a suggestion from Anders Carlsson.
-
-2011-05-04  Adam Roben  <aroben@apple.com>
-
-        Try to fix Leopard, Qt, and probably others
-
-        * wtf/OwnPtr.h:
-        (WTF::OwnPtr::operator==):
-        (WTF::OwnPtr::operator!=):
-        * wtf/PassOwnPtr.h:
-        (WTF::PassOwnPtr::operator==):
-        (WTF::PassOwnPtr::operator!=):
-        Try to get the compiler not to instantiate these function templates unnecessarily.
-
-2011-05-03  Adam Roben  <aroben@apple.com>
-
-        Disallow equality comparisons between [Pass]OwnPtrs
-
-        If you have two OwnPtrs that are equal, you've already lost. (Unless you're doing something
-        really sneaky, in which case you should stop!)
-
-        Fixes <http://webkit.org/b/60053> Testing OwnPtrs for equality should cause a compiler error
-
-        Reviewed by Anders Carlsson and Antti Koivisto.
-
-        * wtf/OwnPtr.h:
-        (WTF::OwnPtr::operator==):
-        (WTF::OwnPtr::operator!=):
-        * wtf/PassOwnPtr.h:
-        (WTF::PassOwnPtr::operator==):
-        (WTF::PassOwnPtr::operator!=):
-        Added private equality operators that fail to compile when used. (When not used, the
-        compiler will skip over them because they are function templates.)
-
-2011-05-04  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Reviewed by Gavin Barraclough.
-
-        JITArithmetic.cpp produces a warning on a unused variable.
-        https://bugs.webkit.org/show_bug.cgi?id=60060
-
-        Just properly use what we already have converted.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_add):
-        (JSC::JIT::emitSlow_op_mul):
-
-2011-05-04  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Reviewed by Geoffrey Garen.
-
-        JITPropertyAccess produces a unused but set variable warning in gcc 4.6.0.
-        https://bugs.webkit.org/show_bug.cgi?id=60050
-
-        This patch fix a compilation warning. The new warning scenario -Wunused-but-set-variable
-        in gcc 4.6.0 is included in -Wall and therefore stops the compilation when warnings are treated
-        as errors. The patch introduces a new macro ASSERT_JIT_OFFSET_UNUSED and ASSERT_WITH_MESSAGE_UNUSED
-        which copy the idea of ASSERT_UNUSED.
-
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        * wtf/Assertions.h:
-        (assertWithMessageUnused):
-
-2011-04-29  Jer Noble  <jer.noble@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        Implement FULLSCREEN_API on Windows, Part 4: Enable it
-        https://bugs.webkit.org/show_bug.cgi?id=59798
-
-        * wtf/Platform.h: Set ENABLE_FULLSCREEN_API on win.
-
-2011-05-03  Alexis Menard  <alexis.menard@openbossa.org>
-
-        Reviewed by Eric Seidel.
-
-        Unused but set variable warning in MacroAssemberX86_64
-        https://bugs.webkit.org/show_bug.cgi?id=59482
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::call):
-        (JSC::MacroAssemblerX86_64::tailRecursiveCall):
-        (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
-
-2011-05-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make malloc validation useful
-        https://bugs.webkit.org/show_bug.cgi?id=57502
-
-        Reland this patch (rolled out in 82905) without
-        turning it on by default.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/FastMalloc.cpp:
-        (WTF::tryFastMalloc):
-        (WTF::fastMalloc):
-        (WTF::tryFastCalloc):
-        (WTF::fastCalloc):
-        (WTF::fastFree):
-        (WTF::tryFastRealloc):
-        (WTF::fastRealloc):
-        (WTF::fastMallocSize):
-        (WTF::TCMalloc_PageHeap::isScavengerSuspended):
-        (WTF::TCMalloc_PageHeap::scheduleScavenger):
-        (WTF::TCMalloc_PageHeap::suspendScavenger):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-        (WTF::TCMallocStats::malloc):
-        (WTF::TCMallocStats::free):
-        (WTF::TCMallocStats::fastCalloc):
-        (WTF::TCMallocStats::tryFastCalloc):
-        (WTF::TCMallocStats::calloc):
-        (WTF::TCMallocStats::fastRealloc):
-        (WTF::TCMallocStats::tryFastRealloc):
-        (WTF::TCMallocStats::realloc):
-        (WTF::TCMallocStats::fastMallocSize):
-        * wtf/FastMalloc.h:
-        (WTF::Internal::fastMallocValidationHeader):
-        (WTF::Internal::fastMallocValidationSuffix):
-        (WTF::Internal::fastMallocMatchValidationType):
-        (WTF::Internal::setFastMallocMatchValidationType):
-        (WTF::fastMallocMatchValidateFree):
-        (WTF::fastMallocValidate):
-
-2011-05-03  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Anders Carlsson.
-
-        Compile error with GCC 4.6.0, tries to assign unsigned& to bitfield
-        https://bugs.webkit.org/show_bug.cgi?id=59261
-
-        Use unary '+' to force proper type detection in template arguments
-        with GCC 4.6.0. See bug report for more details.
-
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::remove): Use '+' to force precise type detection.
-        (JSC::StructureTransitionTable::add): ditto.
-        * runtime/Structure.h:
-        (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer): ditto.
-
-2011-05-03  Jessie Berlin  <jberlin@apple.com>
-
-        Rubber-stamped by Adam Roben.
-
-        Revert r85550 and r85575.
-
-        Variables cannot be exported via the .def file. Instead, they should be annotated with
-        JS_EXPORTDATA.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        * runtime/Structure.h:
-        (JSC::Structure::typeInfo):
-        (JSC::Structure::previousID):
-        (JSC::Structure::propertyStorageCapacity):
-        (JSC::Structure::propertyStorageSize):
-        (JSC::Structure::get):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-05-02  Adam Roben  <aroben@apple.com>
-
-        Allow implicit conversion from nullptr_t to PassOwnPtr
-
-        This makes it a lot easier to write code that just wants a null PassOwnPtr, especially in
-        strict PassOwnPtr mode.
-
-        Fixes <http://webkit.org/b/59964> Implicit conversion from std::nullptr_t to PassOwnPtr
-        doesn't work, but should
-
-        Reviewed by Adam Barth.
-
-        * wtf/PassOwnPtr.h:
-        (WTF::PassOwnPtr::PassOwnPtr): Added a non-explicit constructor that takes a nullptr_t.
-
-        * wtf/MessageQueue.h:
-        (WTF::::waitForMessageFilteredWithTimeout):
-        (WTF::::tryGetMessage):
-        Use the new implicit conversion.
-
-2011-05-02  Jessie Berlin  <jberlin@apple.com>
-
-        Rubber-stamped by Oliver Hunt.
-
-        Remove an assertion that Windows was hitting on launch.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        * runtime/Structure.h:
-        (JSC::Structure::typeInfo):
-        (JSC::Structure::previousID):
-        (JSC::Structure::propertyStorageCapacity):
-        (JSC::Structure::propertyStorageSize):
-        (JSC::Structure::get):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-05-02  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/9371948> JavaScriptCore should build with GCC 4.2
-
-        * Configurations/CompilerVersion.xcconfig:
-
-2011-05-02  Gavin Barraclough  <barraclough@apple.com>
-
-        ARMv7 build fix.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-
-2011-05-02  Oliver Hunt  <oliver@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-05-02  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        crash in JSC::RegExp::match
-        https://bugs.webkit.org/show_bug.cgi?id=58922
-
-        Cleared chained backtrack data label when linking label even if that 
-        label doesn't chain itself.  This is needed so that subsequent 
-        backtrack data labels point to the next outer paren and not within 
-        the current paren.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
-
-2011-05-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Tiny bit of heap cleanup.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::contains): Tightened up an assertion and a comment.
-
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::globalData):
-        (JSC::MarkedSpace::highWaterMark):
-        (JSC::MarkedSpace::setHighWaterMark): Moved inlines out of the class
-        definition, for better clarity.
-
-2011-05-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Correct marking of interpreter data in mixed mode builds
-        https://bugs.webkit.org/show_bug.cgi?id=59962
-
-        We had a few places in mixed mode builds where we would not
-        track data used by the interpreter for marking.  This patch
-        corrects the problem and adds a number of assertions to catch
-        live Structures being collected.
-
-        * JavaScriptCore.exp:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::addStructureStubInfo):
-        (JSC::CodeBlock::addGlobalResolveInfo):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        * runtime/Structure.h:
-        (JSC::Structure::typeInfo):
-        (JSC::Structure::previousID):
-        (JSC::Structure::propertyStorageCapacity):
-        (JSC::Structure::propertyStorageSize):
-        (JSC::Structure::get):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-05-02  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Use native NullPtr when using GCC 4.6.0 and C++0x
-        https://bugs.webkit.org/show_bug.cgi?id=59252
-
-        GCC 4.6.0 has nullptr support, use it when possible.
-
-        * wtf/NullPtr.cpp: include config.h to pull in Platform.h before
-        NullPtr.h, since we need the GCC_VERSION_AT_LEAST definition.
-        * wtf/NullPtr.h: check for GCC >= 4.6.0 and C++0x in order to
-        use native nullptr.
-
-2011-05-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=59950
-        Clean up AssemblerBuffer to use a Vector internally.
-
-        AssemblerBuffer handles reallocing a byte array itself - stop that.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerLabel::AssemblerLabel):
-        (JSC::AssemblerLabel::labelAtOffset):
-        (JSC::AssemblerBuffer::AssemblerBuffer):
-        (JSC::AssemblerBuffer::~AssemblerBuffer):
-        (JSC::AssemblerBuffer::isAvailable):
-        (JSC::AssemblerBuffer::ensureSpace):
-        (JSC::AssemblerBuffer::isAligned):
-        (JSC::AssemblerBuffer::putIntegral):
-        (JSC::AssemblerBuffer::putIntegralUnchecked):
-        (JSC::AssemblerBuffer::putByteUnchecked):
-        (JSC::AssemblerBuffer::putByte):
-        (JSC::AssemblerBuffer::putShortUnchecked):
-        (JSC::AssemblerBuffer::putShort):
-        (JSC::AssemblerBuffer::putIntUnchecked):
-        (JSC::AssemblerBuffer::putInt):
-        (JSC::AssemblerBuffer::putInt64Unchecked):
-        (JSC::AssemblerBuffer::putInt64):
-        (JSC::AssemblerBuffer::codeSize):
-        (JSC::AssemblerBuffer::label):
-        (JSC::AssemblerBuffer::executableCopy):
-        (JSC::AssemblerBuffer::rewindToLabel):
-        (JSC::AssemblerBuffer::debugOffset):
-        (JSC::AssemblerBuffer::append):
-        (JSC::AssemblerBuffer::grow):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::linkCall):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
-
-2011-05-02  Jeff Miller  <jeffm@apple.com>
-
-        Reviewed by Alexy Proskuryakov.
-
-        Avoid potential buffer overflow in WTFLog() and WTFLogVerbose()
-        https://bugs.webkit.org/show_bug.cgi?id=59949
-
-        * wtf/Assertions.cpp: Check for 0 or empty format string in WTFLog() and WTFLogVerbose().
-
-2011-05-02  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        StringImpl::endsWith has some insane code
-        https://bugs.webkit.org/show_bug.cgi?id=59900
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::endsWith):
-            - m_data shadows a member variable of the same name.
-
-2011-05-02  Gabor Loki  <loki@webkit.org>
-
-        Buildfix for ARM after r85448
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::loadBranchTarget):
-
-2011-05-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Strict-mode only reserved words not reserved
-        https://bugs.webkit.org/show_bug.cgi?id=55342
-
-        Fix line number tracking when we rollback the lexer.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseSourceElements):
-
-2011-05-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        ES5 Strict mode does not allow getter and setter for same propId
-        https://bugs.webkit.org/show_bug.cgi?id=57295
-
-        Simplify and correct the logic for strict mode object literals.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::parseStrictObjectLiteral):
-
-2011-05-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Assigning to function identifier under strict should throw
-        https://bugs.webkit.org/show_bug.cgi?id=59289
-
-        Add logic to StaticScopeObject to ensure we don't silently consume
-        writes to constant properties.
-
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-
-2011-05-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=59903
-        Use AssemblerLabel throughout Assembler classes, AssemblerBuffer
-
-        Creating a lable() into the AssemblerBuffer should return an AssemblerLabel,
-        not an unsigned int.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::blx):
-        (JSC::ARMAssembler::label):
-        (JSC::ARMAssembler::loadBranchTarget):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::b):
-        (JSC::ARMv7Assembler::blx):
-        (JSC::ARMv7Assembler::bx):
-        (JSC::ARMv7Assembler::label):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::label):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::label):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::label):
-        (JSC::MIPSAssembler::relocateJumps):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::loadConstant):
-        (JSC::SH4Assembler::loadConstantUnReusable):
-        (JSC::SH4Assembler::call):
-        (JSC::SH4Assembler::jmp):
-        (JSC::SH4Assembler::jne):
-        (JSC::SH4Assembler::je):
-        (JSC::SH4Assembler::label):
-        (JSC::SH4Assembler::oneShortOp):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::call):
-        (JSC::X86Assembler::jmp_r):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
-        (JSC::X86Assembler::X86InstructionFormatter::label):
-
-2011-05-01  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by David Levin.
-
-        Enable strict mode for OwnPtr and PassOwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=59428
-
-        * wtf/OwnPtr.h:
-
-2011-05-01  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Enable strict OwnPtr for PLATFORM(WIN)
-        https://bugs.webkit.org/show_bug.cgi?id=59881
-
-        * wtf/OwnPtr.h:
-
-2011-05-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        https://bugs.webkit.org/show_bug.cgi?id=59896
-        Remove JmpSrc/JmpDst types.
-
-        The JmpSrc/JmpDst classes predate the MacroAssembler interface. Having these
-        object be per-assembler in unhelpful, causes unnecessary code duplication,
-        and prevents the AssemblerBuffer from providing a richer type for labels.
-        The limited semantic meaning that they did convey is undermined by the manner
-        in which their meanings have been overloaded (use of JmpSrc for Call, JmpDst
-        for data labels).
-
-        Jumps on ARMv7 have had additional information added to the object via the
-        ARMv7 JmpSrc. This data should probably be in the instruction stream. This
-        patch does not fix the problem, and moves the data (ifdefed) to
-        AbstractMacroAssembler::Jump (which is effectively where it was before!).
-        This at least closes the hole such that no further data may be added to JmpSrc,
-        but this is unfortunate, and should be cleaned up.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::blx):
-        (JSC::ARMAssembler::label):
-        (JSC::ARMAssembler::align):
-        (JSC::ARMAssembler::loadBranchTarget):
-        (JSC::ARMAssembler::jmp):
-        (JSC::ARMAssembler::linkPointer):
-        (JSC::ARMAssembler::linkJump):
-        (JSC::ARMAssembler::linkCall):
-        (JSC::ARMAssembler::getRelocatedAddress):
-        (JSC::ARMAssembler::getDifferenceBetweenLabels):
-        (JSC::ARMAssembler::getCallReturnOffset):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::b):
-        (JSC::ARMv7Assembler::blx):
-        (JSC::ARMv7Assembler::bx):
-        (JSC::ARMv7Assembler::label):
-        (JSC::ARMv7Assembler::align):
-        (JSC::ARMv7Assembler::getRelocatedAddress):
-        (JSC::ARMv7Assembler::getDifferenceBetweenLabels):
-        (JSC::ARMv7Assembler::getCallReturnOffset):
-        (JSC::ARMv7Assembler::linkJump):
-        (JSC::ARMv7Assembler::linkCall):
-        (JSC::ARMv7Assembler::linkPointer):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Label::isSet):
-        (JSC::AbstractMacroAssembler::Call::Call):
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-        (JSC::AbstractMacroAssembler::linkPointer):
-        (JSC::AbstractMacroAssembler::getLinkerAddress):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerLabel::AssemblerLabel):
-        (JSC::AssemblerLabel::isSet):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::patch):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::label):
-        (JSC::MIPSAssembler::align):
-        (JSC::MIPSAssembler::getRelocatedAddress):
-        (JSC::MIPSAssembler::getDifferenceBetweenLabels):
-        (JSC::MIPSAssembler::getCallReturnOffset):
-        (JSC::MIPSAssembler::linkJump):
-        (JSC::MIPSAssembler::linkCall):
-        (JSC::MIPSAssembler::linkPointer):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchDouble):
-        (JSC::MacroAssemblerARMv7::branchDoubleZeroOrNaN):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::nearCall):
-        (JSC::MacroAssemblerARMv7::call):
-        (JSC::MacroAssemblerARMv7::ret):
-        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::nearCall):
-        (JSC::MacroAssemblerMIPS::call):
-        (JSC::MacroAssemblerMIPS::tailRecursiveCall):
-        (JSC::MacroAssemblerMIPS::branchTrue):
-        (JSC::MacroAssemblerMIPS::branchFalse):
-        (JSC::MacroAssemblerMIPS::branchEqual):
-        (JSC::MacroAssemblerMIPS::branchNotEqual):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::call):
-        (JSC::SH4Assembler::jmp):
-        (JSC::SH4Assembler::jne):
-        (JSC::SH4Assembler::je):
-        (JSC::SH4Assembler::label):
-        (JSC::SH4Assembler::align):
-        (JSC::SH4Assembler::linkJump):
-        (JSC::SH4Assembler::linkCall):
-        (JSC::SH4Assembler::linkPointer):
-        (JSC::SH4Assembler::getCallReturnOffset):
-        (JSC::SH4Assembler::getRelocatedAddress):
-        (JSC::SH4Assembler::getDifferenceBetweenLabels):
-        (JSC::SH4Assembler::patchPointer):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::call):
-        (JSC::X86Assembler::jmp):
-        (JSC::X86Assembler::jmp_r):
-        (JSC::X86Assembler::jne):
-        (JSC::X86Assembler::jnz):
-        (JSC::X86Assembler::je):
-        (JSC::X86Assembler::jz):
-        (JSC::X86Assembler::jl):
-        (JSC::X86Assembler::jb):
-        (JSC::X86Assembler::jle):
-        (JSC::X86Assembler::jbe):
-        (JSC::X86Assembler::jge):
-        (JSC::X86Assembler::jg):
-        (JSC::X86Assembler::ja):
-        (JSC::X86Assembler::jae):
-        (JSC::X86Assembler::jo):
-        (JSC::X86Assembler::jp):
-        (JSC::X86Assembler::js):
-        (JSC::X86Assembler::jCC):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::labelFor):
-        (JSC::X86Assembler::align):
-        (JSC::X86Assembler::linkJump):
-        (JSC::X86Assembler::linkCall):
-        (JSC::X86Assembler::linkPointer):
-        (JSC::X86Assembler::getCallReturnOffset):
-        (JSC::X86Assembler::getRelocatedAddress):
-        (JSC::X86Assembler::getDifferenceBetweenLabels):
-        (JSC::X86Assembler::rewindToLabel):
-        (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
-        (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::atJumpTarget):
-        (JSC::JIT::emitGetVirtualRegister):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jmp):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_jsr):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_jmp_scopes):
-
-2011-05-01  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Eric Seidel.
-
-        Fix MIPS build due to the split of "Condition" enum
-        https://bugs.webkit.org/show_bug.cgi?id=59407
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::debugOffset):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branch32):
-        (JSC::MacroAssemblerMIPS::compare32):
-
-2011-04-30  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Enable strict OwnPtr for GTK
-        https://bugs.webkit.org/show_bug.cgi?id=59861
-
-        * wtf/OwnPtr.h:
-
-2011-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        ARMv7 build fix.
-
-        * assembler/AssemblerBufferWithConstantPool.h:
-
-2011-04-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 59869 - AssemblerBuffer cleanup - disambiguate size()
-
-        The method size() is called on the AssemblerBuffer both to acquire
-        the complete size of the code, and to get a position to use as a
-        label into the code. Instead, add an explicit 'label' method.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::blx):
-        (JSC::ARMAssembler::codeSize):
-        (JSC::ARMAssembler::label):
-        (JSC::ARMAssembler::loadBranchTarget):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::b):
-        (JSC::ARMv7Assembler::blx):
-        (JSC::ARMv7Assembler::bx):
-        (JSC::ARMv7Assembler::label):
-        (JSC::ARMv7Assembler::codeSize):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::codeSize):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::data):
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::codeSize):
-        (JSC::AssemblerBuffer::label):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::linkCode):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::newJmpSrc):
-        (JSC::MIPSAssembler::appendJump):
-        (JSC::MIPSAssembler::label):
-        (JSC::MIPSAssembler::codeSize):
-        (JSC::MIPSAssembler::relocateJumps):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::loadConstant):
-        (JSC::SH4Assembler::loadConstantUnReusable):
-        (JSC::SH4Assembler::call):
-        (JSC::SH4Assembler::jmp):
-        (JSC::SH4Assembler::jne):
-        (JSC::SH4Assembler::je):
-        (JSC::SH4Assembler::label):
-        (JSC::SH4Assembler::executableCopy):
-        (JSC::SH4Assembler::oneShortOp):
-        (JSC::SH4Assembler::codeSize):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::call):
-        (JSC::X86Assembler::jmp_r):
-        (JSC::X86Assembler::codeSize):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormatter::immediateRel32):
-        (JSC::X86Assembler::X86InstructionFormatter::codeSize):
-        (JSC::X86Assembler::X86InstructionFormatter::label):
-        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::compile):
-
-2011-04-29  Adam Barth  <abarth@webkit.org>
-
-        Attempt to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-04-29  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        CSP script-src should block eval
-        https://bugs.webkit.org/show_bug.cgi?id=59850
-
-        ggaren recommend a different approach to this patch, essentially
-        installing a new function for function-eval and changing the AST
-        representation of operator-eval to call function-eval.  However, I'm
-        not sure that approach is workable because the ASTBuilder doesn't know
-        about global objects, and there is added complication due to the cache.
-
-        This approach is more dynamic, adding a branch in EvalExecutable to
-        detect whether eval is current disabled in the lexical scope.  The spec
-        is slightly unclear about whether we should return undefined or throw
-        an exception.  I've asked Brandon to clarify the spec, but throwing an
-        exception seems natural.
-
-        * JavaScriptCore.exp:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::disableEval):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::isEvalEnabled):
-
-2011-04-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=59847
-        Remove linkOffset from LinkBuffer
-
-        This is redundant since removal of recompilation for exception info.
-
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::LinkBuffer):
-        (JSC::LinkBuffer::linkCode):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compile):
-        (JSC::JIT::compileCTIMachineTrampolines):
-        (JSC::JIT::compileCTINativeCall):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::compile):
-
-2011-04-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt & Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=59221
-        [RegexFuzz] Regression blocking testing
-
-        Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion
-        node, emitDisjunction recursively calls to itself to emit the nested disjunction
-        the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into
-        account the uncheck that has just taken place).
-
-        Also, the special handling given to countToCheck in the case of parenthetical
-        assertions is nonsense, delete it, along with the isParentheticalAssertion argument.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-
-2011-04-29  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Enable strict OwnPtr for Qt
-        https://bugs.webkit.org/show_bug.cgi?id=59667
-
-        * wtf/OwnPtr.h:
-
-2011-04-29  Dean Jackson  <dino@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Add ENABLE macro for WebKitAnimation
-        https://bugs.webkit.org/show_bug.cgi?id=59729
-
-        Add new feature to toggle WebKit Animation API.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-28  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Install testapi.js along side testapi
-        https://bugs.webkit.org/show_bug.cgi?id=59773
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Add new build phase to copy testapi.js to install path of testapi
-        on install.
-
-2011-04-28  David Levin  <levin@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Remove IMAGE_RESIZER related code.
-        https://bugs.webkit.org/show_bug.cgi?id=59735
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=59763
-        DFG JIT - Unify FPRReg & FPRegisterID
-
-        (Following on from GPRReg/RegisterID unification).
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::toRegister):
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::checkConsistency):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::boxDouble):
-        (JSC::DFG::JITCodeGenerator::unboxDouble):
-        (JSC::DFG::JITCodeGenerator::flushRegisters):
-        (JSC::DFG::JITCodeGenerator::isFlushed):
-        (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
-        (JSC::DFG::JITCodeGenerator::setupStubArguments):
-        (JSC::DFG::JITCodeGenerator::callOperation):
-        (JSC::DFG::GPRResult::lockedResult):
-        (JSC::DFG::FPRResult::lockedResult):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::EntryLocation::EntryLocation):
-        (JSC::DFG::NonSpeculativeJIT::valueToNumber):
-        (JSC::DFG::NonSpeculativeJIT::valueToInt32):
-        (JSC::DFG::NonSpeculativeJIT::numberToInt32):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-        (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
-        (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::iterator::regID):
-        (JSC::DFG::RegisterBank::iterator::debugName):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculationCheck::SpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-
-2011-04-28  David Kilzer  <ddkilzer@apple.com>
-
-        Revert "<http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called"
-
-        This reverts commit r85195.  It was crashing DumpRenderTree on Lion.
-
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::postTimer):
-
-2011-04-28  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Remove WML
-        https://bugs.webkit.org/show_bug.cgi?id=59678
-
-        Remove the WML configuration option from the Mac build system.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r85233 and r85235.
-        http://trac.webkit.org/changeset/85233
-        http://trac.webkit.org/changeset/85235
-        https://bugs.webkit.org/show_bug.cgi?id=59754
-
-        Causes issues with jsc. (Requested by dave_levin on #webkit).
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::ExecutablePool):
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        * wtf/CMakeLists.txt:
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::ref):
-        (WTF::RefCountedBase::hasOneRef):
-        (WTF::RefCountedBase::refCount):
-        (WTF::RefCountedBase::derefBase):
-        * wtf/SizeLimits.cpp:
-        * wtf/ThreadRestrictionVerifier.h: Removed.
-        * wtf/text/CString.h:
-        (WTF::CStringBuffer::CStringBuffer):
-
-2011-04-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 59740 - DFG JIT - Unify GPRReg & RegisterID
-
-        Currently we use a mix of enum values throughout the DFG JIT to  represent
-        gpr registers - the RegisterID provided by the MacroAssembler, and the
-        GPRReg enum giving the sequential register set over which the RegisterBank
-        allocates. Unify the two.
-
-        Patch to unify FPRReg in a similar fashion will follow.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGFPRInfo.h: Added.
-        (JSC::DFG::next):
-        (JSC::DFG::FPRBankInfo::toRegister):
-        (JSC::DFG::FPRBankInfo::toIndex):
-        * dfg/DFGGPRInfo.h: Added.
-        (JSC::DFG::GPRInfo::toRegister):
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::dump):
-        (JSC::DFG::JITCodeGenerator::checkConsistency):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::boxDouble):
-        (JSC::DFG::JITCodeGenerator::unboxDouble):
-        (JSC::DFG::JITCodeGenerator::spill):
-        (JSC::DFG::JITCodeGenerator::flushRegisters):
-        (JSC::DFG::JITCodeGenerator::isFlushed):
-        (JSC::DFG::JITCodeGenerator::bitOp):
-        (JSC::DFG::JITCodeGenerator::shiftOp):
-        (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
-        (JSC::DFG::JITCodeGenerator::setupStubArguments):
-        (JSC::DFG::JITCodeGenerator::callOperation):
-        (JSC::DFG::IntegerOperand::gpr):
-        (JSC::DFG::DoubleOperand::gpr):
-        (JSC::DFG::GPRTemporary::gpr):
-        (JSC::DFG::FPRTemporary::gpr):
-        (JSC::DFG::GPRResult::lockedResult):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::fillInt32ToInteger):
-        (JSC::DFG::JITCompiler::fillToJS):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        (JSC::DFG::JITCompiler::compileFunction):
-        (JSC::DFG::JITCompiler::jitAssertIsInt32):
-        (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
-        (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
-        (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::preserveReturnAddressAfterCall):
-        (JSC::DFG::JITCompiler::restoreReturnAddressBeforeReturn):
-        (JSC::DFG::JITCompiler::emitGetFromCallFrameHeaderPtr):
-        (JSC::DFG::JITCompiler::emitPutToCallFrameHeader):
-        (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
-        (JSC::DFG::JITCompiler::addressForGlobalVar):
-        (JSC::DFG::JITCompiler::addressFor):
-        (JSC::DFG::JITCompiler::tagFor):
-        (JSC::DFG::JITCompiler::payloadFor):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::EntryLocation::EntryLocation):
-        (JSC::DFG::NonSpeculativeJIT::valueToNumber):
-        (JSC::DFG::NonSpeculativeJIT::valueToInt32):
-        (JSC::DFG::NonSpeculativeJIT::numberToInt32):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-        (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
-        (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
-        (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
-        (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
-        (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
-        (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::allocate):
-        (JSC::DFG::RegisterBank::retain):
-        (JSC::DFG::RegisterBank::release):
-        (JSC::DFG::RegisterBank::lock):
-        (JSC::DFG::RegisterBank::unlock):
-        (JSC::DFG::RegisterBank::isLocked):
-        (JSC::DFG::RegisterBank::name):
-        (JSC::DFG::RegisterBank::iterator::name):
-        (JSC::DFG::RegisterBank::iterator::isLocked):
-        (JSC::DFG::RegisterBank::iterator::release):
-        (JSC::DFG::RegisterBank::iterator::gpr):
-        (JSC::DFG::RegisterBank::iterator::debugName):
-        (JSC::DFG::RegisterBank::iterator::operator++):
-        (JSC::DFG::RegisterBank::iterator::operator!=):
-        (JSC::DFG::RegisterBank::iterator::index):
-        (JSC::DFG::RegisterBank::iterator::iterator):
-        (JSC::DFG::RegisterBank::begin):
-        (JSC::DFG::RegisterBank::end):
-        (JSC::DFG::RegisterBank::isLockedAtIndex):
-        (JSC::DFG::RegisterBank::nameAtIndex):
-        (JSC::DFG::RegisterBank::releaseAtIndex):
-        (JSC::DFG::RegisterBank::allocateInternal):
-        (JSC::DFG::RegisterBank::MapEntry::MapEntry):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::~ScoreBoard):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculationCheck::SpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculateIntegerOperand::gpr):
-
-2011-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove evil addressOfStructure() function
-        https://bugs.webkit.org/show_bug.cgi?id=59739
-
-        Remove the addressOfStructure function from JSCell, and update
-        callsites to use the same logic as testPrototype()
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        * runtime/JSCell.h:
-
-2011-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Clean up testPrototype()
-        https://bugs.webkit.org/show_bug.cgi?id=59734
-
-        Remove direct pointer to the inside of a GC object and just do
-        the indirect load manually.  Doesn't effect sunspider but does
-        clean up the code quite a bit, and simplifies the handling of
-        GC values.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::testPrototype):
-
-2011-04-28  David Levin  <levin@chromium.org>
-
-        Build fix.
-
-        * wtf/RefCounted.h: Fix inverted ifdef.
-
-2011-04-07  David Levin  <levin@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Add asserts to RefCounted to make sure ref/deref happens on the right thread.
-        https://bugs.webkit.org/show_bug.cgi?id=31639
-
-        * GNUmakefile.list.am: Added new files to the build.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
-        due to not being able to figure out what was guarding it (bug 58091).
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider): Ditto.
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp): Ditto.
-        * wtf/CMakeLists.txt: Added new files to the build.
-        * wtf/ThreadRestrictionVerifier.h: Added.
-        Everything is done in the header to avoid the issue with exports
-        that are only useful in debug but still needing to export them.
-        * wtf/RefCounted.h:
-        (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
-        and filed bug 58171 about making it stricter.
-        (WTF::RefCountedBase::hasOneRef): Ditto.
-        (WTF::RefCountedBase::refCount): Ditto.
-        (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
-        on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
-        (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
-        Filed bug 58174 to remove this method.
-        (WTF::RefCountedBase::derefBase):
-        * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
-        * wtf/text/CString.h:
-        (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
-        done in Chromium's test_shell (bug 58093).
-
-2011-04-28  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed attempt to fix the build.
-
-        * GNUmakefile.am: add -lpthread.
-
-2011-04-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Only need a single implementation of testPrototype
-        https://bugs.webkit.org/show_bug.cgi?id=59724
-
-        Remove excess copy of identical testPrototype() code
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::testPrototype):
-        * jit/JITPropertyAccess32_64.cpp:
-
-2011-04-28  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        [Gtk] Split JSC and WebCore builds
-        https://bugs.webkit.org/show_bug.cgi?id=19428
-
-        Build JavaScriptCore as a libtool shared library instead of a
-        private convenience library.
-
-        * GNUmakefile.am: define new jsc library and adapt to new name for
-        javascriptcore target.
-        * GNUmakefile.list.am: ditto.
-
-2011-04-28  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/59705> WTF::postTimer() leaks a CFRunLoopTimerRef every time it's called
-
-        Reviewed by Simon Fraser.
-
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::postTimer): Use RetainPtr to plug the leak.
-
-2011-04-27  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        Add way to install testapi in production builds
-        https://bugs.webkit.org/show_bug.cgi?id=59674
-
-        * Configurations/TestAPI.xcconfig: Copied from Configurations/JavaScriptCore.xcconfig.
-        Add configuration file for TestAPI. In addition to name, we now specify an install path
-        and allow SKIP_INSTALL to be overridden by setting FORCE_TOOL_INSTALL.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Remove in-project build settings and add missing configuration files. Added missing CompilerVersion.xcconfig
-        file.
-
-2011-04-27  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by David Levin.
-
-        Enable strict OwnPtrs for Chromium
-        https://bugs.webkit.org/show_bug.cgi?id=59666
-
-        * wtf/OwnPtr.h:
-
-2011-04-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Add ability to remove keys from weakmap API
-        https://bugs.webkit.org/show_bug.cgi?id=59645
-
-        Add JSWeakObjectMapRemove API
-
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * API/JSWeakObjectMapRefPrivate.h:
-        * JavaScriptCore.exp:
-
-2011-04-27  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by David Levin.
-
-        Enable strict mode for OwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=59428
-
-        This patch enables strict mode for OwnPtr on PLATFORM(MAC) only.
-
-        * wtf/OwnPtr.h:
-
-2011-04-27  Steve Block  <steveblock@google.com>
-
-        Reviewed by David Levin.
-
-        Remove Android build system
-        https://bugs.webkit.org/show_bug.cgi?id=48111
-
-        This is to avoid the maintenance burden until the Android port is
-        fully upstreamed.
-
-        * Android.mk: Removed.
-        * Android.v8.wtf.mk: Removed.
-
-2011-04-27  Mark Rowe  <mrowe@apple.com>
-
-        Fix 32-bit build after r85036.
-
-        * wtf/Platform.h: USE(PLUGIN_HOST_PROCESS) is only true for 64-bit.
-
-2011-04-27  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed buildfix after r85036.
-
-        Readd non-dead code.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-
-2011-04-27  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Kenneth Russell.
-
-        OwnPtr assignment operator should be private
-        https://bugs.webkit.org/show_bug.cgi?id=59487
-
-        Unfortunately we can't remove the copy constructor because of some
-        detail about gcc.  (The issue is documented in a comment already.)
-
-        * wtf/OwnPtr.h:
-
-2011-04-26  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r84977.
-        http://trac.webkit.org/changeset/84977
-        https://bugs.webkit.org/show_bug.cgi?id=59568
-
-        caused crashes on the SL WK2 bots (Requested by jessieberlin
-        on #webkit).
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::call):
-        (JSC::MacroAssemblerX86_64::tailRecursiveCall):
-        (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
-
-2011-04-26  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Rubberstamped by Eric Seidel.
-
-        Enable waf to be used to build other ports
-        https://bugs.webkit.org/show_bug.cgi?id=58213
-
-        * wscript:
-
-2011-04-26  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by David Hyatt.
-
-        Remove Datagrid from the tree
-        https://bugs.webkit.org/show_bug.cgi?id=59543
-
-        * Configurations/FeatureDefines.xcconfig:
-        Remove feature.
-
-2011-04-26  Adrienne Walker  <enne@google.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix incorrect use of OwnPtr<T*> in GCActivityCallback
-        https://bugs.webkit.org/show_bug.cgi?id=59559
-
-        * runtime/GCActivityCallback.h:
-
-2011-04-26  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Daniel Bates.
-
-        Unused but set variable warning in MacroAssembelX86_64
-        https://bugs.webkit.org/show_bug.cgi?id=59482
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::call): do not declare the label
-        variable if we are not going to use it.
-        (JSC::MacroAssemblerX86_64::tailRecursiveCall): ditto.
-        (JSC::MacroAssemblerX86_64::makeTailRecursiveCall): ditto.
-
-2011-04-26  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Choose the compiler based on the Xcode version for Snow Leopard debug builds.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/CompilerVersion.xcconfig: Added.
-
-2011-04-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Nixed special finalizer handling for WebCore strings
-        https://bugs.webkit.org/show_bug.cgi?id=59425
-        
-        SunSpider reports no change.
-        
-        Not needed anymore, since weak handles have finalizers.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::resolveRopeSlowCase):
-        (JSC::JSString::outOfMemory):
-        (JSC::JSString::substringFromRope):
-        (JSC::JSString::replaceCharacter): Updated for removal of union.
-
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::~JSString):
-        (JSC::RopeBuilder::appendStringInConstruct):
-        (JSC::RopeBuilder::appendValueInConstructAndIncrementLength): No need for
-        union or special constructor anymore.
-
-2011-04-26  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Speeding up SVG filters with multicore (SMP) support
-        https://bugs.webkit.org/show_bug.cgi?id=43903
-
-        Some SVG filters execute a huge number of pixel manipulations, which
-        cannot be sped up by graphics accelerators, since their algorithm is
-        too complex. Using the power of Symmetric Multi Processing (SMP) we
-        can split up a task to smaller (data independent) tasks, which can be
-        executed independently.
-
-        The ParallelJobs framework provides a simple way for distributed
-        programming. The framework is based on WebKit's threading infrastructure,
-        Open Multi-Processing's (OpenMP) API, and libdispatch API.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/ParallelJobs.h: Added.
-        (WTF::ParallelJobs::ParallelJobs):
-        (WTF::ParallelJobs::numberOfJobs):
-        (WTF::ParallelJobs::parameterForJob):
-        (WTF::ParallelJobs::executeJobs):
-        * wtf/ParallelJobsGeneric.cpp: Added.
-        (WTF::ParallelEnvironment::ThreadPrivate::tryLockFor):
-        (WTF::ParallelEnvironment::ThreadPrivate::executeJob):
-        (WTF::ParallelEnvironment::ThreadPrivate::waitForFinish):
-        (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
-        * wtf/ParallelJobsGeneric.h: Added.
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::numberOfJobs):
-        (WTF::ParallelEnvironment::parameterForJob):
-        (WTF::ParallelEnvironment::executeJobs):
-        (WTF::ParallelEnvironment::ThreadPrivate::ThreadPrivate):
-        (WTF::ParallelEnvironment::ThreadPrivate::create):
-        * wtf/ParallelJobsLibdispatch.h: Added.
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::numberOfJobs):
-        (WTF::ParallelEnvironment::parameterForJob):
-        (WTF::ParallelEnvironment::executeJobs):
-        * wtf/ParallelJobsOpenMP.h: Added.
-        (WTF::ParallelEnvironment::ParallelEnvironment):
-        (WTF::ParallelEnvironment::numberOfJobs):
-        (WTF::ParallelEnvironment::parameterForJob):
-        (WTF::ParallelEnvironment::executeJobs):
-        * wtf/Platform.h:
-        * wtf/wtf.pri:
-
-2011-04-26  Mihai Parparita  <mihaip@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Turn off make built-in implicit rules for derived sources makefile
-        https://bugs.webkit.org/show_bug.cgi?id=59418
-        
-        We don't use any of make's built-in implicit rules, turning them off
-        speeds up parsing of the makefile.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * gyp/generate-derived-sources.sh:
-
-2011-04-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Custom prototypes on DOM objects don't persist after garbage collection
-        https://bugs.webkit.org/show_bug.cgi?id=59412
-        
-        SunSpider reports no change.
-        
-        The hasCustomProperties() check didn't check for a custom prototype.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::hasCustomProperties): Changed to delegate to Structure
-        because it is the "truth" about an object's pedigree.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/Structure.h:
-        (JSC::Structure::didTransition): Track whether a Structure has ever
-        transitioned for any reason. If so, we have to assume that the object
-        holding it is custom in some way.
-
-2011-04-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=59405
-        DFG JIT - add type speculation for integer & array types, for vars & args.
-
-        If a var or argument is used as the base for a GetByVal or PutByVal access
-        we are speculating that it is of type Array (we only generate code on the
-        speculative path to perform array accesses). By typing the var or args slot
-        as Array, and checking on entry to the function (in the case of args), and
-        each time the local is written to, we can avoid a type check at each point
-        the array is accessed. This will typically hoist type checks out of loops.
-
-        Similarly, any local that is incremented or decremented, or is the input or
-        output or a bitwise operator, is likely to be an integer. By typing the
-        local as int32 we can avoid speculation checks on access, and tagging when
-        writing to the slot. All accesses can become 32bit instead of 64.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::predictArray):
-        (JSC::DFG::ByteCodeParser::predictInt32):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::PredictionSlot::PredictionSlot):
-        (JSC::DFG::Graph::Graph):
-        (JSC::DFG::Graph::predict):
-        (JSC::DFG::Graph::getPrediction):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::tagFor):
-        (JSC::DFG::JITCompiler::payloadFor):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
-        * dfg/DFGSpeculativeJIT.h:
-        * runtime/Executable.cpp:
-        (JSC::tryDFGCompile):
-
-2011-04-25  David Levin  <levin@chromium.org>
-
-        Reviewed by James Robinson.
-
-        Fix OwnPtr strict mode violation in MessageQueue.h
-        https://bugs.webkit.org/show_bug.cgi?id=59400
-
-        * wtf/MessageQueue.h:
-        (WTF::::waitForMessage):
-        (WTF::::waitForMessageFilteredWithTimeout):
-        (WTF::::tryGetMessage):
-
-2011-04-25  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        JavaScriptCore should play nice strict OwnPtrs
-        https://bugs.webkit.org/show_bug.cgi?id=59401
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-        * heap/Heap.cpp:
-        (JSC::TypeCounter::TypeCounter):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::Scope):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
-
-2011-04-25  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * wtf/ListHashSet.h:
-
-2011-04-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 59370 - DFG JIT - fix leak of BlocksBlocks
-        (put the blocks immediately into an OwnPtr).
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-
-2011-04-25  James Robinson  <jamesr@chromium.org>
-
-        Reviewed by David Levin.
-
-        Fix strict OwnPtr violations in ListHashSet and RenderLayerCompositor
-        https://bugs.webkit.org/show_bug.cgi?id=59353
-
-        * wtf/ListHashSet.h:
-        (WTF::::ListHashSet):
-
-2011-04-25  David Levin  <levin@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Fix PassOwnPtr issues in Structure and JSGlobalData.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=59347
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/Structure.cpp:
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::createPropertyMap):
-        * runtime/Structure.h:
-
-2011-04-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make ClassInfo required when creating a Structure
-        https://bugs.webkit.org/show_bug.cgi?id=59340
-
-        Add ClassInfo to all those types which currently don't
-        have it, and add an assertion to Structure::create to
-        ensure that the provided classInfo is not null.
-
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/GetterSetter.cpp:
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/JSAPIValueWrapper.cpp:
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSString.cpp:
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::createStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::JSCell::createDummyStructure):
-
-2011-04-25  David Levin  <levin@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        PropertyMapHashTable.h should use adoptPtr instead of implicit conversions to PassRefPtr.
-        https://bugs.webkit.org/show_bug.cgi?id=59342
-
-        This patch is to prepare for the strict OwnPtr hack-a-thon.
-
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::copy):
-
-2011-04-25  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Rationalize MacroAssembler branch methods
-        https://bugs.webkit.org/show_bug.cgi?id=58950
-
-        split out the 'Condition' enum into 'RelationalCondition' and 'ResultCondition' 
-        and apply related changes (only for SH4 platforms).
-
-        * assembler/MacroAssemblerSH4.cpp:
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::compare32):
-        (JSC::MacroAssemblerSH4::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerSH4::branchDouble):
-        (JSC::MacroAssemblerSH4::branch32):
-        (JSC::MacroAssemblerSH4::branchTest8):
-        (JSC::MacroAssemblerSH4::branch8):
-        (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerSH4::test8):
-        (JSC::MacroAssemblerSH4::branch16):
-        (JSC::MacroAssemblerSH4::branchTest32):
-        (JSC::MacroAssemblerSH4::branchAdd32):
-        (JSC::MacroAssemblerSH4::branchMul32):
-        (JSC::MacroAssemblerSH4::branchSub32):
-        (JSC::MacroAssemblerSH4::branchOr32):
-        (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerSH4::branchPtrWithPatch):
-        (JSC::MacroAssemblerSH4::SH4Condition):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::cmpEqImmR0):
-
-2011-04-25  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        PropertyMapHashTable should work with strict OwnPtr
-        https://bugs.webkit.org/show_bug.cgi?id=59337
-
-        This patch is in preparation for the strict OwnPtr hack-a-thon.
-
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::addDeletedOffset):
-
-2011-04-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Nixed MarkStack::deprecatedAppend, since it has no clients left.
-
-        * heap/MarkStack.h:
-
-2011-04-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 59287 - DFG JIT - Handle temporaries as vars, allowing support for ?:
-
-        SetLocals to temporaries will only be generated if they are used within other
-        blocks, due to the SSA based DCE.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-
-2011-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig & Geoff Garen.
-
-        Bug 59266 - DFG JIT - Add SSA style DCE
-
-        This works by making GetLocal nodes reference SetLocal nodes from prior blocks,
-        via intermediate Phi nodes. Whenever we add a GetLocal to the graph, also add a
-        matching child Phi, and add the Phi to a work queue to add references to prior
-        definitions once we have the full CFG & can determine predecessors. This process
-        is iterative, inserting new phis into predecessors as necessary.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getVariable):
-        (JSC::DFG::ByteCodeParser::setVariable):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processWorkQueue):
-        (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::refChildren):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::ref):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::ref):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::~ScoreBoard):
-        (JSC::DFG::ScoreBoard::dump):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-22  Vitaly Repeshko  <vitalyr@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Add missing default constructors for HashMap iterator specializations.
-        https://bugs.webkit.org/show_bug.cgi?id=59250
-
-        * wtf/HashIterators.h:
-        * wtf/HashTable.h:
-        (WTF::HashTableConstIterator::HashTableConstIterator): Added cast
-        to help compiler find the function template.
-
-2011-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 59262 - DFG JIT - reduce size of VariableRecord
-
-        We never need both the get & set node, only the most recent
-        (which is always a set, if both exist).
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getVariable):
-        (JSC::DFG::ByteCodeParser::setVariable):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::VariableRecord::VariableRecord):
-
-2011-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Bug 59254 - DFG JIT - retain VariableRecords for args/var in all basic blocks,
-        such that this information is available for DCE.  Also, since this enlarges the
-        size of BasicBlock, make Graph hold a vector of pointers to basic blocks, not a
-        vector of blocks.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::getVariable):
-        (JSC::DFG::ByteCodeParser::setVariable):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::setupPredecessors):
-        (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::VariableRecord::VariableRecord):
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (JSC::DFG::BasicBlock::getBytecodeBegin):
-        (JSC::DFG::Graph::blockIndexForBytecodeOffset):
-        (JSC::DFG::Graph::blockForBytecodeOffset):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-
-2011-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Errk, build fix.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Quick cleanup to SpeculativeJIT/NonSpeculativeJIT compile loop,
-        move out the call to checkConsistency().
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-
-2011-04-21  Vitaly Repeshko  <vitalyr@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Provide default constructors for HashMap iterators.
-        https://bugs.webkit.org/show_bug.cgi?id=59151
-
-        These will be used to implement an iterator over EventTarget's
-        listeners.
-
-        * wtf/HashTable.h:
-        (WTF::HashTableConstIteratorAdapter::HashTableConstIteratorAdapter):
-        (WTF::HashTableIteratorAdapter::HashTableIteratorAdapter):
-
-2011-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 59232 - DFG JIT - Add predecessor links to BasicBlocks
-
-        These will be necessary for DCE support.
-        Also factor allocateVirtualRegisters out into its own method.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::setupPredecessors):
-        (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::blockForBytecodeOffset):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::isTerminal):
-
-2011-04-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Object.create creates uncachable objects
-        https://bugs.webkit.org/show_bug.cgi?id=59164
-
-        Use the prototype object's inheritorID, as we
-        should always have done
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::nullPrototypeObjectStructure):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorCreate):
-
-2011-04-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 59222 - DFG JIT - don't allocate virtual registers to nodes with no result
-
-        We currently allocate virtual registers to nodes which have no result - these are
-        clearly unused, and may result in us allocating a larger than necessary stack frame.
-
-        Encapsulate Node::virtualRegister such that we can ASSERT this is only called on
-        nodes that have results, and improve the quality of output from the consistency check.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::ref):
-        (JSC::DFG::Graph::deref):
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        (JSC::DFG::JITCodeGenerator::dump):
-        (JSC::DFG::JITCodeGenerator::checkConsistency):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::canReuse):
-        (JSC::DFG::JITCodeGenerator::isFilled):
-        (JSC::DFG::JITCodeGenerator::isFilledDouble):
-        (JSC::DFG::JITCodeGenerator::use):
-        (JSC::DFG::JITCodeGenerator::integerResult):
-        (JSC::DFG::JITCodeGenerator::noResult):
-        (JSC::DFG::JITCodeGenerator::cellResult):
-        (JSC::DFG::JITCodeGenerator::jsValueResult):
-        (JSC::DFG::JITCodeGenerator::doubleResult):
-        (JSC::DFG::JITCodeGenerator::initConstantInfo):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::fillInt32ToInteger):
-        (JSC::DFG::JITCompiler::fillToJS):
-        (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::hasResult):
-        (JSC::DFG::Node::virtualRegister):
-        (JSC::DFG::Node::setVirtualRegister):
-        (JSC::DFG::Node::refCount):
-        (JSC::DFG::Node::ref):
-        (JSC::DFG::Node::deref):
-        (JSC::DFG::Node::adjustedRefCount):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
-        (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::use):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Gavin Barraclough and Oliver Hunt.
-
-        Arrays should participate in global object forwarding fun
-        https://bugs.webkit.org/show_bug.cgi?id=59215
-
-        * runtime/JSGlobalObject.h:
-        (JSC::constructEmptyArray):
-        (JSC::constructArray):
-        Add variants of constructArray that take a global object.
-
-2011-04-22  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r84650 and r84654.
-        http://trac.webkit.org/changeset/84650
-        http://trac.webkit.org/changeset/84654
-        https://bugs.webkit.org/show_bug.cgi?id=59218
-
-        Broke Windows build (Requested by bweinstein on #webkit).
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::init):
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/Handle.h:
-        (JSC::HandleBase::operator!):
-        (JSC::HandleBase::operator UnspecifiedBoolType*):
-        (JSC::HandleTypes::getFromSlot):
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::markStrongHandles):
-        (JSC::HandleHeap::markWeakHandles):
-        (JSC::HandleHeap::finalizeWeakHandles):
-        (JSC::HandleHeap::writeBarrier):
-        (JSC::HandleHeap::protectedGlobalObjectCount):
-        (JSC::HandleHeap::isValidWeakNode):
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::copyWeak):
-        (JSC::HandleHeap::makeWeak):
-        (JSC::HandleHeap::Node::slot):
-        * heap/HandleStack.cpp:
-        (JSC::HandleStack::mark):
-        (JSC::HandleStack::grow):
-        * heap/HandleStack.h:
-        (JSC::HandleStack::zapTo):
-        (JSC::HandleStack::push):
-        * heap/Heap.cpp:
-        (JSC::HandleHeap::protectedObjectTypeCounts):
-        * heap/Local.h:
-        (JSC::::set):
-        * heap/Strong.h:
-        (JSC::Strong::set):
-        * heap/Weak.h:
-        (JSC::Weak::set):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::singleTransition):
-        (JSC::StructureTransitionTable::setSingleTransition):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::add):
-        (JSC::WeakGCMap::set):
-        * runtime/WriteBarrier.h:
-
-2011-04-22  Brian Weinstein  <bweinstein@apple.com>
-
-        Part of Windows build fix from r84650.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-04-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make it harder to use HandleSlot incorrectly
-        https://bugs.webkit.org/show_bug.cgi?id=59205
-
-        Just add a little type fudging to make it harder to
-        incorrectly assign through a HandleSlot.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::init):
-        * JavaScriptCore.exp:
-        * heap/Handle.h:
-        (JSC::HandleBase::operator!):
-        (JSC::HandleBase::operator UnspecifiedBoolType*):
-        (JSC::HandleTypes::getFromSlot):
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::markStrongHandles):
-        (JSC::HandleHeap::markWeakHandles):
-        (JSC::HandleHeap::finalizeWeakHandles):
-        (JSC::HandleHeap::writeBarrier):
-        (JSC::HandleHeap::protectedGlobalObjectCount):
-        (JSC::HandleHeap::isValidWeakNode):
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::copyWeak):
-        (JSC::HandleHeap::makeWeak):
-        (JSC::HandleHeap::Node::slot):
-        * heap/HandleStack.cpp:
-        (JSC::HandleStack::mark):
-        (JSC::HandleStack::grow):
-        * heap/HandleStack.h:
-        (JSC::HandleStack::zapTo):
-        (JSC::HandleStack::push):
-        * heap/Heap.cpp:
-        (JSC::HandleHeap::protectedObjectTypeCounts):
-        * heap/Local.h:
-        (JSC::::set):
-        * heap/Strong.h:
-        (JSC::Strong::set):
-        * heap/Weak.h:
-        (JSC::Weak::set):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::singleTransition):
-        (JSC::StructureTransitionTable::setSingleTransition):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::add):
-        (JSC::WeakGCMap::set):
-        * runtime/WriteBarrier.h:
-        (JSC::OpaqueJSValue::toJSValue):
-        (JSC::OpaqueJSValue::toJSValueRef):
-        (JSC::OpaqueJSValue::fromJSValue):
-
-2011-04-22  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for ENABLE(INTERPRETER) after r84556.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-
-2011-04-21  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r84583.
-        http://trac.webkit.org/changeset/84583
-        https://bugs.webkit.org/show_bug.cgi?id=59173
-
-        "broke
-        http://trac.webkit.org/export/84593/trunk/LayoutTests/fast/js
-        /Object-create.html" (Requested by ggaren on #webkit).
-
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorCreate):
-
-2011-04-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Add a feature define to allow <details> and <summary> to be disabled
-        https://bugs.webkit.org/show_bug.cgi?id=59118
-        <rdar://problem/9257045>
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Object.create creates uncachable objects
-        https://bugs.webkit.org/show_bug.cgi?id=59164
-
-        Use the prototype object's inheritorID, as we
-        should always have done
-
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorCreate):
-
-2011-04-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Start moving to a general visitor pattern for GC traversal
-        https://bugs.webkit.org/show_bug.cgi?id=59141
-
-        This is just a rename:
-            markChildren -> visitChildren
-            markAggregate -> visitAggregate
-            markStack -> visitor
-            MarkStack -> typedef'd to SlotVisitor
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::visitChildren):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
-        (JSC::JSCallbackObject::visitChildren):
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitStructures):
-        (JSC::EvalCodeCache::visitAggregate):
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        * bytecode/EvalCodeCache.h:
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::visitAggregate):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::visitAggregate):
-        * bytecode/StructureStubInfo.h:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::visitChildren):
-        * debugger/DebuggerActivation.h:
-        * heap/HandleHeap.cpp:
-        (JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
-        (JSC::HandleHeap::markStrongHandles):
-        (JSC::HandleHeap::markWeakHandles):
-        * heap/HandleHeap.h:
-        * heap/HandleStack.cpp:
-        (JSC::HandleStack::mark):
-        * heap/HandleStack.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::visitChildren):
-        (JSC::MarkStack::drain):
-        * heap/MarkStack.h:
-        (JSC::HeapRootVisitor::HeapRootVisitor):
-        (JSC::HeapRootVisitor::mark):
-        (JSC::HeapRootVisitor::visitor):
-        * heap/MarkedSpace.h:
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        * runtime/ArgList.h:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        * runtime/Arguments.h:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::visitChildren):
-        (JSC::ProgramExecutable::visitChildren):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/Executable.h:
-        * runtime/GetterSetter.cpp:
-        (JSC::GetterSetter::visitChildren):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * runtime/JSArray.h:
-        (JSC::JSArray::visitDirect):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::visitChildren):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::visitChildren):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::visitIfNeeded):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSONObject.cpp:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        * runtime/JSObject.h:
-        (JSC::JSObject::visitDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::visitChildren):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::visitChildren):
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        (JSC::TypeInfo::overridesVisitChildren):
-        * runtime/JSWrapperObject.cpp:
-        (JSC::JSWrapperObject::visitChildren):
-        * runtime/JSWrapperObject.h:
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::visitChildren):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::visitChildren):
-        * runtime/NativeErrorConstructor.h:
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::visitChildren):
-        * runtime/RegExpObject.h:
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::visitChildren):
-        * runtime/ScopeChain.h:
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::visitChildren):
-        * runtime/SmallStrings.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::visitChildren):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::createStructure):
-
-2011-04-21  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r84548.
-        http://trac.webkit.org/changeset/84548
-        https://bugs.webkit.org/show_bug.cgi?id=59144
-
-        Broke chromium-win build (Requested by aklein on #webkit).
-
-        * wtf/Platform.h:
-
-2011-04-21  Adam Klein  <adamk@chromium.org>
-
-        Reviewed by David Levin.
-
-        [fileapi] Worker File API calls that create Blobs fail in debug builds due to random number generator thread assertion
-        https://bugs.webkit.org/show_bug.cgi?id=55728
-
-        Enable WTF_MULTIPLE_THREADS for Chromium.
-
-        * wtf/Platform.h:
-
-2011-04-20  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        JSString::resolveRope inefficient for common 2 fiber case
-        https://bugs.webkit.org/show_bug.cgi?id=58994
-
-        Split JSString::resolveRope into three routines.
-        resolveRope allocates the new buffer and handles the 1 or 2
-        fiber case with single level fibers.
-        resolveRopeSlowCase handles the general case.
-        outOfMemory handles the rare out of memory exception case.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::resolveRope):
-        (JSC::JSString::resolveRopeSlowCase):
-        (JSC::JSString::outOfMemory):
-        * runtime/JSString.h:
-
-2011-04-20  Adam Klein  <adamk@chromium.org>
-
-        Reviewed by David Levin.
-
-        Rename all uses of JSC_MULTIPLE_THREADS under wtf/... to WTF_MULTIPLE_THREADS
-        https://bugs.webkit.org/show_bug.cgi?id=59040
-
-        This will be used to fix https://bugs.webkit.org/show_bug.cgi?id=55728
-        by enabling WTF_MULTIPLE_THREADS for Chromium.
-
-        * wtf/CryptographicallyRandomNumber.cpp:
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
-        (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
-        * wtf/FastMalloc.cpp:
-        * wtf/Platform.h:
-        Enable WTF_MULTIPLE_THREADS whenever JSC_MULTIPLE_THREADS is enabled.
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-        * wtf/RefCountedLeakCounter.cpp:
-        (WTF::RefCountedLeakCounter::increment):
-        (WTF::RefCountedLeakCounter::decrement):
-        * wtf/dtoa.cpp:
-        (WTF::pow5mult):
-
-2011-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoff Garen
-
-        Bug 59069 - DFG JIT - register allocate r8, r9, r10
-
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::gprToRegisterID):
-
-2011-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix - revert accidental change.
-
-        * wtf/Platform.h:
-
-2011-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add SAMPLING_FLAGS tool to DFG JIT.
-
-        * bytecode/SamplingTool.h:
-        (JSC::SamplingFlags::addressOfFlags):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::setSamplingFlag):
-        (JSC::DFG::JITCompiler::clearSamplingFlag):
-        * dfg/DFGJITCompiler.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::setSamplingFlag):
-        (JSC::JIT::clearSamplingFlag):
-        * wtf/Platform.h:
-
-2011-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 59022 - DFG JIT - Optimize branch-on-relational-compare
-
-        If a relational compare (< or <=) is immediately followed by a branch,
-        we can combine the two, avoiding generation of a boolean into a register.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branch32):
-        (JSC::MacroAssemblerX86Common::invert):
-        (JSC::MacroAssemblerX86Common::commute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::adjustedRefCount):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isJSConstantWithInt32Value):
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-
-2011-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        ARMv7 build fix II.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::softModulo):
-
-2011-04-20  Gavin Barraclough  <barraclough@apple.com>
-
-        ARMv7 build fix.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::test8):
-
-2011-04-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Rationalize MacroAssembler branch methods
-        https://bugs.webkit.org/show_bug.cgi?id=58950
-
-        The MacroAssembler currently exposes x86's weird behaviour that the 'setcc'
-        instruction only sets the low 8 bits of a register. Stop that.
-
-        Having done so, to clarify remove the 'set32' prefix from test & compare
-        instructions - these methods all now set a full 32/64 bit register (Ptr size).
-        The size in the function name should indicate the amount of data being compared.
-
-        Also split out the 'Condition' enum into 'RelationalCondition' and
-        'ResultCondition'. The former is used in binary comparison, the latter is a unary
-        condition check on the result of an operation.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::branchPtr):
-        (JSC::MacroAssembler::branch32):
-        (JSC::MacroAssembler::branch16):
-        (JSC::MacroAssembler::branchTestPtr):
-        (JSC::MacroAssembler::comparePtr):
-        (JSC::MacroAssembler::branchAddPtr):
-        (JSC::MacroAssembler::branchSubPtr):
-        (JSC::MacroAssembler::branchTest8):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branch8):
-        (JSC::MacroAssemblerARM::branch32):
-        (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARM::branch16):
-        (JSC::MacroAssemblerARM::branchTest8):
-        (JSC::MacroAssemblerARM::branchTest32):
-        (JSC::MacroAssemblerARM::branchAdd32):
-        (JSC::MacroAssemblerARM::branchMul32):
-        (JSC::MacroAssemblerARM::branchSub32):
-        (JSC::MacroAssemblerARM::branchNeg32):
-        (JSC::MacroAssemblerARM::branchOr32):
-        (JSC::MacroAssemblerARM::compare32):
-        (JSC::MacroAssemblerARM::test32):
-        (JSC::MacroAssemblerARM::test8):
-        (JSC::MacroAssemblerARM::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM::ARMCondition):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branch32):
-        (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARMv7::branch16):
-        (JSC::MacroAssemblerARMv7::branch8):
-        (JSC::MacroAssemblerARMv7::branchTest32):
-        (JSC::MacroAssemblerARMv7::branchTest8):
-        (JSC::MacroAssemblerARMv7::branchAdd32):
-        (JSC::MacroAssemblerARMv7::branchMul32):
-        (JSC::MacroAssemblerARMv7::branchOr32):
-        (JSC::MacroAssemblerARMv7::branchSub32):
-        (JSC::MacroAssemblerARMv7::compare32):
-        (JSC::MacroAssemblerARMv7::test32):
-        (JSC::MacroAssemblerARMv7::test8):
-        (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-        (JSC::MacroAssemblerARMv7::armV7Condition):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branch8):
-        (JSC::MacroAssemblerMIPS::branch32):
-        (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerMIPS::branch16):
-        (JSC::MacroAssemblerMIPS::branchTest32):
-        (JSC::MacroAssemblerMIPS::branchTest8):
-        (JSC::MacroAssemblerMIPS::branchAdd32):
-        (JSC::MacroAssemblerMIPS::branchMul32):
-        (JSC::MacroAssemblerMIPS::branchSub32):
-        (JSC::MacroAssemblerMIPS::branchOr32):
-        (JSC::MacroAssemblerMIPS::compare32):
-        (JSC::MacroAssemblerMIPS::test8):
-        (JSC::MacroAssemblerMIPS::test32):
-        (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::branch32):
-        (JSC::MacroAssemblerX86::branchPtrWithPatch):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branch8):
-        (JSC::MacroAssemblerX86Common::branch32):
-        (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerX86Common::branch16):
-        (JSC::MacroAssemblerX86Common::branchTest32):
-        (JSC::MacroAssemblerX86Common::branchTest8):
-        (JSC::MacroAssemblerX86Common::branchAdd32):
-        (JSC::MacroAssemblerX86Common::branchMul32):
-        (JSC::MacroAssemblerX86Common::branchSub32):
-        (JSC::MacroAssemblerX86Common::branchNeg32):
-        (JSC::MacroAssemblerX86Common::branchOr32):
-        (JSC::MacroAssemblerX86Common::compare32):
-        (JSC::MacroAssemblerX86Common::test8):
-        (JSC::MacroAssemblerX86Common::test32):
-        (JSC::MacroAssemblerX86Common::x86Condition):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::comparePtr):
-        (JSC::MacroAssemblerX86_64::branchPtr):
-        (JSC::MacroAssemblerX86_64::branchTestPtr):
-        (JSC::MacroAssemblerX86_64::branchAddPtr):
-        (JSC::MacroAssemblerX86_64::branchSubPtr):
-        (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86_64::branchTest8):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-
-2011-04-20  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt] Cleanup includepath adjustment for generated files
-        https://bugs.webkit.org/show_bug.cgi?id=58869
-
-        * JavaScriptCore.pri:  Add the directory of generated files to the include
-        path with absolute path to make it valid in the final build step.
-
-2011-04-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove unneeded deprecated methods from MarkStack
-        https://bugs.webkit.org/show_bug.cgi?id=58853
-
-        Remove deprecated methods
-
-        * heap/MarkStack.h:
-
-2011-04-19  Mark Rowe  <mrowe@apple.com>
-
-        Things work best when the Xcode project refers to the file at a path that exists.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-04-19  Renata Hodovan  <reni@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Move the alignment related macros in Vector.h to new Alignment.h.
-        https://bugs.webkit.org/show_bug.cgi?id=56000
-
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Alignment.h: Added.
-        * wtf/CMakeLists.txt:
-        * wtf/Vector.h:
-
-2011-04-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove DeprecatedPtr
-        https://bugs.webkit.org/show_bug.cgi?id=58718
-
-        Remove the class an all functions that still exist to support it.
-
-        * heap/MarkStack.h:
-        (JSC::MarkStack::append):
-        * runtime/JSValue.h:
-        * runtime/WriteBarrier.h:
-
-2011-04-19  Jungshik Shin  <jshin@chromium.org>
-
-        Reviewed by David Levin
-
-        Add U+FEFF (Zero width no-break space) to CharacterNames.h.
-        It's added to the list of characters to treat as zero-width
-        in WebCore.
-
-        https://bugs.webkit.org/show_bug.cgi?id=48860
-
-        * wtf/unicode/CharacterNames.h:
-
-2011-04-19  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] REGRESSION(84176): http/tests/xmlhttprequest/event-listener-gc.html fails
-        https://bugs.webkit.org/show_bug.cgi?id=58871
-
-        Unreviewed, rolling out r84176, r84178, r84186, r84212 and r84231.
-        http://trac.webkit.org/changeset/84176 (original patch)
-        http://trac.webkit.org/changeset/84178 (original patch - part 2)
-        http://trac.webkit.org/changeset/84186 (build fix)
-        http://trac.webkit.org/changeset/84212
-        http://trac.webkit.org/changeset/84231 (skip failing test)
-
-        original bugs:
-         - https://bugs.webkit.org/show_bug.cgi?id=58718
-         - https://bugs.webkit.org/show_bug.cgi?id=58853
-
-        * heap/MarkStack.h:
-        (JSC::MarkStack::deprecatedAppendValues):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::deprecatedAppend):
-        * runtime/JSValue.h:
-        * runtime/WriteBarrier.h:
-        (JSC::DeprecatedPtr::DeprecatedPtr):
-        (JSC::DeprecatedPtr::get):
-        (JSC::DeprecatedPtr::operator*):
-        (JSC::DeprecatedPtr::operator->):
-        (JSC::DeprecatedPtr::slot):
-        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
-        (JSC::DeprecatedPtr::operator!):
-        (JSC::operator==):
-
-2011-04-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove unneeded deprecated methods from MarkStack
-        https://bugs.webkit.org/show_bug.cgi?id=58853
-
-        Remove deprecated methods
-
-        * heap/MarkStack.h:
-
-2011-04-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Off by one initialising repeat callframe
-        https://bugs.webkit.org/show_bug.cgi?id=58838
-        <rdar://problem/8756810>
-
-        If the end of a callframe made for a repeat call landed on
-        a page boundary the following page may not have been committed
-        which means that the off by one could lead to a crash.  However
-        it could only happen in this case and only on windows which is
-        why it was so hard to repro.  Alas given the steps needed to
-        reproduce are such that it's not really possible to make a
-        testcase.
-
-        This fix makes the code a little less squirrely by not trying
-        to avoid the unnecessary initialisation of |this|.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::prepareForRepeatCall):
-
-2011-04-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 58829 - DFG JIT - Optimize add/sub immediate, multiply.
-
-        Add code generation for add/subtract instruction with immediate operands
-        (where a child is a constant), and don't bail to non-speculative if an
-        integer multiple results in a +0 result (only if it should be generating -0).
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isDoubleConstantWithInt32Value):
-
-2011-04-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 58817 - DFG JIT - if speculative compilation fails, throw away code.
-
-        If we detect a logical conflict, throw away generated code,
-        and only compile through the NonSpeculativeJIT.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::rewindToLabel):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::rewindToOffset):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchAdd32):
-        (JSC::MacroAssemblerX86Common::branchSub32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::rewindToLabel):
-        (JSC::X86Assembler::X86InstructionFormatter::rewindToLabel):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkSpeculationChecks):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
-
-2011-04-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove DeprecatedPtr
-        https://bugs.webkit.org/show_bug.cgi?id=58718
-
-        As simple as it sounds.
-
-        * runtime/JSValue.h:
-        * runtime/WriteBarrier.h:
-
-2011-04-17  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        JSC no longer builds with Clang due to -Woverloaded-virtual warning
-        https://bugs.webkit.org/show_bug.cgi?id=58760
-
-        Rename Structure's specificValue overload of put to putSpecificValue to avoid
-        Clang's warning for overloading a virtual function.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::putSpecificValue):
-        * runtime/Structure.h:
-
-2011-04-17  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Remove WTF_PLATFORM_SGL
-        https://bugs.webkit.org/show_bug.cgi?id=58743
-
-        WTF_PLATFORM_SGL and PLATFORM(SGL) are not used in the code anywhere.
-
-        * wtf/Platform.h:
-
-2011-04-17  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Rename PLATFORM(CA) to USE(CA)
-        https://bugs.webkit.org/show_bug.cgi?id=58742
-
-        * wtf/Platform.h:
-
-2011-04-17  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Rename PLATFORM(CG) to USE(CG)
-        https://bugs.webkit.org/show_bug.cgi?id=58729
-
-        * wtf/Platform.h:
-
-2011-04-16  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Rename PLATFORM(CAIRO) to USE(CAIRO)
-        https://bugs.webkit.org/show_bug.cgi?id=55192
-
-        * wtf/Platform.h:
-        * wtf/gobject/GTypedefs.h:
-
-2011-04-15  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r84067.
-        http://trac.webkit.org/changeset/84067
-        https://bugs.webkit.org/show_bug.cgi?id=58724
-
-        qt build are failing. (Requested by loislo2 on #webkit).
-
-        * heap/MarkStack.h:
-        (JSC::MarkStack::append):
-        * runtime/JSValue.h:
-        * runtime/WriteBarrier.h:
-        (JSC::DeprecatedPtr::DeprecatedPtr):
-        (JSC::DeprecatedPtr::get):
-        (JSC::DeprecatedPtr::operator*):
-        (JSC::DeprecatedPtr::operator->):
-        (JSC::DeprecatedPtr::slot):
-        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
-        (JSC::DeprecatedPtr::operator!):
-        (JSC::operator==):
-
-2011-04-15  Shishir Agrawal  <shishir@chromium.org>
-
-        Reviewed by James Robinson.
-
-        Add a flag to guard Page Visibility API changes.
-        https://bugs.webkit.org/show_bug.cgi?id=58464
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Errrk! - build fix from !x86-64.
-
-        * dfg/DFGNode.h:
-
-2011-04-15  David Levin  <levin@chromium.org>
-
-        Revert of r83974.
-
-        JavaScriptCore shouldn't depend on ../ThirdParty/gtest/xcode/gtest.xcodeproj
-        https://bugs.webkit.org/show_bug.cgi?id=58716
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/tests/RunAllWtfTests.cpp: Removed.
-        * wtf/tests/StringTests.cpp: Removed.
-
-2011-04-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove DeprecatedPtr
-        https://bugs.webkit.org/show_bug.cgi?id=58718
-
-        As simple as it sounds.
-
-        * heap/MarkStack.h:
-        (JSC::MarkStack::append):
-        * runtime/JSValue.h:
-        * runtime/WriteBarrier.h:
-
-2011-04-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Add a simple tool to gather statistics on whether functions
-        are completed through the new or old JIT.
-
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2011-04-15  Oliver Hunt  <oliver@apple.com>
-
-        GC allocate Structure
-        https://bugs.webkit.org/show_bug.cgi?id=58483
-
-        Rolling r83894 r83827 r83810 r83809 r83808 back in with
-        a workaround for the gcc bug seen by the gtk bots
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        * API/JSContextRef.cpp:
-        * JavaScriptCore.JSVALUE32_64only.exp:
-        * JavaScriptCore.JSVALUE64only.exp:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::markStructures):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::MethodCallLinkInfo::setSeen):
-        (JSC::GlobalResolveInfo::GlobalResolveInfo):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        (JSC::PolymorphicAccessStructureList::markAggregate):
-        (JSC::Instruction::Instruction):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        (JSC::StructureStubInfo::markAggregate):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdSelf):
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        (JSC::StructureStubInfo::initPutByIdReplace):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * heap/Handle.h:
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::markChildren):
-        (JSC::MarkStack::drain):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::sweep):
-        * heap/Strong.h:
-        (JSC::Strong::Strong):
-        (JSC::Strong::set):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::uncachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::uncacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchMethodCallProto):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchMethodCallProto):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
-        * jsc.cpp:
-        (cleanupGlobalData):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        (JSC::Arguments::Arguments):
-        (JSC::JSActivation::copyRegisters):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayConstructor.h:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        (JSC::arrayProtoFuncSplice):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::createStructure):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::BooleanConstructor):
-        * runtime/BooleanConstructor.h:
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        * runtime/BooleanPrototype.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        * runtime/DateConstructor.h:
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::createStructure):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::DatePrototype):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::ErrorConstructor):
-        * runtime/ErrorConstructor.h:
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        (JSC::ErrorInstance::create):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::createStructure):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        * runtime/ErrorPrototype.h:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::createStructure):
-        (JSC::NativeExecutable::createStructure):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::FunctionConstructor):
-        * runtime/FunctionConstructor.h:
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::FunctionPrototype):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::createStructure):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::JSByteArray):
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSCell.cpp:
-        (JSC::isZombie):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::JSCell):
-        (JSC::JSCell::JSCell::addressOfStructure):
-        (JSC::JSCell::JSCell::structure):
-        (JSC::JSCell::JSCell::markChildren):
-        (JSC::JSCell::JSValue::isZombie):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::clearBuiltinStructures):
-        (JSC::JSGlobalData::createLeaked):
-        * runtime/JSGlobalData.h:
-        (JSC::allocateGlobalHandle):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::markChildren):
-        (JSC::JSGlobalObject::copyGlobalsFrom):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::createStructure):
-        (JSC::Structure::prototypeChain):
-        (JSC::Structure::isValid):
-        (JSC::constructEmptyArray):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::JSNotAnObject):
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::seal):
-        (JSC::JSObject::freeze):
-        (JSC::JSObject::preventExtensions):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::createInheritorID):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        (JSC::JSObject::JSObject):
-        (JSC::JSNonFinalObject::createStructure):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSFinalObject::create):
-        (JSC::JSFinalObject::createStructure):
-        (JSC::JSFinalObject::JSFinalObject):
-        (JSC::constructEmptyObject):
-        (JSC::createEmptyObjectStructure):
-        (JSC::JSObject::~JSObject):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::setStructure):
-        (JSC::JSObject::inheritorID):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::transitionTo):
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSObjectWithGlobalObject.cpp:
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSObjectWithGlobalObject.h:
-        (JSC::JSObjectWithGlobalObject::createStructure):
-        (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::create):
-        (JSC::JSPropertyNameIterator::get):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        (JSC::JSPropertyNameIterator::setCachedStructure):
-        (JSC::Structure::setEnumerationCache):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::JSString):
-        (JSC::RopeBuilder::createStructure):
-        * runtime/JSType.h:
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        * runtime/JSValue.h:
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        (JSC::JSVariableObject::JSVariableObject):
-        (JSC::JSVariableObject::copyRegisterArray):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/JSZombie.cpp:
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::JSZombie):
-        (JSC::JSZombie::createStructure):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        (JSC::NativeErrorConstructor::markChildren):
-        (JSC::constructWithNativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::createStructure):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::NativeErrorPrototype):
-        * runtime/NativeErrorPrototype.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::NumberConstructor):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::createStructure):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        * runtime/ObjectPrototype.h:
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::PropertyTable):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        * runtime/RegExpPrototype.h:
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        (JSC::ScopeChainNode::createStructure):
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        * runtime/StringConstructor.h:
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::createStructure):
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::remove):
-        (JSC::StructureTransitionTable::add):
-        (JSC::Structure::Structure):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::toCacheableDictionaryTransition):
-        (JSC::Structure::toUncacheableDictionaryTransition):
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::put):
-        (JSC::Structure::markChildren):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::setPrototypeWithoutTransition):
-        (JSC::Structure::createStructure):
-        (JSC::JSCell::createDummyStructure):
-        (JSC::StructureTransitionTable::keyForWeakGCMapFinalizer):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        (JSC::StructureChain::markChildren):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-        (JSC::StructureChain::head):
-        (JSC::StructureChain::createStructure):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
-        (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
-        (JSC::StructureTransitionTable::~StructureTransitionTable):
-        (JSC::StructureTransitionTable::slot):
-        (JSC::StructureTransitionTable::setMap):
-        (JSC::StructureTransitionTable::singleTransition):
-        (JSC::StructureTransitionTable::clearSingleTransition):
-        (JSC::StructureTransitionTable::setSingleTransition):
-        * runtime/WeakGCMap.h:
-        (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
-        (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
-        (JSC::WeakGCMap::contains):
-        (JSC::WeakGCMap::find):
-        (JSC::WeakGCMap::remove):
-        (JSC::WeakGCMap::add):
-        (JSC::WeakGCMap::set):
-        (JSC::WeakGCMap::finalize):
-        * runtime/WriteBarrier.h:
-        (JSC::writeBarrier):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-
-2011-04-15  Fridrich Strba  <fridrich.strba@bluewin.ch>
-
-        Reviewed by Gavin Barraclough.
-
-        Correctly prefix symbols. Since gcc 4.5.0, Windows x64 symbols
-        are not prefixed by underscore anymore. This is consistent with
-        what MSVC does.
-        https://bugs.webkit.org/show_bug.cgi?id=58573
-
-        * jit/JITStubs.cpp:
-
-2011-04-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 58705 - DFG JIT Add support for flow control (branch, jump).
-
-        Add support for control flow by breaking the CodeBlock up into multiple
-        basic blocks, generating code for each basic block in turn through the
-        speculative JIT & then the non-speculative JIT.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::setTemporary):
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (JSC::DFG::BasicBlock::getBytecodeOffset):
-        (JSC::DFG::Graph::blockIndexForBytecodeOffset):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
-        (JSC::DFG::JITCodeGenerator::addBranch):
-        (JSC::DFG::JITCodeGenerator::linkBranches):
-        (JSC::DFG::JITCodeGenerator::BranchRecord::BranchRecord):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::isJump):
-        (JSC::DFG::Node::isBranch):
-        (JSC::DFG::Node::takenBytecodeOffset):
-        (JSC::DFG::Node::notTakenBytecodeOffset):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-
-2011-04-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Bug 58701 - DFG JIT - add GetLocal/SetLocal nodes
-
-        Use these for both access to arguments & local variables, adds ability
-        to set locals, such that values will persist between basic blocks.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::getVariable):
-        (JSC::DFG::ByteCodeParser::setVariable):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::getThis):
-        (JSC::DFG::ByteCodeParser::setThis):
-        (JSC::DFG::ByteCodeParser::VariableRecord::VariableRecord):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::derefChildren):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::ref):
-        (JSC::DFG::Graph::deref):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasLocal):
-        (JSC::DFG::Node::local):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 58696 - DFG JIT split handling of vars/temporaries
-
-        Presently all callee registers are treated as having single block scope,
-        since the DFG JIT can only compile single block functions. In order to
-        expand the JIT to support control flow we will need to change to retaining
-        locals (but not temporaries) across basic block boundaries.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::getVariable):
-        (JSC::DFG::ByteCodeParser::setVariable):
-        (JSC::DFG::ByteCodeParser::getTemporary):
-        (JSC::DFG::ByteCodeParser::setTemporary):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::getInt32Constant):
-        (JSC::DFG::ByteCodeParser::getDoubleConstant):
-        (JSC::DFG::ByteCodeParser::getJSConstant):
-        (JSC::DFG::ByteCodeParser::constantUndefined):
-        (JSC::DFG::ByteCodeParser::constantNull):
-        (JSC::DFG::ByteCodeParser::one):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        (JSC::DFG::parse):
-        * dfg/DFGNode.h:
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::ScoreBoard):
-        (JSC::DFG::ScoreBoard::~ScoreBoard):
-        (JSC::DFG::ScoreBoard::allocate):
-        (JSC::DFG::ScoreBoard::use):
-
-2011-04-15  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        globalObject moved to JSObjectWithGlobalObject.cpp inhibits inlining
-        https://bugs.webkit.org/show_bug.cgi?id=58677
-
-        Moved JSObjectWithGlobalObject::globalObject() to 
-        runtime/JSObjectWithGlobalObject.h to allow the compiler to inline
-        it for a performance benefit.  An equivalent instance had been in
-        a header file before r60057.
-
-        * JavaScriptCore.exp:
-        * runtime/JSObjectWithGlobalObject.cpp:
-        * runtime/JSObjectWithGlobalObject.h:
-        (JSC::JSObjectWithGlobalObject::globalObject):
-
-2011-04-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make JSNodeFilterCondition handle its lifetime correctly
-        https://bugs.webkit.org/show_bug.cgi?id=58622
-
-        Add export
-
-        * JavaScriptCore.exp:
-
-2011-04-14  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        WebKit2: Password field input does not switch to ASCII-compatible source
-        https://bugs.webkit.org/show_bug.cgi?id=58583
-        <rdar://problem/9059651>
-
-        * wtf/Platform.h: Removed WTF_USE_CARBON_SECURE_INPUT_MODE. It's now only used by Chromium,
-        and shouldn't be enabled on any other platforms, so there is no reason to make it
-        configurable via Platform.h.
-
-2011-04-15  Dmitry Lomov  <dslomov@google.com>
-
-        Reviewed by David Levin.
-
-        Add a sample test case for GTest framework
-        https://bugs.webkit.org/show_bug.cgi?id=58509
-
-        Add an example of GTest testcase, complete with a runner, to JavaScriptCore.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/tests/RunAllWtfTests.cpp: Added.
-        (main):
-        * wtf/tests/StringTests.cpp: Added.
-
-2011-04-15  Anna Cavender  <annacc@chromium.org>
-
-        Reviewed by Eric Carlson.
-
-        Renaming TRACK feature define to VIDEO_TRACK
-        https://bugs.webkit.org/show_bug.cgi?id=53556
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoffrey Garen.
-
-        Hide DFG_JIT_RESTRICTIONS behind ARITHMETIC_OP() macro, and rename
-        m_regressionGuard to m_parseFailed, such that it can be reused for
-        other failure cases.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parse):
-
-2011-04-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Bug 58620 - DFG JIT - loading of arguments should not be lazy
-
-        This optimization is overly simplistic. It only works because we never
-        write out definitions to arguments (since we currently only compile
-        single block functions). Revert this for now, we may want to reintroduce
-        something like this again in the future, but it will need to be aware
-        how to schedule definitions to arguments versus lazy loads that have not
-        yet been performed.
-
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::needsSpill):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillInteger):
-        (JSC::DFG::JITCodeGenerator::fillDouble):
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::initConstantInfo):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::fillNumericToDouble):
-        (JSC::DFG::JITCompiler::fillInt32ToInteger):
-        (JSC::DFG::JITCompiler::fillToJS):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
-        (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Bug 58600 - DFG JIT bugs in ValueToInt, PutByVal
-
-        The bug in PutByVal is that an operand is in JSValueOperand - when this
-        locks an integer into a register it will always retag the value without
-        checking if the register is already locked. This is a problem where the
-        value being stored by a PutByVal is the same as the subscript.
-        The subscript is locked into a register first, as a strict integer.
-        Locking the value results in the subscript being modified.
-
-        The bug in ValueToInt related to the function of sillentFillAllRegisters.
-        The problem is that this method will restore all register values from
-        prior to the call, overwriting the result of the call out. Allow a
-        register to be passed to specifically be excluded from being preserved.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::debugOffset):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::debugOffset):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::debugOffset):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::debugAddress):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::debugOffset):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::orPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::debugOffset):
-        (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGGenerationInfo.h:
-        * dfg/DFGJITCodeGenerator.cpp:
-        (JSC::DFG::JITCodeGenerator::fillJSValue):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::isConstant):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::isConstant):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::valueToNumber):
-        (JSC::DFG::NonSpeculativeJIT::valueToInt32):
-        (JSC::DFG::NonSpeculativeJIT::numberToInt32):
-        (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
-        (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-        (JSC::DFG::NonSpeculativeJIT::silentSpillGPR):
-        (JSC::DFG::NonSpeculativeJIT::silentSpillFPR):
-        (JSC::DFG::NonSpeculativeJIT::silentFillGPR):
-        (JSC::DFG::NonSpeculativeJIT::silentFillFPR):
-        (JSC::DFG::NonSpeculativeJIT::silentSpillAllRegisters):
-        (JSC::DFG::NonSpeculativeJIT::silentFillAllRegisters):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2011-04-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Drain the mark stack while marking weak handles, not after.
-        https://bugs.webkit.org/show_bug.cgi?id=58574
-
-        Otherwise, items that would have caused more weak handle marking are
-        processed after all weak handle marking has finished, and referenced
-        weak handles get recycled.
-
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::markWeakHandles): Removed looping from here, since we
-        want Heap::markRoots to be responsible for draining the mark stack.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots): Moved looping to here, as explained above.
-        
-        For efficiency's sake, drain the mark stack before starting to mark weak
-        handles. Otherwise, items drained while marking weak handles may force
-        an extra trip through the weak handle list.
-
-        For correctness's sake, drain the mark stack each time through the weak
-        handle list. Otherwise, opaque roots that would make weak handles reachable
-        are not discovered until after weak handle marking is over.
-
-2011-04-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make protected object list in caches window reflect reality
-        https://bugs.webkit.org/show_bug.cgi?id=58565
-
-        Make sure the heap includes objects protected by Strong handles
-        in its list of protected objects.
-
-        * heap/HandleHeap.h:
-        * heap/Heap.cpp:
-        (JSC::HandleHeap::protectedObjectTypeCounts):
-
-2011-04-14  Satish Sampath  <satish@chromium.org>
-
-        Reviewed by Anders Carlsson.
-
-        Don't emit RegExp tables for chromium where they are not used
-        https://bugs.webkit.org/show_bug.cgi?id=58544
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * create_regex_tables: Added the "--notables" command line argument.
-
-2011-04-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix ASSERTs seen on Windows bots.
-
-        * wtf/HashTable.h:
-        (WTF::hashTableSwap): Force MSVC to use the right version of swap.
-
-2011-04-13  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [CMAKE] Separate DerivedSources.
-        https://bugs.webkit.org/show_bug.cgi?id=58427
-
-        * CMakeLists.txt: Change DERIVED_SOURCES_DIR to DERIVED_SOURCES_JAVASCRIPTCORE_DIR.
-
-2011-04-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Switched DOM wrappers to use HashMap of Weak<T> instead of WeakGCMap<T>
-        https://bugs.webkit.org/show_bug.cgi?id=58482
-        
-        This will allow wrappers to make individual decisions about their lifetimes.
-
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::copyWeak): New function for copying a weak handle.
-        It's wasn't previously possible to perform this operation using HandleHeap
-        API because the HandleHeap doesn't expose its underlying Node structure.
-
-        * heap/Local.h:
-        (JSC::::set):
-        * heap/Strong.h:
-        (JSC::Strong::set): Added ASSERTs to verify that dead objects are not
-        resurrected by placement into handles.
-
-        (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
-        is efficient.
-
-        * heap/Weak.h:
-        (JSC::Weak::Weak): Fixed a bug where copying a weak pointer would not
-        copy its weak callback and context.
-
-        (JSC::Weak::operator=): Added an assignment operator, since the default
-        C++ assignment operator did the wrong thing.
-
-        (JSC::Weak::set): Added ASSERTs to verify that dead objects are not
-        resurrected by placement into handles.
-
-        (JSC::swap): Added a swap helper, so use of Strong<T> inside a hash table
-        is efficient, and can be done without copying, which is illegal during
-        the handle finalization phase.
-
-2011-04-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make PropertyMapEntry use a WriteBarrier for specificValue
-        https://bugs.webkit.org/show_bug.cgi?id=58407
-
-        Make PropertyMapEntry use a WriteBarrier for specificValue, and then
-        propagate the required JSGlobalData through all the methods it ends
-        up being needed.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectSetPrototype):
-        * JavaScriptCore.exp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * interpreter/Interpreter.cpp:
-        (JSC::appendSourceToError):
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::name):
-        (JSC::InternalFunction::displayName):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::name):
-        (JSC::JSFunction::displayName):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::putWithAttributes):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::resetPrototype):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::defineGetter):
-        (JSC::JSObject::defineSetter):
-        (JSC::JSObject::lookupGetter):
-        (JSC::JSObject::lookupSetter):
-        (JSC::JSObject::getPropertySpecificValue):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::seal):
-        (JSC::JSObject::freeze):
-        (JSC::JSObject::preventExtensions):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::isSealed):
-        (JSC::JSObject::isFrozen):
-        (JSC::JSObject::setPrototypeWithCycleCheck):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::putDirectFunctionWithoutTransition):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorCreate):
-        (JSC::objectConstructorSeal):
-        (JSC::objectConstructorFreeze):
-        (JSC::objectConstructorPreventExtensions):
-        (JSC::objectConstructorIsSealed):
-        (JSC::objectConstructorIsFrozen):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::copy):
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::toCacheableDictionaryTransition):
-        (JSC::Structure::toUncacheableDictionaryTransition):
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::isSealed):
-        (JSC::Structure::isFrozen):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::despecifyAllFunctions):
-        (JSC::Structure::put):
-        (JSC::Structure::getPropertyNames):
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-04-13  Paul Knight  <pknight@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        BACKTRACE() macro should check for Debug configuration in macro, not WTFReportBacktrace definition
-        https://bugs.webkit.org/show_bug.cgi?id=58405
-
-        The BACKTRACE() macro requires JavaScriptCore be built with a Debug
-        configuration in order for it to be enabled. Move the NDEBUG check to
-        the header so it will be enabled when the calling framework or
-        application is built with a Debug configuration, similar to how
-        ASSERT() and friends work.
-
-        * wtf/Assertions.cpp:
-        * wtf/Assertions.h:
-
-2011-04-12  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=58131
-
-        Provide a workaround for an obscure Studio 12 compiler bug, which
-        couldn't call src->~T() on a const T *src.
-
-        * wtf/Vector.h:
-
-2011-04-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=58395
-        Exceptions thrown from property getters called from Array prototype functions can be missed
-
-        This is caught by an ASSERT in the top of Interpreter::executeCall.
-        Check for exceptions after accessing properties that could be getters.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-            - Add exception checks.
-
-2011-04-12  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make API callback objects use weak handles to run their finalizers
-        https://bugs.webkit.org/show_bug.cgi?id=58389
-
-        Make the API object's private data struct act as a finalizer for
-        an api object if the callback object has a API defined finalizer.
-
-        * API/JSCallbackObject.cpp:
-        (JSC::JSCallbackObjectData::finalize):
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::init):
-        * heap/Handle.h:
-
-2011-04-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Cleaned up hash traits, and added hash traits for handles
-        https://bugs.webkit.org/show_bug.cgi?id=58381
-
-        * heap/Handle.h:
-        (JSC::HandleBase::swap):
-        (JSC::Handle::Handle):
-        (JSC::Handle::swap): Implemented swap, so we can rehash efficiently, and
-        without creating new handles (which is not allowed during handle finalization).
-
-        * heap/Strong.h:
-        (JSC::Strong::swap): Use new SimpleClassHashTraits to avoid duplication.
-
-        * heap/Weak.h:
-        (JSC::Weak::isHashTableDeletedValue):
-        (JSC::Weak::Weak):
-        (JSC::Weak::swap):
-        (JSC::Weak::hashTableDeletedValue): Ditto.
-
-        * wtf/HashTraits.h:
-        (WTF::SimpleClassHashTraits::constructDeletedValue):
-        (WTF::SimpleClassHashTraits::isDeletedValue): Added SimpleClassHashTraits,
-        which are analogous to SimpleClassVectorTraits, since they are used in a
-        bunch of places.
-
-        * wtf/RetainPtr.h: Use new SimpleClassHashTraits to avoid duplication.
-
-        * wtf/text/StringHash.h: Use new SimpleClassHashTraits to avoid duplication.
-
-2011-04-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Cleaned up some Vector traits, and added missing Vector traits for handles
-        https://bugs.webkit.org/show_bug.cgi?id=58372
-
-        * heap/Local.h: Inherit from SimpleClassVectorTraits to avoid duplication.
-
-        * heap/Strong.h: Ditto.
-
-        * heap/Weak.h: Ditto.
-
-        * parser/JSParser.cpp: Fixed a traits error. No test case because this
-        particular trait is not currently exercised by the parser.
-
-        * runtime/UString.h: No need to override canInitializeWithMemset, since
-        our base class sets it to true.
-
-        * wtf/VectorTraits.h: Inherit from VectorTraitsBase to avoid duplication.
-
-        * wtf/text/WTFString.h: No need to override canInitializeWithMemset, since
-        our base class sets it to true.
-
-2011-04-12  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Eric Seidel.
-
-        [Qt] Enable JIT build for SH4 platforms.
-        https://bugs.webkit.org/show_bug.cgi?id=58317
-        enable JIT build for QT backend  for SH4 platforms.
-
-        * JavaScriptCore.pro:
-        * wtf/Platform.h:
-
-2011-04-11  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=58289
-
-        Fix compilation on Solaris/Studio 12 C++ in wtf/FastMalloc.cpp,
-        WTF::TCMalloc_PageHeap::runScavengerThread(void*) expected to return a value.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::runScavengerThread):
-
-2011-04-11  Mark Rowe  <mrowe@apple.com>
-
-        Fix the build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Headers used outside of JavaScriptCore need to be marked as private.
-
-2011-04-11  Anna Cavender  <annacc@chromium.org>
-
-        Reviewed by Eric Carlson.
-
-        Setup ENABLE(TRACK) feature define
-        https://bugs.webkit.org/show_bug.cgi?id=53556
-
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix a few builds.
-        
-        Updated a few more build configurations for file moves.
-
-        * CMakeListsWinCE.txt:
-
-2011-04-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 58263 - Use EncodedValueDescriptor on both JSVALUE32_64, JSVALUE64
-
-        The JSJITInterface already uses EncodedValueDescriptor to access the tag/payload
-        separately on JSVALUE64, even though EncodedValueDescriptor is not used in
-        JSVALUE64's implementation of JSValue. Remove the separate definition for m_ptr
-        on X86_64. Using the union allows us to remove a layer of makeImmediate()/
-        immedaiteValue() methods.
-
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitTagAsBoolImmediate):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emitSlow_op_not):
-        * runtime/JSCell.h:
-        * runtime/JSValue.h:
-        * runtime/JSValueInlineMethods.h:
-        (JSC::JSValue::encode):
-        (JSC::JSValue::decode):
-        (JSC::JSValue::operator==):
-        (JSC::JSValue::operator!=):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::operator bool):
-        (JSC::JSValue::asInt32):
-        (JSC::JSValue::isUndefinedOrNull):
-        (JSC::JSValue::isBoolean):
-        (JSC::JSValue::isCell):
-        (JSC::JSValue::isInt32):
-        (JSC::JSValue::asDouble):
-        (JSC::JSValue::isNumber):
-        (JSC::JSValue::asCell):
-
-2011-04-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix a few builds.
-        
-        Updated a few more build configurations for file moves.
-
-        * CMakeListsEfl.txt:
-        * wscript:
-
-2011-04-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: Updated a file name.
-
-        * CMakeLists.txt:
-
-2011-04-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by Sam Weinig.
-        
-        Moved remaining heap implementation files to the heap folder.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp.
-        * heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h.
-        * heap/Handle.h:
-        * heap/Heap.cpp:
-        * heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp.
-        * heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h.
-        * heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp.
-        * heap/MarkStack.h: Copied from runtime/MarkStack.h.
-        * heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp.
-        * heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp.
-        * heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp.
-        * heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp.
-        * heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h.
-        * heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp.
-        * heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h.
-        * interpreter/RegisterFile.cpp:
-        * runtime/ConservativeSet.cpp: Removed.
-        * runtime/ConservativeSet.h: Removed.
-        * runtime/MachineStackMarker.cpp: Removed.
-        * runtime/MachineStackMarker.h: Removed.
-        * runtime/MarkStack.cpp: Removed.
-        * runtime/MarkStack.h: Removed.
-        * runtime/MarkStackPosix.cpp: Removed.
-        * runtime/MarkStackSymbian.cpp: Removed.
-        * runtime/MarkStackWin.cpp: Removed.
-        * runtime/MarkedBlock.cpp: Removed.
-        * runtime/MarkedBlock.h: Removed.
-        * runtime/MarkedSpace.cpp: Removed.
-        * runtime/MarkedSpace.h: Removed.
-
-2011-04-11  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-04-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 58198 - Clean up JSValue implementation for JSVALUE64
-
-        Remove JSNumberCell, JSImmediate, unify some methods between JSVALUE32_64/JSVALUE64
-
-        JSNumberCell.h largely just contained the constructors for JSValue on JSVALUE64,
-        which should not have been here.  JSImmediate mostly contained uncalled methods,
-        along with the internal implementation of the JSValue constructors split unnecessarily
-        across a number of layers of function calls. These could largely be merged back
-        together. Many methods and constructors from JSVALUE32_64 and JSVALUE64 can by unified.
-
-        The .cpp files were empty.
-
-        Moving all these methods into JSValue.h seems to be a repro measurable regression, so
-        I have kept these methods in a separate JSValueInlineMethods.h. Adding the 64-bit tag
-        values as static const members of JSValue also measures as a repro regression, so I
-        have made these #defines.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Removed JSImmediate.h, JSNumberCell.h.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-            - Removed class JSImmediate.
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-            - Removed class JSImmediate.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Removed class JSImmediate.
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-            - Removed class JSImmediate.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitJumpIfImmediateInteger):
-        (JSC::JIT::emitJumpIfNotImmediateInteger):
-        (JSC::JIT::emitFastArithDeTagImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitTagAsBoolImmediate):
-            - Removed class JSImmediate.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emitSlow_op_not):
-            - Removed class JSImmediate.
-        * jit/JSInterfaceJIT.h:
-            - Removed class JSImmediate.
-        * runtime/JSCell.h:
-            - Removed JSImmediate.h, JSNumberCell.h.
-        * runtime/JSImmediate.cpp: Removed.
-        * runtime/JSImmediate.h: Removed.
-        * runtime/JSNumberCell.cpp: Removed.
-        * runtime/JSNumberCell.h: Removed.
-            - Removed.
-        * runtime/JSObject.h:
-            - Removed JSImmediate.h, JSNumberCell.h.
-        * runtime/JSString.h:
-            - Removed JSImmediate.h, JSNumberCell.h.
-        * runtime/JSValue.h:
-            - Added tags for JSVALUE64, moved out some JSVALUE32_64 methods, unified with JSVALUE64.
-        * runtime/JSValueInlineMethods.h: Added.
-        (JSC::JSValue::toInt32):
-        (JSC::JSValue::toUInt32):
-        (JSC::JSValue::isUInt32):
-        (JSC::JSValue::asUInt32):
-        (JSC::JSValue::uncheckedGetNumber):
-        (JSC::JSValue::toJSNumber):
-        (JSC::jsNaN):
-        (JSC::JSValue::getNumber):
-        (JSC::JSValue::getBoolean):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::encode):
-        (JSC::JSValue::decode):
-        (JSC::JSValue::operator bool):
-        (JSC::JSValue::operator==):
-        (JSC::JSValue::operator!=):
-        (JSC::JSValue::isUndefined):
-        (JSC::JSValue::isNull):
-        (JSC::JSValue::isUndefinedOrNull):
-        (JSC::JSValue::isCell):
-        (JSC::JSValue::isInt32):
-        (JSC::JSValue::isDouble):
-        (JSC::JSValue::isTrue):
-        (JSC::JSValue::isFalse):
-        (JSC::JSValue::tag):
-        (JSC::JSValue::payload):
-        (JSC::JSValue::asInt32):
-        (JSC::JSValue::asDouble):
-        (JSC::JSValue::asCell):
-        (JSC::JSValue::isNumber):
-        (JSC::JSValue::isBoolean):
-        (JSC::JSValue::makeImmediate):
-        (JSC::JSValue::immediateValue):
-        (JSC::reinterpretDoubleToIntptr):
-        (JSC::reinterpretIntptrToDouble):
-            - Methods moved here from JSImmediate.h/JSNumberCell.h/JSValue.h.
-        * runtime/Operations.h:
-            - Removed JSImmediate.h, JSNumberCell.h.
-        * wtf/StdLibExtras.h:
-            - Export bitwise_cast.
-
-2011-04-11  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Oliver Hunt.
-
-        SH4 JIT SUPPORT.
-        https://bugs.webkit.org/show_bug.cgi?id=44329
-
-        Add JIT remaining part for SH4 platforms.
-
-        * assembler/MacroAssemblerSH4.h:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * jit/JSInterfaceJIT.h:
-
-2011-04-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by Beth Dakin.
-
-        Moved Heap.h and Heap.cpp to the heap folder, because anything less 
-        would be uncivilized.
-
-        * Android.mk:
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Heap.cpp: Copied from JavaScriptCore/runtime/Heap.cpp.
-        * heap/Heap.h: Copied from JavaScriptCore/runtime/Heap.h.
-        * runtime/Heap.cpp: Removed.
-        * runtime/Heap.h: Removed.
-
-2011-04-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Remove duplicated code from AtomicString::fromUTF8()
-        https://bugs.webkit.org/show_bug.cgi?id=53711
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::fromUTF8Internal):
-        * wtf/text/AtomicString.h:
-        (WTF::AtomicString::fromUTF8):
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
-        * wtf/unicode/UTF8.h:
-
-2011-04-10  Maciej Stachowiak  <mjs@apple.com>
-
-        Not reviewed.
-
-        Fix build (at least on Lion) by adding some newish header files to
-        PrivateHeaders.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-04-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Try recommitting some things svn left out of its last commit.
-
-        * heap/Handle.h:
-        (JSC::HandleBase::operator!):
-        (JSC::HandleBase::HandleBase):
-        (JSC::HandleBase::slot):
-        (JSC::HandleBase::setSlot):
-        (JSC::Handle::Handle):
-        * heap/HandleHeap.cpp:
-        (JSC::HandleHeap::markWeakHandles):
-        (JSC::HandleHeap::finalizeWeakHandles):
-        (JSC::HandleHeap::isValidWeakNode):
-        * heap/HandleHeap.h:
-        (JSC::HandleHeap::globalData):
-
-2011-04-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A few heap-related renames and file moves.
-        
-        WeakGCPtr<T> => Weak<T>
-        Global<T> => Strong<T>
-        collector/ => heap/
-        collector/* => heap/*
-        runtime/WeakGCPtr.h => heap/Weak.h
-        
-        (Eventually, even more files should move into the heap directory. Like
-        Heap.h and Heap.cpp, for example.)
-
-        * API/JSClassRef.h:
-        * CMakeLists.txt:
-        * GNUmakefile.am:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/SamplingTool.h:
-        * bytecompiler/BytecodeGenerator.h:
-        * collector: Removed.
-        * collector/handles: Removed.
-        * collector/handles/Global.h: Removed.
-        * collector/handles/Handle.h: Removed.
-        * collector/handles/HandleHeap.cpp: Removed.
-        * collector/handles/HandleHeap.h: Removed.
-        * collector/handles/HandleStack.cpp: Removed.
-        * collector/handles/HandleStack.h: Removed.
-        * collector/handles/Local.h: Removed.
-        * collector/handles/LocalScope.h: Removed.
-        * heap: Copied from collector.
-        * heap/Handle.h: Copied from collector/handles/Handle.h.
-        * heap/HandleHeap.cpp: Copied from collector/handles/HandleHeap.cpp.
-        * heap/HandleHeap.h: Copied from collector/handles/HandleHeap.h.
-        * heap/HandleStack.cpp: Copied from collector/handles/HandleStack.cpp.
-        * heap/HandleStack.h: Copied from collector/handles/HandleStack.h.
-        * heap/Local.h: Copied from collector/handles/Local.h.
-        * heap/LocalScope.h: Copied from collector/handles/LocalScope.h.
-        * heap/Strong.h: Copied from collector/handles/Global.h.
-        (JSC::Strong::Strong):
-        (JSC::Strong::~Strong):
-        (JSC::Strong::operator=):
-        * heap/Weak.h: Copied from runtime/WeakGCPtr.h.
-        (JSC::Weak::Weak):
-        (JSC::Weak::~Weak):
-        * heap/handles: Removed.
-        * interpreter/RegisterFile.h:
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * runtime/Structure.h:
-        * runtime/WeakGCPtr.h: Removed.
-
-2011-04-08  Alpha Lam  <hclam@chromium.org>
-
-        Unreviewed, rolling out r83335.
-        http://trac.webkit.org/changeset/83335
-        https://bugs.webkit.org/show_bug.cgi?id=53556
-
-        GTK and QT bots are broken
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Ooops, typo, build fix.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-
-2011-04-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 58154 - Add support for comparison operators to the DFG JIT.
-
-        Add support for <, <=, ==, ===, and also !.  Add support for all corresponding
-        bytecode ops, including the not- and -null forms.  Initially add functionally
-        correct support, we'll revisit the performance.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::constantNull):
-        (JSC::DFG::ByteCodeParser::parse):
-            - Add support for parsing of bytecode opcodes, 
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::callOperation):
-            - Add new operation call types, return bool values.
-        * dfg/DFGNode.h:
-            - Add new node types.
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-            - Add code generation for new nodes.
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationCompareLess):
-        (JSC::DFG::operationCompareLessEq):
-        (JSC::DFG::operationCompareEq):
-        (JSC::DFG::operationCompareStrictEq):
-        (JSC::DFG::dfgConvertJSValueToBoolean):
-        * dfg/DFGOperations.h:
-            - Add operation callbacks to implement new ops.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - Add code generation for new nodes.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-            - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-            - Switched to a simpler <0 check, rather than relying on an internal value in JSImmediate.
-        * runtime/JSImmediate.h:
-            - Make tag values public, rather than relying on a friend - this matches JSVALUE32_64.
-
-2011-04-07  Anna Cavender  <annacc@chromium.org>
-
-        Reviewed by Eric Carlson.
-
-        Setup ENABLE(TRACK) feature define
-        https://bugs.webkit.org/show_bug.cgi?id=53556
-
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-07  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        [WK2][Qt][GTK] Introduce common use flag for the shared UNIX domain socket IPC implementation
-        https://bugs.webkit.org/show_bug.cgi?id=58030
-
-        * wtf/Platform.h: Introduce USE(UNIX_DOMAIN_SOCKETS) for WebKit2.
-
-2011-04-08  Adam Roben  <aroben@apple.com>
-
-        Clean build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Don't try to delete directories that
-        don't exist. Also switched from del /s to rmdir /s, which has the benefit of deleting the
-        directory itself in addition to the files it contains.
-
-2011-04-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Some Handle<T> cleanup
-        https://bugs.webkit.org/show_bug.cgi?id=58109
-
-        * bytecode/SamplingTool.h: Sorted alphabetically because that's the
-        WebKit style. Added a Global.h #include that was previously missing
-        but harmless.
-
-        * collector/handles/Global.h:
-        (JSC::Global::Global): Added a null constructor. No need for a special
-        tag, and the tag is incompatible with some data structures.
-        
-        (JSC::Global::isHashTableDeletedValue):
-        (JSC::Global::~Global):
-        (JSC::Global::set):
-        (JSC::Global::operator=):
-        (JSC::Global::clear):
-        (JSC::Global::hashTableDeletedValue): Reordered constructors to be near
-        each other.
-
-        (JSC::Global::setWithWriteBarrier): Renamed internalSet to
-        setWithWriteBarrier for clarity, and funneled more code into using set
-        and setWithWriteBarrier to reduce duplication.
-
-        * collector/handles/Handle.h:
-        (JSC::HandleBase::operator!):
-        (JSC::HandleBase::HandleBase): Removed isEmpty(), since we already have
-        boolean and ! operators.
-
-        (JSC::HandleBase::slot):
-        (JSC::HandleBase::setSlot):
-        (JSC::Handle::Handle): Added general support for null Handles. This was
-        previously outlawed by ASSERTs, but our code has grown to support and
-        rely on null Handles.
-        
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::markWeakHandles):
-        (JSC::HandleHeap::finalizeWeakHandles):
-        (JSC::HandleHeap::isValidWeakNode): Migrated from isValidWeakHandle,
-        and beefed this up a bit.
-
-        * collector/handles/HandleHeap.h:
-        (JSC::HandleHeap::globalData): Added accessor, used by some new set functions.
-
-        * collector/handles/Local.h: Moved hash traits to the bottom of the file,
-        since this file is about the Local class, not the traits.
-
-        (JSC::::Local): Updated for removal of invalidate().
-
-        (JSC::::operator): Deployed "using" to avoid a lot of this->
-        template funny business.
-
-        (JSC::::setWithSlotCheck): Renamed from internalSet, more specific now.
-
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile): Updated to use null constructor.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::Structure::setEnumerationCache):
-        * runtime/Structure.h: Removed clearEnumerationCache
-        because it was an unused holdover from when the enumeration cache was
-        not a handle.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::set): Finish initializing our handle before putting it
-        in the table. This seemed more logical, and at one point was required
-        to avoid triggering an ASSERT.
-
-        * runtime/WeakGCPtr.h: Inherit from Handle instead of rolling our own
-        handle-like behavior, to avoid duplication.
-
-        (JSC::WeakGCPtr::WeakGCPtr):
-        (JSC::WeakGCPtr::~WeakGCPtr):
-        (JSC::WeakGCPtr::get):
-        (JSC::WeakGCPtr::clear):
-        (JSC::WeakGCPtr::set):
-        (JSC::WeakGCPtr::setWithWriteBarrier): Removed duplicate code and
-        standardized on Handle idioms.
-
-2011-04-07  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Martin Robinson.
-
-        Refactor Gtk build system to separate list of files
-        https://bugs.webkit.org/show_bug.cgi?id=58090
-
-        This is the first step towards generating part of the GTK build system
-        using GYP.  In the first iteration, our plan is to just generate the
-        list of files.  This patch is the first step, which is to separate out
-        the part of JavaScriptCore build system that we intend to generate from
-        the rest of the build system.
-
-        * GNUmakefile.am:
-        * GNUmakefile.list.am: Added.
-
-2011-04-07  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Reviewed by Gavin Barraclough.
-
-        Mapping booleans the same way as integers
-        https://bugs.webkit.org/show_bug.cgi?id=56913
-
-        Instead of having a seperate tag field for booleans,
-        the logical values are stored in the payload field
-        (for JSValue32_64 representation).
-
-        1.007x speedup on SunSpider.
-
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitStoreBool):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emitSlow_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emitSlow_op_jtrue):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JSInterfaceJIT.h:
-        * runtime/JSValue.h:
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::isTrue):
-        (JSC::JSValue::isFalse):
-        (JSC::JSValue::getBoolean):
-
-2011-04-07  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Add stub support for generating Gtk build system from gyp
-        https://bugs.webkit.org/show_bug.cgi?id=58086
-
-        This does not produce a buildable JavaScriptCore, but it
-        does allow running gyp/configure --port=gtk and having
-        it generate a gtk.Makefile which we can use for testing
-        the rest of the plumbing.
-
-        * gyp/gtk.gyp: Added.
-
-2011-04-07  Andrew Scherkus  <scherkus@chromium.org>
-
-        Revert ENABLE_TRACK patch due to compile failures.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2011-04-07  Adam Barth  <abarth@webkit.org>
-
-        Fix whitespace in GNUmakefile.am.
-
-        * GNUmakefile.am:
-
-2011-04-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix a couple of typos in comments that Darin spotted.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_not):
-        * runtime/JSImmediate.h:
-
-2011-04-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-        Bug 58057 - Store boolean payload in low bit of JSImmediate
-
-        And remove some uncalled functions from JSImmediate.h
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitTagAsBoolImmediate):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_not):
-        * runtime/JSImmediate.h:
-        (JSC::JSImmediate::makeInt):
-        (JSC::JSImmediate::makeBool):
-        (JSC::JSImmediate::intValue):
-        (JSC::JSImmediate::boolValue):
-        (JSC::JSImmediate::asInt32):
-        (JSC::JSImmediate::toDouble):
-        (JSC::JSValue::asInt32):
-        (JSC::JSValue::isUInt32):
-        (JSC::JSValue::asUInt32):
-
-2011-04-07  Liang Qi  <liang.qi@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt][Symbian] Enable webkit build with GCCE on Symbian.
-        https://bugs.webkit.org/show_bug.cgi?id=57841
-
-        * wtf/MathExtras.h: GCCE compiler doesn't support those std static functions.
-
-2011-04-06  Dai Mikurube  <dmikurube@chromium.org>
-
-        Reviewed by David Levin.
-
-        Add QUOTA build flag for unified quota API
-        https://bugs.webkit.org/show_bug.cgi?id=57918
-
-        * Configurations/FeatureDefines.xcconfig: Added QUOTA build flag
-
-2011-04-06  Kevin Ollivier  <kevino@theolliviers.com>
-        
-        Reviewed by Darin Adler.
-        
-        Make sure JS_EXPORT_PRIVATE is an empty define when we aren't using the export macros.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * config.h:
-
-2011-04-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Stop JSObject::isUsingInlineStorage() from using the structure
-        https://bugs.webkit.org/show_bug.cgi?id=57986
-
-        Make the isUsingInlineStorage() implementation just look at
-        whether the property storage is inside the object.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::isUsingInlineStorage):
-        (JSC::JSObject::JSObject):
-
-2011-04-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Geoff Garen.
-
-        Update comments documenting JSVALUE64/JSVALUE32_64 JSValue representations.
-
-        * runtime/JSImmediate.h:
-        * runtime/JSValue.h:
-
-2011-04-06  Lucas De Marchi  <lucas.demarchi@profusion.mobi>
-
-        cmake: Fix build for ARMv7
-
-        * CMakeLists.txt: add missing file.
-
-2011-04-06  Liang Qi  <liang.qi@nokia.com>
-
-        Reviewed by Benjamin Poulain.
-
-        Correct a include file name.
-        https://bugs.webkit.org/show_bug.cgi?id=57839
-
-        * wtf/PageAllocatorSymbian.h: It should be case sensitive. This fix 
-        builds on Unix hosts.
-
-2011-04-06  Adam Roben  <aroben@apple.com>
-
-        Build fix after r83056
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Added property svn:executable.
-
-2011-04-06  Adam Roben  <aroben@apple.com>
-
-        Move JavaScriptCoreGenerated's file-copying logic out to a new script
-
-        Hopefully this will make it easier to modify this logic in the future. I also made the
-        script much quieter than the old logic, since it didn't seem helpful to see long lists of
-        filenames during the copying phase.
-
-        If we like this new style, we could copy it for our other projects.
-
-        Fixes <http://webkit.org/b/57950> JavaScriptCoreGenerated's file-copying logic is hard to
-        modify and noisy
-
-        Reviewed by Steve Falkenburg.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Moved logic to copy
-        files from here...
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: ...to here. (Added.)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Added copy-files.cmd
-        for convenience.
-
-2011-04-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Who likes export files? I do!
-
-2011-04-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Introduced the concept of opaque roots, in preparation for marking the DOM with them
-        https://bugs.webkit.org/show_bug.cgi?id=57903
-
-        * JavaScriptCore.exp: Who likes export files? I do!
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::isValidWeakHandle): Factored out a helper function for ASSERTs.
-
-        (JSC::WeakHandleOwner::~WeakHandleOwner): Moved from header to avoid
-        weak linkage problems.
-
-        (JSC::WeakHandleOwner::isReachableFromOpaqueRoots): New callback.
-        Currently unused.
-
-        (JSC::WeakHandleOwner::finalize): Switched from pure virtual to a
-        default empty implementation, since not all clients necessarily want
-        or need non-trivial finalizers.
-
-        (JSC::HandleHeap::markWeakHandles): Split updateWeakHandles into two
-        passes. The first pass marks all reachable weak handles. The second pass
-        finalizes all unreachable weak handles. This must be two passes because
-        we don't know the set of finalizable weak handles until we're done
-        marking all weak handles.
-
-        (JSC::HandleHeap::finalizeWeakHandles): Use new helper function.
-
-        * collector/handles/HandleHeap.h: Ditto.
-
-        * runtime/Heap.cpp: 
-        (JSC::Heap::destroy):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::reset): Split out handle marking from handle finalization.
-
-        * runtime/MarkStack.cpp:
-        (JSC::MarkStack::reset):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::addOpaqueRoot):
-        (JSC::MarkStack::containsOpaqueRoot):
-        (JSC::MarkStack::opaqueRootCount):
-        (JSC::HeapRootMarker::markStack): New helper functions for managing the
-        set of opaque roots.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::finalize): Renamed to match parent class declaration.
-
-2011-04-05  Balazs Kelemen  <kbalazs@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Build fix for YarrParser.h
-        https://bugs.webkit.org/show_bug.cgi?id=57822
-
-        * yarr/YarrParser.h:
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
-
-2011-04-05  Steve Falkenburg  <sfalken@apple.com>
-
-        Follow-up Windows build fix.
-        Don't skip react-to-vsprops-changes.py for all production builds,
-        only those initiated via JavaScriptCore.make.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-
-2011-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION (r82849): 85,000+ JSC-related leaks seen on SnowLeopard Intel Leaks
-        https://bugs.webkit.org/show_bug.cgi?id=57857
-
-        Whoops, accidentally removed a deref().
-
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-
-2011-04-05  Steve Falkenburg  <sfalken@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add per-configuration vsprops files.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed inheritance from common.vsprops.
-        Set production environment variable before calling make.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Added.
-
-2011-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make caches window show more info about non-jsobject GC values
-        https://bugs.webkit.org/show_bug.cgi?id=57874
-
-        Add ClassInfo to the various internal JS types that currently
-        don't have any, and make the text for caches window show the
-        classname for non-JSObject instances.
-
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::createStructure):
-        (JSC::NativeExecutable::createStructure):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/Heap.cpp:
-        (JSC::TypeCounter::typeName):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/ScopeChain.cpp:
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::createStructure):
-        * runtime/StructureChain.cpp:
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::createStructure):
-
-2011-04-05  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Andreas Kling.
-
-        Cleanup StringConcatenate
-        https://bugs.webkit.org/show_bug.cgi?id=57836
-
-        Don't use PassRefPtr in local variables, properly store in RefPtrs and release on return.
-        Add a makeString() variant taking 9 arguments, needed by a follow-up patch.
-
-        * wtf/text/StringConcatenate.h:
-        (WTF::tryMakeString):
-        (WTF::makeString):
-
-2011-04-04  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r82876.
-        http://trac.webkit.org/changeset/82876
-        https://bugs.webkit.org/show_bug.cgi?id=57816
-
-        Caused a lot of test crashes (Requested by tkent on #webkit).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * wtf/FastMalloc.cpp:
-        (WTF::tryFastMalloc):
-        (WTF::fastMalloc):
-        (WTF::tryFastCalloc):
-        (WTF::fastCalloc):
-        (WTF::fastFree):
-        (WTF::tryFastRealloc):
-        (WTF::fastRealloc):
-        (WTF::fastMallocSize):
-        (WTF::TCMalloc_PageHeap::isScavengerSuspended):
-        (WTF::TCMalloc_PageHeap::scheduleScavenger):
-        (WTF::TCMalloc_PageHeap::suspendScavenger):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-        (WTF::TCMallocStats::malloc):
-        (WTF::TCMallocStats::free):
-        (WTF::TCMallocStats::fastCalloc):
-        (WTF::TCMallocStats::tryFastCalloc):
-        (WTF::TCMallocStats::calloc):
-        (WTF::TCMallocStats::fastRealloc):
-        (WTF::TCMallocStats::tryFastRealloc):
-        (WTF::TCMallocStats::realloc):
-        (WTF::TCMallocStats::fastMallocSize):
-        * wtf/FastMalloc.h:
-        (WTF::Internal::fastMallocMatchValidationType):
-        (WTF::Internal::fastMallocMatchValidationValue):
-        (WTF::Internal::setFastMallocMatchValidationType):
-        (WTF::fastMallocMatchValidateFree):
-        * wtf/Platform.h:
-
-2011-04-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Antti Koivisto.
-
-        Stop JSCell.h from including Structure.h
-        https://bugs.webkit.org/show_bug.cgi?id=57809
-
-        * runtime/GetterSetter.h:
-        * runtime/JSAPIValueWrapper.h:
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::toThisObject):
-        * runtime/JSString.h:
-        * runtime/ScopeChain.h:
-        * runtime/Structure.h:
-        (JSC::JSCell::isObject):
-        (JSC::JSCell::isString):
-        (JSC::JSCell::classInfo):
-        (JSC::JSCell::createDummyStructure):
-        (JSC::JSValue::needsThisConversion):
-        (JSC::MarkStack::internalAppend):
-        * runtime/StructureChain.h:
-
-2011-04-04  Oliver Hunt  <oliver@apple.com>
-
-        Fix clang build.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::fastMalloc):
-        (WTF::fastCalloc):
-        (WTF::fastRealloc):
-
-2011-04-04  Oliver Hunt  <oliver@apple.com>
-
-        Remove accidental change to Platform.h
-
-        * wtf/Platform.h:
-
-2011-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed a weak-handle-related leak in RegisterFile
-        https://bugs.webkit.org/show_bug.cgi?id=57793
-
-        * interpreter/RegisterFile.cpp: Nixed leaky GlobalObjectNotifier.
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::GlobalObjectOwner::finalize):
-        (JSC::RegisterFile::RegisterFile): Replaced GlobalObjectNotifier with
-        a per-RegisterFile weak handle owner, which does not leak.
-
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::set): Allow set() to take a context argument, since
-        RegisterFile now needs this. (Seems like it was an accidental omission
-        all along.)
-
-2011-04-04  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make malloc validation useful
-        https://bugs.webkit.org/show_bug.cgi?id=57502
-
-        This patch changes FAST_MALLOC_MATCH_VALIDATION with a general
-        corruption check that tags the beginning and end of all allocations
-        to check for write overflows and overwrites the contents of
-        memory on free in order to (hopefully) show up use-after-free issues
-        sooner.
-
-        We also turn it on by default for debug builds.
-
-        * JavaScriptCore.exp:
-        * wtf/FastMalloc.cpp:
-        (WTF::tryFastMalloc):
-        (WTF::fastMalloc):
-        (WTF::tryFastCalloc):
-        (WTF::fastCalloc):
-        (WTF::fastFree):
-        (WTF::tryFastRealloc):
-        (WTF::fastRealloc):
-        (WTF::TCMalloc_PageHeap::isScavengerSuspended):
-        (WTF::TCMalloc_PageHeap::scheduleScavenger):
-        (WTF::TCMalloc_PageHeap::suspendScavenger):
-        (WTF::TCMalloc_PageHeap::signalScavenger):
-        (WTF::TCMallocStats::malloc):
-        (WTF::TCMallocStats::free):
-        (WTF::TCMallocStats::fastCalloc):
-        (WTF::TCMallocStats::tryFastCalloc):
-        (WTF::TCMallocStats::calloc):
-        (WTF::TCMallocStats::fastRealloc):
-        (WTF::TCMallocStats::tryFastRealloc):
-        (WTF::TCMallocStats::realloc):
-        * wtf/FastMalloc.h:
-        (WTF::Internal::fastMallocValidationHeader):
-        (WTF::Internal::fastMallocValidationSuffix):
-        (WTF::Internal::fastMallocMatchValidationType):
-        (WTF::Internal::setFastMallocMatchValidationType):
-        (WTF::fastMallocMatchValidateFree):
-        (WTF::fastMallocValidate):
-        * wtf/Platform.h:
-
-2011-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Renamed clearWeakPointers => updateWeakHandles and removed misleading comment
-        https://bugs.webkit.org/show_bug.cgi?id=57790
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::updateWeakHandles): Updated for rename.
-
-        * collector/handles/HandleHeap.h: Removed comment claiming that this
-        function should only be called during teardown, because it's actually
-        called after every GC pass.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::markRoots): Updated for rename.
-
-2011-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Standardized handling of handles for immediate values
-        https://bugs.webkit.org/show_bug.cgi?id=57788
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::clearWeakPointers): Don't check for null or non-cell
-        values here, because our write barrier guarantees that such values are
-        not in the weak list.
-
-        (JSC::HandleHeap::writeBarrier): Standardized on checking for null before
-        checking for cell, and on using early return instead of if/else.
-
-        * collector/handles/HandleHeap.h:
-        (JSC::HandleHeap::deallocate):
-        (JSC::HandleHeap::makeWeak): Ditto.
-
-2011-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Removed a redundant variable from HandleHeap
-        https://bugs.webkit.org/show_bug.cgi?id=57786
-        
-        Forgot to commit the file that actually removes the data member!
-        
-        * collector/handles/HandleHeap.h:
-
-2011-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed a redundant variable from HandleHeap
-        https://bugs.webkit.org/show_bug.cgi?id=57786
-        
-        We don't need a specific variable to indicate that we're in the middle
-        of the finalization phase, since m_nextToFinalize already does this.
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::HandleHeap):
-        (JSC::HandleHeap::clearWeakPointers):
-        (JSC::HandleHeap::writeBarrier):
-
-2011-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Renamed Finalizer => WeakHandleOwner (in preparation for adding a reachability callback)
-        https://bugs.webkit.org/show_bug.cgi?id=57775
-        
-        Also renamed noFinalizer => emptyWeakOwner, since this is really an
-        optimization for a weak owner with empty callbacks.
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::clearWeakPointers): Updated for renames. Removed
-        redundant initialization of m_nextToFinalize. Moved deletion check inside
-        weak owner check, since the weak owner can't delete the node if there is
-        no weak owner!
-
-        * collector/handles/HandleHeap.h:
-        (JSC::WeakHandleOwner::~WeakHandleOwner):
-        (JSC::HandleHeap::makeWeak): Updated for renames.
-
-        (JSC::HandleHeap::hasWeakOwner): Changed getFinalizer to hasWeakOwner,
-        to clarify this function's role in assertions.
-
-        (JSC::HandleHeap::Node::Node):
-        (JSC::HandleHeap::Node::makeWeak):
-        (JSC::HandleHeap::Node::isWeak):
-        (JSC::HandleHeap::Node::weakOwner):
-        (JSC::HandleHeap::Node::weakOwnerContext):
-        (JSC::HandleHeap::Node::emptyWeakOwner):
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::globalObjectCollectedNotifier):
-        * interpreter/RegisterFile.h:
-        * runtime/WeakGCMap.h:
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::WeakGCPtr):
-        (JSC::WeakGCPtr::set): Updated for renames.
-
-2011-04-04  Oliver Hunt  <oliver@apple.com>
-
-        Fix WinCE build.
-
-        * bytecode/Instruction.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-
-2011-04-04  Adam Roben  <aroben@apple.com>
-
-        Delete mt.dep files when doing a clean build due to .vsprops file changes
-
-        Apparently this is yet another file that Visual Studio can't figure out it needs to rebuild.
-
-        Fixes <http://webkit.org/b/57777> r82850 failed to build on Windows Debug (Build)
-
-        Reviewed by Brian Weinstein.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-        (main): Added dep to the list of extensions we look for when choosing files to delete.
-
-2011-04-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make StructureChain GC allocated
-        https://bugs.webkit.org/show_bug.cgi?id=56695
-
-        Make StructureChain GC allocated, and make the various owners
-        mark it correctly.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        (JSC::PolymorphicAccessStructureList::derefStructures):
-        (JSC::PolymorphicAccessStructureList::markAggregate):
-        (JSC::Instruction::Instruction):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        (JSC::StructureStubInfo::markAggregate):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        * collector/handles/Handle.h:
-        (JSC::HandleConverter::operator->):
-        (JSC::HandleConverter::operator*):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeChain):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        (JSC::JSPropertyNameIterator::get):
-        (JSC::JSPropertyNameIterator::markChildren):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
-        * runtime/JSZombie.cpp:
-        (JSC::JSZombie::leakedZombieStructure):
-        * runtime/JSZombie.h:
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::append):
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep):
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::markAggregate):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        (JSC::StructureChain::~StructureChain):
-        (JSC::StructureChain::markChildren):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-        (JSC::StructureChain::createStructure):
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-
-2011-04-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed some complexity from HandleHeap
-        https://bugs.webkit.org/show_bug.cgi?id=57650
-        
-        Eliminated pointer-tagging flags.
-        
-        Tied being weak to having a finalizer (or at least a finalizer sentinel).
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::clearWeakPointers): Removed the special self-destroying
-        flag. It was unused. If we bring it back, we'll probably use a shared
-        autodeallocating finalizer instead.
-
-        * collector/handles/HandleHeap.h:
-        (JSC::HandleHeap::makeWeak): makeWeak and adding a finalizer are now
-        a single, atomic operation -- this makes the relationship between
-        finalizers and weak pointers clearer, and impossible to get wrong.
-
-        (JSC::HandleHeap::Node::Node):
-        (JSC::HandleHeap::Node::handleHeap): No more flags.
-
-        (JSC::HandleHeap::Node::makeWeak):
-        (JSC::HandleHeap::Node::isWeak): Ditto above. We use a special sentienl
-        value in the finalizer slot to indicate that a handle is weak but doesn't
-        require an external function call for finalization.
-
-2011-04-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed WeakGCMap::deprecatedRemove because it was deprecated and unused
-        https://bugs.webkit.org/show_bug.cgi?id=57648
-
-        * runtime/WeakGCMap.h:
-
-2011-04-01  Adam Roben  <aroben@apple.com>
-
-        Maintain the invariant that Lexer::m_current is set to -1 when at the end of the code buffer
-
-        Covered by existing tests.
-
-        Fixes <http://webkit.org/b/56699>.
-
-        Reviewed by Oliver Hunt.
-
-        * parser/Lexer.h:
-        (JSC::Lexer::setOffset): Copied code from Lexer::shift to update m_current, because
-        supposedly the idiom that function uses is fast.
-
-2011-03-31  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Oliver Hunt.
-
-        SH4 JIT SUPPORT.
-        https://bugs.webkit.org/show_bug.cgi?id=44329
-
-        Add YARR support for SH4 platforms (disabled by default).
-
-        * GNUmakefile.am:
-        * assembler/MacroAssembler.h:
-        * assembler/MacroAssemblerSH4.cpp: Added.
-        * assembler/MacroAssemblerSH4.h: Added.
-        * assembler/SH4Assembler.h: Added.
-        * yarr/YarrJIT.cpp:
-
-2011-03-30  Adam Roben  <aroben@apple.com>
-
-        Clean build fix
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Serialized project dependencies so projects
-        don't try to build in parallel (which doesn't mesh with our buildfailed mechanism).
-
-2011-03-30  Oliver Hunt  <oliver@apple.com>
-
-        Rollout r82500
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        (JSC::PolymorphicAccessStructureList::derefStructures):
-        (JSC::Instruction::Instruction):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITStubs.cpp:
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeChain):
-        * runtime/JSObject.h:
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        (JSC::JSPropertyNameIterator::get):
-        (JSC::JSPropertyNameIterator::markChildren):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::append):
-        * runtime/Structure.h:
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-
-2011-03-29  Matthew Delaney  <mdelaney@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Use the Accelerate vImage vectorized (un)premultiplyImageData functions for ImageBufferCG
-
-        https://bugs.webkit.org/show_bug.cgi?id=53134
-
-        * wtf/Platform.h: Added in WTF flag for using the Accelerate framework
-
-2011-03-30  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Share most vsprops between Release and Production builds in releaseproduction.vsprops
-        https://bugs.webkit.org/show_bug.cgi?id=57508
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
-
-2011-03-30  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Explicitly prevent testapi and minidom from being installed rather than relying
-        on Xcode's current behavior of not installing if INSTALL_PATH is not explicitly
-        set at the target level.
-
-        <rdar://problem/9206357>
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-03-30  Timur Iskhodzhanov  <timurrrr@google.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Add some dynamic annotations to JavaScriptCore/wtf
-        https://bugs.webkit.org/show_bug.cgi?id=53747
-
-        By using these annotations we can improve the precision of finding
-        WebKit errors using dynamic analysis tools like ThreadSanitizer and Valgrind.
-        These annotations don't affect the compiled binaries unless USE(DYNAMIC_ANNOTATIONS) is "1".
-
-        These files don't add new functionality, so don't need extra tests.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/DynamicAnnotations.cpp: Added.
-        (WTFAnnotateBenignRaceSized):
-        (WTFAnnotateHappensBefore):
-        (WTFAnnotateHappensAfter):
-        * wtf/DynamicAnnotations.h: Added.
-        * wtf/ThreadSafeRefCounted.h:
-        (WTF::ThreadSafeRefCountedBase::derefBase):
-        * wtf/text/StringStatics.cpp:
-        (WTF::StringImpl::empty):
-
-2011-03-30  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make StructureChain GC allocated
-        https://bugs.webkit.org/show_bug.cgi?id=56695
-
-        Make StructureChain GC allocated, and make the various owners
-        mark it correctly.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::derefStructures):
-        (JSC::CodeBlock::refStructures):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/Instruction.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        (JSC::PolymorphicAccessStructureList::derefStructures):
-        (JSC::PolymorphicAccessStructureList::markAggregate):
-        (JSC::Instruction::Instruction):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        (JSC::StructureStubInfo::markAggregate):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-        * jit/JITStubs.cpp:
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::markIfNeeded):
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeChain):
-        * runtime/JSObject.h:
-        (JSC::JSObject::markChildrenDirect):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        (JSC::JSPropertyNameIterator::get):
-        (JSC::JSPropertyNameIterator::markChildren):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::append):
-        * runtime/Structure.h:
-        (JSC::Structure::cachedPrototypeChainSlot):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-        (JSC::StructureChain::createStructure):
-
-2011-03-30  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Update Windows production build logic for new production configurations
-        https://bugs.webkit.org/show_bug.cgi?id=57494
-
-        * JavaScriptCore.vcproj/JavaScriptCore.make:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
-        * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
-        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
-        * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
-
-2011-03-30  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Rename Windows configuration Release_LTCG to Production for clarity
-        https://bugs.webkit.org/show_bug.cgi?id=57465
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops.
-        * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Removed.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops.
-        * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Removed.
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops.
-        * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Removed.
-
-2011-03-30  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add the NEXT_OPCODE() macro to the DFG-JIT parser
-        https://bugs.webkit.org/show_bug.cgi?id=57322
-
-        In JavaScriptCore we use macros to jump to the next opcode
-        (both in interpreter and JIT). This macro is added to the
-        DFG-JIT parser as well.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-
-2011-03-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        ~25% regression on v8-splay in the SunSpider harness
-        https://bugs.webkit.org/show_bug.cgi?id=56128
-        
-        I'm not sure if this is the root cause of the regression Stephanie
-        measured, but it seems to get us back to previous v8-splay times.
-        
-        SunSpider reports no change. v8-splay says 41% faster.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reset): Make marking proportional to 1X the size of the heap,
-        not .5X the size of the heap. When the heap is large, this makes a big
-        difference. (Our old heap growth policy matched this. You can see by
-        looking at resizeBlocks in revisions prior to r77699.)
-
-2011-03-29  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Use per-configuration vsprops in JavaScriptCore to avoid WebKitVSPropsRedirectionDir removal by MSVC IDE
-        https://bugs.webkit.org/show_bug.cgi?id=57350
-        
-        Visual Studio's IDE was removing instances of $(WebKitVSPropsRedirectionDir) from
-        InheritedPropertySheet rules in our vcproj files when the vcproj was edited from within
-        the IDE. To avoid this, add a separate vsprops file for each project configuration that
-        contains the required inherited property sheets.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseLTCG.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Added.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTFReleaseLTCG.vsprops: Added.
-        * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jscReleaseLTCG.vsprops: Added.
-        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Added.
-        * JavaScriptCore.vcproj/testapi/testapi.vcproj:
-        * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Added.
-        * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Added.
-        * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Added.
-        * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/testapi/testapiReleaseLTCG.vsprops: Added.
-
-2011-03-29  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        REGRESSION(r82173): Causes assertion and test failures in run-javascriptcore-tests on Windows (Requested by aroben on #webkit).
-        https://bugs.webkit.org/show_bug.cgi?id=57333
-
-        constructDate now takes the global object explicitly as it may be called
-        by functions other than the constructor itself.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeDate):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::constructWithDateConstructor):
-        * runtime/DateConstructor.h:
-
-2011-03-29  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Benjamin Poulain.
-
-        https://bugs.webkit.org/show_bug.cgi?id=41953
-
-        Fix compile error on Solaris 10/Sun Studio 12 CC emanating from MathExtras.h
-
-        * wtf/MathExtras.h:
-
-2011-03-29  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=57231
-        Add conditional for SUNCC supporting alignment macros
-
-        Compile fix for Solaris 10/Sun Studio 12 CC
-
-        * wtf/Vector.h:
-
-2011-03-29  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=57256
-
-        Fix crash on misaligned reads on Solaris 10/Sparc
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::equal):
-
-2011-03-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        instanceof Array test fails when using iframes
-        https://bugs.webkit.org/show_bug.cgi?id=17250
-
-        This is a problem with all built in constructors, the use of
-        lexicalGlobalObject rather than the constructors own 
-        global object reference means that a builtin will always use
-        the prototype from the lexical global object rather than that
-        of the constructors origin.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunction):
-        (JSObjectMakeRegExp):
-        * JavaScriptCore.exp:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanConstructor.h:
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        * runtime/DateInstance.cpp:
-        * runtime/DateInstance.h:
-        * runtime/ErrorConstructor.cpp:
-        (JSC::constructWithErrorConstructor):
-        (JSC::callErrorConstructor):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructWithFunctionConstructor):
-        (JSC::callFunctionConstructor):
-        (JSC::constructFunction):
-        * runtime/FunctionConstructor.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnPropertySlot):
-        (JSC::JSCell::put):
-        (JSC::JSCell::deleteProperty):
-        (JSC::JSCell::toThisObject):
-        (JSC::JSCell::toObject):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSValue::toObject):
-        * runtime/JSNotAnObject.cpp:
-        (JSC::JSNotAnObject::toObject):
-        * runtime/JSNotAnObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::toObject):
-        * runtime/JSObject.h:
-        * runtime/JSString.cpp:
-        (JSC::StringObject::create):
-        (JSC::JSString::toObject):
-        (JSC::JSString::toThisObject):
-        * runtime/JSString.h:
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toObjectSlowCase):
-        (JSC::JSValue::toThisObjectSlowCase):
-        (JSC::JSValue::synthesizeObject):
-        * runtime/JSValue.h:
-        * runtime/NumberConstructor.cpp:
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberObject.cpp:
-        (JSC::constructNumber):
-        * runtime/NumberObject.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructObject):
-        (JSC::constructWithObjectConstructor):
-        (JSC::callObjectConstructor):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        (JSC::constructWithRegExpConstructor):
-        (JSC::callRegExpConstructor):
-        * runtime/RegExpConstructor.h:
-        * runtime/StringConstructor.cpp:
-        (JSC::constructWithStringConstructor):
-        * runtime/StringObject.h:
-
-2011-03-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESSION [r78794-r79249] Allocation of memory is slow when number of active objects is large
-        https://bugs.webkit.org/show_bug.cgi?id=56823
-        
-        Partial fix for most of the problem. (TOT still shows a regression, though.)
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reportExtraMemoryCostSlowCase): Use highWaterMark(), instead of
-        capacity(), since capacity() is O(n) relative to the size of the heap.
-
-        In limited circumstances, capacity() is also worse than highWaterMark()
-        for measuring extra cost relative to heap size, since capacity() only
-        measures the *current* capacity of the heap, but the heap will grow if
-        necessary to attain highWaterMark().
-
-2011-03-28  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION(r82130): It made all tests crash (Requested by Ossy on #webkit).
-        https://bugs.webkit.org/show_bug.cgi?id=57251
-
-        Build fix, had remnant of another patch in r82130
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByIdChainList):
-
-2011-03-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Add additional immediate types to allow us to distinguish the source of a JIT immediate
-        https://bugs.webkit.org/show_bug.cgi?id=57190
-
-        Allow us to distinguish whether a JIT immediate is a value that we
-        control (TrustedImm32 and TrustedImmPtr) vs. ones that can be controlled
-        or influenced by code we are compiling.  Currently we do nothing with this
-        information -- this change is large and mechanical but would obscure any
-        logic changes that we would have made.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
-        (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
-        (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
-        (JSC::AbstractMacroAssembler::Imm32::Imm32):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::pop):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::branchPtr):
-        (JSC::MacroAssembler::branch32):
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::andPtr):
-        (JSC::MacroAssembler::orPtr):
-        (JSC::MacroAssembler::subPtr):
-        (JSC::MacroAssembler::xorPtr):
-        (JSC::MacroAssembler::setPtr):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::branchTestPtr):
-        (JSC::MacroAssembler::branchSubPtr):
-        (JSC::MacroAssembler::branchTest8):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::add32):
-        (JSC::MacroAssemblerARM::and32):
-        (JSC::MacroAssemblerARM::lshift32):
-        (JSC::MacroAssemblerARM::mul32):
-        (JSC::MacroAssemblerARM::or32):
-        (JSC::MacroAssemblerARM::rshift32):
-        (JSC::MacroAssemblerARM::urshift32):
-        (JSC::MacroAssemblerARM::sub32):
-        (JSC::MacroAssemblerARM::xor32):
-        (JSC::MacroAssemblerARM::store32):
-        (JSC::MacroAssemblerARM::push):
-        (JSC::MacroAssemblerARM::move):
-        (JSC::MacroAssemblerARM::branch8):
-        (JSC::MacroAssemblerARM::branch32):
-        (JSC::MacroAssemblerARM::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARM::branch16):
-        (JSC::MacroAssemblerARM::branchTest8):
-        (JSC::MacroAssemblerARM::branchTest32):
-        (JSC::MacroAssemblerARM::branchAdd32):
-        (JSC::MacroAssemblerARM::branchMul32):
-        (JSC::MacroAssemblerARM::branchSub32):
-        (JSC::MacroAssemblerARM::set32Compare32):
-        (JSC::MacroAssemblerARM::set8Compare32):
-        (JSC::MacroAssemblerARM::set32Test32):
-        (JSC::MacroAssemblerARM::set32Test8):
-        (JSC::MacroAssemblerARM::moveWithPatch):
-        (JSC::MacroAssemblerARM::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM::storePtrWithPatch):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::add32):
-        (JSC::MacroAssemblerARMv7::and32):
-        (JSC::MacroAssemblerARMv7::lshift32):
-        (JSC::MacroAssemblerARMv7::mul32):
-        (JSC::MacroAssemblerARMv7::or32):
-        (JSC::MacroAssemblerARMv7::rshift32):
-        (JSC::MacroAssemblerARMv7::urshift32):
-        (JSC::MacroAssemblerARMv7::sub32):
-        (JSC::MacroAssemblerARMv7::xor32):
-        (JSC::MacroAssemblerARMv7::load32):
-        (JSC::MacroAssemblerARMv7::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARMv7::load16):
-        (JSC::MacroAssemblerARMv7::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARMv7::store32):
-        (JSC::MacroAssemblerARMv7::loadDouble):
-        (JSC::MacroAssemblerARMv7::storeDouble):
-        (JSC::MacroAssemblerARMv7::push):
-        (JSC::MacroAssemblerARMv7::move):
-        (JSC::MacroAssemblerARMv7::compare32):
-        (JSC::MacroAssemblerARMv7::test32):
-        (JSC::MacroAssemblerARMv7::branch32):
-        (JSC::MacroAssemblerARMv7::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARMv7::branch16):
-        (JSC::MacroAssemblerARMv7::branch8):
-        (JSC::MacroAssemblerARMv7::branchTest32):
-        (JSC::MacroAssemblerARMv7::branchTest8):
-        (JSC::MacroAssemblerARMv7::branchAdd32):
-        (JSC::MacroAssemblerARMv7::branchMul32):
-        (JSC::MacroAssemblerARMv7::branchSub32):
-        (JSC::MacroAssemblerARMv7::nearCall):
-        (JSC::MacroAssemblerARMv7::call):
-        (JSC::MacroAssemblerARMv7::set32Compare32):
-        (JSC::MacroAssemblerARMv7::set8Compare32):
-        (JSC::MacroAssemblerARMv7::set32Test32):
-        (JSC::MacroAssemblerARMv7::set32Test8):
-        (JSC::MacroAssemblerARMv7::moveWithPatch):
-        (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::storePtrWithPatch):
-        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::makeJump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-        (JSC::MacroAssemblerARMv7::setupArmAddress):
-        (JSC::MacroAssemblerARMv7::makeBaseIndexBase):
-        (JSC::MacroAssemblerARMv7::moveFixedWidthEncoding):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::add32):
-        (JSC::MacroAssemblerMIPS::and32):
-        (JSC::MacroAssemblerMIPS::lshift32):
-        (JSC::MacroAssemblerMIPS::mul32):
-        (JSC::MacroAssemblerMIPS::or32):
-        (JSC::MacroAssemblerMIPS::rshift32):
-        (JSC::MacroAssemblerMIPS::urshift32):
-        (JSC::MacroAssemblerMIPS::sub32):
-        (JSC::MacroAssemblerMIPS::xor32):
-        (JSC::MacroAssemblerMIPS::load32):
-        (JSC::MacroAssemblerMIPS::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerMIPS::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerMIPS::store32):
-        (JSC::MacroAssemblerMIPS::push):
-        (JSC::MacroAssemblerMIPS::move):
-        (JSC::MacroAssemblerMIPS::branch8):
-        (JSC::MacroAssemblerMIPS::branch32):
-        (JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerMIPS::branch16):
-        (JSC::MacroAssemblerMIPS::branchTest32):
-        (JSC::MacroAssemblerMIPS::branchTest8):
-        (JSC::MacroAssemblerMIPS::branchAdd32):
-        (JSC::MacroAssemblerMIPS::branchMul32):
-        (JSC::MacroAssemblerMIPS::branchSub32):
-        (JSC::MacroAssemblerMIPS::set8Compare32):
-        (JSC::MacroAssemblerMIPS::set32Compare32):
-        (JSC::MacroAssemblerMIPS::set32Test8):
-        (JSC::MacroAssemblerMIPS::set32Test32):
-        (JSC::MacroAssemblerMIPS::moveWithPatch):
-        (JSC::MacroAssemblerMIPS::branchPtrWithPatch):
-        (JSC::MacroAssemblerMIPS::storePtrWithPatch):
-        (JSC::MacroAssemblerMIPS::tailRecursiveCall):
-        (JSC::MacroAssemblerMIPS::loadDouble):
-        (JSC::MacroAssemblerMIPS::storeDouble):
-        (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::add32):
-        (JSC::MacroAssemblerX86::addWithCarry32):
-        (JSC::MacroAssemblerX86::and32):
-        (JSC::MacroAssemblerX86::or32):
-        (JSC::MacroAssemblerX86::sub32):
-        (JSC::MacroAssemblerX86::store32):
-        (JSC::MacroAssemblerX86::branch32):
-        (JSC::MacroAssemblerX86::moveWithPatch):
-        (JSC::MacroAssemblerX86::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86::storePtrWithPatch):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::add32):
-        (JSC::MacroAssemblerX86Common::and32):
-        (JSC::MacroAssemblerX86Common::lshift32):
-        (JSC::MacroAssemblerX86Common::mul32):
-        (JSC::MacroAssemblerX86Common::or32):
-        (JSC::MacroAssemblerX86Common::rshift32):
-        (JSC::MacroAssemblerX86Common::urshift32):
-        (JSC::MacroAssemblerX86Common::sub32):
-        (JSC::MacroAssemblerX86Common::xor32):
-        (JSC::MacroAssemblerX86Common::store32):
-        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerX86Common::push):
-        (JSC::MacroAssemblerX86Common::move):
-        (JSC::MacroAssemblerX86Common::branch8):
-        (JSC::MacroAssemblerX86Common::branch32):
-        (JSC::MacroAssemblerX86Common::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerX86Common::branch16):
-        (JSC::MacroAssemblerX86Common::branchTest32):
-        (JSC::MacroAssemblerX86Common::branchTest8):
-        (JSC::MacroAssemblerX86Common::branchAdd32):
-        (JSC::MacroAssemblerX86Common::branchMul32):
-        (JSC::MacroAssemblerX86Common::branchSub32):
-        (JSC::MacroAssemblerX86Common::set8Compare32):
-        (JSC::MacroAssemblerX86Common::set32Compare32):
-        (JSC::MacroAssemblerX86Common::set32Test8):
-        (JSC::MacroAssemblerX86Common::set32Test32):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::add32):
-        (JSC::MacroAssemblerX86_64::and32):
-        (JSC::MacroAssemblerX86_64::or32):
-        (JSC::MacroAssemblerX86_64::sub32):
-        (JSC::MacroAssemblerX86_64::loadDouble):
-        (JSC::MacroAssemblerX86_64::addDouble):
-        (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
-        (JSC::MacroAssemblerX86_64::store32):
-        (JSC::MacroAssemblerX86_64::call):
-        (JSC::MacroAssemblerX86_64::tailRecursiveCall):
-        (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
-        (JSC::MacroAssemblerX86_64::addPtr):
-        (JSC::MacroAssemblerX86_64::andPtr):
-        (JSC::MacroAssemblerX86_64::orPtr):
-        (JSC::MacroAssemblerX86_64::subPtr):
-        (JSC::MacroAssemblerX86_64::xorPtr):
-        (JSC::MacroAssemblerX86_64::storePtr):
-        (JSC::MacroAssemblerX86_64::setPtr):
-        (JSC::MacroAssemblerX86_64::branchPtr):
-        (JSC::MacroAssemblerX86_64::branchTestPtr):
-        (JSC::MacroAssemblerX86_64::branchSubPtr):
-        (JSC::MacroAssemblerX86_64::moveWithPatch):
-        (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
-        (JSC::MacroAssemblerX86_64::branchTest8):
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::callOperation):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::jitAssertIsInt32):
-        (JSC::DFG::JITCompiler::emitCount):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::emitPutImmediateToCallFrameHeader):
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitTimeoutCheck):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_urshift):
-        (JSC::JIT::emitSlow_op_urshift):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emit_op_mod):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emit_op_jnless):
-        (JSC::JIT::emit_op_jless):
-        (JSC::JIT::emit_op_jlesseq):
-        (JSC::JIT::emit_op_lshift):
-        (JSC::JIT::emitRightShift):
-        (JSC::JIT::emitRightShiftSlowCase):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emit_op_bitnot):
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        (JSC::JIT::emitSlow_op_post_dec):
-        (JSC::JIT::emit_op_pre_inc):
-        (JSC::JIT::emit_op_pre_dec):
-        (JSC::JIT::emit_op_add):
-        (JSC::JIT::emitAdd32Constant):
-        (JSC::JIT::emit_op_sub):
-        (JSC::JIT::emitSub32Constant):
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emit_op_mul):
-        (JSC::JIT::emitSlow_op_mul):
-        (JSC::JIT::emit_op_div):
-        (JSC::JIT::emit_op_mod):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutCellToCallFrameHeader):
-        (JSC::JIT::emitPutIntToCallFrameHeader):
-        (JSC::JIT::emitPutImmediateToCallFrameHeader):
-        (JSC::JIT::emitLoadCharacterString):
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-        (JSC::JIT::checkStructure):
-        (JSC::JIT::setSamplingFlag):
-        (JSC::JIT::clearSamplingFlag):
-        (JSC::JIT::emitCount):
-        (JSC::JIT::sampleInstruction):
-        (JSC::JIT::sampleCodeBlock):
-        (JSC::JIT::emitStoreInt32):
-        (JSC::JIT::emitStoreCell):
-        (JSC::JIT::emitStoreBool):
-        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
-        (JSC::JIT::emitInitRegister):
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitJumpIfImmediateInteger):
-        (JSC::JIT::emitJumpIfNotImmediateInteger):
-        (JSC::JIT::emitFastArithDeTagImmediate):
-        (JSC::JIT::emitFastArithDeTagImmediateJumpIfZero):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitTagAsBoolImmediate):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_check_has_instance):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_ensure_property_exists):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_jsr):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_new_func_exp):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_push_new_scope):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_init_lazy_reg):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emit_op_convert_this_strict):
-        (JSC::JIT::emitSlow_op_not):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::emit_op_get_arguments_length):
-        (JSC::JIT::emitSlow_op_get_arguments_length):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-        (JSC::JIT::emit_op_new_regexp):
-        (JSC::JIT::emit_op_load_varargs):
-        (JSC::JIT::emitSlow_op_load_varargs):
-        (JSC::JIT::emit_op_new_func):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_loop_if_lesseq):
-        (JSC::JIT::emit_op_check_has_instance):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_tear_off_arguments):
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_ensure_property_exists):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jneq_ptr):
-        (JSC::JIT::emit_op_jsr):
-        (JSC::JIT::emit_op_eq):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emit_op_neq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_new_func_exp):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_to_jsnumber):
-        (JSC::JIT::emit_op_push_new_scope):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_create_activation):
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emit_op_convert_this_strict):
-        (JSC::JIT::emit_op_get_arguments_length):
-        (JSC::JIT::emitSlow_op_get_arguments_length):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::softModulo):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_get_by_pname):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emit_op_put_by_index):
-        (JSC::JIT::emit_op_put_getter):
-        (JSC::JIT::emit_op_put_setter):
-        (JSC::JIT::emit_op_del_by_id):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_getter):
-        (JSC::JIT::emit_op_put_setter):
-        (JSC::JIT::emit_op_del_by_id):
-        (JSC::JIT::emit_op_get_by_id):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::compileGetByIdSlowCase):
-        (JSC::JIT::emitSlow_op_put_by_id):
-        (JSC::JIT::testPrototype):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::emit_op_get_by_pname):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::addArgument):
-        * jit/JITStubs.cpp:
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
-        (JSC::JSInterfaceJIT::emitLoadInt32):
-        (JSC::JSInterfaceJIT::emitLoadDouble):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-        (JSC::SpecializedThunkJIT::loadJSStringArgument):
-        (JSC::SpecializedThunkJIT::tagReturnAsInt32):
-        (JSC::SpecializedThunkJIT::tagReturnAsJSCell):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charToString):
-        (JSC::powThunkGenerator):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::matchCharacterClass):
-        (JSC::Yarr::YarrGenerator::storeToFrame):
-        (JSC::Yarr::YarrGenerator::storeToFrameWithPatch):
-        (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterSingle):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
-        (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
-        (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
-        (JSC::Yarr::YarrGenerator::generateDisjunction):
-
-2011-03-28  Andras Becsi  <abecsi@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt] Fix the linking of jsc with MinGW after r81963.
-
-        * jsc.pro: add -l and remove the lib suffix.
-
-2011-03-27  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        https://bugs.webkit.org/show_bug.cgi?id=57170  Fix last elements
-        in an enum to remove a trailing comma. Sun Studio 12 CC errors out.
-
-        Compile fix only, no actual code change.
-
-        * wtf/MessageQueue.h:
-
-2011-03-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Allow defineOwnProperty to work on DOMObjects
-        https://bugs.webkit.org/show_bug.cgi?id=57129
-
-        Fix a couple of places where we uses getter()/setter() rather
-        than [gs]etterPresent().
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineOwnProperty):
-
-2011-03-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Crash when paused at a breakpoint caused by inaccurate Activation records.
-        https://bugs.webkit.org/show_bug.cgi?id=57120
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-
-2011-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Crash in debugger beneath MarkStack::drain @ me.com, ibm.com
-        https://bugs.webkit.org/show_bug.cgi?id=57080
-        <rdar://problem/8525907>
-
-        The crash was caused by changes in the executable after recompilation.
-
-        The fix is for the activation to copy the data it needs instead of
-        relying on the data in the executable.
-        
-        SunSpider and v8 report no change.
-
-        * runtime/Arguments.h:
-        (JSC::JSActivation::copyRegisters): Use our own data members instead of
-        reading data out of the executable.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation): Initialize our data members.
-
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        (JSC::JSActivation::isDynamicScope):
-        (JSC::JSActivation::argumentsGetter): Use our own data members instead of
-        reading data out of the executable.
-
-        * runtime/JSActivation.h: Added new data members to track data previously
-        tracked by the executable. Since I've removed the executable pointer,
-        on a 64bit system, I've only made activations bigger by an int.
-
-2011-03-25  David Kilzer  <ddkilzer@apple.com>
-
-        Remove duplicate entry from JavaScriptCore.exp
-
-        JSC::createStackOverflowError(JSC::ExecState*) was originally
-        exported in r60057, then duplicated in r60392.
-
-        * JavaScriptCore.exp: Removed duplicate entry.
-
-2011-03-25  Jarred Nicholls  <jarred@sencha.com>
-
-        Reviewed by Ariya Hidayat.
-
-        [Qt] MSVC Build Error - need to link advapi32.lib for jsc.exe
-        https://bugs.webkit.org/show_bug.cgi?id=56098
-
-        Need to link advapi32.lib for jsc.exe since wtf/OSRandomSource.cpp uses the Win32 Crypto API
-
-        * jsc.pro:
-
-2011-03-24  Nikolas Zimmermann  <nzimmermann@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Introduce WTF HexNumber.h
-        https://bugs.webkit.org/show_bug.cgi?id=56099
-
-        Introduce a set of functions that ease converting from a bye or a number to a hex string,
-        replacing several of these conversions and String::format("%x") usages all over WebCore.
-
-        * GNUmakefile.am: Add HexNumber.h to build.
-        * JavaScriptCore.exp: Export StringBuilder::reserveCapacity.
-        * JavaScriptCore.gypi: Add HexNumber.h to build.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export StringBuilder::reserveCapacity.
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj: Add HexNumber.h to build.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * wtf/CMakeLists.txt: Ditto.
-        * wtf/HexNumber.h: Added.
-        (WTF::Internal::hexDigitsForMode): Internal helper.
-        (WTF::appendByteAsHex): Free function, that appends a byte as hex string into a destination.
-        (WTF::placeByteAsHex): Ditto, but places the result using *foo++ = '..' or foo[index++] = '..'
-        (WTF::appendUnsignedAsHex): Free function, that appends a number as hex string into a destination.
-
-2011-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 2: Add new symobl.
-        
-        (I should have used the EWS bots for this!)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Windows build fix take 1: Removed old symobl.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Ensure that all compilation takes place within a dynamic global object scope
-        https://bugs.webkit.org/show_bug.cgi?id=57054
-        <rdar://problem/9083011>        
-
-        Otherwise, entry to the global object scope might throw away the code
-        we just compiled, causing a crash.
-
-        * JavaScriptCore.exp: Updated for signature change.
-
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate): Removed explicit compilation calls
-        here because (a) they took place outside a dynamic global object scope
-        and (b) they were redundant.
-
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall): Updated for signature change.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct): Declare our dynamic global object
-        scope earlier, to ensure that compilation takes place within it.
-
-        * runtime/Completion.cpp:
-        (JSC::evaluate): Removed explicit compilation calls here because (a)
-        they took place outside a dynamic global object scope and (b) they were
-        redundant.
-
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::compile):
-        (JSC::ProgramExecutable::compile):
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileForConstruct): Added an ASSERT to
-        verify our new invariant that all compilation takes place within a
-        dynamic global object scope.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        * runtime/JSGlobalObject.h: Changed the signature of DynamicGlobalObjectScope
-        to require a JSGlobalData instead of an ExecState* since it is often
-        easier to provide the former, and the latter was not necessary.
-
-2011-03-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        REGRESSION (r79987-r80210): Crash in JSWeakObjectMapClear
-        https://bugs.webkit.org/show_bug.cgi?id=55671
-
-        This is no longer necessary, and it seems that with the new weakmap
-        model it's simply unsafe, so this reduces it to a no-op. 
-
-        * API/JSWeakObjectMapRefPrivate.cpp:
-
-2011-03-24  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Darin Adler.
-
-        https://bugs.webkit.org/show_bug.cgi?id=20302
-        Correct implementation of signbit on Solaris
-
-        * wtf/MathExtras.h:
-        (signbit):
-
-2011-03-23  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/7959320> Threads that use APIs above the BSD layer must be registered with the Obj-C GC.
-
-        * wtf/ThreadingPthreads.cpp:
-        (WTF::initializeCurrentThreadInternal):
-
-2011-03-23  Mark Rowe  <mrowe@apple.com>
-
-        Stop setting OTHER_OPTIONS in JavaScriptCore's Makefile.
-
-        It's not necessary to pass "-target All" as xcodebuild always builds the
-        first target in the project unless otherwise specified. The presence of
-        that option also breaks "make clean" since that results in both the
-        -target and -alltargets options being passed to xcodebuild.
-
-        * Makefile:
-
-2011-03-23  Pavel Feldman  <pfeldman@chromium.org>
-
-        Not reviewed: bring back Vector::contains that was removed as a part of roll back.
-
-        * wtf/Vector.h:
-        (WTF::::contains):
-
-2011-03-23  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r81686.
-        http://trac.webkit.org/changeset/81686
-        https://bugs.webkit.org/show_bug.cgi?id=56914
-
-        Breaks webkit_tests in Chromium again. (Requested by pfeldman
-        on #webkit).
-
-        * wtf/Vector.h:
-
-2011-03-23  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        JavaScriptCore GYP build should work on a case-sensitive file system
-        https://bugs.webkit.org/show_bug.cgi?id=56911
-
-        The issue is that there are two UString.h headers, one named UString.h
-        and one named ustring.h.  This patch excludes ustring.h from the header
-        map to avoid confusion.  While I was editing this part of the GYP file,
-        I cleaned up the exclude rules to be more modern.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        REGRESSION (r78382): No scripts appear in the Web Inspector's Scripts
-        panel on Windows, and many inspector regression tests are failing
-        https://bugs.webkit.org/show_bug.cgi?id=54490
-        
-        The bug was caused by two different classes using the same name (Recompiler).
-
-        * debugger/Debugger.cpp:
-        * runtime/JSGlobalData.cpp:
-        (WTF::Recompiler::operator()): Put Recompiler in an anonymous namespace,
-        so our two recompilers' inline functions don't stomp each other at
-        link time.
-
-2011-03-22  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Remove USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
-        <rdar://problem/8944718> 
-
-        * DerivedSources.make:
-        Remove generation of USE_WK_SCROLLBAR_PAINTER_AND_CONTROLLER.
-
-2011-03-22  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt] Add DFG module to build system (disabled by default).
-        https://bugs.webkit.org/show_bug.cgi?id=56845
-
-        * JavaScriptCore.pri:
-        * JavaScriptCore.pro:
-
-2011-03-22  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Add support to build-webkit for building with gyp-generated project files
-        https://bugs.webkit.org/show_bug.cgi?id=56877
-
-        Found a couple missing Private headers while trying to make WebCore build.
-
-        * JavaScriptCore.gypi:
-
-2011-03-22  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Make it possible to build JavaScriptCore and WebCore gyp builds outside of Source
-        https://bugs.webkit.org/show_bug.cgi?id=56867
-
-        This should make it possible to build the gyp-generated JavaScriptCore.xcodeproj
-        from a JavaScriptCore directory outside of Source.
-
-        * gyp/JavaScriptCore.gyp:
-        * gyp/run-if-exists.sh: Added.
-        * gyp/update-info-plist.sh: Added.
-
-2011-03-22  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Add Profiling Configuration to JavaScriptCore gyp build
-        https://bugs.webkit.org/show_bug.cgi?id=56862
-
-        It appears this is identical to Release, but I suspect
-        there is someone/thing who uses the Profiling target
-        so we're adding it for completeness.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-22  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Remove os_win32_files variable from the GYP build
-        https://bugs.webkit.org/show_bug.cgi?id=56804
-
-        Now that our understanding of GYP is sufficiently advanced, we don't
-        need os_win32_files any more.  (Turns out Eric was right, as he always
-        is.)
-
-        * JavaScriptCore.gypi:
-
-2011-03-22  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        GYP build of JavaScriptCore should be able to link from an empty WebKitBuild directory
-        https://bugs.webkit.org/show_bug.cgi?id=56803
-
-        Previously, we thought we should generate the derived source files in
-        the shared intermediate build products directory, but there are
-        assumptions built into other parts of the Mac build system that the
-        derived source files will be generated in a particular subdirectory of
-        the build products directory.
-
-        This patch is a partial revert of the change that moved the derived
-        source files to the shared intermediate directory.  After this patch,
-        the GYP build can build JavaScriptCore without help from the main
-        normal build system.
-
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-        * gyp/generate-derived-sources.sh:
-        * gyp/generate-dtrace-header.sh:
-
-2011-03-22  Jay Civelli  <jcivelli@chromium.org>
-
-        Reviewed by David Levin.
-
-        Adding a contains method to Vector.
-        https://bugs.webkit.org/show_bug.cgi?id=55859
-
-        * wtf/Vector.h:
-        (WTF::Vector::contains):
-
-2011-03-22  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Fix a bunch of typos in DFG.
-        https://bugs.webkit.org/show_bug.cgi?id=56813
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::parse):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::setSpilled):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::setupStubArguments):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        * dfg/DFGNode.h:
-        * dfg/DFGNonSpeculativeJIT.h:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::allocate):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::~ScoreBoard):
-        (JSC::DFG::ScoreBoard::allocate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-
-2011-03-22  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Production configuration in GYP isn&apos;t set up correctly
-        https://bugs.webkit.org/show_bug.cgi?id=56786
-
-        Update JavaScriptCore.gyp with information mined from
-        JavaScriptCore.xcodeproj.
-
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-22  Kent Tamura  <tkent@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        REGRESSION(r80096): Number type input unexpectedly rounds fractional values
-        https://bugs.webkit.org/show_bug.cgi?id=56367
-
-        Introduce clampToInteger(unsigned).
-        
-        * wtf/MathExtras.h:
-        (clampToInteger): Added.
-
-2011-03-21  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        GYP build should not have include paths that point within the source tree
-        https://bugs.webkit.org/show_bug.cgi?id=56788
-
-        Turns out we don't need these include paths anymore now that we have
-        header maps working properly.
-
-        * gyp/JavaScriptCore.gyp:
-            - Also, remove jsc.cpp from the excluded list because it's not part
-              of the jsc_files variable instead of the javascriptcore_files
-              variable.
-
-2011-03-21  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Solve the Assertions.cpp / -Wno-missing-format-attribute mystery
-        https://bugs.webkit.org/show_bug.cgi?id=56780
-
-        The reason we couldn't resolve this warning in the GYP build was that
-        the normal build disables this warning specifically for this file.
-        This patch takes the same approach as the previous patch to
-        WebCoreObjCExtras.mm in that it uses a pragma to suppress the warning
-        (rather than a build system configuration).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Remove the special-case for this file.
-        * gyp/JavaScriptCore.gyp:
-            - Remove the work-around for this issue.
-        * wtf/Assertions.cpp:
-            - Add a pragma disabling this warning for this file.
-
-2011-03-21  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        WebCore GYP build shouldn't crash on startup
-        https://bugs.webkit.org/show_bug.cgi?id=56776
-
-        Debug builds shouldn't define NDEBUG.  This same logic exists in the
-        project.pbxproj file.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-21  Robert Kroeger  <rjkroege@chromium.org>
-
-        Reviewed by Antonio Gomes.
-
-        Flag to enable/disable a GestureReocognizer framework
-
-        https://bugs.webkit.org/show_bug.cgi?id=49345
-
-        * wtf/Platform.h:
-
-2011-03-21  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add new files to JavaScriptCore.gypi
-        https://bugs.webkit.org/show_bug.cgi?id=56766
-
-        * JavaScriptCore.gypi:
-
-2011-03-21  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r81377.
-        http://trac.webkit.org/changeset/81377
-        https://bugs.webkit.org/show_bug.cgi?id=56765
-
-        WebPageSerializerTest.MultipleFrames is broken (Requested by
-        simonjam on #webkit).
-
-        * wtf/Vector.h:
-
-2011-03-21  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Extend constant pool to be able to store 16 bit instructions with a constant
-        https://bugs.webkit.org/show_bug.cgi?id=46796
-
-        The putShortWithConstantInt function inserts a 16 bit instruction which
-        refers a 32 bits constant or literal. This is a vital function for those
-        target which loads a PC relative value with a 16 bit instruction (like
-        Thumb-2 instruction set and SH4 architecture).
-
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::putIntegral):
-        (JSC::AssemblerBuffer::putIntegralUnchecked):
-        * assembler/AssemblerBufferWithConstantPool.h:
-
-2011-03-21  Philippe Normand  <pnormand@igalia.com>
-
-        Unreviewed, GTK distcheck build fix.
-
-        * GNUmakefile.am:
-
-2011-03-20  Bill Budge  <bbudge@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Rename ThreadSafeShared to ThreadSafeRefCounted
-        https://bugs.webkit.org/show_bug.cgi?id=56714
-
-        No new tests. Exposes no new functionality.
-
-        * API/JSClassRef.h:
-        * API/OpaqueJSString.h:
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Atomics.h:
-        * wtf/CMakeLists.txt:
-        * wtf/CrossThreadRefCounted.h:
-        (WTF::CrossThreadRefCounted::CrossThreadRefCounted):
-        (WTF::::crossThreadCopy):
-        * wtf/ThreadSafeRefCounted.h: Copied from wtf/ThreadSafeShared.h.
-        (WTF::ThreadSafeRefCountedBase::ThreadSafeRefCountedBase):
-        (WTF::ThreadSafeRefCountedBase::ref):
-        (WTF::ThreadSafeRefCountedBase::refCount):
-        (WTF::ThreadSafeRefCountedBase::derefBase):
-        (WTF::ThreadSafeRefCounted::ThreadSafeRefCounted):
-        * wtf/ThreadSafeShared.h: Removed.
-        * wtf/Threading.h:
-
-2011-03-19  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Remove StringImpl::computeHash()
-        https://bugs.webkit.org/show_bug.cgi?id=49894
-
-        Replace remainig StringImpl::computeHash with StringImpl::computeHashStringHasher.
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::CStringTranslator::hash):
-        (WTF::UCharBufferTranslator::hash):
-        (WTF::HashAndCharactersTranslator::hash):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::setHash):
-        (WTF::StringImpl::hash):
-
-2011-03-19  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Rename WTF::StringHasher methods
-        https://bugs.webkit.org/show_bug.cgi?id=53532
-
-        Rename createHash to computeHash and createBlobHash to hashMemory.
-        Also add a using WTF::StringHasher in the header file.
-
-        * profiler/CallIdentifier.h:
-        (JSC::CallIdentifier::Hash::hash):
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierCStringTranslator::hash):
-        (JSC::IdentifierUCharBufferTranslator::hash):
-        * wtf/StringHasher.h:
-        (WTF::StringHasher::computeHash):
-        (WTF::StringHasher::hashMemory):
-        * wtf/text/StringHash.h:
-        (WTF::CaseFoldingHash::hash):
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::computeHash):
-        * wtf/unicode/UTF8.cpp:
-        (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
-
-2011-03-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        [GTK] JSC crashes in 32bit Release bots after r80743
-        https://bugs.webkit.org/show_bug.cgi?id=56180
-        
-        The crash was caused by referencing GC memory from a GC destructor. This
-        is not safe because destruction time / order is not guaranteed.
-
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::create):
-        (JSC::ProfileGenerator::ProfileGenerator):
-        (JSC::ProfileGenerator::willExecute):
-        (JSC::ProfileGenerator::didExecute):
-        * profiler/ProfileGenerator.h:
-        (JSC::ProfileGenerator::origin): Made ExecState* the first argument,
-        to match the rest of this class and JSC.
-        
-        Use a JSGlobalObject* instead of an ExecState* with an indirect reference
-        to a JSGlobalObject* to track our origin. This is simpler and more
-        efficient, and it removes the destruction order dependency that was causing
-        our crash.
-
-        * profiler/Profiler.cpp:
-        (JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*.
-        (JSC::Profiler::stopProfiling): New function for stopping all profiles
-        for a given global object. This is more straight-forward than multiplexing
-        through the old function.
-
-        (JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*.
-        * profiler/Profiler.h: Ditto.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject): Ditto.
-
-2011-03-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        1 Structure leaked beneath JSGlobalData::storeVPtrs()
-        https://bugs.webkit.org/show_bug.cgi?id=56595
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::VPtrHackExecutable::VPtrHackExecutable):
-        (JSC::ScriptExecutable::ScriptExecutable): Use a raw pointer instead of
-        PassRefPtr, like JSString does, since JSGlobalData owns the singleton
-        exectuable structure.
-
-2011-03-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Fixed some string leaks seen on the buildbot
-        https://bugs.webkit.org/show_bug.cgi?id=56619
-
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::~PropertyTable): DEref!
-
-2011-03-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Crash in  JSC::MarkStack::drain Under Stress
-        https://bugs.webkit.org/show_bug.cgi?id=56470
-
-        We perform a number of gc allocations while when
-        we are setting up new globals in a piece of global
-        code.  We do this by adding new properties to the
-        symbol table, and then expanding the storage to fit
-        at the end.
-
-        If a GC happens during this time we will report an
-        incorrect size for the global object's symbol table
-        storage.
-
-        This patch corrects this by growing the storage size
-        before we starting adding entries to the symbol table.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::resizeRegisters):
-
-2011-03-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        1 Structure leaked beneath JSGlobalData::storeVPtrs()
-        https://bugs.webkit.org/show_bug.cgi?id=56595
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs): Take local ownership of the Structure
-        we're using, since the Executable is not designed to own the Structure.
-
-2011-03-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Sam Weinig.
-
-        Add missing register-register branchTest8 to MacroAssemblerX86Common/X86Assembler.
-
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchTest8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::testb_rr):
-
-2011-03-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 56603 - DFG JIT related cleanup
-        Move node generation out to separate function, move binarySearch algorithm out
-        to StdLibExtras, fix Graph::dump() to print comma between non-node children,
-        even if there are no node children.
-
-        * bytecode/CodeBlock.h:
-        (JSC::getCallReturnOffset):
-        (JSC::CodeBlock::getStubInfo):
-        (JSC::CodeBlock::getCallLinkInfo):
-        (JSC::CodeBlock::getMethodCallLinkInfo):
-        (JSC::CodeBlock::bytecodeOffset):
-            - Move binaryChop to binarySearch in StdLibExtras
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parse):
-        (JSC::DFG::parse):
-            - Make m_noArithmetic a member, initialize m_currentIndex in the constructor.
-        * dfg/DFGByteCodeParser.h:
-            - Change parse() to not take a start index (always 0).
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-            - Fix Graph::dump() to print comma between non-node children, even if there are no node children.
-        * dfg/DFGJITCodeGenerator.h:
-        (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
-            - Initialize m_compileIndex in constructor.
-        * dfg/DFGNonSpeculativeJIT.cpp:
-        (JSC::DFG::NonSpeculativeJIT::compile):
-        * dfg/DFGNonSpeculativeJIT.h:
-            - Spilt out compilation of individual node.
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationConvertThis):
-        * dfg/DFGOperations.h:
-            - Cleanup parameter name.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-            - Spilt out compilation of individual node.
-        * runtime/Executable.cpp:
-        (JSC::tryDFGCompile):
-            - Change parse() to not take a start index (always 0).
-        * wtf/StdLibExtras.h:
-        (WTF::binarySearch):
-            - Move binaryChop to binarySearch in StdLibExtras
-
-2011-03-17  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Fix clang build.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs):
-
-2011-03-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        1 Structure leaked beneath JSGlobalData::storeVPtrs()
-        https://bugs.webkit.org/show_bug.cgi?id=56595
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs): Now that we have an executable, we need
-        to explicitly run its destructor.
-
-2011-03-17  Jeff Miller  <jeffm@apple.com>
-
-        Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically:
-        
-        *.mode*
-        *.pbxuser
-        *.perspective*
-        project.xcworkspace
-        xcuserdata
-
-        * JavaScriptCore.xcodeproj: Modified property svn:ignore.
-
-2011-03-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reverting r81197, breaks JIT + INTERPRETER build.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
-        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::addStructureStubInfo):
-        * bytecode/Opcode.h:
-        * bytecode/StructureStubInfo.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::emitCatch):
-
-2011-03-17  Ben Taylor  <bentaylor.solx86@gmail.com>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Add a COMPILER(SUNCC) define for Sun Studio 12. 
-        https://bugs.webkit.org/show_bug.cgi?56444
-        derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932
-
-        * wtf/Platform.h:
-
-2011-03-17  Jay Civelli  <jcivelli@chromium.org>
-
-        Reviewed by David Levin.
-
-        Adding a contains method to Vector.
-        https://bugs.webkit.org/show_bug.cgi?id=55859
-
-        * wtf/Vector.h:
-        (WTF::::operator):
-        (WTF::::contains):
-
-2011-03-17  Patrick Gansterer  <paroga@webkit.org>
-
-        Fix the interpreter build.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Added globalData to inheritorID().
-
-2011-03-16  Sam Weinig  <sam@webkit.org>
-
-        Fix the interpreter build.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolve):
-        (JSC::Interpreter::resolveSkip):
-        (JSC::Interpreter::resolveGlobal):
-        (JSC::Interpreter::resolveGlobalDynamic):
-        (JSC::Interpreter::resolveBaseAndProperty):
-        (JSC::Interpreter::privateExecute):
-        Remove .get()s.
-
-2011-03-16  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by James Robinson.
-
-        Remove USE(BUILTIN_UTF8_CODEC)
-        https://bugs.webkit.org/show_bug.cgi?id=56508
-
-        We added this recently when we were unsure about the stability of the
-        built-in UTF-8 codec.  However, the codec seems to be stable, so we
-        don't need the macro.
-
-        * wtf/Platform.h:
-
-2011-03-16  Daniel Bates  <dbates@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Make JIT build for ARM Thumb-2 with RVCT
-        https://bugs.webkit.org/show_bug.cgi?id=56440
-
-        Derived from a patch by Dave Tapuska.
-
-        Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment.
-
-        * jit/JITStubs.cpp:
-
-2011-03-16  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Darin Adler.
-
-        Fix MIPS build with const *void
-        https://bugs.webkit.org/show_bug.cgi?id=56513
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::load32):
-        (JSC::MacroAssemblerMIPS::store32):
-
-2011-03-16  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Remove unnecessary caller tracking shenanigans from CodeBlock
-        https://bugs.webkit.org/show_bug.cgi?id=56483
-
-        This removes some leftover cruft from when we made CodeBlock
-        mark its callees.  Removing it gives us a 0.7% progression,
-        reducing the overall regression to ~1.3%.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::CallLinkInfo):
-        * jit/JIT.cpp:
-        (JSC::JIT::linkCall):
-        (JSC::JIT::linkConstruct):
-
-2011-03-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make Structure creation require a JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=56438
-
-        Mechanical change to make Structure::create require JSGlobalData&, and
-        require all users to provide the globalData.
-
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.h:
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::createStructure):
-        * API/JSContextRef.cpp:
-        * JavaScriptCore.exp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::createStructure):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionRun):
-        (jscmain):
-        * runtime/Arguments.h:
-        (JSC::Arguments::createStructure):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::createStructure):
-        * runtime/BooleanObject.h:
-        (JSC::BooleanObject::createStructure):
-        * runtime/DateInstance.h:
-        (JSC::DateInstance::createStructure):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::createStructure):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::createStructure):
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::createStructure):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::createStructure):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSByteArray.cpp:
-        (JSC::JSByteArray::createStructure):
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::JSByteArray):
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::createDummyStructure):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs):
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::createStructure):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::createInheritorID):
-        * runtime/JSObject.h:
-        (JSC::JSObject::createStructure):
-        (JSC::JSNonFinalObject::createStructure):
-        (JSC::JSFinalObject::createStructure):
-        (JSC::createEmptyObjectStructure):
-        (JSC::JSObject::inheritorID):
-        * runtime/JSObjectWithGlobalObject.h:
-        (JSC::JSObjectWithGlobalObject::createStructure):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::createStructure):
-        * runtime/JSString.h:
-        (JSC::RopeBuilder::createStructure):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::createStructure):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::createStructure):
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::createStructure):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/NativeErrorConstructor.cpp:
-        (JSC::NativeErrorConstructor::NativeErrorConstructor):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::createStructure):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.h:
-        (JSC::NumberObject::createStructure):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::createStructure):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::createStructure):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::createStructure):
-        * runtime/StringObject.h:
-        (JSC::StringObject::createStructure):
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::createStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-
-2011-03-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Some conservative root gathering cleanup
-        https://bugs.webkit.org/show_bug.cgi?id=56447
-        
-        SunSpider says 0.5% - 1.8% faster.
-
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::gatherConservativeRoots):
-        * interpreter/RegisterFile.h: New helper function for doing the
-        conservative gathering of the register file. It's still conservative,
-        since the register file may contain uninitialized values, but it's
-        moving-safe, because it only visits values tagged as pointers, so there's
-        no risk of mistaking an integer for a pointer and accidentally changing it.
-
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeRoots::add):
-        * runtime/ConservativeSet.h: Added a single-value add function, used above.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots): Separated machine stack conservative roots from
-        register file conservative roots because machine stack roots must be
-        pinned, but register file roots need not be pinned.
-        
-        Adopted new interface for passing the current stack extent to the machine
-        stack root gathering routine. This allows us to exclude marking-related
-        data structures on the stack, and thus avoid double-marking the set of
-        machine roots.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::MachineThreads::gatherFromCurrentThread):
-        (JSC::MachineThreads::gatherConservativeRoots):
-        * runtime/MachineStackMarker.h: Added new interface, described above.
-
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::firstAtom):
-        * wtf/StdLibExtras.h:
-        (WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used
-        by MachineStacks.
-
-2011-03-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        A little bit of MarkStack cleanup
-        https://bugs.webkit.org/show_bug.cgi?id=56443
-        
-        Moved MarkStack functions into MarkStack.h/.cpp.
-        
-        SunSpider reports no change.
-
-        * runtime/JSArray.h:
-        * runtime/JSCell.h: Moved from here...
-        * runtime/MarkStack.cpp:
-        (JSC::MarkStack::markChildren):
-        (JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's
-        a huge function, and not called many times.
-
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::~MarkStack): Moved near constructor, per style guide.
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::deprecatedAppend):
-        (JSC::MarkStack::internalAppend): Moved to here.
-
-2011-03-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed another deprecatedAppend
-        https://bugs.webkit.org/show_bug.cgi?id=56429
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::markStrongHandles):
-        * collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are
-        marked directly by the Heap.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots): Ditto.
-
-2011-03-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed some more deprecated / unsafe append
-        https://bugs.webkit.org/show_bug.cgi?id=56428
-
-        * collector/handles/HandleStack.cpp:
-        (JSC::HandleStack::mark):
-        * collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot
-        marker, since it's a heap root.
-        
-        * runtime/ArgList.cpp:
-        (JSC::MarkedArgumentBuffer::markLists):
-        (JSC::MarkedArgumentBuffer::slowAppend):
-        * runtime/ArgList.h: Ditto.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots): Added a mark call for marking the handle stack.
-        It seems like Oliver forgot this in his last patch. (!)
-
-        * runtime/MarkStack.h: Removed appendSlots, since it would allow an
-        object to embed JSValues directly instead of using WriteBarrier.
-
-        (JSC::MarkStack::append): Added a private append for a list of values.
-
-        (JSC::HeapRootMarker::mark): Access to the above.
-
-2011-03-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed a few more deprecatedAppends, and removed HeapRoot<T>
-        https://bugs.webkit.org/show_bug.cgi?id=56422
-        
-        Added HeapRootMarker, a privileged class for marking direct heap roots
-        that are iterated during each garbage collection. This is easier to use
-        and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>.
-
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::exception):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Completion.cpp:
-        (JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to
-        call .get() on it.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        (JSC::Heap::markTempSortVectors):
-        (JSC::Heap::markRoots):
-        * runtime/Heap.h: Updated to use HeapRootMarker.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkStack::append): Added private functions for
-        HeapRootMarker to use.
-
-        * runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>.
-
-        * runtime/MarkStack.h:
-        (JSC::HeapRootMarker::HeapRootMarker):
-        (JSC::HeapRootMarker::mark): Added private functions for
-        HeapRootMarker to use.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::markChildren): Updated to use HeapRootMarker.
-
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::emptyString):
-        (JSC::SmallStrings::singleCharacterString):
-        (JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker.
-
-        * runtime/WriteBarrier.h: Removed HeapRoot<T>.
-
-2011-03-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Made the global object moving-GC-safe
-        https://bugs.webkit.org/show_bug.cgi?id=56348
-        
-        SunSpider reports no change.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
-        suggested we do not need to visit all our references during GC, since
-        that is not true in a moving GC.
-
-        Re-sorted data members by type, removed one duplicate, and added back
-        the one missing mark I found.
-
-        * runtime/JSGlobalObject.h: Re-sorted data members by type.
-
-2011-03-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Introduce Local<T> to allow us to start moving to precise marking of locals
-        https://bugs.webkit.org/show_bug.cgi?id=56394
-
-        Introduce a new handle type, Local<T> and a scoping mechanism
-        LocalScope to allow us to start moving towards precise marking
-        of temporaries and local variables.
-
-        We also start to use the new Local<> type in the JSON stringifier
-        so that we can have some coverage of their behaviour in the initial
-        checkin.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.pro:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * collector/handles/Handle.h:
-        (JSC::::asObject):
-        * collector/handles/HandleStack.cpp: Added.
-        (JSC::HandleStack::HandleStack):
-        (JSC::HandleStack::mark):
-        (JSC::HandleStack::grow):
-        * collector/handles/HandleStack.h: Added.
-        (JSC::HandleStack::enterScope):
-        (JSC::HandleStack::zapTo):
-        (JSC::HandleStack::leaveScope):
-        (JSC::HandleStack::push):
-        * collector/handles/Local.h: Added.
-        (JSC::Local::internalSet):
-        (JSC::::Local):
-        (JSC::::operator):
-        (JSC::LocalStack::LocalStack):
-        (JSC::LocalStack::peek):
-        (JSC::LocalStack::pop):
-        (JSC::LocalStack::push):
-        (JSC::LocalStack::isEmpty):
-        (JSC::LocalStack::size):
-        * collector/handles/LocalScope.h: Added.
-        (JSC::LocalScope::LocalScope):
-        (JSC::LocalScope::~LocalScope):
-        (JSC::LocalScope::release):
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/Heap.h:
-        (JSC::Heap::allocateLocalHandle):
-        (JSC::Heap::handleStack):
-        * runtime/JSCell.h:
-        (JSC::JSCell::::getString):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::allocateLocalHandle):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::appendStringifiedValue):
-        (JSC::Stringifier::Holder::Holder):
-        (JSC::Walker::Walker):
-        (JSC::Walker::walk):
-        (JSC::JSONProtoFuncParse):
-        (JSC::JSONProtoFuncStringify):
-        (JSC::JSONStringify):
-        * runtime/JSONObject.h:
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::appendValues):
-        (JSC::MarkStack::appendSlots):
-
-2011-03-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber Stamped by Sam Weinig.
-
-        Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler
-        Some methods have unnecessary differences in name/arguments for interpreter/JIT.
-
-        * bytecode/CodeBlock.cpp:
-        * bytecode/CodeBlock.h:
-        (JSC::HandlerInfo::HandlerInfo):
-        (JSC::CodeBlock::addPropertyAccessInfo):
-        (JSC::CodeBlock::addGlobalResolveInfo):
-        (JSC::CodeBlock::addCallLinkInfo):
-        (JSC::CodeBlock::globalResolveInfo):
-        * bytecode/Opcode.h:
-        * bytecode/StructureStubInfo.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        (JSC::BytecodeGenerator::emitCatch):
-
-2011-03-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fix broken assert in new code.
-
-        * dfg/DFGAliasTracker.h:
-        (JSC::DFG::AliasTracker::recordPutByVal):
-            - recordPutByVal is called for both PutByVal & PutByValAlias.
-
-2011-03-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by Sam Weinig.
-
-        Removed redundant code from BytecodeGenerator.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        * bytecompiler/BytecodeGenerator.h:
-            - delete uncalled code missed when reparsing was removed.
-
-2011-03-15  Kevin Ollivier  <kevino@theolliviers.com>
-
-        Reviewed by Darin Adler.
-
-        Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export
-        info into the headers rather than in export symbol definition files, but disable it on 
-        all platforms initially so we can deal with port build issues one port at a time.
-        
-        https://bugs.webkit.org/show_bug.cgi?id=27551
-
-        * API/JSBase.h:
-        * config.h:
-        * wtf/Assertions.h:
-        * wtf/ExportMacros.h: Added.
-        * wtf/Platform.h:
-
-2011-03-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed build fix.
-
-        Buildfix when JIT is not enabled after r81079
-        https://bugs.webkit.org/show_bug.cgi?id=56361
-
-        * runtime/Executable.cpp:
-
-2011-03-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Made the global object moving-GC-safe
-        https://bugs.webkit.org/show_bug.cgi?id=56348
-        
-        SunSpider reports no change.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
-        suggested we do not need to visit all our references during GC, since
-        that is not true in a moving GC.
-
-        Re-sorted data members by type, removed one duplicate, and added back
-        the one missing mark I found.
-
-        * runtime/JSGlobalObject.h: Re-sorted data members by type.
-
-2011-03-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Made JSWrapperObject and subclasses moving-GC-safe
-        https://bugs.webkit.org/show_bug.cgi?id=56346
-        
-        SunSpider reports no change.
-
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance): No more need for JSGlobalData, since
-        we don't initialize the wrapped value in our constructor.
-
-        * runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because
-        we do not in fact override markChildren.
-
-        * runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object
-        no longer does so for us. Also added an ASSERT to catch a latent bug,
-        where DatePrototype stomped on its base class's anonymous slot. Hard-coded
-        anonymous slots are a plague on our code. This doesn't cause any problems
-        in our existing code since the base class never reads the anonymous slot
-        it declares, but it caused crashes when I tried to start using the slot
-        in an initial version of this patch.
-
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::JSWrapperObject):
-        (JSC::JSWrapperObject::internalValue):
-        (JSC::JSWrapperObject::setInternalValue): Resolved a problem where
-        our internal value was stored in two places: an anonymous slot, and a
-        data member which was not always visited during GC. Now, we only use the
-        data member, and we always visit it. (Instead of relying on certain
-        subclasses to set the OverridesMarkChildren bit, we set it ourselves.)
-
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject): No more need for JSGlobalData, since
-        we don't initialize the wrapped value in our constructor.
-
-        * runtime/NumberObject.h: Removed meaningless declaration.
-
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject): No more need for JSGlobalData, since
-        we don't initialize the wrapped value in our constructor.
-
-        * runtime/StringObject.h: Don't set the OverridesMarkChildren flag because
-        we do not in fact override markChildren.
-
-        * runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object
-        no longer does so for us. Also added an ASSERT to catch a latent bug,
-        where DatePrototype stomped on its base class's anonymous slot. Hard-coded
-        anonymous slots are a plague on our code.
-
-2011-03-14  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Look-ahead assertions with back references don’t work as expected
-        https://bugs.webkit.org/show_bug.cgi?id=56082
-
-        Changed parentheses assertion processing to temporarily back out the 
-        number of known characters after the assertion while processing the 
-        assertion.  This was done so that assertions don't fail due to 
-        checking the number of required characters as additional to the 
-        rest of the express since assertions don't "consume" input.
-        Added a byte code to uncheck characters to support the change.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::ByteCompiler::uncheckInput):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/YarrInterpreter.h:
-        (JSC::Yarr::ByteTerm::UncheckInput):
-
-2011-03-14  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian.
-        https://bugs.webkit.org/show_bug.cgi?id=56133
-
-        Add condition to not compile webkit internal math round functions on RVCT compiler versions 
-        from 3.0.0 because they are already defined in compiler math library.
-
-        * wtf/MathExtras.h:
-
-2011-03-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoffrey Garen & Oliver Hunt.
-
-        Bug 56284 - Add a dataflow intermediate representation for use in JIT generation.
-
-        The JSC JIT presently generates code directly from the bytecode used by the interpreter.
-        This is not an optimal intermediate representation for JIT code generation, since it does
-        not capture liveness information of values, and provides little opportunity to perform
-        any static analysis for even primitive types. The JIT currently generates two code paths,
-        a fast path handling common cases, and a slower path handling less common operand types.
-        However the slow path jumps back into the fast path, meaning that information arising
-        from the earlier type checks cannot be propagated to later operations.
-
-        This patch adds:
-            * a dataflow intermediate representation capable of describing a single basic block
-              of operations,
-            * a mechanism to convert a simple, single-block bytecode functions to the new IR,
-            * and a JIT code generator capable of generating code from this representation.
-
-        The JIT generates two code paths, with the slower path not reentering the fast path
-        mid-block, allowing speculative optimizations to be made on the hot path, with type
-        information arising from these speculative decisions able to be propagated through the
-        dataflow. Code generation of both speculative and non-speculative paths exploits the type
-        and liveness information represented in the dataflow graph to attempt to avoid redundant
-        boxing and type-checking of values, and to remove unnecessary spills of temporary values
-        to the RegisterFile.
-
-        The dataflow JIT currently can only support a subset of bytecode operations, limited to
-        arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
-        dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
-        expanded to include, control-flow, function calls, and then the long-tail of remaining
-        bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
-        this only supports x86-64.
-
-        The status of the dataflow JIT is currently work-in-progress. Limitations of the present
-        JIT code generation may cause performance regressions, particularly:
-            * the policy to only generate arithmetic code on the speculative path using integer
-              instructions, never using floating point.
-            * the policy to only generate arithmetic code on the non-speculative path using
-              floating point instructions, never using integer.
-            * always generating JSValue adds on the non-speculative path as a call out to a
-              C-function, never handling this in JIT code.
-            * always assuming by-Value property accesses on the speculative path to be array
-              accesses.
-            * generating all by-Value property accesses from the non-speculative path as a call
-              out to a C-function.
-            * generating all by-Indentifer property accesses as a call out to a C-function.
-        Due to these regressions, the code is landed in a state where it is disabled in most
-        cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
-        addressed, the JIT will be allowed to trigger in more cases.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Added new files to Xcode project.
-        * dfg: Added.
-            - Added directory for new code.
-        * dfg/DFGByteCodeParser.cpp: Added.
-        * dfg/DFGByteCodeParser.h: Added.
-            - Contruct a DFG::Graph representation from a bytecode CodeBlock.
-        * dfg/DFGGenerationInfo.h: Added.
-            - Track type & register information for VirtualRegisters during JIT code generation.
-        * dfg/DFGGraph.cpp: Added.
-        * dfg/DFGGraph.h: Added.
-            - Dataflow graph intermediate representation for code generation.
-        * dfg/DFGJITCodeGenerator.cpp: Added.
-        * dfg/DFGJITCodeGenerator.h: Added.
-            - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
-        * dfg/DFGJITCompiler.cpp: Added.
-        * dfg/DFGJITCompiler.h: Added.
-            - Class responsible for driving code generation of speculativeJIT & non-speculative
-              code paths from the dataflow graph.
-        * dfg/DFGNonSpeculativeJIT.cpp: Added.
-        * dfg/DFGNonSpeculativeJIT.h: Added.
-            - Used to generate the non-speculative code path, this make no assumptions
-              about operand types.
-        * dfg/DFGOperations.cpp: Added.
-        * dfg/DFGOperations.h: Added.
-            - Helper functions called from the JIT generated code.
-        * dfg/DFGRegisterBank.h: Added.
-            - Used to track contents of physical registers during JIT code generation.
-        * dfg/DFGSpeculativeJIT.cpp: Added.
-        * dfg/DFGSpeculativeJIT.h: Added.
-            - Used to generate the speculative code path, this make assumptions about
-              operand types to enable optimization.
-        * runtime/Executable.cpp:
-            - Add code to attempt to use the DFG JIT to compile a function, with fallback
-              to the existing JIT.
-        * wtf/Platform.h:
-            - Added compile guards to enable the DFG JIT.
-
-2011-03-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed more cases of DeprecatedPtr (exception, SmallStrings)
-        https://bugs.webkit.org/show_bug.cgi?id=56332
-
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        (JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded
-        constant, to make this code less brittle.
-
-        * runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because
-        this reference is owned and managed directly by the heap.
-
-        * runtime/JSString.cpp:
-        (JSC::JSString::substringFromRope):
-        * runtime/JSString.h:
-        (JSC::jsSingleCharacterString):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsString):
-        (JSC::jsStringWithFinalizer):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString): Use a variable instead of a hard-coded
-        constant, to make this code less brittle.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStringsStorage::rep):
-        (JSC::SmallStringsStorage::SmallStringsStorage):
-        (JSC::SmallStrings::SmallStrings):
-        (JSC::SmallStrings::markChildren):
-        (JSC::SmallStrings::clear):
-        (JSC::SmallStrings::count): Use a variable instead of a hard-coded
-        constant, to make this code less brittle.
-
-        * runtime/SmallStrings.h:
-        (JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of
-        DeprecatedPtr because these references are owned and managed directly by
-        the heap.
-        
-        Stop using FixedArray because we only want a very limited set
-        of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.)
-
-        * runtime/WriteBarrier.h:
-        (JSC::operator==):
-        (JSC::WriteBarrier::WriteBarrier):
-        (JSC::HeapRoot::HeapRoot):
-        (JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set
-        without write barrier because we assume all HeapRoots are scanned during
-        all GC passes.
-
-2011-03-14  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Adam Roben and Gavin Barraclough.
-
-        FileSystemWin.cpp needs listDirectory() implementation
-        https://bugs.webkit.org/show_bug.cgi?id=56331
-        <rdar://problem/9126635>
-        
-        Give StringConcatenate the ability to deal with const UChar*'s as a String type to append.
-
-        * wtf/text/StringConcatenate.h:
-
-2011-03-14  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if
-        the class definition contains duplicates. This also removes what look to be leaks
-        of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr
-        which retains / releases the instances at the appropriate time, so explicitly calling
-        ref is not necessary.
-
-2011-03-14  Oliver Hunt  <oliver@apple.com>
-
-        Fix windows build
-
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::emitLoadInt32):
-        (JSC::JSInterfaceJIT::tagFor):
-        (JSC::JSInterfaceJIT::payloadFor):
-        (JSC::JSInterfaceJIT::intPayloadFor):
-        (JSC::JSInterfaceJIT::intTagFor):
-        (JSC::JSInterfaceJIT::addressFor):
-
-2011-03-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Ensure all values are correctly tagged in the registerfile
-        https://bugs.webkit.org/show_bug.cgi?id=56214
-
-        This patch makes sure that all JSCell pointers written to
-        the registerfile are correctly tagged as JSCells, and replaces
-        raw int usage with the immediate representation.
-
-        For performance, register pressure, and general saneness reasons
-        I've added abstractions for reading and writing the tag
-        and payload of integer registers directly for the JSVALUE64
-        encoding.
-
-        * interpreter/Register.h:
-        (JSC::Register::withInt):
-        (JSC::Register::withCallee):
-        (JSC::Register::operator=):
-        (JSC::Register::i):
-        (JSC::Register::activation):
-        (JSC::Register::function):
-        (JSC::Register::propertyNameIterator):
-        (JSC::Register::scopeChain):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutToCallFrameHeader):
-        (JSC::JIT::emitPutCellToCallFrameHeader):
-        (JSC::JIT::emitPutIntToCallFrameHeader):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_load_varargs):
-        (JSC::JIT::emitSlow_op_load_varargs):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::intPayloadFor):
-        (JSC::JSInterfaceJIT::intTagFor):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::returnJSValue):
-        (JSC::SpecializedThunkJIT::returnDouble):
-        (JSC::SpecializedThunkJIT::returnInt32):
-        (JSC::SpecializedThunkJIT::returnJSCell):
-
-2011-03-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A few Heap-related renames (sans file moves, which should come next)
-        https://bugs.webkit.org/show_bug.cgi?id=56283
-        
-        ConservativeSet => ConservativeRoots. "Set" was misleading, since items
-        are not uniqued. Also, "Roots" is more specific about what's in the set.
-        
-        MachineStackMarker => MachineThreads. "Threads" is more descriptive of
-        the fact that this class maintains a set of all threads using JSC.
-        "Stack" was misleading, since this class traverses stacks and registers.
-        "Mark" was misleading, since this class doesn't mark anything anymore.
-        
-        registerThread => addCurrentThread. "Current" is more specific.
-        unregisterThread => removeCurrentThread. "Current" is more specific.
-        
-        "currentThreadRegistrar" => threadSpecific. The only point of this data
-        structure is to register a thread-specific destructor with a pointer to
-        this.
-        
-        "mark...Conservatively" => "gather". "Mark" is not true, since these
-        functions don't mark anything. "Conservatively" is redundant, since they
-        take "ConservativeRoots" as an argument.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        * JavaScriptCore.exp:
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeRoots::grow):
-        (JSC::ConservativeRoots::add):
-        * runtime/ConservativeSet.h:
-        (JSC::ConservativeRoots::ConservativeRoots):
-        (JSC::ConservativeRoots::~ConservativeRoots):
-        (JSC::ConservativeRoots::size):
-        (JSC::ConservativeRoots::roots):
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::markRoots):
-        * runtime/Heap.h:
-        (JSC::Heap::machineThreads):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::makeUsableFromMultipleThreads):
-        * runtime/MachineStackMarker.cpp:
-        (JSC::MachineThreads::MachineThreads):
-        (JSC::MachineThreads::~MachineThreads):
-        (JSC::MachineThreads::makeUsableFromMultipleThreads):
-        (JSC::MachineThreads::addCurrentThread):
-        (JSC::MachineThreads::removeThread):
-        (JSC::MachineThreads::removeCurrentThread):
-        (JSC::MachineThreads::gatherFromCurrentThreadInternal):
-        (JSC::MachineThreads::gatherFromCurrentThread):
-        (JSC::MachineThreads::gatherFromOtherThread):
-        (JSC::MachineThreads::gatherConservativeRoots):
-        * runtime/MachineStackMarker.h:
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::append):
-
-2011-03-13  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX for armv7 after r80969
-
-        Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
-        <https://bugs.webkit.org/show_bug.cgi?id=56270>
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load32): Made void* address argument
-        const.
-        (JSC::MacroAssemblerARMv7::store32): Ditto.
-
-2011-03-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Try to fix the Mac build.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward
-        ConervativeSet.h, since it's now visible when compiling other projects.
-
-2011-03-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed another case of DeprecatedPtr (ConservativeSet)
-        https://bugs.webkit.org/show_bug.cgi?id=56281
-        
-        The ConservativeSet is an internal data structure used during marking,
-        so direct pointers are fine.
-
-        * runtime/ConservativeSet.cpp:
-        (JSC::ConservativeSet::grow):
-        * runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append.
-        (JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated
-        the size of the set based on sizeof(DeprecatedPtr<T>*) instead of
-        sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not.
-        (JSC::ConservativeSet::size):
-        (JSC::ConservativeSet::set): Use direct pointers, as stated above. 
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/MarkStack.h:
-        (JSC::MarkStack::append): Created a special case of append for
-        ConservativeSet. I didn't want to add back a generic "append JSCell*"
-        function, since other class might start using that wrong. (In the end,
-        this function might go away, since the Heap will want to do something
-        slightly more interesting with the conservative set, but this is OK for
-        now.)
-
-2011-03-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed another case of DeprecatedPtr (PutPropertySlot)
-        https://bugs.webkit.org/show_bug.cgi?id=56278
-
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::setExistingProperty):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot,
-        since it's a stack-allocated temporary.
-
-2011-03-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Removed one case of DeprecatedPtr (ScopeChainIterator)
-        https://bugs.webkit.org/show_bug.cgi?id=56277
-
-        * runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator,
-        since it's a stack-allocated temporary.
-
-2011-03-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 56273 - Add three operand forms to MacroAssember operations.
-
-        Adding for X86(_64) for now, should be rolled out to other backends as necessary.
-        These may allow more efficient code generation in some cases, avoiding the need
-        for unnecessary register-register move instructions.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-            - marked these methods const.
-        (JSC::AbstractMacroAssembler::Jump::isSet):
-            - add a method to check whether a Jump object has been set to
-              reference an instruction, or is in a null, unset state. 
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::FunctionPtr::FunctionPtr):
-            - add non-explicit constructor, for FunctionPtr's to C/C++ functions.
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::and32):
-        (JSC::MacroAssemblerX86Common::lshift32):
-        (JSC::MacroAssemblerX86Common::or32):
-        (JSC::MacroAssemblerX86Common::rshift32):
-        (JSC::MacroAssemblerX86Common::urshift32):
-        (JSC::MacroAssemblerX86Common::xor32):
-        (JSC::MacroAssemblerX86Common::moveDouble):
-        (JSC::MacroAssemblerX86Common::addDouble):
-        (JSC::MacroAssemblerX86Common::divDouble):
-        (JSC::MacroAssemblerX86Common::subDouble):
-        (JSC::MacroAssemblerX86Common::mulDouble):
-        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerX86Common::branchTest32):
-        (JSC::MacroAssemblerX86Common::branchTest8):
-        (JSC::MacroAssemblerX86Common::branchAdd32):
-        (JSC::MacroAssemblerX86Common::branchMul32):
-        (JSC::MacroAssemblerX86Common::branchSub32):
-            - add three operand forms of these instructions.
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::addDouble):
-        (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
-        (JSC::MacroAssemblerX86_64::loadPtr):
-        (JSC::MacroAssemblerX86_64::branchTestPtr):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::JmpSrc::isSet):
-            - add a method to check whether a JmpSrc object has been set to
-              reference an instruction, or is in a null, unset state. 
-        (JSC::X86Assembler::movsd_rr):
-            - added FP register-register move.
-        (JSC::X86Assembler::linkJump):
-            - Add an assert to check jumps aren't linked more than once.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadInt32ToDouble):
-            - load integers to the FPU via regsiters on x86-64.
-
-2011-03-13  Gavin Barraclough  <barraclough@apple.com>
-
-        ARM build fix.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::load32):
-
-2011-03-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
-
-        The JIT need to 'friend' other classes in order to be able to calculate offsets
-        of various properties, or the absolute addresses of members within specific objects,
-        in order to JIT generate code that will access members within the class when run.
-
-        Instead of using friends in these cases, switch to providing specific accessor
-        methods to provide this information.  In the case of offsets, these can be static
-        functions, and in the case of pointers to members within a specific object these can
-        be const methods returning pointers to const values, to prevent clients from
-        modifying values otherwise encapsulated within classes.
-
-        * bytecode/SamplingTool.h:
-        * interpreter/Register.h:
-        * interpreter/RegisterFile.h:
-        * runtime/JSArray.h:
-        * runtime/JSCell.h:
-        * runtime/JSTypeInfo.h:
-        * runtime/JSVariableObject.h:
-        * runtime/Structure.h:
-        * wtf/RefCounted.h:
-            - Change these classes to no longer friend the JIT, add accessors for member offsets.
-        * jit/JIT.cpp:
-        * jit/JITCall32_64.cpp:
-        * jit/JITInlineMethods.h:
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-            - Change the JIT to use class accessors, rather than taking object ofsets directly.
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssemblerX86_64.h:
-        * assembler/X86Assembler.h:
-            - Since the accessors for objects members return const pointers to retain encapsulation,
-              methods generating code with absolute addresses must be able to handle const pointers
-              (the JIT doesn't write to these values, do dies treat the pointer to value as const
-              from within the C++ code of the JIT, if not at runtime!).
-
-2011-03-12  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r80919.
-        http://trac.webkit.org/changeset/80919
-        https://bugs.webkit.org/show_bug.cgi?id=56251
-
-        all windows bots failed to compile this change (Requested by
-        loislo on #webkit).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/StructureStubInfo.cpp:
-        * interpreter/Register.h:
-        (JSC::Register::withInt):
-        (JSC::Register::withCallee):
-        (JSC::Register::operator=):
-        (JSC::Register::i):
-        (JSC::Register::activation):
-        (JSC::Register::function):
-        (JSC::Register::propertyNameIterator):
-        (JSC::Register::scopeChain):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutToCallFrameHeader):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_load_varargs):
-        (JSC::JIT::emitSlow_op_load_varargs):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::payloadFor):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::returnJSValue):
-        (JSC::SpecializedThunkJIT::returnDouble):
-        (JSC::SpecializedThunkJIT::returnInt32):
-        (JSC::SpecializedThunkJIT::returnJSCell):
-        * runtime/ArgList.cpp:
-        * runtime/DateConversion.cpp:
-        * runtime/GCActivityCallbackCF.cpp:
-        * runtime/Identifier.cpp:
-        * runtime/JSActivation.h:
-        (JSC::asActivation):
-        * runtime/JSLock.cpp:
-        * runtime/JSNumberCell.cpp:
-        * runtime/JSObject.h:
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSValue.h:
-        * runtime/JSZombie.cpp:
-        * runtime/MarkedBlock.cpp:
-        * runtime/MarkedSpace.cpp:
-        * runtime/PropertyNameArray.cpp:
-        * runtime/ScopeChain.h:
-        (JSC::ExecState::globalThisValue):
-        * wtf/DateMath.cpp:
-
-2011-03-11  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Ensure all values are correctly tagged in the registerfile
-        https://bugs.webkit.org/show_bug.cgi?id=56214
-
-        This patch makes sure that all JSCell pointers written to
-        the registerfile are correctly tagged as JSCells, and replaces
-        raw int usage with the immediate representation.
-
-        For performance, register pressure, and general saneness reasons
-        I've added abstractions for reading and writing the tag
-        and payload of integer registers directly for the JSVALUE64
-        encoding.
-
-        * interpreter/Register.h:
-        (JSC::Register::withInt):
-        (JSC::Register::withCallee):
-        (JSC::Register::operator=):
-        (JSC::Register::i):
-        (JSC::Register::activation):
-        (JSC::Register::function):
-        (JSC::Register::propertyNameIterator):
-        (JSC::Register::scopeChain):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCall):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutToCallFrameHeader):
-        (JSC::JIT::emitPutCellToCallFrameHeader):
-        (JSC::JIT::emitPutIntToCallFrameHeader):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::emit_op_load_varargs):
-        (JSC::JIT::emitSlow_op_load_varargs):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::intPayloadFor):
-        (JSC::JSInterfaceJIT::intTagFor):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::returnJSValue):
-        (JSC::SpecializedThunkJIT::returnDouble):
-        (JSC::SpecializedThunkJIT::returnInt32):
-        (JSC::SpecializedThunkJIT::returnJSCell):
-
-2011-03-11  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Eric Seidel.
-
-        Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner.
-        https://bugs.webkit.org/show_bug.cgi?id=56231
-
-        * JavaScriptCore.gypi: Added project_dir variable.
-        * gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore.
-        * gyp/generate-dtrace-header.sh: Changed to use project_dir.
-
-2011-03-11  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Start using derived sources correctly and link minidom with JavaScriptCore gyp project.
-        https://bugs.webkit.org/show_bug.cgi?id=56217
-
-        * gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory
-            to the scripts.
-        * gyp/generate-derived-sources.sh: Changed to use passed directory.
-        * gyp/generate-dtrace-header.sh: Ditto.
-
-2011-03-11  Eric Carlson  <eric.carlson@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/8955589> Adopt AVFoundation media back end on Lion.
-
-        No new tests, existing media tests cover this.
-
-        * JavaScriptCore.exp: Export cancelCallOnMainThread
-        * wtf/Platform.h: Define WTF_USE_AVFOUNDATION.
-
-2011-03-11  Dimitri Glazkov  <dglazkov@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project.
-        https://bugs.webkit.org/show_bug.cgi?id=56207
-
-        * JavaScriptCore.gypi: Added Tracing.d to the sources.
-        * gyp/generate-dtrace-header.sh: Added.
-        * gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them),
-            and added DTrace header generating step.
-
-2011-03-10  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix allocation of native function with a cached thunk
-        https://bugs.webkit.org/show_bug.cgi?id=56127
-
-        Fix this race condition found while fixing zombies.
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::clearWeakPointers):
-        * runtime/Heap.cpp:
-        (JSC::Heap::reset):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::markChildren):
-        * runtime/JSValue.h:
-        (JSC::JSValue::decode):
-        * runtime/JSZombie.cpp:
-        (JSC::JSZombie::leakedZombieStructure):
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::createStructure):
-        * runtime/MarkedBlock.cpp:
-
-2011-03-10  Luiz Agostini  <luiz.agostini@openbossa.org>
-
-        Reviewed by Andreas Kling.
-
-        [Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently)
-        https://bugs.webkit.org/show_bug.cgi?id=33008
-
-        Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally.
-        Symbian is excluded because pthread_kill does not work on it. Mac is excluded because
-        it has its own ways to do JSC threading.
-
-        Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true.
-
-        * runtime/MachineStackMarker.cpp:
-        * wtf/Platform.h:
-
-2011-03-10  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 56077 - ES5 conformance issues with RegExp.prototype
-
-        There are three issues causing test failures in sputnik.
-
-        (1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden).
-        (2) The 'length' property of the test/exec functions should be 1.
-        (3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input.
-
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::markChildren):
-            - Added to mark lastIndex
-        (JSC::regExpObjectLastIndex):
-        (JSC::setRegExpObjectLastIndex):
-            - lastIndex is now stored as a JSValue.
-        (JSC::RegExpObject::match):
-            - Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double).
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::setLastIndex):
-        (JSC::RegExpObject::setLastIndex):
-            - Set lastIndex, either from a size_t or a JSValue.
-        (JSC::RegExpObject::getLastIndex):
-            - Get lastIndex.
-        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
-            - Initialize as a JSValue.
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-            - Add test/exec properties with length 1.
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-            - Do not read RegExp.input if none is provided.
-        * tests/mozilla/js1_2/regexp/RegExp_input.js:
-        * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js:
-            - Update these tests (they relied on non-ES5 behaviour).
-
-2011-03-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Rolled back in 80277 and 80280 with event handler layout test failures fixed.
-        https://bugs.webkit.org/show_bug.cgi?id=55653        
-
-        The failures were caused by a last minute typo: assigning to currentEvent
-        instead of m_currentEvent.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecompiler/BytecodeGenerator.cpp:
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * runtime/Arguments.h:
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSVariableObject.h:
-        * runtime/MarkedSpace.cpp:
-        * runtime/MarkedSpace.h:
-
-2011-03-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        jquery/manipulation.html fails after r80598
-        https://bugs.webkit.org/show_bug.cgi?id=56019
-
-        When linking a call, codeblock now takes ownership of the linked function
-        This removes the need for unlinking, and thus the incorrectness that was
-        showing up in these tests.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (JSC::CallLinkInfo::setUnlinked):
-        (JSC::CodeBlock::addCaller):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::linkConstruct):
-        * jit/JIT.h:
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-
-2011-03-09  Daniel Bates  <dbates@rim.com>
-
-        Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684>
-        (Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError().
-
-2011-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 56041 - RexExp constructor should only accept flags "gim"
-        Fix for issues introduced in r80667.
-
-        Invalid flags to a RegExp literal are a late syntax error!
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addRegExp):
-            - Pass a PassRefPtr<RegExp>
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addRegExp):
-        (JSC::BytecodeGenerator::emitNewRegExp):
-        * bytecompiler/BytecodeGenerator.h:
-            - Pass a PassRefPtr<RegExp>
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-            - Should not be ASSERTing that the flags are valid - this is a late(er) error.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-            - Need to check for error from RegExp constructor.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-            - Need to check for error from RegExp constructor.
-        * runtime/RegExp.h:
-        (JSC::RegExp::isValid):
-            - Make isValid check that the regexp was created with valid flags.
-        * runtime/RegExpKey.h:
-            - Since we'll not create RegExp objects with invalid flags, separate out the deleted value.
-
-2011-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix part 2.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix part 1.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-03-09  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Bug 56041 - RexExp constructor should only accept flags "gim"
-        We also should be passing the flags around as a bitfield rather than a string,
-        and should not have redundant, incompatible code for converting the string to a bitfield!
-
-        * JavaScriptCore.exp:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-            - Need to parse flags string to enum.
-        * runtime/RegExp.cpp:
-        (JSC::regExpFlags):
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::create):
-            - Add method to parse flags string to enum, change constructor/create args to take enum.
-        * runtime/RegExp.h:
-        (JSC::RegExp::global):
-        (JSC::RegExp::ignoreCase):
-        (JSC::RegExp::multiline):
-            - Change to use new enum values.
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::create):
-        * runtime/RegExpCache.h:
-            - Changed to use regExpFlags enum instead of int/const UString&.
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-            - Add use new enum parsing, check for error.
-        * runtime/RegExpKey.h:
-        (JSC::RegExpKey::RegExpKey):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-            - Pass NoFlags value instead of empty string.
-        (JSC::regExpProtoFuncCompile):
-            - Add use new enum parsing, check for error.
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-            - Pass NoFlags value instead of empty string.
-
-2011-03-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig
-
-        Bug 55994 - Functions on Array.prototype should check length first.
-        These methods are designed to work on generic objects too, and if 'length'
-        is a getter that throws an exception, ensure this is correctly thrown
-        (even if other exceptions would be thrown, too).
-
-        Make the length check the first thing we do.
-        This change shows a progression on SunSpider on my machine, but this is likely bogus.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncReverse):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        (JSC::arrayProtoFuncIndexOf):
-        (JSC::arrayProtoFuncLastIndexOf):
-
-2011-03-07  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make CodeBlock GC write barrier safe
-        https://bugs.webkit.org/show_bug.cgi?id=55910
-
-        In order to make CodeBlock WriteBarrier safe it was necessary
-        to make it have a single GC owner, and for that reason I have
-        made ExecutableBase a GC allocated object.  This required
-        updating their creation routines as well as all sites that hold
-        a reference to them.  GC objects that held Executable's have been
-        converted to WriteBarriers, and all other sites now use Global<>.
-
-        As an added benefit this gets rid of JSGlobalData's list of
-        GlobalCodeBlocks.
-
-        Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression
-        on SunSpider.  Given none of the tests that show regressions
-        demonstrate a regression on their own, and sampling shows up nothing.
-        I suspect we're just getting one or two additional gc passes at
-        the end of the run.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::EvalCodeCache::markAggregate):
-        (JSC::CodeBlock::markAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::ownerExecutable):
-        (JSC::CodeBlock::addConstant):
-        (JSC::CodeBlock::constantRegister):
-        (JSC::CodeBlock::getConstant):
-        (JSC::CodeBlock::addFunctionDecl):
-        (JSC::CodeBlock::addFunctionExpr):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::ExecState::r):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::get):
-        * bytecode/SamplingTool.h:
-        (JSC::ScriptSampleRecord::ScriptSampleRecord):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitEqualityOp):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::makeFunction):
-        * debugger/Debugger.cpp:
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadDouble):
-        (JSC::JIT::emitLoadInt32ToDouble):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::hostFunctionStub):
-        (JSC::JITThunks::clearHostFunctionStubs):
-        * jit/JITStubs.h:
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::~FunctionExecutable):
-        (JSC::EvalExecutable::markChildren):
-        (JSC::ProgramExecutable::markChildren):
-        (JSC::FunctionExecutable::markChildren):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::createStructure):
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::VPtrHackExecutable::VPtrHackExecutable):
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::EvalExecutable::create):
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::create):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::create):
-        (JSC::FunctionExecutable::createStructure):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/Heap.cpp:
-        (JSC::Heap::destroy):
-        (JSC::Heap::markRoots):
-        * runtime/Heap.h:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::markChildren):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::JSActivationData::JSActivationData):
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::~JSFunction):
-        (JSC::JSFunction::markChildren):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::storeVPtrs):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSObject.cpp:
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::markChildren):
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        * runtime/JSZombie.cpp:
-        (JSC::JSZombie::leakedZombieStructure):
-        * runtime/JSZombie.h:
-        (JSC::JSZombie::createStructure):
-        * runtime/MarkedSpace.h:
-
-2011-03-07  Andy Estes  <aestes@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        REGRESSION (r79060): Timestamp is missing from tweets in twitter.
-        https://bugs.webkit.org/show_bug.cgi?id=55228
-
-        A change to the date parser to handle the case where the year is
-        specified before the time zone inadvertently started accepting strings
-        such as '+0000' as valid years. Those strings actually represent time
-        zones in an offset of hours and minutes from UTC, not years.
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters): If the current character
-        in dateString is '+' or '-', do not try to parse the next token as a
-        year.
-
-2011-03-06  Yuta Kitamura  <yutak@chromium.org>
-
-        Reviewed by Kent Tamura.
-
-        Add SHA-1 for new WebSocket protocol
-        https://bugs.webkit.org/show_bug.cgi?id=55039
-
-        The code is based on Chromium's portable SHA-1 implementation
-        (src/base/sha1_portable.cc). Modifications were made in order
-        to make the code comply with WebKit coding style.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CMakeLists.txt:
-        * wtf/MD5.cpp:
-        (WTF::MD5::MD5):
-        * wtf/SHA1.cpp: Added.
-        (WTF::testSHA1): This function will be run the first time SHA1
-        constructor is called. This function computes a few hash values
-        and checks the results in debug builds. However, constructor is
-        probably not a good place to run these tests, so we need to find
-        a good place for it (bug 55853).
-        (WTF::expectSHA1):
-        (WTF::f):
-        (WTF::k):
-        (WTF::rotateLeft):
-        (WTF::SHA1::SHA1):
-        (WTF::SHA1::addBytes):
-        (WTF::SHA1::computeHash):
-        (WTF::SHA1::finalize):
-        (WTF::SHA1::processBlock):
-        (WTF::SHA1::reset):
-        * wtf/SHA1.h: Added.
-        (WTF::SHA1::addBytes):
-        * wtf/wtf.pri:
-
-2011-03-05  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add Derived Sources to WebCore GYP build
-        https://bugs.webkit.org/show_bug.cgi?id=55813
-
-        Rename the action to be friendlier.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-04  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Need symbian version of cryptographicallyRandomValuesFromOS
-        https://bugs.webkit.org/show_bug.cgi?id=55782
-
-        Implement Symbian version of cryptographicallyRandomValuesFromOS
-
-        * wtf/OSRandomSource.cpp:
-        (WTF::cryptographicallyRandomValuesFromOS):
-
-2011-03-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible().
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::defineOwnProperty):
-            Add missing check.
-
-2011-03-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Rubber stamped by olliej.
-
-        Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-            (1) don't infinite loop.
-            (2) goto 1.
-
-2011-03-04  Gavin Barraclough  <barraclough@apple.com>
-
-        cmake build fix.
-
-        * CMakeLists.txt:
-
-2011-03-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add Copy Files step to JavaScriptCore GYP build for apitest and minidom
-        https://bugs.webkit.org/show_bug.cgi?id=55798
-
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Remove unneeded round-trips through ../Source in the Chromium GYP build
-        https://bugs.webkit.org/show_bug.cgi?id=55795
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-03-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Use target_defaults to reduce boilerplate in GYP build system
-        https://bugs.webkit.org/show_bug.cgi?id=55790
-
-        Instead of setting up the configuration in each target, just defer to
-        target_defaults.  Also, removed a define that was redundant with the
-        xcconfig.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-03  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 55736 - Implement seal/freeze/preventExtensions for normal object types.
-        Provide basic functionallity from section 15.2.4 of ECMA-262.
-        This support will need expanding to cover arrays, too.
-
-        Shows a 0.5% progression on SunSpidey, this seems to be due to changing
-        ObjectConstructor to use a static table.
-
-        * DerivedSources.make:
-        * JavaScriptCore.exp:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::objectConstructorTable):
-            Add a static table for ObjectConstructor.
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-            Add a static table for ObjectConstructor.
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-            Add a static table for ObjectConstructor.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::seal):
-        (JSC::JSObject::freeze):
-        (JSC::JSObject::preventExtensions):
-            Transition the object's structure.
-        (JSC::JSObject::defineOwnProperty):
-            Check isExtensible.
-        * runtime/JSObject.h:
-        (JSC::JSObject::isSealed):
-        (JSC::JSObject::isFrozen):
-        (JSC::JSObject::isExtensible):
-            These wrap method on structure.
-        (JSC::JSObject::putDirectInternal):
-            Check isExtensible.
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::ObjectConstructor):
-        (JSC::ObjectConstructor::getOwnPropertySlot):
-        (JSC::ObjectConstructor::getOwnPropertyDescriptor):
-            Change ObjectConstructor to use a static table.
-        (JSC::objectConstructorSeal):
-        (JSC::objectConstructorFreeze):
-        (JSC::objectConstructorPreventExtensions):
-        (JSC::objectConstructorIsSealed):
-        (JSC::objectConstructorIsFrozen):
-        (JSC::objectConstructorIsExtensible):
-            Add new methods on Object.
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::createStructure):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-            init/propagate  m_preventExtensions
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-            transition the structure, materializing the property map, setting m_preventExtensions & changing attributes.
-        (JSC::Structure::isSealed):
-        (JSC::Structure::isFrozen):
-            check attributes to detect if object is sealed/frozen.
-        * runtime/Structure.h:
-        (JSC::Structure::isExtensible):
-            checks the m_preventExtensions flag.
-
-2011-03-04  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Jon Honeycutt.
-
-        Adopt VersionStamper tool for Windows WebKit DLLs
-        https://bugs.webkit.org/show_bug.cgi?id=55784
-        <rdar://problem/9021273>
-        
-        We now use a tool to stamp the version number onto the Apple WebKit DLLs
-        during the post-build step.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:
-
-2011-03-04  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        JavaScriptCore GYP build should use a header map
-        https://bugs.webkit.org/show_bug.cgi?id=55712
-
-        This patch moves the os-win32 files into their own variable so that we
-        can use a header map in the Apple Mac Xcode build.  The problem is that
-        the header map searches the whole project rather than just the files
-        included in a given target.  Another solution to this problem is to
-        make GYP smarter about filtering out what files are added to the
-        project file.
-
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-03  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h
-        https://bugs.webkit.org/show_bug.cgi?id=55554
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0.
-        (JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer.
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::addStaticGlobals): Ditto.
-        * wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR
-        (WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t.
-
-2011-03-03  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add jsc to JavaScriptCore GYP build
-        https://bugs.webkit.org/show_bug.cgi?id=55711
-
-        * JavaScriptCore.gypi:
-            - Move jsc.cpp into jsc_files because it's really part of the jsc
-              target.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Remove extraneous files from the normal jsc build.  I probably
-              added these by mistake at some point.
-        * gyp/JavaScriptCore.gyp:
-            - Add the jsc target to the GYP file.
-
-2011-03-03  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add testapi to JavaScriptCore GYP build
-        https://bugs.webkit.org/show_bug.cgi?id=55707
-
-        The new testapi target is slightly incomplete.  There's a resource
-        copying step that we don't quite have yet.
-
-        This patch also cleans up some of the configuration issues in
-        JavaScriptCore.xcodeproj.  It seems kind of wordy to repeat these for
-        each target.  I suspect there's a more compact way of defining the
-        configurations, but this removes the "Default" configuration, which is
-        progress.
-
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-03  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Teach JavaScriptCore GYP build about private headers
-        https://bugs.webkit.org/show_bug.cgi?id=55532
-
-        This patch distinguishes between public and private framework headers
-        so that public headers are copied into the Headers directory and
-        private headers are copied into the PrivateHeaders directory.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out 80277 and 80280 because they caused event handler layout test
-        failures.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecompiler/BytecodeGenerator.cpp:
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * runtime/Arguments.h:
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSCell.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSVariableObject.h:
-        * runtime/MarkedSpace.cpp:
-        * runtime/MarkedSpace.h:
-
-2011-03-03  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Build fix. Alter order of headers included to make sure windows.h
-        is configured by wx, and skip Posix implementation file we don't use on Win.
-
-        * wscript:
-        * wtf/wx/StringWx.cpp:
-
-2011-03-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        JSVariableObject needs to use WriteBarrier for symboltable property storage
-        https://bugs.webkit.org/show_bug.cgi?id=55698
-
-        Replace the direct usage of Register in JSVariableObject (and descendents)
-        with WriteBarrier.  This requires updating the Arguments object to use
-        WriteBarrier as well.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveArguments):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/ArgList.h:
-        (JSC::MarkedArgumentBuffer::initialize):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::markChildren):
-        (JSC::Arguments::copyToRegisters):
-        (JSC::Arguments::fillArgList):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::put):
-        * runtime/Arguments.h:
-        (JSC::Arguments::setActivation):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::copyRegisters):
-        (JSC::JSActivation::copyRegisters):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::markChildren):
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        (JSC::JSActivation::put):
-        (JSC::JSActivation::putWithAttributes):
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::put):
-        (JSC::JSGlobalObject::putWithAttributes):
-        (JSC::JSGlobalObject::markChildren):
-        (JSC::JSGlobalObject::copyGlobalsFrom):
-        (JSC::JSGlobalObject::copyGlobalsTo):
-        (JSC::JSGlobalObject::resizeRegisters):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::setRegisters):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-        (JSC::JSStaticScopeObject::putWithAttributes):
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::symbolTableGet):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::registerAt):
-        (JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
-        (JSC::JSVariableObject::symbolTableGet):
-        (JSC::JSVariableObject::symbolTablePut):
-        (JSC::JSVariableObject::symbolTablePutWithAttributes):
-        (JSC::JSVariableObject::copyRegisterArray):
-        (JSC::JSVariableObject::setRegisters):
-
-2011-03-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol.
-
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function
-        inline -- it's virtual.
-
-2011-03-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Moved all variable object storage inline -- upping the object size limit to 1K
-        https://bugs.webkit.org/show_bug.cgi?id=55653
-
-        * JavaScriptCore.exp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        * jit/JITOpcodes.cpp:
-        * runtime/Arguments.h:
-        * runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class
-        to accomodate objects up to 1K.
-
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_.
-
-        * runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum
-        object size, since it doesn't anymore.
-
-        * runtime/JSStaticScopeObject.cpp:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K.
-
-2011-03-03  Timothy Hatcher  <timothy@apple.com>
-
-        Make APIShims usable from WebCore.
-
-        Reviewed by Oliver Hunt.
-
-        * ForwardingHeaders/JavaScriptCore/APIShims.h: Added.
-        * GNUmakefile.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-03-03  Peter Varga  <pvarga@webkit.org>
-
-        Reviewed by Oliver Hunt.
-
-        Begin Characters Optimization Causes YARR Interpreter Errors
-        https://bugs.webkit.org/show_bug.cgi?id=55479
-
-        The addBeginTerm function is removed because it doesn't correctly handle those
-        cases when an "invalid" term has been
-        collected (e.g. CharacterClass). Move the removed function to the
-        setupAlternativeBeginTerms method's switch-case
-        where the non-allowed cases are correctly handled.
-
-        Reenable the Beginning Character Optimization in the YARR Interpreter again.
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms):
-        (JSC::Yarr::YarrPattern::compile):
-
-2011-03-02  Jessie Berlin  <jberlin@apple.com>
-
-        Reviewed by Adam Roben.
-
-        WebKit2: Use CFNetwork Sessions API.
-        https://bugs.webkit.org/show_bug.cgi?id=55435
-
-        Add the ability to create a Private Browsing storage session.
-
-        * wtf/Platform.h:
-        Add a new #define for using CF Storage Sessions.
-
-2011-03-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Remove "register slot" concept from PropertySlot
-        https://bugs.webkit.org/show_bug.cgi?id=55621
-
-        PropertySlot had already stopped storing Register "slots"
-        so this patch is simply removing that api entirely.
-        This exposed a problem in the ProgramNode constructor for
-        BytecodeGenerator where it reads from the registerfile
-        before it has initialised it.
-
-        This bug wasn't a problem before as we were merely testing
-        for property existence rather than the actual value, and
-        used to work because setRegisterSlot didn't check that the
-        provided slot contained an initialised value.
-
-        To get around this issue we now use symbolTableHasProperty
-        to do the symbol table check without trying to read the
-        RegisterFile.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTableGet):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::symbolTableHasProperty):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::symbolTableGet):
-        * runtime/PropertySlot.h:
-
-2011-03-02  Daniel Cheng  <dcheng@chromium.org>
-
-        Reviewed by David Levin.
-
-        Add feature define for data transfer items
-        https://bugs.webkit.org/show_bug.cgi?id=55510
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2011-03-02  Adam Roben  <aroben@apple.com>
-
-        Delete old .res files whenever any .vsprops file changes
-
-        Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to
-        fail
-
-        Reviewed by Tony Chang.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
-        (main): Restructured code to loop over a set of file extensions, deleting any old files that
-        have that extension. Now deletes .res files, too. (We previously deleted any file matching
-        *.manifest*, but that turned out to just be the union of *.manifest and *.res.)
-
-2011-03-02  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Teach JavaScriptCore GYP build how to build minidom
-        https://bugs.webkit.org/show_bug.cgi?id=55536
-
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-01  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        JavaScriptCore GYP build should copy some headers into the target framework
-        https://bugs.webkit.org/show_bug.cgi?id=55524
-
-        After this patch, all the framework headers are exported as public
-        headers.  We need to teach GYP how to handle private headers.
-
-        I struggled to determine how to store the information about whether a
-        header was public, private, or project (i.e., not exported).
-        Generally, the GYPI should just list the files, but it seemed siliy to
-        have an almost duplicated list of files in the GYP file itself.  If
-        this design doesn't scale, we might have to revisit it in the future.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r80079.
-        http://trac.webkit.org/changeset/80079
-        https://bugs.webkit.org/show_bug.cgi?id=55547
-
-        "Broke the Win debug build?" (Requested by dcheng on #webkit).
-
-        * wtf/Platform.h:
-
-2011-03-01  Daniel Cheng  <dcheng@chromium.org>
-
-        Reviewed by David Levin.
-
-        Add feature define for data transfer items
-        https://bugs.webkit.org/show_bug.cgi?id=55510
-
-        * wtf/Platform.h:
-
-2011-03-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Joseph Pecoraro.
-
-        Misaligned memory access in CloneDeserializer on all ARM arch.
-        https://bugs.webkit.org/show_bug.cgi?id=48742
-
-        Add a CPU class for architectures that need aligned addresses
-        for memory access.
-
-        * wtf/Platform.h:
-
-2011-03-01  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Add pre- and post-build actions for JavaScriptCore GYP build
-        https://bugs.webkit.org/show_bug.cgi?id=55507
-
-        After this patch, we have all the steps for building the main
-        JavaScriptCore framework except the "copy headers" step, which I'll do
-        next.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-03-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Rolled back in r79627 now that the underlying cause for it crashing is fixed.
-        https://bugs.webkit.org/show_bug.cgi?id=55159
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/Heap.cpp:
-        (JSC::Heap::allocateSlowCase):
-        * runtime/Heap.h:
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedSpace::sizeClassFor):
-        (JSC::JSCell::Heap::allocate):
-        (JSC::JSCell::JSCell::operator new):
-        * runtime/MarkedBlock.h:
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::SizeClass::SizeClass):
-
-2011-03-01  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Replace two script phases that do nothing but copy files with copy files build phases.
-
-        This speeds up the build by a few seconds on high-end Mac Pros.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        Spring cleaning!
-
-        Rubber-stamped by Mark Rowe.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        (Copy Into Framework): Remove "set -x" and its comment.
-
-2011-03-01  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        TinyMCE not working in nightlies
-        https://bugs.webkit.org/show_bug.cgi?id=54978
-
-        Disabling setupBeginChars() to temporarily work arround the test 
-        failure.  Filed https://bugs.webkit.org/show_bug.cgi?id=55479
-        to track fixing the issue.
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPattern::compile):
-
-2011-02-23  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Viewport parsing no longer accepts "1.0;" value as valid.
-        https://bugs.webkit.org/show_bug.cgi?id=53705
-
-        Include a didReadNumber parameter to String -> float / double
-        conversion functions. This way, if the "ok" boolean out
-        parameter is false, you can check to see if there in fact
-        was a valid number parsed with garbage at the end. Examples
-        of that would be parsing "123x456" would have ok = false,
-        but didReadNumber = true.
-
-        * JavaScriptCore.exp:
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::toDouble):
-        (WTF::StringImpl::toFloat):
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.cpp:
-        (WTF::String::toDouble):
-        (WTF::String::toFloat):
-        (WTF::charactersToDouble):
-        (WTF::charactersToFloat):
-        * wtf/text/WTFString.h:
-
-2011-02-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Past-the-end writes in VM exceptions (caused crashes in r79627)
-        https://bugs.webkit.org/show_bug.cgi?id=55448
-        
-        Some exceptions had the wrong structures, so they misoverestimated their
-        inline storage sizes.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Use the right structure.
-
-        * runtime/JSObject.h:
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity
-        is correct to verify this doesn't happen again.
-
-2011-03-01  Andras Becsi  <abecsi@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        [Qt] Clean up the project files and move common options to WebKit.pri.
-
-        * JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri.
-        * JavaScriptCore.pro: Deduplicate options.
-        * jsc.pro: Ditto.
-
-2011-03-01  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Teach JavaScriptCore GYP build about DEPTH
-        https://bugs.webkit.org/show_bug.cgi?id=55425
-
-        In addition to teaching the JavaScriptCore GYP build about DEPTH, this
-        change overrides the GCC warning configuration to disable a warning
-        that's causing probems in Assertions.cpp.  With that warning disabled,
-        JavaScriptCore builds again.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-02-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r79948.
-        http://trac.webkit.org/changeset/79948
-        https://bugs.webkit.org/show_bug.cgi?id=55439
-
-        "caused crashes on the SL release bot" (Requested by ggaren on
-        #webkit).
-
-        * runtime/JSGlobalData.h:
-        * runtime/WriteBarrier.h:
-
-2011-02-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig & Darin Adler.
-
-        Bug 55423 - Clean up property tables in Structure
-
-        Encapsulate, reduce duplication of table search code,
-        and reduce the size of the tables (remove the index,
-        just maintain the tables in the correct order).
-
-        Shows a 0.5% - 1% progression on sunspider.
-
-        * JavaScriptCore.exp:
-        * runtime/PropertyMapHashTable.h:
-        (JSC::isPowerOf2):
-        (JSC::nextPowerOf2):
-            bit ops used to calculate table size.
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        (JSC::PropertyTable::ordered_iterator::operator++):
-        (JSC::PropertyTable::ordered_iterator::operator==):
-        (JSC::PropertyTable::ordered_iterator::operator!=):
-        (JSC::PropertyTable::ordered_iterator::operator*):
-        (JSC::PropertyTable::ordered_iterator::operator->):
-        (JSC::PropertyTable::ordered_iterator::ordered_iterator):
-            implementation of the iterator types
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::~PropertyTable):
-            constructors take an initial capacity for the table,
-            a table to copy, or both.
-        (JSC::PropertyTable::begin):
-        (JSC::PropertyTable::end):
-            create in-order iterators.
-        (JSC::PropertyTable::find):
-            search the hash table
-        (JSC::PropertyTable::add):
-            add a value to the hash table
-        (JSC::PropertyTable::remove):
-            remove a value from the hash table
-        (JSC::PropertyTable::size):
-        (JSC::PropertyTable::isEmpty):
-            accessors.
-        (JSC::PropertyTable::propertyStorageSize):
-        (JSC::PropertyTable::clearDeletedOffsets):
-        (JSC::PropertyTable::hasDeletedOffset):
-        (JSC::PropertyTable::getDeletedOffset):
-        (JSC::PropertyTable::addDeletedOffset):
-            cache deleted (available) offsets in the property storage array.
-        (JSC::PropertyTable::copy):
-            take a copy of the PropertyTable, potentially expanding the capacity.
-        (JSC::PropertyTable::sizeInMemory):
-            used for DEBUG build statistics
-        (JSC::PropertyTable::reinsert):
-        (JSC::PropertyTable::rehash):
-        (JSC::PropertyTable::tableCapacity):
-        (JSC::PropertyTable::deletedEntryIndex):
-        (JSC::PropertyTable::skipDeletedEntries):
-        (JSC::PropertyTable::table):
-        (JSC::PropertyTable::usedCount):
-        (JSC::PropertyTable::dataSize):
-        (JSC::PropertyTable::sizeForCapacity):
-        (JSC::PropertyTable::canInsert):
-            these methods provide internal implementation.
-        * runtime/Structure.cpp:
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::despecifyAllFunctions):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::createPropertyMap):
-        (JSC::Structure::getPropertyNames):
-        (JSC::PropertyTable::checkConsistency):
-        (JSC::Structure::checkConsistency):
-            factored out code to PropertyMapHashTable.h
-        * runtime/Structure.h:
-        (JSC::Structure::propertyStorageSize):
-        (JSC::Structure::isEmpty):
-        (JSC::Structure::get):
-            factored out code to PropertyMapHashTable.h
-
-2011-02-28  Xan Lopez  <xlopez@igalia.com>
-
-        Another fix build :(
-
-        Fix typo.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::freePlatformThreadRegisters):
-
-2011-02-28  Xan Lopez  <xlopez@igalia.com>
-
-        Unreviewed build fix for Snow Leopard.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::freePlatformThreadRegisters):
-
-2011-02-28  Alejandro G. Castro  <alex@igalia.com>
-
-        Unreviewed, fix SnowLeopard compilation after r79952.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::freePlatformThreadRegisters):
-
-2011-02-28  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors.
-
-        * wtf/OwnArrayPtr.h:
-        (WTF::::set): Implement OwnArrayPtr::set.
-
-2011-02-28  Martin Zoubek  <martin.zoubek@acision.com> and Alejandro G. Castro  <alex@igalia.com>
-
-        Reviewed by Martin Robinson.
-
-        Multithread support for JSC on UNIX
-        https://bugs.webkit.org/show_bug.cgi?id=26838
-
-        Implement suspendThread() and resumeThread() for systems with
-        pthread.h using thread signal handler.
-
-        * runtime/MachineStackMarker.cpp:
-        (JSC::pthreadSignalHandlerSuspendResume):
-        (JSC::MachineStackMarker::Thread::Thread):
-        (JSC::getCurrentPlatformThread):
-        (JSC::suspendThread):
-        (JSC::resumeThread):
-        (JSC::getPlatformThreadRegisters):
-        (JSC::otherThreadStackPointer):
-        (JSC::freePlatformThreadRegisters):
-        (JSC::MachineStackMarker::markOtherThreadConservatively):
-        * wtf/Platform.h: Added Gtk port to use
-        ENABLE_JSC_MULTIPLE_THREADS.
-
-2011-02-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Stop using DeprecatedPtr for the global exception slot
-        https://bugs.webkit.org/show_bug.cgi?id=55424
-
-        Create GCRootPtr to signify that the exception slot is
-        a gcroot, and so is exempt from the usual writebarrier
-        restrictions.
-
-        * runtime/JSGlobalData.h:
-        * runtime/WriteBarrier.h:
-        (JSC::GCRootPtr::GCRootPtr):
-        (JSC::GCRootPtr::operator=):
-
-2011-02-28  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        Use more xcconfig files in JavaScriptCore gyp build
-        https://bugs.webkit.org/show_bug.cgi?id=55391
-
-        The GYP experts tell me that we have have a total of two xcconfig
-        files: one for the xcodeproj as a whole and one for each target.  This
-        patch uses that technique to re-use the existing xcconfig files and
-        eliminate the duplication.
-
-        Technically, this patch introduces some build errors because the
-        xcconfig files assume that the xcodeproj file is one level higher in
-        the directory hierarchy.  Specifically, the xcodeproj file can no
-        longer find the Info.plist or the prefix header.  I plan to fix that in
-        a subsequent patch.
-
-        Also, this patch introduces the Release and Production configurations,
-        which should work correctly now.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-02-28  Jon Honeycutt  <jhoneycutt@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Add symbol to export.
-
-2011-02-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make ScopeChainNode GC allocated
-        https://bugs.webkit.org/show_bug.cgi?id=55283
-
-        Simplify lifetime and other issues with the scopechain
-        by making it gc allocated.  This allows us to simplify
-        function exit and unwinding, as well as making the
-        current iterative refcounting go away.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::createActivation):
-        * bytecode/StructureStubInfo.cpp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        * bytecompiler/BytecodeGenerator.h:
-        * debugger/Debugger.cpp:
-        (JSC::Recompiler::operator()):
-        * debugger/DebuggerCallFrame.h:
-        (JSC::DebuggerCallFrame::scopeChain):
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        * interpreter/CallFrame.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::depth):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCallInitializeCallFrame):
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::compileOpCall):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_end):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * runtime/ArgList.cpp:
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/Completion.h:
-        * runtime/DateConversion.cpp:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        * runtime/GCActivityCallbackCF.cpp:
-        * runtime/Identifier.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSChunk.cpp: Added.
-        * runtime/JSChunk.h: Added.
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::markChildren):
-        (JSC::JSFunction::getCallData):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getConstructData):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::scope):
-        (JSC::JSFunction::setScope):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-        (JSC::JSGlobalObject::markChildren):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::globalScopeChain):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSLock.cpp:
-        * runtime/JSNumberCell.cpp:
-        * runtime/JSZombie.cpp:
-        * runtime/MarkedBlock.cpp:
-        * runtime/MarkedSpace.cpp:
-        * runtime/PropertyNameArray.cpp:
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        (JSC::ScopeChainNode::localDepth):
-        (JSC::ScopeChainNode::markChildren):
-        * runtime/ScopeChain.h:
-        (JSC::ScopeChainNode::ScopeChainNode):
-        (JSC::ScopeChainNode::createStructure):
-        (JSC::ScopeChainNode::push):
-        (JSC::ScopeChainNode::pop):
-        (JSC::ScopeChainIterator::ScopeChainIterator):
-        (JSC::ScopeChainIterator::operator*):
-        (JSC::ScopeChainIterator::operator->):
-        (JSC::ScopeChainIterator::operator++):
-        (JSC::ScopeChainNode::begin):
-        (JSC::ScopeChainNode::end):
-        (JSC::ExecState::globalData):
-        (JSC::ExecState::lexicalGlobalObject):
-        (JSC::ExecState::globalThisValue):
-        * runtime/ScopeChainMark.h:
-        * wtf/DateMath.cpp:
-
-2011-02-27  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible
-        https://bugs.webkit.org/show_bug.cgi?id=55326
-
-        Currently, randomNumber does a bunch of platform-specific work that to
-        get a cryptographic randomness when available.  Instead, we should use
-        cryptographicallyRandomNumber, which abstracts this work.
-        Unfortunately, we can't remove all of the WTF::randomNumber
-        implementation because not every port has access to cryptographically
-        random numbers.
-
-        * wtf/RandomNumber.cpp:
-        (WTF::randomNumber):
-
-2011-02-27  Benjamin Poulain  <ikipou@gmail.com>
-
-        Reviewed by Darin Adler.
-
-        Eliminate DeprecatedPtrList from RenderBlock
-        https://bugs.webkit.org/show_bug.cgi?id=54972
-
-        Add methods find() and contains() using an adaptor to ListHashSet.
-        Those method are like the one of HashSet, they allow to find objects
-        based on a different key than the one used to define the set.
-
-        Add convenience methods for direct access to the head and tail of the list.
-        Those methods are providing similar API/behavior as Vector.
-
-        * wtf/ListHashSet.h:
-        (WTF::::first):
-        (WTF::::last):
-        (WTF::::removeLast):
-        (WTF::ListHashSetTranslatorAdapter::hash):
-        (WTF::ListHashSetTranslatorAdapter::equal):
-        (WTF::::find):
-        (WTF::::contains):
-
-2011-02-26  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Andreas Kling.
-
-        Add support for DragonFly BSD
-        https://bugs.webkit.org/show_bug.cgi?id=54407
-
-        DragonFly BSD is based on FreeBSD, so handle it like FreeBSD.
-
-        * wtf/Platform.h:
-
-2011-02-26  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Dimitri Glazkov.
-
-        JavaScriptCore should use the xcconfig file instead of importing that information into GYP
-        https://bugs.webkit.org/show_bug.cgi?id=55282
-
-        Technically, this breaks the build because I had removed one of the
-        warnings in this config file, but this change seems like an
-        improvement.
-
-        * gyp/JavaScriptCore.gyp:
-
-2011-02-26  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
-
-        Reviewed by Nikolas Zimmermann.
-
-        SH4 JIT SUPPORT
-        https://bugs.webkit.org/show_bug.cgi?id=44329
-
-        Provide an ExecutableAllocater::cacheFlush() implementation for
-        Linux/SH4.
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush):
-
-2011-02-25  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r79627.
-        http://trac.webkit.org/changeset/79627
-        https://bugs.webkit.org/show_bug.cgi?id=55274
-
-        broke worker tests (Requested by olliej on #webkit).
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/Heap.cpp:
-        (JSC::Heap::allocate):
-        * runtime/Heap.h:
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::operator new):
-        (JSC::JSCell::MarkedSpace::sizeClassFor):
-        (JSC::JSCell::MarkedSpace::allocate):
-        * runtime/MarkedBlock.h:
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::SizeClass::SizeClass):
-
-2011-02-25  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Leak in JSParser::Scope of ScopeLabelInfo Vector
-        https://bugs.webkit.org/show_bug.cgi?id=55249
-
-        Changed m_labels to be an OwnPtr<>.  Added VectorTraits
-        and Scope copy constructor to support this change.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::Scope::~Scope):
-
-2011-02-25  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        WebSocket uses insecure random numbers
-        https://bugs.webkit.org/show_bug.cgi?id=54714
-
-        * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
-
-2011-02-25  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Adam Roben.
-
-        Move timeBeginPeriod into OS(WINDOWS) section
-        https://bugs.webkit.org/show_bug.cgi?id=55247
-
-        * jsc.cpp:
-        (main): timeBeginPeriod is available on all Windows versions and not compiler specific.
-
-2011-02-25  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed WinCE build fix for r79695.
-
-        * jsc.cpp:
-        (main): SetErrorMode isn't available on WinCE.
-
-2011-02-25  Adam Roben  <aroben@apple.com>
-
-        Work around Cygwin's crash-suppression behavior
-
-        Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will
-        inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be
-        invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode
-        when our test apps launch to work around Cygwin's behavior.
-
-        Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem
-        debugger) when launched from Cygwin 1.7
-
-        Reviewed by Darin Adler.
-
-        * API/tests/testapi.c: Added a now-needed #include.
-        (main):
-        * jsc.cpp:
-        (main):
-        Call ::SetErrorMode(0) to undo Cygwin's folly.
-
-        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our
-        other projects do so that windows.h won't define min/max macros that interfere with
-        std::numeric_limits<T>::min/max.
-
-2011-02-24  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add GYP project for JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=55027
-
-        Again, this GYP files is very rough, but it succeeds in building
-        JavaScriptCore.  There's a lot more work to do here, especially in the
-        area of sharing with JavaScriptGlue.gyp.  This patch is more of a
-        checkpoint so that other folks can help out if they wish.
-
-        * gyp: Added.
-        * gyp/JavaScriptCore.gyp: Added.
-        * gyp/generate-derived-sources.sh: Added.
-
-2011-02-24  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Add missing files to JavaScriptCore.gypi
-        https://bugs.webkit.org/show_bug.cgi?id=55193
-
-        I forgot to add mm files in my previous patch.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-
-2011-02-24  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Remove unused parameter name in GCActivityCallback.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=55194
-
-        This change is not strictly required for the GYP-based build system,
-        but I noticed this error when working on the new build system.
-
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-
-2011-02-24  James Robinson  <jamesr@chromium.org>
-
-        Reviewed by Darin Fisher.
-
-        Add a USE() macro to control use of the built-in UTF8 codec
-        https://bugs.webkit.org/show_bug.cgi?id=55189
-
-        Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi.
-
-        * wtf/Platform.h:
-
-2011-02-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Variable-sized allocation (but still capped at 64 bytes)
-        https://bugs.webkit.org/show_bug.cgi?id=55159
-        
-        SunSpider reports no change.
-
-        * JavaScriptCore.exp: Some day, I hope not to have to edit this file.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::allocateSlowCase): Split allocation into a fast and slow
-        case, so the fast case can inline size class selection and turn it into
-        a compile-time constant.
-        
-        Changed the collect-on-every allocation debugging switch to collect only
-        on every slow allocation, so you can still flip the switch without
-        recompiling the world. This may also be preferable for debugging purposes,
-        since collecting after every single allocation can be unusably slow,
-        and can mask problems by running destructors early.
-
-        * runtime/Heap.h: Ditto.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedSpace::sizeClassFor):
-        (JSC::JSCell::Heap::allocate):
-        (JSC::JSCell::JSCell::operator new): The inlining mentioned above.
-
-        * runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With
-        multiple size classes, allocating a full 256KB for the first allocation
-        in a given class can be pathologically wasteful. (8KB, or 4KB Mac and
-        8KB Windows, would be even better, but that seems to be a peformance
-        regression for now.)
-        
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::reset): There's more than one size class now, and its
-        cell size is not constant.
-
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::SizeClass::SizeClass): Ditto.
-
-2011-02-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Make WeakGCMap use new handle infrastructure
-        https://bugs.webkit.org/show_bug.cgi?id=55100
-
-        Remove old WeakGCMap implementation and move over to new handle
-        based logic.
-
-        This has a number of benefits, most notably it makes a WeakGCMap
-        always reflect the true state of the world by as all entries are
-        removed at the first gc cycle that makes them dead.  This allows
-        us to get rid of code in a wide variety of objects where the only
-        purpose was to remove themselves from maps.
-
-        It also means that we no longer need to have special "unchecked"
-        versions of any functions on WeakGCMap.  Alas in order to maintain
-        compatibility with the JSWeakObjectMapClear API it is still
-        necessary to have an api that resembles uncheckedRemove, this is
-        now deprecatedRemove and will be dealt with in a later patch.
-
-        In order to get correct semantics in WeakGCMap we need more
-        contextual information in the finalizer, so we've added an
-        abstract class based finaliser and a context parameter to the
-        calls.
-
-        The new an improved WeakGCMap also results in sigificantly more
-        churn in the weak handle lists so exposed some potential problems
-        during the post mark phase which have been rectified as well.
-
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * API/JSWeakObjectMapRefPrivate.h:
-        * runtime/Heap.cpp:
-        (JSC::Heap::globalObjectCount):
-        (JSC::Heap::protectedGlobalObjectCount):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::init):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::iterator::iterator):
-        (JSC::WeakGCMap::iterator::get):
-        (JSC::WeakGCMap::iterator::getSlot):
-        (JSC::WeakGCMap::iterator::operator++):
-        (JSC::WeakGCMap::iterator::operator==):
-        (JSC::WeakGCMap::iterator::operator!=):
-        (JSC::WeakGCMap::WeakGCMap):
-        (JSC::WeakGCMap::isEmpty):
-        (JSC::WeakGCMap::clear):
-        (JSC::WeakGCMap::get):
-        (JSC::WeakGCMap::getSlot):
-        (JSC::WeakGCMap::set):
-        (JSC::WeakGCMap::take):
-        (JSC::WeakGCMap::size):
-        (JSC::WeakGCMap::deprecatedRemove):
-        (JSC::WeakGCMap::begin):
-        (JSC::WeakGCMap::end):
-        (JSC::WeakGCMap::~WeakGCMap):
-        (JSC::WeakGCMap::finalize):
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::WeakGCPtr):
-        (JSC::WeakGCPtr::set):
-
-2011-02-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make weaklist processing deal with weak handles being removed during the iteration
-        https://bugs.webkit.org/show_bug.cgi?id=55105
-
-        It is possible for the handle heap to end up in a broken state if
-        a handle's finalizer removes either the current or next handle
-        to be visited during the post-gc cleanup.  This patch removes that
-        problem by allowing the deallocate(Node*) routine to update the
-        iterator if it is called during finalization.
-
-        * collector/handles/HandleHeap.cpp:
-        (JSC::HandleHeap::HandleHeap):
-        (JSC::HandleHeap::updateAfterMark):
-        (JSC::HandleHeap::clearWeakPointers):
-        (JSC::HandleHeap::writeBarrier):
-        (JSC::HandleHeap::protectedGlobalObjectCount):
-        * collector/handles/HandleHeap.h:
-        (JSC::Finalizer::~Finalizer):
-        (JSC::HandleHeap::getFinalizer):
-        (JSC::HandleHeap::deallocate):
-        (JSC::HandleHeap::makeWeak):
-        (JSC::HandleHeap::makeSelfDestroying):
-        (JSC::HandleHeap::Node::Node):
-        (JSC::HandleHeap::Node::setFinalizer):
-        (JSC::HandleHeap::Node::finalizer):
-        (JSC::HandleHeap::Node::finalizerContext):
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::setGlobalObject):
-        (JSC::GlobalObjectNotifier::finalize):
-        (JSC::RegisterFile::globalObjectCollectedNotifier):
-        * interpreter/RegisterFile.h:
-        (JSC::RegisterFile::RegisterFile):
-        * runtime/Heap.cpp:
-        (JSC::Heap::destroy):
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::WeakGCPtr):
-        (JSC::WeakGCPtr::set):
-
-2011-02-24  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd()
-        https://bugs.webkit.org/show_bug.cgi?id=55156
-
-        Added code to delete unneeded PatternAlternative after it is removed
-        from m_alternatives Vector.
-
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
-
-2011-02-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Anders Carlsson.
-
-        VectorBuffer should not call malloc(0)
-        https://bugs.webkit.org/show_bug.cgi?id=55091
-
-        Turns out the malloc() call which was so hot in:
-        https://bugs.webkit.org/show_bug.cgi?id=55005
-        was actually just malloc(0).
-
-        We shouldn't be calling malloc(0) anyway, since there is no need to
-        and it might actually do work on some systems.
-        I believe on Mac it ends up taking the standard spinlocks (expensive)
-        and the code on Brew actually does a malloc(1) instead.  Neither is desirable.
-
-        * wtf/Vector.h:
-        (WTF::VectorBufferBase::allocateBuffer):
-        (WTF::VectorBufferBase::tryAllocateBuffer):
-
-2011-02-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Remove obsolete PLATFORM(CI)
-        https://bugs.webkit.org/show_bug.cgi?id=55082
-
-        * wtf/Platform.h:
-
-2011-02-24  Martin Robinson  <mrobinson@igalia.com>
-
-        Reviewed by Xan Lopez.
-
-        [GTK] Remove the GFile GOwnPtr specialization
-        https://bugs.webkit.org/show_bug.cgi?id=55154
-
-        Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr
-        to track GFiles since they are just regular reference-counted GObjects.
-
-        * wtf/gobject/GOwnPtr.cpp: Remove GFile specialization.
-        * wtf/gobject/GOwnPtr.h: Ditto.
-
-2011-02-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Eric Seidel.
-
-        Rename PLATFORM(SKIA) to USE(SKIA)
-        https://bugs.webkit.org/show_bug.cgi?id=55090
-
-        * wtf/Platform.h:
-
-2011-02-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Remove pthreads dependecy for JSLock
-        https://bugs.webkit.org/show_bug.cgi?id=54832
-
-        JSLock is only needed to support an obsolete execution model where JavaScriptCore
-        automatically protected against concurrent access from multiple threads.
-        So it's safe to disable it on non-mac platforms where we don't have native pthreads.
-
-        * runtime/JSLock.cpp:
-
-2011-02-24  Chao-ying Fu  <fu@mips.com>
-
-        Reviewed by Eric Seidel.
-
-        Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values
-        https://bugs.webkit.org/show_bug.cgi?id=54997
-
-        * jit/JIT.h:
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-
-2011-02-24  Andras Becsi  <abecsi@webkit.org>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] MinGW build fails to link
-        https://bugs.webkit.org/show_bug.cgi?id=55050
-
-        Prepend the libraries of subcomponents instead of appending them
-        to fix the library order according to the dependency of the libraries
-
-        * JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore
-        * jsc.pro: ditto
-
-2011-02-24  Eric Seidel  <eric@webkit.org>
-
-        Reviewed by Adam Barth.
-
-        Deque<T> should support inline capacity
-        https://bugs.webkit.org/show_bug.cgi?id=55032
-
-        The title says it all.  There are currently no places
-        which use this code yet, however it's been tested in conjunction
-        with code for bug 55005.
-
-        This also adds an ASSERT that capacity is never 1.  If you were able
-        to set the capacity equal to 1, the Deque would just get confused
-        and happily append your item but still think it had size 0.
-
-        * wtf/Deque.h:
-        (WTF::DequeIterator::DequeIterator):
-        (WTF::DequeConstIterator::DequeConstIterator):
-        (WTF::DequeReverseIterator::DequeReverseIterator):
-        (WTF::DequeConstReverseIterator::DequeConstReverseIterator):
-        (WTF::::checkValidity):
-        (WTF::::checkIndexValidity):
-        (WTF::::invalidateIterators):
-        (WTF::::Deque):
-        (WTF::deleteAllValues):
-        (WTF::::operator):
-        (WTF::::destroyAll):
-        (WTF::::~Deque):
-        (WTF::::swap):
-        (WTF::::clear):
-        (WTF::::findIf):
-        (WTF::::expandCapacityIfNeeded):
-        (WTF::::expandCapacity):
-        (WTF::::takeFirst):
-        (WTF::::append):
-        (WTF::::prepend):
-        (WTF::::removeFirst):
-        (WTF::::remove):
-        (WTF::::addToIteratorsList):
-        (WTF::::removeFromIteratorsList):
-        (WTF::::DequeIteratorBase):
-        (WTF::::~DequeIteratorBase):
-        (WTF::::isEqual):
-        (WTF::::increment):
-        (WTF::::decrement):
-        (WTF::::after):
-        (WTF::::before):
-        * wtf/Vector.h:
-
-2011-02-22  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Ojan Vafai. 
-
-        Add missing files to JavaScriptCore.gypi 
-        https://bugs.webkit.org/show_bug.cgi?id=55020 
-
-        gypi files are supposed to list every file under the sun.  This patch 
-        adds some missing files and sorts the rest. 
-
-        * JavaScriptCore.gypi: 
-
-2011-02-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-
-        Refactored MarkedSpace to operate in terms of size classes
-        https://bugs.webkit.org/show_bug.cgi?id=55106
-        
-        SunSpider reports no change.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedSpace::sizeClassFor):
-        (JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size
-        class. Since these functions are inline, the compiler can constant fold
-        them.
-
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::cellSize):
-        (JSC::MarkedBlock::size): Factored out a cellSize() helper.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::allocateFromSizeClass):
-        (JSC::MarkedSpace::shrink):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::SizeClass::SizeClass):
-        (JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of
-        abstract SizeClass objects, which are independent linked lists of blocks
-        of a certain size class, instead of a single m_heap object.
-
-2011-02-23  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by James Robinson.
-
-        [Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox
-        https://bugs.webkit.org/show_bug.cgi?id=55093
-
-        Exclude OSRandomSource.cpp from the Chromium build.  This function is
-        implemented in WebKit/chromium/src instead.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2011-02-23  Oliver Hunt  <oliver@apple.com>
-
-        Roll out r64156 as it introduces incorrect behaviour.
-
-        * runtime/JSByteArray.h:
-        (JSC::JSByteArray::setIndex):
-
-2011-02-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation
-        https://bugs.webkit.org/show_bug.cgi?id=55079
-        
-        SunSpider reports no change.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace,
-        since we want Heap to logically control MarkedSpace. MarkedSpace should
-        never choose to sweep itself.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a
-        member of MarkedBlock. No need to reset nextAtom to firstAtom() when
-        we reach the end of a block, since there's now an explicit reset pass
-        during GC.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered
-        some data members to improve cache locality.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-        (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an
-        explicit reset pass.
-
-2011-02-23  James Robinson  <jamesr@chromium.org>
-
-        Unreviewed, rolling out r79428.
-        http://trac.webkit.org/changeset/79428
-        https://bugs.webkit.org/show_bug.cgi?id=54714
-
-        Does not work in the Chromium sandbox
-
-        * JavaScriptCore.exp:
-
-2011-02-23  Adam Roben  <aroben@apple.com>
-
-        Fix an off-by-one error in JSC::appendSourceToError
-
-        Looks like this bug has been around since the code was first added in r35245.
-
-        Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError
-        when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled
-
-        Reviewed by Darin Adler.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the
-        character at stop-1 rather than at stop. At this point in the code, stop represents the
-        index just past the end of the characters we care about, and can even be just past the end
-        of the entire data buffer.
-
-2011-02-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin Adler.
-        
-        Rolled back in r79367 with SnowLeopard Release bot crash fixed.
-        https://bugs.webkit.org/show_bug.cgi?id=54999
-        
-        The crash was caused by failure to update the "nextBlock" pointer when
-        removing a block from the list while shrinking. The fix is to update the
-        "nextBlock" pointer.
-        
-        This crash was very rare because it only happened in cases where the very
-        first block in the heap contained no marked cells.
-
-2011-02-23  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Include frame numbers in backtraces.
-        https://bugs.webkit.org/show_bug.cgi?id=55060
-
-        * wtf/Assertions.cpp:
-
-2011-02-23  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        latest jsc for armv7 crashes in sunspider tests
-        https://bugs.webkit.org/show_bug.cgi?id=54667
-
-        Update JIT offset values in ARMv7 after r78732. Fixes crashes in
-        SunSpider and JavaScript tests.
-
-        * jit/JIT.h: update values.
-
-2011-02-23  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r79418.
-        http://trac.webkit.org/changeset/79418
-        https://bugs.webkit.org/show_bug.cgi?id=55043
-
-        "breaks shlib linux build" (Requested by morrita on #webkit).
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-        * JavaScriptCore.gypi:
-
-2011-02-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Alexey Proskuryakov.
-
-        Use DEFINE_STATIC_LOCAL for ignoreSetMutex in Structure.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=54831
-
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/Structure.cpp:
-        (JSC::ignoreSetMutex):
-        (JSC::Structure::Structure):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::initializeThreading):
-        * runtime/Structure.h:
-
-2011-02-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Rename PLATFORM(CF) to USE(CF)
-        https://bugs.webkit.org/show_bug.cgi?id=53540
-
-        * runtime/DatePrototype.cpp:
-        * runtime/GCActivityCallbackCF.cpp:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * wtf/CurrentTime.cpp:
-        * wtf/Platform.h:
-        * wtf/text/AtomicString.h:
-        * wtf/text/StringImpl.h:
-        (WTF::StringImpl::computeHash):
-        * wtf/text/WTFString.h:
-        * wtf/unicode/icu/CollatorICU.cpp:
-        (WTF::Collator::userDefault):
-
-2011-02-23  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Unreviewed build fix for Windows.
-
-        WebSocket uses insecure random numbers
-        https://bugs.webkit.org/show_bug.cgi?id=54714
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export WTF::cryptographicallyRandomNumber()
-
-2011-02-23  Fumitoshi Ukai  <ukai@chromium.org>
-
-        Reviewed by Adam Barth.
-
-        WebSocket uses insecure random numbers
-        https://bugs.webkit.org/show_bug.cgi?id=54714
-
-        * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()
-
-2011-02-22  Adam Barth  <abarth@webkit.org>
-
-        Reviewed by Ojan Vafai.
-
-        Add missing files to JavaScriptCore.gypi
-        https://bugs.webkit.org/show_bug.cgi?id=55020
-
-        gypi files are supposed to list every file under the sun.  This patch
-        adds some missing files and sorts the rest.
-
-        * JavaScriptCore.gypi:
-
-2011-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r79367.
-        http://trac.webkit.org/changeset/79367
-        https://bugs.webkit.org/show_bug.cgi?id=55012
-
-        all layout tests are crashing on Snow Leopard (Requested by
-        rniwa on #webkit).
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * runtime/MarkedBlock.h:
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::destroy):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::freeBlock):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::shrink):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-        (JSC::CollectorHeap::collectorBlock):
-        * wtf/CMakeLists.txt:
-        * wtf/DoublyLinkedList.h: Removed.
-
-2011-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
-        https://bugs.webkit.org/show_bug.cgi?id=54999
-        
-        SunSpider reports no change.
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time.
-        * wtf/CMakeLists.txt:
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::setPrev):
-        (JSC::MarkedBlock::setNext):
-        (JSC::MarkedBlock::prev):
-        (JSC::MarkedBlock::next): Added linked list data members and accessors.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::destroy):
-        (JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore.
-
-        (JSC::MarkedSpace::freeBlocks): New helper function for updating relevant
-        data structures when freeing blocks.
-
-        (JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and
-        not a vector index.
-
-        (JSC::MarkedSpace::shrink): Construct a temporary list of empties and
-        then free them, to avoid modifying our hash table while iterating it.
-        This wasn't a concern before because we were using indirect array
-        indexing, not direct pointer indexing.
-
-        (JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and
-        not a vector index.
-
-        * runtime/MarkedSpace.h:
-        (JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list.
-
-        * wtf/DoublyLinkedList.h: Added. New linked list class.
-        (WTF::::DoublyLinkedList):
-        (WTF::::isEmpty):
-        (WTF::::head):
-        (WTF::::append):
-        (WTF::::remove):
-
-2011-02-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-22  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 54988 - Re-create StructureTransitionTable class, encapsulate transition table
-
-        The Structure class keeps a table of transitions to derived Structure types. Since
-        this table commonly contains a single entry we employ an optimization where instead
-        of holding a map, we may hold a pointer directly to a single instance of the mapped
-        type. We use an additional bit of data to flag whether the pointer is currently
-        pointing to a table of transitions, or a singleton transition. Previously we had
-        commonly used a pattern of storing data in the low bits of pointers, but had moved
-        away from this since it causes false leaks to be reported by the leaks tool. However
-        in this case, the entries in the map are weak links - this pointer will never be
-        responsible for keeping an object alive.  As such we can use this approach provided
-        that the bit is set when a table is not in use (otherwise the table would appear to
-        be leaked).
-
-        Additionally, the transition table currently allows two entries to exist for a given
-        key - one specialized to a particular value, and one not specialized. This is
-        unnecessary, wasteful, and a little inconsistent. (If you create an entry for a
-        specialized value, then a non-specialized entry, both will exist.  If you create an
-        entry for a non-specialized value, then try to create a specialized entry, only a
-        non-specialized form will be allowed.)
-
-        This shows a small progression on v8.
-
-        * JavaScriptCore.exp:
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::contains):
-        (JSC::StructureTransitionTable::get):
-        (JSC::StructureTransitionTable::remove):
-        (JSC::StructureTransitionTable::add):
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::Structure):
-        (JSC::Structure::~Structure):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::get):
-        * runtime/StructureTransitionTable.h:
-        (JSC::StructureTransitionTable::Hash::hash):
-        (JSC::StructureTransitionTable::Hash::equal):
-        (JSC::StructureTransitionTable::HashTraits::emptyValue):
-        (JSC::StructureTransitionTable::HashTraits::constructDeletedValue):
-        (JSC::StructureTransitionTable::HashTraits::isDeletedValue):
-        (JSC::StructureTransitionTable::StructureTransitionTable):
-        (JSC::StructureTransitionTable::~StructureTransitionTable):
-        (JSC::StructureTransitionTable::isUsingSingleSlot):
-        (JSC::StructureTransitionTable::map):
-        (JSC::StructureTransitionTable::setMap):
-        (JSC::StructureTransitionTable::singleTransition):
-        (JSC::StructureTransitionTable::setSingleTransition):
-
-2011-02-22  Andras Becsi  <abecsi@webkit.org>
-
-        Reviewed by Laszlo Gombos.
-
-        [Qt] Redesign the build system
-        https://bugs.webkit.org/show_bug.cgi?id=51339
-
-        Part 2.
-
-        Build WebCore as a static library, compile the WebKit API and WebKit2 API
-        in a final step and link to WebKit2, WebCore and JSC libraries to fix
-        linking issues resulting from stripped away symbols.
-
-        * JavaScriptCore.pri: Remove the workaround.
-
-2011-02-21  Adam Roben  <aroben@apple.com>
-
-        Fix linker warning on Windows
-
-        r79135 tried to export JSObject::s_info by adding it to JavaScriptCore.def. This is the
-        obvious way (since it's how we export functions), but unfortunately it doesn't work correct.
-        r79222 made us export it the right way (using the JS_EXPORTDATA macro), but forgot to remove
-        it from JavaScriptCore.def. This caused us to get linker warnings about exporting the symbol
-        multiple times.
-
-        Rubber-stamped by Anders Carlsson.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSObject::s_info.
-
-2011-02-21  Brian Weinstein  <bweinstein@apple.com>
-
-        Reviewed by Adam Roben.
-
-        WebResourceCacheManager should be responsible for managing the CFURLCache as well
-        as the WebCore memory cache.
-        https://bugs.webkit.org/show_bug.cgi?id=54886
-        Part of <rdar://problem/8971738>
-
-        Add a new use flag for using the CFURLCache.
-
-        * wtf/Platform.h:
-
-2011-02-21  Xan Lopez  <xlopez@igalia.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Use ASSERT_JIT_OFFSET in JITPropertyAccess32_64.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=54901
-
-        * jit/JIT.h: swap actual and expected values in message, they were
-        reversed.
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall): use ASSERT_JIT_OFFSET instead of
-        a simple ASSERT.
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check): ditto.
-        (JSC::JIT::compileGetByIdHotPath): ditto.
-        (JSC::JIT::compileGetByIdSlowCase): ditto.
-        (JSC::JIT::emit_op_put_by_id): ditto.
-
-2011-02-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Ruber stamped by Sam Weinig
-
-        Bug 54899 - Math.LOG10E should be 0.4342944819032518
-        This value is quoted in section 15.8.1.5 of the spec.
-
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-
-2011-02-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 54894 - Make inheritance structure described by ClassInfo match C++ class hierarchy.
-
-        The ClassInfo objects describe an inheritance hierarchy, with each ClassInfo instance
-        containing a pointer to its parent class. These links should reflect the inheritance
-        hierarchy of C++ classes below JSObject. For the large part it does, but in some cases
-        entries in the C++ hierarchy are skipped over. This presently likely doesn't matter,
-        since intervening C++ classes may not have ClassInfo - but would be a potential bug
-        were ClassInfo were to be added.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackObjectFunctions.h:
-        * runtime/Arguments.h:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/BooleanObject.cpp:
-        * runtime/DateInstance.cpp:
-        * runtime/DatePrototype.cpp:
-        * runtime/ErrorInstance.cpp:
-        * runtime/InternalFunction.cpp:
-        * runtime/JSActivation.cpp:
-        * runtime/JSArray.cpp:
-        * runtime/JSFunction.cpp:
-        * runtime/JSONObject.cpp:
-        * runtime/JSObject.h:
-        * runtime/JSZombie.h:
-        * runtime/MathObject.cpp:
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberObject.cpp:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpObject.cpp:
-        * runtime/StringObject.cpp:
-        * runtime/StringPrototype.cpp:
-
-2011-02-21  Adam Roben  <aroben@apple.com>
-
-        Export JSObject::s_info from JavaScriptCore.dll
-
-        This matches what we do for all other ClassInfo objects that WebCore needs access to.
-
-        Fixes <http://webkit.org/b/54881> REGRESSION (r79132): Lots of tests crashing in
-        JSCell::inherits on Windows
-
-        Reviewed by Sam Weinig.
-
-        * runtime/JSObject.h: Added JS_EXPORTDATA to s_info.
-
-2011-02-21  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        Switched to compiler based detection, where the error actually is.
-
-        It is not the platform that needs the workaround, it is the compiler.
-
-        QtWebKit fails to compile on Windows XP with msvc-2008
-        https://bugs.webkit.org/show_bug.cgi?id=54746
-
-        * bytecode/CodeBlock.h:
-        * runtime/RegExpObject.h:
-
-2011-02-20  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=54839
-        Remove PrototypeFunction, NativeFunctionWrapper, and GlobalEvalFunction.
-
-        Historically, Native functions used to be represented by PrototypeFunctions, however
-        since introducing call optimizations to the JIT this has used JSFunctions for host
-        calls too. At the point this change was made, the interpreter continued to use
-        PrototypeFunctions, however since fallback from the JIT to interpreter was introduced
-        the interpreter has had to be able to run using host functions represented using
-        JSFunctions - leading to an unnecessary and redundant divergence in behaviour between 
-        interpreter only builds, and situations where the JIT has fallen back to interpreting.
-
-        NativeFunctionWrapper only existed to select between PrototypeFunction and JSFunction
-        for wrappers for host functions, and as such can also be removed.
-
-        GlobalEvalFunction is a redundant wrapper that happens to be derived from
-        PrototypeFunction. It existed to hold a reference to the global object - but since all
-        functions how derive from JSObjectWithGlobalObject, this no longer requires an
-        additional class to provide this functionality.
-
-        * JavaScriptCore.JSVALUE32_64only.exp:
-        * JavaScriptCore.JSVALUE64only.exp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            Removed symbols / references to files.
-
-        * runtime/GlobalEvalFunction.cpp: Removed.
-        * runtime/GlobalEvalFunction.h: Removed.
-        * runtime/NativeFunctionWrapper.h: Removed.
-        * runtime/PrototypeFunction.cpp: Removed.
-        * runtime/PrototypeFunction.h: Removed.
-            Removed.
-
-        * runtime/Executable.cpp:
-        (JSC::NativeExecutable::~NativeExecutable):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::JSFunction::nativeFunction):
-        * runtime/JSFunction.cpp:
-        (JSC::callHostFunctionAsConstructor):
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::getCallData):
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::getCTIStub):
-            Added interpreter-friendly constructors for NativeExecutables.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        * interpreter/Interpreter.cpp:
-        * jit/JITStubs.cpp:
-        * jsc.cpp:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/BooleanPrototype.h:
-        * runtime/CallData.h:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateConstructor.h:
-        * runtime/ErrorPrototype.cpp:
-        * runtime/ErrorPrototype.h:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/FunctionPrototype.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/Lookup.cpp:
-        * runtime/NumberPrototype.cpp:
-        * runtime/NumberPrototype.h:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectConstructor.h:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/ObjectPrototype.h:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/RegExpPrototype.h:
-        * runtime/SmallStrings.h:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringConstructor.h:
-            Removed use of redundant classes.
-
-2011-02-19  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
-
-        Unreviewed build fix for Symbian.
-
-        [Symbian] Revert the removal of linking 
-        against hal after r79126.
-
-        Dependency on the hal library can not be removed 
-        as it is still used (e.g. in MarkStackSymbian.cpp).
-
-        * JavaScriptCore.pri:
-
-2011-02-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Interpreter build fix.
-
-        * runtime/ArrayConstructor.cpp:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/DateConstructor.cpp:
-        * runtime/ErrorPrototype.cpp:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/Lookup.cpp:
-        * runtime/NumberPrototype.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/StringConstructor.cpp:
-
-2011-02-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix!!
-
-        * JavaScriptCore.exp:
-
-2011-02-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix!!
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Windows build fix!
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2011-02-19  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix!
-
-        * JavaScriptCore.exp:
-
-2011-02-18  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Bug 54786 - Devirtualize JSCell::classInfo()
-
-        Instead of making a virtual function call, add a pointer to the ClassInfo
-        onto Structure.
-
-        This removes a virtual function call, and paves the way towards removing all
-        the createStructure methods, and StructureFlags/AnonymousSlotCount properties
-        (these should be able to move onto ClassInfo).
-
-        Calls to Structure::create must now pass a pointer to the ClassInfo for the
-        structure. All objects now have a ClassInfo pointer, non-object cell types
-        still do not.
-
-        Changes are most mechanical, involving three steps:
-            * Remove virtual classInfo() methods.
-            * Add &s_info parameter to calls to Structure::create.
-            * Rename ClassInfo static members on classes from 'info' to 's_info',
-              for consistency.
-
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackConstructor.h:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackFunction.h:
-        * API/JSCallbackObject.cpp:
-        * API/JSCallbackObject.h:
-        * API/JSCallbackObjectFunctions.h:
-        * API/JSObjectRef.cpp:
-        * API/JSValueRef.cpp:
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * JavaScriptCore.exp:
-        * debugger/Debugger.cpp:
-        * debugger/DebuggerActivation.h:
-        * debugger/DebuggerCallFrame.cpp:
-        * interpreter/Interpreter.cpp:
-        * jit/JITCall32_64.cpp:
-        * jit/JITOpcodes.cpp:
-        * jit/JITStubs.cpp:
-        * profiler/Profiler.cpp:
-        * runtime/Arguments.cpp:
-        * runtime/Arguments.h:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanObject.cpp:
-        * runtime/BooleanObject.h:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateInstance.cpp:
-        * runtime/DateInstance.h:
-        * runtime/DatePrototype.cpp:
-        * runtime/DatePrototype.h:
-        * runtime/ErrorInstance.cpp:
-        * runtime/ErrorInstance.h:
-        * runtime/ErrorPrototype.cpp:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/FunctionPrototype.h:
-        * runtime/GetterSetter.h:
-        * runtime/GlobalEvalFunction.h:
-        * runtime/InternalFunction.cpp:
-        * runtime/InternalFunction.h:
-        * runtime/JSAPIValueWrapper.h:
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        * runtime/JSArray.h:
-        * runtime/JSByteArray.cpp:
-        * runtime/JSByteArray.h:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        * runtime/JSNotAnObject.h:
-        * runtime/JSONObject.cpp:
-        * runtime/JSONObject.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSObject.h:
-        * runtime/JSObjectWithGlobalObject.h:
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSStaticScopeObject.h:
-        * runtime/JSString.h:
-        * runtime/JSVariableObject.h:
-        * runtime/JSWrapperObject.h:
-        * runtime/JSZombie.cpp:
-        * runtime/JSZombie.h:
-        * runtime/Lookup.cpp:
-        * runtime/MathObject.cpp:
-        * runtime/MathObject.h:
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorConstructor.h:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberConstructor.h:
-        * runtime/NumberObject.cpp:
-        * runtime/NumberObject.h:
-        * runtime/NumberPrototype.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpConstructor.h:
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpObject.h:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/ScopeChain.cpp:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringObject.cpp:
-        * runtime/StringObject.h:
-        * runtime/StringObjectThatMasqueradesAsUndefined.h:
-        * runtime/StringPrototype.cpp:
-        * runtime/StringPrototype.h:
-        * runtime/Structure.cpp:
-        * runtime/Structure.h:
-
-2011-02-19  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc
-
-        Reviewed by Dan Bernstein.
-
-        * Configurations/Base.xcconfig: Added
-        JAVASCRIPTCORE_FRAMEWORKS_DIR variable.
-        * Configurations/JavaScriptCore.xcconfig: Used
-        JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
-        for Production configuration of jsc target.
-        (Copy Into Framework): Removed old build phase.
-        (Fix Framework Reference): Renamed build phase to "Copy Into
-        Framework".  Added "set -x" call to make the script print the
-        commands it is running.  Added code to exit early for Production
-        builds since this was never intended for them.  Added code to
-        copy jsc into the JavaScriptCore.framework/Resources directory.
-
-2011-02-19  Siddharth Mathur  <siddharth.mathur@nokia.com>
-
-        Reviewed by Laszlo Gombos.
-
-        [Symbian] OSAllocator implementation for Symbian OS. 
-        Manages both data and code region requests. V8 and Sunspider tested
-        OK with interpreter. Not tested with JSC JIT yet as it has unrelated
-        failures. Also no thread safety yet.
-        https://bugs.webkit.org/show_bug.cgi?id=51128
-
-        * JavaScriptCore.pri: removed HAL linkage
-        * wtf/Bitmap.h:
-        (WTF::::findRunOfZeros): find run of zeros in a bitmap. quick n dirty
-        * wtf/OSAllocator.h:
-        (WTF::OSAllocator::decommitAndRelease): decommit explicitly 
-        * wtf/OSAllocatorSymbian.cpp: Impl. of OSAllocator interface 
-        (WTF::allocateCodeChunk): utility for code chunks
-        (WTF::deallocateCodeChunk): utility for code chunks
-        (WTF::dataAllocatorInstance): getter for data allocator instance
-        (WTF::OSAllocator::reserveUncommitted):
-        (WTF::OSAllocator::releaseDecommitted):
-        (WTF::OSAllocator::commit):
-        (WTF::OSAllocator::decommit):
-        (WTF::OSAllocator::reserveAndCommit):
-        (WTF::PageAllocatorSymbian::PageAllocatorSymbian): maps requests 
-        to one underlying Symbian chunk
-        (WTF::PageAllocatorSymbian::~PageAllocatorSymbian):
-        (WTF::PageAllocatorSymbian::reserve):
-        (WTF::PageAllocatorSymbian::release):
-        (WTF::PageAllocatorSymbian::commit):
-        (WTF::PageAllocatorSymbian::decommit):
-        (WTF::PageAllocatorSymbian::contains):
-        * wtf/PageAllocatorSymbian.h: Added.
-        (WTF::SymbianChunk::SymbianChunk): wrapper around RChunk  
-        (WTF::SymbianChunk::~SymbianChunk):
-        (WTF::SymbianChunk::contains):
-        
-2011-02-19  Yong Li  <yoli@rim.com>
-
-        Reviewed by Eric Seidel.
-
-        https://bugs.webkit.org/show_bug.cgi?id=54687
-        When being built with armcc, "int" bit fields are treated as
-        unsigned integers, which will fail the comparisons like "m_offset == -1".
-        Using "signed" fixes the problem.
-
-        * assembler/ARMAssembler.h:
-        * assembler/ARMv7Assembler.h:
-
-2011-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Made MarkedSpace block iteration size-class agnostic
-        https://bugs.webkit.org/show_bug.cgi?id=54792
-        
-        SunSpider reports no change.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::clearMarks):
-        (JSC::MarkedSpace::sweep):
-        (JSC::MarkedSpace::objectCount):
-        (JSC::MarkedSpace::size):
-        (JSC::MarkedSpace::capacity):
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::forEach): Iterate blocks in hashing order instead of
-        size class list order. This is a much simpler convention in a world
-        of many different size classes.
-
-2011-02-18  Kristian Amlie  <kristian.amlie@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        Added friend exception to Qt platform, which also compiles Windows.
-
-        QtWebKit fails to compile on Windows XP with msvc-2008
-        https://bugs.webkit.org/show_bug.cgi?id=54746
-
-        * bytecode/CodeBlock.h:
-        * runtime/RegExpObject.h:
-
-2011-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        (Rolled back in r79022 with crash fixed.)
-
-        Reviewed by Sam Weinig.
-
-        Use hashing instead of linear search in the conservative pointer test
-        https://bugs.webkit.org/show_bug.cgi?id=54767
-        
-        SunSpider reports no change.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::destroy): No need to explicitly clear the blocks array,
-        since freeBlock removes items for us.
-
-        (JSC::MarkedSpace::freeBlock): Fixed a typo that always removed the last
-        block from the block set instead of the block being freed. Changed to
-        remove a block from our data structures before deallocating it, since
-        this is slightly cleaner.
-
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::contains): Variable-sized objects will use more,
-        smaller blocks, so it's important for the contains check not to be O(n)
-        in the number of blocks.
-
-2011-02-18  chris reiss  <christopher.reiss@nokia.com>
-
-        Reviewed by Andreas Kling.
-
-        REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
-        https://bugs.webkit.org/show_bug.cgi?id=49989
-
-        updated test fast/js/script-tests/date-parse-test.js
-
-        * wtf/DateMath.cpp:
-        (WTF::parseDateFromNullTerminatedCharacters):
-
-2011-02-18  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r79022.
-        http://trac.webkit.org/changeset/79022
-        https://bugs.webkit.org/show_bug.cgi?id=54775
-
-        It broke the whole world (Requested by Ossy on #webkit).
-
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::contains):
-
-2011-02-18  Yael Aharon  <yael.aharon@nokia.com>
-
-        Reviewed by Dave Hyatt.
-
-        Add support for dir=auto
-        https://bugs.webkit.org/show_bug.cgi?id=50916
-
-        Change defaultWritingDirection() to return if the writing direction
-        was determined from a letter with strong directionality or not.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.order:
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::defaultWritingDirection):
-        * wtf/text/StringImpl.h:
-        * wtf/text/WTFString.h:
-        (WTF::String::defaultWritingDirection):
-
-2011-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Use hashing instead of linear search in the conservative pointer test
-        https://bugs.webkit.org/show_bug.cgi?id=54767
-        
-        SunSpider reports no change.
-
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::contains): Variable-sized objects will use more,
-        smaller blocks, so it's important for the contains check not to be O(n)
-        in the number of blocks.
-
-2011-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Tightened some usage accounting code in MarkedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=54761
-        
-        SunSpider reports no change.
-
-        * runtime/Heap.cpp:
-        (JSC::Heap::Heap): Initialize the marked space high water mark on
-        construction, instead of relying on some implicit subtleties to make
-        not initializing it work out OK.
-
-        * runtime/Heap.h: Fixed up includes.
-
-        * runtime/MarkedBlock.h: Made firstAtom() static so clients can call it
-        even without having allocated a block.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace): Don't pre-allocate a block, since this
-        would be prohibitively expensive with multiple size classes.
-
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::freeBlock): Track allocated blocks in a hash set,
-        since linear search in the contains check will be prohibitively
-        expensive once we're using lots of smaller blocks.
-
-        (JSC::MarkedSpace::allocate): Don't assume that we always have a block
-        allocated, since we don't anymore. (See above.)
-
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h: Updated for changes mentioned above.
-
-2011-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Made object allocation secretly variable-sized (Shhhh!)
-        https://bugs.webkit.org/show_bug.cgi?id=54721
-        
-        SunSpider reports no change.
-        
-        Internally, MarkedBlock now makes variable-sized allocations, even
-        though MarkedSpace doesn't take advantage of this yet.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are
-        fixed-sized.
-
-        * runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things
-        that are not multiples of 64 bytes.
-
-2011-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fixed some math errors when when using variable-sized cells
-        https://bugs.webkit.org/show_bug.cgi?id=54717
-        
-        SunSpider reports no change.
-        
-        Computer Science Barbie says, "Math is not so hard afterall!"
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedBlock::allocate): Round up when calculating the
-        minimum number of atoms required for a cell, since rounding down
-        will get you splinched.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::sweep):
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests
-        because m_endAtom is actually a fuzzy end -- iterating from firstAtom()
-        may not hit m_endAtom exactly.
-
-2011-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        A little more abstraction for MarkedSpace::contains
-        https://bugs.webkit.org/show_bug.cgi?id=54715
-
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::contains): Added a contains function, so MarkedSpace
-        doesn't have to know how MarkedBlock tracks containment internally.
-
-        * runtime/MarkedSpace.h:
-        (JSC::MarkedSpace::contains): Call through to MarkedBlock to figure out
-        if a cell that seems to be in a block is valid.
-
-2011-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Removed the invariant that the last cell in a block is always marked
-        https://bugs.webkit.org/show_bug.cgi?id=54713
-        
-        SunSpider reports no change.
-        
-        This adds one branch to allocation, but simplifies the mark invariant,
-        especially in a world of variable-sized cells. Now, it really is true
-        that any cell whose mark bit is set is a valid, live cell whose
-        constructor has run and whose destructor has not run.
-
-        * runtime/JSCell.h: 
-        (JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while
-        since we can no longer rely on a set mark bit to break out of this loop
-        before it reaches the end of the block.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::sweep): 
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::isEmpty):
-        (JSC::MarkedBlock::clearMarks):
-        (JSC::MarkedBlock::markCount):
-        (JSC::MarkedBlock::forEach): No need to set a special last mark bit.
-
-2011-02-17  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r78856 and r78907.
-        http://trac.webkit.org/changeset/78856
-        http://trac.webkit.org/changeset/78907
-        https://bugs.webkit.org/show_bug.cgi?id=54705
-
-        These seem to break tests on 32-bit builds. (Requested by
-        aroben on #webkit).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * collector/handles/Global.h:
-        (JSC::Global::internalSet):
-        * collector/handles/Handle.h:
-        (JSC::HandleTypes::getFromSlot):
-        (JSC::HandleTypes::toJSValue):
-        (JSC::HandleTypes::validateUpcast):
-        (JSC::HandleConverter::operator->):
-        (JSC::HandleConverter::operator*):
-        (JSC::Handle::Handle):
-        (JSC::Handle::get):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sortNumeric):
-        * runtime/JSObject.h:
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        * runtime/SlotAccessor.h: Removed.
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::get):
-        (JSC::WeakGCPtr::internalSet):
-        * runtime/WriteBarrier.h:
-        (JSC::DeprecatedPtr::DeprecatedPtr):
-        (JSC::DeprecatedPtr::get):
-        (JSC::DeprecatedPtr::operator*):
-        (JSC::DeprecatedPtr::operator->):
-        (JSC::DeprecatedPtr::slot):
-        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
-        (JSC::DeprecatedPtr::operator!):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::operator*):
-        (JSC::WriteBarrierBase::operator->):
-        (JSC::WriteBarrierBase::clear):
-        (JSC::WriteBarrierBase::slot):
-        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
-        (JSC::WriteBarrierBase::operator!):
-        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-        (JSC::WriteBarrier::WriteBarrier):
-
-2011-02-17  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed.
-
-        [Qt] Buildfix.
-
-        * wtf/RetainPtr.h: Add missing PLATFORM(CF) guard.
-
-2011-02-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Made MarkedBlock variable-sized
-        https://bugs.webkit.org/show_bug.cgi?id=54692
-        
-        SunSpider reports no change.
-        
-        Each MarkedBlock is now composed of a set of fixed-sized atoms, with one
-        mark bit per atom. A given cell may be composed of one or more atoms.
-        
-        * runtime/Heap.cpp:
-        (JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace,
-        bubbling it up from MarkedBlock, since MarkedBlock now supports variable-
-        sizedness.
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and
-        (implicit) one constants -- these quantities are not constant anymore.
-        Updated for switch from cell to atom.
-
-        * runtime/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::destroy):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC::MarkedBlock::sweep):
-        * runtime/MarkedBlock.h:
-        (JSC::MarkedBlock::firstAtom):
-        (JSC::MarkedBlock::atoms):
-        (JSC::MarkedBlock::isAtomAligned):
-        (JSC::MarkedBlock::blockFor):
-        (JSC::MarkedBlock::isEmpty):
-        (JSC::MarkedBlock::clearMarks):
-        (JSC::MarkedBlock::size):
-        (JSC::MarkedBlock::capacity):
-        (JSC::MarkedBlock::atomNumber):
-        (JSC::MarkedBlock::isMarked):
-        (JSC::MarkedBlock::testAndSetMarked):
-        (JSC::MarkedBlock::setMarked):
-        (JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE
-        and BLOCK_SIZE, and switched away from calling arbitrary pointers cells.
-
-        * runtime/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::reset):
-        * runtime/MarkedSpace.h:
-        (JSC::CollectorHeap::CollectorHeap):
-        (JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness
-        a property of MarkedSpace.
-
-2011-02-17  Oliver Hunt  <oliver@apple.com>
-
-        Attempt to fix windows build
-
-        * runtime/WriteBarrier.h:
-
-2011-02-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Refactor WriteBarrier and DeprecatedPtr to have less code duplication.
-        https://bugs.webkit.org/show_bug.cgi?id=54608
-
-        Make use of the tricks used for Handle, et al to avoid duplicating all
-        of the logic for DeprecatedPtr and WriteBarrier simply to support known
-        vs. unknown types.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * collector/handles/Global.h:
-        (JSC::Global::internalSet):
-        * collector/handles/Handle.h:
-        (JSC::Handle::Handle):
-        (JSC::Handle::get):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sortNumeric):
-        * runtime/JSObject.h:
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        * runtime/SlotAccessor.h: Added.
-        (JSC::SlotTypes::getFromBaseType):
-        (JSC::SlotTypes::convertToBaseType):
-        (JSC::SlotTypes::getFromSlot):
-        (JSC::SlotTypes::toJSValue):
-        (JSC::SlotTypes::validateUpcast):
-        (JSC::SlotAccessor::operator->):
-        (JSC::SlotAccessor::operator*):
-        * runtime/WeakGCPtr.h:
-        (JSC::WeakGCPtr::get):
-        (JSC::WeakGCPtr::internalSet):
-        * runtime/WriteBarrier.h:
-        (JSC::DeprecatedPtr::DeprecatedPtr):
-        (JSC::DeprecatedPtr::get):
-        (JSC::DeprecatedPtr::slot):
-        (JSC::DeprecatedPtr::operator=):
-        (JSC::WriteBarrierTranslator::convertToStorage):
-        (JSC::WriteBarrierTranslator::convertFromStorage):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::get):
-        (JSC::WriteBarrierBase::clear):
-        (JSC::WriteBarrierBase::slot):
-        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
-        (JSC::WriteBarrierBase::operator!):
-        (JSC::WriteBarrierBase::setWithoutWriteBarrier):
-        (JSC::WriteBarrier::WriteBarrier):
-
-2011-02-17  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Revert incorrect blind fix and restore previous working code.
-
-        * wtf/wx/StringWx.cpp:
-        (WTF::String::String):
-
-2011-02-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Intermittent crashes beneath MarkStack::drain
-        https://bugs.webkit.org/show_bug.cgi?id=54614
-        <rdar://problem/8971070>
-        
-        The crashes were caused by a GC happening after the global object's
-        property table had grown (due to compilation), but before the properties
-        had been fully initialized by program execution.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Explicitly resize the global
-        object's register storage immediately, without waiting for program
-        execution to do it for us. This ensures that the global object's count
-        of global variables is consistent with the size of its global variable
-        storage at all times, and it ensures that all global variables are
-        properly initialized from the get-go.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::resizeRegisters):
-        * runtime/JSGlobalObject.h: Added a helper function for growing the
-        global object's register storage, and initializing new registers.
-
-== Rolled over to ChangeLog-2011-02-16 ==

diff --git a/ChangeLog-2012-10-02 b/ChangeLog-2012-10-02
deleted file mode 100644 (file)
index ded22e6..0000000
--- a/ChangeLog-2012-10-02
+++ /dev/null
@@ -1,20888 +0,0 @@
-2012-10-02  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r128400): ASSERT (crash in release) @ app.asana.com
-        https://bugs.webkit.org/show_bug.cgi?id=98175
-
-        Reviewed by Oliver Hunt.
-
-        It's bad karma to create a new structure while stealing another structure's property table
-        while leaving the m_offset unset. Eventually someone will then steal your property table, and
-        then you won't know how many properties you have anymore.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::nonPropertyTransition):
-
-2012-10-02  Michael Saboff  <msaboff@apple.com>
-
-        Comment additions after r130109 
-
-        Rubber stamped by Geoffrey Garen.
-
-        Updated comments to how array storage works.
-
-        * runtime/ArrayStorage.h:
-        * runtime/JSArray.cpp:
-
-2012-10-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Block freeing thread should sleep indefinitely when there's no work to do
-        https://bugs.webkit.org/show_bug.cgi?id=98084
-
-        Reviewed by Geoffrey Garen.
-
-        Currently the block freeing thread wakes up once a second to check if there are any blocks 
-        for it to release back to the OS. This is wasteful. We should change it to sleep when it 
-        realizes there are no more blocks to free. Any thread that returns a block to the BlockAllocator 
-        should then notify the block freeing thread that there is more work to do now.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        (JSC::BlockAllocator::blockFreeingThreadMain):
-        * heap/BlockAllocator.h:
-        (BlockAllocator):
-        (JSC::BlockAllocator::deallocate):
-
-2012-10-01  Michael Saboff  <msaboff@apple.com>
-
-        JSArray::unshiftCountSlowCase needs to clear array slots when adding space to end of array
-        https://bugs.webkit.org/show_bug.cgi?id=98101
-
-        Reviewed by Filip Pizlo.
-
-        Cleared new array entries when adding to end due to shifting contents to lower memory.  Also
-        checnaged the order of moving array contents and metadata in the shift left case to avoid
-        clobbering the metadata with array contents.  Optimized the to only make a memmove if the
-        count is non-zero.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::unshiftCountSlowCase):
-        (JSC::JSArray::unshiftCount):
-
-2012-10-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Address a FIXME in JSArray::sort
-        https://bugs.webkit.org/show_bug.cgi?id=98080
-        <rdar://problem/12407844>
-
-        Reviewed by Oliver Hunt.
-
-        Get rid of fast sorting of sparse maps. I don't know that it's broken but I do know that we don't
-        have coverage for it. Then also address the FIXME in JSArray::sort regarding side-effecting
-        compare functions.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSArray):
-        * runtime/JSObject.h:
-        (JSC::JSObject::hasSparseMap):
-        (JSObject):
-
-2012-10-01  Jonathan Liu  <net147@gmail.com>
-
-        Remove unused sys/mman.h include
-        https://bugs.webkit.org/show_bug.cgi?id=97995
-
-        Reviewed by Kentaro Hara.
-
-        The sys/mman.h is not used and removing it improves portability as not
-        all systems have sys/mman.h.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-
-2012-09-28  Filip Pizlo  <fpizlo@apple.com>
-
-        ASSERTION in m_graph[tailNodeIndex].op() == Flush || m_graph[tailNodeIndex].op() == SetLocal on plus.google.com
-        https://bugs.webkit.org/show_bug.cgi?id=97656
-
-        Reviewed by Mark Hahnenberg.
-
-        There were two bugs here:
-        
-        1) In case of multiple GetLocals to the same captured variable, the bytecode parser would linke the first,
-           rather than the last, of the GetLocals into the vars-at-tail table.
-        
-        2) The constant folding phase was asserting that any GetLocal it eliminates must be linked into the
-           vars-at-tail table, when for captured variables only the last of those should be.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-
-2012-09-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGStructureHoistingPhase SetLocal assumes StructureTransitionWatchpoint has a structure set
-        https://bugs.webkit.org/show_bug.cgi?id=97810
-
-        Reviewed by Mark Hahnenberg.
-
-        No tests because this can't happen in ToT: the structure check hoisting phase runs before any
-        CFA or folding, so the only StructureTransitionWatchpoints it will see are the ones inserted
-        by the parser. But the parser will only insert StructureTransitinWatchpoints on constants, which
-        will not be subject to SetLocals.
-        
-        Still, it would be good to fix this in case things changed.
-
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-09-27  Mark Lam  <mark.lam@apple.com>
-
-        Put initializeHostCallReturnValue() behind #if ENABLE(JIT).
-        Fixes non JIT builds.
-        https://bugs.webkit.org/show_bug.cgi?id=97838.
-
-        Reviewed by John Sullivan.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2012-09-27  Mark Lam  <mark.lam@apple.com>
-
-        Fixed CallFrameClosure::resetCallFrame() to use the valid
-        range of argument index values.
-        https://bugs.webkit.org/show_bug.cgi?id=97836.
-
-        Reviewed by Gavin Barraclough.
-
-        * interpreter/CallFrame.h:
-        (ExecState):
-        * interpreter/CallFrameClosure.h:
-        (JSC::CallFrameClosure::resetCallFrame):
-
-2012-09-27  Patrick Gansterer  <paroga@webkit.org>
-
-        Fix usage of COMPILER() macros
-        https://bugs.webkit.org/show_bug.cgi?id=97642
-
-        Reviewed by Geoffrey Garen.
-
-        Add COMPILER(GCC) around compiler specific code and remove it from generic code.
-        This allows us to implement the DFG code for other compilers to in a next step.
-
-        * dfg/DFGOperations.cpp:
-        * jit/HostCallReturnValue.h:
-
-2012-09-27  Andreas Kling  <kling@webkit.org>
-
-        3.20MB below FunctionParameters::create() on Membuster3.
-        <http://webkit.org/b/97730>
-
-        Reviewed by Anders Carlsson.
-
-        Figure out the exact space needed for parameter identifiers and use reserveInitialCapacity().
-        Reduces memory consumption on Membuster3 by ~1.60 MB.
-
-        * parser/Nodes.cpp:
-        (JSC::FunctionParameters::FunctionParameters):
-
-2012-09-27  Csaba Osztrogonác  <ossy@webkit.org>, Tor Arne Vestbø  <vestbo@webkit.org>
-
-        [Qt] Enable the LLInt on Linux
-        https://bugs.webkit.org/show_bug.cgi?id=95749
-
-        Reviewed by Simon Hausmann.
-
-        * DerivedSources.pri:
-        * JavaScriptCore.pro:
-        * LLIntOffsetsExtractor.pro: Added.
-        * Target.pri:
-
-2012-09-27  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Fix build with static JavaScriptCore library
-
-        * shell/CMakeLists.txt: Define STATICALLY_LINKED_WITH_JavaScriptCore if
-                                JavaScriptCore_LIBRARY_TYPE is set to STATIC.
-
-2012-09-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Proxy the global this in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=97734
-
-        Reviewed by Filip Pizlo.
-
-        Eeep – fix a bug - was leaving the global this proxy's structure's globalObject as 0,
-        and setting the proxy's prototype as the global object, rather than its prototype.
-
-        * jsc.cpp:
-        (GlobalObject::create):
-        * runtime/JSProxy.h:
-        (JSC::JSProxy::createStructure):
-
-2012-09-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-09-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, 32-bit build fix.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-09-26  Filip Pizlo  <fpizlo@apple.com>
-
-        jneq_ptr shouldn't have a pointer
-        https://bugs.webkit.org/show_bug.cgi?id=97739
-
-        Reviewed by Oliver Hunt.
-
-        Slamming pointers directly into bytecode is sometimes cool, but in this case it's
-        unwieldy and confusing. Switched the instruction to use an enum instead. This has
-        zero effect on code gen behavior in the JITs. In the LLInt, there is now more
-        indirection, but that doesn't affect benchmarks.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        (Instruction):
-        * bytecode/SpecialPointer.cpp: Added.
-        (JSC):
-        (JSC::actualPointerFor):
-        * bytecode/SpecialPointer.h: Added.
-        (JSC):
-        (JSC::pointerIsFunction):
-        (JSC::pointerIsCell):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
-        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jneq_ptr):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::actualPointerFor):
-
-2012-09-26  Gavin Barraclough  <barraclough@apple.com>
-
-        REGRESSION (r129456): http/tests/security/xss-eval.html is failing on JSC platforms
-        https://bugs.webkit.org/show_bug.cgi?id=97529
-
-        Reviewed by Filip Pizlo.
-
-        A recent patch changed JSC's EvalError behaviour; bring this more into line with other browsers.
-
-        JSC currently throws an EvalError if you try to call eval with a this object that doesn't
-        match the given eval function. This does not match other browsers, which generally just
-        ignore the this value that was passed, and eval the string in the eval function's environment.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-            - Remove EvalError, ignore passed this value.
-
-2012-09-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Proxy the global this in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=97734
-
-        Reviewed by Oliver Hunt.
-
-        Having jsc diverge from WebCore here is not beneficial; it potentially masks bugs and/or performance
-        problems from command line testing.
-
-        * jsc.cpp:
-        (GlobalObject::create):
-            - Create a this value proxy for the global object.
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-            - Make setGlobalThis protected.
-        * runtime/JSProxy.h:
-        (JSC::JSProxy::create):
-        (JSC::JSProxy::target):
-        (JSC::JSProxy::finishCreation):
-        (JSProxy):
-            - Allow proxy target to be a JSObject, add target to create method.
-
-2012-09-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Speculative Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-09-26  Filip Pizlo  <fpizlo@apple.com>
-
-        JSObject::ensureArrayStorage() ignores the possibility that extensions have been prevented
-        https://bugs.webkit.org/show_bug.cgi?id=97719
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC):
-        * runtime/JSObject.h:
-        (JSC::JSObject::ensureArrayStorage):
-        (JSObject):
-
-2012-09-26  Gavin Barraclough  <barraclough@apple.com>
-
-        Generalize JSGlobalThis as JSProxy
-        https://bugs.webkit.org/show_bug.cgi?id=97716
-
-        Reviewed by Oliver Hunt.
-
-        Generalize JSGlobalThis as JSProxy and move proxying functionality up from the window shell into JSProxy.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::toThisObject):
-            - Hoist toThisObject from WebCore.
-        (JSC):
-        * runtime/JSGlobalObject.h:
-            - removed include.
-        (JSC::JSGlobalObject::finishCreation):
-            - JSGlobalThis -> JSObject
-        (JSGlobalObject):
-            - Hoist toThisObject from WebCore.
-        * runtime/JSGlobalThis.cpp: Removed.
-        * runtime/JSGlobalThis.h: Removed.
-        * runtime/JSObject.cpp:
-            - removed include.
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::isProxy):
-            - isGlobalThis -> isProxy
-            - GlobalThisType -> ProxyType
-        * runtime/JSProxy.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.cpp.
-        (JSC):
-        (JSC::JSProxy::visitChildren):
-        (JSC::JSProxy::setTarget):
-        (JSC::JSProxy::className):
-        (JSC::JSProxy::getOwnPropertySlot):
-        (JSC::JSProxy::getOwnPropertySlotByIndex):
-        (JSC::JSProxy::getOwnPropertyDescriptor):
-        (JSC::JSProxy::put):
-        (JSC::JSProxy::putByIndex):
-        (JSC::JSProxy::putDirectVirtual):
-        (JSC::JSProxy::defineOwnProperty):
-        (JSC::JSProxy::deleteProperty):
-        (JSC::JSProxy::deletePropertyByIndex):
-        (JSC::JSProxy::getPropertyNames):
-        (JSC::JSProxy::getOwnPropertyNames):
-            - Class cretaed from JSGlobalThis, JSDOMWindowShell.
-        * runtime/JSProxy.h: Copied from Source/JavaScriptCore/runtime/JSGlobalThis.h.
-        (JSC::JSProxy::create):
-        (JSC::JSProxy::createStructure):
-        (JSProxy):
-        (JSC::JSProxy::target):
-        (JSC::JSProxy::JSProxy):
-            - Class cretaed from JSGlobalThis, JSDOMWindowShell.
-        * runtime/JSType.h:
-            - GlobalThisType -> ProxyType
-
-2012-09-26  Michael Saboff  <msaboff@apple.com>
-
-        Add ability for JSArray::unshiftCount to unshift in middle of an array
-        https://bugs.webkit.org/show_bug.cgi?id=97691
-
-        Reviewed by Filip Pizlo.
-
-        Changed JSArray::unshiftCount and unshiftCountSlowCase to handle unshifting from the middle of an
-        array.  Depending on where the unshift point is, either the front part of the array will be moved
-        "left" or the back part will be moved right.  Given that unshiftCount only works on contiguous
-        arrays it is safe to use memmove for the moves.
-
-        This change is worth 25% performance improvement on pdfjs.  It doesn't seem to have any impact on
-        any other benchmarks.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::unshift):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::unshiftCountSlowCase):
-        (JSC::JSArray::unshiftCount):
-        * runtime/JSArray.h:
-        (JSArray):
-
-2012-09-26  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r129592.
-        http://trac.webkit.org/changeset/129592
-        https://bugs.webkit.org/show_bug.cgi?id=97670
-
-        Failures in Chromium security tests (Requested by schenney on
-        #webkit).
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-
-2012-09-25  Gavin Barraclough  <barraclough@apple.com>
-
-        REGRESSION (r129456): http/tests/security/xss-eval.html is failing on JSC platforms
-        https://bugs.webkit.org/show_bug.cgi?id=97529
-
-        Reviewed by Filip Pizlo.
-
-        A recent patch changed JSC's EvalError behaviour; bring this more into line with other browsers.
-
-        JSC currently throws an EvalError if you try to call eval with a this object that doesn't
-        match the given eval function. This does not match other browsers, which generally just
-        ignore the this value that was passed, and eval the string in the eval function's environment.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-            - Remove EvalError, ignore passed this value.
-
-2012-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ArrayPush, ArrayPop don't handle clobbering or having a bad time correctly
-        https://bugs.webkit.org/show_bug.cgi?id=97535
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-09-25  Geoffrey Garen  <ggaren@apple.com>
-
-        JSC should dump object size inference statistics
-        https://bugs.webkit.org/show_bug.cgi?id=97618
-
-        Reviewed by Filip Pizlo.
-
-        Added an option to dump object size inference statistics.
-
-        To see statistics on live objects:
-
-            jsc --showHeapStatistics=1
-
-        To see cumulative statistics on all objects ever allocated:
-
-            jsc --showHeapStatistics=1 --objectsAreImmortal=1
-
-            (This is useful for showing GC churn caused by over-allocation.)
-
-        To support this second mode, I refactored Zombies to separate out their
-        immortality feature so I could reuse it.
-
-        * heap/Heap.cpp:
-        (JSC::MarkObject): Helper for making things immortal. We have to checked
-        for being zapped because blocks start out in this state.
-
-        (JSC::StorageStatistics): Gather statistics by walking the heap. Ignore
-        arrays and hash tables for now because they're not our focus. (We'll
-        remove these exceptions in future.)
-
-        (JSC::Heap::collect): Moved zombify to the end so it wouldn't interfere
-        with statistics gathering.
-
-        (JSC::Heap::showStatistics):
-        (JSC::Heap::markAllObjects): Factored out helper, so statistics could
-        take advantage of immortal objects.
-
-        (Zombify): Don't mark immortal objects -- that's another class's job now.
-
-        (JSC::Zombify::operator()):
-        (JSC::Heap::zombifyDeadObjects): Take advantage of forEachDeadCell instead
-        of rolling our own.
-
-        * heap/Heap.h:
-        (Heap):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::forEachDeadCell): Added, so clients don't have to do
-        the iteration logic themselves.
-
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-        * runtime/Options.h: New options, listed above. Make sure to initialize
-        based on environment variable first, so we can override with specific settings.
-
-2012-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        We shouldn't use the optimized versions of shift/unshift if the user is doing crazy things to the array
-        https://bugs.webkit.org/show_bug.cgi?id=97603
-        <rdar://problem/12370864>
-
-        Reviewed by Gavin Barraclough.
-
-        You changed the length behind our backs? No optimizations for you then!
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::shift):
-        (JSC::unshift):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::shiftCount):
-
-2012-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC bindings appear to sometimes ignore the possibility of arrays being in sparse mode
-        https://bugs.webkit.org/show_bug.cgi?id=95610
-
-        Reviewed by Oliver Hunt.
-
-        Add better support for quickly accessing the indexed storage from bindings.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::tryGetIndexQuickly):
-        (JSObject):
-        (JSC::JSObject::getDirectIndex):
-        (JSC::JSObject::getIndex):
-
-2012-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure check hoisting phase doesn't know about the side-effecting nature of Arrayify
-        https://bugs.webkit.org/show_bug.cgi?id=97537
-
-        Reviewed by Mark Hahnenberg.
-
-        No tests because if we use Arrayify then we also use PutByVal(BlankToXYZ), and the latter is
-        already known to be side-effecting. So this bug shouldn't have had any symptoms, as far as I
-        can tell.
-
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-09-25  Gavin Barraclough  <barraclough@apple.com>
-
-        Regression: put beyond vector length prefers prototype setters to sparse properties
-        https://bugs.webkit.org/show_bug.cgi?id=97593
-
-        Reviewed by Geoff Garen & Filip Pizlo.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-            - Check for self properties in the sparse map - if present, don't examine the protochain.
-
-2012-09-24  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=97530
-        Regression, freeze applied to numeric properties of non-array objects
-
-        Reviewed by Filip Pizlo.
-
-        Object.freeze has a fast implementation in JSObject, but this hasn't been updated to take into account numeric properties in butterflies.
-        For now, just fall back to the generic implementation if the object has numeric properties.
-
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorFreeze):
-            - fallback if the object has a non-zero indexed property vector length.
-
-2012-09-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Bug in numeric accessors on global environment
-        https://bugs.webkit.org/show_bug.cgi?id=97526
-
-        Reviewed by Geoff Garen.
-
-        I've hit this assert in test262 in browser, but haven't yet worked out how to repro in a test case :-/
-        The sparsemap is failing to map back from the global object to the window shell.
-        A test case would need to resolve a numeric property name against the global environment.
-
-        (JSC::SparseArrayEntry::get):
-        (JSC::SparseArrayEntry::put):
-            - Add missing toThisObject calls.
-
-2012-09-24  Filip Pizlo  <fpizlo@apple.com>
-
-        SerializedScriptValue isn't aware of indexed storage, but should be
-        https://bugs.webkit.org/show_bug.cgi?id=97515
-        <rdar://problem/12361874>
-
-        Reviewed by Sam Weinig.
-
-        Export a method that WebCore now uses.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/JSObject.h:
-        (JSObject):
-
-2012-09-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove JSObject::unwrappedGlobalObject(), JSObject::unwrappedObject()
-        https://bugs.webkit.org/show_bug.cgi?id=97519
-
-        Reviewed by Geoff Garen.
-
-        unwrappedGlobalObject() was only needed because globalObject() doesn't always return a helpful result -
-        specifically for WebCore's window shell the structure's globalObject is set to null. We can fix this by
-        simply keeping the structure up to date as the window navigates, obviating the need for this function.
-
-        The only other use of unwrappedObject() came from globalFuncEval(), and this can be trivially removed
-        by flipping the way we perform this globalObject check (which we may also be able to remove!) - instead
-        of getting the globalObject from the provided this value & comparing to the expected globalObject, we
-        can get the this value from the expected globalObject, and compare to that provided.
-
-        * runtime/JSGlobalObject.cpp:
-            - Call globalObject() instead of unwrappedGlobalObject().
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-            - Changed to compare this object values, instead of globalObjects -
-              this means we only need to be able to map globalObject -> this,
-              and not vice versa.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::allowsAccessFrom):
-        (JSC::JSObject::createInheritorID):
-            - Call globalObject() instead of unwrappedGlobalObject().
-        * runtime/JSObject.h:
-        (JSObject):
-            - Removed unwrappedGlobalObject(), unwrappedObject().
-
-2012-09-24  Mark Lam  <mark.lam@apple.com>
-
-        Deleting the classic interpreter and cleaning up some build options.
-        https://bugs.webkit.org/show_bug.cgi?id=96969.
-
-        Reviewed by Geoffrey Garen.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        (JSC):
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        * interpreter/AbstractPC.cpp:
-        (JSC::AbstractPC::AbstractPC):
-        * interpreter/AbstractPC.h:
-        (AbstractPC):
-        * interpreter/CallFrame.h:
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::~Interpreter):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getLineNumberForCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::getSourceURLFromCallFrame):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::retrieveArgumentsFromVMCode):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::getOpcodeID):
-        (Interpreter):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
-        * offlineasm/asm.rb:
-        * offlineasm/offsets.rb:
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::create):
-        (NativeExecutable):
-        (JSC::NativeExecutable::finishCreation):
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::getHostFunction):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        (JSC::JSGlobalData::canUseJIT):
-        (JSC::JSGlobalData::canUseRegExpJIT):
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-
-2012-09-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Nested try/finally should not confuse the finally unpopper in BytecodeGenerator::emitComplexJumpScopes
-        https://bugs.webkit.org/show_bug.cgi?id=97508
-        <rdar://problem/12361132>
-
-        Reviewed by Sam Weinig.
-
-        We're reusing some vector for multiple iterations of a loop, but we were forgetting to clear its
-        contents from one iteration to the next. Hence if you did multiple iterations of finally unpopping
-        (like in a nested try/finally and a jump out of both of them) then you'd get a corrupted try
-        context stack afterwards.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-
-2012-09-24  Filip Pizlo  <fpizlo@apple.com>
-
-        ValueToInt32 bool case does bad things to registers
-        https://bugs.webkit.org/show_bug.cgi?id=97505
-        <rdar://problem/12356331>
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-
-2012-09-24  Mark Lam  <mark.lam@apple.com>
-
-        Add cloopDo instruction for debugging the llint C++ backend.
-        https://bugs.webkit.org/show_bug.cgi?id=97502.
-
-        Reviewed by Geoffrey Garen.
-
-        * offlineasm/cloop.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/parser.rb:
-
-2012-09-24  Filip Pizlo  <fpizlo@apple.com>
-
-        JSArray::putByIndex asserts with readonly property on prototype
-        https://bugs.webkit.org/show_bug.cgi?id=97435
-        <rdar://problem/12357084>
-
-        Reviewed by Geoffrey Garen.
-
-        Boy, there were some problems:
-        
-        - putDirectIndex() should know that it can set the index quickly even if it's a hole and we're
-          in SlowPut mode, since that's the whole point of PutDirect.
-        
-        - We should have a fast path for putByIndex().
-        
-        - The LiteralParser should not use push(), since that may throw if we're having a bad time.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::eval):
-        * runtime/JSObject.h:
-        (JSC::JSObject::putByIndexInline):
-        (JSObject):
-        (JSC::JSObject::putDirectIndex):
-        * runtime/LiteralParser.cpp:
-        (JSC::::parse):
-
-2012-09-24  Mark Lam  <mark.lam@apple.com>
-
-        Added a missing "if VALUE_PROFILER" around an access to ArrayProfile record.
-        https://bugs.webkit.org/show_bug.cgi?id=97496.
-
-        Reviewed by Filip Pizlo.
-
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-09-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Inlined activation tear-off in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=97487
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h: Activation tear-off is always inlined now, so I
-        removed its out-of-line implementation.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Inlined the variable copy and update
-        of JSVariableObject::m_registers. This usually turns into < 10 instructions,
-        which is close to pure win as compared to the operation function call.
-
-        * runtime/JSActivation.h:
-        (JSActivation):
-        (JSC::JSActivation::registersOffset):
-        (JSC::JSActivation::tearOff):
-        (JSC::JSActivation::isTornOff):
-        (JSC):
-        (JSC::JSActivation::storageOffset):
-        (JSC::JSActivation::storage): Tiny bit of refactoring so the JIT can
-        share the pointer math helper functions we use internally.
-
-2012-09-24  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        MIPS: store8 functions added to MacroAssembler.
-
-        MIPS store8 functions
-        https://bugs.webkit.org/show_bug.cgi?id=97243
-
-        Reviewed by Oliver Hunt.
-
-        Add MIPS store8 functions.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::lhu): New function.
-        (MIPSAssembler):
-        (JSC::MIPSAssembler::sb): New function.
-        (JSC::MIPSAssembler::sh): New function.
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::store8): New function.
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::store16): New function.
-
-2012-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        PutScopedVar should not be marked as clobbering the world
-        https://bugs.webkit.org/show_bug.cgi?id=97416
-
-        Reviewed by Filip Pizlo.
-
-        No performance change.
-
-        PutScopedVar doesn't have arbitrary side-effects, so it shouldn't be marked
-        as such.
-
-        * dfg/DFGNodeType.h:
-        (DFG):
-
-2012-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        I accidentally the whole 32-bit :(.
-
-        Unbreak the DFG in 32-bit with the 32-bit path I forgot in my last patch.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-09-23  Byungwoo Lee  <bw80.lee@gmail.com>
-
-        Fix build warnings : -Wunused-parameter, -Wparentheses, -Wuninitialized.
-        https://bugs.webkit.org/show_bug.cgi?id=97306
-
-        Reviewed by Benjamin Poulain.
-
-        Fix build warning about -Wunused-parameter on MachineStackMarker.cpp,
-        LLIntSlowPaths.cpp, DatePrototype.cpp, Options.cpp by using
-        UNUSED_PARAM() macro or remove parameter name.
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::pthreadSignalHandlerSuspendResume):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::entryOSR):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        * runtime/Options.cpp:
-        (JSC::computeNumberOfGCMarkers):
-
-2012-09-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Sorting a non-array creates propreties (spec-violation)
-        https://bugs.webkit.org/show_bug.cgi?id=25477
-
-        Reviewed by Oliver Hunt.
-
-        We're just calling get() to get properties, which is converting missing properties to
-        undefined. Hole values should be retained, and moved to the end of the array.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::getOrHole):
-            - Helper function, returns JSValue() instead of undefined for missing properties.
-        (JSC::arrayProtoFuncSort):
-            - Implemented per 15.4.4.11, see comments above.
-
-2012-09-23  Geoffrey Garen  <ggaren@apple.com>
-
-        CSE for access to closure variables (get_/put_scoped_var)
-        https://bugs.webkit.org/show_bug.cgi?id=97414
-
-        Reviewed by Oliver Hunt.
-
-        I separated loading a scope from loading its storage pointer, so we can
-        CSE the storage pointer load. Then, I copied the global var CSE and adjusted
-        it for closure vars.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute): Renamed GetScopeChain => GetScope to
-        reflect renames from a few weeks ago.
-
-        Added a case for the storage pointer load, similar to object storage pointer load.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock): Added an independent node for
-        the storage pointer.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::scopedVarLoadElimination):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::scopedVarStoreElimination):
-        (JSC::DFG::CSEPhase::getScopeLoadElimination):
-        (JSC::DFG::CSEPhase::getScopeRegistersLoadElimination):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE): Copied globalVarLoad/StoreElimination
-        and adapted the same logic to closure vars.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasScopeChainDepth):
-        (JSC::DFG::Node::scope):
-        (Node):
-        * dfg/DFGNodeType.h:
-        (DFG): GetScopedVar and GetGlobalVar are no longer MustGenerate. I'm not
-        sure why they ever were. But these are simple load operations so, if they're
-        unused, they're truly dead.
-
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Updated for renames and split-out
-        node for getting the storage pointer.
-
-2012-09-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed, rolled out a line I committed by accident.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2012-09-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Optimized closures that capture arguments
-        https://bugs.webkit.org/show_bug.cgi?id=97358
-
-        Reviewed by Oliver Hunt.
-
-        Previously, the activation object was responsible for capturing all
-        arguments in a way that was convenient for the arguments object. Now,
-        we move all captured variables into a contiguous region in the stack,
-        allocate an activation for exactly that size, and make the arguments
-        object responsible for knowing all the places to which arguments could
-        have moved.
-
-        This seems like the right tradeoff because
-
-            (a) Closures are common and long-lived, so we want them to be small.
-
-            (b) Our primary strategy for optimizing the arguments object is to make
-            it go away. If you're allocating arguments objects, you're already having
-            a bad time.
-
-            (c) It's common to use either the arguments object or named argument
-            closure, but not both.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::argumentsRegister):
-        (JSC::CodeBlock::activationRegister):
-        (JSC::CodeBlock::isCaptured):
-        (JSC::CodeBlock::argumentIndexAfterCapture): m_numCapturedVars is gone
-        now -- we have an explicit range instead.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Move captured arguments
-        into the captured region of local variables for space efficiency. Record
-        precise data about where they moved for the sake of the arguments object.
-
-        Some of this data was previously wrong, but it didn't cause any problems
-        because the arguments weren't actually moving.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables): Don't
-        assume that captured vars are in any particular location -- always ask
-        the CodeBlock. This is better encapsulation.
-
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): I rename things sometimes.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::tearOff): Account for a particularly nasty edge case.
-
-        (JSC::Arguments::didTearOffActivation): Don't allocate our slow arguments
-        data on tear-off. We need to allocate it eagerly instead, since we need
-        to know about displaced, captured arguments during access before tear-off.
-
-        * runtime/Arguments.h:
-        (JSC::Arguments::allocateSlowArguments):
-        (JSC::Arguments::argument): Tell our slow arguments array where all arguments
-        are, even if they are not captured. This simplifies some things, so we don't
-        have to account explicitly for the full matrix of (not torn off, torn off)
-        * (captured, not captured).
-
-        (JSC::Arguments::finishCreation): Allocate our slow arguments array eagerly
-        because we need to know about displaced, captured arguments during access
-        before tear-off.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::parameterCount):
-        (FunctionExecutable):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSActivation.h:
-        (JSActivation):
-        (JSC::JSActivation::create):
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::registerOffset):
-        (JSC::JSActivation::tearOff):
-        (JSC::JSActivation::allocationSize):
-        (JSC::JSActivation::isValid): This is really the point of the patch. All
-        the pointer math in Activations basically boils away, since we always
-        copy a contiguous region of captured variables now.
-
-        * runtime/SymbolTable.h:
-        (JSC::SlowArgument::SlowArgument):
-        (SlowArgument):
-        (SharedSymbolTable):
-        (JSC::SharedSymbolTable::captureCount):
-        (JSC::SharedSymbolTable::SharedSymbolTable): AllOfTheThings capture mode
-        is gone now -- that's the point of the patch. indexIfCaptured gets renamed
-        to index because we always have an index, even if not captured. (The only
-        time when the index is meaningless is when we're Deleted.)
-
-2012-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Eeeep - broke early boyer in bug#97382
-        https://bugs.webkit.org/show_bug.cgi?id=97383
-
-        Rubber stamped by Sam Weinig.
-
-        missed a child3 -> child2!
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-
-2012-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Pedantic test in Mozilla's JavaScript test suite fails. function-001.js function-001-n.js
-        https://bugs.webkit.org/show_bug.cgi?id=27219
-
-        Reviewed by Sam Weinig.
-
-        These tests are just wrong.
-        See ECMA 262 A.5, FunctionDelcaration does not require a semicolon.
-
-        * tests/mozilla/expected.html:
-        * tests/mozilla/js1_2/function/function-001-n.js:
-        * tests/mozilla/js1_3/Script/function-001-n.js:
-        * tests/mozilla/js1_3/regress/function-001-n.js:
-
-2012-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove redundant argument to op_instanceof
-        https://bugs.webkit.org/show_bug.cgi?id=97382
-
-        Reviewed by Geoff Garen.
-
-        No longer needed after my last change.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitInstanceOf):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::InstanceOfNode::emitBytecode):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        instanceof should not get the prototype for non-default HasInstance
-        https://bugs.webkit.org/show_bug.cgi?id=68656
-
-        Reviewed by Oliver Hunt.
-
-        Instanceof is currently implemented as a sequance of three opcodes:
-            check_has_instance
-            get_by_id(prototype)
-            op_instanceof
-        There are three interesting types of base value that instanceof can be applied to:
-            (A) Objects supporting default instanceof behaviour (functions, other than those created with bind)
-            (B) Objects overriding the default instancecof behaviour with a custom one (API objects, bound functions)
-            (C) Values that do not respond to the [[HasInstance]] trap.
-        Currently check_has_instance handles case (C), leaving the op_instanceof opcode to handle (A) & (B). There are
-        two problems with this apporach. Firstly, this is suboptimal for case (A), since we have to check for
-        hasInstance support twice (once in check_has_instance, then for default behaviour in op_instanceof). Secondly,
-        this means that in cases (B) we also perform the get_by_id, which is both suboptimal and an observable spec
-        violation.
-
-        The fix here is to move handing of non-default instanceof (cases (B)) to the check_has_instance op, leaving
-        op_instanceof to handle only cases (A).
-
-        * API/JSCallbackObject.h:
-        (JSCallbackObject):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::customHasInstance):
-        * API/JSValueRef.cpp:
-        (JSValueIsInstanceOfConstructor):
-            - renamed hasInstance to customHasInstance
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-            - added additional parameters to check_has_instance opcode
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-            - added additional parameters to check_has_instance opcode
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCheckHasInstance):
-            - added additional parameters to check_has_instance opcode
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-            - added additional parameters to check_has_instance opcode
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::InstanceOfNode::emitBytecode):
-            - added additional parameters to check_has_instance opcode
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-            - added additional parameters to check_has_instance opcode
-        * interpreter/Interpreter.cpp:
-        (JSC::isInvalidParamForIn):
-        (JSC::Interpreter::privateExecute):
-            - Add handling for non-default instanceof to op_check_has_instance
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitArrayProfilingSiteForBytecodeIndex):
-            - Fixed no-LLInt no_DFG build
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_check_has_instance):
-        (JSC::JIT::emitSlow_op_check_has_instance):
-            - check for ImplementsDefaultHasInstance, handle additional arguments to op_check_has_instance.
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-            - no need to check for ImplementsDefaultHasInstance.
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_check_has_instance):
-        (JSC::JIT::emitSlow_op_check_has_instance):
-            - check for ImplementsDefaultHasInstance, handle additional arguments to op_check_has_instance.
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emitSlow_op_instanceof):
-            - no need to check for ImplementsDefaultHasInstance.
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-            - Add handling for non-default instanceof to op_check_has_instance
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-            - move check for ImplementsDefaultHasInstance, handle additional arguments to op_check_has_instance.
-        * runtime/ClassInfo.h:
-        (MethodTable):
-        (JSC):
-            - renamed hasInstance to customHasInstance
-        * runtime/CommonSlowPaths.h:
-        (CommonSlowPaths):
-            - removed opInstanceOfSlow (this was whittled down to one function call!)
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::customHasInstance):
-        * runtime/JSBoundFunction.h:
-        (JSBoundFunction):
-            - renamed hasInstance to customHasInstance, reimplemented.
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::customHasInstance):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::hasInstance):
-        (JSC):
-        (JSC::JSObject::defaultHasInstance):
-        * runtime/JSObject.h:
-        (JSObject):
-
-2012-09-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix ARM build.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::store8):
-        (MacroAssemblerARMv7):
-        * offlineasm/armv7.rb:
-
-2012-09-21  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r128400): Opening Google Web Fonts page hangs or crashes
-        https://bugs.webkit.org/show_bug.cgi?id=97328
-
-        Reviewed by Mark Hahnenberg.
-
-        It's a bad idea to emit stub code that reallocates property storage when we're in indexed
-        storage mode. DFGRepatch.cpp knew this and had the appropriate check in one of the places,
-        but it didn't have it in all of the places.
-        
-        This change also adds some more handy disassembly support, which I used to find the bug.
-
-        * assembler/LinkBuffer.h:
-        (JSC):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryCachePutByID):
-        * jit/JITStubRoutine.h:
-        (JSC):
-
-2012-09-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE assumes that a holy PutByVal does not interfere with GetArrayLength, when it clearly does
-        https://bugs.webkit.org/show_bug.cgi?id=97373
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::getArrayLengthElimination):
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGGraph.h:
-        (Graph):
-
-2012-09-21  Chris Rogers  <crogers@google.com>
-
-        Add Web Audio support for deprecated/legacy APIs
-        https://bugs.webkit.org/show_bug.cgi?id=97050
-
-        Reviewed by Eric Carlson.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-09-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Global Math object should be configurable but isn't
-        https://bugs.webkit.org/show_bug.cgi?id=55343
-
-        Reviewed by Oliver Hunt.
-
-        This has no performance impact.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-            - Make 'Math' a regular property.
-
-2012-09-21  Chao-ying Fu  <fu@mips.com>
-
-        Add MIPS or32 function
-        https://bugs.webkit.org/show_bug.cgi?id=97157
-
-        Reviewed by Gavin Barraclough.
-
-        Add a missing or32 function.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::or32): New function.
-        (MacroAssemblerMIPS):
-
-2012-09-20  Filip Pizlo  <fpizlo@apple.com>
-
-        CHECK_ARRAY_CONSISTENCY isn't being used or tested, so we should remove it
-        https://bugs.webkit.org/show_bug.cgi?id=97260
-
-        Rubber stamped by Geoffrey Garen.
-        
-        Supporting it will become difficult as we add more indexing types. It makes more
-        sense to kill, especially since we don't appear to use it or test it, ever.
-
-        * runtime/ArrayConventions.h:
-        (JSC):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSplice):
-        * runtime/ArrayStorage.h:
-        (JSC::ArrayStorage::copyHeaderFromDuringGC):
-        (ArrayStorage):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncBind):
-        * runtime/JSArray.cpp:
-        (JSC::createArrayButterflyInDictionaryIndexingMode):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSArray):
-        (JSC::createArrayButterfly):
-        (JSC::JSArray::tryCreateUninitialized):
-        (JSC::constructArray):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::createArrayStorage):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC):
-        * runtime/JSObject.h:
-        (JSC::JSObject::initializeIndex):
-        (JSObject):
-
-2012-09-20  Mark Lam  <mark.lam@apple.com>
-
-        Fixed a missing semicolon in the C++ llint backend.
-        https://bugs.webkit.org/show_bug.cgi?id=97252.
-
-        Reviewed by Geoff Garen.
-
-        * offlineasm/cloop.rb:
-
-2012-09-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored the interpreter and JIT so they don't dictate closure layout
-        https://bugs.webkit.org/show_bug.cgi?id=97221
-
-        Reviewed by Oliver Hunt.
-
-        Capture may change the location of an argument for space efficiency. This
-        patch removes static assumptions about argument location from the interpreter
-        and JIT.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::argumentIndexAfterCapture):
-        (JSC::ExecState::argumentAfterCapture): Factored out a helper function
-        so the compiler could share this logic.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BracketAccessorNode::emitBytecode): Don't emit optimized bracket
-        access on arguments if a parameter has been captured by name. This case is
-        rare and, where I've seen it in the wild, the optimization mostly failed
-        anyway due to arguments escape, so I didn't feel like writing and testing
-        five copies of the code that would handle it in the baseline engines.
-
-        The DFG can still synthesize this optimization even if we don't emit the
-        optimized bytecode for it.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::symbolTableFor):
-        (AssemblyHelpers): Use the right helper function to account for the fact
-        that a parameter may have been captured by name and moved.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock): ASSERT that we haven't inlined
-        a .apply on captured arguments. Once we do start inlining such things,
-        we'll need to do a little bit of math here to get them right.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Added support for bracket access on
-        an arguments object where arguments have also been captured by name. We
-        load the true index of the argument from a side vector. Arguments elision
-        is very powerful in the DFG, so I wanted to keep it working, even in this
-        rare case.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::loadVarargs): Use the right helper function to account for the fact
-        that a parameter may have been captured by name and moved.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileLoadVarargs): Don't use the inline copy loop if some
-        of our arguments have moved, since it would copy stale values. (We still
-        optimize the actual call, and elide the arguments object.)
-
-2012-09-20  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        [Qt] r129045 broke the ARM build
-        https://bugs.webkit.org/show_bug.cgi?id=97195
-
-        Reviewed by Zoltan Herczeg.
-
-        Implementing missing store8 function.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::store8):
-        (MacroAssemblerARM):
-
-2012-09-19  Geoffrey Garen  <ggaren@apple.com>
-
-        OSR exit sometimes neglects to create the arguments object
-        https://bugs.webkit.org/show_bug.cgi?id=97162
-
-        Reviewed by Filip Pizlo.
-
-        No performance change.
-
-        I don't know of any case where this is a real problem in TOT, but it
-        will become a problem if we start compiling eval, with, or catch, and/or
-        sometimes stop doing arguments optimizations in the bytecode.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run): Account for a
-        CreateArguments that has transformed into PhantomArguments. We used to
-        clear our reference to the CreateArguments node, but now we hold onto it, 
-        so we need to account for it transforming.
-
-        Don't replace a SetLocal(CreateArguments) with a SetLocal(JSValue())
-        because that doesn't leave enough information behind for OSR exit to do
-        the right thing. Instead, maintain our reference to CreateArguments, and
-        rely on CreateArguments transforming into PhantomArguments after
-        optimization. SetLocal(PhantomArguments) is efficient, and it's a marker
-        for OSR exit to create the arguments object.
-
-        Don't ASSERT that all PhantomArguments are unreferenced because we now
-        leave them in the graph as SetLocal(PhantomArguments), and that's harmless.
-
-        * dfg/DFGArgumentsSimplificationPhase.h:
-        (NullableHashTraits):
-        (JSC::DFG::NullableHashTraits::emptyValue): Export our special hash table
-        for inline call frames so the OSR exit compiler can use it.
-
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit): Don't load the 'arguments'
-        register to decide if we need to create the arguments object. Optimization
-        may have eliminated the initializing store to this register, in which
-        case we'll load garbage. Instead, use the global knowledge that all call
-        frames that optimized out 'arguments' now need to create it, and use a hash
-        table to make sure we do so only once per call frame.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): SetLocal(PhantomArguments) is unique
-        because we haven't just changed a value's format or elided a load or store;
-        instead, we've replaced an object with JSValue(). We could try to account
-        for this in a general way, but for now it's a special-case optimization,
-        so we give it a specific OSR hint instead.
-
-2012-09-19  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r128802): It made some JS tests crash
-        https://bugs.webkit.org/show_bug.cgi?id=97001
-
-        Reviewed by Mark Hahnenberg.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildren):
-
-2012-09-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not assume that a ByVal access is generic just because it was unprofiled
-        https://bugs.webkit.org/show_bug.cgi?id=97088
-
-        Reviewed by Geoffrey Garen.
-        
-        We were not disambiguating between "Undecided" in the sense that the array profile
-        has no useful information versus "Undecided" in the sense that the array profile
-        knows that the access has not executed. That's an important distinction, since
-        the former form of "Undecided" means that we should consult value profiling, while
-        the latter means that we should force exit unless the value profiling indicates
-        that the access must be generic (base is not cell or property is not int).
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::refineArrayMode):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::canCSEStorage):
-        (JSC::DFG::modeIsSpecific):
-        (JSC::DFG::modeSupportsLength):
-        (JSC::DFG::benefitsFromStructureCheck):
-
-2012-09-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not emit PutByVal hole case unless it has to
-        https://bugs.webkit.org/show_bug.cgi?id=97080
-
-        Reviewed by Geoffrey Garen.
-
-        This causes us to generate less code for typical PutByVal's. But if profiling tells us
-        that the hole case is being hit, we generate the same code as we would have generated
-        before. This seems like a slight speed-up across the board.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::store8):
-        (MacroAssemblerARMv7):
-        * assembler/MacroAssemblerX86.h:
-        (MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::store8):
-        * assembler/MacroAssemblerX86_64.h:
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::store8):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::movb_i8m):
-        * bytecode/ArrayProfile.h:
-        (JSC::ArrayProfile::ArrayProfile):
-        (JSC::ArrayProfile::addressOfMayStoreToHole):
-        (JSC::ArrayProfile::mayStoreToHole):
-        (ArrayProfile):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (JSC::DFG::mayStoreToHole):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
-        (JSC):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_by_val):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-09-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not call out to C++ every time that it tries to put to an object that doesn't yet have array storage
-        https://bugs.webkit.org/show_bug.cgi?id=96983
-
-        Reviewed by Oliver Hunt.
-
-        Introduce more polymorphism into the DFG's array mode support. Use that to
-        introduce the notion of effectul array modes, where the check for the mode
-        will perform actions necessary to ensure that we have the mode we want, if
-        the object is not already in that mode. Also added profiling support for
-        checking if an object is of a type that would not allow us to create array
-        storage (like a typed array or a string for example).
-        
-        This is a ~2x speed-up on loops that transform an object that did not have
-        indexed storage into one that does.
-
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * bytecode/ArrayProfile.cpp:
-        (JSC::ArrayProfile::computeUpdatedPrediction):
-        * bytecode/ArrayProfile.h:
-        (JSC::ArrayProfile::ArrayProfile):
-        (JSC::ArrayProfile::mayInterceptIndexedAccesses):
-        (ArrayProfile):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (DFG):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (JSC::DFG::modeUsesButterfly):
-        (JSC::DFG::isSlowPutAccess):
-        (JSC::DFG::benefitsFromStructureCheck):
-        (JSC::DFG::isEffectful):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArrayMode):
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasArrayMode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Arguments.h:
-        (Arguments):
-        * runtime/JSNotAnObject.h:
-        (JSNotAnObject):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::ensureArrayStorage):
-        * runtime/JSString.h:
-        (JSC::JSString::createStructure):
-
-2012-09-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Include PhantomArguments in DFGDisassembly
-        https://bugs.webkit.org/show_bug.cgi?id=97043
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::willHaveCodeGenOrOSR):
-
-2012-09-18  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r128802): It made some JS tests crash
-        https://bugs.webkit.org/show_bug.cgi?id=97001
-
-        Reviewed by Mark Hahnenberg.
-
-        IndexingHeaderInlineMethods was incorrectly assuming that if the HasArrayStorage bit is clear, then that means that indexing payload capacity is zero.
-
-        * runtime/IndexingHeaderInlineMethods.h:
-        (JSC::IndexingHeader::preCapacity):
-        (JSC::IndexingHeader::indexingPayloadSizeInBytes):
-
-2012-09-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Use WTF::HasTrivialDestructor instead of compiler-specific versions in JSC::NeedsDestructor
-        https://bugs.webkit.org/show_bug.cgi?id=96980
-
-        Reviewed by Benjamin Poulain.
-
-        * runtime/JSCell.h:
-        (JSC):
-        (NeedsDestructor):
-
-2012-09-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGOperations doesn't use NativeCallFrameTracer in enough places
-        https://bugs.webkit.org/show_bug.cgi?id=96987
-
-        Reviewed by Mark Hahnenberg.
-
-        Anything that can GC should use it.
-
-        * dfg/DFGOperations.cpp:
-
-2012-09-18  Mark Lam  <mark.lam@apple.com>
-
-        Not reviewed. Attempt at greening the WinCairo bot. Touching
-        LowLevelInterpreter.asm to trigger a rebuild of LLIntDesiredOffsets.
-        https://bugs.webkit.org/show_bug.cgi?id=96992.
-
-        * llint/LowLevelInterpreter.asm:
-
-2012-09-18  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        [Qt] REGRESSION(r128790): It broke the ARM build
-        https://bugs.webkit.org/show_bug.cgi?id=96968
-
-        Reviewed by Filip Pizlo.
-
-        Implement the missing or32 method in the MacroAssemblerARM.h.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::or32):
-        (MacroAssemblerARM):
-
-2012-09-18  Mark Lam  <mark.lam@apple.com>
-
-        Fix for WinCairo builds.
-        https://bugs.webkit.org/show_bug.cgi?id=96992.
-
-        Reviewed by Filip Pizlo.
-
-        Adding additional vcproj build targets in LLIntDesiredOffsets.vcproj,
-        LLIntOffsetsExtractor.vcproj, and LLIntAssembly.vcproj to match those
-        in jsc.vcproj.
-
-        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj:
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj:
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj:
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugAll.vsprops: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.vsprops: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleaseCairoCFLite.vsprops: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleasePGO.vsprops: Added.
-
-2012-09-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix sloppy English in comment.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC):
-
-2012-09-17  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed, rolling out r128826 and r128813.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC):
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSCallbackConstructor):
-        * API/JSCallbackObject.cpp:
-        (JSC):
-        (JSC::::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::create):
-        (JSCallbackObject):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSValueRef.cpp:
-        (JSValueIsObjectOfClass):
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * GNUmakefile.list.am:
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * heap/Heap.cpp:
-        (JSC::Heap::isSafeToSweepStructures):
-        (JSC):
-        * heap/Heap.h:
-        (JSC::Heap::allocatorForObjectWithDestructor):
-        (Heap):
-        (JSC::Heap::allocateWithDestructor):
-        (JSC::Heap::allocateStructure):
-        (JSC):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::sweepNextBlock):
-        (JSC::IncrementalSweeper::startSweeping):
-        (JSC::IncrementalSweeper::willFinishSweeping):
-        (JSC::IncrementalSweeper::structuresCanBeSwept):
-        (JSC):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::allocateBlock):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::cellsNeedDestruction):
-        (JSC::MarkedAllocator::onlyContainsStructures):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::init):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC):
-        (JSC::MarkedBlock::specializedSweep):
-        (JSC::MarkedBlock::sweep):
-        (JSC::MarkedBlock::sweepHelper):
-        * heap/MarkedBlock.h:
-        (JSC):
-        (MarkedBlock):
-        (JSC::MarkedBlock::cellsNeedDestruction):
-        (JSC::MarkedBlock::onlyContainsStructures):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::MarkedSpace::isPagedOut):
-        (JSC::MarkedSpace::freeBlock):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (Subspace):
-        (JSC::MarkedSpace::allocatorFor):
-        (JSC::MarkedSpace::destructorAllocatorFor):
-        (JSC::MarkedSpace::allocateWithDestructor):
-        (JSC::MarkedSpace::allocateStructure):
-        (JSC::MarkedSpace::forEachBlock):
-        * heap/SlotVisitor.cpp:
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateJSFinalObject):
-        (JSC::JIT::emitAllocateJSArray):
-        * jsc.cpp:
-        (GlobalObject::create):
-        * runtime/Arguments.cpp:
-        (JSC):
-        * runtime/Arguments.h:
-        (Arguments):
-        (JSC::Arguments::Arguments):
-        * runtime/ErrorPrototype.cpp:
-        (JSC):
-        * runtime/Executable.h:
-        * runtime/InternalFunction.cpp:
-        (JSC):
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        (InternalFunction):
-        * runtime/JSCell.h:
-        (JSC):
-        (JSC::allocateCell):
-        * runtime/JSDestructibleObject.h: Removed.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::createRareDataIfNeeded):
-        (JSC::JSGlobalObject::create):
-        * runtime/JSGlobalThis.h:
-        (JSGlobalThis):
-        (JSC::JSGlobalThis::JSGlobalThis):
-        * runtime/JSPropertyNameIterator.h:
-        * runtime/JSScope.cpp:
-        (JSC):
-        * runtime/JSString.h:
-        (JSC):
-        * runtime/JSWrapperObject.h:
-        (JSWrapperObject):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/MathObject.cpp:
-        (JSC):
-        * runtime/NameInstance.h:
-        (NameInstance):
-        * runtime/RegExp.h:
-        * runtime/RegExpObject.cpp:
-        (JSC):
-        * runtime/SparseArrayValueMap.h:
-        * runtime/Structure.h:
-        (JSC::Structure):
-        (JSC::JSCell::classInfo):
-        (JSC):
-        * runtime/StructureChain.h:
-        * runtime/SymbolTable.h:
-        * testRegExp.cpp:
-        (GlobalObject::create):
-
-2012-09-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored the arguments object so it doesn't dictate closure layout
-        https://bugs.webkit.org/show_bug.cgi?id=96955
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/CodeBlock.h:
-        (JSC::ExecState::argumentAfterCapture): Helper function for accessing an
-        argument that has been moved for capture.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Generate metadata for arguments
-        that are captured. We don't move any arguments yet, but we do use this
-        metadata to tell the arguments object if an argument is stored in the
-        activation.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Updated for the arguments object not
-        malloc'ing a separate backing store, and for a rename from deletedArguments
-        to slowArguments.
-
-        * interpreter/CallFrame.h:
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL): Updated for small interface changes.
-
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::visitChildren):
-        (JSC::Arguments::copyToArguments):
-        (JSC::Arguments::fillArgList):
-        (JSC::Arguments::getOwnPropertySlotByIndex):
-        (JSC::Arguments::createStrictModeCallerIfNecessary):
-        (JSC::Arguments::createStrictModeCalleeIfNecessary):
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::getOwnPropertyNames):
-        (JSC::Arguments::putByIndex):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deletePropertyByIndex):
-        (JSC::Arguments::deleteProperty):
-        (JSC::Arguments::defineOwnProperty):
-        (JSC::Arguments::tearOff): Moved all data inline into the object, for speed,
-        and refactored all internal argument accesses to use helper functions, so
-        we can change the implementation without changing lots of code.
-
-        (JSC::Arguments::didTearOffActivation): This function needs to account
-        for arguments that were moved by the activation object. We do this accounting
-        through a side vector that tells us where our arguments will be in the
-        activation.
-
-        (JSC::Arguments::tearOffForInlineCallFrame):
-        * runtime/Arguments.h:
-        (Arguments):
-        (JSC::Arguments::length):
-        (JSC::Arguments::isTornOff):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::allocateSlowArguments):
-        (JSC::Arguments::tryDeleteArgument):
-        (JSC::Arguments::trySetArgument):
-        (JSC::Arguments::tryGetArgument):
-        (JSC::Arguments::isDeletedArgument):
-        (JSC::Arguments::isArgument):
-        (JSC::Arguments::argument):
-        (JSC::Arguments::finishCreation):
-
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::create):
-        (JSActivation):
-        (JSC::JSActivation::captureStart):
-        (JSC::JSActivation::storageSize):
-        (JSC::JSActivation::registerOffset):
-        (JSC::JSActivation::isValid): The activation object is no longer responsible
-        for copying extra arguments provided by the caller. The argumnents object
-        does this instead. This means we can allocate and initialize an activation
-        without worrying about the call frame's argument count.
-
-        * runtime/SymbolTable.h:
-        (JSC::SlowArgument::SlowArgument):
-        (SlowArgument):
-        (JSC):
-        (JSC::SharedSymbolTable::parameterCount):
-        (SharedSymbolTable):
-        (JSC::SharedSymbolTable::slowArguments):
-        (JSC::SharedSymbolTable::setSlowArguments): Added data structures to back
-        the algorithms above.
-
-2012-09-17  Filip Pizlo  <fpizlo@apple.com>
-
-        32-bit LLInt get_by_val does vector length checks incorrectly
-        https://bugs.webkit.org/show_bug.cgi?id=96893
-        <rdar://problem/12311678>
-
-        Reviewed by Mark Hahnenberg.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-09-17  Filip Pizlo  <fpizlo@apple.com>
-
-        We don't have a bad enough time if an object's prototype chain crosses global objects
-        https://bugs.webkit.org/show_bug.cgi?id=96962
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC):
-
-2012-09-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix a broken assertion in offlineasm.
-
-        * offlineasm/armv7.rb:
-        * offlineasm/backends.rb:
-
-2012-09-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Delayed structure sweep can leak structures without bound
-        https://bugs.webkit.org/show_bug.cgi?id=96546
-
-        Reviewed by Gavin Barraclough.
-
-        This patch gets rid of the separate Structure allocator in the MarkedSpace and adds two new destructor-only
-        allocators. We now have separate allocators for our three types of objects: those objects with no destructors,
-        those objects with destructors and with immortal structures, and those objects with destructors that don't have 
-        immortal structures. All of the objects of the third type (destructors without immortal structures) now 
-        inherit from a new class named JSDestructibleObject (which in turn is a subclass of JSNonFinalObject), which stores 
-        the ClassInfo for these classes at a fixed offset for safe retrieval during sweeping/destruction.
-
-        * API/JSCallbackConstructor.cpp: Use JSDestructibleObject for JSCallbackConstructor.
-        (JSC):
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSCallbackConstructor):
-        * API/JSCallbackObject.cpp: Inherit from JSDestructibleObject for normal JSCallbackObjects and use a finalizer for 
-        JSCallbackObject<JSGlobalObject>, since JSGlobalObject also uses a finalizer.
-        (JSC):
-        (JSC::::create): We need to move the create function for JSCallbackObject<JSGlobalObject> out of line so we can add 
-        the finalizer for it. We don't want to add the finalizer is something like finishCreation in case somebody decides 
-        to subclass this. We use this same technique for many other subclasses of JSGlobalObject.
-        (JSC::::createStructure):
-        * API/JSCallbackObject.h:
-        (JSCallbackObject):
-        (JSC):
-        * API/JSClassRef.cpp: Change all the JSCallbackObject<JSNonFinalObject> to use JSDestructibleObject instead.
-        (OpaqueJSClass::prototype):
-        * API/JSObjectRef.cpp: Ditto.
-        (JSObjectMake):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSValueRef.cpp: Ditto.
-        (JSValueIsObjectOfClass):
-        * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGSpeculativeJIT.h: Use the proper allocator type when doing inline allocation in the DFG.
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * heap/Heap.cpp:
-        (JSC):
-        * heap/Heap.h: Add accessors for the various types of allocators now. Also remove the isSafeToSweepStructures function 
-        since it's always safe to sweep Structures now.
-        (JSC::Heap::allocatorForObjectWithNormalDestructor): 
-        (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
-        (Heap):
-        (JSC::Heap::allocateWithNormalDestructor):
-        (JSC):
-        (JSC::Heap::allocateWithImmortalStructureDestructor):
-        * heap/IncrementalSweeper.cpp: Remove all the logic to detect when it's safe to sweep Structures from the 
-        IncrementalSweeper since it's always safe to sweep Structures now.
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::sweepNextBlock):
-        (JSC::IncrementalSweeper::startSweeping):
-        (JSC::IncrementalSweeper::willFinishSweeping):
-        (JSC):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp: Remove the logic that was preventing us from sweeping Structures if it wasn't safe. Add 
-        tracking of the specific destructor type of allocator. 
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::allocateBlock):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::destructorType):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::init):
-        * heap/MarkedBlock.cpp: Add all the destructor type stuff to MarkedBlocks so that we do the right thing when sweeping. 
-        We also use the stored destructor type to determine the right thing to do in all JSCell::classInfo() calls.
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC):
-        (JSC::MarkedBlock::specializedSweep):
-        (JSC::MarkedBlock::sweep):
-        (JSC::MarkedBlock::sweepHelper):
-        * heap/MarkedBlock.h:
-        (JSC):
-        (JSC::MarkedBlock::allocator):
-        (JSC::MarkedBlock::destructorType):
-        * heap/MarkedSpace.cpp: Add the new destructor allocators to MarkedSpace.
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::MarkedSpace::isPagedOut):
-        (JSC::MarkedSpace::freeBlock):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor):
-        (JSC::MarkedSpace::normalDestructorAllocatorFor):
-        (JSC::MarkedSpace::allocateWithImmortalStructureDestructor):
-        (JSC::MarkedSpace::allocateWithNormalDestructor):
-        (JSC::MarkedSpace::forEachBlock):
-        * heap/SlotVisitor.cpp: Add include because the symbol was needed in an inlined function.
-        * jit/JIT.h: Make sure we use the correct allocator when doing inline allocations in the baseline JIT.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateJSFinalObject):
-        (JSC::JIT::emitAllocateJSArray):
-        * jsc.cpp: 
-        (GlobalObject::create): Add finalizer here since JSGlobalObject needs to use a finalizer instead of inheriting from 
-        JSDestructibleObject.
-        * runtime/Arguments.cpp: Inherit from JSDestructibleObject.
-        (JSC):
-        * runtime/Arguments.h:
-        (Arguments):
-        (JSC::Arguments::Arguments):
-        * runtime/ErrorPrototype.cpp: Added an assert to make sure we have a trivial destructor.
-        (JSC):
-        * runtime/Executable.h: Indicate that all of the Executable* classes have immortal Structures.
-        (JSC):
-        * runtime/InternalFunction.cpp: Inherit from JSDestructibleObject.
-        (JSC):
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        (InternalFunction):
-        * runtime/JSCell.h: Added the NEEDS_DESTRUCTOR  macro to make it easier for classes to indicate that instead of being 
-        allocated in a destructor MarkedAllocator that they will handle their destruction themselves through the 
-        use of a finalizer.
-        (JSC):
-        (HasImmortalStructure): New template to help us determine at compile-time if a particular class 
-        should be allocated in the immortal structure MarkedAllocator. The default value is false. In order 
-        to be allocated in the immortal structure allocator, classes must specialize this template. Also added 
-        a macro to make it easier for classes to specialize the template.
-        (JSC::allocateCell): Use the appropriate allocator depending on the destructor type.
-        * runtime/JSDestructibleObject.h: Added. New class that stores the ClassInfo of any subclass so that it can be 
-        accessed safely when the object is being destroyed.
-        (JSC):
-        (JSDestructibleObject):
-        (JSC::JSDestructibleObject::classInfo):
-        (JSC::JSDestructibleObject::JSDestructibleObject):
-        (JSC::JSCell::classInfo): Checks the current MarkedBlock to see where it should get the ClassInfo from so that it's always safe.
-        * runtime/JSGlobalObject.cpp: JSGlobalObject now uses a finalizer instead of a destructor so that it can avoid forcing all 
-        of its relatives in the inheritance hierarchy (e.g. JSScope) to use destructors as well.
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::createRareDataIfNeeded): Since we always create a finalizer now, we don't have to worry about adding one 
-        for the m_rareData field when it's created.
-        (JSC::JSGlobalObject::create):
-        (JSC):
-        * runtime/JSGlobalThis.h: Inherit from JSDestructibleObject.
-        (JSGlobalThis):
-        (JSC::JSGlobalThis::JSGlobalThis):
-        * runtime/JSPropertyNameIterator.h: Has an immortal Structure.
-        (JSC):
-        * runtime/JSScope.cpp:
-        (JSC):
-        * runtime/JSString.h: Has an immortal Structure.
-        (JSC):
-        * runtime/JSWrapperObject.h: Inherit from JSDestructibleObject.
-        (JSWrapperObject):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/MathObject.cpp: Cleaning up some of the inheritance stuff.
-        (JSC):
-        * runtime/NameInstance.h: Inherit from JSDestructibleObject.
-        (NameInstance):
-        * runtime/RegExp.h: Has immortal Structure.
-        (JSC):
-        * runtime/RegExpObject.cpp: Inheritance cleanup.
-        (JSC):
-        * runtime/SparseArrayValueMap.h: Has immortal Structure.
-        (JSC):
-        * runtime/Structure.h: Has immortal Structure.
-        (JSC):
-        * runtime/StructureChain.h: Ditto.
-        (JSC):
-        * runtime/SymbolTable.h: Ditto.
-        (SharedSymbolTable):
-        (JSC):
-
-2012-09-17  Filip Pizlo  <fpizlo@apple.com>
-
-        If a prototype has indexed setters and its instances have indexed storage, then all put_by_val's should have a bad time
-        https://bugs.webkit.org/show_bug.cgi?id=96596
-
-        Reviewed by Gavin Barraclough.
-
-        Added comprehensive support for accessors and read-only indexed properties on the
-        prototype chain. This is done without any performance regression on benchmarks that
-        we're aware of, by having the entire VM's strategy with respect to arrays tilted
-        heavily in favor of:
-        
-        - The prototype chain of JSArrays never having any accessors or read-only indexed
-          properties. If that changes, you're going to have a bad time.
-        
-        - Prototypes of non-JSArray objects either having no indexed accessors or read-only
-          indexed properties, or, having those indexed accessor thingies inserted before
-          any instance object (i.e. object with that prototype as its prototype) is created.
-          If you add indexed accessors or read-only indexed properties to an object that is
-          already used as a prototype, you're going to have a bad time.
-        
-        See below for the exact definition of having a bad time.
-        
-        Put another way, "fair" uses of indexed accessors and read-only indexed properties
-        are:
-        
-        - Put indexed accessors and read-only indexed properties on an object that is never
-          used as a prototype. This will slow down accesses to that object, but will not
-          have any effect on any other object.
-        
-        - Put those indexed accessor thingies on an object before it is used as a prototype
-          and then start instantiating objects that claim that object as their prototype.
-          This will slightly slow down indexed stores to the instance objects, and greatly
-          slow down all indexed accesses to the prototype, but will have no other effect.
-        
-        In short, "fair" uses only affect the object itself and any instance objects. But
-        if you start using indexed accessors in more eclectic ways, you're going to have
-        a bad time.
-        
-        Specifically, if an object that may be used as a prototype has an indexed accessor
-        added, the VM performs a whole-heap scan to find all objects that belong to the
-        same global object as the prototype you modified. If any of those objects has
-        indexed storage, their indexed storage is put into slow-put mode, just as if their
-        prototype chain had indexed accessors. This will happen even for objects that do
-        not currently have indexed accessors in their prototype chain. As well, all JSArray
-        allocations are caused to create arrays with slow-put storage, and all future
-        allocations of indexed storage for non-JSArray objects are also flipped to slow-put
-        mode. Note there are two aspects to having a bad time: (i) the whole-heap scan and
-        (ii) the poisoning of all indexed storage in the entire global object. (i) is
-        necessary for correctness. If we detect that an object that may be used as a
-        prototype has had an indexed accessor or indexed read-only property inserted into
-        it, then we need to ensure that henceforth all instances of that object inspect
-        the prototype chain whenever an indexed hole is stored to. But by default, indexed
-        stores do no such checking because doing so would be unnecessarily slow. So, we must
-        find all instances of the affected object and flip them into a different array
-        storage mode that omits all hole optimizations. Since prototypes never keep a list
-        of instance objects, the only way to find those objects is a whole-heap scan. But
-        (i) alone would be a potential disaster, if a program frequently allocated an
-        object without indexed accessors, then allocated a bunch of objects that used that
-        one as their prototype, and then added indexed accessors to the prototype. So, to
-        prevent massive heap scan storms in such awkward programs, having a bad time also
-        implies (ii): henceforth *all* objects belonging to that global object will use
-        slow put indexed storage, so that we don't ever have to scan the heap again. Note
-        that here we are using the global object as just an approximation of a program
-        module; it may be worth investigating in the future if other approximations can be
-        used instead.
-
-        * bytecode/ArrayProfile.h:
-        (JSC):
-        (JSC::arrayModeFromStructure):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (JSC::DFG::isSlowPutAccess):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSArray):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::finishCreation):
-        (JSC::arrayProtoFuncSort):
-        * runtime/IndexingType.h:
-        (JSC):
-        (JSC::hasIndexedProperties):
-        (JSC::hasIndexingHeader):
-        (JSC::hasArrayStorage):
-        (JSC::shouldUseSlowPut):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToArguments):
-        * runtime/JSArray.h:
-        (JSC::JSArray::createStructure):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        (JSC::JSGlobalObject::haveABadTime):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::addressOfArrayStructure):
-        (JSC::JSGlobalObject::havingABadTimeWatchpoint):
-        (JSC::JSGlobalObject::isHavingABadTime):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitButterfly):
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::put):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::notifyPresenceOfIndexedAccessors):
-        (JSC):
-        (JSC::JSObject::createArrayStorage):
-        (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
-        (JSC::JSObject::switchToSlowPutArrayStorage):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::resetInheritorID):
-        (JSC::JSObject::inheritorID):
-        (JSC::JSObject::allowsAccessFrom):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::unwrappedGlobalObject):
-        (JSC::JSObject::notifyUsedAsPrototype):
-        (JSC::JSObject::createInheritorID):
-        (JSC::JSObject::defineOwnIndexedProperty):
-        (JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
-        (JSC::JSObject::attemptToInterceptPutByIndexOnHole):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::getNewVectorLength):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::mayBeUsedAsPrototype):
-        (JSObject):
-        (JSC::JSObject::mayInterceptIndexedAccesses):
-        (JSC::JSObject::getArrayLength):
-        (JSC::JSObject::getVectorLength):
-        (JSC::JSObject::canGetIndexQuickly):
-        (JSC::JSObject::getIndexQuickly):
-        (JSC::JSObject::canSetIndexQuickly):
-        (JSC::JSObject::setIndexQuickly):
-        (JSC::JSObject::initializeIndex):
-        (JSC::JSObject::completeInitialization):
-        (JSC::JSObject::inSparseIndexingMode):
-        (JSC::JSObject::arrayStorage):
-        (JSC::JSObject::arrayStorageOrNull):
-        (JSC::JSObject::ensureArrayStorage):
-        (JSC):
-        (JSC::JSValue::putByIndex):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::putToPrimitive):
-        (JSC::JSValue::putToPrimitiveByIndex):
-        (JSC):
-        * runtime/JSValue.h:
-        (JSValue):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::finishCreation):
-        * runtime/SparseArrayValueMap.cpp:
-        (JSC::SparseArrayValueMap::putEntry):
-        (JSC::SparseArrayEntry::put):
-        (JSC):
-        * runtime/SparseArrayValueMap.h:
-        (JSC):
-        (SparseArrayEntry):
-        * runtime/Structure.cpp:
-        (JSC::Structure::anyObjectInChainMayInterceptIndexedAccesses):
-        (JSC):
-        (JSC::Structure::suggestedIndexingTransition):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::mayInterceptIndexedAccesses):
-        * runtime/StructureTransitionTable.h:
-        (JSC::newIndexingType):
-
-2012-09-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Array profiling has convergence issues
-        https://bugs.webkit.org/show_bug.cgi?id=96891
-
-        Reviewed by Gavin Barraclough.
-
-        Now each array profiling site merges in the indexing type it observed into
-        the m_observedArrayModes bitset. The ArrayProfile also uses this to detect
-        cases where the structure must have gone polymorphic (if the bitset is
-        polymorphic then the structure must be). This achieves something like the
-        best of both worlds: on the one hand, we get a probabilistic structure that
-        we can use to optimize the monomorphic structure case, but on the other hand,
-        we get an accurate view of the set of types that were encountered.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::or32):
-        (MacroAssemblerARMv7):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::or32):
-        (MacroAssemblerX86):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::or32):
-        (MacroAssemblerX86_64):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::orl_rm):
-        * bytecode/ArrayProfile.cpp:
-        (JSC::ArrayProfile::computeUpdatedPrediction):
-        * bytecode/ArrayProfile.h:
-        (JSC::ArrayProfile::addressOfArrayModes):
-        (JSC::ArrayProfile::structureIsPolymorphic):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC):
-        (JSC::JIT::emitArrayProfilingSite):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-09-17  Mark Lam  <mark.lam@apple.com>
-
-        Not reviewed. Added svn:eol-style native to unbreak some build bots.
-        https://bugs.webkit.org/show_bug.cgi?id=96175.
-
-        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Added property svn:eol-style.
-
-2012-09-16  Mark Lam  <mark.lam@apple.com>
-
-        Added MSVC project changes to enable building the llint.
-        https://bugs.webkit.org/show_bug.cgi?id=96175.
-
-        Reviewed by Geoff Garen.
-
-        This only adds the ability to build the llint, but currently, only the
-        C++ backend is supported. By default, the Windows port will remain
-        running with the baseline JIT.  The llint will not be enabled.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/LLIntAssembly: Added.
-        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Added.
-        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Added.
-        * JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Added.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets: Added.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Added.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Added.
-        * JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Added.
-        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Added.
-
-2012-09-16  Filip Pizlo  <fpizlo@apple.com>
-
-        JSObject.cpp and JSArray.cpp have inconsistent tests for the invalid array index case
-        https://bugs.webkit.org/show_bug.cgi?id=96878
-
-        Reviewed by Sam Weinig.
-
-        Removed the uses of UNLIKELY() because I don't believe they are buying us anything,
-        since we're already on the slow path. Also found other places where we're testing for
-        the invalid array index case using unusual predicates rather than just using
-        MAX_ARRAY_INDEX. With this change, I believe that all of our tests for invalid
-        array indices (i.e. indices that should be treated as non-indexed properties)
-        uniformly use MAX_ARRAY_INDEX and PropertyName::NotAnIndex.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::push):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::defineOwnIndexedProperty):
-
-2012-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Following the Butterfly refactoring, the comment for lastArraySize was not updated
-        https://bugs.webkit.org/show_bug.cgi?id=96877
-
-        Reviewed by Sam Weinig.
-
-        * runtime/JSObject.cpp:
-        (JSC):
-
-2012-09-15  Mark Lam  <mark.lam@apple.com>
-
-        Fixed JSLock to use the platform abstraction for Mutex instead of
-        depending on pthreads.
-        https://bugs.webkit.org/show_bug.cgi?id=96858.
-
-        Reviewed by Filip Pizlo.
-
-        This fixes a synchronization problem on the Windows port and makes
-        it more reliable when running the layout tests.
-
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSLock.cpp:
-        (JSC):
-        (JSC::GlobalJSLock::GlobalJSLock):
-        (JSC::GlobalJSLock::~GlobalJSLock):
-        (JSC::GlobalJSLock::initialize):
-        * runtime/JSLock.h:
-        (GlobalJSLock):
-        (JSLock):
-
-2012-09-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure check hoisting fails to consider the possibility of conflicting checks on the source of the first assignment to the hoisted variable
-        https://bugs.webkit.org/show_bug.cgi?id=96872
-
-        Reviewed by Oliver Hunt.
-
-        This does a few related things:
-        
-        - It turns off the use of ForceOSRExit for sure-to-fail CheckStructures, because
-          I noticed that this would sometimes happen for a ForwardCheckStructure. The
-          problem is that ForceOSRExit exits backwards, not forwards. Since the code that
-          led to those ForceOSRExit's being inserted was written out of paranoia rather
-          than need, I removed it. Specifically, I removed the m_isValid = false code
-          for CheckStructure/StructureTransitionWatchpoint in AbstractState.
-        
-        - If a structure check causes a structure set to go empty, we don't want a
-          PutStructure to revive the set. It should instead be smart enough to realize 
-          that an empty set implies that the code can't execute. This was the only "bug"
-          that the use of m_isValid = false was preventing.
-        
-        - Finally, the main change: structure check hoisting looks at the source of the
-          SetLocals on structure-check-hoistable variables and ensures that the source
-          is not checked with a conflicting structure. This is O(n^2) but it does not
-          show up at all in performance tests.
-        
-        The first two parts of this change were auxiliary bugs that were revealed by
-        the structure check hoister doing bad things.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        All of the things in SparseArrayValueMap should be out-of-line
-        https://bugs.webkit.org/show_bug.cgi?id=96854
-
-        Reviewed by Andy Estes.
-
-        Those inline methods were buying us nothing.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSArray.cpp:
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSObject.cpp:
-        * runtime/RegExpMatchesArray.cpp:
-        * runtime/SparseArrayValueMap.cpp:
-        (JSC::SparseArrayValueMap::SparseArrayValueMap):
-        (JSC):
-        (JSC::SparseArrayValueMap::~SparseArrayValueMap):
-        (JSC::SparseArrayValueMap::finishCreation):
-        (JSC::SparseArrayValueMap::create):
-        (JSC::SparseArrayValueMap::destroy):
-        (JSC::SparseArrayValueMap::createStructure):
-        (JSC::SparseArrayValueMap::add):
-        (JSC::SparseArrayValueMap::putEntry):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayEntry::get):
-        (JSC::SparseArrayEntry::getNonSparseMode):
-        (JSC::SparseArrayValueMap::visitChildren):
-        * runtime/SparseArrayValueMapInlineMethods.h: Removed.
-
-2012-09-14  Mike West  <mkwst@chromium.org>
-
-        JSC should throw a more descriptive exception when blocking 'eval' via CSP.
-        https://bugs.webkit.org/show_bug.cgi?id=94331
-
-        Reviewed by Geoffrey Garen.
-
-        Unless explicitly whitelisted, the 'script-src' Content Security Policy
-        directive blocks 'eval' and 'eval'-like constructs such as
-        'new Function()'. When 'eval' is encountered in code, an 'EvalError' is
-        thrown, but the associated message is poor: "Eval is disabled" doesn't
-        give developers enough information about why their code isn't behaving
-        as expected.
-
-        This patch adds an 'errorMessage' parameter to the JavaScriptCore method
-        used to disable 'eval'; ContentSecurityPolicy has the opportunity to
-        pass in a more detailed and descriptive error that contains more context
-        for the developer.
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-            Drop the hard-coded "Eval is disabled" error message in favor of
-            reading the error message off the global object.
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::getCallData):
-            Drop the hard-coded "Function constructor is disabled" error message
-            in favor of reading the error message off the global object.
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::evalEnabled):
-            Making this accessor method const.
-        (JSC::JSGlobalObject::evalDisabledErrorMessage):
-            Accessor for the error message set via 'setEvalDisabled'.
-        (JSC::JSGlobalObject::setEvalEnabled):
-            Adding an 'errorMessage' parameter which is stored on the global
-            object, and used when exceptions are thrown.
-
-2012-09-14  Filip Pizlo  <fpizlo@apple.com>
-
-        bbc homepage crashes immediately
-        https://bugs.webkit.org/show_bug.cgi?id=96812
-        <rdar://problem/12081386>
-
-        Reviewed by Oliver Hunt.
-
-        If you use the old storage pointer to write to space you thought was newly allocated,
-        you're going to have a bad time.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::unshiftCount):
-
-2012-09-14  Adam Barth  <abarth@webkit.org>
-
-        Remove webkitPostMessage
-        https://bugs.webkit.org/show_bug.cgi?id=96577
-
-        Reviewed by Ojan Vafai.
-
-        Add ENABLE_LEGACY_VENDOR_PREFIXES flag.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-09-14  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Make force_static_libs_as_shared work on Mac OS
-
-        We had to move a few LIBS += around that were in the wrong place,
-        and not caught when everything was just linked into the final
-        QtWebKit library.
-
-        Reviewed by Simon Hausmann.
-
-        * jsc.pro: No need for AppKit, we get it from WTF.pri
-
-2012-09-14  Kevin Funk  <kevin.funk@kdab.com>
-
-        Fix interpreter build
-        https://bugs.webkit.org/show_bug.cgi?id=96617
-
-        Reviewed by Simon Hausmann.
-
-        Make compile.
-
-        * interpreter/Interpreter.cpp:
-
-2012-09-14  Parth Patel  <parpatel@rim.com>
-
-        [BlackBerry] Switching from Slogger to Slogger2 requires changes in CMakeList of 
-        webkit in order to include libraries of slog2
-        https://bugs.webkit.org/show_bug.cgi?id=96391
-
-        Reviewed by Yong Li.
-
-        Changes in Cmake files of JavaScriptCore of webkit to include slog2 libs in build 
-        files of webkit in response to switching from Slogger to Slogger2.
-
-        * shell/PlatformBlackBerry.cmake:
-
-2012-09-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove the Zapped BlockState
-        https://bugs.webkit.org/show_bug.cgi?id=96708
-
-        Reviewed by Geoffrey Garen.
-
-        The Zapped block state is rather confusing. It indicates that a block is in one of two different states that we 
-        can't tell the difference between:
-
-        1) I have run all destructors of things that are zapped, and I have not allocated any more objects. This block 
-           is ready for reclaiming if you so choose.
-        2) I have run all the destructors of things that are zapped, but I have allocated more stuff since then, so it 
-           is not safe to reclaim this block.
-
-        This state adds a lot of complexity to our state transition model for MarkedBlocks. We should get rid of it. 
-        We can replace this state by making sure mark bits represent all of the liveness information we need when running 
-        our conservative stack scan. Instead of zapping the free list when canonicalizing cell liveness data prior to 
-        a conservative scan, we can instead mark all objects in the block except for those in the free list. This should 
-        incur no performance penalty since we're doing it on a very small O(1) number of blocks at the beginning of the collection. 
-
-        For the time being we still need to use zapping to determine whether we have run an object's destructor or not.
-
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper): Renaming stuff.
-        * heap/MarkedAllocator.h: Renamed zapFreeList to canonicalizeCellLivenessData to match.
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::canonicalizeCellLivenessData): Same as old zapFreeList, but just call canonicalize instead.
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::specializedSweep): Remove the check for Zapped block stuff. Also change the block state to Marked 
-        instead of Zapped if we're not producing a FreeList since that's the only other state that really makes any sense.
-        (JSC::MarkedBlock::sweepHelper): Remove Zapped related code.
-        (SetAllMarksFunctor): Functor to set all the mark bits in the block since there's not a simple function to call on 
-        the Bitmap itself.
-        (JSC::SetAllMarksFunctor::operator()):
-        (JSC):
-        (JSC::MarkedBlock::canonicalizeCellLivenessData): Remove all the stuff for Zapped. For FreeListed, set all the mark bits
-        and then clear the ones for the objects in the FreeList. This ensures that only the things that were in the FreeList 
-        are considered to be dead by the conservative scan, just like if we were to have zapped the FreeList like before. 
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::clearMarked): Add function to clear individual mark bits, since we need that functionality now.
-        (JSC):
-        (JSC::MarkedBlock::isLive): Remove code for Zapped stuff. Marked handles all interesting cases now.
-        (JSC::MarkedBlock::forEachCell): Add new iterator function that iterates over all cells in the block, regardless of 
-        whether they're live or a dead.
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::canonicalizeCellLivenessData): Change to call the renamed canonicalize function. 
-
-2012-09-13  Kevin Funk  <kevin.funk@kdab.com>
-
-        Make compile with both OS(WINCE) and PLATFORM(QT) support
-        https://bugs.webkit.org/show_bug.cgi?id=95536
-
-        Reviewed by Simon Hausmann.
-
-        Do not link against advapi32 on wince
-
-        * jsc.pro:
-
-2012-09-13  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored the DFG to make fewer assumptions about variable capture
-        https://bugs.webkit.org/show_bug.cgi?id=96680
-
-        Reviewed by Gavin Barraclough.
-
-        A variable capture optimization patch I'm working on broke DFG
-        correctness and the arguments simplification optimization phase, so I've
-        refactored both to make fewer assumptions about variable capture.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isCaptured): This is the new One True Way to find out
-        if a variable was captured. This gives us a single point of maintenance
-        as we chagne capture behavior.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::clobberCapturedVars): Don't assume that captured
-        variables have any particular location. Instead, ask the One True Function.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize): Mechanical
-        changes to separate being captured from being 'arguments'. What used
-        to be
-                if (captured)
-                        if (arguments)
-                                x
-                        y
-        is now
-                if (arguments)
-                        x
-                        y
-                else if (captured)
-                        y
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::flushDirect):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Use the One True Function.
-
-2012-09-13  Benjamin Poulain  <bpoulain@apple.com>
-
-        Improve the SourceProvider hierarchy
-        https://bugs.webkit.org/show_bug.cgi?id=95635
-
-        Reviewed by Geoffrey Garen.
-
-        SourceProvider was designed to have subclasses magically handling the data without
-        decoding all of it. The virtual methods length() and getRange() were based
-        on these assumptions.
-
-        In practice, the magic was in our head, there is no implementation that takes
-        advantage of that.
-
-        SourceProvider is modified to adopt WebCore's ScriptSourceProvider::source() and base
-        everything on it.
-        The code using SourceProvider is also simplified.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::appendSourceToError): Keep a reference to the string instead of querying it for
-        each time it is used.
-        * parser/Lexer.cpp:
-        (JSC::::setCode):
-        (JSC::::sourceCode):
-        * parser/Parser.h:
-        (JSC::parse):
-        * parser/SourceCode.h:
-        (JSC::SourceCode::SourceCode):
-        (JSC::SourceCode::subExpression):
-        * parser/SourceProvider.h:
-        (SourceProvider):
-        (JSC::SourceProvider::getRange):
-
-2012-09-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG: Dead GetButterfly's shouldn't be subject to CSE
-        https://bugs.webkit.org/show_bug.cgi?id=96707
-        <rdar://problem/12296311>
-
-        Reviewed by Oliver Hunt.
-        
-        There were a number of cases of this that creeped into the CSE: it would
-        match something even though it was dead.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::checkArrayElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
-        (JSC::DFG::CSEPhase::getLocalLoadElimination):
-
-2012-09-13  Oliver Hunt  <oliver@apple.com>
-
-        Make global const initialisation explicit in the bytecode
-        https://bugs.webkit.org/show_bug.cgi?id=96711
-
-        Reviewed by Gavin Barraclough.
-
-        Added op_init_global_const to make initialisation of global const
-        fields explicit.  This will help us keep correct semantics in the
-        upcoming variable resolution refactoring.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitInitGlobalConst):
-        (JSC):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ConstDeclNode::emitCodeSingle):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-09-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Rename forEachCell to forEachLiveCell
-        https://bugs.webkit.org/show_bug.cgi?id=96685
-
-        Reviewed by Oliver Hunt.
-
-        forEachCell actually only iterates over live cells. We should rename it to 
-        reflect what it actually does. This is also helpful because we want to add a new 
-        forEachCell that actually does iterate each and every cell in a MarkedBlock 
-        regardless of whether or not it is live.
-
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        * heap/Heap.cpp:
-        (JSC::Heap::globalObjectCount):
-        (JSC::Heap::objectTypeCounts):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::forEachLiveCell):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::forEachLiveCell):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::releaseExecutableMemory):
-
-2012-09-13  Filip Pizlo  <fpizlo@apple.com>
-
-        [Qt][Win] REGRESSION(r128400): It broke the build
-        https://bugs.webkit.org/show_bug.cgi?id=96617
-
-        Reviewed by Simon Hausmann.
-
-        Changed "JSC::Array" to "JSC::ArrayClass" because it's not used often enough
-        for the brevity to be beneficial, and because "Array" causes too much namespace
-        pollution.
-
-        * runtime/IndexingType.h:
-        (JSC):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToArguments):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::getNewVectorLength):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getArrayLength):
-        (JSC::JSObject::getVectorLength):
-        (JSC::JSObject::canGetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuickly):
-        (JSC::JSObject::inSparseIndexingMode):
-        (JSC::JSObject::ensureArrayStorage):
-
-2012-09-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Testing whether indexing type is ArrayWithArrayStorage should not compare against ArrayWithArrayStorage
-        https://bugs.webkit.org/show_bug.cgi?id=96611
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-09-09  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should have property butterflies
-        https://bugs.webkit.org/show_bug.cgi?id=91933
-
-        Reviewed by Geoffrey Garen.
-
-        This changes the JSC object model. Previously, all objects had fast lookup for
-        named properties. Integer indexed properties were only fast if you used a
-        JSArray. With this change, all objects have fast indexed properties. This is
-        accomplished without any space overhead by using a bidirectional object layout,
-        aka butterflies. Each JSObject has a m_butterfly pointer where previously it
-        had a m_outOfLineStorage pointer. To the left of the location pointed to by
-        m_butterfly, we place all named out-of-line properties. To the right, we place
-        all indexed properties along with indexing meta-data. Though, some indexing
-        meta-data is placed in the 8-byte word immediately left of the pointed-to
-        location; this is in anticipation of the indexing meta-data being small enough
-        in the common case that m_butterfly always points to the first indexed
-        property.
-        
-        This is performance neutral, except on tests that use indexed properties on
-        plain objects, where the speed-up is in excess of an order of magnitude.
-        
-        One notable aspect of what this change brings is that it allows indexing
-        storage to morph over time. Currently this is only used to allow all non-array
-        objects to start out without any indexed storage. But it could be used for
-        some kinds of array type inference in the future.
-
-        * API/JSCallbackObject.h:
-        (JSCallbackObject):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlotByIndex):
-        (JSC):
-        (JSC::::getOwnNonIndexPropertyNames):
-        * API/JSObjectRef.cpp:
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/ArrayProfile.h:
-        (JSC):
-        (JSC::arrayModeFromStructure):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAdjacencyList.h:
-        (JSC::DFG::AdjacencyList::AdjacencyList):
-        (AdjacencyList):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (JSC::DFG::modeUsesButterfly):
-        (JSC::DFG::modeIsJSArray):
-        (JSC::DFG::isInBoundsAccess):
-        (JSC::DFG::modeSupportsLength):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::addNode):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::checkArray):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (Node):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryBuildPutByIdList):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateBasicStorage):
-        (JSC::JIT::emitAllocateJSArray):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emitSlow_op_new_array):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::deletePropertyByIndex):
-        (JSC::Arguments::defineOwnProperty):
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayConventions.h: Added.
-        (JSC):
-        (JSC::isDenseEnoughForVector):
-        (JSC::indexingHeaderForArray):
-        (JSC::baseIndexingHeaderForArray):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::create):
-        (JSC):
-        (JSC::ArrayPrototype::ArrayPrototype):
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncJoin):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncForEach):
-        (JSC::arrayProtoFuncSome):
-        (JSC::arrayProtoFuncReduce):
-        (JSC::arrayProtoFuncReduceRight):
-        * runtime/ArrayPrototype.h:
-        (ArrayPrototype):
-        (JSC::ArrayPrototype::createStructure):
-        * runtime/ArrayStorage.h: Added.
-        (JSC):
-        (ArrayStorage):
-        (JSC::ArrayStorage::ArrayStorage):
-        (JSC::ArrayStorage::from):
-        (JSC::ArrayStorage::butterfly):
-        (JSC::ArrayStorage::indexingHeader):
-        (JSC::ArrayStorage::length):
-        (JSC::ArrayStorage::setLength):
-        (JSC::ArrayStorage::vectorLength):
-        (JSC::ArrayStorage::setVectorLength):
-        (JSC::ArrayStorage::copyHeaderFromDuringGC):
-        (JSC::ArrayStorage::inSparseMode):
-        (JSC::ArrayStorage::lengthOffset):
-        (JSC::ArrayStorage::vectorLengthOffset):
-        (JSC::ArrayStorage::numValuesInVectorOffset):
-        (JSC::ArrayStorage::vectorOffset):
-        (JSC::ArrayStorage::indexBiasOffset):
-        (JSC::ArrayStorage::sparseMapOffset):
-        (JSC::ArrayStorage::sizeFor):
-        * runtime/Butterfly.h: Added.
-        (JSC):
-        (Butterfly):
-        (JSC::Butterfly::Butterfly):
-        (JSC::Butterfly::totalSize):
-        (JSC::Butterfly::fromBase):
-        (JSC::Butterfly::offsetOfIndexingHeader):
-        (JSC::Butterfly::offsetOfPublicLength):
-        (JSC::Butterfly::offsetOfVectorLength):
-        (JSC::Butterfly::indexingHeader):
-        (JSC::Butterfly::propertyStorage):
-        (JSC::Butterfly::indexingPayload):
-        (JSC::Butterfly::arrayStorage):
-        (JSC::Butterfly::offsetOfPropertyStorage):
-        (JSC::Butterfly::indexOfPropertyStorage):
-        (JSC::Butterfly::base):
-        * runtime/ButterflyInlineMethods.h: Added.
-        (JSC):
-        (JSC::Butterfly::createUninitialized):
-        (JSC::Butterfly::create):
-        (JSC::Butterfly::createUninitializedDuringCollection):
-        (JSC::Butterfly::base):
-        (JSC::Butterfly::growPropertyStorage):
-        (JSC::Butterfly::growArrayRight):
-        (JSC::Butterfly::resizeArray):
-        (JSC::Butterfly::unshift):
-        (JSC::Butterfly::shift):
-        * runtime/ClassInfo.h:
-        (MethodTable):
-        (JSC):
-        * runtime/IndexingHeader.h: Added.
-        (JSC):
-        (IndexingHeader):
-        (JSC::IndexingHeader::offsetOfIndexingHeader):
-        (JSC::IndexingHeader::offsetOfPublicLength):
-        (JSC::IndexingHeader::offsetOfVectorLength):
-        (JSC::IndexingHeader::IndexingHeader):
-        (JSC::IndexingHeader::vectorLength):
-        (JSC::IndexingHeader::setVectorLength):
-        (JSC::IndexingHeader::publicLength):
-        (JSC::IndexingHeader::setPublicLength):
-        (JSC::IndexingHeader::from):
-        (JSC::IndexingHeader::fromEndOf):
-        (JSC::IndexingHeader::propertyStorage):
-        (JSC::IndexingHeader::arrayStorage):
-        (JSC::IndexingHeader::butterfly):
-        * runtime/IndexingHeaderInlineMethods.h: Added.
-        (JSC):
-        (JSC::IndexingHeader::preCapacity):
-        (JSC::IndexingHeader::indexingPayloadSizeInBytes):
-        * runtime/IndexingType.h: Added.
-        (JSC):
-        (JSC::hasIndexingHeader):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::visitChildren):
-        (JSC::JSActivation::getOwnNonIndexPropertyNames):
-        * runtime/JSActivation.h:
-        (JSActivation):
-        (JSC::JSActivation::tearOff):
-        * runtime/JSArray.cpp:
-        (JSC):
-        (JSC::createArrayButterflyInDictionaryIndexingMode):
-        (JSC::JSArray::setLengthWritable):
-        (JSC::JSArray::defineOwnProperty):
-        (JSC::JSArray::getOwnPropertySlot):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::put):
-        (JSC::JSArray::deleteProperty):
-        (JSC::JSArray::getOwnNonIndexPropertyNames):
-        (JSC::JSArray::unshiftCountSlowCase):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToArguments):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSC):
-        (JSArray):
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::length):
-        (JSC::JSArray::createStructure):
-        (JSC::JSArray::isLengthWritable):
-        (JSC::createArrayButterfly):
-        (JSC::JSArray::create):
-        (JSC::JSArray::tryCreateUninitialized):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::boundFunctionCall):
-        (JSC::boundFunctionConstruct):
-        (JSC::JSBoundFunction::finishCreation):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getOwnNonIndexPropertyNames):
-        (JSC):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::getOwnNonIndexPropertyNames):
-        (JSC::JSFunction::defineOwnProperty):
-        * runtime/JSFunction.h:
-        (JSFunction):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::walk):
-        * runtime/JSObject.cpp:
-        (JSC):
-        (JSC::JSObject::visitButterfly):
-        (JSC::JSObject::visitChildren):
-        (JSC::JSFinalObject::visitChildren):
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::put):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::createArrayStorage):
-        (JSC::JSObject::createInitialArrayStorage):
-        (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
-        (JSC::JSObject::putDirectAccessor):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::getOwnNonIndexPropertyNames):
-        (JSC::JSObject::preventExtensions):
-        (JSC::JSObject::fillGetterPropertySlot):
-        (JSC::JSObject::putIndexedDescriptor):
-        (JSC::JSObject::defineOwnIndexedProperty):
-        (JSC::JSObject::allocateSparseIndexMap):
-        (JSC::JSObject::deallocateSparseIndexMap):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::getNewVectorLength):
-        (JSC::JSObject::increaseVectorLength):
-        (JSC::JSObject::checkIndexingConsistency):
-        (JSC::JSObject::growOutOfLineStorage):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        (JSC::putDescriptor):
-        (JSC::JSObject::putDirectMayBeIndex):
-        (JSC::JSObject::defineOwnNonIndexProperty):
-        (JSC::JSObject::defineOwnProperty):
-        (JSC::JSObject::getOwnPropertySlotSlow):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getArrayLength):
-        (JSObject):
-        (JSC::JSObject::getVectorLength):
-        (JSC::JSObject::putDirectIndex):
-        (JSC::JSObject::canGetIndexQuickly):
-        (JSC::JSObject::getIndexQuickly):
-        (JSC::JSObject::canSetIndexQuickly):
-        (JSC::JSObject::setIndexQuickly):
-        (JSC::JSObject::initializeIndex):
-        (JSC::JSObject::completeInitialization):
-        (JSC::JSObject::inSparseIndexingMode):
-        (JSC::JSObject::butterfly):
-        (JSC::JSObject::outOfLineStorage):
-        (JSC::JSObject::offsetForLocation):
-        (JSC::JSObject::indexingShouldBeSparse):
-        (JSC::JSObject::butterflyOffset):
-        (JSC::JSObject::butterflyAddress):
-        (JSC::JSObject::arrayStorage):
-        (JSC::JSObject::arrayStorageOrZero):
-        (JSC::JSObject::ensureArrayStorage):
-        (JSC::JSObject::checkIndexingConsistency):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC):
-        (JSC::JSObject::setButterfly):
-        (JSC::JSObject::setButterflyWithoutChangingStructure):
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::offsetInButterfly):
-        (JSC::offsetRelativeToPatchedStorage):
-        (JSC::indexRelativeToBase):
-        (JSC::offsetRelativeToBase):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
-        * runtime/JSSymbolTableObject.h:
-        (JSSymbolTableObject):
-        * runtime/JSTypeInfo.h:
-        (JSC):
-        (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero):
-        (JSC::TypeInfo::overridesGetPropertyNames):
-        * runtime/LiteralParser.cpp:
-        (JSC::::parse):
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        (JSC):
-        * runtime/ObjectPrototype.h:
-        (ObjectPrototype):
-        * runtime/PropertyOffset.h:
-        (JSC::offsetInOutOfLineStorage):
-        * runtime/PropertyStorage.h: Added.
-        (JSC):
-        * runtime/PutDirectIndexMode.h: Added.
-        (JSC):
-        * runtime/RegExpMatchesArray.cpp:
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        (JSC):
-        (JSC::RegExpMatchesArray::create):
-        (JSC::RegExpMatchesArray::finishCreation):
-        * runtime/RegExpMatchesArray.h:
-        (RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::createStructure):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::getOwnNonIndexPropertyNames):
-        * runtime/RegExpObject.h:
-        (RegExpObject):
-        * runtime/Reject.h: Added.
-        (JSC):
-        (JSC::reject):
-        * runtime/SparseArrayValueMap.cpp: Added.
-        (JSC):
-        * runtime/SparseArrayValueMap.h: Added.
-        (JSC):
-        (SparseArrayEntry):
-        (JSC::SparseArrayEntry::SparseArrayEntry):
-        (SparseArrayValueMap):
-        (JSC::SparseArrayValueMap::sparseMode):
-        (JSC::SparseArrayValueMap::setSparseMode):
-        (JSC::SparseArrayValueMap::lengthIsReadOnly):
-        (JSC::SparseArrayValueMap::setLengthIsReadOnly):
-        (JSC::SparseArrayValueMap::find):
-        (JSC::SparseArrayValueMap::remove):
-        (JSC::SparseArrayValueMap::notFound):
-        (JSC::SparseArrayValueMap::isEmpty):
-        (JSC::SparseArrayValueMap::contains):
-        (JSC::SparseArrayValueMap::size):
-        (JSC::SparseArrayValueMap::begin):
-        (JSC::SparseArrayValueMap::end):
-        * runtime/SparseArrayValueMapInlineMethods.h: Added.
-        (JSC):
-        (JSC::SparseArrayValueMap::SparseArrayValueMap):
-        (JSC::SparseArrayValueMap::~SparseArrayValueMap):
-        (JSC::SparseArrayValueMap::finishCreation):
-        (JSC::SparseArrayValueMap::create):
-        (JSC::SparseArrayValueMap::destroy):
-        (JSC::SparseArrayValueMap::createStructure):
-        (JSC::SparseArrayValueMap::add):
-        (JSC::SparseArrayValueMap::putEntry):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayEntry::get):
-        (JSC::SparseArrayEntry::getNonSparseMode):
-        (JSC::SparseArrayValueMap::visitChildren):
-        * runtime/StorageBarrier.h: Removed.
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::putByIndex):
-        (JSC):
-        (JSC::StringObject::deletePropertyByIndex):
-        * runtime/StringObject.h:
-        (StringObject):
-        * runtime/StringPrototype.cpp:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::indexingType):
-        (JSC::Structure::indexingTypeIncludingHistory):
-        (JSC::Structure::indexingTypeOffset):
-        (JSC::Structure::create):
-        * runtime/StructureTransitionTable.h:
-        (JSC):
-        (JSC::toAttributes):
-        (JSC::newIndexingType):
-        (JSC::StructureTransitionTable::Hash::hash):
-        * tests/mozilla/js1_6/Array/regress-304828.js:
-
-2012-09-12  Mark Lam  <mark.lam@apple.com>
-
-        Refactor Opcodes to distinguish between core and extension opcodes.
-        https://bugs.webkit.org/show_bug.cgi?id=96466.
-
-        Reviewed by Filip Pizlo.
-
-        * bytecode/Opcode.h:
-        (JSC): Added FOR_EACH_CORE_OPCODE_ID() macro.
-        * llint/LowLevelInterpreter.h:
-        (JSC): Auto-generate llint opcode aliases using the
-            FOR_EACH_CORE_OPCODE_ID() macro.
-
-2012-09-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Second step to fixing the Windows build: Add new symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-09-11  Geoffrey Garen  <ggaren@apple.com>
-
-        First step to fixing the Windows build: Remove old symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-09-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Don't allocate a backing store just for a function's name
-        https://bugs.webkit.org/show_bug.cgi?id=96468
-
-        Reviewed by Oliver Hunt.
-
-        Treat function.name like function.length etc., and use a custom getter.
-        This saves space in closures.
-
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        * debugger/DebuggerCallFrame.h:
-        (DebuggerCallFrame): Updated for interface change.
-
-        * runtime/Executable.h:
-        (JSC::JSFunction::JSFunction): Do a little inlining.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::finishCreation): Gone now. That's the point of the patch.
-
-        (JSC::JSFunction::name):
-        (JSC::JSFunction::displayName):
-        (JSC::JSFunction::nameGetter):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::getOwnPropertyDescriptor):
-        (JSC::JSFunction::getOwnPropertyNames):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::deleteProperty):
-        (JSC::JSFunction::defineOwnProperty): Added custom accessors for .name
-        just like .length and others.
-
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::create):
-        (JSFunction): Updated for interface changes.
-
-2012-09-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        IncrementalSweeper should not sweep/free Zapped blocks
-        https://bugs.webkit.org/show_bug.cgi?id=96464
-
-        Reviewed by Filip Pizlo.
-
-        This is not beneficial in terms of performance because there isn't any way a block can emerge
-        in the Zapped state from a call to Heap::collect() unless we run an eager sweep on it, in which 
-        case we've already run all the destructors we possibly can. This also causes bugs since we don't 
-        take zapped-ness into account when determining whether or not a block is empty to free it. The 
-        incremental sweeper can then accidentally free blocks that it thinks are empty but are in fact 
-        zapped with still-live objects in them.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::needsSweeping): It is only valid to sweep a block if it is in the Marked state.
-
-2012-09-11  Geoffrey Garen  <ggaren@apple.com>
-
-        JSActivation should inline allocate its registers, and eliminate
-        'arguments' registers in the common case
-        https://bugs.webkit.org/show_bug.cgi?id=96427
-
-        Reviewed by Filip Pizlo.
-
-        This cuts the size class for simple closures down to 64 bytes.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Set the usesNonStrictEval
-        flag, which is new. Use a more specific test for whether a function
-        uses 'arguments', so we can avoid allocating, initializing, and tearing
-        off those registers in the common case. Distinguish between capturing
-        arguments and not, so we can avoid allocating space for arguments in
-        the torn-off object.
-
-        We can make this even more general in the future, with some bytecode
-        generator refactoring.
-
-        (JSC::BytecodeGenerator::resolve): Updated for new interface.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::symbolTable): Updated some types.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::isValidAllocation): Allow large allocations, now that they
-        are both supported and used.
-
-        * heap/Heap.h:
-        (Heap): Added a new form of allocateCell that specifies the full size
-        of the allocation, to allow for extra space on the end.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::argumentOffset):
-        (JSC::ExecState::argumentOffsetIncludingThis):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame): Refactored this code to be more
-        specific about tearing off 'arguments' vs activations. This is something
-        I forgot in my last patch, and it is required now that we can have
-        acitvations without 'arguments' registers.
-
-        * runtime/Arguments.h:
-        (JSC::Arguments::setRegisters): No need for setRegisters anymore because
-        the activation object's storage doesn't change.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation): Initialize our storage manually because
-        it's not declared to the C++ compiler.
-
-        (JSC::JSActivation::visitChildren): No copyAndAppend because our storage
-        is not out-of-line anymore.
-
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        (JSC::JSActivation::getOwnPropertySlot):
-        (JSC::JSActivation::getOwnPropertyDescriptor):
-        (JSC::JSActivation::argumentsGetter): Refactored isTornOff() testing to
-        avoid using a data member and to avoid hard-coding any offset assumptions.
-
-        * runtime/JSActivation.h:
-        (JSC):
-        (JSActivation):
-        (JSC::JSActivation::create):
-        (JSC::JSActivation::isDynamicScope):
-        (JSC::JSActivation::captureStart):
-        (JSC::JSActivation::storageSize):
-        (JSC::JSActivation::storageSizeInBytes):
-        (JSC::JSActivation::registerOffset):
-        (JSC::JSActivation::tearOff):
-        (JSC::JSActivation::isTornOff):
-        (JSC::JSActivation::storage):
-        (JSC::JSActivation::allocationSize):
-        (JSC::JSActivation::isValid): New helper functions for doing the math
-        on our inline storage. Note that in the "AllOfTheThings" tear-off case,
-        the number of things is not known at compile time, so we store the
-        number in the argument count register. We can't just copy the raw contents
-        of the register beacuse we need a value that is safe for precise marking,
-        and the value in the register file has an invalid tag.
-
-        * runtime/JSCell.h:
-        (JSC::allocateCell): New function for allocating with extra storage
-        on the end.
-
-        * runtime/JSSymbolTableObject.h:
-        (JSC::JSSymbolTableObject::JSSymbolTableObject):
-        (JSC::JSSymbolTableObject::finishCreation):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        (JSVariableObject): Make it easier for subclasses to use their symbol
-        tables during construction, by passing the table as a constructor argument.
-
-        * runtime/SymbolTable.h:
-        (JSC::SharedSymbolTable::usesNonStrictEval):
-        (JSC::SharedSymbolTable::setUsesNonStrictEval):
-        (SharedSymbolTable):
-        (JSC::SharedSymbolTable::captureMode):
-        (JSC::SharedSymbolTable::setCaptureMode):
-        (JSC::SharedSymbolTable::captureStart):
-        (JSC::SharedSymbolTable::setCaptureStart):
-        (JSC::SharedSymbolTable::captureEnd):
-        (JSC::SharedSymbolTable::setCaptureEnd):
-        (JSC::SharedSymbolTable::parameterCountIncludingThis):
-        (JSC::SharedSymbolTable::setParameterCountIncludingThis):
-        (JSC::SharedSymbolTable::SharedSymbolTable): Added data members to more
-        precisely describe what kind of capture is in play, and to avoid having
-        data members in the activation. We expect N activations per symbol table,
-        so this can be a big savings in heavy closure usage.
-
-2012-09-11  Ryuan Choi  <ryuan.choi@samsung.com>
-
-        Fix build break with LLINT on 32bit machine after r128219
-        https://bugs.webkit.org/show_bug.cgi?id=96461
-
-        Unreviewed build fix.
-
-        * llint/LowLevelInterpreter32_64.asm: Fixed typo.
-
-2012-09-11  Michael Saboff  <msaboff@apple.com>
-
-        Build fixed for http://trac.webkit.org/changeset/128243
-
-        Rubber stamped by Stephanie Lewis.
-
-        Added missing include file needed by 96422.
-
-        * icu/unicode/unorm2.h: Added.
-
-2012-09-11  Michael Saboff  <msaboff@apple.com>
-
-        Build fixed for http://trac.webkit.org/changeset/128243
-
-        Rubber stamped by Stephanie Lewis.
-
-        Added missing include file needed by 96422.
-
-        * icu/unicode/ptypes.h: Added.
-
-2012-09-11  Michael Saboff  <msaboff@apple.com>
-
-        Update ICU header files to more recent version
-        https://bugs.webkit.org/show_bug.cgi?id=96422
-
-        Reviewed by Geoff Garen.
-
-        Updated ICU header files to 4.6.1.  Modifications made as part of the merge are:
-        platform.h - Changed ifndef / define / endif for U_HAVE_UINT8_T, U_HAVE_UINT16_T, U_HAVE_UINT32_T,
-            U_HAVE_UINT64_T, U_IS_BIG_ENDIAN and U_ENABLE_TRACING to match the existing platform.h
-        putil.h (line 132) - Changes defined(U_WINDOWS) to defined(WIN32) || defined(OS2) to match existing putil.h
-        ustring.h (line 945) - Wrapped macro argument cs with { (const UChar *)cs } to match existing ustring.h
-        utypes.h (line 545) - Changed defined(U_WINDOWS) to defined(WIN32) to match existing utypes.h
-
-        * icu/unicode/localpointer.h: Added.
-        * icu/unicode/parseerr.h:
-        * icu/unicode/platform.h:
-        * icu/unicode/putil.h:
-        * icu/unicode/uchar.h:
-        * icu/unicode/ucnv.h:
-        * icu/unicode/ucnv_err.h:
-        * icu/unicode/ucol.h:
-        * icu/unicode/uconfig.h:
-        * icu/unicode/uenum.h:
-        * icu/unicode/uiter.h:
-        * icu/unicode/uloc.h:
-        * icu/unicode/umachine.h:
-        * icu/unicode/unorm.h:
-        * icu/unicode/urename.h:
-        * icu/unicode/uscript.h:
-        * icu/unicode/uset.h:
-        * icu/unicode/ustring.h:
-        * icu/unicode/utf.h:
-        * icu/unicode/utf16.h:
-        * icu/unicode/utf8.h:
-        * icu/unicode/utypes.h:
-        * icu/unicode/uvernum.h: Added.
-        * icu/unicode/uversion.h:
-
-2012-09-11  Matt Lilek  <mrl@apple.com>
-
-        OS X port should compile with newer versions of clang
-        https://bugs.webkit.org/show_bug.cgi?id=96434
-
-        m_identIsVarDecl is unused - remove it.
-
-        Reviewed by Anders Carlsson.
-
-        * parser/NodeConstructors.h:
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.h:
-        (ForInNode):
-
-2012-09-11  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt should optimize and profile array length accesses
-        https://bugs.webkit.org/show_bug.cgi?id=96417
-
-        Reviewed by Oliver Hunt.
-
-        This fixes the following hole in our array profiling strategy, where the array
-        is large (more than 1000 elements):
-        
-        for (var i = 0; i < array.length; ++i) ...
-        
-        The peeled use of array.length (in the array prologue) will execute only once
-        before DFG optimization kicks in from the loop's OSR point. Since it executed
-        only once, it executed in the LLInt. And prior to this patch, the LLInt did
-        not profile array.length accesses - so the DFG will assume, based on the lack
-        of profiling, that the access is in fact not an access to the JSArray length
-        property. That could then impede our ability to hoist the array structure
-        check, and may make us pessimistic in other ways as well, since the generic
-        GetById used for the array length access will be viewed as a side-effecting
-        operation.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-09-11  Raphael Kubo da Costa  <rakuco@webkit.org>
-
-        [EFL] Rewrite the EFL-related Find modules
-        https://bugs.webkit.org/show_bug.cgi?id=95237
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * CMakeLists.txt: Stop setting the LINK_FLAGS property.
-        * PlatformEfl.cmake: Ditto.
-        * shell/PlatformEfl.cmake: Ditto.
-
-2012-09-11  Raphael Kubo da Costa  <rakuco@webkit.org>
-
-        [EFL] Unreviewed build fix after r128065.
-
-        * CMakeLists.txt: Link against WTF for FastMalloc symbols, which
-        are needed when building with SYSTEM_MALLOC off.
-
-2012-09-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove m_classInfo from JSCell
-        https://bugs.webkit.org/show_bug.cgi?id=96311
-
-        Reviewed by Oliver Hunt.
-
-        Now that no one is using the ClassInfo in JSCell, we can remove it for the greater good. This is a 1.5% win on v8v7 and 
-        a 1.7% win on kraken, and is an overall performance progression.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Had to rearrange the order of when we take things off the free list 
-        and when we store the Structure in the object because we would clobber the free list otherwise. This made it not okay for 
-        the structure argument and the scratch register to alias one another. Also removed the store of the ClassInfo pointer in the
-        object. Yay!
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp: Since it's no longer okay for for the scratch register and structure register to alias 
-        one another as stated above, had to add an extra temporary for passing the Structure.
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp: Ditto.
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject): Similar changes to DFG's inline allocation except that it removed the object from 
-        the free list first, so no changes were necessary there.
-        * llint/LowLevelInterpreter.asm: Change the constants for amount of inline storage to match PropertyOffset.h and remove 
-        the store of the ClassInfo pointer during inline allocation.
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSCell.h: Remove the m_classInfo field and associated methods.
-        (JSCell):
-        * runtime/JSObject.h:
-        (JSObject):
-        * runtime/PropertyOffset.h: Expand the number of inline storage properties to take up the extra space that we're freeing 
-        with the removal of the ClassInfo pointer.
-        (JSC):
-        * runtime/Structure.h:
-        (JSC):
-        (JSC::JSCell::JSCell):
-        (JSC::JSCell::finishCreation):
-
-2012-09-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Added large allocation support to MarkedSpace
-        https://bugs.webkit.org/show_bug.cgi?id=96214
-
-        Originally reviewed by Oliver Hunt, then I added a design revision by
-        suggested by Phil Pizlo.
-
-        I expanded the imprecise size classes to cover up to 32KB, then added
-        an mmap-based allocator for everything bigger. There's a lot of tuning
-        we could do in these size classes, but currently they're almost
-        completely unused, so I haven't done any tuning.
-
-        Subtle point: the large allocator is a degenerate case of our free list
-        logic. Its list only ever contains zero or one items.
-
-        * heap/Heap.h:
-        (JSC::Heap::allocateStructure): Pipe in size information.
-
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper): Handle the case where we
-        find a free item in the sweep list but the item isn't big enough. This
-        can happen in the large allocator because it mixes sizes.
-
-        (JSC::MarkedAllocator::tryAllocate):
-        (JSC::MarkedAllocator::allocateSlowCase): More piping.
-
-        (JSC::MarkedAllocator::allocateBlock): Handle the oversize case.
-
-        (JSC::MarkedAllocator::addBlock): I moved the call to didAddBlock here
-        because it made more sense.
-
-        * heap/MarkedAllocator.h:
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::allocate):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::MarkedSpace::isPagedOut):
-        (JSC::MarkedSpace::freeBlock):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::allocatorFor):
-        (JSC::MarkedSpace::destructorAllocatorFor):
-        (JSC::MarkedSpace::allocateWithoutDestructor):
-        (JSC::MarkedSpace::allocateWithDestructor):
-        (JSC::MarkedSpace::allocateStructure):
-        (JSC::MarkedSpace::forEachBlock):
-        * runtime/Structure.h:
-        (JSC::Structure): More piping.
-
-2012-09-10  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows (32-bit) build.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_tear_off_arguments):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_tear_off_arguments): Get operands 1 and 2, not 1 and 1. :(
-
-        Also took this opportunity to rename to indicate that these values are
-        not destinations anymore.
-
-2012-09-10  Geoffrey Garen  <ggaren@apple.com>
-
-        DFG misses arguments tear-off for function.arguments if 'arguments' is used
-        https://bugs.webkit.org/show_bug.cgi?id=96227
-
-        Reviewed by Gavin Barraclough.
-
-        We've decided not to allow function.arguments to alias the local
-        'arguments' object, or a local var or function named 'arguments'.
-        Aliasing complicates the implementation (cf, this bug) and can produce
-        surprising behavior for web programmers.
-
-        Eliminating the aliasing has the side-effect of fixing this bug.
-
-        The compatibilty story: function.arguments is deprecated, was never
-        specified, and throws an exception in strict mode, so we expect it to
-        disappear over time. Firefox does not alias to 'arguments'; Chrome
-        does, but not if you use eval or with; IE does; Safari did.
-
-        * dfg/DFGByteCodeParser.cpp: Noticed a little cleanup while verifying
-        this code. Use the CodeBlock method for better encapsulation.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveArgumentsFromVMCode): Behavior change: don't
-        alias.
-
-        * tests/mozilla/js1_4/Functions/function-001.js:
-        (TestFunction_4): Updated test expectations for changed behavior.
-
-2012-09-10  Filip Pizlo  <fpizlo@apple.com>
-
-        offlineasm has some impossible to implement, and unused, instructions
-        https://bugs.webkit.org/show_bug.cgi?id=96310
-
-        Reviewed by Mark Hahnenberg.
-
-        * offlineasm/armv7.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/x86.rb:
-
-2012-09-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored op_tear_off* to support activations that don't allocate space for 'arguments'
-        https://bugs.webkit.org/show_bug.cgi?id=96231
-
-        Reviewed by Gavin Barraclough.
-
-        This is a step toward smaller activations.
-
-        As a side-effect, this patch eliminates a load and branch from the hot path
-        of activation tear-off by moving it to the cold path of arguments tear-off. Our
-        optimizing assumptions are that activations are common and that reifying the
-        arguments object is less common.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC::padOpcodeName): Updated for new opcode lengths.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addConstantValue): Added support for JSValue()
-        in the bytecode, which we use when we have 'arguments' but no activation.
-
-        (JSC::BytecodeGenerator::emitReturn): Always emit tear_off_arguments
-        if we've allocated the arguments registers. This allows tear_off_activation
-        not to worry about the arguments object anymore.
-
-        Also, pass the activation and arguments values directly to these opcodes
-        instead of requiring the opcodes to infer the values through special
-        registers. This gives us more flexibility to move or eliminate registers.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGNode.h:
-        (Node): Updated for new opcode lengths.
-
-        * dfg/DFGOperations.cpp: Activation tear-off doesn't worry about the
-        arguments object anymore. If 'arguments' is in use and reified, it's
-        responsible for aliasing back to the activation object in tear_off_arguments.
-
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Don't pass the arguments object to
-        activation tear-off; do pass the activation object to arguments tear-off.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Ditto.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_tear_off_arguments):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_tear_off_arguments):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm: Same change in a few more execution engines.
-
-2012-09-10  Patrick Gansterer  <paroga@webkit.org>
-
-        [JSC] Use StringBuilder::appendNumber() instead of String::number()
-        https://bugs.webkit.org/show_bug.cgi?id=96236
-
-        Reviewed by Benjamin Poulain.
-
-        * API/JSContextRef.cpp:
-        (JSContextCreateBacktrace):
-
-2012-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Combine MarkStack and SlotVisitor into single class
-        https://bugs.webkit.org/show_bug.cgi?id=96043
-
-        Reviewed by Geoff Garen.
-
-        Move all of MarkStack into SlotVisitor. The remaining stuff in MarkStack.cpp actually has to do 
-        with MarkStack management/allocation. Cleaned up a few of the header files while I was at it.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        * dfg/DFGCommon.h:
-        * heap/GCThreadSharedData.cpp:
-        * heap/GCThreadSharedData.h:
-        (GCThreadSharedData):
-        * heap/HeapRootVisitor.h:
-        * heap/MarkStack.cpp:
-        (JSC):
-        * heap/MarkStack.h:
-        (JSC):
-        (MarkStackSegment):
-        (JSC::MarkStackSegment::data):
-        (JSC::MarkStackSegment::capacityFromSize):
-        (JSC::MarkStackSegment::sizeFromCapacity):
-        (MarkStackSegmentAllocator):
-        (MarkStackArray):
-        * heap/MarkStackInlineMethods.h:
-        (JSC::MarkStackArray::postIncTop):
-        (JSC):
-        (JSC::MarkStackArray::preDecTop):
-        (JSC::MarkStackArray::setTopForFullSegment):
-        (JSC::MarkStackArray::setTopForEmptySegment):
-        (JSC::MarkStackArray::top):
-        (JSC::MarkStackArray::validatePrevious):
-        (JSC::MarkStackArray::append):
-        (JSC::MarkStackArray::canRemoveLast):
-        (JSC::MarkStackArray::removeLast):
-        (JSC::MarkStackArray::isEmpty):
-        (JSC::MarkStackArray::size):
-        * heap/SlotVisitor.cpp: Added.
-        (JSC):
-        (JSC::SlotVisitor::SlotVisitor):
-        (JSC::SlotVisitor::~SlotVisitor):
-        (JSC::SlotVisitor::setup):
-        (JSC::SlotVisitor::reset):
-        (JSC::SlotVisitor::append):
-        (JSC::visitChildren):
-        (JSC::SlotVisitor::donateKnownParallel):
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::drainFromShared):
-        (JSC::SlotVisitor::mergeOpaqueRoots):
-        (JSC::SlotVisitor::startCopying):
-        (JSC::SlotVisitor::allocateNewSpaceSlow):
-        (JSC::SlotVisitor::allocateNewSpaceOrPin):
-        (JSC::JSString::tryHashConstLock):
-        (JSC::JSString::releaseHashConstLock):
-        (JSC::JSString::shouldTryHashConst):
-        (JSC::SlotVisitor::internalAppend):
-        (JSC::SlotVisitor::copyAndAppend):
-        (JSC::SlotVisitor::doneCopying):
-        (JSC::SlotVisitor::harvestWeakReferences):
-        (JSC::SlotVisitor::finalizeUnconditionalFinalizers):
-        (JSC::SlotVisitor::validate):
-        * heap/SlotVisitor.h:
-        (JSC):
-        (SlotVisitor):
-        (JSC::SlotVisitor::sharedData):
-        (JSC::SlotVisitor::isEmpty):
-        (JSC::SlotVisitor::visitCount):
-        (JSC::SlotVisitor::resetChildCount):
-        (JSC::SlotVisitor::childCount):
-        (JSC::SlotVisitor::incrementChildCount):
-        (ParallelModeEnabler):
-        (JSC::ParallelModeEnabler::ParallelModeEnabler):
-        (JSC::ParallelModeEnabler::~ParallelModeEnabler):
-        * heap/SlotVisitorInlineMethods.h:
-        (JSC::SlotVisitor::append):
-        (JSC):
-        (JSC::SlotVisitor::appendUnbarrieredPointer):
-        (JSC::SlotVisitor::appendUnbarrieredValue):
-        (JSC::SlotVisitor::internalAppend):
-        (JSC::SlotVisitor::addWeakReferenceHarvester):
-        (JSC::SlotVisitor::addUnconditionalFinalizer):
-        (JSC::SlotVisitor::addOpaqueRoot):
-        (JSC::SlotVisitor::containsOpaqueRoot):
-        (JSC::SlotVisitor::opaqueRootCount):
-        (JSC::SlotVisitor::mergeOpaqueRootsIfNecessary):
-        (JSC::SlotVisitor::mergeOpaqueRootsIfProfitable):
-        (JSC::SlotVisitor::donate):
-        (JSC::SlotVisitor::donateAndDrain):
-        * jit/JITWriteBarrier.h:
-        (JSC::SlotVisitor::append):
-        * jit/JumpReplacementWatchpoint.cpp:
-        * runtime/JSCell.h:
-        * runtime/Structure.h:
-        (JSC::SlotVisitor::internalAppend):
-        * runtime/WriteBarrier.h:
-        (JSC):
-        (JSC::SlotVisitor::append):
-        (JSC::SlotVisitor::appendValues):
-        * yarr/YarrJIT.cpp:
-
-2012-09-10  Hojong Han  <hojong.han@samsung.com>
-
-        [EFL] JIT memory usage is not retrieved
-        https://bugs.webkit.org/show_bug.cgi?id=96095
-
-        Reviewed by Geoffrey Garen.
-
-        Fill JITBytes for EFL port.
-
-        * runtime/MemoryStatistics.cpp:
-        (JSC::globalMemoryStatistics):
-
-2012-09-10  Thiago Marcos P. Santos  <thiago.santos@intel.com>
-
-        [CMake][EFL] Enable the LLInt
-        https://bugs.webkit.org/show_bug.cgi?id=92682
-
-        Reviewed by Csaba Osztrogonác.
-
-        Generate the headers needed by LLint when LLint is enabled.
-
-        * CMakeLists.txt:
-
-2012-09-10  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing files.
-
-2012-09-09  Mark Lam  <mark.lam@apple.com>
-
-        Fixed a few llint C++ interpreter bugs.
-        https://bugs.webkit.org/show_bug.cgi?id=96127.
-
-        Reviewed by Geoffrey Garen.
-
-        * llint/LLIntCLoop.h:
-            CLoop::execute()'s bootstrapOpcodeId does not need a default
-            value. There is no case when this function is called without
-            that parameter being specified.
-        * llint/LowLevelInterpreter.asm:
-            Moved the dispatchAfterCall() call to where it is needed.
-            For the C_LOOP back-end, it generates unreachable code. 
-        * llint/LowLevelInterpreter.cpp:
-            #include <wtf/Assertions.h> because LLIntAssembly.h needs it.
-        (JSC):
-            Fixed bug in SIGN_BIT32() macro.
-            Placate a MSVC warning for t0, and t1 being uninitialized.
-        (JSC::CLoop::execute):
-            The bootstrapOpcodeId arg should always be specified.
-            MSVC doesn't like UNUSED_PARAM() for labels. Switch to using
-                the new UNUSED_LABEL() macro.
-        * offlineasm/cloop.rb:
-        * offlineasm/generate_offset_extractor.rb:
-            Resolved a compiler warning found via MSVC.
-
-2012-09-09  Patrick Gansterer  <paroga@webkit.org>
-
-        Add StringBuilder::appendNumber() and use it
-        https://bugs.webkit.org/show_bug.cgi?id=96030
-
-        Reviewed by Eric Seidel.
-
-        Also fix a bunch of append() vs. appendLiteral() issues in the surrounding code.
-
-        * API/JSContextRef.cpp:
-        (JSContextCreateBacktrace):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.h:
-        (JSC::StackFrame::toString):
-
-2012-09-09  Patrick Gansterer  <paroga@webkit.org>
-
-        Make the String initialization on the function side of String::number()
-        https://bugs.webkit.org/show_bug.cgi?id=95940
-
-        Reviewed by Benjamin Poulain.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-09-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out <http://trac.webkit.org/changeset/127939> because it broke
-        fast/js/named-function-expression.html.
-
-            Refactored bytecode generator initialization to support moving captured vars around
-            https://bugs.webkit.org/show_bug.cgi?id=96159
-
-            Reviewed by Gavin Barraclough.
-
-2012-09-08  Csaba Osztrogonác  <ossy@webkit.org>
-
-        LLInt buildfix for case sensitive filesystems
-        https://bugs.webkit.org/show_bug.cgi?id=96099
-
-        Reviewed by Michael Saboff.
-
-        * llint/LowLevelInterpreter.cpp: Fix filenames.
-
-2012-09-07  Benjamin Poulain  <bpoulain@apple.com>
-
-        Rename the ustring() accessor to string()
-        https://bugs.webkit.org/show_bug.cgi?id=95919
-
-        Reviewed by Geoffrey Garen.
-
-        Rename ustring() to string() to make the accessor name more logical after
-        r127191.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeFunction):
-        (JSObjectCopyPropertyNames):
-        * API/JSProfilerPrivate.cpp:
-        (JSStartProfiling):
-        (JSEndProfiling):
-        * API/JSValueRef.cpp:
-        (JSValueMakeString):
-        (JSValueMakeFromJSONString):
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::string):
-        * API/OpaqueJSString.h:
-        (OpaqueJSString):
-        * bytecode/CodeBlock.cpp:
-        (JSC::idName):
-        (JSC::CodeBlock::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::addStringConstant):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::processClauseList):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::addFunction):
-        (GlobalObject::addConstructableFunction):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createRegExp):
-        * parser/Parser.cpp:
-        (JSC::::parsePrimaryExpression):
-        * parser/Parser.h:
-        (JSC::Scope::declareVariable):
-        (JSC::Scope::declareParameter):
-        (JSC::Scope::useVariable):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createRegExp):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createUndefinedVariableError):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::paramString):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::finishCreation):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::addFunctionProperties):
-        * runtime/Identifier.h:
-        (JSC::Identifier::string):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::calculatedDisplayName):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSONObject.cpp:
-        (JSC::PropertyNameForFunctionCall::value):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::walk):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::finishCreation):
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::resolveBase):
-        * runtime/JSString.h:
-        (JSC::inlineJSValueNotStringtoString):
-        * runtime/LiteralParser.cpp:
-        (JSC::::parse):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::finishCreation):
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::finishCreation):
-
-2012-09-07  Gavin Barraclough  <barraclough@apple.com>
-
-        CALLFRAME_OFFSET and EXCEPTION_OFFSET are same in ctiTrampoline on ARM Thumb2
-        https://bugs.webkit.org/show_bug.cgi?id=82013
-
-        Reviewed by Geoff Garen.
-
-        Neither of these values need to be stored. At all.
-
-        * jit/JITStubs.cpp:
-        (JSC):
-        (JSC::ctiTrampoline):
-        (JSC::JITThunks::JITThunks):
-            - Nothing to see here. Move along.
-
-2012-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r127938.
-        http://trac.webkit.org/changeset/127938
-        https://bugs.webkit.org/show_bug.cgi?id=96166
-
-        It broke the build (Requested by smfr on #webkit).
-
-        * llint/LowLevelInterpreter.cpp:
-        (JSC):
-        (JSC::CLoop::execute):
-        * offlineasm/cloop.rb:
-
-2012-09-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored bytecode generator initialization to support moving captured vars around
-        https://bugs.webkit.org/show_bug.cgi?id=96159
-
-        Reviewed by Gavin Barraclough.
-
-        This patch separates the stages of allocating registers, declaring identifiers
-        in the symbol table, and initializing registers, so you can change
-        allocation decisions without breaking the world.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Call a set of helper functions
-        instead of inlining all the code, to help clarity.
-
-        (JSC::BytecodeGenerator::allocateCapturedVars):
-        (JSC::BytecodeGenerator::allocateUncapturedVars):
-        (JSC::BytecodeGenerator::allocateActivationVar):
-        (JSC::BytecodeGenerator::allocateArgumentsVars):
-        (JSC::BytecodeGenerator::allocateCalleeVarUndeclared):
-        (JSC::BytecodeGenerator::declareParameters):
-        (JSC::BytecodeGenerator::declareCallee):
-        (JSC::BytecodeGenerator::initCalleeVar):
-        (JSC::BytecodeGenerator::initArgumentsVars):
-        (JSC::BytecodeGenerator::initActivationVar):
-        (JSC::BytecodeGenerator::initThisParameter):
-        (JSC::BytecodeGenerator::initFunctionDeclarations):
-        (JSC::BytecodeGenerator::declareParameter):
-        (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
-        (JSC::BytecodeGenerator::createActivationIfNecessary): Factored these
-        helper functions out from pre-existing code.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::addVar):
-        * parser/Nodes.h:
-        (JSC::DeclarationStacks::VarDeclaration::VarDeclaration):
-        (VarDeclaration):
-        (JSC::DeclarationStacks::FunctionDeclaration::FunctionDeclaration):
-        (FunctionDeclaration): Declaration stacks get a little more data now,
-        to support allocating registers before putting things in the symbol
-        table. I'm convinced that we should eventually just expand the symbol
-        table to understand these things.
-
-2012-09-07  Mark Lam  <mark.lam@apple.com>
-
-        Fix a llint C++ interpreter bugs.
-        https://bugs.webkit.org/show_bug.cgi?id=96127.
-
-        Reviewed by Filip Pizlo.
-
-        * llint/LowLevelInterpreter.cpp:
-        (JSC):
-        (JSC::CLoop::execute):
-        * offlineasm/cloop.rb:
-
-2012-09-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Object.prototype.__define{G,S}etter__ with non-callable second parameter should throw TypeError instead of SyntaxError
-        https://bugs.webkit.org/show_bug.cgi?id=93873
-
-        Reviewed by Sam Weinig.
-
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineGetter):
-            - throw TypeError instead of SyntaxError
-        (JSC::objectProtoFuncDefineSetter):
-            - throw TypeError instead of SyntaxError
-
-2012-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSC should have a zombie mode
-        https://bugs.webkit.org/show_bug.cgi?id=96047
-
-        Reviewed by Geoffrey Garen.
-
-        To aid clients of JSC while they are debugging memory issues, we should add a zombie 
-        mode that scribbles into objects in the MarkedSpace after they are found to be dead 
-        to prevent a sort of "use after free" situation. As a first cut we should support a 
-        mode that just scribbles on objects prior to their being reused (i.e. while they are 
-        "zombies") and a mode in which, in addition to scribbling on zombies, once an object 
-        has been marked its mark bit will never be cleared, thus giving us "immortal" zombies.
-
-        These two modes will be enabled through the use of environment variables. For now these 
-        will be "JSZombieEnabled" and "JSImmortalZombieEnabled". Setting them to any value will 
-        result in the use of the appropriate mode.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect): Zombifies dead objects at the end of collection if zombie mode is enabled.
-        (ZombifyCellFunctor):
-        (JSC::ZombifyCellFunctor::ZombifyCellFunctor): Sets marked bits for dead objects if in immortal mode and writes 0xbbadbeef into them.
-        (JSC::ZombifyCellFunctor::operator()):
-        (JSC):
-        (ZombifyBlockFunctor):
-        (JSC::ZombifyBlockFunctor::operator()):
-        (JSC::Heap::zombifyDeadObjects): Eagerly sweeps so that we don't write garbage into an object before it 
-        is finalized/destroyed.
-        * heap/Heap.h:
-        (Heap):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::forEachDeadCell): Used to iterate over dead cells at the end of collection if zombie mode is enabled.
-        (JSC):
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-        * runtime/Options.h:
-        (JSC):
-
-2012-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in <http://trac.webkit.org/changeset/127698> with a fix for
-        fast/dom/HTMLScriptElement/script-reexecution-pretty-diff.html, which
-        is to make sure that function declarations don't put their names in scope.
-
-        Reviewed by Gavin Barraclough.
-
-            Named functions should not allocate scope objects for their names
-            https://bugs.webkit.org/show_bug.cgi?id=95659
-
-            Reviewed by Oliver Hunt.
-
-2012-09-06  Michael Saboff  <msaboff@apple.com>
-
-        16 bit JSRopeString up converts an 8 bit fibers to 16 bits during resolution
-        https://bugs.webkit.org/show_bug.cgi?id=95810
-
-        Reviewed by Benjamin Poulain.
-
-        Added 8 bit path that copies the contents of an 8 bit fiber to the 16 bit buffer
-        when resolving a 16 bit rope.
-
-        * runtime/JSString.cpp:
-        (JSC::JSRopeString::resolveRopeSlowCase):
-
-2012-09-06  Gavin Barraclough  <barraclough@apple.com>
-
-        JS test suite puts incorrect limitations on Function.toString()
-        https://bugs.webkit.org/show_bug.cgi?id=3975
-
-        Reviewed by Geoff Garen.
-
-        The result of function toString is implementation defined;
-        these test cases were looking for specific whitespace formatting
-        that matches mozilla's, and for redundant braces to be inserted
-        around if/else blocks. Stop that.
-
-        * tests/mozilla/expected.html:
-        * tests/mozilla/js1_2/function/tostring-1.js:
-        (simplify):
-            - reduce whitespace differences
-        * tests/mozilla/js1_2/function/tostring-2.js:
-        (simplify):
-            - reduce whitespace differences
-        (TestOr):
-        (TestAnd):
-            - added braces to match expected output
-
-2012-09-06  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Performance regressions on 32-bit platforms with revisions 125637 and 126387
-        https://bugs.webkit.org/show_bug.cgi?id=95953
-
-        Reviewed by Filip Pizlo.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val): Fix the typo.
-
-2012-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out <http://trac.webkit.org/changeset/127698> because it broke
-        fast/dom/HTMLScriptElement/script-reexecution-pretty-diff.html
-
-            Named functions should not allocate scope objects for their names
-            https://bugs.webkit.org/show_bug.cgi?id=95659
-
-            Reviewed by Oliver Hunt.
-
-2012-09-06  Mark Lam  <mark.lam@apple.com>
-
-        Renamed useYarrJIT() option to useRegExpJIT(). Also fixed regression in
-        which inadvertantly allows the ASM llint to use the baseline JIT when
-        useRegExpJIT() is true.
-        https://bugs.webkit.org/show_bug.cgi?id=95918.
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::enableAssembler):
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::canUseJIT):
-        (JSC::JSGlobalData::canUseRegExpJIT):
-        (JSGlobalData):
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-        * runtime/Options.h:
-        (JSC):
-
-2012-09-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Build fix for Interpreter after r127698.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2012-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Named functions should not allocate scope objects for their names
-        https://bugs.webkit.org/show_bug.cgi?id=95659
-
-        Reviewed by Oliver Hunt.
-
-        In most cases, we can merge a function expression's name into its symbol
-        table. This reduces memory footprint per closure from three objects
-        (function + activation + name scope) to two (function + activation),
-        speeds up closure allocation, and speeds up recursive calls.
-
-        In the case of a named function expression that contains a non-strict
-        eval, the rules are so bat-poop crazy that I don't know how to model
-        them without an extra object. Since functions now default to not having
-        such an object, this case needs to allocate the object on function
-        entry.
-
-        Therefore, this patch makes the slow case a bit slower so the fast case
-        can be faster and more memory-efficient. (Note that the slow case already
-        allocates an activation on entry, and until recently also allocated a
-        scope chain node on entry, so adding one allocation on entry shouldn't
-        break the bank.)
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock): Caught a missed initializer. No behavior change.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator): Put the callee in static scope
-        during compilation so it doesn't need to be in dynamic scope at runtime.
-
-        (JSC::BytecodeGenerator::resolveCallee):
-        (JSC::BytecodeGenerator::addCallee): Helper functions for either statically
-        resolving the callee or adding a dynamic scope that will resolve to it,
-        depending on whether you're in the fast path.
-
-        We move the callee into a var location if it's captured because activations
-        prefer to have contiguous ranges of captured variables.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::registerFor):
-        (BytecodeGenerator):
-
-        * dfg/DFGOperations.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL): This is the point of the patch: remove
-        one allocation in the case of a named function expression.
-
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        * parser/Parser.h:
-        (JSC::Scope::declareCallee):
-        (Scope):
-        (Parser):
-        (JSC::parse):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        (JSC::FunctionExecutable::fromGlobalCode): Pipe the callee's name through
-        the parser so we get accurate information on whether the callee was captured.
-
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::create):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::finishCreation): I had to refactor function
-        creation to support the following function constructor quirk: the function
-        gets a name, but its name is not in lexical scope.
-
-        To simplify this, FunctionExecutable now automatically extracts all the
-        data it needs from the parsed node. The special "fromGlobalCode" path
-        used by the function constructor creates an anonymous function, and then
-        quirkily sets the value used by the .name property to be non-null, even
-        though the parsed name is null.
-
-        * runtime/JSNameScope.h:
-        (JSC::JSNameScope::create):
-        (JSC::JSNameScope::JSNameScope): Added support for explicitly specifying
-        your container scope. The compiler uses this for named function expressions.
-
-2012-09-05  Gavin Barraclough  <barraclough@apple.com>
-
-        a = data[a]++; sets the wrong key in data
-        https://bugs.webkit.org/show_bug.cgi?id=91270
-
-        Reviewed by Oliver Hunt.
-
-        Postfix inc/dec is unsafely using finalDestination, can trample base/subscript prior to the result being put.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PostfixNode::emitResolve):
-            - Remove redundant parens.
-        (JSC::PostfixNode::emitBracket):
-        (JSC::PostfixNode::emitDot):
-            - Refactored to use tempDestination instead of finalDestination.
-        (JSC::PrefixNode::emitBracket):
-        (JSC::PrefixNode::emitDot):
-            - Should be using emitPreIncOrDec.
-
-2012-09-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Bug, assignment within subscript of prefix/postfix increment of bracket access
-        https://bugs.webkit.org/show_bug.cgi?id=95913
-
-        Reviewed by Oliver Hunt.
-
-        javascript:alert((function(){ var a = { x:1 }; var b = { x:1 }; a[a=b,"x"]++; return a.x; })())
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PostfixNode::emitBracket):
-        (JSC::PrefixNode::emitBracket):
-            - Should check for assigments in the subscript when loading the base.
-        * parser/Nodes.h:
-        (JSC::BracketAccessorNode::subscriptHasAssignments):
-        (BracketAccessorNode):
-            - Used by emitBracket methods.
-
-2012-09-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Merge prefix/postfix nodes
-        https://bugs.webkit.org/show_bug.cgi?id=95898
-
-        Reviewed by Geoff Garen.
-
-        Simplify the AST.
-        This will also mean we have access to m_subscriptHasAssignments when generating a prefix/postfix op applied to a bracket access.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PostfixNode::emitResolve):
-            - was PostfixResolveNode::emitBytecode
-        (JSC::PostfixNode::emitBracket):
-            - was PostfixBracketNode::emitBytecode
-        (JSC::PostfixNode::emitDot):
-            - was PostfixDotNode::emitBytecode
-        (JSC::PostfixNode::emitBytecode):
-            - was PostfixErrorNode::emitBytecode, call resolve/bracket/dot version as appropriate.
-        (JSC::PrefixNode::emitResolve):
-            - was PrefixResolveNode::emitBytecode
-        (JSC::PrefixNode::emitBracket):
-            - was PrefixBracketNode::emitBytecode
-        (JSC::PrefixNode::emitDot):
-            - was PrefixDotNode::emitBytecode
-        (JSC::PrefixNode::emitBytecode):
-            - was PrefixErrorNode::emitBytecode, call resolve/bracket/dot version as appropriate.
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::makePrefixNode):
-            - Just makes a PrefixNode!
-        (JSC::ASTBuilder::makePostfixNode):
-            - Just makes a PostfixNode!
-        * parser/NodeConstructors.h:
-        (JSC::PostfixNode::PostfixNode):
-            - Added, merge of PostfixResolveNode/PostfixBracketNode/PostfixDotNode/PostfixErrorNode.
-        (JSC::PrefixNode::PrefixNode):
-            - Added, merge of PrefixResolveNode/PrefixBracketNode/PrefixDotNode/PrefixErrorNode.
-        * parser/Nodes.h:
-        (PostfixNode):
-            - Added, merge of PostfixResolveNode/PostfixBracketNode/PostfixDotNode/PostfixErrorNode.
-        (PrefixNode):
-            - Added, merge of PrefixResolveNode/PrefixBracketNode/PrefixDotNode/PrefixErrorNode.
-
-2012-09-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove use of JSCell::classInfoOffset() from tryCacheGetByID
-        https://bugs.webkit.org/show_bug.cgi?id=95860
-
-        Reviewed by Oliver Hunt.
-
-        We should just do the indirection through the Structure instead.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-
-2012-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Throw exceptions when assigning to const in strict mode
-        https://bugs.webkit.org/show_bug.cgi?id=95894
-
-        Reviewed by Oliver Hunt.
-
-        Currently, this never happens; but it will start happening once the
-        callee is a local const register. In this patch, there's no change in
-        behavior.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded): Helper function
-        for doing the throwing.
-        * bytecompiler/BytecodeGenerator.h:
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode): Call the helper function.
-
-2012-09-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored callee access in the DFG to support it in the general case
-        https://bugs.webkit.org/show_bug.cgi?id=95887
-
-        Reviewed by Phil Pizlo and Gavin Barraclough.
-
-        To support named function expressions, the DFG needs to understand the
-        callee register being used in arbitrary expressions, and not just
-        create_this.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getDirect): 
-        (JSC::DFG::ByteCodeParser::getCallee): Remap access to the callee register
-        into a GetCallee node. Otherwise, we get confused and think we have a
-        negatively indexed argument.
-
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): Inlining also
-        needs to remap, but to the callee in the inline frame, and not the caller's
-        callee.
-
-        (JSC::DFG::ByteCodeParser::parseBlock): Since we support the callee in
-        the general case now, there's no need to handle it in a special way for
-        create_this.
-
-2012-09-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove use of JSCell::classInfoOffset() from virtualForThunkGenerator
-        https://bugs.webkit.org/show_bug.cgi?id=95821
-
-        Reviewed by Oliver Hunt.
-
-        We can replace the load of the ClassInfo from the object with a load from the Structure.
-
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::virtualForThunkGenerator):
-
-2012-09-05  Benjamin Poulain  <bpoulain@apple.com>
-
-        Fix the uses of String::operator+=() for Mac
-        https://bugs.webkit.org/show_bug.cgi?id=95818
-
-        Reviewed by Dan Bernstein.
-
-        * jsc.cpp:
-        (functionJSCStack): Use StringBuilder to create the stack dump, it is faster
-        and avoid String::operator+=().
-
-        * parser/Parser.h:
-        (JSC::Parser::updateErrorMessageSpecialCase):
-        (JSC::Parser::updateErrorMessage):
-        (JSC::Parser::updateErrorWithNameAndMessage):
-        Use the String operators (and makeString) to concatenate the strings.
-
-2012-09-05  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        DFG JIT doesn't work properly on ARM hardfp
-        https://bugs.webkit.org/show_bug.cgi?id=95684
-
-        Reviewed by Filip Pizlo.
-
-        Add hardfp support to DFG JIT. The patch is created with the
-        help of Zoltan Herczeg.
-
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArguments):
-        * dfg/DFGFPRInfo.h:
-        (FPRInfo):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
-        (JSC::DFG::SpeculativeJIT::appendCallSetResult):
-
-2012-09-04  Mark Lam  <mark.lam@apple.com>
-
-        Allow the YarrJIT to use the assembler even when useJIT() is false.
-        Introduce the useYarrJIT() option.
-        https://bugs.webkit.org/show_bug.cgi?id=95809.
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::enableAssembler):
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-        * runtime/Options.h:
-        (JSC):
-
-2012-09-04  Gavin Barraclough  <barraclough@apple.com>
-
-        inc/dec behave incorrectly operating on a resolved const
-        https://bugs.webkit.org/show_bug.cgi?id=95815
-
-        Reviewed by Geoff Garen.
-
-        There are two bugs here.
-
-        (1) When the value being incremented is const, and the result is ignored, we assume this cannot be observed, and emit no code.
-            However if the value being incremented is not a primitive & has a valueOf conversion, then this should be being called.
-
-        (2) In the case of a pre-increment of a const value where the result is not ignored, we'll move +/-1 to the destination, then
-            add the resolved const value being incremented to this. This is problematic if the destination is a local, and the const
-            value being incremented has a valueOf conversion that throws - the destination will be modified erroneously. Instead, we
-            need to use a temporary location.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-            - always at least perform a toNumber conversion, use tempDestination when reducing inc/dec to an add +/-1.
-
-2012-09-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG GetByVal for JSArrays shouldn't OSR exit every time that the index is out of bound
-        https://bugs.webkit.org/show_bug.cgi?id=95717
-
-        Reviewed by Oliver Hunt.
-        
-        Rolling back in after fixing the negative index case.
-
-        Make GetByVal for JSArrayOutOfBounds do meaningful things. The profiling was already
-        there so we should just use it!
-
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-09-04  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r127503.
-        http://trac.webkit.org/changeset/127503
-        https://bugs.webkit.org/show_bug.cgi?id=95788
-
-        broke some tests (fast/js/dfg-negative-array-index, fast/js
-        /dfg-put-by-val-setter-then-get-by-val) (Requested by thorton
-        on #webkit).
-
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-09-04  Benjamin Poulain  <bpoulain@apple.com>
-
-        Improve JSC use of Strings after the UString->String change
-        https://bugs.webkit.org/show_bug.cgi?id=95633
-
-        Reviewed by Geoffrey Garen.
-
-        This patch improve the use of strings in the JSC runtime.
-
-        The initialization of Identifier is left for future patches.
-
-        The improvements are the following:
-        -5% faster to raise one of the modified exception.
-        -3 times faster to execute Boolean::toString()
-
-        Most of the changes are just about using the new methods
-        for string literals.
-
-        With the changes, the binary on x86_64 gets 176 bytes smaller.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::staticFunctionGetter):
-        (JSC::::callbackGetter):
-        * API/JSContextRef.cpp:
-        (JSContextCreateBacktrace):
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeFunctionWithCallback):
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        (JSC::CodeBlock::nameForRegister):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::shift):
-        (JSC::unshift):
-        (JSC::arrayProtoFuncPop):
-        (JSC::arrayProtoFuncReverse):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::booleanProtoFuncToString): Instead of instanciating new strings, reuse the
-        keywords available in SmallStrings. Avoiding the creation of the JSString and StringImpl
-        makes the method significantly faster.
-
-        * runtime/DateConversion.cpp:
-        (JSC::formatDateTime):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::formateDateInstance):
-        (JSC::dateProtoFuncToISOString):
-        Change the way we use snprintf() for clarity and performance.
-
-        Instead of allocating one extra byte to put a zero "just in case", we use the size returned
-        by snprintf().
-        To prevent any overflow from a programming mistake, we explicitely test for overflow and
-        return an empty string.
-
-        (JSC::dateProtoFuncToJSON):
-        * runtime/Error.cpp:
-        (JSC::createNotEnoughArgumentsError):
-        (JSC::throwTypeError):
-        (JSC::throwSyntaxError):
-        * runtime/Error.h:
-        (JSC::StrictModeTypeErrorFunction::create):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::finishCreation):
-        (JSC::errorProtoFuncToString):
-        Using a null String is correct because (8) uses jsString(), (9) tests for a length of 0.
-
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::defaultValue):
-        (JSC::TerminatedExecutionError::defaultValue):
-        (JSC::createStackOverflowError):
-        (JSC::createOutOfMemoryError):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::FunctionExecutable::paramString):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-        (JSC::constructFunctionSkippingEvalEnabledCheck):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::create):
-        Using a null String for the name is correct because InternalFunction uses jsString()
-        to create the name value.
-
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::finishCreation):
-        There is no need to create an empty string for a null string, jsString() handle both
-        cases as empty JSString.
-
-        * runtime/JSArray.cpp:
-        (JSC::reject):
-        (JSC::SparseArrayValueMap::put):
-        (JSC::JSArray::put):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::putDirectIndexBeyondVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::finishCreation): Same issue as InternalFunction::finishCreation.
-
-        (JSC::JSFunction::callerGetter):
-        (JSC::JSFunction::defineOwnProperty):
-        * runtime/JSGlobalData.cpp:
-        (JSC::enableAssembler): Use CFSTR() instead of CFStringCreateWithCString().
-        CFStringCreateWithCString() copy the content and may choose to decode the data.
-        CFSTR() is much more efficient.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        JSFunction uses jsString() to create the name, we can use null strings instead
-        of creating empty strings.
-
-        (JSC::JSGlobalObject::createThrowTypeError): ditto.
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::decode):
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendStringifiedValue):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::JSONProtoFuncParse):
-        (JSC::JSONProtoFuncStringify):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::defaultValue):
-        (JSC::JSObject::hasInstance):
-        (JSC::JSObject::defineOwnProperty):
-        * runtime/JSString.cpp:
-        Return an empty JSString to avoid the creation of a temporary empty String.
-
-        (JSC::JSRopeString::getIndexSlowCase):
-        * runtime/JSString.h:
-        (JSC): Remove the versions of jsNontrivialString() taking a char*. All the callers
-        have been replaced by calls using ASCIILiteral.
-
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::putToPrimitive):
-        * runtime/LiteralParser.cpp:
-        (JSC::::Lexer::lex):
-        (JSC::::Lexer::lexString):
-        (JSC::::Lexer::lexNumber):
-        (JSC::::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::getErrorMessage):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        (JSC::numberProtoFuncToString):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetPrototypeOf):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        (JSC::toPropertyDescriptor):
-        (JSC::objectConstructorDefineProperty):
-        (JSC::objectConstructorDefineProperties):
-        (JSC::objectConstructorCreate):
-        (JSC::objectConstructorSeal):
-        (JSC::objectConstructorFreeze):
-        (JSC::objectConstructorPreventExtensions):
-        (JSC::objectConstructorIsSealed):
-        (JSC::objectConstructorIsFrozen):
-        (JSC::objectConstructorIsExtensible):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::objectProtoFuncDefineGetter):
-        (JSC::objectProtoFuncDefineSetter):
-        (JSC::objectProtoFuncToString):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::constructRegExp):
-        * runtime/RegExpObject.cpp:
-        (JSC::reject):
-        (JSC::regExpObjectSource):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::defineOwnProperty):
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstrings):
-        (JSC::jsSpliceSubstringsWithSeparators):
-
-2012-09-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG GetByVal for JSArrays shouldn't OSR exit every time that the index is out of bound
-        https://bugs.webkit.org/show_bug.cgi?id=95717
-
-        Reviewed by Oliver Hunt.
-
-        Make GetByVal for JSArrayOutOfBounds do meaningful things. The profiling was already
-        there so we should just use it!
-
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-09-04  Zoltan Horvath  <zoltan@webkit.org>
-
-        Extend the coverage of the Custom Allocation Framework in WTF and in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=95737
-
-        Reviewed by Eric Seidel.
-
-        Add WTF_MAKE_FAST_ALLOCATED macro to the following class declarations because these are instantiated by operator new.
-
-        * wtf/CryptographicallyRandomNumber.cpp: CryptographicallyRandomNumber is instantiated at wtf/CryptographicallyRandomNumber.cpp:162.
-
-        * heap/MachineStackMarker.cpp:
-        (MachineThreads::Thread): Thread is instantiated at heap/MachineStackMarker.cpp:196.
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (FixedVMPoolExecutableAllocator): FixedVMPoolExecutableAllocator is instantiated at jit/ExecutableAllocatorFixedVMPool.cpp:111
-        * parser/SourceProviderCache.h:
-        (SourceProviderCache): SourceProviderCache is instantiated at parser/SourceProvider.h:49.
-        * parser/SourceProviderCacheItem.h:
-        (SourceProviderCacheItem): SourceProviderCacheItem is instantiated at parser/Parser.cpp:843.
-        * runtime/GCActivityCallback.h:
-        (GCActivityCallback): GCActivityCallback is instantiated at runtime/GCActivityCallback.h:96.
-        * tools/CodeProfile.h:
-        (CodeProfile): CodeProfile is instantiated at JavaScriptCore/tools/CodeProfiling.cpp:140.
-
-2012-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove uses of ClassInfo from SpeculativeJIT::compileObjectOrOtherLogicalNot
-        https://bugs.webkit.org/show_bug.cgi?id=95510
-
-        Reviewed by Oliver Hunt.
-
-        More refactoring to get rid of ClassInfo checks in the DFG.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-
-2012-09-03  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r127393.
-
-        * interpreter/Interpreter.h:
-
-2012-09-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed failures seen on Linux bots.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_push_with_scope):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_push_with_scope):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h: push_*_scope doesn't have a destination operand anymore.
-        Accordingly, update these places in the baseline JIT, which I missed in my last patch.
-
-2012-09-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored scope chain opcodes to support optimization for named function expressions
-        https://bugs.webkit.org/show_bug.cgi?id=95658
-
-        Reviewed by Sam Weinig.
-
-        Renamed
-            push_scope => push_with_scope
-            push_new_scope => push_name_scope
-        to clarify the difference between them.
-
-        Changed push_with_scope and push_name_scope not to save the new scope in
-        a temporary register, since doing so made optimization harder.
-
-        (The old behavior was a hold-over from when the scope chain wasn't
-        a GC object, and wouldn't be marked otherwise. Now, the scope chain is
-        marked because it is a GC object pointed to by the call frame.)
-
-        Changed push_name_scope to accept an operand specifying the attributes
-        for the named property, instead of assuming DontDelete, because a named
-        function expression needs ReadOnly|DontDelete.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::highestUsedRegister): Removed this function,
-        which used to be related to preserving saved scope object temporaries,
-        because it had no callers.
-
-2012-09-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back out a piece of <http://trac.webkit.org/changeset/127293>
-        because it broke inspector tests on Windows.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-2012-09-01  Mark Lam  <mark.lam@apple.com>
-
-        LLInt C loop backend.
-        https://bugs.webkit.org/show_bug.cgi?id=91052.
-
-        Reviewed by Filip Pizlo.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::bytecodeOffset):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC):
-        * interpreter/Interpreter.h:
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        (JSC):
-        * llint/LLIntCLoop.cpp: Added.
-        (JSC):
-        (LLInt):
-        (JSC::LLInt::CLoop::initialize):
-        (JSC::LLInt::CLoop::catchRoutineFor):
-        (JSC::LLInt::CLoop::hostCodeEntryFor):
-        (JSC::LLInt::CLoop::jsCodeEntryWithArityCheckFor):
-        (JSC::LLInt::CLoop::jsCodeEntryFor):
-        * llint/LLIntCLoop.h: Added.
-        (JSC):
-        (LLInt):
-        (CLoop):
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::initialize):
-        * llint/LLIntData.h:
-        (JSC):
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LLIntOpcode.h:
-        * llint/LLIntThunks.cpp:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter.cpp:
-        (LLInt):
-        (JSC::LLInt::Ints2Double):
-        (JSC):
-        (JSC::CLoop::execute):
-        * llint/LowLevelInterpreter.h:
-        (JSC):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/asm.rb:
-        * offlineasm/backends.rb:
-        * offlineasm/cloop.rb: Added.
-        * offlineasm/instructions.rb:
-        * runtime/Executable.h:
-        (ExecutableBase):
-        (JSC::ExecutableBase::hostCodeEntryFor):
-        (JSC::ExecutableBase::jsCodeEntryFor):
-        (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
-        (JSC::ExecutableBase::catchRoutineFor):
-        (NativeExecutable):
-        * runtime/JSValue.h:
-        (JSC):
-        (LLInt):
-        (JSValue):
-        * runtime/JSValueInlineMethods.h:
-        (JSC):
-        (JSC::JSValue::JSValue):
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-
-2012-09-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-        * runtime/JSActivation.h:
-        (JSActivation):
-
-2012-09-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::setGlobalThis):
-        (JSC):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSScope::globalThis):
-        (JSC):
-        (JSC::JSGlobalObject::globalThis):
-        * runtime/JSNameScope.h:
-        (JSC::JSNameScope::JSNameScope):
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::visitChildren):
-        * runtime/JSScope.h:
-        (JSScope):
-        (JSC::JSScope::JSScope):
-        (JSC::JSScope::globalObject):
-        (JSC::JSScope::globalData):
-        * runtime/JSSegmentedVariableObject.h:
-        (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::JSSymbolTableObject::JSSymbolTableObject):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        * runtime/JSWithScope.h:
-        (JSC::JSWithScope::JSWithScope):
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-
-2012-09-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back out a piece of <http://trac.webkit.org/changeset/127293>
-        because it broke Window inspector tests.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-        * runtime/JSActivation.h:
-        (JSActivation):
-
-2012-08-31  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, attempt to fix Windows, take two.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-08-31  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, attempt to fix Windows.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-08-31  Filip Pizlo  <fpizlo@apple.com>
-
-        JSArray::putDirectIndex should by default behave like JSObject::putDirect
-        https://bugs.webkit.org/show_bug.cgi?id=95630
-
-        Reviewed by Gavin Barraclough.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::putDirectIndexBeyondVectorLength):
-        * runtime/JSArray.h:
-        (SparseArrayValueMap):
-        (JSArray):
-        (JSC::JSArray::putDirectIndex):
-        * runtime/JSONObject.cpp:
-        (JSC::Walker::walk):
-        * runtime/RegExpMatchesArray.cpp:
-        (JSC::RegExpMatchesArray::reifyAllProperties):
-        (JSC::RegExpMatchesArray::reifyMatchProperty):
-        * runtime/StringPrototype.cpp:
-        (JSC::splitStringByOneCharacterImpl):
-        (JSC::stringProtoFuncSplit):
-
-2012-08-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSNameScope.h:
-        (JSC::JSNameScope::JSNameScope):
-        * runtime/JSWithScope.h:
-        (JSC::JSWithScope::JSWithScope):
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-
-2012-08-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global_dynamic):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::withScopeStructure):
-        (JSC::JSGlobalObject::strictEvalActivationStructure):
-        (JSC::JSGlobalObject::activationStructure):
-        (JSC::JSGlobalObject::nameScopeStructure):
-
-2012-08-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove use of ClassInfo in SpeculativeJIT::emitBranch
-        https://bugs.webkit.org/show_bug.cgi?id=95623
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2012-08-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::globalData):
-        (JSC):
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::addAllocator):
-        * heap/WeakSet.h:
-        (WeakSet):
-        (JSC::WeakSet::WeakSet):
-        (JSC::WeakSet::globalData):
-        * runtime/JSGlobalData.h:
-        (JSC::WeakSet::heap):
-        (JSC):
-
-2012-08-31  Mark Lam  <mark.lam@apple.com>
-
-        Refactor LLInt and supporting code in preparation for the C Loop backend.
-        https://bugs.webkit.org/show_bug.cgi?id=95531.
-
-        Reviewed by Filip Pizlo.
-
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFromLLInt):
-        * jit/JITExceptions.cpp:
-        (JSC::genericThrow): Use ExecutableBase::catchRoutineFor() to fetch
-            fetch the catch routine for a thrown exception.  This will allow
-            us to redefine that for the C loop later, and still keep this
-            code readable.
-        * llint/LLIntOfflineAsmConfig.h: Moved ASM macros to
-            LowLevelInterpreter.cpp which is the only place they are used. This
-            will make it more convenient to redefine them for the C loop later.
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::setUpCall): Use ExecutableBase's hostCodeEntry()
-            jsCodeEntryFor(), and jsCodeWithArityCheckEntryFor() for computing
-            the entry points to functions being called.
-        * llint/LLIntSlowPaths.h:
-        (SlowPathReturnType):
-        (JSC::LLInt::encodeResult):
-        (LLInt):
-        (JSC::LLInt::decodeResult): Added.  Needed by LLInt C Loop later.
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter.cpp:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/asm.rb: Disambiguate between opcodes and other labels.
-        * offlineasm/config.rb:
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::hostCodeEntryFor): Added.
-        (ExecutableBase):
-        (JSC::ExecutableBase::jsCodeEntryFor): Added.
-        (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor): Added.
-        (JSC::ExecutableBase::catchRoutineFor): Added.
-        * runtime/JSValueInlineMethods.h:
-        (JSC):
-
-2012-08-31  Tony Chang  <tony@chromium.org>
-
-        Remove ENABLE_CSS3_FLEXBOX compile time flag
-        https://bugs.webkit.org/show_bug.cgi?id=95382
-
-        Reviewed by Ojan Vafai.
-
-        Everyone is already enabling this by default and the spec has stablized.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-08-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Rolled out http://trac.webkit.org/changeset/127293 because it broke
-        inspector tests on Windows.
-
-            Shrink activation objects by half
-            https://bugs.webkit.org/show_bug.cgi?id=95591
-
-            Reviewed by Sam Weinig.
-
-2012-08-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Shrink activation objects by half
-        https://bugs.webkit.org/show_bug.cgi?id=95591
-
-        Reviewed by Sam Weinig.
-
-        Removed the global object, global data, and global this pointers from
-        JSScope, and changed an int to a bitfield. This gets the JSActivation
-        class down to 64 bytes, which in practice cuts it in half by getting it
-        out of the 128 byte size class.
-
-        Now, it's one extra indirection to get these pointers. These pointers
-        aren't accessed by JIT code, so I thought there would be no cost to the
-        extra indirection. However, some C++-heavy SunSpider tests regressed a
-        bit in an early version of the patch, which added even more indirection.
-        This suggests that calls to exec->globalData() and/or exec->lexicalGlobalObject()
-        are common and probably duplicated in lots of places, and could stand
-        further optimization in C++.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute): Test against the specific activation
-        for our global object, since there's no VM-shared activation structure
-        anymore. This is guaranteed to have the same success rate as the old test
-        because activation scope is fixed at compile time.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::globalData):
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::addAllocator):
-        * heap/WeakSet.h:
-        (WeakSet):
-        (JSC::WeakSet::WeakSet):
-        (JSC::WeakSet::globalData): Store a JSGlobalData* instead of a Heap*
-        because JSGlobalData->Heap is just a constant fold in the addressing
-        mode, while Heap->JSGlobalData is an extra pointer dereference. (These
-        objects should eventually just merge.)
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global_dynamic): See DFGAbstractState.cpp.
-
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm: Load the activation structure from
-        the code block instead of the global data because the structure is not
-        VM-shared anymore. (See DFGAbstractState.cpp.)
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        * runtime/JSActivation.h:
-        (JSActivation): This is the point of the patch: Remove the data.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData): No longer VM-shared. (See DFGAbstractState.cpp.)
-
-        (JSC::WeakSet::heap): (See WeakSet.h.)
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::setGlobalThis):
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::withScopeStructure):
-        (JSC::JSGlobalObject::strictEvalActivationStructure):
-        (JSC::JSGlobalObject::activationStructure):
-        (JSC::JSGlobalObject::nameScopeStructure):
-        (JSC::JSScope::globalThis):
-        (JSC::JSGlobalObject::globalThis): Data that used to be in the JSScope
-        class goes here now, so it's not duplicated across all activations.
-
-        * runtime/JSNameScope.h:
-        (JSC::JSNameScope::JSNameScope):
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::visitChildren): This is the point of the patch: Remove the data.
-
-        * runtime/JSScope.h:
-        (JSScope):
-        (JSC::JSScope::JSScope):
-        (JSC::JSScope::globalObject):
-        (JSC::JSScope::globalData):
-        * runtime/JSSegmentedVariableObject.h:
-        (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::JSSymbolTableObject::JSSymbolTableObject):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        * runtime/JSWithScope.h:
-        (JSC::JSWithScope::JSWithScope):
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation): Simplified now that
-        we don't need to pass so much data to JSScope.
-
-2012-08-31  Patrick Gansterer  <paroga@webkit.org>
-
-        Build fix for WinCE after r127191.
-
-        * bytecode/JumpTable.h:
-
-2012-08-30  Filip Pizlo  <fpizlo@apple.com>
-
-        ASSERTION FAILURE in JSC::JSGlobalData::float32ArrayDescriptor when running fast/js/dfg-float64array.html
-        https://bugs.webkit.org/show_bug.cgi?id=95398
-
-        Reviewed by Mark Hahnenberg.
-
-        Trying to get the build failure to be a bit more informative.
-
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt build: add some #includes that, for some reason, only the Qt linker requires.
-
-        * runtime/BooleanObject.cpp:
-        * runtime/ErrorInstance.cpp:
-        * runtime/NameInstance.cpp:
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Fix the Qt build: Removed a now-dead variable.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2012-08-30  Benjamin Poulain  <bpoulain@apple.com>
-
-        Ambiguous operator[]  after r127191 on some compiler
-        https://bugs.webkit.org/show_bug.cgi?id=95509
-
-        Reviewed by Simon Fraser.
-
-        On some compilers, the operator[] conflicts with the Obj-C++ operators. This attempts to solve
-        the issue.
-
-        * runtime/JSString.h:
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsString):
-        (JSC::jsSubstring8):
-        (JSC::jsSubstring):
-        (JSC::jsOwnedString):
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt build: Remove the inline keyword at the declaration
-        site. 
-
-        The Qt compiler seems to be confused, complaining about these functions
-        not being defined in a translation unit, even though no generated code
-        in the unit calls these functions. Maybe removing the keyword at the
-        declaration site will change its mind.
-
-        This shouldn't change the inlining decision at all: the definition is
-        still inline.
-
-        * interpreter/CallFrame.h:
-        (ExecState):
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Undo Qt build fix guess, since it breaks other builds.
-
-        * runtime/JSArray.h:
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt build: add an #include to JSArray.h, since
-        it's included by some of the files Qt complains about, and
-        some of is functions call the functions Qt complains about.
-
-        * runtime/JSArray.h:
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Second step toward fixing the Windows build: Add new symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Qt build: add an #include.
-
-        * bytecode/GetByIdStatus.cpp:
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        First step toward fixing the Windows build: Remove old symbols.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-08-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Use one object instead of two for closures, eliminating ScopeChainNode
-        https://bugs.webkit.org/show_bug.cgi?id=95501
-
-        Reviewed by Filip Pizlo.
-
-        This patch removes ScopeChainNode, and moves all the data and related
-        functions that used to be in ScopeChainNode into JSScope.
-
-        Most of this patch is mechanical changes to use a JSScope* where we used
-        to use a ScopeChainNode*. I've only specifically commented about items
-        that were non-mechanical.
-
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/Completion.h: Don't require an explicit scope chain argument
-        when evaluating code. Clients never wanted anything other than the
-        global scope, and other arbitrary scopes probably wouldn't work
-        correctly, anyway.
-
-        * runtime/JSScope.cpp:
-        * runtime/JSScope.h:
-        (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
-        ScopeChainNode, so it can link itself into the scope chain correctly.
-
-        * runtime/JSWithScope.h:
-        (JSC::JSWithScope::create):
-        (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
-        for specifically supplying your own scope chain. The DOM needs this
-        interface for setting up the scope chain for certain event handlers.
-        Other clients always just push the JSWithScope to the head of the current
-        scope chain.
-
-2012-08-30  Mark Lam  <mark.lam@apple.com>
-
-        Render unto #ifdef's that which belong to them.
-        https://bugs.webkit.org/show_bug.cgi?id=95482.
-
-        Reviewed by Filip Pizlo.
-
-        Refining / disambiguating between #ifdefs and adding some. For
-        example, ENABLE(JIT) is conflated with ENABLE(LLINT) in some places.
-        Also, we need to add ENABLE(COMPUTED_GOTO_OPCODES) to indicate that we
-        want interpreted opcodes to use COMPUTED GOTOs apart from ENABLE(LLINT)
-        and ENABLE(COMPUTED_GOTO_CLASSIC_INTERPRETER). Also cleaned up #ifdefs
-        in certain places which were previously incorrect.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        (JSC::CodeBlock::bytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/Opcode.h:
-        (JSC::padOpcodeName):
-        * config.h:
-        * dfg/DFGOperations.cpp:
-        * interpreter/AbstractPC.cpp:
-        (JSC::AbstractPC::AbstractPC):
-        * interpreter/CallFrame.h:
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::~Interpreter):
-        (JSC::Interpreter::initialize):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getLineNumberForCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::getOpcode):
-        (JSC::Interpreter::getOpcodeID):
-        (Interpreter):
-        * jit/HostCallReturnValue.h:
-        * jit/JITCode.h:
-        (JITCode):
-        * jit/JITExceptions.cpp:
-        * jit/JITExceptions.h:
-        * jit/JSInterfaceJIT.h:
-        * llint/LLIntData.h:
-        (JSC::LLInt::getOpcode):
-        * llint/LLIntEntrypoints.cpp:
-        (JSC::LLInt::getFunctionEntrypoint):
-        (JSC::LLInt::getEvalEntrypoint):
-        (JSC::LLInt::getProgramEntrypoint):
-        * llint/LLIntOffsetsExtractor.cpp:
-        (JSC::LLIntOffsetsExtractor::dummy):
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-
-2012-08-30  JungJik Lee  <jungjik.lee@samsung.com>
-
-        [EFL][WK2] Add WebMemorySampler feature.
-        https://bugs.webkit.org/show_bug.cgi?id=91214
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        WebMemorySampler collects Javascript stack and JIT memory usage in globalMemoryStatistics.
-
-        * PlatformEfl.cmake:
-
-2012-08-30  Benjamin Poulain  <bpoulain@apple.com>
-
-        Replace JSC::UString by WTF::String
-        https://bugs.webkit.org/show_bug.cgi?id=95271
-
-        Reviewed by Geoffrey Garen.
-
-        Having JSC::UString and WTF::String increase the complexity of working on WebKit, and
-        add useless conversions in the bindings. It also cause some code bloat.
-
-        The performance advantages of UString have been ported over in previous patches. This patch
-        is the last step: getting rid of UString.
-
-        In addition to the simplified code, this also reduce the binary size by 15kb on x86_64.
-
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::ustring):
-        * runtime/Identifier.h:
-        (JSC::Identifier::ustring):
-        To avoid changing everything at once, the function named ustring() were kept as is. They
-        will be renamed in a follow up patch.
-
-        * runtime/JSString.h:
-        (JSC::JSString::string):
-        (JSC::JSValue::toWTFString):
-        (JSC::inlineJSValueNotStringtoString):
-        (JSC::JSValue::toWTFStringInline):
-        Since JSValue::toString() already exist (and return the JSString), the direct accessor is renamed
-        to ::toWTFString(). We may change ::string() to ::jsString() and ::toWTFString() to ::toString()
-        in the future.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferencesSlow): Replace the use of UString::getCharacters<>() by String::getCharactersWithUpconvert<>().
-
-2012-08-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove uses of ClassInfo in StrictEq and CompareEq in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=93401
-
-        Reviewed by Filip Pizlo.
-
-        Another incremental step in removing the dependence on ClassInfo pointers in object headers.
-
-        * bytecode/SpeculatedType.h:
-        (JSC::isCellOrOtherSpeculation):
-        (JSC):
-        * dfg/DFGAbstractState.cpp: Updated the CFA to reflect the changes to the backend.
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::shouldSpeculateString): Added this new function since it was conspicuously absent.
-        (JSC::DFG::Node::shouldSpeculateNonStringCellOrOther): Also add this function for use in the CFA.
-        * dfg/DFGSpeculativeJIT.cpp: Refactored how we handle CompareEq and CompareStrictEq in the DFG. We now just 
-        check for Strings by comparing the object's Structure to the global Structure for strings. We only 
-        check for MasqueradesAsUndefined if the watchpoint has fired. These changes allow us to remove our 
-        uses of the ClassInfo pointer for compiling these nodes.
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp: Same changes for 32 bit as for 64 bit.
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-
-2012-08-30  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Implement IncrementalSweeper for PLATFORM(BLACKBERRY)
-        https://bugs.webkit.org/show_bug.cgi?id=95469
-
-        Reviewed by Rob Buis.
-
-        RIM PR# 200595.
-        Share most code with USE(CF) and implement timer-related methods
-        for PLATFORM(BLACKBERRY).
-
-        * heap/IncrementalSweeper.cpp:
-        (JSC):
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::create):
-        (JSC::IncrementalSweeper::scheduleTimer):
-        (JSC::IncrementalSweeper::cancelTimer):
-        (JSC::IncrementalSweeper::doSweep):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-
-2012-08-30  Mark Lam  <mark.lam@apple.com>
-
-        Fix broken classic intrpreter build.
-        https://bugs.webkit.org/show_bug.cgi?id=95484.
-
-        Reviewed by Filip Pizlo.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2012-08-30  Byungwoo Lee  <bw80.lee@samsung.com>
-
-        Build warning : -Wsign-compare on DFGByteCodeParser.cpp.
-        https://bugs.webkit.org/show_bug.cgi?id=95418
-
-        Reviewed by Filip Pizlo.
-
-        There is a build warning '-Wsign-compare' on
-        findArgumentPositionForLocal() in DFGByteCodeParser.cpp.
-
-        For removing this warning, casting statement is added explicitly.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
-        (JSC::DFG::ByteCodeParser::findArgumentPosition):
-
-2012-08-30  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Set timer client on platform timer used in HeapTimer
-        https://bugs.webkit.org/show_bug.cgi?id=95464
-
-        Reviewed by Rob Buis.
-
-        Otherwise the timer won't work.
-
-        * heap/HeapTimer.cpp:
-        (JSC::HeapTimer::HeapTimer):
-
-2012-08-30  Julien BRIANCEAU   <jbrianceau@nds.com>
-
-        [sh4] Add missing implementation for JavaScriptCore JIT
-        https://bugs.webkit.org/show_bug.cgi?id=95452
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::isCompactPtrAlignedAddressOffset):
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::add32):
-        (JSC::MacroAssemblerSH4::convertibleLoadPtr):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::labelIgnoringWatchpoints):
-        (SH4Assembler):
-        (JSC::SH4Assembler::replaceWithLoad):
-        (JSC::SH4Assembler::replaceWithAddressComputation):
-
-2012-08-30  Charles Wei  <charles.wei@torchmobile.com.cn>
-
-        [BlackBerry] Eliminate build warnings
-        https://bugs.webkit.org/show_bug.cgi?id=95338
-
-        Reviewed by Filip Pizlo.
-
-        static_cast to the same type to eliminate the build time warnings.
-
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (JSC::AssemblerBufferWithConstantPool::flushWithoutBarrier):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branch32):
-
-2012-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove use of ClassInfo from compileGetByValOnArguments and compileGetArgumentsLength
-        https://bugs.webkit.org/show_bug.cgi?id=95131
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): We don't need this speculation check. We can replace it 
-        with an assert to guarantee this.
-
-2012-08-29  Mark Lam  <mark.lam@apple.com>
-
-        Refactoring LLInt::Data.
-        https://bugs.webkit.org/show_bug.cgi?id=95316.
-
-        Reviewed by Geoff Garen.
-
-        This change allows its opcodeMap to be easily queried from any function
-        without needing to go through a GlobalData object.  It also introduces
-        the LLInt::getCodePtr() methods that will be used by the LLInt C loop
-        later to redefine how llint symbols (opcodes and trampoline glue
-        labels) get resolved.
-
-        * assembler/MacroAssemblerCodeRef.h:
-        (MacroAssemblerCodePtr):
-        (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
-        (MacroAssemblerCodeRef):
-        (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::adjustPCIfAtCallSite):
-        (JSC::CodeBlock::bytecodeOffset):
-        * bytecode/Opcode.h:
-            Remove the 'const' to simplify things and avoid having to do
-            additional casts and #ifdefs in many places.
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC::computeForLLInt):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::initialize):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jit/JITExceptions.cpp:
-        (JSC::genericThrow):
-        * llint/LLIntData.cpp:
-        (LLInt):
-        (JSC::LLInt::initialize):
-        * llint/LLIntData.h:
-        (JSC):
-        (LLInt):
-        (Data):
-        (JSC::LLInt::exceptionInstructions):
-        (JSC::LLInt::opcodeMap):
-        (JSC::LLInt::getOpcode):
-        (JSC::LLInt::getCodePtr):
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LLIntExceptions.cpp:
-        (JSC::LLInt::returnToThrowForThrownException):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::handleHostCall):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce): Initialize the singleton LLInt data.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData): Removed the now unneeded LLInt::Data instance in
-            JSGlobalData.
-        * runtime/JSValue.h:
-        (JSValue):
-
-2012-08-29  Gavin Barraclough  <barraclough@apple.com>
-
-        PutById uses DataLabel32, not DataLabelCompact
-        https://bugs.webkit.org/show_bug.cgi?id=95245
-
-        Reviewed by Geoff Garen.
-
-        JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
-        since they currently both do the same thing, but if we were to ever make compact mean
-        8-bit this could be a real problem. Also, relying on the object still being in eax
-        on entry to the transition stub isn't very robust - added nonArgGPR1 to at least make
-        this explicit.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_put_by_id):
-            - copy regT0 to nonArgGPR1
-        (JSC::JIT::privateCompilePutByIdTransition):
-            - DataLabelCompact -> DataLabel32
-        (JSC::JIT::resetPatchPutById):
-            - reload regT0 from nonArgGPR1
-        * jit/JSInterfaceJIT.h:
-        (JSInterfaceJIT):
-            - added nonArgGPR1
-
-2012-08-28  Yong Li  <yoli@rim.com>
-
-        ExecutableAllocator should be destructed after Heap
-        https://bugs.webkit.org/show_bug.cgi?id=95244
-
-        Reviewed by Rob Buis.
-
-        RIM PR# 199364.
-        Make ExecutableAllocator the first member in JSGlobalData.
-        Existing Web Worker tests can show the issue.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-
-2012-08-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
-
-2012-08-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Introduced JSWithScope, making all scope objects subclasses of JSScope
-        https://bugs.webkit.org/show_bug.cgi?id=95295
-
-        Reviewed by Filip Pizlo.
-
-        This is a step toward removing ScopeChainNode. With a uniform representation
-        for objects in the scope chain, we can move data from ScopeChainNode
-        into JSScope.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri: Build!
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL): Use an explicit JSWithScope object
-        for 'with' statements. Since 'with' can put any object in the scope
-        chain, we'll need an adapter object to hold the data ScopeChainNode
-        currently holds.
-
-        (JSGlobalData): Support for JSWithScope.
-
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::objectAtScope):
-        * runtime/JSScope.h: Check for and unwrap JSWithScope.
-
-        * runtime/JSType.h: Support for JSWithScope.
-
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-        * runtime/StrictEvalActivation.h:
-        (StrictEvalActivation): Inherit from JSScope, to make the scope chain uniform.
-
-        * runtime/JSWithScope.cpp: Added.
-        (JSC::JSWithScope::visitChildren):
-        * runtime/JSWithScope.h: Added.
-        (JSWithScope):
-        (JSC::JSWithScope::create):
-        (JSC::JSWithScope::object):
-        (JSC::JSWithScope::createStructure):
-        (JSC::JSWithScope::JSWithScope): New adapter object. Since this object
-        is never exposed to scripts, it doesn't need any meaningful implementation
-        of property access or other callbacks.
-
-2012-08-29  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r126962.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2012-08-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Added JSScope::objectInScope(), and refactored callers to use it
-        https://bugs.webkit.org/show_bug.cgi?id=95281
-
-        Reviewed by Gavin Barraclough.
-
-        This is a step toward removing ScopeChainNode. We need a layer of
-        indirection so that 'with' scopes can proxy for an object.
-        JSScope::objectInScope() will be that layer.
-
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::tryGet):
-        (JSC::EvalCodeCache::getSlow):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl): . vs ->
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::execute):
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::resolve):
-        (JSC::JSScope::resolveSkip):
-        (JSC::JSScope::resolveGlobalDynamic):
-        (JSC::JSScope::resolveBase):
-        (JSC::JSScope::resolveWithBase):
-        (JSC::JSScope::resolveWithThis): Added JSScope::objectAtScope() calls.
-
-        * runtime/JSScope.h:
-        (JSScope):
-        (JSC::JSScope::objectAtScope):
-        (JSC):
-        (ScopeChainIterator):
-        (JSC::ScopeChainIterator::ScopeChainIterator):
-        (JSC::ScopeChainIterator::get):
-        (JSC::ScopeChainIterator::operator->):
-        (JSC::ScopeChainIterator::operator++):
-        (JSC::ScopeChainIterator::operator==):
-        (JSC::ScopeChainIterator::operator!=):
-        (JSC::ScopeChainNode::begin):
-        (JSC::ScopeChainNode::end): I moved ScopeChainIterator to this file
-        to resolve a circular #include problem. Eventually, I'll probably rename
-        it to JSScope::iterator, so I think it belongs here.
-
-        * runtime/ScopeChain.cpp:
-        (JSC::ScopeChainNode::print):
-        (JSC::ScopeChainNode::localDepth): . vs ->
-
-        * runtime/ScopeChain.h:
-        (ScopeChainNode): I made the 'object' data member private because it's
-        no longer safe to access -- you need to call JSScope::objectAtScope()
-        instead.
-
-        The JITs need to be friends because of the private declaration.
-
-        Subtly, JIT/LLInt code is correct without any changes because JIT/LLInt
-        code never compiles direct access to a with scope.
-
-2012-08-28  Mark Lam  <mark.lam@apple.com>
-
-        Adding support for adding LLInt opcode extensions.  This will be needed
-        by the LLInt C loop interpreter later.
-        https://bugs.webkit.org/show_bug.cgi?id=95277.
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Opcode.h:
-        * llint/LLIntOpcode.h: Added.
-        * llint/LowLevelInterpreter.h:
-
-2012-08-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Rolled out r126928, this broke stuff :'-(
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::resetPatchPutById):
-
-2012-08-28  Gavin Barraclough  <barraclough@apple.com>
-
-        PutById uses DataLabel32, not DataLabelCompact
-        https://bugs.webkit.org/show_bug.cgi?id=95245
-
-        Reviewed by Geoff Garen.
-
-        JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
-        since they currently both do the same thing, but if we were to ever make compact mean
-        8-bit this could be a real problem. Also, don't rely on the object still being in eax
-        on entry to the transition stub – this isn't very robust.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-            - DataLabelCompact -> DataLabel32
-        (JSC::JIT::resetPatchPutById):
-            - reload regT0 from the stack
-
-2012-08-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r126914.
-        http://trac.webkit.org/changeset/126914
-        https://bugs.webkit.org/show_bug.cgi?id=95239
-
-        it breaks everything and fixes nothing (Requested by pizlo on
-        #webkit).
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyNames):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::contextData):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::EvalCodeCache::visitAggregate):
-        (JSC::CodeBlock::nameForRegister):
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::offsetForValue):
-        (JSC::StringJumpTable::ctiForValue):
-        * bytecode/LazyOperandValueProfile.cpp:
-        (JSC::LazyOperandValueProfileParser::getIfPresent):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * debugger/Debugger.cpp:
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGAssemblyHelpers.cpp:
-        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
-        * dfg/DFGByteCodeCache.h:
-        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::get):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell):
-        * heap/JITStubRoutineSet.cpp:
-        (JSC::JITStubRoutineSet::markSlow):
-        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::internalAppend):
-        * heap/Weak.h:
-        (JSC::weakRemove):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::ctiStub):
-        * parser/Parser.cpp:
-        (JSC::::parseStrictObjectLiteral):
-        * profiler/Profile.cpp:
-        (JSC::functionNameCountPairComparator):
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayValueMap::visitChildren):
-        (JSC::JSArray::enterDictionaryMode):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::putDirectIndexBeyondVectorLength):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::getOwnPropertyNames):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::invalidateCode):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::clear):
-        (JSC::WeakGCMap::set):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::sampleChild):
-        (JSC::ProfileTreeNode::childCount):
-        (JSC::ProfileTreeNode::dumpInternal):
-        (JSC::ProfileTreeNode::compareEntries):
-
-2012-08-28  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt should not rely on ordering of global labels
-        https://bugs.webkit.org/show_bug.cgi?id=95221
-
-        Reviewed by Oliver Hunt.
-
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-08-28  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Rename first/second to key/value in HashMap iterators
-        https://bugs.webkit.org/show_bug.cgi?id=82784
-
-        Reviewed by Eric Seidel.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyNames):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::contextData):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::EvalCodeCache::visitAggregate):
-        (JSC::CodeBlock::nameForRegister):
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::offsetForValue):
-        (JSC::StringJumpTable::ctiForValue):
-        * bytecode/LazyOperandValueProfile.cpp:
-        (JSC::LazyOperandValueProfileParser::getIfPresent):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * debugger/Debugger.cpp:
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGAssemblyHelpers.cpp:
-        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
-        * dfg/DFGByteCodeCache.h:
-        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::get):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell):
-        * heap/JITStubRoutineSet.cpp:
-        (JSC::JITStubRoutineSet::markSlow):
-        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::internalAppend):
-        * heap/Weak.h:
-        (JSC::weakRemove):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::ctiStub):
-        * parser/Parser.cpp:
-        (JSC::::parseStrictObjectLiteral):
-        * profiler/Profile.cpp:
-        (JSC::functionNameCountPairComparator):
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayValueMap::visitChildren):
-        (JSC::JSArray::enterDictionaryMode):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::putDirectIndexBeyondVectorLength):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::getOwnPropertyNames):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::invalidateCode):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::clear):
-        (JSC::WeakGCMap::set):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::sampleChild):
-        (JSC::ProfileTreeNode::childCount):
-        (JSC::ProfileTreeNode::dumpInternal):
-        (JSC::ProfileTreeNode::compareEntries):
-
-2012-08-28  Geoffrey Garen  <ggaren@apple.com>
-
-        GCC warning in JSActivation is causing Mac EWS errors
-        https://bugs.webkit.org/show_bug.cgi?id=95103
-
-        Reviewed by Sam Weinig.
-
-        Try to fix a strict aliasing violation by using bitwise_cast. The
-        union in the cast should signal to the compiler that aliasing between
-        types is happening.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-
-2012-08-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: svn add two files I forgot in my last patch.
-
-2012-08-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored and consolidated variable resolution functions
-        https://bugs.webkit.org/show_bug.cgi?id=95166
-
-        Reviewed by Filip Pizlo.
-
-        This patch does a few things:
-
-        (1) Introduces a new class, JSScope, which is the base class for all
-        objects that represent a scope in the scope chain.
-
-        (2) Refactors and consolidates duplicate implementations of variable
-        resolution into the JSScope class.
-
-        (3) Renames JSStaticScopeObject to JSNameScope because, as distinct from
-        something like a 'let' scope, JSStaticScopeObject only has storage for a
-        single name.
-
-        These changes makes logical sense to me as-is. I will also use them in an
-        upcoming optimization.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri: Build!
-
-        * bytecode/CodeBlock.cpp:
-        (JSC): Build fix for LLInt-only builds.
-
-        * bytecode/GlobalResolveInfo.h:
-        (GlobalResolveInfo): Use PropertyOffset to be consistent with other parts
-        of the engine.
-
-        * bytecompiler/NodesCodegen.cpp:
-        * dfg/DFGOperations.cpp: Use the shared code in JSScope instead of rolling
-        our own.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::createExceptionScope):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h: Use the shared code in JSScope instead of rolling
-        our own.
-
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION): Use the shared code in JSScope instead of rolling
-        our own.
-
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (LLInt): Use the shared code in JSScope instead of rolling our own. Note
-        that one of these slow paths calls the wrong helper function. I left it
-        that way to avoid a behavior change in a refactoring patch.
-
-        * parser/Nodes.cpp: Updated for rename.
-
-        * runtime/CommonSlowPaths.h:
-        (CommonSlowPaths): Removed resolve slow paths because were duplicative.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData): Updated for renames.
-
-        * runtime/JSNameScope.cpp: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.cpp.
-        (JSC):
-        (JSC::JSNameScope::visitChildren):
-        (JSC::JSNameScope::toThisObject):
-        (JSC::JSNameScope::put):
-        (JSC::JSNameScope::getOwnPropertySlot):
-        * runtime/JSNameScope.h: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.h.
-        (JSC):
-        (JSC::JSNameScope::create):
-        (JSC::JSNameScope::createStructure):
-        (JSNameScope):
-        (JSC::JSNameScope::JSNameScope):
-        (JSC::JSNameScope::isDynamicScope): Used do-webcore-rename script here.
-        It is fabulous!
-
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::isNameScopeObject): More rename.
-
-        * runtime/JSScope.cpp: Added.
-        (JSC):
-        (JSC::JSScope::isDynamicScope):
-        (JSC::JSScope::resolve):
-        (JSC::JSScope::resolveSkip):
-        (JSC::JSScope::resolveGlobal):
-        (JSC::JSScope::resolveGlobalDynamic):
-        (JSC::JSScope::resolveBase):
-        (JSC::JSScope::resolveWithBase):
-        (JSC::JSScope::resolveWithThis):
-        * runtime/JSScope.h: Added.
-        (JSC):
-        (JSScope):
-        (JSC::JSScope::JSScope): All the code here is a port from the
-        Interpreter.cpp implementations of this functionality.
-
-        * runtime/JSStaticScopeObject.cpp: Removed.
-        * runtime/JSStaticScopeObject.h: Removed.
-
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC):
-        * runtime/JSSymbolTableObject.h:
-        (JSSymbolTableObject):
-        * runtime/JSType.h: Updated for rename.
-
-        * runtime/Operations.h:
-        (JSC::resolveBase): Removed because it was duplicative.
-
-2012-08-28  Alban Browaeys <prahal@yahoo.com>
-
-        [GTK] LLint build fails with -g -02
-        https://bugs.webkit.org/show_bug.cgi?id=90098
-
-        Reviewed by Filip Pizlo.
-
-        Avoid duplicate offsets for llint, discarding them.
-
-        * offlineasm/offsets.rb:
-
-2012-08-27  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r126836.
-        http://trac.webkit.org/changeset/126836
-        https://bugs.webkit.org/show_bug.cgi?id=95163
-
-        Broke all Apple ports, EFL, and Qt. (Requested by tkent on
-        #webkit).
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyNames):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::contextData):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::EvalCodeCache::visitAggregate):
-        (JSC::CodeBlock::nameForRegister):
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::offsetForValue):
-        (JSC::StringJumpTable::ctiForValue):
-        * bytecode/LazyOperandValueProfile.cpp:
-        (JSC::LazyOperandValueProfileParser::getIfPresent):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * debugger/Debugger.cpp:
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGAssemblyHelpers.cpp:
-        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
-        * dfg/DFGByteCodeCache.h:
-        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::get):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell):
-        * heap/JITStubRoutineSet.cpp:
-        (JSC::JITStubRoutineSet::markSlow):
-        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::internalAppend):
-        * heap/Weak.h:
-        (JSC::weakRemove):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::ctiStub):
-        * parser/Parser.cpp:
-        (JSC::::parseStrictObjectLiteral):
-        * profiler/Profile.cpp:
-        (JSC::functionNameCountPairComparator):
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayValueMap::visitChildren):
-        (JSC::JSArray::enterDictionaryMode):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::putDirectIndexBeyondVectorLength):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::getOwnPropertyNames):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::invalidateCode):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::clear):
-        (JSC::WeakGCMap::set):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::sampleChild):
-        (JSC::ProfileTreeNode::childCount):
-        (JSC::ProfileTreeNode::dumpInternal):
-        (JSC::ProfileTreeNode::compareEntries):
-
-2012-08-27  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Rename first/second to key/value in HashMap iterators
-        https://bugs.webkit.org/show_bug.cgi?id=82784
-
-        Reviewed by Eric Seidel.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertyNames):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::contextData):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::EvalCodeCache::visitAggregate):
-        (JSC::CodeBlock::nameForRegister):
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::offsetForValue):
-        (JSC::StringJumpTable::ctiForValue):
-        * bytecode/LazyOperandValueProfile.cpp:
-        (JSC::LazyOperandValueProfileParser::getIfPresent):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * debugger/Debugger.cpp:
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGAssemblyHelpers.cpp:
-        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
-        * dfg/DFGByteCodeCache.h:
-        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::get):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell):
-        * heap/JITStubRoutineSet.cpp:
-        (JSC::JITStubRoutineSet::markSlow):
-        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::internalAppend):
-        * heap/Weak.h:
-        (JSC::weakRemove):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::ctiStub):
-        * parser/Parser.cpp:
-        (JSC::::parseStrictObjectLiteral):
-        * profiler/Profile.cpp:
-        (JSC::functionNameCountPairComparator):
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        * runtime/JSArray.cpp:
-        (JSC::SparseArrayValueMap::put):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayValueMap::visitChildren):
-        (JSC::JSArray::enterDictionaryMode):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::putDirectIndexBeyondVectorLength):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::getOwnPropertyNames):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::invalidateCode):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::clear):
-        (JSC::WeakGCMap::set):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::sampleChild):
-        (JSC::ProfileTreeNode::childCount):
-        (JSC::ProfileTreeNode::dumpInternal):
-        (JSC::ProfileTreeNode::compareEntries):
-
-2012-08-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure check hoisting should abstain if the OSR entry's must-handle value for the respective variable has a different structure
-        https://bugs.webkit.org/show_bug.cgi?id=95141
-        <rdar://problem/12170401>
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove use of ClassInfo from SpeculativeJIT::compileGetByValOnArguments
-        https://bugs.webkit.org/show_bug.cgi?id=95131
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): We don't need this speculation check. We can replace it 
-        with an assert to guarantee this.
-
-2012-08-27  Oliver Hunt  <oliver@apple.com>
-
-        Remove opcode definition autogen for now
-        https://bugs.webkit.org/show_bug.cgi?id=95148
-
-        Reviewed by Mark Hahnenberg.
-
-        This isn't worth doing at the moment.
-
-        * DerivedSources.make:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/OpcodeDefinitions.h: Removed.
-        * bytecode/opcodes: Removed.
-        * opcode_definition_generator.py: Removed.
-        * opcode_generator.py: Removed.
-        * opcode_parser.py: Removed.
-
-2012-08-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove uses of TypedArray ClassInfo from SpeculativeJIT::checkArgumentTypes
-        https://bugs.webkit.org/show_bug.cgi?id=95112
-
-        Reviewed by Filip Pizlo.
-
-        Removing these checks since we no longer need them.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-
-2012-08-27  Benjamin Poulain  <benjamin@webkit.org>
-
-        Add ECMAScript Number to String conversion to WTF::String
-        https://bugs.webkit.org/show_bug.cgi?id=95016
-
-        Reviewed by Geoffrey Garen.
-
-        Rename UString::number(double) to UString::numberToStringECMAScript(double) to
-        differenciate it from the fixed-width conversion performed by String::number().
-
-        * parser/ParserArena.h:
-        (JSC::IdentifierArena::makeNumericIdentifier):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/NumberPrototype.cpp:
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        (JSC::numberProtoFuncToString):
-        * runtime/NumericStrings.h:
-        (JSC::NumericStrings::add):
-        * runtime/UString.cpp:
-        (JSC::UString::numberToStringECMAScript):
-        * runtime/UString.h:
-        (UString):
-
-2012-08-27  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
-
-        Rename RegisterProtocolHandler API to NavigatorContentUtils
-        https://bugs.webkit.org/show_bug.cgi?id=94920
-
-        Reviewed by Adam Barth.
-
-        ENABLE_REGISTER_PROTOCOL_HANDLER is renamed to ENABLE_NAVIGATOR_CONTENT_UTILS.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-08-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix for builds without VALUE_PROFILING. I had forgotten that shouldEmitProfiling()
-        is designed to return true if DFG_JIT is disabled. I should be using canBeOptimized() instead.
-
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-
-2012-08-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Don't allocate space for arguments and call frame if arguments aren't captured
-        https://bugs.webkit.org/show_bug.cgi?id=95024
-
-        Reviewed by Phil Pizlo.
-
-        27% on v8-real-earley.
-
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::registerOffset): The offset is zero if we're skipping
-        the arguments and call frame because "offset" means space reserved for
-        those things.
-
-        (JSC::JSActivation::tearOff): Don't copy the scope chain and callee. We
-        don't need them for anything, and we're no longer guaranteed to have
-        space for them.
-
-2012-08-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed the NULL checks from visitChildren functions
-        https://bugs.webkit.org/show_bug.cgi?id=95021
-
-        Reviewed by Oliver Hunt.
-
-        As of http://trac.webkit.org/changeset/126624, all values are NULL-checked
-        during GC, so explicit NULL checks aren't needed anymore.
-
-2011-08-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed a JSC-specific hack from the web inspector
-        https://bugs.webkit.org/show_bug.cgi?id=95033
-
-        Reviewed by Filip Pizlo.
-
-        Added support for what the web inspector really wanted instead.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut): Added some explanation for these
-        checks, which were non-obvious to me.
-
-        (JSC::JSActivation::getOwnPropertySlot): It's impossible to access the
-        arguments property of an activation after it's been torn off, since the
-        only way to tear off an activation is to instantiate a new function,
-        which has its own arguments property in scope. However, the inspector
-        get special access to activations, and may try to perform this access,
-        so we need a special guard to maintain coherence and avoid crashing in
-        case the activation optimized out the arguments property.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::getOwnPropertyDescriptor): Provide getOwnPropertyNames
-        and getOwnPropertyDescriptor implementations, to meet the web inspector's
-        needs. (User code can never call these.)
-
-2012-08-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Finally inlining should correctly track the catch context
-        https://bugs.webkit.org/show_bug.cgi?id=94986
-        <rdar://problem/11753784>
-
-        Reviewed by Sam Weinig.
-
-        This fixes two behaviors:
-        
-        1) Throwing from a finally block. Previously, we would seem to reenter the finally
-           block - though only once.
-        
-        2) Executing a finally block from some nested context, for example due to a
-           'continue', 'break', or 'return' in the try. This would execute the finally
-           block in the context of of the try block, which could lead to either scope depth
-           mismatches or reexecutions of the finally block on throw, similarly to (1) but
-           for different reasons.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC):
-        (JSC::BytecodeGenerator::pushFinallyContext):
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-        (JSC::BytecodeGenerator::pushTry):
-        (JSC::BytecodeGenerator::popTryAndEmitCatch):
-        * bytecompiler/BytecodeGenerator.h:
-        (FinallyContext):
-        (TryData):
-        (JSC):
-        (TryContext):
-        (TryRange):
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::TryNode::emitBytecode):
-
-2012-08-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Array type checks and storage accesses should be uniformly represented and available to CSE
-        https://bugs.webkit.org/show_bug.cgi?id=95013
-
-        Reviewed by Oliver Hunt.
-
-        This uniformly breaks up all array accesses into up to three parts:
-        
-        1) The type check, using a newly introduced CheckArray node, in addition to possibly
-           a CheckStructure node. We were already inserting the CheckStructure prior to this
-           patch. The CheckArray node will be automatically eliminated if the thing it was
-           checking for had already been checked for, either intentionally (a CheckStructure
-           inserted based on the array profile of this access) or accidentally (some checks,
-           typically a CheckStructure, inserted for some unrelated operations). The
-           CheckArray node may not be inserted if the array type is non-specific (Generic or
-           ForceExit).
-        
-        2) The storage load using GetIndexedPropertyStorage. Previously, this only worked for
-           GetByVal. Now it works for all array accesses. The storage load may not be
-           inserted if the mode of array access does not permit CSE of storage loads (like
-           non-specific modes or Arguments).
-        
-        3) The access itself: one of GetByVal, PutByVal, PutByValAlias, ArrayPush, ArrayPop,
-           GetArrayLength, StringCharAt, or StringCharCodeAt.
-        
-        This means that the type check can be subjected to CSE even if the CFA isn't smart
-        enough to reason about it (yet!). It also means that the storage load can always be
-        subjected to CSE; previously CSE on storage load only worked for array loads and not
-        other forms of access. Finally, it removes the bizarre behavior that
-        GetIndexedPropertyStorage previously had: previously, it was responsible for the type
-        check in some cases, but not others; this made reasoning about the CFA really
-        confusing.
-        
-        This change also disables late refinement of array mode, since I decided that
-        supporting that feature is both confusing and likely unprofitable. The array modes are
-        now locked in in the first fixup run after prediction propagation. Of course,
-        refinements from Generic to something else would not have been a problem; we could
-        reenable those if we thought we really needed to.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromStructure):
-        (DFG):
-        (JSC::DFG::refineArrayMode):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (JSC::DFG::modeIsJSArray):
-        (JSC::DFG::lengthNeedsStorage):
-        (JSC::DFG::modeIsSpecific):
-        (JSC::DFG::modeSupportsLength):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getArrayMode):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::CSEPhase):
-        (JSC::DFG::CSEPhase::checkStructureElimination):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::checkArrayElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::performCSE):
-        * dfg/DFGCSEPhase.h:
-        (DFG):
-        * dfg/DFGCommon.h:
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::Graph):
-        (DFG):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::collectGarbage):
-        * dfg/DFGGraph.h:
-        (Graph):
-        (JSC::DFG::Graph::vote):
-        (JSC::DFG::Graph::substitute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasArrayMode):
-        (JSC::DFG::Node::setArrayMode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGPhase.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::useChildren):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGGraph.h has a bogus comment about the nature of StorageAccessData
-        https://bugs.webkit.org/show_bug.cgi?id=95035
-
-        Reviewed by Oliver Hunt.
-
-        The comment is both wrong (storage access instructions don't reference CheckStructure)
-        and highly redundant: of course it's the case that two structures may have the same
-        identifier. Our interference analyses currently don't care about this and make the
-        conservative assumptions when necessary (same identifier, same object -> must be same
-        property; same identifier, may be same object -> may be the same property). Better to
-        remove the bogus comment since the code that operates over this data structure is
-        fairly self-explanatory already.
-
-        * dfg/DFGGraph.h:
-        (StorageAccessData):
-
-2012-08-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Try a little harder to fix the Linux build.
-
-        * runtime/JSActivation.cpp:
-        * runtime/JSActivation.h:
-
-2012-08-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Linux build.
-
-        * runtime/JSActivation.cpp:
-
-2012-08-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Don't use malloc / destructors for activation objects
-        https://bugs.webkit.org/show_bug.cgi?id=94897
-
-        Reviewed by Oliver Hunt.
-
-        65% faster on v8-real-earley.
-
-        Lots of boilerplate here, but the jist is this:
-
-        (1) Use CopiedSpace instead of malloc to allocate the activation's
-        backing store.
-
-        (2) Use MarkedSpace instead of ref-counting to allocate the symbol table.
-
-        (3) ==> No more destructor.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::symbolTable):
-        (CodeBlock):
-        (JSC::GlobalCodeBlock::GlobalCodeBlock):
-        (JSC::FunctionCodeBlock::FunctionCodeBlock):
-        (FunctionCodeBlock): SymbolTable is a GC object now, so it gets a write
-        barrier and visit calls instead of ref-counting. I changed all CodeBlocks
-        to use shared symbol tables because the distinction between shared and
-        unshared hurt my head.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        (JSC::BytecodeGenerator::emitPutStaticVar):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Sometimes, a period just wants
-        to be an arrow. And then C++ is there to accommodate.
-
-        * jit/JITDriver.h:
-        (JSC::jitCompileFunctionIfAppropriate):
-        * runtime/Arguments.h:
-        (ArgumentsData):
-        (JSC::Arguments::setRegisters):
-        (Arguments):
-        (JSC::Arguments::argument):
-        (JSC::Arguments::finishCreation):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::visitChildren):
-        * runtime/Executable.h:
-        (JSC::FunctionExecutable::symbolTable):
-        (FunctionExecutable):
-        * runtime/ExecutionHarness.h:
-        (JSC::prepareFunctionForExecution): I changed from WriteBarrier to
-        WriteBarrierBase so activations could reuse StorageBarrier and PropertyStorage.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::finishCreation): Allocate the symbol table here,
-        after we're fully constructed, to avoid GC during initialization.
-
-        (JSC::JSActivation::visitChildren):
-        (JSC::JSActivation::symbolTableGet):
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::getOwnPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::create):
-        (JSActivation):
-        (JSC::JSActivation::registerOffset):
-        (JSC):
-        (JSC::JSActivation::registerArraySize):
-        (JSC::JSActivation::registerArraySizeInBytes):
-        (JSC::JSActivation::tearOff): Tear-off zero-initializes all uncopied
-        registers. This makes it safe to copyAndAppend the full buffer in
-        visitChildren, without any extra checks.
-
-        * runtime/JSCell.h:
-        (JSCell): Moved a shared default set of flags into this base class, so
-        I could use it in a few places.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData): New structure for symbol tables.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::symbolTableHasProperty): We don't need an inline
-        symbol table -- JSSymbolTableObject will GC allocate one for us.
-
-        * runtime/JSObject.h:
-        (JSObject):
-        * runtime/JSSegmentedVariableObject.h:
-        (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC):
-        (JSC::JSStaticScopeObject::visitChildren): NULL check our register store
-        because finishCreation allocates an object now, so we may get marked
-        before we've assigned to our register store.
-
-        * runtime/JSStaticScopeObject.h:
-        (JSC::JSStaticScopeObject::finishCreation):
-        (JSC::JSStaticScopeObject::JSStaticScopeObject):
-        (JSStaticScopeObject): No more destructor for this object, either, since
-        it no longer embeds a hash table.
-
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::visitChildren):
-        (JSC::JSSymbolTableObject::deleteProperty):
-        (JSC::JSSymbolTableObject::getOwnPropertyNames):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::JSSymbolTableObject::symbolTable):
-        (JSSymbolTableObject):
-        (JSC::JSSymbolTableObject::JSSymbolTableObject):
-        (JSC::JSSymbolTableObject::finishCreation):
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes): SymbolTableObject allocates a symbol
-        table automatically if one isn't provided. (Activations provide their
-        own, which they get from compiled code.)
-
-        * runtime/JSVariableObject.cpp:
-        (JSC):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::registerAt):
-        (JSC::JSVariableObject::addressOfRegisters):
-        (JSVariableObject):
-        (JSC::JSVariableObject::JSVariableObject):
-        (JSC::JSVariableObject::finishCreation): Removed a bunch of obsolete code.
-        Activations manage their registers directly now.
-
-        * runtime/StorageBarrier.h:
-        (StorageBarrier):
-        (JSC::StorageBarrier::operator!):
-
-        * runtime/SymbolTable.cpp:
-        (JSC):
-        (JSC::SharedSymbolTable::destroy):
-        * runtime/SymbolTable.h:
-        (JSC::SharedSymbolTable::create):
-        (SharedSymbolTable):
-        (JSC::SharedSymbolTable::createStructure):
-        (JSC::SharedSymbolTable::SharedSymbolTable): Boilerplat code to
-        make shared symbol table GC-allocated.
-
-2012-08-25  Filip Pizlo  <fpizlo@apple.com>
-
-        op_call should have ArrayProfiling for the benefit of array intrinsics
-        https://bugs.webkit.org/show_bug.cgi?id=95014
-
-        Reviewed by Sam Weinig.
-
-        This is a performance-neutral change that just adds the profiling but does not
-        use it, yet. If in the future we wanted to make this kind of profiling cheaper
-        we could move it into specialized thunks for the relevant array intrinsics, but
-        I figure that if this much simpler change gives us what we need without any
-        discernable performance penalty then that's for the best.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-08-25  Filip Pizlo  <fpizlo@apple.com>
-
-        The redundant phi elimination phase is not used and should be removed
-        https://bugs.webkit.org/show_bug.cgi?id=95006
-
-        Reviewed by Dan Bernstein.
-
-        Just removing dead code.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGDriver.cpp:
-        * dfg/DFGRedundantPhiEliminationPhase.cpp: Removed.
-        * dfg/DFGRedundantPhiEliminationPhase.h: Removed.
-
-2012-08-24  Benjamin Poulain  <bpoulain@apple.com>
-
-        Unify Number to StringImpl conversion
-        https://bugs.webkit.org/show_bug.cgi?id=94879
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/UString.cpp:
-        * runtime/UString.h:
-        (JSC::UString::number):
-        Update UString to directly use the common NumberToString implementation.
-
-2012-08-24  Oliver Hunt  <oliver@apple.com>
-
-        Always null check cells before marking
-        https://bugs.webkit.org/show_bug.cgi?id=94968
-
-        Reviewed by Geoffrey Garen.
-
-        Originally we tried to minimise null checks by only null checking values
-        that we knew could be null, however given that we can't ever guarantee
-        when a GC will happen, we're better off just always assuming that a null
-        check will be necessary.  This results in a much less fragile code base
-        as we can add GC allocations to object initialisers without having to
-        subsequently worry about whether the object we are initialising will need
-        to add a bunch of null checks in its visitChildren implementation.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::internalAppend):
-        * heap/MarkStackInlineMethods.h:
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::appendUnbarrieredPointer):
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend):
-
-2012-08-23  Oliver Hunt  <oliver@apple.com>
-
-        Autogenerate Opcode definitions
-        https://bugs.webkit.org/show_bug.cgi?id=94840
-
-        Reviewed by Gavin Barraclough.
-
-        Start the process of autogenerating the code emission for the bytecode.
-        We'll just start with automatic generation of the list of Opcodes as that
-        requires the actual definition of the opcodes, and the logic for parsing
-        them.
-
-        Due to some rather annoying dependency cycles, this initial version has
-        the OpcodeDefinitions.h file checked into the tree, although with some
-        work I hope to be able to fix that.
-
-        * DerivedSources.make:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Opcode.h:
-          Include OpcodeDefinitions.h as our definitive source of info
-          about the opcodes.
-        * bytecode/OpcodeDefinitions.h: Added.
-          Autogenerated file
-        * bytecode/opcodes: Added.
-          The new opcode definition file
-        * opcode_definition_generator.py: Added.
-        (generateOpcodeDefinition):
-        (generate):
-          Module that generates the content for OpcodeDefinitions.h
-        * opcode_generator.py: Added.
-        (printUsage):
-        (main):
-          Driver script
-        * opcode_parser.py: Added.
-          Simple parser for the opcode definitions.
-
-2011-08-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed, rolling out r126505.
-        http://trac.webkit.org/changeset/126505
-        https://bugs.webkit.org/show_bug.cgi?id=94840
-
-        Caused testapi to crash on launch
-
-        * DerivedSources.make:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/OpcodeDefinitions.h: Removed.
-        * bytecode/opcodes: Removed.
-        * opcode_definition_generator.py: Removed.
-        * opcode_generator.py: Removed.
-        * opcode_parser.py: Removed.
-
-2012-08-23  Oliver Hunt  <oliver@apple.com>
-
-        Autogenerate Opcode definitions
-        https://bugs.webkit.org/show_bug.cgi?id=94840
-
-        Reviewed by Gavin Barraclough.
-
-        Start the process of autogenerating the code emission for the bytecode.
-        We'll just start with automatic generation of the list of Opcodes as that
-        requires the actual definition of the opcodes, and the logic for parsing
-        them.
-
-        Due to some rather annoying dependency cycles, this initial version has
-        the OpcodeDefinitions.h file checked into the tree, although with some
-        work I hope to be able to fix that.
-
-        * DerivedSources.make:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Opcode.h:
-          Include OpcodeDefinitions.h as our definitive source of info
-          about the opcodes.
-        * bytecode/OpcodeDefinitions.h: Added.
-          Autogenerated file
-        * bytecode/opcodes: Added.
-          The new opcode definition file
-        * opcode_definition_generator.py: Added.
-        (generateOpcodeDefinition):
-        (generate):
-          Module that generates the content for OpcodeDefinitions.h
-        * opcode_generator.py: Added.
-        (printUsage):
-        (main):
-          Driver script
-        * opcode_parser.py: Added.
-          Simple parser for the opcode definitions.
-
-2012-08-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Change behavior of MasqueradesAsUndefined to better accommodate DFG changes
-        https://bugs.webkit.org/show_bug.cgi?id=93884
-
-        Reviewed by Filip Pizlo.
-
-        With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of  
-        MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines,  
-        we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined  
-        objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject).  
-        For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not  
-        masquerade as undefined within frame B, but it will continue to masquerade in frame A. 
-
-        There are two primary changes that are taking place here. One is to thread the ExecState* through  
-        JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's  
-        JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two  
-        are distinct, then the object cannot MasqueradeAsUndefined. 
-
-        The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined 
-        flag in the Structure is checked. For C++ code, this check has been factored into its own function in  
-        Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has  
-        had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed  
-        through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers 
-        that are MasqueradesAsUndefined.
-
-        * API/JSValueRef.cpp:
-        (JSValueToBoolean):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/Watchpoint.h:
-        (WatchpointSet):
-        * debugger/DebuggerCallFrame.h:
-        (JSC::DebuggerCallFrame::callFrame):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncSome):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
-        * runtime/JSString.h:
-        (JSC::JSCell::toBoolean):
-        (JSC::JSValue::toBoolean):
-        * runtime/JSValue.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::toPropertyDescriptor):
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        * runtime/Operations.h:
-        (JSC):
-        (JSC::JSValue::equalSlowCaseInline):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorMultiline):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::globalObjectOffset):
-        (JSC::Structure::masqueradesAsUndefined):
-        (JSC):
-
-2012-08-23  Mark Rowe  <mrowe@apple.com>
-
-        Make JavaScriptCore build with the latest version of clang.
-
-        Reviewed by Dan Bernstein.
-
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::MachineThreads): The m_heap member is only used within
-        assertions, so guard its initialization with !ASSERT_DISABLED.
-        * heap/MachineStackMarker.h:
-        (MachineThreads): Ditto for its declaration.
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::JITStubCall): The m_returnType member is only used within
-        assertions or if we're using JSVALUE32_64, so guard its uses with the appropriate
-        #if.
-        (JITStubCall): Ditto.
-
-2012-08-23  Christophe Dumez  <christophe.dumez@intel.com>
-
-        Serialization of JavaScript values does not appear to respect new HTML5 Structured Clone semantics
-        https://bugs.webkit.org/show_bug.cgi?id=65292
-
-        Reviewed by Oliver Hunt.
-
-        Add function to construct a StringObject from a JSValue.
-        Similar functions already exist for NumberObject and
-        BooleanObject for example.
-
-        Export several symbols so address linking errors in
-        WebCore.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * runtime/BooleanObject.h:
-        (BooleanObject):
-        * runtime/NumberObject.h:
-        (NumberObject):
-        (JSC):
-        * runtime/StringObject.cpp:
-        (JSC::constructString):
-        (JSC):
-        * runtime/StringObject.h:
-        (JSC):
-
-2012-08-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Array accesses should remember what kind of array they are predicted to access
-        https://bugs.webkit.org/show_bug.cgi?id=94448
-
-        Reviewed by Gavin Barraclough.
-
-        Introduced the notion of DFG::Array::Mode, stored in node.arrayMode(), which allows nodes
-        to remember how they decided to access arrays. This permits the bytecode parser to "lock in"
-        the mode of access if it has profiling at its disposal, and it also allows the prediction
-        propagator to do a fixup of the array mode later in the optimization fixpoint.
-        
-        This patch adds a healthy amount of new capability (specifically the ability of the parser
-        to lock in an array mode regardless of type predictions) and it also blows away a lot of
-        messy code.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGArrayMode.cpp: Added.
-        (DFG):
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::refineArrayMode):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h: Added.
-        (DFG):
-        (JSC::DFG::canCSEStorage):
-        (JSC::DFG::modeForPut):
-        (JSC::DFG::modesCompatibleForStorageLoad):
-        (JSC::DFG::modeSupportsLength):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getArrayModeWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::getArrayMode):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        (JSC::DFG::Graph::clobbersWorld):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasArrayMode):
-        (Node):
-        (JSC::DFG::Node::arrayMode):
-        (JSC::DFG::Node::setArrayMode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::speculateArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-22  Geoffrey Garen  <ggaren@apple.com>
-
-        ThreadRestrictionVerifier should be opt-in, not opt-out
-        https://bugs.webkit.org/show_bug.cgi?id=94761
-
-        Reviewed by Mark Hahnenberg.
-
-        Removed explicit calls to disable the verifier, since it's off by default now.
-
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::SourceProvider):
-        (SourceProvider):
-        * runtime/SymbolTable.h:
-        (JSC::SharedSymbolTable::SharedSymbolTable):
-
-2012-08-22  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Separate MarkStackThreadSharedData from MarkStack
-        https://bugs.webkit.org/show_bug.cgi?id=94294
-
-        Reviewed by Filip Pizlo.
-
-        MarkStackThreadSharedData is soon going to have data to allow for a parallel copying 
-        mode too, so to separate our concerns we should split it out into its own set of files 
-        and rename it to GCThreadSharedData. For now this is purely a cosmetic refactoring.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/GCThreadSharedData.cpp: Added.
-        (JSC):
-        (JSC::GCThreadSharedData::resetChildren):
-        (JSC::GCThreadSharedData::childVisitCount):
-        (JSC::GCThreadSharedData::markingThreadMain):
-        (JSC::GCThreadSharedData::markingThreadStartFunc):
-        (JSC::GCThreadSharedData::GCThreadSharedData):
-        (JSC::GCThreadSharedData::~GCThreadSharedData):
-        (JSC::GCThreadSharedData::reset):
-        * heap/GCThreadSharedData.h: Added.
-        (JSC):
-        (GCThreadSharedData):
-        * heap/Heap.h:
-        (Heap):
-        * heap/ListableHandler.h:
-        (ListableHandler):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStack::MarkStack):
-        (JSC::MarkStack::~MarkStack):
-        * heap/MarkStack.h:
-        (JSC):
-        (MarkStack):
-        (JSC::MarkStack::sharedData):
-        * heap/MarkStackInlineMethods.h: Added.
-        (JSC):
-        (JSC::MarkStack::append):
-        (JSC::MarkStack::appendUnbarrieredPointer):
-        (JSC::MarkStack::appendUnbarrieredValue):
-        (JSC::MarkStack::internalAppend):
-        (JSC::MarkStack::addWeakReferenceHarvester):
-        (JSC::MarkStack::addUnconditionalFinalizer):
-        (JSC::MarkStack::addOpaqueRoot):
-        (JSC::MarkStack::containsOpaqueRoot):
-        (JSC::MarkStack::opaqueRootCount):
-        * heap/SlotVisitor.h:
-        (JSC):
-        (SlotVisitor):
-        (JSC::SlotVisitor::SlotVisitor):
-
-2012-08-22  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        Fix JSC build when DFG-JIT is disabled
-        https://bugs.webkit.org/show_bug.cgi?id=94694
-
-        Reviewed by Csaba Osztrogonác.
-
-        Adding an appropriate guard for fixing the build.
-
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC):
-
-2012-08-21  Mark Lam  <mark.lam@apple.com>
-
-        Introducing the VMInspector for VM debugging use.
-        https://bugs.webkit.org/show_bug.cgi?id=94613.
-
-        Reviewed by Filip Pizlo.
-
-        Adding some utility functions for debugging the VM. This code is
-        presently #ifdef'd out by default.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/CallFrame.h:
-        (ExecState):
-        * interpreter/VMInspector.cpp: Added.
-        (JSC):
-        (JSC::VMInspector::getTypeName):
-        (JSC::VMInspector::dumpFrame0):
-        (JSC::VMInspector::dumpFrame):
-        (JSC::VMInspector::countFrames):
-        * interpreter/VMInspector.h: Added.
-        (JSC):
-        (VMInspector):
-
-2012-08-21  Filip Pizlo  <fpizlo@apple.com>
-
-        A patchable GetById right after a watchpoint should have the appropriate nop padding
-        https://bugs.webkit.org/show_bug.cgi?id=94635
-
-        Reviewed by Mark Hahnenberg.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::padBeforePatch):
-        (AbstractMacroAssembler):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARMv7::moveWithPatch):
-        (JSC::MacroAssemblerARMv7::patchableJump):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::moveWithPatch):
-        (JSC::MacroAssemblerX86::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86::storePtrWithPatch):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86Common::load32WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86Common::store32WithAddressOffsetPatch):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::moveWithPatch):
-        * jit/JumpReplacementWatchpoint.cpp:
-        (JSC::JumpReplacementWatchpoint::fireInternal):
-
-2012-08-20  Mark Lam  <mark.lam@apple.com>
-
-        Fix broken non-JIT build.
-        https://bugs.webkit.org/show_bug.cgi?id=94564.
-
-        Reviewed by Filip Pizlo.
-
-        Added some UNUSED_PARAM() macros to make the compiler happy.
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2012-08-20  Mark Lam  <mark.lam@apple.com>
-
-        Fixed erroneous line number for LLint frame when throwing exceptions.
-        https://bugs.webkit.org/show_bug.cgi?id=94051.
-
-        Reviewed by Filip Pizlo.
-
-        For LLInt frames, before throwing an exception, adjust the PC from the
-        return PC back to the call PC if we are indeed at a call site.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::adjustPCIfAtCallSite):
-        (JSC):
-        (JSC::CodeBlock::bytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * llint/LLIntExceptions.cpp:
-        (JSC::LLInt::fixupPCforExceptionIfNeeded):
-        (LLInt):
-        (JSC::LLInt::interpreterThrowInCaller):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-
-2012-08-20  Filip Pizlo  <fpizlo@apple.com>
-
-        fast/js/dfg-peephole-compare-final-object-to-final-object-or-other-when-both-proven-final-object.html on 32-bit
-        https://bugs.webkit.org/show_bug.cgi?id=94538
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-
-2012-08-20  Filip Pizlo  <fpizlo@apple.com>
-
-        fast/js/dfg-compare-final-object-to-final-object-or-other-when-both-proven-final-object.html crashes on 32-bit
-        https://bugs.webkit.org/show_bug.cgi?id=94026
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-
-2012-08-19  Filip Pizlo  <fpizlo@apple.com>
-
-        The relationship between abstract values and structure transition watchpoints should be rationalized
-        https://bugs.webkit.org/show_bug.cgi?id=94205
-
-        Reviewed by Geoffrey Garen.
-
-        This patch does a number of things related to the handling of the abstract values
-        arrising from values with structures known to be watchpointable:
-        
-        - This rationalizes the relationship between the structure that we know an object
-          to have *right now* based on having executed a check against that structure, and
-          the structure that we know the object could have *in the future* based on a type
-          check executed in the past over a structure that was watchpointable.
-        
-        - We use the above to assert that structure transition watchpoints are being used
-          soundly.
-        
-        - We use the above to strength reduce CheckStructure into StructureTransitionWatchpoint
-          whenever possible.
-        
-        - This rationalizes the handling of CFA over constants that appeared in the bytecode.
-          If at compile-time the constant has a watchpointable structure, then we can prove
-          what structures it may have in the future. The analysis uses this to both assert
-          that structure transition watchpoints are being used correctly, and to find
-          opportunities for using them more aggressively.
-        
-        The net effect of all of these changes is that OSR entry should work more smoothly.
-        It may also be a slight win due to strength reductions, though most of those strength
-        reductions would have already been done by the parser and the structure check hoister.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractValue.h:
-        (DFG):
-        (JSC::DFG::AbstractValue::clear):
-        (JSC::DFG::AbstractValue::isClear):
-        (JSC::DFG::AbstractValue::makeTop):
-        (JSC::DFG::AbstractValue::clobberStructures):
-        (JSC::DFG::AbstractValue::isTop):
-        (JSC::DFG::AbstractValue::setFuturePossibleStructure):
-        (AbstractValue):
-        (JSC::DFG::AbstractValue::filterFuturePossibleStructure):
-        (JSC::DFG::AbstractValue::setMostSpecific):
-        (JSC::DFG::AbstractValue::set):
-        (JSC::DFG::AbstractValue::operator==):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::filterValueByType):
-        (JSC::DFG::AbstractValue::validateType):
-        (JSC::DFG::AbstractValue::validate):
-        (JSC::DFG::AbstractValue::checkConsistency):
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
-        (Node):
-        (JSC::DFG::Node::hasStructure):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationWatchpoint):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpointWithConditionalDirection):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::speculateArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureAbstractValue.h: Added.
-        (DFG):
-        (StructureAbstractValue):
-        (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
-        (JSC::DFG::StructureAbstractValue::clear):
-        (JSC::DFG::StructureAbstractValue::makeTop):
-        (JSC::DFG::StructureAbstractValue::top):
-        (JSC::DFG::StructureAbstractValue::add):
-        (JSC::DFG::StructureAbstractValue::addAll):
-        (JSC::DFG::StructureAbstractValue::contains):
-        (JSC::DFG::StructureAbstractValue::isSubsetOf):
-        (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
-        (JSC::DFG::StructureAbstractValue::isSupersetOf):
-        (JSC::DFG::StructureAbstractValue::filter):
-        (JSC::DFG::StructureAbstractValue::isClear):
-        (JSC::DFG::StructureAbstractValue::isTop):
-        (JSC::DFG::StructureAbstractValue::isClearOrTop):
-        (JSC::DFG::StructureAbstractValue::isNeitherClearNorTop):
-        (JSC::DFG::StructureAbstractValue::size):
-        (JSC::DFG::StructureAbstractValue::at):
-        (JSC::DFG::StructureAbstractValue::operator[]):
-        (JSC::DFG::StructureAbstractValue::last):
-        (JSC::DFG::StructureAbstractValue::speculationFromStructures):
-        (JSC::DFG::StructureAbstractValue::hasSingleton):
-        (JSC::DFG::StructureAbstractValue::singleton):
-        (JSC::DFG::StructureAbstractValue::operator==):
-        (JSC::DFG::StructureAbstractValue::dump):
-        (JSC::DFG::StructureAbstractValue::topValue):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-17  Filip Pizlo  <fpizlo@apple.com>
-
-        The current state of the call frame should be taken into account in the DFG for both predictions and proofs
-        https://bugs.webkit.org/show_bug.cgi?id=94412
-
-        Reviewed by Geoffrey Garen.
-
-        This ensures that no matter how smart the DFG gets, it'll always know through
-        which entrypoint OSR will try to enter, and with which values it will attempt
-        to do so. For prologue OSR, this has no effect other than adding the current
-        arguments to the argument predictions. For loop OSR, this makes our treatment
-        of the loop slightly more conservative - just conservative enough to ensure
-        that OSR succeeds.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::ProgramCodeBlock::compileOptimized):
-        (JSC::EvalCodeBlock::compileOptimized):
-        (JSC::FunctionCodeBlock::compileOptimized):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (ProgramCodeBlock):
-        (EvalCodeBlock):
-        (FunctionCodeBlock):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::setMostSpecific):
-        (AbstractValue):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGDriver.h:
-        (DFG):
-        (JSC::DFG::tryCompile):
-        (JSC::DFG::tryCompileFunction):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::Graph):
-        (Graph):
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileOptimized):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileOptimized):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileOptimizedForCall):
-        (JSC::FunctionExecutable::compileOptimizedForConstruct):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        * runtime/Executable.h:
-        (EvalExecutable):
-        (ProgramExecutable):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::compileOptimizedFor):
-        * runtime/ExecutionHarness.h:
-        (JSC::prepareForExecution):
-        (JSC::prepareFunctionForExecution):
-
-2012-08-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE should be more honest about when it changed the IR
-        https://bugs.webkit.org/show_bug.cgi?id=94408
-
-        Reviewed by Geoffrey Garen.
-
-        The CSE phase now always returns true if it changed the IR.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-
-2012-08-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG is still too pessimistic about what constitutes a side-effect on array accesses
-        https://bugs.webkit.org/show_bug.cgi?id=94309
-
-        Reviewed by Geoffrey Garen.
-
-        This change means that even if structure transition watchpoints are not used for
-        hoisting of clobbered structure checks, we still retain good performance on the
-        benchmarks we care about. That's important, since butterflies will likely make
-        most array structures not watchpointable.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-17  Milian Wolff  <milian.wolff@kdab.com>
-
-        [Qt] QNX build fails due to ctype usage in system headers
-        https://bugs.webkit.org/show_bug.cgi?id=93849
-
-        Reviewed by Simon Hausmann.
-
-        Move the check for whether DisallowCType should be active or not
-        to the DisallowCType.h header. This way, we can update the list
-        of platforms or OSes which do not work with this header in a
-        central place. All users can now safely include the header
-        and do not need to place custom guards around it.
-
-        * config.h:
-
-2012-08-16  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Replace use of internal Weak smart pointer with JSWeakObjectMap
-        https://bugs.webkit.org/show_bug.cgi?id=93872
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * Target.pri: Add missing JSWeakObjectMap file to build.
-
-2012-08-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure check hoisting should be less expensive
-        https://bugs.webkit.org/show_bug.cgi?id=94201
-
-        Reviewed by Mark Hahnenberg.
-
-        This appears like a broad win on short-running programs.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::compareAndSwap):
-        (Graph):
-        (JSC::DFG::Graph::substitute):
-        (JSC::DFG::Graph::substituteGetLocal):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-16  Filip Pizlo  <fpizlo@apple.com>
-
-        All op_resolve_global instructions should end up in the list of global resolve instructions
-        https://bugs.webkit.org/show_bug.cgi?id=94247
-        <rdar://problem/12103500>
-
-        Reviewed by Mark Hahnenberg.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-
-2012-08-15  Bruno de Oliveira Abinader  <bruno.abinader@basyskom.com>
-
-        [css3-text] Add CSS3 Text decoration compile flag
-        https://bugs.webkit.org/show_bug.cgi?id=93863
-
-        Reviewed by Julien Chaffraix.
-
-        This patch handles the compile flag implementation, which will come disabled by
-        default, thus not exposing the CSS3 text decoration features to the web, unless
-        when explicitly enabling it with "--css3-text-decoration" build parameter.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-08-15  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r125687.
-        http://trac.webkit.org/changeset/125687
-        https://bugs.webkit.org/show_bug.cgi?id=94147
-
-        It broke the whole world (Requested by Ossy_night on #webkit).
-
-        * API/JSValueRef.cpp:
-        (JSValueToBoolean):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/Watchpoint.h:
-        (WatchpointSet):
-        * debugger/DebuggerCallFrame.h:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncSome):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        * runtime/JSString.h:
-        (JSC::JSCell::toBoolean):
-        (JSC::JSValue::toBoolean):
-        * runtime/JSValue.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::toPropertyDescriptor):
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        * runtime/Operations.h:
-        (JSC):
-        (JSC::JSValue::equalSlowCaseInline):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorMultiline):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-        * runtime/Structure.h:
-
-2012-08-15  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        Buildfix after r125541
-        https://bugs.webkit.org/show_bug.cgi?id=94097
-
-        Reviewed by Filip Pizlo.
-
-        r125541 has broken the traditional ARM port build of JSC.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::neg32):
-        (JSC::MacroAssemblerARM::xor32):
-
-2012-08-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Change behavior of MasqueradesAsUndefined to better accommodate DFG changes
-        https://bugs.webkit.org/show_bug.cgi?id=93884
-
-        Reviewed by Geoffrey Garen.
-
-        With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
-        MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
-        we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
-        objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
-        For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
-        masquerade as undefined within frame B, but it will continue to masquerade in frame A.
-
-        There are two primary changes that are taking place here. One is to thread the ExecState* through 
-        JSValue::toBoolean and JSCell::toBoolean so that JSCell::toBoolean can check the object's 
-        JSGlobalObject to compare it to the lexical JSGlobalObject of the currently running code. If the two 
-        are distinct, then the object cannot MasqueradeAsUndefined.
-
-        The other change is to perform this comparison of JSGlobalObjects everywhere where the MasqueradesAsUndefined
-        flag in the Structure is checked. For C++ code, this check has been factored into its own function in 
-        Structure::masqueradesAsUndefined. We only perform this check in the DFG if the current JSGlobalObject has 
-        had a MasqueradesAsUndefined object allocated within its context. This conditional compilation is managed 
-        through the use of a WatchpointSet in each JSGlobalObject and alternate create() functions for JS DOM wrappers
-        that are MasqueradesAsUndefined.
-
-        * API/JSValueRef.cpp:
-        (JSValueToBoolean):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/Watchpoint.h:
-        (WatchpointSet):
-        * debugger/DebuggerCallFrame.h:
-        (JSC::DebuggerCallFrame::callFrame):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncEvery):
-        (JSC::arrayProtoFuncSome):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::constructBoolean):
-        (JSC::callBooleanConstructor):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::masqueradesAsUndefinedWatchpoint):
-        * runtime/JSString.h:
-        (JSC::JSCell::toBoolean):
-        (JSC::JSValue::toBoolean):
-        * runtime/JSValue.h:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::toPropertyDescriptor):
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC::jsIsObjectType):
-        * runtime/Operations.h:
-        (JSC):
-        (JSC::JSValue::equalSlowCaseInline):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::setRegExpConstructorMultiline):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncToString):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::globalObjectOffset):
-        (JSC::Structure::masqueradesAsUndefined):
-        (JSC):
-
-2012-08-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix for !ENABLE(DFG_JIT)
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-08-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Array checks should use the structure, not the class info
-        https://bugs.webkit.org/show_bug.cgi?id=93150
-
-        Reviewed by Mark Hahnenberg.
-
-        This changes all array checks used in array accesses (get, put, get length,
-        push, pop) to use the structure, not the class info. Additionally, these
-        checks in the LLInt and baseline JIT record the structure in an ArrayProfile,
-        so that the DFG can know exactly what structure to check for.
-        
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/ArrayProfile.cpp: Added.
-        (JSC):
-        (JSC::ArrayProfile::computeUpdatedPrediction):
-        * bytecode/ArrayProfile.h: Added.
-        (JSC):
-        (JSC::arrayModeFromStructure):
-        (ArrayProfile):
-        (JSC::ArrayProfile::ArrayProfile):
-        (JSC::ArrayProfile::bytecodeOffset):
-        (JSC::ArrayProfile::addressOfLastSeenStructure):
-        (JSC::ArrayProfile::observeStructure):
-        (JSC::ArrayProfile::expectedStructure):
-        (JSC::ArrayProfile::structureIsPolymorphic):
-        (JSC::ArrayProfile::hasDefiniteStructure):
-        (JSC::ArrayProfile::observedArrayModes):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::getArrayProfile):
-        (JSC):
-        (JSC::CodeBlock::getOrAddArrayProfile):
-        (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::executionEntryCount):
-        (JSC::CodeBlock::numberOfArrayProfiles):
-        (JSC::CodeBlock::arrayProfiles):
-        (JSC::CodeBlock::addArrayProfile):
-        (CodeBlock):
-        * bytecode/Instruction.h:
-        (JSC):
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitGetArgumentByVal):
-        (JSC::BytecodeGenerator::emitGetByVal):
-        (JSC::BytecodeGenerator::emitPutByVal):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::StructureAbstractValue::hasSingleton):
-        (StructureAbstractValue):
-        (JSC::DFG::StructureAbstractValue::singleton):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculateArray):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * llint/LLIntOffsetsExtractor.cpp:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::classInfoOffset):
-
-2012-08-14  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        Rename functions in the ARM port of DFG-JIT for better code readability.
-        https://bugs.webkit.org/show_bug.cgi?id=93609
-
-        Reviewed by Zoltan Herczeg.
-
-        Rename functions in the ARM port of DFG-JIT for better code
-        readability, and for following the WebKit coding style
-        wherever it is possible.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::genInt):
-        (JSC::ARMAssembler::getImm):
-        (JSC::ARMAssembler::moveImm):
-        (JSC::ARMAssembler::encodeComplexImm):
-        (JSC::ARMAssembler::dataTransfer32):
-        (JSC::ARMAssembler::baseIndexTransfer32):
-        (JSC::ARMAssembler::dataTransfer16):
-        (JSC::ARMAssembler::baseIndexTransfer16):
-        (JSC::ARMAssembler::dataTransferFloat):
-        (JSC::ARMAssembler::baseIndexTransferFloat):
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::bitAnd):
-        (JSC::ARMAssembler::bitAnds):
-        (JSC::ARMAssembler::eor):
-        (JSC::ARMAssembler::eors):
-        (JSC::ARMAssembler::sub):
-        (JSC::ARMAssembler::subs):
-        (JSC::ARMAssembler::rsb):
-        (JSC::ARMAssembler::rsbs):
-        (JSC::ARMAssembler::add):
-        (JSC::ARMAssembler::adds):
-        (JSC::ARMAssembler::adc):
-        (JSC::ARMAssembler::adcs):
-        (JSC::ARMAssembler::sbc):
-        (JSC::ARMAssembler::sbcs):
-        (JSC::ARMAssembler::rsc):
-        (JSC::ARMAssembler::rscs):
-        (JSC::ARMAssembler::tst):
-        (JSC::ARMAssembler::teq):
-        (JSC::ARMAssembler::cmp):
-        (JSC::ARMAssembler::cmn):
-        (JSC::ARMAssembler::orr):
-        (JSC::ARMAssembler::orrs):
-        (JSC::ARMAssembler::mov):
-        (JSC::ARMAssembler::movw):
-        (JSC::ARMAssembler::movt):
-        (JSC::ARMAssembler::movs):
-        (JSC::ARMAssembler::bic):
-        (JSC::ARMAssembler::bics):
-        (JSC::ARMAssembler::mvn):
-        (JSC::ARMAssembler::mvns):
-        (JSC::ARMAssembler::mul):
-        (JSC::ARMAssembler::muls):
-        (JSC::ARMAssembler::mull):
-        (JSC::ARMAssembler::vmov_f64):
-        (JSC::ARMAssembler::vadd_f64):
-        (JSC::ARMAssembler::vdiv_f64):
-        (JSC::ARMAssembler::vsub_f64):
-        (JSC::ARMAssembler::vmul_f64):
-        (JSC::ARMAssembler::vcmp_f64):
-        (JSC::ARMAssembler::vsqrt_f64):
-        (JSC::ARMAssembler::vabs_f64):
-        (JSC::ARMAssembler::vneg_f64):
-        (JSC::ARMAssembler::ldrImmediate):
-        (JSC::ARMAssembler::ldrUniqueImmediate):
-        (JSC::ARMAssembler::dtrUp):
-        (JSC::ARMAssembler::dtrUpRegister):
-        (JSC::ARMAssembler::dtrDown):
-        (JSC::ARMAssembler::dtrDownRegister):
-        (JSC::ARMAssembler::halfDtrUp):
-        (JSC::ARMAssembler::halfDtrUpRegister):
-        (JSC::ARMAssembler::halfDtrDown):
-        (JSC::ARMAssembler::halfDtrDownRegister):
-        (JSC::ARMAssembler::doubleDtrUp):
-        (JSC::ARMAssembler::doubleDtrDown):
-        (JSC::ARMAssembler::push):
-        (JSC::ARMAssembler::pop):
-        (JSC::ARMAssembler::poke):
-        (JSC::ARMAssembler::peek):
-        (JSC::ARMAssembler::vmov_vfp64):
-        (JSC::ARMAssembler::vmov_arm64):
-        (JSC::ARMAssembler::vmov_vfp32):
-        (JSC::ARMAssembler::vmov_arm32):
-        (JSC::ARMAssembler::vcvt_f64_s32):
-        (JSC::ARMAssembler::vcvt_s32_f64):
-        (JSC::ARMAssembler::vcvt_u32_f64):
-        (JSC::ARMAssembler::vcvt_f64_f32):
-        (JSC::ARMAssembler::vcvt_f32_f64):
-        (JSC::ARMAssembler::clz):
-        (JSC::ARMAssembler::lslRegister):
-        (JSC::ARMAssembler::lsrRegister):
-        (JSC::ARMAssembler::asrRegister):
-        (JSC::ARMAssembler::align):
-        (JSC::ARMAssembler::loadBranchTarget):
-        (JSC::ARMAssembler::vmov):
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::add32):
-        (JSC::MacroAssemblerARM::and32):
-        (JSC::MacroAssemblerARM::lshift32):
-        (JSC::MacroAssemblerARM::mul32):
-        (JSC::MacroAssemblerARM::or32):
-        (JSC::MacroAssemblerARM::rshift32):
-        (JSC::MacroAssemblerARM::urshift32):
-        (JSC::MacroAssemblerARM::sub32):
-        (JSC::MacroAssemblerARM::xor32):
-        (JSC::MacroAssemblerARM::countLeadingZeros32):
-        (JSC::MacroAssemblerARM::convertibleLoadPtr):
-        (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM::store32):
-        (JSC::MacroAssemblerARM::pop):
-        (JSC::MacroAssemblerARM::push):
-        (JSC::MacroAssemblerARM::move):
-        (JSC::MacroAssemblerARM::swap):
-        (JSC::MacroAssemblerARM::branch32):
-        (JSC::MacroAssemblerARM::branchTest32):
-        (JSC::MacroAssemblerARM::mull32):
-        (JSC::MacroAssemblerARM::branchSub32):
-        (JSC::MacroAssemblerARM::compare32):
-        (JSC::MacroAssemblerARM::test32):
-        (JSC::MacroAssemblerARM::load32):
-        (JSC::MacroAssemblerARM::relativeTableJump):
-        (JSC::MacroAssemblerARM::moveWithPatch):
-        (JSC::MacroAssemblerARM::loadDouble):
-        (JSC::MacroAssemblerARM::moveDouble):
-        (JSC::MacroAssemblerARM::addDouble):
-        (JSC::MacroAssemblerARM::divDouble):
-        (JSC::MacroAssemblerARM::subDouble):
-        (JSC::MacroAssemblerARM::mulDouble):
-        (JSC::MacroAssemblerARM::sqrtDouble):
-        (JSC::MacroAssemblerARM::absDouble):
-        (JSC::MacroAssemblerARM::negateDouble):
-        (JSC::MacroAssemblerARM::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM::convertFloatToDouble):
-        (JSC::MacroAssemblerARM::convertDoubleToFloat):
-        (JSC::MacroAssemblerARM::branchDouble):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToUint32):
-        (JSC::MacroAssemblerARM::truncateDoubleToInt32):
-        (JSC::MacroAssemblerARM::truncateDoubleToUint32):
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARM::branchDoubleNonZero):
-        (JSC::MacroAssemblerARM::branchDoubleZeroOrNaN):
-
-2012-08-13  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        Unreviewed, rolling out r125444.
-        http://trac.webkit.org/changeset/125444
-        https://bugs.webkit.org/show_bug.cgi?id=93872
-
-        Broke some tests
-
-        * Target.pri:
-
-2012-08-13  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt] Replace use of internal Weak smart pointer with JSWeakObjectMap
-        https://bugs.webkit.org/show_bug.cgi?id=93872
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * Target.pri: Add missing JSWeakObjectMap file to build.
-
-2012-08-13  Raphael Kubo da Costa  <rakuco@webkit.org>
-
-        [CMake] Remove glib-related Find modules and write single new one instead.
-        https://bugs.webkit.org/show_bug.cgi?id=93786
-
-        Reviewed by Rob Buis.
-
-        * shell/PlatformEfl.cmake: Use GLIB_* instead of Glib_*.
-
-2012-08-12  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
-
-        Doesn't build with ENABLE_JIT=0
-        https://bugs.webkit.org/show_bug.cgi?id=85042
-
-        Reviewed by Eric Seidel.
-
-        Include headers without which CallFrame.h does not build, and
-        fix gcc warning about comparing unsigned int with 0.
-
-        * dfg/DFGDriver.cpp:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::isOpcode):
-
-2012-08-10  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] GCActivityCallback should always schedule GC even allocated bytes is a small number
-        https://bugs.webkit.org/show_bug.cgi?id=93650
-
-        Reviewed by Rob Buis.
-
-        Even a small number of allocated JS objects could hold expensive resources.
-
-        * runtime/GCActivityCallbackBlackBerry.cpp:
-        (JSC::DefaultGCActivityCallback::didAllocate):
-
-2012-08-09  Yong Li  <yoli@rim.com>
-
-        [QNX] Implement getCPUTime() for OS(QNX)
-        https://bugs.webkit.org/show_bug.cgi?id=93516
-
-        Reviewed by George Staikos.
-
-        Implement getCPUTime() with CLOCK_THREAD_CPUTIME_ID so it will tell
-        exactly how long the current thread has spent without being impacted
-        by other things.
-
-        * runtime/TimeoutChecker.cpp:
-        (JSC::getCPUTime):
-
-2012-08-08  Shane Stephens  <shanestephens@google.com>
-
-        Compile flag for CSS Hierarchies
-        https://bugs.webkit.org/show_bug.cgi?id=92433
-
-        Reviewed by Tony Chang.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-08-08  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use char* instead of LChar* for the public interface of String construction from literals
-        https://bugs.webkit.org/show_bug.cgi?id=93402
-
-        Reviewed by Michael Saboff.
-
-        Update JSC' Identifier to use StringImpl::createFromLiteral with a char*.
-
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierASCIIStringTranslator::translate):
-
-2012-08-08  Patrick Gansterer  <paroga@webkit.org>
-
-        Remove ce_time.(cpp|h) from list of source files
-        https://bugs.webkit.org/show_bug.cgi?id=93446
-
-        Reviewed by Simon Hausmann.
-
-        r125004 removed the last dependency on functions defined in ce_time.cpp.
-
-        * Target.pri:
-
-2012-08-08  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Use GetTimeZoneInformation() for getting the timezone name
-        https://bugs.webkit.org/show_bug.cgi?id=91936
-
-        Reviewed by Ryosuke Niwa.
-
-        The MS CRT implementation of strftime calls the same functions in the background.
-        Using them directly avoids the overhead of parsing the format string and removes
-        the dependency on strftime() for WinCE where this function does not exist.
-
-        * runtime/DateConversion.cpp:
-        (JSC::formatTime):
-
-2012-08-07  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        Refactor magic numbers in the ARM port of DFG-JIT
-        https://bugs.webkit.org/show_bug.cgi?id=93348
-
-        Reviewed by Eric Seidel.
-
-        Introduce new names for hard-coded magic numbers.
-        Refactor constant with confusing names to more descriptive ones.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::patchConstantPoolLoad):
-        (JSC::ARMAssembler::getOp2):
-        (JSC::ARMAssembler::genInt):
-        (JSC::ARMAssembler::getImm):
-        (JSC::ARMAssembler::moveImm):
-        (JSC::ARMAssembler::encodeComplexImm):
-        (JSC::ARMAssembler::dataTransfer32):
-        (JSC::ARMAssembler::dataTransfer16):
-        (JSC::ARMAssembler::dataTransferFloat):
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::emitInstruction):
-        (JSC::ARMAssembler::ands_r):
-        (JSC::ARMAssembler::eors_r):
-        (JSC::ARMAssembler::subs_r):
-        (JSC::ARMAssembler::rsbs_r):
-        (JSC::ARMAssembler::adds_r):
-        (JSC::ARMAssembler::adcs_r):
-        (JSC::ARMAssembler::sbcs_r):
-        (JSC::ARMAssembler::rscs_r):
-        (JSC::ARMAssembler::tst_r):
-        (JSC::ARMAssembler::teq_r):
-        (JSC::ARMAssembler::cmp_r):
-        (JSC::ARMAssembler::cmn_r):
-        (JSC::ARMAssembler::orrs_r):
-        (JSC::ARMAssembler::movs_r):
-        (JSC::ARMAssembler::bics_r):
-        (JSC::ARMAssembler::mvns_r):
-        (JSC::ARMAssembler::muls_r):
-        (JSC::ARMAssembler::ldr_imm):
-        (JSC::ARMAssembler::ldr_un_imm):
-        (JSC::ARMAssembler::dtr_u):
-        (JSC::ARMAssembler::dtr_ur):
-        (JSC::ARMAssembler::dtr_dr):
-        (JSC::ARMAssembler::dtrh_u):
-        (JSC::ARMAssembler::dtrh_ur):
-        (JSC::ARMAssembler::fdtr_u):
-        (JSC::ARMAssembler::push_r):
-        (JSC::ARMAssembler::pop_r):
-        (JSC::ARMAssembler::getLdrImmAddress):
-        (JSC::ARMAssembler::getLdrImmAddressOnPool):
-        (JSC::ARMAssembler::patchConstantPoolLoad):
-        (JSC::ARMAssembler::repatchCompact):
-        (JSC::ARMAssembler::replaceWithJump):
-        (JSC::ARMAssembler::replaceWithLoad):
-        (JSC::ARMAssembler::replaceWithAddressComputation):
-        (JSC::ARMAssembler::getOp2Byte):
-        (JSC::ARMAssembler::getOp2Half):
-        (JSC::ARMAssembler::getImm16Op2):
-        (JSC::ARMAssembler::placeConstantPoolBarrier):
-        (JSC::ARMAssembler::getConditionalField):
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::and32):
-        (JSC::MacroAssemblerARM::branch32):
-        (JSC::MacroAssemblerARM::branchTest32):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
-
-2012-08-07  Benjamin Poulain  <benjamin@webkit.org>
-
-        Use the initialization from literal for JSC's Identifiers
-        https://bugs.webkit.org/show_bug.cgi?id=93193
-
-        Reviewed by Geoffrey Garen.
-
-        This patches modify Identifier ot take advantage of the new initialization from literal.
-
-        In addition to the memory savings (~600bytes per instance), this gives us a 2% speed
-        improvement on CommonIdentifiers on average.
-
-        * runtime/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        Null and empty strings are forbidden for literal initialization. Use the most efficient constructors
-        instead of a literal.
-
-        * runtime/Identifier.cpp:
-        (IdentifierASCIIStringTranslator):
-        Rename IdentifierCStringTranslator to IdentifierASCIIStringTranslator to make the text encoding
-        explicit.
-        (JSC::IdentifierASCIIStringTranslator::hash):
-        (JSC::IdentifierASCIIStringTranslator::equal):
-        (JSC::IdentifierASCIIStringTranslator::translate): Use the fast initialization from literal.
-        (JSC::Identifier::add):
-        * runtime/Identifier.h:
-        (JSC::Identifier::Identifier):
-
-2012-08-07  Simon Hausmann  <simon.hausmann@nokia.com>
-
-        [Qt][Win] Remove pthreads linkage
-
-        Reviewed by Csaba Osztrogonác.
-
-        After r124823 linkage to pthreads is not needed anymore for the Windows
-        build.
-
-        * JavaScriptCore.pri:
-
-2012-08-07  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        Refactor emit*Inst functions and introduce toARMWord functions in DFG-JIT's traditional ARM port
-        https://bugs.webkit.org/show_bug.cgi?id=93266
-
-        Reviewed by Csaba Osztrogonác.
-
-        First part of a bigger refactoring issue trying to make traditional
-        ARM DFG-JIT port easier to read and understand.
-
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::emitInstruction):
-        (JSC::ARMAssembler::emitDoublePrecisionInstruction):
-        (JSC::ARMAssembler::emitSinglePrecisionInstruction):
-        (JSC::ARMAssembler::and_r):
-        (JSC::ARMAssembler::ands_r):
-        (JSC::ARMAssembler::eor_r):
-        (JSC::ARMAssembler::eors_r):
-        (JSC::ARMAssembler::sub_r):
-        (JSC::ARMAssembler::subs_r):
-        (JSC::ARMAssembler::rsb_r):
-        (JSC::ARMAssembler::rsbs_r):
-        (JSC::ARMAssembler::add_r):
-        (JSC::ARMAssembler::adds_r):
-        (JSC::ARMAssembler::adc_r):
-        (JSC::ARMAssembler::adcs_r):
-        (JSC::ARMAssembler::sbc_r):
-        (JSC::ARMAssembler::sbcs_r):
-        (JSC::ARMAssembler::rsc_r):
-        (JSC::ARMAssembler::rscs_r):
-        (JSC::ARMAssembler::tst_r):
-        (JSC::ARMAssembler::teq_r):
-        (JSC::ARMAssembler::cmp_r):
-        (JSC::ARMAssembler::cmn_r):
-        (JSC::ARMAssembler::orr_r):
-        (JSC::ARMAssembler::orrs_r):
-        (JSC::ARMAssembler::mov_r):
-        (JSC::ARMAssembler::movw_r):
-        (JSC::ARMAssembler::movt_r):
-        (JSC::ARMAssembler::movs_r):
-        (JSC::ARMAssembler::bic_r):
-        (JSC::ARMAssembler::bics_r):
-        (JSC::ARMAssembler::mvn_r):
-        (JSC::ARMAssembler::mvns_r):
-        (JSC::ARMAssembler::mul_r):
-        (JSC::ARMAssembler::muls_r):
-        (JSC::ARMAssembler::mull_r):
-        (JSC::ARMAssembler::vmov_f64_r):
-        (JSC::ARMAssembler::vadd_f64_r):
-        (JSC::ARMAssembler::vdiv_f64_r):
-        (JSC::ARMAssembler::vsub_f64_r):
-        (JSC::ARMAssembler::vmul_f64_r):
-        (JSC::ARMAssembler::vcmp_f64_r):
-        (JSC::ARMAssembler::vsqrt_f64_r):
-        (JSC::ARMAssembler::vabs_f64_r):
-        (JSC::ARMAssembler::vneg_f64_r):
-        (JSC::ARMAssembler::ldr_imm):
-        (JSC::ARMAssembler::ldr_un_imm):
-        (JSC::ARMAssembler::dtr_u):
-        (JSC::ARMAssembler::dtr_ur):
-        (JSC::ARMAssembler::dtr_d):
-        (JSC::ARMAssembler::dtr_dr):
-        (JSC::ARMAssembler::dtrh_u):
-        (JSC::ARMAssembler::dtrh_ur):
-        (JSC::ARMAssembler::dtrh_d):
-        (JSC::ARMAssembler::dtrh_dr):
-        (JSC::ARMAssembler::fdtr_u):
-        (JSC::ARMAssembler::fdtr_d):
-        (JSC::ARMAssembler::push_r):
-        (JSC::ARMAssembler::pop_r):
-        (JSC::ARMAssembler::vmov_vfp64_r):
-        (JSC::ARMAssembler::vmov_arm64_r):
-        (JSC::ARMAssembler::vmov_vfp32_r):
-        (JSC::ARMAssembler::vmov_arm32_r):
-        (JSC::ARMAssembler::vcvt_f64_s32_r):
-        (JSC::ARMAssembler::vcvt_s32_f64_r):
-        (JSC::ARMAssembler::vcvt_u32_f64_r):
-        (JSC::ARMAssembler::vcvt_f64_f32_r):
-        (JSC::ARMAssembler::vcvt_f32_f64_r):
-        (JSC::ARMAssembler::vmrs_apsr):
-        (JSC::ARMAssembler::clz_r):
-        (JSC::ARMAssembler::bx):
-        (JSC::ARMAssembler::blx):
-        (JSC::ARMAssembler::linkJump):
-        (JSC::ARMAssembler::toARMWord):
-        (ARMAssembler):
-
-2012-08-06  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Remove dependency on pthread from MachineStackMarker
-        https://bugs.webkit.org/show_bug.cgi?id=68429
-
-        Reviewed by Geoffrey Garen.
-
-        Windows has no support for calling a destructor for thread specific data.
-        Since we need more control over creating and deleting thread specific keys
-        we can not simply extend WTF::ThreadSpecific with this functionality.
-
-        All thread specific keys created via the new API get stored in a list.
-        After a thread function finished we iterate over this list and call
-        the registered destructor for every item if needed.
-
-        * heap/MachineStackMarker.cpp:  Use the new functions instead of pthread directly.
-        (JSC::MachineThreads::~MachineThreads):
-        (JSC::MachineThreads::makeUsableFromMultipleThreads):
-        (JSC::MachineThreads::addCurrentThread):
-        * heap/MachineStackMarker.h:
-        (MachineThreads):
-
-2012-08-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Unify JSC date and time formating functions
-        https://bugs.webkit.org/show_bug.cgi?id=92282
-
-        Reviewed by Geoffrey Garen.
-
-        Replace the existing functions for formating GregorianDateTime
-        with one single function. This removes some code duplications
-        in DatePrototype and is a preperation to fix encoding issues,
-        since we can add UChar* values to the resulting string now.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::callDate):
-        * runtime/DateConversion.cpp:
-        (JSC::formatDateTime):
-        * runtime/DateConversion.h:
-        (JSC):
-        * runtime/DatePrototype.cpp:
-        (JSC::formateDateInstance):
-        (JSC::dateProtoFuncToString):
-        (JSC::dateProtoFuncToUTCString):
-        (JSC::dateProtoFuncToDateString):
-        (JSC::dateProtoFuncToTimeString):
-        (JSC::dateProtoFuncToGMTString):
-
-2012-08-06  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header file.
-
-2012-08-05  Peter Wang  <peter.wang@torchmobile.com.cn>
-
-        Web Inspector: [JSC] implement setting breakpoints by line:column
-        https://bugs.webkit.org/show_bug.cgi?id=53003
-
-        Reviewed by Geoffrey Garen.
-
-        Add a counter to Lexer to record the column info of each Token. Add a column parameter to
-        op_debug, cti_op_debug, and _llint_op_debug byte-code command.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::DebuggerStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        * debugger/Debugger.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::debug):
-        (JSC::Interpreter::privateExecute):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_debug):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_debug):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * parser/ASTBuilder.h:
-        (ASTBuilder):
-        (JSC::ASTBuilder::createCommaExpr):
-        (JSC::ASTBuilder::createLogicalNot):
-        (JSC::ASTBuilder::createUnaryPlus):
-        (JSC::ASTBuilder::createVoid):
-        (JSC::ASTBuilder::thisExpr):
-        (JSC::ASTBuilder::createResolve):
-        (JSC::ASTBuilder::createObjectLiteral):
-        (JSC::ASTBuilder::createArray):
-        (JSC::ASTBuilder::createNumberExpr):
-        (JSC::ASTBuilder::createString):
-        (JSC::ASTBuilder::createBoolean):
-        (JSC::ASTBuilder::createNull):
-        (JSC::ASTBuilder::createBracketAccess):
-        (JSC::ASTBuilder::createDotAccess):
-        (JSC::ASTBuilder::createRegExp):
-        (JSC::ASTBuilder::createNewExpr):
-        (JSC::ASTBuilder::createConditionalExpr):
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createFunctionExpr):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createArgumentsList):
-        (JSC::ASTBuilder::createPropertyList):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createBlockStatement):
-        (JSC::ASTBuilder::createExprStatement):
-        (JSC::ASTBuilder::createIfStatement):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::createEmptyStatement):
-        (JSC::ASTBuilder::createVarStatement):
-        (JSC::ASTBuilder::createReturnStatement):
-        (JSC::ASTBuilder::createBreakStatement):
-        (JSC::ASTBuilder::createContinueStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createSwitchStatement):
-        (JSC::ASTBuilder::createWhileStatement):
-        (JSC::ASTBuilder::createDoWhileStatement):
-        (JSC::ASTBuilder::createLabelStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::createThrowStatement):
-        (JSC::ASTBuilder::createDebugger):
-        (JSC::ASTBuilder::createConstStatement):
-        (JSC::ASTBuilder::appendConstDecl):
-        (JSC::ASTBuilder::combineCommaNodes):
-        (JSC::ASTBuilder::appendBinaryOperation):
-        (JSC::ASTBuilder::createAssignment):
-        (JSC::ASTBuilder::createNumber):
-        (JSC::ASTBuilder::makeTypeOfNode):
-        (JSC::ASTBuilder::makeDeleteNode):
-        (JSC::ASTBuilder::makeNegateNode):
-        (JSC::ASTBuilder::makeBitwiseNotNode):
-        (JSC::ASTBuilder::makeMultNode):
-        (JSC::ASTBuilder::makeDivNode):
-        (JSC::ASTBuilder::makeModNode):
-        (JSC::ASTBuilder::makeAddNode):
-        (JSC::ASTBuilder::makeSubNode):
-        (JSC::ASTBuilder::makeLeftShiftNode):
-        (JSC::ASTBuilder::makeRightShiftNode):
-        (JSC::ASTBuilder::makeURightShiftNode):
-        (JSC::ASTBuilder::makeBitOrNode):
-        (JSC::ASTBuilder::makeBitAndNode):
-        (JSC::ASTBuilder::makeBitXOrNode):
-        (JSC::ASTBuilder::makeFunctionCallNode):
-        (JSC::ASTBuilder::makeBinaryNode):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/Lexer.cpp:
-        (JSC::::setCode):
-        (JSC::::internalShift):
-        (JSC::::shift):
-        (JSC::::lex):
-        * parser/Lexer.h:
-        (Lexer):
-        (JSC::Lexer::currentColumnNumber):
-        (JSC::::lexExpectIdentifier):
-        * parser/NodeConstructors.h:
-        (JSC::Node::Node):
-        (JSC::ExpressionNode::ExpressionNode):
-        (JSC::StatementNode::StatementNode):
-        (JSC::NullNode::NullNode):
-        (JSC::BooleanNode::BooleanNode):
-        (JSC::NumberNode::NumberNode):
-        (JSC::StringNode::StringNode):
-        (JSC::RegExpNode::RegExpNode):
-        (JSC::ThisNode::ThisNode):
-        (JSC::ResolveNode::ResolveNode):
-        (JSC::ArrayNode::ArrayNode):
-        (JSC::PropertyListNode::PropertyListNode):
-        (JSC::ObjectLiteralNode::ObjectLiteralNode):
-        (JSC::BracketAccessorNode::BracketAccessorNode):
-        (JSC::DotAccessorNode::DotAccessorNode):
-        (JSC::ArgumentListNode::ArgumentListNode):
-        (JSC::NewExprNode::NewExprNode):
-        (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
-        (JSC::FunctionCallValueNode::FunctionCallValueNode):
-        (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
-        (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
-        (JSC::FunctionCallDotNode::FunctionCallDotNode):
-        (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
-        (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
-        (JSC::PrePostResolveNode::PrePostResolveNode):
-        (JSC::PostfixResolveNode::PostfixResolveNode):
-        (JSC::PostfixBracketNode::PostfixBracketNode):
-        (JSC::PostfixDotNode::PostfixDotNode):
-        (JSC::PostfixErrorNode::PostfixErrorNode):
-        (JSC::DeleteResolveNode::DeleteResolveNode):
-        (JSC::DeleteBracketNode::DeleteBracketNode):
-        (JSC::DeleteDotNode::DeleteDotNode):
-        (JSC::DeleteValueNode::DeleteValueNode):
-        (JSC::VoidNode::VoidNode):
-        (JSC::TypeOfResolveNode::TypeOfResolveNode):
-        (JSC::TypeOfValueNode::TypeOfValueNode):
-        (JSC::PrefixResolveNode::PrefixResolveNode):
-        (JSC::PrefixBracketNode::PrefixBracketNode):
-        (JSC::PrefixDotNode::PrefixDotNode):
-        (JSC::PrefixErrorNode::PrefixErrorNode):
-        (JSC::UnaryOpNode::UnaryOpNode):
-        (JSC::UnaryPlusNode::UnaryPlusNode):
-        (JSC::NegateNode::NegateNode):
-        (JSC::BitwiseNotNode::BitwiseNotNode):
-        (JSC::LogicalNotNode::LogicalNotNode):
-        (JSC::BinaryOpNode::BinaryOpNode):
-        (JSC::MultNode::MultNode):
-        (JSC::DivNode::DivNode):
-        (JSC::ModNode::ModNode):
-        (JSC::AddNode::AddNode):
-        (JSC::SubNode::SubNode):
-        (JSC::LeftShiftNode::LeftShiftNode):
-        (JSC::RightShiftNode::RightShiftNode):
-        (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
-        (JSC::LessNode::LessNode):
-        (JSC::GreaterNode::GreaterNode):
-        (JSC::LessEqNode::LessEqNode):
-        (JSC::GreaterEqNode::GreaterEqNode):
-        (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
-        (JSC::InstanceOfNode::InstanceOfNode):
-        (JSC::InNode::InNode):
-        (JSC::EqualNode::EqualNode):
-        (JSC::NotEqualNode::NotEqualNode):
-        (JSC::StrictEqualNode::StrictEqualNode):
-        (JSC::NotStrictEqualNode::NotStrictEqualNode):
-        (JSC::BitAndNode::BitAndNode):
-        (JSC::BitOrNode::BitOrNode):
-        (JSC::BitXOrNode::BitXOrNode):
-        (JSC::LogicalOpNode::LogicalOpNode):
-        (JSC::ConditionalNode::ConditionalNode):
-        (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
-        (JSC::AssignResolveNode::AssignResolveNode):
-        (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
-        (JSC::AssignBracketNode::AssignBracketNode):
-        (JSC::AssignDotNode::AssignDotNode):
-        (JSC::ReadModifyDotNode::ReadModifyDotNode):
-        (JSC::AssignErrorNode::AssignErrorNode):
-        (JSC::CommaNode::CommaNode):
-        (JSC::ConstStatementNode::ConstStatementNode):
-        (JSC::EmptyStatementNode::EmptyStatementNode):
-        (JSC::DebuggerStatementNode::DebuggerStatementNode):
-        (JSC::ExprStatementNode::ExprStatementNode):
-        (JSC::VarStatementNode::VarStatementNode):
-        (JSC::IfNode::IfNode):
-        (JSC::IfElseNode::IfElseNode):
-        (JSC::DoWhileNode::DoWhileNode):
-        (JSC::WhileNode::WhileNode):
-        (JSC::ForNode::ForNode):
-        (JSC::ContinueNode::ContinueNode):
-        (JSC::BreakNode::BreakNode):
-        (JSC::ReturnNode::ReturnNode):
-        (JSC::WithNode::WithNode):
-        (JSC::LabelNode::LabelNode):
-        (JSC::ThrowNode::ThrowNode):
-        (JSC::TryNode::TryNode):
-        (JSC::FuncExprNode::FuncExprNode):
-        (JSC::FuncDeclNode::FuncDeclNode):
-        (JSC::SwitchNode::SwitchNode):
-        (JSC::ConstDeclNode::ConstDeclNode):
-        (JSC::BlockNode::BlockNode):
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.cpp:
-        (JSC::StatementNode::setLoc):
-        (JSC):
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (Node):
-        (JSC::Node::columnNo):
-        (ExpressionNode):
-        (StatementNode):
-        (JSC::StatementNode::column):
-        (NullNode):
-        (BooleanNode):
-        (NumberNode):
-        (StringNode):
-        (RegExpNode):
-        (ThisNode):
-        (ResolveNode):
-        (ArrayNode):
-        (PropertyListNode):
-        (ObjectLiteralNode):
-        (BracketAccessorNode):
-        (DotAccessorNode):
-        (ArgumentListNode):
-        (NewExprNode):
-        (EvalFunctionCallNode):
-        (FunctionCallValueNode):
-        (FunctionCallResolveNode):
-        (FunctionCallBracketNode):
-        (FunctionCallDotNode):
-        (CallFunctionCallDotNode):
-        (ApplyFunctionCallDotNode):
-        (PrePostResolveNode):
-        (PostfixResolveNode):
-        (PostfixBracketNode):
-        (PostfixDotNode):
-        (PostfixErrorNode):
-        (DeleteResolveNode):
-        (DeleteBracketNode):
-        (DeleteDotNode):
-        (DeleteValueNode):
-        (VoidNode):
-        (TypeOfResolveNode):
-        (TypeOfValueNode):
-        (PrefixResolveNode):
-        (PrefixBracketNode):
-        (PrefixDotNode):
-        (PrefixErrorNode):
-        (UnaryOpNode):
-        (UnaryPlusNode):
-        (NegateNode):
-        (BitwiseNotNode):
-        (LogicalNotNode):
-        (BinaryOpNode):
-        (MultNode):
-        (DivNode):
-        (ModNode):
-        (AddNode):
-        (SubNode):
-        (LeftShiftNode):
-        (RightShiftNode):
-        (UnsignedRightShiftNode):
-        (LessNode):
-        (GreaterNode):
-        (LessEqNode):
-        (GreaterEqNode):
-        (ThrowableBinaryOpNode):
-        (InstanceOfNode):
-        (InNode):
-        (EqualNode):
-        (NotEqualNode):
-        (StrictEqualNode):
-        (NotStrictEqualNode):
-        (BitAndNode):
-        (BitOrNode):
-        (BitXOrNode):
-        (LogicalOpNode):
-        (ConditionalNode):
-        (ReadModifyResolveNode):
-        (AssignResolveNode):
-        (ReadModifyBracketNode):
-        (AssignBracketNode):
-        (AssignDotNode):
-        (ReadModifyDotNode):
-        (AssignErrorNode):
-        (CommaNode):
-        (ConstDeclNode):
-        (ConstStatementNode):
-        (BlockNode):
-        (EmptyStatementNode):
-        (DebuggerStatementNode):
-        (ExprStatementNode):
-        (VarStatementNode):
-        (IfNode):
-        (IfElseNode):
-        (DoWhileNode):
-        (WhileNode):
-        (ForNode):
-        (ForInNode):
-        (ContinueNode):
-        (BreakNode):
-        (ReturnNode):
-        (WithNode):
-        (LabelNode):
-        (ThrowNode):
-        (TryNode):
-        (ScopeNode):
-        (ProgramNode):
-        (EvalNode):
-        (FunctionBodyNode):
-        (FuncExprNode):
-        (FuncDeclNode):
-        (SwitchNode):
-        * parser/Parser.cpp:
-        (JSC::::parseSourceElements):
-        (JSC::::parseVarDeclaration):
-        (JSC::::parseConstDeclaration):
-        (JSC::::parseDoWhileStatement):
-        (JSC::::parseWhileStatement):
-        (JSC::::parseVarDeclarationList):
-        (JSC::::parseConstDeclarationList):
-        (JSC::::parseForStatement):
-        (JSC::::parseBreakStatement):
-        (JSC::::parseContinueStatement):
-        (JSC::::parseReturnStatement):
-        (JSC::::parseThrowStatement):
-        (JSC::::parseWithStatement):
-        (JSC::::parseSwitchStatement):
-        (JSC::::parseTryStatement):
-        (JSC::::parseDebuggerStatement):
-        (JSC::::parseBlockStatement):
-        (JSC::::parseStatement):
-        (JSC::::parseFunctionBody):
-        (JSC::::parseFunctionInfo):
-        (JSC::::parseFunctionDeclaration):
-        (JSC::::parseExpressionOrLabelStatement):
-        (JSC::::parseExpressionStatement):
-        (JSC::::parseIfStatement):
-        (JSC::::parseExpression):
-        (JSC::::parseAssignmentExpression):
-        (JSC::::parseConditionalExpression):
-        (JSC::::parseBinaryExpression):
-        (JSC::::parseProperty):
-        (JSC::::parseObjectLiteral):
-        (JSC::::parseStrictObjectLiteral):
-        (JSC::::parseArrayLiteral):
-        (JSC::::parsePrimaryExpression):
-        (JSC::::parseArguments):
-        (JSC::::parseMemberExpression):
-        (JSC::::parseUnaryExpression):
-        * parser/Parser.h:
-        (JSC::Parser::next):
-        (JSC::Parser::nextExpectIdentifier):
-        (JSC::Parser::tokenStart):
-        (JSC::Parser::tokenLine):
-        (JSC::Parser::tokenEnd):
-        (JSC::Parser::tokenLocation):
-        (Parser):
-        (JSC::Parser::getTokenName):
-        (JSC::::parse):
-        * parser/ParserTokens.h:
-        (JSC::JSTokenLocation::JSTokenLocation):
-        (JSTokenLocation):
-        (JSToken):
-        * parser/SourceProviderCacheItem.h:
-        (JSC::SourceProviderCacheItem::closeBraceToken):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::makeFunctionCallNode):
-        (JSC::SyntaxChecker::createCommaExpr):
-        (JSC::SyntaxChecker::makeAssignNode):
-        (JSC::SyntaxChecker::makePrefixNode):
-        (JSC::SyntaxChecker::makePostfixNode):
-        (JSC::SyntaxChecker::makeTypeOfNode):
-        (JSC::SyntaxChecker::makeDeleteNode):
-        (JSC::SyntaxChecker::makeNegateNode):
-        (JSC::SyntaxChecker::makeBitwiseNotNode):
-        (JSC::SyntaxChecker::createLogicalNot):
-        (JSC::SyntaxChecker::createUnaryPlus):
-        (JSC::SyntaxChecker::createVoid):
-        (JSC::SyntaxChecker::thisExpr):
-        (JSC::SyntaxChecker::createResolve):
-        (JSC::SyntaxChecker::createObjectLiteral):
-        (JSC::SyntaxChecker::createArray):
-        (JSC::SyntaxChecker::createNumberExpr):
-        (JSC::SyntaxChecker::createString):
-        (JSC::SyntaxChecker::createBoolean):
-        (JSC::SyntaxChecker::createNull):
-        (JSC::SyntaxChecker::createBracketAccess):
-        (JSC::SyntaxChecker::createDotAccess):
-        (JSC::SyntaxChecker::createRegExp):
-        (JSC::SyntaxChecker::createNewExpr):
-        (JSC::SyntaxChecker::createConditionalExpr):
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createFunctionExpr):
-        (JSC::SyntaxChecker::createFunctionBody):
-        (JSC::SyntaxChecker::createArgumentsList):
-        (JSC::SyntaxChecker::createPropertyList):
-        (JSC::SyntaxChecker::createFuncDeclStatement):
-        (JSC::SyntaxChecker::createBlockStatement):
-        (JSC::SyntaxChecker::createExprStatement):
-        (JSC::SyntaxChecker::createIfStatement):
-        (JSC::SyntaxChecker::createForLoop):
-        (JSC::SyntaxChecker::createForInLoop):
-        (JSC::SyntaxChecker::createEmptyStatement):
-        (JSC::SyntaxChecker::createVarStatement):
-        (JSC::SyntaxChecker::createReturnStatement):
-        (JSC::SyntaxChecker::createBreakStatement):
-        (JSC::SyntaxChecker::createContinueStatement):
-        (JSC::SyntaxChecker::createTryStatement):
-        (JSC::SyntaxChecker::createSwitchStatement):
-        (JSC::SyntaxChecker::createWhileStatement):
-        (JSC::SyntaxChecker::createWithStatement):
-        (JSC::SyntaxChecker::createDoWhileStatement):
-        (JSC::SyntaxChecker::createLabelStatement):
-        (JSC::SyntaxChecker::createThrowStatement):
-        (JSC::SyntaxChecker::createDebugger):
-        (JSC::SyntaxChecker::createConstStatement):
-        (JSC::SyntaxChecker::appendConstDecl):
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-        (JSC::SyntaxChecker::combineCommaNodes):
-        (JSC::SyntaxChecker::operatorStackPop):
-
-2012-08-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Crashes in dfgBuildPutByIdList when clicking on just about anything on Google Maps
-        https://bugs.webkit.org/show_bug.cgi?id=92691
-
-        Reviewed by Mark Hahnenberg.
-
-        The state of the stubs was changing after we determined the type (by virtue of the slow path
-        function that was called), since the get or put (in this case put) could cause arbitrary
-        side effects. Perhaps a full-blown fix would be to eliminate our reliance of the slow path
-        function to determine what to do, but an easier fix for now is to have the slow path give up
-        if its assumptions were invalidated by a side effect.
-
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2012-08-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG handling of get_by_id should always inject a ForceOSRExit node if there is no prediction
-        https://bugs.webkit.org/show_bug.cgi?id=93162
-
-        Reviewed by Mark Hahnenberg.
-
-        This simplifies the DFG IR by ensuring that all nodes that use value profiles will be preceded
-        by a ForceOSRExit if the value profile had no data.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2012-08-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::StructureCheckHoistingPhase keeps a Node& around for too long
-        https://bugs.webkit.org/show_bug.cgi?id=93157
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-02  Patrick Gansterer  <paroga@webkit.org>
-
-        Move getLocalTime() as static inline function to DateMath
-        https://bugs.webkit.org/show_bug.cgi?id=92955
-
-        Reviewed by Ryosuke Niwa.
-
-        getCurrentLocalTime() and getLocalTime() has been superseded with the
-        GregorianDateTime class. So we can move it into DateMath.cpp as an static inline
-        function. This allows us to remove the dependecy on time() and localtime()
-        for Windows CE, where this functions require the ce_time library to work.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        ASSERTION FAILED: at(m_compileIndex).canExit() || m_isCheckingArgumentTypes
-        https://bugs.webkit.org/show_bug.cgi?id=91074
-
-        Reviewed by Mark Hahnenberg.
-
-        Fixes a bug where the speculative JIT was performing an unnecessary speculation that the
-        CFA had proven shouldn't be performed, leading to asserts that a node should not have
-        exit sites. This is a debug-only assert with no release symptom - we were just emitting
-        a check that was not reachable.
-        
-        Also found, and fixed, a bug where structure check hoisting was slightly confusing the
-        CFA by inserting GetLocal's into the graph. CSE would clean the GetLocal's up, which
-        would make the backend happy - but the CFA would produce subtly wrong results.
-
-        * bytecode/SpeculatedType.h:
-        (JSC::isOtherOrEmptySpeculation):
-        (JSC):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-
-2012-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix for DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE).
-
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-08-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove all uses of ClassInfo for JSStrings in JIT code
-        https://bugs.webkit.org/show_bug.cgi?id=92935
-
-        Reviewed by Geoffrey Garen.
-
-        This is the first step in removing our dependence on in-object ClassInfo pointers
-        in JIT code. Most of the changes are to check the Structure, which is unique for 
-        JSString primitives.
-
-        * bytecode/SpeculatedType.cpp:
-        (JSC::speculationFromClassInfo):
-        (JSC::speculationFromStructure): Changed to check the TypeInfo in the Structure
-        since there wasn't a JSGlobalData immediately available to grab the JSString 
-        Structure out of.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitLoadCharacterString):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_convert_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_convert_this):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::loadJSStringArgument):
-        * jit/ThunkGenerators.cpp:
-        (JSC::stringCharLoad):
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-
-2012-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, missed a style goof in the previous patch: "NodeIndex nodeIndex"
-        in a method signature is painfully redundant.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2012-08-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGSpeculativeJIT.h has too many inline method bodies
-        https://bugs.webkit.org/show_bug.cgi?id=92957
-
-        Reviewed by Antti Koivisto.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::speculationCheckWithConditionalDirection):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2012-08-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r124406.
-        http://trac.webkit.org/changeset/124406
-        https://bugs.webkit.org/show_bug.cgi?id=92951
-
-        it set the Mac bots on fire (Requested by pizlo on #webkit).
-
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        (JSC::ConditionalNode::emitBytecode):
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::DebuggerStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        * debugger/Debugger.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::debug):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_debug):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_debug):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * parser/ASTBuilder.h:
-        (ASTBuilder):
-        (JSC::ASTBuilder::createCommaExpr):
-        (JSC::ASTBuilder::createLogicalNot):
-        (JSC::ASTBuilder::createUnaryPlus):
-        (JSC::ASTBuilder::createVoid):
-        (JSC::ASTBuilder::thisExpr):
-        (JSC::ASTBuilder::createResolve):
-        (JSC::ASTBuilder::createObjectLiteral):
-        (JSC::ASTBuilder::createArray):
-        (JSC::ASTBuilder::createNumberExpr):
-        (JSC::ASTBuilder::createString):
-        (JSC::ASTBuilder::createBoolean):
-        (JSC::ASTBuilder::createNull):
-        (JSC::ASTBuilder::createBracketAccess):
-        (JSC::ASTBuilder::createDotAccess):
-        (JSC::ASTBuilder::createRegExp):
-        (JSC::ASTBuilder::createNewExpr):
-        (JSC::ASTBuilder::createConditionalExpr):
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createFunctionExpr):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createArgumentsList):
-        (JSC::ASTBuilder::createPropertyList):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createBlockStatement):
-        (JSC::ASTBuilder::createExprStatement):
-        (JSC::ASTBuilder::createIfStatement):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::createEmptyStatement):
-        (JSC::ASTBuilder::createVarStatement):
-        (JSC::ASTBuilder::createReturnStatement):
-        (JSC::ASTBuilder::createBreakStatement):
-        (JSC::ASTBuilder::createContinueStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createSwitchStatement):
-        (JSC::ASTBuilder::createWhileStatement):
-        (JSC::ASTBuilder::createDoWhileStatement):
-        (JSC::ASTBuilder::createLabelStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::createThrowStatement):
-        (JSC::ASTBuilder::createDebugger):
-        (JSC::ASTBuilder::createConstStatement):
-        (JSC::ASTBuilder::appendConstDecl):
-        (JSC::ASTBuilder::combineCommaNodes):
-        (JSC::ASTBuilder::appendBinaryOperation):
-        (JSC::ASTBuilder::createAssignment):
-        (JSC::ASTBuilder::createNumber):
-        (JSC::ASTBuilder::makeTypeOfNode):
-        (JSC::ASTBuilder::makeDeleteNode):
-        (JSC::ASTBuilder::makeNegateNode):
-        (JSC::ASTBuilder::makeBitwiseNotNode):
-        (JSC::ASTBuilder::makeMultNode):
-        (JSC::ASTBuilder::makeDivNode):
-        (JSC::ASTBuilder::makeModNode):
-        (JSC::ASTBuilder::makeAddNode):
-        (JSC::ASTBuilder::makeSubNode):
-        (JSC::ASTBuilder::makeLeftShiftNode):
-        (JSC::ASTBuilder::makeRightShiftNode):
-        (JSC::ASTBuilder::makeURightShiftNode):
-        (JSC::ASTBuilder::makeBitOrNode):
-        (JSC::ASTBuilder::makeBitAndNode):
-        (JSC::ASTBuilder::makeBitXOrNode):
-        (JSC::ASTBuilder::makeFunctionCallNode):
-        (JSC::ASTBuilder::makeBinaryNode):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/Lexer.cpp:
-        (JSC::::setCode):
-        (JSC::::internalShift):
-        (JSC::::shift):
-        (JSC::::lex):
-        * parser/Lexer.h:
-        (Lexer):
-        (JSC::::lexExpectIdentifier):
-        * parser/NodeConstructors.h:
-        (JSC::Node::Node):
-        (JSC::ExpressionNode::ExpressionNode):
-        (JSC::StatementNode::StatementNode):
-        (JSC::NullNode::NullNode):
-        (JSC::BooleanNode::BooleanNode):
-        (JSC::NumberNode::NumberNode):
-        (JSC::StringNode::StringNode):
-        (JSC::RegExpNode::RegExpNode):
-        (JSC::ThisNode::ThisNode):
-        (JSC::ResolveNode::ResolveNode):
-        (JSC::ArrayNode::ArrayNode):
-        (JSC::PropertyListNode::PropertyListNode):
-        (JSC::ObjectLiteralNode::ObjectLiteralNode):
-        (JSC::BracketAccessorNode::BracketAccessorNode):
-        (JSC::DotAccessorNode::DotAccessorNode):
-        (JSC::ArgumentListNode::ArgumentListNode):
-        (JSC::NewExprNode::NewExprNode):
-        (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
-        (JSC::FunctionCallValueNode::FunctionCallValueNode):
-        (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
-        (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
-        (JSC::FunctionCallDotNode::FunctionCallDotNode):
-        (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
-        (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
-        (JSC::PrePostResolveNode::PrePostResolveNode):
-        (JSC::PostfixResolveNode::PostfixResolveNode):
-        (JSC::PostfixBracketNode::PostfixBracketNode):
-        (JSC::PostfixDotNode::PostfixDotNode):
-        (JSC::PostfixErrorNode::PostfixErrorNode):
-        (JSC::DeleteResolveNode::DeleteResolveNode):
-        (JSC::DeleteBracketNode::DeleteBracketNode):
-        (JSC::DeleteDotNode::DeleteDotNode):
-        (JSC::DeleteValueNode::DeleteValueNode):
-        (JSC::VoidNode::VoidNode):
-        (JSC::TypeOfResolveNode::TypeOfResolveNode):
-        (JSC::TypeOfValueNode::TypeOfValueNode):
-        (JSC::PrefixResolveNode::PrefixResolveNode):
-        (JSC::PrefixBracketNode::PrefixBracketNode):
-        (JSC::PrefixDotNode::PrefixDotNode):
-        (JSC::PrefixErrorNode::PrefixErrorNode):
-        (JSC::UnaryOpNode::UnaryOpNode):
-        (JSC::UnaryPlusNode::UnaryPlusNode):
-        (JSC::NegateNode::NegateNode):
-        (JSC::BitwiseNotNode::BitwiseNotNode):
-        (JSC::LogicalNotNode::LogicalNotNode):
-        (JSC::BinaryOpNode::BinaryOpNode):
-        (JSC::MultNode::MultNode):
-        (JSC::DivNode::DivNode):
-        (JSC::ModNode::ModNode):
-        (JSC::AddNode::AddNode):
-        (JSC::SubNode::SubNode):
-        (JSC::LeftShiftNode::LeftShiftNode):
-        (JSC::RightShiftNode::RightShiftNode):
-        (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
-        (JSC::LessNode::LessNode):
-        (JSC::GreaterNode::GreaterNode):
-        (JSC::LessEqNode::LessEqNode):
-        (JSC::GreaterEqNode::GreaterEqNode):
-        (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
-        (JSC::InstanceOfNode::InstanceOfNode):
-        (JSC::InNode::InNode):
-        (JSC::EqualNode::EqualNode):
-        (JSC::NotEqualNode::NotEqualNode):
-        (JSC::StrictEqualNode::StrictEqualNode):
-        (JSC::NotStrictEqualNode::NotStrictEqualNode):
-        (JSC::BitAndNode::BitAndNode):
-        (JSC::BitOrNode::BitOrNode):
-        (JSC::BitXOrNode::BitXOrNode):
-        (JSC::LogicalOpNode::LogicalOpNode):
-        (JSC::ConditionalNode::ConditionalNode):
-        (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
-        (JSC::AssignResolveNode::AssignResolveNode):
-        (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
-        (JSC::AssignBracketNode::AssignBracketNode):
-        (JSC::AssignDotNode::AssignDotNode):
-        (JSC::ReadModifyDotNode::ReadModifyDotNode):
-        (JSC::AssignErrorNode::AssignErrorNode):
-        (JSC::CommaNode::CommaNode):
-        (JSC::ConstStatementNode::ConstStatementNode):
-        (JSC::EmptyStatementNode::EmptyStatementNode):
-        (JSC::DebuggerStatementNode::DebuggerStatementNode):
-        (JSC::ExprStatementNode::ExprStatementNode):
-        (JSC::VarStatementNode::VarStatementNode):
-        (JSC::IfNode::IfNode):
-        (JSC::IfElseNode::IfElseNode):
-        (JSC::DoWhileNode::DoWhileNode):
-        (JSC::WhileNode::WhileNode):
-        (JSC::ForNode::ForNode):
-        (JSC::ContinueNode::ContinueNode):
-        (JSC::BreakNode::BreakNode):
-        (JSC::ReturnNode::ReturnNode):
-        (JSC::WithNode::WithNode):
-        (JSC::LabelNode::LabelNode):
-        (JSC::ThrowNode::ThrowNode):
-        (JSC::TryNode::TryNode):
-        (JSC::FuncExprNode::FuncExprNode):
-        (JSC::FuncDeclNode::FuncDeclNode):
-        (JSC::SwitchNode::SwitchNode):
-        (JSC::ConstDeclNode::ConstDeclNode):
-        (JSC::BlockNode::BlockNode):
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.cpp:
-        (JSC):
-        (JSC::StatementNode::setLoc):
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (Node):
-        (ExpressionNode):
-        (StatementNode):
-        (NullNode):
-        (BooleanNode):
-        (NumberNode):
-        (StringNode):
-        (RegExpNode):
-        (ThisNode):
-        (ResolveNode):
-        (ArrayNode):
-        (PropertyListNode):
-        (ObjectLiteralNode):
-        (BracketAccessorNode):
-        (DotAccessorNode):
-        (ArgumentListNode):
-        (NewExprNode):
-        (EvalFunctionCallNode):
-        (FunctionCallValueNode):
-        (FunctionCallResolveNode):
-        (FunctionCallBracketNode):
-        (FunctionCallDotNode):
-        (CallFunctionCallDotNode):
-        (ApplyFunctionCallDotNode):
-        (PrePostResolveNode):
-        (PostfixResolveNode):
-        (PostfixBracketNode):
-        (PostfixDotNode):
-        (PostfixErrorNode):
-        (DeleteResolveNode):
-        (DeleteBracketNode):
-        (DeleteDotNode):
-        (DeleteValueNode):
-        (VoidNode):
-        (TypeOfResolveNode):
-        (TypeOfValueNode):
-        (PrefixResolveNode):
-        (PrefixBracketNode):
-        (PrefixDotNode):
-        (PrefixErrorNode):
-        (UnaryOpNode):
-        (UnaryPlusNode):
-        (NegateNode):
-        (BitwiseNotNode):
-        (LogicalNotNode):
-        (BinaryOpNode):
-        (MultNode):
-        (DivNode):
-        (ModNode):
-        (AddNode):
-        (SubNode):
-        (LeftShiftNode):
-        (RightShiftNode):
-        (UnsignedRightShiftNode):
-        (LessNode):
-        (GreaterNode):
-        (LessEqNode):
-        (GreaterEqNode):
-        (ThrowableBinaryOpNode):
-        (InstanceOfNode):
-        (InNode):
-        (EqualNode):
-        (NotEqualNode):
-        (StrictEqualNode):
-        (NotStrictEqualNode):
-        (BitAndNode):
-        (BitOrNode):
-        (BitXOrNode):
-        (LogicalOpNode):
-        (ConditionalNode):
-        (ReadModifyResolveNode):
-        (AssignResolveNode):
-        (ReadModifyBracketNode):
-        (AssignBracketNode):
-        (AssignDotNode):
-        (ReadModifyDotNode):
-        (AssignErrorNode):
-        (CommaNode):
-        (ConstDeclNode):
-        (ConstStatementNode):
-        (BlockNode):
-        (EmptyStatementNode):
-        (DebuggerStatementNode):
-        (ExprStatementNode):
-        (VarStatementNode):
-        (IfNode):
-        (IfElseNode):
-        (DoWhileNode):
-        (WhileNode):
-        (ForNode):
-        (ForInNode):
-        (ContinueNode):
-        (BreakNode):
-        (ReturnNode):
-        (WithNode):
-        (LabelNode):
-        (ThrowNode):
-        (TryNode):
-        (ScopeNode):
-        (ProgramNode):
-        (EvalNode):
-        (FunctionBodyNode):
-        (FuncExprNode):
-        (FuncDeclNode):
-        (SwitchNode):
-        * parser/Parser.cpp:
-        (JSC::::parseSourceElements):
-        (JSC::::parseVarDeclaration):
-        (JSC::::parseConstDeclaration):
-        (JSC::::parseDoWhileStatement):
-        (JSC::::parseWhileStatement):
-        (JSC::::parseVarDeclarationList):
-        (JSC::::parseConstDeclarationList):
-        (JSC::::parseForStatement):
-        (JSC::::parseBreakStatement):
-        (JSC::::parseContinueStatement):
-        (JSC::::parseReturnStatement):
-        (JSC::::parseThrowStatement):
-        (JSC::::parseWithStatement):
-        (JSC::::parseSwitchStatement):
-        (JSC::::parseTryStatement):
-        (JSC::::parseDebuggerStatement):
-        (JSC::::parseBlockStatement):
-        (JSC::::parseStatement):
-        (JSC::::parseFunctionBody):
-        (JSC::::parseFunctionInfo):
-        (JSC::::parseFunctionDeclaration):
-        (JSC::::parseExpressionOrLabelStatement):
-        (JSC::::parseExpressionStatement):
-        (JSC::::parseIfStatement):
-        (JSC::::parseExpression):
-        (JSC::::parseAssignmentExpression):
-        (JSC::::parseConditionalExpression):
-        (JSC::::parseBinaryExpression):
-        (JSC::::parseProperty):
-        (JSC::::parseObjectLiteral):
-        (JSC::::parseStrictObjectLiteral):
-        (JSC::::parseArrayLiteral):
-        (JSC::::parsePrimaryExpression):
-        (JSC::::parseArguments):
-        (JSC::::parseMemberExpression):
-        (JSC::::parseUnaryExpression):
-        * parser/Parser.h:
-        (JSC::Parser::next):
-        (JSC::Parser::nextExpectIdentifier):
-        (JSC::Parser::tokenStart):
-        (JSC::Parser::tokenLine):
-        (JSC::Parser::tokenEnd):
-        (JSC::Parser::getTokenName):
-        (JSC::::parse):
-        * parser/ParserTokens.h:
-        (JSC::JSTokenInfo::JSTokenInfo):
-        (JSTokenInfo):
-        (JSToken):
-        * parser/SourceProviderCacheItem.h:
-        (JSC::SourceProviderCacheItem::closeBraceToken):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::makeFunctionCallNode):
-        (JSC::SyntaxChecker::createCommaExpr):
-        (JSC::SyntaxChecker::makeAssignNode):
-        (JSC::SyntaxChecker::makePrefixNode):
-        (JSC::SyntaxChecker::makePostfixNode):
-        (JSC::SyntaxChecker::makeTypeOfNode):
-        (JSC::SyntaxChecker::makeDeleteNode):
-        (JSC::SyntaxChecker::makeNegateNode):
-        (JSC::SyntaxChecker::makeBitwiseNotNode):
-        (JSC::SyntaxChecker::createLogicalNot):
-        (JSC::SyntaxChecker::createUnaryPlus):
-        (JSC::SyntaxChecker::createVoid):
-        (JSC::SyntaxChecker::thisExpr):
-        (JSC::SyntaxChecker::createResolve):
-        (JSC::SyntaxChecker::createObjectLiteral):
-        (JSC::SyntaxChecker::createArray):
-        (JSC::SyntaxChecker::createNumberExpr):
-        (JSC::SyntaxChecker::createString):
-        (JSC::SyntaxChecker::createBoolean):
-        (JSC::SyntaxChecker::createNull):
-        (JSC::SyntaxChecker::createBracketAccess):
-        (JSC::SyntaxChecker::createDotAccess):
-        (JSC::SyntaxChecker::createRegExp):
-        (JSC::SyntaxChecker::createNewExpr):
-        (JSC::SyntaxChecker::createConditionalExpr):
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createFunctionExpr):
-        (JSC::SyntaxChecker::createFunctionBody):
-        (JSC::SyntaxChecker::createArgumentsList):
-        (JSC::SyntaxChecker::createPropertyList):
-        (JSC::SyntaxChecker::createFuncDeclStatement):
-        (JSC::SyntaxChecker::createBlockStatement):
-        (JSC::SyntaxChecker::createExprStatement):
-        (JSC::SyntaxChecker::createIfStatement):
-        (JSC::SyntaxChecker::createForLoop):
-        (JSC::SyntaxChecker::createForInLoop):
-        (JSC::SyntaxChecker::createEmptyStatement):
-        (JSC::SyntaxChecker::createVarStatement):
-        (JSC::SyntaxChecker::createReturnStatement):
-        (JSC::SyntaxChecker::createBreakStatement):
-        (JSC::SyntaxChecker::createContinueStatement):
-        (JSC::SyntaxChecker::createTryStatement):
-        (JSC::SyntaxChecker::createSwitchStatement):
-        (JSC::SyntaxChecker::createWhileStatement):
-        (JSC::SyntaxChecker::createWithStatement):
-        (JSC::SyntaxChecker::createDoWhileStatement):
-        (JSC::SyntaxChecker::createLabelStatement):
-        (JSC::SyntaxChecker::createThrowStatement):
-        (JSC::SyntaxChecker::createDebugger):
-        (JSC::SyntaxChecker::createConstStatement):
-        (JSC::SyntaxChecker::appendConstDecl):
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-        (JSC::SyntaxChecker::combineCommaNodes):
-        (JSC::SyntaxChecker::operatorStackPop):
-
-2012-08-01  Peter Wang  <peter.wang@torchmobile.com.cn>
-
-        Web Inspector: [JSC] implement setting breakpoints by line:column
-        https://bugs.webkit.org/show_bug.cgi?id=53003
-
-        Reviewed by Geoffrey Garen.
-
-        Add a counter in lexer to record the column of each token. Debugger will use column info
-        in "Pretty Print" debug mode of Inspector.
-
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        (JSC::ConditionalNode::emitBytecode):
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::DebuggerStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        * debugger/Debugger.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::debug):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_debug):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_debug):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * parser/ASTBuilder.h:
-        (ASTBuilder):
-        (JSC::ASTBuilder::createCommaExpr):
-        (JSC::ASTBuilder::createLogicalNot):
-        (JSC::ASTBuilder::createUnaryPlus):
-        (JSC::ASTBuilder::createVoid):
-        (JSC::ASTBuilder::thisExpr):
-        (JSC::ASTBuilder::createResolve):
-        (JSC::ASTBuilder::createObjectLiteral):
-        (JSC::ASTBuilder::createArray):
-        (JSC::ASTBuilder::createNumberExpr):
-        (JSC::ASTBuilder::createString):
-        (JSC::ASTBuilder::createBoolean):
-        (JSC::ASTBuilder::createNull):
-        (JSC::ASTBuilder::createBracketAccess):
-        (JSC::ASTBuilder::createDotAccess):
-        (JSC::ASTBuilder::createRegExp):
-        (JSC::ASTBuilder::createNewExpr):
-        (JSC::ASTBuilder::createConditionalExpr):
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createFunctionExpr):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createArgumentsList):
-        (JSC::ASTBuilder::createPropertyList):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createBlockStatement):
-        (JSC::ASTBuilder::createExprStatement):
-        (JSC::ASTBuilder::createIfStatement):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::createEmptyStatement):
-        (JSC::ASTBuilder::createVarStatement):
-        (JSC::ASTBuilder::createReturnStatement):
-        (JSC::ASTBuilder::createBreakStatement):
-        (JSC::ASTBuilder::createContinueStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createSwitchStatement):
-        (JSC::ASTBuilder::createWhileStatement):
-        (JSC::ASTBuilder::createDoWhileStatement):
-        (JSC::ASTBuilder::createLabelStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::createThrowStatement):
-        (JSC::ASTBuilder::createDebugger):
-        (JSC::ASTBuilder::createConstStatement):
-        (JSC::ASTBuilder::appendConstDecl):
-        (JSC::ASTBuilder::combineCommaNodes):
-        (JSC::ASTBuilder::appendBinaryOperation):
-        (JSC::ASTBuilder::createAssignment):
-        (JSC::ASTBuilder::createNumber):
-        (JSC::ASTBuilder::makeTypeOfNode):
-        (JSC::ASTBuilder::makeDeleteNode):
-        (JSC::ASTBuilder::makeNegateNode):
-        (JSC::ASTBuilder::makeBitwiseNotNode):
-        (JSC::ASTBuilder::makeMultNode):
-        (JSC::ASTBuilder::makeDivNode):
-        (JSC::ASTBuilder::makeModNode):
-        (JSC::ASTBuilder::makeAddNode):
-        (JSC::ASTBuilder::makeSubNode):
-        (JSC::ASTBuilder::makeLeftShiftNode):
-        (JSC::ASTBuilder::makeRightShiftNode):
-        (JSC::ASTBuilder::makeURightShiftNode):
-        (JSC::ASTBuilder::makeBitOrNode):
-        (JSC::ASTBuilder::makeBitAndNode):
-        (JSC::ASTBuilder::makeBitXOrNode):
-        (JSC::ASTBuilder::makeFunctionCallNode):
-        (JSC::ASTBuilder::makeBinaryNode):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/Lexer.cpp:
-        (JSC::::setCode):
-        (JSC::::internalShift):
-        (JSC::::shift):
-        (JSC::::lex):
-        * parser/Lexer.h:
-        (Lexer):
-        (JSC::Lexer::currentColumnNumber):
-        (JSC::::lexExpectIdentifier):
-        * parser/NodeConstructors.h:
-        (JSC::Node::Node):
-        (JSC::ExpressionNode::ExpressionNode):
-        (JSC::StatementNode::StatementNode):
-        (JSC::NullNode::NullNode):
-        (JSC::BooleanNode::BooleanNode):
-        (JSC::NumberNode::NumberNode):
-        (JSC::StringNode::StringNode):
-        (JSC::RegExpNode::RegExpNode):
-        (JSC::ThisNode::ThisNode):
-        (JSC::ResolveNode::ResolveNode):
-        (JSC::ArrayNode::ArrayNode):
-        (JSC::PropertyListNode::PropertyListNode):
-        (JSC::ObjectLiteralNode::ObjectLiteralNode):
-        (JSC::BracketAccessorNode::BracketAccessorNode):
-        (JSC::DotAccessorNode::DotAccessorNode):
-        (JSC::ArgumentListNode::ArgumentListNode):
-        (JSC::NewExprNode::NewExprNode):
-        (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
-        (JSC::FunctionCallValueNode::FunctionCallValueNode):
-        (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
-        (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
-        (JSC::FunctionCallDotNode::FunctionCallDotNode):
-        (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
-        (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
-        (JSC::PrePostResolveNode::PrePostResolveNode):
-        (JSC::PostfixResolveNode::PostfixResolveNode):
-        (JSC::PostfixBracketNode::PostfixBracketNode):
-        (JSC::PostfixDotNode::PostfixDotNode):
-        (JSC::PostfixErrorNode::PostfixErrorNode):
-        (JSC::DeleteResolveNode::DeleteResolveNode):
-        (JSC::DeleteBracketNode::DeleteBracketNode):
-        (JSC::DeleteDotNode::DeleteDotNode):
-        (JSC::DeleteValueNode::DeleteValueNode):
-        (JSC::VoidNode::VoidNode):
-        (JSC::TypeOfResolveNode::TypeOfResolveNode):
-        (JSC::TypeOfValueNode::TypeOfValueNode):
-        (JSC::PrefixResolveNode::PrefixResolveNode):
-        (JSC::PrefixBracketNode::PrefixBracketNode):
-        (JSC::PrefixDotNode::PrefixDotNode):
-        (JSC::PrefixErrorNode::PrefixErrorNode):
-        (JSC::UnaryOpNode::UnaryOpNode):
-        (JSC::UnaryPlusNode::UnaryPlusNode):
-        (JSC::NegateNode::NegateNode):
-        (JSC::BitwiseNotNode::BitwiseNotNode):
-        (JSC::LogicalNotNode::LogicalNotNode):
-        (JSC::BinaryOpNode::BinaryOpNode):
-        (JSC::MultNode::MultNode):
-        (JSC::DivNode::DivNode):
-        (JSC::ModNode::ModNode):
-        (JSC::AddNode::AddNode):
-        (JSC::SubNode::SubNode):
-        (JSC::LeftShiftNode::LeftShiftNode):
-        (JSC::RightShiftNode::RightShiftNode):
-        (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
-        (JSC::LessNode::LessNode):
-        (JSC::GreaterNode::GreaterNode):
-        (JSC::LessEqNode::LessEqNode):
-        (JSC::GreaterEqNode::GreaterEqNode):
-        (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
-        (JSC::InstanceOfNode::InstanceOfNode):
-        (JSC::InNode::InNode):
-        (JSC::EqualNode::EqualNode):
-        (JSC::NotEqualNode::NotEqualNode):
-        (JSC::StrictEqualNode::StrictEqualNode):
-        (JSC::NotStrictEqualNode::NotStrictEqualNode):
-        (JSC::BitAndNode::BitAndNode):
-        (JSC::BitOrNode::BitOrNode):
-        (JSC::BitXOrNode::BitXOrNode):
-        (JSC::LogicalOpNode::LogicalOpNode):
-        (JSC::ConditionalNode::ConditionalNode):
-        (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
-        (JSC::AssignResolveNode::AssignResolveNode):
-        (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
-        (JSC::AssignBracketNode::AssignBracketNode):
-        (JSC::AssignDotNode::AssignDotNode):
-        (JSC::ReadModifyDotNode::ReadModifyDotNode):
-        (JSC::AssignErrorNode::AssignErrorNode):
-        (JSC::CommaNode::CommaNode):
-        (JSC::ConstStatementNode::ConstStatementNode):
-        (JSC::EmptyStatementNode::EmptyStatementNode):
-        (JSC::DebuggerStatementNode::DebuggerStatementNode):
-        (JSC::ExprStatementNode::ExprStatementNode):
-        (JSC::VarStatementNode::VarStatementNode):
-        (JSC::IfNode::IfNode):
-        (JSC::IfElseNode::IfElseNode):
-        (JSC::DoWhileNode::DoWhileNode):
-        (JSC::WhileNode::WhileNode):
-        (JSC::ForNode::ForNode):
-        (JSC::ContinueNode::ContinueNode):
-        (JSC::BreakNode::BreakNode):
-        (JSC::ReturnNode::ReturnNode):
-        (JSC::WithNode::WithNode):
-        (JSC::LabelNode::LabelNode):
-        (JSC::ThrowNode::ThrowNode):
-        (JSC::TryNode::TryNode):
-        (JSC::FuncExprNode::FuncExprNode):
-        (JSC::FuncDeclNode::FuncDeclNode):
-        (JSC::SwitchNode::SwitchNode):
-        (JSC::ConstDeclNode::ConstDeclNode):
-        (JSC::BlockNode::BlockNode):
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.cpp:
-        (JSC::StatementNode::setLoc):
-        (JSC):
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (Node):
-        (JSC::Node::columnNo):
-        (ExpressionNode):
-        (StatementNode):
-        (JSC::StatementNode::column):
-        (NullNode):
-        (BooleanNode):
-        (NumberNode):
-        (StringNode):
-        (RegExpNode):
-        (ThisNode):
-        (ResolveNode):
-        (ArrayNode):
-        (PropertyListNode):
-        (ObjectLiteralNode):
-        (BracketAccessorNode):
-        (DotAccessorNode):
-        (ArgumentListNode):
-        (NewExprNode):
-        (EvalFunctionCallNode):
-        (FunctionCallValueNode):
-        (FunctionCallResolveNode):
-        (FunctionCallBracketNode):
-        (FunctionCallDotNode):
-        (CallFunctionCallDotNode):
-        (ApplyFunctionCallDotNode):
-        (PrePostResolveNode):
-        (PostfixResolveNode):
-        (PostfixBracketNode):
-        (PostfixDotNode):
-        (PostfixErrorNode):
-        (DeleteResolveNode):
-        (DeleteBracketNode):
-        (DeleteDotNode):
-        (DeleteValueNode):
-        (VoidNode):
-        (TypeOfResolveNode):
-        (TypeOfValueNode):
-        (PrefixResolveNode):
-        (PrefixBracketNode):
-        (PrefixDotNode):
-        (PrefixErrorNode):
-        (UnaryOpNode):
-        (UnaryPlusNode):
-        (NegateNode):
-        (BitwiseNotNode):
-        (LogicalNotNode):
-        (BinaryOpNode):
-        (MultNode):
-        (DivNode):
-        (ModNode):
-        (AddNode):
-        (SubNode):
-        (LeftShiftNode):
-        (RightShiftNode):
-        (UnsignedRightShiftNode):
-        (LessNode):
-        (GreaterNode):
-        (LessEqNode):
-        (GreaterEqNode):
-        (ThrowableBinaryOpNode):
-        (InstanceOfNode):
-        (InNode):
-        (EqualNode):
-        (NotEqualNode):
-        (StrictEqualNode):
-        (NotStrictEqualNode):
-        (BitAndNode):
-        (BitOrNode):
-        (BitXOrNode):
-        (LogicalOpNode):
-        (ConditionalNode):
-        (ReadModifyResolveNode):
-        (AssignResolveNode):
-        (ReadModifyBracketNode):
-        (AssignBracketNode):
-        (AssignDotNode):
-        (ReadModifyDotNode):
-        (AssignErrorNode):
-        (CommaNode):
-        (ConstDeclNode):
-        (ConstStatementNode):
-        (BlockNode):
-        (EmptyStatementNode):
-        (DebuggerStatementNode):
-        (ExprStatementNode):
-        (VarStatementNode):
-        (IfNode):
-        (IfElseNode):
-        (DoWhileNode):
-        (WhileNode):
-        (ForNode):
-        (ForInNode):
-        (ContinueNode):
-        (BreakNode):
-        (ReturnNode):
-        (WithNode):
-        (LabelNode):
-        (ThrowNode):
-        (TryNode):
-        (ScopeNode):
-        (ProgramNode):
-        (EvalNode):
-        (FunctionBodyNode):
-        (FuncExprNode):
-        (FuncDeclNode):
-        (SwitchNode):
-        * parser/Parser.cpp:
-        (JSC::::parseSourceElements):
-        (JSC::::parseVarDeclaration):
-        (JSC::::parseConstDeclaration):
-        (JSC::::parseDoWhileStatement):
-        (JSC::::parseWhileStatement):
-        (JSC::::parseVarDeclarationList):
-        (JSC::::parseConstDeclarationList):
-        (JSC::::parseForStatement):
-        (JSC::::parseBreakStatement):
-        (JSC::::parseContinueStatement):
-        (JSC::::parseReturnStatement):
-        (JSC::::parseThrowStatement):
-        (JSC::::parseWithStatement):
-        (JSC::::parseSwitchStatement):
-        (JSC::::parseTryStatement):
-        (JSC::::parseDebuggerStatement):
-        (JSC::::parseBlockStatement):
-        (JSC::::parseStatement):
-        (JSC::::parseFunctionBody):
-        (JSC::::parseFunctionInfo):
-        (JSC::::parseFunctionDeclaration):
-        (JSC::::parseExpressionOrLabelStatement):
-        (JSC::::parseExpressionStatement):
-        (JSC::::parseIfStatement):
-        (JSC::::parseExpression):
-        (JSC::::parseAssignmentExpression):
-        (JSC::::parseConditionalExpression):
-        (JSC::::parseBinaryExpression):
-        (JSC::::parseProperty):
-        (JSC::::parseObjectLiteral):
-        (JSC::::parseStrictObjectLiteral):
-        (JSC::::parseArrayLiteral):
-        (JSC::::parsePrimaryExpression):
-        (JSC::::parseArguments):
-        (JSC::::parseMemberExpression):
-        (JSC::::parseUnaryExpression):
-        * parser/Parser.h:
-        (JSC::Parser::next):
-        (JSC::Parser::nextExpectIdentifier):
-        (JSC::Parser::tokenStart):
-        (JSC::Parser::tokenLine):
-        (JSC::Parser::tokenEnd):
-        (JSC::Parser::tokenLocation):
-        (Parser):
-        (JSC::Parser::getTokenName):
-        (JSC::::parse):
-        * parser/ParserTokens.h:
-        (JSC::JSTokenLocation::JSTokenLocation):
-        (JSTokenLocation):
-        (JSToken):
-        * parser/SourceProviderCacheItem.h:
-        (JSC::SourceProviderCacheItem::closeBraceToken):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::makeFunctionCallNode):
-        (JSC::SyntaxChecker::createCommaExpr):
-        (JSC::SyntaxChecker::makeAssignNode):
-        (JSC::SyntaxChecker::makePrefixNode):
-        (JSC::SyntaxChecker::makePostfixNode):
-        (JSC::SyntaxChecker::makeTypeOfNode):
-        (JSC::SyntaxChecker::makeDeleteNode):
-        (JSC::SyntaxChecker::makeNegateNode):
-        (JSC::SyntaxChecker::makeBitwiseNotNode):
-        (JSC::SyntaxChecker::createLogicalNot):
-        (JSC::SyntaxChecker::createUnaryPlus):
-        (JSC::SyntaxChecker::createVoid):
-        (JSC::SyntaxChecker::thisExpr):
-        (JSC::SyntaxChecker::createResolve):
-        (JSC::SyntaxChecker::createObjectLiteral):
-        (JSC::SyntaxChecker::createArray):
-        (JSC::SyntaxChecker::createNumberExpr):
-        (JSC::SyntaxChecker::createString):
-        (JSC::SyntaxChecker::createBoolean):
-        (JSC::SyntaxChecker::createNull):
-        (JSC::SyntaxChecker::createBracketAccess):
-        (JSC::SyntaxChecker::createDotAccess):
-        (JSC::SyntaxChecker::createRegExp):
-        (JSC::SyntaxChecker::createNewExpr):
-        (JSC::SyntaxChecker::createConditionalExpr):
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createFunctionExpr):
-        (JSC::SyntaxChecker::createFunctionBody):
-        (JSC::SyntaxChecker::createArgumentsList):
-        (JSC::SyntaxChecker::createPropertyList):
-        (JSC::SyntaxChecker::createFuncDeclStatement):
-        (JSC::SyntaxChecker::createBlockStatement):
-        (JSC::SyntaxChecker::createExprStatement):
-        (JSC::SyntaxChecker::createIfStatement):
-        (JSC::SyntaxChecker::createForLoop):
-        (JSC::SyntaxChecker::createForInLoop):
-        (JSC::SyntaxChecker::createEmptyStatement):
-        (JSC::SyntaxChecker::createVarStatement):
-        (JSC::SyntaxChecker::createReturnStatement):
-        (JSC::SyntaxChecker::createBreakStatement):
-        (JSC::SyntaxChecker::createContinueStatement):
-        (JSC::SyntaxChecker::createTryStatement):
-        (JSC::SyntaxChecker::createSwitchStatement):
-        (JSC::SyntaxChecker::createWhileStatement):
-        (JSC::SyntaxChecker::createWithStatement):
-        (JSC::SyntaxChecker::createDoWhileStatement):
-        (JSC::SyntaxChecker::createLabelStatement):
-        (JSC::SyntaxChecker::createThrowStatement):
-        (JSC::SyntaxChecker::createDebugger):
-        (JSC::SyntaxChecker::createConstStatement):
-        (JSC::SyntaxChecker::appendConstDecl):
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-        (JSC::SyntaxChecker::combineCommaNodes):
-        (JSC::SyntaxChecker::operatorStackPop):
-
-2012-08-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should hoist structure checks
-        https://bugs.webkit.org/show_bug.cgi?id=92696
-
-        Reviewed by Gavin Barraclough.
-
-        This hoists structure checks in the same way that we would hoist array checks, but with added
-        complexity to cope with the fact that the structure of an object may change. This is handled
-        by performing a side effects analysis over the region in which the respective variable is
-        live. If a structure clobbering side effect may happen then we either hoist the structure
-        checks and fall back on structure transition watchpoints (if the watchpoint set is still
-        valid), or we avoid hoisting altogether.
-        
-        Doing this required teaching the CFA that we may have an expectation that an object has a
-        particular structure even after structure clobbering happens, in the sense that structure
-        proofs that were cobbered can be revived using watchpoints. CFA must know about this so that
-        OSR entry may know about it, since we cannot allow entry to happen if the variable has a
-        clobbered structure proof, will have a watchpoint to revive the proof, and the variable in
-        the baseline JIT has a completely unrelated structure.
-        
-        This is mostly performance neutral.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::isSet):
-        (JSC::ValueRecovery::operator!):
-        (ValueRecovery):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::clobberWorld):
-        (DFG):
-        (JSC::DFG::AbstractState::clobberCapturedVars):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::clear):
-        (JSC::DFG::AbstractValue::isClear):
-        (JSC::DFG::AbstractValue::makeTop):
-        (JSC::DFG::AbstractValue::isTop):
-        (JSC::DFG::AbstractValue::set):
-        (JSC::DFG::AbstractValue::operator==):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::validate):
-        (JSC::DFG::AbstractValue::validateForEntry):
-        (AbstractValue):
-        (JSC::DFG::AbstractValue::checkConsistency):
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::fixVariableAccessSpeculations):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::getLocalLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::vote):
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
-        (Node):
-        (JSC::DFG::Node::hasStructureSet):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::speculationCheckWithConditionalDirection):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateCellOperand::gpr):
-        (SpeculateCellOperand):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp: Added.
-        (DFG):
-        (StructureCheckHoistingPhase):
-        (JSC::DFG::StructureCheckHoistingPhase::StructureCheckHoistingPhase):
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
-        (JSC::DFG::StructureCheckHoistingPhase::clobber):
-        (CheckData):
-        (JSC::DFG::StructureCheckHoistingPhase::CheckData::CheckData):
-        (JSC::DFG::performStructureCheckHoisting):
-        * dfg/DFGStructureCheckHoistingPhase.h: Added.
-        (DFG):
-        * dfg/DFGVariableAccessData.h:
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeStructureCheckHoistingFailed):
-        (JSC::DFG::VariableAccessData::structureCheckHoistingFailed):
-        (JSC::DFG::VariableAccessData::clearVotes):
-        (JSC::DFG::VariableAccessData::vote):
-        (JSC::DFG::VariableAccessData::voteRatio):
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
-        * runtime/Options.h:
-        (JSC):
-
-2012-08-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should distinguish between PutByVal's that clobber the world and ones that don't
-        https://bugs.webkit.org/show_bug.cgi?id=92923
-
-        Reviewed by Mark Hahnenberg.
-
-        This is performance-neutral. I also confirmed that it's neutral if we make the
-        clobbering variant (PutByValSafe) clobber all knowledge of what is an array,
-        which should feed nicely into work on removing uses of ClassInfo.
-
-        * bytecode/DFGExitProfile.h:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkStructureLoadElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        (JSC::DFG::Graph::clobbersWorld):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-08-01  Jian Li  <jianli@chromium.org>
-
-        Add new CSS property "-webkit-widget-region" to expose dashboard region support for other port
-        https://bugs.webkit.org/show_bug.cgi?id=90298
-
-        Reviewed by Adam Barth.
-
-        * Configurations/FeatureDefines.xcconfig: Add ENABLE_WIDGET_REGION define.
-
-2012-08-01  Patrick Gansterer  <paroga@webkit.org>
-
-        Replace WTF::getCurrentLocalTime() with GregorianDateTime::setToCurrentLocalTime()
-        https://bugs.webkit.org/show_bug.cgi?id=92286
-
-        Reviewed by Geoffrey Garen.
-
-        Add a method to GregorianDateTime to set its values to the current locale time.
-        Replacing all occurrences of getCurrentLocalTime with the new function allows
-        us to remove getCurrentLocalTime in a next step.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-08-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        C++ code should get ClassInfo from the Structure
-        https://bugs.webkit.org/show_bug.cgi?id=92892
-
-        Reviewed by Geoffrey Garen.
-
-        In our march to remove ClassInfo from our JSCell object headers, we can switch 
-        C++ code over to grabbing the ClassInfo from the Structure since it is finally 
-        safe to do so now that Structure access is safe during finalization/destruction. 
-        The remaining JIT code changes can be done in a separate patch.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::callDestructor): We don't want to clear the Structure any more 
-        since the Structure should still be valid at this point.
-        * heap/WeakSetInlines.h:
-        (JSC::WeakBlock::finalize): Ditto.
-        * runtime/JSCell.h:
-        (JSC):
-        * runtime/Structure.h:
-        (JSC::JSCell::classInfo): Move JSCell's classInfo() to Structure.h so it can be 
-        inline. Use a different method of getting the JSCell's Structure based on 
-        whether we're in GC_VALIDATION mode or not, since always using get() will cause 
-        infinite recursion in GC_VALIDATION mode.
-        (JSC):
-
-2012-07-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        MarkedBlock::sweep() should sweep another block if it can't sweep a Structure block
-        https://bugs.webkit.org/show_bug.cgi?id=92819
-
-        Reviewed by Geoffrey Garen.
-
-        If we are forced to allocate a new block for Structures because we are unable to safely 
-        sweep our pre-existing Structure blocks, we should sweep another random block so that we 
-        can start sweeping Structure blocks sooner.
-
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doSweep): Change to use sweepNextBlock.
-        (JSC):
-        (JSC::IncrementalSweeper::sweepNextBlock): 
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper): When we can't safely sweep 
-        our Structure blocks, call sweepNextBlock instead.
-
-2012-07-31  Sam Weinig  <sam@webkit.org>
-
-        Fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-07-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Maybe fix the GCC build.
-
-        * heap/HeapBlock.h:
-        (HeapBlock): Accommodate incorrect parsing in GCC.
-
-2012-07-31  Sam Weinig  <sam@webkit.org>
-
-        Stop masking 8 bits off of the visited link hash. We need all the bits!
-        https://bugs.webkit.org/show_bug.cgi?id=92799
-
-        Reviewed by Anders Carlsson.
-
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierCStringTranslator::hash):
-        (JSC::IdentifierLCharFromUCharTranslator::hash):
-        * runtime/Identifier.h:
-        (JSC::IdentifierCharBufferTranslator::hash):
-        Update for new function names.
-
-2012-07-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Maybe break the Windows build.
-
-        Reviewed by Anders Carlsson.
-
-        Formally objected to by Sam Weinig.
-
-        * heap/HeapBlock.h:
-        (HeapBlock): Try to slightly improve this because we don't want Windows to control our lives.
-
-2012-07-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Structures should be swept after all other objects
-        https://bugs.webkit.org/show_bug.cgi?id=92679
-
-        Reviewed by Filip Pizlo.
-
-        In order to get rid of ClassInfo from our objects, we need to be able to safely get the 
-        ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the 
-        Structure, but currently it is not safe to do so because the order of destruction of objects 
-        is not guaranteed to sweep objects before their corresponding Structure. We can fix this by 
-        sweeping Structures after everything else.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::isSafeToSweepStructures): Add a function that checks if it is safe to sweep Structures.
-        If the Heap's IncrementalSweeper member is null, that means we're shutting down this VM and it is 
-        safe to sweep structures since we'll always do Structures last anyways due to the ordering of 
-        MarkedSpace::forEachBlock.
-        (JSC):
-        (JSC::Heap::didStartVMShutdown): Add this intermediate function to the Heap that ~JSGlobalData now
-        calls rather than calling the two HeapTimer objects individually. This allows the Heap to null out 
-        these pointers after it has invalidated them to prevent accidental use-after-free in the sweep() 
-        calls during lastChanceToFinalize().
-        * heap/Heap.h:
-        (Heap):
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::structuresCanBeSwept): Determines if it is currently safe to sweep Structures.
-        This decision is based on whether we have gotten to the end of the vector of blocks that need sweeping
-        the first time.
-        (JSC):
-        (JSC::IncrementalSweeper::doSweep): We add a second pass over the vector to sweep Structures after we 
-        make our first pass. We now null out the slots as we sweep them so that we can quickly find the 
-        Structures during the second pass.
-        (JSC::IncrementalSweeper::startSweeping): Initialize our new Structure sweeping index.
-        (JSC::IncrementalSweeper::willFinishSweeping): Callback that is called by MarkedSpace::sweep to notify 
-        the IncrementalSweeper that we are going to sweep all of the remaining blocks in the Heap so it can 
-        assume that everything is taken care of in the correct order. Since MarkedSpace::forEachBlock 
-        iterates over the Structure blocks after all other blocks, the ordering property for sweeping Structures holds.
-        (JSC::IncrementalSweeper::IncrementalSweeper): Initialize Structure sweeping index.
-        * heap/IncrementalSweeper.h: Add declarations for new stuff.
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper): We now check if the current block only contains structures and 
-        if so and it isn't safe to sweep Structures according to the Heap, we just return early instead of doing 
-        the normal lazy sweep. If this proves to be too much of a waste in the future we can add an extra clause that 
-        will sweep some number of other blocks in place of the current block to mitigate the cost of the floating 
-        Structure garbage.
-        (JSC::MarkedAllocator::addBlock):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::zapFreeList): When we zap the free list in the MarkedAllocator, the current block is no 
-        longer valid to allocate from, so we set the current block to null.
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweepHelper): Added a couple assertions to make sure that we weren't trying to sweep Structures
-        at an unsafe time.
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::sweep): Notify the IncrementalSweeper that the MarkedSpace will finish all currently remaining sweeping.
-        (JSC): 
-        * heap/MarkedSpace.h:
-        (JSC):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData): Call the new Heap::didStartVMShutdown.
-
-2012-07-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Fix all the other builds I just broke. Maybe fix the Windows build.
-
-        * heap/HeapBlock.h:
-        (HeapBlock): WTF?
-
-2012-07-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Maybe fix the Windows build.
-
-        * heap/HeapBlock.h:
-        (HeapBlock): WTF?
-
-2012-07-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Maybe fix the Windows build.
-
-        * heap/HeapBlock.h:
-        (HeapBlock): WTF?
-
-2012-07-31  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed some public data and casting from the Heap
-        https://bugs.webkit.org/show_bug.cgi?id=92777
-
-        Reviewed by Oliver Hunt.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::releaseFreeBlocks):
-        (JSC::BlockAllocator::blockFreeingThreadMain): Use the DeadBlock class
-        since HeapBlock is a template, and not a class, now. Call destroy()
-        instead of monkeying around with DeadBlock's internal data because
-        encapsulation is good.
-
-        * heap/BlockAllocator.h:
-        (DeadBlock): Added a class to represent a dead block, since HeapBlock is
-        a template now, and can't be instantiated directly.
-
-        (JSC::DeadBlock::DeadBlock):
-        (JSC::DeadBlock::create):
-        (BlockAllocator):
-        (JSC::BlockAllocator::allocate):
-        (JSC::BlockAllocator::deallocate): Use the DeadBlock class because
-        encapsulation is good.
-
-        * heap/CopiedBlock.h:
-        (CopiedBlock::destroy): No need for a destroy() function, since we
-        inherit one now.
-
-        (JSC::CopiedBlock::CopiedBlock):
-        (JSC::CopiedBlock::payloadEnd):
-        (JSC::CopiedBlock::capacity): Updated for some encapsulation inside
-        HeapBlock.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::~CopiedSpace):
-        (JSC::CopiedSpace::doneCopying):
-        (JSC::CopiedSpace::size):
-        (JSC::CopiedSpace::capacity):
-        (JSC::isBlockListPagedOut): Removed a bunch of casting. This is no longer
-        necessary, now that our list and its nodes have the right type.
-
-        * heap/CopiedSpace.h: Use the right type in our data structures because
-        it improves clarity.
-
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::startedCopying): Use swap to avoid duplicating it.
-
-        * heap/HeapBlock.h:
-        (HeapBlock): Made this a class template so we can return the right type
-        in linked list operations. Made our data private because encapsulation
-        is good.
-
-        (JSC::HeapBlock::destroy): Since we know our type, we can also eliminate
-        duplicate destroy() functions in our subclasses.
-
-        (JSC::HeapBlock::allocation): Added an accessor so we can hide our data.
-        By using const, this accessor prevents clients from accidentally deleting
-        our allocation.
-
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::isPagedOut):
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::removeBlock): Removed a bunch of casting. This is
-        no longer necessary, now that our list and its nodes have the right type.
-
-        * heap/MarkedAllocator.h:
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::reset):
-        (JSC::MarkedAllocator::forEachBlock): Use the right type, do less casting.
-
-        * heap/MarkedBlock.cpp: 
-        (JSC::MarkedBlock::destroy): Removed this function because our parent
-        class provides it for us now.
-
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::capacity): Updated for encapsulation.
-
-2012-07-31  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit profiling has unusual oversights
-        https://bugs.webkit.org/show_bug.cgi?id=92728
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-07-31  Chao-ying Fu  <fu@mips.com>
-
-        Add MIPS add32 function
-        https://bugs.webkit.org/show_bug.cgi?id=91522
-
-        Reviewed by Oliver Hunt.
-
-        Add isCompactPtrAlignedAddressOffset.
-        Add a new version of add32 that accepts AbsoluteAddress as inputs.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::isCompactPtrAlignedAddressOffset): New.
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::add32): Support AbsoluteAddress as inputs.
-
-2012-07-30  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r124123.
-        http://trac.webkit.org/changeset/124123
-        https://bugs.webkit.org/show_bug.cgi?id=92700
-
-        ASSERT crashes terminate webkit Layout tests (Requested by
-        msaboff on #webkit).
-
-        * heap/Heap.cpp:
-        * heap/Heap.h:
-        (Heap):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doSweep):
-        (JSC::IncrementalSweeper::startSweeping):
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::addBlock):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::zapFreeList):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweepHelper):
-        * heap/MarkedSpace.cpp:
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::sweep):
-        (JSC):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData):
-
-2012-07-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Structures should be swept after all other objects
-        https://bugs.webkit.org/show_bug.cgi?id=92679
-
-        Reviewed by Filip Pizlo.
-
-        In order to get rid of ClassInfo from our objects, we need to be able to safely get the 
-        ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the 
-        Structure, but currently it is not safe to do so because the order of destruction of objects 
-        is not guaranteed to sweep objects before their corresponding Structure. We can fix this by 
-        sweeping Structures after everything else.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::isSafeToSweepStructures): Add a function that checks if it is safe to sweep Structures.
-        If the Heap's IncrementalSweeper member is null, that means we're shutting down this VM and it is 
-        safe to sweep structures since we'll always do Structures last anyways due to the ordering of 
-        MarkedSpace::forEachBlock.
-        (JSC):
-        (JSC::Heap::didStartVMShutdown): Add this intermediate function to the Heap that ~JSGlobalData now
-        calls rather than calling the two HeapTimer objects individually. This allows the Heap to null out 
-        these pointers after it has invalidated them to prevent accidental use-after-free in the sweep() 
-        calls during lastChanceToFinalize().
-        * heap/Heap.h:
-        (Heap):
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::structuresCanBeSwept): Determines if it is currently safe to sweep Structures.
-        This decision is based on whether we have gotten to the end of the vector of blocks that need sweeping
-        the first time.
-        (JSC):
-        (JSC::IncrementalSweeper::doSweep): We add a second pass over the vector to sweep Structures after we 
-        make our first pass. We now null out the slots as we sweep them so that we can quickly find the 
-        Structures during the second pass.
-        (JSC::IncrementalSweeper::startSweeping): Initialize our new Structure sweeping index.
-        (JSC::IncrementalSweeper::willFinishSweeping): Callback that is called by MarkedSpace::sweep to notify 
-        the IncrementalSweeper that we are going to sweep all of the remaining blocks in the Heap so it can 
-        assume that everything is taken care of in the correct order. Since MarkedSpace::forEachBlock 
-        iterates over the Structure blocks after all other blocks, the ordering property for sweeping Structures holds.
-        (JSC::IncrementalSweeper::IncrementalSweeper): Initialize Structure sweeping index.
-        * heap/IncrementalSweeper.h: Add declarations for new stuff.
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper): We now check if the current block only contains structures and 
-        if so and it isn't safe to sweep Structures according to the Heap, we just return early instead of doing 
-        the normal lazy sweep. If this proves to be too much of a waste in the future we can add an extra clause that 
-        will sweep some number of other blocks in place of the current block to mitigate the cost of the floating 
-        Structure garbage.
-        (JSC::MarkedAllocator::addBlock):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::zapFreeList): When we zap the free list in the MarkedAllocator, the current block is no 
-        longer valid to allocate from, so we set the current block to null.
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweepHelper): Added a couple assertions to make sure that we weren't trying to sweep Structures
-        at an unsafe time.
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::sweep): Notify the IncrementalSweeper that the MarkedSpace will finish all currently remaining sweeping.
-        (JSC): 
-        * heap/MarkedSpace.h:
-        (JSC):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::~JSGlobalData): Call the new Heap::didStartVMShutdown.
-
-2012-07-29  Filip Pizlo  <fpizlo@apple.com>
-
-        PropertyNameArray::m_shouldCache is only assigned and never used
-        https://bugs.webkit.org/show_bug.cgi?id=92598
-
-        Reviewed by Dan Bernstein.
-
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (PropertyNameArray):
-
-2012-07-29  Rik Cabanier  <cabanier@adobe.com>
-
-        Add ENABLE_CSS_COMPOSITING flag
-        https://bugs.webkit.org/show_bug.cgi?id=92553
-
-        Reviewed by Dirk Schulze.
-
-        Adds compiler flag CSS_COMPOSITING to build systems to enable CSS blending and compositing. See spec https://dvcs.w3.org/hg/FXTF/rawfile/tip/compositing/index.html
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Split functionality of MarkedAllocator::m_currentBlock
-        https://bugs.webkit.org/show_bug.cgi?id=92550
-
-        Reviewed by Filip Pizlo.
-
-        MarkedAllocator::m_currentBlock serves two purposes right now; it indicates the block that is currently 
-        being used for allocation and the beginning of the list of blocks that need to be swept. We should split 
-        these two functionalities into two separate fields.
-
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::tryAllocateHelper): Use m_blocksToSweep instead of m_currentBlock as the 
-        initializer/reference of the loop. Only change m_currentBlock when we know what the result will be.
-        (JSC::MarkedAllocator::addBlock): When we add a new block we know that both m_blocksToSweep and 
-        m_currentBlock are null. In order to preserve the invariant that m_currentBlock <= m_blocksToSweep, 
-        we assign both of them to point to the new block.
-        (JSC::MarkedAllocator::removeBlock): We need a separate check to see if the block we're removing is 
-        m_blocksToSweep and if so, advance it to the next block in the list.
-        * heap/MarkedAllocator.h:
-        (MarkedAllocator): Initialize m_blocksToSweep.
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::reset): We set m_blocksToSweep to be the head of our list. This function is called
-        at the end of a collection, so all of the blocks in our allocator need to be swept. We need to sweep a 
-        block before we can start allocating, so m_currentBlock is set to null. We also set the freeList to 
-        the empty FreeList to emphasize the fact that we can't start allocating until we do some sweeping.
-
-2012-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Increase inline storage for JSFinalObjects by one
-        https://bugs.webkit.org/show_bug.cgi?id=92526
-
-        Reviewed by Geoffrey Garen.
-
-        Now that we've removed the inheritorID from objects, we can increase our inline storage for JSFinalObjects on 
-        64-bit platforms by 1.
-
-        * llint/LowLevelInterpreter.asm: Change the constant.
-        * runtime/PropertyOffset.h: Change the constant.
-        (JSC):
-
-2012-07-27  Jer Noble  <jer.noble@apple.com>
-
-        Support a rational time class for use by media elements.
-        https://bugs.webkit.org/show_bug.cgi?id=88787
-
-        Re-export WTF::MediaTime from JavaScriptCore.
-
-        Reviewed by Eric Carlson.
-
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-07-26  Filip Pizlo  <fpizlo@apple.com>
-
-        JSObject::reallocateStorageIfNecessary is neither used nor defined
-        https://bugs.webkit.org/show_bug.cgi?id=92417
-
-        Reviewed by Mark Rowe.
-
-        * runtime/JSObject.h:
-        (JSObject):
-
-2012-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Allocate Structures in a separate part of the Heap
-        https://bugs.webkit.org/show_bug.cgi?id=92420
-
-        Reviewed by Filip Pizlo.
-
-        To fix our issue with destruction/finalization of Structures before their objects, we can move Structures to a separate 
-        part of the Heap that will be swept after all other objects. This first patch will just be separating Structures 
-        out into their own separate MarkedAllocator. Everything else will behave identically.
-
-        * heap/Heap.h: New function to allocate Structures in the Heap.
-        (Heap):
-        (JSC):
-        (JSC::Heap::allocateStructure):
-        * heap/MarkedAllocator.cpp: Pass whether or not we're allocated Structures to the MarkedBlock.
-        (JSC::MarkedAllocator::allocateBlock):
-        * heap/MarkedAllocator.h: Add tracking for whether or not we're allocating only Structures.
-        (JSC::MarkedAllocator::onlyContainsStructures):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::init):
-        * heap/MarkedBlock.cpp: Add tracking for whether or not we're allocating only Structures. We need this to be able to 
-        distinguish the various MarkedBlock types in MarkedSpace::allocatorFor(MarkedBlock*).
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::onlyContainsStructures):
-        (JSC):
-        * heap/MarkedSpace.cpp: Include the new Structure allocator in all the places that all the other allocators are used/modified.
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::MarkedSpace::isPagedOut):
-        * heap/MarkedSpace.h: Add new MarkedAllocator just for Structures.
-        (MarkedSpace):
-        (JSC::MarkedSpace::allocatorFor):
-        (JSC::MarkedSpace::allocateStructure):
-        (JSC):
-        (JSC::MarkedSpace::forEachBlock):
-        * runtime/Structure.h: Move all of the functions that call allocateCell<Structure> down below the explicit template specialization
-        for allocateCell<Structure>. The new inline specialization for allocateCell directly calls the allocateStructure() function in the
-        Heap.
-        (Structure):
-        (JSC::Structure):
-        (JSC):
-        (JSC::Structure::create):
-        (JSC::Structure::createStructure):
-
-2012-07-26  Filip Pizlo  <fpizlo@apple.com>
-
-        JSArray has methods that are neither used nor defined
-        https://bugs.webkit.org/show_bug.cgi?id=92416
-
-        Reviewed by Simon Fraser.
-
-        * runtime/JSArray.h:
-        (JSArray):
-
-2012-07-26  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt][ARM]ARMAssembler needs buildfix afert r123417
-        https://bugs.webkit.org/show_bug.cgi?id=92086
-
-        Reviewed by Csaba Osztrogonác.
-
-        The ARM implementation of this should be optimized code path
-        is covered by a non-optimized code path. This patch fixes this,
-        and adds a new function which returns with the offset range.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::readPointer):
-        (ARMAssembler):
-        (JSC::ARMAssembler::repatchInt32):
-        (JSC::ARMAssembler::repatchCompact):
-        * assembler/MacroAssemblerARM.h:
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::isCompactPtrAlignedAddressOffset):
-        (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
-
-2012-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Build fix for 32-bit after r123682
-
-        * runtime/JSObject.h: Need to pad out JSObjects on 32-bit so that they're the correct size since
-        we only removed one 4-byte word and we need to be 8-byte aligned.
-        (JSObject):
-
-2012-07-25  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC GC object copying APIs should allow for greater flexibility
-        https://bugs.webkit.org/show_bug.cgi?id=92316
-
-        Reviewed by Mark Hahnenberg.
-
-        It's now the case that visitChildren() methods can directly pin and allocate in new space during copying.
-        They can also do the copying and marking themselves. This new API is only used for JSObjects for now.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::allocateNewSpaceSlow):
-        (JSC::SlotVisitor::allocateNewSpaceOrPin):
-        (JSC):
-        (JSC::SlotVisitor::copyAndAppend):
-        * heap/MarkStack.h:
-        (MarkStack):
-        (JSC::MarkStack::appendUnbarrieredValue):
-        (JSC):
-        * heap/SlotVisitor.h:
-        * heap/SlotVisitorInlineMethods.h: Added.
-        (JSC):
-        (JSC::SlotVisitor::checkIfShouldCopyAndPinOtherwise):
-        (JSC::SlotVisitor::allocateNewSpace):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitOutOfLineStorage):
-        (JSC):
-        (JSC::JSObject::visitChildren):
-        (JSC::JSFinalObject::visitChildren):
-        * runtime/JSObject.h:
-        (JSObject):
-
-2012-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove JSObject::m_inheritorID
-        https://bugs.webkit.org/show_bug.cgi?id=88378
-
-        Reviewed by Filip Pizlo.
-
-        This is rarely used, and not performance critical (the commonly accessed copy is cached on JSFunction),
-        and most objects don't need an inheritorID (this value is only used if the object is used as a prototype).
-        Instead use a private named value in the object's property storage.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): No need m_inheritorID to initialize!
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject): No need m_inheritorID to initialize!
-        * llint/LowLevelInterpreter.asm: No need m_inheritorID to initialize!
-        * runtime/JSGlobalData.h:
-        (JSGlobalData): Added private name 'm_inheritorIDKey'.
-        * runtime/JSGlobalThis.cpp:
-        (JSC::JSGlobalThis::setUnwrappedObject): resetInheritorID is now passed a JSGlobalData&.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren): No m_inheritorID to be marked.
-        (JSC::JSFinalObject::visitChildren): No m_inheritorID to be marked.
-        (JSC::JSObject::createInheritorID): Store the newly created inheritorID in the property map. Make sure 
-        it's got the DontEnum attribute!!
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::resetInheritorID): Remove the inheritorID from property storage.
-        (JSC):
-        (JSC::JSObject::inheritorID): Read the inheritorID from property storage.
-
-2012-07-25  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Create a specialized pair for use in HashMap iterators
-        https://bugs.webkit.org/show_bug.cgi?id=92137
-
-        Reviewed by Ryosuke Niwa.
-
-        Update a couple of sites that relied on the fact that "contents" of iterators were
-        std::pairs.
-
-        * profiler/Profile.cpp:
-        (JSC): This code kept a vector of the pairs that were the "contents" of the iterators. This
-        is changed to use a KeyValuePair. We make use HashCount's ValueType (which represents only
-        the key) to get the proper key parameter for KeyValuePair.
-        * tools/ProfileTreeNode.h:
-        (ProfileTreeNode): Use HashMap::ValueType to declare the type of the contents of the hash
-        instead of declaring it manually. This will make use of the new KeyValuePair.
-
-2012-07-25  Patrick Gansterer  <paroga@webkit.org>
-
-        REGRESSION(r123505): Date.getYear() returns the same as Date.getFullYear()
-        https://bugs.webkit.org/show_bug.cgi?id=92218
-
-        Reviewed by Csaba Osztrogonác.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncGetYear): Added the missing offset of 1900 to the return value.
-
-2012-07-24  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r123417): It made tests assert/crash on 32 bit
-        https://bugs.webkit.org/show_bug.cgi?id=92088
-
-        Reviewed by Mark Hahnenberg.
-
-        The pointer arithmetic was wrong, because negative numbers are hard to think about.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitPutTransitionStub):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
-
-2012-07-24  Patrick Gansterer  <paroga@webkit.org>
-
-        Store the full year in GregorianDateTime
-        https://bugs.webkit.org/show_bug.cgi?id=92067
-
-        Reviewed by Geoffrey Garen.
-
-        Use the full year instead of the offset from year 1900
-        for the year member variable of GregorianDateTime.
-
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        (JSC::dateUTC):
-        * runtime/DateConversion.cpp:
-        (JSC::formatDate):
-        (JSC::formatDateUTCVariant):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        (JSC::fillStructuresUsingDateArgs):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncGetFullYear):
-        (JSC::dateProtoFuncGetUTCFullYear):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/JSDateMath.cpp:
-        (JSC::gregorianDateTimeToMS):
-        (JSC::msToGregorianDateTime):
-
-2012-07-24  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Build fix after r123417.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-07-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Move GregorianDateTime from JSC to WTF namespace
-        https://bugs.webkit.org/show_bug.cgi?id=91948
-
-        Reviewed by Geoffrey Garen.
-
-        Moving GregorianDateTime into the WTF namespace allows us to us to
-        use it in WebCore too. The new class has the same behaviour as the
-        old struct. Only the unused timeZone member has been removed.
-
-        * runtime/DateConstructor.cpp:
-        * runtime/DateConversion.cpp:
-        * runtime/DateConversion.h:
-        * runtime/DateInstance.h:
-        * runtime/DatePrototype.cpp:
-        * runtime/JSDateMath.cpp:
-        * runtime/JSDateMath.h:
-
-2012-07-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Property storage should grow in reverse address direction, to support butterflies
-        https://bugs.webkit.org/show_bug.cgi?id=91788
-
-        Reviewed by Geoffrey Garen.
-
-        Changes property storage to grow to the left, and changes the property storage pointer to point
-        one 8-byte word (i.e. JSValue) to the right of the first value in the storage.
-        
-        Also improved debug support somewhat, by adding a describe() function to the jsc command-line,
-        and a slow mode of object access in LLInt.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::repatchCompact):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::isCompactPtrAlignedAddressOffset):
-        (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::isCompactPtrAlignedAddressOffset):
-        (JSC::MacroAssemblerX86Common::repatchCompact):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::repatchCompact):
-        * bytecode/CodeBlock.cpp:
-        (JSC::dumpStructure):
-        * bytecode/GetByIdStatus.h:
-        (JSC::GetByIdStatus::GetByIdStatus):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::emitPutTransitionStub):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::genericAddPointer):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::pinIfNecessary):
-        (JSC):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (functionDescribe):
-        * llint/LLIntCommon.h:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        (JSC::JSFinalObject::visitChildren):
-        (JSC::JSObject::growOutOfLineStorage):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::offsetForLocation):
-        * runtime/JSValue.h:
-        (JSValue):
-        * runtime/PropertyOffset.h:
-        (JSC::offsetInOutOfLineStorage):
-
-2012-07-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG is too aggressive in performing the specific value optimization on loads
-        https://bugs.webkit.org/show_bug.cgi?id=92034
-
-        Reviewed by Mark Hahnenberg.
-
-        This ensures that we don't do optimizations based on a structure having a specific
-        value, if there is no way to detect that the value is despecified. This is the
-        case for dictionaries, since despecifying a value in a dictionary does not lead to
-        a transition and so cannot be caught by either structure checks or structure
-        transition watchpoints.
-
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        (JSC::GetByIdStatus::computeForChain):
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC::computeForStructure):
-
-2012-07-23  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r123169): It made fast/js/dfg-inline-arguments-use-from-uninlined-code.html fail on 32 bit platforms
-        https://bugs.webkit.org/show_bug.cgi?id=92002
-
-        Reviewed by Mark Hahnenberg.
-        
-        In the process of changing the nature of local variable typing, I forgot to modify one of the places where
-        we glue the DFG's notion of variable prediction to the runtime's notion of variable tagging.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-07-23  Simon Fraser  <simon.fraser@apple.com>
-
-        Part 2 of: Implement sticky positioning
-        https://bugs.webkit.org/show_bug.cgi?id=90046
-
-        Reviewed by Ojan Vafai.
-
-        Turn on ENABLE_CSS_STICKY_POSITION.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-23  Patrick Gansterer  <paroga@webkit.org>
-
-        Move JSC::parseDate() from DateConversion to JSDateMath
-        https://bugs.webkit.org/show_bug.cgi?id=91982
-
-        Reviewed by Geoffrey Garen.
-
-        Moveing this function into the other files removes the dependency
-        on JSC spcific classes in DateConversion.{cpp|h}.
-
-        * runtime/DateConversion.cpp:
-        * runtime/DateConversion.h:
-        (JSC):
-        * runtime/JSDateMath.cpp:
-        (JSC::parseDate):
-        (JSC):
-        * runtime/JSDateMath.h:
-        (JSC):
-
-2012-07-23  Simon Fraser  <simon.fraser@apple.com>
-
-        Part 1 of: Implement sticky positioning
-        https://bugs.webkit.org/show_bug.cgi?id=90046
-
-        Reviewed by Ojan Vafai.
-
-        Add ENABLE_CSS_STICKY_POSITION, defaulting to off initially.
-        
-        Sort the ENABLE_CSS lines in the file. Make sure all the flags
-        are in FEATURE_DEFINES.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-23  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Implement GCActivityCallback with platform timer
-        https://bugs.webkit.org/show_bug.cgi?id=90175
-
-        Reviewed by Rob Buis.
-
-        Use JSLock when performing GC to avoid assertions.
-
-        * runtime/GCActivityCallbackBlackBerry.cpp:
-        (JSC::DefaultGCActivityCallback::doWork):
-
-2012-07-23  Kent Tamura  <tkent@chromium.org>
-
-        Rename ENABLE_METER_TAG and ENABLE_PROGRESS_TAG to ENABLE_METER_ELEMENT and ENABLE_PROGRESS_ELEMENT respectively
-        https://bugs.webkit.org/show_bug.cgi?id=91941
-
-        Reviewed by Kentaro Hara.
-
-        A flag name for an elmement should be ENABLE_*_ELEMENT.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-22  Kent Tamura  <tkent@chromium.org>
-
-        Rename ENABLE_DETAILS to ENABLE_DETAILS_ELEMENT
-        https://bugs.webkit.org/show_bug.cgi?id=91928
-
-        Reviewed by Kentaro Hara.
-
-        A flag name for an elmement should be ENABLE_*_ELEMENT.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-21  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Use GetDateFormat and GetTimeFormat instead of strftime
-        https://bugs.webkit.org/show_bug.cgi?id=83436
-
-        Reviewed by Brent Fulgham.
-
-        The MS CRT implementation of strftime calls the same two functions.
-        Using them directly avoids the overhead of parsing the format string and removes
-        the dependency on strftime() for WinCE where this function does not exist.
-
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-
-2012-07-20  Kent Tamura  <tkent@chromium.org>
-
-        Rename ENABLE_DATALIST to ENABLE_DATALIST_ELEMENT
-        https://bugs.webkit.org/show_bug.cgi?id=91846
-
-        Reviewed by Kentaro Hara.
-
-        A flag name for an elmement should be ENABLE_*_ELEMENT.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-20  Han Shen  <shenhan@google.com>
-
-        [Chromium] Compilation fails under gcc 4.7
-        https://bugs.webkit.org/show_bug.cgi?id=90227
-
-        Reviewed by Tony Chang.
-
-        Disable warnings about c++0x compatibility in gcc newer than 4.6.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG cell checks should be hoisted
-        https://bugs.webkit.org/show_bug.cgi?id=91717
-
-        Reviewed by Geoffrey Garen.
-
-        The DFG has always had the policy of hoisting array and integer checks to
-        the point of variable assignment. Eventually, we added doubles and booleans
-        to the mix. But cells should really be part of this as well, particularly
-        for 32-bit where accessing a known-type variable is dramatically cheaper
-        than accessing a variable whose types is only predicted but otherwise
-        unproven.
-        
-        This appears to be a definite speed-up for V8 on 32-bit, a possible speed-up
-        for Kraken, and a possible slow-down for V8 on 64-bit (around 0.2% if at
-        all). Any slow-downs can, and should, be addressed by making the hoisting
-        logic cognizant of variables that are never used in a manner that requires
-        type checks, and by sinking argument checks to the point(s) of first use.
-        
-        To make this work I had to change some OSR machinery, and special-case the
-        type predictions of the 'this' argument for constructors. OSR exit normally
-        assumes that arguments are boxed, which happens to be true because the
-        type prediction used for check hoisting is LUB'd with the type of the
-        argument that was passed in - so either the arguments are always stored to
-        with the full tag+payload, or if only the payload is stored then the tag
-        matches whatever the caller would have set. But not so with the 'this'
-        argument for constructors, which is not initialized by the caller. We
-        could make this more precise by having argument types for OSR be inferred
-        using similar machinery to other locals, but I figured that for this patch
-        I should use the surgical fix.
-
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::branchTestPtr):
-        (MacroAssemblerX86_64):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::testq_rm):
-        (X86Assembler):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::isCreatedThisArgument):
-        (Graph):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGValueSource.h:
-        (JSC::DFG::ValueSource::forSpeculation):
-
-2012-07-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Fast path of storage resize should be removed from property storage reallocation, since it is only useful for arrays
-        https://bugs.webkit.org/show_bug.cgi?id=91796
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitPutTransitionStub):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::growOutOfLineStorage):
-
-2012-07-19  Mark Lam  <mark.lam@apple.com>
-
-        Bug fixes and enhancements for OfflineASM annotation system.
-        https://bugs.webkit.org/show_bug.cgi?id=91690
-
-        Reviewed by Filip Pizlo.
-
-        * offlineasm/armv7.rb: added default handling of Instruction lower().
-        * offlineasm/asm.rb: added more support for annotations and more pretty printing.
-        * offlineasm/ast.rb: added more support for annotations.
-        * offlineasm/config.rb: added $preferredCommentStartColumn, simplified $enableInstrAnnotations.
-        * offlineasm/parser.rb: added more support for annotations.
-        * offlineasm/transform.rb: added more support for annotations.
-        * offlineasm/x86.rb: added default handling of Instruction lower().
-
-2012-07-19  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Fix compilation of JSGlobalData.h with ENABLE(DFG_JIT)
-        https://bugs.webkit.org/show_bug.cgi?id=91243
-
-        Reviewed by Geoffrey Garen.
-
-        Disable MSVC warning 4200 "zero-sized array in struct/union" for JSC::ScratchBuffer.
-
-        * runtime/JSGlobalData.h:
-        (JSC):
-
-2012-07-19  Mark Lam  <mark.lam@apple.com>
-
-        Fixed broken ENABLE_JIT=0 build.
-        https://bugs.webkit.org/show_bug.cgi?id=91725
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/Watchpoint.cpp:
-        * heap/JITStubRoutineSet.h:
-        (JSC):
-        (JITStubRoutineSet):
-        (JSC::JITStubRoutineSet::JITStubRoutineSet):
-        (JSC::JITStubRoutineSet::~JITStubRoutineSet):
-        (JSC::JITStubRoutineSet::add):
-        (JSC::JITStubRoutineSet::clearMarks):
-        (JSC::JITStubRoutineSet::mark):
-        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
-        (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
-
-2012-07-19  Kristóf Kosztyó  <kkristof@inf.u-szeged.hu>
-
-        [Qt] Unreviewed buildfix after r123042.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-
-2012-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should emit inline code for property storage (re)allocation
-        https://bugs.webkit.org/show_bug.cgi?id=91597
-
-        Reviewed by Oliver Hunt.
-
-        This adds two new ops to the DFG IR: AllocatePropertyStorage and
-        ReallocatePropertyStorage. It enables these to interact properly with
-        CSE so that a GetPropertyStorage on something for which we have
-        obviously done a (Re)AllocatePropertyStorage will result in the
-        GetPropertyStorage being eliminated. Other than that, the code
-        emitted for these ops is identical to the code we were emitting in
-        the corresponding PutById stub.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasStructureTransitionData):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Structure.cpp:
-        (JSC::nextOutOfLineStorageCapacity):
-        * runtime/Structure.h:
-        (JSC):
-
-2012-07-16  Oliver Hunt  <oliver@apple.com>
-
-        dumpCallFrame is broken in ToT
-        https://bugs.webkit.org/show_bug.cgi?id=91444
-
-        Reviewed by Gavin Barraclough.
-
-        Various changes have been made to the SF calling convention, but
-        dumpCallFrame has not been updated to reflect these changes.
-        That resulted in both bogus information, as well as numerous
-        assertions of sadness.
-
-        This patch makes dumpCallFrame actually work again and adds the
-        wonderful feature of telling you the name of the variable that a
-        register reflects, or what value it contains.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::nameForRegister):
-            A really innefficient mechanism for finding the name of a local register.
-            This should only ever be used by debug code so this should be okay.
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-            Debug builds no longer throw away a functions symbol table, this allows
-            us to actually perform a register# to name mapping
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-            We weren't propogating the bytecode offset here leading to assertions
-            in debug builds when dumping bytecode of DFG compiled code.
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::dumpRegisters):
-             Rework to actually be correct.
-        (JSC::getCallerInfo):
-             Return the byteocde offset as well now, given we have to determine it
-             anyway.
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (functionDumpCallFrame):
-             Give debug builds of JSC a method for calling dumpCallFrame so we can
-             inspect a callframe without requiring us to break in a debugger.
-
-2012-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG 32-bit PutById transition stub storage reallocation case copies the first pointer of each JSValue instead of the whole JSValue
-        https://bugs.webkit.org/show_bug.cgi?id=91599
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitPutTransitionStub):
-
-2012-07-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG 32-bit PutById transition stub passes the payload/tag arguments to a DFG operation in the wrong order
-        https://bugs.webkit.org/show_bug.cgi?id=91576
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitPutTransitionStub):
-
-2012-07-17  Filip Pizlo  <fpizlo@apple.com>
-
-        [Qt] REGRESSION(r122768, r122771): They broke jquery/data.html and inspector/elements/edit-dom-actions.html
-        https://bugs.webkit.org/show_bug.cgi?id=91476
-
-        Reviewed by Mark Hahnenberg.
-
-        The 32-bit repatching code was not correctly adapted to the new world where there may not always
-        be an available scratch register. Fixed it by ensuring that the scratch register we select does
-        not overlap with the value tag.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::emitPutReplaceStub):
-
-2012-07-17  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Unreviewed buildfix from Zoltan Herczeg after 122768.
-
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-
-2012-07-17  David Barr  <davidbarr@chromium.org>
-
-        Introduce ENABLE_CSS_IMAGE_ORIENTATION compile flag
-        https://bugs.webkit.org/show_bug.cgi?id=89055
-
-        Reviewed by Kent Tamura.
-
-        The css3-images module is at candidate recommendation.
-        http://www.w3.org/TR/2012/CR-css3-images-20120417/#the-image-orientation
-
-        Add a configuration option for CSS image-orientation support, disabling it by default.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, roll out 122790 because it broke the Windows build. I'm not
-        sure what to do with exported symbols that are predicated on NDEBUG.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::getCallerInfo):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-
-2012-07-16  Oliver Hunt  <oliver@apple.com>
-
-        dumpCallFrame is broken in ToT
-        https://bugs.webkit.org/show_bug.cgi?id=91444
-
-        Reviewed by Gavin Barraclough.
-
-        Various changes have been made to the SF calling convention, but
-        dumpCallFrame has not been updated to reflect these changes.
-        That resulted in both bogus information, as well as numerous
-        assertions of sadness.
-
-        This patch makes dumpCallFrame actually work again and adds the
-        wonderful feature of telling you the name of the variable that a
-        register reflects, or what value it contains.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::nameForRegister):
-            A really innefficient mechanism for finding the name of a local register.
-            This should only ever be used by debug code so this should be okay.
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-            Debug builds no longer throw away a functions symbol table, this allows
-            us to actually perform a register# to name mapping
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-            We weren't propogating the bytecode offset here leading to assertions
-            in debug builds when dumping bytecode of DFG compiled code.
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::dumpRegisters):
-             Rework to actually be correct.
-        (JSC::getCallerInfo):
-             Return the byteocde offset as well now, given we have to determine it
-             anyway.
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        * interpreter/Interpreter.h:
-        (Interpreter):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        (functionDumpCallFrame):
-             Give debug builds of JSC a method for calling dumpCallFrame so we can
-             inspect a callframe without requiring us to break in a debugger.
-
-2012-07-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, adding forgotten files.
-
-        * dfg/DFGRegisterSet.h: Added.
-        (DFG):
-        (RegisterSet):
-        (JSC::DFG::RegisterSet::RegisterSet):
-        (JSC::DFG::RegisterSet::asPOD):
-        (JSC::DFG::RegisterSet::copyInfo):
-        (JSC::DFG::RegisterSet::set):
-        (JSC::DFG::RegisterSet::setGPRByIndex):
-        (JSC::DFG::RegisterSet::clear):
-        (JSC::DFG::RegisterSet::get):
-        (JSC::DFG::RegisterSet::getGPRByIndex):
-        (JSC::DFG::RegisterSet::getFreeGPR):
-        (JSC::DFG::RegisterSet::setFPRByIndex):
-        (JSC::DFG::RegisterSet::getFPRByIndex):
-        (JSC::DFG::RegisterSet::setByIndex):
-        (JSC::DFG::RegisterSet::getByIndex):
-        (JSC::DFG::RegisterSet::numberOfSetGPRs):
-        (JSC::DFG::RegisterSet::numberOfSetFPRs):
-        (JSC::DFG::RegisterSet::numberOfSetRegisters):
-        (JSC::DFG::RegisterSet::setBit):
-        (JSC::DFG::RegisterSet::clearBit):
-        (JSC::DFG::RegisterSet::getBit):
-        * dfg/DFGScratchRegisterAllocator.h: Added.
-        (DFG):
-        (ScratchRegisterAllocator):
-        (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
-        (JSC::DFG::ScratchRegisterAllocator::lock):
-        (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
-        (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
-        (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
-        (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
-        (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
-        (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
-        (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
-        (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
-        (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
-
-2012-07-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG PutById transition should handle storage allocation, and inline it
-        https://bugs.webkit.org/show_bug.cgi?id=91337
-
-        Reviewed by Oliver Hunt.
-
-        This enables the patching of DFG PutById to handle the out-of-line storage
-        allocation case. Furthermore, it inlines out-of-line storage allocation (and
-        reallocation) into the generated stubs.  
-        
-        To do this, this patch adds the ability to store the relevant register
-        allocation state (i.e. the set of in-use registers) in the structure stub
-        info so that the stub generation code can more flexibly select scratch
-        registers: sometimes it needs none, sometimes one - or sometimes up to
-        three. Moreover, to make the stub generation register allocation simple and
-        maintainable, this patch introduces a reusable scratch register allocator
-        class. This register allocator understands that some registers are in use by
-        the main path code and so must be spilled as necessary, other registers are
-        locked for use in the stub itself and so cannot even be spilled, while still
-        others may be allocated for scratch purposes. A scratch register that is
-        used must be spilled. If a register is locked, it cannot be used as a
-        scratch register. If a register is used, it can be used as a scratch
-        register so long as it is spilled.
-        
-        This is a sub-1% speed-up on V8 and neutral elsewhere.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssemblerCodeRef.h:
-        (FunctionPtr):
-        (JSC::FunctionPtr::FunctionPtr):
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGGPRInfo.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
-        (PropertyAccessRecord):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::isInUse):
-        (RegisterBank):
-        * dfg/DFGRegisterSet.h: Added.
-        (DFG):
-        (RegisterSet):
-        (JSC::DFG::RegisterSet::RegisterSet):
-        (JSC::DFG::RegisterSet::asPOD):
-        (JSC::DFG::RegisterSet::copyInfo):
-        (JSC::DFG::RegisterSet::set):
-        (JSC::DFG::RegisterSet::setGPRByIndex):
-        (JSC::DFG::RegisterSet::clear):
-        (JSC::DFG::RegisterSet::get):
-        (JSC::DFG::RegisterSet::getGPRByIndex):
-        (JSC::DFG::RegisterSet::getFreeGPR):
-        (JSC::DFG::RegisterSet::setFPRByIndex):
-        (JSC::DFG::RegisterSet::getFPRByIndex):
-        (JSC::DFG::RegisterSet::setByIndex):
-        (JSC::DFG::RegisterSet::getByIndex):
-        (JSC::DFG::RegisterSet::numberOfSetGPRs):
-        (JSC::DFG::RegisterSet::numberOfSetFPRs):
-        (JSC::DFG::RegisterSet::numberOfSetRegisters):
-        (JSC::DFG::RegisterSet::setBit):
-        (JSC::DFG::RegisterSet::clearBit):
-        (JSC::DFG::RegisterSet::getBit):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::tryBuildPutByIdList):
-        * dfg/DFGScratchRegisterAllocator.h: Added.
-        (DFG):
-        (ScratchRegisterAllocator):
-        (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
-        (JSC::DFG::ScratchRegisterAllocator::lock):
-        (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
-        (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
-        (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
-        (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
-        (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
-        (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
-        (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
-        (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
-        (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::usedRegisters):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/CopiedAllocator.h:
-        (CopiedAllocator):
-        (JSC::CopiedAllocator::fastPathShouldSucceed):
-        (JSC):
-
-2012-07-16  Patrick Gansterer  <paroga@webkit.org>
-
-        Add dfg switch to create_jit_stubs script
-        https://bugs.webkit.org/show_bug.cgi?id=91256
-
-        Reviewed by Geoffrey Garen.
-
-        * create_jit_stubs: Add a switch to enable or disable the generation of
-                            stub functions in #if ENABLE(DFG_JIT) conditions.
-
-2012-07-16  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Unreviewed buildfix after r122729. Typo fix.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::add32):
-
-2012-07-16  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Unreviewed buildfix from Zoltan Herczeg after r122677.
-        Implement missing add32 function to MacroAssemblerARM.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::add32):
-        (MacroAssemblerARM):
-
-2012-07-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG PutByVal opcodes should accept more than 3 operands
-        https://bugs.webkit.org/show_bug.cgi?id=91332
-
-        Reviewed by Oliver Hunt.
-
-        Turned PutByVal/PutByValAlias into var-arg nodes, so that we can give them
-        4 or more operands in the future.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        (JSC::DFG::Graph::varArgNumChildren):
-        (Graph):
-        (JSC::DFG::Graph::numChildren):
-        (JSC::DFG::Graph::varArgChild):
-        (JSC::DFG::Graph::child):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-07-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Rationalize and optimize storage allocation
-        https://bugs.webkit.org/show_bug.cgi?id=91303
-
-        Reviewed by Oliver Hunt.
-
-        This implements a backwards bump allocator for copied space storage
-        allocation, shown in pseudo-code below:
-        
-            pointer bump(size) {
-                pointer tmp = allocator->remaining;
-                tmp -= size;
-                if (tmp < 0)
-                    fail;
-                allocator->remaining = tmp;
-                return allocator->payloadEnd - tmp - size;
-            }
-
-        The advantage of this allocator is that it:
-        
-        - Only requires one comparison in the common case where size is known to
-          not be huge, and this comparison can be done by checking the sign bit
-          of the subtraction.
-        
-        - Can be implemented even when only one register is available. This
-          register is reused for both temporary storage during allocation and
-          for the result.
-        
-        - Preserves the behavior that memory in a block is filled in from lowest
-          address to highest address, which allows for a cheap reallocation fast
-          path.
-        
-        - Is resilient against the block used for allocation being the last one
-          in virtual memory, thereby otherwise leading to the risk of overflow
-          in the bump pointer, despite only doing one branch.
-        
-        In order to implement this allocator using the smallest possible chunk
-        of code, I refactored the copied space code so that all of the allocation
-        logic is in CopiedAllocator, and all of the state is in either
-        CopiedBlock or CopiedAllocator. This should make changing the allocation
-        fast path easier in the future.
-        
-        In order to do this, I needed to add some new assembler support,
-        particularly for various forms of add(address, register) and negPtr().
-        
-        This is performance neutral. The purpose of this change is to facilitate
-        further inlining of storage allocation without having to reserve
-        additional registers or emit too much code.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::addPtr):
-        (MacroAssembler):
-        (JSC::MacroAssembler::negPtr):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::add32):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::add32):
-        (MacroAssemblerX86):
-        * assembler/MacroAssemblerX86_64.h:
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::addPtr):
-        (JSC::MacroAssemblerX86_64::negPtr):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::addl_mr):
-        (JSC::X86Assembler::addq_mr):
-        (JSC::X86Assembler::negq_r):
-        * heap/CopiedAllocator.h:
-        (CopiedAllocator):
-        (JSC::CopiedAllocator::isValid):
-        (JSC::CopiedAllocator::CopiedAllocator):
-        (JSC::CopiedAllocator::tryAllocate):
-        (JSC):
-        (JSC::CopiedAllocator::tryReallocate):
-        (JSC::CopiedAllocator::forceAllocate):
-        (JSC::CopiedAllocator::resetCurrentBlock):
-        (JSC::CopiedAllocator::setCurrentBlock):
-        (JSC::CopiedAllocator::currentCapacity):
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-        (JSC::CopiedBlock::create):
-        (JSC::CopiedBlock::zeroFillWilderness):
-        (JSC::CopiedBlock::CopiedBlock):
-        (JSC::CopiedBlock::payloadEnd):
-        (JSC):
-        (JSC::CopiedBlock::payloadCapacity):
-        (JSC::CopiedBlock::data):
-        (JSC::CopiedBlock::dataEnd):
-        (JSC::CopiedBlock::dataSize):
-        (JSC::CopiedBlock::wilderness):
-        (JSC::CopiedBlock::wildernessEnd):
-        (JSC::CopiedBlock::wildernessSize):
-        (JSC::CopiedBlock::size):
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::tryReallocate):
-        (JSC::CopiedSpace::doneFillingBlock):
-        (JSC::CopiedSpace::doneCopying):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::startedCopying):
-        (JSC::CopiedSpace::allocateBlockForCopyingPhase):
-        (JSC::CopiedSpace::allocateBlock):
-        (JSC::CopiedSpace::tryAllocate):
-        (JSC):
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::startCopying):
-        (JSC::SlotVisitor::allocateNewSpace):
-        (JSC::SlotVisitor::doneCopying):
-        * heap/SlotVisitor.h:
-        (JSC::SlotVisitor::SlotVisitor):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicStorage):
-        (JSC::JIT::emitAllocateJSArray):
-
-2012-07-13  Mark Lam  <mark.lam@apple.com>
-
-        OfflineASM Pretty printing and commenting enhancements.
-        https://bugs.webkit.org/show_bug.cgi?id=91281
-
-        Reviewed by Filip Pizlo.
-
-        Added some minor pretty printing in the OfflineASM.
-        Also added infrastruture for adding multiple types of comments and
-        annotations with the ability to enable/disable them in the generated
-        output as desired.
-
-        * GNUmakefile.list.am: add new file config.rb.
-        * llint/LLIntOfflineAsmConfig.h:
-          Added OFFLINE_ASM_BEGIN, OFFLINE_ASM_END, and OFFLINE_ASM_LOCAL_LABEL macros.
-          This will allow us to redefine these for other backends later.
-        * llint/LowLevelInterpreter32_64.asm:
-          Add a small example of instruction annotations for now.
-        * llint/LowLevelInterpreter64.asm:
-          Add a small example of instruction annotations for now.
-        * offlineasm/armv7.rb: Added handling of annotations.
-        * offlineasm/asm.rb:
-          Added machinery to dump the new comments and annotations.
-          Also added some indentations to make the output a little prettier.
-        * offlineasm/ast.rb: Added annotation field in class Instruction. 
-        * offlineasm/backends.rb:
-        * offlineasm/config.rb: Added.
-          Currently only contains commenting options.  This file is meant to be
-          a centralized place for build config values much like config.h for
-          JavaScriptCore.
-        * offlineasm/generate_offset_extractor.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/offsets.rb:
-        * offlineasm/opt.rb:
-        * offlineasm/parser.rb: Parse and record annotations.
-        * offlineasm/registers.rb:
-        * offlineasm/self_hash.rb:
-        * offlineasm/settings.rb:
-        * offlineasm/transform.rb:
-        * offlineasm/x86.rb: Added handling of annotations.
-
-2012-07-13  Filip Pizlo  <fpizlo@apple.com>
-
-        ASSERTION FAILED: use.useKind() != DoubleUse
-        https://bugs.webkit.org/show_bug.cgi?id=91082
-
-        Reviewed by Geoffrey Garen.
-
-        The implementation of Branch() was unwisely relying on register allocation state
-        to decide what speculations to perform. That's never correct.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-07-13  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r122640.
-        http://trac.webkit.org/changeset/122640
-        https://bugs.webkit.org/show_bug.cgi?id=91298
-
-        LLInt apparently does not expect to mark these (Requested by
-        olliej on #webkit).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitStructures):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-
-2012-07-13  Oliver Hunt  <oliver@apple.com>
-
-        LLInt fails to mark structures stored in the bytecode
-        https://bugs.webkit.org/show_bug.cgi?id=91296
-
-        Reviewed by Geoffrey Garen.
-
-        LLInt stores structures in the bytecode, so we need to visit the appropriate
-        instructions as we would if we were running in the classic interpreter.
-        This requires adding additional checks for the LLInt specific opcodes, and
-        the lint specific variants of operand ordering. 
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitStructures):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-
-2012-07-13  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Implement GCActivityCallback with platform timer
-        https://bugs.webkit.org/show_bug.cgi?id=90175
-
-        Reviewed by Rob Buis.
-
-        Implement GCActivityCallback and HeapTimer for BlackBerry port.
-
-        * heap/HeapTimer.cpp:
-        (JSC):
-        (JSC::HeapTimer::HeapTimer):
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::timerDidFire):
-        (JSC::HeapTimer::synchronize):
-        (JSC::HeapTimer::invalidate):
-        (JSC::HeapTimer::didStartVMShutdown):
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * runtime/GCActivityCallbackBlackBerry.cpp:
-        (JSC):
-        (JSC::DefaultGCActivityCallback::doWork):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        (JSC::DefaultGCActivityCallback::willCollect):
-        (JSC::DefaultGCActivityCallback::cancel):
-
-2012-07-13  Patrick Gansterer  <paroga@webkit.org>
-
-        [WIN] Fix compilation of DFGRepatch.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=91241
-
-        Reviewed by Geoffrey Garen.
-
-        Use intptr_t instead of uintptr_t when calling CodeLocationCommon::dataLabelPtrAtOffset(int)
-        to fix MSVC "unary minus operator applied to unsigned type, result still unsigned" warning.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-
-2012-07-13  Patrick Gansterer  <paroga@webkit.org>
-
-        Fix ARM_TRADITIONAL JIT for COMPILER(MSVC) and COMPILER(RVCT) after r121885
-        https://bugs.webkit.org/show_bug.cgi?id=91238
-
-        Reviewed by Zoltan Herczeg.
-
-        r121885 changed the assembler instruction only for COMPILER(GCC).
-        Use the same instructions for the other compilers too.
-
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::ctiTrampolineEnd):
-        (JSC::ctiVMThrowTrampoline):
-
-2012-07-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG property access stubs should use structure transition watchpoints
-        https://bugs.webkit.org/show_bug.cgi?id=91135
-
-        Reviewed by Geoffrey Garen.
-
-        This adds a Watchpoint subclass that will clear a structure stub (i.e.
-        a property access stub) when fired. The DFG stub generation code now
-        uses this optimization.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::resetStub):
-        (JSC::CodeBlock::resetStubInternal):
-        * bytecode/CodeBlock.h:
-        (JSC):
-        (CodeBlock):
-        * bytecode/StructureStubClearingWatchpoint.cpp: Added.
-        (JSC):
-        (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
-        (JSC::StructureStubClearingWatchpoint::push):
-        (JSC::StructureStubClearingWatchpoint::fireInternal):
-        (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
-        (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
-        (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
-        * bytecode/StructureStubClearingWatchpoint.h: Added.
-        (JSC):
-        (StructureStubClearingWatchpoint):
-        (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
-        (WatchpointsOnStructureStubInfo):
-        (JSC::WatchpointsOnStructureStubInfo::WatchpointsOnStructureStubInfo):
-        (JSC::WatchpointsOnStructureStubInfo::codeBlock):
-        (JSC::WatchpointsOnStructureStubInfo::stubInfo):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::reset):
-        (JSC::StructureStubInfo::addWatchpoint):
-        (StructureStubInfo):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::addStructureTransitionCheck):
-        (DFG):
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::emitPutTransitionStub):
-        * jit/JumpReplacementWatchpoint.h:
-
-2012-07-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA may get overzealous in loops that have code that must exit
-        https://bugs.webkit.org/show_bug.cgi?id=91188
-
-        Reviewed by Gavin Barraclough.
-
-        Ensure that if the CFA assumes that an operation must exit, then it will always exit
-        no matter what happens after. That's necessary to preserve soundness.
-        
-        Remove a broken fixup done by the DFG simplifier, where it was trying to say that the
-        variable-at-head was the first access in the second block in the merge, if the first
-        block did not read the variable. That's totally wrong, if the first block was in fact
-        doing a phantom read. I removed that fixup and instead hardened the rest of the
-        compiler.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
-        (JSC::DFG::ConstantFoldingPhase::run):
-        (ConstantFoldingPhase):
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
-        * dfg/DFGVariableEventStream.cpp:
-        (JSC::DFG::VariableEventStream::reconstruct):
-
-2012-07-12  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
-
-        [Qt] Implement MemoryUsageSupport
-        https://bugs.webkit.org/show_bug.cgi?id=91094
-
-        Reviewed by Adam Barth.
-
-        Compile in MemoryStatistics so we can make use of the interface.
-
-        * Target.pri:
-
-2012-07-12  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Remove dead code after r122392.
-        https://bugs.webkit.org/show_bug.cgi?id=91049
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-
-2012-07-11  Adenilson Cavalcanti  <cavalcantii@gmail.com>
-
-        Build fix + remove dead code
-        https://bugs.webkit.org/show_bug.cgi?id=91039
-
-        Reviewed by Filip Pizlo.
-
-        An unused variable was breaking compilation (thanks to warnings being treated as errors).
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-
-2012-07-11  Mark Rowe  <mrowe@apple.com>
-
-        <http://webkit.org/b/91024> Build against the latest SDK when targeting older OS X versions.
-
-        Reviewed by Dan Bernstein.
-
-        The deployment target is already set to the version that we're targeting, and it's that setting
-        which determines which functionality from the SDK is available to us.
-
-        * Configurations/Base.xcconfig:
-
-2012-07-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have fast virtual calls
-        https://bugs.webkit.org/show_bug.cgi?id=90924
-
-        Reviewed by Gavin Barraclough.
-        
-        Implements virtual call support in the style of the old JIT, with the
-        caveat that we still use the same slow path for both InternalFunction
-        calls and JSFunction calls. Also rationalized the way that our
-        CodeOrigin indices tie into exception checks (previously it was a
-        strange one-to-one mapping with fairly limited assertions; now it's a
-        one-to-many mapping for CodeOrigins to exception checks, respectively).
-        I also took the opportunity to clean up
-        CallLinkInfo::callReturnLocation, which previously was either a Call or
-        a NearCall. Now it's just a NearCall. As well, exceptions during slow
-        path call resolution are now handled by returning an exception throwing
-        thunk rather than returning null. And finally, I made a few things
-        public that were previously private-with-lots-of-friends, because I
-        truly despise the thought of listing each thunk generating function as
-        a friend of JSValue and friends.
-        
-        * bytecode/CallLinkInfo.cpp:
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/CallLinkInfo.h:
-        (CallLinkInfo):
-        * bytecode/CodeOrigin.h:
-        (JSC::CodeOrigin::CodeOrigin):
-        (JSC::CodeOrigin::isSet):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::CCallHelpers):
-        * dfg/DFGGPRInfo.h:
-        (GPRInfo):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::CallBeginToken::CallBeginToken):
-        (JSC::DFG::CallBeginToken::~CallBeginToken):
-        (CallBeginToken):
-        (JSC::DFG::CallBeginToken::set):
-        (JSC::DFG::CallBeginToken::registerWithExceptionCheck):
-        (JSC::DFG::CallBeginToken::codeOrigin):
-        (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
-        (CallExceptionRecord):
-        (JSC::DFG::JITCompiler::currentCodeOriginIndex):
-        (JITCompiler):
-        (JSC::DFG::JITCompiler::beginCall):
-        (JSC::DFG::JITCompiler::notifyCall):
-        (JSC::DFG::JITCompiler::prepareForExceptionCheck):
-        (JSC::DFG::JITCompiler::addExceptionCheck):
-        (JSC::DFG::JITCompiler::addFastExceptionCheck):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::emitPointerValidation):
-        (DFG):
-        (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
-        (JSC::DFG::slowPathFor):
-        (JSC::DFG::linkForThunkGenerator):
-        (JSC::DFG::linkCallThunkGenerator):
-        (JSC::DFG::linkConstructThunkGenerator):
-        (JSC::DFG::virtualForThunkGenerator):
-        (JSC::DFG::virtualCallThunkGenerator):
-        (JSC::DFG::virtualConstructThunkGenerator):
-        * dfg/DFGThunks.h:
-        (DFG):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkFor):
-        * runtime/Executable.h:
-        (ExecutableBase):
-        (JSC::ExecutableBase::offsetOfJITCodeFor):
-        (JSC::ExecutableBase::offsetOfNumParametersFor):
-        * runtime/JSValue.h:
-        (JSValue):
-
-2012-07-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Accidentally used the wrong license (3-clause instead of 2-clause) in some
-        files I just committed.
-
-        Rubber stamped by Oliver Hunt.
-
-        * bytecode/Watchpoint.cpp:
-        * bytecode/Watchpoint.h:
-        * jit/JumpReplacementWatchpoint.cpp:
-        * jit/JumpReplacementWatchpoint.h:
-
-2012-07-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Watchpoints and jump replacement should be decoupled
-        https://bugs.webkit.org/show_bug.cgi?id=91016
-
-        Reviewed by Oliver Hunt.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC):
-        (Label):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::appendWatchpoint):
-        (JSC::CodeBlock::watchpoint):
-        (DFGData):
-        * bytecode/Watchpoint.cpp:
-        (JSC):
-        * bytecode/Watchpoint.h:
-        (JSC::Watchpoint::Watchpoint):
-        (Watchpoint):
-        (JSC::Watchpoint::fire):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        * jit/JumpReplacementWatchpoint.cpp: Added.
-        (JSC):
-        (JSC::JumpReplacementWatchpoint::correctLabels):
-        (JSC::JumpReplacementWatchpoint::fireInternal):
-        * jit/JumpReplacementWatchpoint.h: Added.
-        (JSC):
-        (JumpReplacementWatchpoint):
-        (JSC::JumpReplacementWatchpoint::JumpReplacementWatchpoint):
-        (JSC::JumpReplacementWatchpoint::setDestination):
-
-2012-07-11  Kevin Ollivier  <kevino@theolliviers.com>
-
-        [wx] Unreviewed build fix. Don't try to build udis86_itab.c since it's included by 
-        another file.
-
-        * wscript:
-
-2012-07-11  Chao-ying Fu  <fu@mips.com>
-
-        Add MIPS convertibleLoadPtr and other functions
-        https://bugs.webkit.org/show_bug.cgi?id=90714
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::labelIgnoringWatchpoints):
-        (MIPSAssembler):
-        (JSC::MIPSAssembler::replaceWithLoad):
-        (JSC::MIPSAssembler::replaceWithAddressComputation):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::convertibleLoadPtr):
-        (MacroAssemblerMIPS):
-
-2012-07-11  Anders Carlsson  <andersca@apple.com>
-
-        Add -Wtautological-compare and -Wsign-compare warning flags
-        https://bugs.webkit.org/show_bug.cgi?id=90994
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig:
-
-2012-07-11  Benjamin Poulain  <bpoulain@apple.com>
-
-        Simplify the copying of JSC ARMv7's LinkRecord
-        https://bugs.webkit.org/show_bug.cgi?id=90930
-
-        Reviewed by Filip Pizlo.
-
-        The class LinkRecord is used by value everywhere in ARMv7Assembler. The compiler uses
-        memmove() to move the objects.
-
-        The problem is memmove() is overkill for this object, moving the value can be done with
-        3 load-store. This patch adds an operator= to the class doing more efficient copying.
-        This reduces the link time by 19%.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::LinkRecord::LinkRecord):
-        (JSC::ARMv7Assembler::LinkRecord::operator=):
-        (JSC::ARMv7Assembler::LinkRecord::from):
-        (JSC::ARMv7Assembler::LinkRecord::setFrom):
-        (JSC::ARMv7Assembler::LinkRecord::to):
-        (JSC::ARMv7Assembler::LinkRecord::type):
-        (JSC::ARMv7Assembler::LinkRecord::linkType):
-        (JSC::ARMv7Assembler::LinkRecord::setLinkType):
-        (JSC::ARMv7Assembler::LinkRecord::condition):
-
-2012-07-11  Andy Wingo  <wingo@igalia.com>
-
-        jsc: Parse options before creating global data
-        https://bugs.webkit.org/show_bug.cgi?id=90975
-
-        Reviewed by Filip Pizlo.
-
-        This patch moves the options parsing in "jsc" before the creation
-        of the JSGlobalData, so that --useJIT=no has a chance to take
-        effect.
-
-        * jsc.cpp:
-        (CommandLine::parseArguments): Refactor to be a class, and take
-        argc and argv as constructor arguments.
-        (jscmain): Move arg parsing before JSGlobalData creation.
-
-2012-07-10  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r122166): It made 170 tests crash on 32 bit platforms
-        https://bugs.webkit.org/show_bug.cgi?id=90852
-
-        Reviewed by Zoltan Herczeg.
-        
-        If we can't use the range filter, we should still make sure that the
-        address is remotely sane, otherwise the hashtables will assert.
-
-        * jit/JITStubRoutine.h:
-        (JSC::JITStubRoutine::passesFilter):
-
-2012-07-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG recompilation heuristics should be based on count, not rate
-        https://bugs.webkit.org/show_bug.cgi?id=90146
-
-        Reviewed by Oliver Hunt.
-        
-        Rolling r121511 back in after fixing the DFG's interpretation of op_div
-        profiling, with Gavin's rubber stamp.
-
-        This removes a bunch of code that was previously trying to prevent spurious
-        reoptimizations if a large enough majority of executions of a code block did
-        not result in OSR exit. It turns out that this code was purely harmful. This
-        patch removes all of that logic and replaces it with a dead-simple
-        heuristic: if you exit more than N times (where N is an exponential function
-        of the number of times the code block has already been recompiled) then we
-        will recompile.
-        
-        This appears to be a broad ~1% win on many benchmarks large and small.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::couldTakeSpecialFastCase):
-        (CodeBlock):
-        (JSC::CodeBlock::osrExitCounter):
-        (JSC::CodeBlock::countOSRExit):
-        (JSC::CodeBlock::addressOfOSRExitCounter):
-        (JSC::CodeBlock::offsetOfOSRExitCounter):
-        (JSC::CodeBlock::adjustedExitCountThreshold):
-        (JSC::CodeBlock::exitCountThresholdForReoptimization):
-        (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
-        (JSC::CodeBlock::shouldReoptimizeNow):
-        (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::setThreshold):
-        * bytecode/ExecutionCounter.h:
-        (ExecutionCounter):
-        (JSC::ExecutionCounter::clippedThreshold):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExitCompiler.cpp:
-        (JSC::DFG::OSRExitCompiler::handleExitCounts):
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Options.h:
-        (JSC):
-
-2012-07-09  Matt Falkenhagen  <falken@chromium.org>
-
-        Add ENABLE_DIALOG_ELEMENT and skeleton files
-        https://bugs.webkit.org/show_bug.cgi?id=90521
-
-        Reviewed by Kent Tamura.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, roll out http://trac.webkit.org/changeset/121511
-        It made in-browser V8v7 10% slower.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::countSpeculationSuccess):
-        (JSC::CodeBlock::countSpeculationFailure):
-        (JSC::CodeBlock::speculativeSuccessCounter):
-        (JSC::CodeBlock::speculativeFailCounter):
-        (JSC::CodeBlock::forcedOSRExitCounter):
-        (JSC::CodeBlock::addressOfSpeculativeSuccessCounter):
-        (JSC::CodeBlock::addressOfSpeculativeFailCounter):
-        (JSC::CodeBlock::addressOfForcedOSRExitCounter):
-        (JSC::CodeBlock::offsetOfSpeculativeSuccessCounter):
-        (JSC::CodeBlock::offsetOfSpeculativeFailCounter):
-        (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
-        (JSC::CodeBlock::largeFailCountThreshold):
-        (JSC::CodeBlock::largeFailCountThresholdForLoop):
-        (JSC::CodeBlock::shouldReoptimizeNow):
-        (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::setThreshold):
-        * bytecode/ExecutionCounter.h:
-        (ExecutionCounter):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExitCompiler.cpp:
-        (JSC::DFG::OSRExitCompiler::handleExitCounts):
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Options.h:
-        (JSC):
-
-2012-07-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG may get stuck in an infinite fix point if it constant folds a mispredicted node
-        https://bugs.webkit.org/show_bug.cgi?id=90829
-        <rdar://problem/11823843>
-
-        Reviewed by Oliver Hunt.
-        
-        If a node is shown to have been mispredicted during CFA, then don't allow constant
-        folding to make the graph even more degenerate. Instead, pull back on constant folding
-        and allow the normal OSR machinery to fix our profiling so that a future recompilation
-        doesn't see the same mistake.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::trySetConstant):
-        (AbstractState):
-        * dfg/DFGPhase.h:
-        (JSC::DFG::Phase::name):
-        (Phase):
-        (JSC::DFG::runAndLog):
-        (DFG):
-        (JSC::DFG::runPhase):
-
-2012-07-09  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to jettison JIT stub routines even if they are currently running
-        https://bugs.webkit.org/show_bug.cgi?id=90731
-
-        Reviewed by Gavin Barraclough.
-        
-        This gives the GC awareness of all JIT-generated stubs for inline caches. That
-        means that if you want to delete a JIT-generated stub, you don't have to worry
-        about whether or not it is currently running: if there is a chance that it might
-        be, the GC will kindly defer deletion until non-running-ness is proved.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/Instruction.h:
-        (JSC):
-        (PolymorphicStubInfo):
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        * bytecode/PolymorphicPutByIdList.cpp:
-        (JSC::PutByIdAccess::fromStructureStubInfo):
-        * bytecode/PolymorphicPutByIdList.h:
-        (JSC::PutByIdAccess::transition):
-        (JSC::PutByIdAccess::replace):
-        (JSC::PutByIdAccess::stubRoutine):
-        (PutByIdAccess):
-        (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::reset):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::tryBuildPutByIdList):
-        * heap/ConservativeRoots.cpp:
-        (JSC):
-        (DummyMarkHook):
-        (JSC::DummyMarkHook::mark):
-        (JSC::ConservativeRoots::add):
-        (CompositeMarkHook):
-        (JSC::CompositeMarkHook::CompositeMarkHook):
-        (JSC::CompositeMarkHook::mark):
-        * heap/ConservativeRoots.h:
-        (JSC):
-        (ConservativeRoots):
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        (JSC::Heap::deleteUnmarkedCompiledCode):
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        * heap/JITStubRoutineSet.cpp: Added.
-        (JSC):
-        (JSC::JITStubRoutineSet::JITStubRoutineSet):
-        (JSC::JITStubRoutineSet::~JITStubRoutineSet):
-        (JSC::JITStubRoutineSet::add):
-        (JSC::JITStubRoutineSet::clearMarks):
-        (JSC::JITStubRoutineSet::markSlow):
-        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
-        (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
-        * heap/JITStubRoutineSet.h: Added.
-        (JSC):
-        (JITStubRoutineSet):
-        (JSC::JITStubRoutineSet::mark):
-        * heap/MachineStackMarker.h:
-        (JSC):
-        * interpreter/RegisterFile.cpp:
-        (JSC::RegisterFile::gatherConservativeRoots):
-        * interpreter/RegisterFile.h:
-        (JSC):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
-        * jit/ExecutableAllocator.h:
-        (JSC):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC):
-        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
-        * jit/GCAwareJITStubRoutine.cpp: Added.
-        (JSC):
-        (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
-        (JSC::GCAwareJITStubRoutine::~GCAwareJITStubRoutine):
-        (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
-        (JSC::GCAwareJITStubRoutine::deleteFromGC):
-        (JSC::GCAwareJITStubRoutine::markRequiredObjectsInternal):
-        (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
-        (JSC::MarkingGCAwareJITStubRoutineWithOneObject::~MarkingGCAwareJITStubRoutineWithOneObject):
-        (JSC::MarkingGCAwareJITStubRoutineWithOneObject::markRequiredObjectsInternal):
-        (JSC::createJITStubRoutine):
-        * jit/GCAwareJITStubRoutine.h: Added.
-        (JSC):
-        (GCAwareJITStubRoutine):
-        (JSC::GCAwareJITStubRoutine::markRequiredObjects):
-        (MarkingGCAwareJITStubRoutineWithOneObject):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubRoutine.cpp: Added.
-        (JSC):
-        (JSC::JITStubRoutine::~JITStubRoutine):
-        (JSC::JITStubRoutine::observeZeroRefCount):
-        * jit/JITStubRoutine.h: Added.
-        (JSC):
-        (JITStubRoutine):
-        (JSC::JITStubRoutine::JITStubRoutine):
-        (JSC::JITStubRoutine::createSelfManagedRoutine):
-        (JSC::JITStubRoutine::code):
-        (JSC::JITStubRoutine::asCodePtr):
-        (JSC::JITStubRoutine::ref):
-        (JSC::JITStubRoutine::deref):
-        (JSC::JITStubRoutine::startAddress):
-        (JSC::JITStubRoutine::endAddress):
-        (JSC::JITStubRoutine::addressStep):
-        (JSC::JITStubRoutine::canPerformRangeFilter):
-        (JSC::JITStubRoutine::filteringStartAddress):
-        (JSC::JITStubRoutine::filteringExtentSize):
-        (JSC::JITStubRoutine::passesFilter):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::getPolymorphicAccessStructureListSlot):
-
-2012-07-09  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r122107.
-        http://trac.webkit.org/changeset/122107
-        https://bugs.webkit.org/show_bug.cgi?id=90794
-
-        Build failure on Mac debug bots (Requested by falken_ on
-        #webkit).
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-09  Matt Falkenhagen  <falken@chromium.org>
-
-        Add ENABLE_DIALOG_ELEMENT and skeleton files
-        https://bugs.webkit.org/show_bug.cgi?id=90521
-
-        Reviewed by Kent Tamura.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-08  Ryosuke Niwa  <rniwa@webkit.org>
-
-        gcc build fix after r121925.
-
-        * runtime/JSObject.h:
-        (JSC::JSFinalObject::finishCreation):
-
-2012-07-08  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt][ARM] Implementing missing macro assembler instructions after r121925
-        https://bugs.webkit.org/show_bug.cgi?id=90657
-
-        Reviewed by Csaba Osztrogonác.
-
-        Implementing convertibleLoadPtr, replaceWithLoad and
-        replaceWithAddressComputation.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::replaceWithLoad):
-        (ARMAssembler):
-        (JSC::ARMAssembler::replaceWithAddressComputation):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::convertibleLoadPtr):
-        (MacroAssemblerARM):
-
-2012-07-06  Filip Pizlo  <fpizlo@apple.com>
-
-        WebKit Version 5.1.7 (6534.57.2, r121935): Double-click no longer works on OpenStreetMap
-        https://bugs.webkit.org/show_bug.cgi?id=90703
-
-        Reviewed by Michael Saboff.
-        
-        It turns out that in my object model refactoring, I managed to fix get_by_pname in all
-        execution engines except 64-bit baseline JIT.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_pname):
-
-2012-07-06  Pravin D  <pravind.2k4@gmail.com>
-
-        Build Error on Qt Linux build
-        https://bugs.webkit.org/show_bug.cgi?id=90699
-
-        Reviewed by Laszlo Gombos.
-
-        * parser/Parser.cpp:
-        (JSC::::parseForStatement):
-        Removed unused boolean variable as this was causing build error on Qt Linux.
-
-2012-07-06  Nuno Lopes  <nlopes@apple.com>
-
-        Fix build with recent clang.
-        https://bugs.webkit.org/show_bug.cgi?id=90634
-
-        Reviewed by Oliver Hunt.
-
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-        (SpecializedThunkJIT):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        (JSC::powThunkGenerator):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/NodeConstructors.h:
-        (JSC::PostfixErrorNode::PostfixErrorNode):
-        (JSC::PrefixErrorNode::PrefixErrorNode):
-        (JSC::AssignResolveNode::AssignResolveNode):
-        (JSC::AssignErrorNode::AssignErrorNode):
-        (JSC::ForNode::ForNode):
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.h:
-        (FunctionCallResolveNode):
-        (PostfixErrorNode):
-        (PrefixErrorNode):
-        (ReadModifyResolveNode):
-        (AssignResolveNode):
-        (AssignErrorNode):
-        (ForNode):
-        (ForInNode):
-        * parser/Parser.cpp:
-        (JSC::::parseVarDeclarationList):
-        (JSC::::parseForStatement):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createForLoop):
-
-2012-07-06  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt][ARM] REGRESSION(r121885): It broke 30 jsc tests, 500+ layout tests
-        https://bugs.webkit.org/show_bug.cgi?id=90656
-
-        Reviewed by Csaba Osztrogonác.
-
-        Typo fixes.
-
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
-        Rename getOp2Byte() -> getOp2Half()
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
-        Add a necessary space.
-        * jit/JITStubs.cpp:
-        (JSC):
-        Revert INLINE_ARM_FUNCTION macro.
-
-2012-07-05  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r121925): It broke 5 sputnik tests on x86 platforms
-        https://bugs.webkit.org/show_bug.cgi?id=90658
-
-        Reviewed by Zoltan Herczeg.
-        
-        Under the new object model, out-of-line property accesses such as those
-        in ResolveGlobal must account for the fact that the offset to the Kth
-        property is represented by K + inlineStorageCapacity. Hence, the property
-        loads in ResolveGlobal must have an additional -inlineStorageCapacity *
-        sizeof(JSValue) offset.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-07-05  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] Unreviewed 64 bit buildfix after r121925.
-
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFromLLInt):
-
-2012-07-05  Michael Saboff  <msaboff@apple.com>
-
-        JSString::tryHashConstLock() fails to get exclusive lock
-        https://bugs.webkit.org/show_bug.cgi?id=90639
-
-        Reviewed by Oliver Hunt.
-
-        Added check that the string is already locked even before compare and swap.
-
-        * heap/MarkStack.cpp:
-        (JSC::JSString::tryHashConstLock):
-
-2012-07-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Inline property storage should not be wasted when it is exhausted
-        https://bugs.webkit.org/show_bug.cgi?id=90347
-
-        Reviewed by Gavin Barraclough.
-        
-        Previously, if we switched an object from using inline storage to out-of-line
-        storage, we would abandon the inline storage. This would have two main implications:
-        (i) all accesses to the object, even for properties that were previously in inline
-        storage, must now take an extra indirection; and (ii) we waste a non-trivial amount
-        of space since we must allocate additional out-of-line storage to hold properties
-        that would have fit in the inline storage. There's also the copying cost when
-        switching to out-of-line storage - we must copy all inline properties into ouf-of-line
-        storage.
-        
-        This patch changes the way that object property storage works so that we can use both
-        inline and out-of-line storage concurrently. This is accomplished by introducing a
-        new notion of property offset. This PropertyOffset is a 32-bit signed integer and it
-        behaves as follows:
-        
-        offset == -1: invalid offset, indicating a property that does not exist.
-        
-        0 <= offset <= inlineStorageCapacity: offset into inline storage.
-        
-        inlineStorageCapacity < offset: offset into out-of-line storage.
-        
-        Because non-final objects don't have inline storage, the only valid PropertyOffsets
-        for those objects' properties are -1 or > inlineStorageCapacity.
-        
-        This now means that the decision to use inline or out-of-line storage for an access is
-        made based on the offset, rather than the structure. It also means that any access
-        where the offset is a variable must have an extra branch, unless the type of the
-        object is also known (if it's known to be a non-final object then we can just assert
-        that the offset is >= inlineStorageCapacity).
-        
-        This looks like a big Kraken speed-up and a slight V8 speed-up.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::ldrWide8BitImmediate):
-        (JSC::ARMv7Assembler::replaceWithLoad):
-        (JSC::ARMv7Assembler::replaceWithAddressComputation):
-        * assembler/AbstractMacroAssembler.h:
-        (AbstractMacroAssembler):
-        (ConvertibleLoadLabel):
-        (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::ConvertibleLoadLabel):
-        (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::isSet):
-        (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
-        (JSC::AbstractMacroAssembler::replaceWithLoad):
-        (JSC::AbstractMacroAssembler::replaceWithAddressComputation):
-        * assembler/CodeLocation.h:
-        (JSC):
-        (CodeLocationCommon):
-        (CodeLocationConvertibleLoad):
-        (JSC::CodeLocationConvertibleLoad::CodeLocationConvertibleLoad):
-        (JSC::CodeLocationCommon::convertibleLoadAtOffset):
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::finalizeCodeWithDisassembly):
-        * assembler/LinkBuffer.h:
-        (LinkBuffer):
-        (JSC::LinkBuffer::locationOf):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::convertibleLoadPtr):
-        (MacroAssemblerX86):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::convertibleLoadPtr):
-        (MacroAssemblerX86_64):
-        * assembler/RepatchBuffer.h:
-        (RepatchBuffer):
-        (JSC::RepatchBuffer::replaceWithLoad):
-        (JSC::RepatchBuffer::replaceWithAddressComputation):
-        (JSC::RepatchBuffer::setLoadInstructionIsActive):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::replaceWithLoad):
-        (X86Assembler):
-        (JSC::X86Assembler::replaceWithAddressComputation):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        (JSC::GetByIdStatus::computeForChain):
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/GetByIdStatus.h:
-        (JSC::GetByIdStatus::GetByIdStatus):
-        (JSC::GetByIdStatus::offset):
-        (GetByIdStatus):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFromLLInt):
-        (JSC::PutByIdStatus::computeFor):
-        * bytecode/PutByIdStatus.h:
-        (JSC::PutByIdStatus::PutByIdStatus):
-        (JSC::PutByIdStatus::offset):
-        (PutByIdStatus):
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC):
-        (JSC::computeForStructure):
-        * bytecode/ResolveGlobalStatus.h:
-        (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
-        (JSC::ResolveGlobalStatus::offset):
-        (ResolveGlobalStatus):
-        * bytecode/StructureSet.h:
-        (StructureSet):
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
-        (PropertyAccessRecord):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchByIdSelfAccess):
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::tryBuildPutByIdList):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/MarkStack.cpp:
-        (JSC::visitChildren):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID):
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::PropertyStubCompilationInfo::copyToStubInfo):
-        * jit/JIT.h:
-        (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_method_check):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::patchGetByIdSelf):
-        (JSC::JIT::patchPutByIdReplace):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::emit_op_get_by_pname):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/x86.rb:
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::functionNameOffset):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        (JSC):
-        (JSC::JSFinalObject::visitChildren):
-        (JSC::JSObject::put):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::getPropertySpecificValue):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::growOutOfLineStorage):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::hasInlineStorage):
-        (JSC::JSObject::inlineStorageUnsafe):
-        (JSC::JSObject::inlineStorage):
-        (JSC::JSObject::outOfLineStorage):
-        (JSC::JSObject::locationForOffset):
-        (JSC::JSObject::offsetForLocation):
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirectOffset):
-        (JSC::JSObject::putUndefinedAtDirectOffset):
-        (JSC::JSObject::addressOfOutOfLineStorage):
-        (JSC::JSObject::finishCreation):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSNonFinalObject::finishCreation):
-        (JSFinalObject):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::JSFinalObject::JSFinalObject):
-        (JSC::JSObject::offsetOfOutOfLineStorage):
-        (JSC::JSObject::setOutOfLineStorage):
-        (JSC::JSObject::JSObject):
-        (JSC):
-        (JSC::JSCell::fastGetOwnProperty):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::offsetRelativeToPatchedStorage):
-        (JSC::indexRelativeToBase):
-        (JSC::offsetRelativeToBase):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSPropertyNameIterator.h:
-        (JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::getOffset):
-        (JSC::JSPropertyNameIterator::finishCreation):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::putToPrimitive):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        * runtime/Options.cpp:
-        (JSC):
-        (JSC::Options::initialize):
-        * runtime/PropertyMapHashTable.h:
-        (PropertyMapEntry):
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        (PropertyTable):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::getDeletedOffset):
-        (JSC::PropertyTable::addDeletedOffset):
-        (JSC::PropertyTable::nextOffset):
-        (JSC):
-        (JSC::PropertyTable::sizeInMemory):
-        * runtime/PropertyOffset.h: Added.
-        (JSC):
-        (JSC::checkOffset):
-        (JSC::validateOffset):
-        (JSC::isValidOffset):
-        (JSC::isInlineOffset):
-        (JSC::isOutOfLineOffset):
-        (JSC::offsetInInlineStorage):
-        (JSC::offsetInOutOfLineStorage):
-        (JSC::offsetInRespectiveStorage):
-        (JSC::numberOfOutOfLineSlotsForLastOffset):
-        (JSC::numberOfSlotsForLastOffset):
-        (JSC::nextPropertyOffsetFor):
-        (JSC::firstPropertyOffsetFor):
-        * runtime/PropertySlot.h:
-        (JSC::PropertySlot::cachedOffset):
-        (JSC::PropertySlot::setValue):
-        (JSC::PropertySlot::setCacheableGetterSlot):
-        (JSC::PropertySlot::clearOffset):
-        * runtime/PutPropertySlot.h:
-        (JSC::PutPropertySlot::setExistingProperty):
-        (JSC::PutPropertySlot::setNewProperty):
-        (JSC::PutPropertySlot::cachedOffset):
-        (PutPropertySlot):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::nextOutOfLineStorageCapacity):
-        (JSC::Structure::growOutOfLineCapacity):
-        (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::get):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::remove):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::previousID):
-        (JSC::Structure::outOfLineCapacity):
-        (JSC::Structure::outOfLineSizeForKnownFinalObject):
-        (JSC::Structure::outOfLineSizeForKnownNonFinalObject):
-        (JSC::Structure::outOfLineSize):
-        (JSC::Structure::hasInlineStorage):
-        (JSC::Structure::inlineCapacity):
-        (JSC::Structure::inlineSizeForKnownFinalObject):
-        (JSC::Structure::inlineSize):
-        (JSC::Structure::totalStorageSize):
-        (JSC::Structure::totalStorageCapacity):
-        (JSC::Structure::firstValidOffset):
-        (JSC::Structure::lastValidOffset):
-        (JSC::Structure::isValidOffset):
-        (JSC::Structure::isEmpty):
-        (JSC::Structure::transitionCount):
-        (JSC::Structure::get):
-
-2012-07-05  Oliver Hunt  <oliver@apple.com>
-
-        JSObjectCallAsFunction should thisConvert the provided thisObject
-        https://bugs.webkit.org/show_bug.cgi?id=90628
-
-        Reviewed by Gavin Barraclough.
-
-        Perform this conversion on the provided this object.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectCallAsFunction):
-
-2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        [Qt] Unreviewed buildfix after r121886. Typo fix.
-
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
-
-2012-07-05  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Port DFG JIT to traditional ARM
-        https://bugs.webkit.org/show_bug.cgi?id=90198
-
-        Reviewed by Filip Pizlo.
-
-        This patch contains the macro assembler part of the
-        DFG JIT support on ARM systems with fixed 32 bit instruction
-        width. A large amount of old code was refactored, and the ARMv4
-        or lower support is removed from the macro assembler.
-
-        Sunspider is improved by 8%, and V8 is 92%.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::dataTransfer32):
-        (JSC::ARMAssembler::baseIndexTransfer32):
-        (JSC):
-        (JSC::ARMAssembler::dataTransfer16):
-        (JSC::ARMAssembler::baseIndexTransfer16):
-        (JSC::ARMAssembler::dataTransferFloat):
-        (JSC::ARMAssembler::baseIndexTransferFloat):
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::ARMAssembler):
-        (JSC::ARMAssembler::emitInst):
-        (JSC::ARMAssembler::vmov_f64_r):
-        (ARMAssembler):
-        (JSC::ARMAssembler::vabs_f64_r):
-        (JSC::ARMAssembler::vneg_f64_r):
-        (JSC::ARMAssembler::ldr_imm):
-        (JSC::ARMAssembler::ldr_un_imm):
-        (JSC::ARMAssembler::dtr_u):
-        (JSC::ARMAssembler::dtr_ur):
-        (JSC::ARMAssembler::dtr_d):
-        (JSC::ARMAssembler::dtr_dr):
-        (JSC::ARMAssembler::dtrh_u):
-        (JSC::ARMAssembler::dtrh_ur):
-        (JSC::ARMAssembler::dtrh_d):
-        (JSC::ARMAssembler::dtrh_dr):
-        (JSC::ARMAssembler::fdtr_u):
-        (JSC::ARMAssembler::fdtr_d):
-        (JSC::ARMAssembler::push_r):
-        (JSC::ARMAssembler::pop_r):
-        (JSC::ARMAssembler::poke_r):
-        (JSC::ARMAssembler::peek_r):
-        (JSC::ARMAssembler::vmov_vfp64_r):
-        (JSC::ARMAssembler::vmov_arm64_r):
-        (JSC::ARMAssembler::vmov_vfp32_r):
-        (JSC::ARMAssembler::vmov_arm32_r):
-        (JSC::ARMAssembler::vcvt_u32_f64_r):
-        (JSC::ARMAssembler::vcvt_f64_f32_r):
-        (JSC::ARMAssembler::vcvt_f32_f64_r):
-        (JSC::ARMAssembler::clz_r):
-        (JSC::ARMAssembler::bkpt):
-        (JSC::ARMAssembler::bx):
-        (JSC::ARMAssembler::blx):
-        (JSC::ARMAssembler::labelIgnoringWatchpoints):
-        (JSC::ARMAssembler::labelForWatchpoint):
-        (JSC::ARMAssembler::label):
-        (JSC::ARMAssembler::getLdrImmAddress):
-        (JSC::ARMAssembler::replaceWithJump):
-        (JSC::ARMAssembler::maxJumpReplacementSize):
-        (JSC::ARMAssembler::getOp2Byte):
-        (JSC::ARMAssembler::getOp2Half):
-        (JSC::ARMAssembler::RM):
-        (JSC::ARMAssembler::RS):
-        (JSC::ARMAssembler::RD):
-        (JSC::ARMAssembler::RN):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (JSC::AssemblerBufferWithConstantPool::ensureSpaceForAnyInstruction):
-        * assembler/MacroAssemblerARM.cpp:
-        (JSC::MacroAssemblerARM::load32WithUnalignedHalfWords):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::add32):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::and32):
-        (JSC::MacroAssemblerARM::lshift32):
-        (JSC::MacroAssemblerARM::mul32):
-        (JSC::MacroAssemblerARM::neg32):
-        (JSC::MacroAssemblerARM::rshift32):
-        (JSC::MacroAssemblerARM::urshift32):
-        (JSC::MacroAssemblerARM::xor32):
-        (JSC::MacroAssemblerARM::load8):
-        (JSC::MacroAssemblerARM::load8Signed):
-        (JSC::MacroAssemblerARM::load16):
-        (JSC::MacroAssemblerARM::load16Signed):
-        (JSC::MacroAssemblerARM::load32):
-        (JSC::MacroAssemblerARM::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM::store8):
-        (JSC::MacroAssemblerARM::store16):
-        (JSC::MacroAssemblerARM::store32):
-        (JSC::MacroAssemblerARM::move):
-        (JSC::MacroAssemblerARM::jump):
-        (JSC::MacroAssemblerARM::branchAdd32):
-        (JSC::MacroAssemblerARM::mull32):
-        (JSC::MacroAssemblerARM::branchMul32):
-        (JSC::MacroAssemblerARM::nearCall):
-        (JSC::MacroAssemblerARM::compare32):
-        (JSC::MacroAssemblerARM::test32):
-        (JSC::MacroAssemblerARM::sub32):
-        (JSC::MacroAssemblerARM::call):
-        (JSC::MacroAssemblerARM::loadFloat):
-        (JSC::MacroAssemblerARM::loadDouble):
-        (JSC::MacroAssemblerARM::storeFloat):
-        (JSC::MacroAssemblerARM::storeDouble):
-        (JSC::MacroAssemblerARM::moveDouble):
-        (JSC::MacroAssemblerARM::addDouble):
-        (JSC::MacroAssemblerARM::divDouble):
-        (JSC::MacroAssemblerARM::subDouble):
-        (JSC::MacroAssemblerARM::mulDouble):
-        (JSC::MacroAssemblerARM::absDouble):
-        (JSC::MacroAssemblerARM::negateDouble):
-        (JSC::MacroAssemblerARM::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM::convertFloatToDouble):
-        (JSC::MacroAssemblerARM::convertDoubleToFloat):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerARM::branchTruncateDoubleToUint32):
-        (JSC::MacroAssemblerARM::truncateDoubleToInt32):
-        (JSC::MacroAssemblerARM::truncateDoubleToUint32):
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARM::branchDoubleNonZero):
-        (JSC::MacroAssemblerARM::branchDoubleZeroOrNaN):
-        (JSC::MacroAssemblerARM::invert):
-        (JSC::MacroAssemblerARM::replaceWithJump):
-        (JSC::MacroAssemblerARM::maxJumpReplacementSize):
-        (JSC::MacroAssemblerARM::call32):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::label):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        (JSC::DFG::AssemblyHelpers::boxDouble):
-        (JSC::DFG::AssemblyHelpers::unboxDouble):
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArguments):
-        * dfg/DFGFPRInfo.h:
-        (DFG):
-        * dfg/DFGGPRInfo.h:
-        (DFG):
-        (GPRInfo):
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
-        (JSC::DFG::SpeculativeJIT::appendCallSetResult):
-        * jit/JITStubs.cpp:
-        (JSC):
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        * jit/JSInterfaceJIT.h:
-        (JSInterfaceJIT):
-
-2012-07-04  Anthony Scian  <ascian@rim.com>
-
-        Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
-        https://bugs.webkit.org/show_bug.cgi?id=40118
-
-        Reviewed by Yong Li.
-
-        Added member functions to expose function name, urlString, and line #.
-        Refactored toString to make use of these member functions to reduce
-        duplicated code for future maintenance.
-
-        Manually tested refactoring of toString by tracing thrown exceptions.
-
-        * interpreter/Interpreter.h:
-        (JSC::StackFrame::toString):
-        (JSC::StackFrame::friendlySourceURL):
-        (JSC::StackFrame::friendlyFunctionName):
-        (JSC::StackFrame::friendlyLineNumber):
-
-2012-07-04  Andy Wingo  <wingo@igalia.com>
-
-        [GTK] Enable parallel GC
-        https://bugs.webkit.org/show_bug.cgi?id=90568
-
-        Reviewed by Martin Robinson.
-
-        * runtime/Options.cpp: Include <algorithm.h> for std::min.
-
-2012-07-04  John Mellor  <johnme@chromium.org>
-
-        Text Autosizing: Add compile flag and runtime setting
-        https://bugs.webkit.org/show_bug.cgi?id=87394
-
-        This patch renames Font Boosting to Text Autosizing.
-
-        Reviewed by Adam Barth.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-03  Michael Saboff  <msaboff@apple.com>
-
-        Enh: Hash Const JSString in Backing Stores to Save Memory
-        https://bugs.webkit.org/show_bug.cgi?id=86024
-
-        Reviewed by Oliver Hunt.
-
-        During garbage collection, each marking thread keeps a HashMap of
-        strings.  While visiting via MarkStack::copyAndAppend(), we check to
-        see if the string we are visiting is already in the HashMap.  If not
-        we add it. If so, we change the reference to the current string we're
-        visiting to the prior string.
-
-        To reduce the performance impact of this change, two throttles have
-        ben added.  1) We only try hash consting if a significant number of new 
-        strings have been created since the last hash const.  Currently this is
-        set at 100 strings.  2) If a string is unique at the end of a marking
-        it will not be checked during further GC phases. In some cases this
-        won't catch all duplicates, but we are trying to catch the growth of
-        duplicate strings.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::resetChildren):
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::MarkStackThreadSharedData::reset):
-        (JSC::MarkStack::setup): Check to see if enough strings have been created
-        to hash const.
-        (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
-        (JSC::JSString::tryHashConstLock): New method to lock JSString for
-        hash consting.
-        (JSC::JSString::releaseHashConstLock): New unlock method.
-        (JSC::JSString::shouldTryHashConst): Set of checks to see if we should
-        try to hash const the string.
-        (JSC::MarkStack::internalAppend): New method that performs the hash consting.
-        (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash
-        consting internalAppend().
-        * heap/MarkStack.h:
-        (MarkStackThreadSharedData):
-        (MarkStack):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        (JSC::JSGlobalData::haveEnoughNewStringsToHashConst):
-        (JSC::JSGlobalData::resetNewStringsSinceLastHashConst):
-        * runtime/JSString.h:
-        (JSString): Changed from using bool flags to using an unsigned
-        m_flags field.  This works better with the weakCompareAndSwap in
-        JSString::tryHashConstLock(). Changed the 8bitness setting and
-        checking to use new accessors.
-        (JSC::JSString::JSString):
-        (JSC::JSString::finishCreation):
-        (JSC::JSString::is8Bit): Updated for new m_flags.
-        (JSC::JSString::setIs8Bit): New setter.
-        New hash const flags accessors:
-        (JSC::JSString::isHashConstSingleton):
-        (JSC::JSString::clearHashConstSingleton):
-        (JSC::JSString::setHashConstSingleton):
-        (JSC::JSRopeString::finishCreation):
-        (JSC::JSRopeString::append):
-
-2012-07-03  Tony Chang  <tony@chromium.org>
-
-        [chromium] Unreviewed, update .gitignore to handle VS2010 files.
-
-        * JavaScriptCore.gyp/.gitignore:
-
-2012-07-03  Mark Lam  <mark.lam@apple.com>
-
-        Add ability to symbolically set and dump JSC VM options.
-        See comments in runtime/Options.h for details on how the options work.
-        https://bugs.webkit.org/show_bug.cgi?id=90420
-
-        Reviewed by Filip Pizlo.
-
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::finalizeCodeWithDisassembly):
-        * assembler/LinkBuffer.h:
-        (JSC):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shouldOptimizeNow):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::likelyToTakeSlowCase):
-        (JSC::CodeBlock::couldTakeSlowCase):
-        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
-        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
-        (JSC::CodeBlock::likelyToTakeAnySlowCase):
-        (JSC::CodeBlock::jitAfterWarmUp):
-        (JSC::CodeBlock::jitSoon):
-        (JSC::CodeBlock::reoptimizationRetryCounter):
-        (JSC::CodeBlock::countReoptimization):
-        (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
-        (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
-        (JSC::CodeBlock::optimizeSoon):
-        (JSC::CodeBlock::exitCountThresholdForReoptimization):
-        (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
-        * bytecode/ExecutionCounter.h:
-        (JSC::ExecutionCounter::clippedThreshold):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::mightCompileEval):
-        (JSC::DFG::mightCompileProgram):
-        (JSC::DFG::mightCompileFunctionForCall):
-        (JSC::DFG::mightCompileFunctionForConstruct):
-        (JSC::DFG::mightInlineFunctionForCall):
-        (JSC::DFG::mightInlineFunctionForConstruct):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::shouldShowDisassembly):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackSegmentAllocator::allocate):
-        (JSC::MarkStackSegmentAllocator::shrinkReserve):
-        (JSC::MarkStackArray::MarkStackArray):
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::SlotVisitor::donateKnownParallel):
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::drainFromShared):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
-        (JSC::MarkStack::addOpaqueRoot):
-        * heap/SlotVisitor.h:
-        (JSC::SlotVisitor::donate):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        * jsc.cpp:
-        (printUsageStatement):
-        (parseArguments):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSGlobalData.cpp:
-        (JSC::enableAssembler):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/Options.cpp:
-        (JSC):
-        (JSC::overrideOptionWithHeuristic):
-        (JSC::Options::initialize):
-        (JSC::Options::setOption):
-        (JSC::Options::dumpAllOptions):
-        (JSC::Options::dumpOption):
-        * runtime/Options.h:
-        (JSC):
-        (Options):
-        (EntryInfo):
-
-2012-07-03  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>  Joel Dillon <joel.dillon@codethink.co.uk>
-
-        [Qt][Win] Fix broken QtWebKit5.lib linking
-        https://bugs.webkit.org/show_bug.cgi?id=88321
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        The goal is to have different ports build systems define STATICALLY_LINKED_WITH_WTF
-        when building JavaScriptCore, if both are packaged in the same DLL, instead
-        of relying on the code to handle this.
-        The effects of BUILDING_* and STATICALLY_LINKED_WITH_* are currently the same
-        except for a check in Source/JavaScriptCore/config.h.
-
-        Keeping the old way for the WX port as requested by the port's contributors.
-        For non-Windows ports there is no difference between IMPORT and EXPORT, no
-        change is needed.
-
-        * API/JSBase.h:
-          JS symbols shouldn't be included by WTF objects anymore. Remove the export when BUILDING_WTF.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-          Make sure that JavaScriptCore uses import symbols of WTF for the Win port.
-        * runtime/JSExportMacros.h:
-
-2012-07-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit value recoveries should be computed lazily
-        https://bugs.webkit.org/show_bug.cgi?id=82155
-
-        Reviewed by Gavin Barraclough.
-        
-        This change aims to reduce one aspect of DFG compile times: the fact
-        that we currently compute the value recoveries for each local and
-        argument on every speculation check. We compile many speculation checks,
-        so this can add up quick. The strategy that this change takes is to
-        have the DFG save just enough information about how the compiler is
-        choosing to represent state, that the DFG::OSRExitCompiler can reify
-        the value recoveries lazily.
-        
-        This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
-        
-        I also took the opportunity to fix the sampling regions profiler (it
-        was missing an export macro) and to put in more sampling regions in
-        the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
-        false).
-        
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        (JSC::CodeBlock::shrinkDFGDataToFit):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::minifiedDFG):
-        (JSC::CodeBlock::variableEventStream):
-        (DFGData):
-        * bytecode/Operands.h:
-        (JSC::Operands::hasOperand):
-        (Operands):
-        (JSC::Operands::size):
-        (JSC::Operands::at):
-        (JSC::Operands::operator[]):
-        (JSC::Operands::isArgument):
-        (JSC::Operands::isVariable):
-        (JSC::Operands::argumentForIndex):
-        (JSC::Operands::variableForIndex):
-        (JSC::Operands::operandForIndex):
-        (JSC):
-        (JSC::dumpOperands):
-        * bytecode/SamplingTool.h:
-        (SamplingRegion):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::parse):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::performCFA):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::performCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::performFixup):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::GenerationInfo):
-        (JSC::DFG::GenerationInfo::initConstant):
-        (JSC::DFG::GenerationInfo::initInteger):
-        (JSC::DFG::GenerationInfo::initJSValue):
-        (JSC::DFG::GenerationInfo::initCell):
-        (JSC::DFG::GenerationInfo::initBoolean):
-        (JSC::DFG::GenerationInfo::initDouble):
-        (JSC::DFG::GenerationInfo::initStorage):
-        (GenerationInfo):
-        (JSC::DFG::GenerationInfo::noticeOSRBirth):
-        (JSC::DFG::GenerationInfo::use):
-        (JSC::DFG::GenerationInfo::spill):
-        (JSC::DFG::GenerationInfo::setSpilled):
-        (JSC::DFG::GenerationInfo::fillJSValue):
-        (JSC::DFG::GenerationInfo::fillCell):
-        (JSC::DFG::GenerationInfo::fillInteger):
-        (JSC::DFG::GenerationInfo::fillBoolean):
-        (JSC::DFG::GenerationInfo::fillDouble):
-        (JSC::DFG::GenerationInfo::fillStorage):
-        (JSC::DFG::GenerationInfo::appendFill):
-        (JSC::DFG::GenerationInfo::appendSpill):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGMinifiedGraph.h: Added.
-        (DFG):
-        (MinifiedGraph):
-        (JSC::DFG::MinifiedGraph::MinifiedGraph):
-        (JSC::DFG::MinifiedGraph::at):
-        (JSC::DFG::MinifiedGraph::append):
-        (JSC::DFG::MinifiedGraph::prepareAndShrink):
-        (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
-        (JSC::DFG::MinifiedGraph::originalGraphSize):
-        * dfg/DFGMinifiedNode.cpp: Added.
-        (DFG):
-        (JSC::DFG::MinifiedNode::fromNode):
-        * dfg/DFGMinifiedNode.h: Added.
-        (DFG):
-        (JSC::DFG::belongsInMinifiedGraph):
-        (MinifiedNode):
-        (JSC::DFG::MinifiedNode::MinifiedNode):
-        (JSC::DFG::MinifiedNode::index):
-        (JSC::DFG::MinifiedNode::op):
-        (JSC::DFG::MinifiedNode::hasChild1):
-        (JSC::DFG::MinifiedNode::child1):
-        (JSC::DFG::MinifiedNode::hasConstant):
-        (JSC::DFG::MinifiedNode::hasConstantNumber):
-        (JSC::DFG::MinifiedNode::constantNumber):
-        (JSC::DFG::MinifiedNode::hasWeakConstant):
-        (JSC::DFG::MinifiedNode::weakConstant):
-        (JSC::DFG::MinifiedNode::getIndex):
-        (JSC::DFG::MinifiedNode::compareByNodeIndex):
-        (JSC::DFG::MinifiedNode::hasChild):
-        * dfg/DFGNode.h:
-        (Node):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler.h:
-        (OSRExitCompiler):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::performPredictionPropagation):
-        * dfg/DFGRedundantPhiEliminationPhase.cpp:
-        (JSC::DFG::performRedundantPhiElimination):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-        (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::use):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::spill):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::recordSetLocal):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGValueRecoveryOverride.h: Added.
-        (DFG):
-        (ValueRecoveryOverride):
-        (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
-        * dfg/DFGValueSource.cpp: Added.
-        (DFG):
-        (JSC::DFG::ValueSource::dump):
-        * dfg/DFGValueSource.h: Added.
-        (DFG):
-        (JSC::DFG::dataFormatToValueSourceKind):
-        (JSC::DFG::valueSourceKindToDataFormat):
-        (JSC::DFG::isInRegisterFile):
-        (ValueSource):
-        (JSC::DFG::ValueSource::ValueSource):
-        (JSC::DFG::ValueSource::forPrediction):
-        (JSC::DFG::ValueSource::forDataFormat):
-        (JSC::DFG::ValueSource::isSet):
-        (JSC::DFG::ValueSource::kind):
-        (JSC::DFG::ValueSource::isInRegisterFile):
-        (JSC::DFG::ValueSource::dataFormat):
-        (JSC::DFG::ValueSource::valueRecovery):
-        (JSC::DFG::ValueSource::nodeIndex):
-        (JSC::DFG::ValueSource::nodeIndexFromKind):
-        (JSC::DFG::ValueSource::kindFromNodeIndex):
-        * dfg/DFGVariableEvent.cpp: Added.
-        (DFG):
-        (JSC::DFG::VariableEvent::dump):
-        (JSC::DFG::VariableEvent::dumpFillInfo):
-        (JSC::DFG::VariableEvent::dumpSpillInfo):
-        * dfg/DFGVariableEvent.h: Added.
-        (DFG):
-        (VariableEvent):
-        (JSC::DFG::VariableEvent::VariableEvent):
-        (JSC::DFG::VariableEvent::reset):
-        (JSC::DFG::VariableEvent::fillGPR):
-        (JSC::DFG::VariableEvent::fillPair):
-        (JSC::DFG::VariableEvent::fillFPR):
-        (JSC::DFG::VariableEvent::spill):
-        (JSC::DFG::VariableEvent::death):
-        (JSC::DFG::VariableEvent::setLocal):
-        (JSC::DFG::VariableEvent::movHint):
-        (JSC::DFG::VariableEvent::kind):
-        (JSC::DFG::VariableEvent::nodeIndex):
-        (JSC::DFG::VariableEvent::dataFormat):
-        (JSC::DFG::VariableEvent::gpr):
-        (JSC::DFG::VariableEvent::tagGPR):
-        (JSC::DFG::VariableEvent::payloadGPR):
-        (JSC::DFG::VariableEvent::fpr):
-        (JSC::DFG::VariableEvent::virtualRegister):
-        (JSC::DFG::VariableEvent::operand):
-        (JSC::DFG::VariableEvent::variableRepresentation):
-        * dfg/DFGVariableEventStream.cpp: Added.
-        (DFG):
-        (JSC::DFG::VariableEventStream::logEvent):
-        (MinifiedGenerationInfo):
-        (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
-        (JSC::DFG::MinifiedGenerationInfo::update):
-        (JSC::DFG::VariableEventStream::reconstruct):
-        * dfg/DFGVariableEventStream.h: Added.
-        (DFG):
-        (VariableEventStream):
-        (JSC::DFG::VariableEventStream::appendAndLog):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::performVirtualRegisterAllocation):
-
-2012-07-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::ArgumentsSimplificationPhase should assert that the PhantomArguments nodes it creates are not shouldGenerate()
-        https://bugs.webkit.org/show_bug.cgi?id=90407
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-
-2012-07-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Array.prototype.pop should throw if property is not configurable
-        https://bugs.webkit.org/show_bug.cgi?id=75788
-
-        Rubber Stamped by Oliver Hunt.
-
-        No real bug here any more, but the error we throw sometimes has a misleading message.
- 
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::pop):
-
-2012-06-29  Filip Pizlo  <fpizlo@apple.com>
-
-        JSObject wastes too much memory on unused property slots
-        https://bugs.webkit.org/show_bug.cgi?id=90255
-
-        Reviewed by Mark Hahnenberg.
-        
-        Rolling back in after applying a simple fix: it appears that
-        JSObject::setStructureAndReallocateStorageIfNecessary() was allocating more
-        property storage than necessary. Fixing this appears to resolve the crash.
-        
-        This does a few things:
-        
-        - JSNonFinalObject no longer has inline property storage.
-        
-        - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
-          or 2x the inline storage for JSFinalObject.
-        
-        - Property storage is only reallocated if it needs to be. Previously, we
-          would reallocate the property storage on any transition where the original
-          structure said shouldGrowProperyStorage(), but this led to spurious
-          reallocations when doing transitionless property adds and there are
-          deleted property slots available. That in turn led to crashes, because we
-          would switch to out-of-line storage even if the capacity matched the
-          criteria for inline storage.
-        
-        - Inline JSFunction allocation is killed off because we don't have a good
-          way of inlining property storage allocation. This didn't hurt performance.
-          Killing off code is better than fixing it if that code wasn't doing any
-          good.
-        
-        This looks like a 1% progression on V8.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_func):
-        (JSC):
-        (JSC::JIT::emit_op_new_func_exp):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::finishCreation):
-        * runtime/JSObject.h:
-        (JSC::JSObject::isUsingInlineStorage):
-        (JSObject):
-        (JSC::JSObject::finishCreation):
-        (JSC):
-        (JSC::JSNonFinalObject::hasInlineStorage):
-        (JSNonFinalObject):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSNonFinalObject::finishCreation):
-        (JSC::JSFinalObject::hasInlineStorage):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::JSObject::offsetOfInlineStorage):
-        (JSC::JSObject::setPropertyStorage):
-        (JSC::Structure::inlineStorageCapacity):
-        (JSC::Structure::isUsingInlineStorage):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
-        (JSC::JSObject::putDirectWithoutTransition):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::nextPropertyStorageCapacity):
-        (JSC):
-        (JSC::Structure::growPropertyStorageCapacity):
-        (JSC::Structure::suggestedNewPropertyStorageSize):
-        * runtime/Structure.h:
-        (JSC::Structure::putWillGrowPropertyStorage):
-        (Structure):
-
-2012-06-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Webkit crashes in DFG on Google Docs when creating a new document
-        https://bugs.webkit.org/show_bug.cgi?id=90209
-
-        Reviewed by Gavin Barraclough.
-        
-        Don't attempt to short-circuit Phantom(GetLocal) if the GetLocal is for a
-        captured variable.
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2012-06-30  Zan Dobersek  <zandobersek@gmail.com>
-
-        Unreviewed, rolling out r121605.
-        http://trac.webkit.org/changeset/121605
-        https://bugs.webkit.org/show_bug.cgi?id=90336
-
-        Changes caused flaky crashes in sputnik/Unicode tests on Apple
-        WK1 and GTK Linux builders
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateJSFinalObject):
-        (JSC):
-        (JSC::JIT::emitAllocateJSFunction):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_func):
-        (JSC::JIT::emitSlow_op_new_func):
-        (JSC):
-        (JSC::JIT::emit_op_new_func_exp):
-        (JSC::JIT::emitSlow_op_new_func_exp):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::finishCreation):
-        * runtime/JSObject.h:
-        (JSC::JSObject::isUsingInlineStorage):
-        (JSObject):
-        (JSC::JSObject::finishCreation):
-        (JSC):
-        (JSNonFinalObject):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSNonFinalObject::finishCreation):
-        (JSFinalObject):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::JSObject::offsetOfInlineStorage):
-        (JSC::JSObject::setPropertyStorage):
-        (JSC::Structure::isUsingInlineStorage):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC::JSObject::transitionTo):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC):
-        (JSC::Structure::growPropertyStorageCapacity):
-        (JSC::Structure::suggestedNewPropertyStorageSize):
-        * runtime/Structure.h:
-        (JSC::Structure::shouldGrowPropertyStorage):
-        (JSC::Structure::propertyStorageSize):
-
-2012-06-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove warning about protected values when the Heap is being destroyed
-        https://bugs.webkit.org/show_bug.cgi?id=90302
-
-        Reviewed by Geoffrey Garen.
-
-        Having to do book-keeping about whether values allocated from a certain 
-        VM are or are not protected makes the JSC API much more difficult to use 
-        correctly. Clients should be able to throw an entire VM away and not have 
-        to worry about unprotecting all of the values that they protected earlier.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::lastChanceToFinalize):
-
-2012-06-29  Filip Pizlo  <fpizlo@apple.com>
-
-        JSObject wastes too much memory on unused property slots
-        https://bugs.webkit.org/show_bug.cgi?id=90255
-
-        Reviewed by Mark Hahnenberg.
-        
-        This does a few things:
-        
-        - JSNonFinalObject no longer has inline property storage.
-        
-        - Initial out-of-line property storage size is 4 slots for JSNonFinalObject,
-          or 2x the inline storage for JSFinalObject.
-        
-        - Property storage is only reallocated if it needs to be. Previously, we
-          would reallocate the property storage on any transition where the original
-          structure said shouldGrowProperyStorage(), but this led to spurious
-          reallocations when doing transitionless property adds and there are
-          deleted property slots available. That in turn led to crashes, because we
-          would switch to out-of-line storage even if the capacity matched the
-          criteria for inline storage.
-        
-        - Inline JSFunction allocation is killed off because we don't have a good
-          way of inlining property storage allocation. This didn't hurt performance.
-          Killing off code is better than fixing it if that code wasn't doing any
-          good.
-        
-        This looks like a 1% progression on V8.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_func):
-        (JSC):
-        (JSC::JIT::emit_op_new_func_exp):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::finishCreation):
-        * runtime/JSObject.h:
-        (JSC::JSObject::isUsingInlineStorage):
-        (JSObject):
-        (JSC::JSObject::finishCreation):
-        (JSC):
-        (JSC::JSNonFinalObject::hasInlineStorage):
-        (JSNonFinalObject):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSNonFinalObject::finishCreation):
-        (JSC::JSFinalObject::hasInlineStorage):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::JSObject::offsetOfInlineStorage):
-        (JSC::JSObject::setPropertyStorage):
-        (JSC::Structure::inlineStorageCapacity):
-        (JSC::Structure::isUsingInlineStorage):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
-        (JSC::JSObject::putDirectWithoutTransition):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::nextPropertyStorageCapacity):
-        (JSC):
-        (JSC::Structure::growPropertyStorageCapacity):
-        (JSC::Structure::suggestedNewPropertyStorageSize):
-        * runtime/Structure.h:
-        (JSC::Structure::putWillGrowPropertyStorage):
-        (Structure):
-
-2012-06-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG recompilation heuristics should be based on count, not rate
-        https://bugs.webkit.org/show_bug.cgi?id=90146
-
-        Reviewed by Oliver Hunt.
-        
-        This removes a bunch of code that was previously trying to prevent spurious
-        reoptimizations if a large enough majority of executions of a code block did
-        not result in OSR exit. It turns out that this code was purely harmful. This
-        patch removes all of that logic and replaces it with a dead-simple
-        heuristic: if you exit more than N times (where N is an exponential function
-        of the number of times the code block has already been recompiled) then we
-        will recompile.
-        
-        This appears to be a broad ~1% win on many benchmarks large and small.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::osrExitCounter):
-        (JSC::CodeBlock::countOSRExit):
-        (CodeBlock):
-        (JSC::CodeBlock::addressOfOSRExitCounter):
-        (JSC::CodeBlock::offsetOfOSRExitCounter):
-        (JSC::CodeBlock::adjustedExitCountThreshold):
-        (JSC::CodeBlock::exitCountThresholdForReoptimization):
-        (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
-        (JSC::CodeBlock::shouldReoptimizeNow):
-        (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::setThreshold):
-        * bytecode/ExecutionCounter.h:
-        (ExecutionCounter):
-        (JSC::ExecutionCounter::clippedThreshold):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileBody):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExitCompiler.cpp:
-        (JSC::DFG::OSRExitCompiler::handleExitCounts):
-        * dfg/DFGOperations.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-
-2012-06-28  Mark Lam  <mark.lam@apple.com>
-
-        Adding a commenting utility to record BytecodeGenerator comments
-        with opcodes that are emitted.  Presently, the comments can only
-        be constant strings.  Adding comments for opcodes is optional.
-        If a comment is added, the comment will be printed following the
-        opcode when CodeBlock::dump() is called.
-
-        This utility is disabled by default, and is only meant for VM
-        development purposes.  It should not be enabled for product builds.
-
-        To enable this utility, set ENABLE_BYTECODE_COMMENTS in CodeBlock.h
-        to 1.
-
-        https://bugs.webkit.org/show_bug.cgi?id=90095
-
-        Reviewed by Geoffrey Garen.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecodeCommentAndNewLine): Dumps the comment.
-        (JSC):
-        (JSC::CodeBlock::printUnaryOp): Add comment dumps.
-        (JSC::CodeBlock::printBinaryOp): Add comment dumps.
-        (JSC::CodeBlock::printConditionalJump): Add comment dumps.
-        (JSC::CodeBlock::printCallOp): Add comment dumps.
-        (JSC::CodeBlock::printPutByIdOp): Add comment dumps.
-        (JSC::CodeBlock::dump): Add comment dumps.
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::commentForBytecodeOffset):
-            Finds the comment for an opcode if available.
-        (JSC::CodeBlock::dumpBytecodeComments):
-            For debugging whether comments are collected.
-            It is not being called anywhere.
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::bytecodeComments):
-        * bytecode/Comment.h: Added.
-        (JSC):
-        (Comment):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitOpcode): Calls emitComment().
-        (JSC):
-        (JSC::BytecodeGenerator::emitComment): Adds comment to CodeBlock.
-        (JSC::BytecodeGenerator::prependComment):
-            Registers a comment for emitComemnt() to use later.
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitComment):
-        (JSC::BytecodeGenerator::prependComment):
-            These are inlined versions of these functions that nullify them
-            when ENABLE_BYTECODE_COMMENTS is 0.
-        (JSC::BytecodeGenerator::comments):
-
-2012-06-28  Oliver Hunt  <oliver@apple.com>
-
-        32bit DFG incorrectly claims an fpr is fillable even if it has not been proven double
-        https://bugs.webkit.org/show_bug.cgi?id=90127
-
-        Reviewed by Filip Pizlo.
-
-        The 32-bit version of fillSpeculateDouble doesn't handle Number->fpr loads
-        correctly.  This patch fixes this by killing the fill info in the GenerationInfo
-        when the spillFormat doesn't guarantee the value is a double.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2012-06-28  Kent Tamura  <tkent@chromium.org>
-
-        Classify form control states by their owner forms
-        https://bugs.webkit.org/show_bug.cgi?id=89950
-
-        Reviewed by Hajime Morita.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Expose WTF::StringBuilder::canShrink()
-
-2012-06-27  Michael Saboff  <msaboff@apple.com>
-
-        [Win] jscore-tests flakey
-        https://bugs.webkit.org/show_bug.cgi?id=88118
-
-        Reviewed by Jessie Berlin.
-
-        jsDriver.pl on windows intermittently doesn't get the returned value from jsc,
-        instead it gets 126.  Added a new option to jsc (-x) which prints the exit
-        code before exiting.  jsDriver.pl uses this option on Windows and parses the
-        exit code output for the exit code, removing it before comparing the actual
-        and expected outputs.  Filed a follow on "FIXME" defect:
-        [WIN] Intermittent failure for jsc return value to propagate through jsDriver.pl
-        https://bugs.webkit.org/show_bug.cgi?id=90119
-
-        * jsc.cpp:
-        (CommandLine::CommandLine):
-        (CommandLine):
-        (printUsageStatement):
-        (parseArguments):
-        (jscmain):
-        * tests/mozilla/jsDriver.pl:
-        (execute_tests):
-
-2012-06-27  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r121359.
-        http://trac.webkit.org/changeset/121359
-        https://bugs.webkit.org/show_bug.cgi?id=90115
-
-        Broke many inspector tests (Requested by jpfau on #webkit).
-
-        * interpreter/Interpreter.h:
-        (JSC::StackFrame::toString):
-
-2012-06-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Javascript SHA-512 gives wrong hash on second and subsequent runs unless Web Inspector Javascript Debugging is on
-        https://bugs.webkit.org/show_bug.cgi?id=90053
-        <rdar://problem/11764613>
-
-        Reviewed by Mark Hahnenberg.
-        
-        The problem is that the code was assuming that the recovery should be Undefined if the source of
-        the SetLocal was !shouldGenerate(). But that's wrong, since the DFG optimizer may skip around a
-        UInt32ToNumber node (hence making it !shouldGenerate()) and keep the source of that node alive.
-        In that case we should base the recovery on the source of the UInt32ToNumber. The logic for this
-        was already in place but the fast check for !shouldGenerate() broke it.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-
-2012-06-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG disassembly should be easier to read
-        https://bugs.webkit.org/show_bug.cgi?id=90106
-
-        Reviewed by Mark Hahnenberg.
-        
-        Did a few things:
-        
-        - Options::showDFGDisassembly now shows OSR exit disassembly as well.
-        
-        - Phi node dumping doesn't attempt to do line wrapping since it just made the dump harder
-          to read.
-        
-        - DFG graph disassembly view shows a few additional node types that turn out to be
-          essential for understanding OSR exits.
-        
-        Put together, these changes reinforce the philosophy that anything needed for computing
-        OSR exit is just as important as the machine code itself. Of course, we still don't take
-        that philosophy to its full extreme - for example Phantom nodes are not dumped. We may
-        revisit that in the future.
-
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::finalizeCodeWithDisassembly):
-        * assembler/LinkBuffer.h:
-        (JSC):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dump):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dumpBlockHeader):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::willHaveCodeGenOrOSR):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2012-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSLock should be per-JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=89123
-
-        Reviewed by Geoffrey Garen.
-
-        * API/APIShims.h:
-        (APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
-        determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
-        HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
-        JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
-        its destruction has begun. 
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APIEntryShim::APIEntryShim):
-        (APIEntryShim):
-        (JSC::APIEntryShim::~APIEntryShim):
-        (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
-        Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
-        and before we've released it, which can only done in APIEntryShim.
-        (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRelease):
-        (JSContextCreateBacktrace):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        * heap/Heap.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::collect):
-        (JSC::Heap::setActivityCallback):
-        (JSC::Heap::activityCallback):
-        (JSC::Heap::sweeper):
-        * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
-        are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
-        and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
-        prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
-        (Heap):
-        * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::invalidate):
-        (JSC):
-        (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
-        that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
-        HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
-        (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
-        out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
-        but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
-        we were interrupted between releasing our mutex and trying to grab the APILock.
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
-        all of that for us. 
-        (JSC::IncrementalSweeper::create):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::reap):
-        * jsc.cpp:
-        (functionGC):
-        (functionReleaseExecutableMemory):
-        (jscmain):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/GCActivityCallback.h:
-        (DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
-        that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
-        it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
-        APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
-        (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
-        (JSC::JSGlobalData::sharedInstanceInternal):
-        * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
-        de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
-        (JSGlobalData):
-        (JSC::JSGlobalData::apiLock):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::init):
-        * runtime/JSLock.cpp:
-        (JSC):
-        (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
-        (JSC::GlobalJSLock::~GlobalJSLock):
-        (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
-        it can successfully unlock it later without it disappearing from underneath it.
-        (JSC::JSLockHolder::~JSLockHolder):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::~JSLock):
-        (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
-        actually waiting for long periods. 
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::currentThreadIsHoldingLock):
-        (JSC::JSLock::dropAllLocks):
-        (JSC::JSLock::dropAllLocksUnconditionally):
-        (JSC::JSLock::grabAllLocks):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-        * runtime/JSLock.h:
-        (JSC):
-        (GlobalJSLock):
-        (JSLockHolder):
-        (JSLock):
-        (DropAllLocks):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::set):
-        * testRegExp.cpp:
-        (realMain):
-
-2012-06-27  Filip Pizlo  <fpizlo@apple.com>
-
-        x86 disassembler confuses immediates with addresses
-        https://bugs.webkit.org/show_bug.cgi?id=90099
-
-        Reviewed by Mark Hahnenberg.
-        
-        Prepend "$" to immediates to disambiguate between immediates and addresses. This is in
-        accordance with the gas and AT&T syntax.
-
-        * disassembler/udis86/udis86_syn-att.c:
-        (gen_operand):
-
-2012-06-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Add a comment clarifying Options::showDisassembly versus Options::showDFGDisassembly.
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/Options.cpp:
-        (JSC::Options::initializeOptions):
-
-2012-06-27  Anthony Scian  <ascian@rim.com>
-
-        Web Inspector [JSC]: Implement ScriptCallStack::stackTrace
-        https://bugs.webkit.org/show_bug.cgi?id=40118
-
-        Reviewed by Yong Li.
-
-        Added member functions to expose function name, urlString, and line #.
-        Refactored toString to make use of these member functions to reduce
-        duplicated code for future maintenance.
-
-        Manually tested refactoring of toString by tracing thrown exceptions.
-
-        * interpreter/Interpreter.h:
-        (StackFrame):
-        (JSC::StackFrame::toString):
-        (JSC::StackFrame::friendlySourceURL):
-        (JSC::StackFrame::friendlyFunctionName):
-        (JSC::StackFrame::friendlyLineNumber):
-
-2012-06-27  Oswald Buddenhagen  <oswald.buddenhagen@nokia.com>
-
-        [Qt] Remove redundant c++11 warning suppression code
-
-        This is already handled in default_post.
-
-        Reviewed by Tor Arne Vestbø.
-
-        * Target.pri:
-
-2012-06-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
-
-        [Qt] Add missing heades to HEADERS
-
-        For JavaScriptCore there aren't any Qt specific files, so we include all
-        headers for easy editing in Qt Creator.
-
-        Reviewed by Simon Hausmann.
-
-        * Target.pri:
-
-2012-06-26  Dominic Cooney  <dominicc@chromium.org>
-
-        [Chromium] Remove unused build scripts and empty folders for JavaScriptCore w/ gyp
-        https://bugs.webkit.org/show_bug.cgi?id=90029
-
-        Reviewed by Adam Barth.
-
-        * gyp: Removed.
-        * gyp/generate-derived-sources.sh: Removed.
-        * gyp/generate-dtrace-header.sh: Removed.
-        * gyp/run-if-exists.sh: Removed.
-        * gyp/update-info-plist.sh: Removed.
-
-2012-06-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Reduced (but did not eliminate) use of "berzerker GC"
-        https://bugs.webkit.org/show_bug.cgi?id=89237
-
-        Reviewed by Gavin Barraclough.
-
-        (PART 2)
-
-        This part turns off "berzerker GC" and turns on incremental shrinking.
-
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doSweep): Free or shrink after sweeping to
-        maintain the behavior we used to get from the occasional berzerker GC,
-        which would run all finalizers and then free or shrink all blocks
-        synchronously.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::needsSweeping): Sweep zapped blocks, too. It's always
-        safe to sweep a zapped block (that's the point of zapping), and it's
-        sometimes profitable. For example, consider this case: Block A does some
-        allocation (transitioning Block A from Marked to FreeListed), then GC
-        happens (transitioning Block A to Zapped), then all objects in Block A
-        are free, then the incremental sweeper visits Block A. If we skipped
-        Zapped blocks, we'd skip Block A, even though it would be profitable to
-        run its destructors and free its memory.
-
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::doWork): Don't sweep eagerly; we'll do
-        this incrementally.
-
-2012-06-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG PutByValAlias is too aggressive
-        https://bugs.webkit.org/show_bug.cgi?id=90026
-        <rdar://problem/11751830>
-
-        Reviewed by Gavin Barraclough.
-        
-        For CSE on normal arrays, we now treat PutByVal as impure. This does not appear to affect
-        performance by much.
-        
-        For CSE on typed arrays, we fix PutByValAlias by making GetByVal speculate that the access
-        is within bounds. This also has the effect of making our out-of-bounds handling consistent
-        with WebCore.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        (JSC::DFG::Graph::clobbersWorld):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-
-2012-06-26  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Add JSC statistics into about:memory
-        https://bugs.webkit.org/show_bug.cgi?id=89779
-
-        Reviewed by Rob Buis.
-
-        Fix non-JIT build on BlackBerry broken by r121196.
-
-        * runtime/MemoryStatistics.cpp:
-        (JSC::globalMemoryStatistics):
-
-2012-06-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::operationNewArray is unnecessarily slow, and may use the wrong array
-        prototype when inlined
-        https://bugs.webkit.org/show_bug.cgi?id=89821
-
-        Reviewed by Geoffrey Garen.
-        
-        Fixes all array allocations to use the right structure, and hence the right prototype. Adds
-        inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
-        empty arrays.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSArray.h:
-        (JSC):
-        (JSC::constructArray):
-        * runtime/JSGlobalObject.h:
-        (JSC):
-        (JSC::constructArray):
-
-2012-06-26  Filip Pizlo  <fpizlo@apple.com>
-
-        New fast/js/dfg-store-unexpected-value-into-argument-and-osr-exit.html fails on 32 bit
-        https://bugs.webkit.org/show_bug.cgi?id=89953
-
-        Reviewed by Zoltan Herczeg.
-        
-        DFG 32-bit JIT was confused about the difference between a predicted type and a
-        proven type. This is easy to get confused about, since a local that is predicted int32
-        almost always means that the local must be an int32 since speculations are hoisted to
-        stores to locals. But that is less likely to be the case for arguments, where there is
-        an additional least-upper-bounding step: any store to an argument with a weird type
-        may force the argument to be any type.
-        
-        This patch basically duplicates the functionality in DFGSpeculativeJIT64.cpp for
-        GetLocal: the decision of whether to load a local as an int32 (or as an array, or as
-        a boolean) is made based on the AbstractValue::m_type, which is a type proof, rather
-        than the VariableAccessData::prediction(), which is a predicted type.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-06-25  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should try to make profiling deterministic because otherwise reproducing failures is
-        nearly impossible
-        https://bugs.webkit.org/show_bug.cgi?id=89940
-
-        Rubber stamped by Gavin Barraclough.
-        
-        This rolls out the part of http://trac.webkit.org/changeset/121215 that introduced randomness
-        into the system. Now, instead of randomizing the tier-up threshold, we always set it to an
-        artificially low (and statically predetermined!) value. This gives most of the benefit of
-        threshold randomization without actually making the system behave completely differently on
-        each invocation.
-
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::setThreshold):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-
-2012-06-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Value profiling should use tier-up threshold randomization to get more coverage
-        https://bugs.webkit.org/show_bug.cgi?id=89802
-
-        Reviewed by Gavin Barraclough.
-        
-        This patch causes both LLInt and Baseline JIT code to take the OSR slow path several
-        times before actually doing OSR. If we take the OSR slow path before the execution
-        count threshold is reached, then we just call CodeBlock::updateAllPredictions() to
-        compute the current latest least-upper-bound SpecType of all values seen in each
-        ValueProfile.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
-        (JSC):
-        (JSC::CodeBlock::updateAllPredictions):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::llintExecuteCounter):
-        (JSC::CodeBlock::jitExecuteCounter):
-        (CodeBlock):
-        (JSC::CodeBlock::updateAllPredictions):
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::setThreshold):
-        (JSC::ExecutionCounter::status):
-        (JSC):
-        * bytecode/ExecutionCounter.h:
-        (JSC::ExecutionCounter::count):
-        (ExecutionCounter):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        (JSC::LLInt::entryOSR):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::weakRandomInteger):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-        * runtime/WeakRandom.h:
-        (WeakRandom):
-        (JSC::WeakRandom::seedUnsafe):
-
-2012-06-25  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Add JSC statistics into about:memory
-        https://bugs.webkit.org/show_bug.cgi?id=89779
-
-        Reviewed by Rob Buis.
-
-        Add MemoryStatistics.cpp into build, and fill JITBytes for BlackBerry port.
-
-        * PlatformBlackBerry.cmake:
-        * runtime/MemoryStatistics.cpp:
-        (JSC::globalMemoryStatistics):
-
-2012-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r121058.
-        http://trac.webkit.org/changeset/121058
-        https://bugs.webkit.org/show_bug.cgi?id=89809
-
-        Patch causes plugins tests to crash in GTK debug builds
-        (Requested by zdobersek on #webkit).
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (APIEntryShimWithoutLock):
-        (JSC::APIEntryShim::APIEntryShim):
-        (APIEntryShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRelease):
-        (JSContextCreateBacktrace):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        * heap/Heap.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::collect):
-        (JSC::Heap::setActivityCallback):
-        (JSC::Heap::activityCallback):
-        (JSC::Heap::sweeper):
-        * heap/Heap.h:
-        (Heap):
-        * heap/HeapTimer.cpp:
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::invalidate):
-        (JSC::HeapTimer::timerDidFire):
-        (JSC):
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doWork):
-        (JSC::IncrementalSweeper::create):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::reap):
-        * jsc.cpp:
-        (functionGC):
-        (functionReleaseExecutableMemory):
-        (jscmain):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/GCActivityCallback.h:
-        (DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        (JSC::JSGlobalData::sharedInstance):
-        (JSC::JSGlobalData::sharedInstanceInternal):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::init):
-        * runtime/JSLock.cpp:
-        (JSC):
-        (JSC::createJSLockCount):
-        (JSC::JSLock::lockCount):
-        (JSC::setLockCount):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::lock):
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::currentThreadIsHoldingLock):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-        * runtime/JSLock.h:
-        (JSC):
-        (JSLock):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::~JSLock):
-        (DropAllLocks):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::set):
-        * testRegExp.cpp:
-        (realMain):
-
-2012-06-22  Alexandru Chiculita  <achicu@adobe.com>
-
-        [CSS Shaders] Re-enable the CSS Shaders compile time flag on Safari Mac
-        https://bugs.webkit.org/show_bug.cgi?id=89781
-
-        Reviewed by Dean Jackson.
-
-        Added ENABLE_CSS_SHADERS flag as enabled by default on Safari for Mac.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-06-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG tier-up should happen in prologues, not epilogues
-        https://bugs.webkit.org/show_bug.cgi?id=89752
-
-        Reviewed by Geoffrey Garen.
-
-        This change has two outcomes:
-        
-        1) Slightly reduces the likelihood that a function will be optimized both
-        standalone and via inlining.  Previously, if you had a call sequence like foo() 
-        calls bar() exactly once, and nobody else calls bar(), then bar() would get
-        optimized first (because it returns first) and then foo() gets optimized.  If foo()
-        can inline bar() then that means that bar() gets optimized twice.  But now, if we
-        optimize in prologues, then foo() will be optimized first.  If it inlines bar(),
-        that means that there will no longer be any calls to bar().
-        
-        2) It lets us kill some code in JITStubs.  Epilogue tier-up was very different from
-        loop tier-up, since epilogue tier-up should not attempt OSR.  But prologue tier-up
-        requires OSR (albeit really easy OSR since it's the top of the compilation unit),
-        so it becomes just like loop tier-up.  As a result, we now have one optimization
-        hook (cti_optimize) instead of two (cti_optimize_from_loop and
-        cti_optimize_from_ret).
-        
-        As a consequence of not having an optimization check in epilogues, the OSR exit
-        code must now trigger reoptimization itself instead of just signaling the epilogue
-        check to fire.
-        
-        This also adds the ability to count the number of DFG compilations, which was
-        useful for debugging this patch and might be useful for other things in the future.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::reoptimize):
-        (JSC):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGDriver.cpp:
-        (DFG):
-        (JSC::DFG::getNumCompilations):
-        (JSC::DFG::compile):
-        * dfg/DFGDriver.h:
-        (DFG):
-        * dfg/DFGOSRExitCompiler.cpp:
-        (JSC::DFG::OSRExitCompiler::handleExitCounts):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        * jit/JIT.h:
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::emit_op_enter):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_enter):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-
-2012-06-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSLock should be per-JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=89123
-
-        Reviewed by Gavin Barraclough.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * API/APIShims.h:
-        (APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
-        determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
-        HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
-        JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
-        its destruction has begun. 
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock): Now derefs if it also refed.
-        (JSC::APIEntryShim::APIEntryShim):
-        (APIEntryShim):
-        (JSC::APIEntryShim::~APIEntryShim):
-        (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
-        Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
-        and before we've released it, which can only done in APIEntryShim.
-        (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRelease):
-        (JSContextCreateBacktrace):
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        * heap/Heap.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::collect):
-        (JSC::Heap::setActivityCallback):
-        (JSC::Heap::activityCallback):
-        (JSC::Heap::sweeper):
-        * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
-        are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
-        and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
-        prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
-        (Heap):
-        * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::invalidate):
-        (JSC):
-        (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
-        that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
-        HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
-        (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
-        out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
-        but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
-        we were interrupted between releasing our mutex and trying to grab the APILock.
-        * heap/HeapTimer.h: 
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
-        all of that for us. 
-        (JSC::IncrementalSweeper::create):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::reap):
-        * jsc.cpp:
-        (functionGC):
-        (functionReleaseExecutableMemory):
-        (jscmain):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/GCActivityCallback.h:
-        (DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
-        that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
-        it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
-        APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
-        (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
-        (JSC::JSGlobalData::sharedInstanceInternal):
-        * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
-        de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
-        (JSGlobalData):
-        (JSC::JSGlobalData::apiLock):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::init):
-        * runtime/JSLock.cpp:
-        (JSC):
-        (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
-        (JSC::GlobalJSLock::~GlobalJSLock):
-        (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
-        it can successfully unlock it later without it disappearing from underneath it.
-        (JSC::JSLockHolder::~JSLockHolder):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::~JSLock):
-        (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
-        actually waiting for long periods. 
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::currentThreadIsHoldingLock): 
-        (JSC::JSLock::dropAllLocks):
-        (JSC::JSLock::dropAllLocksUnconditionally):
-        (JSC::JSLock::grabAllLocks):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-        * runtime/JSLock.h:
-        (JSC):
-        (GlobalJSLock):
-        (JSLockHolder):
-        (JSLock):
-        (DropAllLocks):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::set):
-        * testRegExp.cpp:
-        (realMain):
-
-2012-06-22  Peter Beverloo  <peter@chromium.org>
-
-        [Chromium] Disable c++0x compatibility warnings in JavaScriptCore.gyp when building for Android
-        https://bugs.webkit.org/show_bug.cgi?id=88853
-
-        Reviewed by Steve Block.
-
-        The Android exclusions were necessary to fix a gyp generation error, as
-        the gcc_version variable wasn't being defined for Android. Remove these
-        exceptions when Chromium is able to define the gcc_version variable.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2012-06-21  Filip Pizlo  <fpizlo@apple.com>
-
-        op_resolve_global should not prevent DFG inlining
-        https://bugs.webkit.org/show_bug.cgi?id=89726
-
-        Reviewed by Gavin Barraclough.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/GlobalResolveInfo.h:
-        (JSC::GlobalResolveInfo::GlobalResolveInfo):
-        (GlobalResolveInfo):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-06-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline 'new Array()'
-        https://bugs.webkit.org/show_bug.cgi?id=89632
-
-        Reviewed by Geoffrey Garen.
-        
-        This adds support for treating InternalFunction like intrinsics. The code
-        to do so is actually quite clean, so I don't feel bad about perpetuating
-        the InternalFunction vs. JSFunction-with-NativeExecutable dichotomy.
-        
-        Currently this newfound power is only used to inline 'new Array()'.
-        
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
-        (DFG):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::isInternalFunctionConstant):
-        (JSC::DFG::Graph::valueOfInternalFunctionConstant):
-
-2012-06-21  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Adding copyrights to new files.
-
-        * heap/HeapTimer.cpp:
-        * heap/HeapTimer.h:
-        * heap/IncrementalSweeper.cpp:
-        * heap/IncrementalSweeper.h:
-
-2012-06-21  Arnaud Renevier  <arno@renevier.net>
-
-        make sure headers are included only once per file
-        https://bugs.webkit.org/show_bug.cgi?id=88922
-
-        Reviewed by Alexey Proskuryakov.
-
-        * bytecode/CodeBlock.h:
-        * heap/MachineStackMarker.cpp:
-        * runtime/JSVariableObject.h:
-
-2012-06-21  Ryuan Choi  <ryuan.choi@gmail.com>
-
-        [EFL][WK2] Make WebKit2/Efl headers and resources installable.
-        https://bugs.webkit.org/show_bug.cgi?id=88207
-
-        Reviewed by Chang Shu.
-
-        * shell/CMakeLists.txt: Use ${EXEC_INSTALL_DIR} instead of hardcoding "bin"
-
-2012-06-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Reduced (but did not eliminate) use of "berzerker GC"
-        https://bugs.webkit.org/show_bug.cgi?id=89237
-
-        Reviewed by Gavin Barraclough.
-
-        (PART 1)
-
-        This patch turned out to be crashy, so I'm landing the non-crashy bits
-        first.
-
-        This part is pre-requisite refactoring. I didn't actually turn off
-        "berzerker GC" or turn on incremental shrinking.
-
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::removeBlock): Make sure to clear the free list when
-        we throw away the block we're currently allocating out of. Otherwise, we'll
-        allocate out of a stale free list.
-
-        * heap/MarkedSpace.cpp:
-        (JSC::Free::Free):
-        (JSC::Free::operator()):
-        (JSC::Free::returnValue): Refactored this functor to use a shared helper
-        function, so we can share our implementation with the incremental sweeper.
-
-        Also changed to freeing individual blocks immediately instead of linking
-        them into a list for later freeing. This makes the programming interface
-        simpler, and it's slightly more efficient to boot.
-
-        (JSC::MarkedSpace::~MarkedSpace): Updated for rename.
-
-        (JSC::MarkedSpace::freeBlock):
-        (JSC::MarkedSpace::freeOrShrinkBlock): New helper functions to share behavior
-        with the incremental sweeper.
-
-        (JSC::MarkedSpace::shrink): Updated for new functor behavior.
-
-        * heap/MarkedSpace.h: Statically typed languages are awesome.
-
-2012-06-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize ResolveGlobal
-        https://bugs.webkit.org/show_bug.cgi?id=89617
-
-        Reviewed by Oliver Hunt.
-        
-        This adds inlining of ResolveGlobal accesses that are known monomorphic. It also
-        adds the specific function optimization to ResolveGlobal, when it is inlined. And,
-        it makes internal functions act like specific functions, since that will be the
-        most common use-case of this optimization.
-        
-        This is only a slighy speed-up (sub 1%), since we don't yet do the obvious thing
-        with this optimization, which is to completely inline common "globally resolved"
-        function and constructor calls, like "new Array()".
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::globalResolveInfoForBytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::numberOfGlobalResolveInfos):
-        * bytecode/GlobalResolveInfo.h:
-        (JSC::getGlobalResolveInfoBytecodeOffset):
-        (JSC):
-        * bytecode/ResolveGlobalStatus.cpp: Added.
-        (JSC):
-        (JSC::computeForStructure):
-        (JSC::computeForLLInt):
-        (JSC::ResolveGlobalStatus::computeFor):
-        * bytecode/ResolveGlobalStatus.h: Added.
-        (JSC):
-        (ResolveGlobalStatus):
-        (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
-        (JSC::ResolveGlobalStatus::state):
-        (JSC::ResolveGlobalStatus::isSet):
-        (JSC::ResolveGlobalStatus::operator!):
-        (JSC::ResolveGlobalStatus::isSimple):
-        (JSC::ResolveGlobalStatus::takesSlowPath):
-        (JSC::ResolveGlobalStatus::structure):
-        (JSC::ResolveGlobalStatus::offset):
-        (JSC::ResolveGlobalStatus::specificValue):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * runtime/JSObject.cpp:
-        (JSC::getCallableObjectSlow):
-        (JSC):
-        (JSC::JSObject::put):
-        (JSC::JSObject::putDirectVirtual):
-        (JSC::JSObject::putDirectAccessor):
-        * runtime/JSObject.h:
-        (JSC):
-        (JSC::getCallableObject):
-        (JSC::JSObject::putOwnDataProperty):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectWithoutTransition):
-
-2012-06-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Functions on global objects should be specializable
-        https://bugs.webkit.org/show_bug.cgi?id=89615
-
-        Reviewed by Oliver Hunt.
-        
-        I tested to see if this brought back the bug in https://bugs.webkit.org/show_bug.cgi?id=33343,
-        and it didn't. Bug 33343 was the reason why we disabled global object function specialization
-        to begin with. So I'm guessing this is safe.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::init):
-
-2012-06-20  Filip Pizlo  <fpizlo@apple.com>
-
-        build-webkit failure due to illegal 32-bit integer constants in code
-        generated by offlineasm
-        https://bugs.webkit.org/show_bug.cgi?id=89347
-
-        Reviewed by Geoffrey Garen.
-        
-        The offending constants are the magic numbers used by offlineasm to find
-        offsets in the generated machine code. Added code to turn them into what
-        the C++ compiler will believe to be valid 32-bit values.
-
-        * offlineasm/offsets.rb:
-
-2012-06-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Made the incremental sweeper more aggressive
-        https://bugs.webkit.org/show_bug.cgi?id=89527
-
-        Reviewed by Oliver Hunt.
-
-        This is a pre-requisite to getting rid of "berzerker GC" because we need
-        the sweeper to reclaim memory in a timely fashion, or we'll see a memory
-        footprint regression.
-
-        * heap/IncrementalSweeper.h:
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::scheduleTimer): Since the time slice is predictable,
-        no need to use a data member to record it.
-
-        (JSC::IncrementalSweeper::doSweep): Sweep as many blocks as we can in a
-        small time slice. This is better than sweeping only one block per timer
-        fire because that strategy has a heavy timer overhead, and artificially
-        delays memory reclamation.
-
-2012-06-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to print disassembly interleaved with the IR
-        https://bugs.webkit.org/show_bug.cgi?id=89551
-
-        Reviewed by Geoffrey Garen.
-        
-        This change also removes running Dominators unconditionally on every DFG
-        compile. Dominators are designed to be computed on-demand, and currently
-        the only demand is graph dumps.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::labelIgnoringWatchpoints):
-        (ARMv7Assembler):
-        * assembler/AbstractMacroAssembler.h:
-        (AbstractMacroAssembler):
-        (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::labelIgnoringWatchpoints):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::shouldShowDisassembly):
-        (DFG):
-        * dfg/DFGDisassembler.cpp: Added.
-        (DFG):
-        (JSC::DFG::Disassembler::Disassembler):
-        (JSC::DFG::Disassembler::dump):
-        (JSC::DFG::Disassembler::dumpDisassembly):
-        * dfg/DFGDisassembler.h: Added.
-        (DFG):
-        (Disassembler):
-        (JSC::DFG::Disassembler::setStartOfCode):
-        (JSC::DFG::Disassembler::setForBlock):
-        (JSC::DFG::Disassembler::setForNode):
-        (JSC::DFG::Disassembler::setEndOfMainPath):
-        (JSC::DFG::Disassembler::setEndOfCode):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::amountOfNodeWhiteSpace):
-        (DFG):
-        (JSC::DFG::Graph::printNodeWhiteSpace):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::dumpBlockHeader):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::JITCompiler):
-        (DFG):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JITCompiler):
-        (JSC::DFG::JITCompiler::setStartOfCode):
-        (JSC::DFG::JITCompiler::setForBlock):
-        (JSC::DFG::JITCompiler::setForNode):
-        (JSC::DFG::JITCompiler::setEndOfMainPath):
-        (JSC::DFG::JITCompiler::setEndOfCode):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::willHaveCodeGen):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-
-2012-06-19  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should be able to show disassembly for all generated JIT code
-        https://bugs.webkit.org/show_bug.cgi?id=89536
-
-        Reviewed by Gavin Barraclough.
-        
-        Now instead of doing linkBuffer.finalizeCode(), you do
-        FINALIZE_CODE(linkBuffer, (... explanation ...)). FINALIZE_CODE() then
-        prints your explanation and the disassembled code, if
-        Options::showDisassembly is set to true.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/LinkBuffer.cpp: Added.
-        (JSC):
-        (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
-        (JSC::LinkBuffer::finalizeCodeWithDisassembly):
-        (JSC::LinkBuffer::linkCode):
-        (JSC::LinkBuffer::performFinalization):
-        (JSC::LinkBuffer::dumpLinkStatistics):
-        (JSC::LinkBuffer::dumpCode):
-        * assembler/LinkBuffer.h:
-        (LinkBuffer):
-        (JSC):
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodeRef::tryToDisassemble):
-        (MacroAssemblerCodeRef):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-        * disassembler/Disassembler.h:
-        (JSC):
-        (JSC::tryToDisassemble):
-        * disassembler/UDis86Disassembler.cpp:
-        (JSC::tryToDisassemble):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITCode.h:
-        (JSC::JITCode::tryToDisassemble):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        (JSC::powThunkGenerator):
-        * llint/LLIntThunks.cpp:
-        (JSC::LLInt::generateThunkWithJumpTo):
-        (JSC::LLInt::functionForCallEntryThunkGenerator):
-        (JSC::LLInt::functionForConstructEntryThunkGenerator):
-        (JSC::LLInt::functionForCallArityCheckThunkGenerator):
-        (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
-        (JSC::LLInt::evalEntryThunkGenerator):
-        (JSC::LLInt::programEntryThunkGenerator):
-        * runtime/Options.cpp:
-        (Options):
-        (JSC::Options::initializeOptions):
-        * runtime/Options.h:
-        (Options):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::compile):
-
-2012-06-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        [Qt][Mac] REGRESSION(r120742): It broke the build
-        https://bugs.webkit.org/show_bug.cgi?id=89516
-
-        Reviewed by Geoffrey Garen.
-
-        Removing GCActivityCallbackCF.cpp because it doesn't mesh well with cross-platform 
-        code on Darwin (e.g. Qt). We now use plain ol' vanilla ifdefs to handle platforms 
-        without CF support. These if-defs will probably disappear in the future when we 
-        use cross-platform timers in HeapTimer.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/GCActivityCallback.cpp:
-        (JSC):
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::doWork):
-        (JSC::DefaultGCActivityCallback::scheduleTimer):
-        (JSC::DefaultGCActivityCallback::cancelTimer):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        (JSC::DefaultGCActivityCallback::willCollect):
-        (JSC::DefaultGCActivityCallback::cancel):
-        * runtime/GCActivityCallbackCF.cpp: Removed.
-
-2012-06-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA forgets to notify subsequent phases of found constants if it proves LogicalNot to be a constant
-        https://bugs.webkit.org/show_bug.cgi?id=89511
-        <rdar://problem/11700089>
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2012-06-19  Mark Lam  <mark.lam@apple.com>
-
-        CodeBlock::needsCallReturnIndices() is no longer needed.
-        https://bugs.webkit.org/show_bug.cgi?id=89490
-
-        Reviewed by Geoffrey Garen.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::needsCallReturnIndices): removed.
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2012-06-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, try to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-
-2012-06-17  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to look at disassembly
-        https://bugs.webkit.org/show_bug.cgi?id=89319
-
-        Reviewed by Sam Weinig.
-        
-        This imports the udis86 disassembler library. The library is placed
-        behind an abstraction in disassembler/Disassembler.h, so that we can
-        in the future use other disassemblers (for other platforms) whenever
-        appropriate. As a first step, the disassembler is being invoked for
-        DFG verbose dumps.
-        
-        If we ever want to merge a new version of udis86 in the future, I've
-        made notes about changes I made to the library in
-        disassembler/udis86/differences.txt.
-
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.pri:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * disassembler: Added.
-        * disassembler/Disassembler.h: Added.
-        (JSC):
-        (JSC::tryToDisassemble):
-        * disassembler/UDis86Disassembler.cpp: Added.
-        (JSC):
-        (JSC::tryToDisassemble):
-        * disassembler/udis86: Added.
-        * disassembler/udis86/differences.txt: Added.
-        * disassembler/udis86/itab.py: Added.
-        (UdItabGenerator):
-        (UdItabGenerator.__init__):
-        (UdItabGenerator.toGroupId):
-        (UdItabGenerator.genLookupTable):
-        (UdItabGenerator.genLookupTableList):
-        (UdItabGenerator.genInsnTable):
-        (genItabH):
-        (genItabH.UD_ITAB_H):
-        (genItabC):
-        (genItab):
-        (main):
-        * disassembler/udis86/optable.xml: Added.
-        * disassembler/udis86/ud_opcode.py: Added.
-        (UdOpcodeTables):
-        (UdOpcodeTables.sizeOfTable):
-        (UdOpcodeTables.nameOfTable):
-        (UdOpcodeTables.updateTable):
-        (UdOpcodeTables.Insn):
-        (UdOpcodeTables.Insn.__init__):
-        (UdOpcodeTables.Insn.__init__.opcode):
-        (UdOpcodeTables.parse):
-        (UdOpcodeTables.addInsnDef):
-        (UdOpcodeTables.print_table):
-        (UdOpcodeTables.print_tree):
-        * disassembler/udis86/ud_optable.py: Added.
-        (UdOptableXmlParser):
-        (UdOptableXmlParser.parseDef):
-        (UdOptableXmlParser.parse):
-        (printFn):
-        (parse):
-        (main):
-        * disassembler/udis86/udis86.c: Added.
-        (ud_init):
-        (ud_disassemble):
-        (ud_set_mode):
-        (ud_set_vendor):
-        (ud_set_pc):
-        (ud):
-        (ud_insn_asm):
-        (ud_insn_off):
-        (ud_insn_hex):
-        (ud_insn_ptr):
-        (ud_insn_len):
-        * disassembler/udis86/udis86.h: Added.
-        * disassembler/udis86/udis86_decode.c: Added.
-        (eff_adr_mode):
-        (ud_lookup_mnemonic):
-        (decode_prefixes):
-        (modrm):
-        (resolve_operand_size):
-        (resolve_mnemonic):
-        (decode_a):
-        (decode_gpr):
-        (resolve_gpr64):
-        (resolve_gpr32):
-        (resolve_reg):
-        (decode_imm):
-        (decode_modrm_reg):
-        (decode_modrm_rm):
-        (decode_o):
-        (decode_operand):
-        (decode_operands):
-        (clear_insn):
-        (resolve_mode):
-        (gen_hex):
-        (decode_insn):
-        (decode_3dnow):
-        (decode_ssepfx):
-        (decode_ext):
-        (decode_opcode):
-        (ud_decode):
-        * disassembler/udis86/udis86_decode.h: Added.
-        (ud_itab_entry_operand):
-        (ud_itab_entry):
-        (ud_lookup_table_list_entry):
-        (sse_pfx_idx):
-        (mode_idx):
-        (modrm_mod_idx):
-        (vendor_idx):
-        (is_group_ptr):
-        (group_idx):
-        * disassembler/udis86/udis86_extern.h: Added.
-        * disassembler/udis86/udis86_input.c: Added.
-        (inp_buff_hook):
-        (inp_file_hook):
-        (ud):
-        (ud_set_user_opaque_data):
-        (ud_get_user_opaque_data):
-        (ud_set_input_buffer):
-        (ud_set_input_file):
-        (ud_input_skip):
-        (ud_input_end):
-        (ud_inp_next):
-        (ud_inp_back):
-        (ud_inp_peek):
-        (ud_inp_move):
-        (ud_inp_uint8):
-        (ud_inp_uint16):
-        (ud_inp_uint32):
-        (ud_inp_uint64):
-        * disassembler/udis86/udis86_input.h: Added.
-        * disassembler/udis86/udis86_itab_holder.c: Added.
-        * disassembler/udis86/udis86_syn-att.c: Added.
-        (opr_cast):
-        (gen_operand):
-        (ud_translate_att):
-        * disassembler/udis86/udis86_syn-intel.c: Added.
-        (opr_cast):
-        (gen_operand):
-        (ud_translate_intel):
-        * disassembler/udis86/udis86_syn.c: Added.
-        * disassembler/udis86/udis86_syn.h: Added.
-        (mkasm):
-        * disassembler/udis86/udis86_types.h: Added.
-        (ud_operand):
-        (ud):
-        * jit/JITCode.h:
-        (JITCode):
-        (JSC::JITCode::tryToDisassemble):
-
-2012-06-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        GCActivityCallback and IncrementalSweeper should share code
-        https://bugs.webkit.org/show_bug.cgi?id=89400
-
-        Reviewed by Geoffrey Garen.
-
-        A lot of functionality is duplicated between GCActivityCallback and IncrementalSweeper. 
-        We should extract the common functionality out into a separate class that both of them 
-        can inherit from. This refactoring will be an even greater boon when we add the ability 
-        to shut these two agents down in a thread-safe fashion
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap): Move initialization down so that the JSGlobalData has a valid Heap when 
-        we're initializing the GCActivityCallback and the IncrementalSweeper.
-        * heap/Heap.h:
-        (Heap):
-        * heap/HeapTimer.cpp: Added.
-        (JSC):
-        (JSC::HeapTimer::HeapTimer): Initialize the various base class data that
-        DefaultGCActivityCallback::commonConstructor() used to do.
-        (JSC::HeapTimer::~HeapTimer): Call to invalidate().
-        (JSC::HeapTimer::synchronize): Same functionality as the old DefaultGCActivityCallback::synchronize().
-        Virtual so that non-CF subclasses can override.
-        (JSC::HeapTimer::invalidate): Tears down the runloop timer to prevent any future firing.
-        (JSC::HeapTimer::timerDidFire): Callback to pass to the timer function. Casts and calls the virtual doWork().
-        * heap/HeapTimer.h: Added. This is the class that serves as the common base class for 
-        both GCActivityCallback and IncrementalSweeper. It handles setting up and tearing down run loops and synchronizing 
-        across threads for its subclasses. 
-        (JSC):
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp: Changes to accomodate the extraction of common functionality 
-        between IncrementalSweeper and GCActivityCallback into a common ancestor.
-        (JSC):
-        (JSC::IncrementalSweeper::doWork): 
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::cancelTimer):
-        (JSC::IncrementalSweeper::create):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::doWork):
-        * runtime/GCActivityCallback.h:
-        (GCActivityCallback):
-        (JSC::GCActivityCallback::willCollect):
-        (JSC::GCActivityCallback::GCActivityCallback):
-        (JSC):
-        (DefaultGCActivityCallback): Remove the platform data struct. The platform data should be kept in 
-        the class itself so as to be accessible by doWork(). Most of the platform data for CF is kept in 
-        HeapTimer anyways, so we only need the m_delay field now.
-        * runtime/GCActivityCallbackBlackBerry.cpp:
-        (JSC):
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::doWork):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC):
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::doWork):
-        (JSC::DefaultGCActivityCallback::scheduleTimer):
-        (JSC::DefaultGCActivityCallback::cancelTimer):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        (JSC::DefaultGCActivityCallback::willCollect):
-        (JSC::DefaultGCActivityCallback::cancel):
-
-
-2012-06-19  Mike West  <mkwst@chromium.org>
-
-        Introduce ENABLE_CSP_NEXT configuration flag.
-        https://bugs.webkit.org/show_bug.cgi?id=89300
-
-        Reviewed by Adam Barth.
-
-        The 1.0 draft of the Content Security Policy spec is just about to
-        move to Last Call. We'll hide work on the upcoming 1.1 spec behind
-        this ENABLE flag, disabled by default.
-
-        Spec: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-06-18  Mark Lam  <mark.lam@apple.com>
-
-        Changed JSC to always record line number information so that error.stack
-        and window.onerror() can report proper line numbers.
-        https://bugs.webkit.org/show_bug.cgi?id=89410
-
-        Reviewed by Geoffrey Garen.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::shrinkToFit): m_lineInfo is now available unconditionally.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addLineInfo):
-        (JSC::CodeBlock::hasLineInfo): Unused.  Now removed.
-        (JSC::CodeBlock::needsCallReturnIndices):
-        (CodeBlock):
-        (RareData):  Hoisted m_lineInfo out of m_rareData.  m_lineInfo is now
-        filled in unconditionally.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::addLineInfo):
-
-2012-06-18  Andy Estes  <aestes@apple.com>
-
-        Fix r120663, which didn't land the change that was reviewed.
-
-2012-06-18  Andy Estes  <aestes@apple.com>
-
-        [JSC] In JSGlobalData.cpp, enableAssembler() sometimes leaks two CF objects
-        https://bugs.webkit.org/show_bug.cgi?id=89415
-
-        Reviewed by Sam Weinig.
-
-        In the case where canUseJIT was a non-NULL CFBooleanRef,
-        enableAssembler() would leak both canUseJITKey and canUseJIT by
-        returning before calling CFRelease. Fix this by using RetainPtr.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::enableAssembler):
-
-2012-06-17  Geoffrey Garen  <ggaren@apple.com>
-
-        GC copy phase spends needless cycles zero-filling blocks
-        https://bugs.webkit.org/show_bug.cgi?id=89128
-
-        Reviewed by Gavin Barraclough.
-
-        We only need to zero-fill when we're allocating memory that might not
-        get fully initialized before GC.
-
-        * heap/CopiedBlock.h:
-        (JSC::CopiedBlock::createNoZeroFill):
-        (JSC::CopiedBlock::create): Added a way to create without zero-filling.
-        This is our optimization.
-
-        (JSC::CopiedBlock::zeroFillToEnd):
-        (JSC::CopiedBlock::CopiedBlock): Split zero-filling out from creation,
-        so we can sometimes create without zero-filling.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::init):
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        (JSC::CopiedSpace::doneCopying): Renamed addNewBlock to allocateBlock()
-        to clarify that the new block is always newly-allocated.
-
-        (JSC::CopiedSpace::doneFillingBlock): Make sure to zero-fill to the end
-        of a block that might be used in the future for allocation. (Most of the
-        time, this is a no-op, since we've already filled the block completely.)
-
-        (JSC::CopiedSpace::getFreshBlock): Removed this function because the
-        abstraction of "allocation must succeed" is no longer useful.
-
-        * heap/CopiedSpace.h: Updated declarations to match.
-
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::allocateBlockForCopyingPhase): New function, which
-        knows that it can skip zero-filling.
-
-        Added tighter scoping to our lock, to improve parallelism.
-
-        (JSC::CopiedSpace::allocateBlock): Folded getFreshBlock functionality
-        into this function, for simplicity.
-
-        * heap/MarkStack.cpp:
-        (JSC::SlotVisitor::startCopying):
-        (JSC::SlotVisitor::allocateNewSpace): Use our new zero-fill-free helper
-        function for great good.
-
-2012-06-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should attempt to use structure watchpoints for all inlined get_by_id's and put_by_id's
-        https://bugs.webkit.org/show_bug.cgi?id=89316
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2012-06-15  Yong Li  <yoli@rim.com>
-
-        [BlackBerry] Put platform-specific GC policy in GCActivityCallback
-        https://bugs.webkit.org/show_bug.cgi?id=89236
-
-        Reviewed by Rob Buis.
-
-        Add GCActivityCallbackBlackBerry.cpp and implement platform-specific
-        low memory GC policy there.
-
-        * PlatformBlackBerry.cmake:
-        * heap/Heap.h:
-        (JSC::Heap::isSafeToCollect): Added.
-        * runtime/GCActivityCallbackBlackBerry.cpp: Added.
-        (JSC):
-        (JSC::DefaultGCActivityCallbackPlatformData::DefaultGCActivityCallbackPlatformData):
-        (DefaultGCActivityCallbackPlatformData):
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        (JSC::DefaultGCActivityCallback::willCollect):
-        (JSC::DefaultGCActivityCallback::synchronize):
-        (JSC::DefaultGCActivityCallback::cancel):
-
-2012-06-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to set watchpoints on structure transitions in the
-        method check prototype chain
-        https://bugs.webkit.org/show_bug.cgi?id=89058
-
-        Adding the same assertion to 32-bit that I added to 64-bit. This change
-        does not affect correctness but it's a good thing for assertion coverage.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-06-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to set watchpoints on structure transitions in the
-        method check prototype chain
-        https://bugs.webkit.org/show_bug.cgi?id=89058
-
-        Reviewed by Gavin Barraclough.
-        
-        This adds the ability to set watchpoints on Structures, and then does
-        the most modest thing we can do with this ability: the DFG now sets
-        watchpoints on structure transitions in the prototype chain of method
-        checks.
-        
-        This appears to be a >1% speed-up on V8.
-
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFromLLInt):
-        (JSC::PutByIdStatus::computeFor):
-        * bytecode/StructureSet.h:
-        (JSC::StructureSet::containsOnly):
-        (StructureSet):
-        * bytecode/Watchpoint.cpp:
-        (JSC::WatchpointSet::WatchpointSet):
-        (JSC::InlineWatchpointSet::add):
-        (JSC):
-        (JSC::InlineWatchpointSet::inflateSlow):
-        (JSC::InlineWatchpointSet::freeFat):
-        * bytecode/Watchpoint.h:
-        (WatchpointSet):
-        (JSC):
-        (InlineWatchpointSet):
-        (JSC::InlineWatchpointSet::InlineWatchpointSet):
-        (JSC::InlineWatchpointSet::~InlineWatchpointSet):
-        (JSC::InlineWatchpointSet::hasBeenInvalidated):
-        (JSC::InlineWatchpointSet::isStillValid):
-        (JSC::InlineWatchpointSet::startWatching):
-        (JSC::InlineWatchpointSet::notifyWrite):
-        (JSC::InlineWatchpointSet::isFat):
-        (JSC::InlineWatchpointSet::fat):
-        (JSC::InlineWatchpointSet::inflate):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCommon.h:
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::isCellConstant):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addWeakReferences):
-        (JITCompiler):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasStructure):
-        (Node):
-        (JSC::DFG::Node::structure):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitPutTransitionStub):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/Structure.h:
-        (JSC::Structure::transitionWatchpointSetHasBeenInvalidated):
-        (Structure):
-        (JSC::Structure::transitionWatchpointSetIsStillValid):
-        (JSC::Structure::addTransitionWatchpoint):
-        (JSC::Structure::notifyTransitionFromThisStructure):
-        (JSC::JSCell::setStructure):
-        * runtime/SymbolTable.cpp:
-        (JSC::SymbolTableEntry::attemptToWatch):
-
-2012-06-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to set watchpoints on global variables
-        https://bugs.webkit.org/show_bug.cgi?id=88692
-
-        Reviewed by Geoffrey Garen.
-        
-        Rolling back in after fixing Windows build issues, and implementing
-        branchTest8 for the Qt port's strange assemblers.
-        
-        This implements global variable constant folding by allowing the optimizing
-        compiler to set a "watchpoint" on globals that it wishes to constant fold.
-        If the watchpoint fires, then an OSR exit is forced by overwriting the
-        machine code that the optimizing compiler generated with a jump.
-        
-        As such, this patch is adding quite a bit of stuff:
-        
-        - Jump replacement on those hardware targets supported by the optimizing
-          JIT. It is now possible to patch in a jump instruction over any recorded
-          watchpoint label. The jump must be "local" in the sense that it must be
-          within the range of the largest jump distance supported by a one
-          instruction jump.
-          
-        - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
-          that records the location where a jump must be inserted and the
-          destination to which it should jump. Watchpoints can be added to a
-          WatchpointSet. The WatchpointSet can be fired all at once, which plants
-          all jumps. WatchpointSet also remembers if it had ever been invalidated,
-          which allows for monotonicity: we typically don't want to optimize using
-          watchpoints on something for which watchpoints had previously fired. The
-          act of notifying a WatchpointSet has a trivial fast path in case no
-          Watchpoints are registered (one-byte load+branch).
-        
-        - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
-          except that you don't have to emit branches. But, you need to know what
-          WatchpointSet to add the resulting Watchpoint to. Not everything that
-          you could write a speculationCheck() for will have a WatchpointSet that
-          would get notified if the condition you were speculating against became
-          invalid.
-          
-        - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
-          do so without incurring any space overhead for those entries that don't
-          have WatchpointSets.
-          
-        - The bytecode generator infers all global function variables to be
-          watchable, and makes all stores perform the WatchpointSet's write check,
-          and marks all loads as being potentially watchable (i.e. you can compile
-          them to a watchpoint and a constant).
-        
-        Put together, this allows for fully sleazy inlining of calls to globally
-        declared functions. The inline prologue will no longer contain the load of
-        the function, or any checks of the function you're calling. I.e. it's
-        pretty much like the kind of inlining you would see in Java or C++.
-        Furthermore, the watchpointing functionality is built to be fairly general,
-        and should allow setting watchpoints on all sorts of interesting things
-        in the future.
-        
-        The sleazy inlining means that we will now sometimes inline in code paths
-        that have never executed. Previously, to inline we would have either had
-        to have executed the call (to read the call's inline cache) or have
-        executed the method check (to read the method check's inline cache). Now,
-        we might inline when the callee is a watched global variable. This
-        revealed some humorous bugs. First, constant folding disagreed with CFA
-        over what kinds of operations can clobber (example: code path A is dead
-        but stores a String into variable X, all other code paths store 0 into
-        X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
-        clobbering constant, but constant folding thought it was clobbering
-        because it saw the String prediction). Second, inlining would crash if
-        the inline callee had not been compiled. This patch fixes both bugs,
-        since otherwise run-javascriptcore-tests would report regressions.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::ARMv7Assembler):
-        (JSC::ARMv7Assembler::labelForWatchpoint):
-        (JSC::ARMv7Assembler::label):
-        (JSC::ARMv7Assembler::replaceWithJump):
-        (JSC::ARMv7Assembler::maxJumpReplacementSize):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC):
-        (AbstractMacroAssembler):
-        (Label):
-        (JSC::AbstractMacroAssembler::watchpointLabel):
-        (JSC::AbstractMacroAssembler::readPointer):
-        * assembler/AssemblerBuffer.h:
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchTest8):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::replaceWithJump):
-        (JSC::MacroAssemblerARM::maxJumpReplacementSize):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::load8Signed):
-        (JSC::MacroAssemblerARMv7::load16Signed):
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::replaceWithJump):
-        (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
-        (JSC::MacroAssemblerARMv7::branchTest8):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branchTest8):
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::replaceWithJump):
-        (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchTest8):
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::replaceWithJump):
-        (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
-        * assembler/MacroAssemblerX86.h:
-        (MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::branchTest8):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::replaceWithJump):
-        (MacroAssemblerX86Common):
-        (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
-        * assembler/MacroAssemblerX86_64.h:
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::branchTest8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::X86Assembler):
-        (X86Assembler):
-        (JSC::X86Assembler::cmpb_im):
-        (JSC::X86Assembler::testb_im):
-        (JSC::X86Assembler::labelForWatchpoint):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::replaceWithJump):
-        (JSC::X86Assembler::maxJumpReplacementSize):
-        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::appendOSRExit):
-        (JSC::CodeBlock::appendSpeculationRecovery):
-        (CodeBlock):
-        (JSC::CodeBlock::appendWatchpoint):
-        (JSC::CodeBlock::numberOfWatchpoints):
-        (JSC::CodeBlock::watchpoint):
-        (DFGData):
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        (JSC::DFG::exitKindIsCountable):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeForChain):
-        * bytecode/Instruction.h:
-        (Instruction):
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/Watchpoint.cpp: Added.
-        (JSC):
-        (JSC::Watchpoint::~Watchpoint):
-        (JSC::Watchpoint::correctLabels):
-        (JSC::Watchpoint::fire):
-        (JSC::WatchpointSet::WatchpointSet):
-        (JSC::WatchpointSet::~WatchpointSet):
-        (JSC::WatchpointSet::add):
-        (JSC::WatchpointSet::notifyWriteSlow):
-        (JSC::WatchpointSet::fireAllWatchpoints):
-        * bytecode/Watchpoint.h: Added.
-        (JSC):
-        (Watchpoint):
-        (JSC::Watchpoint::Watchpoint):
-        (JSC::Watchpoint::setDestination):
-        (WatchpointSet):
-        (JSC::WatchpointSet::isStillValid):
-        (JSC::WatchpointSet::hasBeenInvalidated):
-        (JSC::WatchpointSet::startWatching):
-        (JSC::WatchpointSet::notifyWrite):
-        (JSC::WatchpointSet::addressOfIsWatched):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetStaticVar):
-        (JSC::BytecodeGenerator::emitPutStaticVar):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::clobberStructures):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        (JSC::DFG::AbstractState::didClobber):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArguments):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::globalVarStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-        * dfg/DFGCorrectableJumpPoint.h:
-        (JSC::DFG::CorrectableJumpPoint::isSet):
-        (CorrectableJumpPoint):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifierNumberForCheck):
-        (Node):
-        (JSC::DFG::Node::identifierNumberForCheck):
-        (JSC::DFG::Node::hasRegisterPointer):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::appendCall):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_global_var_check):
-        (JSC):
-        (JSC::JIT::emitSlow_op_put_global_var_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_global_var_check):
-        (JSC):
-        (JSC::JIT::emitSlow_op_put_global_var_check):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (LLInt):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::removeDirect):
-        * runtime/JSObject.h:
-        (JSObject):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/SymbolTable.cpp: Added.
-        (JSC):
-        (JSC::SymbolTableEntry::copySlow):
-        (JSC::SymbolTableEntry::freeFatEntrySlow):
-        (JSC::SymbolTableEntry::couldBeWatched):
-        (JSC::SymbolTableEntry::attemptToWatch):
-        (JSC::SymbolTableEntry::addressOfIsWatched):
-        (JSC::SymbolTableEntry::addWatchpoint):
-        (JSC::SymbolTableEntry::notifyWriteSlow):
-        (JSC::SymbolTableEntry::inflateSlow):
-        * runtime/SymbolTable.h:
-        (JSC):
-        (SymbolTableEntry):
-        (Fast):
-        (JSC::SymbolTableEntry::Fast::Fast):
-        (JSC::SymbolTableEntry::Fast::isNull):
-        (JSC::SymbolTableEntry::Fast::getIndex):
-        (JSC::SymbolTableEntry::Fast::isReadOnly):
-        (JSC::SymbolTableEntry::Fast::getAttributes):
-        (JSC::SymbolTableEntry::Fast::isFat):
-        (JSC::SymbolTableEntry::SymbolTableEntry):
-        (JSC::SymbolTableEntry::~SymbolTableEntry):
-        (JSC::SymbolTableEntry::operator=):
-        (JSC::SymbolTableEntry::isNull):
-        (JSC::SymbolTableEntry::getIndex):
-        (JSC::SymbolTableEntry::getFast):
-        (JSC::SymbolTableEntry::getAttributes):
-        (JSC::SymbolTableEntry::isReadOnly):
-        (JSC::SymbolTableEntry::watchpointSet):
-        (JSC::SymbolTableEntry::notifyWrite):
-        (FatEntry):
-        (JSC::SymbolTableEntry::FatEntry::FatEntry):
-        (JSC::SymbolTableEntry::isFat):
-        (JSC::SymbolTableEntry::fatEntry):
-        (JSC::SymbolTableEntry::inflate):
-        (JSC::SymbolTableEntry::bits):
-        (JSC::SymbolTableEntry::freeFatEntry):
-        (JSC::SymbolTableEntry::pack):
-        (JSC::SymbolTableEntry::isValidIndex):
-
-2012-06-13  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r120172.
-        http://trac.webkit.org/changeset/120172
-        https://bugs.webkit.org/show_bug.cgi?id=88976
-
-        The patch causes compilation failures on Gtk, Qt and Apple Win
-        bots (Requested by zdobersek on #webkit).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::nop):
-        (JSC::ARMv7Assembler::label):
-        (JSC::ARMv7Assembler::readPointer):
-        (ARMv7Assembler):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC):
-        (AbstractMacroAssembler):
-        (Label):
-        * assembler/AssemblerBuffer.h:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::nop):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-        * assembler/MacroAssemblerMIPS.h:
-        * assembler/MacroAssemblerSH4.h:
-        * assembler/MacroAssemblerX86.h:
-        (MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::moveWithPatch):
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::branchTest8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::cmpb_im):
-        (JSC::X86Assembler::codeSize):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::appendOSRExit):
-        (JSC::CodeBlock::appendSpeculationRecovery):
-        (DFGData):
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        (JSC::DFG::exitKindIsCountable):
-        * bytecode/Instruction.h:
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/Watchpoint.cpp: Removed.
-        * bytecode/Watchpoint.h: Removed.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetStaticVar):
-        (JSC::BytecodeGenerator::emitPutStaticVar):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::clobberStructures):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArguments):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::globalVarStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-        * dfg/DFGCorrectableJumpPoint.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasRegisterPointer):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::appendCallSetResult):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::removeDirect):
-        * runtime/JSObject.h:
-        (JSObject):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/SymbolTable.cpp: Removed.
-        * runtime/SymbolTable.h:
-        (JSC):
-        (JSC::SymbolTableEntry::isNull):
-        (JSC::SymbolTableEntry::getIndex):
-        (SymbolTableEntry):
-        (JSC::SymbolTableEntry::getAttributes):
-        (JSC::SymbolTableEntry::isReadOnly):
-        (JSC::SymbolTableEntry::pack):
-        (JSC::SymbolTableEntry::isValidIndex):
-
-2012-06-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to set watchpoints on global variables
-        https://bugs.webkit.org/show_bug.cgi?id=88692
-
-        Reviewed by Geoffrey Garen.
-        
-        This implements global variable constant folding by allowing the optimizing
-        compiler to set a "watchpoint" on globals that it wishes to constant fold.
-        If the watchpoint fires, then an OSR exit is forced by overwriting the
-        machine code that the optimizing compiler generated with a jump.
-        
-        As such, this patch is adding quite a bit of stuff:
-        
-        - Jump replacement on those hardware targets supported by the optimizing
-          JIT. It is now possible to patch in a jump instruction over any recorded
-          watchpoint label. The jump must be "local" in the sense that it must be
-          within the range of the largest jump distance supported by a one
-          instruction jump.
-          
-        - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
-          that records the location where a jump must be inserted and the
-          destination to which it should jump. Watchpoints can be added to a
-          WatchpointSet. The WatchpointSet can be fired all at once, which plants
-          all jumps. WatchpointSet also remembers if it had ever been invalidated,
-          which allows for monotonicity: we typically don't want to optimize using
-          watchpoints on something for which watchpoints had previously fired. The
-          act of notifying a WatchpointSet has a trivial fast path in case no
-          Watchpoints are registered (one-byte load+branch).
-        
-        - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
-          except that you don't have to emit branches. But, you need to know what
-          WatchpointSet to add the resulting Watchpoint to. Not everything that
-          you could write a speculationCheck() for will have a WatchpointSet that
-          would get notified if the condition you were speculating against became
-          invalid.
-          
-        - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
-          do so without incurring any space overhead for those entries that don't
-          have WatchpointSets.
-          
-        - The bytecode generator infers all global function variables to be
-          watchable, and makes all stores perform the WatchpointSet's write check,
-          and marks all loads as being potentially watchable (i.e. you can compile
-          them to a watchpoint and a constant).
-        
-        Put together, this allows for fully sleazy inlining of calls to globally
-        declared functions. The inline prologue will no longer contain the load of
-        the function, or any checks of the function you're calling. I.e. it's
-        pretty much like the kind of inlining you would see in Java or C++.
-        Furthermore, the watchpointing functionality is built to be fairly general,
-        and should allow setting watchpoints on all sorts of interesting things
-        in the future.
-        
-        The sleazy inlining means that we will now sometimes inline in code paths
-        that have never executed. Previously, to inline we would have either had
-        to have executed the call (to read the call's inline cache) or have
-        executed the method check (to read the method check's inline cache). Now,
-        we might inline when the callee is a watched global variable. This
-        revealed some humorous bugs. First, constant folding disagreed with CFA
-        over what kinds of operations can clobber (example: code path A is dead
-        but stores a String into variable X, all other code paths store 0 into
-        X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
-        clobbering constant, but constant folding thought it was clobbering
-        because it saw the String prediction). Second, inlining would crash if
-        the inline callee had not been compiled. This patch fixes both bugs,
-        since otherwise run-javascriptcore-tests would report regressions.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::ARMv7Assembler):
-        (JSC::ARMv7Assembler::labelForWatchpoint):
-        (JSC::ARMv7Assembler::label):
-        (JSC::ARMv7Assembler::replaceWithJump):
-        (JSC::ARMv7Assembler::maxJumpReplacementSize):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC):
-        (AbstractMacroAssembler):
-        (Label):
-        (JSC::AbstractMacroAssembler::watchpointLabel):
-        * assembler/AssemblerBuffer.h:
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::replaceWithJump):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::maxJumpReplacementSize):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::replaceWithJump):
-        (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
-        (JSC::MacroAssemblerARMv7::branchTest8):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::replaceWithJump):
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::replaceWithJump):
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
-        * assembler/MacroAssemblerX86.h:
-        (MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::branchTest8):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::replaceWithJump):
-        (MacroAssemblerX86Common):
-        (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
-        * assembler/MacroAssemblerX86_64.h:
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::branchTest8):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::X86Assembler):
-        (X86Assembler):
-        (JSC::X86Assembler::cmpb_im):
-        (JSC::X86Assembler::testb_im):
-        (JSC::X86Assembler::labelForWatchpoint):
-        (JSC::X86Assembler::label):
-        (JSC::X86Assembler::replaceWithJump):
-        (JSC::X86Assembler::maxJumpReplacementSize):
-        (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::appendOSRExit):
-        (JSC::CodeBlock::appendSpeculationRecovery):
-        (CodeBlock):
-        (JSC::CodeBlock::appendWatchpoint):
-        (JSC::CodeBlock::numberOfWatchpoints):
-        (JSC::CodeBlock::watchpoint):
-        (DFGData):
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        (JSC::DFG::exitKindIsCountable):
-        * bytecode/Instruction.h:
-        (Instruction):
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/Watchpoint.cpp: Added.
-        (JSC):
-        (JSC::Watchpoint::~Watchpoint):
-        (JSC::Watchpoint::correctLabels):
-        (JSC::Watchpoint::fire):
-        (JSC::WatchpointSet::WatchpointSet):
-        (JSC::WatchpointSet::~WatchpointSet):
-        (JSC::WatchpointSet::add):
-        (JSC::WatchpointSet::notifyWriteSlow):
-        (JSC::WatchpointSet::fireAllWatchpoints):
-        * bytecode/Watchpoint.h: Added.
-        (JSC):
-        (Watchpoint):
-        (JSC::Watchpoint::Watchpoint):
-        (JSC::Watchpoint::setDestination):
-        (WatchpointSet):
-        (JSC::WatchpointSet::isStillValid):
-        (JSC::WatchpointSet::hasBeenInvalidated):
-        (JSC::WatchpointSet::startWatching):
-        (JSC::WatchpointSet::notifyWrite):
-        (JSC::WatchpointSet::addressOfIsWatched):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetStaticVar):
-        (JSC::BytecodeGenerator::emitPutStaticVar):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixResolveNode::emitBytecode):
-        (JSC::PrefixResolveNode::emitBytecode):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::clobberStructures):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        (JSC::DFG::AbstractState::didClobber):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArguments):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::globalVarStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-        * dfg/DFGCorrectableJumpPoint.h:
-        (JSC::DFG::CorrectableJumpPoint::isSet):
-        (CorrectableJumpPoint):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifierNumberForCheck):
-        (Node):
-        (JSC::DFG::Node::identifierNumberForCheck):
-        (JSC::DFG::Node::hasRegisterPointer):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::appendCall):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_put_global_var_check):
-        (JSC):
-        (JSC::JIT::emitSlow_op_put_global_var_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_put_global_var_check):
-        (JSC):
-        (JSC::JIT::emitSlow_op_put_global_var_check):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (LLInt):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::removeDirect):
-        * runtime/JSObject.h:
-        (JSObject):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/SymbolTable.cpp: Added.
-        (JSC):
-        (JSC::SymbolTableEntry::copySlow):
-        (JSC::SymbolTableEntry::freeFatEntrySlow):
-        (JSC::SymbolTableEntry::couldBeWatched):
-        (JSC::SymbolTableEntry::attemptToWatch):
-        (JSC::SymbolTableEntry::addressOfIsWatched):
-        (JSC::SymbolTableEntry::addWatchpoint):
-        (JSC::SymbolTableEntry::notifyWriteSlow):
-        (JSC::SymbolTableEntry::inflateSlow):
-        * runtime/SymbolTable.h:
-        (JSC):
-        (SymbolTableEntry):
-        (Fast):
-        (JSC::SymbolTableEntry::Fast::Fast):
-        (JSC::SymbolTableEntry::Fast::isNull):
-        (JSC::SymbolTableEntry::Fast::getIndex):
-        (JSC::SymbolTableEntry::Fast::isReadOnly):
-        (JSC::SymbolTableEntry::Fast::getAttributes):
-        (JSC::SymbolTableEntry::Fast::isFat):
-        (JSC::SymbolTableEntry::SymbolTableEntry):
-        (JSC::SymbolTableEntry::~SymbolTableEntry):
-        (JSC::SymbolTableEntry::operator=):
-        (JSC::SymbolTableEntry::isNull):
-        (JSC::SymbolTableEntry::getIndex):
-        (JSC::SymbolTableEntry::getFast):
-        (JSC::SymbolTableEntry::getAttributes):
-        (JSC::SymbolTableEntry::isReadOnly):
-        (JSC::SymbolTableEntry::watchpointSet):
-        (JSC::SymbolTableEntry::notifyWrite):
-        (FatEntry):
-        (JSC::SymbolTableEntry::FatEntry::FatEntry):
-        (JSC::SymbolTableEntry::isFat):
-        (JSC::SymbolTableEntry::fatEntry):
-        (JSC::SymbolTableEntry::inflate):
-        (JSC::SymbolTableEntry::bits):
-        (JSC::SymbolTableEntry::freeFatEntry):
-        (JSC::SymbolTableEntry::pack):
-        (JSC::SymbolTableEntry::isValidIndex):
-
-2012-06-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for ARMv7 debug builds.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-
-2012-06-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix for case-sensitive file systems: use the right case.
-
-        * heap/ListableHandler.h:
-
-2012-06-11  Geoffrey Garen  <ggaren@apple.com>
-
-        GC should be 1.7X faster
-        https://bugs.webkit.org/show_bug.cgi?id=88840
-
-        Reviewed by Oliver Hunt.
-
-        I profiled, and removed anything that showed up as a concurrency
-        bottleneck. Then, I added 3 threads to our max thread count, since we
-        can scale up to more threads now.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        (JSC::BlockAllocator::~BlockAllocator):
-        (JSC::BlockAllocator::releaseFreeBlocks):
-        (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
-        (JSC::BlockAllocator::waitForRelativeTime):
-        (JSC::BlockAllocator::blockFreeingThreadMain):
-        * heap/BlockAllocator.h:
-        (BlockAllocator):
-        (JSC::BlockAllocator::allocate):
-        (JSC::BlockAllocator::deallocate): Use a spin lock for the common case
-        where we're just popping a linked list. (A pthread mutex would sleep our
-        thread even if the lock were only contended for a microsecond.) 
-
-        Scope the lock to avoid holding it while allocating VM, since that's a
-        slow activity and it doesn't modify any of our data structures.
-
-        We still use a pthread mutex to handle our condition variable since we
-        have to, and it's not a hot path.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::CopiedSpace):
-        (JSC::CopiedSpace::doneFillingBlock):
-        * heap/CopiedSpace.h:
-        (JSC::CopiedSpace::CopiedSpace): Use a spin lock for the to space lock,
-        since it just guards linked list and hash table manipulation.
-
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
-        (JSC::MarkStackSegmentAllocator::allocate):
-        (JSC::MarkStackSegmentAllocator::release):
-        (JSC::MarkStackSegmentAllocator::shrinkReserve): Use a spin lock, since
-        we're just managing a linked list.
-
-        (JSC::MarkStackArray::donateSomeCellsTo): Changed donation to be proportional
-        to our current stack size. This fixes cases where we used to donate too
-        much. Interestingly, donating too much was starving the donor (when it
-        ran out of work later) *and* the recipient (since it had to wait on a
-        long donation operation to complete before it could acquire the lock).
-
-        In the worst case, we're still guaranteed to donate N cells in roughly log N time.
-
-        This change also fixes cases where we used to donate too little, since
-        we would always keep a fixed minimum number of cells. In the worst case,
-        with N marking threads, would could have N large object graph roots in
-        our stack for the duration of GC, and scale to only 1 thread.
-
-        It's an interesting observation that a single object in the mark stack
-        might represent an arbitrarily large object graph -- and only the act
-        of marking can find out.
-
-        (JSC::MarkStackArray::stealSomeCellsFrom): Steal in proportion to idle
-        threads. Once again, this fixes cases where constants could cause us
-        to steal too much or too little.
-
-        (JSC::SlotVisitor::donateKnownParallel): Always wake up other threads
-        if they're idle. We can afford to do this because we're conservative
-        about when we donate.
-
-        (JSC::SlotVisitor::drainFromShared):
-        * heap/MarkStack.h:
-        (MarkStackSegmentAllocator):
-        (MarkStackArray):
-        (JSC):
-        * heap/SlotVisitor.h: Merged the "should I donate?" decision into a
-        single function, for simplicity.
-
-        * runtime/Options.cpp:
-        (minimumNumberOfScansBetweenRebalance): Reduced the delay before donation
-        a lot. We can afford to do this because, in the common case, donation is
-        a single branch that decides not to donate. 
-
-        (cpusToUse): Use more CPUs now, since we scale better now.
-
-        * runtime/Options.h:
-        (Options): Removed now-unused variables.
-
-2012-06-12  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(120121): inspector tests crash in DFG
-        https://bugs.webkit.org/show_bug.cgi?id=88941
-
-        Reviewed by Geoffrey Garen.
-        
-        The CFG simplifier has two different ways of fixing up GetLocal, Phantom, and Flush. If we've
-        already fixed up the node one way, we shouldn't try the other way. The reason why we shouldn't
-        is that the second way depends on the node referring to other nodes in the to-be-jettisoned
-        block. After fixup they potentially will refer to nodes in the block being merged to.
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2012-06-12  Leo Yang  <leo.yang@torchmobile.com.cn>
-
-        Dynamic hash table in DOMObjectHashTableMap is wrong in multiple threads
-        https://bugs.webkit.org/show_bug.cgi?id=87334
-
-        Reviewed by Geoffrey Garen.
-
-        Add a copy member function to JSC::HasTable. This function will copy all data
-        members except for *table* which contains thread specific data that prevents
-        up copying it. When you want to copy a JSC::HashTable that was constructed
-        on another thread you should call JSC::HashTable::copy().
-
-        * runtime/Lookup.h:
-        (JSC::HashTable::copy):
-        (HashTable):
-
-2012-06-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not ASSERT if you have a double use of a variable that is not revealed to be a double
-        until after CFG simplification
-        https://bugs.webkit.org/show_bug.cgi?id=88927
-        <rdar://problem/11513971>
-
-        Reviewed by Geoffrey Garen.
-        
-        Speculation fixup needs to run if simplification did things, because simplification can change
-        predictions - particularly if you had a control flow path that stored weird things into a
-        variable, but that path got axed by the simplifier.
-        
-        Running fixup in the fixpoint requires making it idempotent, which it previously wasn't. Only
-        one place needed to be changed, namely the un-MustGenerate-ion of ValueToInt32.
-
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2012-06-12  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r119779): Javascript TypeError: 'undefined' is not an object
-        https://bugs.webkit.org/show_bug.cgi?id=88783
-        <rdar://problem/11640299>
-
-        Reviewed by Geoffrey Garen.
-        
-        If you don't keep alive the base of an object access over the various checks
-        you do for the prototype chain, you're going to have a bad time.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleGetById):
-
-2012-06-12  Hojong Han  <hojong.han@samsung.com>
-
-        Property names of the built-in object cannot be retrieved 
-        after trying to delete one of its properties
-        https://bugs.webkit.org/show_bug.cgi?id=86461
-
-        Reviewed by Gavin Barraclough.
-
-        * runtime/JSObject.cpp:
-        (JSC::getClassPropertyNames):
-        (JSC::JSObject::getOwnPropertyNames):
-
-2012-06-11  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
-
-        [CMAKE][EFL] Remove duplicated executable output path
-        https://bugs.webkit.org/show_bug.cgi?id=88765
-
-        Reviewed by Daniel Bates.
-
-        CMake files for EFL port have redefined executable output path. However, EFL port doesn't
-        need to define again because it is already defined in top-level CMake file.
-
-        * shell/CMakeLists.txt:
-
-2012-06-11  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck issues.
-
-        * GNUmakefile.list.am: Remove non existent header file.
-
-2012-06-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r119844 and r119925.
-
-        * runtime/Executable.h:
-        (ExecutableBase):
-        (JSC::ExecutableBase::clearCodeVirtual):
-
-2012-06-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r119844.
-
-        * runtime/Executable.h:
-        (ExecutableBase):
-        (JSC):
-
-2012-06-09  Dominic Cooney  <dominicc@chromium.org>
-
-        [Chromium] Remove JavaScriptCore dependencies from gyp
-        https://bugs.webkit.org/show_bug.cgi?id=88510
-
-        Reviewed by Adam Barth.
-
-        Chromium doesn't support JSC any more and there doesn't seem to be
-        a strong interest in using GYP as the common build system in other
-        ports.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp: WebCore still depends on YARR interpreter.
-        * JavaScriptCore.gypi: Only include YARR source.
-        * gyp/JavaScriptCore.gyp: Removed.
-        * gyp/gtk.gyp: Removed.
-
-2012-06-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed, rolling back in part2 of r118646.
-
-        This patch removes eager finalization.
-
-        Weak pointer finalization should be lazy
-        https://bugs.webkit.org/show_bug.cgi?id=87599
-
-        Reviewed by Sam Weinig.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect): Don't finalize eagerly -- we'll do it lazily.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep): Do sweep weak sets when sweeping a block,
-        since we won't get another chance.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::sweepWeakSet):
-        * heap/MarkedSpace.cpp:
-        (MarkedSpace::WeakSetSweep):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::sweepWeakSets): Removed now-unused code.
-
-2012-06-09  Sukolsak Sakshuwong  <sukolsak@google.com>
-
-        Add UNDO_MANAGER flag
-        https://bugs.webkit.org/show_bug.cgi?id=87908
-
-        Reviewed by Tony Chang.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-06-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed, rolling back in part1 of r118646.
-
-        This patch includes everything necessary for lazy finalization, but
-        keeps eager finalization enabled for the time being.
-
-        Weak pointer finalization should be lazy
-        https://bugs.webkit.org/show_bug.cgi?id=87599
-
-        Reviewed by Sam Weinig.
-
-        * heap/MarkedBlock.cpp:
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::resetAllocator):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::resetAllocators):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::resetAllocators): Don't force allocator reset anymore.
-        It will happen automatically when a weak set is swept. It's simpler to
-        have only one canonical way for this to happen, and it wasn't buying
-        us anything to do it eagerly.
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::sweep): Don't short-circuit a sweep unless we know
-        the sweep would be a no-op. If even one finalizer is pending, we need to
-        run it, since we won't get another chance.
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::sweep): This loop can be simpler now that
-        WeakBlock::sweep() does what we mean.
-        Reset our allocator after a sweep because this is the optimal time to
-        start trying to recycle old weak pointers.
-        (JSC::WeakSet::tryFindAllocator): Don't sweep when searching for an
-        allocator because we've swept already, and forcing a new sweep would be
-        wasteful.
-        * heap/WeakSet.h:
-        (JSC::WeakSet::shrink): Be sure to reset our allocator after a shrink
-        because the shrink may have removed the block the allocator was going to
-        allocate out of.
-
-2012-06-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Unreviewed roll out r119795.
-        
-        This broke jquery/core.html
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        * llint/LowLevelInterpreter.asm:
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalThis.cpp:
-        (JSC::JSGlobalThis::setUnwrappedObject):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        (JSC::JSObject::createInheritorID):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::resetInheritorID):
-        (JSC):
-        (JSC::JSObject::offsetOfInheritorID):
-        (JSC::JSObject::inheritorID):
-
-2012-06-08  Filip Pizlo  <fpizlo@apple.com>
-
-        PredictedType should be called SpeculatedType
-        https://bugs.webkit.org/show_bug.cgi?id=88477
-
-        Unreviewed, fix a renaming goof from http://trac.webkit.org/changeset/119660.
-        I accidentally renamed ByteCodeParser::getPrediction to
-        ByteCodeParser::getSpeculation.  That was not the intent. This changes it
-        back.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::getPrediction):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2012-06-08  Andy Wingo  <wingo@igalia.com>
-
-        Explictly mark stubs called by JIT as being internal
-        https://bugs.webkit.org/show_bug.cgi?id=88552
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGOSRExitCompiler.h:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * jit/HostCallReturnValue.h:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * jit/ThunkGenerators.cpp:
-        * llint/LLIntSlowPaths.h: Mark a bunch of stubs as being
-        WTF_INTERNAL.  Change most calls to SYMBOL_STRING_RELOCATION to
-        LOCAL_REFERENCE, or GLOBAL_REFERENCE in the case of the wrappers
-        to truly global symbols.
-        * offlineasm/asm.rb: Generate LOCAL_REFERENCE instead of
-        SYMBOL_STRING_RELOCATION.
-
-2012-06-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Don't rely on weak pointers for eager CodeBlock finalization
-        https://bugs.webkit.org/show_bug.cgi?id=88465
-
-        Reviewed by Gavin Barraclough.
-
-        This is incompatible with lazy weak pointer finalization.
-
-        I considered just making CodeBlock finalization lazy-friendly, but it
-        turns out that the heap is already way up in CodeBlock's business when
-        it comes to finalization, so I decided to finish the job and move full
-        responsibility for CodeBlock finalization into the heap.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Maybe this
-        will build.
-
-        * debugger/Debugger.cpp: Updated for rename.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::deleteAllCompiledCode): Renamed for consistency. Fixed a bug
-        where we would not delete code for a code block that had been previously
-        jettisoned. I don't know if this happens in practice -- I mostly did
-        this to improve consistency with deleteUnmarkedCompiledCode.
-
-        (JSC::Heap::deleteUnmarkedCompiledCode): New function, responsible for
-        eager finalization of unmarked code blocks.
-
-        (JSC::Heap::collect): Updated for rename. Updated to call
-        deleteUnmarkedCompiledCode(), which takes care of jettisoned DFG code
-        blocks too.
-
-        (JSC::Heap::addCompiledCode): Renamed, since this points to all code
-        now, not just functions.
-
-        * heap/Heap.h:
-        (Heap): Keep track of all user code, not just functions. This is a
-        negligible additional overhead, since most code is function code.
-
-        * runtime/Executable.cpp:
-        (JSC::*::finalize): Removed these functions, since we don't rely on
-        weak pointer finalization anymore.
-
-        (JSC::FunctionExecutable::FunctionExecutable): Moved linked-list stuff
-        into base class so all executables can be in the list.
-
-        (JSC::EvalExecutable::clearCode):
-        (JSC::ProgramExecutable::clearCode):
-        (JSC::FunctionExecutable::clearCode): All we need to do is delete our
-        CodeBlock -- that will delete all of its internal data structures.
-
-        (JSC::FunctionExecutable::clearCodeIfNotCompiling): Factored out a helper
-        function to improve clarity.
-
-        * runtime/Executable.h:
-        (JSC::ExecutableBase): Moved linked-list stuff
-        into base class so all executables can be in the list.
-
-        (JSC::NativeExecutable::create):
-        (NativeExecutable):
-        (ScriptExecutable):
-        (JSC::ScriptExecutable::finishCreation):
-        (JSC::EvalExecutable::create):
-        (EvalExecutable):
-        (JSC::ProgramExecutable::create):
-        (ProgramExecutable):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::create): Don't use a finalizer -- the heap
-        will call us back to destroy our code block.
-
-        (JSC::FunctionExecutable::discardCode): Renamed to clearCodeIfNotCompiling()
-        for clarity.
-
-        (JSC::FunctionExecutable::isCompiling): New helper function, for clarity.
-
-        (JSC::ScriptExecutable::clearCodeVirtual): New helper function, since
-        the heap needs to make polymorphic calls to clear code.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::StackPreservingRecompiler::operator()):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Updated for
-        renames.
-
-2012-06-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline prototype chain accesses, and do the right things if the
-        specific function optimization is available
-        https://bugs.webkit.org/show_bug.cgi?id=88594
-
-        Reviewed by Gavin Barraclough.
-        
-        Looks like a 3% win on V8.
-
-        * bytecode/CodeBlock.h:
-        (JSC::Structure::prototypeForLookup):
-        (JSC):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        (JSC):
-        (JSC::GetByIdStatus::computeForChain):
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/GetByIdStatus.h:
-        (JSC::GetByIdStatus::GetByIdStatus):
-        (JSC::GetByIdStatus::isSimple):
-        (JSC::GetByIdStatus::chain):
-        (JSC::GetByIdStatus::specificValue):
-        (GetByIdStatus):
-        * bytecode/StructureSet.h:
-        (StructureSet):
-        (JSC::StructureSet::singletonStructure):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeForLookup):
-        (JSC):
-        * runtime/Structure.h:
-        (Structure):
-
-2012-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove JSObject::m_inheritorID
-        https://bugs.webkit.org/show_bug.cgi?id=88378
-
-        Reviewed by Geoff Garen.
-
-        This is rarely used, and not performance critical (the commonly accessed copy is cached on JSFunction),
-        and most objects don't need an inheritorID (this value is only used if the object is used as a prototype).
-        Instead use a private named value in the object's property storage.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-            - No need m_inheritorID to initialize!
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-            - No need m_inheritorID to initialize!
-        * llint/LowLevelInterpreter.asm:
-            - No need m_inheritorID to initialize!
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-            - Added private name 'm_inheritorIDKey'.
-        * runtime/JSGlobalThis.cpp:
-        (JSC::JSGlobalThis::setUnwrappedObject):
-            - resetInheritorID is now passed a JSGlobalData&.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-            - No m_inheritorID to be marked.
-        (JSC::JSObject::createInheritorID):
-            - Store the newly created inheritorID in the property map.
-        * runtime/JSObject.h:
-        (JSC::JSObject::resetInheritorID):
-            - Remove the inheritorID from property storage.
-        (JSC::JSObject::inheritorID):
-            - Read the inheritorID from property storage.
-
-2012-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-        Math.pow on iOS does not support denormal numbers.
-        https://bugs.webkit.org/show_bug.cgi?id=88592
-
-        Reviewed by Filip Pizlo.
-
-        Import an implementation from fdlibm, detect cases where it is safe to use the system
-        implementation & where we should fall back to fdlibm.
-
-        * runtime/MathObject.cpp:
-        (JSC::isDenormal):
-        (JSC::isEdgeCase):
-        (JSC::mathPow):
-            - On iOS, detect cases where denormal support may be required & use fdlibm in these cases.
-        (JSC::mathProtoFuncPow):
-            - Changed to use mathPow.
-        (JSC::fdlibmScalbn):
-        (JSC::fdlibmPow):
-            - These functions imported from fdlibm; original style retained to ease future merging.
-
-2012-06-07  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r119441.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2012-06-07  Andy Wingo  <wingo@igalia.com>
-
-        Unreviewed build fix after r119593.
-
-        * llint/LLIntOfflineAsmConfig.h (OFFLINE_ASM_GLOBAL_LABEL): Fix
-        uses of "name" to be "label", the macro's parameter.  Otherwise we
-        serialize mentions of the literal symbol "name" into the objcode.
-        Causes a build error using GNU ld (not gold).
-
-2012-06-06  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Chromium build fix attempt. Why do we need to list these files in gyp!?
-
-        * JavaScriptCore.gypi:
-
-2012-06-06  Filip Pizlo  <fpizlo@apple.com>
-
-        PredictedType should be called SpeculatedType
-        https://bugs.webkit.org/show_bug.cgi?id=88477
-
-        Rubber stamped by Gavin Barraclough.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
-        * bytecode/LazyOperandValueProfile.cpp:
-        (JSC::LazyOperandValueProfileParser::prediction):
-        * bytecode/LazyOperandValueProfile.h:
-        (LazyOperandValueProfileParser):
-        * bytecode/PredictedType.cpp: Removed.
-        * bytecode/PredictedType.h: Removed.
-        * bytecode/SpeculatedType.cpp: Copied from Source/JavaScriptCore/bytecode/PredictedType.cpp.
-        (JSC::speculationToString):
-        (JSC::speculationToAbbreviatedString):
-        (JSC::speculationFromClassInfo):
-        (JSC::speculationFromStructure):
-        (JSC::speculationFromCell):
-        (JSC::speculationFromValue):
-        * bytecode/SpeculatedType.h: Copied from Source/JavaScriptCore/bytecode/PredictedType.h.
-        (JSC):
-        (JSC::isAnySpeculation):
-        (JSC::isCellSpeculation):
-        (JSC::isObjectSpeculation):
-        (JSC::isFinalObjectSpeculation):
-        (JSC::isFinalObjectOrOtherSpeculation):
-        (JSC::isFixedIndexedStorageObjectSpeculation):
-        (JSC::isStringSpeculation):
-        (JSC::isArraySpeculation):
-        (JSC::isFunctionSpeculation):
-        (JSC::isInt8ArraySpeculation):
-        (JSC::isInt16ArraySpeculation):
-        (JSC::isInt32ArraySpeculation):
-        (JSC::isUint8ArraySpeculation):
-        (JSC::isUint8ClampedArraySpeculation):
-        (JSC::isUint16ArraySpeculation):
-        (JSC::isUint32ArraySpeculation):
-        (JSC::isFloat32ArraySpeculation):
-        (JSC::isFloat64ArraySpeculation):
-        (JSC::isArgumentsSpeculation):
-        (JSC::isActionableIntMutableArraySpeculation):
-        (JSC::isActionableFloatMutableArraySpeculation):
-        (JSC::isActionableTypedMutableArraySpeculation):
-        (JSC::isActionableMutableArraySpeculation):
-        (JSC::isActionableArraySpeculation):
-        (JSC::isArrayOrOtherSpeculation):
-        (JSC::isMyArgumentsSpeculation):
-        (JSC::isInt32Speculation):
-        (JSC::isDoubleRealSpeculation):
-        (JSC::isDoubleSpeculation):
-        (JSC::isNumberSpeculation):
-        (JSC::isBooleanSpeculation):
-        (JSC::isOtherSpeculation):
-        (JSC::isEmptySpeculation):
-        (JSC::mergeSpeculations):
-        (JSC::mergeSpeculation):
-        * bytecode/StructureSet.h:
-        (JSC::StructureSet::speculationFromStructures):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfileBase::ValueProfileBase):
-        (JSC::ValueProfileBase::dump):
-        (JSC::ValueProfileBase::computeUpdatedPrediction):
-        (ValueProfileBase):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::speculateInt32Unary):
-        (JSC::DFG::AbstractState::speculateNumberUnary):
-        (JSC::DFG::AbstractState::speculateBooleanUnary):
-        (JSC::DFG::AbstractState::speculateInt32Binary):
-        (JSC::DFG::AbstractState::speculateNumberBinary):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::StructureAbstractValue::filter):
-        (JSC::DFG::StructureAbstractValue::speculationFromStructures):
-        (JSC::DFG::AbstractValue::AbstractValue):
-        (JSC::DFG::AbstractValue::clear):
-        (JSC::DFG::AbstractValue::isClear):
-        (JSC::DFG::AbstractValue::makeTop):
-        (JSC::DFG::AbstractValue::clobberStructures):
-        (JSC::DFG::AbstractValue::isTop):
-        (JSC::DFG::AbstractValue::set):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::validateIgnoringValue):
-        (JSC::DFG::AbstractValue::validate):
-        (JSC::DFG::AbstractValue::checkConsistency):
-        (JSC::DFG::AbstractValue::dump):
-        (AbstractValue):
-        * dfg/DFGArgumentPosition.h:
-        (JSC::DFG::ArgumentPosition::ArgumentPosition):
-        (JSC::DFG::ArgumentPosition::mergeArgumentAwareness):
-        (JSC::DFG::ArgumentPosition::prediction):
-        (ArgumentPosition):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::getSpeculationWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::getSpeculation):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::fixVariableAccessSpeculations):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::nameOfVariableAccessData):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::getJSConstantSpeculation):
-        (JSC::DFG::Graph::isPredictedNumerical):
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::getSpeculation):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::getHeapPrediction):
-        (JSC::DFG::Node::predictHeap):
-        (JSC::DFG::Node::prediction):
-        (JSC::DFG::Node::predict):
-        (JSC::DFG::Node::shouldSpeculateInteger):
-        (JSC::DFG::Node::shouldSpeculateDouble):
-        (JSC::DFG::Node::shouldSpeculateNumber):
-        (JSC::DFG::Node::shouldSpeculateBoolean):
-        (JSC::DFG::Node::shouldSpeculateFinalObject):
-        (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
-        (JSC::DFG::Node::shouldSpeculateArray):
-        (JSC::DFG::Node::shouldSpeculateArguments):
-        (JSC::DFG::Node::shouldSpeculateInt8Array):
-        (JSC::DFG::Node::shouldSpeculateInt16Array):
-        (JSC::DFG::Node::shouldSpeculateInt32Array):
-        (JSC::DFG::Node::shouldSpeculateUint8Array):
-        (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
-        (JSC::DFG::Node::shouldSpeculateUint16Array):
-        (JSC::DFG::Node::shouldSpeculateUint32Array):
-        (JSC::DFG::Node::shouldSpeculateFloat32Array):
-        (JSC::DFG::Node::shouldSpeculateFloat64Array):
-        (JSC::DFG::Node::shouldSpeculateArrayOrOther):
-        (JSC::DFG::Node::shouldSpeculateObject):
-        (JSC::DFG::Node::shouldSpeculateCell):
-        (Node):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::setPrediction):
-        (JSC::DFG::PredictionPropagationPhase::mergePrediction):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-        (JSC::DFG::SpeculativeJIT::writeBarrier):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-        (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        (JSC::DFG::SpeculativeJIT::compileArithNegate):
-        (JSC::DFG::SpeculativeJIT::compileArithMul):
-        (JSC::DFG::SpeculativeJIT::compileArithMod):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
-        (JSC::DFG::SpeculativeJIT::compileRegExpExec):
-        * dfg/DFGSpeculativeJIT.h:
-        (DFG):
-        (JSC::DFG::ValueSource::forSpeculation):
-        (SpeculativeJIT):
-        (GPRTemporary):
-        (FPRTemporary):
-        (JSC::DFG::SpecDoubleOperand::SpecDoubleOperand):
-        (JSC::DFG::SpecDoubleOperand::~SpecDoubleOperand):
-        (JSC::DFG::SpecDoubleOperand::fpr):
-        (JSC::DFG::SpecCellOperand::SpecCellOperand):
-        (JSC::DFG::SpecCellOperand::~SpecCellOperand):
-        (JSC::DFG::SpecCellOperand::gpr):
-        (JSC::DFG::SpecBooleanOperand::SpecBooleanOperand):
-        (JSC::DFG::SpecBooleanOperand::~SpecBooleanOperand):
-        (JSC::DFG::SpecBooleanOperand::gpr):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpecDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpecCell):
-        (JSC::DFG::SpeculativeJIT::fillSpecBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpecDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpecCell):
-        (JSC::DFG::SpeculativeJIT::fillSpecBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::predict):
-        (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
-        (JSC::DFG::VariableAccessData::prediction):
-        (JSC::DFG::VariableAccessData::argumentAwarePrediction):
-        (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction):
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
-        (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
-        (VariableAccessData):
-
-2012-06-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Global object variable accesses should not require an extra load
-        https://bugs.webkit.org/show_bug.cgi?id=88385
-
-        Reviewed by Gavin Barraclough and Geoffrey Garen.
-        
-        Previously, if you wanted to access a global variable, you'd first have
-        to load the register array from the appropriate global object and then
-        either load or store at an offset to the register array. This is because
-        JSGlobalObject inherited from JSVariableObject, and JSVariableObject is
-        designed with the pessimistic assumption that its register array may
-        point into the call stack. This is never the case for global objects.
-        Hence, even though the global object may add more registers at any time,
-        it does not need to store them in a contiguous array. It can use a
-        SegmentedVector or similar.
-        
-        This patch refactors global objects and variable objects as follows:
-        
-        - The functionality to track variables in an indexable array using a
-          SymbolTable to map names to indices is moved into JSSymbolTableObject,
-          which is now a supertype of JSVariableObject. JSVariableObject is now
-          just a holder for a registers array and implements the registerAt()
-          method that is left abstract in JSSymbolTableObject. Because all users
-          of JSVariableObject know whether they are a JSStaticScopeObject,
-          JSActivation, or JSGlobalObject, this "abstract" method is not virtual;
-          instead the utility methods that would call registerAt() are now
-          template functions that require you to know statically what subtype of
-          JSSymbolTableObject you're using (JSVariableObject or something else),
-          so that registerAt() can be statically bound.
-        
-        - A new class is added called JSSegmentedVariableObject, which only
-          differs from JSVariableObject in how it allocates registers. It uses a
-          SegmentedVector instead of manually managing a pointer to a contiguous
-          slab of registers. This changes the interface somewhat; for example
-          with JSVariableObject if you wanted to add a register you had to do
-          it yourself since the JSVariableObject didn't know how the registers
-          array ought to be allocated. With JSSegmentedVariableObject you can
-          just call addRegisters(). JSSegmentedVariableObject preserves the
-          invariant that once you get a pointer into a register, that pointer
-          will continue to be valid so long as the JSSegmentedVariableObject is
-          alive. This allows the JITs and interpreters to skip the extra load.
-        
-        - JSGlobalObject now inherits from JSSegmentedVariableObject. For now
-          (and possibly forever) it is the only subtype of this new class.
-        
-        - The bytecode format is changed so that get_global_var and
-          put_global_var have a pointer to the register directly rather than
-          having an index. A convenience method is provided in
-          JSSegmentedVariableObject to get the index given a a pointer, which is
-          used for assertions and debug dumps.
-        
-        This appears to be a 1% across the board win.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Instruction.h:
-        (Instruction):
-        (JSC::Instruction::Instruction):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::registerPointer):
-        (JSC):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::retrieveLastUnaryOp):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        (JSC::BytecodeGenerator::emitGetStaticVar):
-        (JSC::BytecodeGenerator::emitPutStaticVar):
-        * bytecompiler/BytecodeGenerator.h:
-        (ResolveResult):
-        (BytecodeGenerator):
-        * dfg/DFGAssemblyHelpers.h:
-        (AssemblyHelpers):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::globalVarStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::globalObjectFor):
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasVarNumber):
-        (Node):
-        (JSC::DFG::Node::hasRegisterPointer):
-        (JSC::DFG::Node::registerPointer):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::isWriteBarrierEnabled):
-        (JSC):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSGlobalObject.cpp:
-        (JSC):
-        (JSC::JSGlobalObject::put):
-        (JSC::JSGlobalObject::putDirectVirtual):
-        (JSC::JSGlobalObject::defineOwnProperty):
-        (JSC::JSGlobalObject::visitChildren):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC):
-        (JSC::JSGlobalObject::hasOwnPropertyForWrite):
-        * runtime/JSSegmentedVariableObject.cpp: Added.
-        (JSC):
-        (JSC::JSSegmentedVariableObject::findRegisterIndex):
-        (JSC::JSSegmentedVariableObject::addRegisters):
-        (JSC::JSSegmentedVariableObject::visitChildren):
-        * runtime/JSSegmentedVariableObject.h: Added.
-        (JSC):
-        (JSSegmentedVariableObject):
-        (JSC::JSSegmentedVariableObject::registerAt):
-        (JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject):
-        (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
-        (JSC::JSSegmentedVariableObject::finishCreation):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::put):
-        (JSC::JSStaticScopeObject::putDirectVirtual):
-        (JSC::JSStaticScopeObject::getOwnPropertySlot):
-        * runtime/JSSymbolTableObject.cpp: Added.
-        (JSC):
-        (JSC::JSSymbolTableObject::destroy):
-        (JSC::JSSymbolTableObject::deleteProperty):
-        (JSC::JSSymbolTableObject::getOwnPropertyNames):
-        (JSC::JSSymbolTableObject::putDirectVirtual):
-        (JSC::JSSymbolTableObject::isDynamicScope):
-        * runtime/JSSymbolTableObject.h: Added.
-        (JSC):
-        (JSSymbolTableObject):
-        (JSC::JSSymbolTableObject::symbolTable):
-        (JSC::JSSymbolTableObject::JSSymbolTableObject):
-        (JSC::JSSymbolTableObject::finishCreation):
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/JSVariableObject.cpp:
-        (JSC):
-        * runtime/JSVariableObject.h:
-        (JSVariableObject):
-        (JSC::JSVariableObject::JSVariableObject):
-        (JSC::JSVariableObject::finishCreation):
-        (JSC):
-        * runtime/WriteBarrier.h:
-
-2012-06-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG arguments access slow path should not crash if the arguments haven't been created
-        https://bugs.webkit.org/show_bug.cgi?id=88471
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-06-06  Michael Saboff  <msaboff@apple.com>
-
-        ENH: Add Logging to GC Marking Phase
-        https://bugs.webkit.org/show_bug.cgi?id=88364
-
-        Reviewed by Filip Pizlo.
-
-        Log GC marking to stderr or a file.  The logging in controlled
-        with the define ENABLE_OBJECT_MARK_LOGGING in wtf/Platform.h.
-        If DATA_LOG_TO_FILE in wtf/DataLog.cpp is set to 1, output is
-        logged to a file otherwise it is logged to stderr.
-
-        When logging is enabled, the GC is built single threaded since the
-        log output from the various threads isn't buffered and output in a
-        thread safe manner.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::resetChildren):
-        (JSC::MarkStackThreadSharedData::childVisitCount):
-        (JSC::MarkStackThreadSharedData::markingThreadMain):
-        (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::MarkStackThreadSharedData::reset):
-        * heap/MarkStack.h:
-        (MarkStackThreadSharedData):
-        (MarkStack):
-        (JSC::MarkStack::sharedData):
-        (JSC::MarkStack::resetChildCount):
-        (JSC::MarkStack::childCount):
-        (JSC::MarkStack::incrementChildCount):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::visitChildren):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::className):
-        * runtime/JSCell.h:
-        (JSCell):
-        (JSC::JSCell::visitChildren):
-        * runtime/JSString.cpp:
-        (JSC::JSString::visitChildren):
-        * runtime/JSString.h:
-        (JSString):
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend):
-
-2012-06-06  Gavin Barraclough  <barraclough@apple.com>
-
-        Assigning to a static property should not change iteration order
-        https://bugs.webkit.org/show_bug.cgi?id=88401
-
-        Reviewed by Geoff Garen.
-
-        A specific iteration order is not defined by the spec, but test-262 somewhat tenuously
-        requires that it is at least stable, e.g. ch10/10.4/10.4.2/S10.4.2_A1.1_T1.js
-
-        Whilst it is not clear that this behavior really arises from the specification, it
-        would seem like common sense to conform to this.
-
-        The problem here is that we allow properties in the structure to shadow those in the
-        static table, and we iterate the properties in the structure first - which means that
-        as values of existing properties are modified, their iteration order changes too.
-
-        The easy fix is to iterate the properties from the static table first. This has a
-        further benefit, since it will mean that user added properties will come after those
-        present in the static table (respected the expected insertion-order).
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertyNames):
-            - Iterate static properties first.
-
-2012-06-06  Andy Wingo  <wingo@igalia.com>
-
-        Ensure consistent order of evaluation in LLInt slow paths
-        https://bugs.webkit.org/show_bug.cgi?id=88409
-
-        Reviewed by Geoffrey Garen.
-
-        * llint/LLIntSlowPaths.cpp:
-        (slow_path_mul)
-        (slow_path_sub)
-        (slow_path_div)
-        (slow_path_mod)
-        (slow_path_lshift)
-        (slow_path_rshift)
-        (slow_path_urshift)
-        (slow_path_bitand)
-        (slow_path_bitor)
-        (slow_path_bitxor): Avoid calling toNumber, toInt32, or toUInt32
-        multiple times without intervening sequence points.  Fixes
-        fast/js/exception-sequencing-binops.html with GCC 4.7 on x86-64
-        Linux, which reordered evaluation of the arguments to fmod.
-
-2012-06-06  Andy Wingo  <wingo@igalia.com>
-
-        [GTK] Enable the LLInt
-        https://bugs.webkit.org/show_bug.cgi?id=88315
-
-        Reviewed by Filip Pizlo.
-
-        * GNUmakefile.am: Add rules to generate LLIntDesiredOffsets.h and
-        LLIntAssembly.h.
-        * GNUmakefile.list.am: Add offlineasm and llint files to the
-        dist.  Add LLInt source files to the build.
-        * llint/LowLevelInterpreter.asm (crash): Generate a store of
-        0xbbadbeef to a register, not to a constant.  Otherwise, gas was
-        failing to assemble result.
-        * offlineasm/asm.rb (labelReference): Generate a
-        SYMBOL_STRING_RELOCATION instead of a SYMBOL_STRING, so that we go
-        through the PLT on ELF systems.
-
-2012-06-06  Andy Wingo  <wingo@igalia.com>
-
-        REGRESSION (r106478): None of the Paper.js JavaScript examples work
-        https://bugs.webkit.org/show_bug.cgi?id=87158
-
-        Reviewed by Michael Saboff.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve): If we have to bail out to
-        dynamicResolve(), only skip static scopes from the head of the
-        scope chain.  Before, we were also skipping activations with
-        direct eval as well, which was incorrect.
-
-2012-06-06  Dan Bernstein  <mitz@apple.com>
-
-        Reverted r119567, the fix for <http://webkit.org/b/88378>, because it broke the 32-bit build.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        * llint/LowLevelInterpreter.asm:
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalThis.cpp:
-        (JSC::JSGlobalThis::setUnwrappedObject):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        (JSC::JSObject::createInheritorID):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::resetInheritorID):
-        (JSC):
-        (JSC::JSObject::offsetOfInheritorID):
-        (JSC::JSObject::inheritorID):
-
-2012-06-05  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Improve Math.round and Math.floor intrinsic
-        https://bugs.webkit.org/show_bug.cgi?id=88314
-
-        Reviewed by Filip Pizlo.
-
-        Currently we call a native function from the JIT code to complete the
-        "round" and "floor" operations. We could inline some fast paths
-        especially for those positive values on the platforms where floating
-        point truncation is supported.
-        This brings 3% gain on Kraken, especially 32% on audio-oscillator,
-        and slight win on SunSpider, measured on IA32.
-
-        * jit/ThunkGenerators.cpp:
-        (JSC::floorThunkGenerator):
-        (JSC):
-        (JSC::roundThunkGenerator):
-
-2012-06-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove JSObject::m_inheritorID
-        https://bugs.webkit.org/show_bug.cgi?id=88378
-
-        Reviewed by Geoff Garen.
-
-        This is rarely used, and not performance critical (the commonly accessed copy is cached on JSFunction),
-        and most objects don't need an inheritorID (this value is only used if the object is used as a prototype).
-        Instead use a private named value in the object's property storage.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-            - No need m_inheritorID to initialize!
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-            - No need m_inheritorID to initialize!
-        * llint/LowLevelInterpreter.asm:
-            - No need m_inheritorID to initialize!
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-            - Added private name 'm_inheritorIDKey'.
-        * runtime/JSGlobalThis.cpp:
-        (JSC::JSGlobalThis::setUnwrappedObject):
-            - resetInheritorID is now passed a JSGlobalData&.
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-            - No m_inheritorID to be marked.
-        (JSC::JSObject::createInheritorID):
-            - Store the newly created inheritorID in the property map.
-        * runtime/JSObject.h:
-        (JSC::JSObject::resetInheritorID):
-            - Remove the inheritorID from property storage.
-        (JSC::JSObject::inheritorID):
-            - Read the inheritorID from property storage.
-
-2012-06-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFG simplification should not attempt to deref nodes inside of an unreachable subgraph
-        https://bugs.webkit.org/show_bug.cgi?id=88362
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::fixPhis):
-        (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
-
-2012-06-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Entry into JSC should CRASH() if the Heap is busy
-        https://bugs.webkit.org/show_bug.cgi?id=88355
-
-        Reviewed by Geoffrey Garen.
-
-        Interpreter::execute() returns jsNull() right now if we try to enter it while 
-        the Heap is busy (e.g. with a collection), which is okay, but some code paths 
-        that call Interpreter::execute() allocate objects before checking if the Heap 
-        is busy. Attempting to execute JS code while the Heap is busy should not be 
-        allowed and should be enforced by a release-mode CRASH() to prevent vague, 
-        unhelpful backtraces later on if somebody makes a mistake. Normally, recursively 
-        executing JS code is okay, e.g. for evals, but it should not occur during a 
-        Heap allocation or collection because the Heap is not guaranteed to be in a 
-        consistent state (especially during collections). We are protected from 
-        executing JS on the same Heap concurrently on two separate threads because 
-        they must each take a JSLock first. However, we are not protected from reentrant 
-        execution of JS on the same thread because JSLock allows reentrancy. Therefore, 
-        we should fail early if we detect an entrance into JS code while the Heap is busy.
-
-        * heap/Heap.cpp: Changed Heap::collect so that it sets the m_operationInProgress field 
-        at the beginning of collection and then unsets it at the end so that it is set at all 
-        times throughout the duration of a collection rather than sporadically during various 
-        phases. There is no reason to unset during a collection because our collector does 
-        not currently support running additional JS between the phases of a collection.
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute): Crash if the Heap is busy.
-        * runtime/Completion.cpp: Crash if the Heap is busy. We do it here before we call 
-        Interpreter::execute() because we do some allocation prior to calling execute() which 
-        could cause Heap corruption if, for example, that allocation caused a collection.
-        (JSC::evaluate):
-
-2012-06-05  Dongwoo Im  <dw.im@samsung.com>
-
-        Add 'isProtocolHandlerRegistered' and 'unregisterProtocolHandler'.
-        https://bugs.webkit.org/show_bug.cgi?id=73176
-
-        Reviewed by Adam Barth.
-
-        Two more APIs are added in Custom Scheme Handler specification.
-        http://dev.w3.org/html5/spec/Overview.html#custom-handlers
-        One is 'isProtocolHandlerRegistered' to query whether the specific URL
-        is registered or not.
-        The other is 'unregisterProtocolHandler' to remove the registered URL.
-
-        * Configurations/FeatureDefines.xcconfig: Add a macro 'ENABLE_CUSTOM_SCHEME_HANDLER'.
-
-2012-06-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFG simplification should correct the variables at the head of the predecessor block
-        https://bugs.webkit.org/show_bug.cgi?id=88284
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2012-06-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed.
-
-        Rolled out r119364 because it's still causing crashes (when running
-        v8-earley in release builds of DRT)
-
-        This time for sure!
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::resetAllocator):
-        (JSC):
-        * heap/MarkedSpace.cpp:
-        (JSC::ResetAllocator::operator()):
-        (JSC):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::sweepWeakSets):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::sweep):
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::sweep):
-        (JSC::WeakSet::tryFindAllocator):
-        * heap/WeakSet.h:
-        (JSC::WeakSet::shrink):
-
-2012-06-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG arguments simplification should have rationalized handling of TearOffArguments
-        https://bugs.webkit.org/show_bug.cgi?id=88206
-
-        Reviewed by Geoffrey Garen.
-        
-        - Accesses to the unmodified arguments register ought to have the same effect on
-          alias/escape analysis of arguments as accesses to the mutable arguments register.
-        
-        - The existence of TearOffArguments should not get in the way of arguments aliasing.
-        
-        - TearOffArguments should be eliminated if CreateArguments is eliminated.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-
-2012-06-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Remove enabledProfilerReference
-        https://bugs.webkit.org/show_bug.cgi?id=88258
-
-        Reviewed by Michael Saboff.
-
-        Make the enabled profiler a member of JSGlobalData, and switch code that accesses it to do so directly
-        via the JSGlobalData, rather than holding a Profiler** reference to it. Do not pass the Profiler**
-        reference to JIT code. This patch does not change the stack layout on entry into JIT code (passing an
-        unused void* instead), since this is an intrusive change better handled in a separate patch.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::privateExecute):
-        * jit/JITCode.h:
-        (JSC::JITCode::execute):
-            - Don't pass Profiler** to JIT code.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_profile_will_call):
-        (JSC::JIT::emit_op_profile_did_call):
-        * jit/JITStubs.cpp:
-        (JSC):
-        (JSC::ctiTrampoline):
-        (JSC::ctiVMThrowTrampoline):
-        (JSC::ctiOpThrowNotCaught):
-        (JSC::JITThunks::JITThunks):
-        (JSC::DEFINE_STUB_FUNCTION):
-            - For ARM_THUMB2, rename ENABLE_PROFILER_REFERENCE_OFFSET to FIRST_STACK_ARGUMENT (which is how it is being used).
-            - For MIPS, remove ENABLE_PROFILER_REFERENCE_OFFSET.
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        (JSC):
-            - Renamed enabledProfilerReference to unusedX.
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * profiler/Profiler.cpp:
-        (JSC):
-        (JSC::Profiler::startProfiling):
-        (JSC::Profiler::stopProfiling):
-        * profiler/Profiler.h:
-        (Profiler):
-            - Removed s_sharedEnabledProfilerReference, enabledProfilerReference().
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSC::JSGlobalData::enabledProfiler):
-        (JSGlobalData):
-            - Added m_enabledProfiler, enabledProfiler().
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-
-2012-06-04  Filip Pizlo  <fpizlo@apple.com>
-
-        get_argument_by_val should be profiled everywhere
-        https://bugs.webkit.org/show_bug.cgi?id=88205
-
-        Reviewed by Geoffrey Garen.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2012-06-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG arguments simplification takes unkindly to direct accesses to the arguments register
-        https://bugs.webkit.org/show_bug.cgi?id=88261
-
-        Reviewed by Geoffrey Garen.
-        
-        Fixed arguments simplification for direct accesses to the arguments register, which may
-        arise if CSE had not run. Fixed CSE so that it does run prior to arguments simplification,
-        by making it a full-fledged member of the fixpoint. Fixed other issues in arguments
-        simplification, like realizing that it needs to bail if there is a direct assignment to
-        the arguments register, and failing to turn CreateArguments into PhantomArguments. Also
-        fixed CSE's handling of store elimination of captured locals in the presence of a
-        GetMyArgumentByVal (or one of its friends), and fixed CSE to correctly fixup variables at
-        tail if the Flush it removes is the last operation on a local in a basic block.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::run):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (CSEPhase):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-
-2012-06-04  Anders Carlsson  <andersca@apple.com>
-
-        Fix a struct/class mismatch.
-
-        * heap/Handle.h:
-        (Handle):
-
-2012-06-04  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX: FeatureDefines.xcconfig should match across projects
-
-        * Configurations/FeatureDefines.xcconfig:
-        - Add missing ENABLE_LEGACY_CSS_VENDOR_PREFIXES.
-
-2012-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Weak pointer finalization should be lazy
-        https://bugs.webkit.org/show_bug.cgi?id=87599
-
-        Reviewed by Sam Weinig.
-
-        This time for sure!
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect): Don't sweep eagerly -- we'll sweep lazily instead.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep): Sweep our weak set before we sweep our other
-        destructors -- this is our last chance to run weak set finalizers before
-        we recycle our memory.
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::resetAllocator):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::resetAllocators):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::resetAllocators): Don't force allocator reset anymore.
-        It will happen automatically when a weak set is swept. It's simpler to
-        have only one canonical way for this to happen, and it wasn't buying
-        us anything to do it eagerly.
-
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::sweep): Don't short-circuit a sweep unless we know
-        the sweep would be a no-op. If even one finalizer is pending, we need to
-        run it, since we won't get another chance.
-
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::sweep): This loop can be simpler now that
-        WeakBlock::sweep() does what we mean.
-
-        Reset our allocator after a sweep because this is the optimal time to
-        start trying to recycle old weak pointers.
-
-        (JSC::WeakSet::tryFindAllocator): Don't sweep when searching for an
-        allocator because we've swept already, and forcing a new sweep would be
-        wasteful.
-
-        * heap/WeakSet.h:
-        (JSC::WeakSet::shrink): Be sure to reset our allocator after a shrink
-        because the shrink may have removed the block the allocator was going to
-        allocate out of.
-
-2012-06-02  Filip Pizlo  <fpizlo@apple.com>
-
-        If the DFG bytecode parser detects that op_method_check has gone polymorphic, it
-        shouldn't revert all the way to GetById/GetByIdFlush
-        https://bugs.webkit.org/show_bug.cgi?id=88176
-
-        Reviewed by Geoffrey Garen.
-        
-        Refactored the code so that the op_method_check case of the parser gracefully falls
-        through to all of the goodness of the normal op_get_by_id case.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2012-06-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE should be able to eliminate unnecessary flushes of arguments and captured variables
-        https://bugs.webkit.org/show_bug.cgi?id=87929
-
-        Reviewed by Geoffrey Garen.
-        
-        Slight speed-up on V8. Big win (up to 50%) on programs that inline very small functions.
-        
-        This required a bunch of changes:
-        
-        - The obvious change is making CSE essentially ignore whether or not the set of
-          operations between the Flush and the SetLocal can exit, and instead focus on whether or
-          not that set of operations can clobber the world or access local variables. This code
-          is now refactored to return a set of flags indicating any of these events, and the CSE
-          decides what to do based on those flags. If the set of operations is non-clobbering
-          and non-accessing, then the Flush is turned into a Phantom on the child of the
-          SetLocal. This expands the liveness of the relevant variable but virtually guarantees
-          that it will be register allocated and not flushed to the stack. So, yeah, this patch
-          is a lot of work to save a few stores to the stack.
-        
-        - Previously, CheckArgumentsNotCreated was optimized "lazily" in that you only knew if
-          it was a no-op if you were holding onto a CFA abstract state. But this would make the
-          CSE act pessimistically, since it doesn't use the CFA. Hence, this patch changes the
-          constant folding phase into something more broad; it now fixes up
-          CheckArgumentsNotCreated nodes by turning them into phantoms if it knows that they are
-          no-ops.
-        
-        - Arguments simplification was previously relying on this very strange PhantomArguments
-          node, which had two different meanings: for normal execution it meant the empty value
-          but for OSR exit it meant that the arguments should be reified. This produces problems
-          when set SetLocals to the captured arguments registers are CSE'd away, since we'd be
-          triggering reification of arguments without having initialized the arguments registers
-          to empty. The cleanest solution was to fix PhantomArguments to have one meaning:
-          namely, arguments reification on OSR exit. Hence, this patch changes arguments
-          simplification to change SetLocal of CreateArguments on the arguments registers to be
-          a SetLocal of Empty.
-        
-        - Argument value recoveries were previously derived from the value source of the
-          arguments at the InlineStart. But that relies on all SetLocals to arguments having
-          been flushed. It's possible that we could have elided the SetLocal to the arguments
-          at the callsite because there were subsequent SetLocals to the arguments inside of the
-          callee, in which case the InlineStart would get the wrong information. Hence, this
-          patch changes argument value recovery computation to operate over the ArgumentPositions
-          directly.
-        
-        - But that doesn't actually work, because previously, there was no way to link an
-          InlineStart back to the corresponding ArgumentPositions, at least not without some
-          ugliness. So this patch instates the rule that the m_argumentPositions vector consists
-          of disjoint subsequences such that each subsequence corresponds to an inline callsite
-          and can be identified by its first index, and within each subsequence are the
-          ArgumentPositions of all of the arguments ordered by argument index. This required
-          flipping the order in which ArgumentPositions are added to the vector, and giving
-          InlineStart an operand that indicates the start of that inline callsite's
-          ArgumentPosition subsequence.
-        
-        - This patch also revealed a nasty bug in the reification of arguments in inline call
-          frames on OSR exit. Since the reification was happening after the values of virtual
-          registers were recovered, the value recoveries of the inline arguments were wrong.
-          Hence using operationCreateInlinedArguments is wrong. For example a value recovery
-          might say that you have to box a double, but if we had already boxed it then boxing
-          it a second time will result in garbage. The specific case of this bug was this patch
-          uncovered was that now it is possible for an inline call frame to not have any valid
-          value recoveries for any inline arguments, if the optimization elides all argument
-          flushes, while at the same time optimizing away arguments creation. Then OSR exit
-          would try to recover the arguments using the inline call frame, which had bogus
-          information, and humorous crashes would ensue. This patch fixes this issue by moving
-          arguments reification to after call frame reification, so that arguments reification
-          can always use operationCreateArguments instead of operationCreateInlinedArguments.
-        
-        - This patch may turn a Flush into a Phantom. That's kind of the whole point. But that
-          broke forward speculation checks, which knew to look for a Flush prior to a SetLocal
-          but didn't know that there could alternatively be a Phantom in place of the Flush.
-          This patch fixes that by augmenting the forward speculation check logic.
-        
-        - Finally, in the process of having fun with all of the above, I realized that my DFG
-          validation was not actually running on every phase like I had originally designed it
-          to. In fact it was only running just after bytecode parsing. I initially tried to
-          make it run in every phase but found that this causes some tests to timeout
-          (specifically the evil fuzzing ones), so I decided on a compromise where: (i) in
-          release mode validation never runs, (ii) in debug mode validation will run just
-          after parsing and just before the backend, and (iii) it's possible with a simple
-          switch to enable validation to run on every phase.
-        
-        Luckily all of the above issues were already covered by the 77 or so DFG-specific
-        layout tests. Hence, this patch does not introduce any new tests despite being so
-        meaty.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArgumentPosition.h:
-        (JSC::DFG::ArgumentPosition::prediction):
-        (JSC::DFG::ArgumentPosition::doubleFormatState):
-        (JSC::DFG::ArgumentPosition::shouldUseDoubleFormat):
-        (ArgumentPosition):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::SetLocalStoreEliminationResult::SetLocalStoreEliminationResult):
-        (SetLocalStoreEliminationResult):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCommon.h:
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::hasArgumentPositionStart):
-        (JSC::DFG::Node::argumentPositionStart):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGPhase.cpp:
-        (DFG):
-        * dfg/DFGPhase.h:
-        (Phase):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-06-02  Geoffrey Garen  <ggaren@apple.com>
-
-        DOM string cache should hash pointers, not characters
-        https://bugs.webkit.org/show_bug.cgi?id=88175
-
-        Reviewed by Phil Pizlo and Sam Weinig.
-
-        * heap/Weak.h:
-        (JSC::weakAdd):
-        (JSC::weakRemove): Made these function templates slightly more generic
-        to accommodate new client types.
-
-2012-06-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA should know that PutByVal can clobber the world
-        https://bugs.webkit.org/show_bug.cgi?id=88155
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2012-06-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA should mark basic blocks as having constants if local accesses yield constants
-        https://bugs.webkit.org/show_bug.cgi?id=88153
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2012-06-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG arguments simplification phase uses a node.codeOrigin after appending a node
-        https://bugs.webkit.org/show_bug.cgi?id=88151
-
-        Reviewed by Geoffrey Garen.
-        
-        The right thing to do is to save the CodeOrigin before appending to the graph.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-
-2012-06-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not emit unnecessary speculation checks when performing an int32 to double conversion on
-        a value that is proved to be a number, predicted to be an int32, but not proved to be an int32
-        https://bugs.webkit.org/show_bug.cgi?id=88146
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-
-2012-06-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG constant folding search for the last local access skips the immediately previous local access
-        https://bugs.webkit.org/show_bug.cgi?id=88141
-
-        Reviewed by Michael Saboff.
-        
-        If you use a loop in the style of:
-
-        for (i = start; i--;)
-
-        then you need to remember that the first value of 'i' that the loop body will see is 'start - 1'.
-        Hence the following is probably wrong:
-        
-        for (i = start - 1; i--;)
-
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-
-2012-06-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG constant folding should be OK with GetLocal of captured variables having a constant
-        https://bugs.webkit.org/show_bug.cgi?id=88137
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-
-2012-05-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSGlobalObject does not mark m_privateNameStructure
-        https://bugs.webkit.org/show_bug.cgi?id=88023
-
-        Rubber stamped by Gavin Barraclough.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::visitChildren): We need to mark this so it doesn't get 
-        inadvertently garbage collected.
-
-2012-05-31  Erik Arvidsson  <arv@chromium.org>
-
-        Make DOM Exceptions Errors
-        https://bugs.webkit.org/show_bug.cgi?id=85078
-
-        Reviewed by Oliver Hunt.
-
-        WebIDL mandates that exceptions should have Error.prototype on its prototype chain.
-
-        For JSC we have access to the Error.prototype from the binding code.
-
-        For V8 we set a field in the WrapperTypeInfo and when the constructor function is created we
-        set the prototype as needed.
-
-        Updated test: fast/dom/DOMException/prototype-object.html
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSC):
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::errorPrototype):
-
-2012-05-31  Andy Wingo  <wingo@igalia.com>
-
-        Fix reference to unset variable in debug mode
-        https://bugs.webkit.org/show_bug.cgi?id=87981
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSONObject.cpp (Stringifier::Holder::Holder):
-        Initialize m_size in debug mode, as we check it later in an assert.
-
-2012-05-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Heap should sweep incrementally
-        https://bugs.webkit.org/show_bug.cgi?id=85429
-
-        We shouldn't have to wait for the opportunistic GC timer to fire in order 
-        to call object destructors. Instead, we should incrementally sweep some 
-        subset of the blocks requiring sweeping periodically. We tie this sweeping 
-        to a timer rather than to collections because we want to reclaim this memory 
-        even if we stop allocating. This way, our memory usage scales smoothly with 
-        actual use, regardless of whether we've recently done an opportunistic GC or not.
-
-        Reviewed by Geoffrey Garen.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::collect): We no longer sweep during a full sweep. We only shrink now,
-        which we will switch over to being done during incremental sweeping too as soon as
-        all finalizers can be run lazily (and, by extension, incrementally). 
-        (JSC::Heap::sweeper):
-        (JSC):
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        * heap/IncrementalSweeper.cpp: Added.
-        (JSC):
-        (JSC::IncrementalSweeper::timerDidFire): The IncrementalSweeper works very similarly to 
-        GCActivityCallback. It is tied to a run-loop based timer that fires periodically based 
-        on how long the previous sweep increment took to run. The IncrementalSweeper doesn't do 
-        anything if the platform doesn't support CoreFoundation.
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::~IncrementalSweeper):
-        (JSC::IncrementalSweeper::create):
-        (JSC::IncrementalSweeper::scheduleTimer):
-        (JSC::IncrementalSweeper::cancelTimer):
-        (JSC::IncrementalSweeper::doSweep): Iterates over the snapshot of the MarkedSpace taken 
-        during the last collection, checking to see which blocks need sweeping. If it successfully 
-        gets to the end of the blocks that need sweeping then it cancels the timer.
-        (JSC::IncrementalSweeper::startSweeping): We take a snapshot of the Heap and store it in 
-        a Vector that the incremental sweep will iterate over. We also reset our index into this Vector.
-        * heap/IncrementalSweeper.h: Added.
-        (JSC):
-        (IncrementalSweeper):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::needsSweeping): If a block is in the Marked state it needs sweeping 
-        to be usable and to run any destructors that need to be run.
-
-2012-05-30  Patrick Gansterer  <paroga@webkit.org>
-
-        [WINCE] Fix JSString after r115516.
-        https://bugs.webkit.org/show_bug.cgi?id=87892
-
-        Reviewed by Geoffrey Garen.
-
-        r115516 splitted JSString into two classes, with addition nested classes.
-        Add a workaround for the WinCE compiler since it can't resolve the friend class
-        declerations corretly and denies the access to protected members of JSString.
-
-        * runtime/JSString.h:
-        (JSC::JSRopeString::RopeBuilder::append):
-        (JSC::JSRopeString::append):
-        (JSRopeString):
-
-2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-        Really provide error information with the inspector disabled
-        https://bugs.webkit.org/show_bug.cgi?id=87910
-
-        Reviewed by Filip Pizlo.
-
-        Don't bother checking for anything other than pre-existing error info.
-        In the absence of complete line number information you'll only get the
-        line a function starts on, but at least it's something.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-
-2012-05-30  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt broken on x86-32 with JIT turned off
-        https://bugs.webkit.org/show_bug.cgi?id=87906
-
-        Reviewed by Geoffrey Garen.
-        
-        Fixed the code to not clobber registers that contain important things, like the call frame.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-30  Filip Pizlo  <fpizlo@apple.com>
-
-        ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
-        https://bugs.webkit.org/show_bug.cgi?id=87887
-
-        Reviewed by Darin Adler.
-        
-        Better fix - we now never call SourceProvider::asID() if SourceProvider* is 0.
-
-        * parser/Nodes.h:
-        (JSC::ScopeNode::sourceID):
-        * parser/SourceCode.h:
-        (JSC::SourceCode::providerID):
-        (SourceCode):
-        * parser/SourceProvider.h:
-        (SourceProvider):
-        (JSC::SourceProvider::asID):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::sourceID):
-
-2012-05-30  Filip Pizlo  <fpizlo@apple.com>
-
-        ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
-        https://bugs.webkit.org/show_bug.cgi?id=87887
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::asID):
-
-2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-        DFG does not correctly handle exceptions caught in the LLInt
-        https://bugs.webkit.org/show_bug.cgi?id=87885
-
-        Reviewed by Filip Pizlo.
-
-        Make the DFG use genericThrow, rather than reimplementing a small portion of it.
-        Also make the LLInt slow paths validate that their PC is correct.
-
-        * dfg/DFGOperations.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-
-2012-05-29  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA should infer types and values of captured variables
-        https://bugs.webkit.org/show_bug.cgi?id=87813
-
-        Reviewed by Gavin Barraclough.
-        
-        Slight speed-up in V8/earley-boyer (~1%).
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::argumentsAreCaptured):
-        (JSC::CodeBlock::argumentIsCaptured):
-        (CodeBlock):
-        * dfg/DFGAbstractState.cpp:
-        (DFG):
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::clobberWorld):
-        (JSC::DFG::AbstractState::clobberStructures):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        (JSC::DFG::AbstractState::merge):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::variables):
-        (AbstractState):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-30  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r117823.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-
-2012-05-30  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r118868.
-        http://trac.webkit.org/changeset/118868
-        https://bugs.webkit.org/show_bug.cgi?id=87828
-
-        introduced ~20 crashes on Mac and Qt bots (Requested by pizlo_
-        on #webkit).
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::sweepWeakSet):
-        (JSC):
-        * heap/MarkedSpace.cpp:
-        (JSC::SweepWeakSet::operator()):
-        (JSC):
-        (JSC::MarkedSpace::sweepWeakSets):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-
-2012-05-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled back in r118646, now that
-        https://bugs.webkit.org/show_bug.cgi?id=87784 is fixed.
-
-        http://trac.webkit.org/changeset/118646
-        https://bugs.webkit.org/show_bug.cgi?id=87599
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep):
-        * heap/MarkedBlock.h:
-        (JSC):
-        * heap/MarkedSpace.cpp:
-        (JSC):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-
-2012-05-29  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should keep captured variables alive until the (inline) return.
-        https://bugs.webkit.org/show_bug.cgi?id=87205
-
-        Reviewed by Gavin Barraclough.
-        
-        Changes the way we do flushing for captured variables and arguments. Instead of flushing
-        each SetLocal immediately, we flush at kill points. So a SetLocal will cause a Flush of
-        whatever was live in the variable previously, and a return will cause a Flush of all
-        captured variables and all arguments.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::setDirect):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::findArgumentPositionForArgument):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
-        (JSC::DFG::ByteCodeParser::findArgumentPosition):
-        (JSC::DFG::ByteCodeParser::flush):
-        (JSC::DFG::ByteCodeParser::flushDirect):
-        (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-
-2012-05-29  Geoffrey Garen  <ggaren@apple.com>
-
-        WeakGCMap should be lazy-finalization-safe
-        https://bugs.webkit.org/show_bug.cgi?id=87784
-
-        Reviewed by Darin Adler.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::get): Since this is a map of raw WeakImpl pointers, and
-        not Weak<T>, we need to verify manually that the WeakImpl is live before
-        we return its payload.
-
-2012-05-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        CopiedSpace::doneCopying could start another collection
-        https://bugs.webkit.org/show_bug.cgi?id=86538
-
-        Reviewed by Geoffrey Garen.
-
-        It's possible that if we don't have anything at the head of to-space 
-        after a collection and the BlockAllocator doesn't have any fresh blocks 
-        to give us right now we could start another collection while still in 
-        the middle of the first collection when we call CopiedSpace::addNewBlock(). 
-
-        One way to resolve this would be to have Heap::shouldCollect() check that 
-        m_operationInProgress is NoOperation. This would prevent the path in 
-        getFreshBlock() that starts the collection if we're already in the middle of one.
-
-        I could not come up with a test case to reproduce this crash on ToT.
-
-        * heap/Heap.h:
-        (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
-        of a collection, i.e. the current operation should be NoOperation.
-
-2012-05-29  David Barr  <davidbarr@chromium.org>
-
-        Introduce ENABLE_CSS_IMAGE_RESOLUTION compile flag
-        https://bugs.webkit.org/show_bug.cgi?id=87685
-
-        Reviewed by Eric Seidel.
-
-        Add a configuration option for CSS image-resolution support, disabling it by default.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-28  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r118646.
-        http://trac.webkit.org/changeset/118646
-        https://bugs.webkit.org/show_bug.cgi?id=87691
-
-        broke V8 raytrace benchmark (Requested by pizlo_ on #webkit).
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::sweepWeakSet):
-        (JSC):
-        * heap/MarkedSpace.cpp:
-        (JSC::SweepWeakSet::operator()):
-        (JSC):
-        (JSC::MarkedSpace::sweepWeakSets):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-
-2012-05-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not generate code for code that the CFA proves to be unreachable
-        https://bugs.webkit.org/show_bug.cgi?id=87682
-
-        Reviewed by Sam Weinig.
-        
-        This also fixes a small performance bug where CFA was not marking blocks
-        as having constants (and hence not triggering constant folding) if the only
-        constants were on GetLocals.
-        
-        And fixing that bug revealed another bug: constant folding was assuming that
-        a GetLocal must be the first access to a local in a basic block. This isn't
-        true. The first access may be a Flush. This patch fixes that issue using the
-        safest approach possible, since we don't need to be clever for something that
-        only happens in one of our benchmarks.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::run):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-28  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header file.
-
-2012-05-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Weak pointer finalization should be lazy
-        https://bugs.webkit.org/show_bug.cgi?id=87599
-
-        Reviewed by Darin Adler.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect): Don't force immediate finalization -- it will
-        happen lazily.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweep): Sweep a block's weak set when sweeping the
-        block. The weak set may not have been swept yet, and this is our last
-        chance to run weak finalizers before we recycle the memory they reference.
-
-        * heap/MarkedBlock.h:
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedBlock::sweepWeakSets):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::sweepWeakSets): Nixed sweepWeakSets because it's unused
-        now.
-
-2012-05-26  Geoffrey Garen  <ggaren@apple.com>
-
-        WebKit should be lazy-finalization-safe (esp. the DOM) v2
-        https://bugs.webkit.org/show_bug.cgi?id=87581
-
-        Reviewed by Oliver Hunt.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::callDestructor):
-        * heap/WeakBlock.h:
-        * heap/WeakSetInlines.h:
-        (JSC::WeakBlock::finalize): Since we don't guarantee destruction order,
-        it's not valid to access GC pointers like the Structure pointer during
-        finalization. We NULL out the structure pointer in debug builds to try
-        to make this programming mistake more obvious.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::destroy):
-        * API/JSCallbackObject.cpp:
-        (JSC::::destroy):
-        (JSC::JSCallbackObjectData::finalize):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::destroy):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::destroy):
-        * runtime/Error.cpp:
-        (JSC::StrictModeTypeErrorFunction::destroy):
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::destroy):
-        (JSC::NativeExecutable::destroy):
-        (JSC::ScriptExecutable::destroy):
-        (JSC::EvalExecutable::destroy):
-        (JSC::ProgramExecutable::destroy):
-        (JSC::FunctionExecutable::destroy):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::destroy):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::destroy):
-        * runtime/JSStaticScopeObject.cpp:
-        (JSC::JSStaticScopeObject::destroy):
-        * runtime/JSString.cpp:
-        (JSC::JSString::destroy):
-        * runtime/JSVariableObject.cpp:
-        (JSC::JSVariableObject::destroy):
-        * runtime/NameInstance.cpp:
-        (JSC::NameInstance::destroy):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::destroy):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::destroy):
-        * runtime/Structure.cpp:
-        (JSC::Structure::destroy):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::destroy): Use static_cast instead of jsCast because
-        jsCast does Structure-based validation, and our Structure is not guaranteed
-        to be alive when we get finalized.
-
-2012-05-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE should eliminate redundant WeakJSConstants
-        https://bugs.webkit.org/show_bug.cgi?id=87179
-
-        Reviewed by Gavin Barraclough.
-        
-        Merged r118141 from dfgopt.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::weakConstantCSE):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::weakConstant):
-
-2012-05-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE should do redundant store elimination
-        https://bugs.webkit.org/show_bug.cgi?id=87161
-
-        Reviewed by Oliver Hunt.
-        
-        Merge r118138 from dfgopt.
-        
-        This patch adds redundant store elimination. For example, consider this
-        code:
-        
-        o.x = 42;
-        o.x = 84;
-        
-        If o.x is speculated to be a well-behaved field, the first assignment is
-        unnecessary, since the second just overwrites it. We would like to
-        eliminate the first assignment in these cases. The need for this
-        optimization arises mostly from stores that our runtime requires. For
-        example:
-        
-        o = {f:1, g:2, h:3};
-        
-        This will have four assignments to the structure for the newly created
-        object - one assignment for the empty structure, one for {f}, one for
-        {f, g}, and one for {f, g, h}. We would like to only have the last of
-        those assigments in this case.
-        
-        Intriguingly, doing so for captured variables breaks the way arguments
-        simplification used to work. Consider that prior to either arguments
-        simplification or store elimination we will have IR that looks like:
-        
-        a: SetLocal(r0, Empty)
-        b: SetLocal(r1, Empty)
-        c: GetLocal(r0)
-        d: CreateArguments(@c)
-        e: SetLocal(r0, @d)
-        f: SetLocal(r1, @d)
-        
-        Then redundant store elimination will eliminate the stores that
-        initialize the arguments registers to Empty, but then arguments
-        simplification eliminates the stores that initialize the arguments to
-        the newly created arguments - and at this point we no longer have any
-        stores to the arguments register, leading to hilarious crashes. This
-        patch therefore changes arguments simplification to replace
-        CreateArguments with JSConstant(Empty) rather than eliminating the
-        SetLocals. But this revealed bugs where arguments simplification was
-        being overzealous, so I fixed those bugs.
-        
-        This is a minor speed-up on V8/early and a handful of other tests.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::uncheckedActivationRegister):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::globalVarStoreElimination):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::uncheckedActivationRegisterFor):
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::isPhantomArguments):
-        (Node):
-        (JSC::DFG::Node::hasConstant):
-        (JSC::DFG::Node::valueOfJSConstant):
-        (JSC::DFG::Node::hasStructureTransitionData):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ConvertThis should just be a CheckStructure if the structure is known
-        https://bugs.webkit.org/show_bug.cgi?id=87057
-
-        Reviewed by Gavin Barraclough.
-        
-        Merged r118021 from dfgopt.
-        
-        This gives ValueProfile the ability to track singleton values - i.e. profiling
-        sites that always see the same value.
-        
-        That is then used to profile the structure in op_convert_this.
-        
-        This is then used to optimize op_convert_this into a CheckStructure if the
-        structure is always the same.
-        
-        That then results in better CSE in inlined code that uses 'this', since
-        previously we couldn't CSE accesses on 'this' from different inline call frames.
-        
-        Also fixed a bug where we were unnecessarily flushing 'this'.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::stronglyVisitStrongReferences):
-        * bytecode/LazyOperandValueProfile.cpp:
-        (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
-        * bytecode/LazyOperandValueProfile.h:
-        (CompressedLazyOperandValueProfileHolder):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfileBase::ValueProfileBase):
-        (JSC::ValueProfileBase::dump):
-        (JSC::ValueProfileBase::computeUpdatedPrediction):
-        (ValueProfileBase):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSValue.h:
-        (JSValue):
-        * runtime/Structure.h:
-        (JSC::JSValue::structureOrUndefined):
-        (JSC):
-
-2012-05-24  Tim Horton  <timothy_horton@apple.com>
-
-        Add feature defines for web-facing parts of CSS Regions and Exclusions
-        https://bugs.webkit.org/show_bug.cgi?id=87442
-        <rdar://problem/10887709>
-
-        Reviewed by Dan Bernstein.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        WebKit should be lazy-finalization-safe (esp. the DOM)
-        https://bugs.webkit.org/show_bug.cgi?id=87456
-
-        Reviewed by Filip Pizlo.
-
-        Lazy finalization adds one twist to weak pointer use:
-
-                A HashMap of weak pointers may contain logically null entries.
-                (Weak pointers behave as-if null once their payloads die.)
-                Insertion must not assume that a pre-existing entry is
-                necessarily valid, and iteration must not assume that all
-                entries can be dereferenced.
-
-        (Previously, I thought that it also added a second twist:
-
-                A demand-allocated weak pointer may replace a dead payload
-                before the payload's finalizer runs. In that case, when the
-                payload's finalizer runs, the payload has already been
-                overwritten, and the finalizer should not clear the payload,
-                which now points to something new.
-
-        But that's not the case here, since we cancel the old payload's
-        finalizer when we over-write it. I've added ASSERTs to verify this
-        assumption, in case it ever changes.)
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::prototype): No need to specify null; that's the default.
-
-        * API/JSWeakObjectMapRefPrivate.cpp: Use remove, since take() is gone.
-
-        * heap/PassWeak.h:
-        (WeakImplAccessor::was): This is no longer a debug-only function, since
-        it's required to reason about lazily finalized pointers.
-
-        * heap/Weak.h:
-        (JSC::weakAdd):
-        (JSC::weakRemove):
-        (JSC::weakClear): Added these helper functions for the common idioms of
-        what clients want to do in their weak pointer finalizers.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub): Use the new idioms. Otherwise, we
-        would return NULL for a "zombie" executable weak pointer that was waiting
-        for finalization (item (2)), and finalizing a dead executable weak pointer
-        would potentially destroy a new, live one (item (1)).
-
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::finalize): Ditto.
-
-        (JSC::RegExpCache::invalidateCode): Check for null while iterating. (See
-        item (2).)
-
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::contains):
-        (JSC::StructureTransitionTable::add): Use get and set instead of add and
-        contains, since add and contains are not compatible with lazy finalization.
-
-        * runtime/WeakGCMap.h:
-        (WeakGCMap):
-        (JSC::WeakGCMap::clear):
-        (JSC::WeakGCMap::remove): Removed a bunch of code that was incompatible with
-        lazy finalization because I didn't feel like making it compatible, and I had
-        no way to test it.
-
-2012-05-24  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r118013-r118031): Loops/Reloads under www.yahoo.com, quits after three tries with error
-        https://bugs.webkit.org/show_bug.cgi?id=87327
-
-        Reviewed by Geoffrey Garen.
-        
-        If you use AbstractValue::filter(StructureSet) to test subset relationships between TOP and a
-        set containing >=2 elements, you're going to have a bad time.
-        
-        That's because AbstractValue considers a set with >=2 elements to be equivalent to TOP, in order
-        to save space and speed up convergence. So filtering has no effect in this case, which made
-        the code think that the abstract value was proving that the structure check was unnecessary.
-        The correct thing to do is to use isSubsetOf() on the StructureAbstractValue, which does the
-        right thingies for TOP and >=2 elements.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-24  Filip Pizlo  <fpizlo@apple.com>
-
-        new test fast/js/dfg-arguments-mixed-alias.html fails on JSVALUE32_64
-        https://bugs.webkit.org/show_bug.cgi?id=87378
-
-        Reviewed by Gavin Barraclough.
-        
-        - Captured variable tracking forgot did not consistently handle arguments, leading to OSR
-          badness.
-        
-        - Nodes capable of exiting were tracked in a non-monotonic way, leading to compiler errors.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::CSEPhase):
-        (CSEPhase):
-        (JSC::DFG::performCSE):
-        * dfg/DFGCSEPhase.h:
-        (DFG):
-        * dfg/DFGCommon.h:
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::resetExitStates):
-        (DFG):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGPhase.h:
-        (DFG):
-        (JSC::DFG::runPhase):
-
-2012-05-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Made WeakSet per-block instead of per-heap
-        https://bugs.webkit.org/show_bug.cgi?id=87401
-
-        Reviewed by Oliver Hunt.
-
-        This allows us fast access to the set of all weak pointers for a block,
-        which is a step toward lazy finalization.
-
-        No performance change.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::lastChanceToFinalize): Removed the per-heap weak set, since
-        it's per-block now.
-
-        (JSC::Heap::markRoots): Delegate weak set visiting to the marked space,
-        since it knows how to iterate all blocks.
-
-        (JSC::Heap::collect): Moved the reaping outside of markRoots, since it
-        doesn't mark anything.
-
-        Make sure to reset allocators after shrinking, since shrinking may
-        deallocate the current allocator.
-
-        * heap/Heap.h:
-        (Heap): No more per-heap weak set, since it's per-block now.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC::MarkedBlock::lastChanceToFinalize): Migrated finalization logic
-        here from the heap, so the heap doesn't need to know about our internal
-        data structures like our weak set.
-
-        (JSC::MarkedBlock::heap):
-        (JSC::MarkedBlock::weakSet):
-        (JSC::MarkedBlock::shrink):
-        (JSC::MarkedBlock::resetAllocator):
-        (JSC::MarkedBlock::visitWeakSet):
-        (JSC::MarkedBlock::reapWeakSet):
-        (JSC::MarkedBlock::sweepWeakSet):
-        * heap/MarkedSpace.cpp:
-        (JSC::VisitWeakSet::VisitWeakSet):
-        (JSC::VisitWeakSet::operator()):
-        (VisitWeakSet):
-        (JSC):
-        (JSC::ReapWeakSet::operator()):
-        (JSC::SweepWeakSet::operator()):
-        (JSC::LastChanceToFinalize::operator()):
-        (JSC::MarkedSpace::lastChanceToFinalize):
-        (JSC::ResetAllocator::operator()):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::visitWeakSets):
-        (JSC::MarkedSpace::reapWeakSets):
-        (JSC::MarkedSpace::sweepWeakSets):
-        (JSC::Shrink::operator()):
-        (JSC::MarkedSpace::shrink):
-        * heap/MarkedSpace.h:
-        (MarkedSpace): Make sure to account for our weak sets when sweeping,
-        shrinking, etc.
-
-        * heap/WeakSet.cpp:
-        (JSC):
-        * heap/WeakSet.h:
-        (WeakSet):
-        (JSC::WeakSet::heap):
-        (JSC):
-        (JSC::WeakSet::lastChanceToFinalize):
-        (JSC::WeakSet::visit):
-        (JSC::WeakSet::reap):
-        (JSC::WeakSet::shrink):
-        (JSC::WeakSet::resetAllocator): Inlined some things since they're called
-        once per block now instead of once per heap.
-
-        * heap/WeakSetInlines.h:
-        (JSC::WeakSet::allocate): Use the per-block weak set since there is no
-        per-heap weak set anymore.
-
-2012-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Fix arm build
-
-        Rubber stamped by Geoff Garen
-
-        * dfg/DFGGPRInfo.h:
-        (GPRInfo):
-
-2012-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Move cacheFlush from ExecutableAllocator to Assembler classes
-        https://bugs.webkit.org/show_bug.cgi?id=87420
-
-        Reviewed by Oliver Hunt.
-
-        Makes more sense there, & remove a pile of #ifdefs.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC):
-        (JSC::ARMAssembler::cacheFlush):
-        * assembler/ARMAssembler.h:
-        (ARMAssembler):
-        (JSC::ARMAssembler::cacheFlush):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::relinkJump):
-        (JSC::ARMv7Assembler::cacheFlush):
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::setInt32):
-        (JSC::ARMv7Assembler::setUInt7ForLoad):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::cacheFlush):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::performFinalization):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::relinkJump):
-        (JSC::MIPSAssembler::relinkCall):
-        (JSC::MIPSAssembler::repatchInt32):
-        (JSC::MIPSAssembler::cacheFlush):
-        (MIPSAssembler):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::repatchCompact):
-        (JSC::SH4Assembler::cacheFlush):
-        (SH4Assembler):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::cacheFlush):
-        * jit/ExecutableAllocator.cpp:
-        (JSC):
-        * jit/ExecutableAllocator.h:
-        (ExecutableAllocator):
-
-2012-05-24  John Mellor  <johnme@chromium.org>
-
-        Font Boosting: Add compile flag and runtime setting
-        https://bugs.webkit.org/show_bug.cgi?id=87394
-
-        Reviewed by Adam Barth.
-
-        Add ENABLE_FONT_BOOSTING.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-24  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
-
-        cti_vm_throw gets kicked out by gcc 4.6 -flto
-        https://bugs.webkit.org/show_bug.cgi?id=56088
-
-        Reviewed by Darin Adler.
-
-        Add REFERENCED_FROM_ASM to functions only referenced from assembler.
-
-        * dfg/DFGOperations.cpp:
-        * jit/HostCallReturnValue.h:
-        * jit/JITStubs.h:
-        * jit/ThunkGenerators.cpp:
-
-2012-05-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Incorrect merge of r117542 from dfg opt branch in r118323 is leading to fast/js/dfg-arguments-osr-exit.html failing
-        https://bugs.webkit.org/show_bug.cgi?id=87350
-
-        Reviewed by Maciej Stachowiak.
-        
-        The dfgopt branch introduced the notion of a local variable being killed because it was aliased
-        to the Arguments object as in cases like:
-        
-        var a = arguments;
-        return a.length;
-        
-        This required changes to OSR exit handling - if the variable is dead but aliased to arguments, then
-        OSR exit should reify the arguments. But meanwhile, in tip of tree we introduced special handling for
-        dead variables on OSR exit. When the two were merged in r118323, the structure of the if/else branches
-        ended up being such that we would treat dead arguments variables as totally dead as opposed to treating
-        them as variables that need arguments reification.
-        
-        This fixes the structure of the relevant if/else block so that variables that are dead-but-arguments
-        end up being treated as reified arguments objects, while variables that are dead but not aliased to
-        arguments are treated as tip of tree would have treated them (initialize to Undefined).
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-24  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed 32 bit buildfix after r118325.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): Use ASSERT_UNUSED instead ASSERT.
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG operationTearOffActivation should return after handling the null activation case
-        https://bugs.webkit.org/show_bug.cgi?id=87348
-        <rdar://problem/11522295>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGOperations.cpp:
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, merge the arguments fix in r118138 to get bots green.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-
-2012-05-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA should record if a node can OSR exit
-        https://bugs.webkit.org/show_bug.cgi?id=86905
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r117931 from dfgopt.
-        
-        Adds a NodeFlag that denotes nodes that are known to not have OSR exits.
-        This ought to aid any backwards analyses that need to know when a
-        backward flow merge might happen due to a side exit.
-        
-        Also added assertions into speculationCheck() that ensure that we did not
-        mark a node as non-exiting and then promptly compile in an exit. This
-        helped catch some minor bugs where we were doing unnecessary speculation
-        checks.
-        
-        This is a perf-neutral change. The speculation checks that this removes
-        were not on hot paths of major benchmarks.
-
-        * bytecode/PredictedType.h:
-        (JSC):
-        (JSC::isAnyPrediction):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::speculateInt32Unary):
-        (AbstractState):
-        (JSC::DFG::AbstractState::speculateNumberUnary):
-        (JSC::DFG::AbstractState::speculateBooleanUnary):
-        (JSC::DFG::AbstractState::speculateInt32Binary):
-        (JSC::DFG::AbstractState::speculateNumberBinary):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::mergeFlags):
-        (JSC::DFG::Node::filterFlags):
-        (Node):
-        (JSC::DFG::Node::setCanExit):
-        (JSC::DFG::Node::canExit):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not do unnecessary indirections when storing to objects
-        https://bugs.webkit.org/show_bug.cgi?id=86959
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r117819 from dfgopt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize aliased uses of the Arguments object of the current call frame
-        https://bugs.webkit.org/show_bug.cgi?id=86552
-
-        Reviewed by Geoff Garen.
-        
-        Merged r117542 and r117543 from dfgopt.
-        
-        Performs must-alias and escape analysis on uses of CreateArguments, and if
-        a variable is must-aliased to CreateArguments and does not escape, then we
-        turn all uses of that variable into direct arguments accesses.
-        
-        36% speed-up on V8/earley leading to a 2.3% speed-up overall in V8.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::uncheckedArgumentsRegister):
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::argumentsThatWereNotCreated):
-        (ValueRecovery):
-        (JSC::ValueRecovery::dump):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAdjacencyList.h:
-        (AdjacencyList):
-        (JSC::DFG::AdjacencyList::removeEdgeFromBag):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (ArgumentsSimplificationPhase):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
-        (AssemblyHelpers):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
-        * dfg/DFGGPRInfo.h:
-        (GPRInfo):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::collectGarbage):
-        (DFG):
-        * dfg/DFGGraph.h:
-        (Graph):
-        (JSC::DFG::Graph::executableFor):
-        (JSC::DFG::Graph::argumentsRegisterFor):
-        (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
-        (JSC::DFG::Graph::clobbersWorld):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasHeapPrediction):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler.h:
-        (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
-        (OSRExitCompiler):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::ValueSource::dump):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::isArgumentsAlias):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFGCapabilities should not try to get an arguments register from code blocks that don't have one
-        https://bugs.webkit.org/show_bug.cgi?id=87332
-
-        Reviewed by Andy Estes.
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineOpcode):
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have sparse conditional constant propagation
-        https://bugs.webkit.org/show_bug.cgi?id=86580
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r117370 from dfgopt.
-        
-        This enhances CFA so that if it suspects at any point during the fixpoint that a
-        branch will only go one way, then it only propagates in that one way.
-        
-        This vastly increases the opportunities for CFG simplification. For example, it
-        enables us to evaporate this loop:
-        
-        for (var i = 0; i < 1; ++i) doThings(i);
-        
-        As a result, it uncovered loads of bugs in the CFG simplifier. In particular:
-        
-        - Phi fixup was assuming that all Phis worth fixing up are shouldGenerate().
-          That's not true; we also fixup Phis that are dead.
-          
-        - GetLocal fixup was assuming that it's only necessary to rewire links to a
-          GetLocal, and that the GetLocal's own links don't need to be rewired. Untrue,
-          because the GetLocal may not be rewirable (first block has no GetLocal for r42
-          but second block does have a GetLocal), in which case it will refer to a Phi
-          in the second block. We need it to refer to a Phi from the first block to
-          ensure that subsequent transformations work.
-          
-        - Tail operand fixup was ignoring the fact that Phis in successors may contain
-          references to the children of our tail variables. Hence, successor Phi child
-          substitution needs to use the original second block variable table as its
-          prior, rather than trying to reconstruct the prior later (since by that point
-          the children of the second block's tail variables will have been fixed up, so
-          we will not know what the prior would have been).
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::reset):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::branchDirectionToString):
-        (AbstractState):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
-        (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
-        (OperandSubstitution):
-        (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::recordPossibleIncomingReference):
-        (CFGSimplificationPhase):
-        (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::changeEdge):
-
-2012-05-23  Ojan Vafai  <ojan@chromium.org>
-
-        add back the ability to disable flexbox
-        https://bugs.webkit.org/show_bug.cgi?id=87147
-
-        Reviewed by Tony Chang.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix Windows build.
-
-        * bytecode/CodeBlock.h:
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canCompileOpcodes):
-        * dfg/DFGCommon.h:
-        (DFG):
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize inlined uses of arguments.length and arguments[i]
-        https://bugs.webkit.org/show_bug.cgi?id=86327
-
-        Reviewed by Gavin Barraclough.
-        
-        Merged r117017 from dfgopt.
-        
-        Turns inlined uses of arguments.length into a constant.
-        
-        Turns inlined uses of arguments[constant] into a direct reference to the
-        argument.
-        
-        Big win on micro-benchmarks. Not yet a win on V8 because the hot uses of
-        arguments.length and arguments[i] are aliased. I'll leave the aliasing
-        optimizations to a later patch.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/DFGExitProfile.h:
-        (FrequentExitSite):
-        (JSC::DFG::FrequentExitSite::FrequentExitSite):
-        (JSC::DFG::QueryableExitProfile::hasExitSite):
-        (QueryableExitProfile):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArgumentsSimplificationPhase.cpp: Added.
-        (DFG):
-        (ArgumentsSimplificationPhase):
-        (JSC::DFG::ArgumentsSimplificationPhase::ArgumentsSimplificationPhase):
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::performArgumentsSimplification):
-        * dfg/DFGArgumentsSimplificationPhase.h: Added.
-        (DFG):
-        * dfg/DFGAssemblyHelpers.cpp:
-        (JSC::DFG::AssemblyHelpers::executableFor):
-        (DFG):
-        * dfg/DFGAssemblyHelpers.h:
-        (AssemblyHelpers):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getLocalLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::Graph):
-        (JSC::DFG::Graph::executableFor):
-        (Graph):
-        (JSC::DFG::Graph::clobbersWorld):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToConstant):
-        (JSC::DFG::Node::convertToGetLocalUnlinked):
-        (Node):
-        (JSC::DFG::Node::unlinkedLocal):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to optimize foo.apply(bar, arguments)
-        https://bugs.webkit.org/show_bug.cgi?id=86306
-
-        Reviewed by Gavin Barraclough.
-        
-        Merge r116912 from dfgopt.
-        
-        Enables compilation of op_jneq_ptr and some forms of op_call_varargs.
-        
-        Also includes a bunch of bug fixes that were made necessary by the increased
-        pressure on the CFG simplifier.
-        
-        This is a 1-2% win on V8.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::ProgramCodeBlock::canCompileWithDFGInternal):
-        (JSC::EvalCodeBlock::canCompileWithDFGInternal):
-        (JSC::FunctionCodeBlock::canCompileWithDFGInternal):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::canCompileWithDFG):
-        (JSC::CodeBlock::canCompileWithDFGState):
-        (ProgramCodeBlock):
-        (EvalCodeBlock):
-        (FunctionCodeBlock):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getLocalLoadElimination):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::debugFail):
-        (DFG):
-        (JSC::DFG::canHandleOpcodes):
-        (JSC::DFG::canCompileOpcodes):
-        (JSC::DFG::canInlineOpcodes):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        (DFG):
-        (JSC::DFG::canCompileOpcodes):
-        (JSC::DFG::canCompileEval):
-        (JSC::DFG::canCompileProgram):
-        (JSC::DFG::canCompileFunctionForCall):
-        (JSC::DFG::canCompileFunctionForConstruct):
-        * dfg/DFGCommon.h:
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGValidate.cpp:
-        (Validate):
-        (JSC::DFG::Validate::validate):
-        (JSC::DFG::Validate::checkOperand):
-        (JSC::DFG::Validate::reportValidationContext):
-        * jit/JIT.cpp:
-        (JSC::JIT::emitOptimizationCheck):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::compileBinaryArithOp):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * tools/CodeProfile.cpp:
-        (JSC::CodeProfile::sample):
-
-2012-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored WeakBlock to use malloc, clarify behavior
-        https://bugs.webkit.org/show_bug.cgi?id=87318
-
-        Reviewed by Filip Pizlo.
-
-        We want to use malloc so we can make these smaller than 4KB,
-        since an individual MarkedBlock will usually have fewer than
-        4KB worth of weak pointers.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots): Renamed visitLiveWeakImpls to visit, since
-        we no longer need to distinguish from "visitDeadWeakImpls".
-
-        Renamed "visitDeadWeakImpls" to "reap" because we're not actually
-        doing any visiting -- we're just tagging things as dead.
-
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::create):
-        (JSC::WeakBlock::destroy):
-        (JSC::WeakBlock::WeakBlock): Malloc!
-
-        (JSC::WeakBlock::visit):
-        (JSC::WeakBlock::reap): Renamed as above.
-
-        * heap/WeakBlock.h:
-        (WeakBlock): Reduced to 3KB, as explained above.
-
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::visit):
-        (JSC::WeakSet::reap):
-        * heap/WeakSet.h:
-        (WeakSet): Updated for renames, and to match WebKit style.
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Use after free in JSC::DFG::ByteCodeParser::processPhiStack
-        https://bugs.webkit.org/show_bug.cgi?id=87312
-        <rdar://problem/11518848>
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::parse):
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to make C function calls from DFG code on ARM in debug mode
-        https://bugs.webkit.org/show_bug.cgi?id=87313
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2012-05-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to inline functions that use arguments reflectively
-        https://bugs.webkit.org/show_bug.cgi?id=86132
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r116838 from dfgopt.
-        
-        This turns on inlining of functions that use arguments reflectively, but it
-        does not do any of the obvious optimizations that this exposes. I'll save that
-        for another patch - the important thing for now is that this contains all of
-        the plumbing necessary to make this kind of inlining sound even in bizarro
-        cases like an inline callee escaping the arguments object to parts of the
-        inline caller where the arguments are otherwise dead. Or even more fun cases
-        like where you've inlined to an inline stack that is three-deep, and the
-        function on top of the inline stack reflectively accesses the arguments of a
-        function that is in the middle of the inline stack. Any subsequent
-        optimizations that we do for the obvious cases of arguments usage in inline
-        functions will have to take care not to break the baseline functionality that
-        this patch plumbs together.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
-        (AssemblyHelpers):
-        * dfg/DFGByteCodeParser.cpp:
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/CallFrame.cpp:
-        (JSC):
-        (JSC::CallFrame::someCodeBlockForPossiblyInlinedCode):
-        * interpreter/CallFrame.h:
-        (ExecState):
-        (JSC::ExecState::someCodeBlockForPossiblyInlinedCode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::retrieveArgumentsFromVMCode):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::tearOff):
-        (JSC):
-        (JSC::Arguments::tearOffForInlineCallFrame):
-        * runtime/Arguments.h:
-        (Arguments):
-        (JSC::Arguments::create):
-        (JSC::Arguments::finishCreation):
-        (JSC):
-
-2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Every OSR exit on ARM results in a crash
-        https://bugs.webkit.org/show_bug.cgi?id=87307
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-
-2012-05-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Refactored heap tear-down to use normal value semantics (i.e., destructors)
-        https://bugs.webkit.org/show_bug.cgi?id=87302
-
-        Reviewed by Oliver Hunt.
-
-        This is a step toward incremental DOM finalization.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::~CopiedSpace):
-        * heap/CopiedSpace.h:
-        (CopiedSpace): Just use our destructor, instead of relying on the heap
-        to send us a special message at a special time.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap): Use OwnPtr for m_markListSet because this is not Sparta.
-
-        (JSC::Heap::~Heap): No need for delete or freeAllBlocks because normal
-        destructors do this work automatically now.
-
-        (JSC::Heap::lastChanceToFinalize): Just call lastChanceToFinalize on our
-        sub-objects, and assume it does the right thing. This improves encapsulation,
-        so we can add items requiring finalization to our sub-objects.
-
-        * heap/Heap.h: Moved m_blockAllocator to get the right destruction order.
-
-        * heap/MarkedSpace.cpp:
-        (Take):
-        (JSC):
-        (JSC::Take::Take):
-        (JSC::Take::operator()):
-        (JSC::Take::returnValue): Moved to the top of the file so it can be used
-        in another function.
-
-        (JSC::MarkedSpace::~MarkedSpace): Delete all outstanding memory, like a good
-        destructor should.
-
-        (JSC::MarkedSpace::lastChanceToFinalize): Moved some code here from the heap,
-        since it pertains to our internal implementation details.
-
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::lastChanceToFinalize):
-        * heap/WeakBlock.h:
-        (WeakBlock):
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::lastChanceToFinalize):
-        * heap/WeakSet.h:
-        (WeakSet): Stop using a special freeAllBlocks() callback and just implement
-        lastChanceToFinalize.
-
-2011-05-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Encapsulated some calculations for whether portions of the heap are empty
-        https://bugs.webkit.org/show_bug.cgi?id=87210
-
-        Reviewed by Gavin Barraclough.
-
-        This is a step toward incremental DOM finalization.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::~Heap): Explicitly call freeAllBlocks() instead of relying
-        implicitly on all blocks thinking they're empty. In future, we may
-        choose to tear down the heap without first setting all data structures
-        to "empty".
-
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isEmpty):
-        (JSC::MarkedBlock::gatherDirtyCells): Renamed markCountIsZero to isEmpty,
-        in preparation for making it check for outstanding finalizers in addition
-        to marked cells.
-
-        * heap/MarkedSpace.cpp:
-        (Take):
-        (JSC::Take::Take):
-        (JSC::Take::operator()):
-        (JSC::Take::returnValue):
-        (JSC::MarkedSpace::shrink):
-        (JSC::MarkedSpace::freeAllBlocks): Refactored the "Take" functor to support
-        a conditional isEmpty check, so it dould be shared by shrink() and freeAllBlocks().
-
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::WeakBlock):
-        (JSC::WeakBlock::visitLiveWeakImpls):
-        (JSC::WeakBlock::visitDeadWeakImpls):
-        * heap/WeakBlock.h:
-        (WeakBlock):
-        (JSC::WeakBlock::isEmpty):
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::sweep):
-        (JSC::WeakSet::shrink): Use isEmpty(), in preparation for changes in
-        its implementation.
-
-2012-05-23  Oswald Buddenhagen  <oswald.buddenhagen@nokia.com>
-
-        [Qt] Remove references to $$QT_SOURCE_TREE
-
-        With a modularized Qt, it's ambigious. What we really want is qtbase,
-        which qtcore is a proxy for (we assume it will always live in qtbase).
-
-        Reviewed by Tor Arne Vestbø.
-
-        * JavaScriptCore.pri:
-        * Target.pri:
-
-2012-05-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should allow inlining in case of certain arity mismatches
-        https://bugs.webkit.org/show_bug.cgi?id=86059
-
-        Reviewed by Geoff Garen.
-        
-        Merge r116620 from dfgopt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleInlining):
-
-2012-05-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG variable capture analysis should work even if the variables arose through inlining
-        https://bugs.webkit.org/show_bug.cgi?id=85945
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r116555 from dfgopt.
-        
-        This just changes how the DFG queries whether a variable is captured. It does not
-        change any user-visible behavior.
-        
-        As part of this change, I further solidified the policy that the CFA behaves in an
-        undefined way for captured locals and queries about their values will not yield
-        reliable results. This will likely be changed in the future, but for now it makes
-        sense.
-        
-        One fun part about this change is that it recognizes that the same variable may
-        be both captured and not, at the same time, because their live interval spans
-        inlining boundaries. This only happens in the case of arguments to functions that
-        capture their arguments, and this change treats them with just the right touch of
-        conservatism: they will be treated as if captured by the caller as well as the 
-        callee.
-        
-        Finally, this also adds captured variable reasoning to the InlineCallFrame, which
-        I thought might be useful for later tooling.
-        
-        This is perf-neutral, since it does it does not make the DFG take advantage of this
-        new functionality in any way. In particular, it is still the case that the DFG will
-        not inline functions that use arguments reflectively or that create activations.
-
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::needsActivation):
-        (JSC::CodeBlock::argumentIsCaptured):
-        (JSC::CodeBlock::localIsCaptured):
-        (JSC::CodeBlock::isCaptured):
-        * bytecode/CodeOrigin.h:
-        (InlineCallFrame):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::merge):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::newVariableAccessData):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::flushArgument):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (CFGSimplificationPhase):
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
-        * dfg/DFGCommon.h:
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::nameOfVariableAccessData):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::needsActivation):
-        (JSC::DFG::Graph::usesArguments):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeIsCaptured):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::isCaptured):
-
-2012-05-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should support op_get_argument_by_val and op_get_arguments_length
-        https://bugs.webkit.org/show_bug.cgi?id=85911
-
-        Reviewed by Oliver Hunt.
-        
-        Merged r116467 from dfgopt.
-        
-        This adds a simple and relatively conservative implementation of op_get_argument_by_val
-        and op_get_arguments_length. We can optimize these later. For now it's great to have
-        the additional coverage.
-        
-        This patch appears to be perf-neutral.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::addressFor):
-        (JSC::DFG::AssemblyHelpers::tagFor):
-        (JSC::DFG::AssemblyHelpers::payloadFor):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasHeapPrediction):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_argument_by_val):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_argument_by_val):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-05-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should support op_tear_off_arguments
-        https://bugs.webkit.org/show_bug.cgi?id=85847
-
-        Reviewed by Michael Saboff.
-        
-        Merged r116378 from dfgopt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-22  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        CopiedSpace::contains doesn't check for oversize blocks
-        https://bugs.webkit.org/show_bug.cgi?id=87180
-
-        Reviewed by Geoffrey Garen.
-
-        When doing a conservative scan we use CopiedSpace::contains to determine if a particular 
-        address points into the CopiedSpace. Currently contains() only checks if the address 
-        points to a block in to-space, which means that pointers to oversize blocks may not get scanned. 
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::tryReallocateOversize):
-        (JSC::CopiedSpace::doneFillingBlock):
-        (JSC::CopiedSpace::doneCopying):
-        * heap/CopiedSpace.h: Refactored CopiedSpace so that all blocks (oversize and to-space) are 
-        in a single hash set and bloom filter for membership testing.
-        (CopiedSpace):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::contains): We check for the normal block first. Since the oversize blocks are
-        only page aligned, rather than block aligned, we have to re-mask the ptr to check if it's in 
-        CopiedSpace. Also added a helper function of the same name that takes a CopiedBlock* and checks
-        if it's in CopiedSpace so that check isn't typed out twice.
-        (JSC):
-        (JSC::CopiedSpace::startedCopying):
-        (JSC::CopiedSpace::addNewBlock):
-
-2012-05-22  Geoffrey Garen  <ggaren@apple.com>
-
-        CopiedBlock and MarkedBlock should have proper value semantics (i.e., destructors)
-        https://bugs.webkit.org/show_bug.cgi?id=87172
-
-        Reviewed by Oliver Hunt and Phil Pizlo.
-
-        This enables MarkedBlock to own non-trivial sub-objects that require
-        destruction. It also fixes a FIXME about casting a CopiedBlock to a
-        MarkedBlock at destroy time.
-
-        CopiedBlock and MarkedBlock now accept an allocation chunk at create
-        time and return it at destroy time. Their client is expected to
-        allocate, recycle, and destroy these chunks.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::releaseFreeBlocks):
-        (JSC::BlockAllocator::blockFreeingThreadMain): Don't call MarkedBlock::destroy
-        because we expect that to be called before a block is put on our free
-        list now. Do manually deallocate our allocation chunk because that's
-        our job now.
-
-        * heap/BlockAllocator.h:
-        (BlockAllocator):
-        (JSC::BlockAllocator::allocate): Allocate never fails now. This is a
-        cleaner abstraction because only one object does all the VM allocation
-        and deallocation. Caching is an implementation detail.
-
-        (JSC::BlockAllocator::deallocate): We take an allocation chunk argument
-        instead of a block because we now expect the block to have been destroyed 
-        before we recycle its memory. For convenience, we still use the HeapBlock
-        class as our linked list node. This is OK because HeapBlock is a POD type.
-
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-        (JSC::CopiedBlock::create):
-        (JSC::CopiedBlock::destroy):
-        (JSC::CopiedBlock::CopiedBlock): Added proper create and destroy functions,
-        to match MarkedBlock.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::tryReallocateOversize):
-        (JSC::CopiedSpace::doneCopying):
-        (JSC::CopiedSpace::getFreshBlock):
-        (JSC::CopiedSpace::freeAllBlocks):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::recycleBlock): Make sure to call destroy before
-        returning a block to the BlockAllocator. Otherwise, our destructors
-        won't run. (If we get this wrong now, we'll get a compile error.)
-
-        * heap/HeapBlock.h:
-        (JSC::HeapBlock::HeapBlock): const!
-
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateBlock): No need to distinguish between
-        create and recycle -- MarkedBlock always accepts memory allocated by
-        its client now.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create): Don't allocate memory -- we assume that we're
-        passed already-allocated memory, to clarify the responsibility for VM
-        recycling.
-
-        (JSC::MarkedBlock::destroy): Do run our destructor before giving back
-        our VM -- that is the whole point of this patch.
-
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        * heap/MarkedSpace.cpp: const!
-
-        (JSC::MarkedSpace::freeBlocks): Make sure to call destroy before
-        returning a block to the BlockAllocator. Otherwise, our destructors
-        won't run. (If we get this wrong now, we'll get a compile error.)
-
-== Rolled over to ChangeLog-2012-05-22 ==

diff --git a/ChangeLog-2013-04-24 b/ChangeLog-2013-04-24
deleted file mode 100644 (file)
index d3b5d15..0000000
--- a/ChangeLog-2013-04-24
+++ /dev/null
@@ -1,29044 +0,0 @@
-2013-04-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA filters CheckFunction in a really weird way, and assumes that the function's structure won't change
-        https://bugs.webkit.org/show_bug.cgi?id=115077
-
-        Reviewed by Oliver Hunt.
-        
-        The filtering did three things that are unusual:
-        
-        1) AbstractValue::filterByValue() assumed that the passed value's structure wouldn't change, in
-           the sense that at it assumed it could use that value's *current* structure to do structure
-           filtering. Filtering by structure only makes sense if you can prove that the given value will
-           always have that structure (for example by either using a watchpoing or emitting code that
-           checks that structure at run-time).
-        
-        2) AbstractValue::filterByValue() and the CheckFunction case in AbstractState::executeEffects()
-           tried to invalidate the CFA based on whether the filtration led to an empty value. This is
-           well-intentioned, but it's not how the CFA currently works. It's inconsistent with other
-           parts of the CFA. We shouldn't introduce this feature into just one kind of filtration and
-           not have it elsewhere.
-        
-        3) The attempt to detect when the value was empty was actually implemented incorrectly. It
-           relied on AbstractValue::validate(). That method says that a concrete value does not belong
-           to the abstract value if it has a different structure. This makes sense for the other place
-           where AbstractValue::validate() is called: during OSR entry, where we are talking about a
-           JSValue that we see *right now*. It doesn't make sense in the CFA, since in the CFA any
-           value we observe in the code is a value whose structure may change when the code starts
-           running, and so we cannot use the value's current structure to infer things about the code
-           when it starts running.
-        
-        I fixed the above problems by (1) changing filterByValue() to not filter the structure, (2)
-        changing filterByValue() and the CheckFunction case to not invalidate the CFA, and (3)
-        making sure that nobody else was misusing AbstractValue::validate() (they weren't).
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::filterByValue):
-
-2013-04-23  Oliver Hunt  <oliver@apple.com>
-
-        Default ParserError() initialiser doesn't initialise all fields
-        https://bugs.webkit.org/show_bug.cgi?id=115074
-
-        Reviewed by Joseph Pecoraro.
-
-        Only the jsc command prompt depended on this, but we'll fix it to
-        be on the safe side.
-
-        * parser/ParserError.h:
-        (JSC::ParserError::ParserError):
-
-2013-04-23  Christophe Dumez  <ch.dumez@sisa.samsung.com>
-
-        Global constructors should be configurable and not enumerable
-        https://bugs.webkit.org/show_bug.cgi?id=110573
-
-        Reviewed by Geoffrey Garen.
-
-        Update JSObject::deleteProperty() so that mark to set the property
-        value to undefined if it is in static hashtable of properties. The
-        previous code was not doing anything in this case and this meant
-        we could not remove builtin DOMWindow properties such as
-        "ProgressEvent" even if marked as Deletable.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::deleteProperty):
-        * runtime/Lookup.h:
-        (JSC):
-        (JSC::putEntry):
-        (JSC::lookupPut):
-
-2013-04-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Filled out more cases of branch folding in bytecode when emitting
-        expressions into a branching context
-        https://bugs.webkit.org/show_bug.cgi?id=115057
-
-        Reviewed by Filip Pizlo.
-
-        This covers a few cases like:
-
-            - while (true) { }
-            - while (1) { }
-            - if (x) break;
-            - if (x) continue;
-            - if (boolean_expr == boolean_const) { }
-            - if (boolean_expr == 1_or_0) { }
-            - if (bitop == 1_or_0) { }
-
-        This also works, but will bring shame on your family:
-
-            - while ("hello world") { }
-
-        No change on the benchmarks we track, but a 2.5X speedup on a microbenchmark
-        that uses these techniques.
-
-        * JavaScriptCore.order: Order!
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitNewArray):
-        (JSC::BytecodeGenerator::emitThrowReferenceError):
-        (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::shouldEmitDebugHooks): Updated ancillary code
-        for interface simplifications.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ConstantNode::emitBytecodeInConditionContext): Constants can
-        jump unconditionally when used within a condition context.
-
-        (JSC::ConstantNode::emitBytecode):
-        (JSC::StringNode::jsValue): Gave constants a common base class so I
-        could implement their codegen just once.
-
-        (JSC::BinaryOpNode::emitBytecodeInConditionContext):
-        (JSC::canFoldToBranch):
-        (JSC::BinaryOpNode::tryFoldToBranch): Fold (!/=)= and (!/=)== where
-        appropriate. A lot of cases are not appropriate because of the surprising
-        type conversion semantics of ==. For example, if (number == true) { } is
-        not the same as if (number) { } because the former will up-convert true
-        to number and then do numeric comparison.
-
-        (JSC::singleStatement):
-        (JSC::IfElseNode::tryFoldBreakAndContinue):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::ContinueNode::trivialTarget):
-        (JSC::BreakNode::trivialTarget): Fold "if (expression) break" and
-        "if (expression) continue" into direct jumps from expression.
-
-        * parser/ASTBuilder.h:
-        (ASTBuilder):
-        (JSC::ASTBuilder::createIfStatement):
-        * parser/NodeConstructors.h:
-        (JSC::ConstantNode::ConstantNode):
-        (JSC):
-        (JSC::NullNode::NullNode):
-        (JSC::BooleanNode::BooleanNode):
-        (JSC::NumberNode::NumberNode):
-        (JSC::StringNode::StringNode):
-        (JSC::IfElseNode::IfElseNode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::isConstant):
-        (JSC::ExpressionNode::isBoolean):
-        (JSC::StatementNode::isBreak):
-        (JSC::StatementNode::isContinue):
-        (ConstantNode):
-        (JSC::ConstantNode::isPure):
-        (JSC::ConstantNode::isConstant):
-        (NullNode):
-        (JSC::NullNode::jsValue):
-        (JSC::BooleanNode::value):
-        (JSC::BooleanNode::isBoolean):
-        (JSC::BooleanNode::jsValue):
-        (JSC::NumberNode::value):
-        (NumberNode):
-        (JSC::NumberNode::jsValue):
-        (StringNode):
-        (BinaryOpNode):
-        (IfElseNode):
-        (ContinueNode):
-        (JSC::ContinueNode::isContinue):
-        (BreakNode):
-        (JSC::BreakNode::isBreak):
-        * parser/Parser.cpp:
-        (JSC::::parseIfStatement):
-        * parser/ResultType.h:
-        (JSC::ResultType::definitelyIsBoolean):
-        (ResultType):
-        * runtime/JSCJSValueInlines.h:
-        (JSC::JSValue::pureToBoolean):
-        * runtime/JSCell.h:
-        * runtime/JSCellInlines.h:
-        (JSC::JSCell::pureToBoolean): Updated for interface changes above.
-
-2013-04-23  Mark Lam  <mark.lam@apple.com>
-
-        Simplify the baseline JIT loop hint call site.
-        https://bugs.webkit.org/show_bug.cgi?id=115052.
-
-        Reviewed by Geoffrey Garen.
-
-        Moved the watchdog timer check after the JIT optimization check. This
-        ensures that the JIT opimization counter is incremented on every loop
-        hint even if the watchdog timer fires.
-
-        Removed the code that allows the JIT OSR to happen if the watchdog
-        timer fires but does not result in a termination. It is extremely rare
-        that the JIT optimization counter would trigger an OSR on the same pass
-        as when the watchdog timer fire. If it does happen, we'll simply hold
-        off on servicing the watchdog timer until the next pass (because it's
-        not time critical).
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_hint):
-        (JSC::JIT::emitSlow_op_loop_hint):
-
-2013-04-23  Roger Fong  <roger_fong@apple.com>
-
-        AppleWin build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2013-04-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Update public header documentation
-        https://bugs.webkit.org/show_bug.cgi?id=114841
-
-        Reviewed by Geoffrey Garen.
-
-        Added documentation for the newly added object lifetime-related stuff.
-
-        * API/JSManagedValue.h:
-        * API/JSVirtualMachine.h:
-
-2013-04-22  Mark Lam  <mark.lam@apple.com>
-
-        Fix a typo in MacroAssemblerARMv7.h.
-        https://bugs.webkit.org/show_bug.cgi?id=115011.
-
-        Reviewed by Geoffrey Garen.
-
-        * assembler/ARMAssembler.h: Fix a comment.
-        * assembler/ARMv7Assembler.h: Added some comments.
-        * assembler/MacroAssemblerARMv7.h:
-          - ARMAssembler::PL should be ARMv7Assembler::ConditionPL.
-
-2013-04-22  Julien Brianceau  <jbrianceau@nds.com>
-
-        Add branchAdd32 missing implementation in SH4 base JIT.
-        This should fix SH4 build, broken since r148893.
-        https://bugs.webkit.org/show_bug.cgi?id=114993.
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchAdd32):
-        (MacroAssemblerSH4):
-
-2013-04-22  Benjamin Poulain  <bpoulain@apple.com>
-
-        Windows build fix after r148921
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-22  Benjamin Poulain  <benjamin@webkit.org>
-
-        Remove the memory instrumentation code
-        https://bugs.webkit.org/show_bug.cgi?id=114931
-
-        Reviewed by Andreas Kling.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-22  Mark Lam  <mark.lam@apple.com>
-
-        Fix broken 32-bit build to green the bots.
-        https://bugs.webkit.org/show_bug.cgi?id=114968.
-
-        Unreviewed.
-
-        Basically, I moved a JIT::emit_op_loop_hint() and JIT::emitSlow_op_loop_hint()
-        into common code where they belong, instead of the 64-bit specific section.
-
-        Also fixed some SH4 assertions failures which were also caused by
-        https://bugs.webkit.org/show_bug.cgi?id=114963. Thanks to Julien Brianceau
-        for pointing this out.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchAdd32):
-        * jit/JITOpcodes.cpp:
-        (JSC):
-        (JSC::JIT::emit_op_loop_hint):
-        (JSC::JIT::emitSlow_op_loop_hint):
-
-2013-04-22  Oliver Hunt  <oliver@apple.com>
-
-        Perform null check before trying to use the result of readline()
-
-        RS=Gavin
-
-        * jsc.cpp:
-        (runInteractive):
-
-2013-04-22  Oliver Hunt  <oliver@apple.com>
-
-        Fix assertions to account for new Vector layout
-
-        RS=Gavin
-
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions):
-
-2013-04-22  Mark Lam  <mark.lam@apple.com>
-
-        Change baseline JIT watchdog timer check to use the proper fast slow path
-        infrastructure.
-        https://bugs.webkit.org/show_bug.cgi?id=114963.
-
-        Reviewed by Oliver Hunt.
-
-        Edit: The PositiveOrZero condition is added because it is needed for
-        the JIT optimization check. Previously, the JIT check branches around
-        the slow path if the test result is 'Signed' i.e. negative. Since we
-        now need to test for a condition that branches to the slow path (not
-        around it), we need the complement of 'Signed / Negative' i.e. Positive
-        or zero.
-
-        SH4 parts contributed by Julien Brianceau.
-
-        * assembler/ARMAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branchAdd32):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchAdd32):
-        * assembler/MacroAssemblerX86Common.h:
-        * assembler/SH4Assembler.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::emitEnterOptimizationCheck):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JSC::JIT::emitEnterOptimizationCheck):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_loop_hint):
-        (JSC::JIT::emitSlow_op_loop_hint):
-        (JSC::JIT::emit_op_enter):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_enter):
-
-2013-04-22  Andreas Kling  <akling@apple.com>
-
-        Shrink baseline size of WTF::Vector on 64-bit by switching to unsigned capacity and size.
-        <http://webkit.org/b/97268>
-        <rdar://problem/12376519>
-
-        Reviewed by Sam Weinig.
-
-        Update LLInt WTF::Vector offset constants to match the new memory layout.
-
-        * llint/LowLevelInterpreter.asm:
-
-2013-04-21  Oliver Hunt  <oliver@apple.com>
-
-        JS Lexer and Parser should be more informative when they encounter errors
-        https://bugs.webkit.org/show_bug.cgi?id=114924
-
-        Reviewed by Filip Pizlo.
-
-        Add new tokens to represent the various ways that parsing and lexing have failed.
-        This gives us the ability to produce better error messages in some cases,
-        and to indicate whether or not the failure was due to invalid source, or simply
-        early termination.
-
-        The jsc prompt now makes use of this so that you can write functions that
-        are more than one line long.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * jsc.cpp:
-        (stringFromUTF):
-        (jscSource):
-        (runInteractive):
-        * parser/Lexer.cpp:
-        (JSC::::parseFourDigitUnicodeHex):
-        (JSC::::parseIdentifierSlowCase):
-        (JSC::::parseString):
-        (JSC::::parseStringSlowCase):
-        (JSC::::lex):
-        * parser/Lexer.h:
-        (UnicodeHexValue):
-        (JSC::Lexer::UnicodeHexValue::UnicodeHexValue):
-        (JSC::Lexer::UnicodeHexValue::valueType):
-        (JSC::Lexer::UnicodeHexValue::isValid):
-        (JSC::Lexer::UnicodeHexValue::value):
-        (Lexer):
-        * parser/Parser.h:
-        (JSC::Parser::getTokenName):
-        (JSC::Parser::updateErrorMessageSpecialCase):
-        (JSC::::parse):
-        * parser/ParserError.h:
-        (ParserError):
-        (JSC::ParserError::ParserError):
-        * parser/ParserTokens.h:
-        * runtime/Completion.cpp:
-        (JSC):
-        (JSC::checkSyntax):
-        * runtime/Completion.h:
-        (JSC):
-
-2013-04-21  Mark Lam  <mark.lam@apple.com>
-
-        Refactor identical inline functions in JSVALUE64 and JSVALUE32_64 sections
-        out into the common section.
-        https://bugs.webkit.org/show_bug.cgi?id=114910.
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-
-2013-04-20  Allan Sandfeld Jensen  <allan.jensen@digia.com>
-
-        LLint should be able to use x87 instead of SSE for floating pointer
-        https://bugs.webkit.org/show_bug.cgi?id=112239
-
-        Reviewed by Filip Pizlo.
-
-        Implements LLInt floating point operations in x87, to ensure we support
-        x86 without SSE2.
-
-        X86 (except 64bit) now defaults to using x87 instructions in order to
-        support all 32bit x86 back to i686. The implementation uses the fucomi
-        instruction from i686 which sets the new minimum.
-
-        The FPU registers must always be empty on entering or exiting a function.
-        We make sure to only use two X87 registers, and they are always emptied
-        before calling deeper functions or returning from the LLInt.
-
-        * jit/JITStubs.cpp:
-        (JSC): Empty FPU registers before exiting.
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/instructions.rb:
-        * offlineasm/x86.rb:
-
-2013-04-19  Roger Fong  <roger_fong@apple.com>
-
-        Remove uses of WebKit_Source from AppleWin build in JavaScriptCore.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.make:
-        * JavaScriptCore.vcxproj/build-generated-files.sh:
-        * JavaScriptCore.vcxproj/copy-files.cmd:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
-
-2013-04-19  Benjamin Poulain  <bpoulain@apple.com>
-
-        Rename JSStringJoiner::build() to join()
-        https://bugs.webkit.org/show_bug.cgi?id=114845
-
-        Reviewed by Geoffrey Garen.
-
-        The method name build() came from StringBuilder history. It does not make much
-        sense on the StringJoiner.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-        (JSC::arrayProtoFuncToLocaleString):
-        (JSC::arrayProtoFuncJoin):
-        * runtime/JSStringJoiner.cpp:
-        (JSC::JSStringJoiner::join):
-        * runtime/JSStringJoiner.h:
-        (JSStringJoiner):
-
-2013-04-19  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. WebKit_Source is incorrectly set.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.make:
-
-2013-04-19  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] JSCore.gir.in has a few problems
-        https://bugs.webkit.org/show_bug.cgi?id=114710
-
-        Reviewed by Philippe Normand.
-
-        * GNUmakefile.am: Add the gobject introspection steps for JavaScriptCore here,
-        because they are shared between WebKit1 and WebKit2.
-        * JavaScriptCore.gir.in: Added. Moved from the WebKit1 directory. Now written
-        as foreign interfaces and referencing the javascriptcoregtk library.
-
-2013-04-18  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use StringJoiner to create the JSString of arrayProtoFuncToString
-        https://bugs.webkit.org/show_bug.cgi?id=114779
-
-        Reviewed by Geoffrey Garen.
-
-        The function arrayProtoFuncToString was just a glorified JSStringJoiner.
-        This patch replaces it by JSStringJoiner to simplify the code and enjoy any optimization
-        made on JSStringJoiner.
-
-        For some reason, this makes the execution 3.4% faster, despite having almost identical code.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncToString):
-
-2013-04-18  Oliver Hunt  <oliver@apple.com>
-
-        StackFrame::column() returning bogus value
-        https://bugs.webkit.org/show_bug.cgi?id=114840
-
-        Reviewed by Gavin Barraclough.
-
-        Don't add one part of the expression offset to the other part of the expression.
-        Make StackFrame::toString() include the column info.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::StackFrame::expressionInfo):
-        (JSC::StackFrame::toString):
-
-2013-04-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Crash beneath JSC::JIT::privateCompileSlowCases @ stephenrdonaldson.com
-        https://bugs.webkit.org/show_bug.cgi?id=114774
-
-        Reviewed by Geoffrey Garen.
-
-        We're not linking up all of the slow cases in the baseline JIT when compiling put_to_base.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_put_to_base):
-
-2013-04-18  Mark Lam  <mark.lam@apple.com>
-
-        Interpreter entry points should throw the TerminatedExecutionException from the caller frame.
-        https://bugs.webkit.org/show_bug.cgi?id=114816.
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-
-2013-04-18  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        LLInt ARM backend should not use the d8 register as scratch register
-        https://bugs.webkit.org/show_bug.cgi?id=114811
-
-        Reviewed by Filip Pizlo.
-
-        The d8 register must preserved across function calls and should
-        not used as scratch register. Changing it to d6.
-
-        * offlineasm/arm.rb:
-
-2013-04-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed HeapTimer::synchronize
-        https://bugs.webkit.org/show_bug.cgi?id=114832
-
-        Reviewed by Mark Hahnenberg.
-
-        HeapTimer::synchronize was a flawed attempt to make HeapTimer thread-safe.
-        Instead, we use proper locking now.
-
-        This is a slight API change, since the GC timer will now only fire in the
-        run loop that created the JS VM, even if another run loop later executes
-        some JS.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        * heap/HeapTimer.cpp:
-        (JSC):
-        * heap/HeapTimer.h:
-        (HeapTimer):
-
-2013-04-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Renamed JSGlobalData to VM
-        https://bugs.webkit.org/show_bug.cgi?id=114777
-
-        Reviewed by Phil Pizlo.
-
-        * API/APICast.h:
-        (JSC):
-        (toJS):
-        (toRef):
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (APIEntryShimWithoutLock):
-        (JSC::APIEntryShim::APIEntryShim):
-        (APIEntryShim):
-        (JSC::APIEntryShim::~APIEntryShim):
-        (JSC::APICallbackShim::APICallbackShim):
-        (JSC::APICallbackShim::~APICallbackShim):
-        (APICallbackShim):
-        * API/JSAPIWrapperObject.h:
-        (JSAPIWrapperObject):
-        * API/JSAPIWrapperObject.mm:
-        (JSC::::createStructure):
-        (JSC::JSAPIWrapperObject::JSAPIWrapperObject):
-        (JSC::JSAPIWrapperObject::finishCreation):
-        (JSC::JSAPIWrapperObject::visitChildren):
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        (JSReportExtraMemoryCost):
-        (JSSynchronousGarbageCollectForDebugging):
-        * API/JSCallbackConstructor.cpp:
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        (JSC::JSCallbackConstructor::finishCreation):
-        * API/JSCallbackConstructor.h:
-        (JSC::JSCallbackConstructor::createStructure):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::finishCreation):
-        (JSC::JSCallbackFunction::create):
-        * API/JSCallbackFunction.h:
-        (JSCallbackFunction):
-        (JSC::JSCallbackFunction::createStructure):
-        * API/JSCallbackObject.cpp:
-        (JSC::::create):
-        (JSC::::createStructure):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSCallbackObject):
-        (JSC::JSCallbackObject::setPrivateProperty):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::JSCallbackObject):
-        (JSC::::finishCreation):
-        (JSC::::put):
-        (JSC::::staticFunctionGetter):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::contextData):
-        (OpaqueJSClass::prototype):
-        * API/JSClassRef.h:
-        (OpaqueJSClassContextData):
-        * API/JSContext.mm:
-        (-[JSContext setException:]):
-        (-[JSContext initWithGlobalContextRef:]):
-        (+[JSContext contextWithGlobalContextRef:]):
-        * API/JSContextRef.cpp:
-        (JSContextGroupCreate):
-        (JSContextGroupRelease):
-        (JSGlobalContextCreate):
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRetain):
-        (JSGlobalContextRelease):
-        (JSContextGetGroup):
-        (JSContextCreateBacktrace):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectSetPrototype):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectDeleteProperty):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        (OpaqueJSPropertyNameArray::OpaqueJSPropertyNameArray):
-        (OpaqueJSPropertyNameArray):
-        (JSObjectCopyPropertyNames):
-        (JSPropertyNameArrayRelease):
-        (JSPropertyNameAccumulatorAddName):
-        * API/JSScriptRef.cpp:
-        (OpaqueJSScript::create):
-        (OpaqueJSScript::vm):
-        (OpaqueJSScript::OpaqueJSScript):
-        (OpaqueJSScript):
-        (parseScript):
-        * API/JSVirtualMachine.mm:
-        (scanExternalObjectGraph):
-        * API/JSVirtualMachineInternal.h:
-        (JSC):
-        * API/JSWrapperMap.mm:
-        (makeWrapper):
-        * API/ObjCCallbackFunction.h:
-        (JSC::ObjCCallbackFunction::createStructure):
-        * API/ObjCCallbackFunction.mm:
-        (JSC::ObjCCallbackFunction::create):
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::identifier):
-        * API/OpaqueJSString.h:
-        (JSC):
-        (OpaqueJSString):
-        * GNUmakefile.list.am:
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * KeywordLookupGenerator.py:
-        (Trie.printSubTreeAsC):
-        * Target.pri:
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::executableCopy):
-        * assembler/ARMAssembler.h:
-        (ARMAssembler):
-        * assembler/AssemblerBuffer.h:
-        (JSC::AssemblerBuffer::executableCopy):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (JSC::AssemblerBufferWithConstantPool::executableCopy):
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::linkCode):
-        * assembler/LinkBuffer.h:
-        (JSC):
-        (JSC::LinkBuffer::LinkBuffer):
-        (LinkBuffer):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::executableCopy):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::executableCopy):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::executableCopy):
-        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-        * bytecode/CallLinkInfo.cpp:
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/CallLinkInfo.h:
-        (CallLinkInfo):
-        * bytecode/CodeBlock.cpp:
-        (JSC::dumpStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::visitStructures):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::createActivation):
-        (JSC::CodeBlock::unlinkCalls):
-        (JSC::CodeBlock::unlinkIncomingCalls):
-        (JSC::CodeBlock::findClosureCallForReturnPC):
-        (JSC::ProgramCodeBlock::jettisonImpl):
-        (JSC::EvalCodeBlock::jettisonImpl):
-        (JSC::FunctionCodeBlock::jettisonImpl):
-        (JSC::CodeBlock::predictedMachineCodeSize):
-        (JSC::CodeBlock::usesOpcode):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::appendWeakReference):
-        (JSC::CodeBlock::appendWeakReferenceTransition):
-        (JSC::CodeBlock::setJITCode):
-        (JSC::CodeBlock::setGlobalData):
-        (JSC::CodeBlock::vm):
-        (JSC::CodeBlock::valueProfileForBytecodeOffset):
-        (JSC::CodeBlock::addConstant):
-        (JSC::CodeBlock::setConstantRegisters):
-        (CodeBlock):
-        (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::getSlow):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        (JSC::GetByIdStatus::computeForChain):
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/GetByIdStatus.h:
-        (GetByIdStatus):
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        * bytecode/ObjectAllocationProfile.h:
-        (JSC::ObjectAllocationProfile::initialize):
-        (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
-        * bytecode/PolymorphicAccessStructureList.h:
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        * bytecode/PolymorphicPutByIdList.h:
-        (JSC::PutByIdAccess::transition):
-        (JSC::PutByIdAccess::replace):
-        * bytecode/PreciseJumpTargets.cpp:
-        (JSC::computePreciseJumpTargets):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFromLLInt):
-        (JSC::PutByIdStatus::computeFor):
-        * bytecode/PutByIdStatus.h:
-        (JSC):
-        (PutByIdStatus):
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC::computeForStructure):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::notifyOfScope):
-        * bytecode/SamplingTool.h:
-        (JSC::ScriptSampleRecord::ScriptSampleRecord):
-        (SamplingTool):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::initGetByIdSelf):
-        (JSC::StructureStubInfo::initGetByIdProto):
-        (JSC::StructureStubInfo::initGetByIdChain):
-        (JSC::StructureStubInfo::initPutByIdTransition):
-        (JSC::StructureStubInfo::initPutByIdReplace):
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::generateFunctionCodeBlock):
-        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
-        (JSC::UnlinkedFunctionExecutable::link):
-        (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
-        (JSC::UnlinkedFunctionExecutable::codeBlockFor):
-        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC::UnlinkedFunctionExecutable::create):
-        (UnlinkedFunctionExecutable):
-        (JSC::UnlinkedFunctionExecutable::finishCreation):
-        (JSC::UnlinkedFunctionExecutable::createStructure):
-        (JSC::UnlinkedCodeBlock::addRegExp):
-        (JSC::UnlinkedCodeBlock::addConstant):
-        (JSC::UnlinkedCodeBlock::addFunctionDecl):
-        (JSC::UnlinkedCodeBlock::addFunctionExpr):
-        (JSC::UnlinkedCodeBlock::vm):
-        (UnlinkedCodeBlock):
-        (JSC::UnlinkedCodeBlock::finishCreation):
-        (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock):
-        (JSC::UnlinkedProgramCodeBlock::create):
-        (JSC::UnlinkedProgramCodeBlock::addFunctionDeclaration):
-        (JSC::UnlinkedProgramCodeBlock::UnlinkedProgramCodeBlock):
-        (JSC::UnlinkedProgramCodeBlock::createStructure):
-        (JSC::UnlinkedEvalCodeBlock::create):
-        (JSC::UnlinkedEvalCodeBlock::UnlinkedEvalCodeBlock):
-        (JSC::UnlinkedEvalCodeBlock::createStructure):
-        (JSC::UnlinkedFunctionCodeBlock::create):
-        (JSC::UnlinkedFunctionCodeBlock::UnlinkedFunctionCodeBlock):
-        (JSC::UnlinkedFunctionCodeBlock::createStructure):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::expectedFunctionForIdentifier):
-        (JSC::BytecodeGenerator::emitThrowReferenceError):
-        (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::vm):
-        (JSC::BytecodeGenerator::propertyNames):
-        (JSC::BytecodeGenerator::makeFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::RegExpNode::emitBytecode):
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        (JSC::InstanceOfNode::emitBytecode):
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions):
-        (JSC::evaluateInGlobalCallFrame):
-        * debugger/Debugger.h:
-        (JSC):
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        (JSC::DebuggerActivation::finishCreation):
-        * debugger/DebuggerActivation.h:
-        (JSC::DebuggerActivation::create):
-        (JSC::DebuggerActivation::createStructure):
-        (DebuggerActivation):
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::evaluate):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
-        (JSC::DFG::AssemblyHelpers::vm):
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
-        (AssemblyHelpers):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGByteCodeParser.h:
-        (JSC):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::CCallHelpers):
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::canHandleOpcodes):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::reportToProfiler):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGDriver.h:
-        (JSC):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
-        (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::Graph):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::JITCompiler):
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::putByVal):
-        (JSC::DFG::operationPutByValInternal):
-        (JSC::getHostCallReturnValueWithExecState):
-        * dfg/DFGPhase.h:
-        (JSC::DFG::Phase::vm):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::tryBuildPutByIdList):
-        (JSC::DFG::linkSlowFor):
-        (JSC::DFG::dfgLinkFor):
-        (JSC::DFG::dfgLinkSlowFor):
-        (JSC::DFG::dfgLinkClosureCall):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compileFromCharCode):
-        (JSC::DFG::SpeculativeJIT::compileMakeRope):
-        (JSC::DFG::SpeculativeJIT::compileStringEquality):
-        (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
-        (JSC::DFG::SpeculativeJIT::speculateObject):
-        (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
-        (JSC::DFG::SpeculativeJIT::speculateString):
-        (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-        (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
-        (JSC::DFG::slowPathFor):
-        (JSC::DFG::linkForThunkGenerator):
-        (JSC::DFG::linkCallThunkGenerator):
-        (JSC::DFG::linkConstructThunkGenerator):
-        (JSC::DFG::linkClosureCallThunkGenerator):
-        (JSC::DFG::virtualForThunkGenerator):
-        (JSC::DFG::virtualCallThunkGenerator):
-        (JSC::DFG::virtualConstructThunkGenerator):
-        * dfg/DFGThunks.h:
-        (JSC):
-        (DFG):
-        * heap/BlockAllocator.h:
-        (JSC):
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        (JSC::CopiedSpace::tryReallocate):
-        * heap/CopiedSpaceInlines.h:
-        (JSC::CopiedSpace::tryAllocate):
-        * heap/GCThreadSharedData.cpp:
-        (JSC::GCThreadSharedData::GCThreadSharedData):
-        (JSC::GCThreadSharedData::reset):
-        * heap/GCThreadSharedData.h:
-        (JSC):
-        (GCThreadSharedData):
-        * heap/HandleSet.cpp:
-        (JSC::HandleSet::HandleSet):
-        (JSC::HandleSet::~HandleSet):
-        (JSC::HandleSet::grow):
-        * heap/HandleSet.h:
-        (JSC):
-        (HandleSet):
-        (JSC::HandleSet::vm):
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC):
-        (JSC::Heap::lastChanceToFinalize):
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::stack):
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::deleteAllCompiledCode):
-        (JSC::Heap::collect):
-        (JSC::Heap::isValidAllocation):
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        (JSC::Heap::vm):
-        * heap/HeapTimer.cpp:
-        (JSC::HeapTimer::HeapTimer):
-        (JSC::HeapTimer::timerDidFire):
-        (JSC::HeapTimer::timerEvent):
-        * heap/HeapTimer.h:
-        (JSC):
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::sweepNextBlock):
-        (JSC::IncrementalSweeper::willFinishSweeping):
-        (JSC::IncrementalSweeper::create):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/Local.h:
-        (Local):
-        (JSC::::Local):
-        (JSC::LocalStack::LocalStack):
-        (JSC::LocalStack::push):
-        (LocalStack):
-        * heap/LocalScope.h:
-        (JSC):
-        (LocalScope):
-        (JSC::LocalScope::LocalScope):
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::addCurrentThread):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::vm):
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::SlotVisitor):
-        (JSC::SlotVisitor::setup):
-        * heap/Strong.h:
-        (JSC):
-        (Strong):
-        (JSC::Strong::operator=):
-        * heap/StrongInlines.h:
-        (JSC::::Strong):
-        (JSC::::set):
-        * heap/SuperRegion.h:
-        (JSC):
-        * heap/WeakSet.cpp:
-        * heap/WeakSet.h:
-        (WeakSet):
-        (JSC::WeakSet::WeakSet):
-        (JSC::WeakSet::vm):
-        * interpreter/AbstractPC.cpp:
-        (JSC::AbstractPC::AbstractPC):
-        * interpreter/AbstractPC.h:
-        (JSC):
-        (AbstractPC):
-        * interpreter/CachedCall.h:
-        (JSC::CachedCall::CachedCall):
-        * interpreter/CallFrame.h:
-        (ExecState):
-        (JSC::ExecState::clearException):
-        (JSC::ExecState::clearSupplementaryExceptionInfo):
-        (JSC::ExecState::exception):
-        (JSC::ExecState::hadException):
-        (JSC::ExecState::propertyNames):
-        (JSC::ExecState::emptyList):
-        (JSC::ExecState::interpreter):
-        (JSC::ExecState::heap):
-        (JSC::ExecState::arrayConstructorTable):
-        (JSC::ExecState::arrayPrototypeTable):
-        (JSC::ExecState::booleanPrototypeTable):
-        (JSC::ExecState::dateTable):
-        (JSC::ExecState::dateConstructorTable):
-        (JSC::ExecState::errorPrototypeTable):
-        (JSC::ExecState::globalObjectTable):
-        (JSC::ExecState::jsonTable):
-        (JSC::ExecState::mathTable):
-        (JSC::ExecState::numberConstructorTable):
-        (JSC::ExecState::numberPrototypeTable):
-        (JSC::ExecState::objectConstructorTable):
-        (JSC::ExecState::privateNamePrototypeTable):
-        (JSC::ExecState::regExpTable):
-        (JSC::ExecState::regExpConstructorTable):
-        (JSC::ExecState::regExpPrototypeTable):
-        (JSC::ExecState::stringConstructorTable):
-        (JSC::ExecState::abstractReturnPC):
-        * interpreter/CallFrameClosure.h:
-        (CallFrameClosure):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::eval):
-        (JSC::loadVarargs):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::appendSourceToError):
-        (JSC::getCallerInfo):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::retrieveArgumentsFromVMCode):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (JSC::TopCallFrameSetter::TopCallFrameSetter):
-        (JSC::TopCallFrameSetter::~TopCallFrameSetter):
-        (TopCallFrameSetter):
-        (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
-        (Interpreter):
-        * interpreter/JSStack.cpp:
-        (JSC::JSStack::JSStack):
-        * interpreter/JSStack.h:
-        (JSC):
-        * jit/ClosureCallStubRoutine.cpp:
-        (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
-        * jit/ClosureCallStubRoutine.h:
-        (ClosureCallStubRoutine):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::allocate):
-        * jit/ExecutableAllocator.h:
-        (JSC):
-        (ExecutableAllocator):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::allocate):
-        * jit/GCAwareJITStubRoutine.cpp:
-        (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
-        (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
-        (JSC::createJITStubRoutine):
-        * jit/GCAwareJITStubRoutine.h:
-        (GCAwareJITStubRoutine):
-        (MarkingGCAwareJITStubRoutineWithOneObject):
-        (JSC):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkFor):
-        (JSC::JIT::linkSlowCall):
-        * jit/JIT.h:
-        (JSC::JIT::compile):
-        (JSC::JIT::compileClosureCall):
-        (JSC::JIT::compileGetByIdProto):
-        (JSC::JIT::compileGetByIdSelfList):
-        (JSC::JIT::compileGetByIdProtoList):
-        (JSC::JIT::compileGetByIdChainList):
-        (JSC::JIT::compileGetByIdChain):
-        (JSC::JIT::compilePutByIdTransition):
-        (JSC::JIT::compileGetByVal):
-        (JSC::JIT::compilePutByVal):
-        (JSC::JIT::compileCTINativeCall):
-        (JSC::JIT::compilePatchGetArrayLength):
-        (JIT):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCallSlowCase):
-        (JSC::JIT::privateCompileClosureCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCallSlowCase):
-        (JSC::JIT::privateCompileClosureCall):
-        * jit/JITCode.h:
-        (JSC):
-        (JSC::JITCode::execute):
-        * jit/JITDriver.h:
-        (JSC::jitCompileIfAppropriate):
-        (JSC::jitCompileFunctionIfAppropriate):
-        * jit/JITExceptions.cpp:
-        (JSC::genericThrow):
-        (JSC::jitThrow):
-        * jit/JITExceptions.h:
-        (JSC):
-        * jit/JITInlines.h:
-        (JSC::JIT::emitLoadCharacterString):
-        (JSC::JIT::updateTopCallFrame):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emit_op_to_primitive):
-        (JSC::JIT::emitSlow_op_eq):
-        (JSC::JIT::emitSlow_op_neq):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_convert_this):
-        (JSC::JIT::emitSlow_op_convert_this):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompileGetByVal):
-        (JSC::JIT::privateCompilePutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::stringGetByValStubGenerator):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC):
-        (JSC::performPlatformSpecificJITAssertions):
-        (JSC::tryCachePutByID):
-        (JSC::tryCacheGetByID):
-        (JSC::returnToThrowTrampoline):
-        (JSC::throwExceptionFromOpCall):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::jitCompileFor):
-        (JSC::lazyLinkFor):
-        (JSC::putByVal):
-        * jit/JITStubs.h:
-        (JSC):
-        (JITStackFrame):
-        * jit/JITThunks.cpp:
-        (JSC::JITThunks::ctiNativeCall):
-        (JSC::JITThunks::ctiNativeConstruct):
-        (JSC::JITThunks::ctiStub):
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITThunks.h:
-        (JSC):
-        (JITThunks):
-        * jit/JITWriteBarrier.h:
-        (JSC):
-        (JSC::JITWriteBarrierBase::set):
-        (JSC::JITWriteBarrier::set):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::loadJSStringArgument):
-        (JSC::SpecializedThunkJIT::finalize):
-        * jit/ThunkGenerator.h:
-        (JSC):
-        * jit/ThunkGenerators.cpp:
-        (JSC::generateSlowCaseFor):
-        (JSC::linkForGenerator):
-        (JSC::linkCallGenerator):
-        (JSC::linkConstructGenerator):
-        (JSC::linkClosureCallGenerator):
-        (JSC::virtualForGenerator):
-        (JSC::virtualCallGenerator):
-        (JSC::virtualConstructGenerator):
-        (JSC::stringLengthTrampolineGenerator):
-        (JSC::nativeForGenerator):
-        (JSC::nativeCallGenerator):
-        (JSC::nativeConstructGenerator):
-        (JSC::stringCharLoad):
-        (JSC::charToString):
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        (JSC::powThunkGenerator):
-        * jit/ThunkGenerators.h:
-        (JSC):
-        * jsc.cpp:
-        (GlobalObject):
-        (GlobalObject::create):
-        (GlobalObject::createStructure):
-        (GlobalObject::finishCreation):
-        (GlobalObject::addFunction):
-        (GlobalObject::addConstructableFunction):
-        (functionDumpCallFrame):
-        (functionJSCStack):
-        (functionReleaseExecutableMemory):
-        (functionRun):
-        (main):
-        (runWithScripts):
-        (jscmain):
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LLIntData.h:
-        (JSC):
-        (Data):
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LLIntEntrypoints.cpp:
-        (JSC::LLInt::getFunctionEntrypoint):
-        (JSC::LLInt::getEvalEntrypoint):
-        (JSC::LLInt::getProgramEntrypoint):
-        * llint/LLIntEntrypoints.h:
-        (JSC):
-        (LLInt):
-        (JSC::LLInt::getEntrypoint):
-        * llint/LLIntExceptions.cpp:
-        (JSC::LLInt::interpreterThrowInCaller):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntOffsetsExtractor.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::llint_trace_operand):
-        (JSC::LLInt::llint_trace_value):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::shouldJIT):
-        (JSC::LLInt::handleHostCall):
-        (JSC::LLInt::setUpCall):
-        * llint/LLIntThunks.cpp:
-        (JSC::LLInt::generateThunkWithJumpTo):
-        (JSC::LLInt::functionForCallEntryThunkGenerator):
-        (JSC::LLInt::functionForConstructEntryThunkGenerator):
-        (JSC::LLInt::functionForCallArityCheckThunkGenerator):
-        (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
-        (JSC::LLInt::evalEntryThunkGenerator):
-        (JSC::LLInt::programEntryThunkGenerator):
-        * llint/LLIntThunks.h:
-        (JSC):
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter.cpp:
-        (JSC::CLoop::execute):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/cloop.rb:
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::ASTBuilder):
-        (JSC::ASTBuilder::createSourceElements):
-        (JSC::ASTBuilder::createCommaExpr):
-        (JSC::ASTBuilder::createLogicalNot):
-        (JSC::ASTBuilder::createUnaryPlus):
-        (JSC::ASTBuilder::createVoid):
-        (JSC::ASTBuilder::thisExpr):
-        (JSC::ASTBuilder::createResolve):
-        (JSC::ASTBuilder::createObjectLiteral):
-        (JSC::ASTBuilder::createArray):
-        (JSC::ASTBuilder::createNumberExpr):
-        (JSC::ASTBuilder::createString):
-        (JSC::ASTBuilder::createBoolean):
-        (JSC::ASTBuilder::createNull):
-        (JSC::ASTBuilder::createBracketAccess):
-        (JSC::ASTBuilder::createDotAccess):
-        (JSC::ASTBuilder::createRegExp):
-        (JSC::ASTBuilder::createNewExpr):
-        (JSC::ASTBuilder::createConditionalExpr):
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createFunctionExpr):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createArguments):
-        (JSC::ASTBuilder::createArgumentsList):
-        (JSC::ASTBuilder::createProperty):
-        (JSC::ASTBuilder::createPropertyList):
-        (JSC::ASTBuilder::createElementList):
-        (JSC::ASTBuilder::createFormalParameterList):
-        (JSC::ASTBuilder::createClause):
-        (JSC::ASTBuilder::createClauseList):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createBlockStatement):
-        (JSC::ASTBuilder::createExprStatement):
-        (JSC::ASTBuilder::createIfStatement):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::createEmptyStatement):
-        (JSC::ASTBuilder::createVarStatement):
-        (JSC::ASTBuilder::createReturnStatement):
-        (JSC::ASTBuilder::createBreakStatement):
-        (JSC::ASTBuilder::createContinueStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createSwitchStatement):
-        (JSC::ASTBuilder::createWhileStatement):
-        (JSC::ASTBuilder::createDoWhileStatement):
-        (JSC::ASTBuilder::createLabelStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::createThrowStatement):
-        (JSC::ASTBuilder::createDebugger):
-        (JSC::ASTBuilder::createConstStatement):
-        (JSC::ASTBuilder::appendConstDecl):
-        (JSC::ASTBuilder::addVar):
-        (JSC::ASTBuilder::combineCommaNodes):
-        (JSC::ASTBuilder::Scope::Scope):
-        (JSC::ASTBuilder::createNumber):
-        (ASTBuilder):
-        (JSC::ASTBuilder::makeTypeOfNode):
-        (JSC::ASTBuilder::makeDeleteNode):
-        (JSC::ASTBuilder::makeNegateNode):
-        (JSC::ASTBuilder::makeBitwiseNotNode):
-        (JSC::ASTBuilder::makeMultNode):
-        (JSC::ASTBuilder::makeDivNode):
-        (JSC::ASTBuilder::makeModNode):
-        (JSC::ASTBuilder::makeAddNode):
-        (JSC::ASTBuilder::makeSubNode):
-        (JSC::ASTBuilder::makeLeftShiftNode):
-        (JSC::ASTBuilder::makeRightShiftNode):
-        (JSC::ASTBuilder::makeURightShiftNode):
-        (JSC::ASTBuilder::makeBitOrNode):
-        (JSC::ASTBuilder::makeBitAndNode):
-        (JSC::ASTBuilder::makeBitXOrNode):
-        (JSC::ASTBuilder::makeFunctionCallNode):
-        (JSC::ASTBuilder::makeBinaryNode):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/Lexer.cpp:
-        (JSC::Keywords::Keywords):
-        (JSC::::Lexer):
-        (JSC::::parseIdentifier):
-        (JSC::::parseIdentifierSlowCase):
-        * parser/Lexer.h:
-        (JSC::Keywords::isKeyword):
-        (JSC::Keywords::getKeyword):
-        (Keywords):
-        (Lexer):
-        (JSC::::makeIdentifier):
-        (JSC::::makeRightSizedIdentifier):
-        (JSC::::makeIdentifierLCharFromUChar):
-        (JSC::::makeLCharIdentifier):
-        * parser/NodeConstructors.h:
-        (JSC::ParserArenaFreeable::operator new):
-        (JSC::ParserArenaDeletable::operator new):
-        (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
-        (JSC::PropertyNode::PropertyNode):
-        (JSC::ContinueNode::ContinueNode):
-        (JSC::BreakNode::BreakNode):
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.cpp:
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (ParserArenaFreeable):
-        (ParserArenaDeletable):
-        (ParserArenaRefCounted):
-        (ArrayNode):
-        (ForInNode):
-        (ContinueNode):
-        (BreakNode):
-        (ScopeNode):
-        (ProgramNode):
-        (EvalNode):
-        (FunctionBodyNode):
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        (JSC::::parseInner):
-        (JSC::::parseSourceElements):
-        (JSC::::parseTryStatement):
-        (JSC::::parseFunctionBody):
-        (JSC::::parseFunctionInfo):
-        (JSC::::parseAssignmentExpression):
-        (JSC::::parseProperty):
-        (JSC::::parsePrimaryExpression):
-        (JSC::::parseMemberExpression):
-        (JSC::::parseUnaryExpression):
-        * parser/Parser.h:
-        (JSC):
-        (JSC::Scope::Scope):
-        (JSC::Scope::declareVariable):
-        (JSC::Scope::declareParameter):
-        (Scope):
-        (Parser):
-        (JSC::Parser::pushScope):
-        (JSC::::parse):
-        (JSC::parse):
-        * parser/ParserArena.h:
-        (IdentifierArena):
-        (JSC::IdentifierArena::makeIdentifier):
-        (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
-        (JSC::IdentifierArena::makeNumericIdentifier):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::SyntaxChecker):
-        (JSC::SyntaxChecker::createProperty):
-        (JSC::SyntaxChecker::createGetterOrSetterProperty):
-        * profiler/LegacyProfiler.cpp:
-        (JSC::LegacyProfiler::startProfiling):
-        (JSC::LegacyProfiler::stopProfiling):
-        * profiler/LegacyProfiler.h:
-        (JSC):
-        * profiler/ProfilerBytecode.cpp:
-        (JSC::Profiler::Bytecode::toJS):
-        * profiler/ProfilerBytecodeSequence.cpp:
-        (JSC::Profiler::BytecodeSequence::BytecodeSequence):
-        (JSC::Profiler::BytecodeSequence::addSequenceProperties):
-        * profiler/ProfilerBytecodes.cpp:
-        (JSC::Profiler::Bytecodes::toJS):
-        * profiler/ProfilerCompilation.cpp:
-        (JSC::Profiler::Compilation::toJS):
-        * profiler/ProfilerCompiledBytecode.cpp:
-        (JSC::Profiler::CompiledBytecode::toJS):
-        * profiler/ProfilerDatabase.cpp:
-        (JSC::Profiler::Database::Database):
-        (JSC::Profiler::Database::toJS):
-        (JSC::Profiler::Database::toJSON):
-        * profiler/ProfilerDatabase.h:
-        (Database):
-        * profiler/ProfilerOSRExit.cpp:
-        (JSC::Profiler::OSRExit::toJS):
-        * profiler/ProfilerOrigin.cpp:
-        (JSC::Profiler::Origin::toJS):
-        * profiler/ProfilerProfiledBytecodes.cpp:
-        (JSC::Profiler::ProfiledBytecodes::toJS):
-        * runtime/ArgList.h:
-        (MarkedArgumentBuffer):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::putByIndex):
-        (JSC::Arguments::put):
-        (JSC::Arguments::deleteProperty):
-        (JSC::Arguments::defineOwnProperty):
-        (JSC::Arguments::tearOff):
-        (JSC::Arguments::didTearOffActivation):
-        (JSC::Arguments::tearOffForInlineCallFrame):
-        * runtime/Arguments.h:
-        (JSC::Arguments::create):
-        (JSC::Arguments::createStructure):
-        (Arguments):
-        (JSC::Arguments::Arguments):
-        (JSC::Arguments::trySetArgument):
-        (JSC::Arguments::finishCreation):
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::finishCreation):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::createStructure):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::ArrayPrototype):
-        (JSC::ArrayPrototype::finishCreation):
-        (JSC::arrayProtoFuncSort):
-        (JSC::arrayProtoFuncSplice):
-        * runtime/ArrayPrototype.h:
-        (JSC::ArrayPrototype::createStructure):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        (BatchedTransitionOptimizer):
-        * runtime/BooleanConstructor.cpp:
-        (JSC::BooleanConstructor::finishCreation):
-        (JSC::constructBoolean):
-        (JSC::constructBooleanFromImmediateBoolean):
-        * runtime/BooleanConstructor.h:
-        (JSC::BooleanConstructor::createStructure):
-        * runtime/BooleanObject.cpp:
-        (JSC::BooleanObject::BooleanObject):
-        (JSC::BooleanObject::finishCreation):
-        * runtime/BooleanObject.h:
-        (BooleanObject):
-        (JSC::BooleanObject::create):
-        (JSC::BooleanObject::createStructure):
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        (JSC::BooleanPrototype::finishCreation):
-        (JSC::booleanProtoFuncToString):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::createStructure):
-        * runtime/Butterfly.h:
-        (JSC):
-        (Butterfly):
-        * runtime/ButterflyInlines.h:
-        (JSC::Butterfly::createUninitialized):
-        (JSC::Butterfly::create):
-        (JSC::Butterfly::growPropertyStorage):
-        (JSC::Butterfly::createOrGrowArrayRight):
-        (JSC::Butterfly::growArrayRight):
-        (JSC::Butterfly::resizeArray):
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::getProgramCodeBlock):
-        (JSC::CodeCache::getEvalCodeBlock):
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        * runtime/CodeCache.h:
-        (JSC):
-        (JSC::SourceCodeValue::SourceCodeValue):
-        (CodeCache):
-        * runtime/CommonIdentifiers.cpp:
-        (JSC):
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        * runtime/CommonIdentifiers.h:
-        (CommonIdentifiers):
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::opIn):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::finishCreation):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::createStructure):
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::DateInstance):
-        (JSC::DateInstance::finishCreation):
-        (JSC::DateInstance::calculateGregorianDateTime):
-        (JSC::DateInstance::calculateGregorianDateTimeUTC):
-        * runtime/DateInstance.h:
-        (DateInstance):
-        (JSC::DateInstance::create):
-        (JSC::DateInstance::createStructure):
-        * runtime/DatePrototype.cpp:
-        (JSC::DatePrototype::finishCreation):
-        (JSC::dateProtoFuncSetTime):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        (JSC::dateProtoFuncToJSON):
-        * runtime/DatePrototype.h:
-        (JSC::DatePrototype::createStructure):
-        * runtime/Error.cpp:
-        (JSC::createError):
-        (JSC::createEvalError):
-        (JSC::createRangeError):
-        (JSC::createReferenceError):
-        (JSC::createSyntaxError):
-        (JSC::createTypeError):
-        (JSC::createURIError):
-        (JSC::addErrorInfo):
-        (JSC::throwError):
-        * runtime/Error.h:
-        (JSC):
-        (JSC::StrictModeTypeErrorFunction::create):
-        (JSC::StrictModeTypeErrorFunction::createStructure):
-        * runtime/ErrorConstructor.cpp:
-        (JSC::ErrorConstructor::finishCreation):
-        * runtime/ErrorConstructor.h:
-        (JSC::ErrorConstructor::createStructure):
-        * runtime/ErrorInstance.cpp:
-        (JSC::ErrorInstance::ErrorInstance):
-        * runtime/ErrorInstance.h:
-        (JSC::ErrorInstance::createStructure):
-        (JSC::ErrorInstance::create):
-        (ErrorInstance):
-        (JSC::ErrorInstance::finishCreation):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        (JSC::ErrorPrototype::finishCreation):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::createStructure):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::createInterruptedExecutionException):
-        (JSC::createTerminatedExecutionException):
-        * runtime/ExceptionHelpers.h:
-        (JSC):
-        (JSC::InterruptedExecutionError::InterruptedExecutionError):
-        (JSC::InterruptedExecutionError::create):
-        (JSC::InterruptedExecutionError::createStructure):
-        (JSC::TerminatedExecutionError::TerminatedExecutionError):
-        (JSC::TerminatedExecutionError::create):
-        (JSC::TerminatedExecutionError::createStructure):
-        * runtime/Executable.cpp:
-        (JSC::jettisonCodeBlock):
-        (JSC::EvalExecutable::EvalExecutable):
-        (JSC::ProgramExecutable::ProgramExecutable):
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::EvalExecutable::compileOptimized):
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::EvalExecutable::jettisonOptimizedCode):
-        (JSC::ProgramExecutable::checkSyntax):
-        (JSC::ProgramExecutable::compileOptimized):
-        (JSC::ProgramExecutable::jettisonOptimizedCode):
-        (JSC::ProgramExecutable::initializeGlobalProperties):
-        (JSC::FunctionExecutable::compileOptimizedForCall):
-        (JSC::FunctionExecutable::compileOptimizedForConstruct):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
-        (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
-        (JSC::FunctionExecutable::fromGlobalCode):
-        * runtime/Executable.h:
-        (JSC::ExecutableBase::ExecutableBase):
-        (JSC::ExecutableBase::finishCreation):
-        (JSC::ExecutableBase::createStructure):
-        (JSC::NativeExecutable::create):
-        (JSC::NativeExecutable::createStructure):
-        (JSC::NativeExecutable::finishCreation):
-        (JSC::NativeExecutable::NativeExecutable):
-        (JSC::ScriptExecutable::ScriptExecutable):
-        (JSC::ScriptExecutable::finishCreation):
-        (JSC::EvalExecutable::compile):
-        (EvalExecutable):
-        (JSC::EvalExecutable::create):
-        (JSC::EvalExecutable::createStructure):
-        (JSC::ProgramExecutable::create):
-        (ProgramExecutable):
-        (JSC::ProgramExecutable::compile):
-        (JSC::ProgramExecutable::createStructure):
-        (JSC::FunctionExecutable::create):
-        (JSC::FunctionExecutable::compileForCall):
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::compileForConstruct):
-        (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
-        (JSC::FunctionExecutable::createStructure):
-        (JSC::JSFunction::JSFunction):
-        * runtime/ExecutionHarness.h:
-        (JSC::prepareForExecution):
-        (JSC::prepareFunctionForExecution):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::FunctionConstructor::finishCreation):
-        * runtime/FunctionConstructor.h:
-        (JSC::FunctionConstructor::createStructure):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::FunctionPrototype::finishCreation):
-        (JSC::FunctionPrototype::addFunctionProperties):
-        (JSC::functionProtoFuncBind):
-        * runtime/FunctionPrototype.h:
-        (JSC::FunctionPrototype::createStructure):
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::doWork):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        * runtime/GCActivityCallback.h:
-        (JSC::GCActivityCallback::GCActivityCallback):
-        * runtime/GCActivityCallbackBlackBerry.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::doWork):
-        (JSC::DefaultGCActivityCallback::didAllocate):
-        * runtime/GetterSetter.h:
-        (JSC::GetterSetter::GetterSetter):
-        (JSC::GetterSetter::create):
-        (JSC::GetterSetter::setGetter):
-        (JSC::GetterSetter::setSetter):
-        (JSC::GetterSetter::createStructure):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        (JSC::Identifier::add8):
-        (JSC::Identifier::addSlowCase):
-        (JSC::Identifier::from):
-        (JSC::Identifier::checkCurrentIdentifierTable):
-        * runtime/Identifier.h:
-        (JSC::Identifier::Identifier):
-        (JSC::Identifier::createLCharFromUChar):
-        (Identifier):
-        (JSC::Identifier::add):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::InternalFunction):
-        (JSC::InternalFunction::finishCreation):
-        (JSC::InternalFunction::name):
-        (JSC::InternalFunction::displayName):
-        * runtime/InternalFunction.h:
-        (JSC::InternalFunction::createStructure):
-        (InternalFunction):
-        * runtime/JSAPIValueWrapper.h:
-        (JSC::JSAPIValueWrapper::createStructure):
-        (JSC::JSAPIValueWrapper::finishCreation):
-        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::symbolTablePut):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        (JSC::JSActivation::getOwnPropertySlot):
-        (JSC::JSActivation::put):
-        (JSC::JSActivation::putDirectVirtual):
-        (JSC::JSActivation::argumentsGetter):
-        * runtime/JSActivation.h:
-        (JSActivation):
-        (JSC::JSActivation::create):
-        (JSC::JSActivation::createStructure):
-        (JSC::JSActivation::JSActivation):
-        (JSC::JSActivation::tearOff):
-        * runtime/JSArray.cpp:
-        (JSC::createArrayButterflyInDictionaryIndexingMode):
-        (JSC::JSArray::setLengthWritable):
-        (JSC::JSArray::unshiftCountSlowCase):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCountWithAnyIndexingType):
-        (JSC::JSArray::unshiftCountWithArrayStorage):
-        (JSC::JSArray::unshiftCountWithAnyIndexingType):
-        (JSC::ContiguousTypeAccessor::setWithValue):
-        (JSC::JSArray::sortCompactedVector):
-        (JSC::JSArray::sortVector):
-        * runtime/JSArray.h:
-        (JSC::JSArray::JSArray):
-        (JSArray):
-        (JSC::JSArray::shiftCountForShift):
-        (JSC::JSArray::unshiftCountForShift):
-        (JSC::JSArray::createStructure):
-        (JSC::createContiguousArrayButterfly):
-        (JSC::createArrayButterfly):
-        (JSC):
-        (JSC::JSArray::create):
-        (JSC::JSArray::tryCreateUninitialized):
-        (JSC::constructArray):
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::create):
-        (JSC::JSBoundFunction::JSBoundFunction):
-        * runtime/JSBoundFunction.h:
-        (JSC::JSBoundFunction::createStructure):
-        * runtime/JSCJSValue.cpp:
-        (JSC::JSValue::putToPrimitive):
-        (JSC::JSValue::toStringSlowCase):
-        * runtime/JSCJSValue.h:
-        (JSC):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSCellInlines.h:
-        (JSC::JSCell::JSCell):
-        (JSC::JSCell::finishCreation):
-        (JSC::allocateCell):
-        (JSC::JSCell::setStructure):
-        (JSC::JSCell::fastGetOwnProperty):
-        * runtime/JSDateMath.cpp:
-        (JSC::getDSTOffset):
-        (JSC::getUTCOffset):
-        (JSC::parseDate):
-        * runtime/JSDestructibleObject.h:
-        (JSC::JSDestructibleObject::JSDestructibleObject):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::create):
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::finishCreation):
-        (JSC::JSFunction::createAllocationProfile):
-        (JSC::JSFunction::name):
-        (JSC::JSFunction::displayName):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::deleteProperty):
-        * runtime/JSFunction.h:
-        (JSFunction):
-        (JSC::JSFunction::create):
-        (JSC::JSFunction::setScope):
-        (JSC::JSFunction::createStructure):
-        * runtime/JSGlobalData.cpp: Removed.
-        * runtime/JSGlobalData.h: Removed.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::setGlobalThis):
-        (JSC::JSGlobalObject::init):
-        (JSC::JSGlobalObject::putDirectVirtual):
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        (JSC::JSGlobalObject::haveABadTime):
-        (JSC::JSGlobalObject::createThrowTypeError):
-        (JSC::JSGlobalObject::resetPrototype):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        (JSC::JSGlobalObject::createProgramCodeBlock):
-        (JSC::JSGlobalObject::createEvalCodeBlock):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::create):
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::finishCreation):
-        (JSC::JSGlobalObject::vm):
-        (JSC::JSGlobalObject::createStructure):
-        (JSC::ExecState::dynamicGlobalObject):
-        (JSC::constructEmptyArray):
-        (DynamicGlobalObjectScope):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncProtoSetter):
-        * runtime/JSLock.cpp:
-        (JSC::JSLockHolder::JSLockHolder):
-        (JSC::JSLockHolder::init):
-        (JSC::JSLockHolder::~JSLockHolder):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::willDestroyGlobalData):
-        (JSC::JSLock::lock):
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-        * runtime/JSLock.h:
-        (JSC):
-        (JSLockHolder):
-        (JSLock):
-        (JSC::JSLock::vm):
-        (DropAllLocks):
-        * runtime/JSNameScope.h:
-        (JSC::JSNameScope::createStructure):
-        (JSC::JSNameScope::finishCreation):
-        (JSC::JSNameScope::JSNameScope):
-        * runtime/JSNotAnObject.h:
-        (JSC::JSNotAnObject::JSNotAnObject):
-        (JSC::JSNotAnObject::create):
-        (JSC::JSNotAnObject::createStructure):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONObject::JSONObject):
-        (JSC::JSONObject::finishCreation):
-        (Holder):
-        (JSC::Stringifier::Stringifier):
-        (JSC::Stringifier::stringify):
-        (JSC::Stringifier::toJSON):
-        (JSC::Stringifier::appendStringifiedValue):
-        (JSC::Stringifier::Holder::Holder):
-        (JSC::Stringifier::Holder::appendNextProperty):
-        (JSC::Walker::Walker):
-        (JSC::Walker::walk):
-        (JSC::JSONProtoFuncParse):
-        (JSC::JSONProtoFuncStringify):
-        (JSC::JSONStringify):
-        * runtime/JSONObject.h:
-        (JSC::JSONObject::createStructure):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::notifyPresenceOfIndexedAccessors):
-        (JSC::JSObject::createInitialIndexedStorage):
-        (JSC::JSObject::createInitialUndecided):
-        (JSC::JSObject::createInitialInt32):
-        (JSC::JSObject::createInitialDouble):
-        (JSC::JSObject::createInitialContiguous):
-        (JSC::JSObject::createArrayStorage):
-        (JSC::JSObject::createInitialArrayStorage):
-        (JSC::JSObject::convertUndecidedToInt32):
-        (JSC::JSObject::convertUndecidedToDouble):
-        (JSC::JSObject::convertUndecidedToContiguous):
-        (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
-        (JSC::JSObject::convertUndecidedToArrayStorage):
-        (JSC::JSObject::convertInt32ToDouble):
-        (JSC::JSObject::convertInt32ToContiguous):
-        (JSC::JSObject::convertInt32ToArrayStorage):
-        (JSC::JSObject::genericConvertDoubleToContiguous):
-        (JSC::JSObject::convertDoubleToContiguous):
-        (JSC::JSObject::rageConvertDoubleToContiguous):
-        (JSC::JSObject::convertDoubleToArrayStorage):
-        (JSC::JSObject::convertContiguousToArrayStorage):
-        (JSC::JSObject::convertUndecidedForValue):
-        (JSC::JSObject::convertInt32ForValue):
-        (JSC::JSObject::setIndexQuicklyToUndecided):
-        (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
-        (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
-        (JSC::JSObject::ensureInt32Slow):
-        (JSC::JSObject::ensureDoubleSlow):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::rageEnsureContiguousSlow):
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
-        (JSC::JSObject::switchToSlowPutArrayStorage):
-        (JSC::JSObject::putDirectVirtual):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::setPrototypeWithCycleCheck):
-        (JSC::JSObject::putDirectAccessor):
-        (JSC::JSObject::deleteProperty):
-        (JSC::JSObject::getPropertySpecificValue):
-        (JSC::JSObject::getOwnNonIndexPropertyNames):
-        (JSC::JSObject::seal):
-        (JSC::JSObject::freeze):
-        (JSC::JSObject::preventExtensions):
-        (JSC::JSObject::reifyStaticFunctionsForDelete):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::putIndexedDescriptor):
-        (JSC::JSObject::defineOwnIndexedProperty):
-        (JSC::JSObject::allocateSparseIndexMap):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectNativeFunction):
-        (JSC::JSObject::increaseVectorLength):
-        (JSC::JSObject::ensureLengthSlow):
-        (JSC::JSObject::growOutOfLineStorage):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        (JSC::putDescriptor):
-        (JSC::JSObject::putDirectMayBeIndex):
-        (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
-        (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
-        (DefineOwnPropertyScope):
-        (JSC::JSObject::defineOwnNonIndexProperty):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::putByIndexInline):
-        (JSC::JSObject::putDirectIndex):
-        (JSC::JSObject::setIndexQuickly):
-        (JSC::JSObject::initializeIndex):
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectOffset):
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::isSealed):
-        (JSC::JSObject::isFrozen):
-        (JSC::JSObject::flattenDictionaryObject):
-        (JSC::JSObject::ensureInt32):
-        (JSC::JSObject::ensureDouble):
-        (JSC::JSObject::ensureContiguous):
-        (JSC::JSObject::rageEnsureContiguous):
-        (JSC::JSObject::ensureArrayStorage):
-        (JSC::JSObject::finishCreation):
-        (JSC::JSObject::createStructure):
-        (JSC::JSObject::ensureLength):
-        (JSC::JSNonFinalObject::createStructure):
-        (JSC::JSNonFinalObject::JSNonFinalObject):
-        (JSC::JSNonFinalObject::finishCreation):
-        (JSC::JSFinalObject::createStructure):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::JSFinalObject::JSFinalObject):
-        (JSC::JSFinalObject::create):
-        (JSC::JSObject::setButterfly):
-        (JSC::JSObject::JSObject):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
-        (JSC::JSObject::putOwnDataProperty):
-        (JSC::JSObject::putDirectWithoutTransition):
-        (JSC):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/JSPropertyNameIterator.h:
-        (JSC::JSPropertyNameIterator::createStructure):
-        (JSC::JSPropertyNameIterator::setCachedStructure):
-        (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
-        (JSC::JSPropertyNameIterator::finishCreation):
-        (JSC::StructureRareData::setEnumerationCache):
-        * runtime/JSProxy.cpp:
-        (JSC::JSProxy::setTarget):
-        * runtime/JSProxy.h:
-        (JSC::JSProxy::create):
-        (JSC::JSProxy::createStructure):
-        (JSC::JSProxy::JSProxy):
-        (JSC::JSProxy::finishCreation):
-        (JSProxy):
-        * runtime/JSScope.cpp:
-        (JSC::executeResolveOperations):
-        (JSC::JSScope::resolveContainingScopeInternal):
-        (JSC::JSScope::resolveWithBase):
-        (JSC::JSScope::resolveWithThis):
-        (JSC::JSScope::resolvePut):
-        * runtime/JSScope.h:
-        (JSScope):
-        (JSC::JSScope::JSScope):
-        (JSC::JSScope::vm):
-        (JSC::ExecState::vm):
-        * runtime/JSSegmentedVariableObject.h:
-        (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
-        (JSC::JSSegmentedVariableObject::finishCreation):
-        * runtime/JSString.cpp:
-        (JSC::JSRopeString::RopeBuilder::expand):
-        (JSC::StringObject::create):
-        * runtime/JSString.h:
-        (JSC):
-        (JSString):
-        (JSC::JSString::JSString):
-        (JSC::JSString::finishCreation):
-        (JSC::JSString::create):
-        (JSC::JSString::createHasOtherOwner):
-        (JSC::JSString::createStructure):
-        (JSRopeString):
-        (JSC::JSRopeString::RopeBuilder::RopeBuilder):
-        (JSC::JSRopeString::RopeBuilder::append):
-        (RopeBuilder):
-        (JSC::JSRopeString::JSRopeString):
-        (JSC::JSRopeString::finishCreation):
-        (JSC::JSRopeString::append):
-        (JSC::JSRopeString::createNull):
-        (JSC::JSRopeString::create):
-        (JSC::jsEmptyString):
-        (JSC::jsSingleCharacterString):
-        (JSC::jsSingleCharacterSubstring):
-        (JSC::jsNontrivialString):
-        (JSC::jsString):
-        (JSC::jsSubstring):
-        (JSC::jsSubstring8):
-        (JSC::jsOwnedString):
-        (JSC::jsStringBuilder):
-        (JSC::inlineJSValueNotStringtoString):
-        * runtime/JSStringJoiner.cpp:
-        (JSC::JSStringJoiner::build):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::JSSymbolTableObject::JSSymbolTableObject):
-        (JSC::JSSymbolTableObject::finishCreation):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/JSVariableObject.h:
-        (JSC::JSVariableObject::JSVariableObject):
-        * runtime/JSWithScope.h:
-        (JSC::JSWithScope::create):
-        (JSC::JSWithScope::createStructure):
-        (JSC::JSWithScope::JSWithScope):
-        * runtime/JSWrapperObject.h:
-        (JSWrapperObject):
-        (JSC::JSWrapperObject::createStructure):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        (JSC::JSWrapperObject::setInternalValue):
-        * runtime/LiteralParser.cpp:
-        (JSC::::tryJSONPParse):
-        (JSC::::makeIdentifier):
-        (JSC::::parse):
-        * runtime/Lookup.cpp:
-        (JSC::HashTable::createTable):
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/Lookup.h:
-        (JSC::HashTable::initializeIfNeeded):
-        (JSC::HashTable::entry):
-        (JSC::HashTable::begin):
-        (JSC::HashTable::end):
-        (HashTable):
-        (JSC::lookupPut):
-        * runtime/MathObject.cpp:
-        (JSC::MathObject::MathObject):
-        (JSC::MathObject::finishCreation):
-        (JSC::mathProtoFuncSin):
-        * runtime/MathObject.h:
-        (JSC::MathObject::createStructure):
-        * runtime/MemoryStatistics.cpp:
-        * runtime/MemoryStatistics.h:
-        * runtime/NameConstructor.cpp:
-        (JSC::NameConstructor::finishCreation):
-        (JSC::constructPrivateName):
-        * runtime/NameConstructor.h:
-        (JSC::NameConstructor::createStructure):
-        * runtime/NameInstance.cpp:
-        (JSC::NameInstance::NameInstance):
-        * runtime/NameInstance.h:
-        (JSC::NameInstance::createStructure):
-        (JSC::NameInstance::create):
-        (NameInstance):
-        (JSC::NameInstance::finishCreation):
-        * runtime/NamePrototype.cpp:
-        (JSC::NamePrototype::NamePrototype):
-        (JSC::NamePrototype::finishCreation):
-        * runtime/NamePrototype.h:
-        (JSC::NamePrototype::createStructure):
-        * runtime/NativeErrorConstructor.h:
-        (JSC::NativeErrorConstructor::createStructure):
-        (JSC::NativeErrorConstructor::finishCreation):
-        * runtime/NativeErrorPrototype.cpp:
-        (JSC::NativeErrorPrototype::finishCreation):
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::finishCreation):
-        (JSC::constructWithNumberConstructor):
-        * runtime/NumberConstructor.h:
-        (JSC::NumberConstructor::createStructure):
-        * runtime/NumberObject.cpp:
-        (JSC::NumberObject::NumberObject):
-        (JSC::NumberObject::finishCreation):
-        (JSC::constructNumber):
-        * runtime/NumberObject.h:
-        (NumberObject):
-        (JSC::NumberObject::create):
-        (JSC::NumberObject::createStructure):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        (JSC::NumberPrototype::finishCreation):
-        (JSC::integerValueToString):
-        (JSC::numberProtoFuncToString):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::createStructure):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::ObjectConstructor::finishCreation):
-        (JSC::objectConstructorGetOwnPropertyDescriptor):
-        (JSC::objectConstructorSeal):
-        (JSC::objectConstructorFreeze):
-        (JSC::objectConstructorPreventExtensions):
-        (JSC::objectConstructorIsSealed):
-        (JSC::objectConstructorIsFrozen):
-        * runtime/ObjectConstructor.h:
-        (JSC::ObjectConstructor::createStructure):
-        (JSC::constructEmptyObject):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        (JSC::ObjectPrototype::finishCreation):
-        (JSC::objectProtoFuncToString):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::createStructure):
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        * runtime/Operations.h:
-        (JSC):
-        (JSC::jsString):
-        (JSC::jsStringFromArguments):
-        (JSC::normalizePrototypeChainForChainAccess):
-        (JSC::normalizePrototypeChain):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyMapEntry::PropertyMapEntry):
-        (JSC::PropertyTable::createStructure):
-        (PropertyTable):
-        (JSC::PropertyTable::copy):
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::vm):
-        (JSC::PropertyNameArray::addKnownUnique):
-        (PropertyNameArray):
-        * runtime/PropertyTable.cpp:
-        (JSC::PropertyTable::create):
-        (JSC::PropertyTable::clone):
-        (JSC::PropertyTable::PropertyTable):
-        * runtime/PrototypeMap.cpp:
-        (JSC::PrototypeMap::emptyObjectStructureForPrototype):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::RegExp):
-        (JSC::RegExp::finishCreation):
-        (JSC::RegExp::createWithoutCaching):
-        (JSC::RegExp::create):
-        (JSC::RegExp::compile):
-        (JSC::RegExp::compileIfNecessary):
-        (JSC::RegExp::match):
-        (JSC::RegExp::compileMatchOnly):
-        (JSC::RegExp::compileIfNecessaryMatchOnly):
-        * runtime/RegExp.h:
-        (JSC):
-        (RegExp):
-        (JSC::RegExp::createStructure):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::lookupOrCreate):
-        (JSC::RegExpCache::RegExpCache):
-        (JSC::RegExpCache::addToStrongCache):
-        * runtime/RegExpCache.h:
-        (RegExpCache):
-        * runtime/RegExpCachedResult.cpp:
-        (JSC::RegExpCachedResult::lastResult):
-        (JSC::RegExpCachedResult::setInput):
-        * runtime/RegExpCachedResult.h:
-        (JSC::RegExpCachedResult::RegExpCachedResult):
-        (JSC::RegExpCachedResult::record):
-        * runtime/RegExpConstructor.cpp:
-        (JSC::RegExpConstructor::RegExpConstructor):
-        (JSC::RegExpConstructor::finishCreation):
-        (JSC::constructRegExp):
-        * runtime/RegExpConstructor.h:
-        (JSC::RegExpConstructor::createStructure):
-        (RegExpConstructor):
-        (JSC::RegExpConstructor::performMatch):
-        * runtime/RegExpMatchesArray.cpp:
-        (JSC::RegExpMatchesArray::RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::create):
-        (JSC::RegExpMatchesArray::finishCreation):
-        (JSC::RegExpMatchesArray::reifyAllProperties):
-        * runtime/RegExpMatchesArray.h:
-        (RegExpMatchesArray):
-        (JSC::RegExpMatchesArray::createStructure):
-        * runtime/RegExpObject.cpp:
-        (JSC::RegExpObject::RegExpObject):
-        (JSC::RegExpObject::finishCreation):
-        (JSC::RegExpObject::match):
-        * runtime/RegExpObject.h:
-        (JSC::RegExpObject::create):
-        (JSC::RegExpObject::setRegExp):
-        (JSC::RegExpObject::setLastIndex):
-        (JSC::RegExpObject::createStructure):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::regExpProtoFuncCompile):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::createStructure):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::initializeCommonStrings):
-        (JSC::SmallStrings::createEmptyString):
-        (JSC::SmallStrings::createSingleCharacterString):
-        (JSC::SmallStrings::initialize):
-        * runtime/SmallStrings.h:
-        (JSC):
-        (JSC::SmallStrings::singleCharacterString):
-        (SmallStrings):
-        * runtime/SparseArrayValueMap.cpp:
-        (JSC::SparseArrayValueMap::SparseArrayValueMap):
-        (JSC::SparseArrayValueMap::finishCreation):
-        (JSC::SparseArrayValueMap::create):
-        (JSC::SparseArrayValueMap::createStructure):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayEntry::put):
-        * runtime/SparseArrayValueMap.h:
-        * runtime/StrictEvalActivation.cpp:
-        (JSC::StrictEvalActivation::StrictEvalActivation):
-        * runtime/StrictEvalActivation.h:
-        (JSC::StrictEvalActivation::create):
-        (JSC::StrictEvalActivation::createStructure):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::finishCreation):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::createStructure):
-        * runtime/StringObject.cpp:
-        (JSC::StringObject::StringObject):
-        (JSC::StringObject::finishCreation):
-        (JSC::constructString):
-        * runtime/StringObject.h:
-        (JSC::StringObject::create):
-        (JSC::StringObject::createStructure):
-        (StringObject):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::StringPrototype):
-        (JSC::StringPrototype::finishCreation):
-        (JSC::removeUsingRegExpSearch):
-        (JSC::replaceUsingRegExpSearch):
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSearch):
-        (JSC::stringProtoFuncSplit):
-        * runtime/StringPrototype.h:
-        (JSC::StringPrototype::createStructure):
-        * runtime/StringRecursionChecker.h:
-        (JSC::StringRecursionChecker::performCheck):
-        (JSC::StringRecursionChecker::~StringRecursionChecker):
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::add):
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::toCacheableDictionaryTransition):
-        (JSC::Structure::toUncacheableDictionaryTransition):
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::takePropertyTableOrCloneIfPinned):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::isSealed):
-        (JSC::Structure::isFrozen):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::allocateRareData):
-        (JSC::Structure::cloneRareDataFrom):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::despecifyAllFunctions):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::createPropertyMap):
-        (JSC::Structure::getPropertyNamesFromStructure):
-        (JSC::Structure::prototypeChainMayInterceptStoreTo):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::finishCreation):
-        (JSC::Structure::setPrototypeWithoutTransition):
-        (JSC::Structure::setGlobalObject):
-        (JSC::Structure::setObjectToStringValue):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-        (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
-        (JSC::Structure::setPreviousID):
-        * runtime/StructureChain.cpp:
-        (JSC::StructureChain::StructureChain):
-        * runtime/StructureChain.h:
-        (JSC::StructureChain::create):
-        (JSC::StructureChain::createStructure):
-        (JSC::StructureChain::finishCreation):
-        (StructureChain):
-        * runtime/StructureInlines.h:
-        (JSC::Structure::create):
-        (JSC::Structure::createStructure):
-        (JSC::Structure::get):
-        (JSC::Structure::setEnumerationCache):
-        (JSC::Structure::prototypeChain):
-        (JSC::Structure::propertyTable):
-        * runtime/StructureRareData.cpp:
-        (JSC::StructureRareData::createStructure):
-        (JSC::StructureRareData::create):
-        (JSC::StructureRareData::clone):
-        (JSC::StructureRareData::StructureRareData):
-        * runtime/StructureRareData.h:
-        (StructureRareData):
-        * runtime/StructureRareDataInlines.h:
-        (JSC::StructureRareData::setPreviousID):
-        (JSC::StructureRareData::setObjectToStringValue):
-        * runtime/StructureTransitionTable.h:
-        (StructureTransitionTable):
-        (JSC::StructureTransitionTable::setSingleTransition):
-        * runtime/SymbolTable.h:
-        (JSC::SharedSymbolTable::create):
-        (JSC::SharedSymbolTable::createStructure):
-        (JSC::SharedSymbolTable::SharedSymbolTable):
-        * runtime/VM.cpp: Copied from Source/JavaScriptCore/runtime/JSGlobalData.cpp.
-        (JSC::VM::VM):
-        (JSC::VM::~VM):
-        (JSC::VM::createContextGroup):
-        (JSC::VM::create):
-        (JSC::VM::createLeaked):
-        (JSC::VM::sharedInstanceExists):
-        (JSC::VM::sharedInstance):
-        (JSC::VM::sharedInstanceInternal):
-        (JSC::VM::getHostFunction):
-        (JSC::VM::ClientData::~ClientData):
-        (JSC::VM::resetDateCache):
-        (JSC::VM::startSampling):
-        (JSC::VM::stopSampling):
-        (JSC::VM::discardAllCode):
-        (JSC::VM::dumpSampleData):
-        (JSC::VM::addSourceProviderCache):
-        (JSC::VM::clearSourceProviderCaches):
-        (JSC::VM::releaseExecutableMemory):
-        (JSC::releaseExecutableMemory):
-        (JSC::VM::gatherConservativeRoots):
-        (JSC::VM::addRegExpToTrace):
-        (JSC::VM::dumpRegExpTrace):
-        * runtime/VM.h: Copied from Source/JavaScriptCore/runtime/JSGlobalData.h.
-        (VM):
-        (JSC::VM::isSharedInstance):
-        (JSC::VM::usingAPI):
-        (JSC::VM::isInitializingObject):
-        (JSC::VM::setInitializingObjectClass):
-        (JSC::WeakSet::heap):
-        * runtime/WriteBarrier.h:
-        (JSC):
-        (JSC::WriteBarrierBase::set):
-        (JSC::WriteBarrierBase::setMayBeNull):
-        (JSC::WriteBarrierBase::setEarlyValue):
-        (JSC::WriteBarrier::WriteBarrier):
-        * testRegExp.cpp:
-        (GlobalObject):
-        (GlobalObject::create):
-        (GlobalObject::createStructure):
-        (GlobalObject::finishCreation):
-        (main):
-        (testOneRegExp):
-        (parseRegExpLine):
-        (runFromFiles):
-        (realMain):
-        * yarr/YarrInterpreter.h:
-        (BytecodePattern):
-        * yarr/YarrJIT.cpp:
-        (YarrGenerator):
-        (JSC::Yarr::YarrGenerator::compile):
-        (JSC::Yarr::jitCompile):
-        * yarr/YarrJIT.h:
-        (JSC):
-
-2013-04-18  Xuefei Ren  <xren@blackberry.com>
-
-        remove build warning(unused parameter)
-        https://bugs.webkit.org/show_bug.cgi?id=114670
-
-        Reviewed by Rob Buis.
-
-        remove warning in Source/JavaScriptCore/runtime/GCActivityCallbackBlackBerry.cpp
-
-        * runtime/GCActivityCallbackBlackBerry.cpp:
-        (JSC::DefaultGCActivityCallback::didAllocate):
-
-2013-04-18  Jonathan Liu  <net147@gmail.com>
-
-        Implement JIT for MinGW-w64 64-bit
-        https://bugs.webkit.org/show_bug.cgi?id=114580
-
-        Reviewed by Jocelyn Turcotte.
-
-        * jit/JITStubs.cpp:
-        (JSC):
-
-2013-04-17  Mark Lam  <mark.lam@apple.com>
-
-        Avoid using a branch range that is too far for some CPU architectures.
-        https://bugs.webkit.org/show_bug.cgi?id=114782.
-
-        Reviewed by David Kilzer.
-
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2013-04-17  Julien Brianceau  <jbrianceau@nds.com>
-
-        Fix SH4 build (broken since r148639).
-        https://bugs.webkit.org/show_bug.cgi?id=114773.
-
-        Allow longer displacements for specific branches in SH4 LLINT.
-
-        Reviewed by Oliver Hunt.
-
-        * offlineasm/sh4.rb:
-
-2013-04-14  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. More Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-14  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-17  Mark Lam  <mark.lam@apple.com>
-
-        Fix broken build. Replaced a static const with a #define.
-        https://bugs.webkit.org/show_bug.cgi?id=114577.
-
-        Unreviewed.
-
-        * runtime/Watchdog.cpp:
-        (JSC::Watchdog::Watchdog):
-        (JSC::Watchdog::isEnabled):
-
-2013-04-17  Mark Lam  <mark.lam@apple.com>
-
-        Add LLINT and baseline JIT support for timing out scripts.
-        https://bugs.webkit.org/show_bug.cgi?id=114577.
-
-        Reviewed by Geoffrey Garen.
-
-        Introduces the new Watchdog class which is used to track script
-        execution time, and initiate script termination if needed.
-
-        * API/JSContextRef.cpp:
-        (internalScriptTimeoutCallback):
-        (JSContextGroupSetExecutionTimeLimit):
-        (JSContextGroupClearExecutionTimeLimit):
-        * API/JSContextRefPrivate.h:
-        - Added new script execution time limit APIs.
-        * API/tests/testapi.c:
-        (currentCPUTime):
-        (shouldTerminateCallback):
-        (cancelTerminateCallback):
-        (extendTerminateCallback):
-        (main):
-        - Added new API tests for script execution time limit.
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoopHint):
-        - loop hints are needed for the llint as well. Hence, it will be
-          emitted unconditionally.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        - Added checks for script termination before entering script code.
-        * jit/JIT.cpp:
-        (JSC::JIT::emitWatchdogTimerCheck):
-        * jit/JIT.h:
-        (JSC::JIT::emit_op_loop_hint):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION(void, handle_watchdog_timer)):
-        * jit/JITStubs.h:
-        * llint/LLIntExceptions.cpp:
-        (JSC::LLInt::doThrow):
-        - Factored out some common code from returnToThrow() and callToThrow().
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL(slow_path_handle_watchdog_timer)):
-        * llint/LLIntSlowPaths.h:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::throwTerminatedExecutionException):
-        - Also removed the now unused InterruptedExecutionException.
-        * runtime/ExceptionHelpers.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        - Added watchdog, and removed the now obsolete Terminator.
-        * runtime/Terminator.h: Removed.
-        * runtime/Watchdog.cpp: Added.
-        (JSC::Watchdog::Watchdog):
-        (JSC::Watchdog::~Watchdog):
-        (JSC::Watchdog::setTimeLimit):
-        (JSC::Watchdog::didFire):
-        (JSC::Watchdog::isEnabled):
-        (JSC::Watchdog::fire):
-        (JSC::Watchdog::arm):
-        (JSC::Watchdog::disarm):
-        (JSC::Watchdog::startCountdownIfNeeded):
-        (JSC::Watchdog::startCountdown):
-        (JSC::Watchdog::stopCountdown):
-        (JSC::Watchdog::Scope::Scope):
-        (JSC::Watchdog::Scope::~Scope):
-        * runtime/Watchdog.h: Added.
-        (Watchdog):
-        (JSC::Watchdog::didFire):
-        (JSC::Watchdog::timerDidFireAddress):
-        (JSC::Watchdog::isArmed):
-        (Watchdog::Scope):
-        * runtime/WatchdogMac.cpp: Added.
-        (JSC::Watchdog::initTimer):
-        (JSC::Watchdog::destroyTimer):
-        (JSC::Watchdog::startTimer):
-        (JSC::Watchdog::stopTimer):
-        * runtime/WatchdogNone.cpp: Added.
-        (JSC::Watchdog::initTimer):
-        (JSC::Watchdog::destroyTimer):
-        (JSC::Watchdog::startTimer):
-        (JSC::Watchdog::stopTimer):
-
-2013-04-14  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. VS2010 Windows build fix.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
-
-2013-04-14  Roger Fong  <roger_fong@apple.com>
-
-        Copy make-file-export-generator script to the the Source folders of the projects that use it.
-        <rdar://problem/13675604>
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/make-export-file-generator: Copied from Source/WebCore/make-export-file-generator.
-
-2013-04-17  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows, WinCairo] Stop individually building WTF files in JSC.
-        https://bugs.webkit.org/show_bug.cgi?id=114705
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        Export additional String/fastMalloc symbols needed by JSC program.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Don't manually build
-        WTF implementation files (a second time!) in this project.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        Export additional String/fastMalloc symbols needed by JSC program.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Don't manually
-        build WTF implementation files (a second time!) in this project.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj.filters: Ditto.
-
-2013-04-17  Mark Lam  <mark.lam@apple.com>
-
-        releaseExecutableMemory() should canonicalize cell liveness data before
-        it scans the GC roots.
-        https://bugs.webkit.org/show_bug.cgi?id=114733.
-
-        Reviewed by Mark Hahnenberg.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::canonicalizeCellLivenessData):
-        * heap/Heap.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::releaseExecutableMemory):
-
-2013-04-16  Commit Queue  <rniwa@webkit.org>
-
-        Unreviewed, rolling out r148576.
-        http://trac.webkit.org/changeset/148576
-        https://bugs.webkit.org/show_bug.cgi?id=114714
-
-        WebCore is building some of these same files (Requested by
-        bfulgham on #webkit).
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj.filters:
-
-2013-04-16  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows, WinCairo] Stop individually building WTF files in JSC.
-        https://bugs.webkit.org/show_bug.cgi?id=114705
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        Export additional String/fastMalloc symbols needed by JSC program.
-        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Don't manually build
-        WTF implementation files (a second time!) in this project.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        Export additional String/fastMalloc symbols needed by JSC program.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Don't manually
-        build WTF implementation files (a second time!) in this project.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj.filters: Ditto.
-
-2013-04-16  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Do not use JAVASCRIPTCORE_DIR in add_custom_command() of JavaScriptCore project
-        https://bugs.webkit.org/show_bug.cgi?id=114265
-
-        Reviewed by Brent Fulgham.
-
-        Use CMAKE_CURRENT_SOURCE_DIR instead, since it provides the same value and is more
-        understandable. Also move the GENERATE_HASH_LUT macro into the CMakeLists.txt
-        of JavaScriptCore to avoid the usage of JAVASCRIPTCORE_DIR there too.
-
-        * CMakeLists.txt:
-
-2013-04-16  Anders Carlsson  <andersca@apple.com>
-
-        Another Windows build fix attempt.
-
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-
-2013-04-16  Anders Carlsson  <andersca@apple.com>
-
-        Try to fix the Windows build.
-
-        * runtime/JSGlobalData.h:
-
-2013-04-16  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows] Unreviewed VS2010 build correction.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
-        Specify proper link library to avoid mixture of ICU 4.0 and 4.6
-        symbols during link.
-
-2013-04-15  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Windows clean build fix after r148479.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-15  Anders Carlsson  <andersca@apple.com>
-
-        ScriptWrappable subclasses shouldn't have to include WeakInlines.h
-        https://bugs.webkit.org/show_bug.cgi?id=114641
-
-        Reviewed by Alexey Proskuryakov.
-
-        Move back the Weak constructor, destructor and clear() to Weak.h. Add a new weakClearSlowCase function
-        and put it in Weak.cpp.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/Weak.cpp: Added.
-        * heap/Weak.h:
-        * heap/WeakInlines.h:
-        * heap/WeakSetInlines.h:
-
-2013-04-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        HeapTimer lifetime should be less complicated
-        https://bugs.webkit.org/show_bug.cgi?id=114529
-
-        Reviewed by Oliver Hunt.
-
-        Right now our HeapTimer lifetime is rather complicated. HeapTimers are "owned" by the JSGlobalData, 
-        but there's an issue in that there can be races between a thread that is trying to tear down a JSGlobalData 
-        and the HeapTimer's fire function. Our current code for tearing down HeapTimers is an intricate and delicate 
-        dance which probably contains subtle bugs.
-
-        We can make our lives easier by changing things around a bit. 
-
-        1) We should free the API lock from being solely owned by the JSGlobalData so we don't have to worry about 
-           grabbing the lock out of invalid memory when our HeapTimer callback fires. 
-
-        2) We should also make it so that we deref the JSGlobalData first, then unlock the API lock so that when we 
-           have the lock, the JSGlobalData is in one of two states: fully valid or completely destroyed, and we know exactly which one. 
-
-        3) The JSLock can tell us this information by keeping a back pointer to the JSGlobalData. When the JSGlobalData's 
-           destructor is called, it clears this pointer in the JSLock. Other clients of the API lock can then check 
-           this pointer to determine whether or not the JSGlobalData is still around.
-
-        4) The CFRunLoopTimer will use the API lock as its context rather than the HeapTimer itself. The only way 
-           the HeapTimer's callback can get to the HeapTimer is through the API lock's JSGlobalData pointer.
-
-        5) The CFRunLoopTimerContext struct has two fields for retain and release callbacks for the context's info field. 
-           We'll provide these callbacks to ref() and deref() the JSLock as necessary. Thus, the timer becomes the other 
-           owner of the JSLock apart from the JSGlobalData.
-
-        * API/APIShims.h: Remove the cruft that was required by the previous design, such as RefGlobalDataTag.
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (APIEntryShimWithoutLock):
-        (JSC::APIEntryShim::APIEntryShim):
-        (JSC::APIEntryShim::~APIEntryShim): Protect the API lock with a RefPtr, deref the JSGlobalData, which could destroy it,
-        then unlock the API lock. This ordering prevents others from obtaining the API lock while the JSGlobalData is in the 
-        middle of being torn down.
-        (JSC::APIEntryShim::init): We now take the lock, then ref the JSGlobalData, which is the opposite order of when we 
-        tear down the shim.
-        * heap/Heap.cpp:
-        (JSC::Heap::setActivityCallback): Use PassOwnPtr now.
-        (JSC::Heap::activityCallback): Ditto.
-        (JSC::Heap::sweeper): Ditto.
-        (JSC):
-        * heap/Heap.h:
-        (Heap):
-        * heap/HeapTimer.cpp:
-        (JSC::retainAPILock): Retain callback for CFRunLoopTimerContext struct.
-        (JSC::releaseAPILock): Release callback for the CFRunLoopTimerContext struct.
-        (JSC::HeapTimer::HeapTimer): Use the API lock as the context's info field rather than the HeapTimer.
-        (JSC::HeapTimer::timerDidFire): Grab the API lock. Return early if the JSGlobalData has already been destroyed.
-        Otherwise, figure out which kind of HeapTimer we are based on the CFRunLoopTimerRef passed to the callback and 
-        call the HeapTimer's callback.
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::create): PassOwnPtr all the things.
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * jsc.cpp:
-        (jscmain): We use an APIEntryShim instead of a RefPtr for the JSGlobalData because we need to 
-        tear down the JSGlobalData while we still hold the lock, which the APIEntryShim handles correctly.
-        * runtime/GCActivityCallback.h:
-        (DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData): Notify the API lock that the JSGlobalData is being torn down.
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        (JSC::JSGlobalData::apiLock):
-        * runtime/JSLock.cpp:
-        (JSC::JSLockHolder::JSLockHolder): Ref, then lock (just like the API shim).
-        (JSC):
-        (JSC::JSLock::willDestroyGlobalData):
-        (JSC::JSLockHolder::init):
-        (JSC::JSLockHolder::~JSLockHolder): Protect, deref, then unlock (just like the API shim).
-        (JSC::JSLock::JSLock):
-        * runtime/JSLock.h: Add back pointer to the JSGlobalData and a callback for when the JSGlobalData is being
-        torn down that clears this pointer to notify other clients (i.e. timer callbacks) that the JSGlobalData is no
-        longer valid.
-        (JSLockHolder):
-        (JSLock):
-        (JSC::JSLock::globalData):
-        * testRegExp.cpp:
-        (realMain): We use an APIEntryShim instead of a RefPtr for the JSGlobalData because we need to 
-        tear down the JSGlobalData while we still hold the lock, which the APIEntryShim handles correctly.
-
-2013-04-15  Julien Brianceau  <jbrianceau@nds.com>
-
-        LLInt SH4 backend implementation
-        https://bugs.webkit.org/show_bug.cgi?id=112886
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        * jit/JITStubs.cpp:
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * offlineasm/arm.rb:
-        * offlineasm/ast.rb:
-        * offlineasm/backends.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/mips.rb:
-        * offlineasm/risc.rb:
-        * offlineasm/sh4.rb: Added.
-
-2013-04-15  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Add WTF_USE_*_UNICODE variables
-        https://bugs.webkit.org/show_bug.cgi?id=114556
-
-        Reviewed by Brent Fulgham.
-
-        WTF_USE_ICU_UNICODE and WTF_USE_WCHAR_UNICODE are used to
-        reduce duplication in the platform specific CMake files.
-
-        * CMakeLists.txt:
-        * PlatformEfl.cmake:
-
-2013-04-13  Patrick Gansterer  <paroga@webkit.org>
-
-        Add missing export macro to SymbolTableEntry::freeFatEntrySlow()
-
-        * runtime/SymbolTable.h:
-        (SymbolTableEntry):
-
-2013-04-12  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Block freeing thread should call Region::destroy instead of delete
-        https://bugs.webkit.org/show_bug.cgi?id=114544
-
-        Reviewed by Oliver Hunt.
-
-        Since Region doesn't have a virtual destructor, calling delete will not properly clean up all of 
-        the state of the Region. We should call destroy() instead.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::releaseFreeRegions):
-        (JSC::BlockAllocator::blockFreeingThreadMain):
-
-2013-04-11  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge CharacterClassTable into CharacterClass
-        https://bugs.webkit.org/show_bug.cgi?id=114409
-
-        Reviewed by Darin Adler.
-
-        CharacterClassTable is only a pointer and a boolean.
-        It is a little overkill to make a separate allocation
-        for that.
-
-        * create_regex_tables:
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::matchCharacterClass):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::CharacterClassConstructor::charClass):
-        * yarr/YarrPattern.h:
-        (CharacterClass):
-        (JSC::Yarr::CharacterClass::CharacterClass):
-
-2013-04-11  Michael Saboff  <msaboff@apple.com>
-
-        Added UNLIKELY() suggested in https://bugs.webkit.org/show_bug.cgi?id=114366
-        after checking in the original change. 
-
-        Rubber-stamped by Jessie Berlin.
-
-        * dfg/DFGOperations.cpp:
-
-2013-04-10  Benjamin Poulain  <benjamin@webkit.org>
-
-        Unify JSC Parser's error and error message
-        https://bugs.webkit.org/show_bug.cgi?id=114363
-
-        Reviewed by Geoffrey Garen.
-
-        The parser kept the error state over two attributes:
-        error and errorMessage. They were changed in sync,
-        but had some discrepancy (for example, the error message
-        was always defined to something).
-
-        This patch unifies the two. There is an error if
-        if the error message is non-null or if the parsing finished
-        before the end.
-
-        This also gets rid of the allocation of the error message
-        when instantiating a parser.
-
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        (JSC::::parseInner):
-        (JSC::::parseSourceElements):
-        (JSC::::parseVarDeclaration):
-        (JSC::::parseConstDeclaration):
-        (JSC::::parseForStatement):
-        (JSC::::parseSwitchStatement):
-        (JSC::::parsePrimaryExpression):
-        * parser/Parser.h:
-        (JSC::Parser::updateErrorMessage):
-        (JSC::Parser::updateErrorWithNameAndMessage):
-        (JSC::Parser::hasError):
-        (Parser):
-
-2013-04-10  Oliver Hunt  <oliver@apple.com>
-
-        Set trap is not being called for API objects
-        https://bugs.webkit.org/show_bug.cgi?id=114403
-
-        Reviewed by Anders Carlsson.
-
-        Intercept putByIndex on the callback object and add tests
-        to make sure we don't regress in future.
-
-        * API/JSCallbackObject.h:
-        (JSCallbackObject):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::putByIndex):
-        (JSC):
-        * API/tests/testapi.c:
-        (PropertyCatchalls_setProperty):
-        * API/tests/testapi.js:
-
-2013-04-10  Benjamin Poulain  <bpoulain@apple.com>
-
-        Mass remove all the empty directories
-
-        Rubberstamped by Ryosuke Niwa.
-
-        * qt/api: Removed.
-        * qt/benchmarks/qscriptengine: Removed.
-        * qt/benchmarks/qscriptvalue: Removed.
-        * qt/tests/qscriptengine: Removed.
-        * qt/tests/qscriptstring: Removed.
-        * qt/tests/qscriptvalue: Removed.
-        * qt/tests/qscriptvalueiterator: Removed.
-
-2013-04-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSObject::getOwnNonIndexPropertyNames calculates numCacheableSlots incorrectly
-        https://bugs.webkit.org/show_bug.cgi?id=114235
-
-        Reviewed by Filip Pizlo.
-
-        If the object doesn't have any properties but the prototype does, we'll assume those prototype properties are 
-        accessible in the base object's backing store, which is bad.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getPropertyNames):
-        (JSC::JSObject::getOwnNonIndexPropertyNames):
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::setNumCacheableSlotsForObject):
-        (JSC::PropertyNameArray::setBaseObject):
-        (PropertyNameArray):
-
-2013-04-10  Patrick Gansterer  <paroga@webkit.org>
-
-        Remove code duplicates from MacroAssemblerARM
-        https://bugs.webkit.org/show_bug.cgi?id=104457
-
-        Reviewed by Oliver Hunt.
-
-        Reuse some existing methods to avoid duplicated code.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::store8):
-        (JSC::MacroAssemblerARM::store32):
-        (JSC::MacroAssemblerARM::swap):
-        (JSC::MacroAssemblerARM::add32):
-        (JSC::MacroAssemblerARM::sub32):
-
-2013-04-10  Michael Saboff  <msaboff@apple.com>
-
-        DFG: Negative size for new Array() interpreted as large unsigned int
-        https://bugs.webkit.org/show_bug.cgi?id=114366
-
-        Reviewed by Oliver Hunt.
-
-        Added new check in operationNewArrayWithSize() for a negative
-        size.  If size is negative throw a "RangeError: Array size is not a
-        small enough positive integer" exception.
-
-        * dfg/DFGOperations.cpp:
-
-2013-04-10  peavo@outlook.com  <peavo@outlook.com>
-
-        WinCairo build fails to link.
-        https://bugs.webkit.org/show_bug.cgi?id=114358
-
-        Reviewed by Brent Fulgham.
-
-        Export the symbol WTF::MD5::checksum().
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-08  Anders Carlsson  <andersca@apple.com>
-
-        Remove unneeded headers from FrameLoader.h
-        https://bugs.webkit.org/show_bug.cgi?id=114223
-
-        Reviewed by Geoffrey Garen.
-
-        Update for WTF changes.
-
-        * bytecode/SpeculatedType.h:
-        * runtime/JSCJSValue.h:
-
-2013-04-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed bitrotted TimeoutChecker code
-        https://bugs.webkit.org/show_bug.cgi?id=114336
-
-        Reviewed by Alexey Proskuryakov.
-
-        This mechanism hasn't worked for a while.
-
-        MarkL is working on a new version of this feature with a distinct
-        implementation.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShim::~APIEntryShim):
-        (JSC::APIEntryShim::init):
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGGPRInfo.h:
-        * jit/JIT.cpp:
-        * jit/JIT.h:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * jit/JSInterfaceJIT.h:
-        (JSInterfaceJIT):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendStringifiedValue):
-        (JSC::Walker::walk):
-        * runtime/TimeoutChecker.cpp: Removed.
-        * runtime/TimeoutChecker.h: Removed.
-
-2013-04-10  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION (r148073): WebKit Nightly r148082 crashes on launch in JSObjectSetPrivate
-        https://bugs.webkit.org/show_bug.cgi?id=114341
-
-        Reviewed by Alexey Proskuryakov.
-
-        Make JSObjectSetPrivate use uncheckedToJS as some clients
-        clear their private data during finalization for some reason.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectSetPrivate):
-
-2013-04-09  Oliver Hunt  <oliver@apple.com>
-
-        Add liveness tests to JSC API entry points
-        https://bugs.webkit.org/show_bug.cgi?id=114318
-
-        Reviewed by Geoffrey Garen.
-
-        Add simple checks for the existence of a method table on any
-        JSCells passed across the API.  This in turn forces a structure
-        validity test.
-
-        * API/APICast.h:
-        (toJS):
-        (toJSForGC):
-        (unsafeToJS):
-        * API/JSObjectRef.cpp:
-        (JSObjectGetPrivate):
-
-2013-04-09  Oliver Hunt  <oliver@apple.com>
-
-        Rollout last patch as it destroyed everything
-
-        * API/APICast.h:
-        (toJS):
-        (toJSForGC):
-
-2013-04-09  Oliver Hunt  <oliver@apple.com>
-
-        Add liveness tests to JSC API entry points
-        https://bugs.webkit.org/show_bug.cgi?id=114318
-
-        Reviewed by Filip Pizlo.
-
-        Add simple checks for the existence of a method table on any
-        JSCells passed across the API.  This in turn forces a structure
-        validity test.
-
-        * API/APICast.h:
-        (toJS):
-        (toJSForGC):
-
-2013-04-09  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        LLInt conditional branch compilation fault on MIPS.
-        https://bugs.webkit.org/show_bug.cgi?id=114264
-
-        Reviewed by Filip Pizlo.
-
-        Fix conditional branch compilation in LLInt offlineasm.
-
-        * offlineasm/mips.rb:
-
-2013-04-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSObject::getOwnNonIndexPropertyNames calculates numCacheableSlots incorrectly
-        https://bugs.webkit.org/show_bug.cgi?id=114235
-
-        Reviewed by Geoffrey Garen.
-
-        Due to the way that numCacheableSlots is currently calculated, checking an object's prototype for enumerable 
-        properties causes us not to cache any properties at all. We should only cache properties on the object itself
-        since we currently don't take advantage of any sort of name caching for properties in the prototype chain.
-        This fix undoes a ~2% SunSpider regression caused by http://trac.webkit.org/changeset/147570.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnNonIndexPropertyNames):
-
-2013-04-09  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Remove yarr.gyp
-        https://bugs.webkit.org/show_bug.cgi?id=114247
-
-        Reviewed by Benjamin Poulain.
-
-        * yarr/yarr.gyp: Removed.
-
-2013-04-08  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Remove JavaScriptCore.gyp/gypi
-        https://bugs.webkit.org/show_bug.cgi?id=114238
-
-        Reviewed by Benjamin Poulain.
-
-        * JavaScriptCore.gyp: Removed.
-        * JavaScriptCore.gyp/.gitignore: Removed.
-        * JavaScriptCore.gypi: Removed.
-
-2013-04-08  Vahag Vardanyan  <vaag@ispras.ru>
-
-        Adds fromCharCode intrinsic support.
-        https://bugs.webkit.org/show_bug.cgi?id=104807
-
-        Reviewed by Oliver Hunt.
-
-        Switch to using fromCharCode intrinsic instead of call operation in some cases.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileFromCharCode):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/StringConstructor.cpp:
-        (JSC::stringFromCharCode):
-        (JSC):
-        * runtime/StringConstructor.h:
-        (JSC):
-
-2013-04-08  Benjamin Poulain  <benjamin@webkit.org>
-
-        Remove HTML Notification
-        https://bugs.webkit.org/show_bug.cgi?id=114231
-
-        Reviewed by Ryosuke Niwa.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-04-05  Roger Fong  <roger_fong@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to inline string equality comparisons
-        https://bugs.webkit.org/show_bug.cgi?id=114224
-
-        Reviewed by Oliver Hunt.
-        
-        Inline 8-bit string equality, go to slow path for 16-bit strings. 2x speed-up for string equality
-        comparisons on 8-bit strings. 20-50% speed-up on JSRegress/HashMap tests. 30% speed-up on
-        string-fasta. 2% speed-up on SunSpider overall. Some small speed-ups elsewhere.
-
-        This is a gnarly change but we have loads of test coverage already between the HashMap tests and
-        preexisting DFG string equality tests (which appear to have been designed to test OSR exits, but
-        also give us good overall coverage on string equality behavior).
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        (JSC::DFG::SpeculativeJIT::compileStringEquality):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2013-04-08  Geoffrey Garen  <ggaren@apple.com>
-
-        Stop #include-ing all of JavaScriptCore in every DOM-related file
-        https://bugs.webkit.org/show_bug.cgi?id=114220
-
-        Reviewed by Sam Weinig.
-
-        I separated WeakInlines.h from Weak.h so WebCore data types that need
-        to declare a Weak<T> data member don't have to #include all of the
-        infrastructure for accessing that data member.
-
-        This also required separating Weak<T> from PassWeak<T> by removing the
-        WeakImplAccessor class template and pushing code down into its subclasses.
-
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/UnlinkedCodeBlock.h:
-        * heap/PassWeak.h:
-        (JSC):
-        (PassWeak):
-        (JSC::::PassWeak):
-        (JSC::::operator):
-        (JSC::::get):
-        * heap/SlotVisitorInlines.h:
-        * heap/Weak.h:
-        (JSC):
-        (Weak):
-        * heap/WeakInlines.h: Copied from Source/JavaScriptCore/heap/Weak.h.
-        (JSC):
-        (JSC::::Weak):
-        (JSC::::operator):
-        (JSC::::get):
-        (JSC::::was):
-        (JSC::weakClear):
-        * jit/JITThunks.h:
-        * runtime/RegExpCache.h:
-        * runtime/Structure.h:
-        * runtime/WeakGCMap.h:
-
-2013-04-05  Roger Fong  <roger_fong@apple.com>
-
-        Windows build fix fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-04-05  Roger Fong  <roger_fong@apple.com>
-
-        Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-08  Oliver Hunt  <oliver@apple.com>
-
-        Make resolve more robust in the face of lookup misses
-        https://bugs.webkit.org/show_bug.cgi?id=114211
-
-        Reviewed by Filip Pizlo.
-
-        This simply short circuits the resolve operations in the
-        event that we don't find a path to a property.  There's no
-        repro case for this happening unfortunately.
-
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-
-2013-04-08  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-
-2013-04-08  Justin Haygood  <jhaygood@reaktix.com>
-
-        Allow KeywordLookupGenerator.py to work on Windows with Windows style line endings
-        https://bugs.webkit.org/show_bug.cgi?id=63234
-
-        Reviewed by Oliver Hunt.
-
-        * KeywordLookupGenerator.py:
-        (parseKeywords):
-
-2013-04-08  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r146669): Assertion hit in JSC::DFG::SpeculativeJIT::fillSpeculateCell() running webgl tests
-        https://bugs.webkit.org/show_bug.cgi?id=114129
-        <rdar://problem/13594898>
-
-        Reviewed by Darin Adler.
-        
-        The check to see if we need a cell check when simplifying a GetById or PutById needs to be hoisted to
-        above where we abstractly execute the instruction, since after we abstracting execute it, it will
-        seem like it no longer needs the cell check.
-
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-
-2013-04-07  Oliver Hunt  <oliver@apple.com>
-
-        Add bounds checking for WTF::Vector::operator[]
-        https://bugs.webkit.org/show_bug.cgi?id=89600
-
-        Reviewed by Filip Pizlo.
-
-        Make a few JSC classes opt-out of release mode bounds checking.
-
-        * assembler/AssemblerBuffer.h:
-        (AssemblerBuffer):
-        * assembler/AssemblerBufferWithConstantPool.h:
-        (AssemblerBufferWithConstantPool):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC):
-        (JSC::replaceExistingEntries):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
-        (JSC::CodeBlock::callReturnIndexVector):
-        (JSC::CodeBlock::codeOrigins):
-        (RareData):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC::UnlinkedEvalCodeBlock::adoptVariables):
-        (UnlinkedEvalCodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitNewArray):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (CallArguments):
-        (JSC::BytecodeGenerator::instructions):
-        (BytecodeGenerator):
-        * bytecompiler/StaticPropertyAnalysis.h:
-        (JSC::StaticPropertyAnalysis::create):
-        (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis):
-        (StaticPropertyAnalysis):
-        * bytecompiler/StaticPropertyAnalyzer.h:
-        (StaticPropertyAnalyzer):
-        (JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * parser/ASTBuilder.h:
-        (ASTBuilder):
-        * runtime/ArgList.h:
-        (MarkedArgumentBuffer):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort):
-
-2013-04-07  Benjamin Poulain  <benjamin@webkit.org>
-
-        Use Vector::reserveInitialCapacity() when possible in JavaScriptCore runtime
-        https://bugs.webkit.org/show_bug.cgi?id=114111
-
-        Reviewed by Andreas Kling.
-
-        Almost all the code was already using Vector::reserveInitialCapacity()
-        and Vector::uncheckedAppend(). Fix the remaining parts.
-
-        * runtime/ArgList.h:
-        (MarkedArgumentBuffer): The type VectorType is unused.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncSort):
-        Move the variable closer to where it is needed.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::setLengthWithArrayStorage):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertyNames):
-
-2013-04-07  Patrick Gansterer  <paroga@webkit.org>
-
-        Remove references to Skia and V8 from CMake files
-        https://bugs.webkit.org/show_bug.cgi?id=114130
-
-        Reviewed by Geoffrey Garen.
-
-        * shell/PlatformBlackBerry.cmake:
-
-2013-04-07  David Kilzer  <ddkilzer@apple.com>
-
-        Remove the rest of SVG_DOM_OBJC_BINDINGS
-        <http://webkit.org/b/114112>
-
-        Reviewed by Geoffrey Garen.
-
-        * Configurations/FeatureDefines.xcconfig:
-        - Remove ENABLE_SVG_DOM_OBJC_BINDINGS macro.
-
-2013-04-07  Oliver Hunt  <oliver@apple.com>
-
-        Inspector should display information about non-object exceptions
-        https://bugs.webkit.org/show_bug.cgi?id=114123
-
-        Reviewed by Adele Peterson.
-
-        Make sure we store the right stack information, even when throwing
-        a primitive.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::clearSupplementaryExceptionInfo):
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::throwException):
-
-2013-04-06  Oliver Hunt  <oliver@apple.com>
-
-        Unify the many and varied stack trace mechanisms, and make the result sane.
-        https://bugs.webkit.org/show_bug.cgi?id=114072
-
-        Reviewed by Filip Pizlo.
-
-        Makes JSC::StackFrame record the bytecode offset and other necessary data
-        rather than requiring us to perform eager evaluation of the line number, etc.
-        Then remove most of the users of retrieveLastCaller, as most of them were
-        using it to create a stack trace in a fairly incomplete and inefficient way.
-
-        StackFrame now also has a couple of helpers to get the line and column info.
-
-        * API/JSContextRef.cpp:
-        (JSContextCreateBacktrace):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getBytecodeOffsetForCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::StackFrame::line):
-        (JSC::StackFrame::column):
-        (JSC::StackFrame::expressionInfo):
-        (JSC::StackFrame::toString):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        * interpreter/Interpreter.h:
-        (StackFrame):
-        (Interpreter):
-        * runtime/Error.cpp:
-        (JSC::throwError):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-
-2013-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed v8 bindings hooks from IDL files
-        https://bugs.webkit.org/show_bug.cgi?id=114091
-
-        Reviewed by Anders Carlsson and Sam Weinig.
-
-        * heap/HeapStatistics.h:
-
-2013-04-03  Roger Fong  <roger_fong@apple.com>
-
-        Windows VS2010 build fix.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-06  Zan Dobersek  <zdobersek@igalia.com>
-
-        Remove the remaining PLATFORM(CHROMIUM) guard in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=114082
-
-        Reviewed by Ryosuke Niwa.
-
-        * runtime/JSExportMacros.h: Remove the remaining PLATFORM(CHROMIUM) guard.
-
-2013-04-06  Ed Bartosh  <bartosh@gmail.com>
-
-        --minimal build fails with error: control reaches end of non-void function
-        https://bugs.webkit.org/show_bug.cgi?id=114085
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp: return 0 if JIT is not enabled
-        (JSC::getBytecodeOffsetForCallFrame):
-
-2013-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        Added back a symbol that is exported.
-
-2013-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        Removed symbols that aren't exported.
-
-2013-04-06  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolled out 147820 and 147818 because they caused plugins tests to ASSERT
-        https://bugs.webkit.org/show_bug.cgi?id=114094
-
-        Reviewed by Anders Carlsson.
-
-        * API/JSContextRef.cpp:
-        (JSContextCreateBacktrace):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getLineNumberForCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        * interpreter/Interpreter.h:
-        (StackFrame):
-        (JSC::StackFrame::toString):
-        (JSC::StackFrame::friendlyLineNumber):
-        (Interpreter):
-        * runtime/Error.cpp:
-        (JSC::throwError):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-
-2013-04-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed build fix after r146932.
-
-        * profiler/ProfilerDatabase.cpp:
-        (Profiler):
-
-2013-04-06  Patrick Gansterer  <paroga@webkit.org>
-
-        Do not call getenv() on Windows CE where it does not exist.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2013-04-05  Benjamin Poulain  <benjamin@webkit.org>
-
-        Second attempt to fix the Windows bot
-
-        Unreviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-05  Benjamin Poulain  <bpoulain@apple.com>
-
-        Attempt to fix the Windows bot
-
-        Unreviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        r147825 removed the symbol for nullptr_t. Add it back.
-
-2013-04-02  Roger Fong  <roger_fong@apple.com>
-
-        Build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getBytecodeOffsetForCallFrame):
-
-2013-04-05  Oliver Hunt  <oliver@apple.com>
-
-        Unify the many and varied stack trace mechanisms, and make the result sane.
-        https://bugs.webkit.org/show_bug.cgi?id=114072
-
-        Reviewed by Filip Pizlo.
-
-        Makes JSC::StackFrame record the bytecode offset and other necessary data
-        rather than requiring us to perform eager evaluation of the line number, etc.
-        Then remove most of the users of retrieveLastCaller, as most of them were
-        using it to create a stack trace in a fairly incomplete and inefficient way.
-
-        StackFrame now also has a couple of helpers to get the line and column info.
-
-        * API/JSContextRef.cpp:
-        (JSContextCreateBacktrace):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getBytecodeOffsetForCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::StackFrame::line):
-        (JSC::StackFrame::column):
-        (JSC::StackFrame::expressionInfo):
-        (JSC::StackFrame::toString):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-        * interpreter/Interpreter.h:
-        (StackFrame):
-        (Interpreter):
-        * runtime/Error.cpp:
-        (JSC::throwError):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-
-2013-04-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        tryCacheGetByID sets StructureStubInfo accessType to an incorrect value
-        https://bugs.webkit.org/show_bug.cgi?id=114068
-
-        Reviewed by Geoffrey Garen.
-
-        In the case where we have a non-Value cacheable property, we set the StructureStubInfo accessType to 
-        get_by_id_self, but then we don't patch self and instead patch in a get_by_id_self_fail. This leads to 
-        incorrect profiling data so when the DFG compiles the function, it uses a GetByOffset rather than a GetById, 
-        which leads to loading a GetterSetter directly out of an object.
-
-        * jit/JITStubs.cpp:
-        (JSC::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2013-04-05  Filip Pizlo  <fpizlo@apple.com>
-
-        If CallFrame::trueCallFrame() knows that it's about to read garbage instead of a valid CodeOrigin/InlineCallFrame, then it should give up and return 0 and all callers should be robust against this
-        https://bugs.webkit.org/show_bug.cgi?id=114062
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::canGetCodeOrigin):
-        (CodeBlock):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallFrame):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::getStackTrace):
-
-2013-04-05  Geoffrey Garen  <ggaren@apple.com>
-
-        Made USE(JSC) unconditional
-        https://bugs.webkit.org/show_bug.cgi?id=114058
-
-        Reviewed by Anders Carlsson.
-
-        * config.h:
-
-2013-04-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, rolling out http://trac.webkit.org/changeset/147729
-
-        It's causing a bunch of breakage on some more strict compilers:
-        <inline asm>:1267:2: error: ambiguous instructions require an explicit suffix (could be 'ficomps', or 'ficompl')
-
-        * offlineasm/x86.rb:
-
-2013-04-05  Roger Fong  <roger_fong@apple.com>
-
-        More VS2010 solution makefile fixes.
-        <rdar://problem/13588964>
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.make:
-
-2013-04-05  Allan Sandfeld Jensen  <allan.jensen@digia.com>
-
-        LLint should be able to use x87 instead of SSE for floating pointer
-
-        https://bugs.webkit.org/show_bug.cgi?id=112239
-
-        Reviewed by Filip Pizlo.
-
-        Implements LLInt floating point operations in x87, to ensure we support
-        x86 without SSE2.
-
-        X86 (except 64bit) now defaults to using x87 instructions in order to
-        support all 32bit x86 back to i686. The implementation uses the fucomi
-        instruction from i686 which sets the new minimum.
-
-        * offlineasm/x86.rb:
-
-2013-04-04  Christophe Dumez  <ch.dumez@sisa.samsung.com>
-
-        Unreviewed EFL build fix.
-
-        We had undefined reference to `JSC::CodeOrigin::maximumBytecodeIndex'.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::findClosureCallForReturnPC):
-        (JSC::CodeBlock::bytecodeOffset):
-
-2013-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Stop pretending that statements return a value
-        https://bugs.webkit.org/show_bug.cgi?id=113969
-
-        Reviewed by Oliver Hunt.
-
-        Expressions have an intrinsic value, which they return to their parent
-        in the AST.
-
-        Statements just execute for effect in sequence.
-
-        This patch moves emitBytecode into the ExpressionNode and StatementNode
-        subclasses, and changes the SatementNode subclass to return void. This
-        eliminates some cruft where we used to return 0, or try to save a bogus
-        register and return it, as if a statement had a consuming parent in the
-        AST.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNode):
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitNodeInConditionContext):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::BlockNode::emitBytecode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::DebuggerStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::CaseClauseNode::emitBytecode):
-        (JSC::CaseBlockNode::emitBytecodeForBlock):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        (JSC::ScopeNode::emitStatementsBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        (JSC::FuncDeclNode::emitBytecode):
-        * parser/NodeConstructors.h:
-        (JSC::PropertyListNode::PropertyListNode):
-        (JSC::ArgumentListNode::ArgumentListNode):
-        * parser/Nodes.h:
-        (Node):
-        (ExpressionNode):
-        (StatementNode):
-        (ConstStatementNode):
-        (BlockNode):
-        (EmptyStatementNode):
-        (DebuggerStatementNode):
-        (ExprStatementNode):
-        (VarStatementNode):
-        (IfNode):
-        (IfElseNode):
-        (DoWhileNode):
-        (WhileNode):
-        (ForNode):
-        (ForInNode):
-        (ContinueNode):
-        (BreakNode):
-        (ReturnNode):
-        (WithNode):
-        (LabelNode):
-        (ThrowNode):
-        (TryNode):
-        (ProgramNode):
-        (EvalNode):
-        (FunctionBodyNode):
-        (FuncDeclNode):
-        (CaseBlockNode):
-        (SwitchNode):
-
-2013-04-04  Oliver Hunt  <oliver@apple.com>
-
-        Exception stack unwinding doesn't handle inline callframes correctly
-        https://bugs.webkit.org/show_bug.cgi?id=113952
-
-        Reviewed by Geoffrey Garen.
-
-        The basic problem here is that the exception stack unwinding was
-        attempting to be "clever" and avoid doing a correct stack walk
-        as it "knew" inline callframes couldn't have exception handlers.
-
-        This used to be safe as the exception handling machinery was
-        designed to fail gently and just claim that no handler existed.
-        This was "safe" and even "correct" inasmuch as we currently
-        don't run any code with exception handlers through the dfg.
-
-        This patch fixes the logic by simply making everything uniformly
-        use the safe stack walking machinery, and making the correct
-        boundary checks occur everywhere that they should.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::findClosureCallForReturnPC):
-        (JSC::CodeBlock::bytecodeOffset):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::getCallerInfo):
-        (JSC::Interpreter::getStackTrace):
-        (JSC::Interpreter::retrieveCallerFromVMCode):
-
-2013-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed a defunct comment
-        https://bugs.webkit.org/show_bug.cgi?id=113948
-
-        Reviewed by Oliver Hunt.
-
-        This is also a convenient way to test the EWS.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC):
-
-2013-04-04  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Remove the gyp build
-        https://bugs.webkit.org/show_bug.cgi?id=113942
-
-        Reviewed by Gustavo Noronha Silva.
-
-        * JavaScriptCore.gyp/JavaScriptCoreGTK.gyp: Removed.
-        * JavaScriptCore.gyp/redirect-stdout.sh: Removed.
-
-2013-04-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Simplified bytecode generation by merging prefix and postfix nodes
-        https://bugs.webkit.org/show_bug.cgi?id=113925
-
-        Reviewed by Filip Pizlo.
-
-        PostfixNode now inherits from PrefixNode, so when we detect that we're
-        in a context where postifx and prefix are equivalent, PostFixNode can
-        just call through to PrefixNode codegen, instead of duplicating the
-        logic.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PostfixNode::emitResolve):
-        (JSC::PostfixNode::emitBracket):
-        (JSC::PostfixNode::emitDot):
-        * parser/NodeConstructors.h:
-        (JSC::PostfixNode::PostfixNode):
-        * parser/Nodes.h:
-        (JSC):
-        (PrefixNode):
-        (PostfixNode):
-
-2013-04-04  Andras Becsi  <andras.becsi@digia.com>
-
-        Fix the build with GCC 4.8
-        https://bugs.webkit.org/show_bug.cgi?id=113147
-
-        Reviewed by Allan Sandfeld Jensen.
-
-        Initialize JSObject* exception to suppress warnings that make
-        the build fail because of -Werror=maybe-uninitialized.
-
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2013-04-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        get_by_pname can become confused when iterating over objects with static properties
-        https://bugs.webkit.org/show_bug.cgi?id=113831
-
-        Reviewed by Geoffrey Garen.
-
-        get_by_pname doesn't take static properties into account when using a JSPropertyNameIterator to directly 
-        access an object's backing store. One way to fix this is to not cache any properties when iterating over 
-        objects with static properties. This patch fixes the bug that was originally reported on swisscom.ch.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnNonIndexPropertyNames):
-        * runtime/JSPropertyNameIterator.cpp:
-        (JSC::JSPropertyNameIterator::create):
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (JSC::PropertyNameArray::numCacheableSlots):
-        (JSC::PropertyNameArray::setNumCacheableSlots):
-        (PropertyNameArray):
-
-2013-04-02  Geoffrey Garen  <ggaren@apple.com>
-
-        DFG should compile a little sooner
-        https://bugs.webkit.org/show_bug.cgi?id=113835
-
-        Unreviewed.
-
-        Rolled out r147511 because it was based on incorrect performance
-        measurement.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::optimizationThresholdScalingFactor):
-
-2013-04-02  Geoffrey Garen  <ggaren@apple.com>
-
-        DFG should compile a little sooner
-        https://bugs.webkit.org/show_bug.cgi?id=113835
-
-        Reviewed by Michael Saboff.
-
-        2% speedup on SunSpider.
-
-        2% speedup on JSRegress.
-
-        Neutral on Octane, v8, and Kraken.
-
-        The worst-hit single sub-test is kraken-stanford-crypto-ccm.js, which gets
-        18% slower. Since Kraken is neutral overall in its preferred mean, I
-        think that's OK for now.
-
-        (Our array indexing speculation fails pathologically on
-        kraken-stanford-crypto-ccm.js. Compiling sooner is a regression because
-        it triggers those failures sooner. I'm going to file some follow-up bugs
-        explaining how to fix our speculations on this sub-test, at which point
-        compiling earlier should become a slight speedup on Kraken overall.)
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::optimizationThresholdScalingFactor): I experimented
-        with a few different options, including reducing the coefficient 'a'.
-        A simple linear reduction on instruction count worked best.
-
-2013-04-01  Benjamin Poulain  <benjamin@webkit.org>
-
-        Use Vector::reserveInitialCapacity and Vector::uncheckedAppend for JSC's APIs
-        https://bugs.webkit.org/show_bug.cgi?id=113651
-
-        Reviewed by Andreas Kling.
-
-        This removes a bunch of branches on initialization and when
-        filling the vector.
-
-        * API/JSCallbackConstructor.cpp:
-        (JSC::constructJSCallback):
-        * API/JSCallbackFunction.cpp:
-        (JSC::JSCallbackFunction::call):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::construct):
-        (JSC::::call):
-        * API/JSObjectRef.cpp:
-        (JSObjectCopyPropertyNames):
-
-2013-04-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fixing borked VS 2010 project file
-
-        Unreviewed bot greening.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-
-2013-04-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        One more Windows build fix
-
-        Unreviewed.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-04-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        More build fallout fixes.
-
-        Unreviewed build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Add new export symbols.
-        * heap/SuperRegion.cpp: Windows didn't like "LLU". 
-
-2013-04-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        r147324 broke the world
-        https://bugs.webkit.org/show_bug.cgi?id=113704
-
-        Unreviewed build fix.
-
-        Remove a bunch of unused variables and use the correctly sized types for 32-bit platforms.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        * heap/BlockAllocator.h:
-        (BlockAllocator):
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        * heap/SuperRegion.cpp:
-        (JSC::SuperRegion::SuperRegion):
-        * heap/SuperRegion.h:
-        (SuperRegion):
-
-2013-04-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        32-bit Windows build fix
-
-        Unreviewed build fix.
-
-        * heap/SuperRegion.cpp:
-        * heap/SuperRegion.h: Use uint64_t instead of size_t.
-        (SuperRegion):
-
-2013-04-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        EFL build fix
-
-        Unreviewed build fix.
-
-        * CMakeLists.txt:
-
-2013-03-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Regions should be allocated from the same contiguous segment of virtual memory
-        https://bugs.webkit.org/show_bug.cgi?id=113662
-
-        Reviewed by Filip Pizlo.
-
-        Instead of letting the OS spread our Regions all over the place, we should allocate them all within 
-        some range of each other. This change will open the door to some other optimizations, e.g. doing simple 
-        range checks for our write barriers and compressing JSCell pointers to 32-bits.
-
-        Added new SuperRegion class that encapsulates allocating Regions from a contiguous reserved chunk of 
-        virtual address space. It functions very similarly to the FixedVMPoolExecutableAllocator class used by the JIT.
-
-        Also added two new subclasses of Region, NormalRegion and ExcessRegion. 
-        
-        NormalRegion is the type of Region that is normally allocated when there is available space remaining 
-        in the SuperRegion. If we ever run out of space in the SuperRegion, we fall back to allocating 
-        ExcessRegions, which are identical to how Regions have behaved up until now, i.e. they contain a 
-        PageAllocationAligned.
-
-        We only use the SuperRegion (and NormalRegions) on 64-bit systems, since it doesn't make sense to reserve the 
-        entire 4 GB address space on 32-bit systems just for the JS heap.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        * heap/BlockAllocator.h:
-        (JSC):
-        (BlockAllocator):
-        (JSC::BlockAllocator::allocate):
-        (JSC::BlockAllocator::allocateCustomSize):
-        (JSC::BlockAllocator::deallocateCustomSize):
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC):
-        (JSC::Heap::didExceedFixedHeapSizeLimit):
-        * heap/Heap.h:
-        (Heap):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        * heap/Region.h:
-        (Region):
-        (JSC):
-        (NormalRegion):
-        (JSC::NormalRegion::base):
-        (JSC::NormalRegion::size):
-        (ExcessRegion):
-        (JSC::ExcessRegion::base):
-        (JSC::ExcessRegion::size):
-        (JSC::NormalRegion::NormalRegion):
-        (JSC::NormalRegion::tryCreate):
-        (JSC::NormalRegion::tryCreateCustomSize):
-        (JSC::NormalRegion::reset):
-        (JSC::ExcessRegion::ExcessRegion):
-        (JSC::ExcessRegion::~ExcessRegion):
-        (JSC::ExcessRegion::create):
-        (JSC::ExcessRegion::createCustomSize):
-        (JSC::ExcessRegion::reset):
-        (JSC::Region::Region):
-        (JSC::Region::initializeBlockList):
-        (JSC::Region::create):
-        (JSC::Region::createCustomSize):
-        (JSC::Region::~Region):
-        (JSC::Region::destroy):
-        (JSC::Region::reset):
-        (JSC::Region::deallocate):
-        (JSC::Region::base):
-        (JSC::Region::size):
-        * heap/SuperRegion.cpp: Added.
-        (JSC):
-        (JSC::SuperRegion::SuperRegion):
-        (JSC::SuperRegion::getAlignedBase):
-        (JSC::SuperRegion::allocateNewSpace):
-        (JSC::SuperRegion::notifyNeedPage):
-        (JSC::SuperRegion::notifyPageIsFree):
-        * heap/SuperRegion.h: Added.
-        (JSC):
-        (SuperRegion):
-
-2013-04-01  Benjamin Poulain  <benjamin@webkit.org>
-
-        Remove an unused variable from the ARMv7 Assembler
-        https://bugs.webkit.org/show_bug.cgi?id=113653
-
-        Reviewed by Andreas Kling.
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-
-2013-03-31  Adam Barth  <abarth@webkit.org>
-
-        [Chromium] Yarr should build using a separate GYP file from JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=113652
-
-        Reviewed by Nico Weber.
-
-        This patch moves JavaScriptCore.gyp to yarr.gyp because Chromium only
-        uses this GYP file to build yarr.
-
-        * JavaScriptCore.gyp/JavaScriptCoreGTK.gyp:
-        * JavaScriptCore.gypi:
-        * yarr/yarr.gyp: Renamed from Source/JavaScriptCore/JavaScriptCore.gyp/JavaScriptCore.gyp.
-
-2013-03-31  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix a comment. While thinking about TBAA for array accesses,
-        I realized that we have to be super careful about aliasing of typed arrays.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-
-2013-03-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Move Region into its own header
-        https://bugs.webkit.org/show_bug.cgi?id=113617
-
-        Reviewed by Geoffrey Garen.
-
-        BlockAllocator.h is getting a little crowded. We should move the Region class into its own 
-        header, since it's pretty independent from the BlockAllocator.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/BlockAllocator.h:
-        (JSC):
-        * heap/Region.h: Added.
-        (JSC):
-        (DeadBlock):
-        (JSC::DeadBlock::DeadBlock):
-        (Region):
-        (JSC::Region::blockSize):
-        (JSC::Region::isFull):
-        (JSC::Region::isEmpty):
-        (JSC::Region::isCustomSize):
-        (JSC::Region::create):
-        (JSC::Region::createCustomSize):
-        (JSC::Region::Region):
-        (JSC::Region::~Region):
-        (JSC::Region::reset):
-        (JSC::Region::allocate):
-        (JSC::Region::deallocate):
-
-2013-03-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Remove -[JSManagedValue managedValueWithValue:owner:]
-        https://bugs.webkit.org/show_bug.cgi?id=113602
-
-        Reviewed by Geoffrey Garen.
-
-        Since we put the primary way of keeping track of external object graphs (i.e. "managed" references) 
-        in JSVirtualMachine, there is some overlap in the functionality of that interface and JSManagedValue.
-        Specifically, we no longer need the methods that include an owner, since ownership is now tracked 
-        by JSVirtualMachine. These JSManagedValues will become weak pointers unless they are used 
-        with [JSVirtualMachine addManagedReference:withOwner:], in which case their lifetime is tied to that 
-        of their owner.
-
-        * API/JSManagedValue.h:
-        * API/JSManagedValue.mm:
-        (-[JSManagedValue init]):
-        (-[JSManagedValue initWithValue:]):
-        (JSManagedValueHandleOwner::isReachableFromOpaqueRoots):
-        * API/JSVirtualMachine.mm:
-        (getInternalObjcObject):
-        * API/tests/testapi.mm:
-        (-[TextXYZ setOnclick:]):
-        (-[TextXYZ dealloc]):
-
-2013-03-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Simplified bytecode generation by unforking "condition context" codegen
-        https://bugs.webkit.org/show_bug.cgi?id=113554
-
-        Reviewed by Mark Hahnenberg.
-
-        Now, a node that establishes a condition context can always ask its child
-        nodes to generate into that context.
-
-        This has a few advantages:
-
-        (*) Removes a bunch of code;
-
-        (*) Optimizes a few missed cases like "if (!(x < 2))", "if (!!x)", and
-        "if (!x || !y)";
-
-        (*) Paves the way to removing more opcodes.
-
-        * bytecode/Opcode.h:
-        (JSC): Separated out the branching opcodes for clarity.
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ExpressionNode::emitBytecodeInConditionContext): All expressions
-        can be emitted in a condition context now -- the default behavior is
-        to branch based on the expression's value.
-
-        (JSC::LogicalNotNode::emitBytecodeInConditionContext):
-        (JSC::LogicalOpNode::emitBytecodeInConditionContext):
-        (JSC::ConditionalNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::isSubtract):
-        (ExpressionNode):
-        (LogicalNotNode):
-        (LogicalOpNode): Removed lots of code for handling expressions
-        that couldn't generate into a condition context because all expressions
-        can now.
-
-2013-03-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Simplified the bytecode by removing op_loop and op_loop_if_*
-        https://bugs.webkit.org/show_bug.cgi?id=113548
-
-        Reviewed by Filip Pizlo.
-
-        Regular jumps will suffice.
-
-        These opcodes are identical to branches, except they also do timeout
-        checking. That style of timeout checking has been broken for a long 
-        time, and when we add back timeout checking, it won't use these opcodes.
-
-        * JavaScriptCore.order:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/PreciseJumpTargets.cpp:
-        (JSC::computePreciseJumpTargets):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitJump):
-        (JSC::BytecodeGenerator::emitJumpIfTrue):
-        (JSC::BytecodeGenerator::emitJumpIfFalse):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        (JSC):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2013-03-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Simplified the bytecode by removing op_jmp_scopes
-        https://bugs.webkit.org/show_bug.cgi?id=113545
-
-        Reviewed by Filip Pizlo.
-
-        We already have op_pop_scope and op_jmp, so we don't need op_jmp_scopes.
-        Using op_jmp_scopes was also adding a "jump to self" to codegen for
-        return statements, which was pretty silly.
-
-        * JavaScriptCore.order:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecode/Opcode.h:
-        (JSC::padOpcodeName):
-        * bytecode/PreciseJumpTargets.cpp:
-        (JSC::computePreciseJumpTargets):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitComplexPopScopes):
-        (JSC::BytecodeGenerator::emitPopScopes):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        * llint/LLIntSlowPaths.h:
-        * llint/LowLevelInterpreter.asm:
-
-2013-03-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Safari hangs during test262 run in CodeCache::pruneSlowCase
-        https://bugs.webkit.org/show_bug.cgi?id=113469
-
-        Reviewed by Geoffrey Garen.
-
-        We can end up hanging for quite some time if we add a lot of small keys to the CodeCache.
-        By the time we get around to pruning the cache, we have a potentially tens or hundreds of 
-        thousands of small entries, which can cause a noticeable hang when pruning them.
-
-        To fix this issue we added a hard cap to the number of entries in the cache because we 
-        could potentially have to remove every element in the map.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCacheMap::pruneSlowCase): We need to prune until we're both under the hard cap and the
-        capacity in bytes.
-        * runtime/CodeCache.h:
-        (CodeCacheMap):
-        (JSC::CodeCacheMap::numberOfEntries): Convenience accessor function to the number of entries in 
-        the map that does the cast to size_t of m_map.size() for us. 
-        (JSC::CodeCacheMap::canPruneQuickly): Checks that the total number is under the hard cap. We put this 
-        check inside a function to more accurately describe why we're doing the check and to abstract out 
-        the actual calculation in case we want to coalesce calls to pruneSlowCase in the future.
-        (JSC::CodeCacheMap::prune): Check the number of entries against our hard cap. If it's greater than
-        the cap then we need to drop down to pruneSlowCase.
-
-2013-03-28  Zan Dobersek  <zdobersek@igalia.com>
-
-        Unreviewed build fix for the EFL and GTK ports.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCacheMap::pruneSlowCase): Pass a 0 casted to the int64_t type instead of 0LL
-        to the std::max call so the arguments' types match.
-
-2013-03-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed build fix: Removed a dead field.
-
-        Pointed out by Mark Lam.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (ByteCodeParser):
-
-2013-03-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed build fix: Removed a dead field.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::ByteCodeParser):
-        (ByteCodeParser):
-
-2013-03-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed some dead code in the DFG bytecode parser
-        https://bugs.webkit.org/show_bug.cgi?id=113472
-
-        Reviewed by Sam Weinig.
-
-        Now that Phi creation and liveness analysis are separate passes, we can
-        remove the vestiges of code that used to do that in the bytecode
-        parser.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::parse):
-
-2013-03-27  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT and DFG should NaN-check loads from Float32 arrays
-        https://bugs.webkit.org/show_bug.cgi?id=113462
-        <rdar://problem/13490804>
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitFloatTypedArrayGetByVal):
-
-2013-03-27  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        CodeCache::m_capacity can becoming negative, producing undefined results in pruneSlowCase
-        https://bugs.webkit.org/show_bug.cgi?id=113453
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCacheMap::pruneSlowCase): We make sure that m_minCapacity doesn't drop below zero now.
-        This prevents m_capacity from doing the same.
-
-2013-03-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should use CheckStructure for typed array checks whenever possible
-        https://bugs.webkit.org/show_bug.cgi?id=113374
-
-        Reviewed by Geoffrey Garen.
-        
-        We used to do the right thing, but it appears that this regressed at some point. Since the
-        FixupPhase now has the ability to outright remove spurious CheckStructures on array
-        operations, it is profitable for the ByteCodeParser to insert CheckStructures whenver there
-        is a chance that it might be profitable, and when the profiling tells us what structure to
-        check.
-        
-        Also added some code for doing ArrayProfile debugging.
-        
-        This is a slightly speed-up. Maybe 3% on Mandreel.
-
-        * bytecode/ArrayProfile.cpp:
-        (JSC::ArrayProfile::computeUpdatedPrediction):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::ArrayMode::benefitsFromStructureCheck):
-
-2013-03-27  Zeno Albisser  <zeno@webkit.org>
-
-        [Qt] Remove Qt specific WorkQueueItem definitions.
-        https://bugs.webkit.org/show_bug.cgi?id=112891
-
-        This patch is preparation work for removing
-        WorkQueue related code from TestRunnerQt and
-        replacing it with generic TestRunner code.
-
-        Reviewed by Benjamin Poulain.
-
-        * API/JSStringRefQt.cpp:
-        (JSStringCreateWithQString):
-            Adding a convenience function to create a
-            JSStringRef from a QString.
-        * API/JSStringRefQt.h:
-
-2013-03-26  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION: Sometimes, operations on proven strings ignore changes to the string prototype
-        https://bugs.webkit.org/show_bug.cgi?id=113353
-        <rdar://problem/13510778>
-
-        Reviewed by Mark Hahnenberg and Geoffrey Garen.
-        
-        ToString should call speculateStringObject() even if you know that it's a string object, since
-        it calls it to also get the watchpoint. Note that even with this change, if you do
-        Phantom(Check:StringObject:@a), it might get eliminated just because we proved that @a is a
-        string object (thereby eliminating the prototype watchpoint); that's fine since ToString is
-        MustGenerate and never decays to Phantom.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
-        (JSC::DFG::SpeculativeJIT::speculateStringObject):
-        (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
-
-2013-03-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        REGRESSION(r144131): It made fast/js/regress/string-repeat-arith.html assert on 32 bit
-        https://bugs.webkit.org/show_bug.cgi?id=112106
-
-        Rubber stamped by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32): Get rid of the case for constants because
-        we would have done constant folding anyways on a ValueToInt32.
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): Fixed a random compile error with this flag enabled.
-
-2013-03-26  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC_enableProfiler=true should also cause JSGlobalData to save the profiler output somewhere
-        https://bugs.webkit.org/show_bug.cgi?id=113144
-
-        Reviewed by Geoffrey Garen.
-        
-        Forgot to include Geoff's requested change in the original commit.
-
-        * profiler/ProfilerDatabase.cpp:
-        (Profiler):
-
-2013-03-25  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC_enableProfiler=true should also cause JSGlobalData to save the profiler output somewhere
-        https://bugs.webkit.org/show_bug.cgi?id=113144
-
-        Reviewed by Geoffrey Garen.
-        
-        Added the ability to save profiler output with JSC_enableProfiler=true. It will save it
-        to the current directory, or JSC_PROFILER_PATH if the latter was specified.
-        
-        This works by saving the Profiler::Database either when it is destroyed or atexit(),
-        whichever happens first.
-        
-        This allows use of the profiler from any WebKit client.
-
-        * jsc.cpp:
-        (jscmain):
-        * profiler/ProfilerDatabase.cpp:
-        (Profiler):
-        (JSC::Profiler::Database::Database):
-        (JSC::Profiler::Database::~Database):
-        (JSC::Profiler::Database::registerToSaveAtExit):
-        (JSC::Profiler::Database::addDatabaseToAtExit):
-        (JSC::Profiler::Database::removeDatabaseFromAtExit):
-        (JSC::Profiler::Database::performAtExitSave):
-        (JSC::Profiler::Database::removeFirstAtExitDatabase):
-        (JSC::Profiler::Database::atExitCallback):
-        * profiler/ProfilerDatabase.h:
-        (JSC::Profiler::Database::databaseID):
-        (Database):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2013-03-25  Filip Pizlo  <fpizlo@apple.com>
-
-        ArrayMode should not consider SpecOther when refining the base
-        https://bugs.webkit.org/show_bug.cgi?id=113271
-
-        Reviewed by Geoffrey Garen.
-        
-        9% speed-up on Octane/pdfjs.
-
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::refine):
-
-2013-03-26  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Fix unused parameter warnings in JITInlines.h
-        https://bugs.webkit.org/show_bug.cgi?id=112560
-
-        Reviewed by Zoltan Herczeg.
-
-        * jit/JITInlines.h:
-        (JSC::JIT::beginUninterruptedSequence):
-        (JSC::JIT::endUninterruptedSequence):
-        (JSC):
-
-2013-03-25  Kent Tamura  <tkent@chromium.org>
-
-        Rename ENABLE_INPUT_TYPE_DATETIME
-        https://bugs.webkit.org/show_bug.cgi?id=113254
-
-        Reviewed by Kentaro Hara.
-
-        Rename ENABLE_INPUT_TYPE_DATETIME to ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE.
-        Actually I'd like to remove the code, but we shouldn't remove it yet
-        because we shipped products with it on some platforms.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-25  Mark Lam  <mark.lam@apple.com>
-
-        Offlineasm cloop backend compiles op+branch incorrectly.
-        https://bugs.webkit.org/show_bug.cgi?id=113146.
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGRepatch.h:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-        - These functions never return when the DFG is dsiabled, not just when
-          asserts are enabled. Changing the attribute from NO_RETURN_DUE_TO_ASSERT
-          to NO_RETURN.
-        * llint/LLIntOfflineAsmConfig.h:
-        - Added some #defines needed to get the cloop building again.
-        * offlineasm/cloop.rb:
-        - Fix cloopEmitOpAndBranchIfOverflow() and cloopEmitOpAndBranch() to
-          emit code that unconditionally executes the specified operation before
-          doing the conditional branch.
-
-2013-03-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSObject::enterDictionaryIndexingMode doesn't have a case for ALL_BLANK_INDEXING_TYPES
-        https://bugs.webkit.org/show_bug.cgi?id=113236
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::enterDictionaryIndexingMode): We forgot blank indexing types.
-
-2013-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        HandleSet should use HeapBlocks for storing handles
-        https://bugs.webkit.org/show_bug.cgi?id=113145
-
-        Reviewed by Geoffrey Garen.
-
-        * GNUmakefile.list.am: Build project changes.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Ditto.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * heap/BlockAllocator.cpp: Rename the RegionSet to m_fourKBBlockRegionSet because there are 
-        too many block types to include them all in the name now.
-        (JSC::BlockAllocator::BlockAllocator):
-        * heap/BlockAllocator.h:
-        (BlockAllocator): Add the appropriate override for regionSetFor.
-        (JSC::WeakBlock):
-        (JSC::MarkStackSegment):
-        (JSC::HandleBlock):
-        * heap/HandleBlock.h: Added.
-        (HandleBlock): New class for HandleBlocks.
-        (JSC::HandleBlock::blockFor): Static method to get the block of the given HandleNode pointer. Allows
-        us to quickly figure out which HandleSet the HandleNode belongs to without storing the pointer to it
-        in the HandleNode.
-        (JSC::HandleBlock::handleSet): Getter.
-        * heap/HandleBlockInlines.h: Added.
-        (JSC::HandleBlock::create):
-        (JSC::HandleBlock::HandleBlock):
-        (JSC::HandleBlock::payloadEnd):
-        (JSC::HandleBlock::payload):
-        (JSC::HandleBlock::nodes):
-        (JSC::HandleBlock::nodeAtIndex):
-        (JSC::HandleBlock::nodeCapacity):
-        * heap/HandleSet.cpp:
-        (JSC::HandleSet::~HandleSet): 
-        (JSC::HandleSet::grow):
-        * heap/HandleSet.h:
-        (HandleNode): Move the internal Node class from HandleSet to be its own public class so it can be 
-        used by HandleBlock.
-        (HandleSet): Add a typedef so that Node refers to the new HandleNode class.
-        (JSC::HandleSet::toHandle):
-        (JSC::HandleSet::toNode):
-        (JSC::HandleSet::allocate):
-        (JSC::HandleSet::deallocate):
-        (JSC::HandleNode::HandleNode):
-        (JSC::HandleNode::slot):
-        (JSC::HandleNode::handleSet): Use the new blockFor static function to get the right HandleBlock and lookup 
-        the HandleSet.
-        (JSC::HandleNode::setPrev):
-        (JSC::HandleNode::prev):
-        (JSC::HandleNode::setNext):
-        (JSC::HandleNode::next):
-        (JSC::HandleSet::forEachStrongHandle):
-        * heap/Heap.h: Friend HandleSet so that it can access the BlockAllocator when allocating HandleBlocks.
-
-2013-03-22  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX (r145119): Make JSValue* properties default to (assign)
-        <rdar://problem/13380794>
-
-        Reviewed by Mark Hahnenberg.
-
-        Fixes the following build failures:
-
-            Source/JavaScriptCore/API/tests/testapi.mm:106:1: error: no 'assign', 'retain', or 'copy' attribute is specified - 'assign' is assumed [-Werror,-Wobjc-property-no-attribute]
-            @property JSValue *onclick;
-            ^
-            Source/JavaScriptCore/API/tests/testapi.mm:106:1: error: default property attrib ute 'assign' not appropriate for non-GC object [-Werror,-Wobjc-property-no-attribute]
-            Source/JavaScriptCore/API/tests/testapi.mm:107:1: error: no 'assign', 'retain', or 'copy' attribute is specified - 'assign' is assumed [-Werror,-Wobjc-property-no-attribute]
-            @property JSValue *weakOnclick;
-            ^
-            Source/JavaScriptCore/API/tests/testapi.mm:107:1: error: default property attribute 'assign' not appropriate for non-GC object [-Werror,-Wobjc-property-no-attribute]
-            4 errors generated.
-
-        * API/tests/testapi.mm: Default to (assign) for JSValue*
-        properties.
-
-2013-03-22  Ryosuke Niwa  <rniwa@webkit.org>
-
-        testLeakingPrototypesAcrossContexts added in r146682 doesn't compile on Win and fails on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=113125
-
-        Reviewed by Mark Hahnenberg
-
-        Remove the test added in r146682 as it's now failing on Mac.
-        This is the test that was causing a compilation failure on Windows.
-
-        * API/tests/testapi.c:
-        (main):
-
-2013-03-22  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Fix the typo: WIN -> WINDOWS.
-
-        * API/tests/testapi.c:
-        (main):
-
-2013-03-22  Ryosuke Niwa  <rniwa@webkit.org>
-
-        I really can't figure out what's wrong with this one.
-        Temporarily disable the test added by r146682 on Windows since it doesn't compile.
-
-        * API/tests/testapi.c:
-        (main):
-
-2013-03-22  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Another build fix (after r146693) for r146682.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-03-22  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. AppleWin build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
-        * JavaScriptCore.vcxproj/copy-files.cmd:
-
-2013-03-22  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        -[TinyDOMNode dealloc] should call [super dealloc] when ARC is not enabled
-        https://bugs.webkit.org/show_bug.cgi?id=113054
-
-        Reviewed by Geoffrey Garen.
-
-        * API/tests/testapi.mm:
-        (-[TinyDOMNode dealloc]):
-
-2013-03-22  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        opaqueJSClassData should be cached on JSGlobalObject, not the JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=113086
-
-        Reviewed by Geoffrey Garen.
-
-        opaqueJSClassData stores cached prototypes for JSClassRefs in the C API. It doesn't make sense to 
-        share these prototypes within a JSGlobalData across JSGlobalObjects, and in fact doing so will cause 
-        a leak of the original JSGlobalObject that these prototypes were created in. Therefore we should move 
-        this cache to JSGlobalObject where it belongs and where it won't cause memory leaks.
-
-        * API/JSBase.cpp: Needed to add an extern "C" so that testapi.c can use the super secret GC function.
-        * API/JSClassRef.cpp: We now grab the cached context data from the global object rather than the global data.
-        (OpaqueJSClass::contextData):
-        * API/JSClassRef.h: Remove this header because it's unnecessary and causes circular dependencies.
-        * API/tests/testapi.c: Added a new test that makes sure that using the same JSClassRef in two different contexts
-        doesn't cause leaks of the original global object.
-        (leakFinalize):
-        (nestedAllocateObject): This is a hack to bypass the conservative scan of the GC, which was unnecessarily marking
-        objects and keeping them alive, ruining the test result.
-        (testLeakingPrototypesAcrossContexts):
-        (main):
-        * API/tests/testapi.mm: extern "C" this so we can continue using it here.
-        * runtime/JSGlobalData.cpp: Remove JSClassRef related stuff.
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.h: Add the stuff that JSGlobalData had. We add it to JSGlobalObjectRareData so that 
-        clients who don't use the C API don't have to pay the memory cost of this extra HashMap.
-        (JSGlobalObject):
-        (JSGlobalObjectRareData):
-        (JSC::JSGlobalObject::opaqueJSClassData):
-
-2013-03-19  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Add support for building the WebCore bindings to the gyp build
-        https://bugs.webkit.org/show_bug.cgi?id=112638
-
-        Reviewed by Nico Weber.
-
-        * JavaScriptCore.gyp/JavaScriptCoreGTK.gyp: Export all include directories to direct
-        dependents and fix the indentation of the libjavascriptcore target.
-
-2013-03-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix some minor issues in the DFG's profiling of heap accesses
-        https://bugs.webkit.org/show_bug.cgi?id=113010
-
-        Reviewed by Goeffrey Garen.
-        
-        1) If a CodeBlock gets jettisoned by GC, we should count the exit sites.
-
-        2) If a CodeBlock clears a structure stub during GC, it should record this, and
-        the DFG should prefer to not inline that access (i.e. treat it as if it had an
-        exit site).
-
-        3) If a PutById was seen by the baseline JIT, and the JIT attempted to cache it,
-        but it chose not to, then assume that it will take slow path.
-
-        4) If we frequently exited because of a structure check on a weak constant,
-        don't try to inline that access in the future.
-
-        5) Treat all exits that were counted as being frequent.
-        
-        81% speed-up on Octane/gbemu. Small speed-ups elsewhere, and no regressions.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC):
-        (JSC::CodeBlock::resetStubDuringGCInternal):
-        (JSC::CodeBlock::reoptimize):
-        (JSC::CodeBlock::jettison):
-        (JSC::ProgramCodeBlock::jettisonImpl):
-        (JSC::EvalCodeBlock::jettisonImpl):
-        (JSC::FunctionCodeBlock::jettisonImpl):
-        (JSC::CodeBlock::tallyFrequentExitSites):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::tallyFrequentExitSites):
-        (ProgramCodeBlock):
-        (EvalCodeBlock):
-        (FunctionCodeBlock):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFor):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFor):
-        * bytecode/StructureStubInfo.h:
-        (JSC::StructureStubInfo::StructureStubInfo):
-        (StructureStubInfo):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExit.h:
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
-        (OSRExit):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Options.h:
-        (JSC):
-
-2013-03-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG folding of PutById to SimpleReplace should consider the specialized function case
-        https://bugs.webkit.org/show_bug.cgi?id=113093
-
-        Reviewed by Geoffrey Garen and Mark Hahnenberg.
-
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFor):
-
-2013-03-22  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX (r146558): Build testapi.mm with ARC enabled for armv7s
-        <http://webkit.org/b/112608>
-
-        Fixes the following build failure:
-
-            Source/JavaScriptCore/API/tests/testapi.mm:205:1: error: method possibly missing a [super dealloc] call [-Werror,-Wobjc-missing-super-calls]
-            }
-            ^
-            1 error generated.
-
-        * Configurations/ToolExecutable.xcconfig: Enable ARC for armv7s
-        architecture.
-
-2013-03-22  David Kilzer  <ddkilzer@apple.com>
-
-        Revert "BUILD FIX (r146558): Call [super dealloc] from -[TinyDOMNode dealloc]"
-
-        This fixes a build failure introduced by this change:
-
-            Source/JavaScriptCore/API/tests/testapi.mm:206:6: error: ARC forbids explicit message send of 'dealloc'
-                [super dealloc];
-                 ^     ~~~~~~~
-            1 error generated.
-
-        Not sure why this didn't fail locally on my Mac Pro.
-
-        * API/tests/testapi.mm:
-        (-[TinyDOMNode dealloc]): Remove call to [super dealloc].
-
-2013-03-22  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX (r146558): Call [super dealloc] from -[TinyDOMNode dealloc]
-        <http://webkit.org/b/112608>
-
-        Fixes the following build failure:
-
-            Source/JavaScriptCore/API/tests/testapi.mm:205:1: error: method possibly missing a [super dealloc] call [-Werror,-Wobjc-missing-super-calls]
-            }
-            ^
-            1 error generated.
-
-        * API/tests/testapi.mm:
-        (-[TinyDOMNode dealloc]): Call [super dealloc].
-
-2013-03-22  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Leak bots erroneously report JSC::WatchpointSet as leaking
-        https://bugs.webkit.org/show_bug.cgi?id=107781
-
-        Reviewed by Filip Pizlo.
-
-        Since leaks doesn't support tagged pointers, avoid using it by flipping the bit flag to indicate
-        the entry is "fat". We set the flag when the entry is NOT fat; i.e. slim.
-
-        Replaced FatFlag by SlimFlag and initialized m_bits with this flag to indicate that the entry is
-        initially "slim".
-
-        * runtime/SymbolTable.cpp:
-        (JSC::SymbolTableEntry::copySlow): Don't set FatFlag since it has been replaced by SlimFlag.
-        (JSC::SymbolTableEntry::inflateSlow): Ditto.
-
-        * runtime/SymbolTable.h:
-        (JSC::SymbolTableEntry::Fast::Fast): Set SlimFlag by default.
-        (JSC::SymbolTableEntry::Fast::isNull): Ignore SlimFlag.
-        (JSC::SymbolTableEntry::Fast::isFat): An entry is fat when m_bits is not entirely zero and SlimFlag
-        is not set.
-
-        (JSC::SymbolTableEntry::SymbolTableEntry): Set SlimFlag by default.
-        (JSC::SymbolTableEntry::SymbolTableEntry::getFast): Set SlimFlag when creating Fast from a fat entry.
-        (JSC::SymbolTableEntry::isNull): Ignore SlimFlag.
-        (JSC::SymbolTableEntry::FatEntry::FatEntry): Strip SlimFlag.
-        (JSC::SymbolTableEntry::isFat): An entry is fat when m_bits is not entirely zero and SlimFlag is unset.
-        (JSC::SymbolTableEntry::fatEntry): Don't strip FatFlag as this flag doesn't exist anymore.
-        (JSC::SymbolTableEntry::pack): Preserve SlimFlag.
-
-        (JSC::SymbolTableIndexHashTraits): empty value is no longer zero so don't set emptyValueIsZero true.
-
-2013-03-21  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Need a good way to preserve custom properties on JS wrappers
-        https://bugs.webkit.org/show_bug.cgi?id=112608
-
-        Reviewed by Geoffrey Garen.
-
-        Currently, we just use a weak map, which means that garbage collection can cause a wrapper to 
-        disappear if it isn't directly exported to JavaScript.
-
-        The most straightforward and safe way (with respect to garbage collection and concurrency) is to have 
-        clients add and remove their external references along with their owners. Effectively, the client is 
-        recording the structure of the external object graph so that the garbage collector can make sure to 
-        mark any wrappers that are reachable through either the JS object graph of the external Obj-C object 
-        graph. By keeping these wrappers alive, this has the effect that custom properties on these wrappers 
-        will also remain alive.
-
-        The rule for if an object needs to be tracked by the runtime (and therefore whether the client should report it) is as follows:
-        For a particular object, its references to its children should be added if:
-        1. The child is referenced from JavaScript.
-        2. The child contains references to other objects for which (1) or (2) are true.
-
-        * API/JSAPIWrapperObject.mm:
-        (JSAPIWrapperObjectHandleOwner::finalize):
-        (JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots): A wrapper object is kept alive only if its JSGlobalObject
-        is marked and its corresponding Objective-C object was added to the set of opaque roots.
-        (JSC::JSAPIWrapperObject::visitChildren): We now call out to scanExternalObjectGraph, which handles adding all Objective-C
-        objects to the set of opaque roots.
-        * API/JSAPIWrapperObject.h:
-        (JSAPIWrapperObject):
-        * API/JSContext.mm: Moved dealloc to its proper place in the main implementation.
-        (-[JSContext dealloc]):
-        * API/JSVirtualMachine.h:
-        * API/JSVirtualMachine.mm:
-        (-[JSVirtualMachine initWithContextGroupRef:]):
-        (-[JSVirtualMachine dealloc]):
-        (getInternalObjcObject): Helper funciton to get the Objective-C object out of JSManagedValues or JSValues if there is one.
-        (-[JSVirtualMachine addManagedReference:withOwner:]): Adds the Objective-C object to the set of objects 
-        owned by the owner object in that particular virtual machine.
-        (-[JSVirtualMachine removeManagedReference:withOwner:]): Removes the relationship between the two objects.
-        (-[JSVirtualMachine externalObjectGraph]):
-        (scanExternalObjectGraph): Does a depth-first search of the external object graph in a particular virtual machine starting at
-        the specified root. Each new object it encounters it adds to the set of opaque roots. These opaque roots will keep their 
-        corresponding wrapper objects alive if they have them. 
-        * API/JSManagedReferenceInternal.h: Added.
-        * API/JSVirtualMachine.mm: Added the per-JSVirtualMachine map between objects and the objects they own, which is more formally
-        known as that virtual machine's external object graph.
-        * API/JSWrapperMap.mm:
-        (-[JSWrapperMap dealloc]): We were leaking this before :-(
-        (-[JSVirtualMachine initWithContextGroupRef:]):
-        (-[JSVirtualMachine dealloc]):
-        (-[JSVirtualMachine externalObjectGraph]):
-        * API/JSVirtualMachineInternal.h:
-        * API/tests/testapi.mm: Added two new tests using the TinyDOMNode class. The first tests that a custom property added to a wrapper 
-        doesn't vanish after GC, even though that wrapper isn't directly accessible to the JS garbage collector but is accessible through 
-        the external Objective-C object graph. The second test makes sure that adding an object to the external object graph with the same 
-        owner doesn't cause any sort of problems.
-        (+[TinyDOMNode sharedVirtualMachine]):
-        (-[TinyDOMNode init]):
-        (-[TinyDOMNode dealloc]):
-        (-[TinyDOMNode appendChild:]):
-        (-[TinyDOMNode numberOfChildren]):
-        (-[TinyDOMNode childAtIndex:]):
-        (-[TinyDOMNode removeChildAtIndex:]):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/SlotVisitor.h:
-        (SlotVisitor):
-        * heap/SlotVisitorInlines.h:
-        (JSC::SlotVisitor::containsOpaqueRootTriState): Added a new method to SlotVisitor to allow scanExternalObjectGraph to have a 
-        thread-safe view of opaque roots during parallel marking. The set of opaque roots available to any one SlotVisitor isn't guaranteed
-        to be 100% correct, but that just results in a small duplication of work in scanExternalObjectGraph. To indicate this change for
-        false negatives we return a TriState that's either true or mixed, but never false.
-
-2013-03-21  Mark Lam  <mark.lam@apple.com>
-
-        Fix O(n^2) op_debug bytecode charPosition to column computation.
-        https://bugs.webkit.org/show_bug.cgi?id=112957.
-
-        Reviewed by Geoffrey Garen.
-
-        The previous algorithm does a linear reverse scan of the source string
-        to find the line start for any given char position. This results in a
-        O(n^2) algortithm when the source string has no line breaks.
-
-        The new algorithm computes a line start column table for a
-        SourceProvider on first use. This line start table is used to fix up
-        op_debug's charPosition operand into a column operand when an
-        UnlinkedCodeBlock is linked into a CodeBlock. The initialization of
-        the line start table is O(n), and the CodeBlock column fix up is
-        O(log(n)).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode): 
-        (JSC::CodeBlock::CodeBlock): - do column fix up.
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::debug): - no need to do column fixup anymore.
-        * interpreter/Interpreter.h:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * parser/SourceProvider.cpp:
-        (JSC::SourceProvider::lineStarts):
-        (JSC::charPositionExtractor):
-        (JSC::SourceProvider::charPositionToColumnNumber):
-        - initialize line start column table if needed.
-        - look up line start for the given char position.
-        * parser/SourceProvider.h:
-
-2013-03-21  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC profiler should have an at-a-glance report of the success of DFG optimization
-        https://bugs.webkit.org/show_bug.cgi?id=112988
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * profiler/ProfilerCompilation.cpp:
-        (JSC::Profiler::Compilation::Compilation):
-        (JSC::Profiler::Compilation::toJS):
-        * profiler/ProfilerCompilation.h:
-        (JSC::Profiler::Compilation::noticeInlinedGetById):
-        (JSC::Profiler::Compilation::noticeInlinedPutById):
-        (JSC::Profiler::Compilation::noticeInlinedCall):
-        (Compilation):
-        * runtime/CommonIdentifiers.h:
-
-2013-03-21  Mark Lam  <mark.lam@apple.com>
-
-        Fix lexer charPosition computation when "rewind"ing the lexer.
-        https://bugs.webkit.org/show_bug.cgi?id=112952.
-
-        Reviewed by Michael Saboff.
-
-        Changed the Lexer to no longer keep a m_charPosition. Instead, we compute
-        currentCharPosition() from m_code and m_codeStartPlusOffset, where
-        m_codeStartPlusOffset is the SourceProvider m_codeStart + the SourceCode
-        start offset. This ensures that the charPosition is always in sync with
-        m_code.
-
-        * parser/Lexer.cpp:
-        (JSC::::setCode):
-        (JSC::::internalShift):
-        (JSC::::shift):
-        (JSC::::lex):
-        * parser/Lexer.h:
-        (JSC::Lexer::currentCharPosition):
-        (JSC::::lexExpectIdentifier):
-
-2013-03-21  Alberto Garcia  <agarcia@igalia.com>
-
-        [BlackBerry] GCActivityCallback: replace JSLock with JSLockHolder
-        https://bugs.webkit.org/show_bug.cgi?id=112448
-
-        Reviewed by Xan Lopez.
-
-        This changed in r121381.
-
-        * runtime/GCActivityCallbackBlackBerry.cpp:
-        (JSC::DefaultGCActivityCallback::doWork):
-
-2013-03-21  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: wrapperClass holds a static JSClassRef, which causes JSGlobalObjects to leak
-        https://bugs.webkit.org/show_bug.cgi?id=112856
-
-        Reviewed by Geoffrey Garen.
-
-        Through a very convoluted path that involves the caching of prototypes on the JSClassRef, we can leak 
-        JSGlobalObjects when inserting an Objective-C object into multiple independent JSContexts.
-
-        * API/JSAPIWrapperObject.cpp: Removed.
-        * API/JSAPIWrapperObject.h:
-        (JSAPIWrapperObject):
-        * API/JSAPIWrapperObject.mm: Copied from Source/JavaScriptCore/API/JSAPIWrapperObject.cpp. Made this an
-        Objective-C++ file so that we can call release on the wrappedObject. Also added a WeakHandleOwner for 
-        JSAPIWrapperObjects. This will also be used in a future patch for https://bugs.webkit.org/show_bug.cgi?id=112608.
-        (JSAPIWrapperObjectHandleOwner):
-        (jsAPIWrapperObjectHandleOwner):
-        (JSAPIWrapperObjectHandleOwner::finalize): This finalize replaces the old finalize that was done through
-        the C API.
-        (JSC::JSAPIWrapperObject::finishCreation): Allocate the WeakImpl. Balanced in finalize.
-        (JSC::JSAPIWrapperObject::setWrappedObject): We now do the retain of the wrappedObject here rather than in random
-        places scattered around JSWrapperMap.mm
-        * API/JSObjectRef.cpp: Added some ifdefs for platforms that don't support the Obj-C API.
-        (JSObjectGetPrivate): Ditto.
-        (JSObjectSetPrivate): Ditto.
-        (JSObjectGetPrivateProperty): Ditto.
-        (JSObjectSetPrivateProperty): Ditto.
-        (JSObjectDeletePrivateProperty): Ditto.
-        * API/JSValueRef.cpp: Ditto.
-        (JSValueIsObjectOfClass): Ditto.
-        * API/JSWrapperMap.mm: Remove wrapperClass().
-        (objectWithCustomBrand): Change to no longer use a parent class, which was only used to give the ability to 
-        finalize wrapper objects.
-        (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]): Change to no longer use wrapperClass(). 
-        (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): Ditto.
-        (tryUnwrapObjcObject): We now check if the object inherits from JSAPIWrapperObject.
-        * API/tests/testapi.mm: Added a test that exports an Objective-C object to two different JSContexts and makes 
-        sure that the first one is collected properly by using a weak JSManagedValue for the wrapper in the first JSContext.
-        * CMakeLists.txt: Build file modifications.
-        * GNUmakefile.list.am: Ditto.
-        * JavaScriptCore.gypi: Ditto.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Ditto.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
-        * runtime/JSGlobalObject.cpp: More ifdefs for unsupported platforms.
-        (JSC::JSGlobalObject::reset): Ditto.
-        (JSC::JSGlobalObject::visitChildren): Ditto.
-        * runtime/JSGlobalObject.h: Ditto.
-        (JSGlobalObject): Ditto.
-        (JSC::JSGlobalObject::objcCallbackFunctionStructure): Ditto.
-
-2013-03-21  Anton Muhin  <antonm@chromium.org>
-
-        Unreviewed, rolling out r146483.
-        http://trac.webkit.org/changeset/146483
-        https://bugs.webkit.org/show_bug.cgi?id=111695
-
-        Breaks debug builds.
-
-        * bytecode/GlobalResolveInfo.h: Removed property svn:mergeinfo.
-
-2013-03-21  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Implement LLInt for CPU(ARM_TRADITIONAL)
-        https://bugs.webkit.org/show_bug.cgi?id=97589
-
-        Reviewed by Zoltan Herczeg.
-
-        Enable LLInt for ARMv5 and ARMv7 traditional as well.
-
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * offlineasm/arm.rb:
-        * offlineasm/backends.rb:
-        * offlineasm/instructions.rb:
-
-2013-03-20  Cosmin Truta  <ctruta@blackberry.com>
-
-        [QNX][ARM] REGRESSION(r135330): Various failures in Octane
-        https://bugs.webkit.org/show_bug.cgi?id=112863
-
-        Reviewed by Yong Li.
-
-        This was fixed in http://trac.webkit.org/changeset/146396 on Linux only.
-        Enable this fix on QNX.
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::replaceWithJump):
-        (JSC::ARMv7Assembler::maxJumpReplacementSize):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
-
-2013-03-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of JSString.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/JSString.h:
-
-2013-03-20  Filip Pizlo  <fpizlo@apple.com>
-
-        "" + x where x is not a string should be optimized by the DFG to some manner of ToString conversion
-        https://bugs.webkit.org/show_bug.cgi?id=112845
-
-        Reviewed by Mark Hahnenberg.
-        
-        I like to do "" + x. So I decided to make DFG recognize it, and related idioms.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixupToPrimitive):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::fixupToString):
-        (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::resultOfToPrimitive):
-        (DFG):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGPredictionPropagationPhase.h:
-        (DFG):
-
-2013-03-20  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        ARMv7 replaceWithJump ASSERT failure after r135330.
-        https://bugs.webkit.org/show_bug.cgi?id=103146
-
-        Reviewed by Filip Pizlo.
-
-        On Linux, the 24 bit distance range of jumps sometimes does not
-        enough to cover all targets addresses. This patch supports jumps
-        outside of this range using a mov/movt/bx 10 byte long sequence.
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2):
-        (JSC::ARMv7Assembler::nopw):
-        (JSC::ARMv7Assembler::label):
-        (JSC::ARMv7Assembler::replaceWithJump):
-        (JSC::ARMv7Assembler::maxJumpReplacementSize):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
-
-2013-03-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Fix over-releasing in allocateConstructorAndPrototypeWithSuperClassInfo:
-        https://bugs.webkit.org/show_bug.cgi?id=112832
-
-        Reviewed by Geoffrey Garen.
-
-        If either the m_constructor or m_prototype (but not both) is collected, we will call 
-        allocateConstructorAndPrototypeWithSuperClassInfo, which will create a new object to replace the one 
-        that was collected, but at the end of the method we call release on both of them. 
-        This is incorrect since we autorelease the JSValue in the case that the object doesn't need to be 
-        reallocated. Thus we'll end up overreleasing later during the drain of the autorelease pool.
-
-        * API/JSWrapperMap.mm:
-        (objectWithCustomBrand): We no longer alloc here. We instead call the JSValue valueWithValue class method,
-        which autoreleases for us.
-        (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We no longer call release on the 
-        constructor or prototype JSValues.
-        * API/tests/testapi.mm: Added a new test that crashes on ToT due to over-releasing.
-
-2013-03-19  Filip Pizlo  <fpizlo@apple.com>
-
-        It's called "Hash Consing" not "Hash Consting"
-        https://bugs.webkit.org/show_bug.cgi?id=112768
-
-        Rubber stamped by Mark Hahnenberg.
-        
-        See http://en.wikipedia.org/wiki/Hash_consing
-
-        * heap/GCThreadSharedData.cpp:
-        (JSC::GCThreadSharedData::GCThreadSharedData):
-        (JSC::GCThreadSharedData::reset):
-        * heap/GCThreadSharedData.h:
-        (GCThreadSharedData):
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::SlotVisitor):
-        (JSC::SlotVisitor::setup):
-        (JSC::SlotVisitor::reset):
-        (JSC::JSString::tryHashConsLock):
-        (JSC::JSString::releaseHashConsLock):
-        (JSC::JSString::shouldTryHashCons):
-        (JSC::SlotVisitor::internalAppend):
-        * heap/SlotVisitor.h:
-        (SlotVisitor):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        (JSC::JSGlobalData::haveEnoughNewStringsToHashCons):
-        (JSC::JSGlobalData::resetNewStringsSinceLastHashCons):
-        * runtime/JSString.h:
-        (JSC::JSString::finishCreation):
-        (JSString):
-        (JSC::JSString::isHashConsSingleton):
-        (JSC::JSString::clearHashConsSingleton):
-        (JSC::JSString::setHashConsSingleton):
-
-2013-03-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG implementation of op_strcat should inline rope allocations
-        https://bugs.webkit.org/show_bug.cgi?id=112780
-
-        Reviewed by Oliver Hunt.
-        
-        This gets rid of the StrCat node and adds a MakeRope node. The MakeRope node can
-        take either two or three operands, and allocates a rope string with either two or
-        three fibers. (The magic choice of three children for non-VarArg nodes happens to
-        match exactly with the magic choice of three fibers for rope strings.)
-        
-        ValueAdd on KnownString is replaced with MakeRope with two children.
-        
-        StrCat gets replaced by an appropriate sequence of MakeRope's.
-        
-        MakeRope does not do the dynamic check to see if its children are empty strings.
-        This is replaced by a static check, instead. The downside is that we may use more
-        memory if the strings passed to MakeRope turn out to dynamically be empty. The
-        upside is that we do fewer checks in the cases where either the strings are not
-        empty, or where the strings are statically known to be empty. I suspect both of
-        those cases are more common, than the case where the string is dynamically empty.
-        
-        This also results in some badness for X86. MakeRope needs six registers if it is
-        allocating a three-rope. We don't have six registers to spare on X86. Currently,
-        the code side-steps this problem by just never usign three-ropes in optimized
-        code on X86. All other architectures, including X86_64, don't have this problem.
-        
-        This is a shocking speed-up. 9% progressions on both V8/splay and
-        SunSpider/date-format-xparb. 1% progression on V8v7 overall, and ~0.5% progression
-        on SunSpider. 2x speed-up on microbenchmarks that test op_strcat.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGAdjacencyList.h:
-        (AdjacencyList):
-        (JSC::DFG::AdjacencyList::removeEdge):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGBackwardsPropagationPhase.cpp:
-        (JSC::DFG::BackwardsPropagationPhase::propagate):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGDCEPhase.cpp:
-        (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::createToString):
-        (JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
-        (JSC::DFG::FixupPhase::convertStringAddUse):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::convertToMakeRope):
-        (JSC::DFG::FixupPhase::fixupMakeRope):
-        (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileMakeRope):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateCellOperand::~SpeculateCellOperand):
-        (JSC::DFG::SpeculateCellOperand::gpr):
-        (JSC::DFG::SpeculateCellOperand::use):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSString.h:
-        (JSRopeString):
-
-2013-03-20  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Implement and32 on MIPS platform
-        https://bugs.webkit.org/show_bug.cgi?id=112665
-
-        Reviewed by Zoltan Herczeg.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::and32): Added missing method.
-        (MacroAssemblerMIPS):
-
-2013-03-20  Mark Lam  <mark.lam@apple.com>
-
-        Fix incorrect debugger column number value.
-        https://bugs.webkit.org/show_bug.cgi?id=112741.
-
-        Reviewed by Oliver Hunt.
-
-        1. In lexer, parser, and debugger code, renamed column to charPosition.
-        2. Convert the charPosition to the equivalent column number before
-           passing it to the debugger.
-        3. Changed ScopeNodes to take both a startLocation and an endLocation.
-           This allows FunctionBodyNodes, ProgramNodes, and EvalNodess to emit
-           correct debug hooks with correct starting line and column numbers.
-        4. Fixed the Lexer to not reset the charPosition (previously
-           columnNumber) in Lexer::lex().
-
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitDebugHook):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitExpressionInfo):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::ConstStatementNode::emitBytecode):
-        (JSC::EmptyStatementNode::emitBytecode):
-        (JSC::DebuggerStatementNode::emitBytecode):
-        (JSC::ExprStatementNode::emitBytecode):
-        (JSC::VarStatementNode::emitBytecode):
-        (JSC::IfNode::emitBytecode):
-        (JSC::IfElseNode::emitBytecode):
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::ContinueNode::emitBytecode):
-        (JSC::BreakNode::emitBytecode):
-        (JSC::ReturnNode::emitBytecode):
-        (JSC::WithNode::emitBytecode):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-        (JSC::ThrowNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-        (JSC::ProgramNode::emitBytecode):
-        (JSC::EvalNode::emitBytecode):
-        (JSC::FunctionBodyNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::debug):
-        - convert charPosition to column for the debugger.
-        * interpreter/Interpreter.h:
-        * jit/JITStubs.cpp:
-        (DEFINE_STUB_FUNCTION(void, op_debug)):
-        * llint/LLIntSlowPaths.cpp:
-        (LLINT_SLOW_PATH_DECL(slow_op_debug)):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createFunctionExpr):
-        (JSC::ASTBuilder::createFunctionBody):
-        (JSC::ASTBuilder::createGetterOrSetterProperty):
-        (JSC::ASTBuilder::createFuncDeclStatement):
-        (JSC::ASTBuilder::createBlockStatement):
-        (JSC::ASTBuilder::createExprStatement):
-        (JSC::ASTBuilder::createIfStatement):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::createVarStatement):
-        (JSC::ASTBuilder::createReturnStatement):
-        (JSC::ASTBuilder::createBreakStatement):
-        (JSC::ASTBuilder::createContinueStatement):
-        (JSC::ASTBuilder::createTryStatement):
-        (JSC::ASTBuilder::createSwitchStatement):
-        (JSC::ASTBuilder::createWhileStatement):
-        (JSC::ASTBuilder::createDoWhileStatement):
-        (JSC::ASTBuilder::createWithStatement):
-        (JSC::ASTBuilder::createThrowStatement):
-        (JSC::ASTBuilder::createDebugger):
-        (JSC::ASTBuilder::createConstStatement):
-        * parser/Lexer.cpp:
-        (JSC::::setCode):
-        (JSC::::internalShift):
-        (JSC::::shift):
-        (JSC::::lex):
-        * parser/Lexer.h:
-        (JSC::Lexer::currentCharPosition):
-        (Lexer):
-        (JSC::::lexExpectIdentifier):
-        * parser/NodeConstructors.h:
-        (JSC::Node::Node):
-        * parser/Nodes.cpp:
-        (JSC::StatementNode::setLoc):
-        (JSC::ScopeNode::ScopeNode):
-        (JSC::ProgramNode::ProgramNode):
-        (JSC::ProgramNode::create):
-        (JSC::EvalNode::EvalNode):
-        (JSC::EvalNode::create):
-        (JSC::FunctionBodyNode::FunctionBodyNode):
-        (JSC::FunctionBodyNode::create):
-        * parser/Nodes.h:
-        (JSC::Node::charPosition):
-        (Node):
-        (StatementNode):
-        (JSC::StatementNode::lastLine):
-        (ScopeNode):
-        (JSC::ScopeNode::startLine):
-        (JSC::ScopeNode::startCharPosition):
-        (ProgramNode):
-        (EvalNode):
-        (FunctionBodyNode):
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        (JSC::::parseFunctionBody):
-        (JSC::::parseFunctionInfo):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * parser/ParserTokens.h:
-        (JSC::JSTokenLocation::JSTokenLocation):
-        (JSTokenLocation):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createFunctionBody):
-
-2013-03-20  Csaba Osztrogonác  <ossy@webkit.org>
-
-        REGRESSION(r146089): It broke 20 sputnik tests on ARM traditional and Thumb2
-        https://bugs.webkit.org/show_bug.cgi?id=112676
-
-        Rubber-stamped by Filip Pizlo.
-
-        Add one more EABI_32BIT_DUMMY_ARG to make DFG JIT ARM EABI compatible
-        again after r146089 similar to https://bugs.webkit.org/show_bug.cgi?id=84449
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-
-2013-03-19  Michael Saboff  <msaboff@apple.com>
-
-        Crash when loading http://www.jqchart.com/jquery/gauges/RadialGauge/LiveData
-        https://bugs.webkit.org/show_bug.cgi?id=112694
-
-        Reviewed by Filip Pizlo.
-
-        We were trying to convert an NewArray to a Phantom, but convertToPhantom doesn't handle
-        nodes with variable arguments.  Added code to insert a Phantom node in front of all the
-        live children of a var args node.  Added ASSERT not var args for convertToPhantom to
-        catch any other similar cases.  Added a new convertToPhantomUnchecked() for converting 
-        var arg nodes.
-
-        * dfg/DFGDCEPhase.cpp:
-        (JSC::DFG::DCEPhase::run):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::setOpAndDefaultNonExitFlags): Added ASSERT(!(m_flags & NodeHasVarArgs))
-        (JSC::DFG::Node::setOpAndDefaultNonExitFlagsUnchecked):
-        (JSC::DFG::Node::convertToPhantomUnchecked):
-
-2013-03-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Crash in SpeculativeJIT::fillSpeculateIntInternal<false> on http://bellard.org/jslinux
-        https://bugs.webkit.org/show_bug.cgi?id=112738
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixIntEdge): We shouldn't be killing this node because it could be
-        referenced by other people.
-
-2013-03-19  Oliver Hunt  <oliver@apple.com>
-
-        RELEASE_ASSERT fires in exception handler lookup
-
-        RS=Geoff Garen.
-
-        Temporarily switch this RELEASE_ASSERT into a regular ASSERT 
-        as currently this is producing fairly bad crashiness.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::handlerForBytecodeOffset):
-
-2013-03-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize StringObject.length and StringOrStringObject.length
-        https://bugs.webkit.org/show_bug.cgi?id=112658
-
-        Reviewed by Mark Hahnenberg.
-        
-        Implemented by injecting a ToString(StringObject:@a) or ToString(StringOrStringObject:@a) prior
-        to GetArrayLength with ArrayMode(Array::String) if @a is predicted StringObject or
-        StringOrStringObject.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::createToString):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
-        (JSC::DFG::FixupPhase::convertStringAddUse):
-
-2013-03-19  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Implement and32 on ARMv7 and ARM traditional platforms
-        https://bugs.webkit.org/show_bug.cgi?id=112663
-
-        Reviewed by Zoltan Herczeg.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::and32): Add missing method.
-        (MacroAssemblerARM):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::and32): Add missing method.
-        (MacroAssemblerARMv7):
-
-2013-03-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ToString generic cases should work correctly
-        https://bugs.webkit.org/show_bug.cgi?id=112654
-        <rdar://problem/13447250>
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-18  Michael Saboff  <msaboff@apple.com>
-
-        Unreviewed build fix for 32 bit builds.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-18  Michael Saboff  <msaboff@apple.com>
-
-        EFL: Unsafe branch detected in compilePutByValForFloatTypedArray()
-        https://bugs.webkit.org/show_bug.cgi?id=112609
-
-        Reviewed by Geoffrey Garen.
-
-        Created local valueFPR and scratchFPR and filled them with valueOp.fpr() and scratch.fpr()
-        respectively so that if valueOp.fpr() causes a spill during allocation, it occurs before the
-        branch and also to follow convention.  Added register allocation checks to FPRTemporary.
-        Cleaned up a couple of other places to follow the "AllocatVirtualRegType foo, get machine
-        reg from foo" pattern.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::fprAllocate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::convertToDouble):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline binary string concatenations (i.e. ValueAdd with string children)
-        https://bugs.webkit.org/show_bug.cgi?id=112599
-
-        Reviewed by Oliver Hunt.
-        
-        This does as advertised: if you do x + y where x and y are strings, you'll get
-        a fast inlined JSRopeString allocation (along with whatever checks are necessary).
-        It also does good things if either x or y (or both) are StringObjects, or some
-        other thing like StringOrStringObject. It also lays the groundwork for making this
-        fast if either x or y are numbers, or some other reasonably-cheap-to-convert
-        value.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::isStringObjectUse):
-        (JSC::DFG::FixupPhase::convertStringAddUse):
-        (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
-        * runtime/JSString.h:
-        (JSC::JSString::offsetOfFlags):
-        (JSString):
-        (JSRopeString):
-        (JSC::JSRopeString::offsetOfFibers):
-
-2013-03-18  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC_NATIVE_FUNCTION() takes an identifier for the name and then uses #name, which is unsafe if name was already #define'd to something else
-        https://bugs.webkit.org/show_bug.cgi?id=112639
-
-        Reviewed by Michael Saboff.
-        
-        Change it to take a string instead.
-
-        * runtime/JSObject.h:
-        (JSC):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::finishCreation):
-        * runtime/StringPrototype.cpp:
-        (JSC::StringPrototype::finishCreation):
-
-2013-03-18  Brent Fulgham  <bfulgham@webkit.org>
-
-        [WinCairo] Get build working under VS2010.
-        https://bugs.webkit.org/show_bug.cgi?id=112604
-
-        Reviewed by Tim Horton.
-
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Use CFLite-specific
-        build target (standard version links against CoreFoundation.lib
-        instead of CFLite.lib).
-        * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props: Added.
-
-2013-03-18  Roger Fong  <roger_fong@apple.com>
-
-        AppleWin VS2010 Debug configuration build fix..
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-
-2013-03-18  Brent Fulgham  <bfulgham@webkit.org>
-
-        [WinCairo] Get build working under VS2010.
-        https://bugs.webkit.org/show_bug.cgi?id=112604
-
-        Reviewed by Tim Horton.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add build targets for
-        Debug_WinCairo and Release_WinCairo using CFLite.
-        * JavaScriptCore.vcxproj/JavaScriptCoreCFLite.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
-        Add Debug_WinCairo and Release_WinCairo build targets to
-        make sure headers are copied to proper build folder.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Ditto.
-        * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props: Added.
-        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
-        Add Debug_WinCairo and Release_WinCairo build targets to
-        make sure headers are copied to proper build folder.
-        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
-        Ditto.
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
-        Ditto.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Ditto.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto.
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto.
-
-2013-03-18  Michael Saboff  <msaboff@apple.com>
-
-        Potentially unsafe register allocations in DFG code generation
-        https://bugs.webkit.org/show_bug.cgi?id=112477
-
-        Reviewed by Geoffrey Garen.
-
-        Moved allocation of temporary GPRs to be before any generated branches in the functions below.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-
-2013-03-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG string conversions and allocations should be inlined
-        https://bugs.webkit.org/show_bug.cgi?id=112376
-
-        Reviewed by Geoffrey Garen.
-        
-        This turns new String(), String(), String.prototype.valueOf(), and
-        String.prototype.toString() into intrinsics. It gives the DFG the ability to handle
-        conversions from StringObject to JSString and vice-versa, and also gives it the
-        ability to handle cases where a variable may be either a StringObject or a JSString.
-        To do this, I added StringObject to value profiling (and removed the stale
-        distinction between Myarguments and Foreignarguments). I also cleaned up ToPrimitive
-        handling, using some of the new functionality but also taking advantage of the
-        existence of Identity(String:@a).
-        
-        This is a 2% SunSpider speed-up. Also there are some speed-ups on V8v7 and Kraken.
-        On microbenchmarks that stress new String() this is a 14x speed-up.
-
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pri:
-        * GNUmakefile.list.am:
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::hasExitSite):
-        (JSC):
-        * bytecode/DFGExitProfile.cpp:
-        (JSC::DFG::ExitProfile::hasExitSite):
-        (DFG):
-        * bytecode/DFGExitProfile.h:
-        (ExitProfile):
-        (JSC::DFG::ExitProfile::hasExitSite):
-        * bytecode/ExitKind.cpp:
-        (JSC::exitKindToString):
-        * bytecode/ExitKind.h:
-        * bytecode/SpeculatedType.cpp:
-        (JSC::dumpSpeculation):
-        (JSC::speculationToAbbreviatedString):
-        (JSC::speculationFromClassInfo):
-        * bytecode/SpeculatedType.h:
-        (JSC):
-        (JSC::isStringObjectSpeculation):
-        (JSC::isStringOrStringObjectSpeculation):
-        * create_hash_table:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::filterEdgeByUse):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        * dfg/DFGEdge.h:
-        (JSC::DFG::Edge::shift):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
-        (JSC::DFG::FixupPhase::observeUseKindOnNode):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::hasGlobalExitSite):
-        (Graph):
-        (JSC::DFG::Graph::hasExitSite):
-        (JSC::DFG::Graph::clobbersWorld):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToToString):
-        (Node):
-        (JSC::DFG::Node::hasStructure):
-        (JSC::DFG::Node::shouldSpeculateStringObject):
-        (JSC::DFG::Node::shouldSpeculateStringOrStringObject):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileNewStringObject):
-        (JSC::DFG::SpeculativeJIT::speculateObject):
-        (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
-        (JSC::DFG::SpeculativeJIT::speculateString):
-        (JSC::DFG::SpeculativeJIT::speculateStringObject):
-        (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
-        (JSC::DFG::SpeculativeJIT::speculate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGUseKind.cpp:
-        (WTF::printInternal):
-        * dfg/DFGUseKind.h:
-        (JSC::DFG::typeFilterFor):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::regExpPrototypeTable):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Intrinsic.h:
-        * runtime/JSDestructibleObject.h:
-        (JSDestructibleObject):
-        (JSC::JSDestructibleObject::classInfoOffset):
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSObject.cpp:
-        * runtime/JSObject.h:
-        (JSC):
-        * runtime/JSWrapperObject.h:
-        (JSC::JSWrapperObject::allocationSize):
-        (JSWrapperObject):
-        (JSC::JSWrapperObject::internalValueOffset):
-        (JSC::JSWrapperObject::internalValueCellOffset):
-        * runtime/StringPrototype.cpp:
-        (JSC):
-        (JSC::StringPrototype::finishCreation):
-        (JSC::StringPrototype::create):
-        * runtime/StringPrototype.h:
-        (StringPrototype):
-
-2013-03-18  Filip Pizlo  <fpizlo@apple.com>
-
-        ObjectPrototype properties should be eagerly created rather than lazily via static tables
-        https://bugs.webkit.org/show_bug.cgi?id=112539
-
-        Reviewed by Oliver Hunt.
-        
-        This is the first part of https://bugs.webkit.org/show_bug.cgi?id=112233. Rolling this
-        in first since it's the less-likely-to-be-broken part.
-
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pri:
-        * GNUmakefile.list.am:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::objectConstructorTable):
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putDirectNativeFunction):
-        (JSC):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/ObjectPrototype.cpp:
-        (JSC):
-        (JSC::ObjectPrototype::finishCreation):
-        (JSC::ObjectPrototype::create):
-        * runtime/ObjectPrototype.h:
-        (ObjectPrototype):
-
-2013-03-16  Pratik Solanki  <psolanki@apple.com>
-
-        Disable High DPI Canvas on iOS
-        https://bugs.webkit.org/show_bug.cgi?id=112511
-
-        Reviewed by Joseph Pecoraro.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-15  Andreas Kling  <akling@apple.com>
-
-        Don't also clone StructureRareData when cloning Structure.
-        <http://webkit.org/b/111672>
-
-        Reviewed by Mark Hahnenberg.
-
-        We were cloning a lot of StructureRareData with only the previousID pointer set since
-        the enumerationCache is not shared between clones.
-
-        Let the Structure copy constructor decide whether it wants to clone the rare data.
-        The decision is made by StructureRareData::needsCloning() and will currently always
-        return false, since StructureRareData only holds on to caches at present.
-        This may change in the future as more members are added to StructureRareData.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::cloneRareDataFrom):
-        * runtime/StructureInlines.h:
-        (JSC::Structure::create):
-
-2013-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Roll out r145838
-        https://bugs.webkit.org/show_bug.cgi?id=112458
-
-        Unreviewed. Requested by Filip Pizlo.
-
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pri:
-        * GNUmakefile.list.am:
-        * dfg/DFGOperations.cpp:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::objectPrototypeTable):
-        * jit/JITStubs.cpp:
-        (JSC::getByVal):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::getByVal):
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSCell.cpp:
-        (JSC):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSCellInlines.h:
-        (JSC):
-        (JSC::JSCell::fastGetOwnProperty):
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSObject.cpp:
-        (JSC):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/ObjectPrototype.cpp:
-        (JSC):
-        (JSC::ObjectPrototype::finishCreation):
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::create):
-        (ObjectPrototype):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::findWithString):
-        * runtime/Structure.h:
-        (Structure):
-        * runtime/StructureInlines.h:
-        (JSC::Structure::get):
-
-2013-03-15  Michael Saboff  <msaboff@apple.com>
-
-        Cleanup of DFG and Baseline JIT debugging code
-        https://bugs.webkit.org/show_bug.cgi?id=111871
-
-        Reviewed by Geoffrey Garen.
-
-        Fixed various debug related issue in baseline and DFG JITs. See below.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkClosureCall): Used pointerDump() to handle when calleeCodeBlock is NULL.
-        * dfg/DFGScratchRegisterAllocator.h: Now use ScratchBuffer::activeLengthPtr() to get
-        pointer to scratch register length.
-        (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
-        (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkConsistency): Added missing case labels for DataFormatOSRMarker,
-        DataFormatDead, and DataFormatArguments and made them RELEASE_ASSERT_NOT_REACHED();
-        * jit/JITCall.cpp:
-        (JSC::JIT::privateCompileClosureCall): Used pointerDump() to handle when calleeCodeBlock is NULL.
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::privateCompileClosureCall): Used pointerDump() to handle when calleeCodeBlock is NULL.
-        * runtime/JSGlobalData.h:
-        (JSC::ScratchBuffer::ScratchBuffer): Fixed buffer allocation alignment to
-        be on a double boundary.
-        (JSC::ScratchBuffer::setActiveLength):
-        (JSC::ScratchBuffer::activeLength):
-        (JSC::ScratchBuffer::activeLengthPtr):
-
-2013-03-15  Michael Saboff  <msaboff@apple.com>
-
-        Add runtime check for improper register allocations in DFG
-        https://bugs.webkit.org/show_bug.cgi?id=112380
-
-        Reviewed by Geoffrey Garen.
-
-        Added framework to check for register allocation within a branch source - target range.  All register allocations
-        are saved using the offset in the code stream where the allocation occurred.  Later when a jump is linked, the
-        currently saved register allocations are checked to make sure that they didn't occur in the range of code that was
-        jumped over.  This protects against the case where an allocation could have spilled register contents to free up 
-        a register and that spill only occurs on one path of a many through the code.  A subsequent fill of the spilled
-        register may load garbage.  See https://bugs.webkit.org/show_bug.cgi?id=111777 for one such bug.
-        This code is protected by the compile time check of #if ENABLE(DFG_REGISTER_ALLOCATION_VALIDATION).
-        The check is only done during the processing of SpeculativeJIT::compile(Node* node) and its callees.
- 
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Jump::link): Invoke register allocation checks using source and target of link.
-        (JSC::AbstractMacroAssembler::Jump::linkTo): Invoke register allocation checks using source and target of link.
-        (AbstractMacroAssembler):
-        (RegisterAllocationOffset): New helper class to store the instruction stream offset and compare against a 
-        jump range.
-        (JSC::AbstractMacroAssembler::RegisterAllocationOffset::RegisterAllocationOffset):
-        (JSC::AbstractMacroAssembler::RegisterAllocationOffset::check):
-        (JSC::AbstractMacroAssembler::addRegisterAllocationAtOffset):
-        (JSC::AbstractMacroAssembler::clearRegisterAllocationOffsets): 
-        (JSC::AbstractMacroAssembler::checkRegisterAllocationAgainstBranchRange):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::allocate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-14  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION(r145000): Crash loading arstechnica.com when Safari Web Inspector is open
-        https://bugs.webkit.org/show_bug.cgi?id=111868
-
-        Reviewed by Antti Koivisto.
-
-        Don't allow non-local property lookup when the debugger is enabled.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolve):
-
-2013-03-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Objective-C functions exposed to JavaScript have the wrong type (object instead of function)
-        https://bugs.webkit.org/show_bug.cgi?id=105892
-
-        Reviewed by Geoffrey Garen.
-
-        Changed ObjCCallbackFunction to subclass JSCallbackFunction which already has all of the machinery to call
-        functions using the C API. Since ObjCCallbackFunction is now a JSCell, we changed the old implementation of
-        ObjCCallbackFunction to be the internal implementation and keep track of all the proper data so that we 
-        don't have to put all of that in the header, which will now be included from C++ files (e.g. JSGlobalObject.cpp).
-
-        * API/JSCallbackFunction.cpp: Change JSCallbackFunction to allow subclassing. Originally it was internally
-        passing its own Structure up the chain of constructors, but we now want to be able to pass other Structures as well.
-        (JSC::JSCallbackFunction::JSCallbackFunction):
-        (JSC::JSCallbackFunction::create):
-        * API/JSCallbackFunction.h:
-        (JSCallbackFunction):
-        * API/JSWrapperMap.mm: Changed interface to tryUnwrapBlock.
-        (tryUnwrapObjcObject):
-        * API/ObjCCallbackFunction.h:
-        (ObjCCallbackFunction): Moved into the JSC namespace, just like JSCallbackFunction.
-        (JSC::ObjCCallbackFunction::createStructure): Overridden so that the correct ClassInfo gets used since we have 
-        a destructor.
-        (JSC::ObjCCallbackFunction::impl): Getter for the internal impl.
-        * API/ObjCCallbackFunction.mm:
-        (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl): What used to be ObjCCallbackFunction is now 
-        ObjCCallbackFunctionImpl. It handles the Objective-C specific parts of managing callback functions.
-        (JSC::ObjCCallbackFunctionImpl::~ObjCCallbackFunctionImpl):
-        (JSC::objCCallbackFunctionCallAsFunction): Same as the old one, but now it casts to ObjCCallbackFunction and grabs the impl 
-        rather than using JSObjectGetPrivate.
-        (JSC::ObjCCallbackFunction::ObjCCallbackFunction): New bits to allow being part of the JSCell hierarchy.
-        (JSC::ObjCCallbackFunction::create):
-        (JSC::ObjCCallbackFunction::destroy):
-        (JSC::ObjCCallbackFunctionImpl::call): Handles the actual invocation, just like it used to.
-        (objCCallbackFunctionForInvocation):
-        (tryUnwrapBlock): Changed to check the ClassInfo for inheritance directly, rather than going through the C API call.
-        * API/tests/testapi.mm: Added new test to make sure that doing Function.prototype.toString.call(f) won't result in 
-        an error when f is an Objective-C method or block underneath the covers.
-        * runtime/JSGlobalObject.cpp: Added new Structure for ObjCCallbackFunction.
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::objcCallbackFunctionStructure):
-
-2013-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Nested dictionaries are not converted properly in the Objective-C binding
-        https://bugs.webkit.org/show_bug.cgi?id=112377
-
-        Reviewed by Oliver Hunt.
-
-        Accidental reassignment of the root task in the container conversion logic was causing the last 
-        array or dictionary processed to be returned in the case of nested containers.
-
-        * API/JSValue.mm:
-        (containerValueToObject):
-        * API/tests/testapi.mm:
-
-2013-03-13  Filip Pizlo  <fpizlo@apple.com>
-
-        JSObject fast by-string access optimizations should work even on the prototype chain, and even when the result is undefined
-        https://bugs.webkit.org/show_bug.cgi?id=112233
-
-        Reviewed by Oliver Hunt.
-        
-        Extended the existing fast access path for String keys to work over the entire prototype chain,
-        not just the self access case. This will fail as soon as it sees an object that intercepts
-        getOwnPropertySlot, so this patch also ensures that ObjectPrototype does not fall into that
-        category. This is accomplished by making ObjectPrototype eagerly reify all of its properties.
-        This is safe for ObjectPrototype because it's so common and we expect all of its properties to
-        be reified for any interesting programs anyway. A new idiom for adding native functions to
-        prototypes is introduced, which ought to work well for any other prototypes that we wish to do
-        this conversion for.
-        
-        This is a >60% speed-up in the case that you frequently do by-string lookups that "miss", i.e.
-        they don't turn up anything.
-
-        * CMakeLists.txt:
-        * DerivedSources.make:
-        * DerivedSources.pri:
-        * GNUmakefile.list.am:
-        * dfg/DFGOperations.cpp:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::objectConstructorTable):
-        * jit/JITStubs.cpp:
-        (JSC::getByVal):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::getByVal):
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getByStringSlow):
-        (JSC):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSCellInlines.h:
-        (JSC):
-        (JSC::JSCell::getByStringAndKey):
-        (JSC::JSCell::getByString):
-        * runtime/JSGlobalData.cpp:
-        (JSC):
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::putDirectNativeFunction):
-        (JSC):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC):
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot):
-        * runtime/ObjectPrototype.cpp:
-        (JSC):
-        (JSC::ObjectPrototype::finishCreation):
-        (JSC::ObjectPrototype::create):
-        * runtime/ObjectPrototype.h:
-        (ObjectPrototype):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::findWithString):
-        * runtime/Structure.h:
-        (Structure):
-        * runtime/StructureInlines.h:
-        (JSC::Structure::get):
-        (JSC):
-
-2013-03-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG bytecode parser is too aggressive about getting rid of GetLocals on captured variables
-        https://bugs.webkit.org/show_bug.cgi?id=112287
-        <rdar://problem/13342340>
-
-        Reviewed by Oliver Hunt.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-
-2013-03-13  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Threaded HTML Parser is missing feature define flags in all but Chromium port's build files
-        https://bugs.webkit.org/show_bug.cgi?id=112277
-
-        Reviewed by Adam Barth.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-13  Csaba Osztrogonác  <ossy@webkit.org>
-
-        LLINT C loop warning fix for GCC
-        https://bugs.webkit.org/show_bug.cgi?id=112145
-
-        Reviewed by Filip Pizlo.
-
-        * llint/LowLevelInterpreter.cpp:
-        (JSC::CLoop::execute):
-
-2013-02-13  Simon Hausmann  <simon.hausmann@digia.com>
-
-        Add support for convenient conversion from JSStringRef to QString
-        https://bugs.webkit.org/show_bug.cgi?id=109694
-
-        Reviewed by Allan Sandfeld Jensen.
-
-        Add JSStringCopyQString helper function that allows for the convenient
-        extraction of a QString out of a JSStringRef.
-
-        * API/JSStringRefQt.cpp: Added.
-        (JSStringCopyQString):
-        * API/JSStringRefQt.h: Added.
-        * API/OpaqueJSString.h:
-        (OpaqueJSString):
-        (OpaqueJSString::qString):
-        (OpaqueJSString::OpaqueJSString):
-        * Target.pri:
-
-2013-03-13  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Token 'not' is ignored in the offlineasm.
-        https://bugs.webkit.org/show_bug.cgi?id=111568
-
-        Reviewed by Filip Pizlo.
-
-        * offlineasm/parser.rb: Build the Not AST node if the 'not' token is found.
-
-2013-03-12  Tim Horton  <timothy_horton@apple.com>
-
-        WTF uses macros for exports. Try to fix the Windows build. Unreviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-03-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Array.prototype.sort should at least try to be PTIME even when the array is in some bizarre mode
-        https://bugs.webkit.org/show_bug.cgi?id=112187
-        <rdar://problem/13393550>
-
-        Reviewed by Michael Saboff and Gavin Barraclough.
-        
-        If we have an array-like object in crazy mode passed into Array.prototype.sort, and its length is large,
-        then first copy all elements into a separate, compact, un-holy array and sort that. Then copy back.
-        This means that sorting will be at worst O(n^2) in the actual number of things in the array, rather than
-        O(n^2) in the array's length.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::attemptFastSort):
-        (JSC::performSlowSort):
-        (JSC):
-        (JSC::arrayProtoFuncSort):
-
-2013-03-12  Tim Horton  <timothy_horton@apple.com>
-
-        Try to fix the Windows build.
-
-        Not reviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-03-12  Geoffrey Garen  <ggaren@apple.com>
-
-        Try to fix the Windows build.
-
-        Not reviewed.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        Export a thing.
-
-2013-03-11  Oliver Hunt  <oliver@apple.com>
-
-        Harden JSStringJoiner
-        https://bugs.webkit.org/show_bug.cgi?id=112093
-
-        Reviewed by Filip Pizlo.
-
-        Harden JSStringJoiner, make it use our CheckedArithmetic
-        class to simplify everything.
-
-        * runtime/JSStringJoiner.cpp:
-        (JSC::JSStringJoiner::build):
-        * runtime/JSStringJoiner.h:
-        (JSStringJoiner):
-        (JSC::JSStringJoiner::JSStringJoiner):
-        (JSC::JSStringJoiner::append):
-
-2013-03-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG generic array access cases should not be guarded by CheckStructure even of the profiling tells us that it could be
-        https://bugs.webkit.org/show_bug.cgi?id=112183
-
-        Reviewed by Oliver Hunt.
-        
-        Slight speed-up on string-unpack-code.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::findAndRemoveUnnecessaryStructureCheck):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-
-2013-03-12  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        https://bugs.webkit.org/show_bug.cgi?id=112141
-        LLInt CLoop backend misses Double2Ints() on 32bit architectures
-
-        Reviewed by Filip Pizlo.
-
-        Implement Double2Ints() in CLoop backend of LLInt on 32bit architectures.
-
-        * llint/LowLevelInterpreter.cpp:
-        (LLInt):
-        (JSC::LLInt::Double2Ints):
-        * offlineasm/cloop.rb:
-
-2013-03-12  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Making more sophisticated cache flush on ARM Linux platform
-        https://bugs.webkit.org/show_bug.cgi?id=111854
-
-        Reviewed by Zoltan Herczeg.
-
-        The cache flush on ARM Linux invalidates whole pages
-        instead of just the required area.
-
-        * assembler/ARMAssembler.h:
-        (ARMAssembler):
-        (JSC::ARMAssembler::linuxPageFlush):
-        (JSC::ARMAssembler::cacheFlush):
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::linuxPageFlush):
-        (JSC::ARMv7Assembler::cacheFlush):
-
-2013-03-12  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Renaming the armv7.rb LLINT backend to arm.rb
-        https://bugs.webkit.org/show_bug.cgi?id=110565
-
-        Reviewed by Zoltan Herczeg.
-
-        This is the first step of a unified ARM backend for
-        all ARM 32 bit architectures in LLInt.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * LLIntOffsetsExtractor.pro:
-        * offlineasm/arm.rb: Copied from Source/JavaScriptCore/offlineasm/armv7.rb.
-        * offlineasm/armv7.rb: Removed.
-        * offlineasm/backends.rb:
-        * offlineasm/risc.rb:
-
-2013-03-12  Csaba Osztrogonác  <ossy@webkit.org>
-
-        REGRESSION(r145482): It broke 33 jsc tests and zillion layout tests on all platform
-        https://bugs.webkit.org/show_bug.cgi?id=112112
-
-        Reviewed by Oliver Hunt.
-
-        Rolling out https://trac.webkit.org/changeset/145482 to unbreak the bots.
-
-        * runtime/JSStringJoiner.cpp:
-        (JSC::JSStringJoiner::build):
-        * runtime/JSStringJoiner.h:
-        (JSStringJoiner):
-        (JSC::JSStringJoiner::JSStringJoiner):
-        (JSC::JSStringJoiner::append):
-
-2013-03-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG prediction propagation phase should not rerun forward propagation if double voting has already converged
-        https://bugs.webkit.org/show_bug.cgi?id=111920
-
-        Reviewed by Oliver Hunt.
-        
-        I don't know why we weren't exiting early after double voting if !m_changed.
-        
-        This change also removes backwards propagation from the voting fixpoint, since at that
-        point short-circuiting loops is probably not particularly profitable. Profiling shows
-        that this reduces the time spent in prediction propagation even further.
-        
-        This change appears to be a 1% SunSpider speed-up.
-
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::run):
-
-2013-03-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG overflow check elimination is too smart for its own good
-        https://bugs.webkit.org/show_bug.cgi?id=111832
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-        
-        Rolling this back in after fixing accidental misuse of JSValue. The code was doing value < someInt
-        rather than value.asInt32() < someInt. This "worked" when isWithinPowerOfTwo wasn't templatized.
-        It worked by always being false and always disabling the relvant optimization.
-        
-        This improves overflow check elimination in three ways:
-        
-        1) It reduces the amount of time the compiler will spend doing it.
-        
-        2) It fixes bugs where overflow check elimination was overzealous. Precisely, for a binary operation
-           over @a and @b where both @a and @b will type check that their inputs (@a->children, @b->children)
-           are int32's and then perform a possibly-overflowing operation, we must be careful not to assume
-           that @a's non-int32 parts don't matter if at the point that @a runs we have as yet not proved that
-           @b->children are int32's and that hence @b might produce a large enough result that doubles would
-           start chopping low bits. The specific implication of this is that for a binary operation to not
-           propagate that it cares about non-int32 parts (NodeUsedAsNumber), we must prove that at least one
-           of the inputs is guaranteed to produce a result within 2^32 and that there won't be a tower of such
-           operations large enough to ultimately produce a double greater than 2^52 (roughly). We achieve the
-           latter by disabling this optimization for very large basic blocks. It's noteworthy that blocks that
-           large won't even make it into the DFG currently.
-        
-        3) It makes the overflow check elimination more precise for cases where the inputs to an Add or Sub
-           are the outputs of a bit-op. For example in (@a + (@b | 0)) | 0, we don't need to propagate
-           NodeUsedAsNumber to either @a or @b.
-        
-        This is neutral on V8v7 and a slight speed-up on compile time benchmarks.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::refine):
-        * dfg/DFGBackwardsPropagationPhase.cpp: Added.
-        (DFG):
-        (BackwardsPropagationPhase):
-        (JSC::DFG::BackwardsPropagationPhase::BackwardsPropagationPhase):
-        (JSC::DFG::BackwardsPropagationPhase::run):
-        (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
-        (JSC::DFG::BackwardsPropagationPhase::isNotZero):
-        (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoForConstant):
-        (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoNonRecursive):
-        (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
-        (JSC::DFG::BackwardsPropagationPhase::mergeDefaultFlags):
-        (JSC::DFG::BackwardsPropagationPhase::propagate):
-        (JSC::DFG::performBackwardsPropagation):
-        * dfg/DFGBackwardsPropagationPhase.h: Added.
-        (DFG):
-        * dfg/DFGCPSRethreadingPhase.cpp:
-        (JSC::DFG::CPSRethreadingPhase::run):
-        (JSC::DFG::CPSRethreadingPhase::clearIsLoadedFrom):
-        (CPSRethreadingPhase):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::dumpNodeFlags):
-        (DFG):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGUnificationPhase.cpp:
-        (JSC::DFG::UnificationPhase::run):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeIsLoadedFrom):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::setIsLoadedFrom):
-        (JSC::DFG::VariableAccessData::isLoadedFrom):
-
-2013-03-11  Oliver Hunt  <oliver@apple.com>
-
-        Harden JSStringJoiner
-        https://bugs.webkit.org/show_bug.cgi?id=112093
-
-        Reviewed by Filip Pizlo.
-
-        Harden JSStringJoiner, make it use our CheckedArithmetic
-        class to simplify everything.
-
-        * runtime/JSStringJoiner.cpp:
-        (JSC::JSStringJoiner::build):
-        * runtime/JSStringJoiner.h:
-        (JSStringJoiner):
-        (JSC::JSStringJoiner::JSStringJoiner):
-        (JSC::JSStringJoiner::append):
-
-2013-03-11  Michael Saboff  <msaboff@apple.com>
-
-        Crash beneath operationCreateInlinedArguments running fast/js/dfg-create-inlined-arguments-in-closure-inline.html (32-bit only)
-        https://bugs.webkit.org/show_bug.cgi?id=112067
-
-        Reviewed by Geoffrey Garen.
-
-        We weren't setting the tag in SetCallee.  Therefore set it to CellTag.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-11  Oliver Hunt  <oliver@apple.com>
-
-        Make SegmentedVector Noncopyable
-        https://bugs.webkit.org/show_bug.cgi?id=112059
-
-        Reviewed by Geoffrey Garen.
-
-        Copying a SegmentedVector is very expensive, and really shouldn't
-        be necessary.  So I've taken the one place where we currently copy
-        and replaced it with a regular Vector, and replaced the address
-        dependent logic with a indexing ref instead.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::newLabelScope):
-        (JSC::BytecodeGenerator::emitComplexJumpScopes):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/LabelScope.h:
-        (JSC):
-        (JSC::LabelScopePtr::LabelScopePtr):
-        (LabelScopePtr):
-        (JSC::LabelScopePtr::operator=):
-        (JSC::LabelScopePtr::~LabelScopePtr):
-        (JSC::LabelScopePtr::operator*):
-        (JSC::LabelScopePtr::operator->):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::DoWhileNode::emitBytecode):
-        (JSC::WhileNode::emitBytecode):
-        (JSC::ForNode::emitBytecode):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::SwitchNode::emitBytecode):
-        (JSC::LabelNode::emitBytecode):
-
-2013-03-10  Andreas Kling  <akling@apple.com>
-
-        SpeculativeJIT should use OwnPtr<SlowPathGenerator>.
-        <http://webkit.org/b/111942>
-
-        Reviewed by Anders Carlsson.
-
-        There's no need to include DFGSlowPathGenerator.h from the header as long as the destructor is out-of-line,
-        so let's use OwnPtr instead of raw pointers + deleteAllValues().
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::~SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::addSlowPathGenerator):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2013-03-09  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r145299.
-        http://trac.webkit.org/changeset/145299
-        https://bugs.webkit.org/show_bug.cgi?id=111928
-
-        compilation failure with recent clang
-        (DFGBackwardsPropagationPhase.cpp:132:35: error: comparison of
-        constant 10 with expression of type 'bool' is always false)
-        (Requested by thorton on #webkit).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::refine):
-        * dfg/DFGBackwardsPropagationPhase.cpp: Removed.
-        * dfg/DFGBackwardsPropagationPhase.h: Removed.
-        * dfg/DFGCPSRethreadingPhase.cpp:
-        (JSC::DFG::CPSRethreadingPhase::run):
-        (CPSRethreadingPhase):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        (DFG):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::isNotZero):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
-        * dfg/DFGUnificationPhase.cpp:
-        (JSC::DFG::UnificationPhase::run):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (VariableAccessData):
-
-2013-03-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG overflow check elimination is too smart for its own good
-        https://bugs.webkit.org/show_bug.cgi?id=111832
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-        
-        This improves overflow check elimination in three ways:
-        
-        1) It reduces the amount of time the compiler will spend doing it.
-        
-        2) It fixes bugs where overflow check elimination was overzealous. Precisely, for a binary operation
-           over @a and @b where both @a and @b will type check that their inputs (@a->children, @b->children)
-           are int32's and then perform a possibly-overflowing operation, we must be careful not to assume
-           that @a's non-int32 parts don't matter if at the point that @a runs we have as yet not proved that
-           @b->children are int32's and that hence @b might produce a large enough result that doubles would
-           start chopping low bits. The specific implication of this is that for a binary operation to not
-           propagate that it cares about non-int32 parts (NodeUsedAsNumber), we must prove that at least one
-           of the inputs is guaranteed to produce a result within 2^32 and that there won't be a tower of such
-           operations large enough to ultimately produce a double greater than 2^52 (roughly). We achieve the
-           latter by disabling this optimization for very large basic blocks. It's noteworthy that blocks that
-           large won't even make it into the DFG currently.
-        
-        3) It makes the overflow check elimination more precise for cases where the inputs to an Add or Sub
-           are the outputs of a bit-op. For example in (@a + (@b | 0)) | 0, we don't need to propagate
-           NodeUsedAsNumber to either @a or @b.
-        
-        This is neutral on V8v7 and a slight speed-up on compile time benchmarks.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::refine):
-        * dfg/DFGBackwardsPropagationPhase.cpp: Added.
-        (DFG):
-        (BackwardsPropagationPhase):
-        (JSC::DFG::BackwardsPropagationPhase::BackwardsPropagationPhase):
-        (JSC::DFG::BackwardsPropagationPhase::run):
-        (JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
-        (JSC::DFG::BackwardsPropagationPhase::isNotZero):
-        (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoForConstant):
-        (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwoNonRecursive):
-        (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
-        (JSC::DFG::BackwardsPropagationPhase::mergeDefaultFlags):
-        (JSC::DFG::BackwardsPropagationPhase::propagate):
-        (JSC::DFG::performBackwardsPropagation):
-        * dfg/DFGBackwardsPropagationPhase.h: Added.
-        (DFG):
-        * dfg/DFGCPSRethreadingPhase.cpp:
-        (JSC::DFG::CPSRethreadingPhase::run):
-        (JSC::DFG::CPSRethreadingPhase::clearIsLoadedFrom):
-        (CPSRethreadingPhase):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::dumpNodeFlags):
-        (DFG):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGUnificationPhase.cpp:
-        (JSC::DFG::UnificationPhase::run):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeIsLoadedFrom):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::setIsLoadedFrom):
-        (JSC::DFG::VariableAccessData::isLoadedFrom):
-
-2013-03-08  Roger Fong  <roger_fong@apple.com>
-
-        Makefile fixes.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.make:
-
-2013-03-08  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        Cache flush problem on ARMv7 JSC
-        https://bugs.webkit.org/show_bug.cgi?id=111441
-
-        Reviewed by Zoltan Herczeg.
-
-        Not proper cache flush causing random crashes on ARMv7 Linux with V8 tests.
-        The problem is similar to https://bugs.webkit.org/show_bug.cgi?id=77712.
-        Change the cache fulsh mechanism similar to ARM traditinal and revert the
-        temporary fix.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::cacheFlush):
-
-2013-03-07  Geoffrey Garen  <ggaren@apple.com>
-
-        REGRESSION (r143759): 40% JSBench regression, 20% Octane/closure regression, 40% Octane/jquery regression, 2% Octane regression
-        https://bugs.webkit.org/show_bug.cgi?id=111797
-
-        Reviewed by Oliver Hunt.
-
-        The bot's testing configuration stresses the cache's starting guess
-        of 1MB.
-
-        This patch removes any starting guess, and just uses wall clock time
-        to discover the initial working set size of an app, in code size.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCacheMap::pruneSlowCase): Update our timer as we go.
-
-        Also fixed a bug where pruning from 0 to 0 would hang -- that case is
-        a possibility now that we start with a capacity of 0.
-
-        * runtime/CodeCache.h:
-        (CodeCacheMap):
-        (JSC::CodeCacheMap::CodeCacheMap):
-        (JSC::CodeCacheMap::add):
-        (JSC::CodeCacheMap::prune): Don't prune if we're in the middle of
-        discovering the working set size of an app, in code size.
-
-2013-03-07  Michael Saboff  <msaboff@apple.com>
-
-        Crash when updating predictions below JSC::arrayProtoFuncForEach on tuaw.com article
-        https://bugs.webkit.org/show_bug.cgi?id=111777
-
-        Reviewed by Filip Pizlo.
-
-        Moved register allocations to be above any generated control flow so that any
-        resulting spill would be visible to all subsequently generated code.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not get corrupted IR in the case of code that is dead, unreachable, and contains a chain of nodes that use each other in an untyped way
-        https://bugs.webkit.org/show_bug.cgi?id=111783
-
-        Reviewed by Mark Hahnenberg.
-        
-        Unreachable code is not touched by CFA and so thinks that even untyped uses are checked.
-        But dead untyped uses don't need checks and hence don't need to be Phantom'd. The DCE knew
-        this in findTypeCheckRoot() but not in eliminateIrrelevantPhantomChildren(), leading to a
-        Phantom node that had another Phantom node as one of its kids.
-
-        * dfg/DFGDCEPhase.cpp:
-        (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
-
-2013-03-07  Filip Pizlo  <fpizlo@apple.com>
-
-        The DFG fixpoint is not strictly profitable, and should be straight-lined
-        https://bugs.webkit.org/show_bug.cgi?id=111764
-
-        Reviewed by Oliver Hunt and Geoffrey Garen.
-        
-        The DFG previously ran optimizations to fixpoint because there exists a circular dependency:
-        
-        CSE depends on CFG simplification: CFG simplification merges blocks, and CSE is block-local.
-        
-        CFG simplification depends on CFA and constant folding: constant folding reveals branches on
-        constants.
-        
-        CFA depends on CSE: CSE reveals must-alias relationships by proving that two operations
-        always produce identical values.
-        
-        Arguments simplification also depends on CSE, but it ought not depend on anything else.
-        
-        Hence we get a cycle like: CFA -> folding -> CFG -> CSE -> CFA.
-        
-        Note that before we had sparse conditional CFA, we also had CFA depending on CFG. This ought
-        not be the case anymore: CFG simplification should not by itself lead to better CFA results.
-        
-        My guess is that the weakest link in this cycle is CFG -> CSE. CSE cuts both ways: if you
-        CSE too much then you increase register pressure. Hence it's not clear that you always want
-        to CSE after simplifying control flow. This leads to an order of optimization as follows:
-        
-        CSE -> arguments -> CFA -> folding -> CFG
-        
-        This is a 2.5% speed-up on SunSpider, a 4% speed-up on V8Spider, a possible 0.3% slow-down
-        on V8v7, nothing on Kraken, and 1.2% speed-up in the JSRegress geomean. I'll take a 2.5%
-        speed-up over a 0.3% V8v7 speed-up.
-
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-
-2013-03-07  Roger Fong  <roger_fong@apple.com>
-
-        Build fix for AppleWin VS2010.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-
-2013-03-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Need a good way to reference event handlers without causing cycles
-        https://bugs.webkit.org/show_bug.cgi?id=111088
-
-        Reviewed by Geoffrey Garen.
-
-        JSManagedValue is like a special kind of weak value. When you create a JSManagedValue, you can
-        supply an Objective-C object as its "owner". As long as the Objective-C owner object remains
-        alive and its wrapper remains accessible to the JSC garbage collector (e.g. by being marked by 
-        the global object), the reference to the JavaScript value is strong. As soon as the Objective-C
-        owner is deallocated or its wrapper becomes inaccessible to the garbage collector, the reference
-        becomes weak.
-
-        If you do not supply an owner or you use the weakValueWithValue: convenience class method, the
-        returned JSManagedValue behaves as a normal weak reference.
-
-        This new class allows clients to maintain references to JavaScript values in the Objective-C
-        heap without creating reference cycles/leaking memory.
-
-        * API/JSAPIWrapperObject.cpp: Added.
-        (JSC):
-        (JSC::::createStructure):
-        (JSC::JSAPIWrapperObject::JSAPIWrapperObject): This is a special JSObject for the Objective-C API that knows
-        for the purposes of garbage collection/marking that it wraps an opaque Objective-C object.
-        (JSC::JSAPIWrapperObject::visitChildren): We add the pointer to the wrapped Objective-C object to the set of
-        opaque roots so that the weak handle owner for JSManagedValues can find it later.
-        * API/JSAPIWrapperObject.h: Added.
-        (JSC):
-        (JSAPIWrapperObject):
-        (JSC::JSAPIWrapperObject::wrappedObject):
-        (JSC::JSAPIWrapperObject::setWrappedObject):
-        * API/JSBase.cpp:
-        (JSSynchronousGarbageCollect):
-        * API/JSBasePrivate.h:
-        * API/JSCallbackObject.cpp:
-        (JSC):
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObject::destroy): Moved this to the header so that we don't get link errors with JSAPIWrapperObject.
-        * API/JSContext.mm:
-        (-[JSContext initWithVirtualMachine:]): We weren't adding manually allocated/initialized JSVirtualMachine objects to 
-        the global cache of virtual machines. The init methods handle this now rather than contextWithGlobalContextRef, since 
-        not everyone is guaranteed to use the latter.
-        (-[JSContext initWithGlobalContextRef:]):
-        (+[JSContext contextWithGlobalContextRef:]):
-        * API/JSManagedValue.h: Added.
-        * API/JSManagedValue.mm: Added.
-        (JSManagedValueHandleOwner):
-        (managedValueHandleOwner):
-        (+[JSManagedValue weakValueWithValue:]):
-        (+[JSManagedValue managedValueWithValue:owner:]):
-        (-[JSManagedValue init]): We explicitly call the ARC entrypoints to initialize/get the weak owner field since we don't 
-        use ARC when building our framework.
-        (-[JSManagedValue initWithValue:]):
-        (-[JSManagedValue initWithValue:owner:]):
-        (-[JSManagedValue dealloc]):
-        (-[JSManagedValue value]):
-        (-[JSManagedValue weakOwner]):
-        (JSManagedValueHandleOwner::isReachableFromOpaqueRoots): If the Objective-C owner is still alive (i.e. loading the weak field
-        returns non-nil) and that value was added to the set of opaque roots by the wrapper for that Objective-C owner, then the the 
-        JSObject to which the JSManagedObject refers is still alive.
-        * API/JSObjectRef.cpp: We have to add explicit checks for the JSAPIWrapperObject, just like the other types of JSCallbackObjects.
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSValue.mm:
-        (objectToValueWithoutCopy):
-        * API/JSValueRef.cpp:
-        (JSValueIsObjectOfClass):
-        * API/JSVirtualMachine.mm:
-        (-[JSVirtualMachine initWithContextGroupRef:]):
-        (+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
-        * API/JSWrapperMap.mm:
-        (wrapperFinalize):
-        (makeWrapper): This is our own internal version of JSObjectMake which creates JSAPIWrapperObjects, the Obj-C API 
-        version of JSCallbackObjects.
-        (createObjectWithCustomBrand):
-        (-[JSObjCClassInfo wrapperForObject:]):
-        (tryUnwrapObjcObject):
-        * API/JavaScriptCore.h:
-        * API/tests/testapi.mm: Added new tests for the strong and weak uses of JSManagedValue in the context of an 
-        onclick handler for an Objective-C object inserted into a JSContext.
-        (-[TextXYZ setWeakOnclick:]):
-        (-[TextXYZ setOnclick:]):
-        (-[TextXYZ weakOnclick]):
-        (-[TextXYZ onclick]):
-        (-[TextXYZ click]):
-        * CMakeLists.txt: Various build system additions.
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSGlobalObject.cpp: Added the new canonical Structure for the JSAPIWrapperObject class.
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::objcWrapperObjectStructure):
-
-2013-03-06  Filip Pizlo  <fpizlo@apple.com>
-
-        ConvertThis should be turned into Identity based on predictions in Fixup, rather than based on proofs in ConstantFolding
-        https://bugs.webkit.org/show_bug.cgi?id=111674
-
-        Reviewed by Oliver Hunt.
-        
-        This gets rid of the speculated forms of ConvertThis in the backend, and has Fixup
-        convert them to either Identity(Object:@child) if the child is predicted object, or
-        Phantom(Other:@child) ; WeakJSConstant(global this object) if it's predicted Other.
-        
-        The goal of this is to ensure that the optimization fixpoint doesn't create
-        Identity's, since doing so requires a rerun of CSE. So far this isn't a speed-up
-        but I'm hoping this will be a step towards reducing the need to rerun the fixpoint
-        so as to ultimately reduce compile times.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGAssemblyHelpers.h:
-        (AssemblyHelpers):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::observeUseKindOnNode):
-        (JSC::DFG::FixupPhase::setUseKindAndUnboxIfProfitable):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::globalThisObjectFor):
-        (Graph):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::convertToIdentity):
-        (JSC::DFG::Node::convertToWeakConstant):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-07  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Children method in LLINT AST Not class should return [@child]
-        https://bugs.webkit.org/show_bug.cgi?id=90740
-
-        Reviewed by Filip Pizlo.
-
-        * offlineasm/ast.rb: Fixed the return value of the children method in the Not AST class.
-
-2013-03-05  Oliver Hunt  <oliver@apple.com>
-
-        Bring back eager resolution of function scoped variables
-        https://bugs.webkit.org/show_bug.cgi?id=111497
-
-        Reviewed by Geoffrey Garen.
-
-        This reverts the get/put_scoped_var part of the great non-local
-        variable resolution refactoring.  This still leaves all the lazy
-        variable resolution logic as it's necessary for global property
-        resolution, and i don't want to make the patch bigger than it
-        already is.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::generateFunctionCodeBlock):
-        (JSC::UnlinkedFunctionExecutable::codeBlockFor):
-        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC):
-        (UnlinkedFunctionExecutable):
-        (UnlinkedCodeBlock):
-        (JSC::UnlinkedCodeBlock::usesGlobalObject):
-        (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
-        (JSC::UnlinkedCodeBlock::globalObjectRegister):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitLoadGlobalObject):
-        (JSC):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetStaticVar):
-        (JSC::BytecodeGenerator::emitPutStaticVar):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::ResolveResult::lexicalResolve):
-        (JSC::ResolveResult::isStatic):
-        (JSC::ResolveResult::depth):
-        (JSC::ResolveResult::index):
-        (ResolveResult):
-        (JSC::ResolveResult::ResolveResult):
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::isPure):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixNode::emitResolve):
-        (JSC::TypeOfResolveNode::emitBytecode):
-        (JSC::PrefixNode::emitResolve):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::debugFail):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC):
-        (JSC::JIT::emit_op_put_scoped_var):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC):
-        (JSC::JIT::emit_op_put_scoped_var):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::getProgramCodeBlock):
-        (JSC::CodeCache::getEvalCodeBlock):
-        * runtime/CodeCache.h:
-        (JSC):
-        (CodeCache):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::FunctionExecutable::produceCodeBlockFor):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::createEvalCodeBlock):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-
-2013-03-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, roll out http://trac.webkit.org/changeset/144989
-        
-        I think we want the assertion that I removed.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::merge):
-        (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-
-2013-03-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::AbstractState::merge() is still more complicated than it needs to be
-        https://bugs.webkit.org/show_bug.cgi?id=111619
-
-        Reviewed by Mark Hahnenberg.
-        
-        This method is the one place where we still do some minimal amount of liveness pruning, but the style with
-        which it is written is awkward, and it makes an assertion about variablesAtTail that will be invalidated
-        by https://bugs.webkit.org/show_bug.cgi?id=111539.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::merge):
-        (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-
-2013-03-06  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not run full CSE after the optimization fixpoint, since it really just wants store elimination
-        https://bugs.webkit.org/show_bug.cgi?id=111536
-
-        Reviewed by Oliver Hunt and Mark Hahnenberg.
-        
-        The fixpoint will do aggressive load elimination and pure CSE. There's no need to do it after the fixpoint.
-        On the other hand, the fixpoint does not profit from doing store elimination (except for SetLocal/Flush).
-        Previously we had CSE do both, and had it avoid doing some store elimination during the fixpoint by querying
-        the fixpoint state. This changes CSE to be templated on mode - either NormalCSE or StoreElimination - so
-        that we explicitly put it into one of those modes depending on where we call it from. The goal is to reduce
-        time spent doing load elimination after the fixpoint, since that is just wasted cycles.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::CSEPhase):
-        (JSC::DFG::CSEPhase::run):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-        (JSC::DFG::performCSE):
-        (DFG):
-        (JSC::DFG::performStoreElimination):
-        * dfg/DFGCSEPhase.h:
-        (DFG):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-
-2013-03-06  Andreas Kling  <akling@apple.com>
-
-        Pack Structure members better.
-        <http://webkit.org/b/111593>
-        <rdar://problem/13359200>
-
-        Reviewed by Mark Hahnenberg.
-
-        Shrink Structure by 8 bytes (now at 104 bytes) on 64-bit by packing the members better.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        * runtime/Structure.h:
-        (Structure):
-
-2013-03-06  Andreas Kling  <akling@apple.com>
-
-        Unreviewed, fix Windows build after r144910.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2013-03-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not check if nodes are shouldGenerate prior to DCE
-        https://bugs.webkit.org/show_bug.cgi?id=111520
-
-        Reviewed by Geoffrey Garen.
-        
-        All nodes are live before DCE. We don't need to check that they aren't, because they
-        definitely will be.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::int32ToDoubleCSE):
-        (JSC::DFG::CSEPhase::constantCSE):
-        (JSC::DFG::CSEPhase::weakConstantCSE):
-        (JSC::DFG::CSEPhase::getCalleeLoadElimination):
-        (JSC::DFG::CSEPhase::getArrayLengthElimination):
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::scopedVarLoadElimination):
-        (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
-        (JSC::DFG::CSEPhase::globalVarStoreElimination):
-        (JSC::DFG::CSEPhase::scopedVarStoreElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkStructureElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::checkArrayElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
-        (JSC::DFG::CSEPhase::getLocalLoadElimination):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2013-03-06  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Fix unused parameter warnings in ARM assembler
-        https://bugs.webkit.org/show_bug.cgi?id=111433
-
-        Reviewed by Kentaro Hara.
-
-        * assembler/ARMAssembler.h: Remove unreachable revertJump() after r143346.
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::moveIntsToDouble): Remove unused scratch parameter instead of UNUSED_PARAM.
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32): Remove unused fpTemp parameter.
-        (JSC::MacroAssemblerARM::revertJumpReplacementToPatchableBranchPtrWithPatch): Remove unused parameters.
-
-2013-03-06  Andreas Kling  <akling@apple.com>
-
-        Unused Structure property tables waste 14MB on Membuster.
-        <http://webkit.org/b/110854>
-        <rdar://problem/13292104>
-
-        Reviewed by Geoffrey Garen.
-
-        Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
-        14 MB progression on Membuster3.
-
-        This time it should stick; I've been through all the tests with COLLECT_ON_EVERY_ALLOCATION.
-        The issue with the last version was that Structure::m_offset could be used uninitialized
-        when re-materializing a previously GC'd property table, causing some sanity checks to fail.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-
-            Added PropertyTable.cpp.
-
-        * runtime/PropertyTable.cpp: Added.
-        (JSC::PropertyTable::create):
-        (JSC::PropertyTable::clone):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::destroy):
-        (JSC::PropertyTable::~PropertyTable):
-        (JSC::PropertyTable::visitChildren):
-
-            Moved marking of property table values here from Structure::visitChildren().
-
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::get):
-
-            Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
-            Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
-            zaps the property table.
-
-        * runtime/Structure.h:
-        (JSC::Structure::materializePropertyMapIfNecessary):
-        (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
-        * runtime/StructureInlines.h:
-        (JSC::Structure::propertyTable):
-
-            Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
-            Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
-            Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
-
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::checkOffsetConsistency):
-
-            Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildren):
-
-            Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
-
-        (JSC::Structure::takePropertyTableOrCloneIfPinned):
-
-            Added for setting up the property table in a new transition, this code is now shared between
-            addPropertyTransition() and nonPropertyTransition().
-
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-            Add a global propertyTableStructure.
-
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::createStructure):
-        (JSC::PropertyTable::copy):
-
-            Make PropertyTable a GC object.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::isSealed):
-        (JSC::Structure::isFrozen):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::pin):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::despecifyAllFunctions):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::remove):
-        (JSC::Structure::createPropertyMap):
-        (JSC::Structure::getPropertyNamesFromStructure):
-        (JSC::Structure::checkConsistency):
-
-2013-03-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Get rid of the invert argument to SpeculativeJIT::jumpSlowForUnwantedArrayMode
-        https://bugs.webkit.org/show_bug.cgi?id=105624
-
-        Reviewed by Oliver Hunt.
-        
-        All callers pass invert = false, which is the default value of the argument. So, get
-        rid of the argument and fold away all code that checks it.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2013-03-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix an incorrect comment. The comment was a holdover from a work-in-progress version of this code.
-
-        * dfg/DFGDCEPhase.cpp:
-        (JSC::DFG::DCEPhase::run):
-
-2013-03-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG DCE might eliminate checks unsoundly
-        https://bugs.webkit.org/show_bug.cgi?id=109389
-
-        Reviewed by Oliver Hunt.
-        
-        This gets rid of all eager reference counting, and does all dead code elimination
-        in one phase - the DCEPhase. This phase also sets up the node reference counts,
-        which are then used not just for DCE but also register allocation and stack slot
-        allocation.
-        
-        Doing this required a number of surgical changes in places that previously relied
-        on always having liveness information. For example, the structure check hoisting
-        phase must now consult whether a VariableAccessData is profitable for unboxing to
-        make sure that it doesn't try to do hoisting on set SetLocals. The arguments
-        simplification phase employs its own light-weight liveness analysis. Both phases
-        previously just used reference counts.
-        
-        The largest change is that now, dead nodes get turned into Phantoms. Those
-        Phantoms will retain those child edges that are not proven. This ensures that any
-        type checks performed by a dead node remain even after the node is killed. On the
-        other hand, this Phantom conversion means that we need special handling for
-        SetLocal. I decided to make the four forms of SetLocal explicit:
-        
-        MovHint(@a, rK): Just indicates that node @a contains the value that would have
-             now been placed into virtual register rK. Does not actually cause @a to be
-             stored into rK. This would have previously been a dead SetLocal with @a
-             being live. MovHints are always dead.
-        
-        ZombieHint(rK): Indicates that at this point, register rK will contain a dead
-             value and OSR should put Undefined into it. This would have previously been
-             a dead SetLocal with @a being dead also. ZombieHints are always dead.
-        
-        MovHintAndCheck(@a, rK): Identical to MovHint except @a is also type checked,
-             according to whatever UseKind the edge to @a has. The type check is always a
-             forward exit. MovHintAndChecks are always live, since they are
-             NodeMustGenerate. Previously this would have been a dead SetLocal with a
-             live @a, and the check would have disappeared. This is one of the bugs that
-             this patch solves.
-        
-        SetLocal(@a, rK): This still does exactly what it does now, if the SetLocal is
-             live.
-        
-        Basically this patch makes it so that dead SetLocals eventually decay to MovHint,
-        ZombieHint, or MovHintAndCheck depending on the situation. If the child @a is
-        also dead, then you get a ZombieHint. If the child @a is live but the SetLocal
-        has a type check and @a's type hasn't been proven to have that type then you get
-        a MovHintAndCheck. Otherwise you get a MovHint.
-        
-        This is performance neutral.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (ArgumentsSimplificationPhase):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGBasicBlock.h:
-        (BasicBlock):
-        * dfg/DFGBasicBlockInlines.h:
-        (DFG):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::insertPhiNode):
-        (JSC::DFG::ByteCodeParser::emitFunctionChecks):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::run):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        * dfg/DFGCPSRethreadingPhase.cpp:
-        (JSC::DFG::CPSRethreadingPhase::run):
-        (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCommon.cpp:
-        (WTF::printInternal):
-        (WTF):
-        * dfg/DFGCommon.h:
-        (WTF):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
-        (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
-        * dfg/DFGDCEPhase.cpp: Added.
-        (DFG):
-        (DCEPhase):
-        (JSC::DFG::DCEPhase::DCEPhase):
-        (JSC::DFG::DCEPhase::run):
-        (JSC::DFG::DCEPhase::findTypeCheckRoot):
-        (JSC::DFG::DCEPhase::countEdge):
-        (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
-        (JSC::DFG::performDCE):
-        * dfg/DFGDCEPhase.h: Added.
-        (DFG):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        (JSC::DFG::FixupPhase::fixIntEdge):
-        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
-        (JSC::DFG::FixupPhase::truncateConstantToInt32):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::Graph):
-        (JSC::DFG::Graph::dump):
-        (DFG):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::changeChild):
-        (JSC::DFG::Graph::changeEdge):
-        (JSC::DFG::Graph::compareAndSwap):
-        (JSC::DFG::Graph::clearAndDerefChild):
-        (JSC::DFG::Graph::performSubstitution):
-        (JSC::DFG::Graph::performSubstitutionForEdge):
-        (Graph):
-        (JSC::DFG::Graph::substitute):
-        * dfg/DFGInsertionSet.h:
-        (InsertionSet):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::convertToConstant):
-        (JSC::DFG::Node::convertToGetLocalUnlinked):
-        (JSC::DFG::Node::containsMovHint):
-        (Node):
-        (JSC::DFG::Node::hasVariableAccessData):
-        (JSC::DFG::Node::willHaveCodeGenOrOSR):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::compileMovHintAndCheck):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileInlineStart):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::shouldConsiderForHoisting):
-        (StructureCheckHoistingPhase):
-        * dfg/DFGValidate.cpp:
-        (JSC::DFG::Validate::validate):
-
-2013-03-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: JSValue should implement init and return nil in exceptional cases
-        https://bugs.webkit.org/show_bug.cgi?id=111487
-
-        Reviewed by Darin Adler.
-
-        * API/JSValue.mm:
-        (-[JSValue init]): We return nil here because there is no way to get the instance into a coherent state
-        without a JSContext.
-        (-[JSValue initWithValue:inContext:]): Similarly, we should also return nil here if either of the arguments is 0.
-
-2013-03-05  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r144708.
-        http://trac.webkit.org/changeset/144708
-        https://bugs.webkit.org/show_bug.cgi?id=111447
-
-        random assertion crashes in inspector tests on qt+mac bots
-        (Requested by kling on #webkit).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC):
-        (JSC::PropertyTable::~PropertyTable):
-        (JSC::PropertyTable::copy):
-        * runtime/PropertyTable.cpp: Removed.
-        * runtime/Structure.cpp:
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::isSealed):
-        (JSC::Structure::isFrozen):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::pin):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::despecifyAllFunctions):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::remove):
-        (JSC::Structure::createPropertyMap):
-        (JSC::Structure::getPropertyNamesFromStructure):
-        (JSC::Structure::visitChildren):
-        (JSC::Structure::checkConsistency):
-        * runtime/Structure.h:
-        (JSC):
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-        (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
-        (JSC::Structure::checkOffsetConsistency):
-        (Structure):
-        * runtime/StructureInlines.h:
-        (JSC::Structure::get):
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::get):
-
-2013-03-05  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX (r144698): Only enable SPEECH_SYNTHESIS for Mac
-        <http://webkit.org/b/106742>
-
-        Fixes the following build failures:
-
-            Undefined symbols for architecture i386:
-              "__ZTVN7WebCore25PlatformSpeechSynthesizerE", referenced from:
-                  __ZN7WebCore25PlatformSpeechSynthesizerC2EPNS_31PlatformSpeechSynthesizerClientE in PlatformSpeechSynthesizer.o
-              NOTE: a missing vtable usually means the first non-inline virtual member function has no definition.
-              "__ZN7WebCore25PlatformSpeechSynthesizer19initializeVoiceListEv", referenced from:
-                  __ZN7WebCore25PlatformSpeechSynthesizerC2EPNS_31PlatformSpeechSynthesizerClientE in PlatformSpeechSynthesizer.o
-            ld: symbol(s) not found for architecture i386
-
-        * Configurations/FeatureDefines.xcconfig:
-        - Fix definition of ENABLE_ENCRYPTED_MEDIA_V2_macosx to match
-          other FeatureDefines.xcconfig files.
-        - Only set ENABLE_SPEECH_SYNTHESIS for the macosx platform.
-
-2013-03-04  Andreas Kling  <akling@apple.com>
-
-        Unused Structure property tables waste 14MB on Membuster.
-        <http://webkit.org/b/110854>
-        <rdar://problem/13292104>
-
-        Reviewed by Geoffrey Garen.
-
-        Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
-        14 MB progression on Membuster3.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-
-            Added PropertyTable.cpp.
-
-        * runtime/PropertyTable.cpp: Added.
-        (JSC::PropertyTable::create):
-        (JSC::PropertyTable::clone):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::destroy):
-        (JSC::PropertyTable::~PropertyTable):
-        (JSC::PropertyTable::visitChildren):
-
-            Moved marking of property table values here from Structure::visitChildren().
-
-        * runtime/WriteBarrier.h:
-        (JSC::WriteBarrierBase::get):
-
-            Move m_cell to a local before using it multiple times. This avoids a multiple-access race when
-            Structure::checkOffsetConsistency() is used in assertions on the main thread while a marking thread
-            zaps the property table.
-
-        * runtime/Structure.h:
-        (JSC::Structure::materializePropertyMapIfNecessary):
-        (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
-        * runtime/StructureInlines.h:
-        (JSC::Structure::propertyTable):
-
-            Added a getter for the Structure's PropertyTable that ASSERTs GC currently isn't active.
-            Because GC can zap an unpinned property table at any time, it's not entirely safe to access it.
-            Renamed the variable itself to m_propertyTableUnsafe to force call sites into explaining themselves.
-
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::checkOffsetConsistency):
-
-            Moved these out of Structure.h to break header dependency cycle between Structure/PropertyTable.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildren):
-
-            Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
-
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-            Add a global propertyTableStructure.
-
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::createStructure):
-        (JSC::PropertyTable::copy):
-
-            Make PropertyTable a GC object.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::despecifyDictionaryFunction):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::isSealed):
-        (JSC::Structure::isFrozen):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::pin):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::get):
-        (JSC::Structure::despecifyFunction):
-        (JSC::Structure::despecifyAllFunctions):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::remove):
-        (JSC::Structure::createPropertyMap):
-        (JSC::Structure::getPropertyNamesFromStructure):
-        (JSC::Structure::checkConsistency):
-
-2013-03-04  Chris Fleizach  <cfleizach@apple.com>
-
-        Support WebSpeech - Speech Synthesis
-        https://bugs.webkit.org/show_bug.cgi?id=106742
-
-        Reviewed by Simon Fraser.
-
-        Enable speech synthesis for the Mac.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove contextInternalContext from JSContextInternal.h
-        https://bugs.webkit.org/show_bug.cgi?id=111356
-
-        Reviewed by Geoffrey Garen.
-
-        We don't need it any more since we have globalContextRef in JSContext.
-
-        * API/JSContext.mm:
-        * API/JSContextInternal.h:
-        * API/JSValue.mm:
-        (+[JSValue valueWithBool:inContext:]):
-        (+[JSValue valueWithDouble:inContext:]):
-        (+[JSValue valueWithInt32:inContext:]):
-        (+[JSValue valueWithUInt32:inContext:]):
-        (+[JSValue valueWithNewObjectInContext:]):
-        (+[JSValue valueWithNewArrayInContext:]):
-        (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
-        (+[JSValue valueWithNewErrorFromMessage:inContext:]):
-        (+[JSValue valueWithNullInContext:]):
-        (+[JSValue valueWithUndefinedInContext:]):
-        (-[JSValue toBool]):
-        (-[JSValue toDouble]):
-        (-[JSValue toNumber]):
-        (-[JSValue toString]):
-        (-[JSValue toDate]):
-        (-[JSValue toArray]):
-        (-[JSValue toDictionary]):
-        (-[JSValue valueForProperty:]):
-        (-[JSValue setValue:forProperty:]):
-        (-[JSValue deleteProperty:]):
-        (-[JSValue hasProperty:]):
-        (-[JSValue valueAtIndex:]):
-        (-[JSValue setValue:atIndex:]):
-        (-[JSValue isUndefined]):
-        (-[JSValue isNull]):
-        (-[JSValue isBoolean]):
-        (-[JSValue isNumber]):
-        (-[JSValue isString]):
-        (-[JSValue isObject]):
-        (-[JSValue isEqualToObject:]):
-        (-[JSValue isEqualWithTypeCoercionToObject:]):
-        (-[JSValue isInstanceOf:]):
-        (-[JSValue callWithArguments:]):
-        (-[JSValue constructWithArguments:]):
-        (-[JSValue invokeMethod:withArguments:]):
-        (valueToObject):
-        (objectToValueWithoutCopy):
-        (objectToValue):
-        (-[JSValue initWithValue:inContext:]):
-        (-[JSValue dealloc]):
-        (-[JSValue description]):
-        * API/JSWrapperMap.mm:
-        (createObjectWithCustomBrand):
-        (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
-        (-[JSObjCClassInfo wrapperForObject:]):
-        (-[JSWrapperMap jsWrapperForObject:]):
-        * API/ObjCCallbackFunction.mm:
-        (ObjCCallbackFunction::call):
-        (objCCallbackFunctionForInvocation):
-
-2013-03-04  Andreas Kling  <akling@apple.com>
-
-        Add simple vector traits for JSC::Identifier.
-        <http://webkit.org/b/111323>
-
-        Reviewed by Geoffrey Garen.
-
-        Identifiers are really just Strings, giving them simple vector traits makes
-        Vector move them with memcpy() instead of churning the refcounts.
-
-        * runtime/Identifier.h:
-        (WTF):
-
-2013-03-04  Kunihiko Sakamoto  <ksakamoto@chromium.org>
-
-        Add build flag for FontLoader
-        https://bugs.webkit.org/show_bug.cgi?id=111289
-
-        Reviewed by Benjamin Poulain.
-
-        Add ENABLE_FONT_LOAD_EVENTS build flag (disabled by default).
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-03  Andreas Kling  <akling@apple.com>
-
-        Shrink JSC::HashTable entries.
-        <http://webkit.org/b/111275>
-        <rdar://problem/13333511>
-
-        Reviewed by Anders Carlsson.
-
-        Move the Intrinsic value out of the function-specific part of the union,
-        and store it next to m_attributes. Reduces the size of HashEntry by 8 bytes.
-
-        990 kB progression on Membuster3. (PTUS: 797 kB)
-
-        * runtime/Lookup.h:
-        (JSC::HashEntry::initialize):
-        (JSC::HashEntry::intrinsic):
-        (HashEntry):
-
-2013-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX: testapi should link to Foundation, not CoreFoundation
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Change testapi to
-        link to Foundation.framework instead of CoreFoundation.framework
-        since it uses NS types.
-
-2013-03-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Passing JS functions to Objective-C callbacks causes JSValue to leak
-        https://bugs.webkit.org/show_bug.cgi?id=107836
-
-        Reviewed by Oliver Hunt.
-
-        We've decided to remove support for this feature from the API because there's no way to automatically manage 
-        the memory for clients in a satisfactory manner. Clients can still pass JS functions to Objective-C methods, 
-        but the methods must accept plain JSValues instead of Objective-C blocks.
-
-        We now ignore functions that are part of a protocol that inherits from JSExport that accept blocks as arguments.
-
-        * API/JSBlockAdaptor.h: Removed.
-        * API/JSBlockAdaptor.mm: Removed.
-        * API/ObjCCallbackFunction.mm:
-        (ArgumentTypeDelegate::typeBlock): Return nil to signal that we want to ignore this function when copying it
-        to the object from the protocol.
-        * API/tests/testapi.mm: Added a test to make sure that we ignore methods declared as part of a JSExport-ed protocol
-        that have block arguments.
-        (-[TestObject bogusCallback:]):
-        * JavaScriptCore.gypi: Updated build files.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-03-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG Branch(LogicalNot) peephole should not try to optimize and work-around the case where LogicalNot may be otherwise live
-        https://bugs.webkit.org/show_bug.cgi?id=111209
-
-        Reviewed by Oliver Hunt.
-        
-        Even if it is then everything will work just fine. It's not necessary to check the ref count here.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2013-03-01  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE phase shouldn't rely on ref count of nodes, since it doesn't have to
-        https://bugs.webkit.org/show_bug.cgi?id=111205
-
-        Reviewed by Oliver Hunt.
-        
-        I don't understand the intuition behind setLocalStoreElimination() validating that the SetLocal's ref count
-        is 1. I believe this is a hold-over from when setLocalStoreElimination() would match one SetLocal to another,
-        and then try to eliminate the first SetLocal. But that's not how it works now. Now, setLocalStoreElimination()
-        is actually Flush elimination: it eliminates any Flush that anchors a SetLocal if it proves that every path
-        from the SetLocal to the Flush is devoid of operations that may observe the local. It doesn't actually kill
-        the SetLocal itself: if the SetLocal is live because of other things (other Flushes or GetLocals in other
-        basic blocks), then the SetLocal will naturally still be alive because th Flush was only keeping the SetLocal
-        alive by one count rather than being solely responsible for its liveness.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-
-2013-03-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Rename MovHint to MovHintEvent so I can create a NodeType called MovHint
-
-        Rubber stamped by Mark Hahnenberg.
-        
-        This is similar to the SetLocal/SetLocalEvent naming scheme, where SetLocal is the
-        NodeType and SetLocalEvent is the VariableEventKind.
-
-        * dfg/DFGVariableEvent.cpp:
-        (JSC::DFG::VariableEvent::dump):
-        * dfg/DFGVariableEvent.h:
-        (JSC::DFG::VariableEvent::movHint):
-        (JSC::DFG::VariableEvent::id):
-        (JSC::DFG::VariableEvent::operand):
-        (VariableEvent):
-        * dfg/DFGVariableEventStream.cpp:
-        (JSC::DFG::VariableEventStream::reconstruct):
-
-2013-03-01  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>
-
-        [JSC] Fix sign comparison warning/error after r144340.
-        https://bugs.webkit.org/show_bug.cgi?id=111164
-
-        Reviewed by Mark Hahnenberg.
-
-        gcc (both 4.2.1 and 4.7.2) complain about comparing signed and
-        unsigned terms (clang accepts it just fine).
-
-        Work around that by casting the 1 to an uintptr_t as well.
-
-        * dfg/DFGEdge.h:
-        (JSC::DFG::Edge::makeWord):
-
-2013-02-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA should not do liveness pruning
-        https://bugs.webkit.org/show_bug.cgi?id=111119
-
-        Reviewed by Mark Hahnenberg.
-        
-        It adds complexity and probably buys nothing.  Moreover, I'm transitioning to having
-        liveness only available at the bitter end of compilation, so this will stop working
-        after https://bugs.webkit.org/show_bug.cgi?id=109389 anyway.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-
-2013-02-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Don't try to emit profiling if you don't have the DFG JIT.
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * jit/JIT.h:
-        (JSC::JIT::shouldEmitProfiling):
-
-2013-02-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG Phantom node should be honest about the fact that it can exit
-        https://bugs.webkit.org/show_bug.cgi?id=111115
-
-        Reviewed by Mark Hahnenberg.
-        
-        The chances of this having cause serious issues are low, since most clients of the
-        NodeDoesNotExit flag run after CFA and CFA updates this properly. But one possible
-        case of badness is if the ByteCodeParser inserted a Phantom with a type check in
-        between a LogicalNot and a Branch; then that peephole optimization in Fixup might
-        go slightly wrong.
-
-        * dfg/DFGNodeType.h:
-        (DFG):
-
-2013-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Add casts in DFGGPRInfo.h to suppress warnings
-        https://bugs.webkit.org/show_bug.cgi?id=111104
-
-        Reviewed by Filip Pizlo.
-
-        With certain flags on, we get compiler warnings on ARM. We should do the proper casts to make these warnings go away.
-
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-
-2013-02-28  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be easy to determine if a DFG node exits forward or backward when doing type checks
-        https://bugs.webkit.org/show_bug.cgi?id=111102
-
-        Reviewed by Mark Hahnenberg.
-        
-        This adds a NodeExitsForward flag, which tells you the exit directionality of
-        type checks performed by the node. Even if you convert the node to a Phantom
-        and use the Edge UseKind for type checks, you'll still get the same exit
-        directionality that the original node would have wanted.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGArrayifySlowPathGenerator.h:
-        (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGCPSRethreadingPhase.cpp:
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::checkArray):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::setOpAndDefaultNonExitFlags):
-        (JSC::DFG::Node::convertToPhantom):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::backwardSpeculationCheck):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::backwardTypeCheck):
-        (JSC::DFG::SpeculativeJIT::typeCheck):
-        (JSC::DFG::SpeculativeJIT::forwardTypeCheck):
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateIntegerOperand::gpr):
-        (SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::fpr):
-        (SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateCellOperand::gpr):
-        (SpeculateCellOperand):
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        (JSC::DFG::SpeculateBooleanOperand::gpr):
-        (SpeculateBooleanOperand):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-28  Filip Pizlo  <fpizlo@apple.com>
-
-        CodeBlock::valueProfile() has a bogus assertion
-        https://bugs.webkit.org/show_bug.cgi?id=111106
-        <rdar://problem/13131427>
-
-        Reviewed by Mark Hahnenberg.
-        
-        This was just a bad assertion: m_bytecodeOffset == -1 means that the value profile is constructed but not initialized.
-        ValueProfile constructs itself in a safe way; you can call any method you want on a constructed but not initialized
-        ValueProfile. CodeBlock first constructs all ValueProfiles (by growing the ValueProfile vector) and then initializes
-        their m_bytecodeOffset later. This is necessary because the initialization is linking bytecode instructions to their
-        ValueProfiles, so at that point we don't want the ValueProfile vector to resize, which implies that we want all of
-        them to already be constructed. A GC can happen during this phase, and the GC may want to walk all ValueProfiles.
-        This is safe, but one of the ValueProfile getters (CodeBlock::valueProfile()) was asserting that any value profile
-        you get has had its m_bytecodeOffset initialized. This need not be the case and nothing will go wrong if it isn't.
-
-        The solution is to remove the assertion, which I believe was put there to ensure that my m_valueProfiles refactoring
-        a long time ago was sound: it used to be that a ValueProfile with m_bytecodeOffset == -1 was an argument profile; now
-        all argument profiles are in m_argumentValueProfiles instead. I think it's safe to say that this refactoring was done
-        soundly since it was a long time ago. So we should kill the assertion - I don't see an easy way to make the assertion
-        sound with respect to the GC-during-CodeBlock-construction issue, and I don't believe that the assertion is buying us
-        anything at this point.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::valueProfile):
-
-2013-02-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA should leave behind information in Edge that says if the Edge's type check is proven to succeed
-        https://bugs.webkit.org/show_bug.cgi?id=110840
-
-        Reviewed by Mark Hahnenberg.
-        
-        This doesn't add any observable functionality to the compiler, yet. But it does give
-        every phase that runs after CFA the ability to know, in O(1) time, whether an edge
-        will need to execute a type check.
-
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::filterEdgeByUse):
-        (JSC::DFG::AbstractState::filterByType):
-        * dfg/DFGCommon.cpp:
-        (WTF):
-        (WTF::printInternal):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::isProved):
-        (DFG):
-        (JSC::DFG::proofStatusForIsProved):
-        (WTF):
-        * dfg/DFGEdge.cpp:
-        (JSC::DFG::Edge::dump):
-        * dfg/DFGEdge.h:
-        (JSC::DFG::Edge::Edge):
-        (JSC::DFG::Edge::setNode):
-        (JSC::DFG::Edge::useKindUnchecked):
-        (JSC::DFG::Edge::setUseKind):
-        (Edge):
-        (JSC::DFG::Edge::proofStatusUnchecked):
-        (JSC::DFG::Edge::proofStatus):
-        (JSC::DFG::Edge::setProofStatus):
-        (JSC::DFG::Edge::isProved):
-        (JSC::DFG::Edge::needsCheck):
-        (JSC::DFG::Edge::shift):
-        (JSC::DFG::Edge::makeWord):
-
-2013-02-28  Simon Hausmann  <simon.hausmann@digia.com>
-
-        [Qt][Mac] Fix massive parallel builds
-
-        Reviewed by Tor Arne Vestbø.
-
-        There exists a race condition that LLIntDesiredOffsets.h is written to
-        by two parllel instances of the ruby script. This patch ensures that similar to the output file,
-        the generated file is also prefixed according to the build configuration.
-
-        * LLIntOffsetsExtractor.pro:
-
-2013-02-27  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r144168.
-        http://trac.webkit.org/changeset/144168
-        https://bugs.webkit.org/show_bug.cgi?id=111019
-
-        It broke the build and tronical is unavailable (Requested by
-        Ossy_night on #webkit).
-
-        * LLIntOffsetsExtractor.pro:
-
-2013-02-26  Filip Pizlo  <fpizlo@apple.com>
-
-        Disable some unsound DFG DCE
-        https://bugs.webkit.org/show_bug.cgi?id=110948
-
-        Reviewed by Michael Saboff.
-        
-        DCE of bitops is not sound since the bitops might call some variant of valueOf.
-        
-        This used to work right because ValueToInt32 was MustGenerate. From the DFG IR
-        standpoint it feels weird to make ValueToInt32 be MustGenerate since that node is
-        implemented entirely as a pure conversion. If we ever gave the DFG the ability to
-        do effectful bitops, we would most likely implement them as special nodes not
-        related to the ValueToInt32 and bitop nodes we have now.
-        
-        This change is performance neutral.
-
-        * dfg/DFGNodeType.h:
-        (DFG):
-
-2013-02-27  Glenn Adams  <glenn@skynav.com>
-
-        Add ENABLE_CSS3_TEXT_LINE_BREAK flag.
-        https://bugs.webkit.org/show_bug.cgi?id=110944
-
-        Reviewed by Dean Jackson.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-27  Julien Brianceau   <jbrianceau@nds.com>
-
-        Fix build when DFG_JIT is not enabled
-        https://bugs.webkit.org/show_bug.cgi?id=110991
-
-        Reviewed by Csaba Osztrogonác.
-
-        * jit/JIT.h:
-        (JSC::JIT::canBeOptimizedOrInlined):
-
-2013-02-27  Simon Hausmann  <simon.hausmann@digia.com>
-
-        [Qt][Mac] Fix massive parallel builds
-
-        Reviewed by Tor Arne Vestbø.
-
-        There exists a race condition that LLIntDesiredOffsets.h is written to
-        by two parllel instances of the ruby script. This patch ensures that similar to the output file,
-        the generated file is also prefixed according to the build configuration.
-
-        * LLIntOffsetsExtractor.pro:
-
-2013-02-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG OSR exit doesn't know which virtual register to use for the last result register for post_inc and post_dec
-        https://bugs.webkit.org/show_bug.cgi?id=109036
-        <rdar://problem/13292139>
-
-        Reviewed by Gavin Barraclough.
-        
-        This was a two-fold problem:
-        
-        1) post_inc/dec has two results - the new value of the variable, and the old value of the variable. DFG OSR exit
-           assumed that the "last result" used for the Baseline JIT's register allocation would be the new value. It was
-           wrong in this assumption.
-        
-        2) The Baseline JIT knew to disable its last result optimization in cases where it might confuse the DFG. But it
-           was doing this only for code blocks that could be totally optimized, but not code blocks that could only be
-           optimized when inlined.
-        
-        This patch introduces a more rigorous notion of when the Baseline JIT emits profiling, when it does extra work
-        to account for the possibility of OSR exit, and when it does extra work to account for the possibility of OSR
-        entry. These notions are called shouldEmitProfiling(), canBeOptimizedOrInlined(), and canBeOptimized(),
-        respectively.
-        
-        This is performance-neutral and fixes the reported bug. It probably fixes other bugs as well, since previously
-        we for example weren't doing the more conservative implementation of op_mov in the Baseline JIT for code blocks
-        that could be inlined but not optimized. So, if such a code block OSR exited at just the right point, you'd get
-        symptoms similar to this bug.
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGCommon.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::JIT::compilePatchGetArrayLength):
-        (JSC::JIT::canBeOptimizedOrInlined):
-        (JIT):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emit_op_post_inc):
-        (JSC::JIT::emit_op_post_dec):
-        * jit/JITCall.cpp:
-        (JSC::JIT::emit_op_call_put_result):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlines.h:
-        (JSC::JIT::emitArrayProfilingSite):
-        (JSC::JIT::map):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_mov):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2013-02-26  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. AppleWin VS2010 build fix.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-02-25  Filip Pizlo  <fpizlo@apple.com>
-
-        The DFG backend's and OSR's decision to unbox a variable should be based on whether it's used in a typed context
-        https://bugs.webkit.org/show_bug.cgi?id=110433
-
-        Reviewed by Oliver Hunt and Mark Hahnenberg.
-        
-        This introduces the equivalent of a liveness analysis, except for type checking.
-        A variable is said to be "profitable for unboxing" (i.e. live at a type check)
-        if there exists a type check on a GetLocal of that variable, and the type check
-        is consistent with the variable's prediction. Variables that are not profitable
-        for unboxing aren't unboxed. Previously they would have been.
-        
-        This is a slight speed-up on some things but mostly neutral.
-
-        * dfg/DFGArgumentPosition.h:
-        (JSC::DFG::ArgumentPosition::ArgumentPosition):
-        (JSC::DFG::ArgumentPosition::mergeShouldNeverUnbox):
-        (JSC::DFG::ArgumentPosition::mergeArgumentPredictionAwareness):
-        (JSC::DFG::ArgumentPosition::mergeArgumentUnboxingAwareness):
-        (ArgumentPosition):
-        (JSC::DFG::ArgumentPosition::isProfitableToUnbox):
-        (JSC::DFG::ArgumentPosition::shouldUseDoubleFormat):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::checkAndSet):
-        (DFG):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::run):
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::alwaysUnboxSimplePrimitives):
-        (JSC::DFG::FixupPhase::setUseKindAndUnboxIfProfitable):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeIsCaptured):
-        (JSC::DFG::VariableAccessData::mergeIsProfitableToUnbox):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::isProfitableToUnbox):
-        (JSC::DFG::VariableAccessData::shouldUnboxIfPossible):
-        (JSC::DFG::VariableAccessData::mergeStructureCheckHoistingFailed):
-        (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias):
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
-        (JSC::DFG::VariableAccessData::mergeFlags):
-
-2013-02-26  Oliver Hunt  <oliver@apple.com>
-
-        Fix windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-02-26  Oliver Hunt  <oliver@apple.com>
-
-        Web Inspector: REGRESSION: [JSC] SourceProvider reuses IDs
-        https://bugs.webkit.org/show_bug.cgi?id=99674
-
-        Reviewed by Gavin Barraclough.
-
-        Simple incrementing counter for SourceProvider IDs.  Uses a
-        lock to incrementing the counter so we don't increment reuse
-        counter values or reassign the ID for a given SourceProvider.
-
-        * parser/SourceProvider.cpp:
-        (JSC::SourceProvider::SourceProvider):
-        (JSC):
-        (JSC::SourceProvider::getID):
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::asID):
-        (SourceProvider):
-
-2013-02-26  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r144074.
-        http://trac.webkit.org/changeset/144074
-        https://bugs.webkit.org/show_bug.cgi?id=110897
-
-        Causing 20+ crashes on Mac (Requested by bradee-oh on
-        #webkit).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC):
-        (JSC::PropertyTable::~PropertyTable):
-        (JSC::PropertyTable::copy):
-        * runtime/PropertyTable.cpp: Removed.
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::createPropertyMap):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC):
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::checkOffsetConsistency):
-        (Structure):
-        * runtime/StructureInlines.h:
-
-2013-02-26  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. AppleWin VS2010 build fix.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
-
-2013-02-26  Jer Noble  <jer.noble@apple.com>
-
-        Unreviewed build fix; use correct macro for platform name in FeatureDefines.xcconfig.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-26  Michael Saboff  <msaboff@apple.com>
-
-        Potential crash in YARR JIT generated code when building 64 bit
-        https://bugs.webkit.org/show_bug.cgi?id=110893
-
-        Reviewed by Gavin Barraclough.
-
-        The ABI doesn't define the behavior for the upper bits of a value that takes less than 64 bits.
-        Therefore, we zero extend both the count and length registers to assure that these unsigned values
-        don't have garbage upper bits.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generateEnter):
-
-2013-02-26  Andreas Kling  <akling@apple.com>
-
-        Unused Structure property tables waste 14MB on Membuster.
-        <http://webkit.org/b/110854>
-        <rdar://problem/13292104>
-
-        Reviewed by Filip Pizlo.
-
-        Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
-        14 MB progression on Membuster3.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-
-            Added PropertyTable.cpp.
-
-        * runtime/PropertyTable.cpp: Added.
-        (JSC::PropertyTable::create):
-        (JSC::PropertyTable::clone):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::destroy):
-        (JSC::PropertyTable::~PropertyTable):
-        (JSC::PropertyTable::visitChildren):
-
-            Moved marking of property table values here from Structure::visitChildren().
-
-        * runtime/StructureInlines.h:
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::checkOffsetConsistency):
-
-            Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildren):
-
-            Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
-
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::createPropertyMap):
-        * runtime/Structure.h:
-        (Structure):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::createStructure):
-        (JSC::PropertyTable::copy):
-
-2013-02-26  Andreas Kling  <akling@apple.com>
-
-        Unreviewed, rolling out r144054.
-        http://trac.webkit.org/changeset/144054
-        https://bugs.webkit.org/show_bug.cgi?id=110854
-
-        broke builds
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC):
-        (JSC::PropertyTable::~PropertyTable):
-        (JSC::PropertyTable::copy):
-        * runtime/PropertyTable.cpp: Removed.
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::createPropertyMap):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC):
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::checkOffsetConsistency):
-        (Structure):
-        * runtime/StructureInlines.h:
-
-2013-02-26  Andreas Kling  <akling@apple.com>
-
-        Unused Structure property tables waste 14MB on Membuster.
-        <http://webkit.org/b/110854>
-        <rdar://problem/13292104>
-
-        Reviewed by Filip Pizlo.
-
-        Turn PropertyTable into a GC object and have Structure drop unpinned tables when marking.
-        14 MB progression on Membuster3.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-
-            Added PropertyTable.cpp.
-
-        * runtime/PropertyTable.cpp: Added.
-        (JSC::PropertyTable::create):
-        (JSC::PropertyTable::clone):
-        (JSC::PropertyTable::PropertyTable):
-        (JSC::PropertyTable::destroy):
-        (JSC::PropertyTable::~PropertyTable):
-        (JSC::PropertyTable::visitChildren):
-
-            Moved marking of property table values here from Structure::visitChildren().
-
-        * runtime/StructureInlines.h:
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::checkOffsetConsistency):
-
-            Moved these to StructureInlines.h to break header dependency cycle between Structure/PropertyTable.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::visitChildren):
-
-            Null out m_propertyTable if the table is unpinned. This'll cause the table to get GC'd.
-
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::copyPropertyTableForPinning):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::createPropertyMap):
-        * runtime/Structure.h:
-        (Structure):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::createStructure):
-        (JSC::PropertyTable::copy):
-
-2013-02-26  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
-
-        Implement JIT on Windows 64 bits
-        https://bugs.webkit.org/show_bug.cgi?id=107965
-
-        Reviewed by Simon Hausmann.
-
-        1. MSVC doesn't support inline assembly for 64 bits, implements the trampoline in a separate ASM file.
-
-        2. Windows 64 bits has a different calling convention than other OSes following the AMD64 ABI.
-        Differences that we have to handle here:
-        - Registers passed parameters are RCX, RDX, R8 and R9 instead of RDI, RSI, RDX, RCX, R8 and R9
-        - RDI and RSI must be preserved by callee
-        - Only return values <= 8 bytes can be returned by register (RDX can't be used to return a second word)
-        - There is no red-zone after RIP on the stack, but instead 4 reserved words before it
-
-        * Target.pri:
-        * jit/JITStubs.cpp:
-        * jit/JITStubs.h:
-        (JSC):
-        (JITStackFrame):
-        (JSC::JITStackFrame::returnAddressSlot):
-        * jit/JITStubsMSVC64.asm: Added.
-        * jit/JSInterfaceJIT.h:
-        (JSInterfaceJIT):
-        * jit/ThunkGenerators.cpp:
-        (JSC::nativeForGenerator):
-        * yarr/YarrJIT.cpp:
-        (YarrGenerator):
-        (JSC::Yarr::YarrGenerator::generateEnter):
-        (JSC::Yarr::YarrGenerator::generateReturn):
-
-2013-02-26  Oliver Hunt  <oliver@apple.com>
-
-        Kill another analyzer warning in javascriptcore
-        https://bugs.webkit.org/show_bug.cgi?id=110802
-
-        Reviewed by Benjamin Poulain.
-
-        Add null checks.
-        
-        * profiler/LegacyProfiler.cpp:
-        (JSC::LegacyProfiler::startProfiling):
-        (JSC::LegacyProfiler::stopProfiling):
-
-2013-02-26  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r144004.
-        http://trac.webkit.org/changeset/144004
-        https://bugs.webkit.org/show_bug.cgi?id=110858
-
-        This iOS change is outdated (Requested by notbenjamin on
-        #webkit).
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNode):
-        (JSC::BytecodeGenerator::emitNodeInConditionContext):
-        (BytecodeGenerator):
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        * parser/Parser.h:
-        (JSC::Parser::canRecurse):
-        (Parser):
-
-2013-02-25  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r143654): some jquery test asserts on 32 bit debug build
-        https://bugs.webkit.org/show_bug.cgi?id=110756
-
-        Reviewed by Geoffrey Garen.
-        
-        TypeOf does speculations manually, so it should mark its JSValueOperand as doing ManualOperandSpeculation.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-25  Benjamin Poulain  <bpoulain@apple.com>
-
-        [JSC] Upstream iOS Stack bound checking
-        https://bugs.webkit.org/show_bug.cgi?id=110813
-
-        Reviewed by Filip Pizlo.
-
-        On iOS, the StackBounds cannot be cached because the stack
-        can be in one of two threads (the web thread or the UI thread).
-
-        We simply always consider the current stack bound when testing
-        stack boundaries.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNode):
-        (JSC::BytecodeGenerator::emitNodeInConditionContext):
-        (BytecodeGenerator):
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        * parser/Parser.h:
-        (JSC::Parser::canRecurse):
-        (Parser):
-
-2013-02-25  Michael Saboff  <msaboff@apple.com>
-
-        For JSVALUE32_64, maxOffsetRelativeToPatchedStorage() doesn't compute the maximum negative offset
-        https://bugs.webkit.org/show_bug.cgi?id=110828
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/JSObject.h:
-        (JSC::maxOffsetRelativeToPatchedStorage): Only add the OBJECT_OFFSETOF(tag) for positive offsets.
-        That way this function will return the offset farthest from 0 needed to access either the payload
-        or tag.
-
-2013-02-25  Jeffrey Pfau  <jpfau@apple.com>
-
-        Optionally partition cache to prevent using cache for tracking
-        https://bugs.webkit.org/show_bug.cgi?id=110269
-
-        Reviewed by Maciej Stachowiak.
-
-        * Configurations/FeatureDefines.xcconfig: Add defines for cache partitioning and public suffix list usage
-
-2013-02-25  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. VS2010 solution build fix.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
-
-2013-02-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::Edge should have more bits for UseKind, and DFG::Allocator should be simpler
-        https://bugs.webkit.org/show_bug.cgi?id=110722
-
-        Reviewed by Oliver Hunt.
-        
-        This rolls out the DFG::Allocator part of http://trac.webkit.org/changeset/143654,
-        and changes Edge to have more room for UseKinds and possibly other things.
-        
-        This is performance-neutral on both 32-bit and 64-bit. It reduces the size of
-        DFG::Node on 64-bit (by virtue of getting rid of the 16-byte alignment of Node)
-        and increases it slightly on 32-bit (by 4 bytes total - 16-byte alignment led to
-        80 bytes, but the base size of Node plus the 12 bytes of new m_encodedWords in
-        Edge gets 84 bytes). But, it will mean that we don't have to increase Node by
-        another 16 bytes if we ever want to add more UseKinds or other things to Edge.
-
-        * dfg/DFGAllocator.h:
-        (DFG):
-        (Allocator):
-        (JSC::DFG::Allocator::Region::headerSize):
-        (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
-        (JSC::DFG::Allocator::Region::data):
-        (JSC::DFG::Allocator::Region::isInThisRegion):
-        (JSC::DFG::::Allocator):
-        (JSC::DFG::::~Allocator):
-        (JSC::DFG::::allocate):
-        (JSC::DFG::::free):
-        (JSC::DFG::::freeAll):
-        (JSC::DFG::::reset):
-        (JSC::DFG::::indexOf):
-        (JSC::DFG::::allocatorOf):
-        (JSC::DFG::::bumpAllocate):
-        (JSC::DFG::::freeListAllocate):
-        (JSC::DFG::::allocateSlow):
-        (JSC::DFG::::freeRegionsStartingAt):
-        (JSC::DFG::::startBumpingIn):
-        * dfg/DFGEdge.h:
-        (JSC::DFG::Edge::Edge):
-        (Edge):
-        (JSC::DFG::Edge::node):
-        (JSC::DFG::Edge::setNode):
-        (JSC::DFG::Edge::useKindUnchecked):
-        (JSC::DFG::Edge::setUseKind):
-        (JSC::DFG::Edge::operator==):
-        (JSC::DFG::Edge::operator!=):
-        (JSC::DFG::Edge::makeWord):
-        * dfg/DFGNodeAllocator.h:
-        (DFG):
-
-2013-02-22  Filip Pizlo  <fpizlo@apple.com>
-
-        The DFG special case checks for isCreatedThisArgument are fragile
-        https://bugs.webkit.org/show_bug.cgi?id=110535
-
-        Reviewed by Oliver Hunt.
-        
-        There may be many situations in which we want to force a variable to never be
-        unboxed. Capturing is one such case, and the created this argument is another.
-        Previously all code that dealt with this issue had to query both scenarios.
-        
-        Now DFG::VariableAccessData knows these things. You just have to ask
-        VariableAccessData for whether a variable should be unboxed. Anyone wishing to
-        force a variable to never be unboxed just tells VariableAccessData.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (DFG):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (CFGSimplificationPhase):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGUnificationPhase.cpp:
-        (JSC::DFG::UnificationPhase::run):
-        * dfg/DFGVariableAccessData.h:
-        (JSC::DFG::VariableAccessData::VariableAccessData):
-        (JSC::DFG::VariableAccessData::mergeIsCaptured):
-        (JSC::DFG::VariableAccessData::mergeShouldNeverUnbox):
-        (VariableAccessData):
-        (JSC::DFG::VariableAccessData::shouldNeverUnbox):
-        (JSC::DFG::VariableAccessData::shouldUnboxIfPossible):
-        (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
-        (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
-
-2013-02-25  Geoffrey Garen  <ggaren@apple.com>
-
-        Do one lookup per code cache insertion instead of two
-        https://bugs.webkit.org/show_bug.cgi?id=110674
-
-        Reviewed by Sam Weinig.
-
-        Deployed the idiomatic "add null value" trick to avoid a second hash
-        lookup when inserting an item.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCacheMap::pruneSlowCase): Factored this into a helper function
-        to improve clarity and get some code off the hot path.
-
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode): Use the add() API
-        to avoid two hash lookups. Be sure to remove items if parsing fails,
-        otherwise we'll leave nulls in the table. (I'm guessing that caching parse
-        errors is not a win.)
-
-        * runtime/CodeCache.h:
-        (JSC::SourceCodeValue::SourceCodeValue):
-        (CodeCacheMap):
-        (JSC::CodeCacheMap::add): Combined find() and set() into add().
-
-        (JSC::CodeCacheMap::remove):
-        (JSC::CodeCacheMap::age):
-        (JSC::CodeCacheMap::prune): Refactored to support above changes.
-
-2013-02-25  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        [BlackBerry][ARM] Fix cast-align warnings in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=110738
-
-        Reviewed by Rob Buis.
-
-        Use reinterpret_cast_ptr instead of reinterpret_cast for
-        pointers.
-
-        * dfg/DFGOperations.cpp:
-        * heap/CopiedBlock.h:
-        (JSC::CopiedBlock::zeroFillWilderness):
-        * heap/WeakBlock.h:
-        (JSC::WeakBlock::asWeakImpl):
-        (JSC::WeakBlock::asFreeCell):
-        (JSC::WeakBlock::weakImpls):
-        * heap/WeakImpl.h:
-        (JSC::WeakImpl::asWeakImpl):
-        * interpreter/JSStack.cpp:
-        (JSC::JSStack::disableErrorStackReserve):
-        * interpreter/JSStack.h:
-        (JSC::JSStack::reservationEnd):
-        * runtime/ArrayStorage.h:
-        (JSC::ArrayStorage::from):
-        * runtime/Butterfly.h:
-        (JSC::Butterfly::indexingPayload):
-        * runtime/IndexingHeader.h:
-        (JSC::IndexingHeader::propertyStorage):
-        * runtime/JSActivation.h:
-        (JSC::JSActivation::tearOff):
-        (JSC::JSActivation::isTornOff):
-        (JSC::JSActivation::storage):
-
-2013-02-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::SpeculativeJIT::speculateNumber() should just use SpeculateDoubleOperand instead of doing its own thing
-        https://bugs.webkit.org/show_bug.cgi?id=110659
-
-        Reviewed by Oliver Hunt and Mark Hahnenberg.
-        
-        This simplifies the code, and also has the effect that if speculateNumber() is called
-        prior to someone actually using the number in a double context, then the number will
-        already be up-converted to double and ready to go.
-
-        Previously if this ever came up, the subsequent use would have to again branch to see
-        if the value is tagged as int or tagged as double.
-
-        On the other hand, if you ever did speculateNumber() and then used the value as a
-        JSValue, this will be a slow down now.
-
-        I suspect that the former (speculateNumber() and then use as number) is more likely
-        than the latter (speculateNumber() and then use as JSValue).
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculateNumber):
-
-2013-02-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG FixupPhase should have one common hook for knowing if a node is ever being speculated a certain way
-        https://bugs.webkit.org/show_bug.cgi?id=110650
-
-        Reviewed by Mark Hahnenberg.
-        
-        Changes almost all calls to edge.setUseKind(kind) to be
-        setUseKindAndUnboxIfProfitable<kind>(edge). This will allow us to use the latter
-        as a hook for deciding which locals to unbox (webkit.org/b/110433).
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::setUseKindAndUnboxIfProfitable):
-        (JSC::DFG::FixupPhase::fixIntEdge):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
-
-2013-02-22  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r143654): some fast/js test crashes on 32 bit build
-        https://bugs.webkit.org/show_bug.cgi?id=110590
-
-        Reviewed by Mark Hahnenberg.
-        
-        In compileValueToInt32, the refactoring in r143654 undid one of the fixes from
-        r143314 due to a merge goof.
-        
-        In speculateNumber, we were simply forgetting to indicate that we need a
-        ManualOperandSpeculation on a JSValueOperand. ManualOperandSpeculation should
-        be passed whenever you will be performing the type checks yourself rather than
-        using the operand class to do it for you.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::speculateNumber):
-
-2013-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Fix the 32-bit build by using the right data type in more places.
-
-        * runtime/CodeCache.h:
-        (CodeCacheMap):
-
-2013-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Fix the 32-bit build by using the right data type.
-
-        * runtime/CodeCache.h:
-        (JSC::CodeCacheMap::find):
-
-2013-02-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Code cache size should adapt to workload
-        https://bugs.webkit.org/show_bug.cgi?id=110560
-
-        Reviewed by Antti Koivisto.
-
-        (*) 5% PLT arithmetic mean speedup
-        (*) 10% PLT geometric mean speedup
-        (*) 3.4X microbenchmark speedup
-        (*) Reduces initial cache capacity by 16X
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::CodeCache): Updated for interface change.
-
-        * runtime/CodeCache.h:
-        (JSC::SourceCodeValue::SourceCodeValue):
-        (SourceCodeValue): Turned the cache value into a struct so it can track its age.
-
-        (CodeCacheMap):
-        (JSC::CodeCacheMap::CodeCacheMap):
-        (JSC::CodeCacheMap::find):
-        (JSC::CodeCacheMap::set):
-        (JSC::CodeCacheMap::clear):
-        (JSC::CodeCacheMap::pruneIfNeeded):
-        (CodeCache): Grow and shrink in response to usage.
-
-2013-02-21  Jessie Berlin  <jberlin@apple.com>
-
-        Fix a typo that broke the 32 bit build.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-21  Michael Saboff  <msaboff@apple.com>
-
-        25-30% regression in V8 RayTrace test in 32 bit builds with JIT disabled
-        https://bugs.webkit.org/show_bug.cgi?id=110539
-
-        Reviewed by Filip Pizlo.
-
-        Change the scale used to lookup pointers in JSGlobalObject::m_specialPointers to be 4 bytes for
-        the 32 bit version of the interpreter.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2013-02-21  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Add executable property to cmd file.
-        Required for executable files to maintain their executable permissions over svn.
-
-        * JavaScriptCore.vcxproj/copy-files.cmd: Added property svn:executable.
-
-2013-02-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Object allocation profiling will refuse to create objects with more than JSFinalObject::maxInlineCapacity() inline slots, but JSFunction::allocationProfile() asserts that the number of inline slots is always what it asked for
-        https://bugs.webkit.org/show_bug.cgi?id=110519
-        <rdar://problem/13218566>
-
-        Reviewed by Geoffrey Garen.
-        
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::allocationProfile):
-
-2013-02-21  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Build fix for VS2010 WebKit solution.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-02-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not change its mind about what type speculations a node does, by encoding the checks in the NodeType, UseKind, and ArrayMode
-        https://bugs.webkit.org/show_bug.cgi?id=109371
-
-        Reviewed by Oliver Hunt.
-        
-        FixupPhase now locks in the speculations that each node will do. The DFG then
-        remembers those speculations, and doesn't change its mind about them even if the
-        graph is transformed - for example if a node's child is repointed to a different
-        node as part of CSE, CFG simplification, or folding. Each node ensures that it
-        executes the speculations promised by its edges. This is true even for Phantom
-        nodes.
-        
-        This still leaves some craziness on the table for future work, like the
-        elimination of speculating SetLocal's due to CFG simplification
-        (webkit.org/b/109388) and elimination of nodes via DCE (webkit.org/b/109389).
-        
-        In all, this allows for a huge simplification of the DFG. Instead of having to
-        execute the right speculation heuristic each time you want to decide what a node
-        does (for example Node::shouldSpeculateInteger(child1, child2) &&
-        node->canSpeculateInteger()), you just ask for the use kinds of its children
-        (typically node->binaryUseKind() == Int32Use). Because the use kinds are
-        discrete, you can often just switch over them. This makes many parts of the code
-        more clear than they were before.
-        
-        Having UseKinds describe the speculations being performed also makes it far
-        easier to perform analyses that need to know what speculations are done. This is
-        so far only used to simplify large parts of the CFA.
-        
-        To have a larger vocabulary of UseKinds, this also changes the node allocator to
-        be able to round up Node sizes to the nearest multiple of 16.
-        
-        This appears to be neutral on benchmarks, except for some goofy speed-ups, like
-        8% on Octane/box2d.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::startExecuting):
-        (DFG):
-        (JSC::DFG::AbstractState::executeEdges):
-        (JSC::DFG::AbstractState::verifyEdge):
-        (JSC::DFG::AbstractState::verifyEdges):
-        (JSC::DFG::AbstractState::executeEffects):
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        (JSC::DFG::AbstractState::filterEdgeByUse):
-        (JSC::DFG::AbstractState::filterByType):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::filter):
-        * dfg/DFGAdjacencyList.h:
-        (JSC::DFG::AdjacencyList::AdjacencyList):
-        (JSC::DFG::AdjacencyList::child):
-        (JSC::DFG::AdjacencyList::setChild):
-        (JSC::DFG::AdjacencyList::reset):
-        (JSC::DFG::AdjacencyList::firstChild):
-        (JSC::DFG::AdjacencyList::setFirstChild):
-        (JSC::DFG::AdjacencyList::numChildren):
-        (JSC::DFG::AdjacencyList::setNumChildren):
-        (AdjacencyList):
-        * dfg/DFGAllocator.h:
-        (DFG):
-        (Allocator):
-        (JSC::DFG::Allocator::cellSize):
-        (JSC::DFG::Allocator::Region::headerSize):
-        (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
-        (JSC::DFG::Allocator::Region::payloadSize):
-        (JSC::DFG::Allocator::Region::payloadBegin):
-        (JSC::DFG::Allocator::Region::payloadEnd):
-        (JSC::DFG::Allocator::Region::isInThisRegion):
-        (JSC::DFG::::Allocator):
-        (JSC::DFG::::~Allocator):
-        (JSC::DFG::::allocate):
-        (JSC::DFG::::free):
-        (JSC::DFG::::freeAll):
-        (JSC::DFG::::reset):
-        (JSC::DFG::::indexOf):
-        (JSC::DFG::::allocatorOf):
-        (JSC::DFG::::bumpAllocate):
-        (JSC::DFG::::freeListAllocate):
-        (JSC::DFG::::allocateSlow):
-        (JSC::DFG::::freeRegionsStartingAt):
-        (JSC::DFG::::startBumpingIn):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCommon.h:
-        (DFG):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGEdge.cpp:
-        (JSC::DFG::Edge::dump):
-        * dfg/DFGEdge.h:
-        (JSC::DFG::Edge::useKindUnchecked):
-        (JSC::DFG::Edge::useKind):
-        (JSC::DFG::Edge::shift):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::run):
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        (JSC::DFG::FixupPhase::fixIntEdge):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::truncateConstantToInt32):
-        (JSC::DFG::FixupPhase::truncateConstantsIfNecessary):
-        (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
-        * dfg/DFGGraph.cpp:
-        (DFG):
-        (JSC::DFG::Graph::refChildren):
-        (JSC::DFG::Graph::derefChildren):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::ref):
-        (JSC::DFG::Graph::deref):
-        (JSC::DFG::Graph::performSubstitution):
-        (JSC::DFG::Graph::isPredictedNumerical):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-        (DFG):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (JSC::DFG::Node::convertToGetByOffset):
-        (JSC::DFG::Node::convertToPutByOffset):
-        (JSC::DFG::Node::willHaveCodeGenOrOSR):
-        (JSC::DFG::Node::child1):
-        (JSC::DFG::Node::child2):
-        (JSC::DFG::Node::child3):
-        (JSC::DFG::Node::binaryUseKind):
-        (Node):
-        (JSC::DFG::Node::isBinaryUseKind):
-        * dfg/DFGNodeAllocator.h:
-        (DFG):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (JSC::DFG::SpeculativeJIT::typeCheck):
-        (JSC::DFG::SpeculativeJIT::forwardTypeCheck):
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        (JSC::DFG::SpeculativeJIT::compileArithNegate):
-        (JSC::DFG::SpeculativeJIT::compileArithMul):
-        (JSC::DFG::SpeculativeJIT::compileArithMod):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        (JSC::DFG::SpeculativeJIT::speculateInt32):
-        (JSC::DFG::SpeculativeJIT::speculateNumber):
-        (JSC::DFG::SpeculativeJIT::speculateRealNumber):
-        (JSC::DFG::SpeculativeJIT::speculateBoolean):
-        (JSC::DFG::SpeculativeJIT::speculateCell):
-        (JSC::DFG::SpeculativeJIT::speculateObject):
-        (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
-        (JSC::DFG::SpeculativeJIT::speculateString):
-        (JSC::DFG::SpeculativeJIT::speculateNotCell):
-        (JSC::DFG::SpeculativeJIT::speculateOther):
-        (JSC::DFG::SpeculativeJIT::speculate):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
-        (JSC::DFG::SpeculativeJIT::needsTypeCheck):
-        (JSC::DFG::IntegerOperand::IntegerOperand):
-        (JSC::DFG::IntegerOperand::edge):
-        (IntegerOperand):
-        (JSC::DFG::IntegerOperand::node):
-        (JSC::DFG::IntegerOperand::gpr):
-        (JSC::DFG::IntegerOperand::use):
-        (JSC::DFG::JSValueOperand::JSValueOperand):
-        (JSValueOperand):
-        (JSC::DFG::JSValueOperand::edge):
-        (JSC::DFG::JSValueOperand::node):
-        (JSC::DFG::JSValueOperand::gpr):
-        (JSC::DFG::JSValueOperand::fill):
-        (JSC::DFG::JSValueOperand::use):
-        (JSC::DFG::StorageOperand::StorageOperand):
-        (JSC::DFG::StorageOperand::edge):
-        (StorageOperand):
-        (JSC::DFG::StorageOperand::node):
-        (JSC::DFG::StorageOperand::gpr):
-        (JSC::DFG::StorageOperand::use):
-        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
-        (SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateIntegerOperand::edge):
-        (JSC::DFG::SpeculateIntegerOperand::node):
-        (JSC::DFG::SpeculateIntegerOperand::gpr):
-        (JSC::DFG::SpeculateIntegerOperand::use):
-        (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
-        (SpeculateStrictInt32Operand):
-        (JSC::DFG::SpeculateStrictInt32Operand::edge):
-        (JSC::DFG::SpeculateStrictInt32Operand::node):
-        (JSC::DFG::SpeculateStrictInt32Operand::gpr):
-        (JSC::DFG::SpeculateStrictInt32Operand::use):
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::edge):
-        (JSC::DFG::SpeculateDoubleOperand::node):
-        (JSC::DFG::SpeculateDoubleOperand::fpr):
-        (JSC::DFG::SpeculateDoubleOperand::use):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (SpeculateCellOperand):
-        (JSC::DFG::SpeculateCellOperand::edge):
-        (JSC::DFG::SpeculateCellOperand::node):
-        (JSC::DFG::SpeculateCellOperand::gpr):
-        (JSC::DFG::SpeculateCellOperand::use):
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        (JSC::DFG::SpeculateBooleanOperand::edge):
-        (SpeculateBooleanOperand):
-        (JSC::DFG::SpeculateBooleanOperand::node):
-        (JSC::DFG::SpeculateBooleanOperand::gpr):
-        (JSC::DFG::SpeculateBooleanOperand::use):
-        (DFG):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * dfg/DFGUseKind.cpp: Added.
-        (WTF):
-        (WTF::printInternal):
-        * dfg/DFGUseKind.h: Added.
-        (DFG):
-        (JSC::DFG::typeFilterFor):
-        (JSC::DFG::isNumerical):
-        (WTF):
-        * dfg/DFGValidate.cpp:
-        (JSC::DFG::Validate::reportValidationContext):
-
-2013-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Need a way to use the Objective-C JavaScript API with WebKit
-        https://bugs.webkit.org/show_bug.cgi?id=106059
-
-        Reviewed by Geoffrey Garen.
-        
-        * API/JSBase.h: Renamed enable flag for API.
-        * API/JSBlockAdaptor.h: Using new flag.
-        * API/JSBlockAdaptor.mm: Ditto.
-        * API/JSContext.h: Add convenience C API conversion function for JSGlobalContextRef.
-        * API/JSContext.mm: 
-        (-[JSContext JSGlobalContextRef]): Implementation of C API convenience function.
-        (-[JSContext initWithVirtualMachine:]): We don't use the m_apiData field any more.
-        (-[JSContext initWithGlobalContextRef:]): init method for allocating new JSContexts given a JSGlobalContextRef.
-        (-[JSContext dealloc]): No more m_apiData.
-        (-[JSContext wrapperForObjCObject:]): Renamed wrapperForObject. 
-        (-[JSContext wrapperForJSObject:]): Fetches or allocates the JSValue for the specified JSValueRef in this JSContext.
-        (+[JSContext contextWithGlobalContextRef:]): Helper function to grab the lightweight JSContext wrapper for a given
-        JSGlobalContextRef from the global wrapper cache or allocate a new one if there isn't already one.
-        * API/JSContextInternal.h: New flag, new method declaration for initWithGlobalContextRef.
-        * API/JSExport.h: New flag.
-        * API/JSValue.h: New flag and new C API convenience method.
-        * API/JSValue.mm:
-        (-[JSValue JSValueRef]): Implementation of the C API convenience method.
-        (objectToValueWithoutCopy):
-        (+[JSValue valueWithValue:inContext:]): We now ask the JSContext for an Objective-C JSValue wrapper, which it can cache
-        in its internal JSWrapperMap.
-        * API/JSValueInternal.h:
-        * API/JSVirtualMachine.h:
-        * API/JSVirtualMachine.mm: Added global cache that maps JSContextGroupRef -> JSVirtualMachine lightweight wrappers.
-        (wrapperCacheLock):
-        (initWrapperCache):
-        (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
-        (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
-        (-[JSVirtualMachine init]):
-        (-[JSVirtualMachine initWithContextGroupRef:]):
-        (-[JSVirtualMachine dealloc]):
-        (+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
-        (-[JSVirtualMachine contextForGlobalContextRef:]):
-        (-[JSVirtualMachine addContext:forGlobalContextRef:]):
-        * API/JSVirtualMachineInternal.h:
-        * API/JSWrapperMap.h:
-        * API/JSWrapperMap.mm:
-        (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We use the JSObjectSetPrototype C API call because 
-        setting the __proto__ property causes all sorts of bad things to happen behind the scenes, which can cause crashes based on 
-        when it gets called.
-        (-[JSWrapperMap initWithContext:]):
-        (-[JSWrapperMap jsWrapperForObject:]):
-        (-[JSWrapperMap objcWrapperForJSValueRef:]):
-        * API/JavaScriptCore.h:
-        * API/ObjCCallbackFunction.h:
-        * API/ObjCCallbackFunction.mm:
-        (ObjCCallbackFunction::ObjCCallbackFunction): We never actually should have retained the target in the case that we had a 
-        block as a callback. Blocks are initially allocated on the stack and are only moved to the heap if we call their copy method.
-        Retaining the block on the stack was a bad idea because if that stack frame ever went away and we called the block later, 
-        we'd crash and burn.
-        (ObjCCallbackFunction::setContext): We need a new setter for when the weak reference to a JSContext inside an ObjCCallbackFunction
-        disappears, we can allocate a new one in its place.
-        (ObjCCallbackFunction):
-        (objCCallbackFunctionCallAsFunction): Reset the callback's context if it's ever destroyed.
-        (objCCallbackFunctionForInvocation): Again, don't set the __proto__ property because it uses black magic that can cause us to crash
-        depending on when this is called.
-        (objCCallbackFunctionForBlock): Here is where we copy the block to the heap when we're first creating the callback object for it.
-        * API/tests/testapi.c:
-        (main):
-        * API/tests/testapi.mm: We're going to get rid of the automatic block conversion, since that is causing leaks. I changed it 
-        here in this test just so that it wouldn't mask any other potential leaks. Also modified some of the tests since JSContexts are 
-        just lightweight wrappers now, we're not guaranteed to get the same pointer back from the call to [JSValue context] as the one 
-        that the value was created in.
-        (-[TestObject callback:]):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): No more m_apiData.
-        * runtime/JSGlobalData.h: Ditto.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject): Ditto.
-        * runtime/JSGlobalObject.h:
-
-2013-02-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::SpeculativeJIT::compileInt32ToDouble() has an unnecessary case for constant operands
-        https://bugs.webkit.org/show_bug.cgi?id=110309
-
-        Reviewed by Sam Weinig.
-        
-        It used to be necessary, back when we didn't have constant folding. Now we have
-        constant folding. So we don't need it.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-
-2013-02-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG inlines Resolves that it doesn't know how to handle correctly
-        https://bugs.webkit.org/show_bug.cgi?id=110405
-
-        Reviewed by Geoffrey Garen.
-        
-        Don't try to be clever: if there's a failing resolve, we can't inline it, period.
-
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineResolveOperations):
-        (JSC::DFG::canInlineOpcode):
-
-2013-02-20  Roger Fong  <roger_fong@apple.com>
-
-        Get VS2010 Solution B&I ready.
-        <rdar://problem/1322988>
-
-        Rubberstamped by Timothy Horton.        
-        
-        Add Production configuration. 
-        Add a JavaScriptCore submit solution with a DebugSuffix configuration. 
-        Modify JavaScriptCore.make as necessary.
-        
-        * JavaScriptCore.vcxproj/JavaScriptCore.make: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCore.sln: Removed.
-        * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Copied from Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.sln.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props: Added.
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
-        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
-        * JavaScriptCore.vcxproj/jsc/jscProduction.props: Added.
-        * JavaScriptCore.vcxproj/jsc/jscRelease.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
-        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
-        * JavaScriptCore.vcxproj/testapi/testapiProduction.props: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
-
-2013-02-19  Jer Noble  <jer.noble@apple.com>
-
-        EME: Enable both ENCRYPTED_MEDIA and ENCRYPTED_MEDIA_V2 until clients transition to the new API.
-        https://bugs.webkit.org/show_bug.cgi?id=110284
-
-        Reviewed by Eric Carlson.
-
-        Re-enable the ENCRYPTED_MEDIA flag.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-20  Dirk Schulze  <krit@webkit.org>
-
-        Enable CANVAS_PATH flag
-        https://bugs.webkit.org/show_bug.cgi?id=108508
-
-        Reviewed by Simon Fraser.
-
-        Enable CANVAS_PATH flag on trunk.
-
-        Existing tests cover the feature.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-19  Mark Rowe  <mrowe@apple.com>
-
-        Unreviewed, uninteresting change to test a theory about bad dependency handling.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString): Remove an unnecessary else clause.
-
-2013-02-19  Oliver Hunt  <oliver@apple.com>
-
-        Silence some analyzer warnings
-        https://bugs.webkit.org/show_bug.cgi?id=110281
-
-        Reviewed by Mark Hahnenberg.
-
-        The static analyzer believes that callerCodeBlock can be null,
-        based on other code performing null tests.  This should not
-        ever be the case, but we'll add RELEASE_ASSERTs to make it
-        obvious if we're ever wrong.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-
-2013-02-19  Oliver Hunt  <oliver@apple.com>
-
-        Don't force everything to be blinded in debug builds
-        https://bugs.webkit.org/show_bug.cgi?id=110279
-
-        Reviewed by Mark Hahnenberg.
-
-        Switch to an explicit flag for indicating that we want
-        every constant to be blinded.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::shouldBlind):
-
-2013-02-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of Opcode.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * bytecode/Opcode.h:
-
-2013-02-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Moved PolymorphicAccessStructureList into its own file.
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Instruction.h:
-        (JSC):
-        * bytecode/PolymorphicAccessStructureList.h: Added.
-        (JSC):
-        (PolymorphicAccessStructureList):
-        (PolymorphicStubInfo):
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
-        (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
-        (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
-        (JSC::PolymorphicAccessStructureList::visitWeak):
-        * bytecode/StructureStubInfo.h:
-
-2013-02-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of Instruction.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * bytecode/Instruction.h:
-
-2013-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed, rolling in r143348.
-        http://trac.webkit.org/changeset/143348
-        https://bugs.webkit.org/show_bug.cgi?id=110242
-
-        The bug was that isEmptyValue() was returning true for the deleted value.
-        Fixed this and simplified things further by delegating to m_sourceCode
-        for both isNull() and isHashTableDeletedValue(), so they can't be out of
-        sync.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        * runtime/CodeCache.h:
-        (JSC::SourceCodeKey::SourceCodeKey):
-        (JSC::SourceCodeKey::isHashTableDeletedValue):
-        (JSC::SourceCodeKey::hash):
-        (JSC::SourceCodeKey::length):
-        (JSC::SourceCodeKey::isNull):
-        (JSC::SourceCodeKey::operator==):
-        (SourceCodeKey):
-
-2013-02-15  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Improve gyp build JavaScriptCore code generation
-        https://bugs.webkit.org/show_bug.cgi?id=109969
-
-        Reviewed by Dirk Pranke.
-
-        Switch away from using DerivedSources.make when building JavaScriptCore generated
-        sources. This bring a couple advantages, such as building the sources in parallel,
-        but requires us to list the generated sources more than once.
-
-        * JavaScriptCore.gyp/JavaScriptCoreGTK.gyp: Add rules for generating JavaScriptCore sources.
-        * JavaScriptCore.gyp/generate-derived-sources.sh: Added.
-        * JavaScriptCore.gyp/redirect-stdout.sh: Added.
-
-2013-02-19  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r143348.
-        http://trac.webkit.org/changeset/143348
-        https://bugs.webkit.org/show_bug.cgi?id=110242
-
-        "Caused a deleted value sentinel crash on the layout tests"
-        (Requested by ggaren on #webkit).
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        * runtime/CodeCache.h:
-        (JSC::SourceCodeKey::SourceCodeKey):
-        (JSC::SourceCodeKey::isHashTableDeletedValue):
-        (JSC::SourceCodeKey::hash):
-        (JSC::SourceCodeKey::length):
-        (JSC::SourceCodeKey::isNull):
-        (JSC::SourceCodeKey::operator==):
-        (SourceCodeKey):
-
-2013-02-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        HeapBlock::destroy should issue warning if result is unused
-        https://bugs.webkit.org/show_bug.cgi?id=110233
-
-        Reviewed by Oliver Hunt.
-
-        To enforce the fact that we need to return blocks to the BlockAllocator after calling destroy, 
-        we should add WARN_UNUSED_RETURN to HeapBlock::destroy and any other destroy functions in its subclasses.
-
-        * heap/HeapBlock.h:
-
-2013-02-19  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        WeakSet::removeAllocator leaks WeakBlocks
-        https://bugs.webkit.org/show_bug.cgi?id=110228
-
-        Reviewed by Geoffrey Garen.
-
-        We need to return the WeakBlock to the BlockAllocator after the call to WeakBlock::destroy.
-
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::removeAllocator):
-
-2013-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Save space on keys in the CodeCache
-        https://bugs.webkit.org/show_bug.cgi?id=110179
-
-        Reviewed by Oliver Hunt.
-
-        Share the SourceProvider's string instead of making our own copy. This
-        chops off 16MB - 32MB from the CodeCache's memory footprint when full.
-        (It's 16MB when the strings are LChar, and 32MB when they're UChar.)
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        * runtime/CodeCache.h: Removed a defunct enum value.
-
-        (JSC::SourceCodeKey::SourceCodeKey):
-        (JSC::SourceCodeKey::isHashTableDeletedValue):
-        (SourceCodeKey):
-        (JSC::SourceCodeKey::hash):
-        (JSC::SourceCodeKey::length):
-        (JSC::SourceCodeKey::isNull):
-        (JSC::SourceCodeKey::string):
-        (JSC::SourceCodeKey::operator==): Store a SourceCode instead of a String
-        so we can share our string with our SourceProvider. Cache our hash so
-        we don't have to re-decode our string just to re-hash the table.
-
-2013-02-19  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        revertBranchPtrWithPatch is incorrect on ARM traditional
-        https://bugs.webkit.org/show_bug.cgi?id=110201
-
-        Reviewed by Oliver Hunt.
-
-        Revert two instructions back to their original value.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::revertBranchPtrWithPatch):
-        (ARMAssembler):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM::revertJumpReplacementToBranchPtrWithPatch):
-
-2013-02-19  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(r143241): It made 27 layout tests crash on 32 bit platforms
-        https://bugs.webkit.org/show_bug.cgi?id=110184
-
-        Reviewed by Zoltan Herczeg.
-        
-        32-bit backend was making all sorts of crazy assumptions, which happened to mostly
-        not break things prior to http://trac.webkit.org/changeset/143241. This brings the
-        32-bit backend's type speculation fully into compliance with what the 64-bit
-        backend does.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-
-2013-02-18  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed build fix for Apple Windows. Second stage.
-        Add missed export statement.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-02-18  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-02-18  Darin Adler  <darin@apple.com>
-
-        Remove unneeded explicit function template arguments.
-        https://bugs.webkit.org/show_bug.cgi?id=110043
-
-        Reviewed by Ryosuke Niwa.
-
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierASCIIStringTranslator::hash): Let the compiler deduce the type
-        when calling computeHashAndMaskTop8Bits.
-        (JSC::IdentifierLCharFromUCharTranslator::hash): Ditto.
-        * runtime/Identifier.h:
-        (JSC::IdentifierCharBufferTranslator::hash): Ditto.
-2013-02-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Shrank the SourceProvider cache
-        https://bugs.webkit.org/show_bug.cgi?id=110158
-
-        Reviewed by Oliver Hunt.
-
-        CodeCache is now our primary source cache, so a long-lived SourceProvider
-        cache is a waste. I measured this as a 10MB Membuster win; with more
-        precise instrumentation, Andreas estimated it as up to 30MB.
-
-        I didn't eliminate the SourceProvider cache because it's still useful
-        in speeding up uncached parsing of scripts with large nested functions
-        (i.e., all scripts).
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collect): Discard all source provider caches after GC. This
-        is a convenient place to do so because it's reasonably soon after initial
-        parsing without being immediate.
-
-        * parser/Parser.cpp:
-        (JSC::::Parser): Updated for interface change: The heap now owns the
-        source provider cache, since most SourceProviders are not expected to
-        have one by default, and the heap is responsible for throwing them away.
-
-        (JSC::::parseInner): No need to update statistics on cache size, since
-        we're going to throw it away no matter what.
-
-        (JSC::::parseFunctionInfo): Reduced the minimum function size to 16. This
-        is a 27% win on a new parsing micro-benchmark I've added. Now that the
-        cache is temporary, we don't have to worry so much about its memory
-        footprint.
-
-        * parser/Parser.h:
-        (Parser): Updated for interface changes.
-
-        * parser/SourceProvider.cpp:
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::SourceProvider::~SourceProvider):
-        * parser/SourceProvider.h:
-        (JSC):
-        (SourceProvider): SourceProvider doesn't own its cache anymore because
-        the cache is temporary.
-
-        * parser/SourceProviderCache.cpp:
-        (JSC::SourceProviderCache::clear):
-        (JSC::SourceProviderCache::add):
-        * parser/SourceProviderCache.h:
-        (JSC::SourceProviderCache::SourceProviderCache):
-        (SourceProviderCache):
-        * parser/SourceProviderCacheItem.h:
-        (SourceProviderCacheItem): No need to update statistics on cache size,
-        since we're going to throw it away no matter what.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::addSourceProviderCache):
-        (JSC):
-        (JSC::JSGlobalData::clearSourceProviderCaches):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData): Moved the cache here so it's easier to throw away.
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG backend Branch handling has duplicate code and dead code
-        https://bugs.webkit.org/show_bug.cgi?id=110162
-
-        Reviewed by Mark Hahnenberg.
-        
-        Streamline the code, and make the 64 backend's optimizations make more sense
-        (i.e. not be dead code).
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-18  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows] Unreviewed VS2010 build correction after r143273.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add missing source
-        file SourceProvider.cpp.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Add missing exports.
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure::flattenDictionaryStructure should compute max offset in a manner that soundly handles the case where the property list becomes empty
-        https://bugs.webkit.org/show_bug.cgi?id=110155
-        <rdar://problem/13233773>
-
-        Reviewed by Mark Rowe.
-        
-        This was a rookie mistake.  It was doing:
-        
-        for (blah) {
-            m_offset = foo // foo's monotonically increase in the loop
-        }
-        
-        as a way of computing max offset for all of the properties.  Except what if the loop doesn't
-        execute because there are no properties?  Well, then, you're going to have a bogus m_offset.
-        
-        The solution is to initialize m_offset at the top of the loop.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::flattenDictionaryStructure):
-
-2013-02-18  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        MIPS DFG implementation.
-        https://bugs.webkit.org/show_bug.cgi?id=101328
-
-        Reviewed by Oliver Hunt.
-
-        DFG implementation for MIPS.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::MIPSAssembler):
-        (JSC::MIPSAssembler::sllv):
-        (JSC::MIPSAssembler::movd):
-        (MIPSAssembler):
-        (JSC::MIPSAssembler::negd):
-        (JSC::MIPSAssembler::labelForWatchpoint):
-        (JSC::MIPSAssembler::label):
-        (JSC::MIPSAssembler::vmov):
-        (JSC::MIPSAssembler::linkDirectJump):
-        (JSC::MIPSAssembler::maxJumpReplacementSize):
-        (JSC::MIPSAssembler::revertJumpToMove):
-        (JSC::MIPSAssembler::replaceWithJump):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::poke):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::add32):
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::and32):
-        (JSC::MacroAssemblerMIPS::lshift32):
-        (JSC::MacroAssemblerMIPS::mul32):
-        (JSC::MacroAssemblerMIPS::or32):
-        (JSC::MacroAssemblerMIPS::rshift32):
-        (JSC::MacroAssemblerMIPS::urshift32):
-        (JSC::MacroAssemblerMIPS::sub32):
-        (JSC::MacroAssemblerMIPS::xor32):
-        (JSC::MacroAssemblerMIPS::store32):
-        (JSC::MacroAssemblerMIPS::jump):
-        (JSC::MacroAssemblerMIPS::branchAdd32):
-        (JSC::MacroAssemblerMIPS::branchMul32):
-        (JSC::MacroAssemblerMIPS::branchSub32):
-        (JSC::MacroAssemblerMIPS::branchNeg32):
-        (JSC::MacroAssemblerMIPS::call):
-        (JSC::MacroAssemblerMIPS::loadDouble):
-        (JSC::MacroAssemblerMIPS::moveDouble):
-        (JSC::MacroAssemblerMIPS::swapDouble):
-        (JSC::MacroAssemblerMIPS::subDouble):
-        (JSC::MacroAssemblerMIPS::mulDouble):
-        (JSC::MacroAssemblerMIPS::divDouble):
-        (JSC::MacroAssemblerMIPS::negateDouble):
-        (JSC::MacroAssemblerMIPS::branchEqual):
-        (JSC::MacroAssemblerMIPS::branchNotEqual):
-        (JSC::MacroAssemblerMIPS::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerMIPS::branchTruncateDoubleToUint32):
-        (JSC::MacroAssemblerMIPS::truncateDoubleToInt32):
-        (JSC::MacroAssemblerMIPS::truncateDoubleToUint32):
-        (JSC::MacroAssemblerMIPS::branchDoubleNonZero):
-        (JSC::MacroAssemblerMIPS::branchDoubleZeroOrNaN):
-        (JSC::MacroAssemblerMIPS::invert):
-        (JSC::MacroAssemblerMIPS::replaceWithJump):
-        (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
-        * dfg/DFGAssemblyHelpers.h:
-        (AssemblyHelpers):
-        (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
-        (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArguments):
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        * dfg/DFGFPRInfo.h:
-        (DFG):
-        (FPRInfo):
-        (JSC::DFG::FPRInfo::toRegister):
-        (JSC::DFG::FPRInfo::toIndex):
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        (DFG):
-        (GPRInfo):
-        (JSC::DFG::GPRInfo::toRegister):
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * jit/JSInterfaceJIT.h:
-        (JSInterfaceJIT):
-        * runtime/JSGlobalData.h:
-        (JSC::ScratchBuffer::allocationSize):
-        (ScratchBuffer):
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::SpeculativeJIT::isKnownXYZ methods should use CFA rather than other things
-        https://bugs.webkit.org/show_bug.cgi?id=110092
-
-        Reviewed by Geoffrey Garen.
-        
-        These methods were previously using GenerationInfo and other things to try to
-        gain information that the CFA could give away for free, if you asked kindly
-        enough.
-        
-        Also fixed CallLinkStatus's dump() method since it was making an invalid
-        assertion: we most certainly can have a status where the structure is non-null
-        and the executable is null, like if we're dealing with an InternalFunction.
-        
-        Also removed calls to isKnownNotXYZ from fillSpeculateABC methods in 32_64. I
-        don't know why that was there. But it was causing asserts if the value was
-        empty - i.e. we had already exited unconditionally but we didn't know it. I
-        could have fixed this by introducing another form of isKnownNotXYZ which was
-        tolerant of empty values, but I didn't feel like fixing code that I knew to be
-        unnecessary. (More deeply, isKnownNotCell, for example, really asks: "do you
-        know that this value can never be a cell?" while some of the previous uses
-        wanted to ask: "do you know that this is a value that is not a cell?". The
-        former is "true" if the value is a contradiction [i.e. BOTTOM], while the
-        latter is "false" for contradictions, since contradictions are not values.)
-
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::dump):
-        * bytecode/CallLinkStatus.h:
-        (JSC::CallLinkStatus::CallLinkStatus):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::isKnownInteger):
-        (JSC::DFG::SpeculativeJIT::isKnownCell):
-        (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
-        (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
-        (JSC::DFG::SpeculativeJIT::isKnownNotCell):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        * dfg/DFGStructureAbstractValue.h:
-        (JSC::DFG::StructureAbstractValue::dump):
-
-2013-02-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Get rid of DFG::DoubleOperand and simplify ValueToInt32
-        https://bugs.webkit.org/show_bug.cgi?id=110072
-
-        Reviewed by Geoffrey Garen.
-        
-        ValueToInt32 had a side-effecting path, which was not OSR-friendly: an OSR after
-        the side-effect would lead to the side-effect re-executing. I got rid of that path
-        and replaced it with an optimization for the case where the input is speculated
-        number-or-other. This makes idioms like null|0 and true|0 work as expected, and
-        get optimized appropriately.
-        
-        Also got rid of DoubleOperand. Replaced all remaining uses of it with
-        SpeculateDoubleOperand. Because the latter asserts that the Edge is a DoubleUse
-        edge and the remaining uses of DoubleOperand are all for untyped uses, I worked
-        around the assertion by setting the UseKind to DoubleUse by force. This is sound,
-        since all existing assertions for DoubleUse are actually asserting that we're not
-        converting a value to double unexpectedly. But all of these calls to
-        SpeculateDoubleOperand are when the operand is already known to be represented as
-        double, so there is no conversion.
-        
-        This is neutral on benchmarks, except stanford-crypto-ccm, which speeds up a
-        little. Mostly, this is intended to delete a bunch of code. DoubleOperand was
-        equivalent to the replace-edge-with-DoubleUse trick that I'm using now, except it
-        involved a _lot_ more code.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (DFG):
-        (FPRTemporary):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (DFG):
-
-2013-02-18  Ádám Kallai  <kadam@inf.u-szeged.hu>
-
-        [Qt] Mountain Lion buildfix after r143147.
-
-        Reviewed by Csaba Osztrogonác.
-
-        * runtime/DateConstructor.cpp:
-
-2013-02-18  Zan Dobersek  <zdobersek@igalia.com>
-
-        Stop placing std::isfinite and std::signbit inside the global scope
-        https://bugs.webkit.org/show_bug.cgi?id=109817
-
-        Reviewed by Darin Adler.
-
-        Prefix calls to the isfinite and signbit methods with std:: as the two
-        methods are no longer being imported into the global scope.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::shouldBlindDouble):
-        * offlineasm/cloop.rb:
-        * runtime/BigInteger.h:
-        (JSC::BigInteger::BigInteger):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        * runtime/DatePrototype.cpp:
-        (JSC::fillStructuresUsingTimeArgs):
-        (JSC::fillStructuresUsingDateArgs):
-        (JSC::dateProtoFuncToISOString):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/JSCJSValueInlines.h:
-        (JSC::JSValue::JSValue):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncIsFinite):
-        * runtime/JSONObject.cpp:
-        (JSC::Stringifier::appendStringifiedValue):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncMax): Also include an opportunistic style fix.
-        (JSC::mathProtoFuncMin): Ditto.
-        * runtime/NumberPrototype.cpp:
-        (JSC::toStringWithRadix):
-        (JSC::numberProtoFuncToExponential):
-        (JSC::numberProtoFuncToFixed):
-        (JSC::numberProtoFuncToPrecision):
-        (JSC::numberProtoFuncToString):
-        * runtime/Uint16WithFraction.h:
-        (JSC::Uint16WithFraction::Uint16WithFraction):
-
-2013-02-18  Ádám Kallai  <kadam@inf.u-szeged.hu>
-
-        [Qt] Mountain Lion buildfix after r143147.
-
-        Reviewed by Csaba Osztrogonác.
-
-        * runtime/DateInstance.cpp:
-
-2013-02-18  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed speculative build fix for Apple Win bots.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of StructureStubInfo.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * bytecode/StructureStubInfo.h:
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of JSGlobalObject.h and JSGlobalObjectFunctions.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/JSGlobalObject.h:
-        * runtime/JSGlobalObjectFunctions.h:
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indention of Operations.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/Operations.h:
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Remove DFG::SpeculativeJIT::isKnownNumeric(), since it's not called from anywhere.
-
-        Rubber stamped by Andy Estes.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Remove DFG::SpeculativeJIT::isStrictInt32(), since it's not called from anywhere.
-
-        Rubber stampted by Andy Estes.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2013-02-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Remove dead code for ValueToNumber from the DFG.
-
-        Rubber stamped by Andy Estes.
-        
-        We killed ValueToNumber at some point, but forgot to kill all of the backend support
-        for it.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        * dfg/DFGSpeculativeJIT64.cpp:
-
-2013-02-17  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed buildfix for JSVALUE32_64 builds after r143147.
-
-        * jit/JIT.h:
-
-2013-02-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Move all Structure out-of-line inline methods to StructureInlines.h
-        https://bugs.webkit.org/show_bug.cgi?id=110024
-
-        Rubber stamped by Mark Hahnenberg and Sam Weinig.
-        
-        This was supposed to be easy.
-        
-        But, initially, there was a Structure inline method in CodeBlock.h, and moving that
-        into StructureInlines.h meant that Operations.h included CodeBlock.h. This would
-        cause WebCore build failures, because CodeBlock.h transitively included the JSC
-        parser (via many, many paths), and the JSC parser defines tokens using enumeration
-        elements that CSSGrammar.cpp (generated by bison) would #define. For example,
-        bison would give CSSGrammar.cpp a #define FUNCTION 123, and would do so before
-        including anything interesting. The JSC parser would have an enum that included
-        FUNCTION as an element. Hence the JSC parser included into CSSGrammar.cpp would have
-        a token element called FUNCTION declared in an enumeration, but FUNCTION was
-        #define'd to 123, leading to a parser error.
-        
-        Wow.
-        
-        So I removed all transitive include paths from CodeBlock.h to the JSC Parser. I
-        believe I was able to do so without out-of-lining anything interesting or performance
-        critical. This is probably a purely good thing to have done: it will be nice to be
-        able to make changes to the parser without having to compile the universe.
-        
-        Of course, doing this caused a bunch of other things to not compile, since a bunch of
-        headers relied on things being implicitly included for them when they transitively
-        included the parser. I fixed a lot of that.
-        
-        Finally, I ended up removing the method that depended on CodeBlock.h from
-        StructureInlines.h, and putting it in Structure.cpp. That might seem like all of this
-        was a waste of time, except that I suspect it was a worthwhile forcing function for
-        cleaning up a bunch of cruft.
-        
-        * API/JSCallbackFunction.cpp:
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.h:
-        (JSC):
-        * bytecode/EvalCodeCache.h:
-        * bytecode/SamplingTool.h:
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedFunctionExecutable::parameterCount):
-        (JSC):
-        * bytecode/UnlinkedCodeBlock.h:
-        (UnlinkedFunctionExecutable):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/Label.h:
-        (JSC):
-        * dfg/DFGByteCodeParser.cpp:
-        * dfg/DFGByteCodeParser.h:
-        * dfg/DFGFPRInfo.h:
-        * dfg/DFGRegisterBank.h:
-        * heap/HandleStack.cpp:
-        * jit/JITWriteBarrier.h:
-        * parser/Nodes.h:
-        (JSC):
-        * parser/Parser.h:
-        * parser/ParserError.h: Added.
-        (JSC):
-        (JSC::ParserError::ParserError):
-        (ParserError):
-        (JSC::ParserError::toErrorObject):
-        * parser/ParserModes.h:
-        * parser/SourceProvider.cpp: Added.
-        (JSC):
-        (JSC::SourceProvider::SourceProvider):
-        (JSC::SourceProvider::~SourceProvider):
-        * parser/SourceProvider.h:
-        (JSC):
-        (SourceProvider):
-        * runtime/ArrayPrototype.cpp:
-        * runtime/DatePrototype.cpp:
-        * runtime/Executable.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        (JSC):
-        * runtime/Operations.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::prototypeForLookup):
-        (JSC):
-        * runtime/Structure.h:
-        (JSC):
-        * runtime/StructureInlines.h: Added.
-        (JSC):
-        (JSC::Structure::create):
-        (JSC::Structure::createStructure):
-        (JSC::Structure::get):
-        (JSC::Structure::masqueradesAsUndefined):
-        (JSC::SlotVisitor::internalAppend):
-        (JSC::Structure::transitivelyTransitionedFrom):
-        (JSC::Structure::setEnumerationCache):
-        (JSC::Structure::enumerationCache):
-        (JSC::Structure::prototypeForLookup):
-        (JSC::Structure::prototypeChain):
-        (JSC::Structure::isValid):
-        * runtime/StructureRareData.cpp:
-
-2013-02-17  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Windows build fix.
-
-        * runtime/CodeCache.h:
-        (CodeCacheMap):
-
-2013-02-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Code cache should be explicit about what it caches
-        https://bugs.webkit.org/show_bug.cgi?id=110039
-
-        Reviewed by Oliver Hunt.
-
-        This patch makes the code cache more explicit in two ways:
-
-        (1) The cache caches top-level scripts. Any sub-functions executed as a
-        part of a script are cached with it and evicted with it.
-
-        This simplifies things by eliminating out-of-band sub-function tracking,
-        and fixes pathological cases where functions for live scripts would be
-        evicted in favor of functions for dead scripts, and/or high probability
-        functions executed early in script lifetime would be evicted in favor of
-        low probability functions executed late in script lifetime, due to LRU.
-
-        Statistical data from general browsing and PLT confirms that caching
-        functions independently of scripts is not profitable.
-
-        (2) The cache tracks script size, not script count.
-
-        This reduces the worst-case cache size by a factor of infinity.
-
-        Script size is a reasonable first-order estimate of in-memory footprint 
-        for a cached script because there are no syntactic constructs that have
-        super-linear memory footprint.
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::generateFunctionCodeBlock): Moved this function out of the cache
-        because it does not consult the cache, and is not managed by it.
-
-        (JSC::UnlinkedFunctionExecutable::visitChildren): Visit our code blocks
-        because they are strong references now, rather than weak, a la (1).
-
-        (JSC::UnlinkedFunctionExecutable::codeBlockFor): Updated for interface changes.
-
-        * bytecode/UnlinkedCodeBlock.h:
-        (UnlinkedFunctionExecutable):
-        (UnlinkedFunctionCodeBlock): Strong now, not weak, a la (1).
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::CodeCache):
-        * runtime/CodeCache.h:
-        (JSC::SourceCodeKey::length):
-        (SourceCodeKey):
-        (CodeCacheMap):
-        (JSC::CodeCacheMap::CodeCacheMap):
-        (JSC::CodeCacheMap::find):
-        (JSC::CodeCacheMap::set):
-        (JSC::CodeCacheMap::clear):
-        (CodeCache):
-        (JSC::CodeCache::clear): Removed individual function tracking, due to (1).
-        Added explicit character counting, for (2).
-
-        You might think 16000000 characters is a lot. It is. But this patch
-        didn't establish that limit -- it just took the existing limit and
-        made it more visible. I intend to reduce the size of the cache in a
-        future patch.
-
-2013-02-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Remove support for bytecode comments, since it doesn't build, and hasn't been used in a while.
-        https://bugs.webkit.org/show_bug.cgi?id=110035
-
-        Rubber stamped by Andreas Kling.
-        
-        There are other ways of achieving the same effect, like adding print statements to the bytecode generator.
-        The fact that this feature doesn't build and nobody noticed implies that it's probably not a popular
-        feature. As well, the amount of wiring that was required for it was quite big considering its relatively
-        modest utility.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        (JSC::CodeBlock::dumpBytecode):
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/Comment.h: Removed.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::emitOpcode):
-        (JSC):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::symbolTable):
-
-2013-02-16  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows] Unreviewed Visual Studio 2010 build fix after r143117
-
-        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: Reference new path to property sheets.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-        Build correction after new operator == added.
-
-2013-02-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of Structure.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/Structure.h:
-
-2013-02-16  Christophe Dumez  <ch.dumez@sisa.samsung.com>
-
-        Unreviewed build fix.
-
-        Export symbol for new CString operator== operator to fix Windows build.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-02-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure should be more methodical about the relationship between m_offset and m_propertyTable
-        https://bugs.webkit.org/show_bug.cgi?id=109978
-
-        Reviewed by Mark Hahnenberg.
-        
-        Allegedly, the previous relationship was that either m_propertyTable or m_offset
-        would be set, and if m_propertyTable was not set you could rebuild it.  In reality,
-        we would sometimes "reset" both: some transitions wouldn't set m_offset, and other
-        transitions would clear the previous structure's m_propertyTable.  So, in a
-        structure transition chain of A->B->C you could have:
-
-        A transitions to B: B doesn't copy m_offset but does copy m_propertyTable, because
-            that seemed like a good idea at the time (this was a common idiom in the code).
-        B transitions to C: C steals B's m_propertyTable, leaving B with neither a
-            m_propertyTable nor a m_offset.
-
-        Then we would ask for the size of the property storage of B and get the answer
-        "none".  That's not good.
-
-        Now, there is a new relationship, which, hopefully, should fix things: m_offset is
-        always set and always refers to the maximum offset ever used by the property table.
-        From this, you can infer both the inline and out-of-line property size, and
-        capacity.  This is accomplished by having PropertyTable::add() take a
-        PropertyOffset reference, which must be Structure::m_offset.  It will update this
-        offset.  As well, all transitions now copy m_offset.  And we frequently assert
-        (using RELEASE_ASSERT) that the m_offset matches what m_propertyTable would tell
-        you.  Hence if you ever modify the m_propertyTable, you'll also update the offset.
-        If you ever copy the property table, you'll also copy the offset.  Life should be
-        good, I think.
-
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::add):
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::attributeChangeTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::sealTransition):
-        (JSC::Structure::freezeTransition):
-        (JSC::Structure::preventExtensionsTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::checkConsistency):
-        (JSC::Structure::putSpecificValue):
-        (JSC::Structure::createPropertyMap):
-        (JSC::PropertyTable::checkConsistency):
-        * runtime/Structure.h:
-        (JSC):
-        (JSC::Structure::putWillGrowOutOfLineStorage):
-        (JSC::Structure::outOfLineCapacity):
-        (JSC::Structure::outOfLineSize):
-        (JSC::Structure::isEmpty):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-        (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
-        (Structure):
-        (JSC::Structure::checkOffsetConsistency):
-
-2013-02-15  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Spread the gyp build files throughout the tree
-        https://bugs.webkit.org/show_bug.cgi?id=109960
-
-        Reviewed by Dirk Pranke.
-
-        * JavaScriptCore.gyp/JavaScriptCoreGTK.gyp: Renamed from Source/WebKit/gtk/gyp/JavaScriptCore.gyp.
-        * JavaScriptCore.gyp/generate-derived-sources.sh: Renamed from Source/WebKit/gtk/gyp/generate-derived-sources.sh.
-
-2013-02-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG SpeculativeJIT64 should be more precise about when it's dealing with a cell (even though it probably doesn't matter)
-        https://bugs.webkit.org/show_bug.cgi?id=109625
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged the global function cache into the source code cache
-        https://bugs.webkit.org/show_bug.cgi?id=108660
-
-        Reviewed by Sam Weinig.
-
-        Responding to review comments by Darin Adler.
-
-        * runtime/CodeCache.h:
-        (JSC::SourceCodeKey::SourceCodeKey): Don't initialize m_name and m_flags
-        in the hash table deleted value because they're meaningless.
-
-2013-02-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG AbstractState should filter operands to NewArray more precisely
-        https://bugs.webkit.org/show_bug.cgi?id=109900
-
-        Reviewed by Mark Hahnenberg.
-        
-        NewArray for primitive indexing types speculates that the inputs are the appropriate
-        primitives. Now, the CFA filters the abstract state accordingly, as well.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2013-02-15  Andreas Kling  <akling@apple.com>
-
-        Yarr: Use OwnPtr to make pattern/disjunction/character-class ownership clearer.
-        <http://webkit.org/b/109218>
-
-        Reviewed by Benjamin Poulain.
-
-        - Let classes that manage lifetime of other objects hold on to them with OwnPtr instead of raw pointers.
-        - Placed some strategic Vector::shrinkToFit(), ::reserveInitialCapacity() and ::swap().
-
-        668 kB progression on Membuster3.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        (ByteCompiler):
-        * yarr/YarrInterpreter.h:
-        (JSC::Yarr::BytecodePattern::BytecodePattern):
-        (BytecodePattern):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
-        (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
-        (JSC::Yarr::YarrGenerator::opCompileBody):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::CharacterClassConstructor::charClass):
-        (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
-        (JSC::Yarr::YarrPatternConstructor::reset):
-        (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
-        (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
-        (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
-        (JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets):
-        (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
-        (JSC::Yarr::YarrPatternConstructor::optimizeBOL):
-        (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
-        (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
-        * yarr/YarrPattern.h:
-        (JSC::Yarr::PatternDisjunction::addNewAlternative):
-        (PatternDisjunction):
-        (YarrPattern):
-        (JSC::Yarr::YarrPattern::reset):
-        (JSC::Yarr::YarrPattern::newlineCharacterClass):
-        (JSC::Yarr::YarrPattern::digitsCharacterClass):
-        (JSC::Yarr::YarrPattern::spacesCharacterClass):
-        (JSC::Yarr::YarrPattern::wordcharCharacterClass):
-        (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
-        (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
-        (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
-
-2013-02-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged the global function cache into the source code cache
-        https://bugs.webkit.org/show_bug.cgi?id=108660
-
-        Reviewed by Sam Weinig.
-
-        This has a few benefits:
-
-            (*) Saves a few kB by removing a second cache data structure.
-
-            (*) Reduces the worst case memory usage of the cache by 1.75X. (Heavy
-            use of 'new Function' and other techniques could cause us to fill
-            both root caches, and they didn't trade off against each other.)
-
-            (*) Paves the way for future improvements based on a non-trivial
-            cache key (for example, shrinkable pointer to the key string, and
-            more precise cache size accounting).
-
-        Also cleaned up the cache implementation and simplified it a bit.
-
-        * heap/Handle.h:
-        (HandleBase):
-        * heap/Strong.h:
-        (Strong): Build!
-
-        * runtime/CodeCache.cpp:
-        (JSC):
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::generateFunctionCodeBlock):
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        (JSC::CodeCache::usedFunctionCode): Updated for three interface changes:
-
-            (*) SourceCodeKey is a class, not a pair.
-
-            (*) Table values are abstract pointers, since they can be executables
-            or code blocks. (In a future patch, I'd like to change this so we
-            always store only code blocks. But that's too much for one patch.)
-
-            (*) The cache function is named "set" because it always overwrites
-            unconditionally.
-
-        * runtime/CodeCache.h:
-        (CacheMap):
-        (JSC::CacheMap::find):
-        (JSC::CacheMap::set):
-        (JSC::CacheMap::clear): Added support for specifying hash traits, so we
-        can use a SourceCodeKey.
-
-        Removed side table and random number generator to save space and reduce
-        complexity. Hash tables are already random, so we don't need another source
-        of randomness.
-
-        (SourceCodeKey):
-        (JSC::SourceCodeKey::SourceCodeKey):
-        (JSC::SourceCodeKey::isHashTableDeletedValue):
-        (JSC::SourceCodeKey::hash):
-        (JSC::SourceCodeKey::isNull):
-        (JSC::SourceCodeKey::operator==):
-        (JSC::SourceCodeKeyHash::hash):
-        (JSC::SourceCodeKeyHash::equal):
-        (SourceCodeKeyHash):
-        (SourceCodeKeyHashTraits):
-        (JSC::SourceCodeKeyHashTraits::isEmptyValue): A SourceCodeKey is just a
-        fancy triplet: source code string; function name (or null, for non-functions);
-        and flags. Flags and function name distinguish between functions and programs
-        with identical code, so they can live in the same cache.
-
-        I chose to use the source code string as the primary hashing reference
-        because it's likely to be unique. We can use profiling to choose another
-        technique in future, if collisions between functions and programs prove
-        to be hot. I suspect they won't.
-
-        (JSC::CodeCache::clear):
-        (CodeCache): Removed the second cache.
-
-        * heap/Handle.h:
-        (HandleBase):
-        * heap/Strong.h:
-        (Strong):
-        * runtime/CodeCache.cpp:
-        (JSC):
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::generateFunctionCodeBlock):
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        (JSC::CodeCache::usedFunctionCode):
-        * runtime/CodeCache.h:
-        (JSC):
-        (CacheMap):
-        (JSC::CacheMap::find):
-        (JSC::CacheMap::set):
-        (JSC::CacheMap::clear):
-        (SourceCodeKey):
-        (JSC::SourceCodeKey::SourceCodeKey):
-        (JSC::SourceCodeKey::isHashTableDeletedValue):
-        (JSC::SourceCodeKey::hash):
-        (JSC::SourceCodeKey::isNull):
-        (JSC::SourceCodeKey::operator==):
-        (JSC::SourceCodeKeyHash::hash):
-        (JSC::SourceCodeKeyHash::equal):
-        (SourceCodeKeyHash):
-        (SourceCodeKeyHashTraits):
-        (JSC::SourceCodeKeyHashTraits::isEmptyValue):
-        (JSC::CodeCache::clear):
-        (CodeCache):
-
-2013-02-14  Tony Chang  <tony@chromium.org>
-
-        Unreviewed, set svn:eol-style native for .sln, .vcproj, and .vsprops files.
-        https://bugs.webkit.org/show_bug.cgi?id=96934
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added property svn:eol-style.
-        * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added property svn:eol-style.
-
-2013-02-14  Tony Chang  <tony@chromium.org>
-
-        Unreviewed, set svn:eol-style CRLF for .sln files.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
-
-2013-02-14  David Kilzer  <ddkilzer@apple.com>
-
-        [Mac] Clean up WARNING_CFLAGS
-        <http://webkit.org/b/109747>
-        <rdar://problem/13208373>
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Use
-        GCC_WARN_64_TO_32_BIT_CONVERSION to enable and disable
-        -Wshorten-64-to-32 rather than WARNING_CFLAGS.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
-
-2013-02-13  Anders Carlsson  <andersca@apple.com>
-
-        Better build fix.
-
-        * API/tests/testapi.c:
-        (assertEqualsAsNumber):
-        (main):
-
-2013-02-13  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Build fix.
-
-        * API/tests/testapi.c:
-        (assertEqualsAsNumber):
-        (main):
-
-2013-02-13  Oliver Hunt  <oliver@apple.com>
-
-        Yet another build fix
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2013-02-13  Zan Dobersek  <zdobersek@igalia.com>
-
-        The 'global isinf/isnan' compiler quirk required when using clang with libstdc++
-        https://bugs.webkit.org/show_bug.cgi?id=109325
-
-        Reviewed by Anders Carlsson.
-
-        Prefix calls to the isinf and isnan methods with std::, declaring we want to use the
-        two methods as they're provided by the C++ standard library being used.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber):
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoad):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::constantNaN):
-        * offlineasm/cloop.rb:
-        * runtime/DateConstructor.cpp:
-        (JSC::dateUTC): Also include an opportunistic style fix.
-        * runtime/DateInstance.cpp:
-        (JSC::DateInstance::calculateGregorianDateTime):
-        (JSC::DateInstance::calculateGregorianDateTimeUTC):
-        * runtime/DatePrototype.cpp:
-        (JSC::dateProtoFuncGetMilliSeconds):
-        (JSC::dateProtoFuncGetUTCMilliseconds):
-        (JSC::setNewValueFromTimeArgs):
-        (JSC::setNewValueFromDateArgs):
-        (JSC::dateProtoFuncSetYear):
-        * runtime/JSCJSValue.cpp:
-        (JSC::JSValue::toInteger):
-        * runtime/JSDateMath.cpp:
-        (JSC::getUTCOffset):
-        (JSC::parseDateFromNullTerminatedCharacters):
-        (JSC::parseDate):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncIsNaN):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-        (JSC::mathProtoFuncPow):
-        * runtime/PropertyDescriptor.cpp:
-        (JSC::sameValue):
-
-2013-02-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Change another use of (SpecCell & ~SpecString) to SpecObject.
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2013-02-13  Filip Pizlo  <fpizlo@apple.com>
-
-        ForwardInt32ToDouble is not in DFG::MinifiedNode's list of relevant node types
-        https://bugs.webkit.org/show_bug.cgi?id=109726
-
-        Reviewed by Mark Hahnenberg.
-        
-        If you add it to the list of relevant node types, you also need to make sure
-        it's listed as either hasChild or one of the other kinds. Otherwise you get
-        an assertion. This is causing test failures in run-javascriptcore-tests.
-
-        * dfg/DFGMinifiedNode.h:
-        (JSC::DFG::MinifiedNode::hasChild):
-
-2013-02-13  Oliver Hunt  <oliver@apple.com>
-
-        Build fix.
-
-        Rearranged the code somewhat to reduce the number of
-        DFG related ifdefs.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2013-02-13  Filip Pizlo  <fpizlo@apple.com>
-
-        ForwardInt32ToDouble is not in DFG::MinifiedNode's list of relevant node types
-        https://bugs.webkit.org/show_bug.cgi?id=109726
-
-        Reviewed by Gavin Barraclough.
-        
-        This is asymptomatic because ForwardInt32ToDouble is only used in SetLocals, in
-        which case the value is already stored to the stack.  Still, we should fix this.
-
-        * dfg/DFGMinifiedNode.h:
-        (JSC::DFG::belongsInMinifiedGraph):
-
-2013-02-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG LogicalNot/Branch peephole removal and inversion ignores the possibility of things exiting
-        https://bugs.webkit.org/show_bug.cgi?id=109489
-
-        Reviewed by Mark Hahnenberg.
-        
-        If things can exit between the LogicalNot and the Branch then don't peephole.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2013-02-13  Oliver Hunt  <oliver@apple.com>
-
-        Remove unnecessary indirection to non-local variable access operations
-        https://bugs.webkit.org/show_bug.cgi?id=109724
-
-        Reviewed by Filip Pizlo.
-
-        Linked bytecode now stores a direct pointer to the resolve operation
-        vectors, so the interpreter no longer needs a bunch of indirection to
-        to perform non-local lookup.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/Instruction.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGGraph.h:
-        (ResolveGlobalData):
-        (ResolveOperationData):
-        (PutToBaseOperationData):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emitSlow_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emitSlow_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emitSlow_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_put_to_base):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-
-2013-02-13  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        replaceWithJump should not decrease the offset by 1 on ARM traditional.
-        https://bugs.webkit.org/show_bug.cgi?id=109689
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::replaceWithJump):
-
-2013-02-12  Joseph Pecoraro  <pecoraro@apple.com>
-
-        [iOS] Enable PAGE_VISIBILITY_API
-        https://bugs.webkit.org/show_bug.cgi?id=109399
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Renamed SpecObjectMask to SpecObject.
-
-        Rubber stamped by Mark Hahnenberg.
-        
-        "SpecObjectMask" is a weird name considering that a bunch of the other speculated
-        types are also masks, but don't have "Mask" in the name.
-
-        * bytecode/SpeculatedType.h:
-        (JSC):
-        (JSC::isObjectSpeculation):
-        (JSC::isObjectOrOtherSpeculation):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-
-2013-02-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CFA doesn't filter precisely enough for CompareStrictEq
-        https://bugs.webkit.org/show_bug.cgi?id=109618
-
-        Reviewed by Mark Hahnenberg.
-        
-        The backend speculates object for this case, but the CFA was filtering on
-        (SpecCell & ~SpecString) | SpecOther.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2013-02-12  Martin Robinson  <mrobinson@igalia.com>
-
-        Fix the gyp build of JavaScriptCore.
-
-        * JavaScriptCore.gypi: Added some missing DFG files to the source list.
-
-2013-02-12  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r142387.
-        http://trac.webkit.org/changeset/142387
-        https://bugs.webkit.org/show_bug.cgi?id=109601
-
-        caused all layout and jscore tests on windows to fail
-        (Requested by kling on #webkit).
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
-        * bytecode/UnlinkedCodeBlock.h:
-        (UnlinkedCodeBlock):
-
-2013-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CompareEq optimization should be retuned
-        https://bugs.webkit.org/show_bug.cgi?id=109545
-
-        Reviewed by Mark Hahnenberg.
-        
-        - Made the object-to-object equality case work again by hoisting the if statement
-          for it. Previously, object-to-object equality would be compiled as
-          object-to-object-or-other.
-        
-        - Added AbstractState guards for most of the type checks that the object equality
-          code uses.
-        
-        Looks like a hint of a speed-up on all of the things.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compare):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-
-2013-02-12  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        JSC asserting with long parameter list functions in debug mode on ARM traditional
-        https://bugs.webkit.org/show_bug.cgi?id=109565
-
-        Reviewed by Zoltan Herczeg.
-
-        Increase the value of sequenceGetByIdSlowCaseInstructionSpace to 80.
-
-        * jit/JIT.h:
-
-2013-02-11  Oliver Hunt  <oliver@apple.com>
-
-        Make JSC API more NULL tolerant
-        https://bugs.webkit.org/show_bug.cgi?id=109515
-
-        Reviewed by Mark Hahnenberg.
-
-        We do so much marshalling for the C API these days anyway that a single null
-        check isn't a performance issue.  Yet the existing "null is unsafe" behaviour
-        leads to crashes in embedding applications whenever there's an untested code
-        path, so it seems having defined behaviour is superior.
-
-        * API/APICast.h:
-        (toJS):
-        (toJSForGC):
-        * API/JSObjectRef.cpp:
-        (JSObjectIsFunction):
-        (JSObjectCallAsFunction):
-        (JSObjectIsConstructor):
-        (JSObjectCallAsConstructor):
-        * API/tests/testapi.c:
-        (main):
-
-2013-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, adding a FIXME to remind ourselves of a bug.
-        https://bugs.webkit.org/show_bug.cgi?id=109487
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-
-2013-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Strange bug in DFG OSR in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=109491
-
-        Reviewed by Mark Hahnenberg.
-        
-        Int32ToDouble was being injected after a side-effecting operation and before a SetLocal. Anytime we
-        inject something just before a SetLocal we should be aware that the previous operation may have been
-        a side-effect associated with the current code origin. Hence, we should use a forward exit.
-        Int32ToDouble does not do forward exits by default.
-        
-        This patch adds a forward-exiting form of Int32ToDouble, for use in SetLocal Int32ToDouble injections.
-        Changed the CSE and other things to treat these nodes identically, but for the exit strategy to be
-        distinct (Int32ToDouble -> backward, ForwardInt32ToDouble -> forward). The use of the NodeType for
-        signaling exit direction is not "great" but it's what we use in other places already (like
-        ForwardCheckStructure).
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::int32ToDoubleCSE):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCommon.h:
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::willHaveCodeGenOrOSR):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-        * dfg/DFGSpeculativeJIT.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVariableEventStream.cpp:
-        (JSC::DFG::VariableEventStream::reconstruct):
-
-2013-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        NonStringCell and Object are practically the same thing for the purpose of speculation
-        https://bugs.webkit.org/show_bug.cgi?id=109492
-
-        Reviewed by Mark Hahnenberg.
-        
-        Removed isNonStringCellSpeculation, and made all callers use isObjectSpeculation.
-        
-        Changed isNonStringCellOrOtherSpeculation to be isObjectOrOtherSpeculation.
-        
-        I believe this is correct because even weird object types like JSNotAnObject end up
-        being "objects" from the standpoint of our typesystem. Anyway, the assumption that
-        "is cell but not a string" equates to "object" is an assumption that is already made
-        in other places in the system so there's little value in being paranoid about it.
-
-        * bytecode/SpeculatedType.h:
-        (JSC::isObjectSpeculation):
-        (JSC::isObjectOrOtherSpeculation):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::shouldSpeculateObjectOrOther):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
-        https://bugs.webkit.org/show_bug.cgi?id=109387
-
-        Reviewed by Oliver Hunt and Mark Hahnenberg.
-        
-        Lock in the decision to use a non-speculative constant comparison as early as possible
-        and don't let the CFA change it by folding constants. This might be a performance
-        penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
-        the other hand it completely side-steps the unsoundness that the bug speaks of.
-        
-        Rolling back in after adding 32-bit path.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG TypeOf implementation should have its backend code aligned to what the CFA does
-        https://bugs.webkit.org/show_bug.cgi?id=109385
-
-        Reviewed by Sam Weinig.
-        
-        The problem was that if we ended up trying to constant fold, but didn't succeed
-        because of prediction mismatches, then we would also fail to do filtration.
-        
-        Rearranged the control flow in the CFA to fix that.
-        
-        As far as I know, this is asymptomatic - it's sort of OK for the CFA to prove less
-        things, which is what the bug was.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2013-02-11  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r142491.
-        http://trac.webkit.org/changeset/142491
-        https://bugs.webkit.org/show_bug.cgi?id=109470
-
-        broke the 32 bit build (Requested by jessieberlin on #webkit).
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
-        https://bugs.webkit.org/show_bug.cgi?id=109387
-
-        Reviewed by Oliver Hunt.
-        
-        Lock in the decision to use a non-speculative constant comparison as early as possible
-        and don't let the CFA change it by folding constants. This might be a performance
-        penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
-        the other hand it completely side-steps the unsoundness that the bug speaks of.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-11  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed fix after r13954 for !ENABLE(JIT) builds.
-
-        * llint/LowLevelInterpreter.cpp:
-
-2013-02-11  Gabor Rapcsanyi  <rgabor@webkit.org>
-
-        JSC build failing with verbose debug mode
-        https://bugs.webkit.org/show_bug.cgi?id=109441
-
-        Reviewed by Darin Adler.
-
-        Fixing some verbose messages which caused build errors.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        * dfg/DFGPredictionInjectionPhase.cpp:
-        (JSC::DFG::PredictionInjectionPhase::run):
-
-2013-02-10  Martin Robinson  <mrobinson@igalia.com>
-
-        Fix the GTK+ gyp build
-
-        * JavaScriptCore.gypi: Update the source list to accurately
-        reflect what's in the repository and remove the offsets extractor
-        from the list of JavaScriptCore files. It's only used to build
-        the extractor binary.
-
-2013-02-09  Andreas Kling  <akling@apple.com>
-
-        Shrink-wrap UnlinkedCodeBlock members.
-        <http://webkit.org/b/109368>
-
-        Reviewed by Oliver Hunt.
-
-        Rearrange the members of UnlinkedCodeBlock to avoid unnecessary padding on 64-bit.
-        Knocks ~600 KB off of the Membuster3 peak.
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
-        * bytecode/UnlinkedCodeBlock.h:
-        (UnlinkedCodeBlock):
-
-2013-02-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should allow phases to break Phi's and then have one phase to rebuild them
-        https://bugs.webkit.org/show_bug.cgi?id=108414
-
-        Reviewed by Mark Hahnenberg.
-        
-        Introduces two new DFG forms: LoadStore and ThreadedCPS. These are described in
-        detail in DFGCommon.h.
-        
-        Consequently, DFG phases no longer have to worry about preserving data flow
-        links between basic blocks. It is generally always safe to request that the
-        graph be dethreaded (Graph::dethread), which brings it into LoadStore form, where
-        the data flow is implicit. In this form, only liveness-at-head needs to be
-        preserved.
-        
-        All of the machinery for "threading" the graph to introduce data flow between
-        blocks is now moved out of the bytecode parser and into the CPSRethreadingPhase.
-        All phases that previously did this maintenance themselves now just rely on
-        being able to dethread the graph. The one exception is the structure check
-        hoising phase, which operates over a threaded graph and preserves it, for the
-        sake of performance.
-        
-        Also moved two other things into their own phases: unification (previously found
-        in the parser) and prediction injection (previously found in various places).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/Operands.h:
-        (Operands):
-        (JSC::Operands::sizeFor):
-        (JSC::Operands::atFor):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        * dfg/DFGAllocator.h:
-        (JSC::DFG::::allocateSlow):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGBasicBlockInlines.h:
-        (DFG):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::flushDirect):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::killUnreachable):
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        (CFGSimplificationPhase):
-        (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGCPSRethreadingPhase.cpp: Added.
-        (DFG):
-        (CPSRethreadingPhase):
-        (JSC::DFG::CPSRethreadingPhase::CPSRethreadingPhase):
-        (JSC::DFG::CPSRethreadingPhase::run):
-        (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
-        (JSC::DFG::CPSRethreadingPhase::clearVariablesAtHeadAndTail):
-        (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
-        (JSC::DFG::CPSRethreadingPhase::addPhi):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeSetLocal):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
-        (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlocks):
-        (JSC::DFG::CPSRethreadingPhase::propagatePhis):
-        (JSC::DFG::CPSRethreadingPhase::PhiStackEntry::PhiStackEntry):
-        (PhiStackEntry):
-        (JSC::DFG::CPSRethreadingPhase::phiStackFor):
-        (JSC::DFG::performCPSRethreading):
-        * dfg/DFGCPSRethreadingPhase.h: Added.
-        (DFG):
-        * dfg/DFGCSEPhase.cpp:
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCommon.cpp:
-        (WTF):
-        (WTF::printInternal):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::logCompilationChanges):
-        (DFG):
-        (WTF):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::Graph):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::dethread):
-        (JSC::DFG::Graph::collectGarbage):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::performSubstitution):
-        (Graph):
-        (JSC::DFG::Graph::performSubstitutionForEdge):
-        (JSC::DFG::Graph::convertToConstant):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToPhantomLocal):
-        (Node):
-        (JSC::DFG::Node::convertToGetLocal):
-        (JSC::DFG::Node::hasVariableAccessData):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPhase.cpp:
-        (JSC::DFG::Phase::beginPhase):
-        * dfg/DFGPhase.h:
-        (JSC::DFG::runAndLog):
-        * dfg/DFGPredictionInjectionPhase.cpp: Added.
-        (DFG):
-        (PredictionInjectionPhase):
-        (JSC::DFG::PredictionInjectionPhase::PredictionInjectionPhase):
-        (JSC::DFG::PredictionInjectionPhase::run):
-        (JSC::DFG::performPredictionInjection):
-        * dfg/DFGPredictionInjectionPhase.h: Added.
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::run):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * dfg/DFGUnificationPhase.cpp: Added.
-        (DFG):
-        (UnificationPhase):
-        (JSC::DFG::UnificationPhase::UnificationPhase):
-        (JSC::DFG::UnificationPhase::run):
-        (JSC::DFG::performUnification):
-        * dfg/DFGUnificationPhase.h: Added.
-        (DFG):
-        * dfg/DFGValidate.cpp:
-        (JSC::DFG::Validate::validate):
-        (JSC::DFG::Validate::dumpGraphIfAppropriate):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::setUpCall):
-        * runtime/JSCJSValue.cpp:
-        (JSC::JSValue::dump):
-        * runtime/JSString.h:
-        (JSString):
-        * runtime/Options.h:
-        (JSC):
-
-2013-02-08  Jer Noble  <jer.noble@apple.com>
-
-        Bring WebKit up to speed with latest Encrypted Media spec.
-        https://bugs.webkit.org/show_bug.cgi?id=97037
-
-        Reviewed by Eric Carlson.
-
-        Define the ENABLE_ENCRYPTED_MEDIA_V2 setting.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-08  Gavin Barraclough  <barraclough@apple.com>
-
-        Objective-C API for JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=105889
-
-        Reviewed by Joseph Pecoraro
-
-        Following up on review comments, mostly typos.
-
-        * API/JSBlockAdaptor.h:
-        * API/JSBlockAdaptor.mm:
-        (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
-        * API/JSContext.h:
-        * API/JSExport.h:
-        * API/JSValue.h:
-        * API/JSValue.mm:
-        * API/JSWrapperMap.mm:
-        (selectorToPropertyName):
-        (-[JSWrapperMap classInfoForClass:]):
-        (-[JSWrapperMap wrapperForObject:]):
-
-2013-02-08  Martin Robinson  <mrobinson@igalia.com>
-
-        [GTK] Add an experimental gyp build
-        https://bugs.webkit.org/show_bug.cgi?id=109003
-
-        Reviewed by Gustavo Noronha Silva.
-
-        * JavaScriptCore.gypi: Update the list of source files to include those
-        necessary for the GTK+ build.
-
-2013-02-08  Andreas Kling  <akling@apple.com>
-
-        JSC: Lower minimum PropertyTable size.
-        <http://webkit.org/b/109247>
-
-        Reviewed by Darin Adler.
-
-        Lower the minimum table size for PropertyTable from 16 to 8.
-        3.32 MB progression on Membuster3 (a ~13% reduction in memory used by PropertyTables.)
-
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable):
-        (JSC::PropertyTable::sizeForCapacity):
-
-2013-02-07  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. More VS2010 WebKit solution touchups.
-        Make JavaScriptCoreExports.def.in be treated as a custom build file so that changes to it cause the exports to be rebuilt.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
-
-2013-02-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: testapi.mm should use ARC
-        https://bugs.webkit.org/show_bug.cgi?id=107838
-
-        Reviewed by Mark Rowe.
-
-        Removing the changes to the Xcode project file and moving the equivalent flags into 
-        the ToolExecutable xcconfig file.
-
-        * Configurations/ToolExecutable.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-02-07  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows] Unreviewed Visual Studio 2010 build fixes after r142179.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Correct changed symbols
-        * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Removed autogenerated file.
-
-2013-02-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::ByteCodeParser should do surgical constant folding to reduce load on the optimization fixpoint
-        https://bugs.webkit.org/show_bug.cgi?id=109000
-
-        Reviewed by Oliver Hunt.
-        
-        Previously our source parser's ASTBuilder did some surgical constant folding, but it
-        didn't cover some cases.  It was particularly incapable of doing constant folding for
-        cases where we do some minimal loop peeling in the bytecode generator - since it
-        didn't "see" those constants prior to the peeling.  Example:
-
-        for (var i = 0; i < 4; ++i)
-            things;
-
-        This will get peeled just a bit by the bytecode generator, so that the "i < 4" is
-        duplicated both at the top of the loop and the bottom.  This means that we have a
-        constant comparison: "0 < 4", which the bytecode generator emits without any further
-        thought.
-
-        The DFG optimization fixpoint of course folds this and simplifies the CFG 
-        accordingly, but this incurs a compile-time cost.  The purpose of this change is to
-        do some surgical constant folding in the DFG's bytecode parser, so that such
-        constructs reduce load on the CFG simplifier and the optimization fixpoint.  The goal
-        is not to cover all cases, since the DFG CFA and CFG simplifier have a powerful
-        sparse conditional constant propagation that we can always fall back on. Instead the
-        goal is to cover enough cases that for common small functions we don't have to
-        perform such transformations, thereby reducing compile times.
-        
-        This also refactors m_inlineStackEntry->m_inlineCallFrame to be a handy method call
-        and also adds the notion of a TriState-based JSValue::pureToBoolean(). Both of these
-        things are used by the folder.
-        
-        As well, care has been taken to make sure that the bytecode parser only does folding
-        that is statically provable, and that doesn't arise out of speculation. This means
-        we cannot fold on data flow that crosses inlining boundaries. On the other hand, the
-        folding that the bytecode parser uses doesn't require phantoming anything. Such is
-        the trade-off: for anything that we do need phantoming, we defer it to the
-        optimization fixpoint.
-        
-        Slight SunSpider speed-up.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::flushDirect):
-        (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables):
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::inlineCallFrame):
-        (JSC::DFG::ByteCodeParser::currentCodeOrigin):
-        (JSC::DFG::ByteCodeParser::canFold):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::getScope):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::isStronglyProvedConstantIn):
-        (Node):
-        * runtime/JSCJSValue.h:
-        * runtime/JSCJSValueInlines.h:
-        (JSC::JSValue::pureToBoolean):
-        (JSC):
-
-2013-02-07  Zoltan Herczeg  <zherczeg@webkit.org>
-
-        Invalid code is generated for storing constants with baseindex addressing modes on ARM traditional.
-        https://bugs.webkit.org/show_bug.cgi?id=109050
-
-        Reviewed by Oliver Hunt.
-
-        The S! scratch register is reused, but it should contain the constant value.
-
-        * assembler/ARMAssembler.cpp:
-        (JSC::ARMAssembler::baseIndexTransfer32):
-        (JSC::ARMAssembler::baseIndexTransfer16):
-
-2013-02-07  Andras Becsi  <andras.becsi@digia.com>
-
-        [Qt] Use GNU ar's thin archive format for intermediate static libs
-        https://bugs.webkit.org/show_bug.cgi?id=109052
-
-        Reviewed by Jocelyn Turcotte.
-
-        Adjust project files that used activeBuildConfig()
-        to use targetSubDir().
-
-        * JavaScriptCore.pri:
-        * LLIntOffsetsExtractor.pro:
-        * Target.pri:
-
-2013-02-06  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Touchups to VS2010 WebKit solution.
-        Fix an export generator script, modify some property sheets, add resouce file.
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
-        * JavaScriptCore.vcxproj/resource.h: Added.
-
-2013-02-06  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Web Inspector: Native Memory Instrumentation: assign class name to the heap graph node automatically
-        https://bugs.webkit.org/show_bug.cgi?id=107262
-
-        Reviewed by Yury Semikhatsky.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-02-06  Mike West  <mkwst@chromium.org>
-
-        Add an ENABLE_NOSNIFF feature flag.
-        https://bugs.webkit.org/show_bug.cgi?id=109029
-
-        Reviewed by Jochen Eisinger.
-
-        This new flag will control the behavior of 'X-Content-Type-Options: nosniff'
-        when processing script and other resource types.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        put_to_base should emit a Phantom for "value" across the ForceOSRExit
-        https://bugs.webkit.org/show_bug.cgi?id=108998
-
-        Reviewed by Oliver Hunt.
-
-        Otherwise, the OSR exit compiler could clobber it, which would lead to badness.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::tallyFrequentExitSites): Build fixes for when DFG debug logging is enabled.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock): Added extra Phantoms for the "value" field where needed.
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Ditto.
-
-2013-02-05  Michael Saboff  <msaboff@apple.com>
-
-        Crash at JSC::call when loading www.gap.com with JSVALUE32_64 Enabled
-        https://bugs.webkit.org/show_bug.cgi?id=108991
-
-        Reviewed by Oliver Hunt.
-
-        Changed the restoration from calleeGPR to nonArgGPR0 because the restoration of the return location
-        may step on calleeGPR is it happen to be nonArgGPR2.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgLinkClosureCall):
-
-2013-02-05  Roger Fong  <roger_fong@apple.com>
-
-        Add a JavaScriptCore Export Generator project.
-        https://bugs.webkit.org/show_bug.cgi?id=108971.
-
-        Reviewed by Brent Fulgham.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Added.
-
-2013-02-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have a precise view of jump targets
-        https://bugs.webkit.org/show_bug.cgi?id=108868
-
-        Reviewed by Oliver Hunt.
-        
-        Previously, the DFG relied entirely on the CodeBlock's jump targets list for
-        determining when to break basic blocks. This worked great, except sometimes it
-        would be too conservative since the CodeBlock just says where the bytecode
-        generator inserted labels.
-        
-        This change keeps the old jump target list in CodeBlock since it is still
-        valuable to the baseline JIT, but switches the DFG to use its own jump target
-        calculator. This ought to reduce pressure on the DFG simplifier, which would
-        previously do a lot of work to try to merge redundantly created basic blocks.
-        It appears to be a 1% progression on SunSpider.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/PreciseJumpTargets.cpp: Added.
-        (JSC):
-        (JSC::addSimpleSwitchTargets):
-        (JSC::computePreciseJumpTargets):
-        * bytecode/PreciseJumpTargets.h: Added.
-        (JSC):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-
-2013-02-01  Roger Fong  <roger_fong@apple.com>
-
-        Make ConfigurationBuildDir include directories precede WebKitLibraries in JSC.
-        https://bugs.webkit.org/show_bug.cgi?id=108693.
-
-        Rubberstamped by Timothy Horton.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-
-2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Structure::m_outOfLineCapacity is unnecessary
-        https://bugs.webkit.org/show_bug.cgi?id=108206
-
-        Reviewed by Darin Adler.
-
-        Simplifying the utility functions that we use since we don't need a 
-        bunch of fancy templates for this one specific call site.
-
-        * runtime/Structure.h:
-        (JSC::Structure::outOfLineCapacity):
-
-2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: testapi.mm should use ARC
-        https://bugs.webkit.org/show_bug.cgi?id=107838
-
-        Reviewed by Oliver Hunt.
-
-        In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs.
-        We should enable ARC, since that is what most of our clients will be using. We use Xcode project 
-        settings to make sure we don't try to compile ARC on 32-bit.
-
-        * API/tests/testapi.mm:
-        (+[TestObject testObject]):
-        (testObjectiveCAPI):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-02-05  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows] Unreviewed VS2010 Build Correction after r141651
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add missing
-        StructureRareData.h and StructureRareData.cpp files.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
-
-2013-02-05  Michael Saboff  <msaboff@apple.com>
-
-        r141788 won't build due to not having all changes needed by Node* change
-        https://bugs.webkit.org/show_bug.cgi?id=108944
-
-        Reviewed by David Kilzer.
-
-        Fixed three instances of integerResult(..., m_compileIndex) to be integerResult(..., node).
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
-
-2013-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r141809.
-        http://trac.webkit.org/changeset/141809
-        https://bugs.webkit.org/show_bug.cgi?id=108860
-
-        ARC isn't supported on 32-bit. (Requested by mhahnenberg on
-        #webkit).
-
-        * API/tests/testapi.mm:
-        (+[TestObject testObject]):
-        (testObjectiveCAPI):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: testapi.mm should use ARC
-        https://bugs.webkit.org/show_bug.cgi?id=107838
-
-        Reviewed by Oliver Hunt.
-
-        In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs. 
-        We should enable ARC, since that is what most of our clients will be using.
-
-        * API/tests/testapi.mm:
-        (-[TestObject init]):
-        (-[TestObject dealloc]):
-        (+[TestObject testObject]):
-        (testObjectiveCAPI):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: ObjCCallbackFunction should retain the target of its NSInvocation
-        https://bugs.webkit.org/show_bug.cgi?id=108843
-
-        Reviewed by Darin Adler.
-
-        Currently, ObjCCallbackFunction doesn't retain the target of its NSInvocation. It needs to do 
-        this to prevent crashes when trying to invoke a callback later on.
-
-        * API/ObjCCallbackFunction.mm:
-        (ObjCCallbackFunction::ObjCCallbackFunction):
-        (ObjCCallbackFunction::~ObjCCallbackFunction):
-
-2013-02-04  Martin Robinson  <mrobinson@igalia.com>
-
-        Fix GTK+ 'make dist' in preparation for the 1.11.5 release.
-
-        * GNUmakefile.list.am: Update the source lists.
-
-2013-02-04  Michael Saboff  <msaboff@apple.com>
-
-        For ARMv7s use integer divide instruction for divide and modulo when possible
-        https://bugs.webkit.org/show_bug.cgi?id=108840
-
-        Reviewed in person by Filip Pizlo.
-
-        Added ARMv7s integer divide path for ArithDiv and ArithMod where operands and results are integer.
-        This is patterned after the similar code for X86.  Also added modulo power of 2 optimization
-        that uses logical and.  Added sdiv and udiv to the ARMv7 disassembler.  Put all the changes
-        behind #if CPU(APPLE_ARMV7S). 
-
-        * assembler/ARMv7Assembler.h:
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::sdiv):
-        (JSC::ARMv7Assembler::udiv):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::isARMv7s):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-04  David Kilzer  <ddkilzer@apple.com>
-
-        Check PrivateHeaders/JSBasePrivate.h for inappropriate macros
-        <http://webkit.org/b/108749>
-
-        Reviewed by Joseph Pecoraro.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add
-        PrivateHeaders/JSBasePrivate.h to list of headers to check in
-        "Check for Inappropriate Macros in External Headers" build phase
-        script.
-
-2013-02-04  David Kilzer  <ddkilzer@apple.com>
-
-        Remove duplicate entries from JavaScriptCore Xcode project
-
-            $ uniq Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | diff -u - Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | patch -p0 -R
-            patching file Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Remove duplicates.
-
-2013-02-04  David Kilzer  <ddkilzer@apple.com>
-
-        Sort JavaScriptCore Xcode project file
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-02-03  David Kilzer  <ddkilzer@apple.com>
-
-        Upstream ENABLE_PDFKIT_PLUGIN settting
-        <http://webkit.org/b/108792>
-
-        Reviewed by Tim Horton.
-
-        * Configurations/FeatureDefines.xcconfig: Disable PDFKIT_PLUGIN
-        on iOS since PDFKit is a Mac-only framework.
-
-2013-02-02  Andreas Kling  <akling@apple.com>
-
-        Vector should consult allocator about ideal size when choosing capacity.
-        <http://webkit.org/b/108410>
-        <rdar://problem/13124002>
-
-        Reviewed by Benjamin Poulain.
-
-        Remove assertion about Vector capacity that won't hold anymore since capacity()
-        may not be what you passed to reserveCapacity().
-        Also export WTF::fastMallocGoodSize() for Windows builds.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2013-02-02  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Adopt the WinCE port to new CMake
-        https://bugs.webkit.org/show_bug.cgi?id=108754
-
-        Reviewed by Laszlo Gombos.
-
-        * os-win32/WinMain.cpp: Removed.
-        * shell/PlatformWinCE.cmake: Removed.
-
-2013-02-02  Mark Rowe  <mrowe@apple.com>
-
-        <http://webkit.org/b/108745> WTF shouldn't use a script build phase to detect the presence of headers when the compiler can do it for us
-
-        Reviewed by Sam Weinig.
-
-        * DerivedSources.make: Remove an obsolete Makefile rule. This should have been removed when the use
-        of the generated file moved to WTF.
-
-2013-02-02  David Kilzer  <ddkilzer@apple.com>
-
-        Upstream iOS FeatureDefines
-        <http://webkit.org/b/108753>
-
-        Reviewed by Anders Carlsson.
-
-        * Configurations/FeatureDefines.xcconfig:
-        - ENABLE_DEVICE_ORIENTATION: Add iOS configurations.
-        - ENABLE_PLUGIN_PROXY_FOR_VIDEO: Ditto.
-        - FEATURE_DEFINES: Add ENABLE_PLUGIN_PROXY_FOR_VIDEO.  Add
-          PLATFORM_NAME variant to reduce future merge conflicts. 
-
-2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Structure::m_enumerationCache should be moved to StructureRareData
-        https://bugs.webkit.org/show_bug.cgi?id=108723
-
-        Reviewed by Oliver Hunt.
-
-        m_enumerationCache is only used by objects whose properties are iterated over, so not every Structure needs this 
-        field and it can therefore be moved safely to StructureRareData to help with memory savings.
-
-        * runtime/JSPropertyNameIterator.h:
-        (JSPropertyNameIterator):
-        (JSC::Register::propertyNameIterator):
-        (JSC::StructureRareData::enumerationCache): Add to JSPropertyNameIterator.h so that it can see the correct type.
-        (JSC::StructureRareData::setEnumerationCache): Ditto.
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyWithoutTransition): Use the enumerationCache() getter rather than accessing the field.
-        (JSC::Structure::removePropertyWithoutTransition): Ditto.
-        (JSC::Structure::visitChildren): We no longer have to worry about marking the m_enumerationCache field.
-        * runtime/Structure.h: 
-        (JSC::Structure::setEnumerationCache): Move the old accessors back since we don't have to have any knowledge of 
-        the JSPropertyNameIterator type.
-        (JSC::Structure::enumerationCache): Ditto.
-        * runtime/StructureRareData.cpp:
-        (JSC::StructureRareData::visitChildren): Mark the new m_enumerationCache field.
-        * runtime/StructureRareData.h: Add new functions/fields.
-        (StructureRareData):
-
-2013-02-01  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. JavaScriptCore VS2010 project cleanup.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
-
-2013-02-01  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r141662.
-        http://trac.webkit.org/changeset/141662
-        https://bugs.webkit.org/show_bug.cgi?id=108738
-
-        it's an incorrect change since processPhiStack will
-        dereference dangling BasicBlock pointers (Requested by pizlo
-        on #webkit).
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-
-2013-02-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Eliminate dead blocks sooner in the DFG::ByteCodeParser to make clear that you don't need to hold onto them during Phi construction
-        https://bugs.webkit.org/show_bug.cgi?id=108717
-
-        Reviewed by Mark Hahnenberg.
-        
-        I think this makes the code clearer. It doesn't change behavior.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parse):
-
-2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Structure should have a StructureRareData field to save space
-        https://bugs.webkit.org/show_bug.cgi?id=108659
-
-        Reviewed by Oliver Hunt.
-
-        Many of the fields in Structure are used in a subset of all total Structures; however, all Structures must 
-        pay the memory cost of those fields, regardless of whether they use them or not. Since we can have potentially 
-        many Structures on a single page (e.g. bing.com creates ~1500 Structures), it would be profitable to 
-        refactor Structure so that not every Structure has to pay the memory costs for these infrequently used fields.
-
-        To accomplish this, we can create a new StructureRareData class to house these seldom used fields which we 
-        can allocate on demand whenever a Structure requires it. This StructureRareData can itself be a JSCell, and 
-        can do all the marking of the fields for the Structure. The StructureRareData field will be part of a union 
-        with m_previous to minimize overhead. We'll add a new field to JSTypeInfo to indicate that the Structure has 
-        a StructureRareData field. During transitions, a Structure will clone its previous Structure's StructureRareData 
-        if it has one. There could be some potential for optimizing this process, but the initial implementation will 
-        be dumb since we'd be paying these overhead costs for each Structure anyways.
-
-        Initially we'll only put two fields in the StructureRareData to avoid a memory regression. Over time we'll 
-        continue to move fields from Structure to StructureRareData. Optimistically, this could potentially reduce our 
-        Structure memory footprint by up to around 75%. It could also clear the way for removing destructors from 
-        Structures (and into StructureRareData).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGRepatch.cpp: Includes for linking purposes.
-        * jit/JITStubs.cpp:
-        * jsc.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        * runtime/JSCellInlines.h: Added ifdef guards.
-        * runtime/JSGlobalData.cpp: New Structure for StructureRareData class.
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSTypeInfo.h: New flag to indicate whether or not a Structure has a StructureRareData field.
-        (JSC::TypeInfo::flags):
-        (JSC::TypeInfo::structureHasRareData):
-        * runtime/ObjectPrototype.cpp:
-        * runtime/Structure.cpp: We use a combined WriteBarrier<JSCell> field m_previousOrRareData to avoid compiler issues.
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::Structure): 
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::pin):
-        (JSC::Structure::allocateRareData): Handles allocating a brand new StructureRareData field.
-        (JSC::Structure::cloneRareDataFrom): Handles cloning a StructureRareData field from another. Used during Structure 
-        transitions.
-        (JSC::Structure::visitChildren): We no longer have to worry about marking m_objectToStringValue.
-        * runtime/Structure.h:
-        (JSC::Structure::previousID): Checks the structureHasRareData flag to see where it should get the previous Structure.
-        (JSC::Structure::objectToStringValue): Reads the value from the StructureRareData. If it doesn't exist, returns 0.
-        (JSC::Structure::setObjectToStringValue): Ensures that we have a StructureRareData field, then forwards the function 
-        call to it.
-        (JSC::Structure::materializePropertyMapIfNecessary):
-        (JSC::Structure::setPreviousID): Checks for StructureRareData and forwards if necessary.
-        (Structure):
-        (JSC::Structure::clearPreviousID): Ditto.
-        (JSC::Structure::create):
-        * runtime/StructureRareData.cpp: Added. All of the basic functionality of a JSCell with the fields that we've moved 
-        from Structure and the functions required to access/modify those fields as Structure would have done.
-        (JSC):
-        (JSC::StructureRareData::createStructure):
-        (JSC::StructureRareData::create):
-        (JSC::StructureRareData::clone):
-        (JSC::StructureRareData::StructureRareData):
-        (JSC::StructureRareData::visitChildren):
-        * runtime/StructureRareData.h: Added.
-        (JSC):
-        (StructureRareData):
-        * runtime/StructureRareDataInlines.h: Added.
-        (JSC):
-        (JSC::StructureRareData::previousID):
-        (JSC::StructureRareData::setPreviousID):
-        (JSC::StructureRareData::clearPreviousID):
-        (JSC::Structure::previous): Handles the ugly casting to get the value of the right type of m_previousOrRareData.
-        (JSC::Structure::rareData): Ditto.
-        (JSC::StructureRareData::objectToStringValue):
-        (JSC::StructureRareData::setObjectToStringValue):
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGRepatch.cpp:
-        * jit/JITStubs.cpp:
-        * jsc.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        * runtime/JSCellInlines.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSTypeInfo.h:
-        (JSC):
-        (JSC::TypeInfo::flags):
-        (JSC::TypeInfo::structureHasRareData):
-        * runtime/ObjectPrototype.cpp:
-        * runtime/Structure.cpp:
-        (JSC::Structure::dumpStatistics):
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::pin):
-        (JSC::Structure::allocateRareData):
-        (JSC):
-        (JSC::Structure::cloneRareDataFrom):
-        (JSC::Structure::visitChildren):
-        * runtime/Structure.h:
-        (JSC::Structure::previousID):
-        (JSC::Structure::objectToStringValue):
-        (JSC::Structure::setObjectToStringValue):
-        (JSC::Structure::materializePropertyMapIfNecessary):
-        (JSC::Structure::setPreviousID):
-        (Structure):
-        (JSC::Structure::clearPreviousID):
-        (JSC::Structure::previous):
-        (JSC::Structure::rareData):
-        (JSC::Structure::create):
-        * runtime/StructureRareData.cpp: Added.
-        (JSC):
-        (JSC::StructureRareData::createStructure):
-        (JSC::StructureRareData::create):
-        (JSC::StructureRareData::clone):
-        (JSC::StructureRareData::StructureRareData):
-        (JSC::StructureRareData::visitChildren):
-        * runtime/StructureRareData.h: Added.
-        (JSC):
-        (StructureRareData):
-        * runtime/StructureRareDataInlines.h: Added.
-        (JSC):
-        (JSC::StructureRareData::previousID):
-        (JSC::StructureRareData::setPreviousID):
-        (JSC::StructureRareData::clearPreviousID):
-        (JSC::StructureRareData::objectToStringValue):
-        (JSC::StructureRareData::setObjectToStringValue):
-
-2013-02-01  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        offlineasm BaseIndex handling is broken on ARM due to MIPS changes
-        https://bugs.webkit.org/show_bug.cgi?id=108261
-
-        Reviewed by Filip Pizlo.
-
-        offlineasm BaseIndex handling fix on MIPS.
-
-        * offlineasm/mips.rb:
-        * offlineasm/risc.rb:
-
-2013-02-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed an unused function: JSGlobalObject::createFunctionExecutableFromGlobalCode
-        https://bugs.webkit.org/show_bug.cgi?id=108657
-
-        Reviewed by Anders Carlsson.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-
-2013-02-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Added TriState to WTF and started using it in one place
-        https://bugs.webkit.org/show_bug.cgi?id=108628
-
-        Reviewed by Beth Dakin.
-
-        * runtime/PrototypeMap.h:
-        (JSC::PrototypeMap::isPrototype): Use TriState instead of boolean. In
-        response to review feedback, this is an attempt to clarify that our
-        'true' condition is actually just a 'maybe'.
-
-        * runtime/PrototypeMap.h:
-        (PrototypeMap):
-        (JSC::PrototypeMap::isPrototype):
-
-2013-02-01  Alexis Menard  <alexis@webkit.org>
-
-        Enable unprefixed CSS transitions by default.
-        https://bugs.webkit.org/show_bug.cgi?id=108216
-
-        Reviewed by Dean Jackson.
-
-        Rename the flag CSS_TRANSFORMS_ANIMATIONS_TRANSITIONS_UNPREFIXED
-        to CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED which will be used later to 
-        guard the unprefixing work for CSS Transforms and animations.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-31  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::CFGSimplificationPhase::keepOperandAlive() conflates liveness and availability
-        https://bugs.webkit.org/show_bug.cgi?id=108580
-
-        Reviewed by Oliver Hunt.
-        
-        This is a harmless bug in that it only results in us keeping a bit too many things
-        for OSR.  But it's worth fixing so that the code is consistent.
-
-        keepOperandAlive() is called when block A has a branch to blocks B and C, but the
-        A->B edge is proven to never be taken and we want to optimize the code to have A
-        unconditionally jump to C.  In that case, for the purposes of OSR, we need to
-        preserve the knowledge that the state that B expected to be live incoming from A
-        ought still to be live up to the point of where the A->B,C branch used to be.  The
-        way we keep things alive is by using the variablesAtTail of A (i.e., we use the
-        knowledge of in what manner A made state available to B and C).  The way we choose
-        which state should be kept alive ought to be chosen by the variablesAtHead of B
-        (i.e. the things B says it needs from its predecessors, including A), except that
-        keepOperandAlive() was previously just using variablesAtTail of A for this
-        purpose.
-        
-        The fix is to have keepOperandAlive() use both liveness and availability in its
-        logic. It should use liveness (i.e. B->variablesAtHead) to decide what to keep
-        alive, and it should use availability (i.e. A->variablesAtTail) to decide how to
-        keep it alive.
-        
-        This might be a microscopic win on some programs, but it's mainly intended to be
-        a code clean-up so that I don't end up scratching my head in confusion the next
-        time I look at this code.
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2013-01-31  Geoffrey Garen  <ggaren@apple.com>
-
-        REGRESSION (r141192): Crash beneath cti_op_get_by_id_generic @ discussions.apple.com
-        https://bugs.webkit.org/show_bug.cgi?id=108576
-
-        Reviewed by Filip Pizlo.
-
-        This was a long-standing bug. The DFG would destructively reuse a register
-        in op_convert_this, but:
-
-            * The bug only presented during speculation failure for type Other
-
-            * The bug presented by removing the low bits of a pointer, which
-            used to be harmless, since all objects were so aligned anyway.
-
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Don't reuse our this register as
-        our scratch register. The whole point of our scratch register is to
-        avoid destructively modifying our this register. I'm pretty sure this
-        was a copy-paste error.
-
-2013-01-31  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-01-31  Jessie Berlin  <jberlin@apple.com>
-
-        Rolling out r141407 because it is causing crashes under
-        WTF::TCMalloc_Central_FreeList::FetchFromSpans() in Release builds.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: JSContext exception property causes reference cycle
-        https://bugs.webkit.org/show_bug.cgi?id=107778
-
-        Reviewed by Darin Adler.
-
-        JSContext has a (retain) JSValue * exception property which, when non-null, creates a 
-        reference cycle (since the JSValue * holds a strong reference back to the JSContext *).
-
-        * API/JSContext.mm: Instead of JSValue *, we now use a plain JSValueRef, which eliminates the reference cycle.
-        (-[JSContext initWithVirtualMachine:]):
-        (-[JSContext setException:]):
-        (-[JSContext exception]):
-
-2013-01-31  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed build fix. Win7 port.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-01-31  Joseph Pecoraro  <pecoraro@apple.com>
-
-        Disable ENABLE_FULLSCREEN_API on iOS
-        https://bugs.webkit.org/show_bug.cgi?id=108250
-
-        Reviewed by Benjamin Poulain.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Fix insertion of values greater than the max index allowed by the spec
-        https://bugs.webkit.org/show_bug.cgi?id=108264
-
-        Reviewed by Oliver Hunt.
-
-        Fixed a bug, added a test to the API tests, cleaned up some code.
-
-        * API/JSValue.h: Changed some of the documentation on setValue:atIndex: to indicate that 
-        setting values at indices greater than UINT_MAX - 1 wont' affect the length of JS arrays.
-        * API/JSValue.mm:
-        (-[JSValue valueAtIndex:]): We weren't returning when we should have been.
-        (-[JSValue setValue:atIndex:]): Added a comment about why we do the early check for being larger than UINT_MAX.
-        (objectToValueWithoutCopy): Removed two redundant cases that were already checked previously.
-        * API/tests/testapi.mm:
-
-2013-01-30  Andreas Kling  <akling@apple.com>
-
-        Vector should consult allocator about ideal size when choosing capacity.
-        <http://webkit.org/b/108410>
-        <rdar://problem/13124002>
-
-        Reviewed by Benjamin Poulain.
-
-        Remove assertion about Vector capacity that won't hold anymore since capacity()
-        may not be what you passed to reserveCapacity().
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2013-01-30  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG bytecode parser should have more assertions about the status of local accesses
-        https://bugs.webkit.org/show_bug.cgi?id=108417
-
-        Reviewed by Mark Hahnenberg.
-        
-        Assert some things that we already know to be true, just to reassure ourselves that they are true.
-        This is meant as a prerequisite for https://bugs.webkit.org/show_bug.cgi?id=108414, which will
-        make these rules even stricter.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-
-2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: JSContext's dealloc causes ASSERT due to ordering of releases
-        https://bugs.webkit.org/show_bug.cgi?id=107978
-
-        Reviewed by Filip Pizlo.
-
-        We need to add the Identifier table save/restore in JSContextGroupRelease so that we 
-        have the correct table if we end up destroying the JSGlobalData/Heap.
-
-        * API/JSContextRef.cpp:
-        (JSContextGroupRelease):
-
-2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: exceptionHandler needs to be released in JSContext dealloc
-        https://bugs.webkit.org/show_bug.cgi?id=108378
-
-        Reviewed by Filip Pizlo.
-
-        JSContext has a (copy) exceptionHandler property that it doesn't release in dealloc. 
-        That sounds like the potential for a leak. It should be released.
-
-        * API/JSContext.mm:
-        (-[JSContext dealloc]):
-
-2013-01-30  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(140504): pure CSE no longer matches things, 10% regression on Kraken
-        https://bugs.webkit.org/show_bug.cgi?id=108366
-
-        Reviewed by Geoffrey Garen and Mark Hahnenberg.
-        
-        This was a longstanding bug that was revealed by http://trac.webkit.org/changeset/140504.
-        Pure CSE requires that the Node::flags() that may affect the behavior of a node match,
-        when comparing a possibly redundant node to its possible replacement. It was doing this
-        by comparing Node::arithNodeFlags(), which as the name might appear to suggest, returns
-        just those flag bits that correspond to actual node behavior and not auxiliary things.
-        Unfortunately, Node::arithNodeFlags() wasn't actually masking off the irrelevant bits.
-        This worked prior to r140504 because CSE itself didn't mutate the flags, so there was a
-        very high probability that matching nodes would also have completely identical flag bits
-        (even the ones that aren't relevant to arithmetic behavior, like NodeDoesNotExit). But
-        r140504 moved one of CSE's side-tables (m_relevantToOSR) into a flag bit for quicker
-        access. These bits would be mutated as the CSE ran over a basic block, in such a way that
-        there was a very high probability that the possible replacement would already have the
-        bit set, while the redundant node did not have the bit set. Since Node::arithNodeFlags()
-        returned all of the bits, this would cause CSEPhase::pureCSE() to reject the match
-        almost every time.
-        
-        The solution is to make Node::arithNodeFlags() do as its name suggests: only return those
-        flags that are relevant to arithmetic behavior. This patch introduces a new mask that
-        represents those bits, and includes NodeBehaviorMask and NodeBackPropMask, which are both
-        used for queries on Node::arithNodeFlags(), and both affect arithmetic code gen. None of
-        the other flags are relevant to Node::arithNodeFlags() since they either correspond to
-        information already conveyed by the opcode (like NodeResultMask, NodeMustGenerate,
-        NodeHasVarArgs, NodeClobbersWorld, NodeMightClobber) or information that doesn't affect
-        the result that the node will produce or any of the queries performed on the result of
-        Node::arithNodeFlags (NodeDoesNotExit and of course NodeRelevantToOSR).
-        
-        This is a 10% speed-up on Kraken, undoing the regression from r140504.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::arithNodeFlags):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-
-2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Structure::m_outOfLineCapacity is unnecessary
-        https://bugs.webkit.org/show_bug.cgi?id=108206
-
-        Reviewed by Geoffrey Garen.
-
-        We can calculate our out of line capacity by using the outOfLineSize and our knowledge about our resize policy.
-        According to GDB, this knocks Structures down from 136 bytes to 128 bytes (I'm guessing the extra bytes are from
-        better alignment of object fields), which puts Structures in a smaller size class. Woohoo! Looks neutral on our 
-        benchmarks.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC):
-        (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::addPropertyWithoutTransition):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::outOfLineCapacity):
-        (JSC::Structure::totalStorageCapacity):
-
-2013-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Be a little more conservative about emitting table-based switches
-        https://bugs.webkit.org/show_bug.cgi?id=108292
-
-        Reviewed by Filip Pizlo.
-
-        Profiling shows we're using op_switch in cases where it's a regression.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC):
-        (JSC::length):
-        (JSC::CaseBlockNode::tryTableSwitch):
-        (JSC::CaseBlockNode::emitBytecodeForBlock):
-        * parser/Nodes.h:
-        (CaseBlockNode):
-
-2013-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r140983.
-        http://trac.webkit.org/changeset/140983
-        https://bugs.webkit.org/show_bug.cgi?id=108277
-
-        Unfortunately, this API has one last client (Requested by
-        abarth on #webkit).
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
-        https://bugs.webkit.org/show_bug.cgi?id=107839
-
-        Reviewed by Geoffrey Garen.
-
-        Fixing several ASSERTs that were incorrect along with some of the reallocation of m_prototype and 
-        m_constructor that they were based on.
-
-        * API/JSWrapperMap.mm:
-        (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We now only allocate those
-        fields that are null (i.e. have been collected or have never been allocated to begin with).
-        (-[JSObjCClassInfo reallocateConstructorAndOrPrototype]): Renamed to better indicate that we're 
-        reallocating one or both of the prototype/constructor combo.
-        (-[JSObjCClassInfo wrapperForObject:]): Call new reallocate function.
-        (-[JSObjCClassInfo constructor]): Ditto.
-
-2013-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Make precise size classes more precise
-        https://bugs.webkit.org/show_bug.cgi?id=108270
-
-        Reviewed by Mark Hahnenberg.
-
-        Size inference makes this profitable.
-
-        I chose 8 byte increments because JSString is 24 bytes. Otherwise, 16
-        byte increments might be better.
-
-        * heap/Heap.h:
-        (Heap): Removed firstAllocatorWithoutDestructors because it's unused now.
-
-        * heap/MarkedBlock.h:
-        (MarkedBlock): Updated constants.
-
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC): Also reduced the maximum precise size class because my testing
-        has shown that the smaller size classes are much more common. This
-        offsets some of the size class explosion caused by reducing the precise
-        increment.
-
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions): No need for this ASSERT anymore
-        because we don't rely on firstAllocatorWithoutDestructors anymore, since
-        we pick size classes dynamically now.
-
-2013-01-29  Oliver Hunt  <oliver@apple.com>
-
-        Add some hardening to methodTable()
-        https://bugs.webkit.org/show_bug.cgi?id=108253
-
-        Reviewed by Mark Hahnenberg.
-
-        When accessing methodTable() we now always make sure that our
-        structure _could_ be valid.  Added a separate method to get a
-        classes methodTable during destruction as it's not possible to
-        validate the structure at that point.  This separation might
-        also make it possible to improve the performance of methodTable
-        access more generally in future.
-
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::callDestructor):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSCellInlines.h:
-        (JSC::JSCell::methodTableForDestruction):
-        (JSC):
-        (JSC::JSCell::methodTable):
-
-2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        offlineasm BaseIndex handling is broken on ARM due to MIPS changes
-        https://bugs.webkit.org/show_bug.cgi?id=108261
-
-        Reviewed by Oliver Hunt.
-        
-        Backends shouldn't override each other's methods. That's not cool.
-
-        * offlineasm/mips.rb:
-
-2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        cloop.rb shouldn't use a method called 'dump' for code generation
-        https://bugs.webkit.org/show_bug.cgi?id=108251
-
-        Reviewed by Mark Hahnenberg.
-        
-        Revert http://trac.webkit.org/changeset/141178 and rename 'dump' to 'clDump'.
-        
-        Also made trivial build fixes for !ENABLE(JIT).
-
-        * offlineasm/cloop.rb:
-        * runtime/Executable.h:
-        (ExecutableBase):
-        (JSC::ExecutableBase::intrinsicFor):
-        * runtime/JSGlobalData.h:
-
-2013-01-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed GGC because it has been disabled for a long time
-        https://bugs.webkit.org/show_bug.cgi?id=108245
-
-        Reviewed by Filip Pizlo.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::writeBarrier):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * heap/CardSet.h: Removed.
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::shouldCollect):
-        (JSC::Heap::isWriteBarrierEnabled):
-        (JSC):
-        (JSC::Heap::writeBarrier):
-        * heap/MarkedBlock.h:
-        (MarkedBlock):
-        (JSC):
-        * heap/MarkedSpace.cpp:
-        (JSC):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitWriteBarrier):
-
-2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Remove redundant AST dump method from cloop.rb, since they are already defined in ast.rb
-        https://bugs.webkit.org/show_bug.cgi?id=108247
-
-        Reviewed by Oliver Hunt.
-        
-        Makes offlineasm dumping easier to read and less likely to cause assertion failures.
-        Also fixes the strange situation where cloop.rb and ast.rb both defined dump methods,
-        but cloop.rb was winning.
-
-        * offlineasm/cloop.rb:
-
-2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
-        https://bugs.webkit.org/show_bug.cgi?id=107839
-
-        Reviewed by Oliver Hunt.
-
-        JSContext has a JSWrapperMap, which has an NSMutableDictionary m_classMap, which has values that 
-        are JSObjCClassInfo objects, which have strong references to two JSValue *'s, m_prototype and 
-        m_constructor, which in turn have strong references to the JSContext, creating a reference cycle. 
-        We should make m_prototype and m_constructor Weak<JSObject>. This gets rid of the strong reference 
-        to the JSContext and also prevents clients from accidentally creating reference cycles by assigning 
-        to the prototype of the constructor. If Weak<JSObject> fields are ever garbage collected, we will 
-        reallocate them.
-
-        * API/JSContext.mm:
-        (-[JSContext wrapperMap]):
-        * API/JSContextInternal.h:
-        * API/JSWrapperMap.mm:
-        (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
-        (-[JSObjCClassInfo dealloc]):
-        (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
-        (-[JSObjCClassInfo allocateConstructorAndPrototype]):
-        (-[JSObjCClassInfo wrapperForObject:]):
-        (-[JSObjCClassInfo constructor]):
-
-2013-01-29  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute
-        https://bugs.webkit.org/show_bug.cgi?id=108097
-
-        Reviewed by Geoffrey Garen.
-
-        LiteralParser was accepting a bogus 'var a.b = c' statement
-
-        * runtime/LiteralParser.cpp:
-        (JSC::::tryJSONPParse):
-
-2013-01-29  Oliver Hunt  <oliver@apple.com>
-
-        Force debug builds to do bounds checks on contiguous property storage
-        https://bugs.webkit.org/show_bug.cgi?id=108212
-
-        Reviewed by Mark Hahnenberg.
-
-        Add a ContiguousData type that we use to represent contiguous property
-        storage.  In release builds it is simply a pointer to the correct type,
-        but in debug builds it also carries the data length and performs bounds
-        checks.  This means we don't have to add as many manual bounds assertions
-        when performing operations over contiguous data.
-
-        * dfg/DFGOperations.cpp:
-        * runtime/ArrayStorage.h:
-        (ArrayStorage):
-        (JSC::ArrayStorage::vector):
-        * runtime/Butterfly.h:
-        (JSC::ContiguousData::ContiguousData):
-        (ContiguousData):
-        (JSC::ContiguousData::operator[]):
-        (JSC::ContiguousData::data):
-        (JSC::ContiguousData::length):
-        (JSC):
-        (JSC::Butterfly::contiguousInt32):
-        (Butterfly):
-        (JSC::Butterfly::contiguousDouble):
-        (JSC::Butterfly::contiguous):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sortNumericVector):
-        (ContiguousTypeAccessor):
-        (JSC::ContiguousTypeAccessor::getAsValue):
-        (JSC::ContiguousTypeAccessor::setWithValue):
-        (JSC::ContiguousTypeAccessor::replaceDataReference):
-        (JSC):
-        (JSC::JSArray::sortCompactedVector):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToArguments):
-        * runtime/JSArray.h:
-        (JSArray):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::copyButterfly):
-        (JSC::JSObject::visitButterfly):
-        (JSC::JSObject::createInitialInt32):
-        (JSC::JSObject::createInitialDouble):
-        (JSC::JSObject::createInitialContiguous):
-        (JSC::JSObject::convertUndecidedToInt32):
-        (JSC::JSObject::convertUndecidedToDouble):
-        (JSC::JSObject::convertUndecidedToContiguous):
-        (JSC::JSObject::convertInt32ToDouble):
-        (JSC::JSObject::convertInt32ToContiguous):
-        (JSC::JSObject::genericConvertDoubleToContiguous):
-        (JSC::JSObject::convertDoubleToContiguous):
-        (JSC::JSObject::rageConvertDoubleToContiguous):
-        (JSC::JSObject::ensureInt32Slow):
-        (JSC::JSObject::ensureDoubleSlow):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::rageEnsureContiguousSlow):
-        (JSC::JSObject::ensureLengthSlow):
-        * runtime/JSObject.h:
-        (JSC::JSObject::ensureInt32):
-        (JSC::JSObject::ensureDouble):
-        (JSC::JSObject::ensureContiguous):
-        (JSC::JSObject::rageEnsureContiguous):
-        (JSObject):
-        (JSC::JSObject::indexingData):
-        (JSC::JSObject::currentIndexingData):
-
-2013-01-29  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows, WinCairo] Unreviewed build fix after r141050
-
-        * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Update symbols
-        to match JavaScriptCore.vcproj version.
-
-2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
-
-        [Qt] Implement GCActivityCallback
-        https://bugs.webkit.org/show_bug.cgi?id=103998
-
-        Reviewed by Simon Hausmann.
-
-        Implements the activity triggered garbage collector.
-
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::scheduleTimer):
-        (JSC::DefaultGCActivityCallback::cancelTimer):
-        * runtime/GCActivityCallback.h:
-        (GCActivityCallback):
-        (DefaultGCActivityCallback):
-
-2013-01-29  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
-
-        Compilation warning in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=108178
-
-        Reviewed by Kentaro Hara.
-
-        Fixed 'comparison between signed and unsigned integer' warning in JSC::Structure constructor.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-
-2013-01-29  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
-
-        [Qt] Fix the JSC build on Mac
-
-        Unreviewed, build fix.
-
-        * heap/HeapTimer.h:
-        Qt on Mac has USE(CF) true, and should use the CF HeapTimer in that case.
-
-2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
-
-        [Qt] Implement IncrementalSweeper and HeapTimer
-        https://bugs.webkit.org/show_bug.cgi?id=103996
-
-        Reviewed by Simon Hausmann.
-
-        Implements the incremental sweeping garbage collection for the Qt platform.
-
-        * heap/HeapTimer.cpp:
-        (JSC::HeapTimer::HeapTimer):
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::timerEvent):
-        (JSC::HeapTimer::synchronize):
-        (JSC::HeapTimer::invalidate):
-        (JSC::HeapTimer::didStartVMShutdown):
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::scheduleTimer):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-
-2013-01-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not use a graph that is a vector, Nodes shouldn't move after allocation, and we should always refer to nodes by Node*
-        https://bugs.webkit.org/show_bug.cgi?id=106868
-
-        Reviewed by Oliver Hunt.
-        
-        This adds a pool allocator for Nodes, and uses that instead of a Vector. Changes all
-        uses of Node& and NodeIndex to be simply Node*. Nodes no longer have an index except
-        for debugging (Node::index(), which is not guaranteed to be O(1)).
-        
-        1% speed-up on SunSpider, presumably because this improves compile times.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/DataFormat.h:
-        (JSC::dataFormatToString):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::booleanResult):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
-        (JSC::DFG::AbstractState::dump):
-        * dfg/DFGAbstractState.h:
-        (DFG):
-        (JSC::DFG::AbstractState::forNode):
-        (AbstractState):
-        (JSC::DFG::AbstractState::speculateInt32Unary):
-        (JSC::DFG::AbstractState::speculateNumberUnary):
-        (JSC::DFG::AbstractState::speculateBooleanUnary):
-        (JSC::DFG::AbstractState::speculateInt32Binary):
-        (JSC::DFG::AbstractState::speculateNumberBinary):
-        (JSC::DFG::AbstractState::trySetConstant):
-        * dfg/DFGAbstractValue.h:
-        (AbstractValue):
-        * dfg/DFGAdjacencyList.h:
-        (JSC::DFG::AdjacencyList::AdjacencyList):
-        (JSC::DFG::AdjacencyList::initialize):
-        * dfg/DFGAllocator.h: Added.
-        (DFG):
-        (Allocator):
-        (JSC::DFG::Allocator::Region::size):
-        (JSC::DFG::Allocator::Region::headerSize):
-        (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
-        (JSC::DFG::Allocator::Region::data):
-        (JSC::DFG::Allocator::Region::isInThisRegion):
-        (JSC::DFG::Allocator::Region::regionFor):
-        (Region):
-        (JSC::DFG::::Allocator):
-        (JSC::DFG::::~Allocator):
-        (JSC::DFG::::allocate):
-        (JSC::DFG::::free):
-        (JSC::DFG::::freeAll):
-        (JSC::DFG::::reset):
-        (JSC::DFG::::indexOf):
-        (JSC::DFG::::allocatorOf):
-        (JSC::DFG::::bumpAllocate):
-        (JSC::DFG::::freeListAllocate):
-        (JSC::DFG::::allocateSlow):
-        (JSC::DFG::::freeRegionsStartingAt):
-        (JSC::DFG::::startBumpingIn):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::originalArrayStructure):
-        (JSC::DFG::ArrayMode::alreadyChecked):
-        * dfg/DFGArrayMode.h:
-        (ArrayMode):
-        * dfg/DFGArrayifySlowPathGenerator.h:
-        (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::node):
-        (JSC::DFG::BasicBlock::isInPhis):
-        (JSC::DFG::BasicBlock::isInBlock):
-        (BasicBlock):
-        * dfg/DFGBasicBlockInlines.h:
-        (DFG):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getDirect):
-        (JSC::DFG::ByteCodeParser::get):
-        (JSC::DFG::ByteCodeParser::setDirect):
-        (JSC::DFG::ByteCodeParser::set):
-        (JSC::DFG::ByteCodeParser::setPair):
-        (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
-        (JSC::DFG::ByteCodeParser::getLocal):
-        (JSC::DFG::ByteCodeParser::setLocal):
-        (JSC::DFG::ByteCodeParser::getArgument):
-        (JSC::DFG::ByteCodeParser::setArgument):
-        (JSC::DFG::ByteCodeParser::flushDirect):
-        (JSC::DFG::ByteCodeParser::getToInt32):
-        (JSC::DFG::ByteCodeParser::toInt32):
-        (JSC::DFG::ByteCodeParser::getJSConstantForValue):
-        (JSC::DFG::ByteCodeParser::getJSConstant):
-        (JSC::DFG::ByteCodeParser::getCallee):
-        (JSC::DFG::ByteCodeParser::getThis):
-        (JSC::DFG::ByteCodeParser::setThis):
-        (JSC::DFG::ByteCodeParser::isJSConstant):
-        (JSC::DFG::ByteCodeParser::isInt32Constant):
-        (JSC::DFG::ByteCodeParser::valueOfJSConstant):
-        (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
-        (JSC::DFG::ByteCodeParser::constantUndefined):
-        (JSC::DFG::ByteCodeParser::constantNull):
-        (JSC::DFG::ByteCodeParser::one):
-        (JSC::DFG::ByteCodeParser::constantNaN):
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::addToGraph):
-        (JSC::DFG::ByteCodeParser::insertPhiNode):
-        (JSC::DFG::ByteCodeParser::addVarArgChild):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::getPrediction):
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord):
-        (ConstantRecord):
-        (JSC::DFG::ByteCodeParser::PhiStackEntry::PhiStackEntry):
-        (PhiStackEntry):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::emitFunctionChecks):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::setIntrinsicResult):
-        (JSC::DFG::ByteCodeParser::handleMinMax):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (JSC::DFG::ByteCodeParser::handleGetById):
-        (JSC::DFG::ByteCodeParser::getScope):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::linkBlock):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::fixPhis):
-        (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
-        (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
-        (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
-        (OperandSubstitution):
-        (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::recordNewTarget):
-        (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::canonicalize):
-        (JSC::DFG::CSEPhase::endIndexForPureCSE):
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::constantCSE):
-        (JSC::DFG::CSEPhase::weakConstantCSE):
-        (JSC::DFG::CSEPhase::getCalleeLoadElimination):
-        (JSC::DFG::CSEPhase::getArrayLengthElimination):
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::scopedVarLoadElimination):
-        (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
-        (JSC::DFG::CSEPhase::globalVarStoreElimination):
-        (JSC::DFG::CSEPhase::scopedVarStoreElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkFunctionElimination):
-        (JSC::DFG::CSEPhase::checkExecutableElimination):
-        (JSC::DFG::CSEPhase::checkStructureElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-        (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::checkArrayElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
-        (JSC::DFG::CSEPhase::getLocalLoadElimination):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::performSubstitution):
-        (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-        (CSEPhase):
-        * dfg/DFGCommon.cpp: Added.
-        (DFG):
-        (JSC::DFG::NodePointerTraits::dump):
-        * dfg/DFGCommon.h:
-        (DFG):
-        (JSC::DFG::NodePointerTraits::defaultValue):
-        (NodePointerTraits):
-        (JSC::DFG::verboseCompilationEnabled):
-        (JSC::DFG::shouldDumpGraphAtEachPhase):
-        (JSC::DFG::validationEnabled):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
-        (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
-        (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::Disassembler):
-        (JSC::DFG::Disassembler::createDumpList):
-        (JSC::DFG::Disassembler::dumpDisassembly):
-        * dfg/DFGDisassembler.h:
-        (JSC::DFG::Disassembler::setForNode):
-        (Disassembler):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGEdge.cpp: Added.
-        (DFG):
-        (JSC::DFG::Edge::dump):
-        * dfg/DFGEdge.h:
-        (JSC::DFG::Edge::Edge):
-        (JSC::DFG::Edge::node):
-        (JSC::DFG::Edge::operator*):
-        (JSC::DFG::Edge::operator->):
-        (Edge):
-        (JSC::DFG::Edge::setNode):
-        (JSC::DFG::Edge::useKind):
-        (JSC::DFG::Edge::setUseKind):
-        (JSC::DFG::Edge::isSet):
-        (JSC::DFG::Edge::shift):
-        (JSC::DFG::Edge::makeWord):
-        (JSC::DFG::operator==):
-        (JSC::DFG::operator!=):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupBlock):
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        (JSC::DFG::FixupPhase::fixIntEdge):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
-        (FixupPhase):
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::GenerationInfo):
-        (JSC::DFG::GenerationInfo::initConstant):
-        (JSC::DFG::GenerationInfo::initInteger):
-        (JSC::DFG::GenerationInfo::initJSValue):
-        (JSC::DFG::GenerationInfo::initCell):
-        (JSC::DFG::GenerationInfo::initBoolean):
-        (JSC::DFG::GenerationInfo::initDouble):
-        (JSC::DFG::GenerationInfo::initStorage):
-        (GenerationInfo):
-        (JSC::DFG::GenerationInfo::node):
-        (JSC::DFG::GenerationInfo::noticeOSRBirth):
-        (JSC::DFG::GenerationInfo::use):
-        (JSC::DFG::GenerationInfo::appendFill):
-        (JSC::DFG::GenerationInfo::appendSpill):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::Graph):
-        (JSC::DFG::Graph::~Graph):
-        (DFG):
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::amountOfNodeWhiteSpace):
-        (JSC::DFG::Graph::printNodeWhiteSpace):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::dumpBlockHeader):
-        (JSC::DFG::Graph::refChildren):
-        (JSC::DFG::Graph::derefChildren):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        (JSC::DFG::Graph::collectGarbage):
-        (JSC::DFG::Graph::determineReachability):
-        (JSC::DFG::Graph::resetExitStates):
-        * dfg/DFGGraph.h:
-        (Graph):
-        (JSC::DFG::Graph::ref):
-        (JSC::DFG::Graph::deref):
-        (JSC::DFG::Graph::changeChild):
-        (JSC::DFG::Graph::compareAndSwap):
-        (JSC::DFG::Graph::clearAndDerefChild):
-        (JSC::DFG::Graph::clearAndDerefChild1):
-        (JSC::DFG::Graph::clearAndDerefChild2):
-        (JSC::DFG::Graph::clearAndDerefChild3):
-        (JSC::DFG::Graph::convertToConstant):
-        (JSC::DFG::Graph::getJSConstantSpeculation):
-        (JSC::DFG::Graph::addSpeculationMode):
-        (JSC::DFG::Graph::valueAddSpeculationMode):
-        (JSC::DFG::Graph::arithAddSpeculationMode):
-        (JSC::DFG::Graph::addShouldSpeculateInteger):
-        (JSC::DFG::Graph::mulShouldSpeculateInteger):
-        (JSC::DFG::Graph::negateShouldSpeculateInteger):
-        (JSC::DFG::Graph::isConstant):
-        (JSC::DFG::Graph::isJSConstant):
-        (JSC::DFG::Graph::isInt32Constant):
-        (JSC::DFG::Graph::isDoubleConstant):
-        (JSC::DFG::Graph::isNumberConstant):
-        (JSC::DFG::Graph::isBooleanConstant):
-        (JSC::DFG::Graph::isCellConstant):
-        (JSC::DFG::Graph::isFunctionConstant):
-        (JSC::DFG::Graph::isInternalFunctionConstant):
-        (JSC::DFG::Graph::valueOfJSConstant):
-        (JSC::DFG::Graph::valueOfInt32Constant):
-        (JSC::DFG::Graph::valueOfNumberConstant):
-        (JSC::DFG::Graph::valueOfBooleanConstant):
-        (JSC::DFG::Graph::valueOfFunctionConstant):
-        (JSC::DFG::Graph::valueProfileFor):
-        (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
-        (JSC::DFG::Graph::numSuccessors):
-        (JSC::DFG::Graph::successor):
-        (JSC::DFG::Graph::successorForCondition):
-        (JSC::DFG::Graph::isPredictedNumerical):
-        (JSC::DFG::Graph::byValIsPure):
-        (JSC::DFG::Graph::clobbersWorld):
-        (JSC::DFG::Graph::varArgNumChildren):
-        (JSC::DFG::Graph::numChildren):
-        (JSC::DFG::Graph::varArgChild):
-        (JSC::DFG::Graph::child):
-        (JSC::DFG::Graph::voteNode):
-        (JSC::DFG::Graph::voteChildren):
-        (JSC::DFG::Graph::substitute):
-        (JSC::DFG::Graph::substituteGetLocal):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-        (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
-        * dfg/DFGInsertionSet.h:
-        (JSC::DFG::Insertion::Insertion):
-        (JSC::DFG::Insertion::element):
-        (Insertion):
-        (JSC::DFG::InsertionSet::insert):
-        (InsertionSet):
-        * dfg/DFGJITCompiler.cpp:
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::setForNode):
-        (JSC::DFG::JITCompiler::addressOfDoubleConstant):
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGLongLivedState.cpp: Added.
-        (DFG):
-        (JSC::DFG::LongLivedState::LongLivedState):
-        (JSC::DFG::LongLivedState::~LongLivedState):
-        (JSC::DFG::LongLivedState::shrinkToFit):
-        * dfg/DFGLongLivedState.h: Added.
-        (DFG):
-        (LongLivedState):
-        * dfg/DFGMinifiedID.h:
-        (JSC::DFG::MinifiedID::MinifiedID):
-        (JSC::DFG::MinifiedID::node):
-        * dfg/DFGMinifiedNode.cpp:
-        (JSC::DFG::MinifiedNode::fromNode):
-        * dfg/DFGMinifiedNode.h:
-        (MinifiedNode):
-        * dfg/DFGNode.cpp: Added.
-        (DFG):
-        (JSC::DFG::Node::index):
-        (WTF):
-        (WTF::printInternal):
-        * dfg/DFGNode.h:
-        (DFG):
-        (JSC::DFG::Node::Node):
-        (Node):
-        (JSC::DFG::Node::convertToGetByOffset):
-        (JSC::DFG::Node::convertToPutByOffset):
-        (JSC::DFG::Node::ref):
-        (JSC::DFG::Node::shouldSpeculateInteger):
-        (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
-        (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
-        (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
-        (JSC::DFG::Node::shouldSpeculateNumber):
-        (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
-        (JSC::DFG::Node::shouldSpeculateFinalObject):
-        (JSC::DFG::Node::shouldSpeculateArray):
-        (JSC::DFG::Node::dumpChildren):
-        (WTF):
-        * dfg/DFGNodeAllocator.h: Added.
-        (DFG):
-        (operator new ):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        (SpeculationFailureDebugInfo):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGPhase.cpp:
-        (DFG):
-        (JSC::DFG::Phase::beginPhase):
-        (JSC::DFG::Phase::endPhase):
-        * dfg/DFGPhase.h:
-        (Phase):
-        (JSC::DFG::runAndLog):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::setPrediction):
-        (JSC::DFG::PredictionPropagationPhase::mergePrediction):
-        (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
-        (JSC::DFG::PredictionPropagationPhase::isNotZero):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
-        (JSC::DFG::PredictionPropagationPhase::propagateForward):
-        (JSC::DFG::PredictionPropagationPhase::propagateBackward):
-        (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::ScoreBoard):
-        (JSC::DFG::ScoreBoard::use):
-        (JSC::DFG::ScoreBoard::useIfHasResult):
-        (ScoreBoard):
-        * dfg/DFGSilentRegisterSavePlan.h:
-        (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
-        (JSC::DFG::SilentRegisterSavePlan::node):
-        (SilentRegisterSavePlan):
-        * dfg/DFGSlowPathGenerator.h:
-        (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
-        (JSC::DFG::SlowPathGenerator::generate):
-        (SlowPathGenerator):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
-        (JSC::DFG::SpeculativeJIT::silentSpill):
-        (JSC::DFG::SpeculativeJIT::silentFill):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-        (JSC::DFG::SpeculativeJIT::useChildren):
-        (JSC::DFG::SpeculativeJIT::isStrictInt32):
-        (JSC::DFG::SpeculativeJIT::isKnownInteger):
-        (JSC::DFG::SpeculativeJIT::isKnownNumeric):
-        (JSC::DFG::SpeculativeJIT::isKnownCell):
-        (JSC::DFG::SpeculativeJIT::isKnownNotCell):
-        (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
-        (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
-        (JSC::DFG::SpeculativeJIT::writeBarrier):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
-        (JSC::DFG::GPRTemporary::GPRTemporary):
-        (JSC::DFG::FPRTemporary::FPRTemporary):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileArithSub):
-        (JSC::DFG::SpeculativeJIT::compileArithNegate):
-        (JSC::DFG::SpeculativeJIT::compileArithMul):
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
-        (JSC::DFG::SpeculativeJIT::compileArithMod):
-        (JSC::DFG::SpeculativeJIT::compare):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        (JSC::DFG::SpeculativeJIT::compileStrictEq):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
-        (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
-        (JSC::DFG::SpeculativeJIT::compileRegExpExec):
-        (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::canReuse):
-        (JSC::DFG::SpeculativeJIT::isFilled):
-        (JSC::DFG::SpeculativeJIT::isFilledDouble):
-        (JSC::DFG::SpeculativeJIT::use):
-        (JSC::DFG::SpeculativeJIT::isConstant):
-        (JSC::DFG::SpeculativeJIT::isJSConstant):
-        (JSC::DFG::SpeculativeJIT::isInt32Constant):
-        (JSC::DFG::SpeculativeJIT::isDoubleConstant):
-        (JSC::DFG::SpeculativeJIT::isNumberConstant):
-        (JSC::DFG::SpeculativeJIT::isBooleanConstant):
-        (JSC::DFG::SpeculativeJIT::isFunctionConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
-        (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
-        (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
-        (JSC::DFG::SpeculativeJIT::isNullConstant):
-        (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
-        (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
-        (JSC::DFG::SpeculativeJIT::integerResult):
-        (JSC::DFG::SpeculativeJIT::noResult):
-        (JSC::DFG::SpeculativeJIT::cellResult):
-        (JSC::DFG::SpeculativeJIT::booleanResult):
-        (JSC::DFG::SpeculativeJIT::jsValueResult):
-        (JSC::DFG::SpeculativeJIT::storageResult):
-        (JSC::DFG::SpeculativeJIT::doubleResult):
-        (JSC::DFG::SpeculativeJIT::initConstantInfo):
-        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
-        (JSC::DFG::SpeculativeJIT::isInteger):
-        (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
-        (JSC::DFG::SpeculativeJIT::setNodeForOperand):
-        (JSC::DFG::IntegerOperand::IntegerOperand):
-        (JSC::DFG::IntegerOperand::node):
-        (JSC::DFG::IntegerOperand::gpr):
-        (JSC::DFG::IntegerOperand::use):
-        (IntegerOperand):
-        (JSC::DFG::DoubleOperand::DoubleOperand):
-        (JSC::DFG::DoubleOperand::node):
-        (JSC::DFG::DoubleOperand::fpr):
-        (JSC::DFG::DoubleOperand::use):
-        (DoubleOperand):
-        (JSC::DFG::JSValueOperand::JSValueOperand):
-        (JSC::DFG::JSValueOperand::node):
-        (JSC::DFG::JSValueOperand::gpr):
-        (JSC::DFG::JSValueOperand::fill):
-        (JSC::DFG::JSValueOperand::use):
-        (JSValueOperand):
-        (JSC::DFG::StorageOperand::StorageOperand):
-        (JSC::DFG::StorageOperand::node):
-        (JSC::DFG::StorageOperand::gpr):
-        (JSC::DFG::StorageOperand::use):
-        (StorageOperand):
-        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateIntegerOperand::node):
-        (JSC::DFG::SpeculateIntegerOperand::gpr):
-        (JSC::DFG::SpeculateIntegerOperand::use):
-        (SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
-        (JSC::DFG::SpeculateStrictInt32Operand::node):
-        (JSC::DFG::SpeculateStrictInt32Operand::gpr):
-        (JSC::DFG::SpeculateStrictInt32Operand::use):
-        (SpeculateStrictInt32Operand):
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::node):
-        (JSC::DFG::SpeculateDoubleOperand::fpr):
-        (JSC::DFG::SpeculateDoubleOperand::use):
-        (SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateCellOperand::node):
-        (JSC::DFG::SpeculateCellOperand::gpr):
-        (JSC::DFG::SpeculateCellOperand::use):
-        (SpeculateCellOperand):
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        (JSC::DFG::SpeculateBooleanOperand::node):
-        (JSC::DFG::SpeculateBooleanOperand::gpr):
-        (JSC::DFG::SpeculateBooleanOperand::use):
-        (SpeculateBooleanOperand):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compileValueAdd):
-        (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compileValueAdd):
-        (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureAbstractValue.h:
-        (StructureAbstractValue):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * dfg/DFGValidate.cpp:
-        (DFG):
-        (Validate):
-        (JSC::DFG::Validate::validate):
-        (JSC::DFG::Validate::reportValidationContext):
-        * dfg/DFGValidate.h:
-        * dfg/DFGValueSource.cpp:
-        (JSC::DFG::ValueSource::dump):
-        * dfg/DFGValueSource.h:
-        (JSC::DFG::ValueSource::ValueSource):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-        * runtime/FunctionExecutableDump.cpp: Added.
-        (JSC):
-        (JSC::FunctionExecutableDump::dump):
-        * runtime/FunctionExecutableDump.h: Added.
-        (JSC):
-        (FunctionExecutableDump):
-        (JSC::FunctionExecutableDump::FunctionExecutableDump):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (DFG):
-        (JSGlobalData):
-        * runtime/Options.h:
-        (JSC):
-
-2013-01-28  Laszlo Gombos  <l.gombos@samsung.com>
-
-        Collapse testing for a list of PLATFORM() into OS() and USE() tests
-        https://bugs.webkit.org/show_bug.cgi?id=108018
-
-        Reviewed by Eric Seidel.
-
-        No functional change as "OS(DARWIN) && USE(CF)" equals to the
-        following platforms: MAC, WX, QT and CHROMIUM. CHROMIUM
-        is not using JavaScriptCore. 
-
-        * runtime/DatePrototype.cpp:
-        (JSC):
-
-2013-01-28  Geoffrey Garen  <ggaren@apple.com>
-
-        Static size inference for JavaScript objects
-        https://bugs.webkit.org/show_bug.cgi?id=108093
-
-        Reviewed by Phil Pizlo.
-
-        * API/JSObjectRef.cpp:
-        * JavaScriptCore.order:
-        * JavaScriptCore.xcodeproj/project.pbxproj: Pay the tax man.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode): op_new_object and op_create_this now
-        have an extra inferredInlineCapacity argument. This is the statically
-        inferred inline capacity, just from analyzing source text. op_new_object
-        also gets a pointer to an allocation profile. (For op_create_this, the
-        profile is in the construtor function.)
-
-        (JSC::CodeBlock::CodeBlock): Link op_new_object.
-
-        (JSC::CodeBlock::stronglyVisitStrongReferences): Mark our profiles.
-
-        * bytecode/CodeBlock.h:
-        (CodeBlock): Removed some dead code. Added object allocation profiles.
-
-        * bytecode/Instruction.h:
-        (JSC): New union type, since an instruction operand may point to an
-        object allocation profile now.
-
-        * bytecode/ObjectAllocationProfile.h: Added.
-        (JSC):
-        (ObjectAllocationProfile):
-        (JSC::ObjectAllocationProfile::offsetOfAllocator):
-        (JSC::ObjectAllocationProfile::offsetOfStructure):
-        (JSC::ObjectAllocationProfile::ObjectAllocationProfile):
-        (JSC::ObjectAllocationProfile::isNull):
-        (JSC::ObjectAllocationProfile::initialize):
-        (JSC::ObjectAllocationProfile::structure):
-        (JSC::ObjectAllocationProfile::inlineCapacity):
-        (JSC::ObjectAllocationProfile::clear):
-        (JSC::ObjectAllocationProfile::visitAggregate):
-        (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount): New class
-        for tracking a prediction about object allocation: structure, inline
-        capacity, allocator to use.
-
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName): Updated instruction sizes.
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC):
-        (JSC::UnlinkedCodeBlock::addObjectAllocationProfile):
-        (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles):
-        (UnlinkedCodeBlock): Unlinked support for allocation profiles.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate): Kill all remaining analyses at the
-        end of codegen, since this is our last opportunity.
-
-        (JSC::BytecodeGenerator::BytecodeGenerator): Added a static property
-        analyzer to bytecode generation. It tracks initializing assignments and
-        makes a guess about how many will happen.
-
-        (JSC::BytecodeGenerator::newObjectAllocationProfile):
-        (JSC):
-        (JSC::BytecodeGenerator::emitProfiledOpcode):
-        (JSC::BytecodeGenerator::emitMove):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetById):
-        (JSC::BytecodeGenerator::emitPutById):
-        (JSC::BytecodeGenerator::emitDirectPutById):
-        (JSC::BytecodeGenerator::emitPutGetterSetter):
-        (JSC::BytecodeGenerator::emitGetArgumentByVal):
-        (JSC::BytecodeGenerator::emitGetByVal): Added hooks to the static property
-        analyzer, so it can observe allocations and stores.
-
-        (JSC::BytecodeGenerator::emitCreateThis): Factored this into a helper
-        function because it was a significant amount of logic, and I wanted to
-        add to it.
-
-        (JSC::BytecodeGenerator::emitNewObject):
-        (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallVarargs):
-        (JSC::BytecodeGenerator::emitConstruct): Added a hook to profiled opcodes
-        to track their stores, in case a store kills a profiled allocation. Since
-        profiled opcodes are basically the only interesting stores we do, this
-        is a convenient place to notice any store that might kill an allocation.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator): As above.
-
-        * bytecompiler/StaticPropertyAnalysis.h: Added.
-        (JSC):
-        (StaticPropertyAnalysis):
-        (JSC::StaticPropertyAnalysis::create):
-        (JSC::StaticPropertyAnalysis::addPropertyIndex):
-        (JSC::StaticPropertyAnalysis::record):
-        (JSC::StaticPropertyAnalysis::propertyIndexCount):
-        (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis): Simple helper
-        class for tracking allocations and stores.
-
-        * bytecompiler/StaticPropertyAnalyzer.h: Added.
-        (StaticPropertyAnalyzer):
-        (JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):
-        (JSC::StaticPropertyAnalyzer::createThis):
-        (JSC::StaticPropertyAnalyzer::newObject):
-        (JSC::StaticPropertyAnalyzer::putById):
-        (JSC::StaticPropertyAnalyzer::mov):
-        (JSC::StaticPropertyAnalyzer::kill): Helper class for observing allocations
-        and stores and making an inline capacity guess. The heuristics here are
-        intentionally minimal because we don't want this one class to try to
-        re-create something like a DFG or a runtime analysis. If we discover that
-        we need those kinds of analyses, we should just replace this class with
-        something else.
-
-        This class tracks multiple registers that alias the same object -- that
-        happens a lot, when moving locals into temporary registers -- but it
-        doesn't track control flow or multiple objects that alias the same register.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute): Updated for rename.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock): Updated for inline capacity and
-        allocation profile.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasInlineCapacity):
-        (Node):
-        (JSC::DFG::Node::inlineCapacity):
-        (JSC::DFG::Node::hasFunction): Give the graph a good way to represent
-        inline capacity for an allocation.
-
-        * dfg/DFGNodeType.h:
-        (DFG): Updated for rename.
-
-        * dfg/DFGOperations.cpp: Updated for interface change.
-
-        * dfg/DFGOperations.h: We pass the inline capacity to the slow case as
-        an argument. This is the simplest way, since it's stored as a bytecode operand.
-
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate): Updated for rename.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID): Fixed a horrible off-by-one-half bug that only
-        appears when doing an inline cached load for property number 64 on a 32-bit
-        system. In JSVALUE32_64 land, "offsetRelativeToPatchedStorage" is the
-        offset of the 64bit JSValue -- but we'll actually issue two loads, one for
-        the payload at that offset, and one for the tag at that offset + 4. We need
-        to ensure that both loads have a compact representation, or we'll corrupt
-        the instruction stream.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile): Lots of refactoring to support
-        passing an allocator to our allocation function, and/or passing a Structure
-        as a register instead of an immediate.
-
-        * heap/MarkedAllocator.h:
-        (DFG):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::offsetOfFreeListHead): Added an accessor to simplify
-        JIT code generation of allocation from an arbitrary allocator.
-
-        * jit/JIT.h:
-        (JSC):
-        * jit/JITInlines.h:
-        (JSC):
-        (JSC::JIT::emitAllocateJSObject):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emitSlow_op_new_object):
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emitSlow_op_create_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_new_object):
-        (JSC::JIT::emitSlow_op_new_object):
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emitSlow_op_create_this): Same refactoring as done for the DFG.
-
-        * jit/JITStubs.cpp:
-        (JSC::tryCacheGetByID): Fixed the same bug mentioned above.
-
-        (JSC::DEFINE_STUB_FUNCTION): Updated for interface changes.
-
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions): Updated for interface changes.
-
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm: Same refactoring as for the JITs.
-
-        * profiler/ProfilerBytecode.cpp:
-        * profiler/ProfilerBytecodes.cpp:
-        * profiler/ProfilerCompilation.cpp:
-        * profiler/ProfilerCompiledBytecode.cpp:
-        * profiler/ProfilerDatabase.cpp:
-        * profiler/ProfilerOSRExit.cpp:
-        * profiler/ProfilerOrigin.cpp:
-        * profiler/ProfilerProfiledBytecodes.cpp: Include ObjectConstructor.h
-        because that's where createEmptyObject() lives now.
-
-        * runtime/Executable.h:
-        (JSC::JSFunction::JSFunction): Updated for rename.
-
-        * runtime/JSCellInlines.h:
-        (JSC::allocateCell): Updated to match the allocator selection code in
-        the JIT, so it's clearer that both are correct.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::createAllocationProfile):
-        (JSC::JSFunction::visitChildren):
-        (JSC::JSFunction::getOwnPropertySlot):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::defineOwnProperty):
-        (JSC::JSFunction::getConstructData):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::offsetOfScopeChain):
-        (JSC::JSFunction::offsetOfExecutable):
-        (JSC::JSFunction::offsetOfAllocationProfile):
-        (JSC::JSFunction::allocationProfile):
-        (JSFunction):
-        (JSC::JSFunction::tryGetAllocationProfile):
-        (JSC::JSFunction::addAllocationProfileWatchpoint): Changed inheritorID
-        data member to be an ObjectAllocationProfile, which includes a pointer
-        to the desired allocator. This simplifies JIT code, since we don't have
-        to compute the allocator on the fly. I verified by code inspection that
-        JSFunction is still only 64 bytes.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::dateStructure): No direct pointer to the empty
-        object structure anymore, because now clients need to specify how much
-        inline capacity they want.
-
-        * runtime/JSONObject.cpp:
-        * runtime/JSObject.h:
-        (JSC):
-        (JSFinalObject):
-        (JSC::JSFinalObject::defaultInlineCapacity):
-        (JSC::JSFinalObject::maxInlineCapacity):
-        (JSC::JSFinalObject::createStructure): A little refactoring to try to 
-        clarify where some of these constants derive from.
-
-        (JSC::maxOffsetRelativeToPatchedStorage): Used for bug fix, above.
-
-        * runtime/JSProxy.cpp:
-        (JSC::JSProxy::setTarget): Ugly, but effective.
-
-        * runtime/LiteralParser.cpp:
-        * runtime/ObjectConstructor.cpp:
-        (JSC::constructObject):
-        (JSC::constructWithObjectConstructor):
-        (JSC::callObjectConstructor):
-        (JSC::objectConstructorCreate): Updated for interface changes.
-
-        * runtime/ObjectConstructor.h:
-        (JSC::constructEmptyObject): Clarified your options for how to allocate
-        an empty object, to emphasize what things can actually vary.
-
-        * runtime/PropertyOffset.h: These constants have moved because they're
-        really higher level concepts to do with the layout of objects and the
-        collector. PropertyOffset is just an abstract number line, independent
-        of those things.
-
-        * runtime/PrototypeMap.cpp:
-        (JSC::PrototypeMap::emptyObjectStructureForPrototype):
-        (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
-        * runtime/PrototypeMap.h:
-        (PrototypeMap): The map key is now a pair of prototype and inline capacity,
-        since Structure encodes inline capacity.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::nonPropertyTransition):
-        (JSC::Structure::copyPropertyTableForPinning):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::totalStorageSize):
-        (JSC::Structure::transitionCount):
-        (JSC::Structure::create): Fixed a nasty refactoring bug that only shows
-        up after enabling variable-sized inline capacities: we were passing our
-        type info where our inline capacity was expected. The compiler didn't
-        notice because both have type int :(.
-
-2013-01-28  Oliver Hunt  <oliver@apple.com>
-
-        Add more assertions to the property storage use in arrays
-        https://bugs.webkit.org/show_bug.cgi?id=107728
-
-        Reviewed by Filip Pizlo.
-
-        Add a bunch of assertions to array and object butterfly
-        usage.  This should make debugging somewhat easier.
-
-        I also converted a couple of assertions to release asserts
-        as they were so low cost it seemed a sensible thing to do.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sortVector):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getHolyIndexQuickly):
-
-2013-01-28  Adam Barth  <abarth@webkit.org>
-
-        Remove webkitNotifications.createHTMLNotification
-        https://bugs.webkit.org/show_bug.cgi?id=107598
-
-        Reviewed by Benjamin Poulain.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-28  Michael Saboff  <msaboff@apple.com>
-
-        Cleanup ARM version of debugName() in DFGFPRInfo.h
-        https://bugs.webkit.org/show_bug.cgi?id=108090
-
-        Reviewed by David Kilzer.
-
-        Fixed debugName() so it will compile by adding static_cast<int> and missing commas.
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::debugName):
-
-2013-01-27  Andreas Kling  <akling@apple.com>
-
-        JSC: FunctionParameters are memory hungry.
-        <http://webkit.org/b/108033>
-        <rdar://problem/13094803>
-
-        Reviewed by Sam Weinig.
-
-        Instead of inheriting from Vector<Identifier>, make FunctionParameters a simple fixed-size array
-        with a custom-allocating create() function. Removes one step of indirection and cuts memory usage
-        roughly in half.
-
-        2.73 MB progression on Membuster3.
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedFunctionExecutable::paramString):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * parser/Nodes.cpp:
-        (JSC::FunctionParameters::create):
-        (JSC::FunctionParameters::FunctionParameters):
-        (JSC::FunctionParameters::~FunctionParameters):
-        * parser/Nodes.h:
-        (FunctionParameters):
-        (JSC::FunctionParameters::size):
-        (JSC::FunctionParameters::at):
-        (JSC::FunctionParameters::identifiers):
-
-2013-01-27  Andreas Kling  <akling@apple.com>
-
-        JSC: SourceProviderCache is memory hungry.
-        <http://webkit.org/b/108029>
-        <rdar://problem/13094806>
-
-        Reviewed by Sam Weinig.
-
-        Use fixed-size arrays for SourceProviderCacheItem's lists of captured variables.
-        Since the lists never change after the object is created, there's no need to keep them in Vectors
-        and we can instead create the whole cache item in a single allocation.
-
-        13.37 MB progression on Membuster3.
-
-        * parser/Parser.cpp:
-        (JSC::::parseFunctionInfo):
-        * parser/Parser.h:
-        (JSC::Scope::copyCapturedVariablesToVector):
-        (JSC::Scope::fillParametersForSourceProviderCache):
-        (JSC::Scope::restoreFromSourceProviderCache):
-        * parser/SourceProviderCacheItem.h:
-        (SourceProviderCacheItemCreationParameters):
-        (SourceProviderCacheItem):
-        (JSC::SourceProviderCacheItem::approximateByteSize):
-        (JSC::SourceProviderCacheItem::usedVariables):
-        (JSC::SourceProviderCacheItem::writtenVariables):
-        (JSC::SourceProviderCacheItem::~SourceProviderCacheItem):
-        (JSC::SourceProviderCacheItem::create):
-        (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
-
-2013-01-27  Zoltan Arvai  <zarvai@inf.u-szeged.hu>
-
-        Fixing atomicIncrement implementation for Windows by dropping support before XP SP2.
-        https://bugs.webkit.org/show_bug.cgi?id=106740
-
-        Reviewed by Benjamin Poulain.
-
-        * config.h:
-
-2013-01-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG variable event stream shouldn't use NodeIndex
-        https://bugs.webkit.org/show_bug.cgi?id=107996
-
-        Reviewed by Oliver Hunt.
-        
-        Introduce the notion of a DFG::MinifiedID, which is just a unique ID of a DFG Node.
-        Internally it currently uses a NodeIndex, but we could change this without having
-        to recode all of the users of MinifiedID. This effectively decouples the OSR exit
-        compiler's way of identifying nodes from the speculative JIT's way of identifying
-        nodes, and should make it easier to make changes to the speculative JIT's internals
-        in the future.
-        
-        Also changed variable event stream logging to exclude information about births and
-        deaths of constants, since the OSR exit compiler never cares about which register
-        holds a constant; if a value is constant then the OSR exit compiler can reify it.
-        
-        Also changed the variable event stream's value recovery computation to use a
-        HashMap keyed by MinifiedID rather than a Vector indexed by NodeIndex.
-        
-        This appears to be performance-neutral. It's primarily meant as a small step
-        towards https://bugs.webkit.org/show_bug.cgi?id=106868.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGGenerationInfo.h:
-        (JSC::DFG::GenerationInfo::GenerationInfo):
-        (JSC::DFG::GenerationInfo::initConstant):
-        (JSC::DFG::GenerationInfo::initInteger):
-        (JSC::DFG::GenerationInfo::initJSValue):
-        (JSC::DFG::GenerationInfo::initCell):
-        (JSC::DFG::GenerationInfo::initBoolean):
-        (JSC::DFG::GenerationInfo::initDouble):
-        (JSC::DFG::GenerationInfo::initStorage):
-        (JSC::DFG::GenerationInfo::noticeOSRBirth):
-        (JSC::DFG::GenerationInfo::use):
-        (JSC::DFG::GenerationInfo::appendFill):
-        (JSC::DFG::GenerationInfo::appendSpill):
-        (GenerationInfo):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGMinifiedGraph.h:
-        (JSC::DFG::MinifiedGraph::at):
-        (MinifiedGraph):
-        * dfg/DFGMinifiedID.h: Added.
-        (DFG):
-        (MinifiedID):
-        (JSC::DFG::MinifiedID::MinifiedID):
-        (JSC::DFG::MinifiedID::operator!):
-        (JSC::DFG::MinifiedID::nodeIndex):
-        (JSC::DFG::MinifiedID::operator==):
-        (JSC::DFG::MinifiedID::operator!=):
-        (JSC::DFG::MinifiedID::operator<):
-        (JSC::DFG::MinifiedID::operator>):
-        (JSC::DFG::MinifiedID::operator<=):
-        (JSC::DFG::MinifiedID::operator>=):
-        (JSC::DFG::MinifiedID::hash):
-        (JSC::DFG::MinifiedID::dump):
-        (JSC::DFG::MinifiedID::isHashTableDeletedValue):
-        (JSC::DFG::MinifiedID::invalidID):
-        (JSC::DFG::MinifiedID::otherInvalidID):
-        (JSC::DFG::MinifiedID::fromBits):
-        (JSC::DFG::MinifiedIDHash::hash):
-        (JSC::DFG::MinifiedIDHash::equal):
-        (MinifiedIDHash):
-        (WTF):
-        * dfg/DFGMinifiedNode.cpp:
-        (JSC::DFG::MinifiedNode::fromNode):
-        * dfg/DFGMinifiedNode.h:
-        (JSC::DFG::MinifiedNode::id):
-        (JSC::DFG::MinifiedNode::child1):
-        (JSC::DFG::MinifiedNode::getID):
-        (JSC::DFG::MinifiedNode::compareByNodeIndex):
-        (MinifiedNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileMovHint):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
-        * dfg/DFGValueSource.cpp:
-        (JSC::DFG::ValueSource::dump):
-        * dfg/DFGValueSource.h:
-        (JSC::DFG::ValueSource::ValueSource):
-        (JSC::DFG::ValueSource::isSet):
-        (JSC::DFG::ValueSource::kind):
-        (JSC::DFG::ValueSource::id):
-        (ValueSource):
-        (JSC::DFG::ValueSource::idFromKind):
-        (JSC::DFG::ValueSource::kindFromID):
-        * dfg/DFGVariableEvent.cpp:
-        (JSC::DFG::VariableEvent::dump):
-        (JSC::DFG::VariableEvent::dumpFillInfo):
-        (JSC::DFG::VariableEvent::dumpSpillInfo):
-        * dfg/DFGVariableEvent.h:
-        (JSC::DFG::VariableEvent::fillGPR):
-        (JSC::DFG::VariableEvent::fillPair):
-        (JSC::DFG::VariableEvent::fillFPR):
-        (JSC::DFG::VariableEvent::spill):
-        (JSC::DFG::VariableEvent::death):
-        (JSC::DFG::VariableEvent::movHint):
-        (JSC::DFG::VariableEvent::id):
-        (VariableEvent):
-        * dfg/DFGVariableEventStream.cpp:
-        (DFG):
-        (JSC::DFG::VariableEventStream::tryToSetConstantRecovery):
-        (JSC::DFG::VariableEventStream::reconstruct):
-        * dfg/DFGVariableEventStream.h:
-        (VariableEventStream):
-
-2013-01-25  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Rename LLInt projects folder and make appropriate changes to solutions.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.sln:
-        * JavaScriptCore.vcxproj/LLInt: Copied from JavaScriptCore.vcxproj/LLInt.vcproj.
-        * JavaScriptCore.vcxproj/LLInt.vcproj: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.make: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj.user: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj.user: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj.user: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: Removed.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: Removed.
-
-2013-01-24  Roger Fong  <roger_fong@apple.com>
-
-        VS2010 JavascriptCore: Clean up property sheets, add a JSC solution, add testRegExp and testAPI projects.
-        https://bugs.webkit.org/show_bug.cgi?id=106987
-
-        Reviewed by Brent Fulgham.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
-        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
-        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
-        * JavaScriptCore.vcxproj/jsc/jscDebug.props:
-        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
-        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
-        * JavaScriptCore.vcxproj/testRegExp: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: Added.
-        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props: Added.
-        * JavaScriptCore.vcxproj/testapi: Added.
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Added.
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters: Added.
-        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiCommon.props: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiDebug.props: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiPostBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiPreBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: Added.
-        * JavaScriptCore.vcxproj/testapi/testapiRelease.props: Added.
-
-2013-01-24  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Windows build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-
-2013-01-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::JITCompiler::getSpeculation() methods are badly named and superfluous
-        https://bugs.webkit.org/show_bug.cgi?id=107860
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGJITCompiler.h:
-        (JITCompiler):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-
-2013-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Rename JSValue.h/APIJSValue.h to JSCJSValue.h/JSValue.h
-        https://bugs.webkit.org/show_bug.cgi?id=107327
-
-        Reviewed by Filip Pizlo.
-
-        We're renaming these two files, so we have to replace the names everywhere.
-
-        * API/APICast.h:
-        * API/APIJSValue.h: Removed.
-        * API/JSBlockAdaptor.mm:
-        * API/JSStringRefCF.cpp:
-        * API/JSValue.h: Copied from Source/JavaScriptCore/API/APIJSValue.h.
-        * API/JSValue.mm:
-        * API/JSValueInternal.h:
-        * API/JSValueRef.cpp:
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * API/JavaScriptCore.h:
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CallLinkStatus.h:
-        * bytecode/CodeBlock.cpp:
-        * bytecode/MethodOfGettingAValueProfile.h:
-        * bytecode/ResolveGlobalStatus.cpp:
-        * bytecode/ResolveGlobalStatus.h:
-        * bytecode/SpeculatedType.h:
-        * bytecode/ValueRecovery.h:
-        * dfg/DFGByteCodeParser.cpp:
-        * dfg/DFGJITCompiler.cpp:
-        * dfg/DFGNode.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        * dfg/DFGSpeculativeJIT64.cpp:
-        * heap/CopiedBlock.h:
-        * heap/HandleStack.cpp:
-        * heap/HandleTypes.h:
-        * heap/WeakImpl.h:
-        * interpreter/Interpreter.h:
-        * interpreter/Register.h:
-        * interpreter/VMInspector.h:
-        * jit/HostCallReturnValue.cpp:
-        * jit/HostCallReturnValue.h:
-        * jit/JITCode.h:
-        * jit/JITExceptions.cpp:
-        * jit/JITExceptions.h:
-        * jit/JSInterfaceJIT.h:
-        * llint/LLIntCLoop.h:
-        * llint/LLIntData.h:
-        * llint/LLIntSlowPaths.cpp:
-        * profiler/ProfilerBytecode.h:
-        * profiler/ProfilerBytecodeSequence.h:
-        * profiler/ProfilerBytecodes.h:
-        * profiler/ProfilerCompilation.h:
-        * profiler/ProfilerCompiledBytecode.h:
-        * profiler/ProfilerDatabase.h:
-        * profiler/ProfilerOSRExit.h:
-        * profiler/ProfilerOSRExitSite.h:
-        * profiler/ProfilerOrigin.h:
-        * profiler/ProfilerOriginStack.h:
-        * runtime/ArgList.cpp:
-        * runtime/CachedTranscendentalFunction.h:
-        * runtime/CallData.h:
-        * runtime/Completion.h:
-        * runtime/ConstructData.h:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateInstance.cpp:
-        * runtime/DatePrototype.cpp:
-        * runtime/JSAPIValueWrapper.h:
-        * runtime/JSCJSValue.cpp: Copied from Source/JavaScriptCore/runtime/JSValue.cpp.
-        * runtime/JSCJSValue.h: Copied from Source/JavaScriptCore/runtime/JSValue.h.
-        (JSValue):
-        * runtime/JSCJSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlines.h.
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObjectFunctions.h:
-        * runtime/JSStringJoiner.h:
-        * runtime/JSValue.cpp: Removed.
-        * runtime/JSValue.h: Removed.
-        * runtime/JSValueInlines.h: Removed.
-        * runtime/LiteralParser.h:
-        * runtime/Operations.h:
-        * runtime/PropertyDescriptor.h:
-        * runtime/PropertySlot.h:
-        * runtime/Protect.h:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/Structure.h:
-
-2013-01-23  Oliver Hunt  <oliver@apple.com>
-
-        Harden JSC a bit with RELEASE_ASSERT
-        https://bugs.webkit.org/show_bug.cgi?id=107766
-
-        Reviewed by Mark Hahnenberg.
-
-        Went through and replaced a pile of ASSERTs that were covering
-        significantly important details (bounds checks, etc) where
-        having the checks did not impact release performance in any
-        measurable way.
-
-        * API/JSContextRef.cpp:
-        (JSContextCreateBacktrace):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::branchAdd32):
-        (JSC::MacroAssembler::branchMul32):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        (JSC::CodeBlock::handlerForBytecodeOffset):
-        (JSC::CodeBlock::lineNumberForBytecodeOffset):
-        (JSC::CodeBlock::bytecodeOffset):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::exceptionHandler):
-        (JSC::CodeBlock::codeOrigin):
-        (JSC::CodeBlock::immediateSwitchJumpTable):
-        (JSC::CodeBlock::characterSwitchJumpTable):
-        (JSC::CodeBlock::stringSwitchJumpTable):
-        (JSC::CodeBlock::setIdentifiers):
-        (JSC::baselineCodeBlockForInlineCallFrame):
-        (JSC::ExecState::uncheckedR):
-        * bytecode/CodeOrigin.cpp:
-        (JSC::CodeOrigin::inlineStack):
-        * bytecode/CodeOrigin.h:
-        (JSC::CodeOrigin::CodeOrigin):
-        * dfg/DFGCSEPhase.cpp:
-        * dfg/DFGOSRExit.cpp:
-        * dfg/DFGScratchRegisterAllocator.h:
-        (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
-        (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::allocate):
-        (JSC::DFG::SpeculativeJIT::spill):
-        (JSC::DFG::SpeculativeJIT::integerResult):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGValueSource.h:
-        (JSC::DFG::dataFormatToValueSourceKind):
-        (JSC::DFG::ValueSource::ValueSource):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        (JSC::BlockAllocator::releaseFreeRegions):
-        (JSC::BlockAllocator::blockFreeingThreadMain):
-        * heap/Heap.cpp:
-        (JSC::Heap::lastChanceToFinalize):
-        (JSC::Heap::collect):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        * jit/GCAwareJITStubRoutine.cpp:
-        (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JITExceptions.cpp:
-        (JSC::genericThrow):
-        * jit/JITInlines.h:
-        (JSC::JIT::emitLoad):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_resolve_operations):
-        * jit/JITStubRoutine.cpp:
-        (JSC::JITStubRoutine::observeZeroRefCount):
-        * jit/JITStubs.cpp:
-        (JSC::returnToThrowTrampoline):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::getOwnPropertySlot):
-        (JSC::Arguments::getOwnPropertyDescriptor):
-        (JSC::Arguments::deleteProperty):
-        (JSC::Arguments::defineOwnProperty):
-        (JSC::Arguments::didTearOffActivation):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::shift):
-        (JSC::unshift):
-        (JSC::arrayProtoFuncLastIndexOf):
-        * runtime/ButterflyInlines.h:
-        (JSC::Butterfly::growPropertyStorage):
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        * runtime/CodeCache.h:
-        (JSC::CacheMap::add):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::FunctionExecutable):
-        (JSC::EvalExecutable::unlinkCalls):
-        (JSC::ProgramExecutable::compileOptimized):
-        (JSC::ProgramExecutable::unlinkCalls):
-        (JSC::ProgramExecutable::initializeGlobalProperties):
-        (JSC::FunctionExecutable::baselineCodeBlockFor):
-        (JSC::FunctionExecutable::compileOptimizedForCall):
-        (JSC::FunctionExecutable::compileOptimizedForConstruct):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-        (JSC::FunctionExecutable::unlinkCalls):
-        (JSC::NativeExecutable::hashFor):
-        * runtime/Executable.h:
-        (JSC::EvalExecutable::compile):
-        (JSC::ProgramExecutable::compile):
-        (JSC::FunctionExecutable::compileForCall):
-        (JSC::FunctionExecutable::compileForConstruct):
-        * runtime/IndexingHeader.h:
-        (JSC::IndexingHeader::setVectorLength):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::pop):
-        (JSC::JSArray::shiftCountWithArrayStorage):
-        (JSC::JSArray::shiftCountWithAnyIndexingType):
-        (JSC::JSArray::unshiftCountWithArrayStorage):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::jsStrDecimalLiteral):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::copyButterfly):
-        (JSC::JSObject::defineOwnIndexedProperty):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
-        * runtime/JSString.cpp:
-        (JSC::JSRopeString::getIndexSlowCase):
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::popParenthesesDisjunctionContext):
-
-2013-01-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Constant folding an access to an uncaptured variable that is captured later in the same basic block shouldn't lead to assertion failures
-        https://bugs.webkit.org/show_bug.cgi?id=107750
-        <rdar://problem/12387265>
-
-        Reviewed by Mark Hahnenberg.
-        
-        The point of this assertion was that if there is no variable capturing going on, then there should only be one GetLocal
-        for the variable anywhere in the basic block. But if there is some capturing, then we'll have an unbounded number of
-        GetLocals. The assertion was too imprecise for the latter case. I want to keep this assertion, so I introduced a
-        checker that verifies this precisely: if there are any captured accesses to the variable anywhere at or after the
-        GetLocal we are eliminating, then we allow redundant GetLocals.
-
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (ConstantFoldingPhase):
-        (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
-
-2013-01-23  Oliver Hunt  <oliver@apple.com>
-
-        Replace ASSERT_NOT_REACHED with RELEASE_ASSERT_NOT_REACHED in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=107736
-
-        Reviewed by Mark Hahnenberg.
-
-        Mechanical change with no performance impact.
-
-        * API/JSBlockAdaptor.mm:
-        (BlockArgumentTypeDelegate::typeVoid):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::construct):
-        (JSC::::call):
-        * API/JSScriptRef.cpp:
-        * API/ObjCCallbackFunction.mm:
-        (ArgumentTypeDelegate::typeVoid):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::link):
-        (JSC::ARMv7Assembler::replaceWithLoad):
-        (JSC::ARMv7Assembler::replaceWithAddressComputation):
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::invert):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::countLeadingZeros32):
-        (JSC::MacroAssemblerARM::divDouble):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::absDouble):
-        (JSC::MacroAssemblerMIPS::replaceWithJump):
-        (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::absDouble):
-        (JSC::MacroAssemblerSH4::replaceWithJump):
-        (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::shllImm8r):
-        (JSC::SH4Assembler::shlrImm8r):
-        (JSC::SH4Assembler::cmplRegReg):
-        (JSC::SH4Assembler::branch):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::replaceWithLoad):
-        (JSC::X86Assembler::replaceWithAddressComputation):
-        * bytecode/CallLinkInfo.cpp:
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/CodeBlock.cpp:
-        (JSC::debugHookName):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::visitAggregate):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::usesOpcode):
-        * bytecode/DataFormat.h:
-        (JSC::needDataFormatConversion):
-        * bytecode/ExitKind.cpp:
-        (JSC::exitKindToString):
-        (JSC::exitKindIsCountable):
-        * bytecode/MethodOfGettingAValueProfile.cpp:
-        (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
-        * bytecode/Opcode.h:
-        (JSC::opcodeLength):
-        * bytecode/PolymorphicPutByIdList.cpp:
-        (JSC::PutByIdAccess::fromStructureStubInfo):
-        (JSC::PutByIdAccess::visitWeak):
-        * bytecode/StructureStubInfo.cpp:
-        (JSC::StructureStubInfo::deref):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC::BytecodeGenerator::emitGetLocalVar):
-        (JSC::BytecodeGenerator::beginSwitch):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::emitReadModifyAssignment):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::canHandleOpcodes):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::useKindToString):
-        * dfg/DFGDoubleFormatState.h:
-        (JSC::DFG::mergeDoubleFormatStates):
-        (JSC::DFG::doubleFormatStateToString):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::clobbersWorld):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::valueOfJSConstant):
-        (JSC::DFG::Node::successor):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGNodeType.h:
-        (JSC::DFG::defaultFlags):
-        * dfg/DFGRepatch.h:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-        * dfg/DFGSlowPathGenerator.h:
-        (JSC::DFG::SlowPathGenerator::call):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
-        (JSC::DFG::SpeculativeJIT::silentSpill):
-        (JSC::DFG::SpeculativeJIT::silentFill):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::bitOp):
-        (JSC::DFG::SpeculativeJIT::shiftOp):
-        (JSC::DFG::SpeculativeJIT::integerResult):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * dfg/DFGValueSource.h:
-        (JSC::DFG::ValueSource::valueRecovery):
-        * dfg/DFGVariableEvent.cpp:
-        (JSC::DFG::VariableEvent::dump):
-        * dfg/DFGVariableEventStream.cpp:
-        (JSC::DFG::VariableEventStream::reconstruct):
-        * heap/BlockAllocator.h:
-        (JSC::BlockAllocator::regionSetFor):
-        * heap/GCThread.cpp:
-        (JSC::GCThread::gcThreadMain):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::sweepHelper):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::isLive):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::inlineCallFrame):
-        * interpreter/Interpreter.cpp:
-        (JSC::getCallerInfo):
-        (JSC::getStackFrameCodeType):
-        (JSC::Interpreter::execute):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitBinaryDoubleOp):
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::isDirectPutById):
-        * jit/JITStubs.cpp:
-        (JSC::getPolymorphicAccessStructureListSlot):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        * parser/Lexer.cpp:
-        (JSC::::lex):
-        * parser/Nodes.h:
-        (JSC::ExpressionNode::emitBytecodeInConditionContext):
-        * parser/Parser.h:
-        (JSC::Parser::getTokenName):
-        (JSC::Parser::updateErrorMessageSpecialCase):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::operatorStackPop):
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::tearOffForInlineCallFrame):
-        * runtime/DatePrototype.cpp:
-        (JSC::formatLocaleDate):
-        * runtime/Executable.cpp:
-        (JSC::samplingDescription):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::unlinkCalls):
-        * runtime/Identifier.cpp:
-        (JSC):
-        * runtime/InternalFunction.cpp:
-        (JSC::InternalFunction::getCallData):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::push):
-        (JSC::JSArray::sort):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::defaultValue):
-        (JSC::JSCell::getOwnPropertyNames):
-        (JSC::JSCell::getOwnNonIndexPropertyNames):
-        (JSC::JSCell::className):
-        (JSC::JSCell::getPropertyNames):
-        (JSC::JSCell::customHasInstance):
-        (JSC::JSCell::putDirectVirtual):
-        (JSC::JSCell::defineOwnProperty):
-        (JSC::JSCell::getOwnPropertyDescriptor):
-        * runtime/JSCell.h:
-        (JSCell):
-        * runtime/JSNameScope.cpp:
-        (JSC::JSNameScope::put):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::canGetIndexQuickly):
-        (JSC::JSObject::getIndexQuickly):
-        (JSC::JSObject::tryGetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuicklyForPutDirect):
-        (JSC::JSObject::setIndexQuickly):
-        (JSC::JSObject::initializeIndex):
-        (JSC::JSObject::hasSparseMap):
-        (JSC::JSObject::inSparseIndexingMode):
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::isDynamicScope):
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::putDirectVirtual):
-        * runtime/JSSymbolTableObject.h:
-        (JSSymbolTableObject):
-        * runtime/LiteralParser.cpp:
-        (JSC::::parse):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::compileMatchOnly):
-        * runtime/StructureTransitionTable.h:
-        (JSC::newIndexingType):
-        * tools/CodeProfile.cpp:
-        (JSC::CodeProfile::sample):
-        * yarr/YarrCanonicalizeUCS2.h:
-        (JSC::Yarr::getCanonicalPair):
-        (JSC::Yarr::areCanonicallyEquivalent):
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchCharacterClass):
-        (JSC::Yarr::Interpreter::matchBackReference):
-        (JSC::Yarr::Interpreter::backtrackParenthesesTerminalEnd):
-        (JSC::Yarr::Interpreter::matchParentheses):
-        (JSC::Yarr::Interpreter::backtrackParentheses):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generateTerm):
-        (JSC::Yarr::YarrGenerator::backtrackTerm):
-        * yarr/YarrParser.h:
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
-        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::atomCharacterClassBuiltIn):
-
-2013-01-23  Tony Chang  <tony@chromium.org>
-
-        Unreviewed, set svn:eol-style to CRLF on Windows .sln files.
-
-        * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
-        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
-
-2013-01-23  Oliver Hunt  <oliver@apple.com>
-
-        Replace numerous manual CRASH's in JSC with RELEASE_ASSERT
-        https://bugs.webkit.org/show_bug.cgi?id=107726
-
-        Reviewed by Filip Pizlo.
-
-        Fairly manual change from if (foo) CRASH(); to RELEASE_ASSERT(!foo);
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::branchAdd32):
-        (JSC::MacroAssembler::branchMul32):
-        * bytecode/CodeBlockHash.cpp:
-        (JSC::CodeBlockHash::CodeBlockHash):
-        * heap/BlockAllocator.h:
-        (JSC::Region::create):
-        (JSC::Region::createCustomSize):
-        * heap/GCAssertions.h:
-        * heap/HandleSet.cpp:
-        (JSC::HandleSet::visitStrongHandles):
-        (JSC::HandleSet::writeBarrier):
-        * heap/HandleSet.h:
-        (JSC::HandleSet::allocate):
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::validate):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::DemandExecutableAllocator::allocateNewSpace):
-        (JSC::ExecutableAllocator::allocate):
-        * jit/ExecutableAllocator.h:
-        (JSC::roundUpAllocationSize):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
-        (JSC::ExecutableAllocator::allocate):
-        * runtime/ButterflyInlines.h:
-        (JSC::Butterfly::createUninitialized):
-        * runtime/Completion.cpp:
-        (JSC::evaluate):
-        * runtime/JSArray.h:
-        (JSC::constructArray):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::slowValidateCell):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
-        (JSC::JSObject::createArrayStorage):
-        * tools/TieredMMapArray.h:
-        (JSC::TieredMMapArray::append):
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::allocDisjunctionContext):
-        (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext):
-        (JSC::Yarr::Interpreter::InputStream::readChecked):
-        (JSC::Yarr::Interpreter::InputStream::uncheckInput):
-        (JSC::Yarr::Interpreter::InputStream::atEnd):
-        (JSC::Yarr::Interpreter::interpret):
-
-2013-01-22  Filip Pizlo  <fpizlo@apple.com>
-
-        Convert CSE phase to not rely too much on NodeIndex
-        https://bugs.webkit.org/show_bug.cgi?id=107616
-
-        Reviewed by Geoffrey Garen.
-        
-        - Instead of looping over the graph (which assumes that you can simply loop over all
-          nodes without considering blocks first) to reset node.replacement, do that in the
-          loop that sets up relevantToOSR, just before running CSE on the block.
-        
-        - Instead of having a relevantToOSR bitvector indexed by NodeIndex, made
-          NodeRelevantToOSR be a NodeFlag. We had exactly one bit left in NodeFlags, so I did
-          some reshuffling to fit it in.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::CSEPhase):
-        (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-        (CSEPhase):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGNodeType.h:
-        (DFG):
-
-2013-01-21  Kentaro Hara  <haraken@chromium.org>
-
-        Implement UIEvent constructor
-        https://bugs.webkit.org/show_bug.cgi?id=107430
-
-        Reviewed by Adam Barth.
-
-        Editor's draft: https://dvcs.w3.org/hg/d4e/raw-file/tip/source_respec.htm
-
-        UIEvent constructor is implemented under a DOM4_EVENTS_CONSTRUCTOR flag,
-        which is enabled on Safari and Chromium for now.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-22  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed VS2010 build fix following r140259.
-
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
-
-2013-01-22  Roger Fong  <roger_fong@apple.com>
-
-        JavaScriptCore property sheets, project files and modified build scripts.
-        https://bugs.webkit.org/show_bug.cgi?id=106987
-
-        Reviewed by Brent Fulgham.
-
-        * JavaScriptCore.vcxproj: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCore.resources: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCore.resources/Info.plist: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreCF.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj.filters: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCorePreBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: Added.
-        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.make: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: Added.
-        * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: Added.
-        * JavaScriptCore.vcxproj/build-generated-files.sh: Added.
-        * JavaScriptCore.vcxproj/copy-files.cmd: Added.
-        * JavaScriptCore.vcxproj/jsc: Added.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Added.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj.filters: Added.
-        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj.user: Added.
-        * JavaScriptCore.vcxproj/jsc/jscCommon.props: Added.
-        * JavaScriptCore.vcxproj/jsc/jscDebug.props: Added.
-        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/jsc/jscPreBuild.cmd: Added.
-        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd: Added.
-        * JavaScriptCore.vcxproj/jsc/jscRelease.props: Added.
-        * config.h:
-
-2013-01-22  Joseph Pecoraro  <pecoraro@apple.com>
-
-        [Mac] Enable Page Visibility (PAGE_VISIBILITY_API)
-        https://bugs.webkit.org/show_bug.cgi?id=107230
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-22  Tobias Netzel  <tobias.netzel@googlemail.com>
-
-        Yarr JIT isn't big endian compatible
-        https://bugs.webkit.org/show_bug.cgi?id=102897
-
-        Reviewed by Oliver Hunt.
-
-        This patch was tested in the current mozilla codebase only and has passed the regexp tests there.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
-
-2013-01-22  David Kilzer  <ddkilzer@apple.com>
-
-        Fix DateMath.cpp to compile with -Wshorten-64-to-32
-        <http://webkit.org/b/107503>
-
-        Reviewed by Darin Adler.
-
-        * runtime/JSDateMath.cpp:
-        (JSC::parseDateFromNullTerminatedCharacters): Remove unneeded
-        static_cast<int>().
-
-2013-01-22  Tim Horton  <timothy_horton@apple.com>
-
-        PDFPlugin: Build PDFPlugin everywhere, enable at runtime
-        https://bugs.webkit.org/show_bug.cgi?id=107117
-
-        Reviewed by Alexey Proskuryakov.
-
-        Since PDFLayerController SPI is all forward-declared, the plugin should build
-        on all Mac platforms, and can be enabled at runtime.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-21  Justin Schuh  <jschuh@chromium.org>
-
-        [CHROMIUM] Suppress c4267 build warnings for Win64 targets
-        https://bugs.webkit.org/show_bug.cgi?id=107499
-
-        Reviewed by Abhishek Arya.
-
-        * JavaScriptCore.gyp/JavaScriptCore.gyp:
-
-2013-01-21  Dirk Schulze  <dschulze@adobe.com>
-
-        Add build flag for Canvas's Path object (disabled by default)
-        https://bugs.webkit.org/show_bug.cgi?id=107473
-
-        Reviewed by Dean Jackson.
-
-        Add CANVAS_PATH build flag to build systems.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Weak GC maps should be easier to use
-        https://bugs.webkit.org/show_bug.cgi?id=107312
-
-        Reviewed by Sam Weinig.
-
-        Follow-up fix.
-
-        * runtime/PrototypeMap.cpp:
-        (JSC::PrototypeMap::emptyObjectStructureForPrototype): Restored this
-        ASSERT, which was disabled because of a bug in WeakGCMap.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::add): We can't pass our passed-in value to add() because
-        a PassWeak() clears itself when passed to another function. So, we pass
-        nullptr instead, and fix things up afterwards.
-
-2013-01-20  Geoffrey Garen  <ggaren@apple.com>
-
-        Unreviewed.
-
-        Temporarily disabling this ASSERT to get the bots green
-        while I investigate a fix.
-
-        * runtime/PrototypeMap.cpp:
-        (JSC::PrototypeMap::emptyObjectStructureForPrototype):
-
-2013-01-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Inserting a node into the DFG graph should not require five lines of code
-        https://bugs.webkit.org/show_bug.cgi?id=107381
-
-        Reviewed by Sam Weinig.
-        
-        This adds fairly comprehensive support for inserting a node into a DFG graph in one
-        method call. A common example of this is:
-        
-        m_insertionSet.insertNode(indexInBlock, DontRefChildren, DontRefNode, SpecNone, ForceOSRExit, codeOrigin);
-        
-        The arguments to insert() specify what reference counting you need to have happen
-        (RefChildren => recursively refs all children, RefNode => non-recursively refs the node
-        that was created), the prediction to set (SpecNone is a common default), followed by
-        the arguments to the Node() constructor. InsertionSet::insertNode() and similar methods
-        (Graph::addNode() and BasicBlock::appendNode()) all use a common variadic template
-        function macro from DFGVariadicFunction.h. Also, all of these methods will automatically
-        non-recursively ref() the node being created if the flags say NodeMustGenerate.
-        
-        In all, this new mechanism retains the flexibility of the old approach (you get to
-        manage ref counts yourself, albeit in less code) while ensuring that most code that adds
-        nodes to the graph now needs less code to do it.
-        
-        In the future, we should revisit the reference counting methodology in the DFG: we could
-        do like most compilers and get rid of it entirely, or we could make it automatic. This
-        patch doesn't attempt to make any such major changes, and only seeks to simplify the
-        technique we were already using (manual ref counting).
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/Operands.h:
-        (JSC::dumpOperands):
-        * dfg/DFGAdjacencyList.h:
-        (AdjacencyList):
-        (JSC::DFG::AdjacencyList::kind):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGBasicBlock.h:
-        (DFG):
-        (BasicBlock):
-        * dfg/DFGBasicBlockInlines.h: Added.
-        (DFG):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
-        * dfg/DFGCommon.h:
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
-        (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
-        (ConstantFoldingPhase):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::FixupPhase):
-        (JSC::DFG::FixupPhase::fixupBlock):
-        (JSC::DFG::FixupPhase::fixupNode):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::ref):
-        (Graph):
-        * dfg/DFGInsertionSet.h:
-        (DFG):
-        (JSC::DFG::Insertion::Insertion):
-        (JSC::DFG::Insertion::element):
-        (Insertion):
-        (JSC::DFG::InsertionSet::InsertionSet):
-        (JSC::DFG::InsertionSet::insert):
-        (InsertionSet):
-        (JSC::DFG::InsertionSet::execute):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::Node):
-        (Node):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * dfg/DFGVariadicFunction.h: Added.
-
-2013-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Track inheritance structures in a side table, instead of using a private
-        name in each prototype
-        https://bugs.webkit.org/show_bug.cgi?id=107378
-
-        Reviewed by Sam Weinig and Phil Pizlo.
-
-        This is a step toward object size inference.
-
-        Using a side table frees us to use a more complex key (a pair of
-        prototype and expected inline capacity).
-
-        It also avoids ruining inline caches for prototypes. (Adding a new private
-        name for a new inline capacity would change the prototype's structure,
-        possibly firing watchpoints, making inline caches go polymorphic, and
-        generally causing us to have a bad time.)
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri: Buildage.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::finishCreation): Updated to use new side table API.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::cacheInheritorID): Updated to use new side table API.
-
-        (JSC::JSFunction::visitChildren): Fixed a long-standing bug where JSFunction
-        forgot to visit one of its data members (m_cachedInheritorID). This
-        wasn't a user-visible problem before because JSFunction would always
-        visit its .prototype property, which visited its m_cachedInheritorID.
-        But now, function.prototype only weakly owns function.m_cachedInheritorID.
-
-        * runtime/JSGlobalData.h:
-        (JSGlobalData): Added the map, taking care to make sure that its
-        destructor would run after the heap destructor.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset): Updated to use new side table API.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::notifyPresenceOfIndexedAccessors):
-        (JSC::JSObject::setPrototype):
-        * runtime/JSObject.h:
-        (JSObject): Updated to use new side table API, and removed lots of code
-        that used to manage the per-object private name.
-
-        * runtime/JSProxy.cpp:
-        (JSC::JSProxy::setTarget):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorCreate):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::finishCreation): Updated to use new side table API.
-
-        * runtime/PrototypeMap.cpp: Added.
-        (JSC):
-        (JSC::PrototypeMap::addPrototype):
-        (JSC::PrototypeMap::emptyObjectStructureForPrototype):
-        * runtime/PrototypeMap.h: Added.
-        (PrototypeMap):
-        (JSC::PrototypeMap::isPrototype):
-        (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype): New side table.
-        This is a simple weak map, mapping an object to the structure you should
-        use when inheriting from that object. (In future, inline capacity will
-        be a part of the mapping.)
-
-        I used two maps to preserve existing behavior that allowed us to speculate
-        about an object becoming a prototype, even if it wasn't one at the moment.
-        However, I suspect that behavior can be removed without harm.
-
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::contains):
-        (WeakGCMap): I would rate myself a 6 / 10 in C++.
-
-2013-01-18  Dan Bernstein  <mitz@apple.com>
-
-        Removed duplicate references to two headers in the project files.
-
-        Rubber-stamped by Mark Rowe.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Unreviewed build fix for building JSC with DFG_ENABLE_DEBUG_PROPAGATION_VERBOSE enabled in DFGCommon.h.
-        Fixes the case where the argument node in fixupNode is freed due to the Vector storage being reallocated.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Unreviewed build fix for release builds when DFG_ENABLE_DEBUG_PROPAGATION_VERBOSE is set to 1 in DFGCommon.h.
-
-        * dfg/DFGCFAPhase.cpp: Added #include "Operations.h"
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Change set r140201 broke editing/selection/move-by-word-visually-multi-line.html
-        https://bugs.webkit.org/show_bug.cgi?id=107340
-
-        Reviewed by Filip Pizlo.
-
-        Due to the change landed in r140201, more nodes might end up
-        generating Int32ToDouble nodes.  Therefore, changed the JSVALUE64
-        constant path of compileInt32ToDouble() to use the more
-        restrictive isInt32Constant() check on the input.  This check was
-        the same as the existing ASSERT() so the ASSERT was eliminated.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-
-2013-01-18  Viatcheslav Ostapenko  <sl.ostapenko@samsung.com>
-
-        Weak GC maps should be easier to use
-        https://bugs.webkit.org/show_bug.cgi?id=107312
-
-        Reviewed by Ryosuke Niwa.
-
-        Build fix for linux platforms after r140194.
-
-        * runtime/WeakGCMap.h:
-        (WeakGCMap):
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Harden ArithDiv of integers fix-up by inserting Int32ToDouble node directly
-        https://bugs.webkit.org/show_bug.cgi?id=107321
-
-        Reviewed by  Filip Pizlo.
-
-        Split out the Int32ToDouble node insertion from fixDoubleEdge() and used it directly when we're fixing up
-        an ArithDiv node with integer inputs and output for platforms that don't have integer division.
-        Since we are checking that our inputs should be ints, we can just insert the Int32ToDouble node
-        without any further checks.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Fix up of ArithDiv nodes for non-x86 CPUs is broken
-        https://bugs.webkit.org/show_bug.cgi?id=107309
-
-        Reviewed by  Filip Pizlo.
-
-        Changed the logic so that we insert an Int32ToDouble node when the existing edge is not SpecDouble.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-
-2013-01-18  Dan Bernstein  <mitz@apple.com>
-
-        Tried to fix the build after r140194.
-
-        * API/JSWrapperMap.mm:
-        (-[JSWrapperMap wrapperForObject:]):
-
-2013-01-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Update documentation for JSValue and JSContext
-        https://bugs.webkit.org/show_bug.cgi?id=107313
-
-        Reviewed by Geoffrey Garen.
-
-        After changing the semantics of object lifetime we need to update the API documentation to reflect the new semantics.
-
-        * API/APIJSValue.h:
-        * API/JSContext.h:
-
-2013-01-18  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        r134080 causes heap problem on linux systems where PAGESIZE != 4096
-        https://bugs.webkit.org/show_bug.cgi?id=102828
-
-        Reviewed by Mark Hahnenberg.
-
-        Make MarkStackSegment::blockSize as the capacity of segments of a MarkStackArray.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
-        * heap/MarkStack.cpp:
-        (JSC):
-        (JSC::MarkStackArray::MarkStackArray):
-        (JSC::MarkStackArray::expand):
-        (JSC::MarkStackArray::donateSomeCellsTo):
-        (JSC::MarkStackArray::stealSomeCellsFrom):
-        * heap/MarkStack.h:
-        (JSC::MarkStackSegment::data):
-        (CapacityFromSize):
-        (MarkStackArray):
-        * heap/MarkStackInlines.h:
-        (JSC::MarkStackArray::setTopForFullSegment):
-        (JSC::MarkStackArray::append):
-        (JSC::MarkStackArray::isEmpty):
-        (JSC::MarkStackArray::size):
-        * runtime/Options.h:
-        (JSC):
-
-2013-01-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Weak GC maps should be easier to use
-        https://bugs.webkit.org/show_bug.cgi?id=107312
-
-        Reviewed by Sam Weinig.
-
-        This patch changes WeakGCMap to not use a WeakImpl finalizer to remove
-        items from the map, and to instead have the map automatically remove
-        stale items itself upon insertion. This has a few advantages:
-
-        (1) WeakGCMap is now compatible with all the specializations you would
-        use for HashMap.
-
-        (2) There's no need for clients to write special finalization munging
-        functions.
-
-        (3) Clients can specify custom value finalizers if they like.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Def!
-
-        * API/JSWeakObjectMapRefPrivate.cpp: Setter no longer requires a global
-        data, since we've reduced interdependency.
-
-        * heap/Handle.h: No more need to forward declare, since we've reduced
-        interdependency.
-
-        * heap/Weak.h:
-        (Weak): Use explicit so we can assign directly to a weak map iterator
-        without ambiguity between Weak<T> and PassWeak<T>.
-
-        * runtime/Structure.cpp:
-        (JSC::StructureTransitionTable::add): See above.
-
-        * runtime/Structure.h:
-        (JSC):
-        * runtime/StructureTransitionTable.h:
-        (StructureTransitionTable): Bad code goes away, programmer happy.
-
-        * runtime/WeakGCMap.h:
-        (JSC):
-        (WeakGCMap):
-        (JSC::WeakGCMap::WeakGCMap):
-        (JSC::WeakGCMap::set):
-        (JSC::WeakGCMap::add):
-        (JSC::WeakGCMap::find):
-        (JSC::WeakGCMap::contains):
-        (JSC::WeakGCMap::gcMap):
-        (JSC::WeakGCMap::gcMapIfNeeded): Inherit from HashMap and override any
-        function that might observe a Weak<T> that has died, just enough to
-        make such items appear as if they are not in the table.
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Refactor isPowerOf2() and add getLSBSet()
-        https://bugs.webkit.org/show_bug.cgi?id=107306
-
-        Reviewed by Filip Pizlo.
-
-        Moved implementation of isPowerOf2() to new hasOneBitSet() in wtf/MathExtras.h.
-
-        * runtime/PropertyMapHashTable.h:
-        (JSC::isPowerOf2):
-
-2013-01-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Clean up JSValue.mm
-        https://bugs.webkit.org/show_bug.cgi?id=107163
-
-        Reviewed by Darin Adler.
-
-        m_context is no longer weak, so there is now a lot of dead code in in JSValue.mm, and a wasted message send 
-        on every API call.  In the head of just about every method in JSValue.mm we're doing:
-
-        JSContext *context = [self context];
-        if (!context)
-            return nil;
-
-        This is getting a retained copy of the context, which is no longer necessary now m_context is no longer weak.  
-        We can just delete all these lines from all functions doing this, and where they were referring to the local 
-        variable 'context', instead we can just access m_context directly.
-
-        Since we're already going to be modifying most of JSValue.mm, we'll also do the following:
-
-        1) context @property is no longer weak – the context property is declared as:
-
-            @property(readonly, weak) JSContext *context;
-
-        This is really only informative (since we're not presently synthesizing the ivar), but it is now misleading. 
-        We should change it to:
-
-            @property(readonly, retain) JSContext *context;
-
-        2) the JSContext ivar and accessor can be automatically generated.  Since we're no longer doing anything 
-        special with m_context, we can just let the compiler handle the ivar for us.  We'll delete:
-
-            JSContext *m_context;
-
-        and:
-
-            - (JSContext *)context
-            {
-                return m_context;
-        
-            }
-
-        and find&replace "m_context" to "_context" in JSValue.mm.
-
-        * API/APIJSValue.h:
-        * API/JSValue.mm:
-        (-[JSValue toObject]):
-        (-[JSValue toBool]):
-        (-[JSValue toDouble]):
-        (-[JSValue toNumber]):
-        (-[JSValue toString]):
-        (-[JSValue toDate]):
-        (-[JSValue toArray]):
-        (-[JSValue toDictionary]):
-        (-[JSValue valueForProperty:]):
-        (-[JSValue setValue:forProperty:]):
-        (-[JSValue deleteProperty:]):
-        (-[JSValue hasProperty:]):
-        (-[JSValue defineProperty:descriptor:]):
-        (-[JSValue valueAtIndex:]):
-        (-[JSValue setValue:atIndex:]):
-        (-[JSValue isUndefined]):
-        (-[JSValue isNull]):
-        (-[JSValue isBoolean]):
-        (-[JSValue isNumber]):
-        (-[JSValue isString]):
-        (-[JSValue isObject]):
-        (-[JSValue isEqualToObject:]):
-        (-[JSValue isEqualWithTypeCoercionToObject:]):
-        (-[JSValue isInstanceOf:]):
-        (-[JSValue callWithArguments:]):
-        (-[JSValue constructWithArguments:]):
-        (-[JSValue invokeMethod:withArguments:]):
-        (-[JSValue objectForKeyedSubscript:]):
-        (-[JSValue setObject:forKeyedSubscript:]):
-        (-[JSValue initWithValue:inContext:]):
-        (-[JSValue dealloc]):
-        (-[JSValue description]):
-
-2013-01-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C API: Clean up JSValue
-        https://bugs.webkit.org/show_bug.cgi?id=107156
-
-        Reviewed by Oliver Hunt.
-
-        JSContext m_protectCounts, protect, unprotect are all now unnecessary overhead, and should all be removed.  
-        These exist to handle the context going away before the value does; the context needs to be able to unprotect 
-        values early.  Since the value is now keeping the context alive there is no longer any danger of this happening; 
-        instead we should just protect/unprotect the value in JSValue's init/dealloc methods.
-
-        * API/JSContext.mm:
-        (-[JSContext dealloc]):
-        * API/JSContextInternal.h:
-        * API/JSValue.mm:
-        (-[JSValue initWithValue:inContext:]):
-        (-[JSValue dealloc]):
-
-2013-01-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG Node::ref() and Node::deref() should not return bool, and should have postfixRef variants
-        https://bugs.webkit.org/show_bug.cgi?id=107147
-
-        Reviewed by Mark Hahnenberg.
-        
-        This small refactoring will enable a world where ref() returns Node*, which is useful for
-        https://bugs.webkit.org/show_bug.cgi?id=106868.  Also, while this refactoring does lead to
-        slightly less terse code, it's also slightly more self-explanatory.  I could never quite
-        remember what the meaning of the bool return from ref() and deref() was.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::collectGarbage):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::ref):
-        (JSC::DFG::Graph::deref):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::ref):
-        (Node):
-        (JSC::DFG::Node::postfixRef):
-        (JSC::DFG::Node::deref):
-        (JSC::DFG::Node::postfixDeref):
-
-2013-01-17  Alexey Proskuryakov  <ap@apple.com>
-
-        Added svn:ignore=*.pyc, so that ud_opcode.pyc and ud_optable.pyc don't show up
-        in svn stat.
-
-        * disassembler/udis86: Added property svn:ignore.
-
-2013-01-16  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG 32_64 backend doesn't check for hasArrayStorage() in NewArrayWithSize
-        https://bugs.webkit.org/show_bug.cgi?id=107081
-
-        Reviewed by Michael Saboff.
-
-        This bug led to the 32_64 backend emitting contiguous allocation code to allocate
-        ArrayStorage arrays. This then led to all manner of heap corruption, since
-        subsequent array accesses would be accessing the contiguous array "as if" it was
-        an arraystorage array.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-01-16  Jonathan Liu  <net147@gmail.com>
-
-        Add missing sys/mman.h include on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=98089
-
-        Reviewed by Darin Adler.
-
-        The madvise function and MADV_FREE constant require sys/mman.h.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-
-2013-01-15  Michael Saboff  <msaboff@apple.com>
-
-        DFG X86: division in the used-as-int case doesn't correctly check for -2^31/-1
-        https://bugs.webkit.org/show_bug.cgi?id=106978
-
-        Reviewed by Filip Pizlo.
-
-        Changed the numerator equal to -2^31 check to just return if we expect an integer
-        result, since the check is after we have determined that the denominator is -1.
-        The int result of -2^31 / -1 is -2^31, so just return the numerator as the result.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
-
-2013-01-15  Levi Weintraub  <leviw@chromium.org>
-
-        Unreviewed, rolling out r139792.
-        http://trac.webkit.org/changeset/139792
-        https://bugs.webkit.org/show_bug.cgi?id=106970
-
-        Broke the windows build.
-
-        * bytecode/GlobalResolveInfo.h: Removed property svn:mergeinfo.
-
-2013-01-15  Pratik Solanki  <psolanki@apple.com>
-
-        Use MADV_FREE_REUSABLE to return JIT memory to OS
-        https://bugs.webkit.org/show_bug.cgi?id=106830
-        <rdar://problem/11437701>
-
-        Reviewed by Geoffrey Garen.
-
-        Use MADV_FREE_REUSABLE to return JIT memory on OSes that have the underlying madvise bug
-        fixed.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-
-2013-01-15  Levi Weintraub  <leviw@chromium.org>
-
-        Unreviewed, rolling out r139790.
-        http://trac.webkit.org/changeset/139790
-        https://bugs.webkit.org/show_bug.cgi?id=106948
-
-        The patch is failing its own test.
-
-        * bytecode/GlobalResolveInfo.h: Removed property svn:mergeinfo.
-
-2013-01-15  Zan Dobersek  <zandobersek@gmail.com>
-
-        [Autotools] Unify JavaScriptCore sources list, regardless of target OS
-        https://bugs.webkit.org/show_bug.cgi?id=106007
-
-        Reviewed by Gustavo Noronha Silva.
-
-        Include the Source/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp target
-        in the general sources list as it is guarded by the ENABLE_EXECUTABLE_ALLOCATOR_FIXED
-        feature define. This define is only used on 64-bit architecture and indirectly depends
-        on enabling either JIT or YARR JIT feature. Both of these defines are disabled on
-        Windows OS when using 64-bit architecture so there's no need to add this target to
-        sources only when the target OS is Windows.
-
-        * GNUmakefile.list.am:
-
-2013-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not forget that it had proved something to be a constant during a merge just because it's merging against the empty value
-        https://bugs.webkit.org/show_bug.cgi?id=106727
-
-        Reviewed by Oliver Hunt.
-        
-        The problem was this statement:
-        
-        if (m_value != other.m_value)
-            m_value = JSValue();
-        
-        This is well-intentioned, in the sense that if we want our abstract value (i.e. this) to become the superset of the other
-        abstract value, and the two abstract values have proven different constants, then our abstract value should rescind its
-        claim that it has been proven to be constant. But this misses the special case that if the other abstract value is
-        completely clear (meaning that it wishes to contribute zero information and so the superset operation shouldn't change
-        this), it will have a clear m_value. So, the code prior to this patch would rescind the constant proof even though it
-        didn't have to.
-        
-        This comes up rarely and I don't believe it will be a performance win, but it is good to have the CFA been consistently
-        precise as often as possible.
-
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::merge):
-
-2013-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Python implementation reports "MemoryError" instead of doing things
-        https://bugs.webkit.org/show_bug.cgi?id=106690
-
-        Reviewed by Oliver Hunt.
-        
-        The bug was that the CFA was assuming that a variable is dead at the end of a basic block and hence doesn't need to
-        be merged to the next block if the last mention of the variable was dead. This is almost correct, except that it
-        doesn't work if the last mention is a GetLocal - the GetLocal itself may be dead, but that doesn't mean that the
-        variable is dead - it may still be live. The appropriate thing to do is to look at the GetLocal's Phi. If the
-        variable is used in the next block then the next block will have a reference to the last mention in our block unless
-        that last mention is a GetLocal, in which case it will link to the Phi. Doing it this way captures everything that
-        the CFA wants: if the last use is a live GetLocal then the CFA needs to consider the GetLocal itself for possible
-        refinements to the proof of the value in the variable, but if the GetLocal is dead, then this must mean that the
-        variable is not mentioned in the block but may still be "passed through" it, which is what the Phi will tell us.
-        Note that it is not possible for the GetLocal to refer to anything other than a Phi, and it is also not possible
-        for the last mention of a variable to be a dead GetLocal while there are other mentions that aren't dead - if
-        there had been SetLocals or GetLocals prior to the dead one then the dead one wouldn't have been emitted by the
-        parser.
-        
-        This also fixes a similar bug in the handling of captured variables. If a variable is captured, then it doesn't
-        matter if the last mention is dead, or not. Either way, we already know that a captured variable will be live in
-        the next block, so we must merge it no matter what.
-        
-        Finally, this change makes the output of Operands dumping a bit more verbose: it now prints the variable name next
-        to each variable's dump. I've often found the lack of this information confusing particularly for operand dumps
-        that involve a lot of variables.
-
-        * bytecode/Operands.h:
-        (JSC::dumpOperands):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-
-2013-01-14  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Fix vcproj file. Missing file tag after http://trac.webkit.org/changeset/139541.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2013-01-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG phases that store per-node information should store it in Node itself rather than using a secondary vector
-        https://bugs.webkit.org/show_bug.cgi?id=106753
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::AbstractState):
-        (JSC::DFG::AbstractState::beginBasicBlock):
-        (JSC::DFG::AbstractState::dump):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::forNode):
-        (AbstractState):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::CSEPhase):
-        (JSC::DFG::CSEPhase::performSubstitution):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (CSEPhase):
-        * dfg/DFGNode.h:
-        (Node):
-
-2013-01-12  Tim Horton  <timothy_horton@apple.com>
-
-        Unreviewed build fix.
-
-        * API/JSBlockAdaptor.mm:
-        * API/JSContext.mm:
-        * API/JSValue.mm:
-
-2013-01-12  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed 64 bit buildfix after r139496.
-
-        * dfg/DFGOperations.cpp:
-
-2013-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, speculative build fix.
-
-        * API/JSWrapperMap.mm:
-
-2013-01-10  Filip Pizlo  <fpizlo@apple.com>
-
-        JITThunks should not compile only because of luck
-        https://bugs.webkit.org/show_bug.cgi?id=105696
-
-        Rubber stamped by Sam Weinig and Geoffrey Garen.
-        
-        This patch was supposed to just move JITThunks into its own file. But then I
-        realized that there is a horrible circular dependency chain between JSCell,
-        JSGlobalData, CallFrame, and Weak, which only works because of magical include
-        order in JITStubs.h, and the fact that JSGlobalData.h includes JITStubs.h
-        before it includes JSCell or JSValue.
-        
-        I first tried to just get JITThunks.h to just magically do the same pointless
-        includes that JITStubs.h had, but then I decided to actually fix the underflying
-        problem, which was that JSCell needed CallFrame, CallFrame needed JSGlobalData,
-        JSGlobalData needed JITThunks, JITThunks needed Weak, and Weak needed JSCell.
-        Now, all of JSCell's outgoing dependencies are placed in JSCellInlines.h. This
-        also gave me an opportunity to move JSValue inline methods from JSCell.h into
-        JSValueInlines.h. But to make this really work, I needed to remove includes of
-        *Inlines.h from other headers (CodeBlock.h for example included JSValueInlines.h,
-        which defeats the whole entire purpose of having an Inlines.h file), and I needed
-        to add includes of *Inlines.h into a bunch of .cpp files. I did this mostly by
-        having .cpp files include Operations.h. In future, if you're adding a .cpp file
-        to JSC, you'll almost certainly have to include Operations.h unless you enjoy
-        link errors.
-
-        * API/JSBase.cpp:
-        * API/JSCallbackConstructor.cpp:
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackObject.cpp:
-        * API/JSClassRef.cpp:
-        * API/JSContextRef.cpp:
-        * API/JSObjectRef.cpp:
-        * API/JSScriptRef.cpp:
-        * API/JSWeakObjectMapRefPrivate.cpp:
-        * JSCTypedArrayStubs.h:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/ArrayAllocationProfile.cpp:
-        * bytecode/CodeBlock.cpp:
-        * bytecode/GetByIdStatus.cpp:
-        * bytecode/LazyOperandValueProfile.cpp:
-        * bytecode/ResolveGlobalStatus.cpp:
-        * bytecode/SpeculatedType.cpp:
-        * bytecode/UnlinkedCodeBlock.cpp:
-        * bytecompiler/BytecodeGenerator.cpp:
-        * debugger/Debugger.cpp:
-        * debugger/DebuggerActivation.cpp:
-        * debugger/DebuggerCallFrame.cpp:
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        * dfg/DFGArrayMode.cpp:
-        * dfg/DFGByteCodeParser.cpp:
-        * dfg/DFGConstantFoldingPhase.cpp:
-        * dfg/DFGDriver.cpp:
-        * dfg/DFGFixupPhase.cpp:
-        * dfg/DFGGraph.cpp:
-        * dfg/DFGJITCompiler.cpp:
-        * dfg/DFGOSREntry.cpp:
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        * dfg/DFGOSRExitCompiler64.cpp:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
-        (JSC::DFG::SpeculativeJIT::silentSpill):
-        (JSC::DFG::SpeculativeJIT::silentFill):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        * dfg/DFGSpeculativeJIT64.cpp:
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        * dfg/DFGVariableEventStream.cpp:
-        * heap/CopiedBlock.h:
-        * heap/CopiedSpace.cpp:
-        * heap/HandleSet.cpp:
-        * heap/Heap.cpp:
-        * heap/HeapStatistics.cpp:
-        * heap/SlotVisitor.cpp:
-        * heap/WeakBlock.cpp:
-        * interpreter/CallFrame.cpp:
-        * interpreter/CallFrame.h:
-        * jit/ClosureCallStubRoutine.cpp:
-        * jit/GCAwareJITStubRoutine.cpp:
-        * jit/JIT.cpp:
-        * jit/JITArithmetic.cpp:
-        * jit/JITArithmetic32_64.cpp:
-        * jit/JITCall.cpp:
-        * jit/JITCall32_64.cpp:
-        * jit/JITCode.h:
-        * jit/JITExceptions.cpp:
-        * jit/JITStubs.h:
-        * jit/JITThunks.h:
-        * jsc.cpp:
-        * llint/LLIntExceptions.cpp:
-        * profiler/LegacyProfiler.cpp:
-        * profiler/ProfileGenerator.cpp:
-        * profiler/ProfilerBytecode.cpp:
-        * profiler/ProfilerBytecodeSequence.cpp:
-        * profiler/ProfilerBytecodes.cpp:
-        * profiler/ProfilerCompilation.cpp:
-        * profiler/ProfilerCompiledBytecode.cpp:
-        * profiler/ProfilerDatabase.cpp:
-        * profiler/ProfilerOSRExit.cpp:
-        * profiler/ProfilerOSRExitSite.cpp:
-        * profiler/ProfilerOrigin.cpp:
-        * profiler/ProfilerOriginStack.cpp:
-        * profiler/ProfilerProfiledBytecodes.cpp:
-        * runtime/ArgList.cpp:
-        * runtime/Arguments.cpp:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanObject.cpp:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/CallData.cpp:
-        * runtime/CodeCache.cpp:
-        * runtime/Completion.cpp:
-        * runtime/ConstructData.cpp:
-        * runtime/DateConstructor.cpp:
-        * runtime/DateInstance.cpp:
-        * runtime/DatePrototype.cpp:
-        * runtime/Error.cpp:
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorInstance.cpp:
-        * runtime/ErrorPrototype.cpp:
-        * runtime/ExceptionHelpers.cpp:
-        * runtime/Executable.cpp:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/GetterSetter.cpp:
-        * runtime/Identifier.cpp:
-        * runtime/InternalFunction.cpp:
-        * runtime/JSActivation.cpp:
-        * runtime/JSBoundFunction.cpp:
-        * runtime/JSCell.cpp:
-        * runtime/JSCell.h:
-        (JSC):
-        * runtime/JSCellInlines.h: Added.
-        (JSC):
-        (JSC::JSCell::JSCell):
-        (JSC::JSCell::finishCreation):
-        (JSC::JSCell::structure):
-        (JSC::JSCell::visitChildren):
-        (JSC::allocateCell):
-        (JSC::isZapped):
-        (JSC::JSCell::isObject):
-        (JSC::JSCell::isString):
-        (JSC::JSCell::isGetterSetter):
-        (JSC::JSCell::isProxy):
-        (JSC::JSCell::isAPIValueWrapper):
-        (JSC::JSCell::setStructure):
-        (JSC::JSCell::methodTable):
-        (JSC::JSCell::inherits):
-        (JSC::JSCell::fastGetOwnPropertySlot):
-        (JSC::JSCell::fastGetOwnProperty):
-        (JSC::JSCell::toBoolean):
-        * runtime/JSDateMath.cpp:
-        * runtime/JSFunction.cpp:
-        * runtime/JSFunction.h:
-        (JSC):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSLock.cpp:
-        * runtime/JSNameScope.cpp:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSONObject.cpp:
-        * runtime/JSObject.h:
-        (JSC):
-        * runtime/JSProxy.cpp:
-        * runtime/JSScope.cpp:
-        * runtime/JSSegmentedVariableObject.cpp:
-        * runtime/JSString.h:
-        (JSC):
-        * runtime/JSStringJoiner.cpp:
-        * runtime/JSSymbolTableObject.cpp:
-        * runtime/JSValue.cpp:
-        * runtime/JSValueInlines.h:
-        (JSC::JSValue::toInt32):
-        (JSC::JSValue::toUInt32):
-        (JSC):
-        (JSC::JSValue::isUInt32):
-        (JSC::JSValue::asUInt32):
-        (JSC::JSValue::asNumber):
-        (JSC::jsNaN):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::encode):
-        (JSC::JSValue::decode):
-        (JSC::JSValue::operator bool):
-        (JSC::JSValue::operator==):
-        (JSC::JSValue::operator!=):
-        (JSC::JSValue::isEmpty):
-        (JSC::JSValue::isUndefined):
-        (JSC::JSValue::isNull):
-        (JSC::JSValue::isUndefinedOrNull):
-        (JSC::JSValue::isCell):
-        (JSC::JSValue::isInt32):
-        (JSC::JSValue::isDouble):
-        (JSC::JSValue::isTrue):
-        (JSC::JSValue::isFalse):
-        (JSC::JSValue::tag):
-        (JSC::JSValue::payload):
-        (JSC::JSValue::asInt32):
-        (JSC::JSValue::asDouble):
-        (JSC::JSValue::asCell):
-        (JSC::JSValue::isNumber):
-        (JSC::JSValue::isBoolean):
-        (JSC::JSValue::asBoolean):
-        (JSC::reinterpretDoubleToInt64):
-        (JSC::reinterpretInt64ToDouble):
-        (JSC::JSValue::isString):
-        (JSC::JSValue::isPrimitive):
-        (JSC::JSValue::isGetterSetter):
-        (JSC::JSValue::isObject):
-        (JSC::JSValue::getString):
-        (JSC::::getString):
-        (JSC::JSValue::getObject):
-        (JSC::JSValue::getUInt32):
-        (JSC::JSValue::toPrimitive):
-        (JSC::JSValue::getPrimitiveNumber):
-        (JSC::JSValue::toNumber):
-        (JSC::JSValue::toObject):
-        (JSC::JSValue::isFunction):
-        (JSC::JSValue::inherits):
-        (JSC::JSValue::toThisObject):
-        (JSC::JSValue::get):
-        (JSC::JSValue::put):
-        (JSC::JSValue::putByIndex):
-        (JSC::JSValue::structureOrUndefined):
-        (JSC::JSValue::equal):
-        (JSC::JSValue::equalSlowCaseInline):
-        (JSC::JSValue::strictEqualSlowCaseInline):
-        (JSC::JSValue::strictEqual):
-        * runtime/JSVariableObject.cpp:
-        * runtime/JSWithScope.cpp:
-        * runtime/JSWrapperObject.cpp:
-        * runtime/LiteralParser.cpp:
-        * runtime/Lookup.cpp:
-        * runtime/NameConstructor.cpp:
-        * runtime/NameInstance.cpp:
-        * runtime/NamePrototype.cpp:
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorPrototype.cpp:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberObject.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/Operations.h:
-        (JSC):
-        * runtime/PropertySlot.cpp:
-        * runtime/RegExp.cpp:
-        * runtime/RegExpCache.cpp:
-        * runtime/RegExpCachedResult.cpp:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpMatchesArray.cpp:
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/SmallStrings.cpp:
-        * runtime/SparseArrayValueMap.cpp:
-        * runtime/StrictEvalActivation.cpp:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringObject.cpp:
-        * runtime/StringRecursionChecker.cpp:
-        * runtime/Structure.h:
-        (JSC):
-        * runtime/StructureChain.cpp:
-        * runtime/TimeoutChecker.cpp:
-        * testRegExp.cpp:
-
-2013-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        If you use Phantom to force something to be live across an OSR exit, you should put it after the OSR exit
-        https://bugs.webkit.org/show_bug.cgi?id=106724
-
-        Reviewed by Oliver Hunt.
-        
-        In cases where we were getting it wrong, I think it was benign because we would either already have an
-        OSR exit prior to there, or the operand would be a constant.  But still, it's good to get this right.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2013-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Phantom(GetLocal) should be treated as relevant to OSR
-        https://bugs.webkit.org/show_bug.cgi?id=106715
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performBlockCSE):
-
-2013-01-11  Pratik Solanki  <psolanki@apple.com>
-
-        Fix function name typo ProgramExecutable::initalizeGlobalProperties()
-        https://bugs.webkit.org/show_bug.cgi?id=106701
-
-        Reviewed by Geoffrey Garen.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * runtime/Executable.cpp:
-        (JSC::ProgramExecutable::initializeGlobalProperties):
-        * runtime/Executable.h:
-
-2013-01-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        testapi is failing with a block-related error in the Objc API
-        https://bugs.webkit.org/show_bug.cgi?id=106055
-
-        Reviewed by Filip Pizlo.
-
-        Same bug as in testapi.mm. We need to actually call the static block, rather than casting the block to a bool.
-
-        * API/ObjCCallbackFunction.mm:
-        (blockSignatureContainsClass):
-
-2013-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Add a run-time option to print bytecode at DFG compile time
-        https://bugs.webkit.org/show_bug.cgi?id=106704
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * runtime/Options.h:
-        (JSC):
-
-2013-01-11  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to enable verbose printing of each OSR exit at run-time (rather than compile-time) and it should print register state
-        https://bugs.webkit.org/show_bug.cgi?id=106700
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (DFG):
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        * dfg/DFGCommon.h:
-        * dfg/DFGOSRExit.h:
-        (DFG):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * runtime/Options.h:
-        (JSC):
-
-2013-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed getDirectLocation and offsetForLocation and all their uses
-        https://bugs.webkit.org/show_bug.cgi?id=106692
-
-        Reviewed by Filip Pizlo.
-
-        getDirectLocation() and its associated offsetForLocation() relied on
-        detailed knowledge of the rules of PropertyOffset, JSObject, and
-        Structure, which is a hard thing to reverse-engineer reliably. Luckily,
-        it wasn't needed, and all clients either wanted a true value or a
-        PropertyOffset. So, I refactored accordingly.
-
-        * dfg/DFGOperations.cpp: Renamed putDirectOffset to putDirect, to clarify
-        that we are not putting an offset.
-
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnPropertySlot): Get a value instead of a value
-        pointer, since we never wanted a pointer to begin with.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::getOwnPropertySlot): Use a PropertyOffset instead of a pointer,
-        so we don't have to reverse-engineer the offset from the pointer.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        (JSC::JSObject::resetInheritorID):
-        (JSC::JSObject::inheritorID):
-        (JSC::JSObject::removeDirect):
-        (JSC::JSObject::fillGetterPropertySlot):
-        (JSC::JSObject::getOwnPropertyDescriptor): Renamed getDirectOffset and
-        putDirectOffset, as explaind above. We want to use the name "getDirectOffset"
-        for when the thing you're getting is the offset.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectOffset): Changed getDirectLocation to getDirectOffset,
-        since clients really wants PropertyOffsets and not locations.
-
-        (JSObject::offsetForLocation): Removed this function because it was hard
-        to get right.
-
-        (JSC::JSObject::putDirect):
-        (JSC::JSObject::putDirectUndefined):
-        (JSC::JSObject::inlineGetOwnPropertySlot):
-        (JSC::JSObject::putDirectInternal):
-        (JSC::JSObject::putDirectWithoutTransition):
-        * runtime/JSScope.cpp:
-        (JSC::executeResolveOperations):
-        (JSC::JSScope::resolvePut):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::putToPrimitive): Updated for renames.
-
-        * runtime/Lookup.cpp:
-        (JSC::setUpStaticFunctionSlot): Use a PropertyOffset instead of a pointer,
-        so we don't have to reverse-engineer the offset from the pointer.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::flattenDictionaryStructure): Updated for renames.
-
-2013-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed an unused version of getDirectLocation
-        https://bugs.webkit.org/show_bug.cgi?id=106691
-
-        Reviewed by Gavin Barraclough.
-
-        getDirectLocation is a weird operation. Removing the unused version is
-        the easy part.
-
-        * runtime/JSObject.h:
-        (JSObject):
-
-2013-01-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Objective-C objects that are passed to JavaScript leak (until the JSContext is destroyed)
-        https://bugs.webkit.org/show_bug.cgi?id=106056
-
-        Reviewed by Darin Adler.
-
-        * API/APIJSValue.h:
-        * API/JSValue.mm: Make the reference to the JSContext strong.
-        (-[JSValue context]):
-        (-[JSValue initWithValue:inContext:]):
-        (-[JSValue dealloc]):
-        * API/JSWrapperMap.mm: Make the reference back from wrappers to Obj-C objects weak instead of strong.
-        Also add an explicit WeakGCMap in the JSWrapperMap rather than using Obj-C associated object API which 
-        was causing memory leaks.
-        (wrapperClass):
-        (-[JSObjCClassInfo wrapperForObject:]):
-        (-[JSWrapperMap initWithContext:]):
-        (-[JSWrapperMap dealloc]):
-        (-[JSWrapperMap wrapperForObject:]):
-
-2013-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Fixed some bogus PropertyOffset ASSERTs
-        https://bugs.webkit.org/show_bug.cgi?id=106686
-
-        Reviewed by Gavin Barraclough.
-
-        The ASSERTs were passing a JSType instead of an inlineCapacity, due to
-        an incomplete refactoring.
-
-        The compiler didn't catch this because both types are int underneath.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::getDirect):
-        (JSC::JSObject::getDirectLocation):
-        (JSC::JSObject::offsetForLocation):
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransitionToExistingStructure): Validate against
-        our inline capacity, as we intended.
-
-2013-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Rename propertyOffsetFor => offsetForPropertyNumber
-        https://bugs.webkit.org/show_bug.cgi?id=106685
-
-        Reviewed by Gavin Barraclough.
-
-        Since the argument is just a typedef and not an object, I wanted to clarify the meaning.
-
-        * runtime/PropertyMapHashTable.h:
-        (JSC::PropertyTable::nextOffset): Updated for rename.
-
-        * runtime/PropertyOffset.h:
-        (JSC::offsetForPropertyNumber): Renamed. Also changed some PropertyOffset variables
-        to plain ints, because they're not actually on the PropertyOffsets number line.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::flattenDictionaryStructure):
-        * runtime/Structure.h:
-        (JSC::Structure::lastValidOffset): Updated for rename.
-
-2013-01-10  Zan Dobersek  <zandobersek@gmail.com>
-
-        Remove the ENABLE_ANIMATION_API feature define occurences
-        https://bugs.webkit.org/show_bug.cgi?id=106544
-
-        Reviewed by Simon Fraser.
-
-        The Animation API code was removed in r137243. The ENABLE_ANIMATION_API
-        feature define handling still lingers in various build systems and configurations
-        but is of no use, so it should be removed.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-09  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Just move the JavaScriptCore exports file around in the vcproj to make things clearer.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-
-2013-01-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Dont use a node reference after appending to the graph.
-        https://bugs.webkit.org/show_bug.cgi?id=103305
-        <rdar://problem/12753096>
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-
-2013-01-09  Roger Fong  <roger_fong@apple.com>
-
-        Rename export files to make them more easily findable.
-        https://bugs.webkit.org/show_bug.cgi?id=98695.
-
-        Reviewed by Timothy Horton.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed.
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def.
-
-2013-01-09  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add mips.rb to offlineasm_nosources.
-
-2013-01-08  Oliver Hunt  <oliver@apple.com>
-
-        Support op_typeof in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=98898
-
-        Reviewed by Filip Pizlo.
-
-        Adds a TypeOf node to the DFG to support op_typeof.
-
-        To avoid adding too much GC horror, this also makes the
-        common strings portion of the SmallString cache strongly
-        referenced.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-          We try to determine the result early here, and substitute in a constant.
-          Otherwise we leave the node intact, and set the result type to SpecString.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-          Parse op_typeof
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-          TypeOf nodes can be subjected to pure CSE
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-          We can handle typeof.
-        * dfg/DFGNodeType.h:
-        (DFG):
-          Define the node.
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-          Add operationTypeOf to support the non-trivial cases.
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-          Actual codegen
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC):
-        * runtime/Operations.h:
-        (JSC):
-          Some refactoring to allow us to get the type string for an
-          object without needing a callframe.
-
-
-2013-01-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG shouldn't treat the 'this' argument as being captured if a code block uses arguments
-        https://bugs.webkit.org/show_bug.cgi?id=106398
-        <rdar://problem/12439776>
-
-        Reviewed by Mark Hahnenberg.
-        
-        This is a possible optimization for inlined calls, and fixes crashes for inlined constructors, in the case
-        that the inlined code used arguments. The problem was that assuming that 'this' was captured implies the
-        assumption that it was initialized by the caller, which is wrong for constructors and this.
-        
-        Also added a pretty essential DFG IR validation rule: we shouldn't have any live locals at the top of the
-        root block. This helps to catch this bug: our assumption that 'this' was captured in an inlined constructor
-        that used arguments led to liveness for the temporary that would have held 'this' in the caller being
-        propagated all the way up to the entrypoint of the function.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isCaptured):
-        * dfg/DFGValidate.cpp:
-        (JSC::DFG::Validate::validate):
-        (JSC::DFG::Validate::reportValidationContext):
-        (Validate):
-        (JSC::DFG::Validate::dumpGraphIfAppropriate):
-
-2013-01-08  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r138921): Crash in JSC::Arguments::create
-        https://bugs.webkit.org/show_bug.cgi?id=106329
-        <rdar://problem/12974196>
-
-        Reviewed by Mark Hahnenberg.
-        
-        Arguments::finishCreation() that takes an InlineCallFrame* needs to understand that the callee can
-        be unset, indicating that the callee needs to be loaded from the true call frame. This adds a
-        method to InlineCallFrame to do just that.
-
-        * bytecode/CodeOrigin.cpp:
-        (JSC::InlineCallFrame::calleeForCallFrame):
-        * bytecode/CodeOrigin.h:
-        (InlineCallFrame):
-        * runtime/Arguments.h:
-        (JSC::Arguments::finishCreation):
-
-2013-01-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG initrinsic handling should ensure that we backwards propagate the fact that all operands may escape
-        https://bugs.webkit.org/show_bug.cgi?id=106365
-
-        Reviewed by Mark Hahnenberg.
-        
-        Use the fact that Phantom means that things escaped, and just insert Phantoms for all
-        of the operands.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-
-2013-01-08  Filip Pizlo  <fpizlo@apple.com>
-
-        If array allocation profiling causes a new_array to allocate double arrays, then the holes should end up being correctly initialized
-        https://bugs.webkit.org/show_bug.cgi?id=106363
-
-        Reviewed by Mark Hahnenberg.
-
-        * runtime/JSArray.h:
-        (JSC::JSArray::tryCreateUninitialized):
-
-2013-01-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should backwards-propagate NodeUsedAsValue for Phantom
-        https://bugs.webkit.org/show_bug.cgi?id=106299
-
-        Reviewed by Mark Hahnenberg.
-        
-        This is currently benign because Phantom is only inserted by the bytecode parser for
-        things that already happen to be used in contexts that backwards propagate
-        NodeUsedAsValue. But that doesn't change the fact that the semantics of Phantom are
-        that the value can be arbitrarily used by the baseline JIT.
-
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2013-01-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Rationalize closure call heuristics and profiling
-        https://bugs.webkit.org/show_bug.cgi?id=106270
-
-        Reviewed by Oliver Hunt.
-        
-        Did a number of things:
-        
-        - CallLinkInfo now remembers if it was ever a closure call, and CallLinkStatus uses
-          this. Reduces the likelihood that we will inline a closure call as if it was a
-          normal call.
-        
-        - Made InlineCallFrame print inferred function names, and refactored
-          CodeBlock::inferredName() to better use FunctionExecutable's API.
-        
-        - Made bytecode dumping print frequent exit sites that led to recompilation.
-        
-        - Made bytecode dumping for op_call and op_construct print what the CallLinkStatus
-          saw.
-        
-        * bytecode/CallLinkInfo.h:
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (CallLinkInfo):
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::computeFor):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::inferredName):
-        (JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
-        (JSC::CodeBlock::printCallOp):
-        * bytecode/CodeOrigin.cpp:
-        (JSC::CodeOrigin::dump):
-        (JSC::InlineCallFrame::inferredName):
-        (JSC):
-        (JSC::InlineCallFrame::dumpBriefFunctionInformation):
-        (JSC::InlineCallFrame::dump):
-        * bytecode/CodeOrigin.h:
-        (InlineCallFrame):
-        * bytecode/DFGExitProfile.cpp:
-        (JSC::DFG::ExitProfile::exitSitesFor):
-        (DFG):
-        * bytecode/DFGExitProfile.h:
-        (ExitProfile):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2013-01-07  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Sorted the xcodeproj file.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-01-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, it should be possible to build JSC on ARM.
-
-        * API/JSBase.h:
-        * jit/JITStubs.cpp:
-        (JSC::performPlatformSpecificJITAssertions):
-        (JSC):
-        * jit/JITStubs.h:
-        (JSC):
-        * jit/JITThunks.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITThunks.h:
-        (JITThunks):
-        * offlineasm/armv7.rb:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2013-01-07  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        MIPS LLInt implementation.
-        https://bugs.webkit.org/show_bug.cgi?id=99706
-
-        Reviewed by Filip Pizlo.
-
-        LLInt implementation for MIPS.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::jump):
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        * jit/JITStubs.cpp:
-        (JSC):
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * offlineasm/backends.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/mips.rb: Added.
-
-2013-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        testapi is failing with a block-related error in the Objc API
-        https://bugs.webkit.org/show_bug.cgi?id=106055
-
-        Reviewed by Geoffrey Garen.
-
-        Casting a block to a bool will always return true, which isn't the behavior that is intended here.
-        Instead we need to call the block, but C semantics don't allow this, so we need to change 
-        testapi.m to be Objective-C++ and therefore testapi.mm.
-
-        * API/tests/testapi.m: Removed.
-        * API/tests/testapi.mm: Copied from Source/JavaScriptCore/API/tests/testapi.m.
-        (blockSignatureContainsClass):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-01-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Simplify slow case profiling
-        https://bugs.webkit.org/show_bug.cgi?id=106208
-
-        Reviewed by Mark Rowe.
-        
-        Removing the minimum execution ratio portion of slow case profiling, which allows
-        the removal of a field from CodeBlock. This appears to be performance neutral,
-        implying that the complexity incurred by the previous heuristic was purely
-        harmful: it made the code more complicated, and it made CodeBlock larger, without
-        resulting in any measurable benefits.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::likelyToTakeSlowCase):
-        (JSC::CodeBlock::couldTakeSlowCase):
-        (JSC::CodeBlock::likelyToTakeSpecialFastCase):
-        (JSC::CodeBlock::couldTakeSpecialFastCase):
-        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
-        (JSC::CodeBlock::likelyToTakeAnySlowCase):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * runtime/Options.h:
-
-2013-01-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline closure calls
-        https://bugs.webkit.org/show_bug.cgi?id=106067
-
-        Reviewed by Gavin Barraclough.
-        
-        This adds initial support for inlining closure calls to the DFG. A call is considered
-        to be a closure call when the JSFunction* varies, but always has the same executable.
-        We already have closure call inline caching in both JITs, which works by checking that
-        the callee has an expected structure (as a cheap way of detecting that it is in fact
-        a JSFunction) and an expected executable. Closure call inlining uses profiling data
-        aggregated by CallLinkStatus to decide when to specialize the call to the particular
-        structure/executable, and inline the call rather than emitting a call sequence. When
-        we choose to do a closure inline rather than an ordinary inline, a number of things
-        change about how inlining is performed:
-        
-        - The inline is guarded by a CheckStructure/CheckExecutable rather than a
-          CheckFunction.
-        
-        - Instead of propagating a constant value for the scope, we emit GetMyScope every time
-          that the scope is needed, which loads the scope from a local variable. We do similar
-          things for the callee.
-        
-        - The prologue of the inlined code includes SetMyScope and SetCallee nodes to eagerly
-          plant the scope and callee into the "true call frame", i.e. the place on the stack
-          where the call frame would have been if the call had been actually performed. This
-          allows GetMyScope/GetCallee to work as they would if the code wasn't inlined. It
-          also allows for trivial handling of scope and callee for call frame reconstruction
-          upon stack introspection and during OSR.
-        
-        - A new node called GetScope is introduced, which just gets the scope of a function.
-          This node has the expected CSE support. This allows for the
-          SetMyScope(GetScope(@function)) sequence to set up the scope in the true call frame.
-        
-        - GetMyScope/GetCallee CSE can match against SetMyScope/SetCallee, which means that
-          the GetMyScope/GetCallee nodes emitted during parsing are often removed during CSE,
-          if we can prove that it is safe to do so.
-        
-        - Inlining heuristics are adjusted to grok the cost of inlining a closure. We are
-          less likely to inline a closure call than we are to inline a normal call, since we
-          end up emitting more code for closures due to CheckStructure, CheckExecutable,
-          GetScope, SetMyScope, and SetCallee.
-        
-        Additionally, I've fixed the VariableEventStream to ensure that we don't attempt to
-        plant Undefined into the true call frames. This was previously a harmless oversight,
-        but it becomes quite bad if OSR is relying on the scope/callee already having been
-        set and not subsequently clobbered by the OSR itself.
-        
-        This is a ~60% speed-up on programs that frequently make calls to closures. It's
-        neutral on V8v7 and other major benchmark suites.
-        
-        The lack of a definite speed-up is likely due the fact that closure inlining currently
-        does not do any cardinality [1] optimizations. We don't observe when a closure was
-        constructed within its caller, and so used the scope from its caller; and furthermore
-        we have no facility to detect when the scope is single. All scoped variable accesses
-        are assumed to be multiple instead. A subsequent step will be to ensure that closure
-        call inlining will be single and loving it.
-        
-        [1] Single and loving it: Must-alias analysis for higher-order languages. Suresh
-            Jagannathan, Peter Thiemann, Stephen Weeks, and Andrew Wright. In POPL '98.
-
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::dump):
-        * bytecode/CallLinkStatus.h:
-        (JSC::CallLinkStatus::isClosureCall):
-        (CallLinkStatus):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::globalObjectFor):
-        (JSC):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/CodeOrigin.cpp:
-        (JSC::InlineCallFrame::dump):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::emitFunctionChecks):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::pureCSE):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::getCalleeLoadElimination):
-        (JSC::DFG::CSEPhase::checkExecutableElimination):
-        (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::mightInlineFunctionForClosureCall):
-        * dfg/DFGCapabilities.h:
-        (DFG):
-        (JSC::DFG::mightInlineFunctionForClosureCall):
-        (JSC::DFG::canInlineFunctionForClosureCall):
-        (JSC::DFG::canInlineFunctionFor):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::hasExecutable):
-        (JSC::DFG::Node::executable):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGVariableEventStream.cpp:
-        (JSC::DFG::VariableEventStream::reconstruct):
-        * runtime/Options.h:
-        (JSC):
-
-2013-01-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Data flow paths that carry non-numbers, non-undefined, non-null values should not cause subtractions and arithmetic additions (i.e. ++) to speculate double
-        https://bugs.webkit.org/show_bug.cgi?id=106190
-
-        Reviewed by Sam Weinig.
-        
-        The problem is that the DFG logic for deciding when to speculate integer was
-        confusing the special case of ValueAdd (where non-numeric values should cause us
-        to not speculate integer, because we want to fall off into the generic case) with
-        the more normal case of ArithAdd and ArithSub (where we want to speculate integer
-        unless we have evidence that the operands are doubles, since the DFG doesn't have
-        generic handling of non-numeric arithmetic). Prior to this change doing a - b where
-        either a or b were possibly non-numeric would always force the subtraction to be
-        done using doubles.
-
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::addSpeculationMode):
-        (Graph):
-        (JSC::DFG::Graph::valueAddSpeculationMode):
-        (JSC::DFG::Graph::arithAddSpeculationMode):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-
-2013-01-04  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should trust array profiling over value profiling
-        https://bugs.webkit.org/show_bug.cgi?id=106155
-
-        Reviewed by Gavin Barraclough.
-        
-        The real problem is that prediction propagation is not flow-sensitive. We had code
-        like:
-        
-        var a = (some load from memory); // returns either an array or false
-        if (a)
-            a[i] = v;
-        
-        Because 'a' could be 'false', we were emitting a fully generic unoptimized PutByVal.
-        This patch changes ArrayMode to ignore the type of the base of an array access, if
-        array profiling tells us that the array access can be optimized.
-        
-        In the future, we could probably make this work even better with some flow
-        sensitivity in the prediction propagator, but I also tend to think that this is a
-        more robust overall solution. If we ever did want to support array accesses on
-        array-or-false then we should change the array profiler to be able to tell us that
-        this is what is going on.
-        
-        3.7% speed-up on V8/earley.
-
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::refine):
-
-2013-01-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Rationalize exit site profiling for calls
-        https://bugs.webkit.org/show_bug.cgi?id=106150
-
-        Reviewed by Sam Weinig.
-        
-        This adds two new exit kinds for calls: BadFunction and BadExecutable. The latter is not used
-        yet, but is already integrated with profiling. CheckFunction uses a BadFunction speculation
-        instead of BadCache, now. This allows CallLinkStatus to turn itself into a closure call status
-        if we had a BadFunction exit site but the CallLinkInfo told us to use a non-closure call. This
-        might happen if we had call unlinking that led to information loss along the way.
-        
-        No performance impact. This is meant as another step towards inlining closure calls.
-
-        * bytecode/CallLinkStatus.cpp:
-        * bytecode/CallLinkStatus.h:
-        (JSC::CallLinkStatus::setIsProved):
-        (JSC::CallLinkStatus::setHasBadFunctionExitSite):
-        (CallLinkStatus):
-        (JSC::CallLinkStatus::setHasBadCacheExitSite):
-        (JSC::CallLinkStatus::setHasBadExecutableExitSite):
-        * bytecode/ExitKind.cpp:
-        (JSC::exitKindToString):
-        * bytecode/ExitKind.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-01-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not elide CheckStructure if it's needed to perform a cell check
-        https://bugs.webkit.org/show_bug.cgi?id=106074
-
-        Reviewed by Ryosuke Niwa.
-        
-        The problem here was that the constant folding phase was misinterpreting the meaning of the sets
-        in DFG::AbstractValue.  AbstractValue describes a constraint on the values that a variable (i.e.
-        a DFG Node, or a virtual register, i.e. local or argument) may have. It does so by containing
-        four sets: the set of JSValues (either empty, the singleton set containing one JSValue, or the
-        set of all JSValues); the set of "current known" structures, i.e. the set of structures that you
-        already know that this value may have right now (also either empty, the singleton set, or the set
-        of all structures); the set of "future possible" structures, i.e. the set of structures that this
-        value could have in the future if none of the structure transition watchpoints for those
-        structures had fired (also empty, singleton, or all); and the set of types, which is a
-        SpeculatedType bitmask. The correct way to interpret the sets is to think of the AbstractValue as
-        the intersection of these three sets of values:
-        
-        - The set of JSValues that have a type that belongs to the m_type set.
-        - If m_value is not the empty value then: the set of all JSValues that are == m_value;
-                                            else: the set of all JSValues.
-          where '==' is as defined by JSValue::operator==.
-        - Union of { the set of all cells that have a structure that belongs to m_currentKnownStructure }
-               and { the set of all JSValues that are not cells }.
-        
-        You can then further intersect this set with the following set, if you guard the code with
-        watchpoints on all structures in the m_futurePossibleStructure:
-        
-        - Union of { the set of all cells that have a structure that belongs to m_futurePossibleStructure }
-               and { the set of all JSValues that are not cells }.
-        
-        One way to think of this is that m_currentKnownStructure is filtered by m_futurePossibleStructure
-        (i.e. is set to the intersection of m_currentKnownStructure and m_futurePossibleStructure), if the
-        code for which you're doing this is always preceded by watchpoints on all structures in
-        m_futurePossibleStructure, and is always before any side-effects that could change the structures
-        of objects.
-        
-        The incorrect optimization related to CheckStructure. CheckStructure checks that the value is a
-        cell, and that it has a particular structure. It was incorrectly assuming that you could eliminate
-        the CheckStructure, if m_currentKnownStructure contained the structure that CheckStructure was
-        checking. But this is not the case, since m_currentKnownStructure does not prove that the value is
-        a cell with a particular structure; it only proves that if the value was a cell then it would have
-        a particular structure. Hence, to eliminate CheckStructure, it is also necessary to check that
-        AbstractValue::m_type contains only cells (i.e. isCellSpeculation(m_type) == true).
-        
-        It wasn't doing that, and this changes makes sure that it does do that.
-
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-
-2013-01-04  Adam Klein  <adamk@chromium.org>
-
-        Remove ENABLE_MUTATION_OBSERVERS #define
-        https://bugs.webkit.org/show_bug.cgi?id=105459
-
-        Reviewed by Ryosuke Niwa.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-01-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::ByteCodeCache serves little or no purpose ever since we decided to keep bytecode around permanently
-        https://bugs.webkit.org/show_bug.cgi?id=106058
-
-        Reviewed by Michael Saboff.
-        
-        All baseline code blocks now always have bytecode, so the bytecode cache's ability to minimize the
-        number of times that the DFG produces bytecode sequences for code blocks is superfluous.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGByteCodeCache.h: Removed.
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        * runtime/Executable.cpp:
-        (JSC):
-        * runtime/Executable.h:
-        (FunctionExecutable):
-
-2013-01-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix build for DFG JIT disabled.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpValueProfiling):
-        (JSC::CodeBlock::dumpArrayProfiling):
-        * runtime/Executable.cpp:
-        (JSC):
-        (JSC::ExecutableBase::intrinsic):
-
-2013-01-03  Filip Pizlo  <fpizlo@apple.com>
-
-        CallLinkStatus should be aware of closure calls, and the DFG bytecode parser should use that as its sole internal notion of how to optimize calls
-        https://bugs.webkit.org/show_bug.cgi?id=106027
-
-        Reviewed by Mark Hahnenberg.
-        
-        Previously, the DFG bytecode parser had its own internal notion of exactly what CallLinkStatus was
-        meant to do, in the form of a CallType, expectedFunction, intrinsic, etc. This change makes CallLinkStatus
-        smart enough to do all of that, and also gives it the ability to understand closure calls.
-
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::CallLinkStatus):
-        (JSC):
-        (JSC::CallLinkStatus::function):
-        (JSC::CallLinkStatus::internalFunction):
-        (JSC::CallLinkStatus::intrinsicFor):
-        (JSC::CallLinkStatus::setIsProved):
-        (JSC::CallLinkStatus::computeFromLLInt):
-        (JSC::CallLinkStatus::computeFor):
-        (JSC::CallLinkStatus::dump):
-        * bytecode/CallLinkStatus.h:
-        (JSC):
-        (JSC::CallLinkStatus::CallLinkStatus):
-        (CallLinkStatus):
-        (JSC::CallLinkStatus::takesSlowPath):
-        (JSC::CallLinkStatus::isSet):
-        (JSC::CallLinkStatus::isClosureCall):
-        (JSC::CallLinkStatus::callTarget):
-        (JSC::CallLinkStatus::executable):
-        (JSC::CallLinkStatus::structure):
-        (JSC::CallLinkStatus::isProved):
-        (JSC::CallLinkStatus::canOptimize):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::valueOfFunctionConstant):
-
-2013-01-02  Simon Hausmann  <simon.hausmann@digia.com>
-
-        [MinGW-w64] Centralize workaround for pow() implementation
-        https://bugs.webkit.org/show_bug.cgi?id=105925
-
-        Reviewed by Sam Weinig.
-
-        As suggested by Sam, move the MinGW-w64 workaround into MathExtras.h
-        away from the JSC usage.
-
-        * runtime/MathObject.cpp:
-        (JSC::mathPow):
-
-2013-01-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Objective-C API for JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=105889
-
-        Reviewed by Geoff Garen.
-
-        Fixes for more issues raised by Darin.
-
-        * API/JSBlockAdaptor.mm:
-        (BlockArgument):
-        (BlockArgumentStruct::BlockArgumentStruct):
-        (BlockArgumentTypeDelegate::typeStruct):
-        (BlockResult):
-        (BlockResultStruct::BlockResultStruct):
-        (buildBlockSignature):
-        (-[JSBlockAdaptor initWithBlockSignatureFromProtocol:]):
-        (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
-            - fix * position for Objective-C types
-        * API/JSContext.h:
-            - fix * position for Objective-C types
-        * API/JSContext.mm:
-        (-[JSContext initWithVirtualMachine:]):
-        (-[JSContext virtualMachine]):
-        (contextInternalContext):
-            - fix * position for Objective-C types
-        (-[JSContext dealloc]):
-        (-[JSContext protect:]):
-        (-[JSContext unprotect:]):
-            - HashMap<JSValueRef, size_t> -> HashCountedSet<JSValueRef>
-        * API/JSContextInternal.h:
-        (WeakContextRef):
-            - fix * position for Objective-C types
-        * API/JSValue.mm:
-        (valueToString):
-            - fix * position for Objective-C types
-        (isNSBoolean):
-            - Added helper to check for booleans.
-        (objectToValueWithoutCopy):
-            - Added contextRef
-            - fix * position for Objective-C types
-            - Remove @YES, @NO literal usage, use isNSBoolean instead
-        (objectToValue):
-            - Added contextRef
-        (+[JSValue valueWithValue:inContext:]):
-        (-[JSValue initWithValue:inContext:]):
-            - fix * position for Objective-C types
-        (createStructHandlerMap):
-        (handerForStructTag):
-            - getStructTagHandler -> handerForStructTag
-            - Split out createStructHandlerMap
-            - strncmp -> memcmp
-            - String(type).impl() -> StringImpl::create(type)
-        (+[JSValue selectorForStructToValue:]):
-        (+[JSValue selectorForValueToStruct:]):
-            - getStructTagHandler -> handerForStructTag
-        (typeToValueInvocationFor):
-        (valueToTypeInvocationFor):
-            - fix * position for Objective-C types
-        * API/JSValueInternal.h:
-            - fix * position for Objective-C types
-        * API/JSVirtualMachineInternal.h:
-            - fix * position for Objective-C types
-        * API/JSWrapperMap.h:
-            - fix * position for Objective-C types
-        * API/JSWrapperMap.mm:
-        (selectorToPropertyName):
-        (createObjectWithCustomBrand):
-        (createRenameMap):
-        (putNonEnumerable):
-        (copyMethodsToObject):
-        (copyPrototypeProperties):
-        (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
-        (-[JSWrapperMap initWithContext:]):
-        (-[JSWrapperMap wrapperForObject:]):
-        (getJSExportProtocol):
-            - fix * position for Objective-C types
-        * API/ObjCCallbackFunction.h:
-            - fix * position for Objective-C types
-        * API/ObjCCallbackFunction.mm:
-        (CallbackArgument):
-        (CallbackArgumentStruct::CallbackArgumentStruct):
-            - fix * position for Objective-C types
-        (CallbackArgumentBlockCallback::createAdoptingJSBlockAdaptor):
-            - Added to make adopt explicit
-        (CallbackArgumentBlockCallback):
-        (CallbackArgumentBlockCallback::CallbackArgumentBlockCallback):
-        (ArgumentTypeDelegate::typeBlock):
-            - Call createAdoptingJSBlockAdaptor
-        (ArgumentTypeDelegate::typeStruct):
-        (CallbackResult):
-        (CallbackResultStruct::CallbackResultStruct):
-        (ResultTypeDelegate::typeStruct):
-        (ObjCCallbackFunction::ObjCCallbackFunction):
-        (ObjCCallbackFunction::context):
-        (objCCallbackFunctionForInvocation):
-        (objCCallbackFunctionForMethod):
-        (objCCallbackFunctionForBlock):
-            - fix * position for Objective-C types
-        * API/ObjcRuntimeExtras.h:
-        (protocolImplementsProtocol):
-        (forEachProtocolImplementingProtocol):
-        (forEachMethodInProtocol):
-        (forEachPropertyInProtocol):
-            - fix * position for Objective-C types
-        * API/tests/testapi.m:
-        (-[TestObject testArgumentTypesWithInt:double:boolean:string:number:array:dictionary:]):
-        (testObjectiveCAPI):
-            - fix * position for Objective-C types
-
-2013-01-02  Geoffrey Garen  <ggaren@apple.com>
-
-        Some renaming in the CodeCache
-        https://bugs.webkit.org/show_bug.cgi?id=105966
-
-        Reviewed by Gavin Barraclough.
-
-        CodeBlockKey => SourceCodeKey because the key is not a CodeBlock.
-
-        m_recentlyUsedFunctionCode => m_recentlyUsedFunctions to match other names.
-
-        GlobalFunctionKey => FunctionKey because the key is not unique to globalness.
-
-        m_cachedGlobalFunctions => m_globalFunctions because "cached" is redundant
-        for data members in an object called "CodeCache".
-
-        kMaxRootCodeBlockEntries => kMaxRootEntries because there are no non-CodeBlock
-        entries in a CodeBlock cache.
-
-        kMaxFunctionCodeBlocks => kMaxChildFunctionEntries to clarify that this
-        number models a parent-child relationship.
-
-        Also removed the initial "k" from enum constants. That's an interesting
-        style for calling out constants, but it's not the WebKit style.
-
-        Finally, a behavior change: Use MaxRootEntries for the limit on global
-        functions, and not MaxChildFunctionEntries. Previously, there was an
-        unused constant that seemed to have been intended for this purpose.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::makeSourceCodeKey):
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::generateFunctionCodeBlock):
-        (JSC::CodeCache::makeFunctionKey):
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        (JSC::CodeCache::usedFunctionCode):
-        * runtime/CodeCache.h:
-        (JSC::CodeCache::clear):
-
-2013-01-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG inlining machinery should be robust against the inline callee varying while the executable stays the same
-        https://bugs.webkit.org/show_bug.cgi?id=105953
-
-        Reviewed by Mark Hahnenberg.
-        
-        This institutes the policy that if InlineCallFrame::callee is null, then the callee and scope have already
-        been stored into the true call frame (i.e. the place where the call frame of the inlined call would have
-        been) and so any attempt to access the callee or scope should do a load instead of assuming that the value
-        is constant. This wires the changes through the bytecode parser, the stack scanning logic, and the compiler
-        optimization phases and backends.
-
-        * bytecode/CodeOrigin.cpp:
-        (JSC::InlineCallFrame::dump):
-        * bytecode/CodeOrigin.h:
-        (CodeOrigin):
-        (InlineCallFrame):
-        (JSC::InlineCallFrame::isClosureCall):
-        (JSC::CodeOrigin::stackOffset):
-        (JSC):
-        * dfg/DFGAssemblyHelpers.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::get):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::getScope):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCSEPhase.cpp:
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::genericPureCSE):
-        (JSC::DFG::CSEPhase::pureCSE):
-        (JSC::DFG::CSEPhase::pureCSERequiringSameInlineCallFrame):
-        (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::trueCallFrame):
-
-2013-01-02  Gavin Barraclough  <barraclough@apple.com>
-
-        Objective-C API for JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=105889
-
-        Reviewed by Geoff Garen.
-
-        Fixes for a number of issues raised by Darin.
-
-        * API/APIJSValue.h:
-            - Fix typos in comment
-            - Add newline before NS_CLASS_AVAILABLE(10_9, NA)
-            - cls -> expectedClass
-            - key type for -setObject:forKeyedSubscript: is now NSObject <NSCopying> *
-        * API/JSBase.h:
-            - JS_OBJC_API_ENABLED no longer implies __OBJC__
-        * API/JSBlockAdaptor.mm:
-        (BlockArgumentStruct::BlockArgumentStruct):
-        (BlockArgumentStruct):
-            - mark virtual functions as virtual, override, and private
-            - refactor out buffer allocation for struct types
-        (BlockArgumentTypeDelegate::typeVoid):
-        (BlockArgumentTypeDelegate::typeBlock):
-        (BlockArgumentTypeDelegate::typeStruct):
-            - return nil -> return 0
-        (BlockResultStruct::BlockResultStruct):
-        (BlockResultStruct):
-            - mark virtual functions as virtual, override, and private
-            - refactor out buffer allocation for struct types
-        (buildBlockSignature):
-            - %lu is not an appropriate format specifier for NSInteger
-        (-[JSBlockAdaptor initWithBlockSignatureFromProtocol:]):
-            - nil check [super init]
-        (-[JSBlockAdaptor blockMatchesSignature:]):
-        (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
-            - ctx -> contextRef
-        * API/JSContext.h:
-            - Fix typos in comment
-            - Add newline before NS_CLASS_AVAILABLE(10_9, NA)
-            - key type for -setObject:forKeyedSubscript: is now NSObject <NSCopying> *
-        * API/JSContext.mm:
-        (-[JSContext initWithVirtualMachine:]):
-            - nil check [super init]
-        (+[JSContext currentArguments]):
-            - args -> argumentArray
-        (-[JSContext setObject:forKeyedSubscript:]):
-            - key type for -setObject:forKeyedSubscript: is now NSObject <NSCopying> *
-        (-[JSContext dealloc]):
-        (-[JSContext protect:]):
-        (-[JSContext unprotect:]):
-            - m_protected -> m_protectCounts
-        * API/JSValue.mm:
-        (-[JSValue toObjectOfClass:]):
-            - cls -> expectedClass
-        (-[JSValue toBool]):
-        (-[JSValue deleteProperty:]):
-        (-[JSValue hasProperty:]):
-        (-[JSValue isUndefined]):
-        (-[JSValue isNull]):
-        (-[JSValue isBoolean]):
-        (-[JSValue isNumber]):
-        (-[JSValue isString]):
-        (-[JSValue isObject]):
-        (-[JSValue isEqualToObject:]):
-        (-[JSValue isEqualWithTypeCoercionToObject:]):
-        (-[JSValue isInstanceOf:]):
-            - removed ? YES : NO
-        (-[JSValue callWithArguments:]):
-        (-[JSValue constructWithArguments:]):
-        (-[JSValue invokeMethod:withArguments:]):
-            - args -> argumentArray
-        (+[JSValue valueWithPoint:inContext:]):
-        (+[JSValue valueWithRange:inContext:]):
-        (+[JSValue valueWithRect:inContext:]):
-        (+[JSValue valueWithSize:inContext:]):
-            - [NSNumber numberWithFloat:] -> @()
-        (-[JSValue objectForKeyedSubscript:]):
-        (-[JSValue setObject:forKeyedSubscript:]):
-            - key type for -setObject:forKeyedSubscript: is now NSObject <NSCopying> *
-        (JSContainerConvertor):
-        (JSContainerConvertor::isWorkListEmpty):
-        (JSContainerConvertor::convert):
-        (ObjcContainerConvertor):
-        (ObjcContainerConvertor::isWorkListEmpty):
-            - remove WTF::
-            - isWorkListEmpty is const
-        (objectToValue):
-            -  use fast enumeration
-        (-[JSValue initWithValue:inContext:]):
-            - nil check [super init]
-        (getStructTagHandler):
-            - m_structHandlers -> structHandlers
-        * API/JSVirtualMachine.h:
-            - Add newline before NS_CLASS_AVAILABLE(10_9, NA)
-        * API/JSVirtualMachine.mm:
-        (-[JSVirtualMachine init]):
-            - nil check [super init]
-        * API/JSWrapperMap.mm:
-        (selectorToPropertyName):
-        (copyPrototypeProperties):
-            - remove WTF::
-            - use static_cast
-        (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
-        (-[JSWrapperMap initWithContext:]):
-            - nil check [super init]
-        (-[JSWrapperMap wrapperForObject:]):
-        (tryUnwrapObjcObject):
-            - enable ASSERT
-        (getJSExportProtocol):
-        (getNSBlockClass):
-            - remove if check on initializing static
-        * API/JavaScriptCore.h:
-            - JS_OBJC_API_ENABLED no longer implies __OBJC__
-        * API/ObjCCallbackFunction.mm:
-        (CallbackArgumentOfClass):
-        (CallbackArgumentOfClass::~CallbackArgumentOfClass):
-        (CallbackArgumentStruct::CallbackArgumentStruct):
-        (CallbackArgumentStruct):
-        (CallbackArgumentBlockCallback):
-            - mark virtual functions as virtual, override, and private
-            - refactor out buffer allocation for struct types
-        (ArgumentTypeDelegate::typeVoid):
-        (ArgumentTypeDelegate::typeOfClass):
-        (ArgumentTypeDelegate::typeStruct):
-            - return nil -> return 0
-        (CallbackResultStruct::CallbackResultStruct):
-        (CallbackResultStruct):
-            - mark virtual functions as virtual, override, and private
-            - refactor out buffer allocation for struct types
-        (ResultTypeDelegate::typeStruct):
-            - return nil -> return 0
-        (ObjCCallbackFunction):
-            - remove WTF::
-        (objCCallbackFunctionFinalize):
-            - use static_cast
-        (objCCallbackFunctionCallAsFunction):
-            - Fix typos in comment
-        (createObjCCallbackFunctionClass):
-        (objCCallbackFunctionClass):
-            - Split out createObjCCallbackFunctionClass from objCCallbackFunctionClass
-        (ObjCCallbackFunction::call):
-            - ctx -> contextRef
-        (blockSignatureContainsClass):
-            - Remove tri-state enum.
-        (skipNumber):
-            - isdigit -> isASCIIDigit 
-        (objCCallbackFunctionForInvocation):
-            - clean up & comment blockSignatureContainsClass() usage
-        (tryUnwrapBlock):
-            - use static_cast
-        * API/ObjcRuntimeExtras.h:
-        (forEachProtocolImplementingProtocol):
-        (forEachMethodInClass):
-        (forEachMethodInProtocol):
-        (forEachPropertyInProtocol):
-            - Remove WTF::
-            - Remove if (count) checks
-        (skipPair):
-            - NSUInteger -> size_t
-        (StringRange):
-        (StringRange::operator const char*):
-        (StringRange::get):
-        (StructBuffer):
-        (StructBuffer::StructBuffer):
-        (StructBuffer::~StructBuffer):
-        (StructBuffer::operator void*):
-            - Added helper for creating an aligned buffer, used by struct conversion invocations.
-        (parseObjCType):
-            - *(position++) -> *position++
-        * API/tests/testapi.c:
-            - PLATFORM(MAC) -> JS_OBJC_API_ENABLED
-        * API/tests/testapi.m:
-        (blockSignatureContainsClass):
-            - Remove tri-state enum.
-        (testObjectiveCAPI):
-            - Added more result type checks.
-
-2013-01-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not use the InlineCallFrame's callee when it could have used the executable istead
-        https://bugs.webkit.org/show_bug.cgi?id=105947
-
-        Reviewed by Mark Hahnenberg.
-        
-        We shouldn't use the callee to get the executable when we have the executable already. Not only
-        does this make the logic more clear, but it also allows for a world where the executable is known
-        but the callee isn't.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::strictModeFor):
-
-2013-01-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG inliner should not use the callee's bytecode variable for resolving references to the callee in inlined code
-        https://bugs.webkit.org/show_bug.cgi?id=105938
-
-        Reviewed by Mark Hahnenberg.
-        
-        This simplifies a bunch of code for referring to the callee. It also ought to simplify how we do
-        closure call inlining: for inlined closure call frames we will simply require that the callee is
-        already stashed on the stack in the Callee slot in the inline call frame header.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getDirect):
-        (JSC::DFG::ByteCodeParser::get):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parse):
-
-2013-01-02  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Another Windows port build fix attempt. Try not exporting this symbol from JSC
-        since it's also compiled in WebCore.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2013-01-02  Csaba Osztrogonác  <ossy@webkit.org>
-
-        One more unreviewed buildfix after r138609.
-
-        * jit/JITCall.cpp: Add a missing include.
-
-2013-01-02  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed buildfix after r138609.
-
-        * jit/JITCall32_64.cpp: Add a missing include.
-
-2013-01-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Baseline JIT should have closure call caching
-        https://bugs.webkit.org/show_bug.cgi?id=105900
-
-        Reviewed by Gavin Barraclough.
-        
-        This is not a speed-up by itself, but is meant to allow the DFG inliner to
-        accurately discern between closure calls and non-closure calls, so that it can
-        do closure call inlining in the future.
-
-        * bytecode/CallLinkStatus.cpp:
-        (JSC::CallLinkStatus::computeFromLLInt):
-        (JSC::CallLinkStatus::computeFor):
-        * bytecode/CallLinkStatus.h:
-        (JSC::CallLinkStatus::CallLinkStatus):
-        (JSC::CallLinkStatus::isClosureCall):
-        (CallLinkStatus):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleCall):
-        * jit/JIT.cpp:
-        (JSC::JIT::linkFor):
-        (JSC::JIT::linkSlowCall):
-        * jit/JIT.h:
-        (JSC::JIT::compileClosureCall):
-        * jit/JITCall.cpp:
-        (JSC::JIT::privateCompileClosureCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::privateCompileClosureCall):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        * jit/ThunkGenerators.cpp:
-        (JSC::linkClosureCallGenerator):
-        * jit/ThunkGenerators.h:
-
-2013-01-01  Dan Bernstein  <mitz@apple.com>
-
-        <rdar://problem/12942239> Update copyright strings
-
-        Reviewed by Sam Weinig.
-
-        * Info.plist:
-
-2012-12-31  Gavin Barraclough  <barraclough@apple.com>
-
-        Objective-C API for JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=105889
-
-        Reviewed by Filip Pizlo.
-
-        For a detailed description of the API implemented here, see:
-            JSContext.h
-            APIJSValue.h
-            JSVirtualMachine.h
-            JSExport.h
-        Still to do -
-            (1) Shoud rename APIJSValue.h -> JSValue.h (but we'll have to rename JSValue.h first).
-            (2) Numerous FIXMEs, all with separate bugs filed.
-
-        * API/APIJSValue.h: Added.
-            - this Objective-C class is used to reference a JavaScript object.
-        * API/JSBase.h:
-            - added JS_OBJC_API_ENABLED macro to control ObjC API support.
-        * API/JSBlockAdaptor.h: Added.
-            - this Objective-C class is used in creating a special NSBlock proxying a JavaScript function.
-        * API/JSBlockAdaptor.mm: Added.
-        (BlockArgument):
-        (BlockArgument::~BlockArgument):
-        (BlockArgumentBoolean):
-        (BlockArgumentBoolean::get):
-        (BlockArgumentNumeric):
-        (BlockArgumentNumeric::get):
-        (BlockArgumentId):
-        (BlockArgumentId::get):
-        (BlockArgumentStruct):
-        (BlockArgumentStruct::BlockArgumentStruct):
-        (BlockArgumentStruct::~BlockArgumentStruct):
-        (BlockArgumentStruct::get):
-            - decoded arguent type information of a JSBlockAdaptor.
-        (BlockArgumentTypeDelegate):
-        (BlockArgumentTypeDelegate::typeInteger):
-        (BlockArgumentTypeDelegate::typeDouble):
-        (BlockArgumentTypeDelegate::typeBool):
-        (BlockArgumentTypeDelegate::typeVoid):
-        (BlockArgumentTypeDelegate::typeId):
-        (BlockArgumentTypeDelegate::typeOfClass):
-        (BlockArgumentTypeDelegate::typeBlock):
-        (BlockArgumentTypeDelegate::typeStruct):
-            - delegate for use in conjunction with parseObjCType.
-        (BlockResult):
-        (BlockResult::~BlockResult):
-        (BlockResultVoid):
-        (BlockResultVoid::set):
-        (BlockResultInteger):
-        (BlockResultInteger::set):
-        (BlockResultDouble):
-        (BlockResultDouble::set):
-        (BlockResultBoolean):
-        (BlockResultBoolean::set):
-        (BlockResultStruct):
-        (BlockResultStruct::BlockResultStruct):
-        (BlockResultStruct::~BlockResultStruct):
-        (BlockResultStruct::set):
-            - decoded result type information of a JSBlockAdaptor.
-        (buildBlockSignature):
-            - partial step in constructing a signature with stack offset information from one without.
-        (-[JSBlockAdaptor initWithBlockSignatureFromProtocol:]):
-            - constructor.
-        (-[JSBlockAdaptor blockMatchesSignature:]):
-            - check whether signature strings match, where only one contains stack frame offsets.
-        (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
-            - use the adaptor to create a special forwarding block.
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::inherits):
-            - add missing braces to multiline for statement.
-        * API/JSContext.h: Added.
-            - this Objective-C class is used to reference a JavaScript context.
-        * API/JSContext.mm: Added.
-        (-[JSContext init]):
-            - constructor.
-        (-[JSContext initWithVirtualMachine:]):
-            - construct in a given VM (JSGlobalData).
-        (-[JSContext evaluateScript:]):
-        (-[JSContext globalObject]):
-            - evaluate a script, global object accessor.
-        (+[JSContext currentContext]):
-        (+[JSContext currentThis]):
-        (+[JSContext currentArguments]):
-            - These methods obtain context, this, arguments from within a callback.
-        (-[JSContext virtualMachine]):
-            - implementation for .virtualMachine property.
-        (-[JSContext objectForKeyedSubscript:]):
-        (-[JSContext setObject:forKeyedSubscript:]):
-            - support for subscript property access.
-        (contextInternalContext):
-            - internal accessor to m_context.
-        (-[JSContext dealloc]):
-            - desctructor.
-        (-[JSContext notifyException:]):
-        (-[JSContext valueFromNotifyException:]):
-        (-[JSContext boolFromNotifyException:]):
-            - internal method to record an exception was thrown.
-        (-[JSContext beginCallbackWithData:thisValue:argumentCount:arguments:]):
-        (-[JSContext endCallbackWithData:]):
-            - internal methods to push/pop a callback record.
-        (-[JSContext protect:]):
-        (-[JSContext unprotect:]):
-            - internal methods to add a value to a protect set (used to protect the internal property of JSValue).
-        (-[JSContext wrapperForObject:]):
-            - internal method to create a wrapper object.
-        (WeakContextRef::WeakContextRef):
-        (WeakContextRef::~WeakContextRef):
-        (WeakContextRef::get):
-        (WeakContextRef::set):
-            - Helper class to implement a weak reference to a JSContext.
-        * API/JSContextInternal.h: Added.
-        (CallbackData):
-        (WeakContextRef):
-            - see API/JSContext.mm for description of internal methods.
-        * API/JSExport.h: Added.
-            - Provides JSExport protocol & JSExportAs macro.
-        * API/JSValue.mm: Added.
-        (+[JSValue valueWithObject:inContext:]):
-        (+[JSValue valueWithBool:inContext:]):
-        (+[JSValue valueWithDouble:inContext:]):
-        (+[JSValue valueWithInt32:inContext:]):
-        (+[JSValue valueWithUInt32:inContext:]):
-        (+[JSValue valueWithNewObjectInContext:]):
-        (+[JSValue valueWithNewArrayInContext:]):
-        (+[JSValue valueWithNewRegularExpressionFromPattern:flags:inContext:]):
-        (+[JSValue valueWithNewErrorFromMessage:inContext:]):
-        (+[JSValue valueWithNullInContext:]):
-        (+[JSValue valueWithUndefinedInContext:]):
-            - Constructors.
-        (-[JSValue toObject]):
-        (-[JSValue toObjectOfClass:]):
-        (-[JSValue toBool]):
-        (-[JSValue toDouble]):
-        (-[JSValue toInt32]):
-        (-[JSValue toUInt32]):
-        (-[JSValue toNumber]):
-        (-[JSValue toString]):
-        (-[JSValue toDate]):
-        (-[JSValue toArray]):
-        (-[JSValue toDictionary]):
-            - Conversion to Objective-C types.
-        (-[JSValue valueForProperty:]):
-        (-[JSValue setValue:forProperty:]):
-        (-[JSValue deleteProperty:]):
-        (-[JSValue hasProperty:]):
-        (-[JSValue defineProperty:descriptor:]):
-            - Property access by property name.
-        (-[JSValue valueAtIndex:]):
-        (-[JSValue setValue:atIndex:]):
-            - Property access by index.
-        (-[JSValue isUndefined]):
-        (-[JSValue isNull]):
-        (-[JSValue isBoolean]):
-        (-[JSValue isNumber]):
-        (-[JSValue isString]):
-        (-[JSValue isObject]):
-            - Test JavaScript type.
-        (-[JSValue isEqualToObject:]):
-        (-[JSValue isEqualWithTypeCoercionToObject:]):
-        (-[JSValue isInstanceOf:]):
-            - ===, ==, instanceof operators.
-        (-[JSValue callWithArguments:]):
-        (-[JSValue constructWithArguments:]):
-        (-[JSValue invokeMethod:withArguments:]):
-            - Call & construct.
-        (-[JSValue context]):
-            - implementation for .context property.
-        (-[JSValue toPoint]):
-        (-[JSValue toRange]):
-        (-[JSValue toRect]):
-        (-[JSValue toSize]):
-        (+[JSValue valueWithPoint:inContext:]):
-        (+[JSValue valueWithRange:inContext:]):
-        (+[JSValue valueWithRect:inContext:]):
-        (+[JSValue valueWithSize:inContext:]):
-            - Support for NS struct types.
-        (-[JSValue objectForKeyedSubscript:]):
-        (-[JSValue objectAtIndexedSubscript:]):
-        (-[JSValue setObject:forKeyedSubscript:]):
-        (-[JSValue setObject:atIndexedSubscript:]):
-            - support for subscript property access.
-        (isDate):
-        (isArray):
-            - internal helper functions to check for instances of JS Date, Array types.
-        (JSContainerConvertor):
-        (Task):
-        (JSContainerConvertor::JSContainerConvertor):
-        (JSContainerConvertor::isWorkListEmpty):
-        (JSContainerConvertor::convert):
-        (JSContainerConvertor::add):
-        (JSContainerConvertor::take):
-            - helper class for tracking state while converting to Array/Dictionary objects.
-        (valueToObjectWithoutCopy):
-        (containerValueToObject):
-        (valueToObject):
-        (valueToNumber):
-        (valueToString):
-        (valueToDate):
-        (valueToArray):
-        (valueToDictionary):
-            - function for converting JavaScript values to Objective-C objects.
-        (ObjcContainerConvertor):
-        (ObjcContainerConvertor::ObjcContainerConvertor):
-        (ObjcContainerConvertor::isWorkListEmpty):
-        (ObjcContainerConvertor::convert):
-        (ObjcContainerConvertor::add):
-        (ObjcContainerConvertor::take):
-            - helper class for tracking state while converting to Array/Dictionary values.
-        (objectToValueWithoutCopy):
-        (objectToValue):
-        (valueInternalValue):
-            - function for converting Objective-C objects to JavaScript values.
-        (+[JSValue valueWithValue:inContext:]):
-        (-[JSValue initWithValue:inContext:]):
-            - internal constructors.
-        (StructTagHandler):
-        (getStructTagHandler):
-        (+[JSValue selectorForStructToValue:]):
-        (+[JSValue selectorForValueToStruct:]):
-            - methods to tracking struct types that support conversion to/from JSValue.
-        (-[JSValue dealloc]):
-            - destructor.
-        (-[JSValue description]):
-            - Objective-C to-NSString conversion.
-        (typeToValueInvocationFor):
-        (valueToTypeInvocationFor):
-            - create invocation objects for conversion to/from JSValue.
-        * API/JSValueInternal.h: Added.
-            - see API/JSValue.mm for description of internal methods.
-        * API/JSVirtualMachine.h: Added.
-            - this Objective-C class is used to reference a JavaScript virtual machine (JSGlobalData).
-        * API/JSVirtualMachine.mm: Added.
-        (-[JSVirtualMachine init]):
-        (-[JSVirtualMachine dealloc]):
-            - constructor & destructor.
-        (getGroupFromVirtualMachine):
-            - internal accessor for m_group property.
-        * API/JSVirtualMachineInternal.h: Added.
-            - see API/JSVirtualMachine.mm for description of internal methods.
-        * API/JSWrapperMap.h: Added.
-        * API/JSWrapperMap.mm: Added.
-        (wrapperClass):
-            - singleton root for detction (& unwrapping) of wrapper objects.
-        (selectorToPropertyName):
-            - default selector to property name conversion.
-        (createObjectWithCustomBrand):
-            - creates a JSObject with a custom NativeBrand (class name).
-        (createRenameMap):
-            - parse @optional properties of a JSExport protocol.
-        (putNonEnumerable):
-            - property put with enumerable=false.
-        (copyMethodsToObject):
-            - iterate methods in a protocol; add functions to a JSObject.
-        (parsePropertyAttributes):
-            - examine protocol property metadata.
-        (makeSetterName):
-            - "foo" -> "setFoo"
-        (copyPrototypeProperties):
-            - create properties on a Protocol object reflecting the instance methods & properties of a protocol.
-        (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
-        (-[JSObjCClassInfo dealloc]):
-        (-[JSObjCClassInfo wrapperForObject:]):
-        (-[JSObjCClassInfo constructor]):
-            - cache the Protocol/Constructor objects for an Objective-C type.
-        (-[JSWrapperMap initWithContext:]):
-        (-[JSWrapperMap dealloc]):
-            - constructor & desctructor.
-        (-[JSWrapperMap classInfoForClass:]):
-            - maps Class -> JSObjCClassInfo.
-        (-[JSWrapperMap wrapperForObject:]):
-            - cretae or retrieve a cached wrapper value for an object.
-        (tryUnwrapObjcObject):
-            - check whether a value is a wrapper object; unwrap if so.
-        * API/JavaScriptCore.h:
-            - Added includes for new API headers.
-        * API/ObjCCallbackFunction.h: Added.
-            - this class is used to wrap Objective-C instance methods, class methods & blocks as JSFunction objects.
-        * API/ObjCCallbackFunction.mm: Added.
-        (CallbackArgument):
-        (CallbackArgument::~CallbackArgument):
-        (CallbackArgumentBoolean):
-        (CallbackArgumentBoolean::set):
-        (CallbackArgumentInteger):
-        (CallbackArgumentInteger::set):
-        (CallbackArgumentDouble):
-        (CallbackArgumentDouble::set):
-        (CallbackArgumentJSValue):
-        (CallbackArgumentJSValue::set):
-        (CallbackArgumentId):
-        (CallbackArgumentId::set):
-        (CallbackArgumentOfClass):
-        (CallbackArgumentOfClass::CallbackArgumentOfClass):
-        (CallbackArgumentOfClass::~CallbackArgumentOfClass):
-        (CallbackArgumentOfClass::set):
-        (CallbackArgumentNSNumber):
-        (CallbackArgumentNSNumber::set):
-        (CallbackArgumentNSString):
-        (CallbackArgumentNSString::set):
-        (CallbackArgumentNSDate):
-        (CallbackArgumentNSDate::set):
-        (CallbackArgumentNSArray):
-        (CallbackArgumentNSArray::set):
-        (CallbackArgumentNSDictionary):
-        (CallbackArgumentNSDictionary::set):
-        (CallbackArgumentStruct):
-        (CallbackArgumentStruct::CallbackArgumentStruct):
-        (CallbackArgumentStruct::~CallbackArgumentStruct):
-        (CallbackArgumentStruct::set):
-        (CallbackArgumentBlockCallback):
-        (CallbackArgumentBlockCallback::CallbackArgumentBlockCallback):
-        (CallbackArgumentBlockCallback::~CallbackArgumentBlockCallback):
-        (CallbackArgumentBlockCallback::set):
-            - decoded arguent type information of a ObjCCallbackFunction.
-        (ArgumentTypeDelegate):
-        (ArgumentTypeDelegate::typeInteger):
-        (ArgumentTypeDelegate::typeDouble):
-        (ArgumentTypeDelegate::typeBool):
-        (ArgumentTypeDelegate::typeVoid):
-        (ArgumentTypeDelegate::typeId):
-        (ArgumentTypeDelegate::typeOfClass):
-        (ArgumentTypeDelegate::typeBlock):
-        (ArgumentTypeDelegate::typeStruct):
-            - delegate for use in conjunction with parseObjCType.
-        (CallbackResult):
-        (CallbackResult::~CallbackResult):
-        (CallbackResultVoid):
-        (CallbackResultVoid::get):
-        (CallbackResultId):
-        (CallbackResultId::get):
-        (CallbackResultNumeric):
-        (CallbackResultNumeric::get):
-        (CallbackResultBoolean):
-        (CallbackResultBoolean::get):
-        (CallbackResultStruct):
-        (CallbackResultStruct::CallbackResultStruct):
-        (CallbackResultStruct::~CallbackResultStruct):
-        (CallbackResultStruct::get):
-            - decoded result type information of a ObjCCallbackFunction.
-        (ResultTypeDelegate):
-        (ResultTypeDelegate::typeInteger):
-        (ResultTypeDelegate::typeDouble):
-        (ResultTypeDelegate::typeBool):
-        (ResultTypeDelegate::typeVoid):
-        (ResultTypeDelegate::typeId):
-        (ResultTypeDelegate::typeOfClass):
-        (ResultTypeDelegate::typeBlock):
-        (ResultTypeDelegate::typeStruct):
-            - delegate for use in conjunction with parseObjCType.
-        (ObjCCallbackFunction):
-        (ObjCCallbackFunction::ObjCCallbackFunction):
-        (ObjCCallbackFunction::~ObjCCallbackFunction):
-            - constructor & destructor.
-        (ObjCCallbackFunction::context):
-            - accessor.
-        (ObjCCallbackFunction::wrappedBlock):
-            - attemmpt to unwrap a block object.
-        (objCCallbackFunctionFinalize):
-        (objCCallbackFunctionCallAsFunction):
-        (objCCallbackFunctionClass):
-            - JSClassRef used to represent ObjCCallbackFunction objects.
-        (ObjCCallbackFunction::call):
-        (blockSignatureContainsClass):
-            - helper function to determine if we're running on a recent Clang.
-        (skipNumber):
-            - helper used in parsing signature strings.
-        (objCCallbackFunctionForInvocation):
-        (objCCallbackFunctionForMethod):
-        (objCCallbackFunctionForBlock):
-            - functions to try to create ObjCCallbackFunction instances for methods/blocks.
-        (tryUnwrapBlock):
-            - attemmpt to unwrap a block object.
-        * API/ObjcRuntimeExtras.h: Added.
-        (protocolImplementsProtocol):
-        (forEachProtocolImplementingProtocol):
-        (forEachMethodInClass):
-        (forEachMethodInProtocol):
-        (forEachPropertyInProtocol):
-            - functions used in reflecting on Objective-C types.
-        (skipPair):
-            - parsing helper used by parseObjCType, scans for matching parentheses.
-        (StringRange):
-        (StringRange::StringRange):
-        (StringRange::~StringRange):
-        (StringRange::operator const char*):
-        (StringRange::get):
-            - Helper class - create a c string copy of a range of an existing string.
-        (parseObjCType):
-            - function to parse Objective-C type strings, makes callbacks to a deleagte.
-        * API/tests/testapi.c:
-        (main):
-            - added call to testObjectiveCAPI (in testapi.m).
-        * API/tests/testapi.m: Added.
-        (+[ParentObject parentTest]):
-        (+[TestObject testObject]):
-        (+[TestObject classTest]):
-        (-[TestObject getString]):
-        (-[TestObject testArgumentTypesWithInt:double:boolean:string:number:array:dictionary:]):
-        (-[TestObject callback:]):
-        (-[TextXYZ test:]):
-            - test object, used in various test vases.
-        (checkResult):
-            - helper function.
-        (blockSignatureContainsClass):
-            - helper function to determine if we're running on a recent Clang.
-        (testObjectiveCAPI):
-            - new test cases.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - added new files.
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-            - added m_apiData - provide convenient storage for use by the API.
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::JSGlobalObject):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-            - added m_apiData - provide convenient storage for use by the API.
-
-2012-12-27  Csaba Osztrogonác  <ossy@webkit.org>
-
-        One more unreviwed holiday MIPS and SH4 buildfixes after r138516.
-
-        * jit/ThunkGenerators.cpp:
-
-2012-12-27  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviwed holiday ARM and SH4 buildfixes after r138516.
-
-        * jit/ThunkGenerators.cpp:
-        (JSC::nativeForGenerator):
-
-2012-12-26  Filip Pizlo  <fpizlo@apple.com>
-
-        All JIT stubs should go through the getCTIStub API
-        https://bugs.webkit.org/show_bug.cgi?id=105750
-
-        Reviewed by Sam Weinig.
-        
-        Previously JITThunks had two sets of thunks: one static set stored in a struct,
-        which was filled by JIT::privateCompileCTITrampolines, and another set stored in
-        a HashMap. Moreover, the code to generate the code for the CTI trampoline struct
-        had loads of copy-paste between JSVALUE32_64 and JSVALUE64, and was total
-        unmodular with respect to calls versus constructors, among other things.
-                  
-        This changeset removes this struct and rationalizes the code that generates those
-        thunks. All of thunks are now generated through the getCTIStub HashMap API. All
-        thunks for the baseline JIT now use the JSInterfaceJIT and have their codegen
-        located in ThunkGenerators.cpp. All thunks now share as much code as possible -
-        it turns out that they are almost 100% identical between 32_64 and 64, so that
-        works out great. A bunch of call vs. construct duplication was eliminated. And,
-        most of the call link versus virtual call duplication was also eliminated.
-        
-        This does not change behavior but it does make it easier to add more thunks in
-        the future.
-
-        * bytecode/CallLinkInfo.cpp:
-        (JSC::CallLinkInfo::unlink):
-        * jit/JIT.cpp:
-        (JSC::JIT::linkFor):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITInlines.h:
-        (JSC):
-        * jit/JITOpcodes.cpp:
-        (JSC):
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC):
-        * jit/JITStubs.cpp:
-        (JSC::tryCacheGetByID):
-        * jit/JITThunks.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::ctiNativeCall):
-        (JSC::JITThunks::ctiNativeConstruct):
-        (JSC):
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITThunks.h:
-        (JSC):
-        (JITThunks):
-        * jit/JSInterfaceJIT.h:
-        (JSInterfaceJIT):
-        (JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
-        (JSC):
-        (JSC::JSInterfaceJIT::emitFastArithIntToImmNoCheck):
-        (JSC::JSInterfaceJIT::emitJumpIfNotType):
-        (JSC::JSInterfaceJIT::emitGetFromCallFrameHeaderPtr):
-        (JSC::JSInterfaceJIT::emitPutToCallFrameHeader):
-        (JSC::JSInterfaceJIT::emitPutImmediateToCallFrameHeader):
-        (JSC::JSInterfaceJIT::emitPutCellToCallFrameHeader):
-        (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
-        (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
-        (JSC::JSInterfaceJIT::restoreArgumentReference):
-        * jit/ThunkGenerators.cpp:
-        (JSC::generateSlowCaseFor):
-        (JSC):
-        (JSC::linkForGenerator):
-        (JSC::linkCallGenerator):
-        (JSC::linkConstructGenerator):
-        (JSC::virtualForGenerator):
-        (JSC::virtualCallGenerator):
-        (JSC::virtualConstructGenerator):
-        (JSC::stringLengthTrampolineGenerator):
-        (JSC::nativeForGenerator):
-        (JSC::nativeCallGenerator):
-        (JSC::nativeConstructGenerator):
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        (JSC::powThunkGenerator):
-        * jit/ThunkGenerators.h:
-        (JSC):
-        * runtime/Executable.h:
-        (NativeExecutable):
-        (JSC::NativeExecutable::nativeFunctionFor):
-        (JSC::NativeExecutable::offsetOfNativeFunctionFor):
-
-2012-12-25  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
-
-        [CMAKE] Remove header files in JavaScriptCore/CMakeLists.txt
-        https://bugs.webkit.org/show_bug.cgi?id=105753
-
-        Reviewed by Laszlo Gombos.
-
-        * CMakeLists.txt: Remove header files in source list.
-
-2012-12-25  Filip Pizlo  <fpizlo@apple.com>
-
-        JITThunks should be in its own file
-        https://bugs.webkit.org/show_bug.cgi?id=105744
-
-        Rubber stamped by Sam Weinig.
-        
-        Moved JITThunks into its own file and removed some static methods from it
-        that were not related to what JITThunks currently does. Performed various
-        pagan rituals to get it to build - apparently there is a circular dependency
-        between JSCell, Weak, and JITThunks, which magically resolves itself if you
-        make sure to first include Register.h. Making it so that fewer pagan rituals
-        need to be performed if this code changes in the future is covered by
-        https://bugs.webkit.org/show_bug.cgi?id=105696.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * jit/JITStubs.cpp:
-        (JSC::tryCachePutByID):
-        (JSC::tryCacheGetByID):
-        * jit/JITStubs.h:
-        (JSC::JITStackFrame::returnAddressSlot):
-        (JSC::returnAddressIsInCtiTrampoline):
-        * jit/JITThunks.cpp: Added.
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::~JITThunks):
-        (JSC::JITThunks::ctiStub):
-        (JSC::JITThunks::hostFunctionStub):
-        (JSC::JITThunks::clearHostFunctionStubs):
-        * jit/JITThunks.h: Added.
-        (JSC::JITThunks::ctiStringLengthTrampoline):
-        (JSC::JITThunks::ctiVirtualCallLink):
-        (JSC::JITThunks::ctiVirtualConstructLink):
-        (JSC::JITThunks::ctiVirtualCall):
-        (JSC::JITThunks::ctiVirtualConstruct):
-        (JSC::JITThunks::ctiNativeCall):
-        (JSC::JITThunks::ctiNativeConstruct):
-        * jit/ThunkGenerator.h: Added.
-        * jit/ThunkGenerators.cpp:
-        * jit/ThunkGenerators.h:
-        * runtime/JSGlobalData.h:
-
-2012-12-25  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed follow-up for r138455.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-12-24  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Unreviewed compilation fix for r138452.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-12-24  Laszlo Gombos  <l.gombos@samsung.com>
-
-        Remove wtf/Platform.h includes from {c|cpp} files
-        https://bugs.webkit.org/show_bug.cgi?id=105678
-
-        Reviewed by Kentaro Hara.
-
-        Remove wtf/Platform.h from the include list as it is already
-        included in config.h.
-
-        * disassembler/udis86/udis86.c:
-        * disassembler/udis86/udis86_decode.c:
-        * disassembler/udis86/udis86_input.c:
-        * disassembler/udis86/udis86_itab_holder.c:
-        * disassembler/udis86/udis86_syn-att.c:
-        * disassembler/udis86/udis86_syn-intel.c:
-        * disassembler/udis86/udis86_syn.c:
-        * heap/VTableSpectrum.cpp:
-
-2012-12-21  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG Arrayify slow path should be out-of-line
-        https://bugs.webkit.org/show_bug.cgi?id=105400
-
-        Reviewed by Gavin Barraclough.
-        
-        The interesting bit of this change is allowing out-of-line slow path generators
-        to emit speculation checks. This is accomplished by having a version of
-        speculationCheck() that returns a jump placeholder instead of taking a jump (or
-        jump list) as an argument. You can then fill in that jump placeholder at a
-        later time, so long as you do it before OSR exit linking. Slow path generators
-        run before linking, so that just naturally ends up working.
-        
-        This isn't really a big win, but we know that out-of-lining slow paths is
-        generally a good thing to do, so it's fair to assume that this is a move in the
-        right direction.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGArrayifySlowPathGenerator.h: Added.
-        (DFG):
-        (ArrayifySlowPathGenerator):
-        (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
-        (JSC::DFG::ArrayifySlowPathGenerator::generateInternal):
-        * dfg/DFGOSRExitJumpPlaceholder.cpp: Added.
-        (DFG):
-        (JSC::DFG::OSRExitJumpPlaceholder::fill):
-        * dfg/DFGOSRExitJumpPlaceholder.h: Added.
-        (DFG):
-        (OSRExitJumpPlaceholder):
-        (JSC::DFG::OSRExitJumpPlaceholder::OSRExitJumpPlaceholder):
-        (JSC::DFG::OSRExitJumpPlaceholder::operator!):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-
-2012-12-20  Oliver Hunt  <oliver@apple.com>
-
-        Finally found the problem.  Using the wrong JSContextGroup.
-
-        * API/tests/testapi.c:
-        (main):
-
-2012-12-20  Oliver Hunt  <oliver@apple.com>
-
-        Try to convince bots to be happy with testapi.
-
-        * API/JSScriptRefPrivate.h:
-
-2012-12-20  Michael Saboff  <msaboff@apple.com>
-
-        JIT: Change uninitialized pointer value -1 to constant
-        https://bugs.webkit.org/show_bug.cgi?id=105576
-
-        Rubber stamped by Gavin Barraclough.
-
-        Changed the use of -1 as a pointer value in the JITs to be the constant unusedPointer defined in the
-        new file jit/UnusedPointer.h.  Made it's value 0xd1e7beef, which is a bad pointer on most architectures
-        because it is odd, and to distinguish it from other common values.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITWriteBarrier.h:
-        (JSC::JITWriteBarrierBase::clearToUnusedPointer):
-        (JSC::JITWriteBarrierBase::get):
-        * jit/UnusedPointer.h: Added.
-
-2012-12-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG shouldn't emit CheckStructure on array accesses if exit profiling tells it not to
-        https://bugs.webkit.org/show_bug.cgi?id=105577
-
-        Reviewed by Mark Hahnenberg.
-        
-        I don't know why this wasn't there from the beginning.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-
-2012-12-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG speculation checks that take JumpList should consolidate OSRExits
-        https://bugs.webkit.org/show_bug.cgi?id=105401
-
-        Reviewed by Oliver Hunt.
-
-        Change OSRExitCompilationInfo to always contain a JumpList, and change JumpList
-        to be more compact. This way, a speculationCheck that takes a JumpList only has
-        to emit one OSRExit structure, and one OSRExit landing pad.
-        
-        The downside is that we get less precise information about *where* we exited
-        from. So, this also includes changes to the profiler to be more relaxed about
-        what an ExitSite is.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JumpList):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (DFG):
-        (JSC::DFG::JITCompiler::appendExitInfo):
-        (JITCompiler):
-        * dfg/DFGOSRExitCompilationInfo.h:
-        (OSRExitCompilationInfo):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        * profiler/ProfilerCompilation.cpp:
-        (JSC::Profiler::Compilation::addOSRExitSite):
-        * profiler/ProfilerCompilation.h:
-        (Compilation):
-        * profiler/ProfilerOSRExitSite.cpp:
-        (JSC::Profiler::OSRExitSite::toJS):
-        * profiler/ProfilerOSRExitSite.h:
-        (JSC::Profiler::OSRExitSite::OSRExitSite):
-        (JSC::Profiler::OSRExitSite::codeAddress):
-        (OSRExitSite):
-
-2012-12-19  Oliver Hunt  <oliver@apple.com>
-
-        Fix some incorrect tests in testapi.c
-
-        Reviewed by Simon Fraser.
-
-        * API/tests/testapi.c:
-        (main):
-
-2012-12-19  Filip Pizlo  <fpizlo@apple.com>
-
-        JSObject::ensure<IndexingType> should gracefully handle InterceptsGetOwn..., and should never be called when the 'this' is not an object
-        https://bugs.webkit.org/show_bug.cgi?id=105468
-
-        Reviewed by Mark Hahnenberg, Oliver Hunt, and Gavin Barraclough.
-
-        Changed JSObject::ensure<IndexingType> methods to gracefully handle
-        InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero. Most of them handle it by returning
-        null as a result of indexingShouldBeSparse() returning true, while ensureArrayStorage handles it
-        by entering dictionary indexing mode, which forces the object to behave correctly even if there
-        is proxying or weird prototype stuff going on.
-        
-        Changed DFGOperations entrypoints to reject non-objects, so that JSObject doesn't have to deal
-        with pretending to be JSString. In particular, this would go wrong in the ArrayStorage case
-        since we'd try to resize a butterfly on a JSString, but JSString has something other than
-        m_butterfly at that offset.
-        
-        Finally, removed all InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero from JIT code
-        since those are now redundant.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::ensureInt32Slow):
-        (JSC::JSObject::ensureDoubleSlow):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
-        * runtime/JSObject.h:
-        (JSObject):
-
-2012-12-19  Oliver Hunt  <oliver@apple.com>
-
-        Tidy up JSScriptRef API
-        https://bugs.webkit.org/show_bug.cgi?id=105470
-
-        Reviewed by Anders Carlsson.
-
-        People found the API's use of a context confusing, so we'll switch to a JSContextGroup based
-        API, and drop a number of the unnecessary uses of contexts.
-
-        * API/JSScriptRef.cpp:
-        (OpaqueJSScript::globalData):
-        (parseScript):
-        * API/JSScriptRefPrivate.h:
-        * API/tests/testapi.c:
-        (main):
-
-2012-12-19  Alexis Menard  <alexis@webkit.org>
-
-        Implement CSS parsing for CSS transitions unprefixed.
-        https://bugs.webkit.org/show_bug.cgi?id=104804
-
-        Reviewed by Dean Jackson.
-
-        Add a new flag ENABLE_CSS_TRANSFORMS_ANIMATIONS_TRANSITIONS_UNPREFIXED
-        to cover the work of unprefixing Transforms, Animations and 
-        Transitions. It will let the possibility of each ports to turn it off 
-        in their release branches until we're confident that these CSS 
-        properties are ready to be unprefixed.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-12-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Proxies should set InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero
-        https://bugs.webkit.org/show_bug.cgi?id=105379
-
-        Reviewed by Gavin Barraclough.
-
-        Forgetting to set this flag led to the DFG trying to ensure array storage on a proxy. I've
-        now hardened the code with a release assertion as well as fixing the bug. A release assertion
-        is appropriate here since this is slow-path code.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::ensureInt32Slow):
-        (JSC::JSObject::ensureDoubleSlow):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::ensureArrayStorageSlowNoCheck):
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
-        * runtime/JSObject.h:
-        (JSObject):
-        * runtime/JSProxy.h:
-        (JSProxy):
-
-2012-12-18  Oliver Hunt  <oliver@apple.com>
-
-        Add a JSScriptRef API to JSC so that we can allow API users to avoid the full cost of reparsing everytime the execute a script.
-        https://bugs.webkit.org/show_bug.cgi?id=105340
-
-        Reviewed by Gavin Barraclough.
-
-        This patch adds a (currently private) API to allow users of the JSC API to create a JSScript object
-        that references a reusable version of the script that they wish to evaluate.  This can help us avoid
-        numeorus copies that are otherwise induced by our existing API and gives us an opaque object that we
-        can hang various caches off.  Currently this is simply a simple SourceProvider, but in future we may
-        be able to add more caching without requiring new/replacement APIs. 
-
-        * API/JSScriptRef.cpp: Added.
-        * API/JSScriptRefPrivate.h: Added.
-        * API/tests/testapi.c:
-          Add tests for new APIs.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-12-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode incorrectly checks for non-array array storage when it should be checking for array array storage
-        https://bugs.webkit.org/show_bug.cgi?id=105365
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-
-2012-12-18  Filip Pizlo  <fpizlo@apple.com>
-
-        SunSpider/date-format-tofte shouldn't compile each of the tiny worthless eval's only to OSR exit in the prologue every time
-        https://bugs.webkit.org/show_bug.cgi?id=105335
-
-        Reviewed by Geoffrey Garen.
-
-        The first thing I did was restructure the logic of canInlineResolveOperations(),
-        because I didn't understand it. This was relevant because the OSR exits are
-        caused by a resolve that the DFG cannot handle.
-        
-        I was then going to make it so that we didn't compile the resolve at all, but
-        realized that this would not be the best fix: it didn't seem sensible to me to
-        be optimizing these evals after only 60 invocations. Evals should have a higher
-        threshold, since they often contain code for which the baseline JIT does a
-        pretty good job already (if all you've got is a single heap access or a single
-        hard-to-inline call, then the baseline JIT has got you covered), and typically
-        if we see one eval code block we expect to see more (from the same eval site):
-        so our typical low threshold could lead to a *lot* of compilation. As such, the
-        main effect of this patch is to introduce an evalThresholdMultiplier, which is
-        now set to 10.
-        
-        This is a ~5% speed-up on data-format-tofte. No regressions anywhere as far as
-        I can see.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::codeTypeThresholdMultiplier):
-        (JSC):
-        (JSC::CodeBlock::optimizationThresholdScalingFactor):
-        (JSC::CodeBlock::exitCountThresholdForReoptimization):
-        (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineResolveOperations):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * runtime/Options.h:
-        (JSC):
-
-2012-12-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Convert indexingTypeToString to IndexingTypeDump
-        https://bugs.webkit.org/show_bug.cgi?id=105351
-
-        Reviewed by Mark Hahnenberg.
-
-        This gets rid of another case of static char buffer[thingy].
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * runtime/IndexingType.cpp:
-        (JSC::dumpIndexingType):
-        * runtime/IndexingType.h:
-        (JSC):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::dump):
-
-2012-12-18  Beth Dakin  <bdakin@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=102579
-        [mac] Enable scaled cursors
-
-        Reviewed by Dean Jackson.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Restrictions on oversize CopiedBlock allocations should be relaxed
-        https://bugs.webkit.org/show_bug.cgi?id=105339
-
-        Reviewed by Filip Pizlo.
-
-        Currently the DFG has a single branch in the inline allocation path for property/array storage where 
-        it checks to see if the number of bytes requested will fit in the current block. This does not match 
-        what the C++ allocation path does; it checks if the requested number of bytes is oversize, and then 
-        if it's not, it tries to fit it in the current block. The garbage collector assumes that ALL allocations 
-        that are greater than 16KB are in oversize blocks. Therefore, this mismatch can lead to crashes when 
-        the collector tries to perform some operation on a CopiedBlock.
-
-        To avoid adding an extra branch to the inline allocation path in the JIT, we should make it so that 
-        oversize blocks are allocated on the same alignment boundaries so that there is a single mask to find 
-        the block header of any CopiedBlock (rather than two, one for normal and one for oversize blocks), and 
-        we should figure out if a block is oversize by some other method than just whatever the JSObject says 
-        it is. One way we could record this info Region of the block, since we allocate a one-off Region for 
-        oversize blocks.
-
-        * heap/BlockAllocator.h:
-        (JSC::Region::isCustomSize): 
-        (Region):
-        (JSC::Region::createCustomSize):
-        (JSC::Region::Region):
-        (JSC::BlockAllocator::deallocateCustomSize):
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-        (JSC::CopiedBlock::isOversize): 
-        (JSC):
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::tryReallocate):
-        (JSC::CopiedSpace::tryReallocateOversize):
-        * heap/CopiedSpace.h:
-        (CopiedSpace): 
-        * heap/CopiedSpaceInlines.h:
-        (JSC::CopiedSpace::contains):
-        (JSC::CopiedSpace::tryAllocate):
-        (JSC):
-        * heap/CopyVisitor.h:
-        (CopyVisitor):
-        * heap/CopyVisitorInlines.h:
-        (JSC::CopyVisitor::checkIfShouldCopy):
-        (JSC::CopyVisitor::didCopy):
-        * heap/SlotVisitorInlines.h:
-        (JSC::SlotVisitor::copyLater):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::copyButterfly):
-
-2012-12-18  Joseph Pecoraro  <pecoraro@apple.com>
-
-        [Mac] Add Build Phase to Check Headers for Inappropriate Macros (Platform.h macros)
-        https://bugs.webkit.org/show_bug.cgi?id=104279
-
-        Reviewed by David Kilzer.
-
-        Add a build phase to check the public JavaScriptCore headers for
-        inappropriate macros.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-12-18  Michael Saboff  <msaboff@apple.com>
-
-        [Qt] Fix the ARMv7 build after r137976
-        https://bugs.webkit.org/show_bug.cgi?id=105270
-
-        Reviewed by Csaba Osztrogonác.
-
-        Add default value for Jump parameter to fix build.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-
-2012-12-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Constant fold !{number} in the parser
-        https://bugs.webkit.org/show_bug.cgi?id=105232
-
-        Reviewed by Filip Pizlo.
-
-        Typically, we wait for hot execution and constant fold in the DFG.
-        However, !0 and !1 are common enough in minifiers that it can be good
-        to get them out of the way early, for faster/smaller parsing and startup.
-
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createLogicalNot): !{literal} is super simple, especially
-        since there's no literal form of NaN or Inf.
-
-2012-12-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG is too aggressive eliding overflow checks for additions involving large constants
-        https://bugs.webkit.org/show_bug.cgi?id=105239
-
-        Reviewed by Gavin Barraclough.
-
-        If we elide overflow checks on an addition (or subtraction) involving a larger-than-2^32 immediate,
-        then make sure that the non-constant child of the addition knows that he's got to do an overflow
-        check, by flowing the UsedAsNumber property at him.
-
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::addSpeculationMode):
-        (Graph):
-        (JSC::DFG::Graph::addShouldSpeculateInteger):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-12-17  Michael Saboff  <msaboff@apple.com>
-
-        DFG: Refactor DFGCorrectableJumpPoint to reduce size of OSRExit data
-        https://bugs.webkit.org/show_bug.cgi?id=105237
-
-        Reviewed by Filip Pizlo.
-
-        Replaced DFGCorrectableJumpPoint with OSRExitCompilationInfo which is used and kept alive only while we are
-        compiling in the DFG.  Moved the patchable branch offset directly into OSRExit.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/AbstractMacroAssembler.h:
-        * dfg/DFGCorrectableJumpPoint.cpp: Removed.
-        * dfg/DFGCorrectableJumpPoint.h: Removed.
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::appendExitJump):
-        (JITCompiler):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::OSRExit::setPatchableCodeOffset):
-        (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump):
-        (JSC::DFG::OSRExit::codeLocationForRepatch):
-        (JSC::DFG::OSRExit::correctJump):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompilationInfo.h: Added.
-        (OSRExitCompilationInfo):
-        (JSC::DFG::OSRExitCompilationInfo::OSRExitCompilationInfo):
-        (JSC::DFG::OSRExitCompilationInfo::failureJump):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-
-2012-12-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG is too aggressive with eliding overflow checks in loops
-        https://bugs.webkit.org/show_bug.cgi?id=105226
-
-        Reviewed by Mark Hahnenberg and Oliver Hunt.
-
-        If we see a variable's live range cross basic block boundaries, conservatively assume that it may
-        be part of a data-flow back-edge, and as a result, we may have entirely integer operations that
-        could lead to the creation of an integer that is out of range of 2^52 (the significand of a double
-        float). This does not seem to regress any of the benchmarks we care about, and it fixes the bug.
-        
-        In future we may want to actually look at whether or not there was a data-flow back-edge instead
-        of being super conservative about it. But we have no evidence, yet, that this would help us on
-        real code.
-
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-12-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Butterfly::growArrayRight shouldn't be called on null Butterfly objects
-        https://bugs.webkit.org/show_bug.cgi?id=105221
-
-        Reviewed by Filip Pizlo.
-
-        Currently we depend upon the fact that Butterfly::growArrayRight works with null Butterfly 
-        objects purely by coincidence. We should add a new static function that null checks the old 
-        Butterfly object and creates a new one if it's null, or calls growArrayRight if it isn't for 
-        use in the couple of places in JSObject that expect such behavior to work.
-
-        * runtime/Butterfly.h:
-        (Butterfly):
-        * runtime/ButterflyInlines.h:
-        (JSC::Butterfly::createOrGrowArrayRight):
-        (JSC):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::createInitialIndexedStorage):
-        (JSC::JSObject::createArrayStorage):
-
-2012-12-17  Filip Pizlo  <fpizlo@apple.com>
-
-        javascript integer overflow
-        https://bugs.webkit.org/show_bug.cgi?id=104967
-
-        Reviewed by Mark Hahnenberg.
-
-        Fix PutScopedVar backward flow.
-
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-12-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Rationalize array profiling for out-of-bounds and hole cases
-        https://bugs.webkit.org/show_bug.cgi?id=105139
-
-        Reviewed by Geoffrey Garen.
-
-        This makes ArrayProfile track whether or not we had out-of-bounds, which allows
-        for more precise decision-making in the DFG.
-        
-        Also cleaned up ExitKinds for out-of-bounds and hole cases to make it easier to
-        look at them in the profiler.
-        
-        Slight speed-up (5-8%) on SunSpider/crypto-md5.
-
-        * bytecode/ArrayProfile.cpp:
-        (JSC::ArrayProfile::computeUpdatedPrediction):
-        (JSC::ArrayProfile::briefDescription):
-        * bytecode/ArrayProfile.h:
-        (JSC::ArrayProfile::ArrayProfile):
-        (JSC::ArrayProfile::addressOfOutOfBounds):
-        (JSC::ArrayProfile::expectedStructure):
-        (JSC::ArrayProfile::structureIsPolymorphic):
-        (JSC::ArrayProfile::outOfBounds):
-        (JSC::ArrayProfile::polymorphicStructure):
-        * bytecode/CodeBlock.cpp:
-        (JSC::dumpChain):
-        * bytecode/ExitKind.cpp:
-        (JSC::exitKindToString):
-        (JSC::exitKindIsCountable):
-        * bytecode/ExitKind.h:
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.h:
-        * jit/JITInlines.h:
-        (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-12-17  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        Implement add64 for MIPS assembler after r136601
-        https://bugs.webkit.org/show_bug.cgi?id=104106
-
-        Reviewed by Zoltan Herczeg.
-
-        Added add64 function to MacroAssebler of MIPS.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::add32):
-        (JSC::MacroAssemblerMIPS::add64):
-        (MacroAssemblerMIPS):
-
-2012-12-17  Jonathan Liu  <net147@gmail.com>
-
-        Fix Math.pow implementation with MinGW-w64
-        https://bugs.webkit.org/show_bug.cgi?id=105087
-
-        Reviewed by Simon Hausmann.
-
-        The MinGW-w64 runtime has different behaviour for pow()
-        compared to other C runtimes. This results in the following
-        test262 tests failing with the latest MinGW-w64 runtime:
-        - S15.8.2.13_A14
-        - S15.8.2.13_A16
-        - S15.8.2.13_A20
-        - S15.8.2.13_A22
-
-        Handle the special cases that are different with MinGW-w64.
-
-        * runtime/MathObject.cpp:
-        (JSC::mathPow):
-
-2012-12-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Bytecode dumping should show rare case profiles
-        https://bugs.webkit.org/show_bug.cgi?id=105133
-
-        Reviewed by Geoffrey Garen.
-
-        Refactored the dumper to call dumpBytecodeCommandAndNewLine in just one place,
-        rather than in all of the places. Changed the rare case profile getters to use
-        tryBinarySearch rather than binarySearch, so that they can be used speculatively
-        even if you don't know that the bytecode has rare case profiles. This actually
-        increases our assertion level, since it means that in release builds we will get
-        null and crash rather than getting some random adjacent profile. And then this
-        adds some printing of the rare case profiles.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::CodeBlock::beginDumpProfiling):
-        (JSC):
-        (JSC::CodeBlock::dumpValueProfiling):
-        (JSC::CodeBlock::dumpArrayProfiling):
-        (JSC::CodeBlock::dumpRareCaseProfile):
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
-        (JSC::CodeBlock::specialFastCaseProfileForBytecodeOffset):
-
-2012-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Attempt to rationalize and simplify WTF::binarySearch
-        https://bugs.webkit.org/show_bug.cgi?id=104890
-
-        Reviewed by Maciej Stachowiak.
-
-        Switch to using the new binarySearch() API. No change in behavior.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::codeOriginForReturn):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getStubInfo):
-        (JSC::CodeBlock::getByValInfo):
-        (JSC::CodeBlock::getCallLinkInfo):
-        (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
-        (JSC::CodeBlock::valueProfileForBytecodeOffset):
-        (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
-        (JSC::CodeBlock::specialFastCaseProfileForBytecodeOffset):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::blockIndexForBytecodeOffset):
-        * dfg/DFGMinifiedGraph.h:
-        (JSC::DFG::MinifiedGraph::at):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * profiler/ProfilerBytecodeSequence.cpp:
-        (JSC::Profiler::BytecodeSequence::indexForBytecodeIndex):
-
-2012-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Don't assert that flags <= 0x3ff in JSTypeInfo
-        https://bugs.webkit.org/show_bug.cgi?id=104988
-
-        Reviewed by Sam Weinig.
-
-        This assertion doesn't accomplish anything other than crashes.
-
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-
-2012-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Named lookups on HTML documents produce inconsistent results in JavaScriptCore bindings
-        https://bugs.webkit.org/show_bug.cgi?id=104623
-
-        Reviewed by Geoffrey Garen.
-
-        Add the notion of objects that HasImpureGetOwnPropertySlot, and use that to inhibit prototype chain caching
-        in some cases. This appears to be perf-neutral on benchmarks that we track.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSTypeInfo.h:
-        (JSC):
-        (JSC::TypeInfo::hasImpureGetOwnPropertySlot):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChainForChainAccess):
-
-2012-12-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, roll out http://trac.webkit.org/changeset/137683.
-        It broke gmail.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC):
-        * runtime/Operations.h:
-        (JSC):
-
-2012-13-11  Oliver Hunt  <oliver@apple.com>
-
-        Support op_typeof in the DFG
-        https://bugs.webkit.org/show_bug.cgi?id=98898
-
-        Reviewed by Filip Pizlo.
-
-        Adds a TypeOf node to the DFG to support op_typeof. 
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-          We try to determine the result early here, and substitute in a constant.
-          Otherwise we leave the node intact, and set the result type to SpecString.
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-          Parse op_typeof
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-          TypeOf nodes can be subjected to pure CSE
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-          We can handle typeof.
-        * dfg/DFGNodeType.h:
-        (DFG):
-          Define the node.
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-          Add operationTypeOf to support the non-trivial cases.
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-          Actual codegen
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        (JSC):
-        * runtime/Operations.h:
-        (JSC):
-          Some refactoring to allow us to get the type string for an
-          object without needing a callframe.
-
-2012-12-12  Filip Pizlo  <fpizlo@apple.com>
-
-        OSR exit compiler should emit code for resetting the execution counter that matches the logic of ExecutionCounter.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=104791
-
-        Reviewed by Oliver Hunt.
-
-        The OSR exit compiler wants to make it so that every OSR exit does the equivalent
-        of:
-        
-        codeBlock->m_jitExecuteCounter.setNewThreshold(
-            codeBlock->counterValueForOptimizeAfterLongWarmUp());
-        
-        This logically involves:
-        
-        - Resetting the counter to zero.
-        - Setting m_activeThreshold to counterValueForOptimizeAfterLongWarmUp().
-        - Figuring out the scaled threshold, subtracting the count so far (which is zero,
-          so this part is a no-op), and clipping (ExecuteCounter::clippedThreshold()).
-        - Setting m_counter to the negated clipped threshold.
-        - Setting m_totalCount to the previous count so far (which is zero) plus the
-          clipped threshold.
-        
-        Because of the reset, which sets the count-so-far to zero, this amounts to:
-        
-        - Setting m_activeThreshold to counterValueForOptimizeAfterLongWarmUp().
-        - Figuring out the clipped scaled threshold.
-        - Setting m_counter to the negated clipped scaled threshold.
-        - Setting m_totalCount to the (positive) clipped scaled threshold.
-        
-        The code was previously not doing this, but now is. This is performance neutral.
-        The only change in behavior over what the code was previously doing (setting the
-        m_counter to the negated scaled threshold, without clipping, and then setting
-        the m_totalCount to the clipped scaled threshold) is that this will respond more
-        gracefully under memory pressure and will ensure that we get more value profile
-        LUBing before triggering recompilation. More LUBing is almost always a good
-        thing.
-
-        * dfg/DFGOSRExitCompiler.cpp:
-        (JSC::DFG::OSRExitCompiler::handleExitCounts):
-
-2012-12-12  Ilya Tikhonovsky  <loislo@chromium.org>
-
-        Web Inspector: Native Memory Instrumentation: remove fake root MemoryObjectInfo.
-        https://bugs.webkit.org/show_bug.cgi?id=104796
-
-        Reviewed by Yury Semikhatsky.
-
-        It was not a good idea to introduce a fake root MemoryObjectInfo.
-        It makes a problem when we visit an object without its own MemoryObjectType.
-
-        Example: RenderBox has a global pointer to a hash map.
-        HashMap doesn't have its own object type because it is a generic container.
-        It will inherit object type from the fake root memory object info.
-        The same could happen for another container in another class with other MemoryObjectType.
-
-        This fact forces me to create custom process method for root objects
-        because they need to have their own MemoryObjectInfo with customisable memory object type.
-
-        Drive by fix: InstrumentedPointer* was replaced with Wrapper* because actually it is using
-        for instrumented and not instrumented object classes.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-12-11  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        Implement add64 for ARM traditional assembler after r136601
-        https://bugs.webkit.org/show_bug.cgi?id=104103
-
-        Reviewed by Zoltan Herczeg.
-
-        Implement add64 function for ARM traditional macroassembler.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::add64):
-        (MacroAssemblerARM):
-
-2012-12-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed. Fix build with DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE).
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::tallyFrequentExitSites):
-
-2012-12-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Profiler should show bytecode dumps as they would have been visible to the JITs, including the profiling data that the JITs would see
-        https://bugs.webkit.org/show_bug.cgi?id=104647
-
-        Reviewed by Oliver Hunt.
-
-        Adds more profiling data to bytecode dumps, and adds the ability to do a secondary
-        bytecode dump for each JIT compilation of a code block. This is relevant because both
-        the bytecodes, and the profiling data, may change after some number of executions.
-        
-        Also fixes some random dumping code to use PrintStream& rather than
-        static const char[thingy].
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/ArrayProfile.cpp:
-        (JSC::dumpArrayModes):
-        (JSC::ArrayProfile::briefDescription):
-        * bytecode/ArrayProfile.h:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::dumpValueProfiling):
-        (JSC::CodeBlock::dumpArrayProfiling):
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecode/CodeBlock.h:
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfileBase::briefDescription):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * profiler/ProfilerBytecodeSequence.cpp: Added.
-        (JSC::Profiler::BytecodeSequence::BytecodeSequence):
-        (JSC::Profiler::BytecodeSequence::~BytecodeSequence):
-        (JSC::Profiler::BytecodeSequence::indexForBytecodeIndex):
-        (JSC::Profiler::BytecodeSequence::forBytecodeIndex):
-        (JSC::Profiler::BytecodeSequence::addSequenceProperties):
-        * profiler/ProfilerBytecodeSequence.h: Added.
-        (JSC::Profiler::BytecodeSequence::size):
-        (JSC::Profiler::BytecodeSequence::at):
-        * profiler/ProfilerBytecodes.cpp:
-        (JSC::Profiler::Bytecodes::Bytecodes):
-        (JSC::Profiler::Bytecodes::toJS):
-        * profiler/ProfilerBytecodes.h:
-        (JSC::Profiler::Bytecodes::instructionCount):
-        * profiler/ProfilerCompilation.cpp:
-        (JSC::Profiler::Compilation::addProfiledBytecodes):
-        (JSC::Profiler::Compilation::toJS):
-        * profiler/ProfilerCompilation.h:
-        (JSC::Profiler::Compilation::profiledBytecodesSize):
-        (JSC::Profiler::Compilation::profiledBytecodesAt):
-        * profiler/ProfilerDatabase.cpp:
-        (JSC::Profiler::Database::ensureBytecodesFor):
-        * profiler/ProfilerDatabase.h:
-        * profiler/ProfilerProfiledBytecodes.cpp: Added.
-        (JSC::Profiler::ProfiledBytecodes::ProfiledBytecodes):
-        (JSC::Profiler::ProfiledBytecodes::~ProfiledBytecodes):
-        (JSC::Profiler::ProfiledBytecodes::toJS):
-        * profiler/ProfilerProfiledBytecodes.h: Added.
-        (JSC::Profiler::ProfiledBytecodes::bytecodes):
-        * runtime/CommonIdentifiers.h:
-
-2012-12-11  Oswald Buddenhagen  <oswald.buddenhagen@digia.com>
-
-        [Qt] delete dead include paths
-
-        Reviewed by Simon Hausmann.
-
-        followup to https://bugs.webkit.org/show_bug.cgi?id=93446
-
-        * JavaScriptCore.pri:
-
-2012-12-11  Julien BRIANCEAU   <jbrianceau@nds.com>
-
-        Implement add64 for SH4 assembler to fix build after r136601
-        https://bugs.webkit.org/show_bug.cgi?id=104377
-
-        Reviewed by Zoltan Herczeg.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::add64):
-        (MacroAssemblerSH4):
-
-2012-12-10  Yury Semikhatsky  <yurys@chromium.org>
-
-        Memory instrumentation: make sure each edge is reported only once
-        https://bugs.webkit.org/show_bug.cgi?id=104630
-
-        Reviewed by Pavel Feldman.
-
-        Changed exported symbols for MemoryInstrumentation.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-12-10  Filip Pizlo  <fpizlo@apple.com>
-
-        Don't OSR exit just because a string is a rope
-        https://bugs.webkit.org/show_bug.cgi?id=104621
-
-        Reviewed by Michael Saboff.
-
-        Slight SunSpider speed-up at around the 0.7% level. This patch does the obvious
-        thing of calling a slow path to resolve ropes rather than OSR exiting if the
-        string is a rope.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::ArrayMode::getIndexedPropertyStorageMayTriggerGC):
-        (ArrayMode):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::putStructureStoreElimination):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-
-2012-12-10  Gustavo Noronha Silva  <gns@gnome.org>
-
-        Unreviewed distcheck fix.
-
-        * GNUmakefile.list.am:
-
-2012-12-10  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC profiling and debug dump code should use inferred names when possible
-        https://bugs.webkit.org/show_bug.cgi?id=104519
-
-        Reviewed by Oliver Hunt.
-
-        This does as advertised: the profiler now knows the inferred name of all code blocks,
-        and all uses of CodeBlock::dump() dump it along with the hash.
-        
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::inferredName):
-        (JSC::CodeBlock::dumpAssumingJITType):
-        * bytecode/CodeBlock.h:
-        * profiler/ProfilerBytecodes.cpp:
-        (JSC::Profiler::Bytecodes::Bytecodes):
-        (JSC::Profiler::Bytecodes::toJS):
-        * profiler/ProfilerBytecodes.h:
-        (JSC::Profiler::Bytecodes::inferredName):
-        * profiler/ProfilerDatabase.cpp:
-        (JSC::Profiler::Database::addBytecodes):
-        (JSC::Profiler::Database::ensureBytecodesFor):
-        * profiler/ProfilerDatabase.h:
-        * runtime/CommonIdentifiers.h:
-
-2012-12-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Profiler should say things about OSR exits
-        https://bugs.webkit.org/show_bug.cgi?id=104497
-
-        Reviewed by Oliver Hunt.
-
-        This adds support for profiling OSR exits. For each exit that is taken, the profiler
-        records the machine code address that the exit occurred on, the exit kind, the origin
-        stack, and the number of times that it happened.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/AbstractMacroAssembler.h:
-        (Jump):
-        (JSC::AbstractMacroAssembler::Jump::label):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::saveCompilation):
-        (CodeBlock):
-        (JSC::CodeBlock::compilation):
-        (DFGData):
-        * bytecode/DFGExitProfile.h:
-        (DFG):
-        * bytecode/ExitKind.cpp: Added.
-        (JSC):
-        (JSC::exitKindToString):
-        (JSC::exitKindIsCountable):
-        (WTF):
-        (WTF::printInternal):
-        * bytecode/ExitKind.h: Added.
-        (JSC):
-        (WTF):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::linkOSRExits):
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JITCompiler):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JumpReplacementWatchpoint.h:
-        (JSC::JumpReplacementWatchpoint::sourceLabel):
-        (JumpReplacementWatchpoint):
-        * profiler/ProfilerCompilation.cpp:
-        (JSC::Profiler::Compilation::addOSRExitSite):
-        (Profiler):
-        (JSC::Profiler::Compilation::addOSRExit):
-        (JSC::Profiler::Compilation::toJS):
-        * profiler/ProfilerCompilation.h:
-        (Compilation):
-        * profiler/ProfilerDatabase.cpp:
-        (JSC::Profiler::Database::newCompilation):
-        * profiler/ProfilerDatabase.h:
-        (Database):
-        * profiler/ProfilerOSRExit.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::OSRExit::OSRExit):
-        (JSC::Profiler::OSRExit::~OSRExit):
-        (JSC::Profiler::OSRExit::toJS):
-        * profiler/ProfilerOSRExit.h: Added.
-        (Profiler):
-        (OSRExit):
-        (JSC::Profiler::OSRExit::id):
-        (JSC::Profiler::OSRExit::origin):
-        (JSC::Profiler::OSRExit::exitKind):
-        (JSC::Profiler::OSRExit::isWatchpoint):
-        (JSC::Profiler::OSRExit::counterAddress):
-        (JSC::Profiler::OSRExit::count):
-        * profiler/ProfilerOSRExitSite.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::OSRExitSite::toJS):
-        * profiler/ProfilerOSRExitSite.h: Added.
-        (Profiler):
-        (OSRExitSite):
-        (JSC::Profiler::OSRExitSite::OSRExitSite):
-        (JSC::Profiler::OSRExitSite::codeAddress):
-        * runtime/CommonIdentifiers.h:
-
-2012-12-10  Alexis Menard  <alexis@webkit.org>
-
-        [CSS3 Backgrounds and Borders] Remove CSS3_BACKGROUND feature flag.
-        https://bugs.webkit.org/show_bug.cgi?id=104539
-
-        Reviewed by Antonio Gomes.
-
-        As discussed on webkit-dev it is not needed to keep this feature flag 
-        as support for <position> type is a small feature that is already 
-        implemented by three other UAs. It was useful while landing this 
-        feature as partial bits were landed one after one.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-12-09  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ArrayPush/Pop should not pass their second child as the index for blessArrayOperation()
-        https://bugs.webkit.org/show_bug.cgi?id=104500
-
-        Reviewed by Oliver Hunt.
-
-        Slight across-the-board speed-up.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2012-12-08  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should scale the optimization threshold for a code block according to the cost of compiling it
-        https://bugs.webkit.org/show_bug.cgi?id=104406
-
-        Reviewed by Oliver Hunt.
-
-        We've long known that we want to scale the execution count threshold needed for the DFG
-        to kick in to scale according to some estimate of the cost of compiling that code block.
-        This institutes a relationship like this:
-        
-        threshold = thresholdSetting * (a * sqrt(instructionCount + b) + abs(c * instructionCount) + d
-        
-        Where a, b, c, d are coefficients derived from fitting the above expression to various
-        data points, which I chose based on looking at one benchmark (3d-cube) and from my
-        own intuitions.
-        
-        Making this work well also required changing the thresholdForOptimizeAfterLongWarmUp
-        from 5000 to 1000.
-        
-        This is a >1% speed-up on SunSpider, a >3% speed-up on V8Spider, ~1% speed-up on V8v7,
-        neutral on Octane, and neutral on Kraken.
-        
-        I also out-of-lined a bunch of methods related to these heuristics, because I couldn't
-        stand having them defined in the header anymore. I also made improvements to debugging
-        code because I needed it for tuning this change.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::sourceCodeForTools):
-        (JSC::CodeBlock::sourceCodeOnOneLine):
-        (JSC::CodeBlock::dumpBytecode):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::reoptimizationRetryCounter):
-        (JSC::CodeBlock::countReoptimization):
-        (JSC::CodeBlock::optimizationThresholdScalingFactor):
-        (JSC::clipThreshold):
-        (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
-        (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
-        (JSC::CodeBlock::counterValueForOptimizeSoon):
-        (JSC::CodeBlock::checkIfOptimizationThresholdReached):
-        (JSC::CodeBlock::optimizeNextInvocation):
-        (JSC::CodeBlock::dontOptimizeAnytimeSoon):
-        (JSC::CodeBlock::optimizeAfterWarmUp):
-        (JSC::CodeBlock::optimizeAfterLongWarmUp):
-        (JSC::CodeBlock::optimizeSoon):
-        (JSC::CodeBlock::adjustedExitCountThreshold):
-        (JSC::CodeBlock::exitCountThresholdForReoptimization):
-        (JSC::CodeBlock::exitCountThresholdForReoptimizationFromLoop):
-        (JSC::CodeBlock::shouldReoptimizeNow):
-        (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
-        * bytecode/CodeBlock.h:
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::hasCrossedThreshold):
-        * bytecode/ReduceWhitespace.cpp: Added.
-        (JSC::reduceWhitespace):
-        * bytecode/ReduceWhitespace.h: Added.
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::mightCompileEval):
-        (JSC::DFG::mightCompileProgram):
-        (JSC::DFG::mightCompileFunctionForCall):
-        (JSC::DFG::mightCompileFunctionForConstruct):
-        (JSC::DFG::mightInlineFunctionForCall):
-        (JSC::DFG::mightInlineFunctionForConstruct):
-        * dfg/DFGCapabilities.h:
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dumpHeader):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dumpHeader):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::entryOSR):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * profiler/ProfilerDatabase.cpp:
-        (JSC::Profiler::Database::ensureBytecodesFor):
-        * runtime/Options.h:
-
-2012-12-07  Jonathan Liu  <net147@gmail.com>
-
-        Add missing forward declaration for JSC::ArrayAllocationProfile
-        https://bugs.webkit.org/show_bug.cgi?id=104425
-
-        Reviewed by Kentaro Hara.
-
-        The header for the JSC::ArrayConstructor class is missing a forward
-        declaration for the JSC::ArrayAllocationProfile class which causes
-        compilation to fail when compiling with MinGW-w64.
-
-        * runtime/ArrayConstructor.h:
-        (JSC):
-
-2012-12-07  Jonathan Liu  <net147@gmail.com>
-
-        Add missing const qualifier to JSC::CodeBlock::getJITType()
-        https://bugs.webkit.org/show_bug.cgi?id=104424
-
-        Reviewed by Laszlo Gombos.
-
-        JSC::CodeBlock::getJITType() has the const qualifier when JIT is
-        enabled but is missing the const qualifier when JIT is disabled.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getJITType):
-
-2012-12-07  Oliver Hunt  <oliver@apple.com>
-
-        Make function code cache proportional to main codeblock cache
-        https://bugs.webkit.org/show_bug.cgi?id=104420
-
-        Reviewed by Geoffrey Garen.
-
-        Makes the constants determining the recently used function cache proportional
-        to the number of root codeblocks in the cache.  Also renames the constants to
-        make them more clear.
-     
-        * runtime/CodeCache.h:
-
-2012-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Strange results calculating a square root in a loop
-        https://bugs.webkit.org/show_bug.cgi?id=104247
-        <rdar://problem/12826880>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed the CFG simplification phase to ignore dead GetLocals in the first of the blocks
-        under the merge. This fixes the assertion, and is also cleaner: our general rule is
-        to not "revive" things that we've already proved to be dead.
-        
-        Also fixed some rotted debug code.
-
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-12-07  Geoffrey Garen  <ggaren@apple.com>
-
-        Crash in JSC::Bindings::RootObject::globalObject() sync'ing notes in Evernote
-        https://bugs.webkit.org/show_bug.cgi?id=104321
-        <rdar://problem/12770497>
-
-        Reviewed by Sam Weinig.
-
-        Work around a JSValueUnprotect(NULL) in Evernote.
-
-        * API/JSValueRef.cpp:
-        (evernoteHackNeeded):
-        (JSValueUnprotect):
-
-2012-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Incorrect inequality for checking whether a statement is within bounds of a handler
-        https://bugs.webkit.org/show_bug.cgi?id=104313
-        <rdar://problem/12808934>
-
-        Reviewed by Geoffrey Garen.
-
-        The most relevant change is in handlerForBytecodeOffset(), which fixes the inequality
-        used for checking whether a handler is pertinent to the current instruction. '<' is
-        correct, but '<=' isn't, since the 'end' is not inclusive.
-        
-        Also found, and addressed, a benign goof in how the finally inliner works: sometimes
-        we will have end > start. This falls out naturally from how the inliner works and how
-        we pop scopes in the bytecompiler, but it's sufficiently surprising that, to avoid any
-        future confusion, I added a comment and some code to prune those handlers out. Because
-        of how the handler resolution works, these handlers would have been skipped anyway.
-        
-        Also made various fixes to debugging code, which was necessary for tracking this down.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecode):
-        (JSC::CodeBlock::handlerForBytecodeOffset):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        * bytecompiler/Label.h:
-        (JSC::Label::bind):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        * llint/LLIntExceptions.cpp:
-        (JSC::LLInt::interpreterThrowInCaller):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::handleHostCall):
-
-2012-12-06  Rick Byers  <rbyers@chromium.org>
-
-        CSS cursor property should support webkit-image-set
-        https://bugs.webkit.org/show_bug.cgi?id=99493
-
-        Reviewed by Beth Dakin.
-
-        Add ENABLE_MOUSE_CURSOR_SCALE (disabled by default)
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-12-06  Laszlo Gombos  <l.gombos@samsung.com>
-
-        [CMake] Consolidate list of files to build for JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=104287
-
-        Reviewed by Gyuyoung Kim.
-
-        Add MemoryStatistics.cpp and ExecutableAllocator.cpp to the common
-        list of files and remove them from the port specific lists.
-
-        * CMakeLists.txt:
-        * PlatformBlackBerry.cmake:
-        * PlatformEfl.cmake:
-        * PlatformWinCE.cmake:
-
-2012-12-06  Oliver Hunt  <oliver@apple.com>
-
-        Tell heap that we've released all the compiled code.
-
-        Reviewed by Geoff Garen.
-
-        When we discard compiled code, inform the heap that we've
-        released an entire object graph.  This informs the heap that
-        it might want to perform a GC soon.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::discardAllCode):
-
-2012-12-06  Laszlo Gombos  <l.gombos@samsung.com>
-
-        [EFL] Remove ENABLE_GLIB_SUPPORT CMake variable
-        https://bugs.webkit.org/show_bug.cgi?id=104278
-
-        Reviewed by Brent Fulgham.
-
-        The conditional is not required as it is always set for EFL.
-
-        * PlatformEfl.cmake:
-
-2012-12-06  Oliver Hunt  <oliver@apple.com>
-
-        Build fix, last patch rolled out logic that is now needed on ToT.
-
-        * parser/ASTBuilder.h:
-        (ASTBuilder):
-        (JSC::ASTBuilder::setFunctionStart):
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::setFunctionStart):
-        (JSC::FunctionBodyNode::functionStart):
-        (FunctionBodyNode):
-        * parser/Parser.cpp:
-        (JSC::::parseFunctionInfo):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::setFunctionStart):
-
-2012-12-05  Oliver Hunt  <oliver@apple.com>
-
-        Remove harmful string->function cache
-        https://bugs.webkit.org/show_bug.cgi?id=104193
-
-        Reviewed by Alexey Proskuryakov.
-
-        Remove the string->function code cache that turned out to actually
-        be quite harmful.
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getFunctionCodeBlock):
-        * runtime/CodeCache.h:
-        (JSC::CodeCache::clear):
-
-2012-12-05  Halton Huo  <halton.huo@intel.com>
-
-        [CMake] Unify coding style for CMake files
-        https://bugs.webkit.org/show_bug.cgi?id=103605
-
-        Reviewed by Laszlo Gombos.
-
-        Update cmake files(.cmake, CMakeLists.txt) with following style rules:
-        1. Indentation
-        1.1 Use spaces, not tabs.
-        1.2 Four spaces as indent.
-        2. Spacing
-        2.1 Place one space between control statements and their parentheses.
-            For eg, if (), else (), elseif (), endif (), foreach (),
-            endforeach (), while (), endwhile (), break ().
-        2.2 Do not place spaces between function and macro statements and
-            their parentheses. For eg, macro(), endmacro(), function(),
-            endfunction().
-        2.3 Do not place spaces between a command or function or macro and its
-            parentheses, or between a parenthesis and its content. For eg,
-            message("testing") not message( "testing") or message ("testing" )
-        2.4 No space at line ending.
-        3. Lowercase when call commands macros and functions. For eg,
-           add_executable() not ADD_EXECUTABLE(), set() not SET().
-
-        * CMakeLists.txt:
-        * PlatformBlackBerry.cmake:
-        * PlatformEfl.cmake:
-        * PlatformWinCE.cmake:
-        * shell/CMakeLists.txt:
-        * shell/PlatformBlackBerry.cmake:
-        * shell/PlatformEfl.cmake:
-        * shell/PlatformWinCE.cmake:
-
-2012-12-05  Oliver Hunt  <oliver@apple.com>
-
-        Empty parse cache when receiving a low memory warning
-        https://bugs.webkit.org/show_bug.cgi?id=104161
-
-        Reviewed by Filip Pizlo.
-
-        This adds a function to the globaldata to empty all code related data
-        structures (code in the heap and the code cache).
-        It also adds a function to allow the CodeCache to actually be cleared
-        at all. 
-
-        * runtime/CodeCache.h:
-        (CacheMap):
-        (JSC::CacheMap::clear):
-        (JSC::CodeCache::clear):
-        (CodeCache):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::discardAllCode):
-        (JSC):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-
-2012-12-05  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC profiler should not count executions of op_call_put_result because doing so changes DFG codegen
-        https://bugs.webkit.org/show_bug.cgi?id=104102
-
-        Reviewed by Oliver Hunt.
-
-        This removes op_call_put_result from profiling, since profiling it has an effect on
-        codegen. This fix enables all of SunSpider, V8, and Kraken to be profiled with the
-        new profiler.
-        
-        To make this all fit together, the profiler now also reports in its output the exact
-        bytecode opcode name for each instruction (in addition to the stringified dump of that
-        bytecode), so that tools that grok the output can take note of op_call_put_result and
-        work around the fact that it has no counts.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * profiler/ProfilerBytecode.cpp:
-        (JSC::Profiler::Bytecode::toJS):
-        * profiler/ProfilerBytecode.h:
-        (JSC::Profiler::Bytecode::Bytecode):
-        (JSC::Profiler::Bytecode::opcodeID):
-        (Bytecode):
-        * profiler/ProfilerDatabase.cpp:
-        (JSC::Profiler::Database::ensureBytecodesFor):
-        * runtime/CommonIdentifiers.h:
-
-2012-12-04  Filip Pizlo  <fpizlo@apple.com>
-
-        display-profiler-output should be able to show source code
-        https://bugs.webkit.org/show_bug.cgi?id=104073
-
-        Reviewed by Oliver Hunt.
-
-        Modify the profiler database to store source code. For functions, we store the
-        function including the function signature.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::unlinkedCodeBlock):
-        (CodeBlock):
-        * profiler/ProfilerBytecodes.cpp:
-        (JSC::Profiler::Bytecodes::Bytecodes):
-        (JSC::Profiler::Bytecodes::toJS):
-        * profiler/ProfilerBytecodes.h:
-        (Bytecodes):
-        (JSC::Profiler::Bytecodes::sourceCode):
-        * profiler/ProfilerDatabase.cpp:
-        (JSC::Profiler::Database::addBytecodes):
-        (JSC::Profiler::Database::ensureBytecodesFor):
-        * profiler/ProfilerDatabase.h:
-        (Database):
-        * runtime/CommonIdentifiers.h:
-        * runtime/Executable.h:
-        (FunctionExecutable):
-        (JSC::FunctionExecutable::unlinkedExecutable):
-
-2012-12-02  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should be able to report profiling data associated with the IR dumps and disassembly
-        https://bugs.webkit.org/show_bug.cgi?id=102999
-
-        Reviewed by Gavin Barraclough.
-
-        Added a new profiler to JSC. It's simply called "Profiler" in anticipation of it
-        ultimately replacing the previous profiling infrastructure. This profiler counts the
-        number of times that a bytecode executes in various engines, and will record both the
-        counts and all disassembly and bytecode dumps, into a database that can be at any
-        time turned into either a JS object using any global object or global data of your
-        choice, or can be turned into a JSON string, or saved to a file.
-        
-        Currently the only use of this is the new '-p <file>' flag to the jsc command-line.
-        
-        The profiler is always compiled in and normally incurs no execution time cost, but is
-        only activated when you create a Profiler::Database and install it in
-        JSGlobalData::m_perBytecodeProfiler. From that point on, all code blocks will be
-        compiled along with disassembly and bytecode dumps stored into the Profiler::Database,
-        and all code blocks will have execution counts, which are also stored in the database.
-        The database will continue to keep information about code blocks alive even after they
-        are otherwise GC'd.
-        
-        This currently still has some glitches, like the fact that it only counts executions
-        in the JITs. Doing execution counting in the LLInt might require a bit of a rethink
-        about how the counting is expressed - currently it is implicit in bytecode, so there
-        is no easy way to "turn it on" in the LLInt. Also, right now there is no information
-        recorded about OSR exits or out-of-line stubs. But, even so, it's quite cool, and
-        gives you a peek into what JSC is doing that would otherwise not be possible.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::baselineVersion):
-        * bytecode/CodeOrigin.cpp:
-        (JSC::InlineCallFrame::baselineCodeBlock):
-        (JSC):
-        * bytecode/CodeOrigin.h:
-        (InlineCallFrame):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dump):
-        (DFG):
-        (JSC::DFG::Disassembler::reportToProfiler):
-        (JSC::DFG::Disassembler::dumpHeader):
-        (JSC::DFG::Disassembler::append):
-        (JSC::DFG::Disassembler::createDumpList):
-        * dfg/DFGDisassembler.h:
-        (Disassembler):
-        (JSC::DFG::Disassembler::DumpedOp::DumpedOp):
-        (DumpedOp):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::Graph):
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::JITCompiler):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGNode.h:
-        (Node):
-        (JSC::DFG::Node::hasExecutionCounter):
-        (JSC::DFG::Node::executionCounter):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dump):
-        (JSC::JITDisassembler::reportToProfiler):
-        (JSC):
-        (JSC::JITDisassembler::dumpHeader):
-        (JSC::JITDisassembler::firstSlowLabel):
-        (JSC::JITDisassembler::dumpVectorForInstructions):
-        (JSC::JITDisassembler::dumpForInstructions):
-        (JSC::JITDisassembler::reportInstructions):
-        * jit/JITDisassembler.h:
-        (JITDisassembler):
-        (DumpedOp):
-        * jsc.cpp:
-        (CommandLine::CommandLine):
-        (CommandLine):
-        (printUsageStatement):
-        (CommandLine::parseArguments):
-        (jscmain):
-        * profiler/ProfilerBytecode.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::Bytecode::toJS):
-        * profiler/ProfilerBytecode.h: Added.
-        (Profiler):
-        (Bytecode):
-        (JSC::Profiler::Bytecode::Bytecode):
-        (JSC::Profiler::Bytecode::bytecodeIndex):
-        (JSC::Profiler::Bytecode::description):
-        (JSC::Profiler::getBytecodeIndexForBytecode):
-        * profiler/ProfilerBytecodes.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::Bytecodes::Bytecodes):
-        (JSC::Profiler::Bytecodes::~Bytecodes):
-        (JSC::Profiler::Bytecodes::indexForBytecodeIndex):
-        (JSC::Profiler::Bytecodes::forBytecodeIndex):
-        (JSC::Profiler::Bytecodes::dump):
-        (JSC::Profiler::Bytecodes::toJS):
-        * profiler/ProfilerBytecodes.h: Added.
-        (Profiler):
-        (Bytecodes):
-        (JSC::Profiler::Bytecodes::append):
-        (JSC::Profiler::Bytecodes::id):
-        (JSC::Profiler::Bytecodes::hash):
-        (JSC::Profiler::Bytecodes::size):
-        (JSC::Profiler::Bytecodes::at):
-        * profiler/ProfilerCompilation.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::Compilation::Compilation):
-        (JSC::Profiler::Compilation::~Compilation):
-        (JSC::Profiler::Compilation::addDescription):
-        (JSC::Profiler::Compilation::executionCounterFor):
-        (JSC::Profiler::Compilation::toJS):
-        * profiler/ProfilerCompilation.h: Added.
-        (Profiler):
-        (Compilation):
-        (JSC::Profiler::Compilation::bytecodes):
-        (JSC::Profiler::Compilation::kind):
-        * profiler/ProfilerCompilationKind.cpp: Added.
-        (WTF):
-        (WTF::printInternal):
-        * profiler/ProfilerCompilationKind.h: Added.
-        (Profiler):
-        (WTF):
-        * profiler/ProfilerCompiledBytecode.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::CompiledBytecode::CompiledBytecode):
-        (JSC::Profiler::CompiledBytecode::~CompiledBytecode):
-        (JSC::Profiler::CompiledBytecode::toJS):
-        * profiler/ProfilerCompiledBytecode.h: Added.
-        (Profiler):
-        (CompiledBytecode):
-        (JSC::Profiler::CompiledBytecode::originStack):
-        (JSC::Profiler::CompiledBytecode::description):
-        * profiler/ProfilerDatabase.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::Database::Database):
-        (JSC::Profiler::Database::~Database):
-        (JSC::Profiler::Database::addBytecodes):
-        (JSC::Profiler::Database::ensureBytecodesFor):
-        (JSC::Profiler::Database::notifyDestruction):
-        (JSC::Profiler::Database::newCompilation):
-        (JSC::Profiler::Database::toJS):
-        (JSC::Profiler::Database::toJSON):
-        (JSC::Profiler::Database::save):
-        * profiler/ProfilerDatabase.h: Added.
-        (Profiler):
-        (Database):
-        * profiler/ProfilerExecutionCounter.h: Added.
-        (Profiler):
-        (ExecutionCounter):
-        (JSC::Profiler::ExecutionCounter::ExecutionCounter):
-        (JSC::Profiler::ExecutionCounter::address):
-        (JSC::Profiler::ExecutionCounter::count):
-        * profiler/ProfilerOrigin.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::Origin::Origin):
-        (JSC::Profiler::Origin::dump):
-        (JSC::Profiler::Origin::toJS):
-        * profiler/ProfilerOrigin.h: Added.
-        (JSC):
-        (Profiler):
-        (Origin):
-        (JSC::Profiler::Origin::Origin):
-        (JSC::Profiler::Origin::operator!):
-        (JSC::Profiler::Origin::bytecodes):
-        (JSC::Profiler::Origin::bytecodeIndex):
-        (JSC::Profiler::Origin::operator!=):
-        (JSC::Profiler::Origin::operator==):
-        (JSC::Profiler::Origin::hash):
-        (JSC::Profiler::Origin::isHashTableDeletedValue):
-        (JSC::Profiler::OriginHash::hash):
-        (JSC::Profiler::OriginHash::equal):
-        (OriginHash):
-        (WTF):
-        * profiler/ProfilerOriginStack.cpp: Added.
-        (Profiler):
-        (JSC::Profiler::OriginStack::OriginStack):
-        (JSC::Profiler::OriginStack::~OriginStack):
-        (JSC::Profiler::OriginStack::append):
-        (JSC::Profiler::OriginStack::operator==):
-        (JSC::Profiler::OriginStack::hash):
-        (JSC::Profiler::OriginStack::dump):
-        (JSC::Profiler::OriginStack::toJS):
-        * profiler/ProfilerOriginStack.h: Added.
-        (JSC):
-        (Profiler):
-        (OriginStack):
-        (JSC::Profiler::OriginStack::OriginStack):
-        (JSC::Profiler::OriginStack::operator!):
-        (JSC::Profiler::OriginStack::size):
-        (JSC::Profiler::OriginStack::fromBottom):
-        (JSC::Profiler::OriginStack::fromTop):
-        (JSC::Profiler::OriginStack::isHashTableDeletedValue):
-        (JSC::Profiler::OriginStackHash::hash):
-        (JSC::Profiler::OriginStackHash::equal):
-        (OriginStackHash):
-        (WTF):
-        * runtime/CommonIdentifiers.h:
-        * runtime/ExecutionHarness.h:
-        (JSC::prepareForExecution):
-        (JSC::prepareFunctionForExecution):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        * runtime/Options.h:
-        (JSC):
-
-2012-12-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Rename Profiler to LegacyProfiler
-        https://bugs.webkit.org/show_bug.cgi?id=104031
-
-        Rubber stamped by Mark Hahnenberg
-
-        Make room in the namespace for https://bugs.webkit.org/show_bug.cgi?id=102999.
-
-        * API/JSProfilerPrivate.cpp:
-        (JSStartProfiling):
-        (JSEndProfiling):
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        * jit/JIT.h:
-        * jit/JITCode.h:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * profiler/LegacyProfiler.cpp: Added.
-        (JSC):
-        (JSC::LegacyProfiler::profiler):
-        (JSC::LegacyProfiler::startProfiling):
-        (JSC::LegacyProfiler::stopProfiling):
-        (JSC::dispatchFunctionToProfiles):
-        (JSC::LegacyProfiler::willExecute):
-        (JSC::LegacyProfiler::didExecute):
-        (JSC::LegacyProfiler::exceptionUnwind):
-        (JSC::LegacyProfiler::createCallIdentifier):
-        (JSC::createCallIdentifierFromFunctionImp):
-        * profiler/LegacyProfiler.h: Added.
-        (JSC):
-        (LegacyProfiler):
-        (JSC::LegacyProfiler::currentProfiles):
-        * profiler/ProfileGenerator.cpp:
-        (JSC::ProfileGenerator::addParentForConsoleStart):
-        * profiler/ProfileNode.cpp:
-        * profiler/Profiler.cpp: Removed.
-        * profiler/Profiler.h: Removed.
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSC::JSGlobalData::enabledProfiler):
-        (JSGlobalData):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-
-2012-12-03  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline code blocks that use scoped variable access
-        https://bugs.webkit.org/show_bug.cgi?id=103974
-
-        Reviewed by Oliver Hunt.
-
-        This mostly just turns on something we could have done all along, but also adds a few key
-        necessities to make this right:
-        
-        1) Constant folding of SkipScope, since if we inline with a known JSFunction* then the
-           scope is constant.
-        
-        2) Interference analysis for GetLocal<->PutScopedVar and SetLocal<->GetScopedVar.
-        
-        This is not meant to be a speed-up on major benchmarks since we don't yet inline most
-        closure calls for entirely unrelated reasons. But on toy programs it can be >2x faster.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getScope):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::scopedVarLoadElimination):
-        (JSC::DFG::CSEPhase::scopedVarStoreElimination):
-        (JSC::DFG::CSEPhase::getLocalLoadElimination):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineResolveOperations):
-
-2012-12-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Replace JSValue::description() with JSValue::dump(PrintStream&)
-        https://bugs.webkit.org/show_bug.cgi?id=103866
-
-        Reviewed by Darin Adler.
-
-        JSValue now has a dump() method. Anywhere that you would have wanted to use
-        description(), you can either do toCString(value).data(), or if the callee
-        is a print()/dataLog() method then you just pass the value directly.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfileBase::dump):
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::dump):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        * jsc.cpp:
-        (functionDescribe):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::llint_trace_value):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::dump):
-        * runtime/JSValue.h:
-
-2012-12-04  Filip Pizlo  <fpizlo@apple.com>
-
-        jsc command line tool's support for typed arrays should be robust against array buffer allocation errors
-        https://bugs.webkit.org/show_bug.cgi?id=104020
-        <rdar://problem/12802478>
-
-        Reviewed by Mark Hahnenberg.
-
-        Check for null buffers, since that's what typed array allocators are supposed to do. WebCore does it,
-        and that is indeed the contract of ArrayBuffer and TypedArrayBase.
-
-        * JSCTypedArrayStubs.h:
-        (JSC):
-
-2012-12-03  Peter Rybin  <prybin@chromium.org>
-
-        Web Inspector: make ASSERTION FAILED: foundPropertiesCount == object->size() more useful
-        https://bugs.webkit.org/show_bug.cgi?id=103254
-
-        Reviewed by Pavel Feldman.
-
-        Missing symbol WTFReportFatalError is added to the linker list.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-12-03  Alexis Menard  <alexis@webkit.org>
-
-        [Mac] Enable CSS3 background-position offset by default.
-        https://bugs.webkit.org/show_bug.cgi?id=103905
-
-        Reviewed by Simon Fraser.
-
-        Turn the flag on by default.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-12-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should trigger rage conversion from double to contiguous if it sees a GetByVal on Double being used in an integer context
-        https://bugs.webkit.org/show_bug.cgi?id=103858
-
-        Reviewed by Gavin Barraclough.
-
-        A rage conversion from double to contiguous is one where you try to convert each
-        double to an int32.
-
-        This is probably not the last we'll hear of rage conversion from double to contiguous.
-        It may be better to do this right during parsing, which will result in fewer cases of
-        Arrayification. But even so, this looks like a straight win already - 1% speed-up on
-        Kraken, no major regression anywhere else.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::refine):
-        (JSC::DFG::arrayConversionToString):
-        (JSC::DFG::ArrayMode::dump):
-        (WTF):
-        (WTF::printInternal):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::ArrayMode::withConversion):
-        (ArrayMode):
-        (JSC::DFG::ArrayMode::doesConversion):
-        (WTF):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupBlock):
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        (FixupPhase):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * runtime/JSObject.cpp:
-        (JSC):
-        (JSC::JSObject::genericConvertDoubleToContiguous):
-        (JSC::JSObject::convertDoubleToContiguous):
-        (JSC::JSObject::rageConvertDoubleToContiguous):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::rageEnsureContiguousSlow):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::rageEnsureContiguous):
-
-2012-12-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CSE should not keep alive things that aren't relevant to OSR
-        https://bugs.webkit.org/show_bug.cgi?id=103849
-
-        Reviewed by Oliver Hunt.
-
-        Most Phantom nodes are inserted by CSE, and by default have the same children as the
-        node that CSE had eliminated. This change makes CSE inspect all Phantom nodes (both
-        those it creates and those that were created by other phases) to see if they have
-        children that are redundant - i.e. children that are not interesting to OSR, which
-        is the only reason why Phantoms exist in the first place. Being relevant to OSR is
-        defined as one of: (1) you're a Phi, (2) you're a SetLocal, (3) somewhere between
-        your definition and the Phantom there was a SetLocal that referred to you.
-        
-        This is a slight speed-up in a few places.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::CSEPhase):
-        (JSC::DFG::CSEPhase::run):
-        (JSC::DFG::CSEPhase::performSubstitution):
-        (CSEPhase):
-        (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        (JSC::DFG::CSEPhase::performBlockCSE):
-
-2012-12-02  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to build and run with DFG_ENABLE(PROPAGATION_VERBOSE)
-        https://bugs.webkit.org/show_bug.cgi?id=103848
-
-        Reviewed by Sam Weinig.
-
-        Fix random dataLog() and print() statements.
-
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dumpBlockHeader):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-
-2012-12-01  Filip Pizlo  <fpizlo@apple.com>
-
-        CodeBlock should be able to dump bytecode to something other than WTF::dataFile()
-        https://bugs.webkit.org/show_bug.cgi?id=103832
-
-        Reviewed by Oliver Hunt.
-
-        Add a PrintStream& argument to all of the CodeBlock bytecode dumping methods.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::dumpStructure):
-        (JSC::dumpChain):
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dumpBytecode):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dumpForInstructions):
-
-2012-11-30  Pierre Rossi  <pierre.rossi@gmail.com>
-
-        [Qt] Unreviewed speculative Mac build fix after r136232
-
-        Update the include path so that LLIntAssembly.h is picked up.
-        The bot didn't break until later when a clean build was triggered.
-
-        * JavaScriptCore.pri:
-
-2012-11-30  Oliver Hunt  <oliver@apple.com>
-
-        Optimise more cases of op_typeof
-        https://bugs.webkit.org/show_bug.cgi?id=103783
-
-        Reviewed by Mark Hahnenberg.
-
-        Increase our coverage of typeof based typechecks by
-        making sure that the codegenerators always uses
-        consistent operand ordering when feeding typeof operations
-        into equality operations.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BinaryOpNode::emitBytecode):
-        (JSC::EqualNode::emitBytecode):
-        (JSC::StrictEqualNode::emitBytecode):
-
-2012-11-30  Filip Pizlo  <fpizlo@apple.com>
-
-        Rationalize and clean up DFG handling of scoped accesses
-        https://bugs.webkit.org/show_bug.cgi?id=103715
-
-        Reviewed by Oliver Hunt.
-
-        Previously, we had a GetScope node that specified the depth to which you wanted
-        to travel to get a JSScope, and the backend implementation of the node would
-        perform all of the necessary footwork, including potentially skipping the top
-        scope if necessary, and doing however many loads were needed. But there were
-        strange things. First, if you had accesses at different scope depths, then the
-        loads to get to the common depth could not be CSE'd - CSE would match only
-        GetScope's that had identical depth. Second, GetScope would be emitted even if
-        we already had the scope, for example in put_to_base. And finally, even though
-        the ResolveOperations could tell us whether or not we had to skip the top scope,
-        the backend would recompute this information itself, often pessimistically.
-        
-        This eliminates GetScope and replaces it with the following:
-        
-        GetMyScope: just get the JSScope from the call frame header. This will forever
-        mean getting the JSScope associated with the machine call frame; it will not
-        mean getting the scope of an inlined function. Or at least that's the intent.
-        
-        SkipTopScope: check if there is an activation, and if so, skip a scope. This
-        takes a scope as a child and returns a scope.
-        
-        SkipScope: skip one scope level.
-        
-        The bytecode parser now emits the right combination of the above, and
-        potentially emits multiple SkipScope's, based on the ResolveOperations.
-        
-        This change also includes some fixups to debug logging. We now always print
-        the ExecutableBase* in addition to the CodeBlock* in the CodeBlock's dump,
-        and we are now more verbose when dumping CodeOrigins and InlineCallFrames.
-        
-        This is performance-neutral. It's just meant to be a clean-up.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpAssumingJITType):
-        * bytecode/CodeOrigin.cpp:
-        (JSC::CodeOrigin::inlineStack):
-        (JSC::CodeOrigin::dump):
-        (JSC):
-        (JSC::InlineCallFrame::dump):
-        * bytecode/CodeOrigin.h:
-        (CodeOrigin):
-        (InlineCallFrame):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::getScope):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::scopedVarLoadElimination):
-        (JSC::DFG::CSEPhase::scopedVarStoreElimination):
-        (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
-        (JSC::DFG::CSEPhase::setLocalStoreElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dump):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::dumpBlockHeader):
-        * dfg/DFGNode.h:
-        (Node):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dump):
-
-2012-11-30  Oliver Hunt  <oliver@apple.com>
-
-        Add direct string->function code cache
-        https://bugs.webkit.org/show_bug.cgi?id=103764
-
-        Reviewed by Michael Saboff.
-
-        A fairly logically simple patch.  We now track the start of the
-        unique portion of a functions body, and use that as our key for
-        unlinked function code.  This allows us to cache identical code
-        in different contexts, leading to a small but consistent improvement
-        on the benchmarks we track.
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC::UnlinkedFunctionExecutable::functionStartOffset):
-        (UnlinkedFunctionExecutable):
-        * parser/ASTBuilder.h:
-        (ASTBuilder):
-        (JSC::ASTBuilder::setFunctionStart):
-        * parser/Nodes.cpp:
-        * parser/Nodes.h:
-        (JSC::FunctionBodyNode::setFunctionStart):
-        (JSC::FunctionBodyNode::functionStart):
-        (FunctionBodyNode):
-        * parser/Parser.cpp:
-        (JSC::::parseFunctionInfo):
-        * parser/Parser.h:
-        (JSC::Parser::findCachedFunctionInfo):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::setFunctionStart):
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::generateFunctionCodeBlock):
-        (JSC::CodeCache::getFunctionCodeBlock):
-        (JSC::CodeCache::usedFunctionCode):
-        * runtime/CodeCache.h:
-
-2012-11-30  Allan Sandfeld Jensen  <allan.jensen@digia.com>
-
-        Crash in conversion of empty OpaqueJSString to Identifier 
-        https://bugs.webkit.org/show_bug.cgi?id=101867
-
-        Reviewed by Michael Saboff.
-
-        The constructor call used for both null and empty OpaqueJSStrings results
-        in an assertion voilation and crash. This patch instead uses the Identifier
-        constructors which are specifically for null and empty Identifier.
-
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::identifier):
-
-2012-11-30  Tor Arne Vestbø  <tor.arne.vestbo@digia.com>
-
-        [Qt] Place the LLIntOffsetsExtractor binaries in debug/release subdirs on Mac
-
-        Otherwise we'll end up using the same LLIntAssembly.h for both build
-        configs of JavaScriptCore -- one of them which will be for the wrong
-        config.
-
-        Reviewed by Simon Hausmann.
-
-        * LLIntOffsetsExtractor.pro:
-
-2012-11-30  Julien BRIANCEAU   <jbrianceau@nds.com>
-
-        [sh4] Fix compilation warnings in JavaScriptCore JIT for sh4 arch
-        https://bugs.webkit.org/show_bug.cgi?id=103378
-
-        Reviewed by Filip Pizlo.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchTest32):
-        (JSC::MacroAssemblerSH4::branchAdd32):
-        (JSC::MacroAssemblerSH4::branchMul32):
-        (JSC::MacroAssemblerSH4::branchSub32):
-        (JSC::MacroAssemblerSH4::branchOr32):
-
-2012-11-29  Rafael Weinstein  <rafaelw@chromium.org>
-
-        [HTMLTemplateElement] Add feature flag
-        https://bugs.webkit.org/show_bug.cgi?id=103694
-
-        Reviewed by Adam Barth.
-
-        This flag will guard the implementation of the HTMLTemplateElement.
-        http://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/templates/index.html
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-11-29  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be easy to find code blocks in debug dumps
-        https://bugs.webkit.org/show_bug.cgi?id=103623
-
-        Reviewed by Goeffrey Garen.
-
-        This gives CodeBlock a relatively strong, but also relatively compact, hash. We compute
-        it lazily so that it only impacts run-time when debug support is enabled. We stringify
-        it smartly so that it's short and easy to type. We base it on the source code so that
-        the optimization level is irrelevant. And, we use SHA1 since it's already in our code
-        base. Now, when a piece of code wants to print some debugging to say that it's operating
-        on some code block, it can use this CodeBlockHash instead of memory addresses.
-
-        This also takes CodeBlock debugging into the new world of print() and dataLog(). In
-        particular, CodeBlock::dump() corresponds to the thing you want printed if you do:
-
-        dataLog("I heart ", *myCodeBlock);
-
-        Probably, you want to just print some identifying information at this point rather than
-        the full bytecode dump. So, the existing CodeBlock::dump() has been renamed to
-        CodeBlock::dumpBytecode(), and CodeBlock::dump() now prints the CodeBlockHash plus just
-        a few little tidbits.
-        
-        Here's an example of CodeBlock::dump() output:
-        
-        EkILzr:[0x103883a00, BaselineFunctionCall]
-        
-        EkILzr is the CodeBlockHash. 0x103883a00 is the CodeBlock's address in memory. The other
-        part is self-explanatory.
-
-        Finally, this new notion of CodeBlockHash is available for other purposes like bisecting
-        breakage. As such CodeBlockHash has all of the comparison operator overloads. When
-        bisecting in DFGDriver.cpp, you can now say things like:
-        
-        if (codeBlock->hash() < CodeBlockHash("CAAAAA"))
-            return false;
-        
-        And yes, CAAAAA is near the median hash, and the largest one is smaller than E99999. Such
-        is life when you use base 62 to encode a 32-bit number.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CallLinkInfo.h:
-        (CallLinkInfo):
-        (JSC::CallLinkInfo::specializationKind):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::hash):
-        (JSC):
-        (JSC::CodeBlock::dumpAssumingJITType):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::dumpBytecode):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::resetStubInternal):
-        (JSC::CodeBlock::reoptimize):
-        (JSC::ProgramCodeBlock::jettison):
-        (JSC::EvalCodeBlock::jettison):
-        (JSC::FunctionCodeBlock::jettison):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::tallyFrequentExitSites):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::specializationKind):
-        (CodeBlock):
-        (JSC::CodeBlock::getJITType):
-        * bytecode/CodeBlockHash.cpp: Added.
-        (JSC):
-        (JSC::CodeBlockHash::CodeBlockHash):
-        (JSC::CodeBlockHash::dump):
-        * bytecode/CodeBlockHash.h: Added.
-        (JSC):
-        (CodeBlockHash):
-        (JSC::CodeBlockHash::CodeBlockHash):
-        (JSC::CodeBlockHash::hash):
-        (JSC::CodeBlockHash::operator==):
-        (JSC::CodeBlockHash::operator!=):
-        (JSC::CodeBlockHash::operator<):
-        (JSC::CodeBlockHash::operator>):
-        (JSC::CodeBlockHash::operator<=):
-        (JSC::CodeBlockHash::operator>=):
-        * bytecode/CodeBlockWithJITType.h: Added.
-        (JSC):
-        (CodeBlockWithJITType):
-        (JSC::CodeBlockWithJITType::CodeBlockWithJITType):
-        (JSC::CodeBlockWithJITType::dump):
-        * bytecode/CodeOrigin.cpp: Added.
-        (JSC):
-        (JSC::CodeOrigin::inlineDepthForCallFrame):
-        (JSC::CodeOrigin::inlineDepth):
-        (JSC::CodeOrigin::inlineStack):
-        (JSC::InlineCallFrame::hash):
-        * bytecode/CodeOrigin.h:
-        (InlineCallFrame):
-        (JSC::InlineCallFrame::specializationKind):
-        (JSC):
-        * bytecode/CodeType.cpp: Added.
-        (WTF):
-        (WTF::printInternal):
-        * bytecode/CodeType.h:
-        (WTF):
-        * bytecode/ExecutionCounter.cpp:
-        (JSC::ExecutionCounter::dump):
-        * bytecode/ExecutionCounter.h:
-        (ExecutionCounter):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dump):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        (JSC::DFG::dfgLinkClosureCall):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpCallFrame):
-        * jit/JITCode.cpp: Added.
-        (WTF):
-        (WTF::printInternal):
-        * jit/JITCode.h:
-        (JSC::JITCode::jitType):
-        (WTF):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dump):
-        (JSC::JITDisassembler::dumpForInstructions):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::privateCompileGetByVal):
-        (JSC::JIT::privateCompilePutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdSelfList):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/CodeSpecializationKind.cpp: Added.
-        (WTF):
-        (WTF::printInternal):
-        * runtime/CodeSpecializationKind.h:
-        (JSC::specializationFromIsCall):
-        (JSC):
-        (JSC::specializationFromIsConstruct):
-        (WTF):
-        * runtime/Executable.cpp:
-        (JSC::ExecutableBase::hashFor):
-        (JSC):
-        (JSC::NativeExecutable::hashFor):
-        (JSC::ScriptExecutable::hashFor):
-        * runtime/Executable.h:
-        (ExecutableBase):
-        (NativeExecutable):
-        (ScriptExecutable):
-        (JSC::ScriptExecutable::source):
-
-2012-11-29  Michael Saboff  <msaboff@apple.com>
-
-        Speculative Windows build fix after r136086.
-
-        Unreviewed build fix.
-
-        Suspect that ?setDumpsGeneratedCode@BytecodeGenerator@JSC@@SAX_N@Z needs to be removed from Windows
-        export list since the symbol was removed in r136086.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        SpeculatedType dumping should not use the static char buffer[thingy] idiom
-        https://bugs.webkit.org/show_bug.cgi?id=103584
-
-        Reviewed by Michael Saboff.
-
-        Changed SpeculatedType to be "dumpable" by saying things like:
-        
-        dataLog("thingy = ", SpeculationDump(thingy))
-        
-        Removed the old stringification functions, and changed all code that referred to them
-        to use the new dataLog()/print() style.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/SpeculatedType.cpp:
-        (JSC::dumpSpeculation):
-        (JSC::speculationToAbbreviatedString):
-        (JSC::dumpSpeculationAbbreviated):
-        * bytecode/SpeculatedType.h:
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfileBase::dump):
-        * bytecode/VirtualRegister.h:
-        (WTF::printInternal):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGStructureAbstractValue.h:
-        * dfg/DFGVariableAccessDataDump.cpp: Added.
-        (JSC::DFG::VariableAccessDataDump::VariableAccessDataDump):
-        (JSC::DFG::VariableAccessDataDump::dump):
-        * dfg/DFGVariableAccessDataDump.h: Added.
-        (VariableAccessDataDump):
-
-2012-11-28  Michael Saboff  <msaboff@apple.com>
-
-        Change Bytecompiler s_dumpsGeneratedCode to an Options value
-        https://bugs.webkit.org/show_bug.cgi?id=103588
-
-        Reviewed by Filip Pizlo.
-
-        Moved the control of dumping bytecodes to Options::dumpGeneratedBytecodes.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        * bytecompiler/BytecodeGenerator.h:
-        * jsc.cpp:
-        (runWithScripts):
-        * runtime/Options.h:
-
-2012-11-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Copying phase should use work lists
-        https://bugs.webkit.org/show_bug.cgi?id=101390
-
-        Reviewed by Filip Pizlo.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        * heap/BlockAllocator.h: New RegionSet for CopyWorkListSegments.
-        (BlockAllocator):
-        (JSC::CopyWorkListSegment):
-        * heap/CopiedBlock.h: Added a per-block CopyWorkList to keep track of the JSCells that need to be revisited during the copying
-        phase to copy their backing stores.
-        (CopiedBlock):
-        (JSC::CopiedBlock::CopiedBlock): 
-        (JSC::CopiedBlock::didSurviveGC):
-        (JSC::CopiedBlock::didEvacuateBytes): There is now a one-to-one relationship between GCThreads and the CopiedBlocks they're 
-        responsible for evacuating, we no longer need any of that fancy compare and swap stuff. 
-        (JSC::CopiedBlock::pin):
-        (JSC::CopiedBlock::hasWorkList): 
-        (JSC::CopiedBlock::workList):
-        * heap/CopiedBlockInlines.h: Added.
-        (JSC::CopiedBlock::reportLiveBytes): Since we now have to grab a SpinLock to perform operations on the CopyWorkList during marking,
-        we don't need to do any of that fancy compare and swap stuff we were doing for tracking live bytes.
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/CopiedSpaceInlines.h:
-        (JSC::CopiedSpace::pin):
-        * heap/CopyVisitor.cpp:
-        (JSC::CopyVisitor::copyFromShared): We now iterate over a range of CopiedBlocks rather than MarkedBlocks and revisit the cells in those
-        blocks' CopyWorkLists.
-        * heap/CopyVisitor.h:
-        (CopyVisitor):
-        * heap/CopyVisitorInlines.h:
-        (JSC::CopyVisitor::visitCell): The function responsible for calling the correct copyBackingStore() function for each JSCell from 
-        a CopiedBlock's CopyWorkList.
-        (JSC::CopyVisitor::didCopy): We no longer need to check if the block is empty here because we know exactly when we're done 
-        evacuating a CopiedBlock, which is when we've gone through all of the CopiedBlock's CopyWorkList.
-        * heap/CopyWorkList.h: Added.
-        (CopyWorkListSegment): Individual chunk of a CopyWorkList that is allocated from the BlockAllocator.
-        (JSC::CopyWorkListSegment::create):
-        (JSC::CopyWorkListSegment::size):
-        (JSC::CopyWorkListSegment::isFull):
-        (JSC::CopyWorkListSegment::get):
-        (JSC::CopyWorkListSegment::append):
-        (JSC::CopyWorkListSegment::CopyWorkListSegment):
-        (JSC::CopyWorkListSegment::data):
-        (JSC::CopyWorkListSegment::endOfBlock):
-        (CopyWorkListIterator): Responsible for giving CopyVisitors a contiguous notion of access across the separate CopyWorkListSegments
-        that make up each CopyWorkList.
-        (JSC::CopyWorkListIterator::get):
-        (JSC::CopyWorkListIterator::operator*):
-        (JSC::CopyWorkListIterator::operator->):
-        (JSC::CopyWorkListIterator::operator++):
-        (JSC::CopyWorkListIterator::operator==):
-        (JSC::CopyWorkListIterator::operator!=):
-        (JSC::CopyWorkListIterator::CopyWorkListIterator):
-        (CopyWorkList): Data structure that keeps track of the JSCells that need copying in a particular CopiedBlock.
-        (JSC::CopyWorkList::CopyWorkList):
-        (JSC::CopyWorkList::~CopyWorkList):
-        (JSC::CopyWorkList::append):
-        (JSC::CopyWorkList::begin):
-        (JSC::CopyWorkList::end):
-        * heap/GCThreadSharedData.cpp:
-        (JSC::GCThreadSharedData::GCThreadSharedData): We no longer use the m_blockSnapshot from the Heap during the copying phase.
-        (JSC::GCThreadSharedData::didStartCopying): We now copy the set of all blocks in the CopiedSpace to a separate vector for 
-        iterating over during the copying phase since the set stored in the CopiedSpace will change as blocks are evacuated and 
-        recycled throughout the copying phase.
-        * heap/GCThreadSharedData.h:
-        (GCThreadSharedData): 
-        * heap/Heap.h:
-        (Heap):
-        * heap/SlotVisitor.h: We now need to know the object who is being marked that has a backing store so that we can store it 
-        in a CopyWorkList to revisit later during the copying phase.
-        * heap/SlotVisitorInlines.h:
-        (JSC::SlotVisitor::copyLater):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitButterfly):
-
-2012-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Disassembly methods should be able to disassemble to any PrintStream& rather than always using WTF::dataFile()
-        https://bugs.webkit.org/show_bug.cgi?id=103492
-
-        Reviewed by Mark Hahnenberg.
-
-        Switched disassembly code to use PrintStream&, and to use print() rather than printf().
-
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dump):
-        (DFG):
-        (JSC::DFG::Disassembler::dumpDisassembly):
-        * dfg/DFGDisassembler.h:
-        (Disassembler):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::printWhiteSpace):
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::printNodeWhiteSpace):
-        (JSC::DFG::Graph::dump):
-        (DFG):
-        (JSC::DFG::Graph::dumpBlockHeader):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dump):
-        (JSC::JITDisassembler::dumpForInstructions):
-        (JSC::JITDisassembler::dumpDisassembly):
-        * jit/JITDisassembler.h:
-        (JITDisassembler):
-
-2012-11-28  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to say dataLog("count = ", count, "\n") instead of dataLogF("count = %d\n", count)
-        https://bugs.webkit.org/show_bug.cgi?id=103009
-
-        Reviewed by Michael Saboff.
-
-        Instead of converting all of JSC to use the new dataLog()/print() methods, I just changed
-        one place: dumping of abstract values. This is mainly just to ensure that the code I
-        added to WTF is actually doing things.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::dump):
-        (WTF):
-        (WTF::printInternal):
-        * dfg/DFGStructureAbstractValue.h:
-        (JSC::DFG::StructureAbstractValue::dump):
-        (WTF):
-        (WTF::printInternal):
-
-2012-11-28  Oliver Hunt  <oliver@apple.com>
-
-        Make source cache include more information about the function extent.
-        https://bugs.webkit.org/show_bug.cgi?id=103552
-
-        Reviewed by Gavin Barraclough.
-
-        Add a bit more information to the source cache.
-
-        * parser/Parser.cpp:
-        (JSC::::parseFunctionInfo):
-           Store the function start offset
-        * parser/SourceProviderCacheItem.h:
-        (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
-        (SourceProviderCacheItem):
-           Add additional field for the start of the real function string, and re-arrange
-           fields to avoid growing the struct.
-
-2012-11-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Convert some remaining uses of FILE* to PrintStream&.
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfileBase::dump):
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::dump):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::dumpChildren):
-
-2012-11-27  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation in JSValue.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/JSValue.h:
-
-2012-11-26  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG SetLocal should use forwardSpeculationCheck instead of its own half-baked version of same
-        https://bugs.webkit.org/show_bug.cgi?id=103353
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-
-        Made it possible to use forward speculations for most of the operand classes. Changed the conditional
-        direction parameter from being 'bool isForward' to an enum (SpeculationDirection). Changed SetLocal
-        to use forward speculations and got rid of its half-baked version of same.
-        
-        Also added the ability to force the DFG's disassembler to dump all nodes, even ones that are dead.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dump):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (JSC::DFG::SpeculativeJIT::fillStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateIntegerOperand::gpr):
-        (SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::fpr):
-        (SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
-        (JSC::DFG::SpeculateCellOperand::gpr):
-        (SpeculateCellOperand):
-        (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
-        (JSC::DFG::SpeculateBooleanOperand::gpr):
-        (SpeculateBooleanOperand):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Options.h:
-        (JSC):
-
-2012-11-26  Daniel Bates  <dbates@webkit.org>
-
-        Substitute "allSeparators8Bit" for "allSeperators8Bit" in JSC::jsSpliceSubstringsWithSeparators()
-        <https://bugs.webkit.org/show_bug.cgi?id=103303>
-
-        Reviewed by Simon Fraser.
-
-        Fix misspelled word, "Seperators" [sic], in a local variable name in JSC::jsSpliceSubstringsWithSeparators().
-
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators):
-
-2012-11-26  Daniel Bates  <dbates@webkit.org>
-
-        JavaScript fails to handle String.replace() with large replacement string
-        https://bugs.webkit.org/show_bug.cgi?id=102956
-        <rdar://problem/12738012>
-
-        Reviewed by Oliver Hunt.
-
-        Fix an issue where we didn't check for overflow when computing the length
-        of the result of String.replace() with a large replacement string.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators):
-
-2012-11-26  Zeno Albisser  <zeno@webkit.org>
-
-        [Qt] Fix the LLInt build on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=97587
-
-        Reviewed by Simon Hausmann.
-
-        * DerivedSources.pri:
-        * JavaScriptCore.pro:
-
-2012-11-26  Oliver Hunt  <oliver@apple.com>
-
-        32-bit build fix.  Move the method decalration outside of the X86_64 only section.
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::shouldConsiderBlinding):
-
-2012-11-26  Oliver Hunt  <oliver@apple.com>
-
-        Don't blind all the things.
-        https://bugs.webkit.org/show_bug.cgi?id=102572
-
-        Reviewed by Gavin Barraclough.
-
-        No longer blind all the constants in the instruction stream.  We use a
-        simple non-deterministic filter to avoid blinding everything.  Also modified
-        the basic integer blinding logic to avoid blinding small negative values.
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::shouldConsiderBlinding):
-        (JSC::MacroAssembler::shouldBlind):
-
-2012-11-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSObject::copyButterfly doesn't handle undecided indexing types correctly
-        https://bugs.webkit.org/show_bug.cgi?id=102573
-
-        Reviewed by Filip Pizlo.
-
-        We don't do any copying into the newly allocated vector and we don't zero-initialize CopiedBlocks 
-        during the copying phase, so we end up with uninitialized memory in arrays which have undecided indexing 
-        types. We should just do the actual memcpy from the old block to the new one. 
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::copyButterfly): Just do the same thing that we do for other contiguous indexing types.
-
-2012-11-26  Julien BRIANCEAU   <jbrianceau@nds.com>
-
-        [sh4] JavaScriptCore JIT build is broken since r135330
-        Add missing implementation for sh4 arch.
-        https://bugs.webkit.org/show_bug.cgi?id=103145
-
-        Reviewed by Oliver Hunt.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranchPtrWithPatch):
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::startOfBranchPtrWithPatchOnRegister):
-        (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch):
-        (JSC::MacroAssemblerSH4::startOfPatchableBranchPtrWithPatchOnAddress):
-        (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranchPtrWithPatch):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::revertJump):
-        (SH4Assembler):
-        (JSC::SH4Assembler::printInstr):
-
-2012-11-26  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Use load64 instead of loadPtr to load a JSValue on JSVALUE64 platforms
-        https://bugs.webkit.org/show_bug.cgi?id=100909
-
-        Reviewed by Brent Fulgham.
-
-        This is a (trivial) fix after r132701.
-
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-
-2012-11-26  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        [Qt][ARM] REGRESSION(r130826): It made 33 JSC test and 466 layout tests crash
-        https://bugs.webkit.org/show_bug.cgi?id=98857
-
-        Reviewed by Zoltan Herczeg.
-
-        Implement a new version of patchableBranch32 to fix crashing JSC
-        tests.
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::patchableBranch32):
-        (MacroAssemblerARM):
-
-2012-11-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Any function that can log things should be able to easily log them to a memory buffer as well
-        https://bugs.webkit.org/show_bug.cgi?id=103000
-
-        Reviewed by Sam Weinig.
-
-        Change all users of WTF::dataFile() to expect a PrintStream& rather than a FILE*.
-
-        * bytecode/Operands.h:
-        (JSC::OperandValueTraits::dump):
-        (JSC::dumpOperands):
-        (JSC):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::dump):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGCommon.h:
-        (JSC::DFG::NodeIndexTraits::dump):
-        * dfg/DFGStructureAbstractValue.h:
-        (JSC::DFG::StructureAbstractValue::dump):
-        * dfg/DFGVariableEvent.cpp:
-        (JSC::DFG::VariableEvent::dump):
-        (JSC::DFG::VariableEvent::dumpFillInfo):
-        (JSC::DFG::VariableEvent::dumpSpillInfo):
-        * dfg/DFGVariableEvent.h:
-        (VariableEvent):
-        * disassembler/Disassembler.h:
-        (JSC):
-        (JSC::tryToDisassemble):
-        * disassembler/UDis86Disassembler.cpp:
-        (JSC::tryToDisassemble):
-
-2012-11-23  Alexis Menard  <alexis@webkit.org>
-
-        [CSS3 Backgrounds and Borders] Implement new CSS3 background-position parsing.
-        https://bugs.webkit.org/show_bug.cgi?id=102104
-
-        Reviewed by Julien Chaffraix.
-
-        Protect the new feature behind a feature flag.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-11-23  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        Fix the ARM traditional build after r135330
-        https://bugs.webkit.org/show_bug.cgi?id=102871
-
-        Reviewed by Zoltan Herczeg.
-
-        Added missing functionality to traditional ARM architecture.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::revertJump):
-        (ARMAssembler):
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatchOnAddress):
-        (JSC::MacroAssemblerARM::startOfBranchPtrWithPatchOnRegister):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::revertJumpReplacementToBranchPtrWithPatch):
-
-2012-11-16  Yury Semikhatsky  <yurys@chromium.org>
-
-        Memory instrumentation: extract MemoryObjectInfo declaration into a separate file
-        https://bugs.webkit.org/show_bug.cgi?id=102510
-
-        Reviewed by Pavel Feldman.
-
-        Added new symbols for the methods that have moved into .../wtf/MemoryInstrumentation.cpp
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-11-23  Julien BRIANCEAU   <jbrianceau@nds.com>
-
-        [sh4] JavaScriptCore JIT build is broken since r130839
-        Add missing implementation for sh4 arch.
-        https://bugs.webkit.org/show_bug.cgi?id=101479
-
-        Reviewed by Filip Pizlo.
-
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::load8Signed):
-        (MacroAssemblerSH4):
-        (JSC::MacroAssemblerSH4::load16Signed):
-        (JSC::MacroAssemblerSH4::store8):
-        (JSC::MacroAssemblerSH4::store16):
-        (JSC::MacroAssemblerSH4::moveDoubleToInts):
-        (JSC::MacroAssemblerSH4::moveIntsToDouble):
-        (JSC::MacroAssemblerSH4::loadFloat):
-        (JSC::MacroAssemblerSH4::loadDouble):
-        (JSC::MacroAssemblerSH4::storeFloat):
-        (JSC::MacroAssemblerSH4::storeDouble):
-        (JSC::MacroAssemblerSH4::addDouble):
-        (JSC::MacroAssemblerSH4::convertFloatToDouble):
-        (JSC::MacroAssemblerSH4::convertDoubleToFloat):
-        (JSC::MacroAssemblerSH4::urshift32):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::sublRegReg):
-        (JSC::SH4Assembler::subvlRegReg):
-        (JSC::SH4Assembler::floatfpulfrn):
-        (JSC::SH4Assembler::fldsfpul):
-        (JSC::SH4Assembler::fstsfpul):
-        (JSC::SH4Assembler::dcnvsd):
-        (SH4Assembler):
-        (JSC::SH4Assembler::movbRegMem):
-        (JSC::SH4Assembler::sizeOfConstantPool):
-        (JSC::SH4Assembler::linkJump):
-        (JSC::SH4Assembler::printInstr):
-        (JSC::SH4Assembler::printBlockInstr):
-
-2012-11-22  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        Fix the MIPS build after r135330
-        https://bugs.webkit.org/show_bug.cgi?id=102872
-
-        Reviewed by Gavin Barraclough.
-
-        Revert/replace functions added to MIPS port.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::revertJumpToMove):
-        (MIPSAssembler):
-        (JSC::MIPSAssembler::replaceWithJump):
-        * assembler/MacroAssemblerMIPS.h:
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::startOfBranchPtrWithPatchOnRegister):
-        (JSC::MacroAssemblerMIPS::revertJumpReplacementToBranchPtrWithPatch):
-        (JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatchOnAddress):
-
-2012-11-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Rename dataLog() and dataLogV() to dataLogF() and dataLogFV()
-        https://bugs.webkit.org/show_bug.cgi?id=103001
-
-        Rubber stamped by Dan Bernstein.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::finalizeCodeWithDisassembly):
-        (JSC::LinkBuffer::dumpLinkStatistics):
-        (JSC::LinkBuffer::dumpCode):
-        * assembler/LinkBuffer.h:
-        (JSC):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::vprintfStdoutInstr):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dumpBytecodeCommentAndNewLine):
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::dumpStructure):
-        (JSC::dumpChain):
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::CodeBlock::printStructure):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::dumpStatistics):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::resetStubInternal):
-        (JSC::CodeBlock::reoptimize):
-        (JSC::ProgramCodeBlock::jettison):
-        (JSC::EvalCodeBlock::jettison):
-        (JSC::FunctionCodeBlock::jettison):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        (JSC::CodeBlock::tallyFrequentExitSites):
-        (JSC::CodeBlock::dumpValueProfiles):
-        * bytecode/Opcode.cpp:
-        (JSC::OpcodeStats::~OpcodeStats):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingFlags::stop):
-        (JSC::SamplingRegion::dumpInternal):
-        (JSC::SamplingTool::dump):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::initialize):
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::mergeStateAtTail):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
-        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-        (JSC::DFG::ByteCodeParser::makeSafe):
-        (JSC::DFG::ByteCodeParser::makeDivSafe):
-        (JSC::DFG::ByteCodeParser::handleCall):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::processPhiStack):
-        (JSC::DFG::ByteCodeParser::linkBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parseCodeBlock):
-        (JSC::DFG::ByteCodeParser::parse):
-        * dfg/DFGCFAPhase.cpp:
-        (JSC::DFG::CFAPhase::performBlockCFA):
-        (JSC::DFG::CFAPhase::performForwardCFA):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
-        (JSC::DFG::CFGSimplificationPhase::fixPhis):
-        (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
-        (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::endIndexForPureCSE):
-        (JSC::DFG::CSEPhase::setReplacement):
-        (JSC::DFG::CSEPhase::eliminate):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGCapabilities.cpp:
-        (JSC::DFG::debugFail):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dump):
-        * dfg/DFGDriver.cpp:
-        (JSC::DFG::compile):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::printWhiteSpace):
-        (JSC::DFG::Graph::dumpCodeOrigin):
-        (JSC::DFG::Graph::dump):
-        (JSC::DFG::Graph::dumpBlockHeader):
-        (JSC::DFG::Graph::predictArgumentTypes):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGPhase.cpp:
-        (JSC::DFG::Phase::beginPhase):
-        * dfg/DFGPhase.h:
-        (JSC::DFG::runAndLog):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::propagateForward):
-        (JSC::DFG::PredictionPropagationPhase::propagateBackward):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::dump):
-        * dfg/DFGScoreBoard.h:
-        (JSC::DFG::ScoreBoard::use):
-        (JSC::DFG::ScoreBoard::dump):
-        * dfg/DFGSlowPathGenerator.h:
-        (JSC::DFG::SlowPathGenerator::generate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
-        (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecutionWithConditionalDirection):
-        (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):
-        (JSC::DFG::SpeculativeJIT::dump):
-        (JSC::DFG::SpeculativeJIT::checkConsistency):
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * dfg/DFGValidate.cpp:
-        (Validate):
-        (JSC::DFG::Validate::reportValidationContext):
-        (JSC::DFG::Validate::dumpData):
-        (JSC::DFG::Validate::dumpGraphIfAppropriate):
-        * dfg/DFGVariableEventStream.cpp:
-        (JSC::DFG::VariableEventStream::logEvent):
-        (JSC::DFG::VariableEventStream::reconstruct):
-        * dfg/DFGVirtualRegisterAllocationPhase.cpp:
-        (JSC::DFG::VirtualRegisterAllocationPhase::run):
-        * heap/Heap.cpp:
-        * heap/HeapStatistics.cpp:
-        (JSC::HeapStatistics::logStatistics):
-        (JSC::HeapStatistics::showObjectStatistics):
-        * heap/MarkStack.h:
-        * heap/MarkedBlock.h:
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::validate):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::dumpCaller):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dump):
-        (JSC::JITDisassembler::dumpForInstructions):
-        * jit/JITStubRoutine.h:
-        (JSC):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JumpReplacementWatchpoint.cpp:
-        (JSC::JumpReplacementWatchpoint::fireInternal):
-        * llint/LLIntExceptions.cpp:
-        (JSC::LLInt::interpreterThrowInCaller):
-        (JSC::LLInt::returnToThrow):
-        (JSC::LLInt::callToThrow):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::llint_trace_operand):
-        (JSC::LLInt::llint_trace_value):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::traceFunctionPrologue):
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        (JSC::LLInt::entryOSR):
-        (JSC::LLInt::handleHostCall):
-        (JSC::LLInt::setUpCall):
-        * profiler/Profile.cpp:
-        (JSC::Profile::debugPrintData):
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * profiler/ProfileNode.cpp:
-        (JSC::ProfileNode::debugPrintData):
-        (JSC::ProfileNode::debugPrintDataSampleStyle):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::dumpRegExpTrace):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::matchCompareWithInterpreter):
-        * runtime/SamplingCounter.cpp:
-        (JSC::AbstractSamplingCounter::dump):
-        * runtime/Structure.cpp:
-        (JSC::Structure::dumpStatistics):
-        (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
-        * tools/CodeProfile.cpp:
-        (JSC::CodeProfile::report):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::dumpInternal):
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::dumpDisjunction):
-
-2012-11-21  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to say disassemble(stuff) instead of having to say if (!tryToDisassemble(stuff)) dataLog("I failed")
-        https://bugs.webkit.org/show_bug.cgi?id=103010
-
-        Reviewed by Anders Carlsson.
-
-        You can still say tryToDisassemble(), which will tell you if it failed; you can then
-        decide what to do instead. But it's better to say disassemble(), which will just print
-        the instruction ranges if tryToDisassemble() failed. This is particularly appropriate
-        since that's what all previous users of tryToDisassemble() would have done in some
-        form or another.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::finalizeCodeWithDisassembly):
-        * dfg/DFGDisassembler.cpp:
-        (JSC::DFG::Disassembler::dumpDisassembly):
-        * disassembler/Disassembler.cpp: Added.
-        (JSC):
-        (JSC::disassemble):
-        * disassembler/Disassembler.h:
-        (JSC):
-        * jit/JITDisassembler.cpp:
-        (JSC::JITDisassembler::dumpDisassembly):
-
-2012-11-21  Filip Pizlo  <fpizlo@apple.com>
-
-        dumpOperands() claims that it needs a non-const Operands& when that is completely false
-        https://bugs.webkit.org/show_bug.cgi?id=103005
-
-        Reviewed by Eric Carlson.
-
-        * bytecode/Operands.h:
-        (JSC::dumpOperands):
-        (JSC):
-
-2012-11-20  Filip Pizlo  <fpizlo@apple.com>
-
-        Baseline JIT's disassembly should be just as pretty as the DFG's
-        https://bugs.webkit.org/show_bug.cgi?id=102873
-
-        Reviewed by Sam Weinig.
-
-        Integrated the CodeBlock's bytecode dumper with the JIT's disassembler. Also fixed
-        some type goof-ups (instructions are not in a Vector<Instruction> so using a Vector
-        iterator makes no sense) and stream-lined some things (you don't actually need a
-        full-fledged ExecState* to dump bytecode).
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printUnaryOp):
-        (JSC::CodeBlock::printBinaryOp):
-        (JSC::CodeBlock::printConditionalJump):
-        (JSC::CodeBlock::printGetByIdOp):
-        (JSC::CodeBlock::printCallOp):
-        (JSC::CodeBlock::printPutByIdOp):
-        (JSC::CodeBlock::dump):
-        (JSC):
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpCallFrame):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITDisassembler.cpp: Added.
-        (JSC):
-        (JSC::JITDisassembler::JITDisassembler):
-        (JSC::JITDisassembler::~JITDisassembler):
-        (JSC::JITDisassembler::dump):
-        (JSC::JITDisassembler::dumpForInstructions):
-        (JSC::JITDisassembler::dumpDisassembly):
-        * jit/JITDisassembler.h: Added.
-        (JSC):
-        (JITDisassembler):
-        (JSC::JITDisassembler::setStartOfCode):
-        (JSC::JITDisassembler::setForBytecodeMainPath):
-        (JSC::JITDisassembler::setForBytecodeSlowPath):
-        (JSC::JITDisassembler::setEndOfSlowPath):
-        (JSC::JITDisassembler::setEndOfCode):
-
-2012-11-21  Daniel Bates  <dbates@webkit.org>
-
-        JavaScript fails to concatenate large strings
-        <https://bugs.webkit.org/show_bug.cgi?id=102963>
-
-        Reviewed by Michael Saboff.
-
-        Fixes an issue where we inadvertently didn't check the length of
-        a JavaScript string for overflow.
-
-        * runtime/Operations.h:
-        (JSC::jsString):
-        (JSC::jsStringFromArguments):
-
-2012-11-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to cache closure calls (part 2/2)
-        https://bugs.webkit.org/show_bug.cgi?id=102662
-
-        Reviewed by Gavin Barraclough.
-
-        Added caching of calls where the JSFunction* varies, but the Structure* and ExecutableBase*
-        stay the same. This is accomplished by replacing the branch that compares against a constant
-        JSFunction* with a jump to a closure call stub. The closure call stub contains a fast path,
-        and jumps slow directly to the virtual call thunk.
-
-        Looks like a 1% win on V8v7.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CallLinkInfo.cpp:
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/CallLinkInfo.h:
-        (CallLinkInfo):
-        (JSC::CallLinkInfo::isLinked):
-        (JSC::getCallLinkInfoBytecodeIndex):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC):
-        (JSC::CodeBlock::findClosureCallForReturnPC):
-        (JSC::CodeBlock::bytecodeOffset):
-        (JSC::CodeBlock::codeOriginForReturn):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getCallLinkInfo):
-        (CodeBlock):
-        (JSC::CodeBlock::isIncomingCallAlreadyLinked):
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::addJSCall):
-        (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
-        (JSCallRecord):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::linkSlowFor):
-        (DFG):
-        (JSC::DFG::dfgLinkFor):
-        (JSC::DFG::dfgLinkSlowFor):
-        (JSC::DFG::dfgLinkClosureCall):
-        * dfg/DFGRepatch.h:
-        (DFG):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        * dfg/DFGThunks.cpp:
-        (DFG):
-        (JSC::DFG::linkClosureCallThunkGenerator):
-        * dfg/DFGThunks.h:
-        (DFG):
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::jitStubRoutines):
-        * heap/JITStubRoutineSet.h:
-        (JSC::JITStubRoutineSet::size):
-        (JSC::JITStubRoutineSet::at):
-        (JITStubRoutineSet):
-        * jit/ClosureCallStubRoutine.cpp: Added.
-        (JSC):
-        (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
-        (JSC::ClosureCallStubRoutine::~ClosureCallStubRoutine):
-        (JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):
-        * jit/ClosureCallStubRoutine.h: Added.
-        (JSC):
-        (ClosureCallStubRoutine):
-        (JSC::ClosureCallStubRoutine::structure):
-        (JSC::ClosureCallStubRoutine::executable):
-        (JSC::ClosureCallStubRoutine::codeOrigin):
-        * jit/GCAwareJITStubRoutine.cpp:
-        (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
-        * jit/GCAwareJITStubRoutine.h:
-        (GCAwareJITStubRoutine):
-        (JSC::GCAwareJITStubRoutine::isClosureCall):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-
-2012-11-20  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to cache closure calls (part 1/2)
-        https://bugs.webkit.org/show_bug.cgi?id=102662
-
-        Reviewed by Gavin Barraclough.
-
-        Add ability to revert a jump replacement back to
-        branchPtrWithPatch(Condition, RegisterID, TrustedImmPtr). This is meant to be
-        a mandatory piece of functionality for all assemblers. I also renamed some of
-        the functions for reverting jump replacements back to
-        patchableBranchPtrWithPatch(Condition, Address, TrustedImmPtr), so as to avoid
-        confusion.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::BadReg):
-        (ARMv7Assembler):
-        (JSC::ARMv7Assembler::revertJumpTo_movT3):
-        * assembler/LinkBuffer.h:
-        (JSC):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::startOfBranchPtrWithPatchOnRegister):
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatchOnAddress):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::startOfBranchPtrWithPatchOnRegister):
-        (MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatchOnAddress):
-        (JSC::MacroAssemblerX86::revertJumpReplacementToBranchPtrWithPatch):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::startOfBranchPtrWithPatchOnRegister):
-        (JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatchOnAddress):
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):
-        * assembler/RepatchBuffer.h:
-        (JSC::RepatchBuffer::startOfBranchPtrWithPatchOnRegister):
-        (RepatchBuffer):
-        (JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatchOnAddress):
-        (JSC::RepatchBuffer::revertJumpReplacementToBranchPtrWithPatch):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::revertJumpTo_cmpl_ir_force32):
-        (X86Assembler):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::replaceWithJump):
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-
-2012-11-20  Yong Li  <yoli@rim.com>
-
-        [ARMv7] Neither linkCall() nor linkPointer() should flush code.
-        https://bugs.webkit.org/show_bug.cgi?id=99213
-
-        Reviewed by George Staikos.
-
-        LinkBuffer doesn't need to flush code during linking. It will
-        eventually flush the whole executable. Fixing this gives >%5
-        sunspider boost (on QNX).
-
-        Also make replaceWithLoad() and replaceWithAddressComputation() flush
-        only when necessary.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::linkCall):
-        (JSC::ARMv7Assembler::linkPointer):
-        (JSC::ARMv7Assembler::relinkCall):
-        (JSC::ARMv7Assembler::repatchInt32):
-        (JSC::ARMv7Assembler::repatchPointer):
-        (JSC::ARMv7Assembler::replaceWithLoad): Flush only after it did write.
-        (JSC::ARMv7Assembler::replaceWithAddressComputation): Flush only after it did write.
-        (JSC::ARMv7Assembler::setInt32):
-        (JSC::ARMv7Assembler::setPointer):
-
-2012-11-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Remove support for ARMv7 errata from the jump code
-        https://bugs.webkit.org/show_bug.cgi?id=102759
-
-        Reviewed by Oliver Hunt.
-
-        The jump replacement code was wrong to begin with since it wasn't doing
-        a cache flush on the inserted padding. And, to my knowledge, we don't need
-        this anymore, so this patch removes all errata code from the ARMv7 port.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::computeJumpType):
-        (JSC::ARMv7Assembler::replaceWithJump):
-        (JSC::ARMv7Assembler::maxJumpReplacementSize):
-        (JSC::ARMv7Assembler::canBeJumpT3):
-        (JSC::ARMv7Assembler::canBeJumpT4):
-
-2012-11-19  Patrick Gansterer  <paroga@webkit.org>
-
-        [CMake] Create JavaScriptCore ForwardingHeaders
-        https://bugs.webkit.org/show_bug.cgi?id=92665
-
-        Reviewed by Brent Fulgham.
-
-        When using CMake to build the Windows port, we need
-        to generate the forwarding headers with it too.
-
-        * CMakeLists.txt:
-
-2012-11-19  Kihong Kwon  <kihong.kwon@samsung.com>
-
-        Add PROXIMITY_EVENTS feature
-        https://bugs.webkit.org/show_bug.cgi?id=102658
-
-        Reviewed by Kentaro Hara.
-
-        Add PROXIMITY_EVENTS feature to xcode project for JavaScriptCore.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-11-18  Dan Bernstein  <mitz@apple.com>
-
-        Try to fix the DFG build after r135099.
-
-        * dfg/DFGCommon.h:
-        (JSC::DFG::shouldShowDisassembly):
-
-2012-11-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, build fix for !ENABLE(DFG_JIT).
-
-        * dfg/DFGCommon.h:
-        (JSC::DFG::shouldShowDisassembly):
-        (DFG):
-
-2012-11-18  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should have more logging in structure-related code
-        https://bugs.webkit.org/show_bug.cgi?id=102630
-
-        Reviewed by Simon Fraser.
-
-        - JSValue::description() now tells you if something is a structure, and if so,
-          what kind of structure it is.
-        
-        - Jettisoning logic now tells you why things are being jettisoned.
-        
-        - It's now possible to turn off GC-triggered jettisoning entirely.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::reoptimize):
-        (JSC::ProgramCodeBlock::jettison):
-        (JSC::EvalCodeBlock::jettison):
-        (JSC::FunctionCodeBlock::jettison):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/Options.h:
-        (JSC):
-
-2012-11-18  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG constant folding phase should say 'changed = true' whenever it changes the graph
-        https://bugs.webkit.org/show_bug.cgi?id=102550
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-
-2012-11-17  Elliott Sprehn  <esprehn@chromium.org>
-
-        Expose JSObject removeDirect and PrivateName to WebCore
-        https://bugs.webkit.org/show_bug.cgi?id=102546
-
-        Reviewed by Geoffrey Garen.
-
-        Export removeDirect for use in WebCore so JSDependentRetained works.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-11-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Given a PutById or GetById with a proven structure, the DFG should be able to emit a PutByOffset or GetByOffset instead
-        https://bugs.webkit.org/show_bug.cgi?id=102327
-
-        Reviewed by Mark Hahnenberg.
-
-        If the profiler tells us that a GetById or PutById may be polymorphic but our
-        control flow analysis proves that it isn't, we should trust the control flow
-        analysis over the profiler. This arises in cases where GetById or PutById were
-        inlined: the inlined function may have been called from other places that led
-        to polymorphism, but in the current inlined context, there is no polymorphism.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFor):
-        (JSC):
-        * bytecode/GetByIdStatus.h:
-        (JSC::GetByIdStatus::GetByIdStatus):
-        (GetByIdStatus):
-        * bytecode/PutByIdStatus.cpp:
-        (JSC::PutByIdStatus::computeFor):
-        (JSC):
-        * bytecode/PutByIdStatus.h:
-        (JSC):
-        (JSC::PutByIdStatus::PutByIdStatus):
-        (PutByIdStatus):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::bestProvenStructure):
-        (AbstractValue):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
-        (ConstantFoldingPhase):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToGetByOffset):
-        (Node):
-        (JSC::DFG::Node::convertToPutByOffset):
-        (JSC::DFG::Node::hasStorageResult):
-        * runtime/JSGlobalObject.h:
-        (JSC::Structure::prototypeChain):
-        (JSC):
-        (JSC::Structure::isValid):
-        * runtime/Operations.h:
-        (JSC::isPrototypeChainNormalized):
-        (JSC):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::transitionDidInvolveSpecificValue):
-
-2012-11-16  Tony Chang  <tony@chromium.org>
-
-        Remove ENABLE_CSS_HIERARCHIES since it's no longer in use
-        https://bugs.webkit.org/show_bug.cgi?id=102554
-
-        Reviewed by Andreas Kling.
-
-        As mentioned in https://bugs.webkit.org/show_bug.cgi?id=79939#c41 ,
-        we're going to revist this feature once additional vendor support is
-        achieved.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-11-16  Patrick Gansterer  <paroga@webkit.org>
-
-        Build fix for WinCE after r133688.
-
-        Use numeric_limits<uint32_t>::max() instead of UINT32_MAX.
-
-        * runtime/CodeCache.h:
-        (JSC::CacheMap::CacheMap):
-
-2012-11-15  Filip Pizlo  <fpizlo@apple.com>
-
-        ClassInfo.h should have correct indentation.
-
-        Rubber stamped by Mark Hahnenberg.
-
-        ClassInfo.h had some true creativity in its use of whitespace. Some things within
-        the namespace were indented four spaces and others where not. One #define had its
-        contents indented four spaces, while another didn't. I applied the following rule:
-        
-        - Non-macro things in the namespace should not be indented (that's our current
-          accepted practice).
-        
-        - Macros should never be indented but if they are multi-line then their subsequent
-          bodies should be indented four spaces. I believe that is consistent with what we
-          do elsewhere.
-
-        * runtime/ClassInfo.h:
-        (JSC):
-        (MethodTable):
-        (ClassInfo):
-        (JSC::ClassInfo::propHashTable):
-        (JSC::ClassInfo::isSubClassOf):
-        (JSC::ClassInfo::hasStaticProperties):
-
-2012-11-15  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should copy propagate trivially no-op ConvertThis
-        https://bugs.webkit.org/show_bug.cgi?id=102445
-
-        Reviewed by Oliver Hunt.
-
-        Copy propagation is always a good thing, since it reveals must-alias relationships
-        to the CFA and CSE. This accomplishes copy propagation for ConvertThis by first
-        converting it to an Identity node (which is done by the constant folder since it
-        has access to CFA results) and then performing substitution of references to
-        Identity with references to Identity's child in the CSE.
-        
-        I'm not aiming for a big speed-up here; I just think that this will be useful for
-        the work on https://bugs.webkit.org/show_bug.cgi?id=102327.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-11-15  Filip Pizlo  <fpizlo@apple.com>
-
-        CallData.h should have correct indentation.
-
-        Rubber stamped by Mark Hahneberg.
-
-        * runtime/CallData.h:
-        (JSC):
-
-2012-11-15  Filip Pizlo  <fpizlo@apple.com>
-
-        Remove methodCallDummy since it is not used anymore.
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-
-2012-11-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Structure should be able to easily tell if the prototype chain might intercept a store
-        https://bugs.webkit.org/show_bug.cgi?id=102326
-
-        Reviewed by Geoffrey Garen.
-
-        This improves our ability to reason about the correctness of the more optimized
-        prototype chain walk in JSObject::put(), while also making it straight forward to
-        check if the prototype chain will do strange things to a property store by just
-        looking at the structure.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::put):
-        * runtime/Structure.cpp:
-        (JSC::Structure::prototypeChainMayInterceptStoreTo):
-        (JSC):
-        * runtime/Structure.h:
-        (Structure):
-
-2012-11-15  Thiago Marcos P. Santos  <thiago.santos@intel.com>
-
-        [CMake] Do not regenerate LLIntAssembly.h on every incremental build
-        https://bugs.webkit.org/show_bug.cgi?id=102248
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Update LLIntAssembly.h's mtime after running asm.rb to make the build
-        system dependency tracking consistent.
-
-        * CMakeLists.txt:
-
-2012-11-15  Thiago Marcos P. Santos  <thiago.santos@intel.com>
-
-        Fix compiler warnings about signed/unsigned comparison on i386
-        https://bugs.webkit.org/show_bug.cgi?id=102249
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Add casting to unsigned to shut up gcc warnings. Build was broken on
-        JSVALUE32_64 ports compiling with -Werror.
-
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions):
-
-2012-11-14  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows, WinCairo] Unreviewed build fix.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        Missed one of the exports that was part of the WebKit2.def.
-
-2012-11-14  Brent Fulgham  <bfulgham@webkit.org>
-
-        [Windows, WinCairo] Correct build failure.
-        https://bugs.webkit.org/show_bug.cgi?id=102302
-
-        WebCore symbols were mistakenly added to the JavaScriptCore
-        library definition file.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove
-        WebCore symbols that were incorrectly added to the export file.
-
-2012-11-14  Mark Lam  <mark.lam@apple.com>
-
-        Change JSEventListener::m_jsFunction to be a weak ref.
-        https://bugs.webkit.org/show_bug.cgi?id=101989.
-
-        Reviewed by Geoffrey Garen.
-
-        Added infrastructure for scanning weak ref slots.
-
-        * heap/SlotVisitor.cpp: Added #include "SlotVisitorInlines.h".
-        * heap/SlotVisitor.h:
-        (SlotVisitor): Added SlotVisitor::appendUnbarrieredWeak().
-        * heap/SlotVisitorInlines.h: Added #include "Weak.h".
-        (JSC::SlotVisitor::appendUnbarrieredWeak): Added.
-        * heap/Weak.h:
-        (JSC::operator==): Added operator==() for Weak.
-        * runtime/JSCell.h: Removed #include "SlotVisitorInlines.h".
-        * runtime/JSObject.h: Added #include "SlotVisitorInlines.h".
-
-2012-11-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Read-only properties created with putDirect() should tell the structure that there are read-only properties
-        https://bugs.webkit.org/show_bug.cgi?id=102292
-
-        Reviewed by Gavin Barraclough.
-
-        This mostly affects things like function.length.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-
-2012-11-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Don't access Node& after adding nodes to the graph.
-        https://bugs.webkit.org/show_bug.cgi?id=102005
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2012-11-14  Valery Ignatyev  <valery.ignatyev@ispras.ru>
-
-        Replace (typeof(x) != <"object", "undefined", ...>) with
-        !(typeof(x) == <"object",..>). Later is_object, is_<...>  bytecode operation
-        will be used.
-
-        https://bugs.webkit.org/show_bug.cgi?id=98893
-
-        Reviewed by Filip Pizlo.
-
-        This eliminates expensive  typeof implementation and
-        allows to use DFG optimizations, which doesn't support 'typeof'.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BinaryOpNode::emitBytecode):
-
-2012-11-14  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        [Qt][ARM]REGRESSION(r133985): It broke the build
-        https://bugs.webkit.org/show_bug.cgi?id=101740
-
-        Reviewed by Csaba Osztrogonác.
-
-        Changed the emitGenericContiguousPutByVal to accept the additional IndexingType argument.
-        This information was passed as a template parameter.        
-
-        * jit/JIT.h:
-        (JSC::JIT::emitInt32PutByVal):
-        (JSC::JIT::emitDoublePutByVal):
-        (JSC::JIT::emitContiguousPutByVal):
-        (JIT):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitGenericContiguousPutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emitGenericContiguousPutByVal):
-
-2012-11-14  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Fix the MIPS build after r134332
-        https://bugs.webkit.org/show_bug.cgi?id=102227
-
-        Reviewed by Csaba Osztrogonác.
-
-        Added missing methods for the MacroAssemblerMIPS, based on the MacroAssemblerARMv7.
-
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::canJumpReplacePatchableBranchPtrWithPatch):
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::startOfPatchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerMIPS::revertJumpReplacementToPatchableBranchPtrWithPatch):
-
-2012-11-14  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Fix the [-Wreturn-type] warning in JavaScriptCore/assembler/MacroAssemblerARM.h
-        https://bugs.webkit.org/show_bug.cgi?id=102206
-
-        Reviewed by Csaba Osztrogonác.
-
-        Add a return value for the function to suppress the warning.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch):
-
-2012-11-14  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r134599.
-        http://trac.webkit.org/changeset/134599
-        https://bugs.webkit.org/show_bug.cgi?id=102225
-
-        It broke the 32 bit EFL build (Requested by Ossy on #webkit).
-
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC):
-        (JSC::JIT::emitGenericContiguousPutByVal):
-
-2012-11-14  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        [Qt][ARM]REGRESSION(r133985): It broke the build
-        https://bugs.webkit.org/show_bug.cgi?id=101740
-
-        Reviewed by Csaba Osztrogonác.
-
-        Template function body moved to fix VALUE_PROFILER disabled case.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC):
-        (JSC::JIT::emitGenericContiguousPutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-
-2012-11-13  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG CreateThis should be able to statically account for the structure of the object it creates, if profiling indicates that this structure is always the same
-        https://bugs.webkit.org/show_bug.cgi?id=102017
-
-        Reviewed by Geoffrey Garen.
-
-        This adds a watchpoint in JSFunction on the cached inheritor ID. It also changes
-        NewObject to take a structure as an operand (previously it implicitly used the owning
-        global object's empty object structure). Any GetCallee where the callee is predictable
-        is turned into a CheckFunction + WeakJSConstant, and any CreateThis on a WeakJSConstant
-        where the inheritor ID watchpoint is still valid is turned into an InheritorIDWatchpoint
-        followed by a NewObject. NewObject already accounts for the structure it uses for object
-        creation in the CFA.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::checkFunctionElimination):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasFunction):
-        (JSC::DFG::Node::function):
-        (JSC::DFG::Node::hasStructure):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/Executable.h:
-        (JSC::JSFunction::JSFunction):
-        * runtime/JSBoundFunction.cpp:
-        (JSC):
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::put):
-        (JSC::JSFunction::defineOwnProperty):
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::tryGetKnownInheritorID):
-        (JSFunction):
-        (JSC::JSFunction::addInheritorIDWatchpoint):
-
-2012-11-13  Filip Pizlo  <fpizlo@apple.com>
-
-        JSFunction and its descendants should be destructible
-        https://bugs.webkit.org/show_bug.cgi?id=102062
-
-        Reviewed by Mark Hahnenberg.
-
-        This will make it easy to place an InlineWatchpointSet inside JSFunction. In the
-        future, we could make JSFunction non-destructible again by making a version of
-        WatchpointSet that is entirely GC'd, but this seems like overkill for now.
-        
-        This is performance-neutral.
-
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::destroy):
-        (JSC):
-        * runtime/JSBoundFunction.h:
-        (JSBoundFunction):
-        * runtime/JSFunction.cpp:
-        (JSC):
-        (JSC::JSFunction::destroy):
-        * runtime/JSFunction.h:
-        (JSFunction):
-
-2012-11-13  Cosmin Truta  <ctruta@rim.com>
-
-        Uninitialized fields in class JSLock
-        https://bugs.webkit.org/show_bug.cgi?id=101695
-
-        Reviewed by Mark Hahnenberg.
-
-        Initialize JSLock::m_ownerThread and JSLock::m_lockDropDepth.
-
-        * runtime/JSLock.cpp:
-        (JSC::JSLock::JSLock):
-
-2012-11-13  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Fix the ARM traditional build after r134332
-        https://bugs.webkit.org/show_bug.cgi?id=102044
-
-        Reviewed by Zoltan Herczeg.
-
-        Added missing methods for the MacroAssemblerARM, based on the MacroAssemblerARMv7.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::canJumpReplacePatchableBranchPtrWithPatch):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::startOfPatchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerARM::revertJumpReplacementToPatchableBranchPtrWithPatch):
-
-2012-11-12  Filip Pizlo  <fpizlo@apple.com>
-
-        op_get_callee should have value profiling
-        https://bugs.webkit.org/show_bug.cgi?id=102047
-
-        Reviewed by Sam Weinig.
-
-        This will allow us to detect if the callee is always the same, which is probably
-        the common case for a lot of constructors.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_callee):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_callee):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-11-12  Filip Pizlo  <fpizlo@apple.com>
-
-        The act of getting the callee during 'this' construction should be explicit in bytecode
-        https://bugs.webkit.org/show_bug.cgi?id=102016
-
-        Reviewed by Michael Saboff.
-
-        This is mostly a rollout of http://trac.webkit.org/changeset/116673, but also includes
-        changes to have create_this use the result of get_callee.
-        
-        No performance or behavioral impact. This is just meant to allow us to profile
-        get_callee in the future.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_get_callee):
-        (JSC):
-        (JSC::JIT::emit_op_create_this):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_get_callee):
-        (JSC):
-        (JSC::JIT::emit_op_create_this):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-
-2012-11-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix ARMv7 build.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch):
-
-2012-11-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Patching of jumps to stubs should use jump replacement rather than branch destination overwrite
-        https://bugs.webkit.org/show_bug.cgi?id=101909
-
-        Reviewed by Geoffrey Garen.
-
-        This saves a few instructions in inline cases, on those architectures where it is
-        easy to figure out where to put the jump replacement. Sub-1% speed-up across the
-        board.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::canJumpReplacePatchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::startOfPatchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranchPtrWithPatch):
-        * assembler/MacroAssemblerX86.h:
-        (JSC::MacroAssemblerX86::canJumpReplacePatchableBranchPtrWithPatch):
-        (MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::startOfPatchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerX86::revertJumpReplacementToPatchableBranchPtrWithPatch):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranchPtrWithPatch):
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::startOfPatchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranchPtrWithPatch):
-        * assembler/RepatchBuffer.h:
-        (JSC::RepatchBuffer::startOfPatchableBranchPtrWithPatch):
-        (RepatchBuffer):
-        (JSC::RepatchBuffer::replaceWithJump):
-        (JSC::RepatchBuffer::revertJumpReplacementToPatchableBranchPtrWithPatch):
-        * assembler/X86Assembler.h:
-        (X86Assembler):
-        (JSC::X86Assembler::revertJumpTo_movq_i64r):
-        (JSC::X86Assembler::revertJumpTo_cmpl_im_force32):
-        (X86InstructionFormatter):
-        * bytecode/StructureStubInfo.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::replaceWithJump):
-        (DFG):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-
-2012-11-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG ArithMul overflow check elimination is too aggressive
-        https://bugs.webkit.org/show_bug.cgi?id=101871
-
-        Reviewed by Oliver Hunt.
-
-        The code was ignoring the fact that ((a * b) | 0) == (((a | 0) * (b | 0)) | 0)
-        only holds if a * b < 2^53. So, I changed it to only enable the optimization
-        when a < 2^22 and b is an int32 (and vice versa), using a super trivial peephole
-        analysis to prove the inequality. I considered writing an epic forward flow
-        formulation that tracks the ranges of integer values but then I thought better
-        of it.
-        
-        This also rewires the ArithMul integer speculation logic. Previously, we would
-        assume that an ArithMul was only UsedAsNumber if it escaped, and separately we
-        would decide whether to speculate integer based on a proof of the <2^22
-        inequality. Now, we treat the double rounding behavior of ArithMul as if the
-        result was UsedAsNumber even if it did not escape. Then we try to prove that
-        double rounding cannot happen by attemping to prove that a < 2^22. This then
-        feeds back into the decision of whether or not to speculate integer (if we fail
-        to prove a < 2^22 then we're UsedAsNumber, and if we're also MayOverflow then
-        that forces double speculation).
-        
-        No performance impact. It just fixes a bug.
-
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::mulShouldSpeculateInteger):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
-        (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-11-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not emit function checks if we've already proved that the operand is that exact function
-        https://bugs.webkit.org/show_bug.cgi?id=101885
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::filterByValue):
-        (AbstractValue):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-
-2012-11-12  Kentaro Hara  <haraken@chromium.org>
-
-        [V8][JSC] ScriptProfileNode::callUID needs not to be [Custom]
-        https://bugs.webkit.org/show_bug.cgi?id=101892
-
-        Reviewed by Adam Barth.
-
-        Added callUID(), which enables us to kill custom bindings for ScriptProfileNode::callUID.
-
-        * profiler/ProfileNode.h:
-        (JSC::ProfileNode::callUID):
-
-2012-11-12  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header.
-
-2012-11-11  Michael Pruett  <michael@68k.org>
-
-        Fix assertion failure in JSObject::tryGetIndexQuickly()
-        https://bugs.webkit.org/show_bug.cgi?id=101869
-
-        Reviewed by Filip Pizlo.
-
-        Currently JSObject::tryGetIndexQuickly() triggers an assertion
-        failure when the object has an undecided indexing type. This
-        case should be treated the same as a blank indexing type.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::tryGetIndexQuickly):
-
-2012-11-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG register allocation should be greedy rather than round-robin
-        https://bugs.webkit.org/show_bug.cgi?id=101870
-
-        Reviewed by Geoffrey Garen.
-
-        This simplifies the code, reduces some code duplication, and shows some slight
-        performance improvements in a few places, likely due to the fact that lower-numered
-        registers also typically have smaller encodings.
-
-        * dfg/DFGRegisterBank.h:
-        (JSC::DFG::RegisterBank::RegisterBank):
-        (JSC::DFG::RegisterBank::tryAllocate):
-        (JSC::DFG::RegisterBank::allocate):
-        (JSC::DFG::RegisterBank::allocateInternal):
-        (RegisterBank):
-
-2012-11-11  Kenichi Ishibashi  <bashi@chromium.org>
-
-        WTFString::utf8() should have a mode of conversion to use replacement character
-        https://bugs.webkit.org/show_bug.cgi?id=101678
-
-        Reviewed by Alexey Proskuryakov.
-
-        Follow the change on String::utf8()
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode): Pass String::StrictConversion instead of true to String::utf8().
-
-2012-11-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should optimize out the NaN check on loads from double arrays if the array prototype chain is having a great time
-        https://bugs.webkit.org/show_bug.cgi?id=101718
-
-        Reviewed by Geoffrey Garen.
-
-        If we're reading from a JSArray in double mode, where the array's structure is
-        primordial (all aspects of the structure are unchanged except for indexing type),
-        and the result of the load is used in arithmetic that is known to not distinguish
-        between NaN and undefined, then we should not emit a NaN check. Looks like a 5%
-        win on navier-stokes.
-        
-        Also fixed an OpInfo initialization goof for String ops that was revealed by this
-        change.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::arraySpeculationToString):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::ArrayMode::isSaneChain):
-        (ArrayMode):
-        (JSC::DFG::ArrayMode::isInBounds):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNodeFlags.cpp:
-        (JSC::DFG::nodeFlagsAsString):
-        * dfg/DFGNodeFlags.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::arrayPrototypeChainIsSane):
-        (JSC):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-
-2012-11-10  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true
-        https://bugs.webkit.org/show_bug.cgi?id=101511
-
-        Reviewed by Geoffrey Garen.
-        
-        This is the second attempt at this patch, which fixes the !"" case.
-
-        To make life easier, this moves BranchDirection into BasicBlock so that after
-        running the CFA, we always know, for each block, what direction the CFA
-        proved. CFG simplification now both uses and preserves cfaBranchDirection in
-        its transformations.
-        
-        Also made both LogicalNot and Branch check whether the operand is a known cell
-        with a known structure, and if so, made them do the appropriate folding.
-        
-        5% speed-up on V8/raytrace because it makes raytrace's own null checks
-        evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact
-        that we were already doing structure check hoisting.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGBranchDirection.h: Added.
-        (DFG):
-        (JSC::DFG::branchDirectionToString):
-        (JSC::DFG::isKnownDirection):
-        (JSC::DFG::branchCondition):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2012-11-10  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r133971.
-        http://trac.webkit.org/changeset/133971
-        https://bugs.webkit.org/show_bug.cgi?id=101839
-
-        Causes WebProcess to hang at 100% on www.apple.com (Requested
-        by kling on #webkit).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractState.h:
-        (JSC::DFG::AbstractState::branchDirectionToString):
-        (AbstractState):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGBranchDirection.h: Removed.
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2012-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        If the DFG ArrayMode says that an access is on an OriginalArray, then the checks should always enforce this
-        https://bugs.webkit.org/show_bug.cgi?id=101720
-
-        Reviewed by Mark Hahnenberg.
-
-        Previously, "original" arrays was just a hint that we could find the structure
-        of the array if we needed to even if the array profile didn't have it due to
-        polymorphism. Now, "original" arrays are a property that is actually checked:
-        if an array access has ArrayMode::arrayClass() == Array::OriginalArray, then we
-        can be sure that the code performing the access is dealing with not just a
-        JSArray, but a JSArray that has no named properties, no indexed accessors, and
-        the ArrayPrototype as its prototype. This will be useful for optimizations that
-        are being done as part of https://bugs.webkit.org/show_bug.cgi?id=101720.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::originalArrayStructure):
-        (DFG):
-        (JSC::DFG::ArrayMode::alreadyChecked):
-        * dfg/DFGArrayMode.h:
-        (JSC):
-        (DFG):
-        (JSC::DFG::ArrayMode::withProfile):
-        (ArrayMode):
-        (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::checkArray):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
-
-2012-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of BooleanPrototype.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/BooleanPrototype.h:
-
-2012-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of BooleanObject.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/BooleanObject.h:
-
-2012-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of BooleanConstructor.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/BooleanConstructor.h:
-
-2012-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix indentation of BatchedTransitionOptimizer.h
-
-        Rubber stamped by Mark Hahnenberg.
-
-        * runtime/BatchedTransitionOptimizer.h:
-
-2012-11-09  Oliver Hunt  <oliver@apple.com>
-
-        So Thingy probably isn't the best name for a class, so
-        renamed to CacheMap.
-
-        RS=Geoff
-
-        * runtime/CodeCache.h:
-        (JSC::CacheMap::CacheMap):
-
-2012-11-09  Filip Pizlo  <fpizlo@apple.com>
-
-        ArrayPrototype should start out with a blank indexing type
-        https://bugs.webkit.org/show_bug.cgi?id=101719
-
-        Reviewed by Mark Hahnenberg.
-
-        This allows us to track if the array prototype ever ends up with indexed
-        properties.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::create):
-        (JSC::ArrayPrototype::ArrayPrototype):
-        * runtime/ArrayPrototype.h:
-        (ArrayPrototype):
-        (JSC::ArrayPrototype::createStructure):
-
-2012-11-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        MarkStackArray should use the BlockAllocator instead of the MarkStackSegmentAllocator
-        https://bugs.webkit.org/show_bug.cgi?id=101642
-
-        Reviewed by Filip Pizlo.
-
-        MarkStackSegmentAllocator is like a miniature version of the BlockAllocator. Now that the BlockAllocator has support 
-        for a variety of block sizes, we should get rid of the MarkStackSegmentAllocator in favor of the BlockAllocator.
-
-        * heap/BlockAllocator.h: Add new specializations of regionSetFor for the new MarkStackSegments.
-        (JSC):
-        (JSC::MarkStackSegment):
-        * heap/GCThreadSharedData.cpp:
-        (JSC::GCThreadSharedData::GCThreadSharedData):
-        (JSC::GCThreadSharedData::reset):
-        * heap/GCThreadSharedData.h:
-        (GCThreadSharedData):
-        * heap/MarkStack.cpp: 
-        (JSC::MarkStackArray::MarkStackArray): We now have a doubly linked list of MarkStackSegments, so we need to refactor 
-        all the places that used the old custom tail/previous logic.
-        (JSC::MarkStackArray::~MarkStackArray):
-        (JSC::MarkStackArray::expand):
-        (JSC::MarkStackArray::refill):
-        (JSC::MarkStackArray::donateSomeCellsTo): Refactor to use the new linked list.
-        (JSC::MarkStackArray::stealSomeCellsFrom): Ditto.
-        * heap/MarkStack.h:
-        (JSC):
-        (MarkStackSegment):
-        (JSC::MarkStackSegment::MarkStackSegment):
-        (JSC::MarkStackSegment::sizeFromCapacity):
-        (MarkStackArray):
-        * heap/MarkStackInlines.h:
-        (JSC::MarkStackSegment::create):
-        (JSC):
-        (JSC::MarkStackArray::postIncTop):
-        (JSC::MarkStackArray::preDecTop):
-        (JSC::MarkStackArray::setTopForFullSegment):
-        (JSC::MarkStackArray::setTopForEmptySegment):
-        (JSC::MarkStackArray::top):
-        (JSC::MarkStackArray::validatePrevious):
-        (JSC::MarkStackArray::append):
-        (JSC::MarkStackArray::removeLast):
-        (JSC::MarkStackArray::isEmpty):
-        (JSC::MarkStackArray::size):
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::SlotVisitor):
-
-2012-11-09  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        [Qt] r133953 broke the ARM_TRADITIONAL build
-        https://bugs.webkit.org/show_bug.cgi?id=101706
-
-        Reviewed by Csaba Osztrogonác.
-
-        Fix for both hardfp and softfp.
-
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-
-2012-11-09  Sheriff Bot  <webkit.review.bot@gmail.com>
-
-        Unreviewed, rolling out r134051.
-        http://trac.webkit.org/changeset/134051
-        https://bugs.webkit.org/show_bug.cgi?id=101757
-
-        It didn't fix the build (Requested by Ossy on #webkit).
-
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-
-2012-11-09  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        [Qt] r133953 broke the ARM_TRADITIONAL build
-        https://bugs.webkit.org/show_bug.cgi?id=101706
-
-        Reviewed by Csaba Osztrogonác.
-
-        Fix the ARM_TRADITIONAL build after r133953
-
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-
-2012-11-09  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] Fix the LLINT build from ARMv7 platform
-        https://bugs.webkit.org/show_bug.cgi?id=101712
-
-        Reviewed by Simon Hausmann.
-
-        Enable generating of LLIntAssembly.h on ARM platforms.
-
-        * DerivedSources.pri:
-        * JavaScriptCore.pro:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        ArrayPrototype.h should have correct indentation
-
-        Rubber stamped by Sam Weinig.
-
-        * runtime/ArrayPrototype.h:
-
-2012-11-08  Mark Lam  <mark.lam@apple.com>
-
-        Renamed ...InlineMethods.h files to ...Inlines.h.
-        https://bugs.webkit.org/show_bug.cgi?id=101145.
-
-        Reviewed by Geoffrey Garen.
-
-        This is only a refactoring effort to rename the files. There are no
-        functionality changes.
-
-        * API/JSObjectRef.cpp:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        * dfg/DFGOperations.cpp:
-        * heap/ConservativeRoots.cpp:
-        * heap/CopiedBlock.h:
-        * heap/CopiedSpace.cpp:
-        * heap/CopiedSpaceInlineMethods.h: Removed.
-        * heap/CopiedSpaceInlines.h: Copied from Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h.
-        * heap/CopyVisitor.cpp:
-        * heap/CopyVisitorInlineMethods.h: Removed.
-        * heap/CopyVisitorInlines.h: Copied from Source/JavaScriptCore/heap/CopyVisitorInlineMethods.h.
-        * heap/GCThread.cpp:
-        * heap/GCThreadSharedData.cpp:
-        * heap/HandleStack.cpp:
-        * heap/Heap.cpp:
-        * heap/HeapRootVisitor.h:
-        * heap/MarkStack.cpp:
-        * heap/MarkStackInlineMethods.h: Removed.
-        * heap/MarkStackInlines.h: Copied from Source/JavaScriptCore/heap/MarkStackInlineMethods.h.
-        * heap/SlotVisitor.cpp:
-        * heap/SlotVisitor.h:
-        * heap/SlotVisitorInlineMethods.h: Removed.
-        * heap/SlotVisitorInlines.h: Copied from Source/JavaScriptCore/heap/SlotVisitorInlineMethods.h.
-        * jit/HostCallReturnValue.cpp:
-        * jit/JIT.cpp:
-        * jit/JITArithmetic.cpp:
-        * jit/JITArithmetic32_64.cpp:
-        * jit/JITCall.cpp:
-        * jit/JITCall32_64.cpp:
-        * jit/JITInlineMethods.h: Removed.
-        * jit/JITInlines.h: Copied from Source/JavaScriptCore/jit/JITInlineMethods.h.
-        * jit/JITOpcodes.cpp:
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITPropertyAccess.cpp:
-        * jit/JITPropertyAccess32_64.cpp:
-        * jsc.cpp:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/ButterflyInlineMethods.h: Removed.
-        * runtime/ButterflyInlines.h: Copied from Source/JavaScriptCore/runtime/ButterflyInlineMethods.h.
-        * runtime/IndexingHeaderInlineMethods.h: Removed.
-        * runtime/IndexingHeaderInlines.h: Copied from Source/JavaScriptCore/runtime/IndexingHeaderInlineMethods.h.
-        * runtime/JSActivation.h:
-        * runtime/JSArray.cpp:
-        * runtime/JSArray.h:
-        * runtime/JSCell.h:
-        * runtime/JSObject.cpp:
-        * runtime/JSValueInlineMethods.h: Removed.
-        * runtime/JSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlineMethods.h.
-        * runtime/LiteralParser.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/Operations.h:
-        * runtime/RegExpMatchesArray.cpp:
-        * runtime/RegExpObject.cpp:
-        * runtime/StringPrototype.cpp:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        ArrayConstructor.h should have correct indentation
-
-        Rubber stamped by Sam Weinig.
-
-        * runtime/ArrayConstructor.h:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should know that int == null is always false
-        https://bugs.webkit.org/show_bug.cgi?id=101665
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Arguments.h should have correct indentation
-
-        Rubber stamped by Sam Weinig.
-
-        * runtime/Arguments.h:
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to JIT compile get_by_vals and put_by_vals even if the DFG is disabled.
-
-        Reviewed by Oliver Hunt.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::chooseArrayMode):
-
-2012-11-08  Filip Pizlo  <fpizlo@apple.com>
-
-        op_call should have LLInt call link info even if the DFG is disabled
-        https://bugs.webkit.org/show_bug.cgi?id=101672
-
-        Reviewed by Oliver Hunt.
-
-        Get rid of the evil uses of fall-through.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2012-11-08  Oliver Hunt  <oliver@apple.com>
-
-        Improve effectiveness of function-level caching
-        https://bugs.webkit.org/show_bug.cgi?id=101667
-
-        Reviewed by Filip Pizlo.
-
-        Added a random-eviction based cache for unlinked functions, and switch
-        UnlinkedFunctionExecutable's code references to Weak<>, thereby letting
-        us remove the explicit UnlinkedFunctionExecutable::clearCode() calls that
-        were being triggered by GC.
-
-        Refactored the random eviction part of the CodeCache into a separate data
-        structure so that I didn't have to duplicate the code again, and then used
-        that for the new function cache.
-
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedFunctionExecutable::visitChildren):
-        (JSC::UnlinkedFunctionExecutable::codeBlockFor):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC::UnlinkedFunctionExecutable::clearCodeForRecompilation):
-        (UnlinkedFunctionExecutable):
-        * debugger/Debugger.cpp:
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::getCodeBlock):
-        (JSC::CodeCache::generateFunctionCodeBlock):
-        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
-        (JSC::CodeCache::usedFunctionCode):
-        (JSC):
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilationIfNotCompiling):
-        (JSC::FunctionExecutable::clearCode):
-        * runtime/Executable.h:
-        (FunctionExecutable):
-
-2012-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG constant folding and CFG simplification should be smart enough to know that if a logical op's operand is proven to have a non-masquerading structure then it always evaluates to true
-        https://bugs.webkit.org/show_bug.cgi?id=101511
-
-        Reviewed by Oliver Hunt.
-
-        To make life easier, this moves BranchDirection into BasicBlock so that after
-        running the CFA, we always know, for each block, what direction the CFA
-        proved. CFG simplification now both uses and preserves cfaBranchDirection in
-        its transformations.
-        
-        Also made both LogicalNot and Branch check whether the operand is a known cell
-        with a known structure, and if so, made them do the appropriate folding.
-        
-        5% speed-up on V8/raytrace because it makes raytrace's own null checks
-        evaporate (i.e. idioms like 'if (!x) throw "unhappiness"') thanks to the fact
-        that we were already doing structure check hoisting.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::endBasicBlock):
-        (JSC::DFG::AbstractState::execute):
-        (JSC::DFG::AbstractState::mergeToSuccessors):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGBasicBlock.h:
-        (JSC::DFG::BasicBlock::BasicBlock):
-        (BasicBlock):
-        * dfg/DFGBranchDirection.h: Added.
-        (DFG):
-        (JSC::DFG::branchDirectionToString):
-        (JSC::DFG::isKnownDirection):
-        (JSC::DFG::branchCondition):
-        * dfg/DFGCFGSimplificationPhase.cpp:
-        (JSC::DFG::CFGSimplificationPhase::run):
-        (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
-
-2012-11-08  Christophe Dumez  <christophe.dumez@intel.com>
-
-        [JSC] HTML extensions to String.prototype should escape " as &quot; in argument values
-        https://bugs.webkit.org/show_bug.cgi?id=90667
-
-        Reviewed by Benjamin Poulain.
-
-        Escape quotation mark as &quot; in argument values to:
-        - String.prototype.anchor(name)
-        - String.prototype.fontcolor(color)
-        - String.prototype.fontsize(size)
-        - String.prototype.link(href)
-
-        This behavior matches Chromium/V8 and Firefox/Spidermonkey
-        implementations and is requited by:
-        http://mathias.html5.org/specs/javascript/#escapeattributevalue
-
-        This also fixes a potential security risk (XSS vector).
-
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncFontcolor):
-        (JSC::stringProtoFuncFontsize):
-        (JSC::stringProtoFuncAnchor):
-        (JSC::stringProtoFuncLink):
-
-2012-11-08  Anders Carlsson  <andersca@apple.com>
-
-        HeapStatistics::s_pauseTimeStarts and s_pauseTimeEnds should be Vectors
-        https://bugs.webkit.org/show_bug.cgi?id=101651
-
-        Reviewed by Andreas Kling.
-
-        HeapStatistics uses Deques when Vectors would work just as good.
-
-        * heap/HeapStatistics.cpp:
-        * heap/HeapStatistics.h:
-        (HeapStatistics):
-
-2012-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not assume that something is a double just because it might be undefined
-        https://bugs.webkit.org/show_bug.cgi?id=101438
-
-        Reviewed by Oliver Hunt.
-
-        This changes all non-bitop arithmetic to (a) statically expect that variables are
-        defined prior to use in arithmetic and (b) not fall off into double paths just
-        because a value may not be a number. This is accomplished with two new notions of
-        speculation:
-        
-        shouldSpeculateIntegerExpectingDefined: Should we speculate that the value is an
-        integer if we ignore undefined (i.e. SpecOther) predictions?
-        
-        shouldSpeculateIntegerForArithmetic: Should we speculate that the value is an
-        integer if we ignore non-numeric predictions?
-        
-        This is a ~2x speed-up on programs that seem to our prediction propagator to have
-        paths in which otherwise numeric variables are undefined.
-
-        * bytecode/SpeculatedType.h:
-        (JSC::isInt32SpeculationForArithmetic):
-        (JSC):
-        (JSC::isInt32SpeculationExpectingDefined):
-        (JSC::isDoubleSpeculationForArithmetic):
-        (JSC::isNumberSpeculationExpectingDefined):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::addShouldSpeculateInteger):
-        (JSC::DFG::Graph::mulShouldSpeculateInteger):
-        (JSC::DFG::Graph::negateShouldSpeculateInteger):
-        (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
-        (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
-        (Node):
-        (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
-        (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
-        (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileAdd):
-        (JSC::DFG::SpeculativeJIT::compileArithMod):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_div):
-
-2012-11-06  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should infer when indexed storage contains only integers or doubles
-        https://bugs.webkit.org/show_bug.cgi?id=98606
-
-        Reviewed by Oliver Hunt.
-
-        This adds two new indexing types: int32 and double. It also adds array allocation profiling,
-        which allows array allocations to converge to allocating arrays using those types to which
-        those arrays would have been converted.
-        
-        20% speed-up on navier-stokes. 40% speed-up on various Kraken DSP tests. Some slow-downs too,
-        but a performance win overall on all benchmarks we track.
-
-        * API/JSObjectRef.cpp:
-        (JSObjectMakeArray):
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/AbstractMacroAssembler.h:
-        (JumpList):
-        (JSC::AbstractMacroAssembler::JumpList::JumpList):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchDouble):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::jnp):
-        (X86Assembler):
-        (JSC::X86Assembler::X86InstructionFormatter::emitRex):
-        * bytecode/ArrayAllocationProfile.cpp: Added.
-        (JSC):
-        (JSC::ArrayAllocationProfile::updateIndexingType):
-        * bytecode/ArrayAllocationProfile.h: Added.
-        (JSC):
-        (ArrayAllocationProfile):
-        (JSC::ArrayAllocationProfile::ArrayAllocationProfile):
-        (JSC::ArrayAllocationProfile::selectIndexingType):
-        (JSC::ArrayAllocationProfile::updateLastAllocation):
-        (JSC::ArrayAllocationProfile::selectIndexingTypeFor):
-        (JSC::ArrayAllocationProfile::updateLastAllocationFor):
-        * bytecode/ArrayProfile.cpp:
-        (JSC::ArrayProfile::updatedObservedArrayModes):
-        (JSC):
-        * bytecode/ArrayProfile.h:
-        (JSC):
-        (JSC::arrayModesInclude):
-        (JSC::shouldUseSlowPutArrayStorage):
-        (JSC::shouldUseFastArrayStorage):
-        (JSC::shouldUseContiguous):
-        (JSC::shouldUseDouble):
-        (JSC::shouldUseInt32):
-        (ArrayProfile):
-        * bytecode/ByValInfo.h:
-        (JSC::isOptimizableIndexingType):
-        (JSC::jitArrayModeForIndexingType):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
-        (JSC):
-        (JSC::CodeBlock::updateAllValueProfilePredictions):
-        (JSC::CodeBlock::updateAllArrayPredictions):
-        (JSC::CodeBlock::updateAllPredictions):
-        (JSC::CodeBlock::shouldOptimizeNow):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::numberOfArrayAllocationProfiles):
-        (JSC::CodeBlock::addArrayAllocationProfile):
-        (JSC::CodeBlock::updateAllValueProfilePredictions):
-        (JSC::CodeBlock::updateAllArrayPredictions):
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * bytecode/Instruction.h:
-        (JSC):
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/SpeculatedType.h:
-        (JSC):
-        (JSC::isRealNumberSpeculation):
-        * bytecode/UnlinkedCodeBlock.cpp:
-        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
-        * bytecode/UnlinkedCodeBlock.h:
-        (JSC):
-        (JSC::UnlinkedCodeBlock::addArrayAllocationProfile):
-        (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles):
-        (UnlinkedCodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::newArrayAllocationProfile):
-        (JSC):
-        (JSC::BytecodeGenerator::emitNewArray):
-        (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::fromObserved):
-        (JSC::DFG::ArrayMode::refine):
-        (DFG):
-        (JSC::DFG::ArrayMode::alreadyChecked):
-        (JSC::DFG::arrayTypeToString):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::ArrayMode::withType):
-        (ArrayMode):
-        (JSC::DFG::ArrayMode::withTypeAndConversion):
-        (JSC::DFG::ArrayMode::usesButterfly):
-        (JSC::DFG::ArrayMode::isSpecific):
-        (JSC::DFG::ArrayMode::supportsLength):
-        (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArrayMode):
-        (ByteCodeParser):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
-        (JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal):
-        (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGNode.h:
-        (NewArrayBufferData):
-        (JSC::DFG::Node::hasIndexingType):
-        (Node):
-        (JSC::DFG::Node::indexingType):
-        (JSC::DFG::Node::setIndexingType):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (SpeculateIntegerOperand):
-        (JSC::DFG::SpeculateIntegerOperand::use):
-        (SpeculateDoubleOperand):
-        (JSC::DFG::SpeculateDoubleOperand::use):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JIT.h:
-        (JSC::JIT::emitInt32GetByVal):
-        (JIT):
-        (JSC::JIT::emitInt32PutByVal):
-        (JSC::JIT::emitDoublePutByVal):
-        (JSC::JIT::emitContiguousPutByVal):
-        * jit/JITExceptions.cpp:
-        (JSC::genericThrow):
-        * jit/JITInlineMethods.h:
-        (JSC::arrayProfileSaw):
-        (JSC::JIT::chooseArrayMode):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emit_op_new_array_with_size):
-        (JSC::JIT::emit_op_new_array_buffer):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitDoubleGetByVal):
-        (JSC):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitGenericContiguousPutByVal):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::privateCompileGetByVal):
-        (JSC::JIT::privateCompilePutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emitDoubleGetByVal):
-        (JSC):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitGenericContiguousPutByVal):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC):
-        * jsc.cpp:
-        (GlobalObject::finishCreation):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::jitCompileAndSetHeuristics):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/x86.rb:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        * runtime/ArrayConstructor.h:
-        (JSC):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::arrayProtoFuncConcat):
-        (JSC::arrayProtoFuncSlice):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncFilter):
-        (JSC::arrayProtoFuncMap):
-        * runtime/Butterfly.h:
-        (JSC::Butterfly::contiguousInt32):
-        (JSC::Butterfly::contiguousDouble):
-        (JSC::Butterfly::fromContiguous):
-        * runtime/ButterflyInlineMethods.h:
-        (JSC::Butterfly::createUninitializedDuringCollection):
-        * runtime/FunctionPrototype.cpp:
-        (JSC::functionProtoFuncBind):
-        * runtime/IndexingHeaderInlineMethods.h:
-        (JSC::IndexingHeader::indexingPayloadSizeInBytes):
-        * runtime/IndexingType.cpp:
-        (JSC::leastUpperBoundOfIndexingTypes):
-        (JSC):
-        (JSC::leastUpperBoundOfIndexingTypeAndType):
-        (JSC::leastUpperBoundOfIndexingTypeAndValue):
-        (JSC::indexingTypeToString):
-        * runtime/IndexingType.h:
-        (JSC):
-        (JSC::hasUndecided):
-        (JSC::hasInt32):
-        (JSC::hasDouble):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCountWithAnyIndexingType):
-        (JSC::JSArray::unshiftCountWithAnyIndexingType):
-        (JSC::compareNumbersForQSortWithInt32):
-        (JSC):
-        (JSC::compareNumbersForQSortWithDouble):
-        (JSC::JSArray::sortNumericVector):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sortCompactedVector):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::sortVector):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToArguments):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSArray):
-        (JSC::createContiguousArrayButterfly):
-        (JSC::JSArray::create):
-        (JSC::JSArray::tryCreateUninitialized):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        (JSC::JSGlobalObject::haveABadTime):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::originalArrayStructureForIndexingType):
-        (JSC::JSGlobalObject::arrayStructureForIndexingTypeDuringAllocation):
-        (JSC::JSGlobalObject::arrayStructureForProfileDuringAllocation):
-        (JSC::JSGlobalObject::isOriginalArrayStructure):
-        (JSC::constructEmptyArray):
-        (JSC::constructArray):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::copyButterfly):
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::createInitialIndexedStorage):
-        (JSC):
-        (JSC::JSObject::createInitialUndecided):
-        (JSC::JSObject::createInitialInt32):
-        (JSC::JSObject::createInitialDouble):
-        (JSC::JSObject::createInitialContiguous):
-        (JSC::JSObject::convertUndecidedToInt32):
-        (JSC::JSObject::convertUndecidedToDouble):
-        (JSC::JSObject::convertUndecidedToContiguous):
-        (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
-        (JSC::JSObject::convertUndecidedToArrayStorage):
-        (JSC::JSObject::convertInt32ToDouble):
-        (JSC::JSObject::convertInt32ToContiguous):
-        (JSC::JSObject::convertInt32ToArrayStorage):
-        (JSC::JSObject::convertDoubleToContiguous):
-        (JSC::JSObject::convertDoubleToArrayStorage):
-        (JSC::JSObject::convertContiguousToArrayStorage):
-        (JSC::JSObject::convertUndecidedForValue):
-        (JSC::JSObject::convertInt32ForValue):
-        (JSC::JSObject::setIndexQuicklyToUndecided):
-        (JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
-        (JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
-        (JSC::JSObject::ensureInt32Slow):
-        (JSC::JSObject::ensureDoubleSlow):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
-        (JSC::JSObject::switchToSlowPutArrayStorage):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::getNewVectorLength):
-        (JSC::JSObject::countElements):
-        (JSC::JSObject::ensureLengthSlow):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getArrayLength):
-        (JSC::JSObject::getVectorLength):
-        (JSC::JSObject::canGetIndexQuickly):
-        (JSC::JSObject::getIndexQuickly):
-        (JSC::JSObject::tryGetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuicklyForPutDirect):
-        (JSC::JSObject::setIndexQuickly):
-        (JSC::JSObject::initializeIndex):
-        (JSC::JSObject::hasSparseMap):
-        (JSC::JSObject::inSparseIndexingMode):
-        (JSObject):
-        (JSC::JSObject::ensureInt32):
-        (JSC::JSObject::ensureDouble):
-        (JSC::JSObject::ensureLength):
-        (JSC::JSObject::indexingData):
-        (JSC::JSObject::currentIndexingData):
-        (JSC::JSObject::getHolyIndexQuickly):
-        (JSC::JSObject::relevantLength):
-        (JSC::JSObject::currentRelevantLength):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/LiteralParser.cpp:
-        (JSC::::parse):
-        * runtime/ObjectConstructor.cpp:
-        (JSC::objectConstructorGetOwnPropertyNames):
-        (JSC::objectConstructorKeys):
-        * runtime/StringPrototype.cpp:
-        (JSC::stringProtoFuncMatch):
-        (JSC::stringProtoFuncSplit):
-        * runtime/Structure.cpp:
-        (JSC::Structure::nonPropertyTransition):
-        * runtime/StructureTransitionTable.h:
-        (JSC::newIndexingType):
-
-2012-11-08  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        ASSERT problem on MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=100589
-
-        Reviewed by Oliver Hunt.
-
-        ASSERT fix for MIPS arch.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_resolve_operations):
-
-2012-11-08  Michael Saboff  <msaboff@apple.com>
-
-        OpaqueJSClassContextData() should use StringImpl::isolatedCopy() to make string copies
-        https://bugs.webkit.org/show_bug.cgi?id=101507
-
-        Reviewed by Andreas Kling.
-
-        Changed to use isolatedCopy() for key Strings.
-
-        * API/JSClassRef.cpp:
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-
-2012-11-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        WeakBlocks should be HeapBlocks
-        https://bugs.webkit.org/show_bug.cgi?id=101411
-
-        Reviewed by Oliver Hunt.
-
-        Currently WeakBlocks use fastMalloc memory. They are very similar to the other HeapBlocks, however, 
-        so we should change them to being allocated with the BlockAllocator.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        * heap/BlockAllocator.h: Added a new RegionSet for WeakBlocks.
-        (JSC):
-        (BlockAllocator):
-        (JSC::WeakBlock):
-        * heap/Heap.h: Friended WeakSet to allow access to the BlockAllocator.
-        (Heap):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::create): Refactored to use HeapBlocks rather than fastMalloc.
-        (JSC::WeakBlock::WeakBlock):
-        * heap/WeakBlock.h: Changed the WeakBlock size to 4 KB so that it divides evenly into the Region size.
-        (JSC):
-        (WeakBlock):
-        * heap/WeakSet.cpp:
-        (JSC::WeakSet::~WeakSet):
-        (JSC::WeakSet::addAllocator):
-
-2012-11-07  Filip Pizlo  <fpizlo@apple.com>
-
-        Indentation of ArgList.h is wrong
-        https://bugs.webkit.org/show_bug.cgi?id=101441
-
-        Reviewed by Andreas Kling.
-
-        Just unindented by 4 spaces.
-
-        * runtime/ArgList.h:
-
-2012-11-07  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        [Qt][ARM] REGRESSION(r133688): It made all JSC and layout tests crash on ARM traditional platform
-        https://bugs.webkit.org/show_bug.cgi?id=101465
-
-        Reviewed by Oliver Hunt.
-
-        Fix failing javascriptcore tests on ARM after r133688
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-
-2012-11-06  Oliver Hunt  <oliver@apple.com>
-
-        Reduce parser overhead in JSC
-        https://bugs.webkit.org/show_bug.cgi?id=101127
-
-        Reviewed by Filip Pizlo.
-
-        An exciting journey into the world of architecture in which our hero
-        adds yet another layer to JSC codegeneration.
-
-        This patch adds a marginally more compact form of bytecode that is
-        free from any data specific to a given execution context, and that
-        does store any data structures necessary for execution.  To actually
-        execute this UnlinkedBytecode we still need to instantiate a real
-        CodeBlock, but this is a much faster linear time operation than any
-        of the earlier parsing or code generation passes.
-
-        As the unlinked code is context free we can then simply use a cache
-        from source to unlinked code mapping to completely avoid all of the
-        old parser overhead.  The cache is currently very simple and memory
-        heavy, using the complete source text as a key (rather than SourceCode
-        or equivalent), and a random eviction policy.
-
-        This seems to produce a substantial win when loading identical content
-        in different contexts.
-
-        * API/tests/testapi.c:
-        (main):
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        * bytecode/CodeBlock.h:
-            Moved a number of fields, and a bunch of logic to UnlinkedCodeBlock.h/cpp
-        * bytecode/Opcode.h:
-            Added a global const init no op instruction needed to get correct
-            behaviour without any associated semantics.
-        * bytecode/UnlinkedCodeBlock.cpp: Added.
-        * bytecode/UnlinkedCodeBlock.h: Added.
-            A fairly shallow, GC allocated version of the old CodeBlock
-            classes with a 32bit instruction size, and just metadata
-            size tracking.
-        * bytecompiler/BytecodeGenerator.cpp:
-        * bytecompiler/BytecodeGenerator.h:
-            Replace direct access to m_symbolTable with access through
-            symbolTable().  ProgramCode no longer has a symbol table at
-            all so some previously unconditional (and pointless) uses
-            of symbolTable get null checks.
-            A few other changes to deal with type changes due to us generating
-            unlinked code (eg. pointer free, so profile indices rather than
-            pointers).
-        * dfg/DFGByteCodeParser.cpp:
-        * dfg/DFGCapabilities.h:
-            Support global_init_nop        
-        * interpreter/Interpreter.cpp:
-            Now get the ProgramExecutable to initialise new global properties
-            before starting execution.        
-        * jit/JIT.cpp:
-        * jit/JITDriver.h:
-        * jit/JITStubs.cpp:
-        * llint/LLIntData.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-            Adding init_global_const_nop everywhere else
-        * parser/Parser.h:
-        * parser/ParserModes.h: Added.
-        * parser/ParserTokens.h:
-            Parser no longer needs a global object or callframe to function        
-        * runtime/CodeCache.cpp: Added.
-        * runtime/CodeCache.h: Added.
-            A simple, random eviction, Source->UnlinkedCode cache        
-        * runtime/Executable.cpp:
-        * runtime/Executable.h:
-            Executables now reference their unlinked counterparts, and
-            request code specifically for the target global object.        
-        * runtime/JSGlobalData.cpp:
-        * runtime/JSGlobalData.h:
-            GlobalData now owns a CodeCache and a set of new structures
-            for the unlinked code types.  
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-            Utility functions used by executables to perform compilation
- 
-        * runtime/JSType.h:
-          Add new JSTypes for unlinked code
-
-2012-11-06  Michael Saboff  <msaboff@apple.com>
-
-        JSStringCreateWithCFString() Should create an 8 bit String if possible
-        https://bugs.webkit.org/show_bug.cgi?id=101104
-
-        Reviewed by Darin Adler.
-
-        Try converting the CFString to an 8 bit string using CFStringGetBytes(...,
-        kCFStringEncodingISOLatin1, ...) and return the 8 bit string if successful.
-        If not proceed with 16 bit conversion.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-
-2012-11-06  Oliver Hunt  <oliver@apple.com>
-
-        Reduce direct m_symbolTable usage in CodeBlock
-        https://bugs.webkit.org/show_bug.cgi?id=101391
-
-        Reviewed by Sam Weinig.
-
-        Simple refactoring.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::dumpStatistics):
-        (JSC::CodeBlock::nameForRegister):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::isCaptured):
-
-2012-11-06  Michael Saboff  <msaboff@apple.com>
-
-        Lexer::scanRegExp, create 8 bit pattern and flag Identifiers from 16 bit source when possible
-        https://bugs.webkit.org/show_bug.cgi?id=101013
-
-        Reviewed by Darin Adler.
-
-        Changed scanRegExp so that it will create 8 bit identifiers from 8 bit sources and from 16 bit sources
-        whan all the characters are 8 bit.  Using two templated helpers, the "is all 8 bit" check is only performed
-        on 16 bit sources.  The first helper is orCharacter() that will accumulate the or value of all characters
-        only for 16 bit sources.  Replaced the helper Lexer::makeIdentifierSameType() with Lexer::makeRightSizedIdentifier().
-
-        * parser/Lexer.cpp:
-        (JSC::orCharacter<LChar>): Explicit template that serves as a placeholder.
-        (JSC::orCharacter<UChar>): Explicit template that actually or accumulates characters.
-        (JSC::Lexer::scanRegExp):
-        * parser/Lexer.h:
-        (Lexer):
-        (JSC::Lexer::makeRightSizedIdentifier<LChar>): New template that always creates an 8 bit Identifier.
-        (JSC::Lexer::makeRightSizedIdentifier<UChar>): New template that creates an 8 bit Identifier for 8 bit
-        data in a 16 bit source.
-
-2012-11-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Indentation of JSCell.h is wrong
-        https://bugs.webkit.org/show_bug.cgi?id=101379
-
-        Rubber stamped by Alexey Proskuryakov.
-
-        Just removed four spaces on a bunch of lines.
-
-        * runtime/JSCell.h:
-
-2012-11-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Indentation of JSObject.h is wrong
-        https://bugs.webkit.org/show_bug.cgi?id=101313
-
-        Rubber stamped by Alexey Proskuryakov.
-
-        Just unindented code, since namespace bodies shouldn't be indented.
-
-        * runtime/JSObject.h:
-
-2012-11-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Indentation of JSArray.h is wrong
-        https://bugs.webkit.org/show_bug.cgi?id=101314
-
-        Rubber stamped by Alexey Proskuryakov.
-
-        Just removing the indentation inside the namespace body.
-
-        * runtime/JSArray.h:
-
-2012-11-05  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should not fall down to patchable GetById just because a prototype had things added to it
-        https://bugs.webkit.org/show_bug.cgi?id=101299
-
-        Reviewed by Geoffrey Garen.
-
-        This looks like a slight win on V8v7 and SunSpider.
-
-        * bytecode/DFGExitProfile.h:
-        (JSC::DFG::exitKindToString):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-11-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Get rid of method_check
-        https://bugs.webkit.org/show_bug.cgi?id=101147
-
-        Reviewed by Geoffrey Garen.
-
-        op_method_check no longer buys us anything, since get_by_id proto caching
-        gives just as much profiling information and the DFG inlines monomorphic
-        proto accesses anyway.
-        
-        This also has the potential for a speed-up since it makes parsing of
-        profiling data easier. No longer do we have to deal with the confusion of
-        the get_by_id portion of a method_check appearing monomorphic even though
-        we're really dealing with a bimorphic access (method_check specializes for
-        one case and get_by_id for another).
-
-        This looks like a 1% speed-up on both SunSpider and V8v7.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printGetByIdCacheStatus):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::shrinkToFit):
-        (JSC::CodeBlock::unlinkCalls):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::getCallLinkInfo):
-        (JSC::CodeBlock::callLinkInfo):
-        (CodeBlock):
-        * bytecode/GetByIdStatus.cpp:
-        (JSC::GetByIdStatus::computeFromLLInt):
-        * bytecode/MethodCallLinkInfo.cpp: Removed.
-        * bytecode/MethodCallLinkInfo.h: Removed.
-        * bytecode/MethodCallLinkStatus.cpp: Removed.
-        * bytecode/MethodCallLinkStatus.h: Removed.
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallDotNode::emitBytecode):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::PropertyStubCompilationInfo::copyToStubInfo):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::PropertyStubCompilationInfo::slowCaseInfo):
-        (PropertyStubCompilationInfo):
-        (JSC):
-        (JIT):
-        * jit/JITPropertyAccess.cpp:
-        (JSC):
-        (JSC::JIT::emitSlow_op_get_by_id):
-        (JSC::JIT::compileGetByIdSlowCase):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC):
-        (JSC::JIT::compileGetByIdSlowCase):
-        * jit/JITStubs.cpp:
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LowLevelInterpreter.asm:
-
-2012-11-05  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Refactor LLInt64 to distinguish the pointer operations from the 64-bit integer operations
-        https://bugs.webkit.org/show_bug.cgi?id=100321
-
-        Reviewed by Filip Pizlo.
-
-        We have refactored the MacroAssembler and JIT compilers to distinguish
-        the pointer operations from the 64-bit integer operations (see bug #99154).
-        Now we want to do the similar work for LLInt, and the goal is same as
-        the one mentioned in 99154.
-
-        This is the second part of the modification: in the low level interpreter,
-        changing the operations on 64-bit integers to use the "<foo>q" instructions.
-        This also removes some unused/meaningless "<foo>p" instructions.
-
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter.cpp:
-        (JSC::CLoop::execute):
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/armv7.rb:
-        * offlineasm/cloop.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/x86.rb:
-
-2012-11-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Prototype chain caching should check that the path from the base object to the slot base involves prototype hops only
-        https://bugs.webkit.org/show_bug.cgi?id=101276
-
-        Reviewed by Gavin Barraclough.
-
-        Changed normalizePrototypeChain() to report an invalid prototype chain if any object is a proxy.
-        This catches cases where our prototype chain checks would have been insufficient to guard against
-        newly introduced properties, despecialized properties, or deleted properties in the chain of
-        objects involved in the access.
-
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDProtoList):
-        (JSC::DFG::tryCachePutByID):
-        (JSC::DFG::tryBuildPutByIdList):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * runtime/Operations.h:
-        (JSC):
-        (JSC::normalizePrototypeChain):
-
-2012-11-05  Dima Gorbik  <dgorbik@apple.com>
-
-        Back out controversial changes from Bug 98665.
-        https://bugs.webkit.org/show_bug.cgi?id=101244
-
-        Reviewed by David Kilzer.
-
-        Backing out changes from Bug 98665 until further discussions take place on rules for including Platform.h in Assertions.h.
-
-        * API/tests/minidom.c:
-        * API/tests/testapi.c:
-
-2012-11-04  Filip Pizlo  <fpizlo@apple.com>
-
-        Reduce the verbosity of referring to QNaN in JavaScriptCore
-        https://bugs.webkit.org/show_bug.cgi?id=101174
-
-        Reviewed by Geoffrey Garen.
-
-        Introduces a #define QNaN in JSValue.h, and replaces all previous uses of
-        std::numeric_limits<double>::quiet_NaN() with QNaN.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeNumber):
-        (JSValueToNumber):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitFloatTypedArrayGetByVal):
-        * runtime/CachedTranscendentalFunction.h:
-        (JSC::CachedTranscendentalFunction::initialize):
-        * runtime/DateConstructor.cpp:
-        (JSC::constructDate):
-        * runtime/DateInstanceCache.h:
-        (JSC::DateInstanceData::DateInstanceData):
-        (JSC::DateInstanceCache::reset):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::defaultValue):
-        (JSC::TerminatedExecutionError::defaultValue):
-        * runtime/JSCell.h:
-        (JSC::JSValue::getPrimitiveNumber):
-        * runtime/JSDateMath.cpp:
-        (JSC::parseDateFromNullTerminatedCharacters):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::resetDateCache):
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::parseInt):
-        (JSC::jsStrDecimalLiteral):
-        (JSC::toDouble):
-        (JSC::jsToNumber):
-        (JSC::parseFloat):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toNumberSlowCase):
-        * runtime/JSValue.h:
-        (JSC):
-        * runtime/JSValueInlineMethods.h:
-        (JSC::jsNaN):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncMax):
-        (JSC::mathProtoFuncMin):
-
-2012-11-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Baseline JIT should use structure watchpoints whenever possible
-        https://bugs.webkit.org/show_bug.cgi?id=101146
-
-        Reviewed by Sam Weinig.
-
-        No speed-up yet except on toy programs. I think that it will start to show
-        speed-ups with https://bugs.webkit.org/show_bug.cgi?id=101147, which this is
-        a step towards.
-
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-        (JSC::JIT::addStructureTransitionCheck):
-        (JSC):
-        (JSC::JIT::testPrototype):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        (JSC::JIT::privateCompileGetByIdProto):
-        (JSC::JIT::privateCompileGetByIdProtoList):
-        (JSC::JIT::privateCompileGetByIdChainList):
-        (JSC::JIT::privateCompileGetByIdChain):
-
-2012-11-04  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] udis86_itab.c is always regenerated
-        https://bugs.webkit.org/show_bug.cgi?id=100756
-
-        Reviewed by Simon Hausmann.
-
-        * DerivedSources.pri: Generate sources to the generated directory.
-        * disassembler/udis86/differences.txt:
-        * disassembler/udis86/itab.py: Add --outputDir option.
-        (UdItabGenerator.__init__):
-        (genItabH):
-        (genItabC):
-        (main):
-
-2012-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt 32-bit put_by_val ArrayStorage case should use the right register (t3, not t2) for the index in the publicLength updating path
-        https://bugs.webkit.org/show_bug.cgi?id=101118
-
-        Reviewed by Gavin Barraclough.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::Node::converToStructureTransitionWatchpoint should take kindly to ArrayifyToStructure
-        https://bugs.webkit.org/show_bug.cgi?id=101117
-
-        Reviewed by Gavin Barraclough.
-
-        We have logic to convert ArrayifyToStructure to StructureTransitionWatchpoint, which is awesome, except
-        that previously convertToStructureTransitionWatchpoint was (a) asserting that it never saw an
-        ArrayifyToStructure and (b) would incorrectly create a ForwardStructureTransitionWatchpoint if it did.
-
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
-
-2012-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::SpeculativeJIT::typedArrayDescriptor should use the Float64Array descriptor for Float64Arrays
-        https://bugs.webkit.org/show_bug.cgi?id=101114
-
-        Reviewed by Gavin Barraclough.
-
-        As in https://bugs.webkit.org/show_bug.cgi?id=101112, this was only wrong when Float64Array descriptors
-        hadn't been initialized yet. That happens rarely, but when it does happen, we would crash.
-        
-        This would also become much more wrong if we ever put type size info (num bytes, etc) in the descriptor
-        and used that directly. So it's good to fix it.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
-
-2012-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT::privateCompileGetByVal should use the uint8ClampedArrayDescriptor for compiling accesses to Uint8ClampedArrays
-        https://bugs.webkit.org/show_bug.cgi?id=101112
-
-        Reviewed by Gavin Barraclough.
-
-        The only reason why the code was wrong to use uint8ArrayDescriptor instead is that if we're just using
-        Uint8ClampedArrays then the descriptor for Uint8Array may not have been initialized.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByVal):
-
-2012-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        MarkedBlocks should use something other than the mark bits to indicate liveness for newly allocated objects
-        https://bugs.webkit.org/show_bug.cgi?id=100877
-
-        Reviewed by Filip Pizlo.
-
-        Currently when we canonicalize cell liveness data in MarkedBlocks, we set the mark bit for every cell in the 
-        block except for those in the free list. This allows us to consider objects that were allocated since the 
-        previous collection to be considered live until they have a chance to be properly marked by the collector.
-
-        If we want to use the mark bits to signify other types of information, e.g. using sticky mark bits for generational 
-        collection, we will have to keep track of newly allocated objects in a different fashion when we canonicalize cell liveness.
-
-        One method would be to allocate a separate set of bits while canonicalizing liveness data. These bits would 
-        track the newly allocated objects in the block separately from those objects who had already been marked. We would 
-        then check these bits, along with the mark bits, when determining liveness. 
-
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::isLive): We now check for the presence of the newlyAllocated Bitmap.
-        (JSC):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::specializedSweep): We clear the newlyAllocated Bitmap if we're creating a free list. This 
-        will happen if we canonicalize liveness data for some other reason than collection (e.g. forEachCell) and 
-        then start allocating again.
-        (JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor): 
-        (SetNewlyAllocatedFunctor):
-        (JSC::SetNewlyAllocatedFunctor::operator()): We set the newlyAllocated bits for all the objects 
-        that aren't already marked. We undo the bits for the objects in the free list later in canonicalizeCellLivenessData.
-        (JSC::MarkedBlock::canonicalizeCellLivenessData): We should never have a FreeListed block with a newlyAllocated Bitmap.
-        We allocate the new Bitmap, set the bits for all the objects that aren't already marked, and then unset all of the 
-        bits for the items currently in the FreeList.
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::clearMarks): We clear the newlyAllocated bitmap if it exists because at this point we don't need it
-        any more.
-        (JSC::MarkedBlock::isEmpty): If we have some objects that are newlyAllocated, we are not empty.
-        (JSC::MarkedBlock::isNewlyAllocated): 
-        (JSC):
-        (JSC::MarkedBlock::setNewlyAllocated):
-        (JSC::MarkedBlock::clearNewlyAllocated):
-        (JSC::MarkedBlock::isLive): We now check the newlyAllocated Bitmap, if it exists, when determining liveness of a cell in 
-        a block that is Marked.
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::visit): We need to make sure we don't finalize objects that are in the newlyAllocated Bitmap.
-        (JSC::WeakBlock::reap): Ditto.
-
-2012-11-02  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT::privateCompileGetByVal should use MacroAssemblerCodePtr::createFromExecutableAddress like JIT::privateCompilePutByVal
-        https://bugs.webkit.org/show_bug.cgi?id=101109
-
-        Reviewed by Gavin Barraclough.
-
-        This fixes crashes on ARMv7 resulting from the return address already being tagged with the THUMB2 bit.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompileGetByVal):
-
-2012-11-02  Simon Fraser  <simon.fraser@apple.com>
-
-        Enable SUBPIXEL_LAYOUT on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=101076
-
-        Reviewed by Dave Hyatt.
-
-        Define ENABLE_SUBPIXEL_LAYOUT and include it in FEATURE_DEFINES.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-11-02  Michael Saboff  <msaboff@apple.com>
-
-        RegExp.prototype.toString Should Produce an 8 bit JSString if possible.
-        https://bugs.webkit.org/show_bug.cgi?id=101003
-
-        Reviewed by Geoffrey Garen.
-
-        Took the logic of regExpObjectSource() and created two templated helpers that uses the
-        source character type when appending to the StringBuilder.
-
-        * runtime/RegExpObject.cpp:
-        (JSC::appendLineTerminatorEscape): Checks line terminate type to come up with escaped version.
-        (JSC::regExpObjectSourceInternal): Templated version of original.
-        (JSC::regExpObjectSource): Wrapper function.
-
-2012-11-02  Adam Barth  <abarth@webkit.org>
-
-        ENABLE(UNDO_MANAGER) is disabled everywhere and is not under active development
-        https://bugs.webkit.org/show_bug.cgi?id=100711
-
-        Reviewed by Eric Seidel.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-11-02  Simon Hausmann  <simon.hausmann@digia.com>
-
-        [Qt] Fix build on Windows when Qt is configured with -release
-        https://bugs.webkit.org/show_bug.cgi?id=101041
-
-        Reviewed by Jocelyn Turcotte.
-
-        When Qt is configured with -debug or -release, the release/debug build of for example
-        QtCore is not available by default. For LLIntExtractor we always need to build debug
-        _and_ release versions, but we do not actually need any Qt libraries nor qtmain(d).lib.
-        Therefore we can disable all these features but need to keep $$QT.core.includes in the
-        INCLUDEPATH for some defines from qglobal.h.
-
-        * LLIntOffsetsExtractor.pro:
-
-2012-11-01  Mark Lam  <mark.lam@apple.com>
-
-        A llint workaround for a toolchain issue.
-        https://bugs.webkit.org/show_bug.cgi?id=101012.
-
-        Reviewed by Michael Saboff.
-
-        * llint/LowLevelInterpreter.asm:
-          - use a local label to workaround the toolchain issue with undeclared
-            global labels.
-
-2012-11-01  Oliver Hunt  <oliver@apple.com>
-
-        Remove GlobalObject constant register that is typically unused
-        https://bugs.webkit.org/show_bug.cgi?id=101005
-
-        Reviewed by Geoffrey Garen.
-
-        The GlobalObject constant register is frequently allocated even when it
-        is not used, it is also getting in the way of some other optimisations.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::CodeBlock):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-
-2012-10-31  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG optimized string access code should be enabled
-        https://bugs.webkit.org/show_bug.cgi?id=100825
-
-        Reviewed by Oliver Hunt.
-
-        - Removes prediction checks from the parser.
-        
-        - Fixes the handling of array mode refinement for strings. I.e. we don't do
-          any refinement - we already know it's going to be a string. We could
-          revisit this in the future, but for now the DFG lacks the ability to
-          handle any array modes other than Array::String for string intrinsics, so
-          this is as good as it gets.
-        
-        - Removes uses of isBlahSpeculation for checking if a mode is already
-          checked. isBlahSpeculation implicitly checks if the SpeculatedType is not
-          BOTTOM ("empty"), which breaks for checking if a mode is already checked
-          since a mode may already be "checked" in the sense that we've proven that
-          the code is unreachable.
-        
-        ~1% speed-up on V8v7, mostly from a speed-up on crypto, which uses string
-        intrinsics in one of the hot functions.
-
-        * bytecode/SpeculatedType.h:
-        (JSC::speculationChecked):
-        (JSC):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::alreadyChecked):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
-
-2012-10-31  Filip Pizlo  <fpizlo@apple.com>
-
-        Sparse array size threshold should be increased to 100000
-        https://bugs.webkit.org/show_bug.cgi?id=100827
-
-        Reviewed by Oliver Hunt.
-
-        This enables the use of contiguous arrays in programs that previously
-        couldn't use them. And I so far can't see any examples of this being
-        a downside. To the extent that there is a downside, it ought to be
-        addressed by GC: https://bugs.webkit.org/show_bug.cgi?id=100828
-
-        * runtime/ArrayConventions.h:
-        (JSC):
-
-2012-10-31  Mark Lam  <mark.lam@apple.com>
-
-        C++ llint 64-bit backend needs to zero extend results of int32 operations.
-        https://bugs.webkit.org/show_bug.cgi?id=100899.
-
-        Reviewed by Filip Pizlo.
-
-        llint asm instructions ending in "i" for a 64-bit machine expects the
-        high 32-bit of registers to be zero'ed out when a 32-bit instruction
-        writes into a register. Fixed the C++ llint to honor this.
-
-        Fixed the index register used in BaseIndex addressing to be of size
-        intptr_t as expected.
-
-        Updated CLoopRegister to handle different endiannesss configurations.
-
-        * llint/LowLevelInterpreter.cpp:
-        (JSC::CLoopRegister::clearHighWord):
-          - new method to clear the high 32-bit of a 64-bit register.
-            It's a no-op for the 32-bit build. 
-        (CLoopRegister):
-          - CLoopRegister now takes care of packing and byte endianness order.
-        (JSC::CLoop::execute): - Added an assert.
-        * offlineasm/cloop.rb:
-          - Add calls to clearHighWord() wherever needed.
-
-2012-10-31  Mark Lam  <mark.lam@apple.com>
-
-        A JSC printf (support for %J+s and %b).
-        https://bugs.webkit.org/show_bug.cgi?id=100566.
-
-        Reviewed by Michael Saboff.
-
-        Added VMInspector::printf(), fprintf(), sprintf(), and snprintf().
-        - %b prints ints as boolean TRUE (non-zero) or FALSE (zero).
-        - %Js prints a WTF::String* like a %s prints a char*.
-          Also works for 16bit WTF::Strings (prints wchar_t* using %S).
-        - '+' is a modifier meaning 'use verbose mode', and %J+s is an example
-          of its use.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * interpreter/VMInspector.cpp:
-        (FormatPrinter):
-        (JSC::FormatPrinter::~FormatPrinter):
-        (JSC::FormatPrinter::print):
-        (JSC::FormatPrinter::printArg):
-        (JSC::FormatPrinter::printWTFString):
-        (JSC::FileFormatPrinter::FileFormatPrinter):
-        (JSC::FileFormatPrinter::printArg):
-        (JSC::StringFormatPrinter::StringFormatPrinter):
-        (JSC::StringFormatPrinter::printArg):
-        (JSC::StringNFormatPrinter::StringNFormatPrinter):
-        (JSC::StringNFormatPrinter::printArg):
-        (JSC::VMInspector::fprintf):
-        (JSC::VMInspector::printf):
-        (JSC::VMInspector::sprintf):
-        (JSC::VMInspector::snprintf):
-        * interpreter/VMInspector.h:
-        (VMInspector):
-
-2012-10-31  Mark Lam  <mark.lam@apple.com>
-
-        64-bit llint PC offset can be negative: using an unsigned shift is a bug.
-        https://bugs.webkit.org/show_bug.cgi?id=100896.
-
-        Reviewed by Filip Pizlo.
-
-        Fixed the PC offset divisions in the 64-bit llint asm to use rshift instead of urshift.
-
-        * llint/LowLevelInterpreter64.asm:
-
-2012-10-30  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        glsl-function-atan.html WebGL conformance test fails after https://bugs.webkit.org/show_bug.cgi?id=99154
-        https://bugs.webkit.org/show_bug.cgi?id=100789
-
-        Reviewed by Filip Pizlo.
-
-        We accidently missed a bitwise double to int64 conversion.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::silentFill):
-
-2012-10-30  Joseph Pecoraro  <pecoraro@apple.com>
-
-        [Mac] Sync up FeatureDefine Configuration Files
-        https://bugs.webkit.org/show_bug.cgi?id=100171
-
-        Reviewed by David Kilzer.
-
-        Follow up to better coordinate with iOS feature defines. Make:
-
-          - ENABLE_FILTERS always on
-          - ENABLE_INPUT_* iphonesimulator values point to the iphoneos values
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-30  Joseph Pecoraro  <pecoraro@apple.com>
-
-        [Mac] Sync up FeatureDefine Configuration Files
-        https://bugs.webkit.org/show_bug.cgi?id=100171
-
-        Reviewed by David Kilzer.
-
-        Ensure an identical FeatureDefine files across all projects. Changes:
-
-          - ENABLE_CSS_BOX_DECORATION_BREAK should be in all
-          - ENABLE_PDFKIT_PLUGIN should be in all
-          - ENABLE_RESOLUTION_MEDIA_QUERY should be in all
-          - ENABLE_ENCRYPTED_MEDIA should be in all
-          - ENABLE_HIDDEN_PAGE_DOM_TIMER_THROTTLING with corrected value
-          - Some alphabetical ordering cleanup
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Arrays can change IndexingType in the middle of sorting
-        https://bugs.webkit.org/show_bug.cgi?id=100773
-
-        Reviewed by Filip Pizlo.
-
-        Instead of giving up, we just fetch the appropriate vector based on the current 
-        IndexingType of the array.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::sortVector):
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSObject::currentIndexingData):
-        (JSC::JSObject::currentRelevantLength):
-
-2012-10-29  Anders Carlsson  <andersca@apple.com>
-
-        Build WebKit as C++11 on Mac
-        https://bugs.webkit.org/show_bug.cgi?id=100720
-
-        Reviewed by Daniel Bates.
-
-        * Configurations/Base.xcconfig:
-        Add CLANG_CXX_LANGUAGE_STANDARD=gnu++0x.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::generate):
-        (JSC::BytecodeGenerator::pushFinallyContext):
-        (JSC::BytecodeGenerator::beginSwitch):
-        * llint/LLIntOffsetsExtractor.cpp:
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add8):
-        * runtime/Identifier.h:
-        (JSC::Identifier::add):
-        * runtime/JSONObject.cpp:
-        (JSC::appendStringToStringBuilder):
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingStringSearch):
-        Add static_casts to prevent implicit type conversions in non-constant initializer lists.
-
-2012-10-28  Mark Rowe  <mrowe@apple.com>
-
-        Simplify Xcode configuration settings that used to vary between OS versions.
-
-        Reviewed by Dan Bernstein.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-
-2012-10-28  Mark Rowe  <mrowe@apple.com>
-
-        Remove references to unsupported OS and Xcode versions.
-
-        Reviewed by Anders Carlsson.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/CompilerVersion.xcconfig: Removed.
-        * Configurations/DebugRelease.xcconfig:
-        * Configurations/Version.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-10-29  Michael Saboff  <msaboff@apple.com>
-
-        Non-special escape character sequences cause JSC::Lexer::parseString to create 16 bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=100576
-
-        Reviewed by Darin Adler.
-
-        Changed singleEscape() processing to be based on a lookup of a static table.  The table
-        covers ASCII characters SPACE through DEL.  If a character can be a single character escape,
-        then the table provides the non-zero result of that escape.  Updated the result of
-        singleEscape to be an LChar to make the table as small as possible.
-        Added a new test fast/js/normal-character-escapes-in-string-literals.html to validated
-        the behavior.
-
-        * parser/Lexer.cpp:
-        (JSC::singleEscape):
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::parseStringSlowCase):
-
-2012-10-29  Enrica Casucci  <enrica@apple.com>
-
-        Add ENABLE_USERSELECT_ALL feature flag.
-        https://bugs.webkit.org/show_bug.cgi?id=100559
-
-        Reviewed by Eric Seidel.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-28  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should be able to emit effectful structure checks
-        https://bugs.webkit.org/show_bug.cgi?id=99260
-
-        Reviewed by Oliver Hunt.
-
-        This change allows us to find out if an array access that has gone polymorphic
-        is operating over known structures - i.e. the primordial array structures of the
-        global object that the code block containing the array access belongs to. We
-        term this state "OriginalArray" for short. The fact that the access has gone
-        polymorphic means that the array profile will not be able to report the set of
-        structures it had seen - but if it can tell us that all of the structures were
-        primordial then it just so happens that we can deduce what the structure set
-        would have been by just querying the code block's global object. This allows us
-        to emit an ArrayifyToStructure instead of an Arrayify if we find that we need to
-        do conversions. The fast path of an ArrayifyToStructure is exactly like the fast
-        path of a CheckStructure and is mostly subject to the same optimizations. It
-        also burns one fewer registers.
-        
-        Essentially the notion of OriginalArray is a super cheap way of getting the
-        array profile to tell us a structure set instead of a singleton structure.
-        Currently, the array profile can only tell us the structure seen at an array
-        access if there was exactly one structure. If there were multiple structures, it
-        won't tell us anything other than the array modes and other auxiliary profiling
-        data (whether there were stores to holes, for example). With OriginalArray, we
-        cheaply get a structure set if all of the structures were primordial for the
-        code block's global object, since in that case the array mode set (ArrayModes)
-        can directly tell us the structure set. In the future, we might consider adding
-        complete structure sets to the array profiles, but I suspect that we would hit
-        diminishing returns if we did so - it would only help if we have array accesses
-        that are both polymorphic and are cross-global-object accesses (rare) or if the
-        arrays had named properties or other structure transitions that are unrelated to
-        indexing type (also rare).
-        
-        This also does away with Arrayify (and the new ArrayifyToStructure) returning
-        the butterfly pointer. This turns out to be faster and easier to CSE.
-        
-        And, this also changes constant folding to be able to eliminate CheckStructure,
-        ForwardCheckStructure, and ArrayifyToStructure in addition to being able to
-        transform them into structure transition watchpoints. This is great for
-        ArrayifyToStructure because then CSE and CFA know that there is no side effect.
-        Converting CheckStructure and ForwardCheckStructure to also behave this way is
-        just a matter of elegance.
-        
-        This has no performance impact right now. It's intended to alleviate some of the
-        regressions seen in the early implementation of
-        https://bugs.webkit.org/show_bug.cgi?id=98606.
-
-        * bytecode/ArrayProfile.cpp:
-        (JSC::ArrayProfile::computeUpdatedPrediction):
-        * bytecode/ArrayProfile.h:
-        (JSC):
-        (JSC::ArrayProfile::ArrayProfile):
-        (ArrayProfile):
-        (JSC::ArrayProfile::usesOriginalArrayStructures):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::fromObserved):
-        (JSC::DFG::ArrayMode::alreadyChecked):
-        (JSC::DFG::arrayClassToString):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::ArrayMode::withProfile):
-        (JSC::DFG::ArrayMode::isJSArray):
-        (ArrayMode):
-        (JSC::DFG::ArrayMode::isJSArrayWithOriginalStructure):
-        (JSC::DFG::ArrayMode::supportsLength):
-        (JSC::DFG::ArrayMode::arrayModesWithIndexingShape):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArrayMode):
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::checkStructureElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::checkArrayElimination):
-        (JSC::DFG::CSEPhase::getScopeRegistersLoadElimination):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasStructure):
-        (JSC::DFG::Node::hasArrayMode):
-        (JSC::DFG::Node::arrayMode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::isOriginalArrayStructure):
-        * runtime/Structure.cpp:
-        (JSC::Structure::nonPropertyTransition):
-
-2012-10-28  Filip Pizlo  <fpizlo@apple.com>
-
-        There should not be blind spots in array length array profiling
-        https://bugs.webkit.org/show_bug.cgi?id=100620
-
-        Reviewed by Oliver Hunt.
-
-        I don't think this has any performance impact. But it's good to not have random
-        programs occasionally emit a GetById for array length accesses.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-
-2012-10-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, make always-true enum-to-int comparisons use casts.
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::JSValueSource::tagGPR):
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-
-2012-10-27  Filip Pizlo  <fpizlo@apple.com>
-
-        OSR exit compilation should defend against argument recoveries from code blocks that are no longer on the inline stack
-        https://bugs.webkit.org/show_bug.cgi?id=100601
-
-        Reviewed by Oliver Hunt.
-
-        This happened to me while I was fixing bugs for https://bugs.webkit.org/show_bug.cgi?id=100599.
-        I'm not sure how to reproduce this.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
-        (AssemblyHelpers):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-
-2012-10-27  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::Array::Mode needs to be cleaned up
-        https://bugs.webkit.org/show_bug.cgi?id=100599
-
-        Reviewed by Oliver Hunt.
-
-        Turn the previous massive Array::Mode enum into a class that contains four
-        fields, the type, whether it's a JSArray, the level of speculation, and the
-        kind of conversion to perform.
-        
-        No performance or behavioral change.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::ArrayMode::fromObserved):
-        (JSC::DFG::ArrayMode::refine):
-        (JSC::DFG::ArrayMode::alreadyChecked):
-        (JSC::DFG::arrayTypeToString):
-        (JSC::DFG::arrayClassToString):
-        (DFG):
-        (JSC::DFG::arraySpeculationToString):
-        (JSC::DFG::arrayConversionToString):
-        (JSC::DFG::ArrayMode::toString):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (ArrayMode):
-        (JSC::DFG::ArrayMode::ArrayMode):
-        (JSC::DFG::ArrayMode::type):
-        (JSC::DFG::ArrayMode::arrayClass):
-        (JSC::DFG::ArrayMode::speculation):
-        (JSC::DFG::ArrayMode::conversion):
-        (JSC::DFG::ArrayMode::asWord):
-        (JSC::DFG::ArrayMode::fromWord):
-        (JSC::DFG::ArrayMode::withSpeculation):
-        (JSC::DFG::ArrayMode::usesButterfly):
-        (JSC::DFG::ArrayMode::isJSArray):
-        (JSC::DFG::ArrayMode::isInBounds):
-        (JSC::DFG::ArrayMode::mayStoreToHole):
-        (JSC::DFG::ArrayMode::isOutOfBounds):
-        (JSC::DFG::ArrayMode::isSlowPut):
-        (JSC::DFG::ArrayMode::canCSEStorage):
-        (JSC::DFG::ArrayMode::lengthNeedsStorage):
-        (JSC::DFG::ArrayMode::modeForPut):
-        (JSC::DFG::ArrayMode::isSpecific):
-        (JSC::DFG::ArrayMode::supportsLength):
-        (JSC::DFG::ArrayMode::benefitsFromStructureCheck):
-        (JSC::DFG::ArrayMode::doesConversion):
-        (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
-        (JSC::DFG::ArrayMode::operator==):
-        (JSC::DFG::ArrayMode::operator!=):
-        (JSC::DFG::ArrayMode::arrayModesWithIndexingShape):
-        (JSC::DFG::canCSEStorage):
-        (JSC::DFG::lengthNeedsStorage):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getArrayMode):
-        (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getArrayLengthElimination):
-        (JSC::DFG::CSEPhase::checkArrayElimination):
-        (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::arrayMode):
-        (JSC::DFG::Node::setArrayMode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
-        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::putByValWillNeedExtraRegister):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-27  Dan Bernstein  <mitz@apple.com>
-
-        REAL_PLATFORM_NAME build setting is no longer needed
-        https://bugs.webkit.org/show_bug.cgi?id=100587
-
-        Reviewed by Mark Rowe.
-
-        Removed the definition of REAL_PLATFORM_NAME and replaced references to it with references
-        to PLATFORM_NAME.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/CompilerVersion.xcconfig:
-        * Configurations/DebugRelease.xcconfig:
-        * Configurations/FeatureDefines.xcconfig:
-        * Configurations/JSC.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-        * Configurations/ToolExecutable.xcconfig:
-
-2012-10-25  Filip Pizlo  <fpizlo@apple.com>
-
-        Forward OSR calculation is wrong in the presence of multiple SetLocals, or a mix of SetLocals and Phantoms
-        https://bugs.webkit.org/show_bug.cgi?id=100461
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-
-        This does a couple of things. First, it removes the part of the change in r131822 that made the forward
-        OSR exit calculator capable of handling multiple SetLocals. That change was wrong, because it would
-        blindly assume that all SetLocals had the same ValueRecovery, and would ignore the possibility that if
-        there is no value recovery then a ForwardCheckStructure on the first SetLocal would not know how to
-        recover the state associated with the second SetLocal. Then, it introduces the invariant that any bytecode
-        op that decomposes into multiple SetLocals must first emit dead SetLocals as hints and then emit a second
-        set of SetLocals to actually do the setting of the locals. This means that if a ForwardCheckStructure (or
-        any other hoisted forward speculation) is inserted, it will always be inserted on the second set of
-        SetLocals (since hoisting only touches the live ones), at which point OSR will already know about the
-        mov hints implied by the first set of (dead) SetLocals. This gives us the behavior we wanted, namely, that
-        a ForwardCheckStructure applied to a variant set by a resolve_with_base-like operation can correctly do a
-        forward exit while also ensuring that prior to exiting we set the appropriate locals.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-
-2012-10-26  Simon Hausmann  <simon.hausmann@digia.com>
-
-        [Qt] Fix the LLInt build on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=97648
-
-        Reviewed by Tor Arne Vestbø.
-
-        The main change for the port on Windows is changing the way offsets are extracted
-        and the LLIntAssembly.h is generated to accomodate release and debug configurations.
-
-        Firstly the LLIntOffsetsExtractor binary is now built as-is (no DESTDIR set) and
-        placed into debug\LLIntOffsetsExtractor.exe and release\LLIntOffsetsExtractor.exe
-        on Windows debug_and_release builds. On other patforms it remainds in the regular
-        out directory.
-
-        Secondly the LLIntAssembly.h files must be different for different build types,
-        so the LLIntAssembly.h generator in DerivedSources.pri operates no on the extractor
-        binary files as input. Using a simple exists() check we verify the presence of either
-        a regular, a debug\LLIntOffsetsExtractor and a release\LLIntOffsetsExtractor binary
-        and process all of them. The resulting assembly files consequently end up in
-        generated\debug\LLIntAssembly.h and generated\release\LLIntAssembly.h.
-
-        In Target.pri we have to also make sure that those directories are in the include
-        path according to the release or debug configuration.
-
-        Lastly a small tweak - swapping WTF.pri and JSC.pri inclusions - in the
-        LLIntOffsetsExtractor build was needed to make sure that we include
-        JavaScriptCore/config.h instead of WTF/config.h, required to fix the
-        build issues originally pasted in bug #97648.
-
-        * DerivedSources.pri:
-        * JavaScriptCore.pro:
-        * LLIntOffsetsExtractor.pro:
-        * Target.pri:
-
-2012-10-26  Gabor Ballabas  <gaborb@inf.u-szeged.hu>
-
-        [Qt] Enable JSC's disassembler on x86, x86_64 Linux
-        https://bugs.webkit.org/show_bug.cgi?id=100386
-
-        Reviewed by Simon Hausmann.
-
-        It works fine on Linux x86, x86_64 just needs to be enabled in the
-        QtWebKit build system.
-
-        * DerivedSources.pri:
-        * JavaScriptCore.pri:
-        * Target.pri:
-
-2012-10-26  Thiago Marcos P. Santos  <thiago.santos@intel.com>
-
-        Add feature flags for CSS Device Adaptation
-        https://bugs.webkit.org/show_bug.cgi?id=95960
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-26  Simon Hausmann  <simon.hausmann@digia.com>
-
-        [WIN] Make LLInt offsets extractor work on Windows
-        https://bugs.webkit.org/show_bug.cgi?id=100369
-
-        Reviewed by Kenneth Rohde Christiansen.
-
-        Open the input file explicitly in binary mode to prevent ruby/Windows from thinking that
-        it's a text mode file that needs even new line conversions. The binary mode parameter is
-        ignored on other platforms.
-
-        * offlineasm/offsets.rb:
-
-2012-10-25  Michael Saboff  <msaboff@apple.com>
-
-        SymbolTableIndexHashTraits::needsDestruction should be set to true
-        https://bugs.webkit.org/show_bug.cgi?id=100437
-
-        Reviewed by Mark Hahnenberg.
-
-        For correctness, set SymbolTableIndexHashTraits::needsDestruction to true since SymbolTableEntry's do
-        need to have their destructor called due to the possibility of rare data.
-
-        * runtime/SymbolTable.h:
-        (SymbolTableIndexHashTraits):
-
-2012-10-25  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG Arrayify elimination should replace it with GetButterfly rather than Phantom
-        https://bugs.webkit.org/show_bug.cgi?id=100441
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-
-        Made array profiler's to-string helper behave correctly.
-        
-        Made Arrayify elimination do the right thing (convert to GetButterfly).
-        
-        Made CFA's interference analysis track clobbered array modes correctly, mostly by
-        simplifying the machinery.
-
-        * bytecode/ArrayProfile.cpp:
-        (JSC::arrayModesToString):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::clobberArrayModes):
-        (AbstractValue):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-
-2012-10-25  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r131793-r131826): Crash going to wikifonia.org
-        https://bugs.webkit.org/show_bug.cgi?id=100281
-
-        Reviewed by Oliver Hunt.
-
-        Restore something that got lost in the resolve refactoring: the ability to give up on life if
-        we see a resolve of 'arguments'.
-
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::resolveContainingScopeInternal):
-
-2012-10-25  Dominik Röttsches  <dominik.rottsches@intel.com>
-
-        Conditionalize XHR timeout support
-        https://bugs.webkit.org/show_bug.cgi?id=100356
-
-        Reviewed by Adam Barth.
-
-        Adding XHR_TIMEOUT feature to conditionalize this on ports without network backend support.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-25  Michael Saboff  <msaboff@apple.com>
-
-        REGRESSION (r131836): failures in list styles tests on EFL, GTK
-        https://bugs.webkit.org/show_bug.cgi?id=99824
-
-        Reviewed by Oliver Hunt.
-
-        Saved start of string since it is modified by call convertUTF8ToUTF16().
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithUTF8CString):
-
-2012-10-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG NewArrayBuffer node should keep its data in a structure on the side to free up one of the opInfos
-        https://bugs.webkit.org/show_bug.cgi?id=100328
-
-        Reviewed by Oliver Hunt.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGGraph.h:
-        (Graph):
-        * dfg/DFGNode.h:
-        (NewArrayBufferData):
-        (DFG):
-        (JSC::DFG::Node::newArrayBufferData):
-        (Node):
-        (JSC::DFG::Node::startConstant):
-        (JSC::DFG::Node::numConstants):
-
-2012-10-25  Mark Lam  <mark.lam@apple.com>
-
-        Update the C++ llint to work with the latest op_resolve... changes.
-        https://bugs.webkit.org/show_bug.cgi?id=100345.
-
-        Reviewed by Oliver Hunt.
-
-        * llint/LowLevelInterpreter.cpp:
-        (JSC::CLoop::execute):
-        - emit opcode name as label when not using COMPUTED_GOTOs. The new op_resolve
-          opcodes have jumps to these labels.
-        - declare all opcode labels as UNUSED_LABEL()s to keep the compiler happy
-          for opcodes that are not referenced by anyone.
-        * offlineasm/asm.rb:
-        - strip llint_ prefix from opcode names used as labels.
-
-2012-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Refactor LLInt64 to distinguish the pointer operations from the 64-bit integer operations
-        https://bugs.webkit.org/show_bug.cgi?id=100321
-
-        Reviewed by Filip Pizlo.
-
-        We have refactored the MacroAssembler and JIT compilers to distinguish
-        the pointer operations from the 64-bit integer operations (see bug #99154).
-        Now we want to do the similar work for LLInt, and the goal is same as
-        the one mentioned in 99154.
-
-        This is the first part of the modification: in the offline assembler,
-        adding the support of the "<foo>q" instructions which will be used for
-        64-bit integer operations.
-
-        * llint/LowLevelInterpreter.cpp:
-        (JSC::CLoop::execute):
-        * offlineasm/cloop.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/x86.rb:
-
-2012-10-24  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG compileBlahBlahByVal methods for Contiguous and ArrayStorage have only one caller and should be removed
-        https://bugs.webkit.org/show_bug.cgi?id=100311
-
-        Reviewed by Mark Hahnenberg.
-
-        Just trying to simplify things before I make them more complicated again.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-23  Andreas Kling  <kling@webkit.org>
-
-        CodeBlock: Give m_putToBaseOperations an inline capacity.
-        <http://webkit.org/b/100190>
-        <rdar://problem/12562466>
-
-        Reviewed by Oliver Hunt.
-
-        Since the CodeBlock constructor always inserts a single PutToBaseOperation, but there's no
-        guarantee that more will follow, give the m_putToBaseOperations vector an inline capacity of 1.
-        There are 4009 of these Vectors on Membuster3, and only 126 of them have more than a single entry.
-
-        This change yields a 1.90MB reduction in memory usage.
-
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-
-2012-10-23  Christophe Dumez  <christophe.dumez@intel.com>
-
-        Regression(r132143): Assertion hit in JSC::Interpreter::StackPolicy::StackPolicy(JSC::Interpreter&, const WTF::StackBounds&)
-        https://bugs.webkit.org/show_bug.cgi?id=100109
-
-        Reviewed by Oliver Hunt.
-
-        Fix possible integer overflow in StackPolicy constructor by
-        using size_t type instead of int for stack sizes. The value
-        returned by StackBounds::size() is of type size_t but was
-        assigned to an int, which may overflow.
-
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::Interpreter::StackPolicy::StackPolicy):
-
-2012-10-23  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header file.
-
-2012-10-23  Mark Lam  <mark.lam@apple.com>
-
-        Make topCallFrame reliable.
-        https://bugs.webkit.org/show_bug.cgi?id=98928.
-
-        Reviewed by Geoffrey Garen.
-
-        - VM entry points and the GC now uses topCallFrame.
-        - The callerFrame value in CallFrames are now always the previous
-          frame on the stack, except for the first frame which has a
-          callerFrame of 0 (not counting the HostCallFrameFlag).
-          Hence, we can now traverse every frame on the stack all the way
-          back to the first frame.
-        - GlobalExec's will no longer be used as the callerFrame values in
-          call frames.
-        - Added fences and traps for debugging the JSStack in debug builds.
-
-        * bytecode/SamplingTool.h:
-        (SamplingTool):
-        (JSC::SamplingTool::CallRecord::CallRecord):
-        * dfg/DFGOperations.cpp:
-        - Fixed 2 DFG helper functions to flush topCallFrame as expected.
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::callerFrameNoFlags):
-        (ExecState):
-        (JSC::ExecState::argIndexForRegister):
-        (JSC::ExecState::getArgumentUnsafe):
-        * interpreter/CallFrameClosure.h:
-        (CallFrameClosure):
-        * interpreter/Interpreter.cpp:
-        (JSC):
-        (JSC::eval):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::endRepeatCall):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (Interpreter):
-        * interpreter/JSStack.cpp:
-        (JSC::JSStack::JSStack):
-        (JSC::JSStack::gatherConservativeRoots):
-        (JSC::JSStack::disableErrorStackReserve):
-        * interpreter/JSStack.h:
-        (JSC):
-        (JSStack):
-        (JSC::JSStack::installFence):
-        (JSC::JSStack::validateFence):
-        (JSC::JSStack::installTrapsAfterFrame):
-        * interpreter/JSStackInlines.h: Added.
-        (JSC):
-        (JSC::JSStack::getTopOfFrame):
-        (JSC::JSStack::getTopOfStack):
-        (JSC::JSStack::getStartOfFrame):
-        (JSC::JSStack::pushFrame):
-        (JSC::JSStack::popFrame):
-        (JSC::JSStack::generateFenceValue):
-        (JSC::JSStack::installFence):
-        (JSC::JSStack::validateFence):
-        (JSC::JSStack::installTrapsAfterFrame):
-        * jit/JITStubs.cpp:
-        (JSC::jitCompileFor):
-        (JSC::lazyLinkFor):
-        - Set frame->codeBlock to 0 for both the above because they are called
-          with partially intitialized frames (cb uninitialized), but may
-          trigger a GC.
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-
-2012-10-22  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG::Array::Undecided should be called DFG::Array::SelectUsingPredictions
-        https://bugs.webkit.org/show_bug.cgi?id=100052
-
-        Reviewed by Oliver Hunt.
-
-        No functional change, just renaming. It's a clearer name that more accurately
-        reflects the meaning, and it eliminates the namespace confusion that will happen
-        with the Undecided indexing type in https://bugs.webkit.org/show_bug.cgi?id=98606
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::refineArrayMode):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::canCSEStorage):
-        (JSC::DFG::modeIsSpecific):
-        (JSC::DFG::modeSupportsLength):
-        (JSC::DFG::benefitsFromStructureCheck):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-22  Mark Lam  <mark.lam@apple.com>
-
-        Change stack recursion checks to be based on stack availability.
-        https://bugs.webkit.org/show_bug.cgi?id=99872.
-
-        Reviewed by Filip Pizlo and Geoffrey Garen.
-
-        - Remove m_reentryDepth, ThreadStackType which are now obsolete.
-        - Replaced the reentryDepth checks with a StackBounds check.
-        - Added the Interpreter::StackPolicy class to compute a reasonable
-          stack capacity requirement given the native stack that the
-          interpreter is executing on at that time.
-        - Reserved an amount of JSStack space for the use of error handling
-          and enable its use (using Interpreter::ErrorHandlingMode) when
-          we're about to throw or report an exception.
-        - Interpreter::StackPolicy also allows more native stack space
-          to be used when in ErrorHandlingMode. This is needed in the case
-          of native stack overflows.
-        - Fixed the parser so that it throws a StackOverflowError instead of
-          a SyntaxError when it encounters a stack overflow.
-
-        * API/JSContextRef.cpp:
-        (JSContextGroupCreate):
-        (JSGlobalContextCreateInGroup):
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::ErrorHandlingMode::ErrorHandlingMode):
-        (JSC):
-        (JSC::Interpreter::ErrorHandlingMode::~ErrorHandlingMode):
-        (JSC::Interpreter::StackPolicy::StackPolicy):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        * interpreter/Interpreter.h:
-        (JSC):
-        (Interpreter):
-        (ErrorHandlingMode):
-        (StackPolicy):
-        (JSC::Interpreter::StackPolicy::requiredCapacity):
-        * interpreter/JSStack.cpp:
-        (JSC):
-        (JSC::JSStack::JSStack):
-        (JSC::JSStack::growSlowCase):
-        (JSC::JSStack::enableErrorStackReserve):
-        (JSC::JSStack::disableErrorStackReserve):
-        * interpreter/JSStack.h:
-        (JSStack):
-        (JSC::JSStack::reservationEnd):
-        (JSC):
-        * jsc.cpp:
-        (jscmain):
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        * parser/Parser.h:
-        (Parser):
-        (JSC::::parse):
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::throwStackOverflowError):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::createContextGroup):
-        (JSC::JSGlobalData::create):
-        (JSC::JSGlobalData::createLeaked):
-        (JSC::JSGlobalData::sharedInstance):
-        * runtime/JSGlobalData.h:
-        (JSC):
-        (JSGlobalData):
-        * runtime/StringRecursionChecker.h:
-        (JSC::StringRecursionChecker::performCheck):
-        * testRegExp.cpp:
-        (realMain):
-
-2012-10-20  Martin Robinson  <mrobinson@igalia.com>
-
-        Fix 'make dist' for the GTK+ port
-
-        * GNUmakefile.list.am: Add missing files to the source list.
-
-2012-10-21  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>
-
-        [CMake][JSC] Depend on risc.rb to decide when to run the LLInt scripts.
-        https://bugs.webkit.org/show_bug.cgi?id=99917
-
-        Reviewed by Geoffrey Garen.
-
-        Depend on the newly-added risc.rb to make sure we always run the
-        LLInt scripts when one of them changes.
-
-        * CMakeLists.txt:
-
-2012-10-20  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt backends of non-ARM RISC platforms should be able to share code with the existing ARMv7 backend
-        https://bugs.webkit.org/show_bug.cgi?id=99745
-
-        Reviewed by Geoffrey Garen.
-
-        This moves all of the things in armv7.rb that I thought are generally useful out
-        into risc.rb. It also separates some phases (branch ops is separated into one
-        phase that does sensible things, and another that does things that are painfully
-        ARM-specific), and removes ARM assumptions from others by using a callback to
-        drive exactly what lowering must happen. The goal here is to minimize the future
-        maintenance burden of LLInt by ensuring that the various platforms share as much
-        lowering code as possible.
-
-        * offlineasm/armv7.rb:
-        * offlineasm/risc.rb: Added.
-
-2012-10-19  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should have some facility for recognizing redundant CheckArrays and Arrayifies
-        https://bugs.webkit.org/show_bug.cgi?id=99287
-
-        Reviewed by Mark Hahnenberg.
-
-        Adds reasoning about indexing type sets (i.e. ArrayModes) to AbstractValue, which
-        then enables us to fold away CheckArray's and Arrayify's that are redundant.
-
-        * bytecode/ArrayProfile.cpp:
-        (JSC::arrayModesToString):
-        (JSC):
-        * bytecode/ArrayProfile.h:
-        (JSC):
-        (JSC::mergeArrayModes):
-        (JSC::arrayModesAlreadyChecked):
-        * bytecode/StructureSet.h:
-        (JSC::StructureSet::arrayModesFromStructures):
-        (StructureSet):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::AbstractValue):
-        (JSC::DFG::AbstractValue::clear):
-        (JSC::DFG::AbstractValue::isClear):
-        (JSC::DFG::AbstractValue::makeTop):
-        (JSC::DFG::AbstractValue::clobberStructures):
-        (AbstractValue):
-        (JSC::DFG::AbstractValue::setMostSpecific):
-        (JSC::DFG::AbstractValue::set):
-        (JSC::DFG::AbstractValue::operator==):
-        (JSC::DFG::AbstractValue::merge):
-        (JSC::DFG::AbstractValue::filter):
-        (JSC::DFG::AbstractValue::filterArrayModes):
-        (JSC::DFG::AbstractValue::validate):
-        (JSC::DFG::AbstractValue::checkConsistency):
-        (JSC::DFG::AbstractValue::dump):
-        (JSC::DFG::AbstractValue::clobberArrayModes):
-        (JSC::DFG::AbstractValue::clobberArrayModesSlow):
-        (JSC::DFG::AbstractValue::setFuturePossibleStructure):
-        (JSC::DFG::AbstractValue::filterFuturePossibleStructure):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::modeAlreadyChecked):
-        * dfg/DFGArrayMode.h:
-        (JSC::DFG::arrayModesFor):
-        (DFG):
-        * dfg/DFGConstantFoldingPhase.cpp:
-        (JSC::DFG::ConstantFoldingPhase::foldConstants):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::arrayify):
-
-2012-10-19  Filip Pizlo  <fpizlo@apple.com>
-
-        Baseline JIT should not inline array allocations, to make them easier to instrument
-        https://bugs.webkit.org/show_bug.cgi?id=99905
-
-        Reviewed by Mark Hahnenberg.
-
-        This will make it easier to instrument array allocations for the purposes of profiling.
-        It also allows us to kill off a bunch of code. And, this doesn't appear to hurt
-        performance at all. That's expected because these days any hot allocation will end up
-        in the DFG JIT, which does inline these allocations.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITInlineMethods.h:
-        (JSC):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-
-2012-10-19  Oliver Hunt  <oliver@apple.com>
-
-        Fix some of the regression cause by the non-local variable reworking
-        https://bugs.webkit.org/show_bug.cgi?id=99896
-
-        Reviewed by Filip Pizlo.
-
-        The non0local variable reworking led to some of the optimisations performed by
-        the bytecode generator being dropped.  This in turn put more pressure on the DFG
-        optimisations.  This exposed a short coming in our double speculation propogation.
-        Now we try to distinguish between places where we should SpecDoubleReal vs generic
-        SpecDouble.
-
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (PredictionPropagationPhase):
-        (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
-        (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPredictions):
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2012-10-19  Michael Saboff  <msaboff@apple.com>
-
-        Lexer should create 8 bit Identifiers for RegularExpressions and ASCII identifiers
-        https://bugs.webkit.org/show_bug.cgi?id=99855
-
-        Reviewed by Filip Pizlo.
-
-        Added makeIdentifier helpers that will always make an 8 bit Identifier or make an
-        Identifier that is the same size as the template parameter.  Used the first in the fast
-        path when looking for a JS identifier and the second when scanning regular expressions.
-
-        * parser/Lexer.cpp:
-        (JSC::::scanRegExp):
-        * parser/Lexer.h:
-        (Lexer):
-        (JSC::::makeIdentifierSameType):
-        (JSC::::makeLCharIdentifier):
-        (JSC::::lexExpectIdentifier):
-
-2012-10-19  Mark Lam  <mark.lam@apple.com>
-
-        Added WTF::StackStats mechanism.
-        https://bugs.webkit.org/show_bug.cgi?id=99805.
-
-        Reviewed by Geoffrey Garen.
-
-        Added StackStats checkpoints and probes.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::emitNode):
-        (JSC::BytecodeGenerator::emitNodeInConditionContext):
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::append):
-        (JSC::visitChildren):
-        (JSC::SlotVisitor::donateKnownParallel):
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::drainFromShared):
-        (JSC::SlotVisitor::mergeOpaqueRoots):
-        (JSC::SlotVisitor::internalAppend):
-        (JSC::SlotVisitor::harvestWeakReferences):
-        (JSC::SlotVisitor::finalizeUnconditionalFinalizers):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        * parser/Parser.h:
-        (JSC::Parser::canRecurse):
-        * runtime/StringRecursionChecker.h:
-        (StringRecursionChecker):
-
-2012-10-19  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION(r131822): It made 500+ tests crash on 32 bit platforms
-        https://bugs.webkit.org/show_bug.cgi?id=99814
-
-        Reviewed by Filip Pizlo.
-
-        Call the correct macro in 32bit. 
-
-        * llint/LowLevelInterpreter.asm:
-
-2012-10-19  Dongwoo Joshua Im  <dw.im@samsung.com>
-
-        Rename ENABLE_CSS3_TEXT_DECORATION to ENABLE_CSS3_TEXT
-        https://bugs.webkit.org/show_bug.cgi?id=99804
-
-        Reviewed by Julien Chaffraix.
-
-        CSS3 text related properties will be implemented under this flag,
-        including text decoration, text-align-last, and text-justify.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-18  Anders Carlsson  <andersca@apple.com>
-
-        Clean up RegExpKey
-        https://bugs.webkit.org/show_bug.cgi?id=99798
-
-        Reviewed by Darin Adler.
-
-        RegExpHash doesn't need to be a class template specialization when the class template is specialized
-        for JSC::RegExpKey only. Make it a nested class of RegExp instead. Also, make operator== a friend function
-        so Hash::equal can see it.
-
-        * runtime/RegExpKey.h:
-        (JSC::RegExpKey::RegExpKey):
-        (JSC::RegExpKey::operator==):
-        (RegExpKey):
-        (JSC::RegExpKey::Hash::hash):
-        (JSC::RegExpKey::Hash::equal):
-        (Hash):
-
-2012-10-19  Mark Lam  <mark.lam@apple.com>
-
-        Bot greening: Follow up to r131877 to fix the Windows build.
-        https://bugs.webkit.org/show_bug.cgi?id=99739.
-
-        Not reviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-10-19  Mark Lam  <mark.lam@apple.com>
-
-        Bot greening: Attempt to fix broken Window build after r131836.
-        https://bugs.webkit.org/show_bug.cgi?id=99739.
-
-        Not reviewed.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Unreviewed fix after r131868.
-
-        On JSVALUE64 platforms, JSValue constants can be Imm64 instead of ImmPtr for JIT compilers.
-
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-
-2012-10-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Baseline array profiling should be less accurate, and DFG OSR exit should update array profiles on CheckArray and CheckStructure failure
-        https://bugs.webkit.org/show_bug.cgi?id=99261
-
-        Reviewed by Oliver Hunt.
-
-        This makes array profiling stochastic, like value profiling. The point is to avoid
-        noticing one-off indexing types that we'll never see again, but instead to:
-        
-        Notice the big ones: We want the DFG to compile based on the things that happen with
-        high probability. So, this change makes array profiling do like value profiling and
-        only notice a random subsampling of indexing types that flowed through an array
-        access. Prior to this patch array profiles noticed all indexing types and weighted
-        them identically.
-        
-        Bias the recent: Often an array access will see awkward indexing types during the
-        first handful of executions because of artifacts of program startup. So, we want to
-        bias towards the indexing types that we saw most recently. With this change, array
-        profiling does like value profiling and usually tells use a random sampling that
-        is biased to what happened recently.
-        
-        Have a backup plan: The above two things don't work by themselves because our
-        randomness is not that random (nor do we care enough to make it more random), and
-        because some procedures will have a <1/10 probability event that we must handle
-        without bailing because it dominates a hot loop. So, like value profiling, this
-        patch makes array profiling use OSR exits to tell us why we are bailing out, so
-        that we don't make the same mistake again in the future.
-        
-        This change also makes the way that the 32-bit OSR exit compiler snatches scratch
-        registers more uniform. We don't need a scratch buffer when we can push and pop.
-
-        * bytecode/DFGExitProfile.h:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitArrayProfilingSite):
-        * llint/LowLevelInterpreter.asm:
-
-2012-10-18  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        [Qt] REGRESSION(r131858): It broke the ARM build
-        https://bugs.webkit.org/show_bug.cgi?id=99809
-
-        Reviewed by Csaba Osztrogonác.
-
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-
-2012-10-18  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Refactor MacroAssembler interfaces to differentiate the pointer operands from the 64-bit integer operands
-        https://bugs.webkit.org/show_bug.cgi?id=99154
-
-        Reviewed by Gavin Barraclough.
-
-        In current JavaScriptCore implementation for JSVALUE64 platform (i.e.,
-        the X64 platform), we assume that the JSValue size is same to the
-        pointer size, and thus EncodedJSValue is simply type defined as a
-        "void*". In the JIT compiler, we also take this assumption and invoke
-        the same macro assembler interfaces for both JSValue and pointer
-        operands. We need to differentiate the operations on pointers from the
-        operations on JSValues, and let them invoking different macro
-        assembler interfaces. For example, we now use the interface of
-        "loadPtr" to load either a pointer or a JSValue, and we need to switch
-        to using "loadPtr" to load a pointer and some new "load64" interface
-        to load a JSValue. This would help us supporting other JSVALUE64
-        platforms where pointer size is not necessarily 64-bits, for example
-        x32 (bug #99153).
-
-        The major modification I made is to introduce the "*64" interfaces in
-        the MacroAssembler for those operations on JSValues, keep the "*Ptr"
-        interfaces for those operations on real pointers, and go through all
-        the JIT compiler code to correct the usage.
-
-        This is the second part of the work, i.e, to correct the usage of the
-        new MacroAssembler interfaces in the JIT compilers, which also means
-        that now EncodedJSValue is defined as a 64-bit integer, and the "*64"
-        interfaces are used for it.
-
-        * assembler/MacroAssembler.h: JSValue immediates should be in Imm64 instead of ImmPtr.
-        (MacroAssembler):
-        (JSC::MacroAssembler::shouldBlind):
-        * dfg/DFGAssemblyHelpers.cpp: Correct the JIT compilers usage of the new interfaces.
-        (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
-        (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
-        (JSC::DFG::AssemblyHelpers::branchIfNotCell):
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        (JSC::DFG::AssemblyHelpers::boxDouble):
-        (JSC::DFG::AssemblyHelpers::unboxDouble):
-        (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::tryBuildGetByIDList):
-        (JSC::DFG::emitPutReplaceStub):
-        (JSC::DFG::emitPutTransitionStub):
-        * dfg/DFGScratchRegisterAllocator.h:
-        (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
-        (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
-        * dfg/DFGSilentRegisterSavePlan.h:
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
-        (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
-        (JSC::DFG::SpeculativeJIT::compileInstanceOf):
-        (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
-        (JSC::DFG::SpeculativeJIT::silentSpill):
-        (JSC::DFG::SpeculativeJIT::silentFill):
-        (JSC::DFG::SpeculativeJIT::spill):
-        (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (JSC::DFG::SpeculativeJIT::branch64):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::fillDouble):
-        (JSC::DFG::SpeculativeJIT::fillJSValue):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
-        (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
-        (JSC::DFG::SpeculativeJIT::convertToDouble):
-        (JSC::DFG::SpeculativeJIT::compileObjectEquality):
-        (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
-        (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
-        (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
-        (JSC::DFG::SpeculativeJIT::compileLogicalNot):
-        (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
-        (JSC::DFG::SpeculativeJIT::emitBranch):
-        (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
-        (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
-        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
-        (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-        (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
-        (JSC::DFG::slowPathFor):
-        (JSC::DFG::virtualForThunkGenerator):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emit_op_negate):
-        (JSC::JIT::emitSlow_op_negate):
-        (JSC::JIT::emit_op_rshift):
-        (JSC::JIT::emitSlow_op_urshift):
-        (JSC::JIT::emit_compareAndJumpSlow):
-        (JSC::JIT::emit_op_bitand):
-        (JSC::JIT::compileBinaryArithOpSlowCase):
-        (JSC::JIT::emit_op_div):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        (JSC::JIT::compileCallEval):
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCall):
-        * jit/JITInlineMethods.h: Have some clean-up work as well.
-        (JSC):
-        (JSC::JIT::emitPutCellToCallFrameHeader):
-        (JSC::JIT::emitPutIntToCallFrameHeader):
-        (JSC::JIT::emitPutToCallFrameHeader):
-        (JSC::JIT::emitGetFromCallFrameHeader32):
-        (JSC::JIT::emitGetFromCallFrameHeader64):
-        (JSC::JIT::emitAllocateJSArray):
-        (JSC::JIT::emitValueProfilingSite):
-        (JSC::JIT::emitGetJITStubArg):
-        (JSC::JIT::emitGetVirtualRegister):
-        (JSC::JIT::emitPutVirtualRegister):
-        (JSC::JIT::emitInitRegister):
-        (JSC::JIT::emitJumpIfJSCell):
-        (JSC::JIT::emitJumpIfBothJSCells):
-        (JSC::JIT::emitJumpIfNotJSCell):
-        (JSC::JIT::emitLoadInt32ToDouble):
-        (JSC::JIT::emitJumpIfImmediateInteger):
-        (JSC::JIT::emitJumpIfNotImmediateInteger):
-        (JSC::JIT::emitJumpIfNotImmediateIntegers):
-        (JSC::JIT::emitFastArithReTagImmediate):
-        (JSC::JIT::emitFastArithIntToImmNoCheck):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_mov):
-        (JSC::JIT::emit_op_instanceof):
-        (JSC::JIT::emit_op_is_undefined):
-        (JSC::JIT::emit_op_is_boolean):
-        (JSC::JIT::emit_op_is_number):
-        (JSC::JIT::emit_op_tear_off_activation):
-        (JSC::JIT::emit_op_not):
-        (JSC::JIT::emit_op_jfalse):
-        (JSC::JIT::emit_op_jeq_null):
-        (JSC::JIT::emit_op_jneq_null):
-        (JSC::JIT::emit_op_jtrue):
-        (JSC::JIT::emit_op_bitxor):
-        (JSC::JIT::emit_op_bitor):
-        (JSC::JIT::emit_op_get_pnames):
-        (JSC::JIT::emit_op_next_pname):
-        (JSC::JIT::compileOpStrictEq):
-        (JSC::JIT::emit_op_catch):
-        (JSC::JIT::emit_op_throw_static_error):
-        (JSC::JIT::emit_op_eq_null):
-        (JSC::JIT::emit_op_neq_null):
-        (JSC::JIT::emit_op_create_activation):
-        (JSC::JIT::emit_op_create_arguments):
-        (JSC::JIT::emit_op_init_lazy_reg):
-        (JSC::JIT::emitSlow_op_convert_this):
-        (JSC::JIT::emitSlow_op_not):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC::JIT::emit_resolve_operations):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emitArrayStorageGetByVal):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::compileGetDirectOffset):
-        (JSC::JIT::emit_op_get_by_pname):
-        (JSC::JIT::emitContiguousPutByVal):
-        (JSC::JIT::emitArrayStoragePutByVal):
-        (JSC::JIT::compileGetByIdHotPath):
-        (JSC::JIT::emit_op_put_by_id):
-        (JSC::JIT::compilePutDirectOffset):
-        (JSC::JIT::emit_op_init_global_const):
-        (JSC::JIT::emit_op_init_global_const_check):
-        (JSC::JIT::emitIntTypedArrayGetByVal):
-        (JSC::JIT::emitFloatTypedArrayGetByVal):
-        (JSC::JIT::emitFloatTypedArrayPutByVal):
-        * jit/JITStubCall.h:
-        (JITStubCall):
-        (JSC::JITStubCall::JITStubCall):
-        (JSC::JITStubCall::addArgument):
-        (JSC::JITStubCall::call):
-        (JSC::JITStubCall::callWithValueProfiling):
-        * jit/JSInterfaceJIT.h:
-        (JSC::JSInterfaceJIT::emitJumpIfImmediateNumber):
-        (JSC::JSInterfaceJIT::emitJumpIfNotImmediateNumber):
-        (JSC::JSInterfaceJIT::emitLoadJSCell):
-        (JSC::JSInterfaceJIT::emitLoadInt32):
-        (JSC::JSInterfaceJIT::emitLoadDouble):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::returnDouble):
-        (JSC::SpecializedThunkJIT::tagReturnAsInt32):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/JSValue.h: Define JSVALUE64 EncodedJSValue as int64_t, which is also unified with JSVALUE32_64.
-        (JSC):
-        * runtime/JSValueInlineMethods.h: New implementation of some JSValue methods to make them more conformant
-        with the new rule that "JSValue is a 64-bit integer rather than a pointer" for JSVALUE64 platforms.
-        (JSC):
-        (JSC::JSValue::JSValue):
-        (JSC::JSValue::operator bool):
-        (JSC::JSValue::operator==):
-        (JSC::JSValue::operator!=):
-        (JSC::reinterpretDoubleToInt64):
-        (JSC::reinterpretInt64ToDouble):
-        (JSC::JSValue::asDouble):
-
-2012-10-18  Michael Saboff  <msaboff@apple.com>
-
-        convertUTF8ToUTF16() Should Check for ASCII Input
-        ihttps://bugs.webkit.org/show_bug.cgi?id=99739
-
-        Reviewed by Geoffrey Garen.
-
-        Using the updated convertUTF8ToUTF16() , we can determine if is makes more sense to 
-        create a string using the 8 bit source.  Added a new OpaqueJSString::create(LChar*, unsigned).
-        Had to add a cast n JSStringCreateWithCFString to differentiate which create() to call.
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithUTF8CString):
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-        * API/OpaqueJSString.h:
-        (OpaqueJSString::create):
-        (OpaqueJSString):
-        (OpaqueJSString::OpaqueJSString):
-
-2012-10-18  Oliver Hunt  <oliver@apple.com>
-
-        Unbreak jsc tests.  Last minute "clever"-ness is clearly just not
-        a good plan.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2012-10-18  Oliver Hunt  <oliver@apple.com>
-
-        Bytecode should not have responsibility for determining how to perform non-local resolves
-        https://bugs.webkit.org/show_bug.cgi?id=99349
-
-        Reviewed by Gavin Barraclough.
-
-        This patch removes lexical analysis from the bytecode generation.  This allows
-        us to delay lookup of a non-local variables until the lookup is actually necessary,
-        and simplifies a lot of the resolve logic in BytecodeGenerator.
-
-        Once a lookup is performed we cache the lookup information in a set of out-of-line
-        buffers in CodeBlock.  This allows subsequent lookups to avoid unnecessary hashing,
-        etc, and allows the respective JITs to recreated optimal lookup code.
-
-        This is currently still a performance regression in LLInt, but most of the remaining
-        regression is caused by a lot of indirection that I'll remove in future work, as well
-        as some work necessary to allow LLInt to perform in line instruction repatching.
-        We will also want to improve the behaviour of the baseline JIT for some of the lookup
-        operations, however this patch was getting quite large already so I'm landing it now
-        that we've reached the bar of "performance-neutral".
-
-        Basic browsing seems to work.
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::visitStructures):
-        (JSC):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addResolve):
-        (JSC::CodeBlock::addPutToBase):
-        (CodeBlock):
-        (JSC::CodeBlock::resolveOperations):
-        (JSC::CodeBlock::putToBaseOperation):
-        (JSC::CodeBlock::numberOfResolveOperations):
-        (JSC::CodeBlock::numberOfPutToBaseOperations):
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::globalObjectConstant):
-        (JSC::CodeBlock::setGlobalObjectConstant):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC::computeForStructure):
-        (JSC::ResolveGlobalStatus::computeFor):
-        * bytecode/ResolveGlobalStatus.h:
-        (JSC):
-        (ResolveGlobalStatus):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetLocalVar):
-        (JSC::BytecodeGenerator::emitInitGlobalConst):
-        (JSC::BytecodeGenerator::emitPutToBase):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::ResolveResult::registerResolve):
-        (JSC::ResolveResult::dynamicResolve):
-        (ResolveResult):
-        (JSC::ResolveResult::ResolveResult):
-        (JSC):
-        (NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::~NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::resolved):
-        (JSC::NonlocalResolveInfo::put):
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::getResolveOperations):
-        (JSC::BytecodeGenerator::getResolveWithThisOperations):
-        (JSC::BytecodeGenerator::getResolveBaseOperations):
-        (JSC::BytecodeGenerator::getResolveBaseForPutOperations):
-        (JSC::BytecodeGenerator::getResolveWithBaseForPutOperations):
-        (JSC::BytecodeGenerator::getPutToBaseOperation):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::isPure):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixNode::emitResolve):
-        (JSC::PrefixNode::emitResolve):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ForInNode::emitBytecode):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineResolveOperations):
-        (DFG):
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGGraph.h:
-        (ResolveGlobalData):
-        (ResolveOperationData):
-        (DFG):
-        (PutToBaseOperationData):
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::resolveOperationsDataIndex):
-        (Node):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::resolveOperations):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::putToBaseOperation):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC):
-        (JSC::JIT::emit_resolve_operations):
-        (JSC::JIT::emitSlow_link_resolve_operations):
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emitSlow_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emitSlow_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emitSlow_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_put_to_base):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_init_global_const):
-        (JSC::JIT::emit_op_init_global_const_check):
-        (JSC::JIT::emitSlow_op_init_global_const_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_init_global_const):
-        (JSC::JIT::emit_op_init_global_const_check):
-        (JSC::JIT::emitSlow_op_init_global_const_check):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSScope.cpp:
-        (JSC::LookupResult::base):
-        (JSC::LookupResult::value):
-        (JSC::LookupResult::setBase):
-        (JSC::LookupResult::setValue):
-        (LookupResult):
-        (JSC):
-        (JSC::setPutPropertyAccessOffset):
-        (JSC::executeResolveOperations):
-        (JSC::JSScope::resolveContainingScopeInternal):
-        (JSC::JSScope::resolveContainingScope):
-        (JSC::JSScope::resolve):
-        (JSC::JSScope::resolveBase):
-        (JSC::JSScope::resolveWithBase):
-        (JSC::JSScope::resolveWithThis):
-        (JSC::JSScope::resolvePut):
-        (JSC::JSScope::resolveGlobal):
-        * runtime/JSScope.h:
-        (JSScope):
-        * runtime/JSVariableObject.cpp:
-        (JSC):
-        * runtime/JSVariableObject.h:
-        (JSVariableObject):
-        * runtime/Structure.h:
-        (JSC::Structure::propertyAccessesAreCacheable):
-        (Structure):
-
-2012-10-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Live oversize copied blocks should count toward overall heap fragmentation
-        https://bugs.webkit.org/show_bug.cgi?id=99548
-
-        Reviewed by Filip Pizlo.
-
-        The CopiedSpace uses overall heap fragmentation to determine whether or not it should do any copying. 
-        Currently it doesn't include live oversize CopiedBlocks in the calculation, but it should. We should 
-        treat them as 100% utilized, since running a copying phase won't be able to free/compact any of their 
-        memory. We can also free any dead oversize CopiedBlocks while we're iterating over them, rather than 
-        iterating over them again at the end of the copying phase.
-
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::doneFillingBlock):
-        (JSC::CopiedSpace::startedCopying):
-        (JSC::CopiedSpace::doneCopying): Also removed a branch when iterating over from-space at the end of 
-        copying. Since we eagerly recycle blocks as soon as they're fully evacuated, we should see no
-        unpinned blocks in from-space at the end of copying.
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::recycleBorrowedBlock):
-        * heap/CopyVisitorInlineMethods.h:
-        (JSC::CopyVisitor::checkIfShouldCopy):
-
-2012-10-18  Roger Fong  <roger_fong@apple.com>
-
-        Unreviewed. Build fix after r131701 and r131777.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-10-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Race condition between GCThread and main thread during copying phase
-        https://bugs.webkit.org/show_bug.cgi?id=99641
-
-        Reviewed by Filip Pizlo.
-
-        When a GCThread returns from copyFromShared(), it then calls doneCopying(), which returns 
-        its borrowed CopiedBlock to the CopiedSpace. This final block allows the CopiedSpace to 
-        continue and finish the cleanup of the copying phase. However, the GCThread can loop back 
-        around, see that m_currentPhase is still "Copy", and try to go through the copying phase again. 
-        This can cause all sorts of issues. To fix this, we should add a cyclic barrier to GCThread::waitForNextPhase().
-
-        * heap/GCThread.cpp:
-        (JSC::GCThread::waitForNextPhase): All GCThreads will wait when they finish one iteration until the main thread 
-        notifies them to move down to the second while loop, where they wait for the next GCPhase to start. They also 
-        decrement the m_numberOfActiveGCThreads counter as they begin to wait for the next phase and increment it as 
-        they enter the next phase. This allows the main thread to wait in endCurrentPhase() until all the threads have 
-        finished the current phase and are waiting on the next phase to begin. Without the counter, there would be 
-        no way to ensure that every thread was available for each GCPhase.
-        (JSC::GCThread::gcThreadMain): We now use the m_phaseLock to synchronize with the main thread when we're being created.
-        * heap/GCThreadSharedData.cpp:
-        (JSC::GCThreadSharedData::GCThreadSharedData): As we create each GCThread, we increment the m_numberOfActiveGCThreads
-        counter. When we are done creating the threads, we wait until they're all waiting for the next GCPhase. This prevents 
-        us from leaving some GCThreads behind during the first GCPhase, which could hurt us on our very short-running 
-        benchmarks (e.g. SunSpider).
-        (JSC::GCThreadSharedData::~GCThreadSharedData):
-        (JSC::GCThreadSharedData::startNextPhase): We atomically swap the two flags, m_gcThreadsShouldWait and m_currentPhase, 
-        so that if the threads finish very quickly, they will wait until the main thread is ready to end the current phase.
-        (JSC::GCThreadSharedData::endCurrentPhase): Here atomically we swap the two flags again to allow the threads to 
-        advance to waiting on the next GCPhase. We wait until all of the GCThreads have settled into the second wait loop
-        before allowing the main thread to continue. This prevents us from leaving one of the GCThreads stuck in the first 
-        wait loop if we were to call startNextPhase() before it had time to wake up and move on to the second wait loop.
-        (JSC):
-        (JSC::GCThreadSharedData::didStartMarking): We now use startNextPhase() to properly swap the flags.
-        (JSC::GCThreadSharedData::didFinishMarking): Ditto for endCurrentPhase().
-        (JSC::GCThreadSharedData::didStartCopying): Ditto.
-        (JSC::GCThreadSharedData::didFinishCopying): Ditto.
-        * heap/GCThreadSharedData.h:
-        (GCThreadSharedData):
-        * heap/Heap.cpp: 
-        (JSC::Heap::copyBackingStores): No reason to use the extra reference.
-
-2012-10-18  Pablo Flouret  <pablof@motorola.com>
-
-        Implement css3-conditional's @supports rule
-        https://bugs.webkit.org/show_bug.cgi?id=86146
-
-        Reviewed by Antti Koivisto.
-
-        * Configurations/FeatureDefines.xcconfig:
-            Add an ENABLE_CSS3_CONDITIONAL_RULES flag.
-
-2012-10-18  Michael Saboff  <msaboff@apple.com>
-
-        Make conversion between JSStringRef and WKStringRef work without character size conversions
-        https://bugs.webkit.org/show_bug.cgi?id=99727
-
-        Reviewed by Anders Carlsson.
-
-        Export the string() method for use in WebKit.
-
-        * API/OpaqueJSString.h:
-        (OpaqueJSString::string):
-
-2012-10-18  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>
-
-        [CMake] Avoid unnecessarily running the LLInt generation commands.
-        https://bugs.webkit.org/show_bug.cgi?id=99708
-
-        Reviewed by Rob Buis.
-
-        As described in the comments in the change itself, in some cases
-        the Ruby generation scripts used when LLInt is on would each be
-        run twice in every build even if nothing had changed.
-
-        Fix that by not setting the OBJECT_DEPENDS property of some source
-        files to depend on the generated headers; instead, they are now
-        just part of the final binaries/libraries which use them.
-
-        * CMakeLists.txt:
-
-2012-10-17  Zoltan Horvath  <zoltan@webkit.org>
-
-        Remove the JSHeap memory measurement of the PageLoad performacetests since it creates bogus JSGlobalDatas
-        https://bugs.webkit.org/show_bug.cgi?id=99609 
-
-        Reviewed by Ryosuke Niwa.
-
-        Remove the implementation since it creates bogus JSGlobalDatas in the layout tests.
-
-        * heap/HeapStatistics.cpp:
-        (JSC):
-        * heap/HeapStatistics.h:
-        (HeapStatistics):
-
-2012-10-17  Sam Weinig  <sam@webkit.org>
-
-        Attempt to fix the build.
-
-        * bytecode/GlobalResolveInfo.h: Copied from bytecode/GlobalResolveInfo.h.
-
-2012-10-17  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION (r130826 or r130828): Twitter top bar is dysfunctional
-        https://bugs.webkit.org/show_bug.cgi?id=99577
-        <rdar://problem/12518883>
-
-        Reviewed by Mark Hahnenberg.
-
-        It turns out that it's a good idea to maintain the invariants of your object model, such as that
-        elements past publicLength should have the hole value.
-
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-17  Anders Carlsson  <andersca@apple.com>
-
-        Clean up Vector.h
-        https://bugs.webkit.org/show_bug.cgi?id=99622
-
-        Reviewed by Benjamin Poulain.
-
-        Fix fallout from removing std::max and std::min using declarations.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstrings):
-        (JSC::jsSpliceSubstringsWithSeparators):
-        (JSC::stringProtoFuncIndexOf):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets):
-
-2012-10-17  Oliver Hunt  <oliver@apple.com>
-
-        Committing new files is so overrated.
-
-        * bytecode/ResolveOperation.h: Added.
-        (JSC):
-        (JSC::ResolveOperation::getAndReturnScopedVar):
-        (JSC::ResolveOperation::checkForDynamicEntriesBeforeGlobalScope):
-        (ResolveOperation):
-        (JSC::ResolveOperation::getAndReturnGlobalVar):
-        (JSC::ResolveOperation::getAndReturnGlobalProperty):
-        (JSC::ResolveOperation::resolveFail):
-        (JSC::ResolveOperation::skipTopScopeNode):
-        (JSC::ResolveOperation::skipScopes):
-        (JSC::ResolveOperation::returnGlobalObjectAsBase):
-        (JSC::ResolveOperation::setBaseToGlobal):
-        (JSC::ResolveOperation::setBaseToUndefined):
-        (JSC::ResolveOperation::setBaseToScope):
-        (JSC::ResolveOperation::returnScopeAsBase):
-        (JSC::PutToBaseOperation::PutToBaseOperation):
-
-2012-10-17  Michael Saboff  <msaboff@apple.com>
-
-        StringPrototype::jsSpliceSubstringsWithSeparators() doesn't optimally handle 8 bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=99230
-
-        Reviewed by Geoffrey Garen.
-
-        Added code to select characters8() or characters16() on the not all 8 bit path for both the 
-        processing of the source and the separators.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::jsSpliceSubstringsWithSeparators):
-
-2012-10-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Array and object allocations via 'new Object' or 'new Array' should be inlined in bytecode to allow allocation site profiling
-        https://bugs.webkit.org/show_bug.cgi?id=99557
-
-        Reviewed by Geoffrey Garen.
-
-        Removed an inaccurate and misleading comment as per Geoff's review. (I forgot
-        to make this change as part of http://trac.webkit.org/changeset/131644).
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::FunctionCallResolveNode::emitBytecode):
-
-2012-10-17  Oliver Hunt  <oliver@apple.com>
-
-        Bytecode should not have responsibility for determining how to perform non-local resolves
-        https://bugs.webkit.org/show_bug.cgi?id=99349
-
-        Reviewed by Gavin Barraclough.
-
-        This patch removes lexical analysis from the bytecode generation.  This allows
-        us to delay lookup of a non-local variables until the lookup is actually necessary,
-        and simplifies a lot of the resolve logic in BytecodeGenerator.
-
-        Once a lookup is performed we cache the lookup information in a set of out-of-line
-        buffers in CodeBlock.  This allows subsequent lookups to avoid unnecessary hashing,
-        etc, and allows the respective JITs to recreated optimal lookup code.
-
-        This is currently still a performance regression in LLInt, but most of the remaining
-        regression is caused by a lot of indirection that I'll remove in future work, as well
-        as some work necessary to allow LLInt to perform in line instruction repatching.
-        We will also want to improve the behaviour of the baseline JIT for some of the lookup
-        operations, however this patch was getting quite large already so I'm landing it now
-        that we've reached the bar of "performance-neutral".
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::visitStructures):
-        (JSC):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addResolve):
-        (JSC::CodeBlock::addPutToBase):
-        (CodeBlock):
-        (JSC::CodeBlock::resolveOperations):
-        (JSC::CodeBlock::putToBaseOperation):
-        (JSC::CodeBlock::numberOfResolveOperations):
-        (JSC::CodeBlock::numberOfPutToBaseOperations):
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::globalObjectConstant):
-        (JSC::CodeBlock::setGlobalObjectConstant):
-        * bytecode/GlobalResolveInfo.h: Removed.
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC::computeForStructure):
-        (JSC::ResolveGlobalStatus::computeFor):
-        * bytecode/ResolveGlobalStatus.h:
-        (JSC):
-        (ResolveGlobalStatus):
-        * bytecode/ResolveOperation.h: Added.
-          The new types and logic we use to perform the cached lookups.
-        (JSC):
-        (ResolveOperation):
-        (JSC::ResolveOperation::getAndReturnScopedVar):
-        (JSC::ResolveOperation::checkForDynamicEntriesBeforeGlobalScope):
-        (JSC::ResolveOperation::getAndReturnGlobalVar):
-        (JSC::ResolveOperation::getAndReturnGlobalProperty):
-        (JSC::ResolveOperation::resolveFail):
-        (JSC::ResolveOperation::skipTopScopeNode):
-        (JSC::ResolveOperation::skipScopes):
-        (JSC::ResolveOperation::returnGlobalObjectAsBase):
-        (JSC::ResolveOperation::setBaseToGlobal):
-        (JSC::ResolveOperation::setBaseToUndefined):
-        (JSC::ResolveOperation::setBaseToScope):
-        (JSC::ResolveOperation::returnScopeAsBase):
-        (JSC::PutToBaseOperation::PutToBaseOperation):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetLocalVar):
-        (JSC::BytecodeGenerator::emitInitGlobalConst):
-        (JSC::BytecodeGenerator::emitPutToBase):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::ResolveResult::registerResolve):
-        (JSC::ResolveResult::dynamicResolve):
-        (ResolveResult):
-        (JSC::ResolveResult::ResolveResult):
-        (JSC):
-        (NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::~NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::resolved):
-        (JSC::NonlocalResolveInfo::put):
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::getResolveOperations):
-        (JSC::BytecodeGenerator::getResolveWithThisOperations):
-        (JSC::BytecodeGenerator::getResolveBaseOperations):
-        (JSC::BytecodeGenerator::getResolveBaseForPutOperations):
-        (JSC::BytecodeGenerator::getResolveWithBaseForPutOperations):
-        (JSC::BytecodeGenerator::getPutToBaseOperation):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::isPure):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixNode::emitResolve):
-        (JSC::PrefixNode::emitResolve):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ForInNode::emitBytecode):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileResolveOperations):
-        (DFG):
-        (JSC::DFG::canCompilePutToBaseOperation):
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGGraph.h:
-        (ResolveGlobalData):
-        (ResolveOperationData):
-        (DFG):
-        (PutToBaseOperationData):
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::resolveOperationsDataIndex):
-        (Node):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::resolveOperations):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::putToBaseOperation):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC):
-        (JSC::JIT::emit_resolve_operations):
-        (JSC::JIT::emitSlow_link_resolve_operations):
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emitSlow_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emitSlow_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emitSlow_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_put_to_base):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_init_global_const):
-        (JSC::JIT::emit_op_init_global_const_check):
-        (JSC::JIT::emitSlow_op_init_global_const_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_init_global_const):
-        (JSC::JIT::emit_op_init_global_const_check):
-        (JSC::JIT::emitSlow_op_init_global_const_check):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSScope.cpp:
-        (JSC::LookupResult::base):
-        (JSC::LookupResult::value):
-        (JSC::LookupResult::setBase):
-        (JSC::LookupResult::setValue):
-        (LookupResult):
-        (JSC):
-        (JSC::setPutPropertyAccessOffset):
-        (JSC::executeResolveOperations):
-        (JSC::JSScope::resolveContainingScopeInternal):
-        (JSC::JSScope::resolveContainingScope):
-        (JSC::JSScope::resolve):
-        (JSC::JSScope::resolveBase):
-        (JSC::JSScope::resolveWithBase):
-        (JSC::JSScope::resolveWithThis):
-        (JSC::JSScope::resolvePut):
-        (JSC::JSScope::resolveGlobal):
-        * runtime/JSScope.h:
-        (JSScope):
-        * runtime/JSVariableObject.cpp:
-        (JSC):
-        * runtime/JSVariableObject.h:
-        (JSVariableObject):
-        * runtime/Structure.h:
-        (JSC::Structure::propertyAccessesAreCacheable):
-        (Structure):
-
-2012-10-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Array and object allocations via 'new Object' or 'new Array' should be inlined in bytecode to allow allocation site profiling
-        https://bugs.webkit.org/show_bug.cgi?id=99557
-
-        Reviewed by Geoffrey Garen.
-
-        This uses the old jneq_ptr trick to allow for the bytecode to "see" that the
-        operation in question is what we almost certainly know it to be.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/SpecialPointer.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitCallEval):
-        (JSC::BytecodeGenerator::expectedFunctionForIdentifier):
-        (JSC):
-        (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::NewExprNode::emitBytecode):
-        (JSC::FunctionCallValueNode::emitBytecode):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::FunctionCallBracketNode::emitBytecode):
-        (JSC::FunctionCallDotNode::emitBytecode):
-        (JSC::CallFunctionCallDotNode::emitBytecode):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array_with_size):
-        (JSC):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (LLInt):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * runtime/ArrayConstructor.cpp:
-        (JSC::constructArrayWithSizeQuirk):
-        (JSC):
-        * runtime/ArrayConstructor.h:
-        (JSC):
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-
-2012-10-17  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT op_get_by_pname should call cti_get_by_val_generic and not cti_get_by_val
-        https://bugs.webkit.org/show_bug.cgi?id=99631
-        <rdar://problem/12483221>
-
-        Reviewed by Mark Hahnenberg.
-
-        cti_get_by_val assumes that the return address has patching metadata associated with it, which won't
-        be true for op_get_by_pname. cti_get_by_val_generic makes no such assumptions.
-
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emitSlow_op_get_by_pname):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emitSlow_op_get_by_pname):
-
-2012-10-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Block freeing thread should sleep indefinitely when there's no work to do
-        https://bugs.webkit.org/show_bug.cgi?id=98084
-
-        Reviewed by Geoffrey Garen.
-
-        r130212 didn't fully fix the problem.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::blockFreeingThreadMain): We would just continue to the next iteration if 
-        we found that we had zero blocks to copy. We should move the indefinite wait up to where that 
-        check is done so that we properly detect the "no more blocks to copy, wait for more" condition.
-
-2012-10-16  Csaba Osztrogonác  <ossy@webkit.org>
-
-        Unreviewed, rolling out r131516 and r131550.
-        http://trac.webkit.org/changeset/131516
-        http://trac.webkit.org/changeset/131550
-        https://bugs.webkit.org/show_bug.cgi?id=99349
-
-        It caused zillion different problem on different platforms
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC):
-        (JSC::isGlobalResolve):
-        (JSC::instructionOffsetForNth):
-        (JSC::printGlobalResolveInfo):
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::visitStructures):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
-        (JSC::CodeBlock::globalResolveInfoForBytecodeOffset):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::addGlobalResolveInstruction):
-        (JSC::CodeBlock::addGlobalResolveInfo):
-        (JSC::CodeBlock::globalResolveInfo):
-        (JSC::CodeBlock::numberOfGlobalResolveInfos):
-        (JSC::CodeBlock::globalResolveInfoCount):
-        * bytecode/GlobalResolveInfo.h: Copied from Source/JavaScriptCore/bytecode/ResolveGlobalStatus.cpp.
-        (JSC):
-        (JSC::GlobalResolveInfo::GlobalResolveInfo):
-        (GlobalResolveInfo):
-        (JSC::getGlobalResolveInfoBytecodeOffset):
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC):
-        (JSC::computeForStructure):
-        (JSC::computeForLLInt):
-        (JSC::ResolveGlobalStatus::computeFor):
-        * bytecode/ResolveGlobalStatus.h:
-        (JSC):
-        (ResolveGlobalStatus):
-        * bytecode/ResolveOperation.h: Removed.
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC::ResolveResult::registerPointer):
-        (JSC):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetStaticVar):
-        (JSC::BytecodeGenerator::emitInitGlobalConst):
-        (JSC::BytecodeGenerator::emitPutStaticVar):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::ResolveResult::registerResolve):
-        (JSC::ResolveResult::dynamicResolve):
-        (JSC::ResolveResult::lexicalResolve):
-        (JSC::ResolveResult::indexedGlobalResolve):
-        (JSC::ResolveResult::dynamicIndexedGlobalResolve):
-        (JSC::ResolveResult::globalResolve):
-        (JSC::ResolveResult::dynamicGlobalResolve):
-        (JSC::ResolveResult::type):
-        (JSC::ResolveResult::index):
-        (JSC::ResolveResult::depth):
-        (JSC::ResolveResult::globalObject):
-        (ResolveResult):
-        (JSC::ResolveResult::isStatic):
-        (JSC::ResolveResult::isIndexed):
-        (JSC::ResolveResult::isScoped):
-        (JSC::ResolveResult::isGlobal):
-        (JSC::ResolveResult::ResolveResult):
-        (BytecodeGenerator):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::isPure):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixNode::emitResolve):
-        (JSC::PrefixNode::emitResolve):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ForInNode::emitBytecode):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGGraph.h:
-        (ResolveGlobalData):
-        (DFG):
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        (JSC):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        (JSC::JIT::emit_op_get_global_var_watchable):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve):
-        (JSC):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emit_op_resolve_global_dynamic):
-        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve):
-        (JSC):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_skip):
-        (JSC::JIT::emit_op_resolve_global):
-        (JSC::JIT::emitSlow_op_resolve_global):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_put_global_var_check):
-        (JSC::JIT::emitSlow_op_put_global_var_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC):
-        (JSC::JIT::emit_op_put_scoped_var):
-        (JSC::JIT::emit_op_get_global_var):
-        (JSC::JIT::emit_op_put_global_var):
-        (JSC::JIT::emit_op_put_global_var_check):
-        (JSC::JIT::emitSlow_op_put_global_var_check):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSScope.cpp:
-        (JSC::JSScope::resolve):
-        (JSC::JSScope::resolveSkip):
-        (JSC::JSScope::resolveGlobal):
-        (JSC::JSScope::resolveGlobalDynamic):
-        (JSC::JSScope::resolveBase):
-        (JSC::JSScope::resolveWithBase):
-        (JSC::JSScope::resolveWithThis):
-        * runtime/JSScope.h:
-        (JSScope):
-        * runtime/JSVariableObject.cpp:
-        * runtime/JSVariableObject.h:
-        * runtime/Structure.h:
-
-2012-10-16  Dongwoo Joshua Im  <dw.im@samsung.com>
-
-        [GTK] Fix build break - ResolveOperations.h is not in WebKit.
-        https://bugs.webkit.org/show_bug.cgi?id=99538
-
-        Unreviewed build fix.
-
-        There are some files including ResolveOperations.h which is not exist at all.
-
-        * GNUmakefile.list.am: s/ResolveOperations.h/ResolveOperation.h/
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: s/ResolveOperations.h/ResolveOperation.h/
-
-2012-10-16  Jian Li  <jianli@chromium.org>
-
-        Rename feature define ENABLE_WIDGET_REGION to ENABLE_DRAGGBALE_REGION
-        https://bugs.webkit.org/show_bug.cgi?id=98975
-
-        Reviewed by Adam Barth.
-
-        Renaming is needed to better match with the draggable region code. 
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-15  Oliver Hunt  <oliver@apple.com>
-
-        Bytecode should not have responsibility for determining how to perform non-local resolves
-        https://bugs.webkit.org/show_bug.cgi?id=99349
-
-        Reviewed by Gavin Barraclough.
-
-        This patch removes lexical analysis from the bytecode generation.  This allows
-        us to delay lookup of a non-local variables until the lookup is actually necessary,
-        and simplifies a lot of the resolve logic in BytecodeGenerator.
-
-        Once a lookup is performed we cache the lookup information in a set of out-of-line
-        buffers in CodeBlock.  This allows subsequent lookups to avoid unnecessary hashing,
-        etc, and allows the respective JITs to recreated optimal lookup code.
-
-        This is currently still a performance regression in LLInt, but most of the remaining
-        regression is caused by a lot of indirection that I'll remove in future work, as well
-        as some work necessary to allow LLInt to perform in line instruction repatching.
-        We will also want to improve the behaviour of the baseline JIT for some of the lookup
-        operations, however this patch was getting quite large already so I'm landing it now
-        that we've reached the bar of "performance-neutral".
-
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::printStructures):
-        (JSC::CodeBlock::dump):
-        (JSC::CodeBlock::CodeBlock):
-        (JSC::CodeBlock::visitStructures):
-        (JSC):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addResolve):
-        (JSC::CodeBlock::addPutToBase):
-        (CodeBlock):
-        (JSC::CodeBlock::resolveOperations):
-        (JSC::CodeBlock::putToBaseOperation):
-        (JSC::CodeBlock::numberOfResolveOperations):
-        (JSC::CodeBlock::numberOfPutToBaseOperations):
-        (JSC::CodeBlock::addPropertyAccessInstruction):
-        (JSC::CodeBlock::globalObjectConstant):
-        (JSC::CodeBlock::setGlobalObjectConstant):
-        * bytecode/GlobalResolveInfo.h: Removed.
-        * bytecode/Opcode.h:
-        (JSC):
-        (JSC::padOpcodeName):
-        * bytecode/ResolveGlobalStatus.cpp:
-        (JSC::computeForStructure):
-        (JSC::ResolveGlobalStatus::computeFor):
-        * bytecode/ResolveGlobalStatus.h:
-        (JSC):
-        (ResolveGlobalStatus):
-        * bytecode/ResolveOperation.h: Added.
-          The new types and logic we use to perform the cached lookups.
-        (JSC):
-        (ResolveOperation):
-        (JSC::ResolveOperation::getAndReturnScopedVar):
-        (JSC::ResolveOperation::checkForDynamicEntriesBeforeGlobalScope):
-        (JSC::ResolveOperation::getAndReturnGlobalVar):
-        (JSC::ResolveOperation::getAndReturnGlobalProperty):
-        (JSC::ResolveOperation::resolveFail):
-        (JSC::ResolveOperation::skipTopScopeNode):
-        (JSC::ResolveOperation::skipScopes):
-        (JSC::ResolveOperation::returnGlobalObjectAsBase):
-        (JSC::ResolveOperation::setBaseToGlobal):
-        (JSC::ResolveOperation::setBaseToUndefined):
-        (JSC::ResolveOperation::setBaseToScope):
-        (JSC::ResolveOperation::returnScopeAsBase):
-        (JSC::PutToBaseOperation::PutToBaseOperation):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::ResolveResult::checkValidity):
-        (JSC):
-        (JSC::BytecodeGenerator::BytecodeGenerator):
-        (JSC::BytecodeGenerator::resolve):
-        (JSC::BytecodeGenerator::resolveConstDecl):
-        (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveBase):
-        (JSC::BytecodeGenerator::emitResolveBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
-        (JSC::BytecodeGenerator::emitResolveWithThis):
-        (JSC::BytecodeGenerator::emitGetLocalVar):
-        (JSC::BytecodeGenerator::emitInitGlobalConst):
-        (JSC::BytecodeGenerator::emitPutToBase):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::ResolveResult::registerResolve):
-        (JSC::ResolveResult::dynamicResolve):
-        (ResolveResult):
-        (JSC::ResolveResult::ResolveResult):
-        (JSC):
-        (NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::~NonlocalResolveInfo):
-        (JSC::NonlocalResolveInfo::resolved):
-        (JSC::NonlocalResolveInfo::put):
-        (BytecodeGenerator):
-        (JSC::BytecodeGenerator::getResolveOperations):
-        (JSC::BytecodeGenerator::getResolveWithThisOperations):
-        (JSC::BytecodeGenerator::getResolveBaseOperations):
-        (JSC::BytecodeGenerator::getResolveBaseForPutOperations):
-        (JSC::BytecodeGenerator::getResolveWithBaseForPutOperations):
-        (JSC::BytecodeGenerator::getPutToBaseOperation):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ResolveNode::isPure):
-        (JSC::FunctionCallResolveNode::emitBytecode):
-        (JSC::PostfixNode::emitResolve):
-        (JSC::PrefixNode::emitResolve):
-        (JSC::ReadModifyResolveNode::emitBytecode):
-        (JSC::AssignResolveNode::emitBytecode):
-        (JSC::ConstDeclNode::emitCodeSingle):
-        (JSC::ForInNode::emitBytecode):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ByteCodeParser):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::handleGetByOffset):
-        (DFG):
-        (JSC::DFG::ByteCodeParser::parseResolveOperations):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canCompileResolveOperations):
-        (DFG):
-        (JSC::DFG::canCompilePutToBaseOperation):
-        (JSC::DFG::canCompileOpcode):
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGGraph.h:
-        (ResolveGlobalData):
-        (ResolveOperationData):
-        (DFG):
-        (PutToBaseOperationData):
-        (Graph):
-        * dfg/DFGNode.h:
-        (JSC::DFG::Node::hasIdentifier):
-        (JSC::DFG::Node::resolveOperationsDataIndex):
-        (Node):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGOSRExitCompiler.cpp:
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::resolveOperations):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::putToBaseOperation):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        (JSC::JIT::privateCompileSlowCases):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC):
-        (JSC::JIT::emit_resolve_operations):
-        (JSC::JIT::emitSlow_link_resolve_operations):
-        (JSC::JIT::emit_op_resolve):
-        (JSC::JIT::emitSlow_op_resolve):
-        (JSC::JIT::emit_op_resolve_base):
-        (JSC::JIT::emitSlow_op_resolve_base):
-        (JSC::JIT::emit_op_resolve_with_base):
-        (JSC::JIT::emitSlow_op_resolve_with_base):
-        (JSC::JIT::emit_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_resolve_with_this):
-        (JSC::JIT::emitSlow_op_put_to_base):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_put_to_base):
-        (JSC):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_init_global_const):
-        (JSC::JIT::emit_op_init_global_const_check):
-        (JSC::JIT::emitSlow_op_init_global_const_check):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_init_global_const):
-        (JSC::JIT::emit_op_init_global_const_check):
-        (JSC::JIT::emitSlow_op_init_global_const_check):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC):
-        * jit/JITStubs.h:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/JSScope.cpp:
-        (JSC::LookupResult::base):
-        (JSC::LookupResult::value):
-        (JSC::LookupResult::setBase):
-        (JSC::LookupResult::setValue):
-        (LookupResult):
-        (JSC):
-        (JSC::setPutPropertyAccessOffset):
-        (JSC::executeResolveOperations):
-        (JSC::JSScope::resolveContainingScopeInternal):
-        (JSC::JSScope::resolveContainingScope):
-        (JSC::JSScope::resolve):
-        (JSC::JSScope::resolveBase):
-        (JSC::JSScope::resolveWithBase):
-        (JSC::JSScope::resolveWithThis):
-        (JSC::JSScope::resolvePut):
-        (JSC::JSScope::resolveGlobal):
-        * runtime/JSScope.h:
-        (JSScope):
-        * runtime/JSVariableObject.cpp:
-        (JSC):
-        * runtime/JSVariableObject.h:
-        (JSVariableObject):
-        * runtime/Structure.h:
-        (JSC::Structure::propertyAccessesAreCacheable):
-        (Structure):
-
-2012-10-16  Filip Pizlo  <fpizlo@apple.com>
-
-        Accidental switch fall-through in DFG::FixupPhase
-        https://bugs.webkit.org/show_bug.cgi?id=96956
-        <rdar://problem/12313242>
-
-        Reviewed by Mark Hahnenberg.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-
-2012-10-16  Filip Pizlo  <fpizlo@apple.com>
-
-        GetScopedVar CSE matches dead GetScopedVar's leading to IR corruption
-        https://bugs.webkit.org/show_bug.cgi?id=99470
-        <rdar://problem/12363698>
-
-        Reviewed by Mark Hahnenberg.
-
-        All it takes is to follow the "if (!shouldGenerate) continue" idiom and everything will be OK.
-
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::globalVarLoadElimination):
-        (JSC::DFG::CSEPhase::scopedVarLoadElimination):
-        (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::checkStructureElimination):
-        (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
-        (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
-
-2012-10-16  Dima Gorbik  <dgorbik@apple.com>
-
-        Remove Platform.h include from the header files.
-        https://bugs.webkit.org/show_bug.cgi?id=98665
-
-        Reviewed by Eric Seidel.
-
-        We don't want other clients that include WebKit headers to know about Platform.h.
-
-        * API/tests/minidom.c:
-        * API/tests/testapi.c:
-
-2012-10-16  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        Add missing MIPS functions to assembler.
-        https://bugs.webkit.org/show_bug.cgi?id=98856
-
-        Reviewed by Oliver Hunt.
-
-        Implement missing functions in MacroAssemblerMIPS and MIPSAssembler.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::lb):
-        (MIPSAssembler):
-        (JSC::MIPSAssembler::lh):
-        (JSC::MIPSAssembler::cvtds):
-        (JSC::MIPSAssembler::cvtsd):
-        (JSC::MIPSAssembler::vmov):
-        * assembler/MacroAssemblerMIPS.h:
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::load8Signed):
-        (JSC::MacroAssemblerMIPS::load16Signed):
-        (JSC::MacroAssemblerMIPS::moveDoubleToInts):
-        (JSC::MacroAssemblerMIPS::moveIntsToDouble):
-        (JSC::MacroAssemblerMIPS::loadFloat):
-        (JSC::MacroAssemblerMIPS::loadDouble):
-        (JSC::MacroAssemblerMIPS::storeFloat):
-        (JSC::MacroAssemblerMIPS::storeDouble):
-        (JSC::MacroAssemblerMIPS::addDouble):
-        (JSC::MacroAssemblerMIPS::convertFloatToDouble):
-        (JSC::MacroAssemblerMIPS::convertDoubleToFloat):
-
-2012-10-16  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        MIPS assembler coding-style fix.
-        https://bugs.webkit.org/show_bug.cgi?id=99359
-
-        Reviewed by Oliver Hunt.
-
-        Coding style fix of existing MIPS assembler header files.
-
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::addiu):
-        (JSC::MIPSAssembler::addu):
-        (JSC::MIPSAssembler::subu):
-        (JSC::MIPSAssembler::mul):
-        (JSC::MIPSAssembler::andInsn):
-        (JSC::MIPSAssembler::andi):
-        (JSC::MIPSAssembler::nor):
-        (JSC::MIPSAssembler::orInsn):
-        (JSC::MIPSAssembler::ori):
-        (JSC::MIPSAssembler::xorInsn):
-        (JSC::MIPSAssembler::xori):
-        (JSC::MIPSAssembler::slt):
-        (JSC::MIPSAssembler::sltu):
-        (JSC::MIPSAssembler::sltiu):
-        (JSC::MIPSAssembler::sll):
-        (JSC::MIPSAssembler::sllv):
-        (JSC::MIPSAssembler::sra):
-        (JSC::MIPSAssembler::srav):
-        (JSC::MIPSAssembler::srl):
-        (JSC::MIPSAssembler::srlv):
-        (JSC::MIPSAssembler::lbu):
-        (JSC::MIPSAssembler::lw):
-        (JSC::MIPSAssembler::lwl):
-        (JSC::MIPSAssembler::lwr):
-        (JSC::MIPSAssembler::lhu):
-        (JSC::MIPSAssembler::sb):
-        (JSC::MIPSAssembler::sh):
-        (JSC::MIPSAssembler::sw):
-        (JSC::MIPSAssembler::addd):
-        (JSC::MIPSAssembler::subd):
-        (JSC::MIPSAssembler::muld):
-        (JSC::MIPSAssembler::divd):
-        (JSC::MIPSAssembler::lwc1):
-        (JSC::MIPSAssembler::ldc1):
-        (JSC::MIPSAssembler::swc1):
-        (JSC::MIPSAssembler::sdc1):
-        (MIPSAssembler):
-        (JSC::MIPSAssembler::relocateJumps):
-        (JSC::MIPSAssembler::linkWithOffset):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::add32):
-        (JSC::MacroAssemblerMIPS::and32):
-        (JSC::MacroAssemblerMIPS::sub32):
-        (MacroAssemblerMIPS):
-        (JSC::MacroAssemblerMIPS::load8):
-        (JSC::MacroAssemblerMIPS::load32):
-        (JSC::MacroAssemblerMIPS::load32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerMIPS::load16):
-        (JSC::MacroAssemblerMIPS::store8):
-        (JSC::MacroAssemblerMIPS::store16):
-        (JSC::MacroAssemblerMIPS::store32):
-        (JSC::MacroAssemblerMIPS::nearCall):
-        (JSC::MacroAssemblerMIPS::test8):
-        (JSC::MacroAssemblerMIPS::test32):
-
-2012-10-16  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-        Refactor MacroAssembler interfaces to differentiate the pointer operands from the 64-bit integer operands
-        https://bugs.webkit.org/show_bug.cgi?id=99154
-
-        Reviewed by Gavin Barraclough.
-
-        In current JavaScriptCore implementation for JSVALUE64 platform (i.e.,
-        the X64 platform), we assume that the JSValue size is same to the
-        pointer size, and thus EncodedJSValue is simply type defined as a
-        "void*". In the JIT compiler, we also take this assumption and invoke
-        the same macro assembler interfaces for both JSValue and pointer
-        operands. We need to differentiate the operations on pointers from the
-        operations on JSValues, and let them invoking different macro
-        assembler interfaces. For example, we now use the interface of
-        "loadPtr" to load either a pointer or a JSValue, and we need to switch
-        to using "loadPtr" to load a pointer and some new "load64" interface
-        to load a JSValue. This would help us supporting other JSVALUE64
-        platforms where pointer size is not necessarily 64-bits, for example
-        x32 (bug #99153).
-
-        The major modification I made is to introduce the "*64" interfaces in
-        the MacroAssembler for those operations on JSValues, keep the "*Ptr"
-        interfaces for those operations on real pointers, and go through all
-        the JIT compiler code to correct the usage.
-
-        This is the first part of the work, i.e, to add the *64 interfaces to
-        the MacroAssembler.
-
-        * assembler/AbstractMacroAssembler.h: Add the Imm64 interfaces.
-        (AbstractMacroAssembler):
-        (JSC::AbstractMacroAssembler::TrustedImm64::TrustedImm64):
-        (TrustedImm64):
-        (JSC::AbstractMacroAssembler::Imm64::Imm64):
-        (Imm64):
-        (JSC::AbstractMacroAssembler::Imm64::asTrustedImm64):
-        * assembler/MacroAssembler.h: map <foo>Ptr methods to <foo>64 for X86_64.
-        (MacroAssembler):
-        (JSC::MacroAssembler::peek64):
-        (JSC::MacroAssembler::poke):
-        (JSC::MacroAssembler::poke64):
-        (JSC::MacroAssembler::addPtr):
-        (JSC::MacroAssembler::andPtr):
-        (JSC::MacroAssembler::negPtr):
-        (JSC::MacroAssembler::orPtr):
-        (JSC::MacroAssembler::rotateRightPtr):
-        (JSC::MacroAssembler::subPtr):
-        (JSC::MacroAssembler::xorPtr):
-        (JSC::MacroAssembler::loadPtr):
-        (JSC::MacroAssembler::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
-        (JSC::MacroAssembler::storePtr):
-        (JSC::MacroAssembler::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssembler::movePtrToDouble):
-        (JSC::MacroAssembler::moveDoubleToPtr):
-        (JSC::MacroAssembler::comparePtr):
-        (JSC::MacroAssembler::testPtr):
-        (JSC::MacroAssembler::branchPtr):
-        (JSC::MacroAssembler::branchTestPtr):
-        (JSC::MacroAssembler::branchAddPtr):
-        (JSC::MacroAssembler::branchSubPtr):
-        (JSC::MacroAssembler::shouldBlindDouble):
-        (JSC::MacroAssembler::shouldBlind):
-        (JSC::MacroAssembler::RotatedImm64::RotatedImm64):
-        (RotatedImm64):
-        (JSC::MacroAssembler::rotationBlindConstant):
-        (JSC::MacroAssembler::loadRotationBlindedConstant):
-        (JSC::MacroAssembler::move):
-        (JSC::MacroAssembler::and64):
-        (JSC::MacroAssembler::store64):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
-        (MacroAssemblerX86Common):
-        (JSC::MacroAssemblerX86Common::move):
-        * assembler/MacroAssemblerX86_64.h: Add the <foo>64 methods for X86_64.
-        (JSC::MacroAssemblerX86_64::branchAdd32):
-        (JSC::MacroAssemblerX86_64::add64):
-        (MacroAssemblerX86_64):
-        (JSC::MacroAssemblerX86_64::and64):
-        (JSC::MacroAssemblerX86_64::neg64):
-        (JSC::MacroAssemblerX86_64::or64):
-        (JSC::MacroAssemblerX86_64::rotateRight64):
-        (JSC::MacroAssemblerX86_64::sub64):
-        (JSC::MacroAssemblerX86_64::xor64):
-        (JSC::MacroAssemblerX86_64::load64):
-        (JSC::MacroAssemblerX86_64::load64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::load64WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::store64):
-        (JSC::MacroAssemblerX86_64::store64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerX86_64::move64ToDouble):
-        (JSC::MacroAssemblerX86_64::moveDoubleTo64):
-        (JSC::MacroAssemblerX86_64::compare64):
-        (JSC::MacroAssemblerX86_64::branch64):
-        (JSC::MacroAssemblerX86_64::branchTest64):
-        (JSC::MacroAssemblerX86_64::test64):
-        (JSC::MacroAssemblerX86_64::branchAdd64):
-        (JSC::MacroAssemblerX86_64::branchSub64):
-        (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
-        (JSC::MacroAssemblerX86_64::storePtrWithPatch):
-
-2012-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Make CopiedSpace and MarkedSpace regions independent
-        https://bugs.webkit.org/show_bug.cgi?id=99222
-
-        Reviewed by Filip Pizlo.
-
-        Right now CopiedSpace and MarkedSpace have the same block size and share the same regions, 
-        but there's no reason that they can't have different block sizes while still sharing the 
-        same underlying regions. We should factor the two "used" lists of regions apart so that 
-        MarkedBlocks and CopiedBlocks can be different sizes. Regions will still be a uniform size 
-        so that when they become empty they may be shared between the CopiedSpace and the MarkedSpace, 
-        since benchmarks indicate that sharing is a boon for performance.
-
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        * heap/BlockAllocator.h:
-        (JSC):
-        (Region):
-        (JSC::Region::create): We now have a fixed size for Regions so that empty regions can continue to 
-        be shared between the MarkedSpace and CopiedSpace. Once they are used for a specific type of block,
-        however, they can only be used for that type of block until they become empty again.
-        (JSC::Region::createCustomSize):
-        (JSC::Region::Region):
-        (JSC::Region::~Region):
-        (JSC::Region::reset):
-        (BlockAllocator):
-        (JSC::BlockAllocator::RegionSet::RegionSet):
-        (RegionSet):
-        (JSC::BlockAllocator::tryAllocateFromRegion): We change this function so that it correctly 
-        moves blocks between empty, partial, and full lists.
-        (JSC::BlockAllocator::allocate):
-        (JSC::BlockAllocator::allocateCustomSize):
-        (JSC::BlockAllocator::deallocate): Ditto.
-        (JSC::CopiedBlock):
-        (JSC::MarkedBlock):
-        (JSC::BlockAllocator::regionSetFor): We use this so that we can use the same allocate/deallocate
-        functions with different RegionSets. We specialize the function for each type of block that we 
-        want to allocate.
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        * heap/HeapBlock.h:
-        (HeapBlock):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::MarkedBlock): For oversize MarkedBlocks, if the block size gets too big we can 
-        underflow the endAtom, which will cause us to segfault when we try to sweep a block. If we're a 
-        custom size MarkedBlock we need to calculate endAtom so it doesn't underflow.
-
-2012-10-14  Filip Pizlo  <fpizlo@apple.com>
-
-        JIT::JIT fails to initialize all of its fields
-        https://bugs.webkit.org/show_bug.cgi?id=99283
-
-        Reviewed by Andreas Kling.
-
-        There were two groups of such fields, all of which are eventually initialized
-        prior to use inside of privateCompile(). But it's safer to make sure that they
-        are initialized in the constructor as well, since we may use the JIT to do a
-        stub compile without calling into privateCompile().
-        
-        Unsigned index fields for dynamic repatching meta-data: this change
-        initializes them to UINT_MAX, so we should crash if we try to use those
-        indices without initializing them.
-        
-        Boolean flags for value profiling: this change initializes them to false, so
-        we at worst turn off value profiling.
-
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-
-2012-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        We should avoid weakCompareAndSwap when parallel GC is disabled
-        https://bugs.webkit.org/show_bug.cgi?id=99331
-
-        Reviewed by Filip Pizlo.
-
-        CopiedBlock::reportLiveBytes and didEvacuateBytes uses weakCompareAndSwap, which some platforms 
-        don't support. For platforms that don't have parallel GC enabled, we should just use a normal store.
-
-        * heap/CopiedBlock.h:
-        (JSC::CopiedBlock::reportLiveBytes):
-        (JSC::CopiedBlock::didEvacuateBytes):
-
-2012-10-15  Carlos Garcia Campos  <cgarcia@igalia.com>
-
-        Unreviewed. Fix make distcheck.
-
-        * GNUmakefile.list.am: Add missing header file.
-
-2012-10-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should handle polymorphic array modes by eagerly transforming arrays into the most general applicable form
-        https://bugs.webkit.org/show_bug.cgi?id=99269
-
-        Reviewed by Geoffrey Garen.
-
-        This kills off a bunch of code for "polymorphic" array modes in the DFG. It should
-        also be a performance win for code that uses a lot of array storage arrays.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (JSC::DFG::modeUsesButterfly):
-        (JSC::DFG::modeIsJSArray):
-        (JSC::DFG::mayStoreToTail):
-        (JSC::DFG::mayStoreToHole):
-        (JSC::DFG::canCSEStorage):
-        (JSC::DFG::modeSupportsLength):
-        (JSC::DFG::benefitsFromStructureCheck):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::putByValWillNeedExtraRegister):
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-14  Filip Pizlo  <fpizlo@apple.com>
-
-        REGRESSION(126886): Fat binary builds don't know how to handle architecture variants to which the LLInt is agnostic
-        https://bugs.webkit.org/show_bug.cgi?id=99270
-
-        Reviewed by Geoffrey Garen.
-
-        The fix is to hash cons the offsets based on configuration index, not the offsets
-        themselves.
-
-        * offlineasm/offsets.rb:
-
-2012-10-13  Filip Pizlo  <fpizlo@apple.com>
-
-        IndexingType should not have a bit for each type
-        https://bugs.webkit.org/show_bug.cgi?id=98997
-
-        Reviewed by Oliver Hunt.
-
-        Somewhat incidentally, the introduction of butterflies led to each indexing
-        type being represented by a unique bit. This is superficially nice since it
-        allows you to test if a structure corresponds to a particular indexing type
-        by saying !!(structure->indexingType() & TheType). But the downside is that
-        given the 8 bits we have for the m_indexingType field, that leaves only a
-        small number of possible indexing types if we have one per bit.
-        
-        This changeset changes the indexing type to be:
-        
-        Bit #1: Tells you if you're an array.
-        
-        Bits #2 - #5: 16 possible indexing types, including the blank type for
-            objects that don't have indexed properties.
-        
-        Bits #6-8: Auxiliary bits that we could use for other things. Currently we
-            just use one of those bits, for MayHaveIndexedAccessors.
-        
-        This is performance-neutral, and is primarily intended to give us more
-        breathing room for introducing new inferred array modes.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::JumpList::jumps):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::patchableBranch32):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::patchableBranch32):
-        (MacroAssemblerARMv7):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::modeAlreadyChecked):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSArray):
-        (JSC::JIT::chooseArrayMode):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emitArrayStorageGetByVal):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitContiguousPutByVal):
-        (JSC::JIT::emitArrayStoragePutByVal):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emitArrayStorageGetByVal):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitContiguousPutByVal):
-        (JSC::JIT::emitArrayStoragePutByVal):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/IndexingType.h:
-        (JSC):
-        (JSC::hasIndexedProperties):
-        (JSC::hasContiguous):
-        (JSC::hasFastArrayStorage):
-        (JSC::hasArrayStorage):
-        (JSC::shouldUseSlowPut):
-        * runtime/JSGlobalObject.cpp:
-        (JSC):
-        * runtime/StructureTransitionTable.h:
-        (JSC::newIndexingType):
-
-2012-10-14  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG structure check hoisting should attempt to ignore side effects and make transformations that are sound even in their presence
-        https://bugs.webkit.org/show_bug.cgi?id=99262
-
-        Reviewed by Oliver Hunt.
-
-        This hugely simplifies the structure check hoisting phase. It will no longer be necessary
-        to modify it when the effectfulness of operations changes. This also enables the hoister
-        to hoist effectful things in the future.
-        
-        The downside is that the hoister may end up adding strictly more checks than were present
-        in the original code, if the code truly has a lot of side-effects. I don't see evidence
-        of this happening. This patch does have some speed-ups and some slow-downs, but is
-        neutral in the average, and the slow-downs do not appear to have more structure checks
-        than ToT.
-
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
-        (StructureCheckHoistingPhase):
-        (CheckData):
-        (JSC::DFG::StructureCheckHoistingPhase::CheckData::CheckData):
-
-2012-10-14  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix the build of universal binary with ARMv7s of JavaScriptCore
-
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LowLevelInterpreter.asm:
-
-2012-10-13  Filip Pizlo  <fpizlo@apple.com>
-
-        Array length array profiling is broken in the baseline JIT
-        https://bugs.webkit.org/show_bug.cgi?id=99258
-
-        Reviewed by Oliver Hunt.
-
-        The code generator for array length stubs calls into
-        emitArrayProfilingSiteForBytecodeIndex(), which emits profiling only if
-        canBeOptimized() returns true. But m_canBeOptimized is only initialized during
-        full method compiles, so in a stub compile it may (or may not) be false, meaning
-        that we may, or may not, get meaningful profiling info.
-        
-        This appeared to not affect too many programs since the LLInt has good array
-        length array profiling.
-
-        * jit/JIT.h:
-        (JSC::JIT::compilePatchGetArrayLength):
-
-2012-10-14  Patrick Gansterer  <paroga@webkit.org>
-
-        Build fix for WinCE after r131089.
-
-        WinCE does not support getenv().
-
-        * runtime/Options.cpp:
-        (JSC::overrideOptionWithHeuristic):
-
-2012-10-12  Kangil Han  <kangil.han@samsung.com>
-
-        Fix build error on DFGSpeculativeJIT32_64.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=99234
-
-        Reviewed by Anders Carlsson.
-
-        Seems BUG 98608 causes build error on 32bit machine so fix it.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Contiguous array allocation should always be inlined
-        https://bugs.webkit.org/show_bug.cgi?id=98608
-
-        Reviewed by Oliver Hunt and Mark Hahnenberg.
-
-        This inlines contiguous array allocation in the most obvious way possible.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::branchSubPtr):
-        (MacroAssembler):
-        * assembler/MacroAssemblerX86_64.h:
-        (JSC::MacroAssemblerX86_64::branchSubPtr):
-        (MacroAssemblerX86_64):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCCallHelpers.h:
-        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
-        (CCallHelpers):
-        * dfg/DFGCallArrayAllocatorSlowPathGenerator.h: Added.
-        (DFG):
-        (CallArrayAllocatorSlowPathGenerator):
-        (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
-        (JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal):
-        (CallArrayAllocatorWithVariableSizeSlowPathGenerator):
-        (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
-        (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
-        (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-12  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Race condition during CopyingPhase can lead to deadlock
-        https://bugs.webkit.org/show_bug.cgi?id=99226
-
-        Reviewed by Filip Pizlo.
-
-        The main thread calls startCopying() for each of the GCThreads at the beginning of the copy phase. 
-        It then proceeds to start copying. If copying completes before one of the GCThreads wakes up, the 
-        main thread will set m_currentPhase back to NoPhase, the GCThread will wake up, see that there's 
-        nothing to do, and then it will go back to sleep without ever calling CopyVisitor::doneCopying() 
-        to return its borrowed block to the CopiedSpace. CopiedSpace::doneCopying() will then sleep forever 
-        waiting on the block.
-
-        The fix for this is to make sure we call CopiedSpace::doneCopying() on the main thread before we 
-        call GCThreadSharedData::didFinishCopying(), which sets the m_currentPhase flag to NoPhase. This 
-        way we will wait until all threads have woken up and given back their borrowed blocks before 
-        clearing the flag.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::copyBackingStores):
-
-2012-10-12  Anders Carlsson  <andersca@apple.com>
-
-        Move macros from Parser.h to Parser.cpp
-        https://bugs.webkit.org/show_bug.cgi?id=99217
-
-        Reviewed by Andreas Kling.
-
-        There are a bunch of macros in Parser.h that are only used in Parser.cpp. Move them to Parser.cpp
-        so they won't pollute the global namespace.
-        * parser/Parser.cpp:
-        * parser/Parser.h:
-        (JSC):
-
-2012-10-12  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Another build fix after r131213
-
-        Added some symbol magic to placate the linker on some platforms.
-
-        * JavaScriptCore.order:
-
-2012-10-12  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Build fix after r131213
-
-        Removed an unused variable that was making compilers unhappy.
-
-        * heap/GCThread.cpp:
-        (JSC::GCThread::GCThread):
-        * heap/GCThread.h:
-        (GCThread):
-        * heap/GCThreadSharedData.cpp:
-        (JSC::GCThreadSharedData::GCThreadSharedData):
-
-2012-10-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Copying collection shouldn't require O(live bytes) memory overhead
-        https://bugs.webkit.org/show_bug.cgi?id=98792
-
-        Reviewed by Filip Pizlo.
-
-        Currently our copying collection occurs simultaneously with the marking phase. We'd like 
-        to be able to reuse CopiedBlocks as soon as they become fully evacuated, but this is not 
-        currently possible because we don't know the liveness statistics of each old CopiedBlock 
-        until marking/copying has already finished. Instead, we have to allocate additional memory 
-        from the OS to use as our working set of CopiedBlocks while copying. We then return the 
-        fully evacuated old CopiedBlocks back to the block allocator, thus giving our copying phase 
-        an O(live bytes) overhead.
-
-        To fix this, we should instead split the copying phase apart from the marking phase. This 
-        way we have full liveness data for each CopiedBlock during the copying phase so that we 
-        can reuse them the instant they become fully evacuated. With the additional liveness data 
-        that each CopiedBlock accumulates, we can add some additional heuristics to the collector. 
-        For example, we can calculate our global Heap fragmentation and only choose to do a copying 
-        phase if that fragmentation exceeds some limit. As another example, we can skip copying 
-        blocks that are already above a particular fragmentation limit, which allows older objects 
-        to coalesce into blocks that are rarely copied.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/CopiedBlock.h:
-        (CopiedBlock):
-        (JSC::CopiedBlock::CopiedBlock): Added support for tracking live bytes in a CopiedBlock in a 
-        thread-safe fashion.
-        (JSC::CopiedBlock::reportLiveBytes): Adds a number of live bytes to the block in a thread-safe 
-        fashion using compare and swap.
-        (JSC):
-        (JSC::CopiedBlock::didSurviveGC): Called when a block survives a single GC without being 
-        evacuated. This could be called for a couple reasons: (a) the block was pinned or (b) we 
-        decided not to do any copying. A block can become pinned for a few reasons: (1) a pointer into 
-        the block was found during the conservative scan. (2) the block was deemed full enough to 
-        not warrant any copying. (3) The block is oversize and was found to be live. 
-        (JSC::CopiedBlock::didEvacuateBytes): Called when some number of bytes are copied from this 
-        block. If the number of live bytes ever hits zero, the block will return itself to the 
-        BlockAllocator to be recycled.
-        (JSC::CopiedBlock::canBeRecycled): Indicates that a block has no live bytes and can be 
-        immediately recycled. This is used for blocks that are found to have zero live bytes at the 
-        beginning of the copying phase.
-        (JSC::CopiedBlock::shouldEvacuate): This function returns true if the current fragmentation 
-        of the block is above our fragmentation threshold, and false otherwise.
-        (JSC::CopiedBlock::isPinned): Added an accessor for the pinned flag
-        (JSC::CopiedBlock::liveBytes): 
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::CopiedSpace):
-        (JSC::CopiedSpace::doneFillingBlock): Changed so that we can exchange our filled block for a 
-        fresh block. This avoids the situation where a thread returns its borrowed block, it's the last 
-        borrowed block, so CopiedSpace thinks that copying has completed, and it starts doing all of the 
-        copying phase cleanup. In actuality, the thread wanted another block after returning the current 
-        block. So we allow the thread to atomically exchange its block for another block.
-        (JSC::CopiedSpace::startedCopying): Added the calculation of global Heap fragmentation to 
-        determine if the copying phase should commence. We include the MarkedSpace in our fragmentation 
-        calculation by assuming that the MarkedSpace is 0% fragmented since we can reuse any currently 
-        free memory in it (i.e. we ignore any internal fragmentation in the MarkedSpace). While we're 
-        calculating the fragmentation of CopiedSpace, we also return any free blocks we find along the 
-        way (meaning liveBytes() == 0).
-        (JSC):
-        (JSC::CopiedSpace::doneCopying): We still have to iterate over all the blocks, regardless of
-        whether the copying phase took place or not so that we can reset all of the live bytes counters 
-        and un-pin any pinned blocks.
-        * heap/CopiedSpace.h:
-        (CopiedSpace):
-        (JSC::CopiedSpace::shouldDoCopyPhase):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::recycleEvacuatedBlock): This function is distinct from recycling a borrowed block 
-        because a borrowed block hasn't been added to the CopiedSpace yet, but an evacuated block is still
-        currently in CopiedSpace, so we have to make sure we properly remove all traces of the block from 
-        CopiedSpace before returning it to BlockAllocator.
-        (JSC::CopiedSpace::recycleBorrowedBlock): Renamed to indicate the distinction mentioned above.
-        * heap/CopyVisitor.cpp: Added.
-        (JSC):
-        (JSC::CopyVisitor::CopyVisitor):
-        (JSC::CopyVisitor::copyFromShared): Main function for any thread participating in the copying phase.
-        Grabs chunks of MarkedBlocks from the shared list and copies the backing store of anybody who needs
-        it until there are no more chunks to copy.
-        * heap/CopyVisitor.h: Added.
-        (JSC):
-        (CopyVisitor):
-        * heap/CopyVisitorInlineMethods.h: Added.
-        (JSC):
-        (GCCopyPhaseFunctor):
-        (JSC::GCCopyPhaseFunctor::GCCopyPhaseFunctor):
-        (JSC::GCCopyPhaseFunctor::operator()):
-        (JSC::CopyVisitor::checkIfShouldCopy): We don't have to check shouldEvacuate() because all of those 
-        checks are done during the marking phase.
-        (JSC::CopyVisitor::allocateNewSpace): 
-        (JSC::CopyVisitor::allocateNewSpaceSlow):
-        (JSC::CopyVisitor::startCopying): Initialization function for a thread that is about to start copying.
-        (JSC::CopyVisitor::doneCopying):
-        (JSC::CopyVisitor::didCopy): This callback is called by an object that has just successfully copied its
-        backing store. It indicates to the CopiedBlock that somebody has just finished evacuating some number of 
-        bytes from it, and, if the CopiedBlock now has no more live bytes, can be recycled immediately.
-        * heap/GCThread.cpp: Added.
-        (JSC):
-        (JSC::GCThread::GCThread): This is a new class that encapsulates a single thread responsible for participating 
-        in a specific set of GC phases. Currently, that set of phases includes Mark, Copy, and Exit. Each thread 
-        monitors a shared variable in its associated GCThreadSharedData. The main thread updates this m_currentPhase
-        variable as collection progresses through the various phases. Parallel marking still works exactly like it 
-        has. In other words, the "run loop" for each of the GC threads sits above any individual phase, thus keeping 
-        the separate phases of the collector orthogonal.
-        (JSC::GCThread::threadID):
-        (JSC::GCThread::initializeThreadID):
-        (JSC::GCThread::slotVisitor):
-        (JSC::GCThread::copyVisitor):
-        (JSC::GCThread::waitForNextPhase):
-        (JSC::GCThread::gcThreadMain):
-        (JSC::GCThread::gcThreadStartFunc):
-        * heap/GCThread.h: Added.
-        (JSC):
-        (GCThread):
-        * heap/GCThreadSharedData.cpp: The GCThreadSharedData now has a list of GCThread objects rather than raw 
-        ThreadIdentifiers.
-        (JSC::GCThreadSharedData::resetChildren):
-        (JSC::GCThreadSharedData::childVisitCount):
-        (JSC::GCThreadSharedData::GCThreadSharedData):
-        (JSC::GCThreadSharedData::~GCThreadSharedData):
-        (JSC::GCThreadSharedData::reset):
-        (JSC::GCThreadSharedData::didStartMarking): Callback to let the GCThreadSharedData know that marking has 
-        started and updates the m_currentPhase variable and notifies the GCThreads accordingly.
-        (JSC::GCThreadSharedData::didFinishMarking): Ditto for finishing marking. 
-        (JSC::GCThreadSharedData::didStartCopying): Ditto for starting the copying phase.
-        (JSC::GCThreadSharedData::didFinishCopying): Ditto for finishing copying. 
-        * heap/GCThreadSharedData.h:
-        (JSC):
-        (GCThreadSharedData):
-        (JSC::GCThreadSharedData::getNextBlocksToCopy): Atomically gets the next chunk of work for a copying thread.
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::markRoots):
-        (JSC):
-        (JSC::Heap::copyBackingStores): Responsible for setting up the copying phase, notifying the copying threads, 
-        and doing any copying work if necessary.
-        (JSC::Heap::collect):
-        * heap/Heap.h:
-        (Heap):
-        (JSC):
-        (JSC::CopyFunctor::CopyFunctor):
-        (CopyFunctor):
-        (JSC::CopyFunctor::operator()):
-        * heap/IncrementalSweeper.cpp: Changed the incremental sweeper to have a reference to the list of MarkedBlocks 
-        that need sweeping, since this now resides in the Heap so that it can be easily shared by the GCThreads.
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::startSweeping):
-        * heap/IncrementalSweeper.h:
-        (JSC):
-        (IncrementalSweeper):
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::setup):
-        (JSC::SlotVisitor::drainFromShared): We no longer do any copying-related work here.
-        (JSC):
-        * heap/SlotVisitor.h:
-        (SlotVisitor):
-        * heap/SlotVisitorInlineMethods.h:
-        (JSC):
-        (JSC::SlotVisitor::copyLater): Notifies the CopiedBlock that there are some live bytes that may need 
-        to be copied.
-        * runtime/Butterfly.h:
-        (JSC):
-        (Butterfly):
-        * runtime/ButterflyInlineMethods.h:
-        (JSC::Butterfly::createUninitializedDuringCollection): Uses the new CopyVisitor.
-        * runtime/ClassInfo.h:
-        (MethodTable): Added new "virtual" function copyBackingStore to method table.
-        (JSC):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::copyBackingStore): Default implementation that does nothing.
-        (JSC):
-        * runtime/JSCell.h:
-        (JSC):
-        (JSCell):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::copyButterfly): Does the actual copying of the butterfly.
-        (JSC):
-        (JSC::JSObject::visitButterfly): Calls copyLater for the butterfly.
-        (JSC::JSObject::copyBackingStore): 
-        * runtime/JSObject.h:
-        (JSObject):
-        (JSC::JSCell::methodTable):
-        (JSC::JSCell::inherits):
-        * runtime/Options.h: Added two new constants, minHeapUtilization and minCopiedBlockUtilization, 
-        to govern the amount of fragmentation we allow before doing copying.
-        (JSC):
-
-2012-10-12  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG array allocation calls should not return an encoded JSValue
-        https://bugs.webkit.org/show_bug.cgi?id=99196
-
-        Reviewed by Mark Hahnenberg.
-
-        The array allocation operations now return a pointer instead. This makes it
-        easier to share code between 32-bit and 64-bit.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-01  Jer Noble  <jer.noble@apple.com>
-
-        Enable ENCRYPTED_MEDIA support on Mac.
-        https://bugs.webkit.org/show_bug.cgi?id=98044
-
-        Reviewed by Anders Carlsson.
-
-        Enable the ENCRYPTED_MEDIA flag.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-12  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed. It should be possible to build JSC on ARMv7.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::patchableBranchPtr):
-
-2012-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        BlockAllocator should use regions as its VM allocation abstraction
-        https://bugs.webkit.org/show_bug.cgi?id=99107
-
-        Reviewed by Geoffrey Garen.
-
-        Currently the BlockAllocator allocates a single block at a time directly from the OS. Our block 
-        allocations are on the large-ish side (64 KB) to amortize across many allocations the expense of 
-        mapping new virtual memory from the OS. These large blocks are then shared between the MarkedSpace 
-        and the CopiedSpace. This design makes it difficult to vary the size of the blocks in different 
-        parts of the Heap while still allowing us to amortize the VM allocation costs.
-
-        We should redesign the BlockAllocator so that it has a layer of indirection between blocks that are 
-        used by the allocator/collector and our primary unit of VM allocation from the OS. In particular, 
-        the BlockAllocator should allocate Regions of virtual memory from the OS, which are then subdivided 
-        into one or more Blocks to be used in our custom allocators. This design has the following nice properties:
-
-        1) We can remove the knowledge of PageAllocationAligned from HeapBlocks. Each HeapBlock will now 
-           only know what Region it belongs to. The Region maintains all the metadata for how to allocate 
-           and deallocate virtual memory from the OS.
-
-        2) We can easily allocate in larger chunks than we need to satisfy a particular request for a Block. 
-           We can then continue to amortize our VM allocation costs while allowing for smaller block sizes, 
-           which should increase locality in the mutator when allocating, lazy sweeping, etc.
-
-        3) By encapsulating the logic of where our memory comes from inside of the Region class, we can more 
-           easily transition over to allocating VM from a specific range of pre-reserved address space. This 
-           will be a necessary step along the way to 32-bit pointers.
-
-        This particular patch will not change the size of MarkedBlocks or CopiedBlocks, nor will it change how 
-        much VM we allocate per failed Block request. It only sets up the data structures that we need to make 
-        these changes in future patches.
-
-        Most of the changes in this patch relate to the addition of the Region class to be used by the 
-        BlockAllocator and the threading of changes made to BlockAllocator's interface through to the call sites.
-
-        * heap/BlockAllocator.cpp: The BlockAllocator now has three lists that track the three disjoint sets of
-        Regions that it cares about: empty regions, partially full regions, and completely full regions. 
-        Empty regions have no blocks currently in use and can be freed immediately if the freeing thread 
-        determines they should be. Partial regions have some blocks used, but aren't completely in use yet. 
-        These regions are preferred for recycling before empty regions to mitigate fragmentation within regions.
-        Completely full regions are no longer able to be used for allocations. Regions move between these 
-        three lists as they are created and their constituent blocks are allocated and deallocated.
-        (JSC::BlockAllocator::BlockAllocator):
-        (JSC::BlockAllocator::~BlockAllocator):
-        (JSC::BlockAllocator::releaseFreeRegions):
-        (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
-        (JSC::BlockAllocator::waitForRelativeTime):
-        (JSC::BlockAllocator::blockFreeingThreadMain):
-        * heap/BlockAllocator.h:
-        (JSC):
-        (DeadBlock):
-        (JSC::DeadBlock::DeadBlock):
-        (Region):
-        (JSC::Region::blockSize):
-        (JSC::Region::isFull):
-        (JSC::Region::isEmpty):
-        (JSC::Region::create): This function is responsible for doing the actual VM allocation. This should be the 
-        only function in the entire JSC object runtime that calls out the OS for virtual memory allocation.
-        (JSC::Region::Region):
-        (JSC::Region::~Region):
-        (JSC::Region::allocate):
-        (JSC::Region::deallocate):
-        (BlockAllocator):
-        (JSC::BlockAllocator::tryAllocateFromRegion): Helper function that encapsulates checking a particular list 
-        of regions for a free block.
-        (JSC::BlockAllocator::allocate):
-        (JSC::BlockAllocator::allocateCustomSize): This function is responsible for allocating one-off custom size 
-        regions for use in oversize allocations in both the MarkedSpace and the CopiedSpace. These regions are not 
-        tracked by the BlockAllocator. The only pointer to them is in the HeapBlock that is returned. These regions 
-        contain exactly one block.
-        (JSC::BlockAllocator::deallocate):
-        (JSC::BlockAllocator::deallocateCustomSize): This function is responsible for deallocating one-off custom size
-        regions. The regions are deallocated back to the OS eagerly.
-        * heap/CopiedBlock.h: Re-worked CopiedBlocks to use Regions instead of PageAllocationAligned.
-        (CopiedBlock):
-        (JSC::CopiedBlock::createNoZeroFill):
-        (JSC::CopiedBlock::create):
-        (JSC::CopiedBlock::CopiedBlock):
-        (JSC::CopiedBlock::payloadEnd):
-        (JSC::CopiedBlock::capacity):
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::~CopiedSpace):
-        (JSC::CopiedSpace::tryAllocateOversize):
-        (JSC::CopiedSpace::tryReallocateOversize):
-        (JSC::CopiedSpace::doneCopying):
-        * heap/CopiedSpaceInlineMethods.h:
-        (JSC::CopiedSpace::allocateBlockForCopyingPhase):
-        (JSC::CopiedSpace::allocateBlock):
-        * heap/HeapBlock.h:
-        (JSC::HeapBlock::destroy):
-        (JSC::HeapBlock::HeapBlock):
-        (JSC::HeapBlock::region):
-        (HeapBlock):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateBlock):
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        (JSC::MarkedBlock::capacity):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::freeBlock):
-
-2012-10-11  Filip Pizlo  <fpizlo@apple.com>
-
-        UInt32ToNumber and OSR exit should be aware of copy propagation and correctly recover both versions of a variable that was subject to a UInt32ToNumber cast
-        https://bugs.webkit.org/show_bug.cgi?id=99100
-        <rdar://problem/12480955>
-
-        Reviewed by Michael Saboff and Mark Hahnenberg.
-
-        Fixed by forcing UInt32ToNumber to use a different register. This "undoes" the copy propagation that we
-        would have been doing, since it has no performance effect in this case and has the benefit of making the
-        OSR exit compiler a lot simpler.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
-
-2012-10-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed some more static assumptions about inline object capacity
-        https://bugs.webkit.org/show_bug.cgi?id=98603
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Use JSObject::allocationSize()
-        for a little more flexibility. We still pass it a constant inline capacity
-        because the JIT doesn't have a strategy for selecting a size class based
-        on non-constant capacity yet. "INLINE_STORAGE_CAPACITY" is a marker for
-        code that makes static assumptions about object size.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm: Ditto for the rest of our many execution engines.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::allocationSize):
-        (JSC::JSFinalObject::finishCreation):
-        (JSC::JSFinalObject::create): New helper function for computing object
-        size dynamically, since we plan to have objects of different sizes.
-
-        (JSC::JSFinalObject::JSFinalObject): Note that our m_inlineStorage used
-        to auto-generate an implicit C++ constructor with default null initialization.
-        This memory is not observed in its uninitialized state, and our LLInt and
-        JIT allocators do not initialize it, so I did not add any explicit code
-        to do so, now that the implicit code is gone.
-
-        (JSC::JSObject::offsetOfInlineStorage): Changed the math here to match
-        inlineStorageUnsafe(), since we can rely on an explicit data member anymore.
-
-2012-10-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Enable RUNTIME_HEURISTICS all the time, for easier testing
-        https://bugs.webkit.org/show_bug.cgi?id=99090
-
-        Reviewed by Filip Pizlo.
-
-        I find myself using this a lot, and there doesn't seem to be an obvious
-        reason to compile it out, since it only runs once at startup.
-
-        * runtime/Options.cpp:
-        (JSC::overrideOptionWithHeuristic):
-        (JSC::Options::initialize):
-        * runtime/Options.h: Removed the #ifdef.
-
-2012-10-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed ASSERT_CLASS_FITS_IN_CELL
-        https://bugs.webkit.org/show_bug.cgi?id=97634
-
-        Reviewed by Mark Hahnenberg.
-
-        Our collector now supports arbitrarily sized objects, so the ASSERT is not needed.
-
-        * API/JSCallbackFunction.cpp:
-        * API/JSCallbackObject.cpp:
-        * heap/MarkedSpace.h:
-        * jsc.cpp:
-        * runtime/Arguments.cpp:
-        * runtime/ArrayConstructor.cpp:
-        * runtime/ArrayPrototype.cpp:
-        * runtime/BooleanConstructor.cpp:
-        * runtime/BooleanObject.cpp:
-        * runtime/BooleanPrototype.cpp:
-        * runtime/DateConstructor.cpp:
-        * runtime/DatePrototype.cpp:
-        * runtime/Error.cpp:
-        * runtime/ErrorConstructor.cpp:
-        * runtime/ErrorPrototype.cpp:
-        * runtime/FunctionConstructor.cpp:
-        * runtime/FunctionPrototype.cpp:
-        * runtime/InternalFunction.cpp:
-        * runtime/JSActivation.cpp:
-        * runtime/JSArray.cpp:
-        * runtime/JSBoundFunction.cpp:
-        * runtime/JSFunction.cpp:
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalThis.cpp:
-        * runtime/JSNameScope.cpp:
-        * runtime/JSNotAnObject.cpp:
-        * runtime/JSONObject.cpp:
-        * runtime/JSObject.cpp:
-        * runtime/JSPropertyNameIterator.cpp:
-        * runtime/JSScope.cpp:
-        * runtime/JSWithScope.cpp:
-        * runtime/JSWrapperObject.cpp:
-        * runtime/MathObject.cpp:
-        * runtime/NameConstructor.cpp:
-        * runtime/NamePrototype.cpp:
-        * runtime/NativeErrorConstructor.cpp:
-        * runtime/NativeErrorPrototype.cpp:
-        * runtime/NumberConstructor.cpp:
-        * runtime/NumberObject.cpp:
-        * runtime/NumberPrototype.cpp:
-        * runtime/ObjectConstructor.cpp:
-        * runtime/ObjectPrototype.cpp:
-        * runtime/RegExpConstructor.cpp:
-        * runtime/RegExpMatchesArray.cpp:
-        * runtime/RegExpObject.cpp:
-        * runtime/RegExpPrototype.cpp:
-        * runtime/StringConstructor.cpp:
-        * runtime/StringObject.cpp:
-        * runtime/StringPrototype.cpp:
-        * testRegExp.cpp: Removed the ASSERT.
-
-2012-10-11  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG should inline code blocks that use new_array_buffer
-        https://bugs.webkit.org/show_bug.cgi?id=98996
-
-        Reviewed by Geoffrey Garen.
-
-        This adds plumbing to drop in constant buffers from the inlinees to the inliner.
-        It's smart about not duplicating buffers needlessly but doesn't try to completely
-        hash-cons them, either.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::numberOfConstantBuffers):
-        (JSC::CodeBlock::addConstantBuffer):
-        (JSC::CodeBlock::constantBufferAsVector):
-        (JSC::CodeBlock::constantBuffer):
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGByteCodeParser.cpp:
-        (ConstantBufferKey):
-        (JSC::DFG::ConstantBufferKey::ConstantBufferKey):
-        (JSC::DFG::ConstantBufferKey::operator==):
-        (JSC::DFG::ConstantBufferKey::hash):
-        (JSC::DFG::ConstantBufferKey::isHashTableDeletedValue):
-        (JSC::DFG::ConstantBufferKey::codeBlock):
-        (JSC::DFG::ConstantBufferKey::index):
-        (DFG):
-        (JSC::DFG::ConstantBufferKeyHash::hash):
-        (JSC::DFG::ConstantBufferKeyHash::equal):
-        (ConstantBufferKeyHash):
-        (WTF):
-        (ByteCodeParser):
-        (InlineStackEntry):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGCapabilities.h:
-        (JSC::DFG::canInlineOpcode):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-10-10  Zoltan Horvath  <zoltan@webkit.org>
-
-        Pageload tests should measure memory usage
-        https://bugs.webkit.org/show_bug.cgi?id=93958
-
-        Reviewed by Ryosuke Niwa.
-
-        Add JS Heap and Heap memory measurement to PageLoad tests.
-
-        * heap/HeapStatistics.cpp:
-        (JSC::HeapStatistics::usedJSHeap): Add new private function to expose the used JS Heap size.
-        (JSC):
-        * heap/HeapStatistics.h:
-        (HeapStatistics): Add new private function to expose the used JS Heap size.
-
-2012-10-10  Balazs Kilvady  <kilvadyb@homejinni.com>
-
-        RegisterFile to JSStack rename fix for a struct member.
-
-        Compilation problem in debug build on MIPS
-        https://bugs.webkit.org/show_bug.cgi?id=98808
-
-        Reviewed by Alexey Proskuryakov.
-
-        In ASSERT conditions structure field name "registerFile" was replaced
-        with type name "JSStack" and it should be "stack".
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks): structure member name fix.
-
-2012-10-10  Michael Saboff  <msaboff@apple.com>
-
-        After r130344, OpaqueJSString::string() shouldn't directly return the wrapped String
-        https://bugs.webkit.org/show_bug.cgi?id=98801
-
-        Reviewed by Geoffrey Garen.
-
-        Return a copy of the wrapped String so that the wrapped string cannot be turned into 
-        an Identifier.
-
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::string):
-        * API/OpaqueJSString.h:
-        (OpaqueJSString):
-
-2012-10-10  Peter Gal  <galpeter@inf.u-szeged.hu>
-
-        Add moveDoubleToInts and moveIntsToDouble to MacroAssemblerARM
-        https://bugs.webkit.org/show_bug.cgi?id=98855
-
-        Reviewed by Filip Pizlo.
-
-        Implement the missing moveDoubleToInts and moveIntsToDouble
-        methods in the MacroAssemblerARM after r130839.
-
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::moveDoubleToInts):
-        (MacroAssemblerARM):
-        (JSC::MacroAssemblerARM::moveIntsToDouble):
-
-2012-10-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Typed arrays should not be 20x slower in the baseline JIT than in the DFG JIT
-        https://bugs.webkit.org/show_bug.cgi?id=98605
-
-        Reviewed by Oliver Hunt and Gavin Barraclough.
-
-        This adds typed array get_by_val/put_by_val patching to the baseline JIT. It's
-        a big (~40%) win on benchmarks that have trouble staying in the DFG JIT. Even
-        if we fix those benchmarks, this functionality gives us the insurance that we
-        typically desire with all speculative optimizations: even if we bail to
-        baseline, we're still reasonably performant.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/MacroAssembler.cpp: Added.
-        (JSC):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::patchableBranchPtr):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        (JSC::MacroAssemblerARMv7::moveDoubleToInts):
-        (JSC::MacroAssemblerARMv7::moveIntsToDouble):
-        (JSC::MacroAssemblerARMv7::patchableBranchPtr):
-        * assembler/MacroAssemblerX86.h:
-        (MacroAssemblerX86):
-        (JSC::MacroAssemblerX86::moveDoubleToInts):
-        (JSC::MacroAssemblerX86::moveIntsToDouble):
-        * bytecode/ByValInfo.h:
-        (JSC::hasOptimizableIndexingForClassInfo):
-        (JSC):
-        (JSC::hasOptimizableIndexing):
-        (JSC::jitArrayModeForClassInfo):
-        (JSC::jitArrayModeForStructure):
-        (JSC::ByValInfo::ByValInfo):
-        (ByValInfo):
-        * dfg/DFGAssemblyHelpers.cpp:
-        (DFG):
-        * dfg/DFGAssemblyHelpers.h:
-        (AssemblyHelpers):
-        (JSC::DFG::AssemblyHelpers::boxDouble):
-        (JSC::DFG::AssemblyHelpers::unboxDouble):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
-        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * jit/JIT.h:
-        (JIT):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::privateCompileGetByVal):
-        (JSC::JIT::privateCompilePutByVal):
-        (JSC::JIT::emitIntTypedArrayGetByVal):
-        (JSC):
-        (JSC::JIT::emitFloatTypedArrayGetByVal):
-        (JSC::JIT::emitIntTypedArrayPutByVal):
-        (JSC::JIT::emitFloatTypedArrayPutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/JSCell.h:
-        * runtime/JSGlobalData.h:
-        (JSGlobalData):
-        (JSC::JSGlobalData::typedArrayDescriptor):
-        * runtime/TypedArrayDescriptor.h: Added.
-        (JSC):
-        (JSC::TypedArrayDescriptor::TypedArrayDescriptor):
-        (TypedArrayDescriptor):
-
-2012-10-09  Michael Saboff  <msaboff@apple.com>
-
-        Add tests to testapi for null OpaqueJSStrings
-        https://bugs.webkit.org/show_bug.cgi?id=98805
-
-        Reviewed by Geoffrey Garen.
-
-        Added tests that check that OpaqueJSString, which is wrapped via JSStringRef, properly returns
-        null strings and that a null string in a JSStringRef will return a NULL JSChar* and 0 length
-        via the JSStringGetCharactersPtr() and JSStringGetLength() APIs respectively. Added a check that 
-        JSValueMakeFromJSONString() properly handles a null string as well.
-
-        * API/tests/testapi.c:
-        (main):
-
-2012-10-09  Jian Li  <jianli@chromium.org>
-
-        Update the CSS property used to support draggable regions.
-        https://bugs.webkit.org/show_bug.cgi?id=97156
-
-        Reviewed by Adam Barth.
-
-        The CSS property to support draggable regions, guarded under
-        WIDGET_REGION is now disabled from Mac WebKit, in order not to cause
-        confusion with DASHBOARD_SUPPORT feature.
-
-        * Configurations/FeatureDefines.xcconfig: Disable WIDGET_REGION feature.
-
-2012-10-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, adding forgotten files.
-
-        * bytecode/ByValInfo.h: Added.
-        (JSC):
-        (JSC::isOptimizableIndexingType):
-        (JSC::jitArrayModeForIndexingType):
-        (JSC::ByValInfo::ByValInfo):
-        (ByValInfo):
-        (JSC::getByValInfoBytecodeIndex):
-        * runtime/IndexingType.cpp: Added.
-        (JSC):
-        (JSC::indexingTypeToString):
-
-2012-10-08  Filip Pizlo  <fpizlo@apple.com>
-
-        JSC should infer when indexed storage is contiguous, and optimize for it
-        https://bugs.webkit.org/show_bug.cgi?id=97288
-
-        Reviewed by Mark Hahnenberg.
-
-        This introduces a new kind of indexed property storage called Contiguous,
-        which has the following properties:
-        
-        - No header bits beyond IndexedHeader. This results in a 16 byte reduction
-          in memory usage per array versus an ArrayStorage array. It also means
-          that the total memory usage for an empty array is now just 3 * 8 on both
-          32-bit and 64-bit. Of that, only 8 bytes are array-specific; the rest is
-          our standard object header overhead.
-        
-        - No need for hole checks on store. This results in a ~4% speed-up on
-          Kraken and a ~1% speed-up on V8v7.
-        
-        - publicLength <= vectorLength. This means that doing new Array(blah)
-          immediately allocates room for blah elements.
-        
-        - No sparse map or index bias.
-        
-        If you ever do things to an array that would require publicLength >
-        vectorLength, a sparse map, or index bias, then we switch to ArrayStorage
-        mode. This seems to never happen in any benchmark we track, and is unlikely
-        to happen very frequently on any website.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::JumpList::append):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::patchableBranchTest32):
-        * bytecode/ByValInfo.h: Added.
-        (JSC):
-        (JSC::isOptimizableIndexingType):
-        (JSC::jitArrayModeForIndexingType):
-        (JSC::ByValInfo::ByValInfo):
-        (ByValInfo):
-        (JSC::getByValInfoBytecodeIndex):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        (JSC::CodeBlock::getByValInfo):
-        (JSC::CodeBlock::setNumberOfByValInfos):
-        (JSC::CodeBlock::numberOfByValInfos):
-        (JSC::CodeBlock::byValInfo):
-        * bytecode/SamplingTool.h:
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGArrayMode.cpp:
-        (JSC::DFG::fromObserved):
-        (JSC::DFG::modeAlreadyChecked):
-        (JSC::DFG::modeToString):
-        * dfg/DFGArrayMode.h:
-        (DFG):
-        (JSC::DFG::modeUsesButterfly):
-        (JSC::DFG::modeIsJSArray):
-        (JSC::DFG::isInBoundsAccess):
-        (JSC::DFG::mayStoreToTail):
-        (JSC::DFG::mayStoreToHole):
-        (JSC::DFG::modeIsPolymorphic):
-        (JSC::DFG::polymorphicIncludesContiguous):
-        (JSC::DFG::polymorphicIncludesArrayStorage):
-        (JSC::DFG::canCSEStorage):
-        (JSC::DFG::modeSupportsLength):
-        (JSC::DFG::benefitsFromStructureCheck):
-        (JSC::DFG::isEffectful):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::handleIntrinsic):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::getArrayLengthElimination):
-        (JSC::DFG::CSEPhase::getByValLoadElimination):
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::checkArray):
-        (JSC::DFG::FixupPhase::blessArrayOperation):
-        * dfg/DFGGraph.h:
-        (JSC::DFG::Graph::byValIsPure):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCacheGetByID):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::checkArray):
-        (JSC::DFG::SpeculativeJIT::arrayify):
-        (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
-        (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::putByValWillNeedExtraRegister):
-        (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
-        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
-        (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
-        (DFG):
-        (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
-        (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
-        (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * interpreter/Interpreter.cpp:
-        (SamplingScope):
-        (JSC::SamplingScope::SamplingScope):
-        (JSC::SamplingScope::~SamplingScope):
-        (JSC):
-        (JSC::Interpreter::execute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileSlowCases):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC::ByValCompilationInfo::ByValCompilationInfo):
-        (ByValCompilationInfo):
-        (JSC):
-        (JIT):
-        (JSC::JIT::compileGetByVal):
-        (JSC::JIT::compilePutByVal):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSArray):
-        (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
-        (JSC):
-        (JSC::arrayProfileSaw):
-        (JSC::JIT::chooseArrayMode):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emitSlow_op_new_array):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emitSlow_op_get_argument_by_val):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emitArrayStorageGetByVal):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitContiguousPutByVal):
-        (JSC::JIT::emitArrayStoragePutByVal):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        (JSC::JIT::privateCompilePatchGetArrayLength):
-        (JSC::JIT::privateCompileGetByVal):
-        (JSC::JIT::privateCompilePutByVal):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_by_val):
-        (JSC):
-        (JSC::JIT::emitContiguousGetByVal):
-        (JSC::JIT::emitArrayStorageGetByVal):
-        (JSC::JIT::emitSlow_op_get_by_val):
-        (JSC::JIT::emit_op_put_by_val):
-        (JSC::JIT::emitContiguousPutByVal):
-        (JSC::JIT::emitArrayStoragePutByVal):
-        (JSC::JIT::emitSlow_op_put_by_val):
-        * jit/JITStubs.cpp:
-        (JSC::getByVal):
-        (JSC):
-        (JSC::DEFINE_STUB_FUNCTION):
-        (JSC::putByVal):
-        * jit/JITStubs.h:
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * runtime/ArrayConventions.h:
-        (JSC::isDenseEnoughForVector):
-        * runtime/ArrayPrototype.cpp:
-        (JSC):
-        (JSC::shift):
-        (JSC::unshift):
-        (JSC::arrayProtoFuncPush):
-        (JSC::arrayProtoFuncShift):
-        (JSC::arrayProtoFuncSplice):
-        (JSC::arrayProtoFuncUnShift):
-        * runtime/Butterfly.h:
-        (Butterfly):
-        (JSC::Butterfly::fromPointer):
-        (JSC::Butterfly::pointer):
-        (JSC::Butterfly::publicLength):
-        (JSC::Butterfly::vectorLength):
-        (JSC::Butterfly::setPublicLength):
-        (JSC::Butterfly::setVectorLength):
-        (JSC::Butterfly::contiguous):
-        (JSC::Butterfly::fromContiguous):
-        * runtime/ButterflyInlineMethods.h:
-        (JSC::Butterfly::unshift):
-        (JSC::Butterfly::shift):
-        * runtime/IndexingHeaderInlineMethods.h:
-        (JSC::IndexingHeader::indexingPayloadSizeInBytes):
-        * runtime/IndexingType.cpp: Added.
-        (JSC):
-        (JSC::indexingTypeToString):
-        * runtime/IndexingType.h:
-        (JSC):
-        (JSC::hasContiguous):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::setLengthWithArrayStorage):
-        (JSC::JSArray::setLength):
-        (JSC):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::push):
-        (JSC::JSArray::shiftCountWithArrayStorage):
-        (JSC::JSArray::shiftCountWithAnyIndexingType):
-        (JSC::JSArray::unshiftCountWithArrayStorage):
-        (JSC::JSArray::unshiftCountWithAnyIndexingType):
-        (JSC::JSArray::sortNumericVector):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sortCompactedVector):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::sortVector):
-        (JSC::JSArray::fillArgList):
-        (JSC::JSArray::copyToArguments):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSC::JSArray::shiftCountForShift):
-        (JSC::JSArray::shiftCountForSplice):
-        (JSArray):
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCountForShift):
-        (JSC::JSArray::unshiftCountForSplice):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::isLengthWritable):
-        (JSC::createContiguousArrayButterfly):
-        (JSC):
-        (JSC::JSArray::create):
-        (JSC::JSArray::tryCreateUninitialized):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC):
-        (JSC::JSGlobalObject::haveABadTime):
-        (JSC::JSGlobalObject::visitChildren):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::arrayStructureWithArrayStorage):
-        (JSC::JSGlobalObject::addressOfArrayStructureWithArrayStorage):
-        (JSC::constructEmptyArray):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitButterfly):
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::putByIndex):
-        (JSC::JSObject::enterDictionaryIndexingMode):
-        (JSC::JSObject::createInitialContiguous):
-        (JSC):
-        (JSC::JSObject::createArrayStorage):
-        (JSC::JSObject::convertContiguousToArrayStorage):
-        (JSC::JSObject::ensureContiguousSlow):
-        (JSC::JSObject::ensureArrayStorageSlow):
-        (JSC::JSObject::ensureIndexedStorageSlow):
-        (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
-        (JSC::JSObject::switchToSlowPutArrayStorage):
-        (JSC::JSObject::setPrototype):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::defineOwnIndexedProperty):
-        (JSC::JSObject::putByIndexBeyondVectorLengthContiguousWithoutAttributes):
-        (JSC::JSObject::putByIndexBeyondVectorLength):
-        (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
-        (JSC::JSObject::putDirectIndexBeyondVectorLength):
-        (JSC::JSObject::getNewVectorLength):
-        (JSC::JSObject::countElementsInContiguous):
-        (JSC::JSObject::increaseVectorLength):
-        (JSC::JSObject::ensureContiguousLengthSlow):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSObject.h:
-        (JSC::JSObject::getArrayLength):
-        (JSC::JSObject::getVectorLength):
-        (JSC::JSObject::canGetIndexQuickly):
-        (JSC::JSObject::getIndexQuickly):
-        (JSC::JSObject::tryGetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuickly):
-        (JSC::JSObject::canSetIndexQuicklyForPutDirect):
-        (JSC::JSObject::setIndexQuickly):
-        (JSC::JSObject::initializeIndex):
-        (JSC::JSObject::hasSparseMap):
-        (JSC::JSObject::inSparseIndexingMode):
-        (JSObject):
-        (JSC::JSObject::ensureContiguous):
-        (JSC::JSObject::ensureIndexedStorage):
-        (JSC::JSObject::ensureContiguousLength):
-        (JSC::JSObject::indexingData):
-        (JSC::JSObject::relevantLength):
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::description):
-        * runtime/Options.cpp:
-        (JSC::Options::initialize):
-        * runtime/Structure.cpp:
-        (JSC::Structure::needsSlowPutIndexing):
-        (JSC):
-        (JSC::Structure::suggestedArrayStorageTransition):
-        * runtime/Structure.h:
-        (Structure):
-        * runtime/StructureTransitionTable.h:
-        (JSC::newIndexingType):
-
-2012-10-09  Michael Saboff  <msaboff@apple.com>
-
-        After r130344, OpaqueJSString::identifier() adds wrapped String to identifier table
-        https://bugs.webkit.org/show_bug.cgi?id=98693
-        REGRESSION (r130344): Install failed in Install Environment
-        <rdar://problem/12450118>
-
-        Reviewed by Mark Rowe.
-
-        Use Identifier(LChar*, length) or Identifier(UChar*, length) constructors so that we don't
-        add the String instance in the OpaqueJSString to any identifier tables.
-
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::identifier):
-
-2012-10-08  Mark Lam  <mark.lam@apple.com>
-
-        Renamed RegisterFile to JSStack, and removed prototype of the
-        previously deleted Interpreter::privateExecute().
-        https://bugs.webkit.org/show_bug.cgi?id=98717.
-
-        Reviewed by Filip Pizlo.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.order:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * bytecode/BytecodeConventions.h:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::nameForRegister):
-        * bytecode/CodeBlock.h:
-        (CodeBlock):
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::alreadyInJSStack):
-        (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt32):
-        (JSC::ValueRecovery::alreadyInJSStackAsUnboxedCell):
-        (JSC::ValueRecovery::alreadyInJSStackAsUnboxedBoolean):
-        (JSC::ValueRecovery::alreadyInJSStackAsUnboxedDouble):
-        (JSC::ValueRecovery::displacedInJSStack):
-        (JSC::ValueRecovery::isAlreadyInJSStack):
-        (JSC::ValueRecovery::virtualRegister):
-        (JSC::ValueRecovery::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::resolveCallee):
-        (JSC::BytecodeGenerator::emitCall):
-        (JSC::BytecodeGenerator::emitConstruct):
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::registerFor):
-        * dfg/DFGAbstractState.h:
-        (AbstractState):
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
-        (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
-        (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::getDirect):
-        (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
-        (JSC::DFG::ByteCodeParser::addCall):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
-        (JSC::DFG::ByteCodeParser::handleInlining):
-        (JSC::DFG::ByteCodeParser::parseBlock):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGGenerationInfo.h:
-        (GenerationInfo):
-        (JSC::DFG::GenerationInfo::needsSpill):
-        * dfg/DFGGraph.h:
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::compileEntry):
-        (JSC::DFG::JITCompiler::compileFunction):
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::beginCall):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryBuildGetByIDList):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::spill):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillInteger):
-        (JSC::DFG::SpeculativeJIT::emitCall):
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
-        (JSC::DFG::slowPathFor):
-        (JSC::DFG::virtualForThunkGenerator):
-        * dfg/DFGValueSource.cpp:
-        (JSC::DFG::ValueSource::dump):
-        * dfg/DFGValueSource.h:
-        (JSC::DFG::dataFormatToValueSourceKind):
-        (JSC::DFG::valueSourceKindToDataFormat):
-        (JSC::DFG::isInJSStack):
-        (JSC::DFG::ValueSource::forSpeculation):
-        (JSC::DFG::ValueSource::isInJSStack):
-        (JSC::DFG::ValueSource::valueRecovery):
-        * dfg/DFGVariableEventStream.cpp:
-        (JSC::DFG::VariableEventStream::reconstruct):
-        * heap/Heap.cpp:
-        (JSC::Heap::stack):
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        * heap/Heap.h:
-        (JSC):
-        (Heap):
-        * interpreter/CallFrame.cpp:
-        (JSC::CallFrame::stack):
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::calleeAsValue):
-        (JSC::ExecState::callee):
-        (JSC::ExecState::codeBlock):
-        (JSC::ExecState::scope):
-        (JSC::ExecState::callerFrame):
-        (JSC::ExecState::returnPC):
-        (JSC::ExecState::hasReturnPC):
-        (JSC::ExecState::clearReturnPC):
-        (JSC::ExecState::bytecodeOffsetForNonDFGCode):
-        (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
-        (JSC::ExecState::inlineCallFrame):
-        (JSC::ExecState::codeOriginIndexForDFG):
-        (JSC::ExecState::currentVPC):
-        (JSC::ExecState::setCurrentVPC):
-        (JSC::ExecState::setCallerFrame):
-        (JSC::ExecState::setScope):
-        (JSC::ExecState::init):
-        (JSC::ExecState::argumentCountIncludingThis):
-        (JSC::ExecState::offsetFor):
-        (JSC::ExecState::setArgumentCountIncludingThis):
-        (JSC::ExecState::setCallee):
-        (JSC::ExecState::setCodeBlock):
-        (JSC::ExecState::setReturnPC):
-        (JSC::ExecState::setInlineCallFrame):
-        (ExecState):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::slideRegisterWindowForCall):
-        (JSC::eval):
-        (JSC::loadVarargs):
-        (JSC::Interpreter::dumpRegisters):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::executeCall):
-        (JSC::Interpreter::executeConstruct):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::endRepeatCall):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::stack):
-        (Interpreter):
-        (JSC::Interpreter::execute):
-        (JSC):
-        * interpreter/JSStack.cpp: Copied from Source/JavaScriptCore/interpreter/RegisterFile.cpp.
-        (JSC::stackStatisticsMutex):
-        (JSC::JSStack::~JSStack):
-        (JSC::JSStack::growSlowCase):
-        (JSC::JSStack::gatherConservativeRoots):
-        (JSC::JSStack::releaseExcessCapacity):
-        (JSC::JSStack::initializeThreading):
-        (JSC::JSStack::committedByteCount):
-        (JSC::JSStack::addToCommittedByteCount):
-        * interpreter/JSStack.h: Copied from Source/JavaScriptCore/interpreter/RegisterFile.h.
-        (JSStack):
-        (JSC::JSStack::JSStack):
-        (JSC::JSStack::shrink):
-        (JSC::JSStack::grow):
-        * interpreter/RegisterFile.cpp: Removed.
-        * interpreter/RegisterFile.h: Removed.
-        * interpreter/VMInspector.cpp:
-        (JSC::VMInspector::dumpFrame):
-        * jit/JIT.cpp:
-        (JSC::JIT::JIT):
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        (JSC):
-        (JIT):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileLoadVarargs):
-        (JSC::JIT::compileCallEval):
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::compileLoadVarargs):
-        (JSC::JIT::compileCallEval):
-        (JSC::JIT::compileCallEvalSlowCase):
-        (JSC::JIT::compileOpCall):
-        * jit/JITCode.h:
-        (JSC):
-        (JSC::JITCode::execute):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutToCallFrameHeader):
-        (JSC::JIT::emitPutCellToCallFrameHeader):
-        (JSC::JIT::emitPutIntToCallFrameHeader):
-        (JSC::JIT::emitPutImmediateToCallFrameHeader):
-        (JSC::JIT::emitGetFromCallFrameHeaderPtr):
-        (JSC::JIT::emitGetFromCallFrameHeader32):
-        (JSC::JIT::updateTopCallFrame):
-        (JSC::JIT::unmap):
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_ret):
-        (JSC::JIT::emit_op_ret_object_or_this):
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emit_op_get_arguments_length):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        (JSC::JIT::emit_op_resolve_global_dynamic):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::privateCompileCTIMachineTrampolines):
-        (JSC::JIT::privateCompileCTINativeCall):
-        (JSC::JIT::emit_op_end):
-        (JSC::JIT::emit_op_create_this):
-        (JSC::JIT::emit_op_get_arguments_length):
-        (JSC::JIT::emit_op_get_argument_by_val):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::emit_op_get_scoped_var):
-        (JSC::JIT::emit_op_put_scoped_var):
-        * jit/JITStubs.cpp:
-        (JSC::ctiTrampoline):
-        (JSC::JITThunks::JITThunks):
-        (JSC):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-        (JSC):
-        (JITStackFrame):
-        * jit/JSInterfaceJIT.h:
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-        (JSC::SpecializedThunkJIT::returnJSValue):
-        (JSC::SpecializedThunkJIT::returnDouble):
-        (JSC::SpecializedThunkJIT::returnInt32):
-        (JSC::SpecializedThunkJIT::returnJSCell):
-        * llint/LLIntData.cpp:
-        (JSC::LLInt::Data::performAssertions):
-        * llint/LLIntOffsetsExtractor.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-        (JSC::LLInt::genericCall):
-        * llint/LLIntSlowPaths.h:
-        (LLInt):
-        * llint/LowLevelInterpreter.asm:
-        * runtime/Arguments.cpp:
-        (JSC::Arguments::tearOffForInlineCallFrame):
-        * runtime/CommonSlowPaths.h:
-        (JSC::CommonSlowPaths::arityCheckFor):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::visitChildren):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::globalExec):
-        * runtime/JSGlobalObject.h:
-        (JSC):
-        (JSGlobalObject):
-        * runtime/JSLock.cpp:
-        (JSC):
-        * runtime/JSVariableObject.h:
-        (JSVariableObject):
-        * runtime/MemoryStatistics.cpp:
-        (JSC::globalMemoryStatistics):
-
-2012-10-08  Kiran Muppala  <cmuppala@apple.com>
-
-        Throttle DOM timers on hidden pages.
-        https://bugs.webkit.org/show_bug.cgi?id=98474
-
-        Reviewed by Maciej Stachowiak.
-
-        Add HIDDEN_PAGE_DOM_TIMER_THROTTLING feature define.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-08  Michael Saboff  <msaboff@apple.com>
-
-        After r130344, OpaqueJSString() creates an empty string which should be a null string
-        https://bugs.webkit.org/show_bug.cgi?id=98417
-
-        Reviewed by Sam Weinig.
-
-        Changed create() of a null string to return 0. This is the same behavior as before r130344.
-
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::create):
-
-2012-10-07  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
-
-        Rename first/second to key/value in HashMap iterators
-        https://bugs.webkit.org/show_bug.cgi?id=82784
-
-        Reviewed by Eric Seidel.
-
-        * API/JSCallbackObject.h:
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
-        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnNonIndexPropertyNames):
-        * API/JSClassRef.cpp:
-        (OpaqueJSClass::~OpaqueJSClass):
-        (OpaqueJSClassContextData::OpaqueJSClassContextData):
-        (OpaqueJSClass::contextData):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        (JSC::EvalCodeCache::visitAggregate):
-        (JSC::CodeBlock::nameForRegister):
-        * bytecode/JumpTable.h:
-        (JSC::StringJumpTable::offsetForValue):
-        (JSC::StringJumpTable::ctiForValue):
-        * bytecode/LazyOperandValueProfile.cpp:
-        (JSC::LazyOperandValueProfileParser::getIfPresent):
-        * bytecode/SamplingTool.cpp:
-        (JSC::SamplingTool::dump):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addVar):
-        (JSC::BytecodeGenerator::addGlobalVar):
-        (JSC::BytecodeGenerator::addConstant):
-        (JSC::BytecodeGenerator::addConstantValue):
-        (JSC::BytecodeGenerator::emitLoad):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitLazyNewFunction):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::PropertyListNode::emitBytecode):
-        * debugger/Debugger.cpp:
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
-        (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
-        (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
-        * dfg/DFGAssemblyHelpers.cpp:
-        (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
-        * dfg/DFGByteCodeCache.h:
-        (JSC::DFG::ByteCodeCache::~ByteCodeCache):
-        (JSC::DFG::ByteCodeCache::get):
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::cellConstant):
-        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
-        (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
-        * heap/Heap.cpp:
-        (JSC::Heap::markProtectedObjects):
-        * heap/Heap.h:
-        (JSC::Heap::forEachProtectedCell):
-        * heap/JITStubRoutineSet.cpp:
-        (JSC::JITStubRoutineSet::markSlow):
-        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
-        * heap/SlotVisitor.cpp:
-        (JSC::SlotVisitor::internalAppend):
-        * heap/Weak.h:
-        (JSC::weakRemove):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::ctiStub):
-        * parser/Parser.cpp:
-        (JSC::::parseStrictObjectLiteral):
-        * profiler/Profile.cpp:
-        (JSC::functionNameCountPairComparator):
-        (JSC::Profile::debugPrintDataSampleStyle):
-        * runtime/Identifier.cpp:
-        (JSC::Identifier::add):
-        * runtime/JSActivation.cpp:
-        (JSC::JSActivation::getOwnNonIndexPropertyNames):
-        (JSC::JSActivation::symbolTablePutWithAttributes):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::setLength):
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::getOwnPropertySlotByIndex):
-        (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
-        (JSC::JSObject::deletePropertyByIndex):
-        (JSC::JSObject::getOwnPropertyNames):
-        (JSC::JSObject::defineOwnIndexedProperty):
-        (JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
-        (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
-        (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
-        (JSC::JSObject::getOwnPropertyDescriptor):
-        * runtime/JSSymbolTableObject.cpp:
-        (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
-        * runtime/JSSymbolTableObject.h:
-        (JSC::symbolTableGet):
-        (JSC::symbolTablePut):
-        (JSC::symbolTablePutWithAttributes):
-        * runtime/RegExpCache.cpp:
-        (JSC::RegExpCache::invalidateCode):
-        * runtime/SparseArrayValueMap.cpp:
-        (JSC::SparseArrayValueMap::putEntry):
-        (JSC::SparseArrayValueMap::putDirect):
-        (JSC::SparseArrayValueMap::visitChildren):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::clear):
-        (JSC::WeakGCMap::set):
-        * tools/ProfileTreeNode.h:
-        (JSC::ProfileTreeNode::sampleChild):
-        (JSC::ProfileTreeNode::childCount):
-        (JSC::ProfileTreeNode::dumpInternal):
-        (JSC::ProfileTreeNode::compareEntries):
-
-2012-10-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSC should have a way to gather and log Heap memory use and pause times
-        https://bugs.webkit.org/show_bug.cgi?id=98431
-
-        Reviewed by Geoffrey Garen.
-
-        In order to improve our infrastructure for benchmark-driven development, we should 
-        have a centralized method of gathering and logging various statistics about the state 
-        of the JS heap. This would allow us to create and to use other tools to analyze the 
-        output of the VM after running various workloads.
-
-        The first two statistics that might be interesting is memory use by JSC and GC pause 
-        times. We can control whether this recording happens through the use of the Options 
-        class, allowing us to either use environment variables or command line flags.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * heap/Heap.cpp:
-        (JSC::Heap::collect): If we finish a collection and are still over our set GC heap size, 
-        we end the program immediately and report an error. Also added recording of pause times.
-        * heap/Heap.h:
-        (Heap):
-        (JSC::Heap::shouldCollect): When we set a specific GC heap size through Options, we 
-        ignore all other heuristics on when we should collect and instead only ask if we're 
-        greater than the amount specified in the Option value. This allows us to view time/memory 
-        tradeoffs more clearly.
-        * heap/HeapStatistics.cpp: Added.
-        (JSC):
-        (JSC::HeapStatistics::initialize):
-        (JSC::HeapStatistics::recordGCPauseTime):
-        (JSC::HeapStatistics::logStatistics):
-        (JSC::HeapStatistics::exitWithFailure):
-        (JSC::HeapStatistics::reportSuccess):
-        (JSC::HeapStatistics::parseMemoryAmount):
-        (StorageStatistics):
-        (JSC::StorageStatistics::StorageStatistics):
-        (JSC::StorageStatistics::operator()):
-        (JSC::StorageStatistics::objectWithOutOfLineStorageCount):
-        (JSC::StorageStatistics::objectCount):
-        (JSC::StorageStatistics::storageSize):
-        (JSC::StorageStatistics::storageCapacity):
-        (JSC::HeapStatistics::showObjectStatistics): Moved the old showHeapStatistics (renamed to showObjectStatistics) 
-        to try to start collecting our various memory statistics gathering/reporting mechanisms scattered throughout the 
-        codebase into one place.
-        * heap/HeapStatistics.h: Added.
-        (JSC):
-        (HeapStatistics):
-        * jsc.cpp:
-        (main):
-        * runtime/InitializeThreading.cpp:
-        (JSC::initializeThreadingOnce): We need to initialize our data structures for recording 
-        statistics if necessary.
-        * runtime/Options.cpp: Add new Options for the various types of statistics we'll be gathering.
-        (JSC::parse):
-        (JSC):
-        (JSC::Options::initialize): Initialize the various new options using environment variables.
-        (JSC::Options::dumpOption):
-        * runtime/Options.h:
-        (JSC):
-
-2012-10-04  Rik Cabanier  <cabanier@adobe.com>
-
-        Turn Compositing on by default in WebKit build
-        https://bugs.webkit.org/show_bug.cgi?id=98315
-
-        Reviewed by Simon Fraser.
-
-        enable -webkit-blend-mode on trunk.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-04  Michael Saboff  <msaboff@apple.com>
-
-        Crash in Safari at com.apple.JavaScriptCore: WTF::StringImpl::is8Bit const + 12
-        https://bugs.webkit.org/show_bug.cgi?id=98433
-
-        Reviewed by Jessie Berlin.
-
-        The problem is due to a String with a null StringImpl (i.e. a null string).
-        Added a length check before the is8Bit() check since length() checks for a null StringImpl.  Changed the
-        characters16() call to characters() since it can handle a null StringImpl as well.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeFromJSONString):
-
-2012-10-04  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use copyLCharsFromUCharSource() for IdentifierLCharFromUCharTranslator translation
-        https://bugs.webkit.org/show_bug.cgi?id=98335
-
-        Reviewed by Michael Saboff.
-
-        Michael Saboff added an optimized version of UChar->LChar conversion in r125846.
-        Use this function in JSC::Identifier.
-
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierLCharFromUCharTranslator::translate):
-
-2012-10-04  Michael Saboff  <msaboff@apple.com>
-
-        After r130344, OpaqueJSString() creates a empty string which should be a null string
-        https://bugs.webkit.org/show_bug.cgi?id=98417
-
-        Reviewed by Alexey Proskuryakov.
-
-        Removed the setting of enclosed string to an empty string from default constructor.
-        Before changeset r130344, the semantic was the default constructor produced a null
-        string.
-
-        * API/OpaqueJSString.h:
-        (OpaqueJSString::OpaqueJSString):
-
-2012-10-04  Csaba Osztrogonác  <ossy@webkit.org>
-
-        [Qt] Add missing LLInt dependencies to the build system
-        https://bugs.webkit.org/show_bug.cgi?id=98394
-
-        Reviewed by Geoffrey Garen.
-
-        * DerivedSources.pri:
-        * LLIntOffsetsExtractor.pro:
-
-2012-10-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Next step toward fixing Windows: add new symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-10-03  Geoffrey Garen  <ggaren@apple.com>
-
-        First step toward fixing Windows: remove old symbol.
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-10-03  Geoffrey Garen  <ggaren@apple.com>
-
-        Removed the assumption that "final" objects have a fixed number of inline slots
-        https://bugs.webkit.org/show_bug.cgi?id=98332
-
-        Reviewed by Filip Pizlo.
-
-        This is a step toward object size inference.
-
-        I replaced the inline storage capacity constant with a data member per
-        structure, set the the maximum supported value for the constant to 100,
-        then fixed what broke. (Note that even though this patch increases the
-        theoretical maximum inline capacity, it doesn't change any actual inline
-        capacity.)
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::compileGetDirectOffset): These functions just get a rename:
-        the constant they need is the first out of line offset along the offset
-        number line, which is not necessarily the same thing (and is, in this
-        patch, never the same thing) as the inline capacity of any given object.
-
-        (JSC::JIT::emit_op_get_by_pname):
-        * jit/JITPropertyAccess32_64.cpp: This function changes functionality,
-        since it needs to convert from the abstract offset number line to an
-        actual offset in memory, and it can't assume that inline and out-of-line
-        offsets are contiguous on the number line.
-
-        (JSC::JIT::compileGetDirectOffset): Updated for rename.
-
-        (JSC::JIT::emit_op_get_by_pname): Same as emit_op_get_by_pname above.
-
-        * llint/LowLevelInterpreter.asm: Updated to mirror changes in PropertyOffset.h,
-        since we duplicate values from there.
-
-        * llint/LowLevelInterpreter32_64.asm:
-        * llint/LowLevelInterpreter64.asm: Just like the JIT, most things are just
-        renames, and get_by_pname changes to do more math. I also standardized
-        offset calculations to use a hard-coded "-2", to match the JIT. This
-        isn't really better, but it makes global search and replace easier,
-        should we choose to refactor this code not to hard-code constants.
-
-        I also renamed loadPropertyAtVariableOffsetKnownNotFinal to
-        loadPropertyAtVariableOffsetKnownNotInline in order to sever the assumption
-        that inline capacity is tied to object type, and I changed the 64bit LLInt
-        to use this -- not using this previously seems to have been an oversight.
-
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::visitChildren):
-        (JSC::JSFinalObject::visitChildren):
-        * runtime/JSObject.h:
-        (JSC::JSObject::offsetForLocation):
-        (JSNonFinalObject):
-        (JSC::JSFinalObject::createStructure):
-        (JSFinalObject):
-        (JSC::JSFinalObject::finishCreation): Updated for above changes.
-
-        * runtime/JSPropertyNameIterator.h:
-        (JSPropertyNameIterator):
-        (JSC::JSPropertyNameIterator::finishCreation): Store the inline capacity
-        of our object, since it's not a constant.
-
-        (JSC::JSPropertyNameIterator::getOffset): Removed. This function was
-        wrong. Luckily, it was also unused, since the C++ interpreter is gone.
-
-        * runtime/PropertyMapHashTable.h:
-        (PropertyTable): Use a helper function instead of hard-coding assumptions
-        about object types.
-
-        (JSC::PropertyTable::nextOffset):
-        * runtime/PropertyOffset.h:
-        (JSC):
-        (JSC::checkOffset):
-        (JSC::validateOffset):
-        (JSC::isInlineOffset):
-        (JSC::numberOfSlotsForLastOffset):
-        (JSC::propertyOffsetFor): Refactored these functions to take inline capacity
-        as an argument, since it's not fixed at compile time anymore.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::putSpecificValue):
-        * runtime/Structure.h:
-        (Structure):
-        (JSC::Structure::outOfLineCapacity):
-        (JSC::Structure::hasInlineStorage):
-        (JSC::Structure::inlineCapacity):
-        (JSC::Structure::inlineSize):
-        (JSC::Structure::firstValidOffset):
-        (JSC::Structure::lastValidOffset):
-        (JSC::Structure::create): Removed some hard-coded assumptions about inline
-        capacity and object type, and replaced with more liberal use of helper functions.
-
-2012-10-03  Michael Saboff  <msaboff@apple.com>
-
-        OpaqueJSString doesn't optimally handle 8 bit strings
-        https://bugs.webkit.org/show_bug.cgi?id=98300
-
-        Reviewed by Geoffrey Garen.
-
-        Change OpaqueJSString to store and manage a String instead of a UChar buffer.
-        The member string is a copy of any string used during creation.
-
-        * API/OpaqueJSString.cpp:
-        (OpaqueJSString::create):
-        (OpaqueJSString::identifier):
-        * API/OpaqueJSString.h:
-        (OpaqueJSString::characters):
-        (OpaqueJSString::length):
-        (OpaqueJSString::string):
-        (OpaqueJSString::OpaqueJSString):
-        (OpaqueJSString):
-
-2012-10-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Array.splice should be fast when it is used to remove elements other than the very first
-        https://bugs.webkit.org/show_bug.cgi?id=98236
-
-        Reviewed by Michael Saboff.
-
-        Applied the same technique that was used to optimize the unshift case of splice in
-        http://trac.webkit.org/changeset/129676.  This is a >20x speed-up on programs that
-        use splice for element removal.
-
-        * runtime/ArrayPrototype.cpp:
-        (JSC::shift):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::shiftCount):
-        * runtime/JSArray.h:
-        (JSArray):
-
-2012-09-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Delayed structure sweep can leak structures without bound
-        https://bugs.webkit.org/show_bug.cgi?id=96546
-
-        Reviewed by Geoffrey Garen.
-
-        This patch gets rid of the separate Structure allocator in the MarkedSpace and adds two new destructor-only
-        allocators. We now have separate allocators for our three types of objects: those objects with no destructors,
-        those objects with destructors and with immortal structures, and those objects with destructors that don't have 
-        immortal structures. All of the objects of the third type (destructors without immortal structures) now 
-        inherit from a new class named JSDestructibleObject (which in turn is a subclass of JSNonFinalObject), which stores 
-        the ClassInfo for these classes at a fixed offset for safe retrieval during sweeping/destruction.
-
-        * API/JSCallbackConstructor.cpp: Use JSDestructibleObject for JSCallbackConstructor.
-        (JSC):
-        (JSC::JSCallbackConstructor::JSCallbackConstructor):
-        * API/JSCallbackConstructor.h:
-        (JSCallbackConstructor):
-        * API/JSCallbackObject.cpp: Inherit from JSDestructibleObject for normal JSCallbackObjects and use a finalizer for 
-        JSCallbackObject<JSGlobalObject>, since JSGlobalObject also uses a finalizer.
-        (JSC):
-        (JSC::::create): We need to move the create function for JSCallbackObject<JSGlobalObject> out of line so we can add 
-        the finalizer for it. We don't want to add the finalizer is something like finishCreation in case somebody decides 
-        to subclass this. We use this same technique for many other subclasses of JSGlobalObject.
-        (JSC::::createStructure):
-        * API/JSCallbackObject.h:
-        (JSCallbackObject):
-        (JSC):
-        * API/JSClassRef.cpp: Change all the JSCallbackObject<JSNonFinalObject> to use JSDestructibleObject instead.
-        (OpaqueJSClass::prototype):
-        * API/JSObjectRef.cpp: Ditto.
-        (JSObjectMake):
-        (JSObjectGetPrivate):
-        (JSObjectSetPrivate):
-        (JSObjectGetPrivateProperty):
-        (JSObjectSetPrivateProperty):
-        (JSObjectDeletePrivateProperty):
-        * API/JSValueRef.cpp: Ditto.
-        (JSValueIsObjectOfClass):
-        * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * dfg/DFGSpeculativeJIT.h: Use the proper allocator type when doing inline allocation in the DFG.
-        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * heap/Heap.cpp:
-        (JSC):
-        * heap/Heap.h: Add accessors for the various types of allocators now. Also remove the isSafeToSweepStructures function 
-        since it's always safe to sweep Structures now.
-        (JSC::Heap::allocatorForObjectWithNormalDestructor): 
-        (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
-        (Heap):
-        (JSC::Heap::allocateWithNormalDestructor):
-        (JSC):
-        (JSC::Heap::allocateWithImmortalStructureDestructor):
-        * heap/IncrementalSweeper.cpp: Remove all the logic to detect when it's safe to sweep Structures from the 
-        IncrementalSweeper since it's always safe to sweep Structures now.
-        (JSC::IncrementalSweeper::IncrementalSweeper):
-        (JSC::IncrementalSweeper::sweepNextBlock):
-        (JSC::IncrementalSweeper::startSweeping):
-        (JSC::IncrementalSweeper::willFinishSweeping):
-        (JSC):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp: Remove the logic that was preventing us from sweeping Structures if it wasn't safe. Add 
-        tracking of the specific destructor type of allocator. 
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::allocateBlock):
-        * heap/MarkedAllocator.h:
-        (JSC::MarkedAllocator::destructorType):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::init):
-        * heap/MarkedBlock.cpp: Add all the destructor type stuff to MarkedBlocks so that we do the right thing when sweeping. 
-        We also use the stored destructor type to determine the right thing to do in all JSCell::classInfo() calls.
-        (JSC::MarkedBlock::create):
-        (JSC::MarkedBlock::MarkedBlock):
-        (JSC):
-        (JSC::MarkedBlock::specializedSweep):
-        (JSC::MarkedBlock::sweep):
-        (JSC::MarkedBlock::sweepHelper):
-        * heap/MarkedBlock.h:
-        (JSC):
-        (JSC::MarkedBlock::allocator):
-        (JSC::MarkedBlock::destructorType):
-        * heap/MarkedSpace.cpp: Add the new destructor allocators to MarkedSpace.
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::MarkedSpace::isPagedOut):
-        (JSC::MarkedSpace::freeBlock):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor):
-        (JSC::MarkedSpace::normalDestructorAllocatorFor):
-        (JSC::MarkedSpace::allocateWithImmortalStructureDestructor):
-        (JSC::MarkedSpace::allocateWithNormalDestructor):
-        (JSC::MarkedSpace::forEachBlock):
-        * heap/SlotVisitor.cpp: Add include because the symbol was needed in an inlined function.
-        * jit/JIT.h: Make sure we use the correct allocator when doing inline allocations in the baseline JIT.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-        (JSC::JIT::emitAllocateJSFinalObject):
-        (JSC::JIT::emitAllocateJSArray):
-        * jsc.cpp: 
-        (GlobalObject::create): Add finalizer here since JSGlobalObject needs to use a finalizer instead of inheriting from 
-        JSDestructibleObject.
-        * runtime/Arguments.cpp: Inherit from JSDestructibleObject.
-        (JSC):
-        * runtime/Arguments.h:
-        (Arguments):
-        (JSC::Arguments::Arguments):
-        * runtime/ErrorPrototype.cpp: Added an assert to make sure we have a trivial destructor.
-        (JSC):
-        * runtime/Executable.h: Indicate that all of the Executable* classes have immortal Structures.
-        (JSC):
-        * runtime/InternalFunction.cpp: Inherit from JSDestructibleObject.
-        (JSC):
-        (JSC::InternalFunction::InternalFunction):
-        * runtime/InternalFunction.h:
-        (InternalFunction):
-        * runtime/JSCell.h: Added two static bools, needsDestruction and hasImmortalStructure, that classes can override 
-        to indicate at compile time which part of the heap they should be allocated in.
-        (JSC::allocateCell): Use the appropriate allocator depending on the destructor type.
-        * runtime/JSDestructibleObject.h: Added. New class that stores the ClassInfo of any subclass so that it can be 
-        accessed safely when the object is being destroyed.
-        (JSC):
-        (JSDestructibleObject):
-        (JSC::JSDestructibleObject::classInfo):
-        (JSC::JSDestructibleObject::JSDestructibleObject):
-        (JSC::JSCell::classInfo): Checks the current MarkedBlock to see where it should get the ClassInfo from so that it's always safe.
-        * runtime/JSGlobalObject.cpp: JSGlobalObject now uses a finalizer instead of a destructor so that it can avoid forcing all 
-        of its relatives in the inheritance hierarchy (e.g. JSScope) to use destructors as well.
-        (JSC::JSGlobalObject::reset):
-        * runtime/JSGlobalObject.h:
-        (JSGlobalObject):
-        (JSC::JSGlobalObject::createRareDataIfNeeded): Since we always create a finalizer now, we don't have to worry about adding one 
-        for the m_rareData field when it's created.
-        (JSC::JSGlobalObject::create):
-        (JSC):
-        * runtime/JSGlobalThis.h: Inherit from JSDestructibleObject.
-        (JSGlobalThis):
-        (JSC::JSGlobalThis::JSGlobalThis):
-        * runtime/JSPropertyNameIterator.h: Has an immortal Structure.
-        (JSC):
-        * runtime/JSScope.cpp:
-        (JSC):
-        * runtime/JSString.h: Has an immortal Structure.
-        (JSC):
-        * runtime/JSWrapperObject.h: Inherit from JSDestructibleObject.
-        (JSWrapperObject):
-        (JSC::JSWrapperObject::JSWrapperObject):
-        * runtime/MathObject.cpp: Cleaning up some of the inheritance stuff.
-        (JSC):
-        * runtime/NameInstance.h: Inherit from JSDestructibleObject.
-        (NameInstance):
-        * runtime/RegExp.h: Has immortal Structure.
-        (JSC):
-        * runtime/RegExpObject.cpp: Inheritance cleanup.
-        (JSC):
-        * runtime/SparseArrayValueMap.h: Has immortal Structure.
-        (JSC):
-        * runtime/Structure.h: Has immortal Structure.
-        (JSC):
-        * runtime/StructureChain.h: Ditto.
-        (JSC):
-        * runtime/SymbolTable.h: Ditto.
-        (SharedSymbolTable):
-        (JSC):
-
-== Rolled over to ChangeLog-2012-10-02 ==

diff --git a/ChangeLog-PEP b/ChangeLog-PEP
deleted file mode 100644 (file)
index ec761bf..0000000
--- a/ChangeLog-PEP
+++ /dev/null
@@ -1,15646 +0,0 @@
-2013-08-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14642129> iOS: Crash in JIT code @ pivotaltracker.com due to incorrect ToPrimitive reported type speculations
-
-        Merge ToT WebKit r153674.
-
-    2013-08-02  Oliver Hunt  <oliver@apple.com>
-
-        Incorrect type speculation reported by ToPrimitive
-        https://bugs.webkit.org/show_bug.cgi?id=119458
-
-        Reviewed by Mark Hahnenberg.
-
-        Make sure that we report the correct type possibilities for the output
-        from ToPrimitive
-
-        * dfg/DFGAbstractInterpreterInlines.h:
-        (JSC::DFG::::executeEffects):
-
-2013-08-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14642073> iOS: Incorrect ToString/liveness in MakeRope construction
-
-        Merge ToT WebKit r153615.
-
-    2013-08-01  Oliver Hunt  <oliver@apple.com>
-
-        DFG is not enforcing correct ordering of ToString conversion in MakeRope
-        https://bugs.webkit.org/show_bug.cgi?id=119408
-
-        Reviewed by Filip Pizlo.
-
-        Construct ToString and Phantom nodes in advance of MakeRope
-        nodes to ensure that ordering is ensured, and correct values
-        will be reified on OSR exit.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2013-08-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14641805> iOS: REGRESSION: Crash when opening Facebook.com (119155)
-
-        Merge ToT WebKit r153410.
-
-    2013-07-28  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION: Crash when opening Facebook.com
-        https://bugs.webkit.org/show_bug.cgi?id=119155
-
-        Reviewed by Andreas Kling.
-
-        Scope nodes are always objects, so we should be using SpecObjectOther
-        rather than SpecCellOther.  Marking Scopes as CellOther leads to a
-        contradiction in the CFA, resulting in bogus codegen.
-
-        * dfg/DFGAbstractInterpreterInlines.h:
-        (JSC::DFG::::executeEffects):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-
-2013-08-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14641772> iOS: Removed unused sourceOffset from JSTokenLocation. (118996)
-
-        Merge ToT WebKit r153071.
-
-    2013-07-23  Mark Lam  <mark.lam@apple.com>
-
-        Removed unused sourceOffset from JSTokenLocation.
-        https://bugs.webkit.org/show_bug.cgi?id=118996.
-
-        Reviewed by Geoffrey Garen.
-
-        This also removes the assertion reported in the bug because it is now
-        moot, thereby resolving the assertion failure issue on Windows.
-
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::toArgumentList):
-        (JSC::ApplyFunctionCallDotNode::emitBytecode):
-        * parser/Lexer.cpp:
-        (JSC::::lex):
-        * parser/Lexer.h:
-        (JSC::::lexExpectIdentifier):
-        * parser/Nodes.h:
-        * parser/Parser.cpp:
-        (JSC::::Parser):
-        (JSC::::parseFunctionInfo):
-        (JSC::::parseExpressionOrLabelStatement):
-        (JSC::::parseMemberExpression):
-        * parser/Parser.h:
-        (JSC::::parse):
-        * parser/ParserTokens.h:
-        (JSC::JSTokenLocation::JSTokenLocation):
-
-2013-07-31  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14605489> iOS: Crash beneath jsTypeStringForValue @ zazzle.com (read past the end of the Arguments array)
-
-        Merge ToT WebKit r153500.
-
-    2013-07-30  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        GetByVal on Arguments does the wrong size load when checking the Arguments object length
-        https://bugs.webkit.org/show_bug.cgi?id=119281
-
-        Reviewed by Geoffrey Garen.
-
-        This leads to out of bounds accesses and subsequent crashes.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-07-31  Andy Estes  <aestes@apple.com>
-
-        <rdar://problem/14601962> iOS: CodeBlock DFG entry list isn't getting shrunk-to-fit after linking. (118875)
-
-        Merged ToT WebKit r152882.
-
-    2013-07-18  Andreas Kling  <akling@apple.com>
-
-        CodeBlock DFG entry list isn't getting shrunk-to-fit after linking.
-        <http://webkit.org/b/118875>
-        <rdar://problem/14488577>
-
-        Reviewed by Geoffrey Garen.
-
-        Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites
-        so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first.
-
-        886 kB progression on <http://twitter.com/awesomekling>
-
-        * dfg/DFGJITCompiler.cpp:
-        (JSC::DFG::JITCompiler::link):
-        (JSC::DFG::JITCompiler::compile):
-        (JSC::DFG::JITCompiler::compileFunction):
-
-2013-07-31  Andy Estes  <aestes@apple.com>
-
-        <rdar://problem/14601537> iOS: CodeBlock::m_argumentValueProfiles wastes a lot of memory. (118852)
-
-        Merged ToT WebKit r152848.
-
-    2013-07-18  Andreas Kling  <akling@apple.com>
-
-        CodeBlock::m_argumentValueProfiles wastes a lot of memory.
-        <http://webkit.org/b/118852>
-        <rdar://problem/14481659>
-
-        Reviewed by Anders Carlsson.
-
-        Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding
-        for growth, since we won't be appending to it anyway.
-
-        921 KB progression on <http://twitter.com/awesomekling>
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::setNumParameters):
-
-2013-07-30  Andy Estes  <aestes@apple.com>
-
-        <rdar://problem/14600834> iOS: [JavaScriptCore] reference to non-existent header in JSValue.h
-        
-        Merged ToT WebKit r152737.
-        
-    2013-07-16  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove reference to JSValueStructSupport.h from JSExport.h
-        https://bugs.webkit.org/show_bug.cgi?id=118746
-
-        Reviewed by Filip Pizlo.
-
-        * API/JSExport.h: No such header exists, so it doesn't make sense to reference it.
-
-2013-07-30  Daniel Bates  <dabates@apple.com>
-
-        <rdar://problem/14592535> iOS: Given an empty string, JSStringCreateWithCFString() should not return a JSStringRef whose characters member is NULL
-
-        Merge ToT WebKit r152807.
-
-    2013-07-30  Geoffrey Garen  <ggaren@apple.com>
-
-            JSStringCreateWithCFString should not convert the empty string into the NULL string
-            https://bugs.webkit.org/show_bug.cgi?id=118816
-
-            Reviewed by Sam Weinig.
-
-            * API/JSStringRef.cpp:
-            (JSStringCreateWithUTF8CString): Removed an extraneous comment, which
-            a previous version of the patch made incorrect.
-
-            * API/JSStringRefCF.cpp:
-            (JSStringCreateWithCFString): Don't convert the empty string into the
-            null string.
-
-2013-07-24  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14534782> iOS: DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs (119032)
-
-        Merge ToT WebKit r153075.
-
-    2013-07-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
-        https://bugs.webkit.org/show_bug.cgi?id=119032
-
-        Reviewed by Oliver Hunt.
-
-        It just needs some Phantom action.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
-
-2013-07-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14495049> iOS: LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile (118865)
-
-        Merge ToT WebKit r152868.
-
-    2013-07-18  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile
-        https://bugs.webkit.org/show_bug.cgi?id=118865
-
-        Reviewed by Mark Hahnenberg.
-
-        * llint/LowLevelInterpreter64.asm:
-
-2013-07-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/14495065> iOS: DFG assumes that NewFunction will never pass its input through (118798)
-
-        Merge ToT WebKit r152813, r152818.
-
-    2013-07-17  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-    2013-07-17  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG assumes that NewFunction will never pass its input through
-        https://bugs.webkit.org/show_bug.cgi?id=118798
-
-        Reviewed by Sam Weinig.
-        
-        Previously the DFG was assuming that NewFunction always returns a function. That's not
-        the case. It may return whatever was passed to it, if it wasn't passed SpecEmpty.
-        
-        This fact needed to be wired through the compiler.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::makeTop):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-07-10  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/14417366> JavaScriptCore Uninitialized Memory Vulnerability [V-v31xnbnoc5]
-
-        Merge OpenSource r152573
-
-    2013-07-10  Oliver Hunt  <oliver@apple.com>
-
-        NativeExecutable cache needs to use both call and construct functions for key
-        https://bugs.webkit.org/show_bug.cgi?id=118545
-
-        Reviewed by Geoffrey Garen.
-
-        Make the native executable cache make use a key pair so we don't decide to
-        treat all subsequent functions as not being constructors.
-
-        * jit/JITThunks.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITThunks.h:
-        * runtime/JSBoundFunction.cpp:
-        (JSC::JSBoundFunction::create):
-        * runtime/JSCell.cpp:
-        (JSC::JSCell::getCallData):
-        (JSC::JSCell::getConstructData):
-
-2013-07-01  Joseph Pecoraro  <pecoraro@apple.com>
-
-        <rdar://problem/14308371> Gracefully handle dropping support for <input type="datetime">
-
-        Drop the ENABLE so that <input type="datetime"> fallsback to the
-        appearance of an <input type="text">. It was already handling like
-        a textfield due to RuntimeEnabledFeatures.
-
-        Reviewed by Jon Lee.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-07-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/14171014> Seed 1 #2 hang - MobileSafari failed to resume in time (0x8badf00d) due to JSLock deadlock between Reader detection and JS confirm dialog
-
-        Reviewed by Geoff Garen.
-
-        DropAllLocks needs to be more judicious with locking the SpinLock when modifying
-        any of JSLock's auxiliary variables (e.g. m_lockCount, m_ownerThread, etc.).
-
-        * runtime/JSLock.cpp:
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::dropAllLocks): Changed to require a held SpinLock as an argument.
-        (JSC::JSLock::dropAllLocksUnconditionally): Ditto.
-        (JSC::JSLock::grabAllLocks): Ditto. Also now unlocks the SpinLock around acquiring 
-        the mutex and then reacquires it after it gets the mutex. We have to do this since we 
-        no longer control the locking of the SpinLock.
-        (JSC::JSLock::DropAllLocks::DropAllLocks): DropAllLocks now takes the SpinLock before
-        calling the helper functions.
-        (JSC::JSLock::DropAllLocks::~DropAllLocks): Similarly, ~DropAllLocks now takes the SpinLock
-        before calling grabAllLocks.
-        * runtime/JSLock.h:
-
-2013-06-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        J85: 11B404: Very high JIT memory usage in vmmap
-        <rdar://problem/14235816>  
-
-        Rubber stamped by Geoff Garen.
-
-        CPU(ARM) doesn't include CPU(ARM64), which is how we determine the size of our fixed 
-        pool of executable memory.
-
-        * jit/ExecutableAllocator.h:
-
-2013-06-26  Anders Carlsson  <andersca@apple.com>
-
-        <rdar://problem/14279905> Add JSStringCreateWithCharactersNoCopy SPI (118074)
-        
-        Merge ToT WebKit r152052.
-        
-    2013-06-26  Anders Carlsson  <andersca@apple.com>
-
-        Add JSStringCreateWithCharactersNoCopy SPI
-        https://bugs.webkit.org/show_bug.cgi?id=118074
-        <rdar://problem/14279905>
-
-        Reviewed by Geoffrey Garen.
-
-        * API/JSStringRef.cpp:
-        (JSStringCreateWithCharactersNoCopy):
-        Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function.
-
-        * API/JSStringRefPrivate.h: Added.
-        Add a home for the JSStringCreateWithCharactersNoCopy function.
-
-        * API/OpaqueJSString.h:
-        (OpaqueJSString::OpaqueJSString):
-        Just call isolatedCopy on the passed in string.
-
-        * API/tests/testapi.c:
-        Add an API test for JSStringCreateWithCharactersNoCopy.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Add new files.
-
-2013-05-30  David Farler  <dfarler@apple.com>
-
-        <rdar://problem/13952116> run-javascriptcore-tests always returns 0 on Mountain Lion
-
-               Merged ToT WebKit r150998
-
-       2013-05-30  David Farler  <dfarler@apple.com>
-
-               Fix jscore-test when not using --sdk option with jsDriver.pl
-               https://bugs.webkit.org/show_bug.cgi?id=116339
-
-               Reviewed by Joe Pecoraro.
-
-               * tests/mozilla/jsDriver.pl:
-               (execute_tests):
-               With each test, the shell_command needs to be started from scratch.
-
-               This fix will clear the shell_command and start over as before with
-               the opt_arch option when not using --sdk with jsDriver.pl.
-
-2013-05-30  David Farler  <dfarler@apple.com>
-
-        <rdar://problem/13952116> run-javascriptcore-tests always returns 0 on Mountain Lion
-
-        Merged ToT WebKit r150994
-
-    2013-05-22  David Farler  <dfarler@apple.com>
-
-        Add --sdk option to jsDriver.pl to run with iOS Simulator
-        https://bugs.webkit.org/show_bug.cgi?id=116339
-
-        Reviewed by David Kilzer.
-
-        * tests/mozilla/jsDriver.pl:
-        (execute_tests):
-        Prefix shell command with the path to the "sim" tool.
-        (parse_args):
-        Add -d / --sdk option.
-        (usage):
-        Help message for -d / --sdk option.
-
-2013-05-29  Roger Fong  <roger_fong@apple.com>
-
-        Disable some feature flags.
-        <rdar://problem/12952646>.
-
-        Rubberstamped by Jon Lee.
-
-        Disabled flags:
-        ENABLE_CSS_COMPOSITING
-        ENABLE_CSS_EXCLUSIONS
-        ENABLE_CSS_SHADERS
-        ENABLE_IFRAME_SEAMLESS
-        ENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED
-        ENABLE_SHARED_WORKERS
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-05-23  Chris Fleizach  <cfleizach@apple.com>
-
-        <rdar://problem/13974584> WEB SPEECH: enable WebSpeech for iOS
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-05-22  David Farler  <dfarler@apple.com>
-
-        Add --sdk flag to jsDriver.pl to allow running in the iOS simulator
-        https://bugs.webkit.org/show_bug.cgi?id=116339
-
-        Reviewed by Joe Pecoraro.
-
-        * tests/mozilla/jsDriver.pl:
-        (execute_tests):
-        Use -find to prevent false return 0 from xcrun on Mountain Lion.
-
-2013-05-20  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/11855076> CrashTracer: Crash ReaderController::collectReadingListItemInformation() due to passing a NULL ctx to JSValueIsObject(
-
-        Merged ToT WebKit r150381
-
-    2013-05-20  Oliver Hunt  <oliver@apple.com>
-
-        Make C API more robust against null contexts
-        https://bugs.webkit.org/show_bug.cgi?id=116462
-
-        Reviewed by Anders Carlsson.
-
-        Handle null contexts in a non-crashy way.  It's a bug to ever call the
-        API with a null context, and the absence of a context means we can't
-        produce a meaningful result, so we still assert in debug builds.
-
-        Now where possible we detect and early return, returning null for any
-        pointer type, NaN for doubles, and false for any boolean result.
-
-        * API/JSBase.cpp:
-        (JSEvaluateScript):
-        (JSCheckScriptSyntax):
-        (JSReportExtraMemoryCost):
-        * API/JSContextRef.cpp:
-        (JSContextGetGlobalObject):
-        (JSContextGetGroup):
-        (JSContextGetGlobalContext):
-        (JSContextCreateBacktrace):
-        * API/JSObjectRef.cpp:
-        (JSObjectMake):
-        (JSObjectMakeFunctionWithCallback):
-        (JSObjectMakeConstructor):
-        (JSObjectMakeFunction):
-        (JSObjectMakeArray):
-        (JSObjectMakeDate):
-        (JSObjectMakeError):
-        (JSObjectMakeRegExp):
-        (JSObjectGetPrototype):
-        (JSObjectSetPrototype):
-        (JSObjectHasProperty):
-        (JSObjectGetProperty):
-        (JSObjectSetProperty):
-        (JSObjectGetPropertyAtIndex):
-        (JSObjectSetPropertyAtIndex):
-        (JSObjectDeleteProperty):
-        (JSObjectCopyPropertyNames):
-        * API/JSValueRef.cpp:
-        (JSValueGetType):
-        (JSValueIsUndefined):
-        (JSValueIsNull):
-        (JSValueIsBoolean):
-        (JSValueIsNumber):
-        (JSValueIsString):
-        (JSValueIsObject):
-        (JSValueIsObjectOfClass):
-        (JSValueIsEqual):
-        (JSValueIsStrictEqual):
-        (JSValueIsInstanceOfConstructor):
-        (JSValueMakeUndefined):
-        (JSValueMakeNull):
-        (JSValueMakeBoolean):
-        (JSValueMakeNumber):
-        (JSValueMakeString):
-        (JSValueMakeFromJSONString):
-        (JSValueCreateJSONString):
-        (JSValueToBoolean):
-        (JSValueToNumber):
-        (JSValueToStringCopy):
-        (JSValueToObject):
-        (JSValueProtect):
-        * API/JSWeakObjectMapRefPrivate.cpp:
-
-2013-05-17  David Farler  <dfarler@apple.com>
-
-        <rdar://problem/13907880> MobileSafari buildbot: jscore-test fails for the simulator: dyld: Symbol not found: _objc_isAuto
-
-        Reviewed by David Kilzer and Joe Pecoraro.
-
-        * tests/mozilla/jsDriver.pl: Add -d/--sdk option to use a simulator SDK.
-        (execute_tests): Prefix jsc command with xcrun sim call if SDK is set.
-
-2013-05-15  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/13888177> REGRESSION: Crash beneath createScriptCallStackFromException @ www.cars.com
-        Merged ToT WebKit 150160
-
-    2013-05-15  Oliver Hunt  <oliver@apple.com>
-
-        RefCountedArray needs to use vector initialisers for its backing store
-        https://bugs.webkit.org/show_bug.cgi?id=116194
-
-        Reviewed by Gavin Barraclough.
-
-        Use an out of line function to clear the exception stack to avoid
-        needing to include otherwise unnecessary headers all over the place.
-
-        Everything else is just being updated to use that.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::clearSupplementaryExceptionInfo):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::addStackTraceIfNecessary):
-        (JSC::Interpreter::throwException):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
-        * runtime/VM.cpp:
-        (JSC):
-        (JSC::VM::clearExceptionStack):
-        * runtime/VM.h:
-        (VM):
-        (JSC::VM::exceptionStack):
-
-2013-05-14  Mark Lam  <mark.lam@apple.com>
-
-        Rename globalData to vm to match the renaming in the rest of the code.
-        This unbreaks the debug build for arm64.
-
-        Reviewed by Mark Hahnenberg.
-
-        * jit/JITStubs.cpp:
-        (JSC::performPlatformSpecificJITAssertions):
-
-2013-05-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/13889005> Objective-C API: Bridging between C API and Obj-C API should be part of the public interface
-
-        Merged ToT WebKit r149401
-
-    2013-04-30  Geoffrey Garen  <ggaren@apple.com>
-    
-        Objective-C JavaScriptCore API should publicly support bridging to C
-        https://bugs.webkit.org/show_bug.cgi?id=115447
-    
-        Reviewed by Mark Hahnenberg.
-    
-        For consistency, I renamed
-    
-            +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
-            +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
-            -[JSContext globalContext] => -[JSContext JSGlobalContextRef]
-    
-        I searched svn to verify that these functions don't have clients yet,
-        so we won't break anything.
-    
-        I also exported as public API
-    
-            +[JSValue valueWithJSValueRef:]
-            +[JSContext contextWithJSGlobalContextRef:]
-    
-        It's hard to integrate with the C API without these.
-
-2013-05-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/13877067> REGRESSION: Deadlock in AdSheet during JavaScript GC
-
-        Merged ToT WebKit r150050.
-    
-    2013-05-13  Mark Hahnenberg  <mhahnenberg@apple.com>
-    
-        Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
-        https://bugs.webkit.org/show_bug.cgi?id=116074
-
-        If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 
-        scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 
-        JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. 
-        If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 
-        is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.
-
-        Reviewed by Darin Adler.
-
-        * API/JSVirtualMachine.mm:
-        (scanExternalObjectGraph):
-
-2013-05-09  Michael Saboff  <msaboff@apple.com>
-
-        Merged ToT WebKit r149821.
-
-    2013-05-08  Michael Saboff  <msaboff@apple.com>
-
-        JSC: There should be a disassembler for ARM Thumb 2
-        https://bugs.webkit.org/show_bug.cgi?id=115827
-
-        Reviewed by Filip Pizlo.
-
-        Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
-        and profiling code.  The opcode coverage is currently not complete.  It covers all
-        of the integer instructions JSC currently emits, but only a limited number of
-        floating point opcodes.  Currently that is just the 64 bit vmov and vmsr instructions.
-
-        The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
-        for each instruction group.  There is a public format method that does the bulk of
-        the disassembly work.  There are two broad sub-classes, ARMv7D16BitOpcode and
-        ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes.  There are sub-classes under
-        those two classes for individual and related groups of opcodes.  Instructions are
-        "dispatched" to the right subclass via two arrays of linked lists in the inner classes
-        OpcodeGroup.  There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
-        Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
-        that it matches a particular group.  OpcodeGroup uses a static method to reinterpret_cast
-        the Opcode object to the right base class for the instruction group for formatting.
-        The cast eliminates the need of allocating an object for each decoded instruction.
-        Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
-        the instruction is 16 or 32 bit.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * disassembler/ARMv7: Added.
-        * disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
-        (ARMv7Disassembler):
-        (OpcodeGroupInitializer):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::init):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
-        * disassembler/ARMv7/ARMv7DOpcode.h: Added.
-        (ARMv7Disassembler):
-        (ARMv7DOpcode):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
-        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
-        (ARMv7D16BitOpcode):
-        (OpcodeGroup):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
-        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
-        (ARMv7DOpcodeAddRegisterT2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
-        (ARMv7DOpcodeAddSPPlusImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
-        (ARMv7DOpcodeAddSubtract):
-        (ARMv7DOpcodeAddSubtractT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
-        (ARMv7DOpcodeAddSubtractImmediate3):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
-        (ARMv7DOpcodeAddSubtractImmediate8):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
-        (ARMv7DOpcodeBranchConditionalT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
-        (ARMv7DOpcodeBranchExchangeT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
-        (ARMv7DOpcodeBranchT2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
-        (ARMv7DOpcodeCompareImmediateT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
-        (ARMv7DOpcodeCompareRegisterT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
-        (ARMv7DOpcodeCompareRegisterT2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
-        (ARMv7DOpcodeDataProcessingRegisterT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
-        (ARMv7DOpcodeGeneratePCRelativeAddress):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
-        (ARMv7DOpcodeLoadFromLiteralPool):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
-        (ARMv7DOpcodeLoadStoreRegisterImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
-        (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
-        (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
-        (ARMv7DOpcodeLoadStoreRegisterOffsetT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
-        (ARMv7DOpcodeLoadStoreRegisterSPRelative):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
-        (ARMv7DOpcodeLogicalImmediateT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
-        (ARMv7DOpcodeMiscAddSubSP):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
-        (ARMv7DOpcodeMiscByteHalfwordOps):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
-        (ARMv7DOpcodeMiscBreakpointT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
-        (ARMv7DOpcodeMiscCompareAndBranch):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
-        (ARMv7DOpcodeMiscHint16):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
-        (ARMv7DOpcodeMiscIfThenT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
-        (ARMv7DOpcodeMiscPushPop):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
-        (ARMv7DOpcodeMoveImmediateT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
-        (ARMv7DOpcodeMoveRegisterT1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
-        (ARMv7D32BitOpcode):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
-        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
-        (ARMv7DOpcodeBranchRelative):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
-        (ARMv7DOpcodeConditionalBranchT3):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
-        (ARMv7DOpcodeBranchOrBranchLink):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
-        (ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
-        (ARMv7DOpcodeDataProcessingModifiedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
-        (ARMv7DOpcodeDataProcessingShiftedReg):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
-        (ARMv7DOpcodeDataProcessingReg):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
-        (ARMv7DOpcodeDataProcessingRegShift):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
-        (ARMv7DOpcodeDataProcessingRegExtend):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
-        (ARMv7DOpcodeDataProcessingRegParallel):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
-        (ARMv7DOpcodeDataProcessingRegMisc):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
-        (ARMv7DOpcodeHint32):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
-        (ARMv7DOpcodeFPTransfer):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
-        (ARMv7DOpcodeDataLoad):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
-        (ARMv7DOpcodeLoadRegister):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
-        (ARMv7DOpcodeLoadSignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
-        (ARMv7DOpcodeLoadUnsignedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
-        (ARMv7DOpcodeLongMultipleDivide):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
-        (ARMv7DOpcodeDataPushPopSingle):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
-        (ARMv7DOpcodeDataStoreSingle):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
-        (ARMv7DOpcodeStoreSingleImmediate12):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
-        (ARMv7DOpcodeStoreSingleImmediate8):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
-        (ARMv7DOpcodeStoreSingleRegister):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
-        (ARMv7DOpcodeUnmodifiedImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
-        (ARMv7DOpcodeVMOVDoublePrecision):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
-        (ARMv7DOpcodeVMOVSinglePrecision):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
-        (ARMv7DOpcodeVMSR):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
-        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
-        * disassembler/ARMv7Disassembler.cpp: Added.
-        (JSC::tryToDisassemble):
-
-2013-04-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/13443266> Make sure that CSS shaders are not enabled when we ship Innsbruck
-
-        Reviewed by Joseph Pecoraro.
-
-        * Configurations/FeatureDefines.xcconfig: Turn off
-        ENABLE_CSS_SHADERS on iOS.
-
-2013-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use frintp instead of calling ceil() on ARMv8
-
-        Reviewed by Filip Pizlo.
-
-        Like floor(), it is about two times faster than calling the C function.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::ceilDouble):
-        (MacroAssemblerARM64):
-        * jit/ThunkGenerators.cpp:
-        (JSC::ceilThunkGenerator):
-
-2013-04-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Support OS-version-specific install paths for JavaScriptCore.framework
-        <rdar://problem/13696872> 
-
-        Reviewed by David Kilzer.
-
-        * API/JSBase.cpp: Added special symbols that tell the linker where to find JSC on older systems.
-
-2013-04-25  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use frintm instead of calling floor() on ARMv8
-
-        Reviewed by Filip Pizlo.
-
-        We can do floor() in one instruction on ARMv8. Add floorDouble() to the
-        MacroAssembler and use that instead of invoking the C function floor().
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::floorDouble):
-        (MacroAssemblerARM64):
-        * jit/ThunkGenerators.cpp:
-        (JSC::floorThunkGenerator):
-
-2013-04-25  Benjamin Poulain  <bpoulain@apple.com>
-
-        Special thunks for math functions should work on ARMv8
-
-        Reviewed by Filip Pizlo.
-
-        * jit/ThunkGenerators.cpp:
-        Add a ARMv8 thunks for math functions similar to Filip's optimization
-        on ARMv7.
-
-2013-04-25  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13716112> PEP Web: N41/11A344: MobileSafari crashed at JSC::speculationFromValue when running Alexa test.
-
-        Merged ToT WebKit r149128.
-
-    2013-04-25  Michael Saboff  <msaboff@apple.com>
-   
-        32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean
-        https://bugs.webkit.org/show_bug.cgi?id=115188
-
-        Reviewed by Geoff Garen.
-
-        Changed the RegExpTest node to set the AbstractValue to boolean, since that
-        what it is.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::executeEffects):
-
-2013-04-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Merge r149082. Nice speedup on Kraken with ARMv7.
-
-    2013-04-24  Filip Pizlo  <fpizlo@apple.com>
-
-        Special thunks for math functions should work on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=115144
-
-        Reviewed by Gavin Barraclough and Oliver Hunt.
-        
-        The only hard bit here was ensuring that we implemented the very special
-        "cheap C call" convention on ARMv7.
-
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::isARMv7s):
-        (JSC):
-        (JSC::isX86):
-        * dfg/DFGCommon.h:
-        * jit/SpecializedThunkJIT.h:
-        (SpecializedThunkJIT):
-        (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
-        * jit/ThunkGenerators.cpp:
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-
-2013-04-08  David Farler  <dfarler@apple.com>
-
-        <rdar://problem/13598231> jsc codesign is failing on engineering
-        builds and on some buildbots
-
-        Reviewed by NOBODY (OOPS!).
-
-        For the simulator, the tail end of the invocation is ending up
-        as "... --entitlements jsc", because there are no entitlements
-        for the simulator.
-
-        For the device, we have to use --force to protect incremental
-        builds. If jsc isn't rebuilt and copied, it'll already be signed
-        and codesign will return non-zero even though nothing is wrong.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        - Add a check for $CODE_SIGNING_ALLOWED &&
-        &AD_HOC_CODE_SIGNING_ALLOWED around the resigning block.
-        - Add --force to the codesign invocation to protect second-round
-        builds of jsc.
-        - Use one invocation of codesign with ${CODE_SIGN_IDENTITY:=-}
-        instead of an if statement.
-
-2013-04-07  David Farler  <dfarler@apple.com>
-
-        <rdar://problem/10387627> MAP_JIT Entitlements set inconsistently for jsc command-line binaries
-
-        Reviewed by NOBODY (OOPS!).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        If the configuration is Production or the action is "install",
-        the install path for jsc will be set to the framework path and
-        will be codesigned.
-
-        For other configurations and actions, the jsc binary is placed
-        in the build products directory and is also signed.
-
-        However, when copying that binary into the framework, the code
-        signature is lost. We can resign the binary with the same
-        entitlements and identity (parameterized for safety here, but
-        ad-hoc in practice).
-
-2013-03-19  Joseph Pecoraro  <pecoraro@apple.com>
-
-        <rdar://problem/8939634> Sub-TLF: Add JS APIs to trigger AirPlay from web pages, for HTML5 <video>
-
-        Add ENABLE(IOS_AIRPLAY) guard for iOS airplay feature enhancements.
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-30  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/13541888> Innsbruck11A321: checkForBugs: realpath() failed on /BuildRoot/…/PrivateFrameworks/JavaScriptCore.framework/JavaScriptCore
-
-        Reviewed by Mark Hahnenberg.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        (Add symlink from public to private framework): Create relative
-        symlink instead of absolute symlink.
-
-2013-03-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/13351449> Objective-C API: Move JSC framework to public frameworks directory on Innsbruck
-
-        Reviewed by NOBODY (OOPS!).
-
-        Change JavaScriptCore to be installed into the public Frameworks directory. Also add a symlink between the 
-        new and old location in case other projects link against JSC's absolute path.
-
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-03-22  Andy Estes  <aestes@apple.com>
-
-        <rdar://problem/13469374> Enable cache partitioning on iOS WebKit
-
-        Re-enable the feature after I rolled it out in r1197821.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-22  Andy Estes  <aestes@apple.com>
-
-        <rdar://problem/13469374> Enable cache partitioning on iOS WebKit
-
-        Patch by Jeffrey Pfau.
-        Rubber-stamped by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-20  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/13406788> Crash in JSC::CodeBlock::handlerForBytecodeOffset loading nba.com with merge #7
-
-        Merged ToT WebKit r146255.
-
-    2013-03-19  Oliver Hunt  <oliver@apple.com>
-
-            RELEASE_ASSERT fires in exception handler lookup
-
-            RS=Geoff Garen.
-
-            Temporarily switch this RELEASE_ASSERT into a regular ASSERT 
-            as currently this is producing fairly bad crashiness.
-
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::handlerForBytecodeOffset):
-
-2013-03-16  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/13425917> ImageBufferData::getData taking 14x (36ms -> 535ms) more time on apple.com webpage
-
-        Reviewed by Joseph Pecoraro.
-
-        Turn off ENABLE_HIGH_DPI_CANVAS on iOS. It got enabled by mistake in merge #4 <rdar://problem/12511066>.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merge of ToT WebKit r145842 for <rdar://problem/13422001>.
-
-    2013-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-    
-            Objective-C API: Nested dictionaries are not converted properly in the Objective-C binding
-            https://bugs.webkit.org/show_bug.cgi?id=112377
-    
-            Reviewed by Oliver Hunt.
-    
-            Accidental reassignment of the root task in the container conversion logic was causing the last 
-            array or dictionary processed to be returned in the case of nested containers.
-    
-            * API/JSValue.mm:
-            (containerValueToObject):
-            * API/tests/testapi.mm:
-
-2013-03-11  Michael Saboff  <msaboff@apple.com>
-
-        Merge of ToT WebKit r145417.
-
-    2013-03-11  Michael Saboff  <msaboff@apple.com>
-
-            Crash beneath operationCreateInlinedArguments running fast/js/dfg-create-inlined-arguments-in-closure-inline.html (32-bit only)
-            https://bugs.webkit.org/show_bug.cgi?id=112067
-
-            Reviewed by Geoffrey Garen.
-
-            We weren't setting the tag in SetCallee.  Therefore set it to CellTag.
-
-            * dfg/DFGSpeculativeJIT32_64.cpp:
-            (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-07  Michael Saboff  <msaboff@apple.com>
-
-        Merge ToT WebKit r145150.
-
-    2013-03-07  Michael Saboff  <msaboff@apple.com>
-
-            Crash when updating predictions below JSC::arrayProtoFuncForEach on tuaw.com article
-            https://bugs.webkit.org/show_bug.cgi?id=111777
-
-            Reviewed by Filip Pizlo.
-
-            Moved register allocations to be above any generated control flow so that any
-            resulting spill would be visible to all subsequently generated code.
-
-            * dfg/DFGSpeculativeJIT32_64.cpp:
-            (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-            (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-            (JSC::DFG::SpeculativeJIT::compile):
-            * dfg/DFGSpeculativeJIT64.cpp:
-            (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
-            (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
-            (JSC::DFG::SpeculativeJIT::compile):
-
-2013-03-06  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13319989> GPRInfo.debugName for CPU(ARM) is wrong (and might be wrong for CPU(ARM64) as well)
-
-        Reviewed by David Kilzer.
-
-       Restored THUMB2 to what is in open source and cleaned up ARM64 for both toIndex() and debugName().  Added
-       static_cast's to ARM64 code. 
-
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-
-2013-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merge ToT WebKit r143637 and follow-up build fixes r143750, r144545, r144546, and r144662.
-
-    2013-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-    
-            Objective-C API: Need a way to use the Objective-C JavaScript API with WebKit
-            https://bugs.webkit.org/show_bug.cgi?id=106059
-    
-            Reviewed by Geoffrey Garen.
-            
-            * API/JSBase.h: Renamed enable flag for API.
-            * API/JSBlockAdaptor.h: Using new flag.
-            * API/JSBlockAdaptor.mm: Ditto.
-            * API/JSContext.h: Add convenience C API conversion function for JSGlobalContextRef.
-            * API/JSContext.mm: 
-            (-[JSContext JSGlobalContextRef]): Implementation of C API convenience function.
-            (-[JSContext initWithVirtualMachine:]): We don't use the m_apiData field any more.
-            (-[JSContext initWithGlobalContextRef:]): init method for allocating new JSContexts given a JSGlobalContextRef.
-            (-[JSContext dealloc]): No more m_apiData.
-            (-[JSContext wrapperForObjCObject:]): Renamed wrapperForObject. 
-            (-[JSContext wrapperForJSObject:]): Fetches or allocates the JSValue for the specified JSValueRef in this JSContext.
-            (+[JSContext contextWithGlobalContextRef:]): Helper function to grab the lightweight JSContext wrapper for a given
-            JSGlobalContextRef from the global wrapper cache or allocate a new one if there isn't already one.
-            * API/JSContextInternal.h: New flag, new method declaration for initWithGlobalContextRef.
-            * API/JSExport.h: New flag.
-            * API/JSValue.h: New flag and new C API convenience method.
-            * API/JSValue.mm:
-            (-[JSValue JSValueRef]): Implementation of the C API convenience method.
-            (objectToValueWithoutCopy):
-            (+[JSValue valueWithValue:inContext:]): We now ask the JSContext for an Objective-C JSValue wrapper, which it can cache
-            in its internal JSWrapperMap.
-            * API/JSValueInternal.h:
-            * API/JSVirtualMachine.h:
-            * API/JSVirtualMachine.mm: Added global cache that maps JSContextGroupRef -> JSVirtualMachine lightweight wrappers.
-            (wrapperCacheLock):
-            (initWrapperCache):
-            (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
-            (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
-            (-[JSVirtualMachine init]):
-            (-[JSVirtualMachine initWithContextGroupRef:]):
-            (-[JSVirtualMachine dealloc]):
-            (+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
-            (-[JSVirtualMachine contextForGlobalContextRef:]):
-            (-[JSVirtualMachine addContext:forGlobalContextRef:]):
-            * API/JSVirtualMachineInternal.h:
-            * API/JSWrapperMap.h:
-            * API/JSWrapperMap.mm:
-            (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We use the JSObjectSetPrototype C API call because 
-            setting the __proto__ property causes all sorts of bad things to happen behind the scenes, which can cause crashes based on 
-            when it gets called.
-            (-[JSWrapperMap initWithContext:]):
-            (-[JSWrapperMap jsWrapperForObject:]):
-            (-[JSWrapperMap objcWrapperForJSValueRef:]):
-
-2013-03-01  Dan Bernstein  <mitz@apple.com>
-
-        Removed unused legacy build configurations
-
-        Reviewed by Enrica Casucci.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX: testapi should link to Foundation, not CoreFoundation
-
-        Merge ToT WebKit r144521.
-
-    2013-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX: testapi should link to Foundation, not CoreFoundation
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Change testapi to
-        link to Foundation.framework instead of CoreFoundation.framework
-        since it uses NS types.
-
-2013-03-01  Michael Saboff  <msaboff@apple.com>
-
-        Merged ToT WebKit r143667
-
-    2013-02-21  Filip Pizlo  <fpizlo@apple.com>
-
-        Object allocation profiling will refuse to create objects with more than JSFinalObject::maxInlineCapacity() inline slots, but JSFunction::allocationProfile() asserts that the number of inline slots is always what it asked for
-        https://bugs.webkit.org/show_bug.cgi?id=110519
-        <rdar://problem/13218566>
-
-        Reviewed by Geoffrey Garen.
-
-        * runtime/JSFunction.h:
-        (JSC::JSFunction::allocationProfile):
-
-2013-03-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Fix the JavaScriptCoreEmbedded build
-
-        Reviewed by David Kilzer.
-
-        * API/ObjCCallbackFunction.mm: Include JSCJSValueInlines.h, which has some symbols that weren't making it
-        into the file.
-
-2013-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/13227154> Objective-C API should work on Innsbruck
-
-        Reviewed by David Kilzer.
-
-        * API/JSBase.h: Added the inlined version of PLATFORM(IOS) and PLATFORM(IOS_SIMULATOR) to the 
-        JS_OBJC_API_ENABLED macro.
-        * API/JSContext.h: Made the JSContext class available on 7.0.
-        * API/JSValue.h: Ditto for JSValue. Also added import for CoreGraphics since some of the JSValue
-        API uses CoreGraphics types.
-        * API/JSValue.mm: Added some casting to fix some compiler warnings about double narrowing to float.
-        (-[JSValue toPoint]):
-        (-[JSValue toSize]):
-        * API/JSVirtualMachine.h: Made JSVirtualMachine available on 7.0.
-        * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
-
-2013-02-27  Pratik Solanki  <psolanki@apple.com>
-
-        Merged ToT WebKit r143759, r143765, r143768.
-
-    2013-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Fix the 32-bit build by using the right data type in more places.
-
-        * runtime/CodeCache.h:
-        (CodeCacheMap):
-
-    2013-02-22  Geoffrey Garen  <ggaren@apple.com>
-
-        Not reviewed.
-
-        Fix the 32-bit build by using the right data type.
-
-        * runtime/CodeCache.h:
-        (JSC::CodeCacheMap::find):
-
-    2013-02-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Code cache size should adapt to workload
-        https://bugs.webkit.org/show_bug.cgi?id=110560
-
-        Reviewed by Antti Koivisto.
-
-        (*) 5% PLT arithmetic mean speedup
-        (*) 10% PLT geometric mean speedup
-        (*) 3.4X microbenchmark speedup
-        (*) Reduces initial cache capacity by 16X
-
-        * runtime/CodeCache.cpp:
-        (JSC::CodeCache::CodeCache): Updated for interface change.
-
-        * runtime/CodeCache.h:
-        (JSC::SourceCodeValue::SourceCodeValue):
-        (SourceCodeValue): Turned the cache value into a struct so it can track its age.
-
-        (CodeCacheMap):
-        (JSC::CodeCacheMap::CodeCacheMap):
-        (JSC::CodeCacheMap::find):
-        (JSC::CodeCacheMap::set):
-        (JSC::CodeCacheMap::clear):
-        (JSC::CodeCacheMap::pruneIfNeeded):
-        (CodeCache): Grow and shrink in response to usage.
-
-2013-02-27  Eric Carlson  <eric.carlson@apple.com>
-
-        <rdar://problem/13305536> Define ENABLE_VIDEO_TRACK again
-
-        Reviewed by Dean Jackson.
-
-        * Configurations/FeatureDefines.xcconfig: Define ENABLE_VIDEO_TRACK again.
-
-2013-02-21  Andy Estes  <aestes@apple.com>
-
-        Fix the ARMV7S build.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
-
-2013-02-21  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13102630> 25-30% regression in V8 RayTrace test with JIT disabled, 11A192 to 11A193
-
-        Merge ToT WebKit r143677
-
-    2013-02-21  Michael Saboff  <msaboff@apple.com>
-
-        25-30% regression in V8 RayTrace test in 32 bit builds with JIT disabled
-        https://bugs.webkit.org/show_bug.cgi?id=110539
-
-        Reviewed by Filip Pizlo.
-
-        Change the scale used to lookup pointers in JSGlobalObject::m_specialPointers to be 4 bytes for
-        the 32 bit version of the interpreter.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2013-02-14  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/13208373> Set GCC_WARN_64_TO_32_BIT_CONVERSION=NO for 64-bit archs on all WebKit projects (except ANGLE)
-
-        Merge ToT WebKit r142903.
-
-    2013-02-14  David Kilzer  <ddkilzer@apple.com>
-
-        [Mac] Clean up WARNING_CFLAGS
-        <http://webkit.org/b/109747>
-        <rdar://problem/13208373>
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Use
-        GCC_WARN_64_TO_32_BIT_CONVERSION to enable and disable
-        -Wshorten-64-to-32 rather than WARNING_CFLAGS.
-
-2013-02-12  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13195432> ARM64: Expand use of temp register cache for store{32,64} immediate
-
-        Reviewed by Filip Pizlo.
-
-        Added store32 and store64 of immediate operand to paths that try the temporary register cache.
-        Also added code in tryMoveUsingCacheRegisterContents() to try using mov immediate pseudo before
-        trying move multiple.
-
-        This change is neutral on the normal benchmarks.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::store64):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::tryMoveUsingCacheRegisterContents):
-        (JSC::MacroAssemblerARM64::moveToCachedReg):
-
-2013-02-12  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13195431> ARM64: Use tst <reg>, #imm where possible
-
-        Reviewed by Gavin Barraclough.
-
-        Try to see is a tst immediate will work before loading a temporary register and testing against it.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::branchTest32):
-        (JSC::MacroAssemblerARM64::branchTest64):
-        * disassembler/ARM64/A64DOpcode.cpp:
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::format): Fixed spelling of "tst" pseudo.
-
-2013-02-12  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13195430> ARM64: Use mov <reg>, #imm where possible instead of move wide
-
-        Reviewed by Gavin Barraclough.
-
-        Add check to see if we can use mov immediate pseudo in moveInternal.  If possible, it will
-        only produce one instruction.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::moveInternal):
-        * disassembler/ARM64/A64DOpcode.h:
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::nBit): Fixed disassembler bug for logical immediates.
-
-2013-02-08  Joseph Pecoraro  <pecoraro@apple.com>
-
-        <rdar://problem/9489229> Implement Page Visibility API (60576) (html5test.com)
-
-        Reviewed by Ian Henderson.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2013-02-06  Joseph Pecoraro  <pecoraro@apple.com>
-
-        <rdar://problem/13028628> Disable FULLSCREEN_API on iOS
-
-        Merge OpenSource r141477.
-
-    2013-01-31  Joseph Pecoraro  <pecoraro@apple.com>
-
-            Disable ENABLE_FULLSCREEN_API on iOS
-            https://bugs.webkit.org/show_bug.cgi?id=108250
-
-            Reviewed by Benjamin Poulain.
-
-            * Configurations/FeatureDefines.xcconfig:
-
-2013-02-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/13147108> PEP Web: REGRESSION: MobileSafari crashed in JSC::Interpreter::execute at loading www.thechive.com when running Alexa test.
-
-        Merge ToT WebKit r141168.
-
-    2013-01-29  Oliver Hunt  <oliver@apple.com>
-
-        REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute
-        https://bugs.webkit.org/show_bug.cgi?id=108097
-
-        Reviewed by Geoffrey Garen.
-
-        LiteralParser was accepting a bogus 'var a.b = c' statement
-
-        * runtime/LiteralParser.cpp:
-        (JSC::::tryJSONPParse):
-
-2013-02-07  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12540077> ARM64 inline cache patching should be able to deal with negative offsets
-
-        Reviewed by Filip Pizlo.
-
-        Changed {load,store}{32,64}WithAddressOffsetPatch() to use a signed extended 32 bit index register 
-        instead of the full 64 bit register.  Made repatchInt32() tolerate existing movn instructions in Debug
-        builds.  Reverted back to the default MacroAssembler version of isPtrAlignedAddressOffset().
-
-        This patch is neutral on sunspider, v8v7, js-regress and kraken.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::repatchInt32):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::isPtrAlignedAddressOffset):
-        * assembler/MacroAssemblerARM64.h:
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::load64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
-
-2013-02-05  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13144376> PEP Web: REGRESSION: MobileSafari crashed at JSC::call when loading www.gap.com.
-
-        Merged r141951: <http://trac.webkit.org/changeset/141951> from open source.
-
-    2013-02-05  Michael Saboff  <msaboff@apple.com>
-
-            Crash at JSC::call when loading www.gap.com with JSVALUE32_64 Enabled
-            https://bugs.webkit.org/show_bug.cgi?id=108991
-
-            Reviewed by Oliver Hunt.
-
-            Changed the restoration from calleeGPR to nonArgGPR0 because the restoration of the return location
-            may step on calleeGPR is it happen to be nonArgGPR2.
-
-            * dfg/DFGRepatch.cpp:
-            (JSC::DFG::dfgLinkClosureCall):
-
-2013-02-04  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/12204959> Innsbruck11A161: JavaScriptCore_Sim-1104 fails to installhdrs: 'Availability.h' file not found
-
-        Reviewed by Joseph Pecoraro.
-
-        Revert r1147142 (using scrub-ifdefs.pl to remove PLATFORM(IOS)
-        macros from private header files) and instead use a solution
-        that defines the "WTF_PLATFORM_IOS" macro in JSBase.h in the
-        absence of the <wtf/Platform.h> header, and switches to using a
-        check for WTF_PLATFORM_IOS in JSBasePrivate.h.
-
-        This also merges ToT WebKit r141786.
-
-        * API/JSBase.h: If WTF_PLATFORM_IOS has not been defined,
-        include TargetConditionals.h and define WTF_PLATFORM_IOS if
-        we're building for iOS or iOS Simulator.
-        * API/JSBasePrivate.h: Switch from PLATFORM(IOS) to checking
-        WTF_PLATFORM_IOS.
-        * API/tests/testapi.c: Remove include of config.h header which
-        worked around the use of the PLATFORM(IOS) macro in
-        JSBasePrivate.h.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        - Remove "Scrub Installed Headers" build phase.  (Accidentally
-          removed in r1177684 with Merge #4.)
-        - Add PrivateHeaders/JSBasePrivate.h to "Check for Inappropriate
-          Macros in External Headers" build phase script (merge ToT
-          WebKit r141786).
-        * scrub-ifdefs.pl: Remove.
-
-2013-02-04  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13091387> Port ARM64 integer division DFG enhancements back to ARMv7s
-
-        Although developed first on iOS, I landed this in OpenSource so this change is effectively
-        a merge back to iOS.  Since puzzlebox is ~1 week behind OpenSource, this version doesn't
-        have the Node& to Node* changes.
-
-    2013-02-04  Michael Saboff  <msaboff@apple.com>
-
-            For ARMv7s use integer divide instruction for divide and modulo when possible
-            https://bugs.webkit.org/show_bug.cgi?id=108840
-
-            Reviewed in person by Filip Pizlo.
-
-            Added ARMv7s integer divide path for ArithDiv and ArithMod where operands and results are integer.
-            This is patterned after the similar code for X86.  Also added modulo power of 2 optimization
-            that uses logical and.  Added sdiv and udiv to the ARMv7 disassembler.  Put all the changes
-            behind #if CPU(APPLE_ARMV7S).
-
-            * assembler/ARMv7Assembler.h:
-            (ARMv7Assembler):
-            (JSC::ARMv7Assembler::sdiv):
-            (JSC::ARMv7Assembler::udiv):
-            * dfg/DFGCommon.h:
-            (JSC::DFG::isARMv7s):
-            * dfg/DFGFixupPhase.cpp:
-            (JSC::DFG::FixupPhase::fixupNode):
-            * dfg/DFGSpeculativeJIT.cpp:
-            (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-            (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
-            * dfg/DFGSpeculativeJIT.h:
-            (SpeculativeJIT):
-            * dfg/DFGSpeculativeJIT32_64.cpp:
-            (JSC::DFG::SpeculativeJIT::compile):
-
-2013-02-01  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13137591> ARM64: Cache the contents of macro assembler temp register values to use prior contents
-
-        Reviewed by Filip Pizlo.
-
-        Added CachedTempRegister class to the abstract macro assembler to store the contents and state
-        of a temp register.  Refactored the access and use of temporary registers in A64 macro assembler.
-        When we want to put an immediate value in a register with wide move instructions, or we want to
-        load/store using the address in a temporary register, we consult the cache to see if we have a
-        valid value that we can use all or part.  In the case of a load / store, we first try an offset
-        to the existing value and then emit one or two movk to change the half word(s) to get the address
-        we need.  For simple uses where we put a temporary value for immediate use, e.g. add immediate,
-        there isn't any change in functionality.  The contents of the cache is invalidated for any label.
-
-        Also fixed the canEncodePImmOffset() which had reverse logic to enable use of ldr/str with
-        scaled positive offsets.
-
-        This changes is performance neutral on sunspider, a 2.7% speed up on JS-regress and a
-        1.9% speed up on V8.  V8 sped up due to a 8% speed up in raytrace.  Code improvement
-        details are in the radar.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::canEncodePImmOffset):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::Label::Label):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (CachedTempRegister):
-        (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
-        (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
-        (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
-        (JSC::AbstractMacroAssembler::CachedTempRegister::value):
-        (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
-        (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
-        (AbstractMacroAssembler):
-        (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
-        (JSC::AbstractMacroAssembler::isTempRegisterValid):
-        (JSC::AbstractMacroAssembler::clearTempRegisterValid):
-        (JSC::AbstractMacroAssembler::setTempRegisterValid):
-        * assembler/MacroAssemblerARM64.h:
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::add32):
-        (JSC::MacroAssemblerARM64::add64):
-        (JSC::MacroAssemblerARM64::and32):
-        (JSC::MacroAssemblerARM64::and64):
-        (JSC::MacroAssemblerARM64::mul32):
-        (JSC::MacroAssemblerARM64::or32):
-        (JSC::MacroAssemblerARM64::or64):
-        (JSC::MacroAssemblerARM64::sub32):
-        (JSC::MacroAssemblerARM64::sub64):
-        (JSC::MacroAssemblerARM64::xor32):
-        (JSC::MacroAssemblerARM64::xor64):
-        (JSC::MacroAssemblerARM64::load64):
-        (JSC::MacroAssemblerARM64::load64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32):
-        (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load16):
-        (JSC::MacroAssemblerARM64::load16Signed):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::load8Signed):
-        (JSC::MacroAssemblerARM64::store64):
-        (JSC::MacroAssemblerARM64::store64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store16):
-        (JSC::MacroAssemblerARM64::store8):
-        (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerARM64::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM64::loadDouble):
-        (JSC::MacroAssemblerARM64::loadFloat):
-        (JSC::MacroAssemblerARM64::storeDouble):
-        (JSC::MacroAssemblerARM64::storeFloat):
-        (JSC::MacroAssemblerARM64::pushToSave):
-        (JSC::MacroAssemblerARM64::swap):
-        (JSC::MacroAssemblerARM64::branch32):
-        (JSC::MacroAssemblerARM64::branch64):
-        (JSC::MacroAssemblerARM64::branch8):
-        (JSC::MacroAssemblerARM64::branchTest32):
-        (JSC::MacroAssemblerARM64::branchTest64):
-        (JSC::MacroAssemblerARM64::branchTest8):
-        (JSC::MacroAssemblerARM64::branchAdd32):
-        (JSC::MacroAssemblerARM64::branchAdd64):
-        (JSC::MacroAssemblerARM64::branchMul32):
-        (JSC::MacroAssemblerARM64::branchSub32):
-        (JSC::MacroAssemblerARM64::branchSub64):
-        (JSC::MacroAssemblerARM64::call):
-        (JSC::MacroAssemblerARM64::jump):
-        (JSC::MacroAssemblerARM64::tailRecursiveCall):
-        (JSC::MacroAssemblerARM64::compare32):
-        (JSC::MacroAssemblerARM64::compare64):
-        (JSC::MacroAssemblerARM64::compare8):
-        (JSC::MacroAssemblerARM64::test32):
-        (JSC::MacroAssemblerARM64::test8):
-        (JSC::MacroAssemblerARM64::test64):
-        (JSC::MacroAssemblerARM64::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM64::storePtrWithPatch):
-        (JSC::MacroAssemblerARM64::getCachedDataTempRegisterIDAndInvalidate):
-        (JSC::MacroAssemblerARM64::getCachedMemoryTempRegisterIDAndInvalidate):
-        (JSC::MacroAssemblerARM64::isInIntRange):
-        (JSC::MacroAssemblerARM64::load):
-        (JSC::MacroAssemblerARM64::store):
-        (JSC::MacroAssemblerARM64::tryMoveUsingCacheRegisterContents):
-        (JSC::MacroAssemblerARM64::moveToCachedReg):
-
-2013-02-02  David Kilzer  <ddkilzer@apple.com>
-
-        Upstream iOS FeatureDefines
-
-        Merge ToT WebKit r141699.
-
-        * Configurations/FeatureDefines.xcconfig:
-        - Move iOS features near the top of the file.
-        - Define FEATURE_DEFINES_iphoneos and
-          FEATURE_DEFINES_iphonesimulator.
-        - Do not set ENABLE_PDFKIT_PLUGIN on iOS.
-
-    2013-02-02  David Kilzer  <ddkilzer@apple.com>
-
-        Upstream iOS FeatureDefines
-        <http://webkit.org/b/108753>
-
-        Reviewed by Anders Carlsson.
-
-        * Configurations/FeatureDefines.xcconfig:
-        - ENABLE_DEVICE_ORIENTATION: Add iOS configurations.
-        - ENABLE_PLUGIN_PROXY_FOR_VIDEO: Ditto.
-        - FEATURE_DEFINES: Add ENABLE_PLUGIN_PROXY_FOR_VIDEO.  Add
-          PLATFORM_NAME variant to reduce future merge conflicts. 
-
-2013-01-30  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/12927168> iOS WebKit merge #5: stabilizing merge branch to ToT r140978 (starts Wed, Jan 17)
-
-        Merge up to OpenSource WebKit r140978.
-
-2013-01-29  Pratik Solanki  <psolanki@apple.com>
-
-        Merge ToT WebKit r141189.
-
-    2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        offlineasm BaseIndex handling is broken on ARM due to MIPS changes
-        https://bugs.webkit.org/show_bug.cgi?id=108261
-
-        Reviewed by Oliver Hunt.
-        
-        Backends shouldn't override each other's methods. That's not cool.
-
-        * offlineasm/mips.rb:
-
-2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to run "hello world" on JSC command-line on ARM64
-
-        Reviewed by Geoffrey Garen.
-
-        arm64.rb was using the destination register where it meant to use the base in the code generation for lea.
-
-        * offlineasm/arm64.rb:
-
-2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix the build.
-
-        Xcode forgot about some files, Profiler was renamed, assertions made the compiler sad, and
-        some code got moved and deleted during the merge.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        * jit/ThunkGenerators.cpp:
-        (JSC::nativeForGenerator):
-
-2013-01-29  Pratik Solanki  <psolanki@apple.com>
-
-        Merge ToT WebKit r141189.
-
-    2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        offlineasm BaseIndex handling is broken on ARM due to MIPS changes
-        https://bugs.webkit.org/show_bug.cgi?id=108261
-
-        Reviewed by Oliver Hunt.
-        
-        Backends shouldn't override each other's methods. That's not cool.
-
-        * offlineasm/mips.rb:
-
-2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        It should be possible to run "hello world" on JSC command-line on ARM64
-
-        Reviewed by Geoffrey Garen.
-
-        arm64.rb was using the destination register where it meant to use the base in the code generation for lea.
-
-        * offlineasm/arm64.rb:
-
-2013-01-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, fix the build.
-
-        Xcode forgot about some files, Profiler was renamed, assertions made the compiler sad, and
-        some code got moved and deleted during the merge.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        * jit/ThunkGenerators.cpp:
-        (JSC::nativeForGenerator):
-
-2013-01-28  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13099146> Merge WebKit r136927 to Puzzlebox
-
-        Merged WebKit r136927 to bring puzzle box closer to open source.
-
-    2012-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-            Incorrect inequality for checking whether a statement is within bounds of a handler
-            https://bugs.webkit.org/show_bug.cgi?id=104313
-            <rdar://problem/12808934>
-
-            Reviewed by Geoffrey Garen.
-
-            The most relevant change is in handlerForBytecodeOffset(), which fixes the inequality
-            used for checking whether a handler is pertinent to the current instruction. '<' is
-            correct, but '<=' isn't, since the 'end' is not inclusive.
-            
-            Also found, and addressed, a benign goof in how the finally inliner works: sometimes
-            we will have end > start. This falls out naturally from how the inliner works and how
-            we pop scopes in the bytecompiler, but it's sufficiently surprising that, to avoid any
-            future confusion, I added a comment and some code to prune those handlers out. Because
-            of how the handler resolution works, these handlers would have been skipped anyway.
-            
-            Also made various fixes to debugging code, which was necessary for tracking this down.
-
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::dumpBytecode):
-            (JSC::CodeBlock::handlerForBytecodeOffset):
-            * bytecompiler/BytecodeGenerator.cpp:
-            (JSC::BytecodeGenerator::generate):
-            * bytecompiler/Label.h:
-            (JSC::Label::bind):
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::throwException):
-            * llint/LLIntExceptions.cpp:
-            (JSC::LLInt::interpreterThrowInCaller):
-            (JSC::LLInt::returnToThrow):
-            (JSC::LLInt::callToThrow):
-            * llint/LLIntSlowPaths.cpp:
-            (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-            (JSC::LLInt::handleHostCall):
-
-2013-01-28  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13097368> UPSTREAM: Merge formatting of registers names in DFGFPRInfo.h to match webkit
-
-        Reviewed by David Kilzer.
-
-        Changed the formatting of the register names to be 4 per line to match open source.
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::debugName):
-
-2013-01-28  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13096905> Remove extraneous nop() from assembler/ARMAssembler.h
-
-        Reviewed by David Kilzer.
-
-        Removed second definition of nop() that won't even compile.
-
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::nop):
-
-2013-01-27  David Kilzer  <ddkilzer@apple.com>
-
-        Make BytecodeGenerator.h match ToT WebKit
-
-        No actual code changes; just reformatting to match ToT WebKit.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC): Add blank line.
-
-2013-01-24  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12976134> Faster code for modulo in cases of simple numbers
-
-        Reviewed by Filip Pizlo.
-
-        Added ARM64 path to perform integer modulo using bitwise-and for constant power of 2 and 
-        integer division followed by multiplication to find remainder for other cases.
-
-        This is 1.5% win on SunSpider, neutral on V8, 10.5% win on kraken and a 38% win on js-regress.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/13046790> Merge r140221 from https://bugs.webkit.org/show_bug.cgi?id=107340
-
-        Merged ToT WebKit r139949.
-
-    2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-            Change set r140201 broke editing/selection/move-by-word-visually-multi-line.html
-            https://bugs.webkit.org/show_bug.cgi?id=107340
-
-            Reviewed by Filip Pizlo.
-
-            Due to the change landed in r140201, more nodes might end up
-            generating Int32ToDouble nodes.  Therefore, changed the JSVALUE64
-            constant path of compileInt32ToDouble() to use the more
-            restrictive isInt32Constant() check on the input.  This check was
-            the same as the existing ASSERT() so the ASSERT was eliminated.
-
-            * dfg/DFGSpeculativeJIT.cpp:
-            (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-        Unreviewed fix eliminating overzealous ASSERT().  This ASSERT was never added to OpenSource.
-
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::copyCompactAndLinkCode):
-
-2013-01-18  Michael Saboff  <msaboff@apple.com>
-
-       Unreviewed build fix for building JSC with DFG_ENABLE_DEBUG_VERBOSE and 
-       DFG_ENABLE_DEBUG_PROPAGATION_VERBOSE enabled in DFGCommon.h.  These changes came from 
-       cherry picking individual file changes landed in open source.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::valueToSourceString):
-        (JSC::CodeBlock::finalizeUnconditionally):
-        * bytecode/ValueProfile.h:
-        (JSC::ValueProfileBase::dump):
-        * bytecode/ValueRecovery.h:
-        (JSC::ValueRecovery::dump):
-        * dfg/DFGAbstractValue.h:
-        (JSC::DFG::AbstractValue::dump):
-        * dfg/DFGArgumentsSimplificationPhase.cpp:
-        (JSC::DFG::ArgumentsSimplificationPhase::run):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGGraph.cpp:
-        (JSC::DFG::Graph::dump):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGStructureCheckHoistingPhase.cpp:
-        (JSC::DFG::StructureCheckHoistingPhase::run):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::dumpRegisters):
-        * jsc.cpp:
-        (functionDescribe):
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::llint_trace_value):
-        * runtime/IndexingType.cpp:
-        (JSC::dumpIndexingType):
-        * runtime/IndexingType.h:
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::dump):
-        * runtime/JSValue.h:
-        (JSValue):
-
-2013-01-17  Pratik Solanki  <psolanki@apple.com>
-
-        Delete MMAP_FLAGS define since it is not used anywhere.
-
-        Rubber-stamped by Dan Bernstein.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-
-2013-01-17  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12645632> Crash at DFG::SpeculativeJIT::convertLastOSRExitToForward() playing a video @ m.youtube.com
-
-        Reviewed by Filip Pizlo.
-
-        Change the logic so that we insert an Int32ToDouble node when the existing edge is not SpecDouble.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-
-2013-01-17  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12645632> Crash at DFG::SpeculativeJIT::convertLastOSRExitToForward() playing a video @ m.youtube.com
-
-        Reviewed by Filip Pizlo.
-
-        Split out the Int32ToDouble node insertion from fixDoubleEdge() and used it directly when we're fixing up
-        an ArithDiv node with integer inputs and output for platforms that don't have integer division.
-        This is needed since we could fail the shouldSpeculateInteger() check in fixDoubleEdge() and end up
-        not creating the Int32ToDouble node(s) for the inputs.  Every time we re-enter the fixup phase, we'll go through
-        the same "have int operands, expect int result" check in ArithDiv processing and add another DoubleToInt32
-        node after us.  The code we generate is bad both before and after the actual FP division.
-
-        Since we are checking that our inputs should be ints, we can just insert the Int32ToDouble node without
-        any further checks.  This restores the idempotent guarentee that fixDoubleEdge() is built upon.
-        ArithDiv is the only node type that has this issue at the current time.
-
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        (JSC::DFG::FixupPhase::fixDoubleEdge):
-        (FixupPhase):
-        (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
-
-2013-01-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/13009810> MobileSafari is crashing on cnn.com at JavaScriptCore: JSC::JSObject::visitChildren
-
-        Merged ToT WebKit r139949.
-
-    2013-01-16  Filip Pizlo  <fpizlo@apple.com>
-    
-            DFG 32_64 backend doesn't check for hasArrayStorage() in NewArrayWithSize
-            https://bugs.webkit.org/show_bug.cgi?id=107081
-    
-            Reviewed by Michael Saboff.
-    
-            This bug led to the 32_64 backend emitting contiguous allocation code to allocate
-            ArrayStorage arrays. This then led to all manner of heap corruption, since
-            subsequent array accesses would be accessing the contiguous array "as if" it was
-            an arraystorage array.
-    
-            * dfg/DFGSpeculativeJIT32_64.cpp:
-            (JSC::DFG::SpeculativeJIT::compile):
-
-2013-01-15  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/13020391> PEP Web: WebKit sometimes leak big chunk of memory (>512KB) after loading nytimes.com.
-
-        Merged ToT WebKit r136773.
-
-    2013-12-05  Oliver Hunt  <oliver@apple.com>
-
-            Empty parse cache when receiving a low memory warning
-            https://bugs.webkit.org/show_bug.cgi?id=104161
-
-            Reviewed by Filip Pizlo.
-
-            This adds a function to the globaldata to empty all code related data
-            structures (code in the heap and the code cache).
-            It also adds a function to allow the CodeCache to actually be cleared
-            at all. 
-
-            * runtime/CodeCache.h:
-            (CacheMap):
-            (JSC::CacheMap::clear):
-            (JSC::CodeCache::clear):
-            (CodeCache):
-            * runtime/JSGlobalData.cpp:
-            (JSC::JSGlobalData::discardAllCode):
-            (JSC):
-            * runtime/JSGlobalData.h:
-            (JSGlobalData):
-
-
-2013-01-15  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/13015824> Remove IOS_PPT code
-
-        Reviewed by Simon Fraser.
-
-        * Configurations/FeatureDefines.xcconfig: Remove IOS_PPT setting.
-
-2013-01-13  David Kilzer  <ddkilzer@apple.com>
-
-        [Mac] Add Build Phase to Check Headers for Inappropriate Macros (Platform.h macros)
-        https://bugs.webkit.org/show_bug.cgi?id=104279
-
-        Merge ToT WebKit r138064.
-
-        Needed as part of: <rdar://problem/12204959> Innsbruck11A161: JavaScriptCore_Sim-1104 fails to installhdrs: 'Availability.h' file not found
-
-    2012-12-18  Joseph Pecoraro  <pecoraro@apple.com>
-
-        [Mac] Add Build Phase to Check Headers for Inappropriate Macros (Platform.h macros)
-        https://bugs.webkit.org/show_bug.cgi?id=104279
-
-        Reviewed by David Kilzer.
-
-        Add a build phase to check the public JavaScriptCore headers for
-        inappropriate macros.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2013-01-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merge r138067 from open source to fix <rdar://problem/13009810>
-
-    2012-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Restrictions on oversize CopiedBlock allocations should be relaxed
-            https://bugs.webkit.org/show_bug.cgi?id=105339
-    
-            Reviewed by Filip Pizlo.
-    
-            Currently the DFG has a single branch in the inline allocation path for property/array storage where 
-            it checks to see if the number of bytes requested will fit in the current block. This does not match 
-            what the C++ allocation path does; it checks if the requested number of bytes is oversize, and then 
-            if it's not, it tries to fit it in the current block. The garbage collector assumes that ALL allocations 
-            that are greater than 16KB are in oversize blocks. Therefore, this mismatch can lead to crashes when 
-            the collector tries to perform some operation on a CopiedBlock.
-    
-            To avoid adding an extra branch to the inline allocation path in the JIT, we should make it so that 
-            oversize blocks are allocated on the same alignment boundaries so that there is a single mask to find 
-            the block header of any CopiedBlock (rather than two, one for normal and one for oversize blocks), and 
-            we should figure out if a block is oversize by some other method than just whatever the JSObject says 
-            it is. One way we could record this info Region of the block, since we allocate a one-off Region for 
-            oversize blocks.
-
-            * heap/BlockAllocator.h:
-            (JSC::Region::isCustomSize):
-            (Region):
-            (JSC::Region::createCustomSize):
-            (JSC::Region::Region):
-            (JSC::BlockAllocator::deallocateCustomSize):
-            * heap/CopiedBlock.h:
-            (CopiedBlock):
-            (JSC::CopiedBlock::isOversize):
-            (JSC):
-            * heap/CopiedSpace.cpp:
-            (JSC::CopiedSpace::tryAllocateOversize):
-            (JSC::CopiedSpace::tryReallocate):
-            (JSC::CopiedSpace::tryReallocateOversize):
-            * heap/CopiedSpace.h:
-            (CopiedSpace):
-            * heap/CopiedSpaceInlines.h:
-            (JSC::CopiedSpace::contains):
-            (JSC::CopiedSpace::tryAllocate):
-            (JSC):
-            * heap/CopyVisitor.h:
-            (CopyVisitor):
-            * heap/CopyVisitorInlines.h:
-            (JSC::CopyVisitor::checkIfShouldCopy):
-            (JSC::CopyVisitor::didCopy):
-            * heap/SlotVisitorInlines.h:
-            (JSC::SlotVisitor::copyLater):
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::copyButterfly):
-
-2013-01-14  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merge r137961 from open source for <rdar://problem/13009810>
-
-    2012-12-17  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Butterfly::growArrayRight shouldn't be called on null Butterfly objects
-            https://bugs.webkit.org/show_bug.cgi?id=105221
-    
-            Reviewed by Filip Pizlo.
-    
-            Currently we depend upon the fact that Butterfly::growArrayRight works with null Butterfly 
-            objects purely by coincidence. We should add a new static function that null checks the old 
-            Butterfly object and creates a new one if it's null, or calls growArrayRight if it isn't for 
-            use in the couple of places in JSObject that expect such behavior to work.
-
-            * runtime/Butterfly.h:
-            (Butterfly):
-            * runtime/ButterflyInlines.h:
-            (JSC::Butterfly::createOrGrowArrayRight):
-            (JSC):
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::createInitialIndexedStorage):
-            (JSC::JSObject::createArrayStorage):
-
-2013-01-11  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12976133> Investigate using integer divide and multiply to compute a remainder
-
-        Reviewed by Phil Pizlo.
-
-        Changed ArithDiv processing for ARM64 to be very much like X86.  The ARM64 sdiv instruction doesn't trap,
-        so we don't need to have the two pre-division checks that the X86 code has (divide by zero and -2^31-1 / -1).
-        The sdiv instruction handles the divide by 0 directly by returning a 0 quotient and the other case is handled
-        by an overflow check with the multiply.
-
-        This is a 3.68x win for SunSpider math-spectral-norm and a 3% improvement for string-tagcloud.  Overall
-        this is a 3.4% win on SunSpider.
-
-        * dfg/DFGCommon.h:
-        (JSC::DFG::isARM64):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM64):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2013-01-09  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12976132> Patchable branches should be one branch instead of two
-
-        Reviewed by Phil Pizlo.
-
-        Changed the processing of patchable conditional branches from always being a conditional branch
-        (b.<cc>, cb[n]z and tb[n]z) around an unconditional branch to being the conditional branch
-        followed by a nop when the offset of the conditional branch is sufficient to reach the destination.
-        Where relinkJumpOrCall only had to patch the unconditional branch, it now checks to see if the
-        instruction to patch is a nop.  If so, we know we planted the nop as part of a patchable conditional
-        branch, therefore try linking directly using the offset space provided in the conditional branch and
-        follow it with a nop.  If there aren't enough offset bit to get to the destination, fall back to a
-        branch around a branch.
-
-        This change is performance neutral on SunSpider and V8.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::hint):
-        (JSC::ARM64Assembler::nop):
-        (JSC::ARM64Assembler::linkJump):
-        (JSC::ARM64Assembler::relinkJump):
-        (JSC::ARM64Assembler::relinkCall):
-        (JSC::ARM64Assembler::link):
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::linkJumpOrCall):
-        (JSC::ARM64Assembler::linkCompareAndBranch):
-        (JSC::ARM64Assembler::linkConditionalBranch):
-        (JSC::ARM64Assembler::linkTestAndBranch):
-        (JSC::ARM64Assembler::relinkJumpOrCall):
-        (JSC::ARM64Assembler::disassembleNop):
-        (JSC::ARM64Assembler::disassembleCompareAndBranchImmediate):
-        (JSC::ARM64Assembler::disassembleConditionalBranchImmediate):
-        (JSC::ARM64Assembler::disassembleTestAndBranchImmediate):
-        (JSC::ARM64Assembler::hintPseudo):
-        (JSC::ARM64Assembler::nopPseudo):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::makeBranch):
-        (JSC::MacroAssemblerARM64::makeCompareAndBranch):
-        (JSC::MacroAssemblerARM64::makeTestBitAndBranch):
-
-2013-01-09  David Kilzer  <ddkilzer@apple.com>
-
-        Remove unused .call files
-
-        Reviewed by Joseph Pecoraro.
-
-        * .call: Removed with apologies to Ken Kocienda.
-
-2013-01-04  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12954053> Merge #4: Crash in JIT code @ cnn.com iPhone site
-
-        Reviewed by Phil Pizlo.
-
-        Change the way reverting a BranchPtrWithPatch is done when it has been replaced with a 
-        jump.  We cannot rely on the existing instructions and must create from scratch.
-        This is limited to the wide moves needed to fill the temp register with the restored
-        pointer value.  Added a new common setPointer() method to ARM64Assembler that writes
-        out the instructions and flushes the I-cache.  Both the existing linkPointer and new
-        setPointer() use this common method.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::repatchPointer):
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::setPointer):
-        (JSC::ARM64Assembler::linkPointer):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::reemitInitialMoveWithPatch):
-        (JSC::MacroAssemblerARM64::revertJumpReplacementToBranchPtrWithPatch):
-
-2013-01-04  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12954053> Merge #4: Crash in JIT code @ cnn.com iPhone site
-
-        Reviewed by Phil Pizlo.
-
-        Improper merge of the patchableBranch pass through methods for ARM64.  Added patchableBranchTest32()
-        as a patchable method for ARM64.
-
-        * assembler/MacroAssembler.h:
-        (JSC::MacroAssembler::patchableBranchTest32):
-        (MacroAssembler):
-
-2013-01-02  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12927415> iOS WebKit merge #4: Arm64 Root crashes immediately running JavaScript
-
-        Rubber-stamped by Phil Pizlo.
-
-        The label returned from one of branchPtrWithPatch() methods is the address of the first move wide
-        instruction.  Therefore we don't need to offset the address in startOfBranchPtrWithPatchOnRegister().
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::startOfBranchPtrWithPatchOnRegister):
-
-2013-01-03  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12953903> 11A243: JavaScriptCore fails to compile in debug ARM64 config
-
-        Reviewed by Phil Pizlo.
-
-        Use casts when comparing FPRReg with integers. This change for ARM code is similar to r1176464.
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::toIndex):
-        (JSC::DFG::FPRInfo::debugName):
-
-2013-01-03  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12954264> ARM64 Disassembler doesn't handle variable shift / rotate instructions correctly
-
-        Reviewed by Phil Pizlo.
-
-        Fixed the generation of opNameIndex() to extract bits 0, 1 and 3 from the "opcode" field which are bits
-        10, 11 and 13 from the instruction.
-
-        * disassembler/ARM64/A64DOpcode.h:
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opNameIndex):
-
-2013-01-02  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/12945902> 11A242: JavaScriptCore fails to compile in debug config
-
-        Reviewed by Dan Bernstein.
-
-        Use casts when comparing GPRReg/FPRReg with integers. This change for ARM code is similar to
-        r132752 made in opensource to fix the same compiler error.
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-
-2012-12-21  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12922052> ARM64: BranchTestNN() where the immediate has only one bit set should use the tbz instruction
-
-        Reviewed by Phil Pizlo.
-
-        Check for a single bit immediate and if so, use it with the test bit and branch instruction.
-
-        Made a common hasOneBitSet() in wtf/MathExtras.h.  Made isPowerOf2() in PropertyMapHashTable.h
-        a wrapper function for readability.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::branchTest32):
-        (JSC::MacroAssemblerARM64::branchTest64):
-        * runtime/PropertyMapHashTable.h:
-        (JSC::isPowerOf2):
-
-2012-12-20  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12922051> ARM64: StoreXX(TrustedImm) where the immediate is 0 should use the ZR register
-
-        Reviewed by Phil Pizlo.
-
-        Use the zr register for stores when the immediate is 0.
-
-        No measured performance change running SunSpider.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::store64):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::store8):
-
-2012-12-20  Michael Saboff  <msaboff@apple.com>
-
-        Changes made to match the changes while back merging the "unusedPointer" part of r12913496.
-
-        Rubber stamped by Phil Pizlo.
-
-        Changed the name of emptyPointer to unusedPointer.  Follow-on changes as a result of the
-        name change.  OpenSource changes landed in r138308: <http://trac.webkit.org/changeset/138308>.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * bytecode/MethodCallLinkInfo.cpp:
-        (JSC::MethodCallLinkInfo::reset):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        * jit/EmptyPointer.h: Removed.
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITWriteBarrier.h:
-        (JSC::JITWriteBarrierBase::clearToUnusedPointer):
-        (JSC::JITWriteBarrierBase::get):
-        * jit/UnusedPointer.h: Copied from Source/JavaScriptCore/jit/EmptyPointer.h.
-
-2012-12-19  Michael Saboff  <msaboff@apple.com>
-
-        Unreviewed build fix.
-
-        Adding updated project file inadvertently left off from prior checkin.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-12-19  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12913496> ARM64: Use only 48 bits for patchable pointers in JIT'ed code
-
-        Reviewed by Gavin Barraclough.
-
-        Changed pointer code in the JIT and macro assembler to only manipulate the lower 48 bits.
-        Changed "empty pointer" logic from using -1 to using a constant (0xd1e7beef) and put that
-        constant into the new header file jit/EmptyPointer.h.
-
-        Changed occurances that use -1 to now use emptyPointer.
-
-        Performance impact of this change is +.6% on SunSpider, neutral on V8 and +.3% on Kraken.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::readPointer):
-        (JSC::ARM64Assembler::readCallTarget):
-        (JSC::ARM64Assembler::linkPointer):
-        * assembler/MacroAssemblerARM64.h:
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::moveWithFixedWidth):
-        * bytecode/MethodCallLinkInfo.cpp:
-        (JSC::MethodCallLinkInfo::reset):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgResetGetByID):
-        (JSC::DFG::dfgResetPutByID):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::cachedGetById):
-        (JSC::DFG::SpeculativeJIT::cachedPutById):
-        * jit/EmptyPointer.h: Added.
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::resetPatchGetById):
-        (JSC::JIT::resetPatchPutById):
-        * jit/JITWriteBarrier.h:
-        (JSC::JITWriteBarrierBase::clearToEmptyPointer):
-        (JSC::JITWriteBarrierBase::get):
-
-2012-12-19  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12910064> ARM64: Operations with an AbsoluteAddress source and destination should reuse address in temp register
-
-        Reviewed by Oliver Hunt.
-
-        When memoryTempRegister hasn't been reused, we store directly to memoryTempRegister.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::add32):
-        (JSC::MacroAssemblerARM64::add64):
-        (JSC::MacroAssemblerARM64::or32):
-        (JSC::MacroAssemblerARM64::sub32):
-        (JSC::MacroAssemblerARM64::branchAdd32):
-
-2012-12-18  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12903309> ARM64: Further optimizations for test/compare and branch with branch compaction
-
-        Reviewed by Phil Pizlo.
-
-        Added support for CompareAndBranch (cbz/cbnz) instructions.  Made makeTestBitAndBranch() generally usable.
-        Added code to compact both CompareAndBranch and TestBitAndBranch instructions.  Cleaned up the ARM64
-        specific branch compaction code, specifically the ASSERTS in linkJumpConditionDirect() and eliminated 
-        the now unused disassembleConditionalBranchImmediate() as we are never pointing at a b.<cond> instruction
-        when we write one out with the linked address.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::LinkRecord::LinkRecord):
-        (JSC::ARM64Assembler::LinkRecord::is64Bit):
-        (JSC::ARM64Assembler::LinkRecord::bitNumber):
-        (JSC::ARM64Assembler::LinkRecord::compareRegister):
-        (LinkRecord):
-        (JSC::ARM64Assembler::linkJump):
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::canCompact):
-        (JSC::ARM64Assembler::computeJumpType):
-        (JSC::ARM64Assembler::link):
-        (JSC::ARM64Assembler::linkJumpCompareAndBranch):
-        (JSC::ARM64Assembler::linkJumpConditionDirect):
-        (JSC::ARM64Assembler::linkJumpCompareAndBranchDirect):
-        (JSC::ARM64Assembler::linkJumpTestBitDirect):
-        (JSC::ARM64Assembler::compareAndBranchImmediate):
-        * assembler/AbstractMacroAssembler.h:
-        (Jump):
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARM64::branchTest32):
-        (JSC::MacroAssemblerARM64::branchTest64):
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::makeCompareAndBranch):
-        (JSC::MacroAssemblerARM64::makeTestBitAndBranch):
-
-2012-12-18  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12903449> ARM64: Indexed Load and Store operations should used the scaled index ldr/str instructions when possible
-
-        Reviewed by Oliver Hunt.
-
-        Added path to use the scaled indexed load and store instructions for naturally indexed ops where the
-        offset is 0.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::load64):
-        (JSC::MacroAssemblerARM64::load32):
-        (JSC::MacroAssemblerARM64::load16):
-        (JSC::MacroAssemblerARM64::load16Signed):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::load8Signed):
-        (JSC::MacroAssemblerARM64::store64):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::store16):
-        (JSC::MacroAssemblerARM64::store8):
-        (JSC::MacroAssemblerARM64::loadDouble):
-        (JSC::MacroAssemblerARM64::loadFloat):
-        (JSC::MacroAssemblerARM64::storeDouble):
-        (JSC::MacroAssemblerARM64::storeFloat):
-
-2012-12-18  Michael Saboff  <msaboff@apple.com>
-
-        Merge of OpenSource WebKit r137976 & r138032
-
-    2012-12-17  Michael Saboff  <msaboff@apple.com>
-
-            DFG: Refactor DFGCorrectableJumpPoint to reduce size of OSRExit data
-            https://bugs.webkit.org/show_bug.cgi?id=105237
-
-            Reviewed by Filip Pizlo.
-
-            Replaced DFGCorrectableJumpPoint with OSRExitCompilationInfo which is used and kept alive only while we are
-            compiling in the DFG.  Moved the patchable branch offset directly into OSRExit.
-
-            * CMakeLists.txt:
-            * GNUmakefile.list.am:
-            * JavaScriptCore.xcodeproj/project.pbxproj:
-            * Target.pri:
-            * assembler/AbstractMacroAssembler.h:
-            * dfg/DFGCorrectableJumpPoint.cpp: Removed.
-            * dfg/DFGCorrectableJumpPoint.h: Removed.
-            * dfg/DFGJITCompiler.cpp:
-            (JSC::DFG::JITCompiler::linkOSRExits):
-            (JSC::DFG::JITCompiler::link):
-            * dfg/DFGJITCompiler.h:
-            (JSC::DFG::JITCompiler::appendExitJump):
-            (JITCompiler):
-            * dfg/DFGOSRExit.cpp:
-            (JSC::DFG::OSRExit::OSRExit):
-            (JSC::DFG::OSRExit::setPatchableCodeOffset):
-            (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump):
-            (JSC::DFG::OSRExit::codeLocationForRepatch):
-            (JSC::DFG::OSRExit::correctJump):
-            * dfg/DFGOSRExit.h:
-            (OSRExit):
-            * dfg/DFGOSRExitCompilationInfo.h: Added.
-            (OSRExitCompilationInfo):
-            (JSC::DFG::OSRExitCompilationInfo::OSRExitCompilationInfo):
-            (JSC::DFG::OSRExitCompilationInfo::failureJump):
-            * dfg/DFGOSRExitCompiler.cpp:
-            * dfg/DFGSpeculativeJIT.cpp:
-            (JSC::DFG::SpeculativeJIT::speculationCheck):
-            (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
-
-    2012-12-18  Michael Saboff  <msaboff@apple.com>
-
-            [Qt] Fix the ARMv7 build after r137976
-            https://bugs.webkit.org/show_bug.cgi?id=105270
-
-            Reviewed by Csaba Osztrogonác.
-
-            Add default value for Jump parameter to fix build.
-
-            * assembler/AbstractMacroAssembler.h:
-            (JSC::AbstractMacroAssembler::Jump::Jump):
-
-2012-12-14  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12883938> ARM64 DFG: SoftModulo will OSR exit with overflow when the result is 0
-
-        Reviewed by Geoffrey Garen.
-
-        Changed the generated code in branchConvertDoubleToInt32() to conditionally check for a negative value
-        before checking for 0 and only take the failure path for negative 0.0.  Since branchConvertDoubleToInt32()
-        is used for more than just modulo, only made the modulo case generate the added check.
-        Added the parameter to all of the macro assemblers, but the parameter is only used in the ARM64 version
-        at this point.
-
-        To support this patch, added the new test bit and branch (for the tbz/tbnz instruction) jump type to the
-        ARM64 macro assembler.  As other branches we initially generate a tb[n]z instruction with inverted
-        condition around an unconditional branch.  The branch around a branch is usually compacted during the
-        link phase.  The compacting of tb[n]z will be done in a subsequent patch.
-
-        This change is worth >3.5% on SunSpider to to 10-20% gains on 3d-raytrace, crypto-aes and string-validate-input
-        with lesser gains on other tests.
-
-        This patch will be back ported to OpenSource.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::computeJumpType):
-        (JSC::ARM64Assembler::link):
-        (JSC::ARM64Assembler::linkJumpTestBit):
-        (ARM64Assembler):
-        * assembler/AbstractMacroAssembler.h:
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARM64::makeTestBitAndBranch):
-        (MacroAssemblerARM64):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerMIPS.h:
-        (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerSH4.h:
-        (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-
-2012-12-13  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12869956> SWB: JavaScriptCore-1136 failed to build with clang-426.2.3: -Wshift-op-parentheses
-
-        Rubber stamped by Jessie Berlin.
-
-        Added parens to quiet the newly added -Wshift-op-parentheses warning.
-
-        * disassembler/ARM64/A64DOpcode.cpp:
-        (JSC::ARM64Disassembler::rotateRight):
-
-2012-12-12  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12870469> ARM64 Add Data Processing 3 Source and FP Data Processing 1 Source instruction groups to disassembler
-
-        Reviewed by Phil Pizlo.
-
-        Added support for the two missin instruction groups.
-
-        * disassembler/ARM64/A64DOpcode.cpp:
-        (ARM64Disassembler):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::format):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing1Source::format):
-        * disassembler/ARM64/A64DOpcode.h:
-        (A64DOpcodeDataProcessing3Source):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::ra):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::op54):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::op31):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::op0):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::opNum):
-        (ARM64Disassembler):
-        (A64DOpcodeFloatingPointDataProcessing1Source):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing1Source::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing1Source::opNum):
-
-2012-12-12  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12858410> ARM64 SunSpider crypto-md5 test is 40x slower compared to ARMv7
-
-        Reviewed by Gavin Barraclough.
-
-        Fix a problem in the add32/sub32 with an address case where we materialize the address into
-        the temporary register memoryTempRegister.  The problem is that the store uses memoryTempRegister
-        where the result of the add/sub is sitting.  We were writing out the lower 32 bits of the address
-        into the memory at the address.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::add32):
-        (JSC::MacroAssemblerARM64::add64):
-        (JSC::MacroAssemblerARM64::sub32):
-        (JSC::MacroAssemblerARM64::branchAdd32):
-
-2012-12-11  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12856193> Add option so that JSC will crash if it can't allocate executable memory for the JITs
-
-        Reviewed by Phil Pizlo.
-
-        Added new option "crashIfCantAllocateJITMemory".  If this option is true, we crash when checking 
-        the executable allocator.  The default is false, but jsc sets it to true.  Coded this so that
-        is useJIT and useRegExpJIT are both false, we don't crash since we aren't using any JITs.
-
-        * jsc.cpp:
-        (main):
-        * runtime/JSGlobalData.cpp:
-        (JSC::enableAssembler):
-        * runtime/Options.h:
-        (JSC)::Options::crashIfCantAllocateJITMemory
-
-2012-12-10  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12821654> ARM64 Should compact compare then branch around branch when possible
-
-        Reviewed by Phil Pizlo.
-
-        Added branch compaction to ARM64 in a similar way as was done for ARMv7.  We convert code like.
-
-                      cmp    xM, xN                              cmp    xM, xN
-          FROM        b.!cond continue                TO         b.cond labelIfCond
-               cont:  b      labelIfCond
-
-        Abstracted the compaction code in LinkBuffer::linkCode by instruction size to new helper
-        LinkBuffer::copyCompactAndLinkCode().  Added JumpType, JumpLinkType and LinkRecord to ARM64Assembler.
-        Added ARM64 versions of the helper methods needed by copyCompactAndLink.
-
-        Abstracted out the jump type date used in DFG::CorrectableJumpPoint to be part of the MacroAssembler
-        instead of the two assemblers that do compaction.
-
-        * assembler/ARM64Assembler.h:
-        (LinkRecord):
-        (JSC::ARM64Assembler::LinkRecord::LinkRecord):
-        (JSC::ARM64Assembler::LinkRecord::operator=):
-        (JSC::ARM64Assembler::LinkRecord::from):
-        (JSC::ARM64Assembler::LinkRecord::setFrom):
-        (JSC::ARM64Assembler::LinkRecord::to):
-        (JSC::ARM64Assembler::LinkRecord::type):
-        (JSC::ARM64Assembler::LinkRecord::linkType):
-        (JSC::ARM64Assembler::LinkRecord::setLinkType):
-        (JSC::ARM64Assembler::LinkRecord::condition):
-        (JSC::ARM64Assembler::unlinkedCode):
-        (JSC::ARM64Assembler::linkJump):
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::jumpSizeDelta):
-        (JSC::ARM64Assembler::linkRecordSourceComparator):
-        (JSC::ARM64Assembler::canCompact):
-        (JSC::ARM64Assembler::computeJumpType):
-        (JSC::ARM64Assembler::recordLinkOffsets):
-        (JSC::ARM64Assembler::jumpsToLink):
-        (JSC::ARM64Assembler::link):
-        (JSC::ARM64Assembler::linkJumpNoCondition):
-        (JSC::ARM64Assembler::linkJumpConditionDirect):
-        (JSC::ARM64Assembler::linkJumpCondition):
-        (JSC::ARM64Assembler::disassembleConditionalBranchImmediate):
-        (JSC::ARM64Assembler::compareAndBranchImmediate):
-        (JSC::ARM64Assembler::conditionalBranchImmediate):
-        * assembler/AbstractMacroAssembler.h:
-        (Jump):
-        (JSC::AbstractMacroAssembler::Jump::Jump):
-        (JSC::AbstractMacroAssembler::Jump::link):
-        (JSC::AbstractMacroAssembler::Jump::linkTo):
-        * assembler/LinkBuffer.cpp:
-        (JSC::LinkBuffer::copyCompactAndLinkCode):
-        (JSC::LinkBuffer::linkCode):
-        * assembler/LinkBuffer.h:
-        (LinkBuffer):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::MacroAssemblerARM64):
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::jumpsToLink):
-        (JSC::MacroAssemblerARM64::unlinkedCode):
-        (JSC::MacroAssemblerARM64::canCompact):
-        (JSC::MacroAssemblerARM64::computeJumpType):
-        (JSC::MacroAssemblerARM64::recordLinkOffsets):
-        (JSC::MacroAssemblerARM64::jumpSizeDelta):
-        (JSC::MacroAssemblerARM64::link):
-        (JSC::MacroAssemblerARM64::executableOffsetFor):
-        (JSC::MacroAssemblerARM64::branchTest32):
-        (JSC::MacroAssemblerARM64::jump):
-        (JSC::MacroAssemblerARM64::patchableBranchPtr):
-        (JSC::MacroAssemblerARM64::patchableBranchTest32):
-        (JSC::MacroAssemblerARM64::patchableBranch32):
-        (JSC::MacroAssemblerARM64::patchableBranchPtrWithPatch):
-        (JSC::MacroAssemblerARM64::patchableJump):
-        (JSC::MacroAssemblerARM64::makeBranch):
-        * assembler/MacroAssemblerARMv7.h:
-        (MacroAssemblerARMv7):
-        * dfg/DFGCorrectableJumpPoint.h:
-        (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
-        (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
-        (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
-        (JSC::DFG::CorrectableJumpPoint::getJump):
-        (CorrectableJumpPoint):
-
-2012-12-10  Michael Saboff  <msaboff@apple.com>
-
-        Merge OpenSource WebKit r132991 to fix <rdar://problem/12831284>
-
-    2012-10-30  Yuqiang Xian  <yuqiang.xian@intel.com>
-
-            glsl-function-atan.html WebGL conformance test fails after https://bugs.webkit.org/show_bug.cgi?id=99154
-            https://bugs.webkit.org/show_bug.cgi?id=100789
-
-            Reviewed by Filip Pizlo.
-
-            We accidently missed a bitwise double to int64 conversion.
-
-            * dfg/DFGSpeculativeJIT.h:
-            (JSC::DFG::SpeculativeJIT::silentFill):
-
-2012-12-10  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12821760> ARM64 disassembler should cover the instructions the various JSC JIT's generate
-
-        Reviewed by Phil Pizlo.
-
-        Added decoding for CompareAndBranch, Data processing 2 sources, FP compare, FP processing 2 source,
-        FP fixed point conversion, FP integer conversion and TestAndBranch instruction groups.
-        Cleaned up some remaining changes to the printing code that weren't made before the original patch
-        was landed.
-
-        * disassembler/ARM64/A64DOpcode.cpp:
-        (ARM64Disassembler):
-        (JSC::ARM64Disassembler::A64DOpcode::appendRegisterName):
-        (JSC::ARM64Disassembler::A64DOpcodeCompareAndBranchImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::format):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::format):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing2Source::format):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::format):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::format):
-        (JSC::ARM64Disassembler::A64DOpcodeHint::format):
-        (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::format):
-        * disassembler/ARM64/A64DOpcode.h:
-        (A64DOpcodeCompareAndBranchImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeCompareAndBranchImmediate::opBit):
-        (JSC::ARM64Disassembler::A64DOpcodeCompareAndBranchImmediate::immediate19):
-        (ARM64Disassembler):
-        (A64DOpcodeDataProcessing2Source):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::sBit):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opCode):
-        (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opNameIndex):
-        (A64DOpcodeFloatingPointOps):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointOps::mBit):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointOps::sBit):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointOps::type):
-        (A64DOpcodeFloatingPointCompare):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::op):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::opCode2):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::opNum):
-        (A64DOpcodeFloatingPointDataProcessing2Source):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing2Source::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing2Source::opNum):
-        (A64DOpcodeFloatingFixedPointConversions):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::rmode):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::opcode):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::scale):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::opNum):
-        (A64DOpcodeFloatingPointIntegerConversions):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::rmode):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::opcode):
-        (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::opNum):
-        (A64DOpcodeTestAndBranchImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::bitNumber):
-        (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::opBit):
-        (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::immediate14):
-
-2012-12-04  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r132752 to fix the build with newer SDKs.
-
-    2012-10-28  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed, make always-true enum-to-int comparisons use casts.
-
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::debugName):
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::JSValueSource::tagGPR):
-        (JSC::DFG::GPRInfo::toIndex):
-        (JSC::DFG::GPRInfo::debugName):
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-
-2012-12-03  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12801153> JSC should have an ARM64 disassembler
-
-        Reviewed by Phil Pizlo.
-
-        Framework for a new ARM 64 disassembler with decoding for almost all integer instruction the
-        current JIT's emit.  The disassembler is structured as a base opcode class A64DOpcode with
-        sub-classes for each instruction group.  There is a public format method that does the bulk of
-        the disassebly work.  Instructions are "dispatched" to the right subclass via an array of linked
-        lists in the inner class OpcodeGroup.  The array is indexed using bits 24..28 of the instruction.
-        OpcodeGroup has a mask and a pattern that it applies to the instruction to determine that it
-        matches a particular group.  OpcodeGroup uses a static method to reinterpret_cast the Opcode
-        object to the right base class for the instruction group for formatting.  The cast eliminates 
-        the need of allocating an object for each decoded instruction.  Unknown instructions are
-        formatted as "  .long 12345678".
-
-        The disassembler does not currently cover FP operations or what appear to be currently unused
-        opcodes.  FP operations and soon to be used instructions like compare and branch and test and branch
-        will be added in a subsequent patch.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * disassembler/ARM64: Added.
-        * disassembler/ARM64/A64DOpcode.cpp: Added.
-        (ARM64Disassembler):
-        (JSC::ARM64Disassembler::A64DOpcode::format):
-        (JSC::ARM64Disassembler::A64DOpcode::appendRegisterName):
-        (JSC::ARM64Disassembler::A64DOpcode::appendFPRegisterName):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractExtendedRegister::format):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::format):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::format):
-        (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::format):
-        (JSC::ARM64Disassembler::A64DOpcodeExtract::format):
-        (JSC::ARM64Disassembler::A64DOpcodeHint::format):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterOffset::format):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreUnsignedImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::format):
-        (JSC::ARM64Disassembler::highestBitSet):
-        (JSC::ARM64Disassembler::rotateRight):
-        (JSC::ARM64Disassembler::replicate):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeMoveWide::format):
-        (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchImmediate::format):
-        (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchRegister::format):
-        (OpcodeGroupInitializer):
-        (JSC::ARM64Disassembler::A64DOpcode::init):
-        (JSC::ARM64Disassembler::A64DOpcode::disassemble):
-        * disassembler/ARM64/A64DOpcode.h: Added.
-        (ARM64Disassembler):
-        (A64DOpcode):
-        (OpcodeGroup):
-        (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::OpcodeGroup):
-        (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::setNext):
-        (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::next):
-        (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::matches):
-        (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::format):
-        (JSC::ARM64Disassembler::A64DOpcode::A64DOpcode):
-        (JSC::ARM64Disassembler::A64DOpcode::conditionName):
-        (JSC::ARM64Disassembler::A64DOpcode::shiftName):
-        (JSC::ARM64Disassembler::A64DOpcode::optionName):
-        (JSC::ARM64Disassembler::A64DOpcode::FPRegisterPrefix):
-        (JSC::ARM64Disassembler::A64DOpcode::opcodeGroupNumber):
-        (JSC::ARM64Disassembler::A64DOpcode::is64Bit):
-        (JSC::ARM64Disassembler::A64DOpcode::size):
-        (JSC::ARM64Disassembler::A64DOpcode::option):
-        (JSC::ARM64Disassembler::A64DOpcode::rd):
-        (JSC::ARM64Disassembler::A64DOpcode::rt):
-        (JSC::ARM64Disassembler::A64DOpcode::rn):
-        (JSC::ARM64Disassembler::A64DOpcode::rm):
-        (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName):
-        (JSC::ARM64Disassembler::A64DOpcode::appendSPOrRegisterName):
-        (JSC::ARM64Disassembler::A64DOpcode::appendZROrRegisterName):
-        (JSC::ARM64Disassembler::A64DOpcode::appendSeparator):
-        (JSC::ARM64Disassembler::A64DOpcode::appendCharacter):
-        (JSC::ARM64Disassembler::A64DOpcode::appendString):
-        (JSC::ARM64Disassembler::A64DOpcode::appendShiftType):
-        (JSC::ARM64Disassembler::A64DOpcode::appendSignedImmediate):
-        (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedImmediate):
-        (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedImmediate64):
-        (JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
-        (JSC::ARM64Disassembler::A64DOpcode::appendShiftAmount):
-        (A64DOpcodeAddSubtract):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::cmpName):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::isCMP):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::op):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::sBit):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::opAndS):
-        (A64DOpcodeAddSubtractImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::isMovSP):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::shift):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::immed12):
-        (A64DOpcodeAddSubtractExtendedRegister):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractExtendedRegister::immediate3):
-        (A64DOpcodeAddSubtractShiftedRegister):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::isNeg):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::negName):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::shift):
-        (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::immediate6):
-        (A64DOpcodeBitfield):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::extendPseudoOpNames):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::insertOpNames):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::extractOpNames):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::opc):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::nBit):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::immediateR):
-        (JSC::ARM64Disassembler::A64DOpcodeBitfield::immediateS):
-        (A64DOpcodeConditionalBranchImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::condition):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::immediate19):
-        (A64DOpcodeConditionalSelect):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::opNum):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::op):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::sBit):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::condition):
-        (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::op2):
-        (A64OpcodeExceptionGeneration):
-        (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::opc):
-        (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::op2):
-        (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::ll):
-        (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::immediate16):
-        (A64DOpcodeExtract):
-        (JSC::ARM64Disassembler::A64DOpcodeExtract::op21):
-        (JSC::ARM64Disassembler::A64DOpcodeExtract::nBit):
-        (JSC::ARM64Disassembler::A64DOpcodeExtract::o0Bit):
-        (JSC::ARM64Disassembler::A64DOpcodeExtract::immediateS):
-        (A64DOpcodeHint):
-        (JSC::ARM64Disassembler::A64DOpcodeHint::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeHint::immediate7):
-        (A64DOpcodeLoadStore):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStore::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStore::size):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStore::vBit):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStore::opc):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStore::opNumber):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStore::is64BitRT):
-        (A64DOpcodeLoadStoreImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::unprivilegedOpName):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::unscaledOpName):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::type):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::immediate9):
-        (A64DOpcodeLoadStoreRegisterOffset):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterOffset::option):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterOffset::sBit):
-        (A64DOpcodeLoadStoreUnsignedImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeLoadStoreUnsignedImmediate::immediate12):
-        (A64DOpcodeLogical):
-        (JSC::ARM64Disassembler::A64DOpcodeLogical::opName):
-        (JSC::ARM64Disassembler::A64DOpcodeLogical::opc):
-        (JSC::ARM64Disassembler::A64DOpcodeLogical::nBit):
-        (A64DOpcodeLogicalImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::isTst):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::isMov):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::opNumber):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::shift):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::immediateR):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::immediateS):
-        (A64DOpcodeLogicalShiftedRegister):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::isTst):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::isMov):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::opNumber):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::shift):
-        (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::immediate6):
-        (A64DOpcodeMoveWide):
-        (JSC::ARM64Disassembler::A64DOpcodeMoveWide::opc):
-        (JSC::ARM64Disassembler::A64DOpcodeMoveWide::hw):
-        (JSC::ARM64Disassembler::A64DOpcodeMoveWide::immediate16):
-        (A64DOpcodeUnconditionalBranchImmediate):
-        (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchImmediate::op):
-        (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchImmediate::immediate26):
-        (A64DOpcodeUnconditionalBranchRegister):
-        (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchRegister::opc):
-        * disassembler/ARM64Disassembler.cpp: Added.
-        (JSC::tryToDisassemble):
-
-2012-12-03  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12801180> ARM64 Macro Assembler doesn't generate optimum wide move instruction for mostly negative values
-
-        Reviewed by Phil Pizlo.
-
-        Since the compiler implicitly casts a uint16_t to an int before '~' operator, I changed the check for
-        0xffff from if (~x) to if (x == 0xffff).  Found and fixed a minor ASSERT() error found during debugging.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::moveInternal):
-
-2012-11-28  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12531894> Crash in HeapTimer::didStartVMShutdown exiting AppleTV movie trailer
-
-        Reviewed by Oliver Hunt.
-
-        Added check before use without #ifdef IOS for all uses of m_activityCallback and Heap::activityCallback().
-        Created Heap::synchronizeActivityCallback() so a null m_activityCallback doesn't leak out of a Heap object.
-        Called cancel() directly in DefaultGCActivityCallback::doWork() since we know it is outselves and we don't
-        need to get the activity callback from our heap.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        * heap/Heap.cpp:
-        (JSC::Heap::didAbandon):
-        (JSC::Heap::collect):
-        (JSC::Heap::setGarbageCollectionTimerEnabled):
-        (JSC::Heap::synchronizeActivityCallback):
-        (JSC::Heap::didAllocate):
-        (JSC::Heap::didStartVMShutdown):
-        * heap/Heap.h:
-        (JSC::Heap::synchronizeActivityCallback):
-        * runtime/GCActivityCallback.cpp:
-        (JSC::DefaultGCActivityCallback::doWork):
-
-2012-11-27  Michael Saboff  <msaboff@apple.com>
-
-        Cherry-pick merge of r132546 for <rdar://problem/12636065>.
-
-    2012-10-25  Filip Pizlo  <fpizlo@apple.com>
-
-            REGRESSION (r131793-r131826): Crash going to wikifonia.org
-            https://bugs.webkit.org/show_bug.cgi?id=100281
-
-            Reviewed by Oliver Hunt.
-
-            Restore something that got lost in the resolve refactoring: the ability to give up on life if
-            we see a resolve of 'arguments'.
-
-            * runtime/JSScope.cpp:
-            (JSC::JSScope::resolveContainingScopeInternal):
-
-2012-11-09  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12665471> ARM64 ExtendType enum has types in the wrong order
-
-        Reviewed by Gavin Barraclough.
-
-        Corrected the order of ARM64Assembler::ExtendType to match instruction reference.  The UTX? should appear before
-        the STX? values.
-
-        * assembler/ARM64Assembler.h:
-        ARM64Assembler::ExtendType:
-
-2012-11-09  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12640867> Crash in JSC::Interpreter::execute() running SunSpider
-
-        Reviewed by Gavin Barraclough.
-
-        This is a speculative fix as I can't reproduce this in ToT.  In the JavaScriptCore delivered with 11A207, it
-        appears that x19 is not being saved by ctiTrampoline and is subsequently being clobbered.  This change
-        adds x19 and x20 as calle save registers per the current ABI documents.
-
-        * assembler/ARM64Assembler.h:
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-        (JITStackFrame):
-
-2012-11-07  Joseph Pecoraro  <pecoraro@apple.com>
-
-        <rdar://problem/12640110> CRASH: ARM64 OSRExitCompiler::compileExit -> JSC::MacroAssemblerARM64::push after merging up to r132276
-
-        Patch by Filip Pizlo.
-
-        Use the supported push/pop for ARM64.
-
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-
-2012-11-02  Joseph Pecoraro  <pecoraro@apple.com>
-
-        <rdar://problem/12630041> JavaScriptCore fails to compile for ARM64 after merging up to r132276
-
-        Reviewed by Geoff Garen and Filip Pizlo.
-
-        Update ARM64 after some OpenSource changes when merging up to r132276.
-        
-          r130726:
-            - RegisterFile -> JSStack
-
-          r131426, r131858, r131860:
-            - x32 MacroAssembler refactoring from opPtr to op64 for 64bit
-            - x32 follow up changes and build fix for 64bit refactoring
-
-        * assembler/AbstractMacroAssembler.h:
-        (TrustedImm64):
-        (Imm64):
-        Include generic 64bit code in CPU(ARM64).
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::add64):
-        (JSC::MacroAssemblerARM64::and64):
-        (JSC::MacroAssemblerARM64::neg64):
-        (JSC::MacroAssemblerARM64::or64):
-        (JSC::MacroAssemblerARM64::rotateRight64):
-        (JSC::MacroAssemblerARM64::sub64):
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::load64):
-        (JSC::MacroAssemblerARM64::load64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load64WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store64):
-        (JSC::MacroAssemblerARM64::store64WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::moveDoubleTo64):
-        (JSC::MacroAssemblerARM64::move64ToDouble):
-        (JSC::MacroAssemblerARM64::popToRestore):
-        (JSC::MacroAssemblerARM64::pushToSave):
-        (JSC::MacroAssemblerARM64::branch64):
-        (JSC::MacroAssemblerARM64::branchTest64):
-        (JSC::MacroAssemblerARM64::branchAdd64):
-        (JSC::MacroAssemblerARM64::branchSub64):
-        (JSC::MacroAssemblerARM64::call):
-        (JSC::MacroAssemblerARM64::jump):
-        (JSC::MacroAssemblerARM64::compare64):
-        (JSC::MacroAssemblerARM64::test64):
-        (JSC::MacroAssemblerARM64::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM64::storePtrWithPatch):
-        Rename fooPtr to foo64 where appropriate.
-
-        (JSC::MacroAssemblerARM64::move):
-        Added move for TrustedImm64.
-
-        (JSC::MacroAssemblerARM64::xor64):
-        Simple xor implementation, provided by Gavin!
-
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-        Match x86_64.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        Handle RegisterFile -> JSStack renames.
-
-2012-11-08  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12640555> 11A207/N51: Crash under RegExpObject::match() when loading nytimes.com
-
-        Reviewed by Gavin Barraclough.
-
-        The ABI doesn't define the behavior for the upper bits of a value that takes less than 64 bits.
-        Therefore, we zero extend both the count and length registers to assure that these unsigned values
-        don't have garbage upper bits.  Made the change for X86_64 as it could happen there as well although
-        there isn't any known problem.
-
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generateEnter):
-
-2012-10-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r130418.
-
-    2012-10-04  Benjamin Poulain  <bpoulain@apple.com>
-
-        Use copyLCharsFromUCharSource() for IdentifierLCharFromUCharTranslator translation
-        https://bugs.webkit.org/show_bug.cgi?id=98335
-
-        Reviewed by Michael Saboff.
-
-        Michael Saboff added an optimized version of UChar->LChar conversion in r125846.
-        Use this function in JSC::Identifier.
-
-        * runtime/Identifier.cpp:
-        (JSC::IdentifierLCharFromUCharTranslator::translate):
-
-2012-11-02  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12624771> ARM64 Macro Assembler Logical with immediate instructions should use native immediate instructions
-
-        Reviewed by Oliver Hunt.
-
-        Changed and, or and xor for 32 bit and 64 bit to use LogicalImmediate.  We create a LogicalImmediate and if
-        we can encode the immediate, we generate the immediate version of the instruction, otherwise we fallback to the
-        "put immediate into temp register" form.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::and32):
-        (JSC::MacroAssemblerARM64::andPtr):
-        (JSC::MacroAssemblerARM64::or32):
-        (JSC::MacroAssemblerARM64::orPtr):
-        (JSC::MacroAssemblerARM64::xor32):
-        (JSC::MacroAssemblerARM64::xorPtr):
-
-2012-10-30  Eric Carlson  <eric.carlson@apple.com>
-
-        <rdar://problem/12593706> Support text tracks for in-line video playback
-
-        Reviewed by NOBODY (OOPS!).
-
-        * Configurations/FeatureDefines.xcconfig: Define ENABLE_VIDEO_TRACK.
-
-2012-10-29  Jer Noble  <jer.noble@apple.com>
-
-        <rdar://problem/8978236> Sub-TLF: Support fullscreen API on iOS
-
-        Reviewed by Ian Henderson.
-
-        Enable WebKit Full Screen API by setting ENABLE_FULLSCREEN_API.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-10-30  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12593651> Improve ARM64 Macro Assembler generation of wide moves
-
-        Reviewed by Phil Pizlo.
-
-        Created a new templated helper moveInternal() that can move a 32 or 64 bit literal value into a destination
-        register using the move wide instructions.  This method figures out the minimum number of half words that need to be 
-        loaded by looking for half words that are all zeros or all ones.  Based on that check we choose a movz path or movn
-        path.  The first half word that is filled also fills the whole register and subsequent half words ore filled using
-        the movk instruction.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::move): Changed to use new helper.
-        (JSC::MacroAssemblerARM64::moveInternal): New helper.
-
-2012-10-24  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12566747> ARM64 Macro Assembler: Add support for using immediate ops for all add() and sub() methods
-
-        Reviewed by Phil Pizlo.
-
-        Added code to use 12 bit immediate add, cmp and sub to add, sub and branch instructions
-        where possible.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::isUInt12): Overloaded to take intptr_t.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::addPtr):
-        (JSC::MacroAssemblerARM64::sub32):
-        (JSC::MacroAssemblerARM64::subPtr):
-        (JSC::MacroAssemblerARM64::branch32):
-        (JSC::MacroAssemblerARM64::branchPtr):
-        (JSC::MacroAssemblerARM64::branchAdd32):
-        (JSC::MacroAssemblerARM64::branchAddPtr):
-        (JSC::MacroAssemblerARM64::branchSub32):
-        (JSC::MacroAssemblerARM64::branchSubPtr):
-
-2012-10-24  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12561633> ARM64 Macro Assembler doesn't use load and store imeediate instructions
-
-        Reviewed by Gavin Barraclough.
-
-        To the ARM64 assembler, added helpers to determine if we can use the unsigned scaled and
-        signed unscaled offsets.
-
-        To the ARM64 macro assembler, added templated load and store methods for general registers for
-        both unsigned scaled and signed unscaled offsets to work with all data sizes supported by the
-        architecture.  Added tryLoadWithOffset and tryStoreWithOffset that will generate the approriate
-        load or store instruction and return true if one of the two offset types can be used.
-        Otherwise we fall back to the current method that uses a temp register to calculate the memory address.
-
-        * assembler/ARM64Assembler.h:
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::canEncodePImmOffset):
-        (JSC::ARM64Assembler::canEncodeSImmOffset):
-
-        * assembler/MacroAssemblerARM64.h:
-        Added call to try using an offset load instruction
-        (JSC::MacroAssemblerARM64::loadPtr):
-        (JSC::MacroAssemblerARM64::load32):
-        (JSC::MacroAssemblerARM64::load16):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::loadDouble):
-
-        Added call to try using an offset store instruction
-        (JSC::MacroAssemblerARM64::storePtr):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::storeDouble):
-
-        Added templated load and store methods for unsigned scaled and signed scaled offsets
-        (JSC::MacroAssemblerARM64::loadUnsignedImmediate):
-        (JSC::MacroAssemblerARM64::loadUnscaledImmediate):
-        (JSC::MacroAssemblerARM64::storeUnsignedImmediate):
-        (JSC::MacroAssemblerARM64::storeUnscaledImmediate):
-
-        New try to load/store with an offset instruction methods
-        (JSC::MacroAssemblerARM64::tryLoadWithOffset):
-        (JSC::MacroAssemblerARM64::tryStoreWithOffset):
-
-2012-10-24  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/12561632> ARM64 Assembler doesn't constrain negative immediates when generating instructions
-
-        Reviewed by Gavin Barraclough.
-
-        Masked all signed immediate valuesbefore shifting when creating instructions.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::addSubtractExtendedRegister):
-        (JSC::ARM64Assembler::addSubtractImmediate):
-        (JSC::ARM64Assembler::addSubtractShiftedRegister):
-        (JSC::ARM64Assembler::conditionalCompareImmediate):
-        (JSC::ARM64Assembler::floatingPointImmediate):
-        (JSC::ARM64Assembler::loadRegisterLiteral):
-        (JSC::ARM64Assembler::loadStoreRegisterPostIndex):
-        (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
-        (JSC::ARM64Assembler::loadStoreRegisterUnsignedImmediate):
-        (JSC::ARM64Assembler::logicalShiftedRegister):
-        (JSC::ARM64Assembler::testAndBranchImmediate):
-
-2012-10-19  Filip Pizlo  <fpizlo@apple.com>
-
-        <rdar://problem/12511832> N51: Safari crashes in llint_slow_path_put_by_id while loading apple.com
-
-        Reviewed by Michale Saboff.
-
-        On ARMv7, we know that any offset that we can store into a ptrdiff_t is an offset that we
-        can patch into a non-compact offset load or store, since ptrdiff_t is 32-bit and the
-        non-compact offsets are 32-bit. But on ARM64, the non-compact offsets are 32-bit unsigned,
-        and ptrdiff_t is 64-bit signed. Hence, we can end up manufacturing an offset that cannot be
-        patched.
-        
-        The correct fix is to have the patching machinery defend itself against offsets it knows to
-        be impossible.
-        
-        But the specific reason we were crashing here was because we had a small negative offset.
-        This change makes even those small negative offsets take slow path. That's somewhat
-        unfortunate. In the future, the right fix will be to have non-compact offsets be 32-bit
-        signed rather than 32-bit unsigned. I'll leave that for a future patch.
-        See <rdar://problem/12540077>.
-
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::isPtrAlignedAddressOffset):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::isPtrAlignedAddressOffset):
-        (MacroAssemblerARM64):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::tryCachePutByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-
-2012-10-19  Filip Pizlo  <fpizlo@apple.com>
-
-        <rdar://problem/12538954> N51: MacroAssembler::push and ::pop are incompatible with the stack conventions of ARM64
-
-        Reviewed by Michael Saboff.
-
-        I've fixed this by forcing a distinction between push() used for setting up the stack
-        (which is only used on x86 and will now CRASH() on ARM64) and push() used for doing a
-        quick-and-dirty register spill. The latter is now called pushToSave()/popToRestore(),
-        and does 16 byte alignment on-the-fly. This wastes stack space, but we probably don't
-        care since it's on the slow paths anyway.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::loadStoreRegisterPreIndex):
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        (JSC::MacroAssembler::pushToSave):
-        (JSC::MacroAssembler::popToRestore):
-        * assembler/MacroAssemblerARM64.h:
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::popToRestore):
-        (JSC::MacroAssemblerARM64::pushToSave):
-        (JSC::MacroAssemblerARM64::pushToSAve):
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::emitRestoreScratch):
-        (JSC::DFG::generateProtoChainAccessStub):
-        (JSC::DFG::tryCacheGetByID):
-        (JSC::DFG::emitPutReplaceStub):
-        * dfg/DFGScratchRegisterAllocator.h:
-        (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
-        (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::emitPointerValidation):
-
-2012-10-17  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/12511832> N51: Safari crashes in llint_slow_path_put_by_id while loading apple.com
-
-        Reviewed by Sam Weinig.
-
-        * llint/LowLevelInterpreter64.asm:
-            - Fix mismerge.
-
-2012-10-15  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/12476025> build-webkit --development tries to build WKSI and DRT for x86_64, but only builds WebKit for i386
-
-        Reviewed by David Carson.
-
-        * Configurations/DebugRelease.xcconfig: Use
-        ARCHS_STANDARD_32_64_BIT.
-
-2012-10-05  Filip Pizlo  <fpizlo@apple.com>
-
-        <rdar://problem/12442679> Assertion failure on ToT puzzlebox in JSArray::unshiftCount
-
-        Reviewed by Mark Hahnenberg.
-
-        Either because of a merge glitch or because I'm not a smart person, I put the assertion
-        that should have been in shiftCount (i.e. that count <= length) in unshiftCount instead.
-        So, if you tried to use unshift() to, say, initialize an array, which is a correct albeit
-        silly thing to do, then you'd assert every time.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::shiftCount):
-        (JSC::JSArray::unshiftCount):
-
-2012-10-02  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/12391706> REGRESSION: Crash beneath IncrementalSweeper::doSweep() when running PLT3
-
-        Reviewed by Phil Pizlo.
-
-        From the Radar: We need a "WebSafeIncrementalSweeper" to match  "WebSafeGCActivityCallback" -- it ensures 
-        that callbacks only happen on the web thread, which in turn ensures that the web thread lock has been acquired.
-
-        In JSC, I just exported a few additional symbols and added an explicit out-of-line destructor for IncrementalSweeper
-        to allay any linker errors when inheriting from IncrementalSweeper in WebCore.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::setIncrementalSweeper):
-        (JSC):
-        * heap/Heap.h:
-        (Heap):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::~IncrementalSweeper):
-        (JSC):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-
-2012-10-01  Matt Lilek  <mrl@apple.com>
-
-        <rdar://problem/12268376> SWB: WTF/JSC/WebCore/WebKit build fixes to work with clang-424
-
-        Merge OpenSource r123239, r123989, and r128234.
-
-        Reviewed by Pratik Solanki.
-
-        * parser/NodeConstructors.h:
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.h:
-        (ForInNode):
-        * runtime/PropertyNameArray.h:
-        (JSC::PropertyNameArray::PropertyNameArray):
-        (PropertyNameArray):
-
-2012-10-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Merge OpenSource WebKit r130102.
-
-    2012-10-01  Filip Pizlo  <fpizlo@apple.com>
-    
-            Address a FIXME in JSArray::sort
-            https://bugs.webkit.org/show_bug.cgi?id=98080
-            <rdar://problem/12407844>
-    
-            Reviewed by Oliver Hunt.
-    
-            Get rid of fast sorting of sparse maps. I don't know that it's broken but I do know that we don't
-            have coverage for it. Then also address the FIXME in JSArray::sort regarding side-effecting
-            compare functions.
-    
-            * runtime/ArrayPrototype.cpp:
-            (JSC::arrayProtoFuncSort):
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::sortNumeric):
-            (JSC::JSArray::sort):
-            (JSC::JSArray::compactForSorting):
-            * runtime/JSArray.h:
-            (JSArray):
-            * runtime/JSObject.h:
-            (JSC::JSObject::hasSparseMap):
-            (JSObject):
-    
-2012-09-29  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/12402196> YARR JIT should keep stack aligned on ARM64
-
-        Reviewed by Filip Pizlo.
-
-        This is a better fix for <rdar://problem/12316828>
-
-        * assembler/MacroAssemblerARM64.h:
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::loadPtr):
-        (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32):
-        (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load16):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::storePtr):
-        (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store16):
-        (JSC::MacroAssemblerARM64::store8):
-        (JSC::MacroAssemblerARM64::loadDouble):
-        (JSC::MacroAssemblerARM64::loadFloat):
-        (JSC::MacroAssemblerARM64::storeDouble):
-        (JSC::MacroAssemblerARM64::storeFloat):
-        (JSC::MacroAssemblerARM64::branchTest8):
-            - Revert these changes, they were just working around the stack alignment issue.
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
-        (JSC::Yarr::YarrGenerator::initCallFrame):
-        (JSC::Yarr::YarrGenerator::removeCallFrame):
-            - Add code to keep the stack aligned.
-
-2012-09-29  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/12402175> DFG JIT on ARM64 accidentally disabled
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGGPRInfo.h:
-        (GPRInfo):
-            - Added nonArgGPRs for ARM64.
-
-2012-09-28  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/12316828> Safari crashes in JSC::RegExpObject::match when going to www.apple.com on N51
-
-        Reviewed by Oliver Hunt.
-
-        Bizarre - something seems to have changed, causing base/index addresses with a base of sp to start failing.
-        Will follow up with the architecture teams, for now, make sure we don't do that.
-
-        * assembler/MacroAssemblerARM64.h:
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::load):
-        (JSC::MacroAssemblerARM64::loadh):
-        (JSC::MacroAssemblerARM64::loadb):
-        (JSC::MacroAssemblerARM64::store):
-        (JSC::MacroAssemblerARM64::storeh):
-        (JSC::MacroAssemblerARM64::storeb):
-            - Added wrappers to base/index memory accesses, where the base is sp turn into an add.
-        (JSC::MacroAssemblerARM64::loadPtr):
-        (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32):
-        (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load16):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::storePtr):
-        (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store16):
-        (JSC::MacroAssemblerARM64::store8):
-        (JSC::MacroAssemblerARM64::loadDouble):
-        (JSC::MacroAssemblerARM64::loadFloat):
-        (JSC::MacroAssemblerARM64::storeDouble):
-        (JSC::MacroAssemblerARM64::storeFloat):
-        (JSC::MacroAssemblerARM64::branchTest8):
-            - Changed to use new wrappers.
-
-2012-09-25  Filip Pizlo  <fpizlo@apple.com>
-
-        Merge Open Source WebKit r129577.
-
-    2012-09-25  Filip Pizlo  <fpizlo@apple.com>
-    
-            We shouldn't use the optimized versions of shift/unshift if the user is doing crazy things to the array
-            https://bugs.webkit.org/show_bug.cgi?id=97603
-            <rdar://problem/12370864>
-    
-            Reviewed by Gavin Barraclough.
-    
-            You changed the length behind our backs? No optimizations for you then!
-    
-            * runtime/ArrayPrototype.cpp:
-            (JSC::shift):
-            (JSC::unshift):
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::shiftCount):
-    
-2012-09-19  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/12329156> REGRESSION (Merge1): 56 jscore test failures after merge
-
-        Reviewed by Ian Henderson.
-
-        Make sure shouldInterruptScriptBeforeTimeout is the last field in the struct since we have
-        initialization code that relies on the order.
-
-        * runtime/JSGlobalObject.h:
-        (GlobalObjectMethodTable):
-
-2012-09-18  Pratik Solanki  <psolanki@apple.com>
-
-        Part of <rdar://problem/12317875> JavaScriptCore fails to compile for ARM64 after merge to r122402
-
-        Reviewed by Filip Pizlo.
-
-        r119857 in open source changed SYMBOL_STRING_RELOCATION to LOCAL_REFERENCE. Do the same for
-        ARM64 code.
-
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        * jit/JITStubs.cpp:
-
-2012-09-18  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/12317875> JavaScriptCore fails to compile for ARM64 after merge to r122402
-
-        Patch by Gavin Barraclough.
-        Reviewed by Filip Pizlo.
-
-        Implement ARM64 routines for assembler functionality added in opensource.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::ARM64Assembler):
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::labelIgnoringWatchpoints):
-        (JSC::ARM64Assembler::labelForWatchpoint):
-        (JSC::ARM64Assembler::label):
-        (JSC::ARM64Assembler::replaceWithJump):
-        (JSC::ARM64Assembler::maxJumpReplacementSize):
-        (JSC::ARM64Assembler::replaceWithLoad):
-        (JSC::ARM64Assembler::replaceWithAddressComputation):
-        (JSC::ARM64Assembler::disassembleXOrZrOrSp):
-        (JSC::ARM64Assembler::disassembleAddSubtractImmediate):
-        (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::convertibleLoadPtr):
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::branchTest8):
-        (JSC::MacroAssemblerARM64::replaceWithJump):
-        (JSC::MacroAssemblerARM64::maxJumpReplacementSize):
-
-2012-09-14  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/12304546> DFG JIT for ARM64
-
-        Reviewed by Filip Pizlo.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (AssemblyHelpers):
-        (JSC::DFG::AssemblyHelpers::debugCall):
-            - Calling conventions match a mix of ARMv7 & X86_64.
-        * dfg/DFGCCallHelpers.h:
-        (CCallHelpers):
-            - Calling conventions match a mix of ARMv7 & X86_64.
-        * dfg/DFGFPRInfo.h:
-        (JSC::DFG::FPRInfo::debugName):
-        (DFG):
-        (FPRInfo):
-        (JSC::DFG::FPRInfo::toRegister):
-        (JSC::DFG::FPRInfo::toIndex):
-            - Add ARM64 register assignments.
-        * dfg/DFGGPRInfo.h:
-        (JSC::DFG::GPRInfo::debugName):
-        (GPRInfo):
-        (DFG):
-        (JSC::DFG::GPRInfo::toRegister):
-        (JSC::DFG::GPRInfo::toIndex):
-            - Add ARM64 register assignments.
-        * dfg/DFGOperations.cpp:
-            - Added asm function wrappers.
-        * dfg/DFGOperations.h:
-            - DFGHandler implementation should be related to JSVALUE64, not X86_64.
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-            - compileIntegerArithDivForX86 only exists on X86[_64].
-
-2012-09-14  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/12304570> Fix ARM64 assembler for DFG JIT
-
-        Reviewed by Filip Pizlo.
-
-        * assembler/ARM64Assembler.h:
-            - Updated a comment to correctly document ABI.
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::add32):
-        (JSC::MacroAssemblerARM64::addPtr):
-        (JSC::MacroAssemblerARM64::sub32):
-            - Updated to match other memory ops, use memoryTempRegister for the memory
-              operand rather than dataTempRegister.
-        (JSC::MacroAssemblerARM64::supportsFloatingPoint):
-        (JSC::MacroAssemblerARM64::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM64::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM64::supportsFloatingPointAbs):
-            - Floating point supported is already complete, and appears to work!
-        (JSC::MacroAssemblerARM64::branchAdd32):
-        (JSC::MacroAssemblerARM64::branchNeg32):
-            - Added - required fir DFG JIT.
-
-2012-09-13  Filip Pizlo  <fpizlo@apple.com>
-
-        <rdar://problem/12281506> LLInt for 64-bit ARM
-
-        Reviewed by Gavin Barraclough.
-        
-        Adds an ARM64 backend to the offlineasm, and makes slight modifications to the LLInt
-        so that it understands the nuances of ARM64 ABI.
-        
-        The backend is designed to share as much code as possible with ARMv7. Both backends
-        use the same lowering microphases, which are designed for flexibility rather than
-        speed (the LLInt is, afterall, fairly small, so offlineasm performance is currently
-        a non-goal).
-        
-        Also made a couple slight changes elsehwere: getHostCallReturnValue, which is shared
-        with the DFG, has been updated to support ARM64, and the bytecode generator now
-        emits loop hints even with DFG disabled since it is actually shared between
-        LLInt->JIT OSR and JIT->DFG OSR.
-
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::emitLoopHint):
-        * dfg/DFGOperations.cpp:
-        (JSC):
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LLIntSlowPaths.cpp:
-        (JSC::LLInt::handleHostCall):
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter64.asm:
-        * offlineasm/arm64.rb: Added.
-        * offlineasm/armv7.rb:
-        * offlineasm/backends.rb:
-        * offlineasm/risc.rb:
-        * offlineasm/risc_arm64.rb: Added.
-        * offlineasm/transform.rb:
-        * offlineasm/x86.rb:
-
-2012-09-11  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/12248207> 11A165: safari crashing in JIT code when loading www.apple.com on N51
-
-        Reviewed by Oliver Hunt.
-
-        The JIT trampolines shouldn't fall through from one block of global code to another, in case the
-        linker reorders them.
-
-        * jit/JITStubs.cpp:
-            - Copy ctiOpThrowNotCaught into the tail of ctiTrampoline, to avoid thefallthrough.
-
-2012-09-10  Filip Pizlo  <fpizlo@apple.com>
-
-        Towards <rdar://problem/10293804>: Merged ToT WebKit r128100
-
-    2012-09-10  Filip Pizlo  <fpizlo@apple.com>
-    
-            offlineasm has some impossible to implement, and unused, instructions
-            https://bugs.webkit.org/show_bug.cgi?id=96310
-    
-            Reviewed by Mark Hahnenberg.
-    
-            * offlineasm/armv7.rb:
-            * offlineasm/instructions.rb:
-            * offlineasm/risc.rb:
-            * offlineasm/x86.rb:
-    
-2012-09-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Towards <rdar://problem/10293804>: offlineasm RISC support should not be
-        conflating 'p' (pointer) and 'i' (int32).
-
-        Reviewed by Gavin Barraclough.
-        
-        Though this would have been safe on ARMv7, it's not safe on ARM64.
-
-        * offlineasm/armv7.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/risc.rb:
-
-2012-09-05  Filip Pizlo  <fpizlo@apple.com>
-
-        Towards <rdar://problem/10293804>: refactor offlineasm to support a common
-        infrastructure for RISC targets.
-
-        Reviewed by Geoffrey Garen.
-        
-        This will allow roughly 1/2 of the ARM backend code to be shared between
-        ARMv7 and ARM64.
-
-        * offlineasm/armv7.rb:
-        * offlineasm/instructions.rb:
-        * offlineasm/risc.rb: Added.
-
-2012-08-29  Simon Fraser  <simon.fraser@apple.com>
-
-        Prerequisite for <rdar://problem/11507731> Support sticky layouts
-
-        Merged ToT WebKit r123379.
-
-    2012-07-23  Simon Fraser  <simon.fraser@apple.com>
-    
-            Part 2 of: Implement sticky positioning
-            https://bugs.webkit.org/show_bug.cgi?id=90046
-    
-            Reviewed by Ojan Vafai.
-    
-            Turn on ENABLE_CSS_STICKY_POSITION.
-    
-            * Configurations/FeatureDefines.xcconfig:
-
-2012-08-29  Simon Fraser  <simon.fraser@apple.com>
-
-        Prerequisite for <rdar://problem/11507731> Support sticky layouts
-
-        Merged ToT WebKit r123350.
-
-    2012-07-23  Simon Fraser  <simon.fraser@apple.com>
-    
-            Part 1 of: Implement sticky positioning
-            https://bugs.webkit.org/show_bug.cgi?id=90046
-    
-            Reviewed by Ojan Vafai.
-    
-            Add ENABLE_CSS_STICKY_POSITION, defaulting to off initially.
-            
-            Sort the ENABLE_CSS lines in the file. Make sure all the flags
-            are in FEATURE_DEFINES.
-    
-            * Configurations/FeatureDefines.xcconfig:
-
-2012-08-30  Matt Lilek  <mrl@apple.com>
-
-        <rdar://problem/11960197> SWB: JavaScriptCore-1096 fails to build in Innsbruck with clang-422.2.3: -Wmismatched-tags
-
-        Merge OpenSource r119429, r121986, r126475, r126476, r126481, r126511, and r126515.
-
-        Not reviewed, build fixes.
-
-        * heap/Handle.h:
-        (Handle):
-        * heap/MachineStackMarker.cpp:
-        (JSC::MachineThreads::MachineThreads):
-        * heap/MachineStackMarker.h:
-        (MachineThreads):
-        * jit/JITStubCall.h:
-        (JSC::JITStubCall::JITStubCall):
-        (JITStubCall):
-        * jit/SpecializedThunkJIT.h:
-        (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
-        * jit/ThunkGenerators.cpp:
-        (JSC::charCodeAtThunkGenerator):
-        (JSC::charAtThunkGenerator):
-        (JSC::fromCharCodeThunkGenerator):
-        (JSC::sqrtThunkGenerator):
-        (JSC::floorThunkGenerator):
-        (JSC::ceilThunkGenerator):
-        (JSC::roundThunkGenerator):
-        (JSC::expThunkGenerator):
-        (JSC::logThunkGenerator):
-        (JSC::absThunkGenerator):
-        (JSC::powThunkGenerator):
-        * parser/ASTBuilder.h:
-        (JSC::ASTBuilder::createAssignResolve):
-        (JSC::ASTBuilder::createForLoop):
-        (JSC::ASTBuilder::createForInLoop):
-        (JSC::ASTBuilder::makeAssignNode):
-        (JSC::ASTBuilder::makePrefixNode):
-        (JSC::ASTBuilder::makePostfixNode):
-        * parser/NodeConstructors.h:
-        (JSC::PostfixErrorNode::PostfixErrorNode):
-        (JSC::PrefixErrorNode::PrefixErrorNode):
-        (JSC::AssignResolveNode::AssignResolveNode):
-        (JSC::AssignErrorNode::AssignErrorNode):
-        (JSC::ForNode::ForNode):
-        (JSC::ForInNode::ForInNode):
-        * parser/Nodes.h:
-        (FunctionCallResolveNode):
-        (PostfixErrorNode):
-        (PrefixErrorNode):
-        (ReadModifyResolveNode):
-        (AssignResolveNode):
-        (AssignErrorNode):
-        (ForNode):
-        (ForInNode):
-        * parser/Parser.cpp:
-        (JSC::::parseVarDeclarationList):
-        (JSC::::parseForStatement):
-        * parser/SyntaxChecker.h:
-        (JSC::SyntaxChecker::createAssignResolve):
-        (JSC::SyntaxChecker::createForLoop):
-
-2012-08-29  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
-
-        Reviewed by Filip Pizlo.
-
-        Implement baseline JIT for arm64.
-
-        * jit/JITArithmetic.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-            - Build fix - mark this function as NO_RETURN_DUE_TO_ASSERT.
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::restoreArgumentReferenceForTrampoline):
-            - Same implementation as armv7.
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::privateCompileCTINativeCall):
-            - Implement native call argument setup for arm64.
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-            - Implement asm JIT entry trampolines, stub wrapper.
-        * jit/JITStubs.h:
-        (JITStackFrame):
-        (JSC::JITStackFrame::returnAddressSlot):
-            - arm64 stack frame.
-        * jit/JSInterfaceJIT.h:
-        (JSInterfaceJIT):
-            - Added baseline JIT's static register mapping for arm64.
-
-2012-08-29  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
-
-        Merge opensource r127066.
-
-    2012-08-29  Gavin Barraclough  <barraclough@apple.com>
-
-            PutById uses DataLabel32, not DataLabelCompact
-            https://bugs.webkit.org/show_bug.cgi?id=95245
-
-            Reviewed by Geoff Garen.
-
-            JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
-            since they currently both do the same thing, but if we were to ever make compact mean
-            8-bit this could be a real problem. Also, relying on the object still being in eax
-            on entry to the transition stub isn't very robust - added nonArgGPR1 to at least make
-            this explicit.
-
-            * jit/JITPropertyAccess.cpp:
-            (JSC::JIT::emitSlow_op_put_by_id):
-                - copy regT0 to nonArgGPR1
-            (JSC::JIT::privateCompilePutByIdTransition):
-                - DataLabelCompact -> DataLabel32
-            (JSC::JIT::resetPatchPutById):
-                - reload regT0 from nonArgGPR1
-            * jit/JSInterfaceJIT.h:
-            (JSInterfaceJIT):
-                - added nonArgGPR1
-
-2012-08-28  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
-
-        Reviewed by Filip Pizlo.
-
-        MacroAssemblerARM64 fixes.
-
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::addPtr):
-            - imm should be treated as signed.
-        (JSC::MacroAssemblerARM64::addDouble):
-        (JSC::MacroAssemblerARM64::divDouble):
-        (JSC::MacroAssemblerARM64::mulDouble):
-        (JSC::MacroAssemblerARM64::and32):
-        (JSC::MacroAssemblerARM64::or32):
-        (JSC::MacroAssemblerARM64::orPtr):
-        (JSC::MacroAssemblerARM64::xor32):
-            - 2-op form (src,dest) is equivalent to 3-op (dest,src,dest), not (src,dest,dest)
-              (these are equivalent for comutative operations, but divide was producing the
-              reciprocal result).
-        (JSC::MacroAssemblerARM64::xorPtr):
-            - As above, and renamed from xor64 (oops!)
-        (JSC::MacroAssemblerARM64::loadPtrWithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32WithCompactAddressOffsetPatch):
-            - don't ignore address.offset.
-        (JSC::MacroAssemblerARM64::branch32):
-        (JSC::MacroAssemblerARM64::branchPtr):
-        (JSC::MacroAssemblerARM64::branch8):
-        (JSC::MacroAssemblerARM64::branchTest32):
-        (JSC::MacroAssemblerARM64::branchTestPtr):
-        (JSC::MacroAssemblerARM64::branchMul32):
-            - for branches comparing to memory, use memoryTempRegister for the memory address
-              AND operand value, use dataTempRegister only for immediate operands.
-        (JSC::MacroAssemblerARM64::comparePtr):
-            - This was accidentally the load.
-        (JSC::MacroAssemblerARM64::compare8):
-            - Added missing compare.
-        (JSC::MacroAssemblerARM64::testPtr):
-            - Added missing test.
-        (JSC::MacroAssemblerARM64::breakpoint):
-            - This now works (fastsim was catching the brks).
-        (JSC::MacroAssemblerARM64::readCallTarget):
-            - Added.
-
-2012-08-28  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
-
-        Reviewed by Filip Pizlo.
-
-        Fix trivial bugs in encodeShiftAmount/encodePositiveImmediate/sxtw/uxtw/linkJumpOrCall,
-        detailed descriptions below.
-
-        Add some missing relink/repatch functionality.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::encodeShiftAmount):
-        (JSC::ARM64Assembler::encodePositiveImmediate):
-            - Return type should not be bool - results being saturated to 1-bit!
-        (JSC::ARM64Assembler::sxtw):
-        (JSC::ARM64Assembler::uxtw):
-            - template argument to mnemonic should be 64, no DataSize_64.
-        (JSC::ARM64Assembler::linkPointer):
-        (JSC::ARM64Assembler::repatchPointer):
-        (JSC::ARM64Assembler::repatchInt32):
-        (JSC::ARM64Assembler::readPointer):
-        (JSC::ARM64Assembler::readCallTarget):
-        (JSC::ARM64Assembler::relinkJump):
-        (JSC::ARM64Assembler::relinkCall):
-        (JSC::ARM64Assembler::repatchCompact):
-            - Added missing relink/repatch functionality.
-        (JSC::ARM64Assembler::linkJumpOrCall):
-            - linkJumpOrCall is ignoring 'link'; always producing a jump.
-        (JSC::ARM64Assembler::checkMovk):
-        (JSC::ARM64Assembler::disassembleLoadStoreRegisterUnsignedImmediate):
-            - Internal helper functions, used by relink/repatch methods.
-
-2012-08-22  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/12130658> JavaScriptCore should not use PLATFORM(IOS) for private headers that might be used externally
-
-        Reviewed by Gavin Barraclough.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add "Scrub Installed
-        Headers" build phase script that only scrubs APIShims.h and
-        JSBasePrivate.h, since neither of those were using any WTF
-        macros prior to the fix for <rdar://problem/12129375> in
-        puzzlebox svn r1146513.
-        * scrub-ifdefs.pl: Added.  Copied from
-        Source/WebKit/mac/scrub-ifdefs.pl.
-
-2012-08-20  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/12138735> Innsbruck: JavaScript GC threads leak mach ports, which can cause kernel memory exhaustion when repeatedly allocating and deallocating virtual machines
-
-        Merge iOS r1146731 from Sundance branch to trunk.
-
-    2012-08-20  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/12126411> JavaScript GC threads leak mach ports, which can cause kernel memory exhaustion when repeatedly allocating and deallocating virtual machines
-
-        Reviewed by Gavin Barraclough.
-
-        Used the SPI from <rdar://problem/12118189> to also disable the block freeing thread
-        and to instead eagerly free blocks upon deallocation.
-
-        * debugger/Debugger.cpp:
-        * heap/BlockAllocator.cpp:
-        (JSC::BlockAllocator::BlockAllocator):
-        (JSC::BlockAllocator::~BlockAllocator):
-        * heap/BlockAllocator.h:
-        (JSC::BlockAllocator::deallocate):
-
-2012-08-18  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/12129375> Innsbruck: Add SPI to disable allocation of GC timers (Heap timers leak CFRunLoops and CFRunLoopTimers, which can cause port exhaustion when repeatedly allocating and deallocating virtual machines)
-
-        Merge iOS r1146509 from Sundance branch to trunk.
-
-        * API/tests/testapi.c: Include config.h.
-
-    2012-08-18  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/12118189> Heap timers leak CFRunLoops and CFRunLoopTimers, which can cause port exhaustion when repeatedly allocating and deallocating virtual machines
-
-        Reviewed by Gavin Barraclough.
-
-        Added SPI to allow AppleTV to disable allocation of GC timers, thereby reducing the number of 
-        Mach port leaks.
-
-        * API/APIShims.h:
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
-        * API/JSBase.cpp:
-        (JSDisableGCTimer):
-        * API/JSBasePrivate.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::didAbandon):
-        (JSC::Heap::collect):
-        (JSC::Heap::didAllocate):
-        * runtime/GCActivityCallback.h:
-        (GCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC):
-        * runtime/JSGlobalData.cpp:
-        (JSC::enableAssembler):
-        (JSC::JSGlobalData::~JSGlobalData):
-
-2012-08-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merge open source r121607
-
-    2012-06-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Remove warning about protected values when the Heap is being destroyed
-        https://bugs.webkit.org/show_bug.cgi?id=90302
-
-        Reviewed by Geoffrey Garen.
-
-        Having to do book-keeping about whether values allocated from a certain 
-        VM are or are not protected makes the JSC API much more difficult to use 
-        correctly. Clients should be able to throw an entire VM away and not have 
-        to worry about unprotecting all of the values that they protected earlier.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::lastChanceToFinalize):
-
-2012-07-25  Filip Pizlo  <fpizlo@apple.com>
-
-        <rdar://problem/11952210> REGRESSION (r114511): Some Google Docs spreadsheets cannot be scrolled and go blank when switching sheets
-
-        Reviewed by Gavin Barraclough.
-
-        * dfg/DFGByteCodeParser.cpp:
-        (JSC::DFG::ByteCodeParser::parseBlock):
-
-2012-07-12  Benjamin Poulain  <bpoulain@apple.com>
-
-        <rdar://problem/11766228> Disable CSS3 Flexbox for Sundance
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-07-11  Filip Pizlo  <fpizlo@apple.com>
-
-        <rdar://problem/11854646> LLInt shouldn't rely on ordering of symbols
-
-        Reviewed by Sam Weinig.
-        
-        The bug was caused by our "optimization" to have looping bytecodes drop
-        down to jumping bytecodes. This optimization is wrong because the global
-        LLInt labels may be moved around by the compiler (see Cameron's comment
-        in the linked-to bug).
-        
-        With this change, the LLInt code no longer relies on the ordering of
-        global labels. We still rely on ordering of local labels; but that's
-        just a matter of basic compiler sanity - without it many other things
-        would break.
-
-        * llint/LowLevelInterpreter.asm:
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-07-11  Benjamin Poulain  <bpoulain@apple.com>
-
-        <rdar://problem/11850045> Simplify the copying of JSC ARMv7's LinkRecord (90930)
-        Merge WebKit OpenSource r122347.
-
-    2012-07-11  Benjamin Poulain  <bpoulain@apple.com>
-
-        Simplify the copying of JSC ARMv7's LinkRecord
-        https://bugs.webkit.org/show_bug.cgi?id=90930
-
-        Reviewed by Filip Pizlo.
-
-        The class LinkRecord is used by value everywhere in ARMv7Assembler. The compiler uses
-        memmove() to move the objects.
-
-        The problem is memmove() is overkill for this object, moving the value can be done with
-        3 load-store. This patch adds an operator= to the class doing more efficient copying.
-        This reduces the link time by 19%.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::LinkRecord::LinkRecord):
-        (JSC::ARMv7Assembler::LinkRecord::operator=):
-        (JSC::ARMv7Assembler::LinkRecord::from):
-        (JSC::ARMv7Assembler::LinkRecord::setFrom):
-        (JSC::ARMv7Assembler::LinkRecord::to):
-        (JSC::ARMv7Assembler::LinkRecord::type):
-        (JSC::ARMv7Assembler::LinkRecord::linkType):
-        (JSC::ARMv7Assembler::LinkRecord::setLinkType):
-        (JSC::ARMv7Assembler::LinkRecord::condition):
-
-2012-07-10  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/11844717> javascript logging "scheduled GC timer for n seconds" while running scripter
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::scheduleTimer):
-            - remove accidentally landed dataLog
-
-2012-07-07  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/11231897> NFX: Entering Netflix while a match song is playing caused an AppleTV crash
-
-        Merge r121381
-
-    2012-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSLock should be per-JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=89123
-
-        Reviewed by Geoffrey Garen.
-
-        * API/APIShims.h:
-        (APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
-        determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
-        HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
-        JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
-        its destruction has begun. 
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APIEntryShim::APIEntryShim):
-        (APIEntryShim):
-        (JSC::APIEntryShim::~APIEntryShim):
-        (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
-        Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
-        and before we've released it, which can only done in APIEntryShim.
-        (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRelease):
-        (JSContextCreateBacktrace):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        * heap/Heap.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::collect):
-        (JSC::Heap::setActivityCallback):
-        (JSC::Heap::activityCallback):
-        (JSC::Heap::sweeper):
-        * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
-        are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
-        and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
-        prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
-        (Heap):
-        * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::invalidate):
-        (JSC):
-        (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
-        that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
-        HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
-        (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
-        out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
-        but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
-        we were interrupted between releasing our mutex and trying to grab the APILock.
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
-        all of that for us. 
-        (JSC::IncrementalSweeper::create):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::reap):
-        * jsc.cpp:
-        (functionGC):
-        (functionReleaseExecutableMemory):
-        (jscmain):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/GCActivityCallback.h:
-        (DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
-        that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
-        it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
-        APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
-        (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
-        (JSC::JSGlobalData::sharedInstanceInternal):
-        * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
-        de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
-        (JSGlobalData):
-        (JSC::JSGlobalData::apiLock):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::init):
-        * runtime/JSLock.cpp:
-        (JSC):
-        (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
-        (JSC::GlobalJSLock::~GlobalJSLock):
-        (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
-        it can successfully unlock it later without it disappearing from underneath it.
-        (JSC::JSLockHolder::~JSLockHolder):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::~JSLock):
-        (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
-        actually waiting for long periods. 
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::currentThreadIsHoldingLock):
-        (JSC::JSLock::dropAllLocks):
-        (JSC::JSLock::dropAllLocksUnconditionally):
-        (JSC::JSLock::grabAllLocks):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-        * runtime/JSLock.h:
-        (JSC):
-        (GlobalJSLock):
-        (JSLockHolder):
-        (JSLock):
-        (DropAllLocks):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::set):
-        * testRegExp.cpp:
-        (realMain):
-
-2012-07-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Roll out r1135419
-
-        Caused a variety of issues, including deadlocks and animation performance degradation.
-
-2012-07-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        <rdar://problem/11231897> NFX: Entering Netflix while a match song is playing caused an AppleTV crash
-
-        Merge r121381
-
-    2012-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        JSLock should be per-JSGlobalData
-        https://bugs.webkit.org/show_bug.cgi?id=89123
-
-        Reviewed by Geoffrey Garen.
-
-        * API/APIShims.h:
-        (APIEntryShimWithoutLock):
-        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to 
-        determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the 
-        HeapTimer class because timerDidFire could run after somebody has started to tear down that particular 
-        JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after 
-        its destruction has begun. 
-        (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
-        (JSC::APIEntryShim::APIEntryShim):
-        (APIEntryShim):
-        (JSC::APIEntryShim::~APIEntryShim):
-        (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
-        Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
-        and before we've released it, which can only done in APIEntryShim.
-        (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        (JSGlobalContextCreateInGroup):
-        (JSGlobalContextRelease):
-        (JSContextCreateBacktrace):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * heap/CopiedSpace.cpp:
-        (JSC::CopiedSpace::tryAllocateSlowCase):
-        * heap/Heap.cpp:
-        (JSC::Heap::protect):
-        (JSC::Heap::unprotect):
-        (JSC::Heap::collect):
-        (JSC::Heap::setActivityCallback):
-        (JSC::Heap::activityCallback):
-        (JSC::Heap::sweeper):
-        * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they 
-        are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
-        and the IncrementalSweeper to make sure they're the last things that get initialized during construction to 
-        prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
-        (Heap):
-        * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
-        (JSC::HeapTimer::~HeapTimer):
-        (JSC::HeapTimer::invalidate):
-        (JSC):
-        (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread 
-        that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the 
-        HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
-        (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
-        out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
-        but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case 
-        we were interrupted between releasing our mutex and trying to grab the APILock.
-        * heap/HeapTimer.h:
-        (HeapTimer):
-        * heap/IncrementalSweeper.cpp:
-        (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles 
-        all of that for us. 
-        (JSC::IncrementalSweeper::create):
-        * heap/IncrementalSweeper.h:
-        (IncrementalSweeper):
-        * heap/MarkedAllocator.cpp:
-        (JSC::MarkedAllocator::allocateSlowCase):
-        * heap/WeakBlock.cpp:
-        (JSC::WeakBlock::reap):
-        * jsc.cpp:
-        (functionGC):
-        (functionReleaseExecutableMemory):
-        (jscmain):
-        * runtime/Completion.cpp:
-        (JSC::checkSyntax):
-        (JSC::evaluate):
-        * runtime/GCActivityCallback.h:
-        (DefaultGCActivityCallback):
-        (JSC::DefaultGCActivityCallback::create):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
-        that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity 
-        it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the 
-        APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
-        (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
-        (JSC::JSGlobalData::sharedInstanceInternal):
-        * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and 
-        de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
-        (JSGlobalData):
-        (JSC::JSGlobalData::apiLock):
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::~JSGlobalObject):
-        (JSC::JSGlobalObject::init):
-        * runtime/JSLock.cpp:
-        (JSC):
-        (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
-        (JSC::GlobalJSLock::~GlobalJSLock):
-        (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that 
-        it can successfully unlock it later without it disappearing from underneath it.
-        (JSC::JSLockHolder::~JSLockHolder):
-        (JSC::JSLock::JSLock):
-        (JSC::JSLock::~JSLock):
-        (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for 
-        actually waiting for long periods. 
-        (JSC::JSLock::unlock):
-        (JSC::JSLock::currentThreadIsHoldingLock):
-        (JSC::JSLock::dropAllLocks):
-        (JSC::JSLock::dropAllLocksUnconditionally):
-        (JSC::JSLock::grabAllLocks):
-        (JSC::JSLock::DropAllLocks::DropAllLocks):
-        (JSC::JSLock::DropAllLocks::~DropAllLocks):
-        * runtime/JSLock.h:
-        (JSC):
-        (GlobalJSLock):
-        (JSLockHolder):
-        (JSLock):
-        (DropAllLocks):
-        * runtime/WeakGCMap.h:
-        (JSC::WeakGCMap::set):
-        * testRegExp.cpp:
-        (realMain):
-
-2012-06-28  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/11699761> REGRESSION: Web thread hangs beneath XHR ready state change handler @ *.blogspot.com (JIT only)
-
-        Merge r121466
-
-    2012-06-28  Oliver Hunt  <oliver@apple.com>
-
-        32bit DFG incorrectly claims an fpr is fillable even if it has not been proven double
-        https://bugs.webkit.org/show_bug.cgi?id=90127
-
-        Reviewed by Filip Pizlo.
-
-        The 32-bit version of fillSpeculateDouble doesn't handle Number->fpr loads
-        correctly.  This patch fixes this by killing the fill info in the GenerationInfo
-        when the spillFormat doesn't guarantee the value is a double.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
-
-2012-06-27  Benjamin Poulain  <bpoulain@apple.com>
-
-        Add back CSS Flexbox temporarily
-
-        * ChangeLog:
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-06-06  Mark Rowe  <mrowe@apple.com>
-
-        Merge r118995.
-
-    2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-        Really provide error information with the inspector disabled
-        https://bugs.webkit.org/show_bug.cgi?id=87910
-
-        Reviewed by Filip Pizlo.
-
-        Don't bother checking for anything other than pre-existing error info.
-        In the absence of complete line number information you'll only get the
-        line a function starts on, but at least it's something.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::throwException):
-
-2012-06-06  Mark Rowe  <mrowe@apple.com>
-
-        Merge r118992.
-
-    2012-05-30  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt broken on x86-32 with JIT turned off
-        https://bugs.webkit.org/show_bug.cgi?id=87906
-
-        Reviewed by Geoffrey Garen.
-        
-        Fixed the code to not clobber registers that contain important things, like the call frame.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-31  Tim Horton  <timothy_horton@apple.com>
-
-        Add feature defines for web-facing parts of CSS Regions and Exclusions
-        https://bugs.webkit.org/show_bug.cgi?id=87442
-        <rdar://problem/10887709>
-
-        Reviewed by Dan Bernstein.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-05-30  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 118956
-
-    2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-            DFG does not correctly handle exceptions caught in the LLInt
-            https://bugs.webkit.org/show_bug.cgi?id=87885
-
-            Reviewed by Filip Pizlo.
-
-            Make the DFG use genericThrow, rather than reimplementing a small portion of it.
-            Also make the LLInt slow paths validate that their PC is correct.
-
-            * dfg/DFGOperations.cpp:
-            * llint/LLIntSlowPaths.cpp:
-            (LLInt):
-
-2012-05-30  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 118810
-
-    2012-05-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            CopiedSpace::doneCopying could start another collection
-            https://bugs.webkit.org/show_bug.cgi?id=86538
-
-            Reviewed by Geoffrey Garen.
-
-            It's possible that if we don't have anything at the head of to-space 
-            after a collection and the BlockAllocator doesn't have any fresh blocks 
-            to give us right now we could start another collection while still in 
-            the middle of the first collection when we call CopiedSpace::addNewBlock(). 
-
-            One way to resolve this would be to have Heap::shouldCollect() check that 
-            m_operationInProgress is NoOperation. This would prevent the path in 
-            getFreshBlock() that starts the collection if we're already in the middle of one.
-
-            I could not come up with a test case to reproduce this crash on ToT.
-
-            * heap/Heap.h:
-            (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
-            of a collection, i.e. the current operation should be NoOperation.
-
-2012-05-30  Lucas Forschler  <lforschler@apple.com>
-
-    Merge <rdar://problem/11519288>
-
-2012-05-21  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 117523
-
-    2012-05-17  Filip Pizlo  <fpizlo@apple.com>
-
-            Setting array index -1 and looping over array causes bad behavior
-            https://bugs.webkit.org/show_bug.cgi?id=86733
-            <rdar://problem/11477670>
-
-            Reviewed by Oliver Hunt.
-
-            * dfg/DFGOperations.cpp:
-
-2012-05-21  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 117193
-
-    2012-05-15  Oliver Hunt  <oliver@apple.com>
-
-            Make error information available even if all we have is line number information.
-            https://bugs.webkit.org/show_bug.cgi?id=86547
-
-            Reviewed by Filip Pizlo.
-
-            We don't need expression information to generate useful line, file, and stack information,
-            so only require that we have line number info available.
-
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::throwException):
-            * runtime/Executable.h:
-            (JSC):
-
-2012-05-21  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 117201
-
-    2012-05-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Block freeing thread should not free blocks when we are actively requesting them
-            https://bugs.webkit.org/show_bug.cgi?id=86519
-
-            Reviewed by Geoff Garen.
-
-            * heap/BlockAllocator.h:
-            (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done 
-            while we hold the lock to ensure proper locking.
-
-2012-05-21  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 117183
-
-    2012-05-15  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Block freeing thread should not free blocks when we are actively requesting them
-            https://bugs.webkit.org/show_bug.cgi?id=86519
-
-            Reviewed by Geoffrey Garen.
-
-            The block freeing thread shoots us in the foot if it decides to run while we're actively 
-            requesting blocks and returning them. This situation can arise when there is a lot of copying 
-            collection going on in steady state. We allocate a large swath of pages to copy into, then we 
-            return all the newly free old pages to the BlockAllocator. In this state, if the block freeing 
-            thread wakes up in between collections (which is more likely than it waking up during a 
-            collection) and frees half of these pages, they will be needed almost immediately during the 
-            next collection, causing a storm of VM allocations which we know are going to be very slow.
-
-            What we'd like is for when things have quieted down the block freeing thread can then return 
-            memory to the OS. Usually this will be when a page has fully loaded and has a low allocation 
-            rate. In this situation, our opportunistic collections will only be running at least every few 
-            seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say, 
-            while a page is loading.
-
-            * heap/BlockAllocator.cpp:
-            (JSC::BlockAllocator::BlockAllocator): Initialize our new field.
-            (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently.
-            If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out 
-            on an update, we'll see it when we wake up again.
-            * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests.
-            (BlockAllocator):
-            (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks 
-            that to true. We don't bother locking since we assume that writing to a bool is atomic.
-
-2012-06-10  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/11634375> Debug code in JSC::Heap::getConservativeRegisterRoots() doesn't match ToT WebKit
-
-        Reviewed by David Carson.
-
-        The JSC::Heap::getConservativeRegisterRoots() method was added
-        in ToT WebKit r89885 and its assertion has never changed on ToT.
-        The current iOS code was added in iOS WebKit r1047630 for
-        Telluride because isValidThreadState() wasn't merged back to iOS
-        WebKit at the time.
-
-        This change reverts iOS WebKit r1047630.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::getConservativeRegisterRoots): Replace temporary
-        debug code merged for Telluride with assertion from ToT WebKit.
-
-2012-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/11621272> Math.pow is inaccurate on iOS
-
-        Merged ToT WebKit r119775
-
-    2012-06-07  Gavin Barraclough  <barraclough@apple.com>
-
-            Math.pow on iOS does not support denormal numbers.
-            https://bugs.webkit.org/show_bug.cgi?id=88592
-
-            Reviewed by Filip Pizlo.
-
-            Import an implementation from fdlibm, detect cases where it is safe to use the system
-            implementation & where we should fall back to fdlibm.
-
-            * runtime/MathObject.cpp:
-            (JSC::isDenormal):
-            (JSC::isEdgeCase):
-            (JSC::mathPow):
-                - On iOS, detect cases where denormal support may be required & use fdlibm in these cases.
-            (JSC::mathProtoFuncPow):
-                - Changed to use mathPow.
-            (JSC::fdlibmScalbn):
-            (JSC::fdlibmPow):
-                - These functions imported from fdlibm; original style retained to ease future merging.
-
-2012-06-06  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/11340413> Iteration order of properties of global object is not stable between global/eval code.
-
-        Merged ToT WebKit r119623
-
-    2012-06-06  Gavin Barraclough  <barraclough@apple.com>
-    
-            Assigning to a static property should not change iteration order
-            https://bugs.webkit.org/show_bug.cgi?id=88401
-    
-            Reviewed by Geoff Garen.
-    
-            A specific iteration order is not defined by the spec, but test-262 somewhat tenuously
-            requires that it is at least stable, e.g. ch10/10.4/10.4.2/S10.4.2_A1.1_T1.js
-    
-            Whilst it is not clear that this behavior really arises from the specification, it
-            would seem like common sense to conform to this.
-    
-            The problem here is that we allow properties in the structure to shadow those in the
-            static table, and we iterate the properties in the structure first - which means that
-            as values of existing properties are modified, their iteration order changes too.
-    
-            The easy fix is to iterate the properties from the static table first. This has a
-            further benefit, since it will mean that user added properties will come after those
-            present in the static table (respected the expected insertion-order).
-    
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::getOwnPropertyNames):
-                - Iterate static properties first.
-
-2012-06-06  Michael Saboff  <msaboff@apple.com>
-
-    <rdar://problem/11607363> Merge: JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection
-
-    Merge r117729, r117860 andr118239 from OpenSource WebKit.
-
-        2012-05-20  Michael Saboff  <msaboff@apple.com>
-
-        JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection
-        https://bugs.webkit.org/show_bug.cgi?id=86553
-
-        Reviewed by Gavin Barraclough.
-
-        Scratch buffers can contain the only reference to live objects.
-        Therefore visit scratch buffer contents as conservative roots.
-        Changed the scratch buffers to be a struct with an "active"
-        length and the actual buffer.  The users of the scratch
-        buffer emit code where needed to set and clear the active
-        length as appropriate.  During marking, the active count is
-        used for conservative marking.
-
-        * dfg/DFGAssemblyHelpers.h:
-        (JSC::DFG::AssemblyHelpers::debugCall):
-        * dfg/DFGOSRExitCompiler32_64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOSRExitCompiler64.cpp:
-        (JSC::DFG::OSRExitCompiler::compileExit):
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGOperations.h:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::gatherConservativeRoots):
-        * runtime/JSGlobalData.h:
-        (JSC::ScratchBuffer::ScratchBuffer):
-        (ScratchBuffer):
-        (JSC::ScratchBuffer::allocationSize):
-        (JSC::ScratchBuffer::setActiveLength):
-        (JSC::ScratchBuffer::activeLength):
-        (JSC::ScratchBuffer::activeLengthPtr):
-        (JSC::ScratchBuffer::dataBuffer):
-        (JSGlobalData):
-        (JSC::JSGlobalData::scratchBufferForSize):
-
-    2012-05-21  Michael Saboff  <msaboff@apple.com>
-
-        Cleanup of Calls to operationStrCat and operationNewArray and Use Constructor after r117729
-        https://bugs.webkit.org/show_bug.cgi?id=87027
-
-        Reviewed by Oliver Hunt.
-
-        Change calls to operationStrCat and operationNewArray to provide the
-        pointer to the EncodedJSValue* data buffer instead of the ScratchBuffer
-        that contains it.  Added a ScratchBuffer::create() function.
-        This is a clean-up to r117729.
-
-        * dfg/DFGOperations.cpp:
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * runtime/JSGlobalData.h:
-        (JSC::ScratchBuffer::create):
-        (JSC::ScratchBuffer::dataBuffer):
-        (JSC::JSGlobalData::scratchBufferForSize):
-
-    2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-        Every OSR exit on ARM results in a crash
-        https://bugs.webkit.org/show_bug.cgi?id=87307
-
-        Reviewed by Geoffrey Garen.
-
-        * dfg/DFGThunks.cpp:
-        (JSC::DFG::osrExitGenerationThunkGenerator):
-
-2012-06-06  Mark Lam  <mark.lam@apple.com>
-
-        <rdar://problem/11578367> ASSERTION FAILED: key->isIdentifier() under operationGetByIdOptimizeWithReturnAddress @ my.yahoo.com
-
-        Merge http://trac.webkit.org/changeset/118257
-
-    2012-05-23  Filip Pizlo  <fpizlo@apple.com>
-
-            It should be possible to make C function calls from DFG code on ARM in debug mode
-            https://bugs.webkit.org/show_bug.cgi?id=87313
-
-            Reviewed by Gavin Barraclough.
-
-            * dfg/DFGSpeculativeJIT.h:
-            (SpeculativeJIT):
-
-2012-06-05  Michael Saboff  <msaboff@apple.com>
-
-    <rdar://problem/11600087> MERGE: Entry into JSC should CRASH() if the Heap is busy
-
-    Merge r119518 from OpenSource WebKit.
-
-        2012-06-05  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Entry into JSC should CRASH() if the Heap is busy
-        https://bugs.webkit.org/show_bug.cgi?id=88355
-
-        Reviewed by Geoffrey Garen.
-
-        Interpreter::execute() returns jsNull() right now if we try to enter it while
-        the Heap is busy (e.g. with a collection), which is okay, but some code paths
-        that call Interpreter::execute() allocate objects before checking if the Heap
-        is busy. Attempting to execute JS code while the Heap is busy should not be
-        allowed and should be enforced by a release-mode CRASH() to prevent vague,
-        unhelpful backtraces later on if somebody makes a mistake. Normally, recursively
-        executing JS code is okay, e.g. for evals, but it should not occur during a
-        Heap allocation or collection because the Heap is not guaranteed to be in a
-        consistent state (especially during collections). We are protected from
-        executing JS on the same Heap concurrently on two separate threads because
-        they must each take a JSLock first. However, we are not protected from reentrant
-        execution of JS on the same thread because JSLock allows reentrancy. Therefore,
-        we should fail early if we detect an entrance into JS code while the Heap is busy.
-
-        * heap/Heap.cpp: Changed Heap::collect so that it sets the m_operationInProgress field
-        at the beginning of collection and then unsets it at the end so that it is set at all
-        times throughout the duration of a collection rather than sporadically during various
-        phases. There is no reason to unset during a collection because our collector does
-        not currently support running additional JS between the phases of a collection.
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute): Crash if the Heap is busy.
-        * runtime/Completion.cpp: Crash if the Heap is busy. We do it here before we call
-        Interpreter::execute() because we do some allocation prior to calling execute() which
-        could cause Heap corruption if, for example, that allocation caused a collection.
-        (JSC::evaluate):
-
-2012-06-03  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/11585758> Complete MacroAssemblerARM64
-
-        Reviewed by Filip Pizlo.
-
-        The new MacroAssembler is currently missing some support for features not required by the
-        Yarr JIT. This patch implements all the features stubbed out in the initial implementation,
-        specifically floating point, compare/test, memory accesses -WithMemoryOffsetPatch, and Call
-        repatching.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::ARM64Assembler::linkPointer):
-            - Now implemented in terms of repatchPointer.
-        (JSC::ARM64Assembler::repatchPointer):
-            - Added, called by ARM64Assembler::repatchCall.
-        * assembler/MacroAssemblerARM64.h:
-        (JSC::MacroAssemblerARM64::loadPtr):
-        (JSC::MacroAssemblerARM64::load32):
-        (JSC::MacroAssemblerARM64::load16):
-        (JSC::MacroAssemblerARM64::load16Signed):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::load8Signed):
-        (JSC::MacroAssemblerARM64::storePtr):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::store16):
-        (JSC::MacroAssemblerARM64::store8):
-            - Replace some nasty casting & move() with signExtend32ToPtr().
-        (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::loadPtrWithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
-            - Implemented, using new signExtend32ToPtrWithFixedWidth method.
-        (JSC::MacroAssemblerARM64::absDouble):
-        (JSC::MacroAssemblerARM64::addDouble):
-        (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARM64::branchDouble):
-        (JSC::MacroAssemblerARM64::branchDoubleNonZero):
-        (JSC::MacroAssemblerARM64::branchDoubleZeroOrNaN):
-        (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerARM64::branchTruncateDoubleToUint32):
-        (JSC::MacroAssemblerARM64::convertDoubleToFloat):
-        (JSC::MacroAssemblerARM64::convertFloatToDouble):
-        (JSC::MacroAssemblerARM64::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM64::divDouble):
-        (JSC::MacroAssemblerARM64::loadDouble):
-        (JSC::MacroAssemblerARM64::loadFloat):
-        (JSC::MacroAssemblerARM64::moveDouble):
-        (JSC::MacroAssemblerARM64::moveDoubleToPtr):
-        (JSC::MacroAssemblerARM64::movePtrToDouble):
-        (JSC::MacroAssemblerARM64::mulDouble):
-        (JSC::MacroAssemblerARM64::negateDouble):
-        (JSC::MacroAssemblerARM64::sqrtDouble):
-        (JSC::MacroAssemblerARM64::storeDouble):
-        (JSC::MacroAssemblerARM64::storeFloat):
-        (JSC::MacroAssemblerARM64::subDouble):
-        (JSC::MacroAssemblerARM64::truncateDoubleToInt32):
-        (JSC::MacroAssemblerARM64::truncateDoubleToUint32):
-            - Implemented floating point operations.
-        (JSC::MacroAssemblerARM64::compare32):
-        (JSC::MacroAssemblerARM64::comparePtr):
-        (JSC::MacroAssemblerARM64::test32):
-        (JSC::MacroAssemblerARM64::test8):
-            - Implemented compare/test operations.
-        (JSC::MacroAssemblerARM64::signExtend32ToPtrWithFixedWidth):
-            - Used to implement WithAddressOffsetPatch memory accesses.
-        (JSC::MacroAssemblerARM64::repatchCall):
-            - Implemented using new repatchPointer methods.
-
-2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/11569194> MERGE: CrashTracer: 270 crashes in WebProcess at com.apple.JavaScriptCore: llint_op_jfalse + 69
-
-    Merged ToT WebKit r118956
-
-    2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-        DFG does not correctly handle exceptions caught in the LLInt
-        https://bugs.webkit.org/show_bug.cgi?id=87885
-
-        Reviewed by Filip Pizlo.
-
-        Make the DFG use genericThrow, rather than reimplementing a small portion of it.
-        Also make the LLInt slow paths validate that their PC is correct.
-
-        * dfg/DFGOperations.cpp:
-        * llint/LLIntSlowPaths.cpp:
-        (LLInt):
-
-2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/11561506> ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it (87887)
-
-    Merged ToT WebKit r118960 and r118966
-
-    2012-05-30  Filip Pizlo  <fpizlo@apple.com>
-
-        ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
-        https://bugs.webkit.org/show_bug.cgi?id=87887
-
-        Reviewed by Darin Adler.
-        
-        Better fix - we now never call SourceProvider::asID() if SourceProvider* is 0.
-
-        * parser/Nodes.h:
-        (JSC::ScopeNode::sourceID):
-        * parser/SourceCode.h:
-        (JSC::SourceCode::providerID):
-        (SourceCode):
-        * parser/SourceProvider.h:
-        (SourceProvider):
-        (JSC::SourceProvider::asID):
-        * runtime/Executable.h:
-        (JSC::ScriptExecutable::sourceID):
-
-    2012-05-30  Filip Pizlo  <fpizlo@apple.com>
-
-        ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
-        https://bugs.webkit.org/show_bug.cgi?id=87887
-
-        Reviewed by Geoffrey Garen.
-
-        * parser/SourceProvider.h:
-        (JSC::SourceProvider::asID):
-
-2012-05-30  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/11524413> MERGE: MailCompositionService CRASH()'d once in JavaScriptCore: JSC::Heap::markRoots
-
-    Merged ToT WebKit r118810.
-
-    2012-05-29  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        CopiedSpace::doneCopying could start another collection
-        https://bugs.webkit.org/show_bug.cgi?id=86538
-
-        Reviewed by Geoffrey Garen.
-
-        It's possible that if we don't have anything at the head of to-space 
-        after a collection and the BlockAllocator doesn't have any fresh blocks 
-        to give us right now we could start another collection while still in 
-        the middle of the first collection when we call CopiedSpace::addNewBlock(). 
-
-        One way to resolve this would be to have Heap::shouldCollect() check that 
-        m_operationInProgress is NoOperation. This would prevent the path in 
-        getFreshBlock() that starts the collection if we're already in the middle of one.
-
-        I could not come up with a test case to reproduce this crash on ToT.
-
-        * heap/Heap.h:
-        (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
-        of a collection, i.e. the current operation should be NoOperation.
-
-2012-05-30  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/11561724> iOS: LLInt broken on x86-32 with JIT turned off (87906)
-
-        Merged ToT WebKit r118992.
-
-    2012-05-30  Filip Pizlo  <fpizlo@apple.com>
-
-        LLInt broken on x86-32 with JIT turned off
-        https://bugs.webkit.org/show_bug.cgi?id=87906
-
-        Reviewed by Geoffrey Garen.
-        
-        Fixed the code to not clobber registers that contain important things, like the call frame.
-
-        * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-27  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/11543239> Complete ARM64Assembler
-
-        Reviewed by Oliver Hunt & Filip Pizlo.
-
-        Primarily this patch adds support for the ARMv8 floating point instruction set.
-        In addition, there were a few integer instructions that were missing, and that
-        we'll likely want: hlt (this is useful as a I'm-really-not-kidding breakpoint,
-        since the userspace debugger takes a casual disinterest in brk instructions),
-        ldr/ldrsw literal (PC relative), conditional compare & select instructions, and
-        logical operations with immediate operands (which includes the movi alias).
-
-        Also, there were a couple of bits of cleanup that were necessitated by this
-        patch. The marshalling of parameters for load/store formatters was a bit of a
-        mess (lots of meaningless magic numbers), I've added a MemOpSize enum & some
-        helper macros & functions to clean this up, as a part of which the macro 'SF'
-        has been renamed to the still terse but slightly more descriptive 'DATASIZE'.
-
-        Finally, it made sense to rename the floating point registers to better match
-        the naming used for the integer registers. In ARMv8 the integer registers are
-        referred to as Wn or Xn for 32-bit or 64-bit respectively, or Rn to refer to a
-        general purpose register without indicating a size. The floating point / SIMD
-        registers are referred to as Bn, Hn, Sn, Dn, and Qn when indicating a size, or
-        Vn more abstractly. We were using the naming scheme of labeling the general
-        purpose registers as x0..x30 and the floating point registers as v0..v31,
-        which mixes use of the largest concrete register size with the abstract name.
-        I've sided with using the largest concrete register size (hence q0..q31)
-        since the names rN, vN seem generic and ambiguous within the compiler as a
-        whole, whereas xN, qN seem a little more distinctive and easily identifiable.
-
-        * assembler/ARM64Assembler.h:
-        (JSC::isUInt5):
-        (JSC):
-        (UInt5):
-        (JSC::UInt5::UInt5):
-        (JSC::UInt5::operator int):
-            - Added, used by ccmn/ccmp.
-        (LogicalImmediate):
-        (JSC::LogicalImmediate::create32):
-        (JSC::LogicalImmediate::create64):
-        (JSC::LogicalImmediate::value):
-        (JSC::LogicalImmediate::isValid):
-        (JSC::LogicalImmediate::is64bit):
-        (JSC::LogicalImmediate::LogicalImmediate):
-        (JSC::LogicalImmediate::mask):
-        (JSC::LogicalImmediate::partialHSB):
-        (JSC::LogicalImmediate::highestSetBit):
-        (JSC::LogicalImmediate::findBitRange):
-        (JSC::LogicalImmediate::encodeLogicalImmediate):
-            - Type used to identify values that can be encoded as logical immediates,
-              and to encode them appropriately.
-        (JSC::ARM64Assembler::invert):
-            - Moved from MacroAssemblerARM64; used by some alias mnemonics.
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::canEncodeFPImm):
-        (JSC::ARM64Assembler::encodeFPImm):
-            - Methods used to identify values that can be encoded as floating-point,
-              immediates and to encode them appropriately.
-        (JSC::ARM64Assembler::encodeShiftAmount):
-        (JSC::ARM64Assembler::encodePositiveImmediate):
-            - Methods to assist in formatting of load/store instructions.
-        (JSC::ARM64Assembler::adc):
-        (JSC::ARM64Assembler::add):
-        (JSC::ARM64Assembler::and_):
-        (JSC::ARM64Assembler::asrv):
-        (JSC::ARM64Assembler::bfm):
-        (JSC::ARM64Assembler::bic):
-        (JSC::ARM64Assembler::cbnz):
-        (JSC::ARM64Assembler::cbz):
-        (JSC::ARM64Assembler::ccmn):
-        (JSC::ARM64Assembler::ccmp):
-        (JSC::ARM64Assembler::cinc):
-        (JSC::ARM64Assembler::cinv):
-        (JSC::ARM64Assembler::cls):
-        (JSC::ARM64Assembler::clz):
-        (JSC::ARM64Assembler::cneg):
-        (JSC::ARM64Assembler::csel):
-        (JSC::ARM64Assembler::cset):
-        (JSC::ARM64Assembler::csetm):
-        (JSC::ARM64Assembler::csinc):
-        (JSC::ARM64Assembler::csinv):
-        (JSC::ARM64Assembler::csneg):
-        (JSC::ARM64Assembler::eon):
-        (JSC::ARM64Assembler::eor):
-        (JSC::ARM64Assembler::extr):
-        (JSC::ARM64Assembler::hlt):
-        (JSC::ARM64Assembler::ldr):
-        (JSC::ARM64Assembler::ldr_literal):
-        (JSC::ARM64Assembler::ldrb):
-        (JSC::ARM64Assembler::ldrh):
-        (JSC::ARM64Assembler::ldrsb):
-        (JSC::ARM64Assembler::ldrsh):
-        (JSC::ARM64Assembler::ldrsw):
-        (JSC::ARM64Assembler::ldrsw_literal):
-        (JSC::ARM64Assembler::ldur):
-        (JSC::ARM64Assembler::ldurb):
-        (JSC::ARM64Assembler::ldurh):
-        (JSC::ARM64Assembler::ldursb):
-        (JSC::ARM64Assembler::ldursh):
-        (JSC::ARM64Assembler::ldursw):
-        (JSC::ARM64Assembler::lslv):
-        (JSC::ARM64Assembler::lsrv):
-        (JSC::ARM64Assembler::madd):
-        (JSC::ARM64Assembler::movi):
-        (JSC::ARM64Assembler::movk):
-        (JSC::ARM64Assembler::movn):
-        (JSC::ARM64Assembler::movz):
-        (JSC::ARM64Assembler::msub):
-        (JSC::ARM64Assembler::orn):
-        (JSC::ARM64Assembler::orr):
-        (JSC::ARM64Assembler::rbit):
-        (JSC::ARM64Assembler::rev16):
-        (JSC::ARM64Assembler::rorv):
-        (JSC::ARM64Assembler::sbc):
-        (JSC::ARM64Assembler::sbfm):
-        (JSC::ARM64Assembler::sdiv):
-        (JSC::ARM64Assembler::str):
-        (JSC::ARM64Assembler::strb):
-        (JSC::ARM64Assembler::strh):
-        (JSC::ARM64Assembler::stur):
-        (JSC::ARM64Assembler::sturb):
-        (JSC::ARM64Assembler::sturh):
-        (JSC::ARM64Assembler::sub):
-        (JSC::ARM64Assembler::tst):
-        (JSC::ARM64Assembler::ubfm):
-        (JSC::ARM64Assembler::udiv):
-        (JSC::ARM64Assembler::fabs):
-        (JSC::ARM64Assembler::fadd):
-        (JSC::ARM64Assembler::fccmp):
-        (JSC::ARM64Assembler::fccmpe):
-        (JSC::ARM64Assembler::fcmp):
-        (JSC::ARM64Assembler::fcmp_0):
-        (JSC::ARM64Assembler::fcmpe):
-        (JSC::ARM64Assembler::fcmpe_0):
-        (JSC::ARM64Assembler::fcsel):
-        (JSC::ARM64Assembler::fcvt):
-        (JSC::ARM64Assembler::fcvtas):
-        (JSC::ARM64Assembler::fcvtau):
-        (JSC::ARM64Assembler::fcvtms):
-        (JSC::ARM64Assembler::fcvtmu):
-        (JSC::ARM64Assembler::fcvtns):
-        (JSC::ARM64Assembler::fcvtnu):
-        (JSC::ARM64Assembler::fcvtps):
-        (JSC::ARM64Assembler::fcvtpu):
-        (JSC::ARM64Assembler::fcvtzs):
-        (JSC::ARM64Assembler::fcvtzu):
-        (JSC::ARM64Assembler::fdiv):
-        (JSC::ARM64Assembler::fmadd):
-        (JSC::ARM64Assembler::fmax):
-        (JSC::ARM64Assembler::fmaxnm):
-        (JSC::ARM64Assembler::fmin):
-        (JSC::ARM64Assembler::fminnm):
-        (JSC::ARM64Assembler::fmov):
-        (JSC::ARM64Assembler::fmov_top):
-        (JSC::ARM64Assembler::fmsub):
-        (JSC::ARM64Assembler::fmul):
-        (JSC::ARM64Assembler::fneg):
-        (JSC::ARM64Assembler::fnmadd):
-        (JSC::ARM64Assembler::fnmsub):
-        (JSC::ARM64Assembler::fnmul):
-        (JSC::ARM64Assembler::frinta):
-        (JSC::ARM64Assembler::frinti):
-        (JSC::ARM64Assembler::frintm):
-        (JSC::ARM64Assembler::frintn):
-        (JSC::ARM64Assembler::frintp):
-        (JSC::ARM64Assembler::frintx):
-        (JSC::ARM64Assembler::frintz):
-        (JSC::ARM64Assembler::fsqrt):
-        (JSC::ARM64Assembler::fsub):
-        (JSC::ARM64Assembler::scvtf):
-        (JSC::ARM64Assembler::ucvtf):
-        (JSC::ARM64Assembler::label):
-        (JSC::ARM64Assembler::align):
-        (JSC::ARM64Assembler::getRelocatedAddress):
-        (JSC::ARM64Assembler::getDifferenceBetweenLabels):
-        (JSC::ARM64Assembler::executableOffsetFor):
-        (JSC::ARM64Assembler::executableCopy):
-        (JSC::ARM64Assembler::codeSize):
-        (JSC::ARM64Assembler::getCallReturnOffset):
-        (JSC::ARM64Assembler::linkJump):
-        (JSC::ARM64Assembler::xOrZrAsFPR):
-        (JSC::ARM64Assembler::xOrZrOrSp):
-        (JSC::ARM64Assembler::addSubtractExtendedRegister):
-        (JSC::ARM64Assembler::addSubtractImmediate):
-        (JSC::ARM64Assembler::conditionalCompareImmediate):
-        (JSC::ARM64Assembler::conditionalCompareRegister):
-        (JSC::ARM64Assembler::conditionalSelect):
-        (JSC::ARM64Assembler::floatingPointCompare):
-        (JSC::ARM64Assembler::floatingPointConditionalCompare):
-        (JSC::ARM64Assembler::floatingPointConditionalSelect):
-        (JSC::ARM64Assembler::floatingPointImmediate):
-        (JSC::ARM64Assembler::floatingPointIntegerConversions):
-        (JSC::ARM64Assembler::floatingPointDataProcessing1Source):
-        (JSC::ARM64Assembler::floatingPointDataProcessing2Source):
-        (JSC::ARM64Assembler::floatingPointDataProcessing3Source):
-        (JSC::ARM64Assembler::loadRegisterLiteral):
-        (JSC::ARM64Assembler::loadStoreRegisterPostIndex):
-        (JSC::ARM64Assembler::loadStoreRegisterPreIndex):
-        (JSC::ARM64Assembler::loadStoreRegisterRegisterOffset):
-        (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
-        (JSC::ARM64Assembler::loadStoreRegisterUnsignedImmediate):
-        (JSC::ARM64Assembler::logicalImmediate):
-        * assembler/MacroAssemblerARM64.h:
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::call):
-        (JSC::MacroAssemblerARM64::tailRecursiveCall):
-            - Fixed typo, REPTACH -> REPATCH.
-        (JSC::MacroAssemblerARM64::breakpoint):
-            - Switched from an infinite loop to a hlt instruction.
-              (We now have a userspce debugger that will catch this, but not a brk!)
-        (JSC::MacroAssemblerARM64::invert):
-            - Moved to ARM64Assembler.
-        (JSC::MacroAssemblerARM64::makeBranch):
-        (JSC::MacroAssemblerARM64::linkCall):
-            - Fixed typo, REPTACH -> REPATCH.
-
-2012-05-26  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/11541338> FeatureDefines.xcconfig should match across projects
-
-        Reviewed by David Carson.
-
-        * Configurations/FeatureDefines.xcconfig:
-        - Remove ENABLE_CSS_SHADERS setting (matches ToT).
-        - Add ENABLE_LEGACY_CSS_VENDOR_PREFIXES setting.
-
-2012-05-25  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/11536267> YARR JIT for arm64
-
-        Reviewed by Filip Pizlo.
-
-        Enable support for the YARR regular expression JIT on arm64. This patch
-        introduces the arm64 assembler & MacroAssembler classes, along with a
-        couple of small tweaks to existing files to make sure these are included
-        & provide an assignment of registers for the JIT to use.
-
-        The assembler & MacroAssembler are largely complete, with the following
-        work still to be undertaken:
-            - Floating point support has not yet been implemented.
-            - Test/Comare operations are not yet supported.
-            - Branch compaction has not yet been implemented for arm64.
-            - Constant blinding is currently disabled.
-            - Address calculations for loads/stores is overly simplistic, only using indexed addressing forms.
-            - Immediate forms of arithmetic operations are not being generated.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-            - Added ARM64Assembler.h, MacroAssemblerARM64.h.
-        * assembler/ARM64Assembler.h: Added.
-        (JSC):
-        (JSC::isInt9):
-        (JSC::isUInt12):
-            - helper functions to test sizes of integers.
-        (UInt12):
-        (JSC::UInt12::UInt12):
-        (JSC::UInt12::operator int):
-            - Type to make it explicit where an immediate must be 12-bit.
-        (PostIndex):
-        (JSC::PostIndex::PostIndex):
-        (JSC::PostIndex::operator int):
-        (PreIndex):
-        (JSC::PreIndex::PreIndex):
-        (JSC::PreIndex::operator int):
-            - Types to convey pre/post indexing (normally denoted in arm asm syntax through punctuation!)
-        (JSC::getHalfword):
-            - Used to extract 16-bit chunks from larger immediates.
-        (JSC::ARM64Registers::isSp):
-        (JSC::ARM64Registers::isZr):
-        (ARM64Assembler):
-        (JSC::ARM64Assembler::isSp):
-        (JSC::ARM64Assembler::isZr):
-            - Helper functions.
-        (JSC::ARM64Assembler::adc):
-        (JSC::ARM64Assembler::add):
-        (JSC::ARM64Assembler::adr):
-        (JSC::ARM64Assembler::adrp):
-        (JSC::ARM64Assembler::and_):
-            - ('and' is a reserved word, so using 'and_' instead)
-        (JSC::ARM64Assembler::asr):
-        (JSC::ARM64Assembler::asrv):
-        (JSC::ARM64Assembler::b):
-        (JSC::ARM64Assembler::b_cond):
-            - ('b.cond' is not a valid identifier, so using 'b_cond' instead)
-        (JSC::ARM64Assembler::bfi):
-        (JSC::ARM64Assembler::bfm):
-        (JSC::ARM64Assembler::bfxil):
-        (JSC::ARM64Assembler::bic):
-        (JSC::ARM64Assembler::bl):
-        (JSC::ARM64Assembler::blr):
-        (JSC::ARM64Assembler::br):
-        (JSC::ARM64Assembler::brk):
-        (JSC::ARM64Assembler::cbnz):
-        (JSC::ARM64Assembler::cbz):
-        (JSC::ARM64Assembler::cls):
-        (JSC::ARM64Assembler::clz):
-        (JSC::ARM64Assembler::cmn):
-        (JSC::ARM64Assembler::cmp):
-        (JSC::ARM64Assembler::eon):
-        (JSC::ARM64Assembler::eor):
-        (JSC::ARM64Assembler::extr):
-        (JSC::ARM64Assembler::hint):
-        (JSC::ARM64Assembler::ldr):
-        (JSC::ARM64Assembler::ldrb):
-        (JSC::ARM64Assembler::ldrh):
-        (JSC::ARM64Assembler::ldrsb):
-        (JSC::ARM64Assembler::ldrsh):
-        (JSC::ARM64Assembler::ldrsw):
-        (JSC::ARM64Assembler::ldur):
-        (JSC::ARM64Assembler::ldurb):
-        (JSC::ARM64Assembler::ldurh):
-        (JSC::ARM64Assembler::ldursb):
-        (JSC::ARM64Assembler::ldursh):
-        (JSC::ARM64Assembler::ldursw):
-        (JSC::ARM64Assembler::lsl):
-        (JSC::ARM64Assembler::lslv):
-        (JSC::ARM64Assembler::lsr):
-        (JSC::ARM64Assembler::lsrv):
-        (JSC::ARM64Assembler::madd):
-        (JSC::ARM64Assembler::mneg):
-        (JSC::ARM64Assembler::mov):
-        (JSC::ARM64Assembler::movk):
-        (JSC::ARM64Assembler::movn):
-        (JSC::ARM64Assembler::movz):
-        (JSC::ARM64Assembler::msub):
-        (JSC::ARM64Assembler::mul):
-        (JSC::ARM64Assembler::mvn):
-        (JSC::ARM64Assembler::neg):
-        (JSC::ARM64Assembler::ngc):
-        (JSC::ARM64Assembler::nop):
-        (JSC::ARM64Assembler::orn):
-        (JSC::ARM64Assembler::orr):
-        (JSC::ARM64Assembler::rbit):
-        (JSC::ARM64Assembler::ret):
-        (JSC::ARM64Assembler::rev):
-        (JSC::ARM64Assembler::rev16):
-        (JSC::ARM64Assembler::rev32):
-        (JSC::ARM64Assembler::ror):
-        (JSC::ARM64Assembler::rorv):
-        (JSC::ARM64Assembler::sbc):
-        (JSC::ARM64Assembler::sbfiz):
-        (JSC::ARM64Assembler::sbfm):
-        (JSC::ARM64Assembler::sbfx):
-        (JSC::ARM64Assembler::sdiv):
-        (JSC::ARM64Assembler::smaddl):
-        (JSC::ARM64Assembler::smnegl):
-        (JSC::ARM64Assembler::smsubl):
-        (JSC::ARM64Assembler::smulh):
-        (JSC::ARM64Assembler::smull):
-        (JSC::ARM64Assembler::str):
-        (JSC::ARM64Assembler::strb):
-        (JSC::ARM64Assembler::strh):
-        (JSC::ARM64Assembler::stur):
-        (JSC::ARM64Assembler::sturb):
-        (JSC::ARM64Assembler::sturh):
-        (JSC::ARM64Assembler::sub):
-        (JSC::ARM64Assembler::sxtb):
-        (JSC::ARM64Assembler::sxth):
-        (JSC::ARM64Assembler::sxtw):
-        (JSC::ARM64Assembler::tbz):
-        (JSC::ARM64Assembler::tbnz):
-        (JSC::ARM64Assembler::tst):
-        (JSC::ARM64Assembler::ubfiz):
-        (JSC::ARM64Assembler::ubfm):
-        (JSC::ARM64Assembler::ubfx):
-        (JSC::ARM64Assembler::udiv):
-        (JSC::ARM64Assembler::umaddl):
-        (JSC::ARM64Assembler::umnegl):
-        (JSC::ARM64Assembler::umsubl):
-        (JSC::ARM64Assembler::umulh):
-        (JSC::ARM64Assembler::umull):
-        (JSC::ARM64Assembler::uxtb):
-        (JSC::ARM64Assembler::uxth):
-        (JSC::ARM64Assembler::uxtw):
-            - Instruction formatters. The function names & arguments match arm64 mnemonics,
-              see https://mobsi-svn.ecs.apple.com/svn/mobsi/docs/ARM_V8/ISA/index.xml
-        (JSC::ARM64Assembler::label):
-        (JSC::ARM64Assembler::align):
-        (JSC::ARM64Assembler::getRelocatedAddress):
-        (JSC::ARM64Assembler::getDifferenceBetweenLabels):
-        (JSC::ARM64Assembler::executableOffsetFor):
-        (JSC::ARM64Assembler::executableCopy):
-        (JSC::ARM64Assembler::codeSize):
-        (JSC::ARM64Assembler::getCallReturnOffset):
-            - Misc admin functions.
-        (JSC::ARM64Assembler::linkJump):
-        (JSC::ARM64Assembler::linkCall):
-        (JSC::ARM64Assembler::linkPointer):
-        (JSC::ARM64Assembler::cacheFlush):
-            - Public linking interface.
-        (JSC::ARM64Assembler::linkJumpOrCall):
-        (JSC::ARM64Assembler::addressOf):
-        (JSC::ARM64Assembler::disassembleXOrSp):
-        (JSC::ARM64Assembler::disassembleXOrZr):
-        (JSC::ARM64Assembler::disassembleMoveWideImediate):
-        (JSC::ARM64Assembler::disassembleUnconditionalBranchImmediate):
-            - Internal helpers for linking & patching code.
-        (JSC::ARM64Assembler::xOrSp):
-        (JSC::ARM64Assembler::xOrZr):
-            - Used to convert sp & zr enum values to integer representation, 31.
-        (JSC::ARM64Assembler::insn):
-            - used to add a formatted instruction to the AssemblerBuffer.
-        (JSC::ARM64Assembler::addSubtractExtendedRegister):
-        (JSC::ARM64Assembler::addSubtractImmediate):
-        (JSC::ARM64Assembler::addSubtractShiftedRegister):
-        (JSC::ARM64Assembler::addSubtractWithCarry):
-        (JSC::ARM64Assembler::bitfield):
-        (JSC::ARM64Assembler::compareAndBranchImmediate):
-        (JSC::ARM64Assembler::conditionalBranchImmediate):
-        (JSC::ARM64Assembler::dataProcessing1Source):
-        (JSC::ARM64Assembler::dataProcessing2Source):
-        (JSC::ARM64Assembler::dataProcessing3Source):
-        (JSC::ARM64Assembler::excepnGeneration):
-        (JSC::ARM64Assembler::extract):
-        (JSC::ARM64Assembler::loadStoreRegisterPostIndex):
-        (JSC::ARM64Assembler::loadStoreRegisterPreIndex):
-        (JSC::ARM64Assembler::loadStoreRegisterRegisterOffset):
-        (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
-        (JSC::ARM64Assembler::loadStoreRegisterUnsignedImmediate):
-        (JSC::ARM64Assembler::logicalShiftedRegister):
-        (JSC::ARM64Assembler::moveWideImediate):
-        (JSC::ARM64Assembler::unconditionalBranchImmediate):
-        (JSC::ARM64Assembler::pcRelative):
-        (JSC::ARM64Assembler::system):
-        (JSC::ARM64Assembler::testAndBranchImmediate):
-        (JSC::ARM64Assembler::unconditionalBranchRegister):
-            - Internal formatters, the function names & arguments match the arm64 encoding tables,
-              see https://mobsi-svn.ecs.apple.com/svn/mobsi/docs/ARM_V8/ISA/encodingindex.xml
-        * assembler/MacroAssembler.h:
-        (MacroAssembler):
-        * assembler/MacroAssemblerARM64.h: Added.
-        (JSC):
-        (MacroAssemblerARM64):
-        (JSC::MacroAssemblerARM64::add32):
-        (JSC::MacroAssemblerARM64::addPtr):
-        (JSC::MacroAssemblerARM64::add64):
-        (JSC::MacroAssemblerARM64::and32):
-        (JSC::MacroAssemblerARM64::andPtr):
-        (JSC::MacroAssemblerARM64::countLeadingZeros32):
-        (JSC::MacroAssemblerARM64::lshift32):
-        (JSC::MacroAssemblerARM64::mul32):
-        (JSC::MacroAssemblerARM64::neg32):
-        (JSC::MacroAssemblerARM64::or32):
-        (JSC::MacroAssemblerARM64::orPtr):
-        (JSC::MacroAssemblerARM64::rotateRightPtr):
-        (JSC::MacroAssemblerARM64::rshift32):
-        (JSC::MacroAssemblerARM64::sub32):
-        (JSC::MacroAssemblerARM64::subPtr):
-        (JSC::MacroAssemblerARM64::urshift32):
-        (JSC::MacroAssemblerARM64::xor32):
-        (JSC::MacroAssemblerARM64::xor64):
-        (JSC::MacroAssemblerARM64::loadPtr):
-        (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::loadPtrWithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32):
-        (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32WithCompactAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::load32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARM64::load16):
-        (JSC::MacroAssemblerARM64::load16Unaligned):
-        (JSC::MacroAssemblerARM64::load16Signed):
-        (JSC::MacroAssemblerARM64::load8):
-        (JSC::MacroAssemblerARM64::load8Signed):
-        (JSC::MacroAssemblerARM64::storePtr):
-        (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store32):
-        (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
-        (JSC::MacroAssemblerARM64::store16):
-        (JSC::MacroAssemblerARM64::store8):
-        (JSC::MacroAssemblerARM64::supportsFloatingPoint):
-        (JSC::MacroAssemblerARM64::supportsFloatingPointTruncate):
-        (JSC::MacroAssemblerARM64::supportsFloatingPointSqrt):
-        (JSC::MacroAssemblerARM64::supportsFloatingPointAbs):
-        (JSC::MacroAssemblerARM64::absDouble):
-        (JSC::MacroAssemblerARM64::addDouble):
-        (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARM64::branchDouble):
-        (JSC::MacroAssemblerARM64::branchDoubleNonZero):
-        (JSC::MacroAssemblerARM64::branchDoubleZeroOrNaN):
-        (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
-        (JSC::MacroAssemblerARM64::branchTruncateDoubleToUint32):
-        (JSC::MacroAssemblerARM64::convertDoubleToFloat):
-        (JSC::MacroAssemblerARM64::convertFloatToDouble):
-        (JSC::MacroAssemblerARM64::convertInt32ToDouble):
-        (JSC::MacroAssemblerARM64::divDouble):
-        (JSC::MacroAssemblerARM64::loadDouble):
-        (JSC::MacroAssemblerARM64::loadFloat):
-        (JSC::MacroAssemblerARM64::moveDouble):
-        (JSC::MacroAssemblerARM64::moveDoubleToPtr):
-        (JSC::MacroAssemblerARM64::movePtrToDouble):
-        (JSC::MacroAssemblerARM64::mulDouble):
-        (JSC::MacroAssemblerARM64::negateDouble):
-        (JSC::MacroAssemblerARM64::sqrtDouble):
-        (JSC::MacroAssemblerARM64::storeDouble):
-        (JSC::MacroAssemblerARM64::storeFloat):
-        (JSC::MacroAssemblerARM64::subDouble):
-        (JSC::MacroAssemblerARM64::truncateDoubleToInt32):
-        (JSC::MacroAssemblerARM64::truncateDoubleToUint32):
-        (JSC::MacroAssemblerARM64::pop):
-        (JSC::MacroAssemblerARM64::push):
-        (JSC::MacroAssemblerARM64::move):
-        (JSC::MacroAssemblerARM64::swap):
-        (JSC::MacroAssemblerARM64::signExtend32ToPtr):
-        (JSC::MacroAssemblerARM64::zeroExtend32ToPtr):
-        (JSC::MacroAssemblerARM64::branch32):
-        (JSC::MacroAssemblerARM64::branchPtr):
-        (JSC::MacroAssemblerARM64::branch8):
-        (JSC::MacroAssemblerARM64::branchTest32):
-        (JSC::MacroAssemblerARM64::branchTestPtr):
-        (JSC::MacroAssemblerARM64::branchTest8):
-        (JSC::MacroAssemblerARM64::branch32WithUnalignedHalfWords):
-        (JSC::MacroAssemblerARM64::branchAdd32):
-        (JSC::MacroAssemblerARM64::branchAddPtr):
-        (JSC::MacroAssemblerARM64::branchMul32):
-        (JSC::MacroAssemblerARM64::branchSub32):
-        (JSC::MacroAssemblerARM64::branchSubPtr):
-        (JSC::MacroAssemblerARM64::call):
-        (JSC::MacroAssemblerARM64::jump):
-        (JSC::MacroAssemblerARM64::makeTailRecursiveCall):
-        (JSC::MacroAssemblerARM64::nearCall):
-        (JSC::MacroAssemblerARM64::ret):
-        (JSC::MacroAssemblerARM64::tailRecursiveCall):
-        (JSC::MacroAssemblerARM64::compare32):
-        (JSC::MacroAssemblerARM64::comparePtr):
-        (JSC::MacroAssemblerARM64::test32):
-        (JSC::MacroAssemblerARM64::test8):
-        (JSC::MacroAssemblerARM64::moveWithPatch):
-        (JSC::MacroAssemblerARM64::branchPtrWithPatch):
-        (JSC::MacroAssemblerARM64::storePtrWithPatch):
-        (JSC::MacroAssemblerARM64::breakpoint):
-        (JSC::MacroAssemblerARM64::nop):
-        (JSC::MacroAssemblerARM64::invert):
-        (JSC::MacroAssemblerARM64::makeBranch):
-        (JSC::MacroAssemblerARM64::ARM64Condition):
-        (JSC::MacroAssemblerARM64::moveWithFixedWidth):
-        (JSC::MacroAssemblerARM64::linkCall):
-        (JSC::MacroAssemblerARM64::repatchCall):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-            - Fix #ifdef typo, to enable ASSEMBLER but !JIT builds.
-        * yarr/YarrJIT.cpp:
-        (YarrGenerator):
-            - Add ARM64 register assignment.
-        * yarr/YarrJIT.h:
-        (YarrCodeBlock):
-            - As for X86-64, return match start/end in two registers.
-
-2012-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-        Merged Open Source WebKit r118413.
-
-    2012-05-24  Gavin Barraclough  <barraclough@apple.com>
-
-            Move cacheFlush from ExecutableAllocator to Assembler classes
-            https://bugs.webkit.org/show_bug.cgi?id=87420
-
-            Reviewed by Oliver Hunt.
-
-            Makes more sense there, & remove a pile of #ifdefs.
-
-            * assembler/ARMAssembler.cpp:
-            (JSC):
-            (JSC::ARMAssembler::cacheFlush):
-            * assembler/ARMAssembler.h:
-            (ARMAssembler):
-            (JSC::ARMAssembler::cacheFlush):
-            * assembler/ARMv7Assembler.h:
-            (JSC::ARMv7Assembler::relinkJump):
-            (JSC::ARMv7Assembler::cacheFlush):
-            (ARMv7Assembler):
-            (JSC::ARMv7Assembler::setInt32):
-            (JSC::ARMv7Assembler::setUInt7ForLoad):
-            * assembler/AbstractMacroAssembler.h:
-            (JSC::AbstractMacroAssembler::cacheFlush):
-            * assembler/LinkBuffer.h:
-            (JSC::LinkBuffer::performFinalization):
-            * assembler/MIPSAssembler.h:
-            (JSC::MIPSAssembler::relinkJump):
-            (JSC::MIPSAssembler::relinkCall):
-            (JSC::MIPSAssembler::repatchInt32):
-            (JSC::MIPSAssembler::cacheFlush):
-            (MIPSAssembler):
-            * assembler/SH4Assembler.h:
-            (JSC::SH4Assembler::repatchCompact):
-            (JSC::SH4Assembler::cacheFlush):
-            (SH4Assembler):
-            * assembler/X86Assembler.h:
-            (X86Assembler):
-            (JSC::X86Assembler::cacheFlush):
-            * jit/ExecutableAllocator.cpp:
-            (JSC):
-            * jit/ExecutableAllocator.h:
-            (ExecutableAllocator):
-
-2012-05-15  Sam Weinig  <sam@webkit.org>
-
-        <rdar://problem/11401642> ENABLE_IFRAME_SEAMLESS should be turned off on the branch
-
-        Reviewed by Andy Estes.
-
-        * Configurations/FeatureDefines.xcconfig:
-        Disable ENABLE_IFRAME_SEAMLESS.
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116925
-
-    2012-05-13  Filip Pizlo  <fpizlo@apple.com>
-
-            DFG performs incorrect constant folding on double-to-uint32 conversion in
-            Uint32Array PutByVal
-            https://bugs.webkit.org/show_bug.cgi?id=86330
-
-            Reviewed by Darin Adler.
-
-            static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d).
-            In particular, C++ casts on typical hardware (like x86 and similar) will
-            return 0x80000000 for double values that are out of range of the int32 domain
-            (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call
-            for wrap-around; for example the double value 4294967297 ought to become the
-            int32 value 1, not 0x80000000.
-
-            * dfg/DFGSpeculativeJIT.cpp:
-            (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116809
-
-    2012-05-11  Geoffrey Garen  <ggaren@apple.com>
-
-            Clarified JSGlobalData (JavaScript VM) lifetime
-            https://bugs.webkit.org/show_bug.cgi?id=85142
-
-            Reviewed by Alexey Proskuryakov.
-
-            (Follow-up fix.)
-
-            * API/JSContextRef.cpp:
-            (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef.
-            (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on
-            test, because apps might have been linked on older OS's.)
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116813
-
-    2012-05-11  Filip Pizlo  <fpizlo@apple.com>
-
-            JIT memory allocator is not returning memory to the OS on Darwin
-            https://bugs.webkit.org/show_bug.cgi?id=86047
-
-            Reviewed by Geoff Garen.
-
-            * jit/ExecutableAllocatorFixedVMPool.cpp:
-            (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116593
-
-    2012-05-09  Filip Pizlo  <fpizlo@apple.com>
-
-            JIT memory allocator is not returning memory to the OS on Darwin
-            https://bugs.webkit.org/show_bug.cgi?id=86047
-            <rdar://problem/11414948>
-
-            Reviewed by Geoff Garen.
-
-            Work around the problem by using a different madvise() flag, but only for the JIT memory
-            allocator. Also put in ASSERTs that the call is actually working.
-
-            * jit/ExecutableAllocatorFixedVMPool.cpp:
-            (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage):
-            (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116565
-
-    2012-05-09  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            CopiedSpace does not add pinned blocks back to the to-space filter
-            https://bugs.webkit.org/show_bug.cgi?id=86011
-
-            Reviewed by Geoffrey Garen.
-
-            After a collection has finished, we go through the blocks in from-space
-            and move any of them that are pinned into to-space. At the beginning of
-            collection, we reset the to-space block filter that is used during
-            conservative scanning and add back the blocks that are filled during the
-            collection. However, we neglect to add back those blocks that are moved
-            from from-space to to-space, which can cause the conservative scan to
-            think that some pinned items are not actually in CopiedSpace.
-
-            * heap/CopiedSpace.cpp:
-            (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the
-            to-space filter. Also added a comment and assert for future readers that
-            indicates that it's okay that we don't also add the block to the
-            to-space block set since it was never removed.
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116484
-
-    2012-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Heap should not continually allocate new pages in steady state
-            https://bugs.webkit.org/show_bug.cgi?id=85936
-
-            Reviewed by Geoff Garen.
-
-            Currently, in steady state (i.e. a constant amount of live GC
-            memory with a constant rate of allocation) assuming we've just
-            finished a collection with X live blocks in CopiedSpace, we
-            increase our working set by X blocks in CopiedSpace with each
-            collection we perform. This is due to the fact that we allocate
-            until we run out of free blocks to use in the Heap before we
-            consider whether we should run a collection.
-
-            In the longer term, this issue will be mostly resolved by
-            implementing quick release for the CopiedSpace. In the shorter
-            term, we should change our policy to check whether we should
-            allocate before trying to use a free block from the Heap. We
-            can change our policy to something more appropriate once we
-            have implemented quick release.
-
-            This change should also have the convenient side effect of
-            reducing the variance in GC-heavy tests (e.g. v8-splay) due
-            to fact that we are doing less VM allocation during copying
-            collection. Overall, this patch is performance neutral across
-            the benchmarks we track.
-
-            * heap/CopiedSpace.cpp:
-            (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator
-            around so that we only do it if the block request must succeed
-            i.e. after we've already checked whether we should do a collection.
-            * heap/MarkedAllocator.cpp:
-            (JSC::MarkedAllocator::allocateSlowCase): Ditto.
-            (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this
-            function because by the time we've called it, we've already checked whether we
-            should run a collection so there's no point in returning null.
-            * heap/MarkedAllocator.h: Removing old arguments from function declaration.
-            (MarkedAllocator):
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116372
-
-    2012-05-07  Oliver Hunt  <oliver@apple.com>
-
-            Rolling out r110287
-
-            RS=Filip Pizlo
-
-            r110287 was meant to be refactoring only, but changed behavior
-            enough to break some websites, including qq.com.
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116361
-
-    2012-05-07  Oliver Hunt  <oliver@apple.com>
-
-            LLInt doesn't check for Ropes when performing a character switch
-            https://bugs.webkit.org/show_bug.cgi?id=85837
-
-            Reviewed by Filip Pizlo.
-
-            Make LLint check if the scrutinee of a char switch is a rope, and if
-            so fall back to a slow case.
-
-            * llint/LLIntSlowPaths.cpp:
-            (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-            (LLInt):
-            * llint/LowLevelInterpreter32_64.asm:
-            * llint/LowLevelInterpreter64.asm:
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116367
-
-    2012-05-07  Andy Estes  <aestes@apple.com>
-
-            ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
-
-            * Configurations/FeatureDefines.xcconfig:
-
-2012-05-15  Lucas Forschler  <lforschler@apple.com>
-
-    Merge 116356
-
-    2012-05-07  Eric Seidel  <eric@webkit.org>
-
-            Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed
-            https://bugs.webkit.org/show_bug.cgi?id=85822
-
-            Reviewed by Adam Barth.
-
-            * Configurations/FeatureDefines.xcconfig:
-
-2012-05-14  Benjamin Poulain  <bpoulain@apple.com>
-
-        <rdar://problem/11406944> iOS WebKit merge: stabilizing merge branch to ToT r116210 (starts Mon, May 14)
-
-        Merge up to OpenSource WebKit r116210.
-
-2012-05-08  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge 115093 from Open Source for <rdar://problem/11339602>.
-
-    2012-04-23  Filip Pizlo  <fpizlo@apple.com>
-
-        DFG on ARMv7 should not OSR exit on every integer division
-        https://bugs.webkit.org/show_bug.cgi?id=84661
-
-        Reviewed by Oliver Hunt.
-
-        On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since
-        that was broken with the introduction of Int32ToDouble) nor does it have to know
-        whether or not to convert its result to integer. This is now taken care of for free
-        with the addition of the DoubleAsInt32 node, which represents a double-is-really-int
-        speculation.
-
-        * dfg/DFGAbstractState.cpp:
-        (JSC::DFG::AbstractState::execute):
-        * dfg/DFGCSEPhase.cpp:
-        (JSC::DFG::CSEPhase::performNodeCSE):
-        * dfg/DFGFixupPhase.cpp:
-        (JSC::DFG::FixupPhase::fixupNode):
-        * dfg/DFGNodeType.h:
-        (DFG):
-        * dfg/DFGOSRExit.cpp:
-        (JSC::DFG::OSRExit::OSRExit):
-        (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
-        * dfg/DFGOSRExit.h:
-        (OSRExit):
-        * dfg/DFGPredictionPropagationPhase.cpp:
-        (JSC::DFG::PredictionPropagationPhase::propagate):
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
-        (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
-        (DFG):
-        * dfg/DFGSpeculativeJIT.h:
-        (SpeculativeJIT):
-        (JSC::DFG::SpeculativeJIT::speculationCheck):
-        (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-05-03  Joseph Pecoraro  <pecoraro@apple.com>
-
-       Merged Open Source WebKit r116054.
-
-    2012-05-03  Oliver Hunt  <oliver@apple.com>
-
-           Regression(r114702): Clobbering the caller frame register before we've stored it.
-           https://bugs.webkit.org/show_bug.cgi?id=85564
-
-           Reviewed by NOBODY (OOPS!).
-
-           Don't use t0 as a temporary, when we're about to use the value in t0.
-
-            * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-03  Joseph Pecoraro  <pecoraro@apple.com>
-
-       Merged Open Source WebKit r116054.
-
-    2012-05-03  Oliver Hunt  <oliver@apple.com>
-
-           Regression(r114702): Clobbering the caller frame register before we've stored it.
-           https://bugs.webkit.org/show_bug.cgi?id=85564
-
-           Reviewed by NOBODY (OOPS!).
-
-           Don't use t0 as a temporary, when we're about to use the value in t0.
-
-            * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-07  Benjamin Poulain  <bpoulain@apple.com>
-
-        Build fix for iOS Simulator after r115523
-
-        Rubber-stamped by Gavin Barraclough.
-
-        The header and code is only relevant for ARM thumb2.
-
-        * jsc.cpp:
-        (main):
-
-2012-05-03  Joseph Pecoraro  <pecoraro@apple.com>
-
-       Merged Open Source WebKit r116054.
-
-    2012-05-03  Oliver Hunt  <oliver@apple.com>
-
-           Regression(r114702): Clobbering the caller frame register before we've stored it.
-           https://bugs.webkit.org/show_bug.cgi?id=85564
-
-           Reviewed by NOBODY (OOPS!).
-
-           Don't use t0 as a temporary, when we're about to use the value in t0.
-
-            * llint/LowLevelInterpreter32_64.asm:
-
-2012-05-07  Benjamin Poulain  <bpoulain@apple.com>
-
-        Build fix for iOS Simulator after r115523
-
-        Rubber-stamped by Gavin Barraclough.
-
-        The header and code is only relevant for ARM thumb2.
-
-        * jsc.cpp:
-        (main):
-
-2012-04-25  Pratik Solanki  <psolanki@apple.com>
-
-        Merged Open Source WebKit r114845.
-
-    2012-04-21  Darin Adler  <darin@apple.com>
-
-        Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
-        https://bugs.webkit.org/show_bug.cgi?id=84523
-
-        Reviewed by Oliver Hunt.
-
-        Profiles showed that checks against -1 were costly, and I saw they could be eliminated.
-        Streamlined this code to use standard character types and 0 rather than -1. One benefit
-        of this is that there's no widening and narrowing. Another is that there are many cases
-        where we already have the correct behavior for 0, so can eliminate a branch that was
-        used to test for -1 before. Also eliminates typecasts in the code.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a
-        character type, not an int.
-        (JSC::Lexer::setCode): Use 0 rather than -1 when past the end.
-        (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit.
-        (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end
-        of the code. This can be used places we used to cheeck for -1.
-        (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment.
-        (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int.
-        (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that
-        had a data-member-style name.
-        (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart
-        function already returns false for the 0 character. Updated types in a couple other places. Used
-        the atEnd function where needed.
-        (JSC::Lexer::parseIdentifierSlowCase): More of the same.
-        (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString.
-        (JSC::Lexer::parseString): Ditto.
-        (JSC::Lexer::parseStringSlowCase): Ditto.
-        (JSC::Lexer::parseMultilineComment): Ditto.
-        (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in
-        the tokenInfo instead of putting it in a local variable first, saving some memory access.
-        (JSC::Lexer::scanRegExp): Ditto.
-        (JSC::Lexer::skipRegExp): Ditto.
-
-        * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to
-        the character type. Added atEnd function.
-        (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize. 
-        (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1.
-
-2012-04-25  Pratik Solanki  <psolanki@apple.com>
-
-        Merged Open Source WebKit r114844.
-
-    2012-04-21  Darin Adler  <darin@apple.com>
-
-        Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
-        https://bugs.webkit.org/show_bug.cgi?id=84523
-
-        Reviewed by Oliver Hunt.
-
-        Separate preparation step of copyright dates, renaming, and other small tweaks.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions.
-        (JSC::Lexer::peek): Removed meaningless comment.
-        (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about
-        what this function does.
-        (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name.
-        (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex.
-        (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage.
-
-        * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class.
-        Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed
-        getUnicodeCharacter to parseFourDigitUnicodeHex.
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r115290.
-
-    2012-04-25  Benjamin Poulain  <benjamin@webkit.org>
-
-        Add a version of StringImpl::find() without offset
-        https://bugs.webkit.org/show_bug.cgi?id=83968
-
-        Reviewed by Sam Weinig.
-
-        Add support for the new StringImpl::find() to UString.
-
-        Change stringProtoFuncIndexOf() to specifically take advatage of the feature.
-        This gives a 12% gains on a distribution of strings between 30 and 100 characters.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::substituteBackreferences):
-        (JSC::stringProtoFuncIndexOf):
-        * runtime/UString.h:
-        (UString):
-        (JSC::UString::find):
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r115132.
-
-    2012-04-24  Benjamin Poulain  <bpoulain@apple.com>
-
-        Generalize the single character optimization of r114072
-        https://bugs.webkit.org/show_bug.cgi?id=83961
-
-        Reviewed by Eric Seidel.
-
-        Use the regular String::find(StringImpl*) in all cases now that it has been made faster.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingStringSearch):
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r114793.
-
-    2012-04-20  Benjamin Poulain  <bpoulain@apple.com>
-
-        Inline the JSArray constructor
-        https://bugs.webkit.org/show_bug.cgi?id=84416
-
-        Reviewed by Geoffrey Garen.
-
-        The constructor is trivial, no reason to jump for it.
-
-        This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays).
-
-        * runtime/JSArray.cpp:
-        (JSC):
-        * runtime/JSArray.h:
-        (JSC::JSArray::JSArray):
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r114539.
-
-    2012-04-18  Benjamin Poulain  <bpoulain@apple.com>
-
-        Remove m_subclassData from JSArray, move the attribute to subclass as needed
-        https://bugs.webkit.org/show_bug.cgi?id=84249
-
-        Reviewed by Geoffrey Garen.
-
-        JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves
-        the attribute to RuntimeArray to avoid allocating memory for the pointer in the common
-        case.
-
-        This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations
-        of CopiedSpace.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateJSArray):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        * runtime/JSArray.h:
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r114521.
-
-    2012-04-18  Benjamin Poulain  <bpoulain@apple.com>
-
-        replaceUsingStringSearch: delay the creation of the replace string until needed
-        https://bugs.webkit.org/show_bug.cgi?id=83841
-
-        Reviewed by Geoffrey Garen.
-
-        We do not need to obtain the replaceValue until we have a match. By moving the intialization
-        of replaceValue when needed, we save a few instructions when there is no match.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingRegExpSearch):
-        (JSC::replaceUsingStringSearch):
-        (JSC::stringProtoFuncReplace):
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r114072.
-
-    2012-04-12  Benjamin Poulain  <bpoulain@apple.com>
-
-        Improve replaceUsingStringSearch() for case of a single character searchValue
-        https://bugs.webkit.org/show_bug.cgi?id=83738
-
-        Reviewed by Geoffrey Garen.
-
-        This patch improves replaceUsingStringSearch() with the following:
-        -Add a special case for single character search, taking advantage of the faster WTF::find().
-        -Inline replaceUsingStringSearch().
-        -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds
-         by definition.
-
-        This gives less than 1% improvement for the multicharacter replace.
-        The single character search show about 9% improvement.
-
-        * runtime/StringPrototype.cpp:
-        (JSC::replaceUsingStringSearch):
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r113886.
-
-    2012-04-11  Benjamin Poulain  <bpoulain@apple.com>
-
-        Optimize String.split() for 1 character separator
-        https://bugs.webkit.org/show_bug.cgi?id=83546
-
-        Reviewed by Gavin Barraclough.
-
-        This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case
-        where the separator is a single character.
-
-        The two main gains are:
-        -Use of the find() function with a single character instead of doing a full string matching.
-        -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline
-         function.
-
-        The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits.
-
-        This makes String.split() faster by about 13% in that particular case.
-
-        * runtime/StringPrototype.cpp:
-        (JSC):
-        (JSC::splitStringByOneCharacterImpl):
-        (JSC::stringProtoFuncSplit):
-
-2012-04-26  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge OpenSource WebKit r113530.
-
-    2012-04-06  Benjamin Poulain  <bpoulain@apple.com>
-
-        Do not abuse ArrayStorage's m_length for testing array consistency
-        https://bugs.webkit.org/show_bug.cgi?id=83403
-
-        Reviewed by Geoffrey Garen.
-
-        Array creation from a list of values is a 3 steps process:
-        -JSArray::tryCreateUninitialized()
-        -JSArray::initializeIndex() for each values
-        -JSArray::completeInitialization()
-
-        Previously, the attribute m_length was not set to the final size
-        JSArray::tryCreateUninitialized() because it was used to test the array
-        consistency JSArray::initializeIndex().
-
-        This caused the initialization loop using JSArray::initializeIndex() maintain
-        two counters:
-        -index of the loop
-        -storage->m_length++
-
-        This patch fixes this by using the index of the initialization loop for the indinces of
-        JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex
-        is introduced if CHECK_ARRAY_CONSISTENCY is defined.
-
-        The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined.
-
-        This improves the performance of JSArray creation from literals by 8%.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::tryFinishCreationUninitialized):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (ArrayStorage):
-        (JSC::JSArray::initializeIndex):
-        (JSC::JSArray::completeInitialization):
-
-2012-04-24  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/11210742> iOS WebKit merge: stabilizing merge branch to ToT r113485
-
-        Merge up to OpenSource WebKit r113485.
-
-2012-04-18  Filip Pizlo  <fpizlo@apple.com>
-
-        Merge r114434 from OpenSource WebKit.
-        <rdar://problem/10767252>
-
-    2012-04-17  Filip Pizlo  <fpizlo@apple.com>
-    
-            DFG and LLInt should not clobber the frame pointer on ARMv7
-            https://bugs.webkit.org/show_bug.cgi?id=84185
-            <rdar://problem/10767252>
-    
-            Reviewed by Gavin Barraclough.
-            
-            Changed LLInt to use a different register. Changed DFG to use one fewer
-            registers. We should revisit this and switch the DFG to use a different
-            register instead of r7, but we can do that in a subsequent step since
-            the performance effect is tiny.
-    
-            * dfg/DFGGPRInfo.h:
-            (GPRInfo):
-            (JSC::DFG::GPRInfo::toRegister):
-            (JSC::DFG::GPRInfo::toIndex):
-            * offlineasm/armv7.rb:
-    
-2012-04-16  Filip Pizlo  <fpizlo@apple.com>
-
-        <rdar://problem/11244632> REGRESSION(Sundance): Crash in JSC::JSCell::toPrimitive trying to pay bill on usbank.com
-        Merge r111244 from OpenSource WebKit.
-
-    2012-03-19  Filip Pizlo  <fpizlo@apple.com>
-    
-            LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
-            https://bugs.webkit.org/show_bug.cgi?id=81559
-    
-            Reviewed by Michael Saboff.
-    
-            * llint/LLIntSlowPaths.cpp:
-            (JSC::LLInt::LLINT_SLOW_PATH_DECL):
-    
-2012-04-13  Benjamin Poulain  <bpoulain@apple.com>
-
-        <rdar://problem/10951750> GEOLOCATION_PERMISSION_CACHE is incorrect
-
-        Reviewed by David Kilzer.
-
-        Remove the flag GEOLOCATION_PERMISSION_CACHE.
-
-        * wtf/Platform.h:
-
-2012-04-13  Michael Saboff  <msaboff@apple.com>
-        Merge r113253 from OpenSource WebKit.
-        <rdar://problem/11179731>
-
-    2012-04-04  Michael Saboff  <msaboff@apple.com>
-
-            Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP
-            https://bugs.webkit.org/show_bug.cgi?id=83191
-
-            Reviewed by Oliver Hunt.
-
-            Make are that blinded constant pairs are similarly aligned to the
-            original immediate values so that instructions that expect that
-            alignment work correctly.  One example is ARMv7 add/sub imm to SP.
-
-            * assembler/ARMv7Assembler.h:
-            (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned.
-            (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned.
-            (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned.
-            * assembler/MacroAssembler.h:
-            (JSC::MacroAssembler::additionBlindedConstant):
-
-2012-04-09  Filip Pizlo  <fpizlo@apple.com>
-
-        Merge r113642 from OpenSource WebKit.
-        <rdar://problem/11204572>
-        
-        Note that the OpenSource changeset included a fix in dfg/DFGOperations.cpp that
-        had already been applied to iOS WebKit.
-
-    2012-04-09  Filip Pizlo  <fpizlo@apple.com>
-    
-            Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks.
-    
-            * offlineasm/armv7.rb:
-    
-2012-04-06  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge r111433 from Open Source WebKit.
-
-        Running some benchmarks without this patch is useless as it changes the profile
-        radically.
-
-    2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
-
-        Cache the type string of JavaScript object
-        https://bugs.webkit.org/show_bug.cgi?id=81446
-
-        Reviewed by Geoffrey Garen.
-
-        Instead of creating the JSString every time, we create
-        lazily the strings in JSGlobalData.
-
-        This avoid the construction of the StringImpl and of the JSString,
-        which gives some performance improvements.
-
-        * runtime/CommonIdentifiers.h:
-        * runtime/JSValue.cpp:
-        (JSC::JSValue::toStringSlowCase):
-        * runtime/Operations.cpp:
-        (JSC::jsTypeStringForValue):
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::SmallStrings):
-        (JSC::SmallStrings::finalizeSmallStrings):
-        (JSC::SmallStrings::initialize):
-        (JSC):
-        * runtime/SmallStrings.h:
-        (SmallStrings):
-
-2012-04-06  Benjamin Poulain  <bpoulain@apple.com>
-
-        Merge r111306 from Open Source WebKit.
-
-    2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
-
-        Simplify SmallStrings
-        https://bugs.webkit.org/show_bug.cgi?id=81445
-
-        Reviewed by Gavin Barraclough.
-
-        SmallStrings had two methods that should not be public: count() and clear().
-
-        The method clear() is effectively replaced by finalizeSmallStrings(). The body
-        of the method was moved to the constructor since the code is obvious.
-
-        The method count() is unused.
-
-        * runtime/SmallStrings.cpp:
-        (JSC::SmallStrings::SmallStrings):
-        * runtime/SmallStrings.h:
-        (SmallStrings):
-
-2012-04-06  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9587937> Switch c++0x and switch from libstdc++ to libc++ when building with clang
-
-        Reviewed by Sam Weinig.
-
-        * Configurations/Base.xcconfig: Set CLANG_CXX_LIBRARY based on
-        REAL_PLATFORM_NAME.
-
-2012-04-04  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/11184606> UIKit-806c85 failed to build in the Innsbruck autoBot for sim
-
-        Reviewed by Matt Lilek.
-
-        * Configurations/Base.xcconfig: Hard-code VALID_ARCHS for
-        iphoneos and iphonesimulator.
-
-2012-04-03  Pratik Solanki  <psolanki@apple.com>
-
-        Merged Open Source WebKit r113113.
-
-    2012-04-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm ARM backend uses the wrong mnemonic for multiply
-        https://bugs.webkit.org/show_bug.cgi?id=83098
-        <rdar://problem/11168744>
-
-        Reviewed by Gavin Barraclough.
-        
-        Use "mul" instead of "muls" since we're passing three operands, not two.
-
-        * offlineasm/armv7.rb:
-
-2012-04-03  Pratik Solanki  <psolanki@apple.com>
-
-        Merged Open Source WebKit r113113.
-
-    2012-04-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm ARM backend uses the wrong mnemonic for multiply
-        https://bugs.webkit.org/show_bug.cgi?id=83098
-        <rdar://problem/11168744>
-
-        Reviewed by Gavin Barraclough.
-        
-        Use "mul" instead of "muls" since we're passing three operands, not two.
-
-        * offlineasm/armv7.rb:
-
-2012-04-03  Pratik Solanki  <psolanki@apple.com>
-
-        Merged Open Source WebKit r113113.
-
-    2012-04-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm ARM backend uses the wrong mnemonic for multiply
-        https://bugs.webkit.org/show_bug.cgi?id=83098
-        <rdar://problem/11168744>
-
-        Reviewed by Gavin Barraclough.
-        
-        Use "mul" instead of "muls" since we're passing three operands, not two.
-
-        * offlineasm/armv7.rb:
-
-2012-04-03  Pratik Solanki  <psolanki@apple.com>
-
-        Merged Open Source WebKit r113113.
-
-    2012-04-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm ARM backend uses the wrong mnemonic for multiply
-        https://bugs.webkit.org/show_bug.cgi?id=83098
-        <rdar://problem/11168744>
-
-        Reviewed by Gavin Barraclough.
-        
-        Use "mul" instead of "muls" since we're passing three operands, not two.
-
-        * offlineasm/armv7.rb:
-
-2012-04-04  Pratik Solanki  <psolanki@apple.com>
-
-        Merged Open Source WebKit r113113.
-
-    2012-04-03  Filip Pizlo  <fpizlo@apple.com>
-
-        Offlineasm ARM backend uses the wrong mnemonic for multiply
-        https://bugs.webkit.org/show_bug.cgi?id=83098
-        <rdar://problem/11168744>
-
-        Reviewed by Gavin Barraclough.
-        
-        Use "mul" instead of "muls" since we're passing three operands, not two.
-
-        * offlineasm/armv7.rb:
-
-2012-04-04  Pratik Solanki  <psolanki@apple.com>
-
-        Merge Open Source WebKit r112285.
-
-    2012-03-27  Pratik Solanki  <psolanki@apple.com>
-
-        Compiler warning when JIT is not enabled
-        https://bugs.webkit.org/show_bug.cgi?id=82352
-
-        Reviewed by Filip Pizlo.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::create):
-
-2012-04-04  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/11142625> iOS WebKit merge: stabilizing merge branch to ToT r111184
-
-        Merge up to OpenSource WebKit r111184.
-
-2012-04-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/10429650> Remove resources from JavaScriptCore.framework in carrier/customer images
-
-        Reviewed by David Carson.
-
-        This patch sets SKIP_INSTALL=YES for testRegExp to prevent its
-        installation.  Previously, SKIP_INSTALL was set to NO in the
-        Xcode project file, overriding the setting in
-        ToolExecutable.xcconfig and causing testRegExp to be installed.
-
-        The remaining changes are simply removing duplicate settings in
-        the Xcode project file that are already in JSC.xcconfig or
-        ToolExecutable.xcconfig.
-
-        * Configurations/ToolExecutable.xcconfig: Added
-        CODE_SIGN_ENTITLEMENTS for iphoneos platform.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        (testRegExp Production_Deployment): Remove INSTALL_PATH_* and
-        SKIP_INSTALL macros.
-        (testRegExp Production_Hardware): Remove CODE_SIGN_ENTITLEMENTS,
-        INSTALL_PATH and SKIP_INSTALL macros.
-        (minidom Production_Hardware): Remove CODE_SIGN_ENTITLEMENTS.
-        (jsc Production_Hardware): Remove CODE_SIGN_ENTITLEMENTS,
-        INSTALL_PATH and SKIP_INSTALL macros.
-        (minidom Development_Hardware): Remove CODE_SIGN_ENTITLEMENTS.
-        (testapi Development): Remove INSTALL_PATH_* macros.
-        (jsc Development): Ditto.
-        (minidom Deployment_Hardware): Remove CODE_SIGN_ENTITLEMENTS.
-        (testapi Deployment): Ditto.
-        (jsc Deployment): Ditto.
-        (testapi Production_Deployment): Remove INSTALL_PATH_* and
-        SKIP_INSTALL macros.
-        (jsc Production_Deployment): Ditto.
-
-2012-03-29  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Merge ToT WebKit r112595.
- 
-    2012-03-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for non-x86 platforms.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-
-2012-03-29  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Merge ToT WebKit r112595.
- 
-    2012-03-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for non-x86 platforms.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-
-2012-03-29  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Merge ToT WebKit r112595.
- 
-    2012-03-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for non-x86 platforms.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-
-2012-03-29  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Merge ToT WebKit r112595.
- 
-    2012-03-29  Filip Pizlo  <fpizlo@apple.com>
-
-        Unreviewed build fix for non-x86 platforms.
-
-        * dfg/DFGSpeculativeJIT.cpp:
-        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::callOperation):
-        * jit/JITArithmetic32_64.cpp:
-        (JSC::JIT::emitSlow_op_mod):
-
-2012-03-28  David Kilzer  <ddkilzer@apple.com>
-
-        minidom configurations should be based on ToolExecutable.xcconfig
-        <http://webkit.org/b/82513>
-
-        Merged ToT WebKit r112496.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        - Base all iOS configurations for minidom on
-          ToolExecutable.xcconfig.
-        - Remove redundant variables in iOS configurations for minidom:
-          INSTALL_PATH, INSTALL_PATH_ACTUAL, PRODUCT_NAME, SKIP_INSTALL.
-
-    2012-03-28  David Kilzer  <ddkilzer@apple.com>
-
-        minidom configurations should be based on ToolExecutable.xcconfig
-        <http://webkit.org/b/82513>
-
-        Reviewed by Mark Rowe.
-
-        Note that this patch changes minidom from being installed in
-        /usr/local/bin to JavaScriptCore.framework/Resources.
-
-        * Configurations/ToolExecutable.xcconfig: Add semi-colon.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
-        configurations on ToolExecutable.xcconfig.  Remove redundant
-        PRODUCT_NAME and SKIP_INSTALL variables.
-
-2012-03-28  David Kilzer  <ddkilzer@apple.com>
-
-        Make Debug/Release/Production configurations work with iOS JavaScriptCore
-
-        Reviewed by Joseph Pecoraro.
-
-        Part of: <rdar://problem/10568199> WebKit: Switch to Debug/Release/Production configurations for iphoneos and iphonesimulator builds
-
-        This change makes Debug, Release and Production configurations
-        work when building from Xcode and ~rc/bin/buildit and targeting
-        an iOS SDK.  The Development, Deployment, Production_Deployment
-        configurations and the Development_Hardware, Deployment_Hardware
-        and Production_Hardware configurations still work, but will be
-        removed once B&I switches over to Production targets and once
-        build-webkit is updated to use Debug and Release for local iOS
-        engineering builds.
-
-        The only real change in B&I builds is that testRegExp is no
-        longer installed when building for the iphoneos platform, which
-        matches OS X builds.
-
-        * Configurations/Base.xcconfig:
-        - Include iOS.xcconfig.
-        - Fix VALID_ARCHS for each platform.
-        - Define INSTALL_PATH for OS X builds just like it's defined in
-          AspenFamily.xcconfig.  This makes it possible to define the
-          install path only once for both iOS and OS X, and makes the
-          definition of INSTALL_PATH* variables much simpler in other
-          xcconfig files.
-        * Configurations/Indigo.xcconfig: Removed.  This isn't needed
-          anymore since AspenFamily.xcconfig is included in
-          Base.xcconfig via iOS.xcconfig.
-        * Configurations/JSC.xcconfig: Rename INSTALL_PATH to
-          INSTALL_PATH_ACTUAL.  Use .../Resources instead of
-          .../Versions/A/Resources since the former works on both iOS
-          and OS X.  ToolExecutable.xcconfig already does this.
-        * Configurations/JavaScriptCore.xcconfig: Simplify the
-          INSTALL_PATH mess.  (This is what can happen if INSTALL_PATH
-          is not defined in Base.xcconfig.)
-        * Configurations/ToolExecutable.xcconfig: Rename INSTALL_PATH to
-          INSTALL_PATH_ACTUAL.
-        * Configurations/iOS.xcconfig: Use this xcconfig file to obscure
-          the path to and name of AspenFamily.xcconfig.  Normally it
-          would have been removed just like Indigo.xcconfig, but we want
-          to repurpose it.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        - Remove references to IndigoSDK.xcconfig and AspenSDK.xcconfig.
-          These are AppleInternal files that are not part of the
-          project.  They were originally added for convenience.
-        - Remove Indigo.xcconfig since it was deleted.
-        - Update the base xcconfig files for targets in the legacy iOS
-          configurations.  The iOS configurations now match their Debug,
-          Release, and Production counterparts.
-
-2012-03-28  David Kilzer  <ddkilzer@apple.com>
-
-        Let Xcode 4.5 update the JavaScriptCore project file
-
-        Reviewed by Pratik Solanki.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        - Remove references to non-existent AllocationSpace.{h|cpp}
-          files.
-        - Re-sort Development configuration for JSCLLIntOffsetsExtractor
-          by UUID.
-        - Fix the configuration names in the "LLInt Offsets" target.
-
-2012-03-27  David Kilzer  <ddkilzer@apple.com>
-
-        Fix path setting for ios folder
-
-        Rubber-stamped by Anders Carlsson.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-27  David Kilzer  <ddkilzer@apple.com>
-
-        Remove duplicate copy of CommonSlowPaths.h
-
-        Reviewed by Joseph Pecoraro.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-27  Matt Lilek  <mrl@apple.com>
-
-        <rdar://problem/11124194> JavaScriptCore-1049 fails to build with clang-421.1.5 due to -fno-var-tracking flag
-    
-        Merge OpenSource r112313.
-
-    2012-03-27  Matt Lilek  <mrl@apple.com>
-
-        Stop compiling Interpreter.cpp with -fno-var-tracking
-        https://bugs.webkit.org/show_bug.cgi?id=82299
-
-        Reviewed by Anders Carlsson.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2012-03-23  Alexey Proskuryakov  <ap@apple.com>
-
-    <rdar://problem/8268351> Enable BLOB
-
-    Merge OpenSource r111931.
-
-    2012-03-23  Alexey Proskuryakov  <ap@apple.com>
-    
-            [Mac] No need for platform-specific ENABLE_BLOB values
-            https://bugs.webkit.org/show_bug.cgi?id=82102
-    
-            Reviewed by David Kilzer.
-    
-            * Configurations/FeatureDefines.xcconfig:
-
-2012-03-21  Filip Pizlo  <fpizlo@apple.com>
-
-        GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
-        the process of being generated
-        https://bugs.webkit.org/show_bug.cgi?id=81565
-        <rdar://problem/10987024>
-
-        Reviewed by Oliver Hunt.
-        
-        Merge OpenSource r111264.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::finalizeUnconditionally):
-
-2012-03-20  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/11083923> Having LLINT enabled without JIT entitlements results in crashes
-
-    Merge OpenSource r111431
-
-    2012-03-20  Oliver Hunt  <oliver@apple.com>
-
-            Allow LLINT to work even when executable allocation fails.
-            https://bugs.webkit.org/show_bug.cgi?id=81693
-
-            Reviewed by Gavin Barraclough.
-
-            Don't crash if executable allocation fails if we can fall back on LLINT
-
-            * jit/ExecutableAllocatorFixedVMPool.cpp:
-            (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
-            * wtf/OSAllocatorPosix.cpp:
-            (WTF::OSAllocator::reserveAndCommit):
-
-2012-03-19  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/11077141> iOS WebKit merge: stabilizing merge branch to ToT r110032
-
-        Merge up to OpenSource WebKit r110032.
-
-        Also needed to pull in ARMv7 fix from r110751 to ensure we have a working JIT.
-
-2012-03-16  Matt Lilek  <mrl@apple.com>
-
-        <rdar://problem/11013563> WeatherApp fails to build in xcodebuild due to warnings about ENABLE_INSPECTOR being redefined
-
-        ENABLE_INSPECTOR is already defined above and since we don't need to worry about armv6 anymore, we can use the logic
-        above to handle ENABLE_PURGEABLE_MEMORY.
-
-        Reviewed by Paul Knight and Joseph Pecoraro.
-
-        * wtf/Platform.h:
-
-2012-03-16  Matt Lilek  <mrl@apple.com>
-
-        <rdar://problem/11055309> JavaScriptCore-1044 fails to build with clang-421.1.4: pre-UAL syntax in inline assembly
-
-        Reviewed by Geoff Garen.
-
-        * dfg/DFGOperations.cpp:
-        (JSC):
-
-2012-03-08  Matt Lilek  <mrl@apple.com>
-
-    <rdar://problem/10821239> ENABLE_VIDEO_TRACK should not be defined for iOS
-
-    Merge OpenSource r110212.
-
-    2012-03-08  Matt Lilek  <mrl@apple.com>
-
-            Don't enable VIDEO_TRACK on all OS X platforms
-            https://bugs.webkit.org/show_bug.cgi?id=80635
-
-            Reviewed by Eric Carlson.
-
-            * Configurations/FeatureDefines.xcconfig:
-
-2012-03-04  David Kilzer  <ddkilzer@apple.com>
-
-        Fix build when the classic interpreter is enabled
-
-        Merged ToT WebKit r109678.
-
-    2012-03-04  David Kilzer  <ddkilzer@apple.com>
-
-        Fix build when the classic interpreter is enabled
-
-        Reviewed by Gavin Barraclough.
-
-        Fixes the following build error when running the "Generate
-        Derived Sources" build phase script:
-
-            offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
-            ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
-                    from JavaScriptCore/offlineasm/asm.rb:131
-            Command /bin/sh failed with exit code 1
-
-        Gavin's fix in r109674 avoided the #error statement in
-        JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
-        caused the "Generate Derived Sources" build phase script to fail
-        when JavaScriptCore/offlineasm/asm.rb was run.  The solution is
-        to detect when the classic interpreter is being built and simply
-        exit early from asm.rb in that case.
-
-        * llint/LLIntOffsetsExtractor.cpp:
-        (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
-        JIT is disabled.  Note that offsets.rb doesn't care about the
-        return value here, but instead it cares about finding the magic
-        values in the binary.  The magic values are no longer present
-        when the JIT is disabled.
-        * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
-        early with a status message.
-        * offlineasm/offsets.rb:
-        (MissingMagicValuesException): Add new exception class.
-        (offsetsAndConfigurationIndex): Throw
-        MissingMagicValuesException when no magic values are found.
-
-2012-03-04  Gavin Barraclough  <barraclough@apple.com>
-
-        Merge ToT r109674 - this fixes the Innsbruck build.
-
-    2012-03-04  Gavin Barraclough  <barraclough@apple.com>
-
-            Unreviewed build fix.
-
-            * jit/JITStubs.h:
-                - Move ENABLE(JIT) to head of file.
-
-2012-03-02  Filip Pizlo  <fpizlo@apple.com>
-
-        Cherry-pick merge of r109519 and r109522. <rdar://problem/10974632>
-
-    2012-03-02  Filip Pizlo  <fpizlo@apple.com>
-    
-            Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
-    
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::visitAggregate):
-    
-    2012-03-01  Filip Pizlo  <fpizlo@apple.com>
-    
-            DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
-            virtue of being in the transitive closure
-            https://bugs.webkit.org/show_bug.cgi?id=80098
-     
-            Reviewed by Anders Carlsson.
-            
-            If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
-            then you might have the visitAggregate() method called concurrently by multiple threads.
-            This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
-            racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
-            due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
-            
-            It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
-            not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
-            any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
-            Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
-            don't lead to two threads racing over each other as they clobber state. This patch
-            achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
-            trivially linearizable) will get to trace the CodeBlock; all other threads give up and
-            go home.
-            
-            Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
-            times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
-            even when it's gotten sufficient counts. But that takes a while - sometimes up to a
-            minute to get a crash. I have no other reliable repro case.
-    
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::visitAggregate):
-            * bytecode/CodeBlock.h:
-            (DFGData):
-            * heap/DFGCodeBlocks.cpp:
-            (JSC::DFGCodeBlocks::clearMarks):
-    
-    2012-03-01  Filip Pizlo  <fpizlo@apple.com>
-
-        Fix the build of universal binary with ARMv7s of JavaScriptCore
-
-        * llint/LLIntOfflineAsmConfig.h:
-        * llint/LowLevelInterpreter.asm:
-
-2012-02-29  Benjamin Poulain  <bpoulain@apple.com>
-
-        Stabilization: fix the debug/development build
-
-        Reviewed by David Kilzer.
-
-        On iOS, there is an extra assertion for pthread_main_np(). This was failing in
-        Debug due to the function being undefined.
-
-        * wtf/text/StringStatics.cpp:
-
-2012-03-01  Benjamin Poulain  <bpoulain@apple.com>
-
-        <rdar://problem/10922144> iOS WebKit merge: stabilizing merge branch to ToT r108448 or later (to pick up LLInt)
-
-        Integrate the merge branch of Matt up to OpenSource WebKit r109201.
-
-2012-02-28  Benjamin Poulain  <bpoulain@apple.com>
-
-        <rdar://problem/8976264> MobileSafari should switch to client-based geolocation
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig: Enable Client Based Geolocation.
-
-2012-02-28  Dean Jackson  <dino@apple.com>
-
-        <rdar://problem/10042073> Make CSS filters work on iOS
-
-        Reviewed by Joseph Pecoraro.
-
-        Turn ENABLE_CSS_FILTERS on for iOS.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2012-02-27  Tim Horton  <timothy_horton@apple.com>
-
-        <rdar://problem/6136646> iOS: Enable SVG filters
-
-        Reviewed by Dean Jackson.
-
-        Enable SVG filters.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2012-02-24  Chris Marrin  <cmarrin@apple.com>
-
-        Make requestAnimationFrame work on iOS (change CVDisplayLink to CADisplayLink)
-        <rdar://problem/10406593>
-
-        Turn on requestAnimationFrame flags for iOS
-
-        Reviewed by Dean Jackson.
-
-        * wtf/Platform.h:
-
-2012-02-23  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/10922577> Define WTF_USE_COREMEDIA on Sundance only
-
-        Reviewed by Simon Fraser.
-
-        This allows us to build and run ToT WebKit on Hoodoo. USE(COREMEDIA) code requires header
-        files that are not present on Hoodoo.
-
-        * wtf/Platform.h:
-
-2012-02-23  Benjamin Poulain  <bpoulain@apple.com>
-
-        Remove JavaScriptCore.exp
-
-        Reviewed by Joseph Pecoraro.
-
-        For some reason, the file was not deleted in the merge branch. It was supposed
-        to disappear following https://bugs.webkit.org/show_bug.cgi?id=72854
-
-        * JavaScriptCore.exp: Removed.
-
-2012-02-22  Benjamin Poulain <bpoulain@apple.com>
-
-        Merge Open Source WebKit r108432.
-
-    2012-02-21  Oliver Hunt  <oliver@apple.com>
-
-        Unbreak double-typed arrays on ARMv7
-        https://bugs.webkit.org/show_bug.cgi?id=79177
-
-        Reviewed by Gavin Barraclough.
-
-        The existing code had completely broken address arithmetic.
-
-        * JSCTypedArrayStubs.h:
-        (JSC):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::storeDouble):
-        (JSC::MacroAssemblerARMv7::storeFloat):
-
-2012-02-15  Jer Noble  <jer.noble@apple.com>
-
-        <rdar://problem/10326923> Support HTML5 media synchronization through AVFoundation
-
-        Merged ToT revisions 106978, 106996
-
-    2012-02-06 Jer Noble <jer.noble@apple.com>
-
-        Use CMClock as a timing source for PlatformClock where available.
-
-        https://bugs.webkit.org/show_bug.cgi?id=77885
-
-        Reviewed by Eric Carlson.
-
-        * wtf/Platform.h: Added WTF_USE_COREMEDIA.
-
-2012-02-14  Michael Saboff  <msaboff@apple.com>
-
-        Merged TOT revision 107400
-
-    2012-02-10  Michael Saboff  <msaboff@apple.com>
-
-            Yarr assert with regexp where alternative in *-quantified group matches empty
-            https://bugs.webkit.org/show_bug.cgi?id=67752        
-
-            Reviewed by Gavin Barraclough.
-
-            Added backtracking for the prior alternative if it matched
-            but didn't consume any input characters.
-
-            * yarr/YarrJIT.cpp:
-            (YarrOp): New jump.
-            (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
-            when an alternative matches and no input was consumed.  Moved the
-            zero length match check for a set of alternatives to the alternative
-            code from the parentheses cases to the alternative end cases.
-            Converted the existing zero length checks in the parentheses cases
-            to runtime assertion checks.
-            (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
-            to prior term.
-
-2012-02-14  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/10861737> Unexpected syntax error
-
-        Merge ToT r106297
-
-    2012-01-30  Oliver Hunt  <oliver@apple.com>
-
-        Unexpected syntax error
-        https://bugs.webkit.org/show_bug.cgi?id=77340
-
-        Reviewed by Gavin Barraclough.
-
-        Function calls and new expressions have the same semantics for
-        assignment, so should simply share their lhs handling.
-
-        * parser/Parser.cpp:
-        (JSC::::parseMemberExpression):
-
-2012-02-14  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/10861648> Make DFG update topCallFrame
-
-        Merge ToT r105905
-
-    2012-01-24  Oliver Hunt  <oliver@apple.com>
-
-        Make DFG update topCallFrame
-        https://bugs.webkit.org/show_bug.cgi?id=76969
-
-        Reviewed by Filip Pizlo.
-
-        Add NativeCallFrameTracer to manage topCallFrame assignment
-        in the DFG operations, and make use of it.
-
-        * dfg/DFGOperations.cpp:
-        (JSC::DFG::operationPutByValInternal):
-        ():
-        * interpreter/Interpreter.h:
-        (JSC):
-        (NativeCallFrameTracer):
-        (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
-
-2012-02-14  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/10861562> GetByteArrayLength is incorrect
-
-        Merged ToT r104324 
-
-    2012-01-06  Oliver Hunt  <oliver@apple.com>
-
-        GetByteArrayLength is incorrect
-        https://bugs.webkit.org/show_bug.cgi?id=75735
-
-        Reviewed by Filip Pizlo.
-
-        Load the byte array length from the correct location.
-        This stops an existing test from hanging.
-
-        * dfg/DFGSpeculativeJIT32_64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-        * dfg/DFGSpeculativeJIT64.cpp:
-        (JSC::DFG::SpeculativeJIT::compile):
-
-2012-02-13  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/10853544> Get ToT WebKit to compile on Hoodoo
-
-        Reviewed by Scott Grant.
-
-        * wtf/Platform.h:
-
-2012-02-13  Gavin Barraclough  <barraclough@apple.com>
-
-        Merged TOT revisions 106512, 106748, 106783, 106999
-
-    2012-02-07  Gavin Barraclough  <barraclough@apple.com>
-    
-            Crash on http://www.rickshawbags.com/
-            https://bugs.webkit.org/show_bug.cgi?id=78045
-    
-            Reviewed by Darin Adler.
-    
-            Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
-            
-            This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
-            isVariableObject() checks were excluding StaticScopeObjects, this patch
-            inadvertently changed them to be included.
-    
-            * runtime/JSType.h:
-                - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
-                  and thus is excluded from isVariableObject() checks.
-    
-    2012-02-05  Gavin Barraclough  <barraclough@apple.com>
-
-            Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
-            https://bugs.webkit.org/show_bug.cgi?id=77451
-
-            Reviewed by Sam Weinig.
-
-            These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
-            Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
-
-            * JavaScriptCore.exp:
-            * debugger/DebuggerActivation.cpp:
-            (JSC::DebuggerActivation::defineOwnProperty):
-            * debugger/DebuggerActivation.h:
-            (DebuggerActivation):
-            * runtime/ClassInfo.h:
-            (MethodTable):
-            (JSC):
-            * runtime/JSBoundFunction.cpp:
-            (JSC::JSBoundFunction::finishCreation):
-            * runtime/JSCell.cpp:
-            (JSC):
-            * runtime/JSCell.h:
-            (JSCell):
-            * runtime/JSFunction.cpp:
-            (JSC::JSFunction::getOwnPropertySlot):
-            (JSC::JSFunction::getOwnPropertyDescriptor):
-            * runtime/JSGlobalObject.cpp:
-            (JSC::JSGlobalObject::defineOwnProperty):
-            (JSC):
-            * runtime/JSGlobalObject.h:
-            (JSGlobalObject):
-            * runtime/JSObject.cpp:
-            (JSC):
-            * runtime/JSObject.h:
-            (JSObject):
-            * runtime/ObjectPrototype.cpp:
-            (JSC::objectProtoFuncDefineGetter):
-            (JSC::objectProtoFuncDefineSetter):
-            (JSC::objectProtoFuncLookupGetter):
-            (JSC::objectProtoFuncLookupSetter):
-
-    2012-02-04  Gavin Barraclough  <barraclough@apple.com>
-    
-            Rubber stamped by Sam Weinig.
-    
-            * yarr/YarrPattern.cpp:
-            (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
-                - Fix comment.
-    
-    2012-02-01  Gavin Barraclough  <barraclough@apple.com>
-
-            calling function on catch block scope containing an eval result in wrong this value being passed
-            https://bugs.webkit.org/show_bug.cgi?id=77581
-
-            Reviewed by Oliver Hunt.
-
-            javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
-
-            * bytecompiler/NodesCodegen.cpp:
-            (JSC::TryNode::emitBytecode):
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::execute):
-            * parser/ASTBuilder.h:
-            (JSC::ASTBuilder::createTryStatement):
-            * parser/NodeConstructors.h:
-            (JSC::TryNode::TryNode):
-            * parser/Nodes.h:
-            (TryNode):
-            * parser/Parser.cpp:
-            (JSC::::parseTryStatement):
-            * parser/SyntaxChecker.h:
-            (JSC::SyntaxChecker::createTryStatement):
-            * runtime/JSObject.h:
-            (JSObject):
-            (JSC::JSObject::isStaticScopeObject):
-            (JSC):
-
-2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-
-        Merged WebKit ToT r107492.
-
-    2012-02-11  Filip Pizlo  <fpizlo@apple.com>
-    
-            [DFG] Misuse of WeakJSConstants in silentFillGPR code.
-            https://bugs.webkit.org/show_bug.cgi?id=78423
-            <rdar://problem/10849353> <rdar://problem/10804043>
-    
-            Reviewed by Sam Weinig.
-            
-            The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
-            This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
-            hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
-    
-            * dfg/DFGSpeculativeJIT.h:
-            (JSC::DFG::SpeculativeJIT::silentFillGPR):
-    
-2012-02-10  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merging WebKit ToT r106676 r106677
-
-    2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Refactor MarkedBlock::SizeClass into a separate class
-        https://bugs.webkit.org/show_bug.cgi?id=77600
-
-        Reviewed by Geoffrey Garen.
-
-        We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
-        the responsibility of allocating objects from the collection of MarkedBlocks 
-        that it manages. Also limited the amount of coupling to internal data fields 
-        from other places, although it's mostly unavoidable in the JIT code.
-
-        Eventually MarkedAllocator will implement various policies to do with object 
-        management, e.g. whether or not to run destructors on objects that it manages.
-        MarkedSpace will manage a collection of MarkedAllocators with varying policies,
-        as it does now but to a larger extent. 
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * dfg/DFGSpeculativeJIT.h:
-        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
-        * heap/Heap.cpp:
-        (JSC::Heap::collect):
-        (JSC::Heap::resetAllocators):
-        * heap/Heap.h:
-        (JSC::Heap::allocatorForObject):
-        (Heap):
-        * heap/MarkedAllocator.cpp: Added.
-        (JSC):
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::tryAllocate):
-        (JSC::MarkedAllocator::allocateSlowCase):
-        (JSC::MarkedAllocator::allocateBlock):
-        (JSC::MarkedAllocator::addBlock):
-        (JSC::MarkedAllocator::removeBlock):
-        * heap/MarkedAllocator.h: Added.
-        (JSC):
-        (DFG):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::cellSize):
-        (JSC::MarkedAllocator::heap):
-        (JSC::MarkedAllocator::setHeap):
-        (JSC::MarkedAllocator::setCellSize):
-        (JSC::MarkedAllocator::setMarkedSpace):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::allocate):
-        (JSC::MarkedAllocator::reset):
-        (JSC::MarkedAllocator::zapFreeList):
-        (JSC::MarkedAllocator::forEachBlock):
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        (JSC::MarkedSpace::resetAllocators):
-        (JSC::MarkedSpace::canonicalizeCellLivenessData):
-        (JSC::TakeIfUnmarked::operator()):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::allocatorFor):
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::forEachBlock):
-        (JSC::MarkedSpace::didAddBlock):
-        (JSC::MarkedSpace::didConsumeFreeList):
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitAllocateBasicJSObject):
-
-    2012-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Build fix
-
-        Unreviewed build fix
-
-        Forgot to add a couple files.
-
-        * heap/MarkedAllocator.cpp: Added.
-        (JSC):
-        (JSC::MarkedAllocator::tryAllocateHelper):
-        (JSC::MarkedAllocator::tryAllocate):
-        (JSC::MarkedAllocator::allocateSlowCase):
-        (JSC::MarkedAllocator::allocateBlock):
-        (JSC::MarkedAllocator::addBlock):
-        (JSC::MarkedAllocator::removeBlock):
-        * heap/MarkedAllocator.h: Added.
-        (JSC):
-        (DFG):
-        (MarkedAllocator):
-        (JSC::MarkedAllocator::cellSize):
-        (JSC::MarkedAllocator::heap):
-        (JSC::MarkedAllocator::setHeap):
-        (JSC::MarkedAllocator::setCellSize):
-        (JSC::MarkedAllocator::setMarkedSpace):
-        (JSC::MarkedAllocator::MarkedAllocator):
-        (JSC::MarkedAllocator::allocate):
-        (JSC::MarkedAllocator::reset):
-        (JSC::MarkedAllocator::zapFreeList):
-        (JSC::MarkedAllocator::forEachBlock):
-
-
-2012-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-       Merged ToT WebKit r106078
-
-    2012-01-26  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-       Merge AllocationSpace into MarkedSpace
-       https://bugs.webkit.org/show_bug.cgi?id=77116
-
-       Reviewed by NOBODY (OOPS!).
-
-       Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to 
-       MarkedSpace allocation.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.exp:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/AllocationSpace.cpp: Removed.
-        * heap/AllocationSpace.h: Removed.
-        * heap/BumpSpace.h:
-        (BumpSpace):
-        * heap/Heap.h:
-        (JSC::Heap::objectSpace):
-        (Heap):
-        ():
-        * heap/HeapBlock.h:
-        ():
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::tryAllocateHelper):
-        (JSC):
-        (JSC::MarkedSpace::tryAllocate):
-        (JSC::MarkedSpace::allocateSlowCase):
-        (JSC::MarkedSpace::allocateBlock):
-        (JSC::MarkedSpace::freeBlocks):
-        (TakeIfUnmarked):
-        (JSC::TakeIfUnmarked::TakeIfUnmarked):
-        (JSC::TakeIfUnmarked::operator()):
-        (JSC::TakeIfUnmarked::returnValue):
-        (JSC::MarkedSpace::shrink):
-        (GatherDirtyCells):
-        (JSC::GatherDirtyCells::returnValue):
-        (JSC::GatherDirtyCells::GatherDirtyCells):
-        (JSC::GatherDirtyCells::operator()):
-        (JSC::MarkedSpace::gatherDirtyCells):
-        * heap/MarkedSpace.h:
-        (MarkedSpace):
-        (JSC::MarkedSpace::blocks):
-        (JSC::MarkedSpace::forEachCell):
-        (JSC):
-        (JSC::MarkedSpace::allocate):
-
-2012-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merged ToT r105638
-
-    2012-01-23  Mark Hahnenberg  <mhahnenberg@apple.com> 
-
-        Remove StackBounds from JSGlobalData 
-        https://bugs.webkit.org/show_bug.cgi?id=76310 
-
-        Reviewed by Sam Weinig. 
-
-        Removed StackBounds and the stack() function from JSGlobalData since it no  
-        longer accessed any members of JSGlobalData. 
-
-        * bytecompiler/BytecodeGenerator.cpp: 
-        (JSC::BytecodeGenerator::BytecodeGenerator): 
-        * heap/MachineStackMarker.cpp: 
-        (JSC::MachineThreads::addCurrentThread): 
-        (JSC::MachineThreads::gatherFromCurrentThread): 
-        * parser/Parser.cpp: 
-        (JSC::::Parser): 
-        * runtime/JSGlobalData.cpp: 
-        (JSC::JSGlobalData::JSGlobalData): 
-        * runtime/JSGlobalData.h: 
-
-2012-02-02  Michael Saboff  <msaboff@apple.com>
-
-        Merged TOT revision 106521
-
-    2012-02-01  Michael Saboff  <msaboff@apple.com>
-
-            Yarr crash with regexp replace
-            https://bugs.webkit.org/show_bug.cgi?id=67454
-
-            Reviewed by Gavin Barraclough.
-
-            Properly handle the case of a back reference to an unmatched
-            subpattern by always matching without consuming any characters.
-
-            * yarr/YarrInterpreter.cpp:
-            (JSC::Yarr::Interpreter::matchBackReference):
-            (JSC::Yarr::Interpreter::backtrackBackReference):
-
-2012-02-01  Michael Saboff  <msaboff@apple.com>
-
-        Merged TOT revision 106417
-
-    2012-01-31  Michael Saboff  <msaboff@apple.com>
-
-            StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
-            https://bugs.webkit.org/show_bug.cgi?id=76647
-
-            Reviewed by Darin Adler.
-
-            Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
-            to stringProtoFuncToLowerCase().  Fixed StringImpl::upper() to handle to special
-            cases.  One case is s-sharp (0xdf) which converts to "SS".  The other case is 
-            for characters which become 16 bit values when converted to upper case.  For
-            those, we up convert the the source string and use the 16 bit path.
-
-            * runtime/StringPrototype.cpp:
-            (JSC::stringProtoFuncToUpperCase):
-            * wtf/text/StringImpl.cpp:
-            (WTF::StringImpl::upper):
-            * wtf/unicode/CharacterNames.h:
-            (smallLetterSharpS): New constant
-
-2012-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Merged ToT r106496.
-
-    2012-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Replace JSArray destructor with finalizer
-        https://bugs.webkit.org/show_bug.cgi?id=77488
-
-        Reviewed by Geoffrey Garen.
-
-        * JavaScriptCore.exp:
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::finalize): Added finalizer.
-        (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
-        (JSC):
-        (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
-        (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode 
-        because the old name was confusing because we could have a sparse array that never 
-        called enterSparseMode.
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::setLengthWritable):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        * runtime/JSArray.h:
-        (JSArray):
-
-2012-01-30  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged TOT revision 106429.
-
-    2012-01-30  Geoffrey Garen  <ggaren@apple.com>
-
-            Stop using -fomit-frame-pointer
-            https://bugs.webkit.org/show_bug.cgi?id=77403
-            
-            Reviewed by Filip Pizlo.
-            
-            JavaScriptCore is too fast. I'm just the man to fix it.
-
-            * Configurations/JavaScriptCore.xcconfig:
-
-2012-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Merged ToT WebKit r105816
-
-        2012-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Use copying collector for out-of-line JSObject property storage
-            https://bugs.webkit.org/show_bug.cgi?id=76665
-
-            Reviewed by Geoffrey Garen.
-
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
-            Also added a temporary variable to avoid warnings from GCC.
-            (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
-            operator new. Also added a temporary variable to avoid warnings from GCC.
-            * runtime/JSObject.h:
-
-2012-01-31  Michael Saboff  <msaboff@apple.com>
-
-        Merged TOT revision 106370.
-
-    2012-01-31  Michael Saboff  <msaboff@apple.com>
-
-            ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
-            https://bugs.webkit.org/show_bug.cgi?id=77443
-
-            Reviewed by NOBODY (OOPS!).
-
-            Removed failing ASSERT() and thus destructor.  The ASSERT isn't needed.
-            We are hitting it in the YARR JIT case where we bail out and go to the
-            interpreter with a partially JIT'ed function.  Since we haven't linked
-            the JIT'ed code, there is likely to be some unresolved jumps in the vector
-            when the ARMv7Assembler destructor is called.  For the case where we
-            complete the JIT process, we clear the vector at the end of
-            LinkBuffer::linkCode (LinkBuffer.h:292).
-
-            * assembler/ARMv7Assembler.h:
-            (ARMv7Assembler):
-
-2012-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-            Merged ToT WebKit r105442
-
-        2012-01-19  Mark Hahnenberg  <mhahnenberg@apple.com> 
-
-            Implement a new allocator for backing stores 
-            https://bugs.webkit.org/show_bug.cgi?id=75181 
-
-            Reviewed by Filip Pizlo.
-
-            We want to move away from using fastMalloc for the backing stores for 
-            some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing 
-            stores have a nice property in that they only have a single owner (i.e. a 
-            single pointer to them at any one time). One way that we can take advantage 
-            of this property is to implement a simple bump allocator/copying collector, 
-            which will run alongside our normal mark/sweep collector, that only needs to 
-            update the single owner pointer rather than having to redirect an arbitrary 
-            number of pointers in from-space to to-space.
-
-            This plan can give us a number of benefits. We can beat fastMalloc in terms 
-            of both performance and memory usage, we can track how much memory we're using 
-            far more accurately than our rough estimation now through the use of 
-            reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed 
-            to being limited to size classes like we have been historically). This is also 
-            another step toward moving away from lazy destruction, which will improve our memory footprint.
-            We start by creating said allocator and moving the ArrayStorage for JSArray 
-            to use it rather than fastMalloc.
-
-            The design of the collector is as follows:
-            Allocation:
-            -The collector allocates 64KB chunks from the OS to use for object allocation.
-            -Each chunk contains an offset, a flag indicating if the block has been pinned, 
-            and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
-            -Any allocation greater than 64KB gets its own separate oversize block, which 
-            is managed separately from the rest.
-            -If the allocator receives a request for more than the remaining amount in the 
-            current block, it grabs a fresh block.
-            -Grabbing a fresh block means grabbing one off of the global free list (which is now 
-            shared between the mark/sweep allocator and the bump allocator) if there is one. 
-            If there isn't a new one we do one of two things: allocate a new block from the OS 
-            if we're not ready for a GC yet, or run a GC and then try again. If we still don't 
-            have enough space after the GC, we allocate a new block from the OS.
-
-            Garbage collection:
-            -At the start of garbage collection during conservative stack scanning, if we encounter 
-            what appears to be a pointer to a bump-allocated block of memory, we pin that block so 
-            that it will not be copied for this round of collection.
-            -We also pin any oversize blocks that we encounter, which effectively doubles as a 
-            "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying 
-            are given back to the OS.
-            -Marking threads are now also responsible for copying bump-allocated objects to newSpace
-            -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
-            -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
-            -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
-            -At the conclusion of copying (which is done by the end of the marking phase), we un-pin 
-            any pinned blocks and give any blocks left in from-space to the global free list.
-
-        * CMakeLists.txt:
-        * GNUmakefile.list.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * Target.pri:
-        * heap/AllocationSpace.cpp:
-        (JSC::AllocationSpace::allocateSlowCase):
-        (JSC::AllocationSpace::allocateBlock):
-        (JSC::AllocationSpace::freeBlocks):
-        * heap/AllocationSpace.h:
-        (JSC::AllocationSpace::waterMark):
-        * heap/BumpBlock.h: Added.
-        (JSC::BumpBlock::BumpBlock):
-        * heap/BumpSpace.cpp: Added.
-        (JSC::BumpSpace::tryAllocateSlowCase):
-        * heap/BumpSpace.h: Added.
-        (JSC::BumpSpace::isInCopyPhase):
-        (JSC::BumpSpace::totalMemoryAllocated):
-        (JSC::BumpSpace::totalMemoryUtilized):
-        * heap/BumpSpaceInlineMethods.h: Added.
-        (JSC::BumpSpace::BumpSpace):
-        (JSC::BumpSpace::init):
-        (JSC::BumpSpace::contains):
-        (JSC::BumpSpace::pin):
-        (JSC::BumpSpace::startedCopying):
-        (JSC::BumpSpace::doneCopying):
-        (JSC::BumpSpace::doneFillingBlock):
-        (JSC::BumpSpace::recycleBlock):
-        (JSC::BumpSpace::getFreshBlock):
-        (JSC::BumpSpace::borrowBlock):
-        (JSC::BumpSpace::addNewBlock):
-        (JSC::BumpSpace::allocateNewBlock):
-        (JSC::BumpSpace::fitsInBlock):
-        (JSC::BumpSpace::fitsInCurrentBlock):
-        (JSC::BumpSpace::tryAllocate):
-        (JSC::BumpSpace::tryAllocateOversize):
-        (JSC::BumpSpace::allocateFromBlock):
-        (JSC::BumpSpace::tryReallocate):
-        (JSC::BumpSpace::tryReallocateOversize):
-        (JSC::BumpSpace::isOversize):
-        (JSC::BumpSpace::isPinned):
-        (JSC::BumpSpace::oversizeBlockFor):
-        (JSC::BumpSpace::blockFor):
-        * heap/ConservativeRoots.cpp:
-        (JSC::ConservativeRoots::ConservativeRoots):
-        (JSC::ConservativeRoots::genericAddPointer):
-        (JSC::ConservativeRoots::add):
-        * heap/ConservativeRoots.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::Heap):
-        (JSC::Heap::blockFreeingThreadMain):
-        (JSC::Heap::reportExtraMemoryCostSlowCase):
-        (JSC::Heap::getConservativeRegisterRoots):
-        (JSC::Heap::markRoots):
-        (JSC::Heap::collect):
-        (JSC::Heap::releaseFreeBlocks):
-        * heap/Heap.h:
-        (JSC::Heap::waterMark):
-        (JSC::Heap::highWaterMark):
-        (JSC::Heap::setHighWaterMark):
-        (JSC::Heap::tryAllocateStorage):
-        (JSC::Heap::tryReallocateStorage):
-        * heap/HeapBlock.h: Added.
-        (JSC::HeapBlock::HeapBlock):
-        * heap/MarkStack.cpp:
-        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
-        (JSC::SlotVisitor::drain):
-        (JSC::SlotVisitor::drainFromShared):
-        (JSC::SlotVisitor::startCopying):
-        (JSC::SlotVisitor::allocateNewSpace):
-        (JSC::SlotVisitor::copy):
-        (JSC::SlotVisitor::copyAndAppend):
-        (JSC::SlotVisitor::doneCopying):
-        * heap/MarkStack.h:
-        * heap/MarkedBlock.cpp:
-        (JSC::MarkedBlock::recycle):
-        (JSC::MarkedBlock::MarkedBlock):
-        * heap/MarkedBlock.h:
-        * heap/MarkedSpace.cpp:
-        (JSC::MarkedSpace::MarkedSpace):
-        * heap/MarkedSpace.h:
-        (JSC::MarkedSpace::allocate):
-        (JSC::MarkedSpace::forEachBlock):
-        (JSC::MarkedSpace::SizeClass::resetAllocator):
-        * heap/SlotVisitor.h:
-        (JSC::SlotVisitor::SlotVisitor):
-        * heap/TinyBloomFilter.h:
-        (JSC::TinyBloomFilter::reset):
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::JSArray):
-        (JSC::JSArray::finishCreation):
-        (JSC::JSArray::tryFinishCreationUninitialized):
-        (JSC::JSArray::~JSArray):
-        (JSC::JSArray::enterSparseMode):
-        (JSC::JSArray::defineOwnNumericProperty):
-        (JSC::JSArray::setLengthWritable):
-        (JSC::JSArray::getOwnPropertySlotByIndex):
-        (JSC::JSArray::getOwnPropertyDescriptor):
-        (JSC::JSArray::putByIndexBeyondVectorLength):
-        (JSC::JSArray::deletePropertyByIndex):
-        (JSC::JSArray::getOwnPropertyNames):
-        (JSC::JSArray::increaseVectorLength):
-        (JSC::JSArray::unshiftCountSlowCase):
-        (JSC::JSArray::setLength):
-        (JSC::JSArray::pop):
-        (JSC::JSArray::unshiftCount):
-        (JSC::JSArray::visitChildren):
-        (JSC::JSArray::sortNumeric):
-        (JSC::JSArray::sort):
-        (JSC::JSArray::compactForSorting):
-        (JSC::JSArray::subclassData):
-        (JSC::JSArray::setSubclassData):
-        (JSC::JSArray::checkConsistency):
-        * runtime/JSArray.h:
-        (JSC::JSArray::inSparseMode):
-        (JSC::JSArray::isLengthWritable):
-        * wtf/CheckedBoolean.h: Added.
-        (CheckedBoolean::CheckedBoolean):
-        (CheckedBoolean::~CheckedBoolean):
-        (CheckedBoolean::operator bool):
-        * wtf/DoublyLinkedList.h:
-        (WTF::::push):
-        * wtf/StdLibExtras.h:
-        (WTF::isPointerAligned):
-
-2012-01-31  Michael Saboff  <msaboff@apple.com>
-
-        Merged TOT revisions: 106019, 106020, 106253, 106254, 106257 & 106260.
-
-    2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-            CaseFoldingHash::hash() doesn't handle 8 bit strings directly
-            https://bugs.webkit.org/show_bug.cgi?id=76652
-
-            Reviewed by Andreas Kling.
-
-            * wtf/text/StringHash.h:
-            (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
-
-    2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-            stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
-            https://bugs.webkit.org/show_bug.cgi?id=76651
-
-            Reviewed by Geoffrey Garen.
-
-            Made local function substituteBackreferencesSlow a template function
-            based on character width.  Cleaned up getCharacters() in both UString
-            and StringImpl.  Changed getCharacters<UChar> to up convert an 8 bit
-            string to 16 bits if necessary.
-
-            * runtime/StringPrototype.cpp:
-            (JSC::substituteBackreferencesSlow):
-            (JSC::substituteBackreferences):
-            * runtime/UString.h:
-            (JSC::LChar):
-            (JSC::UChar):
-            * wtf/text/StringImpl.h:
-            (WTF::UChar):
-
-    2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-            Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
-            https://bugs.webkit.org/show_bug.cgi?id=76649
-
-            Reviewed by Geoffrey Garen.
-
-            * JavaScriptCore.exp: Added export for charactersToDouble.
-
-    2012-01-30  Michael Saboff  <msaboff@apple.com>
-
-            WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
-            https://bugs.webkit.org/show_bug.cgi?id=76648
-
-            Reviewed by Geoffrey Garen.
-
-            Added a new overloaded append member that takes a String& argument, an offest
-            and a length to do direct sub string appending to a StringBuilder.
-
-            * wtf/text/StringBuilder.h:
-            (WTF::StringBuilder::append):
-
-    2012-01-26  Michael Saboff  <msaboff@apple.com>
-
-            String::latin1() should take advantage of 8 bit strings
-            https://bugs.webkit.org/show_bug.cgi?id=76646
-
-            Reviewed by Geoffrey Garen.
-
-            * wtf/text/WTFString.cpp:
-            (WTF::String::latin1): For 8 bit strings, use existing buffer
-            without conversion.
-
-    2012-01-26  Michael Saboff  <msaboff@apple.com>
-
-            Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
-            https://bugs.webkit.org/show_bug.cgi?id=76645
-
-            Reviewed by Geoffrey Garen.
-
-            * wtf/text/StringImpl.cpp:
-            (WTF::equalIgnoringCase): New LChar version.
-            (WTF::findInner): New helper function.
-            (WTF::StringImpl::find): Added 8 bit path.
-            (WTF::reverseFindInner): New helper funciton.
-            (WTF::StringImpl::reverseFind): Added 8 bit path.
-            (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
-            * wtf/text/StringImpl.h:
-            (WTF):
-
-2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-        Failed to svn add some new files, merging ToT WebKit r106197.
-
-        * tools: Added.
-        * tools/CodeProfile.cpp: Added.
-        (JSC::symbolName):
-        (JSC::truncateTrace):
-        (JSC::CodeProfile::sample):
-        (JSC::CodeProfile::report):
-        * tools/CodeProfile.h: Added.
-        (JSC::CodeProfile::CodeProfile):
-        (JSC::CodeProfile::parent):
-        (JSC::CodeProfile::addChild):
-        (JSC::CodeProfile::CodeRecord::CodeRecord):
-        * tools/CodeProfiling.cpp: Added.
-        (JSC::setProfileTimer):
-        (JSC::profilingTimer):
-        (JSC::CodeProfiling::sample):
-        (JSC::CodeProfiling::notifyAllocator):
-        (JSC::CodeProfiling::getOwnerUIDForPC):
-        (JSC::CodeProfiling::begin):
-        (JSC::CodeProfiling::end):
-        * tools/CodeProfiling.h: Added.
-        (JSC::CodeProfiling::CodeProfiling):
-        (JSC::CodeProfiling::~CodeProfiling):
-        (JSC::CodeProfiling::enabled):
-        (JSC::CodeProfiling::beVerbose):
-        (JSC::CodeProfiling::beVeryVerbose):
-        * tools/ProfileTreeNode.h: Added.
-        (JSC::ProfileTreeNode::ProfileTreeNode):
-        (JSC::ProfileTreeNode::~ProfileTreeNode):
-        (JSC::ProfileTreeNode::sampleChild):
-        (JSC::ProfileTreeNode::dump):
-        (JSC::ProfileTreeNode::count):
-        (JSC::ProfileTreeNode::childCount):
-        (JSC::ProfileTreeNode::dumpInternal):
-        (JSC::ProfileTreeNode::compareEntries):
-        * tools/TieredMMapArray.h: Added.
-        (JSC::TieredMMapArray::TieredMMapArray):
-        (JSC::TieredMMapArray::~TieredMMapArray):
-        (JSC::TieredMMapArray::operator[]):
-        (JSC::TieredMMapArray::append):
-        (JSC::TieredMMapArray::size):
-
-2012-01-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Merged ToT WebKit r104886, r104899, r105636, r105646, r105840, r106197, r106198, r106255, r106264, r106276, r106277, r106288.
-
-    2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-            Speculative Windows build fix.
-
-            * assembler/MacroAssemblerCodeRef.h:
-            (FunctionPtr):
-
-    2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-            https://bugs.webkit.org/show_bug.cgi?id=77163
-            MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
-
-            Rubber stamped by Geoff Garen
-
-            * assembler/MacroAssemblerCodeRef.h:
-
-    2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-            Unreviewed build fix for interpreter builds.
-
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::CodeBlock):
-            * bytecode/CodeBlock.h:
-            (CodeBlock):
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::privateExecute):
-            * tools/CodeProfile.cpp:
-            (JSC::CodeProfile::sample):
-
-    2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-            Unreviewed build fix following bug#76855
-
-            * JavaScriptCore.exp:
-
-    2012-01-30  Gavin Barraclough  <barraclough@apple.com>
-
-            Clean up putDirect
-            https://bugs.webkit.org/show_bug.cgi?id=76232
-
-            Reviewed by Sam Weinig.
-
-            Part 3 - merge op_put_getter & op_put_setter.
-
-            Putting these separately is inefficient (and makes future optimiation,
-            e.g. making GetterSetter immutable) harder. Change to emit a single
-            op_put_getter_setter bytecode op. Ultimately we should probably be
-            able to merge this with put direct, to create a common op to initialize
-            object literal properties.
-
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::dump):
-            * bytecode/Opcode.h:
-            (JSC):
-            ():
-            * bytecompiler/BytecodeGenerator.cpp:
-            (JSC::BytecodeGenerator::emitPutGetterSetter):
-            * bytecompiler/BytecodeGenerator.h:
-            (BytecodeGenerator):
-            * bytecompiler/NodesCodegen.cpp:
-            (JSC::PropertyListNode::emitBytecode):
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::privateExecute):
-            * jit/JIT.cpp:
-            (JSC::JIT::privateCompileMainPass):
-            * jit/JIT.h:
-            (JIT):
-            * jit/JITPropertyAccess.cpp:
-            (JSC::JIT::emit_op_put_getter_setter):
-            * jit/JITPropertyAccess32_64.cpp:
-            (JSC::JIT::emit_op_put_getter_setter):
-            * jit/JITStubs.cpp:
-            (JSC::DEFINE_STUB_FUNCTION):
-            * jit/JITStubs.h:
-            ():
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::putDirectVirtual):
-            (JSC::JSObject::putDirectAccessor):
-            (JSC):
-            (JSC::putDescriptor):
-            (JSC::JSObject::defineOwnProperty):
-            * runtime/JSObject.h:
-            ():
-            (JSC::JSObject::putDirectInternal):
-            (JSC::JSObject::putDirect):
-            (JSC::JSObject::putDirectWithoutTransition):
-
-    2012-01-28  Gavin Barraclough  <barraclough@apple.com>
-
-            Reserve 'let'
-            https://bugs.webkit.org/show_bug.cgi?id=77293
-
-            Rubber stamped by Oliver Hunt.
-
-            'let' may become a keyword in ES6.  We're going to try experimentally reserving it,
-            to see if this breaks the web.
-
-            * parser/Keywords.table:
-
-    2012-01-27  Gavin Barraclough  <barraclough@apple.com>
-
-            Implement a JIT-code aware sampling profiler for JSC
-            https://bugs.webkit.org/show_bug.cgi?id=76855
-
-            Reviewed by Oliver Hunt.
-
-            To enable the profiler, set the JSC_CODE_PROFILING environment variable to
-            1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
-            trace all samples).
-
-            The profiler requires -fomit-frame-pointer to be removed from the build flags.
-
-            * JavaScriptCore.exp:
-                - Removed an export.
-            * JavaScriptCore.xcodeproj/project.pbxproj:
-                - Added new files
-            * bytecode/CodeBlock.cpp:
-                - For baseline codeblocks, cache the result of canCompileWithDFG.
-            * bytecode/CodeBlock.h:
-                - For baseline codeblocks, cache the result of canCompileWithDFG.
-            * jit/ExecutableAllocator.cpp:
-            (JSC::ExecutableAllocator::initializeAllocator):
-                - Notify the profiler when the allocator is created.
-            (JSC::ExecutableAllocator::allocate):
-                - Inform the allocated of the ownerUID.
-            * jit/ExecutableAllocatorFixedVMPool.cpp:
-            (JSC::ExecutableAllocator::initializeAllocator):
-                - Notify the profiler when the allocator is created.
-            (JSC::ExecutableAllocator::allocate):
-                - Inform the allocated of the ownerUID.
-            * jit/JITStubs.cpp:
-                - If profiling, don't mask the return address in JIT code.
-                  (We do so to provide nicer backtraces in debug builds).
-            * runtime/Completion.cpp:
-            (JSC::evaluate):
-                - Notify the profiler of script evaluations.
-            * tools: Added.
-            * tools/CodeProfile.cpp: Added.
-            (JSC::symbolName):
-                - Helper function to get the name of a symbol in the framework.
-            (JSC::truncateTrace):
-                - Helper to truncate traces into methods know to have uninformatively deep stacks.
-            (JSC::CodeProfile::sample):
-                - Record a stack trace classifying samples.
-            (JSC::CodeProfile::report):
-                - {Print profiler output.
-            * tools/CodeProfile.h: Added.
-                - new class, captures a set of samples associated with an evaluated script,
-                  and nested to record samples from subscripts.
-            * tools/CodeProfiling.cpp: Added.
-            (JSC::CodeProfiling::profilingTimer):
-                - callback fired then a timer event occurs.
-            (JSC::CodeProfiling::notifyAllocator):
-                - called when the executable allocator is constructed.
-            (JSC::CodeProfiling::getOwnerUIDForPC):
-                - helper to lookup the codeblock from an address in JIT code
-            (JSC::CodeProfiling::begin):
-                - enter a profiling scope.
-            (JSC::CodeProfiling::end):
-                - exit a profiling scope.
-            * tools/CodeProfiling.h: Added.
-                - new class, instantialed from Completion to define a profiling scope.
-            * tools/ProfileTreeNode.h: Added.
-                - new class, used to construct a tree of samples.
-            * tools/TieredMMapArray.h: Added.
-                - new class, a malloc-free vector (can be used while the main thread is suspended,
-                  possibly holding the malloc heap lock).
-            * wtf/MetaAllocator.cpp:
-            (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
-            (WTF::MetaAllocator::allocate):
-                - Allow allocation handles to track information about their owner.
-            * wtf/MetaAllocator.h:
-            (MetaAllocator):
-                - Allow allocation handles to track information about their owner.
-            * wtf/MetaAllocatorHandle.h:
-            (MetaAllocatorHandle):
-            (WTF::MetaAllocatorHandle::ownerUID):
-                - Allow allocation handles to track information about their owner.
-            * wtf/OSAllocator.h:
-            (WTF::OSAllocator::reallocateCommitted):
-                - reallocate an existing, committed memory allocation.
-
-    2012-01-24  Gavin Barraclough  <barraclough@apple.com>
-    
-            https://bugs.webkit.org/show_bug.cgi?id=76855
-            Implement a JIT-code aware sampling profiler for JSC
-    
-            Reviewed by Oliver Hunt.
-    
-            Add support to MetaAllocator.cpp to track all live handles in a map,
-            allowing lookup based on any address within the allocation.
-    
-            * wtf/MetaAllocator.cpp:
-            (WTF::MetaAllocatorTracker::notify):
-            (WTF::MetaAllocatorTracker::release):
-                - Track live handle objects in a map.
-            (WTF::MetaAllocator::release):
-                - Removed support for handles with null m_allocator (no longer used).
-                - Notify the tracker of handles being released.
-            (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
-                - Moved functionality out into MetaAllocator::release.
-            (WTF::MetaAllocatorHandle::shrink):
-                - Removed support for handles with null m_allocator (no longer used).
-            (WTF::MetaAllocator::MetaAllocator):
-                - Initialize m_tracker.
-            (WTF::MetaAllocator::allocate):
-                - Notify the tracker of new allocations.
-            * wtf/MetaAllocator.h:
-            (WTF::MetaAllocatorTracker::find):
-                - Lookup a MetaAllocatorHandle based on an address inside the allocation.
-            (WTF::MetaAllocator::trackAllocations):
-                - Register a callback object to track allocation state.
-            * wtf/MetaAllocatorHandle.h:
-                - Remove unused createSelfManagedHandle/constructor.
-            (WTF::MetaAllocatorHandle::key):
-                - Added, for use in RedBlackTree.
-    
-    2012-01-23  Gavin Barraclough  <barraclough@apple.com>
-
-            https://bugs.webkit.org/show_bug.cgi?id=76855
-            Implement a JIT-code aware sampling profiler for JSC
-
-            Reviewed by Geoff Garen.
-
-            Step 2: generalize RedBlackTree. The profiler is going to want tio use
-            a RedBlackTree, allow this class to work with subclasses of
-            RedBlackTree::Node, Node should not need to know the names of the m_key
-            and m_value fields (the subclass can provide a key() accessor), and
-            RedBlackTree does not need to know anything about ValueType.
-
-            * JavaScriptCore.exp:
-            * wtf/MetaAllocator.cpp:
-            (WTF::MetaAllocator::findAndRemoveFreeSpace):
-            (WTF::MetaAllocator::debugFreeSpaceSize):
-            (WTF::MetaAllocator::addFreeSpace):
-            * wtf/MetaAllocator.h:
-            (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
-            (WTF::MetaAllocator::FreeSpaceNode::key):
-            * wtf/MetaAllocatorHandle.h:
-            (WTF::MetaAllocatorHandle::key):
-            * wtf/RedBlackTree.h:
-            (WTF::RedBlackTree::Node::successor):
-            (WTF::RedBlackTree::Node::predecessor):
-            (WTF::RedBlackTree::Node::parent):
-            (WTF::RedBlackTree::Node::setParent):
-            (WTF::RedBlackTree::Node::left):
-            (WTF::RedBlackTree::Node::setLeft):
-            (WTF::RedBlackTree::Node::right):
-            (WTF::RedBlackTree::Node::setRight):
-            (WTF::RedBlackTree::insert):
-            (WTF::RedBlackTree::remove):
-            (WTF::RedBlackTree::findExact):
-            (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
-            (WTF::RedBlackTree::findGreatestLessThanOrEqual):
-            (WTF::RedBlackTree::first):
-            (WTF::RedBlackTree::last):
-            (WTF::RedBlackTree::size):
-            (WTF::RedBlackTree::treeMinimum):
-            (WTF::RedBlackTree::treeMaximum):
-            (WTF::RedBlackTree::treeInsert):
-            (WTF::RedBlackTree::leftRotate):
-            (WTF::RedBlackTree::rightRotate):
-            (WTF::RedBlackTree::removeFixup):
-
-    2012-01-23  Gavin Barraclough  <barraclough@apple.com>
-
-            Implement a JIT-code aware sampling profiler for JSC
-            https://bugs.webkit.org/show_bug.cgi?id=76855
-
-            Rubber stanmped by Geoff Garen.
-
-            Mechanical change - pass CodeBlock through to the executable allocator,
-            such that we will be able to map ranges of JIT code back to their owner.
-
-            * assembler/ARMAssembler.cpp:
-            (JSC::ARMAssembler::executableCopy):
-            * assembler/ARMAssembler.h:
-            * assembler/AssemblerBuffer.h:
-            (JSC::AssemblerBuffer::executableCopy):
-            * assembler/AssemblerBufferWithConstantPool.h:
-            (JSC::AssemblerBufferWithConstantPool::executableCopy):
-            * assembler/LinkBuffer.h:
-            (JSC::LinkBuffer::LinkBuffer):
-            (JSC::LinkBuffer::linkCode):
-            * assembler/MIPSAssembler.h:
-            (JSC::MIPSAssembler::executableCopy):
-            * assembler/SH4Assembler.h:
-            (JSC::SH4Assembler::executableCopy):
-            * assembler/X86Assembler.h:
-            (JSC::X86Assembler::executableCopy):
-            (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-            * dfg/DFGJITCompiler.cpp:
-            (JSC::DFG::JITCompiler::compile):
-            (JSC::DFG::JITCompiler::compileFunction):
-            * dfg/DFGOSRExitCompiler.cpp:
-            * dfg/DFGRepatch.cpp:
-            (JSC::DFG::generateProtoChainAccessStub):
-            (JSC::DFG::tryCacheGetByID):
-            (JSC::DFG::tryBuildGetByIDList):
-            (JSC::DFG::tryCachePutByID):
-            * dfg/DFGThunks.cpp:
-            (JSC::DFG::osrExitGenerationThunkGenerator):
-            * jit/ExecutableAllocator.cpp:
-            (JSC::ExecutableAllocator::allocate):
-            * jit/ExecutableAllocator.h:
-            * jit/ExecutableAllocatorFixedVMPool.cpp:
-            (JSC::ExecutableAllocator::allocate):
-            * jit/JIT.cpp:
-            (JSC::JIT::privateCompile):
-            * jit/JITOpcodes.cpp:
-            (JSC::JIT::privateCompileCTIMachineTrampolines):
-            * jit/JITOpcodes32_64.cpp:
-            (JSC::JIT::privateCompileCTIMachineTrampolines):
-            (JSC::JIT::privateCompileCTINativeCall):
-            * jit/JITPropertyAccess.cpp:
-            (JSC::JIT::stringGetByValStubGenerator):
-            (JSC::JIT::privateCompilePutByIdTransition):
-            (JSC::JIT::privateCompilePatchGetArrayLength):
-            (JSC::JIT::privateCompileGetByIdProto):
-            (JSC::JIT::privateCompileGetByIdSelfList):
-            (JSC::JIT::privateCompileGetByIdProtoList):
-            (JSC::JIT::privateCompileGetByIdChainList):
-            (JSC::JIT::privateCompileGetByIdChain):
-            * jit/JITPropertyAccess32_64.cpp:
-            (JSC::JIT::stringGetByValStubGenerator):
-            (JSC::JIT::privateCompilePutByIdTransition):
-            (JSC::JIT::privateCompilePatchGetArrayLength):
-            (JSC::JIT::privateCompileGetByIdProto):
-            (JSC::JIT::privateCompileGetByIdSelfList):
-            (JSC::JIT::privateCompileGetByIdProtoList):
-            (JSC::JIT::privateCompileGetByIdChainList):
-            (JSC::JIT::privateCompileGetByIdChain):
-            * jit/JITStubs.cpp:
-            * jit/SpecializedThunkJIT.h:
-            (JSC::SpecializedThunkJIT::finalize):
-            * yarr/YarrJIT.cpp:
-            (JSC::Yarr::YarrGenerator::compile):
-
-    2012-01-12  Gavin Barraclough  <barraclough@apple.com>
-
-            Clean up putDirect (part 2)
-            https://bugs.webkit.org/show_bug.cgi?id=76232
-
-            Reviewed by Sam Weinig.
-
-            Rename putWithAttributes to putDirectVirtual, to identify that this
-            has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
-            to be templated on an enum indicating which behaviour it is supposed to be
-            implementing, and change clients that are defining properties to call
-            putDirectInternal correctly.
-
-            * API/JSObjectRef.cpp:
-            (JSObjectSetProperty):
-            * JavaScriptCore.exp:
-            * debugger/DebuggerActivation.cpp:
-            (JSC::DebuggerActivation::putDirectVirtual):
-            * debugger/DebuggerActivation.h:
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::execute):
-            * runtime/ClassInfo.h:
-            * runtime/Error.cpp:
-            (JSC::addErrorInfo):
-            * runtime/JSActivation.cpp:
-            (JSC::JSActivation::putDirectVirtual):
-            * runtime/JSActivation.h:
-            * runtime/JSCell.cpp:
-            (JSC::JSCell::putDirectVirtual):
-            * runtime/JSCell.h:
-            * runtime/JSGlobalObject.cpp:
-            (JSC::JSGlobalObject::putDirectVirtual):
-            * runtime/JSGlobalObject.h:
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::put):
-            (JSC::JSObject::putDirectVirtual):
-            (JSC::JSObject::defineGetter):
-            (JSC::JSObject::initializeGetterSetterProperty):
-            (JSC::JSObject::defineSetter):
-            (JSC::putDescriptor):
-            * runtime/JSObject.h:
-            (JSC::JSObject::putDirectInternal):
-            (JSC::JSObject::putOwnDataProperty):
-            (JSC::JSObject::putDirect):
-            * runtime/JSStaticScopeObject.cpp:
-            (JSC::JSStaticScopeObject::putDirectVirtual):
-            * runtime/JSStaticScopeObject.h:
-            * runtime/JSVariableObject.cpp:
-            (JSC::JSVariableObject::putDirectVirtual):
-            * runtime/JSVariableObject.h:
-
-    2012-01-12  Gavin Barraclough  <barraclough@apple.com>
-
-            Clean up putDirect (part 1)
-            https://bugs.webkit.org/show_bug.cgi?id=76232
-
-            Reviewed by Sam Weinig.
-
-            putDirect has ambiguous semantics, clean these up a bit.
-
-            putDirect generally behaves a bit like a fast defineOwnProperty, but one that
-            always creates the property, with no checking to validate the put it permitted.
-
-            It also encompasses two slightly different behaviors.
-            (1) a fast form of put for JSActivation, which doesn't have to handle searching
-                the prototype chain, getter/setter properties, or the magic __proto__ value.
-                Break this out as a new method, 'putOwnDataProperty'.
-            (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
-                values, in strict mode. This is, however, not so smart on a few level, since
-                it is only called from op_put_by_id with direct set, which is only used with
-                an object as the base, and is only used to put new properties onto objects.
-
-            * dfg/DFGOperations.cpp:
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::privateExecute):
-            * jit/JITStubs.cpp:
-            (JSC::DEFINE_STUB_FUNCTION):
-            * runtime/JSActivation.cpp:
-            (JSC::JSActivation::put):
-            * runtime/JSFunction.cpp:
-            (JSC::JSFunction::getOwnPropertySlot):
-            * runtime/JSObject.h:
-            (JSC::JSObject::putOwnDataProperty):
-            * runtime/JSValue.h:
-
-2012-01-26  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged TOT revisions: 105698; 105702; 105703; 105713; 105811.
-
-    2012-01-24  Geoffrey Garen  <ggaren@apple.com>
-
-            JSValue::toString() should return a JSString* instead of a UString
-            https://bugs.webkit.org/show_bug.cgi?id=76861
-
-            Fixed two failing layout tests after my last patch.
-
-            Reviewed by Gavin Barraclough.
-
-            * runtime/ArrayPrototype.cpp:
-            (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
-            in all other cases.
-            
-            I missed this case because the JSString* type has a valid operator<,
-            so the compiler didn't complain.
-
-    2012-01-24  Ilya Tikhonovsky  <loislo@chromium.org>
-
-            Unreviewed build fix for Qt LinuxSH4 build after r105698.
-
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::privateExecute):
-
-    2012-01-23  Geoffrey Garen  <ggaren@apple.com>
-
-            JSValue::toString() should return a JSString* instead of a UString
-            https://bugs.webkit.org/show_bug.cgi?id=76861
-
-            Reviewed by Gavin Barraclough.
-            
-            This makes the common case -- toString() on a string -- faster and
-            inline-able. (Not a measureable speedup, but we can now remove a bunch
-            of duplicate hand-rolled code for this optimization.)
-            
-            This also clarifies the boundary between "C++ strings" and "JS strings".
-            
-            In all cases other than true, false, null, undefined, and multi-digit
-            numbers, the JS runtime was just retrieving a UString from a JSString,
-            so returning a JSString* is strictly better. In the other cases, we can
-            optimize to avoid creating a new JSString if we care to, but it doesn't
-            seem to be a big deal.
-
-            * JavaScriptCore.exp: Export!
-            
-            * jsc.cpp:
-            (functionPrint):
-            (functionDebug):
-            (functionRun):
-            (functionLoad):
-            (functionCheckSyntax):
-            (runWithScripts):
-            (runInteractive):
-            * API/JSValueRef.cpp:
-            (JSValueToStringCopy):
-            * bytecode/CodeBlock.cpp:
-            (JSC::valueToSourceString): Call value() after calling toString(), to
-            convert from "JS string" (JSString*) to "C++ string" (UString), since
-            toString() no longer returns a "C++ string".
-
-            * dfg/DFGOperations.cpp:
-            (JSC::DFG::operationValueAddNotNumber):
-            * jit/JITStubs.cpp:
-            (op_add): Updated for removal of toPrimitiveString():
-            all '+' operands can use toString(), except for object operands, which
-            need to take a slow path to call toPrimitive().
-
-            * runtime/ArrayPrototype.cpp:
-            (JSC::arrayProtoFuncToString):
-            (JSC::arrayProtoFuncToLocaleString):
-            (JSC::arrayProtoFuncJoin):
-            (JSC::arrayProtoFuncPush):
-            * runtime/CommonSlowPaths.h:
-            (JSC::CommonSlowPaths::opIn):
-            * runtime/DateConstructor.cpp:
-            (JSC::dateParse):
-            * runtime/DatePrototype.cpp:
-            (JSC::formatLocaleDate): Call value() after calling toString(), as above.
-
-            * runtime/ErrorInstance.h:
-            (JSC::ErrorInstance::create): Simplified down to one canonical create()
-            function, to make string handling easier.
-
-            * runtime/ErrorPrototype.cpp:
-            (JSC::errorProtoFuncToString):
-            * runtime/ExceptionHelpers.cpp:
-            (JSC::createInvalidParamError):
-            (JSC::createNotAConstructorError):
-            (JSC::createNotAFunctionError):
-            (JSC::createNotAnObjectError):
-            * runtime/FunctionConstructor.cpp:
-            (JSC::constructFunctionSkippingEvalEnabledCheck):
-            * runtime/FunctionPrototype.cpp:
-            (JSC::functionProtoFuncBind):
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::sort): Call value() after calling toString(), as above.
-
-            * runtime/JSCell.cpp:
-            * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
-            job now. Doing it in JSCell is slower (requires extra type checking), and
-            creates the misimpression that language-defined toString() behavior is
-            an implementation detail of JSCell.
-            
-            * runtime/JSGlobalObjectFunctions.cpp:
-            (JSC::encode):
-            (JSC::decode):
-            (JSC::globalFuncEval):
-            (JSC::globalFuncParseInt):
-            (JSC::globalFuncParseFloat):
-            (JSC::globalFuncEscape):
-            (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
-
-            * runtime/JSONObject.cpp:
-            (JSC::unwrapBoxedPrimitive):
-            (JSC::Stringifier::Stringifier):
-            (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
-            takes care of.
-
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::toString):
-            * runtime/JSObject.h: Updated to return JSString*.
-
-            * runtime/JSString.cpp:
-            * runtime/JSString.h:
-            (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
-
-            * runtime/JSValue.cpp:
-            (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
-            spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
-            basically did what we want all the time. (Note that the toPrimitive()
-            preference changes from NoPreference to PreferString, because that's
-            how ToString is defined in the language. op_add does not want this behavior.)
-
-            * runtime/NumberPrototype.cpp:
-            (JSC::numberProtoFuncToString):
-            (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
-            returns a JSString*.
-
-            * runtime/ObjectConstructor.cpp:
-            (JSC::objectConstructorGetOwnPropertyDescriptor):
-            (JSC::objectConstructorDefineProperty):
-            * runtime/ObjectPrototype.cpp:
-            (JSC::objectProtoFuncHasOwnProperty):
-            (JSC::objectProtoFuncDefineGetter):
-            (JSC::objectProtoFuncDefineSetter):
-            (JSC::objectProtoFuncLookupGetter):
-            (JSC::objectProtoFuncLookupSetter):
-            (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
-
-            * runtime/Operations.cpp:
-            (JSC::jsAddSlowCase): Need to check for object before taking the toString()
-            fast path becuase adding an object to a string requires calling toPrimitive()
-            on the object, not toString(). (They differ in their preferred conversion
-            type.)
-
-            * runtime/Operations.h:
-            (JSC::jsString):
-            (JSC::jsStringFromArguments): This code gets simpler, now that toString()
-            does the right thing.
-
-            (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
-
-            * runtime/RegExpConstructor.cpp:
-            (JSC::setRegExpConstructorInput):
-            (JSC::constructRegExp):
-            * runtime/RegExpObject.cpp:
-            (JSC::RegExpObject::match):
-            * runtime/RegExpPrototype.cpp:
-            (JSC::regExpProtoFuncCompile):
-            (JSC::regExpProtoFuncToString): More calls to value(), as above.
-
-            * runtime/StringConstructor.cpp:
-            (JSC::constructWithStringConstructor):
-            (JSC::callStringConstructor): This code gets simpler, now that toString()
-            does the right thing.
-
-            * runtime/StringPrototype.cpp:
-            (JSC::replaceUsingRegExpSearch):
-            (JSC::replaceUsingStringSearch):
-            (JSC::stringProtoFuncReplace):
-            (JSC::stringProtoFuncCharAt):
-            (JSC::stringProtoFuncCharCodeAt):
-            (JSC::stringProtoFuncConcat):
-            (JSC::stringProtoFuncIndexOf):
-            (JSC::stringProtoFuncLastIndexOf):
-            (JSC::stringProtoFuncMatch):
-            (JSC::stringProtoFuncSearch):
-            (JSC::stringProtoFuncSlice):
-            (JSC::stringProtoFuncSplit):
-            (JSC::stringProtoFuncSubstr):
-            (JSC::stringProtoFuncSubstring):
-            (JSC::stringProtoFuncToLowerCase):
-            (JSC::stringProtoFuncToUpperCase):
-            (JSC::stringProtoFuncLocaleCompare):
-            (JSC::stringProtoFuncBig):
-            (JSC::stringProtoFuncSmall):
-            (JSC::stringProtoFuncBlink):
-            (JSC::stringProtoFuncBold):
-            (JSC::stringProtoFuncFixed):
-            (JSC::stringProtoFuncItalics):
-            (JSC::stringProtoFuncStrike):
-            (JSC::stringProtoFuncSub):
-            (JSC::stringProtoFuncSup):
-            (JSC::stringProtoFuncFontcolor):
-            (JSC::stringProtoFuncFontsize):
-            (JSC::stringProtoFuncAnchor):
-            (JSC::stringProtoFuncLink):
-            (JSC::trimString): Some of this code gets simpler, now that toString()
-            does the right thing. More calls to value(), as above.
-
-2012-01-24  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/10092396> TLF: Safari should not jetsam across the top 1M sites (Memory pressure logging)
-
-        Merged ToT r104125.
-
-    2012-01-24  Mark Rowe  <mrowe@apple.com>
-
-            <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
-
-            We should always log to both ASL and stderr on platforms where this won't result in launchd
-            duplicating the messages.
-
-            Reviewed by Dan Bernstein.
-
-            * wtf/Assertions.cpp:
-            (vprintf_stderr_common):
-
-2012-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged TOT revision 105539.
-
-    2012-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-            Removed some regexp entry boilerplate code
-            https://bugs.webkit.org/show_bug.cgi?id=76687
-
-            Reviewed by Darin Adler.
-            
-            1% - 2% speedup on regexp tests, no change overall.
-
-            * runtime/RegExp.cpp:
-            (JSC::RegExp::match):
-                - ASSERT that our startIndex is non-negative, because anything less
-                would be uncivilized.
-                
-                - ASSERT that our input is not the null string for the same reason.
-
-                - No need to test for startOffset being past the end of the string,
-                since the regular expression engine will do this test for us.
-
-                - No need to initialize the output vector, since the regular expression
-                engine will fill it in for us.
-
-            * yarr/YarrInterpreter.cpp:
-            (JSC::Yarr::Interpreter::interpret):
-            * yarr/YarrJIT.cpp:
-            (JSC::Yarr::YarrGenerator::compile):
-            
-                RegExp used to do these jobs for us, but now we do them for ourselves
-                because it's a better separation of concerns, and the JIT can do them
-                more efficiently than C++ code:
-
-                - Test for "past the end" before doing any matching -- otherwise
-                a* will match with zero length past the end of the string, which is wrong.
-
-                - Initialize the output vector before doing any matching.
-
-2012-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged TOT revision 105444.
-
-    2012-01-19  Geoffrey Garen  <ggaren@apple.com>
-
-            Implicit creation of a regular expression should eagerly check for syntax errors
-            https://bugs.webkit.org/show_bug.cgi?id=76642
-
-            Reviewed by Oliver Hunt.
-            
-            This is a correctness fix and a slight optimization.
-
-            * runtime/StringPrototype.cpp:
-            (JSC::stringProtoFuncMatch):
-            (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
-            correct behavior.
-
-            * runtime/RegExp.cpp:
-            (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
-            of code change, many lines of indentation change.)
-
-            Since we have no clients that try to match a RegExp that is a syntax error,
-            let's optimize out the check.
-
-2012-01-17  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged TOT revision 105223.
-
-    2012-01-17  Geoffrey Garen  <ggaren@apple.com>
-
-            Factored out some code into a helper function.
-            
-            I think this might help getting rid of omit-frame-pointer.
-
-            Reviewed by Sam Weinig.
-            
-            No benchmark change.
-
-            * runtime/StringPrototype.cpp:
-            (JSC::removeUsingRegExpSearch): Moved to here...
-            (JSC::replaceUsingRegExpSearch): ...from here.
-
-2012-01-12  Gavin Barraclough  <barraclough@apple.com>
-
-        Merged ToT revisions 104602, 104604, 104611, 104620, 104777, 104784, 104836, 104871.
-
-    2012-01-12  Gavin Barraclough  <barraclough@apple.com>
-    
-            https://bugs.webkit.org/show_bug.cgi?id=76141
-            defineSetter/defineGetter may fail to update Accessor attribute
-    
-            Reviewed by Oliver Hunt.
-    
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::defineGetter):
-            (JSC::JSObject::initializeGetterSetterProperty):
-            (JSC::JSObject::defineSetter):
-            * runtime/Structure.cpp:
-            (JSC::Structure::attributeChangeTransition):
-            * runtime/Structure.h:
-    
-    2012-01-11  Gavin Barraclough  <barraclough@apple.com>
-    
-            Allow accessor get/set property to be set to undefined
-            https://bugs.webkit.org/show_bug.cgi?id=76148
-    
-            Reviewed by Oliver Hunt.
-    
-            AccessorDescriptor properties may have their get & set properties defined to reference a function
-            (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
-            (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
-            three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).
-    
-            On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
-            any JSObject* (with a constraint that this must be callable).
-    
-            Logically the get/set property of an accessor descriptor on an object might be in any of the three
-            states above, but in practice there is no way to distinguish between the first two states. As such
-            we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
-            undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.
-    
-            * runtime/GetterSetter.h:
-            (JSC::GetterSetter::setGetter):
-            (JSC::GetterSetter::setSetter):
-                - Allow the getter/setter to be cleared.
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::putDescriptor):
-                - Changed to call getterObject/setterObject.
-            (JSC::JSArray::defineOwnNumericProperty):
-                - Added ASSERT.
-            * runtime/JSObject.cpp:
-            (JSC::putDescriptor):
-            (JSC::JSObject::defineOwnProperty):
-                - Changed to call getterObject/setterObject.
-            * runtime/ObjectConstructor.cpp:
-            (JSC::objectConstructorGetOwnPropertyDescriptor):
-                - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
-            (JSC::toPropertyDescriptor):
-                - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
-            * runtime/PropertyDescriptor.cpp:
-            (JSC::PropertyDescriptor::getterObject):
-            (JSC::PropertyDescriptor::setterObject):
-                - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
-            (JSC::PropertyDescriptor::setDescriptor):
-            (JSC::PropertyDescriptor::setAccessorDescriptor):
-                - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
-            * runtime/PropertyDescriptor.h:
-                - Declare getterObject/setterObject.
-    
-    2012-01-11  Gavin Barraclough  <barraclough@apple.com>
-    
-            Merge 'Getter'/'Setter' attributes into 'Accessor'
-            https://bugs.webkit.org/show_bug.cgi?id=76141
-    
-            Reviewed by Filip Pizlo.
-    
-            These are currently ambiguous (and used inconsistently). It would logically appear
-            that either being bit set implies that the corresponding type of accessor is present
-            but (a) we don't correctly enforce this, and (b) this means the attributes would not
-            be able to distinguish between a data descriptor and an accessor descriptor with
-            neither a getter nor setter defined (which is a descriptor permissible under the spec).
-            This ambiguity would lead to unsafe property caching behavior (though this does not
-            represent an actual current bug, since we are currently unable to create descriptors
-            that have neither a getter nor setter, it just prevents us from doing so).
-    
-            * runtime/Arguments.cpp:
-            (JSC::Arguments::createStrictModeCallerIfNecessary):
-            (JSC::Arguments::createStrictModeCalleeIfNecessary):
-            * runtime/JSArray.cpp:
-            (JSC::SparseArrayValueMap::put):
-            (JSC::JSArray::putDescriptor):
-            * runtime/JSBoundFunction.cpp:
-            (JSC::JSBoundFunction::finishCreation):
-            * runtime/JSFunction.cpp:
-            (JSC::JSFunction::getOwnPropertySlot):
-            (JSC::JSFunction::getOwnPropertyDescriptor):
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::defineGetter):
-            (JSC::JSObject::initializeGetterSetterProperty):
-            (JSC::JSObject::defineSetter):
-            (JSC::putDescriptor):
-            (JSC::JSObject::defineOwnProperty):
-            * runtime/JSObject.h:
-            * runtime/ObjectConstructor.cpp:
-            (JSC::objectConstructorDefineProperty):
-            * runtime/PropertyDescriptor.cpp:
-            (JSC::PropertyDescriptor::setDescriptor):
-            (JSC::PropertyDescriptor::setAccessorDescriptor):
-            (JSC::PropertyDescriptor::setSetter):
-            (JSC::PropertyDescriptor::setGetter):
-            (JSC::PropertyDescriptor::attributesOverridingCurrent):
-    
-    2012-01-11  Gavin Barraclough  <barraclough@apple.com>
-    
-            Object.defineProperty([], 'length', {}) should not make length read-only
-            https://bugs.webkit.org/show_bug.cgi?id=76097
-    
-            Reviewed by Oliver Hunt.
-    
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::defineOwnProperty):
-                - We should be checking writablePresent().
-    
-    2012-01-10  Gavin Barraclough  <barraclough@apple.com>
-    
-            Windows build fix.
-    
-            * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-    
-    2012-01-10  Gavin Barraclough  <barraclough@apple.com>
-    
-            Use SameValue to compare property descriptor values
-            https://bugs.webkit.org/show_bug.cgi?id=75975
-    
-            Reviewed by Sam Weinig.
-    
-            Rather than strictEqual.
-    
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::defineOwnNumericProperty):
-                - Missing configurablePresent() check.
-            * runtime/JSObject.cpp:
-            (JSC::JSObject::defineOwnProperty):
-                - call sameValue.
-            * runtime/PropertyDescriptor.cpp:
-            (JSC::sameValue):
-                - Moved from JSArray.cpp, fix NaN comparison.
-            (JSC::PropertyDescriptor::equalTo):
-                - call sameValue.
-            * runtime/PropertyDescriptor.h:
-                - Added declaration for sameValue.
-    2011-12-26  Gavin Barraclough  <barraclough@apple.com>
-
-            Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935
-
-            Fix 32-bit builds.
-
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::getOwnPropertyNames):
-            (JSC::JSArray::setLength):
-
-    2012-01-10  Gavin Barraclough  <barraclough@apple.com>
-  
-            Do not allow Array length to be set if it is non-configurable
-            https://bugs.webkit.org/show_bug.cgi?id=75935
-    
-            Reviewed by Sam Weinig.
-    
-            Do not allow Array length to be set if it is non-configurable, and if the new
-            length is less than the old length then intervening properties should removed
-            in reverse order. Removal of properties should cease if an intervening indexed
-            property being removed is non-configurable.
-    
-            * JavaScriptCore.exp:
-                - Removed export for setLength.
-            * runtime/ArrayPrototype.cpp:
-            (JSC::arrayProtoFuncConcat):
-                - JSArray::setLength now takes an ExecState*
-            (JSC::arrayProtoFuncSlice):
-                - JSArray::setLength now takes an ExecState*
-            * runtime/JSArray.cpp:
-            (JSC::JSArray::defineOwnProperty):
-                - JSArray::setLength now takes an ExecState*
-            (JSC::JSArray::put):
-                - JSArray::setLength now takes an ExecState*
-            (JSC::compareKeysForQSort):
-                - Keys extracted from the map can be stored as unsigneds.
-            (JSC::JSArray::getOwnPropertyNames):
-                - Keys extracted from the map can be stored as unsigneds.
-            (JSC::JSArray::setLength):
-                - Check lengthIsReadOnly(), rather than copying the entire map to iterate
-                  over to determine which keys to remove, instead just copy the keys from
-                  the map to a Vector. When inSparseMode sort the keys in the Vector so
-                  that we can remove properties in reverse order.
-            * runtime/JSArray.h:
-                - JSArray::setLength now takes an ExecState*
-    
-2012-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged TOT revision 104770.
-
-    2012-01-11  Geoffrey Garen  <ggaren@apple.com>
-
-            Bytecode dumping is broken for call opcodes (due to two new operands)
-            https://bugs.webkit.org/show_bug.cgi?id=75886
-
-            Reviewed by Oliver Hunt.
-
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
-            to fix this more than once. The helper function skips the extra two operands
-            at the end of the opcode, used for optimization.
-            
-            (JSC::CodeBlock::dump): Used the helper function.
-
-2012-01-09  Geoffrey Garen  <ggaren@apple.com>
-
-        Merged TOT revision 104762.
-
-    2012-01-09  Geoffrey Garen  <ggaren@apple.com>
-
-            REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
-            https://bugs.webkit.org/show_bug.cgi?id=75911
-
-            * bytecompiler/BytecodeGenerator.h:
-            (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
-            explicitly cast to our return type in C++.
-
-            * bytecompiler/NodesCodegen.cpp:
-            (JSC::FunctionCallResolveNode::emitBytecode):
-            (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
-            into a temporary register before evaluating our arguments, since argument
-            evaluation might include function calls or assignments that overwrite our callee by name.
-
-2012-01-11  Michael Saboff  <msaboff@apple.com>
-
-        Merged ToT revision 104751
-
-    2012-01-11  Michael Saboff  <msaboff@apple.com>
-
-            v8-regexp spends 35% of its time allocating and copying internal regexp results data
-            https://bugs.webkit.org/show_bug.cgi?id=76079
-
-            Reviewed by Geoffrey Garen.
-
-            Added a new RegExpResults struct that has the input string, the number of
-            subexpressions and the output vector.  Changed RegExpConstructor to
-            include a RegExpConstructorPrivate instead of having a reference to one.
-            Changed RegExpMatchesArray to include a RegExpResults instead of a
-            reference to a RegExpConstructorPrivate.  Created an overloaded assignment
-            operator to assign a RegExpConstructorPrivate to a RegExpResults.
-            Collectively this change is worth 24% performance improvement to v8-regexp.
-
-            * runtime/RegExpConstructor.cpp:
-            (JSC::RegExpResult::operator=):
-            (JSC::RegExpConstructor::RegExpConstructor):
-            (JSC::RegExpMatchesArray::RegExpMatchesArray):
-            (JSC::RegExpMatchesArray::finishCreation):
-            (JSC::RegExpMatchesArray::~RegExpMatchesArray):
-            (JSC::RegExpMatchesArray::fillArrayInstance):
-            (JSC::RegExpConstructor::arrayOfMatches):
-            (JSC::RegExpConstructor::getBackref):
-            (JSC::RegExpConstructor::getLastParen):
-            (JSC::RegExpConstructor::getLeftContext):
-            (JSC::RegExpConstructor::getRightContext):
-            (JSC::RegExpConstructor::setInput):
-            (JSC::RegExpConstructor::input):
-            (JSC::RegExpConstructor::setMultiline):
-            (JSC::RegExpConstructor::multiline):
-            * runtime/RegExpConstructor.h:
-            (JSC::RegExpResult::RegExpResult):
-            (JSC::RegExpConstructor::performMatch):
-            * runtime/RegExpMatchesArray.h:
-            (JSC::RegExpMatchesArray::create):
-            (JSC::RegExpMatchesArray::getOwnPropertySlot):
-            (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
-            (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
-            (JSC::RegExpMatchesArray::put):
-            (JSC::RegExpMatchesArray::putByIndex):
-            (JSC::RegExpMatchesArray::deleteProperty):
-            (JSC::RegExpMatchesArray::deletePropertyByIndex):
-            (JSC::RegExpMatchesArray::getOwnPropertyNames):
-
-2012-01-10  Filip Pizlo  <fpizlo@apple.com>
-        
-        Merged ToT revision r103023.
-
-    2011-12-15  Filip Pizlo  <fpizlo@apple.com>
-    
-            Value profiling should distinguished between NaN and non-NaN doubles
-            https://bugs.webkit.org/show_bug.cgi?id=74682
-    
-            Reviewed by Gavin Barraclough.
-            
-            Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
-            of the two.
-    
-            * bytecode/PredictedType.cpp:
-            (JSC::predictionToString):
-            (JSC::predictionFromValue):
-            * bytecode/PredictedType.h:
-            (JSC::isDoubleRealPrediction):
-            (JSC::isDoublePrediction):
-    
-2012-01-10  Filip Pizlo  <fpizlo@apple.com>
-        
-        Merged ToT revision r104630.
-
-    2012-01-10  Filip Pizlo  <fpizlo@apple.com>
-    
-            CodeBlock::m_numParameters should be encapsulated
-            https://bugs.webkit.org/show_bug.cgi?id=75985
-            <rdar://problem/10671020>
-    
-            Reviewed by Oliver Hunt.
-            
-            Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
-            into it.  This appears to be performance neutral.
-    
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::CodeBlock):
-            (JSC::CodeBlock::setNumParameters):
-            (JSC::CodeBlock::addParameter):
-            * bytecode/CodeBlock.h:
-            (JSC::CodeBlock::numParameters):
-            (JSC::CodeBlock::addressOfNumParameters):
-            (JSC::CodeBlock::offsetOfNumParameters):
-            (JSC::CodeBlock::numberOfArgumentValueProfiles):
-            * bytecompiler/BytecodeGenerator.cpp:
-            (JSC::BytecodeGenerator::BytecodeGenerator):
-            (JSC::BytecodeGenerator::addParameter):
-            (JSC::BytecodeGenerator::emitReturn):
-            * dfg/DFGAbstractState.cpp:
-            (JSC::DFG::AbstractState::AbstractState):
-            * dfg/DFGByteCodeParser.cpp:
-            (JSC::DFG::ByteCodeParser::ByteCodeParser):
-            (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
-            * dfg/DFGGraph.cpp:
-            (JSC::DFG::Graph::predictArgumentTypes):
-            * dfg/DFGJITCompiler.cpp:
-            (JSC::DFG::JITCompiler::compileFunction):
-            * dfg/DFGOperations.cpp:
-            * dfg/DFGSpeculativeJIT.cpp:
-            (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
-            * dfg/DFGSpeculativeJIT.h:
-            (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::slideRegisterWindowForCall):
-            (JSC::Interpreter::dumpRegisters):
-            (JSC::Interpreter::execute):
-            (JSC::Interpreter::prepareForRepeatCall):
-            * jit/JIT.cpp:
-            (JSC::JIT::privateCompile):
-            * jit/JITStubs.cpp:
-            (JSC::arityCheckFor):
-            (JSC::lazyLinkFor):
-            * runtime/Executable.cpp:
-            (JSC::FunctionExecutable::compileForCallInternal):
-            (JSC::FunctionExecutable::compileForConstructInternal):
-    
-2012-01-9   Michael Saboff  <msaboff@apple.com>
-
-        Merged ToT WebKit r104429
-
-    2012-01-08  Ryosuke Niwa  <rniwa@webkit.org>
-
-            WinCE build fix after r104415.
-
-            * jit/JITExceptions.cpp:
-            * jit/JITExceptions.h:
-
-2012-01-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Merged ToT WebKit r104415.
-
-    2012-01-08  Filip Pizlo  <fpizlo@apple.com>
-    
-            The JIT's protocol for exception handling should be available to other parts of the system
-            https://bugs.webkit.org/show_bug.cgi?id=75808
-            <rdar://problem/10661025>
-    
-            Reviewed by Oliver Hunt.
-    
-            * CMakeLists.txt:
-            * GNUmakefile.list.am:
-            * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-            * JavaScriptCore.xcodeproj/project.pbxproj:
-            * Target.pri:
-            * jit/JITExceptions.cpp: Added.
-            (JSC::genericThrow):
-            (JSC::jitThrow):
-            * jit/JITExceptions.h: Added.
-            * jit/JITStubs.cpp:
-            * runtime/JSGlobalData.h:
-
-2012-01-08  Filip Pizlo  <fpizlo@apple.com>
-
-        Merged ToT WebKit r104349.
-
-    2012-01-06  Filip Pizlo  <fpizlo@apple.com>
-    
-            JIT stub slow paths that would be identical to that of an interpreter should be factored out
-            https://bugs.webkit.org/show_bug.cgi?id=75743
-            <rdar://problem/10657024>
-    
-            Reviewed by Geoff Garen.
-    
-            * GNUmakefile.list.am:
-            * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
-            * JavaScriptCore.xcodeproj/project.pbxproj:
-            * jit/JITStubs.cpp:
-            (JSC::DEFINE_STUB_FUNCTION):
-            * runtime/CommonSlowPaths.h: Added.
-            (JSC::CommonSlowPaths::opInstanceOfSlow):
-            (JSC::CommonSlowPaths::opIn):
-            (JSC::CommonSlowPaths::opResolve):
-            (JSC::CommonSlowPaths::opResolveSkip):
-            (JSC::CommonSlowPaths::opResolveWithBase):
-            (JSC::CommonSlowPaths::opResolveWithThis):
-    
-2012-01-06  Filip Pizlo  <fpizlo@apple.com>
-
-        Fixing jsc so that it will run without crashing on device.
-        
-        Reviewed by Gavin Barraclough.
-
-        * jsc.cpp:
-        (main):
-
-2012-01-05  Michael Saboff  <msaboff@apple.com>
-
-        Merged ToT WebKit JavaScriptCore Changes up to r104219
-
-        This change includes merges from OpenSource from the following JavaScriptCore
-        changes sets and corresponding changes in other parts of WebCore where needed.
-        It also includes the proposed fix for bugzilla bug 75595.
-        r100006 r100030 r100031 r100037 r100039 r100080 r100081 r100082 r100095 r100165
-        r100166 r100167 r100168 r100171 r100175 r100195 r100197 r100200 r100202 r100205
-        r100205 r100208 r100219 r100221 r100223 r100224 r100227 r100242 r100244 r100260
-        r100310 r100314 r100315 r100320 r100363 r100375 r100385 r100391 r100405 r100412
-        r100417 r100418 r100462 r100469 r100493 r100510 r100514 r100516 r100518 r100521
-        r100523 r100527 r100537 r100540 r100544 r100556 r100672 r100729 r100810 r100820
-        r100822 r100829 r100876 r100878 r100879 r100880 r100881 r100883 r100888 r100972
-        r100975 r101042 r101054 r101147 r101148 r101151 r101152 r101186 r101187 r101217
-        r101278 r101283 r101291 r101295 r101298 r101304 r101305 r101324 r101332 r101334
-        r101426 r101443 r101447 r101448 r101450 r101457 r101473 r101521 r101528 r101539
-        r101582 r101598 r101604 r101615 r101639 r101693 r101713 r101729 r101747 r101806
-        r101886 r101910 r101942 r101945 r101946 r101964 r102011 r102017 r102028 r102038
-        r102042 r102057 r102059 r102061 r102065 r102082 r102084 r102146 r102167 r102169
-        r102179 r102182 r102194 r102200 r102220 r102261 r102293 r102295 r102298 r102302
-        r102380 r102442 r102459 r102475 r102485 r102489 r102508 r102509 r102522 r102534
-        r102545 r102546 r102547 r102549 r102550 r102623 r102629 r102631 r102692 r102694
-        r102707 r102709 r102723 r102728 r102743 r102811 r102831 r102869 r102917 r102931
-        r103023 r103028 r103083 r103127 r103144 r103202 r103218 r103243 r103287 r103292
-        r103294 r103299 r103306 r103356 r103364 r103380 r103384 r103390 r103392 r103482
-        r103522 r103587 r103594 r103598 r103599 r103604 r103626 r103636 r103637 r103641
-        r103665 r103672 r103674 r103689 r103691 r103697 r103698 r103699 r103728 r103758
-        r103792 r103818 r103823 r103887 r103921 r103922 r103924 r103926 r103958 r103960
-        r103964 r103981 r104016 r104086 r104090 r104094 r104105 r104107 r104119 r104120
-        r104184 r104212 r104219
-
-2011-12-19  Gavin Barraclough  <barraclough@apple.com>
-
-        <rdar://problem/10537229> MERGE2: Crash on http://alibaba.com/
-
-        Merged ToT WebKit r102200, r102811, and r103294.
-
-    2011-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-            DFG 32_64 call linking does not handle non-cell callees correctly
-            https://bugs.webkit.org/show_bug.cgi?id=73965
-
-            Reviewed by Sam Weinig.
-
-            * dfg/DFGSpeculativeJIT32_64.cpp:
-            (JSC::DFG::SpeculativeJIT::emitCall):
-
-    2011-12-14  Gavin Barraclough  <barraclough@apple.com>
-
-            DFG relies on returning a struct in registers
-            https://bugs.webkit.org/show_bug.cgi?id=74527
-
-            Reviewed by Geoff Garen.
-
-            This will not work on all platforms. Returning a uint64_t will more reliably achieve
-            what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
-
-            * dfg/DFGOperations.cpp:
-            * dfg/DFGOperations.h:
-            (JSC::DFG::DFGHandler::dfgHandlerEncoded):
-
-    2011-12-19  Gavin Barraclough  <barraclough@apple.com>
-
-            https://bugs.webkit.org/show_bug.cgi?id=74903
-            Exceptions not thrown correctly from DFG JIT on 32bit
-
-            Reviewed by Oliver Hunt.
-
-            Arguments for lookupExceptionHandler are not setup correctly.
-            In the case of ARMv7 we rely on lr being preserved over a call,
-            this in invalid. On x86 we don't should be poking the arguments onto the stack!
-
-            * bytecode/CodeBlock.h:
-            (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
-            * dfg/DFGAssemblyHelpers.h:
-            (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
-            * dfg/DFGGPRInfo.h:
-            * dfg/DFGJITCompiler.cpp:
-            (JSC::DFG::JITCompiler::compileBody):
-            * dfg/DFGJITCompiler.h:
-            (JSC::DFG::JITCompiler::addExceptionCheck):
-            (JSC::DFG::JITCompiler::addFastExceptionCheck):
-            * dfg/DFGOperations.cpp:
-            * dfg/DFGOperations.h:
-
-2011-12-18  Benjamin Poulain  <bpoulain@apple.com>
-
-        De-virtualize iOS methods of for JSObjects
-
-        Reviewed by NOBODY (OOPS!).
-
-        The patches r98203 and r99997 remove the virtual functions from JSObjects.
-
-        After r103083, the iOS virtual functions break the build because the virtual
-        destructors are removed.
-
-        This patch implement shouldInterruptScriptBeforeTimeout() in a non-virtual way,
-        similarly to what was done in r99997.
-
-        * runtime/JSGlobalObject.cpp:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout):
-        * runtime/TimeoutChecker.cpp:
-        (JSC::TimeoutChecker::didTimeOut):
-
-2011-12-09  Joseph Pecoraro  <pecoraro@apple.com>
-
-        <rdar://problem/9878650> Remove WebInspectorServer*HTTP code
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig: Remove ENABLE_HTTP_INSPECTOR_SERVER
-
-2011-12-09  Joseph Pecoraro  <pecoraro@apple.com>
-
-        Merged ToT WebKit r102011.
-
-    2011-12-06  Filip Pizlo  <fpizlo@apple.com>
-
-            Zapping a block that is Marked leads to dead objects being mistaken for live ones
-            https://bugs.webkit.org/show_bug.cgi?id=73982
-
-            Reviewed by Geoff Garen.
-
-            Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
-            the code asserts that:
-
-            - If we zap a Marked or Zapped block then the free list is empty, because this
-              can only happen if the block was never free-listed.
-
-            - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
-              blocks are those that cannot be referred to by SizeClass::currentBlock (since
-              SizeClass::currentBlock only refers to blocks that are candidates for allocation,
-              and Allocated blocks are those who have been exhausted by allocation and will not
-              be allocated from again), and New blocks cannot be referred to by anything except
-              during a brief window inside the allocation slow-path.
-
-            * heap/MarkedBlock.cpp:
-            (JSC::MarkedBlock::zapFreeList):
-
-2011-11-29  Jer Noble  <jer.noble@apple.com>
-
-        iOS: Enable the Web Audio API
-        <rdar://problem/10388394>
-
-        Reviewed by NOBODY (OOPS!).
-
-        Define the ENABLE_WEB_AUDIO macro in PLATFORM(IOS).
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2011-12-06  Joseph Pecoraro  <pecoraro@apple.com>
-
-        Merged ToT WebKit r102011.
-
-    2011-12-01  Gavin Barraclough  <barraclough@apple.com>
-
-            https://bugs.webkit.org/show_bug.cgi?id=73624
-            JIT + INTERPRETER builds are broken
-
-            Reviewed by Geoff Garen, Sam Weinig.
-
-            These don't fallback to the interpreter correctly.
-            Thunk creation assumes that is the JIT is compiled in, then it is enabled.
-
-            * jit/JITStubs.cpp:
-            (JSC::JITThunks::JITThunks):
-            * runtime/Executable.h:
-            (JSC::NativeExecutable::create):
-            (JSC::NativeExecutable::finishCreation):
-            * runtime/JSGlobalData.cpp:
-            (JSC::JSGlobalData::getHostFunction):
-
-2011-12-06  Joseph Pecoraro  <pecoraro@apple.com>
-
-        Merged ToT WebKit r102011.
-
-    2011-12-01  Gavin Barraclough  <barraclough@apple.com>
-
-            https://bugs.webkit.org/show_bug.cgi?id=73624
-            JIT + INTERPRETER builds are broken
-
-            Reviewed by Geoff Garen, Sam Weinig.
-
-            These don't fallback to the interpreter correctly.
-            Thunk creation assumes that is the JIT is compiled in, then it is enabled.
-
-            * jit/JITStubs.cpp:
-            (JSC::JITThunks::JITThunks):
-            * runtime/Executable.h:
-            (JSC::NativeExecutable::create):
-            (JSC::NativeExecutable::finishCreation):
-            * runtime/JSGlobalData.cpp:
-            (JSC::JSGlobalData::getHostFunction):
-
-2011-12-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/10525873> Homebrew: JavaScriptCore-1009 failed to build ( #error Target architecture was not detected as supported by Double-Conversion. )
-
-        Reviewed by Ian Henderson and Cameron "Nobody would design an FPU like Intel did these days" Zwarich.
-
-        * wtf/dtoa/utils.h: Define
-        DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS for CPU(ARM64).
-
-2011-12-03  Benjamin Poulain <bpoulain@apple.com>
-
-        Merge WebKit ToT 100518.
-
-    2011-11-16  Patrick Gansterer  <paroga@webkit.org>
-
-        Unreviewed. Build fix for !ENABLE(JIT) after r100363.
-
-        * bytecode/CodeBlock.h:
-
-2011-11-14  Joseph Pecoraro  <pecoraro@apple.com>
-
-        Remove unused StringImpl::wordCount.
-
-        Reviewed by Paul Knight.
-
-        * wtf/text/StringImpl.cpp:
-        * wtf/text/StringImpl.h:
-
-2011-11-10  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/10423071> /System/Library/Frameworks/JavaScriptCore.framework should not exist, but does (72049)
-
-        Merged ToT WebKit r99906.
-
-    2011-11-10  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
-
-        Reviewed by Joseph Pecoraro.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
-        script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
-        for installation.  Also removed "Versions/A/" from the path
-        since this is unneeded due the default symlinks present in the
-        framework.
-
-2011-11-04  Pratik Solanki  <psolanki@apple.com>
-
-        Merged ToT WebKit r99333 to fix compiler warning in debug builds.
-
-    2011-11-04  Pratik Solanki  <psolanki@apple.com>
-
-        sqrtDouble and andnotDouble should be declared noreturn
-        https://bugs.webkit.org/show_bug.cgi?id=71592
-
-        Reviewed by Sam Weinig.
-
-        * assembler/MacroAssemblerARMv7.h:
-
-2011-10-16  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/10291619> Fix arm64 build of JavaScriptCore, WebCore, WebKit
-
-        Reviewed by Cameron Zwarich.
-
-        * Configurations/Base.xcconfig: Don't use -Wshorten-64-to-32
-        when building arm64.  This matches Mac OS X 64-bit builds.
-        * Configurations/JavaScriptCore.xcconfig: Set
-        JSVALUE_MODEL_arm64 so the correct export file is found.
-        * heap/MachineStackMarker.cpp: Update for arm64.
-        (JSC::getPlatformThreadRegisters):
-        (JSC::otherThreadStackPointer):
-        * wtf/Platform.h: Define CPU(ARM64) and WTF_ARM_ARCH_VERSION for
-        arm64 architecture.  Disable the JIT on arm64 because it does
-        not exist.  Set WTF_USE_JSVALUE64 for arm64.
-
-2011-10-14  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/10255213> JavaScriptCore_Sim fails to build for x86_64
-
-        Reviewed by Joseph Pecoraro.
-
-        * Configurations/Base.xcconfig: Don't use -Wshorten-64-to-32
-        when building the 64-bit simulator.  Matches Mac OS X 64-bit
-        builds.
-        * wtf/Platform.h: Removed IOS_4_3_OR_LATER macro.  Updated
-        interpreter/JIT/YARR settings to separate iOS Simulator from
-        current hardware, and removed old iOS and armv6 settings.  This
-        fixes a bug where WTF_USE_JSVALUE32_64 was being set for the
-        simulator regardless of architecture.
-
-2011-09-30  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Dave Kilzer.
-
-        Renamed iPhone.xcconfig to iOS.xcconfig
-
-        * Configurations/iOS.xcconfig: Copied from Source/JavaScriptCore/Configurations/iPhone.xcconfig.
-        * Configurations/iPhone.xcconfig: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-09-22  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Renamed directories and groups in the Xcode project from "iphone" to "ios".
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/CrossThreadRefCounted.h:
-        * wtf/MainThread.cpp:
-        * wtf/ios: Copied from Source/JavaScriptCore/wtf/iphone.
-        * wtf/iphone: Removed.
-        * wtf/iphone/WebCoreThread.cpp: Removed.
-        * wtf/iphone/WebCoreThread.h: Removed.
-
-2011-09-01  David Kilzer  <ddkilzer@apple.com>
-
-        Part 2 of 2: <rdar://problem/9139206> Build iOS WebKit with clang
-
-        Reviewed by David Carson.
-
-        * Configurations/CompilerVersion.xcconfig: Switch to using clang
-        for both iphoneos and iphonesimulator platforms.
-
-2011-08-24  Matt Lilek  <mlilek@apple.com>
-
-        <rdar://problem/10018843> iOS: CVE-2011-2788: Buffer overrun in WebCore::InspectorBasicValue::writeJSON (52791)
-
-        Merge OpenSource r88444.
-
-    2011-06-08  Mikołaj Małecki  <m.malecki@samsung.com>
-
-        Reviewed by Pavel Feldman.
-
-        Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
-        https://bugs.webkit.org/show_bug.cgi?id=52791
-
-        No new tests. The problem can be reproduced by trying to create InspectorValue
-        from 1.0e-100 and call ->toJSONString() on this.
-
-        * JavaScriptCore.exp:
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
-        export 2 functions DecimalNumber::bufferLengthForStringExponential and
-        DecimalNumber::toStringExponential.
-
-2011-08-19  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9987571> iOS: REGRESSION: crash in JSC::setUpStaticFunctionSlot, found on jsfunfuzz
-
-        Merged ToT WebKit r93048.
-
-    2011-08-15  Gavin Barraclough  <barraclough@apple.com>
-
-        Crash accessing static property on sealed object
-        https://bugs.webkit.org/show_bug.cgi?id=66242
-
-        Reviewed by Sam Weinig.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::putDirectInternal):
-            - should only check isExtensible if checkReadOnly.
-
-2011-08-16  Michael Saboff  <msaboff@apple.com>
-
-        <rdar://problem/9931094> REGRESSION (9A294-9A296): Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
-        https://bugs.webkit.org/show_bug.cgi?id=66351
-
-        Merge OpenSource r93189.
-
-    2011-08-16  Michael Saboff  <msaboff@apple.com>
-
-        Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
-        https://bugs.webkit.org/show_bug.cgi?id=66351
-
-        JIT::privateCompilePutByIdTransition expects that regT0 and regT1
-        have the basePayload and baseTag respectively.  In some cases,
-        we may get to this generated code with one or both of these
-        registers trash.  One know case is that regT0 on ARM may be
-        trashed as regT0 (r0) is also arg0 and can be overrun with sp due
-        to calls to JIT::restoreReturnAddress().  This patch uses the
-        values on the stack.  A longer term solution is to work out all
-        cases so that the register entry assumptions can assured.
-
-        While fixing this, also determined that the additional stack offset
-        of sizeof(void*) is not needed for ARM.
-
-        Reviewed by Gavin Barraclough.
-
-        * jit/JITPropertyAccess32_64.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-
-2011-07-31  Matt Lilek  <mlilek@apple.com>
-
-        <rdar://problem/9778751> iOS: CSSPrimitiveValue::getIntValue() and getFloatValue() should clamp to avoid overflow (53449)
-
-        Merge OpenSource r89705.
-
-    2011-06-24  Abhishek Arya  <inferno@chromium.org>
-
-        Reviewed by Darin Adler.
-
-        Match other clampTo* functions in style with clampToInteger(float)
-        function.
-        https://bugs.webkit.org/show_bug.cgi?id=53449
-
-        * wtf/MathExtras.h:
-        (clampToInteger):
-        (clampToFloat):
-        (clampToPositiveInteger):
-
-2011-07-31  Matt Lilek  <mlilek@apple.com>
-
-        <rdar://problem/9739105> iOS: Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/ (61585)
-
-        Merge OpenSource r89614.
-
-    2011-06-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        https://bugs.webkit.org/show_bug.cgi?id=61585
-        Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
-
-        This is due to use of int instead of unsigned, bad math around
-        the 2^31 boundary.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-            - Change some uses of int to unsigned, refactor compare logic to
-              restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generate):
-        (JSC::Yarr::YarrGenerator::backtrack):
-            - Ditto.
-
-2011-07-31  Matt Lilek  <mlilek@apple.com>
-
-        <rdar://problem/9739059> iOS: CVE-2011-2354: REGRESSION (r82516): SecuritySaver: *exploitable* OOB read in WebCore::ImageBufferData::getData (61135)
-
-        Merge OpenSource r87103.
-
-    2011-05-23  Matthew Delaney  <mdelaney@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
-        https://bugs.webkit.org/show_bug.cgi?id=58216
-
-        * wtf/MathExtras.h:
-        (clampToInteger):
-        (clampToPositiveInteger):
-
-2011-08-10  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9913449> REGRESSION: stringByEvaluatingJavaScriptFromString returns parameter passed to function instead of return value
-
-        Merge WebKit TOT r92785
-
-    2011-08-10  Oliver Hunt  <oliver@apple.com>
-
-        JSEvaluteScript does not return the correct object when given JSONP data
-        https://bugs.webkit.org/show_bug.cgi?id=66003
-
-        Reviewed by Gavin Barraclough.
-
-        Make sure we propagate the result of the function call rather than the
-        argument.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2011-08-08  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9910251> Unable to free up JIT code due to guard pages
-
-        Marge WebKit TOT r92635
-
-    2011-08-08  Oliver Hunt  <oliver@apple.com>
-
-        Using mprotect to create guard pages breaks our use of madvise to release executable memory
-        https://bugs.webkit.org/show_bug.cgi?id=65870
-
-        Reviewed by Gavin Barraclough.
-
-        Use mmap rather than mprotect to clear guard page permissions.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit):
-
-2011-08-07  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/9884604> Should clean up JIT code when we get a memory warning
-
-        Reviewed by Oliver Hunt.
-
-        * JavaScriptCore.exp: Export JSGlobalData::recompileAllJSFunctions
-
-2011-08-06  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Andy Estes.
-
-        <rdar://problem/9909069> AtomicString::fromUTF8Internal() is not taking the AtomicString table lock
-
-        * wtf/text/AtomicString.cpp:
-        (WTF::AtomicString::fromUTF8Internal): Take the lock before calling addToStringTable().
-
-2011-08-04  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/9795993> Remote Inspector: breakpoint hit inside touchend event prevents Safari from refreshing
-
-        * wtf/MainThread.cpp:
-        (WTF::setMainThreadCallbacksPaused): This is called when pausing
-        JavaScript and is fine to call as long as the WebThread is locked.
-
-2011-07-28  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9897283> Interpreter can potentially GC in the middle of initializing a structure chain (https://bugs.webkit.org/show_bug.cgi?id=65638)
-
-        Merge WebKit TOT r92393
-
-    2011-08-04  Mark Hahnenberg  <mhahnenberg@apple.com>
-
-        Interpreter can potentially GC in the middle of initializing a structure chain
-        https://bugs.webkit.org/show_bug.cgi?id=65638
-
-        Reviewed by Oliver Hunt.
-
-        Moved the allocation of a prototype StructureChain before the initialization of 
-        the structure chain within the interpreter that was causing intermittent GC crashes.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-
-2011-08-02  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        <rdar://problem/9394430> WebKit can't show these emoji glyphs 1⃣2⃣3⃣4⃣5⃣6⃣7⃣ correctly unless proper font is being specified
-
-        * wtf/unicode/CharacterNames.h: Added a constant for U+20E3 COMBINING ENCLOSING KEYCAP.
-
-2011-07-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9864012> Clean up compiler settings (ANGLE project doesn't specify compiler correctly)
-
-        Reviewed by Joseph Pecoraro.
-
-        * Configurations/CompilerVersion.xcconfig: Build Development
-        and Development_Hardware configurations using clang.
-        Deployment, Deployment_Hardware, Production_Deployment and
-        Production_Hardware configurations still use llvm-gcc-4.2.
-
-2011-07-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Joe Pecoraro.
-
-        <rdar://problem/9859981> Remove accidentally committed ASSERT from interpreter
-
-        Remove bogus assertion.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-2011-07-27  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9826969> CRASH after running out of executable memory @ washingtonpost.com
-
-        Merge WebKit TOT r91871
-
-    2011-07-27  Oliver Hunt  <oliver@apple.com>
-
-        Handle callback oriented JSONP
-        https://bugs.webkit.org/show_bug.cgi?id=65271
-
-        Reviewed by Gavin Barraclough.
-
-        Handle the callback oriented versions of JSONP.  The Literal parser
-        now handles <Identifier> (. <Identifier>)* (jsonData).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::tryJSONPParse):
-        (JSC::LiteralParser::Lexer::lex):
-        * runtime/LiteralParser.h:
-
-2011-07-26  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9844317> preventExtensions on host functions crashes
-
-        Merge WebKit TOT r90402 and r90404
-
-    2011-07-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Build fix following last patch.
-
-        * runtime/JSFunction.cpp:
-        (JSC::createPrototypeProperty):
-
-    2011-07-05  Gavin Barraclough  <barraclough@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=63947
-        ASSERT running Object.preventExtensions(Math.sin)
-
-        Reviewed by Oliver Hunt.
-
-        This is due to calling scope() on a hostFunction as a part of
-        calling createPrototypeProperty to reify the prototype property.
-        But host functions don't have a prototype property anyway!
-
-        Prevent callling createPrototypeProperty on a host function.
-
-        * runtime/JSFunction.cpp:
-        (JSC::JSFunction::createPrototypeProperty):
-        (JSC::JSFunction::preventExtensions):
-
-
-2011-07-25  Andy Estes  <aestes@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/9827302> Add a compile-time option to enable the HTTP inspector server on the device.
-
-        * Configurations/FeatureDefines.xcconfig: Add ENABLE_HTTP_INSPECTOR_SERVER.
-
-2011-07-25  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8727143> Investigate moving to the C CFNetwork APIs
-
-        Reviewed by David Carson.
-
-        Re-enable USE(CFNETWORK) on iOS. The issues with gmail are not as severe as I had initially
-        thought.
-
-        * wtf/Platform.h:
-
-2011-07-25  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9837878> export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
-
-        Merge WebKit TOT r91627
-
-    2011-07-22  Sommer Panage  <panage@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
-        https://bugs.webkit.org/show_bug.cgi?id=64981
-
-        UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
-        Currently, the C API does not provide the tools to do this. However, the private API
-        does expose the necessary functionality to get a backtrace
-        (via Interpreter::retrieveLastCaller). We recognize this information may result in
-        failure in the cases of programs run by 'eval', stack frames beneath host function
-        call frames, and in programs run from other programs. Thus, we propose exporting our
-        JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
-        we need while not advertising an API that isn't really ready for full use.
-
-        * API/JSContextRef.cpp:
-        * API/JSContextRefPrivate.h:
-        * JavaScriptCore.exp:
-
-2011-07-25  Jon Lee  <jonlee@apple.com>
-
-        Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
-        https://bugs.webkit.org/show_bug.cgi?id=65132
-        <rdar://problem/9836297>
-
-        Merge WebKit TOT r91706
-        
-    2011-07-25  Jon Lee  <jonlee@apple.com>
-        
-        Reviewed by Oliver Hunt.
-        
-        Make sure the JIT is available to use before running the following calls:
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
-
-2011-07-22  Pratik Solanki  <psolanki@apple.com>
-
-        Unreviewed. Disable USE(CFNETWORK) until we can fix issues with gmail <rdar://9826491>.
-
-        * wtf/Platform.h:
-
-2011-07-22  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8727143> Investigate moving to the C CFNetwork APIs
-
-        Reviewed by David Carson.
-
-        Enable USE(CFNETWORK) on iOS. Instead of using the Foundation based network loader in
-        WebCore, we now use the CF based loader. This gives us around 3% perf win on the PLT power
-        pages. While this is a big change, I have been living on versions of this change for over a
-        week now. I have also run the stress test and not seen any issues related to this change.
-
-        * wtf/Platform.h:
-
-2011-07-19  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9804094> API GC throws away compiled code; can cause pathological compilation churn
-        
-        Merge WebKit TOT r91401
-
-    2011-07-20  Oliver Hunt  <oliver@apple.com>
-
-        Don't throw away code when JSGarbageCollect API is called
-        https://bugs.webkit.org/show_bug.cgi?id=64894
-
-        Reviewed by Sam Weinig.
-
-        Just call collectAllGarbage.  That will clean up all unneeded
-        code without causing any pathological recompilation problems.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-
-2011-07-19  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9734627> MarketDash crashed in JSC::slowValidateCell
-
-        Merge WebKit TOT r91394
-
-    2011-07-20  Oliver Hunt  <oliver@apple.com>
-
-        Codeblock doesn't visit cached structures in global resolve instructions
-        https://bugs.webkit.org/show_bug.cgi?id=64889
-
-        Reviewed by Sam Weinig.
-
-        Visit the global resolve instructions.  This fixes a couple
-        of random crashes seen in the jquery tests when using the
-        interpreter.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-
-2011-07-19  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9652614> Turn GC Validation off again
-
-        Reviewed by Gavin Barraclough.
-
-        Return GC validation to its normal debug only mode.
-
-        * wtf/Platform.h:
-
-2011-07-14  Michael Saboff  <msaboff@apple.com>
-
-    <rdar://problem/9776826> Optimise performance of .*string.* regexps in browser mark
-
-    Merge WebKit TOT r90962
-
-    2011-07-13  Michael Saboff  <msaboff@apple.com>
-
-        https://bugs.webkit.org/show_bug.cgi?id=64202
-        Enh: Improve handling of RegExp in the form of /.*blah.*/
-
-        Reviewed by Gavin Barraclough.
-
-        Added code to both the Yarr interpreter and JIT to handle
-        these expressions a little differently.  First off, the terms
-        in between the leading and trailing .*'s cannot capture and
-        also this enhancement is limited to single alternative expressions.
-        If an expression is of the right form with the aforementioned
-        restrictions, we process the inner terms and then look for the
-        beginning of the string and end of the string.  There is handling 
-        for multiline expressions to allow the beginning and end to be 
-        right after and right before newlines.
-
-        This enhancement speeds up expressions of this type 12x on
-        a MacBookPro.
-
-        Cleaned up 'case' statement indentation.
-
-        A new set of tests was added as LayoutTests/fast/regex/dotstar.html
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::InputStream::end):
-        (JSC::Yarr::Interpreter::matchDotStarEnclosure):
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
-        (JSC::Yarr::ByteCompiler::emitDisjunction):
-        * yarr/YarrInterpreter.h:
-        (JSC::Yarr::ByteTerm::DotStarEnclosure):
-        * yarr/YarrJIT.cpp:
-        (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
-        (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
-        (JSC::Yarr::YarrGenerator::generateTerm):
-        (JSC::Yarr::YarrGenerator::backtrackTerm):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
-        (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
-        (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
-        (JSC::Yarr::YarrPattern::compile):
-        * yarr/YarrPattern.h:
-        (JSC::Yarr::PatternTerm::PatternTerm):
-
-2011-07-12  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9760209> ASSERT_GC_OBJECT_INHERITS failure loading sportscheck.com
-
-    Marge TOT WebKit r90875
-
-    2011-07-12  Oliver Hunt  <oliver@apple.com>
-
-        Overzealous type validation in method_check
-        https://bugs.webkit.org/show_bug.cgi?id=64415
-
-        Reviewed by Gavin Barraclough.
-
-        method_check is essentially just a value look up
-        optimisation, but it internally stores the value
-        as a JSFunction, even though it never relies on
-        this fact.  Under GC validation however we end up
-        trying to enforce that assumption.  The fix is
-        simply to store the value as a correct supertype.
-
-        * bytecode/CodeBlock.h:
-        * dfg/DFGRepatch.cpp:
-        (JSC::DFG::dfgRepatchGetMethodFast):
-        (JSC::DFG::tryCacheGetMethod):
-        * jit/JIT.h:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2011-07-08  Dan Bernstein  <mitz@apple.com>
-
-        Some preparation for <rdar://problem/9394430> WebKit can't show these emoji glyphs correctly unless proper font is being specified
-
-        Merged TOT WebKit r88477.
-
-    2011-06-09  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Add Vector::reverse()
-        https://bugs.webkit.org/show_bug.cgi?id=62393
-
-        * wtf/Vector.h:
-        (WTF::Vector::reverse): Added
-
-2011-07-07  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9147974> 12% of nytimes.com uncached page load spent beneath JIT::privateCompile
-
-    Merge WebKit TOT r90586
-
-    2011-07-07  Oliver Hunt  <oliver@apple.com>
-
-        Encode jump and link sizes into the appropriate enums
-        https://bugs.webkit.org/show_bug.cgi?id=64123
-
-        Reviewed by Sam Weinig.
-
-        Finally kill off the out of line jump and link size arrays, 
-        so we can avoid icky loads and constant fold the linking arithmetic.
-
-        * assembler/ARMv7Assembler.cpp:
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::jumpSizeDelta):
-        (JSC::ARMv7Assembler::computeJumpType):
-
-2011-07-06  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Pratik Solanki.
-
-        <rdar://problem/9723249> core.caseware.com does not run correctly in telluride.
-
-        The 32bit path for call code generation was not correctly setting
-        the call type flag on its call info.  This then caused us to link
-        the wrong linking thunk when we unlinked a call site.  This broke
-        core.caseware.com due to memory pressure triggering our unlinking
-        logic.  After the fix for rdar://problem/9722210 we ended up
-        using this unlinking logic much more often, so breaking a variety
-        of other sites.
-
-        This isn't a ToT WebKit merge as ToT WebKit has some substantial
-        refactoring to the call logic so a straight merge would be pointless.
-
-        Equivalent ToT WebKit change was part of
-        https://bugs.webkit.org/show_bug.cgi?id=63980
-        http://trac.webkit.org/changeset/90443
-
-        * jit/JITCall32_64.cpp:
-        (JSC::JIT::compileOpCall):
-
-2011-07-05  David Kilzer  <ddkilzer@apple.com>
-
-        Switch to using llvm-gcc-4.2 when compiling for the iOS Simulator
-
-        Reviewed by Paul Knight.
-
-        Fixes: <rdar://problem/9723537> SWB: JavaScriptCore_Sim hardcodes use of (soon-to-be-obsolete) gcc-4.2
-
-        * Configurations/CompilerVersion.xcconfig:
-        (TARGET_GCC_VERSION_iphonesimulator): Switched to LLVM_GCC_42.
-
-2011-07-05  Oliver Hunt  <oliver@apple.com>
-
-        <rdar://problem/9147974> 12% of nytimes.com uncached page load spent beneath JIT::privateCompile
-
-        Merge WebKit TOT r90426
-
-    2011-07-05  Oliver Hunt  <oliver@apple.com>
-
-        Force inlining of simple functions that show up as not being inlined
-        https://bugs.webkit.org/show_bug.cgi?id=63964
-
-        Reviewed by Gavin Barraclough.
-
-        Looking at profile data indicates the gcc is failing to inline a
-        number of trivial functions.  This patch hits the ones that show
-        up in profiles with the ALWAYS_INLINE hammer.
-
-        We also replace the memcpy() call in linking with a manual loop.
-        Apparently memcpy() is almost never faster than an inlined loop.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::add):
-        (JSC::ARMv7Assembler::add_S):
-        (JSC::ARMv7Assembler::ARM_and):
-        (JSC::ARMv7Assembler::asr):
-        (JSC::ARMv7Assembler::b):
-        (JSC::ARMv7Assembler::blx):
-        (JSC::ARMv7Assembler::bx):
-        (JSC::ARMv7Assembler::clz):
-        (JSC::ARMv7Assembler::cmn):
-        (JSC::ARMv7Assembler::cmp):
-        (JSC::ARMv7Assembler::eor):
-        (JSC::ARMv7Assembler::it):
-        (JSC::ARMv7Assembler::ldr):
-        (JSC::ARMv7Assembler::ldrCompact):
-        (JSC::ARMv7Assembler::ldrh):
-        (JSC::ARMv7Assembler::ldrb):
-        (JSC::ARMv7Assembler::lsl):
-        (JSC::ARMv7Assembler::lsr):
-        (JSC::ARMv7Assembler::movT3):
-        (JSC::ARMv7Assembler::mov):
-        (JSC::ARMv7Assembler::movt):
-        (JSC::ARMv7Assembler::mvn):
-        (JSC::ARMv7Assembler::neg):
-        (JSC::ARMv7Assembler::orr):
-        (JSC::ARMv7Assembler::orr_S):
-        (JSC::ARMv7Assembler::ror):
-        (JSC::ARMv7Assembler::smull):
-        (JSC::ARMv7Assembler::str):
-        (JSC::ARMv7Assembler::sub):
-        (JSC::ARMv7Assembler::sub_S):
-        (JSC::ARMv7Assembler::tst):
-        (JSC::ARMv7Assembler::linkRecordSourceComparator):
-        (JSC::ARMv7Assembler::link):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
-        * assembler/LinkBuffer.h:
-        (JSC::LinkBuffer::linkCode):
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::nearCall):
-        (JSC::MacroAssemblerARMv7::call):
-        (JSC::MacroAssemblerARMv7::ret):
-        (JSC::MacroAssemblerARMv7::moveWithPatch):
-        (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
-        (JSC::MacroAssemblerARMv7::storePtrWithPatch):
-        (JSC::MacroAssemblerARMv7::tailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
-        (JSC::MacroAssemblerARMv7::jump):
-        (JSC::MacroAssemblerARMv7::makeBranch):
-
-2011-07-05  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9722210> Don't recompile repeatedly during page loading
-
-    Merge WebKit TOT r90415
-
-    2011-07-05  Oliver Hunt  <oliver@apple.com>
-
-        Don't throw out compiled code repeatedly
-        https://bugs.webkit.org/show_bug.cgi?id=63960
-
-        Reviewed by Gavin Barraclough.
-
-        Stop throwing away all compiled code every time
-        we're told to do a full GC.  Instead unlink all
-        callsites during such GC passes to maximise the
-        number of collectable functions, but otherwise
-        leave compiled functions alone.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage):
-        * heap/MarkStack.h:
-        (JSC::MarkStack::shouldUnlinkCalls):
-        (JSC::MarkStack::setShouldUnlinkCalls):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::recompileAllJSFunctions):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-        * runtime/RegExp.cpp:
-        (JSC::RegExp::compile):
-        (JSC::RegExp::invalidateCode):
-        * runtime/RegExp.h:
-
-2011-07-01  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9706758> IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren() (63732)
-
-    Merge WebKit ToT r90282
-
-    2011-07-01  Oliver Hunt  <oliver@apple.com>
-
-        IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
-        https://bugs.webkit.org/show_bug.cgi?id=63732
-
-        Reviewed by Gavin Barraclough.
-
-        Initialise the memory at the head of the new storage so that
-        GC is safe if triggered by reportExtraMemoryCost.
-
-        * runtime/JSArray.cpp:
-        (JSC::JSArray::increaseVectorPrefixLength):
-
-2011-07-01  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9655973> GC allocation sequencing can be incorrect
-
-    Merge WebKit ToT r90273
-
-    2011-07-01  Oliver Hunt  <oliver@apple.com>
-
-        GC sweep can occur before an object is completely initialised
-        https://bugs.webkit.org/show_bug.cgi?id=63836
-
-        Reviewed by Gavin Barraclough.
-
-        In rare cases it's possible for a GC sweep to occur while a
-        live, but not completely initialised object is on the stack.
-        In such a case we may incorrectly choose to mark it, even
-        though it has no children that need marking.
-
-        We resolve this by always zeroing out the structure of any
-        value returned from JSCell::operator new(), and making the
-        markstack tolerant of a null structure. 
-
-        * runtime/JSCell.h:
-        (JSC::JSCell::JSCell::~JSCell):
-        (JSC::JSCell::JSCell::operator new):
-        * runtime/Structure.h:
-        (JSC::MarkStack::internalAppend):
-
-2011-07-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9674091> JavaScriptCore should build for armv7f and armv7s
-
-        Reviewed by David Carson.
-
-        Original patch by Denis Palmans <dpalmans@apple.com>.
-
-        * Configurations/Base.xcconfig: Don't override VALID_ARCHS when
-        building for iphoneos or iphonesimulator SDKs.  This keeps the
-        original value of VALID_ARCHS and only adds platform-specific
-        values for macosx.
-        * Configurations/JavaScriptCore.xcconfig: Added support for
-        armv7f and armv7s when setting JSVALUE_MODEL.
-        * wtf/Platform.h: Make sure WTF_ARM_ARCH_VERSION and
-        WTF_THUMB_ARCH_VERSION are set for armv7f and armv7s.
-
-2011-07-01  Oliver Hunt  <oliver@apple.com>
-
-        Debug build fix.  Apparently I didn't do a debug build
-        following one of yesterdays merges.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::getConservativeRegisterRoots):
-
-2011-07-01  David Kilzer  <ddkilzer@apple.com>
-
-        Fix clang build error in JITOpcodes32_64.cpp
-
-        Merge ToT WebKit r90232.
-
-    2011-07-01  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
-
-        Fixes the following build error in clang:
-
-            JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
-                 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
-                     ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
-            JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
-                 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
-                                                ^
-                     (                         )
-            fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
-            fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
-            JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
-                 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
-                                        ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-            1 error generated.
-
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
-        tertiary expression evaluate first.
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9665160> ASSERT in JSC::JITCode::size() when running non-JIT enabled scripter
-
-    Merge WebKit ToT r89964
-
-    2011-06-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        ASSERT when launching debug builds with interpreter and jit enabled
-        https://bugs.webkit.org/show_bug.cgi?id=63566
-
-        Add appropriate guards to the various Executable's memory reporting
-        logic.
-
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::compileInternal):
-        (JSC::ProgramExecutable::compileInternal):
-        (JSC::FunctionExecutable::compileForCallInternal):
-        (JSC::FunctionExecutable::compileForConstructInternal):
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8961198> Crashes seen after running out of executable memory
-
-    Merge WebKit ToT r89630, r89885, r89887
-
-    2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
-
-        Build fix attempt after r89885.
-
-        * JavaScriptCore.exp:
-        * jsc.cpp:
-
-    2011-06-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Support throwing away non-running code even while other code is running
-        https://bugs.webkit.org/show_bug.cgi?id=63485
-
-        Add a function to CodeBlock to support unlinking direct linked callsites,
-        and then with that in place add logic to discard code from any function
-        that is not currently on the stack.
-
-        The unlinking completely reverts any optimized call sites, such that they
-        may be relinked again in future.
-
-        * JavaScriptCore.exp:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::unlinkCalls):
-        (JSC::CodeBlock::clearEvalCache):
-        * bytecode/CodeBlock.h:
-        (JSC::CallLinkInfo::CallLinkInfo):
-        (JSC::CallLinkInfo::unlink):
-        * bytecode/EvalCodeCache.h:
-        (JSC::EvalCodeCache::clear):
-        * heap/Heap.cpp:
-        (JSC::Heap::getConservativeRegisterRoots):
-        * heap/Heap.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        * jit/JIT.h:
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCall):
-        * jit/JITWriteBarrier.h:
-        (JSC::JITWriteBarrierBase::clear):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionReleaseExecutableMemory):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::unlinkCalls):
-        (JSC::ProgramExecutable::unlinkCalls):
-        (JSC::FunctionExecutable::discardCode):
-        (JSC::FunctionExecutable::unlinkCalls):
-        * runtime/Executable.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::SafeRecompiler::returnValue):
-        (JSC::SafeRecompiler::operator()):
-        (JSC::JSGlobalData::releaseExecutableMemory):
-
-    2011-06-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Add the ability to dynamically modify linked call sites
-        https://bugs.webkit.org/show_bug.cgi?id=63291
-
-        Add JITWriteBarrier as a writebarrier class that allows
-        reading and writing directly into the code stream.
-
-        This required adding logic to all the assemblers to allow
-        us to read values back out of the instruction stream.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * assembler/ARMAssembler.h:
-        (JSC::ARMAssembler::readPointer):
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::readPointer):
-        (JSC::ARMv7Assembler::readInt32):
-        (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
-        (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::readPointer):
-        * assembler/MIPSAssembler.h:
-        (JSC::MIPSAssembler::readInt32):
-        (JSC::MIPSAssembler::readPointer):
-        * assembler/MacroAssemblerCodeRef.h:
-        (JSC::MacroAssemblerCodePtr::operator!):
-        * assembler/SH4Assembler.h:
-        (JSC::SH4Assembler::readPCrelativeAddress):
-        (JSC::SH4Assembler::readPointer):
-        (JSC::SH4Assembler::readInt32):
-        * assembler/X86Assembler.h:
-        (JSC::X86Assembler::readPointer):
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::visitAggregate):
-        * bytecode/CodeBlock.h:
-        (JSC::MethodCallLinkInfo::seenOnce):
-        (JSC::MethodCallLinkInfo::setSeen):
-        * heap/MarkStack.h:
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompile):
-        (JSC::JIT::linkCall):
-        (JSC::JIT::linkConstruct):
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::patchMethodCallProto):
-        * jit/JITPropertyAccess32_64.cpp:
-        * jit/JITWriteBarrier.h: Added.
-        (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
-        (JSC::JITWriteBarrierBase::operator!):
-        (JSC::JITWriteBarrierBase::setFlagOnBarrier):
-        (JSC::JITWriteBarrierBase::isFlagged):
-        (JSC::JITWriteBarrierBase::setLocation):
-        (JSC::JITWriteBarrierBase::location):
-        (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
-        (JSC::JITWriteBarrierBase::set):
-        (JSC::JITWriteBarrierBase::get):
-        (JSC::JITWriteBarrier::JITWriteBarrier):
-        (JSC::JITWriteBarrier::set):
-        (JSC::JITWriteBarrier::get):
-        (JSC::MarkStack::append):
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8913432> Crash after running out of executable memory @ syntensity.com python simulator (requires 33.7MB for large array literals)
-
-    Merge WebKit ToT r89954, r89959
-
-    2011-06-28  Oliver Hunt  <oliver@apple.com>
-
-        Fix interpreter build.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-    2011-06-28  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make constant array optimisation less strict about what constitutes a constant
-        https://bugs.webkit.org/show_bug.cgi?id=63554
-
-        Now allow string constants in array literals to actually be considered constant,
-        and so avoid codegen in array literals with strings in them.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addConstantBuffer):
-        (JSC::CodeBlock::constantBuffer):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addConstantBuffer):
-        (JSC::BytecodeGenerator::addStringConstant):
-        (JSC::BytecodeGenerator::emitNewArray):
-        * bytecompiler/BytecodeGenerator.h:
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-
-2011-06-30  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8940085> Stress Test Crash: JavaScriptCore: JSC::RegExp::match(JSC::UString const&, int, WTF::Vector<int, 32ul>*) (RefPtr.h:60)
-
-    Merge WebKit TOT r89729
-
-    2011-06-24  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
-        https://bugs.webkit.org/show_bug.cgi?id=63345
-
-        The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
-        return 9 and 10 bit quantities, therefore changed their return type from
-        uint8_t to uint16_t.  Also casted the places where they are used as they
-        are currently shifted and used as 7 or 8 bit values.
-
-        These methods are currently used for literals for stack offsets, 
-        including creating and destroying stack frames.  The prior truncation of
-        the upper bits caused stack frames to be too small, thus allowing a
-        JIT'ed function to access and overwrite stack space outside of the
-        incorrectly sized stack frame.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMThumbImmediate::getUInt9):
-        (JSC::ARMThumbImmediate::getUInt10):
-        (JSC::ARMv7Assembler::add):
-        (JSC::ARMv7Assembler::ldr):
-        (JSC::ARMv7Assembler::str):
-        (JSC::ARMv7Assembler::sub):
-        (JSC::ARMv7Assembler::sub_S):
-
-2011-06-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Dave Carson and Geoff Garen.
-
-        <rdar://problem/9473586> Crash in JSC::Structure::visitChildren running AdSheet tests
-
-        Enabling GC validation for all builds to once again try 
-        to track down some of GC crashers.
-        
-        Turning validation off again is tracked by:
-        <rdar://problem/9652614> Turn GC Validation off again
-
-        * wtf/Platform.h:
-
-2011-06-20  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8938997> Crash after running out of executable memory @ apidock.com (requires 13.1MB for JSONP)
-
-    Merge WebKit TOT r89219, r89226, r89228
-
-    2011-06-19  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Correct logic for putting errors on the correct line when handling JSONP
-        https://bugs.webkit.org/show_bug.cgi?id=62962
-
-        Minor fix for the minor fix.  *sigh*
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-    2011-06-19  Oliver Hunt  <oliver@apple.com>
-
-        Minor fix to correct layout test results.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::execute):
-
-    2011-06-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JSONP is unnecessarily slow
-        https://bugs.webkit.org/show_bug.cgi?id=62920
-
-        JSONP has unfortunately become a fairly common idiom online, yet
-        it triggers very poor performance in JSC as we end up doing codegen
-        for a large number of property accesses that will
-           * only be run once, so the vast amount of logic we dump to handle
-             caching of accesses is unnecessary.
-           * We are doing codegen that is directly proportional to just
-             creating the object in the first place.
-
-        This patch extends the use of the literal parser to JSONP-like structures
-        in global code, handling a number of different forms I have seen online.
-        In an extreme case this improves performance of JSONP by more than 2x
-        due to removal of code generation and execution time, and a few optimisations
-        that I made to the parser itself.
-
-        * API/JSValueRef.cpp:
-        (JSValueMakeFromJSONString):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::callEval):
-        (JSC::Interpreter::execute):
-        * parser/Lexer.cpp:
-        (JSC::Lexer::isKeyword):
-        * parser/Lexer.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncEval):
-        * runtime/JSONObject.cpp:
-        (JSC::JSONProtoFuncParse):
-        * runtime/LiteralParser.cpp:
-        (JSC::LiteralParser::tryJSONPParse):
-        (JSC::LiteralParser::makeIdentifier):
-        (JSC::LiteralParser::Lexer::lex):
-        (JSC::LiteralParser::Lexer::next):
-        (JSC::isSafeStringCharacter):
-        (JSC::LiteralParser::Lexer::lexString):
-        (JSC::LiteralParser::Lexer::lexNumber):
-        (JSC::LiteralParser::parse):
-        * runtime/LiteralParser.h:
-        (JSC::LiteralParser::LiteralParser):
-        (JSC::LiteralParser::tryLiteralParse):
-        (JSC::LiteralParser::Lexer::Lexer):
-
-2011-06-17  Simon Fraser  <simon.fraser@apple.com>
-
-    <rdar://problem/9632485> ASSERT(m_codeEnd - m_code >= maxTokenLength) loading nytimes.com
-    
-    Merge WebKit ToT r88082.
-
-    2011-06-03  Oliver Hunt  <oliver@apple.com>
-    
-            Whoops, fix last minute bug.
-    
-            * parser/Lexer.cpp:
-            (JSC::Lexer::parseIdentifier):
-    
-2011-06-16  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9626197> JS API is too aggressive about throwing exceptions for NULL get or set operations (61678)
-
-    Merged TOT WebKit r87588
-
-    2011-05-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JS API is too aggressive about throwing exceptions for NULL get or set operations
-        https://bugs.webkit.org/show_bug.cgi?id=61678
-
-        * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
-        function that returns a JSValue, so it can fail and still forward to
-        normal property lookup.
-
-        * API/JSCallbackObjectFunctions.h:
-        (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
-        access a static property -- just forward the access. This allows objects
-        to observe get/set operations but still let the JS object manage lifetime.
-
-        (JSC::::put): Ditto.
-
-        (JSC::::getStaticValue): Same as JSCallbackObject.h.
-
-        * API/tests/testapi.c:
-        (MyObject_set_nullGetForwardSet):
-        * API/tests/testapi.js: Updated tests to reflect slightly less strict
-        behavior, which matches headerdoc claims.
-
-2011-06-16  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9626170> Property caching is too aggressive for API objects (61677)
-
-    Merged TOT WebKit r87586
-
-    2011-05-27  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Property caching is too aggressive for API objects
-        https://bugs.webkit.org/show_bug.cgi?id=61677
-
-        * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
-        callback APIs allow the client to change its mind about our propertis at
-        any time.
-
-        * API/tests/testapi.c:
-        (PropertyCatchalls_getProperty):
-        (PropertyCatchalls_setProperty):
-        (PropertyCatchalls_getPropertyNames):
-        (PropertyCatchalls_class):
-        (main):
-        * API/tests/testapi.js: Some tests for dynamic API objects.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCachePutByID):
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCachePutByID):
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
-        requires it.
-
-        * runtime/JSTypeInfo.h:
-        (JSC::TypeInfo::TypeInfo):
-        (JSC::TypeInfo::isFinal):
-        (JSC::TypeInfo::prohibitsPropertyCaching):
-        (JSC::TypeInfo::flags): Added a flag to track opting out of property
-        caching. Fixed an "&&" vs "&" typo that was previously harmless, but
-        is now harmful since m_flags2 can have more than one bit set.
-
-2011-06-16  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8913432> Crash after running out of executable memory @ syntensity.com python simulator (requires 33.7MB for large array literals)
-
-    Merged TOT WebKit r88873, r88962, r89058
-
-    2011-06-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Reduce memory usage of resolve_global
-        https://bugs.webkit.org/show_bug.cgi?id=62765
-
-        If we have a large number of resolve_globals in a single
-        block start planting plain resolve instructions instead 
-        whenever we aren't in a loop.  This allows us to reduce
-        the code size for extremely large functions without
-        losing the performance benefits of op_resolve_global.
-
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::globalResolveInfoCount):
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
-        (JSC::BytecodeGenerator::emitResolve):
-        (JSC::BytecodeGenerator::emitResolveWithBase):
-        * bytecompiler/BytecodeGenerator.h:
-
-    2011-06-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Reduce the size of global_resolve
-        https://bugs.webkit.org/show_bug.cgi?id=62738
-
-        Reduce the code size of global_resolve in the JIT by replacing
-        multiple pointer loads with a single pointer move + two offset
-        loads.
-
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_resolve_global):
-
-    2011-06-14  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Constant array literals result in unnecessarily large amounts of code
-        https://bugs.webkit.org/show_bug.cgi?id=62658
-
-        Add a new version of op_new_array that simply copies values from a buffer
-        we hang off of the CodeBlock, rather than generating code to place each
-        entry into the registerfile, and then copying it from the registerfile into
-        the array.  This is a slight improvement on some sunspider tests, but no
-        measurable overall change.  That's okay though as our goal was to reduce
-        code size without hurting performance.
-
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::dump):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::addImmediateBuffer):
-        (JSC::CodeBlock::immediateBuffer):
-        * bytecode/Opcode.h:
-        * bytecompiler/BytecodeGenerator.cpp:
-        (JSC::BytecodeGenerator::addImmediateBuffer):
-        (JSC::BytecodeGenerator::emitNewArray):
-        * bytecompiler/BytecodeGenerator.h:
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::ArrayNode::emitBytecode):
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JIT.cpp:
-        (JSC::JIT::privateCompileMainPass):
-        * jit/JIT.h:
-        * jit/JITOpcodes.cpp:
-        (JSC::JIT::emit_op_new_array):
-        (JSC::JIT::emit_op_new_array_buffer):
-        * jit/JITOpcodes32_64.cpp:
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * jit/JITStubs.h:
-
-2011-06-16  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9306516> First-time JavaScript parse in app store can take ~130ms (was 160ms)
-
-    Merging r87177, r87838, r88076, r88082, r88083, r88084, r88094, r88394, r88668, r88719, r88974
-
-    2011-06-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Darin Adler.
-
-        REGRESSION (r88719): 5by5.tv schedule is not visible
-        https://bugs.webkit.org/show_bug.cgi?id=62720
-
-        Problem here is that the lexer wasn't considering '$' to be
-        a valid character in an identifier.
-
-        * parser/Lexer.h:
-        (JSC::Lexer::lexExpectIdentifier):
-
-    2011-06-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Fix llocp and lvalp names in the lexer to something more meaningful
-        https://bugs.webkit.org/show_bug.cgi?id=62605
-
-        A simple rename
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-        (JSC::Lexer::parseString):
-        (JSC::Lexer::lex):
-        * parser/Lexer.h:
-        (JSC::Lexer::lexExpectIdentifier):
-
-    2011-06-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Make it possible to inline the common case of identifier lexing
-        https://bugs.webkit.org/show_bug.cgi?id=62600
-
-        Add a lexing function that expects to lex an "normal" alpha numeric
-        identifier (that ignores keywords) so it's possible to inline the
-        common parsing cases.  This comes out as a reasonable parsing speed
-        boost.
-
-        * parser/JSParser.cpp:
-        (JSC::JSParser::nextExpectIdentifier):
-        (JSC::JSParser::parseProperty):
-        (JSC::JSParser::parseMemberExpression):
-        * parser/Lexer.cpp:
-        * parser/Lexer.h:
-        (JSC::Lexer::makeIdentifier):
-        (JSC::Lexer::lexExpectIdentifier):
-
-    2011-06-13  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Make it possible to inline Identifier::equal
-        https://bugs.webkit.org/show_bug.cgi?id=62584
-
-        Move Identifier::equal to the Identifier header file.
-
-        * runtime/Identifier.cpp:
-        * runtime/Identifier.h:
-        (JSC::Identifier::equal):
-
-    2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Lexer needs to provide Identifier for reserved words
-        https://bugs.webkit.org/show_bug.cgi?id=62086
-
-        Alas it is necessary to provide an Identifier reference for keywords
-        so that we can do the right thing when they're used in object literals.
-        We now keep Identifiers for all reserved words in the CommonIdentifiers
-        structure so that we can access them without a hash lookup.
-
-        * KeywordLookupGenerator.py:
-        * parser/Lexer.cpp:
-        (JSC::Lexer::parseIdentifier):
-        * parser/Lexer.h:
-        * runtime/CommonIdentifiers.cpp:
-        (JSC::CommonIdentifiers::CommonIdentifiers):
-        * runtime/CommonIdentifiers.h:
-
-    2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Force inlining of some hot lexer functions
-        https://bugs.webkit.org/show_bug.cgi?id=62079
-
-        Fix more GCC stupidity
-
-        * parser/Lexer.h:
-        (JSC::Lexer::isWhiteSpace):
-        (JSC::Lexer::isLineTerminator):
-
-    2011-06-03  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        GCC not inlining some functions that it really should be
-        https://bugs.webkit.org/show_bug.cgi?id=62075
-
-        Add ALWAYS_INLINE to a number of parsing and lexing functions
-        that should always be inlined.  This gets us ~1.4% on my ad hoc
-        parser test.
-
-        * KeywordLookupGenerator.py:
-        * parser/JSParser.cpp:
-        (JSC::JSParser::next):
-        (JSC::JSParser::nextTokenIsColon):
-        (JSC::JSParser::consume):
-        (JSC::JSParser::match):
-        (JSC::JSParser::tokenStart):
-        (JSC::JSParser::tokenLine):
-        (JSC::JSParser::tokenEnd):
-        * parser/Lexer.cpp:
-        (JSC::isIdentPart):
-
-2011-06-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9495270> Merge iOS WebKit to Safari Jazz FCS
-
-        Merged ToT WebKit r86871-r88061 on safari-534-branch branch.
-
-    2011-06-02  Lucas Forschler  <lforschler@apple.com>
-
-    Merged 87826.
-
-    2011-05-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Freezing a function and its prototype causes browser to crash.
-        https://bugs.webkit.org/show_bug.cgi?id=61758
-
-        Make JSObject::preventExtensions virtual so that we can override it
-        and instantiate all lazy
-
-        * JavaScriptCore.exp:
-        * runtime/JSFunction.cpp:
-        (JSC::createPrototypeProperty):
-        (JSC::JSFunction::preventExtensions):
-        (JSC::JSFunction::getOwnPropertySlot):
-        * runtime/JSFunction.h:
-        * runtime/JSObject.h:
-        * runtime/JSObject.cpp:
-        (JSC::JSObject::seal):
-        (JSC::JSObject::seal):
-
-    2011-05-27  Mark Rowe  <mrowe@apple.com>
-
-        Merge r87580.
-
-    2011-05-27  Stephanie Lewis  <slewis@apple.com>
-
-        Unreviewed.
-
-        Fix a typo in the order_file flag.
-
-        * Configurations/Base.xcconfig:
-
-    2011-05-27  Mark Rowe  <mrowe@apple.com>
-
-        Merge r87520.
-
-    2011-05-27  Stephanie Lewis  <slewis@apple.com>
-
-        Rubber Stamped by Adam Roben.
-
-        Update Order Files.  Use -order_file flag since it can order more of the binary.
-
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.order:
-
-    2011-05-26  Lucas Forschler  <lforschler@apple.com>
-
-    Merged r87157.
-
-    2011-05-23  Michael Saboff  <msaboff@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        Safari often freezes when clicking "Return free memory" in Caches dialog
-        https://bugs.webkit.org/show_bug.cgi?id=61325
-
-        There are two fixes and improvement in instrumentation code used to find 
-        one of the problems.
-        Changed ReleaseFreeList() to set the "decommitted" bit when releasing
-        pages to the system and moving Spans from the normal list to the returned 
-        list.
-        Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
-        to eliminate an infinite loop if we can't meet the pagesToRelease target.
-        Added a check for the decommitted bit being set properly in 
-        TCMalloc_PageHeap::CheckList.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::scavenge):
-        (WTF::TCMalloc_PageHeap::Check):
-        (WTF::TCMalloc_PageHeap::CheckList):
-        (WTF::ReleaseFreeList):
-
-    2011-05-23  Gavin Barraclough  <barraclough@apple.com>
-
-    Merged r87109.
-
-    2011-05-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=61306
-
-        The begin characters optimization currently has issues (#61129),
-        and does not appear to still be a performance win. The prudent
-        next step seems to be to disable while we ascertain whether this
-        is still a useful performance optimization.
-
-        * yarr/YarrInterpreter.cpp:
-        (JSC::Yarr::Interpreter::matchDisjunction):
-        (JSC::Yarr::Interpreter::interpret):
-        * yarr/YarrInterpreter.h:
-        (JSC::Yarr::BytecodePattern::BytecodePattern):
-        * yarr/YarrPattern.cpp:
-        (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
-        (JSC::Yarr::YarrPattern::compile):
-        (JSC::Yarr::YarrPattern::YarrPattern):
-        * yarr/YarrPattern.h:
-        (JSC::Yarr::YarrPattern::reset):
-
-    2011-05-24  Steve Falkenburg  <sfalken@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Disable features on safari-534-branch.
-        <rdar://problem/9261347> 
-
-        * Configurations/FeatureDefines.xcconfig:
-
-    2011-05-22  Lucas Forschler  <lforschler@apple.com>
-
-    Merge r86972.
-    
-    2011-05-20  Brady Eidson  <beidson@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
-        Horrendous bug in callOnMainThreadAndWait
-
-        * wtf/MainThread.cpp:
-        (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
-          syncFlag condition, reacquire the mutex first.
-
-    2011-05-22  Lucas Forschler  <lforschler@apple.com>
-
-    Merge r86779.
-    
-    2011-05-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Adam Roben.
-
-        Disable gc validation in release builds
-        https://bugs.webkit.org/show_bug.cgi?id=60680
-
-        Add back the NDEBUG check
-
-        * wtf/Platform.h:
-
-    2011-05-19  Lucas Forschler  <lforschler@apple.com
-
-    Merged r86850.
-    
-    2011-05-19  Adam Roben  <aroben@apple.com>
-
-        Remove a redundant and broken data export
-
-        Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
-        JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
-        to a linker warning about multiple definitions.)
-
-        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
-
-    2011-05-19  Lucas Forschler  <lforschler@apple.com
-
-    Merged r86809.
-    
-    2011-05-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
-        https://bugs.webkit.org/show_bug.cgi?id=61064
-
-        Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
-        for its inline storage.  This resolves the problem of GC occurring before
-        a subclass has initialised its anonymous storage.
-
-        * runtime/JSObject.h:
-
-    2011-05-19  Lucas Forschler  <lforschler@apple.com
-
-    Merged r86785.
-    
-    2011-05-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
-        https://bugs.webkit.org/show_bug.cgi?id=61090
-
-        Remove the Structure-free JSGlobalObject constructor and instead always
-        pass the structure into the JSGlobalObject constructor.
-        Stop DebuggerActivation creating a new structure every time, and simply
-        use a single shared structure held by the GlobalData.
-
-        * API/JSContextRef.cpp:
-        * debugger/DebuggerActivation.cpp:
-        (JSC::DebuggerActivation::DebuggerActivation):
-        * jsc.cpp:
-        (GlobalObject::GlobalObject):
-        (functionRun):
-        (jscmain):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::clearBuiltinStructures):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-
-    2011-05-19  Lucas Forschler  <lforschler@apple.com>
-
-    Merge r86727.
-
-    2011-05-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Rolling back in r86653 with build fixed.
-
-        Reviewed by Gavin Barraclough and Oliver Hunt.
-
-        Global object initialization is expensive
-        https://bugs.webkit.org/show_bug.cgi?id=60933
-        
-        Changed a bunch of globals to allocate their properties lazily, and changed
-        the global object to allocate a bunch of its globals lazily.
-        
-        This reduces the footprint of a global object from 287 objects with 58
-        functions for 24K to 173 objects with 20 functions for 15K.
-
-        Large patch, but it's all mechanical.
-
-        * DerivedSources.make:
-        * JavaScriptCore.exp: Build!
-
-        * create_hash_table: Added a special case for fromCharCode, since it uses
-        a custom "thunk generator".
-
-        * heap/Heap.cpp:
-        (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
-        overcount objects that were owned through more than one mechanism because
-        it was getting in the way of counting the results for this patch.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::arrayConstructorTable):
-        (JSC::ExecState::arrayPrototypeTable):
-        (JSC::ExecState::booleanPrototypeTable):
-        (JSC::ExecState::dateConstructorTable):
-        (JSC::ExecState::errorPrototypeTable):
-        (JSC::ExecState::globalObjectTable):
-        (JSC::ExecState::numberConstructorTable):
-        (JSC::ExecState::numberPrototypeTable):
-        (JSC::ExecState::objectPrototypeTable):
-        (JSC::ExecState::regExpPrototypeTable):
-        (JSC::ExecState::stringConstructorTable): Added new tables.
-
-        * runtime/ArrayConstructor.cpp:
-        (JSC::ArrayConstructor::ArrayConstructor):
-        (JSC::ArrayConstructor::getOwnPropertySlot):
-        (JSC::ArrayConstructor::getOwnPropertyDescriptor):
-        * runtime/ArrayConstructor.h:
-        (JSC::ArrayConstructor::createStructure):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::ArrayPrototype::getOwnPropertySlot):
-        (JSC::ArrayPrototype::getOwnPropertyDescriptor):
-        * runtime/ArrayPrototype.h:
-        * runtime/BooleanPrototype.cpp:
-        (JSC::BooleanPrototype::BooleanPrototype):
-        (JSC::BooleanPrototype::getOwnPropertySlot):
-        (JSC::BooleanPrototype::getOwnPropertyDescriptor):
-        * runtime/BooleanPrototype.h:
-        (JSC::BooleanPrototype::createStructure):
-        * runtime/DateConstructor.cpp:
-        (JSC::DateConstructor::DateConstructor):
-        (JSC::DateConstructor::getOwnPropertySlot):
-        (JSC::DateConstructor::getOwnPropertyDescriptor):
-        * runtime/DateConstructor.h:
-        (JSC::DateConstructor::createStructure):
-        * runtime/ErrorPrototype.cpp:
-        (JSC::ErrorPrototype::ErrorPrototype):
-        (JSC::ErrorPrototype::getOwnPropertySlot):
-        (JSC::ErrorPrototype::getOwnPropertyDescriptor):
-        * runtime/ErrorPrototype.h:
-        (JSC::ErrorPrototype::createStructure): Standardized these objects
-        to use static tables for function properties.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        (JSC::JSGlobalData::~JSGlobalData):
-        * runtime/JSGlobalData.h: Added new tables.
-
-        * runtime/JSGlobalObject.cpp:
-        (JSC::JSGlobalObject::reset):
-        (JSC::JSGlobalObject::addStaticGlobals):
-        (JSC::JSGlobalObject::getOwnPropertySlot):
-        (JSC::JSGlobalObject::getOwnPropertyDescriptor):
-        * runtime/JSGlobalObject.h:
-        * runtime/JSGlobalObjectFunctions.cpp:
-        * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
-        static table for its global functions. This required uninlining some
-        things to avoid a circular header dependency. However, those things
-        probably shouldn't have been inlined in the first place.
-        
-        Even more global object properties can be made lazy, but that requires
-        more in-depth changes.
-
-        * runtime/MathObject.cpp:
-        * runtime/NumberConstructor.cpp:
-        (JSC::NumberConstructor::getOwnPropertySlot):
-        (JSC::NumberConstructor::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.cpp:
-        (JSC::NumberPrototype::NumberPrototype):
-        (JSC::NumberPrototype::getOwnPropertySlot):
-        (JSC::NumberPrototype::getOwnPropertyDescriptor):
-        * runtime/NumberPrototype.h:
-        (JSC::NumberPrototype::createStructure):
-        * runtime/ObjectPrototype.cpp:
-        (JSC::ObjectPrototype::ObjectPrototype):
-        (JSC::ObjectPrototype::put):
-        (JSC::ObjectPrototype::getOwnPropertySlot):
-        (JSC::ObjectPrototype::getOwnPropertyDescriptor):
-        * runtime/ObjectPrototype.h:
-        (JSC::ObjectPrototype::createStructure):
-        * runtime/RegExpPrototype.cpp:
-        (JSC::RegExpPrototype::RegExpPrototype):
-        (JSC::RegExpPrototype::getOwnPropertySlot):
-        (JSC::RegExpPrototype::getOwnPropertyDescriptor):
-        * runtime/RegExpPrototype.h:
-        (JSC::RegExpPrototype::createStructure):
-        * runtime/StringConstructor.cpp:
-        (JSC::StringConstructor::StringConstructor):
-        (JSC::StringConstructor::getOwnPropertySlot):
-        (JSC::StringConstructor::getOwnPropertyDescriptor):
-        * runtime/StringConstructor.h:
-        (JSC::StringConstructor::createStructure): Standardized these objects
-        to use static tables for function properties.
-
-2011-06-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9556885> iOS: Disable C++ exceptions when building with clang
-
-        Reviewed by Anders Carlsson.
-
-        Set GCC_ENABLE_CPP_EXCEPTIONS_LLVM_COMPILER to NO.
-
-        * Configurations/Base.xcconfig:
-
-2011-05-27  Oliver Hunt  <oliver@apple.com>
-
-        Further build fix.
-
-        * runtime/JSGlobalData.cpp:
-
-2011-05-27  Oliver Hunt  <oliver@apple.com>
-
-    Build fix
-
-    Merge r87550
-
-    2011-05-27  Patrick Gansterer  <paroga@webkit.org>
-
-            Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
-
-            * runtime/JSGlobalData.cpp:
-            (JSGlobalData::JSGlobalData):
-
-2011-05-27  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8943166> Crash after running out of executable memory @ palmbrasil.com.br (requires 22.2MB)
-
-    Merging r87327, r87436, r87445, and r87527
-
-    2011-05-27  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Geoffrey Garen.
-
-            Try to release unused executable memory when the FixedVMPool allocator is under pressure
-            https://bugs.webkit.org/show_bug.cgi?id=61651
-
-            Rather than crashing when full the FixedVMPool allocator now returns a null
-            allocation.  We replace the code that used to CRASH() on null allocations
-            with logic that asks the provided globalData to release any executable memory
-            that it can.  Currently this just means throwing away all regexp code, but
-            in future we'll try to be more aggressive.
-
-            * assembler/ARMAssembler.cpp:
-            (JSC::ARMAssembler::executableCopy):
-            * assembler/ARMAssembler.h:
-            * assembler/AssemblerBuffer.h:
-            (JSC::AssemblerBuffer::executableCopy):
-            * assembler/AssemblerBufferWithConstantPool.h:
-            * assembler/LinkBuffer.h:
-            (JSC::LinkBuffer::LinkBuffer):
-            (JSC::LinkBuffer::linkCode):
-            * assembler/MIPSAssembler.h:
-            (JSC::MIPSAssembler::executableCopy):
-            * assembler/SH4Assembler.h:
-            (JSC::SH4Assembler::executableCopy):
-            * assembler/X86Assembler.h:
-            (JSC::X86Assembler::executableCopy):
-            (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
-            * dfg/DFGJITCompiler.cpp:
-            (JSC::DFG::JITCompiler::compileFunction):
-            * jit/ExecutableAllocator.h:
-            (JSC::ExecutablePool::create):
-            (JSC::ExecutablePool::alloc):
-            (JSC::ExecutableAllocator::ExecutableAllocator):
-            (JSC::ExecutableAllocator::poolForSize):
-            (JSC::ExecutablePool::ExecutablePool):
-            (JSC::ExecutablePool::poolAllocate):
-            * jit/ExecutableAllocatorFixedVMPool.cpp:
-            (JSC::FixedVMPoolAllocator::alloc):
-            * jit/JIT.cpp:
-            (JSC::JIT::privateCompile):
-            * jit/JITOpcodes.cpp:
-            (JSC::JIT::privateCompileCTIMachineTrampolines):
-            * jit/JITOpcodes32_64.cpp:
-            (JSC::JIT::privateCompileCTIMachineTrampolines):
-            (JSC::JIT::privateCompileCTINativeCall):
-            * jit/JITPropertyAccess.cpp:
-            (JSC::JIT::stringGetByValStubGenerator):
-            (JSC::JIT::privateCompilePutByIdTransition):
-            (JSC::JIT::privateCompilePatchGetArrayLength):
-            (JSC::JIT::privateCompileGetByIdProto):
-            (JSC::JIT::privateCompileGetByIdSelfList):
-            (JSC::JIT::privateCompileGetByIdProtoList):
-            (JSC::JIT::privateCompileGetByIdChainList):
-            (JSC::JIT::privateCompileGetByIdChain):
-            * jit/JITPropertyAccess32_64.cpp:
-            (JSC::JIT::stringGetByValStubGenerator):
-            (JSC::JIT::privateCompilePutByIdTransition):
-            (JSC::JIT::privateCompilePatchGetArrayLength):
-            (JSC::JIT::privateCompileGetByIdProto):
-            (JSC::JIT::privateCompileGetByIdSelfList):
-            (JSC::JIT::privateCompileGetByIdProtoList):
-            (JSC::JIT::privateCompileGetByIdChainList):
-            (JSC::JIT::privateCompileGetByIdChain):
-            * jit/SpecializedThunkJIT.h:
-            (JSC::SpecializedThunkJIT::finalize):
-            * jit/ThunkGenerators.cpp:
-            (JSC::charCodeAtThunkGenerator):
-            (JSC::charAtThunkGenerator):
-            (JSC::fromCharCodeThunkGenerator):
-            (JSC::sqrtThunkGenerator):
-            (JSC::powThunkGenerator):
-            * runtime/JSGlobalData.cpp:
-            (JSC::JSGlobalData::JSGlobalData):
-            (JSC::JSGlobalData::releaseExecutableMemory):
-            (JSC::releaseExecutableMemory):
-            * runtime/JSGlobalData.h:
-            * runtime/RegExpCache.cpp:
-            (JSC::RegExpCache::invalidateCode):
-            * runtime/RegExpCache.h:
-            * yarr/YarrJIT.cpp:
-            (JSC::Yarr::YarrGenerator::compile):
-
-    2011-05-26  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Geoffrey Garen.
-
-            Make RegExpCache a weak map
-            https://bugs.webkit.org/show_bug.cgi?id=61554
-
-            Switch to a weak map for the regexp cache, and hide that
-            behaviour behind RegExp::create.
-
-            When a RegExp is compiled it attempts to add itself to
-            the "strong" cache.  This cache is a simple round-robin
-            buffer as was the old strong cache.  Happily this can
-            be smaller than the old strong cache as RegExps are only
-            added when they're compiled so it is under less pressure
-            to evict.
-
-            * bytecompiler/NodesCodegen.cpp:
-            (JSC::RegExpNode::emitBytecode):
-            * runtime/RegExp.cpp:
-            (JSC::RegExp::RegExp):
-            (JSC::RegExp::create):
-            (JSC::RegExp::match):
-            * runtime/RegExp.h:
-            (JSC::RegExp::gcShouldInvalidateCode):
-            (JSC::RegExp::hasCode):
-            (JSC::RegExp::key):
-            * runtime/RegExpCache.cpp:
-            (JSC::RegExpCache::lookupOrCreate):
-            (JSC::RegExpCache::RegExpCache):
-            (JSC::RegExpCache::isReachableFromOpaqueRoots):
-            (JSC::RegExpCache::finalize):
-            * runtime/RegExpCache.h:
-            * runtime/RegExpConstructor.cpp:
-            (JSC::constructRegExp):
-            * runtime/RegExpPrototype.cpp:
-            (JSC::regExpProtoFuncCompile):
-            * runtime/StringPrototype.cpp:
-            (JSC::stringProtoFuncMatch):
-            (JSC::stringProtoFuncSearch):
-
-    2011-05-25  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Geoffrey Garen.
-
-            Make RegExp GC allocated
-            https://bugs.webkit.org/show_bug.cgi?id=61490
-
-            Make RegExp GC allocated.  Basically mechanical change to replace
-            most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
-            where actual ownership happens.
-
-            Made the RegExpCache use Strong<> references currently to avoid any
-            changes in behaviour.
-
-            * JavaScriptCore.exp:
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::visitAggregate):
-            * bytecode/CodeBlock.h:
-            (JSC::CodeBlock::addRegExp):
-            * bytecompiler/BytecodeGenerator.cpp:
-            (JSC::BytecodeGenerator::addRegExp):
-            (JSC::BytecodeGenerator::emitNewRegExp):
-            * bytecompiler/BytecodeGenerator.h:
-            * runtime/JSCell.h:
-            * runtime/JSGlobalData.cpp:
-            (JSC::JSGlobalData::JSGlobalData):
-            (JSC::JSGlobalData::clearBuiltinStructures):
-            (JSC::JSGlobalData::addRegExpToTrace):
-            * runtime/JSGlobalData.h:
-            * runtime/JSGlobalObject.cpp:
-            (JSC::JSGlobalObject::reset):
-            * runtime/RegExp.cpp:
-            (JSC::RegExp::RegExp):
-            (JSC::RegExp::create):
-            (JSC::RegExp::invalidateCode):
-            * runtime/RegExp.h:
-            (JSC::RegExp::createStructure):
-            * runtime/RegExpCache.cpp:
-            (JSC::RegExpCache::lookupOrCreate):
-            (JSC::RegExpCache::create):
-            * runtime/RegExpCache.h:
-            * runtime/RegExpConstructor.cpp:
-            (JSC::constructRegExp):
-            * runtime/RegExpObject.cpp:
-            (JSC::RegExpObject::RegExpObject):
-            (JSC::RegExpObject::visitChildren):
-            * runtime/RegExpObject.h:
-            (JSC::RegExpObject::setRegExp):
-            (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
-            * runtime/RegExpPrototype.cpp:
-            (JSC::RegExpPrototype::RegExpPrototype):
-            (JSC::regExpProtoFuncCompile):
-            * runtime/RegExpPrototype.h:
-            * runtime/StringPrototype.cpp:
-            (JSC::stringProtoFuncMatch):
-            (JSC::stringProtoFuncSearch):
-
-    2011-05-25  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Geoffrey Garen.
-
-            Generate regexp code lazily
-            https://bugs.webkit.org/show_bug.cgi?id=61476
-
-            RegExp construction now simply validates the RegExp, it does
-            not perform actual codegen.
-
-            * runtime/RegExp.cpp:
-            (JSC::RegExp::RegExp):
-            (JSC::RegExp::recompile):
-            (JSC::RegExp::compile):
-            (JSC::RegExp::match):
-            * runtime/RegExp.h:
-            (JSC::RegExp::recompileIfNecessary):
-            * runtime/RegExpConstructor.h:
-            (JSC::RegExpConstructor::performMatch):
-            * runtime/RegExpObject.cpp:
-            (JSC::RegExpObject::match):
-            * runtime/StringPrototype.cpp:
-            (JSC::stringProtoFuncReplace):
-            (JSC::stringProtoFuncMatch):
-            (JSC::stringProtoFuncSearch):
-            (JSC::stringProtoFuncSplit):
-
-2011-05-25  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9501227> REGRESSION(r1024836): Crash in JSC::JIT::privateCompileCTIMachineTrampolines in many apps on resume
-
-    Merge ToT WebKit r87308
-
-    2011-05-25  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Geoffrey Garen.
-
-            Make allocations with guard pages ensure that the allocation succeeded
-            https://bugs.webkit.org/show_bug.cgi?id=61453
-
-            Add null checks, and make PageBlock's operator bool() use
-            the realbase, rather than the start of usable memory.
-
-            * wtf/OSAllocatorPosix.cpp:
-            (WTF::OSAllocator::reserveAndCommit):
-            * wtf/PageBlock.h:
-            (WTF::PageBlock::operator bool):
-            (WTF::PageBlock::PageBlock):
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-    Remove accidental change to Source/JavaScriptCore/ChangeLog
-
-    * ChangeLog: revert accidentally committed change
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9231233> exception handler being called incorrectly in Interpreter
-
-    Merged ToT WebKit r86960
-
-    2011-05-20  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Sam Weinig.
-
-            Interpreter uses wrong bytecode offset for determining exception handler
-            https://bugs.webkit.org/show_bug.cgi?id=61191
-
-            The bytecode offset given for the returnPC from the JIT is
-            actually the offset for the start of the instruction triggering
-            the call, whereas in the interpreter it is the actual return
-            VPC.  This means if the next instruction following a call was
-            in an exception region we would incorrectly redirect to its
-            handler.  Long term we want to completely redo how exceptions
-            are handled anyway so the simplest and lowest risk fix here is
-            to simply subtract one from the return vPC so that we have an
-            offset in the triggering instruction.
-
-            It turns out this is caught by a couple of tests already.
-
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::unwindCallFrame):
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8887771> Add a guard page on each side of the JIT executable region
-
-    Merged ToT WebKit r86906
-
-    2011-05-19  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Gavin Barraclough.
-
-            Add guard pages to each end of the memory region used by the fixedvm allocator
-            https://bugs.webkit.org/show_bug.cgi?id=61150
-
-            Add mechanism to notify the OSAllocator that pages at either end of an
-            allocation should be considered guard pages.  Update PageReservation,
-            PageAllocation, etc to handle this.
-
-            * JavaScriptCore.exp:
-            * jit/ExecutableAllocatorFixedVMPool.cpp:
-            (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-            * wtf/OSAllocator.h:
-            * wtf/OSAllocatorPosix.cpp:
-            (WTF::OSAllocator::reserveUncommitted):
-            (WTF::OSAllocator::reserveAndCommit):
-            * wtf/PageAllocation.h:
-            (WTF::PageAllocation::PageAllocation):
-            * wtf/PageAllocationAligned.h:
-            (WTF::PageAllocationAligned::PageAllocationAligned):
-            * wtf/PageBlock.h:
-            (WTF::PageBlock::PageBlock):
-            * wtf/PageReservation.h:
-            (WTF::PageReservation::reserve):
-            (WTF::PageReservation::reserveWithGuardPages):
-                Add a new function to make a reservation that will add guard
-                pages to the ends of an allocation.
-            (WTF::PageReservation::PageReservation):
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9470482> GC allocated executables are destroyed lazily, so release executable memory slowly
-    
-    Merged ToT WebKit r86883
-    
-    2011-05-19  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Geoffrey Garen.
-
-            Make Executables release their JIT code as soon as they become dead
-            https://bugs.webkit.org/show_bug.cgi?id=61134
-
-            Add an ability to clear an Executable's jit code without requiring
-            it to be destroyed, and then call that from a finalizer.
-
-            * heap/Weak.h:
-            (JSC::Weak::Weak):
-            (JSC::Weak::leak):
-            * jit/JITCode.h:
-            (JSC::JITCode::clear):
-            * runtime/Executable.cpp:
-            (JSC::ExecutableFinalizer::finalize):
-            (JSC::ExecutableBase::executableFinalizer):
-            * runtime/Executable.h:
-            (JSC::ExecutableBase::ExecutableBase):
-            (JSC::ExecutableBase::clearExecutableCode):
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/9240218> Consider removing branchConvertDoubleToInt32
-
-    Merged ToT WebKit r86968
-
-    2011-05-20  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Sam Weinig.
-
-            Remove unnecessary double->int conversion at the end of op_div
-            https://bugs.webkit.org/show_bug.cgi?id=61198
-
-            We don't attempt this conversion on 64bit, removing it actually speeds
-            up sunspider and v8 slightly, and it reduces code size.
-
-            * jit/JITArithmetic32_64.cpp:
-            (JSC::JIT::emit_op_div):
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8881410> Investigation: Harden against JIT spraying attacks
-
-    Merged ToT WebKit r86919
-
-    2011-05-19  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Gavin Barraclough.
-
-            Randomise code starting location a little
-            https://bugs.webkit.org/show_bug.cgi?id=61161
-
-            Add a nop() function to the Assemblers so that we
-            can randomise code offsets slightly at no real cost.
-
-            * assembler/ARMAssembler.h:
-            (JSC::ARMAssembler::nop):
-            * assembler/ARMv7Assembler.h:
-            (JSC::ARMv7Assembler::nop):
-            * assembler/MacroAssemblerARM.h:
-            (JSC::MacroAssemblerARM::nop):
-            * assembler/MacroAssemblerARMv7.h:
-            (JSC::MacroAssemblerARMv7::nop):
-            * assembler/MacroAssemblerMIPS.h:
-            (JSC::MacroAssemblerMIPS::nop):
-            * assembler/MacroAssemblerSH4.h:
-            (JSC::MacroAssemblerSH4::nop):
-            * assembler/MacroAssemblerX86Common.h:
-            (JSC::MacroAssemblerX86Common::nop):
-            * assembler/X86Assembler.h:
-            (JSC::X86Assembler::nop):
-            * jit/JIT.cpp:
-            (JSC::JIT::JIT):
-            (JSC::JIT::privateCompile):
-            * jit/JIT.h:
-            * runtime/WeakRandom.h:
-            (JSC::WeakRandom::getUint32):
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-    <rdar://problem/8247576> JSC should limit inline PIC offsets to fit in single instruction loads on ARMv7
-
-    Merged ToT WebKit r86999
-
-    2011-05-20  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Gavin Barraclough.
-
-            Reduce size of inline cache path of get_by_id on ARMv7
-            https://bugs.webkit.org/show_bug.cgi?id=61221
-
-            This reduces the code size of get_by_id by 20 bytes
-
-            * assembler/ARMv7Assembler.h:
-            (JSC::ARMv7Assembler::ldrCompact):
-            (JSC::ARMv7Assembler::repatchCompact):
-            (JSC::ARMv7Assembler::setUInt7ForLoad):
-            * assembler/MacroAssemblerARMv7.h:
-            (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
-            * jit/JIT.h:
-
-2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-     <rdar://problem/9493374> scripter crashing in JavaScriptCore: JSC::slowValidateCell
-     
-     Merged ToT WebKit r87190
-
-     2011-05-24  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Gavin Barraclough.
-
-            Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
-            https://bugs.webkit.org/show_bug.cgi?id=61385
-
-            The interpreter uses the structure slot of get_by_id and put_by_id to hold
-            the initial structure it encountered so that it can identify whether a
-            given access is stable.
-
-            When marking though we only visit the slot when we've decided to cache, and
-            so this value could die.  This was "safe" as the value was only used for a
-            pointer compare, but it was incorrect.  We now just mark the slot like we
-            should have been doing already.
-
-            * bytecode/CodeBlock.cpp:
-            (JSC::CodeBlock::visitStructures):
-
-2011-05-16  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/9449255> No need to explicitly cleanup JIT code when handling memory warning
-
-        Reviewed by Geoffrey Garen.
-
-        Revert changes made for <rdar://problem/9392975> since we now clean up JIT code on
-        JavaScript garbage collection. This behavior was added in the merge of opensource r86510.
-
-        * JavaScriptCore.exp:
-
-2011-05-16  Pratik Solanki  <psolanki@apple.com>
-
-        Part of <rdar://problem/9449162> REGRESSION: SunSpider ~7% slower in browser than on command line (was 17%)
-
-        Merged ToT WebKit r86510.
-
-    2011-05-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
-        in browser than on command line
-        
-        This patch fixes a few issues in generated code that could unreasonably
-        prolong object lifetimes.
-
-        * heap/Heap.cpp:
-        (JSC::Heap::collectAllGarbage): Throw away all function code before doing
-        a major collection. We want to clear polymorphic caches, since they can
-        keep alive large object graphs that have gone "stale". For the same reason,
-        but to a lesser extent, we also want to clear linked functions and other
-        one-off caches.
-
-        This has the side-benefit of reducing memory footprint from run-once
-        functions, and of allowing predictions and caches that have failed to
-        re-specialize.
-
-        Eventually, if compilation costs rise far enough, we may want a more
-        limited strategy for de-specializing code without throwing it away
-        completely, but this works for now, and it's the simplest solution.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::hostFunctionStub):
-        * jit/JITStubs.h:
-        * runtime/JSFunction.cpp: Made the host function stub cache weak --
-        otherwise it's effectively a memory leak that can seriously fragment the
-        GC and JIT heaps.
-
-        (JSC::JSFunction::JSFunction):
-        (JSC::JSFunction::visitChildren): Cleared up some comments that confused
-        me when working with this code.
-
-2011-05-16  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9446250> Exceptions not disabled in ARM builds
-
-        Merged ToT WebKit r86598.
-
-    2011-05-16  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
-        <rdar://problem/9446430>
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Fixed typo.
-
-2011-05-05  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Simon Fraser.
-
-        Remove ENABLE(RANGETYPE_AS_TEXT).
-
-        * wtf/Platform.h:
-
-2011-05-09  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/9392975> Should clean up JIT code when we get a memory warning
-
-        Reviewed by Oliver Hunt and David Kilzer.
-
-        * JavaScriptCore.exp: Export JSGlobalData::recompileAllJSFunctions
-
-2011-05-02  Oliver Hunt  <oliver@apple.com>
-
-        Rubber stamped by Gavin Barraclough.
-
-        <rdar://problem/9344858> Crash in Scripter beneath Structure::materializePropertyMap running URL stress test
-
-        Merge <http://trac.webkit.org/changeset/85523>.
-
-        2011-05-02  Oliver Hunt  <oliver@apple.com>
-
-                Reviewed by Gavin Barraclough.
-
-                Correct marking of interpreter data in mixed mode builds
-                https://bugs.webkit.org/show_bug.cgi?id=59962
-
-                We had a few places in mixed mode builds where we would not
-                track data used by the interpreter for marking.  This patch
-                corrects the problem and adds a number of assertions to catch
-                live Structures being collected.
-
-                * JavaScriptCore.exp:
-                * assembler/ARMv7Assembler.h:
-                (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
-                * bytecode/CodeBlock.cpp:
-                (JSC::CodeBlock::dump):
-                * bytecode/CodeBlock.h:
-                (JSC::CodeBlock::addPropertyAccessInstruction):
-                (JSC::CodeBlock::addGlobalResolveInstruction):
-                (JSC::CodeBlock::addStructureStubInfo):
-                (JSC::CodeBlock::addGlobalResolveInfo):
-                * bytecompiler/BytecodeGenerator.cpp:
-                (JSC::BytecodeGenerator::emitResolve):
-                (JSC::BytecodeGenerator::emitResolveWithBase):
-                (JSC::BytecodeGenerator::emitGetById):
-                (JSC::BytecodeGenerator::emitPutById):
-                (JSC::BytecodeGenerator::emitDirectPutById):
-                * runtime/Structure.cpp:
-                (JSC::Structure::materializePropertyMap):
-                * runtime/Structure.h:
-                (JSC::Structure::typeInfo):
-                (JSC::Structure::previousID):
-                (JSC::Structure::propertyStorageCapacity):
-                (JSC::Structure::propertyStorageSize):
-                (JSC::Structure::get):
-                (JSC::Structure::materializePropertyMapIfNecessary):
-
-2011-04-29  Andy Estes  <aestes@apple.com>
-
-        Rubber-stamped by Simon Fraser.
-
-        Merge <http://trac.webkit.org/changeset/85361>.
-        
-        2011-04-29  Gavin Barraclough  <barraclough@apple.com> 
-
-                   Reviewed by Oliver Hunt & Geoff Garen. 
-
-                   https://bugs.webkit.org/show_bug.cgi?id=59221 
-                   [RegexFuzz] Regression blocking testing 
-
-                   Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion 
-                   node, emitDisjunction recursively calls to itself to emit the nested disjunction 
-                   the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into 
-                   account the uncheck that has just taken place). 
-
-                   Also, the special handling given to countToCheck in the case of parenthetical 
-                   assertions is nonsense, delete it, along with the isParentheticalAssertion argument. 
-
-                   * yarr/YarrInterpreter.cpp: 
-                   (JSC::Yarr::ByteCompiler::emitDisjunction):
-
-2011-04-27  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Reviewed by NOBODY (OOPS!).
-
-        <rdar://problem/9349760> Merge Stabilization: Merge iOS WebKit up to ToT WebKit r84942
-
-        Filed open source bug https://bugs.webkit.org/show_bug.cgi?id=59770, will remove this change if open source
-        change gets landed.
-
-        ToT WebKit r81135 added WTF_EXPORT_PRIVATE to wtf/Assertions.  The macro is defined in JavaScriptCore's or
-        WebCore's config.h which is included as the first header file for each source file. However, for projects like
-        UIKit or MobileSafari, config.h doesn't exist and compiler complains the undefined WTF_EXPORT_PRIVATE. Since
-        WTF_EXPORT_PRIVATE only makes sense when compiling JavaScriptCore, we can always turn it to empty macro if
-        it is not defined.
-
-        * wtf/Assertions.h:
-
-2011-04-15  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by NOBODY (OOPS!).
-
-        <rdar://problem/6591720> Support Web Inspector on iPhone Simulator using MobileSafari/Web.app
-
-        * Configurations/FeatureDefines.xcconfig: Add REMOTE_INSPECTOR Feature.
-
-2011-03-28  Joseph Pecoraro  <joepeck@webkit.org>
-
-        <rdar://problem/9197849> Leaked JSC::PropertyTable seen in AppStore
-
-        Merged ToT WebKit r81420.
-
-    2011-03-17  Geoffrey Garen  <ggaren@apple.com>
-
-            Reviewed by Mark Rowe.
-
-            Fixed some string leaks seen on the buildbot
-            https://bugs.webkit.org/show_bug.cgi?id=56619
-
-            * runtime/PropertyMapHashTable.h:
-            (JSC::PropertyTable::~PropertyTable): DEref!
-
-2011-03-24  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/9083011> REGRESSION (Telluride): CRASH beneath JSC::call @ yahoo.com, redfin.com, and others
-        
-        Merged ToT WebKit r81904.
-
-2011-03-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/9123439> Crash in JSC::JSParser::Scope::declareParameter loading google.com
-
-        Export function for registering a thread from JSC so that it can be used from WebCore.
-
-        * JavaScriptCore.exp:
-
-2011-03-23  Geoffrey Garen  <ggaren@apple.com>
-
-        Rubber-stamped by David Kilzer.
-
-        Fixed one case of <rdar://problem/9083011> REGRESSION (Telluride): CRASH
-        beneath JSC::call when tapping on links or activating Reader @ yahoo.com
-
-        Merged OpenSource trunk r81751.
-
-        * debugger/Debugger.cpp:
-        * runtime/JSGlobalData.cpp:
-        (WTF::Recompiler::operator()):
-
-2011-03-22  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8772865> Webkit should use no-copy-cache CFNetwork SPI
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h: Enable HAVE_CFNETWORK_DATA_ARRAY_CALLBACK on iOS.
-
-2011-02-25  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Yongjun Zhang.
-
-        WebKit Merge Stabilization.
-
-        We were reaching the MaxLargeThreadReentryDepth on the WebThread
-        when running fast/xmlhttprequest/xmlhttprequest-recursive-sync-event.html.
-        The WebThread's stack size, defined in WebCore/wak/WebCoreThread.mm,
-        is 800kb. Rather than increase that size, we will slightly decrease
-        the maximum recursion depth to 93. For this test case, 94 works,
-        but 95 doesn't. Setting it a little lower allows for some leeway
-        for future changes.
-
-        * interpreter/Interpreter.h: decrease MaxLargeThreadReentryDepth from 100 to 93.
-
-2011-02-23  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Reviewed by Joseph Pecoraro.
-
-        WebKit Merge Stabilization.
-
-        Revert back to old behavior which used to return 0 instead of
-        CRASHing when checking if we can allocate executable memory.
-        This is because on iOS isValid() mmap will only return successfully
-        when the JIT is enabled and allowed for an application, but
-        fail when the JIT is not allowed for an application; yet, all
-        applications will take this path and check isValid before
-        we know if we are allowed to use the JIT or not.
-
-        * wtf/OSAllocatorPosix.cpp:
-        (WTF::OSAllocator::reserveAndCommit): return 0 instead of crashing
-        when checking if the allocating executable memory works.
-
-2011-02-23  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Reviewed by Joseph Pecoraro.
-
-        WebKit Merge Stabilization.
-
-        Instead of using StackBounds cached in JSGlobalData, we need to retrieve the current StackBounds from
-        thread local storage, because in iOS WebKit both main thread and web thread could access the same JSGlobalData.
-        We also need to skip consistency check in StackBounds if the current thread is not the thread that initially
-        created this stack.
-
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::stack): use StackBounds cached in thread local storage.
-        * wtf/StackBounds.cpp:
-        (WTF::StackBounds::checkConsistency): don't check consistency if the current thread is not the thread created this stack.
-        * wtf/StackBounds.h:
-        * wtf/WTFThreadData.cpp: initialize StackBounds for the current thread in iOS.
-        (WTF::WTFThreadData::WTFThreadData):
-
-2011-02-24  David Kilzer  <ddkilzer@apple.com>
-
-        Part 3 of 3: <rdar://problem/9000689> Symlink JavaScriptCore.framework/Resources/jsc to /usr/local/bin/jsc
-
-        Reviewed by David Carson.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        (Copy Into Framework): For Production builds, create a relative
-        symlink from JavaScriptCore.framework/Resources/jsc to
-        /usr/local/bin/jsc.
-
-2011-02-24  David Kilzer  <ddkilzer@apple.com>
-
-        Part 2 of 3: <rdar://problem/9000689> Symlink JavaScriptCore.framework/Resources/jsc to /usr/local/bin/jsc
-
-        Merged ToT WebKit r79131.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
-        for the Production_Hardware configuration of jsc target and
-        INSTALL_PATH_ACTUAL for the Production_Deployment confifguration.
-
-    2011-02-19  David Kilzer  <ddkilzer@apple.com>
-
-        <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc
-
-        Reviewed by Dan Bernstein.
-
-        * Configurations/Base.xcconfig: Added
-        JAVASCRIPTCORE_FRAMEWORKS_DIR variable.
-        * Configurations/JavaScriptCore.xcconfig: Used
-        JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
-        for Production configuration of jsc target.
-        (Copy Into Framework): Removed old build phase.
-        (Fix Framework Reference): Renamed build phase to "Copy Into
-        Framework".  Added "set -x" call to make the script print the
-        commands it is running.  Added code to exit early for Production
-        builds since this was never intended for them.  Added code to
-        copy jsc into the JavaScriptCore.framework/Resources directory.
-
-2011-02-24  David Kilzer  <ddkilzer@apple.com>
-
-        Part 1 of 3: <rdar://problem/9000689> Symlink JavaScriptCore.framework/Resources/jsc to /usr/local/bin/jsc
-
-        Revert iOS WebKit r999313.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        (Codesign jsc in Framework Bundle): Remove build phase script.
-
-2011-02-17  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8969982> Enable 3D_CANVAS once ANGLE is in the builds
-
-        Reviewed by Joseph Pecoraro.
-
-        Backed out puzzlebox svn r998105 plus fixes.
-
-        * wtf/Platform.h: Re-enable 3D_CANVAS for iOS (but not armv6).
-
-2011-02-15  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/9005073> INSTALL_PATH set incorrectly for Development_Hardware and other configurations
-
-        Reviewed by David Kilzer.
-
-        Do not set INSTALL_PATH to $(BUILT_PRODUCTS_DIR) - it sets the wrong install_name on
-        frameworks and breaks loading.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-02-14  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/9000068> Define INSTALL_PATH_ACTUAL for all iOS Simulator targets
-
-        Reviewed by Joseph Pecoraro.
-
-        INSTALL_PATH_ACTUAL must be defined for all iOS Simulator
-        targets since it's used in more than just INSTALL_PATH.
-
-        * Configurations/JavaScriptCore.xcconfig: Changed
-        INSTALL_PATH_iphonesimulator to be defined as it is in
-        IndigoSDK.xcconfig. Added INSTALL_PATH_ACTUAL and
-        INSTALL_PATH_ACTUAL_iphonesimulator definitions to cover
-        Development, Deployment and Production_Deployment configurations
-        of the JavaScriptCore target.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed
-        INSTALL_PATH_ACTUAL for the Production_Deployment configuration
-        of the JavaScriptCore target.  Added/updated INSTALL_PATH and
-        INSTALL_PATH_ACTUAL definitions for Development, Deployment and
-        Production_Deployment configurations of jsc, minidom and testapi
-        targets.
-
-2011-02-14  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8995444> Project file changes for Xcode 4
-
-        Rubber-stamped by David Kilzer.
-
-        Add SUPPORTED_PLATFORMS to indicate the platforms supported for each
-        configuration. Also set the Base SDK to internal iPhoneOS for all iOS
-        targets.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-02-12  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8977538> /System/Library/PrivateFrameworks/JavaScriptCore.framework/Resources/jsc is missing JIT entitlement
-
-        Rubber-stamped by David Carson.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Add a
-        "Codesign jsc in Framework Bundle" build phase script.
-
-2011-02-11  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/8992976> r999053 causes WebCore to have the wrong install_name
-
-        Restore INSTALL_PATH_ACTUAL to prevent breaking
-        LD_DYLIB_INSTALL_NAME_mh_dylib for Production_Deployment
-        simulator builds.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2011-02-11  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8984033> Clean up INSTALL_PATH and INSTALL_PATH_ACUTAL in JavaScriptCore/WebCore/WebKit
-
-        Reviewed by Joseph Pecoraro.
-
-        There are two main fixes here:
-
-        1. Define INSTALL_PATH in ProjectName.xcconfig for all
-        platforms (iphoneos, iphonesimulator, macosx).
-
-        2. Clean up the Xcode project file to define INSTALL_PATH only
-        when the Mac OS X configurations (Debug, Release, Production)
-        define it, or when a target doesn't use ProjectName.xcconfig to
-        define INSTALL_PATH.
-
-        In all cases we eschew INSTALL_PATH_ACTUAL in favor of using
-        INDIGO_INSTALL_PATH_PREFIX for iOS Simulator configurations. The
-        only exceptions are Development and Deployment configurations
-        which always build into BUILT_PRODUCTS_DIR.
-
-        * Configurations/JavaScriptCore.xcconfig: Define INSTALL_PATH
-        for all platforms.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Clean up use of
-        INSTALL_PATH and INSTALL_PATH_ACTUAL to match Mac OS X
-        configurations.
-
-2011-02-11  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Pratik Solanki.
-
-        <rdar://problem/8967636> Re-enable JIT support for Telluride
-
-        Re-enable the JIT. Patch by Gavin Barraclough.
-        mmap won't normally allow RWX memory on iOS, if you request
-        RWX it'll actually just give you RW. By passing MAP_JIT we
-        can get RWX.
-
-        * wtf/PageAllocation.h:
-        (WTF::PageAllocation::systemAllocateAt): pass MAP_JIT when we want executable memory.
-        * wtf/Platform.h:
-
-2011-02-10  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        <rdar://problem/8978376> REGRESSION(9A126): Crash in JSC::DefaultGCActivityCallback::DefaultGCActivityCallback running jsc and scripter
-
-        Normal DefaultGCActivity should happen on the runloop of the thread that creates
-        the Heap. That way when timer based Garbage Collection needs to happen, it can
-        safely happen on the runloop of the single thread that has access to that Heap.
-
-        In r998045 I attempted to schedule all DefaultGCActivityCallback timers on a
-        WebThreadRunLoop. This was incorrect because it did not correctly handle
-        Workers that create separate Heaps on Worker threads, and also direct users
-        of JavaScriptCore who don't even have WebThreads! That change is reverted here.
-
-        This solution leaves the general case alone and more directly schedules Garbage
-        Collection of WebCore's shared JSGlobalData (commonJSGlobalData) Heap on the
-        WebThread's runloop. It does this by implementing a custom WebSafeGCActivityCallback,
-        and sets that as the activity callback when the commonJSGlobalData is created.
-        This custom callback is scheduled on the WebThread's run loop.
-
-        I've tested this with scripter on a device (main thread using JSC without WebCore),
-        and verified that this does not regress the Worker thread case which had an
-        attempted fixed in r998436.
-
-        Many of the changes here landed in ToT WebKit r78291 and r78292.
-
-        * JavaScriptCore.exp: export the protected GCActivityCallback pieces.
-        * JavaScriptCore.xcodeproj/project.pbxproj: export GCActivityCallback.h so WebCore can access it.
-        * runtime/GCActivityCallback.h:
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): added a constructor that can specify the CFRunLoop.
-        (JSC::DefaultGCActivityCallback::commonConstructor): common initialization with a heap and run loop.
-        (JSC::DefaultGCActivityCallback::operator()):
-        * wtf/iphone/WebCoreThread.cpp: no longer need access to WebThreadRunLoop.
-        * wtf/iphone/WebCoreThread.h: no longer need access to WebThreadRunLoop.
-
-2011-02-08  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8972084> LayoutTest: DRT crash on fast/workers/worker-cloneport.html
-
-        Reviewed by David Carson.
-
-        GC triggered on Worker threads needs to occur on that thread. The code would try schedule
-        all GCs on the web thread which caused assertions to be triggered when worker threads were
-        used. Updated the code so that GC from main thread gets scheduled on the web thread but in
-        all other cases GC runs on the same thread.
-
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
-
-2011-02-07  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/8969648> Disable 3D_CANVAS until ANGLE is in the builds
-
-        * wtf/Platform.h: temporarily disable 3D_CANVAS.
-
-2011-02-07  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Yongjun Zhang.
-
-        WebKit Merge Stabilization
-
-        Temporarily disable the JIT on Telluride.
-
-        * wtf/Platform.h:
-
-2011-02-04  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Yongjun Zhang.
-
-        WebKit Merge Stabilization
-
-        Garbage collection happens on a CFRunLoop. We want to ensure
-        that it happens on the WebThread's run loop, because otherwise
-        there could be conflicts if the WebThread was doing work
-        with the objects being collected.
-
-        * JavaScriptCore.exp: export the function to be filled.
-        * runtime/GCActivityCallbackCF.cpp:
-        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): use the WebThreadRunLoop for Garbage Collection events.
-        * wtf/iphone/WebCoreThread.cpp: expose a function to be filled by WebCore to get the WebThreadRunLoop.
-        * wtf/iphone/WebCoreThread.h: expose a function to be filled by WebCore to get the WebThreadRunLoop.
-
-2011-02-04  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Merge ToT WebKit r69096.
-
-    2010-10-05  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Darin Adler.
-
-            REGRESSION(r68338): JavaScript error on PowerPC only (crashes on Interpreter built for x86_64)
-            https://bugs.webkit.org/show_bug.cgi?id=46690
-
-            Use the correct register value when initialising the arguments
-            object in the interpreter.  This is covered by existing tests.
-
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::privateExecute):
-
-2011-01-29  Cameron Zwarich  <zwarich@apple.com>
-
-        Remove a comment that suggests removing a call to strncpy(). strncpy() is the safe one!
-
-        Reviewed by David Kilzer.
-
-        * runtime/NumberPrototype.cpp:
-        (JSC::integerPartNoExp):
-
-2011-01-29  Cameron Zwarich  <zwarich@apple.com>
-
-        Not reviewed.
-
-        Merge ToT WebKit r77065.
-
-    2011-01-29  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        JavaScriptCoreUseJIT environment variable broken
-        https://bugs.webkit.org/show_bug.cgi?id=53372
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData): Check the actual value in the string returned
-        by getenv() rather than just doing a NULL check on the return value.
-
-2011-01-28  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/8902297> REGRESSION: After loading ~100 websites,
-        Safari often crashes due to executable memory limit (8F162)
-
-        The crashes here seem to come from external fragmentation in the
-        FixedVMPoolAllocator. Switch from best fit to first fit.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
-        (JSC::AllocationTableSizeClass::blockSize):
-        (JSC::AllocationTableSizeClass::blockCount):
-        (JSC::AllocationTableSizeClass::blockAlignment):
-        (JSC::AllocationTableSizeClass::size):
-        (JSC::AllocationTableLeaf::AllocationTableLeaf):
-        (JSC::AllocationTableLeaf::~AllocationTableLeaf):
-        (JSC::AllocationTableLeaf::allocate):
-        (JSC::AllocationTableLeaf::free):
-        (JSC::AllocationTableLeaf::isEmpty):
-        (JSC::AllocationTableLeaf::isFull):
-        (JSC::AllocationTableLeaf::size):
-        (JSC::AllocationTableLeaf::classForSize):
-        (JSC::AllocationTableLeaf::dump):
-        (JSC::LazyAllocationTable::LazyAllocationTable):
-        (JSC::LazyAllocationTable::~LazyAllocationTable):
-        (JSC::LazyAllocationTable::allocate):
-        (JSC::LazyAllocationTable::free):
-        (JSC::LazyAllocationTable::isEmpty):
-        (JSC::LazyAllocationTable::isFull):
-        (JSC::LazyAllocationTable::size):
-        (JSC::LazyAllocationTable::dump):
-        (JSC::LazyAllocationTable::classForSize):
-        (JSC::AllocationTableDirectory::AllocationTableDirectory):
-        (JSC::AllocationTableDirectory::~AllocationTableDirectory):
-        (JSC::AllocationTableDirectory::allocate):
-        (JSC::AllocationTableDirectory::free):
-        (JSC::AllocationTableDirectory::isEmpty):
-        (JSC::AllocationTableDirectory::isFull):
-        (JSC::AllocationTableDirectory::size):
-        (JSC::AllocationTableDirectory::classForSize):
-        (JSC::AllocationTableDirectory::dump):
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::reuse):
-        (JSC::FixedVMPoolAllocator::classForSize):
-        (JSC::FixedVMPoolAllocator::offsetToPointer):
-        (JSC::FixedVMPoolAllocator::pointerToOffset):
-        (JSC::ExecutableAllocator::isValid):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::underMemoryPressure):
-
-2011-01-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8098953> Use PLATFORM(IOS) instead of PLATFORM(IPHONE) in WebKit
-
-        Reviewed by Joseph Pecoraro.
-
-        The following macros have been renamed:
-
-        ENABLE(IPHONE_PPT) => ENABLE(IOS_PPT)
-        OS(IPHONE_OS) => OS(IOS)
-        PLATFORM(IPHONE) => PLATFORM(IOS)
-        PLATFORM(IPHONE_SIMULATOR) => PLATFORM(IOS_SIMULATOR)
-
-        The following Xcode variable (in FeatureDefines.xcconfig and
-        elsewhere) has been renamed:
-
-        ENABLE_IOS_PPT => ENABLE_IOS_PPT
-        WTF_PLATFORM_IPHONE => WTF_PLATFORM_IOS
-
-        [File list elided.]
-
-2011-01-05  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/8810722>
-        MobileSafari: chews up all memory when loading maps.google.com due to ARM codegen bug
-
-        The bug here is that zeroDouble was working inforrectly,
-        leading to op_loop_if_true failing - specifically in the
-        case where the value being checked is 0.0 encoded as a
-        double (rather than an integer immediate).
-
-        This was resulting in an infinite loop pushing to an array
-        on maps.google.com, and ultimately memory exhaustion.
-
-        Additionally this patch removes a redundant duplicate compare
-        in some (many) case.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::vcmp_F64):
-        (JSC::ARMv7Assembler::vcmpz_F64):
-            Added support for VCMPZ.
-        * assembler/MacroAssemblerARM.h:
-        (JSC::MacroAssemblerARM::branchDoubleNotEqual):
-            Changing the interface to benefit ARMv7.
-        (JSC::MacroAssemblerARM::branchDoubleEqualOrUnordered):
-            Changing the interface to benefit ARMv7.
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchDoubleNotEqual):
-            Combine these operations, to make use of VMCPZ.
-        (JSC::MacroAssemblerARMv7::branchDoubleEqualOrUnordered):
-            Combine these operations, to make use of VMCPZ.
-        (JSC::MacroAssemblerARMv7::compare32):
-            remove redundant duplicate compare.
-        * assembler/MacroAssemblerX86Common.h:
-        (JSC::MacroAssemblerX86Common::branchDoubleNotEqual):
-            Changing the interface to benefit ARMv7.
-        (JSC::MacroAssemblerX86Common::branchDoubleEqualOrUnordered):
-            Changing the interface to benefit ARMv7.
-        * jit/JITOpcodes32_64.cpp:
-        (JSC::JIT::emit_op_jfalse):
-            Switch to use branchDoubleEqualOrUnordered.
-        (JSC::JIT::emit_op_jtrue):
-            Switch to use branchDoubleNotEqual.
-
-2010-12-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/8781129>
-        Deeply nested JS expressions can exhaust the stack
-        (jsc-tests js1_5/Regress/regress-96526-002.js)
-
-        The stack recursion limit is too high for iOS.
-        For now, fix this bug by adjusting the limits and accelerating
-        the rate we increment in certain functions which require large
-        frames. In the longer term we should actually check stack usage.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::IncreaseEmitNodeDepth::IncreaseEmitNodeDepth):
-        (JSC::IncreaseEmitNodeDepth::~IncreaseEmitNodeDepth):
-        * bytecompiler/NodesCodegen.cpp:
-        (JSC::BinaryOpNode::emitStrcat):
-        (JSC::ForInNode::emitBytecode):
-        (JSC::TryNode::emitBytecode):
-
-2010-12-16  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8737284> Investigate time spent in sys_icache_invalidate and sys_dcache_flush
-
-        Merged ToT WebKit r74210.
-
-    2010-12-16  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=51166
-        ExecutableAllocator::cacheFlush should call sys_cache_control
-
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::cacheFlush): Use the more correct and forward looking API -
-        sys_cache_control(kCacheFunctionPrepareForExecution,...).
-
-2010-12-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Pratik Solanki.
-
-        Fixed incorrect #ifdef in Gavin's last patch.
-
-        * runtime/RegExpCache.h: Use PLATFORM(IPHONE), since PLATFORM(IOS) doesn't
-        exist on the Durango branch.
-
-2010-12-14  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8771026> Merge r68764 - Remove unnecessary cacheFlush calls from thumb-2
-
-        Merged ToT WebKit r68764.
-
-    2010-09-30  Gabor Loki  <loki@webkit.org>
-
-        Reviewed by Csaba Osztrogonác.
-
-        Remove unnecessary cacheFlush calls from Thumb-2
-        https://bugs.webkit.org/show_bug.cgi?id=46702
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMv7Assembler::relinkCall):
-        (JSC::ARMv7Assembler::repatchInt32):
-        (JSC::ARMv7Assembler::repatchPointer):
-
-2010-12-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/8765333> CRASH running out of executable memory, loading io9.com
-
-        The problem here is that each page uses a reasonable amount of memory, (~4Mb),
-        and that when miultiple pages are open we keep all JIT code for all functions
-        in all pages alive.
-
-        Add a check to detect high memory pressure situations in the executable allocator
-        (>50% of available memory allocated), and upon a top level entry into JSC (no code
-        running on the stack) in this situation throw away all JIT code.
-
-        * JavaScriptCore.exp:
-        * debugger/Debugger.cpp:
-        (JSC::Debugger::recompileAllJSFunctions): stop passing exec to recompile.
-        * jit/ExecutableAllocator.h:
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::ExecutablePool::systemAlloc): Count allocations.
-        (JSC::ExecutablePool::systemRelease): Count deallocations.
-        (JSC::ExecutablePool::underMemoryPressure): Check memory pressure.
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutablePool::underMemoryPressure): Stub out; only meaningful with FixedVMPool.
-        * jit/ExecutableAllocatorWin.cpp:
-        (JSC::ExecutablePool::underMemoryPressure): Stub out; only meaningful with FixedVMPool.
-        * runtime/Executable.cpp:
-        (JSC::FunctionExecutable::recompile): Remove ExecState argument to recompile.
-        * runtime/Executable.h:
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::recompileAllJSFunctions): throws away all JIT code.
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): add check / call to throw away.
-
-2010-12-14  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        <rdar://problem/8241425> JIT executable memory excessive usage due to regex caching
-
-        Reduce the amount of memory the RegExpCache can hold on to.
-        Currently the RegExpCache can hold 256 RegExp objects. If each falls into a separate
-        ExecutablePool, with a common size of 16Kb, this means we end up holding onto 4Mb of
-        memory. Firstly, we can reduce this by simply reducing the size of the cache to 32
-        entries. Secondly, we can use a separate set of ExecutablePools for JIT code generated
-        from RegExp objects. This helps in two ways (1) it increases the probability that
-        RegExps in the cache share the same pool, and (2) it means that a RegExp can't end
-        up holding on to a large ExecutablePool containing a translation of JS code.
-        (A RegExp could end up keeping a larger RegExp alive that happened to be sharing the
-        same pool, but large RegExp patterns are less common).
-
-        * runtime/JSGlobalData.h:
-        * runtime/RegExpCache.h:
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::compile):
-
-2010-12-14  Cameron Zwarich  <zwarich@apple.com>
-
-      <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
-
-      Not reviewed.
-
-        Merge Clang build fix r74029 from Open Source.
-
-          2010-12-13  Cameron Zwarich  <zwarich@apple.com>
-
-                  Reviewed by Eric Seidel.
-
-                  Clang fails to build the JSC interpreter
-                  https://bugs.webkit.org/show_bug.cgi?id=51016
-
-                  Clang does not allow indirect gotos out of scopes with cleanup. GCC 4.2 allows
-                  them, but it does not correctly generate the cleanup, causing a leak if the
-                  cleanup decrements a reference count.
-
-                  * interpreter/Interpreter.cpp:
-                  (JSC::Interpreter::privateExecute): Put an Identifier into its own scope.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-12-13  Cameron Zwarich  <zwarich@apple.com>
-
-        <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
-
-        Not reviewed.
-
-        Merge Clang build fix r73981 from Open Source.
-
-          2010-12-13  Cameron Zwarich  <zwarich@apple.com>
-
-                  Reviewed by Gavin Barraclough.
-
-                  JavaScriptCore should not use "asm volatile" outside of a function
-                  https://bugs.webkit.org/show_bug.cgi?id=50991
-
-                  * jit/JITStubs.cpp: Remove the volatile keyword from asm statements.
-
-        * jit/JITStubs.cpp:
-
-2010-12-13  Cameron Zwarich  <zwarich@apple.com>
-
-        <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
-
-        Not reviewed.
-
-        Merge Clang build fix r61203 from Open source.
-
-          2010-06-15  Anders Carlsson  <andersca@apple.com>
-
-                  Reviewed by Sam Weinig.
-
-                  Make JavaScriptCore build with clang++.
-
-                  * jit/JITInlineMethods.h:
-                  (JSC::JIT::emitPutVirtualRegister):
-                  Explicitly cast to an int.
-
-                  * yarr/RegexCompiler.cpp:
-                  (JSC::Yarr::compileRegex):
-                  Return 0 instead of false.
-
-        * jit/JITInlineMethods.h:
-        (JSC::JIT::emitPutVirtualRegister):
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::compileRegex):
-
-2010-12-13  Cameron Zwarich  <zwarich@apple.com>
-
-        <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
-
-        Not reviewed.
-
-        Merge Clang build fixes r63578, r73465, and r73467 from Open Source.
-
-          2010-07-16  Anders Carlsson  <andersca@apple.com>
-
-                  Reviewed by Sam Weinig.
-
-                  clang++ build fixes for JavaScriptCore and WebCore
-                  https://bugs.webkit.org/show_bug.cgi?id=42478
-
-                  * runtime/RegExpKey.h:
-                  (JSC::operator==):
-                  Move the RegExpKey equals operator into the JSC namespace so it can be found by ADL.
-
-          2010-12-07  Anders Carlsson  <andersca@apple.com>
-
-                  Reviewed by Darin Adler.
-
-                  Fix clang++ build
-                  https://bugs.webkit.org/show_bug.cgi?id=50645
-
-                  Explicitly cast offset to int.
-
-                  * pcre/pcre_ucp_searchfuncs.cpp:
-                  (jsc_pcre_ucp_othercase):
-
-          2010-12-07  Anders Carlsson  <andersca@apple.com>
-
-                  Build fix follow up build fix.
-
-                  * pcre/pcre_ucp_searchfuncs.cpp:
-                  (jsc_pcre_ucp_othercase):
-
-        * pcre/pcre_ucp_searchfuncs.cpp:
-        (jsc_pcre_ucp_othercase):
-        * runtime/RegExpKey.h:
-        (JSC::operator==):
-
-2010-12-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8185630> jsc, minidom and testapi should be built with the entitlement that allows the JIT
-
-        Reviewed by Cameron Zwarich.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added entitlement to
-        jsc, minidom and testapi targets for the Development_Hardware,
-        Deployment_Hardware and Production_Hardware configurations.
-        * entitlements.plist: Added.
-
-2010-11-17  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/6264399> Connect WebKit to memory notifications for all apps
-
-        Reviewed by David Kilzer.
-
-        * JavaScriptCore.exp: Add JSGlobalData::sharedInstanceExists to export list.
-
-2010-11-12  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8655073> Default to armv7 for JavaScriptCore, WebCore, WebKitSystemInterface, WebKit hardware builds
-
-        Reviewed by David Carson.
-
-        * Configurations/DebugRelease.xcconfig: Make armv7 the default
-        for hardware builds.
-
-2010-10-28  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Pratik Solanki, David Kilzer, Ian Henderson, and Yongjun Zhang.
-
-        <rdar://problem/5900435> Image limiting in WebKit is too aggressive
-
-        Add a new ENABLE flag for a DISK_IMAGE_CACHE feature. This feature
-        will allow us to memory map images that are taking up a large
-        amount of memory on the page and in the Cache. It is disabled by
-        default and enabled for iOS.
-
-        * wtf/Platform.h:
-
-2010-11-02  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8620879> contenteditable support should only be enabled for Telluride or later
-
-        Reviewed by Ian Henderson.
-
-        Renamed ENABLE_CONTENTEDITABLE to ENABLE_IOS_CONTENTEDITABLE
-        since this macro is only used on iOS WebKit.
-
-        * wtf/Platform.h: Added IOS_5_0_OR_LATER macro.  Changed
-        ENABLE_IOS_CONTENTEDITABLE to only be enabled for iOS 5.0 or
-        later.
-
-2010-10-19  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/6592830> Enable HTML5 Worker threads
-
-        Reviewed by David Kilzer.
-
-        * Configurations/FeatureDefines.xcconfig: Enable WORKERS, SHARED_WORKERS and
-        CHANNEL_MESSAGING.
-        * JavaScriptCore.exp:
-        * wtf/ThreadSpecific.h:
-        (WTF::::replace): Added. Allows caller to replace the thread-specific data with
-        the one passed.
-
-2010-10-10  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8502487> Seed: Safari consistently crashes when using .pac file for proxy
-
-        Reviewed by Geoff Garen and Alexey Proskuryakov.
-
-        We need a per-thread WTFThreadData so that JavaScript executing on a
-        different thread does not use the IdentifierTable for the main thread.
-        Otherwise pac file processing on the CFNetwork thread can result in a
-        crash when JavaScript is running on the WebThread.
-
-        But we have to take care that JavaScript running on the main thread and
-        the web thread access a shared IdentifierTable. Similarly for
-        AtomicStringTable - we have a shared AtomicStringTable between the two
-        threads.
-
-        * wtf/MainThread.h:
-        * wtf/WTFThreadData.cpp:
-        (WTF::WTFThreadData::WTFThreadData):
-        * wtf/WTFThreadData.h:
-        * wtf/mac/MainThreadMac.mm:
-        (WTF::isWebThread):
-        * wtf/text/AtomicString.cpp:
-        (WebCore::AtomicStringTable::create):
-
-2010-10-08  David Kilzer  <ddkilzer@apple.com>
-
-        Move *.order files into the SDKROOT for iOS
-
-        Reviewed by David Carson.
-
-        Fixes: <rdar://problem/8454660> JavaScriptCore: Move order files to AppleInternal/OrderFiles
-
-        * Configurations/Base.xcconfig: Updated SECTORDER_FLAGS_iphoneos
-        to point to JavaScriptCore.order in the SDKROOT.  Removed
-        SECTORDER_FLAGS_iphonesimulator since the *.order files are only
-        installed in the iPhoneOS.Internal SDK and we don't care about
-        Simluator performace.
-        * JavaScriptCore.iPhone.order: Removed.
-
-2010-10-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8507290> iOS: [INTERPRETER] Two tests fail with SputnikError: #1.1: if argArray is neither an array nor an arguments object (see 10.1.8), a TypeError exception is thrown (44245)
-
-        Merged ToT WebKit r68076.
-
-    2010-09-22  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        [INTERPRETER] Two tests fail with SputnikError: #1.1: if argArray is neither an array nor an arguments object (see 10.1.8), a TypeError exception is thrown
-        https://bugs.webkit.org/show_bug.cgi?id=44245
-
-        Remove incorrect code from op_load_varargs in the interpreter.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-10-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7826910> iOS: Integer overflows in WebCore: StringBuffer.h
-
-        Merged ToT WebKit r68812.
-
-    2010-09-29  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Add additional checks to StringBuffer.
-        <rdar://problem/7756381>
-
-        * wtf/text/StringBuffer.h:
-        (WTF::StringBuffer::StringBuffer):
-        (WTF::StringBuffer::resize):
-
-2010-10-01  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8498709> ALWAYS_INLINE should be specified on the function declaration
-
-        Merge in r68899.
-
-    2010-10-01  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Geoffrey Garen.
-        Specify ALWAYS_INLINE at function declaration not function definition
-        https://bugs.webkit.org/show_bug.cgi?id=46960
-
-        For functions defined with ALWAYS_INLINE, add the attribute to the declaration as well.
-
-        * bytecompiler/BytecodeGenerator.h:
-        * wtf/FastMalloc.cpp:
-
-2010-09-27  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Darin Adler.
-
-        <rdar://problem/8362752> REGRESSION: ~6.4% sunspider regression in interpreter on iphone due to 54925
-        Random fluctuations in interpreter performance due to function inlining. :-(
-        Stop inlining some functions to make the interpreter build happier.
-
-        This change tracked in opensource by https://bugs.webkit.org/show_bug.cgi?id=46680 (landed in r68455).
-
-        * interpreter/Interpreter.cpp:
-        (JSC::concatenateStrings):
-        (JSC::Interpreter::privateExecute):
-
-2010-09-24  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8362956> REGRESSION: ~9.6% sunspider regression in interpreter on iphone due to 55564
-
-        Merged ToT WebKit r68212.
-
-        This merges the changes made to open source WebKit back to iOS
-        WebKit.  There is no change in functionality.
-
-    2010-09-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8460731> ~9.9% speedup when compiling interpreter with llvm-gcc-4.2
-        https://bugs.webkit.org/show_bug.cgi?id=46423
-
-        Reviewed by Oliver Hunt.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Disable the gcc computed
-        goto hacks added in r55564 when compiling with llvm-gcc-4.2.
-
-2010-09-22  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        <rdar://problem/8338046> Use _pthread_getspecific_direct in FastMalloc for 1.3% JS iBench speed boost.
-
-        * wtf/Platform.h: Enable pthread_getspecific for all iOS versions now
-        that the blocking radar is fixed.
-
-2010-09-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8459236> iOS: REGRESSION: ~1.4% sunspider regression in interpreter on iphone due to 54724 and 54596
-
-        Merged ToT WebKit r67972.
-
-    2010-09-21  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        <rdar://problem/8363003> REGRESSION: ~1.4% sunspider regression in
-        interpreter due to 54724 and 54596
-        
-        Fixed a typo (using "UNLIKELY" instead of "LIKELY").
-        
-        * wtf/PassRefPtr.h:
-        (WTF::refIfNotNull):
-        (WTF::derefIfNotNull): It is likely that m_ptr != 0 because most RefPtrs
-        hold real data. Also, in cases where they do not hold real data, the
-        compiler usually sees a call to release() right before the call to the
-        destructor, so it can probably optimize out the test completely.
-
-2010-09-15  David Kilzer  <ddkilzer@apple.com>
-
-        Remove unnecessary HEADER_SEARCH_PATHS variables from Xcode project
-
-        Reviewed by Paul Knight.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed
-        HEADER_SEARCH_PATHS variables that overrode the value in
-        Configurations/Base.xcconfig.
-
-2010-09-10  Dean Jackson  <dino@apple.com>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/8414203> Turn WebGL on in compile, but only enable via private API
-
-        Add ENABLE_CANVAS_3D to FeatureDefines for iOS.
-        Also, turned on compilation for armv7 but off for armv6 in Platform.h. This
-        will stop hardware that doesn't support GLES 2.0 from compiling the code in.
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2010-09-02  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/8347745> iOS: REGRESSION (r62896): Interpreter incorrectly excludes prototype chain when validating put_by_id_transition (44240)
-
-        Merged ToT WebKit r65847.
-
-    2010-08-23  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Darin Adler.
-
-            [REGRESSION] Interpreter incorrectly excludes prototype chain when validating put_by_id_transition
-            https://bugs.webkit.org/show_bug.cgi?id=44240
-            <rdar://problem/8328995>
-
-            Fix an error I introduced when cleaning up the interpreter side of the logic
-            to prevent setters being called in object initialisers.
-
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::privateExecute):
-
-2010-09-02  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/6068284> iOS: Improve Safari protection against JavaScript hijacking Object literal notation
-
-        Merged ToT WebKit r62896.
-
-        * interpreter/Interpreter.cpp: Changed codeBlock to callFrame->codeBlock() since local variable codeBlock is added in an earlier patch.
-
-    2010-07-08  Oliver Hunt  <oliver@apple.com>
-
-            Reviewed by Sam Weinig.
-
-            Property declarations in an object literal should not consider the prototype chain when being added to the new object
-            https://bugs.webkit.org/show_bug.cgi?id=41929
-
-            To fix this all we need to do is ensure that all new properties are
-            added with putDirect rather than a fully generic call to put.  This
-            is safe as an object literal is by definition going to produce a
-            completely normal object.
-
-            Rather than duplicating all the put_by_id logic we add an additional
-            flag to op_put_by_id to indicate it should be using putDirect.  In
-            the interpreter this adds a runtime branch, but in the jit this is
-            essentially free as the branch is taken at compile time.  This does
-            actually improve object literal creation time even in the interpreter
-            as we no longer need to walk the prototype chain to verify that the
-            cached put is safe.
-
-            We still emit normal put_by_id code when emitting __proto__ as we want
-            to get the correct handling for changing the prototype.
-
-            Sunspider claims this is a 0.7% speedup which is conceivably real due
-            to the performance improvement in object literals, but I suspect its
-            really just the result of code motion.
-
-            * bytecode/Opcode.h:
-            * bytecompiler/BytecodeGenerator.cpp:
-            (JSC::BytecodeGenerator::emitPutById):
-            (JSC::BytecodeGenerator::emitDirectPutById):
-            * bytecompiler/BytecodeGenerator.h:
-            * bytecompiler/NodesCodegen.cpp:
-            (JSC::PropertyListNode::emitBytecode):
-            * interpreter/Interpreter.cpp:
-            (JSC::Interpreter::privateExecute):
-            * jit/JIT.h:
-            (JSC::JIT::compilePutByIdTransition):
-            * jit/JITPropertyAccess.cpp:
-            (JSC::JIT::emit_op_put_by_id):
-            (JSC::JIT::emitSlow_op_put_by_id):
-            (JSC::JIT::privateCompilePutByIdTransition):
-            (JSC::JIT::patchPutByIdReplace):
-            * jit/JITPropertyAccess32_64.cpp:
-            (JSC::JIT::emitSlow_op_put_by_id):
-            (JSC::JIT::privateCompilePutByIdTransition):
-            (JSC::JIT::patchPutByIdReplace):
-            * jit/JITStubs.cpp:
-            (JSC::JITThunks::tryCachePutByID):
-            (JSC::DEFINE_STUB_FUNCTION):
-            * jit/JITStubs.h:
-            (JSC::):
-            * runtime/JSGlobalData.cpp:
-            (JSC::JSGlobalData::JSGlobalData):
-            * runtime/JSObject.h:
-            (JSC::JSObject::putDirect):
-            (JSC::JSValue::putDirect):
-            * runtime/JSValue.h:
-
-2010-08-31  Dean Jackson  <dino@apple.com>
-
-        Reviewed by Chris Marrin
-        
-        <rdar://problem/7557398> iOS: Implement WebGL
-
-        * Configurations/FeatureDefines.xcconfig:
-            - ENABLE_3D_CANVAS defines
-
-2010-08-30  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8348440> Disable purgeable memory for N82 and N72
-
-        Reviewed by David Carson.
-
-        * wtf/Platform.h:
-
-2010-08-28  Pratik Solanki  <psolanki@apple.com>
-
-        Part of <rdar://problem/8348440> Disable purgeable memory for N82 and N72
-
-        Merged ToT WebKit r66301.
-
-    2010-08-28  Pratik Solanki  <psolanki@apple.com>
-
-        Reviewed by Dan Bernstein.
-
-        Add an ENABLE define for purgeable memory support
-        https://bugs.webkit.org/show_bug.cgi?id=44777
-
-        * wtf/Platform.h:
-
-2010-08-27  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Joe Pecoraro.
-
-        REGRESSION: ~9.6% sunspider regression in interpreter on iphone due to 55564
-        <rdar://problem/8362956>
-
-        llvm-gcc has its own version of pathological badness in Interpreter::privateExecute
-        that is caused by the computed goto jumps we do to appease gcc.  This patch disables
-        the gcc hacks when compiling with llvm-gcc and gives us back 8.7% -- completely removing
-        r55564 and related patches only gets us 8.5% so i assume that the 8.7% win here
-        is completely getting rid of this regression.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2010-08-26  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8208495> iOS: Multiplication overflow in JavaScriptCore StringImpl::replace() (42502)
-
-        Merged ToT WebKit r66119.
-
-    2010-08-25  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Improve overflow handling in StringImpl::Replace
-        https://bugs.webkit.org/show_bug.cgi?id=42502
-        <rdar://problem/8203794>
-
-        Harden StringImpl::replace against overflow -- I can't see how this
-        could be abused, but it's better to be safe than sorry.
-
-        * wtf/text/StringImpl.cpp:
-        (WTF::StringImpl::replace):
-
-2010-08-25  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/8327102> Disable Compile Time INSPECTOR Flag for N82
-
-        * wtf/Platform.h: Disable ENABLE_INSPECTOR flag for ARMv6 devices like N82.
-
-2010-08-25  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8171034> iOS: [JSC] Math.random is predictable which may lead to cross-domain information leakage and temporary user tracking attacks (41868)
-
-        Merged ToT WebKit r65947.
-
-        * wtf/RandomNumber.h: Merged part of ToT WebKit r58941.
-
-    2010-08-24  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Don't seed the JS random number generator from time()
-        https://bugs.webkit.org/show_bug.cgi?id=41868
-        <rdar://problem/8171025>
-
-        Switch to using the secure random number generator to
-        seed the fast random generator, and make the generator
-        be per global object.
-
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        * runtime/JSGlobalObject.h:
-        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
-        (JSC::JSGlobalObject::weakRandomNumber):
-        * runtime/MathObject.cpp:
-        (JSC::mathProtoFuncRandom):
-
-2010-08-24  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8344233> iOS: JSON.stringify is much slower than Firefox on particular pathological input
-
-        Merged ToT WebKit r65834.
-
-    2010-08-23  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        JSON.stringify is much slower than Firefox on particular pathological input
-        https://bugs.webkit.org/show_bug.cgi?id=44456
-
-        Make StringBuilder::reserveCapacity reserve additional space so we don't end up
-        repeatedly copying the entire result string.
-
-        * runtime/StringBuilder.h:
-        (JSC::StringBuilder::append):
-        (JSC::StringBuilder::reserveCapacity):
-
-2010-08-23  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by Dave Carson.
-
-        <rdar://problem/8283061> Enable JIT support for Durango
-        Tested on 8F61.
-
-        * wtf/Platform.h:
-
-2010-08-20  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/8025275> iOS: Use _pthread_getspecific_direct or __thread in FastMalloc for 1.3% JS iBench speed boost.
-
-        Reviewed by David Carson.
-
-        Use the SPI pthread_getspecific_direct() a small perf win. Sunspider
-        scores improves by about 0.5% overall, string subsection improves by
-        2%.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_ThreadCache::InitTSD):
-        * wtf/Platform.h:
-
-2010-08-19  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/8327102> Disable Compile Time INSPECTOR Flag for N82
-
-        * wtf/Platform.h: Disable ENABLE_INSPECTOR flag for ARMv6 devices like N82.
-
-2010-08-17  Enrica Casucci  <enrica@apple.com>
-
-        Reviewed by David Kilzer.
-
-         <rdar://problem/5245015>
-         Support WYSIWYG DHTML contentEditable editing areas (Google docs are not editable on P2)
-
-        * wtf/Platform.h: Added ENABLE_CONTENTEDITABLE for iOS 4.3 or later.
-
-2010-08-17  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/8283060> Disable JIT support for Jasper
-
-        * wtf/Platform.h:
-            Change the ENABLE_JIT define so the JIT is compiled out. This change disables the
-            JIT on all PLATFORM(IPHONE) builds, but leaves the settings in place (guarded by
-            a '&& 0') to be able to quickly reenable when the blocking bug to enabling the
-            JIT for Durango is fixed.
-
-2010-08-17  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8319473> Replace build train names with iOS version numbers in Platform.h
-
-        Reviewed by David Carson.
-
-        * wtf/Platform.h: Removed build train names in favor of version
-        numbers.  Also moved "_OR_LATER" macros so that they're only
-        defined on iOS WebKit builds.
-
-2010-08-14  Dean Jackson  <dino@apple.com>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/8071468> TLF: Add Gyro DOM events
-        <rdar://problem/5440938> TLF: Add Accelerometer DOM events
-
-        Enable DEVICE_ORIENTATION in Features.
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-08-13  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8210340> SWB: ld64-116.2 of JavaScriptCore: cannot export symbol
-
-        Reviewed by David Carson.
-
-        The problem is that the iOS-specific configurations for the jsc,
-        minidom and testapi targets were using Indigo.xcconfig for
-        Simulator configurations and iPhone.xcconfig for hardware
-        configurations.  Both pulled in JavaScriptCore.xcconfig, which
-        set EXPORTED_SYMBOLS_FILE to JavaScriptCore.exp, which caused
-        the build failure.
-
-        The fix is to use IndigoSDK.xcconfig in place of Indigo.xcconfig
-        and AspenSDK.xcconfig in place of iPhone.xcconfig for the iOS
-        configurations of jsc, minidom and testapi.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Updated jsc, minidom
-        and testapi targets to be based on xcconfig files that do not
-        pull in JavaScriptCore.xcconfig.
-
-2010-08-12  David Kilzer  <ddkilzer@apple.com>
-
-        Relanding: <rdar://problem/7854586> iOS: Enable Ruby support
-
-        Reviewed by David Carson.
-
-        * Configurations/FeatureDefines.xcconfig: Enable Ruby support
-        for all SDKs except iOS SDK 4.2.
-
-2010-08-12  Andy Estes  <aestes@apple.com>
-
-        <rdar://problem/8295061> Merge open source r64390, which added support
-        for compiling open source WebKit against iOS SDKs.
-
-        Relanded with fix:  <rdar://problem/8300652> Jasper8C73: WebKit_Sim-591 installhdrs failed
-
-        Reviewed by David Kilzer.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-08-11  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/8272261> iOS: parseFloat can be used to load arbitrary JSValues into JS, leading to badness (43461)
-
-        Merged ToT WebKit r64706.
-
-    2010-08-04  Geoffrey Garen  <ggaren@apple.com>
-
-            Reviewed by Oliver Hunt and Beth Dakin.
-
-            https://bugs.webkit.org/show_bug.cgi?id=43461
-            Invalid NaN parsing
-
-            * wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a
-            non-standard NaN representation, since our NaN encoding assumes that all
-            true NaNs have the standard bit pattern.
-
-            * API/JSValueRef.cpp:
-            (JSValueMakeNumber): Don't allow an API client to accidentally specify
-            a non-standard NaN either.
-
-2010-08-10  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8210895> Change MACOSX_DEPLOYMENT_TARGET from 10.5 to 10.6
-
-        Reviewed by David Carson.
-
-        * Configurations/DebugRelease.xcconfig: Changed
-        MACOSX_DEPLOYMENT_TARGET from "10.5" and "10.6" for iphoneos and
-        iphonesimulator platforms.
-
-2010-08-09  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7902157> Enable web sockets once the spec has stabilized
-
-        Reviewed by David Carson.
-
-        * Configurations/FeatureDefines.xcconfig: Updated to enable
-        web sockets for iOS WebKit.
-
-2010-08-07  Dan Bernstein  <mitz@apple.com>
-
-    <rdar://problem/8285101> Merge Open Source changes needed for color bitmap font support
-
-    Merged TOT WebKit r64915.
-
-    2010-08-07  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Anders Carlsson.
-
-        Created a separate SimpleFontData constructor exclusively for SVG fonts and moved the CTFontRef
-        from SimpleFontData to FontPlatformData.
-        https://bugs.webkit.org/show_bug.cgi?id=43674
-
-        * wtf/Platform.h: Moved definitions of WTF_USE_CORE_TEXT and WTF_USE_ATSUI here from WebCore/config.h.
-
-2010-08-07  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8279408> Move some member variables around to reduce class sizes. (38961)
-
-        Merged ToT WebKit r59197-r59198.
-
-    2010-05-11  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Add a compile time assert that sizeof(String) == sizeof(AtomicString).
-
-        * wtf/text/AtomicString.cpp:
-
-    2010-05-11  Anders Carlsson  <andersca@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        https://bugs.webkit.org/show_bug.cgi?id=38961
-        Move some member variables around to reduce class sizes.
-        
-        Make AtomicString no longer inherit from FastAllocBase.
-
-        Since AtomicString's first (and only) member variable, a RefPtr, also inherits from FastAllocBase this
-        was causing the size of AtomicString to contain sizeof(void*) bytes of padding.
-
-        * wtf/text/AtomicString.h:
-
-2010-08-07  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8282609> Enable sandboxed iframes
-
-        Reviewed by David Carson.
-
-        * Configurations/FeatureDefines.xcconfig: Updated to enable
-        sandboxed iframes for iOS WebKit.
-
-2010-08-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8275644> REGRESSION (Havoc merge I): Assertion failure in JSC::Heap::registerThread() when running regression tests
-
-        Reviewed by Pratik Solanki.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::registerThread): Removed ASSERT() hack added during
-        <rdar://problem/7781582> in r242248.
-
-2010-08-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6645438> Merge Soil.xcconfig into Base.xcconfig
-
-        Reviewed by David Carson.
-
-        The BUILD_TYPE definitions don't need to be in a separate
-        xcconfig file, so move them into Base.xcconfig.
-
-        * Configurations/Base.xcconfig: Added BUILD_TYPE definitions
-        from Soil.xcconfig.
-        * Configurations/Soil.xcconfig: Removed.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed references
-        to Soil.xcconfig.
-
-2010-08-04  David Kilzer  <ddkilzer@apple.com>
-
-        Part 2 of 2: <rdar://problem/7781582> Merge WebKit with Safari Havoc Final/Safari Gemini
-
-        Merged ToT WebKit r58930-r63936 from Safari Havoc and Gemini
-        branches to iOS WebKit.
-
-        870 files changed, 65193 insertions(+), 36489 deletions(-)
-
-2010-08-02  David Kilzer  <ddkilzer@apple.com>
-
-        Part 1 of 2: <rdar://problem/7781582> Merge WebKit with Safari Havoc Final/Safari Gemini
-
-        Merged ToT WebKit r54085-r58928 to iOS WebKit.
-
-        The second part will merge commits on the Havoc and Gemini branches.
-
-        45864 files changed, 1788569 insertions(+), 269116 deletions(-)
-
-2010-07-30  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by Yongjun Zhang.
-
-        <rdar://problem/8256224> Web Inspector: Turn on ENABLE_INSPECTOR by Default
-
-        * wtf/Platform.h: enable ENABLE_INSPECTOR for PLATFORM(IPHONE)
-
-2010-07-29  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by NOBODY (OOPS!).
-
-        Patch originally by David Goodwin.
-
-        This change is functionally the same as:
-        https://bugs.webkit.org/show_bug.cgi?id=43162
-        (but very different, since code has moved around since then).
-
-        Add support for MADV_FREE to ExecutableAllocatorFixedVMPool, so that
-        unused memory pages in the JIT buffers can be returned to the system.
-
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::release):
-        (JSC::FixedVMPoolAllocator::reuse):
-
-2010-07-26  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7937509> JavaScriptCore-564 fails to build in Damnation
-
-        Reviewed by David Carson.
-
-        The iPhone Simulator in Durango and Telluride now apparently
-        uses Barolo headers, so it needs to initialize the additional
-        fields in the malloc_introspection_t struct.
-
-        This rolls out iOS WebKit r235486.
-
-        * wtf/FastMalloc.cpp:
-        (jscore_fastmalloc_introspection): Include additional fields
-        when compiling for the iPhone Simulator on Durango and newer.
-
-2010-07-23  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/6845619> Reset CoreLocation Warnings will not reset Geolocation warnings
-
-        * wtf/Platform.h: Turn on ENABLE_GEOLOCATION_PERMISSION_CACHE.
-
-2010-07-21  Gavin Barraclough  <barraclough@apple.com>
-
-        Enable the JIT for Jasper.
-        
-        *** This change will not work on Jasper pre-8C55 - please update! ***
-
-        Roll in patches r55834, r56000, r57608, r59037, r62306, r62419, r62437,
-        r62612, r62799, r63023, r63056, r63336, r63341, and r63404 from open source.
-
-        Change mmap in FixedVMPoolAllocator to pass MAP_JIT, and check the result for MAP_FAILED (fixes a bug in ToT).
-
-        Makes the following changes to Platform.h:
-          * Enable JIT for Jasper on ARMv7 (interpret only on future build trains until they pick up kernel changes,
-            & on ARMv6).
-          * Enable ENABLE_EXECUTABLE_ALLOCATOR_FIXED (the JIT uses a signle allocation).
-          * Disable ENABLE_ASSEMBLER_WX_EXCLUSIVE (the JIt now uses RWX memory).
-
-        Once future kernel changes have been made, if mmap with MAP_JIT returns MAP_FAILED (where the
-        appropriate entitlement is not available) then JSC should gracefully fallback to the interpreter.
-
-        * assembler/ARMv7Assembler.h:
-        (JSC::ARMRegisters::):
-        (JSC::ARMRegisters::asSingle):
-        (JSC::ARMRegisters::asDouble):
-        (JSC::VFPImmediate::VFPImmediate):
-        (JSC::VFPImmediate::isValid):
-        (JSC::VFPImmediate::value):
-        (JSC::ARMv7Assembler::singleRegisterMask):
-        (JSC::ARMv7Assembler::doubleRegisterMask):
-        (JSC::ARMv7Assembler::):
-        (JSC::ARMv7Assembler::add_S):
-        (JSC::ARMv7Assembler::ldrb):
-        (JSC::ARMv7Assembler::neg):
-        (JSC::ARMv7Assembler::orr_S):
-        (JSC::ARMv7Assembler::sub):
-        (JSC::ARMv7Assembler::sub_S):
-        (JSC::ARMv7Assembler::vadd_F64):
-        (JSC::ARMv7Assembler::vcmp_F64):
-        (JSC::ARMv7Assembler::vcvt_F64_S32):
-        (JSC::ARMv7Assembler::vcvtr_S32_F64):
-        (JSC::ARMv7Assembler::vdiv_F64):
-        (JSC::ARMv7Assembler::vldr):
-        (JSC::ARMv7Assembler::vmov_F64_0):
-        (JSC::ARMv7Assembler::vmov):
-        (JSC::ARMv7Assembler::vmrs):
-        (JSC::ARMv7Assembler::vmul_F64):
-        (JSC::ARMv7Assembler::vstr):
-        (JSC::ARMv7Assembler::vsub_F64):
-        (JSC::ARMv7Assembler::repatchLoadPtrToLEA):
-        (JSC::ARMv7Assembler::VFPOperand::VFPOperand):
-        (JSC::ARMv7Assembler::VFPOperand::bits1):
-        (JSC::ARMv7Assembler::VFPOperand::bits4):
-        (JSC::ARMv7Assembler::vcvtOp):
-        (JSC::ARMv7Assembler::linkJumpAbsolute):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
-        (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
-        * assembler/AbstractMacroAssembler.h:
-        (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
-        * assembler/MacroAssemblerARM.h:
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::fpTempRegisterAsSingle):
-        (JSC::MacroAssemblerARMv7::neg32):
-        (JSC::MacroAssemblerARMv7::load8):
-        (JSC::MacroAssemblerARMv7::loadDouble):
-        (JSC::MacroAssemblerARMv7::divDouble):
-        (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
-        (JSC::MacroAssemblerARMv7::branchDouble):
-        (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
-        (JSC::MacroAssemblerARMv7::zeroDouble):
-        (JSC::MacroAssemblerARMv7::branch8):
-        (JSC::MacroAssemblerARMv7::branchTest8):
-        (JSC::MacroAssemblerARMv7::branchOr32):
-        (JSC::MacroAssemblerARMv7::set32):
-        (JSC::MacroAssemblerARMv7::set8):
-        (JSC::MacroAssemblerARMv7::setTest8):
-        * assembler/MacroAssemblerX86Common.h:
-        * bytecode/CodeBlock.cpp:
-        (JSC::CodeBlock::~CodeBlock):
-        (JSC::CodeBlock::shrinkToFit):
-        * bytecode/CodeBlock.h:
-        (JSC::CodeBlock::bytecodeOffset):
-        * bytecode/Instruction.h:
-        (JSC::Instruction::Instruction):
-        * bytecode/Opcode.h:
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::returnPC):
-        (JSC::ExecState::returnVPC):
-        * interpreter/Interpreter.cpp:
-        (JSC::bytecodeOffsetForPC):
-        (JSC::Interpreter::Interpreter):
-        (JSC::Interpreter::isOpcode):
-        (JSC::Interpreter::unwindCallFrame):
-        (JSC::Interpreter::throwException):
-        (JSC::Interpreter::execute):
-        (JSC::Interpreter::prepareForRepeatCall):
-        (JSC::Interpreter::privateExecute):
-        (JSC::Interpreter::retrieveLastCaller):
-        * interpreter/Interpreter.h:
-        (JSC::Interpreter::getOpcode):
-        (JSC::Interpreter::getOpcodeID):
-        * jit/ExecutableAllocator.cpp:
-        (JSC::ExecutableAllocator::reprotectRegion):
-        (JSC::ExecutableAllocator::cacheFlush):
-        * jit/ExecutableAllocator.h:
-        (JSC::ExecutableAllocator::ExecutableAllocator):
-        (JSC::ExecutableAllocator::poolForSize):
-        * jit/ExecutableAllocatorFixedVMPool.cpp:
-        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
-        (JSC::FixedVMPoolAllocator::alloc):
-        (JSC::FixedVMPoolAllocator::free):
-        (JSC::FixedVMPoolAllocator::isValid):
-        (JSC::ExecutableAllocator::isValid):
-        (JSC::ExecutablePool::systemAlloc):
-        (JSC::ExecutablePool::systemRelease):
-        * jit/ExecutableAllocatorPosix.cpp:
-        (JSC::ExecutableAllocator::isValid):
-        * jit/ExecutableAllocatorSymbian.cpp:
-        * jit/ExecutableAllocatorWin.cpp:
-        (JSC::ExecutableAllocator::isValid):
-        * jit/JIT.cpp:
-        (JSC::JIT::linkCall):
-        * jit/JIT.h:
-        (JSC::JIT::compileCTIMachineTrampolines):
-        * jit/JITCall.cpp:
-        (JSC::JIT::compileOpCallVarargs):
-        (JSC::JIT::compileOpCallSlowCase):
-        * jit/JITOpcodes.cpp:
-        * jit/JITPropertyAccess.cpp:
-        (JSC::JIT::privateCompilePutByIdTransition):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::JITThunks):
-        (JSC::JITThunks::tryCacheGetByID):
-        * runtime/ArrayPrototype.cpp:
-        (JSC::isNumericCompareFunction):
-        * runtime/Executable.cpp:
-        (JSC::EvalExecutable::generateJITCode):
-        (JSC::ProgramExecutable::generateJITCode):
-        (JSC::FunctionExecutable::generateJITCode):
-        (JSC::FunctionExecutable::reparseExceptionInfo):
-        (JSC::EvalExecutable::reparseExceptionInfo):
-        * runtime/Executable.h:
-        (JSC::NativeExecutable::NativeExecutable):
-        * runtime/JSGlobalData.cpp:
-        (JSC::JSGlobalData::JSGlobalData):
-        * runtime/JSGlobalData.h:
-        (JSC::JSGlobalData::canUseJIT):
-        * wtf/Platform.h:
-        * yarr/RegexCompiler.cpp:
-        (JSC::Yarr::RegexPatternConstructor::atomBackReference):
-        (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
-        * yarr/RegexJIT.cpp:
-        (JSC::Yarr::RegexGenerator::generateTerm):
-        (JSC::Yarr::RegexGenerator::RegexGenerator):
-        (JSC::Yarr::jitCompileRegex):
-        * yarr/RegexJIT.h:
-        (JSC::Yarr::RegexCodeBlock::operator!):
-        * yarr/RegexPattern.h:
-        (JSC::Yarr::RegexPattern::RegexPattern):
-        (JSC::Yarr::RegexPattern::reset):
-
-2010-07-14  David Kilzer  <ddkilzer@apple.com>
-
-        Remove duplicate #include statement from ProfilerSerer.mm
-
-        Rubber-stamped by Greg Bolsinga.
-
-        * profiler/ProfilerServer.mm: Removed duplicate include.
-
-2010-07-14  Greg Bolsinga  <bolsinga@apple.com>
-
-        Let Xcode 3.2.4 update the project file.
-
-        Reviewed by Paul Knight.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-07-05  David Kilzer  <ddkilzer@apple.com>
-
-        Part 2: <rdar://problem/8144692> iOS: Overflow in JSArray::copyToRegisters (41351)
-
-        Merged ToT WebKit r62456, r62464.
-
-    2010-07-04  Mark Rowe  <mrowe@apple.com>
-
-        Build fix after r62456.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Be slightly more consistent in using uint32_t to prevent
-        warnings about comparisons between signed and unsigned types, and attempts to call an overload
-        of std::min that doesn't exist.
-
-    2010-07-03  Yong Li  <yoli@rim.com>
-
-        Reviewed by Darin Adler.
-
-        Make Arguments::MaxArguments clamping work for numbers >= 0x80000000 in
-        the interpreter as well as the JIT.
-
-        https://bugs.webkit.org/show_bug.cgi?id=41351
-        rdar://problem/8142141
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute): Fix signed integer overflow problem
-        in op_load_varargs handling. 0xFFFFFFFF was read as -1.
-
-2010-07-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8144692> iOS: Overflow in JSArray::copyToRegisters (41351)
-
-        Merged ToT WebKit r62432.
-
-    2010-07-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Clamp the number of arguments supported by function.apply
-        https://bugs.webkit.org/show_bug.cgi?id=41351
-        <rdar://problem/8142141>
-
-        Add clamping logic to function.apply similar to that
-        enforced by firefox.  We have a smaller clamp than
-        firefox as our calling convention means that stack
-        usage is proportional to argument count -- the firefox
-        limit is larger than you could actually call.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-        * jit/JITStubs.cpp:
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Arguments.h:
-        (JSC::Arguments::):
-
-2010-07-02  David Kilzer  <ddkilzer@apple.com>
-
-        Use snprintf instead of sprintf everywhere in JavaScriptCore
-
-        Merged ToT WebKit r62414.
-
-    2010-07-02  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Geoffrey Garen.
-
-        Patch for https://bugs.webkit.org/show_bug.cgi?id=41548
-        Use snprintf instead of sprintf everywhere in JavaScriptCore
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::encode):
-        (JSC::globalFuncEscape):
-        * runtime/UString.cpp:
-        (JSC::UString::from):
-
-2010-07-01  Gavin Barraclough  <barraclough@apple.com>
-
-        Reviewed by David Carson.
-
-               Switch ASSERTs to ASSERT_UNUSEDs to, to allow JIT to build Deployment on iPhone.
-
-        * assembler/MacroAssemblerARMv7.h:
-        (JSC::MacroAssemblerARMv7::branchMul32):
-
-2010-07-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8058479> Damnation8Z5059: JavaScriptCore_Sim-579 fails to build
-
-        Reviewed by Cameron Zwarich.
-
-        The iPhone Simulator in Durango and Telluride still uses
-        pre-Barolo headers, so it doesn't need to initialize the
-        additional fields in the malloc_introspection_t struct.
-
-        * wtf/FastMalloc.cpp:
-        (jscore_fastmalloc_introspection): Don't include the additional
-        fields when compiling for the iPhone Simulator on Durango and
-        newer.
-
-2010-06-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8122363> iPhone: Safari 5 crashes due to incorrect handling of BOMs in JSC
-
-        Merged ToT WebKit r61450.
-
-    2010-06-18  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Incorrect handling of multiple BOMs scattered through a file.
-        https://bugs.webkit.org/show_bug.cgi?id=40865
-
-        When determining the offset of open and close braces in a source
-        with BOMs we were finishing our count early as we failed to account
-        for BOMs prior to the open/close brace positions effecting those
-        positions.
-
-        * parser/Lexer.cpp:
-        (JSC::Lexer::sourceCode):
-
-2010-05-20  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/8010351> Enable JavaScriptCore dtrace probes for iPhone Simulator
-
-        Reviewed by Greg Bolsinga.
-
-        * Configurations/Base.xcconfig: Enable dtrace probes for the
-        iPhone Simulator.
-
-2010-05-17  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7937509> JavaScriptCore-564 fails to build in Damnation
-
-        Merged ToT WebKit r57457.
-
-    2010-04-11  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        <rdar://problem/7851332> Fix the build.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::): Initialize extra members of malloc_introspection_t to zero.
-
-2010-05-13  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-    <rdar://problem/7977658> MobileSafari has 2 MB of VM_TAG_FOR_COLLECTOR_MEMORY resident in the background
-    
-    Merge ToT WebKit r54428, r54574, r54696, r54701
-
-        2010-02-09  Geoffrey Garen  <ggaren@apple.com>
-
-            Reviewed by Oliver Hunt.
-
-            Small refactoring to the small strings cache to allow it to be cleared
-            dynamically.
-
-            * runtime/SmallStrings.cpp:
-            (JSC::SmallStrings::SmallStrings):
-            (JSC::SmallStrings::clear):
-            * runtime/SmallStrings.h: Moved initialization code into a shared function,
-            and changed the constructor to call it.
-
-        2010-02-11  Geoffrey Garen  <ggaren@apple.com>
-
-            Reviewed by Oliver Hunt and Darin Adler.
-
-            The rest of the fix for
-            https://bugs.webkit.org/show_bug.cgi?id=34864 | <rdar://problem/7594198>
-            Many objects left uncollected after visiting mail.google.com and closing
-            window
-        
-            Don't unconditionally hang onto small strings. Instead, hang onto all
-            small strings as long as any small string is still referenced.
-        
-            SunSpider reports no change.
-
-            * runtime/Collector.cpp:
-            (JSC::Heap::markRoots): Mark the small strings cache last, so it can
-            check if anything else has kept any strings alive.
-
-            * runtime/SmallStrings.cpp:
-            (JSC::isMarked):
-            (JSC::SmallStrings::markChildren): Only keep our strings alive if some
-            other reference to at least one of them exists, too.
-
-        2010-02-04  Geoffrey Garen  <ggaren@apple.com>
-
-            Reviewed by Gavin Barraclough.
-
-            Some progress toward fixing
-            Reviewed by Oliver Hunt.
-
-            Clearing a WeakGCPtr is weird
-            https://bugs.webkit.org/show_bug.cgi?id=34627
-
-            Added a WeakGCPtr::clear interface.
-        
-            As discussed in https://bugs.webkit.org/show_bug.cgi?id=33383, the old
-            interface made it pretty weird for a client to conditionally clear a
-            WeakGCPtr, which is exactly what clients want to do when objects are
-            finalized.
-
-            * API/JSClassRef.cpp:
-            (clearReferenceToPrototype): Use the new WeakGCPtr::clear() interface. 
-
-            * runtime/WeakGCPtr.h:
-            (JSC::WeakGCPtr::clear): Added an interface for clearing a WeakGCPtr,
-            iff its current value is the value passed in. It's cumbersome for the
-            client to do this test, since WeakGCPtr sometimes pretends to be null.
-
-        2010-02-11  Geoffrey Garen  <ggaren@apple.com>
-    
-            Reviewed by Gavin Barraclough. 
-    
-            https://bugs.webkit.org/show_bug.cgi?id=34864 | <rdar://problem/7594198>
-            Many objects left uncollected after visiting mail.google.com and closing
-            window
-        
-            SunSpider reports no change.
-        
-            Keep weak references, rather than protected references, to cached for-in
-            property name enumerators.
-        
-            One problem with protected references is that a chain like 
-                [ gc object 1 ] => [ non-gc object ] => [ gc object 2 ]
-            takes two GC passes to break, since the first pass collects [ gc object 1 ],
-            releasing [ non-gc object ] and unprotecting [ gc object 2 ], and only
-            then can a second pass collect [ gc object 2 ].
-        
-            Another problem with protected references is that they can keep a bunch
-            of strings alive long after they're useful. In SunSpider and a few popular
-            websites, the size-speed tradeoff seems to favor weak references.
-
-            * runtime/JSPropertyNameIterator.cpp:
-            (JSC::JSPropertyNameIterator::JSPropertyNameIterator): Moved this constructor
-            into the .cpp file, since it's not used elsewhere.
-
-            (JSC::JSPropertyNameIterator::~JSPropertyNameIterator): Added a destructor
-            to support our weak reference.
-
-            * runtime/JSPropertyNameIterator.h:
-            (JSC::Structure::setEnumerationCache):
-            (JSC::Structure::clearEnumerationCache):
-            (JSC::Structure::enumerationCache): Added a function for clearing a
-            Structure's enumeration cache, used by our new destructor. Also fixed
-            indentation to match the rest of the file.
-
-            * runtime/Structure.h: Changed from protected pointer to weak pointer.
-
-2010-05-04  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        <rdar://problem/7928746> WebKit crashes at DebuggerCallFrame::functionName() if m_callFrame is the top global callframe.
-
-        Merged ToT WebKit r58779
-
-    2010-05-04  Yongjun Zhang  <yongjun_zhang@apple.com>
-
-        Reviewed by Darin Adler.
-
-        WebKit crashes at DebuggerCallFrame::functionName() if m_callFrame is the top global callframe.
-        https://bugs.webkit.org/show_bug.cgi?id=38535
-
-        Don't call asFunction if callee is not a FunctionType to prevent assertion failure
-        in JSCell::isObject().
-
-        * debugger/DebuggerCallFrame.cpp:
-        (JSC::DebuggerCallFrame::functionName):
-        (JSC::DebuggerCallFrame::calculatedFunctionName):
-
-2010-04-24  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Paul Knight.
-
-        <rdar://problem/7542676> iPhone WebKit should not have ENABLE(DATALIST) defined
-
-        * Configurations/FeatureDefines.xcconfig: Turn off DATALIST for iPhone.
-
-2010-04-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7901486> Disable WebSockets since the standard is still in flux
-
-        Reviewed by Paul Knight.
-
-        * Configurations/FeatureDefines.xcconfig: Disabled web sockets
-        for iPhone OS and iPhone Simulator builds.
-
-2010-04-18  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Dave Kilzer.
-
-        JavaScriptCore part of <rdar://problem/7877559> Use Developer directory-relative #inlcudes in .xcconfig files
-        Changed absolute #include paths to <DEVELOPER_DIR>-relative paths.
-
-        * Configurations/Indigo.xcconfig:
-        * Configurations/iPhone.xcconfig:
-
-2010-04-18  David Kilzer  <ddkilzer@apple.com>
-
-        Remove workarounds for iPhone OS 3.2 and earlier
-
-        Reviewed by Greg Bolsinga.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::): Removed workaround for iPhone OS 3.2.
-        * wtf/Platform.h: Ditto.
-
-2010-04-17  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7876459> iPhone: REGRESSION: Crash beneath JSGlobalContextRelease when typing in Google search field with GuardMalloc/full page heap enabled
-
-        Merged ToT WebKit r54785.
-
-    2010-02-15  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed <rdar://problem/7628524> Crash beneath JSGlobalContextRelease when
-        typing in Google search field with GuardMalloc/full page heap enabled
-
-        * API/JSContextRef.cpp: Don't use APIEntryShim, since that requires
-        a JSGlobalData, which this function destroys. Do use setCurrentIdentifierTable
-        and JSLock instead, since those are the two features of APIEntryShim we
-        require.
-
-2010-04-17  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7548905> Change build version of WebKit from 10.5 (Leopard) to 10.6 (Snow Leopard)
-
-        Reviewed by Joseph Pecoraro.
-
-        This changes the WebKit version from 5532.9 to 6532.9 to signify
-        that iPhone OS 4.0 is closer to SnowLeopard's version of WebKit
-        than Leopard's version of WebKit.
-
-        * Configurations/Version.xcconfig: Changed
-        SYSTEM_VERSION_PREFIX_iphoneos from 5 to 6.
-
-2010-04-16  Mike Knippers  <knippers@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Updated JavaScriptCore order file for Apex.
-
-        <rdar://problem/7869012> Update JavascriptCore order file for Apex
-
-        * JavaScriptCore.iPhone.order:
-
-2010-04-08  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/7674554> Safari hangs when user replies to Hotmail email (flat frame code needs lots of help)
-        
-        Remove ENABLE(FRAME_FLATTENING_DEPRECATED) code so that OpenSource code can be merged in for this feature.
-
-        * wtf/Platform.h:
-
-2010-04-07  Enrica Casucci  <enrica@apple.com>
-
-    <rdar://problem/7702452> N90/Apex8A211: Text gets "white-out" by the insertion cursor
-    
-    Merged ToT WebKit r57218.
-
-    2010-04-07  Enrica Casucci  <enrica@apple.com>
-
-            Reviewed by Darin Adler.
-
-            https://bugs.webkit.org/show_bug.cgi?id=37219
-            
-            This change disables text caret for the iPhone platflorm.
-            
-            * wtf/Platform.h: Disabled text caret for iPhone.
-    
-2010-04-07  Greg Bolsinga  <bolsinga@apple.com>
-
-        <rdar://problem/7822422> Event Targets are lost in a non-deterministic fashion
-
-        Merged ToT WebKit r54402.
-
-    2010-02-04  Geoffrey Garen  <ggaren@apple.com>
-
-        Build fix: export a header.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2010-04-06  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/6845619> Reset CoreLocation Warnings will not reset Geolocation warnings
-        
-        This is clean up in preparation to update to Open Source Geolocation. ENABLE_GEOLOCATION_PERMISSION_CACHE
-        is an iPhone only concept that doesn't even work due to <rdar://problem/7835511>.
-
-        * wtf/Platform.h: Add ENABLE_GEOLOCATION_PERMISSION_CACHE, which is always off.
-
-2010-04-05  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/7830163> Enable pthread_setname_np
-
-        Reviewed by Greg Bolsinga.
-
-        We don't need to check for !IPHONE_SIMULATOR since the SDK requires
-        Snow Leopard. Also, remove the check for 4.0.
-
-        * wtf/Platform.h:
-
-2010-03-31  David Kilzer  <ddkilzer@apple.com>
-
-        Make iPhone WebKit source build Mac OS X WebKit
-
-        Reviewed by Greg Bolsinga and David Carson.
-
-        Needed to test <rdar://problem/7763309> after merging.
-
-        * wtf/CrossThreadRefCounted.h: Added #if PLATFORM(IPHONE)/#endif
-        macros around iPhone-only header.
-
-2010-03-29  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/7786502> ASSERT Crash when Using Local Storage
-
-          Provide Function Pointers to be filled in by WebCore. These are the
-          same name as WebCore's function, but prefixed with "WebCore". This
-          introduces WebCoreWebThreadIsLockedOrDisabled.
-
-        * wtf/iphone/WebCoreThread.cpp: Added. Function pointers to be filled.
-        * wtf/iphone/WebCoreThread.h: Added. Function pointers to be filled.
-        * wtf/CrossThreadRefCounted.h: Uses the improved function in the ASSERT
-        (WTF::::ref): use the existing ASSERT
-        (WTF::::deref): use the existing ASSERT
-        (WTF::::crossThreadCopy): use the existing ASSERT
-
-          Build System and other File Handling.
-
-        * JavaScriptCore.exp: export the function pointers to be filled.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added new Files.
-
-2010-03-27  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7748481> iPhone: TCMalloc should tag its memory, so it shows up distinctly in vmmap
-
-        Merged ToT WebKit r55483.
-
-    2010-03-03  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Geoff Garen.
-
-        Add virtual memory tags for TCMalloc and WebCore's purgeable buffers.
-
-        * wtf/TCSystemAlloc.cpp:
-        (TryMmap): Use the VM tag.
-        * wtf/VMTags.h: Make use of VM_MEMORY_TCMALLOC and VM_MEMORY_WEBCORE_PURGEABLE_BUFFERS.
-
-2010-03-25  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7796325> Baker (4.1) needs to use llvm-gcc-4.2 to compile JavaScriptCore, WebCore, WKSI, WebKit
-
-        Reviewed by Joseph Pecoraro.
-
-        * Configurations/Base.xcconfig: Switched to use
-        $(REAL_PLATFORM_NAME) to determine which compiler to use.  For
-        the iphoneos SDK, we always want llvm-gcc-4.2.  For the
-        iphonesimulator SDK, we just want the default compiler: gcc-4.2.
-
-2010-03-25  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7650521> iPhone: REGRESSION(r52116): WebCore::ImageEventSender::dispatchPendingEvents() crashes in certain conditions (34490)
-
-        Merged ToT WebKit r54618, r54619.
-
-    2010-02-10  Alexey Proskuryakov  <ap@apple.com>
-
-        Addressing issues found by style bot.
-
-        * wtf/ValueCheck.h: Renamed header guard to match final file name.
-
-        * wtf/Vector.h: (WTF::::checkConsistency): Remove braces around a one-line clause.
-
-    2010-02-09  Alexey Proskuryakov  <ap@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        https://bugs.webkit.org/show_bug.cgi?id=34490
-        WebCore::ImageEventSender::dispatchPendingEvents() crashes in certain conditions
-
-        * GNUmakefile.am:
-        * JavaScriptCore.gypi:
-        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        Added ValueCheck.h.
-
-        * wtf/ValueCheck.h: Added. Moved code out of HashTraits, since it would be awkward to
-        include that from Vector.h.
-        (WTF::ValueCheck::checkConsistency): Allow null pointers, those are pretty consistent.
-
-        * wtf/HashTraits.h: Moved value checking code out of here.
-
-        * wtf/HashTable.h: (WTF::::checkTableConsistencyExceptSize): Updated for the above changes.
-
-        * wtf/Vector.h:
-        (WTF::::checkConsistency): Check all vector elements.
-        (WTF::ValueCheck): Support checking a Vector as an element in other containers. Currently
-        unused.
-
-2010-03-25  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7597676> iPhone: JSC is failing to propagate anonymous slot count on some transitions
-
-        Merged ToT WebKit r54100, r54129, r54141, r54265.
-
-    2010-02-02  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Geoffrey Garen.
-
-        Crash in CollectorBitmap::get at nbcolympics.com
-        https://bugs.webkit.org/show_bug.cgi?id=34504
-
-        This was caused by the use of m_offset to determine the offset of
-        a new property into the property storage.  This patch corrects
-        the effected cases by incorporating the anonymous slot count. It
-        also removes the duplicate copy of anonymous slot count from the
-        property table as keeping this up to date merely increased the
-        chance of a mismatch.  Finally I've added a large number of
-        assertions in an attempt to prevent such a bug from happening
-        again.
-
-        With the new assertions in place the existing anonymous slot tests
-        all fail without the m_offset fixes.
-
-        * runtime/PropertyMapHashTable.h:
-        * runtime/Structure.cpp:
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransitionToExistingStructure):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::removePropertyTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::addPropertyWithoutTransition):
-        (JSC::Structure::removePropertyWithoutTransition):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::get):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::insertIntoPropertyMapHashTable):
-        (JSC::Structure::createPropertyMapHashTable):
-        (JSC::Structure::rehashPropertyMapHashTable):
-        (JSC::Structure::checkConsistency):
-
-    2010-02-01  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Structure not accounting for anonymous slots when computing property storage size
-        https://bugs.webkit.org/show_bug.cgi?id=34441
-
-        Previously any Structure with anonymous storage would have a property map, so we
-        were only including anonymous slot size if there was a property map.  Given this
-        is no longer the case we should always include the anonymous slot count in the
-        property storage size.
-
-        * runtime/Structure.h:
-        (JSC::Structure::propertyStorageSize):
-
-    2010-01-31  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        JSC is failing to propagate anonymous slot count on some transitions
-        https://bugs.webkit.org/show_bug.cgi?id=34321
-
-        Remove secondary Structure constructor, and make Structure store a copy
-        of the number of anonymous slots directly so saving an immediate allocation
-        of a property map for all structures with anonymous storage, which also
-        avoids the leaked property map on new property transition in the original
-        version of this patch.
-
-        We need to propagate the the anonymous slot count otherwise we can end up
-        with a structure recording incorrect information about the available and
-        needed space for property storage, or alternatively incorrectly reusing
-        some slots.
-
-        * JavaScriptCore.exp:
-        * runtime/Structure.cpp:
-        (JSC::Structure::Structure):
-        (JSC::Structure::materializePropertyMap):
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::Structure::copyPropertyTable):
-        (JSC::Structure::put):
-        (JSC::Structure::remove):
-        (JSC::Structure::insertIntoPropertyMapHashTable):
-        (JSC::Structure::createPropertyMapHashTable):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-        (JSC::Structure::hasAnonymousSlots):
-        (JSC::Structure::anonymousSlotCount):
-
-    2010-01-29  Mark Rowe  <mrowe@apple.com>
-
-        Roll out r54073 as it introduced many thousands of leaks.
-
-        * runtime/JSObject.h:
-        (JSC::JSObject::setStructure):
-        * runtime/Structure.cpp:
-        (JSC::Structure::addPropertyTransition):
-        (JSC::Structure::changePrototypeTransition):
-        (JSC::Structure::despecifyFunctionTransition):
-        (JSC::Structure::getterSetterTransition):
-        (JSC::Structure::toDictionaryTransition):
-        * runtime/Structure.h:
-        (JSC::Structure::create):
-
-2010-03-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7771301> JavaScriptCore, WebCore, WebKit projects only built for armv7 (missing armv6)
-
-        Reviewed by Greg Bolsinga.
-
-        ARCHS_UNIVERSAL_IPHONE_OS isn't as universal as the name
-        suggests, so switch to using ARCHS_STANDARD_32_BIT instead.
-
-        * Configurations/Base.xcconfig: Break out VALID_ARCHS by
-        REAL_PLATFORM_NAME.  Use ARCHS_STANDARD_32_BIT for iphoneos and
-        iphonesimulator.
-        * Configurations/DebugRelease.xcconfig: Switched from using
-        ARCHS_UNIVERSAL_IPHONE_OS to using ARCHS_STANDARD_32_BIT.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Changed the base
-        configuration for jsc, minidom and testapi targets to
-        iPhone.xcconfig for Development_Hardware and Deployment_Hardware
-        configurations, and to Indigo.xcconfig for Development and
-        Deployment configurations.  Note that Production_Deployment and
-        Production_Hardware configurations were already based on
-        Indigo.xccconfig and iPhone.xcconfig, respectively.
-
-2010-03-22  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7559240> Disable sandboxed iframe feature after Havoc merge
-
-        Merged ToT WebKit r55043.
-
-        * Configurations/FeatureDefines.xcconfig: Disable ENABLE_SANDBOX
-        by default for iPhone WebKit.
-
-    2010-02-19  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by David Levin.
-
-        Add an ENABLE flag for sandboxed iframes to make it possible to disable it in releases
-        https://bugs.webkit.org/show_bug.cgi?id=35147
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-03-21  Philippe Champeaux  <champeaux.p@apple.com>
-
-        <rdar://problem/7616665> WebKit should switch from MobileQuickLook to QuickLook
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h: Changed "USE(MOBILE_QUICK_LOOK)" to
-        "USE(QUICK_LOOK)".
-
-2010-03-21  David Kilzer  <ddkilzer@apple.com>
-
-        Part 2 of 2: <rdar://problem/7767168> Disable Ruby support for Apex
-
-        Reviewed by David Carson.
-
-        * Configurations/FeatureDefines.xcconfig: Disable Ruby support
-        on iPhone OS and iPhone Simulator builds.
-
-2010-03-21  David Kilzer  <ddkilzer@apple.com>
-
-        Part 1 of 2: <rdar://problem/7767168> Disable Ruby support for Apex
-
-        Merge ToT WebKit r54649.
-
-    2010-02-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Restore ENABLE_RUBY flag so vendors can ship with Ruby disabled if they choose.
-        https://bugs.webkit.org/show_bug.cgi?id=34698
-
-        * Configurations/FeatureDefines.xcconfig:
-
-2010-03-17  Joseph Pecoraro  <joepeck@webkit.org>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/7756577> REGRESSION: LayoutTests/fast/css/pseudo-required-optional-005.html fails on background of input type="range"
-
-        Add ENABLE(RANGETYPE_AS_TEXT), which makes an <input type=range> display
-        as a textfield. This is the preferred fallback behavior if the range
-        input is not supported. The range input will still correctly respond
-        with the "range" type, and handle the "required" attribute correctly.
-
-        * wtf/Platform.h:
-
-2010-03-08  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Simon Fraser.
-
-        Add ENABLE(FRAME_FLATTENING_DEPRECATED), which wraps the code that explodes iframes within their parents.
-        
-        Investigation done for <rdar://problem/7674554>, Apex only.
-
-        * wtf/Platform.h:
-
-2010-03-13  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7751767> WebCore has a weak export of WebCore::jsString(JSC::ExecState*, WebCore::String const&)
-
-        Merged ToT WebKit r54405.
-
-    2010-02-04  Mark Rowe  <mrowe@apple.com>
-
-        Reviewed by Timothy Hatcher.
-
-        Build fix.  Remove a symbol corresponding to an inline function from the linker export
-        file to prevent a weak external failure.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Accommodate rename of script.
-
-2010-03-13  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7610586> Merge Safari Havoc changes from ToT WebKit (r53218-r54084)
-
-        Merged ToT WebKit r53218-r54084 on trunk.
-
-        2593 files changed, 102315 insertions(+), 46263 deletions(-)
-
-2010-02-05  David Kilzer  <ddkilzer@apple.com>
-
-        Fix definition of ENABLE_SHARED_WORKERS
-
-        Rubber-stamped by Simon Fraser.
-
-        * Configurations/FeatureDefines.xcconfig: Fixed
-        ENABLE_SHARED_WORKERS definition to be a variable.
-
-2010-02-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7618590> REGRESSION: JavaScriptCore is compiling with WTF_USE_JSVALUE32 instead of WTF_USE_JSVALUE32_64
-
-        Reviewed by David Carson.
-
-        * wtf/Platform.h: A "CPU(ARM)" test was added for USE(JSVALUE32)
-        which caused iPhone OS builds to define that macro instead of
-        USE(JSVALUE32_64).  The fix is to change that to
-        "CPU(ARM) && !PLATFORM(IPHONE)" so that it evaluates to false.
-
-2010-02-03  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX: Disable YARR and YARR_JIT features for PLATFORM(IPHONE)
-
-        Reviewed by build-webkit --development --hardware ARCHS="armv7".
-
-        Fixes the following build error:
-
-            cc1plus: warnings being treated as errors
-            In file included from JavaScriptCore/assembler/MacroAssembler.h:34,
-                             from JavaScriptCore/bytecode/Instruction.h:32,
-                             from JavaScriptCore/bytecode/CodeBlock.h:34,
-                             from JavaScriptCore/runtime/JSActivation.h:32,
-                             from JavaScriptCore/runtime/Arguments.h:27,
-                             from JavaScriptCore/runtime/Arguments.cpp:26:
-            JavaScriptCore/assembler/MacroAssemblerARMv7.h:874: warning: unused parameter 'cond'
-            JavaScriptCore/assembler/MacroAssemblerARMv7.h:882: warning: unused parameter 'cond'
-
-        * wtf/Platform.h: Explicitly disable the YARR an YARR_JIT
-        features for PLATFORM(IPHONE).  Previously they were being
-        enabled for armv7 builds, which caused the ASSEMBLER feature to
-        be enabled, which caused the build error.
-
-2010-02-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6973416> TLF: Merge with OS X WebKit (Safari Havoc)
-
-        Merged ToT WebKit r45705-r53217 on trunk.
-
-        12615 files changed, 743109 insertions(+), 175794 deletions(-)
-
-2010-01-28  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7588478> WebKit fails to build with http pipelining enabled in Apex
-
-        Reviewed by Aaron Golden.
-
-        The iPhone availibility macros are defined in Availability.h not
-        AvailabilityMacros.h.  Because Availability.h was not included,
-        the net effect was that anything that tested for _IPHONE_4_0 was
-        effectively disabled.  By including Availability.h in Platform.h
-        we ensure that these macros are defined properly everywhere.
-
-        * wtf/FastMalloc.cpp: Removed unneeded #include <Availability.h>.
-        * wtf/Platform.h: Added #include <Availability.h>.
-
-2010-01-19  Pratik Solanki  <psolanki@apple.com>
-
-        <rdar://problem/7534560> REGRESSION: Embedded Google Map does not show all information
-
-        Merge in r53341 from WebKit open source. Also merge in part of r49734
-        which refactors countPrototypeChainEntriesAndCheckForProxies to
-        normalizePrototypeChain.
-
-        Reviewed by David Kilzer.
-
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-
-    2010-01-14  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        REGRESISON: Google maps buttons not working properly
-        https://bugs.webkit.org/show_bug.cgi?id=31871
-
-        REGRESSION(r52948): JavaScript exceptions thrown on Google Maps when
-        getting directions for a second time
-        https://bugs.webkit.org/show_bug.cgi?id=33446
-        
-        SunSpider and v8 report no change.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID): Update our cached offset in case
-        flattening the dictionary changed any of its offsets.
-
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain): ditto
-
-2010-01-19  Pratik Solanki  <psolanki@apple.com>
-
-        Rename countPrototypeChainEntriesAndCheckForProxies to normalizePrototypeChain.
-        This is part of the change from r49734 in open source WebKit.
-
-        This is needed to merge in the fix for <rdar://7534560>
-
-        Reviewed by David Kilzer.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID): Updated for rename to
-        "normalizePrototypeChain"
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID): Updated for rename to
-        "normalizePrototypeChain"
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain): Renamed countPrototypeChainEntriesAndCheckForProxies
-        to normalizePrototypeChain, since it changes dictionary prototypes to
-        non-dictionary objects.
-
-2010-01-12  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7387208> Enable http pipelining in WebKit
-
-        Reviewed by David Carson.
-
-        * wtf/Platform.h: Added ENABLE(HTTP_PIPELINING) macro and
-        enabled it for PLATFORM(IPHONE) on Apex and later.
-
-2010-01-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7519233> Assertion failure in Interpreter.cpp:1047 !baseObject->structure()->isUncacheableDictionary()
-
-        Merged ToT WebKit r50704.
-
-        * runtime/Structure.cpp:
-        (JSC::Structure::flattenDictionaryStructure): Since the
-        anonymousSlotCount changes haven't been merged, just set the
-        value to 0.  Change suggested by Geoff Garen.
-
-    2009-11-09  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Gavin Barraclough.
-
-        Can cache prototype lookups on uncacheable dictionaries.
-        https://bugs.webkit.org/show_bug.cgi?id=31198
-
-        Replace fromDictionaryTransition with flattenDictionaryObject and
-        flattenDictionaryStructure.  This change is necessary as we need to
-        guarantee that our attempt to convert away from a dictionary structure
-        will definitely succeed, and in some cases this requires mutating the
-        object storage itself.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::tryCacheGetByID):
-        * jit/JITStubs.cpp:
-        (JSC::JITThunks::tryCacheGetByID):
-        (JSC::DEFINE_STUB_FUNCTION):
-        * runtime/BatchedTransitionOptimizer.h:
-        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
-        * runtime/JSObject.h:
-        (JSC::JSObject::flattenDictionaryObject):
-        * runtime/Operations.h:
-        (JSC::normalizePrototypeChain):
-        * runtime/Structure.cpp:
-        (JSC::Structure::flattenDictionaryStructure):
-        (JSC::comparePropertyMapEntryIndices):
-        * runtime/Structure.h:
-
-2009-12-25  Cameron Zwarich  <zwarich@apple.com>
-
-        <rdar://problem/7498357> Enable WTF_USE_JSVALUE32_64 for armv6 with llvm-gcc-4.2
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h: Now that WebKit is being compiled with LLVM to match JavaScriptCore
-        and WebCore, reenable JSVALUE32_64 on armv6 with llvm-gcc-4.2.
-
-2009-12-24  Cameron Zwarich  <zwarich@apple.com>
-
-        <rdar://problem/7493635> Crashes in JavaScriptCore::Heap::unprotect() in apps using UIWebView
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h: Roll out r125950, the fix for <rdar://problem/7488182> Enable
-        WTF_USE_JSVALUE32_64 for armv6 with llvm-gcc-4.2. It appears to be hitting a bug
-        in the compiler.
-
-2009-12-20  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7488182> Enable WTF_USE_JSVALUE32_64 for armv6 with llvm-gcc-4.2
-
-        Reviewed by Cameron Zwarich.
-
-        * wtf/Platform.h: Updated to enable USE(JSVALUE32_64) when
-        compiling with llvm-gcc-4.2 and targeting armv6 since it doesn't
-        have this compiler bug (<rdar://problem/7478149>).
-
-2009-12-19  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7486926> Change Register constructors to assignment operators to work around gcc-4.2 bug
-
-        Merge ToT WebKit r52343.
-
-    2009-12-18  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Cameron Zwarich and Gavin Barraclough.
-
-        Changed Register constructors to assignment operators, to streamline
-        moving values into registers. (In theory, there's no difference between
-        the two, since the constructor should just inline away, but there seems
-        to be a big difference in the addled mind of the GCC optimizer.)
-
-        In the interpreter, this is a 3.5% SunSpider speedup and a 1K-2K
-        reduction in stack usage per privateExecute stack frame.
-
-        * interpreter/CallFrame.h:
-        (JSC::ExecState::setCalleeArguments):
-        (JSC::ExecState::setCallerFrame):
-        (JSC::ExecState::setScopeChain):
-        (JSC::ExecState::init):
-        (JSC::ExecState::setArgumentCount):
-        (JSC::ExecState::setCallee):
-        (JSC::ExecState::setCodeBlock): Added a little bit of casting so these
-        functions could use the new Register assignment operators.
-
-        * interpreter/Register.h:
-        (JSC::Register::withInt):
-        (JSC::Register::Register):
-        (JSC::Register::operator=): Swapped in assignment operators for constructors.
-
-2009-12-17  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7451823> Investigate using WTF_USE_JSVALUE32_64 on ARM
-
-        Reviewed by Cameron Zwarich.
-
-        Merged ToT WebKit r52231 to fix the recursion crash after
-        enabling USE(JSVALUE32_64).  Also worked around a gcc-4.2 bug
-        on armv6 (<rdar://problem/7478149>) by using USE(JSVALUE32) when
-        compiling armv6.
-
-        This also addresses:
-        <rdar://problem/7469369> SunSpider times regressed from Wildcat7B279 to Wildcat 7B280a
-
-        * wtf/Platform.h: Enable USE(JSVALUE32_64) for armv7.  Continue
-        using USE(JSVALUE32) for armv6 until <rdar://problem/7478149> is
-        fixed.
-
-    2009-12-16  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed <rdar://problem/7355025> Interpreter::privateExecute macro generates
-        bloated code
-
-        This patch cuts Interpreter stack use by about a third.
-
-        * bytecode/Opcode.h: Changed Opcode to const void* to work with the
-        const static initiliazation we want to do in Interpreter::privateExecute.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::Interpreter): Moved hashtable initialization here to
-        avoid polluting Interpreter::privateExecute's stack, and changed it from a
-        series of add() calls to one add() call in a loop, to cut down on code size.
-
-        (JSC::Interpreter::privateExecute): Changed a series of label computations
-        to a copy of a compile-time constant array to cut down on code size.
-
-2009-12-17  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7002948> Backout workaround for bogus -Wmissing-prototypes warnings on SnowLeopard
-
-        Reviewed by Greg Bolsinga.
-
-        * Configurations/Base.xcconfig: Re-enable -Wmissing-prototypes
-        for hardware builds.
-
-2009-12-10  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7266331> Merge WebKit engine changes from Safari Bronco
-
-        Merged ToT WebKit r46833-r50479 on the safari-4-branch to iPhone WebKit.
-        
-2009-12-10  David Kilzer  <ddkilzer@apple.com>
-
-        Don't enable the fast malloc scavenge thread on iPhone OS
-
-        * wtf/FastMalloc.cpp: Until we can measure the performance
-        impact and/or benefits, don't enable the scavenge thread on
-        iPhone OS.
-
-2009-12-10  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7450578> CrashTracer: [USER] 3 crashes in DumpRenderTree at JavaScriptCore: JSC::stringProtoFuncReplace + 12
-
-        * wtf/Platform.h: Continue using WTF_USE_JSVALUE32 for
-        PLATFORM(IPHONE) since WTF_USE_JSVALUE32_64 causes crashes.
-
-2009-12-04  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7437124> Build JavaScriptCore with LLVM for Apex
-
-        Reviewed by Greg Bolsinga.
-
-        * Configurations/Base.xcconfig: Don't build JavaScriptCore with
-        llvm-gcc-4.2 for the iPhone Simulator just yet.
-
-2009-12-04  David Kilzer  <ddkilzer@apple.com>
-
-        BUILD FIX: Make sure malloc_introspection_t is NULL-terminated for Wildcat hardware builds
-
-        * wtf/FastMalloc.cpp:
-        (jscore_fastmalloc_introspection): When defining this struct,
-        the NULL terminator is required on Wildcat hardware, Apex
-        hardware and Apex simulator builds, but not Wildcat simulator
-        builds.  Thus, we have to restore the __IPHONE_3_2 check that
-        was removed in r123040 and keep the __IPHONE_4_0 check.  (The
-        Apex simulator build will continue to fail until the next Apex
-        SDK is released with Snow Leopard's CF/Foundation integrated.)
-
-2009-12-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7437124> Build JavaScriptCore with LLVM for Apex
-
-        Reviewed by Cameron Zwarich.
-
-        * Configurations/Base.xcconfig: Use llvm-gcc-4.2 when building
-        for the iPhone OS 4.0 Internal SDK and iPhone Simulator 4.0 SDK.
-
-2009-11-10  David Kilzer  <ddkilzer@apple.com>
-
-        Introduce ENABLE(TEXT_AUTOSIZING)
-
-        Reviewed by Greg Bolsinga.
-
-        * wtf/Platform.h: Defined ENABLE_TEXT_AUTOSIZING to 1 for
-        PLATFORM(IPHONE) and 0 for all other platforms.
-
-2009-11-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7311412> iPhone: REGRESSION (r48687): Pages on ucas.com appear blank (30424)
-
-        Reverted iPhone WebKit r112546, which originally fixed:
-        <rdar://problem/7239662> iPhone: CrashTracer: [USER] 1 crash in Safari at com.apple.WebCore • WebCore::ThreadTimers::fireTimers + 135 • abort() called
-
-        The eventual fix will be picked up with the merge for Safari
-        Bronco.
-
-        * wtf/Forward.h:
-
-2009-09-30  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7239662> iPhone: CrashTracer: [USER] 1 crash in Safari at com.apple.WebCore • WebCore::ThreadTimers::fireTimers + 135 • abort() called
-
-        Merged ToT WebKit r48650.
-
-    2009-09-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        * wtf/Forward.h: Added PassOwnPtr.
-
-2009-09-28  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7257975> LayoutTests/fast/js/postfix-syntax.html fails on interpreter
-
-        Merged ToT WebKit r45904 from <http://webkit.org/b/27294>.
-
-    2009-07-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Simon Hausmann.
-
-        REGRESSION: fast/js/postfix-syntax.html fails with interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=27294
-
-        When postfix operators operating on locals assign to the same local
-        the order of operations has to be to store the incremented value, then
-        store the unmodified number.  Rather than implementing this subtle
-        semantic in the interpreter I've just made the logic explicit in the
-        bytecode generator, so x=x++ effectively becomes x=ToNumber(x) (for a
-        local var x).
-
-        * parser/Nodes.cpp:
-        (JSC::emitPostIncOrDec):
-
-2009-09-28  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7258042> LayoutTests/fast/js/kde/arguments-scope.html fails on interpreter
-
-        Merged ToT WebKit r45903 from <http://webkit.org/b/27259>.
-
-    2009-07-15  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Simon Hausmann.
-
-        REGRESSION(43559): fast/js/kde/arguments-scope.html fails with interpreter
-        https://bugs.webkit.org/show_bug.cgi?id=27259
-
-        The interpreter was incorrectly basing its need to create the arguments object
-        based on the presence of the callframe's argument reference rather than the local
-        arguments reference.  Based on this it then overrode the local variable reference.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::privateExecute):
-
-2009-09-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7241653> Changes to export files not always picked up
-
-        Merged ToT WebKit r48685 from <http://webkit.org/b/29660>.
-
-    2009-09-23  David Kilzer  <ddkilzer@apple.com>
-
-        Move definition of USE(PLUGIN_HOST_PROCESS) from WebKitPrefix.h to Platform.h
-
-        Reviewed by Mark Rowe.
-
-        * wtf/Platform.h: Define WTF_USE_PLUGIN_HOST_PROCESS to 1 when
-        building on 64-bit SnowLeopard.  Define to 0 elsewhere.
-
-2009-09-22  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7241653> Changes to export files not always picked up
-
-        Reviewed by Paul Knight.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Fixed order of build
-        phase scripts to match ToT WebKit.
-
-2009-09-21  Greg Bolsinga  <bolsinga@apple.com>
-
-        Merged TOT WebKit r48609.
-
-        Thsi brings over the Open Source change for 
-        ENABLE(ORIENTATION_EVENTS), and removes the previous
-        portions that do not apply and fixes bugs.
-
-        * wtf/Platform.h:
-
-2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Merged TOT WebKit r48430.
-
-        This basically brings over the Open Source change for
-        ENABLE_INSPECTOR, and removes the previous portions
-        that do not apply (FeatureDefines.xcconfig, build-webkit,
-        and EXCLUDED_SOURCE_FILE_NAMES changes).
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Merged TOT WebKit r48429.
-
-        This basically brings over the Open Source change for
-        ENABLE_CONTEXT_MENUS, and removes the previous portions
-        that do not apply (FeatureDefines.xcconfig, build-webkit,
-        and EXCLUDED_SOURCE_FILE_NAMES changes).
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Fix a bad merge in the previous commit.
-        
-        * wtf/Platform.h:
-
-2009-09-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Merged TOT WebKit r46437.
-        
-        This basically brings over the Open Source change for 
-        ENABLE_DRAG_SUPPORT, and removes the previous portions
-        that do not apply (FeatureDefines.xcconfig, build-webkit, 
-        and EXCLUDED_SOURCE_FILE_NAMES changes).
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-09-11  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/6732593> Add ENABLE(CONTEXT_MENU)
-
-        Set up defaults for ENABLE_CONTEXT_MENU (off for iPhone, on for Mac OS X)
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-09-11  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/6732599> Add ENABLE(DRAG_SUPPORT)
-
-        Set up defaults for ENABLE_DRAG_SUPPORT (off for iPhone, on for Mac OS X)
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-09-10  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        <rdar://problem/6732605> Add ENABLE(INSPECTOR)
-        
-        Set up defaults for ENABLE_INSPECTOR (off for iPhone, on for Mac OS X)
-
-        * Configurations/FeatureDefines.xcconfig:
-        * wtf/Platform.h:
-
-2009-08-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7154895> Annotate WTF assertion methods to prevent false-positives from clang static analyzer
-
-        Reviewed by David Carson.
-
-        * wtf/Assertions.h: Added CLANG_ANALYZER_NORETURN macro
-        definition. Added #include <stdbool.h> for definition of false
-        in C source.
-        (WTFReportAssertionFailure): Added CLANG_ANALYZER_NORETURN
-        annotation to fix false-positives in ASSERT() macro.
-        (WTFReportAssertionFailureWithMessage): Ditto for
-        ASSERT_WITH_MESSAGE() macro.
-        (WTFReportArgumentAssertionFailure): Ditto for ASSERT_ARG()
-        macro.
-        (WTFReportFatalError): Ditto for FATAL() macro.
-
-2009-08-16  David Kilzer  <ddkilzer@apple.com>
-
-        Move #define _DONT_USE_CTYPE_INLINE_ to <wtf/DisallowCType.h>
-
-        Reviewed by Greg Bolsinga.
-
-        All source files fail to build for the iPhone OS SDK and the
-        iPhone Simulator SDK unless _DONT_USE_CTYPE_INLINE_ is defined
-        before including <ctype.h>.  Instead of defining it in
-        WebCorePrefix.h and WebKitPrefix.h, move the definition to
-        DisallowCType.h since that header is already included in
-        WebCore/config.h and WebKit/WebKitPrefix.h.
-
-        * wtf/DisallowCType.h: Added #define _DONT_USE_CTYPE_INLINE_ for
-        PLATFORM(IPHONE).
-
-2009-08-11  David Carson  <dacarson@apple.com>
-
-        <rdar://problem/7125030> Reproducible assertion failure in JavaScriptCore with google maps
-
-        Reviewed by Greg Bolsinga
-
-        Comment out ASSERTs as MobileSafari allocs on main thread and frees on Web thread.
-
-        * wtf/CrossThreadRefCounted.h:
-        (WTF::::ref):
-        (WTF::::deref):
-
-2009-08-07  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7128246> Soft link MobileQuickLook only once
-
-        Reviewed by Cameron Zwarich.
-
-        * wtf/Platform.h: Added USE(MOBILE_QUICK_LOOK) macro.
-
-2009-08-02  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6907691> TLF: Merge Safari 4.0.3 SnowLeopard GM2 release (Rocket)
-
-        Merged ToT WebKit r45764-r46452 on safari-4-branch (Safari Rocket branch).
-
-        276 files changed, 4992 insertions(+), 3928 deletions(-)
-
-2009-08-02  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6907691> TLF: Merge Safari 4.0.3 SnowLeopard GM2 release (Rocket)
-
-        Merged ToT WebKit r43832-r45704 on trunk (up to the Rocket branch point).
-
-        3104 files changed, 429041 insertions(+), 273643 deletions(-)
-
-2009-07-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/7082861> Eclair content isn't working after Jetstream merge
-
-        Reviewed by Cameron Zwarich.
-
-        * wtf/Platform.h: Define WTF_USE_ACCELERATED_COMPOSITING for
-        PLATFORM(IPHONE).  It's also currently defined in
-        WebCore/config.h, but not in such a way as to enable it for
-        iPhone WebKit, and the config.h definition will be removed in a
-        later merge.
-
-2009-06-24  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6930369> Simulator should build with MACOSX_DEPLOYMENT_TARGET=10.5 on SnowLeopard
-
-        Reviewed by Cameron Zwarich.
-
-        * Configurations/DebugRelease.xcconfig: Set
-        MACOSX_DEPLOYMENT_TARGET=10.5 when building for iphoneos and
-        iphonesimulator platforms.
-
-2009-06-24  David Kilzer  <ddkilzer@apple.com>
-
-        Disable -Wmissing-prototypes when compiling for iphoneos
-
-        Reviewed by Cameron Zwarich.
-
-        This is a workaround for: <rdar://problem/6930844> SnowLeopard+Kirkwood: cc1plus: warning: command line option "-Wmissing-prototypes" is valid for C/ObjC but not for C++
-
-        * Configurations/Base.xcconfig: Disable -Wmissing-prototypes
-        when compiling for iphoneos.
-
-2009-06-18  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6954277> JavaScriptCore-525 fails to build in Wildcat
-
-        Reviewed by David Carson.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::): The CoreOS changes to
-        malloc_introspection_t have been merged into Northstar+1, so
-        change the macro test accordingly.
-
-2009-06-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6830711> JavascriptCore fails to verify when built armv5
-
-        Patch by Anthony O'Blennis Yvanovich.  Reviewed by David Kilzer.
-
-        * Configurations/Base.xcconfig: Added
-        GCC_GENERATE_DEBUGGING_SYMBOLS_armv5.
-        * Configurations/JavaScriptCore.xcconfig: Added
-        EXPORTED_SYMBOLS_FILE_armv5.
-
-2009-06-01  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/6888365> CrashTracer: [USER] 1 crash in MobileSafari at WebCore • WebCore::JSEventTargetNode::getOwnPropertySlot + 9
-
-        When using WebKit in threaded mode on iPhone, JavaScriptCore runs in the
-        web thread, which is a secondary thread and thus has 512 kb of stack space
-        by default. The relatively low amount of stack space was causing stack
-        overflows when approaching the JavaScriptCore reentrancy limit. The solution
-        is to simultaneously decrease the reentrancy limit while increasing the
-        amount of stack space available for the web thread.
-
-        * interpreter/Interpreter.h: decrease the reentrancy limit from 128 to
-        100. I have never seen an actual web page that requires a limit higher
-        than 65, but the Celtic Kane benchmark requires a limit of 94, at least
-        with our current implementation of certain runtime methods. While this
-        benchmark is completely stupid, it is still important that we are able
-        to run it.
-
-2009-05-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6917404> JavaScriptCore_Sim fails to build in Apex
-
-        Since the iPhone Simulator is currently built on Leopard (not
-        SnowLeopard), we must exclude the malloc_introspection_t fix
-        when building JavaScriptCore_Sim for Apex.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::jscore_fastmalloc_introspection): Added check for
-        !PLATFORM(IPHONE_SIMULATOR) when building on Apex or newer.
-
-2009-05-21  Cameron Zwarich  <zwarich@apple.com>
-
-        Reviewed by David Kilzer.
-
-        I wanted to merge our change to tag TCMalloc memory, but Mark Rowe
-        informed me that this is pointless, because TCMalloc has its own
-        MallocZone and vmmap only needs tags to distinguish between
-        allocations if they are not associated with a zone.
-
-        *  wtf/TCSystemAlloc.cpp: remove mmapFileDescriptor.
-        (TryMMap): pass -1 to mmap instead of mmapFileDescriptor, matching
-        desktop WebKit.
-        (TCMalloc_SystemRelease): ditto.
-
-2009-05-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6912575> iPhone: REGRESSION: cached DOM global object property access fails in browser (25921)
-
-        Merged ToT WebKit r44016.
-
-    2009-05-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Maciej Stachowiak.
-
-        <rdar://problem/6910264> REGRESSION: Cached DOM global object property access fails in browser (25921)
-        <https://bugs.webkit.org/show_bug.cgi?id=25921>
-
-        When caching properties on the global object we need to ensure that we're
-        not attempting to cache through a shell object.
-
-        * interpreter/Interpreter.cpp:
-        (JSC::Interpreter::resolveGlobal):
-        * jit/JITStubs.cpp:
-        (JSC::JITStubs::cti_op_resolve_global):
-
-2009-05-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6886808> JavaScriptCore fails to build in RacerFive
-
-        Merged ToT WebKit r41023.
-
-    2009-02-16  Mark Rowe  <mrowe@apple.com>
-
-        Build fix.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::):
-        (WTF::TCMallocStats::FastMallocZone::FastMallocZone):
-
-2009-05-03  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by David Carson.
-
-        <rdar://problem/6850915> REGRESSION (SUTimberline): Reduce the size of the FastMalloc thread cache (from 6410061)
-
-        Merge back r73166 from SUTimberline.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Changes constant back to SUTimberline value.
-        - Code reviewed by: David Carson.
-        - Testing details: Tested that a rerun of a short session
-          (google->nytimes->wsj->google) produces 1MB difference in
-          FastMalloc dirty pages.  Verified basic browsing was
-          unaffected.
-
-        * wtf/FastMalloc.cpp: Changed thread cache size from 2MB to 0.5MB.
-
-2009-04-30  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6842050> MERGE: Javascript, ParseInt and Negative value
-
-        Merged ToT WebKit r42607.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Fixed parsing of negative integer values.
-        - Code reviewed by: Oliver Hunt.
-        - Testing details: Ran javascriptcore and layout tests.
-          Verified basic browsing was unaffected.
-
-    2009-04-08  Mihnea Ovidenie  <mihnea@adobe.com>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 25027: JavaScript parseInt wrong on negative numbers
-        <https://bugs.webkit.org/show_bug.cgi?id=25027>
-
-        When dealing with negative numbers, parseInt should use ceil instead of floor.
-
-        * runtime/JSGlobalObjectFunctions.cpp:
-        (JSC::globalFuncParseInt):
-
-2009-04-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6015733> iPhone: UString::expandCapacity called with addition as parameter, that could overflow
-
-        Merged ToT WebKit r42988.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Updated integer overflow check.
-        - Code reviewed by: Maciej Stachowiak.
-        - Testing details: Ran javascriptcore and layout tests.
-          Verified basic browsing was unaffected.
-
-    2009-04-28  David Kilzer  <ddkilzer@apple.com>
-
-        A little more hardening for UString
-
-        Reviewed by Maciej Stachowiak.
-
-        Revised fix for <rdar://problem/5861045> in r42644.
-
-        * runtime/UString.cpp:
-        (JSC::newCapacityWithOverflowCheck): Added.
-        (JSC::concatenate): Used newCapacityWithOverflowCheck().
-        (JSC::UString::append): Ditto.
-
-2009-04-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6836543> Build system issues with ENABLE_RESPECT_EXIF_ORIENTATION
-
-        Reviewed by Greg Bolsinga.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Removed unneeded FEATURE_DEFINES from *.xcconfig
-          files and build-webkit.  Does not affect B&I builds.
-        - Code reviewed by: Greg Bolsinga.
-        - Testing details: Built Development and Deployment_Hardware
-          configurations using build-webkit.
-
-        * Configurations/JavaScriptCore.xcconfig: Removed unneeded
-        ENABLE_RESPECT_EXIF_ORIENTATION from FEATURE_DEFINES.
-
-2009-04-28  Greg Bolsinga  <bolsinga@apple.com>
-
-        <rdar://problem/6832549> REGR: Canvas is busted
-        --- Submission Information ---
-        - Risk level: Medium
-        - Risk details: Images could still be screwed up somehow in a way not yet found.
-        - Code reviewed by: David Kilzer
-        - Testing details: The canvas example in the bug and photos copied from Photos to Mail to verify the bug that broke canvas still works.
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * wtf/Platform.h:
-        Add ENABLE_RESPECT_EXIF_ORIENTATION where needed.
-
-2009-04-20  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6015744> iPhone: Integer overflow in JSStringCreateWithCFString
-
-        Merged ToT WebKit r42659, r42662.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Added sanity check to prevent integer overflow.
-        - Code reviewed by: Dan Bernstein and Darin Adler.  Patch by Sam Weinig.
-        - Testing details: Ran layout tests.  Verified basic browsing
-          was unaffected.
-
-    2009-04-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Darin Adler.
-
-        Better fix for JSStringCreateWithCFString hardening.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-
-    2009-04-19  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Dan Bernstein.
-
-        Fix for <rdar://problem/5860954>
-        Harden JSStringCreateWithCFString against malformed CFStringRefs.
-
-        * API/JSStringRefCF.cpp:
-        (JSStringCreateWithCFString):
-
-2009-04-18  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6015733> iPhone: UString::expandCapacity called with addition as parameter, that could overflow
-
-        Merged ToT WebKit r42644.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Added sanity checks to prevent integer overflow exploits.
-        - Code reviewed by: Mark Rowe.  Patch by Sam Weinig.
-        - Testing details: Ran layout tests.  Verified basic browsing
-          was unaffected.
-
-    2009-04-18  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe.
-
-        Fix for <rdar://problem/5861045>
-        A little bit of hardening for UString.
-
-        * runtime/UString.cpp:
-        (JSC::concatenate):
-        (JSC::UString::append):
-
-2009-04-18  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6015721> iPhone: Integer overflow (m_size + dataSize) in wtf::Vector::append
-
-        Merged ToT WebKit r42643.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Added sanity check to prevent integer overflow exploits.
-        - Code reviewed by: Mark Rowe and Dan Bernstein.  Patch by Sam Weinig.
-        - Testing details: Ran layout tests.  Verified basic browsing
-          was unaffected.
-
-    2009-04-18  Sam Weinig  <sam@webkit.org>
-
-        Reviewed by Mark Rowe and Dan Bernstein.
-
-        Fix for <rdar://problem/5861188>
-        A little bit of hardening for Vector.
-
-        * wtf/Vector.h:
-        (WTF::Vector<T, inlineCapacity>::append):
-        (WTF::Vector<T, inlineCapacity>::insert):
-
-2009-04-17  David Carson  <dacarson@apple.com>
-
-        Reviewed by David Kilzer, Richard Williamson
-
-        <rdar://problem/6674885> Pasted image from Camera album is rotated
-
-        Read the orientation from the image data and make it available to
-        the drawing code. When drawing the image, orientate the image
-        according to the EXIF orientation code.
-        This patch is a copy of the patch attached to WebKit bug:
-        https://bugs.webkit.org/show_bug.cgi?id=19688
-
-        --- Submission Information ---
-        - Risk level: Med
-        - Risk details: Web sites could have mis-matched orientation
-          data. Though, I could not find any such site.
-        - Code reviewed by: David Kilzer, Richard Williamson
-        - Testing details: Tested pasting images into mail that
-          were taken with the iPhone camera. Tested photo sites
-          flickr.com, picasaweb.google.com and MobileMe.
-
-        * wtf/Platform.h:
-          Turn on ENABLE_RESPECT_EXIF_ORIENTATION
-
-2009-04-17  Drew Wilson  <amw@apple.com>
-
-        Reviewed by Dan Bernstein, Debbie Goldsmith, Brad Moore.
-
-        * ChangeLog-PEP:
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::hasLineBreakingPropertyComplexContextOrIdeographic):
-
-2009-04-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6718589> Turn off SVG DOM Objective-C bindings in WebCore and WebKit
-
-        Merged ToT WebKit r42345.
-
-        --- Submission Information ---
-        - Risk level: Medium
-        - Risk details: Disabling a feature that has been present since
-          BigBear (iPhone OS 2.0).
-        - Code reviewed by: Darin Adler and Maciej Stachowiak.
-        - Testing details: Built Development, Deployment,
-          Development_Hardware and Deployment_Hardware configurations of
-          JavaScriptCore, WebCore and WebKit.  Verified basic browsing
-          was unaffected.
-
-    2009-04-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings
-
-        Reviewed by Darin Adler and Maciej Stachowiak.
-
-        Introduce the ENABLE_SVG_DOM_OBJC_BINDINGS feature define so
-        that SVG DOM Objective-C bindings may be optionally disabled.
-
-        * Configurations/JavaScriptCore.xcconfig: Added
-        ENABLE_SVG_DOM_OBJC_BINDINGS variable and use it in
-        FEATURE_DEFINES.
-
-2009-04-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6511168> MERGE: iPhone: Thai text selection in Safari is incorrect
-
-        Merged ToT WebKit r41607.
-
-    2009-03-11  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Darin Adler.
-
-        - WTF support for fixing <rdar://problem/3919124> Thai text selection
-          in Safari is incorrect
-
-        * wtf/unicode/icu/UnicodeIcu.h:
-        (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added. Returns
-        whether the character has Unicode line breaking property value SA
-        ("Complex Context").
-        * wtf/unicode/qt4/UnicodeQt4.h:
-        (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added an
-        implementation that always returns false.
-
-2009-04-02  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6746155> WebCore and WebKit Development_Hardware ARCHS seems wrong.
-
-        Reviewed by Simon Fraser.
-
-        This change only affects local Development[_Hardware] and
-        Deployment[_Hardware] builds using Xcode, whose configurations
-        are based on DebugRelease.xcconfig.
-
-        * Configurations/DebugRelease.xcconfig: Simplified ARCHS value
-        and used $(ARCHS_STANDARD_32_BIT) for iphoneos platform instead
-        of hard-coding "armv6".
-
-2009-04-01  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by David Kilzer.
-
-        <rdar://problem/6746296> Update order file for JavaScriptCore
-
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.iPhone.order: Added.
-
-2009-04-01  Greg Bolsinga  <bolsinga@apple.com>
-
-        Bring over https://bugs.webkit.org/show_bug.cgi?id=24990
-        
-        Reviewed by David Kilzer
-    
-    2009-04-01  Greg Bolsinga  <bolsinga@apple.com>
-
-            Reviewed by Mark Rowe.
-            
-            https://bugs.webkit.org/show_bug.cgi?id=24990
-            Put SECTORDER_FLAGS into xcconfig files.
-
-            * Configurations/Base.xcconfig:
-            * Configurations/DebugRelease.xcconfig:
-
-2009-03-29  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 23676: Speed up uses of reserveCapacity on new vectors by adding a new reserveInitialCapacity
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23676>
-
-        Merged ToT WebKit r40501.  Needed to fix <rdar://problem/6733652>.
-
-    2009-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        Bug 23676: Speed up uses of reserveCapacity on new vectors by adding a new reserveInitialCapacity
-        https://bugs.webkit.org/show_bug.cgi?id=23676
-
-        * API/JSObjectRef.cpp:
-        (JSObjectCopyPropertyNames): Use reserveInitialCapacity.
-        * parser/Lexer.cpp:
-        (JSC::Lexer::Lexer): Ditto.
-        (JSC::Lexer::clear): Ditto.
-
-        * wtf/Vector.h: Added reserveInitialCapacity, a more efficient version of
-        reserveCapacity for use when the vector is brand new (still size 0 with no
-        capacity other than the inline capacity).
-
-2009-03-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6712454> Fix JavaScript function compatability issues
-
-        Merged ToT WebKit r41851 and r41895.
-
-        Note that the testapi.c changes were not merged with r41895.
-
-    2009-03-21  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        Ensure that JSObjectMakeFunction doesn't produce incorrect line numbers.
-
-        Also make test api correctly propagate failures.
-
-        * API/tests/testapi.c:
-        (main):
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-
-    2009-03-19  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Oliver Hunt.
-
-        Bug 24350: REGRESSION: Safari 4 breaks SPAW wysiwyg editor multiple instances
-        <https://bugs.webkit.org/show_bug.cgi?id=24350>
-        <rdar://problem/6674182>
-
-        The SPAW editor's JavaScript assumes that toString() on a function
-        constructed with the Function constructor produces a function with
-        a newline after the opening brace.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction): Add a newline after the opening brace of the
-        function's source code.
-
-2009-03-23  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6464366> REGRESSION: Fix Debug Console message printed for slow script (10 second) timeout
-
-        Merged ToT WebKit r41912.
-
-    2009-03-23  David Kilzer  <ddkilzer@apple.com>
-
-        Provide JavaScript exception information after slow script timeout
-
-        Reviewed by Oliver Hunt.
-
-        * runtime/Completion.cpp:
-        (JSC::evaluate): Set the exception object as the Completion
-        object's value for slow script timeouts.  This is used in
-        WebCore when reporting the exception.
-        * runtime/ExceptionHelpers.cpp:
-        (JSC::InterruptedExecutionError::toString): Added.  Provides a
-        description message for the exception when it is reported.
-
-2009-03-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6708484> iPhone: REGRESSION (Safari 4): regular expression pattern size limit lower than Safari 3.2, other browsers, breaks SAP (14873)
-
-        Merged ToT WebKit r41842.
-
-    2009-03-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Sam Weinig.
-
-        Fixed <rdar://problem/6603562> REGRESSION (Safari 4): regular expression
-        pattern size limit lower than Safari 3.2, other browsers, breaks SAP (14873)
-
-        Bumped the pattern size limit to 1MB, and standardized it between PCRE
-        and WREC. (Empirical testing says that we can easily compile a 1MB regular
-        expression without risking a hang. Other browsers support bigger regular
-        expressions, but also hang.)
-
-        SunSpider reports no change.
-
-        I started with a patch posted to Bugzilla by Erik Corry (erikcorry@google.com).
-
-        * pcre/pcre_internal.h:
-        (put3ByteValue):
-        (get3ByteValue):
-        (put3ByteValueAndAdvance):
-        (putLinkValueAllowZero):
-        (getLinkValueAllowZero): Made PCRE's "LINK_SIZE" (the number of bytes
-        used to record jumps between bytecodes) 3, to accomodate larger potential
-        jumps. Bumped PCRE's "MAX_PATTERN_SIZE" to 1MB. (Technically, at this
-        LINK_SIZE, we can support even larger patterns, but we risk a hang during
-        compilation, and it's not clear that such large patterns are important
-        on the web.)
-
-        * wrec/WREC.cpp:
-        (JSC::WREC::Generator::compileRegExp): Match PCRE's maximum pattern size,
-        to avoid quirks between platforms.
-
-2009-03-20  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6696219> iPhone: REGRESSION (Safari 4): Incorrect function return value when using IE "try ... finally" memory leak work-around (24654)
-
-        Merged ToT WebKit r41806.
-
-    2009-03-17  Oliver Hunt  <oliver@apple.com>
-
-        Reviewed by Cameron Zwarich.
-
-        <rdar://problem/6692138> REGRESSION (Safari 4): Incorrect function return value when using IE "try ... finally" memory leak work-around (24654)
-        <https://bugs.webkit.org/show_bug.cgi?id=24654>
-
-        If the return value for a function is in a local register we need
-        to copy it before executing any finalisers, otherwise it is possible
-        for the finaliser to clobber the result.
-
-        * bytecompiler/BytecodeGenerator.h:
-        (JSC::BytecodeGenerator::hasFinaliser):
-        * parser/Nodes.cpp:
-        (JSC::ReturnNode::emitBytecode):
-
-2009-03-20  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6033956> iPhone: integer overflow and lack of null check in KJS::Collector::heapAllocate
-
-        Merged ToT WebKit r41854.
-
-    2009-03-19  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Oliver Hunt.
-
-        Fixed <rdar://problem/6033712> -- a little bit of hardening in the Collector.
-
-        SunSpider reports no change. I also verified in the disassembly that
-        we end up with a single compare to constant.
-
-        * runtime/Collector.cpp:
-        (JSC::Heap::heapAllocate):
-
-2009-03-15  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6666796> iPhone: REGRESSION (r38635): Single line JavaScript comment prevents HTML button click handler execution (24291)
-
-        Merged ToT WebKit r41565.
-
-    2009-03-10  Cameron Zwarich  <cwzwarich@uwaterloo.ca>
-
-        Reviewed by Geoff Garen.
-
-        Bug 24291: REGRESSION (r38635): Single line JavaScript comment prevents HTML button click handler execution
-        <https://bugs.webkit.org/show_bug.cgi?id=24291>
-        <rdar://problem/6663472>
-
-        Add an extra newline to the end of the body of the program text constructed
-        by the Function constructor for parsing. This allows single line comments to
-        be handled correctly by the parser.
-
-        * runtime/FunctionConstructor.cpp:
-        (JSC::constructFunction):
-
-2009-03-15  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6586232> Merge commits on Safari Hurricane branch
-
-        Merged ToT Safari Hurricane branch (webkit/branches/Safari-6528)
-        through r41575 on the branch.
-
-        278 files changed, 26981 insertions(+), 16358 deletions(-)
-
-2009-03-05  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Dave Hyatt.
-        
-        <rdar://problem/6591072> REGRESSION: Bring back repaint throttling during page loading
-
-        Intergrate r41431 from the open source TOT.
-        
-        Enable it for the phone.
-
-        * wtf/Platform.h:
-
-2009-03-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6645446> JavaScriptCore and WebCore should compile with -Wshorten-64-to-32
-
-        Reviewed by David Carson.
-
-        * Configurations/Base.xcconfig: Added -Wshorten-64-to-32 to
-        iphoneos and iphonesimulator builds.  No other code changes
-        required.
-
-2009-03-04  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6571915> WebKit-333 doesn't install complete headers during installhdrs
-
-        Merged ToT WebKit r41417.
-
-        * Configurations/Base.xcconfig: Switched from PLATFORM_NAME to
-        REAL_PLATFORM_NAME in iPhone-only variables.
-        * Configurations/DebugRelease.xcconfig: Ditto.
-        * Configurations/JavaScriptCore.xcconfig: Ditto.
-
-    2009-03-03  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6581203> WebCore and WebKit should install the same set of headers during installhdrs phase as build phase
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Defined REAL_PLATFORM_NAME based
-        on PLATFORM_NAME to work around the missing definition on Tiger.
-        Updated HAVE_DTRACE to use REAL_PLATFORM_NAME.
-
-2009-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6580941> webkit can enable dtrace probes
-
-        Merged ToT WebKit r41350.
-
-        * Configurations/Base.xcconfig: Added line for iphoneos to
-        enable dtrace probes.  Added line for iphonesimulator to
-        disable dtrace probes based on Leopard issue.
-
-    2009-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6635688> Move HAVE_DTRACE check to Base.xcconfig
-
-        Reviewed by Mark Rowe.
-
-        * Configurations/Base.xcconfig: Set HAVE_DTRACE Xcode variable
-        based on PLATFORM_NAME and MAC_OS_X_VERSION_MAJOR.  Also define
-        it as a preprocessor macro by modifying
-        GCC_PREPROCESSOR_DEFINITIONS.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Changed "Generate
-        DTrace header" script phase to check for HAVE_DTRACE instead of
-        MACOSX_DEPLOYMENT_TARGET.
-        * wtf/Platform.h: Removed definition of HAVE_DTRACE macro since
-        it's defined in Base.xcconfig now.
-
-2009-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6548277> Project setting default to Xcode 2.4; need to change to Xcode 3.1
-
-        Reviewed by Andre Boule.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Switched
-        compatibilityVersion from "Xcode 2.4" to "Xcode 3.1".
-
-2009-03-01  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6217293> WebKit projects get warning when building with BlackOpal
-
-        Reviewed by Scott Goodson.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Changed productType
-        back to the non-shallow version.
-

diff --git a/ChangeLog-PEP-2009-02-25 b/ChangeLog-PEP-2009-02-25
deleted file mode 100644 (file)
index 04541ca..0000000
--- a/ChangeLog-PEP-2009-02-25
+++ /dev/null
@@ -1,10415 +0,0 @@
-2009-02-23  David Kilzer  <ddkilzer@apple.com>
-
-        Sync up FEATURE_DEFINES_iphoneos across all projects
-
-        * Configurations/JavaScriptCore.xcconfig: Added ENABLE_PLUGIN_PROXY_FOR_VIDEO
-        and ENABLE_TOUCH_EVENTS to FEATURE_DEFINES_iphoneos.
-
-2009-02-23  David Kilzer  <ddkilzer@apple.com>
-
-        Move ENABLE_VIDEO to FEATURE_DEFINES_BASE
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2009-02-23  Eric Carlson  <eric.carlson@apple.com>
-
-        Reviewed by Antti Koivisto.
-
-        <rdar://problem/6179001> TLF: add support for media tags <audio> and <video> (fullscreen)
-
-        * Configurations/JavaScriptCore.xcconfig:  Turn on video.
-
-2009-02-18  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6370582> Change JavaScriptCore to build armv6/armv7 with dwarf debugging symbols
-
-        Reviewed by David Carson.
-
-        * Configurations/Base.xcconfig: Backed out r70644 now that
-        the gcc issue is fixed.  All architectures build with dwarf
-        debugging symbols again.
-
-2009-02-18  David Kilzer  <ddkilzer@apple.com>
-
-        Clean up JavaScriptCore build configurations
-
-        Rubber-stamped by Brad Moore.
-
-        The Development_Hardware configuration was building for i386 with
-        ARCHS = $(NATIVE_ARCH) in DebugRelease.xcconfig.
-
-        * Configurations/Base.xcconfig: Moved ARCHS to DebugRelease.xcconfig
-        to match ToT WebKit.
-        * Configurations/DebugRelease.xcconfig: Moved ARCHS definitions to
-        here from Base.xcconfig.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Made Deployment and
-        Deployment_Hardware configurations based on DebugRelease.xcconfig
-        instead of Base.xcconfig to match Release configuration on ToT WebKit.
-
-2009-02-16  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6579438> Disable JIT in Simulator
-
-        Reviewed by Paul Knight.
-
-        * wtf/Platform.h: Defined ENABLE_JIT to 0 for PLATFORM(IPHONE),
-        which covers both the hardware and the simulator.
-
-2009-02-16  Yosen Lin  <yosen@apple.com>
-
-        <rdar://problem/6417393> Change the way webkit returns memory to the system
-
-        Reviewed by Antti Koivisto.
-
-        Switch from using mmap to using madvise to release memory. The original mmap was not
-        impacting the Jetsam level.
-
-        * wtf/TCSystemAlloc.cpp
-        * wtf/Platform.h
-
-2009-02-13  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6082835> Safari 4.0 WebKit integration (Hurricane)
-
-        Merged ToT WebKit r35512-r40289 into iPhone WebKit.
-
-        18523 files changed, 607561 insertions(+), 284589 deletions(-)
-
-2009-01-20  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6486661> Move GCC_PREPROCESSOR_DEFINITIONS from Xcode project files to xcconfig files
-
-        Reviewed by George Dicker.
-
-        Backed out r75895 and let Xcode have its way with the file.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed
-        GCC_PREPROCESSOR_DEFINITIONS.
-
-2009-01-14  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 23153: JSC build always touches JavaScriptCore/docs/bytecode.html
-
-        Merged ToT WebKit r39931.
-
-        Changes to make-bytecode-docs.pl were backed out since DEFINE_OPCODE
-        is not used used.  Changes to DerivedSources.make were altered to use
-        the correct source file (Machine.cpp instead of Interpreter.cpp).
-
-    2009-01-14  David Kilzer  <ddkilzer@apple.com>
-
-        Bug 23153: JSC build always touches JavaScriptCore/docs/bytecode.html
-
-        <https://bugs.webkit.org/show_bug.cgi?id=23153>
-
-        Reviewed by Darin Adler.
-
-        Instead of building bytecode.html into ${SRCROOT}/docs/bytecode.html, build it
-        into ${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore/docs/bytecode.html.
-
-        Also fixes make-bytecode-docs.pl to actually generate documentation.
-
-        * DerivedSources.make: Changed bytecode.html to be built into local docs
-        directory in ${BUILT_PRODUCTS_DIR}/DerivedSources/JavaScriptCore.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added "/docs" to the end of the
-        "mkdir -p" command so that the docs subdirectory is automatically created.
-        * docs/make-bytecode-docs.pl: Changed BEGIN_OPCODE to DEFINE_OPCODE so that
-        documentation is actually generated.
-
-2009-01-09  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6485313> JavaScriptCore Tests: jsc built in Deployment/Simulator configuration hangs on ecma/Expressions/11.1.1.js
-
-        The previous commit also fixed the hung JavaScript test.
-
-        * tests/mozilla/ecma/Expressions/11.1.1.js: Renamed from JavaScriptCore/tests/mozilla/ecma/Expressions/11.1.1.js-disabled.
-
-2009-01-09  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6485313> JavaScriptCore Tests: jsc built in Deployment/Simulator configuration hangs on ecma/Expressions/11.1.1.js
-
-        Reverted part of r75682 that was merged for ToT WebKit r35151.
-        The NDEBUG macro was not being defined on Deployment builds for
-        the iPhone Simulator, which caused all sorts of weird problems.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Moved definition of
-        GCC_PREPROCESSOR_DEFINITIONS back into project file.
-
-2009-01-09  pknight  <set EMAIL_ADDRESS environment variable>
-
-        Reviewed by NOBODY (OOPS!).
-        
-        Disable the ecma/Expressions/11.1.1.js test as it is hanging jsc when built in the Deployment/Simulator configuration (<rdar://problem/6485313>)
-
-        * tests/mozilla/ecma/Expressions/11.1.1.js: Removed.
-        * tests/mozilla/ecma/Expressions/11.1.1.js-disabled: Copied from JavaScriptCore/tests/mozilla/ecma/Expressions/11.1.1.js.
-
-2009-01-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6082835> Safari 4.0 WebKit integration (Jetstream)
-
-        Merged ToT WebKit r34504-r35511 into iPhone WebKit.
-
-        5033 files changed, 130341 insertions(+), 63984 deletions(-)
-
-2008-12-24  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6082835> Safari 4.0 WebKit integration (Jetstream)
-
-        Merged ToT WebKit r33979-r34503 into iPhone WebKit.
-
-        The Squirrelfish has landed!!
-
-2008-12-02  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6413288> Missing properties when enumerating built-in DOM objects
-
-        Reviewed by ToT WebKit Layout Tests.
-
-        The following ToT WebKit Layout Tests failed before this bug was
-        fixed:
-        - fast/dom/domListEnumeration.html
-        - fast/dom/plugin-attributes-enumeration.html
-        - fast/dom/xmlhttprequest-get.xhtml
-        - fast/dom/Window/window-appendages-cleared.html
-        - fast/dom/Window/window-properties.html
-        - fast/js/global-constructors.html
-        - fast/js/regexp-caching.html
-
-        * kjs/object.cpp:
-        (KJS::JSObject::getPropertyNames): The size of the compact hash
-        table is table->compactSize, not table->compactHashSizeMask.  (We
-        use table->compactSize - 1 due to the condition in the for loop.)
-        This bug caused some properties of built-in DOM objects to be missed
-        when they were enumerated via JavaScript.
-
-2008-11-25  Chris Fleizach  <cfleizach@apple.com>
-
-        <rdar://problem/6401430> WebCore needs AX turned on (using iphone AX model)
-
-        Reviewed by David Kilzer.
-
-        * wtf/Platform.h:
-
-2008-11-20  Aaron Golden  <agolden@apple.com>
-
-        Reviewed by David Kilzer.
-
-        Bringing in the isASCIIOctalDigit function, and some related functions for <rdar://problem/6177286> TLF: Anti-phishing (safari).
-
-        * wtf/ASCIICType.h:
-        (WTF::isASCIIOctalDigit):
-
-2008-11-13  Yosen Lin  <yosen@apple.com>
-
-        <rdar://problem/6333993> Reduce HashTable memory that increased with TOT WebKit merge
-
-        Reviewed by David Kilzer.
-
-        Initial patch by Yosen Lin, with variable rename tweaks and one bug
-        fix by me.
-
-        Basically, we're adding back the code that generates a "compact"
-        hash (instead of a perfect hash) to save memory on iPhone WebKit.  I
-        added an ENABLE(PERFECT_HASH_SIZE) macro in lookup.h to turn the
-        perfect hash size code on and off.
-
-        * kjs/create_hash_table:
-        * kjs/lookup.cpp:
-        (KJS::HashTable::createTable):
-        * kjs/lookup.h:
-        (KJS::HashTable::entry):
-        * kjs/object.cpp:
-        (KJS::JSObject::getPropertyNames):
-
-2008-11-09  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6082835> Safari 4.0 WebKit integration (Hurricane)
-
-        Merged ToT WebKit r33001-r33978.
-
-2008-11-08  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6355708> REGRESSION: Static initializer in JavaScriptCore_Sim Deployment build
-
-        Reviewed by NOBODY (BUILD FIX).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Restore
-        GCC_PREPROCESSOR_DEFINITIONS variable settings that were removed in
-        r70905.  This removes the static initializer from AllInOneFile.o but
-        leaves NDEBUG defined in Deployment builds of testkjs.
-
-2008-11-06  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6250281> Sunspider test sometimes fails
-
-        Reviewed by Greg Bolsinga.
-
-        JavaScriptCore.framework was being built with -DNDEBUG for
-        Deployment and Production builds, but testkjs was not, causing a
-        difference in the size of the JSGlobalObjectData structure between
-        testkjs and the framework.  This was fixed by setting DEBUG_DEFINES
-        consistently across all targets.
-
-        * Configurations/Base.xcconfig: Set DEBUG_DEBUGS based on the
-        current BUILD_TYPE.  Only set NDEBUG for Release and Production
-        build types.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Remove all DEBUG_DEFINES
-        and GCC_PREPROCESSOR_DEFINITIONS settings since they're defined in
-        Base.xcconfig already.
-
-2008-11-05  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6343665> scripter crashes when calling parseFloat from JavaScript
-
-        Merged ToT WebKit r32808.
-
-    2008-05-02  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        Make JavaScriptGlue and JavaScriptCore API functions implicitly call initializeThreading
-        for the sake of non-WebKit clients.
-
-        * API/JSBase.cpp:
-        (JSGarbageCollect):
-        * API/JSContextRef.cpp:
-        (JSGlobalContextCreate):
-        These are the JavaScriptCore API bottlenecks. There are a few other JSStringRef
-        and JSClassRef functions that can be called earlier, but they do not do anything that
-        requires initializeThreading.
-
-        * kjs/InitializeThreading.cpp:
-        (KJS::doInitializeThreading):
-        (KJS::initializeThreading):
-        On Darwin, make the initialization happen under pthread_once, since there is no guarantee
-        that non-WebKit clients won't try to call this function re-entrantly.
-
-        * kjs/InitializeThreading.h:
-        * wtf/Threading.h:
-        Spell out initializeThreading contract.
-
-        * wtf/ThreadingPthreads.cpp: (WTF::isMainThread): Make sure that results are correct on
-        Darwin, even if threading was initialized from a secondary thread.
-
-2008-11-04  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6342374> Update JavaScriptCore, WebCore, WebKit xcconfig files for armv7
-
-        Reviewed by Greg Bolsinga.
-
-        * Configurations/Base.xcconfig: Set DEBUG_INFORMATION_FORMAT to
-        dwarf for all architectures.  Always set
-        GCC_GENERATE_DEBUGGING_SYMBOLS to YES for both armv6 and armv7.
-        * Configurations/JavaScriptCore.xcconfig: Define
-        EXPORTED_SYMBOLS_FILE_armv7 so we don't export every symbol when
-        building for armv7.
-
-2008-10-30  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by David Kilzer
-
-        <rdar://problem/5780286> Need a JavaScript location API for the web
-        
-        1. Bring over:
-        http://trac.webkit.org/changeset/37854
-        https://bugs.webkit.org/show_bug.cgi?id=21966
-        https://bugs.webkit.org/show_bug.cgi?id=21967
-        2. Get GeolocationServiceCoreLocation into the build, load CoreLocation dynamically
-        3. Suspend/Resume Safari and switching Safari tabs will start/stop CoreLocation, if needed.
-        4. Update to the spec as of October 27, 2008
-
-        * Configurations/JavaScriptCore.xcconfig:
-        * wtf/Platform.h:
-
-2008-10-30  David Kilzer  <ddkilzer@apple.com>
-
-        Removed -Wno-strict-aliasing gcc switch from iPhone builds.
-
-        iPhone WebKit r69976 fixed the remaining known strict aliasing issues
-        in WebKit, so we should no longer ignore strict aliasing warnings.
-
-        * Configurations/Base.xcconfig: Removed -Wno-strict-aliasing from
-        WARNING_CFLAGS_iphoneos.
-
-2008-10-27  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6082320> JavaScriptCore should use default compiler instead of hard coding 4.0
-
-        Reviewed by Greg Bolsinga.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed build rules
-        forcing the use of gcc-4.0.
-
-2008-10-14  Antti Koivisto  <antti@apple.com>
-
-        Reviewed by Dave Kilzer.
-        
-        <rdar://problem/6289874> FastMalloc does not return memory back to system fast enough.:
-        
-        - try to return a memory span per every 64 pages (256KB) freed instead of 256 pages (1MB)
-        - allow the return rate to increase faster when the the amount of returnable memory grows
-        
-        Over a run of google.com, apple.com, nytimes.com, washingtonpost.com and back to google.com this
-        reduces our resident size by ~4MB.
-
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMalloc_PageHeap::IncrementalScavenge):
-
-2008-09-11  Andre Boule  <aboule@apple.com>
-
-        Reviewed by agolden.
-       <rdar://problem/6132467> iPhone 2.x fails to load movies from Leopard wiki server
-       Merged the fix from TOT:
-               <rdar://problem/5934376> REGRESSION (r33379-r33416): Cannot disclose edit history in Leopard Wiki at safari.apple.com
-               http://trac.webkit.org/changeset/33443
-               2008-05-14  Alexey Proskuryakov  <ap@webkit.org>
-
-               Reviewed by Darin.
-
-               <rdar://problem/5934376> REGRESSION: A script fails because of a straw BOM character in it.
-
-               <https://bugs.webkit.org/show_bug.cgi?id=4931>
-               Unicode format characters (Cf) should be removed from JavaScript source
-
-               Of all Cf characters, we are only removing BOM, because this is what Firefox trunk has
-               settled upon, after extensive discussion and investigation.
-
-               Based on Darin's work on this bug.
-
-               Test: fast/js/removing-Cf-characters.html
-
-               * kjs/lexer.cpp:
-               (KJS::Lexer::setCode): Tweak formatting. Use a call to shift(4) to read in the
-               first characters, instead of having special case code here.
-               (KJS::Lexer::shift): Add a loop when reading a character to skip BOM characters.
-
-2008-08-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6177996> Remove JSLockC.h and implementation in JSLock.cpp
-
-        Reviewed by Greg.
-
-        * JavaScriptCore.exp: Updated export symbols.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed references to JSLockC.h.
-        * kjs/JSLock.cpp:
-        (JSLockDropAllLocks): Removed.
-        (JSLockRecoverAllLocks): Removed.
-        (JSJavaScriptCollectionThread): Removed.  Moved to KJS::Collector.
-        (JSSetJavaScriptCollectionThread): Ditto.
-        * kjs/JSLockC.h: Removed.
-        * kjs/collector.cpp:
-        (KJS::onMainThread): Updated to use Collector::javaScriptCollectionThread()
-        instead of JSJavaScriptCollectionThread().
-        (KJS::Collector::javaScriptCollectionThread): Added.  Replaces
-        JSJavaScriptCollectionThread().
-        (KJS::Collector::setJavaScriptCollectionThread): Added.  Replaces
-        JSSetJavaScriptCollectionThread().
-        * kjs/collector.h: Added definitions for javaScriptCollectionThread()
-        and setJavaScriptCollectionThread().
-
-2008-08-27  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6157731> JavaScriptCore shouldn't set VALID_ARCHS
-
-        * Configurations/Base.xcconfig: Removed VALID_ARCHS.  Left ToT WebKit
-        line as a comment.
-
-2008-08-26  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Dave Kilzer
-
-       <rdar://problem/6159366> Safari on iPodTouch (32G) crashes on specific web page
-
-       In the latest JavaScriptCore, there is already thread safe drop/recover all locks
-       functionality. Use this for the SPI JSLockDrop/RecoverAllLocks instead of an 
-       alternate implementation.
-
-        * kjs/JSLock.cpp:
-        * kjs/JSLockC.h:
-
-2008-08-25  David Kilzer  <ddkilzer@apple.com>
-
-        Let Xcode have it's way with JavaScriptCore.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Xcode removed redundant
-        "name" parameters when the "path" parameters matched.
-
-2008-07-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6109759> Can't build iPhone WebKit with Debug builds of Desktop WebKit in symroots
-
-        Reviewed by Greg.
-
-        Some generated files had relative paths to Debug builds of open
-        source WebKit, which caused mysterious build failures for iPhone
-        WebKit when debug builds of open source WebKit were in the same
-        symroots directory.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed relative paths.
-
-2008-07-10  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/6047765> Get testkjs binary from JavaScriptCore in internal installs
-
-        Reviewed by George Dicker.
-
-        For the Production_Hardware configuration of the testkjs target, we
-        set SKIP_INSTALL to NO so that it's installed in /usr/local/bin.
-        This fixes the bug.
-
-        For the Production_Deployment configuration of the minidom, testapi
-        and testkjs targets, we also set the INSTALL_PATH_ACTUAL to
-        "/usr/local/bin" (in case we want to install them later) and set
-        SKIP_INSTALL to YES (either of which may have also fixed
-        <rdar://problem/6030878>).
-
-        This allows B&I to use the "All" target for both hardware and
-        simulator builds again.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-07-08  David Kilzer  <ddkilzer@apple.com>
-
-        releaseFastMallocFreeMemory() should always be defined
-
-        Merged ToT WebKit r35055.
-
-        This fixes a compile failure when defining USE_SYSTEM_MALLOC with
-        Development[_Hardware] builds of iPhone WebKit.
-
-    2008-07-07  David Kilzer  <ddkilzer@apple.com>
-
-        releaseFastMallocFreeMemory() should always be defined
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.exp: Changed to export C++ binding for
-        WTF::releaseFastMallocFreeMemory() instead of C binding for
-        releaseFastMallocFreeMemory().
-        * wtf/FastMalloc.cpp: Moved definitions of
-        releaseFastMallocFreeMemory() to be in the WTF namespace
-        regardless whether FORCE_SYSTEM_MALLOC is defined.
-        * wtf/FastMalloc.h: Moved releaseFastMallocFreeMemory() from
-        extern "C" binding to WTF::releaseFastMallocFreeMemory().
-
-2008-06-18  Andre Boule  <aboule@apple.com>
-
-        Reviewed by me.
-       Enabling SVG.
-       <rdar://problem/5452283> TLF: SVG support (incl scripting)
-
-        * Configurations/JavaScriptCore.xcconfig:
-
-2008-06-16  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by cblu
-        
-        <rdar://problem/6005303> JavaScriptCore_Sim-462 fails to build, TARGET_OS_IPHONE is not defined
-        
-        minidom, testapi, testkjs need to have base configurations to build in B&I.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-06-05  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Dave Kilzer
-
-        <rdar://problem/5828262> Use Opal's PLATFORM_NAME
-
-        Replace use of home grown CURRENT_PLATFORM with PLATFORM_NAME and its values.
-
-        * Configurations/Base.xcconfig:
-        * Configurations/JavaScriptCore.xcconfig:
-        * Configurations/Soil.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-05-29  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5973520> iPhone: Crash when assigning Array (19294)
-
-        Merged ToT WebKit r34204, r34205.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Merged tip-of-tree WebKit fix that hasn't been in the tree
-          very long.
-        - Code reviewed by: Darin Adler.  Patch by Alexey Proskuryakov.
-        - Testing details: Tested root on BigBear5A314 to verify test case is fixed and
-          that basic browsing is unaffected.
-
-    2008-05-29  Steve Falkenburg  <sfalken@apple.com>
-
-        Build fix.
-
-        * kjs/array_instance.cpp:
-
-    2008-05-29  Alexey Proskuryakov  <ap@webkit.org>
-
-        Reviewed by Darin.
-
-        https://bugs.webkit.org/show_bug.cgi?id=19294
-        <rdar://problem/5969062> A crash when iterating over a sparse array backwards.
-
-        * kjs/array_instance.cpp: Turned sparseArrayCutoff into a macro, so that using max() on it
-        doesn't cause a PIC branch.
-        (KJS::ArrayInstance::increaseVectorLength): Added a comment about this function not
-        preserving class invariants.
-        (KJS::ArrayInstance::put): Update m_storage after reallocation. Move values that fit to
-        the vector from the map in all code paths.
-
-2008-05-24  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5951108> FastMalloc should be connected to jetsam warnings to free available memory
-
-        Merged ToT WebKit r34028.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Added new method to call into FastMalloc to release its free pages.
-        - Code reviewed by: Maciej Stachowiak and Mark Rowe.
-        - Testing details: Tested by running iExploder on BigBear5A2797 with this enabled.
-          This configuration causes multiple jetsam logs before MobileSafari is forced to
-          quit due to bugs that caused content to be cached at the CFNetwork layer.  Also
-          verified by living on a BigBear5A301 root overnight.
-
-    2008-05-22  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5954233> Add method to release free memory from FastMalloc
-
-        Patch suggested by Mark Rowe.  Rubber-stamped by Maciej.
-
-        * JavaScriptCore.exp: Export _releaseFastMallocFreeMemory.
-        * wtf/FastMalloc.cpp:
-        (WTF::TCMallocStats::): Added releaseFastMallocFreeMemory() for both
-        system malloc and FastMalloc code paths.
-        * wtf/FastMalloc.h: Define releaseFastMallocFreeMemory().
-
-2008-05-22  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5952961> iPhone: Integer overflow in JavaScript arguments object property lookup
-
-        Merged ToT WebKit r33972.
-
-        --- Submission Information ---
-        - Risk level: Low
-        - Risk details: Changed index variable from 'int' to 'unsigned'.
-        - Code reviewed by: Anders Carlsson.  Patch by Darin Adler.
-        - Testing details: Ran patch against JavaScriptCore tests with no regressions.
-          Tested root on device to verify that orignal bug is fixed.
-
-    2008-05-21  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - fix <rdar://problem/5952721> bug in JavaScript arguments object property lookup
-
-        Test: fast/js/arguments-bad-index.html
-
-        * kjs/function.cpp:
-        (KJS::IndexToNameMap::IndexToNameMap): Use unsigned instead of int.
-        (KJS::IndexToNameMap::isMapped): Use unsigned instead of int, and also use the
-        strict version of the numeric conversion function, since we don't want to allow
-        trailing junk.
-        (KJS::IndexToNameMap::unMap): Ditto.
-        (KJS::IndexToNameMap::operator[]): Ditto.
-        * kjs/function.h: Changed IndexToNameMap::size type from int to unsigned.
-
-2008-05-15  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by timo
-
-        <rdar://problem/5935292> Layout makes a blocking call for PLT even in Production
-        
-        Basically cache the PLT data in WebCore until MobileSafari needs it. This means less
-        cross WebThread / main thread delegate calls. This also prevents layout getting stale
-        during layout, when the main thread invalidates layout, so this also fixes:
-        
-        <rdar://problem/5833431> assert in WebCore::FrameView::layout(bool) + 3044 (FrameView.cpp:682)
-
-        * wtf/Platform.h:
-
-2008-05-06  Antti Koivisto  <antti@apple.com>
-
-        Merged r30550 from ToT WebKit.
-
-    2008-02-24  Dan Bernstein  <mitz@apple.com>
-
-        Reviewed by Darin Adler.
-
-        - fix http://bugs.webkit.org/show_bug.cgi?id=17511
-          REGRESSION: Reproducible crash in SegmentedSubstring::SegmentedSubstring(SegmentedSubstring const&)
-
-        * wtf/Deque.h:
-        (WTF::::expandCapacityIfNeeded): Fixed the case where m_start and m_end
-        are both zero but the buffer capacity is non-zero.
-        (WTF::::prepend): Added validity checks.
-
-2008-05-06  Antti Koivisto  <antti@apple.com>
-
-        Merged r30538 from ToT WebKit.
-
-    2008-02-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by Anders.
-
-        - http://bugs.webkit.org/show_bug.cgi?id=17496
-          make Deque use a circular array; add iterators
-
-        * wtf/Deque.h: Wrote an all-new version of this class that uses a circular
-        buffer. Growth policy is identical to vector. Added iterators.
-
-        * wtf/Vector.h: Made two small refinements while using this to implement
-        Deque: Made VectorBufferBase derive from Noncopyable, which would have
-        saved me some debugging time if it had been there. Renamed Impl and
-        m_impl to Buffer and m_buffer.
-
-2008-04-29  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by Darin, ddkilzer
-
-        Wrapped Dashboard code with ENABLE(DASHBOARD_SUPPORT)
-        merge of http://trac.webkit.org/changeset/32700
-        <rdar://problem/5871022> 5A254: Safari Crashing (-[WebView(WebPrivate) _addScrollerDashboardRegions:from:])
-
-        * wtf/Platform.h:
-
-2008-04-25  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5732748> DASH: Wrong line number passed to -willLeaveCallFrame
-
-        Merged ToT WebKit r32578.
-
-    2008-04-25  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5819422> REGRESSION: Wrong line number passed to -willLeaveCallFrame
-
-        Patch by George Dicker and Michael Kahl.  Reviewed by Darin.
-
-        When -[NSObject(WebScriptDebugDelegate) webView:willLeaveCallFrame:sourceId:line:forWebFrame:]
-        is invoked, the first line number of the function is returned instead of the last
-        line number.  This regressed in r28458.
-
-        * kjs/nodes.cpp:
-        (KJS::FunctionBodyNodeWithDebuggerHooks::execute): Pass lastLine() instead of lineNo()
-        when calling Debugger::returnEvent().
-
-2008-03-28  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5826340> iPhone: Safari/PCRE Memory Corruption
-
-        Merged r31388 from ToT WebKit.
-
-    2008-03-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Mark Rowe.
-
-        <rdar://problem/5826236> Regular expressions with large nested repetition counts can have their
-        compiled length calculated incorrectly.
-
-        * pcre/pcre_compile.cpp:
-        (multiplyWithOverflowCheck):
-        (calculateCompiledPatternLength): Check for overflow when dealing with nested repetition counts
-        and bail with an error rather than returning incorrect results.
-
-2008-03-25  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by ddkilzer
-
-        <rdar://problem/5764353> archs
-
-        * Configurations/Base.xcconfig:
-
-2008-03-25  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by ddkilzer
-        
-        Use TargetConditionals.h instead of PLATFORM(ARM) to determine iPhoneOS/iPhoneSimulator.
-        
-        <rdar://problem/5764353>
-
-        * wtf/Platform.h:
-
-2008-03-25  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by ddkilzer
-        
-        Update to use AspenSDK.xcconfig so that SDKROOT is set and /Developer/SDKs/Purple's are removed.
-
-        * Configurations/iPhone.xcconfig: Copied from JavaScriptCore/Configurations/Indigo.xcconfig.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2008-03-25  David D. Kilzer  <ddkilzer@apple.com>
-
-        Backed out r47092 as it broke Xcode 3.0 builds (which don't know about SDKROOT).
-
-        * Configurations/Base.xcconfig:
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/Platform.h:
-
-2008-03-25  David D. Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5764353> aspen isn't armv6 only
-
-        Reviewed by Greg.
-
-        * Configurations/Base.xcconfig: Added i386 to VALID_ARCHES_* settings.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Use $(SDKROOT) where appropriate.
-        * wtf/Platform.h: Include TargetConditionals.h for PLATFORM(DARWIN).  Use
-        target conditionals to define PLATFORM(IPHONE) and PLATFORM(IPHONE_SIMULATOR).
-
-2008-03-03  Scott Goodson  <goodson@apple.com>
-
-       Find-and-replace for ASPEN -> IPHONE as called for by:
-       <rdar://problem/5777581> Change PLATFORM(ASPEN) macro to PLATFORM(IPHONE) in JavaScriptCore/WebCore/WebKit
-
-2008-02-27  David D. Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5657178> Enable TCMalloc in JavaScriptCore now that it releases memory
-
-        Reviewed by Andre!
-
-        This changes gives us a ~200ms improvement in the MobileSafari PLT.
-
-        * wtf/FastMalloc.cpp: Removed #defined USE_SYSTEM_MALLOC to enable TCMalloc on Aspen.
-
-2008-02-21  David Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5757526> iPhone: REGRESSION (r29425): JavaScript pop-up menu appears at wrong location when hovering image at http://news.chinatimes.com/ (17164)
-
-        Reviewed by Oliver Hunt.
-
-        --- Submission Information---
-        - Risk level: Low.
-        - Risk details: Merged ToT WebKit r29997.  Merge was clean modulo
-          whitespace and variable name changes.  Issue was well-understood
-          by the Safari team.
-        - Code reviewed by: Oliver Hunt for ToT WebKit.
-        - Testing details: Compiled Deployment_Hardware roots and verified
-          LayoutTests/fast/js/read-modify-eval.html test passed.
-
-        * kjs/nodes.cpp:
-        (KJS::PostIncResolveNode::evaluate):
-        (KJS::ReadModifyLocalVarNode::evaluate):
-        (KJS::ReadModifyResolveNode::evaluate):
-
-2008-02-18  David D. Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5746633> Update license headers for files provided as binaries in WebKit open source dump
-
-        Reviewed by Greg Bolsinga.
-
-        --- Submission Information---
-        - Risk level:  low
-        - Risk details:  Updated copyright and license headers.
-        - Code reviewed by: Greg Bolsinga.
-        - Testing details: Compiled Deployment_Hardware configuration.
-
-        * kjs/JSLockC.h: Removed LGPL license and left Apple copyright statement.
-        Note that this file was previously distributed with open source dumps with
-        the LGPL license attached, although it was originated at Apple.
-
-2008-02-10  Greg Bolsinga  <bolsinga@apple.com>
-
-        Reviewed by ddkilzer
-
-       <rdar://problem/5730567> Add FEATURE_DEFINE ENABLE_TOUCH_EVENTS
-
-       Wrap Touch / Gesture event code in ENABLE(TOUCH_EVENTS).
-
-        * wtf/Platform.h:
-
-2008-02-06  Scott Goodson  <goodson@apple.com>
-
-       Reviewed by David Kilzer.
-
-       Defined PLATFORM(ASPEN_SIMULATOR) in support of:
-       <rdar://problem/5710529> Change INDIGO macro and some __arm__ macros to PLATFORM(ASPEN_SIMULATOR) in JavaScriptCore/WebCore/WebKit
-
-2008-02-06  Scott Goodson  <goodson@apple.com>
-
-       Reviewed by David Kilzer.
-
-       Changed all instances of PLATFORM(IPHONE) to PLATFORM(ASPEN) as requested by:
-
-       <rdar://problem/5710518> Change PLATFORM(IPHONE) macro to PLATFORM(ASPEN) in JavaScriptCore/WebCore/WebKit
-
-2008-01-29  David D. Kilzer  <ddkilzer@apple.com>
-
-        Fix file descriptor arguments in TCMalloc mmap() calls
-
-        <rdar://problem/5709236> Enabling TCMalloc causes crash in SpringBoard
-        <rdar://problem/5713347> MERGE: TCMalloc_SystemRelease() should use the same fildes argument as TryMmap()
-
-        Reviewed by Andre.
-
-        NOTE: This does not enable TCMalloc!  See <rdar://problem/5657178>.
-
-        The TCMalloc crash was caused by using VM_MEMORY_TCMALLOC instead of
-        VM_MAKE_TAG(VM_MEMORY_TCMALLOC), which was a long-standing coding error
-        in JavaScriptCore (introduced in r10042).
-
-        The merge issue was caused by a new version of TCMalloc being merged into
-        JavaScriptCore from ToT WebKit, which now releases memory through 
-        TCMalloc_SystemRelease().  The file descriptor was never changed from -1
-        to match the mmap() argument in TryMmap().
-
-        * wtf/TCSystemAlloc.cpp: Define static constant mmapFileDescriptor.
-        (TryMmap): Replace VM_MEMORY_TCMALLOC argument with mmapFileDescriptor in mmap().
-        (TCMalloc_SystemRelease): Replace -1 argument with mmapFileDescriptor in mmap().
-
-2008-01-11  David D. Kilzer  <ddkilzer@apple.com>
-
-        Enabled Xpath and XSLT
-
-        <rdar://problem/5543132> XSLT and XPath support
-        <rdar://problem/5552152> support XPathEvaluator
-
-        Reviewed by Greg.
-
-        * Configurations/JavaScriptCore.xcconfig: Added ENABLE_XPATH and
-        ENABLE_XSLT to FEATURE_DEFINES_BASE.
-
-2008-01-11  David D. Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5438324> TLF: Local Storage for Web Applications
-
-        Reviewed by Greg.
-
-        * Configurations/JavaScriptCore.xcconfig: Added ENABLE_DATABASE to aspen
-        and aspensim platforms.  Also reconfigured FEATURE_DEFINES to match the
-        way it's defined in WebCore and WebKit.
-
-2008-01-10  David D. Kilzer  <ddkilzer@apple.com>
-
-        <rdar://problem/5682880> iPhone: dtables should be rewritten as a script (16818)
-
-        Reviewed by Darin for ToT WebKit
-
-        Rewrote the dftables utility in Perl.  This is a partial merge of ToT WebKit
-        r29381 and r29382.
-
-        * DerivedSources.make: Added pcre directory to VPATH and changed
-        to invoke dftables directly.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Removed dftables target.
-        * pcre/dftables: Added.
-        * pcre/dftables.cpp: Removed.
-
-2007-08-24  Scott Goodson  <goodson@apple.com>
-
-        This is not for Snowbird; Indigo project only.
-
-       <rdar://problem/5410927> Obfuscate class names in all Indigo dependencies.
-
-       Included CoreFoundationObfuscations.h in prefix header (CF defines some NS types).
-
-        * JavaScriptCorePrefix.h:
-
-2007-08-24  Scott Goodson  <goodson@apple.com>
-
-        This is not for Snowbird; Indigo project only.
-
-       <rdar://problem/5410927> Obfuscate class names in all Indigo dependencies.
-
-       Included <Foundation/FoundationObfuscations.h> in the prefix header, if OBFUSCATE is defined.
-
-       Defined OBFUSCATE in Deployment-Indigo configuration.
-
-       Defined INDIGO in both -Indigo configurations, even though there are no current uses.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * JavaScriptCorePrefix.h:
-
-2007-08-19  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by open source ToT and me.
-
-        <rdar://problem/5414585> Web site does not display properly in iPhone 1.0.1, worked in 1.0
-
-        Merged ToT WebKit r18517 into PEP.
-
-        Modified pcre_compile() (and the functions that it calls) to work with patterns
-        containing null characters.
-
-        Covered by JavaScriptCore tests ecma_3/RegExp/octal-002.js and ecma_3/RegExp/regress-85721.js
-
-        * ChangeLog-oss-merges: Original ChangeLog entry.
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Changed to not null-terminate the pattern string and instead
-        pass its length to pcre_compile.
-        * pcre/pcre.h:
-        * pcre/pcre_compile.c:
-        (check_escape):
-        (get_ucp):
-        (is_counted_repeat):
-        (check_posix_syntax):
-        (compile_branch):
-        (compile_regex):
-        (pcre_compile): Added a parameter specifying the length of the pattern, which
-        is no longer required to be null-terminated and may contain null characters. 
-        (pcre_compile2):
-        * pcre/pcre_internal.h:
-        * tests/mozilla/expected.html: Updated for the two tests that this patch
-        fixes.
-
-2007-08-19  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by Andre.
-
-        Support for WebCore patch needed to fix:
-        <rdar://problem/5405433> iPhone: Edge case in setting <iframe>, <frame>, <object> "src" attribute can bypass domain-based security check for javascript: URLs
-
-        Merged ToT WebKit r16133 into PEP.
-
-        - add WTF::getPtr, a function template that makes it possible to write
-          generic code that gets a raw pointer out of any of our pointer types
-
-        * ChangeLog-oss-merges: Original ChangeLog entry.
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/GetPtr.h: Added.
-        (WTF::getPtr):
-        * wtf/ListRefPtr.h:
-        (WTF::ListRefPtr::ListRefPtr):
-        (WTF::ListRefPtr::operator=):
-        (WTF::getPtr):
-        * wtf/OwnArrayPtr.h:
-        (WTF::getPtr):
-        * wtf/OwnPtr.h:
-        (WTF::getPtr):
-        * wtf/PassRefPtr.h:
-        (WTF::getPtr):
-        * wtf/RefPtr.h:
-        (WTF::getPtr):
-
-2007-08-17  Scott Goodson  <goodson@apple.com>
-
-        Added build configurations for Project Indigo.  Special install and framework search paths.
-       No effect on existing configurations, or code.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2007-08-14  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by Scott.
-
-        <rdar://problem/5255884> Safari crashed in JavaScriptCore::WTF::fastMalloc()
-
-        Merged ToT WebKit r23846 into PEP.
-
-        Correctly evaluate the return value of _pcre_ucp_findchar() and ucp_findchar().
-
-        * ChangeLog-oss-merges: Original ChangeLog entry.
-        * pcre/pcre_compile.c:
-        (compile_branch):
-        * pcre/pcre_exec.c:
-        (match):
-        * tests/mozilla/expected.html: Updated test results.  (They did not change with
-        this commit; just updating for future use.)
-
-2007-07-30  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by NOBODY (header copyright change).
-
-        * kjs/JSLockC.h: Updated header copyright for open source distribution.
-
-2007-07-25  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by NOBODY (OOPS!).
-
-        <rdar://problem/5354693> Upgrade PCRE 6.1 to 6.2 in JavaScriptCore
-
-        Merged ToT WebKit r18483 to PEP.
-
-        * ChangeLog-oss-merges: Original ChangeLog entry.
-        * pcre/dftables.c:
-        (main):
-        * pcre/pcre.h:
-        * pcre/pcre_compile.c:
-        (read_repeat_counts):
-        (pcre_compile2):
-
-2007-07-23  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by NOBODY (obvious fix).
-
-        <rdar://problem/5354146> Exception message in LayoutTests/fast/js/regexp-charclass-crash.html doesn't match ToT WebKit
-
-        Test: LayoutTests/fast/js/regexp-charclass-crash.html.
-
-        Merged ToT WebKit r18256 to PEP.
-
-        A deleted object was accessed to prepare RegExp construction error messages.
-
-        * ChangeLog-oss-merges: Original ChangeLog entry.
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::construct): Wrap the RegExp into an OwnPtr.
-
-2007-07-23  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by Chris.
-
-        <rdar://problem/5353976> iPhone: buffer overflow: PCRE computes wrong length for expressions with quantifiers on named recursion or subexpressions
-
-        Merged ToT WebKit r23824 to PEP.
-
-        Test progression: js1_2/regexp/special_characters.js now passes.
-
-        Original commit message by Darin Adler:
-
-        It's challenging to implement proper preflighting for compiling these advanced features.
-        But we don't want them in the JavaScript engine anyway.
-
-        Turned off the following features of PCRE (some of these are simply parsed and not implemented):
-
-            \C \E \G \L \N \P \Q \U \X \Z
-            \e \l \p \u \z
-            [::] [..] [==]
-            (?#) (?<=) (?<!) (?>)
-            (?C) (?P) (?R)
-            (?0) (and 1-9)
-            (?imsxUX)
-
-        Added the following:
-
-            \u \v
-
-        Because of \v, the js1_2/regexp/special_characters.js test now passes.
-
-        To be conservative, I left some features that JavaScript doesn't want, such as
-        \012 and \x{2013}, in place. We can revisit these later; they're not directly-enough
-        related to avoiding the incorrect preflighting.
-
-        I also didn't try to remove unused opcodes and remove code from the execution engine.
-        That could save code size and speed things up a bit, but it would require more changes.
-
-        * kjs/regexp.h:
-        * kjs/regexp.cpp: (KJS::RegExp::RegExp): Remove the sanitizePattern workaround for
-        lack of \u support, since the PCRE code now has \u support.
-
-        * pcre/pcre-config.h: Set JAVASCRIPT to 1.
-        * pcre/pcre_internal.h: Added ESC_v.
-
-        * pcre/pcre_compile.c: Added a different escape table for when JAVASCRIPT is set that
-        omits all the escapes we don't want interpreted and includes '\v'.
-        (check_escape): Put !JAVASCRIPT around the code for '\l', '\L', '\N', '\u', and '\U',
-        and added code to handle '\u2013' inside JAVASCRIPT.
-        (compile_branch): Put !JAVASCRIPT if around all the code implementing the features we
-        don't want.
-        (pcre_compile2): Ditto.
-
-        * ChangeLog-oss-merges: Original ChangeLog entry.
-
-2007-07-23  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by NOBODY (make testkjs build and link).
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added testkjs.cpp and JavaScriptCore.framework
-        to testkjs target so it will build and link.
-
-2007-07-23  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by Chris.
-
-        <rdar://problem/5353974> iPhone: buffer overflow: PCRE computes length wrong for expressions such as "[**]"
-
-        Merged ToT WebKit r24430 to PEP.
-
-        Test: fast/js/regexp-charclass-crash.html
-
-        * ChangeLog-oss-merges: Original ChangeLog entry.
-        * pcre/pcre_compile.c:
-        (pcre_compile2): Fix the preflight code that calls check_posix_syntax to match the
-        actual regular expression compilation code; before it was missing the check of the
-        first character.
-
-2007-07-06  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by NOBODY (test code).
-
-        Fixed typos introduced in r11090.  Also fixed code indentation.
-
-        * API/minidom.c:
-        (main): Changed name of default script from "minicom.js" to "minidom.js".
-        * API/testapi.c:
-        (main): Changed name of default script from "minicom.js" to "testapi.js".
-
-2007-06-25  Andre Boule  <aboule@apple.com>
-
-        Reviewed by francisco.
-       Checking in these two patches:
-       http://trac.webkit.org/projects/webkit/changeset/17862
-       http://trac.webkit.org/projects/webkit/changeset/18182
-       They are both related to unicode in javascript RegExp expressions.
-       Fixes:
-       <rdar://problem/5265583> Cypress: browser crashed 5 times - QC 30438
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp):
-        (KJS::RegExp::~RegExp):
-        (KJS::RegExp::match):
-        (KJS::RegExp::sanitizePattern):
-        (KJS::RegExp::isHexDigit):
-        (KJS::RegExp::convertHex):
-        (KJS::RegExp::convertUnicode):
-        * kjs/regexp.h:
-        (KJS::RegExp::flags):
-        (KJS::RegExp::isValid):
-        (KJS::RegExp::errorMessage):
-        (KJS::RegExp::subPatterns):
-        * kjs/regexp_object.cpp:
-        (RegExpObjectImp::construct):
-        (RegExpObjectImp::callAsFunction):
-        * kjs/ustring.cpp:
-        (KJS::UString::append):
-
-2007-05-07  David Kilzer  <ddkilzer@apple.com>
-
-        Reviewed by Chris.
-
-        <rdar://problem/5181388> JavaScriptCore strlcpy() buffer overrun
-
-        ---P2 Submission Information---
-        - Risk level: Low
-        - Risk details:
-          - No risk in changes to prevent buffer overflows in strlcpy() and strncpy().
-          - One assert() call was added to UString::from(double) to stop buffer overflows in
-            extreme cases.  Matches existing assert() used in a similar situation in 
-            NumberProtoFunc::callAsFunction().
-        - Code reviewed by: Chris Blumenberg
-        - Testing details:
-          - Ran and passed all PEP Layout Tests.
-          - Run through various MobileSafari stress tests (hitting random URLs).
-          - Ran changes through testkjs with ToT WebKit with no regressions reported.
-            (The testjks test harness doesn't currrently compile on PEP JavaScriptCore.)
-
-        * kjs/number_object.cpp:
-        (NumberProtoFunc::callAsFunction): Fix potential buffer overflows in strlcpy().
-        * kjs/ustring.cpp:
-        (KJS::UString::from): Fix potential buffer overflows in strlcpy() and strncpy().
-        Added assert() for section of code that does not check buflength.
-
-2007-02-26  Andre Boule  <aboule@apple.com>
-
-        Reviewed by me.
-       Merged in a crasher fix from TOT webkit:
-
-        Patch by Darin and me, reviewed by Maciej.
-
-        Fixed <rdar://problem/4518397> REGRESSION(?): Oft-seen but unrepro crash 
-              in JavaScript garbage collection (KJS::Collector::collect())
-               <rdar://problem/4752492> Crash in KJS::collect
-              
-        The issue here was allocating one garbage-collected object in the midst 
-        of allocating a second garbage-collected object. In such a case, the
-        zeroIfFree word lies.
-
-
-        * kjs/collector.cpp:
-        (KJS::Collector::collect):
-
-2006-11-12  Andre Boule  <aboule@apple.com>
-
-        Reviewed by me.
-       <rdar://problem/4771699> Cap Javascript max allocation size to 10MB
-
-       Indeed JavaScriptCore already had a max memory feature built in, and throws a javascript
-       exception when reaching a max number of nodes. I tested this existing javascript node cap 
-       and it does indeed work! The default size limit is 500000 nodes. At 50kb each (conservative 
-       estimate), that's 23MB. I think an appropriate fix for this bug is to simply cut that 
-       number down to 210000, or approximately 10MB.
-
-        * kjs/collector.h:
-
-2006-09-29  Andre Boule  <aboule@apple.com>
-
-        Reviewed by me.
-       Making mmap tag -1 on simulator like it was before.
-
-        * wtf/TCSystemAlloc.cpp:
-
-2006-09-13  Andre Boule  <aboule@apple.com>
-
-        Reviewed by rjw, eric albert.
-       <rdar://problem/4590483> crashin markStackObjectsConservatively - need a more proper fix
-       NSInvocation would create a separate stack which messed up our JS GC.
-       We had a hack in place to work around this.
-       Foundation NSInvocation has been changed to not do the separate stack, so our hack
-       is not necessary anymore. Taking it out.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::markCurrentThreadConservatively):
-
-2006-07-25  Andre Boule  <aboule@apple.com>
-
-        Reviewed by rjw.
-       Fast allocator enabled in Deployment configs.
-       Plt improves almost 10%
-       <rdar://problem/4637739>
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-        * wtf/FastMalloc.cpp:
-        * wtf/FastMalloc.h:
-        (operator delete[]):
-
-2006-06-16  Andre Boule  <aboule@apple.com>
-
-        Reviewed by Kosut, Albert.
-       temporary workaround for : <rdar://problem/4588784> crashin markStackObjectsConservatively
-       
-
-        * kjs/collector.cpp:
-        (KJS::Collector::markCurrentThreadConservatively):
-
-
-2005-09-22 Andre Boule <aboule@apple.com>
-
-       Reviewed by RJW
-
-       -Enabled BINDINGS
-       -Java related bindings #ifs renamed to BINDINGS_JAVA, which remains off.
-
-2005-09-21  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-09-20  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by Geoff and partly by Darin.
-        
-            - fixed http://bugzilla.opendarwin.org/post_bug.cgi
-            (Reduce conflicts in JavaScriptCore grammar)
-        
-            This change gets us down from over 200 shift/reduce and 45 reduce/reduce to
-            9 shift/reduce and 45 reduce/reduce.
-        
-                * kjs/grammar.y:
-                * kjs/grammar_types.h: Removed.
-                * kjs/lexer.cpp:
-                * kjs/nodes.h:
-                (KJS::Node::isGroupNode):
-                (KJS::Node::isLocation):
-                (KJS::Node::isResolveNode):
-                (KJS::Node::isBracketAccessorNode):
-                (KJS::Node::isDotAccessorNode):
-                (KJS::ResolveNode::isLocation):
-                (KJS::ResolveNode::isResolveNode):
-                (KJS::ResolveNode::identifier):
-                (KJS::GroupNode::isGroupNode):
-                (KJS::GroupNode::leafNode):
-                (KJS::BracketAccessorNode::isLocation):
-                (KJS::BracketAccessorNode::isBracketAccessorNode):
-                (KJS::BracketAccessorNode::base):
-                (KJS::BracketAccessorNode::subscript):
-                (KJS::DotAccessorNode::isLocation):
-                (KJS::DotAccessorNode::isDotAccessorNode):
-                (KJS::DotAccessorNode::base):
-                (KJS::DotAccessorNode::identifier):
-                (KJS::FuncExprNode::FuncExprNode):
-                (KJS::FuncExprNode::identifier):
-                (KJS::FuncDeclNode::FuncDeclNode):
-                (KJS::FuncDeclNode::execute):
-        
-        2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-        
-                - Oops. The 4263434 change was only appropriate on the branch. Rolling out.
-                
-                Reviewed by eric.
-                
-                * kjs/internal.cpp:
-                (KJS::InterpreterImp::mark):
-        
-        2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-        
-                - More changes needed to fix <rdar://problem/4214783> 8F29 REGRESSION(Denver/Chardonnay):
-                  kjs_fast_malloc crash due to lack of locking on multiple threads (seen selecting volumes in
-                  the installer)
-                  
-                Added InterpreterLocks in some places in the bindings we missed before.
-                
-                Reviewed by john.
-        
-                * bindings/runtime_root.cpp:
-                (KJS::Bindings::addNativeReference):
-                (KJS::Bindings::removeNativeReference):
-                (RootObject::removeAllNativeReferences):
-                * bindings/runtime_root.h:
-                (KJS::Bindings::RootObject::~RootObject):
-                (KJS::Bindings::RootObject::setRootObjectImp):
-        
-        2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-        
-                - Fixed <rdar://problem/4263434> <rdar://problem/4263434> Denver 8F29 Regression:
-                  KJS::InterpreterImp::mark() crash
-                  
-                Fix by mjs, review by me.
-        
-                * kjs/internal.cpp:
-                (KJS::InterpreterImp::mark): Added a null check on globExec in case a
-                garbage collection occurs inside InterpreterImp::globalInit (called
-                from InterpreterImp::InterpreterImp), at which point globExec has not yet been initialized.
-        
-        2005-09-20  Geoffrey Garen  <ggaren@apple.com>
-        
-                - Rolled in fix for http://bugzilla.opendarwin.org/show_bug.cgi?id=4892
-                  Date constructor has problems with months larger than 11
-        
-                Test cases added:
-        
-                * layout-tests/fast/js/date-big-constructor-expected.txt: Added.
-                * layout-tests/fast/js/date-big-constructor.html: Added.
-        
-                Reviewed by darin.
-        
-                * kjs/date_object.cpp:
-                (KJS::fillStructuresUsingDateArgs):
-                (KJS::makeTime):
-        
-        2005-09-19  Geoffrey Garen  <ggaren@apple.com>
-        
-                - Fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=5028
-                  9 layout tests fail following the change from long to int
-                  
-                - Rolled out changes to simple_number.h, and added fits(long long) 
-                  and SimpleNumber::fits(unsigned long long) to the old system.
-                
-                Reviewed by mjs.
-        
-                * kjs/simple_number.h:
-                (KJS::SimpleNumber::):
-                (KJS::SimpleNumber::value):
-                (KJS::SimpleNumber::fits):
-                (KJS::SimpleNumber::integerFits):
-                (KJS::SimpleNumber::make):
-        
-        2005-09-14  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by Geoff.
-        
-            - fixed <rdar://problem/4214783> REGRESSION: kjs_fast_malloc crash due to lack of locking on multiple threads (seen selecting volumes in the installer)
-        
-            Make sure to lock using the InterpreterLock class in all places that need it
-            (including anything that uses the collector, the parser, the protect count hash table,
-            and anything that allocates via fast_malloc).
-        
-            Also added assertions to ensure that the locking rules are followed for the relevant
-            resources.
-        
-                * Makefile.am:
-                * bindings/NP_jsobject.cpp:
-                (identifierFromNPIdentifier):
-                (_NPN_Invoke):
-                (_NPN_Evaluate):
-                (_NPN_GetProperty):
-                (_NPN_SetProperty):
-                (_NPN_RemoveProperty):
-                (_NPN_HasProperty):
-                (_NPN_HasMethod):
-                (_NPN_SetException):
-                * bindings/jni/jni_jsobject.cpp:
-                (JSObject::call):
-                (JSObject::eval):
-                (JSObject::getMember):
-                (JSObject::setMember):
-                (JSObject::removeMember):
-                (JSObject::getSlot):
-                (JSObject::setSlot):
-                (JSObject::toString):
-                (JSObject::convertJObjectToValue):
-                * bindings/objc/WebScriptObject.mm:
-                (-[WebScriptObject callWebScriptMethod:withArguments:]):
-                (-[WebScriptObject evaluateWebScript:]):
-                (-[WebScriptObject setValue:forKey:]):
-                (-[WebScriptObject valueForKey:]):
-                (-[WebScriptObject removeWebScriptKey:]):
-                (-[WebScriptObject stringRepresentation]):
-                (-[WebScriptObject webScriptValueAtIndex:]):
-                (-[WebScriptObject setWebScriptValueAtIndex:value:]):
-                (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-                * bindings/runtime.cpp:
-                (Instance::createRuntimeObject):
-                * bindings/runtime_root.h:
-                * bindings/testbindings.cpp:
-                (main):
-                * bindings/testbindings.mm:
-                (main):
-                * kjs/fast_malloc.cpp:
-                (KJS::kjs_fast_malloc):
-                (KJS::kjs_fast_calloc):
-                (KJS::kjs_fast_free):
-                (KJS::kjs_fast_realloc):
-                * kjs/fast_malloc.h:
-                * kjs/identifier.h:
-                * kjs/internal.cpp:
-                (InterpreterImp::InterpreterImp):
-                (InterpreterImp::clear):
-                (InterpreterImp::mark):
-                (InterpreterImp::checkSyntax):
-                (InterpreterImp::evaluate):
-                * kjs/internal.h:
-                (KJS::InterpreterImp::globalObject):
-                * kjs/interpreter.cpp:
-                (Interpreter::evaluate):
-                * kjs/interpreter.h:
-                (KJS::InterpreterLock::InterpreterLock):
-                (KJS::InterpreterLock::~InterpreterLock):
-                * kjs/nodes.h:
-                * kjs/protect.h:
-                (KJS::ProtectedValue::ProtectedValue):
-                (KJS::ProtectedValue::~ProtectedValue):
-                (KJS::ProtectedValue::operator=):
-                (KJS::ProtectedObject::ProtectedObject):
-                (KJS::ProtectedObject::~ProtectedObject):
-                (KJS::ProtectedObject::operator=):
-                (KJS::ProtectedReference::ProtectedReference):
-                (KJS::ProtectedReference::~ProtectedReference):
-                (KJS::ProtectedReference::operator=):
-                * kjs/protected_object.h:
-                * kjs/protected_values.cpp:
-                (KJS::ProtectedValues::getProtectCount):
-                (KJS::ProtectedValues::increaseProtectCount):
-                (KJS::ProtectedValues::decreaseProtectCount):
-                * kjs/string_object.cpp:
-                (StringObjectImp::StringObjectImp):
-                * kjs/testkjs.cpp:
-                (main):
-        
-        2005-09-16  Adele Peterson  <adele@apple.com>
-        
-                Change by Darin, reviewed by me and Maciej.
-        
-                Fixes http://bugzilla.opendarwin.org/show_bug.cgi?id=4547
-                use int instead of long for 32-bit (to prepare for LP64 compiling)
-        
-                * bindings/c/c_class.h:
-                (KJS::Bindings::CClass::constructorAt):
-                (KJS::Bindings::CClass::numConstructors):
-                * bindings/c/c_runtime.h:
-                (KJS::Bindings::CMethod::numParameters):
-                * bindings/jni/jni_class.cpp:
-                (JavaClass::JavaClass):
-                * bindings/jni/jni_class.h:
-                (KJS::Bindings::JavaClass::constructorAt):
-                (KJS::Bindings::JavaClass::numConstructors):
-                * bindings/jni/jni_instance.cpp:
-                (JavaInstance::invokeMethod):
-                * bindings/jni/jni_jsobject.cpp:
-                (JSObject::convertJObjectToValue):
-                (JSObject::listFromJArray):
-                * bindings/jni/jni_runtime.cpp:
-                (JavaMethod::JavaMethod):
-                * bindings/jni/jni_runtime.h:
-                (KJS::Bindings::JavaConstructor::_commonCopy):
-                (KJS::Bindings::JavaConstructor::parameterAt):
-                (KJS::Bindings::JavaConstructor::numParameters):
-                (KJS::Bindings::JavaMethod::_commonCopy):
-                (KJS::Bindings::JavaMethod::parameterAt):
-                (KJS::Bindings::JavaMethod::numParameters):
-                * bindings/npapi.h:
-                * bindings/objc/WebScriptObject.mm:
-                (listFromNSArray):
-                * bindings/objc/objc_class.h:
-                (KJS::Bindings::ObjcClass::constructorAt):
-                (KJS::Bindings::ObjcClass::numConstructors):
-                * bindings/objc/objc_instance.h:
-                * bindings/objc/objc_runtime.h:
-                * bindings/objc/objc_runtime.mm:
-                (ObjcMethod::numParameters):
-                * bindings/runtime.h:
-                * kjs/identifier.h:
-                * kjs/internal.h:
-                * kjs/property_slot.h:
-                (KJS::PropertySlot::setCustomIndex):
-                (KJS::PropertySlot::index):
-                (KJS::PropertySlot::):
-                * kjs/regexp_object.cpp:
-                (RegExpObjectImp::backrefGetter):
-                (RegExpObjectImp::getOwnPropertySlot):
-                * kjs/simple_number.h:
-                (KJS::SimpleNumber::):
-                (KJS::SimpleNumber::value):
-                (KJS::SimpleNumber::fits):
-                (KJS::SimpleNumber::integerFits):
-                (KJS::SimpleNumber::make):
-                * kjs/string_object.cpp:
-                (substituteBackreferences):
-                * kjs/ustring.cpp:
-                (KJS::UString::from):
-                (KJS::UString::toUInt32):
-                (KJS::UString::find):
-                (KJS::UString::rfind):
-                * kjs/ustring.h:
-                * kjs/value.cpp:
-                (KJS::jsNumber):
-                * kjs/value.h:
-
-2005-09-13  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-09-10  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-        
-                Reviewed and landed by Darin.
-        
-                * Makefile.vc: Added.
-                * README-Win32.txt: Added.
-        
-        2005-09-10  Darin Adler  <darin@apple.com>
-        
-                - fixed compilation for WebCore (another try)
-        
-                * kjs/simple_number.h: Added more "using" lines.
-        
-        2005-09-10  Darin Adler  <darin@apple.com>
-        
-                - fixed compilation for WebCore
-        
-                * kjs/simple_number.h: Have to include <cmath> here to work around a bug in the GCC
-                standard C++ library headers.
-        
-        2005-09-10  Darin Adler  <darin@apple.com>
-        
-                Windows changes by Krzysztof Kowalczyk <kkowalczyk@gmail.com>.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4870
-                  win portability: fix IS_NEGATIVE_ZERO macro in simple_number.h
-        
-                * kjs/simple_number.h:
-                (KJS::isNegativeZero): Added. Inline function. Has a case for Windows that
-                uses _fpclass and a case for other platforms that uses signbit.
-                (KJS::SimpleNumber::fits): Use inline isNegativeZero instead of macro IS_NEGATIVE_ZERO.
-        
-                * kjs/internal.cpp: Remove definition of now-unneeded negZero global.
-        
-                * kjs/value.cpp: Touched the file because Xcode didn't know it needed to
-                recompile it.
-        
-                - improved test engine
-        
-                * tests/mozilla/jsDriver.pl: Sort tests in numeric order instead of using
-                a plain-ASCII sort; now test 33 will be after test 5 in any given set of
-                numbered tests.
-        
-        2005-09-08  Darin Adler  <darin@apple.com>
-        
-                - fixed overloaded versions of throwError so that they substitute *all* 
-                  expected parameters into the message string -- some versions used to
-                  skip parameters, resulting in "%s" being printed in the error message.
-                
-                Reviewed by Geoff.
-        
-                * kjs/nodes.h: Updated declarations to use "const &" and not to name parameters
-                * kjs/nodes.cpp: (Node::throwError): Updated to match above and add one missing
-                call to substitute.
-        
-        2005-09-08  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Geoff.
-        
-                - updated to PCRE 6.1
-        
-                The original PCRE 6.1 sources are checked into the tree with the tag
-                "pcre-6-1" for reference. What we're checking in right now is the original
-                plus our changes to make it support UTF-16 and at least one other tweak
-                (vertical tab considered whitespace). Our work to get our changes was
-                done on "pcre-6-1-branch", with an anchor at "pcre-6-1-anchor" so you can
-                see the evolution of the UTF-16 changes.
-                
-                Note also that there was one small change made here that's not on the branch
-                in pcre_compile.c.
-        
-                * Info.plist: Updated the part of the copyright message that's about PCRE.
-        
-                * JavaScriptCore.xcodeproj/project.pbxproj: Added new PCRE source files,
-                removed obsolete ones.
-        
-                * pcre/AUTHORS: Updated to PCRE 6.1. Includes credits for Apple's UTF-16
-                changes, but not the credits for Google's C++ wrapper, since we don't include that.
-                * pcre/COPYING: Updated to PCRE 6.1.
-                * pcre/LICENCE: Ditto.
-                * pcre/dftables.c: Ditto.
-                * pcre/pcre-config.h: Ditto.
-                * pcre/pcre.h: Ditto.
-        
-                * pcre/pcre_compile.c: Added for PCRE 6.1.
-                * pcre/pcre_config.c: Ditto.
-                * pcre/pcre_exec.c: Ditto.
-                * pcre/pcre_fullinfo.c: Ditto.
-                * pcre/pcre_get.c: Ditto.
-                * pcre/pcre_globals.c: Ditto.
-                * pcre/pcre_info.c: Ditto.
-                * pcre/pcre_internal.h: Ditto.
-                * pcre/pcre_maketables.c: Ditto.
-                * pcre/pcre_ord2utf8.c: Ditto.
-                * pcre/pcre_printint.c: Ditto.
-                * pcre/pcre_refcount.c: Ditto.
-                * pcre/pcre_study.c: Ditto.
-                * pcre/pcre_tables.c: Ditto.
-                * pcre/pcre_try_flipped.c: Ditto.
-                * pcre/pcre_ucp_findchar.c: Ditto.
-                * pcre/pcre_version.c: Ditto.
-                * pcre/pcre_xclass.c: Ditto.
-                * pcre/ucp.h: Ditto.
-                * pcre/ucp_findchar.c: Ditto.
-                * pcre/ucpinternal.h: Ditto.
-                * pcre/ucptable.c: Ditto.
-        
-                * pcre/get.c: Removed.
-                * pcre/internal.h: Removed.
-                * pcre/maketables.c: Removed.
-                * pcre/pcre.c: Removed.
-                * pcre/study.c: Removed.
-
-2005-09-08  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-09-07  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4781
-                Date.setMonth fails with big values due to overflow
-        
-                Reviewed by darin.
-        
-                * kjs/date_object.cpp:
-                (timetUsingCF): for consistency, changed return statement to invalidDate instead of LONG_MAX
-                (KJS::fillStructuresUsingTimeArgs): modified for readability
-                (KJS::fillStructuresUsingDateArgs): new function analogous to fillStructuresUsingTimeArgs
-                (KJS::DateProtoFuncImp::callAsFunction): modified to use fillStructuresUsingDateArgs
-                (KJS::DateObjectImp::construct): moved variable declaration to proper scope
-                (KJS::DateObjectFuncImp::callAsFunction): moved variable declaration to proper scope
-        
-        2005-09-07  Geoffrey Garen  <ggaren@apple.com>
-                -updated expected test results to reflect fix for 
-                http://bugzilla.opendarwin.org/show_bug.cgi?id=4698
-                kjs does not allow named functions in function expressions
-         
-                * tests/mozilla/expected.html:
-
-2005-09-07  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-09-04  Darin Adler  <darin@apple.com>
-        
-               * kjs/identifier.cpp: Fix comment, add missing include.
-               (Follow-on to changes from yesterday.)
-        
-        2005-09-03  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-        
-               Reviewed, tweaked and landed by Darin.
-        
-               - another try at some of the Windows compilation fixes
-                 should fix these bugs: 4546, 4831, 4834, 4643, 4830, 4832, 4833, 4835
-        
-               * kjs/collector.cpp: Add missing <setjmp.h> include.
-               * kjs/date_object.cpp: Fix broken copysign macro.
-               * kjs/dtoa.cpp: Move macro definitions down after all header includes.
-               * kjs/fast_malloc.cpp: Add missing <assert.h> and <stddef.h> includes.
-               * kjs/function.cpp: Remove broken isxdigit definition.
-               * kjs/grammar.y: Add a missing semicolon (and remove an excess one).
-               * kjs/identifier.cpp: Turn off AVOID_STATIC_CONSTRUCTORS because the placement new syntax
-               doesn't seem to work in Visual C++ (I'm surprised to hear that, by the way).
-               * kjs/value.h: Made ValueImp's destructor virtual because otherwise pointers to ValueImp
-               on the stack aren't right for garbage collection on Windows (don't think it works that
-               way with gcc's virtual table scheme, but it's a harmless change).
-        
-        2005-09-03  Krzysztof Kowalczyk  <kkowalczyk@gmail.com>
-        
-               Reviewed, tweaked and landed by Darin.
-        
-               - some Windows compilation fixes, hoping to fix the problems reported in these bugs:
-                 4627, 4629, 4630, 4631, 4632, 4633, 4634, 4635, 4636, 4637, 4639, 4640, 4641, 4644, 4645
-        
-               * kjs/collector.cpp: Include <windows.h> on WIN32. Put thread-related code inside
-               KJS_MULTIPLE_THREADS #if directives.
-               (KJS::Collector::markCurrentThreadConservatively): Use NT_TIB to find the stack base on Win32.
-        
-               * kjs/config.h: Define HAVE_SYS_TIMEB_H for Win32.
-        
-               * kjs/date_object.cpp: Add include of <limits.h>. Add definitions of strncasecmp, isfinite, and
-               copysign for Win32.
-               (KJS::KRFCDate_parseDate): Move "errno = 0" line down closer to the first call to strol -- I believe
-               that on Win32 there's some other call before that setting errno.
-        
-               * kjs/date_object.h: Remove unneeded include of <sys/time.h>.
-        
-               * kjs/dtoa.cpp: Add an undef of strtod, needed on Win32.
-        
-               * kjs/fast_malloc.cpp: Put #if !WIN32 around some customization that's not appropriate on Win32.
-               (KJS::region_list_append): Add a missing cast so this Win32-specific function compiles in C++.
-               (KJS::sbrk): Change parameter type to match the declaration.
-        
-               * kjs/function.cpp: (isxdigit): Define a locale-independent isxdigit on Win32.
-        
-               * kjs/function.h: Remove unneeded friend class Function for FunctionImp.
-        
-               * kjs/identifier.cpp: Took out the APPLE_CHANGES from around the AVOID_STATIC_CONSTRUCTORS
-               define. We ultimately intend to phase out APPLE_CHANGES entirely. Also fix the
-               non-AVOID_STATIC_CONSTRUCTORS code path.
-        
-               * kjs/internal.cpp: Remove uneeded include of <strings.h>, which was confused with <string.h>!
-               Add a Win32 implementation of copysign. Put the threads code inside KJS_MULTIPLE_THREADS.
-        
-               * kjs/internal.h: Define a KJS_MULTIPLE_THREADS macro on non-Win32 only. Later we can make this
-               specific to Mac OS X if we like.
-        
-               * kjs/interpreter_map.cpp: Add missing include of <stdlib.h>.
-        
-               * kjs/list.cpp:
-               (KJS::ListImp::markValues): Use std::min instead of MIN.
-               (KJS::List::copy): Ditto.
-               (KJS::List::copyTail): Ditto.
-        
-               * kjs/math_object.cpp: (signbit): Add a Win32 implementation of signbit.
-        
-               * kjs/nodes.cpp: (Node::finalCheck): Use unsigned instead of uint.
-               Put the use of always_inline inside __GNUC__.
-        
-               * kjs/number_object.cpp: (NumberProtoFuncImp::callAsFunction): Use "10.0" instead of "10"
-               inside all the calls to pow to avoid ambiguity caused by overloading of pow on Win32, seen
-               when passing an int rather than a double or float.
-        
-               * kjs/operations.cpp:
-               (KJS::isInf): Add Win32 implementation.
-               (KJS::isPosInf): Add Win32 implementation.
-               (KJS::isNegInf): Add Win32 implementation.
-        
-               * kjs/regexp.cpp: Use unsigned instead of uint.
-               * kjs/regexp.h: Ditto.
-               * kjs/regexp_object.cpp: Ditto.
-               * kjs/regexp_object.h: Ditto.
-        
-        2005-09-02  Beth Dakin  <bdakin@apple.com>
-        
-               Fix for <rdar://problem/4235531> Denver Regression: Safari crash in KWQStringData::makeUnicode
-            The other half of the fix is in WebCore.
-        
-            Fix written by Maciej and Darin.
-            Reviewed by me/Maciej
-        
-            As Maciej said in Radar: These problems was caused by a conflict between some of our custom 
-            allocators, causing them to return null. Symptom is typically a null pointer dereference in 
-            a place where it might be expected an allocation has just occurred.
-        
-               * kjs/fast_malloc.cpp:  Added #define for MORECORE_CONTIGUOUS, MORECORE_CANNOT_TRIM, 
-                        and MALLOC_FAILURE_ACTION.
-        
-        2005-08-31  Geoffrey Garen  <ggaren@apple.com>
-        
-               -rolled in fix for http://bugzilla.opendarwin.org/show_bug.cgi?id=4698
-               kjs does not allow named functions in function expressions
-               
-               Fix by Arthur Langereis.
-               
-               Reviewed by darin.
-               
-               * kjs/grammar.y:
-               * kjs/nodes.cpp:
-               (FuncExprNode::evaluate):
-               * kjs/nodes.h:
-               (KJS::FuncExprNode::FuncExprNode):
-        
-               Test cases added:
-        
-               * layout-tests/fast/js/named-function-expression-expected.txt: Added.
-               * layout-tests/fast/js/named-function-expression.html: Added.
-               
-2005-09-02 Andre Boule <aboule@apple.com>
-
-       Removed OS X target from project.
-
-       * JavaScriptCore.xcodeproj/project.pbxproj
-
-2005-08-31  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in new file from the opensource tree.
-
-        2005-08-31  Justin Haygood  <justin@xiondigital.net>
-        
-                Reviewed, tweaked, and landed by Darin.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4085
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4087
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4096
-                  Some fixes for compiling on windows.
-        
-                * kjs/config.h: Added a WIN32 case in here, with suitable defines.
-                (To be tweaked as necessary.)
-                * kjs/function.cpp: Took out APPLE_CHANGES around use of ICU.
-                * kjs/operations.cpp: Removed some bogus code that always set HAVE_FLOAT_H.
-        
-        2005-08-30  Darin Adler  <darin@apple.com>
-        
-                Reviewed by John Sullivan.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4758
-                  unify SharedPtr in WebCore and JavaScriptCore
-        
-                * kjs/shared_ptr.h: Updated namespace to KXMLCore instead of kxhmlcore.
-                Made a few small improvements to use local variables a bit more and added
-                an "operator int" to reduce the chance that we'll convert a SharedPtr to
-                an int by accident. Also made the == operators normal functions rather than
-                friend functions, added a couple of comemnts.
-        
-                * kjs/function.h: Updated for namespace change.
-                * kjs/function.cpp: Ditto.
-                * kjs/function_object.cpp: Ditto.
-                * kjs/internal.h: Ditto.
-                * kjs/internal.cpp: Ditto.
-                * kjs/nodes.h: Ditto.
-                * kjs/nodes2string.cpp: Ditto.
-
-2005-08-29  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Fixing busted Xcode reference to shared_ptr.h.
-
-2005-08-29  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in new file from the opensource tree.
-
-        * kjs/shared_ptr.h: Added.
-
-2005-08-29  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-08-26  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by John.
-        
-            <rdar://problem/4224911> many many leaks in kjsyyparse with malformed Javascript        
-        
-            Record all nodes that are created during parsing, and delete any
-            that are left floating with a refcount of 0.
-            
-            * kjs/internal.cpp:
-                (KJS::Parser::saveNewNode):
-                (KJS::clearNewNodes):
-                (KJS::Parser::parse):
-                * kjs/internal.h:
-                * kjs/nodes.cpp:
-                (Node::Node):
-                * kjs/nodes.h:
-                (KJS::Node::refcount):
-        
-        2005-08-26  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by John.
-        
-            - fixed <rdar://problem/4232452> many many leaks in kjsyyparse on some well-formed JavaScript (can repro on sony.com, webkit tests)
-                
-            Fixed by changing the refcounting scheme for nodes. Instead of each node implementing a custom ref and
-            deref for all its children (and being responsible for deleting them), nodes use a smart pointer to
-            hold their children, and smart pointers are used outside the node tree as well. This change mostly
-            removes code.
-            
-            * JavaScriptCore.xcodeproj/project.pbxproj:
-                * kjs/function.cpp:
-                (KJS::DeclaredFunctionImp::DeclaredFunctionImp):
-                (KJS::GlobalFuncImp::callAsFunction):
-                * kjs/function.h:
-                * kjs/function_object.cpp:
-                (FunctionObjectImp::construct):
-                * kjs/grammar.y:
-                * kjs/internal.cpp:
-                (KJS::Parser::parse):
-                (KJS::Parser::accept):
-                (KJS::InterpreterImp::checkSyntax):
-                (KJS::InterpreterImp::evaluate):
-                * kjs/internal.h:
-                * kjs/nodes.cpp:
-                (Node::Node):
-                (Node::~Node):
-                (ElementNode::evaluate):
-                (PropertyValueNode::evaluate):
-                (ArgumentListNode::evaluateList):
-                (NewExprNode::evaluate):
-                (FunctionCallValueNode::evaluate):
-                (FunctionCallBracketNode::evaluate):
-                (FunctionCallDotNode::evaluate):
-                (RelationalNode::evaluate):
-                (StatListNode::execute):
-                (StatListNode::processVarDecls):
-                (VarDeclListNode::evaluate):
-                (VarDeclListNode::processVarDecls):
-                (ForInNode::ForInNode):
-                (ClauseListNode::processVarDecls):
-                (CaseBlockNode::evalBlock):
-                (FuncDeclNode::processFuncDecl):
-                (FuncExprNode::evaluate):
-                (SourceElementsNode::execute):
-                (SourceElementsNode::processFuncDecl):
-                (SourceElementsNode::processVarDecls):
-                * kjs/nodes.h:
-                (KJS::Node::ref):
-                (KJS::Node::deref):
-                (KJS::NumberNode::NumberNode):
-                (KJS::GroupNode::GroupNode):
-                (KJS::ElementNode::ElementNode):
-                (KJS::ArrayNode::ArrayNode):
-                (KJS::PropertyValueNode::PropertyValueNode):
-                (KJS::ObjectLiteralNode::ObjectLiteralNode):
-                (KJS::BracketAccessorNode::BracketAccessorNode):
-                (KJS::DotAccessorNode::DotAccessorNode):
-                (KJS::ArgumentListNode::ArgumentListNode):
-                (KJS::ArgumentsNode::ArgumentsNode):
-                (KJS::NewExprNode::NewExprNode):
-                (KJS::FunctionCallValueNode::FunctionCallValueNode):
-                (KJS::FunctionCallResolveNode::FunctionCallResolveNode):
-                (KJS::FunctionCallBracketNode::FunctionCallBracketNode):
-                (KJS::FunctionCallDotNode::FunctionCallDotNode):
-                (KJS::PostfixNode::PostfixNode):
-                (KJS::DeleteNode::DeleteNode):
-                (KJS::VoidNode::VoidNode):
-                (KJS::TypeOfNode::TypeOfNode):
-                (KJS::PrefixNode::PrefixNode):
-                (KJS::UnaryPlusNode::UnaryPlusNode):
-                (KJS::NegateNode::NegateNode):
-                (KJS::BitwiseNotNode::BitwiseNotNode):
-                (KJS::LogicalNotNode::LogicalNotNode):
-                (KJS::MultNode::MultNode):
-                (KJS::AddNode::AddNode):
-                (KJS::ShiftNode::ShiftNode):
-                (KJS::RelationalNode::RelationalNode):
-                (KJS::EqualNode::EqualNode):
-                (KJS::BitOperNode::BitOperNode):
-                (KJS::BinaryLogicalNode::BinaryLogicalNode):
-                (KJS::ConditionalNode::ConditionalNode):
-                (KJS::AssignResolveNode::AssignResolveNode):
-                (KJS::AssignBracketNode::AssignBracketNode):
-                (KJS::AssignDotNode::AssignDotNode):
-                (KJS::CommaNode::CommaNode):
-                (KJS::AssignExprNode::AssignExprNode):
-                (KJS::VarDeclListNode::VarDeclListNode):
-                (KJS::VarStatementNode::VarStatementNode):
-                (KJS::ExprStatementNode::ExprStatementNode):
-                (KJS::IfNode::IfNode):
-                (KJS::DoWhileNode::DoWhileNode):
-                (KJS::WhileNode::WhileNode):
-                (KJS::ForNode::ForNode):
-                (KJS::ReturnNode::ReturnNode):
-                (KJS::WithNode::WithNode):
-                (KJS::CaseClauseNode::CaseClauseNode):
-                (KJS::ClauseListNode::ClauseListNode):
-                (KJS::ClauseListNode::clause):
-                (KJS::ClauseListNode::next):
-                (KJS::SwitchNode::SwitchNode):
-                (KJS::LabelNode::LabelNode):
-                (KJS::ThrowNode::ThrowNode):
-                (KJS::CatchNode::CatchNode):
-                (KJS::FinallyNode::FinallyNode):
-                (KJS::TryNode::TryNode):
-                (KJS::ParameterNode::ParameterNode):
-                (KJS::ParameterNode::nextParam):
-                (KJS::FuncDeclNode::FuncDeclNode):
-                (KJS::FuncExprNode::FuncExprNode):
-                * kjs/nodes2string.cpp:
-                (KJS::SourceStream::operator<<):
-                (ElementNode::streamTo):
-                (PropertyValueNode::streamTo):
-                (ArgumentListNode::streamTo):
-                (StatListNode::streamTo):
-                (VarDeclListNode::streamTo):
-                (CaseBlockNode::streamTo):
-                (ParameterNode::streamTo):
-                (SourceElementsNode::streamTo):
-                * kjs/shared_ptr.h: Added.
-                (kxmlcore::SharedPtr::SharedPtr):
-                (kxmlcore::SharedPtr::~SharedPtr):
-                (kxmlcore::SharedPtr::isNull):
-                (kxmlcore::SharedPtr::notNull):
-                (kxmlcore::SharedPtr::reset):
-                (kxmlcore::SharedPtr::get):
-                (kxmlcore::SharedPtr::operator*):
-                (kxmlcore::SharedPtr::operator->):
-                (kxmlcore::SharedPtr::operator!):
-                (kxmlcore::SharedPtr::operator bool):
-                (kxmlcore::SharedPtr::operator==):
-                (kxmlcore::::operator):
-                (kxmlcore::operator!=):
-                (kxmlcore::static_pointer_cast):
-                (kxmlcore::const_pointer_cast):
-        
-        2005-08-26  Geoff Garen  <ggaren@apple.com>
-        
-                Reviewed by John.
-                Landed by Darin.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4664
-                  TOT Crash from backwards null check in WebScriptObject.mm
-        
-                * bindings/objc/WebScriptObject.mm:
-                (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
-                Remove bogus !.
-
-2005-08-26  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-    2005-08-25  Darin Adler  <darin@apple.com>
-    
-            Reviewed by John Sullivan.
-    
-            - rename KJS::UString::string() to KJS::UString::domString()
-            - rename KJS::Identifier::string() to KJS::Identifier::domString()
-    
-            * kjs/identifier.h: Renamed.
-            * kjs/ustring.h: Ditto.
-
-2005-08-23  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Turn on dead code stripping 
-        for deployment builds.
-
-2005-08-22  Andre Boule  <aboule@apple.com>
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Rename purple target to Purple
-        * Makefile.am: Support multiple target building using makefile
-
-2005-08-22  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-08-19  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Maciej.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4435
-                  speed up JavaScript by tweaking the Identifier class
-        
-                * kjs/identifier.h: Add a new global nullIdentifier and make Identifier::null a function
-                that returns it.
-                * kjs/identifier.cpp: (KJS::Identifier::init): Initialize a global for the null identifier
-                as well as all the other globals for special identifiers.
-        
-                * kjs/ustring.h: (KJS::UString::UString): Make this empty constructor inline.
-                * kjs/ustring.cpp: Remove the old non-inline version.
-        
-        2005-08-19  Mitz Pettel  <opendarwin.org@mitzpettel.com>
-        
-                Reviewed by Maciej.
-                Revised and landed by Darin.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4474
-                  REGRESSION: Crash when using in-place operator on uninitialized array element
-        
-                * kjs/nodes.cpp:
-                (AssignResolveNode::evaluate): Remove unneeded "isSet" assertion.
-                (AssignBracketNode::evaluate): Replace code that tested "isSet" with code that
-                tests the return value of getPropertySlot.
-        
-                * kjs/property_slot.h: Removed unneeded "isSet" function. Property slots are
-                either uninitialized or set. There's no "initialized and not set" state.
-        
-        2005-08-18  Adele Peterson  <adele@apple.com>
-        
-                Checked "Inline Functions Hidden" box
-        
-                * JavaScriptCore.xcodeproj/project.pbxproj:
-
-2005-08-19  Andre Boule <aboule@apple.com>
-
-        Reviewed by Me
-
-        Fixed info.plist reference in project file
-
-        * JavaScriptCore.xcodeproj/project.pbxproj
-
-2005-08-17  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-08-16  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Geoff.
-        
-                - fixed crash in one of the JavaScript tests (introduced by my throwError change)
-        
-                * kjs/nodes.cpp: (Node::setExceptionDetailsIfNeeded): Check if the exception is an
-                object before setting the file and line number properties on it. Something to think
-                about in the future -- do we really want to do this on any object that's thrown?
-                How about limiting it to error objects that were created by the JavaScript engine?
-        
-                - changed kjs_fast_malloc so we don't have two conflicting versions of the same function
-        
-                * kjs/fast_malloc.h: Took out all the ifdefs from this header.
-                * kjs/fast_malloc.cpp: Added non-NDEBUG versions of the functions that just call
-                the system malloc, and put the NDEBUG versions in an #else.
-        
-        2005-08-16  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Geoff.
-        
-                - clean up exported symbols that are not in a "KJS" namespace
-        
-                * bindings/NP_jsobject.cpp: (identiferFromNPIdentifier): Marked this function static
-                so it no longer has external linkage.
-                * bindings/c/c_utility.h: Put all this stuff inside the KJS namespace.
-                * bindings/c/c_utility.cpp: Also marked some globals static so they don't have external
-                linkage; not as important given the namespace.
-                * bindings/npruntime.cpp: Marked functions static so they no longer have internal linkage.
-                Also removed unused _NPN_SetExceptionWithUTF8 function (not in header, had C++ linkage!).
-        
-                * bindings/jni/jni_utility.cpp: (KJS::Bindings::getJavaVM): Call KJS_GetCreatedJavaVMs
-                using the soft linking header, instead of calling the JNI call. This allows processes
-                to link both JavaScriptCore and JavaVM without a symbol conflict.
-                * bindings/softlinking.c:
-                (loadFramework): Marked this function static so it no longer has external linkage.
-                (getFunctionPointer): Ditto.
-                (KJS_GetCreatedJavaVMs): Renamed this so it has a KJS prefix.
-        
-                * JavaScriptCore.xcodeproj/project.pbxproj: Added softlinking.h.
-                * bindings/softlinking.h: Added.
-        
-                * kjs/nodes2string.cpp: (streamAssignmentOperatorTo): Marked this function static so it
-                no longer has external linkage.
-        
-        2005-08-15  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Geoff.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4437
-                  clean up error creation with new throwError function
-        
-                * bindings/NP_jsobject.cpp:
-                (_NPN_SetException):
-                * bindings/jni/jni_instance.cpp:
-                (JavaInstance::invokeMethod):
-                * bindings/jni/jni_runtime.cpp:
-                (JavaField::dispatchValueFromInstance):
-                (JavaField::dispatchSetValueToInstance):
-                * bindings/objc/WebScriptObject.mm:
-                (-[WebScriptObject _initializeWithObjectImp:originExecutionContext:executionContext:]):
-                (-[WebScriptObject _initWithObjectImp:originExecutionContext:executionContext:]):
-                (+[WebScriptObject throwException:]):
-                (-[WebScriptObject setException:]):
-                (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:]):
-                * bindings/objc/objc_class.h:
-                (KJS::Bindings::ObjcClass::~ObjcClass):
-                (KJS::Bindings::ObjcClass::ObjcClass):
-                (KJS::Bindings::ObjcClass::operator=):
-                (KJS::Bindings::ObjcClass::constructorAt):
-                (KJS::Bindings::ObjcClass::numConstructors):
-                * bindings/objc/objc_header.h:
-                * bindings/objc/objc_runtime.h:
-                (KJS::Bindings::ObjcField::~ObjcField):
-                (KJS::Bindings::ObjcField::ObjcField):
-                (KJS::Bindings::ObjcField::operator=):
-                (KJS::Bindings::ObjcMethod::ObjcMethod):
-                (KJS::Bindings::ObjcMethod::~ObjcMethod):
-                (KJS::Bindings::ObjcMethod::operator=):
-                * bindings/objc/objc_runtime.mm:
-                (ObjcField::valueFromInstance):
-                (ObjcField::setValueToInstance):
-                (ObjcArray::setValueAt):
-                (ObjcArray::valueAt):
-                * bindings/objc/objc_utility.h:
-                * bindings/objc/objc_utility.mm:
-                (KJS::Bindings::JSMethodNameToObjCMethodName):
-                (KJS::Bindings::convertValueToObjcValue):
-                (KJS::Bindings::convertNSStringToString):
-                (KJS::Bindings::convertObjcValueToValue):
-                (KJS::Bindings::objcValueTypeForType):
-                (KJS::Bindings::createObjcInstanceForValue):
-                (KJS::Bindings::throwError):
-                * bindings/runtime.h:
-                (KJS::Bindings::Parameter::~Parameter):
-                (KJS::Bindings::Method::~Method):
-                (KJS::Bindings::Instance::Instance):
-                (KJS::Bindings::Instance::begin):
-                (KJS::Bindings::Instance::end):
-                (KJS::Bindings::Instance::getValueOfUndefinedField):
-                (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
-                (KJS::Bindings::Instance::setValueOfUndefinedField):
-                (KJS::Bindings::Instance::valueOf):
-                * bindings/runtime_array.cpp:
-                (RuntimeArrayImp::put):
-                * bindings/runtime_object.h:
-                (KJS::RuntimeObjectImp::setInternalInstance):
-                (KJS::RuntimeObjectImp::getInternalInstance):
-                * kjs/array_object.cpp:
-                (getProperty):
-                (ArrayProtoFuncImp::callAsFunction):
-                (ArrayObjectImp::construct):
-                * kjs/bool_object.cpp:
-                (BooleanProtoFuncImp::callAsFunction):
-                * kjs/date_object.cpp:
-                (KJS::DateProtoFuncImp::callAsFunction):
-                * kjs/function.cpp:
-                (KJS::decode):
-                (KJS::GlobalFuncImp::callAsFunction):
-                * kjs/function_object.cpp:
-                (FunctionProtoFuncImp::callAsFunction):
-                (FunctionObjectImp::construct):
-                * kjs/internal.cpp:
-                (KJS::UndefinedImp::toObject):
-                (KJS::NullImp::toObject):
-                (KJS::InterpreterImp::evaluate):
-                (KJS::InternalFunctionImp::hasInstance):
-                * kjs/nodes.cpp:
-                (Node::throwError):
-                (substitute):
-                (Node::setExceptionDetailsIfNeeded):
-                (undefinedVariableError):
-                (ProgramNode::ProgramNode):
-                * kjs/number_object.cpp:
-                (NumberProtoFuncImp::callAsFunction):
-                * kjs/object.cpp:
-                (KJS::ObjectImp::call):
-                (KJS::ObjectImp::defaultValue):
-                (KJS::Error::create):
-                (KJS::throwError):
-                * kjs/object.h:
-                (KJS::ObjectImp::clearProperties):
-                (KJS::ObjectImp::getPropertySlot):
-                (KJS::ObjectImp::getOwnPropertySlot):
-                * kjs/object_object.cpp:
-                (ObjectProtoFuncImp::callAsFunction):
-                * kjs/reference.cpp:
-                (KJS::Reference::getBase):
-                (KJS::Reference::getValue):
-                (KJS::Reference::putValue):
-                (KJS::Reference::deleteValue):
-                * kjs/regexp_object.cpp:
-                (RegExpProtoFuncImp::callAsFunction):
-                (RegExpObjectImp::construct):
-                * kjs/string_object.cpp:
-                (StringProtoFuncImp::callAsFunction):
-        
-        2005-08-15  Anders Carlsson  <andersca@mac.com>
-        
-                Reviewed by Darin.
-        
-                * tests/mozilla/ecma_3/Date/15.9.5.5.js:
-                Remove the code which tests that Date.toLocaleString should be parsable
-                by Date.parse. That is not true according to the spec.
-        
-        2005-08-15  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Geoff.
-        
-                * kjs/collector.cpp: (KJS::Collector::allocate): Use a local instead of a global in one
-                more place; slight speedup.
-
-2005-08-15  Andre Boule  <set EMAIL_ADDRESS environment variable>
-
-        Reviewed by me.
-
-        * JavaScriptCore.xcodeproj/project.pbxproj:
-               Added Purple target. Checking in quick before new version - patching is nasty for large changes
-               in project files
-
-2005-08-15  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Missed adding this file when I merged.
-
-        * kjs/grammar_types.h: Added.
-
-2005-08-15  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-08-14  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Maciej.
-        
-                - fixed crash observed on one of the Apple-only layout tests
-        
-                * kjs/property_map.cpp: (KJS::PropertyMap::mark): Change code to understand that deleted
-                entries have a value of NULL, so the deleted sentinel count doesn't need to be included
-                in the count of things to mark since we're ignoring the keys.
-        
-        2005-08-14  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Maciej.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4421
-                  speed up JavaScript by inlining some label stack functions
-        
-                * kjs/internal.h: Removed the copy constructor and assignment operator for LabelStack.
-                They were unused, and the implementations had bugs; I removed them rather than fixing them.
-                Also removed the clear function, since that was only needed to help the assignment operator
-                share code with the destructor, and was not efficient enough for the destructor.
-                (KJS::LabelStack::~LabelStack): Made this inline. Also used an efficient implementation
-                that's nice and fast when the stack is empty, better than the old clear() function which
-                used to keep updating and refetching "tos" each time through the loop.
-                (KJS::LabelStack::pop): Made this inline.
-        
-                * kjs/internal.cpp: Deleted the now-inline functions and the obsolete functions. Also
-                deleted a commented-out line of code.
-        
-        2005-08-14  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Maciej.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4419
-                  speed up JavaScript by improving KJS::List
-        
-                my measurements show an improvement of 1% on iBench JavaScript
-        
-                * kjs/list.cpp: Rearrange list to make the values and free list share the same storage,
-                which saves 4 bytes per list. Also remove the pointers used only on the heap from the
-                lists that are in the pool, which saves 8 bytes per list. Moving the free list pointer
-                closer to the start of the list object also speeds up access to the free list. New
-                "HeapListImp" struct is used only for the lists on the heap.
-                (KJS::List::markProtectedLists): Shadowed global variable in local and updated for the
-                new terminology ("heap" instead of "outside pool").
-                (KJS::allocateListImp): Updated for new terminology.
-                (KJS::List::release): Moved the code from deallocateListImp in here -- it wasn't being
-                inlined and didn't need to be in a separate function.
-        
-        2005-08-14  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Maciej.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4417
-                  speed up JavaScript with some small changes to the property map code
-        
-                my measurements show an improvement of 2% on iBench JavaScript
-        
-                * kjs/property_map.h: (KJS::PropertyMap::PropertyMap): Made the default constructor inline.
-                * kjs/property_map.cpp:
-                (KJS::PropertyMap::~PropertyMap): Changed loop to exit early once we know we've processed
-                all the hash table entries, based on the count.
-                (KJS::PropertyMap::mark): Ditto.
-        
-                * kjs/object.h: Made an arbitrary change here to force recompiling so we pick up changes to
-                property_map.h. Works around what seems to be an Xcode header dependency bug.
-        
-        2005-08-14  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Maciej.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4416
-                  speed up JavaScript with some improvements to the garbage collector
-        
-                my measurements show an improvement of 2% on iBench JavaScript
-        
-                * kjs/collector.cpp:
-                (KJS::Collector::allocate): Use local variables to shadow globals instead of repeatedly
-                going at global variables. Tighten up loop implementations to make the common case fast.
-                (KJS::Collector::markStackObjectsConservatively): Use local variables to shadow globals.
-                Used a goto to eliminate a boolean since it was showing up in the profile.
-                (KJS::Collector::markProtectedObjects): Iterate through the table using pointer rather
-                than an index since the profile showed that generating better code.
-                (KJS::Collector::collect): Added a special case for blocks where all cells are used,
-                Use local variables to shadow globals. Eliminated a boolean by computing it another
-                way (checking to see if the number of live objects changed). Also used local variables
-                to shadow fields in the current cell when sweeping.
-                (KJS::Collector::numReferencedObjects): Use AllocatedValueImp instead of ValueImp
-                in one place -- means we get faster versions of various functions that don't worry
-                about SimpleNumber.
-                (KJS::className): Ditto.
-                (KJS::Collector::rootObjectClasses): Ditto.
-        
-        2005-08-14  Darin Adler  <darin@apple.com>
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4344
-                  REGRESSION: JavaScript crash when going back from viewing a thread (NULL protoype)
-        
-                * kjs/error_object.cpp: (NativeErrorImp::NativeErrorImp): Set proto in a more
-                straightforward way. The old code set the proto to 0 and then to the correct value.
-                This showed up as a "false positive" when searching for places that set prototype
-                to NULL/0 so I fixed it.
-        
-                * kjs/function_object.cpp: (FunctionPrototypeImp::FunctionPrototypeImp): Change to
-                not pass an explicit "0" to the base class (InternalFunctionImp) constructor.
-        
-                * kjs/internal.h: Added a default constructor for InternalFunctionImp.
-                * kjs/internal.cpp: (KJS::InternalFunctionImp::InternalFunctionImp): Added the
-                default constructor (empty body, just calls base class's default constructor).
-        
-                * kjs/object.h:
-                (KJS::ObjectImp::ObjectImp): Add an assertion to catch NULL prototypes earlier
-                in Development builds.
-                (KJS::ObjectImp::setPrototype): Ditto.
-        
-        2005-08-12  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by John.
-        
-            - two simple speed improvements for a 3% speed gain
-            
-                * JavaScriptCore.xcodeproj/project.pbxproj: turn on -fstrict-aliasing
-        
-                * kjs/scope_chain.h:
-                (KJS::ScopeChainIterator::ScopeChainIterator): Add a scope chain iterator
-            so you can walk a scope chain without having to make a copy that you then mutate.
-                (KJS::ScopeChainIterator::operator*): standard iterator operation
-                (KJS::ScopeChainIterator::operator->): ditto
-                (KJS::ScopeChainIterator::operator++): ditto
-                (KJS::ScopeChainIterator::operator==): ditto
-                (KJS::ScopeChainIterator::operator!=): ditto
-                (KJS::ScopeChain::begin): Iterator for the top of the scope chain
-                (KJS::ScopeChain::end): Iterator for one past the bottom (i.e. null)
-                * kjs/nodes.cpp:
-                (ResolveNode::evaluate): Use scope chain iterator instead of copying
-            a scope chain and then modifying the copy
-                (ResolveNode::evaluateReference): ditto
-                (FunctionCallResolveNode::evaluate): ditto
-                (AssignResolveNode::evaluate): ditto
-        
-        2005-08-12  Maciej Stachowiak  <mjs@apple.com>
-        
-                Patch from Anders Carlsson, reviewed by me.
-        
-                * kjs/nodes.h: Fix build breakage.
-        
-        2005-08-12  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by hyatt.
-        
-            - refactor function calls, 3% speedup on JS iBench.
-        
-                * kjs/grammar.y:
-                * kjs/nodes.cpp:
-                (Node::throwError): Added new useful variants.
-                (FunctionCallValueNode::evaluate): New node to handle calls on expressions
-            that are strictly values, not references.
-                (FunctionCallValueNode::ref):  ditto
-                (FunctionCallValueNode::deref): ditto
-                (FunctionCallResolveNode::evaluate): New node to handle calls on identifier
-            expressions, so that they are looked up in the scope chain.
-                (FunctionCallResolveNode::ref): ditto
-                (FunctionCallResolveNode::deref): ditto
-                (FunctionCallBracketNode::evaluate): New node to handle calls on bracket
-            dereferences, so that the expression before brackets is used as the this
-            object.
-                (FunctionCallBracketNode::ref): ditto
-                (FunctionCallBracketNode::deref): ditto
-                (FunctionCallDotNode::evaluate): New node to handle calls on dot
-            dereferences, so that the expression before the dot is used as the this
-            object.
-                (FunctionCallDotNode::ref): ditto
-                (FunctionCallDotNode::deref): ditto
-                (dotExprNotAnObjectString): helper function to avoid global variable access.
-                (dotExprDoesNotAllowCallsString): ditto
-                * kjs/nodes.h: Declared new classes.
-                * kjs/nodes2string.cpp:
-                (FunctionCallValueNode::streamTo): Added - serializes the appropriate function call
-                (FunctionCallResolveNode::streamTo): ditto
-                (FunctionCallBracketNode::streamTo): ditto
-                (FunctionCallParenBracketNode::streamTo): ditto
-                (FunctionCallDotNode::streamTo): ditto
-                (FunctionCallParenDotNode::streamTo): ditto
-                * kjs/object.h:
-                (KJS::ObjectImp::isActivation): Change how activation objects are
-            detected in the scope chain, a virtual function is cheaper than the
-            old inheritance test.
-                * kjs/function.h:
-                (KJS::ActivationImp::isActivation): Ditto.
-        
-        2005-08-11  Maciej Stachowiak  <mjs@apple.com>
-        
-                - added missing file from earlier checkin
-        
-                * kjs/grammar_types.h: Added.
-                (KJS::makeNodePair):
-                (KJS::makeNodeWithIdent):
-        
-        2005-08-11  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by Geoff.
-        
-                * kjs/date_object.cpp:
-                (timetUsingCF): Fix one of the date tests my making the CF version of mktime
-            have the same quirk about the DST field as the real mktime.
-                * tests/mozilla/expected.html: Updated for newly fixed test.
-        
-        2005-08-11  Maciej Stachowiak  <mjs@apple.com>
-        
-                - updated for one of the tests that Darin incidentally fixed.
-        
-                * tests/mozilla/expected.html:
-        
-        2005-08-10  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by Geoff.
-        
-            Refactor assignment grammar to avoid Reference type, and to later
-            be able to take advantage of writeable PropertySlots, when those
-            are added. I also fixed a minor bug, turning a function to a
-            string lost parentheses, I made sure they are printed at least
-            where semantically significant.
-            
-            Test cases: see WebCore
-            
-                * kjs/grammar.y: Change grammar so that assignment expressions are parsed
-            directly to nodes that know how to set the kind of location being assigned, instead
-            of having a generic assign node that counts on evaluateReference.
-                * kjs/lexer.cpp: Include grammar_types.h.
-                * kjs/nodes.cpp:
-                (BracketAccessorNode): Renamed from AccessorNode1 for clarity.
-                (DotAccessorNode): Renamed from AccessorNode2 for clarity.
-                (combineForAssignment): Inline function for doing the proper kind of
-            operation for various update assignments like += or *=.
-                (AssignResolveNode): Node that handles assignment to a bare identifier.
-                (AssignDotNode): Node that handles assignments of the form EXPR . IDENT = EXPR
-                (AssignBracketNode): EXPR [ IDENT ] = EXPR
-                * kjs/nodes.h: Updated for declarations/renames of new classes.
-                * kjs/nodes2string.cpp:
-                (GroupNode::streamTo): Fixed to print parens around the expression.
-                (BracketAccessorNode::streamTo): Renamed.
-                (DotAccessorNode::streamTo): Renamed.
-                (AssignResolveNode::streamTo): Added.
-                (AssignBracketNode::streamTo): Added.
-                (AssignDotNode::streamTo): Added.
-                (streamAssignmentOperatorTo): helper function for the above
-                * kjs/property_slot.h:
-                (KJS::PropertySlot::isSet): Made this const.
-        
-        2005-08-10  Adele Peterson  <adele@apple.com>
-        
-                Bumping version to 420+
-        
-                * Info.plist:
-        
-        2005-08-10  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed <rdar://problem/4151132> REGRESSION: Some applet liveconnect calls 
-                throws privilege exception.
-                
-                Reviewed by richard and mjs.
-        
-                -I removed the global static JavaClass cache, since it violated Java
-                security to cache classes between websites and applets.
-                
-                * bindings/jni/jni_class.cpp: 
-                    -removed global static cache dictionary
-                    -instance constructor and destructor now do the work that used to 
-                    be done by static factory methods
-                    -removed obsolete functions
-                (JavaClass::JavaClass):
-                (JavaClass::~JavaClass):
-                * bindings/jni/jni_class.h:
-                    -removed obsolete function declarations
-                    -made copying private since it's unused and it's also not clear
-                    excatly how copying would work with Java security
-                    -made default construction private since it's meaningless
-                * bindings/jni/jni_instance.cpp:
-                    -removed obsolete functions
-                (JavaInstance::~JavaInstance):
-                (JavaInstance::getClass):
-                * bindings/jni/jni_instance.h:
-                   -made copying private since it's unused and it's also not clear
-                    excatly how copying would work with Java security
-                    -made default construction private since it's meaningless
-
-2005-08-10  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-08-08  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed crash caused by fix for http://bugzilla.opendarwin.org/show_bug.cgi?id=4313
-                
-                - exceptionDescription now gets explicitly initialized to NULL in all
-                the places listed below -- our wrapper classes used to take care of this 
-                automagically
-                
-                * bindings/jni/jni_instance.cpp:
-                (JavaInstance::invokeMethod):
-                * bindings/jni/jni_runtime.cpp:
-                (JavaField::dispatchValueFromInstance):
-                (JavaField::dispatchSetValueToInstance):
-        
-        2005-08-08  Darin Adler  <darin@apple.com>
-        
-                - forgot to delete an obsolete file
-        
-                * kjs/object_wrapper.h: Deleted.
-
-2005-08-08  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-08-07  Darin Adler  <darin@apple.com>
-        
-                - fixed two problems compiling with gcc 4.0
-        
-                * kjs/array_object.cpp: (ArrayProtoFuncImp::callAsFunction): Initialized a
-                variable to quiet an erroneous warning.
-                * kjs/date_object.cpp: (KJS::makeTime): Removed extraneous KJS:: prefix.
-        
-        2005-08-07  Darin Adler  <darin@apple.com>
-        
-                Rubber stamped by Maciej.
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4313
-                  eliminate KJS::Value and KJS::Object smart pointer wrappers (for simplicity and speed)
-        
-                * JavaScriptCore.xcodeproj/project.pbxproj: Removed object_wrapper.h.
-        
-                Global replaces and other wonderful stuff.
-        
-                * bindings/NP_jsobject.cpp:
-                (_NPN_Invoke):
-                (_NPN_Evaluate):
-                (_NPN_GetProperty):
-                (_NPN_SetProperty):
-                (_NPN_HasMethod):
-                (_NPN_SetException):
-                * bindings/c/c_instance.cpp:
-                (KJS::Bindings::CInstance::CInstance):
-                (KJS::Bindings::CInstance::invokeMethod):
-                (KJS::Bindings::CInstance::invokeDefaultMethod):
-                (KJS::Bindings::CInstance::defaultValue):
-                (KJS::Bindings::CInstance::stringValue):
-                (KJS::Bindings::CInstance::numberValue):
-                (KJS::Bindings::CInstance::booleanValue):
-                (KJS::Bindings::CInstance::valueOf):
-                * bindings/c/c_instance.h:
-                * bindings/c/c_runtime.cpp:
-                (CField::valueFromInstance):
-                (CField::setValueToInstance):
-                * bindings/c/c_runtime.h:
-                * bindings/c/c_utility.cpp:
-                (convertNPStringToUTF16):
-                (convertUTF8ToUTF16):
-                (coerceValueToNPVariantStringType):
-                (convertValueToNPVariant):
-                (convertNPVariantToValue):
-                * bindings/c/c_utility.h:
-                * bindings/jni/jni_instance.cpp:
-                (JavaInstance::stringValue):
-                (JavaInstance::numberValue):
-                (JavaInstance::booleanValue):
-                (JavaInstance::invokeMethod):
-                (JavaInstance::invokeDefaultMethod):
-                (JavaInstance::defaultValue):
-                (JavaInstance::valueOf):
-                * bindings/jni/jni_instance.h:
-                * bindings/jni/jni_jsobject.cpp:
-                (JSObject::invoke):
-                (JSObject::call):
-                (JSObject::eval):
-                (JSObject::getMember):
-                (JSObject::getSlot):
-                (JSObject::toString):
-                (JSObject::convertValueToJObject):
-                (JSObject::convertJObjectToValue):
-                (JSObject::listFromJArray):
-                * bindings/jni/jni_jsobject.h:
-                * bindings/jni/jni_objc.mm:
-                (KJS::Bindings::dispatchJNICall):
-                * bindings/jni/jni_runtime.cpp:
-                (JavaArray::convertJObjectToArray):
-                (JavaField::dispatchValueFromInstance):
-                (JavaField::valueFromInstance):
-                (JavaField::dispatchSetValueToInstance):
-                (JavaField::setValueToInstance):
-                (JavaArray::setValueAt):
-                (JavaArray::valueAt):
-                * bindings/jni/jni_runtime.h:
-                (KJS::Bindings::JavaString::ustring):
-                * bindings/jni/jni_utility.cpp:
-                (KJS::Bindings::getJavaVM):
-                (KJS::Bindings::getJNIEnv):
-                (KJS::Bindings::getMethodID):
-                (KJS::Bindings::callJNIVoidMethod):
-                (KJS::Bindings::callJNIObjectMethod):
-                (KJS::Bindings::callJNIBooleanMethod):
-                (KJS::Bindings::callJNIStaticBooleanMethod):
-                (KJS::Bindings::callJNIByteMethod):
-                (KJS::Bindings::callJNICharMethod):
-                (KJS::Bindings::callJNIShortMethod):
-                (KJS::Bindings::callJNIIntMethod):
-                (KJS::Bindings::callJNILongMethod):
-                (KJS::Bindings::callJNIFloatMethod):
-                (KJS::Bindings::callJNIDoubleMethod):
-                (KJS::Bindings::callJNIVoidMethodA):
-                (KJS::Bindings::callJNIObjectMethodA):
-                (KJS::Bindings::callJNIByteMethodA):
-                (KJS::Bindings::callJNICharMethodA):
-                (KJS::Bindings::callJNIShortMethodA):
-                (KJS::Bindings::callJNIIntMethodA):
-                (KJS::Bindings::callJNILongMethodA):
-                (KJS::Bindings::callJNIFloatMethodA):
-                (KJS::Bindings::callJNIDoubleMethodA):
-                (KJS::Bindings::callJNIBooleanMethodA):
-                (KJS::Bindings::callJNIVoidMethodIDA):
-                (KJS::Bindings::callJNIObjectMethodIDA):
-                (KJS::Bindings::callJNIByteMethodIDA):
-                (KJS::Bindings::callJNICharMethodIDA):
-                (KJS::Bindings::callJNIShortMethodIDA):
-                (KJS::Bindings::callJNIIntMethodIDA):
-                (KJS::Bindings::callJNILongMethodIDA):
-                (KJS::Bindings::callJNIFloatMethodIDA):
-                (KJS::Bindings::callJNIDoubleMethodIDA):
-                (KJS::Bindings::callJNIBooleanMethodIDA):
-                (KJS::Bindings::getCharactersFromJString):
-                (KJS::Bindings::releaseCharactersForJString):
-                (KJS::Bindings::getCharactersFromJStringInEnv):
-                (KJS::Bindings::releaseCharactersForJStringInEnv):
-                (KJS::Bindings::getUCharactersFromJStringInEnv):
-                (KJS::Bindings::releaseUCharactersForJStringInEnv):
-                (KJS::Bindings::JNITypeFromClassName):
-                (KJS::Bindings::signatureFromPrimitiveType):
-                (KJS::Bindings::JNITypeFromPrimitiveType):
-                (KJS::Bindings::getJNIField):
-                (KJS::Bindings::convertValueToJValue):
-                * bindings/jni/jni_utility.h:
-                * bindings/objc/WebScriptObject.mm:
-                (_didExecute):
-                (-[WebScriptObject _initializeWithObjectImp:originExecutionContext:Bindings::executionContext:Bindings::]):
-                (-[WebScriptObject _initWithObjectImp:originExecutionContext:Bindings::executionContext:Bindings::]):
-                (-[WebScriptObject _imp]):
-                (-[WebScriptObject _executionContext]):
-                (-[WebScriptObject _setExecutionContext:]):
-                (-[WebScriptObject _originExecutionContext]):
-                (-[WebScriptObject _setOriginExecutionContext:]):
-                (+[WebScriptObject throwException:]):
-                (listFromNSArray):
-                (-[WebScriptObject callWebScriptMethod:withArguments:]):
-                (-[WebScriptObject evaluateWebScript:]):
-                (-[WebScriptObject setValue:forKey:]):
-                (-[WebScriptObject valueForKey:]):
-                (-[WebScriptObject removeWebScriptKey:]):
-                (-[WebScriptObject stringRepresentation]):
-                (-[WebScriptObject webScriptValueAtIndex:]):
-                (-[WebScriptObject setException:]):
-                (+[WebScriptObject _convertValueToObjcValue:originExecutionContext:executionContext:Bindings::]):
-                * bindings/objc/WebScriptObjectPrivate.h:
-                * bindings/objc/objc_class.h:
-                * bindings/objc/objc_class.mm:
-                (KJS::Bindings::ObjcClass::fallbackObject):
-                * bindings/objc/objc_instance.h:
-                * bindings/objc/objc_instance.mm:
-                (ObjcInstance::invokeMethod):
-                (ObjcInstance::invokeDefaultMethod):
-                (ObjcInstance::setValueOfField):
-                (ObjcInstance::setValueOfUndefinedField):
-                (ObjcInstance::getValueOfField):
-                (ObjcInstance::getValueOfUndefinedField):
-                (ObjcInstance::defaultValue):
-                (ObjcInstance::stringValue):
-                (ObjcInstance::numberValue):
-                (ObjcInstance::booleanValue):
-                (ObjcInstance::valueOf):
-                * bindings/objc/objc_runtime.h:
-                * bindings/objc/objc_runtime.mm:
-                (ObjcField::valueFromInstance):
-                (convertValueToObjcObject):
-                (ObjcField::setValueToInstance):
-                (ObjcArray::setValueAt):
-                (ObjcArray::valueAt):
-                (ObjcFallbackObjectImp::put):
-                (ObjcFallbackObjectImp::callAsFunction):
-                (ObjcFallbackObjectImp::defaultValue):
-                * bindings/objc/objc_utility.h:
-                * bindings/objc/objc_utility.mm:
-                (Bindings::JSMethodNameToObjCMethodName):
-                (Bindings::convertValueToObjcValue):
-                (Bindings::convertNSStringToString):
-                (Bindings::convertObjcValueToValue):
-                (Bindings::objcValueTypeForType):
-                (Bindings::createObjcInstanceForValue):
-                * bindings/runtime.cpp:
-                (Instance::getValueOfField):
-                (Instance::setValueOfField):
-                (Instance::createRuntimeObject):
-                (Instance::createLanguageInstanceForValue):
-                * bindings/runtime.h:
-                (KJS::Bindings::Constructor::~Constructor):
-                (KJS::Bindings::Field::~Field):
-                (KJS::Bindings::MethodList::MethodList):
-                (KJS::Bindings::Class::fallbackObject):
-                (KJS::Bindings::Class::~Class):
-                (KJS::Bindings::Instance::Instance):
-                (KJS::Bindings::Instance::getValueOfUndefinedField):
-                (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
-                (KJS::Bindings::Instance::setValueOfUndefinedField):
-                (KJS::Bindings::Instance::valueOf):
-                (KJS::Bindings::Instance::setExecutionContext):
-                (KJS::Bindings::Instance::~Instance):
-                (KJS::Bindings::Array::~Array):
-                * bindings/runtime_array.cpp:
-                (RuntimeArrayImp::RuntimeArrayImp):
-                (RuntimeArrayImp::lengthGetter):
-                (RuntimeArrayImp::indexGetter):
-                (RuntimeArrayImp::put):
-                * bindings/runtime_array.h:
-                * bindings/runtime_method.cpp:
-                (RuntimeMethodImp::lengthGetter):
-                (RuntimeMethodImp::callAsFunction):
-                * bindings/runtime_method.h:
-                * bindings/runtime_object.cpp:
-                (RuntimeObjectImp::fallbackObjectGetter):
-                (RuntimeObjectImp::fieldGetter):
-                (RuntimeObjectImp::methodGetter):
-                (RuntimeObjectImp::getOwnPropertySlot):
-                (RuntimeObjectImp::put):
-                (RuntimeObjectImp::defaultValue):
-                (RuntimeObjectImp::callAsFunction):
-                * bindings/runtime_object.h:
-                * kjs/array_instance.h:
-                * kjs/array_object.cpp:
-                (ArrayInstanceImp::ArrayInstanceImp):
-                (ArrayInstanceImp::lengthGetter):
-                (ArrayInstanceImp::getOwnPropertySlot):
-                (ArrayInstanceImp::put):
-                (ArrayInstanceImp::propList):
-                (ArrayInstanceImp::setLength):
-                (compareByStringForQSort):
-                (compareWithCompareFunctionForQSort):
-                (ArrayInstanceImp::sort):
-                (ArrayInstanceImp::pushUndefinedObjectsToEnd):
-                (ArrayPrototypeImp::ArrayPrototypeImp):
-                (ArrayProtoFuncImp::ArrayProtoFuncImp):
-                (ArrayProtoFuncImp::callAsFunction):
-                (ArrayObjectImp::ArrayObjectImp):
-                (ArrayObjectImp::construct):
-                (ArrayObjectImp::callAsFunction):
-                * kjs/array_object.h:
-                * kjs/bool_object.cpp:
-                (BooleanPrototypeImp::BooleanPrototypeImp):
-                (BooleanProtoFuncImp::BooleanProtoFuncImp):
-                (BooleanProtoFuncImp::callAsFunction):
-                (BooleanObjectImp::BooleanObjectImp):
-                (BooleanObjectImp::construct):
-                (BooleanObjectImp::callAsFunction):
-                * kjs/bool_object.h:
-                * kjs/collector.cpp:
-                (KJS::Collector::markStackObjectsConservatively):
-                (KJS::Collector::collect):
-                (KJS::className):
-                * kjs/completion.h:
-                (KJS::Completion::Completion):
-                (KJS::Completion::value):
-                (KJS::Completion::isValueCompletion):
-                * kjs/context.h:
-                (KJS::ContextImp::variableObject):
-                (KJS::ContextImp::setVariableObject):
-                (KJS::ContextImp::thisValue):
-                (KJS::ContextImp::activationObject):
-                (KJS::ContextImp::pushScope):
-                * kjs/date_object.cpp:
-                (formatLocaleDate):
-                (KJS::timeFromArgs):
-                (KJS::DatePrototypeImp::DatePrototypeImp):
-                (KJS::DateProtoFuncImp::DateProtoFuncImp):
-                (KJS::DateProtoFuncImp::callAsFunction):
-                (KJS::DateObjectImp::DateObjectImp):
-                (KJS::DateObjectImp::construct):
-                (KJS::DateObjectImp::callAsFunction):
-                (KJS::DateObjectFuncImp::DateObjectFuncImp):
-                (KJS::DateObjectFuncImp::callAsFunction):
-                (KJS::parseDate):
-                (KJS::KRFCDate_parseDate):
-                (KJS::timeClip):
-                * kjs/date_object.h:
-                * kjs/debugger.cpp:
-                (Debugger::exception):
-                (Debugger::callEvent):
-                (Debugger::returnEvent):
-                * kjs/debugger.h:
-                * kjs/error_object.cpp:
-                (ErrorPrototypeImp::ErrorPrototypeImp):
-                (ErrorProtoFuncImp::ErrorProtoFuncImp):
-                (ErrorProtoFuncImp::callAsFunction):
-                (ErrorObjectImp::ErrorObjectImp):
-                (ErrorObjectImp::construct):
-                (ErrorObjectImp::callAsFunction):
-                (NativeErrorPrototypeImp::NativeErrorPrototypeImp):
-                (NativeErrorImp::NativeErrorImp):
-                (NativeErrorImp::construct):
-                (NativeErrorImp::callAsFunction):
-                * kjs/error_object.h:
-                * kjs/function.cpp:
-                (KJS::FunctionImp::FunctionImp):
-                (KJS::FunctionImp::callAsFunction):
-                (KJS::FunctionImp::processParameters):
-                (KJS::FunctionImp::argumentsGetter):
-                (KJS::FunctionImp::lengthGetter):
-                (KJS::FunctionImp::put):
-                (KJS::DeclaredFunctionImp::DeclaredFunctionImp):
-                (KJS::DeclaredFunctionImp::construct):
-                (KJS::ArgumentsImp::ArgumentsImp):
-                (KJS::ArgumentsImp::mappedIndexGetter):
-                (KJS::ArgumentsImp::put):
-                (KJS::ActivationImp::argumentsGetter):
-                (KJS::GlobalFuncImp::GlobalFuncImp):
-                (KJS::encode):
-                (KJS::decode):
-                (KJS::GlobalFuncImp::callAsFunction):
-                * kjs/function.h:
-                * kjs/function_object.cpp:
-                (FunctionPrototypeImp::FunctionPrototypeImp):
-                (FunctionPrototypeImp::callAsFunction):
-                (FunctionProtoFuncImp::FunctionProtoFuncImp):
-                (FunctionProtoFuncImp::callAsFunction):
-                (FunctionObjectImp::FunctionObjectImp):
-                (FunctionObjectImp::construct):
-                (FunctionObjectImp::callAsFunction):
-                * kjs/function_object.h:
-                * kjs/internal.cpp:
-                (KJS::UndefinedImp::toPrimitive):
-                (KJS::UndefinedImp::toObject):
-                (KJS::NullImp::toPrimitive):
-                (KJS::NullImp::toObject):
-                (KJS::BooleanImp::toPrimitive):
-                (KJS::BooleanImp::toObject):
-                (KJS::StringImp::toPrimitive):
-                (KJS::StringImp::toObject):
-                (KJS::NumberImp::toPrimitive):
-                (KJS::NumberImp::toObject):
-                (KJS::NumberImp::getUInt32):
-                (KJS::LabelStack::push):
-                (KJS::ContextImp::ContextImp):
-                (KJS::InterpreterImp::globalInit):
-                (KJS::InterpreterImp::globalClear):
-                (KJS::InterpreterImp::InterpreterImp):
-                (KJS::InterpreterImp::initGlobalObject):
-                (KJS::InterpreterImp::clear):
-                (KJS::InterpreterImp::mark):
-                (KJS::InterpreterImp::evaluate):
-                (KJS::InternalFunctionImp::hasInstance):
-                (KJS::roundValue):
-                (KJS::printInfo):
-                * kjs/internal.h:
-                (KJS::InterpreterImp::builtinObject):
-                (KJS::InterpreterImp::builtinFunction):
-                (KJS::InterpreterImp::builtinArray):
-                (KJS::InterpreterImp::builtinBoolean):
-                (KJS::InterpreterImp::builtinString):
-                (KJS::InterpreterImp::builtinNumber):
-                (KJS::InterpreterImp::builtinDate):
-                (KJS::InterpreterImp::builtinRegExp):
-                (KJS::InterpreterImp::builtinError):
-                (KJS::InterpreterImp::builtinObjectPrototype):
-                (KJS::InterpreterImp::builtinFunctionPrototype):
-                (KJS::InterpreterImp::builtinArrayPrototype):
-                (KJS::InterpreterImp::builtinBooleanPrototype):
-                (KJS::InterpreterImp::builtinStringPrototype):
-                (KJS::InterpreterImp::builtinNumberPrototype):
-                (KJS::InterpreterImp::builtinDatePrototype):
-                (KJS::InterpreterImp::builtinRegExpPrototype):
-                (KJS::InterpreterImp::builtinErrorPrototype):
-                (KJS::InterpreterImp::builtinEvalError):
-                (KJS::InterpreterImp::builtinRangeError):
-                (KJS::InterpreterImp::builtinReferenceError):
-                (KJS::InterpreterImp::builtinSyntaxError):
-                (KJS::InterpreterImp::builtinTypeError):
-                (KJS::InterpreterImp::builtinURIError):
-                (KJS::InterpreterImp::builtinEvalErrorPrototype):
-                (KJS::InterpreterImp::builtinRangeErrorPrototype):
-                (KJS::InterpreterImp::builtinReferenceErrorPrototype):
-                (KJS::InterpreterImp::builtinSyntaxErrorPrototype):
-                (KJS::InterpreterImp::builtinTypeErrorPrototype):
-                (KJS::InterpreterImp::builtinURIErrorPrototype):
-                * kjs/interpreter.cpp:
-                (Context::variableObject):
-                (Context::thisValue):
-                (Interpreter::Interpreter):
-                (Interpreter::globalObject):
-                (Interpreter::evaluate):
-                (Interpreter::builtinObject):
-                (Interpreter::builtinFunction):
-                (Interpreter::builtinArray):
-                (Interpreter::builtinBoolean):
-                (Interpreter::builtinString):
-                (Interpreter::builtinNumber):
-                (Interpreter::builtinDate):
-                (Interpreter::builtinRegExp):
-                (Interpreter::builtinError):
-                (Interpreter::builtinObjectPrototype):
-                (Interpreter::builtinFunctionPrototype):
-                (Interpreter::builtinArrayPrototype):
-                (Interpreter::builtinBooleanPrototype):
-                (Interpreter::builtinStringPrototype):
-                (Interpreter::builtinNumberPrototype):
-                (Interpreter::builtinDatePrototype):
-                (Interpreter::builtinRegExpPrototype):
-                (Interpreter::builtinErrorPrototype):
-                (Interpreter::builtinEvalError):
-                (Interpreter::builtinRangeError):
-                (Interpreter::builtinReferenceError):
-                (Interpreter::builtinSyntaxError):
-                (Interpreter::builtinTypeError):
-                (Interpreter::builtinURIError):
-                (Interpreter::builtinEvalErrorPrototype):
-                (Interpreter::builtinRangeErrorPrototype):
-                (Interpreter::builtinReferenceErrorPrototype):
-                (Interpreter::builtinSyntaxErrorPrototype):
-                (Interpreter::builtinTypeErrorPrototype):
-                (Interpreter::builtinURIErrorPrototype):
-                (Interpreter::createLanguageInstanceForValue):
-                * kjs/interpreter.h:
-                (KJS::Interpreter::isGlobalObject):
-                (KJS::ExecState::setException):
-                (KJS::ExecState::clearException):
-                (KJS::ExecState::exception):
-                (KJS::ExecState::hadException):
-                (KJS::ExecState::ExecState):
-                * kjs/list.cpp:
-                (KJS::List::at):
-                * kjs/list.h:
-                (KJS::List::operator[]):
-                (KJS::ListIterator::operator->):
-                (KJS::ListIterator::operator*):
-                (KJS::ListIterator::operator++):
-                (KJS::ListIterator::operator--):
-                * kjs/lookup.h:
-                (KJS::staticFunctionGetter):
-                (KJS::staticValueGetter):
-                (KJS::lookupPut):
-                (KJS::cacheGlobalObject):
-                * kjs/math_object.cpp:
-                (MathObjectImp::getValueProperty):
-                (MathFuncImp::MathFuncImp):
-                (MathFuncImp::callAsFunction):
-                * kjs/math_object.h:
-                * kjs/nodes.cpp:
-                (Node::evaluateReference):
-                (Node::throwError):
-                (Node::setExceptionDetailsIfNeeded):
-                (NullNode::evaluate):
-                (BooleanNode::evaluate):
-                (NumberNode::evaluate):
-                (StringNode::evaluate):
-                (RegExpNode::evaluate):
-                (ThisNode::evaluate):
-                (ResolveNode::evaluate):
-                (ResolveNode::evaluateReference):
-                (GroupNode::evaluate):
-                (ElementNode::evaluate):
-                (ArrayNode::evaluate):
-                (ObjectLiteralNode::evaluate):
-                (PropertyValueNode::evaluate):
-                (PropertyNode::evaluate):
-                (AccessorNode1::evaluate):
-                (AccessorNode1::evaluateReference):
-                (AccessorNode2::evaluate):
-                (AccessorNode2::evaluateReference):
-                (ArgumentListNode::evaluate):
-                (ArgumentListNode::evaluateList):
-                (ArgumentsNode::evaluate):
-                (NewExprNode::evaluate):
-                (FunctionCallNode::evaluate):
-                (PostfixNode::evaluate):
-                (DeleteNode::evaluate):
-                (VoidNode::evaluate):
-                (TypeOfNode::evaluate):
-                (PrefixNode::evaluate):
-                (UnaryPlusNode::evaluate):
-                (NegateNode::evaluate):
-                (BitwiseNotNode::evaluate):
-                (LogicalNotNode::evaluate):
-                (MultNode::evaluate):
-                (AddNode::evaluate):
-                (ShiftNode::evaluate):
-                (RelationalNode::evaluate):
-                (EqualNode::evaluate):
-                (BitOperNode::evaluate):
-                (BinaryLogicalNode::evaluate):
-                (ConditionalNode::evaluate):
-                (AssignNode::evaluate):
-                (CommaNode::evaluate):
-                (StatListNode::execute):
-                (AssignExprNode::evaluate):
-                (VarDeclNode::evaluate):
-                (VarDeclNode::processVarDecls):
-                (VarDeclListNode::evaluate):
-                (ExprStatementNode::execute):
-                (IfNode::execute):
-                (DoWhileNode::execute):
-                (WhileNode::execute):
-                (ForNode::execute):
-                (ForInNode::execute):
-                (ContinueNode::execute):
-                (BreakNode::execute):
-                (ReturnNode::execute):
-                (WithNode::execute):
-                (CaseClauseNode::evaluate):
-                (ClauseListNode::evaluate):
-                (CaseBlockNode::evaluate):
-                (CaseBlockNode::evalBlock):
-                (SwitchNode::execute):
-                (ThrowNode::execute):
-                (CatchNode::execute):
-                (TryNode::execute):
-                (ParameterNode::evaluate):
-                (FuncDeclNode::processFuncDecl):
-                (FuncExprNode::evaluate):
-                (SourceElementsNode::execute):
-                * kjs/nodes.h:
-                (KJS::StatementNode::evaluate):
-                * kjs/number_object.cpp:
-                (NumberPrototypeImp::NumberPrototypeImp):
-                (NumberProtoFuncImp::NumberProtoFuncImp):
-                (NumberProtoFuncImp::callAsFunction):
-                (NumberObjectImp::NumberObjectImp):
-                (NumberObjectImp::getValueProperty):
-                (NumberObjectImp::construct):
-                (NumberObjectImp::callAsFunction):
-                * kjs/number_object.h:
-                * kjs/object.cpp:
-                (KJS::ObjectImp::call):
-                (KJS::ObjectImp::mark):
-                (KJS::ObjectImp::classInfo):
-                (KJS::ObjectImp::get):
-                (KJS::ObjectImp::getProperty):
-                (KJS::ObjectImp::getPropertySlot):
-                (KJS::ObjectImp::put):
-                (KJS::ObjectImp::hasOwnProperty):
-                (KJS::ObjectImp::defaultValue):
-                (KJS::ObjectImp::findPropertyHashEntry):
-                (KJS::ObjectImp::construct):
-                (KJS::ObjectImp::callAsFunction):
-                (KJS::ObjectImp::hasInstance):
-                (KJS::ObjectImp::propList):
-                (KJS::ObjectImp::toPrimitive):
-                (KJS::ObjectImp::toNumber):
-                (KJS::ObjectImp::toString):
-                (KJS::ObjectImp::toObject):
-                (KJS::ObjectImp::putDirect):
-                (KJS::Error::create):
-                (KJS::error):
-                * kjs/object.h:
-                (KJS::):
-                (KJS::ObjectImp::getPropertySlot):
-                (KJS::AllocatedValueImp::isObject):
-                (KJS::ObjectImp::ObjectImp):
-                (KJS::ObjectImp::internalValue):
-                (KJS::ObjectImp::setInternalValue):
-                (KJS::ObjectImp::prototype):
-                (KJS::ObjectImp::setPrototype):
-                (KJS::ObjectImp::inherits):
-                * kjs/object_object.cpp:
-                (ObjectPrototypeImp::ObjectPrototypeImp):
-                (ObjectProtoFuncImp::ObjectProtoFuncImp):
-                (ObjectProtoFuncImp::callAsFunction):
-                (ObjectObjectImp::ObjectObjectImp):
-                (ObjectObjectImp::construct):
-                (ObjectObjectImp::callAsFunction):
-                * kjs/object_object.h:
-                * kjs/operations.cpp:
-                (KJS::equal):
-                (KJS::strictEqual):
-                (KJS::relation):
-                (KJS::add):
-                (KJS::mult):
-                * kjs/operations.h:
-                * kjs/property_map.cpp:
-                (KJS::PropertyMap::mark):
-                (KJS::PropertyMap::addEnumerablesToReferenceList):
-                (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList):
-                (KJS::PropertyMap::save):
-                (KJS::PropertyMap::restore):
-                * kjs/property_map.h:
-                * kjs/property_slot.cpp:
-                (KJS::PropertySlot::undefinedGetter):
-                * kjs/property_slot.h:
-                (KJS::PropertySlot::getValue):
-                * kjs/protect.h:
-                (KJS::gcUnprotectNullTolerant):
-                (KJS::ProtectedValue::ProtectedValue):
-                (KJS::ProtectedValue::~ProtectedValue):
-                (KJS::ProtectedValue::operator=):
-                (KJS::ProtectedValue::operator ValueImp *):
-                (KJS::ProtectedValue::operator->):
-                * kjs/protected_object.h:
-                (KJS::ProtectedObject::ProtectedObject):
-                (KJS::ProtectedObject::operator=):
-                (KJS::ProtectedObject::operator ValueImp *):
-                (KJS::ProtectedObject::operator ObjectImp *):
-                (KJS::ProtectedObject::operator->):
-                (KJS::ProtectedReference::ProtectedReference):
-                (KJS::ProtectedReference::~ProtectedReference):
-                (KJS::ProtectedReference::operator=):
-                * kjs/protected_values.cpp:
-                (KJS::ProtectedValues::getProtectCount):
-                (KJS::ProtectedValues::increaseProtectCount):
-                (KJS::ProtectedValues::insert):
-                (KJS::ProtectedValues::decreaseProtectCount):
-                * kjs/protected_values.h:
-                * kjs/reference.cpp:
-                (KJS::Reference::Reference):
-                (KJS::Reference::makeValueReference):
-                (KJS::Reference::getBase):
-                (KJS::Reference::getValue):
-                (KJS::Reference::putValue):
-                (KJS::Reference::deleteValue):
-                * kjs/reference.h:
-                (KJS::Reference::baseIfMutable):
-                * kjs/regexp_object.cpp:
-                (RegExpPrototypeImp::RegExpPrototypeImp):
-                (RegExpProtoFuncImp::RegExpProtoFuncImp):
-                (RegExpProtoFuncImp::callAsFunction):
-                (RegExpObjectImp::RegExpObjectImp):
-                (RegExpObjectImp::arrayOfMatches):
-                (RegExpObjectImp::backrefGetter):
-                (RegExpObjectImp::construct):
-                (RegExpObjectImp::callAsFunction):
-                * kjs/regexp_object.h:
-                * kjs/string_object.cpp:
-                (StringInstanceImp::lengthGetter):
-                (StringInstanceImp::indexGetter):
-                (StringInstanceImp::getOwnPropertySlot):
-                (StringInstanceImp::put):
-                (StringPrototypeImp::StringPrototypeImp):
-                (StringProtoFuncImp::StringProtoFuncImp):
-                (regExpIsGlobal):
-                (replace):
-                (StringProtoFuncImp::callAsFunction):
-                (StringObjectImp::StringObjectImp):
-                (StringObjectImp::construct):
-                (StringObjectImp::callAsFunction):
-                (StringObjectFuncImp::StringObjectFuncImp):
-                (StringObjectFuncImp::callAsFunction):
-                * kjs/string_object.h:
-                * kjs/testkjs.cpp:
-                (TestFunctionImp::callAsFunction):
-                (VersionFunctionImp::callAsFunction):
-                (main):
-                * kjs/value.cpp:
-                (KJS::AllocatedValueImp::operator new):
-                (KJS::AllocatedValueImp::getUInt32):
-                (KJS::ValueImp::toInteger):
-                (KJS::ValueImp::toInt32):
-                (KJS::ValueImp::toUInt32):
-                (KJS::ValueImp::toUInt16):
-                (KJS::ValueImp::toObject):
-                (KJS::AllocatedValueImp::getBoolean):
-                (KJS::AllocatedValueImp::getNumber):
-                (KJS::AllocatedValueImp::getString):
-                (KJS::AllocatedValueImp::getObject):
-                (KJS::jsString):
-                (KJS::jsNumber):
-                (KJS::ConstantValues::init):
-                (KJS::ConstantValues::clear):
-                (KJS::ConstantValues::mark):
-                * kjs/value.h:
-                (KJS::):
-                (KJS::jsUndefined):
-                (KJS::jsNull):
-                (KJS::jsBoolean):
-                (KJS::jsNaN):
-                (KJS::ValueImp::ValueImp):
-                (KJS::ValueImp::~ValueImp):
-                (KJS::AllocatedValueImp::AllocatedValueImp):
-                (KJS::AllocatedValueImp::~AllocatedValueImp):
-                (KJS::AllocatedValueImp::isBoolean):
-                (KJS::AllocatedValueImp::isNumber):
-                (KJS::AllocatedValueImp::isString):
-                (KJS::AllocatedValueImp::isObject):
-                (KJS::AllocatedValueImp::marked):
-                (KJS::AllocatedValueImp::mark):
-                (KJS::ValueImp::downcast):
-                (KJS::ValueImp::isUndefined):
-                (KJS::ValueImp::isNull):
-                (KJS::ValueImp::isUndefinedOrNull):
-                (KJS::ValueImp::isBoolean):
-                (KJS::ValueImp::isNumber):
-                (KJS::ValueImp::isString):
-                (KJS::ValueImp::isObject):
-                (KJS::ValueImp::getBoolean):
-                (KJS::ValueImp::getNumber):
-                (KJS::ValueImp::getString):
-                (KJS::ValueImp::getObject):
-                (KJS::ValueImp::getUInt32):
-                (KJS::ValueImp::mark):
-                (KJS::ValueImp::marked):
-                (KJS::ValueImp::type):
-                (KJS::ValueImp::toPrimitive):
-                (KJS::ValueImp::toBoolean):
-                (KJS::ValueImp::toNumber):
-                (KJS::ValueImp::toString):
-                (KJS::jsZero):
-                (KJS::jsOne):
-                (KJS::jsTwo):
-                (KJS::Undefined):
-                (KJS::Null):
-                (KJS::Boolean):
-                (KJS::Number):
-                (KJS::String):
-        
-        2005-08-06  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by Darin.
-        
-            Change over to the new PropertySlot mechanism for property
-            lookup. This allows the elimination of hasOwnProperty
-            methods. Also did some of the performance tuning enabled by this
-            (but not yet all the possible improvements for function calls,
-            assignment, ++, and so forth). And also much code cleanup.
-        
-            Net result is about a 2% speedup on the JS iBench.
-            
-            Also redid Geoff's fix for the chrashing applet by avoiding a NULL
-            prototype in the bindings code and using the default of Null()
-            instead.
-                
-            * JavaScriptCore.xcodeproj/project.pbxproj:
-                * bindings/objc/objc_runtime.h:
-                * bindings/objc/objc_runtime.mm:
-                (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-                (ObjcFallbackObjectImp::getOwnPropertySlot):
-                * bindings/runtime_array.cpp:
-                (RuntimeArrayImp::lengthGetter):
-                (RuntimeArrayImp::indexGetter):
-                (RuntimeArrayImp::getOwnPropertySlot):
-                * bindings/runtime_array.h:
-                * bindings/runtime_method.cpp:
-                (RuntimeMethodImp::lengthGetter):
-                (RuntimeMethodImp::getOwnPropertySlot):
-                * bindings/runtime_method.h:
-                * bindings/runtime_object.cpp:
-                (RuntimeObjectImp::RuntimeObjectImp):
-                (RuntimeObjectImp::fallbackObjectGetter):
-                (RuntimeObjectImp::fieldGetter):
-                (RuntimeObjectImp::methodGetter):
-                (RuntimeObjectImp::getOwnPropertySlot):
-                * bindings/runtime_object.h:
-                * bindings/runtime_root.h:
-                * kjs/array_instance.h:
-                * kjs/array_object.cpp:
-                (ArrayInstanceImp::lengthGetter):
-                (ArrayInstanceImp::getOwnPropertySlot):
-                (ArrayPrototypeImp::getOwnPropertySlot):
-                * kjs/array_object.h:
-                * kjs/date_object.cpp:
-                (DatePrototypeImp::getOwnPropertySlot):
-                * kjs/date_object.h:
-                * kjs/function.cpp:
-                (KJS::FunctionImp::argumentsGetter):
-                (KJS::FunctionImp::lengthGetter):
-                (KJS::FunctionImp::getOwnPropertySlot):
-                (KJS::FunctionImp::put):
-                (KJS::FunctionImp::deleteProperty):
-                (KJS::ArgumentsImp::mappedIndexGetter):
-                (KJS::ArgumentsImp::getOwnPropertySlot):
-                (KJS::ActivationImp::argumentsGetter):
-                (KJS::ActivationImp::getArgumentsGetter):
-                (KJS::ActivationImp::getOwnPropertySlot):
-                (KJS::ActivationImp::deleteProperty):
-                * kjs/function.h:
-                * kjs/internal.cpp:
-                (InterpreterImp::InterpreterImp):
-                (InterpreterImp::initGlobalObject):
-                (InterpreterImp::~InterpreterImp):
-                (InterpreterImp::evaluate):
-                * kjs/internal.h:
-                (KJS::InterpreterImp::globalExec):
-                * kjs/interpreter.cpp:
-                (Interpreter::Interpreter):
-                (Interpreter::createLanguageInstanceForValue):
-                * kjs/interpreter.h:
-                (KJS::Interpreter::argumentsIdentifier):
-                (KJS::Interpreter::specialPrototypeIdentifier):
-                * kjs/lookup.h:
-                (KJS::staticFunctionGetter):
-                (KJS::staticValueGetter):
-                (KJS::getStaticPropertySlot):
-                (KJS::getStaticFunctionSlot):
-                (KJS::getStaticValueSlot):
-                * kjs/math_object.cpp:
-                (MathObjectImp::getOwnPropertySlot):
-                * kjs/math_object.h:
-                * kjs/nodes.cpp:
-                (ResolveNode::evaluate):
-                (ResolveNode::evaluateReference):
-                (AccessorNode1::evaluate):
-                (AccessorNode2::evaluate):
-                * kjs/number_object.cpp:
-                (NumberObjectImp::getOwnPropertySlot):
-                * kjs/number_object.h:
-                * kjs/object.cpp:
-                (KJS::ObjectImp::get):
-                (KJS::ObjectImp::getProperty):
-                (KJS::ObjectImp::getPropertySlot):
-                (KJS::ObjectImp::getOwnPropertySlot):
-                (KJS::ObjectImp::put):
-                (KJS::ObjectImp::hasProperty):
-                (KJS::ObjectImp::hasOwnProperty):
-                * kjs/object.h:
-                (KJS::ObjectImp::getDirectLocation):
-                (KJS::ObjectImp::getPropertySlot):
-                (KJS::ObjectImp::getOwnPropertySlot):
-                * kjs/object_wrapper.h: Added.
-                (KJS::):
-                (KJS::Object::Object):
-                (KJS::Object::operator ObjectImp *):
-                * kjs/property_map.cpp:
-                (KJS::PropertyMap::getLocation):
-                * kjs/property_map.h:
-                * kjs/property_slot.cpp: Added.
-                (KJS::PropertySlot::undefinedGetter):
-                * kjs/property_slot.h: Added.
-                (KJS::PropertySlot::isSet):
-                (KJS::PropertySlot::getValue):
-                (KJS::PropertySlot::setValueSlot):
-                (KJS::PropertySlot::setStaticEntry):
-                (KJS::PropertySlot::setCustom):
-                (KJS::PropertySlot::setCustomIndex):
-                (KJS::PropertySlot::setUndefined):
-                (KJS::PropertySlot::slotBase):
-                (KJS::PropertySlot::staticEntry):
-                (KJS::PropertySlot::index):
-                (KJS::PropertySlot::):
-                * kjs/protect.h:
-                * kjs/protected_object.h: Added.
-                (KJS::ProtectedObject::ProtectedObject):
-                (KJS::ProtectedObject::~ProtectedObject):
-                (KJS::ProtectedObject::operator=):
-                (KJS::ProtectedReference::ProtectedReference):
-                (KJS::ProtectedReference::~ProtectedReference):
-                (KJS::ProtectedReference::operator=):
-                * kjs/reference.h:
-                * kjs/reference_list.cpp:
-                * kjs/regexp_object.cpp:
-                (RegExpObjectImp::backrefGetter):
-                (RegExpObjectImp::getOwnPropertySlot):
-                * kjs/regexp_object.h:
-                * kjs/string_object.cpp:
-                (StringInstanceImp::lengthGetter):
-                (StringInstanceImp::indexGetter):
-                (StringInstanceImp::getOwnPropertySlot):
-                (StringPrototypeImp::getOwnPropertySlot):
-                * kjs/string_object.h:
-        
-        2005-08-05  Adele Peterson  <adele@apple.com>
-        
-                Reviewed by Darin.
-        
-                * JavaScriptCore.xcodeproj/project.pbxproj: Unchecked 'statics are thread safe' option.
-        
-        2005-08-05  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed <rdar://problem/4207220> REGRESSION (DENVER): Crash occurs 
-                after clicking on Hangman applet
-        
-                Reviewed by darin.
-        
-                * kjs/object.cpp:
-                (KJS::ObjectImp::hasProperty): added check for null prototype.
-        
-                FIXME: The long-term plan is to make runtime objects use JS Null()
-                instead of null pointers, which will allow us to eliminate null
-                checks, improving performance.
-        
-        2005-08-05  Geoffrey Garen  <ggaren@apple.com>
-        
-                Fix by darin, reviewed by me.
-                
-                - rolled in fix for: <rdar://problem/4161606> JavaScript regular 
-                expressions with certain ranges of Unicode characters cause a crash
-        
-                Test cases added:
-        
-                * layout-tests/fast/js/regexp-big-unicode-ranges-expected.txt: Added.
-                * layout-tests/fast/js/regexp-big-unicode-ranges.html: Added.
-        
-                * pcre/pcre.c:
-                (compile_branch): added checks for characters > 255
-
-2005-08-04  Chris Blumenberg  <cblu@apple.com>
-       
-       if'd out bindings code until we can get it to compile on Purple
-
-        Reviewed by andre.
-
-        * bindings/NP_jsobject.cpp:
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.cpp:
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.cpp:
-        * bindings/c/c_instance.h:
-        * bindings/c/c_runtime.cpp:
-        * bindings/c/c_runtime.h:
-        * bindings/c/c_utility.cpp:
-        * bindings/c/c_utility.h:
-        * bindings/jni/jni_class.cpp:
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_jsobject.cpp:
-        * bindings/jni/jni_jsobject.h:
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_runtime.cpp:
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni/jni_utility.cpp:
-        * bindings/jni/jni_utility.h:
-        * bindings/npapi.h:
-        * bindings/npruntime.cpp:
-        * bindings/npruntime.h:
-        * bindings/npruntime_impl.h:
-        * bindings/npruntime_priv.h:
-        * bindings/objc/WebScriptObject.h:
-        * bindings/objc/WebScriptObject.mm:
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        * bindings/objc/objc_header.h:
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        (Instance::createLanguageInstanceForValue):
-        * bindings/runtime.h:
-        * bindings/runtime_array.cpp:
-        * bindings/runtime_array.h:
-        * bindings/runtime_method.cpp:
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        * bindings/runtime_object.h:
-        * bindings/runtime_root.cpp:
-        * bindings/runtime_root.h:
-        * bindings/softlinking.c:
-        * kjs/interpreter.cpp:
-        * kjs/interpreter.h:
-
-2005-08-04  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::_commonInit): I see the change, but there does not
-        seem to be a ChangeLog comment to merge. In any case, only the
-        initial size of the dictionaries is being altered here (from 16 to 0).
-
-2005-08-03  Chris Blumenberg  <cblu@apple.com>
-
-       Disabled Netscape plug-in related bindings code.
-
-        Reviewed by kocienda.
-
-        * bindings/NP_jsobject.cpp:
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.cpp:
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.cpp:
-        * bindings/c/c_instance.h:
-        * bindings/c/c_runtime.cpp:
-        * bindings/c/c_runtime.h:
-        * bindings/c/c_utility.cpp:
-        * bindings/c/c_utility.h:
-        * bindings/npapi.h:
-        * bindings/npruntime.cpp:
-        * bindings/npruntime.h:
-        * bindings/npruntime_impl.h:
-        * bindings/npruntime_priv.h:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        (Instance::createLanguageInstanceForValue):
-        * kjs/date_object.cpp:
-
-2005-08-03  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-07-31  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Maciej.
-        
-                - remove uses of Mac-OS-X-specific MAX macro
-                - remove one of the many excess "APPLE_CHANGES" ifdefs
-        
-                * kjs/collector.cpp: (KJS::Collector::allocate): Use std::max instead of MAX.
-                * kjs/property_map.cpp: (KJS::PropertyMap::rehash): Ditto.
-                * kjs/ustring.cpp:
-                (KJS::UChar::toLower): Take out non-ICU code path.
-                (KJS::UChar::toUpper): Ditto.
-                (KJS::UString::spliceSubstringsWithSeparators): Use std::max instead of MAX.
-        
-        2005-07-27  Geoffrey Garen  <ggaren@apple.com>
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4147
-                Array.toString() and toLocaleString() improvements from KDE KJS
-                (rolled in KDE changes)
-        
-                Test cases added:
-        
-                * layout-tests/fast/js/toString-overrides-expected.txt: Added.
-                * layout-tests/fast/js/toString-overrides.html: Added.
-                
-                * kjs/array_object.cpp:
-                (ArrayProtoFuncImp::call):
-        
-        2005-07-27  Maciej Stachowiak  <mjs@apple.com>
-        
-                Changes by Michael Kahl, reviewed by me.
-        
-            - fixed <rdar://problem/4194278> Need better debugging support in JavaScriptCore
-            
-                * JavaScriptCore.xcodeproj/project.pbxproj:
-                * kjs/debugger.cpp:
-                (KJS::AttachedInterpreter::AttachedInterpreter):
-                (KJS::AttachedInterpreter::~AttachedInterpreter):
-                (Debugger::~Debugger):
-                (Debugger::attach):
-                (Debugger::detach):
-                (Debugger::sourceParsed):
-                * kjs/debugger.h:
-                * kjs/function.cpp:
-                (KJS::FunctionImp::call):
-                (KJS::GlobalFuncImp::call):
-                * kjs/function_object.cpp:
-                (FunctionObjectImp::construct):
-                * kjs/grammar.y:
-                * kjs/internal.cpp:
-                (Parser::parse):
-                (InterpreterImp::evaluate):
-                * kjs/internal.h:
-                (KJS::InterpreterImp::setDebugger):
-                * kjs/interpreter.cpp:
-                * kjs/interpreter.h:
-                (KJS::Interpreter::imp):
-                * kjs/nodes.cpp:
-        
-        2005-07-27  Geoffrey Garen  <ggaren@apple.com>
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3381
-                Date.prototype.setDate() incorrect for values >=128
-                
-                - Test cases added:
-        
-                * layout-tests/fast/js/date-big-setdate-expected.txt: Added.
-                * layout-tests/fast/js/date-big-setdate.html: Added.
-        
-                Reviewed by darin.
-        
-                * kjs/date_object.cpp:
-                (DateProtoFuncImp::call):
-        
-        2005-07-27  Geoffrey Garen  <ggaren@apple.com>
-        
-                -rolled in patch by Carsten Guenther <cguenther@gmail.com>
-                for http://bugzilla.opendarwin.org/show_bug.cgi?id=3759
-                Date object enhancements
-                
-                Test cases added:
-        
-                * layout-tests/fast/js/date-preserve-milliseconds-expected.txt: Added.
-                * layout-tests/fast/js/date-preserve-milliseconds.html: Added.
-        
-                Reviewed by darin.
-        
-                * kjs/date_object.cpp:
-                (timeFromArgs):
-                (DateProtoFuncImp::call):
-                (DateObjectImp::construct):
-                (DateObjectFuncImp::call):
-                (KJS::makeTime):
-                * kjs/date_object.h:
-                * tests/mozilla/expected.html:
-
-2005-07-27  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        * JavaScriptCore.xcodeproj/project.pbxproj: Rolled out changes for building roots.
-        Root-building smarts added to my script, rather then to the project file.
-
-2005-07-27  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-07-26  Justin Garcia  <justin.garcia@apple.com>
-        
-                Added a forward declaration to fix gcc4 build error
-        
-                * kjs/function.h:
-        
-        2005-07-25  Geoffrey Garen  <ggaren@apple.com>
-                - fixed mistake in my last checkin -- the expected results included
-                results from a patch that hasn't landed yet.
-                
-                * tests/mozilla/expected.html:
-        
-        2005-07-25  Maciej Stachowiak  <mjs@apple.com>
-        
-                - fix mistake in last change that leads to assertion failure in the Development build
-        
-                * kjs/lookup.h:
-                (KJS::lookupGetOwnValue):
-        
-        2005-07-24  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by Darin.
-        
-            - http://bugzilla.opendarwin.org/show_bug.cgi?id=4124
-            (change JavaScript property access to avoid double lookup)
-        
-            - 10% speedup on JavaScript iBench
-            - 5% speedup on 24fun BenchJS benchmark
-        
-            Changed all get methods to getOwnProperty - they are no longer
-            responsible for prototype lookup, and determine if the property
-            was found as a side efect. 
-        
-            get() is now a nonvirtual ObjectImp method which calls the virtual
-            getOwnProperty and walks the prototype chain. A few selected
-            methods were inlined.
-        
-            Changed ResolveNode::evaluate plus some other places to use
-            getProperty which does get() and hasProperty() in one lookup.
-        
-            Also miscellaneous code cleanup.
-                
-            * bindings/objc/objc_runtime.h:
-                * bindings/objc/objc_runtime.mm:
-                (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-                (ObjcFallbackObjectImp::getOwnProperty):
-                * bindings/runtime_array.cpp:
-                (RuntimeArrayImp::RuntimeArrayImp):
-                (RuntimeArrayImp::getOwnProperty):
-                * bindings/runtime_array.h:
-                * bindings/runtime_method.cpp:
-                (RuntimeMethodImp::getOwnProperty):
-                * bindings/runtime_method.h:
-                * bindings/runtime_object.cpp:
-                (RuntimeObjectImp::getOwnProperty):
-                * bindings/runtime_object.h:
-                * kjs/array_instance.h:
-                * kjs/array_object.cpp:
-                (ArrayInstanceImp::getOwnProperty):
-                (ArrayPrototypeImp::getOwnProperty):
-                (ArrayProtoFuncImp::call):
-                * kjs/array_object.h:
-                * kjs/date_object.cpp:
-                (DatePrototypeImp::getOwnProperty):
-                * kjs/date_object.h:
-                * kjs/function.cpp:
-                (KJS::FunctionImp::getOwnProperty):
-                (KJS::ArgumentsImp::getOwnProperty):
-                (KJS::ActivationImp::getOwnProperty):
-                * kjs/function.h:
-                * kjs/lookup.h:
-                (KJS::lookupGetOwnProperty):
-                (KJS::lookupGetOwnFunction):
-                (KJS::lookupGetOwnValue):
-                * kjs/math_object.cpp:
-                (MathObjectImp::getOwnProperty):
-                (MathObjectImp::getValueProperty):
-                * kjs/math_object.h:
-                * kjs/nodes.cpp:
-                (ResolveNode::evaluate):
-                * kjs/number_object.cpp:
-                (NumberObjectImp::getOwnProperty):
-                * kjs/number_object.h:
-                * kjs/object.cpp:
-                (KJS::ObjectImp::get):
-                (KJS::ObjectImp::getOwnProperty):
-                (KJS::ObjectImp::getProperty):
-                * kjs/object.h:
-                (KJS::ObjectImp::getProperty):
-                (KJS::ObjectImp::getOwnProperty):
-                * kjs/object_object.cpp:
-                (ObjectProtoFuncImp::call):
-                * kjs/regexp_object.cpp:
-                (RegExpObjectImp::getOwnProperty):
-                * kjs/regexp_object.h:
-                * kjs/string_object.cpp:
-                (StringInstanceImp::getOwnProperty):
-                (StringPrototypeImp::getOwnProperty):
-                * kjs/string_object.h:
-        
-        2005-07-25  Geoffrey Garen  <ggaren@apple.com>
-        
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3971
-                JS test suite depends on JS 1.2 behavior
-                
-                Reviewed by darin.
-        
-                * tests/mozilla/js1_2/Array/tostring_1.js: now tests only for JS 1.5 behavior
-                * tests/mozilla/js1_2/Array/tostring_2.js: ditto
-                * tests/mozilla/expected.html:
-
-2005-07-25  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        Merged in changes from the opensource tree.
-
-        2005-07-22  Geoffrey Garen  <ggaren@apple.com>
-        
-                Reviewed by darin.
-        
-                * kjs/date_object.cpp: DatePrototypeImp now identifies itself as a
-                child class of DateInstanceImp -- this enables calls to Date.ValueOf().
-                
-                fixes: ecma/Date/15.9.5.js (once we enable the date tests).
-        
-2005-07-25  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-        
-        Migrated all project files to Xcode 2.1
-
-        * JavaScriptCore.pbproj/.cvsignore: Removed.
-        * JavaScriptCore.pbproj/project.pbxproj: Removed.
-        * JavaScriptCore.xcodeproj/.cvsignore: Added.
-        * JavaScriptCore.xcodeproj/project.pbxproj: Added.
-
-2005-07-22  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by Richard
-
-        * JavaScriptCore.pbproj/project.pbxproj: Made install path /Purple.
-
-2005-07-20  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-        
-        Merged changes from opensource tree.
-    
-        2005-07-20  Maciej Stachowiak  <mjs@apple.com>
-        
-                Patch from Trey Matteson <trey@usa.net>, reviewed by me.
-        
-            - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3956
-            some of WebKit builds with symbols, some doesn't
-            
-                * JavaScriptCore.pbproj/project.pbxproj: Generate symbols even for
-            Deployment.
-        
-        2005-07-19  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3991
-                JSC doesn't implement Array.prototype.toLocaleString()
-        
-                -test failure: ecma_3/Array/15.4.4.3-1.js
-        
-                Reviewed by mjs.
-        
-                * kjs/array_object.cpp:
-                (ArrayProtoFuncImp::call): now searches for toString and
-                toLocaleString overrides in the array's elements
-        
-                * tests/mozilla/expected.html: failures are under 100! woohoo!
-        
-        2005-07-19  Darin Adler  <darin@apple.com>
-        
-                - fixed the build
-        
-                * kjs/lookup.h: (KJS::lookupPut): Remove bogus const; was preventing WebCore from
-                compiling (not sure why this didn't affect my other build machine).
-        
-                - one other tiny tweak (so sue me)
-        
-                * bindings/runtime_root.cpp: Remove unneeded declaration.
-        
-        2005-07-19  Darin Adler  <darin@apple.com>
-        
-                Reviewed by Geoff Garen.
-        
-                - eliminated try wrappers for get/put/call since we don't use C++ exceptions any more
-        
-                * kjs/lookup.h: Changed tryCall in IMPLEMENT_PROTOFUNC here to call. It doesn't make
-                sense for this macro to use the name tryCall anyway, since that's specific to how
-                WebCore used this, so this is good anyway. On the other hand, it might be a problem
-                for KDOM or KSVG, in which case we'll need another macro for them, since JavaScriptCore
-                should presumably not have the C++ exception support.
-        
-        2005-07-18  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4008
-                Error objects report incorrect length
-                
-                Reviewed by darin.
-        
-                * kjs/error_object.cpp: Error objects now include a length property
-                (ErrorObjectImp::ErrorObjectImp):
-        
-                * tests/mozilla/expected.html: updated expected results to reflect fix
-                * tests/mozilla/js1_5/Exceptions/regress-123002.js: test now expects 
-                ecma compliant results
-
-2005-07-18  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-        
-        Merged changes from opensource tree.
-    
-        2005-07-15  Geoffrey Garen  <ggaren@apple.com>
-        
-                -rolled in KDE fixes for http://bugzilla.opendarwin.org/show_bug.cgi?id=3601
-                Error instance type info
-                
-                Reviewed by mjs.
-        
-                * kjs/error_object.cpp:
-                - Created ErrorInstanceImp class for Error() objects. 
-                - Changed parent object for Native Errors to "Function" (matches
-                ECMA spec).
-                (ErrorInstanceImp::ErrorInstanceImp):
-                (ErrorProtoFuncImp::call):
-                (ErrorObjectImp::construct):
-                (NativeErrorImp::construct):
-        
-                * kjs/error_object.h:
-                (KJS::ErrorInstanceImp::classInfo):
-                * kjs/object.h: made comment more informative about ClassInfo
-        
-                * tests/mozilla/expected.html:
-
-2005-07-15  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-        
-        Merged changes from opensource tree.
-    
-        2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-        
-                - fixed: JS test suite expects an out of memory error
-                that our memory efficiency avoids
-                
-                Reviewed by mjs.
-        
-                * tests/mozilla/js1_5/Array/regress-157652.js:
-                test now expects normal execution
-                
-                * tests/mozilla/expected.html:
-        
-        2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-                - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=4006
-                testkjs doesn't implement gc()
-                
-                - test failure:
-                ecma_3/Function/regress-104584.js
-                
-                Reviewed by mjs.
-        
-                * kjs/interpreter.cpp:
-                (Interpreter::finalCheck): removed misleading while && comment
-        
-                * kjs/testkjs.cpp: added "gc" function to global object
-                (TestFunctionImp::):
-                (TestFunctionImp::call):
-                (main):
-        
-                * tests/mozilla/expected.html:
-        
-        2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-        
-                -rolled in patches for http://bugzilla.opendarwin.org/show_bug.cgi?id=3945
-                [PATCH] Safe merges of comments and other trivialities from KDE's kjs
-                
-                -patch by Martijn Klingens <klingens@kde.org>
-                
-                * kjs/array_instance.h:
-                * kjs/array_object.cpp:
-                * kjs/array_object.h:
-                * kjs/bool_object.cpp:
-                * kjs/bool_object.h:
-                * kjs/collector.cpp:
-                * kjs/collector.h:
-                * kjs/completion.h:
-                * kjs/context.h:
-                * kjs/date_object.cpp:
-                * kjs/date_object.h:
-                * kjs/debugger.cpp:
-                * kjs/debugger.h:
-                * kjs/dtoa.h:
-                * kjs/error_object.cpp:
-                * kjs/error_object.h:
-                * kjs/function.cpp:
-                * kjs/function.h:
-                * kjs/function_object.cpp:
-                * kjs/function_object.h:
-                * kjs/grammar.y:
-                * kjs/identifier.cpp:
-                * kjs/identifier.h:
-                * kjs/internal.cpp:
-                * kjs/internal.h:
-                * kjs/interpreter.cpp:
-                * kjs/interpreter.h:
-                * kjs/interpreter_map.cpp:
-                * kjs/interpreter_map.h:
-                * kjs/lexer.cpp:
-                * kjs/lexer.h:
-                * kjs/list.cpp:
-                * kjs/list.h:
-                * kjs/lookup.cpp:
-                * kjs/lookup.h:
-                * kjs/math_object.cpp:
-                * kjs/math_object.h:
-                * kjs/nodes.cpp:
-                * kjs/nodes.h:
-                * kjs/nodes2string.cpp:
-                * kjs/number_object.cpp:
-                * kjs/number_object.h:
-                * kjs/object.cpp:
-                * kjs/object.h:
-                * kjs/object_object.cpp:
-                * kjs/object_object.h:
-                * kjs/operations.cpp:
-                * kjs/operations.h:
-                * kjs/property_map.cpp:
-                * kjs/property_map.h:
-                * kjs/reference.cpp:
-                * kjs/reference.h:
-                * kjs/reference_list.cpp:
-                * kjs/reference_list.h:
-                * kjs/regexp.cpp:
-                * kjs/regexp.h:
-                * kjs/regexp_object.cpp:
-                * kjs/regexp_object.h:
-                * kjs/scope_chain.cpp:
-                * kjs/scope_chain.h:
-                * kjs/simple_number.h:
-                * kjs/string_object.cpp:
-                * kjs/string_object.h:
-                * kjs/testkjs.cpp:
-                * kjs/types.h:
-                * kjs/ustring.cpp:
-                * kjs/ustring.h:
-                * kjs/value.cpp:
-                * kjs/value.h:
-        
-        2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3970
-                throw statements fail inside eval statements
-                
-                Reviewed by mjs.
-        
-                * kjs/function.cpp:
-                (KJS::GlobalFuncImp::call):
-                Big change since I fixed the tabbing. The important part is:
-                if (c.complType() == Throw)
-                  exec->setException(c.value());
-        
-                * kjs/nodes.cpp:
-                (ThrowNode::execute): removed duplicate KJS_CHECKEXCEPTION
-                (TryNode::execute): 
-                try now clears the exception state before the finally block executes,
-                and checks the state after the block executes, so that exceptions in
-                finally code get caught.
-        
-                * tests/mozilla/expected.html:
-        
-        2005-07-14  Geoffrey Garen  <ggaren@apple.com>
-                
-                -landed fix for http://bugzilla.opendarwin.org/show_bug.cgi?id=3412
-                Object.prototype is missing toLocaleString
-        
-                - patch by Mark Rowe (bdash) <opendarwin.org@bdash.net.nz>
-                
-                -layout test info in webcore changelog
-        
-                Reviewed by mjs.
-        
-                * kjs/object_object.cpp:
-                (ObjectPrototypeImp::ObjectPrototypeImp):
-                (ObjectProtoFuncImp::call):
-                * kjs/object_object.h:
-                (KJS::ObjectProtoFuncImp::):
-
-2005-07-13  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-        
-        Merged changes from opensource tree.
-    
-        2005-07-12  Geoffrey Garen  <ggaren@apple.com>
-        
-                Reviewed by mjs.
-        
-                * kjs/function.cpp:
-                (KJS::IndexToNameMap::operator[]): fixed infinite recursion
-                bug in last checkin
-        
-        2005-07-12  Geoffrey Garen  <ggaren@apple.com>
-        
-                -fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3881
-                arguments object should share values with function parameters
-        
-                Reviewed by mjs.
-        
-                ArgumentsImp now uses a simple hash lookup to share values
-                with the activation object.
-        
-                * kjs/function.cpp:
-                (KJS::FunctionImp::getParameterName):
-                (KJS::IndexToNameMap::IndexToNameMap):
-                (KJS::IndexToNameMap::~IndexToNameMap):
-                (KJS::IndexToNameMap::isMapped):
-                (KJS::IndexToNameMap::unMap):
-                (KJS::IndexToNameMap::operator[]):
-                (KJS::ArgumentsImp::ArgumentsImp):
-                (KJS::ArgumentsImp::mark):
-                (KJS::ArgumentsImp::get):
-                (KJS::ArgumentsImp::put):
-                (KJS::ArgumentsImp::deleteProperty):
-                (KJS::ArgumentsImp::hasOwnProperty):
-                (KJS::ActivationImp::createArgumentsObject):
-                * kjs/function.h:
-                * tests/mozilla/expected.html: updated results
-
-2005-07-11  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-        
-        Merged changes from opensource tree.
-    
-        * kjs/error_object.cpp:
-        (ErrorProtoFuncImp::call):
-        * kjs/function.cpp:
-        (KJS::ArgumentsImp::ArgumentsImp):
-        * kjs/function.h:
-        * kjs/grammar.y:
-    
-        2005-07-09  Maciej Stachowiak  <mjs@apple.com>
-        
-                - backing out my earlier collector change, it causes a performance regression in TOT
-        
-                * kjs/collector.cpp:
-                (KJS::Collector::allocate):
-        
-        2005-07-08  Maciej Stachowiak  <mjs@apple.com>
-        
-                Reviewed by hyatt.
-        
-            - When there are many live objects, GC less often, to try to make
-            GC cost proportional to garbage, not proportional to total memory used.
-        
-                * kjs/collector.cpp:
-                (KJS::Collector::allocate):
-        
-        2005-07-08  Vicki Murley  <vicki@apple.com>
-        
-            Fix from Carsten Guenther, reviewed by Maciej
-        
-            - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3644 (Error string representation)
-        
-            Switch from "-" to ":" in error strings.
-        
-                * kjs/error_object.cpp:
-                (ErrorProtoFuncImp::call):
-                * tests/mozilla/expected.html:
-        
-        2005-07-08  Geoffrey Garen  <ggaren@apple.com>
-        
-                -rolled in patch for http://bugzilla.opendarwin.org/show_bug.cgi?id=3878
-                arguments object should be an object not an array
-        
-                Reviewed by mjs.
-        
-                * kjs/function.cpp:
-                (KJS::ArgumentsImp::ArgumentsImp): now manually handles initialization
-                we used to get for free by inheriting from ArrayInstanceImp
-                * kjs/function.h: ArgumentsImp now inherits from ObjectImp
-                * tests/mozilla/expected.html: updated expected test results
-        
-        2005-07-07  Eric Seidel  <eseidel@apple.com>
-        
-                Reviewed by mjs.
-        
-                * kjs/grammar.y: removed #define YYMAXDEPTH 0 for bison 2.0
-                http://bugzilla.opendarwin.org/show_bug.cgi?id=3882
-
-2005-07-06  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-        
-        Merged in everything from the open source tree since this tree was created.
-
-2005-07-03  Maciej Stachowiak  <mjs@apple.com>
-
-       Original patch from Mark Rowe <opendarwin.org@bdash.net.nz>, reviewed by me.
-       Fixes to patch by me, reviewed by John Sullivan.
-
-       - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3293
-
-        Test cases added:
-        * tests/mozilla/expected.html: Two tests newly pass.
-
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::hasOwnProperty):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::hasOwnProperty):
-        * bindings/runtime_array.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::hasOwnProperty):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::hasOwnProperty):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::hasOwnProperty):
-        (KJS::ActivationImp::hasOwnProperty):
-        * kjs/function.h:
-        * kjs/lookup.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::hasProperty):
-        (KJS::ObjectImp::hasOwnProperty):
-        * kjs/object.h:
-        (KJS::Object::hasOwnProperty):
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::call):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-        * kjs/string_object.cpp:
-        (StringInstanceImp::hasOwnProperty):
-        * kjs/string_object.h:
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -landed patch by Eric Seidel <macdome@opendarwin.org>
-        
-        -for http://bugzilla.opendarwin.org/show_bug.cgi?id=3657
-        GroundWork:  Moving some functions from khtml->jsc following kjs TOT
-        
-        - no layout test necessary yet - only groundwork
-
-        Reviewed by darin.
-
-        * kjs/lookup.h:
-        (KJS::cacheGlobalObject):
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -landed patch by Carsten Guenther <cguenther@gmail.com>
-
-        -fixes http://bugzilla.opendarwin.org/show_bug.cgi?id=3477
-        some US-centric date formats not parsed by JavaScript (clock at news8austin.com)
-
-        -relevant tests:
-               mozilla/ecma_3/Date/15.9.5.5.js 
-               layout-tests/fast/js/date-parse-test.html
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate):
-        (day):
-        (dayFromYear):
-        (daysInYear):
-        (timeFromYear):
-        (yearFromTime):
-        (weekDay):
-        (timeZoneOffset):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        (KJS::parseDate):
-        (ymdhms_to_seconds):
-        (KJS::makeTime):
-        (findMonth):
-        (KJS::KRFCDate_parseDate):
-        * kjs/date_object.h:
-        * tests/mozilla/expected.html: updated expected results to reflect fix
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed <rdar://problem/4168186> JavaScript fails to throw exceptions 
-        for invalid return statements
-        
-        relevant tests:
-            ecma/Statements/12.9-1-n.js
-            ecma_2/Exceptions/lexical-052.js
-            ecma_2/Exceptions/statement-009.js
-
-        Reviewed by sullivan.
-
-        * kjs/nodes.cpp:
-        (ReturnNode::execute): now throws exception if return is not inside
-        a function.
-
-        * tests/mozilla/expected.html: updated to reflect fix
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by sullivan.
-
-        * tests/mozilla/expected.html: Updated test results for last fix.
-
-2005-07-01  Geoffrey Garen  <ggaren@apple.com>
-
-        -fixed <rdar://problem/4168161> JavaScript fails to throw an exception 
-        for invalid function calls
-        
-        Reviewed by sullivan.
-
-        Relevant mozilla test: ecma_3/Exceptions/regress-95101.js 
-
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate): evaluate now checks for an exception
-        after resolving a function name (in case the function is undefined)
-
-2005-07-01  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by darin.
-
-        * kjs/interpreter.h:
-        (KJS::Context::curStmtFirstLine): stub for compatibility with KDE
-        * kjs/value.h:
-        (KJS::Value::isValid): compatibility with KDE
-       http://bugzilla.opendarwin.org/show_bug.cgi?id=3687
-
-2005-07-01  Eric Seidel  <eseidel@apple.com>
-
-        Reviewed by darin.
-
-        * kjs/create_hash_table: rolled in changes from KDE, including
-       -n <namespace> support from KDOM and support for newer comments
-       http://bugzilla.opendarwin.org/show_bug.cgi?id=3771
-
-2005-06-30  Geoffrey Garen  <ggaren@apple.com>
-
-        -rolled in KDE fix to <rdar://problem/4167660> JavaScript fails to 
-        throw exceptions for invalid break/continue statements
-
-        No layout tests because it's already covered by the Mozilla suite
-
-        Reviewed by mjs.
-
-        * kjs/internal.h: LabelStack now tracks where you are relative to
-        switch and iteration (loop) statements
-        
-        (KJS::LabelStack::LabelStack):
-        (KJS::LabelStack::pushIteration):
-        (KJS::LabelStack::popIteration):
-        (KJS::LabelStack::inIteration):
-        (KJS::LabelStack::pushSwitch):
-        (KJS::LabelStack::popSwitch):
-        (KJS::LabelStack::inSwitch):
-
-        * kjs/nodes.cpp: 
-        These files were updated to use the new LabelStack:
-        (DoWhileNode::execute): 
-        (WhileNode::execute):
-        (ForNode::execute):
-        (ForInNode::execute):
-        (SwitchNode::execute):
-        
-        These files were updated to throw exceptions for invalid
-        break/continue statements:
-        (BreakNode::execute): 
-        (ContinueNode::execute):
-
-        * tests/mozilla/expected.html: Updated expected results to reflect fix
-
-2005-06-30  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by rjw.
-
-       fixed: <rdar://problem/4166838> failed assertion in`Interpreter::lockCount() > 0
-
-       no layout test added; this is in the bindings code.
-
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]): make sure to lock and unlock the interpreter around allocations. 
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-       Patch by Francisco Tolmasky <tolmasky@gmail.com>
-
-       - fixes http://bugzilla.opendarwin.org/show_bug.cgi?id=3667
-       Core JavaScript 1.5 Reference:Objects:Array:forEach
-
-       See WebCore Changelog for layout tests added.
-
-        Reviewed by darin.
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-        * kjs/array_object.h:
-        (KJS::ArrayProtoFuncImp::):
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-       Patch contributed by Oliver Hunt <ojh16@student.canterbury.ac.nz>
-
-       -fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3743
-       Incorrect error message given for certain calls
-
-       See WebCore Changelog for layout test added.
-
-        Reviewed by mjs.
-
-        * kjs/object.cpp:
-        (KJS::ObjectImp::defaultValue):
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-       Rolling out date patch from 6-28-05 because it breaks 
-       fast/js/date-parse-test
-
-        Reviewed by NOBODY.
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        (KJS::parseDate):
-        (ymdhms_to_seconds):
-        (isSpaceOrTab):
-        (KJS::KRFCDate_parseDate):
-        * kjs/date_object.h:
-        * tests/mozilla/expected.html:
-
-2005-06-29  Geoffrey Garen  <ggaren@apple.com>
-
-        Reviewed by Darin.
-
-       -fixes http://bugzilla.opendarwin.org/show_bug.cgi?id=3750
-       build fails with KJS_VERBOSE set
-
-        * kjs/nodes.cpp: changed debug print statement to use UString
-        (VarDeclNode::evaluate):
-        * kjs/reference.cpp: ditto
-        (KJS::Reference::putValue):
-
-2005-06-28  Geoffrey Garen  <ggaren@apple.com>
-
-       Patch contributed by Carsten Guenther <cguenther@gmail.com>.
-
-       -fixes http://bugzilla.opendarwin.org/show_bug.cgi?id=3477
-       some US-centric date formats not parsed by JavaScript (clock at news8austin.com)
-
-        Reviewed by darin.
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate):
-        (day):
-        (dayFromYear):
-        (daysInYear):
-        (timeFromYear):
-        (yearFromTime):
-        (weekDay):
-        (timeZoneOffset):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        (KJS::parseDate):
-        (ymdhms_to_seconds):
-        (KJS::makeTime):
-        (findMonth):
-        (KJS::KRFCDate_parseDate):
-        * kjs/date_object.h:
-        * tests/mozilla/expected.html: updated expected test results to reflect fix
-
-2005-06-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - replace hash functions  with better ones
-
-        * JavaScriptCore.pbproj/project.pbxproj: Add new file to build.
-        * kjs/interpreter_map.cpp:
-        (KJS::InterpreterMap::computeHash): Use shared pointer hash.
-        * kjs/pointer_hash.h: Added.
-        (KJS::pointerHash): Pointer hash based on 32-bit mix and 64-bit mix hashes.
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::computeHash): Use shared pointer hash.
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::computeHash): Use SuperFastHash algorithm.
-
-2005-06-22  Darin Adler  <darin@apple.com>
-
-        Change by Anders Carlsson.
-        Reviewed by me.
-
-        - fixed <http://bugzilla.opendarwin.org/show_bug.cgi?id=3294>
-          String.prototype.replace() fails with function as second param
-
-        * kjs/string_object.cpp: (replace): Added code to handle functions.
-
-        * tests/mozilla/expected.html: Updated since ecma_3/RegExp/regress-209067.js is fixed now.
-
-        * tests/mozilla/run-mozilla-tests: Fix a minor coding style issue that leads to a warning each
-        time we run the tests.
-
-2005-06-21  Adele Peterson  <adele@apple.com>
-
-        rolling out fix for http://bugzilla.opendarwin.org/show_bug.cgi?id=3293, since it caused layout test failures.
-       fast/forms/element-by-name
-        fast/loader/loadInProgress
-
-        * ChangeLog:
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::hasProperty):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::hasProperty):
-        * bindings/runtime_array.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::hasProperty):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::hasProperty):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::hasProperty):
-        (KJS::ActivationImp::hasProperty):
-        * kjs/function.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::hasProperty):
-        * kjs/object.h:
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::call):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-        * kjs/string_object.cpp:
-        (StringInstanceImp::hasProperty):
-        * kjs/string_object.h:
-        * tests/mozilla/expected.html:
-
-2005-06-21  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Switched to a build rule rather than a build phase for
-        .y files -- this gets rid of the problem where modifying the .y file would not cause sufficient
-        compilation.
-
-        * kjs/grammar_wrapper.cpp: Removed.
-
-2005-06-21  Adele Peterson  <adele@apple.com>
-
-        Patch from Anders Carlsson <andersca@mac.com>, reviewed by Darin.
-
-        Fixed: <http://bugzilla.opendarwin.org/show_bug.cgi?id=3450>
-        <rdar://problem/3881901> String.replace() method not working when regex pattern contains {n, m}
-
-        * pcre/pcre.c: (pcre_compile): Remember the last char length so it can be subtracted correctly if needed.
-
-2005-06-21  Geoffrey Garen  <ggaren@apple.com>
-
-        - fixed <rdar://problem/4155532> 'delete' succeeds on functions
-        - fixed <rdar://problem/4155049> javascript function named as "opener" doesn't get called because of window.opener property
-        
-        Reviewed by cblu.
-
-        * kjs/nodes.cpp:
-        (FuncDeclNode::processFuncDecl): Functions now have DontDelete and Internal attributes set when appropriate.
-
-        Test cases:
-        * tests/mozilla/expected.html: Updated for one new success.
-        - see also test case added in WebCore.
-
-2005-06-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin(first pass) and Hyatt.
-
-        - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3576
-        (roll in support for "const" keyword from KDE tree)
-        - make processVarDecls handle deletability of variables declared
-        in an eval block the same as evaluate would
-        - make eval() call processVarDecls - needed to match mozilla and
-        to make the second change testable
-
-        I started with the KDE implementation of const but I ended up changing it a bit
-        to avoid the use of a global variable. Now instead of the global variable it distinguishes
-        const and var at the grammar level so the appropriate node can know the right kind of
-        declaration.
-
-        Test cases:
-        * tests/mozilla/expected.html: Updated for one new test that is
-        failing - we used to bail on it entirely because it checks for
-        const support before starting.
-        - see also test cases added in WebCore
-
-        * kjs/grammar.y: Add rules for const declarations.
-        * kjs/keywords.table: Add const keyword.
-        * kjs/nodes.cpp:
-        (VarDeclNode::VarDeclNode): Add parameter.
-        (VarDeclNode::evaluate): Add const support.
-        (VarDeclNode::processVarDecls): Add const support.
-        (VarStatementNode::execute): Irrelevant change.
-        (ForInNode::ForInNode): Tell our variable node that it's a variable.
-        * kjs/nodes.h:
-        (KJS::VarDeclNode::): Add declaration of type enum, extra constructor parameter.
-        (KJS::VarStatementNode::VarStatementNode): Irrelevant change.
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call): Process var decls before evaluating.
-
-2005-06-20  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Mark Rowe <opendarwin.org@bdash.net.nz>, reviewed by me.
-
-       - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3293
-        
-        Test cases added: 
-        * tests/mozilla/expected.html: Updated for two fixed tests.
-       - also added a layout test
-
-       * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::hasOwnProperty):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::hasOwnProperty):
-        * bindings/runtime_array.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::hasOwnProperty):
-        * bindings/runtime_object.h:
-        * kjs/array_instance.h:
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::hasOwnProperty):
-        * kjs/function.cpp:
-        (KJS::FunctionImp::hasOwnProperty):
-        (KJS::ActivationImp::hasOwnProperty):
-        * kjs/function.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::hasProperty):
-        (KJS::ObjectImp::hasOwnProperty):
-        * kjs/object.h:
-        (KJS::Object::hasOwnProperty):
-        * kjs/object_object.cpp:
-        (ObjectPrototypeImp::ObjectPrototypeImp):
-        (ObjectProtoFuncImp::call):
-        * kjs/object_object.h:
-        (KJS::ObjectProtoFuncImp::):
-        * kjs/string_object.cpp:
-        (StringInstanceImp::hasOwnProperty):
-        * kjs/string_object.h:
-
-2005-06-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Eric Seidel.
-
-        * pcre/get.c: (pcre_get_substring): Fix some computations so this works for UTF-16.
-        This is unused in the current JavaScriptCore, but still good to fix.
-
-2005-06-18  Darin Adler  <darin@apple.com>
-
-        Change by Finlay Dobbie.
-        Reviewed by me.
-
-        - fixed <http://bugzilla.opendarwin.org/show_bug.cgi?id=3331>
-          10.3.9 Build Failure: NSString may not respond to `+stringWithCString:encoding:'
-
-        * bindings/objc/WebScriptObject.mm: (-[WebScriptObject stringRepresentation]):
-        Undo change we did a while back to work around the gcc 3.3 compiler error.
-        It no longer seems to happen, and the workaround code was 10.4-specific.
-
-2005-06-16  Geoffrey Garen  <ggaren@apple.com>
-
-       Fixed: <rdar://problem/4151759> 'delete' fails on variables declared inside 'eval' statements.
-
-        Reviewed by cblu.
-
-        * kjs/context.h:
-        (KJS::ContextImp::codeType): Added code type accessor for execution context objects.
-        * kjs/internal.cpp:
-        (ContextImp::ContextImp): Reflects change to ContextImp::codeType.
-        * kjs/nodes.cpp:
-        (VarDeclNode::evaluate): Added separate code path for variable declarations inside 'eval' statements.
-        * tests/mozilla/expected.html: Updated expected test results to reflect fix.
-
-2005-06-14  Geoffrey Garen  <ggaren@apple.com>
-
-       Updated expected.html to reflect fix to <rdar://problem/4147745>.
-
-        Reviewed by cblu.
-
-        * tests/mozilla/expected.html:
-
-2005-06-14  Geoffrey Garen  <ggaren@apple.com>
-
-       Fixed: <rdar://problem/4147745> JavaScript discards locally defined "arguments" property
-
-       No layout tests added because this change fixes existing tests:
-       ecma/ExecutionContexts/10.1.6.js
-        ecma_3/Function/regress-94506.js
-        js1_4/Functions/function-001.js
-
-        Reviewed by cblu.
-
-        * kjs/function.cpp:
-        (KJS::ActivationImp::get): get now checks for an "arguments" property defined in the local variable object
-       before trying to return the built-in arguments array.
-       
-        * kjs/function.h: ActivationImp::put no longer overrides ObjectImp::put
-
-2005-06-10  Darin Adler  <darin@apple.com>
-
-        Change by Mark Rowe <opendarwin.org@bdash.net.nz>.
-        Reviewed by me.
-
-        - further improvements to exception file/line number fix
-
-        * kjs/nodes.h: Added setExceptionDetailsIfNeeded function.
-        * kjs/nodes.cpp: Updated macros to call the new setExceptionDetailsIfNeeded function.
-        (Node::setExceptionDetailsIfNeeded): Added.
-
-2005-06-09  Darin Adler  <darin@apple.com>
-
-        Change by Mark Rowe <opendarwin.org@bdash.net.nz>
-       Reviewed by me.
-
-        * kjs/nodes.cpp: Get rid of unneeded this->.
-
-2005-06-08  Maciej Stachowiak  <mjs@apple.com>
-
-        Change by Mark Rowe <opendarwin.org@bdash.net.nz>
-       Reviewed by me.
-
-       - fixed http://bugzilla.opendarwin.org/show_bug.cgi?id=3327
-       (Exception When Setting Style to Invalid Value Lacks Line/File Information)
-
-        * kjs/nodes.cpp: Include source file and line number when making exception in
-       KJS_CHECKEXCEPTIONVALUE.
-
-2005-06-07  Darin Adler  <darin@apple.com>
-
-        Change by Toby Peterson <toby@opendarwin.org>.
-        Reviewed by me.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Allow bison 2.0, which generates the file
-        with a different name.
-
-2005-06-07  Darin Adler  <darin@apple.com>
-
-        Change by Toby Peterson <toby@opendarwin.org>.
-        Reviewed by me.
-
-        * kjs/grammar.y: Remove bogus extra line from grammar.y. Toby got this change from KDE KJS.
-
-2005-06-06  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/run-mozilla-tests: Wrote a perl version of this so we don't require
-        the "jst" tool to run the tests.
-
-2005-06-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - add libicu headers
-
-        * JavaScriptCore.pbproj/project.pbxproj: Added icu directory to header search path.
-
-        * icu/README: Added.
-        * icu/unicode/platform.h: Added.
-        * icu/unicode/uchar.h: Added.
-        * icu/unicode/uconfig.h: Added.
-        * icu/unicode/umachine.h: Added.
-        * icu/unicode/urename.h: Added.
-        * icu/unicode/utf.h: Added.
-        * icu/unicode/utf16.h: Added.
-        * icu/unicode/utf8.h: Added.
-        * icu/unicode/utf_old.h: Added.
-        * icu/unicode/utypes.h: Added.
-        * icu/unicode/uversion.h: Added.
-
-2005-05-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-        
-        - turned off exceptions and RTTI; seems to cut JavaScriptCore code size by about 22%
-
-        * JavaScriptCore.pbproj/project.pbxproj: Turn off exceptions and RTTI for both
-        the framework and testkjs tool.
-
-2005-05-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - got rid of code that depended on RTTI
-
-        * kjs/collector.cpp:
-        (KJS::className): Added. Gets class name in a KJS way, rather than a C++ RTTI way.
-        (KJS::Collector::rootObjectClasses): Use className instead of typeid names.
-
-2005-05-18  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fix a failure seen in the Mozilla JavaScript tests where a live object was garbage-collected
-          when the only reference to it was in an argList on the stack
-
-        * kjs/list.h: Moved the operator= function into the .cpp file since it's too big to be
-        a good choice to inline.
-        * kjs/list.cpp: (KJS::List::operator=): Moved this formerly-inline function into a separate
-        file and added missing code to update valueRefCount. It's the latter that fixes the bug.
-
-2005-05-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fixed issues preventing us from compiling with newer versions of gcc 4.0
-
-        * kjs/ustring.cpp:
-        (KJS::operator==): Remove redundant and illegal KJS:: prefix on this function's definition.
-        (KJS::operator<): Ditto.
-        (KJS::compare): Ditto.
-
-2005-05-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - turn on conservative GC unconditionally and start on SPI changes to
-          eliminate the now-unneeded smart pointers since we don't ref count any more
-
-        * kjs/value.h: Removed macros to turn conservative GC on and off.
-        Removed ref and deref functions.
-        (KJS::ValueImp::ValueImp): Removed non-conservative-GC code path.
-        (KJS::ValueImp::isUndefined): Added. New SPI to make it easier to deal with ValueImp directly.
-        (KJS::ValueImp::isNull): Ditto.
-        (KJS::ValueImp::isBoolean): Ditto.
-        (KJS::ValueImp::isNumber): Ditto.
-        (KJS::ValueImp::isString): Ditto.
-        (KJS::ValueImp::isObject): Ditto.
-        (KJS::Value::Value): Removed non-conservative-GC code path and made constructor no
-        longer explicit so we can quietly create Value wrappers from ValueImp *; inexpensive with
-        conservative GC and eases the transition.
-        (KJS::Value::operator ValueImp *): Added. Quietly creates ValueImp * from Value.
-        (KJS::ValueImp::marked): Removed non-conservative-GC code path.
-
-        * kjs/value.cpp:
-        (KJS::ValueImp::mark): Removed non-conservative-GC code path.
-        (KJS::ValueImp::isUndefinedOrNull): Added. New SPI to make it easier to deal with ValueImp directly.
-        (KJS::ValueImp::isBoolean): Ditto.
-        (KJS::ValueImp::isNumber): Ditto.
-        (KJS::ValueImp::isString): Ditto.
-        (KJS::ValueImp::asString): Ditto.
-        (KJS::ValueImp::isObject): Ditto.
-        (KJS::undefined): Ditto.
-        (KJS::null): Ditto.
-        (KJS::boolean): Ditto.
-        (KJS::string): Ditto.
-        (KJS::zero): Ditto.
-        (KJS::one): Ditto.
-        (KJS::two): Ditto.
-        (KJS::number): Ditto.
-
-        * kjs/object.h: Made constructor no longer explicit so we can quietly create Object
-        wrappers from ObjectImp *; inexpensive with conservative GC and eases the transition.
-        (KJS::Object::operator ObjectImp *): Added. Quietly creates ObjectImp * from Object.
-        (KJS::ValueImp::isObject): Added. Implementation of new object-related ValueImp function.
-        (KJS::ValueImp::asObject): Ditto.
-
-        * kjs/object.cpp:
-        (KJS::ObjectImp::setInternalValue): Remove non-conservative-GC code path.
-        (KJS::ObjectImp::putDirect): Ditto.
-        (KJS::error): Added. Function in the new SPI style to create an error object.
-
-        * kjs/internal.h: Added the new number-constructing functions as friends of NumberImp.
-        There may be a more elegant way to do this later; what's important now is the new SPI.
-
-        * kjs/collector.h:  Remove non-conservative-GC code path and also take out some
-        unneeded APPLE_CHANGES.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::addNativeReference): Remove non-conservative-GC code path.
-        (KJS::Bindings::removeNativeReference): Ditto.
-        (RootObject::removeAllNativeReferences): Ditto.
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::~RootObject): Ditto.
-        (KJS::Bindings::RootObject::setRootObjectImp): Ditto.
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Ditto.
-        (KJS::Collector::collect): Ditto.
-        (KJS::Collector::numGCNotAllowedObjects): Ditto.
-        (KJS::Collector::numReferencedObjects): Ditto.
-        (KJS::Collector::rootObjectClasses): Ditto.
-        * kjs/internal.cpp:
-        (NumberImp::create): Ditto.
-        (InterpreterImp::globalInit): Ditto.
-        (InterpreterImp::globalClear): Ditto.
-        * kjs/list.cpp:
-        (KJS::List::markProtectedLists): Ditto.
-        (KJS::List::clear): Ditto.
-        (KJS::List::append): Ditto.
-        * kjs/list.h:
-        (KJS::List::List): Ditto.
-        (KJS::List::deref): Ditto.
-        (KJS::List::operator=): Ditto.
-        * kjs/protect.h:
-        (KJS::gcProtect): Ditto.
-        (KJS::gcUnprotect): Ditto.
-
-2005-05-09  Chris Blumenberg  <cblu@apple.com>
-
-       Workaround gcc 3.3 internal compiler errors.
-
-        Reviewed by darin.
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject stringRepresentation]): call [NSString stringWithCString:encoding] rather than using @""
-
-2005-05-09  Darin Adler  <darin@apple.com>
-
-        * Makefile.am: Don't set up PBXIntermediatesDirectory explicitly;
-        Not needed to make builds work, spews undesirable error messages too.
-
-2005-05-06  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - make building multiple trees with make work better
-
-        * Makefile.am: Set up Xcode build directory before invoking xcodebuild.
-
-2005-05-04  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       <rdar://problem/4086570> Crash in JavaScriptCore with RSS Visualizer
-       
-        * kjs/internal.cpp:
-        (InterpreterImp::mark): mark staticNaN, it is usually protected by the Number
-       prototype but there is a small window where it can get collected.
-
-2005-05-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        - another gcc-4.0-related fix
-
-        * bindings/runtime_root.h: Take off extra namespace prefixes that apparently cause problems
-        compiling with gcc 4.0, although I have not observed the problems.
-
-2005-05-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Hyatt.
-
-        - fixed build rules to match other projects
-
-        * JavaScriptCore.pbproj/project.pbxproj: Set deployment target to 10.3 in the build styles.
-        When built without a build style (by Apple B&I) we want to get the target from the
-        environment. But when built with a build style (by Safari engineers and others), we want
-        to use 10.3.
-
-        * Makefile.am: Took out extra parameters that make command-line building different from
-        Xcode building. Now that this is fixed, you should not get a full rebuild if you switch
-        from command line to Xcode or back.
-
-2005-05-04  Maciej Stachowiak  <mjs@apple.com>
-
-        - revert presumably accidental change to mozilla JS test expected results, this
-       was making the tests fail.
-
-        * tests/mozilla/expected.html:
-
-2005-05-03  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/4102644> Crash in LiveConnect below KJS::Bindings::JavaInstance::stringValue() const
-
-       Correctly handle accessing nil objects from a Java object array.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::valueAt):
-
-2005-05-01  Darin Adler  <darin@apple.com>
-
-        - move to Xcode native targets and stop checking in generated files
-
-        * JavaScriptCore.pbproj/project.pbxproj: Updated to use native targets and generate all the generated
-        files, so we don't have to check them in any more.
-        * Info.plist: Added. Native targets use a separate file for this.
-
-        * Makefile.am: Removed pcre and kjs SUBDIRS. Also removed code that deleted the embedded copy of this
-        framework, since we haven't been embedding it for some time.
-
-        * kjs/grammar_wrapper.cpp: Added. Shell used to compile grammar.cpp since we can't add a generated file
-        easily to the list of files to be compiled.
-
-        * kjs/.cvsignore: Removed.
-        * kjs/Makefile.am: Removed.
-        * kjs/array_object.lut.h: Removed.
-        * kjs/date_object.lut.h: Removed.
-        * kjs/grammar.cpp: Removed.
-        * kjs/grammar.cpp.h: Removed.
-        * kjs/grammar.h: Removed.
-        * kjs/lexer.lut.h: Removed.
-        * kjs/math_object.lut.h: Removed.
-        * kjs/number_object.lut.h: Removed.
-        * kjs/string_object.lut.h: Removed.
-        * pcre/.cvsignore: Removed.
-        * pcre/Makefile.am: Removed.
-        * pcre/chartables.c: Removed.
-
-2005-04-28  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave Harrison.
-
-        - fixed problems preventing us from compiling with gcc 4.0
-
-        * JavaScriptCore.pbproj/project.pbxproj: Removed -Wmissing-prototypes from
-        WARNING_CPLUSPLUSFLAGS since it's now a C-only warning.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::getSlot): Changed some %d to %ld where the parameters where long ints.
-        (JSObject::setSlot): Ditto.
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM): Ditto.
-        (KJS::Bindings::getJNIEnv): Ditto.
-        * bindings/objc/objc_utility.mm: Fixed include of <JavascriptCore/internal.h> that needed the
-        letter "S" capitalized.
-        * kjs/bool_object.cpp: (BooleanProtoFuncImp::call): Rearranged how this function returns to
-        avoid incorrect gcc 4.0 warning.
-        * kjs/collector.cpp: (KJS::Collector::markStackObjectsConservatively): Changed code to check
-        the alignment of the passed-in pointers to only require pointer-level alignment, not 8-byte alignment.
-        Prevents a crash on garbage collect when compiled with gcc 4.0.
-        * kjs/nodes.cpp:
-        (WhileNode::execute): Added a redundant return after an infinite loop to work around incorrect gcc 4.0 warning.
-        (ForNode::execute): Ditto.
-        (SwitchNode::execute):Rearranged how this function returns to avoid incorrect gcc 4.0 warning.
-        (LabelNode::execute): Ditto.
-        * kjs/string_object.cpp: (replace): Ditto.
-
-2005-04-26  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/4098713> Scripting API is incompatible with Mozilla
-       
-       We were incompatible with Mozilla's implementation of the scripting APIs in
-       two ways:
-
-       Their NPN_SetException has the following signature:
-
-            void NPN_SetException(NPObject *npobj, const NPUTF8 *message);
-
-       ours has:
-
-            void NPN_SetException (NPObject * npobj, const NPString *message);
-
-       Also, they expect the string returned from NPN_UTF8FromIdentifier() to be freed by caller.
-       We do not.
-
-       I changed both behaviors to match Mozilla.
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_SetException):
-        * bindings/npruntime.cpp:
-        (_NPN_UTF8FromIdentifier):
-        (_NPN_IntFromIdentifier):
-        (_NPN_SetExceptionWithUTF8):
-        * bindings/npruntime.h:
-        * bindings/npruntime_impl.h:
-
-2005-04-26  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Chris.
-
-       <rdar://problem/4092136> reproducible crash in KJS::kjs_fast_realloc loading maps.google.com
-        
-       * kjs/string_object.cpp:
-        (StringObjectFuncImp::call): Allocate adopted ustring buffer properly.
-
-2005-04-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        * kjs/ustring.cpp: (KJS::UString::UTF8String): Fix off-by-one error in surrogate pair logic.
-
-2005-04-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - fixed <rdar://problem/4090046> JavaScript throw statement causes parse error when no semicolon is present
-
-        * kjs/grammar.y: Added an additional rule for throw like the ones we have for all the other semicolon rules.
-        Not sure why we missed this one earlier.
-
-        * kjs/grammar.cpp: Regenerated.
-
-=== JavaScriptCore-412.1 ===
-
-2005-04-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - speedups, total 12% on JavaScript iBench
-
-        I ran the benchmark under Shark and followed its advice a lot, mainly.
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Take out special case for 0; costing speed but unexercised.
-        Use numLiveObjectsAtLastCollect instead of numAllocationsSinceLastCollect so we don't
-        have to bump it each time we call allocate. Put numLiveObjects into a local variable to
-        cut down on global variable accesses. Make "next" cell pointer be a byte offset rather
-        than a pointer so we don't need a special case for NULL. Allow freeList to point to some
-        bogus item when the entire block is full rather than going out of our way to make it
-        point to NULL.
-        (KJS::Collector::markProtectedObjects): Get table size and pointer into locals outside
-        the loop to avoid re-loading them over and over again.
-        (KJS::Collector::collect): Put numLiveObjects into a local variable to cut down on global
-        variable accesses. Make "next" cell pointer be a byte offset as above. Put numLiveObjects
-        into a local variable to cut down on global variable accesses. Set numLiveObjectsAtLastCollect
-        rather than numAllocationsSinceLastCollect.
-        (KJS::Collector::numReferencedObjects): Get table size and pointer into locals outside
-        the loop to avoid re-loading them over and over again.
-        (KJS::Collector::rootObjectClasses): Ditto.
-
-        * kjs/internal.h: Make Value be a friend of NumberImp so it can construct number objects
-        directly, avoiding the conversion from Number to Value.
-
-        * kjs/internal.cpp: (StringImp::toObject): Don't use Object::dynamicCast, because we know
-        the thing is an object and we don't want to do all the extra work; just cast directly.
-
-        * kjs/list.cpp: (KJS::List::List): Construct valueRefCount in a way that avoids the need for
-        a branch -- in the hot case this just meant avoiding checking a variable we just set to false.
-
-        * kjs/lookup.cpp: (keysMatch): Marked this inline.
-
-        * kjs/nodes.cpp: Disabled KJS_BREAKPOINT, to avoid calling hitStatement all the time.
-        (BooleanNode::evaluate): Make a Value directly, rather than making a Boolean which is converted
-        into a Value.
-        (NumberNode::evaluate): Ditto.
-        (StringNode::evaluate): Ditto.
-        (ArrayNode::evaluate): Ditto.
-        (FunctionCallNode::evaluate): Use new inline baseIfMutable to avoid unnecessary getBase function.
-        Also just use a pointer for func, rather than an Object.
-        (PostfixNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
-        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
-        integer and back.
-        (DeleteNode::evaluate): Make a Value directly.
-        (TypeOfNode::evaluate): Use new inline baseIfMutable and make Value directly.
-        (PrefixNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
-        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
-        integer and back.
-        (UnaryPlusNode::evaluate): Make a Value directly.
-        (NegateNode::evaluate): Change code so that it doesn't make an excess Number, and so that it
-        passes a "known to be integer" boolean in, often avoiding a conversion from floating point to
-        integer and back.
-        (BitwiseNotNode::evaluate): Make a Value directly.
-        (LogicalNotNode::evaluate): Ditto.
-        (ShiftNode::evaluate): Don't convert to a double before making a Value.
-        (RelationalNode::evaluate): Make a Value directly.
-        (EqualNode::evaluate): Ditto.
-        (BitOperNode::evaluate): Ditto.
-        (AssignNode::evaluate): Make a Value directly. Change code so that it passes a "known to be integer"
-        boolean in, often avoiding a conversion from floating point to integer and back.
-        (VarDeclNode::evaluate): Make a Value directly.
-        (ForNode::execute): Remove unused local variable.
-
-        * kjs/operations.h:
-        (KJS::isNaN): Inlined.
-        (KJS::isInf): Ditto.
-        (KJS::isPosInf): Ditto.
-        (KJS::isNegInf): Ditto.
-
-        * kjs/operations.cpp: Change isNaN, isInf, isPosInf, and isNegInf to be inlines.
-        (KJS::equal): Rewrite to avoid creating values and recursing back into the function.
-        (KJS::relation): Rearranged code so that we don't need explicit isNaN checks.
-        (KJS::add): Changed code to make Value directly, and so that it passes a "known to be integer"
-        boolean in, often avoiding a conversion from floating point to integer and back.
-        (KJS::mult): Ditto.
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap): Get size and entries pointer outside loop to avoid
-        re-getting them inside the loop.
-        (KJS::PropertyMap::clear): Ditto. Clear value pointer in addition to key, so we can just
-        look at the value pointer in the mark function.
-        (KJS::PropertyMap::get): Get sizeMask and entries pointer outside loop to avoid
-        re-getting them inside the loop.
-        (KJS::PropertyMap::put): Ditto.
-        (KJS::PropertyMap::insert): Ditto.
-        (KJS::PropertyMap::remove): Ditto.
-        (KJS::PropertyMap::mark): Get size and entries pointer outside loop to avoid
-        re-getting them inside the loop. Don't bother checking key for 0, since we already have
-        to check value for 0. (Also had to change clear() to set value to 0.)
-        (KJS::PropertyMap::addEnumerablesToReferenceList): Get size and entries pointer outside
-        loop to avoid re-getting them inside the loop.
-        (KJS::PropertyMap::addSparseArrayPropertiesToReferenceList): Ditto.
-        (KJS::PropertyMap::save): Ditto.
-
-        - other changes
-
-        * kjs/protected_values.h: Remove unneeded class name qualifiers.
-
-        * kjs/reference.h:
-        (KJS::Reference::baseIfMutable): New inline function: replaces isMutable().
-        (KJS::Reference::Reference): Inlined.
-        * kjs/reference.cpp:
-        (KJS::Reference::getValue): Rewrite to not use getBase.
-        (KJS::Reference::putValue): Ditto.
-        (KJS::Reference::deleteValue): Dittol
-
-        * kjs/simple_number.h:
-        (KJS::SimpleNumber::integerFits): Added. For use when the parameter is known to be integral.
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Create the number without first converting
-        to double in various cases that involve integers.
-
-        * kjs/ustring.h:
-        (KJS::UString::attach): Inlined.
-        (KJS::UString::release): Inlined.
-        * kjs/ustring.cpp:
-        (KJS::UString::find): Get first character outside the loop instead of re-fetching it each time.
-
-        * kjs/value.cpp:
-        (Value::Value): Added overloads for all the various specific types of values, so you don't have
-        to convert from, say, Number to Value, just to create one.
-        (Number::Number): Added an overload that takes a boolean to indicate the number is already
-        known to be an integer.
-
-        * kjs/value.h: Added more Value constructors, added a version of toNumber that returns
-        a boolean to indicate if the number is known to be an integer (because it was a "simple number").
-        (KJS::ValueImp::marked): Inlined.
-        (KJS::ValueImp::dispatchType): Inlined.
-        (KJS::ValueImp::dispatchToPrimitive): Inlined.
-        (KJS::ValueImp::dispatchToBoolean): Inlined.
-        (KJS::ValueImp::dispatchToNumber): Inlined.
-        (KJS::ValueImp::dispatchToString): Inlined.
-        (KJS::ValueImp::dispatchToUInt32): Inlined.
-
-2005-04-14  Maciej Stachowiak  <mjs@apple.com>
-
-        - make fast_malloc.h a private header, not project
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-2005-04-12  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Richard.
-
-       <rdar://problem/4089734> JavaScript iBench can be sped up ~10% with custom allocator
-
-       - use custom single-threaded malloc for all non-GC JavaScriptCore
-       allocations, for a 9.1% speedup on JavaScript iBench
-       
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Use dlmalloc to allocate the collector blocks.
-        (KJS::Collector::collect): And dlfree to free it.
-        * kjs/fast_malloc.cpp: Added, just the standard dlmalloc here.
-        * kjs/fast_malloc.h: Added. Declarations for the functions. Also added a handy
-       macro to give a class custom operator new/delete
-        * kjs/identifier.cpp:
-        (KJS::Identifier::add): Use dlmalloc/dlfree.
-        * kjs/nodes.h: make nodes KJS_FAST_ALLOCATED.
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::~PropertyMap): Use dlmalloc/dlfree.
-        (KJS::PropertyMap::rehash): ditto
-        * kjs/scope_chain.h:
-        * kjs/ustring.cpp:
-        (KJS::UString::Rep::createCopying): New named constructor that copies a passed-in
-       buffer, to hide allocation details from webcore.
-        (KJS::UString::UString): use createCopying when appropriate.
-        (KJS::UString::Rep::destroy): Use dlmalloc/dlfree.
-        (KJS::UString::expandedSize): likewise
-        (KJS::UString::expandCapacity): likewise
-        (KJS::UString::expandPreCapacity): likewise
-        (KJS::UString::spliceSubstringsWithSeparators): likewise
-        (KJS::UString::append): likewise
-        (KJS::UString::operator=): likewise
-        (KJS::UString::detach): likewise
-        * kjs/ustring.h: make UString and UString::Rep KJS_FAST_ALLOCATED.
-
-2005-04-11  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-       <rdar://problem/4086819> Avoid using protect count hash table so much for 5.6% JS iBench speedup
-
-       - Avoid using protected values hash for the two most common cases
-       - Bump up ListImp high water mark, new testing shows 508 ListImps are
-       created during JS iBench.
-
-       Net result is a 5.6% speedup on JavaScript iBench
-       
-        * kjs/collector.cpp:
-        (KJS::Collector::collect): mark protected lists as appropriate.
-        * kjs/context.h:
-        * kjs/list.cpp:
-        (KJS::ListImp::markValues): Moved implementation from List::markValues
-        (KJS::List::markProtectedLists): Implemented - scan pool and overflow
-       list.
-        (KJS::allocateListImp): link lists outside the pool into a separate
-       doubly linked list to be able to mark protected lists
-        (KJS::deallocateListImp): do the corresponding delinking
-        (KJS::List::derefValues): do nothing in conservative GC mode
-        (KJS::List::refValues): do nothing in conservative GC mode
-        (KJS::List::markValues): call ListImp version
-        (KJS::List::append):
-        * kjs/list.h:
-
-=== Safari-412 ===
-
-=== Safari-411 ===
-
-=== Safari-410 ===
-
-=== Safari-409 ===
-
-=== Safari-408 ===
-
-=== Safari-407 ===
-
-2005-03-16  Jens Alfke  <jens@apple.com>
-
-        Reviewed by Kevin.
-
-       Fix for <rdar://problem/4025212> "REGRESSION (163-164): search not performed correctly; united.com"
-       JavaScript unescape("") was returning a messed-up String object that appeared identical to an empty string, but would in some cases act as 'null' when passed to native functions, in this case the Option() constructor.
-       In the implementation of unescape, the UString holding the result was not initialized to "", so it started out as a null string. If nothing was appended to it, it remained null, resulting in a JavaScript String object with some bad behaviors (namely, converting it to a DOMStringImpl results in a NULL pointer.)
-       Darin says this regression occurred when we replaced our own implementation of unescape() with code from KJS.
-
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call):
-
-2005-03-15  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/4053276> WebScripting protocol in WebKit cannot convert Boolean in Javascript to BOOL in Objective-C
-
-       Added JavaScript boolean to type that can be converted to
-       ObjC scalar parameters.
-
-        Reviewed by Ken Kocienda.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-
-=== Safari-406 ===
-
-=== Safari-405 ===
-
-=== Safari-403 ===
-
-=== Safari-402 ===
-
-=== Safari-401 ===
-
-=== Safari-400 ===
-
-=== Safari-188 ===
-
-2005-02-21  Darin Adler  <darin@apple.com>
-
-        * kjs/date_object.cpp: (timetUsingCF): Fixed indenting.
-
-2005-02-17  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/4003251> Safari crashed at www.icelandair.com in LiveConnect code converting a Java object to a string
-
-       Added nil check.
-
-        Reviewed by John Sullivan.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-
-=== Safari-187 ===
-
-2005-02-11  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3985118> DOM objects not being marshaled on JS->native calls
-
-       Re-factored how 'native' wrappers for JS objects are created.  The interpreter now
-       creates these wrappers.  The WebCore subclass of the interpreter now overrides
-       createLanguageInstanceForValue() and creates a DOM ObjC wrapper for DOM objects.
-
-        Reviewed by Ken.
-
-        * bindings/c/c_utility.cpp:
-        (convertValueToNPVariant):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        (JavaArray::valueAt):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject _setExecutionContext:KJS::Bindings::]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-        (KJS::Bindings::createObjcInstanceForValue):
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        (Instance::createRuntimeObject):
-        (Instance::createLanguageInstanceForValue):
-        * bindings/runtime.h:
-        * kjs/interpreter.cpp:
-        (Interpreter::createLanguageInstanceForValue):
-        * kjs/interpreter.h:
-
-=== Safari-186 ===
-
-2005-02-10  Darin Adler  <darin@apple.com>
-
-        "Reviewed" by Richard (he told me the file was obsolete).
-
-        - got rid of an obsolete file
-
-        * bindings/npsap.h: Removed.
-
-=== Safari-185 ===
-
-=== Safari-183 ===
-
-2005-02-03  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3972905> CrashTracer: ...36 crashes at com.apple.WebCore: khtml::CSSStyleSelector::applyDeclarations + 120
-
-       Revert to old (and correct) behavior of returning runtime object
-       when passed as a parameter, rather than it's corresponding DOM
-       object.
-
-        Reviewed by Chris.
-
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-
-=== Safari-182 ===
-
-2005-01-28  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3980389> JavaScript bindings access incorrect runtime object
-
-       Only use special 'back door' property to get the runtime object if thisObj isn't
-       already a runtime object.
-
-       <gratuitous> Cleaned up a couple of strcmp on ClassInfo name.  Used == on
-       ClassInfo pointer instead.
-
-        Reviewed by Chris.
-
-        * bindings/c/c_utility.cpp:
-        (convertValueToNPVariant):
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-
-=== Safari-181 ===
-
-2005-01-26  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3972522> (179-180) 40% slowdown on iBench JavaScript test
-
-       I added a member variable to ObjectImp.  This changed it's size and consequently
-       hampered the optimizations built into the garbage collector.  Objects no longer
-       fit within the allocators cell size, and thus allocation fell back to a slower
-       allocator.
-
-       As a result of this fix I also dramatically cleaned up how runtime objects are
-       accessed.  The path mostly *removes* code.
-       
-        Reviewed by Chris.
-
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::defaultValue):
-        * bindings/runtime_object.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::ObjectImp):
-        * kjs/object.h:
-
-2005-01-20  Darin Adler  <darin@apple.com>
-
-        Reviewed by me, changes by Han Ming Ong.
-
-        - <rdar://problem/3964302> SWB: A few files need to be updated to be compilable under GCC 4.0
-
-        * bindings/objc/WebScriptObjectPrivate.h: Make members public.
-        * kjs/lookup.h: Change "value.h" to "object.h" because we need KJS::Object to compile a template.
-
-2005-01-20  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3964634> undefined property value from binding seems to evaluate to true in an if statement
-
-       The comprehensive fix for this problem requires new API, as described in 3965326.  However,
-       given that we can't add new API at this point, the 'ObjcFallbackObjectImp' will behave
-       like and Undefined object if  invokeUndefinedMethodFromWebScript:withArguments: isn't
-       implemented on the bound object.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::type):
-        (ObjcFallbackObjectImp::implementsCall):
-        (ObjcFallbackObjectImp::toBoolean):
-        * bindings/testbindings.mm:
-        (+[MyFirstInterface isSelectorExcludedFromWebScript:]):
-        (+[MyFirstInterface isKeyExcludedFromWebScript:]):
-
-=== Safari-180 ===
-
-2005-01-19  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3853676> Browser Crash when accessing CCWeb Progress Page - KJS::Bindings::convertValueToJValue
-
-       Fixed the following problems with LiveConnect that are demonstrated by the application
-       described in 3853676.
-
-       1.  If a nil object is passed in an array from Java to JavaScript we will crash.
-       2.  We sometimes will incorrectly attempt to access a generic JavaScript as a Java runtime object wrapper.
-       3.  We will sometimes fail to find the correct static method ID.
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::convertJObjectToValue):
-        (JSObject::listFromJArray):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        (JavaField::setValueToInstance):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getMethodID):
-        (KJS::Bindings::convertValueToJValue):
-        * bindings/runtime_array.h:
-
-2005-01-18  Richard Williamson   <rjw@apple.com>
-
-       Fixed several issues all arising from analysis of plugin detection code at ifilm.com:
-
-       Fixed <rdar://problem/3958592> can't script plug-ins if plug-in is invoked with <object> element instead of <embed>
-       Fixed <rdar://problem/3958597> <object> elements with IDs do not show up as named properties of the document
-       Fixed <rdar://problem/3960973> DOM objects for plugin elements are not accessible
-       Fixed <rdar://problem/3958601> need an additional class ID in WebCore for the Real plug-in
-
-       We now support accessing scriptable plugin objects that are specified with <applet>, <embed>, or <object>
-       tags.  Also, if any of these elements are named they can be accessed from the document or window objects.
-       Finally, DOM methods are properties will be forwarded appropriately for the plugin's root scriptable object.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::supportsSetValueOfUndefinedField):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::supportsSetValueOfUndefinedField):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::defaultValue):
-        * bindings/runtime_object.h:
-        (KJS::RuntimeObjectImp::fallbackObject):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::ObjectImp):
-        * kjs/object.h:
-        (KJS::ObjectImp::forwardingScriptMessage):
-        (KJS::ObjectImp::setForwardingScriptMessage):
-
-2005-01-18  Richard Williamson   <rjw@apple.com>
-
-       Back out a change that was incorrectly committed yesterday.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-
-2005-01-17  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3753030> Need to ensure same origin for plugin binding invocations (origin security rules)
-
-       Keep track of originating execution context and target execution
-       context for native JS object wrappers, and perform appropriate
-       security checks.
-
-        Reviewed by David Harrison.
-
-        * bindings/NP_jsobject.cpp:
-        (_isSafeScript):
-        (_NPN_CreateScriptObject):
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        (_NPN_SetException):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::stringValue):
-        * bindings/c/c_instance.h:
-        * bindings/c/c_utility.cpp:
-        (convertValueToNPVariant):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::valueOf):
-        * bindings/jni/jni_instance.h:
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject _initializeWithObjectImp:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        (-[WebScriptObject _initWithObjectImp:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        (-[WebScriptObject KJS::Bindings::]):
-        (-[WebScriptObject _setOriginExecutionContext:KJS::Bindings::]):
-        (-[WebScriptObject _isSafeScript]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject removeWebScriptKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        (-[WebScriptObject webScriptValueAtIndex:]):
-        (-[WebScriptObject setWebScriptValueAtIndex:value:]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::originExecutionContext:Bindings::executionContext:Bindings::]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_runtime.mm:
-        (convertValueToObjcObject):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        * bindings/runtime.cpp:
-        (Instance::Instance):
-        (Instance::operator=):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::Instance):
-        (KJS::Bindings::Instance::setExecutionContext):
-        (KJS::Bindings::Instance::executionContext):
-        * bindings/runtime_root.cpp:
-        (RootObject::setInterpreter):
-        * bindings/runtime_root.h:
-        * kjs/interpreter.h:
-        (KJS::Interpreter::isGlobalObject):
-        (KJS::Interpreter::interpreterForGlobalObject):
-        (KJS::Interpreter::isSafeScript):
-
-=== Safari-179 ===
-
-2005-01-13  Vicki Murley <vicki@apple.com>
-
-        Reviewed by Adele.
-
-       - fix <rdar://problem/3946836> Safari about box lists 2004 instead of 2005
- 
-        * JavaScriptCore.pbproj/project.pbxproj: bump "2004" to "2005"
-
-2005-01-12  Richard Williamson   <rjw@apple.com>
-
-       Avoid additional work on dealloc by adding early out to
-       removeNativeReference().  (This will save time on dealloc
-       for all ObjC DOM objects.)
-
-        Reviewed by Darin.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::removeNativeReference):
-
-2005-01-12  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3923356> REGRESSION: Java/JavaScript security checks working incorrectly
-
-       We were always returning the first "root" object for all runtime
-       objects.  Changed 0 in loop to i, the index.
-
-        Reviewed by David Harrison.
-
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::rootForImp):
-
-2005-01-11  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3887930> Must use new Java plug-in API to get/set fields so exception handling works (fixes many LiveConnect crashes)
-
-       Use the new dispatching API to invoke JNI, rather than calling JNI
-       directly.
-
-        Reviewed by David Harrison.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::dispatchValueFromInstance):
-        (JavaField::valueFromInstance):
-        (JavaField::dispatchSetValueToInstance):
-        (JavaField::setValueToInstance):
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-
-=== Safari-178 ===
-
-=== Safari-177 ===
-
-=== Safari-176 ===
-
-2004-12-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Kevin.
-
-       <rdar://problem/3926869> Opening caches window after running PLT causes crash
-       
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::getProtectCount): Don't include simple numbers in
-       the protected value table.
-        (KJS::ProtectedValues::increaseProtectCount): Ditto.
-        (KJS::ProtectedValues::decreaseProtectCount): Ditto.
-
-2004-12-16  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3920764> Unimplemented String methods toLocaleLowerCase and toLocaleUpperCase
-
-        * kjs/string_object.h: Added toLocaleLowerCase and toLocaleUpperCase.
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Made locale versions be synonmyms for the
-        non-locale-specific versions.
-        * kjs/string_object.lut.h: Regenerated.
-
-2004-12-14  Richard Williamson   <rjw@apple.com>
-
-       Pass URL of plugin view when call into JNI.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-
-2004-12-13  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3827799> repro. crash with IBM Rational ClearCase Web under Safari (Java/LiveConnect-related)
-
-       Add support for calling static Java methods from JavaScript.
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaMethod::isStatic):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIStaticMethod):
-        (KJS::Bindings::callJNIBooleanMethod):
-        (KJS::Bindings::callJNIStaticBooleanMethod):
-        * bindings/jni/jni_utility.h:
-
-2004-12-13  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3887767> LiveConnect doesn't propagate Java exceptions back to JavaScript (prevents security suite from running)
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_objc.mm:
-        (KJS::Bindings::dispatchJNICall):
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni/jni_utility.h:
-
-=== Safari-175 ===
-
-2004-12-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       <rdar://problem/3908017> REGRESSION (172-173): assertion in ObjectImp::construct trying to create JS error (24hourfitness.com)
-
-       The fix was to implement copy constructor and assignment operator,
-       the ones that worked on the base class did not replace the
-       defaults apparently!
-       
-        * kjs/protect.h:
-        (KJS::ProtectedValue::ProtectedValue):
-        (KJS::ProtectedValue::operator=):
-        (KJS::ProtectedObject::ProtectedObject):
-        (KJS::ProtectedObject::operator=):
-        
-       Also fixed a bug in the GC test mode that compares the results of
-       the old collector and the new collector.
-
-       * kjs/value.cpp:
-        (ValueImp::mark):
-
-=== Safari-173 ===
-
-2004-11-23  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3890385> field and method cache incorrectly capped (c bindings)
-
-        Reviewed by Ken.
-
-        * bindings/c/c_class.cpp:
-        (CClass::_commonInit):
-
-2004-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-       <rdar://problem/3889696> Enable conservative garbage collection for JavaScript
-        
-       * kjs/collector.cpp:
-        (KJS::Collector::Thread::Thread):
-        (KJS::destroyRegisteredThread):
-        (KJS::initializeRegisteredThreadKey):
-        (KJS::Collector::registerThread):
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::markCurrentThreadConservatively):
-        (KJS::Collector::markOtherThreadConservatively):
-        * kjs/collector.h:
-        * kjs/internal.cpp:
-        (lockInterpreter):
-        * kjs/value.h:
-
-=== Safari-172 ===
-
-2004-11-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3880561> Default string value of ObjC object in JS should be [obj description].
-
-        Reviewed by Hyatt.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::stringValue):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertNSStringToString):
-        (KJS::Bindings::convertObjcValueToValue):
-
-=== Safari-171 ===
-
-2004-11-09  Chris Blumenberg  <cblu@apple.com>
-
-       Fixed: <rdar://problem/3872724> soft link against JavaVM to save ~2MB RSHRD
-
-        Reviewed by rjw.
-
-        * ChangeLog:
-        * JavaScriptCore.pbproj/project.pbxproj: don't link against JavaVM
-        * bindings/softlinking.c: Added.
-        (loadFramework): new
-        (getFunctionPointer): new
-        (JNI_GetCreatedJavaVMs): load JavaVM if not already loaded, get _JNI_GetCreatedJavaVMs symbol if we don't already have it, call JNI_GetCreatedJavaVMs
-
-=== Safari-170 ===
-
-2004-11-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed <rdar://problem/3865365> since -[WebScriptObject dealloc] does not call [super dealloc], the build will fail due to a warning
-        - fixed behavior so that [[WebScriptObject alloc] initWithCoder:] doesn't leak WebUndefined instances
-          and incidentally so that [[WebScriptObject alloc] init] returns the single shared instance rather
-          than allocating a new one
-
-        * bindings/objc/WebScriptObject.mm: Removed some stray semicolons.
-        (+[WebUndefined allocWithZone:]): Made this the common bottleneck that returns the single instance
-        of WebUndefined, since it's the single method that normally allocates new instances. Calls super to
-        actually allocate only the very first time it's called.
-        (-[WebUndefined initWithCoder:]): Simplified to just return self (no reason to re-lookup the single
-        shared instance since there can be only one).
-        (-[WebUndefined copyWithZone:]): Ditto.
-        (-[WebUndefined retain]): Ditto.
-        (-[WebUndefined retainCount]): Use UINT_MAX constant here (matches usage in NSObject.m for retain count
-        of class).
-        (-[WebUndefined autorelease]): Simplified to just return self (see above).
-        (-[WebUndefined copy]): No need to override this since it just turns around and calls copyWithZone:.
-        (-[WebUndefined dealloc]): Added an assertion since this method should never be called. Also added
-        a call to [super dealloc] after return; to make the new -Wdealloc-check compiler happy (fixing the
-        bug mentioned above).
-        (+[WebUndefined undefined]): Reimplemented; calls allocWithZone:NULL to get to the shared instance.
-        No need to call init, since that's a no-op for this class.
-
-2004-11-03  David Harrison  <harrison@apple.com>
-
-        Reviewed by Darin.
-        
-        Eliminate the use of a marker file to determine how to build.
-
-        * .cvsignore:
-        * Makefile.am:
-
-2004-11-01  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3861469> Latest Real player crashes Safari on some sites.
-
-        Reviewed by Ken.
-
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        (CInstance::invokeDefaultMethod):
-        Initialize out parameters to void type.
-
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        Initialize out parameters to void type.
-        Also added additional checks to protect against classes that 
-        don't implement all functions.
-
-2004-11-01  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3861257> WebUndefined should be returned for undefined values
-
-        Reviewed by John.
-
-        * ChangeLog:
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-       Added additional conversion Undefined -> WebUndefined.
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-       Added additional conversion WebUndefined -> Undefined.
-
-2004-11-01  Darin Adler  <darin@apple.com>
-
-        - fixed <rdar://problem/3855573> Remove reference to "WebScriptMethods" from WebScriptObject.h comments
-
-        * bindings/objc/WebScriptObject.h: Removed unneeded #ifdef protection for multiple includes (since
-        this is an Objective-C header and we use #import for those). Fixed comments as requested in the bug
-        report to match the contents of the file.
-
-=== Safari-169 ===
-
-=== Safari-168 ===
-
-2004-10-22  Ken Kocienda  <kocienda@apple.com>
-
-        Reviewed by me
-
-        * JavaScriptCore.pbproj/project.pbxproj:  
-        Add GCC_ENABLE_OBJC_GC and GCC_FAST_OBJC_DISPATCH flags.
-
-=== Safari-167 ===
-
-2004-10-13  Richard Williamson   <rjw@apple.com>
-
-       Moved boolean checks prior to NSNumber checks.  booleans are
-       NSNumbers.
-
-       Follow on to <rdar://problem/3821515> binding layer needs to convert NSNumber-bools to js type boolean not number.
-
-        Reviewed by John.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-
-2004-10-12  Richard Williamson   <rjw@apple.com>
-
-        Fixed access to DOM object via WebScriptObject API.
-        The execution context for DOM objects wasn't being found.      
-        <rdar://problem/3831372> The valueForKey method for @"offsetLeft" on a paragraph element causes a crash.
-
-        Reviewed by Chris.
-
-        * bindings/objc/WebScriptObject.mm:
-        (_didExecute):
-        (-[WebScriptObject KJS::Bindings::]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-
-2004-10-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fixed <rdar://problem/3804661> REGRESSION: JavaScriptCore framework now has two init routines
-
-        * bindings/NP_jsobject.cpp: Fixed unnecessarily-complex globals set up that was
-        creating an init routine.
-
-        * kjs/ustring.cpp: Changed around the UString::Rep::empty construction to not
-        require a global constructor that creates an init routine.
-
-2004-10-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fixed <rdar://problem/3822618> REGRESSION (164-165): expedia.com's popup help doesn't work
-
-        * kjs/reference.cpp: (Reference::putValue): Change so that references not found in any object
-        work with the window object of the page the function is in, not the page of the caller. This
-        is what all other browsers do. This code was hidden before by the "everything is defined on
-        window object" hack in WebCore.
-
-2004-10-07  Richard Williamson   <rjw@apple.com>
-
-       Added simple JavaScript call tracing.  Very useful for
-        debugging complex pages.
-
-       Tracing is only available in development builds and is
-       enabled by:
-
-       (gdb) set traceJavaScript = 1
-
-       or programatically
-
-       setTraceJavaScript(true)
-
-       Function, args, and return values are printed to console.  Very
-       verbose.
-
-        Reviewed by Ken.
-
-        * kjs/function_object.cpp:
-        (FunctionProtoFuncImp::call):
-        * kjs/object.cpp:
-        (KJS::Object::call):
-
-=== Safari-166 ===
-
-2004-10-05  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3819234> NPN_SetException (and throwException:) isn't implemented
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_SetException):
-        * bindings/npruntime.cpp:
-        (_NPN_SetExceptionWithUTF8):
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject throwException:]):
-        * kjs/internal.h:
-        (KJS::InterpreterImp::context):
-
-2004-10-05  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3821515> binding layer needs to convert NSNumber-bools to js type boolean not number
-
-        Reviewed by Ken.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-
-2004-10-04  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - rolled in a fix the KDE folks did for the operations that generate HTML fragments
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Added quote marks to generated HTML.
-
-        - rolled out an old workaround we don't need any more
-
-        * JavaScriptCore.pbproj/project.pbxproj: Remove -Wno-long-double because the <math.h> issue that
-        required it is no longer there.
-
-2004-09-30  Richard Williamson  <rjw@apple.com>
-
-       Fixed <rdar://problem/3821215> NPN hasMethod and hasProperty functions should take NPObjects, not NPClass
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (_NPN_GetProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodsNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/npruntime.h:
-        * bindings/objc/objc_class.h:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::hasProperty):
-
-2004-09-29  Chris Blumenberg  <cblu@apple.com>
-
-       Prepended underscores to NPN methods so that when the QT plug-in loads these symbols, it uses the non-underscore versions in WebKit. Without this, the QT plug-in was failing to load when launching Safari from the command-line.
-
-        Reviewed by rjw.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (_NPN_CreateScriptObject):
-        (_NPN_InvokeDefault):
-        (_NPN_Invoke):
-        (_NPN_Evaluate):
-        (_NPN_GetProperty):
-        (_NPN_SetProperty):
-        (_NPN_RemoveProperty):
-        (_NPN_HasProperty):
-        (_NPN_HasMethod):
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::~CInstance):
-        (CInstance::operator=):
-        (CInstance::invokeMethod):
-        (CInstance::invokeDefaultMethod):
-        * bindings/c/c_runtime.cpp:
-        * bindings/c/c_runtime.h:
-        (KJS::Bindings::CField::name):
-        (KJS::Bindings::CMethod::name):
-        * bindings/npruntime.cpp:
-        (_NPN_GetStringIdentifier):
-        (_NPN_GetStringIdentifiers):
-        (_NPN_GetIntIdentifier):
-        (_NPN_IdentifierIsString):
-        (_NPN_UTF8FromIdentifier):
-        (_NPN_IntFromIdentifier):
-        (NPN_InitializeVariantWithObject):
-        (_NPN_ReleaseVariantValue):
-        (_NPN_CreateObject):
-        (_NPN_RetainObject):
-        (_NPN_ReleaseObject):
-        (_NPN_SetExceptionWithUTF8):
-        (_NPN_SetException):
-
-2004-09-26  Darin Adler  <darin@apple.com>
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Remove strange use of high() and
-        low() to get Unicode value of character, and just use unicode().
-
-2004-09-26  Darin Adler  <darin@apple.com>
-
-        - refine charAt/charCodeAt fix slightly
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Treat undefined the same was as an
-        omitted parameter, as we do everywhere else, and as other browsers do here.
-
-2004-09-26  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fixed <rdar://problem/3816097> REGRESSION: mailblocks, and presumably many other pages, failing because variable not found
-
-        * kjs/internal.cpp: (InterpreterImp::evaluate): Process variable declarations before executing
-        the program. We were doing this properly for functions, but not entire programs.
-
-        - fixed <rdar://problem/3814706> REGRESSION: text fields in mailblocks wizards do not accept keystrokes due to use of charCodeAt()
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Changed the implementation of charAt
-        and charCodeAt to treat a missing parameter as an index of 0, rather than an invalid index.
-
-        * tests/mozilla/expected.html: Update for two tests that now pass with these changes.
-
-=== Safari-165 ===
-
-=== Safari-164 ===
-
-2004-09-14  Richard Williamson   <rjw@apple.com>
-
-        1.  Add class parameter to object allocation function.  This is somewhat redundant, given that
-        the allocation function is in the class function vector, but people wanted to use the same
-        allocation function for different classes.
-        
-        2.  Renamed NPN_Class to NPN_Invoke to match the name in the function vector.
-        
-        3.  Add support for a default function on an object.  This is a feature that ActiveX supports,
-        and will allow JavaScript code to be written that will look exactly the same for both ActiveX
-        plugins and Netscape or WebKit plugins.  There are implementations included for the 'C' and
-        'Objective-C' bindings.
-        
-        There bugs are covered by
-        
-        <rdar://problem/3776343> Support for default functions in the JavaScript bindings
-        <rdar://problem/3779186> NPN_Call needs to be renamed to NPN_Invoke
-        <rdar://problem/3674754> Need to implement latest npruntime.h
-
-        Reviewed by John.
-
-        * bindings/NP_jsobject.cpp:
-        (jsAllocate):
-        (NPN_InvokeDefault):
-        (NPN_Invoke):
-        * bindings/c/c_class.cpp:
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::operator=):
-        (CInstance::invokeMethod):
-        (CInstance::invokeDefaultMethod):
-        * bindings/c/c_instance.h:
-        * bindings/c/c_runtime.cpp:
-        * bindings/c/c_runtime.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeDefaultMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/npruntime.cpp:
-        (NPN_CreateObject):
-        * bindings/npruntime.h:
-        * bindings/objc/WebScriptObject.h:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::fallbackObject):
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeDefaultMethod):
-        * bindings/objc/objc_runtime.h:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcFallbackObjectImp::ObjcFallbackObjectImp):
-        (ObjcFallbackObjectImp::get):
-        (ObjcFallbackObjectImp::put):
-        (ObjcFallbackObjectImp::canPut):
-        (ObjcFallbackObjectImp::implementsCall):
-        (ObjcFallbackObjectImp::call):
-        (ObjcFallbackObjectImp::hasProperty):
-        (ObjcFallbackObjectImp::deleteProperty):
-        (ObjcFallbackObjectImp::defaultValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Class::fallbackObject):
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::setValueOfUndefinedField):
-        (KJS::Bindings::Instance::valueOf):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::implementsCall):
-        (RuntimeObjectImp::call):
-        * bindings/runtime_object.h:
-
-2004-09-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       <rdar://problem/3794735> Gmail- sending a very long message with Safari is so slow it seems like a hang
-        
-       * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): Replaced implementation of replace()
-       method with function below...
-       (replace): In order to avoid excessive allocation and copying,
-       figure out the ranges of the original string and replacement
-       strings to be assembled, instead of constantly creating new
-       strings at each substitution. The old behavior is basically O(N^2)
-       for a global replace on a pattern that matches many places in the
-       string.
-        (regExpIsGlobal): Helper function for the above.
-        (expandSourceRanges): ditto
-        (pushSourceRange): ditto
-        (expandReplacements): ditto
-        (pushReplacement): ditto
-        * kjs/ustring.cpp:
-       (KJS::UString::spliceSubstringsWithSeparators): New method that
-       pieces together substring ranges of this string together with
-       specified separators, all at one go.
-        * kjs/ustring.h:
-        (KJS::UString::Range::Range): Added new helper class to represent
-       substring choices.
-
-2004-09-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-       - fixed <rdar://problem/3800315> encode-URI-test layout test is failing
-       
-        * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call): Make sure to escape null
-       characters. This is a bug in the new code that made part of the
-       test fail.
-
-2004-09-13  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin and Maciej.
-
-        - new function to support fix for DIG bug in WebCore
-
-        * kjs/scope_chain.h: Added new push function that pushes another entire scope chain.
-        * kjs/scope_chain.cpp: (KJS::ScopeChain::push): Ditto.
-
-2004-09-12  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/expected.html: Updated test results for 3 more tests that pass with the new version
-        of escape and unescape.
-
-2004-09-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3798209> any non-ASCII characters are garbled in the result of toLocaleString
-
-        * kjs/date_object.cpp:
-        (formatLocaleDate): Replaced two old functions that used LongDateTime with this one new function that
-        uses CFDateFormatter.
-        (DateProtoFuncImp::call): Call the new formatLocaleDate instead of both formatLocaleDate and formatLocaleTime.
-
-2004-09-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Richard.
-
-       <rdar://problem/3493140> REGRESSION (85-100): cedille displays %-escaped in JavaScript message at hotmail.com
-
-       * kjs/function.cpp:
-        (KJS::GlobalFuncImp::call): Replace our escape() and unescape() implementations with
-       ones from KDE KJS, which have the proper latin-1 behavior to match Win IE.
-        * kjs/lexer.cpp:
-        (Lexer::isHexDigit): Made static and non-const.
-        * kjs/lexer.h:
-
-=== Safari-163 ===
-
-2004-09-06  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj: Bump MACOSX_DEPLOYMENT_TARGET to 10.3.
-
-=== Safari-162 ===
-
-2004-09-01  Richard Williamson   <rjw@apple.com>
-
-       Add pid to exception messages (to help debug dashboard clients).
-
-        Reviewed by Chris.
-
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate):
-
-=== Safari-161 ===
-
-2004-08-20  Richard Williamson   <rjw@apple.com>
-
-        Implemented new JNI abstraction.  We no longer invoke Java methods
-        directly with JNI, rather we call into the plugin.  This allows the
-        plugin to dispatch the call to the appropriate VM thread.  This
-        change should (will?) fix a whole class of threading related problems with
-        the Java VM.
-
-        Reviewed by Hyatt.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/c/c_instance.h:
-        (KJS::Bindings::CInstance::setExecutionContext):
-        (KJS::Bindings::CInstance::executionContext):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::invokeMethod):
-        (JavaInstance::setExecutionContext):
-        (JavaInstance::executionContext):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::convertJObjectToValue):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (JavaArray::convertJObjectToArray):
-        (JavaField::valueFromInstance):
-        (JavaArray::JavaArray):
-        (JavaArray::valueAt):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaArray::operator=):
-        (KJS::Bindings::JavaArray::executionContext):
-        * bindings/jni/jni_utility.h:
-        * bindings/objc/objc_instance.h:
-        (KJS::Bindings::ObjcInstance::setExecutionContext):
-        (KJS::Bindings::ObjcInstance::executionContext):
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::nativeHandle):
-
-=== Safari-158 ===
-
-2004-08-19  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by John.
-
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::put): initialize deletedElementIndex to zero, to make the compiler happy
-
-2004-08-17  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fixed <rdar://problem/3746676> SAP WebDynpro app hangs inside JavaScript property map hash table code (deleted sentinel problem)
-
-        * kjs/property_map.h: Added some private functions.
-        * kjs/property_map.cpp:
-        (KJS::PropertyMap::clear): Set sentinelCount to 0.
-        (KJS::PropertyMap::put): Complete search for the element before choosing to use the deleted-element sentinel.
-        Also keep sentinel count up to date when we destroy a sentinel by overwriting with a new added element.
-        (KJS::PropertyMap::expand): Added. Calls rehash with a size 2x the old size, or 16.
-        (KJS::PropertyMap::rehash): Added. Refactored the rehash code into a separate function.
-        (KJS::PropertyMap::remove): Add one to sentinelCount, and rehash if 1/4 or more of the elements are
-        deleted-element sentinels.
-        (KJS::PropertyMap::checkConsistency): Check the sentinelCount.
-
-2004-08-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Code change by Eric Albert, reviewd by me.
-
-       <rdar://problem/3571960> washingtonpost.com claims I don't have cookies enabled and won't let me read articles
-
-        * kjs/date_object.cpp:
-        (timetUsingCF): Clamp time to LONG_MAX (getting rid of time_t
-       entirely would be even better, but is not required to fix this bug.
-
-=== Safari-157 ===
-
-2004-08-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3581092> cash in KJS::Bindings::JSObject::eval at tcvetantcvetkov.com
-
-        Adds bullet proofing to protect against evaluation of bogus JS in all the flavors of bindings (Java, C, and ObjC).
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (NPN_Evaluate):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::eval):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject evaluateWebScript:]):
-
-2004-08-15  Richard Williamson   <rjw@apple.com>
-
-       More updates to np headers.  Implemented new NPN functions.
-
-        Reviewed by Darin.
-
-        * bindings/NP_jsobject.cpp:
-        (NPN_HasProperty):
-        (NPN_HasMethod):
-        * bindings/npapi.h:
-        * bindings/npruntime.h:
-
-2004-08-13  Darin Adler  <darin@apple.com>
-
-        - fix build so we can compile again
-
-        * bindings/npapi.h: Added. Richard forgot to check this in. The one I'm checking in here
-        is good enough so that we can compile, but it's only a stopgap measure, because I think
-        Richard has a newer one he wants to check in.
-
-2004-08-12  Richard Williamson   <rjw@apple.com>
-
-       Bring npruntime.h and friends closer to compliance with
-       latest spec.
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (jsAllocate):
-        (_NPN_CreateScriptObject):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_RemoveProperty):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/c/c_utility.cpp:
-        (convertNPVariantToValue):
-        * bindings/npruntime.cpp:
-        (NPN_IdentifierIsString):
-        (NPN_VariantIsVoid):
-        (NPN_VariantIsNull):
-        (NPN_VariantIsUndefined):
-        (NPN_VariantIsBool):
-        (NPN_VariantIsInt32):
-        (NPN_VariantIsDouble):
-        (NPN_VariantIsString):
-        (NPN_VariantIsObject):
-        (NPN_VariantToBool):
-        (NPN_VariantToString):
-        (NPN_VariantToInt32):
-        (NPN_VariantToDouble):
-        (NPN_VariantToObject):
-        (NPN_InitializeVariantAsVoid):
-        (NPN_InitializeVariantAsNull):
-        (NPN_InitializeVariantAsUndefined):
-        (NPN_InitializeVariantWithBool):
-        (NPN_InitializeVariantWithInt32):
-        (NPN_InitializeVariantWithDouble):
-        (NPN_InitializeVariantWithString):
-        (NPN_InitializeVariantWithStringCopy):
-        (NPN_InitializeVariantWithObject):
-        (NPN_InitializeVariantWithVariant):
-        (NPN_ReleaseVariantValue):
-        (NPN_CreateObject):
-        * bindings/npruntime.h:
-        (_NPString::):
-        (_NPString::_NPVariant::):
-        * bindings/npruntime_priv.h: Added.
-
-2004-08-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Adele.
-
-        - fixed 3 problems with parse functions that I just wrote, fixing 3 more Mozilla JavaScript tests
-
-        * kjs/function.cpp:
-        (KJS::parseDigit): Fix typo, 'Z' instead of 'z', that prevented lowercase hex digits from working.
-        (KJS::parseInt): Add octal support. Specification says it's optional, but I guess not.
-        (KJS::parseFloat): Fix check for "0x" in parseFloat to return 0 rather than NaN. Also add code
-        to skip leading "+" or "-".
-
-=== Safari-156 ===
-
-2004-08-12  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed 43 Mozilla JavaScript tests
-
-        * kjs/date_object.h: Change parseDate and timeClip to take and return doubles.
-        * kjs/date_object.cpp:
-        (DateObjectImp::construct): Change to use a timeClip function that takes and returns a double rather
-        than constructing a number object to pass to it.
-        (DateObjectFuncImp::call): Change to use a parseDate function that returns a double.
-        (KJS::parseDate): Change to return a double instead of creating the Number object here.
-        (KJS::timeClip): Implement this as specified in the language standard.
-
-        * kjs/error_object.cpp: (NativeErrorImp::NativeErrorImp): Set the DontDelete, ReadOnly, and DontEnum
-        flags on the prototype property.
-
-        * kjs/function.cpp:
-        (KJS::FunctionImp::get): Return null rather than undefined for arguments when the function is not
-        currently in scope.
-        (KJS::isStrWhiteSpace): Added. Matches specification for StrWhiteSpace. Could move it to some utility
-        file later.
-        (KJS::parseDigit): Added. Helper function for parseInt.
-        (KJS::parseInt): Added. Integer parser that puts result in a double so we're not limited to what
-        strtoll can handle. Also matches standard more closely.
-        (KJS::parseFloat): Added. Handles "0x" properly and passes flag to make empty string turn into NaN
-        instead of 0.
-        (KJS::GlobalFuncImp::call): Use the new parseInt and parseFloat.
-
-        * kjs/function_object.cpp: (FunctionPrototypeImp::FunctionPrototypeImp): Add a length property.
-
-        * kjs/lexer.h: Added error flag and sawError() function for detecting errors.
-        * kjs/lexer.cpp:
-        (Lexer::setCode): Clear error state.
-        (Lexer::lex): Set error state if the lexer encounters an error
-
-        * kjs/internal.cpp:
-        (NumberImp::toString): Roll in change from KDE version to special case 0 so we handle -0 correctly.
-        (Parser::parse): Use new lexer error method so those errors are treated like parser errors.
-
-        * kjs/math_object.cpp: (MathFuncImp::call): Change min and max to treat -0 as less than +0.
-        Change round to round values between -0.5 and -0 to -0 instead of +0.
-
-        * kjs/nodes.h: Add evaluateReference function to GroupNode.
-        * kjs/nodes.cpp: (GroupNode::evaluateReference): Pass references through groups (parenthesized
-        expressions) properly so that expressions like "delete (x.y)" work. Before, the parentheses
-        would change x.y into a value that can't be deleted as a side effect.
-
-        * kjs/string_object.cpp: Change parameter count for indexOf and lastIndexOf from 2 to 1 to match
-        the specification.
-
-        * kjs/testkjs.cpp: Rolled in changes from KDE to add a "quit" function to the test tool and
-        get rid of the fixed size limit for code.
-
-        * kjs/ustring.cpp: (KJS::UString::substr): Added optimized case for substr(0, length) so it just
-        returns the string without creating a new Rep, since I'm using substr in a place where it will
-        often be passed a 0.
-
-        * tests/mozilla/ecma/String/15.5.4.11-1.js: Fixed one wrong entry in the Unicode table I added to
-        the other day that was making a couple tests fail.
-        * tests/mozilla/ecma/String/15.5.4.12-1.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-2.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-3.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-4.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-5.js: Ditto.
-
-        * kjs/string_object.lut.h: Regenerated.
-
-2004-08-11  Darin Adler  <darin@apple.com>
-
-        - fixed a tiny problem with the UTF-16 PCRE check-in
-
-        * pcre/maketables.c: (pcre_maketables): Fix mistake in table-generating code that sometimes caused
-        the ctype_meta flag to get set in items that should not have it.
-
-        * pcre/chartables.c: Regenerated.
-
-2004-08-10  Richard Williamson   <rjw@apple.com>
-
-        Fixed <rdar://problem/3674747> Need to implement invokeUndefinedMethodFromWebScript:withArguments:
-
-       The following WebScripting methods are now supported on bound
-       objects:
-
-       - (id)invokeUndefinedMethodFromWebScript:(NSString *)name withArguments:(NSArray *)args;
-        - (void)setValue:(id)value forUndefinedKey:(NSString *)key
-        - (id)valueForUndefinedKey:(NSString *)key
-
-        Reviewed by Chris.
-
-        * bindings/c/c_class.cpp:
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h:
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/objc/objc_class.h:
-        (KJS::Bindings::ObjcClass::isa):
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        (ObjcClass::fallbackObject):
-        * bindings/objc/objc_instance.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::setValueOfField):
-        (ObjcInstance::setValueOfUndefinedField):
-        (ObjcInstance::getValueOfField):
-        (ObjcInstance::getValueOfUndefinedField):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcField::~ObjcField):
-        (KJS::Bindings::ObjcField::ObjcField):
-        (KJS::Bindings::ObjcField::operator=):
-        (KJS::Bindings::FallbackObjectImp::classInfo):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::ObjcField):
-        (ObjcField::name):
-        (ObjcField::type):
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        (FallbackObjectImp::FallbackObjectImp):
-        (FallbackObjectImp::get):
-        (FallbackObjectImp::put):
-        (FallbackObjectImp::canPut):
-        (FallbackObjectImp::implementsCall):
-        (FallbackObjectImp::call):
-        (FallbackObjectImp::hasProperty):
-        (FallbackObjectImp::deleteProperty):
-        (FallbackObjectImp::defaultValue):
-        * bindings/runtime.h:
-        (KJS::Bindings::Class::fallbackObject):
-        (KJS::Bindings::Instance::getValueOfUndefinedField):
-        (KJS::Bindings::Instance::setValueOfUndefinedField):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface valueForUndefinedKey:]):
-        (-[MyFirstInterface setValue:forUndefinedKey:]):
-
-2004-08-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - switch PCRE to do UTF-16 directly instead of converting to/from UTF-8 for speed
-
-        * pcre/pcre.h: Added PCRE_UTF16 switch, set to 1. Added pcre_char typedef, which is char
-        or uint16_t depending on the mode, and used appropriate in the 7 public functions
-        that need to use it.
-        * pcre/pcre.c: Add UTF-16 support to all functions.
-        * pcre/study.c: Ditto.
-
-        * pcre/internal.h: Added ichar typedef, which is unsigned char or uint16_t depending on
-        the mode. Changed declarations to use symbolic constants and typedefs so we size
-        things to ichar when needed.
-
-        * pcre/maketables.c: (pcre_maketables): Change code to make tables that are
-        sized to 16-bit characters instead of 8-bit.
-
-        * pcre/get.c:
-        (pcre_copy_substring): Use pcre_char instead of char.
-        (pcre_get_substring_list): Ditto.
-        (pcre_free_substring_list): Ditto.
-        (pcre_get_substring): Ditto.
-        (pcre_free_substring): Ditto.
-
-        * pcre/dftables.c: (main): Used a bit more const, and use ICHAR sizes instead
-        of hard-coding 8-bit table sizes.
-
-        * pcre/chartables.c: Regenerated.
-
-        * kjs/ustring.h: Remove functions that convert UTF-16 to/from UTF-8 offsets.
-        * kjs/ustring.cpp: Change the shared empty string to have a unicode pointer that
-        is not null. The null string still has a null pointer. This prevents us from
-        passing a null through to the regular expression engine (which results in a null
-        error even when the string length is 0).
-
-        * kjs/regexp.cpp:
-        (KJS::RegExp::RegExp): Null-terminate the pattern and pass it.
-        (KJS::RegExp::match): Use the 16-bit string directly, no need to convert to UTF-8.
-
-2004-08-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed 28 Mozilla JavaScript tests
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Check for undefined rather than
-        checking the number of arguments for the join method.
-
-        * kjs/lexer.cpp: (Lexer::lex): Parse hexadecimal and octal constants in doubles rather
-        than integers, so we aren't limited to 32 bits.
-
-        * kjs/math_object.cpp: (MathFuncImp::call): Get rid of many unneeded special cases in
-        the implementation of the pow operation. Also simplied a case that was handling positive
-        and negative infinity separately.
-
-        * kjs/nodes.cpp: (ShiftNode::evaluate): Keep the result of shifts in a double instead of
-        putting them in a long, so that unsigned shift will work properly.
-
-        * kjs/number_object.cpp: Add the DontDelete and ReadOnly flags to the numeric constants.
-
-        * kjs/operations.cpp:
-        (KJS::isPosInf): Added an implementation inside APPLE_CHANGES that does not depend on the
-        sign of isinf; our isinf function returns +1 even for negative infinity.
-        (KJS::isNegInf): And again.
-        (KJS::relation): Put in a nice simple implementation of comparison inside APPLE_CHANGES.
-        Our floating point already handles the various infinity cases correctly.
-
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFuncImp::call): Add missing return before Null() in Exec method.
-        (RegExpObjectImp::arrayOfMatches): Put undefined rather than an empty string into the
-        array in cases where we did not match.
-        (RegExpObjectImp::construct): Set the DontDelete, ReadOnly, and DontEnum flags for
-        "global", "ignoreCase", "multiline", and "source".
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): For the match method, turn a null
-        string into undefined rather than an empty string. For the slice method, handle an
-        undefined parameter for the limit properly as decribed in the specification, and add
-        the limit to one case that didn't have the limit at all. For the methods that generate
-        HTML strings, use lowercase tags instead of uppercase.
-
-        * kjs/ustring.cpp:
-        (KJS::UChar::toLower): Use u_tolower from the ICU library.
-        (KJS::UChar::toUpper): Use u_toupper from the ICU library.
-        (KJS::UString::append): Fix some math that caused a buffer overflow.
-        (KJS::convertUTF16OffsetsToUTF8Offsets): Ignore negative numbers (-1 is used as a special
-        flag) rather than converting them all to 0.
-        (KJS::convertUTF8OffsetsToUTF16Offsets): Ditto.
-
-        * tests/mozilla/jsDriver.pl: Fixed the relative links to point to our actual test files.
-
-        * tests/mozilla/ecma/String/15.5.4.11-1.js: Fixed the Unicode table in this test to match
-        the Unicode specification in a few cases where it was wrong before.
-        * tests/mozilla/ecma/String/15.5.4.11-2.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.11-3.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.11-5.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.11-6.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-1.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-2.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-3.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-4.js: Ditto.
-        * tests/mozilla/ecma/String/15.5.4.12-5.js: Ditto.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Link to libicu.
-
-        * kjs/number_object.lut.h: Regenerated.
-
-2004-08-09  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3753467> REGRESSION (137-138): reproducible buffer overrun in UString manipulation code
-
-        * kjs/ustring.cpp: (KJS::UString::append): Fix incorrect size computation. Without it
-        we get a buffer overflow.
-
-=== Safari-155 ===
-
-2004-08-05  Richard Williamson   <rjw@apple.com>
-
-        Fixed part of 3674747.  The QT guys need this for feature freeze.
-
-        This patch implements support for the
-
-        - (id)invokeUndefinedMethodFromWebScript:(NSString *)name withArguments:(NSArray *)args
-
-        method of objects bound to JavaScript.
-
-        Reviewed by John.
-
-        * ChangeLog:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcMethod::~ObjcMethod):
-        (KJS::Bindings::ObjcMethod::isFallbackMethod):
-        (KJS::Bindings::ObjcMethod::javaScriptName):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcMethod::ObjcMethod):
-        (ObjcMethod::getMethodSignature):
-        (ObjcMethod::setJavaScriptName):
-        * bindings/testbindings.mm:
-
-2004-08-04  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by mjs.
- 
-       - fix <rdar://problem/3649789> SAP WebGUI has problems loading first page because of parse error        
-
-       * kjs/lexer.cpp:
-        (Lexer::lex): if the current character is a '\' and the next character is a line terminator,
-       go to the next line and continue parsing the string (instead of failing).  This matches 
-       behavior in Mac IE and Mozilla.
-
-2004-08-03  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Darin.
-
-       Rolled in changes from the latest KJS sources that support additional 
-       Number.prototype functions. 
-
-       Specifically this patch covers the follow parts of the ECMA 3 spec:
-       15.7.4.5, 15.7.4.6, and 15.7.4.7 
-       
-       Fixes:
-       <rdar://problem/3663716> missing Number.toFixed (and toPrecision, toExponential)
-       <rdar://problem/3749492> missing Number.toPrecision prototype implementation
-       <rdar://problem/3749591> missing Number.toExponential prototype implementation
-
-        * kjs/identifier.h: Added toFixed, toPrecision, and toExponential to the
-       list of supported identifiers (a macro).
-        * kjs/number_object.cpp: Implemented support for toFixed(), toPrecision(),
-       and toExponential(). 
-        (NumberPrototypeImp::NumberPrototypeImp):
-        (NumberProtoFuncImp::call):
-        * kjs/number_object.h: Added property names for toFixed, toPrecision,
-       and toExponential. 
-        (KJS::NumberProtoFuncImp::):
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - added support for copying RegExp objects so 7 more Mozilla regexp tests pass
-
-        * kjs/regexp_object.cpp: (RegExpObjectImp::construct): Check for case where
-        we are supposed to just copy the regular expression object, and do so.
-        Also tighten up arguments check to handle case where an actual "undefined"
-        is passed rather than just omitting an argument.
-
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        * tests/mozilla/.cvsignore: Added.
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed RegExp.toString so 3 more Mozilla regexp tests pass
-
-        * kjs/regexp_object.cpp: (RegExpProtoFuncImp::call):
-        Append the flags here so more tests paseed.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed a couple things making 5 Mozilla regexp tests pass
-
-        * kjs/regexp_object.cpp: (RegExpProtoFuncImp::call): Implement toString
-        for the prototype.
-        (RegExpObjectImp::construct): Fix bug where the string "undefined" would
-        be used as the flags string when no parameter was passed.
-
-        * kjs/regexp_object.h: (KJS::RegExpPrototypeImp::classInfo):
-        Added a class info object for RegExp prototype so it can return
-        a string instead of raising an exception when converting to a string.
-
-        * tests/mozilla/expected.html: Update results.
-
-2004-08-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Kevin.
-
-        - fix crashes in mozilla tests due to mishandling NaN
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Rerranged range checks after
-        calls to toInteger so that NaN will get turned into something that fits in an integer.
-        These were the ones John already fixed, but his fix used isnan and the new fix is
-        more efficient.
-
-        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Rearranged radix range checks
-        after a call to toInteger to handle NaN properly. Also removed separate check
-        for undefined that's not needed.
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): More of the same kinds of changes
-        as in the above two files, but for a lot more functions. Also changed one place with
-        an explicit check for undefined to instead just check isNaN.
-
-        * tests/mozilla/run-mozilla-tests: Changed to invoke jst using $SYMROOTS for people
-        like me who don't keep $SYMROOTS in their $PATH.
-
-=== Safari-154 ===
-
-=== Safari-153 ===
-
-2004-07-26  Kevin Decker  <kdecker@apple.com>
-
-        Changes done by Darin, reviewed by Kevin.
-
-        - changed testkjs to build in Xcode rather than from Makefile
-
-        * .cvsignore: Removed obsolete files from this list.
-        * Makefile.am: Removed code to build testkjs; we do this in Xcode now.
-        Changed to build target "All" rather than default target. This makes us
-        build the testkjs test tool.
-        * dummy.cpp: Removed.
-        * kjs/.cvsignore: Removed obsolete files from this list, including
-        the testkjs tool, which is now built in the symroots directory.
-        * kjs/testkjs.cpp: Added copyright notice that was missing, since we have
-        changed this file. Also this has the nice side effect of causing the tool
-        to be rebuilt in the new location even if there are no other changes in
-        your tree when you check this out.
-        * tests/mozilla/run-mozilla-tests: Invoke perl explicitly so this works
-        without setting the execute bit on jsDriver.pl.
-
-2004-07-22  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Darin
-       
-       Fixed <rdar://problem/3682340> (error console does not include source urls or line numbers of event exceptions). 
-
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/function_object.h:
-        * kjs/object.cpp:
-        (KJS::ObjectImp::construct):
-        * kjs/object.h:
-        (KJS::Object::construct):
-
-2004-07-21  Darin Adler  <darin@apple.com>
-
-        * bindings/npruntime.h: Fixed typo.
-
-2004-07-19  John Sullivan  <sullivan@apple.com>
-
-        Reviewed by Maciej.
-        
-        - bulletproofed array.slice() against NAN arguments. Harri noticed this
-        vulnerability in my patch for 3714644
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-        handle NAN parameters passed to slice() by clamping to 0 and length.
-
-2004-07-19  Richard Williamson   <rjw@apple.com>
-
-       Fixed 3733349.  Prevent Java applet callbacks into JavaScript after applet
-       has been destroyed.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::invoke):
-        (JSObject::JSObject):
-
-2004-07-16  John Sullivan  <sullivan@apple.com>
-
-        Reviewed by Maciej.
-        
-        - fixed <rdar://problem/3714644> REGRESSION (125.8-146): bugzilla submit link 
-        hangs browser with javascript
-
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-        Check for undefined type for args[0] the same way we were already checking
-        for args[1]. In this case, args was zero-length, but we were treating
-        args[0] like an integer anyway. Resulted in some code looping from a NAN
-        value to 4, taking approximately forever.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        version wars
-        
-=== Safari-152 ===
-
-2004-07-14  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-       <rdar://problem/3711474>: (REGRESSION (125-146): JavaScript 'toString(16)' is broken)
-       <rdar://problem/3644873>: (REGRESSION (125-140u): secondary list doesn't fill in at Southwest.com)
-
-        * kjs/number_object.cpp:
-        (NumberProtoFuncImp::call): Initialize radix from dradix, not from itself!
-
-2004-07-13  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by kocienda.
-
-       - made testkjs and JavaScriptCore a subtarget of 'All'
-       - testkjs now builds in $SYMROOTS
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-=== Safari-151 ===
-
-2004-06-24  Chris Blumenberg  <cblu@apple.com>
-
-       Ignore .mode1 files in JavaScriptCore.pbproj
-
-        Reviewed by kocienda.
-
-        * JavaScriptCore.pbproj/.cvsignore:
-
-2004-06-23  Richard Williamson   <rjw@apple.com>
-
-       Implemented changes for latest npruntime.h.
-       
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (listFromVariantArgs):
-        (identiferFromNPIdentifier):
-        (_NPN_CreateScriptObject):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_RemoveProperty):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/c/c_utility.cpp:
-        (convertNPVariantToValue):
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-        (stringIdentifierEqual):
-        (stringIdentifierHash):
-        (getStringIdentifierDictionary):
-        (intIdentifierEqual):
-        (intIdentifierHash):
-        (getIntIdentifierDictionary):
-        (NPN_GetStringIdentifier):
-        (NPN_GetStringIdentifiers):
-        (NPN_GetIntIdentifier):
-        (NPN_IdentifierIsString):
-        (NPN_UTF8FromIdentifier):
-        (NPN_VariantToInt32):
-        (NPN_VariantToDouble):
-        (NPN_SetException):
-        * bindings/npruntime.h:
-        * bindings/objc/WebScriptObject.mm:
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::~RuntimeObjectImp):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::rootForInterpreter):
-        * bindings/testbindings.cpp:
-        (initializeIdentifiers):
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setBooleanValue):
-
-=== JavaScriptCore-146.1 ===
-
-2004-06-16  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3702287> Crash returning nil from bound ObjC
-
-       This turned out to be a show stopper for Dashboard.  Accessing a nil
-       ObjC property from JS caused a crash.  Similar to the problem
-       3696112 fixed below.
-       
-        Reviewed by Trey.
-
-        * bindings/objc/objc_runtime.mm:
-        (KJS::Bindings::ObjcField::valueFromInstance):
-
-=== Safari-146 ===
-
-2004-06-16  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3696112>: nil from an Objective-C class seems to get wrapped as a JavaScript proxy that will not print.
-
-       This turned out to be a show stopper for Dashboard.  We now
-       return Undefined() when nil is returned from a ObjC method
-       that returns an object type.
-       
-        Reviewed by Maciej.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-
-=== Safari-145 ===
-
-2004-06-15  Richard Williamson   <rjw@apple.com>
-
-       Fixed <rdar://problem/3695875>: Objective-C instances that are exported to JavaScript are too promiscuous
-
-       No longer need to check respondsToSelector: for
-       isSelectorExcludedFromWebScript: and isKeyExcludedFromWebScript:
-       because these now have a default implementation on NSObject.
-
-        Reviewed by Trey.
-
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-
-2004-06-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed some things for GC that Patrick missed, or that happened after the branch
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject dealloc]): Moved removeNativeReference call here from private object.
-        (-[WebScriptObject finalize]): Added.
-
-        - added some missing nil checks
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::ObjcInstance): Check for nil.
-        (ObjcInstance::~ObjcInstance): Check for nil.
-        (ObjcInstance::operator=): Check for nil.
-
-2004-06-14  Darin Adler  <darin@apple.com>
-
-        Reviewed by me, code changes by Patrick Beard.
-
-        - fixed <rdar://problem/3671507>: (WebKit should adopt GC changes and compile with GC enabled)
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::ObjcInstance): Use CFRetain instead of retain.
-        (ObjcInstance::~ObjcInstance): Use CFRelease instead of release.
-        (ObjcInstance::operator=): More of the same.
-        (ObjcInstance::end): Use [pool drain] if compiling on Tiger.
-
-        * bindings/objc/objc_runtime.mm:
-        (ObjcArray::ObjcArray): Use CFRetain instead of retain.
-        (ObjcArray::~ObjcArray): Use CFRelease instead of release.
-        (ObjcArray::operator=): More of the same.
-
-        * bindings/testbindings.mm: Fixed incorrect license.
-        (main): Use [pool drain] if compiling on Tiger.
-
-=== Safari-144 ===
-
-2004-06-10  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by John.
-
-        * kjs/lexer.cpp: 
-        (Lexer::setCode):
-            - fixed <rdar://problem/3682398>: (error console line numbers are offset by 1)
-        * kjs/lexer.h:
-        (KJS::Lexer::lineNo):
-            - fixed <rdar://problem/3682398>: (error console line numbers are offset by 1)
-
-=== JavaScriptCore-143.2 ===
-
-2004-06-07  Darin Adler  <darin@apple.com>
-
-        - fixed <rdar://problem/3682489>: (JavaScriptGlue no longer compiles because Interpreter::evaluate parameters changed)
-
-        * kjs/interpreter.h: Added an overload to make JavaScriptGlue compile.
-        * kjs/interpreter.cpp: (KJS::Interpreter::evaluate): Implemented the overload.
-
-=== JavaScriptCore-143.1 ===
-
-2004-06-04  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Darin
-        
-        - fixed <rdar://problem/3680594>
-
-        * kjs/object.cpp:
-        (KJS::Error::create):
-
-=== Safari-143 ===
-
-2004-06-04  Darin Adler  <darin@apple.com>
-
-        * kjs/testkjs.cpp: (main): Fix build breakage by adding URL and line number parameters.
-
-2004-06-04  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Dave.
-
-        - ObjC bindings do not (yet) pass along sourceurl or line numbers
-        - we don't have a way as of yet to accomidate line numbers and urls for dynamic javascript
-        - changed the wording of an error message
-        - the lexer, parser, and interpreter have been made "sourceURL aware"
-        - stored the url into Error
-         
-        * bindings/NP_jsobject.cpp:
-        (NPN_Evaluate):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::eval):
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject evaluateWebScript:]):
-        * kjs/function.cpp:
-        (GlobalFuncImp::call):
-        * kjs/function_object.cpp:
-        (FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (Parser::parse):
-        (InterpreterImp::checkSyntax):
-        (InterpreterImp::evaluate):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (Interpreter::evaluate):
-        * kjs/interpreter.h:
-        * kjs/lexer.cpp:
-        (Lexer::setCode):
-        * kjs/lexer.h:
-        (KJS::Lexer::sourceURL):
-        * kjs/nodes.cpp:
-        (Node::Node):
-        (Node::throwError):
-        (FunctionCallNode::evaluate):
-        * kjs/nodes.h:
-        * kjs/object.cpp:
-        (KJS::Error::create):
-        * kjs/object.h:
-
-2004-06-04  Richard Williamson   <rjw@apple.com>
-
-        Fixed crash when attempting to access properties on nil
-        object.
-        
-        Reviewed by John.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::getClass):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        * bindings/testM.js:
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface getString]):
-
-2004-05-27  Kevin Decker  <kdecker@apple.com>
-
-        Reviewed by Ken.
-
-        -revised generated error message content
-        
-        * kjs/error_object.cpp:
-        (ErrorProtoFuncImp::call):
-        * kjs/internal.cpp:
-        (Parser::parse):
-        * kjs/object.cpp:
-        (KJS::Error::create):
-
-=== Safari-142 ===
-
-2004-05-27  Richard Williamson   <rjw@apple.com>
-
-        Renamed WebScriptMethods to WebScripting based on feedback from Nancy.
-
-        Reviewed by Chris.
-
-        * bindings/objc/WebScriptObject.h:
-
-2004-05-27  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - moved to new symlink technique for embedding frameworks
-
-        * JavaScriptCore.pbproj/project.pbxproj: Get rid of embed-frameworks build step
-        because we don't need it any more.
-
-2004-05-24  Richard Williamson   <rjw@apple.com>
-
-        Changed RuntimeArrayImp to inherit from ArrayInstanceImp and
-        fixed ClassInfo to correctly reflect inheritance.  This is required
-        because of the runtime checks in JSC for arrays, i.e. in
-        the Function objects apply method.
-
-        Reviewed by Ken.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::convertJObjectToArray):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::RuntimeArrayImp):
-        * bindings/runtime_array.h:
-        * bindings/testM.js: Added.
-        * bindings/testbindings.mm:
-        (+[MyFirstInterface webScriptNameForSelector:]):
-        (-[MyFirstInterface logMessages:]):
-        (-[MyFirstInterface logMessage:prefix:]):
-        (-[MyFirstInterface callJSObject::]):
-
-2004-05-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3664260>: (JS needs to listen to timezone change notifications)
-
-        * kjs/date_object.cpp: (CopyLocalTimeZone): As per Chris Kane and Jordan Hubbard, use <notify.h>
-        with a hardcoded string of "com.apple.system.timezone", and do CFTimeZoneResetSystem since
-        CoreFoundation doesn't do this itself. Turns out this affects the default time zone as long as
-        it hasn't been set explicitly.
-
-=== Safari-141 ===
-
-2004-05-20  Richard Williamson   <rjw@apple.com>
-
-        Implemented WebScriptObject/DOM wrapper voodoo.  DOM wrappers
-        can now be referenced like any other WebScriptObject, meaning
-        you can do JS operations on them.
-
-        All added implementation of finalizeForWebScript.
-
-        Reviewed by Ken.
-
-        * bindings/objc/WebScriptObject.h:
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject _initializeWithObjectImp:KJS::root:Bindings::]):
-        (-[WebScriptObject _initWithObjectImp:KJS::root:Bindings::]):
-        (-[WebScriptObject KJS::]):
-        (-[WebScriptObject dealloc]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        * bindings/objc/WebScriptObjectPrivate.h:
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::~ObjcInstance):
-
-2004-05-19  Richard Williamson   <rjw@apple.com>
-
-        Removed extraneous tabs that were added (by XCode?).
-
-        * bindings/objc/WebScriptObject.h:
-
-2004-05-19  Darin Adler  <darin@apple.com>
-
-        - fixed headers with licenses mangled by Xcode auto-indenting
-
-        * bindings/jni/jni_jsobject.cpp:
-        * bindings/jni/jni_jsobject.h:
-        * bindings/runtime_array.h:
-        * bindings/runtime_root.cpp:
-        * bindings/runtime_root.h:
-
-2004-05-18  Richard Williamson   <rjw@apple.com>
-
-        Added exception logging.  Also check for exception and
-        set results as appropriate.
-
-        Reviewed by Maciej (partially reviewed).
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-
-2004-05-18  Richard Williamson   <rjw@apple.com>
-
-        Finsished implementing support for windowScriptObject.
-        Had to make WebScriptObjectPrivate.h accessible from
-        WebCore.
-
-        Reviewed by Maciej.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/objc/WebScriptObjectPrivate.h:
-
-2004-05-18  Richard Williamson   <rjw@apple.com>
-
-        Use KVC to set/get values instead of directly accessing
-        ivars.
-
-        Reviewed by Maciej.
-
-        * bindings/objc/WebScriptObject.mm:
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (convertValueToObjcObject):
-        (ObjcField::setValueToInstance):
-
-2004-05-17  Richard Williamson   <rjw@apple.com>
-
-        Implemented new API for WebScriptObject.
-
-        Fixed <rdar://problem/3657145>: (objc to javascript method calls do not cause updates.)
-        Fixed <rdar://problem/3654887>: (Update to JSC to refer to new JSObject LiveConnect object)  (w/ help from Vicki)
-
-        Reviewed by Hyatt.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::convertValueToJObject):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJNIField):
-        * bindings/objc/WebScriptObject.mm:
-        (_didExecute):
-        (-[WebScriptObject _initWithObjectImp:KJS::root:Bindings::]):
-        (-[WebScriptObject KJS::]):
-        (-[WebScriptObject dealloc]):
-        (+[WebScriptObject throwException:]):
-        (listFromNSArray):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject setValue:forKey:]):
-        (-[WebScriptObject valueForKey:]):
-        (-[WebScriptObject stringRepresentation]):
-        (+[WebScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        (+[WebUndefined undefined]):
-        (-[WebUndefined initWithCoder:]):
-        (-[WebUndefined encodeWithCoder:]):
-        (-[WebUndefined copyWithZone:]):
-        (-[WebUndefined retain]):
-        (-[WebUndefined release]):
-        (-[WebUndefined retainCount]):
-        (-[WebUndefined autorelease]):
-        (-[WebUndefined dealloc]):
-        (-[WebUndefined copy]):
-        (-[WebUndefined replacementObjectForPortCoder:]):
-        * bindings/objc/WebScriptObjectPrivate.h: Added.
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-        * bindings/objc/objc_jsobject.h:
-        * bindings/objc/objc_jsobject.mm:
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::JSMethodNameToObjCMethodName):
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.cpp:
-        (Instance::setDidExecuteFunction):
-        (Instance::didExecuteFunction):
-        (Instance::setValueOfField):
-        * bindings/runtime.h:
-        * bindings/testbindings.mm:
-        (+[MyFirstInterface webScriptNameForSelector:]):
-        (-[MyFirstInterface callJSObject::]):
-
-2004-05-14  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by mjs.
- 
-        <rdar://problem/3642427>: framework marketing number should be 2.0 for DoubleBarrel release
-
-        * JavaScriptCore.pbproj/project.pbxproj: change CFBundleShortVersionString to 2.0
-
-=== Safari-140 ===
-
-2004-05-13  Richard Williamson   <rjw@apple.com>
-
-        Fixed indentation.
-
-        Reviewed by Chris.
-
-        * ChangeLog:
-        * bindings/objc/WebScriptObject.h:
-
-2004-05-13  Richard Williamson   <rjw@apple.com>
-
-        Approved API changes.  Currently unimplemented.
-
-        Reviewed by Chris.
-
-        * ChangeLog:
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/objc/WebScriptObject.h: Added.
-        * bindings/objc/WebScriptObject.mm: Added.
-        (+[WebScriptObject throwException:]):
-        (-[WebScriptObject callWebScriptMethod:withArguments:]):
-        (-[WebScriptObject evaluateWebScript:]):
-        (-[WebScriptObject stringRepresentation]):
-        (+[WebUndefined undefined]):
-        (-[WebUndefined initWithCoder:]):
-        (-[WebUndefined encodeWithCoder:]):
-        (-[WebUndefined copyWithZone:]):
-
-2004-05-07  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by darin.
-
-        Turn off GC since it uses ppc only instructions (which breaks 
-        the B&I build).   
-    
-        * kjs/value.h: set USE_CONSERVATIVE_GC to 0
-
-=== Safari-139 ===
-
-2004-05-07  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - add -funroll-loops=16 compiler option for approx .5% speedup on
-        HTML iBench and .5-1% speedup on JS iBench.
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-
-2004-04-25  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        Enable full conservative GC mode in addition to test mode. When
-        conservative GC is enabled, we now get an 11% speed improvement on
-        the iBench. Also fix some spots I missed before.
-
-        Specific noteworth changes:
-        
-        * kjs/collector.cpp:
-        (KJS::Collector::markStackObjectsConservatively): Check possible
-        cell pointers for 8-byte aligment and verify they are not 0.
-
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::increaseProtectCount): Move null-tolerance from here...
-        (KJS::ProtectedValues::decreaseProtectCount): ...and here...
-        * kjs/protect.h:
-        (KJS::gcProtectNullTolerant): ...to here...
-        (KJS::gcUnprotectNullTolerant): ...and here, because not all callers need the null
-        tolerance, and doing the check is expensive.
-
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::computeHash): Replace hash function with a much faster one
-        that is still very good.
-
-        * kjs/protect.h:
-        (KJS::gcProtect):
-        (KJS::gcUnprotect):
-        (KJS::ProtectedValue::ProtectedValue):
-        (KJS::ProtectedValue::~ProtectedValue):
-        (KJS::ProtectedValue::operator=):
-        (KJS::ProtectedObject::ProtectedObject):
-        (KJS::ProtectedObject::~ProtectedObject):
-        (KJS::ProtectedObject::operator=):
-        (KJS::ProtectedReference::ProtectedReference):
-        (KJS::ProtectedReference::~ProtectedReference):
-        (KJS::ProtectedReference::operator=):
-        * kjs/protected_values.cpp:
-        (KJS::ProtectedValues::getProtectCount):
-        (KJS::ProtectedValues::increaseProtectCount):
-        (KJS::ProtectedValues::decreaseProtectCount):
-        (KJS::ProtectedValues::computeHash):
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        (RootObject::removeAllNativeReferences):
-        * bindings/runtime_root.h:
-        (KJS::Bindings::RootObject::~RootObject):
-        (KJS::Bindings::RootObject::setRootObjectImp):
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate):
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        * kjs/internal.cpp:
-        (NumberImp::create):
-        (InterpreterImp::globalInit):
-        (InterpreterImp::globalClear):
-        (InterpreterImp::mark):
-        * kjs/list.cpp:
-        (KJS::List::derefValues):
-        (KJS::List::refValues):
-        (KJS::List::append):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::setInternalValue):
-        (KJS::ObjectImp::putDirect):
-        * kjs/value.cpp:
-        (ValueImp::mark):
-        (ValueImp::marked):
-        * kjs/value.h:
-        (KJS::ValueImp::ValueImp):
-        (KJS::ValueImp::~ValueImp):
-        (KJS::ValueImp::):
-        (KJS::Value::Value):
-        (KJS::Value::~Value):
-        (KJS::Value::operator=):
-
-2004-04-30  Richard Williamson   <rjw@apple.com>
-
-        Asking an NSInvocation for it's return value when return type
-        is void throws an exception.  Added check for void return types
-        to avoid this exception.
-
-        Reviewed by Ken.
-
-        * bindings/objc/objc_instance.mm:
-        (ObjcInstance::invokeMethod):
-
-2004-04-29  Richard Williamson   <rjw@apple.com>
-
-        Fixed several bad problems with the ObjC bindings.  In particular, conversion
-        to/from JavaScriptObject (soon to be WebScriptObject) was completely broken.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_jsobject.h:
-        * bindings/objc/objc_jsobject.mm:
-        (-[JavaScriptObject initWithObjectImp:KJS::root:Bindings::]):
-        (-[JavaScriptObject KJS::]):
-        (+[JavaScriptObject _convertValueToObjcValue:KJS::root:Bindings::]):
-        (-[JavaScriptObject call:arguments:]):
-        (-[JavaScriptObject evaluate:]):
-        (-[JavaScriptObject getMember:]):
-        (-[JavaScriptObject getSlot:]):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.h:
-        * bindings/runtime_root.cpp:
-        (KJS::Bindings::rootForInterpreter):
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        * bindings/runtime_root.h:
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface logMessage:]):
-        (-[MyFirstInterface setJSObject:]):
-        (-[MyFirstInterface callJSObject::]):
-
-2004-04-24  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        * kjs/ustring.cpp: (KJS::UString::append): Fix one case that was allocating a buffer
-        that is 2x too big.
-
-2004-04-23  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        Implementation of conservative GC, based partly on code from
-        Darin. It's turned off for now, so it shouldn't have any effect on
-        the normal build.
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/collector.cpp:
-        (KJS::Collector::markStackObjectsConservatively):
-        (KJS::Collector::markProtectedObjects):
-        (KJS::Collector::collect):
-        * kjs/collector.h:
-        * kjs/protect.h:
-        (KJS::gcProtect):
-        (KJS::gcUnprotect):
-        * kjs/protected_values.cpp: Added.
-        (KJS::ProtectedValues::getProtectCount):
-        (KJS::ProtectedValues::increaseProtectCount):
-        (KJS::ProtectedValues::insert):
-        (KJS::ProtectedValues::decreaseProtectCount):
-        (KJS::ProtectedValues::expand):
-        (KJS::ProtectedValues::shrink):
-        (KJS::ProtectedValues::rehash):
-        (KJS::ProtectedValues::computeHash):
-        * kjs/protected_values.h: Added.
-        * kjs/value.cpp:
-        (ValueImp::useConservativeMark):
-        (ValueImp::mark):
-        (ValueImp::marked):
-        * kjs/value.h:
-        (KJS::ValueImp::):
-
-=== Safari-138 ===
-
-2004-04-22  Richard Williamson   <rjw@apple.com>
-
-        Fixed build snafu (re-declaration of NPBool in npruntime.h and
-        npapi.h).
-
-        * bindings/npruntime.h:
-
-2004-04-22  Richard Williamson   <rjw@apple.com>
-
-        Updated plugin binding API to reflect latest revision from
-        working group.
-        
-        Biggest change is the introduction of NPVariant used to represent
-        value types.  NPVariant replaces the use of NPObject for the
-        exchange of values between scripting environment and native code.
-
-        Reviewed by John.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (identiferFromNPIdentifier):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_ToString):
-        (NPN_GetPropertyAtIndex):
-        (NPN_SetPropertyAtIndex):
-        * bindings/c/c_class.cpp:
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        (CInstance::defaultValue):
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        * bindings/c/c_utility.cpp:
-        (convertNPStringToUTF16):
-        (convertUTF8ToUTF16):
-        (coerceValueToNPVariantStringType):
-        (convertValueToNPVariant):
-        (convertNPVariantToValue):
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-        (NPN_GetIdentifier):
-        (NPN_GetIdentifiers):
-        (NPN_UTF8FromIdentifier):
-        (NPN_VariantIsVoid):
-        (NPN_VariantIsNull):
-        (NPN_VariantIsUndefined):
-        (NPN_VariantIsBool):
-        (NPN_VariantIsInt32):
-        (NPN_VariantIsDouble):
-        (NPN_VariantIsString):
-        (NPN_VariantIsObject):
-        (NPN_VariantToBool):
-        (NPN_VariantToString):
-        (NPN_VariantToInt32):
-        (NPN_VariantToDouble):
-        (NPN_VariantToObject):
-        (NPN_InitializeVariantAsVoid):
-        (NPN_InitializeVariantAsNull):
-        (NPN_InitializeVariantAsUndefined):
-        (NPN_InitializeVariantWithBool):
-        (NPN_InitializeVariantWithInt32):
-        (NPN_InitializeVariantWithDouble):
-        (NPN_InitializeVariantWithString):
-        (NPN_InitializeVariantWithStringCopy):
-        (NPN_InitializeVariantWithObject):
-        (NPN_InitializeVariantWithVariant):
-        (NPN_ReleaseVariantValue):
-        (NPN_CreateObject):
-        (NPN_RetainObject):
-        (NPN_ReleaseObject):
-        (NPN_IsKindOfClass):
-        (NPN_SetExceptionWithUTF8):
-        (NPN_SetException):
-        * bindings/npruntime.h:
-        (_NPString::):
-        (_NPString::_NPVariant::):
-        * bindings/testbindings.cpp:
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setStringValue):
-        (setBooleanValue):
-        (getDoubleValue):
-        (getIntValue):
-        (getStringValue):
-        (getBooleanValue):
-        (myGetProperty):
-        (mySetProperty):
-        (myInvoke):
-        (myAllocate):
-
-2004-04-22  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3627473>: "REGRESSION (125-137): memory trasher in UString::append, causing many different crashes"
-
-        * kjs/ustring.cpp:
-        (KJS::UString::expandCapacity): Fix sizeof(UChar *) that should be sizeof(UChar).
-        Was resulting in a buffer 2x the needed size.
-        (KJS::UString::expandPreCapacity): Ditto.
-        (KJS::UString::append): Fix malloc that is missing a sizeof(UChar).
-
-2004-04-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        Preliminary change for conservative GC. Create "protected"
-        subclasses to GC-protect objects when on heap, since we will soon
-        remove the built-in refcounting of the normal wrapper classes. Use
-        them where needed.
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/context.h:
-        * kjs/internal.h:
-        (KJS::InterpreterImp::globalObject):
-        * kjs/interpreter.h:
-        * kjs/property_map.cpp:
-        * kjs/reference.h:
-        * kjs/reference_list.cpp:
-
-2004-04-19  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Dave.
-
-        Optimize prepend using the shared substring optimization. Also,
-        limit the applicability of shared append and shared prepend. If
-        you overdo it, it does more harm than good, because you create a
-        bunch of strings that are disqualified from future shared
-        append/prepend, for not much immediate savings in allocate/copy
-        expense.
-        
-        * kjs/ustring.cpp:
-        (KJS::):
-        (KJS::UString::Rep::create):
-        (KJS::UString::expandedSize):
-        (KJS::UString::usedPreCapacity):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::expandPreCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::data):
-
-2004-04-16  Maciej Stachowiak  <mjs@apple.com>
-        Reviewed by Richard.
-
-        No more need for Completion or Reference to privately inherit from
-        Value, none of the superclass functionality is used.
-
-        * kjs/completion.h:
-        * kjs/reference.h:
-
-=== Safari-137 ===
-
-2004-04-16  Richard Williamson   <rjw@apple.com>
-
-        Added interpreter lock protection around object creation.
-
-        Reviewed by Chris.
-
-        * bindings/runtime.cpp:
-        (Instance::createRuntimeObject):
-
-2004-04-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-        Another JavaScript speed improvement: use the mechanism from
-        string append optimization to make taking a substring fast, again
-        sharing the buffer.
-
-        A further 22% improvement on the 24fun string speed test.
-        
-        * kjs/ustring.cpp:
-        (KJS::):
-        (KJS::UString::Rep::create):
-        (KJS::UString::UString):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        (KJS::UString::substr):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::data):
-
-2004-04-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - fixed <rdar://problem/3600695>: String manipulation in JavaScript 24fun test is very slow (slow)
-        - fixed <rdar://problem/3600691>: Table generation test is really slow
-        - fixed <rdar://problem/3600661>: 24fun date test is really slow
-
-        80% speedup on the string test, lesser speedups on the other two.
-        
-        Two different optimizations here:
-
-        1) Avoid large overhead of scanning strings to see if they are all
-        ASCII before numeric conversion.
-        
-        * kjs/nodes.cpp:
-        (AssignNode::evaluate): Don't convert to integer until we know for
-        sure the operation will need it. Attempting to convert strings to
-        numbers is a waste when they are being appended with +=.
-
-        2) Avoid huge cost of appending strings.
-
-        This is done by allowing multiple strings to share a buffer but
-        actually use different ranges of it. The first time a string is
-        appended to, we start leaving at least 10% extra space in the
-        buffer, so doing N appends to the same string takes O(log N)
-        mallocs instead of O(N).
-        
-        * kjs/identifier.cpp:
-        (KJS::Identifier::equal):
-        (KJS::Identifier::add):
-        * kjs/ustring.cpp:
-        (KJS::):
-        (KJS::UCharReference::operator=):
-        (KJS::UCharReference::ref):
-        (KJS::UString::Rep::create):
-        (KJS::UString::Rep::destroy):
-        (KJS::UString::expandedSize):
-        (KJS::UString::usedCapacity):
-        (KJS::UString::expandCapacity):
-        (KJS::UString::UString):
-        (KJS::UString::null):
-        (KJS::UString::append):
-        (KJS::UString::operator=):
-        (KJS::UString::toStrictUInt32):
-        (KJS::UString::detach):
-        (KJS::KJS::operator==):
-        * kjs/ustring.h:
-        (KJS::UString::Rep::data):
-        (KJS::UString::Rep::hash):
-
-2004-04-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fix deployment build by avoiding deployment-only warning.
-
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::bottom):
-
-2004-04-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        Changed things so that newly created objects get a prototype based
-        on the scope chain of the current function, rather than the
-        interpreter that started execution. This fixes the following bugs:
-        
-        <rdar://problem/3368523>: ARCH: wrong prototype used to create new objects (hang on lookup.atomica.com)
-        <rdar://problem/3559173>: ARCH: Cannot scan using a HP Jetdirect product (JS object prototypes bind incorrectly)
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * kjs/array_object.cpp:
-        (CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
-        (ArrayProtoFuncImp::ArrayProtoFuncImp):
-        (ArrayProtoFuncImp::call):
-        (ArrayObjectImp::construct):
-        * kjs/bool_object.cpp:
-        (BooleanObjectImp::construct):
-        * kjs/date_object.cpp:
-        (DateProtoFuncImp::DateProtoFuncImp):
-        (DateProtoFuncImp::call):
-        (DateObjectImp::construct):
-        * kjs/error_object.cpp:
-        (ErrorObjectImp::construct):
-        * kjs/function.cpp:
-        (FunctionImp::FunctionImp):
-        (FunctionImp::call):
-        (DeclaredFunctionImp::construct):
-        (ArgumentsImp::ArgumentsImp):
-        (GlobalFuncImp::call):
-        * kjs/function_object.cpp:
-        (FunctionProtoFuncImp::call):
-        (FunctionObjectImp::construct):
-        * kjs/internal.cpp:
-        (BooleanImp::toObject):
-        (StringImp::toObject):
-        (NumberImp::toObject):
-        (InterpreterImp::InterpreterImp):
-        (InterpreterImp::clear):
-        (InterpreterImp::interpreterWithGlobalObject):
-        * kjs/internal.h:
-        * kjs/interpreter.cpp:
-        (ExecState::lexicalInterpreter):
-        * kjs/interpreter.h:
-        (KJS::ExecState::dynamicInterpreter):
-        (KJS::ExecState::interpreter):
-        * kjs/math_object.cpp:
-        (MathFuncImp::MathFuncImp):
-        * kjs/nodes.cpp:
-        (StatementNode::hitStatement):
-        (StatementNode::abortStatement):
-        (RegExpNode::evaluate):
-        (ElementNode::evaluate):
-        (ArrayNode::evaluate):
-        (ObjectLiteralNode::evaluate):
-        (PropertyValueNode::evaluate):
-        (FunctionCallNode::evaluate):
-        (FuncDeclNode::processFuncDecl):
-        (FuncExprNode::evaluate):
-        * kjs/number_object.cpp:
-        (NumberObjectImp::construct):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::defaultValue):
-        (KJS::Error::create):
-        * kjs/object_object.cpp:
-        (ObjectObjectImp::construct):
-        * kjs/reference.cpp:
-        (Reference::putValue):
-        * kjs/regexp_object.cpp:
-        (RegExpProtoFuncImp::call):
-        (RegExpObjectImp::arrayOfMatches):
-        (RegExpObjectImp::construct):
-        * kjs/scope_chain.cpp:
-        (KJS::ScopeChain::bottom):
-        * kjs/scope_chain.h:
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::StringProtoFuncImp):
-        (StringProtoFuncImp::call):
-        (StringObjectImp::construct):
-
-=== Safari-136 ===
-
-=== Safari-135 ===
-
-2004-03-31  Richard Williamson   <rjw@apple.com>
-
-        Tedious renames based on feedback from plugin-futures list.
-        NP_ functions are renamed with NPN_ prefix.
-        Types prefix renamed from NP_ to NP.
-        NPN_CreateStringWithUTF8 and NPN_SetExceptionWithUTF8 now take a length, optionally -1 if string is null terminated. 
-        
-        No review because this was just a renaming patch.
-
-        * bindings/NP_jsobject.cpp:
-        (listFromNPArray):
-        (jsAllocate):
-        (identiferFromNPIdentifier):
-        (NPN_Call):
-        (NPN_Evaluate):
-        (NPN_GetProperty):
-        (NPN_SetProperty):
-        (NPN_RemoveProperty):
-        (NPN_ToString):
-        (NPN_GetPropertyAtIndex):
-        (NPN_SetPropertyAtIndex):
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.cpp:
-        (CClass::_commonInit):
-        (CClass::classForIsA):
-        (CClass::CClass):
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::CInstance):
-        (CInstance::~CInstance):
-        (CInstance::operator=):
-        (CInstance::invokeMethod):
-        (CInstance::defaultValue):
-        * bindings/c/c_instance.h:
-        (KJS::Bindings::CInstance::getObject):
-        * bindings/c/c_runtime.cpp:
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        * bindings/c/c_runtime.h:
-        (KJS::Bindings::CField::CField):
-        (KJS::Bindings::CField::name):
-        (KJS::Bindings::CMethod::CMethod):
-        (KJS::Bindings::CMethod::name):
-        * bindings/c/c_utility.cpp:
-        (coerceValueToNPString):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-        (NPN_IdentifierFromUTF8):
-        (NPN_IsValidIdentifier):
-        (NPN_GetIdentifiers):
-        (NPN_UTF8FromIdentifier):
-        (NPN_CreateObject):
-        (NPN_RetainObject):
-        (NPN_ReleaseObject):
-        (NPN_IsKindOfClass):
-        (NPN_SetExceptionWithUTF8):
-        (NPN_SetException):
-        (numberAllocate):
-        (NPN_CreateNumberWithInt):
-        (NPN_CreateNumberWithFloat):
-        (NPN_CreateNumberWithDouble):
-        (NPN_IntFromNumber):
-        (NPN_FloatFromNumber):
-        (NPN_DoubleFromNumber):
-        (stringAllocate):
-        (NPN_CreateStringWithUTF8):
-        (NPN_CreateStringWithUTF16):
-        (NPN_DeallocateUTF8):
-        (NPN_UTF8FromString):
-        (NPN_UTF16FromString):
-        (NPN_StringLength):
-        (booleanAllocate):
-        (NPN_CreateBoolean):
-        (NPN_BoolFromBoolean):
-        (nullAllocate):
-        (NPN_GetNull):
-        (undefinedAllocate):
-        (NPN_GetUndefined):
-        (arrayAllocate):
-        (arrayDeallocate):
-        (NPN_CreateArray):
-        (NPN_CreateArrayV):
-        (NPN_ObjectAtIndex):
-        * bindings/npruntime.h:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/testbindings.cpp:
-        (initializeIdentifiers):
-        (myHasProperty):
-        (myHasMethod):
-        (myGetProperty):
-        (mySetProperty):
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setStringValue):
-        (setBooleanValue):
-        (getDoubleValue):
-        (getIntValue):
-        (getStringValue):
-        (getBooleanValue):
-        (myInvoke):
-        (myAllocate):
-        (myInvalidate):
-        (myDeallocate):
-        (main):
-
-2004-03-31  Richard Williamson   <rjw@apple.com>
-
-        Changed references to NP_runtime.h to npruntime.h
-        
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.h:
-        * bindings/c/c_class.h:
-        * bindings/c/c_instance.h:
-        * bindings/c/c_runtime.h:
-        * bindings/c/c_utility.h:
-        * bindings/npruntime.cpp:
-
-2004-03-31  Richard Williamson   <rjw@apple.com>
-
-        Renamed NP_runtime.h to npruntime.h to match Netscape SDK.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.h:
-        * bindings/npruntime.cpp:
-
-=== Safari-134 ===
-
-2004-03-23  Richard Williamson   <rjw@apple.com>
-
-        Added implementation of KJS::Value <-> NP_Object conversion functions.
-        Augmented test program for 'C' bindings.
-        Added asserts and parameter checking to all public API.        
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp:
-        (NP_ToString):
-        * bindings/NP_jsobject.h: Added.
-        * bindings/NP_runtime.cpp:
-        (NP_IdentifierFromUTF8):
-        (NP_IsValidIdentifier):
-        (NP_GetIdentifiers):
-        (NP_CreateObject):
-        (NP_RetainObject):
-        (NP_ReleaseObject):
-        (NP_IsKindOfClass):
-        (NP_SetExceptionWithUTF8):
-        (NP_SetException):
-        (NP_IntFromNumber):
-        (NP_FloatFromNumber):
-        (NP_DoubleFromNumber):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_DeallocateUTF8):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        (NP_StringLength):
-        (NP_BoolFromBoolean):
-        * bindings/NP_runtime.h:
-        * bindings/c/c_instance.cpp:
-        (CInstance::invokeMethod):
-        * bindings/c/c_utility.cpp:
-        (coerceValueToNPString):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        * bindings/c/c_utility.h:
-        * bindings/test.js:
-        * bindings/testC.js: Added.
-        * bindings/testbindings.cpp:
-        (logMessage):
-        (setDoubleValue):
-        (setIntValue):
-        (setStringValue):
-        (setBooleanValue):
-        (getDoubleValue):
-        (getIntValue):
-        (getStringValue):
-        (getBooleanValue):
-        (myInterfaceInvoke):
-        (myInterfaceAllocate):
-
-=== Safari-133 ===
-
-2004-03-19  Darin Adler  <darin@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed problem with methods like setUTCHour
-
-        * kjs/date_object.cpp: (DateProtoFuncImp::call): Fix conversion back to time_t to use the appropriate
-        GMT vs. local time function based on the utc flag.
-
-2004-03-17  Richard Williamson   <rjw@apple.com>
-
-        Added a context parameter to result callbacks use by JavaScriptObject functions.  This was a change requested by Eric Carlson on the QT plugin team.
-
-        Reviewed by Ken.
-
-        * bindings/NP_jsobject.cpp:
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        * bindings/NP_runtime.h:
-
-2004-03-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3590169.  Regression (crash) caused by the switch to MethodLists.  Crash when attempting to invoke a method from JavaScript to Java that is not implemented.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodsNamed):
-
-2004-03-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3570854.  Don't attempt to convert Null to strings.  We
-        were incorrectly converting to "Null".
-
-        Actually fixed by Scott Kovatch.
-
-        Reviewed by Richard.
-
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-
-=== Safari-132 ===
-
-2004-03-11  Richard Williamson   <rjw@apple.com>
-
-        Stitched together the NP stuff to our language independent
-        JavaScript binding stuff.  Very close to being done.
-        
-        Added program to test C bindings (and NP stuff).  Just tests
-        properties.  Will add methods and JavaScript access, etc.
-
-        Updated Makefile.am to account for new bindings/c directory.
-
-        Change NP_UTF8 from "const char *" to "char" to allow for
-        declarations like "const NP_UTF8 *" and "NP_UTF8 *".  Ditto
-        for NP_UTF16.
-
-        Added NP_IsValidIdentifier().
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/NP_jsobject.cpp:
-        (identiferFromNPIdentifier):
-        (NP_Evaluate):
-        * bindings/NP_runtime.cpp:
-        (NP_IdentifierFromUTF8):
-        (NP_IsValidIdentifier):
-        (NP_GetIdentifiers):
-        (NP_UTF8FromIdentifier):
-        (NP_SetExceptionWithUTF8):
-        (NP_SetException):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        * bindings/NP_runtime.h:
-        * bindings/c/c_class.cpp: Added.
-        (CClass::_commonDelete):
-        (CClass::_commonCopy):
-        (CClass::_commonInit):
-        (_createClassesByIsAIfNecessary):
-        (CClass::classForIsA):
-        (CClass::CClass):
-        (CClass::name):
-        (CClass::methodsNamed):
-        (CClass::fieldNamed):
-        * bindings/c/c_class.h: Added.
-        (KJS::Bindings::CClass::~CClass):
-        (KJS::Bindings::CClass::CClass):
-        (KJS::Bindings::CClass::operator=):
-        (KJS::Bindings::CClass::constructorAt):
-        (KJS::Bindings::CClass::numConstructors):
-        * bindings/c/c_instance.cpp: Added.
-        (CInstance::CInstance):
-        (CInstance::~CInstance):
-        (CInstance::operator=):
-        (CInstance::getClass):
-        (CInstance::begin):
-        (CInstance::end):
-        (CInstance::invokeMethod):
-        (CInstance::defaultValue):
-        (CInstance::stringValue):
-        (CInstance::numberValue):
-        (CInstance::booleanValue):
-        (CInstance::valueOf):
-        * bindings/c/c_instance.h: Added.
-        (KJS::Bindings::CInstance::getObject):
-        * bindings/c/c_runtime.cpp: Added.
-        (CField::valueFromInstance):
-        (CField::setValueToInstance):
-        * bindings/c/c_runtime.h: Added.
-        (KJS::Bindings::CField::CField):
-        (KJS::Bindings::CField::name):
-        (KJS::Bindings::CField::type):
-        (KJS::Bindings::CMethod::CMethod):
-        (KJS::Bindings::CMethod::name):
-        (KJS::Bindings::CMethod::numParameters):
-        * bindings/c/c_utility.cpp: Added.
-        (coerceValueToNPValueType):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        * bindings/c/c_utility.h: Added.
-        * bindings/make_testbindings:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::):
-        * bindings/testbindings.cpp: Added.
-        (initializeIdentifiers):
-        (myInterfaceHasProperty):
-        (myInterfaceHasMethod):
-        (myInterfaceGetProperty):
-        (myInterfaceSetProperty):
-        (myInterfaceInvoke):
-        (myInterfaceAllocate):
-        (myInterfaceInvalidate):
-        (myInterfaceDeallocate):
-        (GlobalImp::className):
-        (readJavaScriptFromFile):
-        (main):
-
-2004-03-10  Richard Williamson   <rjw@apple.com>
-
-        Made changes to support new asychronous approach to calls from
-        plugin to JavaScript
-
-        Reviewed by Chris.
-
-        * bindings/NP_jsobject.cpp:
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        * bindings/NP_runtime.h:
-        * bindings/make_testbindings:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-
-2004-03-10  Richard Williamson   <rjw@apple.com>
-
-        Updated header to include proposed changes from
-        plugin-futures list.  Calls from plugin to JavaScript
-        are now asynchronous.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.h:
-
-=== Safari-131 ===
-
-2004-03-04  Richard Williamson   <rjw@apple.com>
-
-        Implementation of NP_JavaScriptObject.  This is the 'C' class
-        that wraps a JavaScript object.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_jsobject.cpp: Added.
-        (coerceValueToNPValueType):
-        (convertValueToNPValueType):
-        (convertNPValueTypeToValue):
-        (listFromNPArray):
-        (jsAllocate):
-        (jsDeallocate):
-        (identiferFromNPIdentifier):
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_SetProperty):
-        (NP_RemoveProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        (NP_SetPropertyAtIndex):
-        * bindings/NP_runtime.cpp:
-        (NP_ObjectAtIndex):
-        * bindings/NP_runtime.h:
-        * bindings/runtime_object.h:
-
-2004-03-04  Richard Williamson   <rjw@apple.com>
-
-        Added NP_Array implementation.  
-
-        Changed NP_Boolean to just depend on two static instances, no
-        space is required for values.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (NP_CreateBoolean):
-        (NP_BoolFromBoolean):
-        (arrayAllocate):
-        (arrayDeallocate):
-        (NP_CreateArray):
-        (NP_CreateArrayV):
-        (NP_ObjectAtIndex):
-        * bindings/NP_runtime.h:
-
-2004-03-03  Darin Adler  <darin@apple.com>
-
-        Reviewed by Vicki.
-
-        * English.lproj/InfoPlist.strings: Removed. No need to localize the version and
-        copyright string, and that's all that was in here.
-        * JavaScriptCore.pbproj/project.pbxproj: Removed InfoPlist.strings from build.
-
-2004-03-03  Richard Williamson   <rjw@apple.com>
-
-        More 'C' binding implementation.  Fleshed out all the
-        'primitive' data types.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (NP_ReleaseObject):
-        (numberAllocate):
-        (stringAllocate):
-        (stringDeallocate):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        (NP_StringLength):
-        (booleanAllocate):
-        (booleanDeallocate):
-        (NP_CreateBoolean):
-        (NP_BoolFromBoolean):
-        (nullAllocate):
-        (nullDeallocate):
-        (NP_GetNull):
-        (undefinedAllocate):
-        (undefinedDeallocate):
-        (NP_GetUndefined):
-        * bindings/NP_runtime.h:
-
-2004-03-03  Richard Williamson   <rjw@apple.com>
-
-        More 'C' binding implementation.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (identifierEqual):
-        (identifierHash):
-        (getIdentifierDictionary):
-        (NP_IdentifierFromUTF8):
-        (NP_UTF8FromIdentifier):
-        (NP_CreateObject):
-        (NP_ReleaseObject):
-        (NP_IsKindOfClass):
-        (numberCreate):
-        (NP_CreateNumberWithInt):
-        (NP_CreateNumberWithFloat):
-        (NP_CreateNumberWithDouble):
-        (NP_IntFromNumber):
-        (NP_FloatFromNumber):
-        (NP_DoubleFromNumber):
-        * bindings/NP_runtime.h:
-
-2004-03-02  Richard Williamson   <rjw@apple.com>
-
-        Removed retain/release from NP_Class.  Classes will not be allowed to implement their
-        own customer retain/release scheme.
-
-        Reviewed by Chris.
-
-        * bindings/NP_runtime.cpp:
-        (NP_RetainObject):
-        (NP_ReleaseObject):
-        * bindings/NP_runtime.h:
-
-2004-03-02  Richard Williamson   <rjw@apple.com>
-
-        C binding API.  Partial implementation.
-
-        Completed ObjectiveC bindings (not based on the C API).  These will re-implemented over the C binding API, but I wanted to get this code in the tree.
-
-        Factored root object reference counting scheme.  It is now useful independent
-        of LiveConnect.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/NP_runtime.cpp: Added.
-        (NP_IdentifierFromUTF8):
-        (NP_GetIdentifiers):
-        (NP_UTF8FromIdentifier):
-        (NP_CreateObject):
-        (NP_RetainObject):
-        (NP_ReleaseObject):
-        (NP_IsKindOfClass):
-        (NP_SetException):
-        (NP_Call):
-        (NP_Evaluate):
-        (NP_GetProperty):
-        (NP_SetProperty):
-        (NP_RemoveProperty):
-        (NP_ToString):
-        (NP_GetPropertyAtIndex):
-        (NP_SetPropertyAtIndex):
-        (NP_CreateNumberWithInt):
-        (NP_CreateNumberWithFloat):
-        (NP_CreateNumberWithDouble):
-        (NP_IntFromNumber):
-        (NP_FloatFromNumber):
-        (NP_DoubleFromNumber):
-        (NP_CreateStringWithUTF8):
-        (NP_CreateStringWithUTF16):
-        (NP_UTF8FromString):
-        (NP_UTF16FromString):
-        (NP_CreateBoolean):
-        (NP_BoolFromBoolean):
-        (NP_GetNull):
-        (NP_GetUndefined):
-        (NP_CreateArray):
-        (NP_CreateArrayV):
-        (NP_ObjectAtIndex):
-        * bindings/NP_runtime.h: Added.
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::invoke):
-        (JSObject::finalize):
-        (JSObject::createNative):
-        (JSObject::convertValueToJObject):
-        * bindings/jni/jni_jsobject.h:
-        * bindings/objc/objc_jsobject.h:
-        * bindings/objc/objc_jsobject.mm:
-        (rootForView):
-        (windowJavaScriptObject):
-        (-[JavaScriptObject initWithObjectImp:KJS::root:Bindings::]):
-        (-[JavaScriptObject dealloc]):
-        (-[JavaScriptObject _convertValueToObjcValue:KJS::]):
-        (-[JavaScriptObject call:arguments:]):
-        (-[JavaScriptObject evaluate:]):
-        (-[JavaScriptObject getMember:]):
-        (-[JavaScriptObject setMember:value:]):
-        (-[JavaScriptObject removeMember:]):
-        (-[JavaScriptObject toString]):
-        (-[JavaScriptObject getSlot:]):
-        (-[JavaScriptObject setSlot:value:]):
-        * bindings/objc/objc_utility.h:
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        * bindings/runtime_root.cpp: Added.
-        (getReferencesByRootDictionary):
-        (getReferencesDictionary):
-        (KJS::Bindings::findReferenceDictionary):
-        (KJS::Bindings::rootForImp):
-        (KJS::Bindings::addNativeReference):
-        (KJS::Bindings::removeNativeReference):
-        (completedJavaScriptAccess):
-        (initializeJavaScriptAccessLock):
-        (lockJavaScriptAccess):
-        (unlockJavaScriptAccess):
-        (RootObject::dispatchToJavaScriptThread):
-        (performJavaScriptAccess):
-        (RootObject::setFindRootObjectForNativeHandleFunction):
-        (RootObject::removeAllNativeReferences):
-        * bindings/runtime_root.h: Added.
-        (KJS::Bindings::RootObject::RootObject):
-        (KJS::Bindings::RootObject::~RootObject):
-        (KJS::Bindings::RootObject::setRootObjectImp):
-        (KJS::Bindings::RootObject::rootObjectImp):
-        (KJS::Bindings::RootObject::setInterpreter):
-        (KJS::Bindings::RootObject::interpreter):
-        (KJS::Bindings::RootObject::findRootObjectForNativeHandleFunction):
-        (KJS::Bindings::RootObject::runLoop):
-        (KJS::Bindings::RootObject::performJavaScriptSource):
-
-=== Safari-130 ===
-
-=== Safari-129 ===
-
-2004-02-18  Richard Williamson   <rjw@apple.com>
-
-        Added NSNumber/Number conversion.
-
-        Removed some unnecessary KJS:: namespace specifiers.
-
-        Reviewed by Ken.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime_array.h:
-
-2004-02-18  Richard Williamson   <rjw@apple.com>
-
-        Added support for export NSArrays.
-
-        Updated valueAt() to take an ExecState so we can throw
-        JS exceptions.
-
-        Implemented excludeSelectorFromJavaScript: in ObjcClass.  This allows
-        ObjectiveC classes to control the visibility of their methods in 
-        JavaScript.
-
-        Reviewed by Ken.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        (JavaArray::valueAt):
-        * bindings/jni/jni_runtime.h:
-        * bindings/objc/objc_class.mm:
-        (ObjcClass::methodsNamed):
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcArray::getObjcArray):
-        * bindings/objc/objc_runtime.mm:
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        (ObjcArray::ObjcArray):
-        (ObjcArray::~ObjcArray):
-        (ObjcArray::operator=):
-        (ObjcArray::setValueAt):
-        (ObjcArray::valueAt):
-        (ObjcArray::getLength):
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/runtime.cpp:
-        (Instance::getValueOfField):
-        * bindings/runtime.h:
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::get):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-
-2004-02-17  Richard Williamson   <rjw@apple.com>
-
-        Added String <-> NSString conversion.
-        Added tests of String <-> NSString conversion to test program.
-
-        Reviewed by Chris.
-
-        * bindings/objc/objc_utility.mm:
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        * bindings/test.js:
-        * bindings/testbindings.mm:
-        (-[MyFirstInterface getString]):
-
-2004-02-15  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Tweak build styles a bit, fixing OptimizedWithSymbols,
-        and removing redundant settings of things that match defaults in other build styles.
-
-2004-02-13  Richard Williamson   <rjw@apple.com>
-
-        Work towards the JavaScript ObjC bindings.  The bindings now work for 
-        simple scalar types.  testbindings.mm is an illustration of how the 
-        bindings work.
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodsNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaMethod::returnType):
-        * bindings/make_testbindings: Added.
-        * bindings/objc/objc_class.h: Added.
-        (KJS::Bindings::ObjcClass::~ObjcClass):
-        (KJS::Bindings::ObjcClass::ObjcClass):
-        (KJS::Bindings::ObjcClass::operator=):
-        (KJS::Bindings::ObjcClass::constructorAt):
-        (KJS::Bindings::ObjcClass::numConstructors):
-        * bindings/objc/objc_class.mm: Added.
-        (ObjcClass::_commonDelete):
-        (ObjcClass::_commonCopy):
-        (ObjcClass::_commonInit):
-        (_createClassesByIsAIfNecessary):
-        (ObjcClass::classForIsA):
-        (ObjcClass::ObjcClass):
-        (ObjcClass::name):
-        (ObjcClass::methodsNamed):
-        (ObjcClass::fieldNamed):
-        * bindings/objc/objc_header.h: Added.
-        * bindings/objc/objc_instance.h: Added.
-        (KJS::Bindings::ObjcInstance::getObject):
-        * bindings/objc/objc_instance.mm: Added.
-        (ObjcInstance::ObjcInstance):
-        (ObjcInstance::~ObjcInstance):
-        (ObjcInstance::operator=):
-        (ObjcInstance::begin):
-        (ObjcInstance::end):
-        (ObjcInstance::getClass):
-        (ObjcInstance::invokeMethod):
-        (ObjcInstance::defaultValue):
-        (ObjcInstance::stringValue):
-        (ObjcInstance::numberValue):
-        (ObjcInstance::booleanValue):
-        (ObjcInstance::valueOf):
-        * bindings/objc/objc_jsobject.h: Added.
-        * bindings/objc/objc_jsobject.mm: Added.
-        * bindings/objc/objc_runtime.h:
-        (KJS::Bindings::ObjcField::~ObjcField):
-        (KJS::Bindings::ObjcField::ObjcField):
-        (KJS::Bindings::ObjcField::operator=):
-        (KJS::Bindings::ObjcMethod::ObjcMethod):
-        (KJS::Bindings::ObjcMethod::~ObjcMethod):
-        (KJS::Bindings::ObjcMethod::operator=):
-        * bindings/objc/objc_runtime.mm: Added.
-        (ObjcMethod::ObjcMethod):
-        (ObjcMethod::name):
-        (ObjcMethod::numParameters):
-        (ObjcMethod::getMethodSignature):
-        (ObjcField::ObjcField):
-        (ObjcField::name):
-        (ObjcField::type):
-        (ObjcField::valueFromInstance):
-        (ObjcField::setValueToInstance):
-        * bindings/objc/objc_utility.h: Added.
-        (KJS::Bindings::):
-        * bindings/objc/objc_utility.mm: Added.
-        (KJS::Bindings::JSMethodNameToObjCMethodName):
-        (KJS::Bindings::convertValueToObjcValue):
-        (KJS::Bindings::convertObjcValueToValue):
-        (KJS::Bindings::objcValueTypeForType):
-        * bindings/runtime.cpp:
-        (MethodList::MethodList):
-        (MethodList::operator=):
-        (Instance::setValueOfField):
-        (Instance::createBindingForLanguageInstance):
-        (Instance::createRuntimeObject):
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::RuntimeMethodImp):
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::call):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::hasProperty):
-        * bindings/test.js: Added.
-        * bindings/testbindings.mm: Added.
-        (-[MySecondInterface init]):
-        (-[MyFirstInterface init]):
-        (-[MyFirstInterface dealloc]):
-        (+[MyFirstInterface JavaScriptNameForSelector:]):
-        (-[MyFirstInterface getInt]):
-        (-[MyFirstInterface setInt:]):
-        (-[MyFirstInterface getMySecondInterface]):
-        (-[MyFirstInterface logMessage:]):
-        (GlobalImp::className):
-        (readJavaScriptFromFile):
-        (main):
-
-=== Safari-128 ===
-
-2004-02-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by Dave.
-
-        - fixed things seen in the profile, for a total speedup of 4% on cvs-base (including changes across all projects)
-
-        * JavaScriptCorePrefix.h: Add a workaround for a bug in our system headers that prevents the <ctype.h>
-        macros from working right in C++ code that uses the <cctype> header.
-
-        * kjs/ustring.cpp:
-        (KJS::inlineUTF8SequenceLengthNonASCII): Added.
-        (KJS::UTF8SequenceLengthNonASCII): Added.
-        (KJS::inlineUTF8SequenceLength): Added.
-        (KJS::UTF8SequenceLength): Calls inlineUTF8SequenceLengthNonASCII now.
-        (KJS::decodeUTF8Sequence): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
-        (KJS::createSortedOffsetsArray): Add special case for 1, 2, and 3 offsets, so we don't do qsort for those.
-        (KJS::convertUTF16OffsetsToUTF8Offsets): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
-        (KJS::convertUTF8OffsetsToUTF16Offsets): Use new inlineUTF8SequenceLengthNonASCII; faster for ASCII.
-
-        - fixed the test program so it won't hit the interpreter lock assertion
-
-        * kjs/testkjs.cpp: (main): Just lock around the whole thing, since the test is singly threaded.
-
-=== Safari-127 ===
-
-2004-02-06  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3550242 and 3546977.  The first diff prevents an assert from firing.  The second diff prevents a JavaScript exception, caused be an invalid conversion, which has a downstream consequence of preventing a valid conversion.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_jsobject.cpp:
-        (JSObject::toString):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::convertValueToJValue):
-
-2004-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3546613>: array of negative size leads to crash (test page at oscar.the-rileys.net)
-
-        * kjs/array_object.cpp:
-        (ArrayInstanceImp::ArrayInstanceImp): If the length is greater than 10,000, don't allocate an array until
-        we start putting values in. This prevents new Array(2147483647) from causing trouble.
-        (ArrayObjectImp::construct): Check number as described in specification, and raise a range error if the
-        number is out of range. This prevents new Array(-1) from causing trouble.
-
-        - fixed <rdar://problem/3545756>: Math.round screws up on numbers bigger than 2^31 (incorrect results on HP-35 calculator page)
-
-        * kjs/math_object.cpp: (MathFuncImp::call): Change implementation to be much simpler and not involve
-        casting to int. Results now match those in other browsers.
-
-2004-02-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed <rdar://problem/3519285>: integer operations on large negative numbers yield bad results (discovered with "HTMLCrypt")
-        - fixed other related overflow issues
-
-        * kjs/value.h: Changed return types of toInteger, toInt32, toUInt32, and toUInt16.
-        * kjs/value.cpp:
-        (ValueImp::toInteger): Change to return a double, since this operation, from the ECMA specification,
-        must not restrict values to the range of a particular integer type.
-        (ValueImp::toInt32): Used a sized integer type for the result of this function, and also added
-        proper handling for negative results from fmod.
-        (ValueImp::toUInt32): Ditto.
-        (ValueImp::toUInt16): Ditto.
-        (ValueImp::dispatchToUInt32): Changed result type from unsigned to uint32_t.
-
-        * kjs/array_object.cpp: (ArrayProtoFuncImp::call): Use a double instead of an int to handle
-        out-of-integer-range values better in the slice function.
-        * kjs/internal.cpp: (KJS::roundValue): Streamline the function, handling NAN and infinity properly.
-        * kjs/number_object.cpp: (NumberProtoFuncImp::call): Use a double instead of an int to handle
-        out-of-integer-range values better in the toString function.
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Use a double instead of an int to handle
-        out-of-integer-range values better in the charAt, charCodeAt, indexOf, lastIndexOf, slice,
-        and substr functions.
-
-=== Safari-126 ===
-
-2004-01-30  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3542044.  Create KJS::String using UString constructor instead of passing UTF8 string to char* constructor.
-
-        Reviewed by Darin.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::stringValue):
-
-2004-01-26  Darin Adler  <darin@apple.com>
-
-        * Makefile.am: Switch from pbxbuild to xcodebuild.
-
-2004-01-22  Richard Williamson   <rjw@apple.com>
-
-        Added stubs for ObjC language binding to JavaScript.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_runtime.h:
-        * bindings/objc/objc_runtime.h: Added.
-        (KJS::Bindings::ObjcParameter::ObjcParameter):
-        (KJS::Bindings::ObjcParameter::~ObjcParameter):
-        (KJS::Bindings::ObjcParameter::operator=):
-        (KJS::Bindings::ObjcParameter::type):
-        (KJS::Bindings::ObjcConstructor::ObjcConstructor):
-        (KJS::Bindings::ObjcConstructor::~ObjcConstructor):
-        (KJS::Bindings::ObjcConstructor::_commonCopy):
-        (KJS::Bindings::ObjcConstructor::operator=):
-        (KJS::Bindings::ObjcConstructor::value):
-        (KJS::Bindings::ObjcConstructor::parameterAt):
-        (KJS::Bindings::ObjcConstructor::numParameters):
-        (KJS::Bindings::ObjcField::ObjcField):
-        (KJS::Bindings::ObjcField::~ObjcField):
-        * bindings/runtime.h:
-
-2004-01-22  Richard Williamson   <rjw@apple.com>
-
-        Simplified JavaString by using UString as backing store.  This
-        revealed a bug in CString's assignment operator which I fixed.
-
-        Removed some dead code.
- 
-        Reviewed by John.
-
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaString::JavaString):
-        (KJS::Bindings::JavaString::_commonInit):
-        (KJS::Bindings::JavaString::UTF8String):
-        (KJS::Bindings::JavaString::uchars):
-        (KJS::Bindings::JavaString::length):
-        (KJS::Bindings::JavaString::ustring):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        * bindings/runtime_object.h:
-        * kjs/ustring.cpp:
-        (KJS::CString::CString):
-        (KJS::CString::operator=):
-
-=== Safari-125 ===
-
-=== Safari-124 ===
-
-2004-01-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3525853.  We weren't handling mapping to overloaded Java
-        methods very well.  Even though this is undefined the other
-        browsers support it.  Also fixed a bug with returning arrays
-        from Java functions.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::_commonInit):
-        (JavaClass::methodsNamed):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaArray::convertJObjectToArray):
-        (JavaField::valueFromInstance):
-        (JavaMethod::signature):
-        (JavaArray::valueAt):
-        * bindings/jni/jni_runtime.h:
-        * bindings/jni_jsobject.cpp:
-        (JSObject::call):
-        (JSObject::convertJObjectToValue):
-        * bindings/runtime.cpp:
-        (MethodList::addMethod):
-        (MethodList::length):
-        (MethodList::methodAt):
-        (MethodList::~MethodList):
-        * bindings/runtime.h:
-        (KJS::Bindings::MethodList::MethodList):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::RuntimeMethodImp):
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::call):
-        * bindings/runtime_method.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::hasProperty):
-
-2004-01-16  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3531229.  Another place that needs the  Push/PopLocalFrame
-        protection implemented for 3530401.
-
-        Reviewed by John.
-
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-
-2004-01-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3530401.  JNI doesn't cleanup local refs created on the
-        main thread.   IMO this is a bad bug in our JMI implementation.
-
-        To work-around the problem I explicitly delete all local refs.
-        Further, I've added Push/PopLocalFrame calls to catch any refs
-        that I may have missed.  This will guarantee that we don't leak
-        any Java references.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::_commonInit):
-        (JavaClass::JavaClass):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::begin):
-        (JavaInstance::end):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaConstructor::JavaConstructor):
-        (JavaMethod::JavaMethod):
-        * bindings/jni_jsobject.cpp:
-        (JSObject::listFromJArray):
-        * bindings/runtime.h:
-        (KJS::Bindings::Instance::begin):
-        (KJS::Bindings::Instance::end):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::defaultValue):
-
-2004-01-15  Vicki Murley  <vicki@apple.com>
-
-        Reviewed by Darin.
-
-        * JavaScriptCore.pbproj/project.pbxproj: Update copyright date to 2004.
-
-2004-01-14  Richard Williamson   <rjw@apple.com>
-        
-        Fixed 3529466.  With recent changes to Java plugin we must no
-        longer call DeleteLocalRef().  Not a problem, it was an optimization anyway.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.cpp:
-        (JObjectWrapper::JObjectWrapper):
-
-=== Safari-122 ===
-
-2004-01-14  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3529010.
-
-        Finalize may be called on an JSObject after we've already remove all our references.  The assert in this case is firing because we've received a finalize call from Java for an instance that we no longer know about.  The fix is to check in finalize that we're getting a call on an instance that we still care about.
-
-        Reviewed by John.
-
-        * bindings/jni_jsobject.cpp:
-        (addJavaReference):
-        (removeJavaReference):
-        (RootObject::removeAllJavaReferencesForRoot):
-        (JSObject::invoke):
-
-2004-01-13  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3528324. 
-
-        The run loop that is used to execute JavaScript (in practice, always the main run loop) is held in a class variable.  It is set and retained once and should not be released.  Unfortunately is it being released when the 'root' object on a LiveConnect applet is released.  This has the symptom of eventually causing an deallocation of the main run loop!  Usually after about 5 instantiations/destructions of a LiveConnect applet.  The CFRelease of the run loop was removed.
-
-        Reviewed by Hyatt.
-
-        * bindings/jni_jsobject.h:
-        (KJS::Bindings::RootObject::~RootObject):
-
-=== Safari-121 ===
-
-=== Safari-120 ===
-
-2004-01-06  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3521814.  Finalize messages weren't being dispatched!
-
-        Reviewed by John.
-
-        * bindings/jni_jsobject.cpp:
-        (JSObject::invoke):
-
-2004-01-05  Richard Williamson   <rjw@apple.com>
-
-        Added cache of JNI method IDs to minimize allocations.  This mitigates the problem
-        described by 3515579.
-
-        Also cleanup up logging of Java exceptions.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::classForInstance):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::getClass):
-        (JavaInstance::invokeMethod):
-        (JObjectWrapper::JObjectWrapper):
-        (JObjectWrapper::~JObjectWrapper):
-        * bindings/jni/jni_instance.h:
-        (KJS::Bindings::JavaInstance::operator=):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        (JavaMethod::methodID):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaMethod::JavaMethod):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIMethod):
-        (callJNIMethodIDA):
-        (callJNIMethodA):
-        (KJS::Bindings::getMethodID):
-        (KJS::Bindings::callJNIVoidMethodIDA):
-        (KJS::Bindings::callJNIObjectMethodIDA):
-        (KJS::Bindings::callJNIByteMethodIDA):
-        (KJS::Bindings::callJNICharMethodIDA):
-        (KJS::Bindings::callJNIShortMethodIDA):
-        (KJS::Bindings::callJNIIntMethodIDA):
-        (KJS::Bindings::callJNILongMethodIDA):
-        (KJS::Bindings::callJNIFloatMethodIDA):
-        (KJS::Bindings::callJNIDoubleMethodIDA):
-        (KJS::Bindings::callJNIBooleanMethodIDA):
-        (KJS::Bindings::getCharactersFromJStringInEnv):
-        (KJS::Bindings::getUCharactersFromJStringInEnv):
-        (KJS::Bindings::getJNIField):
-        * bindings/jni/jni_utility.h:
-
-l2003-12-23  John Sullivan  <sullivan@apple.com>
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        Xcode version wars, harmless
-
-2003-12-23  Darin Adler  <darin@apple.com>
-
-        Reviewed by John (concept, not code, which is just the old code coming back).
-
-        - fixed 3518092: REGRESSION (100-119): getting NaN instead of HH:MM times
-
-        * kjs/date_object.cpp: Added back our CF-based implementations of gmtime, localtime,
-        mktime, timegm, and time, because mktime, at least, won't handle a year of 0.
-
-2003-12-19  Richard Williamson   <rjw@apple.com>
-
-        Fixed 3515597.  When an error occurs we need
-        to make sure result values are zeroed.
-
-        Cleaned up logs by adding a newline.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM):
-        (KJS::Bindings::getJNIEnv):
-        (callJNIMethod):
-        (callJNIMethodA):
-        (KJS::Bindings::getJNIField):
-        * bindings/jni_jsobject.cpp:
-        (JSObject::convertValueToJObject):
-
-=== Safari-119 ===
-
-2003-12-17  Richard Williamson   <rjw@apple.com>
-
-        Ensure that all the symbols we export are in the KJS
-        namespace (3512245).
-
-        Also renamed JavaString.characters() to JavaString.UTF8String()
-        for enhanced clarity.
-
-        Added some sanity checking to constructor of JObjectWrapper.
-
-        Reviewed by Dave.
-
-        * ChangeLog:
-        * bindings/jni/jni_class.cpp:
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        (JObjectWrapper::JObjectWrapper):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaField::JavaField):
-        (JavaMethod::JavaMethod):
-        (JavaMethod::signature):
-        * bindings/jni/jni_runtime.h:
-        (KJS::Bindings::JavaString::ascii):
-        (KJS::Bindings::JavaString::UTF8String):
-        (KJS::Bindings::JavaString::JavaString):
-        (KJS::Bindings::JavaString::_commonInit):
-        (KJS::Bindings::JavaString::uchars):
-        (KJS::Bindings::JavaString::length):
-        (KJS::Bindings::JavaString::ustring):
-        (KJS::Bindings::JavaParameter::type):
-        (KJS::Bindings::JavaField::name):
-        (KJS::Bindings::JavaField::type):
-        (KJS::Bindings::JavaMethod::name):
-        (KJS::Bindings::JavaMethod::returnType):
-        * bindings/jni/jni_utility.cpp:
-        (KJS::Bindings::getJavaVM):
-        (KJS::Bindings::getJNIEnv):
-        (KJS::Bindings::callJNIVoidMethod):
-        (KJS::Bindings::callJNIObjectMethod):
-        (KJS::Bindings::callJNIBooleanMethod):
-        (KJS::Bindings::callJNIByteMethod):
-        (KJS::Bindings::callJNICharMethod):
-        (KJS::Bindings::callJNIShortMethod):
-        (KJS::Bindings::callJNIIntMethod):
-        (KJS::Bindings::callJNILongMethod):
-        (KJS::Bindings::callJNIFloatMethod):
-        (KJS::Bindings::callJNIDoubleMethod):
-        (KJS::Bindings::callJNIVoidMethodA):
-        (KJS::Bindings::callJNIObjectMethodA):
-        (KJS::Bindings::callJNIByteMethodA):
-        (KJS::Bindings::callJNICharMethodA):
-        (KJS::Bindings::callJNIShortMethodA):
-        (KJS::Bindings::callJNIIntMethodA):
-        (KJS::Bindings::callJNILongMethodA):
-        (KJS::Bindings::callJNIFloatMethodA):
-        (KJS::Bindings::callJNIDoubleMethodA):
-        (KJS::Bindings::callJNIBooleanMethodA):
-        (KJS::Bindings::getCharactersFromJString):
-        (KJS::Bindings::releaseCharactersForJString):
-        (KJS::Bindings::getCharactersFromJStringInEnv):
-        (KJS::Bindings::releaseCharactersForJStringInEnv):
-        (KJS::Bindings::getUCharactersFromJStringInEnv):
-        (KJS::Bindings::releaseUCharactersForJStringInEnv):
-        (KJS::Bindings::JNITypeFromClassName):
-        (KJS::Bindings::signatureFromPrimitiveType):
-        (KJS::Bindings::JNITypeFromPrimitiveType):
-        (KJS::Bindings::getJNIField):
-        (KJS::Bindings::convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (KJS::Bindings::JSObject::invoke):
-        (KJS::Bindings::JSObject::JSObject):
-        (KJS::Bindings::JSObject::call):
-        (KJS::Bindings::JSObject::eval):
-        (KJS::Bindings::JSObject::getMember):
-        (KJS::Bindings::JSObject::setMember):
-        (KJS::Bindings::JSObject::removeMember):
-        (KJS::Bindings::JSObject::getSlot):
-        (KJS::Bindings::JSObject::setSlot):
-        (KJS::Bindings::JSObject::toString):
-        (KJS::Bindings::JSObject::finalize):
-        (KJS::Bindings::JSObject::createNative):
-        (KJS::Bindings::JSObject::convertValueToJObject):
-        (KJS::Bindings::JSObject::convertJObjectToValue):
-        (KJS::Bindings::JSObject::listFromJArray):
-        * bindings/jni_jsobject.h:
-        * bindings/runtime.cpp:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-        * bindings/runtime_method.h:
-
-=== Safari-118 ===
-
-2003-12-16  Richard Williamson   <rjw@apple.com>
-
-        Ack!  More assertions.  Lock ALL entry points into the interpreter!
-        (3511733).
-
-        Reviewed by Ken.
-
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::removeMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        (Bindings::JSObject::convertJObjectToValue):
-
-2003-12-15  Richard Williamson   <rjw@apple.com>
-
-        Fixed a couple of snafus and removed some logging.
-
-        Reviewed by Maciej.
-
-        * bindings/jni_jsobject.cpp:
-        (Bindings::performJavaScriptAccess):
-        (Bindings::completedJavaScriptAccess):
-        (Bindings::dispatchToJavaScriptThread):
-        Removed some annoying JS_LOG clutter.
-
-        (Bindings::RootObject::removeAllJavaReferencesForRoot):
-        Fixed allocation of key buffer that was called after it was needed.
-
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::JSObject):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::getSlot):
-        Added additional interpreter locks around getMember and getSlot. 
-        These functions may cause allocation of JS impls.  
-
-2003-12-15  Richard Williamson   <rjw@apple.com>
-
-        args weren't passed to 'call' invocation.  d'oh.
-        lock interpreter when we create instances of JS impls.        
-
-        Reviewed by Maciej.
-
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::convertValueToJObject):
-        (Bindings::JSObject::convertJObjectToValue):
-        (Bindings::JSObject::listFromJArray):
-        * bindings/jni_jsobject.h:
-
-2003-12-15  Richard Williamson   <rjw@apple.com>
-
-        Last piece of LiveConnect!  This checkin adds implementation
-        of the Java to JavaScript object conversion functions.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_utility.cpp:
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        (Bindings::JSObject::createNative):
-        (Bindings::JSObject::convertValueToJObject):
-        (Bindings::JSObject::convertJObjectToValue):
-        (Bindings::JSObject::listFromJArray):
-        * bindings/jni_jsobject.h:
-        (Bindings::):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::codeType):
-        (RuntimeMethodImp::execute):
-
-2003-12-12  Richard Williamson   <rjw@apple.com>
-
-        Added implementation of stubs in JSObject.  All that
-        remains is a couple of simple conversion functions stubs and
-        we're done with LiveConnect.  Also, changed string passing to
-        JS to use uchars instead of chars.  
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::_commonInit):
-        (Bindings::JavaString::_commonCopy):
-        (Bindings::JavaString::_commonDelete):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        (Bindings::JavaString::uchars):
-        (Bindings::JavaString::length):
-        (Bindings::JavaString::ustring):
-        * bindings/jni/jni_utility.cpp:
-        (getUCharactersFromJStringInEnv):
-        (releaseUCharactersForJStringInEnv):
-        (convertValueToJObject):
-        (convertJObjectToValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::removeMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        * bindings/jni_jsobject.h:
-
-2003-12-12  Richard Williamson   <rjw@apple.com>
-
-        Ensure that all calls from Java into JavaScript are
-        performed on a designated thread (the main thread).
-
-        Reviewed by Ken.
-
-        * bindings/jni_jsobject.cpp:
-        (isJavaScriptThread):
-        (rootForImp):
-        (Bindings::performJavaScriptAccess):
-        (Bindings::completedJavaScriptAccess):
-        (Bindings::initializeJavaScriptAccessLock):
-        (Bindings::lockJavaScriptAccess):
-        (Bindings::unlockJavaScriptAccess):
-        (Bindings::dispatchToJavaScriptThread):
-        (Bindings::RootObject::setFindRootObjectForNativeHandleFunction):
-        (Bindings::RootObject::removeAllJavaReferencesForRoot):
-        (Bindings::JSObject::invoke):
-        (Bindings::JSObject::JSObject):
-        (Bindings::JSObject::call):
-        (Bindings::JSObject::eval):
-        (Bindings::JSObject::getMember):
-        (Bindings::JSObject::setMember):
-        (Bindings::JSObject::removeMember):
-        (Bindings::JSObject::getSlot):
-        (Bindings::JSObject::setSlot):
-        (Bindings::JSObject::toString):
-        (Bindings::JSObject::finalize):
-        (Bindings::JSObject::getWindow):
-        * bindings/jni_jsobject.h:
-        (Bindings::RootObject::~RootObject):
-        (Bindings::RootObject::findRootObjectForNativeHandleFunction):
-        (Bindings::RootObject::runLoop):
-        (Bindings::RootObject::performJavaScriptSource):
-        (Bindings::):
-
-2003-12-11  Richard Williamson   <rjw@apple.com>
-
-        Added support for calling a JavaScript function from
-        Java.  Right now this only works for void func(void)
-        functions, but the conversion of args and return values
-        will come shortly.
-
-        Cleaned up and verified reference counting scheme, and
-        dereferencing of vended JavaScript objects when applet is
-        destroyed (actually when part is destroyed).
-        
-        Removed link hack for testkjs now that the Java folks think
-        they have a solution for the 1.4.2 JavaVM link problem.  Although
-        Greg B. thinks his solution may cause problems for the 1.3.1
-        version of the VM!?!
-
-        Reviewed by Ken.
-
-        * Makefile.am:
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        * bindings/jni/jni_utility.cpp:
-        (convertValueToJValue):
-        (convertValueToJObject):
-        (listFromJArray):
-        * bindings/jni/jni_utility.h:
-        * bindings/jni_jsobject.cpp:
-        (KJS_setFindRootObjectForNativeHandleFunction):
-        (KJS_findRootObjectForNativeHandleFunction):
-        (getReferencesByRootDictionary):
-        (getReferencesDictionary):
-        (findReferenceDictionary):
-        (rootForImp):
-        (addJavaReference):
-        (removeJavaReference):
-        * bindings/jni_jsobject.h:
-        (Bindings::RootObject::RootObject):
-        (Bindings::RootObject::~RootObject):
-        (Bindings::RootObject::setRootObjectImp):
-        (Bindings::RootObject::rootObjectImp):
-        (Bindings::RootObject::setInterpreter):
-        (Bindings::RootObject::interpreter):
-
-=== Safari-117 ===
-
-2003-12-10  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed regression in JavaScript tests reported by the KDE guys
-        - fixed 3506345: REGRESSION (115-116): VIP: chordfind.com no longer displays chords
-
-        * kjs/ustring.h: Add tolerateEmptyString parameter to toDouble and toULong.
-        * kjs/ustring.cpp:
-        (KJS::UString::toDouble): Separate the "tolerant" parameter into two separate ones:
-        tolerateTrailingJunk and tolerateEmptyString. Add new overloads; better for code size
-        and binary compatibility than default parameter values.
-        (KJS::UString::toULong): Pass tolerateEmptyString down to toDouble. Add new overload.
-
-        * kjs/string_object.cpp: (StringProtoFuncImp::call): Pass false for the new
-        "tolerate empty string" parameter.
-
-2003-12-10  Richard Williamson   <rjw@apple.com>
-
-        Added code to manage reference counting of JavaScript
-        objects passed to Java.   Also added implementation of
-        KJS_JSCreateNativeJSObject.  This is the function that
-        provides the root object to Java (KJS::Window).
-
-        Reviewed by Hyatt.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni_jsobject.cpp:
-        (KJS_setFindObjectForNativeHandleFunction):
-        (KJS_findObjectForNativeHandleFunction):
-        (getReferencesByOwnerDictionary):
-        (getReferencesDictionary):
-        (findReferenceDictionary):
-        (addJavaReference):
-        (removeJavaReference):
-        (removeAllJavaReferencesForOwner):
-        * bindings/jni_jsobject.h:
-
-2003-12-09  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect stubs that correspond to the native methods
-        on JSObject.  These will be called from the new Java plugin
-        when an instance of JSObject is instantiated and messaged.
-        When these are implemented the Java will be able to originate
-        calls into JavaScript.
-
-        Also a temporary work-around added to Makefile.am to solve
-        a link problem.  The 1.4.2 JavaVM accidentally links against
-        libobjc.  This call a failure linking testkjs.  Mike Hay is
-        working with someone to fix the problem (3505587).
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/jni_jsobject.cpp: Added.
-        (KJS_JSCreateNativeJSObject):
-        (KJS_JSObject_JSFinalize):
-        (KJS_JSObject_JSObjectCall):
-        (KJS_JSObject_JSObjectEval):
-        (KJS_JSObject_JSObjectGetMember):
-        (KJS_JSObject_JSObjectSetMember):
-        (KJS_JSObject_JSObjectRemoveMember):
-        (KJS_JSObject_JSObjectGetSlot):
-        (KJS_JSObject_JSObjectSetSlot):
-        (KJS_JSObject_JSObjectToString):
-        * bindings/jni_jsobject.h: Added.
-
-2003-12-09  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        <rdar://problem/3505183>: JavaScriptCore should assert that interpreter is locked in collector
-
-        * kjs/collector.cpp:
-        (KJS::Collector::allocate): Assert that interpreter lock count is not 0.
-        (KJS::Collector::collect): likewise
-
-2003-12-08  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  The last piece of the JavaScript side of the
-        LiveConnect implementation.  This change adds support for
-        setting/getting values from Java arrays in JavaScript.
-
-        Reviewed by John.
-
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (convertJObjectToArray):
-        (JavaArray::JavaArray):
-        (JavaArray::~JavaArray):
-        (JavaArray::setValueAt):
-        (JavaArray::valueAt):
-        (JavaArray::getLength):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaArray::operator=):
-        (Bindings::JavaArray::javaArray):
-        * bindings/jni/jni_utility.cpp:
-        (JNITypeFromPrimitiveType):
-        (convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_array.cpp:
-        (RuntimeArrayImp::RuntimeArrayImp):
-        (RuntimeArrayImp::~RuntimeArrayImp):
-        (RuntimeArrayImp::get):
-        (RuntimeArrayImp::put):
-        (RuntimeArrayImp::hasProperty):
-        * bindings/runtime_array.h:
-        (KJS::RuntimeArrayImp::getLength):
-        (KJS::RuntimeArrayImp::getConcreteArray):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-
-2003-12-05  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Part 1 of supporting JS bindings to
-        native language arrays.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (convertJObjectToArray):
-        (JavaField::valueFromInstance):
-        (JavaField::setValueToInstance):
-        * bindings/jni/jni_runtime.h:
-        * bindings/runtime.cpp:
-        (Instance::setValueOfField):
-        * bindings/runtime.h:
-        (Bindings::Array::~Array):
-
-2003-12-04  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Moved defaultValue into concrete implementation because
-        more intelligent conversion can be perform with knowledge
-        of the class of the original instance.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::isNumberClass):
-        (JavaClass::isBooleanClass):
-        (JavaClass::isStringClass):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::defaultValue):
-        (JavaInstance::valueOf):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JavaInstance::javaInstance):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::defaultValue):
-
-2003-12-04  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Added support for setting the value of Java
-        fields.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaField::JavaField):
-        (JavaField::valueFromInstance):
-        (JavaField::setValueToInstance):
-        (JavaMethod::JavaMethod):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaField::getJNIType):
-        * bindings/jni/jni_utility.cpp:
-        (JNITypeFromClassName):
-        (convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.cpp:
-        (Instance::setValueOfField):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::defaultValue):
-
-2003-12-04  Richard Williamson   <rjw@apple.com>
-
-        Added support for string conversions.
-        Changed various JavaString member variables to be inline.
-        Implemented defaultValue for context relevant type coercion.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::JavaClass):
-        (JavaClass::setClassName):
-        (JavaClass::classForInstance):
-        * bindings/jni/jni_class.h:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::stringValue):
-        (JavaInstance::numberValue):
-        (JavaInstance::booleanValue):
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaField::JavaField):
-        (JavaMethod::JavaMethod):
-        (appendClassName):
-        (JavaMethod::signature):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        (Bindings::JavaString::characters):
-        (Bindings::JavaParameter::JavaParameter):
-        (Bindings::JavaParameter::~JavaParameter):
-        (Bindings::JavaParameter::operator=):
-        (Bindings::JavaParameter::type):
-        (Bindings::JavaField::JavaField):
-        (Bindings::JavaField::~JavaField):
-        (Bindings::JavaField::operator=):
-        (Bindings::JavaField::name):
-        (Bindings::JavaField::type):
-        (Bindings::JavaMethod::JavaMethod):
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::name):
-        (Bindings::JavaMethod::returnType):
-        * bindings/jni/jni_utility.cpp:
-        (convertValueToJValue):
-        * bindings/runtime.h:
-        (Bindings::Instance::valueOf):
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::defaultValue):
-        * bindings/runtime_object.h:
-        (KJS::RuntimeObjectImp::classInfo):
-
-=== Safari-116 ===
-
-2003-12-03  Richard Williamson   <rjw@apple.com>
-
-        LiveConnect:  Added support for parameter passing to Java and conversion
-        of return values.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaParameter::JavaParameter):
-        (JavaMethod::JavaMethod):
-        (JavaMethod::signature):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaParameter::JavaParameter):
-        (Bindings::JavaParameter::operator=):
-        (Bindings::JavaParameter::getJNIType):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIBooleanMethodA):
-        (convertValueToJValue):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp:
-        (RuntimeMethodImp::call):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-
-2003-12-02  Richard Williamson   <rjw@apple.com>
-
-        Added support for calling simple methods in Java from JavaScript.
-        (void return and no parameters).  Yay, LiveConnect lives.
-
-        Still need write argument and return value conversion code.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::getClass):
-        (JavaInstance::invokeMethod):
-        * bindings/jni/jni_instance.h:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        (JavaMethod::signature):
-        (JavaMethod::JNIReturnType):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::_commonCopy):
-        (Bindings::JavaMethod::name):
-        * bindings/jni/jni_utility.cpp:
-        (signatureFromPrimitiveType):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_method.cpp: Added.
-        (RuntimeMethodImp::RuntimeMethodImp):
-        (RuntimeMethodImp::~RuntimeMethodImp):
-        (RuntimeMethodImp::get):
-        (RuntimeMethodImp::implementsCall):
-        (RuntimeMethodImp::call):
-        (RuntimeMethodImp::codeType):
-        (RuntimeMethodImp::execute):
-        * bindings/runtime_method.h: Added.
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        * bindings/runtime_object.h:
-        * kjs/function.cpp:
-        (FunctionImp::FunctionImp):
-        * kjs/interpreter.h:
-
-2003-12-01  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - fixed 3493799: JavaScript string.replace expands $ if it's the last character in replacement string
-
-        * kjs/ustring.cpp: (KJS::UString::toDouble): Fix backwards handling of the "tolerant" boolean.
-        This indirectly caused the string.replace bug.
-
-2003-12-02  Maciej Stachowiak  <mjs@apple.com>
-
-        Merged patches from Harri Porten and David Faure to fix:
-
-        <rdar://problem/3497643>: reproducible crash printing self-referential array
-        
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call): Break out of the loop if an exception was thrown.
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate): Move function call depth check from here...
-        * kjs/object.cpp:
-        (KJS::Object::call): ...to here.
-        * kjs/object.h: Un-inline Object::call now that it does more.
-
-2003-12-01  Richard Williamson   <rjw@apple.com>
-
-        Fixed mistake in method signatures used to get boolean and integer fields.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-
-2003-12-01  Richard Williamson   <rjw@apple.com>
-
-Fixed parameter passing to applet.  Child elements are NOT valid in setStyle().  So we now create the widget before needed with createWidgetIfNecessary.  This either happens when doing the first layout, or when JavaScript first references the applet element.
-
-Fixed early delete of the the main applet instance.  When the JS collector cleaned up the last JS object referring to the applet instance we were deleting the java instance.  This caused the applet instance cached on the applet element to be invalid.  The applet instance is the only Java object not to be cleaned up by the JS collector.
-
-Added support for getting at Java object fields.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/jni/jni_instance.cpp:
-        (JObjectWrapper::JObjectWrapper):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JObjectWrapper::~JObjectWrapper):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::valueFromInstance):
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::~RuntimeObjectImp):
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::deleteProperty):
-        * bindings/runtime_object.h:
-
-=== Safari-115 ===
-
-2003-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri Porten, reviewed by me.
-
-        - fixed 3491712 - String slice with negative arguments does not offset from end of string
-        
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): Handle negative arguments as offsets from end by
-        adding length and clamping to [0,length-1].
-
-2003-11-21  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri Porten, reviewed by me.
-
-        - fixed 3491709 - using Function.apply with a primitive type as the arg list causes crash
-        
-        * kjs/function_object.cpp:
-        (FunctionProtoFuncImp::call): Nest parentheses properly.
-
-2003-11-20  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.  Primitive Java fields are now
-        accessible from JavaScript!  Yay!
-
-        Reviewed by Maciej.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::methodNamed):
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h:
-        (Bindings::JavaClass::_commonDelete):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::JavaInstance):
-        (JavaInstance::~JavaInstance):
-        (JavaInstance::getClass):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JavaInstance::javaInstance):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaField::JavaField):
-        (JavaField::valueFromInstance):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaField::JavaField):
-        (Bindings::JavaField::~JavaField):
-        (Bindings::JavaField::operator=):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIMethod):
-        (callJNIMethodA):
-        (callJNIVoidMethod):
-        (callJNIObjectMethod):
-        (callJNIBooleanMethod):
-        (callJNIByteMethod):
-        (callJNICharMethod):
-        (callJNIShortMethod):
-        (callJNIIntMethod):
-        (callJNILongMethod):
-        (callJNIFloatMethod):
-        (callJNIDoubleMethod):
-        (callJNIVoidMethodA):
-        (callJNIObjectMethodA):
-        (callJNIByteMethodA):
-        (callJNICharMethodA):
-        (callJNIShortMethodA):
-        (callJNIIntMethodA):
-        (callJNILongMethodA):
-        (callJNIFloatMethodA):
-        (callJNIDoubleMethodA):
-        (releaseCharactersForJStringInEnv):
-        (primitiveTypeFromClassName):
-        (getJNIField):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        (Instance::getValueOfField):
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::get):
-
-2003-11-20  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.
-
-        Reviewed by Chris.
-
-        * bindings/jni/jni_class.cpp:
-        (JavaClass::classForName):
-        (JavaClass::classForInstance):
-        * bindings/jni/jni_instance.cpp:
-        (JavaInstance::getValueOfField):
-        * bindings/jni/jni_instance.h:
-        (Bindings::JObjectWrapper::JObjectWrapper):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaConstructor::~JavaConstructor):
-        (Bindings::JavaConstructor::operator=):
-        (Bindings::JavaMethod::JavaMethod):
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::signature):
-        * bindings/jni/jni_utility.cpp:
-        (getJNIEnv):
-        (attachToJavaVM):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.h:
-        * bindings/runtime_object.cpp:
-        (RuntimeObjectImp::~RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        * bindings/runtime_object.h:
-
-2003-11-19  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.
-
-        Reviewed by Ken.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_class.cpp: Added.
-        (JavaClass::_commonInit):
-        (JavaClass::JavaClass):
-        (_createClassesByNameIfNecessary):
-        (JavaClass::classForName):
-        (JavaClass::classForInstance):
-        (JavaClass::methodNamed):
-        (JavaClass::fieldNamed):
-        * bindings/jni/jni_class.h: Added.
-        (Bindings::JavaClass::_commonDelete):
-        (Bindings::JavaClass::~JavaClass):
-        (Bindings::JavaClass::_commonCopy):
-        (Bindings::JavaClass::JavaClass):
-        (Bindings::JavaClass::operator=):
-        (Bindings::JavaClass::name):
-        (Bindings::JavaClass::constructorAt):
-        (Bindings::JavaClass::numConstructors):
-        * bindings/jni/jni_instance.cpp: Added.
-        (JavaInstance::JavaInstance):
-        (JavaInstance::~JavaInstance):
-        * bindings/jni/jni_instance.h: Added.
-        (Bindings::JObjectWrapper::JObjectWrapper):
-        (Bindings::JObjectWrapper::~JObjectWrapper):
-        (Bindings::JObjectWrapper::ref):
-        (Bindings::JObjectWrapper::deref):
-        (Bindings::JavaInstance::getClass):
-        (Bindings::JavaInstance::operator=):
-        * bindings/jni/jni_runtime.cpp:
-        (JavaMethod::JavaMethod):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        * bindings/jni/jni_utility.cpp:
-        (getJavaVM):
-        (getJNIEnv):
-        (getCharactersFromJString):
-        (releaseCharactersForJString):
-        (getCharactersFromJStringInEnv):
-        (releaseCharactersForJStringInEnv):
-        * bindings/jni/jni_utility.h:
-        * bindings/runtime.cpp:
-        (Instance::createBindingForLanguageInstance):
-        * bindings/runtime.h:
-        (Bindings::Instance::):
-
-2003-11-18  Richard Williamson   <rjw@apple.com>
-
-        More live connect stubs.  We're getting close.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * bindings/jni/jni_runtime.cpp:
-        (JavaClass::JavaClass):
-        (JavaInstance::JavaInstance):
-        (JavaInstance::~JavaInstance):
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaConstructor::value):
-        (Bindings::JavaField::value):
-        (Bindings::JavaMethod::value):
-        (Bindings::JavaClass::_commonDelete):
-        (Bindings::JavaClass::_commonCopy):
-        (Bindings::JavaClass::methodNamed):
-        (Bindings::JavaClass::fieldNamed):
-        (Bindings::JavaInstance::getClass):
-        * bindings/runtime.cpp: Added.
-        * bindings/runtime.h:
-        (Bindings::Instance::~Instance):
-        * bindings/runtime_object.cpp: Added.
-        (RuntimeObjectImp::classInfo):
-        (RuntimeObjectImp::RuntimeObjectImp):
-        (RuntimeObjectImp::get):
-        (RuntimeObjectImp::put):
-        (RuntimeObjectImp::canPut):
-        (RuntimeObjectImp::hasProperty):
-        (RuntimeObjectImp::deleteProperty):
-        (RuntimeObjectImp::defaultValue):
-        (RuntimeObjectImp::_initializeClassInfoFromInstance):
-        * bindings/runtime_object.h: Added.
-        (KJS::RuntimeObjectImp::setInternalInstance):
-        (KJS::RuntimeObjectImp::getInternalInstance):
-        * kjs/object.cpp:
-        (KJS::ObjectImp::get):
-        (KJS::ObjectImp::hasProperty):
-        * kjs/value.h:
-        (KJS::):
-
-2003-11-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri, reviewed by me.
-
-        - fixed 3487375 - backwards array slice causes infinite loop
-        
-        * kjs/array_object.cpp:
-        (ArrayProtoFuncImp::call):
-
-2003-11-17  Maciej Stachowiak  <mjs@apple.com>
-
-        Patch from Harri Porten reviewed by me.
-
-        - fixed 3487371 - operator precedence for bitwise or, xor and and is wrong
-
-        * kjs/grammar.y: Correct the precedence.
-
-2003-11-16  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fixed 3483829 - JavaScriptCore needs workaround to compile on Merlot
-        
-        * JavaScriptCore.pbproj/project.pbxproj: Add -Wno-long-double to
-        warning flags.
-
-=== Safari-114 ===
-
-2003-11-13  Richard Williamson   <rjw@apple.com>
-
-        Factored common code between copy constructor and assignment operator.
-
-        Reviewed by Chris.
-
-        * ChangeLog:
-        * bindings/jni/jni_runtime.h:
-        (Bindings::JavaConstructor::_commonCopy):
-        (Bindings::JavaConstructor::JavaConstructor):
-        (Bindings::JavaConstructor::operator=):
-        (Bindings::JavaField::type):
-        * bindings/runtime.h:
-
-2003-11-13  Richard Williamson   <rjw@apple.com>
-
-        More LiveConnect stuff.  This checkin adds abstract classes to model
-        language runtimes and a JNI based set of concrete implementations for
-        Java.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/Makefile.am: Removed.
-        * bindings/jni/Makefile.am: Removed.
-        * bindings/jni/jni_runtime.cpp: Added.
-        (JavaField::JavaField):
-        (JavaConstructor::JavaConstructor):
-        (JavaMethod::JavaMethod):
-        (JavaClass::JavaClass):
-        * bindings/jni/jni_runtime.h: Added.
-        (Bindings::JavaString::JavaString):
-        (Bindings::JavaString::~JavaString):
-        (Bindings::JavaString::operator=):
-        (Bindings::JavaString::characters):
-        (Bindings::JavaParameter::JavaParameter):
-        (Bindings::JavaParameter::~JavaParameter):
-        (Bindings::JavaParameter::operator=):
-        (Bindings::JavaParameter::type):
-        (Bindings::JavaConstructor::JavaConstructor):
-        (Bindings::JavaConstructor::~JavaConstructor):
-        (Bindings::JavaConstructor::operator=):
-        (Bindings::JavaConstructor::parameterAt):
-        (Bindings::JavaConstructor::numParameters):
-        (Bindings::JavaField::JavaField):
-        (Bindings::JavaField::~JavaField):
-        (Bindings::JavaField::operator=):
-        (Bindings::JavaField::name):
-        (Bindings::JavaField::type):
-        (Bindings::JavaMethod::JavaMethod):
-        (Bindings::JavaMethod::_commonDelete):
-        (Bindings::JavaMethod::~JavaMethod):
-        (Bindings::JavaMethod::_commonCopy):
-        (Bindings::JavaMethod::operator=):
-        (Bindings::JavaMethod::name):
-        (Bindings::JavaMethod::returnType):
-        (Bindings::JavaMethod::parameterAt):
-        (Bindings::JavaMethod::numParameters):
-        (Bindings::JavaClass::_commonDelete):
-        (Bindings::JavaClass::~JavaClass):
-        (Bindings::JavaClass::_commonCopy):
-        (Bindings::JavaClass::JavaClass):
-        (Bindings::JavaClass::operator=):
-        (Bindings::JavaClass::name):
-        (Bindings::JavaClass::methodAt):
-        (Bindings::JavaClass::numMethods):
-        (Bindings::JavaClass::constructorAt):
-        (Bindings::JavaClass::numConstructors):
-        (Bindings::JavaClass::fieldAt):
-        (Bindings::JavaClass::numFields):
-        * bindings/jni/jni_utility.cpp:
-        (callJNIMethod):
-        (callJNIMethodA):
-        (callJNIObjectMethod):
-        (callJNIByteMethod):
-        (callJNICharMethod):
-        (callJNIShortMethod):
-        (callJNIIntMethod):
-        (callJNILongMethod):
-        (callJNIFloatMethod):
-        (callJNIDoubleMethod):
-        (callJNIVoidMethodA):
-        (callJNIObjectMethodA):
-        (callJNIByteMethodA):
-        (callJNICharMethodA):
-        (callJNIShortMethodA):
-        (callJNIIntMethodA):
-        (callJNILongMethodA):
-        (callJNIFloatMethodA):
-        (callJNIDoubleMethodA):
-        (getCharactersFromJString):
-        (releaseCharactersForJString):
-        * bindings/jni/jni_utility.h:
-        * bindings/objc/Makefile.am: Removed.
-        * bindings/runtime.h: Added.
-        (Bindings::Parameter::~Parameter):
-        (Bindings::Constructor::~Constructor):
-        (Bindings::Field::~Field):
-        (Bindings::Method::~Method):
-        (Bindings::Class::~Class):
-
-2003-11-13  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by John.
-
-        - fixed 3472562 - Null or Undefined variables passed to IN operator cause javascript exceptions
-        
-        * kjs/nodes.cpp:
-        (ForInNode::execute): If the in value is null or undefined, bail
-        out early, since attempting to iterate its properties will throw
-        an exception.
-
-2003-11-12  Darin Adler  <darin@apple.com>
-
-        - fixed the build
-
-        * Makefile.am: Fix the build by removing the bindings directory from SUBDIRS.
-        Later, we can either add this back and add the Makefile.am files to the top
-        level configure.in or leave it out and remove the Makefile.am files.
-
-2003-11-12  Richard Williamson   <rjw@apple.com>
-
-        Added utility functions for calling JNI methods.
-
-        Reviewed by Chris.
-
-        * JavaScriptCore.pbproj/project.pbxproj:
-        * Makefile.am:
-        * bindings/Makefile.am: Added.
-        * bindings/jni/Makefile.am: Added.
-        * bindings/jni/jni_utility.cpp: Added.
-        (attachToJavaVM):
-        (callJNIMethod):
-        (callJNIVoidMethod):
-        (callJNIObjectMethod):
-        (callJNIByteMethod):
-        (callJNICharMethod):
-        (callJNIShortMethod):
-        (callJNIIntMethod):
-        (callJNILongMethod):
-        (callJNIFloatMethod):
-        (callJNIDoubleMethod):
-        * bindings/jni/jni_utility.h: Added.
-        * bindings/objc/Makefile.am: Added.
-
-2003-11-08  Darin Adler  <darin@apple.com>
-
-        Reviewed by John.
-
-        - fixed 3477528 -- array.sort(function) fails if the function returns a non-zero value that rounds to zero
-
-        * kjs/array_object.cpp:
-        (compareByStringForQSort): Added checks for undefined values to match what the specification calls for.
-        (compareWithCompareFunctionForQSort): Added checks for undefined values as above, and also changed the
-        code that looks at the compare function result to look at the number returned without rounding to an integer.
-        (ArrayProtoFuncImp::call): Changed the code that looks at the compare function result to look at the number
-        returned without rounding to an integer.
-
-=== Safari-113 ===
-
-2003-11-03  Vicki Murley <vicki@apple.com>
-
-        Reviewed by kocienda.
-
-        - fixed <rdar://problem/3471096>: non-B&I builds should not use order files, because they cause false "regressions" in perf.
-
-        * JavaScriptCore.pbproj/project.pbxproj: added empty SECTORDER_FLAGS variables to the Development and Deployment build styles
-
-2003-11-02  Darin Adler  <darin@apple.com>
-
-        Reviewed by Maciej.
-
-        - changed list manipulation to use Harri Porten's idea of a circular
-          linked list that is built from head to tail rather than building the
-          list backwards and reversing the list when done
-
-        * kjs/grammar.y: Handle CatchNode and FinallyNode in a type-safe way.
-        Change many places that passed 0L to pass nothing at all, or to pass 0.
-
-        * kjs/nodes.h:
-        (KJS::ElementNode::ElementNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::ArrayNode::ArrayNode): Break the circular list instead of reversing the list.
-        (KJS::PropertyValueNode::PropertyValueNode): Moved before ObjectLiteralNode so the
-        inline code in ObjectLiteralNode works. Build a circular list instead of a 0-terminated
-        backwards list. Made the case for the first node separate so we don't need a nil check.
-        (KJS::ObjectLiteralNode::ObjectLiteralNode): Break the circular list instead of
-        reversing the list.
-        (KJS::ArgumentListNode::ArgumentListNode): Build a circular list instead of a 0-terminated
-        backwards list. Also, made the constructors inline (moved here from .cpp file).
-        (KJS::ArgumentsNode::ArgumentsNode): Break the circular list instead of
-        reversing the list.
-        (KJS::NewExprNode::NewExprNode): Changed a 0L to 0.
-        (KJS::StatListNode::StatListNode): Make this constructor no longer inline (moved into
-        .cpp file). The one in the .cpp file builds a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::VarDeclListNode::VarDeclListNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::VarStatementNode::VarStatementNode): Break the circular list instead of reversing
-        the list.
-        (KJS::BlockNode::BlockNode): Make this constructor no longer inline (moved into .cpp file).
-        The one in the .cpp file breaks the list instead of reversing it.
-        (KJS::ForNode::ForNode): Break the circular list instead of reversing the list.
-        (KJS::CaseClauseNode::CaseClauseNode): Break the circular list instead of reversing the
-        list.
-        (KJS::ClauseListNode::ClauseListNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::CaseBlockNode::CaseBlockNode): Make this constructor no longer inline (moved into
-        .cpp file). The one in the .cpp file breaks the list instead of reversing it.
-        (KJS::TryNode::TryNode): Changed constructor to take typed parameters for the catch and
-        finally nodes rather than just Node.
-        (KJS::ParameterNode::ParameterNode): Build a circular list instead of a 0-terminated
-        backwards list.
-        (KJS::FuncDeclNode::FuncDeclNode): Break the circular list instead of reversing the
-        list.
-        (KJS::FuncExprNode::FuncExprNode): Break the circular list instead of reversing the
-        list.
-
-        * kjs/nodes.cpp:
-        (StatListNode::StatListNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        Added setLoc calls to match KJS in the KDE tree; since we don't currently
-        use the JavaScript debugging support, it's unclear whether there's any benefit, but
-        later we might be using it and it's good to be as close as possible.
-        (BlockNode::BlockNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        Added setLoc calls.
-        (CaseBlockNode::CaseBlockNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        (SourceElementsNode::SourceElementsNode): Moved this constructor here, no longer inline.
-        Did the "break circular list" thing instead of the "reverse list" thing.
-        Added setLoc calls.
-
-        * kjs/grammar.cpp: Regenerated.
-        * kjs/grammar.cpp.h: Regenerated.
-        * kjs/grammar.h: Regenerated.
-
-=== Safari-112 ===
-
-2003-10-30  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed 3427069 - browsing mp3.com causes leaks (KJS)
-        
-        * kjs/string_object.cpp:
-        (StringProtoFuncImp::call): Don't do an early return, since that
-        could leak a temporary regexp.
-
-2003-10-29  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Darin.
-
-        - fixed 3426076 - Leak of JS lexer data visiting http://www.ebay.com
-        
-        * kjs/grammar.cpp:
-        (yyerror): Updated the commented code.
-        * kjs/grammar.y: Don't delete string and identifier tokens when done
-        with them any more, they'll get cleaned up by the lexer now.
-        * kjs/internal.cpp:
-        (Parser::parse): Tell lexer when done parsing.
-        * kjs/lexer.cpp:
-        (Lexer::Lexer): Initialize new data members.
-        (Lexer::lex): Use new methods to make strings and identifiers, and
-        save them.
-        (Lexer::makeIdentifier): Make a new Identifier and save it in an
-        auto-growing array.
-        (Lexer::makeUString): Likewise for UStrings.
-        (Lexer::doneParsing): Clean up arrays of Ifentifiers and UStrings.
-        * kjs/lexer.h:
-
-2003-10-28  Maciej Stachowiak  <mjs@apple.com>
-
-        Reviewed by Ken.
-
-        - fixed 3413962 -  malicious web pages can kill all future JavaScript execution by breaking recursion limit check
-        
-        * kjs/nodes.cpp:
-        (FunctionCallNode::evaluate): If we're going to return early due
-        to breaking the recursion limit, make sure to lower it again, or
-        it will creep up by one each time it's exceeded.
-
-2003-10-26  Darin Adler  <darin@apple.com>
-
-        * JavaScriptCorePrefix.h: Added a C case to the NULL definition since we use C as well
-        as C++ in this project.
-
-2003-10-26  Darin Adler  <darin@apple.com>
-
-        - rolled in some CString changes Harri Porten did on the KDE side
-
-        * kjs/ustring.cpp:
-        (KJS::CString::CString): Use memcpy instead of strcpy for speed. Fix an off by one error
-        in the copy constructor.
-        (KJS::CString::operator=): Use memcpy instead of strcpy for speed.
-
-        * JavaScriptCorePrefix.h: Add a definition of NULL here that takes advantage of the GNU
-        __null feature even if the system C library doesn't.
-
-== Rolled over to ChangeLog-2003-10-25 ==

diff --git a/Configurations/FeatureDefines.xcconfig b/Configurations/FeatureDefines.xcconfig
index 86f54b4077779c16de498881099ca6e8ef43120e..c6a41d753eee246a11c3b1f0e6aa68e43dff56ee 100644 (file)
--- a/Configurations/FeatureDefines.xcconfig
+++ b/Configurations/FeatureDefines.xcconfig
@@ -79,7 +79,7 @@ ENABLE_CSS_IMAGE_ORIENTATION = ;
 ENABLE_CSS_IMAGE_RESOLUTION = ;
 ENABLE_CSS_REGIONS = ENABLE_CSS_REGIONS;
 ENABLE_CSS_SHADERS = ;
-ENABLE_CSS_SHAPES = ENABLE_CSS_SHAPES;
+ENABLE_CSS_SHAPES = ;
 ENABLE_CSS_STICKY_POSITION = ENABLE_CSS_STICKY_POSITION;
 ENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED = ;
 ENABLE_CSS_VARIABLES = ;

diff --git a/disassembler/udis86/ud_opcode.pyc b/disassembler/udis86/ud_opcode.pyc
new file mode 100644 (file)
index 0000000..2abfb64
Binary files /dev/null and b/disassembler/udis86/ud_opcode.pyc differ

diff --git a/disassembler/udis86/ud_optable.pyc b/disassembler/udis86/ud_optable.pyc
new file mode 100644 (file)
index 0000000..336d21c
Binary files /dev/null and b/disassembler/udis86/ud_optable.pyc differ